2013-12-26 13:34:48 +01:00
< ? php
2016-12-28 14:53:35 +01:00
use Engelsystem\ShiftsFilter ;
use Engelsystem\ShiftCalendarRenderer ;
2013-12-26 13:34:48 +01:00
/**
2014-08-22 22:34:13 +02:00
* Route user actions .
*/
2017-01-02 03:57:23 +01:00
function users_controller ()
{
global $user ;
2014-12-22 20:18:34 +01:00
2017-01-02 03:57:23 +01:00
if ( ! isset ( $user )) {
redirect ( page_link_to ( '' ));
}
2014-12-22 20:18:34 +01:00
2017-01-02 03:57:23 +01:00
if ( ! isset ( $_REQUEST [ 'action' ])) {
$_REQUEST [ 'action' ] = 'list' ;
}
2014-12-22 20:18:34 +01:00
2017-01-02 03:57:23 +01:00
switch ( $_REQUEST [ 'action' ]) {
2014-08-22 22:34:13 +02:00
default :
case 'list' :
return users_list_controller ();
case 'view' :
return user_controller ();
case 'edit' :
return user_edit_controller ();
case 'delete' :
return user_delete_controller ();
2015-08-12 23:44:39 +02:00
case 'edit_vouchers' :
return user_edit_vouchers_controller ();
2014-08-22 22:34:13 +02:00
}
}
2015-12-30 15:48:41 +01:00
/**
* Delete a user , requires to enter own password for reasons .
*/
2017-01-02 03:57:23 +01:00
function user_delete_controller ()
{
global $privileges , $user ;
2015-12-30 15:48:41 +01:00
2017-01-02 03:57:23 +01:00
if ( isset ( $_REQUEST [ 'user_id' ])) {
$user_source = User ( $_REQUEST [ 'user_id' ]);
} else {
$user_source = $user ;
}
2015-12-30 15:48:41 +01:00
2017-01-02 03:57:23 +01:00
if ( ! in_array ( 'admin_user' , $privileges )) {
redirect ( page_link_to ( '' ));
}
2016-09-29 09:43:08 +02:00
// You cannot delete yourself
2015-12-30 15:48:41 +01:00
if ( $user [ 'UID' ] == $user_source [ 'UID' ]) {
2017-01-02 03:57:23 +01:00
error ( _ ( " You cannot delete yourself. " ));
redirect ( user_link ( $user ));
2015-12-30 15:48:41 +01:00
}
2017-01-02 03:57:23 +01:00
if ( isset ( $_REQUEST [ 'submit' ])) {
$valid = true ;
2015-12-30 15:48:41 +01:00
2017-01-02 03:57:23 +01:00
if ( ! ( isset ( $_REQUEST [ 'password' ]) && verify_password ( $_REQUEST [ 'password' ], $user [ 'Passwort' ], $user [ 'UID' ]))) {
$valid = false ;
error ( _ ( " Your password is incorrect. Please try it again. " ));
}
2015-12-30 15:48:41 +01:00
2017-01-02 03:57:23 +01:00
if ( $valid ) {
$result = User_delete ( $user_source [ 'UID' ]);
if ( $result === false ) {
engelsystem_error ( 'Unable to delete user.' );
}
2015-12-30 15:48:41 +01:00
2017-01-02 03:57:23 +01:00
mail_user_delete ( $user_source );
success ( _ ( " User deleted. " ));
engelsystem_log ( sprintf ( " Deleted %s " , User_Nick_render ( $user_source )));
2015-12-30 15:48:41 +01:00
2017-01-02 03:57:23 +01:00
redirect ( users_link ());
}
2015-12-30 15:48:41 +01:00
}
2017-01-02 03:57:23 +01:00
return [
2015-12-30 15:48:41 +01:00
sprintf ( _ ( " Delete %s " ), $user_source [ 'Nick' ]),
2017-01-02 03:57:23 +01:00
User_delete_view ( $user_source )
2016-09-29 09:43:08 +02:00
];
2015-12-30 15:48:41 +01:00
}
2017-01-02 03:57:23 +01:00
function users_link ()
