* */ /** * Class users: Contains all the functions and forms to manage users * * @author Claire Figueras * @license GPL * @package Maarch LetterBox 2.3 * @version 2.2 */ require_once("class_letterbox.php"); class users extends dbquery { /** * @access private * @var integer */ private $the_start; /** * SQL argument orderby name * @access private * @var string */ private $orderby; /** * SQL argument orderby * @access private * @var string */ private $sqlorderby; /** * Redefinition of the user object constructor : configure the SQL argument order by */ function __construct() { // configure the sql argument order by if(isset($_GET['start'])) { $this->the_start = strip_tags($_GET['start']); } else { $this->the_start = 0; } if(isset($_GET['order'])) { $this->orderby = strip_tags($_GET['order']); } else { $this->orderby = "nameasc"; } $this->sqlorderby = ""; if($this->orderby == "nameasc") { $this->sqlorderby = "order by LastName asc"; } if($this->orderby == "namedesc") { $this->sqlorderby = "order by LastName desc"; } if($this->orderby == "userasc") { $this->sqlorderby = "order by User_Id asc"; } if($this->orderby == "userdesc") { $this->sqlorderby = "order by User_Id desc"; } if($this->orderby == "statusasc") { $this->sqlorderby = "order by Status asc"; } if($this->orderby == "statusdesc") { $this->sqlorderby = "order by Status desc"; } if($this->orderby == "mailasc") { $this->sqlorderby = "order by Mail asc"; } if($this->orderby == "maildesc") { $this->sqlorderby = "order by Mail desc"; } } /** * Loads data related to the user groups (group name, role, primary group or not) in session variables * */ public function load_groups() { $_SESSION['user']['groups'] = array(); $_SESSION['user']['primarygroup'] =""; $this->connect(); $this->query("select uc.GROUP_ID, uc.PRIMARY_GROUP, uc.ROLE, u.CONSULT_GROUP from ".$_SESSION['tablename']['usergroup_content']." uc , ".$_SESSION['tablename']['usergroups']." u where uc.USER_ID ='".$_SESSION['user']['UserId']."' and u.GROUP_ID = uc.GROUP_ID and u.ENABLED= 'Y'"); if($this->nb_result() < 1) { $_SESSION['error'] = _USER_NO_GROUP.'. '._MORE_INFOS." ".$_SESSION['config']['adminname'].""; header("location: index.php"); exit; } else { $i =0; while($line = $this->fetch_object()) { $_SESSION['user']['groups'][$i]['GROUP_ID'] = $line->GROUP_ID; if($line->PRIMARY_GROUP == 'Y') { $_SESSION['user']['primarygroup'] = $line->GROUP_ID; } $_SESSION['user']['groups'][$i]['ROLE'] = $line->ROLE; $_SESSION['user']['groups'][$i]['CONSULT_GROUP'] = $line->CONSULT_GROUP; $i++; } } } /** * Loads in session variables, the security parameters corresponding to the user groups. * */ public function load_security() { $this->connect(); $this->query("SELECT s.GROUP_ID, s.RES_TABLE, s.WHERE_CLAUSE , s.CAN_INSERT, s.CAN_UPDATE FROM ".$_SESSION['tablename']['security']." s, ".$_SESSION['tablename']['usergroup_content']." ugc , ".$_SESSION['tablename']['usergroups']." u WHERE ugc.user_id='".$_SESSION['user']['UserId']."' and ugc.group_id = s.group_id and ugc.group_id = u.group_id and u.enabled = 'Y'"); $_SESSION['user']['tables'] =array(); $_SESSION['user']['security'] = array(); $_SESSION['user']['can_index'] = false; $_SESSION['user']['can_postindex'] = false; $i =0; $can_index = false; $can_postindex = false; while($line = $this->fetch_object()) { if( ! in_array($line->RES_TABLE, $_SESSION['user']['tables'] ) ) { $_SESSION['user']['security'][$i]['table'] = $line->RES_TABLE; if($line->WHERE_CLAUSE <> "") { $where = "( ".$line->WHERE_CLAUSE." )"; } else { $where = "( 1=1 )"; } $_SESSION['user']['security'][$i]['where'] = $where; $_SESSION['user']['security'][$i]['can_insert'] = $line->CAN_INSERT; if ($line->CAN_INSERT == 'Y') { $can_index = true; } if ($line->CAN_UPDATE == 'Y') { $can_postindex = true; } $_SESSION['user']['security'][$i]['can_update'] = $line->CAN_UPDATE; array_push($_SESSION['user']['tables'] , $line->RES_TABLE); $i++; } else { $key = array_search($line->RES_TABLE, $_SESSION['user']['tables'] ); if($line->WHERE_CLAUSE == "") { $where = "( 1=1 )"; } else { $where = "( ".$line->WHERE_CLAUSE." )"; } $_SESSION['user']['security'][$key]['where'] .= " or ".$where; if($line->CAN_INSERT == 'Y') { $_SESSION['user']['security'][$key]['can_insert'] = $line->CAN_INSERT; $can_index = true; } if($line->CAN_UPDATE == 'Y') { $_SESSION['user']['security'][$key]['can_update'] = $line->CAN_UPDATE; $can_postindex = true; } } } $_SESSION['user']['can_index'] = $can_index; $_SESSION['user']['can_postindex'] = $can_postindex; } /** * Loads the baskets datas into session variables * */ private function load_basket() { $grouplist = ""; for($i=0; $i < count($_SESSION['user']['groups']); $i++) { $grouplist .= "'".$_SESSION['user']['groups'][$i]['GROUP_ID']."' , "; } $grouplist = ereg_replace(" , $", "", $grouplist); $_SESSION['user']['baskets'] = array(); $tmp = array(); $baskets = array(); $rights_basket = array(); $this->query("select BASKET_ID, SEQUENCE, CAN_REDIRECT, CAN_DELETE, CAN_INSERT from ".$_SESSION['tablename']['groupbasket']." where GROUP_ID = '".$_SESSION['user']['primarygroup']."' "); $i =0; while($line = $this->fetch_object()) { /*array_push($tmp, $line->SEQUENCE); $baskets[$line->SEQUENCE] = $line->BASKET_ID; $rights_basket[$line->SEQUENCE] = array("REDIRECT" => $line->CAN_REDIRECT, "DELETE" => $line->CAN_DELETE, "DUPLICATION" => $line->CAN_INSERT, "PAGE" => $line->RESULT_PAGE);*/ array_push($tmp, $i); $baskets[$i] = $line->BASKET_ID; $rights_basket[$i] = array("REDIRECT" => $line->CAN_REDIRECT, "DELETE" => $line->CAN_DELETE, "DUPLICATION" => $line->CAN_INSERT, "PAGE" => $line->RESULT_PAGE); $i++; } sort($tmp); //$this->show_array($tmp); //exit; if($_SESSION['user']['admin']) { $_SESSION['basket_page'] = array(); $xmlfile = simplexml_load_file("xml/basketpage.xml"); $i =0; foreach($xmlfile->BASKETPAGE as $BASKETPAGE) { $_SESSION['basket_page'][$i] = array("ID" => utf8_decode((string) $BASKETPAGE->NAME), "LABEL" => utf8_decode((string) $BASKETPAGE->LABEL)); //$_SESSION['basket_page'][$i]['ID'] = utf8_decode((string) $BASKETPAGE->NAME); //$_SESSION['basket_page'][$i]['LABEL'] = utf8_decode((string) $BASKETPAGE->LABEL); $i++; } } $usertmp = "'".$_SESSION['user']['UserId']."'"; for($k = 0; $k < count($tmp); $k++) { $this->query("select RESULT_PAGE from ".$_SESSION['tablename']['groupbasket']." where BASKET_ID ='".$baskets[$tmp[$k]]."' and GROUP_ID = '".$_SESSION['user']['primarygroup']."'"); $ligne = $this->fetch_object(); $_SESSION['user']['baskets'][$k ]['page'] = $ligne->RESULT_PAGE; $this->query("select DISTINCT REDIRECT_GROUPLIST from ".$_SESSION['tablename']['groupbasket']." where BASKET_ID ='".$baskets[$tmp[$k]]."' and GROUP_ID in (".$grouplist.") AND (REDIRECT_GROUPLIST <> '')" ); $tab = array(); $tab = $this->fetch_array(); $is_userlist = false ; if ($this->nb_result() > 0 && $tab[0] <> NULL) { $grouptmp = array(); $this->query("select DISTINCT REDIRECT_GROUPLIST from ".$_SESSION['tablename']['groupbasket']." where BASKET_ID ='".$baskets[$tmp[$k]]."' and GROUP_ID in (".$grouplist.") AND (REDIRECT_GROUPLIST <> '')" ); while($line2 = $this->fetch_object() ) { $groups = array(); $groups = explode(";", $line2->REDIRECT_GROUPLIST); $grouptmp = array_merge($grouptmp, $groups); } $grouptmp2 = ""; for($comp=0; $comp < count($grouptmp); $comp++) { $grouptmp2 = trim($grouptmp[$comp]); $grouptmp[$comp] = $grouptmp2; } $groupusers = ""; $groupusers = implode(",", $grouptmp); $is_userlist = false; //echo $groupusers."
"; if(trim($groupusers) <> "") { $this->query("select DISTINCT USER_ID from ".$_SESSION['tablename']['usergroup_content']." where GROUP_ID in (".trim($groupusers).")"); $userlist = ""; while($line2 = $this->fetch_object() ) { $userlist .= "'".trim($line2->USER_ID)."' , "; } $userlist = ereg_replace(" , $", "", $userlist); //echo $userlist."
"; $is_userlist = true; } } $temp= ""; $this->query("select * from ".$_SESSION['tablename']['baskets']." where BASKET_ID ='".$baskets[$tmp[$k]]."'"); $line2 = $this->fetch_object(); $_SESSION['user']['baskets'][$k]['basket_id'] = $baskets[$tmp[$k]]; $_SESSION['user']['baskets'][$k ]['table'] = $line2->RES_TABLE; $_SESSION['user']['baskets'][$k ]['desc'] = $line2->BASKET_DESC; $_SESSION['user']['baskets'][$k ]['name'] = $line2->BASKET_NAME; $temp = $line2->BASKET_CLAUSE; if($is_userlist == true) { $temp = str_replace("@groupuser", $userlist , $temp); //echo $temp."
"; } $temp = str_replace("@user", $usertmp , $temp); $_SESSION['user']['baskets'][$k ]['clause']= "( ".$temp." )"; //echo $_SESSION['user']['baskets'][$k ]['clause'].'
'; //echo $_SESSION['user']['baskets'][$k ]['name'].'

