src/Controller/SecurityController.php line 24

Open in your IDE?
  1. <?php
  2. namespace App\Controller;
  4. use App\Service\SycoreService;
  6. use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
  7. use Symfony\Component\HttpFoundation\Request;
  8. use Exception;
  9. use Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface;
  10. use Symfony\Component\HttpFoundation\JsonResponse;
  11. use Symfony\Component\HttpFoundation\Response;
  12. use Psr\Log\LoggerInterface;
  13. use Symfony\Component\Security\Http\Authentication\AuthenticationUtils;
  14. use Symfony\Component\DependencyInjection\ParameterBag\ParameterBagInterface;
  15. use Symfony\Component\Ldap\Ldap;
  18. class SecurityController extends AbstractController
  19. {
  20.   public function __construct(private SycoreService $sycoreService) {
  22.   }
  24.   public function loginAction(AuthenticationUtils $authenticationUtilsLoggerInterface $logger)
  25.   {
  28.     //$authenticationUtils = $this->get('security.authentication_utils');
  30.     // get the login error if there is one
  31.     $error $authenticationUtils->getLastAuthenticationError();
  33.     // last username entered by the user
  34.     $lastUsername $authenticationUtils->getLastUsername();
  35.     
  36.     $licenseAudit $this->sycoreService->getLicenseAudit();    
  37.     $status $this->sycoreService->getStatus();
  39.     return $this->render(
  40.       'Security/login.html.twig',
  41.       array(
  42.         'available'      => $status $status->available true,
  43.         'maintenance_on' => $status $status->maintenance_on false,
  44.         'maintenance_scheduled' => $status $status->maintenance_start != '' false,
  45.         'maintenance_start' => $status $status->maintenance_start '',
  46.         'is_licensed'    => $licenseAudit $licenseAudit->is_licensed false,
  47.         'service_tag'    => $licenseAudit $licenseAudit->code 'L-100-D00000',
  48.         // last username entered by the user
  49.         'last_username'  => $lastUsername,
  50.         'error'          => $error,
  51.         'cdate'          => time()
  52.       )
  53.     );
  54.   }
  56.   public function checkAction(Request $requestLoggerInterface $logger)
  57.   {
  58.     $user $this->getUser();
  59.     //$logger = $this->get('logger');
  61.     $logger->debug('CHECKACTION: check action to do');
  63.     if ( $user->getChangePassword()) {
  64.       $logger->debug('CHECKACTION: change password');
  65.       return $this->redirect($this->generateUrl('user_edit'));
  66.     }
  67.     //        if (true === $this->get('security.authorization_checker')->isGranted('ROLE_REPORT')) {
  68.     //            $logger->debug('CHECKACTION: admin home');
  69.     //            return $this->redirect($this->generateUrl('admin_home'));
  70.     //        } else {
  71.     //            $logger->debug('CHECKACTION: user home');
  72.     return $this->redirect($this->generateUrl('home'));
  73.     //        }
  74.   }
  76.   //Action intermedia tra login e caricamento dashboard per salvare i login
  77.   public function userLoggingAction(Request $requestLoggerInterface $logger)
  78.   {
  79.     
  80.     //$logger = $this->get('logger');
  81.     $em=$this->getDoctrine()->getManager();
  83.     $user $this->getUser();
  84.     $userId $user->getId();
  85.     $username $user->getUsername();
  87.     $status $this->sycoreService->getStatus();
  89.     if ($status && $status->maintenance_on) {
  90.       if ($user->getUserRole() != 'ROLE_SUPER_ADMIN'
  91.       {
  92.         return $this->redirect($this->generateUrl('logout'));
  93.       }
  94.     }
  96.     // $logger->debug('[userLoggingAction] $user: '. var_export($user, true));
  98.     $userType "local";
  99.     if ($user instanceof \App\Security\LdapUser)
  100.     {
  101.       $userType "ldap";
  102.       $logger->debug('[userLoggingAction] $user is LDAP');
  103.       $ldap Ldap::create('ext_ldap', [
  104.         'host' => '10.13.186.208',
  105.         'port' => 636,
  106.         'encryption' => 'ssl', ]);
  107.       $ldap->bind("uid=APP_ACM,ou=ACM,ou=PTA,dc=applicazioni,dc=telecomitalia,dc=locale""LcK9(xyx");
  108.       $query $ldap->query('ou=people,ou=ACM,ou=PTA,dc=applicazioni,dc=telecomitalia,dc=locale',
  109.        '(uid='.$user->getUsername().')', ['filter' => ['*''isMemberOf']]);
  111.       $results $query->execute()->toArray();
  113.       $attributes $results[0]->getAttributes();
  115.       if ($attributes["status"][0] != "Attivo" || $attributes["enable"][0] != "TRUE")
  116.       {
  117.         $logger->debug('[userLoggingAction] $user is disabled or inactive ');
  118.         return $this->redirect($this->generateUrl('logout'));
  119.       }
  120.       //$attributes["isMemberOf"] array_search("cn=Admin*,", $attributes["isMemberOf"])
  121.       //array_search(); array_search("cn=Admin,ou=profile,ou=ACM,ou=PTA,dc=applicazioni,dc=telecomitalia,dc=locale", $attributes["isMemberOf"]); 
  122.       //array_values(preg_grep("/^cn=Admin;*/i", $attributes["isMemberOf"]))[0]
  123.       
  125.       //array_splice($arr1, 1, 1); 
  128.       //spostato
  129.       // if (!empty(preg_grep("/^cn=Admin;*/i", $attributes["isMemberOf"]))) {
  130.       //   $chiave = array_keys(preg_grep("/^cn=Admin;*/i", $attributes["isMemberOf"]))[0];
  131.       //   array_splice($attributes["isMemberOf"], $chiave, 1);
  132.       //   $user->setUserRole("ROLE_ADMIN");
  133.       // } else {
  134.       //   if (!empty(preg_grep("/^cn=User;*/i", $attributes["isMemberOf"]))) {
  135.       //     $chiave = array_keys(preg_grep("/^cn=User;*/i", $attributes["isMemberOf"]))[0];
  136.       //     array_splice($attributes["isMemberOf"], $chiave, 1);
  137.       //     $user->setUserRole("ROLE_USER");
  138.       //   } else {
  139.       //     $user->setUserRole("ROLE_USER");
  140.       //   }
  141.       // }
  143.       
  144.       
