29require_once NOALYSS_INCLUDE.
'/constant.php';
30require_once NOALYSS_INCLUDE.
'/lib/user_common.php';
31require_once NOALYSS_INCLUDE.
'/lib/ac_common.php';
74 $this->
db->exec_sql(sprintf(
"select set_config('noalyss.user_login','%s',false)",
80 return "User ".print_r($this,
true);
88 $can_connect=
$cn->get_value(
"select count(*) from ac_users
89 where use_active=1 and
90 use_login=$1 and use_pass=$2",
91 [$this->login,$this->password]);
99 if (!isset($_SESSION[SESSION_KEY.
'g_user']))
101 $http=new \HttpInput();
102 $user_login=
$http->request(
"p_user",
"string",
"");
107 $_SESSION[SESSION_KEY.
"g_user"]=$user_login;
112 echo
'<h2 class="error">'._(
'Session expirée<br>Utilisateur déconnecté').
'</h2>';
118 if (strpos($user_login,
'@mobile')!=
false)
120 $this->access_mode=
'MOBILE';
121 $this->login=str_ireplace(
"@mobile",
"", $user_login);
125 $this->access_mode=
'PC';
126 $this->login=strtolower($user_login);
132 $this->login=$_SESSION[SESSION_KEY.
"g_user"];
133 $this->password=$_SESSION[SESSION_KEY.
'g_pass'];
136 $this->lang=(isset($_SESSION[SESSION_KEY.
'g_lang']))?$_SESSION[SESSION_KEY.
'g_lang']:
'fr_FR.utf8';
137 $this->access_mode=$_SESSION[SESSION_KEY.
"access_mode"];
141 $cn->exec_sql(sprintf(
"select set_config('noalyss.user_login','%s',false)",
146 echo
'<h2 class="error">'._(
'Utilisateur ou mot de passe incorrect').
'</h2>';
147 $sql=
"insert into audit_connect (ac_user,ac_ip,ac_module,ac_url,ac_state) values ($1,$2,$3,$4,$5)";
149 array($_SESSION[SESSION_KEY.
'g_user'], $_SERVER[
"REMOTE_ADDR"],
"DISCON",
150 $_SERVER[
'REQUEST_URI'],
'FAIL'));
159 $this->valid=(isset($_SESSION[SESSION_KEY.
'isValid']))?1:0;
160 if (isset($_SESSION[SESSION_KEY.
'g_theme']))
162 $this->theme=$_SESSION[SESSION_KEY.
'g_theme'];
358 $sql_cond=
" where lower(use_login)=lower($1)";
363 $sql_cond=
" where use_id=$1";
380 $this->
id=
$row[
'use_id'];
381 $this->first_name=
$row[
'use_first_name'];
382 $this->last_name=
$row[
'use_name'];
384 $this->active=
$row[
'use_active'];
385 $this->login=strtolower(
$row[
'use_login']);
386 $this->admin=
$row[
'use_admin'];
387 $this->password=
$row[
'use_pass'];
388 $this->email=
$row[
'use_email'];
395 $Sql=
"update ac_users set use_first_name=$1, use_name=$2
396 ,use_active=$3,use_admin=$4,use_pass=$5 ,use_email = $7 where use_id=$6";
399 array($this->first_name, $this->last_name, $this->active, $this->admin, $this->password,
400 $this->
id, $this->email));
406 $Sql=
"INSERT INTO ac_users(
407 use_first_name, use_name, use_login, use_active,
408 use_admin, use_pass, use_email)
409 VALUES ($1, $2, $3, $4, $5, $6, $7) returning use_id";
412 $this->
id=
$cn->get_value($Sql,
413 array($this->first_name, $this->last_name, $this->login, 1, $this->admin,
414 $this->password, $this->email));
431 $sql=
"select ac_users.use_login,ac_users.use_active, ac_users.use_pass,
432 use_admin,use_first_name,use_name
434 where ac_users.use_id=$1
435 and ac_users.use_active=1
436 and ac_users.use_pass=$2";
437 $ret=
$cn->exec_sql(
$sql, array($this->
id, $pass5));
442 $_SESSION[SESSION_KEY.
'use_admin']=
$r[
'use_admin'];
443 $_SESSION[SESSION_KEY.
'use_name']=
$r[
'use_name'];
444 $_SESSION[SESSION_KEY.
'use_first_name']=
$r[
'use_first_name'];
445 $_SESSION[SESSION_KEY.
'isValid']=1;
447 $this->admin=$_SESSION[SESSION_KEY.
'use_admin'];
448 $this->
name=$_SESSION[SESSION_KEY.
