2use chillerlan\Authenticator\{Authenticator, AuthenticatorOptions};
3use chillerlan\Authenticator\Authenticators\AuthenticatorInterface;
30require_once NOALYSS_INCLUDE.
'/constant.php';
31require_once NOALYSS_INCLUDE.
'/lib/user_common.php';
32require_once NOALYSS_INCLUDE.
'/lib/ac_common.php';
107 $this->
db->exec_sql(sprintf(
"select set_config('noalyss.user_login','%s',false)",
109 $this->repository->exec_sql(sprintf(
"select set_config('noalyss.user_login','%s',false)",
115 return "User ".print_r($this,
true);
123 $can_connect=$this->repository->get_value(
"select count(*) from ac_users
124 where use_active=1 and
125 use_login=$1 and use_pass=$2",
126 [$this->login,$this->password]);
134 if (!isset($_SESSION[SESSION_KEY.
'g_user']))
136 $http=new \HttpInput();
137 $user_login=$http->request(
"p_user",
"string",
"");
138 $user_password=$http->request(
"p_pass",
"string",
"");
140 if ($user_login!=
""&&$user_password!=
"")
142 $_SESSION[SESSION_KEY.
"g_user"]=$user_login;
143 $_SESSION[SESSION_KEY.
"g_pass"]=md5($user_password);
147 echo
'<h2 class="error">'._(
'Session expirée<br>Utilisateur déconnecté').
'</h2>';
148 redirect(
'index.php', 1);
153 if (strpos($user_login,
'@mobile')!=
false)
155 $this->access_mode=
'MOBILE';
156 $this->login=str_ireplace(
"@mobile",
"", $user_login);
160 $this->access_mode=
'PC';
161 $this->login=strtolower($user_login);
164 $_SESSION[SESSION_KEY.
"access_mode"]=$this->access_mode;
165 $_SESSION[SESSION_KEY.
'g_user']=$this->login;
167 $this->login=$_SESSION[SESSION_KEY.
"g_user"];
168 $this->password=$_SESSION[SESSION_KEY.
'g_pass'];
171 $this->lang=(isset($_SESSION[SESSION_KEY.
'g_lang']))?$_SESSION[SESSION_KEY.
'g_lang']:
'fr_FR.utf8';
172 $this->access_mode=$_SESSION[SESSION_KEY.
"access_mode"];
176 $this->repository->exec_sql(sprintf(
"select set_config('noalyss.user_login','%s',false)",
179 if ($this->can_connect() == 0 || $this->load()==-1 )
181 echo
'<h2 class="error">'._(
'Utilisateur ou mot de passe incorrect').
'</h2>';
182 $sql=
"insert into audit_connect (ac_user,ac_ip,ac_module,ac_url,ac_state) values ($1,$2,$3,$4,$5)";
183 $server_remote=$_SERVER[
'REMOTE_ADDR']??
"cmd-line";
184 $request_uri=$_SERVER[
'REQUEST_URI']??
"REQUEST-URI";
186 $this->repository->exec_sql(
$sql,
187 array($_SESSION[SESSION_KEY.
'g_user'],$server_remote,
"DISCON",
188 $request_uri ,
'FAIL'));
189 $this->clean_session();
194 $this->load_global_pref();
196 $_SESSION[SESSION_KEY.
'g_lang']=$this->lang;
197 $this->valid=(isset($_SESSION[SESSION_KEY.
'isValid']))?1:0;
198 if (isset($_SESSION[SESSION_KEY.
'g_theme']))
200 $this->theme=$_SESSION[SESSION_KEY.
'g_theme'];
202 $_SESSION[SESSION_KEY.
'use_admin']=$this->admin;
203 $_SESSION[SESSION_KEY.
'use_name']=$this->name;
204 $_SESSION[SESSION_KEY.
'use_first_name']=$this->first_name;
212 return $this->access_mode;
293 return $this->first_name;
325 return $this->active;
357 return $this->password;
396 $sql_cond=
" where lower(use_login)=lower($1)";
401 $sql_cond=
" where use_id=$1";
419 $this->
id=
$row[
'use_id'];
420 $this->first_name=
$row[
'use_first_name'];
421 $this->last_name=
$row[
'use_name'];
423 $this->active=
$row[
'use_active'];
424 $this->login=strtolower(
$row[
'use_login']);
425 $this->admin=
$row[
'use_admin'];
426 $this->password=
$row[
'use_pass'];
427 $this->email=
$row[
'use_email'];
428 $this->authent_method=
$row[
'use_auth_method'];
429 $this->otp_secret=
$row[
'use_otp_secret'];
435 if ( $this->authent_method != 0 && $this->otp_secret ==
null) {
438 $Sql=
"update ac_users set use_first_name=$1, use_name=$2
439 ,use_active=$3,use_admin=$4,use_pass=$5 ,use_email = $7
440 , use_auth_method=$8,use_otp_secret=$9
442 $Res=$this->repository->exec_sql($Sql,
443 array($this->first_name
450 , $this->authent_method
458 $Sql=
"INSERT INTO ac_users(
459 use_first_name, use_name, use_login, use_active,
460 use_admin, use_pass, use_email)
461 VALUES ($1, $2, $3, $4, $5, $6, $7) returning use_id";
463 $this->
id=$this->repository->get_value($Sql,
464 array($this->first_name, $this->last_name, $this->login, 1, $this->admin,
465 $this->password, $this->email));
479 $pass5=$this->password;
481 $sql=
"select ac_users.use_login,ac_users.use_active, ac_users.use_pass,
482 use_admin,use_first_name,use_name
484 where ac_users.use_id=$1
485 and ac_users.use_active=1
486 and ac_users.use_pass=$2";
487 $ret=$this->repository->exec_sql(
$sql, array($this->
id, $pass5));
492 $_SESSION[SESSION_KEY.
