PageRenderTime 51ms CodeModel.GetById 18ms RepoModel.GetById 0ms app.codeStats 1ms

/inc/amfphp/Amfphp/Services/ec_admin_users.php

https://github.com/EmranAhmed/wp-easycart
PHP | 483 lines | 332 code | 64 blank | 87 comment | 74 complexity | 6ec3d8577b699c2549c7ff58cc686894 MD5 | raw file
  1. <?php
  2. /*
  3. ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
  4. ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
  5. //All Code and Design is copyrighted by Level Four Development, llc
  6. //
  7. //Level Four Development, LLC provides this code "as is" without warranty of any kind, either express or implied,
  8. //including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.
  9. //
  10. //Only licnesed users may use this code and storfront for live purposes. All other use is prohibited and may be
  11. //subject to copyright violation laws. If you have any questions regarding proper use of this code, please
  12. //contact Level Four Development, llc and EasyCart prior to use.
  13. //
  14. //All use of this storefront is subject to our terms of agreement found on Level Four Development, llc's website.
  15. ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
  16. ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
  17. */
  18. class ec_admin_users
  19. {
  20. function ec_admin_users() {
  21. /*load our connection settings
  22. if( file_exists( '../../../../wp-easycart-data/connection/ec_conn.php' ) ) {
  23. require_once('../../../../wp-easycart-data/connection/ec_conn.php');
  24. } else {
  25. require_once('../../../connection/ec_conn.php');
  26. };*/
  27. //set our connection variables
  28. $dbhost = DB_HOST;
  29. $dbname = DB_NAME;
  30. $dbuser = DB_USER;
  31. $dbpass = DB_PASSWORD;
  32. global $wpdb;
  33. define ('WP_PREFIX', $wpdb->prefix);
  34. require_once( "../../classes/core/ec_db.php" );
  35. if( file_exists( "../../../../wp-easycart-quickbooks/QuickBooks.php" ) ){
  36. require_once( "../../../../wp-easycart-quickbooks/ec_quickbooks.php" );
  37. require_once( "../../../../wp-easycart-quickbooks/QuickBooks.php" );
  38. }
  39. //make a connection to our database
  40. $this->conn = mysql_connect($dbhost, $dbuser, $dbpass);
  41. mysql_select_db ($dbname);
  42. mysql_query("SET CHARACTER SET utf8", $this->conn);
  43. mysql_query("SET NAMES 'utf8'", $this->conn);
  44. }
  45. //secure all of the services for logged in authenticated users only
  46. public function _getMethodRoles($methodName){
  47. if ($methodName == 'getclients') return array('admin');
  48. else if($methodName == 'deleteclient') return array('admin');
  49. else if($methodName == 'updateclient') return array('admin');
  50. else if($methodName == 'addclient') return array('admin');
  51. else if($methodName == 'getuserroles') return array('admin');
  52. else if($methodName == 'deleteuserrole') return array('admin');
  53. else if($methodName == 'adduserrole') return array('admin');
  54. else if($methodName == 'resendverificationemail') return array('admin');
  55. else return null;
  56. }
  57. //HELPER - used to escape out SQL calls
  58. function escape($sql)
  59. {
  60. $args = func_get_args();
  61. foreach($args as $key => $val)
  62. {
  63. $args[$key] = mysql_real_escape_string($val);
  64. }
  65. $args[0] = $sql;
  66. return call_user_func_array('sprintf', $args);
  67. }
  68. //client account functions
  69. function getclients($startrecord, $limit, $orderby, $ordertype, $filter) {
  70. //Create SQL Query
  71. $query= mysql_query("SELECT SQL_CALC_FOUND_ROWS ec_user.* FROM ec_user WHERE ec_user.user_id != '' ".$filter." ORDER BY ". $orderby ." ". $ordertype . " LIMIT ". $startrecord .", ". $limit."");
  72. $totalquery=mysql_query("SELECT FOUND_ROWS()");
  73. $totalrows = mysql_fetch_object($totalquery);
  74. //if results, convert to an array for use in flash
  75. if(mysql_num_rows($query) > 0) {
  76. while ($row=mysql_fetch_object($query)) {
  77. //get the shipping and billing address id's
  78. $billing_address_id = $row->default_billing_address_id;
  79. $shipping_address_id = $row->default_shipping_address_id;
  80. //query for the billing address
  81. if($billing_address_id != 0) {
  82. $billingquery = mysql_query("SELECT
