function get_form_var($variable, $type = 'string')
{
// We use some functions from here
// require_once "functions.inc";
if ($type == 'array') {
$value = array();
} else {
$value = NULL;
}
if (!empty($_POST) && isset($_POST[$variable])) {
if ($type == 'array') {
$value = (array) $_POST[$variable];
} else {
$value = $_POST[$variable];
}
} else {
if (!empty($HTTP_POST_VARS) && isset($HTTP_POST_VARS[$variable])) {
if ($type == 'array') {
$value = (array) $HTTP_POST_VARS[$variable];
} else {
$value = $HTTP_POST_VARS[$variable];
}
}
}
if (!empty($_GET) && isset($_GET[$variable])) {
if ($type == 'array') {
$value = (array) $_GET[$variable];
} else {
$value = $_GET[$variable];
}
} else {
if (!empty($HTTP_GET_VARS) && isset($HTTP_GET_VARS[$variable])) {
if ($type == 'array') {
$value = (array) $HTTP_GET_VARS[$variable];
} else {
$value = $HTTP_GET_VARS[$variable];
}
}
}
if ($value != NULL) {
if ($type == 'int') {
$value = intval(unslashes($value));
} else {
if ($type == 'string') {
$value = unslashes($value);
} else {
if ($type == 'array') {
foreach ($value as $arrkey => $arrvalue) {
$value[$arrkey] = unslashes($arrvalue);
}
}
}
}
}
return $value;
}
function get_form_var($variable, $type = 'string')
{
// We use some functions from here
//require_once "functions.inc";
global $cli_params, $allow_cli;
// Set the default value, and make sure it's the right type
if (func_num_args() > 2) {
$value = func_get_arg(2);
$value = $type == 'array' ? (array) $value : $value;
} else {
$value = $type == 'array' ? array() : NULL;
}
// Get the command line arguments if any (and we're allowed to),
// otherwise get the POST variables
if ($allow_cli && (!empty($cli_params) && isset($cli_params[$variable]))) {
$value = $cli_params[$variable];
} else {
if (!empty($_POST) && isset($_POST[$variable])) {
$value = $_POST[$variable];
} else {
if (!empty($HTTP_POST_VARS) && isset($HTTP_POST_VARS[$variable])) {
$value = $HTTP_POST_VARS[$variable];
}
}
}
// Then get the GET variables
if (!empty($_GET) && isset($_GET[$variable])) {
$value = $_GET[$variable];
} else {
if (!empty($HTTP_GET_VARS) && isset($HTTP_GET_VARS[$variable])) {
$value = $HTTP_GET_VARS[$variable];
}
}
// Cast to an array if necessary
if ($type == 'array') {
$value = (array) $value;
}
// Clean up the variable
if ($value != NULL) {
if ($type == 'int') {
$value = intval(unslashes($value));
} else {
if ($type == 'string') {
$value = unslashes($value);
} else {
if ($type == 'array') {
foreach ($value as $arrkey => $arrvalue) {
$value[$arrkey] = unslashes($arrvalue);
}
}
}
}
}
return $value;
}
if($defaut_gab=="y"){
$value_gab="selected='selected'";
$gabarit=$lig_gab->repertoire;
}else{
$value_gab="";
}
$tbs_dossier_gabarit[]=array("texte"=>$texte_gab, "selection"=>$value_gab, "value"=>$repertoire_gab);
}
}
}else{
$gabarit="origine";
}
if ((isset($_GET['template'])) or (isset($_POST['template'])) or (isset($gabarit))) {
$gabarit = isset($_POST['template']) ? unslashes($_POST['template']) : (isset($_GET['template']) ? unslashes($_GET['template']) : $gabarit);
}
else{
$gabarit="origine";
}
//==================================
// Décommenter la ligne ci-dessous pour afficher les variables $_GET, $_POST, $_SESSION et $_SERVER pour DEBUG:
//debug_var();
// appel des bibliothèques tinyButStrong
$_SESSION['tbs_class'] = 'tbs/tbs_class.php';
// Traitement du nouveau nom de la salle
