?>
</fieldset>
</form>
<?php
// Now the custom HTML
echo "<div id=\"custom_html\">\n";
// no htmlspecialchars() because we want the HTML!
echo !empty($row['custom_html']) ? $row['custom_html'] . "\n" : "";
echo "</div>\n";
}
// THE AREA FORM
if (isset($change_area) && !empty($area)) {
// Only admins can see this form
if (!$is_admin) {
showAccessDenied($day, $month, $year, $area, "");
exit;
}
// Get the details for this area
$res = sql_query("SELECT * FROM {$tbl_area} WHERE id={$area} LIMIT 1");
if (!$res) {
fatal_error(0, get_vocab("error_area") . $area . get_vocab("not_found"));
}
$row = sql_row_keyed($res, 0);
sql_free($res);
// Get the settings for this area, from the database if they are there, otherwise from
// the config file. A little bit inefficient repeating the SQL query
// we've just done, but it makes the code simpler and this page is not used very often.
get_area_settings($area);
echo "<form class=\"form_general\" id=\"edit_area\" action=\"edit_area_room.php\" method=\"post\">\n";
echo "<fieldset class=\"admin\">\n";
/* Success. Redirect to the user list, to remove the form args */
Header("Location: edit_users.php");
}
}
/*---------------------------------------------------------------------------*\
| Delete a user |
\*---------------------------------------------------------------------------*/
if (isset($Action) && $Action == "Delete") {
$target_level = sql_query1("SELECT level FROM {$tbl_users} WHERE id={$Id} LIMIT 1");
if ($target_level < 0) {
fatal_error(TRUE, "Fatal error while deleting a user");
}
// you can't delete a user if you're not some kind of admin, and then you can't
// delete someone higher than you
if ($level < $min_user_editing_level || $level < $target_level) {
showAccessDenied(0, 0, 0, "", "");
exit;
}
$r = sql_command("delete from {$tbl_users} where id={$Id};");
if ($r == -1) {
print_header(0, 0, 0, "", "");
// This is unlikely to happen in normal operation. Do not translate.
print "<form class=\"edit_users_error\" method=\"post\" action=\"" . htmlspecialchars(basename($PHP_SELF)) . "\">\n";
print " <fieldset>\n";
print " <legend></legend>\n";
print " <p class=\"error\">Error deleting entry {$Id} from the {$tbl_users} table.</p>\n";
print " <p class=\"error\">" . sql_error() . "</p>\n";
print " <input type=\"submit\" value=\" " . get_vocab("ok") . " \">\n";
print " </fieldset>\n";
print "</form>\n";
// Print footer and exit
echo '<h2>' . _h('Users not in this group') . '</h2>';
echo '<table class="prettytable">' . chr(10);
foreach ($all_users as $user_id => $user_name) {
echo '<tr><td><a href="user.php?user_id=' . $user_id . '">' . $user_name . '</a>';
echo '</td><td>';
if ($login['user_access_useredit']) {
echo '<a href="admin_group.php?gid=' . $gid . '&group_add_user='******'">' . _h('Add user to group') . '</a>';
}
echo '</td></tr>' . chr(10);
}
echo '</table>' . chr(10);
}
} elseif (isset($_POST['add'])) {
// Adding
if (!$login['user_access_useredit']) {
showAccessDenied($day, $month, $year, $area, true);
exit;
}
// Checking input
$add = slashes(htmlspecialchars(strip_tags($_POST['add']), ENT_QUOTES));
mysql_query("INSERT INTO `groups` ( `group_id` , `user_ids` , `group_name` ) VALUES ('', '', '" . $add . "');");
header("Location: admin_group.php");
exit;
} else {
include "include/admin_middel.php";
echo '<h1>' . __('Usergroups') . '</h1>';
// Add
echo '<form action="admin_group.php" method="post">' . chr(10);
echo '<b>' . __('Add group') . '</b><br>' . chr(10);
if ($login['user_access_useredit']) {
echo '<input type="text" name="add"><br>' . chr(10);
</form>
</body>
</html>
<?php
die;
}
$back = '';
if (isset($_SERVER['HTTP_REFERER'])) {
$back = htmlspecialchars($_SERVER['HTTP_REFERER']);
}
if (isset($sso_restrictions) && $sso_restrictions == true) {
showAccessDenied($back);
exit;
}
if (authGetUserLevel(getUserName(), -1) < 6 && $valid != 'yes') {
showAccessDenied($back);
exit;
}
if ($valid == 'no') {
print_header("", "", "", $type = "with_session");
// Affichage de la colonne de gauche
