<?php
/**
* SeekQuarry/Yioop --
* Open Source Pure PHP Search Engine, Crawler, and Indexer
*
* Copyright (C) 2009 - 2026 Chris Pollett chris@pollett.org
*
* LICENSE:
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* END LICENSE
*
* @author Chris Pollett chris@pollett.org
* @license https://www.gnu.org/licenses/ GPL3
* @link https://www.seekquarry.com/
* @copyright 2009 - 2026
* @filesource
*/
namespace seekquarry\yioop\models;
use seekquarry\yioop\configs as C;
use seekquarry\yioop\CronModel;
use seekquarry\yioop\library as L;
use seekquarry\yioop\library\processors\ImageProcessor;
/** For getLocaleTag*/
require_once __DIR__.'/../library/LocaleFunctions.php';
/**
* This class is used to handle
* database statements related to User Administration
*
* @author Chris Pollett
*/
class UserModel extends Model
{
/**
* Associations of the form
* name of field for web forms => database column names/abbreviations
* In this case, things will in general map to the USERS table in the
* Yioop data base
* @var array
*/
public $search_table_column_map = ["first"=>"FIRST_NAME",
"last" => "LAST_NAME", "user" => "USER_NAME", "email"=>"EMAIL",
"status"=>"STATUS"];
/**
* These fields if present in $search_array (used by @see getRows() ),
* but with value "-1", will be skipped as part of the where clause
* but will be used for order by clause
* @var array
*/
public $any_fields = ["status"];
/**
* {@inheritDoc}
*
* @param mixed $args any additional arguments which should be used to
* determine these tables (in this case none)
*/
public function selectCallback($args = null)
{
return "USER_ID, USER_NAME, FIRST_NAME, LAST_NAME, EMAIL, STATUS";
}
/**
* {@inheritDoc}
*
* @param mixed $args any additional arguments which should be used to
* determine these tables (in this case none)
*/
public function fromCallback($args = null)
{
return "USERS";
}
/**
* {@inheritDoc}
*
* @param mixed $args any additional arguments which should be used to
* determine these tables (in this case none)
*/
public function whereCallback($args = null)
{
return "USER_ID != '" . C\PUBLIC_USER_ID . "'";
}
/**
* SQL AND-clause that keeps only USER_ROLE rows (aliased UR) whose
* grant is still active: those that never lapse or whose expiry is
* still in the future. Used so a lapsed, unrenewed role stops
* conferring its activities.
*
* @return string SQL clause beginning with a leading " AND "
*/
private function activeUserRoleClause()
{
return " AND (UR.EXPIRES = " . C\FOREVER . " OR UR.EXPIRES > " .
time() . ") ";
}
/**
* Get a list of admin activities that a user is allowed to perform.
* This includes their name and their associated method.
*
* @param string $user_id id of user to get activities fors
* @return array list of admin-activity rows the user is permitted to
* run (each row contains the activity's METHOD_NAME and
* localized name); empty array when the user is suspended or
* inactive
*/
public function getUserActivities($user_id)
{
$db = $this->db;
$activities = [];
$status = $this->getUserStatus($user_id);
if (!$status || in_array($status,
[C\SUSPENDED_STATUS, C\INACTIVE_STATUS])) {
return [];
}
$locale_tag = L\getLocaleTag();
$limit_offset = $db->limitOffset(1);
$sql = "SELECT LOCALE_ID FROM LOCALE ".
"WHERE LOCALE_TAG = ? $limit_offset";
$result = $db->execute($sql, [$locale_tag]);
$row = $db->fetchArray($result);
$locale_id = $row['LOCALE_ID'];
$sql = "SELECT DISTINCT A.ACTIVITY_ID AS ACTIVITY_ID, ".
"T.TRANSLATION_ID AS TRANSLATION_ID, A.METHOD_NAME AS METHOD_NAME,".
