$h) { $h=$h+24; } if ($m2>$m) { $m=$m+60; $h2++; } if ($s2>$s) { $s=$s+60; $m2++; } $ht=$h-$h2; $mt=$m-$m2; $st=$s-$s2; if (strlen($ht)==1) { $ht="0".$ht; } if (strlen($mt)==1) { $mt="0".$mt; } if (strlen($st)==1) { $st="0".$st; } return $ht.":".$mt.":".$st; } /*********************************************************************************/ /****************************************************************************/ function dateadd($per,$n,$d) { switch($per) { case "yyyy": $n*=12; break; case "m": $d=mktime(date("H",$d),date("i",$d),date("s",$d),date("n",$d)+$n,date("j",$d),date("Y",$d)); $n=0; break; case "w": $n*=7; case "d": $n*=24; echo "ligne 112 n=$n"; case "h": $n*=60; case "n": $n*=60; } echo "ligne 130".$d+$n; return ($d+$n); } /******************************************************************************/ //'session("CodeAdmin") = 4 //'session("accesslevel") = 5 //''' initiate global vars and constants //''' instantiate error handling and messaging //set error_list = CreateObject("Scripting.Dictionary") // objet pour le hachage //set msg_list = CreateObject("Scripting.Dictionary") // o //on error resume next /*if err.number <> 0 then response.redirect "error.asp" on error goto 0*/ $error_list=array(); $msg_list=array(); //''' command object //set cmd = Server.CreateObject("ADODB.Command") //infos de connexion //cmd.ActiveConnection = cn //''' recordset object //set rs = Server.CreateObject("ADODB.Recordset") //''' set locale identifier - default is US English //''' (http://msdn.microsoft.com/library/default.asp?url=/library/en-us/script56/html/vsmsclcid.asp) //session.lcid = 1033 /*':::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: '' ERROR AND MESSAGE DISPLAY SUBS ':::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: */ function display_errs() { /*'::::::::::::::::::::::::::::::::::::::::::::::::::::: ' display content of the error dictionary object '::::::::::::::::::::::::::::::::::::::::::::::::::::: */ global $error_list; if (count($error_list) > 0) { //''' display errors $a_errors=array_values($error_list); for ($i = 0; $i <= (sizeof($error_list) - 1); $i++){ echo( "
".$a_errors[$i]."
"); } } } function display_msg() { /*'::::::::::::::::::::::::::::::::::::::::::::::::::::: ' displays msgs after successful database action '::::::::::::::::::::::::::::::::::::::::::::::::::::: ':: check if a msg was passed to the page */ global $msg_list; if ((isset($_REQUEST["msg"])) && ($_REQUEST["msg"] <> "")){ $msg = str_replace("://", "", $_REQUEST["msg"]); $msg = str_replace("script", "", $_REQUEST["msg"]); $msg = str_replace("%", "", $_REQUEST["msg"]); // voir est-ce que c % ou ? $msg = str_replace("form", "", $_REQUEST["msg"]); $msg_list["msg"]=$msg; } // ':: display messages $a_msg=array_values($msg_list); for ($i = 0; $i <= (sizeof($msg_list) - 1); $i++){ echo( "
".$a_msg[$i]."
