function admin_note_addmandate() { global $tpl; $mdl = new Modele('mandate'); $mdl->assignTemplate('mandat'); if (isset($_POST['edit'])) { if ($mdl->addFrom($_POST)) { redirect("admin_note", "mandate", array('hsuccess' => 1)); } $tpl->assign('hsuccess', false); } display(); }
function admin_modeles_addinst() { global $tpl; if (!preg_match("/^[a-zA-Z0-9_]*\$/", $_GET['modele'])) { dbg_error(__FILE__, "Le nom de la table est incorrect"); } $modele = new Modele($_GET['modele']); $tpl->assign('result', ''); if (isset($_POST['action'])) { if ($modele->addFrom($_POST)) { $tpl->assign('result', 'success'); } else { $tpl->assign('result', 'error'); } } $tpl->assign('modele', $modele); $tpl->assign('edit', $modele->edit()); $tpl->display('adminmodeles_addinst.tpl'); quit(); }
function compta_add() { global $tpl; $mdl = new Modele('user_accounts'); $fields = array('ua_identifier', 'ua_number'); if ($_SERVER['REQUEST_METHOD'] == 'POST') { $info = array_merge($_POST, array('ua_user' => $_SESSION['user']['user_id'])); $info['ua_number'] = strtoupper(str_replace(' ', '', $info['ua_number'])); if (checkIBAN($info['ua_number'])) { if ($mdl->addFrom($info)) { redirect("compta", "index", array('hsuccess' => 1)); } else { $tpl->assign('hsuccess', false); } } else { $tpl->assign('hsuccess', "Le numero IBAN est invalide"); } } $tpl->assign('form', $mdl->edit($fields)); display(); }
function tripadm_add_caution() { global $tpl; $ufile = _tripadm_load(); if ($_SERVER['REQUEST_METHOD'] == 'POST') { $mod = new Modele("trip_cheq"); $args = array_merge($_POST, array('tq_file' => $ufile->getKey(), 'tq_type' => 'CAUTION', 'tq_date' => strftime('%F %T'))); if ($mod->addFrom($args)) { _trip_update($ufile); redirect('tripadm', 'order', array('file' => $ufile->getKey(), 'hsuccess' => 1)); } else { $tpl->assign('hsuccess', false); } } display(); }
function cards_mkbundle() { global $tpl; $bdl = new Modele('cardbundle'); if (!$bdl->addFrom(array('cbundle_date' => date('Y-m-d')))) { $tpl->assign('msg', 'Impossible de créer le bundle'); $tpl->display('syscore_error.tpl'); quit(); } $crd = new Modele('card'); $crd->find(array('card_status' => 'WAIT')); while ($crd->next()) { $crd->card_bundle = $bdl; $crd->card_status = 'PRINT'; } redirect('cards'); }
function api_authorize() { //response_type code uniquement if ($_GET['response_type'] != 'code') { redirect('syscore', 'custom', array('error' => 'Type de reponse non supporté.')); return; //Force l'arrêt } //Recherche du client $cli = new Modele('api_clients'); $cli->find(array('ac_client' => $_GET['client_id'])); if (!$cli->next()) { redirect('syscore', 'custom', array('error' => 'Client API non enregistré.')); return; //Force l'arrêt } //Verif callback client $allowed_callbaks = explode("\n", $cli->ac_callback); foreach ($allowed_callbaks as &$callback) { $callback = trim($callback, " \t\n\r\v/"); } if (isset($_GET['redirect_uri']) && $_GET['redirect_uri'] == '' || !in_array($_GET['redirect_uri'], $allowed_callbaks)) { redirect('syscore', 'custom', array('error' => 'Callback non enregistré:' . $_GET['redirect_uri'])); return; //Force l'arrêt } // FIXME : vérifier le scope. // Pas login ? Go login. if (!isset($_SESSION['user']) || $_SESSION['user'] === false) { $options = http_build_query(array('redirect_uri' => $_GET['redirect_uri'], 'response_type' => $_GET['response_type'], 'client_id' => $_GET['client_id'], 