  145.       $localUser $em->createQueryBuilder('u')
  146.       ->select('u')
  147.       ->from('App:User''u')
  148.       ->where('u.username = :username')
  149.       ->orderBy('u.lastName, u.firstName')
  150.       ->setParameter('username'$username)
  151.       ->getQuery()
  152.       ->getResult();
  154.       if (empty($localUser)) {
  155.         $logger->debug('[userLoggingAction] user not found');
  156.         //$newUser = new User();
  157.         //$newUser->setPassword("123");
  158.         //$newUser->setUsername($username);
  159.         //$newUser->setEmail($attributes["mail"][0]);
  160.         //$newUser->setFirstName($attributes["cn"][0]);
  161.         //$newUser->setLastName($attributes["sn"][0]);
  162.         //$newUser->setUserRole($user->getUserRole());
  163.         //$newUser->setStatus('false');
  164.         //$newUser->setFlagToken(0);
  165.         //$newUser->setChangePassword(0);
  166.         //$em->persist($newUser);
  167.         //$em->flush();
  168.         //$user->setId($newUser->getId());
  171.         $sql 'insert into user_acm(username, text1, email, first_name, last_name, user_role, status, change_text1 , flag_token) values('
  172.         ':username, :password, :email, :first_name, :last_name, :user_role, :status, :change_text1, :flag_token)';
  173.         $stmt $em->getConnection()->prepare($sql);
  174.         $stmt->bindValue('username'$username);
  175.         $stmt->bindValue('password'"");
  176.         $stmt->bindValue('email'$attributes["mail"][0]);
  177.         $stmt->bindValue('first_name'$attributes["cn"][0]);
  178.         $stmt->bindValue('last_name'$attributes["sn"][0]);
  179.         $stmt->bindValue('user_role'$user->getUserRole());
  180.         $stmt->bindValue('status''false');
  181.         $stmt->bindValue('change_text1'0);
  182.         $stmt->bindValue('flag_token'0);
  183.         $stmt->execute();
  184.         
  186.         $sql 'select id from user_acm where username = :username';
  187.         $stmt $em->getConnection()->prepare($sql);
  188.         $stmt->bindValue('username'$username);
  189.         $stmt->execute();
  190.         $newIdUser $stmt->fetchAll()[0]["id"];
  191.         $user->setId($newIdUser);
  193.         $randomString substr(str_replace(['+''/''='], ''base64_encode(random_bytes(32))), 030);
  194.         $sql 'insert into user_token(id_user, token, date_start_validity, date_end_validity, check_validity)'
  195.         "values( :id, :token,  SYSDATE(), TO_DATE('31-12-2999 23:59:59', 'dd-mm-yyyy HH24:mi:ss'), 'Y')";
  196.         $stmt $em->getConnection()->prepare($sql);
  197.         $stmt->bindValue('id'$user->getId());
  198.         $stmt->bindValue('token'$randomString);
  199.         $stmt->execute();
  201.         $logger->debug('[userLoggingAction] user added');
  202.       } else {
  203.         $logger->debug('[userLoggingAction] user found');
  204.         $user->setId($localUser[0]->getId());
  205.       }
  206.       $user->setFirstName($attributes["cn"][0]);
  207.       $user->setLastName($attributes["sn"][0]);
  210.       //acm, kena, cineteca, 187_2
  211.       $sql="select id_roles,description_roles from roles";
  212.       $stmt $em->getConnection()->prepare($sql);
  213.       $stmt->execute();
  214.       $resultRoles $stmt->fetchAll();
  215.       //reset user roles
  216.       $sql="delete from user_profile_roles where id_user = :id";
  217.       $stmt $em->getConnection()->prepare($sql);
  218.       $stmt->bindValue('id'$user->getId());
  219.       $stmt->execute();
  220.       //cn=187_2-Admin,ou=profile,ou=ACM,ou=PTA,dc=applicazioni,dc=telecomitalia,dc=locale
  221.       //cn=187_2,ou=profile,ou=ACM,ou=PTA,dc=applicazioni,dc=telecomitalia,dc=locale
  222.       foreach ($resultRoles as $role) {
  223.         //if (!empty(preg_grep("/^cn=".$role["description_roles"]."-*/i", $attributes["isMemberOf"]))) {
  224.           if (!empty(preg_grep("/^cn=".$role["description_roles"]."/i"$attributes["isMemberOf"]))) {
  225.           //$userRole = array_values(preg_grep("/^cn=".$role["description_roles"]."-*/i", $attributes["isMemberOf"]))[0];
  226.           $profile "Admin"//str_replace("cn=".$role["description_roles"]."-", "", explode(",", $userRole)[0]);
  228.           //admin, report, oper
  229.           $sql="select id_profile, type_profile from profile where type_profile = :profile";
  230.           $stmt $em->getConnection()->prepare($sql);
  231.           $stmt->bindValue('profile'$profile);
  232.           $stmt->execute();
  233.           $idProfile $stmt->fetchAll()[0]["id_profile"];
  235.           //$idProfile = array_values(array_search($profile, $allProfiles))[0]["id_profile"];
  237.           //add nuovi
  238.           $sql="insert into user_profile_roles (id_user, id_profile, id_roles) values (:idUser, :idProfile, :idRuolo)";
  239.           $stmt $em->getConnection()->prepare($sql);
  240.           $stmt->bindValue('idUser'$user->getId());
  241.           $stmt->bindValue('idProfile'$idProfile);
  242.           $stmt->bindValue('idRuolo'$role["id_roles"]);
  243.           $stmt->execute();
  244.         } else {
  245.           //admin, report, oper
  246.           $sql="select id_profile, type_profile from profile where type_profile = :profile";
  247.           $stmt $em->getConnection()->prepare($sql);
  248.           $stmt->bindValue('profile'"None");
  249.           $stmt->execute();
  250.           $idProfile $stmt->fetchAll()[0]["id_profile"];
  252.           //$idProfile = array_values(array_search($profile, $allProfiles))[0]["id_profile"];
  254.           //add nuovi
  255.           $sql="insert into user_profile_roles (id_user, id_profile, id_roles) values (:idUser, :idProfile, :idRuolo)";
  256.           $stmt $em->getConnection()->prepare($sql);
  257.           $stmt->bindValue('idUser'$user->getId());
  258.           $stmt->bindValue('idProfile'$idProfile);
  259.           $stmt->bindValue('idRuolo'$role["id_roles"]);
  260.           $stmt->execute();
  261.         }
  262.       }
  263.       $logger->debug('[userLoggingAction] roles refreshed');
  264.       // !empty(preg_grep("/^cn=User;*/i", $attributes["isMemberOf"]))
  267.     // end ldap user
  268.     $userId $user->getId();
  271.     // recupero l'ip del client
  272.     $ip $request->getClientIp();
  273.     if($ip == 'unknown'){
  274.       $ip $_SERVER['REMOTE_ADDR'];
  275.     }
  276.     // $logger->debug('[userLoggingAction] IP CLIENT: '.$ip);
  278.     $sql "insert into user_logging (id_user, user_time_log, log_type, ip_address, username, user_type)
  279.                               values ($userId, sysdate(), 'login', '$ip', '$username', '$userType')";
  280.     $statement $em->getConnection()->prepare($sql);
  281.     $statement->execute();
  283.       $sql="select  description_roles
  284.           from user_profile_roles  upr,  profile p , roles r, user_acm u
  285.           where upr.id_profile  = p.id_profile  and 
  286.               upr.id_roles  = r.id_roles and
  287.               upr.id_user = u.id and
  288.               upr.id_user= :idUser";
  289.       $stmt $em->getConnection()->prepare($sql);
  290.       $stmt->bindValue('idUser'$userId);
  291.         $stmt->execute();
  292.         $DescriptionRole=$stmt->fetchAll();
  294.         $sql="select  distinct string_agg(type_profile, ',')  type_profile
  295.         from user_profile_roles  upr,  profile p , roles r, user_acm u
  296.         where upr.id_profile  = p.id_profile  and 
  297.             upr.id_roles  = r.id_roles and
  298.             upr.id_user = u.id and
  299.             upr.id_user= :idUser";
  300.     $stmt $em->getConnection()->prepare($sql);
  301.     $stmt->bindValue('idUser'$userId);
  302.       $stmt->execute();
  303.       $TypeProfile=$stmt->fetchAll();
  304.       
