function ajout_fichier($doc_file, $dest, $cpt_doc, $id_groupe)
{
global $max_size, $total_max_size;
/* Vérification du type de fichier */
$ext = '';
//if (my_ereg("\.([^.]+)$", $doc_file['name'][$cpt_doc], $match)) {
if (function_exists("mb_ereg") && mb_ereg("\\.([^.]+)\$", $doc_file['name'][$cpt_doc], $match) || function_exists("ereg") && ereg("\\.([^.]+)\$", $doc_file['name'][$cpt_doc], $match)) {
$ext = corriger_caracteres(my_strtolower($match[1]));
$ext = corriger_extension($ext);
}
$query = "SELECT id_type FROM ct_types_documents WHERE extension='{$ext}' AND upload='oui'";
$result = sql_query($query);
if ($row = @sql_row($result, 0)) {
$id_type = $row[0];
} else {
echo "Erreur : Ce type de fichier n'est pas autorisé en téléchargement.\nSi vous trouvez cela regrettable, contactez l'administrateur.\nIl pourra modifier ce paramétrage dans\n *Gestion des modules/Cahiers de textes/Types de fichiers autorisés en téléchargement*.";
die;
}
/* Vérification de la taille du fichier */
$max_size_ko = $max_size / 1024;
$taille = $doc_file['size'][$cpt_doc];
if ($taille > $max_size) {
echo "Erreur : Téléchargement impossible : taille maximale autorisée : " . $max_size_ko . " Ko";
die;
}
if ($taille == 0) {
echo "Le fichier sélectionné semble vide : transfert impossible.";
die;
}
$query = "SELECT DISTINCT sum(taille) somme FROM ct_documents d, ct_entry e WHERE (e.id_groupe='" . $id_groupe . "' and e.id_ct = d.id_ct)";
$total = sql_query1($query);
if ($total + $taille > $total_max_size) {
echo "Erreur : Téléchargement impossible : espace disque disponible (" . ($total_max_size - $total) / 1024 . " Ko) insuffisant.";
die;
}
/* Crétion du répertoire de destination */
if (!creer_repertoire($dest)) {
echo "Erreur : Problème d'écriture sur le répertoire. Veuillez signaler ce problème à l'administrateur du site";
echo $dest;
die;
}
/* Recopier le fichier */
$nom_sans_ext = mb_substr(basename($doc_file['name'][$cpt_doc]), 0, mb_strlen(basename($doc_file['name'][$cpt_doc])) - (mb_strlen($ext) + 1));
$nom_sans_ext = my_ereg_replace("[^.a-zA-Z0-9_=-]+", "_", $nom_sans_ext);
if (strstr($nom_sans_ext, "..")) {
echo "Erreur : Problème de transfert : le fichier n'a pas pu être transféré sur le répertoire. Veuillez signaler ce problème à l'administrateur du site";
die;
}
$n = 0;
while (file_exists($newFile = $dest . "/" . $nom_sans_ext . ($n++ ? '-' . $n : '') . '.' . $ext)) {
}
$dest_file_path = $newFile;
if (!deplacer_fichier_upload($doc_file['tmp_name'][$cpt_doc], $dest_file_path)) {
echo "Erreur : Problème de transfert : le fichier n'a pas pu être transféré sur le répertoire. Veuillez signaler ce problème à l'administrateur du site";
die;
}
return $dest_file_path;
}
function get_hint($params)
{
$out = '';
extract($params);
if (empty($keyword)) {
return '';
}
$lang = !empty(Project::getInstance()->getCurUser()->lang) ? Project::getInstance()->getCurUser()->lang : 'en';
$hint = sql_row('SELECT * FROM hints WHERE keyword="' . $keyword . '" AND lang="' . $lang . '"');
if (!empty($hint)) {
$out = htmlspecialchars($hint['value']);
}
if (Project::getInstance()->getCurUser()->access == ACCESS_LEVEL_ADMIN) {
$out .= ' <span style="font-weight:normal;">(<a href="#" style="text-decoration:none;">?</a>)</span>';
}
return $out;
}
// if we're adding the very first entry, then it should be an admin;
// if we're adding a subsequent entry, then it should be an ordinary user;
if ($Action == "Edit" && $i == $data[$key] || $Action == "Add" && $initial_user_creation && $i == $max_level || $Action == "Add" && !$initial_user_creation && $i == 1) {
$params['value'] = $i;
}
}
$params['force_assoc'] = TRUE;
generate_select($params);
break;
case 'area_id':
$params['disabled'] = $level < $min_user_editing_level;
$params['options'] = array();
$result1 = sql_query("select id,area_name from mrbs_area");
$i = 0;
$params['options'][0] = "Select Area";
while ($data1 = sql_row($result1, $i)) {
$params['options'][$data1[0]] = $data1[1];
if ($Action == "Edit" && $data1[0] == $data[$key]) {
// echo " Current Area :".$data1[1];
$params["value"] = $data1[0];
}
$i++;
}
$params['force_assoc'] = TRUE;
// $params['multiple'] = TRUE;
generate_select($params);
break;
case 'name':
// you cannot change a username (even your own) unless you have user editing rights
$params['disabled'] = $level < $min_user_editing_level;
$params['mandatory'] = TRUE;
<?php
$ACCESS_LEVEL = ACCESS_LEVEL_USER;
include_once DOC_ROOT . '/includes/authorization.php';
$user = sql_row('
SELECT SQL_CALC_FOUND_ROWS
