Issues in vacchart.php (master) - Issues in master - cantico/absences - Measure and Improve Code Quality continuously with Scrutinizer

Issues (1940)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

programs/vacchart.php (1 issue)

Labels

Severity

Minor 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/************************************************************************
 * OVIDENTIA http://www.ovidentia.org                                   *
 ************************************************************************
 * Copyright (c) 2003 by CANTICO ( http://www.cantico.fr )              *
 *                                                                      *
 * This file is part of Ovidentia.                                      *
 *                                                                      *
 * Ovidentia is free software; you can redistribute it and/or modify    *
 * it under the terms of the GNU General Public License as published by *
 * the Free Software Foundation; either version 2, or (at your option)  *
 * any later version.													*
 *																		*
 * This program is distributed in the hope that it will be useful, but  *
 * WITHOUT ANY WARRANTY; without even the implied warranty of			*
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.					*
 * See the  GNU General Public License for more details.				*
 *																		*
 * You should have received a copy of the GNU General Public License	*
 * along with this program; if not, write to the Free Software			*
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,*
 * USA.																	*
************************************************************************/



include_once dirname(__FILE__).'/functions.php';
include_once dirname(__FILE__).'/utilit/vacincl.php';
require_once dirname(__FILE__).'/utilit/agent.class.php';
require_once $GLOBALS['babInstallPath'] . 'utilit/urlincl.php';












class absences_EntitiesCls
{
    var $altbg = true;

    public function __construct($entities)
    {
        $id_oc = absences_getVacationOption('id_chart');
         
        $this->all_manager = false;
        $this->entities = $this->inheritCoManager($entities, $this->all_manager);
        bab_Sort::asort($this->entities, 'name', bab_Sort::CASE_INSENSITIVE);
        
        $this->t_name = absences_translate('Name');
        $this->t_description = absences_translate('Description');
        $this->t_members = absences_translate('Members');
        $this->t_calendar = absences_translate('Planning');
        $this->t_requests = absences_translate('Requests');
        $this->t_planning = absences_translate('Planning acces');
        $this->t_comanager = absences_translate('Co-managers');
    }
    
    
    
    /**
     * Inherit co-manager on subentities
     * @param array $entities
     * @param bool &$all_manager
     * @return array
     */
    protected function inheritCoManager($entities, &$all_manager)
    {
        $id_oc = absences_getVacationOption('id_chart');
         
        $all_manager = false;
        $new_entities = array();
        while (list(,$arr) = each($entities))
        {
            if (!isset($arr['comanager'])) {
                $all_manager = true;
            }
    
            if (!isset($this->entities[$arr['id']])) {
                $new_entities[$arr['id']] = $arr;
            }
            $arr2 = bab_OCGetChildsEntities($arr['id'], $id_oc);
            for ($i = 0 ; $i < count($arr2) ; $i++) {
                if (isset($arr['comanager'])) {
                    $arr2[$i]['comanager'] = 1;
                }
    
                if (!isset($this->entities[$arr2[$i]['id']])) {
                    $new_entities[$arr2[$i]['id']] = $arr2[$i];
                }
            }
        }
    
        return $new_entities;
    }



    public function getnext()
    {
        if (list(,$this->arr) = each($this->entities))
        {
            $this->manager 				= !isset($this->arr['comanager']);
            $this->altbg 				= !$this->altbg;
            $this->arr['name'] 			= bab_toHtml($this->arr['name']);
            $this->arr['description'] 	= bab_toHtml($this->arr['description']);
            return true;
        }
        else
            return false;
    }
}






/**
 * List of entities
 * @param array $entities   Managed entities
 */
function absences_entities($entities)
{
    $babBody = bab_getBody();


    $temp = new absences_EntitiesCls($entities);
    $babBody->babecho(bab_printTemplate($temp,  absences_addon()->getRelativePath()."vacchart.html", 'entities'));

}








function entity_members($ide, $template)
{
	global $babBody;

	class temp

		{
		var $altbg = true;

		function temp($ide)
			{
			$this->ide = $ide;
			$users = bab_OCGetCollaborators($ide);
			$superior = bab_OCGetSuperior($ide);
			$this->superior_id = 0;
			if ($superior !== 0 )
				{
				$this->superior_id = $superior['id_user'];
				$this->superior_name = bab_toHtml($superior['lastname'].' '.$superior['firstname']);
				}
			$this->b_rights = ($this->superior_id != $GLOBALS['BAB_SESS_USERID']);
			$this->set_rights = (bool) absences_getVacationOption('chart_superiors_set_rights');
			
			// si co-gestionnaire de cette entite, pas de droit sur le supperieur

			if (absences_isAccessibleEntityAsCoManager($this->ide)) {
				$this->b_rights = false;
			}
			
			$this->t_name = absences_translate('Name');
			$this->t_calendar = absences_translate('Planning');
			$this->t_rights = absences_translate('Rights');
			$this->t_asks = absences_translate('Requests');
			$this->t_view_calendar = absences_translate('View calendars');
			$this->t_collection = absences_translate('Collection');
			$this->t_schema = absences_translate('Approbation schema');
			$this->t_request = absences_translate('Request');
			$this->t_viewrights = absences_translate('Balance');
			$this->checkall = absences_translate('Check all');
			$this->uncheckall = absences_translate('Uncheck all');
			$this->t_not_in_personel = absences_translate('This user is not in personel members');

