function manage()
{
$this->set('istype', SES_TYPE);
$search_key = $this->request->query['user_srch'];
$search_query = "User.name LIKE '%{$search_key}%' OR User.last_name LIKE '%{$search_key}%' OR User.email LIKE '%{$search_key}%' OR User.short_name LIKE '%{$search_key}%'";
$page_limit = CASE_PAGE_LIMIT;
$page_limit = 26;
$CompanyUser = ClassRegistry::init('CompanyUser');
if (isset($_GET['del']) && trim(urldecode($_GET['del'])) != "") {
$del = urldecode($_GET['del']);
$del = addslashes($del);
$getUsr = $this->User->find('first', array('conditions' => array('User.uniq_id' => $del), 'fields' => array('User.id', 'User.email', 'User.name', 'User.last_name')));
$CompanyUser->deleteAll(array('user_id' => $getUsr['User']['id'], 'company_id' => SES_COMP, 'user_type!=1'));
$UserInvitation = ClassRegistry::init('UserInvitation');
$UserInvitation->query("DELETE FROM user_invitations WHERE user_id='" . $getUsr['User']['id'] . "' AND company_id='" . SES_COMP . "'");
$invit = $UserInvitation->find('first', array('conditions' => array('UserInvitation.user_id' => $getUsr['User']['id'])));
//Event log data and inserted into database in account creation--- Start
$json_arr['email'] = $getUsr['User']['email'];
$json_arr['name'] = trim($getUsr['User']['first_name'] . " " . $getUsr['User']['last_name']);
$json_arr['created'] = GMT_DATETIME;
$this->Postcase->eventLog(SES_COMP, SES_ID, $json_arr, 3);
//End
$this->Session->write("SUCCESS", "user deleted successfully");
$this->redirect(HTTP_ROOT . "users/manage/?role=invited");
}
if (isset($_GET['act']) && trim(urldecode($_GET['act'])) != "") {
if ($GLOBALS['Userlimitation']['subscription_id'] == 1 && strtolower($GLOBALS['Userlimitation']['user_limit']) != "unlimited") {
if ($GLOBALS['usercount'] >= $GLOBALS['Userlimitation']['user_limit']) {
$this->Session->write("ERROR", "Sorry! User cannot be enabled. User Limit Exceeded!");
$this->redirect(HTTP_ROOT . "users/manage/?type=1&role=" . $_GET['role']);
exit;
}
}
$act = urldecode($_GET['act']);
$act = addslashes($act);
$getUsr = $this->User->find('first', array('conditions' => array('User.uniq_id' => $act), 'fields' => array('User.id', 'User.email', 'User.name', 'User.last_name')));
//Below code are written for the subscription i.e in case a disabled user get activated during a subscribed period
$comp_user = $CompanyUser->find('first', array('conditions' => array('user_id' => $getUsr['User']['id'], 'company_id' => SES_COMP)));
if ($GLOBALS['Userlimitation']['btsubscription_id']) {
if (strtotime($comp_user['CompanyUser']['billing_end_date']) < strtotime($GLOBALS['Userlimitation']['next_billing_date'])) {
//$this->update_bt_subscription($comp_user['CompanyUser']['id'], $comp_user['CompanyUser']['company_id'], 2);
}
}
$CompanyUser->query("UPDATE company_users as CompanyUser SET CompanyUser.is_active='1' WHERE CompanyUser.user_id='" . $getUsr['User']['id'] . "' AND CompanyUser.company_id='" . SES_COMP . "' AND CompanyUser.user_type!='1'");
//Event log data and inserted into database in account creation--- Start
$json_arr['email'] = $getUsr['User']['email'];
$json_arr['name'] = trim($getUsr['User']['first_name'] . " " . $getUsr['User']['last_name']);
$json_arr['created'] = GMT_DATETIME;
$this->Postcase->eventLog(SES_COMP, SES_ID, $json_arr, 28);
//End
$this->Session->write("SUCCESS", "User enabled successfully");
$this->redirect(HTTP_ROOT . "users/manage/?role=" . $_GET['role']);
}
if (isset($_GET['deact']) && trim(urldecode($_GET['deact'])) != "") {
$deact = urldecode($_GET['deact']);
$deact = addslashes($deact);
$getUsr = $this->User->find('first', array('conditions' => array('User.uniq_id' => $deact), 'fields' => array('User.id', 'User.email', 'User.name', 'User.last_name')));
$CompanyUser->query("UPDATE company_users as CompanyUser SET CompanyUser.is_active='0' WHERE CompanyUser.user_id='" . $getUsr['User']['id'] . "' AND CompanyUser.company_id='" . SES_COMP . "' AND CompanyUser.user_type!='1'");
