/** *connect to folder and give to admin. the profile Admin(builtin) * @param int $p_id dossier::id() */ static function synchro_admin($p_id) { // connect to target $cn = new Database($p_id); if (!$cn->exist_table("profile_menu")) { echo_warning("Dossier invalide"); return; } // connect to repo $repo = new Database(); $a_admin = $repo->get_array("select use_login from ac_users where\n\t\t\tuse_admin=1 and use_active=1"); try { /** * synchro global */ $cn->start(); for ($i = 0; $i < count($a_admin); $i++) { $exist = $cn->get_value("select p_id from profile_user\n\t\t\t\t\twhere user_name=\$1", array($a_admin[$i]['use_login'])); if ($exist == "") { $cn->exec_sql("insert into profile_user(user_name,p_id) values(\$1,1)", array($a_admin[$i]['use_login'])); } } $cn->commit(); } catch (Exception $e) { echo_warning($e->getMessage()); $cn->rollback(); } }
$priv = sprintf("action%d", $id); if (!isset($_POST[$priv])) { $cn->exec_sql("delete from user_sec_act where ua_act_id=\$1", array($id)); continue; } $count = $cn->get_value('select count(*) from user_sec_act where ua_login=$1 ' . ' and ua_act_id=$2', array($sec_User->login, $id)); if ($_POST[$priv] == 1 && $count == 0) { $cn->exec_sql('insert into user_sec_act (ua_login,ua_act_id)' . ' values ($1,$2)', array($sec_User->login, $id)); } if ($_POST[$priv] == 0) { $cn->exec_sql('delete from user_sec_act where ua_login=$1 and ua_act_id=$2', array($sec_User->login, $id)); } } $cn->commit(); } catch (Exception $e) { echo_warning($e->getTraceAsString()); $cn->rollback(); } } //-------------------------------------------------------------------------------- // Action == View detail for users //-------------------------------------------------------------------------------- if ($action == "view") { $l_Db = sprintf("dossier%d", $gDossier); $return = HtmlInput::button_anchor('Retour à la liste', '?&ac=' . $_REQUEST['ac'] . '&' . dossier::get(), 'retour'); $repo = new Database(); $User = new User($repo, $_GET['user_id']); $admin = 0; $access = $User->get_folder_access($gDossier); $str = "Aucun accès"; if ($access == 'R') {
/** * Parse a XML file to complete an array of extension objects * @brief Create extension from XML. * @param type $p_file filename * @return array of Extension */ static function read_definition($p_file) { global $cn; $dom = new DomDocument('1.0'); $dom->load($p_file); $xml = simplexml_import_dom($dom); $nb_plugin = count($xml->plugin); $a_extension = array(); for ($i = 0; $i < $nb_plugin; $i++) { $extension = new Extension($cn); try { $extension->check_xml($xml); } catch (Exception $ex) { echo_warning($e->getMessage()); if ($ex->getCode() == 1) { continue; } } $extension->me_file = trim($xml->plugin[$i]->root) . '/' . trim($xml->plugin[$i]->file); $extension->me_code = trim($xml->plugin[$i]->code); $extension->me_description = isset($xml->plugin[$i]->description) ? trim($xml->plugin[$i]->description) : ""; $extension->me_description_etendue = trim($xml->plugin[$i]->author) ? trim($xml->plugin[$i]->author) : ""; $extension->me_type = 'PL'; $extension->me_menu = trim($xml->plugin[$i]->name); $extension->me_parameter = 'plugin_code=' . trim($xml->plugin[$i]->code); $a_extension[] = clone $extension; } return $a_extension; }
/** * Find the default module or the first one * @global $g_user $g_user * @return default module (string) */ function find_default_module() { global $g_user; $cn = Dossier::connect(); $default_module = $cn->get_array("select me_code\n\t from profile_menu join profile_user using (p_id)\n\t where\n\t p_type_display='M' and\n\t user_name=\$1 and pm_default=1", array($g_user->login)); /* * Try to find the smallest order for module */ if (empty($default_module)) { $default_module = $cn->get_array("select me_code\n\t from profile_menu join profile_user using (p_id)\n\t where\n\t p_type_display='M' and\n\t user_name=\$1 order by p_order limit 1", array($g_user->login)); // if no default try to find the default menu if (empty($default_module)) { $default_module = $cn->get_array("select me_code\n\t\t\t from profile_menu join profile_user using (p_id)\n\t\t\t where\n\t\t\t p_type_display='E' and\n\t\t\t user_name=\$1 and pm_default=1 ", array($g_user->login)); /* * Try to find a default menu by order */ if (empty($default_module)) { $default_module = $cn->get_array("select me_code\n\t\t\t\tfrom profile_menu join profile_user using (p_id)\n\t\t\t\twhere\n\t\t\t\tuser_name=\$1 and p_order=(select min(p_order) from profile_menu join profile_user using (p_id)\n\t\t\t\twhere user_name=\$2) limit 1", array($g_user->login, $g_user->login)); } /* * if nothing found, there is no profile for this user => exit */ if (empty($default_module)) { /* * If administrateur, then we insert a default profile (1) * for him */ if ($g_user->admin == 1) { $cn->exec_sql('insert into profile_user(user_name,p_id) values ($1,1) ', array($g_user->login)); return find_default_module(); } echo_warning(_("Utilisateur n'a pas de profil, votre administrateur doit en configurer un dans CFGSEC")); exit; } } return $default_module[0]['me_code']; } if (count($default_module) > 1) { // return the first module found return $default_module[0]['me_code']; } elseif (count($default_module) == 1) { return $default_module[0]['me_code']; } }
} require_once NOALYSS_INCLUDE . '/class_database.php'; require_once NOALYSS_INCLUDE . '/class_dossier.php'; require_once NOALYSS_INCLUDE . '/ac_common.php'; require_once NOALYSS_INCLUDE . '/constant.php'; require_once NOALYSS_INCLUDE . '/function_javascript.php'; require_once NOALYSS_INCLUDE . '/class_extension.php'; require_once NOALYSS_INCLUDE . '/class_html_input.php'; require_once NOALYSS_INCLUDE . '/class_iselect.php'; require_once NOALYSS_INCLUDE . '/constant.security.php'; require_once NOALYSS_INCLUDE . '/class_user.php'; /** * included from do.php + extension_choice.inc.php */ // find file and check security global $cn, $g_user; $ext = new Extension($cn); if ($ext->search($_REQUEST['plugin_code']) == -1) { echo_warning("plugin non trouvé"); return; } if ($ext->can_request($g_user->login) == -1) { alert("Plugin non authorisé"); return; } if (!file_exists(NOALYSS_PLUGIN . '/' . trim($ext->me_file))) { alert(j(_("Ce fichier n'existe pas "))); return; } echo '<div class="content">'; require_once NOALYSS_PLUGIN . DIRECTORY_SEPARATOR . trim($ext->me_file);
function Generate($p_array, $p_filename = "") { // create a temp directory in /tmp to unpack file and to parse it $dirname = tempnam($_ENV['TMP'], 'doc_'); unlink($dirname); mkdir($dirname); // Retrieve the lob and save it into $dirname $this->db->start(); $dm_info = "select md_name,md_type,md_lob,md_filename,md_mimetype\n from document_modele where md_id=" . $this->md_id; $Res = $this->db->exec_sql($dm_info); $row = Database::fetch_array($Res, 0); $this->d_lob = $row['md_lob']; $this->d_filename = $row['md_filename']; $this->d_mimetype = $row['md_mimetype']; $this->d_name = $row['md_name']; chdir($dirname); $filename = $row['md_filename']; $exp = $this->db->lo_export($row['md_lob'], $dirname . DIRECTORY_SEPARATOR . $filename); if ($exp === false) { echo_warning(__FILE__ . ":" . __LINE__ . "Export NOK {$filename}"); } $type = "n"; // if the doc is a OOo, we need to unzip it first // and the name of the file to change is always content.xml if (strpos($row['md_mimetype'], 'vnd.oasis') != 0) { ob_start(); $zip = new Zip_Extended(); if ($zip->open($filename) === TRUE) { $zip->extractTo($dirname . DIRECTORY_SEPARATOR); $zip->close(); } else { echo __FILE__ . ":" . __LINE__ . "cannot unzip model " . $filename; } // Remove the file we do not need anymore unlink($filename); ob_end_clean(); $file_to_parse = "content.xml"; $type = "OOo"; } else { $file_to_parse = $filename; } // affect a number $this->d_number = $this->db->get_next_seq("seq_doc_type_" . $row['md_type']); // parse the document - return the doc number ? $this->ParseDocument($dirname, $file_to_parse, $type, $p_array); $this->db->commit(); // if the doc is a OOo, we need to re-zip it if (strpos($row['md_mimetype'], 'vnd.oasis') != 0) { ob_start(); $zip = new Zip_Extended(); $res = $zip->open($filename, ZipArchive::CREATE); if ($res !== TRUE) { throw new Exception(__FILE__ . ":" . __LINE__ . "cannot recreate zip"); } $zip->add_recurse_folder($dirname . DIRECTORY_SEPARATOR); $zip->close(); ob_end_clean(); $file_to_parse = $filename; } if ($p_filename != "") { $this->d_filename = $this->compute_filename($p_filename, $this->d_filename); } $this->SaveGenerated($dirname . DIRECTORY_SEPARATOR . $file_to_parse); // Invoice $ret = '<A class="mtitle" HREF="show_document.php?d_id=' . $this->d_id . '&' . dossier::get() . '">Document généré</A>'; @rmdir($dirname); return $ret; }
