static function set($_name, $_value) { if (isset(self::$grrSettings[$_name])) { $sql = "UPDATE " . TABLE_PREFIX . "_setting set VALUE = '" . protect_data_sql($_value) . "' where NAME = '" . protect_data_sql($_name) . "'"; $res = grr_sql_query($sql); if (!$res) { return false; } } else { $sql = "INSERT INTO " . TABLE_PREFIX . "_setting set NAME = '" . protect_data_sql($_name) . "', VALUE = '" . protect_data_sql($_value) . "'"; $res = grr_sql_query($sql); if (!$res) { return false; } } self::$grrSettings[$_name] = $_value; return true; }
$today[$row[0]][$start_t]["data"] = affichage_lien_resa_planning($row[3],$row[4]); // Info-bulle if (getSettingValue("display_info_bulle") == 1) $today[$row[0]][$start_t]["who"] = get_vocab("reservation au nom de").affiche_nom_prenom_email($row[6],$row[11]); else if (getSettingValue("display_info_bulle") == 2) $today[$row[0]][$start_t]["who"] = $row[8]; else $today[$row[0]][$start_t]["who"] = ""; } } grr_sql_free($res); # We need to know what all the rooms area called, so we can show them all # pull the data from the db and store it. Convienently we can print the room # headings and capacities at the same time $sql = "select room_name, capacity, id, description, statut_room, show_fic_room, delais_option_reservation, moderate from ".TABLE_PREFIX."_room where area_id='".protect_data_sql($area)."' order by order_display, room_name"; $res = grr_sql_query($sql); # It might be that there are no rooms defined for this area. # If there are none then show an error and dont bother doing anything # else if (! $res) fatal_error(0, grr_sql_error()); if (grr_sql_count($res) == 0) { echo "<h1>".get_vocab('no_rooms_for_area')."</h1>"; grr_sql_free($res); } else { #This is where we start displaying stuff echo "<table cellspacing=\"0\" border=\"1\" width=\"100%\">";
} else { $today[$row['0']][$start_t]["data"] = affichage_lien_resa_planning($row['3'], $row['4']); if ($settings->get("display_info_bulle") == 1) { $today[$row['0']][$start_t]["who"] = get_vocab("reservation au nom de") . affiche_nom_prenom_email($row['6'], $row['11']); } else { if ($settings->get("display_info_bulle") == 2) { $today[$row['0']][$start_t]["who"] = $row['8']; } else { $today[$row['0']][$start_t]["who"] = ""; } } } } } grr_sql_free($res); $sql = "SELECT room_name, capacity, id, description, statut_room, show_fic_room, delais_option_reservation, moderate FROM " . TABLE_PREFIX . "_room WHERE area_id='" . protect_data_sql($area) . "' ORDER BY order_display, room_name"; $res = grr_sql_query($sql); if (!$res) { fatal_error(0, grr_sql_error()); } if (grr_sql_count($res) == 0) { echo '<h1>' . get_vocab("no_rooms_for_area") . '</h1>'; grr_sql_free($res); } else { echo '<div class="row">' . PHP_EOL; include "menu_gauche.php"; if ($_GET['pview'] != 1) { echo '<div class="col-lg-9 col-md-12 col-xs-12">' . PHP_EOL; echo '<div id="planning">' . PHP_EOL; } else { echo '<div id="print_planning">' . PHP_EOL;
settype($number_periodes, "integer"); if ($number_periodes < 1) { $number_periodes = 1; } $del_periode = grr_sql_query("delete from " . TABLE_PREFIX . "_area_periodes where id_area='" . $id_area . "'"); #on efface le modele par defaut avec area=0 $del_periode = grr_sql_query("delete from " . TABLE_PREFIX . "_area_periodes where id_area='0'"); $i = 0; $num = 0; while ($i < $number_periodes) { $temp = "periode_" . $i; if (isset($_POST[$temp])) { $nom_periode = corriger_caracteres($_POST[$temp]); $reg_periode = grr_sql_query("insert into " . TABLE_PREFIX . "_area_periodes set\n\t\t\t\t\t\t\t\tid_area='" . $id_area . "',\n\t\t\t\t\t\t\t\tnum_periode='" . $num . "',\n\t\t\t\t\t\t\t\tnom_periode='" . protect_data_sql($nom_periode) . "'\n\t\t\t\t\t\t\t\t"); #on cree un modele par defaut avec area=0 $reg_periode = grr_sql_query("insert into " . TABLE_PREFIX . "_area_periodes set\n\t\t\t\t\t\t\t\tid_area='0',\n\t\t\t\t\t\t\t\tnum_periode='" . $num . "',\n\t\t\t\t\t\t\t\tnom_periode='" . protect_data_sql($nom_periode) . "'"); $num++; } $i++; } } } $msg = get_vocab("message_records"); } } if ($access == 'a') { $sql = "DELETE FROM " . TABLE_PREFIX . "_j_user_area WHERE id_area='{$id_area}'"; if (grr_sql_command($sql) < 0) { fatal_error(0, get_vocab('update_area_failed') . grr_sql_error()); } }
