';
/*
if (function_exists("getSettingValue")) {
$ad_site = getSettingValue("grr_url");
if (substr(getSettingValue("grr_url"), -1) != "/") $ad_site .= "/";
$a.='';
}
*/
$a.='';
$a .="\n$title";
$a .="\n";
$a .="\n\n
\n";
if (@file_exists($clock_file)) {
$a .='';
}
# show a warning if this is using a low version of php
if (substr(phpversion(), 0, 1) == 3) $a .=$vocab['not_php3'];
return $a;
}
function print_header($day, $month, $year, $area, $type="with_session", $page="no_admin")
{
global $vocab, $search_str, $grrSettings, $session_statut, $authentification_obli, $clock_file;
if ($type == "with_session") echo begin_page($vocab["mrbs"],"with_session"); else echo begin_page($vocab["mrbs"],"no_session") ;
// Si nous ne sommes pas dans un format imprimable
if ((!isset($_GET['pview'])) or ($_GET['pview'] != 1)) {
# If we dont know the right date then make it up
if(!$day) $day = date("d");
if(!$month)$month = date("m");
if(!$year) $year = date("Y");
if (!(isset($search_str))) $search_str = $vocab["search_for"];
if (empty($search_str)) $search_str = "";
?>
= 60)
{
$dur = $dur/60;
if($dur >= 60)
{
$dur /= 60;
if(($dur >= 24) && ($dur % 24 == 0))
{
$dur /= 24;
if(($dur >= 7) && ($dur % 7 == 0))
{
$dur /= 7;
if(($dur >= 52) && ($dur % 52 == 0))
{
$dur /= 52;
$units = $vocab["years"];
}
else
$units = $vocab["weeks"];
}
else
$units = $vocab["days"];
}
else
$units = $vocab["hours"];
}
else
$units = $vocab["minutes"];
}
else
$units = $vocab["seconds"];
}
function genDateSelector($prefix, $day, $month, $year,$option)
{
if($day == 0) $day = date("d");
if($month == 0) $month = date("m");
if($year == 0) $year = date("Y");
echo "";
echo "";
echo "";
}
# Error handler - this is used to display serious errors such as database
# errors without sending incomplete HTML pages. This is only used for
# errors which "should never happen", not those caused by bad inputs.
# If $need_header!=0 output the top of the page too, else assume the
# caller did that. Alway outputs the bottom of the page and exits.
function fatal_error($need_header, $message)
{
global $vocab;
if ($need_header) print_header(0, 0, 0, 0);
echo $message;
include "trailer.inc.php";
exit;
}
# Apply backslash-escape quoting unless PHP is configured to do it
# automatically. Use this for GET/POST form parameters, since we
# cannot predict if the PHP configuration file has magic_quotes_gpc on.
function slashes($s)
{
if (get_magic_quotes_gpc()) return $s;
else return addslashes($s);
}
# Remove backslash-escape quoting if PHP is configured to do it with
# magic_quotes_gpc. Use this whenever you need the actual value of a GET/POST
# form parameter (which might have special characters) regardless of PHP's
# magic_quotes_gpc setting.
function unslashes($s)
{
if (get_magic_quotes_gpc()) return stripslashes($s);
else return $s;
}
# Retourne le domaine par défaut; Utilisé si aucun domaine n'a été défini.
function get_default_area()
{
if (OPTION_IP_ADR==1) {
// Affichage d'un domaine par defaut en fonction de l'adresse IP de la machine cliente
$res = sql_query("SELECT id FROM grr_area WHERE ip_adr='".$_SERVER['REMOTE_ADDR']."' ORDER BY access, order_display, area_name");
if ($res && sql_count($res)>0 ) {
$row = sql_row($res, 0);
return $row[0];
}
}
if(authGetUserLevel(getUserName(),-1) >= 5)
// si l'admin est connecté, on cherche le premier domaine venu
$res = sql_query("SELECT id FROM grr_area ORDER BY access, order_display, area_name");
else
// s'il ne s'agit pas de l'admin, on cherche le premier domaine à accès non restreint
$res = sql_query("SELECT id FROM grr_area where access!='r' ORDER BY access, order_display, area_name");
if ($res && sql_count($res)>0 ) {
$row = sql_row($res, 0);
return $row[0];
} else {
// On cherche le premier domaine à accès restreint
$res = sql_query("select id from grr_area, grr_j_user_area where
grr_area.id=grr_j_user_area.id_area and
login='" . getUserName() . "'
ORDER BY order_display, area_name");
if ($res && sql_count($res)>0 ) {
$row = sql_row($res, 0);
return $row[0];
}
else
return 0;
