$tmp_password = make_password();
$pwd_hash = db_escape_string(encrypt_password($tmp_password, $login));
$rv[0] = T_sprintf("Created user %s with password <b>%s</b>.", $login, $tmp_password);
db_query($link, "INSERT INTO ttirc_users \n\t\t\t\t\t(login, pwd_hash, email, nick, realname) \n\t\t\t\t\tVALUES\n\t\t\t\t\t('{$login}', '{$pwd_hash}', '{$login}@localhost', '{$login}', '{$login}')");
} else {
$rv[0] = T_sprintf("User %s already exists", $login);
}
$rv[1] = format_users($link);
print json_encode($rv);
}
break;
case "reset-password":
$id = db_escape_string($_REQUEST["id"]);
if ($_SESSION["access_level"] >= 10) {
$tmp_password = make_password();
$login = get_user_login($link, $id);
$pwd_hash = db_escape_string(encrypt_password($tmp_password, $login));
db_query($link, "UPDATE ttirc_users SET pwd_hash = '{$pwd_hash}'\n\t\t\t\tWHERE id = '{$id}'");
print json_encode(array("message" => T_sprintf("Reset password of user %s to <b>%s</b>.", $login, $tmp_password)));
}
break;
case "delete-user":
$ids = db_escape_string($_REQUEST["ids"]);
if ($_SESSION["access_level"] >= 10) {
db_query($link, "DELETE FROM ttirc_users WHERE\n\t\t\t\tid in ({$ids}) AND id != " . $_SESSION["uid"]);
print format_users($link);
}
break;
case "users":
if ($_SESSION["access_level"] >= 10) {
show_users($link);
<?php
session_start();
include_once "library.php";
$db = connect();
?>
<!DOCTYPE html>
<html>
<head>
<title><?php
echo get_user_login($_SESSION["id"], $db);
?>
- Settings Hub</title>
<meta charset="utf-8">
<link rel="stylesheet" type="text/css" href="css/style.css">
</head>
<body>
<?php
//Affiche les parametres de l'utilisateur et permet de les changer
require "menu.html";
echo "<section>";
echo "<h2>Parametres</h2>";
if (isset($_SESSION["error_change"])) {
echo "<p id='error'>Erreur : Champ et/ou valeur errone(s)</p>";
unset($_SESSION["error_change"]);
}
if (!empty($_GET["change"])) {
require "settings/change_settings.html";
}
if (!empty($_POST["change_value"])) {
require "settings/change_settings.php";
<?php
//Affiche les evenements recents en lien avec l'utilisateur
//On creer un tableau contenant l'id de l'utilisateur et de chacun de ses amis
$users = array($_SESSION["id"]);
$query = $db->prepare("SELECT user2 FROM friends WHERE user1 = ?");
$query->execute(array($_SESSION["id"]));
while ($data = $query->fetch()) {
$users[] = $data["user2"];
}
$query->closeCursor();
//On execute une requete pour obtenir chaques messages et lien entre utilisateurs
$users_string = implode(",", $users);
$query = $db->prepare("SELECT * FROM posts WHERE user IN ({$users_string}) ORDER BY id DESC LIMIT 0, 50");
//Rajouter une limite de nombre et de temps
$query->execute($users);
//On affiche tous les posts obtenus
echo "<section>";
echo "<h2>Fil d'actualite</h2>";
while ($data = $query->fetch()) {
echo "<header>Message de <b>" . get_user_login($data["user"], $db) . "</b> :<br></header>";
//Afficher la date du post (si possible)
echo "<article><b>" . $data["title"] . "</b><br>";
echo nl2br($data["content"]) . "<br>";
echo "<footer>Posted on " . $data["date_post"] . "</footer></article><br>";
}
echo "</section>";
