00001 <?php
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020
00021
00022
00023
00024
00025
00026
00027
00028
00029
00030 require_once("constant.php");
00031 require_once("user_common.php");
00032 require_once('class_dossier.php');
00033 require_once('ac_common.php');
00034
00035 class User
00036 {
00037
00038 var $id;
00039 var $pass;
00040 var $db;
00041 var $admin;
00042 var $valid;
00043
00044 function User(&$p_cn, $p_id = -1)
00045 {
00046
00047 if ($p_id == -1)
00048 {
00049 if (!isset($_SESSION['g_user']))
00050 {
00051 echo '<h2 class="error">' . _('Session expirée<br>Utilisateur déconnecté') . '</h2>';
00052 redirect('index.php', 1);
00053 exit();
00054 }
00055
00056 $this->login = $_SESSION['g_user'];
00057 $this->pass = $_SESSION['g_pass'];
00058 $this->lang = (isset($_SESSION['g_lang'])) ? $_SESSION['g_lang'] : 'fr_FR.utf8';
00059 $this->valid = (isset($_SESSION['isValid'])) ? 1 : 0;
00060 $this->db = $p_cn;
00061 $this->id = -1;
00062 if (isset($_SESSION['g_theme']))
00063 $this->theme = $_SESSION['g_theme'];
00064
00065 $this->admin = ( isset($_SESSION['use_admin']) ) ? $_SESSION['use_admin'] : 0;
00066
00067 if (isset($_SESSION['use_name']))
00068 $this->name = $_SESSION['use_name'];
00069 if (isset($_SESSION['use_first_name']))
00070 $this->first_name = $_SESSION['use_first_name'];
00071 $this->load();
00072 }
00073 else
00074 {
00075 $this->id = $p_id;
00076 $this->db = $p_cn;
00077 $this->load();
00078 }
00079 }
00080
00081
00082
00083
00084
00085
00086
00087 function load()
00088 {
00089
00090
00091 if ($this->id < 0)
00092 {
00093 $sql_cond = " where use_login=$1";
00094 $sql_array = array($this->login);
00095 }
00096 else
00097 {
00098 $sql_cond = " where use_id=$1";
00099 $sql_array = array($this->id);
00100 }
00101 $sql = "select use_id,
00102 use_first_name,
00103 use_name,
00104 use_login,
00105 use_active,
00106 use_admin,
00107 use_pass
00108 from ac_users ";
00109 $cn = new Database();
00110 $Res = $cn->exec_sql($sql . $sql_cond, $sql_array);
00111 if (($Max = Database::num_row($Res)) == 0)
00112 return -1;
00113 $row = Database::fetch_array($Res, 0);
00114 $this->id = $row['use_id'];
00115 $this->first_name = $row['use_first_name'];
00116 $this->name = $row['use_name'];
00117 $this->active = $row['use_active'];
00118 $this->login = $row['use_login'];
00119 $this->admin = $row['use_admin'];
00120 $this->password = $row['use_pass'];
00121 }
00122
00123 function save()
00124 {
00125
00126 $Sql = "update ac_users set use_first_name=$1, use_name=$2
00127 ,use_active=$3,use_admin=$4,use_pass=$5 where use_id=$6";
00128 $cn = new Database();
00129 $Res = $cn->exec_sql($Sql, array($this->first_name, $this->last_name, $this->active, $this->admin, $this->pass, $this->id));
00130 }
00131
00132
00133
00134
00135
00136
00137
00138
00139
00140 function Check($silent = false, $from = '')
00141 {
00142
00143 $res = 0;
00144 $pass5 = md5($this->pass);
00145
00146 $cn = new Database();
00147 $sql = "select ac_users.use_login,ac_users.use_active, ac_users.use_pass,
00148 use_admin,use_first_name,use_name
00149 from ac_users
00150 where ac_users.use_id='$this->id'
00151 and ac_users.use_active=1
00152 and ac_users.use_pass='$pass5'";
00153 $ret = $cn->exec_sql($sql);
00154 $res = Database::num_row($ret);
00155 if ($res > 0)
00156 {
00157 $r = Database::fetch_array($ret, 0);
00158 $_SESSION['use_admin'] = $r['use_admin'];
00159 $_SESSION['use_name'] = $r['use_name'];
00160 $_SESSION['use_first_name'] = $r['use_first_name'];
00161 $_SESSION['isValid'] = 1;
00162
00163 $this->admin = $_SESSION['use_admin'];