' . (PRO_VERSION ? 'users.*' : implode(',', $GLOBALS['USERS_FIELDS'])) . ',
SUM(IF(t.type="d", t.amount, NULL)) as deposit,
SUM(IF(t.type="w", t.amount, NULL)) as withdrawal,
SUM(IF(t.type="e", t.amount, NULL)) as earning,
SUM(IF(t.type="r", t.amount, NULL)) as referral,
SUM(IF(t.type="i", t.amount, NULL)) as reinvest,
SUM(IF(t.type="b", t.amount, NULL)) as bonus
FROM users
LEFT JOIN translines as t ON t.user_id = users.id AND t.stamp < ' . Project::getInstance()->getNow() . ' AND t.status > 0
WHERE users.id="' . Project::getInstance()->getCurUser()->id . '"
GROUP BY users.id
');
Project::getInstance()->getSmarty()->assign('user', $user);
Project::getInstance()->showPage('user/account.tpl');
function sql_version()
{
$r = sql_query("select version()");
$v = sql_row($r, 0);
sql_free($r);
return "MySQL {$v['0']}";
}
}
echo " done.<br>Updating repeating entries: ";
$sql = "select id,name,description from mrbs_repeat";
$repeats_res = sql_query($sql);
for ($i = 0; $row = sql_row($repeats_res, $i); $i++) {
$id = $row[0];
$name = slashes(iconv($encoding, "utf-8", $row[1]));
$desc = slashes(iconv($encoding, "utf-8", $row[2]));
$upd_sql = "update mrbs_repeat set name='{$name}',description='{$desc}' where id={$id}";
sql_command($upd_sql);
echo ".";
}
echo " done.<br>Updating normal entries: ";
$sql = "select id,name,description from mrbs_entry";
$entries_res = sql_query($sql);
for ($i = 0; $row = sql_row($entries_res, $i); $i++) {
$id = $row[0];
$name = slashes(iconv($encoding, "utf-8", $row[1]));
$desc = slashes(iconv($encoding, "utf-8", $row[2]));
$upd_sql = "update mrbs_entry set name='{$name}',description='{$desc}' where id={$id}";
sql_command($upd_sql);
echo ".";
}
echo 'done.<p>
Finished everything, byebye!
';
}
?>
</body>
</html>
function get_area_name($user, $all = FALSE)
{
$sql = "SELECT name\n FROM users\n WHERE code='{$user}'";
if (empty($all)) {
$sql .= " AND disabled=0";
}
$sql .= " LIMIT 1";
$res = sql_query($sql);
if ($res === FALSE) {
trigger_error(sql_error(), E_USER_WARNING);
return FALSE;
}
if (sql_count($res) == 0) {
return NULL;
}
$row = sql_row($res, 0);
return $row[0];
}
min="' . $_POST['min'] . '",
max="' . $_POST['max'] . '",
percent="' . $_POST['percent'] . '",
percent_per="' . $_POST['percent_per'] . '",
periodicy_value="' . $_POST['periodicy_value'] . '",
periodicy="' . $_POST['periodicy'] . '",
term="' . $_POST['term'] . '",
attempts="' . $_POST['attempts'] . '",
comment="' . $_POST['comment'] . '",
type="' . $_POST['type'] . '",
working_days="' . $_POST['working_days'] . '"
WHERE id="' . $_POST['id'] . '"
');
location($_SERVER['PHP_SELF'], '<p class=imp>Plan <u>' . htmlspecialchars($_POST['name']) . '</u> has been saved!</p>');
}
$plan = sql_row('SELECT * FROM plans WHERE id="' . intval($_REQUEST['id']) . '"');
Project::getInstance()->getSmarty()->assign('plan', stripslashes_array($plan));
Project::getInstance()->getSmarty()->display('../default/admin/plan_profile.tpl');
break;
case 'add':
if (isset($_REQUEST['do']) && $_REQUEST['do'] == 'save') {
$_POST = sql_escapeArray($_POST);
sql_query('
INSERT INTO plans
SET
id=0,
name="' . $_POST['name'] . '",
min="' . $_POST['min'] . '",
max="' . $_POST['max'] . '",
percent="' . $_POST['percent'] . '",
percent_per="' . $_POST['percent_per'] . '",
<?
include('inc/conf.php');
if ($_POST['confirm_x']) {
switch ($_POST['module']) {
case 1: header("location: Administrative/Index.html"); break;
case 2: header("location: DomoUpravitel.php"); break;
case 3: header("location: Sdrujenie.php"); break;
case 4: header("location: spravkaDom.php"); break;
case 5: header("location: spravkaSdr.php"); break;
case 6: header("location: asoc/index.php"); break;
}
}
$modules_id = array();
$row = sql_row("SELECT id FROM users WHERE username = '******' ");
$result = sql_q("SELECT gu.group_id FROM group_users gu, groups g
WHERE gu.group_id = g.id AND gu.user_id = '$row[id]'
AND g.status = '1' ORDER BY gu.user_id, gu.group_id");
while ($row = mysql_fetch_array($result)) {
$result_data = sql_q("SELECT DISTINCT module_id FROM permissions WHERE group_id = '$row[group_id]' ORDER BY module_id");
while ($row_data = mysql_fetch_array($result_data)) {
if (!in_array($row_data['module_id'], $modules_id)) {
array_push($modules_id, $row_data['module_id']);
}
}
mysql_free_result($result_data);
}
?>
<html>
function mrbsGetEntryInfo($id)
{
global $tbl_entry;
$sql = "SELECT start_time, end_time, entry_type, repeat_id, room_id,\n\t timestamp, create_by, name, type, description\n FROM {$tbl_entry} WHERE (ID = {$id})";
$res = sql_query($sql);
