Skip to content

Commit

Permalink
UserComponent
Browse files Browse the repository at this point in the history 
AuthComponent
  • Loading branch information
@sveneld
sveneld committed Mar 2, 2024
1 parent d099f3a commit b41097e
Show file tree
Hide file tree
Showing 18 changed files with 906 additions and 371 deletions.
23 changes: 9 additions & 14 deletions actions-qrcode.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,17 +3,12 @@

function response($message,$error=0,$log=1)
{
global $db,$systemname,$systemURL;
if ($log==1 AND $message)
{
if (isset($_COOKIE["loguserid"]))
{
$userid=$db->escape(trim($_COOKIE["loguserid"]));
}
else $userid=0;
$number=getphonenumber($userid);
logresult($number,$message);
}
global $db, $systemname, $systemURL, $user, $auth;
if ($log == 1 and $message) {
$userid = $auth->getUserId();
$number = $user->findPhoneNumber($userid);
logresult($number, $message);
}
$db->commit();
echo '<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta name="viewport" content="width=device-width, initial-scale=1"><title>',$systemname,'</title>';
echo '<base href="',$systemURL,'" />';
Expand Down Expand Up @@ -43,7 +38,7 @@ function response($message,$error=0,$log=1)
function rent($userId,$bike,$force=FALSE)
{

global $db,$forcestack,$watches,$credit;
global $db,$forcestack,$watches,$credit, $user;
$stacktopbike=FALSE;
$bikeNum = $bike;
$requiredcredit=$credit["min"]+$credit["rent"]+$credit["longrental"];
Expand Down Expand Up @@ -90,8 +85,8 @@ function rent($userId,$bike,$force=FALSE)
$result=$db->query("SELECT standName FROM stands WHERE standId='$standid'");
$row=$result->fetch_assoc();
$stand=$row["standName"];
$user=getusername($userId);
notifyAdmins(_('Bike')." ".$bike." "._('rented out of stack by')." ".$user.". ".$stacktopbike." "._('was on the top of the stack at')." ".$stand.".",ERROR);
$userName = $user->findUserName($userId);
notifyAdmins(_('Bike')." ".$bike." "._('rented out of stack by')." ".$userName.". ".$stacktopbike." "._('was on the top of the stack at')." ".$stand.".",ERROR);
}
if ($forcestack AND $stacktopbike<>$bike)
{
Expand Down
121 changes: 50 additions & 71 deletions actions-sms.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,9 +8,9 @@

function help($number)
{
global $db, $smsSender;
$userid=getUser($number);
$privileges=getprivileges($userid);
global $db, $smsSender, $user;
$userid = $user->findUserIdByNumber($number);
$privileges = $user->findPrivileges($userid);
if ($privileges>0)
{
$message="Commands:\nHELP\n";
Expand All @@ -33,20 +33,11 @@ function unknownCommand($number,$command)
$smsSender->send($number,_('Error. The command')." ".$command." "._('does not exist. If you need help, send:')." HELP");
}

/**
* @deprecated, call getuserid() directly
*/
function getUser($number)
{
return getuserid($number);
}

function validateNumber($number)
{
if (getUser($number))
return true;
else
return false;
global $user;

return !empty($user->findUserIdByNumber($number));
}

function info($number,$stand)
Expand Down Expand Up @@ -101,18 +92,18 @@ function validateReceivedSMS($number,$receivedargumentno,$requiredargumentno,$er

function credit($number)
{
global $db, $smsSender;
$userid=getUser($number);
global $db, $smsSender, $user;
$userid=$user->findUserIdByNumber($number);
$usercredit=getusercredit($userid).getcreditcurrency();
$smsSender->send($number,_('Your remaining credit:')." ".$usercredit);
}

function rent($number,$bike,$force=FALSE)
{

global $db,$forcestack,$watches,$credit, $smsSender;
global $db,$forcestack,$watches,$credit, $smsSender, $user;
$stacktopbike=FALSE;
$userId = getUser($number);
$userId = $user->findUserIdByNumber($number);
$bikeNum = intval($bike);
$requiredcredit=$credit["min"]+$credit["rent"]+$credit["longrental"];

