src/inc/people.php - hores-external - Gitiles

 <?php
 class people {
   public static $filters = ["categories", "types", "companies"];
   public static $mysqlFilters = ["categories", "types"];
   public static $mysqlFiltersFields = ["p.category", "p.type"];

   public static function add($username, $name, $dni, $email, $category, $password_hash, $type) {
     global $con;

     $susername = db::sanitize($username);
     $sname = db::sanitize($name);
     $sdni = db::sanitize($dni);
     $semail = db::sanitize($email);
     $scategory = (int)$category;
     $spassword_hash = db::sanitize($password_hash);
     $stype = (int)$type;

     if (!categories::exists($category) || !security::existsType($type)) return false;

     return mysqli_query($con, "INSERT INTO people (username, name, dni, email, category, password, type) VALUES ('$susername', '$sname', '$sdni', '$semail', $scategory, '$spassword_hash', $stype)");
   }

   public static function edit($id, $username, $name, $dni, $email, $category, $type) {
     global $con;

     $sid = (int)$id;
     $susername = db::sanitize($username);
     $sname = db::sanitize($name);
     $sdni = db::sanitize($dni);
     $semail = db::sanitize($email);
     $scategory = (int)$category;
     $stype = (int)$type;

     return mysqli_query($con, "UPDATE people SET username = '$susername', name = '$sname', dni = '$sdni', email = '$semail', category = $scategory, type = $stype WHERE id = $sid LIMIT 1");
   }

   public static function updatePassword($id, $password_hash) {
     global $con;

     $sid = (int)$id;
     $spassword_hash = db::sanitize($password_hash);

     return mysqli_query($con, "UPDATE people SET password = '$spassword_hash' WHERE id = $sid LIMIT 1");
   }

   public static function workerViewChangePassword($oldpassword, $newpassword) {
     global $_SESSION;

     if (!security::isUserPassword(false, $oldpassword)) return false;

     return self::updatePassword($_SESSION["id"], password_hash($newpassword, PASSWORD_DEFAULT));
   }

   private static function addCompaniesToRow(&$row, $isWorker = false, $showHiddenCompanies = true) {
     global $con;

     $query = mysqli_query($con, "SELECT w.id id, w.company company, h.status status
       FROM workers w ".workers::sqlAddonToGetStatusAttribute($row["id"]));

     $row["baixa"] = true;
     if ($isWorker) $row["hidden"] = true;
     $row["companies"] = [];
     while ($row2 = mysqli_fetch_assoc($query)) {
       $baixa = workers::isHidden($row2["status"]);

       if ($isWorker && $row2["id"] == $row["workerid"]) $row["hidden"] = $baixa;
       if (!$baixa) $row["baixa"] = false;
       if (!$showHiddenCompanies && $baixa) continue;
       $row["companies"][$row2["id"]] = $row2["company"];
     }
   }

   private static function filterCompanies($fc, $pc) { // Filter Companies, Person Companies
     foreach ($pc as $c) {
       if (in_array($c, $fc)) {
         return true;
       }
     }
     return false;
   }

   public static function get($id, $showHiddenCompanies = true) {
     global $con;

     $query = mysqli_query($con, "SELECT p.id id, p.username username, p.type type, p.name name, p.dni dni, p.email email, p.category categoryid, c.name category FROM people p LEFT JOIN categories c ON p.category = c.id WHERE p.id = ".(int)$id);

     if (!mysqli_num_rows($query)) {
       return false;
     }

     $row = mysqli_fetch_assoc($query);
     self::addCompaniesToRow($row, false, $showHiddenCompanies);

     return $row;
   }

   public static function getAll($select = false, $treatCompaniesSeparated = false) {
     global $con, $conf;

     $mysqlSelect = false;
     if ($select !== false) {
       $mysqlSelect = true;
       $flag = false;
       foreach (self::$mysqlFilters as $f) {
         if ($select["enabled"][$f]) {
           $flag = true;
           break;
         }
       }

       if (!$flag) {
         $mysqlSelect = false;
       }
     }

     if ($mysqlSelect !== false) {
       $categoryChilds = categories::getChildren();
       $where = " WHERE ";
       $conditions = [];
       foreach (self::$mysqlFilters as $i => $f) {
         if ($select["enabled"][$f]) {
           $insideconditions = [];
           foreach ($select["selected"][$f] as $value) {
             $insideconditions[] = self::$mysqlFiltersFields[$i]." = ".(int)$value;
             if ($f == "categories" && isset($categoryChilds[(int)$value])) {
               foreach ($categoryChilds[(int)$value] as $child) {
                 $insideconditions[] = self::$mysqlFiltersFields[$i]." = ".(int)$child;
               }
             }
           }
           $conditions[] = "(".implode(" OR ", $insideconditions).")";
         }
       }
       $where .= implode(" AND ", $conditions);
     } else {
       $where = "";
     }