if (!$res) {
return;
}
$ret = "";
if (sql_count($res) > 0) {
$row = sql_row($res, 0);
$ret["start_time"] = $row[0];
$ret["end_time"] = $row[1];
$ret["entry_type"] = $row[2];
$ret["repeat_id"] = $row[3];
$ret["room_id"] = $row[4];
$ret["timestamp"] = $row[5];
$ret["create_by"] = $row[6];
$ret["name"] = $row[7];
$ret["type"] = $row[8];
$ret["description"] = $row[9];
}
sql_free($res);
return $ret;
}
/**
* Renvoie la date et l'heure de la dernière connexion ou d'une tentative de connexion avec mauvais mot de passe
*
* @global string
* @return string la date et l'heure
*/
function last_connection()
{
global $gepiPath;
global $mysqli;
$sql = "select START, AUTOCLOSE, REMOTE_ADDR from log where LOGIN = '******'login'] . "' and SESSION_ID != '" . session_id() . "' order by START desc";
$res = mysqli_query($mysqli, $sql);
$r = '';
if ($res) {
$row = $res->fetch_row();
$annee_b = substr($row[0], 0, 4);
$mois_b = substr($row[0], 5, 2);
$jour_b = substr($row[0], 8, 2);
$heures_b = substr($row[0], 11, 2);
$minutes_b = substr($row[0], 14, 2);
$secondes_b = substr($row[0], 17, 2);
if ($row[0] != '') {
if ($row[1] == "4") {
$r = "<span style=\"color: red\"><strong>Tentative de connexion le " . $jour_b . "/" . $mois_b . "/" . $annee_b . " à " . $heures_b . " h " . $minutes_b . " avec un mot de passe erroné</strong></span> (<a href='" . $gepiPath . "/utilisateurs/mon_compte.php#connexion'" . insert_confirm_abandon() . ">journal des connexions</a>)";
// On compte le nombre de tentatives infructueuses successives
$nb_tentative = 0;
$flag = 0;
for ($i = 0; $row_b = sql_row($res, $i) and $flag < 1; $i++) {
if ($row_b[1] == "2" and $row_b[2] == $row[2]) {
$nb_tentative++;
} else {
$flag = 1;
}
}
if ($nb_tentative > 1) {
$r .= "<br /><strong>Nombre de tentatives de connexion successives : " . $nb_tentative . ".</strong></font>";
}
} else {
$r = " Dernière session ouverte le " . $jour_b . "/" . $mois_b . "/" . $annee_b . " à " . $heures_b . " h " . $minutes_b . " (<a href='" . $gepiPath . "/utilisateurs/mon_compte.php#connexion'" . insert_confirm_abandon() . ">journal des connexions</a>)";
}
}
}
$res->close();
return $r;
}
if ($has_next) {
echo "</A>";
}
}
?>
<P>
<TABLE BORDER=2 CELLSPACING=0 CELLPADDING=3>
<TR>
<TH><? echo $lang["entry"] ?></TH>
<TH><? echo $lang["createdby"] ?></TH>
<TH><? echo $lang["namebooker"] ?></TH>
<TH><? echo $lang["description"] ?></TH>
<TH><? echo $lang["start_date"] ?></TH>
</TR>
<?
for ($i = 0; ($row = sql_row($result, $i)); $i++)
{
echo "<TR>";
echo "<TD><A HREF=\"view_entry.php?id=$row[0]\">$lang[view]</A></TD>\n";
echo "<TD>" . htmlspecialchars($row[1]) . "</TD>\n";
echo "<TD>" . htmlspecialchars($row[2]) . "</TD>\n";
echo "<TD>" . htmlspecialchars($row[3]) . "</TD>\n";
// generate a link to the day.php
$link = getdate($row[4]);
echo "<TD><A HREF=\"day.php?day=$link[mday]&month=$link[mon]&year=$link[year]&area=$row[5]\">"
. strftime('%X - %A %d %B %Y', $row[4]) . "</A></TD>";
echo "</TR>\n";
}
echo "</TABLE>\n";
include "trailer.inc";
public function getXML()
{
$dates = sql_row('select min(stamp), max(stamp) from translines where type in ("w", "d") and status in (1, 2)');
$start_date = $dates[0];
$end_date = $dates[1];
$first_day = mktime(0, 0, 0, date('m', $start_date), date('d', $start_date), date('Y', $start_date));
$step = 86400 * 7;
//1day
$i = $first_day;
$data = array();
while ($i < $end_date + $step) {
$this->select = 'sum(amount) as s';
$deposited = $this->getLines(array('d'), 2, $i, $i + $step);
$reinvested = $this->getLines(array('i'), 1, $i, $i + $step);
$withrawn = $this->getLines(array('w'), 1, $i, $i + $step);
$data[$i] = array($deposited[0]['s'] - abs($reinvested[0]['s']), abs($withrawn[0]['s']));
$i += $step;
}
array_pop($data);
$fp = fopen('stats.xml', 'w');
$xml = "<chart>\n \t\t<axis_category orientation='diagonal_up' size='10' step='1' />\n \t\t<chart_type>\n \t\t\t<string>line</string>\n \t\t\t<string>line</string>\n \t\t</chart_type>\n \t\t<chart_grid_h alpha='10' thickness='1' />\n\t\t<chart_guide horizontal='true' vertical='true' thickness='1' alpha='25' type='dashed' text_h_alpha='0' text_v_alpha='0' />\n\t\t<chart_pref line_thickness='2' point_shape='circle' point_size='7' fill_shape='false' />\n\t\t<series_color>\n\t\t\t<color>ff4422</color>\n\t\t\t<color>00FF00</color>\n\t\t</series_color>\n\t\t<filter>\n\t\t\t<shadow id='medium' distance='2' angle='45' alpha='40' blurX='7' blurY='7' />\n\t\t\t<bevel id='note' angle='45' blurX='10' blurY='10' distance='3' highlightAlpha='60' shadowAlpha='15' />\n\t\t</filter>\n\t\t<chart_data><row><null/>";