" RA.ALLOWED_ARGUMENTS AS ALLOWED_ARGUMENTS," .
" T.IDENTIFIER_STRING AS IDENTIFIER_STRING FROM ACTIVITY A, ".
" USER_ROLE UR, ROLE_ACTIVITY RA, TRANSLATION T ".
" WHERE UR.USER_ID = ? " . $this->activeUserRoleClause() .
" AND UR.ROLE_ID=RA.ROLE_ID AND T.TRANSLATION_ID=A.TRANSLATION_ID ".
" AND RA.ACTIVITY_ID = A.ACTIVITY_ID ORDER BY A.ACTIVITY_ID ASC";
$result = $db->execute($sql, [$user_id]);
$sub_sql = "SELECT TRANSLATION AS ACTIVITY_NAME ".
"FROM TRANSLATION_LOCALE ".
"WHERE TRANSLATION_ID=? AND LOCALE_ID=? $limit_offset";
// maybe do left join at some point
while ($row = $this->db->fetchArray($result)) {
$id = $row['TRANSLATION_ID'];
if (empty($activities[$id])) {
$activities[$id] = $row;
} else {
if (empty($activities[$id]["ALLOWED_ARGUMENTS"]) ||
$activities[$id]["ALLOWED_ARGUMENTS"] == "all") {
// all arguments allowed
$activities[$id]["ALLOWED_ARGUMENTS"] = "all";
continue;
} else if (empty($row["ALLOWED_ARGUMENTS"]) ||
trim($row["ALLOWED_ARGUMENTS"]) == "all") {
$activities[$id]["ALLOWED_ARGUMENTS"] = "all";
}
$activities[$id]["ALLOWED_ARGUMENTS"] .= ", " .
$row["ALLOWED_ARGUMENTS"];
}
$result_sub = $db->execute($sub_sql, [$id, $locale_id]);
$translate = $db->fetchArray($result_sub);
if ($translate) {
$activities[$id]['ACTIVITY_NAME'] = $translate['ACTIVITY_NAME'];
}
if (!isset($activities[$id]['ACTIVITY_NAME']) ||
$activities[$id]['ACTIVITY_NAME'] == "") {
$activities[$id]['ACTIVITY_NAME'] = $this->translateDb(
$activities[$id]['IDENTIFIER_STRING'],
C\p('DEFAULT_LOCALE'));
}
}
$activities = array_values($activities);
return $activities;
}
/**
* Checks if a user is allowed to perform the activity given by
* method name
*
* @param string $user_id id of user to check
* @param string $method_name to see if user allowed to do
* @param bool $get_roles when true, return the list of roles that
* grant the activity instead of a boolean (used by the role-audit UI)
* @return mixed bool whether the user is allowed; or, when
* $get_roles is true, the array of granting role ids
*/
public function isAllowedUserActivity($user_id, $method_name,
$get_roles = false)
{
$db = $this->db;
$select = "COUNT(*)";
$sql = "SELECT $select AS ALLOWED FROM ACTIVITY A, ".
"USER_ROLE UR, ROLE_ACTIVITY RA WHERE UR.USER_ID = ? " .
$this->activeUserRoleClause() .
"AND UR.ROLE_ID=RA.ROLE_ID AND A.METHOD_NAME = ? ".
"AND RA.ACTIVITY_ID = A.ACTIVITY_ID";
$result = $db->execute($sql, [$user_id, $method_name]);
$role_ids = [];
if ($result) {
while($row = $db->fetchArray($result)) {
if (intval($row['ALLOWED']) > 0) {
return true;
}
}
}
return false;
}
/**
* Records which signed-in user a session id belongs to, so the
* session can be restored later if the server no longer has it in
* memory (for example after it was dropped under load or the server
* restarted). Any earlier mapping for the same session id is
* replaced. Nothing is stored for the public (not signed-in) user.