     $query = mysqli_query($con, "SELECT
       p.id id,
       p.username username,
       p.type type,
       p.name name,
       p.dni dni,
       p.email email,
       p.category categoryid,
       c.name category
       ".($treatCompaniesSeparated ? ", w.id workerid, w.company companyid" : "")."
     FROM people p
     LEFT JOIN categories c
       ON p.category = c.id
     ".($treatCompaniesSeparated ? " RIGHT JOIN workers w
       ON p.id = w.person" : "").$where);

     $people = [];

     while ($row = mysqli_fetch_assoc($query)) {
       self::addCompaniesToRow($row, $treatCompaniesSeparated);

       if ($select === false || !$select["enabled"]["companies"] || (!$treatCompaniesSeparated && self::filterCompanies($select["selected"]["companies"], $row["companies"]) || ($treatCompaniesSeparated && in_array($row["companyid"], $select["selected"]["companies"])))) {
         $people[] = $row;
       }
     }

     // Order people by name and baixa
     if ($treatCompaniesSeparated) {
       usort($people, function($a, $b) {
         if ($a["hidden"] == 0 && $b["hidden"] == 1) return -1;
         if ($a["hidden"] == 1 && $b["hidden"] == 0) return 1;
         return ($a["name"] < $b["name"] ? -1 : ($a["name"] == $b["name"] ? 0 : 1));
       });
     } else {
       usort($people, function($a, $b) {
         if ($a["baixa"] == 0 && $b["baixa"] == 1) return -1;
         if ($a["baixa"] == 1 && $b["baixa"] == 0) return 1;
         return ($a["name"] < $b["name"] ? -1 : ($a["name"] == $b["name"] ? 0 : 1));
       });
     }

     return $people;
   }

   public static function exists($id) {
     global $con;

     $query = mysqli_query($con, "SELECT id FROM people WHERE id = ".(int)$id);

     return (mysqli_num_rows($query) > 0);
   }

   public static function addToCompany($id, $company) {
     global $con;

     $sid = (int)$id;
     $scompany = (int)$company;

     if (!companies::exists($scompany)) return false;
     if (!people::exists($sid)) return false;

     $query = mysqli_query($con, "SELECT id FROM workers WHERE person = $sid AND company = $scompany");
     if (mysqli_num_rows($query)) return false;

     $time = (int)time();

     if (!mysqli_query($con, "INSERT INTO workers (person, company) VALUES ($sid, $scompany)")) return false;

     $sworkerId = (int)mysqli_insert_id($con);
     $stime = (int)time();

     return mysqli_query($con, "INSERT INTO workhistory (worker, day, status) VALUES ($sworkerId, $stime, ".(int)workers::AFFILIATION_STATUS_AUTO_WORKING.")");
   }

   public static function userData($data, $id = "ME") {
     global $con, $_SESSION;

     if ($id == "ME" && $data == "id") return $_SESSION["id"];
     if ($id == "ME") $id = $_SESSION["id"];
     $sdata = preg_replace("/[^A-Za-z0-9 ]/", '', $data);
     $sid = (int)$id;

     $query = mysqli_query($con, "SELECT $sdata FROM people WHERE id = $sid");

     if (!mysqli_num_rows($query)) return false;

     $row = mysqli_fetch_assoc($query);

     return $row[$sdata];
   }

   public static function workerData($data, $id) {
     global $con, $_SESSION;

     $sdata = preg_replace("/[^A-Za-z0-9 ]/", '', $data);
     $sid = (int)$id;

     $query = mysqli_query($con, "SELECT p.$sdata $sdata FROM people p INNER JOIN workers w ON p.id = w.person WHERE w.id = $sid");

     if (!mysqli_num_rows($query)) return false;

