noalyss Version-9
noalyss_user.class.php
Go to the documentation of this file.
1<?php
2
3/*
4 * This file is part of NOALYSS.
5 *
6 * NOALYSS is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
10 *
11 * NOALYSS is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License
17 * along with NOALYSS; if not, write to the Free Software
18 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
19 */
20// Copyright Author Dany De Bontridder danydb@aevalys.eu
21/**
22 * @file
23 * @brief Data & function about connected users
24 */
25/**
26 * @brief Data & function about connected users
27 *
28 */
29require_once NOALYSS_INCLUDE.'/constant.php';
30require_once NOALYSS_INCLUDE.'/lib/user_common.php';
31require_once NOALYSS_INCLUDE.'/lib/ac_common.php';
32
33class Noalyss_User
34{
35
36 var $id; //!< in account_repository , ac_users.use_id
37
38 var $db; //!< database connx to the folder NOT repository
39 var $admin; //!< is or is not admin
40 var $valid; //!< is or is not valid
41 var $first_name;
42 var $last_name ; //!< user's last_name
43 var $name;
44 var $active; //!< 1 active , 0 disables
45 var $login; //!< login lower case
46 var $password; //!< md5 of the password
47 var $email; //!< user's email
48 var $access_mode; //!< MOBILE or PC depending if when connecting $login contains @mobile
49 var $lang ; //!< user's language
50 var $theme ; //!< user's CSS Theme
51
52 function __construct($p_cn, $p_id=-1)
53 {
54 $this->db=$p_cn;
55 // if p_id is not set then check the connected user
56 if ($p_id==-1)
57 {
58 $this->connect_user();
59 $this->set_session_var();
60 }
61 else // if p_id is set get data of another user
62 {
63 $this->id=$p_id;
64 $this->load();
65 }
66 }
67
68 /**
69 * @brief put user_login into Postgres config (session), it can be used for tracking users activities
70 * @return void
71 */
72 public function set_session_var()
73 {
74 $this->db->exec_sql(sprintf("select set_config('noalyss.user_login','%s',false)",
75 Database::escape_string($_SESSION[SESSION_KEY.'g_user'])));
76
77 }
78 public function __toString(): string
79 {
80 return "User ".print_r($this,true);
81 }
82 /**
83 * @brief check the password and user
84 */
85 function can_connect()
86 {
87 $cn=new \Database();
88 $can_connect=$cn->get_value("select count(*) from ac_users
89 where use_active=1 and
90 use_login=$1 and use_pass=$2",
91 [$this->login,$this->password]);
92 return $can_connect;
93 }
94 /**
95 * @brief connect the user and set the $_SESSION variables if not set thanks the $_REQUEST
96 */
97 private function connect_user()
98 {
99 if (!isset($_SESSION[SESSION_KEY.'g_user']))
100 {
101 $http=new \HttpInput();
102 $user_login=$http->request("p_user", "string", "");
103 $user_password=$http->request("p_pass", "string", "");
104
105 if ($user_login!=""&&$user_password!="")
106 {
107 $_SESSION[SESSION_KEY."g_user"]=$user_login;
108 $_SESSION[SESSION_KEY."g_pass"]=md5($user_password);
109 }
110 else
111 {
112 echo '<h2 class="error">'._('Session expirée<br>Utilisateur déconnecté').'</h2>';
113 redirect('index.php', 1);
114 exit();
115 }
116
117
118 if (strpos($user_login, '@mobile')!=false)
119 {
120 $this->access_mode='MOBILE';
121 $this->login=str_ireplace("@mobile", "", $user_login);
122 }
123 else
124 {
125 $this->access_mode='PC';
126 $this->login=strtolower($user_login);
127 }
128
129 $_SESSION[SESSION_KEY."access_mode"]=$this->access_mode;
130 $_SESSION[SESSION_KEY.'g_user']=$this->login;
131 }
132 $this->login=$_SESSION[SESSION_KEY."g_user"];
133 $this->password=$_SESSION[SESSION_KEY.'g_pass'];
134
135 $this->id=-1;
136 $this->lang=(isset($_SESSION[SESSION_KEY.'g_lang']))?$_SESSION[SESSION_KEY.'g_lang']:'fr_FR.utf8';
137 $this->access_mode=$_SESSION[SESSION_KEY."access_mode"];
138 $cn=new Database();
139
140 // share user login with the repository
141 $cn->exec_sql(sprintf("select set_config('noalyss.user_login','%s',false)",
142 Database::escape_string($_SESSION[SESSION_KEY.'g_user'])));
143
144 if ($this->can_connect() == 0 || $this->load()==-1 )
145 {
146 echo '<h2 class="error">'._('Utilisateur ou mot de passe incorrect').'</h2>';
147 $sql="insert into audit_connect (ac_user,ac_ip,ac_module,ac_url,ac_state) values ($1,$2,$3,$4,$5)";
148 $cn->exec_sql($sql,
149 array($_SESSION[SESSION_KEY.'g_user'], $_SERVER["REMOTE_ADDR"], "DISCON",
150 $_SERVER['REQUEST_URI'], 'FAIL'));
151 $this->clean_session();
152 redirect('logout.php', 1);
153 exit();
154 }
155
156 $this->load_global_pref();
157
158 $_SESSION[SESSION_KEY.'g_lang']=$this->lang;
159 $this->valid=(isset($_SESSION[SESSION_KEY.'isValid']))?1:0;
160 if (isset($_SESSION[SESSION_KEY.'g_theme']))
161 {
162 $this->theme=$_SESSION[SESSION_KEY.'g_theme'];
163 }
164 $_SESSION[SESSION_KEY.'use_admin']=$this->admin;
165 $_SESSION[SESSION_KEY.'use_name']=$this->name;
166 $_SESSION[SESSION_KEY.'use_first_name']=$this->first_name;
167 }
168
169 /**
170 * @brief access_mode tells what mode must be used : pc or mobile
171 */
172 public function get_access_mode()
173 {
174 return $this->access_mode;
175 }
176
177 /**
178 * @brief access_mode tells what mode must be used : pc or mobile
179 */
180 public function set_access_mode($access_mode): object
181 {
182 $this->access_mode=$access_mode;
183 return $this;
184 }
185
186 /**
187 * @return int|mixed
188 */
189 public function getId(): int
190 {
191 return $this->id;
192 }
193
194 /**
195 * @param int|mixed $id
196 */
197 public function setId(int $id): void
198 {
199 $this->id=$id;
200 }
201
202 /**
203 * @return mixed
204 */
205 public function getDb()
206 {
207 return $this->db;
208 }
209
210 /**
211 * @param mixed $db
212 */
213 public function setDb($db): void
214 {
215 $this->db=$db;
216 }
217
218 /**
219 * @return default|int|mixed|string|string[]|null
220 */
221 public function getAdmin()
222 {
223 return $this->admin;
224 }
225
226 /**
227 * @param default|int|mixed|string|string[]|null $admin
228 */
229 public function setAdmin($admin): void
230 {
231 $this->admin=$admin;
232 }
233
234 /**
235 * @return int
236 */
237 public function getValid(): int
238 {
239 return $this->valid;
240 }
241
242 /**
243 * @param int $valid
244 */
245 public function setValid(int $valid): void
246 {
247 $this->valid=$valid;
248 }
249
250 /**
251 * @return default|mixed|string|string[]|null
252 */
253 public function getFirstName()
254 {
255 return $this->first_name;
256 }
257
258 /**
259 * @param default|mixed|string|string[]|null $first_name
260 */
261 public function setFirstName($first_name): void
262 {
263 $this->first_name=$first_name;
264 }
265
266 /**
267 * @return default|mixed|string|string[]|null
268 */
269 public function getName()
270 {
271 return $this->name;
272 }
273
274 /**
275 * @param default|mixed|string|string[]|null $name
276 */
277 public function setName($name): void
278 {
279 $this->name=$name;
280 }
281
282 /**
283 * @return mixed
284 */
285 public function getActive()
286 {
287 return $this->active;
288 }
289
290 /**
291 * @param mixed $active
292 */
293 public function setActive($active): void
294 {
295 $this->active=$active;
296 }
297
298 /**
299 * @return string
300 */
301 public function getLogin(): string
302 {
303 return $this->login;
304 }
305
306 /**
307 * @param string $login
308 */
309 public function setLogin(string $login): void
310 {
311 $this->login=$login;
312 }
313
314 /**
315 * @return mixed
316 */
317 public function getPassword()
318 {
319 return $this->password;
320 }
321
322 /**
323 * @param mixed $password
324 */
325 public function setPassword($password): void
326 {
327 $this->password=$password;
328 }
329
330 /**
331 * @return mixed
332 */
333 public function getEmail()
334 {
335 return $this->email;
336 }
337
338 /**
339 * @param mixed $email
340 */
341 public function setEmail($email): void
342 {
343 $this->email=$email;
344 }
345
346 /* * \brief load data from database.
