QuartzMap/admin/class/user.php

<?php
    class user_Class
    {
        private $table_name = 'user';
        private $dbconn = null;
				private $owner_id = null;

        function __construct($dbconn, $owner_id) {
            $this->dbconn = $dbconn;
						$this->owner_id = $owner_id;
        }

        function create($data, $isHashed = false)
        {		
						 if(!$isHashed){
						 	$data['password'] = password_hash($data['password'], PASSWORD_DEFAULT);
						 }
						
             $sql = "INSERT INTO PUBLIC." .$this->table_name."
             (name,email,password,ftp_user,accesslevel,owner_id) "."VALUES('".
             $this->cleanData($data['name'])."','".
             $this->cleanData($data['email'])."','".
             									$data['password']."','".
						 $this->cleanData($data['ftp_user'])."','".
             $this->cleanData($data['accesslevel'])."',".
						 $this->owner_id.") RETURNING id";

            $row = pg_fetch_object(pg_query($this->dbconn, $sql));

            if($row) {

							# insert user groups
							$values = array();
							foreach($data['groups'] as $group_id){
								array_push($values, "(".$row->id.",".$group_id.")");
							}

							$sql = "insert into public.user_access (user_id,access_group_id) values ".implode(',', $values);
							$ret = pg_query($this->dbconn, $sql);

              return $row->id;
            }
            return 0;

            //return pg_affected_rows(pg_query($this->dbconn, $sql));
        }

        function getRows()
        {
            $sql ="select * from public." .$this->table_name;
						if($this->owner_id != SUPER_ADMIN_ID){
							$sql .= " WHERE owner_id = ".$this->owner_id;
						}
						$sql .= " ORDER BY id DESC";
           return pg_query($this->dbconn, $sql);
        }

				function getRowsArr(){
						$rv = array();
						$result = $this->getRows();
						while ($row = pg_fetch_assoc($result)) {
							$rv[$row['id']] = $row['name'];
						}
            return $rv;
        }

        function getById($id){

            $sql ="select * from public." .$this->table_name . "
            where id='".intval($id)."'";
            return pg_query($this->dbconn, $sql);
        }

				function loginCheck($pwd, $email){

	        $sql ="select * from public.user where email = '".$this->cleanData($email)."'";
	        $result = pg_query($this->dbconn,$sql);
					$row = pg_fetch_object($result);
					pg_free_result($result);
					
					if (password_verify($pwd, $row->password)) {
						return $row;
					}
	        return null;
				}

				function getByEmail($email){

            $sql ="select * from public.".$this->table_name." where email='".$email."'";
            $result = pg_query($this->dbconn, $sql);
						if(!$result){
							return false;
						}
						
						$row = pg_fetch_object($result);
						pg_free_result($result);
            return $row;
        }
				
       function delete($id)
       {
					 $sql ="delete from public.user_access where user_id='".intval($id)."'";
					 $result = pg_query($this->dbconn, $sql);
					 if(!$result){
						 return false;
					 }
					 pg_free_result($result);

            $sql ="delete from public." .$this->table_name . " where id='".intval($id)."'";
            $result = pg_query($this->dbconn, $sql);
						if(!$result){
 						 return false;
 					 }
 					 pg_free_result($result);
					 
					 return true;
       }

       function update($data=array())
       {

          $id = intval($data['id']);
				 	$row = pg_fetch_object($this->getById($id));
					
          $sql = "update public.user set name='".
          				$this->cleanData($data['name'])."'";
					
					if($row->password != $data['password']){	# if password is changed
						$hashpassword = password_hash($data['password'], PASSWORD_DEFAULT);
          	$sql .= ", password='".$hashpassword."'";
					}
					
					if(isset($data['ftp_user'])){
						$sql .= ", ftp_user = '".$this->cleanData($data['ftp_user'])."'";
					}
					
          $sql .= ", accesslevel='".$this->cleanData($data['accesslevel']).
								 	"' where id = '".$id."'";

					$rv = pg_affected_rows(pg_query($this->dbconn, $sql));

					if($rv > 0){
						# drop old groups
						$sql = "delete from public.user_access where user_id=".$data['id'];
						$ret = pg_query($this->dbconn, $sql);

