function is_prof($login, $matiere)
{
$test = sql_query1("select count(id_professeur) from j_professeurs_matieres where id_professeur = '" . $login . "' and id_matiere = '" . $matiere . "'");
if ($test > 0) {
return true;
} else {
return false;
}
}
function __construct($screen_id)
{
if (!is_numeric($screen_id)) {
return false;
}
$sql = "SELECT COUNT(id) FROM screen WHERE id = {$screen_id};";
if (sql_query1($sql)) {
$this->screen_id = $screen_id;
}
}
function indexAction()
{
//Find feeds with active, approved graphical content
$this->feeds = Feed::list_all_by_type('WHERE feed.type != 3 AND type.id = 3
AND feed_content.moderation_flag = 1
AND content.start_time <= NOW() AND content.end_time >= NOW() AND content.mime_type LIKE "%image%"');
$this->content_count = array();
foreach ($this->feeds as $id => $feed) {
$sql = "SELECT COUNT(content.id) FROM feed_content\n LEFT JOIN content ON feed_content.content_id = content.id\n WHERE feed_content.feed_id = {$id} AND feed_content.moderation_flag = 1\n AND content.start_time <= NOW() AND content.end_time >= NOW() AND content.mime_type LIKE '%image%'\n GROUP BY feed_content.feed_id";
$this->feeds[$id]['count'] = sql_query1($sql);
}
}
function showAction()
{
list($this->category) = sql_select('page_category', array('page_category.*', 'page.name as default_page_name'), null, 'LEFT JOIN page on page.id = default_page ' . 'WHERE page_category.id = ' . $this->args[1]);
$sql = 'SELECT COUNT(page.id) FROM page WHERE page_category_id=' . $this->category['id'];
$this->count = sql_query1($sql);
if ($this->count < 0) {
$this->count = 0;
}
if (!$this->category) {
$this->flash('Category not found', 'error');
redirect_to(ADMIN_URL . "/page_categories");
}
$this->setSubject($this->category['name']);
$this->setTitle($this->category['name']);
}
function showAction()
{
$this->feed = new Feed($this->args[1]);
if (!$this->feed) {
$this->flash('Feed not found', 'error');
redirect_to(ADMIN_URL . "/feeds");
}
$this->group = new Group($this->feed->group_id);
$sql = "SELECT COUNT(content.id) FROM feed_content\n LEFT JOIN content ON feed_content.content_id = content.id\n WHERE feed_content.feed_id = {$this->feed->id}\n AND moderation_flag = 1\n AND content.end_time > NOW()\n GROUP BY feed_content.feed_id;";
$this->active_content = sql_query1($sql);
if ($this->active_content < 0) {
$this->active_content = 0;
}
$sql = "SELECT COUNT(content.id) FROM feed_content\n LEFT JOIN content ON feed_content.content_id = content.id\n WHERE feed_content.feed_id = {$this->feed->id}\n AND moderation_flag = 1\n AND content.end_time < NOW()\n GROUP BY feed_content.feed_id;";
$this->expired_content = sql_query1($sql);
if ($this->expired_content < 0) {
$this->expired_content = 0;
}
$this->setSubject($this->feed->name);
$this->setTitle($this->feed->name);
}
function Header()
{
$bord = 0;
//Police DejaVu gras 15
//$this->Image("../images/logo.gif", 0, 0, 50, 50);
$nom = $_SESSION['prenom'] . " " . $_SESSION['nom'];
if ($_SESSION['statut'] != "professeur") {
$user_statut = $_SESSION['statut'];
} else {
$nom_complet_matiere = sql_query1("select nom_complet from matieres where matiere = '" . $_SESSION['matiere'] . "'");
if ($nom_complet_matiere != '-1') {
$user_statut = "professeur de " . $nom_complet_matiere;
} else {
$user_statut = "Invité";
}
}
$etab_text = getSettingValue("gepiSchoolName") . " - année scolaire " . getSettingValue("gepiYear");
$gepi_text = "GEPI - Solution libre de Gestion des élèves par Internet";
$this->SetFont('DejaVu', '', 8);
//Calcul de la largeur des cellules
$l = (LargeurPage - LeftMargin - LeftMargin) / 2;
// on sauvegarde la position courante
$x = $this->GetX();
$y = $this->GetY();
// on imprime du texte à gauche
//$this->MultiCell($l, 5, $gepi_text,$bord, "L",0);
$this->MultiCell($l, 5, $gepi_text, $bord, "L", 0);
// déplace le curseur
$this->SetXY($x + $l, $y);
// on imprime du texte à droite
//$this->MultiCell($l, 5, $etab_text,$bord, "R",0);
$this->MultiCell($l, 5, $etab_text, $bord, "R", 0);
$this->MultiCell($l, 5, $nom . " - " . $user_statut, $bord, "L", 0);
// on trace un trait horizontal
$this->cell(0, 2, "", "T", 0);
// Saut de ligne et retour à la marge
$this->ln();
//Saut de ligne
}
echo " | <a href='param_bull.php'>Paramétrage des bulletins</a>";
}
if (acces("/bulletin/verif_bulletins.php", $_SESSION['statut'])) {
echo " | <a href='verif_bulletins.php' title=\"Vérifier le remplissage des bulletins.\">Vérification bulletins</a>";
}
if (acces("/classes/dates_classes.php", $_SESSION['statut'])) {
echo "| <a href='../classes/dates_classes.php' title=\"Définir des événements particuliers pour les classes (conseils de classe, arrêt des notes,...).\">Événements classe</a>";
}
echo "</p>\n";
$texte_deverrouiller = urlencode("Déverrouiller");
$texte_verrouiller_part = urlencode("Verrouiller part.");
$texte_verrouiller_tot = urlencode("Verrouiller tot.");
// si la classe et la période sont définies (on vient de verif_bulletiin.php)
if (!($classe != 0 and $periode != 0)) {
// On va chercher les classes déjà existantes, et on les affiche.