347 * if this->id == -1, it is unknown so we have to retrieve it
348 from the database by the login
349 * return -1 if nothing is found or the use_id
350 */
351
352 function load():int
353 {
354 /* if this->id == -1, it is unknown so we have to retrieve it from
355 the database thanks it login */
356 if ($this->id<0)
357 {
358 $sql_cond=" where lower(use_login)=lower($1)";
359 $sql_array=array($this->login);
360 }
361 else
362 {
363 $sql_cond=" where use_id=$1";
364 $sql_array=array($this->id);
365 }
366 $sql="select use_id,
367 use_first_name,
368 use_name,
369 use_login,
370 use_active,
371 use_admin,
372 use_pass,
373 use_email
374 from ac_users ";
375 $cn=new Database();
376 $Res=$cn->exec_sql($sql.$sql_cond, $sql_array);
377 if (($Max=Database::num_row($Res))==0)
378 return -1;
379 $row=Database::fetch_array($Res, 0);
380 $this->id=$row['use_id'];
381 $this->first_name=$row['use_first_name'];
382 $this->last_name=$row['use_name'];
383 $this->name=$row['use_name'];
384 $this->active=$row['use_active'];
385 $this->login=strtolower($row['use_login']);
386 $this->admin=$row['use_admin'];
387 $this->password=$row['use_pass'];
388 $this->email=$row['use_email'];
389 return $this->id;
390 }
391
392 function save()
393 {
394
395 $Sql="update ac_users set use_first_name=$1, use_name=$2
396 ,use_active=$3,use_admin=$4,use_pass=$5 ,use_email = $7 where use_id=$6";
397 $cn=new Database();
398 $Res=$cn->exec_sql($Sql,
399 array($this->first_name, $this->last_name, $this->active, $this->admin, $this->password,
400 $this->id, $this->email));
401 }
402
403 function insert()
404 {
405
406 $Sql="INSERT INTO ac_users(
407 use_first_name, use_name, use_login, use_active,
408 use_admin, use_pass, use_email)
409 VALUES ($1, $2, $3, $4, $5, $6, $7) returning use_id";
410
411 $cn=new Database();
412 $this->id=$cn->get_value($Sql,
413 array($this->first_name, $this->last_name, $this->login, 1, $this->admin,
414 $this->password, $this->email));
415 }
416
417 /**
418 * \brief Check if user is active and exists in therepository
419 * Automatically redirect, it doesn't check if a user can access a folder
420 * \param $silent false, echo an error message and exit, true : exit without warning
421 * default is false
422 *
423 ++ */
424 function Check($silent=false, $from='')
425 {
426
427 $res=0;
428 $pass5=$this->password;
429
430 $cn=new Database();
431 $sql="select ac_users.use_login,ac_users.use_active, ac_users.use_pass,
432 use_admin,use_first_name,use_name
433 from ac_users
434 where ac_users.use_id=$1
435 and ac_users.use_active=1
436 and ac_users.use_pass=$2";
437 $ret=$cn->exec_sql($sql, array($this->id, $pass5));
438 $res=Database::num_row($ret);
439 if ($res>0)
440 {
441 $r=Database::fetch_array($ret, 0);
442 $_SESSION[SESSION_KEY.'use_admin']=$r['use_admin'];
443 $_SESSION[SESSION_KEY.'use_name']=$r['use_name'];
444 $_SESSION[SESSION_KEY.'use_first_name']=$r['use_first_name'];
445 $_SESSION[SESSION_KEY.'isValid']=1;
446
447 $this->admin=$_SESSION[SESSION_KEY.'use_admin'];
448 $this->name=$_SESSION[SESSION_KEY.'use_name'];
449 $this->first_name=$_SESSION[SESSION_KEY.'use_first_name'];
450 $this->load_global_pref();
451 }
452 $sql="insert into audit_connect (ac_user,ac_ip,ac_module,ac_url,ac_state) values ($1,$2,$3,$4,$5)";
453
454 if ($res==0 || $this->can_connect() == 0)
455 {
456 $cn->exec_sql($sql,
457 array($_SESSION[SESSION_KEY.'g_user'], $_SERVER["REMOTE_ADDR"],
458 $from, $_SERVER['REQUEST_URI'], 'FAIL'));
459 if (!$silent)
460 {
461 echo '<script> alert(\''._('Utilisateur ou mot de passe incorrect').'\')</script>';
462 redirect('index.html');
463 }
464 $this->valid=0;
465 session_unset();
466 exit-1;
467 }
468 else
469 {
470 if ($from=='LOGIN' || $from=='PORTAL')
471 {
472 $cn->exec_sql($sql,
473 array($_SESSION[SESSION_KEY.'g_user'], $_SERVER["REMOTE_ADDR"], $from,
474 $_SERVER['REQUEST_URI'], 'SUCCESS'));
475 }
476 $this->valid=1;
477 }
478
479 return $ret;
480 }
481
482 /**
483 * \brief return the access to a folder,
484 * \param $p_dossier id if it is == 0 then we take the value from $_SESSION
485 * \return the priv_priv
486 * - X no access
487 * - R has access (normal user)
488
489 *
490 */
491 function get_folder_access($p_dossier=0)
492 {
493
494 if ($p_dossier==0)
495 $p_dossier=dossier::id();
496 if ($this->admin==1)
497 return 'R';
498 $cn=new Database();
499
500 $sql="select 'R' from jnt_use_dos where use_id=$1 and dos_id=$2";
501
502 $res=$cn->get_value($sql, array($this->id, $p_dossier));
503
504 if ($cn->get_affected()==0)
505 return 'X';
506 return $res;
507 }
508
509 /**
510 * \brief save the access of a folder
511 * \param $db_id the dossier id
512 * \param $priv boolean, true then it is granted, false it is removed
513 */
514 function set_folder_access($db_id, $priv)
515 {
516
517 $cn=new Database();
518 if ($priv)
519 {
520 // the access is granted
521 $jnt=$cn->get_value("select jnt_id from jnt_use_dos where dos_id=$1 and use_id=$2", array($db_id, $this->id));
522
523 if ($cn->size()==0)
524 {
525
526 $Res=$cn->exec_sql("insert into jnt_use_dos(dos_id,use_id) values($1,$2)", array($db_id, $this->id));
527 }
528 }
529 else
530 {
531 // Access is revoked
532 $cn->exec_sql('delete from jnt_use_dos where use_id = $1 and dos_id = $2 ', array($this->id, $db_id));
533 }
534 }
535
536 /**
537 * \brief check that a user is valid and the access to the folder
538 * \param $p_ledger the ledger to check
539 * \return the priv_priv
540 * - O only predefined operation
541 * - W write
542 * - R read only
543 * - X no access
544 *
545
546 *
547 */
548 function get_ledger_access($p_ledger)
549 {
550 if ($this->admin==1||
551 $this->is_local_admin(dossier::id())==1||$this->get_status_security_ledger()==0)
552 return 'W';
553
554 $sql="select uj_priv from user_sec_jrn where uj_login=$1 and uj_jrn_id=$2";
555 $res=$this->db->get_value($sql, array($this->login, $p_ledger));
556
557 if ($res=='')
558 $res='X';
559 return $res;
560 }
561
562 /**
563 * \brief get all the available ledgers for the current user
564 * \param $p_type = ALL or the type of the ledger (ACH,VEN,FIN,ODS)
565 * \param $p_access =3 for Read or WRITE, 2 write, 1 for readonly
566 * \param (boolean) $all if true show also inactive
567 * \return a double array of available ledgers
568 @verbatim
569 [0] => [jrn_def_id]
570 [jrn_def_type]
571 [jrn_def_name]
572 [jrn_def_class_deb]
573 [jrn_def_class_cred]
574 [jrn_type_id]
575 [jrn_desc]
576 [uj_priv]
577 @endverbatim
578 */
579 function get_ledger($p_type='ALL', $p_access=3, $disable=TRUE)
580 {
581 $p_type=strtoupper($p_type);
582 if (!in_array($p_type, ["FIN", "ALL", "ODS", "VEN", 'ACH']))
583 {
584 record_log(sprintf("UGL1, p_type %s", $p_type));
585 throw new Exception("UGL1"._("Type incorrecte"));
586 }
587 if ($disable==TRUE)
588 {
589 $sql_enable="";
590 }
591 else
592 {
593 $sql_enable="and jrn_enable=1";
594 }
595 if ($this->admin!=1&&$this->is_local_admin()!=1&&$this->get_status_security_ledger()==1)
596 {
597 $sql_type=($p_type=='ALL')?'':"and jrn_def_type=upper('".sql_string($p_type)."')";
598 switch ($p_access)
599 {
600 case 3:
601 $sql_access=" and uj_priv!= 'X' ";
602 break;
603 case 2:
604 $sql_access=" and uj_priv = 'W' and jrn_enable=1 ";
605 break;
606
607 case 1:
608 $sql_access=" and ( uj_priv = 'R' or uj_priv='W') ";
609 break;
610 }
611
612 $sql="select jrn_def_id,jrn_def_type,
613 jrn_def_name,jrn_def_class_deb,jrn_def_class_cred,jrn_type_id,jrn_desc,uj_priv,
614 jrn_deb_max_line,jrn_cred_max_line,jrn_def_description,jrn_enable
615 from jrn_def join jrn_type on jrn_def_type=jrn_type_id
616 join user_sec_jrn on uj_jrn_id=jrn_def_id
617 where
618 uj_login='".$this->login."'".