  83. ec_address.first_name AS billing_first_name,
  84. ec_address.last_name AS billing_last_name,
  85. ec_address.address_line_1 AS billing_address_line_1,
  86. ec_address.address_line_2 AS billing_address_line_2,
  87. ec_address.city AS billing_city,
  88. ec_address.state AS billing_state,
  89. ec_address.zip AS billing_zip,
  90. ec_address.country AS billing_country,
  91. ec_address.phone AS billing_phone
  92. FROM ec_address WHERE ec_address.address_id = '$billing_address_id'");
  93. //set the billing address to the first query
  94. while ($billing_row = mysql_fetch_object($billingquery)) {
  95. $row->billing_first_name = $billing_row->billing_first_name;
  96. $row->billing_last_name = $billing_row->billing_last_name;
  97. $row->billing_address_line_1 = $billing_row->billing_address_line_1;
  98. $row->billing_address_line_2 = $billing_row->billing_address_line_2;
  99. $row->billing_city = $billing_row->billing_city;
  100. $row->billing_state = $billing_row->billing_state;
  101. $row->billing_zip = $billing_row->billing_zip;
  102. $row->billing_country = $billing_row->billing_country;
  103. $row->billing_phone = $billing_row->billing_phone;
  104. }
  105. }
  106. //query for the shipping address
  107. if ($shipping_address_id != 0) {
  108. $shippingquery = mysql_query("SELECT
  109. ec_address.first_name AS shipping_first_name,
  110. ec_address.last_name AS shipping_last_name,
  111. ec_address.address_line_1 AS shipping_address_line_1,
  112. ec_address.address_line_2 AS shipping_address_line_2,
  113. ec_address.city AS shipping_city,
  114. ec_address.state AS shipping_state,
  115. ec_address.zip AS shipping_zip,
  116. ec_address.country AS shipping_country,
  117. ec_address.phone AS shipping_phone
  118. FROM ec_address WHERE ec_address.address_id = '$shipping_address_id'");
  119. //set the shipping address to the first query
  120. while ($shipping_row = mysql_fetch_object($shippingquery)) {
  121. $row->shipping_first_name = $shipping_row->shipping_first_name;
  122. $row->shipping_last_name = $shipping_row->shipping_last_name;
  123. $row->shipping_address_line_1 = $shipping_row->shipping_address_line_1;
  124. $row->shipping_address_line_2 = $shipping_row->shipping_address_line_2;
  125. $row->shipping_city = $shipping_row->shipping_city;
  126. $row->shipping_state = $shipping_row->shipping_state;
  127. $row->shipping_zip = $shipping_row->shipping_zip;
  128. $row->shipping_country = $shipping_row->shipping_country;
  129. $row->shipping_phone = $shipping_row->shipping_phone;
  130. }
  131. }
  132. //attach the total rows to the first query
  133. $row->totalrows=$totalrows;
  134. $returnArray[] = $row;
  135. }
  136. return($returnArray); //return array results if there are some
  137. } else {
  138. $returnArray[] = "noresults";
  139. return $returnArray; //return noresults if there are no results
  140. }
  141. }
  142. function deleteclient($clientid) {
  143. $query= mysql_query("SELECT SQL_CALC_FOUND_ROWS ec_user.* FROM ec_user WHERE ec_user.user_level = 'admin' AND ec_user.user_id != '".$clientid."'");
  144. $totalquery=mysql_query("SELECT FOUND_ROWS()");
  145. $totalrows = mysql_fetch_array($totalquery);
  146. //return $totalrows;
  147. //Create SQL Query
  148. if ($totalrows[0] >= '1') {
  149. $deletesql = $this->escape("DELETE FROM ec_address WHERE ec_address.user_id = '%s'", $clientid);
  150. //Run query on database;
  151. mysql_query($deletesql);
  152. //Create SQL Query
  153. $deletesql = $this->escape("DELETE FROM ec_user WHERE ec_user.user_id = '%s'", $clientid);
  154. //Run query on database;
  155. mysql_query($deletesql);
  156. //if no errors, return their current Client ID
  157. //if results, convert to an array for use in flash
  158. if(!mysql_error()) {
  159. $returnArray[] = "success";
  160. return($returnArray); //return array results if there are some
  161. } else {
  162. $returnArray[] = "error";
  163. return $returnArray; //return noresults if there are no results
  164. }
  165. } else {
  166. $returnArray[] = "noadminerror";
  167. return $returnArray; //return noresults if there ares no result
  168. }
  169. }
  170. function updateclient($clientid, $client) {