'; for($j=0; $j < count($_SESSION['user']['security']); $j++) { if( $_SESSION['user']['baskets'][$k ]['table'] == $_SESSION['user']['security'][$j]['table'] ) { if($_SESSION['user']['security'][$j]['can_insert'] == 'Y' && $rights_basket[$tmp[$k]]['DUPLICATION'] == 'Y') { $_SESSION['user']['baskets'][$k]['can_insert'] = true; } else { $_SESSION['user']['baskets'][$k]['can_insert'] = false; } if($_SESSION['user']['security'][$j]['can_insert'] == 'Y' ) { $_SESSION['user']['baskets'][$k]['can_modify'] = true; } else { $_SESSION['user']['baskets'][$k]['can_modify'] = false; } if($_SESSION['user']['security'][$j]['can_update'] == 'Y' && $rights_basket[$tmp[$k]]['DELETE'] == 'Y') { $_SESSION['user']['baskets'][$k]['can_delete'] = true; } else { $_SESSION['user']['baskets'][$k]['can_delete'] = false; } //echo $_SESSION['user']['baskets'][$k]['clause'].'
'; $_SESSION['user']['baskets'][$k]['can_redirect'] = $rights_basket[$tmp[$k]]['REDIRECT']; break; } } } } /** * Loads a virtual basket to process mail when an user is missing. * */ private function load_basket_abs() { $usertmp = "'".$_SESSION['user']['UserId']."'"; $this->query("select mu.USER_ABS, mu.NEW_USER, u.LASTNAME, u.FIRSTNAME from ".$_SESSION['tablename']['missing_user']." mu, ".$_SESSION['tablename']['users']." u where mu.NEW_USER =".$usertmp." and u.USER_ID = mu.USER_ABS"); //$this->show(); while ($line = $this->fetch_object()) { $tmp = array(); $tmp['basket_id'] = "ABS_".$line->USER_ABS; $tmp['table'] = "res_x"; $tmp['page'] = "mail_process"; $tmp['desc'] = _PROCESS_MAIL_OF." ".$line->FIRSTNAME.' '.$line->LASTNAME; $tmp['name'] = _PROCESS_MAIL_OF." ".$line->FIRSTNAME.' '.$line->LASTNAME; $tmp['clause']= "( ( STATUS='NEW' or STATUS='COU' ) AND DEST_USER ='".$line->USER_ABS."' )"; $tmp['can_insert']=1; $tmp['can_modify']=1; $tmp['can_delete'] = 1; $tmp['can_redirect'] = "Y"; array_push ($_SESSION['user']['baskets'], $tmp); } } /** * Loads status from users and create var when he's missing. * */ private function load_activity_user() { $the_user = $_SESSION['user']['UserId']; $this->query("SELECT count(*) as TOTAL from ".$_SESSION['tablename']['missing_user']." where USER_ABS='".$the_user."'"); //$this->show(); $line = $this-> fetch_object(); if ($line-> TOTAL == 1) { $_SESSION['abs_user_status'] = "true"; } else { $_SESSION['abs_user_status'] = ""; } } /** * Loads the dpartment datas into session variables * */ private function load_services() { $this->connect(); $_SESSION['user']['services'] = array(); $tab_services = array(); for($i=0; $i < count($_SESSION['user']['groups']); $i++) { if($_SESSION['user']['groups'][$i]['CONSULT_GROUP'] == 'Y') { $this->query("select WHERE_CLAUSE from ".$_SESSION['tablename']['security']." where GROUP_ID = '".$_SESSION['user']['groups'][$i]['GROUP_ID']."' and RES_TABLE = '".$_SESSION['ressources'][0]['tablename']."' and WHERE_CLAUSE like '%DESTINATION IN%' "); //$this->show(); $line = $this->fetch_object(); $tmp = trim($line->WHERE_CLAUSE); $tmp = str_replace("DESTINATION IN (", "", $tmp); $tmp = str_replace(")", "", $tmp); $tmp = str_replace("'", "", $tmp); if(ereg(",",$tmp)) { $tab = array(); $tab = explode(",", $tmp); for($j=0; $j< count($tab); $j++) { if(!in_array(trim($tab[$j]), $tab_services)) { array_push($tab_services, trim($tab[$j])); } } } else { if(!in_array(trim($tmp), $tab_services) && !empty($tmp)) { array_push($tab_services, trim($tmp)); } } } } for($i=0; $i < count($tab_services); $i++) { $this->query("select * from ".$_SESSION['tablename']['services']." where ID = '".$tab_services[$i]."'"); //$this->show(); if($this->nb_result() > 0) { $line = $this->fetch_object(); array_push($_SESSION['user']['services'], array( 'ID' => $tab_services[$i], 'LABEL' => $line->SERVICE)); } } } /** * To log a user * * @param string $s_login user login * @param string $pass user password */ public function login($s_login,$pass) { // To log a user $this->connect(); $this->query("select * from ".$_SESSION['tablename']['users']." where User_Id = '".$s_login."' and password = '".$pass."' and STATUS <> 'DEL'"); if($this->nb_result() > 0) { $line = $this->fetch_object(); if($line->ENABLED == "Y") { $_SESSION['user']['change_pass'] = $line->CHANGE_PASSWORD; $_SESSION['user']['UserId'] = $line->USER_ID; $_SESSION['user']['FirstName'] = $line->FIRSTNAME; $_SESSION['user']['LastName'] = $line->LASTNAME; $_SESSION['user']['Phone'] = $line->PHONE; $_SESSION['user']['Mail'] = $line->MAIL; $_SESSION['user']['department'] = $line->DEPARTMENT; $_SESSION['user']['Fonction'] = $line->FONCTION; $_SESSION['error'] = ""; setcookie("maarch", "UserId=".$_SESSION['user']['UserId']."&key=".$line->COOKIE_KEY,time()-3600000); $key = md5(time()."%".$_SESSION['user']['FirstName']."%".$_SESSION['user']['UserId']."%".$_SESSION['user']['UserId']."%".date("dmYHmi")."%"); $this->query("update ".$_SESSION['tablename']['users']." set cookie_key = '".$key."', cookie_date = '".date("Y-m-d")." ".date("H:m:i")."' where User_Id = '".$_SESSION['user']['UserId']."' and Mail = '".$_SESSION['user']['Mail']."'"); setcookie("maarch", "UserId=".$_SESSION['user']['UserId']."&key=".$key,time()+3600000); $this->query("select SERVICE from ".$_SESSION['tablename']['services']." where ID = '".$_SESSION['user']['department']."'"); $res = $this->fetch_object(); $_SESSION['user']['department_label'] = $res->SERVICE; $this->load_groups(); $this->query("SELECT u.ADMINISTRATOR FROM ".$_SESSION['tablename']['usergroup_content']." ugc, ".$_SESSION['tablename']['usergroups']." u where ugc.user_id = '".$_SESSION['user']['UserId']."' and ugc.group_id = u.group_id and u.enabled ='Y' and u.ADMINISTRATOR ='Y' "); $_SESSION['user']['admin'] = false; if($this->nb_result() > 0) { $_SESSION['user']['admin'] = true; } $this->query("SELECT u.EXPORT FROM ".$_SESSION['tablename']['usergroup_content']." ugc, ".$_SESSION['tablename']['usergroups']." u where ugc.user_id = '".$_SESSION['user']['UserId']."' and ugc.group_id = u.group_id and u.enabled ='Y' and u.EXPORT ='Y' "); $_SESSION['user']['export'] = false; if($this->nb_result() > 0) { $_SESSION['user']['export'] = true; } $this->query("SELECT u.VIEW_RELANCE FROM ".$_SESSION['tablename']['usergroup_content']." ugc, ".$_SESSION['tablename']['usergroups']." u where ugc.user_id = '".$_SESSION['user']['UserId']."' and ugc.group_id = u.group_id and u.enabled ='Y' and u.VIEW_RELANCE='Y' "); $_SESSION['user']['view_relance'] = false; if($this->nb_result() > 0) { $_SESSION['user']['view_relance'] = true; } $this->query("SELECT u.VIEW_STATS FROM ".$_SESSION['tablename']['usergroup_content']." ugc, ".$_SESSION['tablename']['usergroups']." u where ugc.user_id = '".$_SESSION['user']['UserId']."' and ugc.group_id = u.group_id and u.enabled ='Y' and u.VIEW_STATS='Y' "); $_SESSION['user']['view_stats'] = false; if($this->nb_result() > 0) { $_SESSION['user']['view_stats'] = true; } $this->query("SELECT u.MODIF_RIGHTS FROM ".