						# insert user groups
						$values = array();
						foreach($data['groups'] as $group_id){
							array_push($values, "(".$data['id'].",".$group_id.")");
						}

						$sql = "insert into public.user_access (user_id,access_group_id) values ".implode(',', $values);
						$ret = pg_query($this->dbconn, $sql);
					}

					return $rv;
       }
			 
			 function isOwnedByUs($id){
				 
				 if($this->owner_id == SUPER_ADMIN_ID){	// if Super Admin
					 return true;
				 }
				 
				 $sql = "select * from public.".$this->table_name." where id=".$id." and owner_id=".$this->owner_id;
				 $result = pg_query($this->dbconn, $sql);
			 if(!$result){
				 return false;
			 }
			 $rv = (pg_num_rows($result) > 0);
			 pg_free_result($result);
			 return $rv;
			 }
			 
       function cleanData($val)
       {
         return pg_escape_string($this->dbconn, $val);
       }
			 
			 static public function create_ftp_user($ftp_user, $email, $hashed_pwd){
		 		$descriptorspec = array(
		 			0 => array("pipe", "r"),
		 		  1 => array("pipe", "w"),
		 		  2 => array("pipe", "w")
		 		);

		 		$process = proc_open('sudo /usr/local/bin/create_ftp_user.sh', $descriptorspec, $pipes, null, null);
		 		
		 		if (is_resource($process)) {
		 			
		 		    fwrite($pipes[0], $ftp_user."\n".$hashed_pwd."\n");
		 		    fclose($pipes[0]);

		 		    //echo stream_get_contents($pipes[1]);
		 		    fclose($pipes[1]);
		 				fclose($pipes[2]);

		 		    // It is important that you close any pipes before calling proc_close in order to avoid a deadlock
		 		    $return_value = proc_close($process);
		 		}
		 	}
	}
initial commit 2024-03-16 23:03:30 +00:00			`<?php`
			`class user_Class`
			`{`
			`private $table_name = 'user';`
			`private $dbconn = null;`
			`private $owner_id = null;`

			`function __construct($dbconn, $owner_id) {`
			`$this->dbconn = $dbconn;`
			`$this->owner_id = $owner_id;`
			`}`

			`function create($data, $isHashed = false)`
			`{`
			`if(!$isHashed){`
			`$data['password'] = password_hash($data['password'], PASSWORD_DEFAULT);`
			`}`

			`$sql = "INSERT INTO PUBLIC." .$this->table_name."`
			`(name,email,password,ftp_user,accesslevel,owner_id) "."VALUES('".`
			`$this->cleanData($data['name'])."','".`
			`$this->cleanData($data['email'])."','".`
			`$data['password']."','".`
			`$this->cleanData($data['ftp_user'])."','".`
			`$this->cleanData($data['accesslevel'])."',".`
			`$this->owner_id.") RETURNING id";`

			`$row = pg_fetch_object(pg_query($this->dbconn, $sql));`

			`if($row) {`

			`# insert user groups`
			`$values = array();`
			`foreach($data['groups'] as $group_id){`
			`array_push($values, "(".$row->id.",".$group_id.")");`
			`}`

			`$sql = "insert into public.user_access (user_id,access_group_id) values ".implode(',', $values);`
			`$ret = pg_query($this->dbconn, $sql);`

			`return $row->id;`
			`}`
			`return 0;`

			`//return pg_affected_rows(pg_query($this->dbconn, $sql));`
			`}`

			`function getRows()`
			`{`
			`$sql ="select * from public." .$this->table_name;`
			`if($this->owner_id != SUPER_ADMIN_ID){`
			`$sql .= " WHERE owner_id = ".$this->owner_id;`
			`}`
			`$sql .= " ORDER BY id DESC";`
			`return pg_query($this->dbconn, $sql);`
			`}`

			`function getRowsArr(){`
			`$rv = array();`
			`$result = $this->getRows();`
			`while ($row = pg_fetch_assoc($result)) {`
			`$rv[$row['id']] = $row['name'];`
			`}`
			`return $rv;`
			`}`

			`function getById($id){`

			`$sql ="select * from public." .$this->table_name . "`
			`where id='".intval($id)."'";`
			`return pg_query($this->dbconn, $sql);`
			`}`

