noalyss Version-9
NOALYSS : serveur de comptabilité et ERP (2002)
Loading...
Searching...
No Matches
noalyss_user.class.php
Go to the documentation of this file.
1<?php
2
3/*
4 * This file is part of NOALYSS.
5 *
6 * NOALYSS is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
10 *
11 * NOALYSS is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License
17 * along with NOALYSS; if not, write to the Free Software
18 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
19 */
20// Copyright Author Dany De Bontridder danydb@aevalys.eu
21/**
22 * @file
23 * @brief Data & function about connected users
24 */
25/**
26 * @brief Data & function about connected users
27 *
28 */
29require_once NOALYSS_INCLUDE.'/constant.php';
30require_once NOALYSS_INCLUDE.'/lib/user_common.php';
31require_once NOALYSS_INCLUDE.'/lib/ac_common.php';
32
34{
35
36 var $id; //!< in account_repository , ac_users.use_id
37
38 var $db; //!< database connx to the folder NOT repository
39 var $admin; //!< is or is not admin
40 var $valid; //!< is or is not valid
42 var $last_name ; //!< user's last_name
43 var $name;
44 var $active; //!< 1 active , 0 disables
45 var $login; //!< login lower case
46 var $password; //!< md5 of the password
47 var $email; //!< user's email
48 var $access_mode; //!< MOBILE or PC depending if when connecting $login contains @mobile
49 var $lang ; //!< user's language
50 var $theme ; //!< user's CSS Theme
51
52 /**
53 * @brief Create an user , load an existing one or if p_id == -1 search for the connected user. To have an empty
54 * user, give a p_id smaller than -1 or zero.
55 *
56 * @param $p_cn DatabaseCore connection
57 * @param $p_id if -1 then load the current user, > 0 load the user , = 0 (or < -1 ) means an empty user
58 */
59 function __construct($p_cn, $p_id=-1)
60 {
61 $this->db=$p_cn;
62 // if p_id is not set then check the connected user
63 if ($p_id==-1)
64 {
65 $this->connect_user();
66 $this->set_session_var();
67 }
68 else // if p_id is set get data of another user
69 {
70 $this->id=$p_id;
71 $this->load();
72 }
73 }
74
75 /**
76 * @brief put user_login into Postgres config (session), it can be used for tracking users activities
77 * @return void
78 */
79 public function set_session_var()
80 {
81 $this->db->exec_sql(sprintf("select set_config('noalyss.user_login','%s',false)",
82 Database::escape_string($_SESSION[SESSION_KEY.'g_user'])));
83
84 }
85 public function __toString(): string
86 {
87 return "User ".print_r($this,true);
88 }
89 /**
90 * @brief check the password and user
91 */
92 function can_connect()
93 {
94 $cn=new \Database();
95 $can_connect=$cn->get_value("select count(*) from ac_users
96 where use_active=1 and
97 use_login=$1 and use_pass=$2",
98 [$this->login,$this->password]);
99 return $can_connect;
100 }
101 /**
102 * @brief connect the user and set the $_SESSION variables if not set thanks the $_REQUEST
103 */
104 private function connect_user()
105 {
106 if (!isset($_SESSION[SESSION_KEY.'g_user']))
107 {
108 $http=new \HttpInput();
109 $user_login=$http->request("p_user", "string", "");
110 $user_password=$http->request("p_pass", "string", "");
111
112 if ($user_login!=""&&$user_password!="")
113 {
114 $_SESSION[SESSION_KEY."g_user"]=$user_login;
115 $_SESSION[SESSION_KEY."g_pass"]=md5($user_password);
116 }
117 else
118 {
119 echo '<h2 class="error">'._('Session expirée<br>Utilisateur déconnecté').'</h2>';
120 redirect('index.php', 1);
121 exit();
122 }
123
124
125 if (strpos($user_login, '@mobile')!=false)
126 {
127 $this->access_mode='MOBILE';
128 $this->login=str_ireplace("@mobile", "", $user_login);
129 }
130 else
131 {
132 $this->access_mode='PC';
133 $this->login=strtolower($user_login);
134 }
135
136 $_SESSION[SESSION_KEY."access_mode"]=$this->access_mode;
137 $_SESSION[SESSION_KEY.'g_user']=$this->login;
138 }
139 $this->login=$_SESSION[SESSION_KEY."g_user"];
140 $this->password=$_SESSION[SESSION_KEY.'g_pass'];
141
142 $this->id=-1;
143 $this->lang=(isset($_SESSION[SESSION_KEY.'g_lang']))?$_SESSION[SESSION_KEY.'g_lang']:'fr_FR.utf8';
144 $this->access_mode=$_SESSION[SESSION_KEY."access_mode"];
145 $cn=new Database();
146
147 // share user login with the repository
148 $cn->exec_sql(sprintf("select set_config('noalyss.user_login','%s',false)",
149 Database::escape_string($_SESSION[SESSION_KEY.'g_user'])));
150
151 if ($this->can_connect() == 0 || $this->load()==-1 )
152 {
153 echo '<h2 class="error">'._('Utilisateur ou mot de passe incorrect').'</h2>';
154 $sql="insert into audit_connect (ac_user,ac_ip,ac_module,ac_url,ac_state) values ($1,$2,$3,$4,$5)";
155 $cn->exec_sql($sql,
156 array($_SESSION[SESSION_KEY.'g_user'], $_SERVER["REMOTE_ADDR"], "DISCON",
157 $_SERVER['REQUEST_URI'], 'FAIL'));
158 $this->clean_session();
159 redirect('logout.php', 1);
160 exit();
161 }
162
163 $this->load_global_pref();
164
165 $_SESSION[SESSION_KEY.'g_lang']=$this->lang;
166 $this->valid=(isset($_SESSION[SESSION_KEY.'isValid']))?1:0;
167 if (isset($_SESSION[SESSION_KEY.'g_theme']))
168 {
169 $this->theme=$_SESSION[SESSION_KEY.'g_theme'];
170 }
171 $_SESSION[SESSION_KEY.'use_admin']=$this->admin;
172 $_SESSION[SESSION_KEY.'use_name']=$this->name;
173 $_SESSION[SESSION_KEY.'use_first_name']=$this->first_name;
174 }
175
176 /**
177 * @brief access_mode tells what mode must be used : pc or mobile
178 */
179 public function get_access_mode()
180 {
181 return $this->access_mode;
182 }
183
184 /**
185 * @brief access_mode tells what mode must be used : pc or mobile
186 */
187 public function set_access_mode($access_mode): object
188 {
189 $this->access_mode=$access_mode;
190 return $this;
191 }
192
193 /**
194 * @return int|mixed
195 */
196 public function getId(): int
197 {
198 return $this->id;
199 }
200
201 /**
202 * @param int|mixed $id
203 */
204 public function setId(int $id): void
205 {
206 $this->id=$id;
207 }
208
209 /**
210 * @return mixed
211 */
212 public function getDb()
213 {
214 return $this->db;
215 }
216
217 /**
218 * @param mixed $db
219 */
220 public function setDb($db): void
221 {
222 $this->db=$db;
223 }
224
225 /**
226 * @return default|int|mixed|string|string[]|null
227 */
228 public function getAdmin()
229 {
230 return $this->admin;
231 }
232
233 /**
234 * @param default|int|mixed|string|string[]|null $admin
235 */
236 public function setAdmin($admin): void
237 {
238 $this->admin=$admin;
239 }
240
241 /**
242 * @return int
243 */
244 public function getValid(): int
245 {
246 return $this->valid;
247 }
248
249 /**
250 * @param int $valid
251 */
252 public function setValid(int $valid): void
253 {
254 $this->valid=$valid;
255 }
256
257 /**
258 * @return default|mixed|string|string[]|null
259 */
260 public function getFirstName()
261 {
262 return $this->first_name;
263 }
264
265 /**
266 * @param default|mixed|string|string[]|null $first_name
267 */
268 public function setFirstName($first_name): void
269 {
270 $this->first_name=$first_name;
271 }
272
273 /**
274 * @return default|mixed|string|string[]|null
275 */
276 public function getName()
277 {
278 return $this->name;
279 }
280
281 /**
282 * @param default|mixed|string|string[]|null $name
283 */
284 public function setName($name): void
285 {
286 $this->name=$name;
287 }
288
289 /**
290 * @return mixed
291 */
292 public function getActive()
293 {
294 return $this->active;
295 }
296
297 /**
298 * @param mixed $active
299 */
300 public function setActive($active): void
301 {
302 $this->active=$active;
303 }
304
305 /**
306 * @return string
307 */
308 public function getLogin(): string
309 {
310 return $this->login;
311 }
312
313 /**
314 * @param string $login
315 */
316 public function setLogin(string $login): void
317 {
318 $this->login=$login;
319 }
320
321 /**
322 * @return mixed
323 */
324 public function getPassword()
325 {
326 return $this->password;
327 }
328
329 /**
330 * @param mixed $password
331 */
332 public function setPassword($password): void
333 {
334 $this->password=$password;
335 }
336
337 /**
338 * @return mixed
339 */
340 public function getEmail()
341 {
342 return $this->email;
343 }
344
345 /**
346 * @param mixed $email
347 */
348 public function setEmail($email): void
349 {
350 $this->email=$email;
351 }
352
353 /* * \brief load data from database.
