mirror of
https://github.com/fusionpbx/fusionpbx.git
synced 2025-12-30 17:13:49 +00:00
363 lines
11 KiB
PHP
363 lines
11 KiB
PHP
<?php
|
|
/*
|
|
FusionPBX
|
|
Version: MPL 1.1
|
|
|
|
The contents of this file are subject to the Mozilla Public License Version
|
|
1.1 (the "License"); you may not use this file except in compliance with
|
|
the License. You may obtain a copy of the License at
|
|
http://www.mozilla.org/MPL/
|
|
|
|
Software distributed under the License is distributed on an "AS IS" basis,
|
|
WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
|
|
for the specific language governing rights and limitations under the
|
|
License.
|
|
|
|
The Original Code is FusionPBX
|
|
|
|
The Initial Developer of the Original Code is
|
|
Mark J Crane <markjcrane@fusionpbx.com>
|
|
Portions created by the Initial Developer are Copyright (C) 2019-2025
|
|
the Initial Developer. All Rights Reserved.
|
|
|
|
Contributor(s):
|
|
Mark J Crane <markjcrane@fusionpbx.com>
|
|
*/
|
|
|
|
/**
|
|
* users class
|
|
*/
|
|
class users {
|
|
|
|
/**
|
|
* declare constant variables
|
|
*/
|
|
const app_name = 'users';
|
|
const app_uuid = '112124b3-95c2-5352-7e9d-d14c0b88f207';
|
|
|
|
/**
|
|
* Set in the constructor. Must be a database object and cannot be null.
|
|
*
|
|
* @var database Database Object
|
|
*/
|
|
private $database;
|
|
|
|
/**
|
|
* Settings object set in the constructor. Must be a settings object and cannot be null.
|
|
*
|
|
* @var settings Settings Object
|
|
*/
|
|
private $settings;
|
|
|
|
/**
|
|
* Domain UUID set in the constructor. This can be passed in through the $settings_array associative array or set
|
|
* in the session global array
|
|
*
|
|
* @var string
|
|
*/
|
|
private $domain_uuid;
|
|
|
|
/**
|
|
* declare the variables
|
|
*/
|
|
private $name;
|
|
private $table;
|
|
private $toggle_field;
|
|
private $toggle_values;
|
|
private $location;
|
|
|
|
/**
|
|
* Constructor for the class.
|
|
*
|
|
* This method initializes the object with setting_array and session data.
|
|
*
|
|
* @param array $setting_array An optional array of settings to override default values. Defaults to [].
|
|
*/
|
|
public function __construct(array $setting_array = []) {
|
|
//set domain and user UUIDs
|
|
$this->domain_uuid = $setting_array['domain_uuid'] ?? $_SESSION['domain_uuid'] ?? '';
|
|
|
|
//set objects
|
|
$this->database = $setting_array['database'] ?? database::new();
|
|
|
|
//assign the variables
|
|
$this->name = 'user';
|
|
$this->table = 'users';
|
|
$this->toggle_field = 'user_enabled';
|
|
$this->toggle_values = ['true', 'false'];
|
|
$this->location = 'users.php';
|
|
}
|
|
|
|
/**
|
|
* Deletes one or multiple records.
|
|
*
|
|
* @param array $records An array of record IDs to delete, where each ID is an associative array
|
|
* containing 'uuid' and 'checked' keys. The 'checked' value indicates
|
|
* whether the corresponding checkbox was checked for deletion.
|
|
*
|
|
* @return void No return value; this method modifies the database state and sets a message.