$_SESSION['tablename']['usergroup_content']." ugc, ".$_SESSION['tablename']['usergroups']." u where ugc.user_id = '".$_SESSION['user']['UserId']."' and ugc.group_id = u.group_id and u.enabled ='Y' and u.MODIF_RIGHTS='Y' "); $_SESSION['user']['modif_rights'] = false; if($this->nb_result() > 0) { $_SESSION['user']['modif_rights'] = true; } $this->load_security(); $this->load_activity_user(); $this->load_basket(); $this->load_basket_abs(); $this->load_services(); $this->load_emet(); /****************************/ /* $ip = $_SERVER['REMOTE_ADDR']; $navigateur = addslashes($_SERVER['HTTP_USER_AGENT']); $host = gethostbyaddr($_SERVER['REMOTE_ADDR']); $this->query("INSERT into connexion_history (IP, BROWSER, HOST, DATE) VALUES ('".$ip."', '".$navigateur."', '".$host."', now())");*/ /***************************/ if($_SESSION['user']['change_pass'] == 'Y') { header("location: change_pass.php"); exit; } if($_SESSION['req_type'] == "scan") { header("location: index_scansnap.php"); exit; } elseif($_SESSION['req_type'] == "files") { header("location: file_index.php"); exit; } else { header("location: index.php?page=".$_SESSION["config"]["defaultPage"].".php"); exit; } } else { $_SESSION['error'] = _SUSPENDED_ACCOUNT.'. '._MORE_INFOS." ".$_SESSION['config']['adminname'].""; header("location: login.php"); exit; } } else { $_SESSION['error'] = _BAD_LOGIN_OR_PSW."..."; header("location: login.php"); exit; } } /** * To log a user * * @param string $s_login user login * @param string $pass user password */ public function login_gdi($s_login,$pass, $gdi_id) { // To log a user $this->connect(); $this->query("select * from ".$_SESSION['tablename']['users']." where User_Id = '".$s_login."' and password = '".$pass."' and STATUS <> 'DEL'"); //echo "test"; exit(); if($this->nb_result() > 0) { $line = $this->fetch_object(); if($line->ENABLED == "Y") { $_SESSION['user']['change_pass'] = $line->CHANGE_PASSWORD; $_SESSION['user']['UserId'] = $line->USER_ID; $_SESSION['user']['FirstName'] = $line->FIRSTNAME; $_SESSION['user']['LastName'] = $line->LASTNAME; $_SESSION['user']['Phone'] = $line->PHONE; $_SESSION['user']['Mail'] = $line->MAIL; $_SESSION['user']['department'] = $line->DEPARTMENT; $_SESSION['user']['Fonction'] = $line->FONCTION; $_SESSION['error'] = ""; setcookie("maarch", "UserId=".$_SESSION['user']['UserId']."&key=".$line->COOKIE_KEY,time()-3600000); $key = md5(time()."%".$_SESSION['user']['FirstName']."%".$_SESSION['user']['UserId']."%".$_SESSION['user']['UserId']."%".date("dmYHmi")."%"); $this->query("update ".$_SESSION['tablename']['users']." set cookie_key = '".$key."', cookie_date = '".date("Y-m-d")." ".date("H:m:i")."' where User_Id = '".$_SESSION['user']['UserId']."' and Mail = '".$_SESSION['user']['Mail']."'"); setcookie("maarch", "UserId=".$_SESSION['user']['UserId']."&key=".$key,time()+3600000); $this->query("select SERVICE from ".$_SESSION['tablename']['services']." where ID = '".$_SESSION['user']['department']."'"); $res = $this->fetch_object(); $_SESSION['user']['department_label'] = $res->SERVICE; $this->load_groups(); $this->query("SELECT u.ADMINISTRATOR FROM ".$_SESSION['tablename']['usergroup_content']." ugc, ".$_SESSION['tablename']['usergroups']." u where ugc.user_id = '".$_SESSION['user']['UserId']."' and ugc.group_id = u.group_id and u.enabled ='Y' and u.ADMINISTRATOR ='Y' "); $_SESSION['user']['admin'] = false; if($this->nb_result() > 0) { $_SESSION['user']['admin'] = true; } $this->query("SELECT u.EXPORT FROM ".$_SESSION['tablename']['usergroup_content']." ugc, ".$_SESSION['tablename']['usergroups']." u where ugc.user_id = '".$_SESSION['user']['UserId']."' and ugc.group_id = u.group_id and u.enabled ='Y' and u.EXPORT ='Y' "); $_SESSION['user']['export'] = false; if($this->nb_result() > 0) { $_SESSION['user']['export'] = true; } $this->query("SELECT u.VIEW_RELANCE FROM ".$_SESSION['tablename']['usergroup_content']." ugc, ".$_SESSION['tablename']['usergroups']." u where ugc.user_id = '".$_SESSION['user']['UserId']."' and ugc.group_id = u.group_id and u.enabled ='Y' and u.VIEW_RELANCE='Y' "); $_SESSION['user']['view_relance'] = false; if($this->nb_result() > 0) { $_SESSION['user']['view_relance'] = true; } $this->query("SELECT u.VIEW_STATS FROM ".$_SESSION['tablename']['usergroup_content']." ugc, ".$_SESSION['tablename']['usergroups']." u where ugc.user_id = '".$_SESSION['user']['UserId']."' and ugc.group_id = u.group_id and u.enabled ='Y' and u.VIEW_STATS='Y' "); $_SESSION['user']['view_stats'] = false; if($this->nb_result() > 0) { $_SESSION['user']['view_stats'] = true; } $this->query("SELECT u.MODIF_RIGHTS FROM ".$_SESSION['tablename']['usergroup_content']." ugc, ".$_SESSION['tablename']['usergroups']." u where ugc.user_id = '".$_SESSION['user']['UserId']."' and ugc.group_id = u.group_id and u.enabled ='Y' and u.MODIF_RIGHTS='Y' "); $_SESSION['user']['modif_rights'] = false; if($this->nb_result() > 0) { $_SESSION['user']['modif_rights'] = true; } $this->load_security(); $this->load_activity_user(); $this->load_basket(); $this->load_basket_abs(); $this->load_services(); $this->load_emet(); /****************************/ /* $ip = $_SERVER['REMOTE_ADDR']; $navigateur = addslashes($_SERVER['HTTP_USER_AGENT']); $host = gethostbyaddr($_SERVER['REMOTE_ADDR']); $this->query("INSERT into connexion_history (IP, BROWSER, HOST, DATE) VALUES ('".$ip."', '".$navigateur."', '".$host."', now())");*/ /***************************/ $this->query("SELECT * FROM res_x WHERE GID_ID = '".$gdi_id."' "); $res_gdi = $this->fetch_object(); header("location: view_gdi.php?id=".$res_gdi->RES_ID); exit; } else { $_SESSION['error'] = _SUSPENDED_ACCOUNT.'. '._MORE_INFOS." ".$_SESSION['config']['adminname'].""; header("location: login.php"); exit; } } else { $_SESSION['error'] = _BAD_LOGIN_OR_PSW."..."; header("location: login.php"); exit; } } /** * Load the shipper in session * */ public function load_emet() { $db = new dbquery(); $db->connect(); $db->query("SELECT * FROM ".$_SESSION['tablename']['senders']." order by LASTNAME"); $_SESSION['emetteur'] = array(); while ($emet_res = $db->fetch_object()) { array_push($_SESSION['emetteur'], array('NOM' => $emet_res->LASTNAME, 'PRENOM' =>$emet_res->FIRSTNAME, 'SOCIETE' => $emet_res->SOCIETY) ); } } /** * To reopen a session with the user's cookie * * @param string $s_UserId user identifier * @param string $s_key cookie key */ public function reopen($s_UserId,$s_key) { // to reopen a session with the user's cookie $this->connect(); $this->query("select * from ".$_SESSION['tablename']['users']." where User_Id = '".$s_UserId."' and cookie_key = '".