engelsystem/includes/model/User_model.php

<?php
use Engelsystem\ValidationResult;

/**
 * User model
 */

/**
 * Delete a user
 *
 * @param int $user_id          
 */
function User_delete($user_id) {
  return sql_query("DELETE FROM `User` WHERE `UID`='" . sql_escape($user_id) . "'");
}

/**
 * Update user.
 *
 * @param User $user          
 */
function User_update($user) {
  return sql_query("UPDATE `User` SET
      `Nick`='" . sql_escape($user['Nick']) . "',
      `Name`='" . sql_escape($user['Name']) . "',
      `Vorname`='" . sql_escape($user['Vorname']) . "',
      `Alter`='" . sql_escape($user['Alter']) . "',
      `Telefon`='" . sql_escape($user['Telefon']) . "',
      `DECT`='" . sql_escape($user['DECT']) . "',
      `Handy`='" . sql_escape($user['Handy']) . "',
      `email`='" . sql_escape($user['email']) . "',
      `email_shiftinfo`=" . sql_bool($user['email_shiftinfo']) . ",
      `email_by_human_allowed`=" . sql_bool($user['email_by_human_allowed']) . ",
      `jabber`='" . sql_escape($user['jabber']) . "',
      `Size`='" . sql_escape($user['Size']) . "',
      `Gekommen`='" . sql_escape($user['Gekommen']) . "',
      `Aktiv`='" . sql_escape($user['Aktiv']) . "',
      `force_active`=" . sql_bool($user['force_active']) . ",
      `Tshirt`='" . sql_escape($user['Tshirt']) . "',
      `color`='" . sql_escape($user['color']) . "',
      `Sprache`='" . sql_escape($user['Sprache']) . "',
      `Hometown`='" . sql_escape($user['Hometown']) . "',
      `got_voucher`='" . sql_escape($user['got_voucher']) . "',
      `arrival_date`='" . sql_escape($user['arrival_date']) . "',
      `planned_arrival_date`='" . sql_escape($user['planned_arrival_date']) . "',
      `planned_departure_date`=" . sql_null($user['planned_departure_date']) . "
      WHERE `UID`='" . sql_escape($user['UID']) . "'");
}

/**
 * Counts all forced active users.
 */
function User_force_active_count() {
  return sql_select_single_cell("SELECT COUNT(*) FROM `User` WHERE `force_active` = 1");
}

function User_active_count() {
  return sql_select_single_cell("SELECT COUNT(*) FROM `User` WHERE `Aktiv` = 1");
}

function User_got_voucher_count() {
  return sql_select_single_cell("SELECT SUM(`got_voucher`) FROM `User`");
}

function User_arrived_count() {
  return sql_select_single_cell("SELECT COUNT(*) FROM `User` WHERE `Gekommen` = 1");
}

function User_tshirts_count() {
  return sql_select_single_cell("SELECT COUNT(*) FROM `User` WHERE `Tshirt` = 1");
}

/**
 * Returns all column names for sorting in an array.
 */
function User_sortable_columns() {
  return [
      'Nick',
      'Name',
      'Vorname',
      'Alter',
      'DECT',
      'email',
      'Size',
      'Gekommen',
      'Aktiv',
      'force_active',
      'Tshirt',
      'lastLogIn' 
  ];
}

/**
 * Get all users, ordered by Nick by default or by given param.
 *
 * @param string $order_by          
 */
function Users($order_by = 'Nick') {
  return sql_select("SELECT * FROM `User` ORDER BY `" . sql_escape($order_by) . "` ASC");
}

/**
 * Returns true if user is freeloader
 *
 * @param User $user          
 */
function User_is_freeloader($user) {
  global $max_freeloadable_shifts, $user;
  
  return count(ShiftEntries_freeloaded_by_user($user)) >= $max_freeloadable_shifts;
}

/**
 * Returns all users that are not member of given angeltype.
 *
 * @param Angeltype $angeltype          
 */
function Users_by_angeltype_inverted($angeltype) {
  $result = sql_select("
      SELECT `User`.*
      FROM `User`
      LEFT JOIN `UserAngelTypes` ON (`User`.`UID`=`UserAngelTypes`.`user_id` AND `angeltype_id`='" . sql_escape($angeltype['id']) . "')
      WHERE `UserAngelTypes`.`id` IS NULL
      ORDER BY `Nick`");
  if ($result === false) {
    engelsystem_error("Unable to load users.");
  }
  return $result;
}