619 $sql_type.$sql_access.$sql_enable.
620 " order by jrn_Def_name";
621 }
622 else
623 {
624 $sql_type=($p_type=='ALL')?' '.$sql_enable:"where jrn_def_type=upper('".sql_string($p_type)."') ".$sql_enable;
625 $sql="select jrn_def_id,jrn_def_type,jrn_def_name,jrn_def_class_deb,jrn_def_class_cred,jrn_deb_max_line,jrn_cred_max_line,
626 jrn_type_id,jrn_desc,'W' as uj_priv,jrn_def_description,jrn_enable
627 from jrn_def join jrn_type on jrn_def_type=jrn_type_id
628 $sql_type
629 order by jrn_Def_name";
630 }
631 $res=$this->db->exec_sql($sql);
632 if (Database::num_row($res)==0)
633 return null;
634 $array=Database::fetch_all($res);
635 return $array;
636 }
637
638 /**
639 * \brief return an sql condition for filtering the permitted ledger
640 * \param $p_type = ALL or the type of the ledger (ACH,VEN,FIN,ODS)
641 * \param $p_access =3 for READ or WRITE, 2 READ and write, 1 for readonly
642 *
643 * \return sql condition like = jrn_def_id in (...)
644 */
645 function get_ledger_sql($p_type='ALL', $p_access=3)
646 {
647 $aLedger=$this->get_ledger($p_type, $p_access);
648 if (empty($aLedger))
649 return ' jrn_def_id < 0 ';
650 $sql=" jrn_def_id in (";
651 foreach ($aLedger as $row)
652 {
653 $sql.=$row['jrn_def_id'].',';
654 }
655 $sql.='-1)';
656 return $sql;
657 }
658
659 /**
660 * synomym for isAdmin,
661 * @deprecated
662 */
663 function Admin():int
664 {
665 return $this->isAdmin();
666 }
667
668 /**
669 * @brief Check if an user is an admin and check also his password
670 *
671 * @return 1 for yes 0 for no
672 */
673 function isAdmin():int
674 {
675 $this->admin=0;
676 $pass5=$this->password;
677 $sql="select count(*) from ac_users where use_login=$1
678 and use_active=1 and use_admin=1 and use_pass=$2 ";
679
680 $cn=new Database();
681 $this->admin=$cn->get_value($sql, array($this->login,$pass5));
682 return $this->admin;
683 }
684
685 /**
686 * \brief Set the selected periode in the user's preferences
687 *
688 * \param $p_periode periode
689 * \param - $p_user
690 *
691 */
692 function set_periode($p_periode)
693 {
694 $sql="update user_local_pref set parameter_value=$1 where user_id=$2 and parameter_type='PERIODE'";
695 $Res=$this->db->exec_sql($sql, [$p_periode, $this->id]);
696 }
697
698 private function set_default_periode()
699 {
700
701 /* get the first periode */
702 $sql='select min(p_id) as pid '
703 .' from parm_periode '
704 .' where p_closed = false and p_start = (select min(p_start) from parm_periode)';
705 $Res=$this->db->exec_sql($sql);
706
707 $pid=Database::fetch_result($Res, 0, 0);
708 /* if all the periode are closed, then we use the last closed period */
709 if ($pid==null)
710 {
711 $sql='select min(p_id) as pid '
712 .'from parm_periode '
713 .'where p_start = (select max(p_start) from parm_periode)';
714 $Res2=$this->db->exec_sql($sql);
715 $pid=Database::fetch_result($Res2, 0, 0);
716 if ($pid==null)
717 {
718 throw new Exception(_("Aucune période trouvéee !!!"));
719 }
720
721 $pid=Database::fetch_result($Res2, 0, 0);
722 }
723
724 $sql=sprintf("insert into user_local_pref (user_id,parameter_value,parameter_type)
725 values ('%s','%d','PERIODE')", $this->id, $pid);
726 $Res=$this->db->exec_sql($sql);
727 }
728
729 /**
730 * \brief Get the default periode from the user's preferences
731 *
732 * \return the default periode
733 *
734 *
735 */
736 function get_periode()
737 {
738
739 $array=$this->get_preference();
740 if (!isset($array['PERIODE']))
741 {
742 $this->set_default_periode();
743 $array=$this->get_preference();
744 }
745 return $array['PERIODE'];
746 }
747
748 /**
749 *
750 * \brief return the mini rapport to display on the welcome page
751 * \return 0 if nothing if found or the report to display (form_definition.fr_id)
752 */
753 function get_mini_report()
754 {
755 $array=$this->get_preference();
756 $fr_id=(isset($array['MINIREPORT']))?$array['MINIREPORT']:0;
757 return $fr_id;
758 }
759
760 /**
761 * \brief set the mini rapport to display on the welcome page
762 */
763 function set_mini_report($p_id)
764 {
765 $count=$this->db->get_value("select count(*) from user_local_pref where user_id=$1 and parameter_type=$2",
766 array($this->id, 'MINIREPORT'));
767 if ($count==1)
768 {
769 $sql="update user_local_pref set parameter_value=$1 where user_id=$2 and parameter_type='MINIREPORT'";
770 $Res=$this->db->exec_sql($sql, array($p_id, $this->id));
771 }
772 else
773 {
774 $sql="insert into user_local_pref (user_id,parameter_type,parameter_value)".
775 "values($1,'MINIREPORT',$2)";
776 $Res=$this->db->exec_sql($sql, array($this->id, $p_id));
777 }
778 }
779
780 /**
781 * Save the preference , the scope is global, the settings are saved
782 * into account_repository
783 * @param $key THEME, LANG , PAGESIZE
784 * @param $value value of the key
785 */
786 function save_global_preference($key, $value)
787 {
788 $repo=new Database();
789 $count=$repo->get_value("select count(*)
790 from
791 user_global_pref
792 where
793 parameter_type=$1 and user_id=$2", array($key, $this->login));
794 if ($count==1)
795 {
796 $repo->exec_sql("update user_global_pref set parameter_value=$1
797 where parameter_type=$2 and user_id=$3", array($value, $key, $this->login));
798 }
799 elseif ($count==0)
800 {
801 $repo->exec_sql("insert into user_global_pref(user_id,parameter_type,parameter_value)
802 values($1,$2,$3)", array($this->login, $key, $value));
803 }
804 }
805
806 /**
807 * \brief Get the default user's preferences
808 * \return array of (parameter_type => parameter_value)
809 */
810 function get_preference()
811 {
812 $sql="select parameter_type,parameter_value from user_local_pref where user_id=$1";
813 $Res=$this->db->exec_sql($sql, array($this->id));
814 $l_array=array();
815 for ($i=0; $i<Database::num_row($Res); $i++)
816 {
817 $row=Database::fetch_array($Res, $i);
818 $type=$row['parameter_type'];
819 $l_array[$type]=$row['parameter_value'];
820 }
821 $repo=new Database();
822 $a_global_pref=$repo->get_array("select parameter_type,parameter_value from user_global_pref
823 where
824 upper(user_id) = upper($1)", [$this->login]);
825 $nb_global=count($a_global_pref);
826 for ($i=0; $i<$nb_global; $i++)
827 {
828 $idx=$a_global_pref[$i]['parameter_type'];
829 $value=$a_global_pref[$i]['parameter_value'];
830 $l_array[$idx]=$value;
831 }
832
833 return $l_array;
834 }
835 /**
836 * @brief Check if an user can access a module, return 1 if yes, otherwise 0
837 * record in audit log
838 * This function works only if user is connected to a Folder
839 * @param string $p_module menu_ref.me_code
840 * @returns 0 for FORBIDDEN, 1 for GRANTED
841 */
842 function check_module($p_module)
843 {
844 if ( $this->access_mode == "PC") {
845
846 $acc=$this->db->get_value("select count(*) from v_all_menu where p_id = $1
847 and me_code=$2", array($this->get_profile(), $p_module));
848 } elseif ($this->access_mode=="MOBILE") {
849 $acc=$this->db->get_value("select count(*) from profile_mobile where p_id=$1 and me_code=$2",
850 array($this->get_profile(), $p_module));
851 } else {
852 throw new Exception("USER:823:ACCESS_MODE INCONNU");
853 }
854 if ($acc==0)
855 {
856 $this->audit("FAIL", $p_module);
857 return 0;
858 }
859 $this->audit("SUCCESS", $p_module);
860 return 1;
861 }
862
863 /**
864 * \brief Check if an user is allowed to do an action
865 * \param p_action_id
866 * \return
867 * - 0 no priv
868 * - 1 priv granted
869 * @see constant.security.php
870 */
871 function check_action($p_action_id)
872 {
873 /* save it into the log */
874 global $audit;
875 if ($this->Admin()==1)
876 return 1;
877 if ($this->is_local_admin(dossier::id())==1)
878 return 1;
879 if ($this->get_status_security_action()==0)
880 return 1;
881 $Res=$this->db->exec_sql(
882 "select * from user_sec_act where ua_login=$1 and ua_act_id=$2", array($this->login, $p_action_id));
