Sākums Izpētīt Palīdzība
Pierakstīties
fusionpbx
/
fusionpbx-framework
spogulis no https://github.com/fusionpbx/fusionpbx-framework.git
2
0
Atdalīts 0
Faili Problēmas 0 Vikivietne
Koks: 9cf350f333
Atzari Tagi
fusionpbx-frame...
/
core
/
users
/
resources
/
classes
/
users.php

users.php 9.9 KB
Vēsture Neapstrādāts

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320 
  1. <?php
    2. 

  2. /*
    3. 

  3. 	FusionPBX
    4. 

  4. 	Version: MPL 1.1
    5. 

  5. 

  6. 	The contents of this file are subject to the Mozilla Public License Version
    7. 

  7. 	1.1 (the "License"); you may not use this file except in compliance with
    8. 

  8. 	the License. You may obtain a copy of the License at
    9. 

  9. 	http://www.mozilla.org/MPL/
    10. 

  10. 

  11. 	Software distributed under the License is distributed on an "AS IS" basis,
    12. 

  12. 	WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
    13. 

  13. 	for the specific language governing rights and limitations under the
    14. 

  14. 	License.
    15. 

  15. 

  16. 	The Original Code is FusionPBX
    17. 

  17. 

  18. 	The Initial Developer of the Original Code is
    19. 

  19. 	Mark J Crane <[email protected]>
    20. 

  20. 	Portions created by the Initial Developer are Copyright (C) 2019-2020
    21. 

  21. 	the Initial Developer. All Rights Reserved.
    22. 

  22. 

  23. 	Contributor(s):
    24. 

  24. 	Mark J Crane <[email protected]>
    25. 

  25. */
    26. 

  26. 

  27. /**
    28. 

  28.  * users class
    29. 

  29.  *
    30. 

  30.  * @method null delete
    31. 

  31.  * @method null toggle
    32. 

  32.  * @method null copy
    33. 

  33.  */
    34. 

  34. if (!class_exists('users')) {
    35. 

  35. 	class users {
    36. 

  36. 

  37. 		/**
    38. 

  38. 		* declare the variables
    39. 

  39. 		*/
    40. 

  40. 		private $app_name;
    41. 

  41. 		private $app_uuid;
    42. 

  42. 		private $name;
    43. 

  43. 		private $table;
    44. 

  44. 		private $toggle_field;
    45. 

  45. 		private $toggle_values;
    46. 

  46. 		private $location;
    47. 

  47. 

  48. 		/**
    49. 

  49. 		 * called when the object is created
    50. 

  50. 		 */
    51. 

  51. 		public function __construct() {
    52. 

  52. 			//assign the variables
    53. 

  53. 				$this->app_name = 'users';
    54. 

  54. 				$this->app_uuid = '112124b3-95c2-5352-7e9d-d14c0b88f207';
    55. 

  55. 				$this->name = 'user';
    56. 

  56. 				$this->table = 'users';
    57. 

  57. 				$this->toggle_field = 'user_enabled';
    58. 

  58. 				$this->toggle_values = ['true','false'];
    59. 

  59. 				$this->location = 'users.php';
    60. 

  60. 		}
    61. 

  61. 

  62. 		/**
    63. 

  63. 		 * delete rows from the database
    64. 

  64. 		 */
    65. 

  65. 		public function delete($records) {
    66. 

  66. 			if (permission_exists($this->name.'_delete')) {
    67. 

  67. 

  68. 				//add multi-lingual support
    69. 

  69. 					$language = new text;
    70. 

  70. 					$text = $language->get();
    71. 

  71. 

  72. 				//validate the token
    73. 

  73. 					$token = new token;
    74. 

  74. 					if (!$token->validate($_SERVER['PHP_SELF'])) {
    75. 

  75. 						message::add($text['message-invalid_token'],'negative');
    76. 

  76. 						header('Location: '.$this->location);
    77. 

  77. 						exit;
    78. 

  78. 					}
    79. 

  79. 

  80. 				//delete multiple records
    81. 

  81. 					if (is_array($records) && @sizeof($records) != 0) {
    82. 

  82. 						//build the delete array
    83. 

  83. 							$x = 0;
    84. 