}
}
# Get the local day name based on language. Note 2000-01-02 is a Sunday.
function day_name($daynumber)
{
return strftime("%A", mktime(0,0,0,1,2+$daynumber,2000));
}
function hour_min_format()
{
global $twentyfourhour_format;
if ($twentyfourhour_format)
{
return "H:i";
}
else
{
return "h:ia";
}
}
function time_date_string($t,$dformat)
{
global $twentyfourhour_format;
# This bit's necessary, because it seems %p in strftime format
# strings doesn't work
$ampm = date("a",$t);
if ($twentyfourhour_format)
{
return strftime("%H:%M:%S - ".$dformat,$t);
}
else
{
return strftime("%I:%M:%S$ampm - ".$dformat,$t);
}
}
# Output a start table cell tag
with color class and fallback color.
function tdcell($colclass)
{
# This should be 'static $ecolors = array(...)' but that crashes PHP3.0.12!
static $ecolors;
echo "
";
}
# Display the entry-type color key. This has up to 2 rows, up to 10 columns.
function show_colour_key()
{
global $typel;
echo "
\n";
$nct = 0;
for ($ct = "A"; $ct <= "Z"; $ct++)
{
if (!empty($typel[$ct]))
{
if (++$nct > 10)
{
$nct = 0;
echo "
\n";
}
# Round time down to the nearest resolution
function round_t_down($t, $resolution, $am7)
{
return (int)$t - (int)abs(((int)$t-(int)$am7)
% $resolution);
}
# Round time up to the nearest resolution
function round_t_up($t, $resolution, $am7)
{
if (($t-$am7) % $resolution != 0)
{
return $t + $resolution - abs(((int)$t-(int)
$am7) % $resolution);
}
else
{
return $t;
}
}
# generates some html that can be used to select which area should be
# displayed.
function make_area_select_html( $link, $current, $year, $month, $day, $user )
{
global $vocab;
$out_html = "$vocab[areas]";
return $out_html;
} # end make_area_select_html
function make_room_select_html( $link, $area, $current, $year, $month, $day )
{
global $vocab;
$out_html = "$vocab[rooms] ";
return $out_html;
} # end make_room_select_html
function make_area_list_html($link, $current, $year, $month, $day, $user) {
global $vocab;
echo "$vocab[areas] ";
$sql = "select id, area_name from grr_area order by order_display, area_name";
$res = sql_query($sql);
if ($res) for ($i = 0; ($row = sql_row($res, $i)); $i++)
{
if (authUserAccesArea($user,$row[0])==1) {
if ($row[0] == $current)
{
echo "> ".htmlspecialchars($row[1])." \n";
} else {
echo "".htmlspecialchars($row[1])." \n";
}
}
}
}
function make_room_list_html($link, $area, $current, $year, $month, $day) {
global $vocab;
echo "$vocab[rooms] ";
$sql = "select id, room_name, description from grr_room where area_id=$area order by room_name";
$res = sql_query($sql);
if ($res) for ($i = 0; ($row = sql_row($res, $i)); $i++)
{
if ($row[0] == $current)
{
echo "> ".htmlspecialchars($row[1])." \n";
} else {
echo "".htmlspecialchars($row[1]). " \n";
}
}
}
function send_mail($id_entry,$action,$dformat)
{
global $vocab, $typel, $grrSettings, $locale, $weekstarts;
require_once "./lib.inc.php";
setlocale(LC_ALL,$locale);
$sql = "
SELECT grr_entry.name,
grr_entry.description,
grr_entry.create_by,
grr_room.room_name,
grr_area.area_name,
grr_entry.type,
grr_entry.room_id,
grr_entry.repeat_id,
" . sql_syntax_timestamp_to_unix("grr_entry.timestamp") . ",
(grr_entry.end_time - grr_entry.start_time),
grr_entry.start_time,
grr_entry.end_time
FROM grr_entry, grr_room, grr_area
