function auth()
{
global $INSECURE, $HTTP_POST_VARS, $HTTP_GET_VARS, $HTTP_COOKIE_VARS, $REMOTE_USER, $PHP_AUTH_USER, $PHP_AUTH_PW;
global $auth_can_disconnect;
global $connect_id_auteur, $connect_nom, $connect_bio, $connect_email;
global $connect_nom_site, $connect_url_site, $connect_login, $connect_pass;
global $connect_activer_imessage, $connect_activer_messagerie;
global $connect_status;
global $author_session, $prefs;
global $clean_link;
// This reloads $GLOBALS['db_ok'], just in case
include_config('inc_connect');
// If there is not SQL connection, quit.
if (!$GLOBALS['db_ok']) {
include_lcm('inc_presentation');
lcm_html_start("Technical problem", "install");
// annoy sql_errno()
echo "\n<!-- \n";
echo "\t* Flag connect: " . $GLOBALS['flag_connect'] . "\n\t";
lcm_query("SELECT count(*) from lcm_meta");
echo "\n-->\n\n";
echo "<div align='left' style='width: 600px;' class='box_error'>\n";
echo "\t<h3>" . _T('title_technical_problem') . "</h3>\n";
echo "\t<p>" . _T('info_technical_problem_database') . "</p>\n";
if (lcm_sql_errno()) {
echo "\t<p><tt>" . lcm_sql_errno() . " " . lcm_sql_error() . "</tt></p>\n";
} else {
echo "\t<p><tt>No error diagnostic was provided.</tt></p>\n";
}
echo "</div>\n";
lcm_html_end();
return false;
}
// Initialise variables (avoid URL hacks)
$auth_login = "";
$auth_pass = "";
$auth_pass_ok = false;
$auth_can_disconnect = false;
// Fetch identification data from authentication session
if (isset($_COOKIE['lcm_session'])) {
if (verifier_session($_COOKIE['lcm_session'])) {
if ($author_session['status'] == 'admin' or $author_session['status'] == 'normal') {
$auth_login = $author_session['username'];
$auth_pass_ok = true;
$auth_can_disconnect = true;
}
}
} else {
if ($_REQUEST['privet'] == 'yes') {
// Failed login attempt: cookie failed
$link = new Link("lcm_cookie.php?cookie_test_failed=yes");
$clean_link->delVar('privet');
$url = str_replace('/./', '/', $clean_link->getUrl());
$link->addVar('var_url', $url);
@header("Location: " . $link->getUrl());
exit;
}
}
// If not authenticated, ask for login / password
if (!$auth_login) {
$url = $clean_link->getUrl();
@header("Location: lcm_login.php?var_url=" . urlencode($url));
exit;
}
//
// Search for the login in the authors' table
//
$auth_login = addslashes($auth_login);
$query = "SELECT * FROM lcm_author WHERE username='******' AND status !='external' AND status !='6forum'";
$result = @lcm_query($query);
if ($row = lcm_fetch_array($result)) {
$connect_id_auteur = $row['id_author'];
$connect_nom = $row['name_first'];
$connect_login = $row['username'];
$connect_pass = $row['password'];
$connect_status = $row['status'];
$connect_activer_messagerie = "non";
//$row["messagerie"];
$connect_activer_imessage = "non ";
//$row["imessage"];
// Set the users' preferences
$prefs = unserialize(get_magic_quotes_runtime() ? stripslashes($row['prefs']) : $row['prefs']);
//
// Default values for some possibly unset preferences
//
if (!isset($prefs['page_rows']) || intval($prefs['page_rows']) < 1) {
$prefs['page_rows'] = 15;
}
if (!isset($prefs['theme']) || !$prefs['theme']) {
$prefs['theme'] = 'green';
}
if (!isset($prefs['screen']) || !$prefs['screen']) {
$prefs['screen'] = 'wide';
}
if (!isset($prefs['font_size']) || !$prefs['font_size']) {
$prefs['font_size'] = 'medium_font';
}
if (!isset($prefs['case_owner']) || !$prefs['case_owner']) {
$prefs['case_owner'] = 'my';
}
if (!isset($prefs['case_period']) || !$prefs['case_period']) {
$prefs['case_period'] = '91';
}
if (!isset($prefs['mode']) || !$prefs['mode']) {
$prefs['mode'] = 'simple';
}
if (!isset($prefs['time_intervals']) || !$prefs['time_intervals']) {
$prefs['time_intervals'] = 'relative';
$prefs['time_intervals_notation'] = 'hours_only';
}
} else {
// This case is a strange possibility: the author is authentified
// OK, but he does not exist in the authors table. Possible cause:
// the database was restaured and the author does not exist (and
// the user was authentified by another source, such as LDAP).
