<?php
/* Copyright (c) 2002-2005 Rodolphe Quiedeville <rodolphe@quiedeville.org>
 * Copyright (c) 2002-2003 Jean-Louis Bergamo   <jlb@j1b.org>
 * Copyright (c) 2004-2005 Laurent Destailleur  <eldy@users.sourceforge.net>
 * Copyright (C) 2004      Sebastien Di Cintio  <sdicintio@ressource-toi.org>
 * Copyright (C) 2004      Benoit Mortier       <benoit.mortier@opensides.be>
 * 
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
 *
 * $Id$
 * $Source$
 */

/**	    \file       htdocs/user.class.php
  	    \brief      Fichier de la classe utilisateur
  	    \author     Rodolphe Qiedeville
  	    \author     Jean-Louis Bergamo
  	    \author     Laurent Destailleur
  	    \author     Sebastien Di Cintio
  	    \author     Benoit Mortier
  	    \version    $Revision$
*/


/**     \class      User
		\brief      Classe permettant la gestion d'un utilisateur
*/

class User
{
  var $db;
	
  var $id;
  var $fullname;
  var $nom;
  var $prenom;
  var $note;
  var $code;
  var $email;
  var $admin;
  var $login;
  var $pass;
  var $datec;
  var $datem;
  var $societe_id;
  var $webcal_login;
 
  var $error;
  var $userpref_limite_liste;
  var $all_permissions_are_loaded;         /**< \private all_permissions_are_loaded */


  /**
   *    \brief Constructeur de la classe
   *    \param  $DB         handler accès base de données
   *    \param  $id         id de l'utilisateur (0 par défaut)
   */
	 
  function User($DB, $id=0)
    {

      $this->db = $DB;
      $this->id = $id;

      // Preference utilisateur
      $this->userpreflimite_liste = 0;
      $this->clicktodial_enabled = 0;
		  
      $this->all_permissions_are_loaded = 0;

      return 1;
  }


  /**
   *    \brief      Charge un objet user avec toutes ces caractéristiques depuis un id ou login
   *    \param      login   login a charger
   */
	 
  function fetch($login='')
    {
      
      $sql = "SELECT u.rowid, u.name, u.firstname, u.email, u.code, u.admin, u.login, u.pass, u.webcal_login, u.note";
      $sql .= ", ".$this->db->pdate("u.datec")." datec, ".$this->db->pdate("u.tms")." datem";
      $sql .= " FROM ".MAIN_DB_PREFIX."user as u";
      if ($this->id)
	{
	  $sql .= " WHERE u.rowid = $this->id";
	}
      else
	{
	  $sql .= " WHERE u.login = '$login'";
	}
      
      $result = $this->db->query($sql);

      if ($result) 
	{
	  if ($this->db->num_rows($result)) 
	    {
	      $obj = $this->db->fetch_object($result);
	      $this->id = $obj->rowid;
	      $this->nom = stripslashes($obj->name);
	      $this->prenom = stripslashes($obj->firstname);
	      
	      $this->fullname = $this->prenom . ' ' . $this->nom;
	      $this->code = $obj->code;
	      $this->login = $obj->login;
	      $this->pass  = $obj->pass;
	      $this->email = $obj->email;
	      $this->admin = $obj->admin;
	      $this->contact_id = $obj->fk_socpeople;
	      $this->note = stripslashes($obj->note);
	      
	      $this->datec  = $obj->datec;
	      $this->datem  = $obj->datem;

	      $this->webcal_login = $obj->webcal_login;
	      
	      $this->societe_id = $obj->fk_societe;
	      $this->egroupware_id = $obj->egroupware_id;
	    }
	  $this->db->free();
	  
	}
      else
	{
    	  dolibarr_print_error($this->db);
	}

      $sql = "SELECT param, value FROM ".MAIN_DB_PREFIX."user_param";
      $sql .= " WHERE fk_user = ".$this->id;
      $sql .= " AND page = '".$_SERVER["SCRIPT_URL"]."'";

      if ( $this->db->query($sql) );
	{
	  $num = $this->db->num_rows();
	  $i = 0;
	  $page_param_url = '';
	  $this->page_param = array();
	  while ($i < $num)
	    {
	      $obj = $this->db->fetch_object();
	      $this->page_param[$obj->param] = $obj->value;
	      $page_param_url .= $obj->param . "=".$obj->value."&amp;";
	      $i++;
	    }
	  $this->page_param_url = $page_param_url;
	}
 