  171. $query= mysql_query("SELECT SQL_CALC_FOUND_ROWS ec_user.* FROM ec_user WHERE ec_user.user_level = 'admin'");
  172. $totalquery=mysql_query("SELECT FOUND_ROWS()");
  173. $totalrows = mysql_fetch_array($totalquery);
  174. //convert object to array
  175. $client = (array)$client;
  176. $matchlastadmin = false;
  177. while ($row = mysql_fetch_assoc($query)) {
  178. if ($totalrows[0] == 1 && $clientid == $row[user_id]) {
  179. $matchlastadmin = true;
  180. }
  181. }
  182. //need to determine if the one last user ID is this users ID
  183. ////////////////////////////////////////////////////////////
  184. if ($matchlastadmin == true && $client['userlevel'] != 'admin') {
  185. $returnArray[] = "noadminerror";
  186. return $returnArray; //return noresults if there ares no result
  187. } else {
  188. $sql = sprintf("Replace into ec_address(ec_address.address_id, ec_address.user_id, ec_address.first_name, ec_address.last_name, ec_address.address_line_1, ec_address.address_line_2, ec_address.city, ec_address.state, ec_address.zip, ec_address.country, ec_address.phone)
  189. values('%s', '".$clientid."', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s')",
  190. mysql_real_escape_string($client['billing_id']),
  191. mysql_real_escape_string($client['billname']),
  192. mysql_real_escape_string($client['billlastname']),
  193. mysql_real_escape_string($client['billaddress']),
  194. mysql_real_escape_string($client['billaddress2']),
  195. mysql_real_escape_string($client['billcity']),
  196. mysql_real_escape_string($client['billstate']),
  197. mysql_real_escape_string($client['billzip']),
  198. mysql_real_escape_string($client['billcountry']),
  199. mysql_real_escape_string($client['billphone']));
  200. //Run query on database;
  201. mysql_query($sql);
  202. $default_billing_address_id = $client['billing_id'];
  203. $sql = sprintf("Replace into ec_address(ec_address.address_id, ec_address.user_id, ec_address.first_name, ec_address.last_name, ec_address.address_line_1, ec_address.address_line_2, ec_address.city, ec_address.state, ec_address.zip, ec_address.country, ec_address.phone)
  204. values('%s', '".$clientid."', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s')",
  205. mysql_real_escape_string($client['shipping_id']),
  206. mysql_real_escape_string($client['shipname']),
  207. mysql_real_escape_string($client['shiplastname']),
  208. mysql_real_escape_string($client['shipaddress']),
  209. mysql_real_escape_string($client['shipaddress2']),
  210. mysql_real_escape_string($client['shipcity']),
  211. mysql_real_escape_string($client['shipstate']),
  212. mysql_real_escape_string($client['shipzip']),
  213. mysql_real_escape_string($client['shipcountry']),
  214. mysql_real_escape_string($client['shipphone']));
  215. //Run query on database;
  216. mysql_query($sql);
  217. $default_shipping_address_id = $client['shipping_id'];
  218. //Create SQL Query
  219. $sql = sprintf("UPDATE ec_user SET ec_user.email = '%s', ec_user.password = '%s', ec_user.first_name = '%s', ec_user.last_name = '%s', ec_user.default_billing_address_id = %d, ec_user.default_shipping_address_id = %d, ec_user.user_level = '%s', ec_user.is_subscriber = %d WHERE ec_user.user_id = %d",
  220. mysql_real_escape_string($client['email']),
  221. mysql_real_escape_string($client['password']),
  222. mysql_real_escape_string($client['firstname']),
  223. mysql_real_escape_string($client['lastname']),
  224. mysql_real_escape_string($default_billing_address_id),
  225. mysql_real_escape_string($default_shipping_address_id),
  226. mysql_real_escape_string($client['userlevel']),
  227. mysql_real_escape_string($client['subscriber']),
  228. mysql_real_escape_string($clientid));
  229. //Run query on database;
  230. mysql_query($sql);
  231. //return $sql;
  232. //Enqueue Quickbooks Update Customer
  233. if( file_exists( "../../../../wp-easycart-quickbooks/QuickBooks.php" ) ){
  234. $quickbooks = new ec_quickbooks( );
  235. $quickbooks->update_user_admin( $clientid );
  236. }
  237. //if no errors, return their current Client ID
  238. //if results, convert to an array for use in flash
  239. if(!mysql_error()) {
  240. $returnArray[] ="success";
