query($query); if($rs === false){ throw new \UnexpectedValueException("SQL ERROR ON QUERY " . $query ); } } } public function authentificate(PDO $db, STRING $login, STRING $password){ foreach(self::$available_auth_methods as $method){ switch($method) { case "local": case "sql'": $user = new User_Sql($db); if($user->authentificate($login,$password)){ return $user; } break; default: return false; } } $user = new User($db); return $user; } public static function add_user_to_group(PDO $db, $userId,$groupId) { $tableRel = self::get_table_users_groups_rel_str(); $sql = "INSERT INTO $tableRel (user_id,group_id) VALUES (:userid, :groupid)"; $rs = $db->prepare($sql); $rs->execute( array( ":userid" => $userId, ":groupid" => $groupId )); } public static function del_user_from_group(PDO $db, $userId,$groupId) { $tableRel = self::get_table_users_groups_rel_str(); $sql = "DELETE FROM $tableRel WHERE user_id=:userid AND group_id=:groupid;"; $rs = $db->prepare($sql); $rs->execute( array( ":userid" => $userId, ":groupid" => $groupId )); } /* * Return an array of users objects. * is_connected for each ones is set to false */ public static function get_users_list(PDO $db, $activesOnly = true, $groups = null) { $tableUsers = self::get_table_users_str(); $tableGroups = self::get_table_groups_str(); $tableRel = $tableUsers . "_" . $tableGroups ."_rel"; //conditions $conditions = array(); if($activesOnly){ $conditions[] = "$tableUsers.active='1'"; } if(!is_null($groups)){ //$ groups is an untrusted entry; check it before using it on a non a query foreach($groups as $group){ if (!preg_match('/^[0-9]+$/',$group)){ throw new \UnexpectedValueException('$groups must be a list containing only digits'. $group); } } $conditions[] = "$tableUsers.id IN( SELECT $tableUsers.id FROM $tableUsers, $tableRel WHERE $tableRel.user_id = $tableUsers.id AND $tableRel.group_id IN ('" . implode("','",$groups) ."') )"; } $sql = " SELECT $tableUsers.id as id, $tableUsers.login as login, $tableUsers.display_name as display_name, $tableUsers.auth_method as auth_method, $tableUsers.external_uid as external_id, $tableUsers.admin as is_admin, $tableUsers.active as active, GROUP_CONCAT(groupsrel.group_id SEPARATOR \",\") as groups_ids, GROUP_CONCAT(groups.name SEPARATOR \",\") as groups_name FROM $tableUsers LEFT JOIN $tableRel as groupsrel ON groupsrel.user_id = $tableUsers.id LEFT JOIN $tableGroups as groups ON groups.id = groupsrel.group_id" .(empty($conditions) ? "" : " WHERE " . implode(" AND ", $conditions)) ." GROUP BY $tableUsers.id; "; $rs = $db->query($sql); $list = array(); while ($r = $rs->fetch()) { $groups_id = explode(",", $r["groups_ids"]); $groups_names = explode(",", $r["groups_name"]); $groups = array(); for($i = 0; $i < count($groups_id); $i++){ $groups[ $groups_id[$i] ] = $groups_names[$i]; } $user = new User($db); // array("login","external_id","id","display_name","auth_method","is_admin","group"); $user-> set_properties( array( "login" => $r["login"], "id" => $r["id"], "display_name" => $r["display_name"], "external_id" => $r["external_id"], "auth_method" => $r["auth_method"], "is_admin" => ($r["is_admin"] == "1"), "groups" => $groups ) ); $list[] = $user; } return $list; } }