<li>
<a class="menu_trigger" href="#">Administration</a>
<ul class="menu">
<?php
getmenuarray();
for ($i = 0; $i < count($liens); $i++) {
// Affichage item menu
if (strlen($liens[$i][0]) > 0 && ldap_get_right($liens[$i][1], $login) == "Y") {
echo "<li>\n<a href='#' class='submenu'><img src='../lcs/images/barre1/BP_r1_c7_f3.gif' style='height:20px;' /> " . $liens[$i][0] . "</a>\n";
}
if (count($liens[$i]) > 0) {
echo "<ul>\n";
}
for ($j = 2; $j < count($liens[$i]); $j = $j + 3) {
if (ldap_get_right($liens[$i][$j + 2], $login) == "Y") {
// On vire le target quand il existe (cas de pla)
$tmp = explode("\"", $liens[$i][$j + 1]);
# if ( $tmp[1] == "target='_new'" ) $liens[$i][$j+1] = $tmp[0];
if (preg_match("/target/", $tmp[1])) {
$liens[$i][$j + 1] = $tmp[0];
}
echo "<li><a class='open_win' href='#icon_dock_lcs_admin' rel='../Admin/" . preg_replace("/\\/Admin\\//", "", $liens[$i][$j + 1]) . "'><img src='../lcs/images/barre1/BP_r1_c7_f3.gif' style='height:20px;' /> " . $liens[$i][$j] . "</a></li>\n";
}
}
if (count($liens[$i]) > 0) {
echo "</ul>\n";
}
echo "<li>\n";
}
?>
</ul>
/**
* menuAdmin() :
*@type : function
*@param : $login (login user)
*@return : array() (menu administration)
*/
function menuAdmin($login, $liens)
{
if (acces_btn_admin($login) == "Y") {
// acces au menu d'administration
for ($i = 0; $i < count($liens); $i++) {
// Affichage item menu
if (strlen($liens[$i][0]) > 0 && ldap_get_right($liens[$i][1], $login) == "Y") {
$apps['admin'][$i] = array("txt" => $liens[$i][0], "url" => "#", "rev" => "admin", "img" => "core/images/app/lcslogo-admin.png", "typ" => "admn", "smn" => array());
}
if (count($liens[$i]) > 0) {
}
for ($j = 2; $j < count($liens[$i]); $j = $j + 3) {
if (ldap_get_right($liens[$i][$j + 2], $login) == "Y") {
// On vire le target quand il existe (cas de pla)
$tmp = explode("\"", $liens[$i][$j + 1]);
# if ( $tmp[1] == "target='_new'" ) $liens[$i][$j+1] = $tmp[0];
if (preg_match("/target/", $tmp[1])) {
$liens[$i][$j + 1] = $tmp[0];
}
$apps['admin'][$i]['smn'][] = array("txt" => $liens[$i][$j], "url" => "../Admin/" . preg_replace("/\\/Admin\\//", "", $liens[$i][$j + 1]));
}
}
}
return $apps;
}
// Fin menu admin
return;
}
function acces_btn_admin ($login_recu)
// Test si l'utilisateur authentifie possede les droits pour acceder au bouton d'administration
{
global $liens;
getmenuarray();
// A partir d'ici on a un identifiant
if ( ldap_get_right("lcs_is_admin",$login_recu) == "Y" ) { // l'utilisateur a les droits lcs_is_admin : il a toujours access
return ("Y");
}
// Test des droits des menus et sous-menus pour les utilisateurs sans les droits lcs_is_admin
// L'utilisateur a acces des qu'il a un de ces droits
// boucle sur les menus
for ($menunbr=1; $menunbr<count($liens); $menunbr++) {
// Test sur le menu
$rightname=$liens[$menunbr][1];
if ( ($rightname=="") or (ldap_get_right($rightname,$login_recu)=="Y") ) {
// pas de droits necessaires ou alors l'utilisateur a la permission
return ("Y");
}
//boucle sur les sous-menus
for ($i=2; $i<count($liens[$menunbr]); $i+=3) {
// Test sur le sous-menu
$rightname_smenu=$liens[$menunbr][$i+2];
if ( ($rightname_smenu=="") or (ldap_get_right($rightname_smenu,$login_recu)=="Y") ) {
// pas de droits necessaires ou alors l'utilisateur a la permission
return ("Y");
}
