PHP File Manager

Editing File: Users.php

<?php /* * Copyright (C) Wayne Purton-Smith - All Rights Reserved * Unauthorized copying of this file or removing this paragraph, via any medium is strictly prohibited * Proprietary and confidential * Written by Wayne Purton-Smith <waynepurtonsmith@hotmail.co.uk> February 2014 */ class Users extends CI_Model { public $logged_in = false; public $user_id = 0; public $customer_id = 0; public $group_id = 0; public $first_name = NULL; public $last_name = NULL; public $business = NULL; public $session_id = NULL; public $request_password_change = false; private $customers = false; private $default_table = 'members'; private $remember_session_key = 'system_session_extra'; public $permissions = array(); public function setCustomerMode() { $this->customers = true; $this->default_table = 'customers'; return $this; } public function checkSession() { $this->session_id = $this->session->userdata('session_id'); if(($logged_user_id = (int) $this->session->userdata('user_id')) > 0 || strlen(($remember_cookie = $this->encrypt->decode($this->input->cookie($this->remember_session_key)))) === 48) { if($this->customers) { $sql = "SELECT `u`.* FROM `" . $this->default_table . "` `u` "; } else { $sql = "SELECT `u`.*, `ug`.* FROM `" . $this->default_table . "` `u` INNER JOIN `member_groups` `ug` ON `ug`.`group_id` = `u`.`user_group` "; } $sql .= " WHERE "; if($logged_user_id > 0) { $sql .= " `u`.`" . (($this->customers) ? 'customer_id' : 'user_id') . "` = $logged_user_id "; } else { $sql .= " `u`.`remember_session` = " . $this->db->escape($remember_cookie) . " "; } $sql .= " GROUP BY `u`.`" . (($this->customers) ? 'customer_id' : 'user_id') . "`"; $sql .= " LIMIT 1"; $result = $this->db->query($sql); if($result->num_rows()) { $row = $result->row(); $this->logged_in = true; $this->first_name = $row->first_name; $this->last_name = $row->last_name; if($this->customers) { $this->customer_id = (int) $row->customer_id; $this->business = $row->business; $this->request_password_change = (bool) $row->change_password; } else { $this->user_id = (int) $row->user_id; $this->group_id = (int) $row->user_group; foreach($row as $row_index => $row_value) { if(substr($row_index, 0, 10) == 'permission' && (bool) $row_value) { $this->permissions[] = $row_index; } } } } } } public function login($identifier = NULL, $password = NULL, $keep_logged_in = true) { if($identifier && $password) { $sql = "SELECT `u`.* FROM `" . $this->default_table . "` `u` WHERE `u`.`is_deleted` = 0 AND `u`.`password` IS NOT NULL AND "; if(filter_var($identifier, FILTER_VALIDATE_EMAIL)) { $sql .= " `u`.`email` "; } else { $sql .= " `u`.`username` "; } $sql .= " = " . $this->db->escape($identifier) . " "; if($this->customers) { $sql .= " AND `trade_request` IS NULL "; } $sql .= " LIMIT 1"; $result = $this->db->query($sql); if($result->num_rows()) { $row = $result->row(); if(verify_password($password, $row->password)) { $this->logged_in = true; if((bool) $keep_logged_in) { $remember_me_value = generate_unique_identifier(48, $this->default_table, 'remember_session'); $this->input->set_cookie($this->remember_session_key, $this->encrypt->encode($remember_me_value), (60 * 60 * 24 * 60)); $this->db->query($this->db->update_string($this->default_table, array('remember_session' => $remember_me_value), ($this->customers) ? "`customer_id` = " . $this->customer_id : "`user_id` = " . $row->user_id)); } $this->session->set_userdata(array ( 'logged_in' => 1, 'user_id' => ($this->customers) ? $row->customer_id : $row->user_id )); if($this->customers) { $this->db->query($this->db->update_string('customers', array('last_login' => time()), "`customer_id` = " . $row->customer_id)); } $this->checkSession(); return true; } unset($row); } } return false; } public function hasPermission() { if($this->isAdmin()) { return true; } $permission_types = func_get_args(); if(empty($permission_types)) { return false; } foreach($permission_types as $type) { if(!in_array($type, $this->permissions)) { return false; } } return true; } public function isAdmin() { return (in_array($this->group_id, array(1, 2))); } public function getUsers($user_id = 0, $group_id = 0) { $sql = "SELECT `u`.`user_id`, `u`.`username`, `u`.`first_name`, `u`.`last_name`, `u`.`email`, `ug`.* FROM `members` `u` INNER JOIN `member_groups` `ug` ON `ug`.`group_id` = `u`.`user_group` WHERE `u`.`is_deleted` = 0 AND `u`.`user_id` <> 1 AND `u`.`user_group` <> 1 "; if(($user_id = (int) $user_id) > 0) { $sql .= " AND `u`.`user_id` = $user_id "; } if(($group_id = (int) $group_id) > 0) { $sql .= " AND `u`.`group_id` = $group_id "; } $sql .= " ORDER BY `u`.`user_group`, CONCAT(`u`.`first_name`, `u`.`last_name`) "; $result = $this->db->query($sql); if($result->num_rows()) { if($user_id > 0) return $result->row(); $rows = $result->result(); $result->free_result(); return $rows; } return array(); } public function getUserGroups($group_id = 0) { $sql = "SELECT * FROM `member_groups` WHERE `is_deleted` = 0 AND `group_id` <> 1 "; if(($group_id = (int) $group_id) > 0) { $sql .= " AND `group_id` = $group_id "; } $sql .