noalyss  Version-6.7.2
 All Data Structures Namespaces Files Functions Variables Enumerations
class_user.php
Go to the documentation of this file.
00001 <?php
00002 
00003 /*
00004  *   This file is part of NOALYSS.
00005  *
00006  *   NOALYSS is free software; you can redistribute it and/or modify
00007  *   it under the terms of the GNU General Public License as published by
00008  *   the Free Software Foundation; either version 2 of the License, or
00009  *   (at your option) any later version.
00010  *
00011  *   NOALYSS is distributed in the hope that it will be useful,
00012  *   but WITHOUT ANY WARRANTY; without even the implied warranty of
00013  *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
00014  *   GNU General Public License for more details.
00015  *
00016  *   You should have received a copy of the GNU General Public License
00017  *   along with NOALYSS; if not, write to the Free Software
00018  *   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
00019  */
00020 // Copyright Author Dany De Bontridder danydb@aevalys.eu
00021 /** \file
00022  * \brief
00023  *   Data & function about connected users
00024  */
00025 /**
00026  * \brief
00027  *   Data & function about connected users
00028  */
00029 
00030 require_once("constant.php");
00031 require_once("user_common.php");
00032 require_once('class_dossier.php');
00033 require_once('ac_common.php');
00034 
00035 class User
00036 {
00037 
00038         var $id;
00039         var $pass;
00040         var $db;
00041         var $admin;
00042         var $valid;
00043 
00044         function User(&$p_cn, $p_id = -1)
00045         {
00046                 // if p_id is not set then check the connected user
00047                 if ($p_id == -1)
00048                 {
00049                         if (!isset($_SESSION['g_user']))
00050                         {
00051                                 echo '<h2 class="error">' . _('Session expirée<br>Utilisateur déconnecté') . '</h2>';
00052                                 redirect('index.php', 1);
00053                                 exit();
00054                         }
00055 
00056                         $this->login = $_SESSION['g_user'];
00057                         $this->pass = $_SESSION['g_pass'];
00058                         $this->lang = (isset($_SESSION['g_lang'])) ? $_SESSION['g_lang'] : 'fr_FR.utf8';
00059                         $this->valid = (isset($_SESSION['isValid'])) ? 1 : 0;
00060                         $this->db = $p_cn;
00061                         $this->id = -1;
00062                         if (isset($_SESSION['g_theme']))
00063                                 $this->theme = $_SESSION['g_theme'];
00064 
00065                         $this->admin = ( isset($_SESSION['use_admin']) ) ? $_SESSION['use_admin'] : 0;
00066 
00067                         if (isset($_SESSION['use_name']))
00068                                 $this->name = $_SESSION['use_name'];
00069                         if (isset($_SESSION['use_first_name']))
00070                                 $this->first_name = $_SESSION['use_first_name'];
00071                         $this->load();
00072                 }
00073                 else // if p_id is set get data of another user
00074                 {
00075                         $this->id = $p_id;
00076                         $this->db = $p_cn;
00077                         $this->load();
00078                 }
00079         }
00080 
00081         /**\brief load data from database.
00082          * if this->id == -1, it is unknown so we have to retrieve it
00083           from the database by the login
00084          * return -1 if nothing is found
00085          */
00086 
00087         function load()
00088         {
00089                 /* if this->id == -1, it is unknown so we have to retrieve it from
00090                   the database thanks it login */
00091                 if ($this->id < 0)
00092                 {
00093                         $sql_cond = "   where use_login=$1";
00094                         $sql_array = array($this->login);
00095                 }
00096                 else
00097                 {
00098                         $sql_cond = "   where use_id=$1";
00099                         $sql_array = array($this->id);
00100                 }
00101                 $sql = "select use_id,
00102              use_first_name,
00103              use_name,
00104              use_login,
00105              use_active,
00106              use_admin,
00107                          use_pass
00108              from ac_users ";
00109                 $cn = new Database();
00110                 $Res = $cn->exec_sql($sql . $sql_cond, $sql_array);
00111                 if (($Max = Database::num_row($Res)) == 0)
00112                         return -1;
00113                 $row = Database::fetch_array($Res, 0);
00114                 $this->id = $row['use_id'];
00115                 $this->first_name = $row['use_first_name'];
00116                 $this->name = $row['use_name'];
00117                 $this->active = $row['use_active'];
00118                 $this->login = $row['use_login'];
00119                 $this->admin = $row['use_admin'];
00120                 $this->password = $row['use_pass'];
00121         }
00122 
00123         function save()
00124         {
00125 
00126                 $Sql = "update ac_users set use_first_name=$1, use_name=$2
00127              ,use_active=$3,use_admin=$4,use_pass=$5 where use_id=$6";
00128                 $cn = new Database();
00129                 $Res = $cn->exec_sql($Sql, array($this->first_name, $this->last_name, $this->active, $this->admin, $this->pass, $this->id));
00130         }
00131 
00132         /**
00133          * \brief Check if user is active and exists in therepository
00134          * Automatically redirect, it doesn't check if a user can access a folder
00135          * \param $silent false, echo an error message and exit, true : exit without warning
00136          * default is false
00137          *
00138           ++ */
00139 
00140         function Check($silent = false, $from = '')
00141         {
00142 
00143                 $res = 0;
00144                 $pass5 = md5($this->pass);
00145 
00146                 $cn = new Database();
00147                 $sql = "select ac_users.use_login,ac_users.use_active, ac_users.use_pass,
00148              use_admin,use_first_name,use_name
00149              from ac_users
00150              where ac_users.use_id='$this->id'
00151              and ac_users.use_active=1
00152              and ac_users.use_pass='$pass5'";
00153                 $ret = $cn->exec_sql($sql);
00154                 $res = Database::num_row($ret);
00155                 if ($res > 0)
00156                 {
00157                         $r = Database::fetch_array($ret, 0);
00158                         $_SESSION['use_admin'] = $r['use_admin'];