include "admin_col_gauche.php";
} else {
?>
<!doctype html>
<html>
<head>
<link rel="stylesheet" href="style.css" type="text/css">
<link rel="shortcut icon" href="favicon.ico">
<title> grr </title>
</head>
</div>
</form>
</body>
</html>
<?php
die();
};
$back = '';
if (isset($_SERVER['HTTP_REFERER'])) $back = grr_htmlSpecialChars($_SERVER['HTTP_REFERER']);
if ((authGetUserLevel(getUserName(),-1) < 6) and ($valid != 'yes'))
{
$day = date("d");
$month = date("m");
$year = date("Y");
showAccessDenied($day, $month, $year, $area,$back);
exit();
}
if ($valid == 'no') {
# print the page header
print_header("","","","",$type="with_session", $page="admin");
// Affichage de la colonne de gauche
include "admin_col_gauche.php";
} else {
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Strict//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" content="text/html; charset=<?php
if ($unicode_encoding)
*
*/
include "include/admin.inc.php";
$grr_script_name = "admin_confirm_change_date_bookings.php";
$back = '';
if (isset($_SERVER['HTTP_REFERER'])) $back = grr_htmlSpecialChars($_SERVER['HTTP_REFERER']);
unset($display);
$display = isset($_GET["display"]) ? $_GET["display"] : NULL;
if(authGetUserLevel(getUserName(),-1) < 6)
{
$day = date("d");
$month = date("m");
$year = date("Y");
showAccessDenied($day, $month, $year, '',$back);
exit();
}
if (isset($_GET['valid']) and ($_GET['valid'] == "yes")) {
if (!saveSetting("begin_bookings", $_GET['begin_bookings'])) {
echo "Erreur lors de l'enregistrement de begin_bookings !<br />";
} else {
$del = grr_sql_query("DELETE FROM ".TABLE_PREFIX."_entry WHERE (end_time < ".getSettingValue('begin_bookings').")");
$del = grr_sql_query("DELETE FROM ".TABLE_PREFIX."_repeat WHERE end_date < ".getSettingValue("begin_bookings"));
$del = grr_sql_query("DELETE FROM ".TABLE_PREFIX."_entry_moderate WHERE (end_time < ".getSettingValue('begin_bookings').")");
$del = grr_sql_query("DELETE FROM ".TABLE_PREFIX."_calendar WHERE DAY < ".getSettingValue("begin_bookings"));
}
if (!saveSetting("end_bookings", $_GET['end_bookings'])) {
echo "Erreur lors de l'enregistrement de end_bookings !<br />";
} else {
$returl .= "?year={$year}&month={$month}&day={$day}";
// If the old sticky room is one of the rooms requested for booking, then don't change the sticky room.
// Otherwise change the sticky room to be one of the new rooms.
if (!in_array($room, $rooms)) {
$room = $rooms[0];
}
// Find the corresponding area
$area = mrbsGetRoomArea($room);
// Complete the query string
$returl .= "&area={$area}&room={$room}";
// Check to see whether this is a repeat booking and if so, whether the user
// is allowed to make/edit repeat bookings. (The edit_entry form should
// prevent you ever getting here, but this check is here as a safeguard in
// case someone has spoofed the HTML)
if (isset($rep_type) && $rep_type != REP_NONE && !$is_admin && !empty($auth['only_admin_can_book_repeat'])) {
showAccessDenied($day, $month, $year, $area, isset($room) ? $room : "");
exit;
}
// (4) Assemble the booking data
// -----------------------------
// Assemble an array of bookings, one for each room
$bookings = array();
foreach ($rooms as $room_id) {
$booking = array();
$booking['create_by'] = $create_by;
$booking['name'] = $name;
$booking['type'] = $type;
$booking['description'] = $description;
$booking['room_id'] = $room_id;
$booking['start_time'] = $starttime;
$booking['end_time'] = $endtime;
/**
* Fonction de verification d'access
* @param int $level
*/
function check_access($level, $back)
{
if (authGetUserLevel(getUserName(), -1, 'area') < $level) {
showAccessDenied($back);
exit;
}
}
$use_site : 'y' (fonctionnalité multisite activée) ou 'n' (fonctionnalité multisite désactivée)
$id_site : l'identifiant du site
$default_area : domaine par défaut
$default_room : ressource par défaut
$session_login : identifiant
$type : 'ressource'-> on actualise la liste des ressources
'domaine'-> on actualise la liste des domaines
$action : 1-> on actualise la liste des ressources