  }
  
  /**
   *    \brief      Ajoute un droit a l'utilisateur
   *    \param      rid         id du droit à ajouter
   *    \return     int         > 0 si ok, < 0 si erreur
   */
	 
    function addrights($rid)
    {
        if (strlen($rid) == 2)
        {
            $topid = substr($rid,0,1);
            $lowid = substr($rid,1,1);
        }
    
        if (strlen($rid) == 3)
        {
            $topid = substr($rid,0,2);
            $lowid = substr($rid,2,1);
        }
    
        if ($lowid == 1)
        {
            $sql = "DELETE FROM ".MAIN_DB_PREFIX."user_rights WHERE fk_user = $this->id AND fk_id=$rid";
            $this->db->query($sql);
            $sql = "INSERT INTO ".MAIN_DB_PREFIX."user_rights (fk_user, fk_id) VALUES ($this->id, $rid)";
            if ($this->db->query($sql))
            {
            }
        }
    
        if ($lowid > 1)
        {
    
            $sql = "DELETE FROM ".MAIN_DB_PREFIX."user_rights WHERE fk_user = $this->id AND fk_id=$rid";
            $this->db->query($sql);
            $sql = "INSERT INTO ".MAIN_DB_PREFIX."user_rights (fk_user, fk_id) VALUES ($this->id, $rid)";
            if ($this->db->query($sql))
            {
            }
    
            $nid = $topid . "1";
            $sql = "DELETE FROM ".MAIN_DB_PREFIX."user_rights WHERE fk_user = $this->id AND fk_id=$nid";
            $this->db->query($sql);
            $sql = "INSERT INTO ".MAIN_DB_PREFIX."user_rights (fk_user, fk_id) VALUES ($this->id, $nid)";
            if ($this->db->query($sql))
            {
    
            }
            else
            {
                dolibarr_print_error($this->db);
            }
        }
    
        if ($lowid == 0)
        {
            for ($i = 1 ; $i < 10 ; $i++)
            {
                $nid = $topid . "$i";
    
                $sql = "DELETE FROM ".MAIN_DB_PREFIX."user_rights WHERE fk_user = $this->id AND fk_id=$nid";
                $this->db->query($sql);
                $sql = "INSERT INTO ".MAIN_DB_PREFIX."user_rights (fk_user, fk_id) VALUES ($this->id, $nid)";
                if ($this->db->query($sql))
                {
    
                }
                else
                {
                    dolibarr_print_error($this->db);
                }
            }
        }
    
        return 1;
    }


  /**
   *    \brief      Retire un droit a l'utilisateur
   *    \param      rid        id du droit à retirer
   *    \return     int         > 0 si ok, < 0 si erreur
   */
	 
    function delrights($rid)
    {
        if (strlen($rid) == 2)
        {
            $topid = substr($rid,0,1);
            $lowid = substr($rid,1,1);
        }
    
        if (strlen($rid) == 3)
        {
            $topid = substr($rid,0,2);
            $lowid = substr($rid,2,1);
        }
    
        if ($lowid > 1)
        {
            $sql = "DELETE FROM ".MAIN_DB_PREFIX."user_rights WHERE fk_user = $this->id AND fk_id=$rid";
            if ($this->db->query($sql))
            {
            }
        }
    
        if ($lowid == 1)
        {
            $fid = $topid . "0";
            $lid = $topid . "9";
            $sql = "DELETE FROM ".MAIN_DB_PREFIX."user_rights WHERE fk_user = $this->id AND fk_id >= $fid AND fk_id <= $lid";
            if ($this->db->query($sql))
            {
    
            }
            else
            {
                dolibarr_print_error($this->db);
            }
        }
    
        if ($lowid == 0)
        {
            for ($i = 1 ; $i < 10 ; $i++)
            {
                $nid = $topid . "$i";
                $sql = "DELETE FROM ".MAIN_DB_PREFIX."user_rights WHERE fk_user = $this->id AND fk_id=$nid";
                if ($this->db->query($sql))
                {
    