  84. 							foreach ($records as $record) {
    85. 

  85. 								//add to the array
    86. 

  86. 									if (!empty($record['checked']) && $record['checked'] == 'true' && is_uuid($record['uuid'])) {
    87. 

  87. 										//get the user_uuid
    88. 

  88. 											$user_uuid = $record['uuid'];
    89. 

  89. 

  90. 										//get the user's domain from v_users
    91. 

  91. 											if (permission_exists('user_domain')) {
    92. 

  92. 												$sql = "select domain_uuid from v_users ";
    93. 

  93. 												$sql .= "where user_uuid = :user_uuid ";
    94. 

  94. 												$parameters['user_uuid'] = $user_uuid;
    95. 

  95. 												$database = new database;
    96. 

  96. 												$domain_uuid = $database->select($sql, $parameters, 'column');
    97. 

  97. 												unset($sql, $parameters);
    98. 

  98. 											}
    99. 

  99. 											else {
    100. 

  100. 												$domain_uuid = $_SESSION['domain_uuid'];
    101. 

  101. 											}
    102. 

  102. 

  103. 										//required to be a superadmin to delete a member of the superadmin group
    104. 

  104. 											$superadmin_list = superadmin_list();
    105. 

  105. 											if (if_superadmin($superadmin_list, $user_uuid)) {
    106. 

  106. 												if (!if_group("superadmin")) {
    107. 

  107. 													//access denied - do not delete the user
    108. 

  108. 													header("Location: index.php");
    109. 

  109. 													return;
    110. 

  110. 												}
    111. 

  111. 											}
    112. 

  112. 

  113. 										//delete the user settings
    114. 

  114. 											$array['user_settings'][$x]['user_uuid'] = $user_uuid;
    115. 

  115. 											$array['user_settings'][$x]['domain_uuid'] = $domain_uuid;
    116. 

  116. 

  117. 										//delete the groups the user is assigned to
    118. 

  118. 											$array['user_groups'][$x]['user_uuid'] = $user_uuid;
    119. 

  119. 											$array['user_groups'][$x]['domain_uuid'] = $domain_uuid;
    120. 

  120. 

  121. 										//delete the user
    122. 

  122. 											$array['users'][$x]['user_uuid'] = $user_uuid;
    123. 

  123. 											$array['users'][$x]['domain_uuid'] = $domain_uuid;
    124. 

  124. 

  125. 										//increment the id
    126. 

  126. 											$x++;
    127. 

  127. 									}
    128. 

  128. 							}
    129. 

  129. 

  130. 						//delete the checked rows
    131. 

  131. 							if (is_array($array) && @sizeof($array) != 0) {
    132. 

  132. 								//execute
    133. 

  133. 									$p = permissions::new();
    134. 

  134. 									$p->add('user_setting_delete', 'temp');
    135. 

  135. 									$p->add('user_group_delete', 'temp');
    136. 

  136. 

  137. 								//execute delete
    138. 

  138. 									$database = new database;
    139. 

  139. 									$database->app_name = $this->app_name;
    140. 

  140. 									$database->app_uuid = $this->app_uuid;
    141. 

  141. 									$database->delete($array);
    142. 

  142. 									unset($array);
    143. 

  143. 

  144. 									$p->delete('user_setting_delete', 'temp');
    145. 

  145. 									$p->delete('user_group_delete', 'temp');
    146. 

  146. 

  147. 								//set message
    148. 

  148. 									message::add($text['message-delete']);
    149. 

  149. 							}
    150. 

  150. 							unset($records);
    151. 

  151. 					}
    152. 

  152. 			}
    153. 

  153. 		}
    154. 

  154. 

  155. 		/**
    156. 

  156. 		 * toggle a field between two values
    157. 

  157. 		 */
    158. 

  158. 		public function toggle($records) {
    159. 

  159. 			if (permission_exists($this->name.'_edit')) {
    160. 

  160. 

  161. 				//add multi-lingual support
    162. 

  162. 					$language = new text;
    163. 

  163. 					$text = $language->get();
    164. 

  164. 

  165. 				//validate the token
    166. 

  166. 					$token = new token;
    167. 