  305.         // $logger->debug("Description Role => ".json_encode($DescriptionRole));
  306.         // $logger->debug("Type Profile => ".json_encode($TypeProfile));
  307.       /*$ResultQuery = $stmt->fetchAll();
  308.       
  309.       $DescriptionRole = array();
  310.       
  311.       foreach($ResultQuery as $entry){
  312.         $DescriptionRole[$entry['description_roles']] = $entry['description_roles'];
  313.         $DescriptionRole[$entry['type_profile']] = $entry['type_profile'];
  314.        }*/
  315.       
  316.       $sql="select * from custom_dashboard_anag where level=0 and hidden='0' order by id";
  317.       $stmt $em->getConnection()->prepare($sql);
  318.       $stmt->execute();
  319.       $CustomDashboardLevel0 $stmt->fetchAll();
  321.       $sql="select * from custom_dashboard_anag where level=1 and hidden='0' order by id";
  322.       $stmt $em->getConnection()->prepare($sql);
  323.       $stmt->execute();
  324.       $CustomDashboardLevel1 $stmt->fetchAll();
  326.       $sql="select * from credits order by id";
  327.       $stmt $em->getConnection()->prepare($sql);
  328.       $stmt->execute();
  329.       $Credits $stmt->fetchAll();
  331.       $session $this->get('session');
  332.       $session->set('Ruolo', array(
  333.                             'DescriptionRole' => $DescriptionRole,
  334.                             'TypeProfile' => $TypeProfile
  335.                                 )
  336.                     );
  338.       $session->set('CustomDashboard', array(
  339.                             'CustomDashboardLevel0' => $CustomDashboardLevel0,
  340.                             'CustomDashboardLevel1' => $CustomDashboardLevel1
  341.                                 )
  342.                     );
  344.       $session->set('Credits', array(
  345.                       'Credits' => $Credits,
  346.                           )
  347.               );
  349.            
  350.       return $this->redirect($this->generateUrl('home'));  
  352.   }
  354.   public function logoutUserAction(Request $request$fromLoggerInterface $logger)
  355.   {
  356.     //$logger = $this->get('logger');
  357.     $em=$this->getDoctrine()->getManager();
  359.     $user $this->getUser();
  360.     $userId $user->getId();
  361.     $username $user->getUsername();
  363.     // recupero l'ip del client
  364.     $ip $request->getClientIp();
  365.     if($ip == 'unknown'){
  366.       $ip $_SERVER['REMOTE_ADDR'];
  367.     }
  368.     $logger->debug('[logoutUserAction] IP CLIENT: '.$ip);
  370.     $log_type_desc '';
  371.     if($from == 1){
  372.       $log_type_desc 'timeout';
  373.     } elseif ($from == 0){
  374.       $log_type_desc 'user logout';
  375.     }
  376.     $userType "local";
  377.     if ($user instanceof \App\Security\LdapUser)
  378.     {
  379.       $userType "ldap";
  380.     }
  382.     $sql "insert into user_logging (id_user, user_time_log, log_type, log_type_desc, ip_address, username, user_type)
  383.                               values ($userId, sysdate(), 'logout', '$log_type_desc', '$ip', '$username', '$userType')";
  384.     $statement $em->getConnection()->prepare($sql);
  385.     $statement->execute();
  387.     return $this->redirect($this->generateUrl('logout'));
  388.   }
  390.   public function loginFailureAction(Request $request$usernameLoggerInterface $logger)
  391.   {
  392.     //$logger = $this->get('logger');
  393.     $em=$this->getDoctrine()->getManager();
  395.     // recupero l'ip del client
  396.     $ip $request->getClientIp();
  397.     if($ip == 'unknown'){
  398.       $ip $_SERVER['REMOTE_ADDR'];
  399.     }
  400.     $logger->debug('[loginFailureAction] IP CLIENT: '.$ip);
  402.     $sfRedirect $request->cookies->get('sf_redirect');
  403.     $userType "other";
  404.     if($sfRedirect){
  405.       $route json_decode($sfRedirecttrue);
  406.       $currentRoute $route["route"];
  407.       switch($currentRoute) {
  408.         case 'login_check':
  409.           $userType "local";
  410.           break;
  411.         case 'login_iam_check':
  412.           $userType "ldap";
  413.           break;
  414.         case 'login_1_check':
  415.           $userType "Dipendenti";
  416.           break;
  417.         case 'login_2_check':
  418.           $userType "Personale Esterno";
  419.           break;
  420.         case 'login_3_check':
  421.           $userType "Caselle di servizio";
  422.           break;
  423.         case 'login_4_check':
  424.           $userType "Personale San Marino";
  425.           break;
  426.         default:
  427.           // do nothing
  428.           break;
  429.       }
  430.     }
  431.     
  432.     if(!$username=='username'){
  433.       $sql "insert into user_logging (user_time_log, log_type, log_type_desc, ip_address, username,  user_type)
  434.       values (sysdate(), 'login failure', 'bad credentials', '$ip', '$username',  '$userType')";
  435.     } else {
  436.       $sql "insert into user_logging (user_time_log, log_type, log_type_desc, ip_address, username,  user_type)
  437.       values (sysdate(), 'login failure', 'username non inserito', '$ip', '',  '$userType')";
  438.     }
  439.     
  440.     $statement $em->getConnection()->prepare($sql);
  441.     $statement->execute();
  443.     return $this->redirect($this->generateUrl('login'));
  444.   }
  446.   public function editUserAction(LoggerInterface $logger)
  447.   {
  448.     //$logger = $this->get('logger');
  449.     $em $this->getDoctrine()->getManager();
  450.     $connection $em->getConnection();
  452.     $user $this->getUser();
  453.     $idUser $user->getId();
  455.     $logger->debug('[editUserAction] ID CHANGE PSW: '.$idUser);
  457.     $q "select u.id, username, email, first_name, last_name, token 
  458.           from user_acm u, user_token ut
  459.           where u.id = ut.id_user and
  460.           id_user = $idUser";
  461.     $statement $connection->prepare($q);
  462.     $statement->execute();
  463.     $result $statement->fetchAll();
  465.     $ArrayUser=array();
  466.     foreach($result as $ar)
  467.     {
  468.       $ArrayUser_tmp = array('id' => $ar['id'],
  469.                              'username' => $ar['username'],
  470.                              'email' => $ar['email'],
  471.                              'first_name' => $ar['first_name'],
  472.                              'last_name' => $ar['last_name'],
  473.                              'token' => $ar['token']);
  474.       array_push($ArrayUser$ArrayUser_tmp);
  476.     }
  477.    
