<?php ###################################### ## Pierre CZERYBA - Netisse - 2012/02/03 ###################################### include 'const.php'; //######################################################################################################################################## // checkToken : V�rification de la validit� du token pass� en param�tre function checkToken($tkn) { $req = "select tkn, drt from cnx where tkn='$tkn' and stt='1' "; $res = mysql_query($req, $GLOBALS["cnx"]); $num = mysql_num_rows($res); if ($num == 1) { // R�cup�ration des valeurs de la requete $tab = mysql_fetch_row($res); // Date du Token : 1216200708064318 if (strlen($tkn)==16) { $h = substr($tkn, 2, 2); $y = substr($tkn, 4, 4); $min = substr($tkn, 8, 2); $m = substr($tkn, 10, 2); $s = substr($tkn, 12, 2); $d = substr($tkn, 14, 2); } else if (strlen($tkn)==17) { $h = substr($tkn, 3, 2); $y = substr($tkn, 5, 4); $min = substr($tkn, 9, 2); $m = substr($tkn, 11, 2); $s = substr($tkn, 13, 2); $d = substr($tkn, 15, 2); } // Mossphet : MISE EN COMMENTAIRE DU CALCUL DE VALIDITE DE LA SESSION : 2004/09/23 // Diff�rence entre les 2 dates $dateToken = ($h*3600) + ($min*60) + $s; $dateActu = (date("H")*3600) + (date("i")*60) + date("s"); $dateDiff = $dateActu - $dateToken; if (($dateDiff <= SESSION_LAST) && ($dateDiff >= 0)) { $tr = (SESSION_LAST - $dateDiff) - 30 ; $reste = round($tr/60); if ($reste > 1) { $GLOBALS["finSession"] = $reste . " minutes"; } else if ($reste == 1) { $GLOBALS["finSession"] = $reste . " minute"; } else if ($reste < 1) { $GLOBALS["finSession"] = (SESSION_LAST - $dateDiff) . " secondes"; } $checkToken["token"] = 1; $checkToken["drt"] = $tab[1]; } else { $checkToken["token"] = 0; $req = "update cnx set stt='0' where tkn='".$tkn."' "; $res = mysql_query($req, $GLOBALS["cnx"]); } //$checkToken["token"] = 1; //$checkToken["drt"] = $tab[1]; } else if ($num==0) { $checkToken["token"] = -1; $checkToken["drt"] = 0; } else { $checkToken["token"] = -2; $checkToken["drt"] = 0; } return $checkToken; } //######################################################################################################################################## // getUserInfos : R�cup�re les informations personnelles de l'utilisateur function getUserInfos($tkn) { $req="select usr.id_usr, usr.firstname, usr.name as usrName, usr.dev, drt.label as drtLabel, ent.id_ent, ent.name as entName from usr,cnx,drt,ent where cnx.tkn='$tkn' and cnx.id_usr=usr.id_usr and drt.drt=usr.drt and ent.id_ent=usr.id_ent"; $res = mysql_query($req, $GLOBALS["cnx"]); $num = mysql_num_rows($res); $tab = mysql_fetch_object($res); if ($num==1) { $getUserInfos["firstName"] = $tab->firstname; $getUserInfos["name"] = $tab->usrName; $getUserInfos["drtLabel"] = $tab->drtLabel; $getUserInfos["idUsr"] = $tab->id_usr; $getUserInfos["idEnt"] = $tab->id_ent; $getUserInfos["ent"] = $tab->entName; $getUserInfos["dev"] = $tab->dev; } else { $getUserInfos["firstName"] = ""; $getUserInfos["name"] = ""; $getUserInfos["drtLabel"] = ""; $getUserInfos["idUsr"] = ""; $getUserInfos["idEnt"] = ""; $getUserInfos["ent"] = ""; $getUserInfos["dev"] = 0; } return $getUserInfos; } //######################################################################################################################################## // checkAuth : V�rifie l'authentification et renvoie un tableau contenant les infos de l'utilisateur function checkAuth() { if (isset($_REQUEST["tkn"])) { $tokenInfos = checkToken($_REQUEST["tkn"]); settype($tokenInfos["drt"], "integer"); switch ($tokenInfos["token"]) { case 0: // Session expiree $infos["validity"] = 