Issues in approb.php (master) - Issues in master - cantico/absences - Measure and Improve Code Quality continuously with Scrutinizer

Issues (1940)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

programs/approb.php (2 issues)

Labels

Severity

Minor 2

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
//-------------------------------------------------------------------------
// OVIDENTIA http://www.ovidentia.org
// Ovidentia is free software; you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation; either version 2, or (at your option)
// any later version.
//
// This program is distributed in the hope that it will be useful, but
// WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
// See the GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with this program; if not, write to the Free Software
// Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
// USA.
//-------------------------------------------------------------------------
/**
 * @license http://opensource.org/licenses/gpl-license.php GNU General Public License (GPL)
 * @copyright Copyright (c) 2006 by CANTICO ({@link http://www.cantico.fr})
 */

include_once dirname(__FILE__).'/functions.php';
require_once $GLOBALS['babInstallPath']."utilit/wfincl.php";
require_once $GLOBALS['babInstallPath'].'utilit/urlincl.php';
include_once dirname(__FILE__)."/utilit/vacincl.php";
include_once dirname(__FILE__)."/utilit/entry.class.php";
include_once dirname(__FILE__)."/utilit/request.ui.php";





class absences_approbEntryDetail extends absences_requestDetail
{
	public $datebegintxt;
	public $datebegin;
	public $halfnamebegin;
	public $dateendtxt;
	public $dateend;
	public $halfnameend;
	public $nbdaystxt;
	public $typename;
	public $nbdays;
	public $totaltxt;
	public $totalval;
	public $confirm;
	public $refuse;
	public $fullname;
	public $commenttxt;
	public $remarktxt;
	public $remark;

	public $arr = array();
	public $db;
	public $count;
	public $res;
	public $veid;

	public $folder;
	
	
	public $t_alert;
	public $t_nomatch;
	public $t_folder;
	public $t_confirm_folder;
	public $t_createdby;
	
	/**
	 * @var bool|string
	 */
	public $createdby;

	/**
	 * @var bool|string
	 */
	public $todelete;
	
	
	public $begin;
	public $end;
	public $id_user;
	public $totaldates_days;
	public $totaldates_hours;
	public $availability;
	public $negative;
	public $nomatch;
	public $alert;
	public $typecolor;
	public $rightname;
	public $date;
	

	public function __construct(absences_Entry $entry)
	{
		parent::__construct($entry, true);
		
		require_once dirname(__FILE__).'/utilit/agent.ui.php';

		$this->datebegintxt = absences_translate("Begin date");
		$this->dateendtxt = absences_translate("End date");
		$this->nbdaystxt = absences_translate("Quantities");
		$this->totaltxt = absences_translate("Total");
		$this->commenttxt = absences_translate("Approver comment");
		
		$this->refuse = absences_translate("Refuse");
		$this->remarktxt = absences_translate("Applicant comment");
		$this->t_alert = absences_translate("Negative balance");
		$this->t_nomatch = absences_translate("The length of the period is different from the requested vacation");
		$this->t_folder = absences_translate("Other dates of the recurring request");
		$this->t_confirm_folder = absences_translate("Apply the same choice on all recurring request periods");
		$this->t_createdby = absences_translate("Created by");
		
		if ($entry->createdby == $entry->id_user)
		{
			$this->createdby = false;
		} else if ($entry->createdby) {
			$this->createdby = bab_toHtml(bab_getUserName($entry->createdby));
		} else {
		    $this->createdby = false;
		}
		
		$this->confirm = absences_translate("Approve");

		$this->todelete = false;
		if ($entry->todelete) {
		    $this->confirm = absences_translate("Confirm deletion");
		    $this->todelete = absences_translate('Deletion request');
		}
		
		$this->begin 		= bab_mktime($entry->date_begin);
		$this->end 			= bab_mktime($entry->date_end);
		$this->datebegin	= bab_toHtml(absences_longDate($this->begin));
		$this->dateend		= bab_toHtml(absences_longDate($this->end));
		$this->id_user		= $entry->id_user;
		$this->fullname		= bab_toHtml(bab_getUserName($entry->id_user));
		$this->remark 		= bab_toHtml($entry->comment, BAB_HTML_ALL);

