Blame - src/inc/people.php - hores-external

blob: ddb361718449874901e257abf7fa26c52f3b5113 [file] [log] [blame]

Copybara bot	be50d49	2023-11-30 00:16:42 +0100	[diff] [blame]	1	<?php
Adrià Vilanova Martínez	5af8651	2023-12-02 20:44:16 +0100	[diff] [blame]	2	/*
				3	* hores
				4	* Copyright (c) 2023 Adrià Vilanova Martínez
				5	*
				6	* This program is free software: you can redistribute it and/or modify
				7	* it under the terms of the GNU Affero General Public License as
				8	* published by the Free Software Foundation, either version 3 of the
				9	* License, or (at your option) any later version.
				10	*
				11	* This program is distributed in the hope that it will be useful,
				12	* but WITHOUT ANY WARRANTY; without even the implied warranty of
				13	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
				14	* GNU Affero General Public License for more details.
				15	*
				16	* You should have received a copy of the GNU Affero General Public
				17	* License along with this program.
				18	* If not, see http://www.gnu.org/licenses/.
				19	*/
				20
Copybara bot	be50d49	2023-11-30 00:16:42 +0100	[diff] [blame]	21	class people {
				22	public static $filters = ["categories", "types", "companies"];
				23	public static $mysqlFilters = ["categories", "types"];
				24	public static $mysqlFiltersFields = ["p.category", "p.type"];
				25
				26	public static function add($username, $name, $dni, $email, $category, $password_hash, $type) {
				27	global $con;
				28
				29	$susername = db::sanitize($username);
				30	$sname = db::sanitize($name);
				31	$sdni = db::sanitize($dni);
				32	$semail = db::sanitize($email);
				33	$scategory = (int)$category;
				34	$spassword_hash = db::sanitize($password_hash);
				35	$stype = (int)$type;
				36
				37	if (!categories::exists($category) \|\| !security::existsType($type)) return false;
				38
				39	return mysqli_query($con, "INSERT INTO people (username, name, dni, email, category, password, type) VALUES ('$susername', '$sname', '$sdni', '$semail', $scategory, '$spassword_hash', $stype)");
				40	}
				41
				42	public static function edit($id, $username, $name, $dni, $email, $category, $type) {
				43	global $con;
				44
				45	$sid = (int)$id;
				46	$susername = db::sanitize($username);
				47	$sname = db::sanitize($name);
				48	$sdni = db::sanitize($dni);
				49	$semail = db::sanitize($email);
				50	$scategory = (int)$category;
				51	$stype = (int)$type;
				52
				53	return mysqli_query($con, "UPDATE people SET username = '$susername', name = '$sname', dni = '$sdni', email = '$semail', category = $scategory, type = $stype WHERE id = $sid LIMIT 1");
				54	}
				55
				56	public static function updatePassword($id, $password_hash) {
				57	global $con;
				58
				59	$sid = (int)$id;
				60	$spassword_hash = db::sanitize($password_hash);
				61
				62	return mysqli_query($con, "UPDATE people SET password = '$spassword_hash' WHERE id = $sid LIMIT 1");
				63	}
				64
				65	public static function workerViewChangePassword($oldpassword, $newpassword) {
				66	global $_SESSION;
				67
				68	if (!security::isUserPassword(false, $oldpassword)) return false;
				69
				70	return self::updatePassword($_SESSION["id"], password_hash($newpassword, PASSWORD_DEFAULT));
				71	}
				72
				73	private static function addCompaniesToRow(&$row, $isWorker = false, $showHiddenCompanies = true) {
				74	global $con;
				75
				76	$query = mysqli_query($con, "SELECT w.id id, w.company company, h.status status
				77	FROM workers w ".workers::sqlAddonToGetStatusAttribute($row["id"]));
				78
				79	$row["baixa"] = true;
				80	if ($isWorker) $row["hidden"] = true;
				81	$row["companies"] = [];
				82	while ($row2 = mysqli_fetch_assoc($query)) {
				83	$baixa = workers::isHidden($row2["status"]);
				84
				85	if ($isWorker && $row2["id"] == $row["workerid"]) $row["hidden"] = $baixa;
				86	if (!$baixa) $row["baixa"] = false;
				87	if (!$showHiddenCompanies && $baixa) continue;
				88	$row["companies"][$row2["id"]] = $row2["company"];
				89	}
				90	}
				91
				92	private static function filterCompanies($fc, $pc) { // Filter Companies, Person Companies
				93	foreach ($pc as $c) {
				94	if (in_array($c, $fc)) {
				95	return true;
				96	}
				97	}
				98	return false;
				99	}
				100
				101	public static function get($id, $showHiddenCompanies = true) {
				102	global $con;
				103
				104	$query = mysqli_query($con, "SELECT p.id id, p.username username, p.type type, p.name name, p.dni dni, p.email email, p.category categoryid, c.name category FROM people p LEFT JOIN categories c ON p.category = c.id WHERE p.id = ".(int)$id);
				105
				106	if (!mysqli_num_rows($query)) {
				107	return false;
				108	}
				109
				110	$row = mysqli_fetch_assoc($query);
				111	self::addCompaniesToRow($row, false, $showHiddenCompanies);
				112
				113	return $row;
				114	}
				115
				116	public static function getAll($select = false, $treatCompaniesSeparated = false) {
				117	global $con, $conf;
				118
				119	$mysqlSelect = false;
				120	if ($select !== false) {
				121	$mysqlSelect = true;
				122	$flag = false;
				123	foreach (self::$mysqlFilters as $f) {
				124	if ($select["enabled"][$f]) {
				125	$flag = true;
				126	break;
				127	}
				128	}
				129
				130	if (!$flag) {
				131	$mysqlSelect = false;
				132	}
				133	}
				134
				135	if ($mysqlSelect !== false) {
				136	$categoryChilds = categories::getChildren();
				137	$where = " WHERE ";
				138	$conditions = [];
				139	foreach (self::$mysqlFilters as $i => $f) {
				140	if ($select["enabled"][$f]) {
				141	$insideconditions = [];
				142	foreach ($select["selected"][$f] as $value) {
				143	$insideconditions[] = self::$mysqlFiltersFields[$i]." = ".(int)$value;
				144	if ($f == "categories" && isset($categoryChilds[(int)$value])) {
				145	foreach ($categoryChilds[(int)$value] as $child) {
				146	$insideconditions[] = self::$mysqlFiltersFields[$i]." = ".(int)$child;
				147	}
				148	}
				149	}
				150	$conditions[] = "(".implode(" OR ", $insideconditions).")";
				151	}
				152	}
				153	$where .= implode(" AND ", $conditions);
				154	} else {
				155	$where = "";
				156	}
				157
				158	$query = mysqli_query($con, "SELECT
				159	p.id id,
				160	p.username username,
				161	p.type type,
				162	p.name name,
				163	p.dni dni,
				164	p.email email,
				165	p.category categoryid,
				166	c.name category
				167	".($treatCompaniesSeparated ? ", w.id workerid, w.company companyid" : "")."
