?> </fieldset> </form> <?php // Now the custom HTML echo "<div id=\"custom_html\">\n"; // no htmlspecialchars() because we want the HTML! echo !empty($row['custom_html']) ? $row['custom_html'] . "\n" : ""; echo "</div>\n"; } // THE AREA FORM if (isset($change_area) && !empty($area)) { // Only admins can see this form if (!$is_admin) { showAccessDenied($day, $month, $year, $area, ""); exit; } // Get the details for this area $res = sql_query("SELECT * FROM {$tbl_area} WHERE id={$area} LIMIT 1"); if (!$res) { fatal_error(0, get_vocab("error_area") . $area . get_vocab("not_found")); } $row = sql_row_keyed($res, 0); sql_free($res); // Get the settings for this area, from the database if they are there, otherwise from // the config file. A little bit inefficient repeating the SQL query // we've just done, but it makes the code simpler and this page is not used very often. get_area_settings($area); echo "<form class=\"form_general\" id=\"edit_area\" action=\"edit_area_room.php\" method=\"post\">\n"; echo "<fieldset class=\"admin\">\n";
/* Success. Redirect to the user list, to remove the form args */ Header("Location: edit_users.php"); } } /*---------------------------------------------------------------------------*\ | Delete a user | \*---------------------------------------------------------------------------*/ if (isset($Action) && $Action == "Delete") { $target_level = sql_query1("SELECT level FROM {$tbl_users} WHERE id={$Id} LIMIT 1"); if ($target_level < 0) { fatal_error(TRUE, "Fatal error while deleting a user"); } // you can't delete a user if you're not some kind of admin, and then you can't // delete someone higher than you if ($level < $min_user_editing_level || $level < $target_level) { showAccessDenied(0, 0, 0, "", ""); exit; } $r = sql_command("delete from {$tbl_users} where id={$Id};"); if ($r == -1) { print_header(0, 0, 0, "", ""); // This is unlikely to happen in normal operation. Do not translate. print "<form class=\"edit_users_error\" method=\"post\" action=\"" . htmlspecialchars(basename($PHP_SELF)) . "\">\n"; print " <fieldset>\n"; print " <legend></legend>\n"; print " <p class=\"error\">Error deleting entry {$Id} from the {$tbl_users} table.</p>\n"; print " <p class=\"error\">" . sql_error() . "</p>\n"; print " <input type=\"submit\" value=\" " . get_vocab("ok") . " \">\n"; print " </fieldset>\n"; print "</form>\n"; // Print footer and exit
echo '<h2>' . _h('Users not in this group') . '</h2>'; echo '<table class="prettytable">' . chr(10); foreach ($all_users as $user_id => $user_name) { echo '<tr><td><a href="user.php?user_id=' . $user_id . '">' . $user_name . '</a>'; echo '</td><td>'; if ($login['user_access_useredit']) { echo '<a href="admin_group.php?gid=' . $gid . '&group_add_user='******'">' . _h('Add user to group') . '</a>'; } echo '</td></tr>' . chr(10); } echo '</table>' . chr(10); } } elseif (isset($_POST['add'])) { // Adding if (!$login['user_access_useredit']) { showAccessDenied($day, $month, $year, $area, true); exit; } // Checking input $add = slashes(htmlspecialchars(strip_tags($_POST['add']), ENT_QUOTES)); mysql_query("INSERT INTO `groups` ( `group_id` , `user_ids` , `group_name` ) VALUES ('', '', '" . $add . "');"); header("Location: admin_group.php"); exit; } else { include "include/admin_middel.php"; echo '<h1>' . __('Usergroups') . '</h1>'; // Add echo '<form action="admin_group.php" method="post">' . chr(10); echo '<b>' . __('Add group') . '</b><br>' . chr(10); if ($login['user_access_useredit']) { echo '<input type="text" name="add"><br>' . chr(10);
</form> </body> </html> <?php die; } $back = ''; if (isset($_SERVER['HTTP_REFERER'])) { $back = htmlspecialchars($_SERVER['HTTP_REFERER']); } if (isset($sso_restrictions) && $sso_restrictions == true) { showAccessDenied($back); exit; } if (authGetUserLevel(getUserName(), -1) < 6 && $valid != 'yes') { showAccessDenied($back); exit; } if ($valid == 'no') { print_header("", "", "", $type = "with_session"); // Affichage de la colonne de gauche include "admin_col_gauche.php"; } else { ?> <!doctype html> <html> <head> <link rel="stylesheet" href="style.css" type="text/css"> <link rel="shortcut icon" href="favicon.ico"> <title> grr </title> </head>