        // here we do not use the planned duration to verify 
        // if a workschedule modification has been made beetween the 
        // request creation and the validation step
		$this->totaldates_days = $entry->getDurationDays();
		$this->totaldates_hours = $entry->getDurationHours();

		if (0 === (int) round(100 * $this->totaldates_hours)) {
			// pas d'heures travaillees
			$this->availability = sprintf(absences_translate('%s in period'), absences_quantity($this->totaldates_days, 'D'));
		} else {
			$this->availability = sprintf(absences_translate('%s or %s in period'), absences_quantity($this->totaldates_days, 'D'), absences_quantity($this->totaldates_hours, 'H'));
		}

		$rights = absences_getRightsOnPeriod($entry->date_begin, $entry->date_end, $entry->id_user);
		$this->negative = array();
		foreach ($rights as $r)
		{
			$after = $r['quantity_available'] - $r['waiting'];
			if ($after < 0)
				$this->negative[$r['id']] = $after;
		}

		$this->res = $entry->getElementsIterator();
		$this->res->rewind();


		$this->totalval = array('D' => 0, 'H' => 0); // quantity in days
		$this->veid = bab_toHtml($entry->id);
		$this->nomatch = false;


		if ($this->folder = $entry->getFolderEntriesIterator())
		{
			$this->folder->appr_idfai = bab_getWaitingIdSAInstance(bab_getUserId());

			$this->folder->rewind();
		}
	}

	function getnexttype()

	{
		if( $this->res->valid())
		{
			$elem = $this->res->current();
			/*@var $elem absences_EntryElem */
			$right = $elem->getRight();
			$type = $right->getType();

			$this->totalval[$right->quantity_unit] += $elem->quantity;
			$this->nbdays = absences_quantity($elem->quantity, $right->quantity_unit);
			$this->alert = isset($this->negative[$right->id]) ? $this->negative[$right->id] : false;

			$this->typecolor = bab_toHtml($type->color);
			$this->typename = bab_toHtml($type->name);
			$this->rightname = bab_toHtml($right->description);

			$this->res->next();

			return true;
		}
		return false;

	}

	function getmatch()

	{
		// si aucun droit en heure, verifier que le nombre de jours pris corespond au nombre de jour de la periode
		if (0 === round(100 * $this->totalval['H']))
		{
		    
		    
			// pour les demi-jours, une precision d'un chiffre apres la virgule suffi
			$this->nomatch = !(round(10 * $this->totalval['D']) === round(10 * $this->totaldates_days));
			return false;
		}

		// jours non pris (doit etre occupe par les heures)
		$days1 = $this->totaldates_days - $this->totalval['D'];

		// nombre de jours calcules corespondant aux heures prises sur la periode
		if ($this->totaldates_hours > 0)
		{
			$days2 = ($this->totaldates_days * $this->totalval['H']) / $this->totaldates_hours;
		} else {
			$days2 = 0;
		}

		
		
		$this->nomatch = $days1 !== $days2;
		return false;
	}


	public function getnextfe()
	{

		if ($this->folder->valid())
		{
			$entry = $this->folder->current();
			/*@var $entry absences_Entry */
			$this->date = bab_toHtml(bab_shortDate(bab_mktime($entry->date_begin), false));

			$this->folder->next();
			return true;
		}

		return false;
	}
}






function absences_confirmWaitingVacation($id)
{
	global $babBody, $babDB;

	$entry = absences_Entry::getById($id);

	if (!$entry->getRow()) {
		$babBody->addError(absences_translate("This vacation request does not exists"));
		$babBody->babpopup('');
		return 0;
	}

	$temp = new absences_approbEntryDetail($entry);
	
	$Icons = bab_functionality::get('Icons');
	/*@var $Icons Func_Icons */
	$Icons->includeCss();
	
	$babBody->babPopup(bab_printTemplate($temp, absences_addon()->getRelativePath()."approb.html", "confirmvacation"));
}



















/**
 * Next approval step
 * @param absences_WorkperiodRecoverRequest $workperiod
 */
function absences_confirmWaitingRecoverRequestSave(absences_WorkperiodRecoverRequest $workperiod)
{
	$W = bab_Widgets();
	$values = bab_pp('workperiod');
	
	$id_type = absences_getRecoveryType();
	
	if (empty($id_type))
	{
		throw new Exception(absences_translate('The right type for recovery is not configured'));
	}
	
	
	// mise a jour de la quantite et de quantity_unit
	
	$workperiod->quantity = str_replace(',', '.', $values['quantity']);
	$workperiod->quantity_unit = $values['quantity_unit'];
	$workperiod->validity_end = $W->DatePicker()->getISODate($values['validity_end']);
	
	if (isset($values['confirm']))
	{
		$workperiod->approbationNext(true, $values['comment2']);
	} else if (isset($values['refuse']))
	{
		$workperiod->approbationNext(false, $values['comment2']);
	}
	
