Copybara bot | be50d49 | 2023-11-30 00:16:42 +0100 | [diff] [blame] | 1 | <?php |
Adrià Vilanova Martínez | 5af8651 | 2023-12-02 20:44:16 +0100 | [diff] [blame^] | 2 | /* |
| 3 | * hores |
| 4 | * Copyright (c) 2023 Adrià Vilanova Martínez |
| 5 | * |
| 6 | * This program is free software: you can redistribute it and/or modify |
| 7 | * it under the terms of the GNU Affero General Public License as |
| 8 | * published by the Free Software Foundation, either version 3 of the |
| 9 | * License, or (at your option) any later version. |
| 10 | * |
| 11 | * This program is distributed in the hope that it will be useful, |
| 12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| 13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| 14 | * GNU Affero General Public License for more details. |
| 15 | * |
| 16 | * You should have received a copy of the GNU Affero General Public |
| 17 | * License along with this program. |
| 18 | * If not, see http://www.gnu.org/licenses/. |
| 19 | */ |
| 20 | |
Copybara bot | be50d49 | 2023-11-30 00:16:42 +0100 | [diff] [blame] | 21 | class people { |
| 22 | public static $filters = ["categories", "types", "companies"]; |
| 23 | public static $mysqlFilters = ["categories", "types"]; |
| 24 | public static $mysqlFiltersFields = ["p.category", "p.type"]; |
| 25 | |
| 26 | public static function add($username, $name, $dni, $email, $category, $password_hash, $type) { |
| 27 | global $con; |
| 28 | |
| 29 | $susername = db::sanitize($username); |
| 30 | $sname = db::sanitize($name); |
| 31 | $sdni = db::sanitize($dni); |
| 32 | $semail = db::sanitize($email); |
| 33 | $scategory = (int)$category; |
| 34 | $spassword_hash = db::sanitize($password_hash); |
| 35 | $stype = (int)$type; |
| 36 | |
| 37 | if (!categories::exists($category) || !security::existsType($type)) return false; |
| 38 | |
| 39 | return mysqli_query($con, "INSERT INTO people (username, name, dni, email, category, password, type) VALUES ('$susername', '$sname', '$sdni', '$semail', $scategory, '$spassword_hash', $stype)"); |
| 40 | } |
| 41 | |
| 42 | public static function edit($id, $username, $name, $dni, $email, $category, $type) { |
| 43 | global $con; |
| 44 | |
| 45 | $sid = (int)$id; |
| 46 | $susername = db::sanitize($username); |
| 47 | $sname = db::sanitize($name); |
| 48 | $sdni = db::sanitize($dni); |
| 49 | $semail = db::sanitize($email); |
| 50 | $scategory = (int)$category; |
| 51 | $stype = (int)$type; |
| 52 | |
| 53 | return mysqli_query($con, "UPDATE people SET username = '$susername', name = '$sname', dni = '$sdni', email = '$semail', category = $scategory, type = $stype WHERE id = $sid LIMIT 1"); |
| 54 | } |
| 55 | |
| 56 | public static function updatePassword($id, $password_hash) { |
| 57 | global $con; |
| 58 | |
| 59 | $sid = (int)$id; |
| 60 | $spassword_hash = db::sanitize($password_hash); |
| 61 | |
| 62 | return mysqli_query($con, "UPDATE people SET password = '$spassword_hash' WHERE id = $sid LIMIT 1"); |
| 63 | } |
| 64 | |
| 65 | public static function workerViewChangePassword($oldpassword, $newpassword) { |
| 66 | global $_SESSION; |
| 67 | |
| 68 | if (!security::isUserPassword(false, $oldpassword)) return false; |
| 69 | |
| 70 | return self::updatePassword($_SESSION["id"], password_hash($newpassword, PASSWORD_DEFAULT)); |
| 71 | } |
| 72 | |
| 73 | private static function addCompaniesToRow(&$row, $isWorker = false, $showHiddenCompanies = true) { |
| 74 | global $con; |
| 75 | |