$s_key."' and STATUS <> 'DEL'"); if($this->nb_result() > 0) { $line = $this->fetch_object(); if($line->ENABLED == "Y") { $_SESSION['user']['UserId'] = $line->USER_ID; $_SESSION['user']['FirstName'] = $line->FIRSTNAME; $_SESSION['user']['LastName'] = $line->LASTNAME; $_SESSION['user']['Phone'] = $line->PHONE; $_SESSION['user']['Mail'] = $line->MAIL; $_SESSION['user']['department'] = $line->DEPARTMENT; $_SESSION['user']['Fonction'] = $line->FONCTION; $_SESSION['error'] = ""; setcookie("maarch", "UserId=".$_SESSION['user']['UserId']."&key=".$line->COOKIE_KEY,time()-3600000); $key = md5(time()."%".$_SESSION['user']['FirstName']."%".$_SESSION['user']['UserId']."%".$_SESSION['user']['UserId']."%".date("dmYHmi")."%"); $this->query("update ".$_SESSION['tablename']['users']." set cookie_key = '".$key."', cookie_date = '".date("Y-m-d")." ".date("H:m:i")."' where User_Id = '".$_SESSION['user']['UserId']."' and Mail = '".$_SESSION['user']['Mail']."'"); setcookie("maarch", "UserId=".$_SESSION['user']['UserId']."&key=".$key,time()+3600000); $this->query("select SERVICE from ".$_SESSION['tablename']['services']." where ID = '".$_SESSION['user']['department']."'"); $res = $this->fetch_object(); $_SESSION['user']['department_label'] = $res->SERVICE; $this->load_groups(); $this->query("SELECT u.ADMINISTRATOR FROM ".$_SESSION['tablename']['usergroup_content']." ugc, ".$_SESSION['tablename']['usergroups']." u where ugc.user_id = '".$_SESSION['user']['UserId']."' and ugc.group_id = u.group_id and u.enabled ='Y' and u.ADMINISTRATOR ='Y' "); $_SESSION['user']['admin'] = false; if($this->nb_result() > 0) { $_SESSION['user']['admin'] = true; } $this->query("SELECT u.VIEW_RELANCE FROM ".$_SESSION['tablename']['usergroup_content']." ugc, ".$_SESSION['tablename']['usergroups']." u where ugc.user_id = '".$_SESSION['user']['UserId']."' and ugc.group_id = u.group_id and u.enabled ='Y' and u.VIEW_RELANCE='Y' "); $_SESSION['user']['view_relance'] = false; if($this->nb_result() > 0) { $_SESSION['user']['view_relance'] = true; } $this->query("SELECT u.VIEW_STATS FROM ".$_SESSION['tablename']['usergroup_content']." ugc, ".$_SESSION['tablename']['usergroups']." u where ugc.user_id = '".$_SESSION['user']['UserId']."' and ugc.group_id = u.group_id and u.enabled ='Y' and u.VIEW_STATS='Y' "); $_SESSION['user']['view_stats'] = false; if($this->nb_result() > 0) { $_SESSION['user']['view_stats'] = true; } $this->query("SELECT u.EXPORT FROM ".$_SESSION['tablename']['usergroup_content']." ugc, ".$_SESSION['tablename']['usergroups']." u where ugc.user_id = '".$_SESSION['user']['UserId']."' and ugc.group_id = u.group_id and u.enabled ='Y' and u.EXPORT ='Y' "); $_SESSION['user']['export'] = false; if($this->nb_result() > 0) { $_SESSION['user']['export'] = true; } $this->query("SELECT u.MODIF_RIGHTS FROM ".$_SESSION['tablename']['usergroup_content']." ugc, ".$_SESSION['tablename']['usergroups']." u where ugc.user_id = '".$_SESSION['user']['UserId']."' and ugc.group_id = u.group_id and u.enabled ='Y' and u.MODIF_RIGHTS='Y' "); $_SESSION['user']['modif_rights'] = false; if($this->nb_result() > 0) { $_SESSION['user']['modif_rights'] = true; } $this->load_security(); $this->load_activity_user(); $this->load_basket(); $this->load_basket_abs(); $this->load_services(); $this->load_emet(); /****************************/ /* $ip = $_SERVER['REMOTE_ADDR']; $navigateur = addslashes($_SERVER['HTTP_USER_AGENT']); $host = gethostbyaddr($_SERVER['REMOTE_ADDR']); $this->query("INSERT into connexion_history (IP, BROWSER, HOST, DATE) VALUES ('".$ip."', '".$navigateur."', '".$host."', now())");*/ /***************************/ if($_SESSION['user']['change_pass'] == 'Y') { header("location: change_pass.php"); exit; } if($_SESSION['req_type'] == "scan") { header("location: index_scansnap.php"); exit; } elseif($_SESSION['req_type'] == "files") { header("location: file_index.php"); exit; } else { header("location: index.php?page=".$_SESSION["config"]["defaultPage"].".php"); exit; } } else { $_SESSION['error'] = _SUSPENDED_ACCOUNT.'. '._MORE_INFOS." ".$_SESSION['config']['adminname'].""; header("location: login.php"); exit; } } else { header("location: login.php"); exit; } } /** * Build Maarch configuration into sessions vars with an xml configuration file */ public function build_config() { // build Maarch configuration into sessions vars $xmlconfig = simplexml_load_file('xml/config.xml'); $initLB= new LetterBox(); $initLB->xmltosessionletterbox(); foreach($xmlconfig->CONFIG as $CONFIG) { $_SESSION['config']['databaseserver'] = utf8_decode((string) $CONFIG->databaseserver); $_SESSION['config']['databasename'] = utf8_decode((string) $CONFIG->databasename); $_SESSION['config']['databaseuser'] = utf8_decode((string) $CONFIG->databaseuser); $_SESSION['config']['databasepassword'] = utf8_decode((string) $CONFIG->databasepassword); $_SESSION['config']['ftpserver'] = utf8_decode((string) $CONFIG->ftpserver); $_SESSION['config']['ftpport'] = utf8_decode((string) $CONFIG->ftpport); $_SESSION['config']['ftpuser'] = utf8_decode((string) $CONFIG->ftpuser); $_SESSION['config']['ftppassword'] = utf8_decode((string) $CONFIG->ftppassword); $_SESSION['config']['ftphomedir'] = utf8_decode((string) $CONFIG->ftphomedir); $_SESSION['config']['nblinetoshow'] = utf8_decode((string) $CONFIG->nblinetoshow); $_SESSION['config']['limitcharsearch'] = utf8_decode((string) $CONFIG->limitcharsearch); $_SESSION['config']['lang'] = utf8_decode((string) $CONFIG->lang); $_SESSION['config']['adminmail'] = utf8_decode((string) $CONFIG->adminmail); $_SESSION['config']['adminname'] = utf8_decode((string) $CONFIG->adminname); $_SESSION['config']['enabledadvsearch'] = utf8_decode((string) $CONFIG->enabledadvsearch); $_SESSION['config']['enabledquicksearch'] = utf8_decode((string) $CONFIG->enabledquicksearch); $_SESSION['config']['enabledindexfile'] = utf8_decode((string) $CONFIG->enabledindexfile); $_SESSION['config']['enabledvideo'] = utf8_decode((string) $CONFIG->enabledvideo); $_SESSION['config']['enableddir'] = utf8_decode((string) $CONFIG->enableddir); $_SESSION['config']['enabledvalidation'] = utf8_decode((string) $CONFIG->enabledvalidation); $_SESSION['config']['enabledprocess'] = utf8_decode((string) $CONFIG->enabledprocess); $_SESSION['config']['enablestats'] = utf8_decode((string) $CONFIG->enablestats); $_SESSION['config']['enablechangenotif'] = utf8_decode((string) $CONFIG->enablechangenotif); $_SESSION['config']['shortcut'] = utf8_decode((string) $CONFIG->shortcut); $_SESSION['config']['xmlpath'] = utf8_decode((string) $CONFIG->xmlpath); $_SESSION['config']['debug'] = utf8_decode((string) $CONFIG->debug); $_SESSION['config']['applicationname'] = utf8_decode((string) $CONFIG->applicationname); $_SESSION['config']['css'] = utf8_decode((string) $CONFIG->css); $_SESSION['config']['css_IE'] = utf8_decode((string) $CONFIG->css_ie); $_SESSION['config']['css_IE7'] = utf8_decode((string) $CONFIG->css_ie7); $_SESSION['config']['img'] = utf8_decode((string) $CONFIG->img); $_SESSION['config']['system'] = utf8_decode((string) $CONFIG->UNIXserver); $_SESSION['config']['MaarchURL'] = utf8_decode((string) $CONFIG->MaarchURL); $_SESSION['config']['url'] = utf8_decode((string) $CONFIG->URL); $_SESSION['config']['defaultPage'] = utf8_decode((string) $CONFIG->defaultPage); $_SESSION['config']['exportlist'] = utf8_decode((string) $CONFIG->exportlist); $_SESSION['config']['corporate'] = utf8_decode((string) $CONFIG->corporate); $_SESSION['config']['cookietime'] = utf8_decode((string) $CONFIG->CookieTime); } foreach($xmlconfig->TABLENAME