Exemplo n.º 1
0
function UpdateSettings($setting, $val, $type = '')
{
    global $server, $user, $pass, $database, $pre;
    if (empty($type)) {
        $type = 'admin';
    }
    //Connect to database
    require_once "sources/class.database.php";
    $db = new Database($server, $user, $pass, $database, $pre);
    $db->connect();
    //Check if setting is already in DB. If NO then insert, if YES then update.
    $data = $db->fetch_row("SELECT COUNT(*) FROM " . $pre . "misc WHERE type='" . $type . "' AND intitule = '" . $setting . "'");
    if ($data[0] == 0) {
        $db->query_insert("misc", array('valeur' => $val, 'type' => $type, 'intitule' => $setting));
        //in case of stats enabled, add the actual time
        if ($setting == 'send_stats') {
            $db->query_insert("misc", array('valeur' => time(), 'type' => $type, 'intitule' => $setting . '_time'));
        }
    } else {
        $db->query_update("misc", array('valeur' => $val), "type='" . $type . "' AND intitule = '" . $setting . "'");
        //in case of stats enabled, update the actual time
        if ($setting == 'send_stats') {
            //Check if previous time exists, if not them insert this value in DB
            $data_time = $db->fetch_row("SELECT COUNT(*) FROM " . $pre . "misc WHERE type='" . $type . "' AND intitule = '" . $setting . "_time'");
            if ($data_time[0] == 0) {
                $db->query_insert("misc", array('valeur' => 0, 'type' => $type, 'intitule' => $setting . '_time'));
            } else {
                $db->query_update("misc", array('valeur' => 0), "type='" . $type . "' AND intitule = '" . $setting . "_time'");
            }
        }
    }
    //save in variable
    if ($type == "admin") {
        $_SESSION['settings'][$setting] = $val;
    } else {
        if ($type == "settings") {
            $settings[$setting] = $val;
        }
    }
}
Exemplo n.º 2
0
 if ($manage_kb == true) {
     $label = utf8_decode($_POST['label']);
     $category = utf8_decode($_POST['category']);
     $description = utf8_decode($_POST['description']);
     //Add category if new
     $data = $db->fetch_row("SELECT COUNT(*) FROM " . $pre . "kb_categories WHERE category = '" . mysql_real_escape_string($category) . "'");
     if ($data[0] == 0) {
         $cat_id = $db->query_insert("kb_categories", array('category' => mysql_real_escape_string($category)));
     } else {
         //get the ID of this existing category
         $cat_id = $db->fetch_row("SELECT id FROM " . $pre . "kb_categories WHERE category = '" . mysql_real_escape_string($category) . "'");
         $cat_id = $cat_id[0];
     }
     if (isset($_POST['id']) && !empty($_POST['id'])) {
         //update KB
         $new_id = $db->query_update("kb", array('label' => $label, 'description' => mysql_real_escape_string($description), 'author_id' => $_SESSION['user_id'], 'category_id' => $cat_id, 'anyone_can_modify' => $_POST['anyone_can_modify']), "id='" . $_POST['id'] . "'");
     } else {
         //add new KB
         $new_id = $db->query_insert("kb", array('label' => $label, 'description' => mysql_real_escape_string($description), 'author_id' => $_SESSION['user_id'], 'category_id' => $cat_id, 'anyone_can_modify' => $_POST['anyone_can_modify']));
     }
     //delete all associated items to this KB
     $db->query_delete("kb_items", array('kb_id' => $_POST['id']));
     //add all items associated to this KB
     foreach (explode(',', $_POST['kb_associated_to']) as $item_id) {
         $db->query_insert("kb_items", array('kb_id' => $_POST['id'], 'item_id' => $item_id));
     }
     echo '$("#kb_form").dialog("close");oTable = $("#t_kb").dataTable();LoadingPage();oTable.fnDraw();';
 } else {
     echo '$("#kb_form").dialog("close");';
 }
 break;
Exemplo n.º 3
0
 #-------------------------------------------
 #CASE delete a role
 case "delete_role":
     $db->query("DELETE FROM " . $pre . "roles_title WHERE id = " . $_POST['id']);
     $db->query("DELETE FROM " . $pre . "roles_values WHERE role_id = " . $_POST['id']);
     //Actualize the variable
     $_SESSION['nb_roles']--;
     //reload page
     echo 'window.location.href = "index.php?page=manage_roles";';
     break;
     #-------------------------------------------
     #CASE editing a role
 #-------------------------------------------
 #CASE editing a role
 case "edit_role":
     $db->query_update("roles_title", array('title' => mysql_real_escape_string(stripslashes($_POST['title']))), 'id = ' . $_POST['id']);
     //reload matrix
     echo 'var data = "type=rafraichir_matrice";httpRequest("sources/roles.queries.php",data);';
     break;
     #-------------------------------------------
     #CASE refresh the matrix
 #-------------------------------------------
 #CASE refresh the matrix
 case "rafraichir_matrice":
     echo 'document.getElementById(\'matrice_droits\').innerHTML = "";';
     require_once "NestedTree.class.php";
     $tree = new NestedTree($pre . 'nested_tree', 'id', 'parent_id', 'title');
     $tree = $tree->getDescendants();
     $texte = '<table><thead><tr><th>' . $txt['group'] . 's</th>';
     $gpes_ok = array();
     $gpes_nok = array();
Exemplo n.º 4
0
         $old_pw = "";
         foreach ($last_pw as $elem) {
             if (!empty($elem)) {
                 if (empty($old_pw)) {
                     $old_pw = $elem;
                 } else {
                     $old_pw .= ";" . $elem;
                 }
             }
         }
         //update sessions
         $_SESSION['last_pw'] = $old_pw;
         $_SESSION['last_pw_change'] = mktime(0, 0, 0, date('m'), date('d'), date('y'));
         $_SESSION['validite_pw'] = true;
         //update DB
         $db->query_update("users", array('pw' => $new_pw, 'last_pw_change' => mktime(0, 0, 0, date('m'), date('d'), date('y')), 'last_pw' => $old_pw), "id = " . $_SESSION['user_id']);
         echo '[ { "error" : "none" } ]';
     }
 } else {
     //ADMIN has decided to change the USER's PW
     if (isset($_POST['change_pw_origine']) && $_POST['change_pw_origine'] == "admin_change") {
         //Check KEY
         if ($data_received['key'] != $_SESSION['key']) {
             echo '[ { "error" : "key_not_conform" } ]';
             exit;
         }
         //update DB
         $db->query_update("users", array('pw' => $new_pw, 'last_pw_change' => mktime(0, 0, 0, date('m'), date('d'), date('y'))), "id = " . $data_received['user_id']);
         echo '[ { "error" : "none" } ]';
     } else {
         echo '[ { "error" : "nothing_to_do" } ]';
Exemplo n.º 5
0
     $new_groupes = $data[0];
     if (!empty($data[0])) {
         $groupes = explode(';', $data[0]);
         if (in_array($val[1], $groupes)) {
             $new_groupes = str_replace($val[1], "", $new_groupes);
         } else {
             $new_groupes .= ";" . $val[1];
         }
     } else {
         $new_groupes = $val[1];
     }
     while (substr_count($new_groupes, ";;") > 0) {
         $new_groupes = str_replace(";;", ";", $new_groupes);
     }
     //Store id DB
     $db->query_update("users", array($_POST['type'] => $new_groupes), "id = " . $val[0]);
     break;
 case "fonction":
     $val = explode(';', $_POST['valeur']);
     $valeur = $_POST['valeur'];
     //v?rifier si l'id est d?j? pr?sent
     $data = $db->fetch_row("SELECT fonction_id FROM " . $pre . "users WHERE id = {$val['0']}");
     $new_fonctions = $data[0];
     if (!empty($data[0])) {
         $fonctions = explode(';', $data[0]);
         if (in_array($val[1], $fonctions)) {
             $new_fonctions = str_replace($val[1], "", $new_fonctions);
         } else {
             if (!empty($new_fonctions)) {
                 $new_fonctions .= ";" . $val[1];
             } else {
Exemplo n.º 6
0
$sqlAnswer = "Select correct_answer from tblquestions where id='".$question_id."'";

