/** * Load settings from the database * * Query all the settings * Fetch the result in the $grrSettings associative array * * Returns true if all went good, false otherwise * * * @return bool The settings are loaded */ function loadSettings() { global $grrSettings; // Pour tenir compte du changement de nom de la table setting à partir de la version 1.8 $test = grr_sql_query1("select NAME from ".TABLE_PREFIX."_setting where NAME='version'"); if ($test != -1) $sql = "select `NAME`, `VALUE` from ".TABLE_PREFIX."_setting"; else $sql = "select `NAME`, `VALUE` from setting"; $res = grr_sql_query($sql); if (! $res) return (false); if (grr_sql_count($res) == 0) { return (false); } else { for ($i = 0; ($row = grr_sql_row($res, $i)); $i++) { $grrSettings[$row[0]] = $row[1]; } return (true); } }
static function load() { $test = grr_sql_query1("SELECT NAME FROM " . TABLE_PREFIX . "_setting WHERE NAME='version'"); if ($test != -1) { $sql = "SELECT `NAME`, `VALUE` FROM " . TABLE_PREFIX . "_setting"; } else { $sql = "SELECT `NAME`, `VALUE` FROM setting"; } $res = grr_sql_query($sql); if (!$res) { return false; } if (grr_sql_count($res) == 0) { return false; } else { for ($i = 0; $row = grr_sql_row($res, $i); $i++) { self::$grrSettings[$row[0]] = $row[1]; } return true; } }
function jQuery_DatePicker($typeDate) { if (@file_exists('../include/connect.inc.php')) { $racine = "../"; } else { $racine = "./"; } if ($typeDate == 'rep_end' && isset($_GET['id'])) { $res = grr_sql_query("SELECT repeat_id FROM " . TABLE_PREFIX . "_entry WHERE id=" . $_GET['id'] . ";"); if (!$res) { fatal_error(0, grr_sql_error()); } $repeat_id = implode('', grr_sql_row($res, 0)); $res = grr_sql_query("SELECT rep_type, end_date, rep_opt, rep_num_weeks, start_time, end_time FROM " . TABLE_PREFIX . "_repeat WHERE id={$repeat_id}"); if (!$res) { fatal_error(0, grr_sql_error()); } if (grr_sql_count($res) == 1) { $row6 = grr_sql_row($res, 0); $date = date_parse(date("Y-m-d H:i:s", $row6[1])); $day = $date['day']; $month = $date['month']; $year = $date['year']; } else { if (isset($_GET['day'])) { $day = $_GET['day']; } else { $day = date("d"); } if (isset($_GET['month'])) { $month = $_GET['month']; } else { $month = date("m"); } if (isset($_GET['year'])) { $year = $_GET['year']; } else { $year = date("Y"); } } } else { global $start_day, $start_month, $start_year, $end_day, $end_month, $end_year; if (isset($_GET['day'])) { $day = $_GET['day']; } else { $day = date("d"); } if (isset($start_day) && $typeDate == 'start') { $day = $start_day; } elseif (isset($end_day) && $typeDate == 'end') { $day = $end_day; } if (isset($_GET['month'])) { $month = $_GET['month']; } else { $month = date("m"); } if (isset($start_month) && $typeDate == 'start') { $month = $start_month; } elseif (isset($end_month) && $typeDate == 'end') { $month = $end_month; } if (isset($_GET['year'])) { $year = $_GET['year']; } else { $year = date("Y"); } if (isset($start_year) && $typeDate == 'start') { $year = $start_year; } elseif (isset($end_year) && $typeDate == 'end') { $year = $end_year; } } genDateSelector("" . $typeDate . "_", "{$day}", "{$month}", "{$year}", ""); echo '<input type="hidden" disabled="disabled" id="mydate_' . $typeDate . '">' . PHP_EOL; echo '<script>' . PHP_EOL; echo ' $(function() {' . PHP_EOL; echo '$.datepicker.setDefaults( $.datepicker.regional[\'fr\'] );' . PHP_EOL; echo ' $(\'#mydate_' . $typeDate . '\').datepicker({' . PHP_EOL; echo ' beforeShow: readSelected, onSelect: updateSelected,' . PHP_EOL; echo ' showOn: \'both\', buttonImageOnly: true, buttonImage: \'images/calendar.png\',buttonText: "Choisir la date"});' . PHP_EOL; echo ' function readSelected()' . PHP_EOL; echo ' {' . PHP_EOL; echo ' $(\'#mydate_' . $typeDate . '\').val($(\'#' . $typeDate . '_day\').val() + \'/\' +' . PHP_EOL; echo ' $(\'#' . $typeDate . '_month\').val() + \'/\' + $(\'#' . $typeDate . '_year\').val());' . PHP_EOL; echo ' return {};' . PHP_EOL; echo ' }' . PHP_EOL; echo ' function updateSelected(date)' . PHP_EOL; echo ' {' . PHP_EOL; echo ' $(\'#' . $typeDate . '_day\').val(date.substring(0, 2));' . PHP_EOL; echo ' $(\'#' . $typeDate . '_month\').val(date.substring(3, 5));' . PHP_EOL; echo ' $(\'#' . $typeDate . '_year\').val(date.substring(6, 10));' . PHP_EOL; echo ' }' . PHP_EOL; echo ' });' . PHP_EOL; echo '</script>' . PHP_EOL; }
echo "</table>\n"; echo "</td><td>\n"; //This one has the rooms if (isset($id_area)) { $sql = "SELECT id, room_name, description, capacity, max_booking, statut_room from " . TABLE_PREFIX . "_room where area_id={$id_area} "; // on ne cherche pas parmi les ressources invisibles pour l'utilisateur $tab_rooms_noaccess = verif_acces_ressource(getUserName(), 'all'); foreach ($tab_rooms_noaccess as $key) { $sql .= " and id != {$key} "; } $sql .= "order by order_display, room_name"; $res = grr_sql_query($sql); if (!$res) { fatal_error(0, grr_sql_error()); } if (grr_sql_count($res) != 0) { echo "<table class=\"table\">"; for ($i = 0; $row = grr_sql_row($res, $i); $i++) { $color = ''; if ($row[5] == "0") { $color = " class=\"texte_ress_tempo_indispo\""; } echo "<tr><td " . $color . ">" . htmlspecialchars($row[1]) . "<i> - " . htmlspecialchars($row[2]); if ($row[3] > 0) { echo " ({$row['3']} max.)"; } echo "</i></td>\n<td><a href=\"admin_edit_room.php?room={$row['0']}\"><img src=\"img_grr/edit_s.png\" alt=\"" . get_vocab('edit') . "\" title=\"" . get_vocab('edit') . "\" class=\"image\" /></a></td>\n"; echo "<td><a href=\"admin_edit_room.php?room={$row['0']}&action=duplique_room\"><img src=\"img_grr/duplique.png\" alt=\"" . get_vocab('duplique_ressource') . "\" title=\"" . get_vocab('duplique_ressource') . "\" class=\"image\" /></a></td>"; echo "<td><a href=\"admin_room_del.php?type=room&room={$row['0']}&id_area={$id_area}\"><img src=\"img_grr/delete_s.png\" alt=\"" . get_vocab('delete') . "\" title=\"" . get_vocab('delete') . "\" class=\"image\" /></a></td>"; echo "<td><a href='javascript:centrerpopup(\"view_rights_room.php?id_room={$row['0']}\",600,480,\"scrollbars=yes,statusbar=no,resizable=yes\")' title=\"" . get_vocab("privileges") . "\">\n\t\t\t\t\t\t<img src=\"img_grr/rights.png\" alt=\"" . get_vocab("privileges") . "\" class=\"image\" /></a></td>"; echo "<td><a href='javascript:centrerpopup(\"view_room.php?id_room={$row['0']}\",600,480,\"scrollbars=yes,statusbar=no,resizable=yes\")' title=\"" . get_vocab("fiche_ressource") . "\">\n\t\t\t\t\t\t<img src=\"img_grr/details_s.png\" alt=\"détails\" class=\"image\" /></a></td>";
//print '<option '.$selected.' value="'.$row[0].'">'.$row[1].'</option>'.PHP_EOL; $incrementForValidArea++; } } } //echo '</select>',PHP_EOL,'</div>',PHP_EOL,'</td>',PHP_EOL,'</tr>',PHP_EOL; /*echo '<!-- ************* Ressources edition ***************** -->',PHP_EOL; echo '<tr><td class="E"><b>'.get_vocab('rooms').get_vocab('deux_points')."</b></td></tr>\n";*/ $sql = 'SELECT id, room_name, description, capacity FROM ' . TABLE_PREFIX . "_room WHERE area_id={$area_id} "; $tab_rooms_noaccess = verif_acces_ressource(getUserName(), 'all'); foreach ($tab_rooms_noaccess as $key) { $sql .= " and id != {$key} "; } $sql .= ' ORDER BY order_display,room_name'; $res = grr_sql_query($sql); $len = grr_sql_count($res); $tplArrayEditEntry['longeurListeRessourcesMax'] = min($longueur_liste_ressources_max, $len); /*echo '<tr><td class="CL" style="vertical-align:top;"><table border="0"><tr><td><select name="rooms[]" size="'.min($longueur_liste_ressources_max, $len).'" multiple="multiple">';*/ //Sélection de la "room" dans l'"area" if ($res) { for ($i = 0; $row = grr_sql_row($res, $i); ++$i) { /*var_dump($row);echo "<br>";*/ $tplArrayEditEntry['rooms'][$i]['0'] = $row[0]; $tplArrayEditEntry['rooms'][$i]['1'] = $row[1]; $tplArrayEditEntry['rooms'][$i]['capacity'] = $row[3]; $tplArrayEditEntry['rooms'][$i]['desc'] = $row[2]; $selected = ''; if ($row[0] == $room_id) { //$selected = 'selected="selected"'; $tplArrayEditEntry['rooms'][$i]['selected'] = true; } else {
