function is_prof($login, $matiere) { $test = sql_query1("select count(id_professeur) from j_professeurs_matieres where id_professeur = '" . $login . "' and id_matiere = '" . $matiere . "'"); if ($test > 0) { return true; } else { return false; } }
function __construct($screen_id) { if (!is_numeric($screen_id)) { return false; } $sql = "SELECT COUNT(id) FROM screen WHERE id = {$screen_id};"; if (sql_query1($sql)) { $this->screen_id = $screen_id; } }
function indexAction() { //Find feeds with active, approved graphical content $this->feeds = Feed::list_all_by_type('WHERE feed.type != 3 AND type.id = 3 AND feed_content.moderation_flag = 1 AND content.start_time <= NOW() AND content.end_time >= NOW() AND content.mime_type LIKE "%image%"'); $this->content_count = array(); foreach ($this->feeds as $id => $feed) { $sql = "SELECT COUNT(content.id) FROM feed_content\n LEFT JOIN content ON feed_content.content_id = content.id\n WHERE feed_content.feed_id = {$id} AND feed_content.moderation_flag = 1\n AND content.start_time <= NOW() AND content.end_time >= NOW() AND content.mime_type LIKE '%image%'\n GROUP BY feed_content.feed_id"; $this->feeds[$id]['count'] = sql_query1($sql); } }
function showAction() { list($this->category) = sql_select('page_category', array('page_category.*', 'page.name as default_page_name'), null, 'LEFT JOIN page on page.id = default_page ' . 'WHERE page_category.id = ' . $this->args[1]); $sql = 'SELECT COUNT(page.id) FROM page WHERE page_category_id=' . $this->category['id']; $this->count = sql_query1($sql); if ($this->count < 0) { $this->count = 0; } if (!$this->category) { $this->flash('Category not found', 'error'); redirect_to(ADMIN_URL . "/page_categories"); } $this->setSubject($this->category['name']); $this->setTitle($this->category['name']); }
function showAction() { $this->feed = new Feed($this->args[1]); if (!$this->feed) { $this->flash('Feed not found', 'error'); redirect_to(ADMIN_URL . "/feeds"); } $this->group = new Group($this->feed->group_id); $sql = "SELECT COUNT(content.id) FROM feed_content\n LEFT JOIN content ON feed_content.content_id = content.id\n WHERE feed_content.feed_id = {$this->feed->id}\n AND moderation_flag = 1\n AND content.end_time > NOW()\n GROUP BY feed_content.feed_id;"; $this->active_content = sql_query1($sql); if ($this->active_content < 0) { $this->active_content = 0; } $sql = "SELECT COUNT(content.id) FROM feed_content\n LEFT JOIN content ON feed_content.content_id = content.id\n WHERE feed_content.feed_id = {$this->feed->id}\n AND moderation_flag = 1\n AND content.end_time < NOW()\n GROUP BY feed_content.feed_id;"; $this->expired_content = sql_query1($sql); if ($this->expired_content < 0) { $this->expired_content = 0; } $this->setSubject($this->feed->name); $this->setTitle($this->feed->name); }
function Header() { $bord = 0; //Police DejaVu gras 15 //$this->Image("../images/logo.gif", 0, 0, 50, 50); $nom = $_SESSION['prenom'] . " " . $_SESSION['nom']; if ($_SESSION['statut'] != "professeur") { $user_statut = $_SESSION['statut']; } else { $nom_complet_matiere = sql_query1("select nom_complet from matieres where matiere = '" . $_SESSION['matiere'] . "'"); if ($nom_complet_matiere != '-1') { $user_statut = "professeur de " . $nom_complet_matiere; } else { $user_statut = "Invité"; } } $etab_text = getSettingValue("gepiSchoolName") . " - année scolaire " . getSettingValue("gepiYear"); $gepi_text = "GEPI - Solution libre de Gestion des élèves par Internet"; $this->SetFont('DejaVu', '', 8); //Calcul de la largeur des cellules $l = (LargeurPage - LeftMargin - LeftMargin) / 2; // on sauvegarde la position courante $x = $this->GetX(); $y = $this->GetY(); // on imprime du texte à gauche //$this->MultiCell($l, 5, $gepi_text,$bord, "L",0); $this->MultiCell($l, 5, $gepi_text, $bord, "L", 0); // déplace le curseur $this->SetXY($x + $l, $y); // on imprime du texte à droite //$this->MultiCell($l, 5, $etab_text,$bord, "R",0); $this->MultiCell($l, 5, $etab_text, $bord, "R", 0); $this->MultiCell($l, 5, $nom . " - " . $user_statut, $bord, "L", 0); // on trace un trait horizontal $this->cell(0, 2, "", "T", 0); // Saut de ligne et retour à la marge $this->ln(); //Saut de ligne }