354 * if this->id == -1, it is unknown so we have to retrieve it
355 from the database by the login
356 * return -1 if nothing is found or the use_id
357 */
358
359 function load():int
360 {
361 /* if this->id == -1, it is unknown so we have to retrieve it from
362 the database thanks it login */
363 if ($this->id<0)
364 {
365 $sql_cond=" where lower(use_login)=lower($1)";
366 $sql_array=array($this->login);
367 }
368 else
369 {
370 $sql_cond=" where use_id=$1";
371 $sql_array=array($this->id);
372 }
373 $sql="select use_id,
374 use_first_name,
375 use_name,
376 use_login,
377 use_active,
378 use_admin,
379 use_pass,
380 use_email
381 from ac_users ";
382 $cn=new Database();
383 $Res=$cn->exec_sql($sql.$sql_cond, $sql_array);
384 if (($Max=Database::num_row($Res))==0)
385 return -1;
387 $this->id=$row['use_id'];
388 $this->first_name=$row['use_first_name'];
389 $this->last_name=$row['use_name'];
390 $this->name=$row['use_name'];
391 $this->active=$row['use_active'];
392 $this->login=strtolower($row['use_login']);
393 $this->admin=$row['use_admin'];
394 $this->password=$row['use_pass'];
395 $this->email=$row['use_email'];
396 return $this->id;
397 }
398
399 function save()
400 {
401
402 $Sql="update ac_users set use_first_name=$1, use_name=$2
403 ,use_active=$3,use_admin=$4,use_pass=$5 ,use_email = $7 where use_id=$6";
404 $cn=new Database();
405 $Res=$cn->exec_sql($Sql,
406 array($this->first_name, $this->last_name, $this->active, $this->admin, $this->password,
407 $this->id, $this->email));
408 }
409
410 function insert()
411 {
412
413 $Sql="INSERT INTO ac_users(
414 use_first_name, use_name, use_login, use_active,
415 use_admin, use_pass, use_email)
416 VALUES ($1, $2, $3, $4, $5, $6, $7) returning use_id";
417
418 $cn=new Database();
419 $this->id=$cn->get_value($Sql,
420 array($this->first_name, $this->last_name, $this->login, 1, $this->admin,
421 $this->password, $this->email));
422 }
423
424 /**
425 * \brief Check if user is active and exists in therepository
426 * Automatically redirect, it doesn't check if a user can access a folder
427 * \param $silent false, echo an error message and exit, true : exit without warning
428 * default is false
429 *
430 ++ */
431 function Check($silent=false, $from='')
432 {
433
434 $res=0;
435 $pass5=$this->password;
436
437 $cn=new Database();
438 $sql="select ac_users.use_login,ac_users.use_active, ac_users.use_pass,
439 use_admin,use_first_name,use_name
440 from ac_users
441 where ac_users.use_id=$1
442 and ac_users.use_active=1
443 and ac_users.use_pass=$2";
444 $ret=$cn->exec_sql($sql, array($this->id, $pass5));
446 if ($res>0)
447 {
449 $_SESSION[SESSION_KEY.'use_admin']=$r['use_admin'];
450 $_SESSION[SESSION_KEY.'use_name']=$r['use_name'];
451 $_SESSION[SESSION_KEY.'use_first_name']=$r['use_first_name'];
452 $_SESSION[SESSION_KEY.'isValid']=1;
453
454 $this->admin=$_SESSION[SESSION_KEY.'use_admin'];
455 $this->name=$_SESSION[SESSION_KEY.'use_name'];
456 $this->first_name=$_SESSION[SESSION_KEY.'use_first_name'];
457 $this->load_global_pref();
458 }
459 $sql="insert into audit_connect (ac_user,ac_ip,ac_module,ac_url,ac_state) values ($1,$2,$3,$4,$5)";
460
461 if ($res==0 || $this->can_connect() == 0)
462 {
463 $cn->exec_sql($sql,
464 array($_SESSION[SESSION_KEY.'g_user'], $_SERVER["REMOTE_ADDR"],
465 $from, $_SERVER['REQUEST_URI'], 'FAIL'));
466 if (!$silent)
467 {
468 echo '<script> alert(\''._('Utilisateur ou mot de passe incorrect').'\')</script>';
469 redirect('index.html');
470 }
471 $this->valid=0;
472 session_unset();
473 exit-1;
474 }
475 else
476 {
477 if ($from=='LOGIN' || $from=='PORTAL')
478 {
479 $cn->exec_sql($sql,
480 array($_SESSION[SESSION_KEY.'g_user'], $_SERVER["REMOTE_ADDR"], $from,
481 $_SERVER['REQUEST_URI'], 'SUCCESS'));
482 }
483 $this->valid=1;
484 }
485
486 return $ret;
487 }
488
489 /**
490 * \brief return the access to a folder,
491 * \param $p_dossier id if it is == 0 then we take the value from $_SESSION
492 * \return the priv_priv
493 * - X no access
494 * - R has access (normal user)
495
496 *
497 */
498 function get_folder_access($p_dossier=0)
499 {
500
501 if ($p_dossier==0)
502 $p_dossier=dossier::id();
503 if ($this->admin==1)
504 return 'R';
505 $cn=new Database();
506
507 $sql="select 'R' from jnt_use_dos where use_id=$1 and dos_id=$2";
508
509 $res=$cn->get_value($sql, array($this->id, $p_dossier));
510
511 if ($cn->get_affected()==0)
512 return 'X';
513 return $res;
514 }
515
516 /**
517 * \brief save the access of a folder
518 * \param $db_id the dossier id
519 * \param $priv boolean, true then it is granted, false it is removed
520 */
521 function set_folder_access($db_id, $priv)
522 {
523
524 $cn=new Database();
525 if ($priv)
526 {
527 // the access is granted
528 $jnt=$cn->get_value("select jnt_id from jnt_use_dos where dos_id=$1 and use_id=$2", array($db_id, $this->id));
529
530 if ($cn->size()==0)
531 {
532
533 $Res=$cn->exec_sql("insert into jnt_use_dos(dos_id,use_id) values($1,$2)", array($db_id, $this->id));
534 }
535 }
536 else
537 {
538 // Access is revoked
539 $cn->exec_sql('delete from jnt_use_dos where use_id = $1 and dos_id = $2 ', array($this->id, $db_id));
540 }
541 }
542
543 /**
544 * \brief check that a user is valid and the access to the folder
545 * \param $p_ledger the ledger to check
546 * \return the priv_priv
547 * - O only predefined operation
548 * - W write
549 * - R read only
550 * - X no access
551 *
552 *
553 */
554 function get_ledger_access($p_ledger)
555 {
556 if ($this->admin==1||
557 $this->is_local_admin(dossier::id())==1||$this->get_status_security_ledger()==0)
558 return 'W';
559
560 $sql="select uj_priv from user_sec_jrn where uj_login=$1 and uj_jrn_id=$2";
561 $res=$this->db->get_value($sql, array($this->login, $p_ledger));
562
563 if ($res=='')
564 $res='X';
565 return $res;
566 }
567
568 /**
569 * \brief get all the available ledgers for the current user
570 * \param $p_type = ALL or the type of the ledger (ACH,VEN,FIN,ODS)
571 * \param $p_access =3 for Read or WRITE, 2 write, 1 for readonly
572 * \param (boolean) $all if true show also inactive
573 * \return a double array of available ledgers
574 @verbatim
575 [0] => [jrn_def_id]
576 [jrn_def_type]
