1 | <?php
|
---|
2 |
|
---|
3 | if (!isset($_POST['n']) || !isset($_POST['d']))
|
---|
4 | return header('HTTP/1.0 400 Syntax error.');
|
---|
5 |
|
---|
6 | require_once 'config.php';
|
---|
7 |
|
---|
8 | function login()
|
---|
9 | {
|
---|
10 | global $ldaphost;
|
---|
11 | global $baseDN;
|
---|
12 | global $groupDN;
|
---|
13 |
|
---|
14 | if (!isset($_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW']))
|
---|
15 | return "Unauthorized.";
|
---|
16 |
|
---|
17 | $username = $_SERVER['PHP_AUTH_USER'];
|
---|
18 | $password = $_SERVER['PHP_AUTH_PW'];
|
---|
19 |
|
---|
20 | $con = @ldap_connect($ldaphost);
|
---|
21 | if (!$con)
|
---|
22 | return "ldap_connect failed to ".$ldaphost;
|
---|
23 |
|
---|
24 | //------------------ Look for user common name
|
---|
25 | $attributes = array('cn', 'mail');
|
---|
26 | $dn = 'ou=People,'.$baseDN;
|
---|
27 | $filter = '(uid='.$username.')';
|
---|
28 |
|
---|
29 | $sr = @ldap_search($con, $dn, $filter, $attributes);
|
---|
30 | if (!$sr)
|
---|
31 | return "ldap_search failed for dn=".$dn.": ".ldap_error($con);
|
---|
32 |
|
---|
33 | $srData = @ldap_get_entries($con, $sr);
|
---|
34 | if ($srData["count"]==0)
|
---|
35 | return "No results returned by ldap_get_entries for dn=".$dn.".";
|
---|
36 |
|
---|
37 | $email =$srData[0]['mail'][0];
|
---|
38 | $userCommonName=$srData[0]['cn'][0];
|
---|
39 | $userDN =$srData[0]['dn'];
|
---|
40 |
|
---|
41 | //------------------ Authenticate user
|
---|
42 | if (!@ldap_bind($con, $userDN, $password))
|
---|
43 | return "ldap_bind failed: ".ldap_error($con);
|
---|
44 |
|
---|
45 | //------------------ Check if the user is in FACT ldap group
|
---|
46 | $attributes= array("member");
|
---|
47 | $filter= '(objectClass=*)';
|
---|
48 |
|
---|
49 | // Get all members of the group.
|
---|
50 | $sr = @ldap_read($con, $groupDN, $filter, $attributes);
|
---|
51 | if (!$sr)
|
---|
52 | return "ldap_read failed for dn=".$groupDN.": ".ldap_error($con);
|
---|
53 |
|
---|
54 | // retrieve the corresponding data
|
---|
55 | $srData = @ldap_get_entries($con, $sr);
|
---|
56 | if ($srData["count"]==0)
|
---|
57 | return "No results returned by ldap_get_entries for dn=".$dn.".";
|
---|
58 |
|
---|
59 | @ldap_unbind($con);
|
---|
60 |
|
---|
61 | $found = false;
|
---|
62 | foreach ($srData[0]['member'] as $member)
|
---|
63 | if (strpos($member, "cn=".$userCommonName.",")===0)
|
---|
64 | return "";
|
---|
65 |
|
---|
66 | return "Authorization failed.";
|
---|
67 | }
|
---|
68 |
|
---|
69 | // --------------------------------------------------------------------
|
---|
70 |
|
---|
71 | if (isset($_GET['logout']))
|
---|
72 | {
|
---|
73 | if (!isset($_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW']))
|
---|
74 | return;
|
---|
75 |
|
---|
76 | return header('HTTP/1.0 401 Successfull logout!');
|
---|
77 | }
|
---|
78 |
|
---|
79 | // --------------------------------------------------------------------
|
---|
80 |
|
---|
81 | $rc = login();
|
---|
82 | if ($rc!="")
|
---|
83 | {
|
---|
84 | header('WWW-Authenticate: Basic realm="FACT Schedule"');
|
---|
85 | return header('HTTP/1.0 401 '.$rc);
|
---|
86 | }
|
---|
87 |
|
---|
88 | // ====================================================================
|
---|
89 |
|
---|
90 | // This is the day/night from which the data is to be deleted
|
---|
91 | // and to which the data is to be submitted
|
---|
92 | $day = $_POST['n'];
|
---|
93 |
|
---|
94 | // This is the time of the last diabled entry (or the time from which
|
---|
95 | // on the data should be deleted/submitted)
|
---|
96 | // Note that there is no sanity check yet, therefore the data and the
|
---|
97 | // time variable must be consistent
|
---|
98 | // FIXME: This should be 11:59:59 the prev day to allow for 12:00 being
|
---|
99 | // the first possible entry, but this makes things below more complicated
|
---|
100 | $time = isset($_POST['t']) ? $_POST['t'] : "12:00:00";
|
---|
101 |
|
---|
102 | // The data to be submitted
|
---|
103 | $data = json_decode($_POST['d']);
|
---|
104 |
|
---|
105 | // Get user
|
---|
106 | $user = $_SERVER['PHP_AUTH_USER'];
|
---|
107 |
|
---|
108 | // FIXME: Make sure that the date is valid (in the future)?