  479.     $sql "select id_user, 
  480.                  upr.id_profile, 
  481.                  upr.id_roles, 
  482.                  p.type_profile , 
  483.                  r.description_roles 
  484.           from user_profile_roles upr , 
  485.                profile p, roles r
  486.           where upr.id_profile = p.id_profile 
  487.             and upr.id_roles = r.id_roles 
  488.             and upr.id_user = $idUser";
  489.     $statement $connection->prepare($sql);
  490.     $statement->execute();
  491.     $ProfileRole $statement->fetchAll();
  493.     $ArrayUserProfile=array();
  494.     foreach($ProfileRole as $pr)
  495.     {
  496.       $ArrayUserProfile_tmp = array('profilo' => $pr['type_profile'],
  497.                                     'descrizione' => $pr['description_roles']);
  498.       array_push($ArrayUserProfile$ArrayUserProfile_tmp);
  500.     }
  501.     $logger->debug('ArrayUserProfile:  'json_encode($ArrayUserProfile));
  503.     return $this->render(
  504.       'Security/profile.html.twig',
  505.       array( 'license_info' => $this->sycoreService->getLicenseInfo(),
  506.              'user' => $user,
  507.              'logged_user' => $user,
  508.              'InfoUser' => $ArrayUser,
  509.              'profile_roles' => $ArrayUserProfile)
  510.     );
  511.   }
  513.   public function addUserAction()
  514.   {
  515.     $em $this->getDoctrine()->getManager();
  516.     $user $this->getUser();
  518.     $connection $em->getConnection();
  519.     $statement $connection->prepare(
  520.       'select id_profile ,type_profile, description_profile     from profile' );
  522.       $statement->execute();
  523.       $listaProfili $statement->fetchAll();
  524.       //$listaProfili = json_dencode($listaProfili);
  527.       $statement $connection->prepare(
  528.         'select id_roles, description_roles, note  FROM roles'
  530.       );
  532.       $statement->execute();
  533.       $listaRuoli $statement->fetchAll();
  534.       //$listaRuoli = json_decode($listaRuoli);
  537.       return $this->render(
  538.         'Security/addUser.html.twig',
  539.         array( 
  540.           'license_info' => $this->sycoreService->getLicenseInfo(),
  541.           'user' => $user,
  542.           'listaProfili' => $listaProfili,
  543.           'listaRuoli' => $listaRuoli,
  544.           'logged_user' => $user)
  545.       );
  546.     }
  547.   
  550.     public function manageUserAction(ParameterBagInterface $params) {
  552.       $user $this->getUser();
  554.       $em $this->getDoctrine()->getManager();
  555.       $connection $em->getConnection();
  557.         /*$statement = $connection->prepare("SELECT u.*, 
  558.                                           case when  flag_token=1 then 'SI' else 'NO'  end  flag_token_string, 
  559.                                             t.token, 
  560.                                             case when u.status=true then 'SI' else 'NO' end status_string
  561.                                             FROM user_acm u
  562.                                             left outer join user_token t on u.id = t.id_user
  563.                                             order by u.id desc;");*/
  565. $statement $connection->prepare("
  566.                       SELECT user_acm.id, username, first_name, last_name,  email, 
  567.                       case user_role when 'ROLE_USER' then 'User'
  568.                                      when 'ROLE_ADMIN' then 'Admin'
  569.                                      when 'ROLE_SUPER_ADMIN' then 'SuperAdmin'
  570.                       end tipo_utenza,                          
  571.                       case when  flag_token=1 then 'SI' else 'NO'  end  flag_token_string, 
  572.                       case when status=true then 'SI' else 'NO' end status_string,
  573.                       string_agg('<b>'||description_roles||'</b>'||': '||type_profile, '<br>') ruoli_profili,
  574.                       ut.token
  575.                       FROM user_acm 
  576.                       left join user_profile_roles on user_acm.id = user_profile_roles.id_user
  577.                       left join profile on user_profile_roles.id_profile = profile.id_profile
  578.                       left join roles on user_profile_roles.id_roles = roles.id_roles
  579.                       left join user_token ut on user_acm.id= ut.id_user
  580.                       group by user_acm.id, username, first_name, last_name, email, case when  flag_token=1 then 'SI' else 'NO'  end , 
  581.                       case when status=true then 'SI' else 'NO' end ,
  582.                       case user_role when 'ROLE_USER' then 'User'
  583.                                      when 'ROLE_ADMIN' then 'Admin'
  584.                                      when 'ROLE_SUPER_ADMIN' then 'SuperAdmin'
  585.                       end ,
  586.                       ut.token
  587.                       order by id desc");
  588.      
  589.       
  591.       $statement->execute();
  592.       $listaUtenti $statement->fetchAll();
  593.       //$listaUtenti = json_encode($listaUtenti);
  596.           $statement $connection->prepare(
  597.                                         "SELECT id, username, first_name, last_name, email, roles.id_roles,
  598.                                                 user_role, description_roles, type_profile
  599.                                         FROM user_acm , user_profile_roles, profile, roles
  600.                                         WHERE user_acm.id = user_profile_roles.id_user
  601.                                             and user_profile_roles.id_profile = profile.id_profile
  602.                                             and user_profile_roles.id_roles = roles.id_roles
  603.                                         order by id desc");
  605.       $statement->execute();
  606.       $listaRuoliUtenti $statement->fetchAll();
  608.       $connection $em->getConnection();
  609.       $statement $connection->prepare(
  610.         'select id_profile ,type_profile, description_profile from profile' );
  612.         $statement->execute();
  613.         $listaProfili $statement->fetchAll();
  614.         //$listaProfili = json_dencode($listaProfili);
  617.         $statement $connection->prepare(
  618.           'select id_roles, description_roles, note FROM roles order by 2'
  620.         );
  624.         $statement->execute();
  625.         $listaRuoli $statement->fetchAll();
  626.         
  627.           $UserRole $user->getUserRole();
  628.             
  630.           return $this->render(
  631.             'Security/manageUser.html.twig',
  632.             array(  'user' => $user,
  633.         'user_role' =>$UserRole,
  634.             'listaUtenti' => $listaUtenti,
  635.             'listaProfili' => $listaProfili,
  636.             'listaRuoli' => $listaRuoli,
  637.             'listaRuoliUtenti' => $listaRuoliUtenti,
  638.             'logged_user' => $user)
  639.           );
  640.       }
  642.    
  644.      
  647.       public function savePasswordAction(Request $requestParameterBagInterface $paramsUserPasswordEncoderInterface $userPasswordEncoderInterface)
  648.       {
  649.         $csrfToken $request->request->get('csrftoken');
  650.           
  651.         if (!$this->isCsrfTokenValid('editpwd'$csrfToken)) {
  652.           throw new \Exception('Csrf token not valid');
  653.         }
  655.            try{
  656.         //$password = $request->request->get('password');
  657.         $id $_POST["form_id_chpwd"];
  658.         $password$_POST["password"];
  660.         $em $this->getDoctrine()->getManager();
  661.         $connection $em->getConnection();
  663.         //$user = $em->find('App:User', $this->getUser()->getId());
  664.         $user $em->find('App:User'$id);
  666.         //$encoder = $params->get('security.password_encoder');
  668.         //$user->setPassword($encoder->encodePassword($user, $password));
  669.         $user->setPassword($userPasswordEncoderInterface->encodePassword($user$password));
  670.         $password $userPasswordEncoderInterface->encodePassword($user$password);//$encoder->encodePassword($user, $password);
  671.         