if (isset($new_name) and $new_name != "") {
$nettoyage1 = mb_substr($new_name, 0, 30);
$new_name_propre = traitement_magic_quotes($nettoyage1);
// cette fonction est dans le traitement_data.inc.php
$req_modif_nom = mysqli_query($GLOBALS["mysqli"], "UPDATE salle_cours SET nom_salle = '{$new_name_propre}' WHERE id_salle = '{$modif_salle}'") or trigger_error('Echec dans le changement de nom', E_USER_WARNING);
$req_numero = mysqli_query($GLOBALS["mysqli"], "SELECT numero_salle FROM salle_cours WHERE id_salle = '{$modif_salle}'") or trigger_error('Echec dans le changement du nom', E_USER_WARNING);
$rep_numero = mysqli_fetch_array($req_numero);
$num_salle = $rep_numero["numero_salle"];
echo ' </td>
</tr>
<tr>
<td></td>
<td>
<span class="accept">';
printf(CHANGE_CLASSROOM_NAME, $num_salle, unslashes($new_name_propre));
echo '</span>
</form>';
}
?>
</td>
</tr>
</table>
<br />
</fieldset>
<br />
<form action="ajouter_salle.php" name="effacer_salle" method="post">
<fieldset id="enlever">
echo "<hr />\n";
}
// Affichage d'un lien pour format imprimable
if ((!isset($_GET['pview']) || $_GET['pview'] != 1) && ($summarize != 4 && $summarize != 5)) {
echo '<p style="text-align:center;">
<a href="' . traite_grr_url("", "y") . "report.php" . '?' . htmlspecialchars($_SERVER['QUERY_STRING']) . '&pview=1" ';
if (Settings::get("pview_new_windows") == 1) {
echo ' target="_blank"';
}
echo '><span class="glyphicon glyphicon-print"></span></a>
</p>';
}
//S'assurer que ces paramètres ne sont pas cités.
$k = 0;
while ($k < count($texte)) {
$texte[$k] = unslashes($texte[$k]);
$k++;
}
//Les heures de début et de fin sont aussi utilisés pour mettre l'heure dans le rapport.
$report_start = mktime(0, 0, 0, $From_month, $From_day, $From_year);
$report_end = mktime(0, 0, 0, $To_month, $To_day + 1, $To_year);
// La requête SQL va contenir les colonnes suivantes:
// Col Index Description:
// 1 [0] Entry ID, Non affiché -> e.id
// 2 [1] Date de début (Unix) -> e.start_time
// 3 [2] Date de fin (Unix) -> e.end_time
// 4 [3] Descrition brêve,(HTML) -> e.name
// 5 [4] Descrition,(HTML) -> e.description
// 6 [5] Type -> e.type
// 7 [6] réservé par (nom ou IP), (HTML) -> e.beneficiaire
// 8 [7] Timestamp (création), (Unix) -> e.timestamp
}
print_header($day, $month, $year, isset($area) ? $area : "");
// If area is set but area name is not known, get the name.
if (isset($area)) {
if (empty($area_name)) {
$res = sql_query("select area_name from mrbs_area where id={$area}");
if (!$res) {
fatal_error(0, sql_error());
}
if (sql_count($res) == 1) {
$row = sql_row($res, 0);
$area_name = $row[0];
}
sql_free($res);
} else {
$area_name = unslashes($area_name);
}
}
?>
<h2><?php
echo $vocab['administration'];
?>
</h2>
<table border=1>
<tr>
<th><center><b><?php
echo $vocab['areas'];
?>
</b></center></th>
$back = '';
if (isset($_SERVER['HTTP_REFERER'])) {
$back = htmlspecialchars($_SERVER['HTTP_REFERER']);
}
check_access(6, $back);
// Restriction dans le cas d'une démo
VerifyModeDemo();
unset($user_login);
$user_login = isset($_POST["user_login"]) ? $_POST["user_login"] : ($user_login = isset($_GET["user_login"]) ? $_GET["user_login"] : NULL);
$valid = isset($_POST["valid"]) ? $_POST["valid"] : NULL;
$msg = '';
if ($valid == "yes") {
unset($reg_password1);
$reg_password1 = unslashes($_POST["reg_password1"]);
unset($reg_password2);
$reg_password2 = unslashes($_POST["reg_password2"]);
