noalyss  Version-9
user.class.php
Go to the documentation of this file.
1 <?php
2 
3 /*
4  * This file is part of NOALYSS.
5  *
6  * NOALYSS is free software; you can redistribute it and/or modify
7  * it under the terms of the GNU General Public License as published by
8  * the Free Software Foundation; either version 2 of the License, or
9  * (at your option) any later version.
10  *
11  * NOALYSS is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14  * GNU General Public License for more details.
15  *
16  * You should have received a copy of the GNU General Public License
17  * along with NOALYSS; if not, write to the Free Software
18  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
19  */
20 // Copyright Author Dany De Bontridder danydb@aevalys.eu
21 /**
22  * @file
23  * @brief Data & function about connected users
24  */
25 /**
26  * @brief Data & function about connected users
27  *
28  */
29 require_once NOALYSS_INCLUDE.'/constant.php';
30 require_once NOALYSS_INCLUDE.'/lib/user_common.php';
31 require_once NOALYSS_INCLUDE.'/lib/ac_common.php';
32 
33 class User
34 {
35 
36  var $id; //!< in account_repository , ac_users.use_id
37 
38  var $db; //!< database connx
39  var $admin; //!< is or is not admin
40  var $valid; //!< is or is not valid
41  var $first_name;
42  var $name;
43  var $active; //!< 1 active , 0 disables
44  var $login; //!< login lower case
45  var $password; //!< md5 of the password
46  var $email; //!< user's email
47  var $access_mode; //!< MOBILE or PC depending if when connecting $login contains @mobile
48 
49  function __construct($p_cn, $p_id=-1)
50  {
51  $this->db=$p_cn;
52  // if p_id is not set then check the connected user
53  if ($p_id==-1)
54  {
55  $this->connect_user();
56  }
57  else // if p_id is set get data of another user
58  {
59  $this->id=$p_id;
60  $this->load();
61  }
62  }
63  public function __toString(): string
64  {
65  return "User ".print_r($this,true);
66  }
67  /**
68  * @brief check the password and user
69  */
70  function can_connect()
71  {
72  $cn=new \Database();
73  $can_connect=$cn->get_value("select count(*) from ac_users
74  where use_active=1 and
75  use_login=$1 and use_pass=$2",
76  [$this->login,$this->password]);
77  return $can_connect;
78  }
79  /**
80  * @brief connect the user and set the $_SESSION variables if not set thanks the $_REQUEST
81  */
82  private function connect_user()
83  {
84  if (!isset($_SESSION[SESSION_KEY.'g_user']))
85  {
86  $http=new \HttpInput();
87  $user_login=$http->request("p_user", "string", "");
88  $user_password=$http->request("p_pass", "string", "");
89 
90  if ($user_login!=""&&$user_password!="")
91  {
92  $_SESSION[SESSION_KEY."g_user"]=$user_login;
93  $_SESSION[SESSION_KEY."g_pass"]=md5($user_password);
94  }
95  else
96  {
97  echo '<h2 class="error">'._('Session expirée<br>Utilisateur déconnecté').'</h2>';
98  redirect('index.php', 1);
99  exit();
100  }
101 
102 
103  if (strpos($user_login, '@mobile')!=false)
104  {
105  $this->access_mode='MOBILE';
106  $this->login=str_ireplace("@mobile", "", $user_login);
107  }
108  else
109  {
110  $this->access_mode='PC';
111  $this->login=strtolower($user_login);
112  }
113 
114  $_SESSION[SESSION_KEY."access_mode"]=$this->access_mode;
115  $_SESSION[SESSION_KEY.'g_user']=$this->login;
116  }
117  $this->login=$_SESSION[SESSION_KEY."g_user"];
118  $this->password=$_SESSION[SESSION_KEY.'g_pass'];
119 
120  $this->id=-1;
121  $this->lang=(isset($_SESSION[SESSION_KEY.'g_lang']))?$_SESSION[SESSION_KEY.'g_lang']:'fr_FR.utf8';
122  $this->access_mode=$_SESSION[SESSION_KEY."access_mode"];
123  $cn=new Database();
124 
125  if ($this->can_connect() == 0 || $this->load()==-1 )
126  {
127  echo '<h2 class="error">'._('Utilisateur ou mot de passe incorrect').'</h2>';
128  $sql="insert into audit_connect (ac_user,ac_ip,ac_module,ac_url,ac_state) values ($1,$2,$3,$4,$5)";
129  $cn->exec_sql($sql,
130  array($_SESSION[SESSION_KEY.'g_user'], $_SERVER["REMOTE_ADDR"], "DISCON",
131  $_SERVER['REQUEST_URI'], 'FAIL'));
132  $this->clean_session();
133  redirect('logout.php', 1);
134  exit();
135  }
136 
137  $this->load_global_pref();
138 
139  $_SESSION[SESSION_KEY.'g_lang']=$this->lang;
140  $this->valid=(isset($_SESSION[SESSION_KEY.'isValid']))?1:0;
141  if (isset($_SESSION[SESSION_KEY.'g_theme']))
142  {
143  $this->theme=$_SESSION[SESSION_KEY.'g_theme'];
144  }
145  $_SESSION[SESSION_KEY.'use_admin']=$this->admin;
146  $_SESSION[SESSION_KEY.'use_name']=$this->name;
147  $_SESSION[SESSION_KEY.'use_first_name']=$this->first_name;
148  }
149 
150  /**
151  * @brief access_mode tells what mode must be used : pc or mobile
152  */
153  public function get_access_mode()
154  {
155  return $this->access_mode;
156  }
157 
158  /**
159  * @brief access_mode tells what mode must be used : pc or mobile
160  */
161  public function set_access_mode($access_mode): object
162  {
163  $this->access_mode=$access_mode;
164  return $this;
165  }
166 
167  /**
168  * @return int|mixed
169  */
170  public function getId(): int
171  {
172  return $this->id;
173  }
174 
175  /**
176  * @param int|mixed $id
177  */
178  public function setId(int $id): void
179  {
180  $this->id=$id;
181  }
182 
183  /**
184  * @return mixed
185  */
186  public function getDb()
187  {
188  return $this->db;
189  }
190 
191  /**
192  * @param mixed $db
193  */
194  public function setDb($db): void
195  {
196  $this->db=$db;
197  }
198 
199  /**
200  * @return default|int|mixed|string|string[]|null
201  */
202  public function getAdmin()
203  {
204  return $this->admin;
205  }
206 
207  /**
208  * @param default|int|mixed|string|string[]|null $admin
209  */
210  public function setAdmin($admin): void
211  {
212  $this->admin=$admin;
213  }
214 
215  /**
216  * @return int
217  */
218  public function getValid(): int
219  {
220  return $this->valid;
221  }
222 
223  /**
224  * @param int $valid
225  */
226  public function setValid(int $valid): void
227  {
228  $this->valid=$valid;
229  }
230 
231  /**
232  * @return default|mixed|string|string[]|null
233  */
234  public function getFirstName()
235  {
236  return $this->first_name;
237  }
238 
239  /**
240  * @param default|mixed|string|string[]|null $first_name
241  */
242  public function setFirstName($first_name): void
243  {
244  $this->first_name=$first_name;
245  }
246 
247  /**
248  * @return default|mixed|string|string[]|null
249  */
250  public function getName()
251  {
252  return $this->name;
253  }
254 
255  /**
256  * @param default|mixed|string|string[]|null $name
257  */
258  public function setName($name): void
259  {
260  $this->name=$name;
261  }
262 
263  /**
264  * @return mixed
265  */
266  public function getActive()
267  {
268  return $this->active;
269  }
270 
271  /**
272  * @param mixed $active
273  */
274  public function setActive($active): void
275  {
276  $this->active=$active;
277  }
278 
279  /**
280  * @return string
281  */
282  public function getLogin(): string
283  {
284  return $this->login;
285  }
286 
287  /**
288  * @param string $login
289  */
290  public function setLogin(string $login): void
291  {
292  $this->login=$login;
293  }
294 
295  /**
296  * @return mixed
297  */
298  public function getPassword()
299  {
300  return $this->password;
301  }
302 
303  /**
304  * @param mixed $password
305  */
306  public function setPassword($password): void
307  {
308  $this->password=$password;
309  }
310 
311  /**
312  * @return mixed
313  */
314  public function getEmail()
315  {
316  return $this->email;
317  }
318 
319  /**
320  * @param mixed $email
321  */
322  public function setEmail($email): void
323  {
324  $this->email=$email;
325  }
326 
327  /* * \brief load data from database.
