<?php
######################################
##  Pierre CZERYBA - Netisse - 2012/02/03  
######################################

include 'const.php'; 

//########################################################################################################################################
// checkToken : V�rification de la validit� du token pass� en param�tre

function checkToken($tkn) {
	$req = "select tkn, drt from cnx where tkn='$tkn' and stt='1' ";
	$res = mysql_query($req, $GLOBALS["cnx"]);
	$num = mysql_num_rows($res);

	if ($num == 1) {
		// R�cup�ration des valeurs de la requete
		$tab = mysql_fetch_row($res);
	
		// Date du Token : 1216200708064318
		if (strlen($tkn)==16) {
			$h = substr($tkn, 2, 2);
			$y = substr($tkn, 4, 4);
			$min = substr($tkn, 8, 2);
			$m = substr($tkn, 10, 2);
			$s = substr($tkn, 12, 2);
			$d = substr($tkn, 14, 2);
		} else if (strlen($tkn)==17) {
			$h = substr($tkn, 3, 2);
			$y = substr($tkn, 5, 4);
			$min = substr($tkn, 9, 2);
			$m = substr($tkn, 11, 2);
			$s = substr($tkn, 13, 2);
			$d = substr($tkn, 15, 2);
		}
		
	
		// Mossphet  : MISE EN COMMENTAIRE DU CALCUL DE VALIDITE DE LA SESSION : 2004/09/23
		// Diff�rence entre les 2 dates
			
			$dateToken = ($h*3600) + ($min*60) + $s;
			$dateActu  = (date("H")*3600) + (date("i")*60) + date("s");
			$dateDiff = $dateActu - $dateToken;
			if (($dateDiff <= SESSION_LAST) && ($dateDiff >= 0)) {			
				$tr = (SESSION_LAST - $dateDiff) - 30 ;
				$reste = round($tr/60);
				if ($reste > 1) {				
					$GLOBALS["finSession"] = $reste . " minutes";
				} else if ($reste == 1) {
					$GLOBALS["finSession"] = $reste . " minute";
				} else if ($reste < 1) {
					$GLOBALS["finSession"] = (SESSION_LAST - $dateDiff) . " secondes";				
				}
				$checkToken["token"] = 1;		
				$checkToken["drt"] = $tab[1];
			} else {
				$checkToken["token"] = 0;
				$req = "update cnx set stt='0' where tkn='".$tkn."' ";
				$res = mysql_query($req, $GLOBALS["cnx"]);
			}
		

			//$checkToken["token"] = 1;		
			//$checkToken["drt"] = $tab[1];
		
	} else if ($num==0) {
		$checkToken["token"] = -1;
		$checkToken["drt"] = 0;	
	} else {
		$checkToken["token"] = -2;
		$checkToken["drt"] = 0;
	}
	return $checkToken;
}


//########################################################################################################################################
// getUserInfos : R�cup�re les informations personnelles de l'utilisateur

function getUserInfos($tkn) {
	$req="select usr.id_usr, usr.firstname, usr.name as usrName, usr.dev, drt.label as drtLabel, ent.id_ent, ent.name as entName from usr,cnx,drt,ent  where cnx.tkn='$tkn' and cnx.id_usr=usr.id_usr and drt.drt=usr.drt and ent.id_ent=usr.id_ent";
	$res = mysql_query($req, $GLOBALS["cnx"]);
	$num = mysql_num_rows($res);	
	$tab = mysql_fetch_object($res);
	if ($num==1) {
		$getUserInfos["firstName"] = $tab->firstname;
		$getUserInfos["name"] = $tab->usrName;
		$getUserInfos["drtLabel"] = $tab->drtLabel;
		$getUserInfos["idUsr"] = $tab->id_usr;
		$getUserInfos["idEnt"] = $tab->id_ent;
		$getUserInfos["ent"] = $tab->entName;
		$getUserInfos["dev"] = $tab->dev;

	} else {
		$getUserInfos["firstName"] = "";
		$getUserInfos["name"] = "";
		$getUserInfos["drtLabel"] = "";
		$getUserInfos["idUsr"] = "";
		$getUserInfos["idEnt"] = "";
		$getUserInfos["ent"] = "";
		$getUserInfos["dev"] = 0;
	}
	return $getUserInfos;
}