|
|
*/
|
|
public function delete($records) {
|
|
if (permission_exists($this->name . '_delete')) {
|
|
|
|
//add multi-lingual support
|
|
$language = new text;
|
|
$text = $language->get();
|
|
|
|
//validate the token
|
|
$token = new token;
|
|
if (!$token->validate($_SERVER['PHP_SELF'])) {
|
|
message::add($text['message-invalid_token'], 'negative');
|
|
header('Location: ' . $this->location);
|
|
exit;
|
|
}
|
|
|
|
//delete multiple records
|
|
if (is_array($records) && @sizeof($records) != 0) {
|
|
//build the delete array
|
|
$x = 0;
|
|
foreach ($records as $record) {
|
|
//add to the array
|
|
if (!empty($record['checked']) && $record['checked'] == 'true' && is_uuid($record['uuid'])) {
|
|
//get the user_uuid
|
|
$user_uuid = $record['uuid'];
|
|
|
|
//get the user's domain from v_users
|
|
if (permission_exists('user_domain')) {
|
|
$sql = "select domain_uuid from v_users ";
|
|
$sql .= "where user_uuid = :user_uuid ";
|
|
$parameters['user_uuid'] = $user_uuid;
|
|
$domain_uuid = $this->database->select($sql, $parameters, 'column');
|
|
unset($sql, $parameters);
|
|
} else {
|
|
$domain_uuid = $this->domain_uuid;
|
|
}
|
|
|
|
//required to be a superadmin to delete a member of the superadmin group
|
|
$superadmin_list = superadmin_list();
|
|
if (if_superadmin($superadmin_list, $user_uuid)) {
|
|
if (!if_group("superadmin")) {
|
|
//access denied - do not delete the user
|
|
header("Location: index.php");
|
|
return;
|
|
}
|
|
}
|
|
|
|
//delete the user settings
|
|
$array['user_settings'][$x]['user_uuid'] = $user_uuid;
|
|
$array['user_settings'][$x]['domain_uuid'] = $domain_uuid;
|
|
|
|
//delete the groups the user is assigned to
|
|
$array['user_groups'][$x]['user_uuid'] = $user_uuid;
|
|
$array['user_groups'][$x]['domain_uuid'] = $domain_uuid;
|
|
|
|
//delete the user
|
|
$array['users'][$x]['user_uuid'] = $user_uuid;
|
|
$array['users'][$x]['domain_uuid'] = $domain_uuid;
|
|
|
|
//increment the id
|
|
$x++;
|
|
}
|
|
}
|
|
|
|
//delete the checked rows
|
|
if (is_array($array) && @sizeof($array) != 0) {
|
|
//execute
|
|
$p = permissions::new();
|
|
$p->add('user_setting_delete', 'temp');
|
|
$p->add('user_group_delete', 'temp');
|
|
|
|
//execute delete
|
|
$this->database->delete($array);
|
|
unset($array);
|
|
|
|
$p->delete('user_setting_delete', 'temp');
|
|
$p->delete('user_group_delete', 'temp');
|
|
|
|
//set message
|
|
message::add($text['message-delete']);
|
|
}
|
|
unset($records);
|
|
}
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Toggles the state of one or more records.
|
|
*
|
|
* @param array $records An array of record IDs to delete, where each ID is an associative array
|
|
* containing 'uuid' and 'checked' keys. The 'checked' value indicates
|
|
* whether the corresponding checkbox was checked for deletion.
|
|
*
|
|
* @return void No return value; this method modifies the database state and sets a message.
|
|
*/
|
|
public function toggle($records) {
|
|
if (permission_exists($this->name . '_edit')) {
|
|
|
|
//add multi-lingual support
|
|
$language = new text;
|
|
$text = $language->get();
|
|
|
|
//validate the token
|
|
$token = new token;
|
|
if (!$token->validate($_SERVER['PHP_SELF'])) {
|
|
message::add($text['message-invalid_token'], 'negative');
|
|
header('Location: ' . $this->location);
|
|
exit;
|
|
}
|
|
|
|
//toggle the checked records
|
|
if (is_array($records) && @sizeof($records) != 0) {
|
|
//get current toggle state
|
|
foreach ($records as $record) {
|
|
if (!empty($record['checked']) && $record['checked'] == 'true' && is_uuid($record['uuid'])) {
|
|
$uuids[] = "'" . $record['uuid'] . "'";
|
|
}
|
|
}
|
|
if (is_array($uuids) && @sizeof($uuids) != 0) {
|
|
$sql = "select " . $this->name . "_uuid as uuid, " . $this->toggle_field . " as toggle from v_" . $this->table . " ";
|
|
$sql .= "where " . $this->name . "_uuid in (" . implode(', ', $uuids) . ") ";
|
|
$rows = $this->database->select($sql, $parameters ?? null, 'all');
|
|
if (is_array($rows) && @sizeof($rows) != 0) {
|
|
foreach ($rows as $row) {
|
|
$states[$row['uuid']] = $row['toggle'];
|
|
}
|
|
}
|
|
unset($sql, $parameters, $rows, $row);
|
|
}
|
|
|
|
//build update array
|
|
$x = 0;
|
|
foreach ($states as $uuid => $state) {
|
|
//create the array
|
|
$array[$this->table][$x][$this->name . '_uuid'] = $uuid;
|
|
$array[$this->table][$x][$this->toggle_field] = $state == $this->toggle_values[0] ? $this->toggle_values[1] : $this->toggle_values[0];
|
|
|
|
//increment the id
|
|
$x++;
|
|
}
|
|
|
|
//save the changes
|
|
if (is_array($array) && @sizeof($array) != 0) {
|
|
//save the array
|
|
|
|
$this->database->save($array);
|
|
unset($array);
|
|
|
|
//set message
|
|
message::add($text['message-toggle']);
|
|
}
|
|
unset($records, $states);
|
|
}
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Copies one or more records
|
|
*
|
|
* @param array $records An array of record IDs to delete, where each ID is an associative array
|
|
* containing 'uuid' and 'checked' keys. The 'checked' value indicates
|
|
* whether the corresponding checkbox was checked for deletion.
