_userId = $user_id; $this->_featureCode = $feature_code; $oPDOLink = ClassConfig::databaseConnect(); $sql=" INSERT INTO useruser_corefeature_rel( user_id, core_feature_id ) VALUES ( :user_id, (SELECT id FROM core_feature WHERE code=:feature_code LIMIT 1) ); "; $execSQL = $oPDOLink->prepare($sql); $execSQL->execute(array(':user_id'=>$this->_userId, ':feature_code'=>$this->_featureCode)); } private function _setFeaturesToUser($user_id){ $this->_userId = $user_id; ClassUser::_addFeatureToUser($this->_userId, 'home'); ClassUser::_addFeatureToUser($this->_userId, 'portfolio'); ClassUser::_addFeatureToUser($this->_userId, 'logout'); } public function getUserIdByLogin($user_login){ $this->_userLogin = $user_login; $oPDOLink = ClassConfig::databaseConnect(); $sql = "SELECT id FROM user_user WHERE login=:login"; $execSQL = $oPDOLink->prepare($sql); $execSQL->execute(array(':login'=>$this->_userLogin)); $row = $execSQL->fetch(PDO::FETCH_ASSOC); return $row['id']; } private function _checkIfVipOfferActive(){ $config = ClassConfig::getConfig(); $oPDOLink = ClassConfig::databaseConnect(); if($config['is_vip_offer_active']==='true'){ return true; } else { return false; } } private function _checkIfEverythingForFreeActive(){ $config = ClassConfig::getConfig(); $oPDOLink = ClassConfig::databaseConnect(); //FIX is this code still needed? if($config['is_everything_for_free_offer_active']=='true'){ return true; } else { return false; } } public function createUser($data, $ext_id){ $this->_data = $data; $this->_extId = $ext_id; $config = ClassConfig::getConfig(); $oPDOLink = ClassConfig::databaseConnect(); //IF password and confirmPassword are not identical, displaying an error message if($this->_data['formRegisterFieldPassword'] != $this->_data['formRegisterFieldConfirmPassword']){ $message['state']='failed'; $message['css_class']='failed'; $message['translation_code'] = 'checkRegisterForm_notSamePassword'; return $message; } else { $activation_code = rand(); $sql=" INSERT INTO user_user(email, password, activation_code, firstname, lastname, core_lang_id, core_country_id, core_currency_id, core_theme_id, is_backend_access, is_active, is_employee, comment ) VALUES ( :email, :password, :activation_code, :firstname, :lastname, (SELECT id FROM core_lang WHERE code='en_gb'), (SELECT id FROM core_country WHERE code='ch'), (SELECT id FROM core_currency WHERE code='chf'), 1, false, true, false, 'user registered online via Wodoo frontend' ) "; $execSQL = $oPDOLink->prepare($sql); if($execSQL->execute(array( ':email'=>$this->_data['formRegisterFieldEmail'], ':password'=>sha1($this->_data['formRegisterFieldPassword'].'-k3P[8x&'), ':activation_code'=>$activation_code, ':firstname'=>$this->_data['formRegisterFieldFirstname'], ':lastname'=>$this->_data['formRegisterFieldLastname'] ))){ $newUserId = $oPDOLink->lastInsertId('user_user_id_seq'); //$isVipOfferActive = $this->_checkIfVipOfferActive(); //$isEverythingForFreeActive = $this->_checkIfEverythingForFreeActive(); // core user detail $sql=" INSERT INTO user_detail(user_id, ext_id) VALUES (:user_id, :ext_id) "; $execSQL = $oPDOLink->prepare($sql); $execSQL->execute(array(':user_id'=>$newUserId, ':ext_id'=>$this->_extId)); // get features for user $sql="SELECT id FROM core_feature WHERE is_user_feature=TRUE;"; $getFeatures = $oPDOLink->prepare($sql); $getFeatures->execute(array()); $features = $getFeatures->fetchAll(PDO::FETCH_ASSOC); $sql=" INSERT INTO useruser_corefeature_rel(user_id, core_feature_id) VALUES ( (SELECT id FROM user_user WHERE email=:email LIMIT 1), :feature_id ); "; $execSQL = $oPDOLink->prepare($sql); //set features