source: branches/fscctrl_safety_limits/www/shift/calendar.php@ 20095

Last change on this file since 20095 was 16813, checked in by tbretz, 12 years ago
Implemented some debug out to a log-file when the sql query fails.
File size: 4.6 KB
Line 
1<?PHP
2
3require_once("config.php");
4
5function log_sql_error($query, $error)
6{
7 if (!file_exists("log/"))
8 mkdir("log/", 0777, true);
9
10 $file = fopen("log/mysql.log", "a");
11 fwrite($file, date("Y-m-d H:i:s")."\n".$query."\n".$error."\n\n");
12 fclose($file);
13
14 return header('HTTP/1.0 500 '.$error);
15}
16
17function login()
18{
19 global $ldaphost;
20 global $baseDN;
21 global $groupDN;
22
23 $username = $_SERVER['PHP_AUTH_USER'];
24 $password = $_SERVER['PHP_AUTH_PW'];
25
26 $con = @ldap_connect($ldaphost);
27 if (!$con)
28 return "ldap_connect failed to ".$ldaphost;
29
30 //------------------ Look for user common name
31 $attributes = array('cn', 'mail');
32 $dn = 'ou=People,'.$baseDN;
33 $filter = '(uid='.$username.')';
34
35 $sr = @ldap_search($con, $dn, $filter, $attributes);
36 if (!$sr)
37 return "ldap_search failed for dn=".$dn.": ".ldap_error($con);
38
39 $srData = @ldap_get_entries($con, $sr);
40 if ($srData["count"]==0)
41 return "No results returned by ldap_get_entries for dn=".$dn.".";
42
43 $email =$srData[0]['mail'][0];
44 $userCommonName=$srData[0]['cn'][0];
45 $userDN =$srData[0]['dn'];
46
47 //------------------ Authenticate user
48 if (!@ldap_bind($con, $userDN, $password))
49 return "ldap_bind failed: ".ldap_error($con);
50
51 //------------------ Check if the user is in FACT ldap group
52 $attributes= array("member");
53 $filter= '(objectClass=*)';
54
55 // Get all members of the group.
56 $sr = @ldap_read($con, $groupDN, $filter, $attributes);
57 if (!$sr)
58 return "ldap_read failed for dn=".$groupDN.": ".ldap_error($con);
59
60 // retrieve the corresponding data
61 $srData = @ldap_get_entries($con, $sr);
62 if ($srData["count"]==0)
63 return "No results returned by ldap_get_entries for dn=".$dn.".";
64
65 @ldap_unbind($con);
66
67 $found = false;
68 foreach ($srData[0]['member'] as $member)
69 if (strpos($member, "cn=".$userCommonName.",")===0)
70 return "";
71
72 return "Sorry, your credentials don't match!";
73}
74
75if (isset($_GET['logout']))
76{
77 Header( "HTTP/1.0 401 Logout successfull!");
78 exit();
79}
80
81if (!isset($_GET['y']) || !isset($_GET['m']))
82 return;
83
84$y = $_GET['y'];
85$m = $_GET['m'];
86
87if (!mysql_connect($dbhost, $dbuser, $dbpass))
88 return log_sql_error("connect: ".$dbhost."[".$dbuser."]", mysql_error());
89
90if (!mysql_select_db($dbname))
91 return log_sql_error("select_db: ".$dbname, mysql_error());
92
93if (isset($_GET['comment']))
94{
95 $query = "SELECT d, c FROM Comments WHERE y=".$y." AND m=".$m;
96 if (isset($_GET['d']))
97 $query .= " AND d=".$_GET['d'];
98
99 $result = mysql_query($query);
100 if (!$result)
101 return log_sql_error($query, mysql_error());
102
103 if (isset($_GET['d']))
104 {
105 $row = mysql_fetch_array($result, MYSQL_NUM);
106 print($row[1]);
107 return;
108 }
109
110 while ($row = mysql_fetch_array($result, MYSQL_NUM))
111 {
112 printf("%04d%02d%s", strlen($row[1]), $row[0], $row[1]);
113 }
114
115 return;
116}
117
118if (isset($_GET['d']))
119{
120 if (!isset($_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW']))
121 {
122 header('WWW-Authenticate: Basic realm="Shift schedule"');
123 header('HTTP/1.0 401 Unauthorized');
124 return;
125 }
126
127 $rc = login();
128 if ($rc!="")
129 {
130 header('HTTP/1.0 401 '.$rc);
131 return;
132 }
133
134 $d = $_GET['d'];
135
136 if (isset($_GET['c']))
137 {
138 $c = $_GET['c'];
139
140 $query = "DELETE FROM Comments WHERE y=".$y." AND m=".$m." AND d=".$d;
141 if (!mysql_query($query))
142 return log_sql_error($query, mysql_error());
143
144 if (strlen($c)<=0)
145 return;
146
147 $query = "INSERT Comments SET y=".$y.", m=".$m.", d=".$d.", c='".$c."'";
148 if (!mysql_query($query))
149 return log_sql_error($query, mysql_error());
150
151 return;
152 }
153
154 $u = isset($_GET['u']) ? $_GET['u'] : $_SERVER['PHP_AUTH_USER'];
155
156 $query = "DELETE FROM Data WHERE y=".$y." AND m=".$m." AND d=".$d." AND u='".$u."'";
157 if (!mysql_query($query))
158 return log_sql_error($query, mysql_error());
159
160 if (mysql_affected_rows()==0)
161 {
162 $x = $_GET['x'];
163
164 $query = "INSERT Data SET y=".$y.", m=".$m.", d=".$d.", x=".$x.", u='".$u."'";
165 if (!mysql_query($query))
166 return log_sql_error($query, mysql_error());
167 }
168}
169
170$query = "SELECT d, u, x FROM Data WHERE y=".$y." AND m=".$m;
171if (isset($_GET['d']))
172 $query .= " AND d=".$_GET['d'];
173
174$result = mysql_query($query);
175if (!$result)
176 if (!mysql_query($query))
177 return log_sql_error($query, mysql_error());
178
179while ($row = mysql_fetch_array($result, MYSQL_NUM))
180 print($row[0]."\t".$row[1]."\t".$row[2]."\n");
181?>
Note: See TracBrowser for help on using the repository browser.