function get_form_var($variable, $type = 'string') { // We use some functions from here // require_once "functions.inc"; if ($type == 'array') { $value = array(); } else { $value = NULL; } if (!empty($_POST) && isset($_POST[$variable])) { if ($type == 'array') { $value = (array) $_POST[$variable]; } else { $value = $_POST[$variable]; } } else { if (!empty($HTTP_POST_VARS) && isset($HTTP_POST_VARS[$variable])) { if ($type == 'array') { $value = (array) $HTTP_POST_VARS[$variable]; } else { $value = $HTTP_POST_VARS[$variable]; } } } if (!empty($_GET) && isset($_GET[$variable])) { if ($type == 'array') { $value = (array) $_GET[$variable]; } else { $value = $_GET[$variable]; } } else { if (!empty($HTTP_GET_VARS) && isset($HTTP_GET_VARS[$variable])) { if ($type == 'array') { $value = (array) $HTTP_GET_VARS[$variable]; } else { $value = $HTTP_GET_VARS[$variable]; } } } if ($value != NULL) { if ($type == 'int') { $value = intval(unslashes($value)); } else { if ($type == 'string') { $value = unslashes($value); } else { if ($type == 'array') { foreach ($value as $arrkey => $arrvalue) { $value[$arrkey] = unslashes($arrvalue); } } } } } return $value; }
function get_form_var($variable, $type = 'string') { // We use some functions from here //require_once "functions.inc"; global $cli_params, $allow_cli; // Set the default value, and make sure it's the right type if (func_num_args() > 2) { $value = func_get_arg(2); $value = $type == 'array' ? (array) $value : $value; } else { $value = $type == 'array' ? array() : NULL; } // Get the command line arguments if any (and we're allowed to), // otherwise get the POST variables if ($allow_cli && (!empty($cli_params) && isset($cli_params[$variable]))) { $value = $cli_params[$variable]; } else { if (!empty($_POST) && isset($_POST[$variable])) { $value = $_POST[$variable]; } else { if (!empty($HTTP_POST_VARS) && isset($HTTP_POST_VARS[$variable])) { $value = $HTTP_POST_VARS[$variable]; } } } // Then get the GET variables if (!empty($_GET) && isset($_GET[$variable])) { $value = $_GET[$variable]; } else { if (!empty($HTTP_GET_VARS) && isset($HTTP_GET_VARS[$variable])) { $value = $HTTP_GET_VARS[$variable]; } } // Cast to an array if necessary if ($type == 'array') { $value = (array) $value; } // Clean up the variable if ($value != NULL) { if ($type == 'int') { $value = intval(unslashes($value)); } else { if ($type == 'string') { $value = unslashes($value); } else { if ($type == 'array') { foreach ($value as $arrkey => $arrvalue) { $value[$arrkey] = unslashes($arrvalue); } } } } } return $value; }
if($defaut_gab=="y"){ $value_gab="selected='selected'"; $gabarit=$lig_gab->repertoire; }else{ $value_gab=""; } $tbs_dossier_gabarit[]=array("texte"=>$texte_gab, "selection"=>$value_gab, "value"=>$repertoire_gab); } } }else{ $gabarit="origine"; } if ((isset($_GET['template'])) or (isset($_POST['template'])) or (isset($gabarit))) { $gabarit = isset($_POST['template']) ? unslashes($_POST['template']) : (isset($_GET['template']) ? unslashes($_GET['template']) : $gabarit); } else{ $gabarit="origine"; } //================================== // Décommenter la ligne ci-dessous pour afficher les variables $_GET, $_POST, $_SESSION et $_SERVER pour DEBUG: //debug_var(); // appel des bibliothèques tinyButStrong $_SESSION['tbs_class'] = 'tbs/tbs_class.php';
