jerry
/
src.dualinventive.com
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
src.dualinventive.com/mtinfo/dist/webroot/main/include/db_user.php

1027 lines
33 KiB
PHP
Raw Blame History

<?php
/** \file include\db_user.php
* \brief DI webinterface database functions
* \author Rob Schalken, Core|Vision
* \version 1.0
* \date 17-10-2008
*
* This file contains the user database functions. This file is always included.
*/
/**
* User right verification
*
* Inputs:
* - user_id: User database id
* - right: The right which must be verified
* - skip_date: Skip date verification
* - skip_current: Skip current user
*
* Return: 1 (OK)/ 0(Error)
*/
function db_ver_right_user($user_id, $right, $skip_date = 0, $skip_current = 0) {
// Initial return value
$result = FALSE;
if( is_numeric($user_id) ) {
// query to retrieve user information
$row_user = db_fetch_user($user_id, NULL, TRUE);
}
else if( is_array($user_id) && isset($user_id['id']) ) {
$row_user = $user_id;
$user_id = $row_user['id'];
}
else return FALSE;
if (!$skip_current) {
// Check for the requested rights
if( in_array($right, $row_user['rechten']) ) $result = TRUE;
}
else {
$result = TRUE;
}
// Now it is clear that the user has the requested right, now let's see if the
// customer (and all its adjacent primair relations) still has the rights (up the pyramid)
// Exceptions here are the only user rights
global $user_only_rights;
if( $result && !in_array($right, $user_only_rights) ) {
// Search all relations (up the pyramid)
$relations = db_search_relations($row_user['klant'], "", "up", 1);
if (is_array($relations)) {
foreach ($relations as $relation) {
if ($result) {
if (!in_array($right, $relation['rechten'])) {
// Reset result
$result = FALSE;
}
}
}
}
}
// The rights are available, let's check if the begin/end date are valid!!
if (($result) && (!$skip_date)) {
$result = valid_timestamp($row_user['begin'], $row_user['eind'], 1);
}
return $result;
}
/**
* User extra_right verification
*
* Inputs:
* - user_id: User database id
* - extra_right: The extra_right which must be verified
*
* Return: 1 (OK)/ 0(Error)
*/
function db_ver_extra_right_user($user_id, $extra_right) {
// Query to retrieve user extra rights
$valid_extra_right = db_fetch_data("SELECT find_in_set('" . $extra_right . "',extra_rechten) as valid FROM gebruiker WHERE id='" . $user_id . "'");
// Valid?
$result = ((is_array($valid_extra_right)) && ($valid_extra_right[0]['valid'])) ? TRUE : FALSE;
return $result;
}
/**
* Search all users which match current db id customer (down the pyramid)
*
* - user: User name (filter)
*
* Return: Multidimensional array containing all users from all primair and secundair customers
*/
function db_search_users($user = "") {
global $_PAGE_INFO;
// Initial return value
$result = "";
// Search for all underlying customers
$found_customers = db_search_customers();
// Add own id to array => when not in array
$found_cust = 0;
if (is_array($found_customers)) {
foreach ($found_customers as $found_customer) {
if ($found_customer['id'] == $_PAGE_INFO['login']['customer']['id']) {
$found_cust = 1;
}
}
}
if (!$found_cust) {
$current_customer = db_fetch_customer($_PAGE_INFO['login']['customer']['id'],1);
array_push($found_customers, $current_customer);
}
if (!empty($found_customers)) {
$result = array();
if (is_array($found_customers)) {
foreach ($found_customers as $found_customer) {
$found_users = db_fetch_users($found_customer['id'], $user);
if (is_array($found_users)) {