$max_per = sql_query1("SELECT num_periode FROM periodes ORDER BY num_periode DESC LIMIT 1");
//$calldata = sql_query("SELECT DISTINCT c.id, c.classe FROM classes c, periodes p WHERE p.id_classe = c.id ORDER BY classe");
$calldata = mysqli_query($GLOBALS["mysqli"], "SELECT DISTINCT c.id, c.classe FROM classes c, periodes p, j_scol_classes jsc WHERE p.id_classe = c.id AND jsc.id_classe=c.id AND jsc.login='******'login'] . "' ORDER BY classe");
$nombreligne = sql_count($calldata);
echo "Total : {$nombreligne} classes\n";
}
echo "<ul>\n<li>Lorsqu'une période est <b>déverrouillée</b>, le remplissage de toutes les rubriques (notes, appréciations, avis) est autorisé, la visualisation des\nbulletins simples est autorisée mais la visualisation et l'impression des bulletins officiels sont impossibles.<br /><br /></li>\n<li>Lorsqu'une période est <b>verrouillée partiellement</b>, seuls le remplissage et/ou la modification\nde l'avis du conseil de classe";
if ($gepiSettings['active_mod_ects'] == 'y') {
echo " et des crédits ECTS ";
}
echo " sont possibles. La visualisation et l'impression des bulletins officiels sont autorisées.<br /><br /></li>\n<li>Lorsqu'une période est <b>verrouillée totalement</b>, le remplissage et la modification du bulletin pour la période concernée\nsont impossibles. la visualisation et l'impression sont autorisées.</li>\n";
echo "</ul>\n";
echo "<br /><br />\n";
// si la classe et la période sont définies (on vient de verif_bulletin.php)
if ($classe != 0 and $periode != 0) {
echo "<form action=\"verrouillage.php?classe={$classe}&periode={$periode}&action={$action_apres}\" name=\"formulaire\" method=\"post\">\n";
function sql_mutex_unlock($name)
{
global $sql_mutex_unlock_name;
sql_query1("SELECT RELEASE_LOCK('{$name}')");
$sql_mutex_unlock_name = "";
}
# Default parameters:
if (empty($debug_flag)) {
$debug_flag = 0;
}
if (empty($month) || empty($year) || !checkdate($month, 1, $year)) {
$month = date("m");
$year = date("Y");
}
$day = 1;
# print the page header
print_header($day, $month, $year, $area);
if (empty($area)) {
$area = get_default_area();
}
if (empty($room)) {
$room = sql_query1("select min(id) from mrbs_room where area_id={$area}");
}
# Note $room will be -1 if there are no rooms; this is checked for below.
# Month view start time. This ignores morningstarts/eveningends because it
# doesn't make sense to not show all entries for the day, and it messes
# things up when entries cross midnight.
$month_start = mktime(0, 0, 0, $month, 1, $year);
# What column the month starts in: 0 means $weekstarts weekday.
$weekday_start = (date("w", $month_start) - $weekstarts + 7) % 7;
$days_in_month = date("t", $month_start);
$month_end = mktime(23, 59, 59, $month, $days_in_month, $year);
if ($pview != 1) {
# Table with areas, rooms, minicals.
echo "<table width=\"100%\"><tr>";
$this_area_name = "";
$this_room_name = "";
function priv_test($obj, $feed_id){
if(!is_numeric($feed_id)){
return false;
}
$group_string = implode(',',$obj->groups);
$sql = "SELECT COUNT(id) FROM feed WHERE id = $feed_id AND (type = 0 OR type = 1 OR type = 2 OR type = 4 OR (type = 3 AND group_id IN ($group_string)))";
if($res = sql_query1($sql)){
return $res;
} else {
return false;
}
}
// not the form and we want to go straight to Phase 2 (producing the report)
if ($cli_mode) {
$phase = 2;
}
// Set up for Ajax. We need to know whether we're capable of dealing with Ajax
// requests, which will only be if (a) the browser is using DataTables and (b)
// we can do JSON encoding. We also need to initialise the JSON data array.