Expand Down Expand Up @@ -178,8 +169,8 @@ function rent($number,$bike,$force=FALSE)
$result=$db->query("SELECT standName FROM stands WHERE standId='$standid'");
$row=$result->fetch_assoc();
$stand=$row["standName"];
$user=getusername($userId);
notifyAdmins(_('Bike')." ".$bike." "._('rented out of stack by')." ".$user.". ".$stacktopbike." "._('was on the top of the stack at')." ".$stand.".",ERROR);
$userName=$user->findUserName($userId);
notifyAdmins(_('Bike')." ".$bike." "._('rented out of stack by')." ".$userName.". ".$stacktopbike." "._('was on the top of the stack at')." ".$stand.".",ERROR);
}
if ($forcestack AND $stacktopbike<>$bikeNum)
{
Expand All @@ -202,12 +193,9 @@ function rent($number,$bike,$force=FALSE)
$row=$result->fetch_assoc();
$note=$row["note"];
$currentUserNumber = false;
if ($currentUser)
{
$result=$db->query("SELECT number FROM users WHERE userId=$currentUser");
$row =$result->fetch_assoc();
$currentUserNumber =$row["number"];
}
if ($currentUser) {
$currentUserNumber = $user->findPhoneNumber($currentUser);
}

$newCode = sprintf("%04d",rand(100,9900));//do not create a code with more than one leading zero or more than two leading 9s (kind of unusual/unsafe).

Expand Down Expand Up @@ -250,8 +238,8 @@ function rent($number,$bike,$force=FALSE)
function returnBike($number,$bike,$stand,$message="",$force=FALSE)
{

global $db, $smsSender;
$userId = getUser($number);
global $db, $smsSender, $user;
$userId = $user->findUserIdByNumber($number);
$bikeNum = intval($bike);
$stand = strtoupper($stand);

Expand Down Expand Up @@ -313,12 +301,9 @@ function returnBike($number,$bike,$stand,$message="",$force=FALSE)
$result=$db->query("SELECT note FROM notes WHERE bikeNum=$bikeNum AND deleted IS NULL ORDER BY time DESC LIMIT 1");
$row=$result->fetch_assoc();
$note=$row["note"];
if($currentUser)
{
$result=$db->query("SELECT number FROM users WHERE userId=$currentUser");
$row =$result->fetch_assoc();
$currentUserNumber =$row["number"];
}
if ($currentUser) {
$currentUserNumber = $user->findPhoneNumber($currentUser);
}
}

if (!preg_match("/return[\s,\.]+[0-9]+[\s,\.]+[a-zA-Z0-9]+[\s,\.]+(.*)/i",$message ,$matches))
Expand All @@ -331,10 +316,8 @@ function returnBike($number,$bike,$stand,$message="",$force=FALSE)
if ($userNote)
{
$db->query("INSERT INTO notes SET bikeNum=$bikeNum,userId=$userId,note='$userNote'");
$result=$db->query("SELECT userName,number FROM users WHERE userId='$userId'");
$row=$result->fetch_assoc();
$userName=$row["userName"];
$phone=$row["number"];
$userName = $user->findUserName($userId);
$phone = $user->findPhoneNumber($userId);
$result=$db->query("SELECT stands.standName FROM bikes LEFT JOIN users ON bikes.currentUser=users.userID LEFT JOIN stands ON bikes.currentStand=stands.standId WHERE bikeNum=$bikeNum");
$row=$result->fetch_assoc();
$standName=$row["standName"];
Expand Down Expand Up @@ -387,8 +370,8 @@ function returnBike($number,$bike,$stand,$message="",$force=FALSE)
function where($number,$bike)
{

global $db, $smsSender;
$userId = getUser($number);
global $db, $smsSender, $user;
$userId = $user->findUserIdByNumber($number);
$bikeNum = intval($bike);

$result=$db->query("SELECT number,userName,stands.standName FROM bikes LEFT JOIN users on bikes.currentUser=users.userID LEFT JOIN stands on bikes.currentStand=stands.standId where bikeNum=$bikeNum");
Expand Down Expand Up @@ -424,9 +407,9 @@ function where($number,$bike)
function listBikes($number,$stand)
{

global $db,$forcestack, $smsSender;
global $db,$forcestack, $smsSender, $user;
$stacktopbike=FALSE;
$userId = getUser($number);
$userId = $user->findUserIdByNumber($number);
$stand = strtoupper($stand);

if (!preg_match("/^[A-Z]+[0-9]*$/",$stand))
Expand Down Expand Up @@ -474,8 +457,8 @@ function listBikes($number,$stand)
function freeBikes($number)
{

global $db, $smsSender;
$userId = getUser($number);
global $db, $smsSender, $user;
$userId = $user->findUserIdByNumber($number);

$result=$db->query("SELECT count(bikeNum) as bikeCount,placeName from bikes join stands on bikes.currentStand=stands.standId where stands.serviceTag=0 group by placeName having bikeCount>0 order by placeName");
$rentedBikes=$result->num_rows;
Expand Down Expand Up @@ -545,8 +528,8 @@ function log_sms($sms_uuid, $sender, $receive_time, $sms_text, $ip)
function delnote($number,$bikeNum,$message)
{

global $db, $smsSender;
$userId = getUser($number);
global $db, $smsSender, $user;
$userId = $user->findUserIdByNumber($number);