*
* @param string $session_id the session id from the visitor's
* cookie
* @param int $user_id id of the signed-in user
* @param int $expires unix time after which this mapping should no
* longer be honored
*/
public function setSessionUser($session_id, $user_id, $expires)
{
if ($user_id == C\PUBLIC_USER_ID) {
return;
}
$sql = "DELETE FROM AUTH_SESSION WHERE SESSION_ID = ?";
$this->db->execute($sql, [$session_id]);
$sql = "INSERT INTO AUTH_SESSION VALUES (?, ?, ?)";
$this->db->execute($sql, [$session_id, $user_id, $expires]);
}
/**
* Looks up which signed-in user a session id belongs to, ignoring
* mappings that have passed their expiry time. Used to restore a
* session that is no longer in the server's memory.
*
* @param string $session_id the session id from the visitor's
* cookie
* @return int the user id, or 0 when there is no usable mapping
*/
public function getSessionUser($session_id)
{
$db = $this->db;
$sql = "SELECT USER_ID FROM AUTH_SESSION " .
"WHERE SESSION_ID = ? AND EXPIRES > ? " . $db->limitOffset(1);
$result = $db->execute($sql, [$session_id, time()]);
if (!empty($result)) {
$row = $db->fetchArray($result);
if (!empty($row["USER_ID"])) {
return $row["USER_ID"];
}
}
return 0;
}
/**
* Removes the mapping from a session id to its user, for example
* when the person signs out so the session can no longer be
* restored.
*
* @param string $session_id the session id from the visitor's
* cookie
*/
public function deleteSessionUser($session_id)
{
$sql = "DELETE FROM AUTH_SESSION WHERE SESSION_ID = ?";
$this->db->execute($sql, [$session_id]);
}
/**
* Returns $_SESSION variable of given user from the last time
* logged in.
*
* @param int $user_id id of user to get session for
* @return array user's session data
*/
public function getUserSession($user_id)
{
$db = $this->db;
$sql = "SELECT SESSION FROM USER_SESSION ".
"WHERE USER_ID = ? " . $db->limitOffset(1);
$result = $db->execute($sql, [$user_id]);
if (!empty($result)) {
$row = $db->fetchArray($result);
if (!empty($row["SESSION"])) {
$session = unserialize($row["SESSION"]);
if (!empty($session)) {
return $session;
}
}
}
return [];
}
/**
* Stores into DB the $session associative array of given user
*
* @param int $user_id id of user to store session for
* @param array $session session data for the given user
* @return bool true on a successful insert, false when the session
* exceeds MAX_USER_SESSION_SIZE, the user is PUBLIC_USER_ID,
* or the insert itself failed
*/
public function setUserSession($user_id, $session)
{
$session_string = serialize($session);
if (strlen($session_string) >= C\MAX_USER_SESSION_SIZE ||
$user_id == C\PUBLIC_USER_ID) {
return false;
}
$sql = "DELETE FROM USER_SESSION WHERE USER_ID = ?";
$this->db->execute($sql, [$user_id]);
$sql = "INSERT INTO USER_SESSION VALUES (?, ?)";
if(!$this->db->execute($sql, [$user_id, $session_string])) {
return false;
}
return true;
}
/**
* Get a username by user_id
*
* @param string $user_id id of the user
* @return string the name of the user corresponding to that id
*/
public function getUsername($user_id)
{
$db = $this->db;
if (intval($user_id) != $user_id) {
return false; //keep postgres error log cleaner by doing check
}
$sql = "SELECT USER_NAME FROM USERS WHERE USER_ID = ?";
$result = $db->execute($sql, [$user_id]);
$row = $db->fetchArray($result);
return ($row['USER_NAME'] ?? false);
}
/**
* Get the status of user by user_id
*
* @param string $user_id id of the user
* @return int the status flag of the user: ACTIVE, INACTIVE, INVITED,
* SUSPENDED
*/
public function getUserStatus($user_id)
{
$db = $this->db;
if (intval($user_id) != $user_id) {
return false; //keep postgres error log cleaner by doing check
}
$sql = "SELECT STATUS FROM USERS WHERE USER_ID = ?";
$result = $db->execute($sql, [$user_id]);
$row = $db->fetchArray($result);
return $row['STATUS'] ?? false;
}
/**
* Returns a row from the USERS table based on a username (case-insensitive)
*
* @param string $username user login to be used for look up
* @return array corresponds to the row of that user in the USERS table
*/
public function getUser($username)
{
$db = $this->db;
$sql = "SELECT * FROM USERS WHERE LOWER(USER_NAME) = LOWER(?) " .
