1 |
<?php
|
2 |
//$Header: /hl/cvsroots/gpl01/gpl01/webprojs/fboprime/sw/phplib/usrs.inc,v 1.11 2006/11/04 21:09:31 dashley Exp $
|
3 |
//--------------------------------------------------------------------------------------------------------------
|
4 |
//usrs.inc--FboPrime Database usrs Table Manipulation Functions
|
5 |
//Copyright (C) 2006 David T. Ashley
|
6 |
//
|
7 |
//This program is free software; you can redistribute it and/or
|
8 |
//modify it under the terms of the GNU General Public License
|
9 |
//as published by the Free Software Foundation; either version 2
|
10 |
//of the License, or (at your option) any later version.
|
11 |
//
|
12 |
//This program is distributed in the hope that it will be useful,
|
13 |
//but WITHOUT ANY WARRANTY; without even the implied warranty of
|
14 |
//MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
15 |
//GNU General Public License for more details.
|
16 |
//
|
17 |
//You should have received a copy of the GNU General Public License
|
18 |
//along with this program; if not, write to the Free Software
|
19 |
//Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
20 |
//********************************************************************************
|
21 |
//Contains functions related to [operations on] the usrs table of the database.
|
22 |
//--------------------------------------------------------------------------------------------------------------
|
23 |
//
|
24 |
require_once("db.inc");
|
25 |
require_once("global.inc");
|
26 |
//
|
27 |
//--------------------------------------------------------------------------------------------------------------
|
28 |
//Constants for usrs table fields.
|
29 |
//
|
30 |
//Constants for the status field of the usrs table.
|
31 |
define("USRS_STATUS_INACTIVE", 0 );
|
32 |
define("USRS_STATUS_ACTIVE", 1 );
|
33 |
define("USRS_STATUS_MAX", 2 );
|
34 |
//
|
35 |
//Constants for the "role" of the usrs table. Note that only short tags and descriptive strings and included,
|
36 |
//the integer index (starting at 0) is implied by the location in the table.
|
37 |
//
|
38 |
define("USRS_ROLE_UNSPECIFIED", 0 );
|
39 |
define("USRS_ROLE_STUDPRESOLO", 1 );
|
40 |
define("USRS_ROLE_STUDSOLO", 2 );
|
41 |
define("USRS_ROLE_CUSTNONPILOT", 3 );
|
42 |
define("USRS_ROLE_CUSTPILOT", 4 );
|
43 |
define("USRS_ROLE_EMPLINE", 5 );
|
44 |
define("USRS_ROLE_EMPMECHANIC", 6 );
|
45 |
define("USRS_ROLE_EMPOFFICE", 7 );
|
46 |
define("USRS_ROLE_EMPFINST", 8 );
|
47 |
define("USRS_ROLE_OWNER", 9 );
|
48 |
define("USRS_ROLE_MAX", 10 );
|
49 |
$USRS_ROLE_ARRAY = array(
|
50 |
"unspecified", "Unspecified",
|
51 |
"studpresolo", "Student, Pre-Solo",
|
52 |
"studsolo", "Student, Solo",
|
53 |
"custnonpilot", "Customer, Non-Pilot",
|
54 |
"custpilot", "Customer, Pilot",
|
55 |
"empline", "Employee, Line",
|
56 |
"empmechanic", "Employee, Mechanic",
|
57 |
"empoffice", "Employee, Office",
|
58 |
"empfinst", "Employee, Flight Instructor",
|
59 |
"owner", "Owner"
|
60 |
);
|
61 |
//
|
62 |
//Constants for the sex (gender) of the user.
|
63 |
define("USRS_SEX_UNSPECIFIED", 0 );
|
64 |
define("USRS_SEX_FEMALE", 1 );
|
65 |
define("USRS_SEX_MALE", 2 );
|
66 |
//
|
67 |
//--------------------------------------------------------------------------------------------------------------
|
68 |
//Warning codes for the functions in usrs.inc and usrsx.inc. Warnings are typically returned as an array.
|
69 |
//
|
70 |
define("USRS_WARN_NONE", 0 ); //No warning.
|
71 |
//
|
72 |
//--------------------------------------------------------------------------------------------------------------
|
73 |
//Error codes for the functions in usrs.inc and usrsx.inc. Errors are typically returned as an array.
|
74 |
//
|
75 |
define("USRS_ERROR_NONE", 0 ); //No error.
|
76 |
define("USRS_ERROR_ACTION_PAR_ILLEGAL", 1 ); //The "action" parameter was illegal.
|
77 |
define("USRS_ERROR_IDX_ILLEGAL", 2 ); //The integer index supplied is illegal.
