<?php
######################################
## Pierre CZERYBA - Netisse - 2012/02/03
######################################
include 'const.php';
//########################################################################################################################################
// checkToken : V�rification de la validit� du token pass� en param�tre
function checkToken($tkn) {
$req = "select tkn, drt from cnx where tkn='$tkn' and stt='1' ";
$res = mysql_query($req, $GLOBALS["cnx"]);
$num = mysql_num_rows($res);
if ($num == 1) {
// R�cup�ration des valeurs de la requete
$tab = mysql_fetch_row($res);
// Date du Token : 1216200708064318
if (strlen($tkn)==16) {
$h = substr($tkn, 2, 2);
$y = substr($tkn, 4, 4);
$min = substr($tkn, 8, 2);
$m = substr($tkn, 10, 2);
$s = substr($tkn, 12, 2);
$d = substr($tkn, 14, 2);
} else if (strlen($tkn)==17) {
$h = substr($tkn, 3, 2);
$y = substr($tkn, 5, 4);
$min = substr($tkn, 9, 2);
$m = substr($tkn, 11, 2);
$s = substr($tkn, 13, 2);
$d = substr($tkn, 15, 2);
}
// Mossphet : MISE EN COMMENTAIRE DU CALCUL DE VALIDITE DE LA SESSION : 2004/09/23
// Diff�rence entre les 2 dates
$dateToken = ($h*3600) + ($min*60) + $s;
$dateActu = (date("H")*3600) + (date("i")*60) + date("s");
$dateDiff = $dateActu - $dateToken;
if (($dateDiff <= SESSION_LAST) && ($dateDiff >= 0)) {
$tr = (SESSION_LAST - $dateDiff) - 30 ;
$reste = round($tr/60);
if ($reste > 1) {
$GLOBALS["finSession"] = $reste . " minutes";
} else if ($reste == 1) {
$GLOBALS["finSession"] = $reste . " minute";
} else if ($reste < 1) {
$GLOBALS["finSession"] = (SESSION_LAST - $dateDiff) . " secondes";
}
$checkToken["token"] = 1;
$checkToken["drt"] = $tab[1];
} else {
$checkToken["token"] = 0;
$req = "update cnx set stt='0' where tkn='".$tkn."' ";
$res = mysql_query($req, $GLOBALS["cnx"]);
}
//$checkToken["token"] = 1;
//$checkToken["drt"] = $tab[1];
} else if ($num==0) {
$checkToken["token"] = -1;
$checkToken["drt"] = 0;
} else {
$checkToken["token"] = -2;
$checkToken["drt"] = 0;
}
return $checkToken;
}
//########################################################################################################################################
// getUserInfos : R�cup�re les informations personnelles de l'utilisateur
function getUserInfos($tkn) {
$req="select usr.id_usr, usr.firstname, usr.name as usrName, usr.dev, drt.label as drtLabel, ent.id_ent, ent.name as entName from usr,cnx,drt,ent where cnx.tkn='$tkn' and cnx.id_usr=usr.id_usr and drt.drt=usr.drt and ent.id_ent=usr.id_ent";
$res = mysql_query($req, $GLOBALS["cnx"]);
$num = mysql_num_rows($res);
$tab = mysql_fetch_object($res);
if ($num==1) {
$getUserInfos["firstName"] = $tab->firstname;
$getUserInfos["name"] = $tab->usrName;
$getUserInfos["drtLabel"] = $tab->drtLabel;
$getUserInfos["idUsr"] = $tab->id_usr;
$getUserInfos["idEnt"] = $tab->id_ent;
$getUserInfos["ent"] = $tab->entName;
$getUserInfos["dev"] = $tab->dev;
} else {
$getUserInfos["firstName"] = "";
$getUserInfos["name"] = "";
$getUserInfos["drtLabel"] = "";
$getUserInfos["idUsr"] = "";
$getUserInfos["idEnt"] = "";
$getUserInfos["ent"] = "";
$getUserInfos["dev"] = 0;
}
return $getUserInfos;
}
//########################################################################################################################################
// checkAuth : V�rifie l'authentification et renvoie un tableau contenant les infos de l'utilisateur
function checkAuth() {
if (isset($_REQUEST["tkn"])) {
$tokenInfos = checkToken($_REQUEST["tkn"]);
settype($tokenInfos["drt"], "integer");
switch ($tokenInfos["token"]) {
case 0:
// Session expiree
$infos["validity"] = 0;
$infos["token"] = "";