$db->limitOffset(1);
$result = $db->execute($sql, [$username]);
if (!$result) {
return false;
}
$row = $db->fetchArray($result);
if (isset($row['USER_ID'])) {
$row['USER_ICON'] = $this->getUserIconUrl($row['USER_ID']);
$row['IS_BOT_USER'] = $this->isBotUser($row['USER_ID']);
}
if (isset($row['IS_BOT_USER'])) {
$sql = "SELECT BOT_TOKEN, CALLBACK_URL
FROM CHAT_BOT WHERE USER_ID = ?";
$result = $db->execute($sql,[$row['USER_ID']]);
$bot_row = $db->fetchArray($result);
if (!empty($bot_row)) {
$row['BOT_TOKEN'] = $bot_row['BOT_TOKEN'];
$row['CALLBACK_URL'] = $bot_row['CALLBACK_URL'];
} else {
$row['BOT_TOKEN'] = "";
$row['CALLBACK_URL'] = "";
}
}
return $row;
}
/**
* Looks up a USERS row based on their $email (potentially not unique)
* and the time at which their account was create in microseconds
* @param string $email of user to lookup
* @param string $creation_time when the user's account was created in
* the current epoch
* @return array row from USERS table
*/
public function getUserByEmailTime($email, $creation_time)
{
$db = $this->db;
$sql = "SELECT * FROM USERS WHERE LOWER(EMAIL) = LOWER(?)
AND CREATION_TIME = ? " . $db->limitOffset(1);
$result = $db->execute($sql, [$email, $creation_time]);
if (!$result) {
return false;
}
$row = $db->fetchArray($result);
if (isset($row['USER_ID'])) {
$row['USER_ICON'] = $this->getUserIconUrl($row['USER_ID']);
}
return $row;
}
/**
* Looks up the account, if any, that uses a given email address.
* Used to stop the site's own bot address from being pointed at an
* address some member already signs up with. The match ignores
* letter case.
*
* @param string $email the email address to look up
* @return array|bool the matching user row, or false when no account
* uses that address
*/
public function getUserByEmail($email)
{
$db = $this->db;
$sql = "SELECT * FROM USERS WHERE LOWER(EMAIL) = LOWER(?) " .
$db->limitOffset(1);
$result = $db->execute($sql, [$email]);
if (!$result) {
return false;
}
$row = $db->fetchArray($result);
if (isset($row['USER_ID'])) {
$row['USER_ICON'] = $this->getUserIconUrl($row['USER_ID']);
}
return $row;
}
/**
* Saves the personal recovery question a member typed and, when an
* answer is given, the hash of that answer, used when the site recovers
* accounts by question rather than by email. The question is kept as
* plain text so it can be shown back to the member, while only a one-way
* hash of the answer is stored, the same way a password is. Passing null
* for the answer leaves the stored answer untouched, which lets a member
* reword their question without retyping the answer.
*
* @param int $user_id numeric id of the member
* @param string $question the recovery question the member typed
* @param string $answer the member's answer, hashed before storage, or
* null to keep the answer already on file
*/
public function setRecoveryQuestion($user_id, $question, $answer = null)
{
if ($answer === null) {
$sql = "UPDATE USERS SET RECOVERY_QUESTION = ? WHERE USER_ID = ?";
$this->db->execute($sql, [$question, $user_id]);
return;
}
$sql = "UPDATE USERS SET RECOVERY_QUESTION = ?, " .