0; $infos["token"] = ""; $infos["idUsr"] = ""; $infos["name"] = ""; $infos["firstName"] = ""; $infos["drt"] = 0; $infos["drtLabel"] = ""; $infos["idEnt"] = ""; $infos["ent"] = ""; $infos["dev"] = ""; break; case 1: // le token est valide $userInfos = getUserInfos($_REQUEST["tkn"]); $infos["validity"] = 1; $infos["token"] = $_REQUEST["tkn"]; $infos["idUsr"] = $userInfos["idUsr"]; $infos["name"] = $userInfos["name"]; $infos["firstName"] = $userInfos["firstName"]; $infos["drt"] = $tokenInfos["drt"]; $infos["drtLabel"] = $userInfos["drtLabel"]; $infos["idEnt"] = $userInfos["idEnt"]; $infos["ent"] = $userInfos["ent"]; $infos["dev"] = $userInfos["dev"]; break; default: // le token n'est plus valide $infos["validity"] = $tokenInfos["token"]; $infos["token"] = ""; $infos["idUsr"] = ""; $infos["name"] = ""; $infos["firstName"] = ""; $infos["drt"] = $tokenInfos["drt"]; $infos["drtLabel"] = ""; $infos["idEnt"] = ""; $infos["ent"] = ""; $infos["dev"] = 0; break; } } else if (isset($_POST["login"]) && isset($_POST["pwd"])) { $l = $_POST["login"]; $p = $_POST["pwd"]; $req = "SELECT usr.id_usr, usr.drt, usr.name as usrName, usr.firstname, usr.dev, usr.dateexp, drt.label as drtLabel, ca_agences.id_agence, ca_agences.nom_agence as entName FROM usr, drt, ca_agences WHERE (usr.login='$l' AND usr.pwd='$p' AND usr.del='0' AND drt.drt=usr.drt AND ca_agences.id_agence=usr.id_ent AND usr.dateexp > '".datetime(0)."' )"; //echo "<li>Q = ".$req; $res = mysql_query($req, $GLOBALS["cnx"]); $num = mysql_num_rows($res); if ($num == 1) { // Authentification r�ussie $tab = mysql_fetch_object($res); $d = dateTime(0); $token = trace($tab->id_usr, $tab->usrName, $d, $tab->drt); $infos["validity"] = 1; $infos["token"] = $token; settype($tab->drt, "integer"); $infos["idUsr"] = $tab->id_usr; $infos["name"] = $tab->usrName; $infos["firstName"] = $tab->firstname; $infos["drt"] = $tab->drt; $infos["drtLabel"] = $tab->drtLabel; $infos["idEnt"] = $tab->id_agence; $infos["ent"] = $tab->entName; $infos["dev"] = $tab->dev; } else { // Authentification �chou�e $tab = mysql_fetch_object($res); if ($tab->dateexp < datetime(0) ) { $infos["validity"] = -5; } else { $infos["validity"] = -3; } $infos["token"] = ""; $infos["idUsr"] = ""; $infos["name"] = ""; $infos["firstName"] = ""; $infos["drt"] = 0; $infos["drtLabel"] = ""; $infos["idEnt"] = ""; $infos["ent"] = ""; $infos["dev"] = 0; } } else { // Non authentifi� $infos["validity"] = -4; $infos["token"] = ""; $infos["idUsr"] = ""; $infos["name"] = ""; $infos["firstName"] = ""; $infos["drt"] = 0; $infos["drtLabel"] = ""; $infos["idEnt"] = ""; $infos["ent"] = ""; $infos["dev"] = 0; } if (DEBUG == true) { echo "<li><div class=\"debug\"><b>Droit de l'utilisateur</b> " . $infos["firstName"] ." ". $infos["name"] ." (id_usr=".$infos["idUsr"].")</b> = " . $infos["drtLabel"] . "</div></li>"; echo "<li><div class=\"debug\"><b>Token status</b> = ".$infos["validity"]."</div></li>"; } // Protection des apostrophes dans les valeurs de variables transmises //echo "<li>Replace !</li>"; /* $m="'"; $r="\'"; foreach ($_POST as $key => $val) { $str = $val; echo "<li>".$str; $_POST[$key]= ereg_replace($m, $r, $str); } */ return $infos; } //######################################################################################################################################## // dateTime : Renvoie la date compl�te sous diff�rents formats function dateTime($param) { switch ($param) { case 0: $d = date("Y") . "-" . date("m") . "-" . date("d") . " " . date("H") . ":" . date("i") . ":" . date("s"); break; case 1: $d = date("d")."/".date("m")."