static function set($_name, $_value)
{
if (isset(self::$grrSettings[$_name])) {
$sql = "UPDATE " . TABLE_PREFIX . "_setting set VALUE = '" . protect_data_sql($_value) . "' where NAME = '" . protect_data_sql($_name) . "'";
$res = grr_sql_query($sql);
if (!$res) {
return false;
}
} else {
$sql = "INSERT INTO " . TABLE_PREFIX . "_setting set NAME = '" . protect_data_sql($_name) . "', VALUE = '" . protect_data_sql($_value) . "'";
$res = grr_sql_query($sql);
if (!$res) {
return false;
}
}
self::$grrSettings[$_name] = $_value;
return true;
}
$today[$row[0]][$start_t]["data"] = affichage_lien_resa_planning($row[3],$row[4]);
// Info-bulle
if (getSettingValue("display_info_bulle") == 1)
$today[$row[0]][$start_t]["who"] = get_vocab("reservation au nom de").affiche_nom_prenom_email($row[6],$row[11]);
else if (getSettingValue("display_info_bulle") == 2)
$today[$row[0]][$start_t]["who"] = $row[8];
else
$today[$row[0]][$start_t]["who"] = "";
}
}
grr_sql_free($res);
# We need to know what all the rooms area called, so we can show them all
# pull the data from the db and store it. Convienently we can print the room
# headings and capacities at the same time
$sql = "select room_name, capacity, id, description, statut_room, show_fic_room, delais_option_reservation, moderate from ".TABLE_PREFIX."_room where area_id='".protect_data_sql($area)."' order by order_display, room_name";
$res = grr_sql_query($sql);
# It might be that there are no rooms defined for this area.
# If there are none then show an error and dont bother doing anything
# else
if (! $res) fatal_error(0, grr_sql_error());
if (grr_sql_count($res) == 0)
{
echo "<h1>".get_vocab('no_rooms_for_area')."</h1>";
grr_sql_free($res);
}
else
{
#This is where we start displaying stuff
echo "<table cellspacing=\"0\" border=\"1\" width=\"100%\">";
} else {
$today[$row['0']][$start_t]["data"] = affichage_lien_resa_planning($row['3'], $row['4']);
if ($settings->get("display_info_bulle") == 1) {
$today[$row['0']][$start_t]["who"] = get_vocab("reservation au nom de") . affiche_nom_prenom_email($row['6'], $row['11']);
} else {
if ($settings->get("display_info_bulle") == 2) {
$today[$row['0']][$start_t]["who"] = $row['8'];
} else {
$today[$row['0']][$start_t]["who"] = "";
}
}
}
}
}
grr_sql_free($res);
$sql = "SELECT room_name, capacity, id, description, statut_room, show_fic_room, delais_option_reservation, moderate FROM " . TABLE_PREFIX . "_room WHERE area_id='" . protect_data_sql($area) . "' ORDER BY order_display, room_name";
$res = grr_sql_query($sql);
if (!$res) {
fatal_error(0, grr_sql_error());
}
if (grr_sql_count($res) == 0) {
echo '<h1>' . get_vocab("no_rooms_for_area") . '</h1>';
grr_sql_free($res);
} else {
echo '<div class="row">' . PHP_EOL;
include "menu_gauche.php";
if ($_GET['pview'] != 1) {
echo '<div class="col-lg-9 col-md-12 col-xs-12">' . PHP_EOL;
echo '<div id="planning">' . PHP_EOL;
} else {
echo '<div id="print_planning">' . PHP_EOL;
settype($number_periodes, "integer");
if ($number_periodes < 1) {
$number_periodes = 1;
}
$del_periode = grr_sql_query("delete from " . TABLE_PREFIX . "_area_periodes where id_area='" . $id_area . "'");
#on efface le modele par defaut avec area=0
$del_periode = grr_sql_query("delete from " . TABLE_PREFIX . "_area_periodes where id_area='0'");
$i = 0;
$num = 0;
while ($i < $number_periodes) {
$temp = "periode_" . $i;
if (isset($_POST[$temp])) {
$nom_periode = corriger_caracteres($_POST[$temp]);
$reg_periode = grr_sql_query("insert into " . TABLE_PREFIX . "_area_periodes set\n\t\t\t\t\t\t\t\tid_area='" . $id_area . "',\n\t\t\t\t\t\t\t\tnum_periode='" . $num . "',\n\t\t\t\t\t\t\t\tnom_periode='" . protect_data_sql($nom_periode) . "'\n\t\t\t\t\t\t\t\t");
#on cree un modele par defaut avec area=0
$reg_periode = grr_sql_query("insert into " . TABLE_PREFIX . "_area_periodes set\n\t\t\t\t\t\t\t\tid_area='0',\n\t\t\t\t\t\t\t\tnum_periode='" . $num . "',\n\t\t\t\t\t\t\t\tnom_periode='" . protect_data_sql($nom_periode) . "'");
$num++;
}
$i++;
}
}
}
$msg = get_vocab("message_records");
}
}
if ($access == 'a') {
$sql = "DELETE FROM " . TABLE_PREFIX . "_j_user_area WHERE id_area='{$id_area}'";
if (grr_sql_command($sql) < 0) {
fatal_error(0, get_vocab('update_area_failed') . grr_sql_error());
}
}
grr_sql_mutex_unlock('' . TABLE_PREFIX . '_entry');
if ($error_booking_in_past == 'yes') {
$str_date = utf8_strftime('%d %B %Y, %H:%M', $date_now);
print_header();
echo '<h2>' . get_vocab('booking_in_past') . '</h2>';
if ($rep_type != 0 && !empty($reps)) {
echo '<p>' . get_vocab('booking_in_past_explain_with_periodicity') . $str_date . '</p>';
} else {
echo '<p>' . get_vocab('booking_in_past_explain') . $str_date . '</p>';
}
echo '<a href="' . $back . '&Err=yes">' . get_vocab('returnprev') . '</a>';
include 'include/trailer.inc.php';
die;
}
if ($error_duree_max_resa_area == 'yes') {
$area_id = grr_sql_query1('SELECT area_id FROM ' . TABLE_PREFIX . "_room WHERE id='" . protect_data_sql($room_id) . "'");
$duree_max_resa_area = grr_sql_query1('SELECT duree_max_resa_area FROM ' . TABLE_PREFIX . "_area WHERE id='" . $area_id . "'");