{
return page_link_to ( 'users' );
2014-12-27 21:55:24 +01:00
}
2017-01-02 03:57:23 +01:00
function user_edit_link ( $user )
{
return page_link_to ( 'admin_user' ) . '&user_id=' . $user [ 'UID' ];
2015-12-30 15:48:41 +01:00
}
2017-01-02 03:57:23 +01:00
function user_delete_link ( $user )
{
return page_link_to ( 'users' ) . '&action=delete&user_id=' . $user [ 'UID' ];
2015-12-30 15:48:41 +01:00
}
2017-01-02 03:57:23 +01:00
function user_link ( $user )
{
return page_link_to ( 'users' ) . '&action=view&user_id=' . $user [ 'UID' ];
2014-12-26 01:49:59 +01:00
}
2017-01-02 03:57:23 +01:00
function user_edit_vouchers_controller ()
{
global $privileges , $user ;
2014-12-22 20:18:34 +01:00
2017-01-02 03:57:23 +01:00
if ( isset ( $_REQUEST [ 'user_id' ])) {
$user_source = User ( $_REQUEST [ 'user_id' ]);
} else {
$user_source = $user ;
}
2014-12-22 20:18:34 +01:00
2017-01-02 03:57:23 +01:00
if ( ! in_array ( 'admin_user' , $privileges )) {
redirect ( page_link_to ( '' ));
}
2014-12-26 01:49:59 +01:00
2017-01-02 03:57:23 +01:00
if ( isset ( $_REQUEST [ 'submit' ])) {
$valid = true ;
2015-08-12 23:44:39 +02:00
2017-01-02 03:57:23 +01:00
if ( isset ( $_REQUEST [ 'vouchers' ]) && test_request_int ( 'vouchers' ) && trim ( $_REQUEST [ 'vouchers' ]) >= 0 ) {
$vouchers = trim ( $_REQUEST [ 'vouchers' ]);
} else {
$valid = false ;
error ( _ ( " Please enter a valid number of vouchers. " ));
}
2015-08-12 23:44:39 +02:00
2017-01-02 03:57:23 +01:00
if ( $valid ) {
$user_source [ 'got_voucher' ] = $vouchers ;
2015-08-12 23:44:39 +02:00
2017-01-02 03:57:23 +01:00
$result = User_update ( $user_source );
if ( $result === false ) {
engelsystem_error ( 'Unable to update user.' );
}
2015-08-12 23:44:39 +02:00
2017-01-02 03:57:23 +01:00
success ( _ ( " Saved the number of vouchers. " ));
engelsystem_log ( User_Nick_render ( $user_source ) . ': ' . sprintf ( " Got %s vouchers " , $user_source [ 'got_voucher' ]));
2015-08-12 23:44:39 +02:00
2017-01-02 03:57:23 +01:00
redirect ( user_link ( $user_source ));
}
2015-08-12 23:44:39 +02:00
}
2014-12-26 01:49:59 +01:00
2017-01-02 03:57:23 +01:00
return [
2015-08-12 23:44:39 +02:00
sprintf ( _ ( " %s's vouchers " ), $user_source [ 'Nick' ]),
2017-01-02 03:57:23 +01:00
User_edit_vouchers_view ( $user_source )
2016-09-29 09:43:08 +02:00
];
2014-12-26 01:49:59 +01:00
}
2017-01-02 03:57:23 +01:00
function user_controller ()
{
global $privileges , $user ;
2014-12-26 01:49:59 +01:00
2017-01-02 03:57:23 +01:00
$user_source = $user ;
if ( isset ( $_REQUEST [ 'user_id' ])) {
$user_source = User ( $_REQUEST [ 'user_id' ]);
if ( $user_source == null ) {
error ( _ ( " User not found. " ));
redirect ( '?' );
}
2015-12-05 11:55:35 +01:00
}
2014-12-26 01:49:59 +01:00
2017-01-02 03:57:23 +01:00
$shifts = Shifts_by_user ( $user_source , in_array ( " user_shifts_admin " , $privileges ));
foreach ( $shifts as & $shift ) {
// TODO: Move queries to model