00159                         $_SESSION['use_name'] = $r['use_name'];
00160                         $_SESSION['use_first_name'] = $r['use_first_name'];
00161                         $_SESSION['isValid'] = 1;
00162 
00163                         $this->admin = $_SESSION['use_admin'];
00164                         $this->name = $_SESSION['use_name'];
00165                         $this->first_name = $_SESSION['use_first_name'];
00166                         $this->load_global_pref();
00167                 }
00168                 $sql = "insert into audit_connect (ac_user,ac_ip,ac_module,ac_url,ac_state) values ($1,$2,$3,$4,$5)";
00169 
00170                 if ($res == 0)
00171                 {
00172                         $cn->exec_sql($sql, array($_SESSION['g_user'], $_SERVER["REMOTE_ADDR"], $from, $_SERVER['REQUEST_URI'], 'FAIL'));
00173                         if (!$silent)
00174                         {
00175                                 alert(_('Utilisateur ou mot de passe incorrect'));
00176                                 redirect('index.html');
00177                         }
00178                         $this->valid = 0;
00179                         session_unset();
00180                         exit - 1;
00181                 }
00182                 else
00183                 {
00184                         if ($from == 'LOGIN')
00185                                 $cn->exec_sql($sql, array($_SESSION['g_user'], $_SERVER["REMOTE_ADDR"], $from, $_SERVER['REQUEST_URI'], 'SUCCESS'));
00186                         $this->valid = 1;
00187                 }
00188 
00189                 return $ret;
00190         }
00191 
00192         /**\brief return  the access to a folder,
00193          * \param $p_dossier id if it is == 0 then we take the value from $_SESSION
00194          * \return the priv_priv
00195          *          - X no access
00196          *          - R has access (normal user)
00197          *          - L Local Admin
00198          *
00199          */
00200 
00201         function get_folder_access($p_dossier = 0)
00202         {
00203 
00204                 if ($p_dossier == 0)
00205                         $p_dossier = dossier::id();
00206                 if ($this->is_local_admin($p_dossier) == 1 || $this->admin == 1)
00207                         return 'L';
00208                 $cn = new Database();
00209 
00210                 $sql = "select priv_priv from priv_user join jnt_use_dos on (jnt_id=priv_jnt) join ac_users using (use_id)
00211              where use_id=$1 and dos_id=$2";
00212 
00213                 $res = $cn->get_value($sql, array($this->id, $p_dossier));
00214                 if ($res == '')
00215                         return 'X';
00216                 return $res;
00217         }
00218 
00219         /* \brief save the access of a folder
00220          * \param $db_id the dossier id
00221          * \param $priv the priv. to set
00222          */
00223 
00224         function set_folder_access($db_id, $priv)
00225         {
00226 
00227                 $cn = new Database();
00228                 $jnt = $cn->get_value("select jnt_id from jnt_use_dos where dos_id=$1 and use_id=$2", array($db_id, $this->id));
00229 
00230                 if ($cn->size() == 0)
00231                 {
00232 
00233                         $Res = $cn->exec_sql("insert into jnt_use_dos(dos_id,use_id) values($1,$2)", array($db_id, $this->id));
00234                         $jnt = $cn->get_value("select jnt_id from jnt_use_dos where dos_id=$1 and use_id=$2", array($db_id, $this->id));
00235                         $Res = $cn->exec_sql("insert into priv_user (priv_priv,priv_jnt) values($1,$2)", array($priv, $jnt));
00236                 }
00237                 $Res = $cn->exec_sql("update priv_user set priv_priv=$1 where priv_jnt=$2", array($priv, $jnt));
00238         }
00239 
00240         /**\brief check that a user is valid and the access to the folder
00241          * \param $p_ledger the ledger to check
00242          * \return the priv_priv
00243          * - O only predefined operation
00244          * - W write
00245          * - R read only
00246          * - X no access
00247          *
00248 
00249          *
00250          */
00251 
00252         function get_ledger_access($p_ledger)
00253         {
00254                 if ($this->admin == 1 ||
00255                                 $this->is_local_admin(dossier::id()) == 1)
00256                         return 'W';
00257 
00258                 $sql = "select uj_priv from user_sec_jrn where uj_login=$1 and uj_jrn_id=$2";
00259                 $res = $this->db->get_value($sql, array($this->login, $p_ledger));
00260 
00261                 if ($res == '')
00262                         $res = 'X';
00263                 return $res;
00264         }
00265 
00266         /**
00267          * \brief get all the available ledgers for the current user
00268          * \param $p_type = ALL or the type of the ledger (ACH,VEN,FIN,ODS)
00269          * \param $p_access =3 for Read or WRITE, 2  write, 1 for readonly
00270          *  \return a double array of available ledgers
00271           @verbatim
00272           [0] => [jrn_def_id]
00273           [jrn_def_type]
00274           [jrn_def_name]
00275           [jrn_def_class_deb]
00276           [jrn_def_class_cred]
00277           [jrn_type_id]
00278           [jrn_desc]
00279           [uj_priv]
00280           @endverbatim
00281          */
00282 
00283         function get_ledger($p_type = 'ALL', $p_access = 3)
00284         {
00285                 if ($this->admin != 1 && $this->is_local_admin() != 1)
00286                 {
00287                         $sql_type = ($p_type == 'ALL') ? '' : "and jrn_def_type=upper('" . sql_string($p_type) . "')";
00288                         switch ($p_access)
00289                         {
00290                                 case 3:
00291                                         $sql_access = " and uj_priv!= 'X'";
00292                                         break;
00293                                 case 2:
00294                                         $sql_access = " and uj_priv = 'W'";
00295                                         break;
00296 
00297                                 case 1:
00298                                         $sql_access = " and ( uj_priv = 'R' or uj_priv='W') ";
00299                                         break;
00300                         }
00301 
00302                         $sql = "select jrn_def_id,jrn_def_type,
00303                  jrn_def_name,jrn_def_class_deb,jrn_def_class_cred,jrn_type_id,jrn_desc,uj_priv,
00304                  jrn_deb_max_line,jrn_cred_max_line,jrn_def_description
00305                  from jrn_def join jrn_type on jrn_def_type=jrn_type_id
00306                  join user_sec_jrn on uj_jrn_id=jrn_def_id
00307                  where
00308                  uj_login='" . $this->login . "'" .