$ajax_capable = $datatable && function_exists('json_encode');
if ($ajax) {
$json_data['aaData'] = array();
}
$private_somewhere = some_area('private_enabled') || some_area('private_mandatory');
$approval_somewhere = some_area('approval_enabled');
$confirmation_somewhere = some_area('confirmation_enabled');
$times_somewhere = sql_query1("SELECT COUNT(*) FROM {$tbl_area} WHERE enable_periods=0") > 0;
$periods_somewhere = sql_query1("SELECT COUNT(*) FROM {$tbl_area} WHERE enable_periods!=0") > 0;
// Build the report search field order
$report_presentation_fields = array('output', 'output_format', 'sortby', 'sumby');
foreach ($report_presentation_fields as $field) {
if (!in_array($field, $report_presentation_field_order)) {
$report_presentation_field_order[] = $field;
}
}
// Build the report search field order
$report_search_fields = array('report_start', 'report_end', 'areamatch', 'roommatch', 'typematch', 'namematch', 'descrmatch', 'creatormatch', 'match_private', 'match_confirmed', 'match_approved');
foreach ($report_search_fields as $field) {
if (!in_array($field, $report_search_field_order)) {
$report_search_field_order[] = $field;
}
}
// Get information about custom fields
if (day_past_midnight()) {
$end_last = (($eveningends * 60 + $eveningends_minutes) * 60 + $resolution) % SECONDS_PER_DAY;
if ($start_seconds < $end_last) {
$start_seconds += SECONDS_PER_DAY;
$day_before = getdate(mktime(0, 0, 0, $start_month, $start_day - 1, $start_year));
$start_day = $day_before['mday'];
$start_month = $day_before['mon'];
$start_year = $day_before['year'];
}
}
// Check that the user has permission to create/edit an entry for this room.
// Get the id of the room that we are creating/editing
if (isset($id)) {
// Editing an existing booking: get the room_id from the database (you can't
// get it from $rooms because they are the new rooms)
$target_room = sql_query1("SELECT room_id FROM {$tbl_entry} WHERE id={$id} LIMIT 1");
if ($target_room < 0) {
trigger_error(sql_error(), E_USER_WARNING);
fatal_error(FALSE, get_vocab("fatal_db_error"));
}
} else {
// New booking: get the room_id from the form
if (!isset($rooms[0])) {
// $rooms[0] should always be set, because you can only get here
// from edit_entry.php, where it will be set. If it's not set
// then something's gone wrong - probably somebody trying to call
// edit_entry_handler.php directly from the browser - so get out
// of here and go somewhere safe.
header("Location: index.php");
exit;
}
}
}
if ($pview != 1) {
# Table with areas, rooms, minicals.
echo "<table width=\"100%\"><tr>";
$this_area_name = "";
$this_room_name = "";
# Show all areas
echo "<td width=\"30%\"><u>" . get_string('areas', 'block_mrbs') . "</u><br>";
}
# show either a select box or the normal html list
if ($area_list_format == "select") {
echo make_area_select_html('month.php', $area, $year, $month, $day);
# from functions.php
$this_area_name = sql_query1("select area_name from {$tbl_area} where id={$area}");
$this_room_name = sql_query1("select room_name from {$tbl_room} where id={$room}");
} else {
$sql = "select id, area_name from {$tbl_area} order by area_name";
$res = sql_query($sql);
if ($res) {
for ($i = 0; $row = sql_row($res, $i); $i++) {
if ($pview != 1) {
echo "<a href=\"month.php?year={$year}&month={$month}&area={$row['0']}\">";
}
if ($row[0] == $area) {
$this_area_name = htmlspecialchars($row[1]);
if ($pview != 1) {
echo "<font color=\"red\">{$this_area_name}</font></a><br>\n";
}
} else {
if ($pview != 1) {
}
if (!$search_str) {
echo "<H3>" . get_vocab("invalid_search") . "</H3>";
include "trailer.inc";
exit;
}
# now is used so that we only display entries newer than the current time
echo "<H3>" . get_vocab("search_results") . ": \"<font color=\"blue\">{$search_str}</font>\"</H3>\n";
$now = mktime(0, 0, 0, $month, $day, $year);
# This is the main part of the query predicate, used in both queries:
$sql_pred = "( " . sql_syntax_caseless_contains("E.create_by", $search_text) . " OR " . sql_syntax_caseless_contains("E.name", $search_text) . " OR " . sql_syntax_caseless_contains("E.description", $search_text) . ") AND E.end_time > {$now}";
# The first time the search is called, we get the total
# number of matches. This is passed along to subsequent
# searches so that we don't have to run it for each page.
if (!isset($total)) {
$total = sql_query1("SELECT count(*) FROM {$tbl_entry} E WHERE {$sql_pred}");
}
if ($total <= 0) {
echo "<B>" . get_vocab("nothing_found") . "</B>\n";
include "trailer.inc";
exit;
}
if (!isset($search_pos) || $search_pos <= 0) {
$search_pos = 0;
} elseif ($search_pos >= $total) {
$search_pos = $total - $total % $search["count"];