//Event log data and inserted into database in account creation--- Start
$json_arr['email'] = $getUsr['User']['email'];
$json_arr['name'] = $getUsr['User']['first_name'] . " " . $getUsr['User']['last_name'];
$json_arr['created'] = GMT_DATETIME;
$this->Postcase->eventLog(SES_COMP, SES_ID, $json_arr, 27);
//End
$this->Session->write("SUCCESS", "User disabled successfully");
$this->redirect(HTTP_ROOT . "users/manage");
}
if (isset($_GET['grant_admin']) && trim(urldecode($_GET['grant_admin'])) != "") {
$grant_admin = urldecode($_GET['grant_admin']);
$grant_admin = addslashes($grant_admin);
$getUsr = $this->User->find('first', array('conditions' => array('User.uniq_id' => $grant_admin), 'fields' => array('User.id')));
$CompanyUser->query("UPDATE company_users as CompanyUser SET CompanyUser.user_type='2' WHERE CompanyUser.user_id='" . $getUsr['User']['id'] . "' AND CompanyUser.company_id='" . SES_COMP . "' AND CompanyUser.user_type!='1'");
$this->Session->write("SUCCESS", "Granted admin privilege");
$this->redirect(HTTP_ROOT . "users/manage");
}
if (isset($_GET['revoke_admin']) && trim(urldecode($_GET['revoke_admin'])) != "") {
$revoke_admin = urldecode($_GET['revoke_admin']);
$revoke_admin = addslashes($revoke_admin);
$getUsr = $this->User->find('first', array('conditions' => array('User.uniq_id' => $revoke_admin), 'fields' => array('User.id')));
$CompanyUser->query("UPDATE company_users as CompanyUser SET CompanyUser.user_type='3' WHERE CompanyUser.user_id='" . $getUsr['User']['id'] . "' AND CompanyUser.company_id='" . SES_COMP . "' AND CompanyUser.user_type!='1'");
$this->Session->write("SUCCESS", "Revoked admin privilege");
$this->redirect(HTTP_ROOT . "users/manage");
}
if (isset($_GET['resend']) && trim(urldecode($_GET['resend'])) != "") {
$resend = urldecode($_GET['resend']);
$resend = addslashes($resend);
$UserInvitation = ClassRegistry::init('UserInvitation');
$invit = $UserInvitation->find('first', array('conditions' => array('UserInvitation.qstr' => $resend)));
if ($invit['UserInvitation']['user_id']) {
$getUser = $this->User->find('first', array('conditions' => array('User.id' => $invit['UserInvitation']['user_id'])));
$Company = ClassRegistry::init('Company');
$comp = $Company->find('first', array('fields' => array('Company.id', 'Company.name', 'Company.uniq_id')));
$expEmail = explode("@", $getUser['User']['email']);
$expName = $expEmail[0];
$qstr = $this->Format->generateUniqNumber();
$loggedin_users = $this->Format->getUserNameForEmail($this->Auth->User("id"));
$fromName = ucfirst($loggedin_users['User']['name']);
$fromEmail = $loggedin_users['User']['email'];
$ext_user = '';
if (!$getUser['User']['password']) {
$subject = $fromName . " Invited you to join " . $comp['Company']['name'] . " on Orangescrum";
$ext_user = 1;
} else {
$subject = $fromName . " Invited you to join on Orangescrum";
}
$this->Email->delivery = EMAIL_DELIVERY;
$this->Email->to = $to;
$this->Email->subject = $subject;
$this->Email->from = FROM_EMAIL;
$this->Email->template = 'invite_user';
$this->Email->sendAs = 'html';
$this->set('expName', ucfirst($expName));
$this->set('qstr', $qstr);
$this->set('existing_user', $ext_user);
$this->set('company_name', $comp['Company']['name']);
$this->set('fromEmail', $fromEmail);
$this->set('fromName', $fromName);
if ($this->Sendgrid->sendgridsmtp($this->Email)) {
$UserInvitation->query("UPDATE user_invitations set qstr='" . $qstr . "' where qstr='" . $resend . "'");
$this->Session->write("SUCCESS", "Invitation resent to '" . $getUser['User']['email'] . "'");
$this->redirect(HTTP_ROOT . "users/manage/?role=invited");
}
}
}
$query = "";
if (isset($_GET['role']) && $_GET['role']) {
$role = $_GET['role'];
}
if (isset($_GET['type']) && $_GET['type']) {
$type = $_GET['type'];
}
