function auth() { global $INSECURE, $HTTP_POST_VARS, $HTTP_GET_VARS, $HTTP_COOKIE_VARS, $REMOTE_USER, $PHP_AUTH_USER, $PHP_AUTH_PW; global $auth_can_disconnect; global $connect_id_auteur, $connect_nom, $connect_bio, $connect_email; global $connect_nom_site, $connect_url_site, $connect_login, $connect_pass; global $connect_activer_imessage, $connect_activer_messagerie; global $connect_status; global $author_session, $prefs; global $clean_link; // This reloads $GLOBALS['db_ok'], just in case include_config('inc_connect'); // If there is not SQL connection, quit. if (!$GLOBALS['db_ok']) { include_lcm('inc_presentation'); lcm_html_start("Technical problem", "install"); // annoy sql_errno() echo "\n<!-- \n"; echo "\t* Flag connect: " . $GLOBALS['flag_connect'] . "\n\t"; lcm_query("SELECT count(*) from lcm_meta"); echo "\n-->\n\n"; echo "<div align='left' style='width: 600px;' class='box_error'>\n"; echo "\t<h3>" . _T('title_technical_problem') . "</h3>\n"; echo "\t<p>" . _T('info_technical_problem_database') . "</p>\n"; if (lcm_sql_errno()) { echo "\t<p><tt>" . lcm_sql_errno() . " " . lcm_sql_error() . "</tt></p>\n"; } else { echo "\t<p><tt>No error diagnostic was provided.</tt></p>\n"; } echo "</div>\n"; lcm_html_end(); return false; } // Initialise variables (avoid URL hacks) $auth_login = ""; $auth_pass = ""; $auth_pass_ok = false; $auth_can_disconnect = false; // Fetch identification data from authentication session if (isset($_COOKIE['lcm_session'])) { if (verifier_session($_COOKIE['lcm_session'])) { if ($author_session['status'] == 'admin' or $author_session['status'] == 'normal') { $auth_login = $author_session['username']; $auth_pass_ok = true; $auth_can_disconnect = true; } } } else { if ($_REQUEST['privet'] == 'yes') { // Failed login attempt: cookie failed $link = new Link("lcm_cookie.php?cookie_test_failed=yes"); $clean_link->delVar('privet'); $url = str_replace('/./', '/', $clean_link->getUrl()); $link->addVar('var_url', $url); @header("Location: " . $link->getUrl()); exit; } } // If not authenticated, ask for login / password if (!$auth_login) { $url = $clean_link->getUrl(); @header("Location: lcm_login.php?var_url=" . urlencode($url)); exit; } // // Search for the login in the authors' table // $auth_login = addslashes($auth_login); $query = "SELECT * FROM lcm_author WHERE username='******' AND status !='external' AND status !='6forum'"; $result = @lcm_query($query); if ($row = lcm_fetch_array($result)) { $connect_id_auteur = $row['id_author']; $connect_nom = $row['name_first']; $connect_login = $row['username']; $connect_pass = $row['password']; $connect_status = $row['status']; $connect_activer_messagerie = "non"; //$row["messagerie"]; $connect_activer_imessage = "non "; //$row["imessage"]; // Set the users' preferences $prefs = unserialize(get_magic_quotes_runtime() ? stripslashes($row['prefs']) : $row['prefs']); // // Default values for some possibly unset preferences // if (!isset($prefs['page_rows']) || intval($prefs['page_rows']) < 1) { $prefs['page_rows'] = 15; } if (!isset($prefs['theme']) || !$prefs['theme']) { $prefs['theme'] = 'green'; } if (!isset($prefs['screen']) || !$prefs['screen']) { $prefs['screen'] = 'wide'; } if (!isset($prefs['font_size']) || !$prefs['font_size']) { $prefs['font_size'] = 'medium_font'; } if (!isset($prefs['case_owner']) || !$prefs['case_owner']) { $prefs['case_owner'] = 'my'; } if (!isset($prefs['case_period']) || !$prefs['case_period']) { $prefs['case_period'] = '91'; } if (!isset($prefs['mode']) || !$prefs['mode']) { $prefs['mode'] = 'simple'; } if (!isset($prefs['time_intervals']) || !