} // boucle sur les sous-menus
} // boucle sur les menus
// on a parcouru tous les menus et sous-menus et l'utilisateur n'a pas les droits
return ("N");
} // Fin fonction acces_btn_admin
break;
} else {
$_SESSION['saclasse'][1] = "";
}
}
}
}
}
} elseif (is_administratif($login)) {
$_SESSION['cequi'] = "administratif";
}
//redirection d'acces
if ($_SESSION['login'] == "admin") {
header("location: ./scripts/fichier_classes.php");
exit;
} elseif ($_SESSION['cequi'] == "administratif" && ldap_get_right("Cdt_can_sign", $_SESSION['login']) == "Y") {
header("location: ./scripts/cahier_direction.php");
exit;
} elseif ($_SESSION['cequi'] == "eleve" && $_SESSION['saclasse'][1] != "" || $_SESSION['cequi'] == "administratif") {
header("location: ./scripts/cahier_text_eleve.php");
exit;
} elseif ($_SESSION['cequi'] == "prof") {
header("location: ./scripts/edt.php?from=ind");
exit;
} else {
echo 'Accès non autorisé ! ';
}
exit;
} elseif (isset($_GET['cl1'])) {
$toto = array();
for ($x = 1; $x <= 5; $x++) {
Projet LCS : Linux Communication Server
Plugin "cahier de textes"
VERSION 2.5 du 04/06/2015
par philippe LECLERC
philippe.leclerc1@ac-caen.fr
- script de consultationd'un cahier de textes PROF -
_-=-_
=================================================== */
header("X-XSS-Protection: 0");
session_name("Lcs");
@session_start();
include "../Includes/basedir.inc.php";
include "{$BASEDIR}/lcs/includes/headerauth.inc.php";
include "{$BASEDIR}/Annu/includes/ldap.inc.php";
include "{$BASEDIR}/Annu/includes/ihm.inc.php";
if (ldap_get_right("Cdt_can_sign", $_SESSION['login']) == "N" && (!isset($_SESSION['aliasprof']) || !isset($_SESSION['proffull']))) {
exit;
}
// Connexion a la base de donnees
include '../Includes/config.inc.php';
// Creer la requèete.
$rq = "SELECT classe,matiere,id_prof FROM onglets\n WHERE login='******'aliasprof']}' OR cologin='******'aliasprof']}' ORDER BY classe ASC ";
// lancer la requèete
$result = @mysqli_query($GLOBALS["___mysqli_ston"], $rq) or die(is_object($dbc) ? mysqli_error($dbc) : (($___mysqli_res = mysqli_connect_error()) ? $___mysqli_res : false));
// si pas de rubrique, on redirige vers config_ctxt.php
if (mysqli_num_rows($result) == 0) {
echo '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<title>Cahier de textes numérique</title>
<meta name="author" content="Philippe LECLERC -TICE CAEN" />
depuis le : <?calendrier_auto(-60,'jour_c','mois_c','an_c',$tsmp);?>
<input type="hidden" name="numrub" value= "<?php
echo $ch;
?>
" />
<input type="hidden" name="rub_activ" value= "<?php
echo $cible;
?>
" />
<input type="submit" name="valider" value="" class="bt-valid" />
<input type="button" value="" class="bt-annul" onclick="history.back()" />
<div id="services">
<input type="submit" name="plan" value="" class="bt-plan-dev" />
<?php
//Affichage du lien des absences
if (ldap_get_right("Cdt_is_cpe", $_SESSION['login']) == "Y") {
echo '<a href="#" class="open_wi" onclick="open_new_win(\'cpe.php\')" id="bt-consult"></a>';
}
if (isset($_SESSION['parentde']) && !isset($_SESSION['login'])) {
if ($FLAG_ABSENCE == 1) {
foreach ($_SESSION['parentde'] as $cle => $valcla) {
if ($valcla[2] == $ch) {
echo '<a href="#" id="bt-abs" title="Absences de ' . $valcla[1] . '" onclick="abs_popup(\'' . $valcla[0] . '\',\'' . $valcla[1] . '\'); return false" ></a>';