|
78 |
define("USRS_ERROR_USERID_ILLEGAL", 3 ); //The userid supplied is illegal.
|
79 |
define("USRS_ERROR_IDX_ON_ADD", 4 ); //The idx was specified on an add (illegal).
|
80 |
define("USRS_ERROR_NO_USERID_ON_ADD", 5 ); //The userid was missing on an add operation.
|
81 |
define("USRS_ERROR_DUP_USERID_ON_ADD", 6 ); //The userid was already in the table on an add operation.
|
82 |
define("USRS_ERROR_MOD_REC_NOT_PRESENT", 7 ); //The user record specified was not present.
|
83 |
define("USRS_ERROR_MOD_IDX_USERID_INCONSISTENT", 8 ); //The index and userid were both specified for modification,
|
84 |
//and they were inconsistent.
|
85 |
define("USRS_ERROR_EDITING_COLLISION", 9 ); //Attempt to modify a record that was modified since browser
|
86 |
//form copy loaded.
|
87 |
define("USRS_ERROR_UNSPECIFIED", 10 ); //An error of an unknown, unspecified, or unexpected type.
|
88 |
//
|
89 |
//--------------------------------------------------------------------------------------------------------------
|
90 |
//Returns TRUE if the passed string is acceptable for a userid, or an array of complaints
|
91 |
//if the passed string is not acceptable.
|
92 |
//
|
93 |
function USRS_userid_membership_test($arg)
|
94 |
{
|
95 |
$rvidx = 0;
|
96 |
|
97 |
//Must be string type.
|
98 |
if (! is_string($arg))
|
99 |
{
|
100 |
$rv[$rvidx] = "The <i>userid</i> must be a string (internal software error).";
|
101 |
$rvidx++;
|
102 |
return($rv);
|
103 |
}
|
104 |
|
105 |
//Must not be zero length.
|
106 |
$len = strlen($arg);
|
107 |
if ($len == 0)
|
108 |
{
|
109 |
$rv[$rvidx] = "The <i>userid</i> must be at least one character long.";
|
110 |
$rvidx++;
|
111 |
return($rv);
|
112 |
}
|
113 |
|
114 |
//Must not be too long.
|
115 |
if ($len > 20)
|
116 |
{
|
117 |
$rv[$rvidx] = "The <i>userid</i> may not be longer than 20 characters.";
|
118 |
$rvidx++;
|
119 |
return($rv);
|
120 |
}
|
121 |
|
122 |
//Split the string for further analysis.
|
123 |
$first_char = SubStr($arg, 0, 1);
|
124 |
$remainder = SubStr($arg, 1, $len-1);
|
125 |
|
126 |
//First character must be lower-case letter.
|
127 |
if (strpos("abcdefghijklmnopqrstuvwxyz", $first_char) === FALSE)
|
128 |
{
|
129 |
$rv[$rvidx] = "The first character of the <i>userid</i> must be a letter.";
|
130 |
$rvidx++;
|
131 |
return($rv);
|
132 |
}
|
133 |
|
134 |
//Remaining characters must be lower-case letters or digits.
|
135 |
for ($i=0; $i < ($len-1); $i++)
|
136 |
{
|
137 |
$c = SubStr($remainder, $i, 1);
|
138 |
if (strpos("abcdefghijklmnopqrstuvwxyz0123456789", $c) === FALSE)
|
139 |
{
|
140 |
$rv[$rvidx] = "All characters of the <i>userid</i> must be letters or digits.";
|
141 |
$rvidx++;
|
142 |
return($rv);
|
143 |
}
|
144 |
}
|
145 |
|
146 |
//Seems OK.
|
147 |
return(TRUE);
|
148 |
}
|
149 |
//
|
150 |
//--------------------------------------------------------------------------------------------------------------
|
151 |
//Returns the index of the entry from the usrs table where the userid matches, or
|
152 |
//FALSE if the entry does not exist.
|
153 |
//
|
154 |
function USRS_userid_idx_map($arg)
|
155 |
{
|
156 |
global $GLOBAL_dbhandle;
|
157 |
|
158 |
//Form the query string.
|
159 |
$query_string = "SELECT idx FROM usrs WHERE userid=\""
|
160 |
.
|
161 |
mysql_real_escape_string($arg, $GLOBAL_dbhandle)
|
162 |
.
|
163 |
"\"";
|
164 |
|
165 |
//Execute the query.
|
166 |
$result = mysql_query($query_string, $GLOBAL_dbhandle);
|
167 |
|
168 |
if ($result === FALSE)
|
169 |
{
|
170 |
//Unknown query failure. Return FALSE to the caller. No need to free,
|
171 |
//as this is not a result.