grr_sql_mutex_unlock('' . TABLE_PREFIX . '_entry'); if ($error_booking_in_past == 'yes') { $str_date = utf8_strftime('%d %B %Y, %H:%M', $date_now); print_header(); echo '<h2>' . get_vocab('booking_in_past') . '</h2>'; if ($rep_type != 0 && !empty($reps)) { echo '<p>' . get_vocab('booking_in_past_explain_with_periodicity') . $str_date . '</p>'; } else { echo '<p>' . get_vocab('booking_in_past_explain') . $str_date . '</p>'; } echo '<a href="' . $back . '&Err=yes">' . get_vocab('returnprev') . '</a>'; include 'include/trailer.inc.php'; die; } if ($error_duree_max_resa_area == 'yes') { $area_id = grr_sql_query1('SELECT area_id FROM ' . TABLE_PREFIX . "_room WHERE id='" . protect_data_sql($room_id) . "'"); $duree_max_resa_area = grr_sql_query1('SELECT duree_max_resa_area FROM ' . TABLE_PREFIX . "_area WHERE id='" . $area_id . "'"); print_header(); $temps_format = $duree_max_resa_area * 60; toTimeString($temps_format, $dur_units, true); echo '<h2>' . get_vocab('error_duree_max_resa_area') . $temps_format . ' ' . $dur_units . '</h2>'; echo '<a href="' . $back . '&Err=yes">' . get_vocab('returnprev') . '</a>'; include 'include/trailer.inc.php'; die; } if ($error_delais_max_resa_room == 'yes') { print_header(); echo '<h2>' . get_vocab('error_delais_max_resa_room') . '</h2>'; echo '<a href="' . $back . '&Err=yes">' . get_vocab('returnprev') . '</a>'; include 'include/trailer.inc.php'; die;
$back = htmlspecialchars($_SERVER['HTTP_REFERER']); } if (Settings::get("sso_ac_corr_profil_statut") != 'y') { showAccessDenied($back); exit; } check_access(5, $back); $themessage = str_replace("'", "\\'", get_vocab("confirmdel")); $themessage2 = str_replace("'", "\\'", get_vocab("confirm_del")); // // Ajout d'une correspondance fonction/statut // $msg = ""; if (isset($_GET['action_add']) && $_GET['action_add'] == 'yes') { if ($_POST['codefonc'] != "" && $_POST['libfonc'] != "" && $_POST['statutgrr'] != "") { $sql = "INSERT INTO " . TABLE_PREFIX . "_correspondance_statut (code_fonction, libelle_fonction, statut_grr) VALUES ('" . strtoupper(protect_data_sql($_POST['codefonc'])) . "', '" . ucfirst(protect_data_sql($_POST['libfonc'])) . "','" . $_POST['statutgrr'] . "')"; if (grr_sql_command($sql) < 0) { fatal_error(0, "<p>" . grr_sql_error()); } else { $msg = get_vocab("message_records"); } } else { $msg = get_vocab("champs_non_remplis"); } } // // Modification d'une correspondance fonction/statut // if (isset($_GET['action_mod']) && ($_GET['action_mod'] = 'yes')) { if (isset($_POST['idselect'])) { $select = "statut" . $_POST['idselect'];
} // Description complète if (authGetUserLevel($getUserName(), -1) >= Settings::get("acces_fiche_reservation") && $row["comment_room"] != '') { echo "<h3>" . get_vocab("match_descr") . "</h3>\n"; echo "<div>" . $row["comment_room"] . "</div>\n"; } // Afficher capacité if ($row["capacity"] != '0') { echo "<h3>" . get_vocab("capacity_2") . "</h3>\n"; echo "<p>" . $row["capacity"] . "</p>\n"; } if ($row["max_booking"] != "-1") { echo "<p>" . get_vocab("msg_max_booking") . get_vocab("deux_points") . $row["max_booking"] . "</p>"; } // Limitation par domaine $max_booking_per_area = grr_sql_query1("SELECT max_booking FROM " . TABLE_PREFIX . "_area WHERE id = '" . protect_data_sql($id_area) . "'"); if ($max_booking_per_area >= 0) { echo "<p>" . get_vocab("msg_max_booking_area") . get_vocab("deux_points") . $max_booking_per_area . "</p>"; } if ($row["delais_max_resa_room"] != "-1") { echo "<p>" . get_vocab("delais_max_resa_room_2") . " <b>" . $row["delais_max_resa_room"] . "</b></p>"; } if ($row["delais_min_resa_room"] != "0") { echo "<p>" . get_vocab("delais_min_resa_room_2") . " <b>" . $row["delais_min_resa_room"] . "</b></p>"; } $nom_picture = ''; if ($row['picture_room'] != '') { $nom_picture = "./images/" . $row['picture_room']; } echo "<div style=\"text-align:center; margin-top:30px\"><b>"; if (@file_exists($nom_picture) && $nom_picture) {
function handleSlo($ret) { //error_log("handleSlo"); $r = $this->relayState; if ($this->currentHttpMethod == LASSO_HTTP_METHOD_GET && $this->currentHttpMethod == LASSO_HTTP_METHOD_POST) { $this->headerHtml("SLO endpoint", $r); if ($ret) { echo "Demande de slo échoué: " . strError($ret) . "({$ret})"; } else { echo "Demande de slo réussie"; } echo "Go to <a href='{$r}'>{$r}</a>"; $this->footerHtml(); lassospkit_clean(); grr_closeSession($_GET['auto']); } else { # Specialized $id = lassospkit_userid(); if (isset($id)) { //error_log("Trying to destroy session $id"); chdir(".."); global $dbsys; require_once "./include/config.inc.php"; include "./include/connect.inc.php"; require_once "./include/{$dbsys}.inc.php"; require_once "./include/functions.inc.php"; require_once "./include/session.inc.php"; // See admin_view_connexions.php:67 $sql = "SELECT session_id FROM " . TABLE_PREFIX . "_log\n WHERE login = '******'\n AND end > NOW()"; $res = grr_sql_query($sql); if ($res) { for ($i = 0; $row = grr_sql_row($res, $i); $i++) { $php_session_id = $row[0]; //error_log("Erasing GRR session $php_session_id"); session_id($php_session_id); // delete spkitlasso session if necessary @session_start(); lassospkit_set_nameid(@$_SESSION['lasso_nameid']); lassospkit_clean(); // delete GRR session $auto = 0; grr_closeSession($auto); // Done by grr_closeSession: //session_start(); //session_destroy(); } } } } if ($ret) { error_log("Demande de slo échoué: {$ret}"); } else { //error_log("Demande de slo réussie: $ret"); } return $ret; }
