blob: deccc10a5a58e4d592c49b74ac0a3d22a2bb3041 [file] [log] [blame]
Copybara botbe50d492023-11-30 00:16:42 +01001<?php
2class people {
3 public static $filters = ["categories", "types", "companies"];
4 public static $mysqlFilters = ["categories", "types"];
5 public static $mysqlFiltersFields = ["p.category", "p.type"];
6
7 public static function add($username, $name, $dni, $email, $category, $password_hash, $type) {
8 global $con;
9
10 $susername = db::sanitize($username);
11 $sname = db::sanitize($name);
12 $sdni = db::sanitize($dni);
13 $semail = db::sanitize($email);
14 $scategory = (int)$category;
15 $spassword_hash = db::sanitize($password_hash);
16 $stype = (int)$type;
17
18 if (!categories::exists($category) || !security::existsType($type)) return false;
19
20 return mysqli_query($con, "INSERT INTO people (username, name, dni, email, category, password, type) VALUES ('$susername', '$sname', '$sdni', '$semail', $scategory, '$spassword_hash', $stype)");
21 }
22
23 public static function edit($id, $username, $name, $dni, $email, $category, $type) {
24 global $con;
25
26 $sid = (int)$id;
27 $susername = db::sanitize($username);
28 $sname = db::sanitize($name);
29 $sdni = db::sanitize($dni);
30 $semail = db::sanitize($email);
31 $scategory = (int)$category;
32 $stype = (int)$type;
33
34 return mysqli_query($con, "UPDATE people SET username = '$susername', name = '$sname', dni = '$sdni', email = '$semail', category = $scategory, type = $stype WHERE id = $sid LIMIT 1");
35 }
36
37 public static function updatePassword($id, $password_hash) {
38 global $con;
39
40 $sid = (int)$id;
41 $spassword_hash = db::sanitize($password_hash);
42
43 return mysqli_query($con, "UPDATE people SET password = '$spassword_hash' WHERE id = $sid LIMIT 1");
44 }
45
46 public static function workerViewChangePassword($oldpassword, $newpassword) {
47 global $_SESSION;
48
49 if (!security::isUserPassword(false, $oldpassword)) return false;
50
51 return self::updatePassword($_SESSION["id"], password_hash($newpassword, PASSWORD_DEFAULT));
52 }
53
54 private static function addCompaniesToRow(&$row, $isWorker = false, $showHiddenCompanies = true) {
55 global $con;
56
57 $query = mysqli_query($con, "SELECT w.id id, w.company company, h.status status
58 FROM workers w ".workers::sqlAddonToGetStatusAttribute($row["id"]));
59
60 $row["baixa"] = true;
61 if ($isWorker) $row["hidden"] = true;
62 $row["companies"] = [];
63 while ($row2 = mysqli_fetch_assoc($query)) {
64 $baixa = workers::isHidden($row2["status"]);
65
66 if ($isWorker && $row2["id"] == $row["workerid"]) $row["hidden"] = $baixa;
67 if (!$baixa) $row["baixa"] = false;
68 if (!$showHiddenCompanies && $baixa) continue;
69 $row["companies"][$row2["id"]] = $row2["company"];
70 }
71 }
72
73 private static function filterCompanies($fc, $pc) { // Filter Companies, Person Companies
74 foreach ($pc as $c) {
75 if (in_array($c, $fc)) {
76 return true;
77 }
78 }
79 return false;
80 }
81
82 public static function get($id, $showHiddenCompanies = true) {
83 global $con;
84
85 $query = mysqli_query($con, "SELECT p.id id, p.username username, p.type type, p.name name, p.dni dni, p.email email, p.category categoryid, c.name category FROM people p LEFT JOIN categories c ON p.category = c.id WHERE p.id = ".(int)$id);
86
87 if (!mysqli_num_rows($query)) {
88 return false;
89 }
90
91 $row = mysqli_fetch_assoc($query);
92 self::addCompaniesToRow($row, false, $showHiddenCompanies);
93
94 return $row;
95 }
96
97 public static function getAll($select = false, $treatCompaniesSeparated = false) {
98 global $con, $conf;
99
100 $mysqlSelect = false;
101 if ($select !== false) {
102 $mysqlSelect = true;
103 $flag = false;
104 foreach (self::$mysqlFilters as $f) {
105 if ($select["enabled"][$f]) {
106 $flag = true;
107 break;
108 }
109 }
110
111 if (!$flag) {
112 $mysqlSelect = false;
113 }
114 }
115
116 if ($mysqlSelect !== false) {
117 $categoryChilds = categories::getChildren();
118 $where = " WHERE ";
119 $conditions = [];
120 foreach (self::$mysqlFilters as $i => $f) {
121 if ($select["enabled"][$f]) {
122 $insideconditions = [];
123 foreach ($select["selected"][$f] as $value) {
124 $insideconditions[] = self::$mysqlFiltersFields[$i]." = ".(int)$value;
125 if ($f == "categories" && isset($categoryChilds[(int)$value])) {
126 foreach ($categoryChilds[(int)$value] as $child) {
127 $insideconditions[] = self::$mysqlFiltersFields[$i]." = ".(int)$child;
128 }
129 }
130 }
131 $conditions[] = "(".implode(" OR ", $insideconditions).")";
132 }
133 }
134 $where .= implode(" AND ", $conditions);
135 } else {
136 $where = "";
137 }
138
139 $query = mysqli_query($con, "SELECT
140 p.id id,
141 p.username username,
142 p.type type,
143 p.name name,
144 p.dni dni,
145 p.email email,
146 p.category categoryid,
147 c.name category
148 ".($treatCompaniesSeparated ? ", w.id workerid, w.company companyid" : "")."
