function syn_login($r_res)
{
$oDb = getDb();
checkUser($r_res);
$Session = new Session($oDb);
$Session->setKey($r_res['uid']);
select_yjl_db();
}
function isLoggedIn()
{
if (isset($_COOKIE['email']) && isset($_COOKIE['password']) && checkUser($_COOKIE['email'], $_COOKIE['password']) > 0) {
return 1;
} else {
return 0;
}
}
function loginWJson()
{
global $JSON;
$json = $JSON;
//echo "json is";
//echo json_encode($JSON);
//echo (checkUser(@$json['login']['Email'],@$json['login']['password']))?"TRUE":"FALSE";
return checkUser(@$json['login']['Email'], @$json['login']['password']);
}
function addData($username, $password, $email) {
if (!checkUser($username)) {
if (mysql_query("INSERT INTO users (username, password, email) VALUES ('$username', '$password','$email')")) {
return true;
}
} else {
return false;
}
}
function userAuth($connection)
{
$validUser = false;
session_start();
# Check for a user session set by the website.
if (isset($_SESSION['user'])) {
# Get the username and password stored in the session.
$username = $_SESSION['user'][0];
$password = $_SESSION['user'][1];
# Check whether the information stored in the session matches up to a
# valid user account.
$validUser = checkUser($username, $password, $connection);
}
session_write_close();
return $validUser;
}
function checkSubmitValues()
{
global $showErr;
/* Make sure at least one field was entered */
if (!$_POST['user']) {
$showErr = 'Please provide a valid username.';
return FALSE;
}
/* Check if username is valid */
$email = checkUser($_POST['user']);
if (!$email) {
$showErr = 'Sorry, the username: "******" could not be found.';
return FALSE;
}
// If we get here, username is valid. Return the email address.
return $email;
}
function Register()
{
if (empty($_POST['username'])) {
Redirect("No Username was entered.", "register.php");
} else {
if (empty($_POST['password'])) {
Redirect("No Password was entered.", "register.php");
} else {
if ($_POST['rePass'] != $_POST['password']) {
Redirect("The passwords did not match!", "register.php");
} else {
if (empty($_POST['fname'])) {
Redirect("Please enter your first name.", "register.php");
} else {
if (empty($_POST['lname'])) {
Redirect("Please enter your last name.", "register.php");
} else {
$username = $_POST['username'];
$password = md5($_POST['password']);
$fname = $_POST['fname'];
$lname = $_POST['lname'];
$db = mysqli_connect("localhost", "xinnk", "Final1245!", "login");
//make sure we connected to the database
if ($db->connect_errno) {
die("Connect failed: %s\n" . $db->connect_error);
}
// check the db for the user
if (!checkUser($username, $password, $db)) {
mysqli_close($db);
header("refresh:5;url=register.php");
print "User already exists.<br>" . "redirecting after 5 seconds... ";
} else {
createUser($username, $password, $fname, $lname, $db);
}
}
}
}
}
}
}
function addUser($userName, $password, $email, $gender)
{
if (checkUser($userName, $email) > 0) {
return;
}
$sql = "INSERT INTO UserInfoTable (UserName,Password,Email,Gender) VALUES('{$userName}','{$password}','{$email}','{$gender}')";
if (!exeSQL($sql)) {
return;
}
//printf("add user $userName failed\n");
$sql = "SELECT UserID from UserInfoTable WHERE UserName='******'";
$res = exeSQL($sql);
$row = mysql_fetch_array($res);
$id = $row[0];
addAlbum($id, "Face", "The user face album", time());
addAlbum($id, "Default", "The default user album", time());
$sql = "SELECT AlbumID FROM AlbumTable WHERE UserID={$id} AND AlbumName='Face'";