function mrbsGetEntryInfo($id) { $sql = "SELECT start_time, end_time, entry_type, repeat_id, room_id, timestamp, beneficiaire, name, type, description FROM ".TABLE_PREFIX."_entry WHERE id = '".$id."'"; $res = grr_sql_query($sql); if (! $res) return; $ret = ''; if(grr_sql_count($res) > 0) { $row = grr_sql_row($res, 0); $ret["start_time"] = $row[0]; $ret["end_time"] = $row[1]; $ret["entry_type"] = $row[2]; $ret["repeat_id"] = $row[3]; $ret["room_id"] = $row[4]; $ret["timestamp"] = $row[5]; $ret["beneficiaire"] = $row[6]; $ret["name"] = $row[7]; $ret["type"] = $row[8]; $ret["description"] = $row[9]; } grr_sql_free($res); return $ret; }
$grrSettings['ldap_champ_email'] = $_POST['ldap_champ_email']; if (!Settings::set("se3_liste_groupes_autorises", $_POST['se3_liste_groupes_autorises'])) { echo "Erreur lors de l'enregistrement de se3_liste_groupes_autorises !<br />"; } $grrSettings['se3_liste_groupes_autorises'] = $_POST['se3_liste_groupes_autorises']; } } //Chargement des valeurs de la table settingS if (!Settings::load()) { die("Erreur chargement settings"); } if (isset($_POST['submit'])) { if (isset($_POST['login']) && isset($_POST['password'])) { $sql = "select upper(login) login, password, prenom, nom, statut from " . TABLE_PREFIX . "_utilisateurs where login = '******'login'] . "' and password = md5('" . $_POST['password'] . "') and etat != 'inactif' and statut='administrateur' "; $res_user = grr_sql_query($sql); $num_row = grr_sql_count($res_user); if ($num_row == 1) { $valid = 'yes'; } else { $message = get_vocab("wrong_pwd"); } } } if (!grr_resumeSession() && $valid != 'yes') { ?> <!doctype html> <html> <head> <link rel="stylesheet" href="style.css" type="text/css"> <title> grr </title> <link rel="shortcut icon" href="./favicon.ico">
echo '</div>' . PHP_EOL; if (isset($_GET['precedent'])) { if ($_GET['pview'] == 1 && $_GET['precedent'] == 1) { echo '<span id="lienPrecedent"><button class="btn btn-default btn-xs" onclick="charger();javascript:history.back();">Précedent</button></span>' . PHP_EOL; } } echo '<div class="contenu_planning">' . PHP_EOL; echo '<table class="table-bordered table-striped">' . PHP_EOL; echo '<tr>' . PHP_EOL . '<th style="width:5%;">' . PHP_EOL; if ($enable_periods == 'y') { echo get_vocab("period"); } else { echo get_vocab("time"); } echo '</th>' . PHP_EOL; $room_column_width = (int) (90 / grr_sql_count($res)); $nbcol = 0; $rooms = array(); $a = 0; for ($i = 0; $row = grr_sql_row($res, $i); $i++) { $id_room[$i] = $row['2']; $nbcol++; if (verif_acces_ressource(getUserName(), $id_room[$i])) { $room_name[$i] = $row['0']; $statut_room[$id_room[$i]] = $row['4']; $statut_moderate[$id_room[$i]] = $row['7']; $acces_fiche_reservation = verif_acces_fiche_reservation(getUserName(), $id_room[$i]); if ($row['1'] && $_GET['pview'] != 1) { $temp = '<br /><span class="small">(' . $row['1'] . ' ' . ($row['1'] > 1 ? get_vocab("number_max2") : get_vocab("number_max")) . ')</span>' . PHP_EOL; } else { $temp = '';
$sql = 'SELECT room_name, capacity, id, description, statut_room FROM ' . TABLE_PREFIX . "_room WHERE area_id='" . $area . "' ORDER BY order_display, room_name"; $res = grr_sql_query($sql); if (isset($_GET['precedent'])) { if ($_GET['pview'] == 1 && $_GET['precedent'] == 1) { $tplArray['precedant'] = true; /*echo '<span id="lienPrecedent">'.PHP_EOL; echo '<button class="btn btn-default btn-xs" onclick="charger();javascript:history.back();">Précedent</button>'.PHP_EOL; echo '</span>'.PHP_EOL;*/ } else { $tplArray['precedant'] = false; } } if (!$res) { fatal_error(0, grr_sql_error()); } if (grr_sql_count($res) == 0) { $tplArray['roomForArea'] = false; $tplArray['vocab']['no_rooms_for_area'] = get_vocab('no_rooms_for_area'); /*echo '<h1>',get_vocab('no_rooms_for_area'),'</h1>';*/ grr_sql_free($res); } else { $tplArray['vocab']['all_rooms'] = get_vocab('all_rooms'); $tplArray['vocab']['weekbefore'] = get_vocab('weekbefore'); $tplArray['vocab']['weekafter'] = get_vocab('weekafter'); $tplArray['roomForArea'] = true; //DEBUT HTML /*echo '<div class="row">'.PHP_EOL;*/ include 'menu_gauche.php'; /** * todo voir pour transformer ces includes en fonction ? Vérifier portée des var par rapport à l'include * menu gauche crée la var tplArrayMenuGauche
$req_area = "SELECT id, area_name, access FROM " . TABLE_PREFIX . "_area ORDER BY order_display"; $res_area = grr_sql_query($req_area); if ($res_area) { for ($i = 0; $row_area = grr_sql_row($res_area, $i); $i++) { $test_admin = grr_sql_query1("SELECT count(id_area) FROM " . TABLE_PREFIX . "_j_useradmin_area j where j.login = '******' and j.id_area='" . $row_area[0] . "'"); if ($test_admin >= 1) { $is_admin = 'y'; } else { $is_admin = 'n'; } $nb_room = grr_sql_query1("SELECT count(r.room_name) FROM " . TABLE_PREFIX . "_room r\n\t\t\t\t\tleft join " . TABLE_PREFIX . "_area a on r.area_id=a.id\n\t\t\t\t\twhere a.id='" . $row_area[0] . "'"); $req_room = "SELECT r.room_name FROM " . TABLE_PREFIX . "_room r\n\t\t\t\tleft join " . TABLE_PREFIX . "_j_user_room j on r.id=j.id_room\n\t\t\t\tleft join " . TABLE_PREFIX . "_area a on r.area_id=a.id\n\t\t\t\twhere j.login = '******' and a.id='" . $row_area[0] . "'"; $res_room = grr_sql_query($req_room); $is_gestionnaire = ''; if ($res_room) { if (grr_sql_count($res_room) == $nb_room && $nb_room != 0) { $is_gestionnaire = $vocab["all_rooms"]; } else { for ($j = 0; $row_room = grr_sql_row($res_room, $j); $j++) { $is_gestionnaire .= $row_room[0] . "<br />"; } } } $req_mail = "SELECT r.room_name from " . TABLE_PREFIX . "_room r\n\t\t\t\tleft join " . TABLE_PREFIX . "_j_mailuser_room j on r.id=j.id_room\n\t\t\t\tleft join " . TABLE_PREFIX . "_area a on r.area_id=a.id\n\t\t\t\twhere j.login = '******' and a.id='" . $row_area[0] . "'"; $res_mail = grr_sql_query($req_mail); $is_mail = ''; if ($res_mail) { for ($j = 0; $row_mail = grr_sql_row($res_mail, $j); $j++) { $is_mail .= $row_mail[0] . "<br />"; } }
header('Location: ' . Settings::get("grr_url")); } $sql = "SELECT * FROM " . TABLE_PREFIX . "_entry WHERE id='" . $id . "'"; $res = grr_sql_query($sql); if (!$res) { fatal_error(0, grr_sql_error()); } $row = grr_sql_row($res, 0); $sql = "SELECT room_name FROM " . TABLE_PREFIX . "_room WHERE id='" . $row[5] . "'"; $res = grr_sql_query($sql); $row2 = grr_sql_row($res, 0); $res2 = grr_sql_query("SELECT rep_type, end_date, rep_opt, rep_num_weeks, start_time, end_time FROM " . TABLE_PREFIX . "_repeat WHERE id={$row['4']}"); if (!$res2) { fatal_error(0, grr_sql_error()); } if (grr_sql_count($res2) == 1) { $row6 = grr_sql_row($res2, 0); $rep_type = $row6[0]; $rep_end_date = utf8_strftime($dformat, $row6[1]); $rep_opt = $row6[2]; $rep_num_weeks = $row6[3]; $start_time = $row6[4]; $end_time = $row6[5]; $duration = $row6[5] - $row6[4]; } if ($row[4] != 0) { $period = 1; } else { $period = 0; } include 'pdf/form_infoPDF.html';