00164 $this->name = $_SESSION['use_name'];
00165 $this->first_name = $_SESSION['use_first_name'];
00166 $this->load_global_pref();
00167 }
00168 $sql = "insert into audit_connect (ac_user,ac_ip,ac_module,ac_url,ac_state) values ($1,$2,$3,$4,$5)";
00169
00170 if ($res == 0)
00171 {
00172 $cn->exec_sql($sql, array($_SESSION['g_user'], $_SERVER["REMOTE_ADDR"], $from, $_SERVER['REQUEST_URI'], 'FAIL'));
00173 if (!$silent)
00174 {
00175 alert(_('Utilisateur ou mot de passe incorrect'));
00176 redirect('index.html');
00177 }
00178 $this->valid = 0;
00179 session_unset();
00180 exit - 1;
00181 }
00182 else
00183 {
00184 if ($from == 'LOGIN')
00185 $cn->exec_sql($sql, array($_SESSION['g_user'], $_SERVER["REMOTE_ADDR"], $from, $_SERVER['REQUEST_URI'], 'SUCCESS'));
00186 $this->valid = 1;
00187 }
00188
00189 return $ret;
00190 }
00191
00192
00193
00194
00195
00196
00197
00198
00199
00200
00201 function get_folder_access($p_dossier = 0)
00202 {
00203
00204 if ($p_dossier == 0)
00205 $p_dossier = dossier::id();
00206 if ($this->is_local_admin($p_dossier) == 1 || $this->admin == 1)
00207 return 'L';
00208 $cn = new Database();
00209
00210 $sql = "select priv_priv from priv_user join jnt_use_dos on (jnt_id=priv_jnt) join ac_users using (use_id)
00211 where use_id=$1 and dos_id=$2";
00212
00213 $res = $cn->get_value($sql, array($this->id, $p_dossier));
00214 if ($res == '')
00215 return 'X';
00216 return $res;
00217 }
00218
00219
00220
00221
00222
00223
00224 function set_folder_access($db_id, $priv)
00225 {
00226
00227 $cn = new Database();
00228 $jnt = $cn->get_value("select jnt_id from jnt_use_dos where dos_id=$1 and use_id=$2", array($db_id, $this->id));
00229
00230 if ($cn->size() == 0)
00231 {
00232
00233 $Res = $cn->exec_sql("insert into jnt_use_dos(dos_id,use_id) values($1,$2)", array($db_id, $this->id));
00234 $jnt = $cn->get_value("select jnt_id from jnt_use_dos where dos_id=$1 and use_id=$2", array($db_id, $this->id));
00235 $Res = $cn->exec_sql("insert into priv_user (priv_priv,priv_jnt) values($1,$2)", array($priv, $jnt));
00236 }
00237 $Res = $cn->exec_sql("update priv_user set priv_priv=$1 where priv_jnt=$2", array($priv, $jnt));
00238 }
00239
00240
00241
00242
00243
00244
00245
00246
00247
00248
00249
00250
00251
00252 function get_ledger_access($p_ledger)
00253 {
00254 if ($this->admin == 1 ||
00255 $this->is_local_admin(dossier::id()) == 1)
00256 return 'W';
00257
00258 $sql = "select uj_priv from user_sec_jrn where uj_login=$1 and uj_jrn_id=$2";
00259 $res = $this->db->get_value($sql, array($this->login, $p_ledger));
00260
00261 if ($res == '')
00262 $res = 'X';
00263 return $res;
00264 }
00265
00266
00267
00268
00269
00270
00271
00272
00273
00274
00275
00276
00277
00278
00279
00280
00281
00282
00283 function get_ledger($p_type = 'ALL', $p_access = 3)
00284 {
00285 if ($this->admin != 1 && $this->is_local_admin() != 1)
00286 {
00287 $sql_type = ($p_type == 'ALL') ? '' : "and jrn_def_type=upper('" . sql_string($p_type) . "')";
00288 switch ($p_access)
00289 {
00290 case 3:
00291 $sql_access = " and uj_priv!= 'X'";
00292 break;
00293 case 2:
00294 $sql_access = " and uj_priv = 'W'";
00295 break;
00296
00297 case 1:
00298 $sql_access = " and ( uj_priv = 'R' or uj_priv='W') ";
00299 break;
00300 }
00301
00302 $sql = "select jrn_def_id,jrn_def_type,
00303 jrn_def_name,jrn_def_class_deb,jrn_def_class_cred,jrn_type_id,jrn_desc,uj_priv,
00304 jrn_deb_max_line,jrn_cred_max_line,jrn_def_description
00305 from jrn_def join jrn_type on jrn_def_type=jrn_type_id
00306 join user_sec_jrn on uj_jrn_id=jrn_def_id
00307 where
00308 uj_login='" . $this->login . "'" .