$infos["idUsr"] = "";
$infos["name"] = "";
$infos["firstName"] = "";
$infos["drt"] = 0;
$infos["drtLabel"] = "";
$infos["idEnt"] = "";
$infos["ent"] = "";
$infos["dev"] = "";
break;
case 1:
// le token est valide
$userInfos = getUserInfos($_REQUEST["tkn"]);
$infos["validity"] = 1;
$infos["token"] = $_REQUEST["tkn"];
$infos["idUsr"] = $userInfos["idUsr"];
$infos["name"] = $userInfos["name"];
$infos["firstName"] = $userInfos["firstName"];
$infos["drt"] = $tokenInfos["drt"];
$infos["drtLabel"] = $userInfos["drtLabel"];
$infos["idEnt"] = $userInfos["idEnt"];
$infos["ent"] = $userInfos["ent"];
$infos["dev"] = $userInfos["dev"];
break;
default:
// le token n'est plus valide
$infos["validity"] = $tokenInfos["token"];
$infos["token"] = "";
$infos["idUsr"] = "";
$infos["name"] = "";
$infos["firstName"] = "";
$infos["drt"] = $tokenInfos["drt"];
$infos["drtLabel"] = "";
$infos["idEnt"] = "";
$infos["ent"] = "";
$infos["dev"] = 0;
break;
}
} else if (isset($_POST["login"]) && isset($_POST["pwd"])) {
$l = $_POST["login"];
$p = $_POST["pwd"];
$req = "SELECT usr.id_usr, usr.drt, usr.name as usrName, usr.firstname, usr.dev, usr.dateexp, drt.label as drtLabel, ca_agences.id_agence, ca_agences.nom_agence as entName FROM usr, drt, ca_agences WHERE (usr.login='$l' AND usr.pwd='$p' AND usr.del='0' AND drt.drt=usr.drt AND ca_agences.id_agence=usr.id_ent AND usr.dateexp > '".datetime(0)."' )";
//echo "<li>Q = ".$req;
$res = mysql_query($req, $GLOBALS["cnx"]);
$num = mysql_num_rows($res);
if ($num == 1) {
// Authentification r�ussie
$tab = mysql_fetch_object($res);
$d = dateTime(0);
$token = trace($tab->id_usr, $tab->usrName, $d, $tab->drt);
$infos["validity"] = 1;
$infos["token"] = $token;
settype($tab->drt, "integer");
$infos["idUsr"] = $tab->id_usr;
$infos["name"] = $tab->usrName;
$infos["firstName"] = $tab->firstname;
$infos["drt"] = $tab->drt;
$infos["drtLabel"] = $tab->drtLabel;
$infos["idEnt"] = $tab->id_agence;
$infos["ent"] = $tab->entName;
$infos["dev"] = $tab->dev;
} else {
// Authentification �chou�e
$tab = mysql_fetch_object($res);
if ($tab->dateexp < datetime(0) ) {
$infos["validity"] = -5;
} else {
$infos["validity"] = -3;
}
$infos["token"] = "";
$infos["idUsr"] = "";
$infos["name"] = "";
$infos["firstName"] = "";
$infos["drt"] = 0;
$infos["drtLabel"] = "";
$infos["idEnt"] = "";
$infos["ent"] = "";
$infos["dev"] = 0;
}
} else {
// Non authentifi�
$infos["validity"] = -4;
$infos["token"] = "";
$infos["idUsr"] = "";
$infos["name"] = "";
$infos["firstName"] = "";
$infos["drt"] = 0;
$infos["drtLabel"] = "";
$infos["idEnt"] = "";
$infos["ent"] = "";
$infos["dev"] = 0;
}
if (DEBUG == true) {
echo "<li><div class=\"debug\"><b>Droit de l'utilisateur</b> " . $infos["firstName"] ." ". $infos["name"] ." (id_usr=".$infos["idUsr"].")</b> = " . $infos["drtLabel"] . "</div></li>";
echo "<li><div class=\"debug\"><b>Token status</b> = ".$infos["validity"]."</div></li>";
}
// Protection des apostrophes dans les valeurs de variables transmises
//echo "<li>Replace !</li>";
/*
$m="'";
$r="\'";
foreach ($_POST as $key => $val) {
$str = $val;
echo "<li>".$str;
$_POST[$key]= ereg_replace($m, $r, $str);
}
*/
return $infos;
}
//########################################################################################################################################
// dateTime : Renvoie la date compl�te sous diff�rents formats
function dateTime($param) {
switch ($param) {
case 0:
$d = date("Y") . "-" . date("m") . "-" . date("d") . " " . date("H") . ":" . date("i") . ":" . date("s");
break;
case 1:
$d = date("d")."/".date("m")."/".date("Y")." ".date("H") . ":" . date("i") . ":" . date("s");
break;