$reg_password_c = md5($reg_password1);
if ($reg_password1 != $reg_password2 || strlen($reg_password1) < $pass_leng) {
$msg = get_vocab("passwd_error");
} else {
$sql = "UPDATE " . TABLE_PREFIX . "_utilisateurs SET password='******' WHERE login='******'";
if (grr_sql_command($sql) < 0) {
fatal_error(0, get_vocab('update_pwd_failed') . grr_sql_error());
} else {
$msg = get_vocab('update_pwd_succeed');
}
}
}
$user_nom = '';
$user_prenom = '';
$user_source = '';
$i++;
} while ($i < $_POST['indice_max_log_eleve']);
}
if (isset($_POST['appreciations'])) {
check_token();
$temp = $_POST['appreciations'] . " 1";
// Sous Linux, on n'envoie que des \n
if (preg_match("/\\\\r/", $temp)) {
// Cas Window$ et Mac
$temp = my_ereg_replace("\\\\r", "`", $temp);
$temp = my_ereg_replace("\\\\n", "", $temp);
} elseif (preg_match("/\\\\n/", $temp)) {
// Cas Linux
$temp = my_ereg_replace("\\\\n", "`", $temp);
}
$temp = unslashes($temp);
$longueur = mb_strlen($temp);
$i = 0;
$fin_app = 'yes';
$indice = $_POST['debut_import'] - 2;
$tempo = "";
while ($i < $longueur and $indice < $_POST['fin_import']) {
$car = mb_substr($temp, $i, 1);
if (!my_ereg("^[`]{1}\$", $car)) {
if ($fin_app == 'yes' or $i == $longueur - 1) {
$fin_app = 'no';
$appreciations_import[$indice] = $tempo;
$indice++;
$tempo = '';
}
$tempo = $tempo . $car;
}
# This file is for adding new areas/rooms
# we need to do different things depending on if its a room
# or an area
if ($type == "area") {
$area_name_q = unslashes($name);
$id = $mdb->nextId("{$tbl_area}_id");
if (MDB::isError($id)) {
fatal_error(1, "<p>" . $id->getMessage() . "<br>" . $id->getUserInfo());
}
$sql = "INSERT INTO {$tbl_area} (id, area_name) \n VALUES ({$id}, " . $mdb->getTextValue($area_name_q) . ")";
$res = $mdb->query($sql);
if (MDB::isError($res)) {
fatal_error(1, "<p>" . $res->getMessage() . "<br>" . $res->getUserInfo());
}
$area = $mdb->currId("{$tbl_area}_id");
}
if ($type == "room") {
$room_name_q = unslashes($name);
$description_q = unslashes($description);
if (empty($capacity)) {
$capacity = 0;
}
$id = $mdb->nextId("{$tbl_room}_id");
$sql = "INSERT INTO {$tbl_room} (id, room_name, area_id, description, capacity)\n VALUES ({$id}, " . $mdb->getTextValue($room_name_q) . ", {$area}, " . $mdb->getTextValue($description_q) . ", {$capacity})";
$res = $mdb->query($sql);
if (MDB::isError($res)) {
fatal_error(1, "<p>" . $res->getMessage() . "<br>" . $res->getUserInfo());
}
}
header("Location: admin.php?area={$area}");
$message .= "\n\n";
$message .= "Bizarrerie: L'identité POSTée est: {$nama}\n Et l'identité de connexion est: " . $_SESSION['prenom'] . " " . $_SESSION['nom'];
}
unslashes($message);
$gepiPrefixeSujetMail = getSettingValue("gepiPrefixeSujetMail") ? getSettingValue("gepiPrefixeSujetMail") : "";
if ($gepiPrefixeSujetMail != '') {
$gepiPrefixeSujetMail .= " ";
}
$gepiAdminAdress = getSettingValue("gepiAdminAdress");
if ($gepiAdminAdress == "") {
echo "<p><span style='color:red;>ERREUR</span>: L'adresse mail de l'administrateur n'est pas renseignée.</p>\n";
require "../lib/footer.inc.php";
die;
}
$objet_msg = trim($objet_msg);
unslashes($objet_msg);
//echo "\$objet_msg=$objet_msg<br />";
//stripslashes($objet_msg);
//if($objet_msg=='') {$objet_msg="Demande d'aide dans GEPI";}
$subject = $gepiPrefixeSujetMail . $objet_msg;
$subject = "=?UTF-8?B?" . base64_encode($subject) . "?=\r\n";