/**
 * Returns all members of given angeltype.
 *
 * @param Angeltype $angeltype          
 */
function Users_by_angeltype($angeltype) {
  $result = sql_select("
      SELECT
      `User`.*,
      `UserAngelTypes`.`id` as `user_angeltype_id`,
      `UserAngelTypes`.`confirm_user_id`,
      `UserAngelTypes`.`supporter`,
      `UserDriverLicenses`.*
      FROM `User`
      JOIN `UserAngelTypes` ON `User`.`UID`=`UserAngelTypes`.`user_id`
      LEFT JOIN `UserDriverLicenses` ON `User`.`UID`=`UserDriverLicenses`.`user_id`
      WHERE `UserAngelTypes`.`angeltype_id`='" . sql_escape($angeltype['id']) . "'
      ORDER BY `Nick`");
  if ($result === false) {
    engelsystem_error("Unable to load members.");
  }
  return $result;
}

/**
 * Returns User id array
 */
function User_ids() {
  return sql_select("SELECT `UID` FROM `User`");
}

/**
 * Strip unwanted characters from a users nick.
 *
 * @param string $nick          
 */
function User_validate_Nick($nick) {
  return preg_replace("/([^a-z0-9üöäß. _+*-]{1,})/ui", '', $nick);
}

/**
 * Validate user email address.
 *
 * @param string $mail
 *          The email address to validate
 * @return ValidationResult
 */
function User_validate_mail($mail) {
  $mail = strip_item($mail);
  return new ValidationResult(check_email($mail), $mail);
}

/**
 * Validate user jabber address
 *
 * @param string $jabber
 *          Jabber-ID to validate
 * @return ValidationResult
 */
function User_validate_jabber($jabber) {
  $jabber = strip_item($jabber);
  if ($jabber == '') {
    // Empty is ok
    return new ValidationResult(true, '');
  }
  return new ValidationResult(check_email($jabber), $jabber);
}

/**
 * Validate the planned arrival date
 *
 * @param int $planned_arrival_date
 *          Unix timestamp
 * @return ValidationResult
 */
function User_validate_planned_arrival_date($planned_arrival_date) {
  if ($planned_arrival_date == null) {
    // null is not okay
    return new ValidationResult(false, time());
  }
  $event_config = EventConfig();
  if ($event_config == null) {
    // Nothing to validate against
    return new ValidationResult(true, $planned_arrival_date);
  }
  if (isset($event_config['buildup_start_date']) && $planned_arrival_date < $event_config['buildup_start_date']) {
    // Planned arrival can not be before buildup start date
    return new ValidationResult(false, $event_config['buildup_start_date']);
  }
  if (isset($event_config['teardown_end_date']) && $planned_arrival_date > $event_config['teardown_end_date']) {
    // Planned arrival can not be after teardown end date
    return new ValidationResult(false, $event_config['teardown_end_date']);
  }
  return new ValidationResult(true, $planned_arrival_date);
}

/**
 * Validate the planned departure date
 *
 * @param int $planned_arrival_date
 *          Unix timestamp
 * @param int $planned_departure_date
 *          Unix timestamp
 * @return ValidationResult
 */
function User_validate_planned_departure_date($planned_arrival_date, $planned_departure_date) {
  if ($planned_departure_date == null) {
    // null is okay
    return new ValidationResult(true, null);
  }
  if ($planned_arrival_date > $planned_departure_date) {
    // departure cannot be before arrival
    return new ValidationResult(false, $planned_arrival_date);
  }
  $event_config = EventConfig();
  if ($event_config == null) {
    // Nothing to validate against
    return new ValidationResult(true, $planned_departure_date);
  }
  if (isset($event_config['buildup_start_date']) && $planned_departure_date < $event_config['buildup_start_date']) {
    // Planned arrival can not be before buildup start date
    return new ValidationResult(false, $event_config['buildup_start_date']);
  }
  if (isset($event_config['teardown_end_date']) && $planned_departure_date > $event_config['teardown_end_date']) {
    // Planned arrival can not be after teardown end date
    return new ValidationResult(false, $event_config['teardown_end_date']);
  }
  return new ValidationResult(true, $planned_departure_date);
}

/**
 * Returns user by id.
 *
 * @param $user_id UID          
 */
function User($user_id) {
  $user_source = sql_select("SELECT * FROM `User` WHERE `UID`='" . sql_escape($user_id) . "' LIMIT 1");
  if ($user_source === false) {
    engelsystem_error("Unable to load user.");
  }
  if (count($user_source) > 0) {
    return $user_source[0];
  }
  return null;
}

