0x1998 - MANAGER

Edit File: garde_do.php

<?php
include "config/auth-config.php";
include "config/authcheck.php";
include "config/garde.php";

$action=(isset($_POST['action']))? $_POST['action'] :"";
$id=(isset($_POST['id']))? $_POST['id'] :"";
$don=(isset($_POST['don']))? $_POST['don'] :"";
$type=(isset($_POST['type']))? $_POST['type'] :"";
$monfichier=isset($_FILES['monfichier'])? $_FILES['monfichier']:"";
$comment=(isset($_POST['comment']))? $_POST['comment'] :"";
$current_month=(isset($_POST['current_month']))? $_POST['current_month'] :"";
$current_year=(isset($_POST['current_year']))? $_POST['current_year'] :"";
$categorie=(isset($_POST['categorie']))? $_POST['categorie'] :"";

if ($action=='change_session') // On change le user dans la session !
{
$_SESSION['id']=$don[1];
}

elseif ($action=='change_skill') // On change la skill dans la session !
{
// ON CHERCHE LES PARAMETRES DE LA SKILL
$result=mysqli_query($link,"select * from list_skill where list_skill_id=".$don[1]);
$val=mysqli_fetch_array($result);	
	
$_SESSION['skill']=$don[1];
$_SESSION['WE']=$val['list_skill_WE'];
$_SESSION['CA']=$val['list_skill_CA'];
}

elseif ($action=='change_jour') // On change la journée modifiée !
{

$boucle=array(1=>'M',2=>'AM',3=>'S',4=>'N');
foreach ($boucle as $key => $value)
{
$cons_date=$don[7]."-".$don[6]."-".$don[5];

echo "select activite_activite from activite where
						activite_user=".$_SESSION['id']." and activite_type='".$value."' and day(activite_date)=".$don[5]."
						and month(activite_date)=".$don[6]." and year(activite_date)=".$don[7];

$result=mysqli_query($link,"select activite_activite from activite where
						activite_user=".$_SESSION['id']." and activite_type='".$value."' and day(activite_date)=".$don[5]."
						and month(activite_date)=".$don[6]." and year(activite_date)=".$don[7]);

$val=mysqli_fetch_array($result);
print_r($val);
// PAS D'ACTIVITE > ON CREE
if($val=="" && $don[$key]!="") 
	mysqli_query($link,"insert into activite (activite_user, activite_date, activite_type, activite_activite, activite_js) 
								   values ('".$_SESSION['id']."','".$cons_date."','".$value."','".$don[$key]."','".$don[8]."')");

elseif($val!="" && $don[$key]!="")
	mysqli_query($link,"update activite set activite_activite=".$don[$key]." where
				activite_user=".$_SESSION['id']." and activite_type='".$value."' and activite_date='".$cons_date."'");
				
elseif ($val!="" && $don[$key]=="")
	mysqli_query($link,"delete from activite where activite_user='".$_SESSION['id']."' and activite_date='".$cons_date."' 
				and activite_type='".$value."'");
}
}

elseif ($action=='add_file')
{

if ($_FILES['monfichier']['error'] > 0) $erreur = "Erreur lors du transfert";
	$extension_upload = strtolower(  substr(  strrchr($_FILES['monfichier']['name'], '.')  ,1));
	if ($extension_upload!='pdf') $erreur = "Extension incorrecte";
	
$erreur=isset($erreur)? $erreur:"";

if ($erreur=="") // tout est OK on déplace
	{
	$nom="documents/".$type."_".$_FILES['monfichier']['name'];
	$resultat = move_uploaded_file($_FILES['monfichier']['tmp_name'],$nom);
		if ($resultat)
			{
			// On cherche l'ordre
			$result=mysqli_query($link,"select max(ordre) from fichiers");
			$a_row=mysqli_fetch_array($result);
			$ordre=$a_row[0]+1;
			mysqli_free_result($result);

// on créé la ligne dans la table
			mysqli_query($link,"insert into fichiers (type, nom, realname, comment, actif,ordre) VALUE ('".$type."','".$_FILES['monfichier']['name']."','".$nom."','".$comment."','Y',".$ordre.")");
			$erreur= "Transfert réussi";
			}
	}
		
echo $erreur;

}

elseif ($action=='up')
{
	// ON CHERCHE LA POSITION ACTUELLE DE l'ID
	$result=mysqli_query($link,"select ordre from fichiers where id='".$id."'");
	$a_row=mysqli_fetch_array($result);
	mysqli_free_result($result);

$position=$a_row['ordre'];
$position1=$position-1;

// JE CHERCHE QUI EST 'AU DESSUS'...