$xml .= '';
foreach ($data as $key => $value) {
$xml .= '<string>' . date('d.m.Y', $key) . '</string>';
}
$xml .= '</row><row><string>Deposits per day</string>';
foreach ($data as $key => $value) {
if (is_null($value[0])) {
$value[0] = 0;
}
if (is_null($value[1]) || $value[1] == 0) {
$value[1] = 1;
}
$xml .= '<number tooltip="$' . $value[0] . '" ' . ($value[0] > 0 ? 'note="' . number_format($value[0] / $value[1] * 100, 2) . '"' : '') . '>' . $value[0] . '</number>';
}
$xml .= '</row><row><string>Withdrawals per day</string>';
foreach ($data as $key => $value) {
if (is_null($value[1])) {
$value[1] = 0;
}
$xml .= '<number tooltip="$' . $value[1] . '">' . $value[1] . '</number>';
}
$xml .= '</row>';
$xml .= "</chart_data></chart>";
fputs($fp, $xml);
fclose($fp);
}
$classes = null;
for ($c = 0; $c < $nb_classes; $c++) {
$current_classe = old_mysql_result($get_classes, $c, "classe");
$classes .= $current_classe;
if ($c + 1 < $nb_classes) {
$classes .= ", ";
}
}
if ($nom_groupe == "-1") {
$nom_groupe = "<font color='red'>Groupe inexistant</font>";
}
$sql_prof = sql_query("select nom, prenom from utilisateurs where login = '******'");
if (!$sql_prof) {
$nom_prof = "<font color='red'>" . $id_prop . " : utilisateur inexistant</font>";
} else {
$row_prof = sql_row($sql_prof, 0);
$nom_prof = $row_prof[1] . " " . $row_prof[0];
$test_groupe_prof = sql_query("select login from j_groupes_professeurs WHERE (id_groupe='" . $id_groupe . "' and login = '******')");
if (sql_count($test_groupe_prof) == 0) {
$nom_prof = "<font color='red'>" . $nom_prof . " : <br />Ce professeur n'enseigne pas dans ce groupe</font>";
}
}
// Nombre de notices de chaque utilisateurs
$nb_ct = sql_count(sql_query("select 1=1 FROM ct_entry WHERE (id_groupe='" . $id_groupe . "' and id_login='******' AND visa != 'y') "));
// Nombre de notices devoirs de haque utilisateurs
$nb_ct_devoirs = sql_count(sql_query("select 1=1 FROM ct_devoirs_entry WHERE (id_groupe='" . $id_groupe . "' and id_login='******') "));
//Nombre de visa sur un cahier de texte
$sql = "select 1=1 FROM ct_entry WHERE (id_groupe='" . $id_groupe . "' and id_login='******' and visa ='y');";
$nb_ct_visa = sql_count(sql_query($sql));
// Affichage des lignes
echo "<tr class='lig{$alt} white_hover'><td>" . $classes . "</td>";
function my_tab_docs_joints($id_ct, $type_notice)
{
$tab_documents_joints = array();
if ($type_notice == "t") {
$sql = "SELECT titre, emplacement FROM ct_devoirs_documents WHERE id_ct_devoir='{$id_ct}' ORDER BY 'titre'";
} else {
if ($type_notice == "c") {
$sql = "SELECT titre, emplacement FROM ct_documents WHERE id_ct='{$id_ct}' ORDER BY 'titre'";
}
}
$res = sql_query($sql);
if ($res and sql_count($res) != 0) {
for ($i = 0; $row = sql_row($res, $i); $i++) {
$titre = $row[0];
$emplacement = $row[1];
$tab_documents_joints[] = $emplacement;
}
}
return $tab_documents_joints;
}
function convert_one_db($db)
{
global $alterdatabasecharset;
global $altertablecharset;
global $charset;
global $collate;
global $printonly;
global $db_handle;
$db_cha = PMA_getDbCollation($db);
if (substr($db_cha[0], 0, 4) == 'utf8') {
// This doesn't work for me, but isn't a big deal, as the table
// check below works
echo "Skipping utf8 database '{$db}'\n";
return;
}
sql_command("USE {$db}", $db_handle);
$rs = sql_query("SHOW TABLES", $db_handle);
if (!$rs) {
echo "\n\n" . sql_error($db_handle) . "\n\n";
} else {
for ($i = 0; $data = sql_row($rs, $i, $db_handle); $i++) {
echo "Converting '{$data['0']}' table...\n";
$rs1 = sql_query("show FULL columns from {$data['0']}", $db_handle);
if (!$rs1) {
echo "\n\n" . sql_error($db_handle) . "\n\n";
} else {
for ($j = 0; $data1 = sql_row_keyed($rs1, $j, $db_handle); $j++) {
if (in_array(array_shift(split("\\(", $data1['Type'], 2)), array('char', 'varchar', 'tinytext', 'text', 'mediumtext', 'longtext', 'enum', 'set'))) {
if (substr($data1['Collation'], 0, 4) != 'utf8') {
$sq = "ALTER TABLE `{$data['0']}` CHANGE `" . $data1['Field'] . '` `' . $data1['Field'] . '` ' . $data1['Type'] . ' CHARACTER SET binary ' . ($data1['Default'] == '' ? '' : ($data1['Default'] == 'NULL' ? ' DEFAULT NULL' : ' DEFAULT \'' . addslashes($data1['Default']) . '\'')) . ($data1['Null'] == 'YES' ? ' NULL ' : ' NOT NULL');
if (!$printonly && !sql_query($sq, $db_handle)) {
echo "\n\n" . $sq . "\n" . sql_error($db_handle) . "\n\n";
} else {
if ($printonly) {
echo $sq . "\n";
}