	$workperiod->notifyOwner();
	$workperiod->notifyApprovers();
	
	$url = bab_url::get_request('tg');
	$url->idx = 'unload';
	$url->location();
}






function absences_confirmWaitingRecoverRequest($id_workperiod)
{
	require_once dirname(__FILE__).'/utilit/workperiod_recover_request.class.php';
	require_once dirname(__FILE__).'/utilit/workperiod_recover_request.ui.php';
	$W = bab_Widgets();
	$page = $W->babPage();
	
	$Icons = bab_functionality::get('Icons');
	/*@var $Icons Func_Icons */
	$Icons->includeCss();
	
	$workperiod = absences_WorkperiodRecoverRequest::getById($id_workperiod);
	
	if (!$workperiod->getRow())
	{
		$page->addError(absences_translate('This entry does not exist'));
		$page->displayHtml();
		return;
	}
	
	if ('' != $workperiod->status)
	{
		$page->addError(absences_translate('This entry is not waiting for confirmation'));
		$page->displayHtml();
		return;
	}
	
	
	if (!empty($_POST))
	{
		try {
			absences_confirmWaitingRecoverRequestSave($workperiod);
	
		} catch (Exception $e)
		{
			$page->addError($e->getMessage());
		}
	}
	
	
	$page->setTitle(absences_translate('Confirm the workperiod recovery request'));
	
	
	$editor = new absences_WorkperiodRecoverApprobEditor($workperiod);
	
	$page->addItem($editor);
	$page->setEmbedded(false);
	$page->displayHtml();
}



/**
 * Next approval step
 * @param absences_CetDepositRequest $deposit
 * @throws Exception
 * @return boolean
 */
function absences_confirmWaitingCetDepositSave(absences_CetDepositRequest $deposit)
{
	$cet = bab_pp('cet');
	
	
	// mise a jour de la quantite
	
	$agentRight = $deposit->getAgentRightSource();

	if (!isset($agentRight) || !$agentRight->getRow())
	{
		throw new Exception(absences_translate('The source right of this request is not valid'));
	}
	
	$right = $agentRight->getRight();
	
	if (!isset($right) || !$right->getRow())
	{
		throw new Exception(absences_translate('The source right of this request is not valid'));
	}
	
	$cet['quantity'] = (float) str_replace(',', '.', $cet['quantity']);

	
	$agentCet = $agentRight->getAgent()->Cet();
	if (!$agentCet->testDepositQuantity($agentRight, $cet['quantity'], $deposit))
	{
		return false;
	}
	

	$agentRightCet = $deposit->getAgentRightCet();
	
	$deposit->id_agent_right_cet = $agentRightCet->id;
	

	
	
	
	
	$deposit->quantity = $cet['quantity'];
	
	if (isset($cet['confirm']))
	{
		$deposit->approbationNext(true, $cet['comment2']);
		
	} else if (isset($cet['refuse']))
	{
		$deposit->approbationNext(false, $cet['comment2']);
	}
	
	$deposit->notifyOwner();
	$deposit->notifyApprovers();
	
	$url = bab_url::get_request('tg');
	$url->idx = 'unload';
	$url->location();
}



function absences_confirmWaitingCetDeposit($id_deposit)
{
	require_once dirname(__FILE__).'/utilit/cet_deposit_request.class.php';
	require_once dirname(__FILE__).'/utilit/cet_deposit_request.ui.php';
	$W = bab_Widgets();
	$page = $W->babPage();
	
	$Icons = bab_functionality::get('Icons');
	/*@var $Icons Func_Icons */
	$Icons->includeCss();
	
	$deposit = absences_CetDepositRequest::getById($id_deposit);
	
	if (!$deposit->getRow())
	{
		$page->addError(absences_translate('This deposit does not exist'));
		$page->displayHtml();
		return;
	}
	
	if ('' != $deposit->status)
	{
		$page->addError(absences_translate('This deposit is not waiting for confirmation'));
		$page->displayHtml();
		return;
	}
	
	
	if (!empty($_POST))
	{
		try {
			absences_confirmWaitingCetDepositSave($deposit);
			
		} catch (Exception $e)
		{
			$page->addError($e->getMessage());
		}
	}
	
	
	$page->setTitle(absences_translate('Confirm the time saving account deposit'));
	