$rowAnswer = $db->query($sqlAnswer);
$result2 = $db->fetch_array($rowAnswer);


$answerResult = "incorrect";
if(isset($_POST["answer"]))
{
	
	if($result2["correct_answer"] == $_POST["answer"]){
		$answerResult = "correct";
	}
		$_POST["status"] = $answerResult;
		$DATA = $_POST;
}else{
	unset($_POST["answer"]);
	$DATA["time_to_answer"] = $_POST["time_to_answer"];
}
	 $row = $db->query_update("tbltemporarygenexam",$DATA,"question_id='".$question_id."' and student_id='".$student_id."'");
	 echo $row;



	
	//echo json_encode($json);
	mysql_close();
	
		
 ?>
Exemplo n.º 7
0
<?php

/**
 * The plugin control panel, you can manage the plugins activity in this page.
 */
include_once 'phphooks.class.php';
include_once 'includes/database.class.php';
require_once 'config.php';
$db = new Database($mysql_db_host, $mysql_db_user, $mysql_db_passwd, $mysql_db_name, $table_prefix);
$db->connect();
switch ($_GET['action']) {
    case "deactivate":
        $data['action'] = 0;
        $db->query_update("plugins", $data, "filename='" . $_GET['filename'] . "'");
        break;
    case "activate":
        $sql = "SELECT * FROM " . $table_prefix . "plugins WHERE filename = '" . $db->escape($_GET['filename']) . "'";
        $count = count($db->fetch_all_array($sql));
        if ($count < 1) {
            $data['filename'] = $_GET['filename'];
            $data['action'] = 1;
            $db->query_insert("plugins", $data);
        } else {
            $data['action'] = 1;
            $db->query_update("plugins", $data, "filename='" . $_GET['filename'] . "'");
        }
        break;
}
$sql = "SELECT filename, action FROM " . $table_prefix . "plugins WHERE action = '" . $db->escape(1) . "'";
$result_rows = $db->fetch_all_array($sql);
$plugin_list = new phphooks();
Exemplo n.º 8
0
function CPMStats()
{
    global $server, $user, $pass, $database, $pre;
    require_once 'includes/settings.php';
    // connect to the server
    require_once "class.database.php";
    $db = new Database($server, $user, $pass, $database, $pre);
    $db->connect();
    // Prepare stats to be sent
    // Count no FOLDERS
    $data_folders = $db->fetch_row("SELECT COUNT(*) FROM " . $pre . "nested_tree");
    // Count no USERS
    $data_users = $db->fetch_row("SELECT COUNT(*) FROM " . $pre . "users");
    // Count no ITEMS
    $data_items = $db->fetch_row("SELECT COUNT(*) FROM " . $pre . "items");
    // Get info about installation
    $data_system = array();
    $rows = $db->fetch_all_array("SELECT valeur,intitule FROM " . $pre . "misc WHERE type = 'admin' AND intitule IN ('enable_pf_feature','log_connections','cpassman_version')");
    foreach ($rows as $reccord) {
        if ($reccord['intitule'] == 'enable_pf_feature') {
            $data_system['enable_pf_feature'] = $reccord['valeur'];
        } else {
            if ($reccord['intitule'] == 'cpassman_version') {
                $data_system['cpassman_version'] = $reccord['valeur'];
            } else {
                if ($reccord['intitule'] == 'log_connections') {
                    $data_system['log_connections'] = $reccord['valeur'];
                }
            }
        }
    }
    // Get the actual stats.
    $stats_to_send = array('uid' => md5(SALT), 'time_added' => time(), 'users' => $data_users[0], 'folders' => $data_folders[0], 'items' => $data_items[0], 'cpm_version' => $data_system['cpassman_version'], 'enable_pf_feature' => $data_system['enable_pf_feature'], 'log_connections' => $data_system['log_connections']);
    // Encode all the data, for security.
    foreach ($stats_to_send as $k => $v) {
        $stats_to_send[$k] = urlencode($k) . '=' . urlencode($v);
    }
    // Turn this into the query string!
    $stats_to_send = implode('&', $stats_to_send);
    fopen("http://www.vag-technique.fr/divers/cpm_stats/collect_stats.php?" . $stats_to_send, 'r');
    // update the actual time
    $db->query_update("misc", array('valeur' => time()), "type='admin' AND intitule = 'send_stats_time'");
}
Exemplo n.º 9
0
 */
include_once 'Database.class.php';
define("MSCTBL", "msc");
$db = new Database('localhost', 'root', 'trdc123', 'mscsim');
//connect to the server
$db->connect();
if ($_GET['action'] == 'register' && !empty($_POST['MSISDN']) && !empty($_POST['IMSI'])) {
    $preMSISDN = $_POST['MSISDN'][0] . $_POST['MSISDN'][1] . $_POST['MSISDN'][2] . $_POST['MSISDN'][3];
    $data['TMSI'] = "91" . $preMSISDN . rand('199999', '999999');
    $sql = "SELECT * FROM " . MSCTBL . " WHERE `MSISDN` = '" . $_POST['MSISDN'] . "'";
    $row = $db->query_first($sql);
    if (empty($row)) {
        $error_dat['status'] = "error";
        $error_dat['reason'] = "Registration Failed...";
    } else {
        $db->query_update(MSCTBL, $data, " `MSISDN` = '" . $_POST['MSISDN'] . "' ");
        $error_dat['regdata'] = $row;
        $error_dat['regdata']['TMSI'] = $data['TMSI'];
        $error_dat['status'] = "success";
        $error_dat['reason'] = "Registration Complete...";
    }
    sleep(3);
    echo json_encode($error_dat);
} elseif ($_GET['action'] == 'makesim' && !empty($_POST['MSISDN'])) {
    $preMSISDN = $_POST['MSISDN'][0] . $_POST['MSISDN'][1] . $_POST['MSISDN'][2] . $_POST['MSISDN'][3];
    $data['IMSI'] = "91" . $preMSISDN . rand('199999', '999999');
    $data['IMEI'] = "956647" . "894467" . rand('199999', '999999');
    $data['Ki'] = genRandKey(128);
    $data['NSP'] = getNSP($preMSISDN);
    $sql = "SELECT * FROM " . MSCTBL . " WHERE `MSISDN` = '" . $_POST['MSISDN'] . "'";
    $row = $db->query_first($sql);
Exemplo n.º 10
0
    die('Hacking attempt...');
}
include '../includes/language/' . $_SESSION['user_language'] . '.php';
include '../includes/settings.php';
header("Content-type: text/html; charset==utf-8");
include 'main.functions.php';
require_once "NestedTree.class.php";
//Connect to mysql server
require_once "class.database.php";
$db = new Database($server, $user, $pass, $database, $pre);
$db->connect();
// CASE where title is changed
if (isset($_POST['newtitle'])) {
    $id = explode('_', $_POST['id']);
    //update DB
    $db->query_update('nested_tree', array('title' => mysql_real_escape_string(stripslashes($_POST['newtitle']))), "id=" . $id[1]);
    //Show value
    echo $_POST['newtitle'];
} else {
    if (isset($_POST['renewal_period']) && !isset($_POST['type'])) {
        //Check if renewal period is an integer
        if (is_int(intval($_POST['renewal_period']))) {
            $id = explode('_', $_POST['id']);
            //update DB
            $db->query_update('nested_tree', array('renewal_period' => mysql_real_escape_string(stripslashes($_POST['renewal_period']))), "id=" . $id[1]);
            //Show value
            echo $_POST['renewal_period'];
        } else {
            //Show ERROR
            echo $txt['error_renawal_period_not_integer'];
        }
Exemplo n.º 11
0
<?php