                }
                else
                {
                    dolibarr_print_error($this->db);
                }
            }
        }
    
        return 1;
    }

  /**
   *    \brief      Charge dans l'objet user, la liste des permissions auxquels l'utilisateur a droit
   *    \param      module    nom du module dont il faut récupérer les droits ('' par defaut signifie tous les droits)
   */
	 
  function getrights($module='')
    {
      if ($this->all_permissions_are_loaded)
      {
        // Si les permissions ont déja été chargé pour ce user, on quitte
        return;
      }

      /*
       * Récupération des droits
       */
      $sql = "SELECT r.module, r.perms, r.subperms ";
      $sql .= " FROM ".MAIN_DB_PREFIX."user_rights as u, ".MAIN_DB_PREFIX."rights_def as r";
      $sql .= " WHERE r.id = u.fk_id AND u.fk_user= $this->id AND r.perms IS NOT NULL";
      if ($this->db->query($sql))
	{
	  $num = $this->db->num_rows();
	  $i = 0;
	  while ($i < $num)
	    {
	      $row = $this->db->fetch_row();

	      if (strlen($row[1]) > 0)
		{

		  if (strlen($row[2]) > 0)
		    {
		      $this->rights->$row[0]->$row[1]->$row[2] = 1;
		    }
		  else
		    {
		      $this->rights->$row[0]->$row[1] = 1;
		    }

		}
	      $i++;
	    }
	}

        if ($module == '')
        {
          // Si module etait non defini, alors on a tout chargé, on peut donc considérer
          // que les droits sont en cache (car tous chargés) pour cet instance de user
          $this->all_permissions_are_loaded=1;
        }
        
    }


  /**
   *    \brief      Désactive un utilisateur
   */
	 
    function disable()
    {
        // Désactive utilisateur
        $sql = "UPDATE ".MAIN_DB_PREFIX."user SET login = '' WHERE rowid = $this->id";
        $result = $this->db->query($sql);
    }
  
  
  /**
   *    \brief      Supprime complètement un utilisateur
   */
	 
    function delete()
    {
        // Supprime droits
        $sql = "DELETE FROM ".MAIN_DB_PREFIX."user_rights WHERE fk_user = $this->id";
        if ($this->db->query($sql))
        {
    
        }
    
        // Si contact, supprime lien
        if ($this->contact_id)
        {
            $sql = "UPDATE ".MAIN_DB_PREFIX."socpeople SET fk_user = null WHERE idp = $this->contact_id";
            if ($this->db->query($sql))
            {
    
            }
        }
    
        // Supprime utilisateur
        $sql = "DELETE FROM ".MAIN_DB_PREFIX."user WHERE rowid = $this->id";
        $result = $this->db->query($sql);
    }
  

  /**
   *        \brief      Crée un utilisateur en base
   *        \return     si erreur <0, si ok renvoie id compte créé
   */
	 
  function create()
    {
        global $langs;
        
        $sql = "SELECT login FROM ".MAIN_DB_PREFIX."user WHERE login ='".$this->login."';";
        $result=$this->db->query($sql);
        if ($result)
        {
            $num = $this->db->num_rows($result);
            $this->db->free($result);
        
            if ($num)
            {
                $this->error = $langs->trans("ErrorLoginAlreadyExists");
                return -5;
            }
            else
            {
                $sql = "INSERT INTO ".MAIN_DB_PREFIX."user (datec,login,email) VALUES(now(),'$this->login','$this->email');";
                $result=$this->db->query($sql);

                if ($result)
                {
                    $table =  "".MAIN_DB_PREFIX."user";
                    $this->id = $this->db->last_insert_id($table);

                    if ($this->set_default_rights() < 0) return -4;

                    if ($this->update() < 0) return -3;

                    return $this->id;
                }
                else
                {
                    dolibarr_print_error($this->db);
                    return -2;
                }
            }
        }
        else
        {
            dolibarr_print_error($this->db);
            return -1;
        }
    }

  /**
   * \brief     Créé en base un utilisateur depuis l'objetc contact
   * \param     contact      Objet du contact source
   *
   */
	 
  function create_from_contact($contact)
    {
        global $langs;
        
      $this->nom = $contact->nom;
      $this->prenom = $contact->prenom;
      $this->email = $contact->email;

      $this->login = strtolower(substr($contact->prenom, 0, 3)) . strtolower(substr($contact->nom, 0, 3));