as $TABLENAME) { $_SESSION['tablename']['arboxes'] = utf8_decode((string) $TABLENAME->arboxes); $_SESSION['tablename']['arcontainers'] = utf8_decode((string) $TABLENAME->arcontainers); $_SESSION['tablename']['authors'] = utf8_decode((string) $TABLENAME->authors); $_SESSION['tablename']['baskets'] = utf8_decode((string) $TABLENAME->baskets); $_SESSION['tablename']['docservers'] = utf8_decode((string) $TABLENAME->docservers); $_SESSION['tablename']['doctypes'] = utf8_decode((string) $TABLENAME->doctypes); $_SESSION['tablename']['ext_docserver'] = utf8_decode((string) $TABLENAME->extdocserver); $_SESSION['tablename']['fulltext'] = utf8_decode((string) $TABLENAME->fulltext); $_SESSION['tablename']['groupbasket'] = utf8_decode((string) $TABLENAME->groupbaskets); $_SESSION['tablename']['groupsecurity'] = utf8_decode((string) $TABLENAME->groupsecurity); $_SESSION['tablename']['history'] = utf8_decode((string) $TABLENAME->history); $_SESSION['tablename']['listinstance'] = utf8_decode((string) $TABLENAME->listinstance); $_SESSION['tablename']['listmodel'] = utf8_decode((string) $TABLENAME->listmodel); $_SESSION['tablename']['models'] = utf8_decode((string) $TABLENAME->models); $_SESSION['tablename']['model_service'] = utf8_decode((string) $TABLENAME->model_service); $_SESSION['tablename']['param'] = utf8_decode((string) $TABLENAME->param); $_SESSION['tablename']['resgroups'] = utf8_decode((string) $TABLENAME->resgroups); $_SESSION['tablename']['resgroup_content'] = utf8_decode((string) $TABLENAME->resgroup_content); $_SESSION['tablename']['security'] = utf8_decode((string) $TABLENAME->security); $_SESSION['tablename']['usergroups'] = utf8_decode((string) $TABLENAME->usergroups); $_SESSION['tablename']['usergroup_content'] = utf8_decode((string) $TABLENAME->usergroupcontent); $_SESSION['tablename']['users'] = utf8_decode((string) $TABLENAME->users); $_SESSION['tablename']['services'] = utf8_decode((string) $TABLENAME->services); $_SESSION['tablename']['missing_user'] = utf8_decode((string) $TABLENAME->missing_user); $_SESSION['tablename']['senders'] = utf8_decode((string) $TABLENAME->sender); $_SESSION['tablename']['notes'] = utf8_decode((string) $TABLENAME->notes); } $i=0; foreach($xmlconfig->RESOURCES as $RESOURCES) { $_SESSION['ressources'][$i] = array("tablename" => utf8_decode((string) $RESOURCES->tablename), "comment" => utf8_decode((string) $RESOURCES->comment)); $i++; } $_SESSION['nb_columnsresults']=0; $_SESSION['nb_columnsdetails']=0; foreach($xmlconfig->COLUMNSRESULTS as $COLUMNSRESULTS) { $_SESSION['columnsresults'][$_SESSION['nb_columnsresults']] = array("name" => utf8_decode((string) $COLUMNSRESULTS->name), "tablename" => utf8_decode((string) $COLUMNSRESULTS->tablename)); $_SESSION['nb_columnsresults']=($_SESSION['nb_columnsresults']+1); } foreach($xmlconfig->COLUMNSDETAILS as $COLUMNSDETAILS) { $_SESSION['columnsdetails'][$_SESSION['nb_columnsdetails']] = array("name" => utf8_decode((string) $COLUMNSDETAILS->name), "tablename" => utf8_decode((string) $COLUMNSDETAILS->tablename)); $_SESSION['nb_columnsdetails']=($_SESSION['nb_columnsdetails']+1); } foreach($xmlconfig->HISTORY as $HISTORY) { $_SESSION['history']['usersdel'] = utf8_decode((string) $HISTORY->usersdel); $_SESSION['history']['usersban'] = utf8_decode((string) $HISTORY->usersban); $_SESSION['history']['usersadd'] = utf8_decode((string) $HISTORY->usersadd); $_SESSION['history']['usersup'] = utf8_decode((string) $HISTORY->usersup); $_SESSION['history']['usersval'] = utf8_decode((string) $HISTORY->usersval); $_SESSION['history']['doctypesdel'] = utf8_decode((string) $HISTORY->doctypesdel); $_SESSION['history']['doctypesadd'] = utf8_decode((string) $HISTORY->doctypesadd); $_SESSION['history']['doctypesup'] = utf8_decode((string) $HISTORY->doctypesup); $_SESSION['history']['doctypesval'] = utf8_decode((string) $HISTORY->doctypesval); $_SESSION['history']['doctypesprop'] = utf8_decode((string) $HISTORY->doctypesprop); $_SESSION['history']['resadd'] = utf8_decode((string) $HISTORY->resadd); $_SESSION['history']['resup'] = utf8_decode((string) $HISTORY->resup); $_SESSION['history']['resdel'] = utf8_decode((string) $HISTORY->resdel); $_SESSION['history']['usergroupsdel'] = utf8_decode((string) $HISTORY->usergroupsdel); $_SESSION['history']['usergroupsban'] = utf8_decode((string) $HISTORY->usergroupsban); $_SESSION['history']['usergroupsadd'] = utf8_decode((string) $HISTORY->usergroupsadd); $_SESSION['history']['usergroupsup'] = utf8_decode((string) $HISTORY->usergroupsup); $_SESSION['history']['usergroupsval'] = utf8_decode((string) $HISTORY->usergroupsval); $_SESSION['history']['diffusion'] = utf8_decode((string) $HISTORY->diffusion); $_SESSION['history']['redirection'] = utf8_decode((string) $HISTORY->redirection); $_SESSION['history']['userabs'] = utf8_decode((string) $HISTORY->userabs); $_SESSION['history']['modelsadd'] = utf8_decode((string) $HISTORY->modelsadd); $_SESSION['history']['modelsup'] = utf8_decode((string) $HISTORY->modelsup); $_SESSION['history']['modelsdel'] = utf8_decode((string) $HISTORY->modelsdel); $_SESSION['history']['notesadd'] = utf8_decode((string) $HISTORY->notesadd); $_SESSION['history']['notesup'] = utf8_decode((string) $HISTORY->notesup); $_SESSION['history']['notesdel'] = utf8_decode((string) $HISTORY->notesdel); } } /** * Build the alphabetic list of users letters */ public function userslistletters() { // build the alphabetic list of users letters ?> connect(); $db_abs->query("select distinct USER_ABS from ".$_SESSION['tablename']['missing_user']); //$db_abs->show(); $j=0; while($line = $db_abs->fetch_object()) { $user_abs[$j] = $line->USER_ABS; $j++; } $this->connect(); $this->query("select count(*) as total from ".$table_name." where STATUS <> 'DEL'"); $nb_total_1 = $this->fetch_object(); $nb_total = $nb_total_1->total; // define the defaults values $nb_pages = ceil($nb_total/$nb_show); $link = "index.php?page=".$page_name."&start=".$this->the_start."&order=".$this->orderby.$what; if($nb_pages > 1) { $next_start = 0; $page_list1 = '

