'; /* if (function_exists("getSettingValue")) { $ad_site = getSettingValue("grr_url"); if (substr(getSettingValue("grr_url"), -1) != "/") $ad_site .= "/"; $a.=''; } */ $a.=''; $a .="\n$title"; $a .="\n"; $a .="\n\n \n"; if (@file_exists($clock_file)) { $a .=''; } # show a warning if this is using a low version of php if (substr(phpversion(), 0, 1) == 3) $a .=$vocab['not_php3']; return $a; } function print_header($day, $month, $year, $area, $type="with_session", $page="no_admin") { global $vocab, $search_str, $grrSettings, $session_statut, $authentification_obli, $clock_file; if ($type == "with_session") echo begin_page($vocab["mrbs"],"with_session"); else echo begin_page($vocab["mrbs"],"no_session") ; // Si nous ne sommes pas dans un format imprimable if ((!isset($_GET['pview'])) or ($_GET['pview'] != 1)) { # If we dont know the right date then make it up if(!$day) $day = date("d"); if(!$month)$month = date("m"); if(!$year) $year = date("Y"); if (!(isset($search_str))) $search_str = $vocab["search_for"]; if (empty($search_str)) $search_str = ""; ?>
= 4) { echo ""; } } ?>
"; echo "".$vocab["admin"]."\n
\n \n
\n
= 60) { $dur = $dur/60; if($dur >= 60) { $dur /= 60; if(($dur >= 24) && ($dur % 24 == 0)) { $dur /= 24; if(($dur >= 7) && ($dur % 7 == 0)) { $dur /= 7; if(($dur >= 52) && ($dur % 52 == 0)) { $dur /= 52; $units = $vocab["years"]; } else $units = $vocab["weeks"]; } else $units = $vocab["days"]; } else $units = $vocab["hours"]; } else $units = $vocab["minutes"]; } else $units = $vocab["seconds"]; } function genDateSelector($prefix, $day, $month, $year,$option) { if($day == 0) $day = date("d"); if($month == 0) $month = date("m"); if($year == 0) $year = date("Y"); echo ""; echo ""; echo ""; } # Error handler - this is used to display serious errors such as database # errors without sending incomplete HTML pages. This is only used for # errors which "should never happen", not those caused by bad inputs. # If $need_header!=0 output the top of the page too, else assume the # caller did that. Alway outputs the bottom of the page and exits. function fatal_error($need_header, $message) { global $vocab; if ($need_header) print_header(0, 0, 0, 0); echo $message; include "trailer.inc.php"; exit; } # Apply backslash-escape quoting unless PHP is configured to do it # automatically. Use this for GET/POST form parameters, since we # cannot predict if the PHP configuration file has magic_quotes_gpc on. function slashes($s) { if (get_magic_quotes_gpc()) return $s; else return addslashes($s); } # Remove backslash-escape quoting if PHP is configured to do it with # magic_quotes_gpc. Use this whenever you need the actual value of a GET/POST # form parameter (which might have special characters) regardless of PHP's # magic_quotes_gpc setting. function unslashes($s) { if (get_magic_quotes_gpc()) return stripslashes($s); else return $s; } # Retourne le domaine par défaut; Utilisé si aucun domaine n'a été défini. function get_default_area() { if (OPTION_IP_ADR==1) { // Affichage d'un domaine par defaut en fonction de l'adresse IP de la machine cliente $res = sql_query("SELECT id FROM grr_area WHERE ip_adr='".$_SERVER['REMOTE_ADDR']."' ORDER BY access, order_display, area_name"); if ($res && sql_count($res)>0 ) { $row = sql_row($res, 0); return $row[0]; } } if(authGetUserLevel(getUserName(),-1) >= 5) // si l'admin est connecté, on cherche le premier domaine venu $res = sql_query("SELECT id FROM grr_area ORDER BY access, order_display, area_name"); else // s'il ne s'agit pas de l'admin, on cherche le premier domaine à accès non restreint $res = sql_query("SELECT id FROM grr_area where access!