/** * Open a new session * * Check the provided login and password * Register data from the database to the session cookie * Log the session * * Returns 1 if login succeeded, >= 1 otherwise * * @param string _login * @param string _password * @return string */ function grr_opensession($_login, $_password, $_user_ext_authentifie = '', $tab_login = array(), $tab_groups = array()) { // Initialisation de $auth_ldap $auth_ldap = 'no'; // Initialisation de $auth_imap $auth_imap = 'no'; // Initialisation de $est_authentifie_sso $est_authentifie_sso = FALSE; if ($_user_ext_authentifie != '') { $est_authentifie_sso = TRUE; // Statut par défaut $_statut = ""; $sso = Settings::get("sso_statut"); if ($sso == "cas_visiteur") { $_statut = "visiteur"; } else { if ($sso == "cas_utilisateur") { $_statut = "utilisateur"; } else { if ($sso == "lemon_visiteur") { $_statut = "visiteur"; } else { if ($sso == "lemon_utilisateur") { $_statut = "utilisateur"; } else { if ($sso == "http_visiteur") { $_statut = "visiteur"; } else { if ($sso == "http_utilisateur") { $_statut = "utilisateur"; } else { if ($sso == "lasso_visiteur") { $_statut = "visiteur"; } else { if ($sso == "lasso_utilisateur") { $_statut = "utilisateur"; } else { if ($sso == "lcs") { if ($_user_ext_authentifie == "lcs_eleve") { $_statut = Settings::get("lcs_statut_eleve"); } if ($_user_ext_authentifie == "lcs_non_eleve") { $_statut = Settings::get("lcs_statut_prof"); } $temoin_grp_ok = "non"; if (trim(Settings::get("lcs_liste_groupes_autorises")) == "") { $temoin_grp_ok = "oui"; } else { $tab_grp_autorise = explode(";", Settings::get("lcs_liste_groupes_autorises")); $tot = count($tab_grp_autorise); for ($i = 0; $i < $tot; $i++) { if (in_array($tab_grp_autorise[$i], $tab_groups)) { $temoin_grp_ok = "oui"; } } } // Si l'utilisateur n'appartient pas aux groupes LCS autorisés if ($temoin_grp_ok != 'oui') { return "5"; } } } } } } } } } } $sql = "SELECT upper(login) login, password, prenom, nom, statut, now() start, default_area, default_room, default_style, default_list_type, default_language, source, etat, default_site\n\t\tfrom " . TABLE_PREFIX . "_utilisateurs\n\t\twhere login = '******' and "; if ($_user_ext_authentifie != 'lasso') { $sql .= " password = '' and "; } $sql .= " etat != 'inactif'"; $res_user = grr_sql_query($sql); $num_row = grr_sql_count($res_user); if ($num_row == 1) { // L'utilisateur est présent dans la base locale if ($sso == "lcs") { // Mise à jour des données $nom_user = $tab_login["nom"]; $email_user = $tab_login["email"]; $prenom_user = $tab_login["fullname"]; // On met à jour $sql = "UPDATE " . TABLE_PREFIX . "_utilisateurs SET\n\t\t\t\tnom='" . protect_data_sql($nom_user) . "',\n\t\t\t\tprenom='" . protect_data_sql($prenom_user) . "',\n\t\t\t\temail='" . protect_data_sql($email_user) . "'\n\t\t\t\twhere login='******'"; } else { if ($_user_ext_authentifie == "cas") { if (Settings::get("ldap_statut") != '' && @function_exists("ldap_connect") && @file_exists("include/config_ldap.inc.php")) { $auth_ldap = 'yes'; } $nom_user = $tab_login["user_nom"]; $email_user = $tab_login["user_email"]; $prenom_user = $tab_login["user_prenom"]; if ($nom_user != '') { // On détecte si Nom, Prénom ou Email ont changé, // Si c'est le cas, on met à jour les champs $req = grr_sql_query("SELECT nom, prenom, email from " . TABLE_PREFIX . "_utilisateurs where login ='******'"); $res = mysqli_fetch_array($req); $nom_en_base = $res[0]; $prenom_en_base = $res[1]; $email_en_base = $res[2]; if (strcmp($nom_en_base, $nom_user) != 0 || strcmp($prenom_en_base, $prenom_user) != 0 || strcmp($email_en_base, $email_user) != 0) { // Si l'un des champs est différent, on met à jour les champs $sql = "UPDATE " . TABLE_PREFIX . "_utilisateurs SET\n\t\t\t\t\t\tnom='" . protect_data_sql($nom_user) . "',\n\t\t\t\t\t\tprenom='" . protect_data_sql($prenom_user) . "',\n\t\t\t\t\t\temail='" . protect_data_sql($email_user) . "'\n\t\t\t\t\t\twhere login='******'"; if (grr_sql_command($sql) < 0) { fatal_error(0, get_vocab("msg_login_created_error") . grr_sql_error()); } //Comme les données de la base on été changés, on doit remettre à jour la variable $row, //Pour que les données mises en sessions soient les bonnes //on récupère les données de l'utilisateur $sql = "SELECT upper(login) login, password, prenom, nom, statut, now() start, default_area, default_room, default_style, default_list_type, default_language, source, etat, default_site\n\t\t\t\t\t\tFROM " . TABLE_PREFIX . "_utilisateurs\n\t\t\t\t\t\tWHERE login = '******' and\n\t\t\t\t\t\tsource = 'ext' and\n\t\t\t\t\t\tetat != 'inactif'"; $res_user = grr_sql_query($sql); $num_row = grr_sql_count($res_user); if ($num_row != 1) { return "2"; } } } } } if (grr_sql_command($sql) < 0) { fatal_error(0, get_vocab("msg_login_created_error") . grr_sql_error()); } // on récupère les données de l'utilisateur dans $row $row = grr_sql_row($res_user, 0); } else { // L'utilisateur n'est pas présent dans la base locale ou est inactif // ou possède un mot de passe (utilisateur local GRR) // On teste si un utilisateur porte déjà le même login $test = grr_sql_query1("SELECT login FROM " . TABLE_PREFIX . "_utilisateurs WHERE login = '******'"); if ($test != '-1') { return "3"; } else { //Aucun utilisateur dans la base locale ne porte le même login. On peut continuer la procédure d'importation //1er cas : LCS. if ($sso == "lcs") { if ($_statut == 'aucun') { return "5"; } else { $nom_user = $tab_login["nom"]; $email_user = $tab_login["email"]; $prenom_user = $tab_login["fullname"]; } //2ème cas : SSO lasso. } else { if ($sso == "lasso_visiteur" or $sso == "lasso_utilisateur") { if (!empty($tab_login)) { $nom_user = $tab_login["nom"]; $email_user = $tab_login["email"]; $prenom_user = $tab_login["fullname"]; } //CAS d'un LDAP avec SSO CAS ou avec SSO Lemonldap //on tente de récupérer des infos dans l'annuaire avant d'importer le profil dans GRR } else { if (Settings::get("ldap_statut") != '' && @function_exists("ldap_connect") && @file_exists("include/config_ldap.inc.php") && $_user_ext_authentifie == 'cas') { // On initialise au cas où on ne réussisse pas à récupérer les infos dans l'annuaire. $l_nom = $_login; $l_email = ''; $l_prenom = ''; include "config_ldap.inc.php"; // Connexion à l'annuaire $ds = grr_connect_ldap($ldap_adresse, $ldap_port, $ldap_login, $ldap_pwd, $use_tls); $user_dn = grr_ldap_search_user($ds, $ldap_base, Settings::get("ldap_champ_recherche"), $_login, $ldap_filter, "no"); // Test with login and password of the user if (!$ds) { $ds = grr_connect_ldap($ldap_adresse, $ldap_port, $_login, $_password, $use_tls); } if ($ds) { $result = @ldap_read($ds, $user_dn, "objectClass=*", array(Settings::get("ldap_champ_nom"), Settings::get("ldap_champ_prenom"), Settings::get("ldap_champ_email"))); } if ($result) { // Recuperer les donnees de l'utilisateur $info = @ldap_get_entries($ds, $result); if (is_array($info)) { for ($i = 0; $i < $info["count"]; $i++) { $val = $info[$i]; if (is_array($val)) { if (isset($val[Settings::get("ldap_champ_nom")][0])) { $l_nom = ucfirst($val[Settings::get("ldap_champ_nom")][0]); } else { $l_nom = iconv("ISO-8859-1", "utf-8", "Nom à préciser"); } if (isset($val[Settings::get("ldap_champ_prenom")][0])) { $l_prenom = ucfirst($val[Settings::get("ldap_champ_prenom")][0]); } else { $l_prenom = iconv("ISO-8859-1", "utf-8", "Prénom à préciser"); } if (isset($val[Settings::get("ldap_champ_email")][0])) { $l_email = $val[Settings::get("ldap_champ_email")][0]; } else { $l_email = ''; } } } } // Convertir depuis UTF-8 (jeu de caracteres par defaut) if (function_exists("utf8_decode") && Settings::get("ConvertLdapUtf8toIso") == "y") { $l_email = utf8_decode($l_email); $l_nom = utf8_decode($l_nom); $l_prenom = utf8_decode($l_prenom); } } $nom_user = $l_nom; $email_user = $l_email; $prenom_user = $l_prenom; //4ème cas : SSO CAS. } else { if ($_user_ext_authentifie == "cas" && !empty($tab_login)) { // Cas d'une authentification CAS $nom_user = $tab_login["user_nom"]; $email_user = $tab_login["user_email"]; $prenom_user = $tab_login["user_prenom"]; $code_fonction_user = $tab_login["user_code_fonction"]; $libelle_fonction_user = $tab_login["user_libelle_fonction"]; $language_user = $tab_login["user_language"]; $default_style_user = $tab_login["user_default_style"]; if (Settings::get("sso_ac_corr_profil_statut") == 'y') { $_statut = effectuer_correspondance_profil_statut($code_fonction_user, $libelle_fonction_user); } //CAS ou : //LDAP n'est pas configuré, //il peut s'agit d'une authentification "SSO CAS", "SSO Lemonldap" mais ce n'est alors pas normal //ou bien il s'agit d'une authentification "HTTP" } else { //definition du nom $nom_user = ""; if (Settings::get("http_champ_nom") != "") { $_nom_user = Settings::get("http_champ_nom"); if (isset($_SERVER["{$_nom_user}"])) { $nom_user = $_SERVER["{$_nom_user}"]; } } if ($nom_user == "") { $nom_user = $_login; } //definition email : $email_user = ""; if (Settings::get("http_champ_email")) { $_email_user = Settings::get("http_champ_email"); if (isset($_SERVER["{$_email_user}"])) { $email_user = $_SERVER["{$_email_user}"]; } //on verifie le statut si domain statut est actif : if ($email_user != "") { if (Settings::get("http_sso_domain") && Settings::get("http_sso_domain") != "") { //explode du mail : $domaine = explode("@", $email_user); if (isset($domaine[1])) { if ($domaine[1] == Settings::get("http_sso_domain")) { if (Settings::get("http_sso_statut_domaine") != "") { $_statut = Settings::get("http_sso_statut_domaine"); } } } } } } //definition du prenom : $prenom_user = ""; if (Settings::get("http_champ_prenom")) { $_prenom_user = Settings::get("http_champ_prenom"); if (isset($_SERVER["{$_prenom_user}"])) { $prenom_user = $_SERVER["{$_prenom_user}"]; } } } } } } // On insère le nouvel utilisateur $sql = "INSERT INTO " . TABLE_PREFIX . "_utilisateurs SET\n\t\t\t\tnom='" . protect_data_sql($nom_user) . "',\n\t\t\t\tprenom='" . protect_data_sql($prenom_user) . "',\n\t\t\t\tlogin='******',\n\t\t\t\tpassword='',\n\t\t\t\tstatut='" . $_statut . "',\n\t\t\t\temail='" . protect_data_sql($email_user) . "',\n\t\t\t\tetat='actif',"; if (isset($default_style_user) and $default_style_user != "") { $sql .= "default_style='" . $default_style_user . "',"; } if (isset($language_user) and $language_user != "") { $sql .= "default_language='" . $language_user . "',"; } $sql .= "source='ext'"; if (grr_sql_command($sql) < 0) { fatal_error(0, get_vocab("msg_login_created_error") . grr_sql_error()); return "2"; } // on récupère les données de l'utilisateur $sql = "SELECT upper(login) login, password, prenom, nom, statut, now() start, default_area, default_room, default_style, default_list_type, default_language, source, etat, default_site\n\t\t\tfrom " . TABLE_PREFIX . "_utilisateurs\n\t\t\twhere login = '******' and\n\t\t\tsource = 'ext' and\n\t\t\tetat != 'inactif'"; $res_user = grr_sql_query($sql); $num_row = grr_sql_count($res_user); if ($num_row == 1) { $row = grr_sql_row($res_user, 0); } else { return "2"; } } } //On traite le cas NON SSO //-> LDAP sans SSO // -> Imap } else { $passwd_md5 = md5($_password); $sql = "SELECT upper(login) login, password, prenom, nom, statut, now() start, default_area, default_room, default_style, default_list_type, default_language, source, etat, default_site\n\tfrom " . TABLE_PREFIX . "_utilisateurs\n\twhere login = '******' and\n\tpassword = '******'"; $res_user = grr_sql_query($sql); $num_row = grr_sql_count($res_user); //On est toujours dans le cas NON SSO - L'utilisateur n'est pas présent dans la base locale if ($num_row != 1) { if (Settings::get("ldap_statut") != '' && @function_exists("ldap_connect") && @file_exists("include/config_ldap.inc.php")) { //$login_search = ereg_replace("[^-@._[:space:][:alnum:]]", "", $_login); $login_search = preg_replace("/[^\\-@._[:space:]a-zA-Z0-9]/", "", $_login); if ($login_search != $_login) { return "6"; } $user_dn = grr_verif_ldap($_login, $_password); if ($user_dn == "error_1") { return "7"; } else { if ($user_dn == "error_2") { return "8"; } else { if ($user_dn == "error_3") { return "9"; } else { if ($user_dn) { $auth_ldap = 'yes'; } else { return "4"; } } } } } elseif (Settings::get("imap_statut") != '' and @function_exists("imap_open") and @file_exists("include/config_imap.inc.php")) { // $login_search = ereg_replace("[^-@._[:space:][:alnum:]]", "", $_login); $login_search = preg_replace("/[^\\-@._[:space:]a-zA-Z0-9]/", "", $_login); if ($login_search != $_login) { return "6"; } $user_imap = grr_verif_imap($_login, $_password); if ($user_imap) { $auth_imap = 'yes'; imap_close($user_imap); } else { return "10"; } } else { return "2"; } } else { $row = grr_sql_row($res_user, 0); // S'il s'agit d'un utilisateur inactif, on s'arrête là if ($row[12] == 'inactif') { return "5"; } } // Fin du cas NON SSO } // Cette partie ne concerne que les utilisateurs pour lesquels l'authentification ldap ci-dessus a réussi // On tente d'interroger la base ldap pour obtenir des infos sur l'utilisateur if ($auth_ldap == 'yes') { // Cas particulier des serveur SE3 // se3_liste_groupes_autorises est vide -> pas de restriction if (trim(Settings::get("se3_liste_groupes_autorises")) == "") { $temoin_grp_ok = "oui"; } else { // se3_liste_groupes_autorises n'est pas vide -> on teste si le $_login appartient à un des groupes $temoin_grp_ok = "non"; //S'assurer que le fichier est inclus (il existe dans tous les cas où $auth_ldap==yes) if (!isset($ldap_group_user_field)) { include "config_ldap.inc.php"; } //Aller chercher l'info pour faire la comparaison $member_search = $_login; if ($ldap_group_user_field != 'uid') { $ds = grr_connect_ldap($ldap_adresse, $ldap_port, $ldap_login, $ldap_pwd, $use_tls); $user_dn = grr_ldap_search_user($ds, $ldap_base, Settings::get("ldap_champ_recherche"), $_login, $ldap_filter, "no"); // Test with login and password of the user if (!$ds) { $ds = grr_connect_ldap($ldap_adresse, $ldap_port, $_login, $_password, $use_tls); } if ($ds) { $result = @ldap_read($ds, $user_dn, "objectClass=*", array(Settings::get("ldap_champ_nom"), Settings::get("ldap_champ_prenom"), Settings::get("ldap_champ_email"))); } if ($result) { // Recuperer les donnees de l'utilisateur $info = @ldap_get_entries($ds, $result); if (is_array($info) && isset($info[0][$ldap_group_user_field])) { $member_search = $info[0][$ldap_group_user_field]; } } } $tab_grp_autorise = explode(";", Settings::get("se3_liste_groupes_autorises")); $total = count($tab_grp_autorise); for ($i = 0; $i < $total; $i++) { if (se3_grp_members($tab_grp_autorise[$i], $member_search) == "oui") { $temoin_grp_ok = "oui"; } } } if ($temoin_grp_ok != "oui") { return "5"; } // Fin cas particulier des serveur SE3 // on regarde si un utilisateur ldap ayant le même login existe déjà $sql = "SELECT upper(login) login, password, prenom, nom, statut, now() start, default_area, default_room, default_style, default_list_type, default_language, source, etat, default_site\n\tFROM " . TABLE_PREFIX . "_utilisateurs\n\tWHERE login = '******' and\n\tsource = 'ext' and\n\tetat != 'inactif'"; $res_user = grr_sql_query($sql); $num_row = grr_sql_count($res_user); if ($num_row == 1) { // un utilisateur ldap ayant le même login existe déjà // Lire les infos sur l'utilisateur depuis LDAP $user_info = grr_getinfo_ldap($user_dn, $_login, $_password); // Update