328  * if this->id == -1, it is unknown so we have to retrieve it
329  from the database by the login
330  * return -1 if nothing is found or the use_id
331  */
332 
333  function load()
334  {
335  /* if this->id == -1, it is unknown so we have to retrieve it from
336  the database thanks it login */
337  if ($this->id<0)
338  {
339  $sql_cond=" where lower(use_login)=lower($1)";
340  $sql_array=array($this->login);
341  }
342  else
343  {
344  $sql_cond=" where use_id=$1";
345  $sql_array=array($this->id);
346  }
347  $sql="select use_id,
348  use_first_name,
349  use_name,
350  use_login,
351  use_active,
352  use_admin,
353  use_pass,
354  use_email
355  from ac_users ";
356  $cn=new Database();
357  $Res=$cn->exec_sql($sql.$sql_cond, $sql_array);
358  if (($Max=Database::num_row($Res))==0)
359  return -1;
360  $row=Database::fetch_array($Res, 0);
361  $this->id=$row['use_id'];
362  $this->first_name=$row['use_first_name'];
363  $this->last_name=$row['use_name'];
364  $this->name=$row['use_name'];
365  $this->active=$row['use_active'];
366  $this->login=strtolower($row['use_login']);
367  $this->admin=$row['use_admin'];
368  $this->password=$row['use_pass'];
369  $this->email=$row['use_email'];
370  return $this->id;
371  }
372 
373  function save()
374  {
375 
376  $Sql="update ac_users set use_first_name=$1, use_name=$2
377  ,use_active=$3,use_admin=$4,use_pass=$5 ,use_email = $7 where use_id=$6";
378  $cn=new Database();
379  $Res=$cn->exec_sql($Sql,
380  array($this->first_name, $this->last_name, $this->active, $this->admin, $this->password,
381  $this->id, $this->email));
382  }
383 
384  function insert()
385  {
386 
387  $Sql="INSERT INTO ac_users(
388  use_first_name, use_name, use_login, use_active,
389  use_admin, use_pass, use_email)
390  VALUES ($1, $2, $3, $4, $5, $6, $7) returning use_id";
391 
392  $cn=new Database();
393  $this->id=$cn->get_value($Sql,
394  array($this->first_name, $this->last_name, $this->login, 1, $this->admin,
395  $this->password, $this->email));
396  }
397 
398  /**
399  * \brief Check if user is active and exists in therepository
400  * Automatically redirect, it doesn't check if a user can access a folder
401  * \param $silent false, echo an error message and exit, true : exit without warning
402  * default is false
403  *
404  ++ */
405  function Check($silent=false, $from='')
406  {
407 
408  $res=0;
409  $pass5=$this->password;
410 
411  $cn=new Database();
412  $sql="select ac_users.use_login,ac_users.use_active, ac_users.use_pass,
413  use_admin,use_first_name,use_name
414  from ac_users
415  where ac_users.use_id=$1
416  and ac_users.use_active=1
417  and ac_users.use_pass=$2";
418  $ret=$cn->exec_sql($sql, array($this->id, $pass5));
419  $res=Database::num_row($ret);
420  if ($res>0)
421  {
422  $r=Database::fetch_array($ret, 0);
423  $_SESSION[SESSION_KEY.'use_admin']=$r['use_admin'];
424  $_SESSION[SESSION_KEY.'use_name']=$r['use_name'];
425  $_SESSION[SESSION_KEY.'use_first_name']=$r['use_first_name'];
426  $_SESSION[SESSION_KEY.'isValid']=1;
427 
428  $this->admin=$_SESSION[SESSION_KEY.'use_admin'];
429  $this->name=$_SESSION[SESSION_KEY.'use_name'];
430  $this->first_name=$_SESSION[SESSION_KEY.'use_first_name'];
431  $this->load_global_pref();
432  }
433  $sql="insert into audit_connect (ac_user,ac_ip,ac_module,ac_url,ac_state) values ($1,$2,$3,$4,$5)";
434 
435  if ($res==0 || $this->can_connect() == 0)
436  {
437  $cn->exec_sql($sql,
438  array($_SESSION[SESSION_KEY.'g_user'], $_SERVER["REMOTE_ADDR"],
439  $from, $_SERVER['REQUEST_URI'], 'FAIL'));
440  if (!$silent)
441  {
442  echo '<script> alert(\''._('Utilisateur ou mot de passe incorrect').'\')</script>';
443  redirect('index.html');
444  }
445  $this->valid=0;
446  session_unset();
447  exit-1;
448  }
449  else
450  {
451  if ($from=='LOGIN' || $from=='PORTAL')
452  {
453  $cn->exec_sql($sql,
454  array($_SESSION[SESSION_KEY.'g_user'], $_SERVER["REMOTE_ADDR"], $from,
455  $_SERVER['REQUEST_URI'], 'SUCCESS'));
456  }
457  $this->valid=1;
458  }
459 
460  return $ret;
461  }
462 
463  /**
464  * \brief return the access to a folder,
465  * \param $p_dossier id if it is == 0 then we take the value from $_SESSION
466  * \return the priv_priv
467  * - X no access
468  * - R has access (normal user)
469 
470  *
471  */
472  function get_folder_access($p_dossier=0)
473  {
474 
475  if ($p_dossier==0)
476  $p_dossier=dossier::id();
477  if ($this->admin==1)
478  return 'R';
479  $cn=new Database();
480 
481  $sql="select 'R' from jnt_use_dos where use_id=$1 and dos_id=$2";
482 
483  $res=$cn->get_value($sql, array($this->id, $p_dossier));
484 
485  if ($cn->get_affected()==0)
486  return 'X';
487  return $res;
488  }
489 
490  /**
491  * \brief save the access of a folder
492  * \param $db_id the dossier id
493  * \param $priv boolean, true then it is granted, false it is removed
494  */
495  function set_folder_access($db_id, $priv)
496  {
497 
498  $cn=new Database();
499  if ($priv)
500  {
501  // the access is granted
502  $jnt=$cn->get_value("select jnt_id from jnt_use_dos where dos_id=$1 and use_id=$2", array($db_id, $this->id));
503 
504  if ($cn->size()==0)
505  {
506 
507  $Res=$cn->exec_sql("insert into jnt_use_dos(dos_id,use_id) values($1,$2)", array($db_id, $this->id));
508  }
509  }
510  else
511  {
512  // Access is revoked
513  $cn->exec_sql('delete from jnt_use_dos where use_id = $1 and dos_id = $2 ', array($this->id, $db_id));
514  }
515  }
516 
517  /**
518  * \brief check that a user is valid and the access to the folder
519  * \param $p_ledger the ledger to check
520  * \return the priv_priv
521  * - O only predefined operation
522  * - W write
523  * - R read only
524  * - X no access
525  *
526 
527  *
528  */
529  function get_ledger_access($p_ledger)
530  {
531  if ($this->admin==1||
532  $this->is_local_admin(dossier::id())==1||$this->get_status_security_ledger()==0)
533  return 'W';
534 
535  $sql="select uj_priv from user_sec_jrn where uj_login=$1 and uj_jrn_id=$2";
536  $res=$this->db->get_value($sql, array($this->login, $p_ledger));
537 
538  if ($res=='')
539  $res='X';
540  return $res;
541  }
542 
543  /**
544  * \brief get all the available ledgers for the current user
545  * \param $p_type = ALL or the type of the ledger (ACH,VEN,FIN,ODS)
546  * \param $p_access =3 for Read or WRITE, 2 write, 1 for readonly
547  * \param (boolean) $all if true show also inactive
548  * \return a double array of available ledgers
549  @verbatim
550  [0] => [jrn_def_id]
551  [jrn_def_type]
552  [jrn_def_name]
553  [jrn_def_class_deb]
554  [jrn_def_class_cred]
555  [jrn_type_id]
556  [jrn_desc]
557  [uj_priv]
558  @endverbatim
559  */
560  function get_ledger($p_type='ALL', $p_access=3, $disable=TRUE)
561  {
562  $p_type=strtoupper($p_type);
563  if (!in_array($p_type, ["FIN", "ALL", "ODS", "VEN", 'ACH']))
564  {
565  record_log(sprintf("UGL1, p_type %s", $p_type));
566  throw new Exception("UGL1"._("Type incorrecte"));
567  }
568  if ($disable==TRUE)
569  {
570  $sql_enable="";
571  }
572  else
573  {
574  $sql_enable="and jrn_enable=1";
575  }
576  if ($this->admin!=1&&$this->is_local_admin()!=1&&$this->get_status_security_ledger()==1)
577  {
578  $sql_type=($p_type=='ALL')?'':"and jrn_def_type=upper('".sql_string($p_type)."')";
579  switch ($p_access)
580  {
581  case 3:
582  $sql_access=" and uj_priv!= 'X' ";
583  break;
584  case 2:
585  $sql_access=" and uj_priv = 'W' and jrn_enable=1 ";
586  break;
587 
588  case 1:
589  $sql_access=" and ( uj_priv = 'R' or uj_priv='W') ";
590  break;
591  }
592 
593  $sql="select jrn_def_id,jrn_def_type,
594  jrn_def_name,jrn_def_class_deb,jrn_def_class_cred,jrn_type_id,jrn_desc,uj_priv,
595  jrn_deb_max_line,jrn_cred_max_line,jrn_def_description,jrn_enable
596  from jrn_def join jrn_type on jrn_def_type=jrn_type_id
597  join user_sec_jrn on uj_jrn_id=jrn_def_id
598  where
599  uj_login='".$this->login."'".