00309                                         $sql_type . $sql_access .
00310                                         " order by jrn_Def_id";
00311                 }
00312                 else
00313                 {
00314                         $sql_type = ($p_type == 'ALL') ? '' : "where jrn_def_type=upper('" . sql_string($p_type) . "')";
00315                         $sql = "select jrn_def_id,jrn_def_type,jrn_def_name,jrn_def_class_deb,jrn_def_class_cred,jrn_deb_max_line,jrn_cred_max_line,
00316                  jrn_type_id,jrn_desc,'W' as uj_priv,jrn_def_description
00317                  from jrn_def join jrn_type on jrn_def_type=jrn_type_id
00318                  $sql_type
00319                  order by jrn_Def_name";
00320                 }
00321                 $res = $this->db->exec_sql($sql);
00322                 if (Database::num_row($res) == 0)
00323                         return null;
00324                 $array = Database::fetch_all($res);
00325                 return $array;
00326         }
00327 
00328         /**\brief return an sql condition for filtering the permitted ledger
00329          * \param $p_type = ALL or the type of the ledger (ACH,VEN,FIN,ODS)
00330          * \param $p_access =3 for READ or WRITE, 2 READ and write, 1 for readonly
00331          *
00332          * \return sql condition like = jrn_def_id in (...)
00333          */
00334 
00335         function get_ledger_sql($p_type = 'ALL', $p_access = 3)
00336         {
00337                 $aLedger = $this->get_ledger($p_type, $p_access);
00338                 if (empty($aLedger))
00339                         return ' jrn_def_id < 0 ';
00340                 $sql = " jrn_def_id in (";
00341                 foreach ($aLedger as $row)
00342                 {
00343                         $sql.=$row['jrn_def_id'] . ',';
00344                 }
00345                 $sql.='-1)';
00346                 return $sql;
00347         }
00348 
00349         /**
00350          * \brief  Check if an user is an admin
00351          *
00352          * \return 1 for yes 0 for no
00353          */
00354 
00355         function Admin()
00356         {
00357                 if ($this->login != 'phpcompta')
00358                 {
00359                         $pass5 = md5($this->pass);
00360                         $sql = "select use_admin from ac_users where use_login=$1
00361                  and use_active=1  ";
00362 
00363                         $cn = new Database();
00364                         $res = $cn->exec_sql($sql, array($this->login));
00365                         if (Database::num_row($res) == 0)
00366                                 exit(__FILE__ . " " . __LINE__ . " aucun resultat");
00367                         $this->admin = Database::fetch_result($res, 0);
00368                 }
00369                 else
00370                         $this->admin = 1;
00371 
00372                 return $this->admin;
00373         }
00374 
00375         /**
00376          * \brief  Set the selected periode in the user's preferences
00377          *
00378          * \param $p_periode periode
00379          * \param     - $p_user
00380          *
00381          */
00382 
00383         function set_periode($p_periode)
00384         {
00385                 $sql = "update user_local_pref set parameter_value='$p_periode' where user_id='$this->id' and parameter_type='PERIODE'";
00386                 $Res = $this->db->exec_sql($sql);
00387         }
00388 
00389         private function set_default_periode()
00390         {
00391 
00392                 /* get the first periode */
00393                 $sql = 'select min(p_id) as pid from parm_periode where p_closed = false and p_start = (select min(p_start) from parm_periode)';
00394                 $Res = $this->db->exec_sql($sql);
00395 
00396                 $pid = Database::fetch_result($Res, 0, 0);
00397                 /* if all the periode are closed, then we use the last closed period */
00398                 if ($pid == null)
00399                 {
00400                         $sql = 'select min(p_id) as pid from parm_periode where p_start = (select max(p_start) from parm_periode)';
00401                         $Res2 = $this->db->exec_sql($sql);
00402                         $pid = Database::fetch_result($Res2, 0, 0);
00403                         if ($pid == null)
00404                         {
00405                                 echo _("Aucune période trouvéee !!!");
00406                                 exit(1);
00407                         }
00408 
00409                         $pid = Database::fetch_result($Res2, 0, 0);
00410                 }
00411 
00412                 $sql = sprintf("insert into user_local_pref (user_id,parameter_value,parameter_type)
00413                      values ('%s','%d','PERIODE')", $this->id, $pid);
00414                 $Res = $this->db->exec_sql($sql);
00415         }
00416 
00417         /**
00418          * \brief  Get the default periode from the user's preferences
00419          *
00420          * \return the default periode
00421          *
00422          *
00423          */
00424 
00425         function get_periode()
00426         {
00427 
00428                 $array = $this->get_preference();
00429                 if (!isset($array['PERIODE']))
00430                 {
00431                         $this->set_default_periode();
00432                         $array = $this->get_preference();
00433                 }
00434                 return $array['PERIODE'];
00435         }
00436 
00437         /**\brief return the mini rapport to display on the welcome page
00438          * \return 0 if nothing if found or the report to display (formdef.fr_id)
00439          */
00440 
00441         function get_mini_report()
00442         {
00443                 $array = $this->get_preference();
00444                 $fr_id = (isset($array['MINIREPORT'])) ? $array['MINIREPORT'] : 0;
00445                 return $fr_id;
00446         }
00447 
00448         /**\brief set the mini rapport to display on the welcome page
00449          */
00450 
00451         function set_mini_report($p_id)
00452         {