883 $Count=Database::num_row($Res);
884 if ($Count==0)
885 {
886 if (isset($audit)&&$audit==true)
887 {
888 $cn=new Database();
889 $sql="insert into audit_connect (ac_user,ac_ip,ac_module,ac_url,ac_state) values ($1,$2,$3,$4,$5)";
890 $cn->exec_sql($sql,
891 array($_SESSION[SESSION_KEY.'g_user'], $_SERVER["REMOTE_ADDR"], $p_action_id, $_SERVER['REQUEST_URI'],
892 'FAIL'));
893 }
894 return 0;
895 }
896 if ($Count==1)
897 return 1;
898 echo_error(_("Action invalide"));
899 record_log("User:check_action".sprintf("login %s ua_act_id %s", $this->login, $p_action_id));
900 exit();
901 }
902
903 /**
904 * \brief Get the global preferences from user_global_pref
905 * in the account_repository db
906 *
907 * \note set $SESSION[g_variable]
908 */
909 function load_global_pref()
910 {
911 $cn=new Database();
912 // Load everything in an array
913 $Res=$cn->exec_sql("select parameter_type,parameter_value from
914 user_global_pref
915 where user_id=$1", [$this->login]);
916 $Max=Database::num_row($Res);
917 if ($Max==0)
918 {
919 $this->insert_default_global_pref();
920 $this->load_global_pref();
921 return;
922 }
923 // Load value into array
924 $line=array();
925 for ($i=0; $i<$Max; $i++)
926 {
927 $row=Database::fetch_array($Res, $i);
928 $type=$row['parameter_type'];
929 $line[$type]=$row['parameter_value'];
930 }
931 // save array into g_ variable
932 $array_pref=array('g_theme'=>'THEME',
933 'g_pagesize'=>'PAGESIZE',
934 'g_topmenu'=>'TOPMENU',
935 'g_lang'=>'LANG',
936 'csv_fieldsep'=>'csv_fieldsep',
937 'csv_decimal'=>'csv_decimal',
938 'csv_encoding'=>'csv_encoding',
939 'first_week_day'=>'first_week_day');
940
941 foreach ($array_pref as $name=> $parameter)
942 {
943 if (!isset($line[$parameter]))
944 {
945 $this->insert_default_global_pref($parameter);
946 $this->load_global_pref();
947 return;
948 }
949 $_SESSION[SESSION_KEY.$name]=$line[$parameter];
950 }
951 }
952
953 /**
954 * \brief insert default pref
955 * if no parameter are given insert all the existing
956 * parameter otherwise only the requested
957 * \param $p_type parameter's type or nothing
958 * \param $p_value parameter value
959 *
960 */
961 function insert_default_global_pref($p_type="", $p_value="")
962 {
963
964 $default_parameter=array("THEME"=>"classic",
965 "PAGESIZE"=>"50",
966 'TOPMENU'=>'TEXT',
967 'LANG'=>'fr_FR.utf8',
968 'csv_fieldsep'=>'0',
969 'csv_decimal'=>'0',
970 'csv_encoding'=>'utf8',
971 'first_week_day'=>1
972 );
973 $cn=new Database();
974 $sql="insert into user_global_pref(user_id,parameter_type,parameter_value)
975 values ($1,$2,$3)";
976 if ($p_type=="")
977 {
978 foreach ($default_parameter as $name=> $value)
979 {
980 $cn->exec_sql($sql, array($this->login, $name, $value));
981 }
982 }
983 else
984 {
985 $value=($p_value=="")?$default_parameter[$p_type]:$p_value;
986 if ( $cn->get_value("select count(*) from user_global_pref where user_id=$1 and parameter_type=$2",
987 array($this->login,$p_type)) == 1)
988 {
989 $cn->exec_sql("update user_global_pref set parameter_value=$1 where user_id=$2 and parameter_type=$3",
990 array($value,$this->login,$p_type));
991 } else {
992 $cn->exec_sql($sql, array($this->login, $p_type, $value));
993 }
994 }
995 }
996
997 /**
998 * \brief update default pref
999 * if value is not given then use the default value
1000 *
1001 * \param $p_type parameter's type
1002 * \param $p_value parameter's value value of the type
1003 */
1004 function update_global_pref($p_type, $p_value="")
1005 {
1006 $default_parameter=array("THEME"=>"classic",
1007 "PAGESIZE"=>"50",
1008 "LANG"=>'fr_FR.utf8',
1009 'TOPMENU'=>'SELECT',
1010 'csv_fieldsep'=>'0',
1011 'csv_decimal'=>'0',
1012 'csv_encoding'=>'utf8',
1013 'first_week_day'=>1
1014 );
1015 $cn=new Database();
1016 $Sql="update user_global_pref set parameter_value=$1
1017 where parameter_type=$2 and
1018 user_id=$3";
1019 $value=($p_value=="")?$default_parameter[$p_type]:$p_value;
1020 $cn->exec_sql($Sql, array($value, $p_type, $this->login));
1021 }
1022
1023//end function
1024 /* * \brief Return the year of current Periode
1025 * it is the parm_periode.p_exercice col
1026 * if an error occurs return 0
1027 */
1028
1029 function get_exercice()
1030 {
1031 $sql="select p_exercice from parm_periode where p_id=$1";
1032 $Ret=$this->db->exec_sql($sql,[$this->get_periode()]);
1033 if (Database::num_row($Ret)==1)
1034 {
1035 $r=Database::fetch_array($Ret, 0);
1036 return $r['p_exercice'];
1037 }
1038 else
1039 return 0;
1040 }
1041
1042 /* * \brief Check if the user can access
1043 * otherwise warn and exit
1044 * \param $p_action requested action
1045 * \param $p_js = 1 javascript, or 0 just a text or 2 to log it silently
1046 * \return nothing the program exits automatically
1047 */
1048
1049 function can_request($p_action, $p_js=0)
1050 {
1051 if ($this->check_action($p_action)==0)
1052 {
1053 $this->audit('FAIL');
1054 if ($p_js==1)
1055 {
1056 echo create_script("alert_box(content[59])");
1057 }
1058 elseif ($p_js==2)
1059 {
1060 record_log(_("Access invalid").$p_action);
1061 }
1062 else
1063 {
1064 echo '<h2 class="error">',
1065 htmlspecialchars(_("Cette action ne vous est pas autorisée Contactez votre responsable")),
1066 '</h2>';
1067 echo '</div>';
1068 }
1069 exit(-1);
1070 }
1071 }
1072
1073 /**
1074 * @brief Check if the user can print (in menu_ref p_type_display=p)
1075 * otherwise warn and exit
1076 * @param $p_action requested action
1077 * @return nothing the program exits automatically
1078 */
1079 function check_print($p_action)
1080 {
1081 global $audit, $cn;
1082 $this->audit('AUDIT', $p_action);
1083 if ($this->Admin()==1)
1084 return 1;
1085
1086 $res=$cn->get_value("select count(*) from profile_menu
1087 join profile_user using (p_id)
1088 where user_name=$1 and me_code=$2 ", array($this->login, $p_action));
1089 return $res;
1090 }
1091
1092 /* * \brief Check if the user can print (in menu_ref p_type_display=p)
1093 * otherwise warn and exit
1094 * \param $p_action requested action
1095 * \return nothing the program exits automatically
1096 */
1097
1098 function can_print($p_action, $p_js=0)
1099 {
1100 if ($this->check_print($p_action)==0)
1101 {
1102 $this->audit('FAIL');
1103 if ($p_js==1)
1104 {
1105 echo create_script("alert_box(content[59])");
1106 }
1107 else
1108 {
1109 echo '<div class="redcontent">';
1110 echo '<h2 class="error">',
1111 htmlspecialchars(_("Cette action ne vous est pas autorisée Contactez votre responsable")),
1112 '</h2>';
1113 echo '</div>';
1114 }
1115 exit(-1);
1116 }
1117 }
1118
1119 /**
1120 * \brief Check if an user is an local administrator
1121 * @deprecated since version 6.7
1122 *
1123 *
1124 * \param $p_dossier : dossier_id
1125 *
1126 * \return
1127 * - 0 if no
1128 * - 1 if yes
1129 *
1130 */
1131 function is_local_admin($p_dossier=-1)
1132 {
1133 return 0;
1134 }
1135
1136 /**
1137 * @brief return array of available repository
1138 *
1139 * @param $p_access R for read W for write
1140 * @return an array
1141 */
1142 function get_available_repository($p_access='R')
1143 {
1144 $profile=$this->get_profile();
1145 $r=array();
1146 if ($p_access=='R')
1147 {
1148 $r=$this->db->get_array("select distinct u.r_id,r_name
1149 from
1150 profile_sec_repository as u
1151 join stock_repository as s on(u.r_id=s.r_id)
1152 where
1153 p_id =$1
1154 and ur_right='W'
1155 order by 2
1156 ", array($profile));
1157 }
1158 if ($p_access=='W')
1159 {
1160 $r=$this->db->get_array("select distinct u.r_id,r_name
1161 from
1162 profile_sec_repository as u
1163 join stock_repository as s on(u.r_id=s.r_id)
1164 where
1165 p_id =$1 order by 2
1166 ", array($profile));
1167 }
1168 return $r;
1169 }
1170
1171 /**
1172 * \brief return an array with all the active users who can access
1173 * $p_dossier including the global admin.