577 [jrn_def_name]
578 [jrn_def_class_deb]
579 [jrn_def_class_cred]
580 [jrn_type_id]
581 [jrn_desc]
582 [uj_priv]
583 @endverbatim
584 */
585 function get_ledger($p_type='ALL', $p_access=3, $disable=TRUE)
586 {
587 $p_type=strtoupper($p_type);
588 if (!in_array($p_type, ["FIN", "ALL", "ODS", "VEN", 'ACH']))
589 {
590 record_log(sprintf("UGL1, p_type %s", $p_type));
591 throw new Exception("UGL1"._("Type incorrecte"));
592 }
593 if ($disable==TRUE)
594 {
595 $sql_enable="";
596 }
597 else
598 {
599 $sql_enable="and jrn_enable=1";
600 }
601 if ($this->admin!=1&&$this->is_local_admin()!=1&&$this->get_status_security_ledger()==1)
602 {
603 $sql_type=($p_type=='ALL')?'':"and jrn_def_type=upper('".sql_string($p_type)."')";
604 switch ($p_access)
605 {
606 case 3:
607 $sql_access=" and uj_priv!= 'X' ";
608 break;
609 case 2:
610 $sql_access=" and uj_priv = 'W' and jrn_enable=1 ";
611 break;
612
613 case 1:
614 $sql_access=" and ( uj_priv = 'R' or uj_priv='W') ";
615 break;
616 }
617
618 $sql="select jrn_def_id,jrn_def_type,jrn_def_code,
619 jrn_def_name,jrn_def_class_deb,jrn_def_class_cred,jrn_type_id,jrn_desc,uj_priv,
620 jrn_deb_max_line,jrn_cred_max_line,jrn_def_description,jrn_enable
621 from jrn_def join jrn_type on jrn_def_type=jrn_type_id
622 join user_sec_jrn on uj_jrn_id=jrn_def_id
623 where
624 uj_login='".$this->login."'".
625 $sql_type.$sql_access.$sql_enable.
626 " order by jrn_Def_name";
627 }
628 else
629 {
630 $sql_type=($p_type=='ALL')?' '.$sql_enable:"where jrn_def_type=upper('".sql_string($p_type)."') ".$sql_enable;
631 $sql="select jrn_def_id,jrn_def_type,jrn_def_code,jrn_def_name,jrn_def_class_deb,jrn_def_class_cred,jrn_deb_max_line,jrn_cred_max_line,
632 jrn_type_id,jrn_desc,'W' as uj_priv,jrn_def_description,jrn_enable
633 from jrn_def join jrn_type on jrn_def_type=jrn_type_id
634 $sql_type
635 order by jrn_Def_name";
636 }
637 $res=$this->db->exec_sql($sql);
638 if (Database::num_row($res)==0)
639 return null;
640 $array=Database::fetch_all($res);
641 return $array;
642 }
643
644 /**
645 * \brief return an sql condition for filtering the permitted ledger
646 * \param $p_type = ALL or the type of the ledger (ACH,VEN,FIN,ODS)
647 * \param $p_access =3 for READ or WRITE, 2 READ and write, 1 for readonly
648 *
649 * \return sql condition like = jrn_def_id in (...)
650 */
651 function get_ledger_sql($p_type='ALL', $p_access=3)
652 {
653 $aLedger=$this->get_ledger($p_type, $p_access);
654 if (empty($aLedger))
655 return ' jrn_def_id < 0 ';
656 $sql=" jrn_def_id in (";
657 foreach ($aLedger as $row)
658 {
659 $sql.=$row['jrn_def_id'].',';
660 }
661 $sql.='-1)';
662 return $sql;
663 }
664
665 /**
666 * @brief synomym for isAdmin,
667 * @deprecated
668 */
669 function Admin():int
670 {
671 return $this->isAdmin();
672 }
673
674 /**
675 * @brief Check if an user is an admin and check also his password
676 *
677 * @return 1 for yes 0 for no
678 */
679 function isAdmin():int
680 {
681 $this->admin=0;
682 $pass5=$this->password;
683 $sql="select count(*) from ac_users where use_login=$1
684 and use_active=1 and use_admin=1 and use_pass=$2 ";
685
686 $cn=new Database();
687 $this->admin=$cn->get_value($sql, array($this->login,$pass5));
688 return $this->admin;
689 }
690
691 /**
692 * \brief Set the selected periode in the user's preferences
693 *
694 * \param $p_periode periode
695 * \param - $p_user
696 *
697 */
698 function set_periode($p_periode)
699 {
700 $sql="update user_local_pref set parameter_value=$1 where user_id=$2 and parameter_type='PERIODE'";
701 $Res=$this->db->exec_sql($sql, [$p_periode, $this->id]);
702 }
703
704 private function set_default_periode()
705 {
706
707 /* get the first periode */
708 $sql='select min(p_id) as pid '
709 .' from parm_periode '
710 .' where p_closed = false and p_start = (select min(p_start) from parm_periode)';
711 $Res=$this->db->exec_sql($sql);
712
713 $pid=Database::fetch_result($Res, 0, 0);
714 /* if all the periode are closed, then we use the last closed period */
715 if ($pid==null)
716 {
717 $sql='select min(p_id) as pid '
718 .'from parm_periode '
719 .'where p_start = (select max(p_start) from parm_periode)';
720 $Res2=$this->db->exec_sql($sql);
721 $pid=Database::fetch_result($Res2, 0, 0);
722 if ($pid==null)
723 {
724 throw new Exception(_("Aucune période trouvéee !!!"));
725 }
726
727 $pid=Database::fetch_result($Res2, 0, 0);
728 }
729
730 $sql=sprintf("insert into user_local_pref (user_id,parameter_value,parameter_type)
731 values ('%s','%d','PERIODE')", $this->id, $pid);
732 $Res=$this->db->exec_sql($sql);
733 }
734
735 /**
736 * \brief Get the default periode from the user's preferences
737 *
738 * \return the default periode
739 *
740 *
741 */
742 function get_periode()
743 {
744
745 $array=$this->get_preference();
746 if (!isset($array['PERIODE']))
747 {
748 $this->set_default_periode();
749 $array=$this->get_preference();
750 }
751 return $array['PERIODE'];
752 }
753
754
755 /**
756 * @brief Save the preference , the scope is global, the settings are saved
757 * into account_repository
758 * @param $key THEME, LANG , PAGESIZE
759 * @param $value value of the key
760 */
761 function save_global_preference($key, $value)
762 {
763 $repo=new Database();
764 $count=$repo->get_value("select count(*)
765 from
766 user_global_pref
767 where
768 parameter_type=$1 and user_id=$2", array($key, $this->login));
769 if ($count==1)
770 {
771 $repo->exec_sql("update user_global_pref set parameter_value=$1
772 where parameter_type=$2 and user_id=$3", array($value, $key, $this->login));
773 }
774 elseif ($count==0)
775 {
776 $repo->exec_sql("insert into user_global_pref(user_id,parameter_type,parameter_value)
777 values($1,$2,$3)", array($this->login, $key, $value));
778 }
779 }
780
781 /**
782 * \brief Get the default user's preferences
783 * \return array of (parameter_type => parameter_value)
784 */
785 function get_preference()
786 {
787 $sql="select parameter_type,parameter_value from user_local_pref where user_id=$1";
788 $Res=$this->db->exec_sql($sql, array($this->id));
789 $l_array=array();
790 for ($i=0; $i<Database::num_row($Res); $i++)
791 {
792 $row=Database::fetch_array($Res, $i);
793 $type=$row['parameter_type'];
