<?php
/**
 * users_Save.php
 *
 * ProcessMaker Open Source Edition
 * Copyright (C) 2004 - 2008 Colosa Inc.23
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 *
 * For more information, contact Colosa Inc, 2566 Le Jeune Rd.,
 * Coral Gables, FL, 33134, USA, or email info@colosa.com.
 *
 */


try {
  global $RBAC;
  switch ($RBAC->userCanAccess('PM_FACTORY'))
  {
    case -2:
      G::SendTemporalMessage('ID_USER_HAVENT_RIGHTS_SYSTEM', 'error', 'labels');
      G::header('location: ../login/login');
      die;
    break;
    case -1:
      G::SendTemporalMessage('ID_USER_HAVENT_RIGHTS_PAGE', 'error', 'labels');
      G::header('location: ../login/login');
      die;
    break;
  }
  if ( empty($_POST) || !isset($_POST['form'])) {
    throw ( new Exception ('Posted data is empty!') );
  }

  $form =  $_POST['form'];
  
  if ( isset($_GET['USR_UID'])) {
    $form['USR_UID'] = $_GET['USR_UID'];
  }
  else {
    $form['USR_UID'] = '';
  }
  
  if ( isset($_FILES['form']['name']['USR_RESUME']) ) {
    if ($_FILES['form']['tmp_name']['USR_RESUME'] != '') {
      $form['USR_RESUME'] = $_FILES['form']['name']['USR_RESUME'];
    }
    else {
      $form['USR_RESUME'] = '';
    }
  }

  if (!isset($form['USR_NEW_PASS'])) {
    $form['USR_NEW_PASS'] = '';
  }
  if ($form['USR_NEW_PASS'] != '') {
    $form['USR_PASSWORD'] = md5($form['USR_NEW_PASS']);
  }
  if (!isset($form['USR_CITY'])) {
    $form['USR_CITY'] = '';
  }
  if (!isset($form['USR_LOCATION'])) {
    $form['USR_LOCATION'] = '';
  }
  if (!isset($form['USR_AUTH_USER_DN'])) {
    $form['USR_AUTH_USER_DN'] = '';
  }
  if ($form['USR_UID'] == '') {
    $aData['USR_USERNAME']    = $form['USR_USERNAME'];
    $aData['USR_PASSWORD']    = $form['USR_PASSWORD'];
    $aData['USR_FIRSTNAME']   = $form['USR_FIRSTNAME'];
    $aData['USR_LASTNAME']    = $form['USR_LASTNAME'];
    $aData['USR_EMAIL']       = $form['USR_EMAIL'];
    $aData['USR_DUE_DATE']    = $form['USR_DUE_DATE'];
    $aData['USR_CREATE_DATE'] = date('Y-m-d H:i:s');
    $aData['USR_UPDATE_DATE'] = date('Y-m-d H:i:s');
    $aData['USR_BIRTHDAY']    = date('Y-m-d');
    $aData['USR_AUTH_USER_DN'] = $form['USR_AUTH_USER_DN'];
    //fixing bug in inactive user when the admin create a new user.
    $statusWF = $form['USR_STATUS'];
    $aData['USR_STATUS']      = $form['USR_STATUS'] == 'ACTIVE' ? 1 : 0;
    $sUserUID                 = $RBAC->createUser($aData, $form['USR_ROLE'] );
    $aData['USR_STATUS']      = $statusWF;
    $aData['USR_UID']         = $sUserUID;
    $aData['USR_PASSWORD']    = md5($sUserUID);//fake :p
    $aData['USR_COUNTRY']     = $form['USR_COUNTRY'];
    $aData['USR_CITY']        = $form['USR_CITY'];
    $aData['USR_LOCATION']    = $form['USR_LOCATION'];
    $aData['USR_ADDRESS']     = $form['USR_ADDRESS'];
    $aData['USR_PHONE']       = $form['USR_PHONE'];
    $aData['USR_ZIP_CODE']    = $form['USR_ZIP_CODE'];
    $aData['USR_POSITION']    = $form['USR_POSITION'];
    $aData['USR_RESUME']      = $form['USR_RESUME'];
    $aData['USR_ROLE']        = $form['USR_ROLE'];
    $aData['USR_REPLACED_BY'] = $form['USR_REPLACED_BY'];
    

