/**
* Fonction permettant de quitter en staff sur un événement
* @global type $pdo
*/
function event_goout()
{
global $pdo;
$sql = $pdo->prepare('DELETE FROM event_staff WHERE est_user = ? AND est_event = ? AND est_section = ?');
if (!isset($_GET['user']) || !hasAcl(ACL_SUPERUSER)) {
$sql->bindValue(1, $_SESSION['user']['user_id']);
} else {
$sql->bindValue(1, $_GET['user']['user_id']);
}
$sql->bindValue(2, $_GET['event']);
$sql->bindValue(3, $_GET['section']);
$sql->execute();
modexec('event', 'staff');
}
/**
* Modification du profil utilisateur
* @global type $tpl
*/
function index_profile()
{
global $tpl, $srcdir, $pdo;
$mdl = new Modele('users');
$mdl->fetch($_SESSION['user']['user_id']);
if (isset($_POST['edit'])) {
$tpl->assign('hsuccess', $mdl->modFrom($_POST));
}
if (isset($_POST['editpass'])) {
if ($_POST['pwd1'] == '' || $_POST['oldpass'] != md5($_SESSION['user']['user_pass'] . $_SESSION['random'])) {
$tpl->assign('hsuccess', false);
} else {
$tpl->assign('hsuccess', $mdl->modFrom(array('user_pass' => $_POST['pwd1']), false));
}
}
$mdt = new Modele('mandate');
if ($mdt->find('`mandate_start` < now() and `mandate_end` > now()')) {
while ($line = $mdt->next()) {
$tpl->append('mandate', $line);
}
}
$mdtu = $pdo->prepare('SELECT * FROM user_mandate LEFT JOIN mandate ON um_mandate = mandate_id WHERE um_user = ? ORDER BY `mandate_end` DESC');
$mdtu->bindValue(1, $_SESSION['user']['user_id']);
$mdtu->execute();
while ($line = $mdtu->fetch()) {
$tpl->append('usr_mandate', $line);
}
$_SESSION['random'] = md5(uniqid('epicenote'));
$tpl->assign('random', $_SESSION['random']);
$tpl->assign('isMember', hasAcl(ACL_USER));
$tpl->assign('form', $mdl->edit());
$mdl = new Modele('card');
$mdl->find(array('card_user' => $_SESSION['user']['user_id']));
$l = $mdl->next();
if (!$l) {
$tpl->assign('cards', false);
}
while ($l) {
$o = new Modele('card');
$o->fetch($mdl->card_id);
$tpl->append('cards', $o);
$l = $mdl->next();
}
//GoogleAuthentificator
require_once $srcdir . '/libs/GoogleAuthenticator/GoogleAuthenticator.php';
$api = new GoogleAuthenticator();
$_SESSION['user']['GoogleAuthenticator'] = $api->generateSecret();
$tpl->assign('GoogleAuth', $api);
//FIN GoogleAuthentificator
display();
}
function developer_log()
{
global $pdo, $tpl;
if (hasAcl(ACL_SUPERUSER)) {
$sql = $pdo->query('SELECT * FROM api_tokens LEFT JOIN users ON user_id = at_user LEFT JOIN api_clients ON at_client = ac_id WHERE at_type = \'ACCESS\' ORDER BY at_start DESC LIMIT 50');
} else {
$sql = $pdo->prepare('SELECT * FROM api_tokens LEFT JOIN users ON user_id = at_user LEFT JOIN api_clients ON at_client = ac_id WHERE ac_owner = 1 AND at_type = \'ACCESS\' ORDER BY at_start DESC LIMIT 50');
$sql->bindValue(1, $_SESSION['user']['user_id']);
$sql->execute();
}
while ($line = $sql->fetch()) {
$tpl->append('logs', $line);
}
display();
}
function ftp_add()
{
global $tpl, $pdo;
$grp = new Modele('sections');
$grp->find();
while ($grp->next()) {
if (hasAcl(ACL_ADMINISTRATOR) || isset($_SESSION['user']['sections'][$grp->section_id]) && $_SESSION['user']['sections'][$grp->section_id]['us_type'] == 'manager') {
$tpl->append('groups', $grp->toArray());
}
}
if (isset($_POST['user'])) {
$sqlUsr = $pdo->prepare('SELECT * FROM users WHERE user_name LIKE ?');
$sqlUsr->bindValue(1, $_POST['member']);