	
	$editor = new absences_CetDepositRequestApprobEditor($deposit);	
	
	$page->addItem($editor);
	$page->setEmbedded(false);
	$page->displayHtml();
}




/**
 * @param int		$veid		Vacation entry id
 * @param string	$remarks
 * @param boolean	$action
 * @return boolean
 */
function absences_confirmVacationRequest($veid, $remarks, $action)
{
	require_once dirname(__FILE__).'/utilit/entry.class.php';
	require_once dirname(__FILE__).'/utilit/request.notify.php';

	$entry = absences_Entry::getById($veid);

	if (1 === (int) bab_pp('folder', 0))
	{
		$I = $entry->getFolderEntriesIterator();
		$I->appr_idfai = bab_getWaitingIdSAInstance(bab_getUserId());

		foreach($I as $folder_entry)
		{
			/*@var $folder_entry absences_Entry */
			$folder_entry->approbationNext($action, $remarks);
			$folder_entry->applyDynamicRight();


			// on fait une notification groupee a la place
			// $folder_entry->notifyOwner();
		}

		
		if (isset($folder_entry))
		{
			// last entry

			if ($action && 'Y' == $folder_entry->status)
			{
				absences_notifyRequestAuthor($I, absences_translate("An absences request set has been accepted"), '', $folder_entry->id_user);

				$agent = $folder_entry->getAgent();
				$emails = $agent->getEmails();
				if (!empty($emails))
				{
					absences_notifyEntryOwnerEmails($I, $emails);
				}
			} else if ('N' == $folder_entry->status) {

				absences_notifyRequestAuthor($I, absences_translate("An absences request set has been rejected"), '', $folder_entry->id_user);
			}
			
			
			$folder_entry->notifyApprovers();
		}

	} else {

		$entry->approbationNext($action, $remarks);
		$entry->applyDynamicRight();
		$entry->notifyOwner();
		$entry->notifyApprovers();
	}

	return true;
}



// main


if( '' != ($conf = bab_rp('conf')))
{
	if( $conf == 'vac' )
	{
		if (isset($_POST['confirm'])) {

			if (!absences_confirmVacationRequest(bab_pp('veid'), bab_pp('remarks'), true)) {
				$babBody->addError(absences_translate('Access denied'));
				return;
			}

		} else if (isset($_POST['refuse'])) {

			if (!absences_confirmVacationRequest(bab_pp('veid'), bab_pp('remarks'), false)) {
				$babBody->addError(absences_translate('Access denied'));
				return;
			}

		}
		$idx = 'unload';
	}
}



$idx = bab_rp('idx');

switch($idx)
{
	case "unload":
		include_once $babInstallPath."utilit/uiutil.php";
		popupUnload(absences_translate("Update done"), $GLOBALS['babUrlScript']."?tg=approb&idx=all");
		exit;
	
	
	case 'confvac':
		absences_confirmWaitingVacation(bab_gp('idvac'));
		exit;
		break;
		
	case 'recover':
		absences_confirmWaitingRecoverRequest(bab_rp('id_workperiod'));
		break;
		
	case 'cet':
		absences_confirmWaitingCetDeposit(bab_rp('id_deposit'));
		break;
}


