function getWritable($creator, $user) { global $auth; // Always allowed to modify your own stuff if (strcasecmp($creator, $user) == 0) { return 1; } if (authGetUserLevel($user, $auth["admin"]) >= 2) { return 1; } // Unathorised access return 0; }
* GRR is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with GRR; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ include "include/admin.inc.php"; $grr_script_name = "admin_accueil.php"; $back = ''; if (isset($_SERVER['HTTP_REFERER'])) { $back = htmlspecialchars($_SERVER['HTTP_REFERER']); } if (authGetUserLevel(getUserName(), -1, 'area') < 4 && authGetUserLevel(getUserName(), -1, 'user') != 1) { showAccessDenied($back); exit; } print_header("", "", "", $type = "with_session"); include "admin_col_gauche.php"; ?> <table> <tr> <td> <img src="img_grr/totem_grr.png" alt="GRR !" class="image" /> </td> <td align="center" > <br /><br /> <p style="font-size:20pt"> <?php
default: $type = 'string'; break; } $var = VAR_PREFIX . $field['name']; ${$var} = get_form_var($var, $type); if ($type == 'int' && ${$var} === '') { unset(${$var}); } } // Check the user is authorised for this page checkAuthorised(); // Also need to know whether they have admin rights $user = getUserName(); $required_level = isset($max_level) ? $max_level : 2; $is_admin = authGetUserLevel($user) >= $required_level; // Done changing area or room information? if (isset($change_done)) { if (!empty($room)) { $area = mrbsGetRoomArea($room); } Header("Location: admin.php?day={$day}&month={$month}&year={$year}&area={$area}"); exit; } // Intialise the validation booleans $valid_email = TRUE; $valid_resolution = TRUE; $enough_slots = TRUE; $valid_area = TRUE; $valid_room_name = TRUE; // PHASE 2
// Tableau des ressources invisibles pour l'utilisateur $sql = "SELECT distinct e.id, e.start_time, e.end_time, e.name, e.description, " . "e.type, e.beneficiaire, " . grr_sql_syntax_timestamp_to_unix("e.timestamp") . ", a.area_name, r.room_name, r.description, a.id, e.overload_desc" . " FROM " . TABLE_PREFIX . "_entry e, " . TABLE_PREFIX . "_area a, " . TABLE_PREFIX . "_room r, " . TABLE_PREFIX . "_type_area t"; // Si l'utilisateur n'est pas administrateur, seuls les domaines auxquels il a accès sont pris en compte if (authGetUserLevel(getUserName(), -1) < 6) { if ($test_grr_j_user_area != 0) { $sql .= ", " . TABLE_PREFIX . "_j_user_area j "; } } $sql .= " WHERE e.room_id = r.id AND r.area_id = a.id"; // on ne cherche pas parmi les ressources invisibles pour l'utilisateur $tab_rooms_noaccess = verif_acces_ressource(getUserName(), 'all'); foreach ($tab_rooms_noaccess as $key) { $sql .= " and r.id != {$key} "; } // Si l'utilisateur n'est pas administrateur, seuls les domaines auxquels il a accès sont pris en compte if (authGetUserLevel(getUserName(), -1) < 6) { if ($test_grr_j_user_area == 0) { $sql .= " and a.access='a' "; } else { $sql .= " and ((j.login='******' and j.id_area=a.id and a.access='r') or (a.access='a')) "; } } $sql .= " AND e.start_time < {$report_end} AND e.end_time > {$report_start}"; $k = 0; if (isset($champ[0])) { $sql .= " AND ("; while ($k < count($texte)) { if ($champ[$k] == "area") { $sql .= grr_sql_syntax_caseless_contains("a.area_name", $texte[$k], $type_recherche[$k]); } if ($champ[$k] == "room") {
$link_str = time_date_string($row['start_time']); } else { list(, $link_str) = period_date_string($row['start_time']); } echo "{$link_str}</a></td>"; // action buttons echo "<td>\n"; display_buttons($row, FALSE); echo "</td>\n"; echo "</tr>\n"; } // Check the user is authorised for this page checkAuthorised(); // Also need to know whether they have admin rights $user = getUserName(); $is_admin = authGetUserLevel($user) >= 2; print_header($day, $month, $year, $area, isset($room) ? $room : ""); echo "<h1>" . get_vocab("pending") . "</h1>\n"; // Get a list of all bookings awaiting approval // We are only interested in areas where approval is required $sql_approval_enabled = some_area_predicate('approval_enabled'); $sql = "SELECT E.id, E.name, E.room_id, E.start_time, E.create_by, " . sql_syntax_timestamp_to_unix("E.timestamp") . " AS last_updated,\n E.reminded, E.repeat_id,\n M.room_name, M.area_id, A.area_name, A.enable_periods,\n E.info_time AS entry_info_time, E.info_user AS entry_info_user,\n T.info_time AS repeat_info_time, T.info_user AS repeat_info_user\n FROM {$tbl_room} AS M, {$tbl_area} AS A, {$tbl_entry} AS E\n LEFT JOIN {$tbl_repeat} AS T ON E.repeat_id=T.id\n WHERE E.room_id = M.id\n AND M.area_id = A.id\n AND M.disabled = 0\n AND A.disabled = 0\n AND {$sql_approval_enabled}\n AND (E.status&" . STATUS_AWAITING_APPROVAL . " != 0)"; // Ordinary users can only see their own bookings if (!$is_admin) { $sql .= " AND E.create_by='" . sql_escape($user) . "'"; } // We want entries for a series to appear together so that we can display // them as a separate table below the main entry for the series. $sql .= " ORDER BY repeat_id, start_time"; $res = sql_query($sql); if (!$res) {