  672.     
  673.          $q 'update user_acm set text1 = :password where id = :id;';
  674.         
  675.         $statement $connection->prepare($q);
  677.         $statement->bindValue('password'$password);
  678.         $statement->bindValue('id'$id);
  679.         $statement->execute();
  680.        
  681.         $ExitSavePwd=0;
  682.         $MsgSavePwd='Password Modificata con successo';
  684.       } catch (\Exception $ex) {
  686.         $ExitSavePwd=1;
  687.         $MsgSavePwd='Errore nel Salvataggio della password '.$ex;
  688.       }
  689.       
  690.       $res_json = new JsonResponse();
  692.         $res_json->setData(array('ExitSavePwd' => $ExitSavePwd'MsgSavePwd' => $MsgSavePwd));
  693.         return $res_json;
  695.       }
  697.       public function changesaveEmailAction(Request $request)
  698.       {
  699.         $csrfToken $request->request->get('csrftoken');
  700.           
  701.         if (!$this->isCsrfTokenValid('changeuseremail'$csrfToken)) {
  702.           throw new \Exception('Csrf token not valid');
  703.         }
  705.         $email htmlEntities($request->request->get('email'), ENT_QUOTES);
  707.         $em $this->getDoctrine()->getManager();
  709.         $user $em->find('App:User'$this->getUser()->getId());
  711.         $user->setEmail($email);
  712.         $em->flush();
  714.         return $this->redirect($this->generateUrl('user_edit'));
  715.       }
  717.       public function changesavePasswordAction(Request $requestParameterBagInterface $paramsLoggerInterface $loggerUserPasswordEncoderInterface $userPasswordEncoderInterface)
  718.       {
  719.         $csrfToken $request->request->get('csrftoken');
  720.         $res_json = new JsonResponse();      
  721.           
  722.         if (!$this->isCsrfTokenValid('changeuserpwd'$csrfToken)) {
  723.           throw new \Exception('Csrf token not valid');
  724.         }
  726.         $password $request->request->get('password');
  727.         $apassword $request->request->get('apassword'); //password attuale
  728.         $em $this->getDoctrine()->getManager();
  729.         $connection $em->getConnection();
  731.         $userId $this->getUser()->getId();
  732.         $user $em->find('App:User'$userId);
  734.         //verifico se la password attuale Ã¨ corretta
  735.         if(!$userPasswordEncoderInterface->isPasswordValid($user$apassword))
  736.         {
  737.           $ExitUpdate=1;
  738.           $MsgUpdate='Password attuale errata';
  739.           $res_json->setData(array('ExitUpdate' => $ExitUpdate'MsgUpdate' => $MsgUpdate));
  740.           return $res_json;
  741.         }
  742.         
  743.         try{
  744.           $q 'UPDATE user_acm SET text1 = :pwd, change_text1 = :ct1 WHERE id = :userId';
  746.           $password $userPasswordEncoderInterface->encodePassword($user$password);
  748.           $statement $connection->prepare($q);
  749.           $statement->bindValue('pwd'$password);
  750.           $statement->bindValue('ct1'0);
  751.           $statement->bindValue('userId'$userId);
  752.           $statement->execute();
  754.           $ExitUpdate=0;
  755.           $MsgUpdate='Password Modificata!';
  757.         } catch (\Exception $ex) {
  759.           $ExitUpdate=1;
  760.           $MsgUpdate='Errore nel Salvataggio';
  761.         }
  762.       
  763.         $res_json->setData(array('ExitUpdate' => $ExitUpdate'MsgUpdate' => $MsgUpdate));
  764.         return $res_json;
  766.         
  767.       }
  770.       public function saveUserAction(Request $requestLoggerInterface $loggerParameterBagInterface $paramsUserPasswordEncoderInterface $userPasswordEncoderInterface)
  771.       {
  772.         $res_json = new JsonResponse();
  773.         $csrfToken $request->request->get('csrftoken');
  774.           
  775.         if (!$this->isCsrfTokenValid('adduser'$csrfToken)) {
  776.           throw new \Exception('Csrf token not valid');
  777.         }
  779.         $em $this->getDoctrine()->getManager();
  780.         $connection $em->getConnection();
  781.         //$logger = $this->get('logger');
  782.     
  783.         try{
  785.         $username htmlEntities($_POST["username"], ENT_QUOTES);
  786.         $email htmlEntities($_POST["email"], ENT_QUOTES);
  787.         $nome htmlEntities($_POST["nome"], ENT_QUOTES);
  788.         $cognome htmlEntities($_POST["cognome"], ENT_QUOTES);
  789.         $password $_POST["password"];
  790.         $tipoUtenza htmlEntities($_POST["form_utenza"], ENT_QUOTES);
  791.         
  792.         
  793.             $ChangeText=1;
  794.         
  795.         
  796.         if ($request->request->has('chk_status')) {
  797.           $status 1;
  798.         } else {
  799.           $status 0;
  800.         }
  801.         
  802.         if ($request->request->has('chk_token')) {
  803.               $FlagToken 1;
  804.             } else {
  805.               $FlagToken 0;
  806.             }
  808.         //$role= 'ROLE_USER';
  810.         $user $em->find('App:User'$this->getUser()->getId());
  811.         //$encoder = $this->getParameter('security.password_encoder');
  812.         $password $userPasswordEncoderInterface->encodePassword($user$password);//$encoder->encodePassword($user, $password);
  814.        
  815.         
  816.              $q 'insert into user_acm(username, text1, email, first_name, last_name, user_role, status, change_text1 , flag_token) values('
  817.               ':username, :password, :email, :first_name, :last_name, :user_role, :status, :change_text1, :flag_token);';
  818.         
  822.         $statement $connection->prepare($q);
  823.         $statement->bindValue('username'$username);
  824.         $statement->bindValue('password'$password);
  825.         $statement->bindValue('email'$email);
  826.         $statement->bindValue('first_name'$nome);
  827.         $statement->bindValue('last_name'$cognome);
  828.         $statement->bindValue('user_role'$tipoUtenza);
  829.         $statement->bindValue('status'$status);
  830.         $statement->bindValue('change_text1'$ChangeText);
  831.         $statement->bindValue('flag_token'$FlagToken);
  832.             $statement->execute();
  833.         
  834.         $logger->debug("[saveUserAction] Prelevo id Utente appena inserito");
  835.           
  836.         $sql="select id from user_acm where username = '$username' and email='$email'";    
  837.             $stmt $em->getConnection()->prepare($sql);
  838.             $stmt->execute();
  839.             $ResulQuery $stmt->fetchAll()[0];
  840.             $IdUsername=$ResulQuery['id'];
  842.             $logger->debug("IdUsername ".$IdUsername);
  844.         
  845.         
