function admin_note_addmandate()
{
global $tpl;
$mdl = new Modele('mandate');
$mdl->assignTemplate('mandat');
if (isset($_POST['edit'])) {
if ($mdl->addFrom($_POST)) {
redirect("admin_note", "mandate", array('hsuccess' => 1));
}
$tpl->assign('hsuccess', false);
}
display();
}
function admin_modeles_addinst()
{
global $tpl;
if (!preg_match("/^[a-zA-Z0-9_]*\$/", $_GET['modele'])) {
dbg_error(__FILE__, "Le nom de la table est incorrect");
}
$modele = new Modele($_GET['modele']);
$tpl->assign('result', '');
if (isset($_POST['action'])) {
if ($modele->addFrom($_POST)) {
$tpl->assign('result', 'success');
} else {
$tpl->assign('result', 'error');
}
}
$tpl->assign('modele', $modele);
$tpl->assign('edit', $modele->edit());
$tpl->display('adminmodeles_addinst.tpl');
quit();
}
function compta_add()
{
global $tpl;
$mdl = new Modele('user_accounts');
$fields = array('ua_identifier', 'ua_number');
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$info = array_merge($_POST, array('ua_user' => $_SESSION['user']['user_id']));
$info['ua_number'] = strtoupper(str_replace(' ', '', $info['ua_number']));
if (checkIBAN($info['ua_number'])) {
if ($mdl->addFrom($info)) {
redirect("compta", "index", array('hsuccess' => 1));
} else {
$tpl->assign('hsuccess', false);
}
} else {
$tpl->assign('hsuccess', "Le numero IBAN est invalide");
}
}
$tpl->assign('form', $mdl->edit($fields));
display();
}
function tripadm_add_caution()
{
global $tpl;
$ufile = _tripadm_load();
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$mod = new Modele("trip_cheq");
$args = array_merge($_POST, array('tq_file' => $ufile->getKey(), 'tq_type' => 'CAUTION', 'tq_date' => strftime('%F %T')));
if ($mod->addFrom($args)) {
_trip_update($ufile);
redirect('tripadm', 'order', array('file' => $ufile->getKey(), 'hsuccess' => 1));
} else {
$tpl->assign('hsuccess', false);
}
}
display();
}
function cards_mkbundle()
{
global $tpl;
$bdl = new Modele('cardbundle');
if (!$bdl->addFrom(array('cbundle_date' => date('Y-m-d')))) {
$tpl->assign('msg', 'Impossible de créer le bundle');
$tpl->display('syscore_error.tpl');
quit();
}
$crd = new Modele('card');
$crd->find(array('card_status' => 'WAIT'));
while ($crd->next()) {
$crd->card_bundle = $bdl;
$crd->card_status = 'PRINT';
}
redirect('cards');
}
function api_authorize()
{
//response_type code uniquement
if ($_GET['response_type'] != 'code') {
redirect('syscore', 'custom', array('error' => 'Type de reponse non supporté.'));
return;
//Force l'arrêt
}
//Recherche du client
$cli = new Modele('api_clients');
$cli->find(array('ac_client' => $_GET['client_id']));
if (!$cli->next()) {
redirect('syscore', 'custom', array('error' => 'Client API non enregistré.'));
return;
//Force l'arrêt
}
//Verif callback client
$allowed_callbaks = explode("\n", $cli->ac_callback);
foreach ($allowed_callbaks as &$callback) {
$callback = trim($callback, " \t\n\r\v/");
}
if (isset($_GET['redirect_uri']) && $_GET['redirect_uri'] == '' || !in_array($_GET['redirect_uri'], $allowed_callbaks)) {
redirect('syscore', 'custom', array('error' => 'Callback non enregistré:' . $_GET['redirect_uri']));
return;
//Force l'arrêt
}
// FIXME : vérifier le scope.