<?php // $Id$ require "../defaultincludes.inc"; header("Content-type: application/x-javascript"); expires_header(60 * 30); // 30 minute expiry if ($use_strict) { echo "'use strict';\n"; } $user = getUserName(); $is_admin = authGetUserLevel($user) >= $max_level; // function to reverse a collection of jQuery objects ?> $.fn.reverse = [].reverse; <?php // Get the sides of the rectangle represented by the jQuery object jqObject // We round down the size of the rectangle to avoid any spurious overlaps // caused by rounding errors ?> function getSides(jqObject) { var sides = {}; sides.n = Math.ceil(jqObject.offset().top); sides.w = Math.ceil(jqObject.offset().left); sides.s = Math.floor(sides.n + jqObject.outerHeight()); sides.e = Math.floor(sides.w + jqObject.outerWidth()); return sides; }
// Ordre d'affichage du domaine echo "<td>" . get_vocab("order_display") . get_vocab("deux_points") . "</td>\n"; echo "<td><input type=\"text\" name=\"area_order\" size=\"1\" value=\"" . htmlspecialchars($row["order_display"]) . "\" /></td>\n"; echo "</tr><tr>\n"; // Acces restreint ou non ? echo "<td>" . get_vocab("access") . get_vocab("deux_points") . "</td>\n"; echo "<td><input type=\"checkbox\" name=\"access\""; if ($row["access"] == 'r') { echo "checked=\"checked\""; } echo " /></td>\n"; echo "</tr>"; // Site if (Settings::get("module_multisite") == "Oui") { // Affiche une liste deroulante des sites; if (authGetUserLevel(getUserName(), -1, 'area') >= 6) { $sql = "SELECT id,sitecode,sitename\n\t\t\tFROM " . TABLE_PREFIX . "_site\n\t\t\tORDER BY sitename ASC"; } else { $sql = "SELECT id,sitecode,sitename\n\t\t\tFROM " . TABLE_PREFIX . "_site s, " . TABLE_PREFIX . "_j_useradmin_site u\n\t\t\tWHERE s.id=u.id_site and u.login='******'\n\t\t\tORDER BY s.sitename ASC"; } $res = grr_sql_query($sql); $nb_site = grr_sql_count($res); echo "<tr><td>" . get_vocab('site') . get_vocab('deux_points') . "</td>\n"; if ($nb_site > 1) { echo "<td><select class=\"form-control\" name=\"id_site\" >\n\n\t\t\t\t<option value=\"-1\">" . get_vocab('choose_a_site') . "</option>\n"; for ($enr = 0; $row1 = grr_sql_row($res, $enr); $enr++) { echo "<option value=\"" . $row1[0] . "\""; if ($id_site == $row1[0]) { echo ' selected="selected"'; } echo '>' . htmlspecialchars($row1[2]);
$to_year = date('Y', $date_); } if (Settings::get("authentification_obli") == 0 && getUserName() == '') { $type_session = "no_session"; } else { $type_session = "with_session"; } $back = ''; if (isset($_SERVER['HTTP_REFERER'])) { $back = htmlspecialchars($_SERVER['HTTP_REFERER']); } if (check_begin_end_bookings($day, $from_month, $from_year)) { showNoBookings($day, $from_month, $from_year, $back); exit; } if (authGetUserLevel(getUserName(), -1) < 1 && Settings::get("authentification_obli") == 1 || authUserAccesArea(getUserName(), $area) == 0) { showAccessDenied($back); exit; } // On vérifie une fois par jour si le délai de confirmation des réservations est dépassé // Si oui, les réservations concernées sont supprimées et un mail automatique est envoyé. // On vérifie une fois par jour que les ressources ont été rendue en fin de réservation // Si non, une notification email est envoyée if (Settings::get("verif_reservation_auto") == 0) { verify_confirm_reservation(); verify_retard_reservation(); } //print the page header print_header($day, $from_month, $from_year, $type_session); //Month view start time. This ignores morningstarts/eveningends because it //doesn't make sense to not show all entries for the day, and it messes
} else { echo 'Error occured while performing query on database:<br>' . chr(10), exit; } } } include "include/admin_middel.php"; $editor->printEditor(); //echo '* = '._('Password won\'t be changed unless you type in a new one.'); echo '* = Passordet blir bare endret hvis det blir skrevet inn ett nytt ett'; } else { include "include/admin_middel.php"; echo '<script src="js/jquery-1.3.2.min.js" type="text/javascript"></script>' . chr(10); echo '<script src="js/hide_unhide.js" type="text/javascript"></script>' . chr(10); echo '<h1>' . _('Users') . '</h1>'; // Add if (authGetUserLevel(getUserID()) >= $user_level) { echo iconHTML('user_add') . ' <a href="' . $_SERVER['PHP_SELF'] . '?editor=1">' . _('New user') . '</a><br>' . chr(10); } echo iconHTML('phone') . ' <a href="telefonliste.php">Telefonliste</a><br><br>' . chr(10); // List of users echo '<h2>' . _('List of users') . '</h2>' . chr(10); $Q_users = mysql_query("select user_id from `users` order by `user_name`"); if (!mysql_num_rows($Q_users)) { echo _('No users found.'); } else { echo '<a href="javascript:void();" class="showAll">Vis info på alle / Ikke vis info på alle</a>'; echo '<table class="prettytable">' . chr(10); echo ' <tr>' . chr(10); echo ' <th>ID</th>' . chr(10); echo ' <th>Bruker</th>' . chr(10); echo ' <th>Login</th>' . chr(10);
