EGOCMS  24.0
EGOTEC Content-Managament-System
Ego_User_Sql.php
gehe zur Dokumentation dieser Datei
1 <?php
2 require_once 'base/Ego_User_Search_Factory.php';
3 
4 class Ego_User_Sql {
5  private $table;
6  private $db;
7 
11  public function __construct() {
12  // Datenbanktabelle
13  $this->table = 'egotec_user';
14 
15  // Datenbankverbindung
16  $this->db = new_db_connection();
17  }
18 
34  public function searchUsers(array $search, int $limit = -1, string $type = '', bool $checkRights = true, bool $filterSearch = true, bool $sortResult = true, int $from = 0, bool $returnTotal = false, array $sort_order = [], string $rights = ''): array {
35  // SQL-Query für die Suche
36  $query = '1=1';
37  $bind = [];
38 
39  // Parameter aus der Suchmaske filtern
40  if ($filterSearch) {
41  $search = Ego_User_Search_Factory::filterSearch($search);
42  }
43 
44  // Prüfen, ob mit den aktuellen Suchparametern überhaupt Benutzer gefunden werden können
45  if ($type && !Ego_User_Search_Factory::checkSearchFilter($type, $search)) {
46  return $returnTotal ? ['users' => [], 'hits' => 0] : [];
47  }
48 
49  // 'user_id' kann über die SQL-Query gefiltert werden
50  if ($search['user_id']) {
51  $query .= " AND user_id = :user_id";
52  $bind['user_id'] = $search['user_id'];
53  }
54 
55  // 'username' kann über die SQL-Query gefiltert werden
56  if ($search['username']) {
57  $query .= " AND LOWER(egotec_user.username) LIKE :username";
58  $bind['username'] = '%' . mb_strtolower($search['username']) . '%';
59  }
60 
61  // 'username_char' kann über die SQL-Query gefiltert werden
62  if ($search['username_char']) {
63  $query .= " AND UPPER(egotec_user.username) LIKE :username_char";
64  $bind['username_char'] = "{$search['username_char']}%";
65  }
66 
67  // 'email' kann über die SQL-Query gefiltert werden
68  if ($search['email']) {
69  $query .= ' AND LOWER(egotec_user.email) LIKE :email';
70  $bind['email'] = '%' . mb_strtolower($search['email']) . '%';
71  }
72 
73  // 'multiple_login' kann über die SQL-Query gefiltert werden
74  if ($search['multiple_login']) {
75  $query .= ' AND egotec_user.multiple_login = :multiple_login';
76  $bind['multiple_login'] = $search['multiple_login'];
77  }
78 
79  $params = [];
80 
81  if ($rights !== '') {
82  $params['join'] = 'egotec_user_group ON egotec_user_group.user_id = egotec_user.user_id';
83  $query .= ' AND (';
84 
85  $query_parts = [];
86 
87  foreach (explode(';', $rights) as $group_role) {
88  [$group, $role] = explode(',', $group_role);
89 
90  $query_parts[] = "(egotec_user_group.group_id = '$group' AND egotec_user_group.role_id = '$role')";
91  }
92 
93  $query .= implode(' OR ', $query_parts) . ')';
94  }
95 
96  $field = 'username';
97  $order = 'asc';
98 
99  if ($sort_order && $sort_order['field'] && $sort_order['field'] !== '') {
100  $field = $sort_order['field'];
101  }
102 
103  if ($sort_order && $sort_order['order'] && $sort_order['order'] !== '') {
104  $order = $sort_order['order'];
105  }
106 
107  // Je nach Typ der Benutzersuche eine Datenbankabfrage machen
108  switch ($type) {
109  case 'admin':
110  $query .= ' AND deleted = 0';
111  $this->db->select(array_merge([
112  'fields' => 'egotec_user.user_id',
113  'table' => $this->table,
114  'where' => 'no_admin = 0 AND ' . $this->getActiveQuery() . ' AND ' . $query,
115  'bind' => $bind,
116  'order' => $field . ' ' . $order
117  ], $params));
118  break;
119  case 'intranet':
120  $query .= ' AND deleted = 0';
121  $this->db->select(array_merge([
122  'fields' => 'egotec_user.user_id',
123  'table' => $this->table,
124  'where' => 'no_admin = 1 AND ' . $this->getActiveQuery() . ' AND ' . $query,
125  'bind' => $bind,
126  'order' => $field . ' ' . $order
127  ], $params));
128  break;
129  case 'norelation':
130  $query .= ' AND deleted = 0';
131  $this->db->select(array_merge([
132  'fields' => 'egotec_user.user_id',
133  'table' => $this->table,
134  'where' => 'egotec_user_group.user_id IS NULL AND ' . $this->getActiveQuery() . ' AND ' . $query,
135  'bind' => $bind,
136  'join' => [
137  'egotec_user_group ON egotec_user.user_id = egotec_user_group.user_id'
138  ],
139  'order' => $field . ' ' . $order
140  ], $params));
141  break;
142  case 'inactive':
143  $query .= ' AND deleted = 0';
144  $this->db->select(array_merge([