foreach ($found_users as $found_user) {
array_push($result, $found_user);
}
}
}
}
}
return array_sort($result, "gebruikersnaam");
}
/**
* Fetch user data which match customer database id or gebruikersnaam
*
* Inputs:
* - user: User name or db id
* - customer: Customer id to which the user is connected (only needed when search by user name)
* - id: 1 = User db id/0 = gebruikersnaam
* Return: Array containing user information
*/
function db_fetch_user($user, $customer_id, $db_id = 0) {
// Fetch user info (unique)
if (!$db_id) {
$row_user = db_fetch_data("SELECT * FROM gebruiker WHERE gebruikersnaam='" . specialchars($user) . "' AND klant='" . $customer_id . "' and id > 0", 1);
}
else {
$row_user = db_fetch_data("SELECT * FROM gebruiker WHERE id='" . $user . "'", 1);
}
// Parse into result
if (!empty($row_user)) {
$user = $row_user[0];
// Split up datetime value
$user['begin_datum'] = strip_time($user['begin']);
$user['begin_tijd'] = strip_date($user['begin']);
$user['eind_datum'] = strip_time($user['eind']);
$user['eind_tijd'] = strip_date($user['eind']);
// Remove eind/begin values
unset($user['begin']);
unset($user['eind']);
// Put the user rights in a single array
db_merge_rights("gebruiker", $user);
// Parse result
return $user;
}
else return FALSE;
}
/**
* Fetch user data (name, customer)
*
* Inputs:
* - user_id: User id
* Return: Array containing user information
*/
function db_fetch_user_info($user_id) {
// Fetch user info (unique)
$row_user = db_fetch_data("SELECT klant.klantnaam,klant.bedrijfsnaam,gebruiker.gebruikersnaam FROM klant,gebruiker WHERE gebruiker.id='" . $user_id . "' AND gebruiker.klant=klant.id", 1);
// Parse into result
if (!empty($row_user)) {
// Parse result
return $row_user[0];
}
else return FALSE;
}
/**
* Fetch current user i18n from database
*
* Return: user i18n
*/
function db_fetch_i18n($customer_id) {
// Query to retrieve klantnaam id (unique)
$row_user = db_fetch_data("SELECT i18n FROM gebruiker WHERE id='" . $customer_id . "'");
return (is_array($row_user)) ? $row_user[0]['i18n'] : "";
}
/**
* Fetch users data which match customer id and user with wildcard!!!!
*
* Inputs:
* - customer_id: Customer id
* - user: user name, filled with wildcards
*
* Return: Multidimensional array containing all users information
*/
function db_fetch_users($customer_id, $user = "") {
// Initial return value
$result = FALSE;
// Fetch customer info
$query = "SELECT * FROM gebruiker WHERE klant='" . $customer_id . "'";
$query .= " AND id > 0";
if( $user ) {
$query .= " AND ((gebruikersnaam LIKE '%" . specialchars($user) . "%') ";
// Search also in the following combinations
$concats = array( array("voorletters","' '","achternaam"),
array("voornaam","' '","achternaam"));
foreach($concats as $concat) {
$query .= " OR (CONCAT(";
for ($i = 0; $i < sizeof($concat); $i++) {
if ($i) {
$query .= ",";
}
$query .= $concat[$i];
}
$query .= ") LIKE '%" . specialchars($user) . "%')";
}
$query .= ")";
}
// Order by gebruikersnaam
$query .= " ORDER BY gebruikersnaam";
$row_users = db_fetch_data($query);
// Parse into result
if( is_array($row_users) ) {
$result = array();
foreach( $row_users as $row_user ) {
// Split up datetime value
$row_user['begin_datum'] = strip_time($row_user['begin']);
$row_user['begin_tijd'] = strip_date($row_user['begin']);
$row_user['eind_datum'] = strip_time($row_user['eind']);
$row_user['eind_tijd'] = strip_date($row_user['eind']);
// Remove eind/begin values
unset($row_user['begin']);
unset($row_user['eind']);