'use_admin']=
$r[
'use_admin'];
493 $_SESSION[SESSION_KEY.
'use_name']=
$r[
'use_name'];
494 $_SESSION[SESSION_KEY.
'use_first_name']=
$r[
'use_first_name'];
495 $_SESSION[SESSION_KEY.
'isValid']=1;
497 $this->admin=$_SESSION[SESSION_KEY.
'use_admin'];
498 $this->
name=$_SESSION[SESSION_KEY.
'use_name'];
499 $this->first_name=$_SESSION[SESSION_KEY.
'use_first_name'];
502 $sql=
"insert into audit_connect (ac_user,ac_ip,ac_module,ac_url,ac_state) values ($1,$2,$3,$4,$5)";
506 $this->repository->exec_sql(
$sql,
507 array($_SESSION[SESSION_KEY.
'g_user'], $_SERVER[
"REMOTE_ADDR"],
508 $from, $_SERVER[
'REQUEST_URI'],
'FAIL'));
511 echo
'<script> alert(\''._(
'Utilisateur ou mot de passe incorrect').
'\')</script>
';
512 redirect('index.html
');
520 if ($from=='LOGIN
' || $from=='PORTAL
')
522 $this->repository->exec_sql($sql,
523 array($_SESSION[SESSION_KEY.'g_user
'], $_SERVER["REMOTE_ADDR"], $from,
524 $_SERVER['REQUEST_URI
'], 'SUCCESS
'));
541 function get_folder_access($p_dossier=0)
545 $p_dossier=dossier::id();
549 $sql="select 'R
' from jnt_use_dos where use_id=$1 and dos_id=$2";
551 $res=$this->repository->get_value($sql, array($this->id, $p_dossier));
553 if ($this->repository->get_affected()==0)
563 function set_folder_access($db_id, $priv)
568 // the access is granted
569 $jnt=$this->repository->get_value("select jnt_id from jnt_use_dos where dos_id=$1 and use_id=$2", array($db_id, $this->id));
571 if ($this->repository->size()==0)
574 $Res=$this->repository->exec_sql("insert into jnt_use_dos(dos_id,use_id) values($1,$2)", array($db_id, $this->id));
580 $this->repository->exec_sql('
delete from jnt_use_dos where use_id = $1 and dos_id = $2
', array($this->id, $db_id));
595 function get_ledger_access($p_ledger)
597 if ($this->admin==1||
598 $this->is_local_admin(dossier::id())==1||$this->get_status_security_ledger()==0)
601 $sql="select uj_priv from user_sec_jrn where uj_login=$1 and uj_jrn_id=$2";
602 $res=$this->db->get_value($sql, array($this->login, $p_ledger));
626 function get_ledger($p_type='
ALL', $p_access=3, $all=TRUE)
628 $p_type=strtoupper($p_type);
629 if (!in_array($p_type, ["FIN", "ALL", "ODS", "VEN", 'ACH
']))
631 record_log(sprintf("UGL1, p_type %s", $p_type));
632 throw new Exception("UGL1"._("Type incorrecte"));
640 $sql_enable="and jrn_enable=1";
642 if ($this->admin!=1&&$this->is_local_admin()!=1&&$this->get_status_security_ledger()==1)
644 $sql_type=($p_type=='ALL')?'':"and jrn_def_type=upper('".sql_string($p_type)."')";
648 $sql_access=" and uj_priv!= 'X
' ";
651 $sql_access=" and uj_priv = 'W
' and jrn_enable=1 ";
655 $sql_access=" and ( uj_priv = 'R
' or uj_priv='W
') ";
659 $sql="select jrn_def_id,jrn_def_type,jrn_def_code,
660 jrn_def_name,jrn_def_class_deb,jrn_def_class_cred,jrn_type_id,jrn_desc,uj_priv,
661 jrn_deb_max_line,jrn_cred_max_line,jrn_def_description,jrn_enable
662 from jrn_def join jrn_type on jrn_def_type=jrn_type_id
663 join user_sec_jrn on uj_jrn_id=jrn_def_id
665 uj_login='".$this->login."'".
666 $sql_type.$sql_access.$sql_enable.