/* Arguments passés par la méthode GET : $use_site : 'y' (fonctionnalité multisite activée) ou 'n' (fonctionnalité multisite désactivée) $id_site : l'identifiant du site $default_area : domaine par défaut $default_room : ressource par défaut $session_login : identifiant $type : 'ressource'-> on actualise la liste des ressources 'domaine'-> on actualise la liste des domaines $action : 1-> on actualise la liste des ressources 2-> on vide la liste des ressouces */ include "include/admin.inc.php"; if ((authGetUserLevel(getUserName(),-1) < 1)) { showAccessDenied("","","","",""); exit(); } /* * Actualiser la liste des domaines */ if ($_GET['type']=="domaine") { // Initialisation if (isset($_GET["id_site"])) { $id_site = $_GET["id_site"]; settype($id_site,"integer"); } else die(); if (isset($_GET["default_area"])) {
if ($area_access == 'r') { echo " - " . get_vocab("access"); } echo ")"; echo "</h3>"; if ($row['statut_room'] == "0") { // echo "<h2 style=\"text-align:center;\"><span class=\"avertissement\">" . get_vocab("ressource_temporairement_indisponible") . "</span></h2>"; } // Description if (authGetUserLevel($getUserName(), -1) >= Settings::get("visu_fiche_description")) { echo "<h3>" . get_vocab("description") . "</h3>\n"; echo "<div>" . htmlspecialchars($row["description"]) . " </div>\n"; } // Description complète if (authGetUserLevel($getUserName(), -1) >= Settings::get("acces_fiche_reservation") && $row["comment_room"] != '') { echo "<h3>" . get_vocab("match_descr") . "</h3>\n"; echo "<div>" . $row["comment_room"] . "</div>\n"; } // Afficher capacité if ($row["capacity"] != '0') { echo "<h3>" . get_vocab("capacity_2") . "</h3>\n"; echo "<p>" . $row["capacity"] . "</p>\n"; } if ($row["max_booking"] != "-1") { echo "<p>" . get_vocab("msg_max_booking") . get_vocab("deux_points") . $row["max_booking"] . "</p>"; } // Limitation par domaine $max_booking_per_area = grr_sql_query1("SELECT max_booking FROM " . TABLE_PREFIX . "_area WHERE id = '" . protect_data_sql($id_area) . "'"); if ($max_booking_per_area >= 0) { echo "<p>" . get_vocab("msg_max_booking_area") . get_vocab("deux_points") . $max_booking_per_area . "</p>";
$col[$i][5] = "Ext."; } echo "\n<tr><td class=\"" . $fond . "\">{$col[$i][1]}</td>\n"; // un gestionnaire d'utilisateurs ne peut pas modifier un administrateur général ou un gestionnaire d'utilisateurs if (authGetUserLevel(getUserName(), -1, 'user') == 1 && ($user_statut == "gestionnaire_utilisateur" || $user_statut == "administrateur")) { echo "<td class=\"" . $fond . "\">{$col[$i][2]}</td>\n"; } else { echo "<td class=\"" . $fond . "\"><a href=\"admin_user_modify.php?user_login="******"&display={$display}\">{$col[$i][2]}</a></td>\n"; } echo "<td class=\"" . $fond . "\">{$col[$i][3]}</td>\n"; echo "<td class=\"" . $fond . "\"><span class=\"" . $color[$i] . "\">{$col[$i][4]}</span></td>\n"; echo "<td class=\"" . $fond . "\">{$col[$i][5]}</td>\n"; // Affichage du lien 'supprimer' // un gestionnaire d'utilisateurs ne peut pas supprimer un administrateur général ou un gestionnaire d'utilisateurs // Un administrateur ne peut pas se supprimer lui-même if (authGetUserLevel(getUserName(), -1, 'user') == 1 && ($user_statut == "gestionnaire_utilisateur" || $user_statut == "administrateur") || strtolower(getUserName()) == strtolower($user_login)) { echo "<td class=\"" . $fond . "\"> </td>"; } else { $themessage = get_vocab("confirm_del"); echo "<td class=\"" . $fond . "\"><a href='admin_user.php?user_del=" . urlencode($col[$i][1]) . "&action_del=yes&display={$display}' onclick='return confirmlink(this, \"{$user_login}\", \"{$themessage}\")'>" . get_vocab("delete") . "</a></td>"; } // Fin de la ligne courante echo "</tr>"; } } } echo "</table>"; // fin de l'affichage de la colonne de droite echo "</td></tr></table>"; // Affichage d'un pop-up affiche_pop_up($msg, "admin");
// Session related functions require_once "./include/session.inc.php"; // Resume session include "include/resume_session.php"; // Paramètres langage include "include/language.inc.php"; if (Settings::get("authentification_obli") == 0 && getUserName() == '') { $type_session = "no_session"; } else { $type_session = "with_session"; } $area_id = isset($_GET["area_id"]) ? $_GET["area_id"] : NULL; if (isset($area_id)) { settype($area_id, "integer"); } if (authGetUserLevel(getUserName(), $area_id, "area") < 4) { showAccessDenied($back); exit; } echo begin_page(Settings::get("company") . get_vocab("deux_points") . get_vocab("mrbs")); $res = grr_sql_query("SELECT * FROM " . TABLE_PREFIX . "_area WHERE id='" . $area_id . "'"); if (!$res) { fatal_error(0, get_vocab('error_room') . $id_room . get_vocab('not_found')); } $row = grr_sql_row_keyed($res, 0); grr_sql_free($res); echo '<h3 style="text-align:center;">'; echo get_vocab("match_area") . get_vocab("deux_points") . " " . htmlspecialchars($row["area_name"]); $area_access = $row["access"]; if ($area_access == 'r') { echo " (<span class=\"avertissement\">" . get_vocab("access") . "</span>)";