case 2:
$d = date("Y") . date("m") . date("d") . date("H") . date("i") . date("s");
break;
case 3:
$d = date("Y") . date("m") . date("d");
break;
case 4:
$d = date("Y", mktime((date("H")+48),date("i"),date("s"),date("m"),date("d"),date("Y")))."-" .date("m", mktime((date("H")+48),date("i"),date("s"),date("m"),date("d"),date("Y"))) ."-" . date("d", mktime((date("H")+48),date("i"),date("s"),date("m"),date("d"),date("Y"))) ." ". date("H", mktime((date("H")+48),date("i"),date("s"),date("m"),date("d"),date("Y"))) .":". date("i", mktime((date("H")+48),date("i"),date("s"),date("m"),date("d"),date("Y"))) .":". date("s", mktime((date("H")+48),date("i"),date("s"),date("m"),date("d"),date("Y")));
break;
}
return $d;
}
//########################################################################################################################################
// dateTimePlus
function dateTimePlus($param) {
$tb = explode("-", $param);
$a=$tb[0];
$m=$tb[1];
$tb2 = explode(" ", $tb[2]);
$j=$tb2[0];
$tb3 = explode(":", $tb2[1]);
$h=$tb3[0];
$min=$tb3[1];
$s=$tb3[2];
//$d = date("Y", mktime($h, $min, $s, $m, ($j+7), $a))."-".date("m", mktime($h, $min, $s, $m, ($j+7), $a))."-".date("d", mktime($h, $min, $s, $m, ($j+7), $a))." ".date("H", mktime($h, $min, $s, $m, ($j+7), $a)).":".date("i", mktime($h, $min, $s, $m, ($j+7), $a)).":".date("s", mktime($h, $min, $s, $m, ($j+7), $a));
$d = date("Y", mktime($h, $min, $s, $m, ($j+7), $a))."-".date("m", mktime($h, $min, $s, $m, ($j+7), $a))."-".date("d", mktime($h, $min, $s, $m, ($j+7), $a));
return $d;
}
//########################################################################################################################################
// dateTime : Months
function monthText($param, $lng) {
$monthText="";
if ($lng == "FR") {
switch ($param) {
case 1:
$monthText = "janvier";
break;
case 2:
$monthText = "f�vrier";
break;
case 3:
$monthText = "mars";
break;
case 4:
$monthText = "avril";
break;
case 5:
$monthText = "mai";
break;
case 6:
$monthText = "juin";
break;
case 7:
$monthText = "juillet";
break;
case 8:
$monthText = "ao�t";
break;
case 9:
$monthText = "septembre";
break;
case 10:
$monthText = "octobre";
break;
case 11:
$monthText = "Novembre";
break;
case 12:
$monthText = "D�cembre";
break;
}
} else {
switch ($param) {
case 1:
$monthText = "january";
break;
case 2:
$monthText = "february";
break;
case 3:
$monthText = "march";
break;
case 4:
$monthText = "april";
break;
case 5:
$monthText = "may";
break;
case 6:
$monthText = "june";
break;
case 7:
$monthText = "july";
break;
case 8:
$monthText = "august";
break;
case 9:
$monthText = "september";
break;
case 10:
$monthText = "october";
break;
case 11:
$monthText = "November";
break;
case 12:
$monthText = "D�cember";
break;
}
}
return $monthText;
}
//########################################################################################################################################
// trace : Log la connexion de l'utilisateur
function trace($id, $name, $d, $drt) {
$req = "select id_cnx from cnx limit 0,1";
$res = mysql_query($req, $GLOBALS["cnx"]);
$tab = mysql_fetch_row($res);
if ($id < 10) $id = "0".$id;
$token = $id . date("H") . date("Y") . date("i") . date("m") . date("s") . date("d") ;
$req = "insert into cnx values('', '$id', '$name', '$d', '$token', '$drt', '1')";
$res = mysql_query($req, $GLOBALS["cnx"]);
return $token;
}
//########################################################################################################################################
// V�rification du format du nom des �l�ments upload�s (photos, documents)
function checkElement($e) {
$val = trim($e);