'._GO_TO_PAGE.' '; $lastpage = 0; for($i = 0;$i <> $nb_pages; $i++) { $page_name = $i + 1; $the_line = $i + 1; if($this->the_start == $next_start) { $page_list1 .= ""; $page_list2 .= ""; } else { $page_list1 .= ""; $page_list2 .= ""; } $next_start = $next_start + $nb_show; $lastpage = $next_start; } $lastpage = $lastpage - $nb_show; $previous = ""; $next = ""; if($this->the_start > 0) { $start_prev = $this->the_start - $nb_show; $previous = ''._PREVIOUS.''; } if($this->the_start <> $lastpage) { $start_next = $this->the_start + $nb_show; $next = ''._NEXT.''; } $page_list1 = $page_list1.""; $page_list2 = $page_list2.""; if($previous <> '' || $next <> '') { if(empty($previous)) { $previous = " "; } if(empty($next)) { $next = " "; } $page_list1 .= $previous." ".$next.'

'; $page_list2 .= $previous." ".$next.'

'; } } $this->query("select * from ".$table_name." where STATUS <> 'DEL' ".$where." ".$this->sqlorderby." limit ".$this->the_start.",".$nb_show); echo '

'.$title.'

'; $this->userslistletters(); echo $page_list1; $db = new dbquery(); $db->connect(); ?> fetch_object()) { if($color == ' class="col"') { $color = ''; } else { $color = ' class="col"'; } ?> >



USER_ID.""; $is_abs = false; for ($n=0; $n<=count($user_abs); $n++) { if ($line->USER_ID == $user_abs[$n]) { $is_abs = true; } } if ($is_abs==true) { echo "("._MISSING.")"; } ?>	show($line->LASTNAME); ?>	show($line->FIRSTNAME); ?>	ENABLED == "N") { ?> ENABLED == "Y") { ?>	query("select SERVICE from ".$_SESSION['tablename']['services']. " where ID = '".$line->DEPARTMENT."'"); $res = $db->fetch_object(); echo $res->SERVICE; ?>	ENABLED == "Y") { echo ''._MODIFY.''; } ?>	ENABLED == "N" ) { echo ''._AUTHORIZE.''; } else { echo ''._SUSPEND.''; } ?>	USER_ID.'" class="delete" onclick="return(confirm(\''._REALLY_DELETE.' '.$line->FIRSTNAME.' '.$line->LASTNAME.' ?\n'._DEFINITIVE_ACTION.'\'));">'._DELETE.''; ?>