echo "<p>"; echo "<input type=\"radio\" name=\"moderate\" value=\"1\" checked=\"checked\" />" . get_vocab("accepter_resa"); echo "<br /><input type=\"radio\" name=\"moderate\" value=\"0\" />" . get_vocab("refuser_resa"); if ($repeat_id) { echo "<br /><input type=\"radio\" name=\"moderate\" value=\"S1\" />" . get_vocab("accepter_resa_serie"); echo "<br /><input type=\"radio\" name=\"moderate\" value=\"S0\" />" . get_vocab("refuser_resa_serie"); } echo "</p><p>"; echo "<label for=\"description\">" . get_vocab("justifier_decision_moderation") . get_vocab("deux_points") . "</label>\n"; echo "<textarea class=\"form-control\" name=\"description\" id=\"description\" cols=\"40\" rows=\"3\"></textarea>"; echo "</p>"; echo "<br /><div style=\"text-align:center;\"><input class=\"btn btn-primary\" type=\"submit\" name=\"commit\" value=\"" . get_vocab("save") . "\" /></div>\n"; echo "</fieldset></form>\n"; } if ($active_ressource_empruntee == 'y') { if (!$was_del && $moderate != 1 && getUserName() != '' && authGetUserLevel(getUserName(), $room_id) >= 3) { echo "<form action=\"view_entry.php\" method=\"get\">"; echo "<fieldset><legend style=\"font-weight:bold\">" . get_vocab("reservation_en_cours") . "</legend>\n"; echo "<span class=\"larger\">" . get_vocab("signaler_reservation_en_cours") . "</span>" . get_vocab("deux_points"); echo "<br />" . get_vocab("explications_signaler_reservation_en_cours"); affiche_ressource_empruntee($room_id, "texte"); echo "<br /><input type=\"radio\" name=\"statut_id\" value=\"-\" "; if ($statut_id == '-') { if (!affiche_ressource_empruntee($room_id, "autre") == 'yes') { echo " checked=\"checked\" "; } } echo " />" . get_vocab("signaler_reservation_en_cours_option_0"); echo "<br /><br /><input type=\"radio\" name=\"statut_id\" value=\"y\" "; if ($statut_id == 'y') { echo " checked=\"checked\" ";
} else { $type_session = "with_session"; } $back = ""; if (isset($_SERVER['HTTP_REFERER'])) $back = grr_htmlSpecialChars($_SERVER['HTTP_REFERER']); if ($type_session == "with_session") $_SESSION['type_month_all'] = "month_all"; $type_month_all='month_all'; if (check_begin_end_bookings($day, $month, $year)) { showNoBookings($day, $month, $year, $area,$back,$type_session); exit(); } if((authGetUserLevel(getUserName(),-1) < 1) and (getSettingValue("authentification_obli")==1)) { showAccessDenied($day, $month, $year, $area,$back); exit(); } if(authUserAccesArea(getUserName(), $area)==0) { showAccessDenied($day, $month, $year, $area,$back); exit(); } # 3-value compare: Returns result of compare as "< " "= " or "> ". function cmp3($a, $b) { if ($a < $b) return "< "; if ($a == $b) return "= ";
function verif_qui_peut_reserver_pour($_room_id, $user, $_beneficiaire) { if ($_beneficiaire == "") { return true; } if (strtolower($user) == strtolower($_beneficiaire)) { return true; } $qui_peut_reserver_pour = grr_sql_query1("SELECT qui_peut_reserver_pour FROM " . TABLE_PREFIX . "_room WHERE id='" . $_room_id . "'"); if (authGetUserLevel($user, $_room_id) >= $qui_peut_reserver_pour) { return true; } return false; }
<td style="text-align: center; width: 60%;"><input type="password" id="password" name="password" size="16" /></td> </tr> </table> <input type="submit" name="submit" value="<?php echo get_vocab("submit"); ?>" style="font-variant: small-caps;" /> </fieldset> </div> </form> </body> </html> <?php die(); }; $back = ''; if (isset($_SERVER['HTTP_REFERER'])) $back = grr_htmlSpecialChars($_SERVER['HTTP_REFERER']); if ((authGetUserLevel(getUserName(),-1) < 6) and ($valid != 'yes')) { $day = date("d"); $month = date("m"); $year = date("Y"); showAccessDenied($day, $month, $year, $area,$back); exit(); } if ($valid == 'no') { # print the page header print_header("","","","",$type="with_session", $page="admin"); // Affichage de la colonne de gauche include "admin_col_gauche.php"; } else { ?>