$res = exeSQL($sql);
$row = mysql_fetch_array($res);
$albumID = $row[0];
addPic($id, "DefaultFace.gif", 200, 200, "DefaultFace.gif", "/images/DefaultFace.gif", time(), time(), 0, 0, 0, $albumID);
}
<?php
session_start();
require_once "../application/libraries/functions.php";
if (!(checkUser($_SESSION["email"], $_SESSION["password"]) && isAdmin($_SESSION["email"]))) {
header("location: /admin/auth.php");
exit;
}
* @author Nils Laumaillé
* @version 2.1.25
* @copyright (c) 2009-2015 Nils Laumaillé
* @licensing GNU AFFERO GPL 3.0
* @link http://www.teampass.net
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
*/
if (!isset($_SESSION['CPM']) || $_SESSION['CPM'] != 1 || !isset($_SESSION['user_id']) || empty($_SESSION['user_id']) || !isset($_SESSION['key']) || empty($_SESSION['key'])) {
die('Hacking attempt...');
}
/* do checks */
require_once $_SESSION['settings']['cpassman_dir'] . '/sources/checks.php';
if (!checkUser($_SESSION['user_id'], $_SESSION['key'], curPage())) {
$_SESSION['error']['code'] = ERR_NOT_ALLOWED;
//not allowed page
include $_SESSION['settings']['cpassman_dir'] . '/error.php';
exit;
}
//load help
require_once $_SESSION['settings']['cpassman_dir'] . '/includes/language/' . $_SESSION['user_language'] . '_admin_help.php';
require_once $_SESSION['settings']['cpassman_dir'] . '/sources/main.functions.php';
//Get full list of groups
$arr_groups = array();
$rows = DB::query("SELECT id,title FROM " . prefix_table("nested_tree"));
foreach ($rows as $reccord) {
$arr_groups[$reccord['id']] = $reccord['title'];
}
//display
$the_user = getUser($user_id);
if (count($the_user)) {
if (!isset($gusers1[$user_id])) {
$gusers1[$user_id] = $the_user['user_name'];
$gusers2 .= ';' . $user_id . ';';
}
}
}
if (isset($_GET['group_add_user']) && is_numeric($_GET['group_add_user'])) {
// Adding a user
if (!$login['user_access_useredit']) {
showAccessDenied($day, $month, $year, $area, true);
exit;
}
$user_id = $_GET['group_add_user'];
if (checkUser($user_id)) {
if (!array_key_exists($user_id, $gusers1)) {
$gusers2 .= ';' . $user_id . ';';
}
} else {
echo __('User does not exist');
exit;
}
mysql_query("UPDATE `groups` SET `user_ids` = '" . $gusers2 . "' WHERE `group_id` = '{$gid}' LIMIT 1 ;");
header("Location: admin_group.php?gid={$gid}");
exit;
}
if (isset($_GET['group_del_user']) && is_numeric($_GET['group_del_user'])) {
// Deleting a user
if (!$login['user_access_useredit']) {
showAccessDenied($day, $month, $year, $area, true);
<?php
// Erzwingen das Session-Cookies benutzt werden und die SID nicht per URL transportiert wird
ini_set('session.use_only_cookies', '1');
ini_set('session.use_trans_sid', '0');
// Session starten
session_start();
// Funktionen einbinden
include '../admin/auth.php';
// Datenbankverbindung öffnen
$conid = db_connect();
// Benutzer prüfen
if (!checkUser($conid)) {
resetUser();
}
// Benutzer abmelden
if ($_GET['benutzer'] == 'abmelden') {
resetUser();
}
if (!empty($_POST['name'])) {
require_once '../conf/DbConnectorW.php';
$db = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME) or die('<p><font color=red>Fehler bei der Datenbankverbindung: ' . mysqli_connect_errno() . ': ' . mysqli_connect_error() . '</p>');
$sql = "INSERT INTO Series (Ser_Name, Author_Auth_ID) VALUES ('{$_POST['name']}',{$_POST['author']})";
mysqli_query($db, $sql);