clearuserinfos(); } /** * To allow administrator to admin users * * @param integer $id user identifier * @param string $mode allow, ban or del */ public function adminuser($id,$mode) { // To allow administrator to admin users if(!empty($_SESSION['error'])) { header("location: index.php?page=users"); exit; } else { $this->connect(); $this->query("select USER_ID, FirstName, LastName from ".$_SESSION['tablename']['users']." where user_id = '".$id."'"); if($this->nb_result() == 0) { $_SESSION['error'] = _USER.' '._UNKNOWN; header("location: index.php?page=users"); exit; } else { $info = $this->fetch_object(); $theuser = $info->LastName." ".$info->FirstName; if($mode == "allow") { $this->query("Update ".$_SESSION['tablename']['users']." set enabled = 'Y' where user_id = '".$id."'"); if($_SESSION['history']['usersval'] == "true") { require("class_history.php"); $users = new history(); $users->add($_SESSION['tablename']['users'], $id,"VAL",_USER_AUTORIZATION." ".$theuser); } $_SESSION['error'] = _AUTORIZED_USER; } elseif($mode == "ban") { $this->query("Update ".$_SESSION['tablename']['users']." set enabled = 'N' where user_id = '".$id."'"); if($_SESSION['history']['usersban'] == "true") { require("class_history.php"); $users = new history(); $users->add($_SESSION['tablename']['users'], $id,"BAN",_USER_SUSPENSION." : ".$theuser); } $_SESSION['error'] = _SUSPENDED_USER; } elseif($mode == "del" ) { $this->query("update ".$_SESSION['tablename']['users']." set STATUS = 'DEL' where user_id = '".$id."'"); $this->query("delete from ".$_SESSION['tablename']['usergroup_content']." where user_id = '".$id."'"); $this->query("select ID from ".$_SESSION['tablename']['listmodel']." where user_id = '".$id."'"); $db = new dbquery(); $db->connect(); $db2 = new dbquery(); $db2->connect(); while($res = $this->fetch_object()) { $service_id = $res->ID; $decal = false; $db->query("select * from ".$_SESSION['tablename']['listmodel']." where ID = '".$service_id."' order by SEQUENCE"); while($res2 = $db->fetch_object()) { $user = $res2->USER_ID; if($decal) { $db2->query("update ".$_SESSION['tablename']['listmodel']." set SEQUENCE = SEQUENCE -1 where USER_ID = '".$user."' and ID = '".$service_id."'"); } if($user == $id) { $decal = true; $db2->query("delete from ".$_SESSION['tablename']['listmodel']." where ID = '".$service_id."' and USER_ID = '".$id."'"); } } } if($_SESSION['history']['usersdel']) { require("class_history.php"); $users = new history(); $users->add($_SESSION['tablename']['users'], $id,"DEL",_USER_DELETION." : ".$theuser); } $_SESSION['error'] = _DELETED_USER; } header("location: index.php?page=users"); exit; } } } /** * Treats the information returned by the form of (). * */ public function user_modif() { require_once("class_functions.php"); $func = new functions(); $_SESSION['user']['FirstName'] = $func->wash($_POST['FirstName'], "no", _FIRSTNAME); $_SESSION['user']['FirstName'] = stripslashes($_SESSION['user']['FirstName']); $_SESSION['user']['LastName'] = $func->wash($_POST['LastName'], "no", _LASTNAME); $_SESSION['user']['LastName'] = stripslashes($_SESSION['user']['LastName']); $_SESSION['user']['pass1'] = $func->wash($_POST['pass1'], "no", _FIRST_PSW); $_SESSION['user']['pass2'] = $func->wash($_POST['pass2'], "no", _SECOND_PSW); if($_SESSION['user']['pass1'] <> $_SESSION['user']['pass2']) { $func->add_error(_WRONG_SECOND_PSW, ''); } if(isset($_POST['Phone']) && !empty($_POST['Phone'])) { $_SESSION['user']['Phone'] = $_POST['Phone']; } if(isset($_POST['Fonction']) && !empty($_POST['Fonction'])) { $_SESSION['user']['Fonction'] = $_POST['Fonction']; $_SESSION['user']['Fonction'] = stripslashes($_SESSION['user']['Fonction'] ); } if(isset($_POST['Mail']) && !empty($_POST['Mail'])) { $_SESSION['user']['Mail'] = $_POST['Mail']; } if(empty($_SESSION['error'])) { $this->connect(); $this->query("update `".$_SESSION['tablename']['users']."` set PASSWORD = '".md5($_SESSION['user']['pass1'])."', `FirstName` = '".$_SESSION['user']['FirstName']."', `LastName` = '".$_SESSION['user']['LastName']."', `Phone` = '".$_SESSION['user']['Phone']."', `Mail` = '".$_SESSION['user']['Mail']."' , `Department` = '".$_SESSION['user']['department']."' , `FONCTION` = '".$_SESSION['user']['Fonction']."' where user_id = '".$_SESSION['user']['UserId']."'"); if($_SESSION['history']['usersup'] == "true") { require("class_history.php"); $users = new history(); $users->add($_SESSION['tablename']['users'], $_SESSION['user']['UserId'],"UP",_USER_UPDATE." ".$_SESSION['user']['LastName']." : ".$_SESSION['user']['FirstName']); } $_SESSION['error'] = _USER_UPDATED; header("location: index.php"); exit; } else { header("location: index.php?page=modify_user"); exit; } } /** * Form for the management of the current user. * */ public function change_info_user() { $this->connect(); $this->query("select ID, SERVICE from ".$_SESSION['tablename']["services"]." where ENABLED = 'Y' order by SERVICE asc"); $services = array(); while($res = $this->fetch_object()) { array_push($services, array('ID' => $res->ID, 'LABEL' => $res->SERVICE)); } ?>

query("select count(*) as DATE_TRAIT from ".$_SESSION['ressources'][0]['tablename']." WHERE date(CUSTOM_D3)='".date("Y")."-".date("m")."-".date("d")."'"); //$this->show(); $line01 = $this->fetch_object(); $this->query("select count(*) as INDEX_TRAIT from ".$_SESSION['ressources'][0]['tablename']." WHERE date(CREATION_DATE)='".date("Y")."-".date("m")."-".date("d")."' AND TYPIST='".$_SESSION['user']['UserId']."'"); //$this->show(); $line02 = $this->fetch_object(); $this->query("select count(*) as REP_TRAIT from ".$_SESSION['tablename']['history']." WHERE date(EVENT_DATE)='".date("Y")."-".date("m")."-".date("d")."' AND USER_ID='".$_SESSION['user']['UserId']."' AND EVENT_TYPE='RED'"); //$this->show(); $line03 = $this->fetch_object(); ?>

:

".$_SESSION['user']['services'][$i]['LABEL']." "; } ?>

:

: DATE_TRAIT; ?>
: INDEX_TRAIT; ?>
: REP_TRAIT; ?>

query("SELECT count(USER_ABS) as TOTAL from ".$_SESSION['tablename']['missing_user']." WHERE USER_ABS='".$_SESSION['user']['UserId']."'"); //$this->show(); $line = $this->fetch_object(); echo "

"; if ($line->TOTAL == 0) { ?>

query("SELECT NEW_USER from ".$_SESSION['tablename']['missing_user']." WHERE USER_ABS='".$_SESSION['user']['UserId']."'"); $line2 = $this->fetch_object(); $this->query("SELECT FIRSTNAME, LASTNAME from ".$_SESSION['tablename']['users']." WHERE USER_ID ='".$line2->NEW_USER."'"); //$this->show(); $line3 = $this->fetch_object(); ?>

FIRSTNAME." ".$line3->LASTNAME; ?>. .

connect(); $this->query("select ID, SERVICE from ".$_SESSION['tablename']["services"]." where ENABLED = 'Y' order by SERVICE asc"); $services = array(); while($res = $this->fetch_object()) { array_push($services, array('ID' => $res->ID, 'LABEL' => $res->SERVICE)); } if(empty($_SESSION['error'])) { $this->connect(); $this->query("select count(*) as total from ".$_SESSION['tablename']['usergroups']." where enabled ='Y'"); $nb_total_1 = $this->fetch_object(); $_SESSION['m_admin']['nbgroups'] = $nb_total_1->total; $this->query("select * from ".$_SESSION['tablename']['services']); } if($mode == "up") { $_SESSION['m_admin']['mode'] = "up"; if(empty($_SESSION['error'])) { $this->connect(); $this->query("select * from ".$_SESSION['tablename']['users']." where user_id = '".$id."'"); if($this->nb_result() == 0) { $_SESSION['error'] = _USER.' '._UNKNOWN; $state = false; } else { $line = $this->fetch_object(); $_SESSION['m_admin']['users']['UserId'] = $line->USER_ID; $_SESSION['m_admin']['users']['FirstName'] = $line->FIRSTNAME; $_SESSION['m_admin']['users']['LastName'] = $line->LASTNAME; $_SESSION['m_admin']['users']['Phone'] = $line->PHONE; $_SESSION['m_admin']['users']['Mail'] = $line->MAIL; $_SESSION['m_admin']['users']['Department'] = $line->DEPARTMENT; $_SESSION['m_admin']['users']['Status'] = $line->ENABLED; $_SESSION['m_admin']['users']['Elu'] = $line->ELU; $_SESSION['m_admin']['users']['Fonction'] = $line->FONCTION; } for($i=0;$i < count($_SESSION['m_admin']['users']['groups']); $i++) { if($_SESSION['m_admin']['users']['groups'][$i]['USER_ID'] <> $_SESSION['m_admin']['users']['UserId']) { $_SESSION['m_admin']['load_group'] = true; break; } } if ($_SESSION['m_admin']['load_group'] == true || ! isset($_SESSION['m_admin']['load_group'] )) { $ugc->load_group_session($_SESSION['m_admin']['users']['UserId']); } } } elseif($mode == "add" ) { $_SESSION['m_admin']['mode'] = "add"; if ($_SESSION['m_admin']['init']== true || !isset($_SESSION['m_admin']['init'] )) { $ugc->init_session(); } } ?>

'._USER_ADDITION.''; } elseif($mode == "up") { echo '

'._USER_MODIFICATION.'