// Traitement du nouveau nom de la salle if (isset($new_name) and $new_name != "") { $nettoyage1 = mb_substr($new_name, 0, 30); $new_name_propre = traitement_magic_quotes($nettoyage1); // cette fonction est dans le traitement_data.inc.php $req_modif_nom = mysqli_query($GLOBALS["mysqli"], "UPDATE salle_cours SET nom_salle = '{$new_name_propre}' WHERE id_salle = '{$modif_salle}'") or trigger_error('Echec dans le changement de nom', E_USER_WARNING); $req_numero = mysqli_query($GLOBALS["mysqli"], "SELECT numero_salle FROM salle_cours WHERE id_salle = '{$modif_salle}'") or trigger_error('Echec dans le changement du nom', E_USER_WARNING); $rep_numero = mysqli_fetch_array($req_numero); $num_salle = $rep_numero["numero_salle"]; echo ' </td> </tr> <tr> <td></td> <td> <span class="accept">'; printf(CHANGE_CLASSROOM_NAME, $num_salle, unslashes($new_name_propre)); echo '</span> </form>'; } ?> </td> </tr> </table> <br /> </fieldset> <br /> <form action="ajouter_salle.php" name="effacer_salle" method="post"> <fieldset id="enlever">
echo "<hr />\n"; } // Affichage d'un lien pour format imprimable if ((!isset($_GET['pview']) || $_GET['pview'] != 1) && ($summarize != 4 && $summarize != 5)) { echo '<p style="text-align:center;"> <a href="' . traite_grr_url("", "y") . "report.php" . '?' . htmlspecialchars($_SERVER['QUERY_STRING']) . '&pview=1" '; if (Settings::get("pview_new_windows") == 1) { echo ' target="_blank"'; } echo '><span class="glyphicon glyphicon-print"></span></a> </p>'; } //S'assurer que ces paramètres ne sont pas cités. $k = 0; while ($k < count($texte)) { $texte[$k] = unslashes($texte[$k]); $k++; } //Les heures de début et de fin sont aussi utilisés pour mettre l'heure dans le rapport. $report_start = mktime(0, 0, 0, $From_month, $From_day, $From_year); $report_end = mktime(0, 0, 0, $To_month, $To_day + 1, $To_year); // La requête SQL va contenir les colonnes suivantes: // Col Index Description: // 1 [0] Entry ID, Non affiché -> e.id // 2 [1] Date de début (Unix) -> e.start_time // 3 [2] Date de fin (Unix) -> e.end_time // 4 [3] Descrition brêve,(HTML) -> e.name // 5 [4] Descrition,(HTML) -> e.description // 6 [5] Type -> e.type // 7 [6] réservé par (nom ou IP), (HTML) -> e.beneficiaire // 8 [7] Timestamp (création), (Unix) -> e.timestamp
} print_header($day, $month, $year, isset($area) ? $area : ""); // If area is set but area name is not known, get the name. if (isset($area)) { if (empty($area_name)) { $res = sql_query("select area_name from mrbs_area where id={$area}"); if (!$res) { fatal_error(0, sql_error()); } if (sql_count($res) == 1) { $row = sql_row($res, 0); $area_name = $row[0]; } sql_free($res); } else { $area_name = unslashes($area_name); } } ?> <h2><?php echo $vocab['administration']; ?> </h2> <table border=1> <tr> <th><center><b><?php echo $vocab['areas']; ?> </b></center></th>
$back = ''; if (isset($_SERVER['HTTP_REFERER'])) { $back = htmlspecialchars($_SERVER['HTTP_REFERER']); } check_access(6, $back); // Restriction dans le cas d'une démo VerifyModeDemo(); unset($user_login); $user_login = isset($_POST["user_login"]) ? $_POST["user_login"] : ($user_login = isset($_GET["user_login"]) ? $_GET["user_login"] : NULL); $valid = isset($_POST["valid"]) ? $_POST["valid"] : NULL; $msg = ''; if ($valid == "yes") { unset($reg_password1); $reg_password1 = unslashes($_POST["reg_password1"]); unset($reg_password2); $reg_password2 = unslashes($_POST["reg_password2"]); $reg_password_c = md5($reg_password1); if ($reg_password1 != $reg_password2 || strlen($reg_password1) < $pass_leng) { $msg = get_vocab("passwd_error"); } else { $sql = "UPDATE " . TABLE_PREFIX . "_utilisateurs SET password='******' WHERE login='******'"; if (grr_sql_command($sql) < 0) { fatal_error(0, get_vocab('update_pwd_failed') . grr_sql_error()); } else { $msg = get_vocab('update_pwd_succeed'); } } } $user_nom = ''; $user_prenom = ''; $user_source = '';