794 $l_array[$type]=$row['parameter_value'];
795 }
796 $repo=new Database();
797 $a_global_pref=$repo->get_array("select parameter_type,parameter_value from user_global_pref
798 where
799 upper(user_id) = upper($1)", [$this->login]);
800 $nb_global=count($a_global_pref);
801 for ($i=0; $i<$nb_global; $i++)
802 {
803 $idx=$a_global_pref[$i]['parameter_type'];
804 $value=$a_global_pref[$i]['parameter_value'];
805 $l_array[$idx]=$value;
806 }
807
808 return $l_array;
809 }
810 /**
811 * @brief Check if an user can access a module, return 1 if yes, otherwise 0
812 * record in audit log
813 * This function works only if user is connected to a Folder
814 * @param string $p_module menu_ref.me_code
815 * @returns 0 for FORBIDDEN, 1 for GRANTED
816 */
817 function check_module($p_module)
818 {
819 if ( $this->access_mode == "PC") {
820
821 $acc=$this->db->get_value("select count(*) from v_all_menu where p_id = $1
822 and me_code=$2", array($this->get_profile(), $p_module));
823 } elseif ($this->access_mode=="MOBILE") {
824 $acc=$this->db->get_value("select count(*) from profile_mobile where p_id=$1 and me_code=$2",
825 array($this->get_profile(), $p_module));
826 } else {
827 throw new Exception("USER:823:ACCESS_MODE INCONNU");
828 }
829 if ($acc==0)
830 {
831 $this->audit("FAIL", $p_module);
832 return 0;
833 }
834 $this->audit("SUCCESS", $p_module);
835 return 1;
836 }
837
838 /**
839 * \brief Check if an user is allowed to do an action
840 * \param p_action_id
841 * \return
842 * - 0 no priv
843 * - 1 priv granted
844 * @see constant.security.php
845 */
846 function check_action($p_action_id)
847 {
848 /* save it into the log */
849 global $audit;
850 if ($this->Admin()==1)
851 return 1;
852 if ($this->is_local_admin(dossier::id())==1)
853 return 1;
854 if ($this->get_status_security_action()==0)
855 return 1;
856 $Res=$this->db->exec_sql(
857 "select * from user_sec_act where ua_login=$1 and ua_act_id=$2", array($this->login, $p_action_id));
858 $Count=Database::num_row($Res);
859 if ($Count==0)
860 {
861 if (isset($audit)&&$audit==true)
862 {
863 $cn=new Database();
864 $sql="insert into audit_connect (ac_user,ac_ip,ac_module,ac_url,ac_state) values ($1,$2,$3,$4,$5)";
865 $cn->exec_sql($sql,
866 array($_SESSION[SESSION_KEY.'g_user'], $_SERVER["REMOTE_ADDR"], $p_action_id, $_SERVER['REQUEST_URI'],
867 'FAIL'));
868 }
869 return 0;
870 }
871 if ($Count==1)
872 return 1;
873 echo_error(_("Action invalide"));
874 record_log("User:check_action".sprintf("login %s ua_act_id %s", $this->login, $p_action_id));
875 exit();
876 }
877
878 /**
879 * \brief Get the global preferences from user_global_pref
880 * in the account_repository db
881 *
882 * \note set $SESSION[g_variable]
883 */
884 function load_global_pref()
885 {
886 $cn=new Database();
887 // Load everything in an array
888 $Res=$cn->exec_sql("select parameter_type,parameter_value from
889 user_global_pref
890 where user_id=$1", [$this->login]);
891 $Max=Database::num_row($Res);
892 if ($Max==0)
893 {
894 $this->insert_default_global_pref();
895 $this->load_global_pref();
896 return;
897 }
898 // Load value into array
899 $line=array();
900 for ($i=0; $i<$Max; $i++)
901 {
902 $row=Database::fetch_array($Res, $i);
903 $type=$row['parameter_type'];
904 $line[$type]=$row['parameter_value'];
905 }
906 // save array into g_ variable
907 $array_pref=array('g_theme'=>'THEME',
908 'g_pagesize'=>'PAGESIZE',
909 'g_topmenu'=>'TOPMENU',
910 'g_lang'=>'LANG',
911 'csv_fieldsep'=>'csv_fieldsep',
912 'csv_decimal'=>'csv_decimal',
913 'csv_encoding'=>'csv_encoding',
914 'first_week_day'=>'first_week_day');
915
916 foreach ($array_pref as $name=> $parameter)
917 {
918 if (!isset($line[$parameter]))
919 {
920 $this->insert_default_global_pref($parameter);
921 $this->load_global_pref();
922 return;
923 }
924 $_SESSION[SESSION_KEY.$name]=$line[$parameter];
925 }
926 }
927
928 /**
929 * \brief insert default pref
930 * if no parameter are given insert all the existing
931 * parameter otherwise only the requested
932 * \param $p_type parameter's type or nothing
933 * \param $p_value parameter value
934 *
935 */
936 function insert_default_global_pref($p_type="", $p_value="")
937 {
938
939 $default_parameter=array("THEME"=>"classic",
940 "PAGESIZE"=>"50",
941 'TOPMENU'=>'TEXT',
942 'LANG'=>'fr_FR.utf8',
943 'csv_fieldsep'=>'0',
944 'csv_decimal'=>'0',
945 'csv_encoding'=>'utf8',
946 'first_week_day'=>1
947 );
948 $cn=new Database();
949 $sql="insert into user_global_pref(user_id,parameter_type,parameter_value)
950 values ($1,$2,$3)";
951 if ($p_type=="")
952 {
953 foreach ($default_parameter as $name=> $value)
954 {
955 $cn->exec_sql($sql, array($this->login, $name, $value));
956 }
957 }
958 else
959 {
960 $value=($p_value=="")?$default_parameter[$p_type]:$p_value;
961 if ( $cn->get_value("select count(*) from user_global_pref where user_id=$1 and parameter_type=$2",
962 array($this->login,$p_type)) == 1)
963 {
964 $cn->exec_sql("update user_global_pref set parameter_value=$1 where user_id=$2 and parameter_type=$3",
965 array($value,$this->login,$p_type));
966 } else {
967 $cn->exec_sql($sql, array($this->login, $p_type, $value));
968 }
969 }
970 }
971
972 /**
973 * \brief update default pref
974 * if value is not given then use the default value
975 *
976 * \param $p_type parameter's type
977 * \param $p_value parameter's value value of the type
978 */
979 function update_global_pref($p_type, $p_value="")
980 {
981 $default_parameter=array("THEME"=>"classic",
982 "PAGESIZE"=>"50",
983 "LANG"=>'fr_FR.utf8',
984 'TOPMENU'=>'SELECT',
985 'csv_fieldsep'=>'0',
986 'csv_decimal'=>'0',
987 'csv_encoding'=>'utf8',
988 'first_week_day'=>1
989 );
990 $cn=new Database();
991 $Sql="update user_global_pref set parameter_value=$1
992 where parameter_type=$2 and
993 user_id=$3";
994 $value=($p_value=="")?$default_parameter[$p_type]:$p_value;
995 $cn->exec_sql($Sql, array($value, $p_type, $this->login));
996 }
997
998//end function
999 /**
1000 * \brief Return the year of current Periode
1001 * it is the parm_periode.p_exercice col
1002 * if an error occurs return 0
1003 */
1004
1005 function get_exercice()
1006 {
1007 $sql="select p_exercice from parm_periode where p_id=$1";