// Put the user rights in a single array
db_merge_rights("gebruiker", $row_user);
// Parse result
if( !$rights || db_ver_rights($rights, $row_user['rechten']) ) {
$result[] = $row_user;
}
}
}
return $result;
}
/**
* Store new user
*
* Inputs:
* - user_array: Array containing all user info
*
* Return: 1 (OK)/ 0(Error)
*/
function db_store_user($user_array) {
// Default return value
$result = FALSE;
// Fetch the user rights fields
$right_fields = db_fetch_rights("gebruiker");
// Query storing new customer
$query = "INSERT INTO gebruiker (";
$query .= "klant, gebruikersnaam, paswoord, pin, verificatie, begin, eind, functie, achternaam, voorletters, voornaam, adres, alarmnr, mobielnr,";
$query .= "telefoonnr_prive, telefoonnr_werk, email, mtinfo_versie, i18n, tz, gedetacheerd";
foreach( $right_fields as $field => $rights ) $query .= ",`" . $field . "`";
$query .= ") VALUES (";
$query .= "'" . specialchars($user_array['klant']) . "',";
$query .= "'" . specialchars($user_array['gebruikersnaam']) . "',";
$query .= "'" . ($user_array['paswoord']) . "',";
if( isset($user_array['pin']) && strlen($user_array['pin']) ) {
$query .= "'" . specialchars($user_array['pin']) . "',";
}
else {
$query .= "NULL,";
}
$query .= "'" . ($user_array['verificatie']) . "',";
if (strlen($user_array['begin_datum'])) {
$query .= "'" . ($user_array['begin_datum'] . " " . $user_array['begin_tijd']) . "',";
}
else {
$query .= "NULL,";
}
if (strlen($user_array['eind_datum'])) {
$query .= "'" . ($user_array['eind_datum'] . " " . $user_array['eind_tijd']) . "',";
}
else {
$query .= "NULL,";
}
$query .= "'" . specialchars($user_array['functie']) . "',";
$query .= "'" . specialchars($user_array['achternaam']) . "',";
$query .= "'" . specialchars($user_array['voorletters']) . "',";
$query .= "'" . specialchars($user_array['voornaam']) . "',";
$query .= "'" . specialchars($user_array['adres']) . "',";
$query .= "'" . specialchars($user_array['alarmnr']) . "',";
$query .= "'" . specialchars($user_array['mobielnr']) . "',";
$query .= "'" . specialchars($user_array['telefoonnr_prive']). "',";
$query .= "'" . specialchars($user_array['telefoonnr_werk']) . "',";
$query .= "'" . specialchars($user_array['email']) . "',";
if (strlen($user_array['mtinfo_versie'])) {
$query .= "'" . ($user_array['mtinfo_versie']) . "',";
}
else {
$query .= "NULL,";
}
$query .= "'" . ($user_array['i18n']) . "',";
$query .= "'" . ($user_array['tz']) . "',";
$query .= "'" . ($user_array['gedetacheerd']) . "'";
foreach( $right_fields as $field => $rights ) {
$query .= ",'";
$user_rights = array();
if( $user_array['rechten'] ) foreach( $rights as $right ) {
if( in_array($right, $user_array['rechten']) )
$user_rights[] = $right;
}
$query .= implode(",", $user_rights);
$query .= "'";
}
$query .= ")";
if (db_store_data($query)) {
// Log user-user action
$new_user = db_fetch_user($user_array['gebruikersnaam'], $user_array['klant']);
db_log_user_user($new_user['id'], "menu:gebruikers:nieuw", serialize($user_array));
// Result OK
$result = 1;
}
return $result;
}
/**
* Update exisiting user
*
* Inputs:
* - user_array: Array containing all user info
*
* Return: 1 (OK)/ 0(Error)
*/
function db_update_user($user_array) {
// Default return value
$result = FALSE;
// Fetch the user rights fields
$right_fields = db_fetch_rights("gebruiker");
// Retrieve original data => logging
$orig_user_data = db_fetch_user($user_array['id'], "", 1);
// Query updating user
$query = "UPDATE gebruiker SET ";