00453                 $count = $this->db->get_value("select count(*) from user_local_pref where user_id=$1 and parameter_type=$2", array($this->id, 'MINIREPORT'));
00454                 if ($count == 1)
00455                 {
00456                         $sql = "update user_local_pref set parameter_value=$1 where user_id=$2 and parameter_type='MINIREPORT'";
00457                         $Res = $this->db->exec_sql($sql, array($p_id, $this->id));
00458                 }
00459                 else
00460                 {
00461                         $sql = "insert into user_local_pref (user_id,parameter_type,parameter_value)" .
00462                                         "values($1,'MINIREPORT',$2)";
00463                         $Res = $this->db->exec_sql($sql, array($this->id, $p_id));
00464                 }
00465         }
00466 
00467         function save_global_preference($key, $value)
00468         {
00469                 $repo = new Database();
00470                 $count = $repo->get_value("select count(*)
00471             from
00472             user_global_pref
00473             where
00474             parameter_type=$1 and user_id=$2", array($key, $this->login));
00475                 if ($count == 1)
00476                 {
00477                         $repo->exec_sql("update user_global_pref set parameter_value=$1
00478                 where parameter_type=$2 and user_id=$3", array($value, $key, $this->login));
00479                 }
00480                 elseif ($count == 0)
00481                 {
00482                         $repo->exec_sql("insert into user_global_pref(user_id,parameter_type,parameter_value)
00483                 values($1,$2,$3)", array($this->login, $key, $value));
00484                 }
00485         }
00486 
00487         /**
00488          * \brief  Get the default user's preferences
00489          * \return array of (parameter_type => parameter_value)
00490          */
00491 
00492         function get_preference()
00493         {
00494                 $sql = "select parameter_type,parameter_value from user_local_pref where user_id=$1";
00495                 $Res = $this->db->exec_sql($sql, array($this->id));
00496                 $l_array = array();
00497                 for ($i = 0; $i < Database::num_row($Res); $i++)
00498                 {
00499                         $row = Database::fetch_array($Res, $i);
00500                         $type = $row['parameter_type'];
00501                         $l_array[$type] = $row['parameter_value'];
00502                 }
00503 
00504 
00505                 return $l_array;
00506         }
00507 
00508         /**
00509          * Check if an user can access a module, return 1 if yes, otherwise 0
00510          * record in audit log
00511          * @param string $p_module menu_ref.me_code
00512          */
00513         function check_module($p_module)
00514         {
00515                 $acc = $this->db->get_value("select count(*) from v_all_menu where user_name = $1
00516                 and me_code=$2", array($this->login, $p_module));
00517                 if ($acc == 0)
00518                 {
00519                         $this->audit("FAIL", $p_module);
00520                         return 0;
00521                 }
00522                 $this->audit("SUCCESS", $p_module);
00523                 return 1;
00524         }
00525 
00526         /**
00527          * \brief  Check if an user is allowed to do an action
00528          * \param p_action_id
00529          * \return
00530          *      - 0 no priv
00531          *      - 1 priv granted
00532          * @see constant.security.php
00533          */
00534 
00535         function check_action($p_action_id)
00536         {
00537                 /*  save it into the log */
00538                 global $audit;
00539                 if ($this->Admin() == 1)
00540                         return 1;
00541                 if ($this->is_local_admin(dossier::id()) == 1)
00542                         return 1;
00543 
00544                 $Res = $this->db->exec_sql(
00545                                 "select * from user_sec_act where ua_login=$1 and ua_act_id=$2", array($this->login, $p_action_id));
00546                 $Count = Database::num_row($Res);
00547                 if ($Count == 0)
00548                 {
00549                         if (isset($audit) && $audit == true)
00550                         {
00551                                 $cn = new Database();
00552                                 $sql = "insert into audit_connect (ac_user,ac_ip,ac_module,ac_url,ac_state) values ($1,$2,$3,$4,$5)";
00553                                 $cn->exec_sql($sql, array($_SESSION['g_user'], $_SERVER["REMOTE_ADDR"], $p_action_id, $_SERVER['REQUEST_URI'], 'FAIL'));
00554                         }
00555                         return 0;
00556                 }
00557                 if ($Count == 1)
00558                         return 1;
00559                 echo "<H2 class=\"error\"> Action Invalide !!! $Count select * from user_sec_act where ua_login='$p_login' and ua_act_id=$p_action_id </H2>";
00560                 exit();
00561         }
00562 
00563         /**
00564          * \brief  Get the global preferences from user_global_pref
00565          *        in the account_repository db
00566          *
00567          * \note set $SESSION[g_variable]
00568          */
00569 
00570         function load_global_pref()
00571         {
00572                 $cn = new Database();
00573                 // Load everything in an array
00574                 $Res = $cn->exec_sql("select parameter_type,parameter_value from
00575                             user_global_pref
00576                             where user_id='" . $this->login . "'");
00577                 $Max = Database::num_row($Res);
00578                 if ($Max == 0)
00579                 {
00580                         $this->insert_default_global_pref();
00581                         $this->load_global_pref();
00582                         return;
00583                 }
00584                 // Load value into array
00585                 $line = array();
00586                 for ($i = 0; $i < $Max; $i++)
