File: /var/www/uileague/wp-content/themes/uileague/helper/user.php
<?php
class UserHelper
{
public static $pb_table = "orm_users";
public static function get_user_permissions($user)
{
return RoleHelper::get_permissions_by_role($user->role);
}
public static function getList($args, $map_item = true)
{
global $wpdb;
$keyword = htmlspecialchars($args['keyword']);
$keyword = empty($keyword) ? '' : trim($keyword);
$filterRole = intval($args['filter_role']);
$filterTeam = trim($args['filter_team']);
$page = intval($args['cpage']) > 1 ? intval($args['cpage']) : 1;
$all = intval($args['pageLimit']) == -1;
$pageLimit = intval($args['pageLimit']) > 1 ? intval($args['pageLimit']) : 10;
$filterSql = "";
if (!empty($filterRole)) {
$filterSql .= $wpdb->prepare(" AND `role` = %d ", $filterRole);
}
if ($filterTeam != "" && is_numeric($filterTeam)) {
$filterSql .= $wpdb->prepare(" AND `team_id` = %d ", $filterTeam);
}
$table = self::$pb_table;
$total = intval($wpdb->get_var("SELECT count(id) FROM `{$table}` WHERE `deleted` is null AND ( `user_name` Like '%" . $keyword . "%' OR `user_login` Like '%" . $keyword . "%')" . $filterSql));
if ($all) {
$results = $wpdb->get_results("SELECT * FROM `{$table}` WHERE `deleted` is null AND ( `user_name` Like '%" . $keyword . "%' OR `user_login` Like '%" . $keyword . "%')" . $filterSql);
} else {
$results = $wpdb->get_results("SELECT * FROM `{$table}` WHERE `deleted` is null AND ( `user_name` Like '%" . $keyword . "%' OR `user_login` Like '%" . $keyword . "%')" . $filterSql . $wpdb->prepare("LIMIT %d,%d", ($page - 1) * $pageLimit, $pageLimit));
}
if ($map_item) {
$dataList = array_map(function ($item) {
return UserHelper::map_item($item);
}, $results);
} else {
$dataList = $results;
}
$result = new stdClass();
$result->rc = ApiStatus::SUCCESS[0];
$result->msg = ApiStatus::SUCCESS[1];
$result->currentPage = $page;
$result->total = $total;
$result->data = $dataList;
return $result;
}
public static function getTeamManagerListByTeam($team_id, $map_item = false)
{
$role = RoleHelper::get_by_key("team-manager");
$role_id = empty($role) ? 0 : $role->id;
$args = [
'filter_team' => $team_id,
'filter_role' => $role_id,
'pageLimit' => -1,
];
return self::getList($args, $map_item)->data;
}
public static function add($args, $uid = 0, $wpuid = 0)
{
global $wpdb;
$role = intval($args['role']);
$user_name = $args['user_name'];
$user_login = $args['user_login'];
$user_pass = trim($args['user_pass']);
$user_phone = trim($args['user_phone']);
$user_email = trim($args['user_email']);
$status = intval($args['status']);
$team_id = intval($args['team_id']);
$result = new stdClass();
if (empty($user_login)) {
$result->rc = ApiStatus::ERR_PARAMS[0];
$result->msg = ApiStatus::ERR_PARAMS[1];
} else {
$user_login = trim($user_login);
// $user_name = empty($user_name) ? $user_login : $user_name;
$user_pass = empty($user_pass) ? '123456' : $user_pass;
if (username_exists($user_login) || UserHelper::user_exists($user_login)) {
$result->rc = ApiStatus::ERR_USERNAME_DUPLICATION[0];
$result->msg = ApiStatus::ERR_USERNAME_DUPLICATION[1];
} else {
$pwd = md5(PasswordConfig::PWDMD5F . $user_pass . PasswordConfig::PWDMD5L);
global $wpdb;
$new_data = array(
'role' => $role,
'user_name' => $user_name,
'user_login' => $user_login,
'user_pass' => $pwd,
'created' => current_time('mysql'),
'updated' => current_time('mysql'),
'user_phone' => $user_phone,
'user_email' => $user_email,
'status' => $status,