600  $sql_type.$sql_access.$sql_enable.
601  " order by jrn_Def_name";
602  }
603  else
604  {
605  $sql_type=($p_type=='ALL')?' '.$sql_enable:"where jrn_def_type=upper('".sql_string($p_type)."') ".$sql_enable;
606  $sql="select jrn_def_id,jrn_def_type,jrn_def_name,jrn_def_class_deb,jrn_def_class_cred,jrn_deb_max_line,jrn_cred_max_line,
607  jrn_type_id,jrn_desc,'W' as uj_priv,jrn_def_description,jrn_enable
608  from jrn_def join jrn_type on jrn_def_type=jrn_type_id
609  $sql_type
610  order by jrn_Def_name";
611  }
612  $res=$this->db->exec_sql($sql);
613  if (Database::num_row($res)==0)
614  return null;
615  $array=Database::fetch_all($res);
616  return $array;
617  }
618 
619  /**
620  * \brief return an sql condition for filtering the permitted ledger
621  * \param $p_type = ALL or the type of the ledger (ACH,VEN,FIN,ODS)
622  * \param $p_access =3 for READ or WRITE, 2 READ and write, 1 for readonly
623  *
624  * \return sql condition like = jrn_def_id in (...)
625  */
626  function get_ledger_sql($p_type='ALL', $p_access=3)
627  {
628  $aLedger=$this->get_ledger($p_type, $p_access);
629  if (empty($aLedger))
630  return ' jrn_def_id < 0 ';
631  $sql=" jrn_def_id in (";
632  foreach ($aLedger as $row)
633  {
634  $sql.=$row['jrn_def_id'].',';
635  }
636  $sql.='-1)';
637  return $sql;
638  }
639 
640  /**
641  * synomym for isAdmin,
642  * @deprecated
643  */
644  function Admin()
645  {
646  return $this->isAdmin();
647  }
648 
649  /**
650  * @brief Check if an user is an admin
651  *
652  * @return 1 for yes 0 for no
653  */
654  function isAdmin()
655  {
656  $this->admin=0;
657  $pass5=$this->password;
658  $sql="select count(*) from ac_users where use_login=$1
659  and use_active=1 and use_admin=1 ";
660 
661  $cn=new Database();
662  $this->admin=$cn->get_value($sql, array($this->login));
663  return $this->admin;
664  }
665 
666  /**
667  * \brief Set the selected periode in the user's preferences
668  *
669  * \param $p_periode periode
670  * \param - $p_user
671  *
672  */
673  function set_periode($p_periode)
674  {
675  $sql="update user_local_pref set parameter_value=$1 where user_id=$2 and parameter_type='PERIODE'";
676  $Res=$this->db->exec_sql($sql, [$p_periode, $this->id]);
677  }
678 
679  private function set_default_periode()
680  {
681 
682  /* get the first periode */
683  $sql='select min(p_id) as pid '
684  .' from parm_periode '
685  .' where p_closed = false and p_start = (select min(p_start) from parm_periode)';
686  $Res=$this->db->exec_sql($sql);
687 
688  $pid=Database::fetch_result($Res, 0, 0);
689  /* if all the periode are closed, then we use the last closed period */
690  if ($pid==null)
691  {
692  $sql='select min(p_id) as pid '
693  .'from parm_periode '
694  .'where p_start = (select max(p_start) from parm_periode)';
695  $Res2=$this->db->exec_sql($sql);
696  $pid=Database::fetch_result($Res2, 0, 0);
697  if ($pid==null)
698  {
699  throw new Exception(_("Aucune période trouvéee !!!"));
700  }
701 
702  $pid=Database::fetch_result($Res2, 0, 0);
703  }
704 
705  $sql=sprintf("insert into user_local_pref (user_id,parameter_value,parameter_type)
706  values ('%s','%d','PERIODE')", $this->id, $pid);
707  $Res=$this->db->exec_sql($sql);
708  }
709 
710  /**
711  * \brief Get the default periode from the user's preferences
712  *
713  * \return the default periode
714  *
715  *
716  */
717  function get_periode()
718  {
719 
720  $array=$this->get_preference();
721  if (!isset($array['PERIODE']))
722  {
723  $this->set_default_periode();
724  $array=$this->get_preference();
725  }
726  return $array['PERIODE'];
727  }
728 
729  /**
730  *
731  * \brief return the mini rapport to display on the welcome page
732  * \return 0 if nothing if found or the report to display (form_definition.fr_id)
733  */
734  function get_mini_report()
735  {
736  $array=$this->get_preference();
737  $fr_id=(isset($array['MINIREPORT']))?$array['MINIREPORT']:0;
738  return $fr_id;
739  }
740 
741  /**
742  * \brief set the mini rapport to display on the welcome page
743  */
744  function set_mini_report($p_id)
745  {
746  $count=$this->db->get_value("select count(*) from user_local_pref where user_id=$1 and parameter_type=$2",
747  array($this->id, 'MINIREPORT'));
748  if ($count==1)
749  {
750  $sql="update user_local_pref set parameter_value=$1 where user_id=$2 and parameter_type='MINIREPORT'";
751  $Res=$this->db->exec_sql($sql, array($p_id, $this->id));
752  }
753  else
754  {
755  $sql="insert into user_local_pref (user_id,parameter_type,parameter_value)".
