198 lines
6.5 KiB
PHP
198 lines
6.5 KiB
PHP
<?php
|
|
class UsersHelper {
|
|
|
|
public function checkRightsToEdit($idUser) {
|
|
global $database, $user;
|
|
$userType = $user->getUserType($idUser);
|
|
|
|
if($userType === USER_TYPES['BROKER']){
|
|
return true;
|
|
}
|
|
|
|
return $idUser === $user->getUserId();
|
|
}
|
|
|
|
public function checkRightsToEditCompany($idCompany) {
|
|
global $database, $user;
|
|
$sql = "SELECT u.isCompanyAdmin
|
|
FROM ".TABLES['users']." u
|
|
WHERE u.id=".$user->getUserId()." AND u.idCompany=".$idCompany;
|
|
$query = $database->query($sql);
|
|
$row = $database->fetchArray($query);
|
|
|
|
return $row ? $row['isCompanyAdmin'] === '1' : $user->getUserType() === USER_TYPES['BROKER'];
|
|
}
|
|
|
|
/**
|
|
* validate user data from GUI
|
|
* @param Array $info all information about the company to be inserted/updated
|
|
* @return Array empty or error message
|
|
*/
|
|
public function validateCompanyData($info){
|
|
global $database;
|
|
$data = [];
|
|
|
|
foreach (get_object_vars($info) as $key => $value) {
|
|
$info->{$key} = $database->escapeValue($value);
|
|
}
|
|
|
|
if(!isset($info->idCompany) || empty($info->idCompany)) {
|
|
$data['messages'][] = [
|
|
'code' => 'error',
|
|
'message' => 'ADD_COMPANY'
|
|
];
|
|
|
|
return $data;
|
|
}
|
|
|
|
if(!isset($info->vatCode) || empty($info->vatCode)) {
|
|
$data['messages'][] = [
|
|
'code' => 'error',
|
|
'message' => 'ADD_VAT'
|
|
];
|
|
|
|
return $data;
|
|
}
|
|
|
|
$checkMessage = $database->invalidLength('vatCode', $info->vatCode, 20);
|
|
if($checkMessage){
|
|
$data['messages'][] = $checkMessage;
|
|
}
|
|
|
|
if(!isset($info->companyName) || empty($info->companyName)) {
|
|
$data['messages'][] = [
|
|
'code' => 'error',
|
|
'message' => 'ADD_COPMANY_NAME'
|
|
];
|
|
|
|
return $data;
|
|
}
|
|
|
|
$checkMessage = $database->invalidLength('companyName', $info->companyName, 100);
|
|
if($checkMessage){
|
|
$data['messages'][] = $checkMessage;
|
|
}
|
|
|
|
return $data;
|
|
}
|
|
|
|
/**
|
|
* validate user data from GUI
|
|
* @param String $action add or edit action
|
|
* @param Array $info all information about the user to be inserted/updated
|
|
* @param Array $commercialLeads all the commercial leads linked to a customer
|
|
* @return Array empty or error message
|
|
*/
|
|
public function validateUserData($action, $info, $commercialLeads = []) {
|
|
global $database;
|
|
$data = [];
|
|
|
|
foreach (get_object_vars($info) as $key => $value) {
|
|
$info->{$key} = $database->escapeValue($value);
|
|
}
|
|
|
|
if(!$info->idUserType) {
|
|
$data['messages'][] = [
|
|
'code' => 'error',
|
|
'message' => 'SELECT_USER_TYPE'
|
|
];
|
|
|
|
return $data;
|
|
}
|
|
|
|
if(!isset($info->name) || empty($info->name)) {
|
|
$data['messages'][] = [
|
|
'code' => 'error',
|
|
'message' => 'ADD_NAME'
|
|
];
|
|
|
|
return $data;
|
|
}
|
|
|
|
$checkMessage = $database->invalidLength('name', $info->name, 200);
|
|
if($checkMessage){
|
|
$data['messages'][] = $checkMessage;
|
|
}
|
|
|
|
if(!isset($info->phone) || empty($info->phone)) {
|
|
$data['messages'][] = [
|
|
'code' => 'error',
|
|
'message' => 'INVALID_PHONE_NUMBER'
|
|
];
|
|
|
|
return $data;
|
|
}
|
|
if(!preg_match('/^([0-9\(\)\/\+ \-]*)$/', $info->phone)){
|
|
$data['messages'][] = [
|
|
'code' => 'error',
|
|
'message' => 'INVALID_PHONE_NUMBER'
|
|
];
|
|
}
|
|
|
|
$checkMessage = $database->invalidLength('phone', $info->phone, 40);
|
|
if($checkMessage){
|
|
$data['messages'][] = $checkMessage;
|
|
}
|
|
|
|
if($action === 'add'){
|
|
if($info->idUserType === '2' && empty($commercialLeads)) {
|
|
$data['messages'][] = [
|
|
'code' => 'error',
|
|
'message' => 'NO_COMMERCIAL_LEAD_LINK'
|
|
];
|
|
|
|
return $data;
|
|
}
|
|
|
|
if(!isset($info->username) || empty($info->username)) {
|
|
$data['messages'][] = [
|
|
'code' => 'error',
|
|
'message' => 'ADD_USERNAME'
|
|
];
|
|
|
|
return $data;
|
|
}
|
|
$checkMessage = $database->invalidLength('username', $info->username, 20);
|
|
if($checkMessage){
|
|
$data['messages'][] = $checkMessage;
|
|
}
|
|
|
|
if(!preg_match('/^[a-zA-Z\d\.\-_]+$/',$info->username)) {
|
|
$data['messages'][] = [
|
|
'code' => 'error',
|
|
'message' => 'INVALID_USERNAME'
|
|
];
|
|
}
|
|
|
|
$sql = "SELECT username
|
|
FROM ".TABLES['users']."
|
|
WHERE username='".$info->username."'
|
|
LIMIT 1";
|
|
$result = $database->query($sql);
|
|
if($database->numRows($result) > 0) {
|
|
$data['messages'][] = [
|
|
'code' => 'error',
|
|
'message' => 'USERNAME_EXISTS'
|
|
];
|
|
}
|
|
|
|
if(!isset($info->mail) || empty($info->mail)) {
|
|
$data['messages'][] = [
|
|
'code' => 'error',
|
|
'message' => 'ADD_MAIL'
|
|
];
|
|
|
|
return $data;
|
|
}
|
|
if(!filter_var($info->mail, FILTER_VALIDATE_EMAIL)){
|
|
$data['messages'][] = [
|
|
'code' => 'error',
|
|
'message' => 'INVALID_MAIL'
|
|
];
|
|
}
|
|
}
|
|
|
|
return $data;
|
|
}
|
|
}
|