00309 $sql_type . $sql_access .
00310 " order by jrn_Def_id";
00311 }
00312 else
00313 {
00314 $sql_type = ($p_type == 'ALL') ? '' : "where jrn_def_type=upper('" . sql_string($p_type) . "')";
00315 $sql = "select jrn_def_id,jrn_def_type,jrn_def_name,jrn_def_class_deb,jrn_def_class_cred,jrn_deb_max_line,jrn_cred_max_line,
00316 jrn_type_id,jrn_desc,'W' as uj_priv,jrn_def_description
00317 from jrn_def join jrn_type on jrn_def_type=jrn_type_id
00318 $sql_type
00319 order by jrn_Def_name";
00320 }
00321 $res = $this->db->exec_sql($sql);
00322 if (Database::num_row($res) == 0)
00323 return null;
00324 $array = Database::fetch_all($res);
00325 return $array;
00326 }
00327
00328
00329
00330
00331
00332
00333
00334
00335 function get_ledger_sql($p_type = 'ALL', $p_access = 3)
00336 {
00337 $aLedger = $this->get_ledger($p_type, $p_access);
00338 if (empty($aLedger))
00339 return ' jrn_def_id < 0 ';
00340 $sql = " jrn_def_id in (";
00341 foreach ($aLedger as $row)
00342 {
00343 $sql.=$row['jrn_def_id'] . ',';
00344 }
00345 $sql.='-1)';
00346 return $sql;
00347 }
00348
00349
00350
00351
00352
00353
00354
00355 function Admin()
00356 {
00357 if ($this->login != 'phpcompta')
00358 {
00359 $pass5 = md5($this->pass);
00360 $sql = "select use_admin from ac_users where use_login=$1
00361 and use_active=1 ";
00362
00363 $cn = new Database();
00364 $res = $cn->exec_sql($sql, array($this->login));
00365 if (Database::num_row($res) == 0)
00366 exit(__FILE__ . " " . __LINE__ . " aucun resultat");
00367 $this->admin = Database::fetch_result($res, 0);
00368 }
00369 else
00370 $this->admin = 1;
00371
00372 return $this->admin;
00373 }
00374
00375
00376
00377
00378
00379
00380
00381
00382
00383 function set_periode($p_periode)
00384 {
00385 $sql = "update user_local_pref set parameter_value='$p_periode' where user_id='$this->id' and parameter_type='PERIODE'";
00386 $Res = $this->db->exec_sql($sql);
00387 }
00388
00389 private function set_default_periode()
00390 {
00391
00392
00393 $sql = 'select min(p_id) as pid from parm_periode where p_closed = false and p_start = (select min(p_start) from parm_periode)';
00394 $Res = $this->db->exec_sql($sql);
00395
00396 $pid = Database::fetch_result($Res, 0, 0);
00397
00398 if ($pid == null)
00399 {
00400 $sql = 'select min(p_id) as pid from parm_periode where p_start = (select max(p_start) from parm_periode)';
00401 $Res2 = $this->db->exec_sql($sql);
00402 $pid = Database::fetch_result($Res2, 0, 0);
00403 if ($pid == null)
00404 {
00405 echo _("Aucune période trouvéee !!!");
00406 exit(1);
00407 }
00408
00409 $pid = Database::fetch_result($Res2, 0, 0);
00410 }
00411
00412 $sql = sprintf("insert into user_local_pref (user_id,parameter_value,parameter_type)
00413 values ('%s','%d','PERIODE')", $this->id, $pid);
00414 $Res = $this->db->exec_sql($sql);
00415 }
00416
00417
00418
00419
00420
00421
00422
00423
00424
00425 function get_periode()
00426 {
00427
00428 $array = $this->get_preference();
00429 if (!isset($array['PERIODE']))
00430 {
00431 $this->set_default_periode();
00432 $array = $this->get_preference();
00433 }
00434 return $array['PERIODE'];
00435 }
00436
00437
00438
00439
00440
00441 function get_mini_report()
00442 {
00443 $array = $this->get_preference();
00444 $fr_id = (isset($array['MINIREPORT'])) ? $array['MINIREPORT'] : 0;
00445 return $fr_id;