2-> on vide la liste des ressouces
*/
include "include/admin.inc.php";
if ((authGetUserLevel(getUserName(),-1) < 1))
{
showAccessDenied("","","","","");
exit();
}
/*
* Actualiser la liste des domaines
*/
if ($_GET['type']=="domaine") {
// Initialisation
if (isset($_GET["id_site"])) {
$id_site = $_GET["id_site"];
settype($id_site,"integer");
} else die();
if (isset($_GET["default_area"])) {
$default_area = $_GET["default_area"];
settype($default_area,"integer");
include "include/resume_session.php";
// Paramètres langage
include "include/language.inc.php";
$id_room = isset($_GET["id_room"]) ? $_GET["id_room"] : NULL;
if (isset($id_room)) {
settype($id_room, "integer");
} else {
$print = "all";
}
if (Settings::get("authentification_obli") == 0 && getUserName() == '') {
$type_session = "no_session";
} else {
$type_session = "with_session";
}
if (authGetUserLevel(getUserName(), -1) < 1 && Settings::get("authentification_obli") == 1 || !verif_acces_ressource(getUserName(), $id_room)) {
showAccessDenied('');
exit;
}
echo begin_page(get_vocab("mrbs") . get_vocab("deux_points") . Settings::get("company"));
$res = grr_sql_query("SELECT * FROM " . TABLE_PREFIX . "_room WHERE id={$id_room}");
if (!$res) {
fatal_error(0, get_vocab('error_room') . $id_room . get_vocab('not_found'));
}
$row = grr_sql_row_keyed($res, 0);
grr_sql_free($res);
echo "<h3 style=\"text-align:center;\">";
echo get_vocab("room") . get_vocab("deux_points") . " " . htmlspecialchars($row["room_name"]);
$id_area = mrbsGetRoomArea($id_room);
$area_name = grr_sql_query1("select area_name from " . TABLE_PREFIX . "_area where id='" . $id_area . "'");
$area_access = grr_sql_query1("select access from " . TABLE_PREFIX . "_area where id='" . $id_area . "'");
echo "<br />(" . $area_name;
if ((getSettingValue("authentification_obli")==0) and (getUserName()=='')) {
$type_session = "no_session";
} else {
$type_session = "with_session";
}
$id_room = isset($_GET["id_room"]) ? $_GET["id_room"] : NULL;
if (isset($id_room)) settype($id_room,"integer");
if ((authGetUserLevel(getUserName(),$id_room) < 4) or (!verif_acces_ressource(getUserName(), $id_room)))
{
$day = date("d");
$month = date("m");
$year = date("Y");
showAccessDenied($day, $month, $year, '','');
exit();
}
echo begin_page(getSettingValue("company").get_vocab("deux_points").get_vocab("mrbs"));
$res = grr_sql_query("SELECT * FROM ".TABLE_PREFIX."_room WHERE id=$id_room");
if (! $res) fatal_error(0, get_vocab('error_room') . $id_room . get_vocab('not_found'));
$row = grr_sql_row_keyed($res, 0);
grr_sql_free($res);
?>
<h3 style="text-align:center;"><?php echo get_vocab("room").get_vocab("deux_points")." ".grr_htmlSpecialChars($row["room_name"]);
$id_area = mrbsGetRoomArea($id_room);
$area_name = grr_sql_query1("select area_name from ".TABLE_PREFIX."_area where id='".$id_area."'");
function needAuthType($auth_type)
{
/* called when a page need authenticated user with type $auth_type
print an access denied message and exit when user is not authenticated with that
auth_type
*/
if ($this->auth_type != $auth_type) {
showAccessDenied($auth_type);
}
}
if (check_begin_end_bookings($day, $from_month, $from_year))
{
showNoBookings($day, $from_month, $from_year, $area,$back,$type_session);
exit();
}
if((authGetUserLevel(getUserName(),-1) < 1) and (getSettingValue("authentification_obli")==1))
{
showAccessDenied($day, $from_month, $from_year, $area,$back);
exit();
}
if(authUserAccesArea(getUserName(), $area)==0)
{
showAccessDenied($day, $from_month, $from_year, $area,$back);
exit();
}
# 3-value compare: Returns result of compare as "< " "= " or "> ".
function cmp3($a, $b)
{
if ($a < $b) return "< ";
if ($a == $b) return "= ";
return "> ";
}
// On vérifie une fois par jour si le délai de confirmation des réservations est dépassé
// Si oui, les réservations concernées sont supprimées et un mail automatique est envoyé.
// On vérifie une fois par jour que les ressources ont été rendue en fin de réservation
// Si non, une notification email est envoyée