</div> </form> </body> </html> <?php die(); }; $back = ''; if (isset($_SERVER['HTTP_REFERER'])) $back = grr_htmlSpecialChars($_SERVER['HTTP_REFERER']); if ((authGetUserLevel(getUserName(),-1) < 6) and ($valid != 'yes')) { $day = date("d"); $month = date("m"); $year = date("Y"); showAccessDenied($day, $month, $year, $area,$back); exit(); } if ($valid == 'no') { # print the page header print_header("","","","",$type="with_session", $page="admin"); // Affichage de la colonne de gauche include "admin_col_gauche.php"; } else { ?> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Strict//EN"> <HTML> <HEAD> <META HTTP-EQUIV="Content-Type" content="text/html; charset=<?php if ($unicode_encoding)
* */ include "include/admin.inc.php"; $grr_script_name = "admin_confirm_change_date_bookings.php"; $back = ''; if (isset($_SERVER['HTTP_REFERER'])) $back = grr_htmlSpecialChars($_SERVER['HTTP_REFERER']); unset($display); $display = isset($_GET["display"]) ? $_GET["display"] : NULL; if(authGetUserLevel(getUserName(),-1) < 6) { $day = date("d"); $month = date("m"); $year = date("Y"); showAccessDenied($day, $month, $year, '',$back); exit(); } if (isset($_GET['valid']) and ($_GET['valid'] == "yes")) { if (!saveSetting("begin_bookings", $_GET['begin_bookings'])) { echo "Erreur lors de l'enregistrement de begin_bookings !<br />"; } else { $del = grr_sql_query("DELETE FROM ".TABLE_PREFIX."_entry WHERE (end_time < ".getSettingValue('begin_bookings').")"); $del = grr_sql_query("DELETE FROM ".TABLE_PREFIX."_repeat WHERE end_date < ".getSettingValue("begin_bookings")); $del = grr_sql_query("DELETE FROM ".TABLE_PREFIX."_entry_moderate WHERE (end_time < ".getSettingValue('begin_bookings').")"); $del = grr_sql_query("DELETE FROM ".TABLE_PREFIX."_calendar WHERE DAY < ".getSettingValue("begin_bookings")); } if (!saveSetting("end_bookings", $_GET['end_bookings'])) { echo "Erreur lors de l'enregistrement de end_bookings !<br />"; } else {
$returl .= "?year={$year}&month={$month}&day={$day}"; // If the old sticky room is one of the rooms requested for booking, then don't change the sticky room. // Otherwise change the sticky room to be one of the new rooms. if (!in_array($room, $rooms)) { $room = $rooms[0]; } // Find the corresponding area $area = mrbsGetRoomArea($room); // Complete the query string $returl .= "&area={$area}&room={$room}"; // Check to see whether this is a repeat booking and if so, whether the user // is allowed to make/edit repeat bookings. (The edit_entry form should // prevent you ever getting here, but this check is here as a safeguard in // case someone has spoofed the HTML) if (isset($rep_type) && $rep_type != REP_NONE && !$is_admin && !empty($auth['only_admin_can_book_repeat'])) { showAccessDenied($day, $month, $year, $area, isset($room) ? $room : ""); exit; } // (4) Assemble the booking data // ----------------------------- // Assemble an array of bookings, one for each room $bookings = array(); foreach ($rooms as $room_id) { $booking = array(); $booking['create_by'] = $create_by; $booking['name'] = $name; $booking['type'] = $type; $booking['description'] = $description; $booking['room_id'] = $room_id; $booking['start_time'] = $starttime; $booking['end_time'] = $endtime;
/** * Fonction de verification d'access * @param int $level */ function check_access($level, $back) { if (authGetUserLevel(getUserName(), -1, 'area') < $level) { showAccessDenied($back); exit; } }