//########################################################################################################################################
// checkAuth : V�rifie l'authentification et renvoie un tableau contenant les infos de l'utilisateur

function checkAuth() {
	if (isset($_REQUEST["tkn"])) {
		$tokenInfos = checkToken($_REQUEST["tkn"]);		
		settype($tokenInfos["drt"], "integer");	

		switch ($tokenInfos["token"]) {
			case 0:
				// Session expiree
				$infos["validity"] = 0;
				$infos["token"] = "";
				$infos["idUsr"] = "";
				$infos["name"] = "";
				$infos["firstName"] = "";
				$infos["drt"] = 0;
				$infos["drtLabel"] = "";
				$infos["idEnt"] = "";
				$infos["ent"] = "";
				$infos["dev"] = "";
				break;

			case 1:
				// le token est valide
				$userInfos = getUserInfos($_REQUEST["tkn"]);
				$infos["validity"] = 1;
				$infos["token"] = $_REQUEST["tkn"];
				$infos["idUsr"] = $userInfos["idUsr"];
				$infos["name"] = $userInfos["name"];
				$infos["firstName"] = $userInfos["firstName"];
				$infos["drt"] = $tokenInfos["drt"];
				$infos["drtLabel"] = $userInfos["drtLabel"];
				$infos["idEnt"] = $userInfos["idEnt"];
				$infos["ent"] = $userInfos["ent"];
				$infos["dev"] = $userInfos["dev"];
				break;

			default:
				// le token n'est plus valide
				$infos["validity"] = $tokenInfos["token"];
				$infos["token"] = "";
				$infos["idUsr"] = "";
				$infos["name"] = "";
				$infos["firstName"] = "";
				$infos["drt"] = $tokenInfos["drt"];
				$infos["drtLabel"] = "";
				$infos["idEnt"] = "";
				$infos["ent"] = "";
				$infos["dev"] = 0;
				break;
		}	
	} else if (isset($_POST["login"]) && isset($_POST["pwd"])) {
		$l = $_POST["login"];
		$p = $_POST["pwd"];	
		$req = "SELECT usr.id_usr, usr.drt, usr.name as usrName, usr.firstname, usr.dev, usr.dateexp, drt.label as drtLabel, ca_agences.id_agence, ca_agences.nom_agence as entName FROM usr, drt, ca_agences WHERE (usr.login='$l' AND usr.pwd='$p' AND usr.del='0' AND drt.drt=usr.drt AND ca_agences.id_agence=usr.id_ent AND usr.dateexp > '".datetime(0)."' )";

		//echo "<li>Q = ".$req;
		$res = mysql_query($req, $GLOBALS["cnx"]);
		$num = mysql_num_rows($res);
		if ($num == 1) {
			// Authentification r�ussie
			$tab = mysql_fetch_object($res);
			$d = dateTime(0);
			$token = trace($tab->id_usr, $tab->usrName, $d, $tab->drt);
			$infos["validity"] = 1;
			$infos["token"] = $token;
			settype($tab->drt, "integer");
			$infos["idUsr"] = $tab->id_usr;
			$infos["name"] = $tab->usrName;
			$infos["firstName"] = $tab->firstname;
			$infos["drt"] = $tab->drt;
			$infos["drtLabel"] = $tab->drtLabel;
			$infos["idEnt"] = $tab->id_agence;
			$infos["ent"] = $tab->entName;
			$infos["dev"] = $tab->dev;

		} else {
			// Authentification �chou�e
			$tab = mysql_fetch_object($res);
			if ($tab->dateexp < datetime(0) ) {
				$infos["validity"] = -5;	
			} else {
				$infos["validity"] = -3;	
			}			
			$infos["token"] = "";
			$infos["idUsr"] = "";
			$infos["name"] = "";
			$infos["firstName"] = "";
			$infos["drt"] = 0;
			$infos["drtLabel"] = "";
			$infos["idEnt"] = "";
			$infos["ent"] = "";
			$infos["dev"] = 0;
		}
	} else {
		// Non authentifi�
		$infos["validity"] = -4;
		$infos["token"] = "";
		$infos["idUsr"] = "";
		$infos["name"] = "";
		$infos["firstName"] = "";
		$infos["drt"] = 0;
		$infos["drtLabel"] = "";
		$infos["idEnt"] = "";
		$infos["ent"] = "";
		$infos["dev"] = 0;
	}
	
	if (DEBUG == true) {		
		echo "<li><div class=\"debug\"><b>Droit de l'utilisateur</b> " . $infos["firstName"] ." ". $infos["name"] ." (id_usr=".$infos["idUsr"].")</b> = " . $infos["drtLabel"] . "</div></li>";
		echo "<li><div class=\"debug\"><b>Token status</b> = ".$infos["validity"]."</div></li>";
	}

	// Protection des apostrophes dans les valeurs de variables transmises
	
	//echo "<li>Replace !</li>";