print_header();
$temps_format = $duree_max_resa_area * 60;
toTimeString($temps_format, $dur_units, true);
echo '<h2>' . get_vocab('error_duree_max_resa_area') . $temps_format . ' ' . $dur_units . '</h2>';
echo '<a href="' . $back . '&Err=yes">' . get_vocab('returnprev') . '</a>';
include 'include/trailer.inc.php';
die;
}
if ($error_delais_max_resa_room == 'yes') {
print_header();
echo '<h2>' . get_vocab('error_delais_max_resa_room') . '</h2>';
echo '<a href="' . $back . '&Err=yes">' . get_vocab('returnprev') . '</a>';
include 'include/trailer.inc.php';
die;
$back = htmlspecialchars($_SERVER['HTTP_REFERER']);
}
if (Settings::get("sso_ac_corr_profil_statut") != 'y') {
showAccessDenied($back);
exit;
}
check_access(5, $back);
$themessage = str_replace("'", "\\'", get_vocab("confirmdel"));
$themessage2 = str_replace("'", "\\'", get_vocab("confirm_del"));
//
// Ajout d'une correspondance fonction/statut
//
$msg = "";
if (isset($_GET['action_add']) && $_GET['action_add'] == 'yes') {
if ($_POST['codefonc'] != "" && $_POST['libfonc'] != "" && $_POST['statutgrr'] != "") {
$sql = "INSERT INTO " . TABLE_PREFIX . "_correspondance_statut (code_fonction, libelle_fonction, statut_grr) VALUES ('" . strtoupper(protect_data_sql($_POST['codefonc'])) . "', '" . ucfirst(protect_data_sql($_POST['libfonc'])) . "','" . $_POST['statutgrr'] . "')";
if (grr_sql_command($sql) < 0) {
fatal_error(0, "<p>" . grr_sql_error());
} else {
$msg = get_vocab("message_records");
}
} else {
$msg = get_vocab("champs_non_remplis");
}
}
//
// Modification d'une correspondance fonction/statut
//
if (isset($_GET['action_mod']) && ($_GET['action_mod'] = 'yes')) {
if (isset($_POST['idselect'])) {
$select = "statut" . $_POST['idselect'];
}
// Description complète
if (authGetUserLevel($getUserName(), -1) >= Settings::get("acces_fiche_reservation") && $row["comment_room"] != '') {
echo "<h3>" . get_vocab("match_descr") . "</h3>\n";
echo "<div>" . $row["comment_room"] . "</div>\n";
}
// Afficher capacité
if ($row["capacity"] != '0') {
echo "<h3>" . get_vocab("capacity_2") . "</h3>\n";
echo "<p>" . $row["capacity"] . "</p>\n";
}
if ($row["max_booking"] != "-1") {
echo "<p>" . get_vocab("msg_max_booking") . get_vocab("deux_points") . $row["max_booking"] . "</p>";
}
// Limitation par domaine
$max_booking_per_area = grr_sql_query1("SELECT max_booking FROM " . TABLE_PREFIX . "_area WHERE id = '" . protect_data_sql($id_area) . "'");
if ($max_booking_per_area >= 0) {
echo "<p>" . get_vocab("msg_max_booking_area") . get_vocab("deux_points") . $max_booking_per_area . "</p>";
}
if ($row["delais_max_resa_room"] != "-1") {
echo "<p>" . get_vocab("delais_max_resa_room_2") . " <b>" . $row["delais_max_resa_room"] . "</b></p>";
}
if ($row["delais_min_resa_room"] != "0") {
echo "<p>" . get_vocab("delais_min_resa_room_2") . " <b>" . $row["delais_min_resa_room"] . "</b></p>";
}
$nom_picture = '';
if ($row['picture_room'] != '') {
$nom_picture = "./images/" . $row['picture_room'];
}
echo "<div style=\"text-align:center; margin-top:30px\"><b>";
if (@file_exists($nom_picture) && $nom_picture) {
function handleSlo($ret)
{
//error_log("handleSlo");
$r = $this->relayState;
if ($this->currentHttpMethod == LASSO_HTTP_METHOD_GET && $this->currentHttpMethod == LASSO_HTTP_METHOD_POST) {
$this->headerHtml("SLO endpoint", $r);
if ($ret) {
echo "Demande de slo échoué: " . strError($ret) . "({$ret})";
} else {
echo "Demande de slo réussie";
}
echo "Go to <a href='{$r}'>{$r}</a>";
$this->footerHtml();
lassospkit_clean();
grr_closeSession($_GET['auto']);
} else {
# Specialized
$id = lassospkit_userid();
if (isset($id)) {
//error_log("Trying to destroy session $id");
chdir("..");
global $dbsys;
require_once "./include/config.inc.php";
include "./include/connect.inc.php";
require_once "./include/{$dbsys}.inc.php";
require_once "./include/functions.inc.php";
require_once "./include/session.inc.php";
// See admin_view_connexions.php:67
$sql = "SELECT session_id FROM " . TABLE_PREFIX . "_log\n WHERE login = '******'\n AND end > NOW()";
$res = grr_sql_query($sql);
if ($res) {
for ($i = 0; $row = grr_sql_row($res, $i); $i++) {
$php_session_id = $row[0];
//error_log("Erasing GRR session $php_session_id");
session_id($php_session_id);
// delete spkitlasso session if necessary
@session_start();
lassospkit_set_nameid(@$_SESSION['lasso_nameid']);
lassospkit_clean();
// delete GRR session
$auto = 0;
grr_closeSession($auto);
// Done by grr_closeSession:
//session_start();
//session_destroy();
}
}
}
}
if ($ret) {
error_log("Demande de slo échoué: {$ret}");
} else {
//error_log("Demande de slo réussie: $ret");
}
return $ret;
}
prenom='".protect_data_sql($reg_prenom)."',
statut='".protect_data_sql($reg_statut)."',
email='".protect_data_sql($reg_email)."',";
if ($reg_type_authentification=="locale") {
$sql .= "source='local',";
if ($reg_password_c!='')
$sql .= "password='******',";
} else
$sql .= "source='ext',password='',";
$sql .= "etat='".protect_data_sql($reg_etat)."'