require "dbase/config.inc.php";
require "dbase/Database.class.php";
$db = new Database(DB_SERVER, DB_USER, DB_PASS, DB_DATABASE);
$db->connect();
//parent and tutor
$user["fname"] = $_POST["user-fname"];
$user["lname"] = $_POST["user-lname"];
$user["email"] = $_POST["user-email"];
$user["city"] = $_POST["user-city"];
$user["postcode"] = $_POST["user-postcode"];
$user["state"] = $_POST["user-state"];
$user["phone"] = $_POST["user-phone"];
$id = substr($_GET["user"], 1);
$user_type = substr($_GET["user"], 0, 1);
//p or t
if ($user_type == "p") {
    $db->query_update("tblparents", $user, "id='{$id}'");
    echo "<script>\n\t             window.history.go(-1);\n\t     \t</script>";
} else {
    if ($user_type == "t") {
        $db->query_update("tbltutor", $user, "id='{$id}'");
        echo "<script>\n\t             window.history.go(-1);\n\t     \t</script>";
    } else {
        $db->query_update("tblstudents", $std, "parent_id='{$id}'");
        echo "<script>\n\t             window.history.go(-1);\n\t     \t</script>";
    }
}
Exemplo n.º 12
0
	function excluir($id)
	{
		$db = new Database();
		$sql = 'delete from periodo where id = '.$id; 
		return $db->query_update($sql);
	}
<?php