echo tdcell($empty_color)."<img src=\"img_grr/stop.png\" alt=\"".get_vocab("reservation_impossible")."\" title=\"".get_vocab("reservation_impossible")."\" width=\"16\" height=\"16\" class=\"".$class_image."\" />"; else { tdcell($d[$weekday][$slot-$decale_slot*$nb_case]["color"]); // si la ressource est "occupée, on l'affiche if ((isset($d[$weekday][$slot-$decale_slot*$nb_case]["statut"])) and ($d[$weekday][$slot-$decale_slot*$nb_case]["statut"]!='-')) echo " <img src=\"img_grr/buzy.png\" alt=\"".get_vocab("ressource actuellement empruntee")."\" title=\"".get_vocab("ressource actuellement empruntee")."\" width=\"20\" height=\"20\" class=\"image\" /> \n"; // si la réservation est à confirmer, on le signale if (($this_delais_option_reservation > 0) and (isset($d[$weekday][$slot-$decale_slot*$nb_case]["option_reser"])) and ($d[$weekday][$slot-$decale_slot*$nb_case]["option_reser"]!=-1)) echo " <img src=\"img_grr/small_flag.png\" alt=\"".get_vocab("reservation_a_confirmer_au_plus_tard_le")."\" title=\"".get_vocab("reservation_a_confirmer_au_plus_tard_le")." ".time_date_string_jma($d[$weekday][$slot-$decale_slot*$nb_case]["option_reser"],$dformat)."\" width=\"20\" height=\"20\" class=\"image\" /> \n"; // si la réservation est à modérer, on le signale if ((isset($d[$weekday][$slot-$decale_slot*$nb_case]["moderation"])) and ($d[$weekday][$slot-$decale_slot*$nb_case]["moderation"]=='1')) echo " <img src=\"img_grr/flag_moderation.png\" alt=\"".get_vocab("en_attente_moderation")."\" title=\"".get_vocab("en_attente_moderation")."\" class=\"image\" /> \n"; if (!isset($d[$weekday][$slot-$decale_slot*$nb_case]["id"])) { echo " \" "; } else { if (($this_statut_room == "1") or (($this_statut_room == "0") and (authGetUserLevel(getUserName(),$room) > 2) )) { if ($acces_fiche_reservation) echo " <a title=\"".grr_htmlSpecialChars($d[$weekday][$slot-$decale_slot*$nb_case]["who"])."\" href=\"view_entry.php?id=" . $d[$weekday][$slot-$decale_slot*$nb_case]["id"] . "&day=$wday&month=$wmonth&year=$wyear&page=week\">" . $d[$weekday][$slot-$decale_slot*$nb_case]["data"] . "</a>"; else echo " ".$d[$weekday][$slot-$decale_slot*$nb_case]["data"]; } else { echo $d[$weekday][$slot-$decale_slot*$nb_case]["data"]; } if ($d[$weekday][$slot-$decale_slot*$nb_case]["description"]!= "") echo "<br /><i>".$d[$weekday][$slot-$decale_slot*$nb_case]["description"]."</i>";
if ($row['4'] == 1) { echo '<td class="empty_cell">'.PHP_EOL; } else { echo '<td class="avertissement">'.PHP_EOL; } } else { echo '<div class="empty_cell">'.PHP_EOL; }*/ $hour = date('H', $date_now); $date_booking = mktime(24, 0, 0, $cmonth, $cday, $cyear); if (est_hors_reservation(mktime(0, 0, 0, $cmonth, $cday, $cyear), $area)) { $tplArray['rooms'][$incrementRoomAccessible]['jours'][$k]['horsReservation'] = true; //echo '<img src="img_grr/stop.png" alt="',get_vocab('reservation_impossible'),'" title="',get_vocab('reservation_impossible'),'" width="16" height="16" class\"',$class_image,'" />',PHP_EOL; } else { $tplArray['rooms'][$incrementRoomAccessible]['jours'][$k]['horsReservation'] = false; if (($authGetUserLevel > 1 || $auth_visiteur == 1) && $UserRoomMaxBooking != 0 && verif_booking_date(getUserName(), -1, $row['2'], $date_booking, $date_now, $enable_periods) && verif_delais_max_resa_room(getUserName(), $row['2'], $date_booking) && verif_delais_min_resa_room(getUserName(), $row['2'], $date_booking) && plages_libre_semaine_ressource($row['2'], $cmonth, $cday, $cyear) && ($row['4'] == '1' || $row['4'] == '0' && authGetUserLevel(getUserName(), $row['2']) > 2) && $_GET['pview'] != 1) { if ($enable_periods == 'y') { //echo '<a href="edit_entry.php?room=',$row['2'],'&period=&year=',$cyear,'&month=',$cmonth,'&day=',$cday,'&page=week_all" title="',get_vocab('cliquez_pour_effectuer_une_reservation'),'"><span class="glyphicon glyphicon-plus"></span></a>',PHP_EOL; $tplArray['rooms'][$incrementRoomAccessible]['jours'][$k]['editEntryLink'] = 'edit_entry.php?room=' . $row['2'] . '&period=&year=' . $cyear . '&month=' . $cmonth . '&day=' . $cday . '&page=week_all'; } else { //echo '<a href="edit_entry.php?room=',$row['2'],'&hour=',$hour,'&minute=0&year=',$cyear,'&month=',$cmonth,'&day=',$cday,'&page=week_all" title="',get_vocab('cliquez_pour_effectuer_une_reservation'),'"><span class="glyphicon glyphicon-plus"></span></a>',PHP_EOL; $tplArray['rooms'][$incrementRoomAccessible]['jours'][$k]['editEntryLink'] = 'edit_entry.php?room=' . $row['2'] . '&hour=' . $hour . '&minute=0&year=' . $cyear . '&month=' . $cmonth . '&day=' . $cday . '&page=week_all'; } } else { $tplArray['rooms'][$incrementRoomAccessible]['jours'][$k]['editEntryLink'] = false; //echo ' '.PHP_EOL; } } /*if (!$no_td) { echo '</div>'.PHP_EOL; }
/*print 'roomsObj.size='.min($longueur_liste_ressources_max, $len).";\n";*/ for ($j = 0; $row2 = grr_sql_row($res2, $j); $j++) { $tplArrayEditEntry['areasIds'][$i]['roomsObjOption'][$j] = $row2; //print "roomsObj.options[$j] = new Option(\"".str_replace('"', '\\"', $row2[1]).'",'.$row2[0].")