'use_name'];
449 $this->first_name=$_SESSION[SESSION_KEY.
'use_first_name'];
452 $sql=
"insert into audit_connect (ac_user,ac_ip,ac_module,ac_url,ac_state) values ($1,$2,$3,$4,$5)";
457 array($_SESSION[SESSION_KEY.
'g_user'], $_SERVER[
"REMOTE_ADDR"],
458 $from, $_SERVER[
'REQUEST_URI'],
'FAIL'));
461 echo
'<script> alert(\''._(
'Utilisateur ou mot de passe incorrect').
'\')</script>
';
462 redirect('index.html
');
470 if ($from=='LOGIN
' || $from=='PORTAL
')
473 array($_SESSION[SESSION_KEY.'g_user
'], $_SERVER["REMOTE_ADDR"], $from,
474 $_SERVER['REQUEST_URI
'], 'SUCCESS
'));
491 function get_folder_access($p_dossier=0)
495 $p_dossier=dossier::id();
500 $sql="select 'R
' from jnt_use_dos where use_id=$1 and dos_id=$2";
502 $res=$cn->get_value($sql, array($this->id, $p_dossier));
504 if ($cn->get_affected()==0)
514 function set_folder_access($db_id, $priv)
520 // the access is granted
521 $jnt=$cn->get_value("select jnt_id from jnt_use_dos where dos_id=$1 and use_id=$2", array($db_id, $this->id));
526 $Res=$cn->exec_sql("insert into jnt_use_dos(dos_id,use_id) values($1,$2)", array($db_id, $this->id));
532 $cn->exec_sql('
delete from jnt_use_dos where use_id = $1 and dos_id = $2
', array($this->id, $db_id));
548 function get_ledger_access($p_ledger)
550 if ($this->admin==1||
551 $this->is_local_admin(dossier::id())==1||$this->get_status_security_ledger()==0)
554 $sql="select uj_priv from user_sec_jrn where uj_login=$1 and uj_jrn_id=$2";
555 $res=$this->db->get_value($sql, array($this->login, $p_ledger));
579 function get_ledger($p_type='
ALL', $p_access=3, $disable=TRUE)
581 $p_type=strtoupper($p_type);
582 if (!in_array($p_type, ["FIN", "ALL", "ODS", "VEN", 'ACH
']))
584 record_log(sprintf("UGL1, p_type %s", $p_type));
585 throw new Exception("UGL1"._("Type incorrecte"));
593 $sql_enable="and jrn_enable=1";
595 if ($this->admin!=1&&$this->is_local_admin()!=1&&$this->get_status_security_ledger()==1)
597 $sql_type=($p_type=='ALL')?'':"and jrn_def_type=upper('".sql_string($p_type)."')";
601 $sql_access=" and uj_priv!= 'X
' ";
604 $sql_access=" and uj_priv = 'W
' and jrn_enable=1 ";
608 $sql_access=" and ( uj_priv = 'R
' or uj_priv='W
') ";
612 $sql="select jrn_def_id,jrn_def_type,
613 jrn_def_name,jrn_def_class_deb,jrn_def_class_cred,jrn_type_id,jrn_desc,uj_priv,
614 jrn_deb_max_line,jrn_cred_max_line,jrn_def_description,jrn_enable
615 from jrn_def join jrn_type on jrn_def_type=jrn_type_id
616 join user_sec_jrn on uj_jrn_id=jrn_def_id
618 uj_login='".$this->login."'".
619 $sql_type.$sql_access.$sql_enable.
