1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
|
<?php
/*
* Copyright 2005-2016 OCSInventory-NG/OCSInventory-ocsreports contributors.
* See the Contributors file for more details about them.
*
* This file is part of OCSInventory-NG/OCSInventory-ocsreports.
*
* OCSInventory-NG/OCSInventory-ocsreports is free software: you can redistribute
* it and/or modify it under the terms of the GNU General Public License as
* published by the Free Software Foundation, either version 2 of the License,
* or (at your option) any later version.
*
* OCSInventory-NG/OCSInventory-ocsreports is distributed in the hope that it
* will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty
* of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with OCSInventory-NG/OCSInventory-ocsreports. if not, write to the
* Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
* MA 02110-1301, USA.
*/
/* page de récupération en local des droits
* et des tags sur lesquels l'utilisateur
* a des droits
*
* on doit renvoyer un tableau array('accesslvl'=>%%,'tag_show'=>array(%,%,%,%,%...))
* si une erreur est rencontrée, on retourne un code erreur
*
*/
require_once ('require/function_files.php');
//nom de la page
$name = "local.php";
connexion_local_read();
mysqli_select_db($link_ocs, $db_ocs);
//recherche du niveau de droit de l'utilisateur
$reqOp = "SELECT new_accesslvl as accesslvl FROM operators WHERE id='%s'";
$argOp = array($_SESSION['OCS']["loggeduser"]);
$resOp = mysql2_query_secure($reqOp, $link_ocs, $argOp);
$rowOp = mysqli_fetch_object($resOp);
if (isset($rowOp->accesslvl)) {
$lvluser = $rowOp->accesslvl;
$profile_config = PROFILES_DIR . $lvluser . '.xml';
if (!file_exists($profile_config)) {
migrate_config_2_2();
}
$profile_serializer = new XMLProfileSerializer();
$profile = $profile_serializer->unserialize($lvluser, file_get_contents($profile_config));
$restriction = $profile->getRestriction('GUI');
//Si l'utilisateur a des droits limités
//on va rechercher les tags sur lesquels il a des droits
if ($restriction == 'YES') {
$sql = "select tag from tags where login='%s'";
$arg = array($_SESSION['OCS']["loggeduser"]);
$res = mysql2_query_secure($sql, $link_ocs, $arg);
while ($row = mysqli_fetch_object($res)) {
// Check for wildcard
if (strpos($row->tag, '*') !== false || strpos($row->tag,'?') !== false) {
$wildcard = true;
$row->tag = str_replace("*", "%", $row->tag);
$row->tag = str_replace("?", "_", $row->tag);
if($wildcard === true){
$sql_wildcard = "SELECT TAG FROM `accountinfo` WHERE TAG LIKE '$row->tag' GROUP BY TAG";
$res_wildcard = mysql2_query_secure($sql_wildcard, $link_ocs);
while ($row_wildcard = mysqli_fetch_object($res_wildcard)) {
$list_tag[$row_wildcard->TAG] = $row_wildcard->TAG;
}
}
}else{
$list_tag[$row->tag] = $row->tag;
}
}
if (!isset($list_tag)) {
$ERROR = $l->g(893);
}
} elseif ($restriction != 'NO') {
$ERROR = $restriction;
}
} else {
$ERROR = $l->g(894);
}
?>
|