$sql = "SELECT User_has_Groups.Groups_ID, User.Name, User.ID FROM User, User_has_Groups WHERE LOWER(`Name`) = '" . mysqli_real_escape_string($db, $_SESSION['benutzername']) . "' and User.ID = User_has_Groups.User_ID";
$result = mysqli_query($db, $sql);
$zeile = mysqli_fetch_array($result);
$sql = "SELECT MAX(`Ser_ID`) AS Ser_ID FROM Series";
$result = mysqli_query($db, $sql);
$zeile2 = mysqli_fetch_array($result);
$sql = "INSERT INTO Log (`Time`, `Activity`, `User_ID`, `Groups_ID`) VALUES (NOW(), '{$zeile['Name']} added Creator with ID {$zeile2['Ser_ID']}', {$zeile['ID']}, {$zeile['Groups_ID']})";
<?php
require_once './library/config.php';
require_once './library/functions.php';
checkUser();
$action = isset($_GET['action']) ? $_GET['action'] : '';
switch ($action) {
case 'makeComplain':
makeComplain();
break;
case 'makeComplainFac':
makeComplainFac();
break;
case 'assignComplain':
assignComplain();
break;
case 'assignComplainFac':
assignComplainFac();
break;
case 'commentOnComplain':
commentOnComplain();
break;
case 'commentOnComplainFac':
commentOnComplainFac();
break;
case 'closeComplain':
closeComplain();
break;
case 'closeComplainFac':
closeComplainFac();
break;
*/
require_once "../functions.php";
global $DEBUG;
if ($DEBUG) {
$starttime_main = microtime(true);
}
ini_set("session.cookie_httponly", 1);
session_start();
if ($_POST['submit'] == "submit") {
if ($_POST['user'] == "" || $_POST['pass'] == "") {
$emptyField = true;
} else {
$username = @sanitize_paranoid_string($_POST['user']);
$password = $_POST['pass'];
$ref = @sanitize_paranoid_string($_POST['ref']);
$userlogon = checkUser($username, $password);
if ($userlogon[0]['result']) {
$_SESSION['login'] = true;
$_SESSION['userName'] = ucfirst(strtolower($userlogon[0]['username']));
$_SESSION['userID'] = $userlogon[0]['user_id'];
$_SESSION['email'] = $userlogon[0]['email'];
$_SESSION['LAST_ACTIVITY'] = time();
// define first "last activity" timestamp
$_SESSION['CREATED'] = time();
// initialize the session create timestamp
if ($userlogon[0]['changePass']) {
$_SESSION['forceChangePass'] = true;
}
session_regenerate_id(true);
// change session ID for the current session an invalidate old session ID
header("HTTP/1.1 302 Found");
include_once 'functions.php';
$dosetval = isset($_POST['value']);
if (isset($_POST['requested'])) {
if ($dosetval) {
$_SESSION[$_POST['requested']] = $_POST['value'];
} else {
if ($_POST['requested'] == "userInfo") {
if (checkSession()) {
$id = $_SESSION['user_id'];
$retVal = getUser($id);
print json_encode($retVal);
}
} else {
if ($_POST['requested'] == "checkName") {
$userName = $_POST['userName'];
$retVal = checkUser($userName);
print json_encode($retVal);
} else {
if ($_POST['requested'] == "checkEmail") {
$userEmail = $_POST['userEmail'];
$retVal = checkEmail($userEmail);
print json_encode($retVal);
} else {
if ($_POST['requested'] == "sesexe") {
if (checkSession()) {
$id = $_SESSION['user_id'];
} else {
$id = 12;
}
$retVal = saveAlgSes($id);
print json_encode($retVal);
* @copyright (c) 2009-2012 Nils Laumaillé
* @licensing GNU AFFERO GPL 3.0
* @link http://www.teampass.net
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
*/
require_once '../sessions.php';
session_start();
if (!isset($_SESSION['CPM']) || $_SESSION['CPM'] != 1 || !isset($_SESSION['user_id']) || empty($_SESSION['user_id']) || !isset($_SESSION['key']) || empty($_SESSION['key'])) {
die('Hacking attempt...');
}
/* do checks */
require_once $_SESSION['settings']['cpassman_dir'] . '/sources/checks.php';