667 " order by jrn_Def_name";
671 $sql_type=($p_type=='ALL')?' '.$sql_enable:"where jrn_def_type=upper('".sql_string($p_type)."') ".$sql_enable;
672 $sql="select jrn_def_id,jrn_def_type,jrn_def_code,jrn_def_name,jrn_def_class_deb,jrn_def_class_cred,jrn_deb_max_line,jrn_cred_max_line,
673 jrn_type_id,jrn_desc,'W
' as uj_priv,jrn_def_description,jrn_enable
674 from jrn_def join jrn_type on jrn_def_type=jrn_type_id
676 order by jrn_Def_name";
678 $res=$this->db->exec_sql($sql);
679 if (Database::num_row($res)==0)
681 $array=Database::fetch_all($res);
692 function get_ledger_sql($p_type='
ALL', $p_access=3)
694 $aLedger=$this->get_ledger($p_type, $p_access);
697 $sql=" jrn_def_id in (";
698 foreach ($aLedger as $row)
712 return $this->isAdmin();
720 function isAdmin():int
723 $pass5=$this->password;
724 $sql="select count(*) from ac_users where use_login=$1
725 and use_active=1 and use_admin=1 and use_pass=$2 ";
727 $this->admin=$this->repository->get_value($sql, array($this->login,$pass5));
738 function set_periode($p_periode)
740 $sql="update user_local_pref set parameter_value=$1 where user_id=$2 and parameter_type='PERIODE
'";
741 $Res=$this->db->exec_sql($sql, [$p_periode, $this->id]);
744 private function set_default_periode()
747 /* get the first periode */
748 $sql='select min(
p_id) as pid
'
749 .' from parm_periode
'
750 .' where p_closed =
false and p_start = (select min(p_start)
from parm_periode)
';
751 $Res=$this->db->exec_sql($sql);
753 $pid=Database::fetch_result($Res, 0, 0);
754 /* if all the periode are closed, then we use the last closed period */
757 $sql='select min(
p_id) as pid
'
758 .'from parm_periode
'
759 .'where p_start = (select max(p_start)
from parm_periode)
';
760 $Res2=$this->db->exec_sql($sql);
761 $pid=Database::fetch_result($Res2, 0, 0);
764 throw new Exception(_("Aucune période trouvéee !!!"));
767 $pid=Database::fetch_result($Res2, 0, 0);
770 $sql=sprintf("insert into user_local_pref (user_id,parameter_value,parameter_type)
771 values ('%s
','%d
','PERIODE
')", $this->id, $pid);
772 $Res=$this->db->exec_sql($sql);
782 function get_periode()
785 $array=$this->get_preference();
786 if (!isset($array['PERIODE
']))
788 $this->set_default_periode();
789 $array=$this->get_preference();
791 return $array['PERIODE
'];
801 function save_global_preference($key, $value)
803 $count=$this->repository->get_value("select count(*)
807 parameter_type=$1 and user_id=$2", array($key, $this->login));
810 $this->repository->exec_sql("update user_global_pref set parameter_value=$1
811 where parameter_type=$2 and user_id=$3", array($value, $key, $this->login));
815 $this->repository->exec_sql("insert into user_global_pref(user_id,parameter_type,parameter_value)
816 values($1,$2,$3)", array($this->login, $key, $value));
824 function get_preference()
826 $sql="select parameter_type,parameter_value from user_local_pref where user_id=$1";
827 $Res=$this->db->exec_sql($sql, array($this->id));
829 for ($i=0; $i<Database::num_row($Res); $i++)
831 $row=Database::fetch_array($Res, $i);
832 $type=$row['parameter_type
'];
833 $l_array[$type]=$row['parameter_value
'];
835 $a_global_pref=$this->repository->get_array("select parameter_type,parameter_value from user_global_pref
837 upper(user_id) = upper($1)", [$this->login]);
838 $nb_global=count($a_global_pref);
839 for ($i=0; $i<$nb_global; $i++)
841 $idx=$a_global_pref[$i]['parameter_type
'];
842 $value=$a_global_pref[$i]['parameter_value
'];
843 $l_array[$idx]=$value;
855 function check_module($p_module)
857 if ( $this->access_mode == "PC") {
859 $acc=$this->db->get_value("select count(*) from v_all_menu where p_id = $1
860 and me_code=$2", array($this->get_profile(), $p_module));
861 } elseif ($this->access_mode=="MOBILE") {
862 $acc=$this->db->get_value("select count(*) from profile_mobile where p_id=$1 and me_code=$2",
863 array($this->get_profile(), $p_module));
865 throw new Exception("USER:823:ACCESS_MODE INCONNU");
869 $this->audit("FAIL", $p_module);
872 $this->audit("SUCCESS", $p_module);
884 function check_action($p_action_id)
886 /* save it into the log */
888 if ($this->Admin()==1)
890 if ($this->is_local_admin(dossier::id())==1)
892 if ($this->get_status_security_action()==0)
894 $Res=$this->db->exec_sql(
895 "select * from user_sec_act where ua_login=$1 and ua_act_id=$2", array($this->login, $p_action_id));
896 $Count=Database::num_row($Res);
899 if (isset($audit)&&$audit==true)
902 $sql="insert into audit_connect (ac_user,ac_ip,ac_module,ac_url,ac_state) values ($1,$2,$3,$4,$5)";
903 $this->repository->exec_sql($sql,
904 array($_SESSION[SESSION_KEY.'g_user