00446 }
00447
00448
00449
00450
00451 function set_mini_report($p_id)
00452 {
00453 $count = $this->db->get_value("select count(*) from user_local_pref where user_id=$1 and parameter_type=$2", array($this->id, 'MINIREPORT'));
00454 if ($count == 1)
00455 {
00456 $sql = "update user_local_pref set parameter_value=$1 where user_id=$2 and parameter_type='MINIREPORT'";
00457 $Res = $this->db->exec_sql($sql, array($p_id, $this->id));
00458 }
00459 else
00460 {
00461 $sql = "insert into user_local_pref (user_id,parameter_type,parameter_value)" .
00462 "values($1,'MINIREPORT',$2)";
00463 $Res = $this->db->exec_sql($sql, array($this->id, $p_id));
00464 }
00465 }
00466
00467 function save_global_preference($key, $value)
00468 {
00469 $repo = new Database();
00470 $count = $repo->get_value("select count(*)
00471 from
00472 user_global_pref
00473 where
00474 parameter_type=$1 and user_id=$2", array($key, $this->login));
00475 if ($count == 1)
00476 {
00477 $repo->exec_sql("update user_global_pref set parameter_value=$1
00478 where parameter_type=$2 and user_id=$3", array($value, $key, $this->login));
00479 }
00480 elseif ($count == 0)
00481 {
00482 $repo->exec_sql("insert into user_global_pref(user_id,parameter_type,parameter_value)
00483 values($1,$2,$3)", array($this->login, $key, $value));
00484 }
00485 }
00486
00487
00488
00489
00490
00491
00492 function get_preference()
00493 {
00494 $sql = "select parameter_type,parameter_value from user_local_pref where user_id=$1";
00495 $Res = $this->db->exec_sql($sql, array($this->id));
00496 $l_array = array();
00497 for ($i = 0; $i < Database::num_row($Res); $i++)
00498 {
00499 $row = Database::fetch_array($Res, $i);
00500 $type = $row['parameter_type'];
00501 $l_array[$type] = $row['parameter_value'];
00502 }
00503
00504
00505 return $l_array;
00506 }
00507
00508
00509
00510
00511
00512
00513 function check_module($p_module)
00514 {
00515 $acc = $this->db->get_value("select count(*) from v_all_menu where user_name = $1
00516 and me_code=$2", array($this->login, $p_module));
00517 if ($acc == 0)
00518 {
00519 $this->audit("FAIL", $p_module);
00520 return 0;
00521 }
00522 $this->audit("SUCCESS", $p_module);
00523 return 1;
00524 }
00525
00526
00527
00528
00529
00530
00531
00532
00533
00534
00535 function check_action($p_action_id)
00536 {
00537
00538 global $audit;
00539 if ($this->Admin() == 1)
00540 return 1;
00541 if ($this->is_local_admin(dossier::id()) == 1)
00542 return 1;
00543
00544 $Res = $this->db->exec_sql(
00545 "select * from user_sec_act where ua_login=$1 and ua_act_id=$2", array($this->login, $p_action_id));
00546 $Count = Database::num_row($Res);
00547 if ($Count == 0)
00548 {
00549 if (isset($audit) && $audit == true)
00550 {
00551 $cn = new Database();
00552 $sql = "insert into audit_connect (ac_user,ac_ip,ac_module,ac_url,ac_state) values ($1,$2,$3,$4,$5)";
00553 $cn->exec_sql($sql, array($_SESSION['g_user'], $_SERVER["REMOTE_ADDR"], $p_action_id, $_SERVER['REQUEST_URI'], 'FAIL'));
00554 }
00555 return 0;
00556 }
00557 if ($Count == 1)
00558 return 1;
00559 echo "<H2 class=\"error\"> Action Invalide !!! $Count select * from user_sec_act where ua_login='$p_login' and ua_act_id=$p_action_id </H2>";
00560 exit();
00561 }
00562
00563
00564
00565
00566
00567
00568
00569
00570 function load_global_pref()
00571 {
