1 | <?PHP
|
---|
2 |
|
---|
3 | require_once("config.php");
|
---|
4 |
|
---|
5 | function escape($msg)
|
---|
6 | {
|
---|
7 | $msg = str_replace("\\", "\\\\", $msg);
|
---|
8 | $msg = str_replace('\"', '\"', $msg);
|
---|
9 | return $msg;
|
---|
10 | }
|
---|
11 |
|
---|
12 | function login()
|
---|
13 | {
|
---|
14 | global $ldaphost;
|
---|
15 | global $baseDN;
|
---|
16 | global $groupDN;
|
---|
17 |
|
---|
18 | $username = $_SERVER['PHP_AUTH_USER'];
|
---|
19 | $password = $_SERVER['PHP_AUTH_PW'];
|
---|
20 |
|
---|
21 | $con = @ldap_connect($ldaphost);
|
---|
22 | if (!$con)
|
---|
23 | return "ldap_connect failed to ".$ldaphost;
|
---|
24 |
|
---|
25 | //------------------ Look for user common name
|
---|
26 | $attributes = array('cn', 'mail');
|
---|
27 | $dn = 'ou=People,'.$baseDN;
|
---|
28 | $filter = '(uid='.$username.')';
|
---|
29 |
|
---|
30 | $sr = @ldap_search($con, $dn, $filter, $attributes);
|
---|
31 | if (!$sr)
|
---|
32 | return "ldap_search failed for dn=".$dn.": ".ldap_error($con);
|
---|
33 |
|
---|
34 | $srData = @ldap_get_entries($con, $sr);
|
---|
35 | if ($srData["count"]==0)
|
---|
36 | return "No results returned by ldap_get_entries for dn=".$dn.".";
|
---|
37 |
|
---|
38 | $email =$srData[0]['mail'][0];
|
---|
39 | $userCommonName=$srData[0]['cn'][0];
|
---|
40 | $userDN =$srData[0]['dn'];
|
---|
41 |
|
---|
42 | //------------------ Authenticate user
|
---|
43 | if (!@ldap_bind($con, $userDN, $password))
|
---|
44 | return "ldap_bind failed: ".ldap_error($con);
|
---|
45 |
|
---|
46 | //------------------ Check if the user is in FACT ldap group
|
---|
47 | $attributes= array("member");
|
---|
48 | $filter= '(objectClass=*)';
|
---|
49 |
|
---|
50 | // Get all members of the group.
|
---|
51 | $sr = @ldap_read($con, $groupDN, $filter, $attributes);
|
---|
52 | if (!$sr)
|
---|
53 | return "ldap_read failed for dn=".$groupDN.": ".ldap_error($con);
|
---|
54 |
|
---|
55 | // retrieve the corresponding data
|
---|
56 | $srData = @ldap_get_entries($con, $sr);
|
---|
57 | if ($srData["count"]==0)
|
---|
58 | return "No results returned by ldap_get_entries for dn=".$dn.".";
|
---|
59 |
|
---|
60 | @ldap_unbind($con);
|
---|
61 |
|
---|
62 | $found = false;
|
---|
63 | foreach ($srData[0]['member'] as $member)
|
---|
64 | if (strpos($member, "cn=".$userCommonName.",")===0)
|
---|
65 | return "";
|
---|
66 |
|
---|
67 | return "Sorry, your credentials don't match!";
|
---|
68 | }
|
---|
69 | // --------------------------------------------------------------------
|
---|
70 |
|
---|
71 | if (isset($_GET['load']))
|
---|
72 | {
|
---|
73 | require_once('log/Browscap.php');
|
---|
74 |
|
---|
75 | $d = date("Y/m");
|
---|
76 |
|
---|
77 | $path = "log/".$d;
|
---|
78 |
|
---|
79 | if (!file_exists("log/cache"))
|
---|
80 | mkdir("log/cache", 0777, true);
|
---|
81 |
|
---|
82 | if (!file_exists($path))
|
---|
83 | mkdir($path, 0777, true);
|
---|
84 |
|
---|
85 | $addr = isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : "";
|
---|
86 | $user = isset($_SERVER['PHP_AUTH_USER']) ? $_SERVER['PHP_AUTH_USER'] : "";
|
---|
87 | $dns = gethostbyaddr($addr);
|
---|
88 |
|
---|
89 | $bcap = new phpbrowscap\Browscap('log/cache');
|
---|
90 | $info = $bcap->getBrowser();
|
---|
91 |
|
---|
92 | $file = fopen($path."/smartfact.log", "a");
|
---|
93 | fwrite($file,
|
---|
94 | date("Y-m-d H:i:s\t").$addr.