'], $_SERVER["REMOTE_ADDR"], $p_action_id, $_SERVER['REQUEST_URI
'],
911 echo_error(_("Action invalide"));
912 record_log("User:check_action".sprintf("login %s ua_act_id %s", $this->login, $p_action_id));
922 function load_global_pref()
924 // Load everything in an array
925 $Res=$this->repository->exec_sql("select parameter_type,parameter_value from
927 where user_id=$1", [$this->login]);
928 $Max=Database::num_row($Res);
931 $this->insert_default_global_pref();
932 $this->load_global_pref();
935 // Load value into array
937 for ($i=0; $i<$Max; $i++)
939 $row=Database::fetch_array($Res, $i);
940 $type=$row['parameter_type
'];
941 $line[$type]=$row['parameter_value
'];
943 // save array into g_ variable
944 $array_pref=array('g_theme
'=>'THEME
',
945 'g_pagesize
'=>'PAGESIZE
',
946 'g_topmenu
'=>'TOPMENU
',
948 'csv_fieldsep
'=>'csv_fieldsep
',
949 'csv_decimal
'=>'csv_decimal
',
950 'csv_encoding
'=>'csv_encoding
',
951 'first_week_day
'=>'first_week_day
');
953 foreach ($array_pref as $name=> $parameter)
955 if (!isset($line[$parameter]))
957 $this->insert_default_global_pref($parameter);
958 $this->load_global_pref();
961 $_SESSION[SESSION_KEY.$name]=$line[$parameter];
973 function insert_default_global_pref($p_type="", $p_value="")
976 $default_parameter=array("THEME"=>"classic",
979 'LANG
'=>'fr_FR.utf8
',
982 'csv_encoding
'=>'utf8
',
985 $sql="insert into user_global_pref(user_id,parameter_type,parameter_value)
989 foreach ($default_parameter as $name=> $value)
991 $this->repository->exec_sql($sql, array($this->login, $name, $value));
996 $value=($p_value=="")?$default_parameter[$p_type]:$p_value;
997 if ( $this->repository->get_value("select count(*) from user_global_pref where user_id=$1 and parameter_type=$2",
998 array($this->login,$p_type)) == 1)
1000 $this->repository->exec_sql("update user_global_pref set parameter_value=$1 where user_id=$2 and parameter_type=$3",
1001 array($value,$this->login,$p_type));
1003 $this->repository->exec_sql($sql, array($this->login, $p_type, $value));
1015 function update_global_pref($p_type, $p_value="")
1017 $default_parameter=array("THEME"=>"classic",
1019 "LANG"=>'fr_FR.utf8
',
1020 'TOPMENU
'=>'SELECT
',
1021 'csv_fieldsep
'=>'0
',
1023 'csv_encoding
'=>'utf8
',
1026 $Sql="update user_global_pref set parameter_value=$1
1027 where parameter_type=$2 and
1029 $value=($p_value=="")?$default_parameter[$p_type]:$p_value;
1030 $this->repository->exec_sql($Sql, array($value, $p_type, $this->login));
1040 function get_exercice()
1042 $sql="select p_exercice from parm_periode where p_id=$1";
1043 $Ret=$this->db->exec_sql($sql,[$this->get_periode()]);
1044 if (Database::num_row($Ret)==1)
1046 $r=Database::fetch_array($Ret, 0);
1047 return $r['p_exercice
'];
1061 function can_request($p_action, $p_js=0)
1063 if ($this->check_action($p_action)==0)
1065 $this->audit('FAIL
');
1068 echo create_script("alert_box(content[59])");
1072 record_log(_("Access invalid").$p_action);
1076 echo '<
h2 class=
"error">
',
1077 htmlspecialchars(_("Cette action ne vous est pas autorisée Contactez votre responsable")),
1091 function check_print($p_action)
1094 $this->audit('AUDIT
', $p_action);
1095 if ($this->Admin()==1)
1098 $res=$this->db->get_value("select count(*) from profile_menu
1099 join profile_user using (p_id)
1100 where user_name=$1 and me_code=$2 ", array($this->login, $p_action));
1111 function can_print($p_action, $p_js=0)
1113 if ($this->check_print($p_action)==0)
1115 $this->audit('FAIL
');
1118 echo create_script("alert_box(content[59])");
1122 echo '<div
class=
"redcontent">
';
1123 echo '<
h2 class=
"error">
',
1124 htmlspecialchars(_("Cette action ne vous est pas autorisée Contactez votre responsable")),
1144 function is_local_admin($p_dossier=-1)
1155 function get_available_repository($p_access='R
')
1157 $profile=$this->get_profile();
1161 $r=$this->db->get_array("select distinct u.r_id,r_name
1163 profile_sec_repository as u
1164 join stock_repository as s on(u.r_id=s.r_id)
1169 ", array($profile));
1173 $r=$this->db->get_array("select distinct u.r_id,r_name
1175 profile_sec_repository as u
1176 join stock_repository as s on(u.r_id=s.r_id)
1179 ", array($profile));
1202 static function get_list($p_dossier,
1203 $db_repository = null
1206 $sql="select distinct use_id,use_login,use_first_name,use_name from ac_users
1207 left outer join jnt_use_dos using (use_id)
1209 (dos_id=$1 and use_active=1) or (use_active=1 and use_admin=1)
1210 order by use_login,use_name";
1212 // connect to the repository
1213 if ( $db_repository == null ) {
1214 $repo_cnx=new Database(0);
1216 $repo_cnx=$db_repository;
