prep for 2023. Fixed many bugs. Added pdf guide
This commit is contained in:
@@ -3,14 +3,21 @@ require_once 'vendor/autoload.php';
|
||||
ini_set('display_errors', 0);
|
||||
ini_set('display_startup_errors', 0);
|
||||
error_reporting(E_ALL & ~E_NOTICE & ~E_STRICT & ~E_DEPRECATED & ~E_WARNING );
|
||||
include '../inc/auth.php';
|
||||
$Auth = new modAuth();
|
||||
// Load the graph class so we can get user info
|
||||
include '../inc/graph.php';
|
||||
$Graph = new modGraph();
|
||||
$uInfo = $Graph->getProfile();
|
||||
|
||||
session_start();
|
||||
$userid = $_SESSION['uid'];
|
||||
$cfg = include('accred_config.php');
|
||||
$userid = $uInfo->id;
|
||||
openlog('ACCRED', LOG_PID, LOG_LOCAL0);
|
||||
// Should we preload with data ?
|
||||
$aid = $_GET['aid'];
|
||||
$isAdmin = $_SESSION['admin']==1;
|
||||
|
||||
$isAdmin = $uInfo->userPrincipalName==$cfg['admin'] ? 1: 0;
|
||||
$isEditable = $cfg['editmode']==1;
|
||||
if(!$userid) {
|
||||
syslog(LOG_ERR, "Unauthorized access to form page aid:$aid from : {$_SERVER['REMOTE_ADDR']} ({$_SERVER['HTTP_USER_AGENT']})");
|
||||
@@ -23,7 +30,6 @@ require_once 'vendor/autoload.php';
|
||||
die();
|
||||
}
|
||||
|
||||
$cfg = include('accred_config.php');
|
||||
|
||||
$uname = $_SESSION['name'];
|
||||
if($_POST['btncancel']) {
|
||||
@@ -31,12 +37,12 @@ require_once 'vendor/autoload.php';
|
||||
die();
|
||||
}
|
||||
$prices = array(
|
||||
// 'mar' => array('nor' => 60, 'vip' => 40, 'label' => 'Mardi 4 juin'),
|
||||
'mer' => array('nor' => 60, 'vip' => 40, 'label' => 'Mercredi 5 juin'),
|
||||
'jeu' => array('nor' => 60, 'vip' => 40, 'label' => 'Jeudi 6 juin'),
|
||||
'ven' => array('nor' => 60, 'vip' => 40, 'label' => 'Vendredi 7 juin'),
|
||||
'sam' => array('nor' => 60, 'vip' => 40, 'label' => 'Samedi 8 juin'),
|
||||
'dim' => array('nor' => 60, 'vip' => 40, 'label' => 'Dimanche 9 juin')
|
||||
// 'mar' => array('nor' => 60, 'vip' => 40, 'label' => 'Mardi 15 juin'),
|
||||
'mer' => array('nor' => 60, 'vip' => 40, 'label' => 'Mercredi 7 juin'),
|
||||
'jeu' => array('nor' => 60, 'vip' => 40, 'label' => 'Jeudi 8 juin'),
|
||||
'ven' => array('nor' => 60, 'vip' => 40, 'label' => 'Vendredi 9 juin'),
|
||||
'sam' => array('nor' => 60, 'vip' => 40, 'label' => 'Samedi 10 juin')
|
||||
// , 'dim' => array('nor' => 60, 'vip' => 40, 'label' => 'Dimanche 19 juin')
|
||||
|
||||
);
|
||||
?>
|
||||
@@ -86,14 +92,15 @@ global $aid;
|
||||
global $userid;
|
||||
global $isAdmin;
|
||||
global $uname;
|
||||
global $uInfo;
|
||||
|
||||
$username = $_SESSION['name'];
|
||||
$username = $uInfo->displayName;
|
||||
$status = '1';
|
||||
$updateStatus = false;
|
||||
if($_POST['btndelete']) {
|
||||
$query = "DELETE FROM submissions WHERE id=$aid";
|
||||
if(!$isAdmin) {
|
||||
$query .= " AND uid=$userid";
|
||||
$query .= " AND uid='$userid'";
|
||||
}
|
||||
syslog(LOG_INFO, "Delete entry for aid:$aid by uid: $userid / $uname from: {$_SERVER['REMOTE_ADDR']} ({$_SERVER['HTTP_USER_AGENT']})");
|
||||
if (!$mysqli->query($query) ) {
|
||||
@@ -122,44 +129,65 @@ if( $reqName == '') {
|
||||
// Escape string, mostly in case of quotes
|
||||
$d = $mysqli->real_escape_string(serialize($_POST));
|
||||
if(!$aid) {
|
||||
// New entry. If no demande_pour provided in form, make current user owner
|
||||
// New entry. If no demande_pour provided in form, make current user owner
|
||||
if($demPour=='') {
|
||||
$reqName = $username;
|
||||
}
|
||||
else {
|
||||
$reqName = $demPour;
|
||||
}
|
||||
}
|
||||
$query = "INSERT INTO submissions (uid, status, name, reqname, created, formdata,modified) values('$userid',$status,'$username','$reqName',null,'".$d."',NOW())";
|
||||
syslog(LOG_INFO, "Create entry by uid: $userid / $uname from: {$_SERVER['REMOTE_ADDR']} ({$_SERVER['HTTP_USER_AGENT']})");
|
||||
}
|