| 76 | $query = mysqli_query($con, "SELECT w.id id, w.company company, h.status status |
| 77 | FROM workers w ".workers::sqlAddonToGetStatusAttribute($row["id"])); |
| 78 | |
| 79 | $row["baixa"] = true; |
| 80 | if ($isWorker) $row["hidden"] = true; |
| 81 | $row["companies"] = []; |
| 82 | while ($row2 = mysqli_fetch_assoc($query)) { |
| 83 | $baixa = workers::isHidden($row2["status"]); |
| 84 | |
| 85 | if ($isWorker && $row2["id"] == $row["workerid"]) $row["hidden"] = $baixa; |
| 86 | if (!$baixa) $row["baixa"] = false; |
| 87 | if (!$showHiddenCompanies && $baixa) continue; |
| 88 | $row["companies"][$row2["id"]] = $row2["company"]; |
| 89 | } |
| 90 | } |
| 91 | |
| 92 | private static function filterCompanies($fc, $pc) { // Filter Companies, Person Companies |
| 93 | foreach ($pc as $c) { |
| 94 | if (in_array($c, $fc)) { |
| 95 | return true; |
| 96 | } |
| 97 | } |
| 98 | return false; |
| 99 | } |
| 100 | |
| 101 | public static function get($id, $showHiddenCompanies = true) { |
| 102 | global $con; |
| 103 | |
| 104 | $query = mysqli_query($con, "SELECT p.id id, p.username username, p.type type, p.name name, p.dni dni, p.email email, p.category categoryid, c.name category FROM people p LEFT JOIN categories c ON p.category = c.id WHERE p.id = ".(int)$id); |
| 105 | |
| 106 | if (!mysqli_num_rows($query)) { |
| 107 | return false; |
| 108 | } |
| 109 | |
| 110 | $row = mysqli_fetch_assoc($query); |
| 111 | self::addCompaniesToRow($row, false, $showHiddenCompanies); |
| 112 | |
| 113 | return $row; |
| 114 | } |
| 115 | |
| 116 | public static function getAll($select = false, $treatCompaniesSeparated = false) { |
| 117 | global $con, $conf; |
| 118 | |
| 119 | $mysqlSelect = false; |
| 120 | if ($select !== false) { |
| 121 | $mysqlSelect = true; |
| 122 | $flag = false; |
| 123 | foreach (self::$mysqlFilters as $f) { |
| 124 | if ($select["enabled"][$f]) { |
| 125 | $flag = true; |
| 126 | break; |
| 127 | } |
| 128 | } |
| 129 | |
| 130 | if (!$flag) { |
| 131 | $mysqlSelect = false; |
| 132 | } |
| 133 | } |
| 134 | |
| 135 | if ($mysqlSelect !== false) { |
| 136 | $categoryChilds = categories::getChildren(); |
| 137 | $where = " WHERE "; |
| 138 | $conditions = []; |
| 139 | foreach (self::$mysqlFilters as $i => $f) { |
| 140 | if ($select["enabled"][$f]) { |
| 141 | $insideconditions = []; |
| 142 | foreach ($select["selected"][$f] as $value) { |
| 143 | $insideconditions[] = self::$mysqlFiltersFields[$i]." = ".(int)$value; |
| 144 | if ($f == "categories" && isset($categoryChilds[(int)$value])) { |
| 145 | foreach ($categoryChilds[(int)$value] as $child) { |
| 146 | $insideconditions[] = self::$mysqlFiltersFields[$i]." = ".(int)$child; |
| 147 | } |
| 148 | } |
| 149 | } |
| 150 | $conditions[] = "(".implode(" OR ", $insideconditions).")"; |
| 151 | } |
| 152 | } |
| 153 | $where .= implode(" AND ", $conditions); |
| 154 | } else { |
| 155 | $where = ""; |
| 156 | } |
| 157 | |
| 158 | $query = mysqli_query($con, "SELECT |
| 159 | p.id id, |
| 160 | p.username username, |
| 161 | p.type type, |
| 162 | p.name name, |
| 163 | p.dni dni, |
| 164 | p.email email, |
| 165 | p.category categoryid, |
| 166 | c.name category |
| 167 | ".($treatCompaniesSeparated ? ", w.id workerid, w.company companyid" : "")." |
| 168 | FROM people p |
| 169 | LEFT JOIN categories c |
| 170 | ON p.category = c.id |
| 171 | ".($treatCompaniesSeparated ? " RIGHT JOIN workers w |
| 172 | ON p.id = w.person" : "").$where); |
| 173 | |