|
172 |
return(FALSE);
|
173 |
}
|
174 |
else
|
175 |
{
|
176 |
//Get the integer result.
|
177 |
$row = mysql_fetch_array($result, MYSQL_NUM);
|
178 |
|
179 |
$rv = $row[0];
|
180 |
|
181 |
//Free the result.
|
182 |
mysql_free_result($result);
|
183 |
|
184 |
//Return the appropriate.
|
185 |
if($rv > 0)
|
186 |
return($rv);
|
187 |
else
|
188 |
return(FALSE);
|
189 |
}
|
190 |
}
|
191 |
//
|
192 |
//--------------------------------------------------------------------------------------------------------------
|
193 |
//Retrieves a two dimensional associative array corresponding to the USRS record
|
194 |
//with the passed USERID, or FALSE if the record does not exist.
|
195 |
//
|
196 |
function USRS_retrieve_by_userid($userid)
|
197 |
{
|
198 |
global $GLOBAL_dbhandle;
|
199 |
|
200 |
//Form the query string.
|
201 |
$query_string = "SELECT * FROM usrs WHERE userid=\""
|
202 |
.
|
203 |
mysql_real_escape_string($userid, $GLOBAL_dbhandle)
|
204 |
.
|
205 |
"\"";
|
206 |
|
207 |
//Execute the query.
|
208 |
$result = mysql_query($query_string, $GLOBAL_dbhandle);
|
209 |
|
210 |
if ($result === FALSE)
|
211 |
{
|
212 |
//Unknown query failure. Return FALSE to the caller. No need to free,
|
213 |
//as this is not a result.
|
214 |
$rv = FALSE;
|
215 |
}
|
216 |
else
|
217 |
{
|
218 |
//Figure out how many rows in the result.
|
219 |
$nrows = mysql_num_rows($result);
|
220 |
|
221 |
if ($nrows == 0)
|
222 |
{
|
223 |
//No rows in the result. The query failed to give us a record, but still
|
224 |
//we need to free the result set.
|
225 |
|
226 |
//Free the result.
|
227 |
mysql_free_result($result);
|
228 |
|
229 |
//The caller gets FALSE. No record with that SID.
|
230 |
$rv = FALSE;
|
231 |
}
|
232 |
else
|
233 |
{
|
234 |
//We have at least one record. Assume just one, because the USERID is supposed
|
235 |
//to be unique.
|
236 |
$rv = mysql_fetch_assoc($result); //Get the associative record.
|
237 |
|
238 |
//Free the result.
|
239 |
mysql_free_result($result);
|
240 |
}
|
241 |
|
242 |
//Return the value to the caller.
|
243 |
return($rv);
|
244 |
}
|
245 |
}
|
246 |
//
|
247 |
//--------------------------------------------------------------------------------------------------------------
|
248 |
//Retrieves a two dimensional associative array corresponding to the USRS record
|
249 |
//with the passed IDX, or FALSE if the record does not exist.
|
250 |
//
|
251 |
function USRS_retrieve_by_idx($idx)
|
252 |
{
|
253 |
global $GLOBAL_dbhandle;
|
254 |
|
255 |
//Form the query string.
|
256 |
$query_string = "SELECT * FROM usrs WHERE idx=\""
|
257 |
.
|
258 |
mysql_real_escape_string($idx, $GLOBAL_dbhandle)
|
259 |
.
|
260 |
"\"";
|
261 |
|
262 |
//Execute the query.
|
263 |
$result = mysql_query($query_string, $GLOBAL_dbhandle);
|
264 |
|
265 |
if ($result === FALSE)
|
266 |
{
|
267 |
//Unknown query failure. Return FALSE to the caller. No need to free,
|
268 |
//as this is not a result.
|
269 |
$rv = FALSE;
|
270 |
}
|
271 |
else
|
272 |
{
|
273 |
//Figure out how many rows in the result.
|
274 |
$nrows = mysql_num_rows($result);
|
275 |
|
276 |
if ($nrows == 0)
|
277 |
{
|
278 |
//No rows in the result. The query failed to give us a record, but still
|
279 |
//we need to free the result set.
|
280 |
|
281 |
//Free the result.
|
282 |
mysql_free_result($result);
|
283 |
|
284 |
//The caller gets FALSE. No record with that SID.
|
285 |
$rv = FALSE;
|
286 |
}
|
287 |
else
|
288 |
{
|
289 |
//We have at least one record. Assume just one, because the IDX is supposed
|
290 |
//to be unique.
|
291 |
$rv = mysql_fetch_assoc($result); //Get the associative record.
