$h) {
$h=$h+24;
}
if ($m2>$m) {
$m=$m+60;
$h2++;
}
if ($s2>$s) {
$s=$s+60;
$m2++;
}
$ht=$h-$h2;
$mt=$m-$m2;
$st=$s-$s2;
if (strlen($ht)==1) {
$ht="0".$ht;
}
if (strlen($mt)==1) {
$mt="0".$mt;
}
if (strlen($st)==1) {
$st="0".$st;
}
return $ht.":".$mt.":".$st;
}
/*********************************************************************************/
/****************************************************************************/
function dateadd($per,$n,$d)
{
switch($per) {
case "yyyy":
$n*=12;
break;
case "m":
$d=mktime(date("H",$d),date("i",$d),date("s",$d),date("n",$d)+$n,date("j",$d),date("Y",$d));
$n=0; break;
case "w":
$n*=7;
case "d":
$n*=24;
case "h":
$n*=60;
case "n":
$n*=60;
}
return ($d+$n);
}
/******************************************************************************/
//'session("CodeAdmin") = 4
//'session("accesslevel") = 5
//''' initiate global vars and constants
//''' instantiate error handling and messaging
//set error_list = CreateObject("Scripting.Dictionary") // objet pour le hachage
//set msg_list = CreateObject("Scripting.Dictionary") // o
//on error resume next
/*if err.number <> 0 then response.redirect "error.asp"
on error goto 0*/
$error_list=array();
$msg_list=array();
//''' command object
//set cmd = Server.CreateObject("ADODB.Command") //infos de connexion
//cmd.ActiveConnection = cn
//''' recordset object
//set rs = Server.CreateObject("ADODB.Recordset")
//''' set locale identifier - default is US English
//''' (http://msdn.microsoft.com/library/default.asp?url=/library/en-us/script56/html/vsmsclcid.asp)
//session.lcid = 1033
/*'::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
'' ERROR AND MESSAGE DISPLAY SUBS
':::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: */
function display_errs() {
/*':::::::::::::::::::::::::::::::::::::::::::::::::::::
' display content of the error dictionary object
'::::::::::::::::::::::::::::::::::::::::::::::::::::: */
global $error_list;
if (count($error_list) > 0) {
//''' display errors
$a_errors=array_values($error_list);
for ($i = 0; $i <= (sizeof($error_list) - 1); $i++){
echo( "
".$a_errors[$i]."
");
}
}
}
function display_msg() {
/*':::::::::::::::::::::::::::::::::::::::::::::::::::::
' displays msgs after successful database action
':::::::::::::::::::::::::::::::::::::::::::::::::::::
':: check if a msg was passed to the page */
global $msg_list;
if ((isset($_REQUEST["msg"])) && ($_REQUEST["msg"] <> "")){
$msg = str_replace("://", "", $_REQUEST["msg"]);
$msg = str_replace("script", "", $_REQUEST["msg"]);
$msg = str_replace("%", "", $_REQUEST["msg"]); // voir est-ce que c % ou ?
$msg = str_replace("form", "", $_REQUEST["msg"]);
$msg_list["msg"]=$msg;
}
// ':: display messages
$a_msg=array_values($msg_list);
for ($i = 0; $i <= (sizeof($msg_list) - 1); $i++){
echo( "
".$a_msg[$i]."
");
}
}
/*'::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
'' USER MANAGMENT FUNCTIONS
'::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::*/
function check_security($iLevel) {
/*':::::::::::::::::::::::::::::::::::::::::::::::::::::
' authenticates user and verifies access level
':::::::::::::::::::::::::::::::::::::::::::::::::::::*/
if (($_SESSION["CodeAdmin"] == "") || (is_Null($_SESSION["accesslevel"]))) {
Header("Location: login.php?ret_page=".to_url(getenv("SCRIPT_NAME"))."?"."");
Header("Location:".getenv("QUERY_STRING")."");
}elseif ($_SESSION["accesslevel"] <> "") { //entierlong=clng(chaine)
//pas necessaire en php
if ($_SESSION["accesslevel"] < $iLevel)
Header("Location: login.php?action=noaccess&ret_page=".to_url(getenv("SCRIPT_NAME"))."?".getenv("QUERY_STRING"));
else {
$CodeAdmin = $_SESSION["CodeAdmin"];
$accesslevel = $_SESSION["accesslevel"];
}
}
}
function do_login() {
/*':::::::::::::::::::::::::::::::::::::::::::::::::::::
' autheticates user in db and creates session
'::::::::::::::::::::::::::::::::::::::::::::::::::::: */
$sql = "SELECT NomU, password FROM admin WHERE NomU = ".to_sql($NomU,"text")." AND password = ". to_sql($password,"text")."";
$rs= mysql_query($Sql);
if ($row = mysql_fetch_assoc($rs)) {
//'login failed
$error_list["login"] = "Nom d'utilisateur ou mot de passe incorrect." ;
$b_error = true ;
}else{
// 'login and password passed
$sql = "SELECT CodeAdmin, accesslevel FROM admin WHERE NomU = ".to_sql($NomU,"text")." AND password = ".to_sql($password,"text")."";
$rs= mysql_query($Sql);
if ($row = mysql_fetch_row($rs)) {
// 'should never happen
$error_list["login"] = "L'utilisateur n'éxiste pas.";
$b_error = true;
}else{
// 'login user
$_SESSION["CodeAdmin"] = $row[0];
$_SESSION["accesslevel"] = $row[1];
//'add Nom Utilisateur to app dict (global.asa)
if (isset($online_Admin)) $online_Admin[session.sessionid] = $_SESSION["CodeAdmin"].",".$NomU;
// 'store last visit date in session, set current date in db
if (!empty($php_errormsg)) break; // on error resume next
$rs = mysql_query("SELECT dtlast FROM admin WHERE CodeAdmin = ".to_sql($_SESSION["CodeAdmin"],"number"));
if ($row = mysql_fetch_row($rs)) {
$_SESSION["dtlast"] = $row[0];
//if err.number = 0
if (empty($php_errormsg)) {
mysql_query("UPDATE admin SET last_ip='".getenv("REMOTE_ADDR")."', dtlast = ".to_sql($now,"date")." WHERE CodeAdmin = ".to_sql($_SESSION["CodeAdmin"],"number")."");
// if (!empty($php_errormsg)) goto 0; voir pour le goto en php
//'where to next?