1174 * The user must be activated
1175 *
1176 * \param $p_dossier dossier
1177 * \return an array of user's object
1178 * array indices
1179 * - use_id (id )
1180 * - use_login (login of the user)
1181 * - use_name
1182 * - use_first_name
1183 *
1184 * \exception throw an exception if nobody can access
1185 */
1186 static function get_list($p_dossier)
1187 {
1188 $sql="select distinct use_id,use_login,use_first_name,use_name from ac_users
1189 left outer join jnt_use_dos using (use_id)
1190 where
1191 (dos_id=$1 and use_active=1) or (use_active=1 and use_admin=1)
1192 order by use_login,use_name";
1193
1194 $repo=new Database();
1195 $array=$repo->get_array($sql, array($p_dossier));
1196 if ($repo->size()==0)
1197 throw new Exception('Error inaccessible folder');
1198 return $array;
1199 }
1200
1201 /**
1202 * \brief check the access of an user on a ledger
1203 *
1204 * \param $p_jrn the ledger id
1205 * \return
1206 * - O only predefined operation
1207 * - W write
1208 * - R read only
1209 * - X no access
1210 *
1211 */
1212 function check_jrn($p_jrn)
1213 {
1214 return $this->get_ledger_access($p_jrn);
1215 }
1216
1217 /**
1218 * \brief check if an user can access a folder, if he cannot display a dialog box
1219 * and exit
1220 * \param the folder if
1221 * \param $silent false, echo an error message and exit, true : exit without warning
1222 * default is false
1223 * \return
1224 * - L for administrator (local and global)
1225 * - X no access
1226 * - R regular user
1227 */
1228 function check_dossier($p_dossier_id, $silent=false)
1229 {
1230 $this->Admin();
1231 if ($this->admin==1||$this->is_local_admin($p_dossier_id)==1)
1232 return 'L';
1233 $cn=new Database();
1234
1235 $dossier=$cn->get_value("select 'R' from jnt_use_dos where dos_id=$1 and use_id=$2",
1236 array($p_dossier_id, $this->id));
1237 $dossier=($dossier=='')?'X':$dossier;
1238 if ($dossier=='X')
1239 {
1240 $this->audit('FAIL', "Access folder ");
1241 if (!$silent)
1242 {
1243 alert(_('Dossier non accessible'));
1244 exit();
1245 }
1246 }
1247 return $dossier;
1248 }
1249
1250 /**
1251 * @brief return the first date and the last date of the current exercice for the current user
1252 * @return and array ([0] => start_date,[1] => end_date)
1253 */
1254 function get_limit_current_exercice()
1255 {
1256 $current_exercice=$this->get_exercice();
1257 $periode=new Periode($this->db);
1258 list($per_start, $per_end)=$periode->get_limit($current_exercice);
1259 $start=$per_start->first_day();
1260 $end=$per_end->last_day();
1261 return array($start, $end);
1262 }
1263
1264 /**
1265 * \brief Show all the available folder for the users
1266 * at the login page. For the special case 'E'
1267 * go directly to extension and bypasse the dashboard
1268 * \param $p_filtre user
1269 *
1270 * \return table in HTML
1271 *
1272 */
1273 function show_dossier($p_filtre="")
1274 {
1275 $p_array=$this->get_available_folder($p_filtre);
1276
1277 $result="";
1278
1279 $result.="<TABLE id=\"folder\" class=\"result\">";
1280 $result.="<tr>";
1281 $result.="<th>";
1282 $result.=_("Id");
1283 $result.="</th>";
1284 $result.="<th>";
1285 $result.=_("Nom");
1286 $result.="</th>";
1287 $result.="<th>";
1288 $result.=_("Description");
1289 $result.="</th>";
1290 $result.="</tr>";
1291 if ($p_array==0)
1292 {
1293 $result.="<tr>";
1294 $result.='<td style="width:auto" colspan=3>';
1295 $result.=_("Aucun dossier disponible");
1296 $result.='</td>';
1297 $result.="</tr>";
1298 return $result;
1299 }
1300
1301 for ($i=0; $i<sizeof($p_array); $i++)
1302 {
1303
1304 $id=$p_array[$i]['dos_id'];
1305 $name=$p_array[$i]['dos_name'];
1306 $desc=$p_array[$i]['dos_description'];
1307 if ($i%2==0)
1308 $tr="odd";
1309 else
1310 $tr="even";
1311 $target="do.php?gDossier=$id";
1312
1313 $result.="<TR class=\"$tr\">";
1314
1315 $result.=td($id, ' class="num" ');
1316 $result.="<TD class=\"$tr\">";
1317 $result.="<A class=\"dossier\" HREF=\"$target\">";
1318 $result.=" <B>".h($name)."</B>";
1319 $result.="</A>";
1320 $result.="</TD>";
1321 $desc=($desc=="")?"<i>Aucune description</i>":h($desc);
1322 $desc="<A class=\"dossier\" HREF=\"$target\">$desc</A>";
1323 $result.="<TD class=\"$tr\" >".$desc;
1324 $result.="</TD>";
1325 $result.="</TR>";
1326 }
1327 $result.="</TABLE>";
1328 return $result;
1329 }
1330
1331 /**
1332 * \brief Get all the available folders
1333 * for the users, checked with the security
1334 *
1335 * \param $p_filter
1336 * \return array containing
1337 * - ac_dossier.dos_id
1338 * - ac_dossier.dos_name
1339 * - ac_dossier.dos_description
1340 *
1341 */
1342 function get_available_folder($p_filter="")
1343 {
1344 $cn=new Database();
1345 $filter="";
1346 if ($this->admin==0)
1347 {
1348 // show only available folders
1349 // if user is not an admin
1350 $Res=$cn->exec_sql("select
1351 distinct dos_id,dos_name,dos_description
1352 from ac_users
1353 natural join jnt_use_dos
1354 natural join ac_dossier
1355 where
1356 use_login= $1
1357 and use_active = 1
1358 and ( dos_name ilike '%' || $2 || '%' or dos_description ilike '%' || $2 || '%' )
1359 order by dos_name", array($this->login, $p_filter));
1360 }
1361 else
1362 {
1363 $Res=$cn->exec_sql("select
1364 distinct dos_id,dos_name,dos_description from ac_dossier
1365 where
1366 dos_name ilike '%' || $1|| '%' or dos_description ilike '%' || $1 || '%'
1367 order by dos_name", array($p_filter));
1368 }
1369
1370 $max=Database::num_row($Res);
1371 if ($max==0)
1372 return 0;
1373
1374 for ($i=0; $i<$max; $i++)
1375 {
1376 $array[]=Database::fetch_array($Res, $i);
1377 }
1378 return $array;
1379 }
1380
1381 /**
1382 * @brief Audit action from the administration menu
1383 * @param $p_module description of the action
1384 */
1385 static function audit_admin($p_module)
1386 {
1387 $cn=new Database();
1388 $sql="insert into audit_connect (ac_user,ac_ip,ac_module,ac_url,ac_state) values ($1,$2,$3,$4,$5)";
1389
1390 $cn->exec_sql($sql,
1391 array(
1392 $_SESSION[SESSION_KEY.'g_user'],
1393 $_SERVER["REMOTE_ADDR"],
1394 $p_module,
1395 $_SERVER['REQUEST_URI'],
1396 'ADMIN'));
1397 }
1398
1399 function audit($action='AUDIT', $p_module="")
1400 {
1401 global $audit;
1402 if ($audit)
1403 {
1404 if ($p_module==""&&isset($_REQUEST['ac']))
1405 {
1406 $p_module=$_REQUEST['ac'];
1407 }
1408 $cn=new Database();
1409 if (isset($_REQUEST['gDossier']))
1410 $p_module.=" dossier : ".$_REQUEST['gDossier'];
1411 $sql="insert into audit_connect (ac_user,ac_ip,ac_module,ac_url,ac_state) values ($1,$2,$3,$4,$5)";
1412
1413 $cn->exec_sql($sql,
1414 array(
1415 $_SESSION[SESSION_KEY.'g_user'],
1416 $_SERVER["REMOTE_ADDR"],
1417 $p_module,
1418 $_SERVER['REQUEST_URI'],
1419 $action));
1420 }
1421 }
1422
1423 function save_profile($p_id)
1424 {
1425 $count=$this->db->get_value("select count(*) from profile_user where user_name=$1", array($this->login));
1426 if ($count==0)
1427 {
1428 $this->db->exec_sql("insert into profile_user(p_id,user_name)
1429 values ($1,$2)", array($p_id, $this->login));
1430 }
1431 else
1432 {
1433 $this->db->exec_sql("update profile_user set p_id=$1 where user_name=$2", array($p_id, $this->login));
1434 }
1435 }
1436
1437 /**
1438 * @brief return the profile (p_id)
1439 * @return profile.p_id
1440 */
1441 function get_profile()
1442 {
1443 $profile=$this->db->get_value("select p_id from profile_user where
1444 lower(user_name)=lower($1) ", array($this->login));
1445 return $profile;
1446 }
1447
1448 /**
1449 * @brief Compute the SQL string for the writable profile,
1450 * the subselect for p_id , example
1451 * p_id in $g_user->sql_writable_profile.
