function delete_user($login) { $sql = "SELECT source FROM " . TABLE_PREFIX . "_utilisateurs\n\t WHERE login LIKE '{$login}'"; $res = grr_sql_query($sql); $row = grr_sql_row($res, 0); $source = $row[0]; if ($source == 'ext') { // Si l'utilisateur avait été créé automatiquement, on le // supprime // Cf. admin_user.php l99 et l203 $sql = "DELETE FROM " . TABLE_PREFIX . "_utilisateurs WHERE login='******'"; if (grr_sql_command($sql) < 0) { fatal_error(1, "<p>" . grr_sql_error()); } else { grr_sql_command("DELETE FROM " . TABLE_PREFIX . "_j_mailuser_room WHERE login='******'"); grr_sql_command("DELETE FROM " . TABLE_PREFIX . "_j_user_area WHERE login='******'"); grr_sql_command("DELETE FROM " . TABLE_PREFIX . "_j_user_room WHERE login='******'"); grr_sql_command("DELETE FROM " . TABLE_PREFIX . "_j_useradmin_area WHERE login='******'"); grr_sql_command("DELETE FROM " . TABLE_PREFIX . "_j_useradmin_site WHERE login='******'"); } // Fin de la session grr_closeSession($_GET['auto']); } // sinon c'est source="local": on le garde et il y a toujours accès // classique login/mot de passe). }
/** * Load settings from the database * * Query all the settings * Fetch the result in the $grrSettings associative array * * Returns true if all went good, false otherwise * * * @return bool The settings are loaded */ function loadSettings() { global $grrSettings; // Pour tenir compte du changement de nom de la table setting à partir de la version 1.8 $test = grr_sql_query1("select NAME from ".TABLE_PREFIX."_setting where NAME='version'"); if ($test != -1) $sql = "select `NAME`, `VALUE` from ".TABLE_PREFIX."_setting"; else $sql = "select `NAME`, `VALUE` from setting"; $res = grr_sql_query($sql); if (! $res) return (false); if (grr_sql_count($res) == 0) { return (false); } else { for ($i = 0; ($row = grr_sql_row($res, $i)); $i++) { $grrSettings[$row[0]] = $row[1]; } return (true); } }
static function load() { $test = grr_sql_query1("SELECT NAME FROM " . TABLE_PREFIX . "_setting WHERE NAME='version'"); if ($test != -1) { $sql = "SELECT `NAME`, `VALUE` FROM " . TABLE_PREFIX . "_setting"; } else { $sql = "SELECT `NAME`, `VALUE` FROM setting"; } $res = grr_sql_query($sql); if (!$res) { return false; } if (grr_sql_count($res) == 0) { return false; } else { for ($i = 0; $row = grr_sql_row($res, $i); $i++) { self::$grrSettings[$row[0]] = $row[1]; } return true; } }
} $is_admin .= "<br />"; } } if ($is_admin != '') { $a_privileges = 'y'; echo "\n<h3><b>" . get_vocab("utilisateurs administrateurs domaine") . "</b></h3>"; echo $is_admin; } // Si le domaine est restreint, on teste si des utilateurs y ont accès if ($area_access == 'r') { $req_restreint = "SELECT u.login, u.nom, u.prenom, u.etat FROM " . TABLE_PREFIX . "_utilisateurs u left join " . TABLE_PREFIX . "_j_user_area j on u.login=j.login WHERE j.id_area = '" . $area_id . "' ORDER BY u.nom, u.prenom"; $res_restreint = grr_sql_query($req_restreint); $is_restreint = ''; if ($res_restreint) { for ($j = 0; $row_restreint = grr_sql_row($res_restreint, $j); $j++) { $is_restreint .= $row_restreint[1] . " " . $row_restreint[2] . " (" . $row_restreint[0] . ")"; if ($row_restreint[3] == 'inactif') { $is_restreint .= "<b> -> " . get_vocab("no_activ_user") . "</b>"; } $is_restreint .= "<br />"; } } if ($is_restreint != '') { $a_privileges = 'y'; echo "\n<h3>" . get_vocab("utilisateurs acces restreint domaine") . "</h3>\n"; echo "<p>" . $is_restreint . "</p>"; } } if ($a_privileges == 'n') { echo "<p>" . get_vocab("aucun autilisateur") . ".</p>";
/** * Resume a session * * Check that all the expected data is present * Check login / password against database * Update the timeout in the ".TABLE_PREFIX."_log table * * Returns true if session resumes, false otherwise * * * @return bool The session resumed */ function grr_resumeSession() { // Resuming session session_name(SESSION_NAME); @session_start(); if ((getSettingValue('sso_statut') == 'lcs') and (!isset($_SESSION['est_authentifie_sso'])) and ($_SESSION['source_login'] == "ext")) { return (false); die(); } // La session est-elle expirée if (isset($_SESSION['login'])) { $test_session = grr_sql_query1("select count(LOGIN) from ".TABLE_PREFIX."_log where END > now() and LOGIN = '******'login'])."'"); if ($test_session==0) // Détruit toutes les variables de session $_SESSION = array(); } if ((!isset($_SESSION)) or (!isset($_SESSION['login']))){ return (false); die(); } if ((getSettingValue("disable_login")=='yes') and ($_SESSION['statut'] != "administrateur")) { return (false); die(); } // To be removed // Validating session data $sql = "select password = '******'password'] . "' PASSWORD, login = '******'login']) . "' LOGIN, statut = '" . $_SESSION['statut'] . "' STATUT from ".TABLE_PREFIX."_utilisateurs where login = '******'login']) . "'"; $res = grr_sql_query($sql); $row = grr_sql_row($res, 0); // Checking for a timeout $sql2 = "select now() > END TIMEOUT from ".TABLE_PREFIX."