GRR database $user_info[0] = utf8_encode($user_info[0]); $user_info[1] = utf8_encode($user_info[1]); $user_info[2] = utf8_encode($user_info[2]); $sql2 = "UPDATE " . TABLE_PREFIX . "_utilisateurs SET\n\t\tnom='" . protect_data_sql($user_info[0]) . "',\n\t\tprenom='" . protect_data_sql($user_info[1]) . "',\n\t\temail='" . protect_data_sql($user_info[2]) . "'\n\t\tWHERE login='******'"; if (grr_sql_command($sql2) < 0) { fatal_error(0, get_vocab("msg_login_created_error") . grr_sql_error()); } // on récupère les données de l'utilisateur dans $row $res_user = grr_sql_query($sql); $row = grr_sql_row($res_user, 0); } else { // pas d'utilisateur ldap ayant le même login dans la base GRR // Lire les infos sur l'utilisateur depuis LDAP $user_info = grr_getinfo_ldap($user_dn, $_login, $_password); // On teste si un utilisateur porte déjà le même login $test = grr_sql_query1("SELECT login FROM " . TABLE_PREFIX . "_utilisateurs WHERE login = '******'"); if ($test != '-1') { return "3"; } else { $user_info[0] = utf8_encode($user_info[0]); $user_info[1] = utf8_encode($user_info[1]); $user_info[2] = utf8_encode($user_info[2]); // On insère le nouvel utilisateur $sql = "INSERT INTO " . TABLE_PREFIX . "_utilisateurs SET\n\t\t\tnom='" . protect_data_sql($user_info[0]) . "',\n\t\t\tprenom='" . protect_data_sql($user_info[1]) . "',\n\t\t\tlogin='******',\n\t\t\tpassword='',\n\t\t\tstatut='" . Settings::get("ldap_statut") . "',\n\t\t\temail='" . protect_data_sql($user_info[2]) . "',\n\t\t\tetat='actif',\n\t\t\tsource='ext'"; if (grr_sql_command($sql) < 0) { fatal_error(0, get_vocab("msg_login_created_error") . grr_sql_error()); } $sql = "SELECT upper(login) login, password, prenom, nom, statut, now() start, default_area, default_room, default_style, default_list_type, default_language, source, etat, default_site\n\t\t\tFROM " . TABLE_PREFIX . "_utilisateurs\n\t\t\tWHERE login = '******' and\n\t\t\tsource = 'ext' and\n\t\t\tetat != 'inactif'"; $res_user = grr_sql_query($sql); $num_row = grr_sql_count($res_user); if ($num_row == 1) { // on récupère les données de l'utilisateur dans $row $row = grr_sql_row($res_user, 0); } else { return "2"; } } } } if ($auth_imap == 'yes') { // on regarde si un utilisateur imap ayant le meme login existe deja $sql = "SELECT upper(login) login, password, prenom, nom, statut, now() start, default_area, default_room, default_style, default_list_type, default_language, source, etat, default_site\n\tFROM " . TABLE_PREFIX . "_utilisateurs\n\tWHERE login = '******' and\n\tsource = 'ext' and\n\tetat != 'inactif'"; $res_user = grr_sql_query($sql); $num_row = grr_sql_count($res_user); if ($num_row == 1) { // un utilisateur imap ayant le meme login existe deja // on recupere les donnees de l'utilisateur dans $row $row = grr_sql_row($res_user, 0); } else { // pas d'utilisateur imap ayant le m?me login dans la base GRR // Lire les infos sur l'utilisateur depuis imap include "config_imap.inc.php"; // Connexion ? l'annuaire $conn_imap = grr_connect_imap($imap_adresse, $imap_port, $_login, $_password, $imap_type, $imap_ssl, $imap_cert, $imap_tls); if ($conn_imap) { // Test with login and password of the user $l_nom = ""; $l_prenom = ""; $l_email = $_login . "@" . $imap_domaine; imap_close($conn_imap); } // On teste si un utilisateur porte déjà le même login $test = grr_sql_query1("SELECT login from " . TABLE_PREFIX . "_utilisateurs where login = '******'"); if ($test != '-1') { return "3"; } else { // On insère le nouvel utilisateur $sql = "INSERT INTO " . TABLE_PREFIX . "_utilisateurs SET\n\t\t\tnom='" . protect_data_sql($l_nom) . "',\n\t\t\tprenom='" . protect_data_sql($l_prenom) . "',\n\t\t\tlogin='******',\n\t\t\tpassword='',\n\t\t\tstatut='" . Settings::get("imap_statut") . "',\n\t\t\temail='" . protect_data_sql($l_email) . "',\n\t\t\tetat='actif',\n\t\t\tsource='ext'"; if (grr_sql_command($sql) < 0) { fatal_error(0, get_vocab("msg_login_created_error") . grr_sql_error()); } $sql = "SELECT upper(login) login, password, prenom, nom, statut, now() start, default_area, default_room, default_style, default_list_type, default_language, source, etat, default_site\n\t\t\tfrom " . TABLE_PREFIX . "_utilisateurs\n\t\t\twhere login = '******' and\n\t\t\tsource = 'ext' and\n\t\t\tetat != 'inactif'"; $res_user = grr_sql_query($sql); $num_row = grr_sql_count($res_user); if ($num_row == 1) { // on r?cup?re les donn?es de l'utilisateur dans $row $row = grr_sql_row($res_user, 0); } else { return "2"; } } } } // On teste si la connexion est active ou non if (Settings::get("disable_login") == 'yes' and $row[4] != "administrateur") { return "2"; } // // A ce stade, on dispose dans tous les cas d'un tableau $row contenant les informations nécessaires à l'établissment d'une session // // Session starts now session_name(SESSION_NAME); @session_start(); // Is this user already connected ? $sql = "SELECT SESSION_ID from " . TABLE_PREFIX . "_log where SESSION_ID = '" . session_id() . "' and LOGIN = '******' and now() between START and END"; $res = grr_sql_query($sql); $num_row = grr_sql_count($res); if ($num_row > 0 and isset($_SESSION['start'])) { $sql = "UPDATE " . TABLE_PREFIX . "_log set END = now() + interval " . Settings::get("sessionMaxLength") . " minute where SESSION_ID = '" . session_id() . "' and START = '" . $_SESSION['start'] . "'"; // $sql = "update ".TABLE_PREFIX."_log set END = now() + interval " . Settings::get("sessionMaxLength") . " minute where SESSION_ID = '" . session_id() . "'"; $res = grr_sql_query($sql); if (!$res) { fatal_error(0, 'erreur mysql' . grr_sql_error()); } return "1"; } else { session_unset(); // session_destroy(); } // reset $_SESSION $_SESSION = array(); $_SESSION['login'] = $row[0]; $_SESSION['password'] = $row[1]; $_SESSION['prenom'] = $row[2]; $_SESSION['nom'] = $row[3]; $_SESSION['statut'] = $row[4]; $_SESSION['start'] = $row[5]; $_SESSION['maxLength'] = Settings::get("sessionMaxLength"); if ($row[6] > 0) { $_SESSION['default_area'] = $row[6]; } else { $_SESSION['default_area'] = Settings::get("default_area"); } if ($row[7] > 0) { $_SESSION['default_room'] = $row[7]; } else { $_SESSION['default_room'] = Settings::get("default_room"); } if ($row[8] != '') { $_SESSION['default_style'] = $row[8]; } else { $_SESSION['default_style'] = Settings::get("default_css"); } if ($row[9] != '') { $_SESSION['default_list_type'] = $row[9]; } else { $_SESSION['default_list_type'] = Settings::get("area_list_format"); } if ($row[10] != '') { $_SESSION['default_language'] = $row[10]; } else { $_SESSION['default_language'] = Settings::get("default_language"); } if ($row[13] > 0) { $_SESSION['default_site'] = $row[13]; } else { $_SESSION['default_site'] = Settings::get("default_site"); } $_SESSION['source_login'] = $row[11]; if ($est_authentifie_sso) { // Variable de session qui permet de savoir qu'un utilisateur est authentifié à un SSO $_SESSION['est_authentifie_sso'] = "y"; } // It's a new connection, insert into log if (isset($_SERVER["HTTP_REFERER"])) { $httpreferer = substr($_SERVER["HTTP_REFERER"], 0, 254); } else { $httpreferer = ''; } $ua = $_SERVER['HTTP_USER_AGENT']; $ua = explode(' ', $ua); $count = count($ua); for ($i = 0; $i < $count; $i++) { if (strncmp($ua[$i], '(Windows', 8) == 0) { $os = "Windows "; $i += 2; switch ($ua[$i]) { case '6.1;': $os .= "7"; break; case '6.2;': $os .= "8"; break; case '6.3;': $os .= "8.1"; break; default: $os .= ""; break; } } if (strncmp($ua[$i], 'Trident', 7) == 0) { $brow = "Internet Explorer "; $i += 1; $b = explode(':', $ua[$i]); $brow .