if (isset($_GET['user_srch']) && $_GET['user_srch']) {
$user_srch = htmlentities(strip_tags($_GET['user_srch']));
}
if (isset($_GET['page']) && $_GET['page']) {
$page = $_GET['page'];
}
if ($role == "invited") {
$query .= " AND UserInvitation.is_active = '1'";
} else {
if (!$role || $role == 'all') {
$query .= " AND (CompanyUser.is_active = '1')";
} else {
if ($role == 2) {
$query .= " AND (CompanyUser.user_type = '" . $role . "' OR CompanyUser.user_type = '1')";
} elseif ($role == 3) {
$query .= " AND CompanyUser.user_type = '" . $role . "' AND CompanyUser.is_active = '1' ";
} elseif ($role == 'disable') {
$query .= " AND CompanyUser.is_active = '0'";
}
}
}
$page = 1;
if (isset($_GET['page']) && $_GET['page']) {
$page = $_GET['page'];
}
$limit1 = $page * $page_limit - $page_limit;
$limit2 = $page_limit;
if ($user_srch) {
$user_srch = addslashes(urldecode(htmlentities(strip_tags($user_srch))));
$query .= " AND (User.name LIKE '%" . $user_srch . "%' OR User.last_name LIKE '%" . $user_srch . "%' OR User.email LIKE '%" . $user_srch . "%' OR User.short_name LIKE '%" . $user_srch . "%')";
}
if (isset($_GET['user']) && $_GET['user']) {
$query .= " AND (User.uniq_id = '" . $_GET['user'] . "')";
}
if ($role == "invited") {
// $userArr = $this->User->query("SELECT SQL_CALC_FOUND_ROWS * FROM users AS User,user_invitations AS UserInvitation WHERE User.id=UserInvitation.user_id AND UserInvitation.company_id='" . SES_COMP . "' " . trim($query) . " ORDER BY User.dt_created DESC LIMIT $limit1,$limit2");
$userArr = $this->User->query("SELECT SQL_CALC_FOUND_ROWS * FROM company_users AS CompanyUser LEFT JOIN users AS User ON CompanyUser.user_id=User.id WHERE CompanyUser.company_id=" . SES_COMP . " AND CompanyUser.is_active ='2' AND User.email!='' AND (" . $search_query . ") ORDER BY User.dt_created DESC LIMIT {$limit1},{$limit2}");
} else {
$userArr = $this->User->query("SELECT SQL_CALC_FOUND_ROWS * FROM users AS User,company_users AS CompanyUser WHERE User.id=CompanyUser.user_id AND CompanyUser.company_id='" . SES_COMP . "' " . trim($query) . " ORDER BY User.dt_last_login DESC LIMIT {$limit1},{$limit2}");
}
$tot = $this->User->query("SELECT FOUND_ROWS() as total");
$totUser = count($userArr);
$arrusr = array();
App::import("Helper", array("Format", "Casequery", "Tmzone", "Datetime"));
$hFormat = new FormatHelper(new View(null));
$hCasequery = new CasequeryHelper(new View(null));
$hTmzone = new TmzoneHelper(new View(null));
$hDatetime = new DatetimeHelper(new View(null));
foreach ($userArr as $key => $usrall) {
$userArr[$key]['User']['name'] = $hFormat->formatText($usrall['User']['name']);
$userArr[$key]['User']['short_name'] = $hFormat->formatText($usrall['User']['short_name']);
$userArr[$key]['User']['email'] = $hFormat->formatText($usrall['User']['email']);
$userArr[$key]['User']['shln_email'] = $hFormat->shortLength($usrall['User']['email'], 30);
if ($role != 'invited' && $usrall['CompanyUser']['is_active'] != 2) {
$getprj = $hCasequery->getallproject($usrall['User']['id']);
$allpj = "";
foreach ($getprj as $k => $v) {
$allpj = $allpj . ", " . ucwords(strtolower($v));
}
$userArr[$key]['User']['all_project'] = $hFormat->shortLength(trim($allpj, ","), 20);
$userArr[$key]['User']['all_projects'] = trim($allpj, ",");
$userArr[$key]['User']['total_project'] = count($getprj);
} else {
$allpj = $hCasequery->getallInvitedProj($usrall['CompanyUser']['project_id']);
$userArr[$key]['User']['all_project'] = $hFormat->shortLength(trim($allpj, ","), 20);
//$userArr[$key]['User']['total_project'] = count($getprj);
}
if ($role == 'invited') {
$userArr[$key]['User']['qstr'] = $hCasequery->getinviteqstr($usrall['CompanyUser']['company_id'], $usrall['CompanyUser']['user_id']);
} else {
if ($usrall['CompanyUser']['is_active'] == 2) {
$userArr[$key]['User']['qstr'] = $hCasequery->getinviteqstr($usrall['CompanyUser']['company_id'], $usrall['CompanyUser']['user_id']);