prenom='".protect_data_sql($reg_prenom)."', statut='".protect_data_sql($reg_statut)."', email='".protect_data_sql($reg_email)."',"; if ($reg_type_authentification=="locale") { $sql .= "source='local',"; if ($reg_password_c!='') $sql .= "password='******',"; } else $sql .= "source='ext',password='',"; $sql .= "etat='".protect_data_sql($reg_etat)."' WHERE login='******'"; if (grr_sql_command($sql) < 0) {fatal_error(0, get_vocab("message_records_error") . grr_sql_error()); } else { $msg = get_vocab("message_records"); } // Cas où on a déclaré un utilisateur inactif, on le supprime dans les tables ".TABLE_PREFIX."_j_user_area, ".TABLE_PREFIX."_j_mailuser_room if ($reg_etat != 'actif') { $sql = "DELETE FROM ".TABLE_PREFIX."_j_user_area WHERE login='******'"; if (grr_sql_command($sql) < 0) fatal_error(0, get_vocab('message_records_error') . grr_sql_error()); $sql = "DELETE FROM ".TABLE_PREFIX."_j_mailuser_room WHERE login='******'"; if (grr_sql_command($sql) < 0) fatal_error(0, get_vocab('message_records_error') . grr_sql_error()); $sql = "DELETE FROM ".TABLE_PREFIX."_j_useradmin_area WHERE login='******'"; if (grr_sql_command($sql) < 0) fatal_error(0, get_vocab('message_records_error') . grr_sql_error());
echo " value=\"" . $jour_cycle . "\""; } echo "/><br /><br /><div style=\"text-align:center;\"><input type=\"submit\" value=\"Enregistrer\" /></div>\n"; echo "</div></form>\n"; echo "</fieldset>\n"; } // Enregistrement du nouveau jour cycle if (isset($_GET['selection'])) { if ($_GET['selection'] == 0) { grr_sql_query("delete from " . TABLE_PREFIX . "_calendrier_jours_cycle WHERE DAY = " . $_GET['newdate'] . ""); } elseif ($_GET['selection'] == 1) { grr_sql_query("delete from " . TABLE_PREFIX . "_calendrier_jours_cycle WHERE DAY = " . $_GET['newdate'] . ""); grr_sql_query("insert into " . TABLE_PREFIX . "_calendrier_jours_cycle set Jours =" . $_GET['newDay'] . ", DAY = " . $_GET['newdate'] . ""); } elseif ($_GET['selection'] == 2) { grr_sql_query("delete from " . TABLE_PREFIX . "_calendrier_jours_cycle WHERE DAY = " . $_GET['newdate'] . ""); grr_sql_query("insert into " . TABLE_PREFIX . "_calendrier_jours_cycle set Jours ='" . protect_data_sql($_GET['titre']) . "', DAY = " . $_GET['newdate'] . ""); } } $basetime = mktime(12, 0, 0, 6, 11 + $weekstarts, 2000); echo "<table cellspacing=\"20\" border=\"0\">\n"; $n = Settings::get("begin_bookings"); $end_bookings = Settings::get("end_bookings"); $debligne = 1; $month = strftime("%m", Settings::get("begin_bookings")); $year = strftime("%Y", Settings::get("begin_bookings")); $inc = 0; while ($n <= $end_bookings) { if ($debligne == 1) { echo "<tr>\n"; $inc = 0; $debligne = 0;
// Mais dans les 2 cas, il faut valider les données if (($valid == 'yes') or ($valid=='reset')) { $default_site = isset($_POST['id_site']) ? $_POST['id_site'] : NULL; $default_area = isset($_POST['id_area']) ? $_POST['id_area'] : NULL; $default_room = isset($_POST['id_room']) ? $_POST['id_room'] : NULL; $default_style = isset($_POST['default_css']) ? $_POST['default_css'] : NULL; $default_list_type = isset($_POST['area_list_format']) ? $_POST['area_list_format'] : NULL; $default_language = isset($_POST['default_language']) ? $_POST['default_language'] : NULL; $sql = "UPDATE ".TABLE_PREFIX."_utilisateurs SET default_site = '".protect_data_sql($default_site)."', default_area = '".protect_data_sql($default_area)."', default_room = '".protect_data_sql($default_room)."', default_style = '". protect_data_sql($default_style)."', default_list_type = '".protect_data_sql($default_list_type)."', default_language = '".protect_data_sql($default_language)."' WHERE login='******'"; if (grr_sql_command($sql) < 0) fatal_error(0, get_vocab('message_records_error').grr_sql_error()); else { if (($default_site !='') and ($default_site !='0')) $_SESSION['default_site'] = $default_site; else $_SESSION['default_site'] = getSettingValue('default_site'); if (($default_area !='') and ($default_area !='0')) $_SESSION['default_area'] = $default_area; else $_SESSION['default_area'] = getSettingValue('default_area');
/** mrbsCreateRepeatEntry() * * Creates a repeat entry in the data base * * $starttime - Start time of entry * $endtime - End time of entry * $rep_type - The repeat type * $rep_enddate - When the repeating ends * $rep_opt - Any options associated with the entry * $room_id - Room ID * $beneficiaire - beneficiaire * $beneficiaire_ext - beneficiaire extérieur * $creator - celui aui a créé ou modifié la réservation. * $name - Name * $type - Type (Internal/External) * $description - Description *$rep_jour_c - Le jour cycle d'une réservation, si aucun 0 * * Returns: * 0 - An error occured while inserting the entry * non-zero - The entry's ID */ function mrbsCreateRepeatEntry($starttime, $endtime, $rep_type, $rep_enddate, $rep_opt, $room_id, $creator, $beneficiaire, $beneficiaire_ext, $name, $type, $description, $rep_num_weeks,$overload_data, $rep_jour_c) { $overload_data_string = ""; $area_id = mrbsGetAreaIdFromRoomId($room_id); $overload_fields_list = mrbsOverloadGetFieldslist($area_id); foreach ($overload_fields_list as $field=>$fieldtype) { $id_field = $overload_fields_list[$field]["id"]; if (array_key_exists($id_field,$overload_data)) { // $begin_string = "<".