1452 * The administrator can access all the profiles
1453 * R = Read Only W = Write and delete O = write and not delete
1454 * @return SQL string with the subselect for p_id
1455 */
1456 function sql_writable_profile()
1457 {
1458 if ($this->admin!=1)
1459 {
1460 $sql=" (select p_granted "
1461 ." from user_sec_action_profile "
1462 ." where ua_right in ('W','O') and p_id=".$this->get_profile().") ";
1463 }
1464 else
1465 {
1466 $sql="(select p_id p_granted from profile)";
1467 }
1468 return $sql;
1469 }
1470 /**
1471 * @brief return array of writable action_profile
1472 *
1473 */
1474 function get_writable_profile()
1475 {
1476 $value=$this->db->get_array("select p_granted from ".$this->sql_writable_profile()." as m") ;
1477 $aGranted=array_column($value,"p_granted");
1478 return $aGranted;
1479 }
1480 /**
1481 * @brief return array of readable action_profile
1482 *
1483 */
1484 function get_readable_profile()
1485 {
1486 $value=$this->db->get_array("select p_granted from ".$this->sql_readable_profile()." as m") ;
1487 $aGranted=array_column($value,"p_granted");
1488 return $aGranted;
1489 }
1490 /**
1491 *@brief Compute the SQL string for the readable profile,
1492 * the subselect for p_id , example
1493 * p_id in $g_user->sql_readable_profile.
1494 * The administrator can read all the profiles
1495 * @return SQL string with the subselect for p_id
1496 */
1497 function sql_readable_profile()
1498 {
1499 if ($this->admin!=1)
1500 {
1501 $sql=" (select p_granted "
1502 ." from user_sec_action_profile "
1503 ." where ua_right in ('W','R','O') and p_id=".$this->get_profile().") ";
1504 }
1505 else
1506 {
1507 $sql="(select p_id p_granted from profile)";
1508 }
1509 return $sql;
1510 }
1511
1512 /**
1513 * @brief Check if the current user can add an action in the profile given
1514 * in parameter
1515 * @param type $p_profile profile.p_id = action_gestion.ag_dest
1516 * @return boolean
1517 */
1518 function can_add_action($p_profile)
1519 {
1520 $r=$this->db->get_value(' select count(*)
1521 from user_sec_action_profile
1522 where p_granted=$2
1523 and p_id=$1', array($this->get_profile(), $p_profile));
1524 if ($r==0)
1525 {
1526 return false;
1527 }
1528 return true;
1529 }
1530
1531 /**
1532 * Check if the profile of the user can write for this profile
1533 * @param $dtoc action_gestion.ag_id
1534 * @return true if he can write otherwise false
1535 */
1536 function can_write_action($dtoc)
1537 {
1538 if ($this->Admin()==1)
1539 return TRUE;
1540 if ($this->get_status_security_action()==0)
1541 return TRUE;
1542 $profile=$this->get_profile();
1543 $r=$this->db->get_value(" select count(*) from action_gestion where ag_id=$1 and ag_dest in
1544 (select p_granted from user_sec_action_profile where ua_right in ('W','O') and p_id=$2) ", array($dtoc, $profile));
1545 if ($r==0)
1546 return FALSE;
1547 return true;
1548 }
1549
1550 /**
1551 * Check if the profile of the user can write AND delete for this profile
1552 * @param $dtoc action_gestion.ag_id
1553 * @return true if he can write otherwise false
1554 */
1555 function can_delete_action($dtoc)
1556 {
1557 if ($this->Admin()==1)
1558 return TRUE;
1559 if ($this->get_status_security_action()==0)
1560 return TRUE;
1561 $profile=$this->get_profile();
1562 $r=$this->db->get_value(" select count(*) from action_gestion where ag_id=$1 and ag_dest in
1563 (select p_granted from user_sec_action_profile where ua_right='W' and p_id=$2) ", array($dtoc, $profile));
1564 if ($r==0)
1565 return FALSE;
1566 return true;
1567 }
1568
1569 /**
1570 * Check if the profile of the user can write for this profile
1571 * @param $dtoc action_gestion.ag_id
1572 * @return true if he can write otherwise false
1573 */
1574 function can_read_action($dtoc)
1575 {
1576 if ($this->Admin()==1)
1577 return true;
1578 $profile=$this->get_profile();
1579 $r=$this->db->get_value(" select count(*) from action_gestion where ag_id=$1 and (ag_dest in
1580 (select p_granted from user_sec_action_profile where p_id=$2) or ag_owner=$3)",
1581 array($dtoc, $profile, $this->login));
1582 if ($r==0)
1583 return false;
1584 return true;
1585 }
1586
1587 /**
1588 * Check if the profile of the user can write for this repository
1589 * @param $p_repo stock_repository.r_id
1590 * @return true if he can write otherwise false
1591 */
1592 function can_write_repo($p_repo)
1593 {
1594 if ($this->Admin()==1)
1595 return true;
1596 $profile=$this->get_profile();
1597 $r=$this->db->get_value("select count(*)
1598 from profile_sec_repository
1599 where
1600 r_id=$1
1601 and p_id =$2
1602 and ur_right='W'", array($p_repo, $profile));
1603 if ($r==0)
1604 return false;
1605 return true;
1606 }
1607
1608 /**
1609 * Check if the profile of the user can read for this repository
1610 * @param $p_repo stock_repository.r_id
1611 * @return true if he read write otherwise false
1612 */
1613 function can_read_repo($p_repo)
1614 {
1615 if ($this->Admin()==1)
1616 return true;
1617 $profile=$this->get_profile();
1618 $r=$this->db->get_value("select count(*)
1619 from profile_sec_repository
1620 where
1621 r_id=$1
1622 and p_id =$2
1623 ", array($p_repo, $profile));
1624 if ($r==0)
1625 return false;
1626 return true;
1627 }
1628 /**
1629 * @brief store the password in session
1630 */
1631 function password_to_session()
1632 {
1633 $_SESSION[SESSION_KEY.'g_pass']=$this->getPassword();
1634 }
1635 /**
1636 * @brief Save the password of the current user
1637 * @param string $p_pass1 password (clear)
1638 * @param string $p_pass2 for confirming password (clear)
1639 * @see check_password_strength()
1640 * @return true : password successfully changed otherwise false
1641 */
1642 function save_password($p_pass1, $p_pass2)
1643 {
1644 if ($p_pass1==$p_pass2 && count(check_password_strength($p_pass1)['msg'])==0)
1645 {
1646 $repo=new Database();
1647 $l_pass=md5($p_pass1);
1648 $this->setPassword($l_pass);
1649 $repo->exec_sql("update ac_users set use_pass=$1 where use_login=$2",
1650 array($l_pass, $this->login));
1651 return true;
1652 }
1653 else
1654 {
1655
1656 return false;
1657 }
1658 }
1659
1660 /**
1661 * Save the password from PREFERENCE MODULE
1662 * @param type $p_email
1663 */
1664 function save_email($p_email)
1665 {
1666 $repo=new Database();
1667 $repo->exec_sql("update ac_users set use_email=$1 where use_login=$2",
1668 array($p_email, $_SESSION[SESSION_KEY.'g_user']));
1669 }
1670
1671 /**
1672 * Remove a user and all his privileges
1673 * So it cannot connect anymore and all his privileges are removed from
1674 * the dossier
1675 *
1676 */
1677 static function revoke_access($p_login, $p_dossier)
1678 {
1679 // connect to the repository
1680 $repo_cnx=new Database();
1681
1682 // Retrieve the user
1683 $user=$repo_cnx->get_array('select use_id,use_login from ac_users where use_login=$1', array($p_login));
1684 if (!$user)
1685 return false;
1686
1687 // remove him from jnt_use_dos
1688 $repo_cnx->exec_sql("delete from jnt_use_dos WHERE use_id=$1 and dos_id=$2",
1689 array($user[0]['use_id'], $p_dossier));
1690
1691 // Remove user from user's dossier
1692 $cn_dossier=new Database($p_dossier);
1693 $cn_dossier->exec_sql("delete from profile_user where user_name=$1", array($p_login));
1694 $cn_dossier->exec_sql("delete from user_sec_act where ua_login=$1", array($p_login));
1695 }
1696
1697 /**
1698 * Grant access to folder, grant administrator profile , all the ledgers and all the action
1699 *
1700 */
1701 static function grant_admin_access($p_login, $p_dossier)
1702 {
1703 $repo_cnx=new Database();
1704 $user=$repo_cnx->get_array("select use_id,use_login
1705 from ac_users