00587                 {
00588                         $row = Database::fetch_array($Res, $i);
00589                         $type = $row['parameter_type'];
00590                         $line[$type] = $row['parameter_value'];
00591                         ;
00592                 }
00593                 // save array into g_ variable
00594                 $array_pref = array('g_theme' => 'THEME', 'g_pagesize' => 'PAGESIZE', 'g_topmenu' => 'TOPMENU', 'g_lang' => 'LANG');
00595                 foreach ($array_pref as $name => $parameter)
00596                 {
00597                         if (!isset($line[$parameter]))
00598                         {
00599                                 $this->insert_default_global_pref($parameter);
00600                                 $this->load_global_pref();
00601                                 return;
00602                         }
00603                         $_SESSION[$name] = $line[$parameter];
00604                 }
00605         }
00606 
00607         /**
00608          * \brief  insert default pref
00609          *        if no parameter are given insert all the existing
00610          *        parameter otherwise only the requested
00611          * \param $p_type parameter's type or nothing
00612          * \param $p_value parameter value
00613          *
00614          */
00615 
00616         function insert_default_global_pref($p_type = "", $p_value = "")
00617         {
00618 
00619                 $default_parameter = array("THEME" => "classic",
00620                         "PAGESIZE" => "50",
00621                         'TOPMENU' => 'TEXT',
00622                         'LANG' => 'fr_FR.utf8');
00623                 $cn = new Database();
00624                 $Sql = "insert into user_global_pref(user_id,parameter_type,parameter_value)
00625              values ('%s','%s','%s')";
00626                 if ($p_type == "")
00627                 {
00628                         foreach ($default_parameter as $name => $value)
00629                         {
00630                                 $Insert = sprintf($Sql, $this->login, $name, $value);
00631                                 $cn->exec_sql($Insert);
00632                         }
00633                 }
00634                 else
00635                 {
00636                         $value = ($p_value == "") ? $default_parameter[$p_type] : $p_value;
00637                         $Insert = sprintf($Sql, $this->login, $p_type, $value);
00638                         $cn->exec_sql($Insert);
00639                 }
00640         }
00641 
00642         /**
00643          * \brief  update default pref
00644          *           if value is not given then use the default value
00645          *
00646          * \param $p_type parameter's type
00647          * \param $p_value parameter's value value of the type
00648          */
00649 
00650         function update_global_pref($p_type, $p_value = "")
00651         {
00652                 $default_parameter = array("THEME" => "classic",
00653                         "PAGESIZE" => "50",
00654                         "LANG" => 'fr_FR.utf8',
00655                         'TOPMENU' => 'SELECT');
00656                 $cn = new Database();
00657                 $Sql = "update user_global_pref set parameter_value=$1
00658              where parameter_type=$2 and
00659              user_id=$3";
00660                 $value = ($p_value == "") ? $default_parameter[$p_type] : $p_value;
00661                 $cn->exec_sql($Sql, array($value, $p_type, $this->login));
00662         }
00663 
00664 //end function
00665         /**\brief Return the year of current Periode
00666          *        it is the parm_periode.p_exercice col
00667          *        if an error occurs return 0
00668          */
00669 
00670         function get_exercice()
00671         {
00672                 $sql = "select p_exercice from parm_periode where p_id=" . $this->get_periode();
00673                 $Ret = $this->db->exec_sql($sql);
00674                 if (Database::num_row($Ret) == 1)
00675                 {
00676                         $r = Database::fetch_array($Ret, 0);
00677                         return $r['p_exercice'];
00678                 }
00679                 else
00680                         return 0;
00681         }
00682 
00683         /**\brief Check if the user can access
00684          * otherwise warn and exit
00685          * \param $p_action requested action
00686          * \param $p_js = 1 javascript, or 0 just a text
00687          * \return nothing the program exits automatically
00688          */
00689 
00690         function can_request($p_action, $p_js = 0)
00691         {
00692                 if ($this->check_action($p_action) == 0)
00693                 {
00694                         $this->audit('FAIL');
00695                         if ($p_js == 1)
00696                         {
00697                                 echo "<script>";
00698                                 echo "alert ('Cette action ne vous est pas autorisée. Contactez votre responsable');";
00699                                 echo "</script>";
00700                         }
00701                         else
00702                         {
00703                                 echo '<div class="redcontent">';
00704                                 echo '<h2 class="error"> Cette action ne vous est pas autorisée Contactez votre responsable</h2>';
00705                                 echo '</div>';
00706                         }
00707                         exit(-1);
00708                 }
00709         }
00710 
00711         /**
00712          *  !\brief Check if the user can print (in menu_ref p_type_display=p)
00713          *      otherwise warn and exit
00714          * \param $p_action requested action
00715          * \return nothing the program exits automatically
00716          */
00717         function check_print($p_action)
00718         {
00719                 global $audit, $cn;
00720                 $this->audit('AUDIT', $p_action);
00721                 if ($this->Admin() == 1)
00722                         return 1;
00723                 if ($this->is_local_admin(dossier::id()) == 1)