echo " | <a href='param_bull.php'>Paramétrage des bulletins</a>"; } if (acces("/bulletin/verif_bulletins.php", $_SESSION['statut'])) { echo " | <a href='verif_bulletins.php' title=\"Vérifier le remplissage des bulletins.\">Vérification bulletins</a>"; } if (acces("/classes/dates_classes.php", $_SESSION['statut'])) { echo "| <a href='../classes/dates_classes.php' title=\"Définir des événements particuliers pour les classes (conseils de classe, arrêt des notes,...).\">Événements classe</a>"; } echo "</p>\n"; $texte_deverrouiller = urlencode("Déverrouiller"); $texte_verrouiller_part = urlencode("Verrouiller part."); $texte_verrouiller_tot = urlencode("Verrouiller tot."); // si la classe et la période sont définies (on vient de verif_bulletiin.php) if (!($classe != 0 and $periode != 0)) { // On va chercher les classes déjà existantes, et on les affiche. $max_per = sql_query1("SELECT num_periode FROM periodes ORDER BY num_periode DESC LIMIT 1"); //$calldata = sql_query("SELECT DISTINCT c.id, c.classe FROM classes c, periodes p WHERE p.id_classe = c.id ORDER BY classe"); $calldata = mysqli_query($GLOBALS["mysqli"], "SELECT DISTINCT c.id, c.classe FROM classes c, periodes p, j_scol_classes jsc WHERE p.id_classe = c.id AND jsc.id_classe=c.id AND jsc.login='******'login'] . "' ORDER BY classe"); $nombreligne = sql_count($calldata); echo "Total : {$nombreligne} classes\n"; } echo "<ul>\n<li>Lorsqu'une période est <b>déverrouillée</b>, le remplissage de toutes les rubriques (notes, appréciations, avis) est autorisé, la visualisation des\nbulletins simples est autorisée mais la visualisation et l'impression des bulletins officiels sont impossibles.<br /><br /></li>\n<li>Lorsqu'une période est <b>verrouillée partiellement</b>, seuls le remplissage et/ou la modification\nde l'avis du conseil de classe"; if ($gepiSettings['active_mod_ects'] == 'y') { echo " et des crédits ECTS "; } echo " sont possibles. La visualisation et l'impression des bulletins officiels sont autorisées.<br /><br /></li>\n<li>Lorsqu'une période est <b>verrouillée totalement</b>, le remplissage et la modification du bulletin pour la période concernée\nsont impossibles. la visualisation et l'impression sont autorisées.</li>\n"; echo "</ul>\n"; echo "<br /><br />\n"; // si la classe et la période sont définies (on vient de verif_bulletin.php) if ($classe != 0 and $periode != 0) { echo "<form action=\"verrouillage.php?classe={$classe}&periode={$periode}&action={$action_apres}\" name=\"formulaire\" method=\"post\">\n";
function sql_mutex_unlock($name) { global $sql_mutex_unlock_name; sql_query1("SELECT RELEASE_LOCK('{$name}')"); $sql_mutex_unlock_name = ""; }
# Default parameters: if (empty($debug_flag)) { $debug_flag = 0; } if (empty($month) || empty($year) || !checkdate($month, 1, $year)) { $month = date("m"); $year = date("Y"); } $day = 1; # print the page header print_header($day, $month, $year, $area); if (empty($area)) { $area = get_default_area(); } if (empty($room)) { $room = sql_query1("select min(id) from mrbs_room where area_id={$area}"); } # Note $room will be -1 if there are no rooms; this is checked for below. # Month view start time. This ignores morningstarts/eveningends because it # doesn't make sense to not show all entries for the day, and it messes # things up when entries cross midnight. $month_start = mktime(0, 0, 0, $month, 1, $year); # What column the month starts in: 0 means $weekstarts weekday. $weekday_start = (date("w", $month_start) - $weekstarts + 7) % 7; $days_in_month = date("t", $month_start); $month_end = mktime(23, 59, 59, $month, $days_in_month, $year); if ($pview != 1) { # Table with areas, rooms, minicals. echo "<table width=\"100%\"><tr>"; $this_area_name = ""; $this_room_name = "";
function priv_test($obj, $feed_id){ if(!is_numeric($feed_id)){ return false; } $group_string = implode(',',$obj->groups); $sql = "SELECT COUNT(id) FROM feed WHERE id = $feed_id AND (type = 0 OR type = 1 OR type = 2 OR type = 4 OR (type = 3 AND group_id IN ($group_string)))"; if($res = sql_query1($sql)){ return $res; } else { return false; } }