      $sql = "SELECT login FROM ".MAIN_DB_PREFIX."user WHERE login ='$this->login'";

      if ($this->db->query($sql)) 
	{
	  $num = $this->db->num_rows();
	  $this->db->free();

	  if ($num) 
	    {
	      $this->error = $langs->trans("ErrorLoginAlreadyExists");
	      return 0;
	    }
	  else
	    {            
	      $sql = "INSERT INTO ".MAIN_DB_PREFIX."user (datec, login, fk_socpeople, fk_societe)";
	      $sql .= " VALUES (now(),'$this->login',$contact->id, $contact->societeid);";
	      if ($this->db->query($sql))
		{
		  if ($this->db->affected_rows()) 
		    {
		      $this->id = $this->db->last_insert_id();
		      $this->admin = 0;
		      $this->update();
		      
		      $sql = "UPDATE ".MAIN_DB_PREFIX."socpeople SET fk_user = $this->id WHERE idp = $contact->id";
		      $this->db->query($sql);

		      $this->set_default_rights();

		      return $this->id;
		    }
		}
	      else
		{
		  dolibarr_print_error($this->db);
		}
	    }
	}
      else
	{
    	  dolibarr_print_error($this->db);
	}
      
    }

  /**
   *    \brief      Affectation des permissions par défaut
   *    \return     si erreur <0, si ok renvoi le nbre de droits par defaut positionnés
   */
	 
  function set_default_rights()
    {
        $sql = "SELECT id FROM ".MAIN_DB_PREFIX."rights_def WHERE bydefault = 1";
        
        if ($this->db->query($sql))
        {
            $num = $this->db->num_rows();
            $i = 0;
            $rd = array();
            while ($i < $num)
            {
                $row = $this->db->fetch_row($i);
                $rd[$i] = $row[0];
                $i++;
            }
            $this->db->free();
        }
        $i = 0;
        while ($i < $num)
        {
        
            $sql = "DELETE FROM ".MAIN_DB_PREFIX."user_rights WHERE fk_user = $this->id AND fk_id=$rd[$i]";
            $result=$this->db->query($sql);
        
            $sql = "INSERT INTO ".MAIN_DB_PREFIX."user_rights (fk_user, fk_id) VALUES ($this->id, $rd[$i])";
            $result=$this->db->query($sql);
            if (! $result) return -1;
            $i++;
        }
        
        return $i;
    }

  /**
   *    \brief      Mise à jour en base d'un utilisateur
   *    \return     <0 si echec, >=0 si ok
   */
  function update()
    {
        global $langs;
        
        if (!strlen($this->code))
        $this->code = $this->login;

        $sql = "UPDATE ".MAIN_DB_PREFIX."user SET ";
        $sql .= " name = '$this->nom'";
        $sql .= ", firstname = '$this->prenom'";
        $sql .= ", login = '$this->login'";
        $sql .= ", email = '$this->email'";
        $sql .= ", admin = $this->admin";
        $sql .= ", webcal_login = '$this->webcal_login'";
        $sql .= ", code = '$this->code'";
        $sql .= ", note = '$this->note'";
        $sql .= " WHERE rowid = ".$this->id;


        $result = $this->db->query($sql);

        if ($result)
        {
            if ($this->db->affected_rows())
            {
                return 1;
            }
            return 0;
        }
        else
        {
            dolibarr_print_error($this->db);
            return -2;
        }

   }

  /**
   *    \brief     Change le mot de passe d'un utilisateur et l'envoie par mail
   *    \param     user            Object user de l'utilisateur qui fait la modification
   *    \param     password        Nouveau mot de passe (généré par defaut si non communiqué)
   *    \param     isencrypted     0 ou 1 si il faut crypter le mot de passe en base (0 par défaut)
   *    \return    int             <0 si erreur, 0 si changement ok mais envoi mail ko, 1 si ok
   */
	 
  function password($user, $password='', $isencrypted = 0)
    {
        global $langs;
       
      if (! $password)
	{
	  $password =  strtolower(substr(md5(uniqid(rand())),0,6));
	}

      if ($isencrypted)
	{
	  $sqlpass = crypt($password, "CRYPT_STD_DES");
	}
      else
	{
	  $sqlpass = $password;
	}
      $this->pass=$password;
      $sql = "UPDATE ".MAIN_DB_PREFIX."user SET pass = '".$sqlpass."'";
      $sql .= " WHERE rowid = $this->id";
      