00724                         return 1;
00725                 $res = $cn->get_value("select count(*) from profile_menu
00726                         join profile_user using (p_id)
00727                         where user_name=$1 and me_code=$2 ", array($this->login, $p_action));
00728                 return $res;
00729         }
00730 
00731         /**\brief Check if the user can print (in menu_ref p_type_display=p)
00732          * otherwise warn and exit
00733          * \param $p_action requested action
00734          * \return nothing the program exits automatically
00735          */
00736 
00737         function can_print($p_action, $p_js = 0)
00738         {
00739                 if ($this->check_print($p_action) == 0)
00740                 {
00741                         $this->audit('FAIL');
00742                         if ($p_js == 1)
00743                         {
00744                                 echo "<script>";
00745                                 echo "alert ('Cette action ne vous est pas autorisée. Contactez votre responsable');";
00746                                 echo "</script>";
00747                         }
00748                         else
00749                         {
00750                                 echo '<div class="redcontent">';
00751                                 echo '<h2 class="error"> Cette action ne vous est pas autorisée Contactez votre responsable</h2>';
00752                                 echo '</div>';
00753                         }
00754                         exit(-1);
00755                 }
00756         }
00757 
00758         /**
00759          * \brief  Check if an user is an local administrator
00760          *
00761          *
00762          * \param $p_dossier : dossier_id
00763          *
00764          * \return
00765          *      - 0 if no
00766          *      - 1 if yes
00767          *
00768          */
00769 
00770         function is_local_admin($p_dossier = -1)
00771         {
00772                 if ($p_dossier == -1)
00773                 {
00774                         $p_dossier = dossier::id();
00775                 }
00776 
00777                 if ($this->login == 'admin')
00778                         return 1;
00779                 $sql = 'select priv_priv from ac_users join jnt_use_dos using (use_id) join priv_user ' .
00780                                 ' on ( jnt_use_dos.jnt_id = priv_user.priv_jnt) ' .
00781                                 " where priv_priv='L' and use_login='" . $this->login . "' and dos_id=$p_dossier";
00782 
00783                 $cn = new Database();
00784 
00785                 $isAdmin = $cn->count_sql($sql);
00786 
00787 
00788                 return $isAdmin;
00789         }
00790         /**
00791          *@brief return array of available repository
00792          *
00793          * @param $p_access  R for read W for write
00794          * @return an array
00795          */
00796         function get_available_repository($p_access='R')
00797         {
00798                  $profile=$this->get_profile();
00799                  $r=array();
00800                 if ($p_access=='R')
00801                 {
00802                         $r=$this->db->get_array("select u.r_id,r_name
00803                 from
00804                                         profile_sec_repository as u
00805                                         join stock_repository as s on(u.r_id=s.r_id)
00806                 where
00807                 p_id =$1
00808                 and ur_right='W'
00809                                 order by 2
00810                                 ",array($profile));
00811                 }
00812                 if ($p_access == 'W')
00813                 {
00814                          $r=$this->db->get_array("select u.r_id,r_name
00815                 from
00816                                         profile_sec_repository as u
00817                                         join stock_repository as s on(u.r_id=s.r_id)
00818                 where
00819                 p_id =$1 order by 2
00820                ",array($profile));
00821                 }
00822                 return $r;
00823         }
00824         /**
00825          * \brief return an array with all the users who can access $p_dossier including the global admin. The user
00826          * must be activated
00827          *
00828          * \param $p_dossier dossier
00829          * \return an array of user's  object
00830          *  array indices
00831          *    - use_id (id )
00832          *    - use_login (login of the user)
00833          *    - use_name
00834          *    - use_first_name
00835          *
00836          * \exception throw an exception if nobody can access
00837          */
00838 
00839         static function get_list($p_dossier)
00840         {
00841                 $sql = "select distinct use_id,use_login,use_first_name,use_name from ac_users
00842              left outer join  jnt_use_dos using (use_id)
00843              left join priv_user on (priv_jnt=jnt_id)
00844               where
00845               (dos_id=$1 or  use_admin=1) and use_active=1 and (use_admin=1  or priv_priv <> 'X') order by use_login,use_name";
00846 
00847 
00848                 $repo = new Database();
00849                 $array = $repo->get_array($sql, array($p_dossier));
00850                 if ($repo->size() == 0)
00851                         throw new Exception('Error inaccessible folder');
00852                 return $array;
00853         }
00854 
00855         /**
00856          * \brief check the access of an user on a ledger
00857          *
00858          * \param $p_jrn the ledger id
00859          * \return
00860          * - O only predefined operation
00861          * - W write
00862          * - R read only
00863          * - X no access
00864          *
00865          */
00866 
00867         function check_jrn($p_jrn)
00868         {
00869                 return $this->get_ledger_access($p_jrn);
00870         }
00871 
00872         /**\brief check if an user can access a folder, if he cannot display a dialog box
00873          * and exit