$query .= "klant='" . ($user_array['klant']) . "',";
$query .= "gebruikersnaam='" . specialchars($user_array['gebruikersnaam']) . "',";
if( isset($user_array['paswoord']) && strlen($user_array['paswoord']) ) {
// (only set when changed)
$query .= "paswoord='" . ($user_array['paswoord']) . "',";
}
if( isset($user_array['pin']) ) {
if( strlen($user_array['pin']) ) {
// MD5 encrypted to maintain compatibility with MTinfo Secure
$query .= "pin='" . $user_array['pin'] . "',";
}
else {
$query .= "pin=NULL,";
}
}
$query .= "verificatie='" . ($user_array['verificatie']) . "',";
if (strlen($user_array['begin_datum'])) {
$query .= "begin='" . ($user_array['begin_datum'] . " " . $user_array['begin_tijd']) . "',";
}
else {
$query .= "begin=NULL,";
}
if (strlen($user_array['eind_datum'])) {
$query .= "eind='" . ($user_array['eind_datum'] . " " . $user_array['eind_tijd']) . "',";
}
else {
$query .= "eind=NULL,";
}
$query .= "functie='" . specialchars($user_array['functie']) . "',";
$query .= "achternaam='" . specialchars($user_array['achternaam']) . "',";
$query .= "voorletters='" . specialchars($user_array['voorletters']) . "',";
$query .= "voornaam='" . specialchars($user_array['voornaam']) . "',";
$query .= "adres='" . specialchars($user_array['adres']) . "',";
$query .= "alarmnr='" . specialchars($user_array['alarmnr']) . "',";
$query .= "mobielnr='" . specialchars($user_array['mobielnr']) . "',";
$query .= "telefoonnr_werk='" . specialchars($user_array['telefoonnr_werk']) . "',";
$query .= "telefoonnr_prive='" . specialchars($user_array['telefoonnr_prive']). "',";
$query .= "email='" . specialchars($user_array['email']) . "',";
$query .= "i18n='" . ($user_array['i18n']) . "',";
$query .= "n_login='" . ($user_array['n_login']) . "',";
$query .= "t_login='" . ($user_array['t_login']) . "',";
if (strlen($user_array['mtinfo_versie'])) {
$query .= "mtinfo_versie='" . ($user_array['mtinfo_versie']) . "',";
}
else {
$query .= "mtinfo_versie=NULL,";
}
$query .= "tz='" . ($user_array['tz']) . "',";
$query .= "gedetacheerd='" . ($user_array['gedetacheerd']) . "' ";
foreach( $right_fields as $field => $rights ) {
$query .= ",`" . $field . "`='";
$user_rights = array();
if( $user_array['rechten'] ) foreach( $rights as $right ) {
if( in_array($right, $user_array['rechten']) )
$user_rights[] = $right;
}
$query .= implode(",", $user_rights);
$query .= "'";
}
$query .= "WHERE id='" . ($user_array['id']) . "'";
if (db_store_data($query)) {
// Result OK
$result = TRUE;
}
if ($result) {
// Initial value
$changed = FALSE;
// Get new data
$new_data = db_fetch_user($user_array['id'], "", 1);
// Changed?
if ((is_array($orig_user_data)) && (is_array($new_data))) {
foreach($orig_user_data as $key => $item) {
$changed = ($new_data[$key] != $item) ? TRUE : $changed;
}
}
if ($changed) {
// Log user-user action
db_log_user_user($user_array['id'], "menu:gebruikers:wijzigen", serialize($user_array));
}
}
return $result;
}
/**
* Update exisiting user's password
*
* Inputs:
* - user_id User id
* - password_hash Hashed password
*
* Return: 1 (OK)/ 0(Error)
*/
function db_update_user_password($user_id, $password_hash) {
// Query updating user
$query = "UPDATE gebruiker SET paswoord='" . $password_hash . "' WHERE id=" . $user_id;
return db_store_data($query);
}
/**
* Delete user
*
* Inputs:
* - user_id: User database id
*
* Return: 1 (OK)/ 0(Error)
*/
function db_delete_user($user_id) {
// Initial return value
$result = 0;
// Start transaction
db_start_transaction();
