PVM/public_html/gest-lib/user_settings/classes/UserSettings/LogDifferentUser.class.php

<?php

namespace UserSettings;

use Login;

class LogDifferentUser {

    public static function canChangeUser() {
        return \User::is_amministratoreSistema() || \PVM::isDevMode();
    }

    public static function replace($data) {
        $Ret = new \Ret;
        if (self::canChangeUser()) {
            $Ret = \User::updateUser(\User::get_current_username(), $data);
        } else {
            $Ret->set_error("Operazione non consentita");
        }
        return $Ret;
    }

    public static function srcUsers($data) {
        $ret = new \Ret();
        if (!self::canChangeUser()) {
            $ret->set_error("Utente non autorizzato!");
            return $ret;
        }
        $data = array_get($data, "data", array());
        $srcTerm = array_get($data, "term");
        $query
            = new \Query("SELECT user_name, ISNULL(full_name, user_name) AS full_name FROM stb_user WHERE flag_attivo = 'S' AND flag_extra_user = 'S' AND (user_name LIKE '%[term]%' OR full_name LIKE '%[term]%')");
        $termArray = explode(" ", $srcTerm);
        $terms = implode("%", $termArray);
        $query->setVar("term", $terms);
        $ret = $query->toRet()->date2ts()->execute();

        return $ret;
    }

    public static function changeUser($data) {
        $ret = new \Ret();
        if (!self::canChangeUser()) {
            $ret->set_error("Utente non autorizzato!");
            return $ret;
        }

        $query
            = new \Query("SELECT user_name, dbo.sys_dcd_pss(password) AS password FROM stb_user WHERE user_name = '[username]'");
        $ret = $query
            ->setVar("username", array_get($data, "user_name"))
            ->toRet()
            ->date2ts()
            ->firstRow()
            ->execute();
        if ($ret->is_KO()) {
            return $ret;
        }
        $userData = $ret->get_data();
        $ret = Login::authenticate(array(
            "username" => array_get($userData, "user_name"),
            "password" => array_get($userData, "password"),
            "azienda" => \User::get_current_profileDb(),
            "deviceId" => array_get($_SESSION, "deviceId")
        ));

        return $ret;
    }

}