function connector_out_check_credentials($username, $password, $source_id)
{
global $dbh;
$source_id += 0;
if (!$username) {
//--Utilisateur anonyme
//Verifions si le groupe anonyme a le droit d'utiliser la source
$sql = "SELECT COUNT(1) FROM connectors_out_sources_esgroups WHERE connectors_out_source_esgroup_sourcenum = " . $source_id . ' AND connectors_out_source_esgroup_esgroupnum = -1';
$count = mysql_result(mysql_query($sql, $dbh), 0, 0);
$allowed = $count > 0;
if ($allowed) {
$sql = 'SELECT esgroup_pmbusernum FROM es_esgroups WHERE esgroup_id = -1';
$res = mysql_query($sql, $dbh);
if (!mysql_numrows($res)) {
return 1;
} else {
return mysql_result($res, 0, 0);
}
}
return false;
} else {
if (strpos($username, "@") !== false) {
//--Lecteur
$login_info = explode("@", $username);
if (count($login_info) != 2) {
return false;
}
$empr_name = $login_info[0];
$es_group = $login_info[1];
if (!$empr_name || !$es_group) {
return false;
}
//Cherchons le lecteur
$empr_id = 0;
$sql = "SELECT id_empr FROM empr WHERE empr_login = '******' AND empr_password = '******'";
$res = mysql_query($sql, $dbh);
if (mysql_numrows($res)) {
$empr_id = mysql_result($res, 0, 0);
}
//Pas trouvé? Plouf!
if (!$empr_id) {
return false;
}
//Cherchons le groupe
$sql = "SELECT esgroup_id FROM es_esgroups WHERE esgroup_name = '" . addslashes($es_group) . "'";
$res = mysql_query($sql, $dbh);
//Pas trouvé? Plouf!
if (!mysql_numrows($res)) {
return false;
}
$esgroup_id = mysql_result($res, 0, 0);
$es_group = new es_esgroup($esgroup_id);
//Vérifions que le lecteur est dans le groupe
$sql = "SELECT SUM(EXISTS(SELECT 1 FROM empr_groupe WHERE empr_id = " . $empr_id . " AND groupe_id = esgroupuser_usernum)) > 0 AS in_group FROM es_esgroup_esusers WHERE esgroupuser_usertype = 2 AND esgroupuser_groupnum = " . $esgroup_id;
$res = mysql_query($sql, $dbh);
$empr_in_group = mysql_result($res, 0, 0);
if (!$empr_in_group) {
//Vil faquin, tu as cru pouvoir rentré en mentant sur ton groupe d'origine? Ca marche pas ici; plouf!
return false;
}
//Verifions si le groupe a le droit d'utiliser la source
$sql = "SELECT COUNT(1) FROM connectors_out_sources_esgroups WHERE connectors_out_source_esgroup_sourcenum = " . $source_id . ' AND connectors_out_source_esgroup_esgroupnum = ' . $esgroup_id;
$count = mysql_result(mysql_query($sql, $dbh), 0, 0);
$allowed = $count > 0;
//Pas le droit? Plouf!
if (!$allowed) {
return false;
}
//Et voilà, tout est bon, ça passe
return $es_group->esgroup_pmbuserid;
} else {
//--Utilisateur classique
//Cherchons si cet utilisateur existe, et si oui, récupérons son groupe
$esuser = es_esuser::create_from_credentials($username, $password);
if (!$esuser) {
return false;
}
$esgroup_id = $esuser->esuser_group;
//Si l'utilisateur n'est pas dans un groupe, il ne peut pas avoir de droits, donc plouf
if (!$esgroup_id) {
return false;
}
//Verifions si le groupe a le droit d'utiliser la source
$sql = "SELECT COUNT(1) FROM connectors_out_sources_esgroups WHERE connectors_out_source_esgroup_sourcenum = " . $source_id . ' AND connectors_out_source_esgroup_esgroupnum = ' . $esgroup_id;
$count = mysql_result(mysql_query($sql, $dbh), 0, 0);
$allowed = $count > 0;
//Pas le droit? Plouf!
if (!$allowed) {
return false;
}
//Sinon on renvoi le pmbuserid associé au groupe
$esgroup = new es_esgroup($esgroup_id);
return $esgroup->esgroup_pmbuserid;
}
}
return false;
}
function update_esuser_from_form()
{
global $msg, $charset, $dbh, $id;
global $esuser_username, $esuser_fullname, $esuser_password, $esuser_esgroup;
if ($esuser_esgroup) {
//Vérifions que le groupe existe
if (!es_esgroup::id_exists($esuser_esgroup)) {
print $msg['es_user_error_unknowngroup'];
show_esuser_form(0, stripslashes($esuser_username), stripslashes($esuser_fullname), stripslashes($esuser_password), stripslashes($esuser_esgroup));
return false;
}
}
if (!$id) {
//Ajout d'un nouvel utilisateur
if (!$esuser_username) {
print $msg['es_user_error_emptyfield'];
show_esuser_form(0, stripslashes($esuser_username), stripslashes($esuser_fullname), stripslashes($esuser_password), stripslashes($esuser_esgroup));
return false;
}
if (es_esuser::username_exists($esuser_username)) {
print $msg['es_user_error_usernamealreadyexists'];
show_esuser_form(0, stripslashes($esuser_username), stripslashes($esuser_fullname), stripslashes($esuser_password), stripslashes($esuser_esgroup));
return false;
}
$new_esuser = es_esuser::add_new();
$new_esuser->esuser_username = $esuser_username;
$new_esuser->esuser_fullname = $esuser_fullname;
$new_esuser->esuser_password = $esuser_password;
$new_esuser->esuser_group = $esuser_esgroup;
$new_esuser->commit_to_db();
} else {
$theuser = new es_esuser($id);
if ($the_user->error) {
return false;
}
$theuser->esuser_username = $esuser_username;
$theuser->esuser_fullname = $esuser_fullname;
$theuser->esuser_password = $esuser_password;
$theuser->esuser_group = $esuser_esgroup;
$theuser->commit_to_db();
}
return true;
}