// Delete user
$query = "DELETE FROM gebruiker WHERE id='" . $user_id . "'";
db_store_data($query);
// Delete project user
$query = "DELETE FROM project_gebruiker WHERE gebruiker='" . $user_id . "'";
db_store_data($query);
// Delete contact person (this should be empty => not possible to delete contact person)
$query = "DELETE FROM klant_contact WHERE gebruiker='" . $user_id . "'";
db_store_data($query);
// Commit transaction
if (db_commit_transaction()) {
// Log user-user action
db_log_user_user($user_id, "menu:gebruikers:verwijderen");
// Parse result
$result = 1;
}
return $result;
}
/**
* Delete user log files (called by the garbage collector)
* Inputs:
* - timeout: Max time it may take
* - limit: Max delete items each time
*
* Return: Array containing time and affected rows
*/
function db_delete_user_logs($timeout, $limit = 100) {
GLOBAL $_PAGE_INFO;
// Initial values
$affected = 0;
// Get start time;
$start = microtime_float();
// All log_x tables
$log_x = array("log_gebruiker_faq",
"log_gebruiker_gebruiker",
"log_gebruiker_klant",
"log_gebruiker_project",
"log_gebruiker_zkl");
// All log tables
$log_table = array("log_gebruiker",
"project_gebruiker",
"klant_contact");
//
// Initial values
//
$user_ids = "";
$user_max = "";
$end = $start;
$first = TRUE;
//
// Get all user ids => Create array and determine max value
//
$user_max = db_fetch_data("SELECT max(id) as id FROM gebruiker");
$rows = db_fetch_data("SELECT id FROM gebruiker ORDER BY id ASC");
if (is_array($rows)) {
$user_ids = "(";
for($i=0; $i <= $user_max[0]['id']; $i++) {
$found = FALSE;
for($k=0; (($k < sizeof($rows)) && (!$found)); $k++) {
$found = ($rows[$k]['id'] == $i) ? TRUE : $found;
}
if (!$found) {
if (!$first) {
$user_ids .= ",";
}
// Clear flag
$first = FALSE;
// Add id
$user_ids .= $i;
}
}
$user_ids .= ")";
}
// Entries found
if (!$first) {
do {
// Initial value
$finished = 1;
for ($j = 0; $j < 2; $j++) {
// Define active table
if ($j) {
// Select log tables
$active_table = "log_table";
$tables = $log_table;
}
else {
// Select log_x tables
$active_table = "log_x";
$tables = $log_x;
// Get min id from log_gebruiker
$log_gebruiker_min_id = db_fetch_data("SELECT MIN(id) as id FROM log_gebruiker");
}
// all log files
foreach($tables as $table) {
// Delete entries from table
if ($active_table == "log_x") {
//
// Handle log_x tables
//
$query = "SELECT log_gebruiker.id FROM " . $table. ",log_gebruiker WHERE " . $table . ".id=log_gebruiker.id AND log_gebruiker.gebruiker <= " . $user_max[0]['id'] . " AND log_gebruiker.gebruiker IN " . $user_ids . " LIMIT " . ($limit - $affected) . "";
$rows = db_fetch_data($query);
if (is_array($rows)) {
foreach($rows as $row) {
// Delete from log_x
$query = "DELETE FROM " . $table . " WHERE id='" . $row['id'] . "'";
db_store_data($query);
// Delete from log_gebruiker
$query = "DELETE FROM log_gebruiker WHERE id='" . $row['id'] . "'";
db_store_data($query);
}
}
// Finished?
$affected += (is_array($rows)) ? (sizeof($rows)) : 0;
$finished = ($affected >= $limit) ? 1 : 0;
if (!$finished) {
//
// Also delete non log_gebruiker linked entries
//
$query = "SELECT " . $table . ".id FROM " . $table . " ";
$query .= "WHERE " . $table . ".id < " . $log_gebruiker_min_id[0]['id'] . " LIMIT " . ($limit - $affected) . "";
$rows = db_fetch_data($query);
if (is_array($rows)) {
foreach($rows as $row) {
// Delete from log_x
$query = "DELETE FROM " . $table . " WHERE id='" . $row['id'] . "'";
db_store_data($query);
}
}
// Finished?