$id_field.">"; //tructruc // $end_string = "</".$id_field.">"; //tructruc $begin_string = "@".$id_field."@"; $end_string = "@/".$id_field."@"; // $overload_data_string .= $begin_string.base64_encode($overload_data[$id_field]).$end_string; // tructruc $overload_data_string .= $begin_string.urlencode($overload_data[$id_field]).$end_string; // tructruc } } $sql = "INSERT INTO ".TABLE_PREFIX."_repeat ( start_time, end_time, rep_type, end_date, rep_opt, room_id, create_by, beneficiaire, beneficiaire_ext, type, name, description, rep_num_weeks, overload_desc, jours) VALUES ($starttime, $endtime, $rep_type, $rep_enddate, '$rep_opt', $room_id, '".protect_data_sql($creator)."','".protect_data_sql($beneficiaire)."','".protect_data_sql($beneficiaire_ext)."', '".protect_data_sql($type)."', '".protect_data_sql($name)."', '".protect_data_sql($description)."', '$rep_num_weeks','".protect_data_sql($overload_data_string)."',".$rep_jour_c.")"; if (grr_sql_command($sql) < 0) { return 0; } return grr_sql_insert_id("".TABLE_PREFIX."_repeat", "id"); }
function effectuer_correspondance_profil_statut($codefonction, $libellefonction) { # On récupère le statut par défaut des utilisateurs CAS $sso = getSettingValue("sso_statut"); if ($sso == "cas_visiteur") $_statut = "visiteur"; else if ($sso == "cas_utilisateur") $_statut = "utilisateur"; # Le code fonction est défini if ($codefonction != "") { $sql = grr_sql_query1("select statut_grr from ".TABLE_PREFIX."_correspondance_statut where code_fonction='".$codefonction."'"); if ($sql != -1) { // Si la fonction existe dans la table de correspondance, on retourne le statut_grr associé return $sql; } else { // Le code n'existe pas dans la base, alors on l'insère en lui attribuant le statut par défaut. $libellefonction = protect_data_sql($libellefonction); $sql = grr_sql_command("insert into grr_correspondance_statut(code_fonction,libelle_fonction,statut_grr) values('$codefonction', '$libellefonction', '$_statut')"); return $_statut; } # Le code fonction n'est pas défini, alors on retourne le statut par défaut. } else { return $_statut; } }
$end_month = strftime('%m', $row[4]); $end_year = strftime('%Y', $row[4]); $end_hour = strftime('%H', $row[4]); $end_min = strftime('%M', $row[4]); $duration = $row[4] - $row[3]; $etype = $row[5]; $room_id = $row[6]; $entry_type = $row[7]; $rep_id = $row[8]; $option_reservation = $row[9]; $jours_c = $row[10]; $clef = $row[14]; $courrier = $row[15]; $modif_option_reservation = 'n'; if ($entry_type >= 1) { $sql = "SELECT rep_type, start_time, end_date, rep_opt, rep_num_weeks, end_time, type, name, beneficiaire, description\n\t\tFROM " . TABLE_PREFIX . "_repeat WHERE id='" . protect_data_sql($rep_id) . "'"; $res = grr_sql_query($sql); if (!$res) { fatal_error(1, grr_sql_error()); } if (grr_sql_count($res) != 1) { fatal_error(1, get_vocab('repeat_id') . $rep_id . get_vocab('not_found')); } $row = grr_sql_row($res, 0); grr_sql_free($res); $rep_type = $row[0]; if ($rep_type == 2) { $rep_num_weeks = $row[4]; } if ($edit_type == "series") { $start_day = (int) strftime('%d', $row[1]);
$retry = 'yes'; } } } } if ($retry != 'yes') { $sql = "UPDATE " . TABLE_PREFIX . "_utilisateurs SET nom='" . protect_data_sql($reg_nom) . "',\n\t\t\t\tprenom='" . protect_data_sql($reg_prenom) . "',\n\t\t\t\tstatut='" . protect_data_sql($reg_statut) . "',\n\t\t\t\temail='" . protect_data_sql($reg_email) . "',"; if ($reg_type_authentification == "locale") { $sql .= "source='local',"; if ($reg_password_c != '') { $sql .= "password='******',"; } } else { $sql .= "source='ext',password='',"; } $sql .= "etat='" . protect_data_sql($reg_etat) . "'\n\t\t\t\tWHERE login='******'"; if (grr_sql_command($sql) < 0) { fatal_error(0, get_vocab("message_records_error") . grr_sql_error()); } else { $msg = get_vocab("message_records"); } // Cas où on a déclaré un utilisateur inactif, on le supprime dans les tables ".TABLE_PREFIX."_j_user_area, ".TABLE_PREFIX."_j_mailuser_room if ($reg_etat != 'actif') { $sql = "DELETE FROM " . TABLE_PREFIX . "_j_user_area WHERE login='******'"; if (grr_sql_command($sql) < 0) { fatal_error(0, get_vocab('message_records_error') . grr_sql_error()); } $sql = "DELETE FROM " . TABLE_PREFIX . "_j_mailuser_room WHERE login='******'"; if (grr_sql_command($sql) < 0) { fatal_error(0, get_vocab('message_records_error') . grr_sql_error()); }