			$this->requests = absences_getVacationOption('chart_superiors_create_request');
			
			$this->users = array();
			
			while (list(,$arr) = each($users))
				{
				if ($arr['id_user'] != $this->superior_id)
					{
					$this->users[$arr['id_user']] = $arr['lastname'].' '.$arr['firstname'];
					}
				}
			bab_sort::natcasesort($this->users);

			if (count($this->users) > 0)
				{
				$tmp = array_keys($this->users);
				$tmp[] = $this->superior_id;
				}
			elseif (!empty($this->superior_id))
				{
				$tmp = array($this->superior_id);
				}
			else
				$tmp = array();


			if (count($tmp) > 0)
				{
				$this->more = array();

				global $babDB;
				$req = "SELECT p.id_user,c.name coll,f.name sa FROM ".ABSENCES_PERSONNEL_TBL." p LEFT JOIN ".ABSENCES_COLLECTIONS_TBL." c ON c.id=p.id_coll LEFT JOIN ".BAB_FLOW_APPROVERS_TBL." f ON f.id=p.id_sa WHERE p.id_user IN(".$babDB->quote($tmp).")";
				$res = $babDB->db_query($req);
				while ($arr = $babDB->db_fetch_array($res))
					{
					$this->more[$arr['id_user']] = array( $arr['coll'], $arr['sa'] );
					}
				}

			$this->s_collection = '';
			$this->s_schema = '';
			if ($superior !== 0 && isset($this->more[$this->superior_id]))
				{
				list($this->s_collection, $this->s_schema ) = $this->more[$this->superior_id] ;
				$this->s_collection = bab_toHtml($this->s_collection);
				$this->s_schema = bab_toHtml($this->s_schema);
				}
			}

		function getnext()
			{
			if (list($this->id_user,$this->name) = each($this->users))
				{
				$this->altbg = !$this->altbg;
				$this->b_rights = absences_canChartEditRights($this->id_user);
				$this->collection = isset($this->more[$this->id_user][0]) ? bab_toHtml($this->more[$this->id_user][0]) : '';
				$this->schema = isset($this->more[$this->id_user][1]) ? bab_toHtml($this->more[$this->id_user][1]) : '';
				$this->name = bab_toHtml($this->name);
				
				return true;
				}
			else
				return false;
			}
		}

	$temp = new temp($ide);
	
	$entity = bab_OCGetEntity($ide);
	
	$babBody->setTitle(sprintf(absences_translate('Members of entity "%s"'), $entity['name']));
	$babBody->babecho(bab_printTemplate($temp,  absences_addon()->getRelativePath()."vacchart.html", $template));
	
}




function entity_users($ide)
{
	$users = bab_OCGetCollaborators($ide);
	$superior = bab_OCGetSuperior($ide);

	$tmp = array();
	foreach ($users as $user)
		{
		$tmp[$user['id_user']] = $user['id_user'];
		}

	if (!isset($tmp[$superior['id_user']]) && !empty($superior['id_user']))
		$tmp[$superior['id_user']] = $superior['id_user'];

	return array_keys($tmp);
}

function entity_requests($ide )
{
	global $babBody;
	$entity = bab_OCGetEntity($ide);
	
	$babBody->setTitle(sprintf(absences_translate('Vacation requests by members of entity "%s"'), $entity['name']));
	
	
	absences_listVacationRequests(entity_users($ide), true, 1, $ide);
}



function entity_comanager($ide) {
	$e =  bab_OCGetEntity($ide);
	$GLOBALS['babBody']->setTitle(absences_translate("Co-managers").' : '.$e['name']);

	include_once $GLOBALS['babInstallPath'].'utilit/selectusers.php';
	global $babBody, $babDB;
	$obj = new bab_selectusers();
	$obj->addVar('ide', $ide);
	$res = $babDB->db_query("SELECT id_user FROM ".ABSENCES_COMANAGER_TBL." WHERE id_entity=".$babDB->quote($ide));
	while (list($id) = $babDB->db_fetch_array($res))
		{
		$obj->addUser($id);
		}
	$obj->setRecordCallback('saveCoManager');
	$babBody->babecho($obj->getHtml());

}


function viewVacUserDetails($ide, $id_user) {
	
	require_once dirname(__FILE__).'/utilit/agent.ui.php';
	
	
	$agent = absences_Agent::getFromIdUser($id_user);
	
	$W = bab_Widgets();
	$page = $W->BabPage();
	$frame = $W->Frame(null , $W->VBoxLayout()->setVerticalSpacing(2,'em'))
		->addClass('widget-bordered')
		->addClass('BabLoginMenuBackground')
		->addClass('widget-centered')
		->addClass(Func_Icons::ICON_LEFT_24);
		
	$frame->setCanvasOptions($frame->Options()->width(70,'em'));
	
	$page->addItem($frame);
	
	
	$url = bab_url::get_request('tg', 'ide', 'iduser');
	$url->idx = 'modp';
	
	if ($id_user != $GLOBALS['BAB_SESS_USERID'] && absences_getVacationOption('chart_superiors_user_edit'))
	{
		$frame->addItem($W->Link($W->Icon(absences_translate("Modify"), Func_Icons::ACTIONS_DOCUMENT_EDIT), $url->toString()));
	}
	
	$frame->addItem(new absences_AgentCardFrame($agent));
	
	
	$page->displayHtml();
	
	