= " GROUP BY `group_id` ORDER BY SUM(`permission_orders` + `permission_users` + `permission_customers` + `permission_products` + `permission_offers` + `permission_stock` + `permission_enquiries` + `permission_content`) DESC, `group_name`"; $result = $this->db->query($sql); if($result->num_rows()) { if($group_id > 0) return $result->row(); $rows = $result->result(); $result->free_result(); return $rows; } return array(); } public function saveUser($data = array(), $user_id = 0) { $user_id = (($user_id = (int) $user_id) > 0) ? $user_id : 0; $is_update = ($user_id > 0); $first_name = (isset($data['first_name']) && ($first_name = format_whitespace($data['first_name'])) != '') ? $first_name : NULL; $last_name = (isset($data['last_name']) && ($last_name = format_whitespace($data['last_name'])) != '') ? $last_name : NULL; if($first_name == '') { return $this->common->setResponseMessage('The user\'s first name is required'); } $username = (isset($data['username']) && ($username = strtolower(format_whitespace($data['username']))) != '') ? $username : NULL; if($username == '') { return $this->common->setResponseMessage('A username is required'); } if($this->db->query("SELECT 1 FROM `members` WHERE `is_deleted` = 0 AND `username` = ? AND `user_id` <> ?", array($username, $user_id))->num_rows()) { return $this->common->setResponseMessage('The username is already being used by another account'); } $email = (isset($data['email']) && ($email = strtolower(remove_whitespace($data['email']))) != '' && filter_var($email, FILTER_VALIDATE_EMAIL)) ? $email : NULL; if($email == '') { return $this->common->setResponseMessage('A valid email address is required'); } $group_id = (isset($data['group_id']) && ($group_id = (int) $data['group_id']) > 0 && $this->users->getUserGroups($group_id)) ? $group_id : NULL; if(!$group_id) { return $this->common->setResponseMessage('Please select a valid user group for this user'); } $sql_data = array ( 'user_group' => $group_id, 'username' => $username, 'first_name' => $first_name, 'last_name' => $last_name, 'email' => $email, 'password' => NULL ); if($is_update) { unset($sql_data['password']); $sql = $this->db->update_string('members', $sql_data, "`member_id` = $user_id AND `group_id` <> 1"); } else { $initial_password = (isset($data['initial_password'])) ? $data['initial_password'] : NULL; if(strlen($initial_password) < 6) { return $this->common->setResponseMessage('Please enter an initial password that is at least 6 or more characters'); } $sql_data['password'] = hash_password($initial_password); $sql = $this->db->insert_string('members', $sql_data); } $result = $this->db->query($sql); if(($is_update && $result) || (!$is_update && $this->db->affected_rows())) { return $this->common->setResponseMessage('The user was successfully saved', true); } return $this->common->setResponseMessage('The user could not be saved at this time - please try again'); } public function saveUserGroup($data = array(), $group_id = 0) { $group_id = (($group_id = (int) $group_id) > 0) ? $group_id : 0; $is_update = ($group_id > 0); $group_name = (isset($data['name']) && ($group_name = format_whitespace($data['name'])) != '') ? $group_name : NULL; if($group_name == '') { return $this->common->setResponseMessage('The group name is required'); } $sql_data = array ( 'group_name' => $group_name ); $has_permissions = false; $group_table_fields = $this->db->list_fields('member_groups'); foreach($group_table_fields as $field_name) { if(substr($field_name, 0, 10) == 'permission') { if(isset($data[$field_name])) { $sql_data[$field_name] = $has_permissions = true; } else { $sql_data[$field_name] = false; } } } if(!$has_permissions) { return $this->common->setResponseMessage('You must select at least one permissable section'); } if($is_update) { $sql = $this->db->update_string('member_groups', $sql_data, "`group_id` = $group_id AND `group_id` NOT IN (1, 2)"); } else { $sql = $this->db->insert_string('member_groups', $sql_data); } $result = $this->db->query($sql); if(($is_update && $result) || (!$is_update && $this->db->affected_rows())) { return $this->common->setResponseMessage('The user group was successfully saved', true); } return $this->common->setResponseMessage('The user group could not be saved at this time - please try again'); } public function deleteUser($user_id = 0) { if(($user_id = (int) $user_id) > 0) { $this->db->query($this->db->update_string('members', array('is_deleted' => true), "`user_group` NOT IN (1, 2) AND `user_id` = $user_id")); return ($this->db->affected_rows() === 1); } return false; } public function deleteUserGroup($group_id = 0) { if(($group_id = (int) $group_id) > 0) { $this->db->query($this->db->update_string('member_groups', array('is_deleted' => true), "`group_id` NOT IN (1, 2) AND `group_id` = $group_id")); return ($this->db->affected_rows() === 1); } return false; } public function denyRestricted() { if(!call_user_func_array(array($this, 'hasPermission'), func_get_args())) { if($this->input->is_ajax_request()) { exit_with_json(array('success' => false, 'unauthorized' => true, 'url' => '/unauthorized')); } redirect('/unauthorized'); } } public function denyNonAdmin() { if(!$this->isAdmin()) { return $this->denyRestricted(-1); } return true; } public function logout() { $this->session->sess_destroy(); $this->input->set_cookie($this->remember_session_key, NULL, NULL); } }

Cancel