1		<?php
2		//-------------------------------------------------------------------------
3		// OVIDENTIA http://www.ovidentia.org
4		// Ovidentia is free software; you can redistribute it and/or modify
5		// it under the terms of the GNU General Public License as published by
6		// the Free Software Foundation; either version 2, or (at your option)
7		// any later version.
8		//
9		// This program is distributed in the hope that it will be useful, but
10		// WITHOUT ANY WARRANTY; without even the implied warranty of
11		// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
12		// See the GNU General Public License for more details.
13		//
14		// You should have received a copy of the GNU General Public License
15		// along with this program; if not, write to the Free Software
16		// Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
17		// USA.
18		//-------------------------------------------------------------------------
19		/**
20		* @license http://opensource.org/licenses/gpl-license.php GNU General Public License (GPL)
21		* @copyright Copyright (c) 2006 by CANTICO ({@link http://www.cantico.fr})
22		*/
23
24		include_once dirname(__FILE__).'/functions.php';
25		require_once $GLOBALS['babInstallPath']."utilit/wfincl.php";
26		require_once $GLOBALS['babInstallPath'].'utilit/urlincl.php';
27		include_once dirname(__FILE__)."/utilit/vacincl.php";
28		include_once dirname(__FILE__)."/utilit/entry.class.php";
29		include_once dirname(__FILE__)."/utilit/request.ui.php";
30
31
32
33
34
35		class absences_approbEntryDetail extends absences_requestDetail
36		{
37		public $datebegintxt;
38		public $datebegin;
39		public $halfnamebegin;
40		public $dateendtxt;
41		public $dateend;
42		public $halfnameend;
43		public $nbdaystxt;
44		public $typename;
45		public $nbdays;
46		public $totaltxt;
47		public $totalval;
48		public $confirm;
49		public $refuse;
50		public $fullname;
51		public $commenttxt;
52		public $remarktxt;
53		public $remark;
54
55		public $arr = array();
56		public $db;
57		public $count;
58		public $res;
59		public $veid;
60
61		public $folder;
62
63
64		public $t_alert;
65		public $t_nomatch;
66		public $t_folder;
67		public $t_confirm_folder;
68		public $t_createdby;
69
70		/**
71		* @var bool\|string
72		*/
73		public $createdby;
74
75		/**
76		* @var bool\|string
77		*/
78		public $todelete;
79
80
81		public $begin;
82		public $end;
83		public $id_user;
84		public $totaldates_days;
85		public $totaldates_hours;
86		public $availability;
87		public $negative;
88		public $nomatch;
89		public $alert;
90		public $typecolor;
91		public $rightname;
92		public $date;
93
94
95		public function __construct(absences_Entry $entry)
96		{
97		parent::__construct($entry, true);
98
99		require_once dirname(__FILE__).'/utilit/agent.ui.php';
100
101		$this->datebegintxt = absences_translate("Begin date");
102		$this->dateendtxt = absences_translate("End date");
103		$this->nbdaystxt = absences_translate("Quantities");
104		$this->totaltxt = absences_translate("Total");
105		$this->commenttxt = absences_translate("Approver comment");
106
107		$this->refuse = absences_translate("Refuse");
108		$this->remarktxt = absences_translate("Applicant comment");
109		$this->t_alert = absences_translate("Negative balance");
110		$this->t_nomatch = absences_translate("The length of the period is different from the requested vacation");
111		$this->t_folder = absences_translate("Other dates of the recurring request");
112		$this->t_confirm_folder = absences_translate("Apply the same choice on all recurring request periods");
113		$this->t_createdby = absences_translate("Created by");
114
115	View Code Duplication	if ($entry->createdby == $entry->id_user)
116		{
117		$this->createdby = false;
118		} else if ($entry->createdby) {
119		$this->createdby = bab_toHtml(bab_getUserName($entry->createdby));
120		} else {
121		$this->createdby = false;
122		}
123
124		$this->confirm = absences_translate("Approve");
125
126		$this->todelete = false;
127		if ($entry->todelete) {
128		$this->confirm = absences_translate("Confirm deletion");
129		$this->todelete = absences_translate('Deletion request');
130		}
131
132		$this->begin = bab_mktime($entry->date_begin);
133		$this->end = bab_mktime($entry->date_end);
134		$this->datebegin = bab_toHtml(absences_longDate($this->begin));
135		$this->dateend = bab_toHtml(absences_longDate($this->end));
136		$this->id_user = $entry->id_user;
137		$this->fullname = bab_toHtml(bab_getUserName($entry->id_user));