$val = ereg_replace("'", "_", $val);
$val = ereg_replace("�", "_", $val);
$val = ereg_replace("�", "e", $val);
$val = ereg_replace("�", "e", $val);
$val = ereg_replace("�", "a", $val);
$val = ereg_replace("�", "u", $val);
$val = ereg_replace(" ", "", $val);
return $val;
}
//########################################################################################################################################
// V�rification du format du nom des �l�ments upload�s (photos, documents)
function checkJSName($e) {
$val = trim($e);
$val = ereg_replace("'", "\'", $val);
return $val;
}
//########################################################################################################################################
// Enleve les CDATA
function cutCDATA($e) {
$val = substr($e, 9, (strlen($e)-12) );
return $val;
}
//########################################################################################################################################
// DisplayUsrInfos
function displayUsrInfos($n, $f, $co, $ca, $m) {
echo "<table cellspacing=\"0\" cellpadding=\"0\" class=\"text\" align=\"center\" width=\"".PORTAL_WIDTH."\"><tr><td nowrap=\"true\"><table class=\"text\" width=\"68%\" border=\"0\" bordercolor=\"red\"><tr><td><table class=\"text\"><tr><td class=\"info\"><li>Name</li></td><td> : </td><td>".$f." ".$n."</td></tr><tr><td class=\"info\"><li>Company</li></td><td> : </td><td>".$co."</td></tr><tr><td class=\"info\"><li>Category</li></td><td> : </td><td>".$ca."</td></tr></table></td><td valign=\"middle\" style=\"padding-left:60px\"><img src=\"./images/".$m."\"/></td></tr></table><br/></td></tr></table>";
}
//########################################################################################################################################
function makePwd() {
// Ensemble des caract�res utilis�s pour le cr�er
$cars="az0erty2ui3op4qs5df6gh7jk8lm9wxcvbn";
// Combien on en a mis au fait ?
$wlong=strlen($cars);
// Au d�part, il est vide ce mot de passe ;)
$wpas="";
// Combien on veut de caract�res pour ce mot de passe ?
$taille=6;
// On initialise la fonction al�atoire
srand((double)microtime()*1000000);
// On boucle sur le nombre de caract�res voulus
for($i=0;$i<$taille;$i++){
// Tirage al�atoire d'une valeur entre 1 et wlong
$wpos=rand(0,$wlong-1);
// On cumule le caract�re dans le mot de passe
$wpas=$wpas.substr($cars,$wpos,1);
// On continue avec le caract�re suivant � g�n�rer
}
// On affiche le mot de passe (on peut le stocker quelque part...)
return $wpas;
}
//########################################################################################################################################
function newDate($d, $j, $m, $a, $f) {
$elts = explode("-", $d );
$jour = $elts[0];
$mois = $elts[1];
$an = $elts[2];
$newDate = mktime(0, 0, 0, ($mois+$m), ($jour+$j), ($an+$a) );
return date($f, $newDate);
}
//########################################################################################################################################
function checkIP() {
$IPTABLE[0] = "80.118.33.228";
$IPTABLE[1] = "83.145.100.34";
$IPTABLE[2] = "195.101.36.35";
$IPTABLE[3] = "193.253.194.213";
$IPTABLE[4] = "217.128.36.44";
$IPTABLE[5] = "77.202.229.62";
$IPTABLE[6] = "82.232.62.191";
$IPTABLE[7] = "82.230.34.183";
$MYIP = $_SERVER['REMOTE_ADDR'];
$IPCHECK = 0;
for ($i=0; $i < count($IPTABLE); $i++) {
if ($MYIP == $IPTABLE[$i]) $IPCHECK = 1;
}
return $IPCHECK;
}
// Variables Globale
/*
foreach ($GLOBALS as $key => $val) {
echo "<li>".$key." = ".$val."</li>";
}
// Variables de la QueryString
foreach ($_REQUEST as $key => $val) {
echo "<li>".$key." = ".$val."</li>";
}
*/
?>