source: trunk/FACT++/www/shift/calendar.php@ 20048

Last change on this file since 20048 was 20048, checked in by tbretz, 4 years ago
Replaced mysql_ with ->; check if the log file is writable; added ldap:// to ldap_connect
File size: 4.7 KB
Line 
1<?PHP
2
3require_once("config.php");
4
5function log_sql_error($query, $error)
6{
7 if (!file_exists("log/"))
8 mkdir("log/", 0777, true);
9
10 if (!is_writable("log/mysql.log"))
11 return header('HTTP/1.0 500 Unable to write log');
12
13 $file = fopen("log/mysql.log", "a");
14 fwrite($file, date("Y-m-d H:i:s")."\n".$query."\n".$error."\n\n");
15 fclose($file);
16
17 return header('HTTP/1.0 500 '.$error);
18}
19
20function login()
21{
22 global $ldaphost;
23 global $baseDN;
24 global $groupDN;
25
26 $username = $_SERVER['PHP_AUTH_USER'];
27 $password = $_SERVER['PHP_AUTH_PW'];
28
29 $con = @ldap_connect("ldap://".$ldaphost);
30 if (!$con)
31 return "ldap_connect failed to ".$ldaphost;
32
33 //------------------ Look for user common name
34 $attributes = array('cn', 'mail');
35 $dn = 'ou=People,'.$baseDN;
36 $filter = '(uid='.$username.')';
37
38 $sr = @ldap_search($con, $dn, $filter, $attributes);
39 if (!$sr)
40 return "ldap_search failed for dn=".$dn.": ".ldap_error($con);
41
42 $srData = @ldap_get_entries($con, $sr);
43 if ($srData["count"]==0)
44 return "No results returned by ldap_get_entries for dn=".$dn.".";
45
46 $email =$srData[0]['mail'][0];
47 $userCommonName=$srData[0]['cn'][0];
48 $userDN =$srData[0]['dn'];
49
50 //------------------ Authenticate user
51 if (!@ldap_bind($con, $userDN, $password))
52 return "ldap_bind failed: ".ldap_error($con);
53
54 //------------------ Check if the user is in FACT ldap group
55 $attributes= array("member");
56 $filter= '(objectClass=*)';
57
58 // Get all members of the group.
59 $sr = @ldap_read($con, $groupDN, $filter, $attributes);
60 if (!$sr)
61 return "ldap_read failed for dn=".$groupDN.": ".ldap_error($con);
62
63 // retrieve the corresponding data
64 $srData = @ldap_get_entries($con, $sr);
65 if ($srData["count"]==0)
66 return "No results returned by ldap_get_entries for dn='".$dn."'.";
67
68 @ldap_unbind($con);
69
70 $found = false;
71 foreach ($srData[0]['member'] as $member) {
72 if (strpos($member, "cn=".$userCommonName.",")===0) {
73 return "";
74 }
75 }
76
77 return "You need to be in the Operations group to access this page";
78}
79
80if (isset($_GET['logout']))
81{
82 header( "HTTP/1.0 401 Logout successfull!");
83 return;
84}
85
86if (!isset($_GET['y']) || !isset($_GET['m']))
87 return;
88
89$y = $_GET['y'];
90$m = $_GET['m'];
91
92$sql = new mysqli($dbhost, $dbuser, $dbpass);
93
94if ($sql->connect_error)
95 return log_sql_error("connect: ".$dbhost."[".$dbuser."]", $sql->connect_error);
96
97if (!$sql->select_db($dbname))
98 return log_sql_error("select_db: ".$dbname, $sql->error);
99
100if (isset($_GET['comment']))
101{
102 $query = "SELECT d, c FROM Comments WHERE y=".$y." AND m=".$m;
103 if (isset($_GET['d']))
104 $query .= " AND d=".$_GET['d'];
105
106 $result = $sql->query($query);
107 if (!$result)
108 return log_sql_error($query, $sql->error);
109
110 if (isset($_GET['d']))
111 {
112 $row = $result->fetch_array();
113 if ($row)
114 print($row[1]);
115 return;
116 }
117
118 while ($row = $result->fetch_array())
119 {
120 printf("%04d%02d%s", strlen($row[1]), $row[0], $row[1]);
121 }
122
123 return;
124}
125
126if (isset($_GET['d']))
127{
128 if (!isset($_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW']))
129 {
130 header('WWW-Authenticate: Basic realm="Shift schedule"');
131 header('HTTP/1.0 401 Unauthorized');
132 return;
133 }
134
135 $rc = login();
136 if ($rc!="")
137 {
138 header('HTTP/1.0 401 '.$rc);
139 return;
140 }
141
142 $d = $_GET['d'];
143
144 if (isset($_GET['c']))
145 {
146 $c = $_GET['c'];
147
148 $query = "DELETE FROM Comments WHERE y=".$y." AND m=".$m." AND d=".$d;
149 if (!$sql->query($query))
150 return log_sql_error($query, $sql->error);
151
152 if (strlen($c)<=0)
153 return;
154
155 $query = "INSERT Comments SET y=".$y.", m=".$m.", d=".$d.", c='".$c."'";
156 if (!$sql->query($query))
157 return log_sql_error($query, $sql->error);
158
159 return;
160 }
161
162 $u = isset($_GET['u']) ? $_GET['u'] : $_SERVER['PHP_AUTH_USER'];
163
164 $query = "DELETE FROM Data WHERE y=".$y." AND m=".$m." AND d=".$d." AND u='".$u."'";
165 if (!$sql->query($query))
166 return log_sql_error($query, $sql->error);
167
168 if ($sql->affected_rows==0)
169 {
170 $x = $_GET['x'];
171
172 $query = "INSERT Data SET y=".$y.", m=".$m.", d=".$d.", x=".$x.", u='".$u."'";
173 if (!$sql->query($query))
174 return log_sql_error($query, $sql->error);
175 }
176}
177
178$query = "SELECT d, u, x FROM Data WHERE y=".$y." AND m=".$m;
179if (isset($_GET['d']))
180 $query .= " AND d=".$_GET['d'];
181
182$result = $sql->query($query);
183if (!$result)
184 if (!$sql->query($query))
185 return log_sql_error($query, $sql->error);
186
187while ($row = $result->fetch_array())
188 print($row[0]."\t".$row[1]."\t".$row[2]."\n");
189?>
Note: See TracBrowser for help on using the repository browser.