|
---|
95 | "\t".$info->Platform.
|
---|
96 | "\t".$info->Browser.
|
---|
97 | "\t".$info->Version.
|
---|
98 | "\t".($info->isMobileDevice?"mobile":"").
|
---|
99 | "\t".$user.
|
---|
100 | "\t".$dns."\n");
|
---|
101 | fclose($file);
|
---|
102 |
|
---|
103 | // http://ip-address-lookup-v4.com/ip/92.205.118.219
|
---|
104 |
|
---|
105 | print($user);
|
---|
106 |
|
---|
107 | return;
|
---|
108 | }
|
---|
109 |
|
---|
110 | if (isset($_GET['sourcelist']))
|
---|
111 | {
|
---|
112 | $server = mysql_connect($dbhost, $dbuser, $dbpass);
|
---|
113 | if (!$server)
|
---|
114 | die(mysql_error());
|
---|
115 |
|
---|
116 | if (!mysql_select_db($dbname, $server))
|
---|
117 | die(mysql_error());
|
---|
118 |
|
---|
119 | $result = mysql_query("SELECT fSourceName AS name FROM source", $server);
|
---|
120 | if (!$result)
|
---|
121 | die(mysql_error());
|
---|
122 |
|
---|
123 |
|
---|
124 | // var res = db.query("SELECT fSourceName, fRightAscension, fDeclination ",
|
---|
125 | // "FROM source");
|
---|
126 |
|
---|
127 | // store the record of the "example" table into $row
|
---|
128 |
|
---|
129 | // Print out the contents of the entry
|
---|
130 |
|
---|
131 | while ($row=mysql_fetch_array($result, MYSQL_NUM))
|
---|
132 | print("'".$row[0]."'\n");
|
---|
133 |
|
---|
134 | mysql_close($server);
|
---|
135 |
|
---|
136 | return;
|
---|
137 | }
|
---|
138 |
|
---|
139 | if (isset($_GET['source']) && isset($_GET['time']))
|
---|
140 | {
|
---|
141 | // $args = "filename":label --arg:"key1=value" --arg:"key2=value"
|
---|
142 | $cmd = $path.'/makedata '.escapeshellarg($_GET['source']).' '.escapeshellarg($_GET['time']);
|
---|
143 |
|
---|
144 | // Execute
|
---|
145 | passthru($cmd, $str);
|
---|
146 |
|
---|
147 | // Logging (mainly for debugging)
|
---|
148 | $d = date("Y/m");
|
---|
149 | $path = "log/".$d;
|
---|
150 | if (!file_exists($path))
|
---|
151 | mkdir($path, 0777, true);
|
---|
152 | $file = fopen($path."/exec.log", "a");
|
---|
153 | fwrite($file, $cmd."\n".$str."\n\n");
|
---|
154 | fclose($file);
|
---|
155 |
|
---|
156 | print_r($str);
|
---|
157 |
|
---|
158 | return;
|
---|
159 | }
|
---|
160 |
|
---|
161 | if (isset($_GET['logout']))
|
---|
162 | {
|
---|
163 | if (!isset($_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW']))
|
---|
164 | return;
|
---|
165 |
|
---|
166 | return header('HTTP/1.0 401 Successfull logout!');
|
---|
167 | }
|
---|
168 |
|
---|
169 | // --------------------------------------------------------------------
|
---|
170 |
|
---|
171 | if (!isset($_GET['start']) && !isset($_GET['stop']))
|
---|
172 | return header('HTTP/1.0 400 Command not supported');
|
---|
173 |
|
---|
174 | // --------------------------------------------------------------------
|
---|
175 |
|
---|
176 | if (!isset($_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW']))
|
---|
177 | {
|
---|
178 | header('WWW-Authenticate: Basic realm="SmartFACT++"');
|
---|
179 | header('HTTP/1.0 401 Unauthorized');
|
---|
180 | return;
|
---|
181 | }
|
---|
182 |
|
---|
183 | $rc = login();
|
---|
184 | if ($rc!="")
|
---|
185 | return header('HTTP/1.0 401 '.$rc);
|
---|
186 |
|
---|
187 | // --------------------------------------------------------------------