='r' ORDER BY access, order_display, area_name"); if ($res && sql_count($res)>0 ) { $row = sql_row($res, 0); return $row[0]; } else { // On cherche le premier domaine à accès restreint $res = sql_query("select id from grr_area, grr_j_user_area where grr_area.id=grr_j_user_area.id_area and login='" . getUserName() . "' ORDER BY order_display, area_name"); if ($res && sql_count($res)>0 ) { $row = sql_row($res, 0); return $row[0]; } else return 0; } } # Get the local day name based on language. Note 2000-01-02 is a Sunday. function day_name($daynumber) { return strftime("%A", mktime(0,0,0,1,2+$daynumber,2000)); } function hour_min_format() { global $twentyfourhour_format; if ($twentyfourhour_format) { return "H:i"; } else { return "h:ia"; } } function time_date_string($t,$dformat) { global $twentyfourhour_format; # This bit's necessary, because it seems %p in strftime format # strings doesn't work $ampm = date("a",$t); if ($twentyfourhour_format) { return strftime("%H:%M:%S - ".$dformat,$t); } else { return strftime("%I:%M:%S$ampm - ".$dformat,$t); } } # Output a start table cell tag with color class and fallback color. function tdcell($colclass) { # This should be 'static $ecolors = array(...)' but that crashes PHP3.0.12! static $ecolors; echo ""; } # Display the entry-type color key. This has up to 2 rows, up to 10 columns. function show_colour_key() { global $typel; echo "\n"; $nct = 0; for ($ct = "A"; $ct <= "Z"; $ct++) { if (!empty($typel[$ct])) { if (++$nct > 10) { $nct = 0; echo ""; } tdcell($ct); echo "$typel[$ct]\n"; } } echo "
\n"; } # Round time down to the nearest resolution function round_t_down($t, $resolution, $am7) { return (int)$t - (int)abs(((int)$t-(int)$am7) % $resolution); } # Round time up to the nearest resolution function round_t_up($t, $resolution, $am7) { if (($t-$am7) % $resolution != 0) { return $t + $resolution - abs(((int)$t-(int) $am7) % $resolution); } else { return $t; } } # generates some html that can be used to select which area should be # displayed. function make_area_select_html( $link, $current, $year, $month, $day, $user ) { global $vocab; $out_html = "$vocab[areas]
"; return $out_html; } # end make_area_select_html function make_room_select_html( $link, $area, $current, $year, $month, $day ) { global $vocab; $out_html = "$vocab[rooms]
"; return $out_html; } # end make_room_select_html function make_area_list_html($link, $current, $year, $month, $day, $user) { global $vocab; echo "$vocab[areas]
"; $sql = "select id, area_name from grr_area order by order_display, area_name"; $res = sql_query($sql); if ($res) for ($i = 0; ($row = sql_row($res, $i)); $i++) { if (authUserAccesArea($user,$row[0])==1) { if ($row[0] == $current) { echo "> ".htmlspecialchars($row[1])."
\n"; } else { echo "".htmlspecialchars($row[1])."
\n"; } } } } function make_room_list_html($link, $area, $current, $year, $month, $day) { global $vocab; echo "$vocab[rooms]
"; $sql = "select id, room_name, description from grr_room where area_id=$area order by room_name"; $res = sql_query($sql); if ($res) for ($i = 0; ($row = sql_row($res, $i)); $i++) { if ($row[0] == $current) { echo "> ".htmlspecialchars($row[1])."
