blob: ddb361718449874901e257abf7fa26c52f3b5113 [file] [log] [blame]
Copybara botbe50d492023-11-30 00:16:42 +01001<?php
Adrià Vilanova Martínez5af86512023-12-02 20:44:16 +01002/*
3 * hores
4 * Copyright (c) 2023 Adrià Vilanova Martínez
5 *
6 * This program is free software: you can redistribute it and/or modify
7 * it under the terms of the GNU Affero General Public License as
8 * published by the Free Software Foundation, either version 3 of the
9 * License, or (at your option) any later version.
10 *
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU Affero General Public License for more details.
15 *
16 * You should have received a copy of the GNU Affero General Public
17 * License along with this program.
18 * If not, see http://www.gnu.org/licenses/.
19 */
20
Copybara botbe50d492023-11-30 00:16:42 +010021class people {
22 public static $filters = ["categories", "types", "companies"];
23 public static $mysqlFilters = ["categories", "types"];
24 public static $mysqlFiltersFields = ["p.category", "p.type"];
25
26 public static function add($username, $name, $dni, $email, $category, $password_hash, $type) {
27 global $con;
28
29 $susername = db::sanitize($username);
30 $sname = db::sanitize($name);
31 $sdni = db::sanitize($dni);
32 $semail = db::sanitize($email);
33 $scategory = (int)$category;
34 $spassword_hash = db::sanitize($password_hash);
35 $stype = (int)$type;
36
37 if (!categories::exists($category) || !security::existsType($type)) return false;
38
39 return mysqli_query($con, "INSERT INTO people (username, name, dni, email, category, password, type) VALUES ('$susername', '$sname', '$sdni', '$semail', $scategory, '$spassword_hash', $stype)");
40 }
41
42 public static function edit($id, $username, $name, $dni, $email, $category, $type) {
43 global $con;
44
45 $sid = (int)$id;
46 $susername = db::sanitize($username);
47 $sname = db::sanitize($name);
48 $sdni = db::sanitize($dni);
49 $semail = db::sanitize($email);
50 $scategory = (int)$category;
51 $stype = (int)$type;
52
53 return mysqli_query($con, "UPDATE people SET username = '$susername', name = '$sname', dni = '$sdni', email = '$semail', category = $scategory, type = $stype WHERE id = $sid LIMIT 1");
54 }
55
56 public static function updatePassword($id, $password_hash) {
57 global $con;
58
59 $sid = (int)$id;
60 $spassword_hash = db::sanitize($password_hash);
61
62 return mysqli_query($con, "UPDATE people SET password = '$spassword_hash' WHERE id = $sid LIMIT 1");
63 }
64
65 public static function workerViewChangePassword($oldpassword, $newpassword) {
66 global $_SESSION;
67
68 if (!security::isUserPassword(false, $oldpassword)) return false;
69
70 return self::updatePassword($_SESSION["id"], password_hash($newpassword, PASSWORD_DEFAULT));
71 }
72
73 private static function addCompaniesToRow(&$row, $isWorker = false, $showHiddenCompanies = true) {
74 global $con;
75
76 $query = mysqli_query($con, "SELECT w.id id, w.company company, h.status status
77 FROM workers w ".workers::sqlAddonToGetStatusAttribute($row["id"]));
78
79 $row["baixa"] = true;
80 if ($isWorker) $row["hidden"] = true;
81 $row["companies"] = [];
82 while ($row2 = mysqli_fetch_assoc($query)) {
83 $baixa = workers::isHidden($row2["status"]);
84
85 if ($isWorker && $row2["id"] == $row["workerid"]) $row["hidden"] = $baixa;
86 if (!$baixa) $row["baixa"] = false;
87 if (!$showHiddenCompanies && $baixa) continue;
88 $row["companies"][$row2["id"]] = $row2["company"];
89 }
90 }
91
92 private static function filterCompanies($fc, $pc) { // Filter Companies, Person Companies
93 foreach ($pc as $c) {
94 if (in_array($c, $fc)) {
95 return true;
96 }
97 }
98 return false;
99 }
100
101 public static function get($id, $showHiddenCompanies = true) {
102 global $con;
103
104 $query = mysqli_query($con, "SELECT p.id id, p.username username, p.type type, p.name name, p.dni dni, p.email email, p.category categoryid, c.name category FROM people p LEFT JOIN categories c ON p.category = c.id WHERE p.id = ".(int)$id);
105
106 if (!mysqli_num_rows($query)) {
107 return false;
108 }
109
110 $row = mysqli_fetch_assoc($query);
111 self::addCompaniesToRow($row, false, $showHiddenCompanies);
112
113 return $row;
114 }
115
116 public static function getAll($select = false, $treatCompaniesSeparated = false) {
117 global $con, $conf;
118
119 $mysqlSelect = false;
120 if ($select !== false) {
121 $mysqlSelect = true;
122 $flag = false;
123 foreach (self::$mysqlFilters as $f) {
124 if ($select["enabled"][$f]) {
125 $flag = true;
126 break;
127 }
128 }
129
130 if (!$flag) {
131 $mysqlSelect = false;
132 }
133 }
134
135 if ($mysqlSelect !== false) {
136 $categoryChilds = categories::getChildren();
137 $where = " WHERE ";
138 $conditions = [];
139 foreach (self::$mysqlFilters as $i => $f) {
140 if ($select["enabled"][$f]) {
141 $insideconditions = [];
142 foreach ($select["selected"][$f] as $value) {
143 $insideconditions[] = self::$mysqlFiltersFields[$i]." = ".(int)$value;
144 if ($f == "categories" && isset($categoryChilds[(int)$value])) {
145 foreach ($categoryChilds[(int)$value] as $child) {
146 $insideconditions[] = self::$mysqlFiltersFields[$i]." = ".(int)$child;
147 }
148 }
149 }
150 $conditions[] = "(".implode(" OR ", $insideconditions).")";
151 }
152 }
153 $where .= implode(" AND ", $conditions);
154 } else {
155 $where = "";
156 }
157
158 $query = mysqli_query($con, "SELECT
159 p.id id,
160 p.username username,
161 p.type type,
162 p.name name,
163 p.dni dni,
164 p.email email,
165 p.category categoryid,
166 c.name category
167 ".($treatCompaniesSeparated ? ", w.id workerid, w.company companyid" : "")."