2014-12-28 13:44:56 +01:00
$shift [ 'needed_angeltypes' ] = sql_select ( " SELECT DISTINCT `AngelTypes`.* FROM `ShiftEntry` JOIN `AngelTypes` ON `ShiftEntry`.`TID`=`AngelTypes`.`id` WHERE `ShiftEntry`.`SID`=' " . sql_escape ( $shift [ 'SID' ]) . " ' ORDER BY `AngelTypes`.`name` " );
2017-01-02 03:57:23 +01:00
foreach ( $shift [ 'needed_angeltypes' ] as & $needed_angeltype ) {
$needed_angeltype [ 'users' ] = sql_select ( "
2014-12-16 00:54:50 +01:00
SELECT `ShiftEntry` . `freeloaded` , `User` .*
FROM `ShiftEntry`
JOIN `User` ON `ShiftEntry` . `UID` = `User` . `UID`
2014-12-28 13:44:56 +01:00
WHERE `ShiftEntry` . `SID` = '" . sql_escape($shift[' SID ']) . "'
AND `ShiftEntry` . `TID` = '" . sql_escape($needed_angeltype[' id ']) . "' " );
2017-01-02 03:57:23 +01:00
}
2014-08-23 01:55:18 +02:00
}
2014-12-22 20:18:34 +01:00
2017-01-02 03:57:23 +01:00
if ( $user_source [ 'api_key' ] == " " ) {
User_reset_api_key ( $user_source , false );
}
2014-12-22 20:18:34 +01:00
2017-01-02 03:57:23 +01:00
return [
2014-08-22 22:34:13 +02:00
$user_source [ 'Nick' ],
2017-01-02 03:57:23 +01:00
User_view ( $user_source , in_array ( 'admin_user' , $privileges ), User_is_freeloader ( $user_source ), User_angeltypes ( $user_source ), User_groups ( $user_source ), $shifts , $user [ 'UID' ] == $user_source [ 'UID' ])
2016-09-29 09:43:08 +02:00
];
2014-08-22 22:34:13 +02:00
}
2014-09-28 15:01:02 +02:00
/**
* List all users .
*/
2017-01-02 03:57:23 +01:00
function users_list_controller ()
{
global $privileges ;
2014-12-22 20:18:34 +01:00
2017-01-02 03:57:23 +01:00
if ( ! in_array ( 'admin_user' , $privileges )) {
redirect ( page_link_to ( '' ));
}
2014-12-22 20:18:34 +01:00
2017-01-02 03:57:23 +01:00
$order_by = 'Nick' ;
if ( isset ( $_REQUEST [ 'OrderBy' ]) && in_array ( $_REQUEST [ 'OrderBy' ], User_sortable_columns ())) {
$order_by = $_REQUEST [ 'OrderBy' ];
}
2014-12-22 20:18:34 +01:00
2017-01-02 03:57:23 +01:00
$users = Users ( $order_by );
if ( $users === false ) {
engelsystem_error ( 'Unable to load users.' );
}
2014-12-22 20:18:34 +01:00
2017-01-02 03:57:23 +01:00
foreach ( $users as & $user ) {
$user [ 'freeloads' ] = count ( ShiftEntries_freeloaded_by_user ( $user ));
}
2014-12-22 20:18:34 +01:00
2017-01-02 03:57:23 +01:00
return [
2014-09-28 14:50:08 +02:00
_ ( 'All users' ),
2017-01-02 03:57:23 +01:00
Users_view ( $users , $order_by , User_arrived_count (), User_active_count (), User_force_active_count (), ShiftEntries_freeleaded_count (), User_tshirts_count (), User_got_voucher_count ())
2016-09-29 09:43:08 +02:00
];
2014-08-22 22:34:13 +02:00
}
/**
2016-11-15 22:08:41 +01:00
* Second step of password recovery : set a new password using the token link from email
2013-12-26 13:34:48 +01:00
*/
2017-01-02 03:57:23 +01:00
function user_password_recovery_set_new_controller ()
{
global $min_password_length ;
$user_source = User_by_password_recovery_token ( $_REQUEST [ 'token' ]);