}
# Now we set up the "real" query using LIMIT to just get the stuff we want.
$sql = "SELECT E.id, E.create_by, E.name, E.description, E.start_time, R.area_id\n FROM {$tbl_entry} E, {$tbl_room} R\n WHERE {$sql_pred}\n AND E.room_id = R.id\n ORDER BY E.start_time asc " . sql_syntax_limit($search["count"], $search_pos);
# this is a flag to tell us not to display a "Next" link
$result = sql_query($sql);
// 0 => entering DST
// 1 => leaving DST
$dst_change[$j] = is_dst($month, $day_start_week + $j, $year);
$am7[$j] = mktime($morningstarts, $morningstarts_minutes, 0, $month, $day_start_week + $j, $year, is_dst($month, $day_start_week + $j, $year, $morningstarts));
$pm7[$j] = mktime($eveningends, $eveningends_minutes, 0, $month, $day_start_week + $j, $year, is_dst($month, $day_start_week + $j, $year, $eveningends));
}
// Section with areas, rooms, minicals.
?>
<div class="screenonly">
<div id="dwm_header">
<?php
// Get the area and room names (we will need them later for the heading)
$this_area_name = "";
$this_room_name = "";
$this_area_name = htmlspecialchars(sql_query1("SELECT area_name FROM {$tbl_area} WHERE id={$area} LIMIT 1"));
$this_room_name = htmlspecialchars(sql_query1("SELECT room_name FROM {$tbl_room} WHERE id={$room} LIMIT 1"));
$sql = "select id, area_name from {$tbl_area} order by area_name";
$res = sql_query($sql);
// Show all available areas
// but only if there's more than one of them, otherwise there's no point
if ($res && sql_count($res) > 1) {
echo "<div id=\"dwm_areas\"><h3>" . get_vocab("areas") . "</h3>";
// show either a select box or the normal html list
if ($area_list_format == "select") {
echo make_area_select_html('week.php', $area, $year, $month, $day);
} else {
echo "<ul>\n";
for ($i = 0; $row = sql_row_keyed($res, $i); $i++) {
echo "<li><a href=\"week.php?year={$year}&month={$month}&day={$day}&area={$row['id']}\">";
echo "<span" . ($row['id'] == $area ? ' class="current"' : '') . ">";
echo htmlspecialchars($row['area_name']) . "</span></a></li>\n";
$valid_email = new Mail_RFC822();
foreach ($emails as $email) {
// if no email address is entered, this is OK, even if isValidInetAddress
// does not return TRUE
if (!$valid_email->isValidInetAddress($email, $strict = FALSE) && '' != $email_var) {
// Now display this form again with an error message
Header("Location: edit_users.php?Action=Edit&Id={$Id}&invalid_email=1");
exit;
}
}
//
if ($Id >= 0) {
$operation = "replace into {$tbl_users} values (";
} else {
$operation = "insert into {$tbl_users} values (";
$Id = sql_query1("select max(id) from {$tbl_users};") + 1;
/* Use the last index + 1 */
/* Note: If the table is empty, sql_query1 returns -1. So use index 0. */
}
$i = 0;
foreach ($fields as $fieldname) {
if ($fieldname == "id") {
$value = $Id;
} else {
if ($fieldname == "name") {
$value = strtolower(get_form_var('Field_name', 'string'));
} else {
if ($fieldname == "password" && $password0 != "") {
$value = md5($password0);
} else {
$value = get_form_var("Field_{$fieldname}", $field_props[$fieldname]['istext'] ? 'string' : 'int');
$change_room = get_form_var('change_room', 'string');
$change_area = get_form_var('change_area', 'string');
// If we dont know the right date then make it up
if (!isset($day) or !isset($month) or !isset($year)) {
$day = date("d");
$month = date("m");
$year = date("Y");
}
if (!getAuthorised(2)) {
showAccessDenied($day, $month, $year, $area, "");
exit;
}
// Done changing area or room information?