1706 where use_login=$1", array($p_login));
1707
1708 if (!$user)
1709 return false;
1710 $cn_dossier=new Database($p_dossier);
1711 // if not access to DB
1712 if (
1713 $repo_cnx->get_value("select count(*) from jnt_use_dos where use_id=$1 and dos_id=$2",
1714 array($user[0]['use_id'], $p_dossier))==0
1715 )
1716 {
1717 $repo_cnx->exec_sql("insert into jnt_use_dos(use_id,dos_id) values ($1,$2)",
1718 array($user[0]['use_id'], $p_dossier));
1719 }
1720 //------ Give him the admin menu
1721 if ($cn_dossier->get_value("select count(*) from profile_user where user_name=$1", array($user[0]['use_login']))==0)
1722 {
1723 $cn_dossier->exec_sql('insert into profile_user(user_name,p_id) values($1,1)', array($user[0]['use_login']));
1724 }
1725 // Grant all action + ledger to him
1726 $cn_dossier->exec_sql("delete from user_sec_act where ua_login=$1", array($p_login));
1727
1728 $cn_dossier->exec_sql("insert into user_sec_act (ua_login,ua_act_id)"
1729 ." select $1 ,ac_id from action ", array($p_login));
1730
1731 $cn_dossier->exec_sql("delete from user_sec_jrn where uj_login=$1", array($p_login));
1732 $cn_dossier->exec_sql("insert into user_sec_jrn(uj_login,uj_jrn_id,uj_priv)"
1733 ." select $1,jrn_def_id,'W' from jrn_def", array($p_login));
1734 }
1735
1736 static function remove_inexistant_user($p_dossier)
1737 {
1738 $cnx_repo=new Database();
1739 $name=$cnx_repo->format_name($p_dossier, 'dos');
1740 if ($cnx_repo->exist_database($name)==0)
1741 return;
1742 $cnx_dossier=new Database($p_dossier);
1743 if ($cnx_dossier->exist_table('profile_user'))
1744 $a_user=$cnx_dossier->get_array('select user_name from profile_user');
1745 else
1746 return;
1747
1748 if (!$a_user)
1749 return;
1750 $nb=count($a_user);
1751 for ($i=0; $i<$nb; $i++)
1752 {
1753 if ($cnx_repo->get_value('select count(*) from ac_users where use_login=$1', array($a_user[$i]['user_name']))==0)
1754 {
1755 if ($cnx_dossier->exist_table('user_sec_jrn'))
1756 $cnx_dossier->exec_sql("delete from user_sec_jrn where uj_login=$1", array($a_user[$i]['user_name']));
1757 $cnx_dossier->exec_sql("delete from profile_user where user_name=$1", array($a_user[$i]['user_name']));
1758 if ($cnx_dossier->exist_table('user_sec_act'))
1759 $cnx_dossier->exec_sql("delete from user_sec_act where ua_login=$1", array($a_user[$i]['user_name']));
1760 if ($cnx_dossier->exist_table('user_sec_jrn'))
1761 $cnx_dossier->exec_sql("delete from user_sec_jrn where uj_login=$1", array($a_user[$i]['user_name']));
1762 if ($cnx_dossier->exist_table('user_active_security'))
1763 $cnx_dossier->exec_sql("delete from user_active_security where us_login=$1",
1764 array($a_user[$i]['user_name']));
1765 }
1766 }
1767 }
1768
1769 /**
1770 * Check the security on ledger for the user , it returns 1 if the security
1771 * on ledgers is enabled, otherwise 0
1772 */
1773 function get_status_security_ledger()
1774 {
1775 $security=$this->db->get_value("select us_ledger from user_active_security
1776 where
1777 us_login=$1", [$this->login]);
1778 $n_security=($security=="Y")?1:0;
1779 return $n_security;
1780 }
1781
1782 /**
1783 * Set the flag in the table user_active_security
1784 * @param int $p_value 1==enable , 0 = disable
1785 * @exceptions invalid value
1786 */
1787 function set_status_security_ledger($p_value)
1788 {
1789 if ($p_value!=0&&$p_value!=1)
1790 throw new Exception(_("Valeur invalide"));
1791 $exist=$this->db->get_value("select count(*) from user_active_security where us_login=$1", [$this->login]);
1792 $flag=($p_value==1)?"Y":"N";
1793 if ($exist==0)
1794 {
1795 $this->db->exec_sql("insert into user_active_security (us_login,us_ledger,us_action) values ($1,$2,$3)",
1796 [$this->login, $flag, 'Y']);
1797 }
1798 else
1799 {
1800 $this->db->exec_sql("update user_active_security set us_ledger=$1 where us_login = $2",
1801 [$flag, $this->login]);
1802 }
1803 }
1804
1805 /**
1806 * Check the security on ledger for the user , it returns 1 if the security
1807 * on ledgers is enabled, otherwise 0
1808 */
1809 function get_status_security_action()
1810 {
1811 $security=$this->db->get_value("select us_action from user_active_security
1812 where
1813 us_login=$1", [$this->login]);
1814 $n_security=($security=="Y")?1:0;
1815 return $n_security;
1816 }
1817
1818 /**
1819 * Set the flag in the table user_active_security
1820 * @param int $p_value 1==enable , 0 = disable
1821 * @exceptions invalid value
1822 */
1823 function set_status_security_action($p_value)
1824 {
1825 if ($p_value!=0&&$p_value!=1)
1826 throw new Exception(_("Valeur invalide"));
1827 $exist=$this->db->get_value("select count(*) from user_active_security where us_login=$1", [$this->login]);
1828 $flag=($p_value==1)?"Y":"N";
1829 if ($exist==0)
1830 {
1831 $this->db->exec_sql("insert into user_active_security (us_login,us_action,us_ledger) values ($1,$2,$3)",
1832 [$this->login, $flag, 'Y']);
1833 }
1834 else
1835 {
1836 $this->db->exec_sql("update user_active_security set us_action=$1 where us_login = $2",
1837 [$flag, $this->login]);
1838 }
1839 }
1840
1841 /**
1842 *
1843 */
1844 function get_first_week_day()
1845 {
1846 $repocn=new Database();
1847 $result=$repocn->get_value("select parameter_value from user_global_pref where parameter_type=$1 and user_id=$2 ",
1848 array("first_week_day", $this->login));
1849 if ($repocn->count()==0)
1850 {
1851 $this->save_global_preference("first_week_day", 1);
1852 return 1;
1853 }
1854 return $result;
1855 }
1856 /**
1857 * @brief clean the sessions
1858 */
1859 static function clean_session()
1860 {
1861
1862 $aSession=$_SESSION;
1863 foreach($aSession as $key => $value) {
1864 if(DEBUGNOALYSS>1) { echo "[$key]=>[$value]";}
1865
1866 if ( strpos($key,SESSION_KEY) === 0) {
1867 unset($_SESSION[$key]);
1868 if(DEBUGNOALYSS>1) { echo "=> [$key] cleaned";}
1869 }
1870 }
1871 }
1872}
1873
1874?>
h2
h2($p_string, $p_class="", $raw="")
Definition: ac_common.php:68
td
td($p_string='', $p_extra='')
surround the string with td
Definition: ac_common.php:83
$i
$i
Definition: action_document_type_mtable_input.php:83
$p_id
$p_id
Definition: ajax_accounting.php:33
$sql
$sql
Definition: ajax_add_concerned_card.php:100
$sql_array
$sql_array['query']
Definition: ajax_add_concerned_card.php:92
$r
catch(Exception $exc) if(! $g_user->can_write_action($ag_id)) $r
Definition: ajax_add_concerned_card.php:53
$cn
$cn
Definition: ajax_anc_accounting.php:30
$row
$row
Definition: ajax_anc_detail_operation.php:33
$nb
$nb
Definition: ajax_auto_anc_card.php:32
$ret
$ret
Definition: ajax_display_letter.php:51
p_id
$profile p_id
Definition: ajax_display_submenu.php:52
from
$anc_grandlivre from
Definition: ajax_history_anc_account.php:61
style
$opd_description style
Definition: ajax_mod_predf_op.php:52
$res
$res
Definition: ajax_preference.php:49
$result
$result
Definition: anc_great_ledger.inc.php:26
jrn_def_id
margin jrn_def_id
Definition: anc_key_input.php:163
$from
$from
Definition: balance.inc.php:61
name
$from_poste name
Definition: balance.inc.php:163
DatabaseCore\escape_string
static escape_string($p_string)
wrapper for the function pg_escape_string
Definition: database_core.class.php:864
DatabaseCore\fetch_array
static fetch_array($ret, $p_indice=0, $p_mode=PGSQL_ASSOC)
wrapper for the function pg_fetch_array
Definition: database_core.class.php:757
DatabaseCore\num_row
static num_row($ret)
wrapper for the function pg_num_rows
Definition: database_core.class.php:744
Database
contains the class for connecting to Noalyss
Definition: database.class.php:33
Dossier
manage the current dossier, everywhere we need to know to which folder we are connected,...