= trim($b[1], ")"); } if (strncmp($ua[$i], 'Firefox', 7) == 0) { $b = explode('/', $ua[$i]); $brow = $b[0] . ' ' . $b[1]; } if (strncmp($ua[$i], 'Chrome', 6) == 0) { $b = explode('/', $ua[$i]); $brow = $b[0] . ' ' . $b[1]; } } if (isset($os) && isset($brow)) { $useragent = $os . ' ' . $brow; } else { $useragent = substr($_SERVER['HTTP_USER_AGENT'], 0, 254); } $sql = "INSERT INTO " . TABLE_PREFIX . "_log (LOGIN, START, SESSION_ID, REMOTE_ADDR, USER_AGENT, REFERER, AUTOCLOSE, END) values (\n\t'" . protect_data_sql($_SESSION['login']) . "',\n\t'" . $_SESSION['start'] . "',\n\t'" . session_id() . "',\n\t'" . $_SERVER['REMOTE_ADDR'] . "',\n\t'" . $useragent . "',\n\t'" . $httpreferer . "',\n\t'1',\n\t'" . $_SESSION['start'] . "' + interval " . Settings::get("sessionMaxLength") . " minute\n\t)\n;"; grr_sql_query($sql); /* Fonctionnalité SE3 (Palissy - Saintes - philippe.duval@ac-poitiers.fr) : Utilisation du LDAP pour inscrire automatiquement les utilisateurs dans les groupes administration, accès et gestion Ce code est associé à une nouvelle table : CREATE TABLE ".TABLE_PREFIX."_j_groupe_se3 (groupe varchar(40) NOT NULL default '',id_area_room int(11) NOT NULL default '0', statut varchar(20) NOT NULL default '', PRIMARY KEY (`groupe`,`id_area_room`)); Par ailleurs, pour que cette fonctionnalité soit complète et dans l'esprit de GRR, il faudra développer une "petite" interface dans GRR pour gérer les entrées dans cette table. */ // Début de la fonctionnalité SE3 $grp = @grr_sql_query("SELECT groupe, id_area_room, statut FROM " . TABLE_PREFIX . "_j_groupe_se3"); if ($grp) { // si la table ".TABLE_PREFIX."_j_groupe_se3 est implantée et non vide //A modifier recalcul a chaque boucle while ($resgrp = @mysqli_fetch_array($grp)) { // balaye tous les groupes présents dans la table ".TABLE_PREFIX."_j_groupadmin_area $statut_se3 = $resgrp['statut']; $area_se3 = $resgrp['id_area_room']; if ($statut_se3 == 'administrateur') { $table_user_se3 = "" . TABLE_PREFIX . "_j_useradmin_area"; $type_res = 'id_area'; } if ($statut_se3 == 'acces_restreint') { $table_user_se3 = "" . TABLE_PREFIX . "_j_user_area"; $type_res = 'id_area'; } if ($statut_se3 == 'gestionnaire') { $table_user_se3 = "" . TABLE_PREFIX . "_j_user_room"; $type_res = 'id_room'; } if (se3_grp_members($resgrp['groupe'], $_login) == "oui") { @grr_sql_query("INSERT INTO `" . $table_user_se3 . "` (login, " . $type_res . ") values('" . $_login . "'," . $area_se3 . ")"); } else { @grr_sql_query("DELETE FROM `" . $table_user_se3 . "` WHERE `login`='" . $_login . "' AND `" . $type_res . "`=" . $area_se3); } } } // Note : Il reste à gérer finement l'interface graphique et à déduire l'incompatibilité éventuelle entre le domaine par défaut et les domaines autorisés pour chaque utilisateur // Fin de la fonctionnalité SE3 /* Application du patch en production depuis la rentrée à Palissy : Zéro problème (ci-dessous, l'extraction de la table via phpmyadmin) CREATE TABLE `".TABLE_PREFIX."_j_groupe_se3` ( `groupe` varchar(40) NOT NULL default '', `id_area_room` int(11) NOT NULL default '0', `statut` varchar(20) NOT NULL default '', PRIMARY KEY (`groupe`,`id_area_room`) ) ENGINE=MyISAM DEFAULT CHARSET=latin1; INSERT INTO `".TABLE_PREFIX."_j_groupe_se3` (`groupe`, `id_area_room`, `statut`) VALUES ('GRR_ADMIN_SALLES_REUNIONS', 1, 'administrateur'), ('GRR_ADMIN_SALLES_PEDAGOGIQUES', 2, 'administrateur'), ('GRR_ADMIN_LABOS_LANGUES', 3, 'administrateur'), ('GRR_SALLES_REUNIONS', 1, 'acces_restreint'), ('GRR_SALLES_PEDAGOGIQUES', 2, 'acces_restreint'), ('GRR_LABOS_LANGUES', 3, 'acces_restreint'), ('GRR_GESTION_SALLE_A01', 1, 'gestionnaire'), ('GRR_GESTION_SALLE_A03', 2, 'gestionnaire'), ('GRR_GESTION_SALLE_A314', 3, 'gestionnaire'), ('GRR_GESTION_SALLE_A409', 4, 'gestionnaire'), ('GRR_GESTION_SALLE_D05', 5, 'gestionnaire'), ('GRR_GESTION_SALLE_A301E', 6, 'gestionnaire'); */ return "1"; }
die; } if ($unicode_encoding) { header("Content-Type: text/html;charset=utf-8"); } else { header("Content-Type: text/html;charset=" . $charset_html); } header('Expires: Mon, 26 Jul 1997 05:00:00 GMT'); if (authGetUserLevel(getUserName(), -1) < 2) { showAccessDenied(""); exit; } $sql = "SELECT nom, login, etat, statut FROM " . TABLE_PREFIX . "_utilisateurs WHERE (login='******')"; $res = grr_sql_query($sql); if ($res) { $nb_result = grr_sql_count($res); if ($nb_result > 1) { echo "<span class=\"avertissement\">Plusieurs utilisateur ont le même identifiants que l'utilisateur ci-dessus. Signalez ce problème à l'administrateur.</span>"; } else { if ($nb_result == 1) { $row = grr_sql_row($res, 0); if ($row[2] == 'inactif') { echo "<span class=\"avertissement\">" . get_vocab('utilisateur_rendu_inactif') . get_vocab('login') . get_vocab('deux_points') . $row[1] . "</span>"; } else { if ($row[3] == 'visiteur') { echo "<span class=\"avertissement\">" . get_vocab('utilisateur_simple_visiteur') . get_vocab('login') . get_vocab('deux_points') . $row[1] . "</span>"; } } } else { if ($nb_result == 0) { if ($identifiant_beneficiaire != "") {
grr_sql_command("DELETE FROM " . TABLE_PREFIX . "_room WHERE id={$room}"); //Go back to the admin page header("Location: admin_room.php?id_area={$id_area}&id_site={$id_site}"); die; } else { //print the page header print_header("", "", "", $type = "with_session"); echo "<div class=\"page_sans_col_gauche\">"; //We tell them how bad what theyre about to do is //Find out how many appointments would be deleted $sql = "SELECT name, start_time, end_time FROM " . TABLE_PREFIX . "_entry WHERE room_id={$room}"; $res = grr_sql_query($sql); if (!$res) { echo grr_sql_error(); } else { if (grr_sql_count($res) > 0) { echo get_vocab("deletefollowing") . ":<ul>"; for ($i = 0; $row = grr_sql_row($res, $i); $i++) { echo "<li>{$row['0']} ("; echo time_date_string($row[1], $dformat) . " -> "; echo time_date_string($row[2], $dformat) . ")"; } echo "</ul>"; } } echo "<h1 style=\"text-align:center;\">" . get_vocab("sure") . "</h1>"; echo "<h1 style=\"text-align:center;\"><a href=\"admin_room_del.php?type=room&room={$room}&confirm=Y&id_area={$id_area}\">" . get_vocab("YES") . "!</a> <a href=\"admin_room.php?id_area={$id_area}\">" . get_vocab("NO") . "!</a></h1>"; echo "</div>"; } } if ($type == "area") {
// On teste si l'utilisateur administre le domaine $test_admin = grr_sql_query1("select count(id_area) from ".TABLE_PREFIX."_j_useradmin_area j where j.login = '******' and j.id_area='".$row_area[0]."'"); if ($test_admin >= 1) $is_admin = 'y'; else $is_admin = 'n'; // On teste si l'utilisateur gère des ressources dans ce domaine $nb_room = grr_sql_query1("select count(r.room_name) from ".TABLE_PREFIX."_room r left join ".TABLE_PREFIX."_area a on r.area_id=a.id where a.id='".$row_area[0]."'"); $req_room = "select r.room_name from ".TABLE_PREFIX."_room r left join ".TABLE_PREFIX."_j_user_room j on r.id=j.id_room left join ".TABLE_PREFIX."_area a on r.area_id=a.id where j.login = '******' and a.id='".$row_area[0]."'"; $res_room = grr_sql_query($req_room); $is_gestionnaire = ''; if ($res_room) { if ((grr_sql_count($res_room) == $nb_room) and ($nb_room!=0)) $is_gestionnaire = $vocab["all_rooms"]; else for ($j = 0; ($row_room = grr_sql_row($res_room, $j)); $j++) { $is_gestionnaire .= $row_room[0]."<br />"; } } // On teste si l'utilisateur reçoit des mails automatiques $req_mail = "select r.room_name from ".TABLE_PREFIX."_room r left join ".TABLE_PREFIX."_j_mailuser_room j on r.id=j.id_room left join ".TABLE_PREFIX."_area a on r.area_id=a.id where j.login = '******' and a.id='".$row_area[0]."'"; $res_mail = grr_sql_query($req_mail); $is_mail = ''; if ($res_mail) { for ($j = 0; ($row_mail = grr_sql_row($res_mail, $j)); $j++) {