$i++; } while ($i < $_POST['indice_max_log_eleve']); } if (isset($_POST['appreciations'])) { check_token(); $temp = $_POST['appreciations'] . " 1"; // Sous Linux, on n'envoie que des \n if (preg_match("/\\\\r/", $temp)) { // Cas Window$ et Mac $temp = my_ereg_replace("\\\\r", "`", $temp); $temp = my_ereg_replace("\\\\n", "", $temp); } elseif (preg_match("/\\\\n/", $temp)) { // Cas Linux $temp = my_ereg_replace("\\\\n", "`", $temp); } $temp = unslashes($temp); $longueur = mb_strlen($temp); $i = 0; $fin_app = 'yes'; $indice = $_POST['debut_import'] - 2; $tempo = ""; while ($i < $longueur and $indice < $_POST['fin_import']) { $car = mb_substr($temp, $i, 1); if (!my_ereg("^[`]{1}\$", $car)) { if ($fin_app == 'yes' or $i == $longueur - 1) { $fin_app = 'no'; $appreciations_import[$indice] = $tempo; $indice++; $tempo = ''; } $tempo = $tempo . $car;
} # This file is for adding new areas/rooms # we need to do different things depending on if its a room # or an area if ($type == "area") { $area_name_q = unslashes($name); $id = $mdb->nextId("{$tbl_area}_id"); if (MDB::isError($id)) { fatal_error(1, "<p>" . $id->getMessage() . "<br>" . $id->getUserInfo()); } $sql = "INSERT INTO {$tbl_area} (id, area_name) \n VALUES ({$id}, " . $mdb->getTextValue($area_name_q) . ")"; $res = $mdb->query($sql); if (MDB::isError($res)) { fatal_error(1, "<p>" . $res->getMessage() . "<br>" . $res->getUserInfo()); } $area = $mdb->currId("{$tbl_area}_id"); } if ($type == "room") { $room_name_q = unslashes($name); $description_q = unslashes($description); if (empty($capacity)) { $capacity = 0; } $id = $mdb->nextId("{$tbl_room}_id"); $sql = "INSERT INTO {$tbl_room} (id, room_name, area_id, description, capacity)\n VALUES ({$id}, " . $mdb->getTextValue($room_name_q) . ", {$area}, " . $mdb->getTextValue($description_q) . ", {$capacity})"; $res = $mdb->query($sql); if (MDB::isError($res)) { fatal_error(1, "<p>" . $res->getMessage() . "<br>" . $res->getUserInfo()); } } header("Location: admin.php?area={$area}");
$message .= "\n\n"; $message .= "Bizarrerie: L'identité POSTée est: {$nama}\n Et l'identité de connexion est: " . $_SESSION['prenom'] . " " . $_SESSION['nom']; } unslashes($message); $gepiPrefixeSujetMail = getSettingValue("gepiPrefixeSujetMail") ? getSettingValue("gepiPrefixeSujetMail") : ""; if ($gepiPrefixeSujetMail != '') { $gepiPrefixeSujetMail .= " "; } $gepiAdminAdress = getSettingValue("gepiAdminAdress"); if ($gepiAdminAdress == "") { echo "<p><span style='color:red;>ERREUR</span>: L'adresse mail de l'administrateur n'est pas renseignée.</p>\n"; require "../lib/footer.inc.php"; die; } $objet_msg = trim($objet_msg); unslashes($objet_msg); //echo "\$objet_msg=$objet_msg<br />"; //stripslashes($objet_msg); //if($objet_msg=='') {$objet_msg="Demande d'aide dans GEPI";} $subject = $gepiPrefixeSujetMail . $objet_msg; $subject = "=?UTF-8?B?" . base64_encode($subject) . "?=\r\n"; $from = $email_reponse != "" ? "{$nama} <{$email_reponse}>" : $gepiAdminAdress; $headers = "X-Mailer: PHP/" . phpversion() . "\r\n"; $headers .= "MIME-Version: 1.0\r\n"; $headers .= "Content-type: text/plain; charset=UTF-8\r\n"; $headers .= "From: {$from}\r\n"; if ($email_reponse != "") { $headers .= "Reply-To: {$from}\r\n"; if (getSettingValue("gepiAdminAdressFormHidden") != "y") { $headers .= "Cc: {$nama} <{$email_reponse}>\r\n"; }