require '../common/admin_session.php';
require '../common/database.php';
require '../config/config.php';
$db = new Database($db_host, $db_username, $db_password, $db_name);
$db->connect();
// For delete action
if ($_GET['action'] == "delete") {
    if ($_GET['id'] > 0) {
        $sql = "DELETE FROM " . $TABLE_EYO_MAP . " where id=" . $_GET['id'];
        $db->query($sql);
        header("Location: index.php");
        die;
    }
} else {
    if ($_GET['action'] == "update") {
        $update_array['status'] = $_GET['status'] ? 0 : 1;
        $db->query_update($TABLE_EYO_MAP, $update_array, " id=" . $_GET['id']);
        header("Location: index.php");
        die;
    }
}
header("Location: index.php");
die;
Exemplo n.º 14
0
 //log
 $db->query_insert('log_items', array('id_item' => $new_id, 'date' => mktime(date('H'), date('i'), date('s'), date('m'), date('d'), date('y')), 'id_user' => $_SESSION['user_id'], 'action' => 'at_creation'));
 //Add tags
 $tags = explode(' ', $_POST['tags']);
 foreach ($tags as $tag) {
     if (!empty($tag)) {
         $db->query_insert('tags', array('item_id' => $new_id, 'tag' => strtolower($tag)));
     }
 }
 // Check if any files have been added
 if (!empty($_POST['random_id_from_files'])) {
     $sql = "SELECT id\r\n                            FROM " . $pre . "files\r\n                            WHERE id_item=" . $_POST['random_id_from_files'];
     $rows = $db->fetch_all_array($sql);
     foreach ($rows as $reccord) {
         //update item_id in files table
         $db->query_update('files', array('id_item' => $new_id), "id='" . $reccord['id'] . "'");
     }
 }
 //Update CACHE table
 UpdateCacheTable("add_value", $new_id);
 //Announce by email?
 if ($_POST['annonce'] == 1) {
     require_once "class.phpmailer.php";
     //envoyer email
     $destinataire = explode(';', $_POST['diffusion']);
     foreach ($destinataire as $mail_destinataire) {
         //envoyer ay destinataire
         $mail = new PHPMailer();
         $mail->SetLanguage("en", "../includes/libraries/phpmailer/language");
         $mail->IsSMTP();
         // send via SMTP
Exemplo n.º 15
0
 } else {
     $manage_kb = true;
 }
 if ($manage_kb == true) {
     //Add category if new
     $data = $db->fetch_row("SELECT COUNT(*) FROM " . $pre . "kb_categories WHERE category = '" . mysql_real_escape_string($category) . "'");
     if ($data[0] == 0) {
         $cat_id = $db->query_insert("kb_categories", array('category' => mysql_real_escape_string($category)));
     } else {
         //get the ID of this existing category
         $cat_id = $db->fetch_row("SELECT id FROM " . $pre . "kb_categories WHERE category = '" . mysql_real_escape_string($category) . "'");
         $cat_id = $cat_id[0];
     }
     if (isset($id) && !empty($id)) {
         //update KB
         $new_id = $db->query_update("kb", array('label' => $label, 'description' => $description, 'author_id' => $_SESSION['user_id'], 'category_id' => $cat_id, 'anyone_can_modify' => $anyone_can_modify), "id='" . $id . "'");
     } else {
         //add new KB
         $new_id = $db->query_insert("kb", array('label' => $label, 'description' => $description, 'author_id' => $_SESSION['user_id'], 'category_id' => $cat_id, 'anyone_can_modify' => $anyone_can_modify));
     }
     //delete all associated items to this KB
     $db->query_delete("kb_items", array('kb_id' => $new_id));
     //add all items associated to this KB
     foreach (explode(',', $kb_associated_to) as $item_id) {
         $db->query_insert("kb_items", array('kb_id' => $new_id, 'item_id' => $item_id));
     }
     echo '[ { "status" : "done" } ]';
 } else {
     echo '[ { "status" : "none" } ]';
 }
 break;
Exemplo n.º 16
0
     if (count($_POST['list_f']) > 0) {
         foreach (explode(';', $_POST['list_f']) as $id) {
             $data = $db->query_first("\r\n\t\t\t\t\tSELECT valeur\r\n\t\t            FROM " . $pre . "misc\r\n\t\t            WHERE type = 'folder_deleted'\r\n\t\t            AND intitule = '" . $id . "'");
             if ($data['valeur'] != 0) {
                 $folder_data = explode(',', $data['valeur']);
                 //insert deleted folder
                 $db->query_insert('nested_tree', array('id' => $folder_data[0], 'parent_id' => $folder_data[1], 'title' => $folder_data[2], 'nleft' => $folder_data[3], 'nright' => $folder_data[4], 'nlevel' => $folder_data[5], 'bloquer_creation' => $folder_data[6], 'bloquer_modification' => $folder_data[7], 'personal_folder' => $folder_data[8], 'renewal_period' => $folder_data[9]));
                 //delete log
                 $db->query("DELETE FROM " . $pre . "misc WHERE type = 'folder_deleted' AND intitule= '" . $id . "'");
             }
         }
     }
     //restore ITEMS
     if (count($_POST['list_i']) > 0) {
         foreach (explode(';', $_POST['list_i']) as $id) {
             $db->query_update("items", array('inactif' => '0'), 'id = ' . $id);
             //log
             $db->query("INSERT INTO " . $pre . "log_items VALUES ('" . $id . "','" . mktime(date('H'), date('i'), date('s'), date('m'), date('d'), date('y')) . "','" . $_SESSION['user_id'] . "','at_restored','')");
         }
     }
     break;
     #----------------------------------
     #CASE admin want to delete a list of deleted items
 #----------------------------------
 #CASE admin want to delete a list of deleted items
 case "really_delete_items":
     $folders = explode(';', $_POST['folders']);
     if (count($folders) > 0) {
         //delete folders
         foreach ($folders as $f_id) {
             //get folder ID
Exemplo n.º 17
0
     ftp_close($conn_id);
     fclose($handle);
     //DELETE FILE
     unlink($local_file);
     echo '[{"error":"' . $error . '" , "output":"' . $text . '"}]';
     break;
     ###########################################################
     #CASE for refreshing all Personal Folders
 ###########################################################
 #CASE for refreshing all Personal Folders
 case "admin_action_check_pf":
     //get through all users
     $rows = $db->fetch_all_array("SELECT id,login,email FROM " . $pre . "users ORDER BY login ASC");
     foreach ($rows as $record) {
         //update PF field for user
         $db->query_update('users', array('personal_folder' => '1'), "id='" . $record['id'] . "'");
         //if folder doesn't exist then create it
         $data = $db->fetch_row("SELECT COUNT(*) FROM " . $pre . "nested_tree WHERE title = '" . $record['id'] . "' AND parent_id = 0");
         if ($data[0] == 0) {
             //If not exist then add it
             $db->query_insert("nested_tree", array('parent_id' => '0', 'title' => $record['id'], 'personal_folder' => '1'));
         } else {
             //If exists then update it
             $db->query_update('nested_tree', array('personal_folder' => '1'), array("title" => $record['id'], 'parent_id' => '0'));
         }
     }
     //Delete PF for deleted users
     $db->query("\r\n\t\t\tDELETE " . $pre . "nested_tree\r\n    \t\tFROM " . $pre . "nested_tree\r\n    \t\tLEFT JOIN " . $pre . "users\r\n    \t\tON " . $pre . "nested_tree.title = " . $pre . "users.id\r\n    \t\tWHERE " . $pre . "users.id IS NULL  AND " . $pre . "nested_tree.parent_id=0 AND " . $pre . "nested_tree.title REGEXP ('[0-9]')\r\n    \t");
     //rebuild fuild tree folder