$sq = "ALTER TABLE `{$data['0']}` CHANGE `" . $data1['Field'] . '` `' . $data1['Field'] . '` ' . $data1['Type'] . " CHARACTER SET {$charset} " . ($collate == '' ? '' : "COLLATE {$collate}") . ($data1['Default'] == '' ? '' : ($data1['Default'] == 'NULL' ? ' DEFAULT NULL' : ' DEFAULT \'' . addslashes($data1['Default']) . '\'')) . ($data1['Null'] == 'YES' ? ' NULL ' : ' NOT NULL') . ($data1['Comment'] == '' ? '' : ' COMMENT \'' . addslashes($data1['Comment']) . '\'');
if (!$printonly && !sql_query($sq, $db_handle)) {
echo "\n\n" . $sq . "\n" . sql_error($db_handle) . "\n\n";
} else {
if ($printonly) {
echo $sq . "\n";
}
}
}
// end of if (!$printonly)
}
// end of if (substr)
}
// end of if (in_array)
}
// end of inner for
}
// end of if ($rs1)
if ($altertablecharset) {
$sq = 'ALTER TABLE `' . $data[0] . "` " . "DEFAULT CHARACTER SET {$charset} " . ($collate == '' ? '' : "COLLATE {$collate}");
if ($printonly) {
echo $sq . "\n";
} else {
if (!sql_query($sq, $db_handle)) {
echo "\n\n" . $sq . "\n" . sql_error($db_handle) . "\n\n";
}
}
}
// end of if ($altertablecharset)
print "done.<br>\n";
}
// end of outer for
}
// end of if (!$rs)
if ($alterdatabasecharset) {
$sq = 'ALTER DATABASE `' . $db . "` " . "DEFAULT CHARACTER SET {$charset} " . ($collate == '' ? '' : "COLLATE {$collate}");
if ($printonly) {
echo $sq . "\n";
} else {
if (!sql_query($sq, $db_handle)) {
echo "\n\n" . $sq . "\n" . sql_error($db_handle) . "\n\n";
}
}
}
// end of if ($alterdatabasecharset)
}
function sql_version()
{
$r = sql_query("select version()");
$v = sql_row($r, 0);
sql_free($r);
return $v[0];
}
die;
} else {
if ($resultat_session == '0') {
header("Location: ../logout.php?auto=1");
die;
}
}
if (!checkAccess()) {
header("Location: ../logout.php?auto=1");
die;
}
if (isset($_POST['sup'])) {
$call_data = sql_query("SELECT indice_aid FROM aid_config");
$sup_all = "";
$liste_cible = '';
for ($i = 0; $row = sql_row($call_data, $i); $i++) {
$id = $row[0];
$temp = "sup" . $id;
if (isset($_POST[$temp])) {
$test = sql_count(sql_query("SELECT indice_aid FROM aid WHERE indice_aid='" . $id . "'"));
if ($test != 0) {
$sup_all = 'no';
} else {
$liste_cible = $liste_cible . $id . ";";
}
}
}
$_SESSION['chemin_retour'] = $_SERVER['REQUEST_URI'] . "?sup_all=" . $sup_all;
header("Location: ../lib/confirm_query.php?liste_cible={$liste_cible}&action=del_type_aid" . add_token_in_url(false));
}
if (isset($_GET['sup_all'])) {
print "<thead>\n";
print "<tr>";
// The first 2 columns are the user rights and user name.
print "<th>" . get_vocab("rights") . "</th><th>" . get_vocab("user_name") . "</th>";
// The remaining columns are all the columns from the database, past the initial 3 (id, name, password).
foreach ($fields as $fieldname) {
if ($fieldname != 'id' && $fieldname != 'name' && $fieldname != 'password') {
print "<th>" . get_loc_field_name($fieldname) . "</th>";
}
}
print "<th>" . get_vocab("action") . "</th>";
print "</tr>\n";
print "</thead>\n";
print "<tbody>\n";
$i = 0;
while ($line = sql_row($list, $i++)) {
print "<tr>\n";
$j = -1;
$this_id = 0;
foreach ($line as $col_value) {
$j += 1;
if ($j == 0) {
/* Don't display it, but remember it. */
$this_id = $col_value;
continue;
}
if ($j == 1) {
/* Use it to tell if it's a user or an admin */
$name = $col_value;
switch (authGetUserLevel($name, $auth["admin"])) {
case 1:
<div class="header">
Request Details
</div>
<div class="notsowide">
<?php
sql_where(array("hlpid" => $_cmd[2]));
if ($hlpData = sql_row("helpdesk")) {
putRequestData($hlpData, true);
}
?>
</div>
<form action="<?php
echo url("helpdesk");
?>
" method="get">
<button class="smalltext">
<?php
echo getIMG(url() . "images/emoticons/nav-prev.png");
?>
Return to list
</button>
</form>
// Send a mail to the Administrator
if (MAIL_ADMIN_ON_BOOKINGS or MAIL_AREA_ADMIN_ON_BOOKINGS or MAIL_ROOM_ADMIN_ON_BOOKINGS or MAIL_BOOKER) {
include_once "functions_mail.inc";
// Send a mail only if this a new entry, or if this is an
// edited entry but we have to send mail on every change,
// and if mrbsCreateRepeatingEntrys is successful
if ((isset($id) && MAIL_ADMIN_ALL or !isset($id)) && 0 != $new_id) {
// Get room name and are name. Would be better to avoid
// a database access just for that. Ran only if we need
// details.
if (MAIL_DETAILS) {
$sql = "SELECT r.id, r.room_name, r.area_id, a.area_name ";
$sql .= "FROM {$tbl_room} r, {$tbl_area} a ";
$sql .= "WHERE r.id={$room_id} AND r.area_id = a.id";
$res = sql_query($sql);
$row = sql_row($res, 0);
$room_name = $row[1];
$area_name = $row[3];
}
// If this is a modified entry then call
// getPreviousEntryData to prepare entry comparison.