$uid_actif = $valcla[0];
}
}
} else {
foreach ($_SESSION['parentde'] as $cle => $valcla) {
if ($valcla[2] == $ch) {
$uid_actif = $valcla[0];
}
//test la validite du webmail
$query="SELECT value from applis where name='squirrelmail' or name='roundcube' ";
$result=mysqli_query($GLOBALS["___mysqli_ston"], $query);
if ($result)
{
if ( mysqli_num_rows($result) !=0 ) {
$r=mysqli_fetch_object($result);
$test_squir=$r->value;
}
else $test_squir="0";
}
else $test_squir="0";
((mysqli_free_result($result) || (is_object($result) && (get_class($result) == "mysqli_result"))) ? true : false);
//redirection si non droit
if ( (ldap_get_right("Mail_can_redir",$login)=="N") || $test_squir=="0") {
header("Location:index.php");
exit;
}
if (is_admin("Lcs_is_admin",$login) == "Y" )
{
if (isset($_GET['uid'])) $log2=$purifier->purify($_GET['uid']);
elseif (isset($_POST['uid'])) $log2=$purifier->purify($_POST['uid']);
else $log2=$login;
}
else
$log2=$login;
//traitement du formulaire
$cmd="hostname -d";
<?php
/* LCS section */
include "/var/www/Annu/includes/check-token.php";
if (!check_acces(1)) exit;
$login=$_SESSION['login'];
include ("/var/www/lcs/includes/headerauth.inc.php");
include ("/var/www/Annu/includes/ldap.inc.php");
if ( ldap_get_right("system_is_admin",$login)!="Y" && ldap_get_right("lcs_is_admin",$login)!="Y" ) {
echo "Vous n'avez pas les droits d'acces a cette application !";
die();
}
/**
* start page for webaccess
* redirect the user to the supported page type by the users webbrowser (js available or not)
*
* PHP version 5
*
* @category PHP
* @package PSI
* @author Michael Cramer <*****@*****.**>
* @copyright 2009 phpSysInfo
* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License
* @version SVN: $Id: index.php 687 2012-09-06 20:54:49Z namiltd $
* @link http://phpsysinfo.sourceforge.net
*/
/**
* define the application root path on the webserver
* @var string
*/
define('APP_ROOT', dirname(__FILE__));
if ( $info[0]["postofficebox"][0]) {
echo $info[0]["postofficebox"][0]." - ";
}
echo $info[0]["postalcode"][0]." ".$info[0]["l"][0]."<br />\n";
echo "Tel. ".$info[0]["telephonenumber"][0]."\n";
echo"</blockquote>\n";
}
@ldap_free_result ( $result );
}
} else {
$error = "Echec du bind anonyme";
}
@ldap_close ( $ds );
} else {
$error = "Erreur de connection au serveur LDAP";
}
aff_mnu_search(is_admin("Annu_is_admin",$login));
if (ldap_get_right("lcs_is_admin",$login)=="Y") {
echo "<ul>
<li><a href=\"delete_right.php\">Enlever un droit d'administration</a></li>
</ul>\n";
}
if (ldap_get_right("annu_is_admin",$login)=="Y") {
echo "<ul>
<li><a href=\"mod_shell.php\">Modification du shell des utilisateurs</a></li>
</ul>\n";
}
include ("../lcs/includes/pieds_de_page.inc.php");
?>
include "{$BASEDIR}/Annu/includes/ihm.inc.php";
//si la page est appelee par son URL
if (!isset($_SESSION['version']) || !isset($_SESSION['saclasse']) && !isset($_SESSION['login'])) {
exit;
} elseif (isset($_GET['uid'])) {
//test si uid est un enfant de parent
if (isset($_SESSION['parentde'])) {
$parent_ok = "false";
foreach ($_SESSION['parentde'] as $key => $value) {
if (in_array($_GET['uid'], $value)) {
$parent_ok = "true";
}
}
}
//exit si l'uid passe n'est pas autorise