$from = $email_reponse != "" ? "{$nama} <{$email_reponse}>" : $gepiAdminAdress;
$headers = "X-Mailer: PHP/" . phpversion() . "\r\n";
$headers .= "MIME-Version: 1.0\r\n";
$headers .= "Content-type: text/plain; charset=UTF-8\r\n";
$headers .= "From: {$from}\r\n";
if ($email_reponse != "") {
$headers .= "Reply-To: {$from}\r\n";
if (getSettingValue("gepiAdminAdressFormHidden") != "y") {
$headers .= "Cc: {$nama} <{$email_reponse}>\r\n";
}
$ht = new htaccess(TRUE);
$user = array();
// Get the logins from the password file
$user = $ht->get_htpasswd();
// Add an Administrator
if (empty($_POST['pwd1_backup']) || empty($_POST['pwd2_backup'])) {
$msg = "Problème : les deux mots de passe ne sont pas identiques ou sont vides.";
$error = 1;
} elseif ($_POST['pwd1_backup'] != $_POST['pwd2_backup']) {
$msg = "Problème : les deux mots de passe ne sont pas identiques.";
$error = 1;
} elseif (empty($_POST['login_backup'])) {
$msg = "Problème : l'identifiant est vide.";
$error = 1;
} else {
$_login = my_strtolower(unslashes($_POST['login_backup']));
if (is_array($user)) {
foreach ($user as $key => $value) {
if ($_login == $key) {
$ht->delete_user($_login);
}
}
}
}
if (!isset($error)) {
$ht->set_user($_login, $_POST['pwd1_backup']);
$ht->set_htpasswd();
$user = array();
$user = $ht->get_htpasswd();
clearstatcache();
if (!is_file('../backup/' . $dirname . '/.htaccess')) {
$etiquettex = array();
$k="1";
while ($k < $nb_data) {
$datay[$k] = array();
$temp[$k] = array();
$temp[$k]=explode("|", $_GET['temp'.$k]);
$k++;
}
$legendy = array();
$temp3=explode("|", $_GET['etiquette']);
$titre = unslashes($_GET['titre']);
$k = 1;
while ($k < $nb_data) {
if (isset($_GET['v_legend'.$k])) {
$legendy[$k] = unslashes(urldecode($_GET['v_legend'.$k]));
} else {
$legendy[$k]='' ;
}
$k++;
}
$i=0;
while ($i < count($temp[1])) {
$k="1";
while ($k < $nb_data) {
$datay[$k][$i] = $temp[$k][$i];
$k++;
}
/*
// On ne transmet plus l'id_matiere dans 'etiquette', mais le nom_complet.
$user_mail = '';
$user_statut = '';
$user_source = 'local';
$user_etat = '';
$user_tel = '';
$user_champs_libre = '';
$display = '';
$retry = '';
if ($valid == 'yes') {
// Restriction dans le cas d'une démo
VerifyModeDemo();
$reg_nom = isset($_GET['reg_nom']) ? $_GET['reg_nom'] : null;
$reg_prenom = isset($_GET['reg_prenom']) ? $_GET['reg_prenom'] : null;
$new_login = isset($_GET['new_login']) ? $_GET['new_login'] : null;
$reg_password = isset($_GET['reg_password']) ? unslashes($_GET['reg_password']) : null;
$reg_password2 = isset($_GET['reg_password2']) ? unslashes($_GET['reg_password2']) : null;
$reg_statut = isset($_GET['reg_statut']) ? $_GET['reg_statut'] : null;
$reg_email = isset($_GET['reg_email']) ? $_GET['reg_email'] : null;
$reg_etat = isset($_GET['reg_etat']) ? $_GET['reg_etat'] : null;
$reg_source = isset($_GET['reg_source']) ? $_GET['reg_source'] : null;
$reg_tel = isset($_GET['reg_tel']) ? $_GET['reg_tel'] : null;
$reg_champs_libre = isset($_GET['reg_champs_libre']) ? $_GET['reg_champs_libre'] : null;
$reg_type_authentification = isset($_GET['type_authentification']) ? $_GET['type_authentification'] : 'locale';
if ($reg_type_authentification != 'locale') {
$reg_password = '';
}
if ($reg_nom == '' || $reg_prenom == '') {
$msg = get_vocab('please_enter_name');
$retry = 'yes';
} else {
//
Target of the form with sets the URL argument "Action=SetName".
Will eventually return to URL argument "TargetURL=whatever".