|
292 |
|
293 |
//Free the result.
|
294 |
mysql_free_result($result);
|
295 |
}
|
296 |
|
297 |
//Return the value to the caller.
|
298 |
return($rv);
|
299 |
}
|
300 |
}
|
301 |
//
|
302 |
//--------------------------------------------------------------------------------------------------------------
|
303 |
//Given an associative array containing information about a user, returns:
|
304 |
// a)The userid.
|
305 |
// b)The name to be displayed. The database rules may be lax, so need to protect for the possibility that
|
306 |
// the last name, first name, or both are missing.
|
307 |
//
|
308 |
function USRS_form_display_strings_a($uinfo, &$userid, &$dname)
|
309 |
{
|
310 |
if ($uinfo === FALSE)
|
311 |
{
|
312 |
$userid = "invaliduser";
|
313 |
$dname = "Invalid User";
|
314 |
}
|
315 |
else if ((strlen($uinfo["lname"]) > 0) && (strlen($uinfo["fname"]) > 0))
|
316 |
{
|
317 |
//This is the very normal case where we have a first and last name.
|
318 |
$userid = $uinfo["userid"];
|
319 |
$dname = $uinfo["fname"] . " " . $uinfo["lname"];
|
320 |
}
|
321 |
else if ((strlen($uinfo["lname"]) > 0) && (strlen($uinfo["fname"]) == 0))
|
322 |
{
|
323 |
//First name seems to be absent.
|
324 |
if ($uinfo["sex"] == USRS_SEX_UNSPECIFIED)
|
325 |
{
|
326 |
$title = "Mr. or Ms.";
|
327 |
}
|
328 |
else if ($uinfo["sex"] == USRS_SEX_FEMALE)
|
329 |
{
|
330 |
$title = "Ms.";
|
331 |
}
|
332 |
else
|
333 |
{
|
334 |
$title = "Mr.";
|
335 |
}
|
336 |
|
337 |
$userid = $uinfo["userid"];
|
338 |
$dname = $title . " " . $uinfo["lname"];
|
339 |
}
|
340 |
else
|
341 |
{
|
342 |
//We want to refer to this user by number rather than name. The name seems to be
|
343 |
//critically absent.
|
344 |
$userid = $uinfo["userid"];
|
345 |
$dname = sprintf("User #%d", $uinfo["idx"]);
|
346 |
}
|
347 |
}
|
348 |
//
|
349 |
//--------------------------------------------------------------------------------------------------------------
|
350 |
//Updates the "mostrecentlogin" string of a user's database record. Input parameter is minimally
|
351 |
//checked to be sure no surprises.
|
352 |
//
|
353 |
//The crmodsguid of the record isn't updated or checked. Reason is that this is an independent
|
354 |
//matter (the most recent login time) and not something that can ever be changed directly by
|
355 |
//a user.
|
356 |
//
|
357 |
function USRS_set_mostrecentlogin($userinfo, $mrl_in)
|
358 |
{
|
359 |
global $GLOBAL_dbhandle;
|
360 |
|
361 |
//echo "<pre>\n";
|
362 |
//print_r($sid_in);
|
363 |
//print_r($sddt_in);
|
364 |
//print_r($sdtim_in);
|
365 |
//echo "</pre>\n";
|
366 |
|
367 |
//Force this to be a string.
|
368 |
$mrl_in = (string)$mrl_in;
|
369 |
|
370 |
//Force this to be all numeric.
|
371 |
$mrl_in = STRFUNC_force_into_subset($mrl_in, "0123456789");
|
372 |
|
373 |
//If it is longer than 8 characters, whack it down.
|
374 |
if (strlen($mrl_in) > 8)
|
375 |
$mrl_in = SubStr($mrl_in, 0, 8);
|
376 |
|
377 |
//Do the query. Nothing should go wrong.
|
378 |
$query_string = "UPDATE usrs set mostrecentlogin=\""
|
379 |
.
|
380 |
mysql_real_escape_string ($mrl_in, $GLOBAL_dbhandle)
|
381 |
.
|
382 |
"\" WHERE idx=\""
|
383 |
.
|
384 |
$userinfo["idx"]
|
385 |
.
|
386 |
"\"";
|
387 |
//Run the query. We don't much care whether it fails or succeeds (nothing to be done, anyway).
|
388 |
mysql_query($query_string, $GLOBAL_dbhandle);
|
389 |
}
|
390 |
//
|
391 |
//--------------------------------------------------------------------------------------------------------------
|
392 |
//End of $RCSfile: usrs.inc,v $.
|
393 |
//--------------------------------------------------------------------------------------------------------------
|
394 |
?>
|