if (!checkUser($_SESSION['user_id'], $_SESSION['key'], "items")) {
$_SESSION['error']['code'] = ERR_NOT_ALLOWED;
//not allowed page
handleError('Not allowed to ...', 110);
exit;
}
//check for session
if (isset($_POST['PHPSESSID'])) {
session_id($_POST['PHPSESSID']);
} elseif (isset($_GET['PHPSESSID'])) {
session_id($_GET['PHPSESSID']);
} else {
handleError('No Session was found.');
}
// HTTP headers for no cache etc
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
function gotDTMF($text)
{
global $state;
global $mailbox;
global $collect_user;
global $collect_pass;
Yate::Debug("gotDTMF('{$text}') state: {$state}");
switch ($state) {
case "user":
if ($text == "*") {
promptUser();
return;
}
if ($text == "#") {
checkUser();
} else {
$collect_user .= $text;
}
return;
case "pass":
if ($text == "*") {
promptPass();
return;
}
if ($text == "#") {
checkPass();
} else {
$collect_pass .= $text;
}
return;
}
if ($mailbox == "") {
return;
}
navigate($text);
}
* @licensing GNU AFFERO GPL 3.0
* @link http://www.teampass.net
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
*/
require_once 'sessions.php';
session_start();
if (!isset($_SESSION['CPM']) || $_SESSION['CPM'] != 1 || !isset($_SESSION['user_id']) || empty($_SESSION['user_id']) || !isset($_SESSION['key']) || empty($_SESSION['key']) || !isset($_SESSION['settings']['enable_suggestion']) || $_SESSION['settings']['enable_suggestion'] != 1) {
die('Hacking attempt...');
}
/* do checks */
require_once $_SESSION['settings']['cpassman_dir'] . '/includes/config/include.php';
require_once $_SESSION['settings']['cpassman_dir'] . '/sources/checks.php';
if (!checkUser($_SESSION['user_id'], $_SESSION['key'], "suggestion")) {
$_SESSION['error']['code'] = ERR_NOT_ALLOWED;
//not allowed page
include $_SESSION['settings']['cpassman_dir'] . '/error.php';
exit;
}
require_once $_SESSION['settings']['cpassman_dir'] . '/includes/language/' . $_SESSION['user_language'] . '.php';
include $_SESSION['settings']['cpassman_dir'] . '/includes/config/settings.php';
require_once $_SESSION['settings']['cpassman_dir'] . '/sources/SplClassLoader.php';
header("Content-type: text/html; charset=utf-8");
header("Cache-Control: no-cache, must-revalidate");
header("Pragma: no-cache");
require_once 'main.functions.php';
// pw complexity levels
$_SESSION['settings']['pwComplexity'] = array(0 => array(0, $LANG['complex_level0']), 25 => array(25, $LANG['complex_level1']), 50 => array(50, $LANG['complex_level2']), 60 => array(60, $LANG['complex_level3']), 70 => array(70, $LANG['complex_level4']), 80 => array(80, $LANG['complex_level5']), 90 => array(90, $LANG['complex_level6']));
// connect to DB
*
* Kimai is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; Version 3, 29 June 2007
*
* Kimai is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with Kimai; If not, see <http://www.gnu.org/licenses/>.
*/
// Include Basics
include '../../includes/basics.php';
$usr = checkUser();
// ============================================
// = initialize currently displayed timespace =
// ============================================
$timespace = get_timespace();
$in = $timespace[0];
$out = $timespace[1];
// set smarty config
require_once WEBROOT . 'libraries/smarty/Smarty.class.php';
$tpl = new Smarty();
$tpl->template_dir = 'templates/';
$tpl->compile_dir = 'compile/';
// read kga ---------------------------------------
$output = $kga;
// clean out sone data that is way too private to be shown in the frontend ...