1008 $Ret=$this->db->exec_sql($sql,[$this->get_periode()]);
1009 if (Database::num_row($Ret)==1)
1010 {
1011 $r=Database::fetch_array($Ret, 0);
1012 return $r['p_exercice'];
1013 }
1014 else
1015 return 0;
1016 }
1017
1018 /**
1019 * \brief Check if the user can access
1020 * otherwise warn and exit
1021 * \param $p_action requested action
1022 * \param $p_js = 1 javascript, or 0 just a text or 2 to log it silently
1023 * \return nothing the program exits automatically
1024 */
1025
1026 function can_request($p_action, $p_js=0)
1027 {
1028 if ($this->check_action($p_action)==0)
1029 {
1030 $this->audit('FAIL');
1031 if ($p_js==1)
1032 {
1033 echo create_script("alert_box(content[59])");
1034 }
1035 elseif ($p_js==2)
1036 {
1037 record_log(_("Access invalid").$p_action);
1038 }
1039 else
1040 {
1041 echo '<h2 class="error">',
1042 htmlspecialchars(_("Cette action ne vous est pas autorisée Contactez votre responsable")),
1043 '</h2>';
1044 echo '</div>';
1045 }
1046 exit(-1);
1047 }
1048 }
1049
1050 /**
1051 * @brief Check if the user can print (in menu_ref p_type_display=p)
1052 * otherwise warn and exit
1053 * @param $p_action requested action
1054 * @return nothing the program exits automatically
1055 */
1056 function check_print($p_action)
1057 {
1058 global $audit, $cn;
1059 $this->audit('AUDIT', $p_action);
1060 if ($this->Admin()==1)
1061 return 1;
1062
1063 $res=$cn->get_value("select count(*) from profile_menu
1064 join profile_user using (p_id)
1065 where user_name=$1 and me_code=$2 ", array($this->login, $p_action));
1066 return $res;
1067 }
1068
1069 /**
1070 * \brief Check if the user can print (in menu_ref p_type_display=p)
1071 * otherwise warn and exit
1072 * \param $p_action requested action
1073 * \return nothing the program exits automatically
1074 */
1075
1076 function can_print($p_action, $p_js=0)
1077 {
1078 if ($this->check_print($p_action)==0)
1079 {
1080 $this->audit('FAIL');
1081 if ($p_js==1)
1082 {
1083 echo create_script("alert_box(content[59])");
1084 }
1085 else
1086 {
1087 echo '<div class="redcontent">';
1088 echo '<h2 class="error">',
1089 htmlspecialchars(_("Cette action ne vous est pas autorisée Contactez votre responsable")),
1090 '</h2>';
1091 echo '</div>';
1092 }
1093 exit(-1);
1094 }
1095 }
1096
1097 /**
1098 * \brief Check if an user is an local administrator
1099 * @deprecated since version 6.7
1100 *
1101 *
1102 * \param $p_dossier : dossier_id
1103 *
1104 * \return
1105 * - 0 if no
1106 * - 1 if yes
1107 *
1108 */
1109 function is_local_admin($p_dossier=-1)
1110 {
1111 return 0;
1112 }
1113
1114 /**
1115 * @brief return array of available repository
1116 *
1117 * @param $p_access R for read W for write
1118 * @return an array
1119 */
1120 function get_available_repository($p_access='R')
1121 {
1122 $profile=$this->get_profile();
1123 $r=array();
1124 if ($p_access=='R')
1125 {
1126 $r=$this->db->get_array("select distinct u.r_id,r_name
1127 from
1128 profile_sec_repository as u
1129 join stock_repository as s on(u.r_id=s.r_id)
1130 where
1131 p_id =$1
1132 and ur_right='W'
1133 order by 2
1134 ", array($profile));
1135 }
1136 if ($p_access=='W')
1137 {
1138 $r=$this->db->get_array("select distinct u.r_id,r_name
1139 from
1140 profile_sec_repository as u
1141 join stock_repository as s on(u.r_id=s.r_id)
1142 where
1143 p_id =$1 order by 2
1144 ", array($profile));
1145 }
1146 return $r;
1147 }
1148
1149 /**
1150 * \brief return an array with all the active users who can access
1151 * $p_dossier including the global admin.
1152 * The user must be activated
1153 *
1154 * \param $p_dossier dossier
1155 * \return an array of user's object
1156 * array indices
1157 * - use_id (id )
1158 * - use_login (login of the user)
1159 * - use_name
1160 * - use_first_name
1161 *
1162 * \exception throw an exception if nobody can access
1163 */
1164 static function get_list($p_dossier)
1165 {
1166 $sql="select distinct use_id,use_login,use_first_name,use_name from ac_users
1167 left outer join jnt_use_dos using (use_id)
1168 where
1169 (dos_id=$1 and use_active=1) or (use_active=1 and use_admin=1)
1170 order by use_login,use_name";
1171
1172 $repo=new Database();
1173 $array=$repo->get_array($sql, array($p_dossier));
1174 if ($repo->size()==0)
1175 throw new Exception('Error inaccessible folder');
1176 return $array;
1177 }
1178
1179 /**
1180 * \brief check the access of an user on a ledger
1181 *
1182 * \param $p_jrn the ledger id
1183 * \return
1184 * - O only predefined operation
1185 * - W write
1186 * - R read only
1187 * - X no access
1188 *
1189 */
1190 function check_jrn($p_jrn)
1191 {
1192 return $this->get_ledger_access($p_jrn);
1193 }
1194
1195 /**
1196 * \brief check if an user can access a folder, if he cannot display a dialog box
1197 * and exit
1198 * \param the folder if
1199 * \param $silent false, echo an error message and exit, true : exit without warning
1200 * default is false
1201 * \return
1202 * - L for administrator (local and global)
1203 * - X no access
1204 * - R regular user
1205 */
1206 function check_dossier($p_dossier_id, $silent=false)
1207 {
1208 $this->Admin();
1209 if ($this->admin==1||$this->is_local_admin($p_dossier_id)==1)
1210 return 'L';
1211 $cn=new Database();
1212
1213 $dossier=$cn->get_value("select 'R' from jnt_use_dos where dos_id=$1 and use_id=$2",
1214 array($p_dossier_id, $this->id));
1215 $dossier=($dossier=='')?'X':$dossier;
1216 if ($dossier=='X')
1217 {
1218 $this->audit('FAIL', "Access folder ");
1219 if (!$silent)
1220 {
1221 alert(_('Dossier non accessible'));
1222 exit();
1223 }
1224 }
1225 return $dossier;
1226 }
1227
1228 /**
1229 * @brief return the first date and the last date of the current exercice for the current user
1230 * @return and array ([0] => start_date,[1] => end_date)
1231 */
1232 function get_limit_current_exercice()
1233 {
1234 $current_exercice=$this->get_exercice();
1235 $periode=new Periode($this->db);
1236 list($per_start, $per_end)=$periode->get_limit($current_exercice);
1237 $start=$per_start->first_day();
1238 $end=$per_end->last_day();
1239 return array($start, $end);
1240 }
1241
1242 /**
1243 * \brief Show all the available folder for the users