138		$this->remark = bab_toHtml($entry->comment, BAB_HTML_ALL);
139
140		// here we do not use the planned duration to verify
141		// if a workschedule modification has been made beetween the
142		// request creation and the validation step
143		$this->totaldates_days = $entry->getDurationDays();
144		$this->totaldates_hours = $entry->getDurationHours();
145
146		if (0 === (int) round(100 * $this->totaldates_hours)) {
147		// pas d'heures travaillees
148		$this->availability = sprintf(absences_translate('%s in period'), absences_quantity($this->totaldates_days, 'D'));
149		} else {
150		$this->availability = sprintf(absences_translate('%s or %s in period'), absences_quantity($this->totaldates_days, 'D'), absences_quantity($this->totaldates_hours, 'H'));
151		}
152
153		$rights = absences_getRightsOnPeriod($entry->date_begin, $entry->date_end, $entry->id_user);
154		$this->negative = array();
155		foreach ($rights as $r)
156		{
157		$after = $r['quantity_available'] - $r['waiting'];
158		if ($after < 0)
159		$this->negative[$r['id']] = $after;
160		}
161
162		$this->res = $entry->getElementsIterator();
163		$this->res->rewind();
164
165
166		$this->totalval = array('D' => 0, 'H' => 0); // quantity in days
167		$this->veid = bab_toHtml($entry->id);
168		$this->nomatch = false;
169
170
171		if ($this->folder = $entry->getFolderEntriesIterator())
172		{
173		$this->folder->appr_idfai = bab_getWaitingIdSAInstance(bab_getUserId());
174
175		$this->folder->rewind();
176		}
177		}
178
179		function getnexttype()
		0 ignored issues – show Best Practice introduced 2015-11-30 13:10 UTC by Report Bug Copy Issue Report Show Similar Issues like this It is generally recommended to explicitly declare the visibility for methods. Adding explicit visibility (`private`, `protected`, or `public`) is generally recommend to communicate to other developers how, and from where this method is intended to be used. Loading history...
180		{
181		if( $this->res->valid())
182		{
183		$elem = $this->res->current();
184		/@var $elem absences_EntryElem /
185		$right = $elem->getRight();
186		$type = $right->getType();
187
188		$this->totalval[$right->quantity_unit] += $elem->quantity;
189		$this->nbdays = absences_quantity($elem->quantity, $right->quantity_unit);
190		$this->alert = isset($this->negative[$right->id]) ? $this->negative[$right->id] : false;
191
192		$this->typecolor = bab_toHtml($type->color);
193		$this->typename = bab_toHtml($type->name);
194		$this->rightname = bab_toHtml($right->description);
195
196		$this->res->next();
197
198		return true;
199		}
200		return false;
201
202		}
203
204		function getmatch()
		0 ignored issues – show Best Practice introduced 2015-11-30 13:10 UTC by Report Bug Copy Issue Report Show Similar Issues like this It is generally recommended to explicitly declare the visibility for methods. Adding explicit visibility (`private`, `protected`, or `public`) is generally recommend to communicate to other developers how, and from where this method is intended to be used. Loading history...
205		{
206		// si aucun droit en heure, verifier que le nombre de jours pris corespond au nombre de jour de la periode
207		if (0 === round(100 * $this->totalval['H']))
208		{
209
210
211		// pour les demi-jours, une precision d'un chiffre apres la virgule suffi
212		$this->nomatch = !(round(10 * $this->totalval['D']) === round(10 * $this->totaldates_days));
213		return false;
214		}
215
216		// jours non pris (doit etre occupe par les heures)
217		$days1 = $this->totaldates_days - $this->totalval['D'];
218
219		// nombre de jours calcules corespondant aux heures prises sur la periode
220		if ($this->totaldates_hours > 0)
221		{
222		$days2 = ($this->totaldates_days * $this->totalval['H']) / $this->totaldates_hours;
223		} else {
224		$days2 = 0;
225		}
226
227
228
229		$this->nomatch = $days1 !== $days2;
230		return false;
231		}
232
233
234		public function getnextfe()
235		{
236
237		if ($this->folder->valid())
238		{
239		$entry = $this->folder->current();
240		/@var $entry absences_Entry /
241		$this->date = bab_toHtml(bab_shortDate(bab_mktime($entry->date_begin), false));
242
243		$this->folder->next();
244		return true;
245		}
246
247		return false;
248		}
249		}
250
251
252
253
254
255
256		function absences_confirmWaitingVacation($id)
257		{
258		global $babBody, $babDB;
259
260		$entry = absences_Entry::getById($id);
261
262		if (!$entry->getRow()) {