/".date("Y")." ".date("H") . ":" . date("i") . ":" . date("s"); break; case 2: $d = date("Y") . date("m") . date("d") . date("H") . date("i") . date("s"); break; case 3: $d = date("Y") . date("m") . date("d"); break; case 4: $d = date("Y", mktime((date("H")+48),date("i"),date("s"),date("m"),date("d"),date("Y")))."-" .date("m", mktime((date("H")+48),date("i"),date("s"),date("m"),date("d"),date("Y"))) ."-" . date("d", mktime((date("H")+48),date("i"),date("s"),date("m"),date("d"),date("Y"))) ." ". date("H", mktime((date("H")+48),date("i"),date("s"),date("m"),date("d"),date("Y"))) .":". date("i", mktime((date("H")+48),date("i"),date("s"),date("m"),date("d"),date("Y"))) .":". date("s", mktime((date("H")+48),date("i"),date("s"),date("m"),date("d"),date("Y"))); break; } return $d; } //######################################################################################################################################## // dateTimePlus function dateTimePlus($param) { $tb = explode("-", $param); $a=$tb[0]; $m=$tb[1]; $tb2 = explode(" ", $tb[2]); $j=$tb2[0]; $tb3 = explode(":", $tb2[1]); $h=$tb3[0]; $min=$tb3[1]; $s=$tb3[2]; //$d = date("Y", mktime($h, $min, $s, $m, ($j+7), $a))."-".date("m", mktime($h, $min, $s, $m, ($j+7), $a))."-".date("d", mktime($h, $min, $s, $m, ($j+7), $a))." ".date("H", mktime($h, $min, $s, $m, ($j+7), $a)).":".date("i", mktime($h, $min, $s, $m, ($j+7), $a)).":".date("s", mktime($h, $min, $s, $m, ($j+7), $a)); $d = date("Y", mktime($h, $min, $s, $m, ($j+7), $a))."-".date("m", mktime($h, $min, $s, $m, ($j+7), $a))."-".date("d", mktime($h, $min, $s, $m, ($j+7), $a)); return $d; } //######################################################################################################################################## // dateTime : Months function monthText($param, $lng) { $monthText=""; if ($lng == "FR") { switch ($param) { case 1: $monthText = "janvier"; break; case 2: $monthText = "f�vrier"; break; case 3: $monthText = "mars"; break; case 4: $monthText = "avril"; break; case 5: $monthText = "mai"; break; case 6: $monthText = "juin"; break; case 7: $monthText = "juillet"; break; case 8: $monthText = "ao�t"; break; case 9: $monthText = "septembre"; break; case 10: $monthText = "octobre"; break; case 11: $monthText = "Novembre"; break; case 12: $monthText = "D�cembre"; break; } } else { switch ($param) { case 1: $monthText = "january"; break; case 2: $monthText = "february"; break; case 3: $monthText = "march"; break; case 4: $monthText = "april"; break; case 5: $monthText = "may"; break; case 6: $monthText = "june"; break; case 7: $monthText = "july"; break; case 8: $monthText = "august"; break; case 9: $monthText = "september"; break; case 10: $monthText = "october"; break; case 11: $monthText = "November"; break; case 12: $monthText = "D�cember"; break; } } return $monthText; } //######################################################################################################################################## // trace : Log la connexion de l'utilisateur function trace($id, $name, $d, $drt) { $req = "select id_cnx from cnx limit 0,1"; $res = mysql_query($req, $GLOBALS["cnx"]); $tab = mysql_fetch_row($res); if ($id < 10) $id = "0".