  846.            //FLAG TOKEN API
  847.         if ($request->request->has('chk_token')) {
  848.           //update user flag_token
  849.           $u "update user_acm set flag_token = 1 where id= '$IdUsername'";
  850.           $stmt $em->getConnection()->prepare($u);
  851.           $stmt->execute();
  852.             }
  855.         //$encoded = $encoder->encodePassword($user, $password);
  856.         //$user->setChangePassword($encoded);
  858.         $logger->debug("[saveUserAction] --- Valori Utente --- ");
  859.         $logger->debug("[saveUserAction] $username ");
  860.         $logger->debug("[saveUserAction] $email");
  861.         $logger->debug("[saveUserAction] $nome ");
  862.         $logger->debug("[saveUserAction] $cognome");
  863.         $logger->debug("[saveUserAction] $password");
  864.         $logger->debug("[saveUserAction] $status");
  865.               $logger->debug("[saveUserAction] $ChangeText");
  867.      
  869.           /*GENERAZIONE TOKEN DA PASSWORD
  870.           $sql = "select substring(hex(to_base64(password)), length(hex(to_base64(password))) - 28, length(hex(to_base64(password)))) as token from user where id ='$IdUsername'";
  871.           $stmt = $em->getConnection()->prepare($sql);
  872.           $stmt->execute();
  873.           $ResulQuery = $stmt->fetchAll()[0];
  874.           $token = $ResulQuery['token'];*/
  876.           $token $this->generateToken($params);
  878.         
  879.           $i 'insert into user_token(id_user, token, date_start_validity, date_end_validity, check_validity)'
  880.           ."values( '$IdUsername', '$token',  SYSDATE(), TO_DATE('31-12-2999 23:59:59', 'dd-mm-yyyy HH24:mi:ss'), 'Y')";
  881.               $stmt $em->getConnection()->prepare($i);
  882.               $stmt->execute();
  884.         
  886.         $sql="select id_roles,description_roles from roles";
  887.         $stmt $em->getConnection()->prepare($sql);
  888.         $stmt->execute();
  889.         $ResultRoles $stmt->fetchAll();
  892.         for($i=0$i<count($ResultRoles); $i++)
  893.         {
  894.           $ruolo=$ResultRoles[$i]['description_roles'];
  895.           $idRuolo=$ResultRoles[$i]['id_roles'];
  897.           $logger->debug("[saveUserAction] Valore Ruolo ".$ruolo);
  898.           $logger->debug("[saveUserAction] Id Ruolo ".$idRuolo);
  900.           $profile htmlEntities($_POST["profile_".$ruolo], ENT_QUOTES);
  901.           $logger->debug("[saveUserAction] Valore Profilo ".$profile);
  903.           if($profile != "None")
  904.           {
  905.             $sql="select id_profile from profile where type_profile = '$profile'";
  906.             $stmt $em->getConnection()->prepare($sql);
  907.             $stmt->execute();
  908.             $ResulQuery $stmt->fetchAll()[0];
  909.             $IdProfile=$ResulQuery['id_profile'];
  911.             $sql="insert into user_profile_roles (id_user, id_profile, id_roles) values ($IdUsername$IdProfile$idRuolo)";
  912.             $stmt $em->getConnection()->prepare($sql);
  913.             $stmt->execute();
  914.           }
  916.         }
  917.         $ExitInsert=0;
  918.         $MsgInsert="Utente <b>$username</b> Salvato con Successo ";
  920.       }  catch (\Exception $ex) {
  922.         $ExitInsert=1;
  923.         $MsgInsert="Errore nel Salvataggio dell'utente <b>$username</b> ".$ex;
  924.       }
  925.       
  926.         $res_json->setData(array( 'ExitInsert' => $ExitInsert'MsgInsert' => $MsgInsert));
  927.         return $res_json;
  929.         
  930.       }
  934.       public function saveMultipleUserAction(Request $requestLoggerInterface $loggerParameterBagInterface $paramsUserPasswordEncoderInterface $userPasswordEncoderInterface)
  935.       {
  936.        
  937.          $csrfToken $request->request->get('csrftoken');
  938.         $em $this->getDoctrine()->getManager();
  939.         $connection $em->getConnection();
  940.           
  941.            if (!$this->isCsrfTokenValid('addMultipleuser'$csrfToken)) {
  942.           throw new \Exception('Csrf token not valid');
  943.         }
  945.           $File=$_FILES['form_lista_utenti'];
  946.         //$username = htmlEntities($_POST["username"], ENT_QUOTES);
  947.         //$email = htmlEntities($_POST["email"], ENT_QUOTES);
  948.         //$nome = htmlEntities($_POST["nome"], ENT_QUOTES);
  949.         //$cognome = htmlEntities($_POST["cognome"], ENT_QUOTES);
  950.         //$password = $_POST["password"];
  951.         //$tipoUtenza = htmlEntities($_POST["form_utenza"], ENT_QUOTES);
  952.         
  953.         //$logger->debug("[saveMultipleUserAction] filename ".json_encode($filename));
  954.         foreach ($_FILES as $file) {
  955.         
  956.         $fileName basename($file['name']);
  957.         $logger->debug("[saveMultipleUserAction] filename ".json_encode($fileName));
  958.     }
  959.         
  960.         $myfile fopen($_FILES['form_lista_utenti']['tmp_name'], "r") or die("Unable to open file!");
  961.         //$myfile = file_get_contents($_FILES['form_lista_utenti']['tmp_name']);
  962.         $logger->debug("[saveMultipleUserAction] myfile ".json_encode($myfile));
  963.         $firstline true;
  964.     
  965.     $ContaUser=0;
  966.     $ContaNonUser=0;
  967.     $TotaliUtenti=0;
  968.     while (($data fgetcsv($myfile,  10000';')) !== FALSE) {
  969.         try{
  970.         
  971.         if (!$firstline
  972.             {
  973.                 $TotaliUtenti=$TotaliUtenti+1;
  974.                 $logger->debug("[saveMultipleUserAction] data ".json_encode($data));
  975.                 
  976.                 $username $data[0];
  977.                 $logger->debug("[saveMultipleUserAction] username ".json_encode($username));
  978.                 
  979.                 $email $data[1];
  980.                 $logger->debug("[saveMultipleUserAction] email ".json_encode($email));
  981.                 
  982.                 $nome $data[2];
  983.                 $logger->debug("[saveMultipleUserAction] nome ".json_encode($nome));
  984.                 
  985.                 $cognome $data[3];
  986.                 $logger->debug("[saveMultipleUserAction] cognome ".json_encode($cognome));
  987.                 
  988.                 $password $data[4];
  989.                 $logger->debug("[saveMultipleUserAction] password ".json_encode($password));
  990.         
  991.         $ChangeText=1;
  992.         
  993.         
  994.         if ($request->request->has('chk_status')) {
  995.           $status 1;
  996.         } else {
  997.           $status 0;
  998.         }
  999.         
  1000.          if ($request->request->has('chk_token')) {
  1001.           $FlagToken 1;
  1002.         } else {
  1003.           $FlagToken 0;
  1004.         }
  1005.     
  1006.         $tipoUtenza'ROLE_USER';
  1007.     
  1008.         $user $em->find('App:User'$this->getUser()->getId());
  1009.         //$encoder = $this->getParameter('security.password_encoder');
  1010.         $password $userPasswordEncoderInterface->encodePassword($user$password);//$encoder->encodePassword($user, $password);
  1011.     