if (isset($id)) {
$mail_previous = getPreviousEntryData($id, 0);
}
$result = notifyAdminOnBooking(!isset($id), $new_id);
}
}
}
}
# end foreach $rooms
# Delete the original entry
echo "<p><strong><font color='blue' style='font-variant: small-caps;'>Semaine du ".strftime("%d %B", $debutsemaine)." au ".strftime("%d %B %Y", $finsemaine)."</font></strong></p>\n";
echo "<b>Travaux personnels des $delai prochains jours</b>\n";
echo "<table style=\"border-style:solid; border-width:0px; border-color: ".$couleur_bord_tableau_notice.";\" width = '100%' cellpadding='2'><tr><td>\n";
}
echo "<div style=\"border-style:solid; border-width:1px; border-color: ".$couleur_bord_tableau_notice."; background-color: ".$color_fond_notices["f"].";\"><div style='color: ".$color_police_travaux."; font-variant: small-caps; text-align: center; font-weight: bold;'>Travaux personnels<br />pour le ".strftime("%a %d %b", $jour)."</div>\n";
// Affichage des devoirs dans chaque matière
while ($ind < $nb_devoirs_cahier_texte) {
$content = old_mysql_result($appel_devoirs_cahier_texte, $ind, 'contenu');
$date_devoirs = old_mysql_result($appel_devoirs_cahier_texte, $ind, 'date_ct');
$id_devoirs = old_mysql_result($appel_devoirs_cahier_texte, $ind, 'id_ct');
$id_groupe_devoirs = old_mysql_result($appel_devoirs_cahier_texte, $ind, 'id');
$matiere_devoirs = old_mysql_result($appel_devoirs_cahier_texte, $ind, 'description');
$test_prof = "SELECT nom, prenom FROM j_groupes_professeurs j, utilisateurs u WHERE (j.id_groupe='".$id_groupe_devoirs."' and u.login=j.login) ORDER BY nom, prenom";
$res_prof = sql_query($test_prof);
$chaine = "";
for ($k=0;$prof=sql_row($res_prof,$k);$k++) {
if ($k != 0) $chaine .= ", ";
$chaine .= htmlspecialchars($prof[0])." ".mb_substr(htmlspecialchars($prof[1]),0,1).".";
}
$content = "<div style=\"border-style:solid; border-width:1px; border-color: ".$couleur_bord_tableau_notice."; background-color: ".$couleur_cellule["f"]."; padding: 2px; margin: 2px;\"><font color='".$color_police_matieres."' style='font-variant: small-caps;'><small><b><u>".$matiere_devoirs." (".$chaine.") :</u></b></small></font>\n".$content;
// fichier joint
$content .= affiche_docs_joints($id_devoirs,"t");
$content .="</div>\n";
if ($nb_devoirs_cahier_texte != 0) echo $content;
$ind++;
}
echo "</div><br />\n";
}
}
if ($nb_dev != 0) echo "</td></tr></table>\n";
}
status="' . $_POST['status'] . '",
access="' . $_POST['access'] . '",
withdrawal_limit="' . $_POST['withdrawal_limit'] . '",
daily_withdrawal_limit="' . $_POST['daily_withdrawal_limit'] . '",
monitor="' . $_POST['monitor'] . '",
question="' . $_POST['question'] . '",
question_answer="' . $_POST['question_answer'] . '",
lang="' . $_POST['lang'] . '"
where id="' . $_POST['id'] . '"');
location($_SERVER['PHP_SELF'] . '?action=profile&id=' . $_POST['id'], '<p class=imp>User profile has been saved!</p>');
}
$user = sql_row('
SELECT
' . (PRO_VERSION ? 'users.*' : implode(',', $GLOBALS['USERS_FIELDS'])) . ',
COUNT(b.user_id) as bads
FROM users
LEFT JOIN bad_withdrawals as b ON b.user_id = users.id
WHERE users.id="' . intval($_REQUEST['id']) . '"
GROUP BY users.id
');
Project::getInstance()->getSmarty()->assign('user', stripslashes_array($user));
Project::getInstance()->getSmarty()->display('../default/admin/user_profile.tpl');
break;
case 'statistics':
include_once LIB_ROOT . '/users/statistics.class.php';
$type = isset($_REQUEST['type']) ? $_REQUEST['type'] : 'a';
if ($type == 'a') {
$types = array('d', 'w', 'e', 'r', 'b');
$status = array('1', '2');
} elseif ($type == 'd') {
$types = array('d');
private function load($id)
{
$this->seData(sql_row('select * from plans where id="' . $id . '"'));
}
for ($k = 0; $row = sql_row($calldata, $k); $k++) {
$precedente_date_fin = "0000-00-00 00:00:00";
$id_classe = $row[0];
$classe = $row[1];
$alt = $alt * -1;
echo "<tr class='lig{$alt} white_hover'";
//if ($flag==1) { echo " class='fond_sombre'"; $flag = 0;} else {$flag=1;};
echo ">\n";
echo "<td>\n";
echo "<b>{$classe}</b> ";
echo "</td>\n";
$periode_query = sql_query("SELECT nom_periode, verouiller, date_fin FROM periodes WHERE id_classe = '{$id_classe}' ORDER BY num_periode");
$nb_periode = sql_count($periode_query) + 1;
$j = 0;
if ($periode_query) {
for ($i = 0; $row_per = sql_row($periode_query, $i); $i++) {
$nom_classe = "cl_" . $id_classe . "_" . $i;
echo "<td>" . ucfirst($row_per[0]) . "</td>\n";
if ($row_per[1] == "N") {
echo "<td id='c_" . $id_classe . "_" . $i . "' style='font-size:small; color:green;'>Ouvert</td>\n";
} elseif ($row_per[1] == "P") {
echo "<td id='c_" . $id_classe . "_" . $i . "' style='font-size:small; color:orange;'>Partiel.clos</td>\n";