\n"; } //print "roomsObj.options[0].selected = true\n"; } //print "break\n"; } } } /*echo '<div id="error"></div>'; echo '<table class="table-bordered EditEntryTable"><tr>'.PHP_EOL; echo '<td style="width:50%; vertical-align:top; padding-left:15px; padding-top:5px; padding-bottom:5px;">'.PHP_EOL; echo '<table class="table-header">'.PHP_EOL;*/ if ((authGetUserLevel(getUserName(), -1, 'room') >= $qui_peut_reserver_pour || authGetUserLevel(getUserName(), $area, 'area') >= $qui_peut_reserver_pour) && ($id == 0 || $id != 0 && authGetUserLevel(getUserName(), $room) > 2)) { $flag_qui_peut_reserver_pour = 'yes'; $tplArrayEditEntry['flagQuiPeutReserverPour'] = 'yes'; $tplArrayEditEntry['vocab']['reservation_au_nom_de'] = get_vocab('reservation au nom de'); $tplArrayEditEntry['vocab']['personne_exterieure'] = get_vocab('personne exterieure'); /* echo '<tr>'.PHP_EOL; echo '<td class="E">'.PHP_EOL; echo '<b>'.ucfirst(trim(get_vocab('reservation au nom de'))).get_vocab('deux_points').'</b>'.PHP_EOL; echo '</td>'.PHP_EOL; echo '</tr>'.PHP_EOL; echo '<tr>'.PHP_EOL; echo '<td class="CL">'.PHP_EOL; echo '<div class="col-xs-6">'.PHP_EOL; echo '<select size="1" class="form-control" name="beneficiaire" id="beneficiaire" onchange="setdefault(\'beneficiaire_default\',\'\');check_4();insertProfilBeneficiaire();">'.PHP_EOL; echo '<option value="" >'.get_vocab('personne exterieure').'</option>'.PHP_EOL;*/ $sql = 'SELECT DISTINCT login, nom, prenom, tel FROM ' . TABLE_PREFIX . "_utilisateurs WHERE (etat!='inactif' and statut!='visiteur' ) OR (login='******') ORDER BY nom, prenom";
* GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with GRR; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ include "include/admin.inc.php"; $grr_script_name = "admin_user.php"; $back = ''; if (isset($_SERVER['HTTP_REFERER'])) { $back = htmlspecialchars($_SERVER['HTTP_REFERER']); } $display = isset($_GET["display"]) ? $_GET["display"] : NULL; $order_by = isset($_GET["order_by"]) ? $_GET["order_by"] : NULL; $msg = ''; if (Settings::get("ldap_statut") == "" && Settings::get("sso_statut") == "" && Settings::get("imap_statut") == "" || authGetUserLevel(getUserName(), -1) < 6 && authGetUserLevel(getUserName(), -1, 'user') != 1) { showAccessDenied($back); exit; } print_header("", "", "", $type = "with_session"); // Affichage de la colonne de gauche include "admin_col_gauche.php"; $themessage = str_replace("'", "\\'", get_vocab("admin_purge_accounts_confirm")); $themessage2 = str_replace("'", "\\'", get_vocab("admin_purge_accounts_confirm2")); $themessage3 = str_replace("'", "\\'", get_vocab("admin_purge_tables_confirm")); $themessage4 = str_replace("'", "\\'", get_vocab("admin_purge_accounts_confirm4")); echo "<h2>" . get_vocab('admin_purge_accounts.php') . "</h2>"; echo get_vocab('admin_clean_accounts_desc'); echo "<div style=\"text-align:center;\">\n\n<form id=\"purge_liaison\" action=\"admin_purge_accounts.php\" method=\"post\">\n\n\t<div>\n\t\t<input type=\"hidden\" name=\"do_purge_table_liaison\" value=\"1\" />\n\n\t\t<input\n\t\ttype=\"button\"\n\t\tvalue=\"" . get_vocab('admin_purge_tables_liaison') . "\"\n\t\tonclick=\"return confirmButton('purge_liaison', '{$themessage3}')\" />\n\n\t</div></form></div>"; echo "<hr />"; echo get_vocab('admin_purge_accounts_desc');
// on affiche que les domaines que l'utilisateur connect?a le droit d'administrer if (authGetUserLevel(getUserName(), $row[0], 'area') >= 4) { echo "<tr>"; if ($row[2] == 'r') { echo "<td><a href='admin_access_area.php?id_area={$row['0']}' title='" . get_vocab('admin_access_area.php') . "'><img src=\"img_grr/restricted_s.png\" alt=\"" . get_vocab('admin_access_area.php') . "\" title=\"" . get_vocab('admin_access_area.php') . "\" class=\"image\" /></a></td>\n"; } else { echo "<td> </td>\n"; } if (isset($id_area) && $id_area == $row[0]) { echo "<td><span class=\"bground\"><b>>>> " . htmlspecialchars($row[1]) . " <<< </b></span>"; } else { echo "<td><a href=\"admin_room.php?id_site=" . $id_site . "&id_area={$row['0']}\">" . htmlspecialchars($row[1]) . "</a> "; } echo "</td>\n"; echo "<td><a href=\"admin_edit_room.php?id_area={$row['0']}\"><img src=\"img_grr/edit_s.png\" alt=\"" . get_vocab("edit") . "\" title=\"" . get_vocab("edit") . "\" class=\"image\" /></a></td>\n"; if (authGetUserLevel(getUserName(), $row[0], 'area') >= 5) { echo "<td><a href=\"admin_edit_room.php?id_area={$row['0']}&action=duplique_area\"><img src=\"img_grr/duplique.png\" alt=\"" . get_vocab('duplique_domaine') . "\" title=\"" . get_vocab('duplique_domaine') . "\" class=\"image\" /></a></td>\n"; echo "<td><a href=\"admin_room_del.php?id_site=" . $id_site . "&type=area&id_area={$row['0']}\"><img src=\"img_grr/delete_s.png\" alt=\"" . get_vocab('delete') . "\" title=\"" . get_vocab('delete') . "\" class=\"image\" /></a></td>\n"; } echo "<td><a href=\"admin_type_area.php?id_area={$row['0']}\"><img src=\"img_grr/type.png\" alt=\"" . get_vocab('edittype') . "\" title=\"" . get_vocab('edittype') . "\" class=\"image\" /></a></td>\n"; echo "<td><a href='javascript:centrerpopup(\"view_rights_area.php?area_id={$row['0']}\",600,480,\"scrollbars=yes,statusbar=no,resizable=yes\")' title=\"" . get_vocab("privileges") . "\">\n\t\t\t\t\t<img src=\"img_grr/rights.png\" alt=\"" . get_vocab("privileges") . "\" class=\"image\" /></a></td>"; echo "</tr>\n"; } } echo "</table>\n"; echo "</td><td>\n"; //This one has the rooms if (isset($id_area)) { $sql = "SELECT id, room_name, description, capacity, max_booking, statut_room from " . TABLE_PREFIX . "_room where area_id={$id_area} "; // on ne cherche pas parmi les ressources invisibles pour l'utilisateur $tab_rooms_noaccess = verif_acces_ressource(getUserName(), 'all');