}
}
if ($usrall['User']['dt_last_login']) {
$locDT = $hTmzone->GetDateTime(SES_TIMEZONE, TZ_GMT, TZ_DST, TZ_CODE, $usrall['User']['dt_last_login'], "datetime");
$gmdate = $hTmzone->GetDateTime(SES_TIMEZONE, TZ_GMT, TZ_DST, TZ_CODE, GMT_DATE, "date");
$userArr[$key]['User']['latest_activity'] = $hDatetime->dateFormatOutputdateTime_day($locDT, $gmdate);
}
if ($role == "invited") {
$crdt = $usrall['User']['dt_created'];
} else {
$crdt = $usrall['CompanyUser']['created'];
}
if ($crdt != "0000-00-00 00:00:00") {
$locDT = $hTmzone->GetDateTime(SES_TIMEZONE, TZ_GMT, TZ_DST, TZ_CODE, $crdt, "datetime");
$gmdate = $hTmzone->GetDateTime(SES_TIMEZONE, TZ_GMT, TZ_DST, TZ_CODE, GMT_DATE, "date");
$userArr[$key]['User']['created_on'] = $hDatetime->dateFormatOutputdateTime_day($locDT, $gmdate);
}
if (isset($usrall['User']['name']) && !empty($usrall['User']['name'])) {
array_push($arrusr, substr(trim($usrall['User']['name']), 0, 1));
}
}
$active_user_cnt = 0;
$invited_user_cnt = 0;
$disabled_user_cnt = 0;
$grpcount = $CompanyUser->query('SELECT count(CompanyUser.id) as usrcnt , CompanyUser.is_active FROM company_users CompanyUser LEFT JOIN users User on CompanyUser.user_id=User.id WHERE CompanyUser.company_id=' . SES_COMP . ' AND User.email!="" AND (' . $search_query . ') GROUP BY CompanyUser.is_active ');
// pr('SELECT count(CompanyUser.id) as usrcnt , CompanyUser.is_active FROM company_users CompanyUser LEFT JOIN users User on CompanyUser.user_id=User.id WHERE CompanyUser.company_id='.SES_COMP.' AND User.email!="" AND ('.$search_query.') GROUP BY CompanyUser.is_active ');exit;
if ($grpcount) {
foreach ($grpcount as $key => $val) {
if ($val['CompanyUser']['is_active'] == 1) {
$active_user_cnt = $val['0']['usrcnt'];
} elseif ($val['CompanyUser']['is_active'] == 2) {
$invited_user_cnt = $val['0']['usrcnt'];
} elseif ($val['CompanyUser']['is_active'] == 0) {
$disabled_user_cnt = $val['0']['usrcnt'];
}
}
}
$this->set('active_user_cnt', $active_user_cnt);
$this->set('invited_user_cnt', $invited_user_cnt);
$this->set('disabled_user_cnt', $disabled_user_cnt);
$this->set('caseCount', $tot[0][0]['total']);
$this->set('page_limit', $page_limit);
$this->set('page', $page);
$this->set('casePage', $page);
$this->set('projArr', $projArr);
$this->set('userArr', $userArr);
$this->set('role', $role);
$this->set('type', $type);
$this->set('user_srch', $user_srch);
$this->set('arrusr', $arrusr);
$this->set('totUser', $totUser);
if (isset($_GET['resetpassword']) && $_GET['resetpassword']) {
$this->User->recursive = -1;
$userUniqId = urldecode($_GET['resetpassword']);
$getData = $this->User->find("first", array('conditions' => array('User.uniq_id' => $userUniqId), 'fields' => array('User.name', 'User.email')));
if (count($getData)) {
$name = $getData['User']['name'];
$to = $getData['User']['email'];
$newPasswrod = $this->Format->generatePassword(6);
$subject = "Orangescrum Reset Password";
$message = "<table cellspacing='1' cellpadding='1' width='100%' border='0'>\n\t\t\t\t\t\t\t\t\t<tr><td> </td></tr>\n\t\t\t\t\t\t\t\t\t<tr><td align='left' style='font:normal 14px verdana;'>Hi " . $name . ",</td></tr>\n\t\t\t\t\t\t\t\t\t<tr><td> </td></tr>\n\t\t\t\t\t\t\t\t\t<tr><td align='left' style='font:normal 14px verdana;'>Your Password has been reset to <b>" . $newPasswrod . "</b></td></tr>\n\t\t\t\t\t\t\t\t\t<tr><td> </td></tr>\n\t\t\t\t\t\t\t\t\t<tr><td> </td></tr>\n\t\t\t\t\t\t\t\t</table>\n\t\t\t\t\t\t\t\t";
if ($this->Sendgrid->sendGridEmail(FROM_EMAIL, $to, $subject, $message, "ResetPassword")) {
$newMd5Passwrod = md5($newPasswrod);
$this->User->query("UPDATE users SET password='" . $newMd5Passwrod . "' WHERE uniq_id='" . $userUniqId . "'");
$this->Session->write("SUCCESS", "Password of '" . $name . "' reset successfully");
$this->redirect(HTTP_ROOT . "users/manage/");
}
}
}
}