     require_once 'NestedTree.class.php';
     $tree = new NestedTree($pre . 'nested_tree', 'id', 'parent_id', 'title');
Exemplo n.º 18
0
function smsmAlertFunc($gid, $aid, $src, $nooftime, $inout, $devDateTime, $devImei, $inorout)
{
    $db = new Database(DB_SERVER, DB_USER, DB_PASS, DB_DATABASE);
    $db->connect();
    //print_r($_GET);
    //echo $aid."  ".$nooftime." cs ". $inorout." ds ".$inout." ".$devDateTime."<br><br>";
    //echo "<br><br>";
    $getAlertImeiInfo = "SELECT * FROM tb_geoalertinfo WHERE tgai_assignDevId = '" . $devImei . "' AND tgai_createDate like '" . date("Y-m-d", strtotime($devDateTime)) . "%' ORDER BY tgai_id DESC LIMIT 0,1";
    $resAlertImeiInfo = $db->query($getAlertImeiInfo);
    if ($db->affected_rows == 0) {
        if ($inout == 'in' && $inorout == $inout) {
            $smsStatus = sendAlert($aid, $devDateTime);
            //echo "<br>";
            if ($smsStatus) {
                $data['tgai_assignDevId'] = $devImei;
                $data['tgai_geoAssignId'] = $aid;
                $data['tgai_inoutStatus'] = 0;
                $data['tgai_alertCount'] = 1;
                $data['tgai_alertType'] = $inout;
                $data['tgai_reachdevTime1'] = date("Y-m-d H:i:s", strtotime($devDateTime));
                //print_r($data);
                //exit;
                if ($db->query_insert("tb_geoalertinfo", $data)) {
                    $res = 1;
                } else {
                    $res = 0;
                }
                echo "SMS";
            }
        } elseif ($inout == 'out' && $inorout != $inout) {
            $data['tgai_assignDevId'] = $devImei;
            $data['tgai_geoAssignId'] = $aid;
            $data['tgai_inoutStatus'] = 0;
            $data['tgai_alertCount'] = 1;
            $data['tgai_alertType'] = $inout;
            $data['tgai_reachdevTime1'] = date("Y-m-d H:i:s", strtotime($devDateTime));
            //print_r($data);
            //exit;
            if ($db->query_insert("tb_geoalertinfo", $data)) {
                $res = 1;
            } else {
                $res = 0;
            }
        }
    } else {
        $fetAlertImeiInfo = $db->fetch_array($resAlertImeiInfo);
        $getAlertInfo = "SELECT count(*) as pastTotal FROM tb_geoalertinfo WHERE tgai_geoAssignId = " . $aid . " AND tgai_inoutStatus = 1 AND tgai_createDate like '" . date("Y-m-d", strtotime($devDateTime)) . "%'";
        $resAlertInfo = $db->query($getAlertInfo);
        $fetAlertInfo = $db->fetch_array($resAlertInfo);
        //echo "<br>".$fetAlertImeiInfo[tgai_geoAssignId]." ".$aid." ".$fetAlertImeiInfo[tgai_inoutStatus]." ".$nooftime." ".$fetAlertImeiInfo[tgai_alertCount]." ". $inorout." ".$inout."<br>";
        //print_r($fetAlertInfo);
        /*echo "<pre>";
        		print_r($fetAlertImeiInfo);
        		//
        		echo "</pre>";*/
        //echo $fetAlertImeiInfo[tgai_id];
        //echo "<br> 1 ".$fetAlertInfo[pastTotal]." ".$fetAlertImeiInfo[tgai_alertCount]."<".$nooftime."<br>";
        if ($fetAlertImeiInfo[tgai_geoAssignId] == $aid && $fetAlertInfo[pastTotal] < $nooftime) {
            //echo "<br>".$fetAlertInfo[pastTotal]." ".$fetAlertImeiInfo[tgai_alertCount]."<".$nooftime."<br>";
            if ($fetAlertImeiInfo[tgai_inoutStatus] == 0) {
                //echo $fetAlertImeiInfo[tgai_alertCount]."<".$nooftime."<br>";
                if ($inout == 'in' && $inorout != $inout) {
                    $data['tgai_inoutStatus'] = 1;
                    $data['tgai_reachdevTime2'] = date("Y-m-d H:i:s", strtotime($devDateTime));
                    //print_r($data);
                    //exit;
                    if ($db->query_update("tb_geoalertinfo", $data, "tgai_id=" . $fetAlertImeiInfo[tgai_id])) {
                        $res = 1;
                    } else {
                        $res = 0;
                    }
                } elseif ($inout == 'out' && $inorout == $inout) {
                    $smsStatus = sendAlert($aid, $devDateTime);
                    if ($smsStatus) {
                        $data['tgai_inoutStatus'] = 1;
                        $data['tgai_reachdevTime2'] = date("Y-m-d H:i:s", strtotime($devDateTime));
                        //print_r($data);
                        //exit;
                        if ($db->query_update("tb_geoalertinfo", $data, "tgai_id=" . $fetAlertImeiInfo[tgai_id])) {
                            $res = 1;
                        } else {
                            $res = 0;
                        }
                        echo "SMS";
                    }
                }
            } else {
                //echo $fetAlertImeiInfo[tgai_alertCount]."<".$nooftime."<br>";
                //echo "<br>".$inout." ".$inorout;
                if ($inout == 'in' && $inorout == $inout) {
                    $smsStatus = sendAlert($aid, $devDateTime);
                    if ($smsStatus) {
                        $data['tgai_assignDevId'] = $devImei;
                        $data['tgai_geoAssignId'] = $aid;
                        $data['tgai_inoutStatus'] = 0;
                        $data['tgai_alertCount'] = $fetAlertInfo[tgai_alertCount] + 1;
                        $data['tgai_alertType'] = $inout;
                        $data['tgai_reachdevTime1'] = date("Y-m-d H:i:s", strtotime($devDateTime));
                        //print_r($data);
                        //exit;
                        if ($db->query_insert("tb_geoalertinfo", $data)) {
                            $res = 1;
                        } else {
                            $res = 0;
                        }
                        echo "SMS";
                    }
                } elseif ($inout == 'out' && $inorout != $inout) {
                    $data['tgai_assignDevId'] = $devImei;
                    $data['tgai_geoAssignId'] = $aid;
                    $data['tgai_inoutStatus'] = 0;
                    $data['tgai_alertCount'] = $fetAlertInfo[tgai_alertCount] + 1;
                    $data['tgai_alertType'] = $inout;
                    $data['tgai_reachdevTime1'] = date("Y-m-d H:i:s", strtotime($devDateTime));
                    //print_r($data);
                    //exit;
                    if ($db->query_insert("tb_geoalertinfo", $data)) {
                        $res = 1;
                    } else {
                        $res = 0;
                    }
                }
            }
        } elseif ($fetAlertImeiInfo[tgai_geoAssignId] != $aid && $fetAlertImeiInfo[tgai_inoutStatus] == 1 && $fetAlertInfo[tgai_alertCount] < $nooftime) {
            //print_r($fetAlertImeiInfo);
            if ($inout == 'in' && $inorout == $inout) {
                $smsStatus = sendAlert($aid, $devDateTime);
                if ($smsStatus) {
                    $data['tgai_assignDevId'] = $devImei;
                    $data['tgai_geoAssignId'] = $aid;
                    $data['tgai_inoutStatus'] = 0;
                    $data['tgai_alertCount'] = $fetAlertInfo[tgai_alertCount] + 1;
                    $data['tgai_alertType'] = $inout;
                    $data['tgai_reachdevTime1'] = date("Y-m-d H:i:s", strtotime($devDateTime));
                    //print_r($data);
                    //exit;
                    if ($db->query_insert("tb_geoalertinfo", $data)) {