$sqlUsr->execute();
if ($sqlUsr->rowCount() == 0) {
$tpl->assign('error', 'Utilisateur INTRA introuveable.');
display();
} elseif (!hasAcl(ACL_ADMINISTRATOR) && (!isset($_SESSION['user']['sections'][$_POST['section']]) || $_SESSION['user']['sections'][$_POST['section']]['us_type'] != 'manager')) {
$tpl->assign('error', 'Groupe introuveable.');
display();
} elseif (strlen($_POST['pass']) < 8) {
$tpl->assign('error', 'Le mot de passe doit faire au moins 8 caractères.');
display();
} else {
$add = new Modele('ftp_users');
$user = $sqlUsr->fetch();
$tpl->assign('hsuccess', $add->addFrom(array('fu_user' => 'toy_' . $_POST['user'], 'fu_pass' => $_POST['pass'], 'fu_section' => $_POST['section'], 'fu_member' => $user['user_id'], 'fu_path' => '/home/ftp/toyunda/timeurs/')));
$usr = escapeshellarg($_POST['user']);
$pwd = escapeshellarg($_POST['pass']);
_ftp_exec("sudo /opt/scripts/adduser.sh {$usr} {$pwd}");
display();
}
}
display();
}
function modFrom($data, $secure = true)
{
global $pdo;
$sql = 'UPDATE ' . $this->desc['name'] . ' SET ';
$nbVals = 0;
$values = array();
foreach ($this->desc['fields'] as $name => $desc) {
if ($desc['type'] == 'auto_int') {
continue;
}
if (!$secure && $desc['type'] == 'file') {
continue;
}
if (!isset($data[$name])) {
continue;
}
if ($desc['type'] == 'file' && !is_resource($data[$name])) {
continue;
}
if ($secure && !$this->hasRight($name)) {
continue;
}
if (!hasAcl(ACL_ADMINISTRATOR) && isset($desc['readonly']) && $desc['readonly'] != 'false') {
continue;
}
if ($data[$name] == '' && isset($desc['default'])) {
$data[$name] = $desc['default'];
} elseif (!isset($data[$name])) {
continue;
}
if ($nbVals != 0) {
$sql .= ', ';
}
$this->instance[$name] = $data[$name];
$sql .= '`' . $name . '` = ?';
$values[] = array('val' => $data[$name], 'type' => $desc['type']);
$nbVals++;
}
$sql .= ' WHERE ' . $this->desc['key'] . ' = ?';
$stmt = $pdo->prepare($sql);
foreach ($values as $index => $val) {
if ($val['type'] == 'file') {
$stmt->bindValue($index + 1, $val['val'], PDO::PARAM_LOB);
} else {
$stmt->bindValue($index + 1, $val['val']);
}
}
$stmt->bindValue($nbVals + 1, $this->getKey());
$result = $stmt->execute();
return $result;
}
/**
* Créé un item de menu
*
* @param type $item tableau d'items
* @param type $level niveau du menu
* @return string HTML
*/
function mkmenuItem($item, $level = 0)
{
$txt = "";
if (isset($item['sub'])) {
$stxt = '';
$txt = '<li class="dropdown">
<a href="#" data-toggle="dropdown" class="dropdown-toggle">' . $item['label'] . '
<b class="caret"></b></a>
<ul class="dropdown-menu">';
foreach ($item['sub'] as $sub) {
$stxt .= mkmenuItem($sub, $level + 1);
}
if (strlen($stxt) == 0) {
return "";
}
$txt .= $stxt;
$txt .= '</ul></li>';
} else {
$opts = array();
$action = 'index';
$page = 'index';
if (is_string($item['url'])) {
$action = $item['url'];
} else {
if (isset($item['url']['action'])) {
$action = $item['url']['action'];
}
if (isset($item['url']['page'])) {
$page = $item['url']['page'];
}
$opts = $item['url'];
unset($opts['action']);
unset($opts['page']);
}
$url = mkurl($action, $page, $opts);
$need = getAclLevel($action, $page);
$acl = hasAcl($need, $action, $page, $opts);
if ($acl) {
$txt = '<li><a href="' . $url . '">' . $item['label'] . '</a></li>';
}
}
return $txt;
}