      $result = $this->db->query($sql);

      if ($result) 
	{
	  if ($this->db->affected_rows()) 
	    {

	    $mesg .= "Bonjour,\n\n";
	    $mesg .= "Votre mot de passe pour accéder à Dolibarr a été changé :\n\n";
	    $mesg .= $langs->trans("Login")." : $this->login\n";
	    $mesg .= $langs->trans("Password")." : $password\n\n";

	    $mesg .= "Adresse      : http://".$_SERVER["HTTP_HOST"].DOL_URL_ROOT;
	    $mesg .= "\n\n";
	    $mesg .= "--\n";
	    $mesg.= $user->fullname;

	    if (mail($this->email, $langs->trans("SubjectNewPassword"), $mesg))
	      {
		return 1;
	      }
	    else
	      {
		$this->error=$langs->trans("ErrorFailtedToSendPassword");
		return 0;
	      }
	    }
	  else {
	    return -2;
	  }
	}
      else
	{
	  dolibarr_print_error($this->db);
	  return -1;
	}
    }


  /**
   * \brief     Renvoie la dernière erreur fonctionnelle de manipulation de l'objet
   * \return    string      chaine erreur
   */
	 
  function error()
    {
      return $this->error;
    }

  
  /**
   *    \brief      Lecture des infos de click to dial
   */
  function fetch_clicktodial()
    {
      
      $sql = "SELECT login, pass, poste FROM ".MAIN_DB_PREFIX."user_clicktodial as u";
      $sql .= " WHERE u.fk_user = ".$this->id;
      
      $result = $this->db->query($sql);

      if ($result) 
	{
	  if ($this->db->num_rows()) 
	    {
	      $obj = $this->db->fetch_object();

	      $this->clicktodial_login = $obj->login;
	      $this->clicktodial_password = $obj->pass;
	      $this->clicktodial_poste = $obj->poste;

	      if (strlen(trim($this->clicktodial_login)) && 
		  strlen(trim($this->clicktodial_password)) && 
		  strlen(trim($this->clicktodial_poste)))
		{
		  $this->clicktodial_enabled = 1;
		}

	    }

	  $this->db->free();
	}
      else
	{
	  print $this->db->error();
	}
    }

  /**
   *    \brief      Mise à jour des infos de click to dial
   */
  function update_clicktodial()
    {
      
      $sql = "DELETE FROM ".MAIN_DB_PREFIX."user_clicktodial";
      $sql .= " WHERE fk_user = ".$this->id;

      $result = $this->db->query($sql);

      $sql = "INSERT INTO ".MAIN_DB_PREFIX."user_clicktodial";
      $sql .= " (fk_user,login,pass,poste)";
      $sql .= " VALUES (".$this->id;
      $sql .= ", '". $this->clicktodial_login ."'";
      $sql .= ", '". $this->clicktodial_password ."'";
      $sql .= ", '". $this->clicktodial_poste."')";
      
      $result = $this->db->query($sql);

      if ($result) 
	{
	  return 0;
	}
      else
	{
	  print $this->db->error();
	}
    }


  /**
   *    \brief      Ajoute l'utilisateur dans un groupe
   *    \param      group       id du groupe
   */

  function SetInGroup($group)
    {

      $sql = "DELETE FROM ".MAIN_DB_PREFIX."usergroup_user";
      $sql .= " WHERE fk_user  = ".$this->id;
      $sql .= " AND fk_usergroup = ".$group;
  
      $result = $this->db->query($sql);

      $sql = "INSERT INTO ".MAIN_DB_PREFIX."usergroup_user (fk_user, fk_usergroup)";
      $sql .= " VALUES (".$this->id.",".$group.")";
	    
      $result = $this->db->query($sql);
    }

  /**
   *    \brief      Retire l'utilisateur d'un groupe
   *    \param      group       id du groupe
   */

  function RemoveFromGroup($group)
    {

      $sql = "DELETE FROM ".MAIN_DB_PREFIX."usergroup_user";
      $sql .= " WHERE fk_user  = ".$this->id;
      $sql .= " AND fk_usergroup = ".$group;
  
      $result = $this->db->query($sql);
    }
}

?>