*/
if (isset($Action) && $Action == "SetName") {
/* First make sure the password is valid */
if ($NewUserName == "") {
// Unset the session variables
if (isset($_SESSION)) {
$_SESSION = array();
} else {
global $HTTP_SESSION_VARS;
$HTTP_SESSION_VARS = array();
}
} else {
$NewUserName = unslashes($NewUserName);
$NewUserPassword = unslashes($NewUserPassword);
if (!authValidateUser($NewUserName, $NewUserPassword)) {
print_header_mrbs(0, 0, 0, 0);
echo "<P>" . get_string('usernamenotfound') . "</P>\n";
printLoginForm($TargetURL);
exit;
}
if (isset($_SESSION)) {
$_SESSION["UserName"] = $NewUserName;
} else {
global $HTTP_SESSION_VARS;
$HTTP_SESSION_VARS["UserName"] = $NewUserName;
}
}
header("Location: {$TargetURL}");
/* Redirect browser to initial page */
//chaine_mel += "&body=Bonjour";
location.href = chaine_mel;
}
-->
</script>
<?php
switch($action)
{
//envoi du message
case "envoi":
//N.B. pour peaufiner, mettre un script de vérification de l'adresse email et du contenu du message !
$message = "Demandeur : ".$nama."\nEtablissement : ".getSettingValue("gepiSchoolName")."\n".unslashes($message);
if ($email_reponse == '') {
echo "<br /><br /><br /><P style=\"text-align: center\">Votre message n'a pas été envoyé : vous devez indiquer une adresse e-mail pour la réponse !</p>";
} else {
$gepiPrefixeSujetMail=getSettingValue("gepiPrefixeSujetMail") ? getSettingValue("gepiPrefixeSujetMail") : "";
if($gepiPrefixeSujetMail!='') {$gepiPrefixeSujetMail.=" ";}
$from = $email_reponse != "" ? "$nama <$email_reponse>" : getSettingValue("gepiAdminAdress");
$subject = $gepiPrefixeSujetMail."Demande d'aide dans GEPI";
$subject = "=?UTF-8?B?".base64_encode($subject)."?=\r\n";
$headers = "X-Mailer: PHP/" . phpversion()."\r\n";
$headers .= "MIME-Version: 1.0\r\n";
$headers .= "Content-type: text/plain; charset=UTF-8\r\n";
$headers .= "From: $from\r\n";
$text_classe_matiere .= " - Classe";
if (count($current_group["classes"]["list"]) > 1) {
$text_classe_matiere .= "s";
}
$text_classe_matiere .= " : " . $current_group["classlist_string"];
if (isset($_GET['periode_num'])) {
$text_classe_matiere .= " - Période : " . sql_query1("SELECT nom_periode FROM periodes WHERE\n (\n id_classe='" . $current_group["classes"]["list"][0] . "' and\n num_periode='" . (int) $_GET['periode_num'] . "'\n )");
}
}
//if ($text_classe_matiere != '') $pdf->Cell(100, 8, $text_classe_matiere,$bord,0,"L",0);
if ($text_classe_matiere != '') {
$pdf->Cell(100, 8, $text_classe_matiere, $bord, 0, "L", 0);
}
$pdf->ln();
//isset($_GET['titre']) ? $titre = unslashes($_GET['titre']) : $titre='' ;
isset($_GET['titre']) ? $titre = unslashes($_GET['titre']) : ($titre = '');
if ($titre != '') {
//Positionnement du titre
$w = $pdf->GetStringWidth($titre) + 6;
$pdf->SetX((LargeurPage - $w) / 2);
//Couleurs du cadre, du fond et du texte
$pdf->SetDrawColor(0, 0, 0);
$pdf->SetFillColor(255, 255, 255);
$pdf->SetTextColor(0, 0, 0);
//Titre centré
$pdf->Cell($w, 9, $titre, $bord, 1, 'C', 0);
//Saut de ligne
}
// tableau des en-têtes
$header1 = array();
$header1 = unserialize($_SESSION['header_pdf']);
VerifyModeDemo();
// Phase d'enregistrement des données
$nb_row = isset($_POST["nb_row"]) ? $_POST["nb_row"] : NULL;
$reg_stat = isset($_POST["reg_stat"]) ? $_POST["reg_stat"] : NULL;
$reg_login = isset($_POST["reg_login"]) ? $_POST["reg_login"] : NULL;
$reg_nom = isset($_POST["reg_nom"]) ? $_POST["reg_nom"] : NULL;
$reg_prenom = isset($_POST["reg_prenom"]) ? $_POST["reg_prenom"] : NULL;
$reg_email = isset($_POST["reg_email"]) ? $_POST["reg_email"] : NULL;
$reg_mdp = isset($_POST["reg_mdp"]) ? $_POST["reg_mdp"] : NULL;