if (($_SESSION['cequi'] != "eleve" || $_SESSION['login'] != $_GET['uid']) && $_SESSION['cequi'] != "prof" && ldap_get_right("Cdt_is_cpe", $_SESSION['login']) == "N" && ldap_get_right("Cdt_can_sign", $_SESSION['login']) == "N" && (!isset($_SESSION['parentde']) || $parent_ok == "false")) {
exit;
}
}
$cren_off = array();
include "../Includes/config.inc.php";
include "../Includes/fonctions.inc.php";
include "../Includes/creneau.inc.php";
//memorisation des parametres POST classe et matiere renvoyes par le formulaire
if (isset($_GET['fn'])) {
$nom = $_GET['fn'];
}
if (isset($_POST['nomeleve'])) {
$nom = $_POST['nomeleve'];
}
if (isset($_GET['uid'])) {
header("Expires: " . gmdate("D, d M Y H:i:s") . " GMT");
header("Cache-Control: no-cache, must-revalidate");
header("Pragma: no-cache");
session_name("Lcs");
@session_start();
include "../Includes/functions2.inc.php";
include "../Includes/fonctions.inc.php";
//fichiers necessaires a l'exploitation de l'API
$BASEDIR = "/var/www";
include "{$BASEDIR}/lcs/includes/headerauth.inc.php";
include "{$BASEDIR}/Annu/includes/ldap.inc.php";
include "{$BASEDIR}/Annu/includes/ihm.inc.php";
//si la page est appelee par un utilisateur non identifie ou non autorise
if (!isset($_SESSION['login'])) {
exit;
} elseif (ldap_get_right("Cdt_is_cpe", $_SESSION['login']) == "N" && ldap_get_right("Cdt_can_sign", $_SESSION['login']) == "N") {
exit;
}
$tsmp = time();
$tsmp2 = time() - 7776000;
//j-90
// Connexion a la base de donnees
require_once '../Includes/config.inc.php';
if (isset($_GET['fn'])) {
$nom = $_GET['fn'];
}
if (isset($_GET['kl'])) {
$nom = $_GET['kl'];
$filtre = "cn=" . $nom;
$grp_cl = search_groups($filtre);
if (count($grp_cl[0]) == 0) {
if (!check()) {
exit;
}
//error_reporting(0);
//si la page est appelee par un utilisateur non identifie
if (!isset($_SESSION['login'])) {
exit;
}
//fichiers necessaires e l'exploitation de l'API
include "../Includes/basedir.inc.php";
include "{$BASEDIR}/lcs/includes/headerauth.inc.php";
include "{$BASEDIR}/Annu/includes/ldap.inc.php";
include "{$BASEDIR}/Annu/includes/ihm.inc.php";
include "../Includes/config.inc.php";
//si la page est appelee par un utilisateur non "direction"
if (ldap_get_right("Cdt_can_sign", $_SESSION['login']) == "N") {
exit;
}
$cmd = "hostname -f";
exec($cmd, $hn, $retour);
$hostn = $hn[0];
//redirection
if (isset($_POST['Laclasse'])) {
$cla = $_POST['CLASSE'];
header("location: cahier_text_eleve.php?mlec547trg2s5hy={$cla}");
exit;
}
if (isset($_POST['Leprof'])) {
$prof2 = preg_split('/#/', $_POST['PROF']);
$_SESSION['aliasprof'] = $prof2[0];
$_SESSION['proffull'] = $prof2[1];
if (! isset($SMBWEBCLIENT_CLASS)) {
require_once "/var/www/Annu/includes/check-token.php";
if (!check_acces(1)) exit;
$login=$_SESSION['login'];
if ( !$login ) {
$swc = new smbwebclient;
$swc->NoRun('noauth');
}
include "/var/www/lcs/includes/headerauth.inc.php";
include "/var/www/Annu/includes/ldap.inc.php";
if(@ldap_get_right("smbweb_is_open",$login)!='Y') {
$swc = new smbwebclient;
$swc->NoRun('noright');
} else {
if(@ldap_get_right("lcs_is_admin",$login)=='Y') {
$acces="y";
} else {
// Test du changement du mot de passe
include("/var/www/Annu/includes/crob_ldap_functions.php");
$attribut=array("gecos");
$tab=get_tab_attribut("people", "uid=$login", $attribut);
// On ne doit avoir (au plus (*)) qu'un gecos par utilisateur.
