2 /**********************************************************************
3 Copyright (C) FrontAccounting, LLC.
4 Released under the terms of the GNU General Public License, GPL,
5 as published by the Free Software Foundation, either version 3
6 of the License, or (at your option) any later version.
7 This program is distributed in the hope that it will be useful,
8 but WITHOUT ANY WARRANTY; without even the implied warranty of
9 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
10 See the License here <http://www.gnu.org/licenses/gpl-3.0.html>.
11 ***********************************************************************/
13 function add_user($user_id, $real_name, $password, $phone, $email, $role_id,
14 $language, $profile, $rep_popup, $pos)
16 $sql = "INSERT INTO ".TB_PREF."users (user_id, real_name, password"
17 .", phone, email, role_id, language, pos, print_profile, rep_popup)
18 VALUES (".db_escape($user_id).",
19 ".db_escape($real_name).", ".db_escape($password) .",".db_escape($phone)
20 .",".db_escape($email).", ".db_escape($role_id).", ".db_escape($language)
21 .", ".db_escape($pos).",".db_escape($profile).",".db_escape($rep_popup)
24 db_query($sql, "could not add user for $user_id");
27 //-----------------------------------------------------------------------------------------------
29 function update_user_password($id, $user_id, $password)
31 $sql = "UPDATE ".TB_PREF."users SET password=".db_escape($password) . ",
32 user_id = ".db_escape($user_id). " WHERE id=".db_escape($id);
34 db_query($sql, "could not update user password for $user_id");
37 //-----------------------------------------------------------------------------------------------
39 function update_user($id, $user_id, $real_name, $phone, $email, $role_id,
40 $language, $profile, $rep_popup, $pos)
42 $sql = "UPDATE ".TB_PREF."users SET real_name=".db_escape($real_name).
43 ", phone=".db_escape($phone).",
44 email=".db_escape($email).",
45 role_id=".db_escape($role_id).",
46 language=".db_escape($language).",
47 print_profile=".db_escape($profile).",
48 rep_popup=".db_escape($rep_popup).",
49 pos=".db_escape($pos).",
50 user_id = " . db_escape($user_id)
51 . " WHERE id=" . db_escape($id);
52 db_query($sql, "could not update user for $user_id");
55 //-----------------------------------------------------------------------------------------------
57 function update_user_display_prefs($id, $price_dec, $qty_dec, $exrate_dec,
58 $percent_dec, $showgl, $showcodes, $date_format, $date_sep, $tho_sep,
59 $dec_sep, $theme, $pagesize, $show_hints, $profile, $rep_popup, $query_size,
60 $graphic_links, $lang, $stickydate, $startup_tab)
62 $sql = "UPDATE ".TB_PREF."users SET
63 prices_dec=".db_escape($price_dec).",
64 qty_dec=".db_escape($qty_dec).",
65 rates_dec=".db_escape($exrate_dec).",
66 percent_dec=".db_escape($percent_dec).",
67 show_gl=".db_escape($showgl).",
68 show_codes=".db_escape($showcodes).",
69 date_format=".db_escape($date_format).",
70 date_sep=".db_escape($date_sep).",
71 tho_sep=".db_escape($tho_sep).",
72 dec_sep=".db_escape($dec_sep).",
73 theme=".db_escape($theme).",
74 page_size=".db_escape($pagesize).",
75 show_hints=".db_escape($show_hints).",
76 print_profile=".db_escape($profile).",
77 rep_popup=".db_escape($rep_popup).",
78 query_size=".db_escape($query_size).",
79 graphic_links=".db_escape($graphic_links).",
80 language=".db_escape($lang).",
81 sticky_doc_date=".db_escape($stickydate).",
82 startup_tab=".db_escape($startup_tab)."