}





function saveCoManager($userids, $params) {

	$ide = $params['ide'];
	global $babDB;
	$babDB->db_query("DELETE FROM ".ABSENCES_COMANAGER_TBL." WHERE id_entity = ".$babDB->quote($ide));

	foreach ($userids as $uid)
	{
		$babDB->db_query("INSERT INTO ".ABSENCES_COMANAGER_TBL." (id_user, id_entity) VALUES ('".$babDB->db_escape_string($uid)."','".$babDB->db_escape_string($ide)."')");
	}
	
	header('location:'.absences_addon()->getUrl()."vacchart&idx=entities");
	exit;
}



/**
 * 
 * @param int $id_user
 * @return boolean
 */
function absences_canChartEditRights($id_user)
{
	return ($id_user != bab_getUserId() && absences_getVacationOption('chart_superiors_set_rights') && absences_IsUserUnderSuperior($id_user));
}



function absences_updateVacationChartPersonnel($id_user)
{
    $update = absences_updateVacationPersonnel($id_user);
    if(true === $update) {
        return 'changeucol';
    }
    
    if (false === $update) {
        return 'modp';
    }

    $url = bab_url::get_request('tg', 'ide');
    $url->idx = 'entity_members';
    $url->location();
}



// main
bab_requireCredential();
$agent = absences_Agent::getCurrentUser();
$userentities = $agent->getManagedEntities();
$entities_access = count($userentities);



$idx = bab_rp('idx', 'entities');


if( isset($_POST['add']) && $entities_access > 0 )
	{
	switch($_POST['add'])
		{
		case 'modrbu':
			if ( absences_canChartEditRights($_POST['idu']) )
			{
				if (absences_updateVacationRightByUser($_POST['idu'], $_POST['quantity'], bab_pp('comment')))
				{
					bab_url::get_request('tg', 'idx', 'ide', 'idu')->location();
				}
			}
			break;

		case 'changeuser':
			if (!absences_getVacationOption('chart_superiors_user_edit'))
			{
				break;
			}
			if (!empty($_POST['idp'])) {
				$idx = absences_updateVacationChartPersonnel($_POST['idp']);
			}
			else
			{
				try {
					
					$messages = array();
					if( !absences_saveVacationPersonnel(bab_pp('userid'), bab_pp('idcol'), bab_pp('idsa'), bab_pp('id_sa_cet'), bab_pp('id_sa_recover'), bab_pp('emails'), $messages))
					{
					$idx ='addp';
					}
				} catch (Exception $e)
				{
					$babBody->addError($e->getMessage());
					$idx ='addp';
				}
				
				if (!empty($messages))
				{
					/*@var $babBody babBody */
					foreach($messages as $message)
					{
						$babBody->addMessage($message);
					}
				}
			}
			break;
		

		case 'changeucol':
			if (!absences_getVacationOption('chart_superiors_user_edit'))
			{
				break;
			}
			if (!absences_updateUserColl())
				$idx = $add;
			break;
		}
	}
	
if (!bab_rp('popup'))
{	
    if ($agent->isInPersonnel())
    {
    	$babBody->addItemMenu("vacuser", absences_translate("Vacations"), absences_addon()->getUrl()."vacuser");
    }
    
    if( $agent->isManager())
    {
    	$babBody->addItemMenu("list", absences_translate("Management"), absences_addon()->getUrl()."vacadm");
    }
    
    if ($agent->isEntityManager())
    {
    	$babBody->addItemMenu("entities", absences_translate("Delegate management"), absences_addon()->getUrl()."vacchart&idx=entities");
    }
}



switch($idx)
	{
	case 'lper':
		$idx = 'entity_members';
	case 'entity_members':
		
		$babBody->addItemMenu("entity_members", absences_translate("Entity members"), absences_addon()->getUrl()."vacchart&idx=entity_members&ide=".bab_rp('ide'));
		if ($entities_access > 0)
			entity_members(bab_rp('ide'), 'entity_members');
		else
			{
			$babBody->addError(absences_translate("Access denied"));
			}
		break;

	case 'planning_members':
		if (absences_isPlanningAccessValid())
			{
			$babBody->title = absences_translate("Entity members");
			$babBody->addItemMenu("planning", absences_translate("Plannings"), absences_addon()->getUrl()."planning&idx=userlist");
			$babBody->addItemMenu("planning_members", absences_translate("Entity members"), absences_addon()->getUrl()."vacchart&idx=planning_members");
			entity_members($_REQUEST['ide'], 'planning_members');
			}
		else
			{
			$babBody->addError(absences_translate("Access denied"));
			}
		break;



	case 'rights':

		if (absences_canChartEditRights(bab_rp('idu')))
			{
    			if (!bab_rp('popup'))
    			{
    		    	$babBody->addItemMenu("entity_members", absences_translate("Entity members"), absences_addon()->getUrl()."vacchart&idx=entity_members&ide=".bab_rp('ide'));
    		    	$babBody->addItemMenu("rights", absences_translate("Rights"), absences_addon()->getUrl()."vacchart&idx=rights&idu=".bab_rp('idu').'&ide='.bab_rp('ide'));
    			}
    			absences_listRightsByUser(bab_rp('idu'));
			}
		else
			{
			$babBody->addError(absences_translate("Access denied"));
			}
		break;

	case "rlbuul":
		absences_rlistbyuserUnload(absences_translate("Your request has been updated"));
		exit;

	case 'asks':
		$babBody->addItemMenu("entity_members", absences_translate("Entity members"), absences_addon()->getUrl()."vacchart&idx=entity_members&ide=".$_GET['ide']);
		if (absences_IsUserUnderSuperior($_GET['id_user']))
			{