$prefs['time_intervals']) { $prefs['time_intervals'] = 'relative'; $prefs['time_intervals_notation'] = 'hours_only'; } } else { // This case is a strange possibility: the author is authentified // OK, but he does not exist in the authors table. Possible cause: // the database was restaured and the author does not exist (and // the user was authentified by another source, such as LDAP). // Note: we use to show a strange error message which would advice // to logout, but since it occurs only after db upgrade, just logout // brutally (with cookie_admin=no to forget the username). lcm_header('Location: lcm_cookie.php?cookie_admin=no&logout=' . $auth_login); exit; } if (!$auth_pass_ok) { @header("Location: lcm_login.php?var_erreur=pass"); exit; } // [ML] Again, not sure how this is used, but we can ignore it for now // TODO (note: nouveau == new) if ($connect_status == 'nouveau') { $query = "UPDATE lcm_author SET status = 'normal' WHERE id_author = {$connect_id_auteur}"; $result = lcm_query($query); $connect_status = 'normal'; } // PHP sessions are started here, and stopped at logout session_start(); return true; }
} if ($ok) { $auth->activate(); // Force cookies for admins if ($auth->username and $auth->status == 'admin') { $cookie_admin = "@" . $auth->username; } $query = "SELECT * \n\t\t\t\t\tFROM lcm_author\n\t\t\t\t\tWHERE username='******'"; $result = lcm_query($query); if ($row_author = lcm_fetch_array($result)) { $cookie_session = creer_cookie_session($row_author); } $cible->addVar('privet', 'yes'); } else { $cible = new Link("lcm_login.php"); $cible->addVar('var_login', $login); $cible->addVar('var_url', urldecode($url)); if ($session_password || $session_password_md5) { $cible->addVar('var_erreur', 'pass'); } } } // Set a session cookie? if ($cookie_session) { if ($session_remember == 'yes') { lcm_setcookie('lcm_session', $cookie_session, time() + 3600 * 24 * 14); } else { lcm_setcookie('lcm_session', $cookie_session); } $prefs = $row_author['prefs'] ? unserialize($row_author['prefs']) : array(); $prefs['cnx'] = $session_remember == 'yes' ? 'perma' : '';
// // Time spent on case by authors // // // Time spent on case by authors // case 'times': // List authors on the case $show_more_times = _request('more_times') ? true : false; $q = "SELECT\n\t\t\t\t\t\ta.id_author, name_first, name_middle, name_last,\n\t\t\t\t\t\tsum(IF(UNIX_TIMESTAMP(fu.date_end) > 0,\n\t\t\t\t\t\t\tUNIX_TIMESTAMP(fu.date_end)-UNIX_TIMESTAMP(fu.date_start), 0)) as time,\n\t\t\t\t\t\tsum(sumbilled) as sumbilled\n\t\t\t\t\tFROM lcm_author as a, lcm_followup as fu\n\t\t\t\t\tWHERE fu.id_author = a.id_author\n\t\t\t\t\t AND fu.id_case = {$case}\n\t\t\t\t\t AND fu.hidden = 'N'\n\t\t\t\t\tGROUP BY fu.id_author"; $result = lcm_query($q); // Show table headers echo '<fieldset class="info_box">'; show_page_subtitle(_T('case_subtitle_times'), 'reports_intro'); $link_details = new Link(); $link_details->addVar('more_times', intval(!$show_more_times)); echo "<table border='0' class='tbl_usr_dtl' width='99%'>\n"; echo "<tr>\n"; echo "<th class='heading'>" . _Th('case_input_author') . ' ' . '<a title="' . _T('fu_button_stats_' . ($show_more_times ? 'less' : 'more')) . '" href="' . $link_details->getUrl() . '">' . '<img src="images/spip/' . ($show_more_times ? 'moins' : 'plus') . '.gif" alt="" border="0" />' . '</a>' . "</th>\n"; echo "<th class='heading' width='120' nowrap='nowrap' align='right'>" . _Th('time_input_length') . ' (' . _T('time_info_short_hour') . ")</th>\n"; $total_time = 0; $total_sum_billed = 0.0; $meta_sum_billed = read_meta('fu_sum_billed'); if ($meta_sum_billed == 'yes') { $currency = read_meta('currency'); echo "<th class='heading' width='120' nowrap='nowrap' align='right'>" . _Th('fu_input_sum_billed') . ' (' . $currency . ")</th>\n"; } echo "</tr>\n"; // Show table contents & calculate total while ($row = lcm_fetch_array($result)) { $total_time += $row['time'];