  241. return($returnArray); //return array results if there are some
  242. } else {
  243. $returnArray[] = "error";
  244. return $returnArray; //return noresults if there are no results
  245. }
  246. }
  247. }
  248. function addclient($client) {
  249. //convert object to array
  250. $client = (array)$client;
  251. //Create SQL Query
  252. $sql = sprintf("INSERT into ec_user(ec_user.user_id, ec_user.email, ec_user.password, ec_user.first_name, ec_user.last_name, ec_user.default_billing_address_id, ec_user.default_shipping_address_id, ec_user.user_level, ec_user.is_subscriber)
  253. values(Null, '%s', '%s', '%s', '%s', '0', '0', '%s', '%s')",
  254. mysql_real_escape_string($client['email']),
  255. mysql_real_escape_string($client['password']),
  256. mysql_real_escape_string($client['firstname']),
  257. mysql_real_escape_string($client['lastname']),
  258. mysql_real_escape_string($client['userlevel']),
  259. mysql_real_escape_string($client['subscriber']));
  260. //Run query on database;
  261. mysql_query($sql);
  262. $user_id = mysql_insert_id();
  263. //add billing address
  264. $billingsql = sprintf("INSERT into ec_address(ec_address.address_id, ec_address.user_id, ec_address.first_name, ec_address.last_name, ec_address.address_line_1, ec_address.address_line_2, ec_address.city, ec_address.state, ec_address.zip, ec_address.country, ec_address.phone)
  265. values(Null, '".$user_id."', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s')",
  266. mysql_real_escape_string($client['billname']),
  267. mysql_real_escape_string($client['billlastname']),
  268. mysql_real_escape_string($client['billaddress']),
  269. mysql_real_escape_string($client['billaddress2']),
  270. mysql_real_escape_string($client['billcity']),
  271. mysql_real_escape_string($client['billstate']),
  272. mysql_real_escape_string($client['billzip']),
  273. mysql_real_escape_string($client['billcountry']),
  274. mysql_real_escape_string($client['billphone']));
  275. //Run query on database;
  276. mysql_query($billingsql);
  277. $default_billing_address_id = mysql_insert_id();
  278. //add shipping address
  279. $shippingsql = sprintf("INSERT into ec_address(ec_address.address_id, ec_address.user_id, ec_address.first_name, ec_address.last_name, ec_address.address_line_1, ec_address.address_line_2, ec_address.city, ec_address.state, ec_address.zip, ec_address.country, ec_address.phone)
  280. values(Null, '".$user_id."', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s')",
  281. mysql_real_escape_string($client['shipname']),
  282. mysql_real_escape_string($client['shiplastname']),
  283. mysql_real_escape_string($client['shipaddress']),
  284. mysql_real_escape_string($client['shipaddress2']),
  285. mysql_real_escape_string($client['shipcity']),
  286. mysql_real_escape_string($client['shipstate']),
  287. mysql_real_escape_string($client['shipzip']),
  288. mysql_real_escape_string($client['shipcountry']),
  289. mysql_real_escape_string($client['shipphone']));
  290. //Run query on database;
  291. mysql_query($shippingsql);
  292. $default_shipping_address_id = mysql_insert_id();
  293. //now update the ec_users with the new address ID's
  294. $sql = $this->escape("UPDATE ec_user SET ec_user.default_billing_address_id='%s', ec_user.default_shipping_address_id='%s' WHERE ec_user.user_id = '%s'", $default_billing_address_id, $default_shipping_address_id, $user_id);
  295. //Run query on database;
  296. mysql_query($sql);
  297. //Enqueue Quickbooks Add Customer
  298. if( file_exists( "../../../../wp-easycart-quickbooks/QuickBooks.php" ) ){
  299. $quickbooks = new ec_quickbooks( );
  300. $quickbooks->add_user( $user_id );
  301. }
  302. //if no errors, return their current Client ID
  303. //if results, convert to an array for use in flash
  304. if(!mysql_error()) {
  305. $returnArray[] ="success";
  306. return($returnArray); //return array results if there are some
  307. } else {
  308. $returnArray[] = "error";
  309. return $returnArray; //return noresults if there are no results
  310. }
  311. }
  312. //user roles
  313. function getuserroles() {
  314. //Create SQL Query
  315. $sql = sprintf("SELECT ec_role.* FROM ec_role ORDER BY ec_role.role_id ASC");
  316. $result = mysql_query($sql);