756  "values($1,'MINIREPORT',$2)";
757  $Res=$this->db->exec_sql($sql, array($this->id, $p_id));
758  }
759  }
760 
761  /**
762  * Save the preference , the scope is global, the settings are saved
763  * into account_repository
764  * @param $key THEME, LANG , PAGESIZE
765  * @param $value value of the key
766  */
767  function save_global_preference($key, $value)
768  {
769  $repo=new Database();
770  $count=$repo->get_value("select count(*)
771  from
772  user_global_pref
773  where
774  parameter_type=$1 and user_id=$2", array($key, $this->login));
775  if ($count==1)
776  {
777  $repo->exec_sql("update user_global_pref set parameter_value=$1
778  where parameter_type=$2 and user_id=$3", array($value, $key, $this->login));
779  }
780  elseif ($count==0)
781  {
782  $repo->exec_sql("insert into user_global_pref(user_id,parameter_type,parameter_value)
783  values($1,$2,$3)", array($this->login, $key, $value));
784  }
785  }
786 
787  /**
788  * \brief Get the default user's preferences
789  * \return array of (parameter_type => parameter_value)
790  */
791  function get_preference()
792  {
793  $sql="select parameter_type,parameter_value from user_local_pref where user_id=$1";
794  $Res=$this->db->exec_sql($sql, array($this->id));
795  $l_array=array();
796  for ($i=0; $i<Database::num_row($Res); $i++)
797  {
798  $row=Database::fetch_array($Res, $i);
799  $type=$row['parameter_type'];
800  $l_array[$type]=$row['parameter_value'];
801  }
802  $repo=new Database();
803  $a_global_pref=$repo->get_array("select parameter_type,parameter_value from user_global_pref
804  where
805  upper(user_id) = upper($1)", [$this->login]);
806  $nb_global=count($a_global_pref);
807  for ($i=0; $i<$nb_global; $i++)
808  {
809  $idx=$a_global_pref[$i]['parameter_type'];
810  $value=$a_global_pref[$i]['parameter_value'];
811  $l_array[$idx]=$value;
812  }
813 
814  return $l_array;
815  }
816  /**
817  * @brief Check if an user can access a module, return 1 if yes, otherwise 0
818  * record in audit log
819  * This function works only if user is connected to a Folder
820  * @param string $p_module menu_ref.me_code
821  * @returns 0 for FORBIDDEN, 1 for GRANTED
822  */
823  function check_module($p_module)
824  {
825  if ( $this->access_mode == "PC") {
826 
827  $acc=$this->db->get_value("select count(*) from v_all_menu where p_id = $1
828  and me_code=$2", array($this->get_profile(), $p_module));
829  } elseif ($this->access_mode=="MOBILE") {
830  $acc=$this->db->get_value("select count(*) from profile_mobile where p_id=$1 and me_code=$2",
831  array($this->get_profile(), $p_module));
832  } else {
833  throw new Exception("USER:823:ACCESS_MODE INCONNU");
834  }
835  if ($acc==0)
836  {
837  $this->audit("FAIL", $p_module);
838  return 0;
839  }
840  $this->audit("SUCCESS", $p_module);
841  return 1;
842  }
843 
844  /**
845  * \brief Check if an user is allowed to do an action
846  * \param p_action_id
847  * \return
848  * - 0 no priv
849  * - 1 priv granted
850  * @see constant.security.php
851  */
852  function check_action($p_action_id)
853  {
854  /* save it into the log */
855  global $audit;
856  if ($this->Admin()==1)
857  return 1;
858  if ($this->is_local_admin(dossier::id())==1)
859  return 1;
860  if ($this->get_status_security_action()==0)
861  return 1;
862  $Res=$this->db->exec_sql(
863  "select * from user_sec_act where ua_login=$1 and ua_act_id=$2", array($this->login, $p_action_id));
864  $Count=Database::num_row($Res);
865  if ($Count==0)
866  {
867  if (isset($audit)&&$audit==true)
868  {
869  $cn=new Database();
870  $sql="insert into audit_connect (ac_user,ac_ip,ac_module,ac_url,ac_state) values ($1,$2,$3,$4,$5)";
871  $cn->exec_sql($sql,
872  array($_SESSION[SESSION_KEY.'g_user'], $_SERVER["REMOTE_ADDR"], $p_action_id, $_SERVER['REQUEST_URI'],
873  'FAIL'));
874  }
875  return 0;
876  }
877  if ($Count==1)
878  return 1;
879  echo_error(_("Action invalide"));
880  record_log("User:check_action".sprintf("login %s ua_act_id %s", $this->login, $p_action_id));
881  exit();
882  }
883 
884  /**
885  * \brief Get the global preferences from user_global_pref
886  * in the account_repository db
887  *
888  * \note set $SESSION[g_variable]
889  */
890  function load_global_pref()
891  {
892  $cn=new Database();
893  // Load everything in an array
894  $Res=$cn->exec_sql("select parameter_type,parameter_value from
895  user_global_pref
896  where user_id=$1", [$this->login]);
897  $Max=Database::num_row($Res);
898  if ($Max==0)
899  {
900  $this->insert_default_global_pref();
901  $this->load_global_pref();
902  return;
903  }
904  // Load value into array
905  $line=array();
906  for ($i=0; $i<$Max; $i++)
907  {
908  $row=Database::fetch_array($Res, $i);
909  $type=$row['parameter_type'];
910  $line[$type]=$row['parameter_value'];
911  }
912  // save array into g_ variable
913  $array_pref=array('g_theme'=>'THEME',
914  'g_pagesize'=>'PAGESIZE',
915  'g_topmenu'=>'TOPMENU',
916  'g_lang'=>'LANG',
917  'csv_fieldsep'=>'csv_fieldsep',
918  'csv_decimal'=>'csv_decimal',
919  'csv_encoding'=>'csv_encoding',
920  'first_week_day'=>'first_week_day');
921 
922  foreach ($array_pref as $name=> $parameter)
923  {
924  if (!isset($line[$parameter]))
925  {
926  $this->insert_default_global_pref($parameter);
927  $this->load_global_pref();
928  return;
929  }
930  $_SESSION[SESSION_KEY.$name]=$line[$parameter];
931  }
932  }
933 
934  /**
935  * \brief insert default pref
936  * if no parameter are given insert all the existing
937  * parameter otherwise only the requested
938  * \param $p_type parameter's type or nothing
939  * \param $p_value parameter value
940  *
941  */
942  function insert_default_global_pref($p_type="", $p_value="")
943  {
944 
945  $default_parameter=array("THEME"=>"classic",
946  "PAGESIZE"=>"50",
947  'TOPMENU'=>'TEXT',
948  'LANG'=>'fr_FR.utf8',
949  'csv_fieldsep'=>'0',
950  'csv_decimal'=>'0',
951  'csv_encoding'=>'utf8',
952  'first_week_day'=>1
953  );
954  $cn=new Database();
955  $sql="insert into user_global_pref(user_id,parameter_type,parameter_value)
956  values ($1,$2,$3)";
957  if ($p_type=="")
958  {
959  foreach ($default_parameter as $name=> $value)
960  {
961  $cn->exec_sql($sql, array($this->login, $name, $value));
962  }
963  }
964  else
965  {
966  $value=($p_value=="")?$default_parameter[$p_type]:$p_value;
967  if ( $cn->get_value("select count(*) from user_global_pref where user_id=$1 and parameter_type=$2",
968  array($this->login,$p_type)) == 1)
969  {
970  $cn->exec_sql("update user_global_pref set parameter_value=$1 where user_id=$2 and parameter_type=$3",
971  array($value,$this->login,$p_type));
972  } else {
973  $cn->exec_sql($sql, array($this->login, $p_type, $value));
974  }
975  }
976  }
977 
978  /**
979  * \brief update default pref
980  * if value is not given then use the default value
981  *
982  * \param $p_type parameter's type
983  * \param $p_value parameter's value value of the type
984  */
985  function update_global_pref($p_type, $p_value="")
986  {
987  $default_parameter=array("THEME"=>"classic",
988  "PAGESIZE"=>"50",
989  "LANG"=>'fr_FR.utf8',
990  'TOPMENU'=>'SELECT',
991  'csv_fieldsep'=>'0',
992  'csv_decimal'=>'0',
993  'csv_encoding'=>'utf8',
994  'first_week_day'=>1
995  );
996  $cn=new Database();
997  $Sql="update user_global_pref set parameter_value=$1
998  where parameter_type=$2 and
999  user_id=$3";
1000  $value=($p_value=="")?$default_parameter[$p_type]:$p_value;
1001  $cn->exec_sql($Sql, array($value, $p_type, $this->login));
1002  }
1003 
1004 //end function
1005  /* * \brief Return the year of current Periode
1006  * it is the parm_periode.p_exercice col
1007  * if an error occurs return 0
1008  */
1009 
1010  function get_exercice()
1011  {
1012  $sql="select p_exercice from parm_periode where p_id=$1";
1013  $Ret=$this->db->exec_sql($sql,[$this->get_periode()]);
1014  if (Database::num_row($Ret)==1)
1015  {
1016  $r=Database::fetch_array($Ret, 0);
1017  return $r['p_exercice'];
1018  }
1019  else
1020  return 0;
1021  }
1022 
1023  /* * \brief Check if the user can access
1024  * otherwise warn and exit
1025  * \param $p_action requested action
1026  * \param $p_js = 1 javascript, or 0 just a text or 2 to log it silently
1027  * \return nothing the program exits automatically
1028  */
1029 
1030  function can_request($p_action, $p_js=0)
1031  {
1032  if ($this->check_action($p_action)==0)
1033  {
1034  $this->audit('FAIL');
1035  if ($p_js==1)
1036  {
1037  echo create_script("alert_box(content[59])");
1038  }
1039  elseif ($p_js==2)
1040  {
1041  record_log(_("Access invalid").$p_action);
1042  }
1043  else
1044  {
1045  echo '<h2 class="error">',
1046  htmlspecialchars(_("Cette action ne vous est pas autorisée Contactez votre responsable")),
1047  '</h2>';
1048  echo '</div>';
1049  }
1050  exit(-1);
1051  }
1052  }
1053 
1054  /**
1055  * @brief Check if the user can print (in menu_ref p_type_display=p)
1056  * otherwise warn and exit
1057  * @param $p_action requested action
1058  * @return nothing the program exits automatically
1059  */
1060  function check_print($p_action)
1061  {
1062  global $audit, $cn;
1063  $this->audit('AUDIT', $p_action);
1064  if ($this->Admin()==1)
1065  return 1;
1066 
1067  $res=$cn->get_value("select count(*) from profile_menu
1068  join profile_user using (p_id)
1069  where user_name=$1 and me_code=$2 ", array($this->login, $p_action));
1070  return $res;
1071  }
1072 
1073  /* * \brief Check if the user can print (in menu_ref p_type_display=p)
1074  * otherwise warn and exit
1075  * \param $p_action requested action
1076  * \return nothing the program exits automatically
1077  */
1078 
1079  function can_print($p_action, $p_js=0)
1080  {
1081  if ($this->check_print($p_action)==0)
1082  {
1083  $this->audit('FAIL');
1084  if ($p_js==1)
1085  {
1086  echo create_script("alert_box(content[59])");
1087  }
1088  else
1089  {
1090  echo '<div class="redcontent">';
1091  echo '<h2 class="error">',
1092  htmlspecialchars(_("Cette action ne vous est pas autorisée Contactez votre responsable")),
1093  '</h2>';
1094  echo '</div>';
1095  }
1096  exit(-1);
1097  }
1098  }
1099 
1100  /**
1101  * \brief Check if an user is an local administrator
1102  * @deprecated since version 6.7
1103  *
1104  *
1105  * \param $p_dossier : dossier_id
1106  *
1107  * \return
1108  * - 0 if no
1109  * - 1 if yes
1110  *
1111  */
1112  function is_local_admin($p_dossier=-1)
1113  {
1114  return 0;
1115  }
1116 
1117  /**
1118  * @brief return array of available repository
1119  *
1120  * @param $p_access R for read W for write
1121  * @return an array
1122  */
1123  function get_available_repository($p_access='R')
1124  {
1125  $profile=$this->get_profile();
1126  $r=array();
1127  if ($p_access=='R')
1128  {
1129  $r=$this->db->get_array("select distinct u.r_id,r_name
1130  from
1131  profile_sec_repository as u
1132  join stock_repository as s on(u.r_id=s.r_id)
1133  where
1134  p_id =$1
1135  and ur_right='W'
1136  order by 2
1137  ", array($profile));
1138  }
1139  if ($p_access=='W')
1140  {
1141  $r=$this->db->get_array("select distinct u.r_id,r_name
1142  from
1143  profile_sec_repository as u
1144  join stock_repository as s on(u.r_id=s.r_id)
1145  where
1146  p_id =$1 order by 2
1147  ", array($profile));
1148  }
1149  return $r;
1150  }
1151 
1152  /**
1153  * \brief return an array with all the active users who can access
1154  * $p_dossier including the global admin.
