require_once "{$class_path}/editor.class.php"; require_once "{$class_path}/collection.class.php"; require_once "{$class_path}/subcollection.class.php"; require_once "{$class_path}/serie.class.php"; require_once "{$class_path}/indexint.class.php"; require_once "{$class_path}/category.class.php"; require_once "{$include_path}/notice_authors.inc.php"; require_once "{$include_path}/notice_categories.inc.php"; require_once "{$include_path}/expl_info.inc.php"; require_once "{$include_path}/explnum.inc.php"; require_once "{$include_path}/resa_func.inc.php"; require_once "{$include_path}/isbn.inc.php"; require_once "{$class_path}/docs_location.class.php"; require_once "{$class_path}/bannette.class.php"; if ($categ == 'pretrestrict' && $form_login && $form_password) { $query = "select id_empr, empr_cb from empr where empr_login='******' and empr_password='******' "; $result = pmb_mysql_query($query, $dbh); $id_empr = @pmb_mysql_result($result, '0', 'id_empr'); $form_cb = @pmb_mysql_result($result, '0', 'empr_cb'); if ($id_empr && $form_cb) { $categ = 'pret'; } } if (SESSrights & RESTRICTCIRC_AUTH) { $sub = ""; } switch ($categ) { case 'pret': echo window_title($database_window_title . $msg["5"] . " : " . $msg["13"]); switch ($sub) { case 'pret_prolongation':
function connector_out_check_credentials($username, $password, $source_id) { global $dbh; $source_id += 0; if (!$username) { //--Utilisateur anonyme //Verifions si le groupe anonyme a le droit d'utiliser la source $sql = "SELECT COUNT(1) FROM connectors_out_sources_esgroups WHERE connectors_out_source_esgroup_sourcenum = " . $source_id . ' AND connectors_out_source_esgroup_esgroupnum = -1'; $count = pmb_mysql_result(pmb_mysql_query($sql, $dbh), 0, 0); $allowed = $count > 0; if ($allowed) { $sql = 'SELECT esgroup_pmbusernum FROM es_esgroups WHERE esgroup_id = -1'; $res = pmb_mysql_query($sql, $dbh); if (!pmb_mysql_num_rows($res)) { return 1; } else { return pmb_mysql_result($res, 0, 0); } } return false; } else { if (strpos($username, "@") !== false) { //--Lecteur $login_info = explode("@", $username); if (count($login_info) != 2) { return false; } $empr_name = $login_info[0]; $es_group = $login_info[1]; if (!$empr_name || !$es_group) { return false; } //Cherchons le lecteur $empr_id = 0; $sql = "SELECT id_empr FROM empr WHERE empr_login = '******' AND empr_password = '******'"; $res = pmb_mysql_query($sql, $dbh); if (pmb_mysql_num_rows($res)) { $empr_id = pmb_mysql_result($res, 0, 0); } //Pas trouvé? Plouf! if (!$empr_id) { return false; } //Cherchons le groupe $sql = "SELECT esgroup_id FROM es_esgroups WHERE esgroup_name = '" . addslashes($es_group) . "'"; $res = pmb_mysql_query($sql, $dbh); //Pas trouvé? Plouf! if (!pmb_mysql_num_rows($res)) { return false; } $esgroup_id = pmb_mysql_result($res, 0, 0); $es_group = new es_esgroup($esgroup_id); //Vérifions que le lecteur est dans le groupe $sql = "SELECT SUM(EXISTS(SELECT 1 FROM empr_groupe WHERE empr_id = " . $empr_id . " AND groupe_id = esgroupuser_usernum)) > 0 AS in_group FROM es_esgroup_esusers WHERE esgroupuser_usertype = 2 AND esgroupuser_groupnum = " . $esgroup_id; $res = pmb_mysql_query($sql, $dbh); $empr_in_group = pmb_mysql_result($res, 0, 0); if (!$empr_in_group) { //Vil faquin, tu as cru pouvoir rentré en mentant sur ton groupe d'origine? Ca marche pas ici; plouf! return false; } //Verifions si le groupe a le droit d'utiliser la source $sql = "SELECT COUNT(1) FROM connectors_out_sources_esgroups WHERE connectors_out_source_esgroup_sourcenum = " . $source_id . ' AND connectors_out_source_esgroup_esgroupnum = ' . $esgroup_id; $count = pmb_mysql_result(pmb_mysql_query($sql, $dbh), 0, 0); $allowed = $count > 0; //Pas le droit? Plouf! if (!$allowed) { return false; } //Et voilà, tout est bon, ça passe return $es_group->esgroup_pmbuserid; } else { //--Utilisateur classique //Cherchons si cet utilisateur existe, et si oui, récupérons son groupe $esuser = es_esuser::create_from_credentials($username, $password); if (!$esuser) { return false; } $esgroup_id = $esuser->esuser_group; //Si l'utilisateur n'est pas dans un groupe, il ne peut pas avoir de droits, donc plouf if (!$esgroup_id) { return false; } //Verifions si le groupe a le droit d'utiliser la source $sql = "SELECT COUNT(1) FROM connectors_out_sources_esgroups WHERE connectors_out_source_esgroup_sourcenum = " . $source_id . ' AND connectors_out_source_esgroup_esgroupnum = ' . $esgroup_id; $count = pmb_mysql_result(pmb_mysql_query($sql, $dbh), 0, 0); $allowed = $count > 0; //Pas le droit? Plouf! if (!$allowed) { return false; } //Sinon on renvoi le pmbuserid associé au groupe $esgroup = new es_esgroup($esgroup_id); return $esgroup->esgroup_pmbuserid; } } return false; }