foreach ( $userdomain as $key=>$value ) if ( $key == $row[0] ) $arearight = True; } // On fait l'action si l'id/area a été validé. if ( $arearight == True ) { $sql = "update ".TABLE_PREFIX."_overload set fieldname='".protect_data_sql($fieldname)."', fieldtype='".protect_data_sql($fieldtype)."', obligatoire='".$obligatoire."', confidentiel='".$confidentiel."', affichage='".$affichage."', overload_mail='".$overload_mail."', fieldlist='".protect_data_sql($fieldlist)."' where id=$id_overload;"; if (grr_sql_command($sql) < 0) fatal_error(0, "$sql \n\n" . grr_sql_error()); } } // X- On affiche la première ligne du tableau avec les libelles. $html = get_vocab("explication_champs_additionnels")."\n"; $html .= "<form method=\"post\" action=\"admin_overload.php\" >\n<table border=\"0\">"; $html .= "<tr><td>".get_vocab("match_area").get_vocab("deux_points")."</td>\n"; $html .= "<td>".get_vocab("fieldname").get_vocab("deux_points")."</td>\n"; $html .= "<td>".get_vocab("fieldtype").get_vocab("deux_points")."</td>\n"; $html .= "<td><span class='small'>".get_vocab("champ_obligatoire")."</span></td>\n"; $html .= "<td><span class='small'>".get_vocab("affiche_dans_les vues")."</span></td>\n"; $html .= "<td><span class='small'>".get_vocab("affiche_dans_les mails")."</span></td>\n"; $html .= "<td><span class='small'>".get_vocab("champ_confidentiel")."</span></td>\n";
$msg .= "\\n" . get_vocab('message_records'); } } } if (IsAllowedToModifyProfil() && $champ_manquant == 'y') { $msg .= "\\n" . get_vocab('required'); } } if ($valid == 'yes' || $valid == 'reset') { $default_site = isset($_POST['id_site']) ? $_POST['id_site'] : NULL; $default_area = isset($_POST['id_area']) ? $_POST['id_area'] : NULL; $default_room = isset($_POST['id_room']) ? $_POST['id_room'] : NULL; $default_style = isset($_POST['default_css']) ? $_POST['default_css'] : NULL; $default_list_type = isset($_POST['area_item_format']) ? $_POST['area_item_format'] : NULL; $default_language = isset($_POST['default_language']) ? $_POST['default_language'] : NULL; $sql = "UPDATE " . TABLE_PREFIX . "_utilisateurs\n\tSET default_site = '" . protect_data_sql($default_site) . "',\n\tdefault_area = '" . protect_data_sql($default_area) . "',\n\tdefault_room = '" . protect_data_sql($default_room) . "',\n\tdefault_style = '" . protect_data_sql($default_style) . "',\n\tdefault_list_type = '" . protect_data_sql($default_list_type) . "',\n\tdefault_language = '" . protect_data_sql($default_language) . "'\n\tWHERE login='******'"; if (grr_sql_command($sql) < 0) { fatal_error(0, get_vocab('message_records_error') . grr_sql_error()); } else { if ($default_site != '' && $default_site != '0') { $_SESSION['default_site'] = $default_site; } else { $_SESSION['default_site'] = Settings::get('default_site'); } if ($default_area != '' && $default_area != '0') { $_SESSION['default_area'] = $default_area; } else { $_SESSION['default_area'] = Settings::get('default_area'); } if ($default_room != '' && $default_room != '0') { $_SESSION['default_room'] = $default_room;
$i = 0; $num = 0; while ($i < $number_periodes) { $temp = "periode_".$i; if (isset($_POST[$temp])) { $nom_periode = corriger_caracteres($_POST[$temp]); $reg_periode = grr_sql_query("insert into ".TABLE_PREFIX."_area_periodes set id_area='".$id_area."', num_periode='".$num."', nom_periode='".protect_data_sql($nom_periode)."' "); #on crée un modèle par défaut avec area=0 $reg_periode = grr_sql_query("insert into ".TABLE_PREFIX."_area_periodes set id_area='0', num_periode='".$num."', nom_periode='".protect_data_sql($nom_periode)."'"); $num++; } $i++; } } } $msg = get_vocab("message_records"); } } if ($access=='a') { $sql = "DELETE FROM ".TABLE_PREFIX."_j_user_area WHERE id_area='$id_area'"; if (grr_sql_command($sql) < 0) fatal_error(0, get_vocab('update_area_failed') . grr_sql_error()); } if ((isset($change_done)) and (!isset($ok))) {
$groupe = "vide"; } $test = grr_sql_query1("SELECT count(login) FROM " . TABLE_PREFIX . "_utilisateurs WHERE login = '******'"); if ($test == 0) { // On insert le nouvel utilisteur $sql = "INSERT INTO " . TABLE_PREFIX . "_utilisateurs SET\n\t\t\tnom='" . protect_data_sql($user_nom) . "',\n\t\t\tprenom='" . protect_data_sql($user_prenom) . "',\n\t\t\tstatut='" . protect_data_sql($user_statut) . "',\n\t\t\temail='" . protect_data_sql($user_email) . "',\n\t\t\tsource='ext',\n\t\t\tetat='actif',\n\t\t\tlogin='******'"; if (grr_sql_command($sql) < 0) { $liste_pb_insertion .= $user_login . " (" . $user_prenom . " " . $user_nom . ")<br />"; } else { $liste_nouveaux .= $user_login . " (" . $user_prenom . " " . $user_nom . ")<br />"; } } else { $test2 = grr_sql_query1("SELECT source FROM " . TABLE_PREFIX . "_utilisateurs WHERE login = '******'"); if ($test2 == 'ext') { // On met à jour $sql = "UPDATE " . TABLE_PREFIX . "_utilisateurs SET\n\t\t\t\tnom='" . protect_data_sql($user_nom) . "',\n\t\t\t\tprenom='" . protect_data_sql($user_prenom) . "',\n\t\t\t\temail='" . protect_data_sql($user_email) . "'\n\t\t\t\twhere login='******'"; } if (grr_sql_command($sql) < 0) { $liste_pb_update .= $user_login . " (" . $user_prenom . " " . $user_nom . ")<br />"; } else { $liste_update .= $user_login . " (" . $user_prenom . " " . $user_nom . ")<br />"; } } //echo "login : "******" Nom : ".$user_nom." Prénom : ".$user_prenom." Email : ".$user_email." Etat : ".$etat." Groupes : ".$groupe; //echo "<br />"; } $mess = ""; if ($liste_pb_insertion != "") { $mess .= "<b><span class=\"avertissement\">" . get_vocab("liste_pb_insertion") . "</b><br />" . $liste_pb_insertion . "</span><br />"; } if ($liste_pb_update != "") {
