source: trunk/FACT++/www/shift/calendar.php@ 16458

Last change on this file since 16458 was 15155, checked in by tbretz, 12 years ago
Implemented a new 'user' which can be used to add entries for debugging to be able to seperate them from normal shift entries.
File size: 4.2 KB
Line 
1<?PHP
2
3require_once("config.php");
4
5function login()
6{
7 global $ldaphost;
8 global $baseDN;
9 global $groupDN;
10
11 $username = $_SERVER['PHP_AUTH_USER'];
12 $password = $_SERVER['PHP_AUTH_PW'];
13
14 $con = @ldap_connect($ldaphost);
15 if (!$con)
16 return "ldap_connect failed to ".$ldaphost;
17
18 //------------------ Look for user common name
19 $attributes = array('cn', 'mail');
20 $dn = 'ou=People,'.$baseDN;
21 $filter = '(uid='.$username.')';
22
23 $sr = @ldap_search($con, $dn, $filter, $attributes);
24 if (!$sr)
25 return "ldap_search failed for dn=".$dn.": ".ldap_error($con);
26
27 $srData = @ldap_get_entries($con, $sr);
28 if ($srData["count"]==0)
29 return "No results returned by ldap_get_entries for dn=".$dn.".";
30
31 $email =$srData[0]['mail'][0];
32 $userCommonName=$srData[0]['cn'][0];
33 $userDN =$srData[0]['dn'];
34
35 //------------------ Authenticate user
36 if (!@ldap_bind($con, $userDN, $password))
37 return "ldap_bind failed: ".ldap_error($con);
38
39 //------------------ Check if the user is in FACT ldap group
40 $attributes= array("member");
41 $filter= '(objectClass=*)';
42
43 // Get all members of the group.
44 $sr = @ldap_read($con, $groupDN, $filter, $attributes);
45 if (!$sr)
46 return "ldap_read failed for dn=".$groupDN.": ".ldap_error($con);
47
48 // retrieve the corresponding data
49 $srData = @ldap_get_entries($con, $sr);
50 if ($srData["count"]==0)
51 return "No results returned by ldap_get_entries for dn=".$dn.".";
52
53 @ldap_unbind($con);
54
55 $found = false;
56 foreach ($srData[0]['member'] as $member)
57 if (strpos($member, "cn=".$userCommonName.",")===0)
58 return "";
59
60 return "Sorry, your credentials don't match!";
61}
62
63if (isset($_GET['logout']))
64{
65 Header( "HTTP/1.0 401 Logout successfull!");
66 exit();
67}
68
69if (!isset($_GET['y']) || !isset($_GET['m']))
70 return;
71
72$y = $_GET['y'];
73$m = $_GET['m'];
74
75if (!mysql_connect($dbhost, $dbuser, $dbpass))
76 return header('HTTP/1.0 500 '.mysql_error());
77
78if (!mysql_select_db($dbname))
79 return header('HTTP/1.0 500 '.mysql_error());
80
81if (isset($_GET['comment']))
82{
83 $query = "SELECT d, c FROM Comments WHERE y=".$y." AND m=".$m;
84 if (isset($_GET['d']))
85 $query .= " AND d=".$_GET['d'];
86
87 $result = mysql_query($query);
88 if (!$result)
89 return header('HTTP/1.0 500 '.mysql_error());
90
91 if (isset($_GET['d']))
92 {
93 $row = mysql_fetch_array($result, MYSQL_NUM);
94 print($row[1]);
95 return;
96 }
97
98 while ($row = mysql_fetch_array($result, MYSQL_NUM))
99 {
100 printf("%04d%02d%s", strlen($row[1]), $row[0], $row[1]);
101 }
102
103 return;
104}
105
106if (isset($_GET['d']))
107{
108 if (!isset($_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW']))
109 {
110 header('WWW-Authenticate: Basic realm="Shift schedule"');
111 header('HTTP/1.0 401 Unauthorized');
112 return;
113 }
114
115 $rc = login();
116 if ($rc!="")
117 {
118 header('HTTP/1.0 401 '.$rc);
119 return;
120 }
121
122 $d = $_GET['d'];
123
124 if (isset($_GET['c']))
125 {
126 $c = $_GET['c'];
127
128 if (!mysql_query("DELETE FROM Comments WHERE y=".$y." AND m=".$m." AND d=".$d))
129 return header('HTTP/1.0 500 '.mysql_error());
130
131 if (strlen($c)>0)
132 if (!mysql_query("INSERT Comments SET y=".$y.", m=".$m.", d=".$d.", c='".$c."'"))
133 return header('HTTP/1.0 500 '.mysql_error());
134 return;
135 }
136
137 $u = isset($_GET['u']) ? $_GET['u'] : $_SERVER['PHP_AUTH_USER'];
138
139 if (!mysql_query("DELETE FROM Data WHERE y=".$y." AND m=".$m." AND d=".$d." AND u='".$u."'"))
140 return header('HTTP/1.0 500 '.mysql_error());
141
142 if (mysql_affected_rows()==0)
143 {
144 $x = $_GET['x'];
145 if (!mysql_query("INSERT Data SET y=".$y.", m=".$m.", d=".$d.", x=".$x.", u='".$u."'"))
146 return header('HTTP/1.0 500 '.mysql_error());
147 }
148}
149
150$query = "SELECT d, u, x FROM Data WHERE y=".$y." AND m=".$m;
151if (isset($_GET['d']))
152 $query .= " AND d=".$_GET['d'];
153
154$result = mysql_query($query);
155if (!$result)
156 return header('HTTP/1.0 500 '.mysql_error());
157
158while ($row = mysql_fetch_array($result, MYSQL_NUM))
159 print($row[0]."\t".$row[1]."\t".$row[2]."\n");
160?>
Note: See TracBrowser for help on using the repository browser.