to user foreach($features as $feature){ $execSQL->execute(array(':email'=>$this->_data['formRegisterFieldEmail'], ':feature_id'=>$feature['id'])); } $message['user_id'] = $newUserId; $message['activation_code'] = $activation_code; $message['status'] = "success"; $message['css_class'] = 'success-message'; //TODO change confirmation_registration by register_form_success when registrations will need an activation by clic on link in an email //$message['translation_code'] = 'register_form_success'; //'confirmation_registration'; //TODO send an email to admin to indicate that there is a new registration return $message; } else { $message['status']='failed'; $message['css_class'] = 'failed-message'; //$message['translation_code'] = 'register_form_failed'; return $message; } } } public function activateUser($activation_code){ $this->_activationCode = (string) $activation_code; $oPDOLink = ClassConfig::databaseConnect(); $sql=" UPDATE user_user SET is_active=TRUE WHERE activation_code=:activation_code "; $execSQL = $oPDOLink->prepare($sql); if($execSQL->execute(array(':activation_code'=>$this->_activationCode))){ $sql=" SELECT firstname, email FROM user_user WHERE activation_code=:activation_code "; $execSQL = $oPDOLink->prepare($sql); $execSQL->execute(array(':activation_code'=>$this->_activationCode)); $row = $execSQL->fetch(PDO::FETCH_ASSOC); $message['firstname'] = $row['firstname']; $message['email'] = $row['email']; $message['state'] = 'success'; $message['css_class'] = 'success-message'; $message['translation_code'] = 'message_activateUserSuccess'; } else { $message['state'] = 'failed'; $message['css_class'] = 'failed-message'; $message['translation_code'] = 'message_activateUserFailed'; } return $message; } public function login($post_datas=array()){ $this->_postDatas = $post_datas; $oPDOLink = ClassConfig::databaseConnect(); if($this->_postDatas['formLoginFieldEmail']=='' || $this->_postDatas['formLoginFieldPassword']==''){ $message['state'] = 'no_required_fields_filled'; $message['css_class'] = 'failed-message'; $message['translation_code'] = "message_requiredFieldsNotFilled"; return $message; } $sql=" SELECT uu.id, uu.email, uu.password, uu.firstname, uu.lastname, uu.phone, uu.core_lang_id, uu.core_country_id, uu.core_currency_id, uu.is_backend_access, uu.is_employee, uu.is_active, (SELECT code FROM core_lang WHERE id=core_lang_id) AS lang_code, (SELECT code FROM core_country WHERE id=core_country_id) AS country_code, (SELECT code FROM core_currency WHERE id=core_currency_id) AS currency_code FROM user_user uu INNER JOIN user_detail ud ON uu.id=ud.user_id WHERE uu.email=:email AND uu.password=:password LIMIT 1 "; $execSQL = $oPDOLink->prepare($sql); $execSQL->execute(array( ':email'=>$this->_postDatas['formLoginFieldEmail'], ':password'=>sha1($this->_postDatas['formLoginFieldPassword'].'-k3P[8x&') )); $row = $execSQL->fetch(PDO::FETCH_ASSOC); if(isset($row['is_active']) and $row['is_active']==false){ $message['state'] = 'account_not_activated'; $message['css_class'] = 'warning-message'; $message['translation_code'] = 'messageLogin_accountNotActivated'; return $message; } else if(isset($row['email'])){ unset($_SESSION['features']); $_SESSION['features'] = $this->getFeatures($row['id']); $row['state'] = 'success'; return $row; } else{ $message['state'] = 'bad_login_or_password'; $message['css_class'] = 'failed-message'; //FIX translate this message $message['translation_code'] = "messageLogin_badLoginOrPassword"; return $message; } } public function getFeatures($user_id){ $this->_userId = $user_id; $oPDOLink = ClassConfig::databaseConnect(); $sql = " SELECT f.