|
---|
188 |
|
---|
189 | $out = array();
|
---|
190 |
|
---|
191 | if (isset($_GET['stop']))
|
---|
192 | $str = exec($path."/dimctrl --user '".$_SERVER['PHP_AUTH_USER']."' --stop", $out, $rc);
|
---|
193 |
|
---|
194 | if (isset($_GET['start']))
|
---|
195 | {
|
---|
196 | // Filename
|
---|
197 | $script = '"scripts/'.$_GET['start'].'"';
|
---|
198 |
|
---|
199 | unset($_GET['start']);
|
---|
200 |
|
---|
201 | /*
|
---|
202 | $args = "";
|
---|
203 | foreach ($_GET as $key => $value)
|
---|
204 | $args .= " --arg:".$key."=".$value;
|
---|
205 | $str = exec($path."/dimctrl --exec ".$args, $out, $rc);
|
---|
206 | */
|
---|
207 |
|
---|
208 | // Label
|
---|
209 | if (isset($_GET['label']))
|
---|
210 | {
|
---|
211 | if ($_GET['label']>=0)
|
---|
212 | $script .= ":".$_GET['label'];
|
---|
213 | unset($_GET['label']);
|
---|
214 | }
|
---|
215 |
|
---|
216 | $msg = "";
|
---|
217 | if (isset($_GET['msg']))
|
---|
218 | {
|
---|
219 | if ($_GET['msg']>=0)
|
---|
220 | $msg = $_GET['msg'];
|
---|
221 | unset($_GET['msg']);
|
---|
222 | }
|
---|
223 |
|
---|
224 | // Arguments
|
---|
225 | if (!empty($script) && empty($msg))
|
---|
226 | {
|
---|
227 | //foreach ($_GET as $key => $value)
|
---|
228 | // $args .= ' --arg:"'.$key.'='.escape($value).'"';
|
---|
229 |
|
---|
230 | $args = "";
|
---|
231 | foreach ($_GET as $key => $value)
|
---|
232 | $args .= ' "'.$key.'"="'.$value.'"';
|
---|
233 |
|
---|
234 | // $args = "filename":label --arg:"key1=value" --arg:"key2=value"
|
---|
235 | $cmd = $path.'/dimctrl --user "'.$_SERVER['PHP_AUTH_USER'].'" --start '.escapeshellarg($script.$args);
|
---|
236 |
|
---|
237 | // Execute
|
---|
238 | $str = exec($cmd, $out, $rc);
|
---|
239 |
|
---|
240 | // Logging (mainly for debugging)
|
---|
241 | $d = date("Y/m");
|
---|
242 | $path = "log/".$d;
|
---|
243 | if (!file_exists($path))
|
---|
244 | mkdir($path, 0777, true);
|
---|
245 | $file = fopen($path."/exec.log", "a");
|
---|
246 | fwrite($file, $cmd."\n".$str."\n\n");
|
---|
247 | fclose($file);
|
---|
248 | }
|
---|
249 |
|
---|
250 | if (!empty($msg))
|
---|
251 | {
|
---|
252 | $msg = escape($msg);
|
---|
253 |
|
---|
254 | // $args = "filename":label --arg:"key1=value" --arg:"key2=value"
|
---|
255 | $cmd = $path.'/dimctrl --user "'.$_SERVER['PHP_AUTH_USER'].'" --msg '.escapeshellarg($msg);
|
---|
256 |
|
---|
257 | // Execute
|
---|
258 | $str = exec($cmd, $out, $rc);
|
---|
259 |
|
---|
260 | // Logging (mainly for debugging)
|
---|
261 | $d = date("Y/m");
|
---|
262 | $path = "log/".$d;
|
---|
263 | if (!file_exists($path))
|
---|
264 | mkdir($path, 0777, true);
|
---|
265 | $file = fopen($path."/exec.log", "a");
|
---|
266 | fwrite($file, $cmd."\n".$str."\n\n");
|
---|
267 | fclose($file);
|
---|
268 | }
|
---|
269 |
|
---|
270 | // -------------------------------------------
|
---|
271 | }
|
---|
272 |
|
---|
273 | if ($rc>1)
|
---|
274 | return header('HTTP/1.0 500 Execution failed [rc='.$rc."]");
|
---|
275 |
|
---|
276 | print($_SERVER['PHP_AUTH_USER']."\n".$rc);
|
---|
277 |
|
---|
278 | if (isset($_GET['debug']))
|
---|
279 | {
|
---|
280 | print("\n");
|
---|
281 | print_r($out);
|
---|
282 | }
|
---|
283 |
|
---|
284 | ?>
|
---|