_log where SESSION_ID = '" . session_id() . "' and START = '" . $_SESSION['start'] . "'"; if ($row[0] != "1" || $row[1] != "1" || $row[2] != "1") { return (false); } else if (grr_sql_query1($sql2)) { // Le temps d'inactivité est supérieur à la limite fixée. // cas d'une authentification LCS if (getSettingValue('sso_statut') == 'lcs') { if ($is_authentified_lcs == 'yes') // l'utilisateur est authentifié par LCS, on renouvelle la session { $sql = "update ".TABLE_PREFIX."_log set END = now() + interval " . $_SESSION['maxLength'] . " minute where SESSION_ID = '" . session_id() . "' and START = '" . $_SESSION['start'] . "'"; $res = grr_sql_query($sql); return (true); } else // L'utilisateur n'est plus authentifié return (false); } else // cas général return (false); } else { $sql = "update ".TABLE_PREFIX."_log set END = now() + interval " . $_SESSION['maxLength'] . " minute where SESSION_ID = '" . session_id() . "' and START = '" . $_SESSION['start'] . "'"; $res = grr_sql_query($sql); return (true); } }
function reporton(&$row, $dformat) { global $vocab, $enable_periods; echo "<tr>"; //Affiche "area" $area_nom = htmlspecialchars($row[8]); $areadescrip = htmlspecialchars($row[10]); if ($areadescrip != "") { $titre_area_descript = "title=\"" . $areadescrip . "\""; } else { $titre_area_descript = ""; } echo "<td " . $titre_area_descript . " >" . $area_nom . "</td>"; //Affiche "room" $room = htmlspecialchars($row[9]); echo "<td>" . $room . "</td>"; // Breve description (title), avec un lien $breve_description = affichage_lien_resa_planning($row[3], $row[0]); $breve_description = "<a href=\"view_entry.php?id={$row['0']}\">" . $breve_description . "</a>"; echo "<td>" . $breve_description . "</td>\n"; // From date-time and duration: echo "<td>"; if ($enable_periods == 'y') { echo describe_period_span($row[1], $row[2]); echo "</td>\n"; } else { echo describe_span($row[1], $row[2], $dformat); if (date("d\\/m\\/Y", $row[1]) == date("d\\/m\\/Y", $row[2])) { echo "<br />" . date("H\\:i", $row[1]) . " ==> " . date("H\\:i", $row[2]) . "</td>\n"; } else { echo "<br />" . date("d\\/m\\/Y\\ \\-\\ H\\:i", $row[1]) . " ==> " . date("d\\/m\\/Y\\ \\-\\ H\\:i", $row[2]) . "</td>\n"; } } //Description if ($row[4] != "") { $description = nl2br(htmlspecialchars($row[4])); } else { $description = " "; } echo "<td>" . $description . "</td>\n"; //Type de réservation $et = grr_sql_query1("SELECT type_name FROM " . TABLE_PREFIX . "_type_area WHERE type_letter='" . $row[5] . "'"); if ($et == -1) { $et = "?" . $row[5] . "?"; } echo "<td>" . $et . "</td>\n"; //Affichage de "crée par" $sql_beneficiaire = "SELECT prenom, nom FROM " . TABLE_PREFIX . "_utilisateurs WHERE login = '******'"; $res_beneficiaire = grr_sql_query($sql_beneficiaire); if ($res_beneficiaire) { $row_user = grr_sql_row($res_beneficiaire, 0); } echo "<td>" . htmlspecialchars($row_user[0]) . " " . htmlspecialchars($row_user[1]) . "</td>"; //Affichage de la date de la dernière mise à jour echo "<td>" . date_time_string($row[7], $dformat) . "</td>\n"; echo "</tr>\n"; }
/** * todo vocab, a rassembler * sorti de la boucle for */ $tplArray['vocab']['ressource_temporairement_indisponible'] = get_vocab('ressource_temporairement_indisponible'); $tplArray['vocab']['fiche_ressource'] = get_vocab('fiche_ressource'); $tplArray['vocab']['ressource_actuellement_empruntee'] = get_vocab('ressource actuellement empruntee'); $tplArray['vocab']['reservation_a_confirmer_au_plus_tard_le'] = get_vocab('reservation_a_confirmer_au_plus_tard_le'); $tplArray['vocab']['en_attente_moderation'] = get_vocab('en_attente_moderation'); $tplArray['vocab']['reservation_impossible'] = get_vocab('reservation_impossible'); $tplArray['vocab']['cliquez_pour_effectuer_une_reservation'] = get_vocab('cliquez_pour_effectuer_une_reservation'); $tplArray['vocab']['top_of_page'] = get_vocab('top_of_page'); $li = 0; /* incrément des room accessibles, todo peut faire dvoublon avec $li, à refactoriser */ $incrementRoomAccessible = 0; for ($ir = 0; $row = grr_sql_row($res, $ir); $ir++) { /* un tour de boucle par room */ $verif_acces_ressource = verif_acces_ressource(getUserName(), $row['2']); if ($verif_acces_ressource) { /* l'incrément est différent de celui de la boucle si certaines room ne sont pas accessibles */ $acces_fiche_reservation = verif_acces_fiche_reservation(getUserName(), $row['2']); $UserRoomMaxBooking = UserRoomMaxBooking(getUserName(), $row['2'], 1); $authGetUserLevel = authGetUserLevel(getUserName(), -1); $auth_visiteur = auth_visiteur(getUserName(), $row['2']); $tplArray['rooms'][$incrementRoomAccessible]['id'] = $row[2]; $tplArray['rooms'][$incrementRoomAccessible]['capacity'] = $row[1]; $tplArray['rooms'][$incrementRoomAccessible]['description'] = $row[3]; //echo '<tr>'.PHP_EOL; /* remplacé par la class "table_stripped de bootstrap */ /*if ($ir % 2 == 1) { echo tdcell('cell_hours');