"RECOVERY_ANSWER = ? WHERE USER_ID = ?";
$this->db->execute($sql,
[$question, L\crawlCrypt($answer), $user_id]);
}
/**
* Checks whether a typed answer matches the stored hash of a member's
* recovery answer, using a constant-time comparison so a wrong answer
* and a right one take the same time to reject.
*
* @param array $user a USERS row holding the stored RECOVERY_ANSWER hash
* @param string $answer the answer the person typed during recovery
* @return bool true only when the answer matches the stored hash
*/
public function checkRecoveryAnswer($user, $answer)
{
if (empty($user['RECOVERY_ANSWER'])) {
return false;
}
return hash_equals($user['RECOVERY_ANSWER'],
L\crawlCrypt($answer, $user['RECOVERY_ANSWER']));
}
/**
* Looks up a user by their numeric user id and returns the whole
* USERS row, or false when there is no such user. Used by the
* account-activation link, which names the new member by an opaque
* signed token holding only this id, so the email address never
* travels in the link.
*
* @param int $user_id the id of the user to look up
* @return array|bool the user's database row as an associative
* array, or false when no user has that id
*/
public function getUserById($user_id)
{
$db = $this->db;
$sql = "SELECT * FROM USERS WHERE USER_ID = ? " .
$db->limitOffset(1);
$result = $db->execute($sql, [$user_id]);
if (!$result) {
return false;
}
$row = $db->fetchArray($result);
if (isset($row['USER_ID'])) {
$row['USER_ICON'] = $this->getUserIconUrl($row['USER_ID']);
}
return $row;
}
/**
* Works out the on-disk folder name and its short prefix for a user's
* private files. The name is a crawlHash of the user id keyed by the
* site AUTH_KEY, so it cannot be guessed from the id alone, and the
* prefix is its first few characters, used to spread users across
* subdirectories rather than piling them into one folder. The hash is
* left as crawlHash on purpose: it names an existing folder on disk, so
* changing it would orphan every user's current files.
*
* @param int $user_id id of the user whose folder is wanted
* @return array the folder name followed by its prefix
*/
public function userFolderAndPrefix($user_id)
{
$user_folder = L\crawlHash("user" . $user_id . C\p('AUTH_KEY'));
$user_prefix = substr($user_folder, 0, C\FOLDER_PREFIX_LEN);
return [$user_folder, $user_prefix];
}
/**
* Returns the relative url needed to request the given users avatar icon
*
* @param int $user_id user to look up path for
* @return string path to icon
*/
public function getUserIconUrl($user_id)
{
$user_icon = C\SHORT_BASE_URL . "resources/anonymous.png";
list($user_folder, $user_prefix) =
$this->userFolderAndPrefix($user_id);
$icon_path = C\APP_DIR .
"/resources/$user_prefix/$user_folder/user_icon.webp";
if (file_exists($icon_path)) {
if (C\REDIRECTS_ON) {
$user_icon = C\SHORT_BASE_URL .
"wd/users/$user_folder/user_icon.webp";
} else {
$user_icon = C\SHORT_BASE_URL .
"?c=resource&a=get&f=resources&" .