                        $res = 1;
                    } else {
                        $res = 0;
                    }
                    echo "SMS";
                }
            } elseif ($inout == 'out' && $inorout != $inout) {
                $data['tgai_assignDevId'] = $devImei;
                $data['tgai_geoAssignId'] = $aid;
                $data['tgai_inoutStatus'] = 0;
                $data['tgai_alertCount'] = $fetAlertInfo[tgai_alertCount] + 1;
                $data['tgai_alertType'] = $inout;
                $data['tgai_reachdevTime1'] = date("Y-m-d H:i:s", strtotime($devDateTime));
                //print_r($data);
                //exit;
                if ($db->query_insert("tb_geoalertinfo", $data)) {
                    $res = 1;
                } else {
                    $res = 0;
                }
            }
        }
    }
}
Exemplo n.º 19
0
if (!isset($_SESSION['CPM']) || $_SESSION['CPM'] != 1) {
    die('Hacking attempt...');
}
if (isset($_POST['session']) && $_POST['session'] == "expired") {
    //Include files
    require_once 'includes/settings.php';
    require_once 'includes/include.php';
    // connect to the server
    require_once "sources/class.database.php";
    $db = new Database($server, $user, $pass, $database, $pre);
    $db->connect();
    // Include main functions used by cpassman
    require_once 'sources/main.functions.php';
    // Update table by deleting ID
    if (isset($_SESSION['user_id'])) {
        $db->query_update("users", array('key_tempo' => ''), "id=" . $_SESSION['user_id']);
    }
    //Log into DB the user's disconnection
    if (isset($_SESSION['settings']['log_connections']) && $_SESSION['settings']['log_connections'] == 1) {
        logEvents('user_connection', 'disconnection', $_SESSION['user_id']);
    }
    // erase session table
    $_SESSION = array();
    // Kill session
    session_destroy();
} else {
    echo '
	<div style="width:800px;margin:auto;">';
    if ($_SESSION['error'] == 1000) {
        echo '
		<div class="ui-state-error ui-corner-all error" >' . $txt['error_not_authorized'] . '</div>';
Exemplo n.º 20
0
     $message .= '<table style="border-color: #666;" cellpadding="10" width="100%">';
     $message .= "<tr style='background: #eee;'><td><strong>Greetings from:</strong> </td><td>" . strip_tags($fetReseller[ci_clientName]) . "</td></tr>";
     $message .= "<tr><td><strong>Vehicle Name:</strong> </td><td>" . strip_tags($devName) . "</td></tr>";
     $message .= "<tr><td><strong>Purpose:</strong> </td><td>" . strip_tags(ucfirst($record[tdai_purpose])) . "</td></tr>";
     $message .= "<tr><td><strong>Description:</strong> </td><td>" . strip_tags(ucfirst($record[tdai_description])) . "</td></tr>";
     $message .= "<tr><td><strong>By -:</strong> </td><td>" . $fetReseller[ci_weburl] . "</td></tr>";
     $message .= '<tr><td></td><td><img src="' . $GLOBALS[dataPath] . 'gpsapp/modules/user/client_logo/' . $fetReseller[ci_clientLogo] . '" alt="Website Change Request" /></td></tr>';
     $message .= "<tr><td><strong>Note:</strong> </td><td style='font:12px normal Arial, Helvetica, sans-serif; color:red'>Do not reply to this system generated mail</td></tr>";
     $message .= "</table>";
     $message .= "</body></html>";
     //echo $sub;
     //exit;
     if ($mailres = sendMail($t, $sub, $message, $fr)) {
         $data['tdai_status'] = 1;
         $data['tdai_deliveryTime'] = date("Y-m-d H:i:s");
         if ($db->query_update("tb_device_alert_info", $data, "tdai_id=" . $record[tdai_id])) {
             $maildata['tmi_email'] = $t;
             $maildata['tmi_tgai_id'] = $record[tdai_id];
             $maildata['tmi_mailResult'] = $mailres;
             $maildata['tmi_message'] = $message;
             $maildata['tmi_mailType'] = "DATEALERT";
             //print_r($maildata);
             //exit;
             if ($db->query_insert("tb_mail_info", $maildata)) {
                 echo "done";
             } else {
                 echo "no";
             }
         }
     }
 } elseif ($record[tdai_alertType] == "Mobile") {
Exemplo n.º 21
0
 $mail->AddAddress($email);
 //$mail->AddBCC($email, '');
 $mail->WordWrap = 50;
 $mail->IsHTML(true);
 $mail->Subject = "Studentbook Team password reset confirmation";
 $salt = sha1(uniqid());
 //generate salt
 $now = time();
 //get current time
 //forgot key
 $forgot_key = sha1($user . $now . $salt);
 //echo $forgot_key;
 $update['expire'] = $now;
 $update['reset'] = $forgot_key;
 $ip_connection = $_SERVER['SERVER_ADDR'];
 $db->query_update('student', $update, "email='{$email}'");
 //update with password expiry time
 $db->query_update('users', $update, "email='{$email}'");
 //update with password expiry time
 // start comment out
 $mailer = "<div style='margin: 0 auto; background-color:f0e1ae; width:520px; padding:12px;'><img src='https://4.bp.blogspot.com/-lXNFwNibdTI/VgGdGkXiNHI/AAAAAAAAA_o/isgC77woXsE/s1600/logo_std.png'><br><br>Hi " . $row->username . ",<br><br> There was recently a request to change the password on your account. If you requested this password change, please set a new password by following the link below:<br><br>\n\t\t\t\t<a href='" . $_SERVER['SERVER_NAME'] . "" . $_SERVER['SCRIPT_NAME'] . "?key=" . $forgot_key . "'>" . $_SERVER['SERVER_NAME'] . "" . $_SERVER['SCRIPT_NAME'] . "?key=" . $forgot_key . "</a><br>\n<a>Ip Connection:</a>{$ip_connection}<br/>\n<br>Please note that this link is valid only for 24 hours.<br><br>If you don't want to change your password, just ignore this message.<br><br>This is sent from a <a href='../user/index.php'>Login Page</a> on StudentBook. If you did not register by yourself let us know at studentbook@e-studentbook.com<br><br>Thanks,<br>Studentbook Team</div>";
 // change/edit the confirmation in email user as comment for key activation
 $mail->Body = $mailer;
 if (!$mail->Send()) {
     echo "Message could not be sent.<p>";
     echo "Mailer Error: " . $mail->ErrorInfo;
     exit;
 }
 //echo $mailer;
 echo '<div class="success">An email has been sent to ' . $email . ' with further instructions.</div>';
 //$_SESSION['forgotemail']=$email;
Exemplo n.º 22
0
        $cdata["tgi_latLong"] = $_GET[param];
        //print_r($cdata);
        if ($db->query_insert("tb_geofence_info", $cdata)) {
            echo 1;
        } else {
            echo 0;
        }
    } else {
        $fetCont = $db->fetch_array($resCont);
        $cdata["tgi_clientId"] = $_SESSION[clientID];
        $cdata["tgi_name"] = $_GET[name];
        $cdata["tgi_isActive"] = 1;
        $cdata["tgi_radius"] = $_GET[radius];
        $cdata["tgi_latLong"] = $_GET[param];
        //print_r($cdata);
        if ($db->query_update("tb_geofence_info", $cdata, "tgi_id = " . $fetCont[tgi_id])) {
            echo 2;
        } else {
            echo 0;
        }
    }
}
if (isset($_GET[contType]) && $_GET[contType] != '') {
    $getCont = "select * from tb_client_contact_info where tcci_srcType = '" . $_GET[contType] . "' AND tcci_clientId =" . $_SESSION[clientID];
    $resCont = $db->query($getCont);
    $str = '';
    if ($db->affected_rows > 0) {
        while ($fetCont = $db->fetch_array($resCont)) {
            //print_r($fetCont);
            $str .= '<option value=' . $fetCont[tcci_source] . '>' . $fetCont[tcci_source] . '</option>';
        }
Exemplo n.º 23
0
<?php 