620 " order by jrn_Def_name";
624 $sql_type=($p_type=='ALL')?' '.$sql_enable:"where jrn_def_type=upper('".sql_string($p_type)."') ".$sql_enable;
625 $sql="select jrn_def_id,jrn_def_type,jrn_def_name,jrn_def_class_deb,jrn_def_class_cred,jrn_deb_max_line,jrn_cred_max_line,
626 jrn_type_id,jrn_desc,'W
' as uj_priv,jrn_def_description,jrn_enable
627 from jrn_def join jrn_type on jrn_def_type=jrn_type_id
629 order by jrn_Def_name";
631 $res=$this->db->exec_sql($sql);
632 if (Database::num_row($res)==0)
634 $array=Database::fetch_all($res);
645 function get_ledger_sql($p_type='
ALL', $p_access=3)
647 $aLedger=$this->get_ledger($p_type, $p_access);
650 $sql=" jrn_def_id in (";
651 foreach ($aLedger as $row)
665 return $this->isAdmin();
673 function isAdmin():int
676 $pass5=$this->password;
677 $sql="select count(*) from ac_users where use_login=$1
678 and use_active=1 and use_admin=1 and use_pass=$2 ";
681 $this->admin=$cn->get_value($sql, array($this->login,$pass5));
692 function set_periode($p_periode)
694 $sql="update user_local_pref set parameter_value=$1 where user_id=$2 and parameter_type='PERIODE
'";
695 $Res=$this->db->exec_sql($sql, [$p_periode, $this->id]);
698 private function set_default_periode()
701 /* get the first periode */
702 $sql='select min(
p_id) as pid
'
703 .' from parm_periode
'
704 .' where p_closed =
false and p_start = (select min(p_start)
from parm_periode)
';
705 $Res=$this->db->exec_sql($sql);
707 $pid=Database::fetch_result($Res, 0, 0);
708 /* if all the periode are closed, then we use the last closed period */
711 $sql='select min(
p_id) as pid
'
712 .'from parm_periode
'
713 .'where p_start = (select max(p_start)
from parm_periode)
';
714 $Res2=$this->db->exec_sql($sql);
715 $pid=Database::fetch_result($Res2, 0, 0);
718 throw new Exception(_("Aucune période trouvéee !!!"));
721 $pid=Database::fetch_result($Res2, 0, 0);
724 $sql=sprintf("insert into user_local_pref (user_id,parameter_value,parameter_type)
725 values ('%s
','%d
','PERIODE
')", $this->id, $pid);
726 $Res=$this->db->exec_sql($sql);
736 function get_periode()
739 $array=$this->get_preference();
740 if (!isset($array['PERIODE
']))
742 $this->set_default_periode();
743 $array=$this->get_preference();
745 return $array['PERIODE
'];
753 function get_mini_report()
755 $array=$this->get_preference();
756 $fr_id=(isset($array['MINIREPORT
']))?$array['MINIREPORT
']:0;
763 function set_mini_report($p_id)
765 $count=$this->db->get_value("select count(*) from user_local_pref where user_id=$1 and parameter_type=$2",
766 array($this->id, 'MINIREPORT
'));
769 $sql="update user_local_pref set parameter_value=$1 where user_id=$2 and parameter_type='MINIREPORT
'";
770 $Res=$this->db->exec_sql($sql, array($p_id, $this->id));
774 $sql="insert into user_local_pref (user_id,parameter_type,parameter_value)".
775 "values($1,'MINIREPORT
',$2)";
776 $Res=$this->db->exec_sql($sql, array($this->id, $p_id));
786 function save_global_preference($key, $value)
788 $repo=new Database();
789 $count=$repo->get_value("select count(*)
793 parameter_type=$1 and user_id=$2", array($key, $this->login));
796 $repo->exec_sql("update user_global_pref set parameter_value=$1
797 where parameter_type=$2 and user_id=$3", array($value, $key, $this->login));
801 $repo->exec_sql("insert into user_global_pref(user_id,parameter_type,parameter_value)
802 values($1,$2,$3)", array($this->login, $key, $value));
810 function get_preference()
812 $sql="select parameter_type,parameter_value from user_local_pref where user_id=$1";
813 $Res=$this->db->exec_sql($sql, array($this->id));
815 for ($i=0; $i<Database::num_row($Res); $i++)
817 $row=Database::fetch_array($Res, $i);
818 $type=$row['parameter_type
'];
819 $l_array[$type]=$row['parameter_value
'];
821 $repo=new Database();
822 $a_global_pref=$repo->get_array("select parameter_type,parameter_value from user_global_pref
824 upper(user_id) = upper($1)", [$this->login]);
825 $nb_global=count($a_global_pref);
826 for ($i=0; $i<$nb_global; $i++)
828 $idx=$a_global_pref[$i]['parameter_type
'];
829 $value=$a_global_pref[$i]['parameter_value
'];