"s=$user_folder&n=user_icon.webp";
}
}
return $user_icon;
}
/**
* Returns the path to a user's resource folder (where uploaded files
* will be stored). It creates the folder if it does not exist
*
* @param int $user_id user id of user to get path for
* @return string|bool absolute filesystem path to the user's resource
* folder on success; false if any of the parent directories
* could not be created
*/
public function getUserIconFolder($user_id)
{
list($user_folder, $user_prefix) =
$this->userFolderAndPrefix($user_id);
$resource_path = C\APP_DIR . "/resources";
$prefix_path = $resource_path."/$user_prefix";
$user_path = "$prefix_path/$user_folder";
if (file_exists($user_path)) {
return $user_path;
}
if (!file_exists(C\APP_DIR) && !mkdir(C\APP_DIR)) {
return false;
}
if (!file_exists($resource_path) && !mkdir($resource_path)) {
return false;
}
if (!file_exists($prefix_path) && !mkdir($prefix_path)) {
return false;
}
if (mkdir($user_path)) {
return $user_path;
}
return false;
}
/**
* Set status of user by user_id
*
* @param string $user_id id of the user
* @param int $status one of ACTIVE_STATUS, INACTIVE_STATUS, or
* SUSPENDED_STATUS
*/
public function updateUserStatus($user_id, $status)
{
$db = $this->db;
if (!in_array($status, [C\ACTIVE_STATUS, C\INACTIVE_STATUS,
C\SUSPENDED_STATUS])) {
return;
}
$sql = "UPDATE USERS SET STATUS=? WHERE USER_ID=?";
$db->execute($sql, [$status, $user_id]);
}
/**
* Add a user with a given username and password to the list of users
* that can login to the admin panel
*
* @param string $username the username of the user to be added
* @param string $password the password in plaintext
* of the user to be added
* @param string $firstname the firstname of the user to be added
* @param string $lastname the lastname of the user to be added
* @param string $email the email of the user to be added
* @param int $status one of ACTIVE_STATUS, INACTIVE_STATUS, or
* SUSPENDED_STATUS
* @return mixed false if operation not successful, user_id otherwise
*/
public function addUser($username, $password, $firstname = '', $lastname='',
$email = '', $status = C\ACTIVE_STATUS)
{
$creation_time = L\microTimestamp();
$db = $this->db;
$sql = "INSERT INTO USERS(FIRST_NAME, LAST_NAME,
USER_NAME, EMAIL, PASSWORD, STATUS, HASH,
CREATION_TIME) VALUES (
?, ?, ?, ?, ?, ?, ?, ?)";
$username = mb_strtolower($username);
$result = $db->execute($sql, [$firstname, $lastname,
$username, $email, L\crawlCrypt($password), $status,
L\crawlCrypt($username . C\p('AUTH_KEY') . $creation_time),
$creation_time]);
if (!$user_id = $this->getUserId($username)) {
return false;
}
$now = time();
$user_id = $db->escapeString($user_id);
$sql = "INSERT INTO USER_GROUP (USER_ID, GROUP_ID, STATUS,
JOIN_DATE) VALUES(?, ?, ?, ?)";
$result = $db->execute($sql, [$user_id, C\PUBLIC_GROUP_ID,
C\ACTIVE_STATUS, $now]);
/* Naming the columns rather than relying on their order lets the
two columns a role grant has gained since, when it lapses and
whether it renews, take the defaults they were added with; a
row given only two values in order is refused outright once a
table has more columns than that. */
$sql = "INSERT INTO USER_ROLE (USER_ID, ROLE_ID) VALUES (?, ?)";
$result_id = $db->execute($sql, [$user_id, C\USER_ROLE]);
return $user_id;
}
/**
* Deletes a user by username from the list of users that can login to
* the admin panel
*
* @param string $username the login name of the user to delete
*/
public function deleteUser($username)
{
$db = $this->db;
$user_id = $this->getUserId($username);
if ($user_id) {
$sql = "DELETE FROM USER_ROLE WHERE USER_ID=?";
$result = $db->execute($sql, [$user_id]);