if (!$kga['show_sensible_data']) {
/**
* getEvalList - Retourne la liste des instances de campagnes d'évaluations disponibles pour un utilisateur donné
*
* @category : evaluationFunction
* @param int $id Identifiant de l'utilisateur
* @return array Array contenant la liste des instances de campagne d'évaluation disponible pour l'utilisateur
*
* @Author Ali Bellamine
*
* Contenu de l'array retourné :<br>
* [id de la campagne d'évaluation] => (array) données relative à une évaluation voir {@link getEvalData()}<br>
* [id de la campagne d'évaluation]['registerId'] => (int) id de l'instance de la campagne d'évaluation pour l'utilisateur<br>
* [id de la campagne d'évaluation]['data'] => (string) informations optionelles relatives à l'instance de la campagne d'évaluation<br>
* [id de la campagne d'évaluation]['remplissage']['valeur'] => (int) statut de remplissage de l'instance de la campagne d'évaluation (0 ou 1)<br>
* [id de la campagne d'évaluation]['remplissage']['date'] => (string) date du remplissage de l'instance de la campagne d'évaluation sous forme de timestamp
*
*/
function getEvalList($id)
{
/*
Initialisation des variables
*/
global $db;
// Permet l'accès à la BDD
$erreur = array();
$evaluations = array();
/*
On vérifie l'existance de l'utilisateur
*/
$erreur = checkUser($id, $erreur);
if (count($erreur) == 0) {
/*
Récupèration informations contenant l'utilisateur
*/
$sql = 'SELECT e.id evaluationId, er.id registerId, er.date dateRemplissage, er.evaluationData evaluationData, er.evaluationStatut remplissageStatut FROM evaluationregister er INNER JOIN evaluation e ON e.id = er.evaluationId WHERE userId = ?';
$res = $db->prepare($sql);
if ($res->execute(array($id))) {
while ($res_f = $res->fetch()) {
$evaluations[$res_f['evaluationId']] = getEvalData($res_f['evaluationId']);
$evaluations[$res_f['evaluationId']]['registerId'] = $res_f['registerId'];
$evaluations[$res_f['evaluationId']]['data'] = $res_f['evaluationData'];
// On enregistre que l'évaluation a été faite si elle a été faite
if (isset($res_f['dateRemplissage']) && $res_f['remplissageStatut'] == 1) {
$evaluations[$res_f['evaluationId']]['remplissage']['valeur'] = true;
$evaluations[$res_f['evaluationId']]['remplissage']['date'] = DatetimeToTimestamp($res_f['dateRemplissage']);
} else {
$evaluations[$res_f['evaluationId']]['remplissage']['valeur'] = false;
}
}
}
return $evaluations;
} else {
return false;
}
}
* Kimai - Open Source Time Tracking // http://www.kimai.org
* (c) 2006-2009 Kimai-Development-Team
*
* Kimai is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; Version 3, 29 June 2007
*
* Kimai is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with Kimai; If not, see <http://www.gnu.org/licenses/>.
*/
// Include Basics
include '../../includes/basics.php';
$dir_templates = "templates/";
$datasrc = "config.ini";
$settings = parse_ini_file($datasrc);
$dir_ext = $settings['EXTENSION_DIR'];
$user = checkUser();
// =========================================
// = Get the currently displayed timeframe =
// =========================================
$timeframe = get_timeframe();
$in = $timeframe[0];
$out = $timeframe[1];
$view = new Zend_View();
$view->setBasePath(WEBROOT . 'extensions/' . $dir_ext . '/' . $dir_templates);
echo $view->render('index.php');
switch ($ev->name) {
case "call.execute":
$partycallid = $ev->GetValue("id");
$ev->params["targetid"] = $ourcallid;
if ($ev->GetValue("debug_on") == "yes") {
Yate::Output(true);
Yate::Debug(true);
}
if ($ev->GetValue("query_on") == "yes") {
$query_on = true;
}
$ev->handled = true;
/* We must ACK this message before dispatching a call.answered */
$ev->Acknowledge();
/* Check if the mailbox exists, answer only if that's the case */
if (checkUser($ev->GetValue("called"), $ev->GetValue("caller"))) {
$m = new Yate("call.answered");
$m->params["id"] = $ourcallid;
$m->params["targetid"] = $partycallid;
// - - - - - - - - - - - - - - - - - - - - - - - - -
/* (этого блока ранее не было) */
/* определение правого плеча путем присвоения ему идентификатора вызова (billid) левого плеча */
/* автосекретарь -> внутр. номер -> голосовая почта */
// $m->params["direction"] = $ev->GetValue("direction");
$m->params["direction"] = 'outgoing';
$m->params["billid"] = $ev->GetValue("billid");
// $m->params["status"] = $ev->GetValue("status");
$m->params["status"] = 'cs_voicemail';
// $m->params["reason"] = $ev->GetValue("reason");
// - - - - - - - - - - - - - - - - - - - - - - - - -
// - - - - - - - - - - - - - - - - - - - - - - - - -
<html>
<head>
<script>
$(document).ready(function(){
removeAllActiveClass();
})
</script>
<?php
include '../CommonPage/initializer.php';
checkUser($_SESSION["Username"]);
$updatedDueDate = getCurrentDate();
?>
<?php
if (isset($_POST['editTodaysDetails'])) {
$dueDate = $_POST["editedDueDate"];
$query = "Update book set DueDate='" . $dueDate . "' where DueDate='" . getCurrentDate() . "'";
$editResult = "yes";
if ($conn->query($query) === true) {
$editResult = "yes";
$updatedDueDate = $dueDate;
} else {
$editResult = "no";
}
}
?>
</head>
<body>
<?php
include '../CommonPage/header.php';
include '../CommonPage/nav.php';
@ini_set('session.use_only_cookies', '1');
@header('Cache-Control: no-cache, no-store, must-revalidate');
// HTTP 1.1.