/**
 * Returns User by api_key.
 *
 * @param string $api_key
 *          User api key
 * @return Matching user, null or false on error
 */
function User_by_api_key($api_key) {
  $user = sql_select("SELECT * FROM `User` WHERE `api_key`='" . sql_escape($api_key) . "' LIMIT 1");
  if ($user === false) {
    return false;
  }
  if (count($user) == 0) {
    return null;
  }
  return $user[0];
}

/**
 * Returns User by email.
 *
 * @param string $email          
 * @return Matching user, null or false on error
 */
function User_by_email($email) {
  $user = sql_select("SELECT * FROM `User` WHERE `email`='" . sql_escape($email) . "' LIMIT 1");
  if ($user === false) {
    engelsystem_error("Unable to load user.");
  }
  if (count($user) == 0) {
    return null;
  }
  return $user[0];
}

/**
 * Returns User by password token.
 *
 * @param string $token          
 * @return Matching user, null or false on error
 */
function User_by_password_recovery_token($token) {
  $user = sql_select("SELECT * FROM `User` WHERE `password_recovery_token`='" . sql_escape($token) . "' LIMIT 1");
  if ($user === false) {
    engelsystem_error("Unable to load user.");
  }
  if (count($user) == 0) {
    return null;
  }
  return $user[0];
}

/**
 * Generates a new api key for given user.
 *
 * @param User $user          
 */
function User_reset_api_key(&$user, $log = true) {
  $user['api_key'] = md5($user['Nick'] . time() . rand());
  $result = sql_query("UPDATE `User` SET `api_key`='" . sql_escape($user['api_key']) . "' WHERE `UID`='" . sql_escape($user['UID']) . "' LIMIT 1");
  if ($result === false) {
    return false;
  }
  if ($log) {
    engelsystem_log(sprintf("API key resetted (%s).", User_Nick_render($user)));
  }
}

/**
 * Generates a new password recovery token for given user.
 *
 * @param User $user          
 */
function User_generate_password_recovery_token(&$user) {
  $user['password_recovery_token'] = md5($user['Nick'] . time() . rand());
  $result = sql_query("UPDATE `User` SET `password_recovery_token`='" . sql_escape($user['password_recovery_token']) . "' WHERE `UID`='" . sql_escape($user['UID']) . "' LIMIT 1");
  if ($result === false) {
    engelsystem_error("Unable to generate password recovery token.");
  }
  engelsystem_log("Password recovery for " . User_Nick_render($user) . " started.");
  return $user['password_recovery_token'];
}

function User_get_eligable_voucher_count(&$user) {
  global $voucher_settings;
  
  $shifts_done = count(ShiftEntries_finished_by_user($user));
  
  $earned_vouchers = $user['got_voucher'] - $voucher_settings['initial_vouchers'];
  $elegible_vouchers = $shifts_done / $voucher_settings['shifts_per_voucher'] - $earned_vouchers;
  if ($elegible_vouchers < 0) {
    return 0;
  }
  
  return $elegible_vouchers;
}

?>
#28 begin log 2012-12-26 14:02:27 +01:00			`<?php`
add ValidationResult to namespace 2016-11-18 08:20:17 +01:00			`use Engelsystem\ValidationResult;`
user list rewritten 2014-09-28 14:50:08 +02:00
implemented team/angeltype coordinators 2014-05-13 15:51:45 +02:00			`/**`
			`* User model`
			`*/`

add a more secure way to delete users containing a password request 2015-12-30 15:48:41 +01:00			`/**`
			`* Delete a user`
prohibit inline control structures on model and view 2016-09-29 11:18:17 +02:00			`*`
add a more secure way to delete users containing a password request 2015-12-30 15:48:41 +01:00			`* @param int $user_id`
			`*/`
			`function User_delete($user_id) {`
			return sql_query("DELETE FROM `User` WHERE `UID`='" . sql_escape($user_id) . "'");
			`}`