if((int)$row["cc_member_id"]) $comment = "The consumer with ID: <b>" . (int)$row["cc_member_id"] . " " . $applicant_name . "</b> - sent new message";
else $comment = "The person with email: <b>" . htmlspecialchars(trim($row["from_email"])) . "</b> - sent new message";
$actions = $temp_actions;
$xtpl->assign("MESSAGE_CLASS", "income");
}
elseif($val["message_type"] == "outcoming")
{
$comment = "The user <b>" . get_user_login($val["now_user_id"]) . "</b> sent the answer";
$xtpl->assign("MESSAGE_CLASS", "answer");
$xtpl->assign("BGCOLOR", "FFFFFF");
}elseif($val["message_type"] == "comment")
{
$xtpl->assign("MESSAGE_CLASS", "comment");
$comment = "The user <b>" . get_user_login($val["now_user_id"]) . "</b> added comments";
$xtpl->assign("BGCOLOR", "EFEFEF");
$actions = $temp_actions;
}
}
$xtpl->assign("COMMENT", $comment);
$xtpl->assign("ACTIONS", $actions);
$query = "SELECT body FROM " . T_BODIES . " WHERE id=" . $val["body_id"];
$row1 = SQL_select($query, 0);
if($row1 && trim($row1["body"]) != "")
{
$message_body = str_replace("$","$", StripSlashes(nl2br(htmlspecialchars($row1["body"]))));
$xtpl->assign("MESSAGE_BODY", $message_body);
$xtpl->parse("main.show_ticket.history_list.body_exists");
}
$xtpl->parse("main.show_ticket.history_list");
function display_link_to_user($user_id, $class = 'menu')
{
echo '<a href="' . get_www_root() . 'show/show_user.php?user_id=' . $user_id . '" class="' . $class . '">' . htmlspecialchars(get_user_login($user_id)) . '</a>';
}
$display["msg"] .= display_ok_msg($l_no_display);
}
} elseif ($action == "rights_admin") {
///////////////////////////////////////////////////////////////////////////////
if(Obm_Acl::isAllowed($obm['uid'], 'mailbox', $params['entity_id'], "admin") || check_mailbox_update_rights($params) ){
$display["detail"] = dis_mailbox_right_dis_admin($params["entity_id"]);
} else {
$err['msg'] = $l_insufficient_permission;
$display['msg'] .= display_err_msg($err['msg']);
}
} elseif ($action == "rights_update") {
///////////////////////////////////////////////////////////////////////////////
if (OBM_Acl_Utils::updateRights('mailbox', $params['entity_id'], $obm['uid'], $params)) {
$mailbox_owner_login = get_user_login($params['entity_id']);
update_mailbox_acl( $mailbox_owner_login, $obm['domain_id'] );
$display["msg"] .= display_ok_msg("$l_rights : $l_update_ok");
} else {
$display["msg"] .= display_warn_msg($l_of_right_err_auth);
}
$display["detail"] = dis_mailbox_right_dis_admin($params["entity_id"]);
}
///////////////////////////////////////////////////////////////////////////////
// Display
///////////////////////////////////////////////////////////////////////////////
$display["head"] = display_head($l_mailbox);
if (! $params["popup"]) {
$display["header"] = display_menu($module);
<tr>
<td><table>
<tr>
<td align="right">Nazwa projektu:</td>
<td align="left"><input type="text" name="project_name" value="<?php
echo htmlspecialchars($project_name);
?>
" maxlength="25" size="35"></td>
</tr>
<tr>
<td align="right">OCP:</td>
<td align="left"><select name="ocp_id">
<?php
$active_users = get_active_users();
if (get_user_status($ocp_id) == 0) {
$active_users[$ocp_id] = get_user_login($ocp_id);