$use_site : 'y' (fonctionnalité multisite activée) ou 'n' (fonctionnalité multisite désactivée) $id_site : l'identifiant du site $default_area : domaine par défaut $default_room : ressource par défaut $session_login : identifiant $type : 'ressource'-> on actualise la liste des ressources 'domaine'-> on actualise la liste des domaines $action : 1-> on actualise la liste des ressources 2-> on vide la liste des ressouces */ include "include/admin.inc.php"; if ((authGetUserLevel(getUserName(),-1) < 1)) { showAccessDenied("","","","",""); exit(); } /* * Actualiser la liste des domaines */ if ($_GET['type']=="domaine") { // Initialisation if (isset($_GET["id_site"])) { $id_site = $_GET["id_site"]; settype($id_site,"integer"); } else die(); if (isset($_GET["default_area"])) { $default_area = $_GET["default_area"]; settype($default_area,"integer");
include "include/resume_session.php"; // Paramètres langage include "include/language.inc.php"; $id_room = isset($_GET["id_room"]) ? $_GET["id_room"] : NULL; if (isset($id_room)) { settype($id_room, "integer"); } else { $print = "all"; } if (Settings::get("authentification_obli") == 0 && getUserName() == '') { $type_session = "no_session"; } else { $type_session = "with_session"; } if (authGetUserLevel(getUserName(), -1) < 1 && Settings::get("authentification_obli") == 1 || !verif_acces_ressource(getUserName(), $id_room)) { showAccessDenied(''); exit; } echo begin_page(get_vocab("mrbs") . get_vocab("deux_points") . Settings::get("company")); $res = grr_sql_query("SELECT * FROM " . TABLE_PREFIX . "_room WHERE id={$id_room}"); if (!$res) { fatal_error(0, get_vocab('error_room') . $id_room . get_vocab('not_found')); } $row = grr_sql_row_keyed($res, 0); grr_sql_free($res); echo "<h3 style=\"text-align:center;\">"; echo get_vocab("room") . get_vocab("deux_points") . " " . htmlspecialchars($row["room_name"]); $id_area = mrbsGetRoomArea($id_room); $area_name = grr_sql_query1("select area_name from " . TABLE_PREFIX . "_area where id='" . $id_area . "'"); $area_access = grr_sql_query1("select access from " . TABLE_PREFIX . "_area where id='" . $id_area . "'"); echo "<br />(" . $area_name;
if ((getSettingValue("authentification_obli")==0) and (getUserName()=='')) { $type_session = "no_session"; } else { $type_session = "with_session"; } $id_room = isset($_GET["id_room"]) ? $_GET["id_room"] : NULL; if (isset($id_room)) settype($id_room,"integer"); if ((authGetUserLevel(getUserName(),$id_room) < 4) or (!verif_acces_ressource(getUserName(), $id_room))) { $day = date("d"); $month = date("m"); $year = date("Y"); showAccessDenied($day, $month, $year, '',''); exit(); } echo begin_page(getSettingValue("company").get_vocab("deux_points").get_vocab("mrbs")); $res = grr_sql_query("SELECT * FROM ".TABLE_PREFIX."_room WHERE id=$id_room"); if (! $res) fatal_error(0, get_vocab('error_room') . $id_room . get_vocab('not_found')); $row = grr_sql_row_keyed($res, 0); grr_sql_free($res); ?> <h3 style="text-align:center;"><?php echo get_vocab("room").get_vocab("deux_points")." ".grr_htmlSpecialChars($row["room_name"]); $id_area = mrbsGetRoomArea($id_room); $area_name = grr_sql_query1("select area_name from ".TABLE_PREFIX."_area where id='".$id_area."'");
function needAuthType($auth_type) { /* called when a page need authenticated user with type $auth_type print an access denied message and exit when user is not authenticated with that auth_type */ if ($this->auth_type != $auth_type) { showAccessDenied($auth_type); } }
if (check_begin_end_bookings($day, $from_month, $from_year)) { showNoBookings($day, $from_month, $from_year, $area,$back,$type_session); exit(); } if((authGetUserLevel(getUserName(),-1) < 1) and (getSettingValue("authentification_obli")==1)) { showAccessDenied($day, $from_month, $from_year, $area,$back); exit(); } if(authUserAccesArea(getUserName(), $area)==0) { showAccessDenied($day, $from_month, $from_year, $area,$back); exit(); } # 3-value compare: Returns result of compare as "< " "= " or "> ". function cmp3($a, $b) { if ($a < $b) return "< "; if ($a == $b) return "= "; return "> "; } // On vérifie une fois par jour si le délai de confirmation des réservations est dépassé // Si oui, les réservations concernées sont supprimées et un mail automatique est envoyé. // On vérifie une fois par jour que les ressources ont été rendue en fin de réservation // Si non, une notification email est envoyée