WHERE grr_entry.room_id = grr_room.id
AND grr_room.area_id = grr_area.id
AND grr_entry.id=$id_entry
";
$res = sql_query($sql);
if (! $res) fatal_error(0, sql_error());
if(sql_count($res) < 1) fatal_error(0, $vocab['invalid_entry_id']);
$row = sql_row($res, 0);
sql_free($res);
$name = htmlspecialchars($row[0]);
$description = htmlspecialchars($row[1]);
$create_by = htmlspecialchars($row[2]);
$room_name = htmlspecialchars($row[3]);
$area_name = htmlspecialchars($row[4]);
$type = $row[5];
$room_id = $row[6];
$repeat_id = $row[7];
$updated = time_date_string($row[8],$dformat);
$date_avis = strftime("%Y/%m/%d",$row[10]);
$duration = $row[9];
$start_date = time_date_string($row[10],$dformat);
$end_date = time_date_string($row[11],$dformat);
$rep_type = 0;
if($repeat_id != 0)
{
$res = sql_query("SELECT rep_type, end_date, rep_opt, rep_num_weeks FROM grr_repeat WHERE id=$repeat_id");
if (! $res) fatal_error(0, sql_error());
if (sql_count($res) == 1)
{
$row = sql_row($res, 0);
$rep_type = $row[0];
$rep_end_date = strftime($dformat,$row[1]);
$rep_opt = $row[2];
$rep_num_weeks = $row[3];
}
sql_free($res);
}
toTimeString($duration, $dur_units);
$repeat_key = "rep_type_" . $rep_type;
# Now that we know all the data we start drawing it
$sql = "select nom, prenom, email, etat from grr_utilisateurs where login='$create_by'";
$res = sql_query($sql);
if (! $res) fatal_error(0, sql_error());
$row_user = sql_row($res, 0);
$user_login=$_SESSION['login'];
$sql = "select nom, prenom, email from grr_utilisateurs where login='$user_login'";
$res = sql_query($sql);
if (! $res) fatal_error(0, sql_error());
$row_user_login = sql_row($res, 0);
$message = getSettingValue("company")." - ".$vocab["title_mail"];
$message = $message.getSettingValue("grr_url")."\n\n";
$sujet = $vocab["subject_mail1"].$room_name." ".$date_avis;
$message = $message.$vocab["the_user"].$row_user_login[0]." ".$row_user_login[1]." (".$row_user_login[2].")";
if ($action == 1) {
$sujet = $sujet.$vocab["subject_mail_creation"];
$message = $message.$vocab["creation_booking"];
} else if ($action == 2) {
$sujet = $sujet.$vocab["subject_mail_modify"];
$message = $message.$vocab["modify_booking"];
} else {
$sujet = $sujet.$vocab["subject_mail_delete"];
$message = $message.$vocab["delete_booking"];
}
$message=$message.$vocab["the_room"].$room_name." (".$area_name.") \n";
if (($action == 2) or ($action==3)) {
$message = $message.$vocab["created_by"];
$message = $message.$vocab["the_user"].$row_user[0]." ".$row_user[1]." (".$row_user[2].") \n";
}
$repondre = $row_user_login[2];
$expediteur = getSettingValue("webmaster_email");
//
// texte de la réservation
//
$reservation = '';
$reservation = $reservation.$vocab["start_of_the_booking"]." ".$start_date."\n";
$reservation = $reservation.$vocab["duration"]." ".$duration." ".$dur_units."\n";
$reservation = $reservation.$vocab["namebooker"]." ".$name."\n";
if ($description !='') {
$reservation = $reservation.$vocab["description"]." ".$description."\n";
}
$temp = empty($typel[$type]) ? "?$type?" : $typel[$type];
$reservation = $reservation.$vocab["type"]." ".$temp."\n";
if($rep_type != 0) {
$reservation = $reservation.$vocab["rep_type"]." ".$vocab[$repeat_key]."\n";
}
if($rep_type != 0)
{
$opt = "";
if (($rep_type == 2) || ($rep_type == 6))