830 $l_array[$idx]=$value;
842 function check_module($p_module)
844 if ( $this->access_mode == "PC") {
846 $acc=$this->db->get_value("select count(*) from v_all_menu where p_id = $1
847 and me_code=$2", array($this->get_profile(), $p_module));
848 } elseif ($this->access_mode=="MOBILE") {
849 $acc=$this->db->get_value("select count(*) from profile_mobile where p_id=$1 and me_code=$2",
850 array($this->get_profile(), $p_module));
852 throw new Exception("USER:823:ACCESS_MODE INCONNU");
856 $this->audit("FAIL", $p_module);
859 $this->audit("SUCCESS", $p_module);
871 function check_action($p_action_id)
873 /* save it into the log */
875 if ($this->Admin()==1)
877 if ($this->is_local_admin(dossier::id())==1)
879 if ($this->get_status_security_action()==0)
881 $Res=$this->db->exec_sql(
882 "select * from user_sec_act where ua_login=$1 and ua_act_id=$2", array($this->login, $p_action_id));
883 $Count=Database::num_row($Res);
886 if (isset($audit)&&$audit==true)
889 $sql="insert into audit_connect (ac_user,ac_ip,ac_module,ac_url,ac_state) values ($1,$2,$3,$4,$5)";
891 array($_SESSION[SESSION_KEY.'g_user
'], $_SERVER["REMOTE_ADDR"], $p_action_id, $_SERVER['REQUEST_URI
'],
898 echo_error(_("Action invalide"));
899 record_log("User:check_action".sprintf("login %s ua_act_id %s", $this->login, $p_action_id));
909 function load_global_pref()
912 // Load everything in an array
913 $Res=$cn->exec_sql("select parameter_type,parameter_value from
915 where user_id=$1", [$this->login]);
916 $Max=Database::num_row($Res);
919 $this->insert_default_global_pref();
920 $this->load_global_pref();
923 // Load value into array
925 for ($i=0; $i<$Max; $i++)
927 $row=Database::fetch_array($Res, $i);
928 $type=$row['parameter_type
'];
929 $line[$type]=$row['parameter_value
'];
931 // save array into g_ variable
932 $array_pref=array('g_theme
'=>'THEME
',
933 'g_pagesize
'=>'PAGESIZE
',
934 'g_topmenu
'=>'TOPMENU
',
936 'csv_fieldsep
'=>'csv_fieldsep
',
937 'csv_decimal
'=>'csv_decimal
',
938 'csv_encoding
'=>'csv_encoding
',
939 'first_week_day
'=>'first_week_day
');
941 foreach ($array_pref as $name=> $parameter)
943 if (!isset($line[$parameter]))
945 $this->insert_default_global_pref($parameter);
946 $this->load_global_pref();
949 $_SESSION[SESSION_KEY.$name]=$line[$parameter];
961 function insert_default_global_pref($p_type="", $p_value="")
964 $default_parameter=array("THEME"=>"classic",
967 'LANG
'=>'fr_FR.utf8
',
970 'csv_encoding
'=>'utf8
',
974 $sql="insert into user_global_pref(user_id,parameter_type,parameter_value)
978 foreach ($default_parameter as $name=> $value)
980 $cn->exec_sql($sql, array($this->login, $name, $value));
985 $value=($p_value=="")?$default_parameter[$p_type]:$p_value;
986 if ( $cn->get_value("select count(*) from user_global_pref where user_id=$1 and parameter_type=$2",
987 array($this->login,$p_type)) == 1)
989 $cn->exec_sql("update user_global_pref set parameter_value=$1 where user_id=$2 and parameter_type=$3",
990 array($value,$this->login,$p_type));
992 $cn->exec_sql($sql, array($this->login, $p_type, $value));
1004 function update_global_pref($p_type, $p_value="")
1006 $default_parameter=array("THEME"=>"classic",
1008 "LANG"=>'fr_FR.utf8
',
1009 'TOPMENU
'=>'SELECT
',
1010 'csv_fieldsep
'=>'0
',
1012 'csv_encoding
'=>'utf8
',
1016 $Sql="update user_global_pref set parameter_value=$1
1017 where parameter_type=$2 and
1019 $value=($p_value=="")?$default_parameter[$p_type]:$p_value;
1020 $cn->exec_sql($Sql, array($value, $p_type, $this->login));
1024 /* * \brief Return the year of current Periode
1025 * it is the parm_periode.p_exercice col
1026 * if an error occurs return 0
1029 function get_exercice()
1031 $sql="select p_exercice from parm_periode where p_id=$1";
1032 $Ret=$this->db->exec_sql($sql,[$this->get_periode()]);
1033 if (Database::num_row($Ret)==1)
1035 $r=Database::fetch_array($Ret, 0);
1036 return $r['p_exercice
'];
1042 /* * \brief Check if the user can access
1043 * otherwise warn and exit
1044 * \param $p_action requested action
1045 * \param $p_js = 1 javascript, or 0 just a text or 2 to log it silently