@header('Pragma: no-cache');
// HTTP 1.0.
@header('Expires: 0');
// Proxies.
@session_name('FWLDBA');
session_start();
// check if membership system exists
setupMembership();
########################################################################
// do we have an admin log out request?
if ($_GET['signOut'] == 1) {
logOutUser();
?>
<META HTTP-EQUIV="Refresh" CONTENT="0;url=../index.php"><?php
exit;
}
// is there a logged user?
if (!($uname = getLoggedAdmin())) {
// is there a user trying to log in?
if (!checkUser($_POST['username'], $_POST['password'])) {
// display login form
?>
<META HTTP-EQUIV="Refresh" CONTENT="0;url=../index.php?signIn=1"><?php
exit;
} else {
redirect('admin/pageHome.php');
}
}
Préparation des données : on crée un array contenant toutes les données, ce dernier sera ensuite parcouru pour créer la requête SQL qui sera préparée
*/
// Ce qui est propre aux edit et delete
if (($action == 'edit' || $action == 'delete') && isset($serviceInfo)) {
$sqlData['id'] = $serviceInfo['id'];
// Id du service
}
// Traitement du POST
if ($action == 'edit' || $action == 'add') {
foreach ($_POST as $key => $value) {
if ($key == 'nom') {
if ($value != '' && ($action == 'add' || $value != $serviceInfo[$key])) {
$sqlData[$key] = htmLawed($value);
}
}
if ($key == 'chef' && is_numeric($value) && count(checkUser($value, array())) == 0 && ($action == 'add' || $value != $serviceInfo[$key])) {
$sqlData[$key] = $value;
}
if ($key == 'hopital' && is_numeric($value) && count(checkHopital($value, array())) == 0 && ($action == 'add' || $value != $serviceInfo[$key])) {
$sqlData[$key] = $value;
}
if ($key == 'specialite' && is_numeric($value) && count(checkSpecialite($value, array())) == 0 && ($action == 'add' || $value != $serviceInfo[$key])) {
$sqlData[$key] = $value;
}
if ($key == 'certificat') {
$sqlAffectationData = array();
$currentCertificat = array();
if (isset($serviceInfo)) {
$listeCertificats = array();
foreach ($serviceInfo['certificat'] as $certificatId => $certificatValue) {
$listeCertificats[$certificatValue['idAffectation']] = $certificatId;
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*/
// $Id: editUser.php,v 1.7 2006/01/29 08:15:18 atrommer Exp $
checkUser($_SESSION['USERTYPE'], 2);
//if (!$_REQUEST['u_id'] && !$_REQUEST['action']){
// accessDenied("Please choose an employee first!");
//}
doHeader("Edit User");
// first we check if we're doing an update
// or a delete
if ($_REQUEST['action'] == 'del') {
deleteConfirm();
} elseif ($_POST['confirmDelete']) {
deleteUser($_POST['hdUserID']);
print "User deactivated sucessfully!";
} else {
editUserForm();
}
function deleteConfirm()
<?php
require_once "start.php";
$email = htmlspecialchars($_POST["email"]);
$password = htmlspecialchars($_POST["password"]);
$password = md5($password);
if (checkUser($email, $password)) {
$_SESSION["email"] = $email;
$_SESSION["password"] = $password;
} else {
$_SESSION["error_auth"] = 1;
}
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit;
if (isset($_SESSION['users']['update'])) {
foreach ($_SESSION['users']['update'] as $userDataId => $userData) {
$tempErreur = array();
$tempErreur = checkUserInsertData($userData, $tempErreur);
// On verifie la validité des données
// On ajoute les données manquantes
if (!isset($userData['prenom'])) {
$userData['prenom'] = '';
}
if (!isset($userData['promotion'])) {
$userData['promotion'] = 'NULL';
}
