<?php
/*********************************************************************************
* TES is a Time and Expense Management program developed by
* Initechs, LLC. Copyright (C) 2009 - 2010 Initechs LLC.
*
* This program is free software; you can redistribute it and/or modify it under
* the terms of the GNU General Public License version 3 as published by the
* Free Software Foundation with the addition of the following permission added
* to Section 15 as permitted in Section 7(a): FOR ANY PART OF THE COVERED WORK
* IN WHICH THE COPYRIGHT IS OWNED BY INITECHS, INITECHS DISCLAIMS THE WARRANTY
* OF NON INFRINGEMENT OF THIRD PARTY RIGHTS.
*
* This program is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
* FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* this program; if not, see http://www.gnu.org/licenses or write to the Free
* Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
* 02110-1301 USA.
*
* You can contact Initechs headquarters at 1841 Piedmont Road, Suite 301,
* Marietta, GA, USA. or at email address hide@address.com
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU General Public License version 3.
*
* In accordance with Section 7(b) of the GNU General Public License version 3,
* these Appropriate Legal Notices must retain the display od the "Initechs" logo.
* If the display of the logo is not reasonably feasible for technical reasons,
* the Appropriate Legal Notices must display the words "Powered by Initechs".
********************************************************************************/
$basedir = dirname(__FILE__) . '/..';
require_once("$basedir/baseclass/DBCommonFunctions.php");
require_once("$basedir/users/config.php");
require_once("$basedir/baseclass/GetAuthorization.php");
class UserData extends DBCommonFunctions
{
public function createRow($id, $fn, $pw, $em, $jd, $ti, $us, $rt, $ug, $at, $df, $lan)
{
global $users_status_array;
if ($id == ''
or $fn == ''
or $pw == ''
or $jd == ''
or $us == ''
or $rt == '')
throw new iInvalidArgumentException();
if (!isValidDate($jd, 'ymd'))
throw new iInvalidDataException();
if (!array_key_exists($us, $users_status_array))
throw new iInvalidDataException();
$sid = $this->escapeString($id);
$sfn = $this->escapeString($fn);
$spw = md5($this->escapeString($pw));
$sem = $this->escapeString($em);
$sjd = $this->escapeString($jd);
$sti = $this->escapeString($ti);
$sus = $this->escapeString($us);
$srt = $this->escapeString($rt);
$sug = $this->escapeString($ug);
$sat = $this->escapeString($at);
$sdf = $this->escapeString($df);
$slan = $this->escapeString($lan);
$loggedinUser = loggedUserID();
if (($sem <> '')
and (!valid_email_address($sem)))
throw new iBLError ('email', 'er0086');
if (strtolower($sid) <> strtolower($srt))
{
$DbObj = new dbObj();
$RowData = $DbObj->fetchRow('users', 'users_id', $srt);
if ($RowData == null) // Not a valid user id
throw new iBLError('reportto', 'er0052');
if ($RowData['status'] <> '10') // User is not active
throw new iBLError('reportto', 'er0050');
}
if ($sat <> '')
{
$DbObj = new dbObj();
$RowData = $DbObj->fetchRow('authorizationlists', 'authorizations_id', $sat);
if ($RowData == null) // Not a valid authorization List
throw new iBLError('authorizations_id', 'er0046');
}
$this->beginTransaction();
try
{
$query = <<<EOQ
INSERT INTO users (users_id, fullname, password, email, joindate, title, status, reportto, usergroup, createat, createby, changeby, authorizations_id, dateformat, language)
VALUES ('$sid', '$sfn', '$spw', '$sem', '$sjd', '$sti', '$sus', '$srt', '$sug', now(), '$loggedinUser', '$loggedinUser', '$sat', '$sdf', '$slan')
EOQ;
$conn = $this->getConnection();
$conn->query($query);
$recid = $conn->insert_id;
$this->chkQueryError($conn, $query);
$this->commitTransaction();
return $recid;
}
catch (Exception $e)
{
$this->rollbackTransaction();
throw $e;
}