user voucher feature 2014-12-26 01:49:59 +01:00			`/**`
			`* Update user.`
use user nick render 2014-12-26 19:26:53 +01:00			`*`
user voucher feature 2014-12-26 01:49:59 +01:00			`* @param User $user`
			`*/`
			`function User_update($user) {`
			return sql_query("UPDATE `User` SET
			`Nick`='" . sql_escape($user['Nick']) . "',
			`Name`='" . sql_escape($user['Name']) . "',
			`Vorname`='" . sql_escape($user['Vorname']) . "',
harden the sql queries 2014-12-28 13:44:56 +01:00			`Alter`='" . sql_escape($user['Alter']) . "',
user voucher feature 2014-12-26 01:49:59 +01:00			`Telefon`='" . sql_escape($user['Telefon']) . "',
			`DECT`='" . sql_escape($user['DECT']) . "',
			`Handy`='" . sql_escape($user['Handy']) . "',
			`email`='" . sql_escape($user['email']) . "',
harden the sql queries 2014-12-28 13:44:56 +01:00			`email_shiftinfo`=" . sql_bool($user['email_shiftinfo']) . ",
fixes #266: add checkbox allowing the users email to be used by humans like event-team 2016-11-11 15:24:51 +01:00			`email_by_human_allowed`=" . sql_bool($user['email_by_human_allowed']) . ",
user voucher feature 2014-12-26 01:49:59 +01:00			`jabber`='" . sql_escape($user['jabber']) . "',
			`Size`='" . sql_escape($user['Size']) . "',
harden the sql queries 2014-12-28 13:44:56 +01:00			`Gekommen`='" . sql_escape($user['Gekommen']) . "',
			`Aktiv`='" . sql_escape($user['Aktiv']) . "',
			`force_active`=" . sql_bool($user['force_active']) . ",
			`Tshirt`='" . sql_escape($user['Tshirt']) . "',
			`color`='" . sql_escape($user['color']) . "',
user voucher feature 2014-12-26 01:49:59 +01:00			`Sprache`='" . sql_escape($user['Sprache']) . "',
			`Hometown`='" . sql_escape($user['Hometown']) . "',
make multiple vouchers possible 2015-08-12 23:44:39 +02:00			`got_voucher`='" . sql_escape($user['got_voucher']) . "',
fix user update problem 2015-08-11 12:04:22 +02:00			`arrival_date`='" . sql_escape($user['arrival_date']) . "',
improve code of user settings 2016-11-11 16:34:23 +01:00			`planned_arrival_date`='" . sql_escape($user['planned_arrival_date']) . "',
make departure date nullable 2016-11-15 16:36:03 +01:00			`planned_departure_date`=" . sql_null($user['planned_departure_date']) . "
add arrival date feature 2015-07-12 14:45:58 +02:00			WHERE `UID`='" . sql_escape($user['UID']) . "'");
user voucher feature 2014-12-26 01:49:59 +01:00			`}`

clear up mvc for user list 2014-09-28 15:01:02 +02:00			`/**`
			`* Counts all forced active users.`
			`*/`
			`function User_force_active_count() {`
			return sql_select_single_cell("SELECT COUNT(*) FROM `User` WHERE `force_active` = 1");
			`}`

			`function User_active_count() {`
			return sql_select_single_cell("SELECT COUNT(*) FROM `User` WHERE `Aktiv` = 1");
			`}`

user voucher feature 2014-12-26 01:49:59 +01:00			`function User_got_voucher_count() {`
make multiple vouchers possible 2015-08-12 23:44:39 +02:00			return sql_select_single_cell("SELECT SUM(`got_voucher`) FROM `User`");
user voucher feature 2014-12-26 01:49:59 +01:00			`}`

clear up mvc for user list 2014-09-28 15:01:02 +02:00			`function User_arrived_count() {`
			return sql_select_single_cell("SELECT COUNT(*) FROM `User` WHERE `Gekommen` = 1");
			`}`

			`function User_tshirts_count() {`
			return sql_select_single_cell("SELECT COUNT(*) FROM `User` WHERE `Tshirt` = 1");
			`}`

			`/**`
			`* Returns all column names for sorting in an array.`
			`*/`
			`function User_sortable_columns() {`
remove long array syntax 2016-09-30 17:08:20 +02:00			`return [`
clear up mvc for user list 2014-09-28 15:01:02 +02:00			`'Nick',`
			`'Name',`
			`'Vorname',`
			`'Alter',`
			`'DECT',`
			`'email',`
			`'Size',`
			`'Gekommen',`
			`'Aktiv',`
			`'force_active',`
			`'Tshirt',`
user voucher feature 2014-12-26 01:49:59 +01:00			`'lastLogIn'`
remove long array syntax 2016-09-30 17:08:20 +02:00			`];`
clear up mvc for user list 2014-09-28 15:01:02 +02:00			`}`