asort($active_users);
}
foreach ($active_users as $user_id => $login) {
echo '<option value="' . $user_id . '"';
if ($user_id == $ocp_id) {
echo ' selected';
}
echo '>' . $login . "</option>\n";
}
?>
</select></td>
</tr>
</table>
</td>
</tr>
$old_parts_price_2x .= '[]';
$old_parts_sklad = $part_data['sklad'];
$old_parts_id_tab .= '[' . $old_part_id . ']';
$max_det_m++;
$old_parts_det_m .= '[' . $max_det_m . ']';
if (get_user_login($systems->get_user_id_from_full_name($temp_work['inj'])) != '') {
$old_parts_login_x .= '[' . get_user_login($systems->get_user_id_from_full_name($temp_work['inj'])) . ']';
} else {
$old_parts_login_x .= '[root]';
}
// Проверяем наличие записи;
$sql = "SELECT `index_i` FROM `detals_m` WHERE `numm_rem` = '" . $numm . "' AND `id_tab` = '" . $old_part_id . "';";
$exist_detals_m = $db->one($sql);
if ($exist_detals_m == '') {
// Так же паралельно пишем их в таблицу detals_m
$sql = "INSERT INTO `detals_m` (`loginm`, `numm_rem`, `status`, `sklad`, `art`, `date_create`, `groups`, `kol`, `price`, `primech`, `rent`, `serial`, `id_tab`)\n VALUES ('" . get_user_login($systems->get_user_id_from_full_name($temp_work['inj'])) . "', '" . $numm . "', 1, '" . $part_data['sklad'] . "', '" . $part_data['art'] . "', NOW(), '" . $part_data['code'] . "', 1, '" . $part_data['price3'] . "', '', 0, '', '" . $old_part_id . "');";
write_log($sql, 'save_old_parts_result');
$db->query($sql);
}
}
// Тут разберемся с резервом;
foreach ($old_work_parts as $old_part) {
$temp_old_part = (array) $old_part;
$old_part_id = $temp_old_part['part_id'];
$old_part_marker = $temp_old_part['marker'];
// Если новая запчасть - стваим ее в резерв;
if ($old_part_marker == 'new') {
$sql = "UPDATE `goods_base` SET `reserv` = (`reserv` + 1) WHERE `index_i` = '" . $old_part_id . "';";
write_log($sql, 'save_old_parts_result');
$db->query($sql);
}
public function check_weight_day($user_id, $date)
{
global $db, $db_rs;
write_log('ENTER', 'get_weight_days');
if ($user_id != '') {
// Делаем place_h;
$place_h = date('Y.m.d', strtotime($date));
$sql = "SELECT `numm` FROM `remont` WHERE `inj` = '" . get_user_login($user_id) . "' AND `place_h` = '" . $place_h . "' AND ((status > '2' and status < '7' and status != '3') or (status = '20' or status = '24' or status = '38' or status = '39')) and saveds > '2015-01-01 00:00:00' ORDER BY `numm` ASC LIMIT 100000;";
write_log($sql, 'get_weight_days');
$inj_orders = $db->all($sql);
// Проверяем сколько у каждого заказа у нас времени есть в диагностике;
$weight_hours = 0;
foreach ($inj_orders as $order) {
// Проверяем какая нагрузка при диагностике если таковая есть;
$sql = "SELECT SUM(`add_time`) as `weight` FROM `diagnostics` WHERE `numm` = '" . $order['numm'] . "';";
$exist_defect_weight = $db_rs->one($sql);
if ($exist_defect_weight != '') {
$weight_hours += $exist_defect_weight;
} else {
$weight_hours += 48;
}
}
return array('hours_weight' => $weight_hours, 'numms' => $inj_orders);
}
return 'FAIL';
}
write_log($sql, 'add_new_user');
$db->query($sql);
// База RS;