'nonce' => $_GET['nonce'], 'state' => $_GET['state'], 'scope' => $_GET['scope'])); redirect("index", "login", array('redirect' => 'api/authorize/' . $options)); return; } $token = array('at_client' => $cli->getKey(), 'at_type' => 'AUTH', 'at_code' => md5(uniqid('', true)), 'at_nonce' => $_GET['nonce'], 'at_state' => $_GET['state'], 'at_scope' => $_GET['scope'], 'at_user' => $_SESSION['user']['user_id'], 'at_start' => time(), 'at_expire' => time() + 3600); if (isset($_GET['redirect_uri'])) { $token['at_uri'] = $_GET['redirect_uri']; } $tok = new Modele('api_tokens'); if (!$tok->addFrom($token)) { redirect('syscore', 'custom', array('error' => 'Token writing ERROR.')); return; //Force l'arrêt } $answer = array('code' => $token['at_code']); if ($token['at_state'] != '') { $answer['state'] = $token['at_state']; } $url = parse_url($_GET['redirect_uri']); $args = false; $uri = "{$url['scheme']}://"; if (isset($url['query'])) { parse_str($url['query'], $args); $url['query'] = http_build_query(array_merge($args, $answer)); } else { $url['query'] = http_build_query($answer); } if (isset($url['user'])) { $uri .= urlencode($url['user']); if (isset($url['pass'])) { $uri .= ':' . urlencode($pass); } $uri .= '@'; } $uri .= $url['host'] . $url['path'] . '?' . $url['query']; if (isset($url['fragment'])) { $uri .= '#' . $url['fragment']; } header('Location: ' . $uri); quit(); }
function user_add_mandate($user, $mandate) { $usr = new Modele('users'); $mdt = new Modele('mandate'); $lnk = new Modele('user_mandate'); if (preg_match('/^9([0-9]{4})([0-9]{7})[0-9]$/', $user, $matchs)) { $user = $matchs[2]; $mandate = $matchs[1]; } $usr->fetch($user); $mdt->fetch($mandate); if ($lnk->find(array('um_user' => $usr->getKey(), 'um_mandate' => $mdt->getKey())) && $lnk->count() > 0) { return 'L\'utilisateur a déjà un mandat, changez ces privilèges manuellement'; } $succ = $lnk->addFrom(array('um_user' => $usr->getKey(), 'um_mandate' => $mdt->getKey())); if ($succ && aclFromText($usr->raw_user_role) < ACL_USER) { $usr->user_role = ACL_USER; } return $succ; }
/** * Insert ACL if not exists * * @param str $action Action * @param str $page Page * @param str $acl Default ACL * @return boolean */ private function _insertAcl($action, $page, $acl) { $mdl = new Modele('acces'); $obj = array('acl_page' => $page, 'acl_action' => $action); $mdl->find($obj); if ($mdl->count() > 0) { return true; } $add = new Modele('acces'); $obj['acl_acces'] = $acl; return $add->addFrom($obj); }
function section_addpoints() { global $tpl, $pdo; $section = new Modele('sections'); $section->fetch($_REQUEST['section']); $tpl->assign('section', $section); $queryFields = array('part_duration', 'part_title', 'part_justification'); $mdl = new Modele('participations'); $tpl->assign('form', $mdl->edit($queryFields)); if (isset($_POST['edit'])) { $data = array('part_section' => $section->section_id, 'part_attribution_date' => date('Y-m-d'), 'part_status' => 'SUBMITTED'); foreach ($queryFields as $field) { $data[$field] = $_POST[$field]; } if (!