WHERE login='******'";
if (grr_sql_command($sql) < 0)
{fatal_error(0, get_vocab("message_records_error") . grr_sql_error());
} else {
$msg = get_vocab("message_records");
}
// Cas où on a déclaré un utilisateur inactif, on le supprime dans les tables ".TABLE_PREFIX."_j_user_area, ".TABLE_PREFIX."_j_mailuser_room
if ($reg_etat != 'actif') {
$sql = "DELETE FROM ".TABLE_PREFIX."_j_user_area WHERE login='******'";
if (grr_sql_command($sql) < 0) fatal_error(0, get_vocab('message_records_error') . grr_sql_error());
$sql = "DELETE FROM ".TABLE_PREFIX."_j_mailuser_room WHERE login='******'";
if (grr_sql_command($sql) < 0) fatal_error(0, get_vocab('message_records_error') . grr_sql_error());
$sql = "DELETE FROM ".TABLE_PREFIX."_j_useradmin_area WHERE login='******'";
if (grr_sql_command($sql) < 0)
fatal_error(0, get_vocab('message_records_error') . grr_sql_error());
echo " value=\"" . $jour_cycle . "\"";
}
echo "/><br /><br /><div style=\"text-align:center;\"><input type=\"submit\" value=\"Enregistrer\" /></div>\n";
echo "</div></form>\n";
echo "</fieldset>\n";
}
// Enregistrement du nouveau jour cycle
if (isset($_GET['selection'])) {
if ($_GET['selection'] == 0) {
grr_sql_query("delete from " . TABLE_PREFIX . "_calendrier_jours_cycle WHERE DAY = " . $_GET['newdate'] . "");
} elseif ($_GET['selection'] == 1) {
grr_sql_query("delete from " . TABLE_PREFIX . "_calendrier_jours_cycle WHERE DAY = " . $_GET['newdate'] . "");
grr_sql_query("insert into " . TABLE_PREFIX . "_calendrier_jours_cycle set Jours =" . $_GET['newDay'] . ", DAY = " . $_GET['newdate'] . "");
} elseif ($_GET['selection'] == 2) {
grr_sql_query("delete from " . TABLE_PREFIX . "_calendrier_jours_cycle WHERE DAY = " . $_GET['newdate'] . "");
grr_sql_query("insert into " . TABLE_PREFIX . "_calendrier_jours_cycle set Jours ='" . protect_data_sql($_GET['titre']) . "', DAY = " . $_GET['newdate'] . "");
}
}
$basetime = mktime(12, 0, 0, 6, 11 + $weekstarts, 2000);
echo "<table cellspacing=\"20\" border=\"0\">\n";
$n = Settings::get("begin_bookings");
$end_bookings = Settings::get("end_bookings");
$debligne = 1;
$month = strftime("%m", Settings::get("begin_bookings"));
$year = strftime("%Y", Settings::get("begin_bookings"));
$inc = 0;
while ($n <= $end_bookings) {
if ($debligne == 1) {
echo "<tr>\n";
$inc = 0;
$debligne = 0;
// Mais dans les 2 cas, il faut valider les données
if (($valid == 'yes') or ($valid=='reset'))
{
$default_site = isset($_POST['id_site']) ? $_POST['id_site'] : NULL;
$default_area = isset($_POST['id_area']) ? $_POST['id_area'] : NULL;
$default_room = isset($_POST['id_room']) ? $_POST['id_room'] : NULL;
$default_style = isset($_POST['default_css']) ? $_POST['default_css'] : NULL;
$default_list_type = isset($_POST['area_list_format']) ? $_POST['area_list_format'] : NULL;
$default_language = isset($_POST['default_language']) ? $_POST['default_language'] : NULL;
$sql = "UPDATE ".TABLE_PREFIX."_utilisateurs
SET default_site = '".protect_data_sql($default_site)."',
default_area = '".protect_data_sql($default_area)."',
default_room = '".protect_data_sql($default_room)."',
default_style = '". protect_data_sql($default_style)."',
default_list_type = '".protect_data_sql($default_list_type)."',
default_language = '".protect_data_sql($default_language)."'
WHERE login='******'";
if (grr_sql_command($sql) < 0)
fatal_error(0, get_vocab('message_records_error').grr_sql_error());
else
{
if (($default_site !='') and ($default_site !='0'))
$_SESSION['default_site'] = $default_site;
else
$_SESSION['default_site'] = getSettingValue('default_site');
if (($default_area !='') and ($default_area !='0'))
$_SESSION['default_area'] = $default_area;
else
$_SESSION['default_area'] = getSettingValue('default_area');
/** mrbsCreateRepeatEntry()
*
* Creates a repeat entry in the data base
*
* $starttime - Start time of entry
* $endtime - End time of entry
* $rep_type - The repeat type
* $rep_enddate - When the repeating ends
* $rep_opt - Any options associated with the entry
* $room_id - Room ID
* $beneficiaire - beneficiaire
* $beneficiaire_ext - beneficiaire extérieur
* $creator - celui aui a créé ou modifié la réservation.