/** NettoyerTablesJointure() * * Supprime les lignes inutiles dans les tables de liaison * */ function NettoyerTablesJointure() { $nb = 0; // Table grr_j_mailuser_room $req = "SELECT j.login FROM " . TABLE_PREFIX . "_j_mailuser_room j\n\tLEFT JOIN " . TABLE_PREFIX . "_utilisateurs u on u.login=j.login\n\tWHERE (u.login IS NULL)"; $res = grr_sql_query($req); if ($res) { for ($i = 0; $row = grr_sql_row($res, $i); $i++) { $nb++; grr_sql_command("delete from " . TABLE_PREFIX . "_j_mailuser_room where login='******'"); } } // Table grr_j_user_area $req = "SELECT j.login FROM " . TABLE_PREFIX . "_j_user_area j\n\tLEFT JOIN " . TABLE_PREFIX . "_utilisateurs u on u.login=j.login\n\tWHERE (u.login IS NULL)"; $res = grr_sql_query($req); if ($res) { for ($i = 0; $row = grr_sql_row($res, $i); $i++) { $nb++; grr_sql_command("delete from " . TABLE_PREFIX . "_j_user_area where login='******'"); } } // Table grr_j_user_room $req = "SELECT j.login FROM " . TABLE_PREFIX . "_j_user_room j\n\tLEFT JOIN " . TABLE_PREFIX . "_utilisateurs u on u.login=j.login\n\tWHERE (u.login IS NULL)"; $res = grr_sql_query($req); if ($res) { for ($i = 0; $row = grr_sql_row($res, $i); $i++) { $nb++; grr_sql_command("DELETE FROM " . TABLE_PREFIX . "_j_user_room WHERE login='******'"); } } // Table grr_j_useradmin_area $req = "SELECT j.login FROM " . TABLE_PREFIX . "_j_useradmin_area j\n\tLEFT JOIN " . TABLE_PREFIX . "_utilisateurs u on u.login=j.login\n\tWHERE (u.login IS NULL)"; $res = grr_sql_query($req); if ($res) { for ($i = 0; $row = grr_sql_row($res, $i); $i++) { $nb++; grr_sql_command("DELETE FROM " . TABLE_PREFIX . "_j_useradmin_area WHERE login='******'"); } } // Table grr_j_useradmin_site $req = "SELECT j.login FROM " . TABLE_PREFIX . "_j_useradmin_site j\n\tLEFT JOIN " . TABLE_PREFIX . "_utilisateurs u on u.login=j.login\n\tWHERE (u.login IS NULL)"; $res = grr_sql_query($req); if ($res) { for ($i = 0; $row = grr_sql_row($res, $i); $i++) { $nb++; grr_sql_command("DELETE FROM " . TABLE_PREFIX . "_j_useradmin_site WHERE login='******'"); } } // Suppression effective echo "<hr />\n"; echo "<p class='avertissement'>" . get_vocab("tables_liaison") . get_vocab("deux_points") . $nb . get_vocab("entres_supprimees") . "</p>\n"; }
# d[weekday][slot][x], où x = id, color, data. # [slot] is based at 0 for midnight, but only slots within the hours of # interest (morningstarts : eveningends) are filled in. # [id] and [data] are only filled in when the meeting should be labeled, # which is once for each meeting on each weekday. # Note: weekday here is relative to the $weekstarts configuration variable. # If 0, then weekday=0 means Sunday. If 1, weekday=0 means Monday. $first_slot = $morningstarts * 3600 / $resolution; $last_slot = ($eveningends * 3600 + $eveningends_minutes * 60) / $resolution; if ($debug_flag) echo "<br />DEBUG: query=$sql <br />first_slot=$first_slot - last_slot=$last_slot\n"; $res = grr_sql_query($sql); if (! $res) echo grr_sql_error(); else for ($i = 0; ($row = grr_sql_row($res, $i)); $i++) { if ($debug_flag) echo "<br />DEBUG: result $i, id $row[4], starts $row[0] (".affiche_date($row[0])."), ends $row[1] (".affiche_date($row[1]).")\n"; # Fill in slots for the meeting. Start at the meeting start time or # week start (which ever is later), and end one slot before the meeting # end time or week end (which ever is earlier). # Note: int casts on database rows for min and max is needed for PHP3. // Pour la réservation en cours, on détermine le début de la journée $debut_jour $month_current = date("m",$row[0]); $day_current = date("d",$row[0]); $year_current = date("Y",$row[0]); $debut_jour=mktime($morningstarts,0,0,$month_current,$day_current,$year_current);
$display_liste .= ' >'.get_vocab('default_room_all').'</option>'."\n". '<option value="-2"'; if ($default_room == -2) $display_liste .= ' selected="selected" '; $display_liste .= ' >'.get_vocab('default_room_week_all').'</option>'."\n". '<option value="-3"'; if ($default_room == -3) $display_liste .= ' selected="selected" '; $display_liste .= ' >'.get_vocab('default_room_month_all').'</option>'."\n". '<option value="-4"'; if ($default_room == -4) $display_liste .= ' selected="selected" '; $display_liste .= ' >'.get_vocab('default_room_month_all_bis').'</option>'."\n"; for ($enr = 0; ($row = grr_sql_row($resultat, $enr)); $enr++) { $display_liste .= ' <option value="'.$row[0].'"'; if ($default_room == $row[0]) $display_liste .= ' selected="selected" '; $display_liste .= '>'.grr_htmlSpecialChars($row[1]).' '.get_vocab('display_week'); $display_liste .= '</option>'."\n"; } $display_liste .= ' </select> </td> </tr></table>'."\n"; } } if ($unicode_encoding)