// Note: we use to show a strange error message which would advice
// to logout, but since it occurs only after db upgrade, just logout
// brutally (with cookie_admin=no to forget the username).
lcm_header('Location: lcm_cookie.php?cookie_admin=no&logout=' . $auth_login);
exit;
}
if (!$auth_pass_ok) {
@header("Location: lcm_login.php?var_erreur=pass");
exit;
}
// [ML] Again, not sure how this is used, but we can ignore it for now
// TODO (note: nouveau == new)
if ($connect_status == 'nouveau') {
$query = "UPDATE lcm_author SET status = 'normal' WHERE id_author = {$connect_id_auteur}";
$result = lcm_query($query);
$connect_status = 'normal';
}
// PHP sessions are started here, and stopped at logout
session_start();
return true;
}
}
if ($ok) {
$auth->activate();
// Force cookies for admins
if ($auth->username and $auth->status == 'admin') {
$cookie_admin = "@" . $auth->username;
}
$query = "SELECT * \n\t\t\t\t\tFROM lcm_author\n\t\t\t\t\tWHERE username='******'";
$result = lcm_query($query);
if ($row_author = lcm_fetch_array($result)) {
$cookie_session = creer_cookie_session($row_author);
}
$cible->addVar('privet', 'yes');
} else {
$cible = new Link("lcm_login.php");
$cible->addVar('var_login', $login);
$cible->addVar('var_url', urldecode($url));
if ($session_password || $session_password_md5) {
$cible->addVar('var_erreur', 'pass');
}
}
}
// Set a session cookie?
if ($cookie_session) {
if ($session_remember == 'yes') {
lcm_setcookie('lcm_session', $cookie_session, time() + 3600 * 24 * 14);
} else {
lcm_setcookie('lcm_session', $cookie_session);
}
$prefs = $row_author['prefs'] ? unserialize($row_author['prefs']) : array();
$prefs['cnx'] = $session_remember == 'yes' ? 'perma' : '';
//
// Time spent on case by authors
//
//
// Time spent on case by authors
//
case 'times':
// List authors on the case
$show_more_times = _request('more_times') ? true : false;
$q = "SELECT\n\t\t\t\t\t\ta.id_author, name_first, name_middle, name_last,\n\t\t\t\t\t\tsum(IF(UNIX_TIMESTAMP(fu.date_end) > 0,\n\t\t\t\t\t\t\tUNIX_TIMESTAMP(fu.date_end)-UNIX_TIMESTAMP(fu.date_start), 0)) as time,\n\t\t\t\t\t\tsum(sumbilled) as sumbilled\n\t\t\t\t\tFROM lcm_author as a, lcm_followup as fu\n\t\t\t\t\tWHERE fu.id_author = a.id_author\n\t\t\t\t\t AND fu.id_case = {$case}\n\t\t\t\t\t AND fu.hidden = 'N'\n\t\t\t\t\tGROUP BY fu.id_author";
$result = lcm_query($q);
// Show table headers
echo '<fieldset class="info_box">';
show_page_subtitle(_T('case_subtitle_times'), 'reports_intro');
$link_details = new Link();
$link_details->addVar('more_times', intval(!$show_more_times));
echo "<table border='0' class='tbl_usr_dtl' width='99%'>\n";
echo "<tr>\n";
echo "<th class='heading'>" . _Th('case_input_author') . ' ' . '<a title="' . _T('fu_button_stats_' . ($show_more_times ? 'less' : 'more')) . '" href="' . $link_details->getUrl() . '">' . '<img src="images/spip/' . ($show_more_times ? 'moins' : 'plus') . '.gif" alt="" border="0" />' . '</a>' . "</th>\n";
echo "<th class='heading' width='120' nowrap='nowrap' align='right'>" . _Th('time_input_length') . ' (' . _T('time_info_short_hour') . ")</th>\n";
$total_time = 0;
$total_sum_billed = 0.0;
$meta_sum_billed = read_meta('fu_sum_billed');
if ($meta_sum_billed == 'yes') {
$currency = read_meta('currency');
echo "<th class='heading' width='120' nowrap='nowrap' align='right'>" . _Th('fu_input_sum_billed') . ' (' . $currency . ")</th>\n";
}
echo "</tr>\n";
// Show table contents & calculate total
while ($row = lcm_fetch_array($result)) {
$total_time += $row['time'];
function show_list_end($current_pos = 0, $number_of_rows = 0, $allow_show_all = false, $prefix = '')
{
global $prefs;
$prefix_var = $prefix ? $prefix . '_' : '';
echo "</table>\n";
//
// Navigation for previous/next screens
//
$list_pages = ceil($number_of_rows / $prefs['page_rows']);
if (!$list_pages) {