* $name - Name
* $type - Type (Internal/External)
* $description - Description
*$rep_jour_c - Le jour cycle d'une réservation, si aucun 0
*
* Returns:
* 0 - An error occured while inserting the entry
* non-zero - The entry's ID
*/
function mrbsCreateRepeatEntry($starttime, $endtime, $rep_type, $rep_enddate, $rep_opt,
$room_id, $creator, $beneficiaire, $beneficiaire_ext, $name, $type, $description, $rep_num_weeks,$overload_data, $rep_jour_c)
{
$overload_data_string = "";
$area_id = mrbsGetAreaIdFromRoomId($room_id);
$overload_fields_list = mrbsOverloadGetFieldslist($area_id);
foreach ($overload_fields_list as $field=>$fieldtype)
{
$id_field = $overload_fields_list[$field]["id"];
if (array_key_exists($id_field,$overload_data))
{
// $begin_string = "<".$id_field.">"; //tructruc
// $end_string = "</".$id_field.">"; //tructruc
$begin_string = "@".$id_field."@";
$end_string = "@/".$id_field."@";
// $overload_data_string .= $begin_string.base64_encode($overload_data[$id_field]).$end_string; // tructruc
$overload_data_string .= $begin_string.urlencode($overload_data[$id_field]).$end_string; // tructruc
}
}
$sql = "INSERT INTO ".TABLE_PREFIX."_repeat (
start_time, end_time, rep_type, end_date, rep_opt, room_id, create_by, beneficiaire, beneficiaire_ext, type, name, description, rep_num_weeks, overload_desc, jours)
VALUES ($starttime, $endtime, $rep_type, $rep_enddate, '$rep_opt', $room_id, '".protect_data_sql($creator)."','".protect_data_sql($beneficiaire)."','".protect_data_sql($beneficiaire_ext)."', '".protect_data_sql($type)."', '".protect_data_sql($name)."', '".protect_data_sql($description)."', '$rep_num_weeks','".protect_data_sql($overload_data_string)."',".$rep_jour_c.")";
if (grr_sql_command($sql) < 0)
{
return 0;
}
return grr_sql_insert_id("".TABLE_PREFIX."_repeat", "id");
}
function effectuer_correspondance_profil_statut($codefonction, $libellefonction) {
# On récupère le statut par défaut des utilisateurs CAS
$sso = getSettingValue("sso_statut");
if ($sso == "cas_visiteur") $_statut = "visiteur";
else if ($sso == "cas_utilisateur") $_statut = "utilisateur";
# Le code fonction est défini
if ($codefonction != "") {
$sql = grr_sql_query1("select statut_grr from ".TABLE_PREFIX."_correspondance_statut where code_fonction='".$codefonction."'");
if ($sql != -1) { // Si la fonction existe dans la table de correspondance, on retourne le statut_grr associé
return $sql;
} else {
// Le code n'existe pas dans la base, alors on l'insère en lui attribuant le statut par défaut.
$libellefonction = protect_data_sql($libellefonction);
$sql = grr_sql_command("insert into grr_correspondance_statut(code_fonction,libelle_fonction,statut_grr) values('$codefonction', '$libellefonction', '$_statut')");
return $_statut;
}
# Le code fonction n'est pas défini, alors on retourne le statut par défaut.
} else {
return $_statut;
}
}
$end_month = strftime('%m', $row[4]);
$end_year = strftime('%Y', $row[4]);
$end_hour = strftime('%H', $row[4]);
$end_min = strftime('%M', $row[4]);
$duration = $row[4] - $row[3];
$etype = $row[5];
$room_id = $row[6];
$entry_type = $row[7];
$rep_id = $row[8];
$option_reservation = $row[9];
$jours_c = $row[10];
$clef = $row[14];
$courrier = $row[15];
$modif_option_reservation = 'n';
if ($entry_type >= 1) {
$sql = "SELECT rep_type, start_time, end_date, rep_opt, rep_num_weeks, end_time, type, name, beneficiaire, description\n\t\tFROM " . TABLE_PREFIX . "_repeat WHERE id='" . protect_data_sql($rep_id) . "'";
$res = grr_sql_query($sql);
if (!$res) {
fatal_error(1, grr_sql_error());
}
if (grr_sql_count($res) != 1) {
fatal_error(1, get_vocab('repeat_id') . $rep_id . get_vocab('not_found'));
}
$row = grr_sql_row($res, 0);
grr_sql_free($res);
$rep_type = $row[0];
if ($rep_type == 2) {
$rep_num_weeks = $row[4];
}
if ($edit_type == "series") {
$start_day = (int) strftime('%d', $row[1]);
$retry = 'yes';
}
}
}
}
if ($retry != 'yes') {
$sql = "UPDATE " . TABLE_PREFIX . "_utilisateurs SET nom='" . protect_data_sql($reg_nom) . "',\n\t\t\t\tprenom='" . protect_data_sql($reg_prenom) . "',\n\t\t\t\tstatut='" . protect_data_sql($reg_statut) . "',\n\t\t\t\temail='" . protect_data_sql($reg_email) . "',";
if ($reg_type_authentification == "locale") {
$sql .= "source='local',";
if ($reg_password_c != '') {
$sql .= "password='******',";
}
} else {
$sql .= "source='ext',password='',";
}
$sql .= "etat='" . protect_data_sql($reg_etat) . "'\n\t\t\t\tWHERE login='******'";
if (grr_sql_command($sql) < 0) {
fatal_error(0, get_vocab("message_records_error") . grr_sql_error());
} else {
$msg = get_vocab("message_records");
}
// Cas où on a déclaré un utilisateur inactif, on le supprime dans les tables ".TABLE_PREFIX."_j_user_area, ".TABLE_PREFIX."_j_mailuser_room
if ($reg_etat != 'actif') {
$sql = "DELETE FROM " . TABLE_PREFIX . "_j_user_area WHERE login='******'";
if (grr_sql_command($sql) < 0) {
fatal_error(0, get_vocab('message_records_error') . grr_sql_error());
}
$sql = "DELETE FROM " . TABLE_PREFIX . "_j_mailuser_room WHERE login='******'";
if (grr_sql_command($sql) < 0) {
fatal_error(0, get_vocab('message_records_error') . grr_sql_error());
}
foreach ( $userdomain as $key=>$value )
if ( $key == $row[0] ) $arearight = True;
}
// On fait l'action si l'id/area a été validé.
if ( $arearight == True )
{
$sql = "update ".TABLE_PREFIX."_overload set
fieldname='".protect_data_sql($fieldname)."',
fieldtype='".protect_data_sql($fieldtype)."',
obligatoire='".$obligatoire."',
confidentiel='".$confidentiel."',
affichage='".$affichage."',
overload_mail='".$overload_mail."',
fieldlist='".protect_data_sql($fieldlist)."'
where id=$id_overload;";
if (grr_sql_command($sql) < 0) fatal_error(0, "$sql \n\n" . grr_sql_error());
}
}
// X- On affiche la première ligne du tableau avec les libelles.