168 FROM people p
169 LEFT JOIN categories c
170 ON p.category = c.id
171 ".($treatCompaniesSeparated ? " RIGHT JOIN workers w
172 ON p.id = w.person" : "").$where);
173
174 $people = [];
175
176 while ($row = mysqli_fetch_assoc($query)) {
177 self::addCompaniesToRow($row, $treatCompaniesSeparated);
178
179 if ($select === false || !$select["enabled"]["companies"] || (!$treatCompaniesSeparated && self::filterCompanies($select["selected"]["companies"], $row["companies"]) || ($treatCompaniesSeparated && in_array($row["companyid"], $select["selected"]["companies"])))) {
180 $people[] = $row;
181 }
182 }
183
184 // Order people by name and baixa
185 if ($treatCompaniesSeparated) {
186 usort($people, function($a, $b) {
187 if ($a["hidden"] == 0 && $b["hidden"] == 1) return -1;
188 if ($a["hidden"] == 1 && $b["hidden"] == 0) return 1;
189 return ($a["name"] < $b["name"] ? -1 : ($a["name"] == $b["name"] ? 0 : 1));
190 });
191 } else {
192 usort($people, function($a, $b) {
193 if ($a["baixa"] == 0 && $b["baixa"] == 1) return -1;
194 if ($a["baixa"] == 1 && $b["baixa"] == 0) return 1;
195 return ($a["name"] < $b["name"] ? -1 : ($a["name"] == $b["name"] ? 0 : 1));
196 });
197 }
198
199 return $people;
200 }
201
202 public static function exists($id) {
203 global $con;
204
205 $query = mysqli_query($con, "SELECT id FROM people WHERE id = ".(int)$id);
206
207 return (mysqli_num_rows($query) > 0);
208 }
209
210 public static function addToCompany($id, $company) {
211 global $con;
212
213 $sid = (int)$id;
214 $scompany = (int)$company;
215
216 if (!companies::exists($scompany)) return false;
217 if (!people::exists($sid)) return false;
218
219 $query = mysqli_query($con, "SELECT id FROM workers WHERE person = $sid AND company = $scompany");
220 if (mysqli_num_rows($query)) return false;
221
222 $time = (int)time();
223
224 if (!mysqli_query($con, "INSERT INTO workers (person, company) VALUES ($sid, $scompany)")) return false;
225
226 $sworkerId = (int)mysqli_insert_id($con);
227 $stime = (int)time();
228
229 return mysqli_query($con, "INSERT INTO workhistory (worker, day, status) VALUES ($sworkerId, $stime, ".(int)workers::AFFILIATION_STATUS_AUTO_WORKING.")");
230 }
231
232 public static function userData($data, $id = "ME") {
233 global $con, $_SESSION;
234
235 if ($id == "ME" && $data == "id") return $_SESSION["id"];
236 if ($id == "ME") $id = $_SESSION["id"];
237 $sdata = preg_replace("/[^A-Za-z0-9 ]/", '', $data);
238 $sid = (int)$id;
239
240 $query = mysqli_query($con, "SELECT $sdata FROM people WHERE id = $sid");
241
242 if (!mysqli_num_rows($query)) return false;
243
244 $row = mysqli_fetch_assoc($query);
245
246 return $row[$sdata];
247 }
248
249 public static function workerData($data, $id) {
250 global $con, $_SESSION;
251
252 $sdata = preg_replace("/[^A-Za-z0-9 ]/", '', $data);
253 $sid = (int)$id;
254
255 $query = mysqli_query($con, "SELECT p.$sdata $sdata FROM people p INNER JOIN workers w ON p.id = w.person WHERE w.id = $sid");
256
257 if (!mysqli_num_rows($query)) return false;
258
259 $row = mysqli_fetch_assoc($query);
260
261 return $row[$sdata];
262 }
263}