145  'fields' => 'egotec_user.user_id',
146  'table' => $this->table,
147  'where' => $this->getInactiveQuery() . ' AND ' . $query,
148  'bind' => $bind,
149  'order' => $field . ' ' . $order
150  ], $params));
151  break;
152  case 'trash':
153  $this->db->select(array_merge([
154  'fields' => 'egotec_user.user_id',
155  'table' => $this->table,
156  'where' => 'deleted = 1 AND ' . $query,
157  'bind' => $bind,
158  'order' => $field . ' ' . $order
159  ], $params));
160  break;
161  default:
162  $query .= ' AND deleted = 0';
163  $this->db->select(array_merge([
164  'fields' => 'egotec_user.user_id',
165  'table' => $this->table,
166  'where' => $query. ' AND ' . (key_exists('user_inactive', $search) ? ($search['user_inactive'] === 0 ? $this->getActiveQuery() : $this->getInactiveQuery()) : '1=1'),
167  'bind' => $bind,
168  'order' => $field . ' ' . $order
169  ], $params));
170  }
171 
172  // Array für die Benutzer
173  $users = [];
174 
175  // Limit logisch abfragen, da gefundene Benutzer noch durch die Filter ignoriert werden können
176  $user_count = 0;
177  if (!$from) {
178  $from = 0;
179  }
180 
181  while ($record = $this->db->nextRecord()) {
182  $user = new User_SQL($record['user_id']);
183  // Angegebene Filter prüfen
184  if (
185  !$this->checkFilters($search, $user) // Filter aus der Suchmaske überprüfen
186  || ($checkRights && !Ego_User_Search_Factory::isAcceptedUser($user)) // Prüfen ob der aktuelle Benutzer Rechte auf den gefundenen hat
187  || ($search['group_role'] && !Ego_User_Search_Factory::checkRightsFilter($search['group_role'], $user)) // In der Suchmaske eingetragene Rechte prüfen
188  ) {
189  continue;
190  }
191 
192  $user_count++;
193  if ($from && $user_count < ($from + 1)) {
194  continue;
195  }
196 
197  $users[] = $user;
198 
199  if ($limit > 0 && $user_count == (($from + 1) + $limit)) {
200  break;
201  }
202  }
203 
204  return $users;
205  }
206 
216  public function getChars($type = ''): array {
217  $chars = [];
218 
219  // Parameter für den Datenbankselect
220  $params = [
221  'fields' => 'LEFT(UPPER(username), 1) AS charx, username',
222  'table' => $this->table,
223  'group' => 'username',
224  'order' => 'charx ASC'
225  ];
226 
227  // Je nach Benutzersuche die Query erweitern
228  switch ($type) {
229  case 'admin':
230  $params['where'] = 'no_admin = 0 AND deleted = 0 AND ' . $this->getActiveQuery();
231  break;
232  case 'intranet':
233  $params['where'] = 'no_admin = 1 AND deleted = 0 AND ' . $this->getActiveQuery();
234  break;
235  case 'norelation':
236  $params['where'] = 'deleted = 0 AND egotec_user_group.user_id IS NULL AND ' . $this->getActiveQuery();
237  $params['join'] = 'egotec_user_group ON (egotec_user.user_id = egotec_user_group.user_id)';
238  break;
239  case 'inactive':
240  $params['where'] = 'deleted = 0 AND ' . $this->getInactiveQuery();
241  break;
242  case '':// Trash
243  $params['where'] = 'deleted = 1';
244  }
245 
246  // Datenbankabfrage
247  $this->db->select($params);
248 
249  // Ein Array aufbauen, das die Anfangsbuchstaben, sowie die Anzahl an Benutzern mit diesem Anfangsbuchstaben enthält
250  while ($record = $this->db->nextRecord()) {
251  $chars[$record['charx']] = $chars[$record['charx']] ? $chars[$record['charx']] = [
252  'char' => $record['charx'],
253  'number' => $chars[$record['charx']]['number'] + 1
254  ] : [
255  'char' => $record['charx'],
256  'number' => 1
257  ];
258  }
259 
260  return $chars;
261  }
262 
268  private function getActiveQuery():string {
269  $now = date('Y-m-d H:i:s');
270  return "((release_from = '0000-00-00 00:00:00' OR release_from <= '$now')" // Kein Fregabedatum und Freigabedatum von in der Vergangenheit
271  . " AND (release_until = '0000-00-00 00:00:00' OR release_until >= '$now')" // Kein Fregabedatum und Freigabedatum bis in der Zukunft
272  . " AND extra NOT LIKE '%\\\"user_inactive\\\";s:1:\\\"1\\\";%'" // Sucht nach Benutzern, die nicht user_inactive="1" im serialisierten extra-feld haben
273  . " AND extra NOT LIKE '%\\\"user_inactive\\\";i:1;%')"; // Sucht nach Bentzern, die nicht user_inactive=1 im serialisierten extra-feld haben
274  }
275 
281  private function getInactiveQuery(): string {
282  $now = date('Y-m-d H:i:s');