			$babBody->title = absences_translate("Vacation requests list");
			$babBody->addItemMenu("asks", absences_translate("Requests"), absences_addon()->getUrl()."vacchart&idx=asks");
			absences_listVacationRequests($_GET['id_user'], false, 1, bab_rp('ide'));
			}
		else
			{
			$babBody->addError(absences_translate("Access denied"));
			}
		break;

	case 'entity_requests':

		if ($entities_access > 0)
			{
			$babBody->addItemMenu("entity_requests", absences_translate("Requests"), absences_addon()->getUrl()."vacchart&idx=entity_requests");
			entity_requests($_GET['ide']);
			}
		else
			{
			$babBody->addError(absences_translate("Access denied"));
			}
		break;
		



	case 'comanager':
		$babBody->addItemMenu("comanager", absences_translate("Co-managers"), absences_addon()->getUrl()."vacchart&idx=comanager");

		$ide = bab_rp('ide');
		
		if ($entities_access > 0 && !empty($ide))
			entity_comanager($ide);
		break;

	case 'view':
		$babBody->addItemMenu("entity_members", absences_translate("Entity members"), absences_addon()->getUrl()."vacchart&idx=entity_members&ide=".$_GET['ide']);
		
		if (absences_IsUserUnderSuperior($_GET['iduser']) && $_GET['iduser'] != $GLOBALS['BAB_SESS_USERID'])
			{
			$babBody->addItemMenu("view", absences_translate("User"), absences_addon()->getUrl()."vacchart&idx=view&ide=".$_GET['ide']);
			$babBody->title = bab_getUserName($_GET['iduser']);
			viewVacUserDetails($_GET['ide'], $_GET['iduser']);
			}
		else
			{
			$babBody->addError(absences_translate("Access denied"));
			}
		break;

	case "modp":
		$babBody->addItemMenu("entity_members", absences_translate("Entity members"), absences_addon()->getUrl()."vacchart&idx=entity_members&ide=".$_GET['ide']);
		
		if (absences_IsUserUnderSuperior($_REQUEST['iduser']) && $_GET['iduser'] != $GLOBALS['BAB_SESS_USERID'])
			{
			$babBody->addItemMenu("modp", absences_translate("Modify"), absences_addon()->getUrl()."vacchart&idx=entity_members&ide=".$_GET['ide']);
			$babBody->title = absences_translate("Modify user");
			absences_addVacationPersonnel($_REQUEST['iduser']);
			}
		else
			{
			$babBody->addError(absences_translate("Access denied"));
			}
		break;

	case 'changeucol':
		$babBody->addItemMenu("entity_members", absences_translate("Entity members"), absences_addon()->getUrl()."vacchart&idx=entity_members&ide=".$_REQUEST['ide']);
		if (absences_IsUserUnderSuperior($_POST['idp']) && $_POST['idp'] != $GLOBALS['BAB_SESS_USERID'])
			{
			$babBody->addItemMenu("changeucol", absences_translate("Modify"), absences_addon()->getUrl()."vacchart&idx=changeucol&ide=".$_REQUEST['ide']);
			$babBody->title = absences_translate("Change user collection");
			absences_changeucol( $_POST['idp'], $_POST['idcol'] );
			}
		else
			{
			$babBody->addError(absences_translate("Access denied"));
			}
		break;

	case 'planning':
		if (absences_isPlanningAccessValid())
			{
			$babBody->addItemMenu("planning", absences_translate("Plannings"), absences_addon()->getUrl()."planning&idx=userlist");
			$babBody->title = absences_translate("Planning list");
			absences_accessible_plannings($userentities);
			}
		break;

	default:
	case 'entities':
		if ($entities_access > 0)
		{
			$babBody->title = absences_translate("Entities list");
			absences_entities($userentities);
		}
		break;
	}

$babBody->setCurrentItemMenu($idx);