"); } } /*':::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: '' USER MANAGMENT FUNCTIONS '::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::*/ function check_security($iLevel) { /*'::::::::::::::::::::::::::::::::::::::::::::::::::::: ' authenticates user and verifies access level ':::::::::::::::::::::::::::::::::::::::::::::::::::::*/ if (($_SESSION["CodeAdmin"] == "") || (is_Null($_SESSION["accesslevel"]))) { Header("Location: login.php?ret_page=".to_url(getenv("SCRIPT_NAME"))."?".""); Header("Location:".getenv("QUERY_STRING").""); }elseif ($_SESSION["accesslevel"] <> "") { //entierlong=clng(chaine) //pas necessaire en php if ($_SESSION["accesslevel"] < $iLevel) Header("Location: login.php?action=noaccess&ret_page=".to_url(getenv("SCRIPT_NAME"))."?".getenv("QUERY_STRING")); else { $CodeAdmin = $_SESSION["CodeAdmin"]; $accesslevel = $_SESSION["accesslevel"]; } } } function do_login() { /*'::::::::::::::::::::::::::::::::::::::::::::::::::::: ' autheticates user in db and creates session '::::::::::::::::::::::::::::::::::::::::::::::::::::: */ $sql = "SELECT NomU, password FROM Admin WHERE NomU = ".to_sql($NomU,"text")." AND password = ". to_sql($password,"text").""; $rs= mysql_query($Sql); if ($row = mysql_fetch_assoc($rs)) { //'login failed $error_list["login"] = "Nom d'utilisateur ou mot de passe incorrect." ; $b_error = true ; }else{ // 'login and password passed $sql = "SELECT CodeAdmin, accesslevel FROM Admin WHERE NomU = ".to_sql($NomU,"text")." AND password = ".to_sql($password,"text").""; $rs= mysql_query($Sql); if ($row = mysql_fetch_row($rs)) { // 'should never happen $error_list["login"] = "L'utilisateur n'éxiste pas."; $b_error = true; }else{ // 'login user $_SESSION["CodeAdmin"] = $row[0]; $_SESSION["accesslevel"] = $row[1]; //'add Nom Utilisateur to app dict (global.asa) if (isset($online_Admin)) $online_Admin[session.sessionid] = $_SESSION["CodeAdmin"].",".$NomU; // 'store last visit date in session, set current date in db if (!empty($php_errormsg)) break; // on error resume next $rs = mysql_query("SELECT dtlast FROM Admin WHERE CodeAdmin = ".to_sql($_SESSION["CodeAdmin"],"number")); if ($row = mysql_fetch_row($rs)) { $_SESSION["dtlast"] = $row[0]; //if err.number = 0 if (empty($php_errormsg)) { mysql_query("UPDATE Admin SET last_ip='".getenv("REMOTE_ADDR")."', dtlast = ".to_sql($now,"date")." WHERE CodeAdmin = ".to_sql($_SESSION["CodeAdmin"],"number").""); // if (!empty($php_errormsg)) goto 0; voir pour le goto en php //'where to next? $querystring = $_REQUEST["querystring"]; $ret_page = $_REQUEST["ret_page"]; if (($ret_page <> getenv("SCRIPT_NAME")) && ($ret_page <> "")) //'return to page that preceded login Echo($ret_page); else //'go home Header("Location: default.php"); } } } } mysql_free_result($rs); } /*':::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: '' FORMATTING FUNCTIONS ':::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: */ function to_url($strValue) { /*'::::::::::::::::::::::::::::::::::::::::::::::::::::: ' make passed paramters url friendly '::::::::::::::::::::::::::::::::::::::::::::::::::::: */ if (IsNull($strValue)) $strValue = ""; $to_url = urlencode($strValue); return($to_url); } function to_html($strValue) { /*'::::::::::::::::::::::::::::::::::::::::::::::::::::: ' convert and clean string '::::::::::::::::::::::::::::::::::::::::::::::::::::: */ if (Is_Null($strValue)) $strValue = "" ; $strValue = str_replace("<%", "<".chr(37), $strValue); $strValue = str_replace("%>", chr(37).">", $strValue); $strValue = str_replace("<script%", "",1, $strValue); $to_html = htmlspecialchars($strValue); return($to_html); } /********************************************************************************/ function to_sql($Value,$DataType){ $to_sql=""; $dteDateTime = $Value; if (($Value == "") || (is_Null($Value))) { $to_sql = "NULL"; }elseif (($DataType == "date") || ($DataType == "absdate")) { // if (var_dump(checkdate($dteDateTime)) == True) if (($DataType == "date") && (date("G",$dteDateTime)>0) && ( $application["server_time_diff"]<>0) && ( !is_Null($application["server_time_diff"]))) { $dteDateTime = DateAdd("h",$application["server_time_diff"],$dteDateTime); $dteDay = date("j",$dteDateTime); $dteMonth = date("n",$dteDateTime); $dteYear = date("Y",$dteDateTime); $dteHour = date("h",$dteDateTime); $dteMinute = date("i",$dteDateTime); $dteSecond = date("s",$dteDateTime); $dteDateTime = $dteYear."