/** * Fonction permettant de quitter en staff sur un événement * @global type $pdo */ function event_goout() { global $pdo; $sql = $pdo->prepare('DELETE FROM event_staff WHERE est_user = ? AND est_event = ? AND est_section = ?'); if (!isset($_GET['user']) || !hasAcl(ACL_SUPERUSER)) { $sql->bindValue(1, $_SESSION['user']['user_id']); } else { $sql->bindValue(1, $_GET['user']['user_id']); } $sql->bindValue(2, $_GET['event']); $sql->bindValue(3, $_GET['section']); $sql->execute(); modexec('event', 'staff'); }
/** * Modification du profil utilisateur * @global type $tpl */ function index_profile() { global $tpl, $srcdir, $pdo; $mdl = new Modele('users'); $mdl->fetch($_SESSION['user']['user_id']); if (isset($_POST['edit'])) { $tpl->assign('hsuccess', $mdl->modFrom($_POST)); } if (isset($_POST['editpass'])) { if ($_POST['pwd1'] == '' || $_POST['oldpass'] != md5($_SESSION['user']['user_pass'] . $_SESSION['random'])) { $tpl->assign('hsuccess', false); } else { $tpl->assign('hsuccess', $mdl->modFrom(array('user_pass' => $_POST['pwd1']), false)); } } $mdt = new Modele('mandate'); if ($mdt->find('`mandate_start` < now() and `mandate_end` > now()')) { while ($line = $mdt->next()) { $tpl->append('mandate', $line); } } $mdtu = $pdo->prepare('SELECT * FROM user_mandate LEFT JOIN mandate ON um_mandate = mandate_id WHERE um_user = ? ORDER BY `mandate_end` DESC'); $mdtu->bindValue(1, $_SESSION['user']['user_id']); $mdtu->execute(); while ($line = $mdtu->fetch()) { $tpl->append('usr_mandate', $line); } $_SESSION['random'] = md5(uniqid('epicenote')); $tpl->assign('random', $_SESSION['random']); $tpl->assign('isMember', hasAcl(ACL_USER)); $tpl->assign('form', $mdl->edit()); $mdl = new Modele('card'); $mdl->find(array('card_user' => $_SESSION['user']['user_id'])); $l = $mdl->next(); if (!$l) { $tpl->assign('cards', false); } while ($l) { $o = new Modele('card'); $o->fetch($mdl->card_id); $tpl->append('cards', $o); $l = $mdl->next(); } //GoogleAuthentificator require_once $srcdir . '/libs/GoogleAuthenticator/GoogleAuthenticator.php'; $api = new GoogleAuthenticator(); $_SESSION['user']['GoogleAuthenticator'] = $api->generateSecret(); $tpl->assign('GoogleAuth', $api); //FIN GoogleAuthentificator display(); }
function developer_log() { global $pdo, $tpl; if (hasAcl(ACL_SUPERUSER)) { $sql = $pdo->query('SELECT * FROM api_tokens LEFT JOIN users ON user_id = at_user LEFT JOIN api_clients ON at_client = ac_id WHERE at_type = \'ACCESS\' ORDER BY at_start DESC LIMIT 50'); } else { $sql = $pdo->prepare('SELECT * FROM api_tokens LEFT JOIN users ON user_id = at_user LEFT JOIN api_clients ON at_client = ac_id WHERE ac_owner = 1 AND at_type = \'ACCESS\' ORDER BY at_start DESC LIMIT 50'); $sql->bindValue(1, $_SESSION['user']['user_id']); $sql->execute(); } while ($line = $sql->fetch()) { $tpl->append('logs', $line); } display(); }