// not the form and we want to go straight to Phase 2 (producing the report) if ($cli_mode) { $phase = 2; } // Set up for Ajax. We need to know whether we're capable of dealing with Ajax // requests, which will only be if (a) the browser is using DataTables and (b) // we can do JSON encoding. We also need to initialise the JSON data array. $ajax_capable = $datatable && function_exists('json_encode'); if ($ajax) { $json_data['aaData'] = array(); } $private_somewhere = some_area('private_enabled') || some_area('private_mandatory'); $approval_somewhere = some_area('approval_enabled'); $confirmation_somewhere = some_area('confirmation_enabled'); $times_somewhere = sql_query1("SELECT COUNT(*) FROM {$tbl_area} WHERE enable_periods=0") > 0; $periods_somewhere = sql_query1("SELECT COUNT(*) FROM {$tbl_area} WHERE enable_periods!=0") > 0; // Build the report search field order $report_presentation_fields = array('output', 'output_format', 'sortby', 'sumby'); foreach ($report_presentation_fields as $field) { if (!in_array($field, $report_presentation_field_order)) { $report_presentation_field_order[] = $field; } } // Build the report search field order $report_search_fields = array('report_start', 'report_end', 'areamatch', 'roommatch', 'typematch', 'namematch', 'descrmatch', 'creatormatch', 'match_private', 'match_confirmed', 'match_approved'); foreach ($report_search_fields as $field) { if (!in_array($field, $report_search_field_order)) { $report_search_field_order[] = $field; } } // Get information about custom fields
if (day_past_midnight()) { $end_last = (($eveningends * 60 + $eveningends_minutes) * 60 + $resolution) % SECONDS_PER_DAY; if ($start_seconds < $end_last) { $start_seconds += SECONDS_PER_DAY; $day_before = getdate(mktime(0, 0, 0, $start_month, $start_day - 1, $start_year)); $start_day = $day_before['mday']; $start_month = $day_before['mon']; $start_year = $day_before['year']; } } // Check that the user has permission to create/edit an entry for this room. // Get the id of the room that we are creating/editing if (isset($id)) { // Editing an existing booking: get the room_id from the database (you can't // get it from $rooms because they are the new rooms) $target_room = sql_query1("SELECT room_id FROM {$tbl_entry} WHERE id={$id} LIMIT 1"); if ($target_room < 0) { trigger_error(sql_error(), E_USER_WARNING); fatal_error(FALSE, get_vocab("fatal_db_error")); } } else { // New booking: get the room_id from the form if (!isset($rooms[0])) { // $rooms[0] should always be set, because you can only get here // from edit_entry.php, where it will be set. If it's not set // then something's gone wrong - probably somebody trying to call // edit_entry_handler.php directly from the browser - so get out // of here and go somewhere safe. header("Location: index.php"); exit; }
} } if ($pview != 1) { # Table with areas, rooms, minicals. echo "<table width=\"100%\"><tr>"; $this_area_name = ""; $this_room_name = ""; # Show all areas echo "<td width=\"30%\"><u>" . get_string('areas', 'block_mrbs') . "</u><br>"; } # show either a select box or the normal html list if ($area_list_format == "select") { echo make_area_select_html('month.php', $area, $year, $month, $day); # from functions.php $this_area_name = sql_query1("select area_name from {$tbl_area} where id={$area}"); $this_room_name = sql_query1("select room_name from {$tbl_room} where id={$room}"); } else { $sql = "select id, area_name from {$tbl_area} order by area_name"; $res = sql_query($sql); if ($res) { for ($i = 0; $row = sql_row($res, $i); $i++) { if ($pview != 1) { echo "<a href=\"month.php?year={$year}&month={$month}&area={$row['0']}\">"; } if ($row[0] == $area) { $this_area_name = htmlspecialchars($row[1]); if ($pview != 1) { echo "<font color=\"red\">{$this_area_name}</font></a><br>\n"; } } else { if ($pview != 1) {
} if (!$search_str) { echo "<H3>" . get_vocab("invalid_search") . "</H3>"; include "trailer.inc"; exit; } # now is used so that we only display entries newer than the current time echo "<H3>" . get_vocab("search_results") . ": \"<font color=\"blue\">{$search_str}</font>\"</H3>\n"; $now = mktime(0, 0, 0, $month, $day, $year); # This is the main part of the query predicate, used in both queries: $sql_pred = "( " . sql_syntax_caseless_contains("E.create_by", $search_text) . " OR " . sql_syntax_caseless_contains("E.name", $search_text) . " OR " . sql_syntax_caseless_contains("E.description", $search_text) . ") AND E.end_time > {$now}"; # The first time the search is called, we get the total # number of matches. This is passed along to subsequent # searches so that we don't have to run it for each page. if (!isset($total)) { $total = sql_query1("SELECT count(*) FROM {$tbl_entry} E WHERE {$sql_pred}"); } if ($total <= 0) { echo "<B>" . get_vocab("nothing_found") . "</B>\n"; include "trailer.inc"; exit; } if (!isset($search_pos) || $search_pos <= 0) { $search_pos = 0; } elseif ($search_pos >= $total) { $search_pos = $total - $total % $search["count"]; } # Now we set up the "real" query using LIMIT to just get the stuff we want. $sql = "SELECT E.id, E.create_by, E.name, E.description, E.start_time, R.area_id\n FROM {$tbl_entry} E, {$tbl_room} R\n WHERE {$sql_pred}\n AND E.room_id = R.id\n ORDER BY E.start_time asc " . sql_syntax_limit($search["count"], $search_pos); # this is a flag to tell us not to display a "Next" link $result = sql_query($sql);