1218 $array=$repo_cnx->get_array($sql, array($p_dossier));
1219 if ($repo_cnx->size()==0)
1221 throw new \Exception('noalyss_user.get_list error inaccessible folders
',1186);
1237 function check_jrn($p_jrn)
1239 return $this->get_ledger_access($p_jrn);
1253 function check_dossier($p_dossier_id, $silent=false)
1256 if ($this->admin==1||$this->is_local_admin($p_dossier_id)==1)
1260 $dossier=$this->repository->get_value("select 'R
' from jnt_use_dos where dos_id=$1 and use_id=$2",
1261 array($p_dossier_id, $this->id));
1262 $dossier=($dossier=='')?'X
':$dossier;
1265 $this->audit('FAIL
', "Access folder ");
1268 alert(_('Dossier non accessible
'));
1279 function get_limit_current_exercice()
1281 $current_exercice=$this->get_exercice();
1282 $periode=new Periode($this->db);
1283 list($per_start, $per_end)=$periode->get_limit($current_exercice);
1284 $start=$per_start->first_day();
1285 $end=$per_end->last_day();
1286 return array($start, $end);
1298 function show_dossier($p_filtre="")
1300 $p_array=$this->get_available_folder($p_filtre);
1304 $result.="<TABLE id=\"folder\" class=\"result\">";
1313 $result.=_("Description");
1319 $result.='<
td style=
"width:auto" colspan=3>
';
1320 $result.=_("Aucun dossier disponible");
1326 for ($i=0; $i<sizeof($p_array); $i++)
1329 $id=$p_array[$i]['dos_id
'];
1330 $name=$p_array[$i]['dos_name
'];
1331 $desc=$p_array[$i]['dos_description
'];
1336 $target="do.php?gDossier=$id";
1338 $result.="<TR class=\"$tr\">";
1340 $result.=td($id, ' class=
"num" ');
1341 $result.="<TD class=\"$tr\">";
1342 $result.="<A class=\"dossier\" HREF=\"$target\">";
1343 $result.=" <B>".h($name)."</B>";
1346 $desc=($desc=="")?"<i>Aucune description</i>":h($desc);
1347 $desc="<A class=\"dossier\" HREF=\"$target\">$desc</A>";
1348 $result.="<TD class=\"$tr\" >".$desc;
1352 $result.="</TABLE>";
1367 function get_available_folder($p_filter="")
1369 $cn=$this->repository;
1371 if ($this->admin==0)
1373 // show only available folders
1374 // if user is not an admin
1375 $Res=$this->repository->exec_sql("select
1376 distinct dos_id,dos_name,dos_description
1378 natural join jnt_use_dos
1379 natural join ac_dossier
1383 and ( dos_name ilike '%
' || $2 || '%
' or dos_description ilike '%
' || $2 || '%
' )
1384 order by dos_name", array($this->login, $p_filter));
1388 $Res=$this->repository->exec_sql("select
1389 distinct dos_id,dos_name,dos_description from ac_dossier
1391 dos_name ilike '%
' || $1|| '%
' or dos_description ilike '%
' || $1 || '%
'
1392 order by dos_name", array($p_filter));
1395 $max=Database::num_row($Res);
1399 for ($i=0; $i<$max; $i++)
1401 $array[]=Database::fetch_array($Res, $i);
1413 static function audit_admin($p_module,$db_repository=null)
1415 // connect to the repository
1416 if ( $db_repository == null ) {
1417 $repo_cnx=new Database(0);
1419 $repo_cnx=$db_repository;
1421 $sql="insert into audit_connect (ac_user,ac_ip,ac_module,ac_url,ac_state) values ($1,$2,$3,$4,$5)";
1423 $repo_cnx->exec_sql($sql,
1425 $_SESSION[SESSION_KEY.'g_user
'],
1426 $_SERVER["REMOTE_ADDR"],
1428 $_SERVER['REQUEST_URI
'],
1432 function audit($action='AUDIT
', $p_module="")
1435 $http=new \HttpInput();
1438 if ($p_module==""&&isset($_REQUEST['ac
']))
1440 $p_module=$_REQUEST['ac
'];
1442 $dossier=$http->request("gDossier","string",0);
1444 $p_module.=" dossier : ".$dossier;
1446 $sql="insert into audit_connect (ac_user,ac_ip,ac_module,ac_url,ac_state) values ($1,$2,$3,$4,$5)";
1448 $this->repository->exec_sql($sql,
1450 $_SESSION[SESSION_KEY.'g_user
'],
1451 $_SERVER["REMOTE_ADDR"],
1453 $_SERVER['REQUEST_URI
'],
1458 function save_profile($p_id)
1460 $count=$this->db->get_value("select count(*) from profile_user where user_name=$1", array($this->login));
1463 $this->db->exec_sql("insert into profile_user(p_id,user_name)
1464 values ($1,$2)", array($p_id, $this->login));
1468 $this->db->exec_sql("update profile_user set p_id=$1 where user_name=$2", array($p_id, $this->login));
1476 function get_profile()
1478 $profile=$this->db->get_value("select p_id from profile_user where
1479 lower(user_name)=lower($1) ", array($this->login));
1491 function sql_writable_profile()
1493 if ($this->admin!=1)
1495 $sql=" (select p_granted "
1496 ." from user_sec_action_profile "
1497 ." where ua_right in ('W
','O
') and p_id=".$this->get_profile().") ";
1501 $sql="(select p_id p_granted from profile)";
1509 function get_writable_profile()
1511 $value=$this->db->get_array("select p_granted from ".$this->sql_writable_profile()." as m") ;
1512 $aGranted=array_column($value,"p_granted");
1519 function get_readable_profile()