function ftp_add() { global $tpl, $pdo; $grp = new Modele('sections'); $grp->find(); while ($grp->next()) { if (hasAcl(ACL_ADMINISTRATOR) || isset($_SESSION['user']['sections'][$grp->section_id]) && $_SESSION['user']['sections'][$grp->section_id]['us_type'] == 'manager') { $tpl->append('groups', $grp->toArray()); } } if (isset($_POST['user'])) { $sqlUsr = $pdo->prepare('SELECT * FROM users WHERE user_name LIKE ?'); $sqlUsr->bindValue(1, $_POST['member']); $sqlUsr->execute(); if ($sqlUsr->rowCount() == 0) { $tpl->assign('error', 'Utilisateur INTRA introuveable.'); display(); } elseif (!hasAcl(ACL_ADMINISTRATOR) && (!isset($_SESSION['user']['sections'][$_POST['section']]) || $_SESSION['user']['sections'][$_POST['section']]['us_type'] != 'manager')) { $tpl->assign('error', 'Groupe introuveable.'); display(); } elseif (strlen($_POST['pass']) < 8) { $tpl->assign('error', 'Le mot de passe doit faire au moins 8 caractères.'); display(); } else { $add = new Modele('ftp_users'); $user = $sqlUsr->fetch(); $tpl->assign('hsuccess', $add->addFrom(array('fu_user' => 'toy_' . $_POST['user'], 'fu_pass' => $_POST['pass'], 'fu_section' => $_POST['section'], 'fu_member' => $user['user_id'], 'fu_path' => '/home/ftp/toyunda/timeurs/'))); $usr = escapeshellarg($_POST['user']); $pwd = escapeshellarg($_POST['pass']); _ftp_exec("sudo /opt/scripts/adduser.sh {$usr} {$pwd}"); display(); } } display(); }
function modFrom($data, $secure = true) { global $pdo; $sql = 'UPDATE ' . $this->desc['name'] . ' SET '; $nbVals = 0; $values = array(); foreach ($this->desc['fields'] as $name => $desc) { if ($desc['type'] == 'auto_int') { continue; } if (!$secure && $desc['type'] == 'file') { continue; } if (!isset($data[$name])) { continue; } if ($desc['type'] == 'file' && !is_resource($data[$name])) { continue; } if ($secure && !$this->hasRight($name)) { continue; } if (!hasAcl(ACL_ADMINISTRATOR) && isset($desc['readonly']) && $desc['readonly'] != 'false') { continue; } if ($data[$name] == '' && isset($desc['default'])) { $data[$name] = $desc['default']; } elseif (!isset($data[$name])) { continue; } if ($nbVals != 0) { $sql .= ', '; } $this->instance[$name] = $data[$name]; $sql .= '`' . $name . '` = ?'; $values[] = array('val' => $data[$name], 'type' => $desc['type']); $nbVals++; } $sql .= ' WHERE ' . $this->desc['key'] . ' = ?'; $stmt = $pdo->prepare($sql); foreach ($values as $index => $val) { if ($val['type'] == 'file') { $stmt->bindValue($index + 1, $val['val'], PDO::PARAM_LOB); } else { $stmt->bindValue($index + 1, $val['val']); } } $stmt->bindValue($nbVals + 1, $this->getKey()); $result = $stmt->execute(); return $result; }
/** * Créé un item de menu * * @param type $item tableau d'items * @param type $level niveau du menu * @return string HTML */ function mkmenuItem($item, $level = 0) { $txt = ""; if (isset($item['sub'])) { $stxt = ''; $txt = '<li class="dropdown"> <a href="#" data-toggle="dropdown" class="dropdown-toggle">' . $item['label'] . ' <b class="caret"></b></a> <ul class="dropdown-menu">'; foreach ($item['sub'] as $sub) { $stxt .= mkmenuItem($sub, $level + 1); } if (strlen($stxt) == 0) { return ""; } $txt .= $stxt; $txt .= '</ul></li>'; } else { $opts = array(); $action = 'index'; $page = 'index'; if (is_string($item['url'])) { $action = $item['url']; } else { if (isset($item['url']['action'])) { $action = $item['url']['action']; } if (isset($item['url']['page'])) { $page = $item['url']['page']; } $opts = $item['url']; unset($opts['action']); unset($opts['page']); } $url = mkurl($action, $page, $opts); $need = getAclLevel($action, $page); $acl = hasAcl($need, $action, $page, $opts); if ($acl) { $txt = '<li><a href="' . $url . '">' . $item['label'] . '</a></li>'; } } return $txt; }