user list rewritten 2014-09-28 14:50:08 +02:00			`/**`
			`* Get all users, ordered by Nick by default or by given param.`
clear up mvc for user list 2014-09-28 15:01:02 +02:00			`*`
user voucher feature 2014-12-26 01:49:59 +01:00			`* @param string $order_by`
user list rewritten 2014-09-28 14:50:08 +02:00			`*/`
			`function Users($order_by = 'Nick') {`
			return sql_select("SELECT * FROM `User` ORDER BY `" . sql_escape($order_by) . "` ASC");
			`}`

add user view, better bootstrap 2014-08-23 01:55:18 +02:00			`/**`
			`* Returns true if user is freeloader`
			`*`
user voucher feature 2014-12-26 01:49:59 +01:00			`* @param User $user`
add user view, better bootstrap 2014-08-23 01:55:18 +02:00			`*/`
			`function User_is_freeloader($user) {`
			`global $max_freeloadable_shifts, $user;`
user voucher feature 2014-12-26 01:49:59 +01:00
add user view, better bootstrap 2014-08-23 01:55:18 +02:00			`return count(ShiftEntries_freeloaded_by_user($user)) >= $max_freeloadable_shifts;`
			`}`

implemented team/angeltype coordinators 2014-05-13 15:51:45 +02:00			`/**`
			`* Returns all users that are not member of given angeltype.`
			`*`
user voucher feature 2014-12-26 01:49:59 +01:00			`* @param Angeltype $angeltype`
implemented team/angeltype coordinators 2014-05-13 15:51:45 +02:00			`*/`
			`function Users_by_angeltype_inverted($angeltype) {`
reduce complexity of user angeltypes controller 2016-10-04 16:50:06 +02:00			`$result = sql_select("`
on api-key reset also log the username 2014-12-12 23:39:54 +01:00			SELECT `User`.*
			FROM `User`
harden the sql queries 2014-12-28 13:44:56 +01:00			LEFT JOIN `UserAngelTypes` ON (`User`.`UID`=`UserAngelTypes`.`user_id` AND `angeltype_id`='" . sql_escape($angeltype['id']) . "')
implemented team/angeltype coordinators 2014-05-13 15:51:45 +02:00			WHERE `UserAngelTypes`.`id` IS NULL
			ORDER BY `Nick`");
reduce complexity of user angeltypes controller 2016-10-04 16:50:06 +02:00			`if ($result === false) {`
			`engelsystem_error("Unable to load users.");`
			`}`
			`return $result;`
implemented team/angeltype coordinators 2014-05-13 15:51:45 +02:00			`}`
30c3 theme 2013-10-13 00:52:44 +02:00
rewritten angeltypes and user angeltypes 2014-01-05 19:30:06 +01:00			`/**`
			`* Returns all members of given angeltype.`
implemented team/angeltype coordinators 2014-05-13 15:51:45 +02:00			`*`
user voucher feature 2014-12-26 01:49:59 +01:00			`* @param Angeltype $angeltype`
rewritten angeltypes and user angeltypes 2014-01-05 19:30:06 +01:00			`*/`
			`function Users_by_angeltype($angeltype) {`
reduce complexity of angeltype controller 2016-11-17 13:11:44 +01:00			`$result = sql_select("`
on api-key reset also log the username 2014-12-12 23:39:54 +01:00			`SELECT`
			`User`.*,
			`UserAngelTypes`.`id` as `user_angeltype_id`,
implemented team/angeltype coordinators 2014-05-13 15:51:45 +02:00			`UserAngelTypes`.`confirm_user_id`,
rename coordinator to supporter 2016-11-11 14:59:25 +01:00			`UserAngelTypes`.`supporter`,
#198 fixed: driving license feature completed - integrated into angeltypes 2015-12-20 11:36:12 +01:00			`UserDriverLicenses`.*
rewritten angeltypes and user angeltypes 2014-01-05 19:30:06 +01:00			FROM `User`
			JOIN `UserAngelTypes` ON `User`.`UID`=`UserAngelTypes`.`user_id`
#198 fixed: driving license feature completed - integrated into angeltypes 2015-12-20 11:36:12 +01:00			LEFT JOIN `UserDriverLicenses` ON `User`.`UID`=`UserDriverLicenses`.`user_id`
harden the sql queries 2014-12-28 13:44:56 +01:00			WHERE `UserAngelTypes`.`angeltype_id`='" . sql_escape($angeltype['id']) . "'
rewritten angeltypes and user angeltypes 2014-01-05 19:30:06 +01:00			ORDER BY `Nick`");
reduce complexity of angeltype controller 2016-11-17 13:11:44 +01:00			`if ($result === false) {`
			`engelsystem_error("Unable to load members.");`
			`}`
			`return $result;`
rewritten angeltypes and user angeltypes 2014-01-05 19:30:06 +01:00			`}`