$bikeNum=trim($bikeNum);
if(preg_match("/^[0-9]*$/",$bikeNum))
Expand Down Expand Up @@ -634,8 +617,8 @@ function delnote($number,$bikeNum,$message)
function untag($number,$standName,$message)
{

global $db, $smsSender;
$userId = getUser($number);
global $db, $smsSender, $user;
$userId = $user->findUserIdByNumber($number);

checkUserPrivileges($number);
$result=$db->query("SELECT standId FROM stands where standName='$standName'");
Expand Down Expand Up @@ -693,8 +676,8 @@ function untag($number,$standName,$message)
function delstandnote($number,$standName,$message)
{

global $db, $smsSender;
$userId = getUser($number);
global $db, $smsSender, $user;
$userId = $user->findUserIdByNumber($number);

checkUserPrivileges($number);
$result=$db->query("SELECT standId FROM stands where standName='$standName'");
Expand Down Expand Up @@ -752,8 +735,8 @@ function delstandnote($number,$standName,$message)
function standNote($number,$standName,$message)
{

global $db, $smsSender;
$userId = getUser($number);
global $db, $smsSender, $user;
$userId = $user->findUserIdByNumber($number);


$result=$db->query("SELECT standId FROM stands where standName='$standName'");
Expand Down Expand Up @@ -800,9 +783,8 @@ function standNote($number,$standName,$message)
function tag($number,$standName,$message)
{

global $db, $smsSender;
$userId = getUser($number);

global $db, $smsSender, $user;
$userId = $user->findUserIdByNumber($number);

$result=$db->query("SELECT standId FROM stands where standName='$standName'");
if ($result->num_rows!=1)
Expand Down Expand Up @@ -846,8 +828,8 @@ function tag($number,$standName,$message)
function note($number,$bikeNum,$message)
{

global $db, $smsSender;
$userId = getUser($number);
global $db, $smsSender, $user;
$userId = $user->findUserIdByNumber($number);

$bikeNum=trim($bikeNum);
if(preg_match("/^[0-9]*$/",$bikeNum))
Expand Down Expand Up @@ -928,8 +910,8 @@ function note($number,$bikeNum,$message)
function last($number,$bike)
{

global $db, $smsSender;
$userId = getUser($number);
global $db, $smsSender, $user;
$userId = $user->findUserIdByNumber($number);
$bikeNum = intval($bike);

$result=$db->query("SELECT bikeNum FROM bikes where bikeNum=$bikeNum");
Expand Down Expand Up @@ -965,8 +947,8 @@ function last($number,$bike)
function revert($number,$bikeNum)
{

global $db, $smsSender;
$userId = getUser($number);
global $db, $smsSender, $user;
$userId = $user->findUserIdByNumber($number);

$result=$db->query("SELECT currentUser FROM bikes WHERE bikeNum=$bikeNum AND currentUser<>'NULL'");
if (!$result->num_rows)
Expand All @@ -977,7 +959,7 @@ function revert($number,$bikeNum)
else
{
$row=$result->fetch_assoc();
$revertusernumber=getphonenumber($row["currentUser"]);
$revertusernumber=$user->findPhoneNumber($row["currentUser"]);
}

$result=$db->query("SELECT parameter,standName FROM stands LEFT JOIN history ON stands.standId=parameter WHERE bikeNum=$bikeNum AND action IN ('RETURN','FORCERETURN') ORDER BY time DESC LIMIT 1");
Expand Down Expand Up @@ -1012,10 +994,9 @@ function revert($number,$bikeNum)
function add($number,$email,$phone,$message)
{

global $db, $countrycode, $smsSender;
$userId = getUser($number);

$phone=normalizephonenumber($phone);
global $db, $countrycode, $smsSender, $user, $phonePurifier;
$userId = $user->findUserIdByNumber($number); #maybe we should check if the user exist???
$phone = $phonePurifier->purify($phone);

$result=$db->query("SELECT number,mail,userName FROM users where number=$phone OR mail='$email'");
if ($result->num_rows!=0)
Expand Down Expand Up @@ -1049,8 +1030,8 @@ function add($number,$email,$phone,$message)

function checkUserPrivileges($number)
{
global $db, $sms, $smsSender;
$userId=getUser($number);
global $db, $sms, $smsSender, $user;
$userId=$user->findUserIdByNumber($number);
$privileges=getPrivileges($userId);
if ($privileges==0)
{
Expand All @@ -1059,5 +1040,3 @@ function checkUserPrivileges($number)
exit;
}
}

?>
Loading

0 comments on commit b41097e

Please sign in to comment.