|
---|
109 |
|
---|
110 | // ----------------------------------------------------------------
|
---|
111 |
|
---|
112 | // Calculate the date for the next day, to have the correct
|
---|
113 | //date after midnight as well
|
---|
114 | $date = new DateTime($day);
|
---|
115 | $date->add(new DateInterval('P1D')); // PnYnMnDTnHnMnS
|
---|
116 | $nextDay = $date->format('Y-m-d');
|
---|
117 |
|
---|
118 | // ----------------------------------------------------------------
|
---|
119 |
|
---|
120 | // Calculate the lower limit from which on data should be deleted.
|
---|
121 | // This is either noon (if the date is in the future) or the provided
|
---|
122 | // time (different from 12:00:00) during the night
|
---|
123 | $cut = $day." ".$time;
|
---|
124 |
|
---|
125 | $d = new DateTime($cut);
|
---|
126 |
|
---|
127 | // If the time lays before noon, it belongs to the next day
|
---|
128 | if ($d->format("His")<120000)
|
---|
129 | {
|
---|
130 | $d->add(new DateInterval('P1D')); // PnYnMnDTnHnMnS
|
---|
131 | $cut = $d->format("Y-m-d H:i:s");
|
---|
132 | }
|
---|
133 |
|
---|
134 | // ================================================================
|
---|
135 |
|
---|
136 | $db = mysql_connect($dbhost,$dbuser,$dbpass);
|
---|
137 | if (!$db)
|
---|
138 | die(mysql_error());
|
---|
139 |
|
---|
140 | if (!mysql_select_db($dbname, $db))
|
---|
141 | die(mysql_error());
|
---|
142 |
|
---|
143 | $query = "SELECT * FROM MeasurementType";
|
---|
144 |
|
---|
145 | $sql = mysql_query($query);
|
---|
146 | if (!$sql)
|
---|
147 | die(mysql_error());
|
---|
148 |
|
---|
149 | $measurements = array();
|
---|
150 | while($row = mysql_fetch_assoc($sql))
|
---|
151 | $measurements[$row['fMeasurementTypeKey']] = $row;
|
---|
152 |
|
---|
153 | // ----------------------------------------------------------------
|
---|
154 |
|
---|
155 | // Now create the queries with the correct dates (date and time)
|
---|
156 | // from the posted data and the times therein
|
---|
157 | $queries = array();
|
---|
158 |
|
---|
159 | array_push($queries, "LOCK TABLES Schedule WRITE");
|
---|
160 | array_push($queries, "DELETE FROM Schedule WHERE fStart>'".$cut."' AND DATE(ADDTIME(fStart, '-12:00')) = '".$day."'");
|
---|
161 |
|
---|
162 | // ----------------------------------------------------------------
|
---|
163 |
|
---|
164 | $last = $cut;
|
---|
165 |
|
---|
166 | if (count($data)!=1 || !empty($data[0][0])) // empty schedule
|
---|
167 | foreach ($data as $row)
|
---|
168 | {
|
---|
169 | $t = $row[0]; // time
|
---|
170 |
|
---|
171 | // If there is a time set (first task in an observation),
|
---|
172 | // remember the time, if not this is just a measurement
|
---|
173 | // within an observation so duplicate the time
|
---|
174 | if (!isset($t))
|
---|
175 | {
|
---|
176 | $t = $save;
|
---|
177 | $id++;
|
---|
178 | }
|
---|
179 | else
|
---|
180 | {
|
---|
181 | $save = $t;
|
---|
182 | $id = 0;
|
---|
183 | }
|
---|
184 |
|
---|
185 | // Check if the time is before noon. If it is before noon,
|
---|
186 | // it belongs to the next day
|
---|
187 | $d = date_parse($t);
|
---|
188 | $t = $d['hour']<12 ? $nextDay." ".$t : $day." ".$t;
|
---|
189 |
|
---|
190 | if ($d==FALSE)