if (isset($change_done)) {
if (!empty($room)) {
$area = sql_query1("SELECT area_id from {$tbl_room} where id={$room}");
}
Header("Location: admin.php?day={$day}&month={$month}&year={$year}&area={$area}");
exit;
}
print_header($day, $month, $year, isset($area) ? $area : "", isset($room) ? $room : "");
?>
<h2><?php
echo get_vocab("editroomarea");
?>
</h2>
<?php
if (!empty($room)) {
include_once 'Mail/RFC822.php';
$tab_pref = array('num_periode', 'larg_tab', 'bord', 'couleur_alterne', 'aff_abs', 'aff_reg', 'aff_doub', 'aff_rang');
for ($loop = 0; $loop < count($tab_pref); $loop++) {
$tmp_var = $tab_pref[$loop];
if (${$tmp_var} == '') {
${$tmp_var} = "n";
}
$sql = "INSERT INTO preferences SET name='vtn_pref_" . $tmp_var . "', value='" . ${$tmp_var} . "', login='******'login'] . "';";
//echo "$sql<br />";
$insert = mysqli_query($GLOBALS["mysqli"], $sql);
$_SESSION['vtn_pref_' . $tmp_var] = ${$tmp_var};
}
$sql = "INSERT INTO preferences SET name='vtn_pref_coloriser_resultats', value='{$vtn_coloriser_resultats}', login='******'login'] . "';";
$insert = mysqli_query($GLOBALS["mysqli"], $sql);
$_SESSION['vtn_pref_coloriser_resultats'] = $vtn_coloriser_resultats;
//=================================================
$classe = sql_query1("SELECT classe FROM classes WHERE id = '{$id_classe}'");
// Lien pour générer un PDF
echo "<div class='noprint' style='float: right; border: 1px solid black; background-color: white; width: 3em; height: 1em; text-align: center; padding-bottom:3px; margin-left:3px;'>\n<a href='" . $_SERVER['PHP_SELF'] . "?mode=pdf&id_classe={$id_classe}&num_periode={$num_periode}";
if ($aff_abs && $aff_abs == 'y') {
echo "&aff_abs={$aff_abs}";
}
if ($aff_reg && $aff_reg == 'y') {
echo "&aff_reg={$aff_reg}";
}
if ($aff_doub && $aff_doub == 'y') {
echo "&aff_doub={$aff_doub}";
}
if ($aff_rang && $aff_rang == 'y') {
echo "&aff_rang={$aff_rang}";
}
if ($aff_date_naiss && $aff_date_naiss == 'y') {
$midnight_tonight[$j] = mktime(23, 59, 59, $month, $j, $year, is_dst($month, $j, $year, 23));
} else {
$midnight[$j] = mktime(12, 0, 0, $month, $j, $year, is_dst($month, $j, $year, 0));
$midnight_tonight[$j] = mktime(12, count($periods), 59, $month, $j, $year, is_dst($month, $j, $year, 23));
}
}
// Section with areas, rooms, minicals.
?>
<div class="screenonly">
<div id="dwm_header">
<?php
// Get the area and room names (we will need them later for the heading)
$this_area_name = "";
$this_room_name = "";
$this_area_name = htmlspecialchars(sql_query1("select area_name\n from {$tbl_area} where id={$area}"));
$this_room_name = htmlspecialchars(sql_query1("select room_name\n from {$tbl_room} where id={$room}"));
$sql = "select id, area_name from {$tbl_area} order by area_name";
$res = sql_query($sql);
// Show all available areas
// but only if there's more than one of them, otherwise there's no point
if ($res && sql_count($res) > 1) {
echo "<div id=\"dwm_areas\"><h3>" . get_vocab("areas") . "</h3>";
// show either a select box or the normal html list
if ($area_list_format == "select") {
echo make_area_select_html('month.php', $area, $year, $month, $day);
} else {
echo "<ul>\n";
for ($i = 0; $row = sql_row_keyed($res, $i); $i++) {
echo "<li><a href=\"month.php?year={$year}&month={$month}&day={$day}&area={$row['0']}\">";
echo "<span" . ($row['id'] == $area ? ' class="current"' : '') . ">";
echo htmlspecialchars($row['area_name']) . "</span></a></li>\n";
$days_in_month = date("t", $month_start);
$month_end = mktime(23, 59, 59, $month, $days_in_month, $year);
if ($pview != 1) {
# Table with areas, rooms, minicals.
echo "<table width=\"100%\"><tr>";
$this_area_name = "";
$this_room_name = "";
# Show all areas
echo "<td width=\"30%\"><u>{$vocab['areas']}</u><br>";
}
# show either a select box or the normal html list
if ($area_list_format == "select") {
echo make_area_select_html('month.php', $area, $year, $month, $day);
# from functions.inc
$this_area_name = sql_query1("select area_name from mrbs_area where id={$area}");
$this_room_name = sql_query1("select room_name from mrbs_room where id={$room}");
} else {
$sql = "select id, area_name from mrbs_area order by area_name";
$res = sql_query($sql);
if ($res) {
for ($i = 0; $row = sql_row($res, $i); $i++) {
if ($pview != 1) {
echo "<a href=\"month.php?year={$year}&month={$month}&area={$row['0']}\">";
}
if ($row[0] == $area) {
$this_area_name = htmlspecialchars($row[1]);
if ($pview != 1) {
echo "<font color=\"red\">{$this_area_name}</font></a><br>\n";
}
} else {
if ($pview != 1) {
# For weekly repeat(2), build string of weekdays to repeat on:
$rep_opt = "";
if ($rep_type == 2 || $rep_type == 6) {
for ($i = 0; $i < 7; $i++) {
$rep_opt .= empty($rep_day[$i]) ? "0" : "1";
}
}
# Expand a series into a list of start times:
if ($rep_type != 0) {
$reps = mrbsGetRepeatEntryList($starttime, isset($rep_enddate) ? $rep_enddate : 0, $rep_type, $rep_opt, $max_rep_entrys, $rep_num_weeks);
}
# When checking for overlaps, for Edit (not New), ignore this entry and series:
$repeat_id = 0;
if (isset($id)) {
$ignore_id = $id;
$repeat_id = sql_query1("SELECT repeat_id FROM {$tbl_entry} WHERE id={$id}");
if ($repeat_id < 0) {
$repeat_id = 0;
}
} else {
$ignore_id = 0;