$affected += (is_array($rows)) ? (sizeof($rows)) : 0;
$finished = ($affected >= $limit) ? 1 : 0;
}
}
else {
//
// Handle log tables (with and without id)
//
$fields = db_fetch_set($table, "id");
// Table contains id field?
if (is_array($fields)) {
$query = "SELECT gebruiker FROM " . $table . " WHERE gebruiker <= " . $user_max[0]['id'] . " AND gebruiker IN " . $user_ids . " LIMIT " . ($limit - $affected) . "";
$rows = db_fetch_data($query);
if (is_array($rows)) {
foreach($rows as $row) {
// Delete from log tables
$query = "DELETE FROM " . $table . " WHERE id='" . $row['id'] . "'";
db_store_data($query);
}
}
// Finished?
$affected += (is_array($rows)) ? (sizeof($rows)) : 0;
$finished = ($affected >= $limit) ? 1 : 0;
}
else {
$query = "DELETE FROM " . $table . " WHERE ";
$query .= "gebruiker <= " . $user_max[0]['id'] . " AND ";
$query .= "gebruiker IN " . $user_ids . " LIMIT " . ($limit - $affected) . "";
db_store_data($query);
// Finished?
$affected += mysql_affected_rows($_PAGE_INFO['mysql_db_resource']['default']);
$finished = ($affected >= $limit) ? 1 : 0;
}
}
}
}
// Get end time
$end = microtime_float();
} while((!$finished) && (($end - $start) < $timeout));
}
// Return info
return array(time => ($end - $start), affected => $affected);
}
/**
* Get user name
*/
function getUser($id = "") {
global $_PAGE_INFO;
// Initial value
$result = "";
// Default value
$get_id = (!strlen($id)) ? $_PAGE_INFO['login']['user']['id'] : $id;
// Get user info
$user = db_fetch_user($get_id, "", 1);
// Firstname available? => first letters?
if (strlen($user['voornaam'])) {
$result .= $user['voornaam'];
}
else if (strlen($user['voorletters'])) {
$result .= $user['voorletters'];
}
// Last name available?
if (strlen($user['achternaam'])) {
if (strlen($result)) {
$result .= " ";
}
$result .= $user['achternaam'];
}
// No first/last name => login
if (!strlen($result)) {
$result = $user['gebruikersnaam'];
}
return $result;
}
/**
* Returns the logged in user's or signed in profile's full name
*
* @param int $id The id of the user or profile
* @param string $userTable The name of the user table
* @return null|string The name of the logged in user or profile. Null if it could not be retrieved.
*/
function getUserOrProfileName($id, $userTable)
{
if ($userTable == 'gebruiker_profiel') {
$userFullName = getUserProfileName($id);
} else {
$userFullName = getUser($id);
}
return $userFullName;
}
/**
* Returns the user profile's full name associated with the provided profile id
* @param int $id The profile id to get the name for
* @return null|string The full name of the profile or null if the profile does not exist
*/
function getUserProfileName($id)
{
// Get the profile
$profile = db_fetch_profile($id);
if ($profile) {
$name = $profile['voornaam'];
// Add a space between the first and last name if the first name contains any characters
if (strlen($name)) {
$name .= ' ';
}
$name .= $profile['achternaam'];
return $name;
} else {
return null;
}
}
/**
* Send security notification to user
*
* Inputs:
* - user_id: User database id
* - action: Action => Login, user profile changed
*/
function userSecurityNotification($user_id, $value = array(action => "login")) {
GLOBAL $_PAGE_INFO;
// Initial values
$subject = "";
$content = "";
// Get user/company info
$user_info = db_fetch_user($user_id, "", 1);
$cust_info = db_fetch_customer($user_info['klant'], 1);
// Define Subject
$subject .= "MTinfo " . _("security notification");
// Define content
$content .= "<html>";
$content .= "<header>";
$content .= "</header>";
$content .= "<body style=\"background:#F2F2F2;\">";