$querystring = $_REQUEST["querystring"];
$ret_page = $_REQUEST["ret_page"];
if (($ret_page <> getenv("SCRIPT_NAME")) && ($ret_page <> ""))
//'return to page that preceded login
Echo($ret_page);
else
//'go home
Header("Location: default.php");
}
}
}
}
mysql_free_result($rs);
}
/*'::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
'' FORMATTING FUNCTIONS
':::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: */
function to_url($strValue) {
/*':::::::::::::::::::::::::::::::::::::::::::::::::::::
' make passed paramters url friendly
'::::::::::::::::::::::::::::::::::::::::::::::::::::: */
if (IsNull($strValue)) $strValue = "";
$to_url = urlencode($strValue);
return($to_url);
}
function to_html($strValue) {
/*':::::::::::::::::::::::::::::::::::::::::::::::::::::
' convert and clean string
'::::::::::::::::::::::::::::::::::::::::::::::::::::: */
if (Is_Null($strValue)) $strValue = "" ;
$strValue = str_replace("<%", "<".chr(37), $strValue);
$strValue = str_replace("%>", chr(37).">", $strValue);
$strValue = str_replace("<script%", "","</script>",1,$Value);
$to_sql = "'".str_replace("'", "''",$Value)."'";
}elseif (strpos($Value,".")) {
$to_sql = $Value;
}else{
$to_sql = (int)($Value);
}
return($to_sql);
}
//':::::::::::::::::::::::::::::::::::::::::::
//Cette fonction sera remplacée par strip_tags() fonction de php
/*function strip_html($str_html) {
':::::::::::::::::::::::::::::::::::::::::::::::::::::
' removes html tags from str_html
':::::::::::::::::::::::::::::::::::::::::::::::::::::
set objRegExp = new Regexp
objRegExp.IgnoreCase = True
objRegExp.Global = True
objRegExp.Pattern = "<(.|\n)+? >"
str_output = objRegExp.str_replace(str_html, "")
str_output = str_replace(str_output, "<", "<")
str_output = str_replace(str_output, ">", ">")
strip_html = str_output
set objRegExp = Nothing
}
*/
function get_options($sql,$selected_value){
/*':::::::::::::::::::::::::::::::::::::::::::::::::::::
' displays option tags for a select list
':::::::::::::::::::::::::::::::::::::::::::::::::::::*/
if (is_Null($selected_value)) $selected_value = "";
$rsSelect= mysql_query($Sql);
while ($row = mysql_fetch_row($rsSelect)) {
if (!is_Null($row[0])) {
$get_options = $get_options.""."\n".chr(9).chr(9);
}
//rsSelect.MoveNext //Pas besoin
}
mysql_free_result($rsSelect);
return($get_options);
}
function is_reserved($strValue) {
/*':::::::::::::::::::::::::::::::::::::::::::::::::::::
' compare a string with a list of vb and sql reserved words
'::::::::::::::::::::::::::::::::::::::::::::::::::::: */
$reserved_words = "|and||as||boolean||byref||byte||byval||call||case||class||const||currency||date||desc||debug||dim||do||double||each||else||elseif||empty||end||endif||enum||eqv||event||exit||false||for||function||get||goto||if||imp||implements||in||integer||is||let||like||long||loop||lset||me||mod||new||next||not||nothing||null||on||option||optional||or||paramarray||preserve||private||public||raiseevent||redim||rem||resume||rows||rset||select||set||shared||single||size||static||stop||sub||then||to||true||type||typeof||until||variant||wend||while||with||xor|" ;
if (strpos($reserved_words,"|".strtolower($strValue)."|") > 0)
$is_reserved = true;
else
$is_reserved = false;
return($is_reserved);
}
/*':: correct secure urls :::::::::::::::::::::::::::::::::::::::
': this section assures that user does not persist in
': ssl (https://) mode. only pages in the application
': secure_pages variable (global.asa) will stay in https.
'::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::*/
//if request.servervariables("https") = "on" then
//': list of pages where https is permitted
/*secure_list = application("secure_pages")
this_page = request.servervariables("script_name")
a_tmp = split(secure_list, ",")
for ctr = 0 to uBound(a_tmp)
if instr(this_page,trim(a_tmp(ctr))) > 0 then
'' this page should be secure
b_redirect = false
exit for
else
b_redirect = true
end if
next
if b_redirect then response.redirect "http://" & request.servervariables("server_name") & request.servervariables("script_name")
end if*/
//'::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
?>