} } if ($type == "area") { // Seul l'admin peut supprimer un domaine if (authGetUserLevel(getUserName(), $id_area, 'area') < 5) { showAccessDenied($back); exit; } //We are only going to let them delete an area if there are //no rooms. its easier $n = grr_sql_query1("SELECT count(*) FROM " . TABLE_PREFIX . "_room WHERE area_id={$id_area}"); if ($n == 0) { // Suppression des champ additionnels $sqlstring = "SELECT id FROM " . TABLE_PREFIX . "_overload WHERE id_area='" . $id_area . "'"; $result = grr_sql_query($sqlstring); for ($i = 0; $field_row = grr_sql_row($result, $i); $i++) { $id_overload = $field_row[0]; // Suppression des données dans les réservations déjà effectuées grrDelOverloadFromEntries($id_overload); $sql = "DELETE FROM " . TABLE_PREFIX . "_overload WHERE id={$id_overload};"; grr_sql_command($sql); } //OK, nothing there, lets blast it away grr_sql_command("DELETE FROM " . TABLE_PREFIX . "_area WHERE id={$id_area}"); grr_sql_command("update " . TABLE_PREFIX . "_utilisateurs set default_area = '-1', default_room = '-1' WHERE default_area='" . $id_area . "'"); grr_sql_command("DELETE FROM " . TABLE_PREFIX . "_area_periodes WHERE id_area={$id_area}"); grr_sql_command("DELETE FROM " . TABLE_PREFIX . "_j_useradmin_area WHERE id_area={$id_area}"); grr_sql_command("DELETE FROM " . TABLE_PREFIX . "_j_type_area WHERE id_area={$id_area}"); grr_sql_command("DELETE FROM " . TABLE_PREFIX . "_j_user_area WHERE id_area={$id_area}"); grr_sql_command("DELETE FROM " . TABLE_PREFIX . "_j_site_area WHERE id_area={$id_area}"); $test = grr_sql_query1("select VALUE from " . TABLE_PREFIX . "_setting WHERE NAME='default_area'");
function handleSlo($ret) { //error_log("handleSlo"); $r = $this->relayState; if ($this->currentHttpMethod == LASSO_HTTP_METHOD_GET && $this->currentHttpMethod == LASSO_HTTP_METHOD_POST) { $this->headerHtml("SLO endpoint", $r); if ($ret) { echo "Demande de slo échoué: " . strError($ret) . "({$ret})"; } else { echo "Demande de slo réussie"; } echo "Go to <a href='{$r}'>{$r}</a>"; $this->footerHtml(); lassospkit_clean(); grr_closeSession($_GET['auto']); } else { # Specialized $id = lassospkit_userid(); if (isset($id)) { //error_log("Trying to destroy session $id"); chdir(".."); global $dbsys; require_once "./include/config.inc.php"; include "./include/connect.inc.php"; require_once "./include/{$dbsys}.inc.php"; require_once "./include/functions.inc.php"; require_once "./include/session.inc.php"; // See admin_view_connexions.php:67 $sql = "SELECT session_id FROM " . TABLE_PREFIX . "_log\n WHERE login = '******'\n AND end > NOW()"; $res = grr_sql_query($sql); if ($res) { for ($i = 0; $row = grr_sql_row($res, $i); $i++) { $php_session_id = $row[0]; //error_log("Erasing GRR session $php_session_id"); session_id($php_session_id); // delete spkitlasso session if necessary @session_start(); lassospkit_set_nameid(@$_SESSION['lasso_nameid']); lassospkit_clean(); // delete GRR session $auto = 0; grr_closeSession($auto); // Done by grr_closeSession: //session_start(); //session_destroy(); } } } } if ($ret) { error_log("Demande de slo échoué: {$ret}"); } else { //error_log("Demande de slo réussie: $ret"); } return $ret; }
function moderate_entry_do($_id,$_moderate,$_description,$send_mail="yes") { global $dformat; // On vérifie que l'utilisateur a bien le droit d'être ici $room_id = grr_sql_query1("select room_id from ".TABLE_PREFIX."_entry where id='".$_id."'"); if (authGetUserLevel(getUserName(),$room_id) < 3) { fatal_error(0,"Opération interdite"); exit(); } // j'ai besoin de $repeat_id ' $sql = "select repeat_id from ".TABLE_PREFIX."_entry where id =".$_id; $res = grr_sql_query($sql); if (! $res) fatal_error(0, grr_sql_error()); $row = grr_sql_row($res, 0); $repeat_id = $row['0']; // Initialisation $series = 0; if ($_moderate == "S1") { $_moderate = "1"; $series = 1; } if ($_moderate == "S0") { $_moderate = "0"; $series = 1; } if ($series==0) { //moderation de la ressource if ($_moderate == 1) { $sql = "update ".TABLE_PREFIX."_entry set moderate = 2 where id = ".$_id; } else { $sql = "update ".TABLE_PREFIX."_entry set moderate = 3 where id = ".$_id; } $res = grr_sql_query($sql); if (! $res) fatal_error(0, grr_sql_error()); if (!(grr_backup($_id,$_SESSION['login'],$_description))) fatal_error(0, grr_sql_error()); $tab_id_moderes = array(); } else { // cas d'une série // on constitue le tableau des id de la périodicité $sql = "select id from ".TABLE_PREFIX."_entry where repeat_id=".$repeat_id; $res = grr_sql_query($sql); if (! $res) fatal_error(0, grr_sql_error()); $tab_entry = array(); for ($i = 0; ($row = grr_sql_row($res, $i)); $i++) { $tab_entry[] = $row['0']; } $tab_id_moderes = array(); // Boucle sur les résas foreach ($tab_entry as $entry_tom) { $test = grr_sql_query1("select count(id) from ".TABLE_PREFIX."_entry_moderate where id = '".$entry_tom."'"); // Si il existe déjà une entrée dans ".TABLE_PREFIX."_entry_moderate, cela signifie que la réservation a déjà été modérée. // Sinon : if ($test == 0) { //moderation de la ressource if ($_moderate == 1) { $sql = "update ".TABLE_PREFIX."_entry set moderate = 2 where id = '".$entry_tom."'"; } else { $sql = "update ".TABLE_PREFIX."_entry set moderate = 3 where id = '".$entry_tom."'"; } $res = grr_sql_query($sql); if (! $res) fatal_error(0, grr_sql_error()); if (!(grr_backup($entry_tom,$_SESSION['login'],$_description))) fatal_error(0, grr_sql_error()); // Backup : on enregistre les infos dans ".TABLE_PREFIX."_entry_moderate // On constitue un tableau des réservations modérées $tab_id_moderes[] = $entry_tom; } } } // Avant d'effacer la réservation, on procède à la notification par mail, uniquement si la salle n'a pas déjà été modérée. if ($send_mail=="yes") send_mail($_id,6,$dformat,$tab_id_moderes); //moderation de la ressource if ($_moderate != 1) { // on efface l'entrée de la base if ($series==0) { $sql = "delete from ".TABLE_PREFIX."