*, (SELECT source FROM core_translation WHERE id=f.url_translation_id) AS url, (SELECT source FROM core_translation WHERE id=f.name_translation_id) AS menu_label FROM useruser_corefeature_rel r INNER JOIN core_feature f ON r.core_feature_id=f.id WHERE r.user_id=:user_id AND f.is_active=TRUE ORDER BY f.priority ASC; "; $execSQL = $oPDOLink->prepare($sql); $execSQL->execute(array(':user_id'=>$this->_userId)); $rows = $execSQL->fetchAll(PDO::FETCH_OBJ); return $rows; } public function setThemeForUser($user_id, $theme_code){ $this->_userId = $user_id; $this->_themeCode = $theme_code; $oPDOLink = ClassConfig::databaseConnect(); $sql=" UPDATE user_user SET core_theme_id = (SELECT id FROM core_theme WHERE code=:theme_code) WHERE id=:user_id; "; $execSQL = $oPDOLink->prepare($sql); if($execSQL->execute(array( ':theme_code'=>$this->_themeCode, ':user_id'=>$this->_userId ))){ $res['css_class'] = 'success-message'; $res['state'] = 'success'; } else{ $res['css_class'] = 'failed-message'; $res['state'] = 'failed'; } return $res; } public function setLangForUser($user_id, $lang_code){ $this->_userId = $user_id; $this->_langCode = $lang_code; $oPDOLink = ClassConfig::databaseConnect(); $sql=" UPDATE user_user SET core_lang_id = (SELECT id FROM core_lang WHERE code=:lang_code) WHERE id=:user_id; "; $execSQL = $oPDOLink->prepare($sql); if($execSQL->execute(array( ':lang_code'=>$this->_langCode, ':user_id'=>$this->_userId ))){ $sql = " SELECT id, code FROM core_lang WHERE code=:code LIMIT 1; "; $execSQL = $oPDOLink->prepare($sql); $execSQL->execute(array(':code'=>$this->_langCode)); $row = $execSQL->fetch(PDO::FETCH_ASSOC); return $row; } else{ return false; } } public function checkAccessFeature($user_id, $feature_code){ $this->_userId = $user_id; $this->_featureCode = $feature_code; $oPDOLink = ClassConfig::databaseConnect(); $sql=" SELECT COUNT(core_feature_id) AS autorization FROM useruser_corefeature_rel WHERE user_id=:user_id AND core_feature_id=( SELECT id FROM core_feature WHERE code=:feature_code LIMIT 1 ); "; $execSQL = $oPDOLink->prepare($sql); $execSQL->execute(array( ':user_id'=>$this->_userId, ':feature_code'=>$this->_featureCode )); $row = $execSQL->fetch(PDO::FETCH_ASSOC); return $row; } public function changePhone($user_id, $data){ $this->_userId = $user_id; $this->_data = $data; $code = microtime(true); $oPDOLink = ClassConfig::databaseConnect(); $sql="INSERT INTO user_user_temp(code, user_id, phone) VALUES(:code, :user_id, :phone);"; $execSQL = $oPDOLink->prepare($sql); if($execSQL->execute(array( ':user_id'=>$this->_userId, ':phone'=>$this->_data['phone'], ':code'=>$code ))){ $message['state'] = 'success'; } else{ $message['state'] = 'failed'; } return $message; } public function changeEmail($user_id, $data){ $this->_userId = $user_id; $this->_data = $data; $code = microtime(true); $oPDOLink = ClassConfig::databaseConnect(); $sql="INSERT INTO user_user_temp(code, user_id, email) VALUES(:code, :user_id, :email);"; $execSQL = $oPDOLink->prepare($sql); if($this->_data['email'] != $this->_data['email_confirm']){ $message['state'] = 'failed_mail_confirm'; } else if($execSQL->execute(array( ':code'=>$code, ':user_id'=>$this->_userId, ':email'=>$this->_data['email'] ))){ $message['state'] = 'success'; } else{ $message['state'] = 'failed'; } return $message; } public function changePassword($user_id, $data){ $this->_userId = $user_id; $this->_data = $data; $oPDOLink = ClassConfig::databaseConnect(); $sql=" SELECT password FROM user_user WHERE id=:user_id; "; $execSQL = $oPDOLink->prepare($sql); $execSQL->execute(array(':user_id'=>$this->_userId)); $row = $execSQL->fetch(PDO::FETCH_ASSOC); if(isset($row['password']) && sha1($this->_data['oldPassword'].'