$ht = new htaccess(TRUE); $user = array(); // Get the logins from the password file $user = $ht->get_htpasswd(); // Add an Administrator if (empty($_POST['pwd1_backup']) || empty($_POST['pwd2_backup'])) { $msg = "Problème : les deux mots de passe ne sont pas identiques ou sont vides."; $error = 1; } elseif ($_POST['pwd1_backup'] != $_POST['pwd2_backup']) { $msg = "Problème : les deux mots de passe ne sont pas identiques."; $error = 1; } elseif (empty($_POST['login_backup'])) { $msg = "Problème : l'identifiant est vide."; $error = 1; } else { $_login = my_strtolower(unslashes($_POST['login_backup'])); if (is_array($user)) { foreach ($user as $key => $value) { if ($_login == $key) { $ht->delete_user($_login); } } } } if (!isset($error)) { $ht->set_user($_login, $_POST['pwd1_backup']); $ht->set_htpasswd(); $user = array(); $user = $ht->get_htpasswd(); clearstatcache(); if (!is_file('../backup/' . $dirname . '/.htaccess')) {
$etiquettex = array(); $k="1"; while ($k < $nb_data) { $datay[$k] = array(); $temp[$k] = array(); $temp[$k]=explode("|", $_GET['temp'.$k]); $k++; } $legendy = array(); $temp3=explode("|", $_GET['etiquette']); $titre = unslashes($_GET['titre']); $k = 1; while ($k < $nb_data) { if (isset($_GET['v_legend'.$k])) { $legendy[$k] = unslashes(urldecode($_GET['v_legend'.$k])); } else { $legendy[$k]='' ; } $k++; } $i=0; while ($i < count($temp[1])) { $k="1"; while ($k < $nb_data) { $datay[$k][$i] = $temp[$k][$i]; $k++; } /* // On ne transmet plus l'id_matiere dans 'etiquette', mais le nom_complet.
$user_mail = ''; $user_statut = ''; $user_source = 'local'; $user_etat = ''; $user_tel = ''; $user_champs_libre = ''; $display = ''; $retry = ''; if ($valid == 'yes') { // Restriction dans le cas d'une démo VerifyModeDemo(); $reg_nom = isset($_GET['reg_nom']) ? $_GET['reg_nom'] : null; $reg_prenom = isset($_GET['reg_prenom']) ? $_GET['reg_prenom'] : null; $new_login = isset($_GET['new_login']) ? $_GET['new_login'] : null; $reg_password = isset($_GET['reg_password']) ? unslashes($_GET['reg_password']) : null; $reg_password2 = isset($_GET['reg_password2']) ? unslashes($_GET['reg_password2']) : null; $reg_statut = isset($_GET['reg_statut']) ? $_GET['reg_statut'] : null; $reg_email = isset($_GET['reg_email']) ? $_GET['reg_email'] : null; $reg_etat = isset($_GET['reg_etat']) ? $_GET['reg_etat'] : null; $reg_source = isset($_GET['reg_source']) ? $_GET['reg_source'] : null; $reg_tel = isset($_GET['reg_tel']) ? $_GET['reg_tel'] : null; $reg_champs_libre = isset($_GET['reg_champs_libre']) ? $_GET['reg_champs_libre'] : null; $reg_type_authentification = isset($_GET['type_authentification']) ? $_GET['type_authentification'] : 'locale'; if ($reg_type_authentification != 'locale') { $reg_password = ''; } if ($reg_nom == '' || $reg_prenom == '') { $msg = get_vocab('please_enter_name'); $retry = 'yes'; } else { //