first api 2013-12-29 15:08:21 +01:00			`/**`
			`* Returns User id array`
			`*/`
reviewed cookies api 2014-01-07 15:50:16 +01:00			`function User_ids() {`
			return sql_select("SELECT `UID` FROM `User`");
first api 2013-12-29 15:08:21 +01:00			`}`

#137 fixed xss on login 2013-12-27 19:45:50 +01:00			`/**`
			`* Strip unwanted characters from a users nick.`
rewritten angeltypes and user angeltypes 2014-01-05 19:30:06 +01:00			`*`
user voucher feature 2014-12-26 01:49:59 +01:00			`* @param string $nick`
#137 fixed xss on login 2013-12-27 19:45:50 +01:00			`*/`
			`function User_validate_Nick($nick) {`
			`return preg_replace("/([^a-z0-9üöäß. _+*-]{1,})/ui", '', $nick);`
			`}`

reduce complexity of user settings main 2016-11-11 17:00:51 +01:00			`/**`
			`* Validate user email address.`
			`*`
			`* @param string $mail`
			`* The email address to validate`
			`* @return ValidationResult`
			`*/`
			`function User_validate_mail($mail) {`
			`$mail = strip_item($mail);`
			`return new ValidationResult(check_email($mail), $mail);`
			`}`

fixed settings validation 2016-11-14 19:10:29 +01:00			`/**`
			`* Validate user jabber address`
			`*`
			`* @param string $jabber`
			`* Jabber-ID to validate`
			`* @return ValidationResult`
			`*/`
			`function User_validate_jabber($jabber) {`
			`$jabber = strip_item($jabber);`
			`if ($jabber == '') {`
			`// Empty is ok`
			`return new ValidationResult(true, '');`
			`}`
			`return new ValidationResult(check_email($jabber), $jabber);`
			`}`

improve code of user settings 2016-11-11 16:34:23 +01:00			`/**`
			`* Validate the planned arrival date`
			`*`
			`* @param int $planned_arrival_date`
			`* Unix timestamp`
			`* @return ValidationResult`
			`*/`
			`function User_validate_planned_arrival_date($planned_arrival_date) {`
			`if ($planned_arrival_date == null) {`
			`// null is not okay`
			`return new ValidationResult(false, time());`
			`}`
			`$event_config = EventConfig();`
			`if ($event_config == null) {`
			`// Nothing to validate against`
			`return new ValidationResult(true, $planned_arrival_date);`
			`}`
			`if (isset($event_config['buildup_start_date']) && $planned_arrival_date < $event_config['buildup_start_date']) {`
			`// Planned arrival can not be before buildup start date`
			`return new ValidationResult(false, $event_config['buildup_start_date']);`
			`}`
			`if (isset($event_config['teardown_end_date']) && $planned_arrival_date > $event_config['teardown_end_date']) {`
			`// Planned arrival can not be after teardown end date`
			`return new ValidationResult(false, $event_config['teardown_end_date']);`
			`}`
			`return new ValidationResult(true, $planned_arrival_date);`
			`}`

			`/**`
			`* Validate the planned departure date`
			`*`
			`* @param int $planned_arrival_date`
			`* Unix timestamp`
			`* @param int $planned_departure_date`
			`* Unix timestamp`
			`* @return ValidationResult`
			`*/`
			`function User_validate_planned_departure_date($planned_arrival_date, $planned_departure_date) {`
			`if ($planned_departure_date == null) {`
			`// null is okay`
			`return new ValidationResult(true, null);`
			`}`
			`if ($planned_arrival_date > $planned_departure_date) {`
			`// departure cannot be before arrival`
			`return new ValidationResult(false, $planned_arrival_date);`
			`}`
			`$event_config = EventConfig();`
			`if ($event_config == null) {`
			`// Nothing to validate against`
			`return new ValidationResult(true, $planned_departure_date);`
			`}`
			`if (isset($event_config['buildup_start_date']) && $planned_departure_date < $event_config['buildup_start_date']) {`
			`// Planned arrival can not be before buildup start date`
			`return new ValidationResult(false, $event_config['buildup_start_date']);`
			`}`
			`if (isset($event_config['teardown_end_date']) && $planned_departure_date > $event_config['teardown_end_date']) {`
			`// Planned arrival can not be after teardown end date`
			`return new ValidationResult(false, $event_config['teardown_end_date']);`
			`}`
			`return new ValidationResult(true, $planned_departure_date);`
			`}`