$mdl->addFrom($data)) { redirect('section', 'details', array('section' => $section->section_id, 'hsuccess' => '0')); } $sql = $pdo->prepare('SELECT * FROM user_sections LEFT JOIN users ON user_id = us_user WHERE us_section = ? ORDER BY user_name'); $sql->bindValue(1, $section->section_id); $sql->execute(); $mdlMark = new Modele('marks'); $dataMark = array('mark_participation' => $mdl->getKey()); while ($user = $sql->fetch()) { if (in_array($user['user_id'], $_POST['staffs'])) { $dataMark['mark_user'] = $user['user_id']; $dataMark['mark_period'] = $_POST['type-' . $user['user_type']]; $mdlMark->addFrom($dataMark); } } redirect('section', 'details', array('section' => $section->section_id, 'hsuccess' => '1')); } $types = new Modele('user_types'); $types->find(); while ($type = $types->next()) { $periods = $pdo->prepare('SELECT * FROM periods WHERE period_start < NOW() AND period_end > NOW() AND period_type = ? AND period_state = "ACTIVE"'); $periods->bindValue(1, $types->ut_id); $periods->execute(); $repPeriods = array(); while ($period = $periods->fetch()) { $repPeriods[] = $period; } $tpl->append('types', array('id' => $types->ut_id, 'name' => $types->ut_name, 'periods' => $repPeriods)); } $sql = $pdo->prepare('SELECT * FROM user_sections LEFT JOIN users ON user_id = us_user WHERE us_section = ? ORDER BY user_name'); $sql->bindValue(1, $section->section_id); $sql->execute(); while ($user = $sql->fetch()) { $tpl->append('staffs', $user); } display(); }
function ml_manageSection() { $mdl = new Modele('section_ml'); $suc = $mdl->addFrom(array('sm_section' => $_REQUEST['section'], 'sm_ml' => $_REQUEST['ml'])); redirect("ml", "view", array('hsuccess' => $suc ? 1 : 0, 'ml' => $_REQUEST['ml'])); }
function wifi_add() { global $tpl; if (isset($_POST['save'])) { $f = fopen($_FILES['file']['tmp_name'], 'r'); $tokens = array(); $roll = null; while (!feof($f)) { $l = fgets($f); if (preg_match('`# Voucher Tickets [0-9]*..[0-9]* for Roll ([0-9]*)`', $l, $pmatch)) { $roll = $pmatch[1]; } elseif ($l[0] != "#") { $token = trim($l, "\t\n\r\v\" "); if (strlen($token)) { $tokens[] = $token; } } } fclose($f); unlink($_FILES['file']['tmp_name']); if (count($tokens) == 0 || $roll == null) { echo "Erreur de parsing"; $tpl->assign('hsuccess', false); } else { $mdl = new Modele('wifi_tokenGroup'); if ($mdl->addFrom(array('wtg_roll' => $roll, 'wtg_duration' => $_POST['duration'], 'wtg_date' => date('Y-m-d')))) { $id = $mdl->getKey(); $tkn = new Modele('wifi_tokens'); foreach ($tokens as $token) { $tkn->addFrom(array('wt_token' => $token, 'wt_group' => $id)); } $tpl->assign('hsuccess', true); } else { echo 'Erreur insertion WTG.'; $tpl->assign('hsuccess', false); } } } display(); }
function ftp_add() { global $tpl, $pdo; $grp = new Modele('sections'); $grp->find(); while ($grp->next()) { if (hasAcl(ACL_ADMINISTRATOR) || isset($_SESSION['user']['sections'][$grp->section_id]) && $_SESSION['user']['sections'][$grp->section_id]['us_type'] == 'manager') { $tpl->append('groups', $grp->toArray()); } } if (isset($_POST['user'])) { $sqlUsr = $pdo->prepare('SELECT * FROM users WHERE user_name LIKE ?'); $sqlUsr->bindValue(1, $_POST['member']); $sqlUsr->execute(); if ($sqlUsr->rowCount() == 0) { $tpl->assign('error', 'Utilisateur INTRA introuveable.'); display(); } elseif (!hasAcl(ACL_ADMINISTRATOR) && (!isset($_SESSION['user']['sections'][$_POST['section']]) || $_SESSION['user']['sections'][$_POST['section']]['us_type'] != 'manager')) { $tpl->assign('error', 'Groupe introuveable.'); display(); } elseif (strlen($_POST['pass']) < 8) { $tpl->assign('error', 'Le mot de passe doit faire au moins 8 caractères.'); display(); } else { $add = new Modele('ftp_users'); $user = $sqlUsr->fetch(); $tpl->assign('hsuccess', $add->addFrom(array('fu_user' => 'toy_' . $_POST['user'], 'fu_pass' => $_POST['pass'], 'fu_section' => $_POST['section'], 'fu_member' => $user['user_id'], 'fu_path' => '/home/ftp/toyunda/timeurs/'))); $usr = escapeshellarg($_POST['user']); $pwd = escapeshellarg($_POST['pass']); _ftp_exec("sudo /opt/scripts/adduser.sh {$usr} {$pwd}"); display(); } } display(); }