Target of the form with sets the URL argument "Action=SetName". Will eventually return to URL argument "TargetURL=whatever". */ if (isset($Action) && $Action == "SetName") { /* First make sure the password is valid */ if ($NewUserName == "") { // Unset the session variables if (isset($_SESSION)) { $_SESSION = array(); } else { global $HTTP_SESSION_VARS; $HTTP_SESSION_VARS = array(); } } else { $NewUserName = unslashes($NewUserName); $NewUserPassword = unslashes($NewUserPassword); if (!authValidateUser($NewUserName, $NewUserPassword)) { print_header_mrbs(0, 0, 0, 0); echo "<P>" . get_string('usernamenotfound') . "</P>\n"; printLoginForm($TargetURL); exit; } if (isset($_SESSION)) { $_SESSION["UserName"] = $NewUserName; } else { global $HTTP_SESSION_VARS; $HTTP_SESSION_VARS["UserName"] = $NewUserName; } } header("Location: {$TargetURL}"); /* Redirect browser to initial page */
//chaine_mel += "&body=Bonjour"; location.href = chaine_mel; } --> </script> <?php switch($action) { //envoi du message case "envoi": //N.B. pour peaufiner, mettre un script de vérification de l'adresse email et du contenu du message ! $message = "Demandeur : ".$nama."\nEtablissement : ".getSettingValue("gepiSchoolName")."\n".unslashes($message); if ($email_reponse == '') { echo "<br /><br /><br /><P style=\"text-align: center\">Votre message n'a pas été envoyé : vous devez indiquer une adresse e-mail pour la réponse !</p>"; } else { $gepiPrefixeSujetMail=getSettingValue("gepiPrefixeSujetMail") ? getSettingValue("gepiPrefixeSujetMail") : ""; if($gepiPrefixeSujetMail!='') {$gepiPrefixeSujetMail.=" ";} $from = $email_reponse != "" ? "$nama <$email_reponse>" : getSettingValue("gepiAdminAdress"); $subject = $gepiPrefixeSujetMail."Demande d'aide dans GEPI"; $subject = "=?UTF-8?B?".base64_encode($subject)."?=\r\n"; $headers = "X-Mailer: PHP/" . phpversion()."\r\n"; $headers .= "MIME-Version: 1.0\r\n"; $headers .= "Content-type: text/plain; charset=UTF-8\r\n"; $headers .= "From: $from\r\n";
$text_classe_matiere .= " - Classe"; if (count($current_group["classes"]["list"]) > 1) { $text_classe_matiere .= "s"; } $text_classe_matiere .= " : " . $current_group["classlist_string"]; if (isset($_GET['periode_num'])) { $text_classe_matiere .= " - Période : " . sql_query1("SELECT nom_periode FROM periodes WHERE\n (\n id_classe='" . $current_group["classes"]["list"][0] . "' and\n num_periode='" . (int) $_GET['periode_num'] . "'\n )"); } } //if ($text_classe_matiere != '') $pdf->Cell(100, 8, $text_classe_matiere,$bord,0,"L",0); if ($text_classe_matiere != '') { $pdf->Cell(100, 8, $text_classe_matiere, $bord, 0, "L", 0); } $pdf->ln(); //isset($_GET['titre']) ? $titre = unslashes($_GET['titre']) : $titre='' ; isset($_GET['titre']) ? $titre = unslashes($_GET['titre']) : ($titre = ''); if ($titre != '') { //Positionnement du titre $w = $pdf->GetStringWidth($titre) + 6; $pdf->SetX((LargeurPage - $w) / 2); //Couleurs du cadre, du fond et du texte $pdf->SetDrawColor(0, 0, 0); $pdf->SetFillColor(255, 255, 255); $pdf->SetTextColor(0, 0, 0); //Titre centré $pdf->Cell($w, 9, $titre, $bord, 1, 'C', 0); //Saut de ligne } // tableau des en-têtes $header1 = array(); $header1 = unserialize($_SESSION['header_pdf']);
VerifyModeDemo(); // Phase d'enregistrement des données $nb_row = isset($_POST["nb_row"]) ? $_POST["nb_row"] : NULL; $reg_stat = isset($_POST["reg_stat"]) ? $_POST["reg_stat"] : NULL; $reg_login = isset($_POST["reg_login"]) ? $_POST["reg_login"] : NULL; $reg_nom = isset($_POST["reg_nom"]) ? $_POST["reg_nom"] : NULL; $reg_prenom = isset($_POST["reg_prenom"]) ? $_POST["reg_prenom"] : NULL; $reg_email = isset($_POST["reg_email"]) ? $_POST["reg_email"] : NULL; $reg_mdp = isset($_POST["reg_mdp"]) ? $_POST["reg_mdp"] : NULL; $reg_type_user = isset($_POST["reg_type_user"]) ? $_POST["reg_type_user"] : NULL; $reg_statut = isset($_POST["reg_statut"]) ? $_POST["reg_statut"] : NULL; $reg_type_auth = isset($_POST["reg_type_auth"]) ? $_POST["reg_type_auth"] : NULL; $nb_row++; for ($row = 1; $row < $nb_row; $row++) { if ($reg_type_auth[$row] != "ext") { $reg_mdp[$row] = md5(unslashes($reg_mdp[$row])); } // On nettoie les windozeries $reg_nom[$row] = protect_data_sql(corriger_caracteres($reg_nom[$row])); $reg_prenom[$row] = protect_data_sql(corriger_caracteres($reg_prenom[$row])); $reg_email[$row] = protect_data_sql(corriger_caracteres($reg_email[$row])); $test_login = grr_sql_count(grr_sql_query("SELECT login FROM " . TABLE_PREFIX . "_utilisateurs WHERE login='******'")); if ($test_login == 0) { $regdata = grr_sql_query("INSERT INTO " . TABLE_PREFIX . "_utilisateurs SET nom='" . $reg_nom[$row] . "',prenom='" . $reg_prenom[$row] . "',login='******',email='" . $reg_email[$row] . "',password='******',statut='" . $reg_type_user[$row] . "',etat='" . $reg_statut[$row] . "',source='" . $reg_type_auth[$row] . "'"); } else { $regdata = grr_sql_query("UPDATE " . TABLE_PREFIX . "_utilisateurs SET nom='" . $reg_nom[$row] . "',prenom='" . $reg_prenom[$row] . "',email='" . $reg_email[$row] . "',password='******',statut='" . $reg_type_user[$row] . "',etat='" . $reg_statut[$row] . "',source='" . $reg_type_auth[$row] . "' WHERE login='******'"); } if (!$regdata) { echo "<p><font color=\"red\">" . $reg_login[$row] . get_vocab("deux_points") . get_vocab("message_records_error") . "</font></p>"; } else { if ($reg_stat[$row] == "nouveau") {
die('Erreur chargement settings'); } // Paramètres langage include 'include/language.inc.php'; // Session related functions require_once './include/session.inc.php'; // Vérification du numéro de version et renvoi automatique vers la page de mise à jour if (verif_version()) { header('Location: ./admin/admin_maj.php'); exit; } // User wants to be authentified if (isset($_POST['login']) && isset($_POST['password'])) { // Détruit toutes les variables de session au cas où une session existait auparavant $_SESSION = array(); $result = grr_opensession($_POST['login'], unslashes($_POST['password'])); // On écrit les données de session et ferme la session session_write_close(); if ($result == '2') { $message = get_vocab('echec_connexion_GRR'); $message .= ' ' . get_vocab('wrong_pwd'); } elseif ($result == '3') { $message = get_vocab('echec_connexion_GRR'); $message .= '<br />' . get_vocab('importation_impossible'); } elseif ($result == '4') { //$message = get_vocab("importation_impossible"); $message = get_vocab('echec_connexion_GRR'); $message .= ' ' . get_vocab('causes_possibles'); $message .= '<br />- ' . get_vocab('wrong_pwd'); $message .= '<br />- ' . get_vocab('echec_authentification_ldap'); } elseif ($result == '5') {
} $etiquettex = array(); $k="1"; while ($k < $nb_data) { $datay[$k] = array(); $temp1[$k] = array(); $temp2[$k] = array(); $temp1[$k]=explode("|", $_GET['temp1'.$k]); $temp2[$k]=explode("|", $_GET['temp2'.$k]); $k++; } $temp3=explode("|", $_GET['etiquette']); $titre = unslashes($_GET['titre']); isset($_GET['v_legend1']) ? $legendy1 = unslashes($_GET['v_legend1']) : $legendy1='' ; isset($_GET['v_legend2']) ? $legendy2 = unslashes($_GET['v_legend2']) : $legendy2='' ; $i=0; while ($i < count($temp1[1])) { $k="1"; while ($k < $nb_data) { $datay1[$k][$i] = $temp1[$k][$i]; $datay2[$k][$i] = $temp2[$k][$i]; $k++; } /* $call_matiere = mysql_query("SELECT nom_complet FROM matieres WHERE matiere = '".$temp3[$i]."'"); $etiquettex[$i] = old_mysql_result($call_matiere, "0", "nom_complet"); */ $etiquettex[$i]=$temp3[$i]; $i++;