#28 begin log 2012-12-26 14:02:27 +01:00			`/**`
			`* Returns user by id.`
30c3 theme 2013-10-13 00:52:44 +02:00			`*`
make short variable names longer 2016-09-29 12:45:06 +02:00			`* @param $user_id UID`
#28 begin log 2012-12-26 14:02:27 +01:00			`*/`
make short variable names longer 2016-09-29 12:45:06 +02:00			`function User($user_id) {`
			$user_source = sql_select("SELECT * FROM `User` WHERE `UID`='" . sql_escape($user_id) . "' LIMIT 1");
prohibit inline control structures on model and view 2016-09-29 11:18:17 +02:00			`if ($user_source === false) {`
reduce complexity of user angeltypes controller 2016-10-04 16:50:06 +02:00			`engelsystem_error("Unable to load user.");`
prohibit inline control structures on model and view 2016-09-29 11:18:17 +02:00			`}`
			`if (count($user_source) > 0) {`
#28 begin log 2012-12-26 14:02:27 +01:00			`return $user_source[0];`
prohibit inline control structures on model and view 2016-09-29 11:18:17 +02:00			`}`
#28 begin log 2012-12-26 14:02:27 +01:00			`return null;`
			`}`

#119 added basic shift json export support using same pattern like ical export 2013-09-10 14:27:31 +02:00			`/**`
			`* Returns User by api_key.`
30c3 theme 2013-10-13 00:52:44 +02:00			`*`
			`* @param string $api_key`
			`* User api key`
#119 added basic shift json export support using same pattern like ical export 2013-09-10 14:27:31 +02:00			`* @return Matching user, null or false on error`
			`*/`
			`function User_by_api_key($api_key) {`
			$user = sql_select("SELECT * FROM `User` WHERE `api_key`='" . sql_escape($api_key) . "' LIMIT 1");
prohibit inline control structures on model and view 2016-09-29 11:18:17 +02:00			`if ($user === false) {`
#119 added basic shift json export support using same pattern like ical export 2013-09-10 14:27:31 +02:00			`return false;`
prohibit inline control structures on model and view 2016-09-29 11:18:17 +02:00			`}`
			`if (count($user) == 0) {`
#119 added basic shift json export support using same pattern like ical export 2013-09-10 14:27:31 +02:00			`return null;`
prohibit inline control structures on model and view 2016-09-29 11:18:17 +02:00			`}`
#119 added basic shift json export support using same pattern like ical export 2013-09-10 14:27:31 +02:00			`return $user[0];`
			`}`

user password recovery 2013-12-26 13:34:48 +01:00			`/**`
			`* Returns User by email.`
			`*`
user voucher feature 2014-12-26 01:49:59 +01:00			`* @param string $email`
user password recovery 2013-12-26 13:34:48 +01:00			`* @return Matching user, null or false on error`
			`*/`
			`function User_by_email($email) {`
			$user = sql_select("SELECT * FROM `User` WHERE `email`='" . sql_escape($email) . "' LIMIT 1");
prohibit inline control structures on model and view 2016-09-29 11:18:17 +02:00			`if ($user === false) {`
reduce complexity of password recovery controller 2016-11-15 22:08:41 +01:00			`engelsystem_error("Unable to load user.");`
prohibit inline control structures on model and view 2016-09-29 11:18:17 +02:00			`}`
			`if (count($user) == 0) {`
user password recovery 2013-12-26 13:34:48 +01:00			`return null;`
prohibit inline control structures on model and view 2016-09-29 11:18:17 +02:00			`}`
user password recovery 2013-12-26 13:34:48 +01:00			`return $user[0];`
			`}`