	/*
	$m="'";
	$r="\'";
	foreach ($_POST as $key => $val) {
		$str = $val;
		echo "<li>".$str;
		$_POST[$key]= ereg_replace($m, $r, $str);	
	}
	*/
	return $infos;
	
}


//########################################################################################################################################
// dateTime : Renvoie la date compl�te sous diff�rents formats

function dateTime($param) {
	switch ($param) {
		case 0:	
			$d = date("Y") . "-" . date("m") . "-" . date("d") . " " . date("H") . ":" . date("i") . ":" . date("s");
			break;
		case 1:
			$d = date("d")."/".date("m")."/".date("Y")."  ".date("H") . ":" . date("i") . ":" . date("s");			
			break;
		case 2:
			$d = date("Y") . date("m") . date("d") . date("H") . date("i") . date("s");
			break;
		case 3:
			$d = date("Y") . date("m") . date("d");
			break;
		case 4:
			$d = date("Y", mktime((date("H")+48),date("i"),date("s"),date("m"),date("d"),date("Y")))."-" .date("m", mktime((date("H")+48),date("i"),date("s"),date("m"),date("d"),date("Y"))) ."-" . date("d", mktime((date("H")+48),date("i"),date("s"),date("m"),date("d"),date("Y"))) ." ". date("H", mktime((date("H")+48),date("i"),date("s"),date("m"),date("d"),date("Y"))) .":". date("i", mktime((date("H")+48),date("i"),date("s"),date("m"),date("d"),date("Y"))) .":". date("s", mktime((date("H")+48),date("i"),date("s"),date("m"),date("d"),date("Y")));
			break;
	
	}
	return $d;
}

//########################################################################################################################################
// dateTimePlus

function dateTimePlus($param) {	
	$tb = explode("-", $param);
	$a=$tb[0];
	$m=$tb[1];
	$tb2 = explode(" ", $tb[2]);
	$j=$tb2[0];
	$tb3 = explode(":", $tb2[1]);
	$h=$tb3[0];
	$min=$tb3[1];
	$s=$tb3[2];
	//$d = date("Y", mktime($h, $min, $s, $m, ($j+7), $a))."-".date("m", mktime($h, $min, $s, $m, ($j+7), $a))."-".date("d", mktime($h, $min, $s, $m, ($j+7), $a))." ".date("H", mktime($h, $min, $s, $m, ($j+7), $a)).":".date("i", mktime($h, $min, $s, $m, ($j+7), $a)).":".date("s", mktime($h, $min, $s, $m, ($j+7), $a));
	$d = date("Y", mktime($h, $min, $s, $m, ($j+7), $a))."-".date("m", mktime($h, $min, $s, $m, ($j+7), $a))."-".date("d", mktime($h, $min, $s, $m, ($j+7), $a));
	return $d;
}

//########################################################################################################################################
// dateTime : Months

function monthText($param, $lng) {	
	$monthText="";
	if ($lng == "FR") {
		switch ($param) {
			case 1:
				$monthText = "janvier";
				break;
			case 2:
				$monthText = "f�vrier";
				break;
			case 3:
				$monthText = "mars";
				break;
			case 4:
				$monthText = "avril";
				break;
			case 5:
				$monthText = "mai";
				break;
			case 6:
				$monthText = "juin";
				break;
			case 7:
				$monthText = "juillet";
				break;
			case 8:
				$monthText = "ao�t";
				break;
			case 9:
				$monthText = "septembre";
				break;
			case 10:
				$monthText = "octobre";
				break;
			case 11:
				$monthText = "Novembre";
				break;
			case 12:
				$monthText = "D�cembre";
				break;
		}
	} else {
		switch ($param) {
			case 1:
				$monthText = "january";
				break;
			case 2:
				$monthText = "february";
				break;
			case 3:
				$monthText = "march";
				break;
			case 4:
				$monthText = "april";
				break;
			case 5:
				$monthText = "may";
				break;
			case 6:
				$monthText = "june";
				break;
			case 7:
				$monthText = "july";
				break;
			case 8:
				$monthText = "august";
				break;
			case 9:
				$monthText = "september";
				break;
			case 10:
				$monthText = "october";
				break;
			case 11:
				$monthText = "November";
				break;
			case 12:
				$monthText = "D�cember";
				break;
		}
	}
	return $monthText;
}