283  return "((release_from != '0000-00-00 00:00:00' AND release_from >= '$now')" // Nicht kein Fregabedatum und Freigabedatum von in der Zukunft
284  . " OR (release_until != '0000-00-00 00:00:00' AND release_until <= '$now')" // Nicht kein Fregabedatum und Freigabedatum bis in der Vergangenheit
285  . " OR extra LIKE '%\\\"user_inactive\\\";s:1:\\\"1\\\";%'" // Sucht nach user_inactive="1" im serialisierten extra-feld
286  . " OR extra LIKE '%\\\"user_inactive\\\";i:1;%')"; // Sucht nach user_inactive=1 im serialisierten extra-feld
287  }
288 
297  private function checkFilters(array $filters, User_SQL $user): bool {
298  $result = (!$filters['abteilung'] || strpos(mb_strtolower($user->extra['abteilung']), mb_strtolower($filters['abteilung'])) !== false)
299  && (!$filters['anrede'] || strpos(mb_strtolower($user->extra['anrede']), mb_strtolower($filters['anrede'])) !== false)
300  && (!$filters['branche'] || strpos(mb_strtolower($user->extra['branche']), mb_strtolower($filters['branche'])) !== false)
301  && (!$filters['name'] || strpos(mb_strtolower($user->extra['name']), mb_strtolower($filters['name'])) !== false)
302  && (!$filters['vorname'] || strpos(mb_strtolower($user->extra['vorname']), mb_strtolower($filters['vorname'])) !== false)
303  && (!$filters['position'] || strpos(mb_strtolower($user->extra['position']), mb_strtolower($filters['position'])) !== false)
304  && (!$filters['strasse'] || strpos(mb_strtolower($user->extra['strasse']), mb_strtolower($filters['strasse'])) !== false)
305  && (!$filters['firma'] || strpos(mb_strtolower($user->extra['firma']), mb_strtolower($filters['firma'])) !== false)
306  && (!$filters['plz'] || strpos(mb_strtolower($user->extra['plz']), mb_strtolower($filters['plz'])) !== false)
307  && (!$filters['telefon'] || strpos(mb_strtolower($user->extra['telefon']), mb_strtolower($filters['telefon'])) !== false)
308  && (!$filters['ort'] || strpos(mb_strtolower($user->extra['ort']), mb_strtolower($filters['ort'])) !== false)
309  && (!$filters['mobil'] || strpos(mb_strtolower($user->extra['mobil']), mb_strtolower($filters['mobil'])) !== false)
310  && (!$filters['land'] || strpos(mb_strtolower($user->extra['land']), mb_strtolower($filters['land'])) !== false)
311  && (!$filters['liveserver'] || $user->extra['liveserver'] == $filters['liveserver'])
312  && (!$filters['no_singlesignon'] || $user->extra['no_singlesignon'] == $filters['no_singlesignon'])
313  && (!$filters['categories'] || strpos($user->extra['categories'], $filters['categories']) !== false)
314  && (!$filters['auth_persist_token'] || strpos($user->extra['auth_persist_token'], $filters['auth_persist_token']) !== false)
315  && (!$filters['tfa_secret'] || !empty($user->extra['tfa_secret']));
316 
317  // Kundenspezifische Filter
318  if (
319  $result
320  && (
321  function_exists('user_search_fields')
322  || Ego_System::file_exists($user_search_fields = ($GLOBALS['egotec_conf']['var_dir'] . 'lib/admin/user_search_fields.php'))
323  )
324  ) {
325  if (isset($user_search_fields)) {
326  require_once $user_search_fields;
327  }
328  if (function_exists('user_search_fields') && !user_search_fields($user, $filters)) {
329  $result = false;
330  }
331  }
332 
333  return $result;
334  }
335 }
Ego_System\file_exists
static file_exists($file)
Definition: Ego_System.php:1506
Ego_User_Search_Factory\isAcceptedUser
static isAcceptedUser(User_SQL $user, array $group_role_rel=null)
Definition: Ego_User_Search_Factory.php:129
Ego_User_Search_Factory\filterSearch
static filterSearch(array $search)
Definition: Ego_User_Search_Factory.php:56
Ego_User_Search_Factory\checkSearchFilter
static checkSearchFilter(string $type, array $search)
Definition: Ego_User_Search_Factory.php:106
Ego_User_Search_Factory\checkRightsFilter
static checkRightsFilter(string $rightsFilter, User_SQL $user, array $group_role_rel=null)
Definition: Ego_User_Search_Factory.php:166
Ego_User_Sql
Definition: Ego_User_Sql.php:4
Ego_User_Sql\searchUsers
searchUsers(array $search, int $limit=-1, string $type='', bool $checkRights=true, bool $filterSearch=true, bool $sortResult=true, int $from=0, bool $returnTotal=false, array $sort_order=[], string $rights='')
Definition: Ego_User_Sql.php:34
Ego_User_Sql\__construct
__construct()
Definition: Ego_User_Sql.php:11
Ego_User_Sql\getChars
getChars($type='')
Definition: Ego_User_Sql.php:216