			`/**`
			`* Returns User by password token.`
			`*`
user voucher feature 2014-12-26 01:49:59 +01:00			`* @param string $token`
user password recovery 2013-12-26 13:34:48 +01:00			`* @return Matching user, null or false on error`
			`*/`
			`function User_by_password_recovery_token($token) {`
			$user = sql_select("SELECT * FROM `User` WHERE `password_recovery_token`='" . sql_escape($token) . "' LIMIT 1");
prohibit inline control structures on model and view 2016-09-29 11:18:17 +02:00			`if ($user === false) {`
reduce complexity of password recovery controller 2016-11-15 22:08:41 +01:00			`engelsystem_error("Unable to load user.");`
prohibit inline control structures on model and view 2016-09-29 11:18:17 +02:00			`}`
			`if (count($user) == 0) {`
user password recovery 2013-12-26 13:34:48 +01:00			`return null;`
prohibit inline control structures on model and view 2016-09-29 11:18:17 +02:00			`}`
user password recovery 2013-12-26 13:34:48 +01:00			`return $user[0];`
			`}`

#119 added basic shift json export support using same pattern like ical export 2013-09-10 14:27:31 +02:00			`/**`
			`* Generates a new api key for given user.`
30c3 theme 2013-10-13 00:52:44 +02:00			`*`
user voucher feature 2014-12-26 01:49:59 +01:00			`* @param User $user`
#119 added basic shift json export support using same pattern like ical export 2013-09-10 14:27:31 +02:00			`*/`
only log if api key was reset on purpose 2014-12-16 00:54:50 +01:00			`function User_reset_api_key(&$user, $log = true) {`
#119 added basic shift json export support using same pattern like ical export 2013-09-10 14:27:31 +02:00			`$user['api_key'] = md5($user['Nick'] . time() . rand());`
mysql to mysqli and a lot of cleanup and mvc 2013-09-18 01:38:36 +02:00			$result = sql_query("UPDATE `User` SET `api_key`='" . sql_escape($user['api_key']) . "' WHERE `UID`='" . sql_escape($user['UID']) . "' LIMIT 1");
prohibit inline control structures on model and view 2016-09-29 11:18:17 +02:00			`if ($result === false) {`
mysql to mysqli and a lot of cleanup and mvc 2013-09-18 01:38:36 +02:00			`return false;`
prohibit inline control structures on model and view 2016-09-29 11:18:17 +02:00			`}`
			`if ($log) {`
user voucher feature 2014-12-26 01:49:59 +01:00			`engelsystem_log(sprintf("API key resetted (%s).", User_Nick_render($user)));`
prohibit inline control structures on model and view 2016-09-29 11:18:17 +02:00			`}`
#119 added basic shift json export support using same pattern like ical export 2013-09-10 14:27:31 +02:00			`}`

user password recovery 2013-12-26 13:34:48 +01:00			`/**`
			`* Generates a new password recovery token for given user.`
			`*`
user voucher feature 2014-12-26 01:49:59 +01:00			`* @param User $user`
user password recovery 2013-12-26 13:34:48 +01:00			`*/`
			`function User_generate_password_recovery_token(&$user) {`
			`$user['password_recovery_token'] = md5($user['Nick'] . time() . rand());`
			$result = sql_query("UPDATE `User` SET `password_recovery_token`='" . sql_escape($user['password_recovery_token']) . "' WHERE `UID`='" . sql_escape($user['UID']) . "' LIMIT 1");
prohibit inline control structures on model and view 2016-09-29 11:18:17 +02:00			`if ($result === false) {`
reduce complexity of password recovery controller 2016-11-15 22:08:41 +01:00			`engelsystem_error("Unable to generate password recovery token.");`
prohibit inline control structures on model and view 2016-09-29 11:18:17 +02:00			`}`
use user nick render 2014-12-26 19:26:53 +01:00			`engelsystem_log("Password recovery for " . User_Nick_render($user) . " started.");`
user password recovery 2013-12-26 13:34:48 +01:00			`return $user['password_recovery_token'];`
			`}`

issue #242 - make app caluclate number of vouchers for angels 2016-02-05 22:57:57 +01:00			`function User_get_eligable_voucher_count(&$user) {`
			`global $voucher_settings;`

prohibit inline control structures on model and view 2016-09-29 11:18:17 +02:00			`$shifts_done = count(ShiftEntries_finished_by_user($user));`

			`$earned_vouchers = $user['got_voucher'] - $voucher_settings['initial_vouchers'];`
			`$elegible_vouchers = $shifts_done / $voucher_settings['shifts_per_voucher'] - $earned_vouchers;`
			`if ($elegible_vouchers < 0) {`
			`return 0;`
			`}`

			`return $elegible_vouchers;`
issue #242 - make app caluclate number of vouchers for angels 2016-02-05 22:57:57 +01:00			`}`

first api 2013-12-29 15:08:21 +01:00			`?>`