$sql = "DELETE FROM USER_GROUP WHERE USER_ID=?";
$result = $db->execute($sql, [$user_id]);
$sql = "DELETE FROM USER_SESSION WHERE USER_ID=?";
$result = $db->execute($sql, [$user_id]);
}
$sql = "DELETE FROM USERS WHERE USER_ID=?";
$result = $db->execute($sql, [$user_id]);
}
/**
* Used to update the fields stored in a USERS row according to
* an array holding new values
*
* @param array $user updated values for a USERS row
*/
public function updateUser($user)
{
$user_id = $user['USER_ID'];
if (isset($user['IMAGE_STRING'])) {
$folder = $this->getUserIconFolder($user_id);
$image = @imagecreatefromstring($user['IMAGE_STRING']);
$thumb_string = ImageProcessor::createThumb($image);
if (!empty($thumb_string)) {
file_put_contents($folder . "/user_icon.webp",
$thumb_string);
clearstatcache($folder . "/user_icon.webp");
}
}
unset($user['USER_ID'], $user['IMAGE_STRING'], $user['USER_ICON'],
$user['IS_BOT_USER'], $user['BOT_TOKEN'], $user['CALLBACK_URL']);
$user['USER_NAME'] = mb_strtolower($this->getUserName(
$user_id));
if (empty($user['USER_NAME'])) {
unset($user['USER_NAME']);
}
$sql = "UPDATE USERS SET ";
$comma ="";
$params = [];
if ($user == []) {
return;
}
foreach ($user as $field => $value) {
$sql .= "$comma $field=? ";
$comma = ",";
if ($field == "PASSWORD") {
$params[] = L\crawlCrypt($value);
} else {
$params[] = $value;
}
}
$sql .= " WHERE USER_ID=?";
$params[] = $user_id;
$this->db->execute($sql, $params);
}
/**
* Checks if a user is bot
*
* @param string $user_id id of user to check
* @return bool whether or not the user is bot
*/
public function isBotUser($user_id)
{
$db = $this->db;
$sql = "SELECT COUNT(*) AS NUM FROM ".
"USER_ROLE UR WHERE UR.USER_ID = ? ".
"AND UR.ROLE_ID = ?";
$is_bot = false;
$bot_id = RoleModel::getRoleIdWithDb("Bot User", $db);
if ($bot_id) {
$result = $db->execute($sql, [$user_id, $bot_id]);
if ($result) {
while ($row = $db->fetchArray($result)) {
if ($row["NUM"] > 0) {
$is_bot = true;
} else {
$is_bot = false;
}
}
}
}
return $is_bot;
}
/**
* Used to update the fields stored in a CHAT_BOT row according to
* an array holding new values
*
* @param array $user updated values for a CHAT_BOT row
*/
public function updateBot($user)
{
if ($user == []) {
return;
}
$db = $this->db;
$sql = "SELECT COUNT(*) AS NUM FROM ".
"CHAT_BOT CB WHERE CB.USER_ID = ? ";
$result = $db->execute($sql, [$user['USER_ID']]);
$is_new_bot = false;
if ($result) {
while ($row = $db->fetchArray($result)) {
if ($row["NUM"] > 0) {
$is_new_bot = false;
} else {
$is_new_bot = true;
}
}
}
if (!$this->isBotUser($user["USER_ID"])) {
if (!$is_new_bot) {
$sql = "DELETE FROM CHAT_BOT WHERE USER_ID = ?";
$db->execute($sql, [$user['USER_ID']]);
}
return;
}
if ($is_new_bot) {
$user['BOT_TOKEN'] = (empty($user['BOT_TOKEN'])) ? "" :
$user['BOT_TOKEN'];
$user['CALLBACK_URL'] = (empty($user['CALLBACK_URL'])) ? "" :
$user['CALLBACK_URL'];
$sql = "INSERT INTO CHAT_BOT(USER_ID, BOT_TOKEN,
CALLBACK_URL) VALUES (?, ?, ?)";
$result = $db->execute($sql, [$user['USER_ID'], $user['BOT_TOKEN'],
$user['CALLBACK_URL']]);
} else {
$sql = "UPDATE CHAT_BOT SET ";
$comma = "";
$params = [];
foreach ($user as $field => $value) {
if ($field == "USER_ID") {
$sql .= "$comma $field = ? ";
$comma = ",";
$params[] = $value;
} else if ($field == "BOT_TOKEN") {
$sql .= "$comma $field = ? ";
$comma = ",";
$params[] = $value;
} else if ($field == "CALLBACK_URL") {
$sql .= "$comma $field = ? ";
$comma = ",";
$params[] = $value;
}
}
$sql .= " WHERE USER_ID = ?";
$params[] = $user['USER_ID'];
$this->db->execute($sql, $params);
}
}
/**
* Gets $num many user recommendations of the given type.
