qm->escapeString($username) . "'"; $rs = $this->qm->fetchData($sql); //$data = $rs['data']; $result = $rs; return $result; } function fetchUserBySid($sid) { $result = false; //SINCE NOT USING SESSION ID IN USER TABLE HERE, MULTIPLE PEOPLE CAN LOG IN WITH SAME USER ACCOUNT //LOG OUT IS NOT REALLY DONIG ANYTHING NO SERVER SIDE SINCE IT UPDATES USER TABLE $sql = " SELECT u.web_user_id, web_user_type, u.handle, u.email " . " FROM " . USER_TBL . " u, " . USER_SESSION_TBL . " s " . " WHERE u.web_user_id = s.web_user_id AND s.session_id = '$sid' AND u.is_activated = 'Y' "; $rs = $this->qm->fetchData($sql); //echo $sql; var_dump($rs); exit; if ($rs['success']) { /* Here can fetch user type specific data if reuqired for specific user types */ $row = $rs['data'][0]; if (is_array($row) && count($row)) { if($row['web_user_type'] == 'Standard' || $row['web_user_type'] == 'Receiver' || $row['web_user_type'] == 'Scanner' || $row['web_user_type'] == INVENTORY_USER || $row['web_user_type'] == PHARMACY_USER || $row['web_user_type'] == WHOLESALER_USER ) { require_once(CLASS_PATH . 'portal/model/EmployeeUser.php'); $employee_data = $this->fetchEmployeeDataByUserId($row['web_user_id']); $full_data = array_merge($employee_data, $row); $user = new EmployeeUser(); $user->initData($full_data); $result = $user; } else { $user = new User(); $user->initData($row); $result = $user; } } } return $result; } function fetchEmployeeDataByUserId($web_user_id) { $sql = "SELECT * FROM employee WHERE user_id = $web_user_id "; $rs = $this->qm->fetchData($sql); $result = $rs['data'][0]; return $result; } function fetchUserByToken($token) { //can only be 30 chars. $sql = " SELECT web_user_id user_id, forgot_token from " . USER_TBL . " WHERE forgot_token = '" . cf_dbPrepare(trim(substr($token, 0, 30))) . "' AND is_activated = 'Y' "; $result = $this->qm->fetchData($sql); //$result = $rs['data'][0]; return $result; } function fetchUserPermissions($user_id) { //assuming only one web user per employee id now $sql = " SELECT sp.permission FROM web_user_permission wp, system_permission sp WHERE wp.system_permission_id = sp.system_permission_id AND wp.web_user_id = $user_id AND wp.is_activated = 'Y' "; $rs = $this->qm->fetchData($sql, 'permission'); return $rs['data']; } /* In this version, admin email is only one in the user table. Otherwise fetch email from client table. There is only one user per client in this version */ function resolveUserEmail($user_id) { } function fetchUserEmail($user_id) { } function fetchClientEmail($client_id) { $sql = " SELECT email FROM client WHERE client_id = $client_id"; $rs = $this->qm->fetchData($sql); return $rs['data'][0]['ct']; } function createSession($id, $ip) { $dsql = " DELETE FROM " . USER_SESSION_TBL . " WHERE session_id = '" . session_id() . "' "; $this->qm->doSql($dsql); //$ip = $_SERVER["REMOTE_ADDR"]; $isql = "INSERT INTO " . USER_SESSION_TBL . " (web_user_id, session_id, ip, last_login) " . " VALUES ( '$id', '" . session_id() . "', '$ip', now() )"; $this->qm->doSql($isql); /* $isql = "UPDATE " .USER_TBL . " SET " . " session_id = '" . session_id() . "', " . " last_login = now() " . " WHERE user_id = '$id'"; $this->qm->doSql($isql); */ } function fetchClient($client_id) { $sql = " SELECT * FROM client WHERE client_id = '$client_id' "; $rs = $this->qm->fetchData($sql); $row = $rs['data'][0]; $client = new Client(); $client->init($row); return $client; } function addUser($data) { //echo 'adsf'; $sql = " INSERT INTO web_user (web_user_type, web_username, password, handle, cr_dtm, last_password_update) " . " VALUES ('" . $data['web_user_type'] . "', " . " '" . cf_dbPrepare(trim($data['web_username']), NO_HTML) . "', " . " '" . password_hash(trim($data['password']), PASSWORD_DEFAULT) . "', " . " '" . cf_dbPrepare(trim($data['handle']), NO_HTML) . "', " . " now(), now() )"; $iresult = $this->qm->doSql($sql); return $iresult['success']; } function updateUsername() { $sql = " UPDATE web_user SET " . " web_username = " . (!empty($data['email']) ? "'" . cf_dbPrepare(trim($data['email']), NO_HTML) . "'" : "NULL") . " WHERE plan_manager_id = " . $data['plan_manager_id']; $result = $this->qm->doSql($sql); return $result['success']; } function updatePassword($user_id, $pwd) { $sql = " UPDATE web_user SET last_password_update = NOW(), password = '" . password_hash(trim($pwd), PASSWORD_DEFAULT) . "' WHERE web_user_id = $user_id "; $result = $this->qm->doSql($sql); //echo $sql; var_dump($result); exit; return $result['success']; } function usernameExists() { $sql = " SELECT COUNT(*) ct FROM web_user WHERE web_username = '" . cf_dbPrepare(trim($data['web_username']), NO_HTML) . "'"; $rs = $this->qm->fetchData($sql); return $rs['data'][0]['ct']; } } ?> Login

Login