00572 $cn = new Database();
00573
00574 $Res = $cn->exec_sql("select parameter_type,parameter_value from
00575 user_global_pref
00576 where user_id='" . $this->login . "'");
00577 $Max = Database::num_row($Res);
00578 if ($Max == 0)
00579 {
00580 $this->insert_default_global_pref();
00581 $this->load_global_pref();
00582 return;
00583 }
00584
00585 $line = array();
00586 for ($i = 0; $i < $Max; $i++)
00587 {
00588 $row = Database::fetch_array($Res, $i);
00589 $type = $row['parameter_type'];
00590 $line[$type] = $row['parameter_value'];
00591 ;
00592 }
00593
00594 $array_pref = array('g_theme' => 'THEME', 'g_pagesize' => 'PAGESIZE', 'g_topmenu' => 'TOPMENU', 'g_lang' => 'LANG');
00595 foreach ($array_pref as $name => $parameter)
00596 {
00597 if (!isset($line[$parameter]))
00598 {
00599 $this->insert_default_global_pref($parameter);
00600 $this->load_global_pref();
00601 return;
00602 }
00603 $_SESSION[$name] = $line[$parameter];
00604 }
00605 }
00606
00607
00608
00609
00610
00611
00612
00613
00614
00615
00616 function insert_default_global_pref($p_type = "", $p_value = "")
00617 {
00618
00619 $default_parameter = array("THEME" => "classic",
00620 "PAGESIZE" => "50",
00621 'TOPMENU' => 'TEXT',
00622 'LANG' => 'fr_FR.utf8');
00623 $cn = new Database();
00624 $Sql = "insert into user_global_pref(user_id,parameter_type,parameter_value)
00625 values ('%s','%s','%s')";
00626 if ($p_type == "")
00627 {
00628 foreach ($default_parameter as $name => $value)
00629 {
00630 $Insert = sprintf($Sql, $this->login, $name, $value);
00631 $cn->exec_sql($Insert);
00632 }
00633 }
00634 else
00635 {
00636 $value = ($p_value == "") ? $default_parameter[$p_type] : $p_value;
00637 $Insert = sprintf($Sql, $this->login, $p_type, $value);
00638 $cn->exec_sql($Insert);
00639 }
00640 }
00641
00642
00643
00644
00645
00646
00647
00648
00649
00650 function update_global_pref($p_type, $p_value = "")
00651 {
00652 $default_parameter = array("THEME" => "classic",
00653 "PAGESIZE" => "50",
00654 "LANG" => 'fr_FR.utf8',
00655 'TOPMENU' => 'SELECT');
00656 $cn = new Database();
00657 $Sql = "update user_global_pref set parameter_value=$1
00658 where parameter_type=$2 and
00659 user_id=$3";
00660 $value = ($p_value == "") ? $default_parameter[$p_type] : $p_value;
00661 $cn->exec_sql($Sql, array($value, $p_type, $this->login));
00662 }
00663
00664
00665
00666
00667
00668
00669
00670 function get_exercice()
00671 {
00672 $sql = "select p_exercice from parm_periode where p_id=" . $this->get_periode();
00673 $Ret = $this->db->exec_sql($sql);
00674 if (Database::num_row($Ret) == 1)
00675 {
00676 $r = Database::fetch_array($Ret, 0);
00677 return $r['p_exercice'];
00678 }
00679 else
00680 return 0;
00681 }
00682
00683
00684
00685
00686
00687
00688
00689
00690 function can_request($p_action, $p_js = 0)
00691 {
00692 if ($this->check_action($p_action) == 0)
00693 {
00694 $this->audit('FAIL');
00695 if ($p_js == 1)
00696 {
00697 echo "<script>";
00698 echo "alert ('Cette action ne vous est pas autorisée. Contactez votre responsable');";
00699 echo "</script>";
00700 }
00701 else
00702 {
00703 echo '<div class="redcontent">';
00704 echo '<h2 class="error"> Cette action ne vous est pas autorisée Contactez votre responsable</h2>';
00705 echo '</div>';
00706 }
00707 exit(-1);
00708 }
00709 }
00710
00711
00712
00713
00714
00715
00716