-".substr((string)($dteMonth + 100),-2)."-".substr((string)($dteDay + 100),-2)." ".substr((string)($dteHour + 100),-2).":".substr((string)($dteMinute + 100),-2).":".substr((string)(dteSecond + 100),-2); $to_sql = "NULL";//puisque c'est une bdd mysql } }elseif ($DataType <> "number") { $Value = str_replace("<".chr(37),"<%",$Value); $Value = str_replace(chr(37).">","%>",$Value); $Value = str_replace("","</script>",1,$Value); $to_sql = "'".str_replace("'", "''",$Value)."'"; }elseif (strpos($Value,".")) { $to_sql = $Value; }else{ $to_sql = (int)($Value); } return($to_sql); } //'::::::::::::::::::::::::::::::::::::::::::: //Cette fonction sera remplacée par strip_tags() fonction de php /*function strip_html($str_html) { '::::::::::::::::::::::::::::::::::::::::::::::::::::: ' removes html tags from str_html '::::::::::::::::::::::::::::::::::::::::::::::::::::: set objRegExp = new Regexp objRegExp.IgnoreCase = True objRegExp.Global = True objRegExp.Pattern = "<(.|\n)+? >" str_output = objRegExp.str_replace(str_html, "") str_output = str_replace(str_output, "<", "<") str_output = str_replace(str_output, ">", ">") strip_html = str_output set objRegExp = Nothing } */ function get_options($sql,$selected_value){ /*'::::::::::::::::::::::::::::::::::::::::::::::::::::: ' displays option tags for a select list ':::::::::::::::::::::::::::::::::::::::::::::::::::::*/ if (is_Null($selected_value)) $selected_value = ""; $rsSelect= mysql_query($Sql); while ($row = mysql_fetch_row($rsSelect)) { if (!is_Null($row[0])) { $get_options = $get_options.""; if (mysql_num_fields($rsSelect)-1 == 0) { //Nombre de colonnes $get_options = $get_options."".$row[0]." "; }else{ for ($i = 1; $i<= mysql_num_fields($rsSelect)-1;$i++) { if ($row[$i] <> "") { $get_options = $get_options."".$row[$i]; if ($i < mysql_num_fields($rsSelect)-1) $get_options = $get_options.": "; } } } $get_options = $get_options.""."\n".chr(9).chr(9); } //rsSelect.MoveNext //Pas besoin } mysql_free_result($rsSelect); return($get_options); } function is_reserved($strValue) { /*'::::::::::::::::::::::::::::::::::::::::::::::::::::: ' compare a string with a list of vb and sql reserved words '::::::::::::::::::::::::::::::::::::::::::::::::::::: */ $reserved_words = "|and||as||boolean||byref||byte||byval||call||case||class||const||currency||date||desc||debug||dim||do||double||each||else||elseif||empty||end||endif||enum||eqv||event||exit||false||for||function||get||goto||if||imp||implements||in||integer||is||let||like||long||loop||lset||me||mod||new||next||not||nothing||null||on||option||optional||or||paramarray||preserve||private||public||raiseevent||redim||rem||resume||rows||rset||select||set||shared||single||size||static||stop||sub||then||to||true||type||typeof||until||variant||wend||while||with||xor|" ; if (strpos($reserved_words,"|".strtolower($strValue)."|") > 0) $is_reserved = true; else $is_reserved = false; return($is_reserved); } /*':: correct secure urls ::::::::::::::::::::::::::::::::::::::: ': this section assures that user does not persist in ': ssl (https://) mode. only pages in the application ': secure_pages variable (global.asa) will stay in https. '::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::*/ //if request.servervariables("https") = "on" then //': list of pages where https is permitted /*secure_list = application("secure_pages") this_page = request.servervariables("script_name") a_tmp = split(secure_list, ",") for ctr = 0 to uBound(a_tmp) if instr(this_page,trim(a_tmp(ctr))) > 0 then '' this page should be secure b_redirect = false exit for else b_redirect = true end if next if b_redirect then response.redirect "http://" & request.servervariables("server_name") & request.servervariables("script_name") end if*/ //':::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: ?>