$reg_type_user = isset($_POST["reg_type_user"]) ? $_POST["reg_type_user"] : NULL;
$reg_statut = isset($_POST["reg_statut"]) ? $_POST["reg_statut"] : NULL;
$reg_type_auth = isset($_POST["reg_type_auth"]) ? $_POST["reg_type_auth"] : NULL;
$nb_row++;
for ($row = 1; $row < $nb_row; $row++) {
if ($reg_type_auth[$row] != "ext") {
$reg_mdp[$row] = md5(unslashes($reg_mdp[$row]));
}
// On nettoie les windozeries
$reg_nom[$row] = protect_data_sql(corriger_caracteres($reg_nom[$row]));
$reg_prenom[$row] = protect_data_sql(corriger_caracteres($reg_prenom[$row]));
$reg_email[$row] = protect_data_sql(corriger_caracteres($reg_email[$row]));
$test_login = grr_sql_count(grr_sql_query("SELECT login FROM " . TABLE_PREFIX . "_utilisateurs WHERE login='******'"));
if ($test_login == 0) {
$regdata = grr_sql_query("INSERT INTO " . TABLE_PREFIX . "_utilisateurs SET nom='" . $reg_nom[$row] . "',prenom='" . $reg_prenom[$row] . "',login='******',email='" . $reg_email[$row] . "',password='******',statut='" . $reg_type_user[$row] . "',etat='" . $reg_statut[$row] . "',source='" . $reg_type_auth[$row] . "'");
} else {
$regdata = grr_sql_query("UPDATE " . TABLE_PREFIX . "_utilisateurs SET nom='" . $reg_nom[$row] . "',prenom='" . $reg_prenom[$row] . "',email='" . $reg_email[$row] . "',password='******',statut='" . $reg_type_user[$row] . "',etat='" . $reg_statut[$row] . "',source='" . $reg_type_auth[$row] . "' WHERE login='******'");
}
if (!$regdata) {
echo "<p><font color=\"red\">" . $reg_login[$row] . get_vocab("deux_points") . get_vocab("message_records_error") . "</font></p>";
} else {
if ($reg_stat[$row] == "nouveau") {
die('Erreur chargement settings');
}
// Paramètres langage
include 'include/language.inc.php';
// Session related functions
require_once './include/session.inc.php';
// Vérification du numéro de version et renvoi automatique vers la page de mise à jour
if (verif_version()) {
header('Location: ./admin/admin_maj.php');
exit;
}
// User wants to be authentified
if (isset($_POST['login']) && isset($_POST['password'])) {
// Détruit toutes les variables de session au cas où une session existait auparavant
$_SESSION = array();
$result = grr_opensession($_POST['login'], unslashes($_POST['password']));
// On écrit les données de session et ferme la session
session_write_close();
if ($result == '2') {
$message = get_vocab('echec_connexion_GRR');
$message .= ' ' . get_vocab('wrong_pwd');
} elseif ($result == '3') {
$message = get_vocab('echec_connexion_GRR');
$message .= '<br />' . get_vocab('importation_impossible');
} elseif ($result == '4') {
//$message = get_vocab("importation_impossible");
$message = get_vocab('echec_connexion_GRR');
$message .= ' ' . get_vocab('causes_possibles');
$message .= '<br />- ' . get_vocab('wrong_pwd');
$message .= '<br />- ' . get_vocab('echec_authentification_ldap');
} elseif ($result == '5') {
}
$etiquettex = array();
$k="1";
while ($k < $nb_data) {
$datay[$k] = array();
$temp1[$k] = array();
$temp2[$k] = array();
$temp1[$k]=explode("|", $_GET['temp1'.$k]);
$temp2[$k]=explode("|", $_GET['temp2'.$k]);
$k++;
}
$temp3=explode("|", $_GET['etiquette']);
$titre = unslashes($_GET['titre']);
isset($_GET['v_legend1']) ? $legendy1 = unslashes($_GET['v_legend1']) : $legendy1='' ;
isset($_GET['v_legend2']) ? $legendy2 = unslashes($_GET['v_legend2']) : $legendy2='' ;
$i=0;
while ($i < count($temp1[1])) {
$k="1";
while ($k < $nb_data) {
$datay1[$k][$i] = $temp1[$k][$i];
$datay2[$k][$i] = $temp2[$k][$i];
$k++;
}
/*
$call_matiere = mysql_query("SELECT nom_complet FROM matieres WHERE matiere = '".$temp3[$i]."'");
$etiquettex[$i] = old_mysql_result($call_matiere, "0", "nom_complet");
*/