00717 function check_print($p_action)
00718 {
00719 global $audit, $cn;
00720 $this->audit('AUDIT', $p_action);
00721 if ($this->Admin() == 1)
00722 return 1;
00723 if ($this->is_local_admin(dossier::id()) == 1)
00724 return 1;
00725 $res = $cn->get_value("select count(*) from profile_menu
00726 join profile_user using (p_id)
00727 where user_name=$1 and me_code=$2 ", array($this->login, $p_action));
00728 return $res;
00729 }
00730
00731
00732
00733
00734
00735
00736
00737 function can_print($p_action, $p_js = 0)
00738 {
00739 if ($this->check_print($p_action) == 0)
00740 {
00741 $this->audit('FAIL');
00742 if ($p_js == 1)
00743 {
00744 echo "<script>";
00745 echo "alert ('Cette action ne vous est pas autorisée. Contactez votre responsable');";
00746 echo "</script>";
00747 }
00748 else
00749 {
00750 echo '<div class="redcontent">';
00751 echo '<h2 class="error"> Cette action ne vous est pas autorisée Contactez votre responsable</h2>';
00752 echo '</div>';
00753 }
00754 exit(-1);
00755 }
00756 }
00757
00758
00759
00760
00761
00762
00763
00764
00765
00766
00767
00768
00769
00770 function is_local_admin($p_dossier = -1)
00771 {
00772 if ($p_dossier == -1)
00773 {
00774 $p_dossier = dossier::id();
00775 }
00776
00777 if ($this->login == 'admin')
00778 return 1;
00779 $sql = 'select priv_priv from ac_users join jnt_use_dos using (use_id) join priv_user ' .
00780 ' on ( jnt_use_dos.jnt_id = priv_user.priv_jnt) ' .
00781 " where priv_priv='L' and use_login='" . $this->login . "' and dos_id=$p_dossier";
00782
00783 $cn = new Database();
00784
00785 $isAdmin = $cn->count_sql($sql);
00786
00787
00788 return $isAdmin;
00789 }
00790
00791
00792
00793
00794
00795
00796 function get_available_repository($p_access='R')
00797 {
00798 $profile=$this->get_profile();
00799 $r=array();
00800 if ($p_access=='R')
00801 {
00802 $r=$this->db->get_array("select u.r_id,r_name
00803 from
00804 profile_sec_repository as u
00805 join stock_repository as s on(u.r_id=s.r_id)
00806 where
00807 p_id =$1
00808 and ur_right='W'
00809 order by 2
00810 ",array($profile));
00811 }
00812 if ($p_access == 'W')
00813 {
00814 $r=$this->db->get_array("select u.r_id,r_name
00815 from
00816 profile_sec_repository as u
00817 join stock_repository as s on(u.r_id=s.r_id)
00818 where
00819 p_id =$1 order by 2
00820 ",array($profile));
00821 }
00822 return $r;
00823 }
00824
00825
00826
00827
00828
00829
00830
00831
00832
00833
00834
00835
00836
00837
00838
00839 static function get_list($p_dossier)
00840 {
00841 $sql = "select distinct use_id,use_login,use_first_name,use_name from ac_users
00842 left outer join jnt_use_dos using (use_id)
00843 left join priv_user on (priv_jnt=jnt_id)
00844 where
00845 (dos_id=$1 or use_admin=1) and use_active=1 and (use_admin=1 or priv_priv <> 'X') order by use_login,use_name";
00846
00847
00848 $repo = new Database();
00849 $array = $repo->get_array($sql, array($p_dossier));
00850 if ($repo->size() == 0)
00851 throw new Exception('Error inaccessible folder');
00852 return $array;
00853 }
00854
00855
00856
00857
00858
00859
00860
00861
00862
00863
00864
00865
00866
00867 function check_jrn($p_jrn)
00868 {
00869 return $this->get_ledger_access($p_jrn);
00870 }
00871
00872
00873
00874
00875
00876
00877
00878
00879
00880
00881
00882
00883 function check_dossier($p_dossier_id, $silent = false)