263		$babBody->addError(absences_translate("This vacation request does not exists"));
264		$babBody->babpopup('');
265		return 0;
266		}
267
268		$temp = new absences_approbEntryDetail($entry);
269
270		$Icons = bab_functionality::get('Icons');
271		/@var $Icons Func_Icons /
272		$Icons->includeCss();
273
274		$babBody->babPopup(bab_printTemplate($temp, absences_addon()->getRelativePath()."approb.html", "confirmvacation"));
275		}
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295		/**
296		* Next approval step
297		* @param absences_WorkperiodRecoverRequest $workperiod
298		*/
299		function absences_confirmWaitingRecoverRequestSave(absences_WorkperiodRecoverRequest $workperiod)
300		{
301		$W = bab_Widgets();
302		$values = bab_pp('workperiod');
303
304		$id_type = absences_getRecoveryType();
305
306		if (empty($id_type))
307		{
308		throw new Exception(absences_translate('The right type for recovery is not configured'));
309		}
310
311
312		// mise a jour de la quantite et de quantity_unit
313
314		$workperiod->quantity = str_replace(',', '.', $values['quantity']);
315		$workperiod->quantity_unit = $values['quantity_unit'];
316		$workperiod->validity_end = $W->DatePicker()->getISODate($values['validity_end']);
317
318	View Code Duplication	if (isset($values['confirm']))
319		{
320		$workperiod->approbationNext(true, $values['comment2']);
321		} else if (isset($values['refuse']))
322		{
323		$workperiod->approbationNext(false, $values['comment2']);
324		}
325
326		$workperiod->notifyOwner();
327		$workperiod->notifyApprovers();
328
329		$url = bab_url::get_request('tg');
330		$url->idx = 'unload';
331		$url->location();
332		}
333
334
335
336
337
338
339	View Code Duplication	function absences_confirmWaitingRecoverRequest($id_workperiod)
340		{
341		require_once dirname(__FILE__).'/utilit/workperiod_recover_request.class.php';
342		require_once dirname(__FILE__).'/utilit/workperiod_recover_request.ui.php';
343		$W = bab_Widgets();
344		$page = $W->babPage();
345
346		$Icons = bab_functionality::get('Icons');
347		/@var $Icons Func_Icons /
348		$Icons->includeCss();
349
350		$workperiod = absences_WorkperiodRecoverRequest::getById($id_workperiod);
351
352		if (!$workperiod->getRow())
353		{
354		$page->addError(absences_translate('This entry does not exist'));
355		$page->displayHtml();
356		return;
357		}
358
359		if ('' != $workperiod->status)
360		{
361		$page->addError(absences_translate('This entry is not waiting for confirmation'));
362		$page->displayHtml();
363		return;
364		}
365
366
367		if (!empty($_POST))
368		{
369		try {
370		absences_confirmWaitingRecoverRequestSave($workperiod);
371
372		} catch (Exception $e)
373		{
374		$page->addError($e->getMessage());
375		}
376		}
377
378
379		$page->setTitle(absences_translate('Confirm the workperiod recovery request'));
380
381
382		$editor = new absences_WorkperiodRecoverApprobEditor($workperiod);
383
384		$page->addItem($editor);
385		$page->setEmbedded(false);
386		$page->displayHtml();
387		}
388
389
390
391		/**
392		* Next approval step
393		* @param absences_CetDepositRequest $deposit
394		* @throws Exception
395		* @return boolean
396		*/
397		function absences_confirmWaitingCetDepositSave(absences_CetDepositRequest $deposit)
398		{
399		$cet = bab_pp('cet');
400
401
402		// mise a jour de la quantite
403
404		$agentRight = $deposit->getAgentRightSource();
405
406		if (!isset($agentRight) \|\| !$agentRight->getRow())
407		{
408		throw new Exception(absences_translate('The source right of this request is not valid'));
409		}
410
411		$right = $agentRight->getRight();
412
413		if (!isset($right) \|\| !$right->getRow())
414		{
415		throw new Exception(absences_translate('The source right of this request is not valid'));
416		}
417
418		$cet['quantity'] = (float) str_replace(',', '.', $cet['quantity']);
419
420
421		$agentCet = $agentRight->getAgent()->Cet();
422		if (!$agentCet->testDepositQuantity($agentRight, $cet['quantity'], $deposit))
423		{
424		return false;
425		}
426
427
428		$agentRightCet = $deposit->getAgentRightCet();
429
430		$deposit->id_agent_right_cet = $agentRightCet->id;
431
432
433
434
435
436
437		$deposit->quantity = $cet['quantity'];
438
439	View Code Duplication	if (isset($cet['confirm']))
440		{
441		$deposit->approbationNext(true, $cet['comment2']);
442
443		} else if (isset($cet['refuse']))
444		{
445		$deposit->approbationNext(false, $cet['comment2']);
446		}
447
448		$deposit->notifyOwner();
449		$deposit->notifyApprovers();
450