149 FROM people p
150 LEFT JOIN categories c
151 ON p.category = c.id
152 ".($treatCompaniesSeparated ? " RIGHT JOIN workers w
153 ON p.id = w.person" : "").$where);
154
155 $people = [];
156
157 while ($row = mysqli_fetch_assoc($query)) {
158 self::addCompaniesToRow($row, $treatCompaniesSeparated);
159
160 if ($select === false || !$select["enabled"]["companies"] || (!$treatCompaniesSeparated && self::filterCompanies($select["selected"]["companies"], $row["companies"]) || ($treatCompaniesSeparated && in_array($row["companyid"], $select["selected"]["companies"])))) {
161 $people[] = $row;
162 }
163 }
164
165 // Order people by name and baixa
166 if ($treatCompaniesSeparated) {
167 usort($people, function($a, $b) {
168 if ($a["hidden"] == 0 && $b["hidden"] == 1) return -1;
169 if ($a["hidden"] == 1 && $b["hidden"] == 0) return 1;
170 return ($a["name"] < $b["name"] ? -1 : ($a["name"] == $b["name"] ? 0 : 1));
171 });
172 } else {
173 usort($people, function($a, $b) {
174 if ($a["baixa"] == 0 && $b["baixa"] == 1) return -1;
175 if ($a["baixa"] == 1 && $b["baixa"] == 0) return 1;
176 return ($a["name"] < $b["name"] ? -1 : ($a["name"] == $b["name"] ? 0 : 1));
177 });
178 }
179
180 return $people;
181 }
182
183 public static function exists($id) {
184 global $con;
185
186 $query = mysqli_query($con, "SELECT id FROM people WHERE id = ".(int)$id);
187
188 return (mysqli_num_rows($query) > 0);
189 }
190
191 public static function addToCompany($id, $company) {
192 global $con;
193
194 $sid = (int)$id;
195 $scompany = (int)$company;
196
197 if (!companies::exists($scompany)) return false;
198 if (!people::exists($sid)) return false;
199
200 $query = mysqli_query($con, "SELECT id FROM workers WHERE person = $sid AND company = $scompany");
201 if (mysqli_num_rows($query)) return false;
202
203 $time = (int)time();
204
205 if (!mysqli_query($con, "INSERT INTO workers (person, company) VALUES ($sid, $scompany)")) return false;
206
207 $sworkerId = (int)mysqli_insert_id($con);
208 $stime = (int)time();
209
210 return mysqli_query($con, "INSERT INTO workhistory (worker, day, status) VALUES ($sworkerId, $stime, ".(int)workers::AFFILIATION_STATUS_AUTO_WORKING.")");
211 }
212
213 public static function userData($data, $id = "ME") {
214 global $con, $_SESSION;
215
216 if ($id == "ME" && $data == "id") return $_SESSION["id"];
217 if ($id == "ME") $id = $_SESSION["id"];
218 $sdata = preg_replace("/[^A-Za-z0-9 ]/", '', $data);
219 $sid = (int)$id;
220
221 $query = mysqli_query($con, "SELECT $sdata FROM people WHERE id = $sid");
222
223 if (!mysqli_num_rows($query)) return false;
224
225 $row = mysqli_fetch_assoc($query);
226
227 return $row[$sdata];
228 }
229
230 public static function workerData($data, $id) {
231 global $con, $_SESSION;
232
233 $sdata = preg_replace("/[^A-Za-z0-9 ]/", '', $data);
234 $sid = (int)$id;
235
236 $query = mysqli_query($con, "SELECT p.$sdata $sdata FROM people p INNER JOIN workers w ON p.id = w.person WHERE w.id = $sid");
237
238 if (!mysqli_num_rows($query)) return false;
239
240 $row = mysqli_fetch_assoc($query);
241
242 return $row[$sdata];
243 }
244}