$sql="select id from fichiers where ordre=".$position1."";

// Je lance la requete pour connaitre l'ID concerné !
	$result=mysqli_query($link,$sql);
	$b_row=mysqli_fetch_array($result);
	mysqli_free_result($result);
	
	mysqli_query($link,"update fichiers set `ordre`=`ordre`-1 where `id`='".$id."'");
	mysqli_query($link,"update fichiers set `ordre`=`ordre`+1 where `id`='".$b_row['id']."'");

}

elseif ($action=='down')
{
	// ON CHERCHE LA CATEGORIE POUR SWITCHER AVEC LA CASE DU DESSOUS
	$result=mysqli_query($link,"select * from fichiers where id='".$id."'");
	$a_row=mysqli_fetch_array($result);
	mysqli_free_result($result);

$position=$a_row['ordre'];
$position1=$position+1;

// JE CHERCHE QUI EST 'AU DESSOUS'...

$sql="select id from fichiers where  ordre=".$position1."";
	
	// Je lance la requete pour connaitre l'ID concerné !
	$result=mysqli_query($link,$sql);
	$b_row=mysqli_fetch_array($result);
	mysqli_free_result($result);
	
	mysqli_query($link,"update fichiers set `ordre`=`ordre`+1 where `id`='".$id."'");
	mysqli_query($link,"update fichiers set `ordre`=`ordre`-1 where `id`='".$b_row['id']."'");
}
elseif($action=='drop_file')
{
// IL FAUT DETERMINER LA POSITION CAR TOUS CEUX EN DESSOUS REMONTENT D'UN CRAN !

$sql="select ordre, realname from fichiers where id='".$id."'";
	
	// Je lance la requete pour connaitre l'ID concerné !
	$result=mysqli_query($link,$sql);
	$b_row=mysqli_fetch_array($result);
	mysqli_free_result($result);
	
	mysqli_query($link,"delete from fichiers where id='".$id."'");
// ON DELETE LE FICHIER :
	unlink($b_row['realname']);
	
	
// ON REMONTE LES AUTRES d'UN CRAN
		mysqli_query($link,"update fichiers set ordre=`ordre`-1 where and ordre>".$b_row['ordre']);
}
// GESTION EIG
elseif($action=='eig')
{
if ($don[0]=="") // nouvel EIG
{
mysqli_query ($link,"insert into eig (eig_skill, eig_date, eig_statut, eig_user) VALUES ('".$_SESSION['skill']."', now(),'1', '".$_SESSION['user']."')");
$don[0]=mysqli_insert_id ($link);
$message="Un nouvel EIG a été saisi dans l'application\n";
$message.="Voici la description :".stripslashes($don[3]);
$message.="\n\nVous pouvez y acceder sur la plateforme : https://garde.samu92.com ";
unset($adresse);

// on cherche les adresses mails des users qui ont l'autor 3
$result=mysqli_query($link,"select email from ".PREF."users  A where A.id in (select user_id from user_autor A where A.user_autor=3)");
while ($row=mysqli_fetch_array($result))
{
$adresse[]=$row['email'];	
}
mysqli_free_result($result);

envoi_mail_iresu_phpmailer($adresse,'Nouvel EIG',$message,'');
}

$don[1]=convert_date($don[1]);
$don[4]=isset($don[4])? 'Y':'N';
$don[5]=isset($don[5])? 'Y':'N';
$don[7]=isset($don[7])? 'Y':'N';
$don[9]=isset($don[9])? 'Y':'N';

$sql="update eig set
eig_dateeig='".$don[1]."',
eig_carmen='".$don[2]."',
eig_description='".$don[3]."',
eig_osiris='".$don[4]."',
eig_infoencadrement='".$don[5]."',
eig_infoqui='".$don[6]."',
eig_mesure='".$don[7]."',
eig_descrmesure='".$don[8]."',
eig_entretien='".$don[9]."'
where eig_id=".$don[0];

echo $sql;

mysqli_query($link,$sql);
}

elseif($action=='compte')
{

// il faut changer le mail dans les listes de diffusion

$result=mysqli_query($link, "select email from ".PREF."users where id='".$don[0]."'");
$row=mysqli_fetch_array($result);
$oldEmail=$row['email'];
mysqli_free_result($result);
	
mysqli_query ($link, "update user_type set gsm='".$don[1]."', journuit='".$don[2]."', relance='".$don[3]."', APH='".$don[5]."' where id='".$don[0]."'");
mysqli_query($link,"update ".PREF."users set email='".$don[4]."' where id='".$don[0]."'");

if ($oldEmail!=$don[4]) // L'email à changé ... donc on doit toucher les listes...
{
$result=mysqli_query($link,"select list_skill_listediffusion from user_skill A 
inner join list_skill  B on A.user_skill=B.list_skill_id where A.user_id=".$don[0]." and list_skill_listediffusion!='N'");
$nbr=mysqli_num_rows($result);

if ($nbr>0) // il y a au moins une skill ... donc on continue
		{
		$newEmail=str_replace('@','=',$don[4]);
		$oldEmail=str_replace('@','=',$oldEmail);
		while ($row=mysqli_fetch_array($result)) // on boucle sur chaque skill
			{
				unset($adresse);
				// Construction de l'adresse ajout
				$adresse[]=$row[0]."-subscribe-".$newEmail."@samu92.com";
				envoi_mail_iresu_phpmailer($adresse,'','','','guillaume.douge@samu92.com');
				unset($adresse);
				// Construction de l'adresse de suppression
				$adresse[]=$row[0]."-unsubscribe-".$oldEmail."@samu92.com";
				envoi_mail_iresu_phpmailer($adresse,'','','','guillaume.douge@samu92.com');
			}
		}