} elseif ($row_per[1] == "O") {
echo "<td id='c_" . $id_classe . "_" . $i . "' style='font-size:small; color:red;'>Clos</td>\n";
} else {
// Ca ne devrait pas arriver
echo "<td> </td>\n";
}
//echo "<input type=\"hidden\" name=\"numperiode\" value=\"$i\" />";
echo "<td><input type=\"hidden\" name=\"numperiode\" value=\"{$i}\" />";
//echo "<td><input type=\"radio\" name=\"".$nom_classe."\" value=\"N\" ";
function sql_get($query)
{
$row = sql_row($query);
return $row[0];
}
// Lets do stuff for days 5 days in the past to 55 days in the future
for ($day = date("d") - 5; $day < date("d") + 55; $day++) {
$month = date("m");
$year = date("Y");
$dayt = date("D", mktime(0, 0, 0, $month, $day, $year));
if ($dayt != "Sat" and $dayt != "Sun") {
$sql = "select id from {$tbl_area}";
$area_res = sql_query($sql);
for ($i = 0; list($area) = sql_row($area_res, $i); $i++) {
// We know the area we want to add appointments in
$sql = "select id from {$tbl_room} where area_id = {$area}";
$room_res = sql_query($sql);
if (!$room_res) {
echo sql_error();
}
for ($j = 0; list($room) = sql_row($room_res, $j); $j++) {
// Now we know room and area
// We have to add some appointments to the day
// four in each room seems good enough
for ($a = 1; $a < 5; $a++) {
// Pick a random hour 8-5
$starthour = mt_rand(7, 16);
$length = mt_rand(1, 5) * 30;
$starttime = mktime($starthour, 0, 0, $month, $day, $year);
$endtime = mktime($starthour, $length, 0, $month, $day, $year);
// Check that this isnt going to overlap
$sql = "select count(*) from {$tbl_entry} where room_id={$room} and ((start_time between {$starttime} and {$endtime}) or (end_time between {$starttime} and {$endtime}) or (start_time = {$starttime} and end_time = {$endtime}))";
$counte = sql_query1($sql);
if ($counte == 0) {
// There are no overlaps
if ($area == 4) {
//Let's check that all parameters exist and match and that the hash
//string we computed matches the hash string that was sent by LR system.
if (isset($_REQUEST["lr_paidto"]) && $_REQUEST["lr_paidto"] == strtoupper(get_setting('lr_account_deposit')) && isset($_REQUEST["lr_store"]) && stripslashes($_REQUEST["lr_store"]) == get_setting('lr_store') && isset($_REQUEST["lr_encrypted"]) && $_REQUEST["lr_encrypted"] == $hash) {
// Response was validated and you can use this verified information to
// complete selling process.
// Enter any code here that you want to be executed after a successful
// payment.
$payment_id = intval($_REQUEST['payment_id']);
$line = stripslashes_array(sql_row('select * from translines where id="' . $payment_id . '"'));
if ($line['amount'] == $_REQUEST['lr_amnt']) {
$query = 'update translines set stamp="' . Project::getInstance()->getNow() . '", status="1", batch="' . $_REQUEST["lr_transfer"] . '" where id="' . $payment_id . '"';
sql_query($query);
$user = stripslashes_array(sql_row('SELECT * FROM users WHERE id="' . $line['user_id'] . '"'));
if ($user['deposit_notify']) {
include_once LIB_ROOT . '/emails.class.php';
$plan = stripslashes_array(sql_row('SELECT * FROM plans WHERE id="' . $line['plan_id'] . '"'));
//%user_fullname%, %user_login%, %amount%, %batch%, %access_time%, %account%, %plan_name%, %project_name%, %project_email%
$params = array('%user_fullname%' => htmlspecialchars($user['fullname']), '%user_login%' => $user['login'], '%account%' => $_REQUEST['lr_paidby'], '%amount%' => $_REQUEST['lr_amnt'], '%batch%' => $_REQUEST['lr_transfer'], '%plan_name%' => htmlspecialchars($plan['name']), '%project_name%' => get_setting('project_name'), '%project_email%' => get_setting('project_email'), '%access_time%' => date('M d, Y H:i', Project::getInstance()->getNow()));
$email = new Emails($user['id'], 'deposit_notify', $params);
$email->send();
}
if (!empty($user['referral'])) {
$referral_id = sql_get('select id from users where login="******" limit 1');
if ($referral_id) {
$referral_bonus = $line['amount'] * get_setting('referral_bonus') / 100;
sql_query('insert into translines values (0, 0, "' . $referral_id . '", "", "r", "' . $referral_bonus . '", "' . Project::getInstance()->getNow() . '", "1", "Bonus from: ' . $user['login'] . '")');
$ref_msg = $user['login'] . '->' . $user['referral'] . ':' . $line['amount'] . "\n";
if (REFERRAL_ONCE) {
sql_query('update users set referral="" where id="' . $user['id'] . '"');
}
}
?>
<tr><td class=CR><b><?php
echo get_vocab("rooms");
?>
:</b></td>
<td class=CL valign=top><table><tr><td><select name="rooms[]" multiple="yes">
<?php
# select the rooms in the area determined above
$sql = "select id, room_name from {$tbl_room} where area_id={$area_id} order by {$room_order}";
$res = sql_query($sql);
if (!isset($nrooms)) {