// 0 => entering DST // 1 => leaving DST $dst_change[$j] = is_dst($month, $day_start_week + $j, $year); $am7[$j] = mktime($morningstarts, $morningstarts_minutes, 0, $month, $day_start_week + $j, $year, is_dst($month, $day_start_week + $j, $year, $morningstarts)); $pm7[$j] = mktime($eveningends, $eveningends_minutes, 0, $month, $day_start_week + $j, $year, is_dst($month, $day_start_week + $j, $year, $eveningends)); } // Section with areas, rooms, minicals. ?> <div class="screenonly"> <div id="dwm_header"> <?php // Get the area and room names (we will need them later for the heading) $this_area_name = ""; $this_room_name = ""; $this_area_name = htmlspecialchars(sql_query1("SELECT area_name FROM {$tbl_area} WHERE id={$area} LIMIT 1")); $this_room_name = htmlspecialchars(sql_query1("SELECT room_name FROM {$tbl_room} WHERE id={$room} LIMIT 1")); $sql = "select id, area_name from {$tbl_area} order by area_name"; $res = sql_query($sql); // Show all available areas // but only if there's more than one of them, otherwise there's no point if ($res && sql_count($res) > 1) { echo "<div id=\"dwm_areas\"><h3>" . get_vocab("areas") . "</h3>"; // show either a select box or the normal html list if ($area_list_format == "select") { echo make_area_select_html('week.php', $area, $year, $month, $day); } else { echo "<ul>\n"; for ($i = 0; $row = sql_row_keyed($res, $i); $i++) { echo "<li><a href=\"week.php?year={$year}&month={$month}&day={$day}&area={$row['id']}\">"; echo "<span" . ($row['id'] == $area ? ' class="current"' : '') . ">"; echo htmlspecialchars($row['area_name']) . "</span></a></li>\n";
$valid_email = new Mail_RFC822(); foreach ($emails as $email) { // if no email address is entered, this is OK, even if isValidInetAddress // does not return TRUE if (!$valid_email->isValidInetAddress($email, $strict = FALSE) && '' != $email_var) { // Now display this form again with an error message Header("Location: edit_users.php?Action=Edit&Id={$Id}&invalid_email=1"); exit; } } // if ($Id >= 0) { $operation = "replace into {$tbl_users} values ("; } else { $operation = "insert into {$tbl_users} values ("; $Id = sql_query1("select max(id) from {$tbl_users};") + 1; /* Use the last index + 1 */ /* Note: If the table is empty, sql_query1 returns -1. So use index 0. */ } $i = 0; foreach ($fields as $fieldname) { if ($fieldname == "id") { $value = $Id; } else { if ($fieldname == "name") { $value = strtolower(get_form_var('Field_name', 'string')); } else { if ($fieldname == "password" && $password0 != "") { $value = md5($password0); } else { $value = get_form_var("Field_{$fieldname}", $field_props[$fieldname]['istext'] ? 'string' : 'int');
$change_room = get_form_var('change_room', 'string'); $change_area = get_form_var('change_area', 'string'); // If we dont know the right date then make it up if (!isset($day) or !isset($month) or !isset($year)) { $day = date("d"); $month = date("m"); $year = date("Y"); } if (!getAuthorised(2)) { showAccessDenied($day, $month, $year, $area, ""); exit; } // Done changing area or room information? if (isset($change_done)) { if (!empty($room)) { $area = sql_query1("SELECT area_id from {$tbl_room} where id={$room}"); } Header("Location: admin.php?day={$day}&month={$month}&year={$year}&area={$area}"); exit; } print_header($day, $month, $year, isset($area) ? $area : "", isset($room) ? $room : ""); ?> <h2><?php echo get_vocab("editroomarea"); ?> </h2> <?php if (!empty($room)) { include_once 'Mail/RFC822.php';