| 174 | $people = []; |
| 175 | |
| 176 | while ($row = mysqli_fetch_assoc($query)) { |
| 177 | self::addCompaniesToRow($row, $treatCompaniesSeparated); |
| 178 | |
| 179 | if ($select === false || !$select["enabled"]["companies"] || (!$treatCompaniesSeparated && self::filterCompanies($select["selected"]["companies"], $row["companies"]) || ($treatCompaniesSeparated && in_array($row["companyid"], $select["selected"]["companies"])))) { |
| 180 | $people[] = $row; |
| 181 | } |
| 182 | } |
| 183 | |
| 184 | // Order people by name and baixa |
| 185 | if ($treatCompaniesSeparated) { |
| 186 | usort($people, function($a, $b) { |
| 187 | if ($a["hidden"] == 0 && $b["hidden"] == 1) return -1; |
| 188 | if ($a["hidden"] == 1 && $b["hidden"] == 0) return 1; |
| 189 | return ($a["name"] < $b["name"] ? -1 : ($a["name"] == $b["name"] ? 0 : 1)); |
| 190 | }); |
| 191 | } else { |
| 192 | usort($people, function($a, $b) { |
| 193 | if ($a["baixa"] == 0 && $b["baixa"] == 1) return -1; |
| 194 | if ($a["baixa"] == 1 && $b["baixa"] == 0) return 1; |
| 195 | return ($a["name"] < $b["name"] ? -1 : ($a["name"] == $b["name"] ? 0 : 1)); |
| 196 | }); |
| 197 | } |
| 198 | |
| 199 | return $people; |
| 200 | } |
| 201 | |
| 202 | public static function exists($id) { |
| 203 | global $con; |
| 204 | |
| 205 | $query = mysqli_query($con, "SELECT id FROM people WHERE id = ".(int)$id); |
| 206 | |
| 207 | return (mysqli_num_rows($query) > 0); |
| 208 | } |
| 209 | |
| 210 | public static function addToCompany($id, $company) { |
| 211 | global $con; |
| 212 | |
| 213 | $sid = (int)$id; |
| 214 | $scompany = (int)$company; |
| 215 | |
| 216 | if (!companies::exists($scompany)) return false; |
| 217 | if (!people::exists($sid)) return false; |
| 218 | |
| 219 | $query = mysqli_query($con, "SELECT id FROM workers WHERE person = $sid AND company = $scompany"); |
| 220 | if (mysqli_num_rows($query)) return false; |
| 221 | |
| 222 | $time = (int)time(); |
| 223 | |
| 224 | if (!mysqli_query($con, "INSERT INTO workers (person, company) VALUES ($sid, $scompany)")) return false; |
| 225 | |
| 226 | $sworkerId = (int)mysqli_insert_id($con); |
| 227 | $stime = (int)time(); |
| 228 | |
| 229 | return mysqli_query($con, "INSERT INTO workhistory (worker, day, status) VALUES ($sworkerId, $stime, ".(int)workers::AFFILIATION_STATUS_AUTO_WORKING.")"); |
| 230 | } |
| 231 | |
| 232 | public static function userData($data, $id = "ME") { |
| 233 | global $con, $_SESSION; |
| 234 | |
| 235 | if ($id == "ME" && $data == "id") return $_SESSION["id"]; |
| 236 | if ($id == "ME") $id = $_SESSION["id"]; |
| 237 | $sdata = preg_replace("/[^A-Za-z0-9 ]/", '', $data); |
| 238 | $sid = (int)$id; |
| 239 | |
| 240 | $query = mysqli_query($con, "SELECT $sdata FROM people WHERE id = $sid"); |
| 241 | |
| 242 | if (!mysqli_num_rows($query)) return false; |
| 243 | |
| 244 | $row = mysqli_fetch_assoc($query); |
| 245 | |
| 246 | return $row[$sdata]; |
| 247 | } |
| 248 | |
| 249 | public static function workerData($data, $id) { |
| 250 | global $con, $_SESSION; |
| 251 | |
| 252 | $sdata = preg_replace("/[^A-Za-z0-9 ]/", '', $data); |
| 253 | $sid = (int)$id; |
| 254 | |
| 255 | $query = mysqli_query($con, "SELECT p.$sdata $sdata FROM people p INNER JOIN workers w ON p.id = w.person WHERE w.id = $sid"); |
| 256 | |
| 257 | if (!mysqli_num_rows($query)) return false; |
| 258 | |
| 259 | $row = mysqli_fetch_assoc($query); |
| 260 | |
| 261 | return $row[$sdata]; |
| 262 | } |
| 263 | } |