||||
else {
|
||||
// Modifying existint record
|
||||
if($demPour=='') {
|
||||
// Could have had a value before or already be empty
|
||||
// regardless, set reqName to same as name (This is NOT username or logged in user)
|
||||
// Was a prior bug
|
||||
// Since we don't have the DB values here, we need a different query
|
||||
$query = "UPDATE submissions set reqname=name,modifieduid=$userid,formdata='".$d."'";
|
||||
// Modifying existing record
|
||||
if(!$isAdmin) {
|
||||
$query = "UPDATE submissions set modifieduid='$userid',formdata='".$d."'";
|
||||
}
|
||||
else {
|
||||
// Value for demande_pour non blank, use that for reqName
|
||||
$query = "UPDATE submissions set reqname='".$demPour."',modifieduid=$userid,formdata='".$d."'";
|
||||
if($demPour=='') {
|
||||
// Could have had a value before or already be empty
|
||||
// regardless, set reqName to same as name (This is NOT username or logged in user)
|
||||
// Was a prior bug
|
||||
// Since we don't have the DB values here, we need a different query
|
||||
// Only admins can set request for. Prevent setting to blank on update byy regular user
|
||||
$query = "UPDATE submissions set reqname=name,modifieduid='$userid',formdata='".$d."'";
|
||||
}
|
||||
else {
|
||||
// Value for demande_pour non blank, use that for reqName
|
||||
$query = "UPDATE submissions set reqname='".$demPour."',modifieduid='$userid',formdata='".$d."'";
|
||||
}
|
||||
}
|
||||
if($updateStatus) {
|
||||
$query .= ",status=$status ";
|
||||
}
|
||||
$query .= " WHERE id=$aid";
|
||||
if(!$isAdmin) {
|
||||
$query .= " AND uid=$userid";
|
||||
$query .= " AND uid='$userid'";
|
||||
}
|
||||
syslog(LOG_INFO, "Update entry aid:$aid by uid: $userid / $uname from: {$_SERVER['REMOTE_ADDR']} ({$_SERVER['HTTP_USER_AGENT']})");
|
||||
$logquery = "INSERT INTO log (uid,aid,name,isadmin,operation,new,prev) SELECT '$userid',$aid,'$username', $isAdmin, 'update','".$d."', formdata FROM submissions WHERE ID=$aid";
|
||||
$stmt = $mysqli->stmt_init();
|
||||
$st = "INSERT INTO log (uid,aid,name,isadmin,operation,new,prev) VALUES('$userid',$aid,'$username',$isAdmin,'update','$d',?)";
|
||||
$stmt = $mysqli->prepare($st);
|
||||
$quer = "SELECT formdata FROM submissions WHERE ID=$aid";
|
||||
if(!$mysqli->query($quer)) {
|
||||
echo "Line 167x; Table insert failed: (" . $mysqli->errno . ") " . $mysqli->error. " / " . $mysqli->sqlstate;
|
||||
var_dump($quer);
|
||||
die("Argh<");
|
||||
}
|
||||
if($result = $mysqli->query($quer)) {
|
||||
$row = $result->fetch_assoc();
|
||||
$fd = $row['formdata'];
|
||||
$stmt->bind_param("b",$fd);
|
||||
$stmt->execute();
|
||||
}
|
||||
}
|
||||
$mysqli->query($logquery);
|
||||
if (!$mysqli->query($query) ) {
|
||||
echo "Table creation failed: (" . $mysqli->errno . ") " . $mysqli->error;
|
||||
die("Argh");
|
||||
}
|
||||
echo "Table update failed on 179: (" . $mysqli->errno . ") " . $mysqli->error;
|
||||
var_dump($query);
|
||||
die("Argh");
|
||||
}
|
||||
echo "<script type='text/javascript'> document.location = 'accred_list'; </script>";
|
||||
die();
|
||||
}
|
||||
@@ -168,7 +196,7 @@ die();
|
||||
if($aid) {
|
||||
$query = "SELECT * from submissions WHERE ID=$aid";
|
||||
if(!$isAdmin) {
|
||||
$query .= " AND UID=$userid";
|
||||
$query .= " AND UID='$userid'";
|
||||
}
|
||||
if (!$result = $mysqli->query($query) ) {
|
||||
echo "Table read failed: (" . $mysqli->errno . ") " . $mysqli->error;
|
||||
@@ -201,7 +229,8 @@ die();
|
||||
}
|
||||
else {
|
||||
$ti = 'Commande par '.$reqName. ', créée le '.$row['created'];
|
||||
$forWho = $ar['demande_pour'];
|
||||
$forWho = $ar['demande_pour'];
|
||||
$forWho = $row['reqname'];
|
||||
}
|
||||
if($isAdmin) {
|
||||
$form->add('label','label_demande_pour','','Demandeur');
|
||||
|
||||
Reference in New Issue
Block a user