$html = get_vocab("explication_champs_additionnels")."\n";
$html .= "<form method=\"post\" action=\"admin_overload.php\" >\n<table border=\"0\">";
$html .= "<tr><td>".get_vocab("match_area").get_vocab("deux_points")."</td>\n";
$html .= "<td>".get_vocab("fieldname").get_vocab("deux_points")."</td>\n";
$html .= "<td>".get_vocab("fieldtype").get_vocab("deux_points")."</td>\n";
$html .= "<td><span class='small'>".get_vocab("champ_obligatoire")."</span></td>\n";
$html .= "<td><span class='small'>".get_vocab("affiche_dans_les vues")."</span></td>\n";
$html .= "<td><span class='small'>".get_vocab("affiche_dans_les mails")."</span></td>\n";
$html .= "<td><span class='small'>".get_vocab("champ_confidentiel")."</span></td>\n";
$msg .= "\\n" . get_vocab('message_records');
}
}
}
if (IsAllowedToModifyProfil() && $champ_manquant == 'y') {
$msg .= "\\n" . get_vocab('required');
}
}
if ($valid == 'yes' || $valid == 'reset') {
$default_site = isset($_POST['id_site']) ? $_POST['id_site'] : NULL;
$default_area = isset($_POST['id_area']) ? $_POST['id_area'] : NULL;
$default_room = isset($_POST['id_room']) ? $_POST['id_room'] : NULL;
$default_style = isset($_POST['default_css']) ? $_POST['default_css'] : NULL;
$default_list_type = isset($_POST['area_item_format']) ? $_POST['area_item_format'] : NULL;
$default_language = isset($_POST['default_language']) ? $_POST['default_language'] : NULL;
$sql = "UPDATE " . TABLE_PREFIX . "_utilisateurs\n\tSET default_site = '" . protect_data_sql($default_site) . "',\n\tdefault_area = '" . protect_data_sql($default_area) . "',\n\tdefault_room = '" . protect_data_sql($default_room) . "',\n\tdefault_style = '" . protect_data_sql($default_style) . "',\n\tdefault_list_type = '" . protect_data_sql($default_list_type) . "',\n\tdefault_language = '" . protect_data_sql($default_language) . "'\n\tWHERE login='******'";
if (grr_sql_command($sql) < 0) {
fatal_error(0, get_vocab('message_records_error') . grr_sql_error());
} else {
if ($default_site != '' && $default_site != '0') {
$_SESSION['default_site'] = $default_site;
} else {
$_SESSION['default_site'] = Settings::get('default_site');
}
if ($default_area != '' && $default_area != '0') {
$_SESSION['default_area'] = $default_area;
} else {
$_SESSION['default_area'] = Settings::get('default_area');
}
if ($default_room != '' && $default_room != '0') {
$_SESSION['default_room'] = $default_room;
$i = 0;
$num = 0;
while ($i < $number_periodes) {
$temp = "periode_".$i;
if (isset($_POST[$temp])) {
$nom_periode = corriger_caracteres($_POST[$temp]);
$reg_periode = grr_sql_query("insert into ".TABLE_PREFIX."_area_periodes set
id_area='".$id_area."',
num_periode='".$num."',
nom_periode='".protect_data_sql($nom_periode)."'
");
#on crée un modèle par défaut avec area=0
$reg_periode = grr_sql_query("insert into ".TABLE_PREFIX."_area_periodes set
id_area='0',
num_periode='".$num."',
nom_periode='".protect_data_sql($nom_periode)."'");
$num++;
}
$i++;
}
}
}
$msg = get_vocab("message_records");
}
}
if ($access=='a') {
$sql = "DELETE FROM ".TABLE_PREFIX."_j_user_area WHERE id_area='$id_area'";
if (grr_sql_command($sql) < 0)
fatal_error(0, get_vocab('update_area_failed') . grr_sql_error());
}
if ((isset($change_done)) and (!isset($ok))) {
$groupe = "vide";
}
$test = grr_sql_query1("SELECT count(login) FROM " . TABLE_PREFIX . "_utilisateurs WHERE login = '******'");
if ($test == 0) {
// On insert le nouvel utilisteur
$sql = "INSERT INTO " . TABLE_PREFIX . "_utilisateurs SET\n\t\t\tnom='" . protect_data_sql($user_nom) . "',\n\t\t\tprenom='" . protect_data_sql($user_prenom) . "',\n\t\t\tstatut='" . protect_data_sql($user_statut) . "',\n\t\t\temail='" . protect_data_sql($user_email) . "',\n\t\t\tsource='ext',\n\t\t\tetat='actif',\n\t\t\tlogin='******'";
if (grr_sql_command($sql) < 0) {
$liste_pb_insertion .= $user_login . " (" . $user_prenom . " " . $user_nom . ")<br />";
} else {
$liste_nouveaux .= $user_login . " (" . $user_prenom . " " . $user_nom . ")<br />";
}
} else {
$test2 = grr_sql_query1("SELECT source FROM " . TABLE_PREFIX . "_utilisateurs WHERE login = '******'");
if ($test2 == 'ext') {
// On met à jour