$etiquettex[$i]=$temp3[$i];
$i++;
}
$matiere_nom_long[$i]=remplace_accents($matiere_nom_long[$i],'simple');
writinfo('/tmp/infos_graphe.txt','a+',"\$matiere[$i]=".$matiere[$i]."\n");
$matiere[$i]=remplace_accents($matiere[$i],'simple');
writinfo('/tmp/infos_graphe.txt','a+',"\$matiere[$i]=".$matiere[$i]."\n");
}
writinfo('/tmp/infos_graphe.txt','a+',"\nAvant les titres...\n");
$titre = unslashes($_GET['titre']);
$k = 1;
//while ($k < $nb_data) {
//while ($k<=$nb_series) {
for($k=1;$k<=2;$k++){
if (isset($_GET['v_legend'.$k])) {
$legendy[$k] = unslashes($_GET['v_legend'.$k]);
} else {
$legendy[$k]='' ;
}
// $eleve peut en fait être une moyenne de classe ou même un trimestre...
$eleve[$k]=$legendy[$k];
writinfo('/tmp/infos_graphe.txt','a+',"\$eleve[$k]=".$eleve[$k]."\n");
//$k++;
}
//============================================
$eleve1=$_GET['v_legend1'];
$sql="SELECT * FROM eleves WHERE login='******'";
$resultat_infos_eleve1=mysqli_query($GLOBALS["mysqli"], $sql);
if(mysqli_num_rows($resultat_infos_eleve1)>0) {
include "functions.inc";
include "{$dbsys}.inc";
#If we dont know the right date then make it up
if (!isset($day) or !isset($month) or !isset($year)) {
$day = date("d");
$month = date("m");
$year = date("Y");
}
if (empty($area)) {
$area = get_default_area();
}
# Need all these different versions with different escaping.
# search_str must be left as the html-escaped version because this is
# used as the default value for the search box in the header.
if (!empty($search_str)) {
$search_text = unslashes($search_str);
$search_url = urlencode($search_text);
$search_str = htmlspecialchars($search_text);
}
print_header($day, $month, $year, $area);
if (!empty($advanced)) {
echo "<H3>" . get_vocab("advanced_search") . "</H3>";
echo "<FORM METHOD=GET ACTION=\"search.php\">";
echo get_vocab("search_for") . " <INPUT TYPE=TEXT SIZE=25 NAME=\"search_str\"><br>";
echo get_vocab("from") . " ";
genDateSelector("", $day, $month, $year);
echo "<br><INPUT TYPE=SUBMIT VALUE=\"" . get_vocab("search_button") . "\">";
echo "</FORM>";
include "trailer.inc";
exit;
}
$user_nom = '';
$user_prenom = '';
$user_mail = '';
$user_statut = '';
$user_source = 'local';
$user_etat = '';
$display = "";
$retry = '';
if ($valid == "yes") {
// Restriction dans le cas d'une démo
VerifyModeDemo();
$reg_nom = isset($_GET["reg_nom"]) ? $_GET["reg_nom"] : NULL;
$reg_prenom = isset($_GET["reg_prenom"]) ? $_GET["reg_prenom"] : NULL;
$new_login = isset($_GET["new_login"]) ? $_GET["new_login"] : NULL;
$reg_password = isset($_GET["reg_password"]) ? unslashes($_GET["reg_password"]) : NULL;
$reg_password2 = isset($_GET["reg_password2"]) ? unslashes($_GET["reg_password2"]) : NULL;
$reg_statut = isset($_GET["reg_statut"]) ? $_GET["reg_statut"] : NULL;
$reg_email = isset($_GET["reg_email"]) ? $_GET["reg_email"] : NULL;
$reg_etat = isset($_GET["reg_etat"]) ? $_GET["reg_etat"] : NULL;
$reg_source = isset($_GET["reg_source"]) ? $_GET["reg_source"] : NULL;
$reg_type_authentification = isset($_GET["type_authentification"]) ? $_GET["type_authentification"] : "locale";
if ($reg_type_authentification != "locale") {
$reg_password = "";
}
if ($reg_nom == '' || $reg_prenom == '') {
$msg = get_vocab("please_enter_name");
$retry = 'yes';
} else {
//
// actions si un nouvel utilisateur a été défini
//
echo get_vocab("submitquery");
?>
">
</td></tr>
</table>
</form>
<?php
}
# Lower part: Results, if called with parameters:
if (isset($areamatch)) {
# Make sure these are not escape-quoted:
$areamatch = unslashes($areamatch);
$roommatch = unslashes($roommatch);
$namematch = unslashes($namematch);
$descrmatch = unslashes($descrmatch);