$id; $token = $id . date("H") . date("Y") . date("i") . date("m") . date("s") . date("d") ; $req = "insert into cnx values('', '$id', '$name', '$d', '$token', '$drt', '1')"; $res = mysql_query($req, $GLOBALS["cnx"]); return $token; } //######################################################################################################################################## // V�rification du format du nom des �l�ments upload�s (photos, documents) function checkElement($e) { $val = trim($e); $val = ereg_replace("'", "_", $val); $val = ereg_replace("�", "_", $val); $val = ereg_replace("�", "e", $val); $val = ereg_replace("�", "e", $val); $val = ereg_replace("�", "a", $val); $val = ereg_replace("�", "u", $val); $val = ereg_replace(" ", "", $val); return $val; } //######################################################################################################################################## // V�rification du format du nom des �l�ments upload�s (photos, documents) function checkJSName($e) { $val = trim($e); $val = ereg_replace("'", "\'", $val); return $val; } //######################################################################################################################################## // Enleve les CDATA function cutCDATA($e) { $val = substr($e, 9, (strlen($e)-12) ); return $val; } //######################################################################################################################################## // DisplayUsrInfos function displayUsrInfos($n, $f, $co, $ca, $m) { echo "<table cellspacing=\"0\" cellpadding=\"0\" class=\"text\" align=\"center\" width=\"".PORTAL_WIDTH."\"><tr><td nowrap=\"true\"><table class=\"text\" width=\"68%\" border=\"0\" bordercolor=\"red\"><tr><td><table class=\"text\"><tr><td class=\"info\"><li>Name</li></td><td> : </td><td>".$f." ".$n."</td></tr><tr><td class=\"info\"><li>Company</li></td><td> : </td><td>".$co."</td></tr><tr><td class=\"info\"><li>Category</li></td><td> : </td><td>".$ca."</td></tr></table></td><td valign=\"middle\" style=\"padding-left:60px\"><img src=\"./images/".$m."\"/></td></tr></table><br/></td></tr></table>"; } //######################################################################################################################################## function makePwd() { // Ensemble des caract�res utilis�s pour le cr�er $cars="az0erty2ui3op4qs5df6gh7jk8lm9wxcvbn"; // Combien on en a mis au fait ? $wlong=strlen($cars); // Au d�part, il est vide ce mot de passe ;) $wpas=""; // Combien on veut de caract�res pour ce mot de passe ? $taille=6; // On initialise la fonction al�atoire srand((double)microtime()*1000000); // On boucle sur le nombre de caract�res voulus for($i=0;$i<$taille;$i++){ // Tirage al�atoire d'une valeur entre 1 et wlong $wpos=rand(0,$wlong-1); // On cumule le caract�re dans le mot de passe $wpas=$wpas.substr($cars,$wpos,1); // On continue avec le caract�re suivant � g�n�rer } // On affiche le mot de passe (on peut le stocker quelque part...) return $wpas; } //######################################################################################################################################## function newDate($d, $j, $m, $a, $f) { $elts = explode("-", $d ); $jour = $elts[0]; $mois = $elts[1]; $an = $elts[2]; $newDate = mktime(0, 0, 0, ($mois+$m), ($jour+$j), ($an+$a) ); return date($f, $newDate); } //######################################################################################################################################## function checkIP() { $IPTABLE[0] = "80.118.33.228"; $IPTABLE[1] = "83.145.100.34"; $IPTABLE[2] = "195.101.36.35"; $IPTABLE[3] = "193.253.194.213"; $IPTABLE[4] = "217.128.36.44"; $IPTABLE[5] = "77.202.229.62"; $IPTABLE[6] = "82.232.62.191"; $IPTABLE[7] = "82.230.34.183"; $MYIP = $_SERVER['REMOTE_ADDR']; $IPCHECK = 0; for ($i=0; $i < count($IPTABLE); $i++) { if ($MYIP == $IPTABLE[$i]) $IPCHECK = 1; } return $IPCHECK; } // Variables Globale /* foreach ($GLOBALS as $key => $val) { echo "<li>".$key." = ".$val."</li>"; } // Variables de la QueryString foreach ($_REQUEST as $key => $val) { echo "<li>".$key." = ".$val."</li>"; } */ ?>