if ($req == -1) $result_inter .= traite_requete("INSERT INTO ".TABLE_PREFIX."_setting VALUES ('gestion_lien_aide', 'ext');"); $req = grr_sql_query1("SELECT count(VALUE) FROM ".TABLE_PREFIX."_setting WHERE NAME='lien_aide'"); if ($req == 0) $result_inter .= traite_requete("INSERT INTO ".TABLE_PREFIX."_setting VALUES ('lien_aide', '');"); $req = grr_sql_query1("SELECT VALUE FROM ".TABLE_PREFIX."_setting WHERE NAME='display_short_description'"); if ($req == -1) $result_inter .= traite_requete("INSERT INTO ".TABLE_PREFIX."_setting VALUES ('display_short_description', '1');"); $req = grr_sql_query1("SELECT VALUE FROM ".TABLE_PREFIX."_setting WHERE NAME='remplissage_description_breve'"); if ($req == -1) $result_inter .= traite_requete("INSERT INTO ".TABLE_PREFIX."_setting VALUES ('remplissage_description_breve', '1');"); $req1 = grr_sql_query1("SELECT VALUE FROM ".TABLE_PREFIX."_setting WHERE NAME='ldap_statut'"); $req2 = grr_sql_query1("SELECT count(VALUE) FROM ".TABLE_PREFIX."_setting WHERE NAME='ldap_champ_recherche'"); if ((($req1=="utilisateur") or ($req1=="visiteur")) and ($req2 == 0)) { $result_inter .= "<br /><span style=\"color:red;\"><b>AVERTISSEMENT</b> : suite à cette mise à jour, vous devez configurer l'<b>attribut utilisé pour la recherche dans l'annuaire ldap</b>. Pour cela, rendez-vous dans la page de configuration LDAP.</span><br />"; } if ($req2 == 0) $result_inter .= traite_requete("INSERT INTO ".TABLE_PREFIX."_setting VALUES ('ldap_champ_recherche', 'uid');"); $req = grr_sql_count(grr_sql_query("SHOW COLUMNS FROM ".TABLE_PREFIX."_entry LIKE 'beneficiaire'")); if ($req == 0) { $result_inter .= traite_requete("ALTER TABLE `".TABLE_PREFIX."_entry` ADD beneficiaire VARCHAR( 100 ) NOT NULL AFTER `create_by`"); $result_inter .= traite_requete("update `".TABLE_PREFIX."_entry` set `beneficiaire` = `create_by`"); $result_inter .= traite_requete("ALTER TABLE `".TABLE_PREFIX."_entry_moderate` ADD beneficiaire VARCHAR( 100 ) NOT NULL AFTER `create_by`"); $result_inter .= traite_requete("update `".TABLE_PREFIX."_entry_moderate` set `beneficiaire` = `create_by`"); $result_inter .= traite_requete("ALTER TABLE `".TABLE_PREFIX."_repeat` ADD beneficiaire VARCHAR( 100 ) NOT NULL AFTER `create_by`"); $result_inter .= traite_requete("update `".TABLE_PREFIX."_repeat` set `beneficiaire` = `create_by`"); $result_inter .= traite_requete("ALTER TABLE `".TABLE_PREFIX."_entry` ADD beneficiaire_ext VARCHAR( 200 ) NOT NULL AFTER `create_by`"); $result_inter .= traite_requete("ALTER TABLE `".TABLE_PREFIX."_entry_moderate` ADD beneficiaire_ext VARCHAR( 200 ) NOT NULL AFTER `create_by`"); $result_inter .= traite_requete("ALTER TABLE `".TABLE_PREFIX."_repeat` ADD beneficiaire_ext VARCHAR( 200 ) NOT NULL AFTER `create_by`"); }; $result_inter .= traite_requete("ALTER TABLE ".TABLE_PREFIX."_room ADD qui_peut_reserver_pour VARCHAR( 1 ) DEFAULT '5' NOT NULL"); if ($result_inter == '') {
</select> <input type="hidden" name="id_area" value="<?php echo $id_area;?>" /> <input type="submit" value="Enregistrer" /> </div></form> </td></tr> <!-- selection pour ajout de masse !--> <?php $sql = "SELECT u.login, u.nom, u.prenom FROM ".TABLE_PREFIX."_utilisateurs u left join ".TABLE_PREFIX."_j_useradmin_area on ".TABLE_PREFIX."_j_useradmin_area.login=u.login WHERE ((etat!='inactif' and (statut='utilisateur' or statut='administrateur' or statut='gestionnaire_utilisateur')) AND (".TABLE_PREFIX."_j_useradmin_area.login is null or (".TABLE_PREFIX."_j_useradmin_area.login=u.login and ".TABLE_PREFIX."_j_useradmin_area.id_area!=".$id_area."))) order by u.nom, u.prenom"; $res = grr_sql_query($sql); $nb_users = grr_sql_count($res); if ($nb_users > 0) { ?> <tr><td> <h3><?php echo get_vocab("add_multiple_user_to_list").get_vocab("deux_points");?></h3> <form action="admin_right_admin.php" method='post'> <div><select name="agent" size="8" style="width:200px;" multiple="multiple" ondblclick="Deplacer(this.form.agent,this.form.elements['reg_multi_admin_login[]'])"> <?php if ($res) for ($i = 0; ($row = grr_sql_row($res, $i)); $i++) { if (authUserAccesArea($row[0],$id_area) == 1) { echo "<option value='$row[0]'>".grr_htmlSpecialChars($row[1])." ".grr_htmlSpecialChars($row[2])."</option>"; } } ?>
$reg_prenom = isset($_POST["reg_prenom"]) ? $_POST["reg_prenom"] : NULL; $reg_email = isset($_POST["reg_email"]) ? $_POST["reg_email"] : NULL; $reg_mdp = isset($_POST["reg_mdp"]) ? $_POST["reg_mdp"] : NULL; $reg_type_user = isset($_POST["reg_type_user"]) ? $_POST["reg_type_user"] : NULL; $reg_statut = isset($_POST["reg_statut"]) ? $_POST["reg_statut"] : NULL; $reg_type_auth = isset($_POST["reg_type_auth"]) ? $_POST["reg_type_auth"] : NULL; $nb_row++; for ($row = 1; $row < $nb_row; $row++) { if ($reg_type_auth[$row] != "ext") { $reg_mdp[$row] = md5(unslashes($reg_mdp[$row])); } // On nettoie les windozeries $reg_nom[$row] = protect_data_sql(corriger_caracteres($reg_nom[$row])); $reg_prenom[$row] = protect_data_sql(corriger_caracteres($reg_prenom[$row])); $reg_email[$row] = protect_data_sql(corriger_caracteres($reg_email[$row])); $test_login = grr_sql_count(grr_sql_query("SELECT login FROM " . TABLE_PREFIX . "_utilisateurs WHERE login='******'")); if ($test_login == 0) { $regdata = grr_sql_query("INSERT INTO " . TABLE_PREFIX . "_utilisateurs SET nom='" . $reg_nom[$row] . "',prenom='" . $reg_prenom[$row] . "',login='******',email='" . $reg_email[$row] . "',password='******',statut='" . $reg_type_user[$row] . "',etat='" . $reg_statut[$row] . "',source='" . $reg_type_auth[$row] . "'"); } else { $regdata = grr_sql_query("UPDATE " . TABLE_PREFIX . "_utilisateurs SET nom='" . $reg_nom[$row] . "',prenom='" . $reg_prenom[$row] . "',email='" . $reg_email[$row] . "',password='******',statut='" . $reg_type_user[$row] . "',etat='" . $reg_statut[$row] . "',source='" . $reg_type_auth[$row] . "' WHERE login='******'"); } if (!$regdata) { echo "<p><font color=\"red\">" . $reg_login[$row] . get_vocab("deux_points") . get_vocab("message_records_error") . "</font></p>"; } else { if ($reg_stat[$row] == "nouveau") { echo "<p>" . $reg_login[$row] . get_vocab("deux_points") . get_vocab("admin_import_users_csv12") . "</p>"; } else { echo "<p>" . $reg_login[$row] . get_vocab("deux_points") . get_vocab("message_records") . "</p>"; } } }
echo "<h3>" . get_vocab("type_de_creneaux") . "</h3>"; echo "<table>"; //echo "<p style=\"text-align:left;\"><b>ATTENTION :</b> Les deux types de configuration des creneaux sont incompatibles entre eux : un changement du type de creneaux entraene donc, apres validation, un <b>effacement de toutes les reservations de ce domaine</b></p>."; echo "<tr><td colspan=\"2\"><label><input type=\"radio\" name=\"enable_periods\" value=\"n\" onclick=\"bascule()\" "; if ($row["enable_periods"] == 'n') { echo "checked=\"checked\""; } echo " />" . get_vocab("creneaux_de_reservation_temps") . "</label><br />"; echo "<label><input type=\"radio\" name=\"enable_periods\" value=\"y\" onclick=\"bascule()\" "; if ($row["enable_periods"] == 'y') { echo "checked=\"checked\""; } echo " />" . get_vocab("creneaux_de_reservation_pre_definis") . "</label></td></tr></table>"; //Les creneaux de reservation sont bases sur des intitules pre-definis. $sql_periode = grr_sql_query("SELECT num_periode, nom_periode FROM " . TABLE_PREFIX . "_area_periodes where id_area='" . $id_area . "' order by num_periode"); $num_periodes = grr_sql_count($sql_periode); if (!isset($number_periodes)) { if ($num_periodes == 0) { $number_periodes = 10; } else { $number_periodes = $num_periodes; } } if ($row["enable_periods"] == 'y') { echo "<table id=\"menu2\" border=\"1\" cellspacing=\"1\" cellpadding=\"6\">"; } else { echo "<table style=\"display:none\" id=\"menu2\" border=\"1\" cellspacing=\"1\" cellpadding=\"6\">"; } echo "<tr><td>" . get_vocab("nombre_de_creneaux") . get_vocab("deux_points") . "</td>"; echo "<td style=\"width:30%;\"><input type=\"text\" id=\"nb_per\" name=\"number_periodes\" size=\"1\" onkeypress=\"if (event.keyCode==13) return aff_creneaux()\" value=\"{$number_periodes}\" />\n\t\t\t<a href=\"#Per\" onclick=\"javascript:return(aff_creneaux())\">" . get_vocab("goto") . "</a>\n"; echo "</td></tr>\n<tr><td colspan=\"2\">";