_entry where id = ".$_id; $res = grr_sql_query($sql); if (! $res) fatal_error(0, grr_sql_error()); } else { // On sélectionne toutes les réservation de la périodicité $res = grr_sql_query("select id from ".TABLE_PREFIX."_entry where repeat_id='".$repeat_id."'"); if (! $res) fatal_error(0, grr_sql_error()); for ($i = 0; ($row = grr_sql_row($res, $i)); $i++) { $entry_tom = $row['0']; // Pour chaque réservation, on teste si celle-ci a été refusée $test = grr_sql_query1("select count(id) from ".TABLE_PREFIX."_entry_moderate where id = '".$entry_tom."' and moderate='3'"); // Si oui, on supprime la réservation if ($test > 0) $del = grr_sql_query("delete from ".TABLE_PREFIX."_entry where id = '".$entry_tom."'"); } // On supprime l'info de périodicité $del_repeat = grr_sql_query("delete from ".TABLE_PREFIX."_repeat where id='".$repeat_id."'"); $dupdate_repeat = grr_sql_query("update ".TABLE_PREFIX."_entry set repead_id = '0' where repead_id='".$repeat_id."'"); } } }
if ($res_room) { if (grr_sql_count($res_room) == $nb_room && $nb_room != 0) { $is_gestionnaire = $vocab['all_rooms']; } else { for ($j = 0; $row_room = grr_sql_row($res_room, $j); ++$j) { $is_gestionnaire .= $row_room[0] . '<br />'; } } } $req_mail = 'SELECT r.room_name from ' . TABLE_PREFIX . '_room r left join ' . TABLE_PREFIX . '_j_mailuser_room j on r.id=j.id_room left join ' . TABLE_PREFIX . "_area a on r.area_id=a.id\n\t\t\t\twhere j.login = '******' and a.id='" . $row_area[0] . "'"; $res_mail = grr_sql_query($req_mail); $is_mail = ''; if ($res_mail) { for ($j = 0; $row_mail = grr_sql_row($res_mail, $j); ++$j) { $is_mail .= $row_mail[0] . '<br />'; } } if ($row_area[2] == 'r') { $test_restreint = grr_sql_query1('SELECT count(id_area) from ' . TABLE_PREFIX . "_j_user_area j where j.login = '******' and j.id_area='" . $row_area[0] . "'"); if ($test_restreint >= 1) { $is_restreint = 'y'; } else { $is_restreint = 'n'; } } else { $is_restreint = 'n'; } if ($is_admin == 'y' || $is_restreint == 'y' || $is_gestionnaire != '' || $is_mail != '') { $a_privileges = 'y';
function read_sites() { // Affichage des titres de la page echo ' <h2>'.get_vocab('admin_site.php').grr_help("aide_grr_multisites").'</h2>'; echo ' <p>'.get_vocab('admin_site_explications').'</p> | <a href="admin_site.php?action=create&id=0">'.get_vocab('display_add_site').'</a> |'; if (count_sites()>0) { $sql = "SELECT id,sitecode,sitename,cp,ville FROM ".TABLE_PREFIX."_site ORDER BY sitename,ville,id"; $res = grr_sql_query($sql); if ($res) { // Affichage de l'entête du tableau echo ' <table border="1" cellpadding="3"> <tr> <th>'.get_vocab('action').get_vocab('deux_points').'</th> <th>'.get_vocab('site_code').'</th> <th>'.get_vocab('site_name').'</th> <th>'.get_vocab('site_cp').'</th> <th>'.get_vocab('site_ville').'</th> </tr>'; for ($i = 0; ($row=grr_sql_row($res,$i));$i++) { echo ' <tr> <td> <a href="admin_site.php?action=update&id='.$row[0].'"><img class="image" title="'.get_vocab('change').'" alt="'.get_vocab('change').'" src="img_grr/edit_s.png" /></a> <a href="admin_site.php?action=delete&id='.$row[0].'"><img class="image" title="'.get_vocab('delete').'" alt="'.get_vocab('delete').'" src="img_grr/delete_s.png" /></a>'; //echo ' <a href="admin_site.php?action=right&id='.$row[0].'"><img class=\"image\" title="'.get_vocab('privileges').'" alt="'.get_vocab('privileges').'" src="img_grr/rights.png" /></a>'; echo ' </td> <td>'.$row[1].'</td> <td>'.$row[2].'</td> <td>'.$row[3].'</td> <td>'.$row[4].'</td> </tr>'; } echo ' </table>'; } else { echo ' <p>Une erreur est survenue pendant la préparation de la requète de lecture des sites.</p>'; // fin de l'affichage de la colonne de droite echo "</td></tr></table>\n</body>\n</html>\n"; die(); } // fin de l'affichage de la colonne de droite echo "</td></tr></table>\n</body>\n</html>\n"; die(); } }
/** NettoyerTablesJointure() * Supprime les lignes inutiles dans les tables de liaison. */ function NettoyerTablesJointure() { $nb = 0; // Table grr_j_mailuser_room $req = 'SELECT j.login FROM ' . TABLE_PREFIX . '_j_mailuser_room j LEFT JOIN ' . TABLE_PREFIX . '_utilisateurs u on u.login=j.login WHERE (u.login IS NULL)'; $res = grr_sql_query($req); if ($res) { for ($i = 0; $row = grr_sql_row($res, $i); ++$i) { ++$nb; grr_sql_command('delete from ' . TABLE_PREFIX . "_j_mailuser_room where login='******'"); } } // Table grr_j_user_area $req = 'SELECT j.login FROM ' . TABLE_PREFIX . '_j_user_area j LEFT JOIN ' . TABLE_PREFIX . '_utilisateurs u on u.login=j.login WHERE (u.login IS NULL)'; $res = grr_sql_query($req); if ($res) { for ($i = 0; $row = grr_sql_row($res, $i); ++$i) { ++$nb; grr_sql_command('delete from ' . TABLE_PREFIX . "_j_user_area where login='******'"); } } // Table grr_j_user_room $req = 'SELECT j.login FROM ' . TABLE_PREFIX . '_j_user_room j LEFT JOIN ' . TABLE_PREFIX . '_utilisateurs u on u.login=j.login WHERE (u.login IS NULL)'; $res = grr_sql_query($req); if ($res) { for ($i = 0; $row = grr_sql_row($res, $i); ++$i) { ++$nb; grr_sql_command('DELETE