00884 {
00885 $this->Admin();
00886 if ($this->admin == 1 || $this->is_local_admin($p_dossier_id) == 1)
00887 return 'L';
00888 $cn = new Database();
00889
00890 $dossier = $cn->get_value("select priv_priv from jnt_use_dos join priv_user on (priv_jnt=jnt_id) where dos_id=$1 and use_id=$2", array($p_dossier_id, $this->id));
00891 $dossier = ($dossier == '') ? 'X' : $dossier;
00892 if ($dossier == 'X')
00893 {
00894 $this->audit('FAIL', "Access folder ");
00895 if (!$silent)
00896 {
00897 alert(_('Dossier non accessible'));
00898 exit();
00899 }
00900 }
00901 return $dossier;
00902 }
00903
00904
00905
00906
00907
00908 function get_limit_current_exercice()
00909 {
00910 $current_exercice = $this->get_exercice();
00911 $periode = new Periode($this->db);
00912 list($per_start, $per_end) = $periode->get_limit($current_exercice);
00913 $start = $per_start->first_day();
00914 $end = $per_end->last_day();
00915 return array($start, $end);
00916 }
00917
00918
00919
00920
00921
00922
00923
00924
00925
00926
00927
00928
00929 function show_dossier($p_filtre = "")
00930 {
00931 $p_array = $this->get_available_folder($p_filtre);
00932
00933 $result = "";
00934 if ($p_array == 0)
00935 return $result . " * Aucun dossier *";
00936
00937 $result.="<TABLE id=\"folder\" >";
00938 for ($i = 0; $i < sizeof($p_array); $i++)
00939 {
00940
00941 $id = $p_array[$i]['dos_id'];
00942 $name = $p_array[$i]['dos_name'];
00943 $desc = $p_array[$i]['dos_description'];
00944 if ($i % 2 == 0)
00945 $tr = "odd";
00946 else
00947 $tr = "even";
00948 if ($this->check_dossier($id) != 'P')
00949 {
00950 $target = "do.php?gDossier=$id";
00951 }
00952 else
00953 {
00954 $target = "extension.php?gDossier=$id";
00955 }
00956
00957 $result.="<TR class=\"$tr\">";
00958
00959 $result.=td($id, ' class="num" ');
00960 $result.="<TD class=\"$tr\">";
00961 $result.="<A class=\"dossier\" HREF=\"$target\">";
00962 $result.= " <B>" . h($name) . "</B>";
00963 $result.="</A>";
00964 $result.="</TD>";
00965 $desc = ($desc == "") ? "<i>Aucune description</i>" : h($desc);
00966 $desc = "<A class=\"dossier\" HREF=\"$target\">$desc</A>";
00967 $result.="<TD class=\"$tr\" style=\"padding-left:50px\">" . $desc;
00968 $result.="</TD>";
00969 $result.="</TR>";
00970 }
00971 $result.="</TABLE>";
00972 return $result;
00973 }
00974
00975
00976
00977
00978
00979
00980
00981
00982
00983
00984
00985
00986
00987
00988 function get_available_folder($p_filter = "")
00989 {
00990 $cn = new Database();
00991 $filter = "";
00992 if ($this->admin == 0)
00993 {
00994
00995
00996 $Res = $cn->exec_sql("select distinct dos_id,dos_name,dos_description from ac_users
00997 natural join jnt_use_dos
00998 natural join ac_dossier
00999 join priv_user on ( priv_jnt=jnt_id)
01000 where use_active=1
01001 and use_login= $1
01002 and priv_priv != 'X' and ( dos_name ~* $2 or dos_description ~* $2 )
01003 order by dos_name", array($this->login, $p_filter));
01004 }
01005 else
01006 {
01007 $Res = $cn->exec_sql("select distinct dos_id,dos_name,dos_description from ac_dossier
01008 where dos_name ~* $1 or dos_description ~* $1 order by dos_name", array($p_filter));
01009 }
01010 require_once('class_database.php');
01011
01012 $max = Database::num_row($Res);
01013 if ($max == 0)
01014 return 0;
01015
01016 for ($i = 0; $i < $max; $i++)
01017 {