} $matiere_nom_long[$i]=remplace_accents($matiere_nom_long[$i],'simple'); writinfo('/tmp/infos_graphe.txt','a+',"\$matiere[$i]=".$matiere[$i]."\n"); $matiere[$i]=remplace_accents($matiere[$i],'simple'); writinfo('/tmp/infos_graphe.txt','a+',"\$matiere[$i]=".$matiere[$i]."\n"); } writinfo('/tmp/infos_graphe.txt','a+',"\nAvant les titres...\n"); $titre = unslashes($_GET['titre']); $k = 1; //while ($k < $nb_data) { //while ($k<=$nb_series) { for($k=1;$k<=2;$k++){ if (isset($_GET['v_legend'.$k])) { $legendy[$k] = unslashes($_GET['v_legend'.$k]); } else { $legendy[$k]='' ; } // $eleve peut en fait être une moyenne de classe ou même un trimestre... $eleve[$k]=$legendy[$k]; writinfo('/tmp/infos_graphe.txt','a+',"\$eleve[$k]=".$eleve[$k]."\n"); //$k++; } //============================================ $eleve1=$_GET['v_legend1']; $sql="SELECT * FROM eleves WHERE login='******'"; $resultat_infos_eleve1=mysqli_query($GLOBALS["mysqli"], $sql); if(mysqli_num_rows($resultat_infos_eleve1)>0) {
include "functions.inc"; include "{$dbsys}.inc"; #If we dont know the right date then make it up if (!isset($day) or !isset($month) or !isset($year)) { $day = date("d"); $month = date("m"); $year = date("Y"); } if (empty($area)) { $area = get_default_area(); } # Need all these different versions with different escaping. # search_str must be left as the html-escaped version because this is # used as the default value for the search box in the header. if (!empty($search_str)) { $search_text = unslashes($search_str); $search_url = urlencode($search_text); $search_str = htmlspecialchars($search_text); } print_header($day, $month, $year, $area); if (!empty($advanced)) { echo "<H3>" . get_vocab("advanced_search") . "</H3>"; echo "<FORM METHOD=GET ACTION=\"search.php\">"; echo get_vocab("search_for") . " <INPUT TYPE=TEXT SIZE=25 NAME=\"search_str\"><br>"; echo get_vocab("from") . " "; genDateSelector("", $day, $month, $year); echo "<br><INPUT TYPE=SUBMIT VALUE=\"" . get_vocab("search_button") . "\">"; echo "</FORM>"; include "trailer.inc"; exit; }
$user_nom = ''; $user_prenom = ''; $user_mail = ''; $user_statut = ''; $user_source = 'local'; $user_etat = ''; $display = ""; $retry = ''; if ($valid == "yes") { // Restriction dans le cas d'une démo VerifyModeDemo(); $reg_nom = isset($_GET["reg_nom"]) ? $_GET["reg_nom"] : NULL; $reg_prenom = isset($_GET["reg_prenom"]) ? $_GET["reg_prenom"] : NULL; $new_login = isset($_GET["new_login"]) ? $_GET["new_login"] : NULL; $reg_password = isset($_GET["reg_password"]) ? unslashes($_GET["reg_password"]) : NULL; $reg_password2 = isset($_GET["reg_password2"]) ? unslashes($_GET["reg_password2"]) : NULL; $reg_statut = isset($_GET["reg_statut"]) ? $_GET["reg_statut"] : NULL; $reg_email = isset($_GET["reg_email"]) ? $_GET["reg_email"] : NULL; $reg_etat = isset($_GET["reg_etat"]) ? $_GET["reg_etat"] : NULL; $reg_source = isset($_GET["reg_source"]) ? $_GET["reg_source"] : NULL; $reg_type_authentification = isset($_GET["type_authentification"]) ? $_GET["type_authentification"] : "locale"; if ($reg_type_authentification != "locale") { $reg_password = ""; } if ($reg_nom == '' || $reg_prenom == '') { $msg = get_vocab("please_enter_name"); $retry = 'yes'; } else { // // actions si un nouvel utilisateur a été défini //