}

echo 'Modifications enregistrées';
}

elseif($action=='user')
{
$liste=autor_liste($_SESSION['user']);
if (!autor($_SESSION['user'],$don[4]+1))
	{
	echo "Vos autorisations sont insuffisantes pour attribuer le niveau ".$don[4];
	die();
	}
$requete="UPDATE `user_type` SET  niveau='".$don[4]."', nom='".$don[7]."' , type='".$don[8]."' , gsm='".$don[9]."',
			presence=".$don[10].", APH='".$don[11]."', rem='".$don[12]."'			
			WHERE id='".$don[0]."'";

mysqli_query($link,$requete) or die("requete de modification impossible ... ".$requete);
	echo "Modification effectuées";
}

elseif ($action=='changeNature2')
{
	$result=mysqli_query($link, "select * from list_itemeig where list_parent='".$id."'");
	$nb=mysqli_num_rows($result);
	$message='';
	
if ($nb>0)
{
while($a_row=mysqli_fetch_array($result))
	{
	$message.=$a_row['list_code']."/".$a_row['list_title'].";";
	}
$message=substr($message,0,-1);
}
echo $message;	
	
}

elseif ($action=='changeStatut')
{
	mysqli_query($link, "update eig set eig_statut='".$type."' where eig_id=".$id);
if ($type==3) // cloture donc j'envoi le mail
{
$message="L'événement indésirable n° ".$id." que vous avez déclaré a été traité.\n";
$message.="Vous pouvez consulter la réponse apportée et laisser votre avis sur le traitement effectué.\n";
$message.="\nVous pouvez y acceder sur la plateforme : https://garde.samu92.com ";
envoi_mail_iresu_phpmailer($don,'Suivi de l\'EIG',$message,'');
echo $don;
}	
	
}

// EIG TTT
elseif($action=='savettt')
{

$don[4]=isset($don[4])? 'Y':'N';

mysqli_query($link, "update eig set eig_descrttt='".$don[1]."', eig_nature='".$don[2]."', eig_nature2='".$don[3]."', eig_osiristtt='".$don[4]."', eig_impact='".$don[5]."' where eig_id=".$don[0]);

}
// EIG CLOTURE
elseif($action=='saveCloture')
{

$don[1]=isset($don[1])? 'Y':'N';

mysqli_query($link, "update eig set eig_satisf='".$don[1]."', eig_comment='".$don[2]."', eig_statut='4' where eig_id=".$don[0]);
}

elseif ($action=='changeInfos')
{
mysqli_query($link, "update tools set tools_title='".$type."' where tools_code='".$id."'");
}

elseif ($action=='geler_dispo')
{
	
$req="select count(limit_id) from limite_dispo where `limit_month`='".$current_month."' 
		and `limit_year`='".$current_year."' and limit_skill='".$categorie."'
		and limit_type='dispo'";
$res=mysqli_query($link,$req) or die("Impossible de recuperer les donnees ... $req");
$lig=mysqli_fetch_array($res);

if ($lig[0]==0)
		{
			$requete = "INSERT INTO `limite_dispo` (limit_month, limit_year, limit_bloc, limit_skill, limit_type)
			VALUES ('".$current_month."','".$current_year."','".$type."','".$categorie."','dispo')";
			mysqli_query($link,$requete) or die("requete d'insertion impossible ... $requete");
		}
		else
		{
			$requete="UPDATE `limite_dispo` SET limit_bloc='".$type."'
		                    WHERE limit_month='".$current_month."' and limit_year='".$current_year."' and limit_skill='".$categorie."' and limit_type='dispo'";
			mysqli_query($link,$requete) or die("requete d'insertion impossible ...$requete");
		}	
}
elseif ($action=='chercheGel')
{
	$req="select * from limite_dispo where `limit_month`='".$current_month."' 
		and `limit_year`='".$current_year."' and limit_skill='".$categorie."'
		and limit_type='dispo'";
$res=mysqli_query($link,$req) or die("Impossible de recuperer les donnees ... $req");
$nbre=mysqli_num_rows($res);
$lig=mysqli_fetch_array($res);

$reponse=($nbre>0)? $lig['limit_bloc'] : 0;
echo $reponse;

}

mysqli_close($link);
?>