$sql = "INSERT INTO `users_apps` (`user_name`, `user_full_name`, `dep_id`, `app_id`, `department_boss`, `phone_number`, `telegram_auth`, `telegram_auth_code`, `telegram_id`, `telegram_code`, `google_auth`, `auth_key`, `status`, `type`)\n VALUES ('" . $new_user_login . "', '" . $new_user_fam . " " . $new_user_name . " " . $new_user_otch . "', " . $department_new_selector . ", " . $appointment_new_selector . ", 0, '" . $new_user_phone . "',NULL, NULL, NULL, NULL, 0, NULL, 'used', '" . $type_new_selector . "');";
write_log($sql, 'add_new_user');
$db_rs->query($sql);
echo 'Логин нового пользователя: <b>' . $new_user_login . '</b><br>Пароль нового пользователя: <b>' . $user_password . '</b>';
}
// Передача лоигна другому пользователю;
if (isset($_POST['retake_login']) && $_POST['retake_login'] != '') {
$user_id = $_POST['retake_login'];
$new_user_fam = $_POST['new_user_fam'];
$new_user_name = $_POST['new_user_name'];
$new_user_otch = $_POST['new_user_otch'];
$new_user_phone = $_POST['new_user_phone'];
$user_login = get_user_login($user_id);
// Обновляем в базе serv4;
$sql = "UPDATE `users` SET `fam` = '" . $new_user_fam . "', `name` = '" . $new_user_name . "', `g_name` = '" . $new_user_otch . "', `p_numtel` = '" . $new_user_phone . "' WHERE `login` = '" . $user_login . "';";
$db->query($sql);
// Обновляем в rs;
$sql = "UPDATE `users_apps` SET `user_full_name` = '" . $new_user_fam . " " . $new_user_name . " " . $new_user_otch . "', `phone_number` = '" . $new_user_phone . "' WHERE `id` = '" . $user_id . "';";
$db_rs->query($sql);
$new_password = rand(111111, 999999);
// Теперь обновляем пароль польвазотелю;
$sql = "UPDATE `user` SET `password` = PASSWORD('xfF" . $new_password . "J') WHERE `user` = '" . $user_login . "';";
$db_login->query($sql);
$sql = "flush privileges";
$db_login->query($sql);
echo 'Логин нового пользователя: <b>' . $user_login . '</b><br>Пароль нового пользователя: <b>' . $new_password . '</b>';
}
}
<?php
if (empty($_POST['old_password']) || empty($_POST['new_password1']) || empty($_POST['new_password2'])) {
header('location: change_password_form.php');
} else {
require_once 'lib/flip.php';
session_start();
check_valid_user();
$go_back = '<a href="change_password_form.php" class="menu">Spróbuj ponownie</a>.';
if (user_ok(get_user_login($_SESSION['valid_user_id']), $_POST['old_password']) == -1) {
display_warning('Twoje has³o jest nieprawid³owe! ' . $go_back);
} else {
if ($_POST['new_password1'] != $_POST['new_password2']) {
display_warning('Nowe has³a nie s± identyczne! ' . $go_back);
} else {
if (strlen($_POST['new_password1']) < 3) {
display_warning('Nowe has³o jest za krótkie! ' . $go_back);
} else {
db_connect();
$q = "update users set password=old_password('" . $_POST['new_password1'] . "') where user_id=" . $_SESSION['valid_user_id'];
$r = mysql_query($q);
if (!$r) {
$warning = 'Zmiana has³a zakoñczona niepowodzeniem!';
} else {
$warning = 'Zmiana has³a zakoñczona sukcesem!';
}
display_warning($warning);
}
}
}
}
echo '<tr><td>B³±d bazy danych, spróbuj pó¼niej.</td></tr></table>';
display_document_footer();
exit;
}
echo '<tr><td align="center" class="naglowek">Wybierz u¿ytkownika<hr></td></tr>';
echo '<tr><td><form method="GET" action="' . $_SERVER['PHP_SELF'] . '"><select name="user_id">' . "\n";