?>

1		<?php
2		/************************************************************************
3		* OVIDENTIA http://www.ovidentia.org *
4		************************************************************************
5		* Copyright (c) 2003 by CANTICO ( http://www.cantico.fr ) *
6		* *
7		* This file is part of Ovidentia. *
8		* *
9		* Ovidentia is free software; you can redistribute it and/or modify *
10		* it under the terms of the GNU General Public License as published by *
11		* the Free Software Foundation; either version 2, or (at your option) *
12		* any later version. *
13		* *
14		* This program is distributed in the hope that it will be useful, but *
15		* WITHOUT ANY WARRANTY; without even the implied warranty of *
16		* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. *
17		* See the GNU General Public License for more details. *
18		* *
19		* You should have received a copy of the GNU General Public License *
20		* along with this program; if not, write to the Free Software *
21		* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,*
22		* USA. *
23		************************************************************************/
24
25
26
27		include_once dirname(__FILE__).'/functions.php';
28		include_once dirname(__FILE__).'/utilit/vacincl.php';
29		require_once dirname(__FILE__).'/utilit/agent.class.php';
30		require_once $GLOBALS['babInstallPath'] . 'utilit/urlincl.php';
31
32
33
34
35
36
37
38
39
40
41
42
43		class absences_EntitiesCls
44		{
45		var $altbg = true;
46
47		public function __construct($entities)
48		{
49		$id_oc = absences_getVacationOption('id_chart');
50
51		$this->all_manager = false;
52		$this->entities = $this->inheritCoManager($entities, $this->all_manager);
53		bab_Sort::asort($this->entities, 'name', bab_Sort::CASE_INSENSITIVE);
54
55		$this->t_name = absences_translate('Name');
56		$this->t_description = absences_translate('Description');
57		$this->t_members = absences_translate('Members');
58		$this->t_calendar = absences_translate('Planning');
59		$this->t_requests = absences_translate('Requests');
60		$this->t_planning = absences_translate('Planning acces');
61		$this->t_comanager = absences_translate('Co-managers');
62		}
63
64
65
66		/**
67		* Inherit co-manager on subentities
68		* @param array $entities
69		* @param bool &$all_manager
70		* @return array
71		*/
72		protected function inheritCoManager($entities, &$all_manager)
73		{
74		$id_oc = absences_getVacationOption('id_chart');
75
76		$all_manager = false;
77		$new_entities = array();
78		while (list(,$arr) = each($entities))
79		{
80		if (!isset($arr['comanager'])) {
81		$all_manager = true;
82		}
83
84		if (!isset($this->entities[$arr['id']])) {
85		$new_entities[$arr['id']] = $arr;
86		}
87		$arr2 = bab_OCGetChildsEntities($arr['id'], $id_oc);
88		for ($i = 0 ; $i < count($arr2) ; $i++) {
89		if (isset($arr['comanager'])) {
90		$arr2[$i]['comanager'] = 1;
91		}
92
93		if (!isset($this->entities[$arr2[$i]['id']])) {
94		$new_entities[$arr2[$i]['id']] = $arr2[$i];
95		}
96		}
97		}
98
99		return $new_entities;
100		}
101
102
103
104		public function getnext()
105		{
106		if (list(,$this->arr) = each($this->entities))
107		{
108		$this->manager = !isset($this->arr['comanager']);
109		$this->altbg = !$this->altbg;
110		$this->arr['name'] = bab_toHtml($this->arr['name']);
111		$this->arr['description'] = bab_toHtml($this->arr['description']);
112		return true;
113		}
114		else
115		return false;
116		}
117		}
118
119
120
121
122
123
124		/**
125		* List of entities
126		* @param array $entities Managed entities
127		*/
128		function absences_entities($entities)
129		{
130		$babBody = bab_getBody();
131
132
133		$temp = new absences_EntitiesCls($entities);
134		$babBody->babecho(bab_printTemplate($temp, absences_addon()->getRelativePath()."vacchart.html", 'entities'));
135
136		}
137
138
139
140
141
142
143
144
145		function entity_members($ide, $template)
146		{
147		global $babBody;
148
149		class temp
		0 ignored issues – show Comprehensibility Best Practice introduced 2016-02-15 10:54 UTC by Report Bug Copy Issue Report Show Similar Issues like this The type `temp` has been defined more than once; this definition is ignored, only the first definition in `programs/vacadm.php` (L38-118) is considered. This check looks for classes that have been defined more than once. If you can, we would recommend to use standard object-oriented programming techniques. For example, to avoid multiple types, it might make sense to create a common interface, and then multiple, different implementations for that interface. This also has the side-effect of providing you with better IDE auto-completion, static analysis and also better OPCode caching from PHP. Loading history...
150		{
151		var $altbg = true;
152
153		function temp($ide)
154		{
155		$this->ide = $ide;
156		$users = bab_OCGetCollaborators($ide);
157		$superior = bab_OCGetSuperior($ide);
158		$this->superior_id = 0;
159	View Code Duplication	if ($superior !== 0 )
160		{
161		$this->superior_id = $superior['id_user'];
