function connector_out_check_credentials($username, $password, $source_id) { global $dbh; $source_id += 0; if (!$username) { //--Utilisateur anonyme //Verifions si le groupe anonyme a le droit d'utiliser la source $sql = "SELECT COUNT(1) FROM connectors_out_sources_esgroups WHERE connectors_out_source_esgroup_sourcenum = " . $source_id . ' AND connectors_out_source_esgroup_esgroupnum = -1'; $count = mysql_result(mysql_query($sql, $dbh), 0, 0); $allowed = $count > 0; if ($allowed) { $sql = 'SELECT esgroup_pmbusernum FROM es_esgroups WHERE esgroup_id = -1'; $res = mysql_query($sql, $dbh); if (!mysql_numrows($res)) { return 1; } else { return mysql_result($res, 0, 0); } } return false; } else { if (strpos($username, "@") !== false) { //--Lecteur $login_info = explode("@", $username); if (count($login_info) != 2) { return false; } $empr_name = $login_info[0]; $es_group = $login_info[1]; if (!$empr_name || !$es_group) { return false; } //Cherchons le lecteur $empr_id = 0; $sql = "SELECT id_empr FROM empr WHERE empr_login = '******' AND empr_password = '******'"; $res = mysql_query($sql, $dbh); if (mysql_numrows($res)) { $empr_id = mysql_result($res, 0, 0); } //Pas trouvé? Plouf! if (!$empr_id) { return false; } //Cherchons le groupe $sql = "SELECT esgroup_id FROM es_esgroups WHERE esgroup_name = '" . addslashes($es_group) . "'"; $res = mysql_query($sql, $dbh); //Pas trouvé? Plouf! if (!mysql_numrows($res)) { return false; } $esgroup_id = mysql_result($res, 0, 0); $es_group = new es_esgroup($esgroup_id); //Vérifions que le lecteur est dans le groupe $sql = "SELECT SUM(EXISTS(SELECT 1 FROM empr_groupe WHERE empr_id = " . $empr_id . " AND groupe_id = esgroupuser_usernum)) > 0 AS in_group FROM es_esgroup_esusers WHERE esgroupuser_usertype = 2 AND esgroupuser_groupnum = " . $esgroup_id; $res = mysql_query($sql, $dbh); $empr_in_group = mysql_result($res, 0, 0); if (!$empr_in_group) { //Vil faquin, tu as cru pouvoir rentré en mentant sur ton groupe d'origine? Ca marche pas ici; plouf! return false; } //Verifions si le groupe a le droit d'utiliser la source $sql = "SELECT COUNT(1) FROM connectors_out_sources_esgroups WHERE connectors_out_source_esgroup_sourcenum = " . $source_id . ' AND connectors_out_source_esgroup_esgroupnum = ' . $esgroup_id; $count = mysql_result(mysql_query($sql, $dbh), 0, 0); $allowed = $count > 0; //Pas le droit? Plouf! if (!$allowed) { return false; } //Et voilà, tout est bon, ça passe return $es_group->esgroup_pmbuserid; } else { //--Utilisateur classique //Cherchons si cet utilisateur existe, et si oui, récupérons son groupe $esuser = es_esuser::create_from_credentials($username, $password); if (!$esuser) { return false; } $esgroup_id = $esuser->esuser_group; //Si l'utilisateur n'est pas dans un groupe, il ne peut pas avoir de droits, donc plouf if (!$esgroup_id) { return false; } //Verifions si le groupe a le droit d'utiliser la source $sql = "SELECT COUNT(1) FROM connectors_out_sources_esgroups WHERE connectors_out_source_esgroup_sourcenum = " . $source_id . ' AND connectors_out_source_esgroup_esgroupnum = ' . $esgroup_id; $count = mysql_result(mysql_query($sql, $dbh), 0, 0); $allowed = $count > 0; //Pas le droit? Plouf! if (!$allowed) { return false; } //Sinon on renvoi le pmbuserid associé au groupe $esgroup = new es_esgroup($esgroup_id); return $esgroup->esgroup_pmbuserid; } } return false; }
function update_esuser_from_form() { global $msg, $charset, $dbh, $id; global $esuser_username, $esuser_fullname, $esuser_password, $esuser_esgroup; if ($esuser_esgroup) { //Vérifions que le groupe existe if (!es_esgroup::id_exists($esuser_esgroup)) { print $msg['es_user_error_unknowngroup']; show_esuser_form(0, stripslashes($esuser_username), stripslashes($esuser_fullname), stripslashes($esuser_password), stripslashes($esuser_esgroup)); return false; } } if (!$id) { //Ajout d'un nouvel utilisateur if (!$esuser_username) { print $msg['es_user_error_emptyfield']; show_esuser_form(0, stripslashes($esuser_username), stripslashes($esuser_fullname), stripslashes($esuser_password), stripslashes($esuser_esgroup)); return false; } if (es_esuser::username_exists($esuser_username)) { print $msg['es_user_error_usernamealreadyexists']; show_esuser_form(0, stripslashes($esuser_username), stripslashes($esuser_fullname), stripslashes($esuser_password), stripslashes($esuser_esgroup)); return false; } $new_esuser = es_esuser::add_new(); $new_esuser->esuser_username = $esuser_username; $new_esuser->esuser_fullname = $esuser_fullname; $new_esuser->esuser_password = $esuser_password; $new_esuser->esuser_group = $esuser_esgroup; $new_esuser->commit_to_db(); } else { $theuser = new es_esuser($id); if ($the_user->error) { return false; } $theuser->esuser_username = $esuser_username; $theuser->esuser_fullname = $esuser_fullname; $theuser->esuser_password = $esuser_password; $theuser->esuser_group = $esuser_esgroup; $theuser->commit_to_db(); } return true; }