83 WHERE id = ".db_escape($id);
85 db_query($sql, "could not update user display prefs for $id");
88 //-----------------------------------------------------------------------------------------------
91 function get_users($all=false)
93 $sql = "SELECT u.*, r.role FROM ".TB_PREF."users u, ".TB_PREF."security_roles r
94 WHERE u.role_id=r.id";
95 if (!$all) $sql .= " AND !u.inactive";
97 return db_query($sql, "could not get users");
100 //-----------------------------------------------------------------------------------------------
102 function get_user($id)
104 $sql = "SELECT * FROM ".TB_PREF."users WHERE id=".db_escape($id);
106 $result = db_query($sql, "could not get user $id");
108 return db_fetch($result);
111 //-----------------------------------------------------------------------------------------------
112 // This function is necessary for admin prefs update after upgrade from 2.1
114 function get_user_by_login($user_id)
116 $sql = "SELECT * FROM ".TB_PREF."users WHERE user_id=".db_escape($user_id);
118 $result = db_query($sql, "could not get user $user_id");
120 return db_fetch($result);
123 //-----------------------------------------------------------------------------------------------
125 function delete_user($id)
127 $sql="DELETE FROM ".TB_PREF."users WHERE id=".db_escape($id);
129 db_query($sql, "could not delete user $id");
132 //-----------------------------------------------------------------------------------------------
134 function get_user_for_login($user_id, $password)
136 set_global_connection();
138 // do not exclude inactive records or you lost access after source upgrade
139 // on sites using pre 2.2 database
140 $sql = "SELECT * FROM ".TB_PREF."users WHERE user_id = ".db_escape($user_id)." AND"
141 ." password=".db_escape($password);
143 return db_query($sql, "could not get validate user login for $user_id");
146 //-----------------------------------------------------------------------------------------------
148 function update_user_visitdate($user_id)
150 $sql = "UPDATE ".TB_PREF."users SET last_visit_date='". date("Y-m-d H:i:s") ."'
151 WHERE user_id=".db_escape($user_id);
153 db_query($sql, "could not update last visit date for user $user_id");
156 //-----------------------------------------------------------------------------------------------
157 function check_user_activity($id)
159 $sql = "SELECT COUNT(*) FROM ".TB_PREF."audit_trail WHERE audit_trail.user="
161 $result = db_query($sql,"Cant check user activity");
162 $ret = db_fetch($result);
167 //-----------------------------------------------------------------------------------------------
168 function show_users_online()
170 $timeoutseconds = 120;
173 $timeout=$timestamp-$timeoutseconds;
175 This will try to find out if user is coming behind proxy server. Why is this important?
176 If you have high traffic web site, it might happen that you receive lot of traffic
177 from the same proxy server (like AOL). In that case, the script would count them all as 1 user.
178 This function tryes to get real IP address.
179 Note that getenv() function doesn't work when PHP is running as ISAPI module
181 if (getenv('HTTP_CLIENT_IP')) {
182 $ip = getenv('HTTP_CLIENT_IP');
184 elseif (getenv('HTTP_X_FORWARDED_FOR')) {
185 $ip = getenv('HTTP_X_FORWARDED_FOR');
187 elseif (getenv('HTTP_X_FORWARDED')) {
188 $ip = getenv('HTTP_X_FORWARDED');
190 elseif (getenv('HTTP_FORWARDED_FOR')) {
191 $ip = getenv('HTTP_FORWARDED_FOR');
193 elseif (getenv('HTTP_FORWARDED')) {
194 $ip = getenv('HTTP_FORWARDED');
197 $ip = $_SERVER['REMOTE_ADDR'];
200 // Add user to database
201 db_query("INSERT INTO ".TB_PREF."useronline (timestamp, ip, file) VALUES ('". $timestamp ."','". $ip ."','". $_SERVER['PHP_SELF'] ."')");
202 //Remove users that were not online within $timeoutseconds.
203 db_query("DELETE FROM ".TB_PREF."useronline WHERE timestamp<". $timeout);
205 // Select online users
206 $result = db_query("SELECT DISTINCT ip FROM ".TB_PREF."useronline");
207 $users = db_num_rows($result);
208 return "$users ".($users == 1 ? _("user online") : _(" users online"));