00874          * \param the folder if
00875          * \param $silent false, echo an error message and exit, true : exit without warning
00876          * default is false
00877          * \return
00878          *  - L for administrator (local and global)
00879          *  - P for extension only
00880          *  - R regular user
00881          */
00882 
00883         function check_dossier($p_dossier_id, $silent = false)
00884         {
00885                 $this->Admin();
00886                 if ($this->admin == 1 || $this->is_local_admin($p_dossier_id) == 1)
00887                         return 'L';
00888                 $cn = new Database();
00889 
00890                 $dossier = $cn->get_value("select priv_priv from jnt_use_dos join priv_user on (priv_jnt=jnt_id) where dos_id=$1 and use_id=$2", array($p_dossier_id, $this->id));
00891                 $dossier = ($dossier == '') ? 'X' : $dossier;
00892                 if ($dossier == 'X')
00893                 {
00894                         $this->audit('FAIL', "Access folder ");
00895                         if (!$silent)
00896                         {
00897                                 alert(_('Dossier non accessible'));
00898                                 exit();
00899                         }
00900                 }
00901                 return $dossier;
00902         }
00903 
00904         /**
00905          * @brief return the first date and the last date of the current exercice for the current user
00906          * @return and array ([0] => start_date,[1] => end_date)
00907          */
00908         function get_limit_current_exercice()
00909         {
00910                 $current_exercice = $this->get_exercice();
00911                 $periode = new Periode($this->db);
00912                 list($per_start, $per_end) = $periode->get_limit($current_exercice);
00913                 $start = $per_start->first_day();
00914                 $end = $per_end->last_day();
00915                 return array($start, $end);
00916         }
00917 
00918         /**
00919          * \brief   Show all the available folder  for the users
00920          *          at the login page. For the special case 'E'
00921          *          go directly to extension and bypasse the dashboard
00922          * \param $p_user user
00923          * \param $p_admin 1 if admin
00924          *
00925          * \return table in HTML
00926          *
00927          */
00928 
00929         function show_dossier($p_filtre = "")
00930         {
00931                 $p_array = $this->get_available_folder($p_filtre);
00932 
00933                 $result = "";
00934                 if ($p_array == 0)
00935                         return $result . " * Aucun dossier *";
00936 
00937                 $result.="<TABLE id=\"folder\" >";
00938                 for ($i = 0; $i < sizeof($p_array); $i++)
00939                 {
00940 
00941                         $id = $p_array[$i]['dos_id'];
00942                         $name = $p_array[$i]['dos_name'];
00943                         $desc = $p_array[$i]['dos_description'];
00944                         if ($i % 2 == 0)
00945                                 $tr = "odd";
00946                         else
00947                                 $tr = "even";
00948                         if ($this->check_dossier($id) != 'P')
00949                         {
00950                                 $target = "do.php?gDossier=$id";
00951                         }
00952                         else
00953                         {
00954                                 $target = "extension.php?gDossier=$id";
00955                         }
00956 
00957                         $result.="<TR class=\"$tr\">";
00958 
00959                         $result.=td($id, ' class="num" ');
00960                         $result.="<TD class=\"$tr\">";
00961                         $result.="<A class=\"dossier\" HREF=\"$target\">";
00962                         $result.= "  <B>" . h($name) . "</B>";
00963                         $result.="</A>";
00964                         $result.="</TD>";
00965                         $desc = ($desc == "") ? "<i>Aucune description</i>" : h($desc);
00966                         $desc = "<A class=\"dossier\" HREF=\"$target\">$desc</A>";
00967                         $result.="<TD class=\"$tr\" style=\"padding-left:50px\">" . $desc;
00968                         $result.="</TD>";
00969                         $result.="</TR>";
00970                 }
00971                 $result.="</TABLE>";
00972                 return $result;
00973         }
00974 
00975         /**
00976          * \brief   Get all the available folders
00977          *          for the users, checked with the security
00978          *
00979          * \param  $p_user user login
00980          * \param  $p_admin 1 if admin
00981          * \return array containing
00982          *       - ac_dossier.dos_id
00983          *       - ac_dossier.dos_name
00984          *       - ac_dossier.dos_description
00985          *
00986          */
00987 
00988         function get_available_folder($p_filter = "")
00989         {
00990                 $cn = new Database();
00991                 $filter = "";
00992                 if ($this->admin == 0)
00993                 {
00994                         // show only available folders
00995                         // if user is not an admin
00996                         $Res = $cn->exec_sql("select distinct dos_id,dos_name,dos_description from ac_users
00997              natural join jnt_use_dos
00998              natural join  ac_dossier
00999              join  priv_user on ( priv_jnt=jnt_id)
01000              where use_active=1
01001              and use_login= $1
01002              and priv_priv != 'X' and ( dos_name ~* $2 or dos_description ~* $2 )
01003              order by dos_name", array($this->login, $p_filter));
01004                 }
01005                 else
01006                 {
01007                         $Res = $cn->exec_sql("select distinct dos_id,dos_name,dos_description from ac_dossier
01008              where   dos_name ~* $1 or dos_description ~* $1 order by dos_name", array($p_filter));
