Liberations/ajaxsearch.php

<?php

session_start();

require (__DIR__ . '/vendor/autoload.php');
require_once("lib/libconfig.inc.php");
require_once("lib/libsession.inc.php");
require_once("lib/libfonctions.inc.php");
require_once("lib/libmysql.inc.php");
require_once("lib/libencode.inc.php");
require_once("lib/libforms.inc.php");
require_once("lib/libcourriel.inc.php");
require_once("lib/libliberations.inc.php");
require_once("lib/lib2fa.inc.php");

ini_set('display_errors', 'off');

//Encodage des caractères
header('Content-Type: text/html; charset=$ENCODAGE');

const AUCUN_RESULTAT = "<div style='text-align:center; font-size:11pt; margin:5px; '><span style='color:white;'>Aucun r&eacute;sultat</span>\n</div>\n";

setConnectionSql();

function enleveAccent($chaine) {
   $accent = "ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõöøùúûýýþÿ";
   $noaccent = "AAAAAAACEEEEIIIIDNOOOOOOUUUUYBSaaaaaaaceeeeiiiidnoooooouuuyyby";
   return strtr(trim($chaine), $accent, $noaccent);
}

if (filter_input(INPUT_POST,'zonerecherche',FILTER_SANITIZE_ADD_SLASHES)!=="") {
   $zonerecherche = antiInjection(filter_input(INPUT_POST,'zonerecherche',FILTER_SANITIZE_ADD_SLASHES));
   $zonerecherche2 = trim($zonerecherche);
   $id = sprintf("%d", filter_input(INPUT_POST,'id',FILTER_SANITIZE_ADD_SLASHES));
   if (($zonerecherche2 != null && !empty($zonerecherche2)) && ($id != null && !empty($id))) {
      unset($sqlparam);
      $sqlparam["table"][] = "employes";
      $sqlparam["champs"][] = "nomfamille";
      $sqlparam["champs"][] = "prenom";
      $sqlparam["champs"][] = "numemploye";
      $sqlparam["champs"][] = "adresse1";
      $sqlparam["champs"][] = "adresse2";
      $sqlparam["champs"][] = "ville";
      $sqlparam["champs"][] = "codepostal";
      $sqlparam["champs"][] = "numtel";
      $sqlparam["champs"][] = "membreca";
      $sqlparam["champs"][] = "refemploye";
      $sqlparam["champs"][] = "presentation";
      $sqlparam["champs"][] = "email";
      $sqlparam["champs"][] = "numemploye";
      $sqlparam["order"][] = "nomfamille";
      $sqlparam["order"][] = "prenom";
      $sqlparam["where"][] = "TRIM(CONCAT_WS(' ',nomfamille,prenom)) LIKE '%" . trim($zonerecherche2) . "%'";
      if ($_SESSION['gestion_site'] == 'Non') {
         $sqlparam["where"][] = sprintf("employes.refemployeur=%d", $_SESSION['employeur']);
      }
      // Ne pas prendre les employés qui ont été archivés
      $sqlparam["where"][] = "archive=0";
      $sqlparam["limite"] = 7;

      $result = executerRequeteSql($sqlparam);
      if ($result) {
         foreach ($result as $clef => $champs) {
            $valeur0 = $champs["nomfamille"];
            $valeur1 = $champs["prenom"];
            $valeur2 = $champs["refemploye"];
            $valeur3 = $champs["numemploye"];
            $valeur4 = $champs["ville"];
            $ligne = enleveAccent(htmlentities($valeur0 . ", " . $valeur1 . " (" . $valeur3 . "), " . $valeur4, ENT_SUBSTITUTE, "UTF-8"));
            $zonerecheche = strtolower(enleveAccent($zonerecherche2));
            $ligne2 = ucwords($ligne);
            $ligne3 = str_ireplace(strtoupper($zonerecherche2), '<span class="highlight">' . strtoupper($zonerecherche2) . '</span>', $ligne2);
            $nomTemp = str_replace("'", "&apos;", htmlentities($valeur0 . ", " . $valeur1, ENT_SUBSTITUTE, "UTF-8"));
            print sprintf("<a style='cursor:pointer;' onclick='selectedC(%d,\"%s\",%d);'> %s</a>", $id, $nomTemp, $valeur2, $ligne3);
         }
      } else {
         print AUCUN_RESULTAT;
      }
   } else {
      print AUCUN_RESULTAT;
   }
}