if (count($tempErreur) == 1 && isset($tempErreur['exist'])) {
// On récupère l'id de l'utilisateur
$userId = getUserIdFromNbEtudiant($userData['nbEtu']);
if (isset($userId) && is_numeric($userId) && count(checkUser($userId, array())) == 0) {
$sql = 'UPDATE user SET nbEtudiant = ?, nom = ?, prenom = ?, mail = ?, promotion = ?, rang = ? WHERE id = ?';
$res = $db->prepare($sql);
$resT = $res->execute(array($userData['nbEtu'], strtoupper($userData['nom']), $userData['prenom'], serialize($userData['mail']), $userData['promotion'], $userData['rang'], $userId));
if (!$resT) {
$affectationsErreur[$affectationInsertId][14] = TRUE;
// On enregistre l'erreur
}
} else {
$affectationsErreur[$affectationInsertId][14] = TRUE;
// On enregistre l'erreur
}
} else {
// On enregistre les erreurs
if (isset($tempErreur['exist'])) {
unset($tempErreur['exist']);
* @licensing GNU AFFERO GPL 3.0
* @link http://www.teampass.net
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
*/
require_once 'sessions.php';
session_start();
if (!isset($_SESSION['CPM']) || $_SESSION['CPM'] != 1 || !isset($_SESSION['user_id']) || empty($_SESSION['user_id']) || !isset($_SESSION['key']) || empty($_SESSION['key'])) {
die('Hacking attempt...');
}
/* do checks */
require_once $_SESSION['settings']['cpassman_dir'] . '/includes/include.php';
require_once $_SESSION['settings']['cpassman_dir'] . '/sources/checks.php';
if (!checkUser($_SESSION['user_id'], $_SESSION['key'], "manage_roles")) {
$_SESSION['error']['code'] = ERR_NOT_ALLOWED;
//not allowed page
include $_SESSION['settings']['cpassman_dir'] . '/error.php';
exit;
}
include $_SESSION['settings']['cpassman_dir'] . '/includes/language/' . $_SESSION['user_language'] . '.php';
include $_SESSION['settings']['cpassman_dir'] . '/includes/settings.php';
header("Content-type: text/html; charset=utf-8");
require_once 'main.functions.php';
require_once $_SESSION['settings']['cpassman_dir'] . '/sources/SplClassLoader.php';
//Connect to DB
require_once $_SESSION['settings']['cpassman_dir'] . '/includes/libraries/Database/Meekrodb/db.class.php';
DB::$host = $server;
DB::$user = $user;
DB::$password = $pass;
* @copyright (c) 2009-2014 Nils Laumaillé
* @licensing GNU AFFERO GPL 3.0
* @link http://www.teampass.net
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
*/
require_once 'sessions.php';
session_start();
if (!isset($_SESSION['CPM']) || $_SESSION['CPM'] != 1 || !isset($_SESSION['user_id']) || empty($_SESSION['user_id']) || !isset($_SESSION['key']) || empty($_SESSION['key'])) {
die('Hacking attempt...');
}
/* do checks */
require_once $_SESSION['settings']['cpassman_dir'] . '/sources/checks.php';
if (!checkUser($_SESSION['user_id'], $_SESSION['key'], "manage_settings")) {
$_SESSION['error']['code'] = ERR_NOT_ALLOWED;
//not allowed page
include $_SESSION['settings']['cpassman_dir'] . '/error.php';
exit;
}
include $_SESSION['settings']['cpassman_dir'] . '/includes/language/' . $_SESSION['user_language'] . '.php';
include $_SESSION['settings']['cpassman_dir'] . '/includes/settings.php';
header("Content-type: text/html; charset==utf-8");
include 'main.functions.php';
require_once $_SESSION['settings']['cpassman_dir'] . '/sources/SplClassLoader.php';
//Connect to mysql server
require_once $_SESSION['settings']['cpassman_dir'] . '/includes/libraries/Database/Meekrodb/db.class.php';
DB::$host = $server;
DB::$user = $user;
DB::$password = $pass;