162		$this->superior_name = bab_toHtml($superior['lastname'].' '.$superior['firstname']);
163		}
164		$this->b_rights = ($this->superior_id != $GLOBALS['BAB_SESS_USERID']);
165		$this->set_rights = (bool) absences_getVacationOption('chart_superiors_set_rights');
166
167		// si co-gestionnaire de cette entite, pas de droit sur le supperieur
168
169		if (absences_isAccessibleEntityAsCoManager($this->ide)) {
170		$this->b_rights = false;
171		}
172
173		$this->t_name = absences_translate('Name');
174		$this->t_calendar = absences_translate('Planning');
175		$this->t_rights = absences_translate('Rights');
176		$this->t_asks = absences_translate('Requests');
177		$this->t_view_calendar = absences_translate('View calendars');
178		$this->t_collection = absences_translate('Collection');
179		$this->t_schema = absences_translate('Approbation schema');
180		$this->t_request = absences_translate('Request');
181		$this->t_viewrights = absences_translate('Balance');
182		$this->checkall = absences_translate('Check all');
183		$this->uncheckall = absences_translate('Uncheck all');
184		$this->t_not_in_personel = absences_translate('This user is not in personel members');
185
186		$this->requests = absences_getVacationOption('chart_superiors_create_request');
187
188		$this->users = array();
189
190		while (list(,$arr) = each($users))
191		{
192	View Code Duplication	if ($arr['id_user'] != $this->superior_id)
193		{
194		$this->users[$arr['id_user']] = $arr['lastname'].' '.$arr['firstname'];
195		}
196		}
197		bab_sort::natcasesort($this->users);
198
199		if (count($this->users) > 0)
200		{
201		$tmp = array_keys($this->users);
202		$tmp[] = $this->superior_id;
203		}
204		elseif (!empty($this->superior_id))
205		{
206		$tmp = array($this->superior_id);
207		}
208		else
209		$tmp = array();
210
211
212		if (count($tmp) > 0)
213		{
214		$this->more = array();
215
216		global $babDB;
217		$req = "SELECT p.id_user,c.name coll,f.name sa FROM ".ABSENCES_PERSONNEL_TBL." p LEFT JOIN ".ABSENCES_COLLECTIONS_TBL." c ON c.id=p.id_coll LEFT JOIN ".BAB_FLOW_APPROVERS_TBL." f ON f.id=p.id_sa WHERE p.id_user IN(".$babDB->quote($tmp).")";
218		$res = $babDB->db_query($req);
219		while ($arr = $babDB->db_fetch_array($res))
220		{
221		$this->more[$arr['id_user']] = array( $arr['coll'], $arr['sa'] );
222		}
223		}
224
225		$this->s_collection = '';
226		$this->s_schema = '';
227		if ($superior !== 0 && isset($this->more[$this->superior_id]))
228		{
229		list($this->s_collection, $this->s_schema ) = $this->more[$this->superior_id] ;
230		$this->s_collection = bab_toHtml($this->s_collection);
231		$this->s_schema = bab_toHtml($this->s_schema);
232		}
233		}
234
235		function getnext()
236		{
237		if (list($this->id_user,$this->name) = each($this->users))
238		{
239		$this->altbg = !$this->altbg;
240		$this->b_rights = absences_canChartEditRights($this->id_user);
241		$this->collection = isset($this->more[$this->id_user][0]) ? bab_toHtml($this->more[$this->id_user][0]) : '';
242		$this->schema = isset($this->more[$this->id_user][1]) ? bab_toHtml($this->more[$this->id_user][1]) : '';
243		$this->name = bab_toHtml($this->name);
244
245		return true;
246		}
247		else
248		return false;
249		}
250		}
251
252		$temp = new temp($ide);
253
254		$entity = bab_OCGetEntity($ide);
255
256		$babBody->setTitle(sprintf(absences_translate('Members of entity "%s"'), $entity['name']));
257		$babBody->babecho(bab_printTemplate($temp, absences_addon()->getRelativePath()."vacchart.html", $template));
258
259		}
260
261
262
263
264		function entity_users($ide)
265		{
266		$users = bab_OCGetCollaborators($ide);
267		$superior = bab_OCGetSuperior($ide);
268
269		$tmp = array();
270		foreach ($users as $user)
271		{
272		$tmp[$user['id_user']] = $user['id_user'];
273		}
274
275		if (!isset($tmp[$superior['id_user']]) && !empty($superior['id_user']))
276		$tmp[$superior['id_user']] = $superior['id_user'];
277
278		return array_keys($tmp);
279		}
280
281		function entity_requests($ide )
282		{
283		global $babBody;
284		$entity = bab_OCGetEntity($ide);
285
286		$babBody->setTitle(sprintf(absences_translate('Vacation requests by members of entity "%s"'), $entity['name']));
287
288
289		absences_listVacationRequests(entity_users($ide), true, 1, $ide);
290		}
291
292
293
294		function entity_comanager($ide) {
295		$e = bab_OCGetEntity($ide);
296		$GLOBALS['babBody']->setTitle(absences_translate("Co-managers").' : '.$e['name']);
297
298		include_once $GLOBALS['babInstallPath'].'utilit/selectusers.php';
299		global $babBody, $babDB;
300		$obj = new bab_selectusers();
301		$obj->addVar('ide', $ide);
302		$res = $babDB->db_query("SELECT id_user FROM ".ABSENCES_COMANAGER_TBL." WHERE id_entity=".$babDB->quote($ide));
303		while (list($id) = $babDB->db_fetch_array($res))
304		{
305		$obj->addUser($id);
306		}
307		$obj->setRecordCallback('saveCoManager');
308		$babBody->babecho($obj->getHtml());
309
310		}
311
312
313		function viewVacUserDetails($ide, $id_user) {
314
315		require_once dirname(__FILE__).'/utilit/agent.ui.php';
316
317
318		$agent = absences_Agent::getFromIdUser($id_user);
319