     $row = mysqli_fetch_assoc($query);

     return $row[$sdata];
   }
 }
	<?php
	class people {
	public static $filters = ["categories", "types", "companies"];
	public static $mysqlFilters = ["categories", "types"];
	public static $mysqlFiltersFields = ["p.category", "p.type"];

	public static function add($username, $name, $dni, $email, $category, $password_hash, $type) {
	global $con;

	$susername = db::sanitize($username);
	$sname = db::sanitize($name);
	$sdni = db::sanitize($dni);
	$semail = db::sanitize($email);
	$scategory = (int)$category;
	$spassword_hash = db::sanitize($password_hash);
	$stype = (int)$type;

	if (!categories::exists($category) \|\| !security::existsType($type)) return false;

	return mysqli_query($con, "INSERT INTO people (username, name, dni, email, category, password, type) VALUES ('$susername', '$sname', '$sdni', '$semail', $scategory, '$spassword_hash', $stype)");
	}

	public static function edit($id, $username, $name, $dni, $email, $category, $type) {
	global $con;

	$sid = (int)$id;
	$susername = db::sanitize($username);
	$sname = db::sanitize($name);
	$sdni = db::sanitize($dni);
	$semail = db::sanitize($email);
	$scategory = (int)$category;
	$stype = (int)$type;

	return mysqli_query($con, "UPDATE people SET username = '$susername', name = '$sname', dni = '$sdni', email = '$semail', category = $scategory, type = $stype WHERE id = $sid LIMIT 1");
	}

	public static function updatePassword($id, $password_hash) {
	global $con;

	$sid = (int)$id;
	$spassword_hash = db::sanitize($password_hash);

	return mysqli_query($con, "UPDATE people SET password = '$spassword_hash' WHERE id = $sid LIMIT 1");
	}

	public static function workerViewChangePassword($oldpassword, $newpassword) {
	global $_SESSION;

	if (!security::isUserPassword(false, $oldpassword)) return false;

	return self::updatePassword($_SESSION["id"], password_hash($newpassword, PASSWORD_DEFAULT));
	}

	private static function addCompaniesToRow(&$row, $isWorker = false, $showHiddenCompanies = true) {
	global $con;

	$query = mysqli_query($con, "SELECT w.id id, w.company company, h.status status
	FROM workers w ".workers::sqlAddonToGetStatusAttribute($row["id"]));

	$row["baixa"] = true;
	if ($isWorker) $row["hidden"] = true;
	$row["companies"] = [];
	while ($row2 = mysqli_fetch_assoc($query)) {
	$baixa = workers::isHidden($row2["status"]);

	if ($isWorker && $row2["id"] == $row["workerid"]) $row["hidden"] = $baixa;
	if (!$baixa) $row["baixa"] = false;
	if (!$showHiddenCompanies && $baixa) continue;
	$row["companies"][$row2["id"]] = $row2["company"];
	}
	}

	private static function filterCompanies($fc, $pc) { // Filter Companies, Person Companies
	foreach ($pc as $c) {
	if (in_array($c, $fc)) {
	return true;
	}
	}
	return false;
	}

	public static function get($id, $showHiddenCompanies = true) {
	global $con;

	$query = mysqli_query($con, "SELECT p.id id, p.username username, p.type type, p.name name, p.dni dni, p.email email, p.category categoryid, c.name category FROM people p LEFT JOIN categories c ON p.category = c.id WHERE p.id = ".(int)$id);

	if (!mysqli_num_rows($query)) {
	return false;
	}

	$row = mysqli_fetch_assoc($query);
	self::addCompaniesToRow($row, false, $showHiddenCompanies);

	return $row;
	}

	public static function getAll($select = false, $treatCompaniesSeparated = false) {
	global $con, $conf;

	$mysqlSelect = false;
	if ($select !== false) {
	$mysqlSelect = true;
	$flag = false;
	foreach (self::$mysqlFilters as $f) {
	if ($select["enabled"][$f]) {
	$flag = true;
	break;
	}
	}

	if (!$flag) {
	$mysqlSelect = false;
	}
	}

	if ($mysqlSelect !== false) {
	$categoryChilds = categories::getChildren();
	$where = " WHERE ";
	$conditions = [];
	foreach (self::$mysqlFilters as $i => $f) {
	if ($select["enabled"][$f]) {
	$insideconditions = [];
	foreach ($select["selected"][$f] as $value) {
	$insideconditions[] = self::$mysqlFiltersFields[$i]." = ".(int)$value;
	if ($f == "categories" && isset($categoryChilds[(int)$value])) {
	foreach ($categoryChilds[(int)$value] as $child) {
	$insideconditions[] = self::$mysqlFiltersFields[$i]." = ".(int)$child;
	}
	}
	}
	$conditions[] = "(".implode(" OR ", $insideconditions).")";
	}
	}
	$where .= implode(" AND ", $conditions);
	} else {
	$where = "";
	}