				168	FROM people p
				169	LEFT JOIN categories c
				170	ON p.category = c.id
				171	".($treatCompaniesSeparated ? " RIGHT JOIN workers w
				172	ON p.id = w.person" : "").$where);
				173
				174	$people = [];
				175
				176	while ($row = mysqli_fetch_assoc($query)) {
				177	self::addCompaniesToRow($row, $treatCompaniesSeparated);
				178
				179	if ($select === false \|\| !$select["enabled"]["companies"] \|\| (!$treatCompaniesSeparated && self::filterCompanies($select["selected"]["companies"], $row["companies"]) \|\| ($treatCompaniesSeparated && in_array($row["companyid"], $select["selected"]["companies"])))) {
				180	$people[] = $row;
				181	}
				182	}
				183
				184	// Order people by name and baixa
				185	if ($treatCompaniesSeparated) {
				186	usort($people, function($a, $b) {
				187	if ($a["hidden"] == 0 && $b["hidden"] == 1) return -1;
				188	if ($a["hidden"] == 1 && $b["hidden"] == 0) return 1;
				189	return ($a["name"] < $b["name"] ? -1 : ($a["name"] == $b["name"] ? 0 : 1));
				190	});
				191	} else {
				192	usort($people, function($a, $b) {
				193	if ($a["baixa"] == 0 && $b["baixa"] == 1) return -1;
				194	if ($a["baixa"] == 1 && $b["baixa"] == 0) return 1;
				195	return ($a["name"] < $b["name"] ? -1 : ($a["name"] == $b["name"] ? 0 : 1));
				196	});
				197	}
				198
				199	return $people;
				200	}
				201
				202	public static function exists($id) {
				203	global $con;
				204
				205	$query = mysqli_query($con, "SELECT id FROM people WHERE id = ".(int)$id);
				206
				207	return (mysqli_num_rows($query) > 0);
				208	}
				209
				210	public static function addToCompany($id, $company) {
				211	global $con;
				212
				213	$sid = (int)$id;
				214	$scompany = (int)$company;
				215
				216	if (!companies::exists($scompany)) return false;
				217	if (!people::exists($sid)) return false;
				218
				219	$query = mysqli_query($con, "SELECT id FROM workers WHERE person = $sid AND company = $scompany");
				220	if (mysqli_num_rows($query)) return false;
				221
				222	$time = (int)time();
				223
				224	if (!mysqli_query($con, "INSERT INTO workers (person, company) VALUES ($sid, $scompany)")) return false;
				225
				226	$sworkerId = (int)mysqli_insert_id($con);
				227	$stime = (int)time();
				228
				229	return mysqli_query($con, "INSERT INTO workhistory (worker, day, status) VALUES ($sworkerId, $stime, ".(int)workers::AFFILIATION_STATUS_AUTO_WORKING.")");
				230	}
				231
				232	public static function userData($data, $id = "ME") {
				233	global $con, $_SESSION;
				234
				235	if ($id == "ME" && $data == "id") return $_SESSION["id"];
				236	if ($id == "ME") $id = $_SESSION["id"];
				237	$sdata = preg_replace("/[^A-Za-z0-9 ]/", '', $data);
				238	$sid = (int)$id;
				239
				240	$query = mysqli_query($con, "SELECT $sdata FROM people WHERE id = $sid");
				241
				242	if (!mysqli_num_rows($query)) return false;
				243
				244	$row = mysqli_fetch_assoc($query);
				245
				246	return $row[$sdata];
				247	}
				248
				249	public static function workerData($data, $id) {
				250	global $con, $_SESSION;
				251
				252	$sdata = preg_replace("/[^A-Za-z0-9 ]/", '', $data);
				253	$sid = (int)$id;
				254
				255	$query = mysqli_query($con, "SELECT p.$sdata $sdata FROM people p INNER JOIN workers w ON p.id = w.person WHERE w.id = $sid");
				256
				257	if (!mysqli_num_rows($query)) return false;
				258
				259	$row = mysqli_fetch_assoc($query);
				260
				261	return $row[$sdata];
				262	}
				263	}