{
# Display day names according to language and preferred weekday start.
for ($i = 0; $i < 7; $i++)
{
$daynum = ($i + $weekstarts) % 7;
if ($rep_opt[$daynum]) $opt .= day_name($daynum) . " ";
}
}
if ($rep_type == 6)
{ $reservation = $reservation.$vocab["rep_num_weeks"].$vocab["rep_for_nweekly"]." ".$rep_num_weeks."\n";
}
if($opt)
$reservation = $reservation.$vocab["rep_rep_day"]." ".$opt."\n";
$reservation = $reservation.$vocab["rep_end_date"]." ".$rep_end_date."\n";
}
$reservation = $reservation."-----\n";
$message = $message.$reservation;
$message = $message.$vocab["msg_no_email"].$expediteur;
// ------------------------------------------------------------------------- //
// Classe Mail //
// ------------------------------------------------------------------------- //
// Auteur: Nicolas //
// Web: http://www.progweb.com/ //
// ------------------------------------------------------------------------- //
/*
Cette classe permet d'envoyer des mails très simplement.
Tout comme un vrai un client mail, elle gère : champs From, To, Cc, Bcc, ReplyTo, Priority, Organization, Subject, Body,
Format (html / text), Attachment (le mime type du document est détecté automatiquement).
Cette classe permet également de vérifier la valider des mails.
*/
// Cas d'une modification ou d'une suppression d'un message par un utilisateur différent du créateur :
// On envoie un message au créateur de la réservation pour l'avertir d'une modif ou d'une suppression
//
if ((($action == 2) or ($action==3)) and ($user_login != $create_by) and ($row_user[2]!='') and ($row_user[3]=='actif')) {
$sujet2 = $vocab["subject_mail1"].$room_name." ".$date_avis;
$message2 = getSettingValue("company")." - ".$vocab["title_mail"];
$message2 = $message2.getSettingValue("grr_url")."\n\n";
$message2 = $message2.$vocab["the_user"].$row_user_login[0]." ".$row_user_login[1]." (".$row_user_login[2].")";
if ($action == 2) {
$sujet2 = $sujet2.$vocab["subject_mail_modify"];
$message2 = $message2.$vocab["modify_booking"];
} else {
$sujet2 = $sujet2.$vocab["subject_mail_delete"];
$message2 = $message2.$vocab["delete_booking"];
}
$message2=$message2.$vocab["the_room"].$room_name." (".$area_name.")";
$message2 = $message2.$vocab["created_by_you"];
$message2 = $message2."\n".$reservation;
$destinataire2 = $row_user[2];
$repondre2 = $row_user_login[2];
$expediteur2 = getSettingValue("webmaster_email");
$m2= new Mail;
$m2->AutoCheck(false);
$m2->From( $expediteur2 );
$m2->To( $destinataire2 );
$m2->Subject( $sujet2 );
$m2->Body( $message2, "iso-8859-15");
$m2->ReplyTo( $repondre2 );
$m2->Organization( "Grr" );
$m2->Format("text");
$m2->Priority(3);
$m2->Send();
$m2->Get();
}
$sql = "SELECT u.email FROM grr_utilisateurs u, grr_j_mailuser_room j WHERE
(j.id_room='$room_id' and u.login=j.login and u.etat='actif') order by u.nom, u.prenom";
$res = sql_query($sql);
$nombre = sql_count($res);
if ($nombre==0) {
return;
} else {
for ($i = 0; ($row = sql_row($res, $i)); $i++)
{
$destinataire[$i] = $row[0];
}
}
// Create the mail
$m= new Mail;
// Check mail or not (by default mails is checked)
$m->AutoCheck(false);
// Set From
$m->From( $expediteur );
// Set To (it can be an array or a string)
// ["mail1", "mail2"] or "mail1, mail2"
$m->To( $destinataire );
// Set Subject
$m->Subject( $sujet );
// Set Body
$m->Body( $message, "iso-8859-15");
// Set Reply To
$m->ReplyTo( $repondre );
// Set Organization
// $m->Organization( "Grr" );
// Set Format html / text
$m->Format("text");
// Set Priority
// 1 (Highest); 2 (High); 3 (Normal); 4 (Low); 5 (Lowest)
$m->Priority(3);
// Attach a file (it can be an array or a string)
// ["file1", "file2"] or "file"
// $m->Attach( "toto.gif" );
// Get a reception (by default not)
// $m->Receipt();
// Send the mail
$m->Send();
// Get the source mail
$m->Get();
}
function getUserName()
{
if (isset($_SESSION['login'])) return $_SESSION['login'];
}
/* getWritable($creator, $user, $id)
*
* Determines if a user is able to modify an entry
*
* $creator - The creator of the entry
* $user - Who wants to modify it
* $id - Which room are we checking
*
* Returns:
* 0 - The user does not have the required access
* non-zero - The user has the required access
*/
function getWritable($creator, $user, $id)
{
global $id;
// Always allowed to modify your own stuff
if($creator == $user)
return 1;
// allowed to modify stuffs if utilisateur has spécifics rights or statut = admin
$id_room = sql_query1("SELECT room_id FROM grr_entry WHERE id=$id");
if(authGetUserLevel($user,$id_room) > 2)
return 1;
// Unathorised access
return 0;
}
/* authGetUserLevel($user,$id,$type)
*
* Determine le niveau d'accès de l'utilisateur
*
* $user - l'identifiant de l'utilisateur
* $id - l'identifiant de la ressource ou du domaine
* $type - argument optionnel : 'room' (par défaut) si $id désigne une ressource et 'area' si $id désigne un domaine.