// check it isn't a ip address if (!isset($parts['host'])) { echo_error("There is no host in the URI"); $proceed = false; } elseif (filter_var($parts['host'], FILTER_VALIDATE_IP)) { echo_error("The host '" . $parts['host'] . "' appears to be an IP address. These are not considered persistent. You must use a domain name."); $proceed = false; } else { echo_ok("The host has the domain name of '" . $parts['host'] . "'"); } // warn if we have no path info. There isn't a requirement to have one but // it is unlikely people would do it all with subdomains. if (isset($parts['path'])) { echo_ok("The path component is '" . $parts['path'] . "'"); } else { echo_warning("The URI lacks a path component. Are you sure this is what you intended?"); } // they shouldn't have a query string // this stops the use of db queries if (isset($parts['query'])) { echo_error("The URI contains the query string: '" . $parts['query'] . "'. This is not permitted."); $proceed = false; } else { echo_ok("The URI lacks a query string component which is a good thing."); } //var_dump($parts); } if ($proceed) { echo_ok("Format of URI appears OK. Continuing test."); ?> <script type="text/javascript">
// get default curl handle $curl = get_curl_handle($uri); // set other things here curl_setopt($curl, CURLOPT_HTTPHEADER, array("Accept: text/html")); echo_info("Requesting HTML by passing 'Accept: text/html' header."); $response = run_curl_request($curl); // we either got a 303 redirect or we got a 200 or something else! $iFrameUri = false; $requestRdf = false; if ($response->info['http_code'] == 303) { echo_ok("Recieved 303 Redirect HTTP code."); echo_ok("Redirect to URI: <a target=\"_new\" href=\"" . $response->info['redirect_url'] . "\">" . $response->info['redirect_url'] . "</a>"); $iFrameUri = $response->info['redirect_url']; $requestRdf = true; } elseif ($response->info['http_code'] == 302) { echo_warning("Recieved 302 Redirect HTTP code. This should be a 303 as we are assuming support for HTTP1.1 ~ 302 is so last century :)"); echo_ok("Redirect to URI: <a target=\"_new\" href=\"" . $response->info['redirect_url'] . "\">" . $response->info['redirect_url'] . "</a>"); $iFrameUri = $response->info['redirect_url']; $requestRdf = true; } elseif ($response->info['http_code'] == 200) { echo_ok("Recieved 200 OK HTTP code."); $iFrameUri = $uri; } elseif ($response->info['http_code'] == 404) { echo_error("Got HTTP response code of 404 Not Found."); $iFrameUri = false; } else { echo_error("Unexpected response code: '" . $response->info['http_code'] . "'. Expecting 303 Redirect or 200 OK."); $iFrameUri = false; } if ($iFrameUri) { echo "<iframe id=\"herbal-html-response\" src=\"{$iFrameUri}\"></iframe>";
$p_msg = ""; //---------------------------------------- // Confirm the operations //---------------------------------------- if (isset($_POST['save'])) { try { $Ledger->verify($_POST); } catch (Exception $e) { alert($e->getMessage()); $p_msg = $e->getMessage(); $correct = 1; } if (!isset($correct)) { echo '<div class="content">'; echo h1(_('Confirmation'), ''); echo_warning(_("Attention, cette opération n'est pas encore sauvée : vous devez encore confirmer")); echo '<form name="form_detail" class="print" enctype="multipart/form-data" class="print" METHOD="POST">'; echo HtmlInput::hidden('ac', $_REQUEST['ac']); echo $Ledger->confirm($_POST); echo HtmlInput::submit('confirm', _('Confirmer')); echo HtmlInput::submit('correct', _('Corriger')); echo '</form>'; echo '</div>'; return; } } //---------------------------------------- // Confirm and save the operations // into the database //---------------------------------------- if (isset($_POST['confirm'])) {
} //---------------------------------------------------------------------- // Upgrade the template //---------------------------------------------------------------------- $Resdossier = $cn->exec_sql("select mod_id, mod_name from modeledef"); $MaxDossier = $cn->size(); echo "<h2>Mise à jour modèle</h2>"; for ($e = 0; $e < $MaxDossier; $e++) { $db_row = Database::fetch_array($Resdossier, $e); echo "<h3>Patching " . $db_row['mod_name'] . "</h3>"; $name = $cn->format_name($db_row['mod_id'], 'mod'); if ($cn->exist_database($name) > 0) { $db = new Database($db_row['mod_id'], 'mod'); $db->apply_patch($db_row['mod_name']); } else { echo_warning(_("Modèle inexistant") . " {$name}"); } } //---------------------------------------------------------------------- // Upgrade the account_repository //---------------------------------------------------------------------- echo "<h2>Mise à jour Repository</h2>"; $cn = new Database(); if (DEBUG == false) { ob_start(); } $MaxVersion = DBVERSIONREPO - 1; for ($i = 4; $i <= $MaxVersion; $i++) { if ($cn->get_version() <= $i) { $cn->execute_script('sql/patch/ac-upgrade' . $i . '.sql'); }