1244 * at the login page. For the special case 'E'
1245 * go directly to extension and bypasse the dashboard
1246 * \param $p_filtre user
1247 *
1248 * \return table in HTML
1249 *
1250 */
1251 function show_dossier($p_filtre="")
1252 {
1253 $p_array=$this->get_available_folder($p_filtre);
1254
1255 $result="";
1256
1257 $result.="<TABLE id=\"folder\" class=\"result\">";
1258 $result.="<tr>";
1259 $result.="<th>";
1260 $result.=_("Id");
1261 $result.="</th>";
1262 $result.="<th>";
1263 $result.=_("Nom");
1264 $result.="</th>";
1265 $result.="<th>";
1266 $result.=_("Description");
1267 $result.="</th>";
1268 $result.="</tr>";
1269 if ($p_array==0)
1270 {
1271 $result.="<tr>";
1272 $result.='<td style="width:auto" colspan=3>';
1273 $result.=_("Aucun dossier disponible");
1274 $result.='</td>';
1275 $result.="</tr>";
1276 return $result;
1277 }
1278
1279 for ($i=0; $i<sizeof($p_array); $i++)
1280 {
1281
1282 $id=$p_array[$i]['dos_id'];
1283 $name=$p_array[$i]['dos_name'];
1284 $desc=$p_array[$i]['dos_description'];
1285 if ($i%2==0)
1286 $tr="odd";
1287 else
1288 $tr="even";
1289 $target="do.php?gDossier=$id";
1290
1291 $result.="<TR class=\"$tr\">";
1292
1293 $result.=td($id, ' class="num" ');
1294 $result.="<TD class=\"$tr\">";
1295 $result.="<A class=\"dossier\" HREF=\"$target\">";
1296 $result.=" <B>".h($name)."</B>";
1297 $result.="</A>";
1298 $result.="</TD>";
1299 $desc=($desc=="")?"<i>Aucune description</i>":h($desc);
1300 $desc="<A class=\"dossier\" HREF=\"$target\">$desc</A>";
1301 $result.="<TD class=\"$tr\" >".$desc;
1302 $result.="</TD>";
1303 $result.="</TR>";
1304 }
1305 $result.="</TABLE>";
1306 return $result;
1307 }
1308
1309 /**
1310 * \brief Get all the available folders
1311 * for the users, checked with the security
1312 *
1313 * \param $p_filter
1314 * \return array containing
1315 * - ac_dossier.dos_id
1316 * - ac_dossier.dos_name
1317 * - ac_dossier.dos_description
1318 *
1319 */
1320 function get_available_folder($p_filter="")
1321 {
1322 $cn=new Database();
1323 $filter="";
1324 if ($this->admin==0)
1325 {
1326 // show only available folders
1327 // if user is not an admin
1328 $Res=$cn->exec_sql("select
1329 distinct dos_id,dos_name,dos_description
1330 from ac_users
1331 natural join jnt_use_dos
1332 natural join ac_dossier
1333 where
1334 use_login= $1
1335 and use_active = 1
1336 and ( dos_name ilike '%' || $2 || '%' or dos_description ilike '%' || $2 || '%' )
1337 order by dos_name", array($this->login, $p_filter));
1338 }
1339 else
1340 {
1341 $Res=$cn->exec_sql("select
1342 distinct dos_id,dos_name,dos_description from ac_dossier
1343 where
1344 dos_name ilike '%' || $1|| '%' or dos_description ilike '%' || $1 || '%'
1345 order by dos_name", array($p_filter));
1346 }
1347
1348 $max=Database::num_row($Res);
1349 if ($max==0)
1350 return 0;
1351
1352 for ($i=0; $i<$max; $i++)
1353 {
1354 $array[]=Database::fetch_array($Res, $i);
1355 }
1356 return $array;
1357 }
1358
1359 /**
1360 * @brief Audit action from the administration menu
1361 * @param $p_module description of the action
1362 */
1363 static function audit_admin($p_module)
1364 {
1365 $cn=new Database();
1366 $sql="insert into audit_connect (ac_user,ac_ip,ac_module,ac_url,ac_state) values ($1,$2,$3,$4,$5)";
1367
1368 $cn->exec_sql($sql,
1369 array(
1370 $_SESSION[SESSION_KEY.'g_user'],
1371 $_SERVER["REMOTE_ADDR"],
1372 $p_module,
1373 $_SERVER['REQUEST_URI'],
1374 'ADMIN'));
1375 }
1376
1377 function audit($action='AUDIT', $p_module="")
1378 {
1379 global $audit;
1380 if ($audit)
1381 {
1382 if ($p_module==""&&isset($_REQUEST['ac']))
1383 {
1384 $p_module=$_REQUEST['ac'];
1385 }
1386 $cn=new Database();
1387 if (isset($_REQUEST['gDossier']))
1388 $p_module.=" dossier : ".$_REQUEST['gDossier'];
1389 $sql="insert into audit_connect (ac_user,ac_ip,ac_module,ac_url,ac_state) values ($1,$2,$3,$4,$5)";
1390
1391 $cn->exec_sql($sql,
1392 array(
1393 $_SESSION[SESSION_KEY.'g_user'],
1394 $_SERVER["REMOTE_ADDR"],
1395 $p_module,
1396 $_SERVER['REQUEST_URI'],
1397 $action));
1398 }
1399 }
1400
1401 function save_profile($p_id)
1402 {
1403 $count=$this->db->get_value("select count(*) from profile_user where user_name=$1", array($this->login));
1404 if ($count==0)
1405 {
1406 $this->db->exec_sql("insert into profile_user(p_id,user_name)
1407 values ($1,$2)", array($p_id, $this->login));
1408 }
1409 else
1410 {
1411 $this->db->exec_sql("update profile_user set p_id=$1 where user_name=$2", array($p_id, $this->login));
1412 }
1413 }
1414
1415 /**
1416 * @brief return the profile (p_id)
1417 * @return profile.p_id
1418 */
1419 function get_profile()
1420 {
1421 $profile=$this->db->get_value("select p_id from profile_user where
1422 lower(user_name)=lower($1) ", array($this->login));
1423 return $profile;
1424 }
1425
1426 /**
1427 * @brief Compute the SQL string for the writable profile,
1428 * the subselect for p_id , example
1429 * p_id in $g_user->sql_writable_profile.
1430 * The administrator can access all the profiles
1431 * R = Read Only W = Write and delete O = write and not delete
1432 * @return SQL string with the subselect for p_id
1433 */
1434 function sql_writable_profile()
1435 {
1436 if ($this->admin!=1)
1437 {
1438 $sql=" (select p_granted "
1439 ." from user_sec_action_profile "
1440 ." where ua_right in ('W','O') and p_id=".$this->get_profile().") ";
1441 }
1442 else
1443 {
1444 $sql="(select p_id p_granted from profile)";
1445 }
1446 return $sql;
1447 }
1448 /**
1449 * @brief return array of writable action_profile
1450 *
1451 */
1452 function get_writable_profile()
1453 {
1454 $value=$this->db->get_array("select p_granted from ".$this->sql_writable_profile()." as m") ;
1455 $aGranted=array_column($value,"p_granted");
1456 return $aGranted;
1457 }
1458 /**
1459 * @brief return array of readable action_profile
1460 *
1461 */
1462 function get_readable_profile()
1463 {
1464 $value=$this->db->get_array("select p_granted from ".$this->sql_readable_profile()." as m") ;
1465 $aGranted=array_column($value,"p_granted");
1466 return $aGranted;
1467 }
1468 /**
1469 *@brief Compute the SQL string for the readable profile,
1470 * the subselect for p_id , example
1471 * p_id in $g_user->sql_readable_profile.