  317. //if results, convert to an array for use in flash
  318. if($result) {
  319. while ($row=mysql_fetch_object($result)) {
  320. $returnArray[] = $row;
  321. }
  322. return($returnArray); //return array results if there are some
  323. } else {
  324. $returnArray[] = "noresults";
  325. return $returnArray; //return noresults if there are no results
  326. }
  327. }
  328. function deleteuserrole($role_id) {
  329. //Create SQL Query
  330. $sql = $this->escape("DELETE FROM ec_role WHERE ec_role.role_id = %s", $role_id);
  331. //Run query on database;
  332. mysql_query($sql);
  333. //if no errors, return their current Client ID
  334. //if results, convert to an array for use in flash
  335. if(!mysql_error()) {
  336. $returnArray[] = "success";
  337. return($returnArray); //return array results if there are some
  338. } else {
  339. $returnArray[] = "error";
  340. return $returnArray; //return noresults if there are no results
  341. }
  342. }
  343. function adduserrole($role_label, $admin_access) {
  344. $adminok = 0; //default
  345. if($admin_access == true) $adminok = 1;
  346. if($admin_access == false) $adminok = 0;
  347. //Create SQL Query
  348. $sql = sprintf("Insert into ec_role(ec_role.role_id, ec_role.role_label, ec_role.admin_access)
  349. values(null, '%s', '%s')",
  350. mysql_real_escape_string($role_label),
  351. mysql_real_escape_string($adminok));
  352. //Run query on database;
  353. mysql_query($sql);
  354. //if no errors, return their current Client ID
  355. //if results, convert to an array for use in flash
  356. if(!mysql_error()) {
  357. $returnArray[] = "success";
  358. return($returnArray); //return array results if there are some
  359. } else {
  360. $returnArray[] = "error";
  361. return $returnArray; //return noresults if there are no results
  362. }
  363. }
  364. //user role prices
  365. function getuserroleprices($product_id) {
  366. //Create SQL Query
  367. $sql = sprintf("SELECT ec_roleprice.* FROM ec_roleprice WHERE ec_roleprice.product_id = '%s' ORDER BY ec_roleprice.role_label ASC", mysql_real_escape_string($product_id));
  368. $result = mysql_query($sql);
  369. //if results, convert to an array for use in flash
  370. if($result) {
  371. while ($row=mysql_fetch_object($result)) {
  372. $returnArray[] = $row;
  373. }
  374. return($returnArray); //return array results if there are some
  375. } else {
  376. $returnArray[] = "noresults";
  377. return $returnArray; //return noresults if there are no results
  378. }
  379. }
  380. function deleteuserroleprice($roleprice_id, $product_id) {
  381. //Create SQL Query
  382. $sql = $this->escape("DELETE FROM ec_roleprice WHERE ec_roleprice.roleprice_id = %s", $roleprice_id);
  383. //Run query on database;
  384. mysql_query($sql);
  385. //if no errors, return their current Client ID
  386. //if results, convert to an array for use in flash
  387. if(!mysql_error()) {
  388. $returnArray[] = $product_id;
  389. return($returnArray); //return array results if there are some
  390. } else {
  391. $returnArray[] = "error";
  392. return $returnArray; //return noresults if there are no results
  393. }
  394. }
  395. function adduserroleprice($product_id, $role_label, $price) {
  396. //Create SQL Query
  397. $sql = sprintf("Insert into ec_roleprice(ec_roleprice.roleprice_id, ec_roleprice.product_id, ec_roleprice.role_label, ec_roleprice.role_price)
  398. values(null, '%s', '%s', '%s')",
  399. mysql_real_escape_string($product_id),
  400. mysql_real_escape_string($role_label),
  401. mysql_real_escape_string($price));
  402. //Run query on database;
  403. mysql_query($sql);
  404. //if no errors, return their current Client ID
  405. //if results, convert to an array for use in flash
  406. if(!mysql_error()) {
  407. $returnArray[] = $product_id;
  408. return($returnArray); //return array results if there are some
  409. } else {
  410. $returnArray[] = "error";
  411. return $returnArray; //return noresults if there are no results
  412. }
  413. }
  414. function resendverificationemail($clientid, $email) {
  415. $account = new ec_accountpage;
  416. $account->send_validation_email( $email );
  417. }
  418. }//close class
  419. ?>