1521 $value=$this->db->get_array("select p_granted from ".$this->sql_readable_profile()." as m") ;
1522 $aGranted=array_column($value,"p_granted");
1532 function sql_readable_profile()
1534 if ($this->admin!=1)
1536 $sql=" (select p_granted "
1537 ." from user_sec_action_profile "
1538 ." where ua_right in ('W
','R
','O
') and p_id=".$this->get_profile().") ";
1542 $sql="(select p_id p_granted from profile)";
1553 function can_add_action($p_profile)
1556 $r=$this->db->get_value(' select count(*)
1557 from user_sec_action_profile
1559 and
p_id=$1
', array($this->get_profile(), $p_profile));
1572 function can_write_action($dtoc)
1574 if ($this->Admin()==1)
1576 if ($this->get_status_security_action()==0)
1578 $profile=$this->get_profile();
1579 $r=$this->db->get_value(" select count(*) from action_gestion where ag_id=$1 and ag_dest in
1580 (select p_granted from user_sec_action_profile where ua_right in ('W
','O
') and p_id=$2) ", array($dtoc, $profile));
1591 function can_delete_action($dtoc)
1593 if ($this->Admin()==1)
1595 if ($this->get_status_security_action()==0)
1597 $profile=$this->get_profile();
1598 $r=$this->db->get_value(" select count(*) from action_gestion where ag_id=$1 and ag_dest in
1599 (select p_granted from user_sec_action_profile where ua_right='W
' and p_id=$2) ", array($dtoc, $profile));
1610 function can_read_action($dtoc)
1612 if ($this->Admin()==1)
1614 $profile=$this->get_profile();
1615 $r=$this->db->get_value(" select count(*) from action_gestion where ag_id=$1 and (ag_dest in
1616 (select p_granted from user_sec_action_profile where p_id=$2) or ag_owner=$3)",
1617 array($dtoc, $profile, $this->login));
1628 function can_write_repo($p_repo)
1630 if ($this->Admin()==1)
1632 $profile=$this->get_profile();
1633 $r=$this->db->get_value("select count(*)
1634 from profile_sec_repository
1638 and ur_right='W
'", array($p_repo, $profile));
1649 function can_read_repo($p_repo)
1651 if ($this->Admin()==1)
1653 $profile=$this->get_profile();
1654 $r=$this->db->get_value("select count(*)
1655 from profile_sec_repository
1659 ", array($p_repo, $profile));
1667 function password_to_session()
1669 $_SESSION[SESSION_KEY.'g_pass
']=$this->getPassword();
1678 function save_password($p_pass1, $p_pass2)
1680 if ($p_pass1==$p_pass2 && count(check_password_strength($p_pass1)['msg
'])==0)
1683 $l_pass=md5($p_pass1);
1684 $this->setPassword($l_pass);
1685 $this->repository->exec_sql("update ac_users set use_pass=$1 where use_login=$2",
1686 array($l_pass, $this->login));
1700 function save_email($p_email)
1702 $this->repository->exec_sql("update ac_users set use_email=$1 where use_login=$2",
1703 array($p_email, $_SESSION[SESSION_KEY.'g_user
']));
1716 static function revoke_access($p_login, $p_dossier,$db_repository=null)
1718 // connect to the repository
1719 if ( $db_repository == null ) {
1720 $repo_cnx=new Database(0);
1722 $repo_cnx=$db_repository;
1725 // Retrieve the user
1726 $user=$repo_cnx->get_array('select use_id,use_login
from ac_users where use_login=$1
', array($p_login));
1730 // remove him from jnt_use_dos
1731 $repo_cnx->exec_sql("delete from jnt_use_dos WHERE use_id=$1 and dos_id=$2",
1732 array($user[0]['use_id
'], $p_dossier));
1734 // Remove user from user's dossier
1735 $cn_dossier=
new Database($p_dossier);
1736 $cn_dossier->exec_sql(
"delete from profile_user where user_name=$1", array($p_login));
1737 $cn_dossier->exec_sql(
"delete from user_sec_act where ua_login=$1", array($p_login));
1750 if ( $db_repository ==
null ) {
1753 $repo_cnx=$db_repository;
1755 $user=$repo_cnx->get_array(
"select use_id,use_login
1757 where use_login=$1", array($p_login));
1761 $cn_dossier=
new Database($p_dossier);
1764 $repo_cnx->get_value(
"select count(*) from jnt_use_dos where use_id=$1 and dos_id=$2",
1765 array(
$user[0][
'use_id'], $p_dossier))==0
1768 $repo_cnx->exec_sql(
"insert into jnt_use_dos(use_id,dos_id) values ($1,$2)",
1769 array(
$user[0][
'use_id'], $p_dossier));
1772 if ($cn_dossier->get_value(
"select count(*) from profile_user where user_name=$1", array(
$user[0][
'use_login']))==0)
1774 $cn_dossier->exec_sql(
'insert into profile_user(user_name,p_id) values($1,1)', array(
$user[0][
'use_login']));
1777 $cn_dossier->exec_sql(
"delete from user_sec_act where ua_login=$1", array($p_login));
1779 $cn_dossier->exec_sql(
"insert into user_sec_act (ua_login,ua_act_id)"
1780 .
" select $1 ,ac_id from action ", array($p_login));
1782 $cn_dossier->exec_sql(
"delete from user_sec_jrn where uj_login=$1", array($p_login));
1783 $cn_dossier->exec_sql(
"insert into user_sec_jrn(uj_login,uj_jrn_id,uj_priv)"
1784 .