01009                 }
01010                 require_once('class_database.php');
01011 
01012                 $max = Database::num_row($Res);
01013                 if ($max == 0)
01014                         return 0;
01015 
01016                 for ($i = 0; $i < $max; $i++)
01017                 {
01018                         $array[] = Database::fetch_array($Res, $i);
01019                 }
01020                 return $array;
01021         }
01022 
01023         function audit($action = 'AUDIT', $p_module = "")
01024         {
01025                 global $audit;
01026                 if ($audit)
01027                 {
01028                         if ($p_module == "" && isset($_REQUEST['ac']))
01029                         {
01030                                 $p_module = $_REQUEST['ac'];
01031                         }
01032                         $cn = new Database();
01033                         if (isset($_REQUEST['gDossier']))
01034                                 $p_module.= " dossier : " . $_REQUEST['gDossier'];
01035                         $sql = "insert into audit_connect (ac_user,ac_ip,ac_module,ac_url,ac_state) values ($1,$2,$3,$4,$5)";
01036 
01037                         $cn->exec_sql($sql, array(
01038                                 $_SESSION['g_user'],
01039                                 $_SERVER["REMOTE_ADDR"],
01040                                 $p_module,
01041                                 $_SERVER['REQUEST_URI'],
01042                                 $action));
01043                 }
01044         }
01045 
01046         function save_profile($p_id)
01047         {
01048                 $count = $this->db->get_value("select count(*) from profile_user where user_name=$1", array($this->login));
01049                 if ($count == 0)
01050                 {
01051                         $this->db->exec_sql("insert into profile_user(p_id,user_name)
01052                                                                 values ($1,$2)", array($p_id, $this->login));
01053                 }
01054                 else
01055                 {
01056                         $this->db->exec_sql("update profile_user set p_id=$1 where user_name=$2", array($p_id, $this->login));
01057                 }
01058         }
01059         /**
01060          *return the profile (p_id)
01061          * @return profile.p_id
01062          */
01063         function get_profile()
01064         {
01065                 $profile = $this->db->get_value("select p_id from profile_user where
01066                                 user_name=$1", array($this->login));
01067                 return $profile;
01068         }
01069         /**
01070          *Check if the profile of the user can write for this profile
01071          * @param  $dtoc action_gestion.ag_id
01072          * @return true if he can write otherwise false
01073          */
01074         function can_write_action($dtoc)
01075         {
01076                 $profile = $this->get_profile();
01077                 $r = $this->db->get_value(" select count(*) from action_gestion where ag_id=$1 and ag_dest in
01078                                 (select p_granted from user_sec_action_profile where ua_right='W' and p_id=$2) ", array($dtoc, $profile));
01079                 if ($r == 0)
01080                         return false;
01081                 return true;
01082         }
01083 
01084         /**
01085          *Check if the profile of the user can write for this profile
01086          * @param  $dtoc action_gestion.ag_id
01087          * @return true if he can write otherwise false
01088          */
01089         function can_read_action($dtoc)
01090         {
01091                 $profile = $this->get_profile();
01092                 $r = $this->db->get_value(" select count(*) from action_gestion where ag_id=$1 and (ag_dest in
01093                                 (select p_granted from user_sec_action_profile where p_id=$2) or ag_owner=$3)", array($dtoc, $profile, $this->login));
01094                 if ($r == 0)
01095                         return false;
01096                 return true;
01097         }
01098         /**
01099          *Check if the profile of the user can write for this repository
01100          * @param  $p_repo stock_repository.r_id
01101          * @return true if he can write otherwise false
01102          */
01103         function can_write_repo($p_repo)
01104         {
01105             $profile=$this->get_profile();
01106             $r=$this->db->get_value("select count(*)
01107                 from profile_sec_repository
01108                 where
01109                 r_id=$1
01110                 and p_id =$2
01111                 and ur_right='W'",array($p_repo,$profile));
01112             if ( $r==0)
01113                 return false;
01114             return true;
01115         }
01116        /**
01117          *Check if the profile of the user can read for this repository
01118          * @param  $p_repo stock_repository.r_id
01119          * @return true if he read write otherwise false
01120          */
01121         function can_read_repo($p_repo)
01122         {
01123             $profile=$this->get_profile();
01124             $r=$this->db->get_value("select count(*)
01125                 from profile_sec_repository
01126                 where
01127                 r_id=$1
01128                 and p_id =$2
01129                ",array($p_repo,$profile));
01130             if ( $r==0)
01131                 return false;
01132             return true;
01133         }
01134    function save_password($p_pass1, $p_pass2) {
01135         if ($p_pass1 == $p_pass2) {
01136             $repo = new Database();
01137             $l_pass = md5($_POST['pass_1']);
01138             $repo->exec_sql("update ac_users set use_pass=$1 where use_login=$2", array($l_pass, $_SESSION['g_user']));
01139             $_SESSION['g_pass'] = $_POST['pass_1'];
01140         } else {
01141             alert(_("Les mots de passe ne correspondent pas. Mot de passe inchangé"));
01142         }
01143     }
01144 
01145 }
01146 
01147 ?>
 All Data Structures Namespaces Files Functions Variables Enumerations