  1012.        
  1013.         
  1014.              $q 'insert into user_acm(username, text1, email, first_name, last_name, user_role, status, change_text1 , flag_token) values('
  1015.             ':username, :password, :email, :first_name, :last_name, :user_role, :status, :change_text1, :flag_token);';
  1016.         $statement $connection->prepare($q);
  1017.         $statement->bindValue('username'$username);
  1018.         $statement->bindValue('password'$password);
  1019.         $statement->bindValue('email'$email);
  1020.         $statement->bindValue('first_name'$nome);
  1021.         $statement->bindValue('last_name'$cognome);
  1022.         $statement->bindValue('user_role'$tipoUtenza);
  1023.         $statement->bindValue('status'$status);
  1024.         $statement->bindValue('change_text1'$ChangeText);
  1025.         $statement->bindValue('flag_token'$FlagToken);
  1026.         $statement->execute();
  1027.         
  1028.          $logger->debug("[saveMultipleUserAction] Prelevo id Utente appena inserito");
  1029.             
  1030.         $sql="select id from user_acm where username = '$username' and email='$email'";    
  1031.         $stmt $em->getConnection()->prepare($sql);
  1032.         $stmt->execute();
  1033.         $ResulQuery $stmt->fetchAll()[0];
  1034.         $IdUsername=$ResulQuery['id'];
  1035.     
  1036.         
  1037.         
  1038.            //FLAG TOKEN API
  1039.         if ($request->request->has('chk_token')) {
  1040.           //update user flag_token
  1041.           $u "update user set flag_token = 1 where id= '$IdUsername'";
  1042.           $stmt $em->getConnection()->prepare($u);
  1043.           $stmt->execute();
  1044.         }
  1045.     
  1046.     
  1047.         //$encoded = $encoder->encodePassword($user, $password);
  1048.         //$user->setChangePassword($encoded);
  1049.     
  1050.         $logger->debug("[saveMultipleUserAction] --- Valori Utente --- ");
  1051.         $logger->debug("[saveMultipleUserAction] $username ");
  1052.         $logger->debug("[saveMultipleUserAction] $email");
  1053.         $logger->debug("[saveMultipleUserAction] $nome ");
  1054.         $logger->debug("[saveMultipleUserAction] $cognome");
  1055.         $logger->debug("[saveMultipleUserAction] $password");
  1056.         $logger->debug("[saveMultipleUserAction] $status");
  1057.         $logger->debug("[saveMultipleUserAction] $ChangeText");
  1058.     
  1059.      
  1060.     
  1061.     
  1062.           $token $this->generateToken($params);
  1063.     
  1064.         
  1065.           $i 'insert into user_token(id_user, token, date_start_validity, date_end_validity, check_validity)'
  1066.             ."values( '$IdUsername', '$token',  SYSDATE(), TO_DATE('31-12-2999 23:59:59', 'dd-mm-yyyy HH24:mi:ss'), 'Y')";
  1067.           $stmt $em->getConnection()->prepare($i);
  1068.           $stmt->execute();
  1069.     
  1070.         
  1071.     
  1072.         $sql="select id_roles,description_roles from roles";
  1073.         $stmt $em->getConnection()->prepare($sql);
  1074.         $stmt->execute();
  1075.         $ResultRoles $stmt->fetchAll();
  1076.     
  1077.     
  1078.         for($i=0$i<count($ResultRoles); $i++)
  1079.         {
  1080.           $ruolo=$ResultRoles[$i]['description_roles'];
  1081.           $idRuolo=$ResultRoles[$i]['id_roles'];
  1082.     
  1083.           $logger->debug("[saveMultipleUserAction] Valore Ruolo ".$ruolo);
  1084.           $logger->debug("[saveMultipleUserAction] Id Ruolo ".$idRuolo);
  1085.     
  1086.           $profile htmlEntities($_POST["profile_".$ruolo], ENT_QUOTES);
  1087.           $logger->debug("[saveMultipleUserAction] Valore Profilo ".$profile);
  1088.     
  1089.           if($profile != "None")
  1090.           {
  1091.             $sql="select id_profile from profile where type_profile = '$profile'";
  1092.             $stmt $em->getConnection()->prepare($sql);
  1093.             $stmt->execute();
  1094.             $ResulQuery $stmt->fetchAll()[0];
  1095.             $IdProfile=$ResulQuery['id_profile'];
  1096.     
  1097.             $sql="insert into user_profile_roles (id_user, id_profile, id_roles) values ($IdUsername$IdProfile$idRuolo)";
  1098.             $stmt $em->getConnection()->prepare($sql);
  1099.             $stmt->execute();
  1100.           }
  1101.     
  1102.         }
  1103.         
  1104.     $ContaUser=$ContaUser+1;
  1105.     }
  1106.             } catch (\Throwable $th) {
  1107.                 $ContaNonUser=$ContaNonUser+1;
  1108.             }
  1109.     
  1110.                  $firstline false;
  1111.             }
  1113.        // return $this->redirect($this->generateUrl('user_manage'));
  1114.        $res_json = new JsonResponse;
  1115.         $res_json->setData(array('TotaliUtenti' => $TotaliUtenti,
  1116.                                  'ContaUser' => $ContaUser,
  1117.                                  'ContaNonUser' => $ContaNonUser));
  1118.                                                      
  1119.         return $res_json;
  1120.       }      
  1122.       public function generateToken($params){
  1123.           
  1124.         $em $this->getDoctrine()->getManager();
  1125.         $randomString substr(str_replace(['+''/''='], ''base64_encode(random_bytes(32))), 030); // 32 chars, without /=+
  1126.         $q "select count(*) cnt from user_token where token = '$randomString'";
  1127.         $statement $em->getConnection()->prepare($q);
  1128.         $statement->execute();
  1129.         $ResulQuery $statement->fetchAll()[0];
  1130.         $count $ResulQuery['cnt'];
  1131.         if ($count 0) {
  1132.           generateToken($params);
  1133.         } else {
  1134.           return $randomString;
  1135.         }
  1136.       }
  1138.       public function updateUserAction(Request $requestLoggerInterface $loggerParameterBagInterface $params)
  1139.       {
  1142.         $csrfToken $request->request->get('csrftoken');
  1143.           
  1144.         if (!$this->isCsrfTokenValid('edituser'$csrfToken)) {
  1145.           throw new \Exception('Csrf token not valid');
  1146.         }
  1148.          try{
  1149.         $id $_POST["form_id"];
  1150.         $email $_POST["form_email"];
  1151.         $nome $_POST["form_nome"];
  1152.         $cognome $_POST["form_cognome"];
  1153.         $tipoUtenza $_POST["form_utenza"];
  1155.         if ($request->request->has('chk_token')){
  1156.           $f_token 1;
  1157.         } else {
  1158.           $f_token 0;
  1159.         }
  1161.         if ($request->request->has('chk_utenza')){
  1162.           $statusUtenza 1;
  1163.         } else {
  1164.           $statusUtenza 0;
  1165.         }
  1167.         $em $this->getDoctrine()->getManager();
  1169.         /* STATUS */
  1170.         
  1171.     