if ( $user_source == null ) {
error ( _ ( " Token is not correct. " ));
redirect ( page_link_to ( 'login' ));
}
2016-11-15 22:08:41 +01:00
2017-01-02 03:57:23 +01:00
if ( isset ( $_REQUEST [ 'submit' ])) {
$valid = true ;
2017-01-01 18:49:43 +01:00
2017-01-02 03:57:23 +01:00
if ( isset ( $_REQUEST [ 'password' ]) && strlen ( $_REQUEST [ 'password' ]) >= $min_password_length ) {
if ( $_REQUEST [ 'password' ] != $_REQUEST [ 'password2' ]) {
$valid = false ;
error ( _ ( " Your passwords don't match. " ));
}
} else {
$valid = false ;
error ( _ ( " Your password is to short (please use at least 6 characters). " ));
}
2014-12-22 20:18:34 +01:00
2017-01-02 03:57:23 +01:00
if ( $valid ) {
set_password ( $user_source [ 'UID' ], $_REQUEST [ 'password' ]);
success ( _ ( " Password saved. " ));
redirect ( page_link_to ( 'login' ));
}
2016-11-15 22:08:41 +01:00
}
2017-01-02 03:57:23 +01:00
return User_password_set_view ();
2016-11-15 22:08:41 +01:00
}
/**
* First step of password recovery : display a form that asks for your email and send email with recovery link
*/
2017-01-02 03:57:23 +01:00
function user_password_recovery_start_controller ()
{
if ( isset ( $_REQUEST [ 'submit' ])) {
$valid = true ;
2016-11-15 22:08:41 +01:00
2017-01-02 03:57:23 +01:00
if ( isset ( $_REQUEST [ 'email' ]) && strlen ( strip_request_item ( 'email' )) > 0 ) {
$email = strip_request_item ( 'email' );
if ( check_email ( $email )) {
$user_source = User_by_email ( $email );
if ( $user_source == null ) {
$valid = false ;
error ( _ ( " E-mail address is not correct. " ));
}
} else {
$valid = false ;
error ( _ ( " E-mail address is not correct. " ));
}
} else {
$valid = false ;
error ( _ ( " Please enter your e-mail. " ));
2013-12-26 13:34:48 +01:00
}
2014-12-22 20:18:34 +01:00
2017-01-02 03:57:23 +01:00
if ( $valid ) {
$token = User_generate_password_recovery_token ( $user_source );
engelsystem_email_to_user ( $user_source , _ ( " Password recovery " ), sprintf ( _ ( " Please visit %s to recover your password. " ), page_link_to_absolute ( 'user_password_recovery' ) . '&token=' . $token ));
success ( _ ( " We sent an email containing your password recovery link. " ));
redirect ( page_link_to ( 'login' ));
}
2016-11-15 22:08:41 +01:00
}
2017-01-02 03:57:23 +01:00
return User_password_recovery_view ();
2016-11-15 22:08:41 +01:00
}
/**
* User password recovery in 2 steps .
* ( By email )
*/
2017-01-02 03:57:23 +01:00
function user_password_recovery_controller ()
{
if ( isset ( $_REQUEST [ 'token' ])) {
return user_password_recovery_set_new_controller ();
} else {
return user_password_recovery_start_controller ();
}
2013-12-26 13:34:48 +01:00
}
2014-01-07 16:19:35 +01:00
/**
* Menu title for password recovery .
*/
2017-01-02 03:57:23 +01:00
function user_password_recovery_title ()
{
return _ ( " Password recovery " );
2013-12-26 13:34:48 +01:00
}
2016-09-30 16:55:47 +02:00
/**
* Loads a user from param user_id .