$content .= "<br><br><table width=\"100%\" border=\"\"><th width=\"22%\"></th><th width=\"56%\"></th><th width=\"22%\"></th>";
$content .= "<tr><td></td><td style=\"background:white;\">";
$content .= "<center>";
$content .= "<br><a href=\"" . $_PAGE_INFO['ini']['report']['website'] . "\"><img style=\"text-decoration:none\" ;src=\"" . $_SESSION[$_PAGE_INFO['id']]['base'] . SKIN_DIR . $_SESSION[$_PAGE_INFO['id']]['skin'] . "/" . $_PAGE_INFO['ini']['report']['header_logo'] . "\" alt=\"\"></a>";
switch($value['action']) {
// User profile
case "user_profile":
$user_info_changer = db_fetch_user($value['changed_by'], "", 1);
$cust_info_changer = db_fetch_customer($user_info_changer['klant'], 1);
$content .= "<br><br><p style=font-family:Verdana;font-size:23px;font-weight:bold;>";
$content .= ucfirst(_("Your user profile has been changed"));
$content .= "</p>";
$content .= "<p style=font-family:Verdana;font-size:18px;>";
$content .= ucfirst(_("The following items have been changed by")) . " " . getUser($value['changed_by']) . " (" . $cust_info_changer['bedrijfsnaam'] . ")";
$content .= "<center>";
$content .= "<table><tr><td></td><td>";
if (is_array($value['items'])) {
foreach($value['items'] as $item) {
$content .= "- " . ucfirst(_("user:" . $item)) . "<br>";
}
}
$content .= "</td><td></td></tr><br><tr></tr></table>";
$content .= "</center>";
$content .= "</p><br><br>";
break;
// Login
default:
$content .= "<br><br><p style=font-family:Verdana;font-size:23px;font-weight:bold;>";
$content .= ucfirst(_("there has has been some activity on your MTinfo 3000 account"));
$content .= "</p><br><br>";
break;
}
$content .= "</center>";
$content .= "</td><td></td></tr>";
$content .= "<tr><td></td><td style=\"background:white;\">";
$content .= "<center>";
$content .= "<br><br><p style=font-family:Verdana;font-size:18px;>" . ucfirst(_("this is a security notification for MTinfo 3000 user")) . ":<br><br>" . getUser($user_id) . " (" . $cust_info['bedrijfsnaam'] . ")";
$content .= "<br><br>(IP: " . ((isset($_SERVER['HTTP_X_FORWARDED_FOR'])) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR']) . ", Browser: " . ucfirst(strtolower(browser())) . ")</p><br><br>";
$content .= "</center>";
$content .= "</td><td></td></tr>";
$content .= "</td><td></td></tr>";
$content .= "<tr><td></td><td style=\"background:white;\">";
$content .= "<center>";
$content .= "<br><br><p style=font-family:Verdana;font-size:16px;>" . ucfirst(_("if this activity is your own then there's no need to respond, otherwise")) . ":</p>";
$content .= "<table><tr><td></td><td><p style=font-family:Verdana;font-size:14px;>1. " . ucfirst(_("scan your computer for viruses or malware")) . "</p>";
$content .= "<p style=font-family:Verdana;font-size:14px;>2. " . ucfirst(_("contact1")) . " <a href=\"mailto:info@dualinventive.com\">Dual Inventive</a></p></td><td></td></tr><br><tr></tr></table>";
$content .= "</center>";
$content .= "</td></tr>";
$content .= "</table>";
$content .= "</body>";
$content .= "</html>";
// Send email
send_mail(((isset($value['overrule_email'])) ? $value['overrule_email'] : $user_info['email']), "", "", $_PAGE_INFO['ini']['report']['no-reply'], $subject, $content);
}
/**
* Get user profile
*/
function db_fetch_profile($id) {
$result = null;
$query = "SELECT * FROM gebruiker_profiel WHERE id='" . $id. "'";
$result = db_fetch_files_by_query($query, "gebruiker_profiel", TRUE);
// Rename document entry to pass (default functionality)
if (isset($result[0]['document'])) {
$result[0]['pas'] = $result[0]['document'];
unset($result[0]['document']);
}
if( $result ) return $result[0];
else return FALSE;
}
/**
* Store user profile
*/