1472 * The administrator can read all the profiles
1473 * @return SQL string with the subselect for p_id
1474 */
1475 function sql_readable_profile()
1476 {
1477 if ($this->admin!=1)
1478 {
1479 $sql=" (select p_granted "
1480 ." from user_sec_action_profile "
1481 ." where ua_right in ('W','R','O') and p_id=".$this->get_profile().") ";
1482 }
1483 else
1484 {
1485 $sql="(select p_id p_granted from profile)";
1486 }
1487 return $sql;
1488 }
1489
1490 /**
1491 * @brief Check if the current user can add an action in the profile given
1492 * in parameter
1493 * @param type $p_profile profile.p_id = action_gestion.ag_dest
1494 * @return boolean
1495 */
1496 function can_add_action($p_profile)
1497 {
1498
1499 $r=$this->db->get_value(' select count(*)
1500 from user_sec_action_profile
1501 where p_granted=$2
1502 and p_id=$1', array($this->get_profile(), $p_profile));
1503 if ($r==0)
1504 {
1505 return false;
1506 }
1507 return true;
1508 }
1509
1510 /**
1511 * @brief Check if the profile of the user can write for this profile
1512 * @param $dtoc action_gestion.ag_id
1513 * @return true if he can write otherwise false
1514 */
1515 function can_write_action($dtoc)
1516 {
1517 if ($this->Admin()==1)
1518 return TRUE;
1519 if ($this->get_status_security_action()==0)
1520 return TRUE;
1521 $profile=$this->get_profile();
1522 $r=$this->db->get_value(" select count(*) from action_gestion where ag_id=$1 and ag_dest in
1523 (select p_granted from user_sec_action_profile where ua_right in ('W','O') and p_id=$2) ", array($dtoc, $profile));
1524 if ($r==0)
1525 return FALSE;
1526 return true;
1527 }
1528
1529 /**
1530 * @brief Check if the profile of the user can write AND delete for this profile
1531 * @param $dtoc action_gestion.ag_id
1532 * @return true if he can write otherwise false
1533 */
1534 function can_delete_action($dtoc)
1535 {
1536 if ($this->Admin()==1)
1537 return TRUE;
1538 if ($this->get_status_security_action()==0)
1539 return TRUE;
1540 $profile=$this->get_profile();
1541 $r=$this->db->get_value(" select count(*) from action_gestion where ag_id=$1 and ag_dest in
1542 (select p_granted from user_sec_action_profile where ua_right='W' and p_id=$2) ", array($dtoc, $profile));
1543 if ($r==0)
1544 return FALSE;
1545 return true;
1546 }
1547
1548 /**
1549 * @brief Check if the profile of the user can write for this profile
1550 * @param $dtoc action_gestion.ag_id
1551 * @return true if he can write otherwise false
1552 */
1553 function can_read_action($dtoc)
1554 {
1555 if ($this->Admin()==1)
1556 return true;
1557 $profile=$this->get_profile();
1558 $r=$this->db->get_value(" select count(*) from action_gestion where ag_id=$1 and (ag_dest in
1559 (select p_granted from user_sec_action_profile where p_id=$2) or ag_owner=$3)",
1560 array($dtoc, $profile, $this->login));
1561 if ($r==0)
1562 return false;
1563 return true;
1564 }
1565
1566 /**
1567 * @brief Check if the profile of the user can write for this repository
1568 * @param $p_repo stock_repository.r_id
1569 * @return true if he can write otherwise false
1570 */
1571 function can_write_repo($p_repo)
1572 {
1573 if ($this->Admin()==1)
1574 return true;
1575 $profile=$this->get_profile();
1576 $r=$this->db->get_value("select count(*)
1577 from profile_sec_repository
1578 where
1579 r_id=$1
1580 and p_id =$2
1581 and ur_right='W'", array($p_repo, $profile));
1582 if ($r==0)
1583 return false;
1584 return true;
1585 }
1586
1587 /**
1588 * @brief Check if the profile of the user can read for this repository
1589 * @param $p_repo stock_repository.r_id
1590 * @return true if he read write otherwise false
1591 */
1592 function can_read_repo($p_repo)
1593 {
1594 if ($this->Admin()==1)
1595 return true;
1596 $profile=$this->get_profile();
1597 $r=$this->db->get_value("select count(*)
1598 from profile_sec_repository
1599 where
1600 r_id=$1
1601 and p_id =$2
1602 ", array($p_repo, $profile));
1603 if ($r==0)
1604 return false;
1605 return true;
1606 }
1607 /**
1608 * @brief store the password in session
1609 */
1610 function password_to_session()
1611 {
1612 $_SESSION[SESSION_KEY.'g_pass']=$this->getPassword();
1613 }
1614 /**
1615 * @brief Save the password of the current user
1616 * @param string $p_pass1 password (clear)
1617 * @param string $p_pass2 for confirming password (clear)
1618 * @see check_password_strength()
1619 * @return true : password successfully changed otherwise false
1620 */
1621 function save_password($p_pass1, $p_pass2)
1622 {
1623 if ($p_pass1==$p_pass2 && count(check_password_strength($p_pass1)['msg'])==0)
1624 {
1625 $repo=new Database();
1626 $l_pass=md5($p_pass1);
1627 $this->setPassword($l_pass);
1628 $repo->exec_sql("update ac_users set use_pass=$1 where use_login=$2",
1629 array($l_pass, $this->login));
1630 return true;
1631 }
1632 else
1633 {
1634
1635 return false;
1636 }
1637 }
1638
1639 /**
1640 * @brief Save the password from PREFERENCE MODULE
1641 * @param type $p_email
1642 */
1643 function save_email($p_email)
1644 {
1645 $repo=new Database();
1646 $repo->exec_sql("update ac_users set use_email=$1 where use_login=$2",
1647 array($p_email, $_SESSION[SESSION_KEY.'g_user']));
1648 }
1649
1650 /**
1651 *@brief Remove a user and all his privileges
1652 * So it cannot connect anymore and all his privileges are removed from
1653 * the dossier
1654 *
1655 */
1656 static function revoke_access($p_login, $p_dossier)
1657 {
1658 // connect to the repository
1659 $repo_cnx=new Database();
1660
1661 // Retrieve the user
1662 $user=$repo_cnx->get_array('select use_id,use_login from ac_users where use_login=$1', array($p_login));
1663 if (!$user)
1664 return false;
1665
1666 // remove him from jnt_use_dos
1667 $repo_cnx->exec_sql("delete from jnt_use_dos WHERE use_id=$1 and dos_id=$2",
1668 array($user[0]['use_id'], $p_dossier));
1669
1670 // Remove user from user's dossier
1671 $cn_dossier=new Database($p_dossier);
1672 $cn_dossier->exec_sql("delete from profile_user where user_name=$1", array($p_login));
1673 $cn_dossier->exec_sql("delete from user_sec_act where ua_login=$1", array($p_login));
1674 }
1675
1676 /**
1677 * @brief Grant access to folder, grant administrator profile , all the ledgers and all the action
1678 *
1679 */
1680 static function grant_admin_access($p_login, $p_dossier)
1681 {
1682 $repo_cnx=new Database();
1683 $user=$repo_cnx->get_array("select use_id,use_login
1684 from ac_users
1685 where use_login=$1", array($p_login));
1686
1687 if (!$user)
1688 return false;
1689 $cn_dossier=new Database($p_dossier);
1690 // if not access to DB
1691 if (
1692 $repo_cnx->get_value("select count(*) from jnt_use_dos where use_id=$1 and dos_id=$2",
1693 array($user[0]['use_id'], $p_dossier))==0
1694 )
1695 {
1696 $repo_cnx->exec_sql("insert into jnt_use_dos(use_id,dos_id) values ($1,$2)",
1697 array($user[0]['use_id'], $p_dossier));
1698 }
1699 //------ Give him the admin menu
1700 if ($cn_dossier->get_value("select count(*) from profile_user where user_name=$1", array($user[0]['use_login']))==0)
1701 {
1702 $cn_dossier->exec_sql('insert into profile_user(user_name,p_id) values($1,1)', array($user[0]['use_login']));
1703 }
1704 // Grant all action + ledger to him
1705 $cn_dossier->exec_sql("delete from user_sec_act where ua_login=$1", array($p_login));
1706
1707 $cn_dossier->exec_sql("insert into user_sec_act (ua_login,ua_act_id)"
1708 ." select $1 ,ac_id from action ", array($p_login));
1709
1710 $cn_dossier->exec_sql("delete from user_sec_jrn where uj_login=$1", array($p_login));
1711 $cn_dossier->exec_sql("insert into user_sec_jrn(uj_login,uj_jrn_id,uj_priv)"
1712 ." select $1,jrn_def_id,'W' from jrn_def", array($p_login));
1713 }
1714
1715 static function remove_inexistant_user($p_dossier)
1716 {
1717 $cnx_repo=new Database();
1718 $name=$cnx_repo->format_name($p_dossier, 'dos');
1719 if ($cnx_repo->exist_database($name)==0)
1720 return;
1721 $cnx_dossier=new Database($p_dossier);