320		$W = bab_Widgets();
321		$page = $W->BabPage();
322		$frame = $W->Frame(null , $W->VBoxLayout()->setVerticalSpacing(2,'em'))
323		->addClass('widget-bordered')
324		->addClass('BabLoginMenuBackground')
325		->addClass('widget-centered')
326		->addClass(Func_Icons::ICON_LEFT_24);
327
328		$frame->setCanvasOptions($frame->Options()->width(70,'em'));
329
330		$page->addItem($frame);
331
332
333		$url = bab_url::get_request('tg', 'ide', 'iduser');
334		$url->idx = 'modp';
335
336		if ($id_user != $GLOBALS['BAB_SESS_USERID'] && absences_getVacationOption('chart_superiors_user_edit'))
337		{
338		$frame->addItem($W->Link($W->Icon(absences_translate("Modify"), Func_Icons::ACTIONS_DOCUMENT_EDIT), $url->toString()));
339		}
340
341		$frame->addItem(new absences_AgentCardFrame($agent));
342
343
344		$page->displayHtml();
345
346
347
348
349		}
350
351
352
353
354
355		function saveCoManager($userids, $params) {
356
357		$ide = $params['ide'];
358		global $babDB;
359		$babDB->db_query("DELETE FROM ".ABSENCES_COMANAGER_TBL." WHERE id_entity = ".$babDB->quote($ide));
360
361	View Code Duplication	foreach ($userids as $uid)
362		{
363		$babDB->db_query("INSERT INTO ".ABSENCES_COMANAGER_TBL." (id_user, id_entity) VALUES ('".$babDB->db_escape_string($uid)."','".$babDB->db_escape_string($ide)."')");
364		}
365
366		header('location:'.absences_addon()->getUrl()."vacchart&idx=entities");
367		exit;
368		}
369
370
371
372		/**
373		*
374		* @param int $id_user
375		* @return boolean
376		*/
377		function absences_canChartEditRights($id_user)
378		{
379		return ($id_user != bab_getUserId() && absences_getVacationOption('chart_superiors_set_rights') && absences_IsUserUnderSuperior($id_user));
380		}
381
382
383
384	View Code Duplication	function absences_updateVacationChartPersonnel($id_user)
385		{
386		$update = absences_updateVacationPersonnel($id_user);
387		if(true === $update) {
388		return 'changeucol';
389		}
390
391		if (false === $update) {
392		return 'modp';
393		}
394
395		$url = bab_url::get_request('tg', 'ide');
396		$url->idx = 'entity_members';
397		$url->location();
398		}
399
400
401
402		// main
403		bab_requireCredential();
404		$agent = absences_Agent::getCurrentUser();
405		$userentities = $agent->getManagedEntities();
406		$entities_access = count($userentities);
407
408
409
410		$idx = bab_rp('idx', 'entities');
411
412
413		if( isset($_POST['add']) && $entities_access > 0 )
414		{
415		switch($_POST['add'])
416		{
417		case 'modrbu':
418		if ( absences_canChartEditRights($_POST['idu']) )
419		{
420		if (absences_updateVacationRightByUser($_POST['idu'], $_POST['quantity'], bab_pp('comment')))
421		{
422		bab_url::get_request('tg', 'idx', 'ide', 'idu')->location();
423		}
424		}
425		break;
426
427		case 'changeuser':
428		if (!absences_getVacationOption('chart_superiors_user_edit'))
429		{
430		break;
431		}
432		if (!empty($_POST['idp'])) {
433		$idx = absences_updateVacationChartPersonnel($_POST['idp']);
434		}
435		else
436		{
437		try {
438
439		$messages = array();
440		if( !absences_saveVacationPersonnel(bab_pp('userid'), bab_pp('idcol'), bab_pp('idsa'), bab_pp('id_sa_cet'), bab_pp('id_sa_recover'), bab_pp('emails'), $messages))
441		{
442		$idx ='addp';
443		}
444		} catch (Exception $e)
445		{
446		$babBody->addError($e->getMessage());
447		$idx ='addp';
448		}
449
450		if (!empty($messages))
451		{
452		/@var $babBody babBody /
453		foreach($messages as $message)
454		{
455		$babBody->addMessage($message);
456		}
457		}
458		}
459		break;
460
461
462		case 'changeucol':
463		if (!absences_getVacationOption('chart_superiors_user_edit'))
464		{
465		break;
466		}
467		if (!absences_updateUserColl())
468		$idx = $add;
469		break;
470		}
471		}
472
473		if (!bab_rp('popup'))
474		{
475		if ($agent->isInPersonnel())
476		{
477		$babBody->addItemMenu("vacuser", absences_translate("Vacations"), absences_addon()->getUrl()."vacuser");
478		}
479
480		if( $agent->isManager())
481		{
482		$babBody->addItemMenu("list", absences_translate("Management"), absences_addon()->getUrl()."vacadm");
483		}
484
485		if ($agent->isEntityManager())
486		{
487		$babBody->addItemMenu("entities", absences_translate("Delegate management"), absences_addon()->getUrl()."vacchart&idx=entities");
488		}
489		}
490
491
492
493		switch($idx)
494		{
495		case 'lper':
496		$idx = 'entity_members';
497		case 'entity_members':
498
499		$babBody->addItemMenu("entity_members", absences_translate("Entity members"), absences_addon()->getUrl()."vacchart&idx=entity_members&ide=".bab_rp('ide'));
500		if ($entities_access > 0)
501		entity_members(bab_rp('ide'), 'entity_members');
502		else
503		{
504		$babBody->addError(absences_translate("Access denied"));
505		}
506		break;
507
508	View Code Duplication	case 'planning_members':
509		if (absences_isPlanningAccessValid())
510		{
511		$babBody->title = absences_translate("Entity members");
512		$babBody->addItemMenu("planning", absences_translate("Plannings"), absences_addon()->getUrl()."planning&idx=userlist");