*
* @param int $timestamp of the recommendation media job calculation
* of recommendations (available using cron model
* item_group_recommendations)
* @param int $user_id to user to get recommendations for
* @param int $type = one of C\TRENDING_RECOMMENDATION,
* C\THREAD_RECOMMENDATION, or C\GROUP_RECOMMENDATION
* @param int $num the number of recommendations to return
* @return array list of recommendation rows (each having ID and NAME
* columns from GROUP_ITEM or SOCIAL_GROUPS depending on $type),
* ordered by SCORE DESC and capped at $num entries
*/
public function getRecommendations($timestamp, $user_id, $type, $num = 3)
{
$db = $this->db;
$name_table = "GROUP_ITEM";
$name_column = "TITLE";
$name_id = "ID";
if ($type == C\GROUP_RECOMMENDATION) {
$name_table = "SOCIAL_GROUPS";
$name_column = "GROUP_NAME";
$name_id = "GROUP_ID";
}
$sql = "SELECT IR.ITEM_ID AS ID, NT.$name_column AS NAME ".
"FROM GROUP_ITEM_RECOMMENDATION IR, $name_table NT ".
"WHERE IR.ITEM_ID = NT.$name_id AND IR.USER_ID = ? AND " .
"ITEM_TYPE = ? AND TIMESTAMP = $timestamp " .
"ORDER BY SCORE DESC " . $db->limitOffset($num);
$result = $db->execute($sql, [$user_id, $type]);
$recommendations = [];
while($row = $db->fetchArray($result)) {
$recommendations[$row['ID']] = $row['NAME'];
}
return $recommendations;
}
/**
* Returns the top wiki-resource recommendations for the given user,
* resolved from GROUP_RESOURCE_RECOMMENDATION back into a list of
* [group_id, page_id, page_title, resource_name, sub_path] tuples
* the UI can link to.
*
* @param int $user_id user whose recommendations to load
* @param int $num max number of recommendations to return (default 3)
* @return array list of resource-recommendation tuples ordered by
* SCORE DESC, capped at $num entries
*/
public function getResourceRecommendations($user_id, $num = 3)
{
$db = $this->db;
$sql = "SELECT * FROM GROUP_RESOURCE_RECOMMENDATION WHERE" .
" USER_ID = ? ORDER BY SCORE DESC " . $db->limitOffset($num);
$results = $db->execute($sql, [$user_id]);
$recommendations = [];
while($row = $db->fetchArray($results)) {
$group_id = $row['GROUP_ID'];
$page_id = $row['PAGE_ID'];
$page_sql = "SELECT TITLE FROM GROUP_PAGE WHERE ID = ?";
$result = $db->execute($page_sql, [$page_id]);
while ($sub_row = $db->fetchArray($result)) {
$page_title = $sub_row['TITLE'];
}
$index = strrpos($row['RESOURCE_PATH'], "/");
$name = substr($row['RESOURCE_PATH'], $index + 1);
$resource_index = strrpos($row['RESOURCE_PATH'], "/resources/");
$sub_path = substr($row['RESOURCE_PATH'], $resource_index + 28,
$index - $resource_index - 28);
$recommendations[] = [$group_id, $page_id, $page_title ?? "",
$name ?? "", $sub_path ?? ""];
}
return $recommendations;
}
}