\n"; } else { echo "".htmlspecialchars($row[1]). "
\n"; } } } function send_mail($id_entry,$action,$dformat) { global $vocab, $typel, $grrSettings, $locale, $weekstarts; require_once "./lib.inc.php"; setlocale(LC_ALL,$locale); $sql = " SELECT grr_entry.name, grr_entry.description, grr_entry.create_by, grr_room.room_name, grr_area.area_name, grr_entry.type, grr_entry.room_id, grr_entry.repeat_id, " . sql_syntax_timestamp_to_unix("grr_entry.timestamp") . ", (grr_entry.end_time - grr_entry.start_time), grr_entry.start_time, grr_entry.end_time FROM grr_entry, grr_room, grr_area WHERE grr_entry.room_id = grr_room.id AND grr_room.area_id = grr_area.id AND grr_entry.id=$id_entry "; $res = sql_query($sql); if (! $res) fatal_error(0, sql_error()); if(sql_count($res) < 1) fatal_error(0, $vocab['invalid_entry_id']); $row = sql_row($res, 0); sql_free($res); $name = htmlspecialchars($row[0]); $description = htmlspecialchars($row[1]); $create_by = htmlspecialchars($row[2]); $room_name = htmlspecialchars($row[3]); $area_name = htmlspecialchars($row[4]); $type = $row[5]; $room_id = $row[6]; $repeat_id = $row[7]; $updated = time_date_string($row[8],$dformat); $date_avis = strftime("%Y/%m/%d",$row[10]); $duration = $row[9]; $start_date = time_date_string($row[10],$dformat); $end_date = time_date_string($row[11],$dformat); $rep_type = 0; if($repeat_id != 0) { $res = sql_query("SELECT rep_type, end_date, rep_opt, rep_num_weeks FROM grr_repeat WHERE id=$repeat_id"); if (! $res) fatal_error(0, sql_error()); if (sql_count($res) == 1) { $row = sql_row($res, 0); $rep_type = $row[0]; $rep_end_date = strftime($dformat,$row[1]); $rep_opt = $row[2]; $rep_num_weeks = $row[3]; } sql_free($res); } toTimeString($duration, $dur_units); $repeat_key = "rep_type_" . $rep_type; # Now that we know all the data we start drawing it $sql = "select nom, prenom, email, etat from grr_utilisateurs where login='$create_by'"; $res = sql_query($sql); if (! $res) fatal_error(0, sql_error()); $row_user = sql_row($res, 0); $user_login=$_SESSION['login']; $sql = "select nom, prenom, email from grr_utilisateurs where login='$user_login'"; $res = sql_query($sql); if (! $res) fatal_error(0, sql_error()); $row_user_login = sql_row($res, 0); $message = getSettingValue("company")." - ".$vocab["title_mail"]; $message = $message.getSettingValue("grr_url")."\n\n"; $sujet = $vocab["subject_mail1"].$room_name." ".$date_avis; $message = $message.$vocab["the_user"].$row_user_login[0]." ".$row_user_login[1]." (".$row_user_login[2].")"; if ($action == 1) { $sujet = $sujet.$vocab["subject_mail_creation"]; $message = $message.$vocab["creation_booking"]; } else if ($action == 2) { $sujet = $sujet.$vocab["subject_mail_modify"]; $message = $message.$vocab["modify_booking"]; } else { $sujet = $sujet.$vocab["subject_mail_delete"]; $message = $message.$vocab["delete_booking"]; } $message=$message.$vocab["the_room"].$room_name." (".$area_name.") \n"; if (($action == 2) or ($action==3)) { $message = $message.$vocab["created_by"]; $message = $message.$vocab["the_user"].$row_user[0]." ".$row_user[1]." (".$row_user[2].") \n"; } $repondre = $row_user_login[2]; $expediteur = getSettingValue("webmaster_email"); // // texte de la réservation // $reservation = ''; $reservation = $reservation.$vocab["start_of_the_booking"]." ".$start_date."\n"; $reservation = $reservation.$vocab["duration"]." ".$duration." ".$dur_units."\n"; $reservation = $reservation.$vocab["namebooker"]." ".$name."\n"; if ($description !='') { $reservation = $reservation.$vocab["description"]." ".$description."\n"; } $temp = empty($typel[$type]) ? "?$type?" : $typel[$type]; $reservation = $reservation.$vocab["type"]." ".$temp."\n"; if($rep_type != 0) { $reservation = $reservation.