$tab_pref = array('num_periode', 'larg_tab', 'bord', 'couleur_alterne', 'aff_abs', 'aff_reg', 'aff_doub', 'aff_rang'); for ($loop = 0; $loop < count($tab_pref); $loop++) { $tmp_var = $tab_pref[$loop]; if (${$tmp_var} == '') { ${$tmp_var} = "n"; } $sql = "INSERT INTO preferences SET name='vtn_pref_" . $tmp_var . "', value='" . ${$tmp_var} . "', login='******'login'] . "';"; //echo "$sql<br />"; $insert = mysqli_query($GLOBALS["mysqli"], $sql); $_SESSION['vtn_pref_' . $tmp_var] = ${$tmp_var}; } $sql = "INSERT INTO preferences SET name='vtn_pref_coloriser_resultats', value='{$vtn_coloriser_resultats}', login='******'login'] . "';"; $insert = mysqli_query($GLOBALS["mysqli"], $sql); $_SESSION['vtn_pref_coloriser_resultats'] = $vtn_coloriser_resultats; //================================================= $classe = sql_query1("SELECT classe FROM classes WHERE id = '{$id_classe}'"); // Lien pour générer un PDF echo "<div class='noprint' style='float: right; border: 1px solid black; background-color: white; width: 3em; height: 1em; text-align: center; padding-bottom:3px; margin-left:3px;'>\n<a href='" . $_SERVER['PHP_SELF'] . "?mode=pdf&id_classe={$id_classe}&num_periode={$num_periode}"; if ($aff_abs && $aff_abs == 'y') { echo "&aff_abs={$aff_abs}"; } if ($aff_reg && $aff_reg == 'y') { echo "&aff_reg={$aff_reg}"; } if ($aff_doub && $aff_doub == 'y') { echo "&aff_doub={$aff_doub}"; } if ($aff_rang && $aff_rang == 'y') { echo "&aff_rang={$aff_rang}"; } if ($aff_date_naiss && $aff_date_naiss == 'y') {
$midnight_tonight[$j] = mktime(23, 59, 59, $month, $j, $year, is_dst($month, $j, $year, 23)); } else { $midnight[$j] = mktime(12, 0, 0, $month, $j, $year, is_dst($month, $j, $year, 0)); $midnight_tonight[$j] = mktime(12, count($periods), 59, $month, $j, $year, is_dst($month, $j, $year, 23)); } } // Section with areas, rooms, minicals. ?> <div class="screenonly"> <div id="dwm_header"> <?php // Get the area and room names (we will need them later for the heading) $this_area_name = ""; $this_room_name = ""; $this_area_name = htmlspecialchars(sql_query1("select area_name\n from {$tbl_area} where id={$area}")); $this_room_name = htmlspecialchars(sql_query1("select room_name\n from {$tbl_room} where id={$room}")); $sql = "select id, area_name from {$tbl_area} order by area_name"; $res = sql_query($sql); // Show all available areas // but only if there's more than one of them, otherwise there's no point if ($res && sql_count($res) > 1) { echo "<div id=\"dwm_areas\"><h3>" . get_vocab("areas") . "</h3>"; // show either a select box or the normal html list if ($area_list_format == "select") { echo make_area_select_html('month.php', $area, $year, $month, $day); } else { echo "<ul>\n"; for ($i = 0; $row = sql_row_keyed($res, $i); $i++) { echo "<li><a href=\"month.php?year={$year}&month={$month}&day={$day}&area={$row['0']}\">"; echo "<span" . ($row['id'] == $area ? ' class="current"' : '') . ">"; echo htmlspecialchars($row['area_name']) . "</span></a></li>\n";
$days_in_month = date("t", $month_start); $month_end = mktime(23, 59, 59, $month, $days_in_month, $year); if ($pview != 1) { # Table with areas, rooms, minicals. echo "<table width=\"100%\"><tr>"; $this_area_name = ""; $this_room_name = ""; # Show all areas echo "<td width=\"30%\"><u>{$vocab['areas']}</u><br>"; } # show either a select box or the normal html list if ($area_list_format == "select") { echo make_area_select_html('month.php', $area, $year, $month, $day); # from functions.inc $this_area_name = sql_query1("select area_name from mrbs_area where id={$area}"); $this_room_name = sql_query1("select room_name from mrbs_room where id={$room}"); } else { $sql = "select id, area_name from mrbs_area order by area_name"; $res = sql_query($sql); if ($res) { for ($i = 0; $row = sql_row($res, $i); $i++) { if ($pview != 1) { echo "<a href=\"month.php?year={$year}&month={$month}&area={$row['0']}\">"; } if ($row[0] == $area) { $this_area_name = htmlspecialchars($row[1]); if ($pview != 1) { echo "<font color=\"red\">{$this_area_name}</font></a><br>\n"; } } else { if ($pview != 1) {