/** * Save a name, value pair to the database * * Use this function ponctually. If you need to save several settings, * you'd better write your own code * * Returns the result of the operation * * @_name string The name of the setting to save * @_value string Its value * * @return bool The result of the operation */ function saveSetting($_name, $_value) { global $grrSettings; if (isset($grrSettings[$_name])) { $sql = "update ".TABLE_PREFIX."_setting set VALUE = '" . protect_data_sql($_value) . "' where NAME = '" . protect_data_sql($_name) . "'"; $res = grr_sql_query($sql); if ( ! $res) return (false); } else { $sql = "insert into ".TABLE_PREFIX."_setting set NAME = '" . protect_data_sql($_name) . "', VALUE = '" . protect_data_sql($_value) . "'"; $res = grr_sql_query($sql); if ( ! $res) return (false); } $grrSettings[$_name] = $_value; return (true); }
$reg_statut = isset($_POST["reg_statut"]) ? $_POST["reg_statut"] : NULL; $reg_type_auth = isset($_POST["reg_type_auth"]) ? $_POST["reg_type_auth"] : NULL; $nb_row++; for ($row = 1; $row < $nb_row; $row++) { if ($reg_type_auth[$row] != "ext") { $reg_mdp[$row] = md5(unslashes($reg_mdp[$row])); } // On nettoie les windozeries $reg_nom[$row] = protect_data_sql(corriger_caracteres($reg_nom[$row])); $reg_prenom[$row] = protect_data_sql(corriger_caracteres($reg_prenom[$row])); $reg_email[$row] = protect_data_sql(corriger_caracteres($reg_email[$row])); $test_login = grr_sql_count(grr_sql_query("SELECT login FROM " . TABLE_PREFIX . "_utilisateurs WHERE login='******'")); if ($test_login == 0) { $regdata = grr_sql_query("INSERT INTO " . TABLE_PREFIX . "_utilisateurs SET nom='" . $reg_nom[$row] . "',prenom='" . $reg_prenom[$row] . "',login='******',email='" . $reg_email[$row] . "',password='******',statut='" . $reg_type_user[$row] . "',etat='" . $reg_statut[$row] . "',source='" . $reg_type_auth[$row] . "'"); } else { $regdata = grr_sql_query("UPDATE " . TABLE_PREFIX . "_utilisateurs SET nom='" . $reg_nom[$row] . "',prenom='" . $reg_prenom[$row] . "',email='" . $reg_email[$row] . "',password='******',statut='" . $reg_type_user[$row] . "',etat='" . $reg_statut[$row] . "',source='" . $reg_type_auth[$row] . "' WHERE login='******'"); } if (!$regdata) { echo "<p><font color=\"red\">" . $reg_login[$row] . get_vocab("deux_points") . get_vocab("message_records_error") . "</font></p>"; } else { if ($reg_stat[$row] == "nouveau") { echo "<p>" . $reg_login[$row] . get_vocab("deux_points") . get_vocab("admin_import_users_csv12") . "</p>"; } else { echo "<p>" . $reg_login[$row] . get_vocab("deux_points") . get_vocab("message_records") . "</p>"; } } } } ?> </body> </html>
$sql = "SELECT id_area FROM " . TABLE_PREFIX . "_overload WHERE id={$id_overload};"; $resquery = grr_sql_query($sql); if (!$resquery) { fatal_error(0, grr_sql_error()); } if (grr_sql_count($resquery) > 0) { for ($i = 0; $row = grr_sql_row($resquery, $i); $i++) { foreach ($userdomain as $key => $value) { if ($key == $row[0]) { $arearight = true; } } } } if ($arearight == true) { $sql = "UPDATE " . TABLE_PREFIX . "_overload SET\n\t\t\t\tfieldname='" . protect_data_sql($fieldname) . "',\n\t\t\t\tfieldtype='" . protect_data_sql($fieldtype) . "',\n\t\t\t\tobligatoire='" . $obligatoire . "',\n\t\t\t\tconfidentiel='" . $confidentiel . "',\n\t\t\t\taffichage='" . $affichage . "',\n\t\t\t\toverload_mail='" . $overload_mail . "',\n\t\t\t\tfieldlist='" . protect_data_sql($fieldlist) . "'\n\t\t\t\tWHERE id={$id_overload};"; if (grr_sql_command($sql) < 0) { fatal_error(0, "{$sql} \n\n" . grr_sql_error()); } } } $html = get_vocab("explication_champs_additionnels") . PHP_EOL; $html .= '<form method="post" action="admin_overload.php" >' . PHP_EOL . '<table class="table table-bordered">' . PHP_EOL; $html .= '<tr><td>' . get_vocab("match_area") . get_vocab("deux_points") . '</td>' . PHP_EOL; $html .= '<td>' . get_vocab("fieldname") . get_vocab("deux_points") . '</td>' . PHP_EOL; $html .= '<td>' . get_vocab("fieldtype") . get_vocab("deux_points") . '</td>' . PHP_EOL; $html .= '<td>' . PHP_EOL . '<span class="small">' . get_vocab("champ_obligatoire") . '</span>' . PHP_EOL . '</td>' . PHP_EOL; $html .= '<td>' . PHP_EOL . '<span class="small">' . get_vocab("affiche_dans_les vues") . '</span>' . PHP_EOL . '</td>' . PHP_EOL; $html .= '<td>' . PHP_EOL . '<span class="small">' . get_vocab("affiche_dans_les mails") . '</span>' . PHP_EOL . '</td>' . PHP_EOL; $html .= '<td>' . PHP_EOL . '<span class="small">' . get_vocab("champ_confidentiel") . '</span>' . PHP_EOL . '</td>' . PHP_EOL; $html .= '<td>' . PHP_EOL . '</td>' . PHP_EOL . '</tr>' . PHP_EOL;