function show_list_end($current_pos = 0, $number_of_rows = 0, $allow_show_all = false, $prefix = '') { global $prefs; $prefix_var = $prefix ? $prefix . '_' : ''; echo "</table>\n"; // // Navigation for previous/next screens // $list_pages = ceil($number_of_rows / $prefs['page_rows']); if (!$list_pages) { echo "<!-- list_pages == 0 -->\n"; return; } $link = new Link(); $pos = $link->getVar($prefix_var . 'list_pos'); $link->delVar($prefix_var . 'list_pos'); // If we are showing "All" items, do not show navigation if ($pos == 'all') { return ''; } echo "<table border='0' align='center' width='99%' class='page_numbers'>\n"; echo '<tr><td align="left" width="15%">'; // Previous page if ($current_pos > 0) { if ($current_pos > $prefs['page_rows']) { $link->addVar($prefix_var . 'list_pos', $current_pos - $prefs['page_rows']); } echo '<a href="' . $link->getUrl($prefix) . '" class="content_link">' . "< " . _T('listnav_link_previous') . '</a> '; } echo "</td>\n"; echo '<td align="center" width="70%">'; // Page numbers with direct links if ($list_pages > 1) { echo _T('listnav_link_gotopage') . ' '; for ($i = 0; $i < $list_pages; $i++) { if ($i == floor($current_pos / $prefs['page_rows'])) { echo '[' . ($i + 1) . '] '; } else { $current_pos_val = $i * $prefs['page_rows']; $link = new Link(); $link->delVar($prefix_var . 'list_pos'); if ($current_pos_val > 0) { $link->addVar($prefix_var . 'list_pos', $current_pos_val); } echo '<a href="' . $link->getUrl($prefix) . '" class="content_link">' . ($i + 1) . '</a> '; } } if ($allow_show_all) { $link->delVar($prefix_var . 'list_pos'); $link->addVar($prefix_var . 'list_pos', 'all'); echo '<a href="' . $link->getUrl($prefix) . '" class="content_link">' . _T('listnav_link_show_all') . '</a>'; } } echo "</td>\n"; echo "<td align='right' width='15%'>"; // Next page $next_pos = $current_pos + $prefs['page_rows']; if ($next_pos < $number_of_rows) { $current_pos_val = $next_pos; $link = new Link(); $link->addVar($prefix_var . 'list_pos', $current_pos_val); echo '<a href="' . $link->getUrl($prefix) . '" class="content_link">' . _T('listnav_link_next') . " >" . '</a>'; } echo "</td>\n"; echo "</tr>\n"; echo "</table>\n"; }
} else { $tmp_link->addVar('show_nokw', "1"); echo '<p><a href="' . $tmp_link->getUrl() . '" class="run_lnk">' . _T('rep_button_nokw_show') . "</a></p>\n"; } } echo '<p><a href="rep_det.php?rep=' . $report->getId() . '" class="run_lnk">' . _T('rep_button_goback') . "</a></p>\n"; // // Make a link to export the report // echo '<p>'; $link_csv = new Link(); $link_csv->delVar('export'); $link_csv->addVar('export', 'csv'); echo '<a href="' . $link_csv->getUrl() . '" class="exp_lnk">' . _T('rep_button_exportcsv') . '</a> '; $link_ods = new Link(); $link_ods->delVar('export'); $link_ods->addVar('export', 'ods'); echo '<a href="' . $link_ods->getUrl() . '" class="exp_lnk">' . _T('rep_button_exportcsv') . ' (ODS)' . '</a>'; // TRAD echo "</p>\n"; // // Print debug information, if requested // if (isset($_REQUEST['debug'])) { $dbg = $report->getJournal(); foreach ($dbg as $line) { echo $line; } } lcm_page_end(); }
// // Change password (if requested) // if (_session('usr_new_passwd') || !_session('username_old')) { change_password(); } // // Change username // if (_session('username') != _session('username_old') || !_session('username_old')) { change_username(_session('id_author'), _session('username_old'), _session('username')); } // // Insert/update author contacts // include_lcm('inc_contacts'); update_contacts_request('author', _session('id_author')); if (count($_SESSION['errors'])) { lcm_header("Location: edit_author.php?author=" . _session('id_author')); exit; } $dest_link = new Link('author_det.php'); $dest_link->addVar('author', _session('id_author')); // [ML] Not used at the moment, but could be useful eventually to send user // back to where he was (but as a choice, not automatically, see author_det.php). if (_session('ref_edit_author')) { $dest_link->addVar('ref', _session('ref_edit_author')); } // Delete session (of form data will become ghosts) $_SESSION['form_data'] = array(); lcm_header('Location: ' . $dest_link->getUrlForHeader());