# For weekly repeat(2), build string of weekdays to repeat on: $rep_opt = ""; if ($rep_type == 2 || $rep_type == 6) { for ($i = 0; $i < 7; $i++) { $rep_opt .= empty($rep_day[$i]) ? "0" : "1"; } } # Expand a series into a list of start times: if ($rep_type != 0) { $reps = mrbsGetRepeatEntryList($starttime, isset($rep_enddate) ? $rep_enddate : 0, $rep_type, $rep_opt, $max_rep_entrys, $rep_num_weeks); } # When checking for overlaps, for Edit (not New), ignore this entry and series: $repeat_id = 0; if (isset($id)) { $ignore_id = $id; $repeat_id = sql_query1("SELECT repeat_id FROM {$tbl_entry} WHERE id={$id}"); if ($repeat_id < 0) { $repeat_id = 0; } } else { $ignore_id = 0; } # Acquire mutex to lock out others trying to book the same slot(s). if (!sql_mutex_lock("{$tbl_entry}")) { fatal_error(1, get_vocab("failed_to_acquire")); } # Check for any schedule conflicts in each room we're going to try and # book in $err = ""; foreach ($rooms as $room_id) { if ($rep_type != 0 && !empty($reps)) {
// put a space after each comma so that the list displays better $room_admin_email = str_replace(',', ', ', $room_admin_email); // validate the email addresses $valid_email = validate_email_list($room_admin_email); if (FALSE != $valid_email) { if (empty($capacity)) { $capacity = 0; } // Acquire a mutex to lock out others who might be deleting the new area if (!sql_mutex_lock("{$tbl_area}")) { fatal_error(TRUE, get_vocab("failed_to_acquire")); } // Check the new area still exists if (sql_query1("SELECT COUNT(*) FROM {$tbl_area} WHERE id={$new_area} LIMIT 1") < 1) { $valid_area = FALSE; } elseif (($new_area != $old_area || $room_name != $old_room_name) && sql_query1("SELECT COUNT(*)\n FROM {$tbl_room}\n WHERE" . sql_syntax_casesensitive_equals("room_name", $room_name) . "\n AND area_id={$new_area}\n LIMIT 1") > 0) { $valid_room_name = FALSE; } else { // Convert booleans into 0/1 (necessary for PostgreSQL) $room_disabled = !empty($room_disabled) ? 1 : 0; $sql = "UPDATE {$tbl_room} SET "; $n_fields = count($fields); $assign_array = array(); foreach ($fields as $field) { if ($field['name'] != 'id') { switch ($field['name']) { // first of all deal with the standard MRBS fields case 'area_id': $assign_array[] = "area_id={$new_area}"; break; case 'disabled':
} elseif ($type == "room") { // Truncate the name and description fields to the maximum length as a precaution. $name = substr($name, 0, $maxlength['room.room_name']); $description = substr($description, 0, $maxlength['room.description']); // Add SQL escaping $room_name_q = addslashes($name); $description_q = addslashes($description); if (empty($capacity)) { $capacity = 0; } // Acquire a mutex to lock out others who might be editing rooms if (!sql_mutex_lock("{$tbl_room}")) { fatal_error(TRUE, get_vocab("failed_to_acquire")); } // Check that the room name is unique within the area if (sql_query1("SELECT COUNT(*) FROM {$tbl_room} WHERE room_name='{$room_name_q}' AND area_id={$area} LIMIT 1") > 0) { $error = "invalid_room_name"; } else { $sql = "INSERT INTO {$tbl_room} (room_name, sort_key, area_id, description, capacity)\n VALUES ('{$room_name_q}', '{$room_name_q}', {$area}, '{$description_q}',{$capacity})"; if (sql_command($sql) < 0) { trigger_error(sql_error(), E_USER_WARNING); fatal_error(TRUE, get_vocab("fatal_db_error")); } } // Release the mutex sql_mutex_unlock("{$tbl_room}"); } if (!empty($error)) { $url = formatURLError($area, $error); } else { $url = formatURLError($area, NULL);
private function gestionEleveAID() { global $mysqli; $this->b = 0; if (getSettingValue("active_mod_gest_aid") == 'y') { $sql = "SELECT * FROM aid_config "; // on exclue la rubrique permettant de visualiser quels élèves ont le droit d'envoyer/modifier leur photo $flag_where = 'n'; if (getSettingValue("num_aid_trombinoscopes") != "") { $sql .= "WHERE indice_aid!= '" . getSettingValue("num_aid_trombinoscopes") . "'"; $flag_where = 'y'; } // si le plugin "gestion_autorisations_publications" existe et est activé, on exclue la rubrique correspondante $test_plugin = sql_query1("select ouvert from plugins where nom='gestion_autorisations_publications'"); if ($test_plugin == 'y' and getSettingValue("indice_aid_autorisations_publi") != "") { if ($flag_where == 'n') { $sql .= "WHERE indice_aid!= '" . getSettingValue("indice_aid_autorisations_publi") . "'"; } else { $sql .= "and indice_aid!= '" . getSettingValue("indice_aid_autorisations_publi") . "'"; } } $sql .= " ORDER BY nom"; $call_data = mysqli_query($mysqli, $sql); while ($obj = $call_data->fetch_object()) { $indice_aid = $obj->indice_aid; $call_prof1 = mysqli_query($mysqli, "SELECT *\n FROM j_aid_utilisateurs_gest\n WHERE indice_aid = '" . $indice_aid . "' and id_utilisateur='" . $this->loginUtilisateur . "'"); $nb_result1 = $call_prof1->num_rows; $call_prof2 = mysqli_query($mysqli, "SELECT *\n FROM j_aidcateg_super_gestionnaires\n WHERE indice_aid = '" . $indice_aid . "' and id_utilisateur='" . $this->loginUtilisateur . "'"); $nb_result2 = $call_prof2->num_rows; if ($nb_result1 != 0 or $nb_result2 != 0) { //$nom_aid = @old_mysql_result($call_data, $i, "nom"); $nom_aid = $obj->nom; if ($nb_result2 != 0) { $this->creeNouveauItem("/aid/index2.php?indice_aid=" . $indice_aid, $nom_aid, "Cet outil vous permet de gérer les groupes (création, suppression, modification)."); } else { $this->creeNouveauItem("/aid/index2.php?indice_aid=" . $indice_aid, $nom_aid, "Cet outil vous permet de gérer l'appartenance des élèves aux différents groupes."); } } } } if ($this->b > 0) { $this->creeNouveauTitre('accueil', "Gestion des AID", 'images/icons/document.png'); return true; } }