'team_id' => $team_id,
);
$res = $wpdb->insert(
self::$pb_table,
$new_data,
array('%d', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%d', '%d')
);
if ($res === false) {
$result->rc = ApiStatus::ERR_ADD_USER[0];
$result->msg = ApiStatus::ERR_ADD_USER[1];
} else {
$insert_id = $wpdb->insert_id;
Logger::log("添加了用戶", self::$pb_table, $insert_id, null, $new_data, $uid, $wpuid);
$result->rc = ApiStatus::SUCCESS[0];
$result->msg = ApiStatus::SUCCESS[1];
$result->data = $insert_id; // 必須返回 insert_id,邀請球證的時候用到
}
}
}
return $result;
}
public static function update($args, $uid = 0, $wpuid = 0)
{
global $wpdb;
$id = intval($args['id']);
$role = intval($args['role']);
$user_name = $args['user_name'];
$user_login = $args['user_login'];
$user_pass = trim($args['user_pass']);
$user_phone = trim($args['user_phone']);
$user_email = trim($args['user_email']);
$status = intval($args['status']);
$team_id = intval($args['team_id']);
$result = new stdClass();
if (empty($user_login) || empty($id)) {
$result->rc = ApiStatus::ERR_PARAMS[0];
$result->msg = ApiStatus::ERR_PARAMS[1];
} else {
global $wpdb;
$row = UserHelper::get_by_id($id);
$canDo = self::_edit_or_delete($row, "edit", $uid, $wpuid);
if ($row == null) {
$result->rc = ApiStatus::ERR_LOGIN_USER[0];
$result->msg = ApiStatus::ERR_LOGIN_USER[1];
} else if (!$canDo) {
$result->rc = ApiStatus::ERR_NO_PERMISSION[0];
$result->msg = ApiStatus::ERR_NO_PERMISSION[1];
$result->data = $uid;
} else {
$user_login = trim($user_login);
// $user_name = empty($user_name) ? $user_login : $user_name;
if (username_exists($user_login) || UserHelper::user_exists($user_login, $id)) {
$result->rc = ApiStatus::ERR_USERNAME_DUPLICATION[0];
$result->msg = ApiStatus::ERR_USERNAME_DUPLICATION[1];
} else {
if (empty($user_pass)) {
$new_data = array(
'role' => $role,
'user_name' => $user_name,
'user_login' => $user_login,
'updated' => current_time('mysql'),
'user_phone' => $user_phone,
'user_email' => $user_email,
'status' => $status,
'team_id' => $team_id,
);
$res = $wpdb->update(
self::$pb_table,
$new_data,
array('id' => $id),
array('%d', '%s', '%s', '%s', '%s', '%s', '%d', '%d'),
array('%d')
);
} else {
$pwd = md5(PasswordConfig::PWDMD5F . $user_pass . PasswordConfig::PWDMD5L);
$new_data = array(
'role' => $role,
'user_name' => $user_name,
'user_login' => $user_login,
'user_pass' => $pwd,
'updated' => current_time('mysql'),
'user_phone' => $user_phone,
'user_email' => $user_email,
'status' => $status,
'team_id' => $team_id,
);
$res = $wpdb->update(
self::$pb_table,
$new_data,
array('id' => $id),
array('%d', '%s', '%s', '%s', '%s', '%s', '%s', '%d', '%d'),
array('%d')
);
}
if ($res === false) {
$result->rc = ApiStatus::ERR_UPDATE_USER[0];
$result->msg = ApiStatus::ERR_UPDATE_USER[1];
} else {
Logger::log("更新了用戶", self::$pb_table, $id, $row, $new_data, $uid, $wpuid);
$result->rc = ApiStatus::SUCCESS[0];
$result->msg = ApiStatus::SUCCESS[1];
}
}
}
}
return $result;
}
public static function delete($args, $uid = 0, $wpuid = 0)
{
$id = intval($args['id']);
$role = intval($args['role']);
$row = UserHelper::get_by_id($id);
$result = new stdClass();
$canDo = self::_edit_or_delete($row, "delete", $uid, $wpuid);;
if ($row == null) {
$result->rc = ApiStatus::ERR_LOGIN_USER[0];
$result->msg = ApiStatus::ERR_LOGIN_USER[1];
} else if (!$canDo) {
$result->rc = ApiStatus::ERR_NO_PERMISSION[0];
$result->msg = ApiStatus::ERR_NO_PERMISSION[1];
$result->data = $uid;