echo "<!-- list_pages == 0 -->\n";
return;
}
$link = new Link();
$pos = $link->getVar($prefix_var . 'list_pos');
$link->delVar($prefix_var . 'list_pos');
// If we are showing "All" items, do not show navigation
if ($pos == 'all') {
return '';
}
echo "<table border='0' align='center' width='99%' class='page_numbers'>\n";
echo '<tr><td align="left" width="15%">';
// Previous page
if ($current_pos > 0) {
if ($current_pos > $prefs['page_rows']) {
$link->addVar($prefix_var . 'list_pos', $current_pos - $prefs['page_rows']);
}
echo '<a href="' . $link->getUrl($prefix) . '" class="content_link">' . "< " . _T('listnav_link_previous') . '</a> ';
}
echo "</td>\n";
echo '<td align="center" width="70%">';
// Page numbers with direct links
if ($list_pages > 1) {
echo _T('listnav_link_gotopage') . ' ';
for ($i = 0; $i < $list_pages; $i++) {
if ($i == floor($current_pos / $prefs['page_rows'])) {
echo '[' . ($i + 1) . '] ';
} else {
$current_pos_val = $i * $prefs['page_rows'];
$link = new Link();
$link->delVar($prefix_var . 'list_pos');
if ($current_pos_val > 0) {
$link->addVar($prefix_var . 'list_pos', $current_pos_val);
}
echo '<a href="' . $link->getUrl($prefix) . '" class="content_link">' . ($i + 1) . '</a> ';
}
}
if ($allow_show_all) {
$link->delVar($prefix_var . 'list_pos');
$link->addVar($prefix_var . 'list_pos', 'all');
echo '<a href="' . $link->getUrl($prefix) . '" class="content_link">' . _T('listnav_link_show_all') . '</a>';
}
}
echo "</td>\n";
echo "<td align='right' width='15%'>";
// Next page
$next_pos = $current_pos + $prefs['page_rows'];
if ($next_pos < $number_of_rows) {
$current_pos_val = $next_pos;
$link = new Link();
$link->addVar($prefix_var . 'list_pos', $current_pos_val);
echo '<a href="' . $link->getUrl($prefix) . '" class="content_link">' . _T('listnav_link_next') . " >" . '</a>';
}
echo "</td>\n";
echo "</tr>\n";
echo "</table>\n";
}
} else {
$tmp_link->addVar('show_nokw', "1");
echo '<p><a href="' . $tmp_link->getUrl() . '" class="run_lnk">' . _T('rep_button_nokw_show') . "</a></p>\n";
}
}
echo '<p><a href="rep_det.php?rep=' . $report->getId() . '" class="run_lnk">' . _T('rep_button_goback') . "</a></p>\n";
//
// Make a link to export the report
//
echo '<p>';
$link_csv = new Link();
$link_csv->delVar('export');
$link_csv->addVar('export', 'csv');
echo '<a href="' . $link_csv->getUrl() . '" class="exp_lnk">' . _T('rep_button_exportcsv') . '</a> ';
$link_ods = new Link();
$link_ods->delVar('export');
$link_ods->addVar('export', 'ods');
echo '<a href="' . $link_ods->getUrl() . '" class="exp_lnk">' . _T('rep_button_exportcsv') . ' (ODS)' . '</a>';
// TRAD
echo "</p>\n";
//
// Print debug information, if requested
//
if (isset($_REQUEST['debug'])) {
$dbg = $report->getJournal();
foreach ($dbg as $line) {
echo $line;
}
}
lcm_page_end();
}
//
// Change password (if requested)
//
if (_session('usr_new_passwd') || !_session('username_old')) {
change_password();
}
//
// Change username
//
if (_session('username') != _session('username_old') || !_session('username_old')) {
change_username(_session('id_author'), _session('username_old'), _session('username'));
}
//
// Insert/update author contacts
//
include_lcm('inc_contacts');
update_contacts_request('author', _session('id_author'));
if (count($_SESSION['errors'])) {
lcm_header("Location: edit_author.php?author=" . _session('id_author'));
exit;
}
$dest_link = new Link('author_det.php');
$dest_link->addVar('author', _session('id_author'));
// [ML] Not used at the moment, but could be useful eventually to send user
// back to where he was (but as a choice, not automatically, see author_det.php).
if (_session('ref_edit_author')) {
$dest_link->addVar('ref', _session('ref_edit_author'));
}
// Delete session (of form data will become ghosts)
$_SESSION['form_data'] = array();
lcm_header('Location: ' . $dest_link->getUrlForHeader());