Definition: dossier.class.php:40
Noalyss_User
Data & function about connected users.
Definition: noalyss_user.class.php:34
Noalyss_User\$login
$login
login lower case
Definition: noalyss_user.class.php:45
Noalyss_User\setAdmin
setAdmin($admin)
Definition: noalyss_user.class.php:229
Noalyss_User\set_status_security_ledger
set_status_security_ledger($p_value)
Set the flag in the table user_active_security.
Definition: noalyss_user.class.php:1787
Noalyss_User\get_access_mode
get_access_mode()
access_mode tells what mode must be used : pc or mobile
Definition: noalyss_user.class.php:172
Noalyss_User\get_status_security_action
get_status_security_action()
Check the security on ledger for the user , it returns 1 if the security on ledgers is enabled,...
Definition: noalyss_user.class.php:1809
Noalyss_User\$id
$id
in account_repository , ac_users.use_id
Definition: noalyss_user.class.php:36
Noalyss_User\getDb
getDb()
Definition: noalyss_user.class.php:205
Noalyss_User\getPassword
getPassword()
Definition: noalyss_user.class.php:317
Noalyss_User\insert
insert()
Definition: noalyss_user.class.php:403
Noalyss_User\set_status_security_action
set_status_security_action($p_value)
Set the flag in the table user_active_security.
Definition: noalyss_user.class.php:1823
Noalyss_User\get_status_security_ledger
get_status_security_ledger()
Check the security on ledger for the user , it returns 1 if the security on ledgers is enabled,...
Definition: noalyss_user.class.php:1773
Noalyss_User\setDb
setDb($db)
Definition: noalyss_user.class.php:213
Noalyss_User\set_session_var
set_session_var()
put user_login into Postgres config (session), it can be used for tracking users activities
Definition: noalyss_user.class.php:72
Noalyss_User\__toString
__toString()
Definition: noalyss_user.class.php:78
Noalyss_User\setActive
setActive($active)
Definition: noalyss_user.class.php:293
Noalyss_User\$active
$active
1 active , 0 disables
Definition: noalyss_user.class.php:44
Noalyss_User\get_first_week_day
get_first_week_day()
Definition: noalyss_user.class.php:1844
Noalyss_User\$admin
$admin
is or is not admin
Definition: noalyss_user.class.php:39
Noalyss_User\getName
getName()
Definition: noalyss_user.class.php:269
Noalyss_User\$theme
$theme
user's CSS Theme
Definition: noalyss_user.class.php:50
Noalyss_User\setName
setName($name)
Definition: noalyss_user.class.php:277
Noalyss_User\$lang
$lang
user's language
Definition: noalyss_user.class.php:49
Noalyss_User\$last_name
$last_name
user's last_name
Definition: noalyss_user.class.php:42
Noalyss_User\$password
$password
md5 of the password
Definition: noalyss_user.class.php:46
Noalyss_User\$name
$name
Definition: noalyss_user.class.php:43
Noalyss_User\$access_mode
$access_mode
MOBILE or PC depending if when connecting $login contains @mobile.
Definition: noalyss_user.class.php:48
Noalyss_User\Check
Check($silent=false, $from='')
Check if user is active and exists in therepository Automatically redirect, it doesn't check if a use...
Definition: noalyss_user.class.php:424
Noalyss_User\$db
$db
database connx to the folder NOT repository
Definition: noalyss_user.class.php:38
Noalyss_User\setEmail
setEmail($email)
Definition: noalyss_user.class.php:341
Noalyss_User\getFirstName
getFirstName()
Definition: noalyss_user.class.php:253
Noalyss_User\load_global_pref
load_global_pref()
Get the global preferences from user_global_pref in the account_repository db.
Definition: noalyss_user.class.php:909
Noalyss_User\grant_admin_access
static grant_admin_access($p_login, $p_dossier)
Grant access to folder, grant administrator profile , all the ledgers and all the action.
Definition: noalyss_user.class.php:1701
Noalyss_User\save_global_preference
save_global_preference($key, $value)
Save the preference , the scope is global, the settings are saved into account_repository.
Definition: noalyss_user.class.php:786
Noalyss_User\getEmail
getEmail()
Definition: noalyss_user.class.php:333
Noalyss_User\getLogin
getLogin()
Definition: noalyss_user.class.php:301
Noalyss_User\$first_name
$first_name
Definition: noalyss_user.class.php:41
Noalyss_User\setValid
setValid(int $valid)
Definition: noalyss_user.class.php:245
Noalyss_User\load
load()
Definition: noalyss_user.class.php:352
Noalyss_User\clean_session
static clean_session()
clean the sessions
Definition: noalyss_user.class.php:1859
Noalyss_User\getActive
getActive()
Definition: noalyss_user.class.php:285
Noalyss_User\set_access_mode
set_access_mode($access_mode)
access_mode tells what mode must be used : pc or mobile
Definition: noalyss_user.class.php:180
Noalyss_User\save
save()
Definition: noalyss_user.class.php:392
Noalyss_User\setLogin
setLogin(string $login)
Definition: noalyss_user.class.php:309
Noalyss_User\getAdmin
getAdmin()
Definition: noalyss_user.class.php:221
Noalyss_User\remove_inexistant_user
static remove_inexistant_user($p_dossier)
Definition: noalyss_user.class.php:1736
Noalyss_User\can_connect
can_connect()
check the password and user
Definition: noalyss_user.class.php:85
Noalyss_User\connect_user
connect_user()
connect the user and set the $_SESSION variables if not set thanks the $_REQUEST
Definition: noalyss_user.class.php:97
Noalyss_User\getValid
getValid()
Definition: noalyss_user.class.php:237
Noalyss_User\getId
getId()
Definition: noalyss_user.class.php:189
Noalyss_User\setFirstName
setFirstName($first_name)
Definition: noalyss_user.class.php:261
Noalyss_User\setPassword
setPassword($password)
Definition: noalyss_user.class.php:325
Noalyss_User\$valid
$valid
is or is not valid
Definition: noalyss_user.class.php:40
Noalyss_User\setId
setId(int $id)
Definition: noalyss_user.class.php:197
Noalyss_User\$email
$email
user's email
Definition: noalyss_user.class.php:47
Noalyss_User\__construct
__construct($p_cn, $p_id=-1)
Definition: noalyss_user.class.php:52
ALL
const ALL
Definition: constant.php:204
$Res
$Res
Definition: dossier.inc.php:317
$value
$value
Definition: export_document.php:41
exit
for($e=0; $e< count($afiche); $e++) exit
Definition: export_fiche_balance_csv.php:109
$Max
$Max
Definition: export_security_pdf.php:158
db
$SecUser db
Definition: export_security_pdf.php:118
$flag
$flag
Definition: install.php:531
$user_password
$user_password
Definition: recover.php:80
redirect
redirect($p_string, $p_time=0)
Definition: user_common.php:181