echo ' '; } } echo '</td>' . PHP_EOL; } else { if ($descr != "") { if (isset($today[$room][$t]["statut"]) && $today[$room][$t]["statut"] != '-') { echo '<img src="img_grr/buzy.png" alt="' . get_vocab("ressource actuellement empruntee") . '" title="' . get_vocab("ressource actuellement empruntee") . '" width="20" height="20" class="image" />' . PHP_EOL; } if ($delais_option_reservation[$room] > 0 && isset($today[$room][$t]["option_reser"]) && $today[$room][$t]["option_reser"] != -1) { echo '<img src="img_grr/small_flag.png" alt="' . get_vocab("reservation_a_confirmer_au_plus_tard_le") . '" title="' . get_vocab("reservation_a_confirmer_au_plus_tard_le") . ' ' . time_date_string_jma($today[$room][$t]["option_reser"], $dformat) . '" width="20" height="20" class="image" />' . PHP_EOL; } if (isset($today[$room][$t]["moderation"]) && $today[$room][$t]["moderation"] == '1') { echo '<img src="img_grr/flag_moderation.png" alt="' . get_vocab("en_attente_moderation") . '" title="' . get_vocab("en_attente_moderation") . '" class="image" />' . PHP_EOL; } if ($statut_room[$room] == "1" || $statut_room[$room] == "0" && authGetUserLevel(getUserName(), $room) > 2) { if ($acces_fiche_reservation) { if ($settings->get("display_level_view_entry") == 0) { $currentPage = 'day'; echo '<a title="' . htmlspecialchars($today[$room][$t]["who"]) . '" data-width="675" onclick="request(' . $id . ',' . $day . ',' . $month . ',' . $year . ',\'' . $currentPage . '\',readData);" data-rel="popup_name" class="poplight">' . $descr . PHP_EOL; } else { echo '<a class="lienCellule" title="', htmlspecialchars($today[$room][$t]["who"]), '" href="view_entry.php?id=', $id, '&day=', $day, '&month=', $month, '&year=', $year, '&page=day\\>', $descr; } } else { echo ' ' . $descr; } $sql = "SELECT type_name,start_time,end_time,clef,courrier FROM " . TABLE_PREFIX . "_type_area ," . TABLE_PREFIX . "_entry WHERE " . TABLE_PREFIX . "_entry.id= " . $today[$room][$t]["id"] . " AND " . TABLE_PREFIX . "_entry.type= " . TABLE_PREFIX . "_type_area.type_letter"; $res = grr_sql_query($sql); for ($i = 0; $row = grr_sql_row($res, $i); $i++) { $type_name = $row['0']; $start_time = $row['1'];
print_header(); echo '<h2>' . get_vocab('error_qui_peut_reserver_pour') . '</h2>'; echo '<a href="' . $back . '&Err=yes">' . get_vocab('returnprev') . '</a>'; include 'include/trailer.inc.php'; die; } if ($error_heure_debut_fin == 'yes') { print_header(); echo '<h2>' . get_vocab('error_heure_debut_fin') . '</h2>'; echo $day; echo '<a href="' . $back . '&Err=yes">' . get_vocab('returnprev') . '</a>'; include 'include/trailer.inc.php'; die; } if (strlen($err)) { print_header(); echo '<h2>' . get_vocab('sched_conflict') . '</h2>'; if (!isset($hide_title)) { echo get_vocab('conflict'); echo '<UL>'; } echo $err; if (!isset($hide_title)) { echo '</UL>'; } if (authGetUserLevel(getUserName(), $area, 'area') >= 4) { echo "<center><table border=\"1\" cellpadding=\"10\" cellspacing=\"1\"><tr><td class='avertissement'><h3><a href='" . traite_grr_url('', 'y') . 'edit_entry_handler.php?' . $_SERVER['QUERY_STRING'] . "&del_entry_in_conflict=yes'>" . get_vocab('del_entry_in_conflict') . '</a></h4></td></tr></table></center><br />'; } } echo '<a href="' . $back . '&Err=yes">' . get_vocab('returnprev') . '</a><p>'; include 'include/trailer.inc.php';
$descrmatch = get_form_var('descrmatch', 'string'); $summarize = get_form_var('summarize', 'int'); $typematch = get_form_var('typematch', 'array'); $sortby = get_form_var('sortby', 'string'); $display = get_form_var('display', 'string'); $sumby = get_form_var('sumby', 'string'); # Require authenticated user if private bookings are required if ($private_override == "private") { if (!getAuthorised(1)) { showAccessDenied($day, $month, $year, $area, ""); exit; } } # Need to know user name and if they are an admin $user = getUserName(); $is_admin = isset($user) && authGetUserLevel($user) >= 2; //If we dont know the right date then make it up if (!isset($day) or !isset($month) or !isset($year)) { $day = date("d"); $month = date("m"); $year = date("Y"); } if (empty($area)) { $area = get_default_area(); } // print the page header print_header($day, $month, $year, $area, isset($room) ? $room : ""); if (isset($areamatch)) { // Resubmit - reapply parameters as defaults. // Make sure these are not escape-quoted: // Make default values when the form is reused.