  1172.         $sql "select case when status=true then 1 else 0 end status from user_acm where id= $id";
  1173.         $statement $em->getConnection()->prepare($sql);
  1174.         $statement->execute();
  1175.         $ResulQuery $statement->fetchAll()[0];
  1176.         $status $ResulQuery['status'];
  1178.         if ($statusUtenza != $status) {
  1179.           
  1180.           $q "update user_acm set status = :statusUtenza where id = :id";
  1181.           $statement $em->getConnection()->prepare($q);
  1182.           $statement->bindValue('statusUtenza'$statusUtenza);
  1183.           $statement->bindValue('id'$id);
  1184.           $statement->execute();
  1185.         }
  1186.         /* FINE STATUS */
  1188.         /* TOKEN */
  1189.       
  1190.         $sql "select flag_token from user_acm where id= $id";
  1191.         $statement $em->getConnection()->prepare($sql);
  1192.         $statement->execute();
  1193.         $ResulQuery $statement->fetchAll()[0];
  1194.         $flag_token $ResulQuery['flag_token'];
  1196.         //UPDATE USER.FLAG_TOKEN
  1197.         if ($f_token != $flag_token) {
  1198.             
  1199.             
  1200.           $q 'update user_acm set flag_token = :flag_token where id = :id;';  
  1201.           $statement $em->getConnection()->prepare($q);
  1202.           $statement->bindValue('flag_token'$f_token);
  1203.           $statement->bindValue('id'$id);
  1204.           $statement->execute();
  1205.         }
  1207.         //CONTROLLA SE ESISTE UN TOKEN
  1208.         
  1209.         $q "select count(*) token from user_token where id_user = '$id'";
  1210.         $statement $em->getConnection()->prepare($q);
  1211.         $statement->execute();
  1212.         $ResulQuery $statement->fetchAll()[0];
  1213.         $token $ResulQuery['token'];
  1215.         //SE TOKEN NON ESISTE, LO CREA E INSERT USER_TOKEN
  1216.         if ($f_token == && $token == 0) {
  1217.           //CREO TOKEN
  1218.           $token $this->generateToken($params);
  1219.           
  1220.          
  1221.             $i 'insert into user_token(id_user, token, date_start_validity, date_end_validity, check_validity)'
  1222.               ."values( '$id', '$token',  SYSDATE(), TO_DATE('31-12-2999 23:59:59', 'dd-mm-yyyy hh24:mi:ss'), 'Y')";  
  1223.           $stmt $em->getConnection()->prepare($i);
  1224.           $stmt->execute();
  1225.         }
  1228.         
  1229.         $q 'update user_acm set email = :email, '
  1230.         'first_name = :first_name, '
  1231.         'last_name = :last_name, '
  1232.         'user_role = :user_role '
  1233.         'where id = :id;';
  1234.         $statement $em->getConnection()->prepare($q);
  1236.         $statement->bindValue('email'$email);
  1237.         $statement->bindValue('first_name'$nome);
  1238.         $statement->bindValue('last_name'$cognome);
  1239.         $statement->bindValue('user_role'$tipoUtenza);
  1240.         $statement->bindValue('id'$id);
  1241.         $statement->execute();
  1243.         $sql="select id_roles,description_roles from roles order by 2";
  1244.         $stmt $em->getConnection()->prepare($sql);
  1245.         $stmt->execute();
  1246.         $ResultRoles $stmt->fetchAll();
  1247.         
  1249.         $sql="delete from user_profile_roles where id_user=".$id;
  1250.         $stmt $em->getConnection()->prepare($sql);
  1251.         $stmt->execute();
  1253.         for($i=0$i<count($ResultRoles); $i++)
  1254.         {
  1255.           $ruolo=$ResultRoles[$i]['description_roles'];
  1256.           $idRuolo=$ResultRoles[$i]['id_roles'];
  1258.           $logger->debug("[updateUserAction] Valore Ruolo ".$ruolo);
  1259.           $logger->debug("[updateUserAction] Id Ruolo ".$idRuolo);
  1261.           $profile=$_POST["profile_".$ruolo];
  1262.           $logger->debug("[updateUserAction] Valore Profilo ".$profile);
  1264.           if($profile != "None")
  1265.           {
  1266.                $logger->debug("[updateUserAction] Profilo diverso da None");
  1267.             $sql="select id_profile from profile where type_profile = '$profile'";
  1268.             $stmt $em->getConnection()->prepare($sql);
  1269.             $stmt->execute();
  1270.             $ResulQuery $stmt->fetch();
  1271.             $IdProfile=$ResulQuery['id_profile'];
  1273.             $sql="insert into user_profile_roles (id_user, id_profile, id_roles) values ($id$IdProfile$idRuolo)";
  1274.             $stmt $em->getConnection()->prepare($sql);
  1275.             $stmt->execute();
  1276.           }
  1278.         }
  1280.         $ExitUpdateUser=0;
  1281.         $MsgUpdateUser='Utente Modificato con Successo';
  1283.       } catch (\Exception $ex) {
  1285.         $ExitUpdateUser=1;
  1286.         $MsgUpdateUser="Errore nella modifica dell'utente ".$ex;
  1287.       }
  1289.         $res_json = new JsonResponse;
  1291.         $res_json->setData(array(
  1292.                                  'ExitUpdateUser' => $ExitUpdateUser,
  1293.                                  'MsgUpdateUser' => $MsgUpdateUser
  1294.                                 ));
  1295.                                
  1296.         return $res_json;
  1298.       }
  1300.       public function deleteUserAction(Request $requestParameterBagInterface $params)
  1301.       {
  1302.         $csrfToken $request->request->get('csrftoken');
  1303.           
  1304.         if (!$this->isCsrfTokenValid('deluser'$csrfToken)) {
  1305.           throw new \Exception('Csrf token not valid');
  1306.         }
  1308.       try{
  1309.          $id $_POST["form_id_del"];
  1311.             $em $this->getDoctrine()->getManager();
  1312.             $connection $em->getConnection();
  1313.         
  1314.             $q0 'select username from user_acm where id = :id;';    
  1315.             $stmt $connection->prepare($q0);
  1316.             $stmt->bindValue('id'$id);
  1317.             $stmt->execute();
  1318.             $username $stmt->fetchAll()[0]["username"];
  1321.            $q 'delete from user_acm where id = :id;';    
  1322.         
  1323.             $statement $connection->prepare($q);
  1324.             $statement->bindValue('id'$id);
  1326.             $statement->execute();
  1328.             $ExitDeleteUser=0;
  1329.             $MsgDeleteUser="Utente <b>$username</b> Cancellato con Successo ";
  1331.       } catch (\Exception $ex) {
  1333.         $ExitDeleteUser=1;
  1334.         $MsgDeleteUser="Errore nella Cancellazione dell'utente </b>$username</b>".$ex;
  1335.       }
  1337.         $res_json = new JsonResponse;
  1339.         $res_json->setData(array(
  1340.                                  'ExitDeleteUser' => $ExitDeleteUser,
  1341.                                  'MsgDeleteUser' => $MsgDeleteUser
  1342.                                 ));
  1343.                                
  1344.         return $res_json;
  1345.           }
  1347. }