1046 * \return nothing the program exits automatically
1049 function can_request($p_action, $p_js=0)
1051 if ($this->check_action($p_action)==0)
1053 $this->audit('FAIL
');
1056 echo create_script("alert_box(content[59])");
1060 record_log(_("Access invalid").$p_action);
1064 echo '<
h2 class=
"error">
',
1065 htmlspecialchars(_("Cette action ne vous est pas autorisée Contactez votre responsable")),
1079 function check_print($p_action)
1082 $this->audit('AUDIT
', $p_action);
1083 if ($this->Admin()==1)
1086 $res=$cn->get_value("select count(*) from profile_menu
1087 join profile_user using (p_id)
1088 where user_name=$1 and me_code=$2 ", array($this->login, $p_action));
1092 /* * \brief Check if the user can print (in menu_ref p_type_display=p)
1093 * otherwise warn and exit
1094 * \param $p_action requested action
1095 * \return nothing the program exits automatically
1098 function can_print($p_action, $p_js=0)
1100 if ($this->check_print($p_action)==0)
1102 $this->audit('FAIL
');
1105 echo create_script("alert_box(content[59])");
1109 echo '<div
class=
"redcontent">
';
1110 echo '<
h2 class=
"error">
',
1111 htmlspecialchars(_("Cette action ne vous est pas autorisée Contactez votre responsable")),
1131 function is_local_admin($p_dossier=-1)
1142 function get_available_repository($p_access='R
')
1144 $profile=$this->get_profile();
1148 $r=$this->db->get_array("select distinct u.r_id,r_name
1150 profile_sec_repository as u
1151 join stock_repository as s on(u.r_id=s.r_id)
1156 ", array($profile));
1160 $r=$this->db->get_array("select distinct u.r_id,r_name
1162 profile_sec_repository as u
1163 join stock_repository as s on(u.r_id=s.r_id)
1166 ", array($profile));
1186 static function get_list($p_dossier)
1188 $sql="select distinct use_id,use_login,use_first_name,use_name from ac_users
1189 left outer join jnt_use_dos using (use_id)
1191 (dos_id=$1 and use_active=1) or (use_active=1 and use_admin=1)
1192 order by use_login,use_name";
1194 $repo=new Database();
1195 $array=$repo->get_array($sql, array($p_dossier));
1196 if ($repo->size()==0)
1197 throw new Exception('Error inaccessible folder
');
1212 function check_jrn($p_jrn)
1214 return $this->get_ledger_access($p_jrn);
1228 function check_dossier($p_dossier_id, $silent=false)
1231 if ($this->admin==1||$this->is_local_admin($p_dossier_id)==1)
1235 $dossier=$cn->get_value("select 'R
' from jnt_use_dos where dos_id=$1 and use_id=$2",
1236 array($p_dossier_id, $this->id));
1237 $dossier=($dossier=='')?'X
':$dossier;
1240 $this->audit('FAIL
', "Access folder ");
1243 alert(_('Dossier non accessible
'));
1254 function get_limit_current_exercice()
1256 $current_exercice=$this->get_exercice();
1257 $periode=new Periode($this->db);
1258 list($per_start, $per_end)=$periode->get_limit($current_exercice);
1259 $start=$per_start->first_day();
1260 $end=$per_end->last_day();
1261 return array($start, $end);
1273 function show_dossier($p_filtre="")
1275 $p_array=$this->get_available_folder($p_filtre);
1279 $result.="<TABLE id=\"folder\" class=\"result\">";
1288 $result.=_("Description");
1294 $result.='<
td style=
"width:auto" colspan=3>
';
1295 $result.=_("Aucun dossier disponible");
1301 for ($i=0; $i<sizeof($p_array); $i++)
1304 $id=$p_array[$i]['dos_id
'];
1305 $name=$p_array[$i]['dos_name
'];
1306 $desc=$p_array[$i]['dos_description
'];
1311 $target="do.php?gDossier=$id";
1313 $result.="<TR class=\"$tr\">";
1315 $result.=td($id, ' class=
"num" ');
1316 $result.="<TD class=\"$tr\">";
1317 $result.="<A class=\"dossier\" HREF=\"$target\">";
1318 $result.=" <B>".h($name)."</B>";
1321 $desc=($desc=="")?"<i>Aucune description</i>":h($desc);
1322 $desc="<A class=\"dossier\" HREF=\"$target\">$desc</A>";
1323 $result.="<TD class=\"$tr\" >".$desc;
1327 $result.="</TABLE>";
1342 function get_available_folder($p_filter="")
1346 if ($this->admin==0)
1348 // show only available folders
1349 // if user is not an admin
1350 $Res=$cn->exec_sql("select
1351 distinct dos_id,dos_name,dos_description
1353 natural join jnt_use_dos
1354 natural join ac_dossier
1358 and ( dos_name ilike '%
' || $2 || '%
' or dos_description ilike '%