if (!$room_res) { echo sql_error(); } for ($j = 0; list($room) = sql_row($room_res, $j); $j++) { // Now we know room and area // We have to add some appointments to the day // four in each room seems good enough for ($a = 1; $a < 5; $a++) { // Pick a random hour 8-5 $starthour = mt_rand(7, 16); $length = mt_rand(1, 5) * 30; $starttime = mktime($starthour, 0, 0, $month, $day, $year); $endtime = mktime($starthour, $length, 0, $month, $day, $year); // Check that this isnt going to overlap $sql = "select count(*) from {$tbl_entry} where room_id={$room} and ((start_time between {$starttime} and {$endtime}) or (end_time between {$starttime} and {$endtime}) or (start_time = {$starttime} and end_time = {$endtime}))"; $counte = sql_query1($sql); if ($counte == 0) { // There are no overlaps if ($area == 4) { $name = $jpnames[mt_rand(1, count($jpnames) - 1)]; } else { $name = $ennames[mt_rand(1, count($ennames) - 1)]; } $type = $intext[mt_rand(1, 2)]; $sql = "insert into {$tbl_entry} (room_id, create_by, start_time, end_time, type, name, description) values ({$room}, '{$REMOTE_ADDR}', {$starttime}, {$endtime},'{$type}','{$name}','A meeting')"; sql_command($sql); } echo "{$area} - {$room} ({$starthour},{$length}), {$type}<br>"; } } }
// // Quelque chose a été posté // if ($_POST['action'] == "save_data") { check_token(false); // // On enregistre les données dans la base. // Le fichier a déjà été affiché, et l'utilisateur est sûr de vouloir enregistrer // echo "<p><em>On vide d'abord les tables suivantes :</em> "; $j = 0; $k = 0; while ($j < count($liste_tables_del)) { $sql = "SHOW TABLES LIKE '" . $liste_tables_del[$j] . "';"; //echo "$sql<br />"; $test = sql_query1($sql); if ($test != -1) { if ($k > 0) { echo ", "; } $sql = "SELECT 1=1 FROM {$liste_tables_del[$j]};"; $res_test_tab = mysqli_query($GLOBALS["mysqli"], $sql); if (mysqli_num_rows($res_test_tab) > 0) { $sql = "DELETE FROM {$liste_tables_del[$j]};"; $del = @mysqli_query($GLOBALS["mysqli"], $sql); echo "<b>" . $liste_tables_del[$j] . "</b>"; echo " (" . mysqli_num_rows($res_test_tab) . ")"; } else { echo $liste_tables_del[$j]; } $k++;
$v_naissance2=$tmp_tab_naissance[2]."/".$tmp_tab_naissance[1]."/".$tmp_tab_naissance[0]; $v_sexe2=old_mysql_result($call_eleve2_info, "0", 'sexe'); $v_eleve_nom_prenom2=$v_legend2; if ($periode != 'annee') { $temp = my_strtolower($nom_periode[$periode]); } else { $temp = 'Année complète'; } $graph_title = $eleve1_nom." ".$eleve1_prenom." ".$classe." et ".$eleve2_nom." ".$eleve2_prenom." ".$classe2." | ".$temp; echo "<p class='bold'>$eleve1_nom $eleve1_prenom ($classe) et $eleve2_nom $eleve2_prenom ($classe2) | $temp</p>\n"; echo "<table border='1' cellspacing='2' cellpadding='5'>\n"; echo "<tr><td width='100'><p>Matière</p></td><td width='100'><p>$eleve1_nom $eleve1_prenom</p></td><td width='100'><p>$eleve2_nom $eleve2_prenom</p></td><td width='100'><p>Différence</p></td></tr>\n"; //$call_classe_infos = mysql_query("SELECT DISTINCT m.* FROM matieres m,j_classes_matieres_professeurs j WHERE (m.matiere = j.id_matiere AND j.id_classe='$id_classe') ORDER BY j.priorite"); $affiche_categories = sql_query1("SELECT display_mat_cat FROM classes WHERE id='".$id_classe."'"); if ($affiche_categories == "y") { $affiche_categories = true; } else { $affiche_categories = false; } if ($affiche_categories) { // On utilise les valeurs spécifiées pour la classe en question $call_groupes = mysqli_query($GLOBALS["mysqli"], "SELECT DISTINCT jgc.id_groupe ". "FROM j_eleves_groupes jeg, j_groupes_classes jgc, j_groupes_matieres jgm, j_matieres_categories_classes jmcc, matieres m " . "WHERE ( " . "jeg.login = '******' AND " . "jgc.id_groupe = jeg.id_groupe AND " . "jgc.categorie_id = jmcc.categorie_id AND " . "jgc.id_classe = '".$id_classe."' AND " .