1722 if ($cnx_dossier->exist_table('profile_user'))
1723 $a_user=$cnx_dossier->get_array('select user_name from profile_user');
1724 else
1725 return;
1726
1727 if (!$a_user)
1728 return;
1729 $nb=count($a_user);
1730 for ($i=0; $i<$nb; $i++)
1731 {
1732 if ($cnx_repo->get_value('select count(*) from ac_users where use_login=$1', array($a_user[$i]['user_name']))==0)
1733 {
1734 if ($cnx_dossier->exist_table('user_sec_jrn'))
1735 $cnx_dossier->exec_sql("delete from user_sec_jrn where uj_login=$1", array($a_user[$i]['user_name']));
1736 $cnx_dossier->exec_sql("delete from profile_user where user_name=$1", array($a_user[$i]['user_name']));
1737 if ($cnx_dossier->exist_table('user_sec_act'))
1738 $cnx_dossier->exec_sql("delete from user_sec_act where ua_login=$1", array($a_user[$i]['user_name']));
1739 if ($cnx_dossier->exist_table('user_sec_jrn'))
1740 $cnx_dossier->exec_sql("delete from user_sec_jrn where uj_login=$1", array($a_user[$i]['user_name']));
1741 if ($cnx_dossier->exist_table('user_active_security'))
1742 $cnx_dossier->exec_sql("delete from user_active_security where us_login=$1",
1743 array($a_user[$i]['user_name']));
1744 }
1745 }
1746 }
1747
1748 /**
1749 * @brief Check the security on ledger for the user , it returns 1 if the security
1750 * on ledgers is enabled, otherwise 0
1751 */
1753 {
1754 $security=$this->db->get_value("select us_ledger from user_active_security
1755 where
1756 us_login=$1", [$this->login]);
1757 $n_security=($security=="Y")?1:0;
1758 return $n_security;
1759 }
1760
1761 /**
1762 * @brief Set the flag in the table user_active_security
1763 * @param int $p_value 1==enable , 0 = disable
1764 * @exceptions invalid value
1765 */
1767 {
1768 if ($p_value!=0&&$p_value!=1)
1769 throw new Exception(_("Valeur invalide"));
1770 $exist=$this->db->get_value("select count(*) from user_active_security where us_login=$1", [$this->login]);
1771 $flag=($p_value==1)?"Y":"N";
1772 if ($exist==0)
1773 {
1774 $this->db->exec_sql("insert into user_active_security (us_login,us_ledger,us_action) values ($1,$2,$3)",
1775 [$this->login, $flag, 'Y']);
1776 }
1777 else
1778 {
1779 $this->db->exec_sql("update user_active_security set us_ledger=$1 where us_login = $2",
1780 [$flag, $this->login]);
1781 }
1782 }
1783
1784 /**
1785 * Check the security on ledger for the user , it returns 1 if the security
1786 * on ledgers is enabled, otherwise 0
1787 */
1789 {
1790 $security=$this->db->get_value("select us_action from user_active_security
1791 where
1792 us_login=$1", [$this->login]);
1793 $n_security=($security=="Y")?1:0;
1794 return $n_security;
1795 }
1796
1797 /**
1798 * Set the flag in the table user_active_security
1799 * @param int $p_value 1==enable , 0 = disable
1800 * @exceptions invalid value
1801 */
1803 {
1804 if ($p_value!=0&&$p_value!=1)
1805 throw new Exception(_("Valeur invalide"));
1806 $exist=$this->db->get_value("select count(*) from user_active_security where us_login=$1", [$this->login]);
1807 $flag=($p_value==1)?"Y":"N";
1808 if ($exist==0)
1809 {
1810 $this->db->exec_sql("insert into user_active_security (us_login,us_action,us_ledger) values ($1,$2,$3)",
1811 [$this->login, $flag, 'Y']);
1812 }
1813 else
1814 {
1815 $this->db->exec_sql("update user_active_security set us_action=$1 where us_login = $2",
1816 [$flag, $this->login]);
1817 }
1818 }
1819
1820 /**
1821 *@brief first day in calendar
1822 * @see IDate::set_firstDate(
1823 */
1825 {
1826 $repocn=new Database();
1827 $result=$repocn->get_value("select parameter_value from user_global_pref where parameter_type=$1 and user_id=$2 ",
1828 array("first_week_day", $this->login));
1829 if ($repocn->count()==0)
1830 {
1831 $this->save_global_preference("first_week_day", 1);
1832 return 1;
1833 }
1834 return $result;
1835 }
1836 /**
1837 * @brief clean the sessions
1838 */
1839 static function clean_session()
1840 {
1841
1842 $aSession=$_SESSION;
1843 foreach($aSession as $key => $value) {
1844 if(DEBUGNOALYSS>1) { echo "[$key]=>[$value]";}
1845
1846 if ( strpos($key,SESSION_KEY) === 0) {
1847 unset($_SESSION[$key]);
1848 if(DEBUGNOALYSS>1) { echo "=> [$key] cleaned";}
1849 }
1850 }
1851 }
1852 /**
1853 *@brief Get preference , either the user see the numeric id for VAT or its code, if the preference doesn't exist
1854 * by default , 0 is saved in ACCOUNT_REPOSITORY
1855 * @see ITva_Popup::set_vat_code()
1856 * @see ITva_Popup
1857 */
1859 {
1860 $repocn=new Database();
1861 $result=$repocn->get_value("select parameter_value from user_global_pref where parameter_type=$1 and user_id=$2 ",
1862 array("vat_code", $this->login));
1863 if ($repocn->count()==0)
1864 {
1865 $this->save_global_preference("vat_code", 0);
1866 return 0;
1867 }
1868 return $result;
1869 }
1870}
1871
1872?>
h2($p_string, $p_class="", $raw="")
Definition ac_common.php:68
td($p_string='', $p_extra='')
surround the string with td
Definition ac_common.php:83
$sql_array['query']
catch(Exception $exc) if(! $g_user->can_write_action($ag_id)) $r
if(!headers_sent())
– pour utiliser unoconv démarrer un server libreoffice commande libreoffice –headless –accept="socket...
$profile p_id
$anc_grandlivre from
$opd_description style
margin jrn_def_id
$from
$from_poste name
_("actif, passif,charge,...")
static escape_string($p_string)
wrapper for the function pg_escape_string
static fetch_array($ret, $p_indice=0, $p_mode=PGSQL_ASSOC)
wrapper for the function pg_fetch_array
static num_row($ret)
wrapper for the function pg_num_rows
contains the class for connecting to Noalyss
Data & function about connected users.
get_vat_code_preference()
Get preference , either the user see the numeric id for VAT or its code, if the preference doesn't ex...
$login
login lower case
set_status_security_ledger($p_value)
Set the flag in the table user_active_security.
get_access_mode()
access_mode tells what mode must be used : pc or mobile
get_status_security_action()
Check the security on ledger for the user , it returns 1 if the security on ledgers is enabled,...
$id
in account_repository , ac_users.use_id
set_status_security_action($p_value)
Set the flag in the table user_active_security.
get_status_security_ledger()
Check the security on ledger for the user , it returns 1 if the security on ledgers is enabled,...
set_session_var()
put user_login into Postgres config (session), it can be used for tracking users activities
$active
1 active , 0 disables
get_first_week_day()
first day in calendar
$admin
is or is not admin
$theme
user's CSS Theme
$lang
user's language
$last_name
user's last_name
$password
md5 of the password
$access_mode
MOBILE or PC depending if when connecting $login contains @mobile.
Check($silent=false, $from='')
Check if user is active and exists in therepository Automatically redirect, it doesn't check if a use...
$db
database connx to the folder NOT repository
load_global_pref()
Get the global preferences from user_global_pref in the account_repository db.
static grant_admin_access($p_login, $p_dossier)
Grant access to folder, grant administrator profile , all the ledgers and all the action.
save_global_preference($key, $value)
Save the preference , the scope is global, the settings are saved into account_repository.
static clean_session()
clean the sessions
set_access_mode($access_mode)
access_mode tells what mode must be used : pc or mobile
setLogin(string $login)
static remove_inexistant_user($p_dossier)
can_connect()
check the password and user
connect_user()
connect the user and set the $_SESSION variables if not set thanks the $_REQUEST
setFirstName($first_name)
$valid
is or is not valid
__construct($p_cn, $p_id=-1)
Create an user , load an existing one or if p_id == -1 search for the connected user.
const ALL
Definition constant.php:204
for($e=0; $e< count($afiche); $e++) exit
$SecUser db
$flag
Definition install.php:536
$valid
Definition recover.php:57
redirect($p_string, $p_time=0)