$vocab["rep_type"]." ".$vocab[$repeat_key]."\n"; } if($rep_type != 0) { $opt = ""; if (($rep_type == 2) || ($rep_type == 6)) { # Display day names according to language and preferred weekday start. for ($i = 0; $i < 7; $i++) { $daynum = ($i + $weekstarts) % 7; if ($rep_opt[$daynum]) $opt .= day_name($daynum) . " "; } } if ($rep_type == 6) { $reservation = $reservation.$vocab["rep_num_weeks"].$vocab["rep_for_nweekly"]." ".$rep_num_weeks."\n"; } if($opt) $reservation = $reservation.$vocab["rep_rep_day"]." ".$opt."\n"; $reservation = $reservation.$vocab["rep_end_date"]." ".$rep_end_date."\n"; } $reservation = $reservation."-----\n"; $message = $message.$reservation; $message = $message.$vocab["msg_no_email"].$expediteur; // ------------------------------------------------------------------------- // // Classe Mail // // ------------------------------------------------------------------------- // // Auteur: Nicolas // // Web: http://www.progweb.com/ // // ------------------------------------------------------------------------- // /* Cette classe permet d'envoyer des mails très simplement. Tout comme un vrai un client mail, elle gère : champs From, To, Cc, Bcc, ReplyTo, Priority, Organization, Subject, Body, Format (html / text), Attachment (le mime type du document est détecté automatiquement). Cette classe permet également de vérifier la valider des mails. */ // Cas d'une modification ou d'une suppression d'un message par un utilisateur différent du créateur : // On envoie un message au créateur de la réservation pour l'avertir d'une modif ou d'une suppression // if ((($action == 2) or ($action==3)) and ($user_login != $create_by) and ($row_user[2]!='') and ($row_user[3]=='actif')) { $sujet2 = $vocab["subject_mail1"].$room_name." ".$date_avis; $message2 = getSettingValue("company")." - ".$vocab["title_mail"]; $message2 = $message2.getSettingValue("grr_url")."\n\n"; $message2 = $message2.$vocab["the_user"].$row_user_login[0]." ".$row_user_login[1]." (".$row_user_login[2].")"; if ($action == 2) { $sujet2 = $sujet2.$vocab["subject_mail_modify"]; $message2 = $message2.$vocab["modify_booking"]; } else { $sujet2 = $sujet2.$vocab["subject_mail_delete"]; $message2 = $message2.$vocab["delete_booking"]; } $message2=$message2.$vocab["the_room"].$room_name." (".$area_name.")"; $message2 = $message2.$vocab["created_by_you"]; $message2 = $message2."\n".$reservation; $destinataire2 = $row_user[2]; $repondre2 = $row_user_login[2]; $expediteur2 = getSettingValue("webmaster_email"); $m2= new Mail; $m2->AutoCheck(false); $m2->From( $expediteur2 ); $m2->To( $destinataire2 ); $m2->Subject( $sujet2 ); $m2->Body( $message2, "iso-8859-15"); $m2->ReplyTo( $repondre2 ); $m2->Organization( "Grr" ); $m2->Format("text"); $m2->Priority(3); $m2->Send(); $m2->Get(); } $sql = "SELECT u.email FROM grr_utilisateurs u, grr_j_mailuser_room j WHERE (j.id_room='$room_id' and u.login=j.login and u.etat='actif') order by u.nom, u.prenom"; $res = sql_query($sql); $nombre = sql_count($res); if ($nombre==0) { return; } else { for ($i = 0; ($row = sql_row($res, $i)); $i++) { $destinataire[$i] = $row[0]; } } // Create the mail $m= new Mail; // Check mail or not (by default mails is checked) $m->AutoCheck(false); // Set From $m->From( $expediteur ); // Set To (it can be an array or a string) // ["mail1", "mail2"] or "mail1, mail2" $m->To( $destinataire ); // Set Subject $m->Subject( $sujet ); // Set Body $m->Body( $message, "iso-8859-15"); // Set Reply To $m->ReplyTo( $repondre ); // Set Organization // $m->Organization( "Grr" ); // Set Format html / text $m->Format("text"); // Set Priority // 1 (Highest); 2 (High); 3 (Normal); 4 (Low); 5 (Lowest) $m->Priority(3); // Attach a file (it can be an array or a string) // ["file1", "file2"] or "file" // $m->Attach( "toto.gif" ); // Get a reception (by default not) // $m->Receipt(); // Send the mail $m->Send(); // Get the source mail $m->Get(); } function getUserName() { if (isset($_SESSION['login'])) return $_SESSION['login']; } /* getWritable($creator, $user, $id) * * Determines if a user is able to modify an entry * * $creator - The creator of the entry * $user - Who wants to modify it * $id - Which room are we checking * * Returns: * 0 - The user does not have the required access * non-zero - The user has the required access */ function getWritable($creator, $user, $id) { global $id; // Always allowed to modify your own stuff if($creator == $user) return 1; // allowed to modify stuffs if utilisateur has spécifics rights or statut = admin $id_room = sql_query1("SELECT room_id FROM grr_entry WHERE id=$id"); if(authGetUserLevel($user,$id_room) > 2) return 1; // Unathorised access return 0; } /* authGetUserLevel($user,$id,$type) * * Determine le niveau d'accès de l'utilisateur * * $user - l'identifiant de l'utilisateur * $id - l'identifiant de la ressource ou du domaine * $type - argument optionnel : 'room' (par défaut) si $id désigne une ressource et 'area' si $id désigne un domaine. * * Retourne le niveau d'accès de l'utilisateur */ function authGetUserLevel($user,$id, $type='room') { $level = 0; // User not logged in, user level '0' if(!isset($user)) return 0; // Check if the user is visitor $sql = "select login from grr_utilisateurs WHERE statut = 'visiteur'"; $res = sql_query($sql); if ($res) { for ($i = 0; ($row = sql_row($res, $i)); $i++) { if(strcasecmp($user, $row[0]) == 0) return 1; } } // Check if the user is just user $sql = "select login from grr_utilisateurs WHERE statut = 'utilisateur'"; $res = sql_query($sql); if ($res) { for ($i = 0; ($row = sql_row($res, $i)); $i++) { if(strcasecmp($user, $row[0]) == 0) $level = 2; } } if ($type == 'room') { // On regarde si l'utilisateur est gestionnaire des réservations pour une ressource $sql = "SELECT u.login FROM grr_utilisateurs u, grr_j_user_room j WHERE (u.statut = 'utilisateur' and u.login=j.login and j.id_room='$id' and u.login='$user')"; $res = sql_query($sql); if ($res) { for ($i = 0; ($row = sql_row($res, $i)); $i++) { if(strcasecmp($user, $row[0]) == 0) $level = 3; } } // On regarde si l'utilisateur est administrateur du domaine auquel la ressource $id appartient $id_area = sql_query1("select area_id from grr_room where id='".$id."'"); $res = sql_query1("SELECT u.login FROM grr_utilisateurs u, grr_j_useradmin_area j WHERE (u.statut = 'utilisateur' and u.login=j.login and j.id_area='$id_area' and u.login='$user')"); if ($res != '-1') $level = 4; } // On regarde si l'utilisateur est administrateur d'un domaine if ($type == 'area') { if ($id == '-1') { //On regarde si l'utilisateur est administrateur d'un domaine quelconque $res = sql_query1("SELECT u.login FROM grr_utilisateurs u, grr_j_useradmin_area j WHERE (u.statut = 'utilisateur' and u.login=j.login and u.login='$user')"); if ($res != '-1') $level = 4; } else { //On regarde si l'utilisateur est administrateur du domaine dont l'id est $id $res = sql_query1("SELECT u.login FROM grr_utilisateurs u, grr_j_useradmin_area j WHERE (u.statut = 'utilisateur' and u.login=j.login and j.id_area='$id' and u.login='$user')"); if ($res != '-1') $level = 4; } } if (($level==2) or ($level==3) or ($level==4)) return $level; // Check if the user is admin $sql = "SELECT login FROM grr_utilisateurs WHERE statut = 'administrateur'"; $res = sql_query($sql); if ($res) { for ($i = 0; ($row = sql_row($res, $i)); $i++) { if(strcasecmp($user, $row[0]) == 0) return 5; } } } /* authUserAccesArea($user,$id) * * Determines