getUserType($idUser); if($userType === USER_TYPES['BROKER']){ return true; } return $idUser === $user->getUserId(); } public function checkRightsToEditCompany($idCompany) { global $database, $user; $sql = "SELECT u.isCompanyAdmin FROM ".TABLES['users']." u WHERE u.id=".$user->getUserId()." AND u.idCompany=".$idCompany; $query = $database->query($sql); $row = $database->fetchArray($query); return $row ? $row['isCompanyAdmin'] === '1' : $user->getUserType() === USER_TYPES['BROKER']; } /** * validate user data from GUI * @param Array $info all information about the company to be inserted/updated * @return Array empty or error message */ public function validateCompanyData($info){ global $database; $data = []; foreach (get_object_vars($info) as $key => $value) { $info->{$key} = $database->escapeValue($value); } if(!isset($info->idCompany) || empty($info->idCompany)) { $data['messages'][] = [ 'code' => 'error', 'message' => 'ADD_COMPANY' ]; return $data; } if(!isset($info->vatCode) || empty($info->vatCode)) { $data['messages'][] = [ 'code' => 'error', 'message' => 'ADD_VAT' ]; return $data; } $checkMessage = $database->invalidLength('vatCode', $info->vatCode, 20); if($checkMessage){ $data['messages'][] = $checkMessage; } if(!isset($info->companyName) || empty($info->companyName)) { $data['messages'][] = [ 'code' => 'error', 'message' => 'ADD_COPMANY_NAME' ]; return $data; } $checkMessage = $database->invalidLength('companyName', $info->companyName, 100); if($checkMessage){ $data['messages'][] = $checkMessage; } return $data; } /** * validate user data from GUI * @param String $action add or edit action * @param Array $info all information about the user to be inserted/updated * @param Array $commercialLeads all the commercial leads linked to a customer * @return Array empty or error message */ public function validateUserData($action, $info, $commercialLeads = []) { global $database; $data = []; foreach (get_object_vars($info) as $key => $value) { $info->{$key} = $database->escapeValue($value); } if(!$info->idUserType) { $data['messages'][] = [ 'code' => 'error', 'message' => 'SELECT_USER_TYPE' ]; return $data; } if(!isset($info->name) || empty($info->name)) { $data['messages'][] = [ 'code' => 'error', 'message' => 'ADD_NAME' ]; return $data; } $checkMessage = $database->invalidLength('name', $info->name, 200); if($checkMessage){ $data['messages'][] = $checkMessage; } if(!isset($info->phone) || empty($info->phone)) { $data['messages'][] = [ 'code' => 'error', 'message' => 'INVALID_PHONE_NUMBER' ]; return $data; } if(!preg_match('/^([0-9\(\)\/\+ \-]*)$/', $info->phone)){ $data['messages'][] = [ 'code' => 'error', 'message' => 'INVALID_PHONE_NUMBER' ]; } $checkMessage = $database->invalidLength('phone', $info->phone, 40); if($checkMessage){ $data['messages'][] = $checkMessage; } if($action === 'add'){ if($info->idUserType === '2' && empty($commercialLeads)) { $data['messages'][] = [ 'code' => 'error', 'message' => 'NO_COMMERCIAL_LEAD_LINK' ]; return $data; } if(!isset($info->username) || empty($info->username)) { $data['messages'][] = [ 'code' => 'error', 'message' => 'ADD_USERNAME' ]; return $data; } $checkMessage = $database->invalidLength('username', $info->username, 20); if($checkMessage){ $data['messages'][] = $checkMessage; } if(!preg_match('/^[a-zA-Z\d\.\-_]+$/',$info->username)) { $data['messages'][] = [ 'code' => 'error', 'message' => 'INVALID_USERNAME' ]; } $sql = "SELECT username FROM ".TABLES['users']." WHERE username='".$info->username."' LIMIT 1"; $result = $database->query($sql); if($database->numRows($result) > 0) { $data['messages'][] = [ 'code' => 'error', 'message' => 'USERNAME_EXISTS' ]; } if(!isset($info->mail) || empty($info->mail)) { $data['messages'][] = [ 'code' => 'error', 'message' => 'ADD_MAIL' ]; return $data; } if(!filter_var($info->mail, FILTER_VALIDATE_EMAIL)){ $data['messages'][] = [ 'code' => 'error', 'message' => 'INVALID_MAIL' ]; } } return $data; } }