}
public function updateRow($uid, $fn, $em, $jd, $ti, $us, $rt, $ug, $at, $df, $lan)
{
global $users_status_array;
if ($uid == ''
or $fn == ''
or $jd == ''
or $us == ''
or $rt == '')
throw new iInvalidArgumentException();
if (!isValidDate($jd, 'ymd'))
throw new iInvalidDataException();
if (!array_key_exists($us, $users_status_array))
throw new iInvalidDataException();
$sfn = $this->escapeString($fn);
$sem = $this->escapeString($em);
$sjd = $this->escapeString($jd);
$sti = $this->escapeString($ti);
$sus = $this->escapeString($us);
$srt = $this->escapeString($rt);
$sug = $this->escapeString($ug);
$sat = $this->escapeString($at);
$sdf = $this->escapeString($df);
$slan = $this->escapeString($lan);
$loggedinUser = loggedUserID();
$auth = new userauthorization();
$authority = $auth->chkauthorityLevel('users', 'Edit');
if (($authority == 'none')
or (($authority == 'own')
and ($this->getRecordCreator('users', $uid) <> $loggedinUser)))
throw new iBLError('nocategory', 'er0041');
if (($sem <> '')
and (!valid_email_address($sem)))
throw new iBLError ('email', 'er0086');
$DbObj = new dbObj();
$RowData = $DbObj->fetchRow('users', 'uid', $uid);
if (($RowData['users_id']) <> $srt)
{
$RowData = $DbObj->fetchRow('users', 'users_id', $srt);
if ($RowData== null) // Not valid user id
throw new iBLError('reportto', 'er0052');
if ($RowData['status'] <> '10') // User is not active
throw new iBLError('manager', 'er0050');
}
If ($sus <> '10')
{
$userid = $RowData['users_id'];
// If user is manager or Admin, and if he has reporting users..then he is not allowed to be in-active
$where = " reportto = '$userid' and uid <> '$uid'";
$RowData = $DbObj->fetchRowbyWhereClause('users', $where);
if ($RowData<> null)
throw new iBLError('status', 'er0051');
}
if ($sat <> '')
{
$DbObj = new dbObj();
$RowData = $DbObj->fetchRow('authorizationlists', 'authorizations_id', $sat);
if ($RowData == null) // Not a valid authorization List
throw new iBLError('authorizations_id', 'er0046');
}
$this->beginTransaction();
try
{
$query = <<<EOQ
UPDATE users
SET
fullname = '$sfn',
email = '$sem',
joindate = '$sjd',
title = '$sti',
status = '$sus',
reportto = '$srt',
usergroup = '$sug',
authorizations_id = '$sat',
dateformat = '$sdf',
language = '$slan',
changeby = '$loggedinUser'
WHERE uid = '$uid'
EOQ;
$conn = $this->getConnection();
$conn->query($query);
$this->chkQueryError($conn, $query);
$this->commitTransaction();
}
catch (Exception $e)
{
$this->rollbackTransaction();
throw $e;
}
}
public function deleteRow($table, $uid)
{
$DbObj = new dbObj();
$RowData = $DbObj->fetchRow('users', 'uid', $uid);
if ($uid == 1) // user's uid=1 means this is admin user id. cannot be deleted
{
throw new iBLError('nocategory', 'er0088');
}
$where = " reportto = '{$RowData['users_id']}'"; // User is a reported users
$RowData = $DbObj->fetchRowbyWhereClause('users', $where);
if ($RowData <> null)
{
throw new iBLError('nocategory', 'er0056');
}
parent::deleteRow($table, $uid);
}
public function updatePwd($uid, $id, $pw)
{
global $users_status_array;
if ($uid == ''
or $id == ''
or $pw == '')
throw new iInvalidArgumentException();
$sid = $this->escapeString($id);
$spw = md5($this->escapeString($pw));
$loggedinUser = loggedUserID();
if ($sid <> $loggedinUser)
{
$auth = new userauthorization();
$authority = $auth->chkauthorityLevel('users', 'ChangePassword');
if (($authority == 'none')
or (($authority == 'own')
and ($this->getRecordCreator('users', $uid) <> $loggedinUser)))
throw new iBLError('nocategory', 'er0041');
}
$this->beginTransaction();
try
{
$query = <<<EOQ
UPDATE users
SET
password = '$spw',
changeby = '$loggedinUser'
WHERE uid = '$uid'
EOQ;
$conn = $this->getConnection();
$conn->query($query);
$this->chkQueryError($conn, $query);
$this->commitTransaction();
}
catch (Exception $e)
{
$this->rollbackTransaction();
throw $e;
}
}
}
?>