" select $1,jrn_def_id,'W' from jrn_def", array($p_login));
1796 if ( $db_repository ==
null ) {
1799 $cnx_repo=$db_repository;
1801 $name=$cnx_repo->format_name($p_dossier,
'dos');
1802 if ($cnx_repo->exist_database(
$name)==0)
1804 $cnx_dossier=
new Database($p_dossier);
1805 if ($cnx_dossier->exist_table(
'profile_user'))
1806 $a_user=$cnx_dossier->get_array(
'select user_name from profile_user');
1815 if ($cnx_repo->get_value(
'select count(*) from ac_users where use_login=$1', array($a_user[
$i][
'user_name']))==0)
1817 if ($cnx_dossier->exist_table(
'user_sec_jrn'))
1818 $cnx_dossier->exec_sql(
"delete from user_sec_jrn where uj_login=$1", array($a_user[
$i][
'user_name']));
1819 $cnx_dossier->exec_sql(
"delete from profile_user where user_name=$1", array($a_user[
$i][
'user_name']));
1820 if ($cnx_dossier->exist_table(
'user_sec_act'))
1821 $cnx_dossier->exec_sql(
"delete from user_sec_act where ua_login=$1", array($a_user[
$i][
'user_name']));
1822 if ($cnx_dossier->exist_table(
'user_sec_jrn'))
1823 $cnx_dossier->exec_sql(
"delete from user_sec_jrn where uj_login=$1", array($a_user[
$i][
'user_name']));
1824 if ($cnx_dossier->exist_table(
'user_active_security'))
1825 $cnx_dossier->exec_sql(
"delete from user_active_security where us_login=$1",
1826 array($a_user[
$i][
'user_name']));
1838 $security=$this->
db->get_value(
"select us_ledger from user_active_security
1840 us_login=$1", [$this->login]);
1841 $n_security=($security==
"Y")?1:0;
1852 if ($p_value!=0&&$p_value!=1)
1853 throw new Exception(
_(
"Valeur invalide"));
1854 $exist=$this->
db->get_value(
"select count(*) from user_active_security where us_login=$1", [$this->login]);
1855 $flag=($p_value==1)?
"Y":
"N";
1858 $this->
db->exec_sql(
"insert into user_active_security (us_login,us_ledger,us_action) values ($1,$2,$3)",
1859 [$this->login,
$flag,
'Y']);
1863 $this->
db->exec_sql(
"update user_active_security set us_ledger=$1 where us_login = $2",
1864 [
$flag, $this->login]);
1874 $security=$this->
db->get_value(
"select us_action from user_active_security
1876 us_login=$1", [$this->login]);
1877 $n_security=($security==
"Y")?1:0;
1888 if ($p_value!=0&&$p_value!=1)
1889 throw new Exception(
_(
"Valeur invalide"));
1890 $exist=$this->
db->get_value(
"select count(*) from user_active_security where us_login=$1", [$this->login]);
1891 $flag=($p_value==1)?
"Y":
"N";
1894 $this->
db->exec_sql(
"insert into user_active_security (us_login,us_action,us_ledger) values ($1,$2,$3)",
1895 [$this->login,
$flag,
'Y']);
1899 $this->
db->exec_sql(
"update user_active_security set us_action=$1 where us_login = $2",
1900 [
$flag, $this->login]);
1911 $result=$this->repository->get_value(
"select parameter_value from user_global_pref where parameter_type=$1 and user_id=$2 ",
1912 array(
"first_week_day", $this->login));
1913 if ($this->repository->count()==0)
1926 $aSession=$_SESSION;
1927 foreach($aSession as $key =>
$value) {
1928 if(DEBUGNOALYSS>1) { echo
"[$key]=>[$value]";}
1930 if ( strpos($key,SESSION_KEY) === 0) {
1931 unset($_SESSION[$key]);
1932 if(DEBUGNOALYSS>1) { echo
"=> [$key] cleaned";}
1947 $result=$this->repository->get_value(
"select parameter_value from user_global_pref where parameter_type=$1 and user_id=$2 ",
1948 array(
"vat_code", $this->login));
1949 if ($this->repository->count()==0)
1961 $otp=new \Noalyss\OTP();
1962 $this->otp_secret=$otp->build_secret();
1971 return $this->authent_method;
1975 return $this->otp_secret;
1990 $_SESSION[SESSION_KEY.
"db_auth"]=
'ok';
1998 if ( $this->authent_method == 0 )
2000 $_SESSION[SESSION_KEY.
"db_auth"]=
'ok';
2003 if ( ! isset($_SESSION[SESSION_KEY.
"db_auth"])) {
2006 if ($_SESSION[SESSION_KEY.
"db_auth"] ==
"ok") {
2019 if ( $this->authent_method !=1 ) {
return false; }
2020 $mail=new \Sendmail();
2021 $mail->set_format(
"HTML");
2022 $mail->set_from(ADMIN_WEB);
2024 $mail->set_subject(
_(
"NOALYSS : votre code secret "));
2028 if ( strlen(trim($this->otp_secret??
"")) == 0 ) {
2029 throw new \Exception(
"noalyss_user.send_code_otp:secret empty",1945);
2031 $otp=new \Noalyss\OTP();
2032 $code=$otp->compute_code($this->otp_secret);
2036 <p>Voici votre code secret utilisable pendant 10 minutes pour NOALYSS : <b> $code</b> .
2040 Merci d'utiliser NOALYSS
2053 <i> Si cet email est dans vos spams, ajoutez l'expéditeur dans votre carnet d'adresse</i>
2059 $this->repository->exec_sql(
"delete from otp_send_secret where use_id=$1 and os_code is not null"
2062 $this->repository->exec_sql(
"delete from otp_send_secret where os_valid_time < now()");
2063 $now=new \DateTime();
2065 $valid->modify(
'+10 minutes');
2068 $otp_send_secret->set(
"use_id",$this->
id)
2069 ->set(
'os_request',$uuid)
2070 ->set(
"os_code",
$code)
2071 ->set(
'os_valid_time',
$valid->format(
'd.m.Y H:i:s'));
2072 $otp_send_secret->save();
2077 }
catch (Exception
$ex) {
2079 throw new \Exception(
"noalyss_user.send_code_otp",1963,
$ex);
2088 $mail = new \Sendmail();
2089 $mail->set_format(
"HTML");
2090 $mail->set_from(ADMIN_WEB);
2092 $mail->set_subject(
_(
"NOALYSS : Double authentification lien pour 2FA: OTP"));
2095 $valid_time=new \DateTime();
2096 $valid_time->add(
new \DateInterval(
'PT12H'));
2097 $str_time=$valid_time->format(
'd-m-Y H:i');
2103 Afin de pouvoir utiliser la double authentification avec 2FA: OTP, pourriez-vous
2104 suivre ce lien et scanner le QRCode avec votre application android freeOTP ou Google Authenticator.