FROM ' . TABLE_PREFIX . "_j_user_room WHERE login='******'"); } } // Table grr_j_useradmin_area $req = 'SELECT j.login FROM ' . TABLE_PREFIX . '_j_useradmin_area j LEFT JOIN ' . TABLE_PREFIX . '_utilisateurs u on u.login=j.login WHERE (u.login IS NULL)'; $res = grr_sql_query($req); if ($res) { for ($i = 0; $row = grr_sql_row($res, $i); ++$i) { ++$nb; grr_sql_command('DELETE FROM ' . TABLE_PREFIX . "_j_useradmin_area WHERE login='******'"); } } // Table grr_j_useradmin_site $req = 'SELECT j.login FROM ' . TABLE_PREFIX . '_j_useradmin_site j LEFT JOIN ' . TABLE_PREFIX . '_utilisateurs u on u.login=j.login WHERE (u.login IS NULL)'; $res = grr_sql_query($req); if ($res) { for ($i = 0; $row = grr_sql_row($res, $i); ++$i) { ++$nb; grr_sql_command('DELETE FROM ' . TABLE_PREFIX . "_j_useradmin_site WHERE login='******'"); } } // Suppression effective echo "<hr />\n"; echo "<p class='avertissement'>" . get_vocab('tables_liaison') . get_vocab('deux_points') . $nb . get_vocab('entres_supprimees') . "</p>\n"; }
$res_room = grr_sql_query($req_room); $is_gestionnaire = ''; if ($res_room) { if (grr_sql_count($res_room) == $nb_room && $nb_room != 0) { $is_gestionnaire = $vocab["all_rooms"]; } else { for ($j = 0; $row_room = grr_sql_row($res_room, $j); $j++) { $is_gestionnaire .= $row_room[0] . "<br />"; } } } $req_mail = "SELECT r.room_name from " . TABLE_PREFIX . "_room r\n\t\t\t\tleft join " . TABLE_PREFIX . "_j_mailuser_room j on r.id=j.id_room\n\t\t\t\tleft join " . TABLE_PREFIX . "_area a on r.area_id=a.id\n\t\t\t\twhere j.login = '******' and a.id='" . $row_area[0] . "'"; $res_mail = grr_sql_query($req_mail); $is_mail = ''; if ($res_mail) { for ($j = 0; $row_mail = grr_sql_row($res_mail, $j); $j++) { $is_mail .= $row_mail[0] . "<br />"; } } if ($row_area[2] == 'r') { $test_restreint = grr_sql_query1("SELECT count(id_area) from " . TABLE_PREFIX . "_j_user_area j where j.login = '******' and j.id_area='" . $row_area[0] . "'"); if ($test_restreint >= 1) { $is_restreint = 'y'; } else { $is_restreint = 'n'; } } else { $is_restreint = 'n'; } if ($is_admin == 'y' || $is_restreint == 'y' || $is_gestionnaire != '' || $is_mail != '') { $a_privileges = 'y';
$tplArray['joursDuMois'][$k]['cycleJour'] = false; } //echo "</th>\n"; } else { $tplArray['joursDuMois'][$k]['display'] = false; } } //echo '</tr>'; $tplArray['vocab']['reservation_impossible'] = get_vocab('reservation_impossible'); $tplArray['vocab']['en_attente_moderation'] = get_vocab('en_attente_moderation'); $tplArray['vocab']['reservation_a_confirmer_au_plus_tard_le'] = get_vocab('reservation_a_confirmer_au_plus_tard_le'); $tplArray['vocab']['ressource_actuellement_empruntee'] = get_vocab('ressource actuellement empruntee'); $li = 0; $incrementRoomAccessible = 0; $incrementDisplayDay = 0; for ($ir = 0; $row = grr_sql_row($res, $ir); ++$ir) { /* un tour par ressources */ $verif_acces_ressource = verif_acces_ressource(getUserName(), $row[2]); if ($verif_acces_ressource) { $tplArray['rooms'][$incrementRoomAccessible]['nom'] = strip_tags(htmlspecialchars($row[0])); $tplArray['rooms'][$incrementRoomAccessible]['capacity'] = $row[1]; $tplArray['rooms'][$incrementRoomAccessible]['description'] = $row[3]; $acces_fiche_reservation = verif_acces_fiche_reservation(getUserName(), $row[2]); //echo '<tr><th class="tableau_month_all2">'.htmlspecialchars($row[0])."</th>\n"; $li++; //$t2 = mktime(0, 0, 0, $month, 1, $year); for ($k = 1; $k <= $days_in_month; $k++) { /* un tour par jour pour la room en cours $ir */ $t2 = mktime(0, 0, 0, $month, $k, $year); $cday = date('j', $t2); $cweek = date('w', $t2);
function grr_sql_version() { $r = grr_sql_query("select version()"); $v = grr_sql_row($r, 0); grr_sql_free($r); return "MySQL $v[0]"; }
/** * Resume a session * * Check that all the expected data is present * Check login / password against database * Update the timeout in the ".TABLE_PREFIX."_log table * * Returns true if session resumes, false otherwise * * * @return boolean */ function grr_resumeSession() { // Resuming session session_name(SESSION_NAME); @session_start(); if (Settings::get('sso_statut') == 'lcs' and !isset($_SESSION['est_authentifie_sso']) and $_SESSION['source_login'] == "ext") { return false; } // La session est-elle expirée if (isset($_SESSION['login'])) { $test_session = grr_sql_query1("SELECT count(LOGIN) from " . TABLE_PREFIX . "_log where END > now() and LOGIN = '******'login']) . "'"); if ($test_session == 0) { $_SESSION = array(); } } if (!isset($_SESSION) or !isset($_SESSION['login'])) { return false; } if (Settings::get("disable_login") == 'yes' and $_SESSION['statut'] != "administrateur") { return false; } // To be removed // Validating session data $sql = "SELECT password = '******'password'] . "' PASSWORD, login = '******'login']) . "' LOGIN, statut = '" . $_SESSION['statut'] . "' STATUT\n\tfrom " . TABLE_PREFIX . "_utilisateurs where login = '******'login']) . "'"; $res = grr_sql_query($sql); $row = grr_sql_row($res, 0); // Checking for a timeout $sql2 = "SELECT now() > END TIMEOUT from " . TABLE_PREFIX . "_log where SESSION_ID = '" . session_id() . "' and START = '" . $_SESSION['start'] . "'"; if ($row[0] != "1" || $row[1] != "1" || $row[2] != "1") { return false; } else { if (grr_sql_query1($sql2)) { // Le temps d'inactivité est supérieur à la limite fixée. // cas d'une authentification LCS if (Settings::get('sso_statut') == 'lcs') { // l'utilisateur est authentifié par LCS, on renouvelle la session if ($is_authentified_lcs == 'yes') { $sql = "UPDATE " . TABLE_PREFIX . "_log set END = now() + interval " . $_SESSION['maxLength'] . " minute where SESSION_ID = '" . session_id() . "' and START = '" . $_SESSION['start'] . "'"; $res = grr_sql_query($sql); if (!