-k3P[8x&') != $row['password']){ $message['state'] = 'failed_bad_password'; } else if($this->_data['newPassword'] != $this->_data['confirmPassword']){ $message['state'] = 'failed_password_confirm'; } else{ $sql=" UPDATE user_user SET password=:password WHERE id=:user_id; "; $execSQL = $oPDOLink->prepare($sql); if($execSQL->execute(array( ':user_id'=>$this->_userId, ':password'=>sha1($this->_data['newPassword'].'-k3P[8x&') ))){ $message['state'] = 'success'; } else{ $message['state'] = 'failed'; } } return $message; } public function resetPassword($change_password_request_code, $data){ $this->_changePasswordRequestCode = $change_password_request_code; $this->_data = $data; $oPDOLink = ClassConfig::databaseConnect(); $sql=" SELECT COUNT(code) AS nb_codes FROM user_user_change_password_request WHERE code=:change_password_request_code; "; $execSQL = $oPDOLink->prepare($sql); $execSQL->execute(array(':change_password_request_code'=>$this->_changePasswordRequestCode)); $nbCode = $execSQL->fetch(PDO::FETCH_ASSOC); if($nbCode['nb_codes'] == 0){ $message['state'] = 'failed_invalid_code'; } else if($this->_data['password'] != $this->_data['password_confirmation']){ $message['state'] = 'failed_password_confirm'; } else{ $sql=" UPDATE user_user SET password=:password WHERE id=( SELECT user_id FROM user_user_change_password_request WHERE code=:change_password_request_code LIMIT 1 ); "; $execSQL = $oPDOLink->prepare($sql); if($execSQL->execute(array( ':change_password_request_code'=>$this->_changePasswordRequestCode, ':password'=>sha1($this->_data['password'].'-k3P[8x&') ))){ $message['state'] = 'success'; $sql=" DELETE FROM user_user_change_password_request WHERE user_id=( SELECT user_id FROM user_user_change_password_request WHERE code=:change_password_request_code LIMIT 1 ); "; $execSQL = $oPDOLink->prepare($sql); $execSQL->execute(array(':change_password_request_code'=>$this->_changePasswordRequestCode)); } else{ $message['state'] = 'failed'; } } return $message; } public function listUsersToValid(){ $oPDOLink = ClassConfig::databaseConnect(); $sql=" SELECT cu.* FROM user_user cu INNER JOIN workflow_item wf ON cu.id=wf.model_id WHERE wf.model='user' AND wf.wf_state_id=(SELECT id FROM workflow_state WHERE code='draft' AND wf_id=(SELECT id FROM workflow_workflow WHERE name='partner') LIMIT 1); "; $execSQL = $oPDOLink->prepare($sql); $execSQL->execute(array()); $rows = $execSQL->fetchAll(PDO::FETCH_ASSOC); return $rows; } public function listUsers(){ $oPDOLink = ClassConfig::databaseConnect(); $sql=" SELECT co.name AS country, co.code AS country_code, cu.name AS currency, cu.code AS currency_code, cu.symbol AS currency_symbol, uu.* FROM user_user uu LEFT JOIN core_country co ON uu.core_country_id=co.id LEFT JOIN core_currency cu ON uu.core_currency_id=cu.id "; //$sql=" //SELECT cu.* //FROM user_user cu // INNER JOIN workflow_item wf // ON cu.id=wf.model_id //WHERE wf.model='user' // AND wf.wf_state_id=(SELECT id FROM workflow_state WHERE code='valid' AND wf_id=(SELECT id FROM workflow_workflow WHERE name='partner') LIMIT 1); //"; $execSQL = $oPDOLink->prepare($sql); $execSQL->execute(array()); $rows = $execSQL->fetchAll(PDO::FETCH_ASSOC); return $rows; } public function validUser($user_id, $valider_id){ $this->_userId = $user_id; $this->_validerId = $valider_id; $oPDOLink = ClassConfig::databaseConnect(); $sql=" UPDATE user_user SET is_active=TRUE WHERE id=:user_id; "; $execSQL = $oPDOLink->prepare($sql); if($execSQL->execute(array(':user_id'=>$this->_userId))){ $this->_setFeaturesToUser($this->_userId); ClassWorkflow::changeStatus('partner', 'draft_to_valid', 'user', $this->_userId, $this->_validerId); return true; } else { return false; } } public function getUser($user_id){ $this->_userId = $user_id; $oPDOLink = ClassConfig::databaseConnect(); $sql=" SELECT * FROM user_user WHERE id=:user_id; "; $execSQL = $oPDOLink->prepare($sql); $execSQL->execute(array(':user_id'=>$this->_userId)); $row = $execSQL->fetch(PDO::FETCH_ASSOC); return $row; } public function getUserForAdmin($user_id){ $this->_userId = $user_id; $oPDOLink = ClassConfig::databaseConnect(); $sql=" SELECT uu.*, (SELECT code FROM marketing_channel mc WHERE mc.id=ud.marketing_channel_id) AS channel, ud.marketing_channel_precision AS channel_precision, cl.name AS language, cc.name AS country FROM user_user uu INNER JOIN user_detail ud ON uu.id=ud.user_id INNER JOIN core_lang cl ON uu.core_lang_id=cl.id INNER JOIN core_country cc ON uu.core_country_id=cc.id WHERE uu.id=:user_id; "; $execSQL = $oPDOLink->prepare($sql); $execSQL->execute(array(':user_id'=>$this->_userId)); $row = $execSQL->fetch(PDO::FETCH_ASSOC); return $row; } public function getUsersChangementsRequests(){ $oPDOLink = ClassConfig::databaseConnect(); $sql=" SELECT cut.*, cu.name AS user_user_name FROM user_user_temp cut INNER JOIN user_user cu ON cu.id=cut.user_id; "; $execSQL = $oPDOLink->prepare($sql); $execSQL->execute(array()); $rows = $execSQL->fetchAll(PDO::FETCH_ASSOC); return $rows; } public function getUserChangementRequest($user_temp_id){ $this->_userTempId = $user_temp_id; $oPDOLink = ClassConfig::databaseConnect(); $sql=" SELECT * FROM user_user_temp WHERE id=:user_temp_id; "; $execSQL = $oPDOLink->prepare($sql); $execSQL->execute(array(':user_temp_id'=>$this->_userTempId)); $row = $execSQL->fetch(PDO::FETCH_ASSOC); return $row; } public function validUserChangementRequest($user_temp_id){ $this->_userTempId = $user_temp_id; $oPDOLink = ClassConfig::databaseConnect(); $preparation = array(); $message = array(); $firstSetInserted = false; $user_temp_row = ClassUser::getUserChangementRequest($this->_userTempId); $preparation[':user_id'] = $user_temp_row['user_id']; $sql = " UPDATE user_user SET "; foreach($user_temp_row as $data=>$value){ if(!in_array($data, array('id','create_date','code','user_id')) && $value != NULL){ if($firstSetInserted){ $sql .= ','.$data.'=:'.$data; } else{ $sql .= $data.'=:'.$data; $firstSetInserted = true; } $preparation[':'.$data] = $value; } } $sql .= ' WHERE id=:user_id;'; $sql2 = " DELETE FROM user_user_temp WHERE id=:user_temp_id; "; $execSQL = $oPDOLink->prepare($sql); $execSQL2 = $oPDOLink->prepare($sql2); if($execSQL->execute($preparation) && $execSQL2->execute(array(':user_temp_id'=>$this->_userTempId))){ $message['state'] = 'success'; } else{ $message['state'] = 'failed'; } $message['user_id'] = $user_temp_row['user_id']; return $message; } public function listUsersOfPartnerByPartnerId($partner_id){ $this->_partnerId = $partner_id; $oPDOLink = ClassConfig::databaseConnect(); $sql = " SELECT cu.*, lang.name AS lang_name, theme.name AS theme_name FROM user_user cu INNER JOIN corepartner_useruser_rel cpur ON cpur.user_id=cu.id INNER JOIN core_lang lang ON lang.id=cu.core_lang_id INNER JOIN core_theme theme ON theme.id=cu.core_theme_id WHERE cpur.core_partner_id=:partner_id; "; $execSQL = $oPDOLink->prepare($sql); $execSQL->execute(array(':partner_id'=>$this->_partnerId)); $rows = $execSQL->fetchAll(PDO::FETCH_ASSOC); return $rows; } public function addChangePasswordRequest($user_login){ $this->_userLogin = $user_login; $code = microtime(true); $oTrans = new ClassTranslation(); $message = array(); $oPDOLink = ClassConfig::databaseConnect(); $sql = " INSERT INTO user_user_change_password_request(code, user_id) VALUES( :code, (SELECT id FROM user_user WHERE login=:user_login LIMIT 1) ); "; $execSQL = $oPDOLink->prepare($sql); if($execSQL->execute(array( ':user_login'=>$this->_userLogin, ':code'=>$code ))){ $message['state'] = 'success'; $message['code'] = $code; } else{ $message['state'] = 'failed'; } return $message; } public function changeNotificationMail($user_id, $active_notification){ $this->_userId = $user_id; $this->_activeNotification = $active_notification; $oPDOLink = ClassConfig::databaseConnect(); $sql = " UPDATE user_user SET is_accept_email=:active_notification WHERE id=:user_id; "; $execSQL = $oPDOLink->prepare($sql); if($execSQL->execute(array( ':user_id'=>$this->_userId, ':active_notification'=>($this->_activeNotification?1:0) ))){ $message['state'] = 'success'; } else{ $message['state'] = 'failed'; } return $message; } public function getFullProfile($user_id){ $this->_userId = $user_id; $oPDOLink = ClassConfig::databaseConnect(); $sql = " SELECT cus.id, cus.firstname, cus.lastname, cus.phone, cus.core_country_id, cus.core_currency_id, cus.comment, cus.city, cus.postcode, lang.id AS core_lang_id, lang.code AS lang_code, lang.name AS lang_name, cco.id AS country_id, cco.code AS country_code, cco.name AS country_name, ccu.id AS currency_id, ccu.name AS currency_name, ccu.symbol AS currency_symbol FROM user_user cus INNER JOIN user_detail usd ON cus.id=usd.user_id INNER JOIN core_lang lang ON cus.core_lang_id=lang.id INNER JOIN core_country cco ON cus.core_country_id=cco.id INNER JOIN core_currency ccu ON cus.core_currency_id=ccu.id WHERE cus.id=:user_id; "; $execSQL = $oPDOLink->prepare($sql); $row = $execSQL->execute(array( ':user_id'=>$this->_userId, )); $row = $execSQL->fetch(PDO::FETCH_ASSOC); return $row; } public function updatePersonalData($user_id, $data){ $this->_userId = $user_id; $this->_data = $data; $oPDOLink = ClassConfig::databaseConnect(); $sql=" UPDATE user_user SET firstname=:firstname, lastname=:lastname, phone=:phone, core_lang_id=:lang_id, city=:city, postcode=:postcode, core_country_id=:country_id WHERE id=:user_id; "; //core_currency_id=:currency_id $execSQL = $oPDOLink->prepare($sql); if($execSQL->execute(array( ':firstname'=>$this->_data['firstname'], ':lastname'=>$this->_data['lastname'], ':phone'=>$this->_data['phone'], ':lang_id'=>$this->_data['lang'], ':country_id'=>$this->_data['country'], ':city'=>$this->_data['city'], ':postcode'=>$this->_data['postcode'], //':currency_id'=>$this->_data['currency'], ':user_id'=>$this->_userId ))){ $res['state'] = 'success'; $res['css_class'] = 'success-message'; $res['translation_code'] = 'message_successUpdatePersonalData'; } else{ $res['state'] = 'failed'; $res['css_class'] = 'failed-message'; $res['translation_code'] = 'message_failedUpdatePersonalData'; } return $res; } public function updateDetails($user_id, $data){ $this->_userId = $user_id; $this->_data = $data; $oPDOLink = ClassConfig::databaseConnect(); $sql=" UPDATE user_detail SET max_distance=:max_distance WHERE user_id=:user_id; "; $execSQL = $oPDOLink->prepare($sql); if($execSQL->execute(array( ':max_distance'=>$this->_data['max_distance'], ':user_id'=>$this->_userId ))){ $res['state'] = 'success'; $res['css_class'] = 'success-message'; $res['translation_code'] = 'message_successUpdatePersonalDetail'; } else{ $res['state'] = 'failed'; $res['css_class'] = 'failed-message'; $res['translation_code'] = 'message_failedUpdatePersonalDetail'; } return $res; } }