1155  * The user must be activated
1156  *
1157  * \param $p_dossier dossier
1158  * \return an array of user's object
1159  * array indices
1160  * - use_id (id )
1161  * - use_login (login of the user)
1162  * - use_name
1163  * - use_first_name
1164  *
1165  * \exception throw an exception if nobody can access
1166  */
1167  static function get_list($p_dossier)
1168  {
1169  $sql="select distinct use_id,use_login,use_first_name,use_name from ac_users
1170  left outer join jnt_use_dos using (use_id)
1171  where
1172  (dos_id=$1 and use_active=1) or (use_active=1 and use_admin=1)
1173  order by use_login,use_name";
1174 
1175  $repo=new Database();
1176  $array=$repo->get_array($sql, array($p_dossier));
1177  if ($repo->size()==0)
1178  throw new Exception('Error inaccessible folder');
1179  return $array;
1180  }
1181 
1182  /**
1183  * \brief check the access of an user on a ledger
1184  *
1185  * \param $p_jrn the ledger id
1186  * \return
1187  * - O only predefined operation
1188  * - W write
1189  * - R read only
1190  * - X no access
1191  *
1192  */
1193  function check_jrn($p_jrn)
1194  {
1195  return $this->get_ledger_access($p_jrn);
1196  }
1197 
1198  /**
1199  * \brief check if an user can access a folder, if he cannot display a dialog box
1200  * and exit
1201  * \param the folder if
1202  * \param $silent false, echo an error message and exit, true : exit without warning
1203  * default is false
1204  * \return
1205  * - L for administrator (local and global)
1206  * - X no access
1207  * - R regular user
1208  */
1209  function check_dossier($p_dossier_id, $silent=false)
1210  {
1211  $this->Admin();
1212  if ($this->admin==1||$this->is_local_admin($p_dossier_id)==1)
1213  return 'L';
1214  $cn=new Database();
1215 
1216  $dossier=$cn->get_value("select 'R' from jnt_use_dos where dos_id=$1 and use_id=$2",
1217  array($p_dossier_id, $this->id));
1218  $dossier=($dossier=='')?'X':$dossier;
1219  if ($dossier=='X')
1220  {
1221  $this->audit('FAIL', "Access folder ");
1222  if (!$silent)
1223  {
1224  alert(_('Dossier non accessible'));
1225  exit();
1226  }
1227  }
1228  return $dossier;
1229  }
1230 
1231  /**
1232  * @brief return the first date and the last date of the current exercice for the current user
1233  * @return and array ([0] => start_date,[1] => end_date)
1234  */
1235  function get_limit_current_exercice()
1236  {
1237  $current_exercice=$this->get_exercice();
1238  $periode=new Periode($this->db);
1239  list($per_start, $per_end)=$periode->get_limit($current_exercice);
1240  $start=$per_start->first_day();
1241  $end=$per_end->last_day();
1242  return array($start, $end);
1243  }
1244 
1245  /**
1246  * \brief Show all the available folder for the users
1247  * at the login page. For the special case 'E'
1248  * go directly to extension and bypasse the dashboard
1249  * \param $p_filtre user
1250  *
1251  * \return table in HTML
1252  *
1253  */
1254  function show_dossier($p_filtre="")
1255  {
1256  $p_array=$this->get_available_folder($p_filtre);
1257 
1258  $result="";
1259 
1260  $result.="<TABLE id=\"folder\" class=\"result\">";
1261  $result.="<tr>";
1262  $result.="<th>";
1263  $result.=_("Id");
1264  $result.="</th>";
1265  $result.="<th>";
1266  $result.=_("Nom");
1267  $result.="</th>";
1268  $result.="<th>";
1269  $result.=_("Description");
1270  $result.="</th>";
1271  $result.="</tr>";
1272  if ($p_array==0)
1273  {
1274  $result.="<tr>";
1275  $result.='<td style="width:auto" colspan=3>';
1276  $result.=_("Aucun dossier disponible");
1277  $result.='</td>';
1278  $result.="</tr>";
1279  return $result;
1280  }
1281 
1282  for ($i=0; $i<sizeof($p_array); $i++)
1283  {
1284 
1285  $id=$p_array[$i]['dos_id'];
1286  $name=$p_array[$i]['dos_name'];
1287  $desc=$p_array[$i]['dos_description'];
1288  if ($i%2==0)
1289  $tr="odd";
1290  else
1291  $tr="even";
1292  $target="do.php?gDossier=$id";
1293 
1294  $result.="<TR class=\"$tr\">";
1295 
1296  $result.=td($id, ' class="num" ');
1297  $result.="<TD class=\"$tr\">";
1298  $result.="<A class=\"dossier\" HREF=\"$target\">";
1299  $result.=" <B>".h($name)."</B>";
1300  $result.="</A>";
1301  $result.="</TD>";
1302  $desc=($desc=="")?"<i>Aucune description</i>":h($desc);
1303  $desc="<A class=\"dossier\" HREF=\"$target\">$desc</A>";
1304  $result.="<TD class=\"$tr\" >".$desc;
1305  $result.="</TD>";
1306  $result.="</TR>";
1307  }
1308  $result.="</TABLE>";
1309  return $result;
1310  }
1311 
1312  /**
1313  * \brief Get all the available folders
1314  * for the users, checked with the security
1315  *
1316  * \param $p_filter
1317  * \return array containing
1318  * - ac_dossier.dos_id
1319  * - ac_dossier.dos_name
1320  * - ac_dossier.dos_description
1321  *
1322  */
1323  function get_available_folder($p_filter="")
1324  {
1325  $cn=new Database();
1326  $filter="";
1327  if ($this->admin==0)
1328  {
1329  // show only available folders
1330  // if user is not an admin
1331  $Res=$cn->exec_sql("select
1332  distinct dos_id,dos_name,dos_description
1333  from ac_users
1334  natural join jnt_use_dos
1335  natural join ac_dossier
1336  where
1337  use_login= $1
1338  and use_active = 1
1339  and ( dos_name ilike '%' || $2 || '%' or dos_description ilike '%' || $2 || '%' )
1340  order by dos_name", array($this->login, $p_filter));
1341  }
1342  else
1343  {
1344  $Res=$cn->exec_sql("select
1345  distinct dos_id,dos_name,dos_description from ac_dossier
1346  where
1347  dos_name ilike '%' || $1|| '%' or dos_description ilike '%' || $1 || '%'
1348  order by dos_name", array($p_filter));
1349  }
1350 
1351  $max=Database::num_row($Res);
1352  if ($max==0)
1353  return 0;
1354 
1355  for ($i=0; $i<$max; $i++)
1356  {
1357  $array[]=Database::fetch_array($Res, $i);
1358  }
1359  return $array;
1360  }
1361 
1362  /**
1363  * @brief Audit action from the administration menu
1364  * @param $p_module description of the action
1365  */
1366  static function audit_admin($p_module)
1367  {
1368  $cn=new Database();
1369  $sql="insert into audit_connect (ac_user,ac_ip,ac_module,ac_url,ac_state) values ($1,$2,$3,$4,$5)";
1370 
1371  $cn->exec_sql($sql,
1372  array(
1373  $_SESSION[SESSION_KEY.'g_user'],
1374  $_SERVER["REMOTE_ADDR"],
1375  $p_module,
1376  $_SERVER['REQUEST_URI'],
1377  'ADMIN'));
1378  }
1379 
1380  function audit($action='AUDIT', $p_module="")
1381  {
1382  global $audit;
1383  if ($audit)
1384  {
1385  if ($p_module==""&&isset($_REQUEST['ac']))
1386  {
1387  $p_module=$_REQUEST['ac'];
1388  }
1389  $cn=new Database();
1390  if (isset($_REQUEST['gDossier']))
1391  $p_module.=" dossier : ".$_REQUEST['gDossier'];
1392  $sql="insert into audit_connect (ac_user,ac_ip,ac_module,ac_url,ac_state) values ($1,$2,$3,$4,$5)";
1393 
1394  $cn->exec_sql($sql,
1395  array(
1396  $_SESSION[SESSION_KEY.'g_user'],
1397  $_SERVER["REMOTE_ADDR"],
1398  $p_module,
1399  $_SERVER['REQUEST_URI'],
1400  $action));
1401  }
1402  }
1403 
1404  function save_profile($p_id)
1405  {
1406  $count=$this->db->get_value("select count(*) from profile_user where user_name=$1", array($this->login));