$res) { fatal_error(0, 'erreur mysql' . grr_sql_error()); } return true; } else { return false; } } else { return false; } } else { $sql = "UPDATE " . TABLE_PREFIX . "_log set END = now() + interval " . $_SESSION['maxLength'] . " minute where SESSION_ID = '" . session_id() . "' and START = '" . $_SESSION['start'] . "'"; $res = grr_sql_query($sql); if (!$res) { fatal_error(0, 'erreur mysql' . grr_sql_error()); } return true; } } }
//echo '</select>',PHP_EOL,'</div>',PHP_EOL,'</td>',PHP_EOL,'</tr>',PHP_EOL; /*echo '<!-- ************* Ressources edition ***************** -->',PHP_EOL; echo '<tr><td class="E"><b>'.get_vocab('rooms').get_vocab('deux_points')."</b></td></tr>\n";*/ $sql = 'SELECT id, room_name, description, capacity FROM ' . TABLE_PREFIX . "_room WHERE area_id={$area_id} "; $tab_rooms_noaccess = verif_acces_ressource(getUserName(), 'all'); foreach ($tab_rooms_noaccess as $key) { $sql .= " and id != {$key} "; } $sql .= ' ORDER BY order_display,room_name'; $res = grr_sql_query($sql); $len = grr_sql_count($res); $tplArrayEditEntry['longeurListeRessourcesMax'] = min($longueur_liste_ressources_max, $len); /*echo '<tr><td class="CL" style="vertical-align:top;"><table border="0"><tr><td><select name="rooms[]" size="'.min($longueur_liste_ressources_max, $len).'" multiple="multiple">';*/ //Sélection de la "room" dans l'"area" if ($res) { for ($i = 0; $row = grr_sql_row($res, $i); ++$i) { /*var_dump($row);echo "<br>";*/ $tplArrayEditEntry['rooms'][$i]['0'] = $row[0]; $tplArrayEditEntry['rooms'][$i]['1'] = $row[1]; $tplArrayEditEntry['rooms'][$i]['capacity'] = $row[3]; $tplArrayEditEntry['rooms'][$i]['desc'] = $row[2]; $selected = ''; if ($row[0] == $room_id) { //$selected = 'selected="selected"'; $tplArrayEditEntry['rooms'][$i]['selected'] = true; } else { $tplArrayEditEntry['rooms'][$i]['selected'] = false; } /*echo '<option ',$selected,' value="',$row[0],'">',$row[1],'</option>',PHP_EOL;*/ } }
<div class="input-group"> <div class="input-group-addon"><span class="glyphicon glyphicon-earphone"></span></div> <input class="form-control" type="text" size="8" maxlength="14" id="telephone" name="telephone" placeholder="Votre numéro de téléphone" /> </div> </div> </fieldset> <fieldset> <legend><b>Réservation</b></legend> <label for="subject">Sujet :</label> <textarea class="form-control" id="subject" name="sujet" cols="30" rows="4"></textarea><br/> <label>Domaines : </label> <select id="area" name="area" class="form-control"> <?php $sql_areaName = "SELECT id, area_name FROM " . TABLE_PREFIX . "_area ORDER BY area_name"; $res_areaName = grr_sql_query($sql_areaName); for ($i = 0; $row_areaName = grr_sql_row($res_areaName, $i); $i++) { if (authUserAccesArea(getUserName(), $row_areaName[0]) == 1) { $id = $row_areaName[0]; $area_name = $row_areaName[1]; echo '<option onclick="" value="' . $id . '"> ' . $area_name . '</option>' . PHP_EOL; } } ?> </select> <script> $(document).ready(function() { var $domaine = $('#area'); var $salle = $('#room'); $domaine.on('change', function() {
left join ".TABLE_PREFIX."_j_useradmin_area on ".TABLE_PREFIX."_j_useradmin_area.login=u.login WHERE ((etat!='inactif' and (statut='utilisateur' or statut='administrateur' or statut='gestionnaire_utilisateur')) AND (".TABLE_PREFIX."_j_useradmin_area.login is null or (".TABLE_PREFIX."_j_useradmin_area.login=u.login and ".TABLE_PREFIX."_j_useradmin_area.id_area!=".$id_area."))) order by u.nom, u.prenom"; $res = grr_sql_query($sql); $nb_users = grr_sql_count($res); if ($nb_users > 0) { ?> <tr><td> <h3><?php echo get_vocab("add_multiple_user_to_list").get_vocab("deux_points");?></h3> <form action="admin_right_admin.php" method='post'> <div><select name="agent" size="8" style="width:200px;" multiple="multiple" ondblclick="Deplacer(this.form.agent,this.form.elements['reg_multi_admin_login[]'])"> <?php if ($res) for ($i = 0; ($row = grr_sql_row($res, $i)); $i++) { if (authUserAccesArea($row[0],$id_area) == 1) { echo "<option value='$row[0]'>".grr_htmlSpecialChars($row[1])." ".grr_htmlSpecialChars($row[2])."</option>"; } } ?> </select> <input type="button" value="<<" onclick="Deplacer(this.form.elements['reg_multi_admin_login[]'],this.form.agent)"/> <input type="button" value=">>" onclick="Deplacer(this.form.agent,this.form.elements['reg_multi_admin_login[]'])"/> <select name="reg_multi_admin_login[]" id="reg_multi_admin_login" size="8" style="width:200px;" multiple="multiple" ondblclick="Deplacer(this.form.elements['reg_multi_admin_login[]'],this.form.agent)"> <option> </option> </select> <input type="hidden" name="id_area" value="<?php echo $id_area;?>" /> <input type="submit" value="Enregistrer" onclick="selectionner_liste(this.form.reg_multi_admin_login);"/></div>