' || $2 || '%
' )
1359 order by dos_name", array($this->login, $p_filter));
1363 $Res=$cn->exec_sql("select
1364 distinct dos_id,dos_name,dos_description from ac_dossier
1366 dos_name ilike '%
' || $1|| '%
' or dos_description ilike '%
' || $1 || '%
'
1367 order by dos_name", array($p_filter));
1370 $max=Database::num_row($Res);
1374 for ($i=0; $i<$max; $i++)
1376 $array[]=Database::fetch_array($Res, $i);
1385 static function audit_admin($p_module)
1388 $sql="insert into audit_connect (ac_user,ac_ip,ac_module,ac_url,ac_state) values ($1,$2,$3,$4,$5)";
1392 $_SESSION[SESSION_KEY.'g_user
'],
1393 $_SERVER["REMOTE_ADDR"],
1395 $_SERVER['REQUEST_URI
'],
1399 function audit($action='AUDIT
', $p_module="")
1404 if ($p_module==""&&isset($_REQUEST['ac
']))
1406 $p_module=$_REQUEST['ac
'];
1409 if (isset($_REQUEST['gDossier
']))
1410 $p_module.=" dossier : ".$_REQUEST['gDossier
'];
1411 $sql="insert into audit_connect (ac_user,ac_ip,ac_module,ac_url,ac_state) values ($1,$2,$3,$4,$5)";
1415 $_SESSION[SESSION_KEY.'g_user
'],
1416 $_SERVER["REMOTE_ADDR"],
1418 $_SERVER['REQUEST_URI
'],
1423 function save_profile($p_id)
1425 $count=$this->db->get_value("select count(*) from profile_user where user_name=$1", array($this->login));
1428 $this->db->exec_sql("insert into profile_user(p_id,user_name)
1429 values ($1,$2)", array($p_id, $this->login));
1433 $this->db->exec_sql("update profile_user set p_id=$1 where user_name=$2", array($p_id, $this->login));
1441 function get_profile()
1443 $profile=$this->db->get_value("select p_id from profile_user where
1444 lower(user_name)=lower($1) ", array($this->login));
1456 function sql_writable_profile()
1458 if ($this->admin!=1)
1460 $sql=" (select p_granted "
1461 ." from user_sec_action_profile "
1462 ." where ua_right in ('W
','O
') and p_id=".$this->get_profile().") ";
1466 $sql="(select p_id p_granted from profile)";
1474 function get_writable_profile()
1476 $value=$this->db->get_array("select p_granted from ".$this->sql_writable_profile()." as m") ;
1477 $aGranted=array_column($value,"p_granted");
1484 function get_readable_profile()
1486 $value=$this->db->get_array("select p_granted from ".$this->sql_readable_profile()." as m") ;
1487 $aGranted=array_column($value,"p_granted");
1497 function sql_readable_profile()
1499 if ($this->admin!=1)
1501 $sql=" (select p_granted "
1502 ." from user_sec_action_profile "
1503 ." where ua_right in ('W
','R
','O
') and p_id=".$this->get_profile().") ";
1507 $sql="(select p_id p_granted from profile)";
1518 function can_add_action($p_profile)
1520 $r=$this->db->get_value(' select count(*)
1521 from user_sec_action_profile
1523 and
p_id=$1
', array($this->get_profile(), $p_profile));
1536 function can_write_action($dtoc)
1538 if ($this->Admin()==1)
1540 if ($this->get_status_security_action()==0)
1542 $profile=$this->get_profile();
1543 $r=$this->db->get_value(" select count(*) from action_gestion where ag_id=$1 and ag_dest in
1544 (select p_granted from user_sec_action_profile where ua_right in ('W
','O
') and p_id=$2) ", array($dtoc, $profile));
1555 function can_delete_action($dtoc)
1557 if ($this->Admin()==1)
1559 if ($this->get_status_security_action()==0)
1561 $profile=$this->get_profile();
1562 $r=$this->db->get_value(" select count(*) from action_gestion where ag_id=$1 and ag_dest in
1563 (select p_granted from user_sec_action_profile where ua_right='W
' and p_id=$2) ", array($dtoc, $profile));
1574 function can_read_action($dtoc)
1576 if ($this->Admin()==1)
1578 $profile=$this->get_profile();
1579 $r=$this->db->get_value(" select count(*) from action_gestion where ag_id=$1 and (ag_dest in
1580 (select p_granted from user_sec_action_profile where p_id=$2) or ag_owner=$3)",
1581 array($dtoc, $profile, $this->login));
1592 function can_write_repo($p_repo)
1594 if ($this->Admin()==1)
1596 $profile=$this->get_profile();
1597 $r=$this->db->get_value("select count(*)
1598 from profile_sec_repository
1602 and ur_right='W
'", array($p_repo, $profile));
1613 function can_read_repo($p_repo)
1615 if ($this->Admin()==1)
1617 $profile=$this->get_profile();