$sql = "UPDATE " . TABLE_PREFIX . "_utilisateurs SET\n\t\t\t\tnom='" . protect_data_sql($user_nom) . "',\n\t\t\t\tprenom='" . protect_data_sql($user_prenom) . "',\n\t\t\t\temail='" . protect_data_sql($user_email) . "'\n\t\t\t\twhere login='******'";
}
if (grr_sql_command($sql) < 0) {
$liste_pb_update .= $user_login . " (" . $user_prenom . " " . $user_nom . ")<br />";
} else {
$liste_update .= $user_login . " (" . $user_prenom . " " . $user_nom . ")<br />";
}
}
//echo "login : "******" Nom : ".$user_nom." Prénom : ".$user_prenom." Email : ".$user_email." Etat : ".$etat." Groupes : ".$groupe;
//echo "<br />";
}
$mess = "";
if ($liste_pb_insertion != "") {
$mess .= "<b><span class=\"avertissement\">" . get_vocab("liste_pb_insertion") . "</b><br />" . $liste_pb_insertion . "</span><br />";
}
if ($liste_pb_update != "") {
/**
* Save a name, value pair to the database
*
* Use this function ponctually. If you need to save several settings,
* you'd better write your own code
*
* Returns the result of the operation
*
* @_name string The name of the setting to save
* @_value string Its value
*
* @return bool The result of the operation
*/
function saveSetting($_name, $_value)
{
global $grrSettings;
if (isset($grrSettings[$_name])) {
$sql = "update ".TABLE_PREFIX."_setting set VALUE = '" . protect_data_sql($_value) . "' where NAME = '" . protect_data_sql($_name) . "'";
$res = grr_sql_query($sql);
if ( ! $res) return (false);
} else {
$sql = "insert into ".TABLE_PREFIX."_setting set NAME = '" . protect_data_sql($_name) . "', VALUE = '" . protect_data_sql($_value) . "'";
$res = grr_sql_query($sql);
if ( ! $res) return (false);
}
$grrSettings[$_name] = $_value;
return (true);
}
$reg_statut = isset($_POST["reg_statut"]) ? $_POST["reg_statut"] : NULL;
$reg_type_auth = isset($_POST["reg_type_auth"]) ? $_POST["reg_type_auth"] : NULL;
$nb_row++;
for ($row = 1; $row < $nb_row; $row++) {
if ($reg_type_auth[$row] != "ext") {
$reg_mdp[$row] = md5(unslashes($reg_mdp[$row]));
}
// On nettoie les windozeries
$reg_nom[$row] = protect_data_sql(corriger_caracteres($reg_nom[$row]));
$reg_prenom[$row] = protect_data_sql(corriger_caracteres($reg_prenom[$row]));
$reg_email[$row] = protect_data_sql(corriger_caracteres($reg_email[$row]));
$test_login = grr_sql_count(grr_sql_query("SELECT login FROM " . TABLE_PREFIX . "_utilisateurs WHERE login='******'"));
if ($test_login == 0) {
$regdata = grr_sql_query("INSERT INTO " . TABLE_PREFIX . "_utilisateurs SET nom='" . $reg_nom[$row] . "',prenom='" . $reg_prenom[$row] . "',login='******',email='" . $reg_email[$row] . "',password='******',statut='" . $reg_type_user[$row] . "',etat='" . $reg_statut[$row] . "',source='" . $reg_type_auth[$row] . "'");
} else {
$regdata = grr_sql_query("UPDATE " . TABLE_PREFIX . "_utilisateurs SET nom='" . $reg_nom[$row] . "',prenom='" . $reg_prenom[$row] . "',email='" . $reg_email[$row] . "',password='******',statut='" . $reg_type_user[$row] . "',etat='" . $reg_statut[$row] . "',source='" . $reg_type_auth[$row] . "' WHERE login='******'");
}
if (!$regdata) {
echo "<p><font color=\"red\">" . $reg_login[$row] . get_vocab("deux_points") . get_vocab("message_records_error") . "</font></p>";
} else {
if ($reg_stat[$row] == "nouveau") {
echo "<p>" . $reg_login[$row] . get_vocab("deux_points") . get_vocab("admin_import_users_csv12") . "</p>";
} else {
echo "<p>" . $reg_login[$row] . get_vocab("deux_points") . get_vocab("message_records") . "</p>";
}
}
}
}
?>
</body>
</html>
$sql = "SELECT id_area FROM " . TABLE_PREFIX . "_overload WHERE id={$id_overload};";
$resquery = grr_sql_query($sql);
if (!$resquery) {
fatal_error(0, grr_sql_error());
}
if (grr_sql_count($resquery) > 0) {
for ($i = 0; $row = grr_sql_row($resquery, $i); $i++) {
foreach ($userdomain as $key => $value) {
if ($key == $row[0]) {
$arearight = true;
}
}
}
}
if ($arearight == true) {
$sql = "UPDATE " . TABLE_PREFIX . "_overload SET\n\t\t\t\tfieldname='" . protect_data_sql($fieldname) . "',\n\t\t\t\tfieldtype='" . protect_data_sql($fieldtype) . "',\n\t\t\t\tobligatoire='" . $obligatoire . "',\n\t\t\t\tconfidentiel='" . $confidentiel . "',\n\t\t\t\taffichage='" . $affichage . "',\n\t\t\t\toverload_mail='" . $overload_mail . "',\n\t\t\t\tfieldlist='" . protect_data_sql($fieldlist) . "'\n\t\t\t\tWHERE id={$id_overload};";