$nrooms = 1;
}
$nroomsleft = 0;
if ($res) {
for ($i = 0; $row = sql_row($res, $i); $i++) {
$selected = "";
if ($row[0] == $room_id) {
$selected = "SELECTED";
$nroomsleft = $nrooms;
}
if ($nroomsleft) {
$selected = "SELECTED";
$nroomsleft -= 1;
}
echo "<option {$selected} value=\"" . $row[0] . "\">" . $row[1];
// store room names for emails
$room_names[$i] = $row[1];
}
}
?>
function ajout_doc($doc_file, $id_ct, $doc_name, $cpt_doc)
{
global $max_size, $total_max_size, $edit_devoir, $multisite;
/* Vérification du type de fichier */
//if (my_ereg("\.([^.]+)$", $doc_file['name'][$cpt_doc], $match)) {
if (function_exists("mb_ereg") && mb_ereg("\\.([^.]+)\$", $doc_file['name'][$cpt_doc], $match) || function_exists("ereg") && ereg("\\.([^.]+)\$", $doc_file['name'][$cpt_doc], $match)) {
$ext = corriger_caracteres(my_strtolower($match[1]));
$ext = corriger_extension($ext);
} else {
$ext = '';
}
$query = "SELECT id_type FROM ct_types_documents WHERE extension='{$ext}' AND upload='oui'";
$result = sql_query($query);
if ($row = @sql_row($result, 0)) {
$id_type = $row[0];
} else {
return "Erreur : Ce type de fichier n'est pas autorisé en téléchargement.<br />\nSi vous trouvez cela regrettable, contactez l'administrateur.<br />\nIl pourra modifier ce paramétrage dans<br />\n*Gestion des modules/Cahiers de textes/Types de fichiers autorisés en téléchargement*.";
die;
}
/* Vérification de la taille du fichier */
$sql = "select id_groupe from ct_entry where id_ct='{$id_ct}'";
$id_groupe = sql_query1($sql);
$max_size_ko = $max_size / 1024;
$taille = $doc_file['size'][$cpt_doc];
if ($taille > $max_size) {
return "Téléchargement impossible : taille maximale autorisée : " . $max_size_ko . " Ko";
die;
}
if ($taille == 0) {
return "Le fichier sélectionné semble vide : transfert impossible.";
die;
}
$query = "SELECT DISTINCT sum(taille) somme FROM ct_documents d, ct_entry e WHERE (e.id_groupe='" . $id_groupe . "' and e.id_ct = d.id_ct)";
$total = sql_query1($query);
if ($total + $taille > $total_max_size) {
return "Téléchargement impossible : espace disque disponible (" . ($total_max_size - $total) / 1024 . " Ko) insuffisant.";
die;
}
/* Recopier le fichier */
$dest = '../documents/';
$dossier = '';
$multi = isset($multisite) && $multisite == 'y' ? $_COOKIE['RNE'] . '/' : NULL;
if (isset($multisite) && $multisite == 'y' && is_dir('../documents/' . $multi) === false) {
@mkdir('../documents/' . $multi);
$dest .= $multi;
} elseif (isset($multisite) && $multisite == 'y') {
$dest .= $multi;
}
if (isset($edit_devoir)) {
$dossier = "cl_dev" . $_POST['id_groupe'];
} else {
$dossier = "cl" . $_POST['id_groupe'];
}
if (creer_repertoire($dest, $dossier)) {
$dest .= $dossier . '/';
} else {
return "Problème d'écriture sur le répertoire. Veuillez signaler ce problème à l'administrateur du site";
die;
}
$nom_sans_ext = mb_substr(basename($doc_file['name'][$cpt_doc]), 0, mb_strlen(basename($doc_file['name'][$cpt_doc])) - (mb_strlen($ext) + 1));
$nom_sans_ext = my_ereg_replace("[^.a-zA-Z0-9_=-]+", "_", $nom_sans_ext);
if (strstr($nom_sans_ext, "..")) {
return "Problème de transfert : le fichier n'a pas pu être transféré sur le répertoire. Veuillez signaler ce problème à l'administrateur du site";
die;
}
$n = 0;
while (file_exists($newFile = $dest . $nom_sans_ext . ($n++ ? '-' . $n : '') . '.' . $ext)) {
}
$dest_path = $newFile;
if (!deplacer_fichier_upload($doc_file['tmp_name'][$cpt_doc], $dest_path)) {
return "Problème de transfert : le fichier n'a pas pu être transféré sur le répertoire. Veuillez signaler ce problème à l'administrateur du site";
die;
}
if ($doc_name[$cpt_doc] == '') {
$doc_name[$cpt_doc] = basename($newFile);
}
$nouveau = false;
if (!isset($id_document)) {
if (isset($edit_devoir)) {
$query = "INSERT INTO ct_devoirs_documents SET taille='{$taille}', emplacement='{$dest_path}', id_ct_devoir='{$id_ct}', titre='" . corriger_caracteres($doc_name[$cpt_doc]) . "'";
} else {
$query = "INSERT INTO ct_documents SET taille='{$taille}', emplacement='{$dest_path}', id_ct='{$id_ct}', titre='" . corriger_caracteres($doc_name[$cpt_doc]) . "'";
}
sql_query($query);
$id_document = is_null($___mysqli_res = mysqli_insert_id($GLOBALS["mysqli"])) ? false : $___mysqli_res;
$nouveau = true;
} else {
if (isset($edit_devoir)) {
$query = "UPDATE ct_devoirs_documents SET taille='{$taille}', emplacement='{$dest_path}', id_ct_devoir='{$id_ct}', titre='{$titre}' WHERE id_document={$id_document}";
} else {
$query = "UPDATE ct_documents SET taille='{$taille}', emplacement='{$dest_path}', id_ct='{$id_ct}', titre='{$titre}' WHERE id_document={$id_document}";
}
sql_query($query);
}
return "Téléchargement réussi !";
}