*
* Retourne le niveau d'accès de l'utilisateur
*/
function authGetUserLevel($user,$id, $type='room')
{
$level = 0;
// User not logged in, user level '0'
if(!isset($user)) return 0;
// Check if the user is visitor
$sql = "select login from grr_utilisateurs WHERE statut = 'visiteur'";
$res = sql_query($sql);
if ($res) {
for ($i = 0; ($row = sql_row($res, $i)); $i++)
{
if(strcasecmp($user, $row[0]) == 0) return 1;
}
}
// Check if the user is just user
$sql = "select login from grr_utilisateurs WHERE statut = 'utilisateur'";
$res = sql_query($sql);
if ($res) {
for ($i = 0; ($row = sql_row($res, $i)); $i++)
{
if(strcasecmp($user, $row[0]) == 0) $level = 2;
}
}
if ($type == 'room') {
// On regarde si l'utilisateur est gestionnaire des réservations pour une ressource
$sql = "SELECT u.login FROM grr_utilisateurs u, grr_j_user_room j
WHERE (u.statut = 'utilisateur' and u.login=j.login and j.id_room='$id' and u.login='$user')";
$res = sql_query($sql);
if ($res) {
for ($i = 0; ($row = sql_row($res, $i)); $i++)
{
if(strcasecmp($user, $row[0]) == 0) $level = 3;
}
}
// On regarde si l'utilisateur est administrateur du domaine auquel la ressource $id appartient
$id_area = sql_query1("select area_id from grr_room where id='".$id."'");
$res = sql_query1("SELECT u.login FROM grr_utilisateurs u, grr_j_useradmin_area j
WHERE (u.statut = 'utilisateur' and u.login=j.login and j.id_area='$id_area' and u.login='$user')");
if ($res != '-1') $level = 4;
}
// On regarde si l'utilisateur est administrateur d'un domaine
if ($type == 'area') {
if ($id == '-1') {
//On regarde si l'utilisateur est administrateur d'un domaine quelconque
$res = sql_query1("SELECT u.login FROM grr_utilisateurs u, grr_j_useradmin_area j
WHERE (u.statut = 'utilisateur' and u.login=j.login and u.login='$user')");
if ($res != '-1') $level = 4;
} else {
//On regarde si l'utilisateur est administrateur du domaine dont l'id est $id
$res = sql_query1("SELECT u.login FROM grr_utilisateurs u, grr_j_useradmin_area j
WHERE (u.statut = 'utilisateur' and u.login=j.login and j.id_area='$id' and u.login='$user')");
if ($res != '-1') $level = 4;
}
}
if (($level==2) or ($level==3) or ($level==4)) return $level;
// Check if the user is admin
$sql = "SELECT login FROM grr_utilisateurs WHERE statut = 'administrateur'";
$res = sql_query($sql);
if ($res) {
for ($i = 0; ($row = sql_row($res, $i)); $i++)
{
if(strcasecmp($user, $row[0]) == 0) return 5;
}
}
}
/* authUserAccesArea($user,$id)
*
* Determines if the user access area
*
* $user - The user name
* $id - Which area are we checking
*
*/
function authUserAccesArea($user,$id)
{
if ($id=='') {
return 0;
die();
}
$sql = "SELECT * FROM grr_utilisateurs WHERE (login = '$user' and statut='administrateur')";
$res = sql_query($sql);
if (sql_count($res) != "0") return 1;
$sql = "SELECT * FROM grr_area WHERE (id = '$id' and access='r')";
$res = sql_query($sql);
$test = sql_count($res);
if ($test == "0") {
return 1;
} else {
$sql2 = "SELECT * FROM grr_j_user_area WHERE (login = '$user' and id_area = '$id')";
$res2 = sql_query($sql2);
$test2 = sql_count($res2);
if ($test2 != "0") {
return 1;
} else {
return 0;
}
}
}
// function UserRoomMaxBooking
// Cette fonction teste si l'utilisateur a la possibilité d'effectuer une réservation, compte tenu
// des limitations éventuelles de la ressources et du nombre de réservations déjà effectuées.