1618 $r=$this->db->get_value("select count(*)
1619 from profile_sec_repository
1623 ", array($p_repo, $profile));
1631 function password_to_session()
1633 $_SESSION[SESSION_KEY.'g_pass
']=$this->getPassword();
1642 function save_password($p_pass1, $p_pass2)
1644 if ($p_pass1==$p_pass2 && count(check_password_strength($p_pass1)['msg
'])==0)
1646 $repo=new Database();
1647 $l_pass=md5($p_pass1);
1648 $this->setPassword($l_pass);
1649 $repo->exec_sql("update ac_users set use_pass=$1 where use_login=$2",
1650 array($l_pass, $this->login));
1664 function save_email($p_email)
1666 $repo=new Database();
1667 $repo->exec_sql("update ac_users set use_email=$1 where use_login=$2",
1668 array($p_email, $_SESSION[SESSION_KEY.'g_user
']));
1677 static function revoke_access($p_login, $p_dossier)
1679 // connect to the repository
1680 $repo_cnx=new Database();
1682 // Retrieve the user
1683 $user=$repo_cnx->get_array('select use_id,use_login
from ac_users where use_login=$1
', array($p_login));
1687 // remove him from jnt_use_dos
1688 $repo_cnx->exec_sql("delete from jnt_use_dos WHERE use_id=$1 and dos_id=$2",
1689 array($user[0]['use_id
'], $p_dossier));
1691 // Remove user from user's dossier
1692 $cn_dossier=
new Database($p_dossier);
1693 $cn_dossier->exec_sql(
"delete from profile_user where user_name=$1", array($p_login));
1694 $cn_dossier->exec_sql(
"delete from user_sec_act where ua_login=$1", array($p_login));
1704 $user=$repo_cnx->get_array(
"select use_id,use_login
1706 where use_login=$1", array($p_login));
1710 $cn_dossier=
new Database($p_dossier);
1713 $repo_cnx->get_value(
"select count(*) from jnt_use_dos where use_id=$1 and dos_id=$2",
1714 array($user[0][
'use_id'], $p_dossier))==0
1717 $repo_cnx->exec_sql(
"insert into jnt_use_dos(use_id,dos_id) values ($1,$2)",
1718 array($user[0][
'use_id'], $p_dossier));
1721 if ($cn_dossier->get_value(
"select count(*) from profile_user where user_name=$1", array($user[0][
'use_login']))==0)
1723 $cn_dossier->exec_sql(
'insert into profile_user(user_name,p_id) values($1,1)', array($user[0][
'use_login']));
1726 $cn_dossier->exec_sql(
"delete from user_sec_act where ua_login=$1", array($p_login));
1728 $cn_dossier->exec_sql(
"insert into user_sec_act (ua_login,ua_act_id)"
1729 .
" select $1 ,ac_id from action ", array($p_login));
1731 $cn_dossier->exec_sql(
"delete from user_sec_jrn where uj_login=$1", array($p_login));
1732 $cn_dossier->exec_sql(
"insert into user_sec_jrn(uj_login,uj_jrn_id,uj_priv)"
1733 .
" select $1,jrn_def_id,'W' from jrn_def", array($p_login));
1739 $name=$cnx_repo->format_name($p_dossier,
'dos');
1740 if ($cnx_repo->exist_database(
$name)==0)
1742 $cnx_dossier=
new Database($p_dossier);
1743 if ($cnx_dossier->exist_table(
'profile_user'))
1744 $a_user=$cnx_dossier->get_array(
'select user_name from profile_user');
1753 if ($cnx_repo->get_value(
'select count(*) from ac_users where use_login=$1', array($a_user[
$i][
'user_name']))==0)
1755 if ($cnx_dossier->exist_table(
'user_sec_jrn'))
1756 $cnx_dossier->exec_sql(
"delete from user_sec_jrn where uj_login=$1", array($a_user[
$i][
'user_name']));
1757 $cnx_dossier->exec_sql(
"delete from profile_user where user_name=$1", array($a_user[
$i][
'user_name']));
1758 if ($cnx_dossier->exist_table(
'user_sec_act'))
1759 $cnx_dossier->exec_sql(
"delete from user_sec_act where ua_login=$1", array($a_user[
$i][
'user_name']));
1760 if ($cnx_dossier->exist_table(
'user_sec_jrn'))
1761 $cnx_dossier->exec_sql(
"delete from user_sec_jrn where uj_login=$1", array($a_user[
$i][
'user_name']));
1762 if ($cnx_dossier->exist_table(
'user_active_security'))
1763 $cnx_dossier->exec_sql(
"delete from user_active_security where us_login=$1",
1764 array($a_user[
$i][
'user_name']));
1775 $security=$this->
db->get_value(
"select us_ledger from user_active_security
1777 us_login=$1", [$this->login]);
1778 $n_security=($security==
"Y")?1:0;
1789 if ($p_value!=0&&$p_value!=1)
1790 throw new Exception(_(
"Valeur invalide"));
1791 $exist=$this->
db->get_value(
"select count(*) from user_active_security where us_login=$1", [$this->login]);
1792 $flag=($p_value==1)?