// Pas login ? Go login.
if (!isset($_SESSION['user']) || $_SESSION['user'] === false) {
$options = http_build_query(array('redirect_uri' => $_GET['redirect_uri'], 'response_type' => $_GET['response_type'], 'client_id' => $_GET['client_id'], 'nonce' => $_GET['nonce'], 'state' => $_GET['state'], 'scope' => $_GET['scope']));
redirect("index", "login", array('redirect' => 'api/authorize/' . $options));
return;
}
$token = array('at_client' => $cli->getKey(), 'at_type' => 'AUTH', 'at_code' => md5(uniqid('', true)), 'at_nonce' => $_GET['nonce'], 'at_state' => $_GET['state'], 'at_scope' => $_GET['scope'], 'at_user' => $_SESSION['user']['user_id'], 'at_start' => time(), 'at_expire' => time() + 3600);
if (isset($_GET['redirect_uri'])) {
$token['at_uri'] = $_GET['redirect_uri'];
}
$tok = new Modele('api_tokens');
if (!$tok->addFrom($token)) {
redirect('syscore', 'custom', array('error' => 'Token writing ERROR.'));
return;
//Force l'arrêt
}
$answer = array('code' => $token['at_code']);
if ($token['at_state'] != '') {
$answer['state'] = $token['at_state'];
}
$url = parse_url($_GET['redirect_uri']);
$args = false;
$uri = "{$url['scheme']}://";
if (isset($url['query'])) {
parse_str($url['query'], $args);
$url['query'] = http_build_query(array_merge($args, $answer));
} else {
$url['query'] = http_build_query($answer);
}
if (isset($url['user'])) {
$uri .= urlencode($url['user']);
if (isset($url['pass'])) {
$uri .= ':' . urlencode($pass);
}
$uri .= '@';
}
$uri .= $url['host'] . $url['path'] . '?' . $url['query'];
if (isset($url['fragment'])) {
$uri .= '#' . $url['fragment'];
}
header('Location: ' . $uri);
quit();
}
function user_add_mandate($user, $mandate)
{
$usr = new Modele('users');
$mdt = new Modele('mandate');
$lnk = new Modele('user_mandate');
if (preg_match('/^9([0-9]{4})([0-9]{7})[0-9]$/', $user, $matchs)) {
$user = $matchs[2];
$mandate = $matchs[1];
}
$usr->fetch($user);
$mdt->fetch($mandate);
if ($lnk->find(array('um_user' => $usr->getKey(), 'um_mandate' => $mdt->getKey())) && $lnk->count() > 0) {
return 'L\'utilisateur a déjà un mandat, changez ces privilèges manuellement';
}
$succ = $lnk->addFrom(array('um_user' => $usr->getKey(), 'um_mandate' => $mdt->getKey()));
if ($succ && aclFromText($usr->raw_user_role) < ACL_USER) {
$usr->user_role = ACL_USER;
}
return $succ;
}
/**
* Insert ACL if not exists
*
* @param str $action Action
* @param str $page Page
* @param str $acl Default ACL
* @return boolean
*/
private function _insertAcl($action, $page, $acl)
{
$mdl = new Modele('acces');
$obj = array('acl_page' => $page, 'acl_action' => $action);
$mdl->find($obj);
if ($mdl->count() > 0) {
return true;
}
$add = new Modele('acces');
$obj['acl_acces'] = $acl;
return $add->addFrom($obj);
}
function section_addpoints()
{
global $tpl, $pdo;
$section = new Modele('sections');
$section->fetch($_REQUEST['section']);
$tpl->assign('section', $section);
$queryFields = array('part_duration', 'part_title', 'part_justification');
$mdl = new Modele('participations');
$tpl->assign('form', $mdl->edit($queryFields));
if (isset($_POST['edit'])) {
$data = array('part_section' => $section->section_id, 'part_attribution_date' => date('Y-m-d'), 'part_status' => 'SUBMITTED');
foreach ($queryFields as $field) {
$data[$field] = $_POST[$field];
}
if (!$mdl->addFrom($data)) {
redirect('section', 'details', array('section' => $section->section_id, 'hsuccess' => '0'));
}
$sql = $pdo->prepare('SELECT * FROM user_sections LEFT JOIN users ON user_id = us_user WHERE us_section = ? ORDER BY user_name');