function trip_opt_add() { global $tpl; $mod = new Modele('trip_options'); $mod->fetch($_GET['option']); $mod->assignTemplate('option'); $mdl = $mod->topt_trip; $mdl->assignTemplate('trip'); $opt = new Modele('trip_option_options'); $tpl->assign('form', $opt->edit(array('too_value', 'too_price'))); if ($_SERVER['REQUEST_METHOD'] == 'POST') { $data = array_merge($_POST, array('too_option' => $mod->getKey())); if ($opt->addFrom($data)) { redirect('trip', 'opt_list', array('option' => $mod->getKey(), 'hsuccess' => 1)); } $tpl->assign('hsuccess', false); } display(); }
function event_staff_add() { global $pdo; // Autocomplete if (isset($_GET['format']) && $_GET['format'] == 'json') { $sql = $pdo->prepare("SELECT user_name, user_firstname, user_lastname FROM users WHERE user_name LIKE :term OR user_firstname LIKE :term OR user_lastname LIKE :term ORDER BY user_name ASC LIMIT 10"); $sql->bindValue('term', "%{$_GET['term']}%"); $sql->execute(); echo json_encode($sql->fetchAll(PDO::FETCH_ASSOC)); quit(); } if (isset($_POST['login'])) { $mdl = new Modele('event_staff'); $usr = $pdo->prepare('SELECT user_id FROM users WHERE user_name = ?'); foreach (explode(',', $_POST['login']) as $login) { $usr->bindValue(1, trim($login)); $usr->execute(); $usrDetails = $usr->fetch(); if ($usrDetails !== false) { $mdl->find(array('est_user' => $usrDetails['user_id'], 'est_event' => $_REQUEST['event'], 'est_section' => $_REQUEST['section'])); if ($mdl->next()) { $mdl->est_status = 'OK'; } else { $mdl->addFrom(array('est_user' => $usrDetails['user_id'], 'est_event' => $_REQUEST['event'], 'est_section' => $_REQUEST['section'], 'est_status' => 'OK')); } } } redirect('event', 'staff', array('section' => $_REQUEST['section'], 'event' => $_REQUEST['event'], 'hsuccess' => 1)); } }
function tripusr_step3() { global $tpl; $ufile = _tripusr_load(); if ($ufile->tu_step != 3) { redirect('tripusr', 'continue', array('file' => $ufile->getKey())); } if ($_SERVER['REQUEST_METHOD'] == 'POST') { $valid = true; foreach ($_POST['opt'] as $answer) { $tou = new Modele('trip_option_userfile'); $valid = $valid && $tou->addFrom(array('tou_option' => $answer, 'too_userfiles' => $ufile->getKey())); } if ($valid) { $ufile->tu_step = 4; redirect('tripusr', 'step4', array('file' => $ufile->getKey())); } $tpl->assign('hsuccess', false); } $optlist = array(); $questions = new Modele('trip_options'); $questions->find(array('topt_trip' => $ufile->raw_tu_trip)); // Pas de complements, go etape 4 if ($questions->count() == 0) { $ufile->tu_step = 4; redirect('tripusr', 'step4', array('file' => $ufile->getKey())); } while ($questions->next()) { if (!isset($optlist[$questions->topt_group])) { $optlist[$questions->topt_group] = array(); } $qinfo = array('question' => new Modele($questions), 'options' => array()); $opts = new Modele('trip_option_options'); $opts->find(array('too_option' => $questions->getKey())); while ($opts->next()) { $qinfo['options'][] = new Modele($opts); } $optlist[$questions->topt_group][] = $qinfo; } $tpl->assign('groups', $optlist); display(); }