	$query = mysqli_query($con, "SELECT
	p.id id,
	p.username username,
	p.type type,
	p.name name,
	p.dni dni,
	p.email email,
	p.category categoryid,
	c.name category
	".($treatCompaniesSeparated ? ", w.id workerid, w.company companyid" : "")."
	FROM people p
	LEFT JOIN categories c
	ON p.category = c.id
	".($treatCompaniesSeparated ? " RIGHT JOIN workers w
	ON p.id = w.person" : "").$where);

	$people = [];

	while ($row = mysqli_fetch_assoc($query)) {
	self::addCompaniesToRow($row, $treatCompaniesSeparated);

	if ($select === false \|\| !$select["enabled"]["companies"] \|\| (!$treatCompaniesSeparated && self::filterCompanies($select["selected"]["companies"], $row["companies"]) \|\| ($treatCompaniesSeparated && in_array($row["companyid"], $select["selected"]["companies"])))) {
	$people[] = $row;
	}
	}

	// Order people by name and baixa
	if ($treatCompaniesSeparated) {
	usort($people, function($a, $b) {
	if ($a["hidden"] == 0 && $b["hidden"] == 1) return -1;
	if ($a["hidden"] == 1 && $b["hidden"] == 0) return 1;
	return ($a["name"] < $b["name"] ? -1 : ($a["name"] == $b["name"] ? 0 : 1));
	});
	} else {
	usort($people, function($a, $b) {
	if ($a["baixa"] == 0 && $b["baixa"] == 1) return -1;
	if ($a["baixa"] == 1 && $b["baixa"] == 0) return 1;
	return ($a["name"] < $b["name"] ? -1 : ($a["name"] == $b["name"] ? 0 : 1));
	});
	}

	return $people;
	}

	public static function exists($id) {
	global $con;

	$query = mysqli_query($con, "SELECT id FROM people WHERE id = ".(int)$id);

	return (mysqli_num_rows($query) > 0);
	}

	public static function addToCompany($id, $company) {
	global $con;

	$sid = (int)$id;
	$scompany = (int)$company;

	if (!companies::exists($scompany)) return false;
	if (!people::exists($sid)) return false;

	$query = mysqli_query($con, "SELECT id FROM workers WHERE person = $sid AND company = $scompany");
	if (mysqli_num_rows($query)) return false;

	$time = (int)time();

	if (!mysqli_query($con, "INSERT INTO workers (person, company) VALUES ($sid, $scompany)")) return false;

	$sworkerId = (int)mysqli_insert_id($con);
	$stime = (int)time();

	return mysqli_query($con, "INSERT INTO workhistory (worker, day, status) VALUES ($sworkerId, $stime, ".(int)workers::AFFILIATION_STATUS_AUTO_WORKING.")");
	}

	public static function userData($data, $id = "ME") {
	global $con, $_SESSION;

	if ($id == "ME" && $data == "id") return $_SESSION["id"];
	if ($id == "ME") $id = $_SESSION["id"];
	$sdata = preg_replace("/[^A-Za-z0-9 ]/", '', $data);
	$sid = (int)$id;

	$query = mysqli_query($con, "SELECT $sdata FROM people WHERE id = $sid");

	if (!mysqli_num_rows($query)) return false;

	$row = mysqli_fetch_assoc($query);

	return $row[$sdata];
	}

	public static function workerData($data, $id) {
	global $con, $_SESSION;

	$sdata = preg_replace("/[^A-Za-z0-9 ]/", '', $data);
	$sid = (int)$id;

	$query = mysqli_query($con, "SELECT p.$sdata $sdata FROM people p INNER JOIN workers w ON p.id = w.person WHERE w.id = $sid");

	if (!mysqli_num_rows($query)) return false;

	$row = mysqli_fetch_assoc($query);

	return $row[$sdata];
	}
	}