$end_year = strftime('%Y', $row[4]); $end_hour = strftime('%H', $row[4]); $end_min = strftime('%M', $row[4]); $duration = $row[4] - $row[3]; $etype = $row[5]; $room_id = $row[6]; $entry_type = $row[7]; $rep_id = $row[8]; $option_reservation = $row[9]; $jours_c = $row[10]; $clef = $row[14]; $courrier = $row[15]; $modif_option_reservation = 'n'; if ($entry_type >= 1) { $sql = 'SELECT rep_type, start_time, end_date, rep_opt, rep_num_weeks, end_time, type, name, beneficiaire, description FROM ' . TABLE_PREFIX . "_repeat WHERE id='" . protect_data_sql($rep_id) . "'"; $res = grr_sql_query($sql); if (!$res) { fatal_error(1, grr_sql_error()); } if (grr_sql_count($res) != 1) { fatal_error(1, get_vocab('repeat_id') . $rep_id . get_vocab('not_found')); } $row = grr_sql_row($res, 0); grr_sql_free($res); $rep_type = $row[0]; if ($rep_type == 2) { $rep_num_weeks = $row[4]; } if ($edit_type == 'series') { $start_day = (int) strftime('%d', $row[1]);
$sql = $sql . 'disponible="' . $disponible . '"'; $sql = $sql . " WHERE id={$id_type}"; if (grr_sql_command($sql) < 0) { fatal_error(0, get_vocab('update_type_failed') . grr_sql_error()); $ok = 'no'; } else { $msg = get_vocab("message_records"); } } } else { // Test sur $type_letter $test = grr_sql_query1("SELECT count(id) FROM " . TABLE_PREFIX . "_type_area WHERE type_letter='" . $type_letter . "'"); if ($test > 0) { $msg = "Enregistrement impossible : Un type portant la même lettre existe déjà."; } else { $sql = "INSERT INTO " . TABLE_PREFIX . "_type_area SET\n\t\t\ttype_name='" . protect_data_sql($type_name) . "',\n\t\t\torder_display ="; if (is_numeric($order_display)) { $sql = $sql . intval($order_display) . ","; } else { $sql = $sql . "0,"; } $sql = $sql . 'type_letter="' . $type_letter . '",'; $sql = $sql . 'couleur="' . $couleur . '"'; if (grr_sql_command($sql) < 0) { fatal_error(1, "<p>" . grr_sql_error()); $ok = 'no'; } else { $msg = get_vocab("message_records"); } } }
function effectuer_correspondance_profil_statut($codefonction, $libellefonction) { # On récupère le statut par défaut des utilisateurs CAS $sso = Settings::get("sso_statut"); if ($sso == "cas_visiteur") { $_statut = "visiteur"; } else { if ($sso == "cas_utilisateur") { $_statut = "utilisateur"; } } # Le code fonction est défini if ($codefonction != "") { $sql = grr_sql_query1("SELECT statut_grr from " . TABLE_PREFIX . "_correspondance_statut where code_fonction='" . $codefonction . "'"); if ($sql != -1) { // Si la fonction existe dans la table de correspondance, on retourne le statut_grr associé return $sql; } else { // Le code n'existe pas dans la base, alors on l'insère en lui attribuant le statut par défaut. $libellefonction = protect_data_sql($libellefonction); grr_sql_command("INSERT INTO grr_correspondance_statut(code_fonction,libelle_fonction,statut_grr) VALUES ('{$codefonction}', '{$libellefonction}', '{$_statut}')"); return $_statut; } //Le code fonction n'est pas défini, alors on retourne le statut par défaut. } else { return $_statut; } }
function grr_sql_syntax_caseless_contains($fieldname, $s, $type_recherche=1) { $s = protect_data_sql($s); // $s = str_replace("'", "''", $s); // $s = str_replace("\\", "\\\\", $s); $s = str_replace("%", "\\%", $s); $s = str_replace("_", "\\_", $s); if ($type_recherche == 1) return " $fieldname LIKE '%$s%' "; else return " $fieldname NOT LIKE '%$s%' "; }
// Restriction dans le cas d'une démo VerifyModeDemo(); unset($user_login); $user_login = isset($_POST["user_login"]) ? $_POST["user_login"] : ($user_login = isset($_GET["user_login"]) ? $_GET["user_login"] : NULL); $valid = isset($_POST["valid"]) ? $_POST["valid"] : NULL; $msg = ''; if ($valid == "yes") { unset($reg_password1); $reg_password1 = unslashes($_POST["reg_password1"]); unset($reg_password2); $reg_password2 = unslashes($_POST["reg_password2"]); $reg_password_c = md5($reg_password1); if ($reg_password1 != $reg_password2 || strlen($reg_password1) < $pass_leng) { $msg = get_vocab("passwd_error"); } else { $sql = "UPDATE " . TABLE_PREFIX . "_utilisateurs SET password='******' WHERE login='******'"; if (grr_sql_command($sql) < 0) { fatal_error(0, get_vocab('update_pwd_failed') . grr_sql_error()); } else { $msg = get_vocab('update_pwd_succeed'); } } } $user_nom = ''; $user_prenom = ''; $user_source = ''; // On appelle les informations de l'utilisateur if (isset($user_login) && $user_login != '') { $sql = "SELECT nom,prenom, source FROM " . TABLE_PREFIX . "_utilisateurs WHERE login='******'"; $res = grr_sql_query($sql); if ($res) {