1407  if ($count==0)
1408  {
1409  $this->db->exec_sql("insert into profile_user(p_id,user_name)
1410  values ($1,$2)", array($p_id, $this->login));
1411  }
1412  else
1413  {
1414  $this->db->exec_sql("update profile_user set p_id=$1 where user_name=$2", array($p_id, $this->login));
1415  }
1416  }
1417 
1418  /**
1419  * @brief return the profile (p_id)
1420  * @return profile.p_id
1421  */
1422  function get_profile()
1423  {
1424  $profile=$this->db->get_value("select p_id from profile_user where
1425  lower(user_name)=lower($1) ", array($this->login));
1426  return $profile;
1427  }
1428 
1429  /**
1430  * @brief Compute the SQL string for the writable profile,
1431  * the subselect for p_id , example
1432  * p_id in $g_user->sql_writable_profile.
1433  * The administrator can access all the profiles
1434  * R = Read Only W = Write and delete O = write and not delete
1435  * @return SQL string with the subselect for p_id
1436  */
1437  function sql_writable_profile()
1438  {
1439  if ($this->admin!=1)
1440  {
1441  $sql=" (select p_granted "
1442  ." from user_sec_action_profile "
1443  ." where ua_right in ('W','O') and p_id=".$this->get_profile().") ";
1444  }
1445  else
1446  {
1447  $sql="(select p_id p_granted from profile)";
1448  }
1449  return $sql;
1450  }
1451  /**
1452  * @brief return array of writable action_profile
1453  *
1454  */
1455  function get_writable_profile()
1456  {
1457  $value=$this->db->get_array("select p_granted from ".$this->sql_writable_profile()." as m") ;
1458  $aGranted=array_column($value,"p_granted");
1459  return $aGranted;
1460  }
1461  /**
1462  * @brief return array of readable action_profile
1463  *
1464  */
1465  function get_readable_profile()
1466  {
1467  $value=$this->db->get_array("select p_granted from ".$this->sql_readable_profile()." as m") ;
1468  $aGranted=array_column($value,"p_granted");
1469  return $aGranted;
1470  }
1471  /**
1472  *@brief Compute the SQL string for the readable profile,
1473  * the subselect for p_id , example
1474  * p_id in $g_user->sql_readable_profile.
1475  * The administrator can read all the profiles
1476  * @return SQL string with the subselect for p_id
1477  */
1478  function sql_readable_profile()
1479  {
1480  if ($this->admin!=1)
1481  {
1482  $sql=" (select p_granted "
1483  ." from user_sec_action_profile "
1484  ." where ua_right in ('W','R','O') and p_id=".$this->get_profile().") ";
1485  }
1486  else
1487  {
1488  $sql="(select p_id p_granted from profile)";
1489  }
1490  return $sql;
1491  }
1492 
1493  /**
1494  * @brief Check if the current user can add an action in the profile given
1495  * in parameter
1496  * @param type $p_profile profile.p_id = action_gestion.ag_dest
1497  * @return boolean
1498  */
1499  function can_add_action($p_profile)
1500  {
1501  $r=$this->db->get_value(' select count(*)
1502  from user_sec_action_profile
1503  where p_granted=$2
1504  and p_id=$1', array($this->get_profile(), $p_profile));
1505  if ($r==0)
1506  {
1507  return false;
1508  }
1509  return true;
1510  }
1511 
1512  /**
1513  * Check if the profile of the user can write for this profile
1514  * @param $dtoc action_gestion.ag_id
1515  * @return true if he can write otherwise false
1516  */
1517  function can_write_action($dtoc)
1518  {
1519  if ($this->Admin()==1)
1520  return TRUE;
1521  if ($this->get_status_security_action()==0)
1522  return TRUE;
1523  $profile=$this->get_profile();
1524  $r=$this->db->get_value(" select count(*) from action_gestion where ag_id=$1 and ag_dest in
1525  (select p_granted from user_sec_action_profile where ua_right in ('W','O') and p_id=$2) ", array($dtoc, $profile));
1526  if ($r==0)
1527  return FALSE;
1528  return true;
1529  }
1530 
1531  /**
1532  * Check if the profile of the user can write AND delete for this profile
1533  * @param $dtoc action_gestion.ag_id
1534  * @return true if he can write otherwise false
1535  */
1536  function can_delete_action($dtoc)
1537  {
1538  if ($this->Admin()==1)
1539  return TRUE;
1540  if ($this->get_status_security_action()==0)
1541  return TRUE;
1542  $profile=$this->get_profile();
1543  $r=$this->db->get_value(" select count(*) from action_gestion where ag_id=$1 and ag_dest in
1544  (select p_granted from user_sec_action_profile where ua_right='W' and p_id=$2) ", array($dtoc, $profile));
1545  if ($r==0)
1546  return FALSE;
1547  return true;
1548  }
1549 
1550  /**
1551  * Check if the profile of the user can write for this profile
1552  * @param $dtoc action_gestion.ag_id
1553  * @return true if he can write otherwise false
1554  */
1555  function can_read_action($dtoc)
1556  {
1557  if ($this->Admin()==1)
1558  return true;
1559  $profile=$this->get_profile();
1560  $r=$this->db->get_value(" select count(*) from action_gestion where ag_id=$1 and (ag_dest in
1561  (select p_granted from user_sec_action_profile where p_id=$2) or ag_owner=$3)",
1562  array($dtoc, $profile, $this->login));
1563  if ($r==0)
1564  return false;
1565  return true;
1566  }
1567 
1568  /**
1569  * Check if the profile of the user can write for this repository
1570  * @param $p_repo stock_repository.r_id
1571  * @return true if he can write otherwise false
1572  */
1573  function can_write_repo($p_repo)
1574  {
1575  if ($this->Admin()==1)
1576  return true;
1577  $profile=$this->get_profile();
1578  $r=$this->db->get_value("select count(*)
1579  from profile_sec_repository
1580  where
1581  r_id=$1
1582  and p_id =$2
1583  and ur_right='W'", array($p_repo, $profile));
1584  if ($r==0)
1585  return false;
1586  return true;
1587  }
1588 
1589  /**
1590  * Check if the profile of the user can read for this repository
1591  * @param $p_repo stock_repository.r_id
1592  * @return true if he read write otherwise false
1593  */
1594  function can_read_repo($p_repo)
1595  {
1596  if ($this->Admin()==1)
1597  return true;
1598  $profile=$this->get_profile();
1599  $r=$this->db->get_value("select count(*)
1600  from profile_sec_repository
1601  where
1602  r_id=$1
1603  and p_id =$2
1604  ", array($p_repo, $profile));
1605  if ($r==0)
1606  return false;
1607  return true;
1608  }
1609  /**
1610  * @brief store the password in session
1611  */
1612  function password_to_session()
1613  {
1614  $_SESSION[SESSION_KEY.'g_pass']=$this->getPassword();
1615  }
1616  /**
1617  * @brief Save the password of the current user
1618  * @param string $p_pass1 password (clear)
1619  * @param string $p_pass2 for confirming password (clear)
1620  * @return true : password successfully changed otherwise false
1621  */
1622  function save_password($p_pass1, $p_pass2)
1623  {
1624  if ($p_pass1==$p_pass2)
1625  {
1626  $repo=new Database();
1627  $l_pass=md5($p_pass1);
1628  $this->setPassword($l_pass);
1629  $repo->exec_sql("update ac_users set use_pass=$1 where use_login=$2",
1630  array($l_pass, $this->login));
1631  return true;
1632  }
1633  else
1634  {
1635 
1636  return false;
1637  }
1638  }
1639 
1640  /**
1641  * Save the password from PREFERENCE MODULE
1642  * @param type $p_email