// (*) admin n'a pas de gecos
$tab2=explode(",",$tab[0]);
if (user_valid_passwd($login,$tab2[1])) {$acces="n";} else {$acces="y";}
}
if ($acces=="y") {
//echo "Acces autorise.";
$swc = new smbwebclient;
$uid=$purifier->purify($_POST['uid']);
$user_entry=$purifier->purify($_POST['user_entry']);
$telephone=$purifier->purify($_POST['telephone']);
$nom=$purifier->purify($_POST['nom']);
$prenom=$purifier->purify($_POST['prenom']);
$description=$purifier->purify($_POST['description']);
$userpwd=@$purifier->purify($_POST['userpwd']);
$shell=$purifier->purify($_POST['shell']);
$password=@$purifier->purify($_POST['password']);
$string_auth=$purifier->purify($_POST['string_auth']);
$pseudo=$purifier->purify($_POST['pseudo']);
}
}
$isadmin=is_admin("Annu_is_admin",$login);
if (($isadmin=="Y") or ((tstclass($login,$uid)==1) and (ldap_get_right("sovajon_is_admin",$login)=="Y"))) {
// Recuperation des entrees de l'utilisateur a modifier
$user=people_get_variables ($uid, false);
// Decryptage du mot de passe
if ( $user_entry && $string_auth)
$userpwd = decodekey($string_auth);
// Modification des entrees
if ( !$user_entry || ($user_entry && (!verifPseudo($pseudo) || !verifTel($telephone) || !verifEntree($nom) || !verifEntree($prenom) || !verifDescription($description) || ($userpwd && !verifPwd($userpwd)) ) ) ) {
header_crypto_html("Modification fiche utilisateur");
aff_trailer ("4");
?>
<form name = "auth" action="mod_user_entry.php" onSubmit = "encrypt(document.auth)" method="post">
<table align="center" border="0" width="90%">
<tbody>
<tr>
<td width="27%">Login : </td>
$head .= " <title>...::: Interface d'administration Serveur LCS :::...</title>\n";
$head .= '<meta http-equiv="content-type" content="text/html;charset=utf-8" />';
$head .= " <link rel='stylesheet' href='./style/stylesort.css' />\n";
$head .= " <link href='../Annu/style.css' rel='StyleSheet' type='text/css'>\n";
$head .= " <link rel='stylesheet' type='text/css' media='screen' href='../libjs/jquery-ui/css/redmond/jquery-ui.css'> \n";
$head .= " <link rel='stylesheet' type='text/css' media='screen' href='../libjs/jqGrid/css/ui.jqgrid.css' >\n";
$head .= " <script type='text/javascript' src='../libjs/jquery/jquery.js'></script>\n";
$head .= " <script type='text/javascript' src='../libjs/jqGrid/js/i18n/grid.locale-fr.js'></script>\n";
$head .= " <script type='text/javascript' src='../libjs/jqGrid/js/jquery.jqGrid.min.js'></script>\n";
$head .= " <script type='text/javascript' src='./js/script_redir.js'></script>\n";
$head .= " </head>\n";
$head .= " <body>\n";
$msgIntro = "<h1>Redirection des mails</h1>\n <br/>";
if (ldap_get_right("lcs_is_admin",$login)!="Y") {
echo $head;
die (gettext("Vous n'avez pas les droits suffisants pour accéder à cette fonction")."</body></html>");
}
//test si squirrelmail est installe pour redirection mails
$query="SELECT value from applis where name='squirrelmail' or name='roundcube'";
$result=mysqli_query($GLOBALS["___mysqli_ston"], $query);
if ($result) {
if ( mysqli_num_rows($result) !=0 ) {
$r=mysqli_fetch_object($result);
$test_squir=$r->value;
} else $test_squir="0";
} else $test_squir="0";
//fin test squirrelmail
function is_admin ($droit,$login)
{
if ((ldap_get_right("lcs_is_admin",$login)=="Y")||(ldap_get_right($droit,$login)=="Y"))
$srch="Y";
else
$srch="N";
return $srch;
}
// loading libs and init