$sql->bindValue(1, $section->section_id);
$sql->execute();
$mdlMark = new Modele('marks');
$dataMark = array('mark_participation' => $mdl->getKey());
while ($user = $sql->fetch()) {
if (in_array($user['user_id'], $_POST['staffs'])) {
$dataMark['mark_user'] = $user['user_id'];
$dataMark['mark_period'] = $_POST['type-' . $user['user_type']];
$mdlMark->addFrom($dataMark);
}
}
redirect('section', 'details', array('section' => $section->section_id, 'hsuccess' => '1'));
}
$types = new Modele('user_types');
$types->find();
while ($type = $types->next()) {
$periods = $pdo->prepare('SELECT * FROM periods WHERE period_start < NOW() AND period_end > NOW() AND period_type = ? AND period_state = "ACTIVE"');
$periods->bindValue(1, $types->ut_id);
$periods->execute();
$repPeriods = array();
while ($period = $periods->fetch()) {
$repPeriods[] = $period;
}
$tpl->append('types', array('id' => $types->ut_id, 'name' => $types->ut_name, 'periods' => $repPeriods));
}
$sql = $pdo->prepare('SELECT * FROM user_sections LEFT JOIN users ON user_id = us_user WHERE us_section = ? ORDER BY user_name');
$sql->bindValue(1, $section->section_id);
$sql->execute();
while ($user = $sql->fetch()) {
$tpl->append('staffs', $user);
}
display();
}
function ml_manageSection()
{
$mdl = new Modele('section_ml');
$suc = $mdl->addFrom(array('sm_section' => $_REQUEST['section'], 'sm_ml' => $_REQUEST['ml']));
redirect("ml", "view", array('hsuccess' => $suc ? 1 : 0, 'ml' => $_REQUEST['ml']));
}
function wifi_add()
{
global $tpl;
if (isset($_POST['save'])) {
$f = fopen($_FILES['file']['tmp_name'], 'r');
$tokens = array();
$roll = null;
while (!feof($f)) {
$l = fgets($f);
if (preg_match('`# Voucher Tickets [0-9]*..[0-9]* for Roll ([0-9]*)`', $l, $pmatch)) {
$roll = $pmatch[1];
} elseif ($l[0] != "#") {
$token = trim($l, "\t\n\r\v\" ");
if (strlen($token)) {
$tokens[] = $token;
}
}
}
fclose($f);
unlink($_FILES['file']['tmp_name']);
if (count($tokens) == 0 || $roll == null) {
echo "Erreur de parsing";
$tpl->assign('hsuccess', false);
} else {
$mdl = new Modele('wifi_tokenGroup');
if ($mdl->addFrom(array('wtg_roll' => $roll, 'wtg_duration' => $_POST['duration'], 'wtg_date' => date('Y-m-d')))) {
$id = $mdl->getKey();
$tkn = new Modele('wifi_tokens');
foreach ($tokens as $token) {
$tkn->addFrom(array('wt_token' => $token, 'wt_group' => $id));
}
$tpl->assign('hsuccess', true);
} else {
echo 'Erreur insertion WTG.';
$tpl->assign('hsuccess', false);
}
}
}
display();
}
function ftp_add()
{
global $tpl, $pdo;
$grp = new Modele('sections');
$grp->find();
while ($grp->next()) {
if (hasAcl(ACL_ADMINISTRATOR) || isset($_SESSION['user']['sections'][$grp->section_id]) && $_SESSION['user']['sections'][$grp->section_id]['us_type'] == 'manager') {
$tpl->append('groups', $grp->toArray());
}
}
if (isset($_POST['user'])) {
$sqlUsr = $pdo->prepare('SELECT * FROM users WHERE user_name LIKE ?');
$sqlUsr->bindValue(1, $_POST['member']);
$sqlUsr->execute();
if ($sqlUsr->rowCount() == 0) {
$tpl->assign('error', 'Utilisateur INTRA introuveable.');
display();
} elseif (!hasAcl(ACL_ADMINISTRATOR) && (!isset($_SESSION['user']['sections'][$_POST['section']]) || $_SESSION['user']['sections'][$_POST['section']]['us_type'] != 'manager')) {
$tpl->assign('error', 'Groupe introuveable.');
display();
} elseif (strlen($_POST['pass']) < 8) {
$tpl->assign('error', 'Le mot de passe doit faire au moins 8 caractères.');
display();
} else {
$add = new Modele('ftp_users');