}
# Acquire mutex to lock out others trying to book the same slot(s).
if (!sql_mutex_lock("{$tbl_entry}")) {
fatal_error(1, get_vocab("failed_to_acquire"));
}
# Check for any schedule conflicts in each room we're going to try and
# book in
$err = "";
foreach ($rooms as $room_id) {
if ($rep_type != 0 && !empty($reps)) {
// put a space after each comma so that the list displays better
$room_admin_email = str_replace(',', ', ', $room_admin_email);
// validate the email addresses
$valid_email = validate_email_list($room_admin_email);
if (FALSE != $valid_email) {
if (empty($capacity)) {
$capacity = 0;
}
// Acquire a mutex to lock out others who might be deleting the new area
if (!sql_mutex_lock("{$tbl_area}")) {
fatal_error(TRUE, get_vocab("failed_to_acquire"));
}
// Check the new area still exists
if (sql_query1("SELECT COUNT(*) FROM {$tbl_area} WHERE id={$new_area} LIMIT 1") < 1) {
$valid_area = FALSE;
} elseif (($new_area != $old_area || $room_name != $old_room_name) && sql_query1("SELECT COUNT(*)\n FROM {$tbl_room}\n WHERE" . sql_syntax_casesensitive_equals("room_name", $room_name) . "\n AND area_id={$new_area}\n LIMIT 1") > 0) {
$valid_room_name = FALSE;
} else {
// Convert booleans into 0/1 (necessary for PostgreSQL)
$room_disabled = !empty($room_disabled) ? 1 : 0;
$sql = "UPDATE {$tbl_room} SET ";
$n_fields = count($fields);
$assign_array = array();
foreach ($fields as $field) {
if ($field['name'] != 'id') {
switch ($field['name']) {
// first of all deal with the standard MRBS fields
case 'area_id':
$assign_array[] = "area_id={$new_area}";
break;
case 'disabled':
} elseif ($type == "room") {
// Truncate the name and description fields to the maximum length as a precaution.
$name = substr($name, 0, $maxlength['room.room_name']);
$description = substr($description, 0, $maxlength['room.description']);
// Add SQL escaping
$room_name_q = addslashes($name);
$description_q = addslashes($description);
if (empty($capacity)) {
$capacity = 0;
}
// Acquire a mutex to lock out others who might be editing rooms
if (!sql_mutex_lock("{$tbl_room}")) {
fatal_error(TRUE, get_vocab("failed_to_acquire"));
}
// Check that the room name is unique within the area
if (sql_query1("SELECT COUNT(*) FROM {$tbl_room} WHERE room_name='{$room_name_q}' AND area_id={$area} LIMIT 1") > 0) {
$error = "invalid_room_name";
} else {
$sql = "INSERT INTO {$tbl_room} (room_name, sort_key, area_id, description, capacity)\n VALUES ('{$room_name_q}', '{$room_name_q}', {$area}, '{$description_q}',{$capacity})";
if (sql_command($sql) < 0) {
trigger_error(sql_error(), E_USER_WARNING);
fatal_error(TRUE, get_vocab("fatal_db_error"));
}
}
// Release the mutex
sql_mutex_unlock("{$tbl_room}");
}
if (!empty($error)) {
$url = formatURLError($area, $error);
} else {
$url = formatURLError($area, NULL);
private function gestionEleveAID()
{
global $mysqli;
$this->b = 0;
if (getSettingValue("active_mod_gest_aid") == 'y') {
$sql = "SELECT * FROM aid_config ";
// on exclue la rubrique permettant de visualiser quels élèves ont le droit d'envoyer/modifier leur photo
$flag_where = 'n';
if (getSettingValue("num_aid_trombinoscopes") != "") {
$sql .= "WHERE indice_aid!= '" . getSettingValue("num_aid_trombinoscopes") . "'";
$flag_where = 'y';
}
// si le plugin "gestion_autorisations_publications" existe et est activé, on exclue la rubrique correspondante
$test_plugin = sql_query1("select ouvert from plugins where nom='gestion_autorisations_publications'");
if ($test_plugin == 'y' and getSettingValue("indice_aid_autorisations_publi") != "") {
if ($flag_where == 'n') {
$sql .= "WHERE indice_aid!= '" . getSettingValue("indice_aid_autorisations_publi") . "'";
} else {
$sql .= "and indice_aid!= '" . getSettingValue("indice_aid_autorisations_publi") . "'";
}
}
$sql .= " ORDER BY nom";
$call_data = mysqli_query($mysqli, $sql);
while ($obj = $call_data->fetch_object()) {
$indice_aid = $obj->indice_aid;
$call_prof1 = mysqli_query($mysqli, "SELECT *\n FROM j_aid_utilisateurs_gest\n WHERE indice_aid = '" . $indice_aid . "' and id_utilisateur='" . $this->loginUtilisateur . "'");
$nb_result1 = $call_prof1->num_rows;
$call_prof2 = mysqli_query($mysqli, "SELECT *\n FROM j_aidcateg_super_gestionnaires\n WHERE indice_aid = '" . $indice_aid . "' and id_utilisateur='" . $this->loginUtilisateur . "'");