//########################################################################################################################################
// trace : Log la connexion de l'utilisateur
function trace($id, $name,  $d, $drt) {
	$req = "select id_cnx from cnx limit 0,1";
	$res = mysql_query($req, $GLOBALS["cnx"]);
	$tab = mysql_fetch_row($res);
	if ($id < 10)  $id = "0".$id;
	$token = $id . date("H") . date("Y") . date("i") . date("m") . date("s") . date("d") ;		
	$req = "insert into cnx values('', '$id', '$name', '$d', '$token', '$drt', '1')";
	$res = mysql_query($req, $GLOBALS["cnx"]);
	return $token;
}

//########################################################################################################################################
// V�rification du format du nom des �l�ments upload�s  (photos, documents)
function checkElement($e) {
	$val = trim($e);
	$val = ereg_replace("'", "_", $val);
	$val = ereg_replace("�", "_", $val);
	$val = ereg_replace("�", "e", $val);
	$val = ereg_replace("�", "e", $val);
	$val = ereg_replace("�", "a", $val);
	$val = ereg_replace("�", "u", $val);
	$val = ereg_replace(" ", "", $val);
	return $val;
}

//########################################################################################################################################
// V�rification du format du nom des �l�ments upload�s  (photos, documents)
function checkJSName($e) {
	$val = trim($e);
	$val = ereg_replace("'", "\'", $val);
	return $val;
}

//########################################################################################################################################
// Enleve les CDATA
function cutCDATA($e) {
	$val = substr($e, 9, (strlen($e)-12)  );
	return $val;
}

//########################################################################################################################################
// DisplayUsrInfos
function displayUsrInfos($n, $f, $co, $ca, $m) {
	echo "<table cellspacing=\"0\" cellpadding=\"0\" class=\"text\" align=\"center\" width=\"".PORTAL_WIDTH."\"><tr><td nowrap=\"true\"><table class=\"text\" width=\"68%\" border=\"0\" bordercolor=\"red\"><tr><td><table class=\"text\"><tr><td class=\"info\"><li>Name</li></td><td> : </td><td>".$f." ".$n."</td></tr><tr><td class=\"info\"><li>Company</li></td><td> : </td><td>".$co."</td></tr><tr><td class=\"info\"><li>Category</li></td><td> : </td><td>".$ca."</td></tr></table></td><td valign=\"middle\" style=\"padding-left:60px\"><img src=\"./images/".$m."\"/></td></tr></table><br/></td></tr></table>";	
}


//########################################################################################################################################

function makePwd() {
	// Ensemble des caract�res utilis�s pour le cr�er
	$cars="az0erty2ui3op4qs5df6gh7jk8lm9wxcvbn";
	// Combien on en a mis au fait ?
	$wlong=strlen($cars);
	// Au d�part, il est vide ce mot de passe ;)
	$wpas="";
	// Combien on veut de caract�res pour ce mot de passe ?
	$taille=6;
	// On initialise la fonction al�atoire
	srand((double)microtime()*1000000);
	// On boucle sur le nombre de caract�res voulus
	for($i=0;$i<$taille;$i++){
	// Tirage al�atoire d'une valeur entre 1 et wlong
		  $wpos=rand(0,$wlong-1);
	// On cumule le caract�re dans le mot de passe
		  $wpas=$wpas.substr($cars,$wpos,1);
	// On continue avec le caract�re suivant � g�n�rer      
	}
	// On affiche le mot de passe (on peut le stocker quelque part...)
	return $wpas;
}
//########################################################################################################################################

function newDate($d, $j, $m, $a, $f) {
	$elts = explode("-", $d );
	$jour = $elts[0];
	$mois = $elts[1];
	$an   = $elts[2]; 
	$newDate = mktime(0, 0, 0, ($mois+$m), ($jour+$j), ($an+$a) );
	return date($f, $newDate);
}

//########################################################################################################################################

function checkIP() {
	$IPTABLE[0] = "80.118.33.228";
	$IPTABLE[1] = "83.145.100.34";
	$IPTABLE[2] = "195.101.36.35";
	$IPTABLE[3] = "193.253.194.213";
	$IPTABLE[4] = "217.128.36.44";
	$IPTABLE[5] = "77.202.229.62";
	$IPTABLE[6] = "82.232.62.191";
	$IPTABLE[7] = "82.230.34.183";

	$MYIP = $_SERVER['REMOTE_ADDR'];
	$IPCHECK = 0;
	for ($i=0; $i < count($IPTABLE); $i++) {
		if ($MYIP == $IPTABLE[$i])  $IPCHECK = 1;
	}
	return $IPCHECK;
}




// Variables Globale
/*
foreach ($GLOBALS as $key => $val) {
	echo "<li>".$key." = ".$val."</li>";
}
// Variables  de la QueryString
foreach ($_REQUEST as $key => $val) {
	echo "<li>".$key." = ".$val."</li>";
}
*/
?>