$user = $sqlUsr->fetch();
$tpl->assign('hsuccess', $add->addFrom(array('fu_user' => 'toy_' . $_POST['user'], 'fu_pass' => $_POST['pass'], 'fu_section' => $_POST['section'], 'fu_member' => $user['user_id'], 'fu_path' => '/home/ftp/toyunda/timeurs/')));
$usr = escapeshellarg($_POST['user']);
$pwd = escapeshellarg($_POST['pass']);
_ftp_exec("sudo /opt/scripts/adduser.sh {$usr} {$pwd}");
display();
}
}
display();
}
function trip_opt_add()
{
global $tpl;
$mod = new Modele('trip_options');
$mod->fetch($_GET['option']);
$mod->assignTemplate('option');
$mdl = $mod->topt_trip;
$mdl->assignTemplate('trip');
$opt = new Modele('trip_option_options');
$tpl->assign('form', $opt->edit(array('too_value', 'too_price')));
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$data = array_merge($_POST, array('too_option' => $mod->getKey()));
if ($opt->addFrom($data)) {
redirect('trip', 'opt_list', array('option' => $mod->getKey(), 'hsuccess' => 1));
}
$tpl->assign('hsuccess', false);
}
display();
}
function event_staff_add()
{
global $pdo;
// Autocomplete
if (isset($_GET['format']) && $_GET['format'] == 'json') {
$sql = $pdo->prepare("SELECT user_name, user_firstname, user_lastname FROM users WHERE user_name LIKE :term OR user_firstname LIKE :term OR user_lastname LIKE :term ORDER BY user_name ASC LIMIT 10");
$sql->bindValue('term', "%{$_GET['term']}%");
$sql->execute();
echo json_encode($sql->fetchAll(PDO::FETCH_ASSOC));
quit();
}
if (isset($_POST['login'])) {
$mdl = new Modele('event_staff');
$usr = $pdo->prepare('SELECT user_id FROM users WHERE user_name = ?');
foreach (explode(',', $_POST['login']) as $login) {
$usr->bindValue(1, trim($login));
$usr->execute();
$usrDetails = $usr->fetch();
if ($usrDetails !== false) {
$mdl->find(array('est_user' => $usrDetails['user_id'], 'est_event' => $_REQUEST['event'], 'est_section' => $_REQUEST['section']));
if ($mdl->next()) {
$mdl->est_status = 'OK';
} else {
$mdl->addFrom(array('est_user' => $usrDetails['user_id'], 'est_event' => $_REQUEST['event'], 'est_section' => $_REQUEST['section'], 'est_status' => 'OK'));
}
}
}
redirect('event', 'staff', array('section' => $_REQUEST['section'], 'event' => $_REQUEST['event'], 'hsuccess' => 1));
}
}
function tripusr_step3()
{
global $tpl;
$ufile = _tripusr_load();
if ($ufile->tu_step != 3) {
redirect('tripusr', 'continue', array('file' => $ufile->getKey()));
}
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$valid = true;
foreach ($_POST['opt'] as $answer) {
$tou = new Modele('trip_option_userfile');
$valid = $valid && $tou->addFrom(array('tou_option' => $answer, 'too_userfiles' => $ufile->getKey()));
}
if ($valid) {
$ufile->tu_step = 4;
redirect('tripusr', 'step4', array('file' => $ufile->getKey()));
}
$tpl->assign('hsuccess', false);
}
$optlist = array();
$questions = new Modele('trip_options');
$questions->find(array('topt_trip' => $ufile->raw_tu_trip));
// Pas de complements, go etape 4
if ($questions->count() == 0) {
$ufile->tu_step = 4;
redirect('tripusr', 'step4', array('file' => $ufile->getKey()));
}
while ($questions->next()) {
if (!isset($optlist[$questions->topt_group])) {
$optlist[$questions->topt_group] = array();
}
$qinfo = array('question' => new Modele($questions), 'options' => array());
$opts = new Modele('trip_option_options');
$opts->find(array('too_option' => $questions->getKey()));
while ($opts->next()) {
$qinfo['options'][] = new Modele($opts);
}
$optlist[$questions->topt_group][] = $qinfo;
}
$tpl->assign('groups', $optlist);
display();
}