	require("dbase/config.inc.php");
	require("dbase/Database.class.php");
	$db = new Database(DB_SERVER, DB_USER, DB_PASS, DB_DATABASE);
	$db->connect();
	$questionID = $_POST["questionId"];
	$data["flagged_message"] = $_POST["flagged_message"];
	$data["flagged_for_review"] = 1;
	$where = "id=".$questionID;
	$row = $db->query_update("tblquestions",$data,$where);
	mysql_close();
	
 ?>
Exemplo n.º 24
0
 //log
 $db->query_insert('log_items', array('id_item' => $new_id, 'date' => mktime(date('H'), date('i'), date('s'), date('m'), date('d'), date('y')), 'id_user' => $_SESSION['user_id'], 'action' => 'at_creation'));
 //Add tags
 $tags = explode(' ', $tags);
 foreach ($tags as $tag) {
     if (!empty($tag)) {
         $db->query_insert('tags', array('item_id' => $new_id, 'tag' => strtolower($tag)));
     }
 }
 // Check if any files have been added
 if (!empty($data_received['random_id_from_files'])) {
     $sql = "SELECT id\r\n\t\t                        FROM " . $pre . "files\r\n\t\t                        WHERE id_item=" . $data_received['random_id_from_files'];
     $rows = $db->fetch_all_array($sql);
     foreach ($rows as $reccord) {
         //update item_id in files table
         $db->query_update('files', array('id_item' => $new_id), "id='" . $reccord['id'] . "'");
     }
 }
 //Update CACHE table
 UpdateCacheTable("add_value", $new_id);
 //Announce by email?
 if ($data_received['annonce'] == 1) {
     require_once "class.phpmailer.php";
     //envoyer email
     $destinataire = explode(';', $data_received['diffusion']);
     foreach ($destinataire as $mail_destinataire) {
         //envoyer ay destinataire
         $mail = new PHPMailer();
         $mail->SetLanguage("en", "../includes/libraries/phpmailer/language");
         $mail->IsSMTP();
         // send via SMTP
Exemplo n.º 25
0
            $data['tgi_description'] = urldecode($param2[1]);
            $k = 1;
            while ($k < count($param1) - 4) {
                $param3 = explode("=", $param1[$k]);
                $k++;
                $param4 = explode("=", $param1[$k]);
                $pts .= $param4[1] . "," . $param3[1] . "#";
                $k++;
            }
            $data['tgi_coordinates'] = $pts;
            $data['tgi_parameter'] = urldecode($_SERVER['QUERY_STRING']);
            $data['tgi_clientId'] = $_SESSION[clientID];
            $data['tgi_isActive'] = 1;
            //print_r($data);
            //exit;
            if ($db->query_update("tb_geofence_info", $data, "tgi_id =" . $geoId)) {
                $res = 3;
            } else {
                $res = 0;
            }
            echo $res;
        }
    }
}
if (isset($_GET[deleteGeoId]) && $_GET[deleteGeoId] != '') {
    $sql = "UPDATE tb_geofence_info SET tgi_isActive = 0 WHERE tgi_id=" . $_GET[deleteGeoId];
    $row = $db->query($sql);
    if ($row) {
        echo 4;
    } else {
        echo 5;
Exemplo n.º 26
0
$userName = $_POST["username"];
$passWord = $_POST["password"];
$adminCheck = $mydb->first("SELECT `gmlevel` FROM `account` WHERE `username`='{$userName}' AND `sha_pass_hash`='" . SHA1(strtoupper($username . ':' . $password)) . "';");
if ($adminCheck === "3") {
    $isadmin = 1;
} elseif (!$adminCheck || $adminCheck == "") {
    $isadmin = 0;
} else {
    $isadmin = 0;
}
//echo $adminCheck;
if (isset($_POST["assignto"]) && $isadmin == 1) {
    $assignto = $mydb->clean($_POST["assignto"], '', '');
    $assignedname = $mydb->first("SELECT username FROM account WHERE id='{$assignto}'");
    $tickid = $mydb->clean($_POST["tickid"], '', '');
    $mydb->query_update('list', array('assigned' => $assignto), "id='{$tickid}'");
    // echo $isadmin;
    echo $assignedname;
}
if (isset($_POST["titlechange"]) && $isadmin == 1) {
    $tickid = $mydb->clean($_POST["tickid"], '', '');
    $mydb->query_update("list", array('title' => $_POST["titlechange"]), "id='{$tickid}'");
    echo "Title changed.";
}
if (isset($_POST["closeticket"]) && $isadmin == 1) {
    $closeticket = $mydb->clean($_POST["tickid"], '', '');
    $mydb->query_update('list', array('status' => 0, 'finished' => time()), "id='{$closeticket}'");
    echo "Ok";
}
if (isset($_POST["openticket"]) && $isadmin == 1) {
    $closeticket = $mydb->clean($_POST["tickid"], '', '');
Exemplo n.º 27
0
####################################################################################################
session_start();
include '../includes/language/' . $_SESSION['user_language'] . '.php';
include '../includes/settings.php';
header("Content-type: text/html; charset=" . $k['charset']);
include 'main.functions.php';
require_once "NestedTree.class.php";
//Connect to mysql server
require_once "class.database.php";
$db = new Database($server, $user, $pass, $database, $pre);
$db->connect();
// CASE where title is changed
if (isset($_POST['newtitle'])) {
    $id = explode('_', $_POST['id']);
    //update DB
    $db->query_update('nested_tree', array('title' => mysql_real_escape_string(stripslashes(utf8_decode($_POST['newtitle'])))), "id=" . $id[1]);
    //Show value
    echo $_POST['newtitle'];
} else {
    if (isset($_POST['renewal_period']) && !isset($_POST['type'])) {
        //Check if renewal period is an integer
        if (is_int(intval($_POST['renewal_period']))) {
            $id = explode('_', $_POST['id']);
            //update DB
            $db->query_update('nested_tree', array('renewal_period' => mysql_real_escape_string(stripslashes(utf8_decode($_POST['renewal_period'])))), "id=" . $id[1]);
            //Show value
            echo $_POST['renewal_period'];
        } else {
            //Show ERROR
            echo $txt['error_renawal_period_not_integer'];
        }
Exemplo n.º 28
0
	if ($record = $db->fetch_array($parent_check)!=null) {