/** * Resume a session * * Check that all the expected data is present * Check login / password against database * Update the timeout in the ".TABLE_PREFIX."_log table * * Returns true if session resumes, false otherwise * * * @return boolean */ function grr_resumeSession() { // Resuming session session_name(SESSION_NAME); @session_start(); if (Settings::get('sso_statut') == 'lcs' and !isset($_SESSION['est_authentifie_sso']) and $_SESSION['source_login'] == "ext") { return false; } // La session est-elle expirée if (isset($_SESSION['login'])) { $test_session = grr_sql_query1("SELECT count(LOGIN) from " . TABLE_PREFIX . "_log where END > now() and LOGIN = '******'login']) . "'"); if ($test_session == 0) { $_SESSION = array(); } } if (!isset($_SESSION) or !isset($_SESSION['login'])) { return false; } if (Settings::get("disable_login") == 'yes' and $_SESSION['statut'] != "administrateur") { return false; } // To be removed // Validating session data $sql = "SELECT password = '******'password'] . "' PASSWORD, login = '******'login']) . "' LOGIN, statut = '" . $_SESSION['statut'] . "' STATUT\n\tfrom " . TABLE_PREFIX . "_utilisateurs where login = '******'login']) . "'"; $res = grr_sql_query($sql); $row = grr_sql_row($res, 0); // Checking for a timeout $sql2 = "SELECT now() > END TIMEOUT from " . TABLE_PREFIX . "_log where SESSION_ID = '" . session_id() . "' and START = '" . $_SESSION['start'] . "'"; if ($row[0] != "1" || $row[1] != "1" || $row[2] != "1") { return false; } else { if (grr_sql_query1($sql2)) { // Le temps d'inactivité est supérieur à la limite fixée. // cas d'une authentification LCS if (Settings::get('sso_statut') == 'lcs') { // l'utilisateur est authentifié par LCS, on renouvelle la session if ($is_authentified_lcs == 'yes') { $sql = "UPDATE " . TABLE_PREFIX . "_log set END = now() + interval " . $_SESSION['maxLength'] . " minute where SESSION_ID = '" . session_id() . "' and START = '" . $_SESSION['start'] . "'"; $res = grr_sql_query($sql); if (!$res) { fatal_error(0, 'erreur mysql' . grr_sql_error()); } return true; } else { return false; } } else { return false; } } else { $sql = "UPDATE " . TABLE_PREFIX . "_log set END = now() + interval " . $_SESSION['maxLength'] . " minute where SESSION_ID = '" . session_id() . "' and START = '" . $_SESSION['start'] . "'"; $res = grr_sql_query($sql); if (!$res) { fatal_error(0, 'erreur mysql' . grr_sql_error()); } return true; } } }
} echo "<h1>" . get_vocab("Envoi d_un courriel") . "</h1>"; switch ($action) { //envoi du message case "envoi": $destinataire = ""; if ($type_cible == "identifiant:non") { if ($cible == "contact_administrateur") { $destinataire = Settings::get("webmaster_email"); } else { if ($cible == "contact_support") { $destinataire = Settings::get("technical_support_email"); } } } else { $destinataire = grr_sql_query1("SELECT email FROM " . TABLE_PREFIX . "_utilisateurs WHERE login = '******'"); if ($destinataire == -1) { $destinataire = ""; } } if ($destinataire == "") { echo "<h1 class=\"avertissement\">L'envoi de messages est impossible car l'adresse email du destinataire n'a pas été renseignée.</h1>"; include "include/trailer.inc.php"; exit; } //N.B. pour peaufiner, mettre un script de vérification de l'adresse email et du contenu du message ! $message = ""; if ($fin_session == 'n' && getUserName() != '') { $message .= "Nom et prénom du demandeur : " . affiche_nom_prenom_email(getUserName(), "", "nomail") . "\n"; $user_email = grr_sql_query1("select email from " . TABLE_PREFIX . "_utilisateurs where login='******'"); if ($user_email != "" && $user_email != -1) {
$str_date = utf8_strftime("%d %B %Y, %H:%M", $date_now); print_header(); echo "<h2>" . get_vocab("booking_in_past") . "</h2>"; if ($rep_type != 0 && !empty($reps)) { echo "<p>" . get_vocab("booking_in_past_explain_with_periodicity") . $str_date."</p>"; } else { echo "<p>" . get_vocab("booking_in_past_explain") . $str_date."</p>"; } echo "<a href=\"".$back."&Err=yes\">".get_vocab('returnprev')."</a>"; include "include/trailer.inc.php"; die(); } // Si il y a tentative de réserver pendant une durée dépassant la durée max if ($error_duree_max_resa_area == 'yes') { $area_id = grr_sql_query1("select area_id from ".TABLE_PREFIX."_room where id='".protect_data_sql($room_id)."'"); $duree_max_resa_area = grr_sql_query1("select duree_max_resa_area from ".TABLE_PREFIX."_area where id='".$area_id."'"); print_header(); $temps_format = $duree_max_resa_area*60; toTimeString($temps_format, $dur_units, true); echo "<h2>" . get_vocab("error_duree_max_resa_area").$temps_format ." " .$dur_units."</h2>"; echo "<a href=\"".$back."&Err=yes\">".get_vocab('returnprev')."</a>"; include "include/trailer.inc.php"; die(); } // Si il y a tentative de réserver au delà du temps limite if ($error_delais_max_resa_room == 'yes') { print_header(); echo "<h2>" . get_vocab("error_delais_max_resa_room") ."</h2>"; echo "<a href=\"".$back."&Err=yes\">".get_vocab('returnprev')."</a>";