    require_once 'classes/model/Users.php';
    $oUser = new Users();
    $oUser->create($aData);
    if ($_FILES['form']['error']['USR_PHOTO'] != 1) {
      if ($_FILES['form']['tmp_name']['USR_PHOTO'] != '') {
        G::uploadFile($_FILES['form']['tmp_name']['USR_PHOTO'], PATH_IMAGES_ENVIRONMENT_USERS, $sUserUID . '.gif');
      }
    }
    else {
      G::SendTemporalMessage ('ID_FILE_TOO_BIG', 'error');
    }
    if ($_FILES['form']['error']['USR_RESUME'] != 1) {
      if ($_FILES['form']['tmp_name']['USR_RESUME'] != '') {
        G::uploadFile($_FILES['form']['tmp_name']['USR_RESUME'], PATH_IMAGES_ENVIRONMENT_FILES . $sUserUID . '/', $_FILES['form']['name']['USR_RESUME']);
      }
    }
    else {
      G::SendTemporalMessage ('ID_FILE_TOO_BIG', 'error');
    }
  } 
  else {
    $aData['USR_UID']      = $form['USR_UID'];
    $aData['USR_USERNAME'] = $form['USR_USERNAME'];
    
    if (isset($form['USR_PASSWORD'])) {
      if ($form['USR_PASSWORD'] != '') {
        $aData['USR_PASSWORD'] = $form['USR_PASSWORD'];
        require_once 'classes/model/UsersProperties.php';
        $oUserProperty = new UsersProperties();
        $aUserProperty = $oUserProperty->loadOrCreateIfNotExists($form['USR_UID'], array('USR_PASSWORD_HISTORY' => serialize(array(md5($form['USR_PASSWORD'])))));
        
        $RBAC->loadUserRolePermission( 'PROCESSMAKER', $_SESSION['USER_LOGGED'] );
         if( $RBAC->aUserInfo[ 'PROCESSMAKER' ]['ROLE']['ROL_CODE']=='PROCESSMAKER_ADMIN'){
         	$aUserProperty['USR_LAST_UPDATE_DATE'] = date('Y-m-d H:i:s');
          $aUserProperty['USR_LOGGED_NEXT_TIME'] = 1;
          $oUserProperty->update($aUserProperty);
         }
        
        $aErrors       = $oUserProperty->validatePassword($form['USR_NEW_PASS'], $aUserProperty['USR_LAST_UPDATE_DATE'], 0);
        if (count($aErrors) > 0) {
          $sDescription = G::LoadTranslation('ID_POLICY_ALERT').':<br /><br />';
          foreach ($aErrors as $sError)  {
            switch ($sError) {
              case 'ID_PPP_MINIMUN_LENGTH':
                $sDescription .= ' - ' . G::LoadTranslation($sError).': ' . PPP_MINIMUN_LENGTH . '<br />';
              break;
              case 'ID_PPP_MAXIMUN_LENGTH':
                $sDescription .= ' - ' . G::LoadTranslation($sError).': ' . PPP_MAXIMUN_LENGTH . '<br />';
              break;
              case 'ID_PPP_EXPIRATION_IN':
                $sDescription .= ' - ' . G::LoadTranslation($sError).' ' . PPP_EXPIRATION_IN . ' ' . G::LoadTranslation('ID_DAYS') . '<br />';
              break;
              default:
                $sDescription .= ' - ' . G::LoadTranslation($sError).'<br />';
              break;
            }
          }
          $sDescription .= '<br />' . G::LoadTranslation('ID_PLEASE_CHANGE_PASSWORD_POLICY');
          G::SendMessageText($sDescription, 'warning');
          G::header('Location: ' . $_SERVER['HTTP_REFERER']);
          die;
        }
        $aHistory      = unserialize($aUserProperty['USR_PASSWORD_HISTORY']);
        if (!is_array($aHistory)) {
          $aHistory = array();
        }
        if (!defined('PPP_PASSWORD_HISTORY')) {
          define('PPP_PASSWORD_HISTORY', 0);
        }    
        if (PPP_PASSWORD_HISTORY > 0) {
          //it's looking a password igual into aHistory array that was send for post in md5 way
          $c=0;$sw=1;
          while(count($aHistory) >= 1 && count($aHistory)>$c && $sw ){
           if(strcmp(trim($aHistory[$c]),trim($form['USR_PASSWORD'])) == 0){
           	$sw=0;
           }
           $c++;
          }
          if($sw == 0){
          	$sDescription = G::LoadTranslation('ID_POLICY_ALERT').':<br /><br />';
           $sDescription .= ' - ' . G::LoadTranslation('PASSWORD_HISTORY').': ' . PPP_PASSWORD_HISTORY . '<br />';
           $sDescription .= '<br />' . G::LoadTranslation('ID_PLEASE_CHANGE_PASSWORD_POLICY').'';
           G::SendMessageText($sDescription, 'warning');
           G::header('Location: ' . $_SERVER['HTTP_REFERER']);
           die;		
          }
          //
          if (count($aHistory) >= PPP_PASSWORD_HISTORY) {
            $sLastPassw=array_shift($aHistory);
          }
          $aHistory[] = $form['USR_PASSWORD'];
        }
        $aUserProperty['USR_LAST_UPDATE_DATE'] = date('Y-m-d H:i:s');
        $aUserProperty['USR_LOGGED_NEXT_TIME'] = 1;
        $aUserProperty['USR_PASSWORD_HISTORY'] = serialize($aHistory);
        $oUserProperty->update($aUserProperty);
      }
    }
    $aData['USR_FIRSTNAME']   = $form['USR_FIRSTNAME'];
    $aData['USR_LASTNAME']    = $form['USR_LASTNAME'];
    $aData['USR_EMAIL']       = $form['USR_EMAIL'];
    $aData['USR_DUE_DATE']    = $form['USR_DUE_DATE'];
    $aData['USR_UPDATE_DATE'] = date('Y-m-d H:i:s');
    if (isset($form['USR_STATUS'])) {
      $aData['USR_STATUS']      = $form['USR_STATUS'];
      }
      if (isset($form['USR_ROLE'])) {
      $RBAC->updateUser($aData, $form['USR_ROLE']);
    }
    else {
      $RBAC->updateUser($aData);
    }
    $aData['USR_COUNTRY']     = $form['USR_COUNTRY'];
    $aData['USR_CITY']        = $form['USR_CITY'];
    $aData['USR_LOCATION']    = $form['USR_LOCATION'];
    $aData['USR_ADDRESS']     = $form['USR_ADDRESS'];
    $aData['USR_PHONE']       = $form['USR_PHONE'];
    $aData['USR_ZIP_CODE']    = $form['USR_ZIP_CODE'];
    $aData['USR_POSITION']    = $form['USR_POSITION'];
  