if (grr_sql_command($sql) < 0) {
fatal_error(0, "{$sql} \n\n" . grr_sql_error());
}
}
}
$html = get_vocab("explication_champs_additionnels") . PHP_EOL;
$html .= '<form method="post" action="admin_overload.php" >' . PHP_EOL . '<table class="table table-bordered">' . PHP_EOL;
$html .= '<tr><td>' . get_vocab("match_area") . get_vocab("deux_points") . '</td>' . PHP_EOL;
$html .= '<td>' . get_vocab("fieldname") . get_vocab("deux_points") . '</td>' . PHP_EOL;
$html .= '<td>' . get_vocab("fieldtype") . get_vocab("deux_points") . '</td>' . PHP_EOL;
$html .= '<td>' . PHP_EOL . '<span class="small">' . get_vocab("champ_obligatoire") . '</span>' . PHP_EOL . '</td>' . PHP_EOL;
$html .= '<td>' . PHP_EOL . '<span class="small">' . get_vocab("affiche_dans_les vues") . '</span>' . PHP_EOL . '</td>' . PHP_EOL;
$html .= '<td>' . PHP_EOL . '<span class="small">' . get_vocab("affiche_dans_les mails") . '</span>' . PHP_EOL . '</td>' . PHP_EOL;
$html .= '<td>' . PHP_EOL . '<span class="small">' . get_vocab("champ_confidentiel") . '</span>' . PHP_EOL . '</td>' . PHP_EOL;
$html .= '<td>' . PHP_EOL . '</td>' . PHP_EOL . '</tr>' . PHP_EOL;
$end_year = strftime('%Y', $row[4]);
$end_hour = strftime('%H', $row[4]);
$end_min = strftime('%M', $row[4]);
$duration = $row[4] - $row[3];
$etype = $row[5];
$room_id = $row[6];
$entry_type = $row[7];
$rep_id = $row[8];
$option_reservation = $row[9];
$jours_c = $row[10];
$clef = $row[14];
$courrier = $row[15];
$modif_option_reservation = 'n';
if ($entry_type >= 1) {
$sql = 'SELECT rep_type, start_time, end_date, rep_opt, rep_num_weeks, end_time, type, name, beneficiaire, description
FROM ' . TABLE_PREFIX . "_repeat WHERE id='" . protect_data_sql($rep_id) . "'";
$res = grr_sql_query($sql);
if (!$res) {
fatal_error(1, grr_sql_error());
}
if (grr_sql_count($res) != 1) {
fatal_error(1, get_vocab('repeat_id') . $rep_id . get_vocab('not_found'));
}
$row = grr_sql_row($res, 0);
grr_sql_free($res);
$rep_type = $row[0];
if ($rep_type == 2) {
$rep_num_weeks = $row[4];
}
if ($edit_type == 'series') {
$start_day = (int) strftime('%d', $row[1]);
$sql = $sql . 'disponible="' . $disponible . '"';
$sql = $sql . " WHERE id={$id_type}";
if (grr_sql_command($sql) < 0) {
fatal_error(0, get_vocab('update_type_failed') . grr_sql_error());
$ok = 'no';
} else {
$msg = get_vocab("message_records");
}
}
} else {
// Test sur $type_letter
$test = grr_sql_query1("SELECT count(id) FROM " . TABLE_PREFIX . "_type_area WHERE type_letter='" . $type_letter . "'");
if ($test > 0) {
$msg = "Enregistrement impossible : Un type portant la même lettre existe déjà.";
} else {
$sql = "INSERT INTO " . TABLE_PREFIX . "_type_area SET\n\t\t\ttype_name='" . protect_data_sql($type_name) . "',\n\t\t\torder_display =";
if (is_numeric($order_display)) {
$sql = $sql . intval($order_display) . ",";
} else {
$sql = $sql . "0,";
}
$sql = $sql . 'type_letter="' . $type_letter . '",';
$sql = $sql . 'couleur="' . $couleur . '"';
if (grr_sql_command($sql) < 0) {
fatal_error(1, "<p>" . grr_sql_error());
$ok = 'no';
} else {
$msg = get_vocab("message_records");
}
}
}
function effectuer_correspondance_profil_statut($codefonction, $libellefonction)
{
# On récupère le statut par défaut des utilisateurs CAS
$sso = Settings::get("sso_statut");
if ($sso == "cas_visiteur") {
$_statut = "visiteur";
} else {
if ($sso == "cas_utilisateur") {
$_statut = "utilisateur";
}
}
# Le code fonction est défini
if ($codefonction != "") {
$sql = grr_sql_query1("SELECT statut_grr from " . TABLE_PREFIX . "_correspondance_statut where code_fonction='" . $codefonction . "'");
if ($sql != -1) {
// Si la fonction existe dans la table de correspondance, on retourne le statut_grr associé
return $sql;
} else {
// Le code n'existe pas dans la base, alors on l'insère en lui attribuant le statut par défaut.
$libellefonction = protect_data_sql($libellefonction);
grr_sql_command("INSERT INTO grr_correspondance_statut(code_fonction,libelle_fonction,statut_grr) VALUES ('{$codefonction}', '{$libellefonction}', '{$_statut}')");
return $_statut;
}
//Le code fonction n'est pas défini, alors on retourne le statut par défaut.