|
|
*
|
|
* @return void No return value; this method modifies the database state and sets a message.
|
|
*/
|
|
public function copy($records) {
|
|
if (permission_exists($this->name . '_add')) {
|
|
|
|
//add multi-lingual support
|
|
$language = new text;
|
|
$text = $language->get();
|
|
|
|
//validate the token
|
|
$token = new token;
|
|
if (!$token->validate($_SERVER['PHP_SELF'])) {
|
|
message::add($text['message-invalid_token'], 'negative');
|
|
header('Location: ' . $this->location);
|
|
exit;
|
|
}
|
|
|
|
//copy the checked records
|
|
if (!empty($records) && is_array($records) && @sizeof($records) != 0) {
|
|
|
|
//get checked records
|
|
foreach ($records as $record) {
|
|
if (!empty($record['checked']) && $record['checked'] == 'true' && is_uuid($record['uuid'])) {
|
|
$uuids[] = "'" . $record['uuid'] . "'";
|
|
}
|
|
}
|
|
|
|
//create the array from existing data
|
|
if (!empty($uuids) && is_array($uuids) && @sizeof($uuids) != 0) {
|
|
$sql = "select * from v_" . $this->table . " ";
|
|
$sql .= "where " . $this->name . "_uuid in (" . implode(', ', $uuids) . ") ";
|
|
$rows = $this->database->select($sql, $parameters ?? null, 'all');
|
|
if (is_array($rows) && @sizeof($rows) != 0) {
|
|
$x = 0;
|
|
foreach ($rows as $row) {
|
|
//convert boolean values to a string
|
|
foreach ($row as $key => $value) {
|
|
if (gettype($value) == 'boolean') {
|
|
$value = $value ? 'true' : 'false';
|
|
$row[$key] = $value;
|
|
}
|
|
}
|
|
|
|
//copy data
|
|
$array[$this->table][$x] = $row;
|
|
|
|
//add copy to the description
|
|
$array[$this->table][$x][$this->name . '_uuid'] = uuid();
|
|
$array[$this->table][$x]['username'] = $row['username'] . '-' . $text['label-copy'];
|
|
|
|
//increment the id
|
|
$x++;
|
|
}
|
|
}
|
|
unset($sql, $parameters, $rows, $row);
|
|
}
|
|
|
|
//save the changes and set the message
|
|
if (!empty($array) && is_array($array) && @sizeof($array) != 0) {
|
|
//save the array
|
|
$this->database->save($array);
|
|
unset($array);
|
|
|
|
//set message
|
|
message::add($text['message-copy']);
|
|
}
|
|
unset($records);
|
|
}
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Remove old user log entries. Called the maintenance service application.
|
|
*
|
|
* @param settings $settings
|
|
*
|
|
* @return void
|
|
*/
|
|
public static function database_maintenance(settings $settings): void {
|
|
$database = $settings->database();
|
|
$domains = maintenance_service::get_domains($database);
|
|
foreach ($domains as $domain_uuid => $domain_name) {
|
|
$domain_settings = new settings(['database' => $database, 'domain_uuid' => $domain_uuid]);
|
|
$retention_days = $domain_settings->get('users', 'database_retention_days', '');
|
|
if (!empty($retention_days) && is_numeric($retention_days)) {
|
|
$sql = "delete from v_user_logs where timestamp < NOW() - INTERVAL '$retention_days days'";
|
|
$sql .= " and domain_uuid = '$domain_uuid'";
|
|
$database->execute($sql);
|
|
$code = $database->message['code'] ?? 0;
|
|
if ($code == 200) {
|
|
maintenance_service::log_write(self::class, "Successfully removed entries older than $retention_days", $domain_uuid);
|
|
} else {
|
|
$message = $database->message['message'] ?? "An unknown error has occurred";
|
|
maintenance_service::log_write(self::class, "Unable to remove old database records. Error message: $message ($code)", $domain_uuid, maintenance_service::LOG_ERROR);
|
|
}
|
|
} else {
|
|
maintenance_service::log_write(self::class, "Database retention days not set or not numeric", $domain_uuid);
|
|
}
|
|
}
|
|
}
|
|
}
|