function feedbackAction() { if (isset($_POST['submit']) && is_numeric($_POST['page_id'])) { if (!preg_match('/person/i', $_POST['human'])) { echo "Sorry, people only, please. Feel free to try again."; exit(1); } $group = new Group(ADMIN_GROUP_ID); $dat = $_POST['feed']; if (isset($_POST['email'])) { $email = $_POST['email']; } else { $email = $_SESSION['user']->email; } if ($_POST['helpful']) { $helfpul = 1; } else { $helpful = 0; } if (isLoggedIn()) { $submitter = $_SESSION['user']->name . ' (' . $_SESSION['user']->username . ' - ' . $email . ')'; } else { $submitter = $email; } $page = sql_query1("SELECT CONCAT(page_category.name,' :: ',page.name) AS cat FROM `page`" . " LEFT JOIN `page_category` ON page_category_id=page_category.id" . " WHERE page.id='{$_POST['page_id']}'"); $ip = $_SERVER['REMOTE_ADDR']; $msg = "New page feedback from {$submitter} [{$ip}]\n"; $msg .= "Page: {$page}\n"; $msg .= 'Found Helpful: ' . ($helfpul == 1 ? 'Yes' : 'No') . "\n"; $msg .= '' . "\n"; $msg .= 'Feeback: ' . $_POST['message'] . "\n"; if ($group->send_mail('New Feedback on ' . $page, $msg, $email)) { echo "<strong>Thanks!</strong> Your feedback will help us improve our service and support."; exit(1); } } echo "Sorry, there was an error processing your request. You can contact support directly using the email address in this page's footer below."; }
print " <p class=\"error\">" . sql_error() . "</p>\n"; print " <input type=\"submit\" value=\" " . get_vocab("ok") . " \">\n"; print " </fieldset>\n"; print "</form>\n"; // Print footer and exit print_footer(TRUE); } /* Success. Redirect to the user list, to remove the form args */ Header("Location: edit_users.php"); } } /*---------------------------------------------------------------------------*\ | Delete a user | \*---------------------------------------------------------------------------*/ if (isset($Action) && $Action == "Delete") { $target_level = sql_query1("SELECT level FROM {$tbl_users} WHERE id={$Id} LIMIT 1"); if ($target_level < 0) { fatal_error(TRUE, "Fatal error while deleting a user"); } // you can't delete a user if you're not some kind of admin, and then you can't // delete someone higher than you if ($level < $min_user_editing_level || $level < $target_level) { showAccessDenied(0, 0, 0, "", ""); exit; } $r = sql_command("delete from {$tbl_users} where id={$Id};"); if ($r == -1) { print_header(0, 0, 0, "", ""); // This is unlikely to happen in normal operation. Do not translate. print "<form class=\"edit_users_error\" method=\"post\" action=\"" . htmlspecialchars(basename($PHP_SELF)) . "\">\n"; print " <fieldset>\n";
} } echo "<div id=\"del_room_confirm\">\n"; echo "<p>" . get_vocab("sure") . "</p>\n"; echo "<div id=\"del_room_confirm_links\">\n"; echo "<a href=\"del.php?type=room&room={$room}&confirm=Y\"><span id=\"del_yes\">" . get_vocab("YES") . "!</span></a>\n"; echo "<a href=\"admin.php\"><span id=\"del_no\">" . get_vocab("NO") . "!</span></a>\n"; echo "</div>\n"; echo "</div>\n"; include "trailer.inc"; } } if ($type == "area") { // We are only going to let them delete an area if there are // no rooms. its easier $n = sql_query1("select count(*) from {$tbl_room} where area_id={$area}"); if ($n == 0) { // OK, nothing there, lets blast it away sql_command("delete from {$tbl_area} where id={$area}"); // Redirect back to the admin page header("Location: admin.php"); } else { // There are rooms left in the area print_header($day, $month, $year, $area); echo "<p>\n"; echo get_vocab("delarea"); echo "<a href=\"admin.php\">" . get_vocab("backadmin") . "</a>"; echo "</p>\n"; include "trailer.inc"; } }