1643  */
1644  function save_email($p_email)
1645  {
1646  $repo=new Database();
1647  $repo->exec_sql("update ac_users set use_email=$1 where use_login=$2",
1648  array($p_email, $_SESSION[SESSION_KEY.'g_user']));
1649  }
1650 
1651  /**
1652  * Remove a user and all his privileges
1653  * So it cannot connect anymore and all his privileges are removed from
1654  * the dossier
1655  *
1656  */
1657  static function revoke_access($p_login, $p_dossier)
1658  {
1659  // connect to the repository
1660  $repo_cnx=new Database();
1661 
1662  // Retrieve the user
1663  $user=$repo_cnx->get_array('select use_id,use_login from ac_users where use_login=$1', array($p_login));
1664  if (!$user)
1665  return false;
1666 
1667  // remove him from jnt_use_dos
1668  $repo_cnx->exec_sql("delete from jnt_use_dos WHERE use_id=$1 and dos_id=$2",
1669  array($user[0]['use_id'], $p_dossier));
1670 
1671  // Remove user from user's dossier
1672  $cn_dossier=new Database($p_dossier);
1673  $cn_dossier->exec_sql("delete from profile_user where user_name=$1", array($p_login));
1674  $cn_dossier->exec_sql("delete from user_sec_act where ua_login=$1", array($p_login));
1675  }
1676 
1677  /**
1678  * Grant access to folder, grant administrator profile , all the ledgers and all the action
1679  *
1680  */
1681  static function grant_admin_access($p_login, $p_dossier)
1682  {
1683  $repo_cnx=new Database();
1684  $user=$repo_cnx->get_array("select use_id,use_login
1685  from ac_users
1686  where use_login=$1", array($p_login));
1687 
1688  if (!$user)
1689  return false;
1690  $cn_dossier=new Database($p_dossier);
1691  // if not access to DB
1692  if (
1693  $repo_cnx->get_value("select count(*) from jnt_use_dos where use_id=$1 and dos_id=$2",
1694  array($user[0]['use_id'], $p_dossier))==0
1695  )
1696  {
1697  $repo_cnx->exec_sql("insert into jnt_use_dos(use_id,dos_id) values ($1,$2)",
1698  array($user[0]['use_id'], $p_dossier));
1699  }
1700  //------ Give him the admin menu
1701  if ($cn_dossier->get_value("select count(*) from profile_user where user_name=$1", array($user[0]['use_login']))==0)
1702  {
1703  $cn_dossier->exec_sql('insert into profile_user(user_name,p_id) values($1,1)', array($user[0]['use_login']));
1704  }
1705  // Grant all action + ledger to him
1706  $cn_dossier->exec_sql("delete from user_sec_act where ua_login=$1", array($p_login));
1707 
1708  $cn_dossier->exec_sql("insert into user_sec_act (ua_login,ua_act_id)"
1709  ." select $1 ,ac_id from action ", array($p_login));
1710 
1711  $cn_dossier->exec_sql("delete from user_sec_jrn where uj_login=$1", array($p_login));
1712  $cn_dossier->exec_sql("insert into user_sec_jrn(uj_login,uj_jrn_id,uj_priv)"
1713  ." select $1,jrn_def_id,'W' from jrn_def", array($p_login));
1714  }
1715 
1716  static function remove_inexistant_user($p_dossier)
1717  {
1718  $cnx_repo=new Database();
1719  $name=$cnx_repo->format_name($p_dossier, 'dos');
1720  if ($cnx_repo->exist_database($name)==0)
1721  return;
1722  $cnx_dossier=new Database($p_dossier);
1723  if ($cnx_dossier->exist_table('profile_user'))
1724  $a_user=$cnx_dossier->get_array('select user_name from profile_user');
1725  else
1726  return;
1727 
1728  if (!$a_user)
1729  return;
1730  $nb=count($a_user);
1731  for ($i=0; $i<$nb; $i++)
1732  {
1733  if ($cnx_repo->get_value('select count(*) from ac_users where use_login=$1', array($a_user[$i]['user_name']))==0)
1734  {
1735  if ($cnx_dossier->exist_table('user_sec_jrn'))
1736  $cnx_dossier->exec_sql("delete from user_sec_jrn where uj_login=$1", array($a_user[$i]['user_name']));
1737  $cnx_dossier->exec_sql("delete from profile_user where user_name=$1", array($a_user[$i]['user_name']));
1738  if ($cnx_dossier->exist_table('user_sec_act'))
1739  $cnx_dossier->exec_sql("delete from user_sec_act where ua_login=$1", array($a_user[$i]['user_name']));
1740  if ($cnx_dossier->exist_table('user_sec_jrn'))
1741  $cnx_dossier->exec_sql("delete from user_sec_jrn where uj_login=$1", array($a_user[$i]['user_name']));
1742  if ($cnx_dossier->exist_table('user_active_security'))
1743  $cnx_dossier->exec_sql("delete from user_active_security where us_login=$1",
1744  array($a_user[$i]['user_name']));
1745  }
1746  }
1747  }
1748 
1749  /**
1750  * Check the security on ledger for the user , it returns 1 if the security
1751  * on ledgers is enabled, otherwise 0
1752  */
1753  function get_status_security_ledger()
1754  {
1755  $security=$this->db->get_value("select us_ledger from user_active_security
1756  where
1757  us_login=$1", [$this->login]);
1758  $n_security=($security=="Y")?1:0;
1759  return $n_security;
1760  }
1761 
1762  /**
1763  * Set the flag in the table user_active_security
1764  * @param int $p_value 1==enable , 0 = disable
1765  * @exceptions invalid value
1766  */
1767  function set_status_security_ledger($p_value)
1768  {
1769  if ($p_value!=0&&$p_value!=1)
1770  throw new Exception(_("Valeur invalide"));
1771  $exist=$this->db->get_value("select count(*) from user_active_security where us_login=$1", [$this->login]);
1772  $flag=($p_value==1)?"Y":"N";
1773  if ($exist==0)
1774  {
1775  $this->db->exec_sql("insert into user_active_security (us_login,us_ledger,us_action) values ($1,$2,$3)",
1776  [$this->login, $flag, 'Y']);
1777  }
1778  else
1779  {
1780  $this->db->exec_sql("update user_active_security set us_ledger=$1 where us_login = $2",
1781  [$flag, $this->login]);
1782  }
1783  }
1784 
1785  /**
1786  * Check the security on ledger for the user , it returns 1 if the security
1787  * on ledgers is enabled, otherwise 0
1788  */
1789  function get_status_security_action()
1790  {
1791  $security=$this->db->get_value("select us_action from user_active_security
1792  where
1793  us_login=$1", [$this->login]);
1794  $n_security=($security=="Y")?1:0;
1795  return $n_security;
1796  }
1797 
1798  /**
1799  * Set the flag in the table user_active_security
1800  * @param int $p_value 1==enable , 0 = disable
1801  * @exceptions invalid value
1802  */
1803  function set_status_security_action($p_value)
1804  {
1805  if ($p_value!=0&&$p_value!=1)
1806  throw new Exception(_("Valeur invalide"));
1807  $exist=$this->db->get_value("select count(*) from user_active_security where us_login=$1", [$this->login]);
1808  $flag=($p_value==1)?"Y":"N";
1809  if ($exist==0)
1810  {
1811  $this->db->exec_sql("insert into user_active_security (us_login,us_action,us_ledger) values ($1,$2,$3)",
1812  [$this->login, $flag, 'Y']);
1813  }
1814  else
1815  {
1816  $this->db->exec_sql("update user_active_security set us_action=$1 where us_login = $2",
1817  [$flag, $this->login]);
1818  }
1819  }
1820 
1821  /**
1822  *
1823  */
1824  function get_first_week_day()
1825  {
1826  $repocn=new Database();
1827  $result=$repocn->get_value("select parameter_value from user_global_pref where parameter_type=$1 and user_id=$2 ",
1828  array("first_week_day", $this->login));
1829  if ($repocn->count()==0)
1830  {
1831  $this->save_global_preference("first_week_day", 1);
1832  return 1;
1833  }
1834  return $result;
1835  }
1836  /**