<?php include "include/connect.inc.php"; include "include/mysql.inc.php"; include "include/misc.inc.php"; $id = $_GET['id']; echo "<optgroup label=\"Salles\">"; $res = grr_sql_query("SELECT room_name FROM " . TABLE_PREFIX . "_room WHERE area_id = '" . $id . "' ORDER BY room_name"); $nbresult = mysqli_num_rows($res); if ($nbresult != 0) { for ($t = 0; $row_roomName = grr_sql_row($res, $t); $t++) { $room_name = $row_roomName[0]; echo " <option value =\"{$t}\">{$room_name}</option>"; } } else { echo " <option value =\"1\">Aucune ressource liée à ce domaine</option>"; }
echo '<img src="img_grr/flag_moderation.png" alt="' . get_vocab("en_attente_moderation") . '" title="' . get_vocab("en_attente_moderation") . '" class="image" />' . PHP_EOL; } if ($statut_room[$room] == "1" || $statut_room[$room] == "0" && authGetUserLevel(getUserName(), $room) > 2) { if ($acces_fiche_reservation) { if ($settings->get("display_level_view_entry") == 0) { $currentPage = 'day'; echo '<a title="' . htmlspecialchars($today[$room][$t]["who"]) . '" data-width="675" onclick="request(' . $id . ',' . $day . ',' . $month . ',' . $year . ',\'' . $currentPage . '\',readData);" data-rel="popup_name" class="poplight">' . $descr . PHP_EOL; } else { echo '<a class="lienCellule" title="', htmlspecialchars($today[$room][$t]["who"]), '" href="view_entry.php?id=', $id, '&day=', $day, '&month=', $month, '&year=', $year, '&page=day\\>', $descr; } } else { echo ' ' . $descr; } $sql = "SELECT type_name,start_time,end_time,clef,courrier FROM " . TABLE_PREFIX . "_type_area ," . TABLE_PREFIX . "_entry WHERE " . TABLE_PREFIX . "_entry.id= " . $today[$room][$t]["id"] . " AND " . TABLE_PREFIX . "_entry.type= " . TABLE_PREFIX . "_type_area.type_letter"; $res = grr_sql_query($sql); for ($i = 0; $row = grr_sql_row($res, $i); $i++) { $type_name = $row['0']; $start_time = $row['1']; $end_time = $row['2']; $clef = $row['3']; $courrier = $row['4']; if ($enable_periods != 'y') { echo '<br/>', date('H:i', $start_time), get_vocab("to"), date('H:i', $end_time), '<br/>'; } if ($type_name != -1) { echo $type_name; } echo '<br>' . PHP_EOL; if ($clef == 1) { echo '<img src="img_grr/skey.png" alt="clef">' . PHP_EOL; }
} $sql = "SELECT * FROM " . TABLE_PREFIX . "_entry WHERE id='" . $id . "'"; $res = grr_sql_query($sql); if (!$res) { fatal_error(0, grr_sql_error()); } $row = grr_sql_row($res, 0); $sql = "SELECT room_name FROM " . TABLE_PREFIX . "_room WHERE id='" . $row[5] . "'"; $res = grr_sql_query($sql); $row2 = grr_sql_row($res, 0); $res2 = grr_sql_query("SELECT rep_type, end_date, rep_opt, rep_num_weeks, start_time, end_time FROM " . TABLE_PREFIX . "_repeat WHERE id={$row['4']}"); if (!$res2) { fatal_error(0, grr_sql_error()); } if (grr_sql_count($res2) == 1) { $row6 = grr_sql_row($res2, 0); $rep_type = $row6[0]; $rep_end_date = utf8_strftime($dformat, $row6[1]); $rep_opt = $row6[2]; $rep_num_weeks = $row6[3]; $start_time = $row6[4]; $end_time = $row6[5]; $duration = $row6[5] - $row6[4]; } if ($row[4] != 0) { $period = 1; } else { $period = 0; } include 'pdf/form_infoPDF.html'; }
?> " style="font-variant: small-caps;"/> </fieldset> </form> </div> <hr style="margin-top: 32px; margin-bottom: 24px;"/> <h3> <?php echo get_vocab("cleaning_log"); ?> </h3> <?php $sql = "select START from " . TABLE_PREFIX . "_log order by END"; $res = grr_sql_query($sql); $logs_number = grr_sql_count($res); $row = grr_sql_row($res, 0); $annee = substr($row[0], 0, 4); $mois = substr($row[0], 5, 2); $jour = substr($row[0], 8, 2); echo "<p>" . get_vocab("logs_number") . "<b>" . $logs_number . "</b><br />"; echo get_vocab("older_date_log") . "<b>" . $jour . "/" . $mois . "/" . $annee . "</b></p>"; if (!isset($_POST['cleanYear'])) { $_POST['cleanYear'] = strftime("%Y"); } if (!isset($_POST['cleanMonth'])) { $_POST['cleanMonth'] = strftime("%m"); } if (!isset($_POST['cleanDay'])) { $_POST['cleanDay'] = strftime("%d"); } ?>
/* * Liste des sites */ if (Settings::get('module_multisite') == 'Oui') { $sql = 'SELECT id,sitecode,sitename FROM ' . TABLE_PREFIX . '_site ORDER BY id ASC'; $resultat = grr_sql_query($sql); echo ' <table> <tr> <td>' . get_vocab('default_site') . get_vocab('deux_points') . '</td> <td> <select class="form-control" id="id_site" name="id_site" onchange="modifier_liste_domaines();modifier_liste_ressources(2)"> <option value="-1">' . get_vocab('choose_a_site') . '</option>' . "\n"; for ($enr = 0; $row = grr_sql_row($resultat, $enr); ++$enr) { echo '<option value="' . $row[0] . '"'; if (Settings::get('default_site') == $row[0]) { echo ' selected="selected" '; } echo '>' . htmlspecialchars($row[2]); echo '</option>' . "\n"; } echo '</select> </td> </tr>'; } else { echo '<input class="form-control" type="hidden" id="id_site" name="id_site" value="-1" /> <table>'; } /*