			`function loginCheck($pwd, $email){`

			`$sql ="select * from public.user where email = '".$this->cleanData($email)."'";`
			`$result = pg_query($this->dbconn,$sql);`
			`$row = pg_fetch_object($result);`
			`pg_free_result($result);`

			`if (password_verify($pwd, $row->password)) {`
			`return $row;`
			`}`
			`return null;`
			`}`

			`function getByEmail($email){`

			`$sql ="select * from public.".$this->table_name." where email='".$email."'";`
			`$result = pg_query($this->dbconn, $sql);`
			`if(!$result){`
			`return false;`
			`}`

			`$row = pg_fetch_object($result);`
			`pg_free_result($result);`
			`return $row;`
			`}`

			`function delete($id)`
			`{`
			`$sql ="delete from public.user_access where user_id='".intval($id)."'";`
			`$result = pg_query($this->dbconn, $sql);`
			`if(!$result){`
			`return false;`
			`}`
			`pg_free_result($result);`

			`$sql ="delete from public." .$this->table_name . " where id='".intval($id)."'";`
			`$result = pg_query($this->dbconn, $sql);`
			`if(!$result){`
			`return false;`
			`}`
			`pg_free_result($result);`

			`return true;`
			`}`

			`function update($data=array())`
			`{`

			`$id = intval($data['id']);`
			`$row = pg_fetch_object($this->getById($id));`

			`$sql = "update public.user set name='".`
			`$this->cleanData($data['name'])."'";`

			`if($row->password != $data['password']){ # if password is changed`
			`$hashpassword = password_hash($data['password'], PASSWORD_DEFAULT);`
			`$sql .= ", password='".$hashpassword."'";`
			`}`

			`if(isset($data['ftp_user'])){`
			`$sql .= ", ftp_user = '".$this->cleanData($data['ftp_user'])."'";`
			`}`

			`$sql .= ", accesslevel='".$this->cleanData($data['accesslevel']).`
			`"' where id = '".$id."'";`

			`$rv = pg_affected_rows(pg_query($this->dbconn, $sql));`

			`if($rv > 0){`
			`# drop old groups`
			`$sql = "delete from public.user_access where user_id=".$data['id'];`
			`$ret = pg_query($this->dbconn, $sql);`

			`# insert user groups`
			`$values = array();`
			`foreach($data['groups'] as $group_id){`
			`array_push($values, "(".$data['id'].",".$group_id.")");`
			`}`

			`$sql = "insert into public.user_access (user_id,access_group_id) values ".implode(',', $values);`
			`$ret = pg_query($this->dbconn, $sql);`
			`}`

			`return $rv;`
			`}`

			`function isOwnedByUs($id){`

			`if($this->owner_id == SUPER_ADMIN_ID){ // if Super Admin`
			`return true;`
			`}`

			`$sql = "select * from public.".$this->table_name." where id=".$id." and owner_id=".$this->owner_id;`
			`$result = pg_query($this->dbconn, $sql);`
			`if(!$result){`
			`return false;`
			`}`
			`$rv = (pg_num_rows($result) > 0);`
			`pg_free_result($result);`
			`return $rv;`
			`}`

			`function cleanData($val)`
			`{`
			`return pg_escape_string($this->dbconn, $val);`
			`}`

			`static public function create_ftp_user($ftp_user, $email, $hashed_pwd){`
			`$descriptorspec = array(`
			`0 => array("pipe", "r"),`
			`1 => array("pipe", "w"),`
			`2 => array("pipe", "w")`
			`);`

			`$process = proc_open('sudo /usr/local/bin/create_ftp_user.sh', $descriptorspec, $pipes, null, null);`

			`if (is_resource($process)) {`

			`fwrite($pipes[0], $ftp_user."\n".$hashed_pwd."\n");`
			`fclose($pipes[0]);`

			`//echo stream_get_contents($pipes[1]);`
			`fclose($pipes[1]);`
			`fclose($pipes[2]);`

			`// It is important that you close any pipes before calling proc_close in order to avoid a deadlock`
			`$return_value = proc_close($process);`
			`}`
			`}`
			`}`