  167. 					if (!$token->validate($_SERVER['PHP_SELF'])) {
    168. 

  168. 						message::add($text['message-invalid_token'],'negative');
    169. 

  169. 						header('Location: '.$this->location);
    170. 

  170. 						exit;
    171. 

  171. 					}
    172. 

  172. 

  173. 				//toggle the checked records
    174. 

  174. 					if (is_array($records) && @sizeof($records) != 0) {
    175. 

  175. 						//get current toggle state
    176. 

  176. 							foreach($records as $record) {
    177. 

  177. 								if (!empty($record['checked']) && $record['checked'] == 'true' && is_uuid($record['uuid'])) {
    178. 

  178. 									$uuids[] = "'".$record['uuid']."'";
    179. 

  179. 								}
    180. 

  180. 							}
    181. 

  181. 							if (is_array($uuids) && @sizeof($uuids) != 0) {
    182. 

  182. 								$sql = "select ".$this->name."_uuid as uuid, ".$this->toggle_field." as toggle from v_".$this->table." ";
    183. 

  183. 								$sql .= "where ".$this->name."_uuid in (".implode(', ', $uuids).") ";
    184. 

  184. 								$database = new database;
    185. 

  185. 								$rows = $database->select($sql, $parameters ?? null, 'all');
    186. 

  186. 								if (is_array($rows) && @sizeof($rows) != 0) {
    187. 

  187. 									foreach ($rows as $row) {
    188. 

  188. 										$states[$row['uuid']] = $row['toggle'];
    189. 

  189. 									}
    190. 

  190. 								}
    191. 

  191. 								unset($sql, $parameters, $rows, $row);
    192. 

  192. 							}
    193. 

  193. 

  194. 						//build update array
    195. 

  195. 							$x = 0;
    196. 

  196. 							foreach($states as $uuid => $state) {
    197. 

  197. 								//create the array
    198. 

  198. 									$array[$this->table][$x][$this->name.'_uuid'] = $uuid;
    199. 

  199. 									$array[$this->table][$x][$this->toggle_field] = $state == $this->toggle_values[0] ? $this->toggle_values[1] : $this->toggle_values[0];
    200. 

  200. 

  201. 								//increment the id
    202. 

  202. 									$x++;
    203. 

  203. 							}
    204. 

  204. 

  205. 						//save the changes
    206. 

  206. 							if (is_array($array) && @sizeof($array) != 0) {
    207. 

  207. 								//save the array
    208. 

  208. 									$database = new database;
    209. 

  209. 									$database->app_name = $this->app_name;
    210. 

  210. 									$database->app_uuid = $this->app_uuid;
    211. 

  211. 									$database->save($array);
    212. 

  212. 									unset($array);
    213. 

  213. 

  214. 								//set message
    215. 

  215. 									message::add($text['message-toggle']);
    216. 

  216. 							}
    217. 

  217. 							unset($records, $states);
    218. 

  218. 					}
    219. 

  219. 			}
    220. 

  220. 		}
    221. 

  221. 

  222. 		/**
    223. 

  223. 		 * copy rows from the database
    224. 

  224. 		 */
    225. 

  225. 		public function copy($records) {
    226. 

  226. 			if (permission_exists($this->name.'_add')) {
    227. 

  227. 

  228. 				//add multi-lingual support
    229. 

  229. 					$language = new text;
    230. 

  230. 					$text = $language->get();
    231. 

  231. 

  232. 				//validate the token
    233. 

  233. 					$token = new token;
    234. 

  234. 					if (!$token->validate($_SERVER['PHP_SELF'])) {
    235. 

  235. 						message::add($text['message-invalid_token'],'negative');
    236. 

  236. 						header('Location: '.$this->location);
    237. 

  237. 						exit;
    238. 

  238. 					}
    239. 

  239. 

  240. 				//copy the checked records
    241. 

  241. 					if (!empty($records) && is_array($records) && @sizeof($records) != 0) {
    242. 

  242. 

  243. 						//get checked records
    244. 

  244. 							foreach($records as $record) {
    245. 

  245. 								if (!empty($record['checked']) && $record['checked'] == 'true' && is_uuid($record['uuid'])) {
    246. 

  246. 									$uuids[] = "'".$record['uuid']."'";
    247. 