foreach ($users as $id => $name) {
echo '<option value="' . $id . '">' . htmlspecialchars($name) . "</option>\n";
}
echo "</select></td></tr>\n";
echo '<tr><td><input type="submit" value="Poka¿"></form></td></tr>';
echo "\n</table>\n";
display_document_footer();
exit;
}
echo '<tr><td align="center" class="naglowek">Dane u¿ytkownika <i>' . htmlspecialchars(get_user_login($_GET['user_id'])) . "</i><hr></td></tr>\n";
$ocp_projects = get_ocp_projects($_GET['user_id']);
echo '<tr><td><table>' . "\n";
echo '<tr><td class="naglowek_maly">U¿ytkownik jest OCPem:</td></tr>' . "\n";
if ($ocp_projects === false) {
echo '<tr><td>B³±d bazy danych, spróbuj pó¼niej.</td></tr>';
} else {
if (empty($ocp_projects)) {
echo "<tr><td>Brak projektów.</td></tr>\n";
} else {
$num_project = 1;
foreach ($ocp_projects as $pid => $name) {
echo '<tr><td>' . $num_project . '. ';
++$num_project;
display_link_to_project($pid);
echo "</td></tr>\n";
$sql = "SELECT `kolvs` FROM `remont` WHERE `numm` = '" . $numm . "';";
$want_kolvs = $db->one($sql);
// Кто хотел отказаться от выполнения заказа;
$sql = "SELECT `kompl` FROM `remont` WHERE `numm` = '" . $numm . "';";
$want_kompl = $db->one($sql);
$sql = "UPDATE `remont` SET `inj` = '" . $want_kolvs . "', `kolvs` = '', `kompl` = '' WHERE `numm` = '" . $numm . "';";
$db->query($sql);
dvj_write($numm, 'Главный инженер подтвердил смену инженера у заказа: ' . get_user_full_name('', $want_kompl) . '->' . get_user_full_name('', $want_kolvs));
echo 'OK';
}
/* Когда главный инженер принудительно меняет инежнера */
if (isset($_POST['full_inj_change']) && $_POST['full_inj_change'] != '') {
$numm = $_POST['full_inj_change'];
$new_inj = $_POST['new_inj'];
// Получаем логин инженера;
$new_inj_login = get_user_login($new_inj);
$new_inj_full_name = get_user_full_name($new_inj);
$current_inj = $systems->get_inj_user_id_in_numm($numm);
$current_inj_full_name = get_user_full_name($current_inj);
$sql = "UPDATE `remont` SET `inj` = '" . $new_inj_login . "', `kolvs` = '', `kompl` = '' WHERE `numm` = '" . $numm . "';";
$db->query($sql);
dvj_write($numm, 'Главный инженер сделал принудительную смену инженера. ' . $current_inj_full_name . ' -> ' . $new_inj_full_name);
echo 'OK';
}
/* Пагинация */
if (isset($_POST['get_pagination_data']) && $_POST['get_pagination_data'] != '') {
// Маркер сессии;
$marker = $_POST['marker'];
// Полный запрос;
$sql = $_SESSION['pagination_' . $marker];
// Номер страницы;
<?php
require_once 'lib/flip.php';
session_start();
check_valid_user();
if (!isset($_POST['subject']) || !isset($_POST['body'])) {
header('location: feedback_form.php');
}
$valid_user_login = get_user_login($_SESSION['valid_user_id']);
$long_subject = date('Y-m-d H:i') . ' ' . $valid_user_login . ': "' . stripslashes($_POST['subject']) . '"';
$long_body = 'U¿ytkownik ' . $valid_user_login . ' przesy³a nastêpuj±c± uwagê:' . "\n----------------------------------\n" . stripslashes($_POST['body']) . "\n----------------------------------\n";
$long_body .= "Aby odpowiedzieæ na t± uwagê, u¿yj opcji 'Odpowied¼' lub napisz na ten adres: " . $valid_user_login . '@aiesec.uni.lodz.pl';
$long_body .= "\n\n\nFLIP";