//
function UserRoomMaxBooking($user, $id_room, $number) {
if ($id_room == '') return 0;
// On regarde si le nombre de réservation de la ressource est limité
$sql = "SELECT max_booking FROM grr_room WHERE id = '$id_room'";
$result = sql_query1($sql);
if ($result > 0) {
if(authGetUserLevel($user,$id_room) < 2 ) {
return 0;
} else if(authGetUserLevel($user,$id_room) == 2) {
$day = date("d");
$month = date("m");
$year = date("Y");
$hour = date("H");
$minute = date("i");
$now = mktime($hour, $minute, 0, $month, $day, $year);
$max_booking = sql_query1("SELECT max_booking FROM grr_room WHERE id=$id_room");
$sql2 = "SELECT * FROM grr_entry WHERE (room_id = '$id_room' and create_by = '$user' and end_time > '$now')";
$res = sql_query($sql2);
$nb_bookings = sql_count($res) + $number;
if ($nb_bookings > $max_booking) {
return 0;
} else {
return 1;
}
} else {
// l'utilisateur est soit admin, soit administrateur de la ressource.
return 1;
}
} else if ($result == 0) {
if(authGetUserLevel($user,$id_room) >= 3) {
return 1;
} else {
return 0;
}
} else {
return 1;
}
}
// function verif_booking_date($user, $id, $date_booking, $date_now)
// $user : le login de l'utilisateur
// $id : l'id de la ressource. Si -1, il s'agit d'une nouvelle réservation
// $date_booking : la date de la réservation (n'est utile que si $id=-1)
// $date_now : la date actuelle
//
function verif_booking_date($user, $id, $date_booking, $date_now) {
global $allow_user_delete_after_beginning;
// On teste si l'utilisateur est administrateur
$sql = "select statut from grr_utilisateurs WHERE login = '$user'";
$statut = sql_query1($sql);
if ($statut == 'administrateur') {
return true;
die();
}
if ($id != -1) {
// il s'agit de l'edition d'une réservation existante
if (isset($allow_user_delete_after_beginning) and ($allow_user_delete_after_beginning == 1))
$sql = "SELECT end_time FROM grr_entry WHERE id = '$id'";
else
$sql = "SELECT start_time FROM grr_entry WHERE id = '$id'";
$date_booking = sql_query1($sql);
if ($date_booking < $date_now) {
return false;
die();
} else {
return true;
}
} else {
if ($date_booking>$date_now) {
return true;
} else {
return false;
}
}
}
/* showAccessDenied()
*
* Displays an appropate message when access has been denied
*
* Returns: Nothing
*/
function showAccessDenied($day, $month, $year, $area, $back)
{
global $vocab, $authentification_obli;
if (($authentification_obli==0) and (!isset($_SESSION['login']))) {
$type_session = "no_session";
} else {
$type_session = "with_session";
}
print_header($day, $month, $year, $area,$type_session);
?>
![\"France\"](\"img_grr/fr_dp.png\" "\\"france\\"")
\n";
echo "![\"Deutch\"](\"img_grr/de_dp.png\" "\\"deutch\\"")
\n";
echo "![\"English\"](\"img_grr/en_dp.png\" "\\"English\\"")
\n";
//}
if ($authentification_obli == 1) {
echo "