function db_store_profile($info) {
global $_RELEASE;
if(is_array($info)){
// store user profile info
$query = "INSERT INTO gebruiker_profiel (achternaam,voornaam,mobielnr,email,functie,bedrijf,dvp,pas_mimetype,uuid, status, ehbo, n_login,t_login) VALUES (";
$query .= (isset($info['lastname'])) ? "'" . specialchars($info['lastname']) . "'," : "NULL" . ",";
$query .= (isset($info['firstname'])) ? "'" . specialchars($info['firstname']) . "'," : "NULL" . ",";
$query .= (isset($info['mobilenr'])) ? "'" . specialchars($info['mobilenr']) . "'," : "NULL" . ",";
$query .= (isset($info['email'])) ? "'" . specialchars($info['email']) . "'," : "NULL" . ",";
$query .= (isset($info['function'])) ? "'" . specialchars($info['function']) . "'," : "NULL" . ",";
$query .= (isset($info['company'])) ? "'" . specialchars($info['company']) . "'," : "NULL" . ",";
$query .= (isset($info['dvpnumber'])) ? "'" . specialchars($info['dvpnumber']) . "'," : "NULL" . ",";
$query .= (isset($info['pas_mimetype'])) ? "'" . specialchars($info['pas_mimetype']) . "'," : "NULL" . ",";
$query .= (isset($info['uuid'])) ? "'" . specialchars($info['uuid']) . "'," : "NULL" . ",";
$query .= (isset($info['status'])) ? "'" . specialchars($info['status']) . "'," : "'actief' " . ",";
$query .= (isset($info['firstaid'])) ? "'" . specialchars($info['firstaid']) . "'," : "'no' " . ",";
$query .= "0,";
$query .= "UNIX_TIMESTAMP(NOW()))";
}else{
return false;
}
if( db_store_data($query) ){
// save off the identifier for the new document
$id = db_fetch_last_id();
// Check if dvp photo must be stored on filesystem
if($info['dvpphoto_1'] != -1){
$table = "gebruiker_profiel";
$upload_dir = realpath($_RELEASE[((is_ReleaseCandidate()) ? 'rc' : 'release')]['upload'] . strtolower($table));
// upload directory should exist, so the error is never triggered in a release environment
if( !$upload_dir ) {
trigger_error("Cannot save document: path \"" . $upload_dir . "\" is invalid, expanded from \"" . $_RELEASE[((is_ReleaseCandidate()) ? 'rc' : 'release')]['upload'] . strtolower($table) . "\"", E_USER_ERROR);
return FALSE;
}
// Open/create handle
$handle = fopen($upload_dir . "/" . $id, "w");
// Write document data to file
fwrite($handle, specialchars($info['dvpphoto_1']));
// Close handle
fclose($handle);
}
}else{
return false;
}
return $id;
}
/**
* Update user profile (only company/function)
*/
function db_update_profile($info) {
if(is_array($info)){
// store user profile info
$query = "UPDATE gebruiker_profiel set functie='" . specialchars($info['function']) . "',bedrijf='" . specialchars($info['company']) . "', ehbo='" . specialchars($info['firstaid']) . "' where id='" . specialchars($info['profile_id']) . "'";
}else{
return false;
}
if( !db_store_data($query) ){
return false;
}
return true;
}
/**
* Delete user profile (set status field)
*/
function db_delete_profile($id) {
// store user profile info
$query = "UPDATE gebruiker_profiel set status='inactief' , n_login=UNIX_TIMESTAMP(NOW()) where id='" . $id . "'";
if( !db_store_data($query) ){
return false;
}
return true;
}
/**
* Search profile (dvp number)
*/
function db_search_profile($dvp_number){
$result = null;
$result = db_fetch_data("SELECT * FROM gebruiker_profiel WHERE dvp='" . $dvp_number . "' ORDER BY t_login DESC");
return $result[0];
}
/**
* Store dvp number (dvp number)
*/
function db_store_dvp_number($dvp_number){
global $_PAGE_INFO;
$result = null;
$result = db_fetch_data("UPDATE gebruiker SET dvp='". $dvp_number ."' where id='" . $_SESSION[$_PAGE_INFO['id']]['login']['user']['id'] . "'");
return $result[0];
}
?>
Reference in New Issue View Git Blame Copy Permalink