"Y":
"N";
1795 $this->
db->exec_sql(
"insert into user_active_security (us_login,us_ledger,us_action) values ($1,$2,$3)",
1796 [$this->login,
$flag,
'Y']);
1800 $this->
db->exec_sql(
"update user_active_security set us_ledger=$1 where us_login = $2",
1801 [
$flag, $this->login]);
1811 $security=$this->
db->get_value(
"select us_action from user_active_security
1813 us_login=$1", [$this->login]);
1814 $n_security=($security==
"Y")?1:0;
1825 if ($p_value!=0&&$p_value!=1)
1826 throw new Exception(_(
"Valeur invalide"));
1827 $exist=$this->
db->get_value(
"select count(*) from user_active_security where us_login=$1", [$this->login]);
1828 $flag=($p_value==1)?
"Y":
"N";
1831 $this->
db->exec_sql(
"insert into user_active_security (us_login,us_action,us_ledger) values ($1,$2,$3)",
1832 [$this->login,
$flag,
'Y']);
1836 $this->
db->exec_sql(
"update user_active_security set us_action=$1 where us_login = $2",
1837 [
$flag, $this->login]);
1847 $result=$repocn->get_value(
"select parameter_value from user_global_pref where parameter_type=$1 and user_id=$2 ",
1848 array(
"first_week_day", $this->login));
1849 if ($repocn->count()==0)
1862 $aSession=$_SESSION;
1863 foreach($aSession as $key =>
$value) {
1864 if(DEBUGNOALYSS>1) { echo
"[$key]=>[$value]";}
1866 if ( strpos($key,SESSION_KEY) === 0) {
1867 unset($_SESSION[$key]);
1868 if(DEBUGNOALYSS>1) { echo
"=> [$key] cleaned";}
h2($p_string, $p_class="", $raw="")
td($p_string='', $p_extra='')
surround the string with td
catch(Exception $exc) if(! $g_user->can_write_action($ag_id)) $r
static escape_string($p_string)
wrapper for the function pg_escape_string
static fetch_array($ret, $p_indice=0, $p_mode=PGSQL_ASSOC)
wrapper for the function pg_fetch_array
static num_row($ret)
wrapper for the function pg_num_rows
contains the class for connecting to Noalyss
manage the current dossier, everywhere we need to know to which folder we are connected,...
Data & function about connected users.
set_status_security_ledger($p_value)
Set the flag in the table user_active_security.
get_access_mode()
access_mode tells what mode must be used : pc or mobile
get_status_security_action()
Check the security on ledger for the user , it returns 1 if the security on ledgers is enabled,...
$id
in account_repository , ac_users.use_id
set_status_security_action($p_value)
Set the flag in the table user_active_security.
get_status_security_ledger()
Check the security on ledger for the user , it returns 1 if the security on ledgers is enabled,...
set_session_var()
put user_login into Postgres config (session), it can be used for tracking users activities
$active
1 active , 0 disables
$last_name
user's last_name
$password
md5 of the password
$access_mode
MOBILE or PC depending if when connecting $login contains @mobile.
Check($silent=false, $from='')
Check if user is active and exists in therepository Automatically redirect, it doesn't check if a use...
$db
database connx to the folder NOT repository
load_global_pref()
Get the global preferences from user_global_pref in the account_repository db.
static grant_admin_access($p_login, $p_dossier)
Grant access to folder, grant administrator profile , all the ledgers and all the action.
save_global_preference($key, $value)
Save the preference , the scope is global, the settings are saved into account_repository.
static clean_session()
clean the sessions
set_access_mode($access_mode)
access_mode tells what mode must be used : pc or mobile
static remove_inexistant_user($p_dossier)
can_connect()
check the password and user
connect_user()
connect the user and set the $_SESSION variables if not set thanks the $_REQUEST
setFirstName($first_name)
__construct($p_cn, $p_id=-1)
for($e=0; $e< count($afiche); $e++) exit
redirect($p_string, $p_time=0)