  247. 								}
    248. 

  248. 							}
    249. 

  249. 

  250. 						//create the array from existing data
    251. 

  251. 							if (!empty($uuids) && is_array($uuids) && @sizeof($uuids) != 0) {
    252. 

  252. 								$sql = "select * from v_".$this->table." ";
    253. 

  253. 								$sql .= "where ".$this->name."_uuid in (".implode(', ', $uuids).") ";
    254. 

  254. 								$database = new database;
    255. 

  255. 								$rows = $database->select($sql, $parameters ?? null, 'all');
    256. 

  256. 								if (is_array($rows) && @sizeof($rows) != 0) {
    257. 

  257. 									$x = 0;
    258. 

  258. 									foreach ($rows as $row) {
    259. 

  259. 										//copy data
    260. 

  260. 											$array[$this->table][$x] = $row;
    261. 

  261. 

  262. 										//add copy to the description
    263. 

  263. 											$array[$this->table][$x][$this->name.'_uuid'] = uuid();
    264. 

  264. 											$array[$this->table][$x]['username'] = $row['username'].'-'.$text['label-copy'];
    265. 

  265. 

  266. 										//increment the id
    267. 

  267. 											$x++;
    268. 

  268. 									}
    269. 

  269. 								}
    270. 

  270. 								unset($sql, $parameters, $rows, $row);
    271. 

  271. 							}
    272. 

  272. 

  273. 						//save the changes and set the message
    274. 

  274. 							if (!empty($array) && is_array($array) && @sizeof($array) != 0) {
    275. 

  275. 								//save the array
    276. 

  276. 									$database = new database;
    277. 

  277. 									$database->app_name = $this->app_name;
    278. 

  278. 									$database->app_uuid = $this->app_uuid;
    279. 

  279. 									$database->save($array);
    280. 

  280. 									unset($array);
    281. 

  281. 

  282. 								//set message
    283. 

  283. 									message::add($text['message-copy']);
    284. 

  284. 							}
    285. 

  285. 							unset($records);
    286. 

  286. 					}
    287. 

  287. 			}
    288. 

  288. 		}
    289. 

  289. 

  290. 		/**
    291. 

  291. 		 * Remove old user log entries. Called the maintenance service application.
    292. 

  292. 		 * @param settings $settings
    293. 

  293. 		 * @return void
    294. 

  294. 		 */
    295. 

  295. 		public static function database_maintenance(settings $settings): void {
    296. 

  296. 			$database = $settings->database();
    297. 

  297. 			$domains = maintenance_service::get_domains($database);
    298. 

  298. 			foreach ($domains as $domain_uuid => $domain_name) {
    299. 

  299. 				$domain_settings = new settings(['database' => $database, 'domain_uuid' => $domain_uuid]);
    300. 

  300. 				$retention_days = $domain_settings->get('users', 'database_retention_days', '');
    301. 

  301. 				if (!empty($retention_days) && is_numeric($retention_days)) {
    302. 

  302. 					$sql = "delete from v_user_logs where timestamp < NOW() - INTERVAL '$retention_days days'";
    303. 

  303. 					$sql.= " and domain_uuid = '$domain_uuid'";
    304. 

  304. 					$database->execute($sql);
    305. 

  305. 					$code = $database->message['code'] ?? 0;
    306. 

  306. 					if ($code == 200) {
    307. 

  307. 						maintenance_service::log_write(self::class, "Successfully removed entries older than $retention_days", $domain_uuid);
    308. 

  308. 					} else {
    309. 

  309. 						$message = $database->message['message'] ?? "An unknown error has occurred";
    310. 

  310. 						maintenance_service::log_write(self::class, "Unable to remove old database records. Error message: $message ($code)", $domain_uuid, maintenance_service::LOG_ERROR);
    311. 

  311. 					}
    312. 

  312. 				} else {
    313. 

  313. 					maintenance_service::log_write(self::class, "Database retention days not set or not numeric", $domain_uuid);
    314. 

  314. 				}
    315. 

  315. 			}
    316. 

  316. 		}
    317. 

  317. 	}
    318. 

  318. }
    319. 

  319. 

  320. ?>
    321.