# Start and end times are also used to clip the times for summary info.
$report_start = mktime(0, 0, 0, $From_month + 0, $From_day + 0, $From_year + 0);
$report_end = mktime(0, 0, 0, $To_month + 0, $To_day + 1, $To_year + 0);
# SQL result will contain the following columns:
# Col Index Description:
# 1 [0] Entry ID, not displayed -- used for linking to View script.
# 2 [1] Start time as Unix time_t
# 3 [2] End time as Unix time_t
# 4 [3] Entry name or short description, must be HTML escaped
# 5 [4] Entry description, must be HTML escaped
# 6 [5] Type, single char mapped to a string
# 7 [6] Created by (user name or IP addr), must be HTML escaped
# 8 [7] Creation timestamp, converted to Unix time_t by the database
# 9 [8] Area name, must be HTML escaped
# 10 [9] Room name, must be HTML escaped
function unslashes(&$var)
{
if (is_array($var)) {
foreach ($var as $i => $n) {
$var[$i] = unslashes($n);
}
} else {
$var = stripcslashes($var);
}
return $var;
}
require_once "../include/settings.class.php";
// Session related functions
require_once "../include/session.inc.php";
// Paramètres langage
include "../include/language.inc.php";
//Chargement des valeurs de la table settingS
if (!Settings::load()) {
die("Erreur chargement settings");
}
$valid = isset($_POST["valid"]) ? $_POST["valid"] : 'no';
$etape = isset($_POST["etape"]) ? $_POST["etape"] : '0';
$adresse = isset($_POST["adresse"]) ? $_POST["adresse"] : NULL;
$port = isset($_POST["port"]) ? $_POST["port"] : NULL;
$login_ldap = isset($_POST["login_ldap"]) ? $_POST["login_ldap"] : NULL;
$pwd_ldap = isset($_POST["pwd_ldap"]) ? $_POST["pwd_ldap"] : NULL;
$pwd_ldap = unslashes($pwd_ldap);
if (isset($_POST["use_tls"])) {
if ($_POST["use_tls"] == 'y') {
$use_tls = TRUE;
} else {
$use_tls = FALSE;
}
} else {
$use_tls = FALSE;
}
$base_ldap = isset($_POST["base_ldap"]) ? $_POST["base_ldap"] : NULL;
$base_ldap_autre = isset($_POST["base_ldap_autre"]) ? $_POST["base_ldap_autre"] : NULL;
$ldap_filter = isset($_POST["ldap_filter"]) ? $_POST["ldap_filter"] : NULL;
$titre_ldap = "Configuration de l'authentification LDAP";
if (isset($_POST['reg_ldap_statut'])) {
if ($_POST['ldap_statut'] == "no_ldap") {
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
// On précise de ne pas traiter les données avec la fonction anti_inject
$traite_anti_inject = 'no';
// Initialisations files
require_once "../lib/initialisations.inc.php";
//$texte : le texte à afficher
//$height : la hauteur de l'image
//$width : la largeur de l'image
//$colortxt : la couleur du texte de la forme #xxxxxx ou xxxxxx
unset($height);
$height = isset($_GET["height"]) ? $_GET["height"] : NULL;
unset($width);
$width = isset($_GET["width"]) ? $_GET["width"] : NULL;
unset($texte);
$texte = isset($_GET["texte"]) ? unslashes($_GET["texte"]) : NULL;
unset($colortxt);
$colortxt = isset($_GET["colortxt"]) ? $_GET["colortxt"] : NULL;
$long_chaine = mb_strlen($texte);
if ($height != '') {
$haut_im = $height;
} else {
$haut_im = $long_chaine * 8;
}
if ($width != '') {
$larg_im = $width;
} else {
$larg_im = 20;
}
Header("Content-Type: image/png");
$texte = urldecode($texte);