$headers = "From: FLIP <*****@*****.**>\r\n" . 'Reply-To: ' . $valid_user_login . "@aiesec.uni.lodz.pl\r\n";
if (mail(ADMIN_MAIL, $long_subject, $long_body, $headers)) {
$warning = 'Dziêkujemy! Twoje uwagi zosta³y przyjête.';
} else {
$warning = 'Wys³anie uwag zakoñczone niepowodzeniem!';
}
display_warning($warning);
}
echo "</tr>\n";
foreach (array_keys($_POST['orgs']) as $org_id) {
echo '<tr><td>' . htmlspecialchars(get_org_name($org_id)) . '</td>';
$org_info = get_org_info($org_id);
if (false === $org_info) {
for ($i = 0; $i < $num_info; ++$i) {
echo '<td>-</td>';
}
} else {
reset($info_fields);
for ($i = 0; $i < $num_info; ++$i) {
$field = each($info_fields);
$field = $field[1];
if ($field == 'updater_id') {
$content = htmlspecialchars(get_user_login($org_info[$field]));
} else {
if ($field == 'phone' || $field == 'fax') {
$content = parse_phone_number($org_info[$field]);
} else {
$content = htmlspecialchars($org_info[$field]);
}
}
echo '<td>' . $content . '</td>';
}
}
echo "</tr>\n";
if (isset($_POST['comments'])) {
echo '<tr><td colspan="' . ($num_info + 1) . '" align="left" valign="top" height="50"><i>Uwagi:<i></td></tr>' . "\n";
}
}
group_id,
DATE_FORMAT(updated, '%W %b %d %h:%i %Y') as updated,
DATE_FORMAT(created, '%W %b %d %h:%i %Y') as created
FROM " . T_TICKETS . "
WHERE id IN(" . implode(",", $_SESSION["selected_tickets"]) . ")";
$rows = SQL_select($query);
$i = 1;
foreach($rows as $row)
{
if((int)$row["cc_member_id"]) $applicant = "Consumer ID: <b>" . (int)$row["cc_member_id"] . "</b> ";
if($row["from_email"] != "") $applicant .= "E-mail: <b>" . trim($row["from_email"]) . "</b>";
$applicant_name = "";
if(trim($row["cc_fname"]) != "" || trim($row["cc_lname"]) != "") $applicant_name = " <b>" . ucwords(htmlspecialchars($row["cc_fname"])) . " " . ucwords(htmlspecialchars($row["cc_lname"])) . "</b>";
$xtpl->assign("APPLICANT", "#" . $i . ": " . $applicant . $applicant_name . "</br>");
$xtpl->parse("main.update.group_tickets.group_ticket_info");
$xtpl->assign("TICKET_INFO", "#" . $i . ": " . "Owner: <strong>" . get_user_login($row["user_id"]) . "</strong> Queue: <strong>" . get_queue_name($row["group_id"]) . "</strong> Status: <strong>" . $row["status"] . "</strong><br>");
$i++;
$xtpl->parse("main.update.group_tickets.group_ticket_info1");
}
$xtpl->parse("main.update.group_tickets");
get_group_operations($xtpl, "main.update", "form1", 0, 0);
$type_message = array("comment"=>"Add comments", "reply"=>"Send answer");
$xtpl->assign("TYPE_MESSAGE", get_drop_down_list($type_message, "message_status"));
$xtpl->assign("MESSAGE_STATUS", $_REQUEST["message_status"]);
if($template > 0) $xtpl->assign("MESSAGE", get_template($template, 0, 0));
}
$query = "SELECT id, name FROM " . T_TEMPLATES . "
WHERE template_website='" . $_SESSION['website_url'] . "'";
function get_project_involved($project_id)
{
db_connect();
$involved = array();
$ocp_id = get_project_ocp($project_id);
$involved[$ocp_id] = get_user_login($ocp_id);
$q = 'select oc_member_id from oc where project_id=' . $project_id;
$r = mysql_query($q);
while ($row = mysql_fetch_array($r)) {
$involved[$row['oc_member_id']] = get_user_login($row['oc_member_id']);
}
return $involved;
}