1837  * @brief clean the sessions
1838  */
1839  static function clean_session()
1840  {
1841 
1842  $aSession=$_SESSION;
1843  foreach($aSession as $key => $value) {
1844  if(DEBUGNOALYSS>1) { echo "[$key]=>[$value]";}
1845 
1846  if ( strpos($key,SESSION_KEY) === 0) {
1847  unset($_SESSION[$key]);
1848  if(DEBUGNOALYSS>1) { echo "=> [$key] cleaned";}
1849  }
1850  }
1851  }
1852 }
1853 
1854 ?>
User\getDb
getDb()
Definition: user.class.php:186
$ret
$ret
Definition: ajax_display_letter.php:51
User\clean_session
static clean_session()
clean the sessions
Definition: user.class.php:1839
style
$opd_description style
Definition: ajax_mod_predf_op.php:52
p_id
$profile p_id
Definition: ajax_display_submenu.php:52
User\$login
$login
login lower case
Definition: user.class.php:44
db
$SecUser db
Definition: export_security_pdf.php:118
User\get_first_week_day
get_first_week_day()
Definition: user.class.php:1824
ALL
const ALL
Definition: constant.php:193
User\can_connect
can_connect()
check the password and user
Definition: user.class.php:70
User\$active
$active
1 active , 0 disables
Definition: user.class.php:43
User\$password
$password
md5 of the password
Definition: user.class.php:45
User\connect_user
connect_user()
connect the user and set the $_SESSION variables if not set thanks the $_REQUEST
Definition: user.class.php:82
User\load_global_pref
load_global_pref()
Get the global preferences from user_global_pref in the account_repository db.
Definition: user.class.php:890
User\get_status_security_ledger
get_status_security_ledger()
Check the security on ledger for the user , it returns 1 if the security on ledgers is enabled,...
Definition: user.class.php:1753
User\set_status_security_ledger
set_status_security_ledger($p_value)
Set the flag in the table user_active_security.
Definition: user.class.php:1767
from
$anc_grandlivre from
Definition: ajax_history_anc_account.php:61
User\getAdmin
getAdmin()
Definition: user.class.php:202
Dossier
manage the current dossier, everywhere we need to know to which folder we are connected,...
Definition: dossier.class.php:39
User\$email
$email
user's email
Definition: user.class.php:46
User\getPassword
getPassword()
Definition: user.class.php:298
$sql
$sql
Definition: ajax_add_concerned_card.php:100
User\__construct
__construct($p_cn, $p_id=-1)
Definition: user.class.php:49
$result
$result
Definition: anc_great_ledger.inc.php:26
User\getLogin
getLogin()
Definition: user.class.php:282
User\setName
setName($name)
Definition: user.class.php:258
User\remove_inexistant_user
static remove_inexistant_user($p_dossier)
Definition: user.class.php:1716
User\getValid
getValid()
Definition: user.class.php:218
User\getEmail
getEmail()
Definition: user.class.php:314
name
$from_poste name
Definition: balance.inc.php:159
$value
$value
Definition: export_document.php:41
$i
$i
Definition: action_document_type_mtable_input.php:83
h2
h2($p_string, $p_class="", $raw="")
Definition: ac_common.php:68
User\$valid
$valid
is or is not valid
Definition: user.class.php:40
DatabaseCore\num_row
static num_row($ret)
wrapper for the function pg_num_rows
Definition: database_core.class.php:734
$Max
$Max
Definition: export_security_pdf.php:158
$sql_array
$sql_array['query']
Definition: ajax_add_concerned_card.php:92
$from
$from
Definition: balance.inc.php:61
$http
$http
Definition: action.common.inc.php:33
User\get_access_mode
get_access_mode()
access_mode tells what mode must be used : pc or mobile
Definition: user.class.php:153
User\get_status_security_action
get_status_security_action()
Check the security on ledger for the user , it returns 1 if the security on ledgers is enabled,...
Definition: user.class.php:1789
User\$access_mode
$access_mode
MOBILE or PC depending if when connecting $login contains @mobile.
Definition: user.class.php:47
User\__toString
__toString()
Definition: user.class.php:63
User\getActive
getActive()
Definition: user.class.php:266
User\set_access_mode
set_access_mode($access_mode)
access_mode tells what mode must be used : pc or mobile
Definition: user.class.php:161
User\setActive
setActive($active)
Definition: user.class.php:274
$r
catch(Exception $exc) if(! $g_user->can_write_action($ag_id)) $r
Definition: ajax_add_concerned_card.php:53
User\$admin
$admin
is or is not admin
Definition: user.class.php:39
User\$db
$db
database connx
Definition: user.class.php:38
exit
for($e=0; $e< count($afiche); $e++) exit
Definition: export_fiche_balance_csv.php:109
User\getId
getId()
Definition: user.class.php:170
$cn
$cn
Definition: ajax_anc_accounting.php:30
$Res
$Res
Definition: export_security_pdf.php:117
User
Data & function about connected users.
Definition: user.class.php:33
User\setEmail
setEmail($email)
Definition: user.class.php:322
User\setValid
setValid(int $valid)
Definition: user.class.php:226
Database
contains the class for connecting to Noalyss
Definition: database.class.php:32
User\$name
$name
Definition: user.class.php:42
$user_password
$user_password
Definition: recover.php:93
User\load
load()
Definition: user.class.php:333
User\getFirstName
getFirstName()
Definition: user.class.php:234
User\$id
$id
in account_repository , ac_users.use_id
Definition: user.class.php:36
User\setId
setId(int $id)
Definition: user.class.php:178
User\Check
Check($silent=false, $from='')
Check if user is active and exists in therepository Automatically redirect, it doesn't check if a use...
Definition: user.class.php:405
User\setFirstName
setFirstName($first_name)
Definition: user.class.php:242
User\getName
getName()
Definition: user.class.php:250
User\save_global_preference
save_global_preference($key, $value)
Save the preference , the scope is global, the settings are saved into account_repository.
Definition: user.class.php:767
$nb
$nb
Definition: ajax_auto_anc_card.php:32
User\setLogin
setLogin(string $login)
Definition: user.class.php:290
td
td($p_string='', $p_extra='')
surround the string with td
Definition: ac_common.php:83
redirect
redirect($p_string, $p_time=0)
Definition: user_common.php:181
$row
$row
Definition: ajax_anc_detail_operation.php:33
index
z index
Definition: action_search.php:31
User\insert
insert()
Definition: user.class.php:384
$p_id
$p_id
Definition: ajax_accounting.php:33
$res
$res
Definition: ajax_preference.php:49
User\setDb
setDb($db)
Definition: user.class.php:194
User\setAdmin
setAdmin($admin)
Definition: user.class.php:210
DatabaseCore\fetch_array
static fetch_array($ret, $p_indice=0, $p_mode=PGSQL_ASSOC)
wrapper for the function pg_fetch_array
Definition: database_core.class.php:746
User\$first_name
$first_name
Definition: user.class.php:41
User\set_status_security_action
set_status_security_action($p_value)
Set the flag in the table user_active_security.
Definition: user.class.php:1803
User\setPassword
setPassword($password)
Definition: user.class.php:306
User\grant_admin_access
static grant_admin_access($p_login, $p_dossier)
Grant access to folder, grant administrator profile , all the ledgers and all the action.
Definition: user.class.php:1681
User\save
save()
Definition: user.class.php:373