451		$url = bab_url::get_request('tg');
452		$url->idx = 'unload';
453		$url->location();
454		}
455
456
457
458	View Code Duplication	function absences_confirmWaitingCetDeposit($id_deposit)
459		{
460		require_once dirname(__FILE__).'/utilit/cet_deposit_request.class.php';
461		require_once dirname(__FILE__).'/utilit/cet_deposit_request.ui.php';
462		$W = bab_Widgets();
463		$page = $W->babPage();
464
465		$Icons = bab_functionality::get('Icons');
466		/@var $Icons Func_Icons /
467		$Icons->includeCss();
468
469		$deposit = absences_CetDepositRequest::getById($id_deposit);
470
471		if (!$deposit->getRow())
472		{
473		$page->addError(absences_translate('This deposit does not exist'));
474		$page->displayHtml();
475		return;
476		}
477
478		if ('' != $deposit->status)
479		{
480		$page->addError(absences_translate('This deposit is not waiting for confirmation'));
481		$page->displayHtml();
482		return;
483		}
484
485
486		if (!empty($_POST))
487		{
488		try {
489		absences_confirmWaitingCetDepositSave($deposit);
490
491		} catch (Exception $e)
492		{
493		$page->addError($e->getMessage());
494		}
495		}
496
497
498		$page->setTitle(absences_translate('Confirm the time saving account deposit'));
499
500
501		$editor = new absences_CetDepositRequestApprobEditor($deposit);
502
503		$page->addItem($editor);
504		$page->setEmbedded(false);
505		$page->displayHtml();
506		}
507
508
509
510
511		/**
512		* @param int $veid Vacation entry id
513		* @param string $remarks
514		* @param boolean $action
515		* @return boolean
516		*/
517		function absences_confirmVacationRequest($veid, $remarks, $action)
518		{
519		require_once dirname(__FILE__).'/utilit/entry.class.php';
520		require_once dirname(__FILE__).'/utilit/request.notify.php';
521
522		$entry = absences_Entry::getById($veid);
523
524		if (1 === (int) bab_pp('folder', 0))
525		{
526		$I = $entry->getFolderEntriesIterator();
527		$I->appr_idfai = bab_getWaitingIdSAInstance(bab_getUserId());
528
529		foreach($I as $folder_entry)
530		{
531		/@var $folder_entry absences_Entry /
532		$folder_entry->approbationNext($action, $remarks);
533		$folder_entry->applyDynamicRight();
534
535
536		// on fait une notification groupee a la place
537		// $folder_entry->notifyOwner();
538		}
539
540
541		if (isset($folder_entry))
542		{
543		// last entry
544
545		if ($action && 'Y' == $folder_entry->status)
546		{
547		absences_notifyRequestAuthor($I, absences_translate("An absences request set has been accepted"), '', $folder_entry->id_user);
548
549		$agent = $folder_entry->getAgent();
550		$emails = $agent->getEmails();
551		if (!empty($emails))
552		{
553		absences_notifyEntryOwnerEmails($I, $emails);
554		}
555		} else if ('N' == $folder_entry->status) {
556
557		absences_notifyRequestAuthor($I, absences_translate("An absences request set has been rejected"), '', $folder_entry->id_user);
558		}
559
560
561		$folder_entry->notifyApprovers();
562		}
563
564		} else {
565
566		$entry->approbationNext($action, $remarks);
567		$entry->applyDynamicRight();
568		$entry->notifyOwner();
569		$entry->notifyApprovers();
570		}
571
572		return true;
573		}
574
575
576
577		// main
578
579
580		if( '' != ($conf = bab_rp('conf')))
581		{
582		if( $conf == 'vac' )
583		{
584		if (isset($_POST['confirm'])) {
585
586	View Code Duplication	if (!absences_confirmVacationRequest(bab_pp('veid'), bab_pp('remarks'), true)) {
587		$babBody->addError(absences_translate('Access denied'));
588		return;
589		}
590
591	View Code Duplication	} else if (isset($_POST['refuse'])) {
592
593		if (!absences_confirmVacationRequest(bab_pp('veid'), bab_pp('remarks'), false)) {
594		$babBody->addError(absences_translate('Access denied'));
595		return;
596		}
597
598		}
599		$idx = 'unload';
600		}
601		}
602
603
604
605		$idx = bab_rp('idx');
606
607		switch($idx)
608		{
609		case "unload":
610		include_once $babInstallPath."utilit/uiutil.php";
611		popupUnload(absences_translate("Update done"), $GLOBALS['babUrlScript']."?tg=approb&idx=all");
612		exit;
613
614
615		case 'confvac':
616		absences_confirmWaitingVacation(bab_gp('idvac'));
617		exit;
618		break;
619
620		case 'recover':
621		absences_confirmWaitingRecoverRequest(bab_rp('id_workperiod'));
622		break;
623
624		case 'cet':
625		absences_confirmWaitingCetDeposit(bab_rp('id_deposit'));
626		break;
627		}
628

cantico / absences

Issues (1940)

Security Analysis not enabled

programs/approb.php (2 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like