$nb_result2 = $call_prof2->num_rows;
if ($nb_result1 != 0 or $nb_result2 != 0) {
//$nom_aid = @old_mysql_result($call_data, $i, "nom");
$nom_aid = $obj->nom;
if ($nb_result2 != 0) {
$this->creeNouveauItem("/aid/index2.php?indice_aid=" . $indice_aid, $nom_aid, "Cet outil vous permet de gérer les groupes (création, suppression, modification).");
} else {
$this->creeNouveauItem("/aid/index2.php?indice_aid=" . $indice_aid, $nom_aid, "Cet outil vous permet de gérer l'appartenance des élèves aux différents groupes.");
}
}
}
}
if ($this->b > 0) {
$this->creeNouveauTitre('accueil', "Gestion des AID", 'images/icons/document.png');
return true;
}
}
if (!$room_res) {
echo sql_error();
}
for ($j = 0; list($room) = sql_row($room_res, $j); $j++) {
// Now we know room and area
// We have to add some appointments to the day
// four in each room seems good enough
for ($a = 1; $a < 5; $a++) {
// Pick a random hour 8-5
$starthour = mt_rand(7, 16);
$length = mt_rand(1, 5) * 30;
$starttime = mktime($starthour, 0, 0, $month, $day, $year);
$endtime = mktime($starthour, $length, 0, $month, $day, $year);
// Check that this isnt going to overlap
$sql = "select count(*) from {$tbl_entry} where room_id={$room} and ((start_time between {$starttime} and {$endtime}) or (end_time between {$starttime} and {$endtime}) or (start_time = {$starttime} and end_time = {$endtime}))";
$counte = sql_query1($sql);
if ($counte == 0) {
// There are no overlaps
if ($area == 4) {
$name = $jpnames[mt_rand(1, count($jpnames) - 1)];
} else {
$name = $ennames[mt_rand(1, count($ennames) - 1)];
}
$type = $intext[mt_rand(1, 2)];
$sql = "insert into {$tbl_entry} (room_id, create_by, start_time, end_time, type, name, description) values ({$room}, '{$REMOTE_ADDR}', {$starttime}, {$endtime},'{$type}','{$name}','A meeting')";
sql_command($sql);
}
echo "{$area} - {$room} ({$starthour},{$length}), {$type}<br>";
}
}
}
//
// Quelque chose a été posté
//
if ($_POST['action'] == "save_data") {
check_token(false);
//
// On enregistre les données dans la base.
// Le fichier a déjà été affiché, et l'utilisateur est sûr de vouloir enregistrer
//
echo "<p><em>On vide d'abord les tables suivantes :</em> ";
$j = 0;
$k = 0;
while ($j < count($liste_tables_del)) {
$sql = "SHOW TABLES LIKE '" . $liste_tables_del[$j] . "';";
//echo "$sql<br />";
$test = sql_query1($sql);
if ($test != -1) {
if ($k > 0) {
echo ", ";
}
$sql = "SELECT 1=1 FROM {$liste_tables_del[$j]};";
$res_test_tab = mysqli_query($GLOBALS["mysqli"], $sql);
if (mysqli_num_rows($res_test_tab) > 0) {
$sql = "DELETE FROM {$liste_tables_del[$j]};";
$del = @mysqli_query($GLOBALS["mysqli"], $sql);
echo "<b>" . $liste_tables_del[$j] . "</b>";
echo " (" . mysqli_num_rows($res_test_tab) . ")";
} else {
echo $liste_tables_del[$j];
}
$k++;
$v_naissance2=$tmp_tab_naissance[2]."/".$tmp_tab_naissance[1]."/".$tmp_tab_naissance[0];
$v_sexe2=old_mysql_result($call_eleve2_info, "0", 'sexe');
$v_eleve_nom_prenom2=$v_legend2;
if ($periode != 'annee') {
$temp = my_strtolower($nom_periode[$periode]);
} else {
$temp = 'Année complète';
}
$graph_title = $eleve1_nom." ".$eleve1_prenom." ".$classe." et ".$eleve2_nom." ".$eleve2_prenom." ".$classe2." | ".$temp;
echo "<p class='bold'>$eleve1_nom $eleve1_prenom ($classe) et $eleve2_nom $eleve2_prenom ($classe2) | $temp</p>\n";
echo "<table border='1' cellspacing='2' cellpadding='5'>\n";
echo "<tr><td width='100'><p>Matière</p></td><td width='100'><p>$eleve1_nom $eleve1_prenom</p></td><td width='100'><p>$eleve2_nom $eleve2_prenom</p></td><td width='100'><p>Différence</p></td></tr>\n";
//$call_classe_infos = mysql_query("SELECT DISTINCT m.* FROM matieres m,j_classes_matieres_professeurs j WHERE (m.matiere = j.id_matiere AND j.id_classe='$id_classe') ORDER BY j.priorite");
$affiche_categories = sql_query1("SELECT display_mat_cat FROM classes WHERE id='".$id_classe."'");
if ($affiche_categories == "y") {
$affiche_categories = true;
} else {
$affiche_categories = false;
}
if ($affiche_categories) {
// On utilise les valeurs spécifiées pour la classe en question
$call_groupes = mysqli_query($GLOBALS["mysqli"], "SELECT DISTINCT jgc.id_groupe ".