'; } ?>

"._USER.' '._UNKNOWN."

"; } else { ?>

query("SELECT count(USER_ABS) as TOTAL from ".$_SESSION['tablename']['missing_user']." WHERE USER_ABS='".$_GET['id']."'"); //$this->show(); $line = $this->fetch_object(); echo "

"; if ($line->TOTAL == 0) { ?>

query("SELECT NEW_USER from ".$_SESSION['tablename']['missing_user']." WHERE USER_ABS='".$_GET['id']."'"); $line2 = $this->fetch_object(); $this->query("SELECT FIRSTNAME, LASTNAME from ".$_SESSION['tablename']['users']." WHERE USER_ID ='".$line2->NEW_USER."'"); //$this->show(); $line3 = $this->fetch_object(); ?>

FIRSTNAME." ".$line3->LASTNAME; ?>

wash($_POST['UserId'], "nick", _USER_ID); $_SESSION['m_admin']['users']['pass'] = md5("test"); } if($mode == "up") { $_SESSION['m_admin']['users']['UserId'] = $func->wash($_POST['id'], "nick", _USER_ID); } $_SESSION['m_admin']['users']['FirstName'] = $func->wash($_POST['FirstName'], "no", _FIRSTNAME); $_SESSION['m_admin']['users']['FirstName'] = stripslashes($_SESSION['m_admin']['users']['FirstName']); $_SESSION['m_admin']['users']['LastName'] = $func->wash($_POST['LastName'], "no", _LASTNAME); $_SESSION['m_admin']['users']['LastName'] = stripslashes($_SESSION['m_admin']['users']['LastName']); $_SESSION['m_admin']['users']['Department'] = $func->wash($_POST['Department'], "no", _DEPARTMENT); if(isset($_POST['Phone']) && !empty($_POST['Phone'])) { $_SESSION['m_admin']['users']['Phone'] = $_POST['Phone']; } $_SESSION['m_admin']['users']['Mail'] = $func->wash($_POST['Mail'], "mail", _MAIL); if(isset($_POST['Fonction']) && !empty($_POST['Fonction'])) { $_SESSION['m_admin']['users']['Fonction'] = $_POST['Fonction']; $_SESSION['m_admin']['users']['Fonction'] = stripslashes($_SESSION['m_admin']['users']['Fonction'] ); } $_SESSION['m_admin']['users']['Elu'] = $_POST['elu']; $ugc = new usergroup_content(); $primary_set = false; for($i=0; $i < count($_SESSION['m_admin']['users']['groups']);$i++) { if($_SESSION['m_admin']['users']['groups'][$i]['PRIMARY'] == 'Y') { $primary_set = true; break; } } if ($primary_set == false) { $ugc->add_error(_NO_PRIMARY_GROUP, ""); } } /** * Add ou modify users in the database * * @param string $mode up or add */ public function addupusers($mode) { // add ou modify users in the database $this->usersinfo($mode); if(!empty($_SESSION['error'])) { if($mode == "up") { if(!empty($_SESSION['m_admin']['users']['UserId'])) { header("location: index.php?page=users_up&id=".$_SESSION['m_admin']['users']['UserId']); exit; } else { header("location: index.php?page=users"); exit; } } elseif($mode == "add") { $_SESSION['m_admin']['load_group'] = false; header("location: index.php?page=users_add"); exit; } } else { $this->connect(); if($mode == "add") { $this->query("select USER_ID, STATUS from ".$_SESSION['tablename']['users']." where User_Id = '".$_SESSION['m_admin']['users']['UserId']."'"); $res = $this->fetch_object(); if($this->nb_result() > 0) { if($res->STATUS == 'OK') { $_SESSION['error'] = _THE_USER." ".$_SESSION['m_admin']['users']['UserId']." "._ALREADY_EXISTS."
"; header("location: index.php?page=users_add"); exit; } else { $this->query("DELETE from ".$_SESSION['tablename']['users']." where USER_ID = '".$_SESSION['m_admin']['users']['UserId']."'"); } } $this->query("INSERT INTO `".$_SESSION['tablename']['users']."` ( `USER_ID` , `PASSWORD` , `FIRSTNAME` , `LASTNAME` , `PHONE` , `MAIL` , `DEPARTMENT` , `FONCTION` ,`COOKIE_KEY` , `COOKIE_DATE` , `ELU` , `ENABLED` ) VALUES ( '".$_SESSION['m_admin']['users']['UserId']."', '".$_SESSION['m_admin']['users']['pass']."', '".addslashes($_SESSION['m_admin']['users']['FirstName'])."', '".addslashes($_SESSION['m_admin']['users']['LastName'])."', '".$_SESSION['m_admin']['users']['Phone']."', '".$_SESSION['m_admin']['users']['Mail']."', '".$_SESSION['m_admin']['users']['Department']."', '".addslashes($_SESSION['m_admin']['users']['Fonction'])."','', '0000-00-00 00:00:00', '".$_SESSION['m_admin']['users']['Elu']."', 'Y')"); require_once("class_usergroup_content.php"); $ugc=new usergroup_content(); $ugc->load_db(); if($_SESSION['history']['usersadd'] == "true") { require("class_history.php"); $users = new history(); $users->add($_SESSION['tablename']['users'], $_SESSION['m_admin']['users']['UserId'],"ADD",_USER_ADDED." : ".$_SESSION['m_admin']['users']['LastName']." ".$_SESSION['m_admin']['users']['FirstName']); } $this->clearuserinfos(); $_SESSION['error'] = _USER_ADDED; header("location: index.php?page=users"); exit; } elseif($mode == "up") { $this->query("update `".$_SESSION['tablename']['users']."` set `FIRSTNAME` = '".addslashes($_SESSION['m_admin']['users']['FirstName'])."', `LASTNAME` = '".addslashes($_SESSION['m_admin']['users']['LastName'])."', `PHONE` = '".$_SESSION['m_admin']['users']['Phone']."', `MAIL` = '".$_SESSION['m_admin']['users']['Mail']."' , `DEPARTMENT` = '".$_SESSION['m_admin']['users']['Department']."', `FONCTION` = '".addslashes($_SESSION['m_admin']['users']['Fonction'])."', `ELU` = '".$_SESSION['m_admin']['users']['Elu']."' where USER_ID = '".$_SESSION['m_admin']['users']['UserId']."'"); require_once("class_usergroup_content.php"); $ugc=new usergroup_content(); $ugc->load_db(); if($_SESSION['history']['usersup'] == "true") { require("class_history.php"); $users = new history(); $users->add($_SESSION['tablename']['users'], $_SESSION['m_admin']['users']['UserId'],"UP",_USER_UPDATE." : ".$_SESSION['m_admin']['users']['LastName']." ".$_SESSION['m_admin']['users']['FirstName']." (".$_SESSION['m_admin']['users']['UserId'].")"); } if( $_SESSION['m_admin']['users']['UserId'] == $_SESSION['user']['UserId'] ) { $_SESSION['user']['groups'] = array(); $_SESSION['user']['security'] = array(); $this->load_groups(); $this->load_security(); } $this->clearuserinfos(); $_SESSION['error'] = _USER_UPDATED; header("location: index.php?page=users"); exit; } } } /** * Clear the users add or modification vars */ private function clearuserinfos() { // clear the users add or modification vars $_SESSION['m_admin']['users'] = array(); $_SESSION['m_admin']['users']['UserId'] = ""; $_SESSION['m_admin']['users']['pass'] = ""; $_SESSION['m_admin']['users']['FirstName'] = ""; $_SESSION['m_admin']['users']['LastName'] = ""; $_SESSION['m_admin']['users']['Phone'] = ""; $_SESSION['m_admin']['users']['Mail'] = ""; $_SESSION['m_admin']['users']['Department'] =""; $_SESSION['m_admin']['users']['Status'] = ""; $_SESSION['m_admin']['users']['Elu'] = ""; $_SESSION['m_admin']['users']['Fonction'] = ""; $_SESSION['m_admin']['users']['groups'] = array(); $_SESSION['m_admin']['users']['nbbelonginggroups'] = 0; } } ?>