echo $d[$cday]["who1"][$i], '<br/>'; $Son_GenreRepeat = grr_sql_query1("SELECT type_name FROM " . TABLE_PREFIX . "_type_area ," . TABLE_PREFIX . "_entry WHERE " . TABLE_PREFIX . "_entry.id= " . $d[$cday]["id"][$i] . " AND " . TABLE_PREFIX . "_entry.type= " . TABLE_PREFIX . "_type_area.type_letter"); echo $Son_GenreRepeat, '<br/>'; if ($d[$cday]["description"][$i] != "") { echo '<br /><i>(', $d[$cday]["description"][$i], ')</i>'; } if ($acces_fiche_reservation) { echo '</a>', PHP_EOL; } echo '</span>', PHP_EOL, '</td>', PHP_EOL, '</tr>', PHP_EOL, '</table>', PHP_EOL; } } $date_now = time(); $hour = date("H", $date_now); $date_booking = mktime(24, 0, 0, $month, $cday, $year); if (($authGetUserLevel > 1 || $auth_visiteur == 1) && $UserRoomMaxBooking != 0 && verif_booking_date(getUserName(), -1, $room, $date_booking, $date_now, $enable_periods) && verif_delais_max_resa_room(getUserName(), $room, $date_booking) && verif_delais_min_resa_room(getUserName(), $room, $date_booking) && plages_libre_semaine_ressource($room, $month, $cday, $year) && ($this_statut_room == "1" || $this_statut_room == "0" && authGetUserLevel(getUserName(), $room) > 2) && $_GET['pview'] != 1) { echo '<div class="empty_cell">', PHP_EOL; if ($enable_periods == 'y') { echo '<a href="edit_entry.php?room=', $room, '&period=&year=', $year, '&month=', $month, '&day=', $cday, '&page=month" title="', get_vocab("cliquez_pour_effectuer_une_reservation"), '"><span class="glyphicon glyphicon-plus"></span></a>', PHP_EOL; } else { echo '<a href="edit_entry.php?room=', $room, '&hour=', $hour, '&minute=0&year=', $year, '&month=', $month, '&day=', $cday, '&page=month" title="', get_vocab("cliquez_pour_effectuer_une_reservation"), '"><span class="glyphicon glyphicon-plus"></span></a>', PHP_EOL; } echo '</div>' . PHP_EOL; } else { echo ' '; } } echo '</td>' . PHP_EOL; } if (++$weekcol == 7) { $weekcol = 0;
</fieldset> </form> </body> </html> <?php die; } $back = ''; if (isset($_SERVER['HTTP_REFERER'])) { $back = htmlspecialchars($_SERVER['HTTP_REFERER']); } if (isset($sso_restrictions) && $sso_restrictions == true) { showAccessDenied($back); exit; } if (authGetUserLevel(getUserName(), -1) < 6 && $valid != 'yes') { showAccessDenied($back); exit; } if ($valid == 'no') { print_header("", "", "", $type = "with_session"); // Affichage de la colonne de gauche include "admin_col_gauche.php"; } else { ?> <!doctype html> <html> <head> <link rel="stylesheet" href="style.css" type="text/css"> <link rel="shortcut icon" href="favicon.ico"> <title> grr </title>
else echo "<div class=\"empty_cell\">"; // Possibilité de faire une nouvelle réservation $hour = date("H",$date_now); // Heure actuelle $date_booking = mktime(24, 0, 0, $cmonth, $cday, $cyear); // minuit if (est_hors_reservation(mktime(0,0,0,$cmonth,$cday,$cyear),$area)) echo "<img src=\"img_grr/stop.png\" alt=\"".get_vocab("reservation_impossible")."\" title=\"".get_vocab("reservation_impossible")."\" width=\"16\" height=\"16\" class=\"".$class_image."\" />"; else if ((($authGetUserLevel > 1) or ($auth_visiteur == 1)) and ($UserRoomMaxBooking != 0) and verif_booking_date(getUserName(), -1, $row[2], $date_booking, $date_now, $enable_periods) and verif_delais_max_resa_room(getUserName(), $row[2], $date_booking) and verif_delais_min_resa_room(getUserName(), $row[2], $date_booking) and plages_libre_semaine_ressource($row[2], $cmonth, $cday, $cyear) and (($row[4] == "1") or (($row[4] == "0") and (authGetUserLevel(getUserName(),$row[2]) > 2) )) and $_GET['pview'] != 1) { if ($enable_periods == 'y') echo "<a href=\"edit_entry.php?room=".$row[2]."&period=&year=$cyear&month=$cmonth&day=$cday&page=week_all\" title=\"".get_vocab("cliquez_pour_effectuer_une_reservation")."\"><img src=\"img_grr/new.png\" alt=\"".get_vocab("add")."\" class=\"".$class_image."\" /></a>"; else echo "<a href=\"edit_entry.php?room=".$row[2]."&hour=$hour&minute=0&year=$cyear&month=$cmonth&day=$cday&page=week_all\" title=\"".get_vocab("cliquez_pour_effectuer_une_reservation")."\"><img src=\"img_grr/new.png\" alt=\"".get_vocab("add")."\" class=\"".$class_image."\" /></a>"; } else { echo " "; } if (!$no_td) echo "</div>"; echo "</td>\n"; } // Fin de la condition "on n'affiche pas tous les jours de la semaine" $num_week_day++;// Pour le calcul des jours à afficher $num_week_day = $num_week_day % 7;// Pour le calcul des jours à afficher
{ global $vocab; // Search for indexes "user_name", "user_password", etc, in the localization array. if (isset($vocab["user_" . $name])) { return get_vocab("user_" . $name); } // If there is no entry (likely if user-defined fields have been added), return itself. return $name; } /*---------------------------------------------------------------------------*\ | Authenticate the current user | \*---------------------------------------------------------------------------*/ $initial_user_creation = 0; if ($nusers > 0) { $user = getUserName(); $level = authGetUserLevel($user); // Do not allow unidentified people to browse the list. if (!getAuthorised(1)) { showAccessDenied($day, $month, $year, $area, ""); exit; } } else { $initial_user_creation = 1; if (!isset($Action)) { $Action = "Add"; $Id = -1; } $level = $max_level; $user = ""; // to avoid an undefined variable notice }
$i = 0; while ($line = sql_row($list, $i++)) { print "<tr>\n"; $j = -1; $this_id = 0; foreach ($line as $col_value) { $j += 1; if ($j == 0) { /* Don't display it, but remember it. */ $this_id = $col_value; continue; } if ($j == 1) { /* Use it to tell if it's a user or an admin */ $name = $col_value; switch (authGetUserLevel($name, $auth["admin"])) { case 1: $right = get_vocab("user"); break; case 2: $right = get_vocab("administrator"); break; // MRBS admin // MRBS admin case 3: $right = get_vocab("administrator"); break; // Reserved for future user admin. // Reserved for future user admin. default: $right = get_vocab("unknown");