		// $prnt_code['email_code'] = md5($record['email'] + microtime());//for email ver.
		// $db->query_update("tblparents", $prnt_code, "id='$parent_id'");
		//check slot available
		$checkSlot = "SELECT student_id, student_id2, student_id3 FROM tblparents where id='$parent_id'"; 
		$queryCheck = $db->query($checkSlot);

		while ($record = $db->fetch_array($queryCheck)) {

			if ($record['student_id']=="" && $student0['fname'] != NULL && $student0['lname'] != NULL && $student0['year_level'] != NULL ) {

				$primary_id = $db->query_insert("tblstudents", $student0);//insert new student record in the tblstudents
				$newStdID["student_id"] = $primary_id; 
				$db->query_update("tblparents", $newStdID, "id='$parent_id'");

				if ($record['student_id2']=="" && $student1['fname'] != NULL && $student1['lname'] != NULL && $student1['year_level'] != NULL ){

				$primary_id = $db->query_insert("tblstudents", $student1);//insert new student record in the tblstudents
				$newStdID["student_id2"] = $primary_id; 
				$db->query_update("tblparents", $newStdID, "id='$parent_id'");
				}

				if($record['student_id3']=="" && $student2['fname'] != NULL && $student2['lname'] != NULL && $student2['year_level'] != NULL ){

				$primary_id = $db->query_insert("tblstudents", $student2);//insert new student record in the tblstudents
				$newStdID["student_id3"] = $primary_id; 
				$db->query_update("tblparents", $newStdID, "id='$parent_id'");
				}
Exemplo n.º 29
0
                     $res = 1;
                 } else {
                     $res = 0;
                 }
                 echo "SMS";
             }
         }
     }
 } else {
     $fetAlertImeiInfo = $db->fetch_array($resAlertImeiInfo);
     if ($fetAlertImeiInfo[tgai_geoAssignId] == $aid) {
         if ($fetAlertImeiInfo[tgai_inoutStatus] == 0) {
             if ($_GET[inoutFlag] != $_GET[inoutPoint]) {
                 $data['tgai_inoutStatus'] = 1;
                 $data['tgai_reachdevTime2'] = date("Y-m-d H:i:s", strtotime($_GET[devDateTime]));
                 if ($db->query_update("tb_geoalertinfo", $data, "tgai_id=" . $fetAlertImeiInfo[tgai_id])) {
                     $res = 1;
                 } else {
                     $res = 0;
                 }
             }
         } else {
             if ($_GET[inoutFlag] == $_GET[inoutPoint] && ($_GET[notime] == 0 || $fetAlertImeiInfo[tgai_alertCount] < $_GET[notime])) {
                 $smsStatus = sendSMSAlert($aid);
                 if ($smsStatus) {
                     $data['tgai_assignDevId'] = $devImei;
                     $data['tgai_geoAssignId'] = $aid;
                     $data['tgai_inoutStatus'] = 0;
                     $data['tgai_alertCount'] = $fetAlertImeiInfo[tgai_alertCount] + 1;
                     $data['tgai_alertType'] = $_GET[inoutPoint];
                     $data['tgai_reachdevTime1'] = date("Y-m-d H:i:s", strtotime($_GET[devDateTime]));
Exemplo n.º 30
0
     $new_groupes = $data[0];
     if (!empty($data[0])) {
         $groupes = explode(';', $data[0]);
         if (in_array($val[1], $groupes)) {
             $new_groupes = str_replace($val[1], "", $new_groupes);
         } else {
             $new_groupes .= ";" . $val[1];
         }
     } else {
         $new_groupes = $val[1];
     }
     while (substr_count($new_groupes, ";;") > 0) {
         $new_groupes = str_replace(";;", ";", $new_groupes);
     }
     //Store id DB
     $db->query_update("users", array($_POST['type'] => $new_groupes), "id = " . $val[0]);
     break;
 case "fonction":
     $val = explode(';', $_POST['valeur']);
     $valeur = $_POST['valeur'];
     //vérifier si l'id est déjà présent
     $data = $db->fetch_row("SELECT fonction_id FROM " . $pre . "users WHERE id = {$val['0']}");
     $new_fonctions = $data[0];
     if (!empty($data[0])) {
         $fonctions = explode(';', $data[0]);
         if (in_array($val[1], $fonctions)) {
             $new_fonctions = str_replace($val[1], "", $new_fonctions);
         } else {
             if (!empty($new_fonctions)) {
                 $new_fonctions .= ";" . $val[1];
             } else {