"FROM j_eleves_groupes jeg, j_groupes_classes jgc, j_groupes_matieres jgm, j_matieres_categories_classes jmcc, matieres m " .
"WHERE ( " .
"jeg.login = '******' AND " .
"jgc.id_groupe = jeg.id_groupe AND " .
"jgc.categorie_id = jmcc.categorie_id AND " .
"jgc.id_classe = '".$id_classe."' AND " .
function feedbackAction()
{
if (isset($_POST['submit']) && is_numeric($_POST['page_id'])) {
if (!preg_match('/person/i', $_POST['human'])) {
echo "Sorry, people only, please. Feel free to try again.";
exit(1);
}
$group = new Group(ADMIN_GROUP_ID);
$dat = $_POST['feed'];
if (isset($_POST['email'])) {
$email = $_POST['email'];
} else {
$email = $_SESSION['user']->email;
}
if ($_POST['helpful']) {
$helfpul = 1;
} else {
$helpful = 0;
}
if (isLoggedIn()) {
$submitter = $_SESSION['user']->name . ' (' . $_SESSION['user']->username . ' - ' . $email . ')';
} else {
$submitter = $email;
}
$page = sql_query1("SELECT CONCAT(page_category.name,' :: ',page.name) AS cat FROM `page`" . " LEFT JOIN `page_category` ON page_category_id=page_category.id" . " WHERE page.id='{$_POST['page_id']}'");
$ip = $_SERVER['REMOTE_ADDR'];
$msg = "New page feedback from {$submitter} [{$ip}]\n";
$msg .= "Page: {$page}\n";
$msg .= 'Found Helpful: ' . ($helfpul == 1 ? 'Yes' : 'No') . "\n";
$msg .= '' . "\n";
$msg .= 'Feeback: ' . $_POST['message'] . "\n";
if ($group->send_mail('New Feedback on ' . $page, $msg, $email)) {
echo "<strong>Thanks!</strong> Your feedback will help us improve our service and support.";
exit(1);
}
}
echo "Sorry, there was an error processing your request. You can contact support directly using the email address in this page's footer below.";
}
print " <p class=\"error\">" . sql_error() . "</p>\n";
print " <input type=\"submit\" value=\" " . get_vocab("ok") . " \">\n";
print " </fieldset>\n";
print "</form>\n";
// Print footer and exit
print_footer(TRUE);
}
/* Success. Redirect to the user list, to remove the form args */
Header("Location: edit_users.php");
}
}
/*---------------------------------------------------------------------------*\
| Delete a user |
\*---------------------------------------------------------------------------*/
if (isset($Action) && $Action == "Delete") {
$target_level = sql_query1("SELECT level FROM {$tbl_users} WHERE id={$Id} LIMIT 1");
if ($target_level < 0) {
fatal_error(TRUE, "Fatal error while deleting a user");
}
// you can't delete a user if you're not some kind of admin, and then you can't
// delete someone higher than you
if ($level < $min_user_editing_level || $level < $target_level) {
showAccessDenied(0, 0, 0, "", "");
exit;
}
$r = sql_command("delete from {$tbl_users} where id={$Id};");
if ($r == -1) {
print_header(0, 0, 0, "", "");
// This is unlikely to happen in normal operation. Do not translate.
print "<form class=\"edit_users_error\" method=\"post\" action=\"" . htmlspecialchars(basename($PHP_SELF)) . "\">\n";
print " <fieldset>\n";
}
}
echo "<div id=\"del_room_confirm\">\n";
echo "<p>" . get_vocab("sure") . "</p>\n";
echo "<div id=\"del_room_confirm_links\">\n";
echo "<a href=\"del.php?type=room&room={$room}&confirm=Y\"><span id=\"del_yes\">" . get_vocab("YES") . "!</span></a>\n";
echo "<a href=\"admin.php\"><span id=\"del_no\">" . get_vocab("NO") . "!</span></a>\n";
echo "</div>\n";
echo "</div>\n";
include "trailer.inc";
}
}
if ($type == "area") {
// We are only going to let them delete an area if there are
// no rooms. its easier
$n = sql_query1("select count(*) from {$tbl_room} where area_id={$area}");
if ($n == 0) {
// OK, nothing there, lets blast it away
sql_command("delete from {$tbl_area} where id={$area}");
// Redirect back to the admin page
header("Location: admin.php");
} else {
// There are rooms left in the area
print_header($day, $month, $year, $area);
echo "<p>\n";
echo get_vocab("delarea");
echo "<a href=\"admin.php\">" . get_vocab("backadmin") . "</a>";
echo "</p>\n";
include "trailer.inc";
}
}