echo get_vocab("submitquery"); ?> "> </td></tr> </table> </form> <?php } # Lower part: Results, if called with parameters: if (isset($areamatch)) { # Make sure these are not escape-quoted: $areamatch = unslashes($areamatch); $roommatch = unslashes($roommatch); $namematch = unslashes($namematch); $descrmatch = unslashes($descrmatch); # Start and end times are also used to clip the times for summary info. $report_start = mktime(0, 0, 0, $From_month + 0, $From_day + 0, $From_year + 0); $report_end = mktime(0, 0, 0, $To_month + 0, $To_day + 1, $To_year + 0); # SQL result will contain the following columns: # Col Index Description: # 1 [0] Entry ID, not displayed -- used for linking to View script. # 2 [1] Start time as Unix time_t # 3 [2] End time as Unix time_t # 4 [3] Entry name or short description, must be HTML escaped # 5 [4] Entry description, must be HTML escaped # 6 [5] Type, single char mapped to a string # 7 [6] Created by (user name or IP addr), must be HTML escaped # 8 [7] Creation timestamp, converted to Unix time_t by the database # 9 [8] Area name, must be HTML escaped # 10 [9] Room name, must be HTML escaped
function unslashes(&$var) { if (is_array($var)) { foreach ($var as $i => $n) { $var[$i] = unslashes($n); } } else { $var = stripcslashes($var); } return $var; }
require_once "../include/settings.class.php"; // Session related functions require_once "../include/session.inc.php"; // Paramètres langage include "../include/language.inc.php"; //Chargement des valeurs de la table settingS if (!Settings::load()) { die("Erreur chargement settings"); } $valid = isset($_POST["valid"]) ? $_POST["valid"] : 'no'; $etape = isset($_POST["etape"]) ? $_POST["etape"] : '0'; $adresse = isset($_POST["adresse"]) ? $_POST["adresse"] : NULL; $port = isset($_POST["port"]) ? $_POST["port"] : NULL; $login_ldap = isset($_POST["login_ldap"]) ? $_POST["login_ldap"] : NULL; $pwd_ldap = isset($_POST["pwd_ldap"]) ? $_POST["pwd_ldap"] : NULL; $pwd_ldap = unslashes($pwd_ldap); if (isset($_POST["use_tls"])) { if ($_POST["use_tls"] == 'y') { $use_tls = TRUE; } else { $use_tls = FALSE; } } else { $use_tls = FALSE; } $base_ldap = isset($_POST["base_ldap"]) ? $_POST["base_ldap"] : NULL; $base_ldap_autre = isset($_POST["base_ldap_autre"]) ? $_POST["base_ldap_autre"] : NULL; $ldap_filter = isset($_POST["ldap_filter"]) ? $_POST["ldap_filter"] : NULL; $titre_ldap = "Configuration de l'authentification LDAP"; if (isset($_POST['reg_ldap_statut'])) { if ($_POST['ldap_statut'] == "no_ldap") {
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ // On précise de ne pas traiter les données avec la fonction anti_inject $traite_anti_inject = 'no'; // Initialisations files require_once "../lib/initialisations.inc.php"; //$texte : le texte à afficher //$height : la hauteur de l'image //$width : la largeur de l'image //$colortxt : la couleur du texte de la forme #xxxxxx ou xxxxxx unset($height); $height = isset($_GET["height"]) ? $_GET["height"] : NULL; unset($width); $width = isset($_GET["width"]) ? $_GET["width"] : NULL; unset($texte); $texte = isset($_GET["texte"]) ? unslashes($_GET["texte"]) : NULL; unset($colortxt); $colortxt = isset($_GET["colortxt"]) ? $_GET["colortxt"] : NULL; $long_chaine = mb_strlen($texte); if ($height != '') { $haut_im = $height; } else { $haut_im = $long_chaine * 8; } if ($width != '') { $larg_im = $width; } else { $larg_im = 20; } Header("Content-Type: image/png"); $texte = urldecode($texte);