*/
2017-01-02 03:57:23 +01:00
function load_user ()
{
if ( ! isset ( $_REQUEST [ 'user_id' ])) {
redirect ( page_link_to ());
}
2016-09-30 16:55:47 +02:00
2017-01-02 03:57:23 +01:00
$user = User ( $_REQUEST [ 'user_id' ]);
if ( $user === false ) {
engelsystem_error ( " Unable to load user. " );
}
2016-09-30 16:55:47 +02:00
2017-01-02 03:57:23 +01:00
if ( $user == null ) {
error ( _ ( " User doesn't exist. " ));
redirect ( page_link_to ());
}
2016-09-30 16:55:47 +02:00
2017-01-02 03:57:23 +01:00
return $user ;
2016-09-30 16:55:47 +02:00
}
2017-01-02 03:57:23 +01:00
function shiftCalendarRendererByShiftFilter ( ShiftsFilter $shiftsFilter )
{
$shifts = Shifts_by_ShiftsFilter ( $shiftsFilter );
$needed_angeltypes_source = NeededAngeltypes_by_ShiftsFilter ( $shiftsFilter );
$shift_entries_source = ShiftEntries_by_ShiftsFilter ( $shiftsFilter );
2016-12-28 14:53:35 +01:00
2017-01-02 03:57:23 +01:00
$needed_angeltypes = [];
$shift_entries = [];
foreach ( $shifts as $shift ) {
$needed_angeltypes [ $shift [ 'SID' ]] = [];
$shift_entries [ $shift [ 'SID' ]] = [];
2016-12-29 14:51:43 +01:00
}
2017-01-02 03:57:23 +01:00
foreach ( $shift_entries_source as $shift_entry ) {
if ( isset ( $shift_entries [ $shift_entry [ 'SID' ]])) {
$shift_entries [ $shift_entry [ 'SID' ]][] = $shift_entry ;
}
2016-12-29 14:51:43 +01:00
}
2017-01-02 03:57:23 +01:00
foreach ( $needed_angeltypes_source as $needed_angeltype ) {
if ( isset ( $needed_angeltypes [ $needed_angeltype [ 'SID' ]])) {
$needed_angeltypes [ $needed_angeltype [ 'SID' ]][] = $needed_angeltype ;
2016-12-29 15:33:21 +01:00
}
2016-12-29 14:51:43 +01:00
}
2017-01-02 03:57:23 +01:00
unset ( $needed_angeltypes_source );
unset ( $shift_entries_source );
if ( in_array ( ShiftsFilter :: FILLED_FREE , $shiftsFilter -> getFilled ()) && in_array ( ShiftsFilter :: FILLED_FILLED , $shiftsFilter -> getFilled ())) {
return new ShiftCalendarRenderer ( $shifts , $needed_angeltypes , $shift_entries , $shiftsFilter );
2016-12-29 14:51:43 +01:00
}
2017-01-02 03:57:23 +01:00
$filtered_shifts = [];
foreach ( $shifts as $shift ) {
$needed_angels_count = 0 ;
foreach ( $needed_angeltypes [ $shift [ 'SID' ]] as $needed_angeltype ) {
$taken = 0 ;
foreach ( $shift_entries [ $shift [ 'SID' ]] as $shift_entry ) {
if ( $needed_angeltype [ 'angel_type_id' ] == $shift_entry [ 'TID' ] && $shift_entry [ 'freeloaded' ] == 0 ) {
$taken ++ ;
}
}
$needed_angels_count += max ( 0 , $needed_angeltype [ 'count' ] - $taken );
}
if ( in_array ( ShiftsFilter :: FILLED_FREE , $shiftsFilter -> getFilled ()) && $taken < $needed_angels_count ) {
$filtered_shifts [] = $shift ;
}
if ( in_array ( ShiftsFilter :: FILLED_FILLED , $shiftsFilter -> getFilled ()) && $taken >= $needed_angels_count ) {
$filtered_shifts [] = $shift ;
}
2016-12-29 14:51:43 +01:00
}
2017-01-02 03:57:23 +01:00
return new ShiftCalendarRenderer ( $filtered_shifts , $needed_angeltypes , $shift_entries , $shiftsFilter );
2016-12-28 14:53:35 +01:00
}