if ($nb_types_valides == 0) { // Aucun type n'a été sélectionné. Dans ce cas, on impose au moins un type : $del = grr_sql_query("DELETE FROM " . TABLE_PREFIX . "_j_type_area WHERE id_area='" . $id_area . "' AND id_type = '" . $type_si_aucun . "'"); $msg = "Vous devez au définir au moins un type valide !"; } // Type par défaut : // On enregistre le nouveau type par défaut : $reg_type_par_defaut = grr_sql_query("UPDATE " . TABLE_PREFIX . "_area SET id_type_par_defaut='" . $_GET['id_type_par_defaut'] . "' WHERE id='" . $id_area . "'"); } affiche_pop_up($msg, "admin"); $area_name = grr_sql_query1("SELECT area_name FROM " . TABLE_PREFIX . "_area WHERE id='" . $id_area . "'"); echo "<div class=\"page_sans_col_gauche\">"; echo "<h2>" . get_vocab('admin_type.php') . "</h2>"; echo "<h2>" . get_vocab("match_area") . get_vocab('deux_points') . " " . $area_name . "</h2>"; $res = grr_sql_query($sql); $nb_lignes = grr_sql_count($res); if ($nb_lignes == 0) { echo "</body></html>"; die; } echo "<form action=\"admin_type_area.php\" id=\"type\" method=\"get\">\n"; echo "<table>"; if (authGetUserLevel(getUserName(), -1) >= 6) { echo "<tr><td><a href=\"admin_type_modify.php?id=0\">" . get_vocab("display_add_type") . "</a></td></tr>"; } echo "<tr><td>" . get_vocab("explications_active_type") . "</td></tr>"; echo "<tr><td>\n"; // Affichage du tableau echo "<table border=\"1\" cellpadding=\"3\"><tr>\n"; // echo "<tr><td><b>".get_vocab("type_num")."</a></b></td>\n"; echo "<td><b>" . get_vocab("type_num") . "</b></td>\n";
//Date derniere modif echo date_time_string($row[7], $dformat) . ";"; echo "\r\n"; } } if ($summarize == 5) { //Télécharger le fichier CSV header('Content-Encoding: UTF-8'); header("Content-Type: application/csv-tab-delimited-table"); header("Content-disposition: filename=resume.csv"); echo ""; $res = grr_sql_query($sql); if (!$res) { fatal_error(0, grr_sql_error()); } $nmatch = grr_sql_count($res); if ($nmatch == 0) { echo html_entity_decode($vocab["nothing_found"]) . "\r\n"; grr_sql_free($res); } else { if ($_GET["sumby"] == "6") { echo html_entity_decode($vocab["summarize_by"]) . " " . html_entity_decode($vocab["sum_by_creator"]) . " - {$day} {$month} {$year};"; } else { if ($_GET["sumby"] == "3") { echo html_entity_decode($vocab["summarize_by"]) . " " . html_entity_decode($vocab["sum_by_descrip"]) . " - {$day} {$month} {$year};"; } else { if ($_GET["sumby"] == "5") { echo html_entity_decode($vocab["summarize_by"]) . " " . html_entity_decode($vocab["type"]) . " - {$day} {$month} {$year};"; } else { $fieldname = grr_sql_query1("SELECT fieldname FROM " . TABLE_PREFIX . "_overload WHERE id='" . $_GET["sumby"] . "'"); echo html_entity_decode($vocab["summarize_by"]) . " " . html_entity_decode($fieldname) . " - {$day} {$month} {$year};";
$is_admin = 'yes'; echo "<h3>" . get_vocab("administration_site") . get_vocab("deux_points") . "</h3>"; echo "<b>" . $this_site_name . "</b>"; ?> </td> <td> <?php $exist_admin = 'no'; $sql = "select login, nom, prenom from " . TABLE_PREFIX . "_utilisateurs where (statut='utilisateur' or statut='gestionnaire_utilisateur')"; $res = grr_sql_query($sql); if ($res) { for ($i = 0; $row = grr_sql_row($res, $i); $i++) { $is_admin = 'yes'; $sql3 = "SELECT login FROM " . TABLE_PREFIX . "_j_useradmin_site WHERE (id_site='" . $id_site . "' and login='******')"; $res3 = grr_sql_query($sql3); $nombre = grr_sql_count($res3); if ($nombre == 0) { $is_admin = 'no'; } if ($is_admin == 'yes') { if ($exist_admin == 'no') { echo "<h3>" . get_vocab("user_admin_site_list") . get_vocab("deux_points") . "</h3>"; $exist_admin = 'yes'; } echo "<b>"; echo "{$row['1']} {$row['2']}</b> | <a href='admin_admin_site.php?action=del_admin&login_admin=" . urlencode($row[0]) . "&id_site={$id_site}'>" . get_vocab("delete") . "</a><br />"; } } } if ($exist_admin == 'no') { echo "<h3><span class=\"avertissement\">" . get_vocab("no_admin_this_site") . "</span></h3>";
echo get_vocab("OK"); ?> " style="font-variant: small-caps;"/> </fieldset> </form> </div> <hr style="margin-top: 32px; margin-bottom: 24px;"/> <h3> <?php echo get_vocab("cleaning_log"); ?> </h3> <?php $sql = "select START from " . TABLE_PREFIX . "_log order by END"; $res = grr_sql_query($sql); $logs_number = grr_sql_count($res); $row = grr_sql_row($res, 0); $annee = substr($row[0], 0, 4); $mois = substr($row[0], 5, 2); $jour = substr($row[0], 8, 2); echo "<p>" . get_vocab("logs_number") . "<b>" . $logs_number . "</b><br />"; echo get_vocab("older_date_log") . "<b>" . $jour . "/" . $mois . "/" . $annee . "</b></p>"; if (!isset($_POST['cleanYear'])) { $_POST['cleanYear'] = strftime("%Y"); } if (!isset($_POST['cleanMonth'])) { $_POST['cleanMonth'] = strftime("%m"); } if (!isset($_POST['cleanDay'])) { $_POST['cleanDay'] = strftime("%d"); }
function affiche_nom_prenom_email($_beneficiaire,$_beneficiaire_ext,$type="nomail"){ if ($_beneficiaire !="") { $sql_beneficiaire = "SELECT prenom, nom, email FROM ".TABLE_PREFIX."_utilisateurs WHERE login = '******'"; $res_beneficiaire = grr_sql_query($sql_beneficiaire); if ($res_beneficiaire) { $nb_result = grr_sql_count($res_beneficiaire); if ($nb_result == 0) { $chaine = get_vocab("utilisateur_inconnu").$_beneficiaire.")"; } else { $row_user = grr_sql_row($res_beneficiaire, 0); if ($type == "formail") { $chaine = removeMailUnicode($row_user[0])." ".removeMailUnicode($row_user[1]); if ($row_user[2] != "") { $chaine .= " (".$row_user[2].")"; } } else if ($type == "onlymail") { // Cas où en envoie uniquement le mail $chaine = grr_sql_query1("select email from ".TABLE_PREFIX."_utilisateurs where login='******'"); } else if (($type == "withmail") and ($row_user[2] != "")) { // Cas où en envoie les noms, prénoms et mail $chaine = affiche_lien_contact($_beneficiaire,"identifiant:oui","afficher_toujours"); } else { // Cas où en envoie les noms, prénoms sans le mail $chaine = $row_user[0]." ".$row_user[1]; } } return $chaine; die(); } else { return ""; die(); } } else { // cas d'un bénéficiaire extérieur // On récupère le tableau des nom et emails $tab_benef = donne_nom_email($_beneficiaire_ext); // Cas où en envoie uniquement le mail if ($type == "onlymail") { $chaine = $tab_benef["email"]; // Cas où en envoie les noms, prénoms et mail } else if (($type == "withmail") and ($tab_benef["email"] != "")) { $email = explode('@',$tab_benef["email"]); $person = $email[0]; if (isset($email[1])) { $domain = $email[1]; $chaine = "<script type=\"text/javascript\">encode_adresse('".$person."','".$domain."','".AddSlashes($tab_benef["nom"])."',1);</script>"; } else { $chaine = $tab_benef["nom"]; } } else { // Cas où en envoie les noms, prénoms sans le mail $chaine = $tab_benef["nom"]; } return $chaine; die(); } }