} else {
return $_statut;
}
}
function grr_sql_syntax_caseless_contains($fieldname, $s, $type_recherche=1)
{
$s = protect_data_sql($s);
// $s = str_replace("'", "''", $s);
// $s = str_replace("\\", "\\\\", $s);
$s = str_replace("%", "\\%", $s);
$s = str_replace("_", "\\_", $s);
if ($type_recherche == 1)
return " $fieldname LIKE '%$s%' ";
else
return " $fieldname NOT LIKE '%$s%' ";
}
// Restriction dans le cas d'une démo
VerifyModeDemo();
unset($user_login);
$user_login = isset($_POST["user_login"]) ? $_POST["user_login"] : ($user_login = isset($_GET["user_login"]) ? $_GET["user_login"] : NULL);
$valid = isset($_POST["valid"]) ? $_POST["valid"] : NULL;
$msg = '';
if ($valid == "yes") {
unset($reg_password1);
$reg_password1 = unslashes($_POST["reg_password1"]);
unset($reg_password2);
$reg_password2 = unslashes($_POST["reg_password2"]);
$reg_password_c = md5($reg_password1);
if ($reg_password1 != $reg_password2 || strlen($reg_password1) < $pass_leng) {
$msg = get_vocab("passwd_error");
} else {
$sql = "UPDATE " . TABLE_PREFIX . "_utilisateurs SET password='******' WHERE login='******'";
if (grr_sql_command($sql) < 0) {
fatal_error(0, get_vocab('update_pwd_failed') . grr_sql_error());
} else {
$msg = get_vocab('update_pwd_succeed');
}
}
}
$user_nom = '';
$user_prenom = '';
$user_source = '';
// On appelle les informations de l'utilisateur
if (isset($user_login) && $user_login != '') {
$sql = "SELECT nom,prenom, source FROM " . TABLE_PREFIX . "_utilisateurs WHERE login='******'";
$res = grr_sql_query($sql);
if ($res) {
/**
* Resume a session
*
* Check that all the expected data is present
* Check login / password against database
* Update the timeout in the ".TABLE_PREFIX."_log table
*
* Returns true if session resumes, false otherwise
*
*
* @return boolean
*/
function grr_resumeSession()
{
// Resuming session
session_name(SESSION_NAME);
@session_start();
if (Settings::get('sso_statut') == 'lcs' and !isset($_SESSION['est_authentifie_sso']) and $_SESSION['source_login'] == "ext") {
return false;
}
// La session est-elle expirée
if (isset($_SESSION['login'])) {
$test_session = grr_sql_query1("SELECT count(LOGIN) from " . TABLE_PREFIX . "_log where END > now() and LOGIN = '******'login']) . "'");
if ($test_session == 0) {
$_SESSION = array();
}
}
if (!isset($_SESSION) or !isset($_SESSION['login'])) {
return false;
}
if (Settings::get("disable_login") == 'yes' and $_SESSION['statut'] != "administrateur") {
return false;
}
// To be removed
// Validating session data
$sql = "SELECT password = '******'password'] . "' PASSWORD, login = '******'login']) . "' LOGIN, statut = '" . $_SESSION['statut'] . "' STATUT\n\tfrom " . TABLE_PREFIX . "_utilisateurs where login = '******'login']) . "'";
$res = grr_sql_query($sql);
$row = grr_sql_row($res, 0);
// Checking for a timeout
$sql2 = "SELECT now() > END TIMEOUT from " . TABLE_PREFIX . "_log where SESSION_ID = '" . session_id() . "' and START = '" . $_SESSION['start'] . "'";
if ($row[0] != "1" || $row[1] != "1" || $row[2] != "1") {
return false;
} else {
if (grr_sql_query1($sql2)) {
// Le temps d'inactivité est supérieur à la limite fixée.
// cas d'une authentification LCS
if (Settings::get('sso_statut') == 'lcs') {
// l'utilisateur est authentifié par LCS, on renouvelle la session
if ($is_authentified_lcs == 'yes') {
$sql = "UPDATE " . TABLE_PREFIX . "_log set END = now() + interval " . $_SESSION['maxLength'] . " minute where SESSION_ID = '" . session_id() . "' and START = '" . $_SESSION['start'] . "'";
$res = grr_sql_query($sql);
if (!$res) {
fatal_error(0, 'erreur mysql' . grr_sql_error());
}
return true;
} else {
return false;
}
} else {
return false;
}
} else {
$sql = "UPDATE " . TABLE_PREFIX . "_log set END = now() + interval " . $_SESSION['maxLength'] . " minute where SESSION_ID = '" . session_id() . "' and START = '" . $_SESSION['start'] . "'";
$res = grr_sql_query($sql);
if (!$res) {
fatal_error(0, 'erreur mysql' . grr_sql_error());
}
return true;
}
}
}
}
echo "<h1>" . get_vocab("Envoi d_un courriel") . "</h1>";
switch ($action) {
//envoi du message
case "envoi":
$destinataire = "";
if ($type_cible == "identifiant:non") {
if ($cible == "contact_administrateur") {
$destinataire = Settings::get("webmaster_email");
} else {
if ($cible == "contact_support") {
$destinataire = Settings::get("technical_support_email");
}
}
} else {
$destinataire = grr_sql_query1("SELECT email FROM " . TABLE_PREFIX . "_utilisateurs WHERE login = '******'");
if ($destinataire == -1) {
$destinataire = "";
}
}
if ($destinataire == "") {
echo "<h1 class=\"avertissement\">L'envoi de messages est impossible car l'adresse email du destinataire n'a pas été renseignée.</h1>";
include "include/trailer.inc.php";
exit;
}
//N.B. pour peaufiner, mettre un script de vérification de l'adresse email et du contenu du message !
$message = "";
if ($fin_session == 'n' && getUserName() != '') {
$message .= "Nom et prénom du demandeur : " . affiche_nom_prenom_email(getUserName(), "", "nomail") . "\n";
$user_email = grr_sql_query1("select email from " . TABLE_PREFIX . "_utilisateurs where login='******'");
if ($user_email != "" && $user_email != -1) {
$str_date = utf8_strftime("%d %B %Y, %H:%M", $date_now);
print_header();
echo "<h2>" . get_vocab("booking_in_past") . "</h2>";
if ($rep_type != 0 && !empty($reps)) {
echo "<p>" . get_vocab("booking_in_past_explain_with_periodicity") . $str_date."</p>";
} else {
echo "<p>" . get_vocab("booking_in_past_explain") . $str_date."</p>";
}
echo "<a href=\"".$back."&Err=yes\">".get_vocab('returnprev')."</a>";
include "include/trailer.inc.php";
die();
}
// Si il y a tentative de réserver pendant une durée dépassant la durée max
if ($error_duree_max_resa_area == 'yes') {
$area_id = grr_sql_query1("select area_id from ".TABLE_PREFIX."_room where id='".protect_data_sql($room_id)."'");
$duree_max_resa_area = grr_sql_query1("select duree_max_resa_area from ".TABLE_PREFIX."_area where id='".$area_id."'");
print_header();
$temps_format = $duree_max_resa_area*60;
toTimeString($temps_format, $dur_units, true);
echo "<h2>" . get_vocab("error_duree_max_resa_area").$temps_format ." " .$dur_units."</h2>";
echo "<a href=\"".$back."&Err=yes\">".get_vocab('returnprev')."</a>";
include "include/trailer.inc.php";
die();
}
// Si il y a tentative de réserver au delà du temps limite
if ($error_delais_max_resa_room == 'yes') {
print_header();
echo "<h2>" . get_vocab("error_delais_max_resa_room") ."</h2>";
echo "<a href=\"".$back."&Err=yes\">".get_vocab('returnprev')."</a>";