2106 <p>Ce lien expirera le <b>{$str_time}</b>.
2111 <a href=\"{$noalyss_url}/index.php?otp={$uuid}\">{$noalyss_url}/index.php?otp={$uuid}</a>
2116 Merci d'utiliser NOALYSS
2123 <i> Si cet email est dans vos spams, ajoutez l'expéditeur dans votre carnet d'adresse</i>
2129 $this->repository->exec_sql(
"delete from otp_send_secret where use_id=$1 and os_code is null"
2132 $this->repository->exec_sql(
"delete from otp_send_secret where os_valid_time < now()");
2134 $otp_send_secret_sql = new \Otp_Send_Secret_SQL($this->repository);
2135 $otp_send_secret_sql->set(
'use_id', $this->
id)
2136 ->set(
'os_valid_time',$valid_time->format(
'd-m-Y H:i'))
2137 ->set(
'os_request', $uuid);
2139 $otp_send_secret_sql->save();
2144 }
catch (Exception
$ex) {
2146 throw new \Exception(
"noalyss_user.send_link_otp",1998,
$ex);
2155 require_once NOALYSS_TEMPLATE.
"/noalyss_user-input_otp.php" ;
2163 $otp=new \Noalyss\OTP();
2165 if ( $otp->compute_code($this->otp_secret) ==
$code ) {
h2($p_string, $p_class="", $raw="")
guidv4($data=null)
generate an UUID
record_log($p_message)
Record an error message into the log file of the server or in the log folder of NOALYSS Record also t...
td($p_string='', $p_extra='')
surround the string with td
catch(Exception $exc) if(! $g_user->can_write_action($ag_id)) $r
if(!headers_sent())
– pour utiliser unoconv démarrer un server libreoffice commande libreoffice –headless –accept="socket...
_("actif, passif,charge,...")
static escape_string($p_string)
wrapper for the function pg_escape_string
static fetch_array($ret, $p_indice=0, $p_mode=PGSQL_ASSOC)
wrapper for the function pg_fetch_array
static num_row($ret)
wrapper for the function pg_num_rows
contains the class for connecting to Noalyss
manage the current dossier, everywhere we need to know to which folder we are connected,...
Data & function about connected users.
set_repository(Database $repository)
set the repository
generate_otp()
generate OTP secret to store in AC_USER.USE_OTP_SECRET
get_vat_code_preference()
Get preference , either the user see the numeric id for VAT or its code, if the preference doesn't ex...
is_double_identified()
check is the double authentication has been successful
set_status_security_ledger($p_value)
Set the flag in the table user_active_security.
get_access_mode()
access_mode tells what mode must be used : pc or mobile
get_status_security_action()
Check the security on ledger for the user , it returns 1 if the security on ledgers is enabled,...
$id
in account_repository , ac_users.use_id
set_status_security_action($p_value)
Set the flag in the table user_active_security.
get_status_security_ledger()
Check the security on ledger for the user , it returns 1 if the security on ledgers is enabled,...
static grant_admin_access($p_login, $p_dossier, $db_repository=null)
Grant access to folder, grant administrator profile , all the ledgers and all the action.
set_authent_method($authent_method)
set_session_var()
put user_login into Postgres config (session), it can be used for tracking users activities
$active
1 active , 0 disables
get_first_week_day()
first day in calendar
get_repository()
get the repository
get_authent_method()
retrieve authent_method
$last_name
user's last_name
$password
md5 of the password
$access_mode
MOBILE or PC depending if when connecting $login contains @mobile.
Check($silent=false, $from='')
Check if user is active and exists in therepository Automatically redirect, it doesn't check if a use...
$authent_method
authentication method use for this user
$db
database connx to the folder NOT repository
__construct($p_cn, $p_id=-1, $repository=null)
Create an user , load an existing one or if p_id == -1 search for the connected user.
send_link_otp($base_url=null)
send an email with link to the user
load_global_pref()
Get the global preferences from user_global_pref in the account_repository db.
save_global_preference($key, $value)
Save the preference , the scope is global, the settings are saved into account_repository.
set_otp_secret($otp_secret)
static clean_session()
clean the sessions
send_code_otp()
send a code to the user and save the expected code + UUID in a table OTP_SEND_SECRET
set_access_mode($access_mode)
access_mode tells what mode must be used : pc or mobile
check_otp($code)
check that the OTP code is the one on smartphone returns false if the given does not match the OTP
input_otp($uuid="", $url="")
FORM to enter the 6 digit enter by OTP.
can_connect()
check the password and user
static remove_inexistant_user($p_dossier, $db_repository=null)
cleansing : remove inexistant user
connect_user()
connect the user and set the $_SESSION variables if not set thanks the $_REQUEST
setFirstName($first_name)
$repository
account_repository (\Database )
$otp_secret
string use as secret for OTP
abstract of the table public.otp_send_secret
for($e=0; $e< count($afiche); $e++) exit
if(count($exist_request)> 1) $mail
redirect( $p_string, $p_time=0)
redirect with javascript
1.13.2