01018 $array[] = Database::fetch_array($Res, $i);
01019 }
01020 return $array;
01021 }
01022
01023 function audit($action = 'AUDIT', $p_module = "")
01024 {
01025 global $audit;
01026 if ($audit)
01027 {
01028 if ($p_module == "" && isset($_REQUEST['ac']))
01029 {
01030 $p_module = $_REQUEST['ac'];
01031 }
01032 $cn = new Database();
01033 if (isset($_REQUEST['gDossier']))
01034 $p_module.= " dossier : " . $_REQUEST['gDossier'];
01035 $sql = "insert into audit_connect (ac_user,ac_ip,ac_module,ac_url,ac_state) values ($1,$2,$3,$4,$5)";
01036
01037 $cn->exec_sql($sql, array(
01038 $_SESSION['g_user'],
01039 $_SERVER["REMOTE_ADDR"],
01040 $p_module,
01041 $_SERVER['REQUEST_URI'],
01042 $action));
01043 }
01044 }
01045
01046 function save_profile($p_id)
01047 {
01048 $count = $this->db->get_value("select count(*) from profile_user where user_name=$1", array($this->login));
01049 if ($count == 0)
01050 {
01051 $this->db->exec_sql("insert into profile_user(p_id,user_name)
01052 values ($1,$2)", array($p_id, $this->login));
01053 }
01054 else
01055 {
01056 $this->db->exec_sql("update profile_user set p_id=$1 where user_name=$2", array($p_id, $this->login));
01057 }
01058 }
01059
01060
01061
01062
01063 function get_profile()
01064 {
01065 $profile = $this->db->get_value("select p_id from profile_user where
01066 user_name=$1", array($this->login));
01067 return $profile;
01068 }
01069
01070
01071
01072
01073
01074 function can_write_action($dtoc)
01075 {
01076 $profile = $this->get_profile();
01077 $r = $this->db->get_value(" select count(*) from action_gestion where ag_id=$1 and ag_dest in
01078 (select p_granted from user_sec_action_profile where ua_right='W' and p_id=$2) ", array($dtoc, $profile));
01079 if ($r == 0)
01080 return false;
01081 return true;
01082 }
01083
01084
01085
01086
01087
01088
01089 function can_read_action($dtoc)
01090 {
01091 $profile = $this->get_profile();
01092 $r = $this->db->get_value(" select count(*) from action_gestion where ag_id=$1 and (ag_dest in
01093 (select p_granted from user_sec_action_profile where p_id=$2) or ag_owner=$3)", array($dtoc, $profile, $this->login));
01094 if ($r == 0)
01095 return false;
01096 return true;
01097 }
01098
01099
01100
01101
01102
01103 function can_write_repo($p_repo)
01104 {
01105 $profile=$this->get_profile();
01106 $r=$this->db->get_value("select count(*)
01107 from profile_sec_repository
01108 where
01109 r_id=$1
01110 and p_id =$2
01111 and ur_right='W'",array($p_repo,$profile));
01112 if ( $r==0)
01113 return false;
01114 return true;
01115 }
01116
01117
01118
01119
01120
01121 function can_read_repo($p_repo)
01122 {
01123 $profile=$this->get_profile();
01124 $r=$this->db->get_value("select count(*)
01125 from profile_sec_repository
01126 where
01127 r_id=$1
01128 and p_id =$2
01129 ",array($p_repo,$profile));
01130 if ( $r==0)
01131 return false;
01132 return true;
01133 }
01134 function save_password($p_pass1, $p_pass2) {
01135 if ($p_pass1 == $p_pass2) {
01136 $repo = new Database();
01137 $l_pass = md5($_POST['pass_1']);
01138 $repo->exec_sql("update ac_users set use_pass=$1 where use_login=$2", array($l_pass, $_SESSION['g_user']));
01139 $_SESSION['g_pass'] = $_POST['pass_1'];
01140 } else {
01141 alert(_("Les mots de passe ne correspondent pas. Mot de passe inchangé"));
01142 }
01143 }
01144
01145 }
01146
01147 ?>