if the user access area * * $user - The user name * $id - Which area are we checking * */ function authUserAccesArea($user,$id) { if ($id=='') { return 0; die(); } $sql = "SELECT * FROM grr_utilisateurs WHERE (login = '$user' and statut='administrateur')"; $res = sql_query($sql); if (sql_count($res) != "0") return 1; $sql = "SELECT * FROM grr_area WHERE (id = '$id' and access='r')"; $res = sql_query($sql); $test = sql_count($res); if ($test == "0") { return 1; } else { $sql2 = "SELECT * FROM grr_j_user_area WHERE (login = '$user' and id_area = '$id')"; $res2 = sql_query($sql2); $test2 = sql_count($res2); if ($test2 != "0") { return 1; } else { return 0; } } } // function UserRoomMaxBooking // Cette fonction teste si l'utilisateur a la possibilité d'effectuer une réservation, compte tenu // des limitations éventuelles de la ressources et du nombre de réservations déjà effectuées. // function UserRoomMaxBooking($user, $id_room, $number) { if ($id_room == '') return 0; // On regarde si le nombre de réservation de la ressource est limité $sql = "SELECT max_booking FROM grr_room WHERE id = '$id_room'"; $result = sql_query1($sql); if ($result > 0) { if(authGetUserLevel($user,$id_room) < 2 ) { return 0; } else if(authGetUserLevel($user,$id_room) == 2) { $day = date("d"); $month = date("m"); $year = date("Y"); $hour = date("H"); $minute = date("i"); $now = mktime($hour, $minute, 0, $month, $day, $year); $max_booking = sql_query1("SELECT max_booking FROM grr_room WHERE id=$id_room"); $sql2 = "SELECT * FROM grr_entry WHERE (room_id = '$id_room' and create_by = '$user' and end_time > '$now')"; $res = sql_query($sql2); $nb_bookings = sql_count($res) + $number; if ($nb_bookings > $max_booking) { return 0; } else { return 1; } } else { // l'utilisateur est soit admin, soit administrateur de la ressource. return 1; } } else if ($result == 0) { if(authGetUserLevel($user,$id_room) >= 3) { return 1; } else { return 0; } } else { return 1; } } // function verif_booking_date($user, $id, $date_booking, $date_now) // $user : le login de l'utilisateur // $id : l'id de la ressource. Si -1, il s'agit d'une nouvelle réservation // $date_booking : la date de la réservation (n'est utile que si $id=-1) // $date_now : la date actuelle // function verif_booking_date($user, $id, $date_booking, $date_now) { global $allow_user_delete_after_beginning; // On teste si l'utilisateur est administrateur $sql = "select statut from grr_utilisateurs WHERE login = '$user'"; $statut = sql_query1($sql); if ($statut == 'administrateur') { return true; die(); } if ($id != -1) { // il s'agit de l'edition d'une réservation existante if (isset($allow_user_delete_after_beginning) and ($allow_user_delete_after_beginning == 1)) $sql = "SELECT end_time FROM grr_entry WHERE id = '$id'"; else $sql = "SELECT start_time FROM grr_entry WHERE id = '$id'"; $date_booking = sql_query1($sql); if ($date_booking < $date_now) { return false; die(); } else { return true; } } else { if ($date_booking>$date_now) { return true; } else { return false; } } } /* showAccessDenied() * * Displays an appropate message when access has been denied * * Returns: Nothing */ function showAccessDenied($day, $month, $year, $area, $back) { global $vocab, $authentification_obli; if (($authentification_obli==0) and (!isset($_SESSION['login']))) { $type_session = "no_session"; } else { $type_session = "with_session"; } print_header($day, $month, $year, $area,$type_session); ?>


".$vocab["accessdeniedtoomanybooking"]; ?>

getSettingValue("end_bookings"))) return -1; } function showNoBookings($day, $month, $year, $area, $back, $type_session) { global $vocab; print_header($day, $month, $year, $area,$type_session); ?>