include "entete.inc.php";
include "ldap.inc.php";
include "ihm.inc.php";
//require_once "../dhcp/dhcpd.inc.php";
include "printers.inc.php";
require "lib_action_tftp.php";
//aide
$_SESSION["pageaide"] = "Le_module_Clonage_des_stations#Programmer_un_rapport";
// On active les rapports d'erreurs:
//error_reporting(E_ALL);
// Bibliothèque prototype Ajax pour afficher en décalé l'état des machines:
echo "<script type='text/javascript' src='../includes/prototype.js'></script>\n";
// CSS pour mes tableaux:
echo "<link type='text/css' rel='stylesheet' href='tftp.css' />\n";
if (is_admin("system_is_admin", $login) == "Y" || ldap_get_right("parc_can_clone", $login) == "Y") {
// Choix des parcs:
$parc = isset($_POST['parc']) ? $_POST['parc'] : (isset($_GET['parc']) ? $_GET['parc'] : NULL);
// Choix des machines:
$id_machine = isset($_POST['id_machine']) ? $_POST['id_machine'] : (isset($_GET['id_machine']) ? $_GET['id_machine'] : NULL);
$parametrage_action = isset($_POST['parametrage_action']) ? $_POST['parametrage_action'] : (isset($_GET['parametrage_action']) ? $_GET['parametrage_action'] : NULL);
$distrib = isset($_POST['distrib']) ? $_POST['distrib'] : "slitaz";
$sysresccd_kernel = isset($_POST['sysresccd_kernel']) ? $_POST['sysresccd_kernel'] : "rescue32";
// Création de la table dès que possible:
creation_tftp_tables();
// Paramètres SliTaz:
/*
$nom_image=isset($_POST['nom_image']) ? $_POST['nom_image'] : (isset($_GET['nom_image']) ? $_GET['nom_image'] : NULL);
$src_part=isset($_POST['src_part']) ? $_POST['src_part'] : (isset($_GET['src_part']) ? $_GET['src_part'] : NULL);
$dest_part=isset($_POST['dest_part']) ? $_POST['dest_part'] : (isset($_GET['dest_part']) ? $_GET['dest_part'] : NULL);
*/
while ($row = mysqli_fetch_assoc($res))
if ($row['Database'] == $userDb) { $userdb=1; break;} else $userdb=0;
if ( $userdb == 0 ) {
echo "<li><a href=\"adm_BddPerso.php?uid=".$user["uid"]."&toggle=1"."&jeton=".md5($_SESSION['token'].htmlentities("/Annu/adm_BddPerso.php"))."\">Activer la <em>base de données</em></a><br>\n";
} else {
echo "<li><a href=\"adm_BddPerso.php?uid=".$user["uid"]."&toggle=0"."&jeton=".md5($_SESSION['token'].htmlentities("/Annu/adm_BddPerso.php"))."\">Désactiver la <em>base de données</em></a><br>\n";
}
echo "</ul>\n";
}
echo "</ul>\n";
} // Fin affichage menu people_admin
// Test de l'appartenance à la classe
if ((tstclass($login,$user["uid"])==1) and (ldap_get_right("sovajon_is_admin",$login)=="Y") and ($login != $user["uid"])) {
echo "<br>\n";
echo "<ul style=\"color: red;\">\n";
echo "<li><a href=\"mod_user_entry.php?uid=".$user["uid"]."&jeton=".md5($_SESSION['token'].htmlentities("/Annu/mod_user_entry.php"))."\">Modifier le compte de mon élève ...</a><br>\n";
echo "</ul>\n";
}
// swekey
if (( is_dir ("/usr/share/lcs/swekey")) && ($login == $user["uid"])) {
echo '<div id="del_swekey"></div>';
if ($_SERVER['PHP_SELF']=="/Annu/people.php"){
echo '<SCRIPT language = "javascript" type = "text/javascript" src = "../../swekey/swekey_integrate.js"></SCRIPT>';
echo '<SCRIPT language = "javascript" type = "text/javascript" src = "../../swekey/swekey.js"></SCRIPT>';
echo '<SCRIPT language = "javascript" type = "text/javascript" src = "../../swekey/my_swekey.js"></SCRIPT>';
echo '<SCRIPT language = "javascript" type = "text/javascript">
var idk = Swekey_ListKeyIds().substring(0, 32);