513		$babBody->addItemMenu("planning_members", absences_translate("Entity members"), absences_addon()->getUrl()."vacchart&idx=planning_members");
514		entity_members($_REQUEST['ide'], 'planning_members');
515		}
516		else
517		{
518		$babBody->addError(absences_translate("Access denied"));
519		}
520		break;
521
522
523
524		case 'rights':
525
526		if (absences_canChartEditRights(bab_rp('idu')))
527		{
528		if (!bab_rp('popup'))
529		{
530		$babBody->addItemMenu("entity_members", absences_translate("Entity members"), absences_addon()->getUrl()."vacchart&idx=entity_members&ide=".bab_rp('ide'));
531		$babBody->addItemMenu("rights", absences_translate("Rights"), absences_addon()->getUrl()."vacchart&idx=rights&idu=".bab_rp('idu').'&ide='.bab_rp('ide'));
532		}
533		absences_listRightsByUser(bab_rp('idu'));
534		}
535		else
536		{
537		$babBody->addError(absences_translate("Access denied"));
538		}
539		break;
540
541		case "rlbuul":
542		absences_rlistbyuserUnload(absences_translate("Your request has been updated"));
543		exit;
544
545		case 'asks':
546		$babBody->addItemMenu("entity_members", absences_translate("Entity members"), absences_addon()->getUrl()."vacchart&idx=entity_members&ide=".$_GET['ide']);
547		if (absences_IsUserUnderSuperior($_GET['id_user']))
548		{
549
550		$babBody->title = absences_translate("Vacation requests list");
551		$babBody->addItemMenu("asks", absences_translate("Requests"), absences_addon()->getUrl()."vacchart&idx=asks");
552		absences_listVacationRequests($_GET['id_user'], false, 1, bab_rp('ide'));
553		}
554		else
555		{
556		$babBody->addError(absences_translate("Access denied"));
557		}
558		break;
559
560	View Code Duplication	case 'entity_requests':
561
562		if ($entities_access > 0)
563		{
564		$babBody->addItemMenu("entity_requests", absences_translate("Requests"), absences_addon()->getUrl()."vacchart&idx=entity_requests");
565		entity_requests($_GET['ide']);
566		}
567		else
568		{
569		$babBody->addError(absences_translate("Access denied"));
570		}
571		break;
572
573
574
575
576	View Code Duplication	case 'comanager':
577		$babBody->addItemMenu("comanager", absences_translate("Co-managers"), absences_addon()->getUrl()."vacchart&idx=comanager");
578
579		$ide = bab_rp('ide');
580
581		if ($entities_access > 0 && !empty($ide))
582		entity_comanager($ide);
583		break;
584
585	View Code Duplication	case 'view':
586		$babBody->addItemMenu("entity_members", absences_translate("Entity members"), absences_addon()->getUrl()."vacchart&idx=entity_members&ide=".$_GET['ide']);
587
588		if (absences_IsUserUnderSuperior($_GET['iduser']) && $_GET['iduser'] != $GLOBALS['BAB_SESS_USERID'])
589		{
590		$babBody->addItemMenu("view", absences_translate("User"), absences_addon()->getUrl()."vacchart&idx=view&ide=".$_GET['ide']);
591		$babBody->title = bab_getUserName($_GET['iduser']);
592		viewVacUserDetails($_GET['ide'], $_GET['iduser']);
593		}
594		else
595		{
596		$babBody->addError(absences_translate("Access denied"));
597		}
598		break;
599
600	View Code Duplication	case "modp":
601		$babBody->addItemMenu("entity_members", absences_translate("Entity members"), absences_addon()->getUrl()."vacchart&idx=entity_members&ide=".$_GET['ide']);
602
603		if (absences_IsUserUnderSuperior($_REQUEST['iduser']) && $_GET['iduser'] != $GLOBALS['BAB_SESS_USERID'])
604		{
605		$babBody->addItemMenu("modp", absences_translate("Modify"), absences_addon()->getUrl()."vacchart&idx=entity_members&ide=".$_GET['ide']);
606		$babBody->title = absences_translate("Modify user");
607		absences_addVacationPersonnel($_REQUEST['iduser']);
608		}
609		else
610		{
611		$babBody->addError(absences_translate("Access denied"));
612		}
613		break;
614
615	View Code Duplication	case 'changeucol':
616		$babBody->addItemMenu("entity_members", absences_translate("Entity members"), absences_addon()->getUrl()."vacchart&idx=entity_members&ide=".$_REQUEST['ide']);
617		if (absences_IsUserUnderSuperior($_POST['idp']) && $_POST['idp'] != $GLOBALS['BAB_SESS_USERID'])
618		{
619		$babBody->addItemMenu("changeucol", absences_translate("Modify"), absences_addon()->getUrl()."vacchart&idx=changeucol&ide=".$_REQUEST['ide']);
620		$babBody->title = absences_translate("Change user collection");
621		absences_changeucol( $_POST['idp'], $_POST['idcol'] );
622		}
623		else
624		{
625		$babBody->addError(absences_translate("Access denied"));
626		}
627		break;
628
629	View Code Duplication	case 'planning':
630		if (absences_isPlanningAccessValid())
631		{
632		$babBody->addItemMenu("planning", absences_translate("Plannings"), absences_addon()->getUrl()."planning&idx=userlist");
633		$babBody->title = absences_translate("Planning list");
634		absences_accessible_plannings($userentities);
635		}
636		break;
637
638		default:
639		case 'entities':
640		if ($entities_access > 0)
641		{
642		$babBody->title = absences_translate("Entities list");
643		absences_entities($userentities);
644		}
645		break;
646		}
647
648		$babBody->setCurrentItemMenu($idx);
649
650		?>

cantico / absences

Issues (1940)

Security Analysis not enabled

programs/vacchart.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like