|
---|
191 | die("Could not parse time '".$t."' with date_parse");
|
---|
192 |
|
---|
193 | // Check all but the last task in a measurement whether
|
---|
194 | // the are not unlimited
|
---|
195 | if ($last==$t)
|
---|
196 | {
|
---|
197 | if ($measurements[$m]['fIsUnlimited']==true)
|
---|
198 | die("Unlimited task '".$measurements[$m]['fMeasurementTypeName']."' detected before end of observation\n[".$last."|".($id-1)."]");
|
---|
199 | }
|
---|
200 |
|
---|
201 | if ($last>$t)
|
---|
202 | die("Times not sequential\n[".$last."|".$t."]");
|
---|
203 |
|
---|
204 | $last = $t;
|
---|
205 |
|
---|
206 | $m = $row[1]; // measurement
|
---|
207 | $s = $row[2]; // source
|
---|
208 | $v = $row[3]; // value
|
---|
209 |
|
---|
210 | // Check if task need source or must not have a source
|
---|
211 | if ($measurements[$m]['fNeedsSource']==true && $s==0)
|
---|
212 | die("Task '".$measurements[$m]['fMeasurementTypeName']."' needs source.\n[".$t."|".$id."]");
|
---|
213 | if ($measurements[$m]['fNeedsSource']!=true && $s>0)
|
---|
214 | die("Task '".$measurements[$m]['fMeasurementTypeName']."' must not have source.\n[".$t."|".$id."]");
|
---|
215 |
|
---|
216 | // Compile query
|
---|
217 | $query = "INSERT INTO Schedule SET";
|
---|
218 | $query .= " fStart='".$t."'";
|
---|
219 | $query .= ",fMeasurementID=".$id;
|
---|
220 | $query .= ",fMeasurementTypeKey=".$m;
|
---|
221 | $query .= ",fUser='".$user."'";
|
---|
222 | if ($s>0)
|
---|
223 | $query .= ",fSourceKey=".$s;
|
---|
224 |
|
---|
225 | // Check if this is a valid JSON object
|
---|
226 | if (!json_decode('{'.$v.'}'))
|
---|
227 | {
|
---|
228 | switch (json_last_error())
|
---|
229 | {
|
---|
230 | case JSON_ERROR_NONE: break;
|
---|
231 | case JSON_ERROR_DEPTH: $err = 'Maximum stack depth exceeded'; break;
|
---|
232 | case JSON_ERROR_STATE_MISMATCH: $err = 'Invalid or malformed JSON'; break;
|
---|
233 | case JSON_ERROR_CTRL_CHAR: $err = 'Unexpected control character'; break;
|
---|
234 | case JSON_ERROR_SYNTAX: $err = 'Syntax error'; break;
|
---|
235 | case JSON_ERROR_UTF8: $err = 'Malformed UTF-8 characters'; break;
|
---|
236 | default: $err = 'Unknown error'; break;
|
---|
237 | }
|
---|
238 |
|
---|
239 | if (isset($err))
|
---|
240 | die($err." at ".$t." [entry #".($id+1)."]:\n".$v);
|
---|
241 | }
|
---|
242 |
|
---|
243 | // PHP >= 5.5.0
|
---|
244 | // if (!json_decode('{'.$v.'}'))
|
---|
245 | // die("Invalid option at ".$t.": ".$v." [JSON - ".json_last_error_msg()."]");
|
---|
246 |
|
---|
247 |
|
---|
248 |
|
---|
249 | if ($v)
|
---|
250 | $query .= ",fData='".$v."'";
|
---|
251 |
|
---|
252 | // add query to the list of queries
|
---|
253 | array_push($queries, $query);
|
---|
254 | }
|
---|
255 |
|
---|
256 | array_push($queries, "UNLOCK TABLES");
|
---|
257 |
|
---|
258 | // ================================================================
|
---|
259 | // Database interaction
|
---|
260 | // ================================================================
|
---|
261 |
|
---|
262 | foreach ($queries as $query)
|
---|
263 | if (!mysql_query($query))
|
---|
264 | die(mysql_error());
|
---|
265 |
|
---|
266 | mysql_close($db);
|
---|
267 |
|
---|
268 | ?>
|
---|