} else {
global $wpdb;
if (empty($role)) {
$res = $wpdb->update(
self::$pb_table,
array('deleted'=>current_time('mysql')),
array('id' => $id),
array('%s'),
array('%d')
);
// $res = $wpdb->delete(self::$pb_table, array('id' => $id), array('%d'));
} else {
// $res = $wpdb->delete(self::$pb_table, array('id' => $id, 'role' => $role), array('%d', '%d'));
$res = $wpdb->update(
self::$pb_table,
array('deleted'=>current_time('mysql')),
array('id' => $id, 'role' => $role),
array('%s'),
array('%d', '%d')
);
}
if ($res === false) {
$result->rc = ApiStatus::ERR_DELETE_USER[0];
$result->msg = ApiStatus::ERR_DELETE_USER[1];
} else {
Logger::log("刪除了用戶", self::$pb_table, $id, $row, null, $uid, $wpuid);
$result->rc = ApiStatus::SUCCESS[0];
$result->msg = ApiStatus::SUCCESS[1];
}
}
return $result;
}
public static function _edit_or_delete($row, $action = "edit", $uid = 0, $wpuid = 0)
{
// 被操作用户角色
$action_role = $row->role;
// 当前用户角色
$current_role = 0;
if (empty($wpuid)) {
$current_user = UserHelper::get_by_id($uid);
$current_role = $current_user->role;
} else {
if (user_can($wpuid, "manage_options")) {
$current_role = 1;
}
}
// 是否能/更改删除公司管理员
$canDo = false;
if ($action == "delete" && $row->id == $uid) { // 如果是自己,不能删除自己
$canDo = false;
} else {
// 判断用户角色是否能更改管理员
// if ($current_role == 1) { // 如果当前用户是管理员
// $canDo = true;
// } else {
// $canDo = $action_role != 1; // 如果当前用户不是管理员,则只能删除/更改管理员之外的用户
// }
$canDo = true;
}
return $canDo;
}
/**
* 额外处理
*
* @param object $row 对象
* @return object 处理后的对象
*/
public static function map_item($row)
{
if ($row == null) return null;
$row->user_name = stripslashes($row->user_name);
$row->role_obj = RoleHelper::get_by_id($row->role);
$row->team_obj = TeamHelper::get_by_id($row->team_id);
$row->permissions = $row->role_obj == null ? [] : RoleHelper::get_permissions_value_by_role($row->role);
$row->role_name = $row->role_obj == null ? "" : $row->role_obj->role_name;
$row->role_key = $row->role_obj == null ? "" : $row->role_obj->role_key;
$row->user_registered = $row->created;
return $row;
}
/**
* 通过 ID 获取用户
*
* @param int $id ID
* @param bool $map_item 是否做额外处理
* @return object
*/
public static function get_by_id($id, $map_item = true)
{
if (empty($id)) return null;
global $wpdb;
$row = $wpdb->get_row($wpdb->prepare("select * from `" . self::$pb_table . "` where id = %d", $id));
return $map_item ? self::map_item($row) : $row;
}
public static function get_by_qr($qr_id, $qr_login)
{
if (empty($qr_id) || empty($qr_login)) return null;
global $wpdb;
$row = $wpdb->get_row($wpdb->prepare("select * from `" . self::$pb_table . "` where id = %d and user_login = %s AND deleted is null", $qr_id, $qr_login));
return self::map_item($row);
}
public static function get_by_password($login, $password)
{
if (empty($login) || empty($password)) return null;
global $wpdb;
$row = $wpdb->get_row($wpdb->prepare("select * from `" . self::$pb_table . "` where user_login = %s and user_pass = %s AND deleted is null", $login, $password));
return self::map_item($row);
}
public static function user_exists($login, $excludeId = 0)
{
global $wpdb;
if ($excludeId > 0) {
$var = $wpdb->get_var($wpdb->prepare("select id from `" . self::$pb_table . "` where user_login = %s and id <> %d AND deleted is null", $login, $excludeId));
} else {
$var = $wpdb->get_var($wpdb->prepare("select id from `" . self::$pb_table . "` where user_login = %s AND deleted is null", $login));
}
return !empty($var);
}
}