    if ($form['USR_RESUME'] != '') {
      $aData['USR_RESUME'] = $form['USR_RESUME'];
      }
      if (isset($form['USR_ROLE'])) {
      $aData['USR_ROLE'] = $form['USR_ROLE'];
    }
    
    if(isset($form['USR_REPLACED_BY'])){
      $aData['USR_REPLACED_BY'] = $form['USR_REPLACED_BY'];      
    }
    if(isset($form['USR_AUTH_USER_DN'])){
      $aData['USR_AUTH_USER_DN'] = $form['USR_AUTH_USER_DN'];
    }
    
    require_once 'classes/model/Users.php';
    $oUser = new Users();
    $oUser->update($aData);
    if ($_FILES['form']['error']['USR_PHOTO'] != 1) {
      if ($_FILES['form']['tmp_name']['USR_PHOTO'] != '') {
        $aAux = explode('.', $_FILES['form']['name']['USR_PHOTO']);
        G::uploadFile($_FILES['form']['tmp_name']['USR_PHOTO'], PATH_IMAGES_ENVIRONMENT_USERS, $aData['USR_UID'] . '.' . $aAux[1]);
        G::resizeImage(PATH_IMAGES_ENVIRONMENT_USERS . $aData['USR_UID'] . '.' . $aAux[1], 96, 96, PATH_IMAGES_ENVIRONMENT_USERS . $aData['USR_UID'] . '.gif');
      }
    }
    else {
      G::SendTemporalMessage ('ID_FILE_TOO_BIG', 'error');
    }
    if ($_FILES['form']['error']['USR_RESUME'] != 1) {
      if ($_FILES['form']['tmp_name']['USR_RESUME'] != '') {
        G::uploadFile($_FILES['form']['tmp_name']['USR_RESUME'], PATH_IMAGES_ENVIRONMENT_FILES . $aData['USR_UID'] . '/', $_FILES['form']['name']['USR_RESUME']);
      }
    }
    else {
      G::SendTemporalMessage ('ID_FILE_TOO_BIG', 'error');
    }
  }
  
  if($_SESSION['USER_LOGGED'] == $form['USR_UID']){
    /*UPDATING SESSION VARIABLES*/
    $aUser = $RBAC->userObj->load($_SESSION['USER_LOGGED']);
    $_SESSION['USR_FULLNAME'] = $aUser['USR_FIRSTNAME'] . ' ' . $aUser['USR_LASTNAME'];
  }
  
  
  //Save Calendar assigment
  if((isset($form['USR_CALENDAR']))){
    //Save Calendar ID for this user
    G::LoadClass("calendar");
    $calendarObj=new Calendar();
    $calendarObj->assignCalendarTo($aData['USR_UID'],$form['USR_CALENDAR'],'USER');    
  }
  
  G::header('location: users_List');
}
catch (Exception $e) {
  $G_MAIN_MENU            = 'processmaker';
  $G_SUB_MENU             = 'users';
  $G_ID_MENU_SELECTED     = 'USERS';
  $G_ID_SUB_MENU_SELECTED = '';
  
  $aMessage = array();
  $aMessage['MESSAGE'] = $e->getMessage();
  $G_PUBLISH          = new Publisher;
  $G_PUBLISH->AddContent('xmlform', 'xmlform', 'login/showMessage', '', $aMessage );
  G::RenderPage( 'publish');
}