Index: trunk/FACT++/www/shift/calendar.php =================================================================== --- trunk/FACT++/www/shift/calendar.php (revision 18842) +++ trunk/FACT++/www/shift/calendar.php (revision 20048) @@ -7,4 +7,7 @@ if (!file_exists("log/")) mkdir("log/", 0777, true); + + if (!is_writable("log/mysql.log")) + return header('HTTP/1.0 500 Unable to write log'); $file = fopen("log/mysql.log", "a"); @@ -24,5 +27,5 @@ $password = $_SERVER['PHP_AUTH_PW']; - $con = @ldap_connect($ldaphost); + $con = @ldap_connect("ldap://".$ldaphost); if (!$con) return "ldap_connect failed to ".$ldaphost; @@ -61,20 +64,22 @@ $srData = @ldap_get_entries($con, $sr); if ($srData["count"]==0) - return "No results returned by ldap_get_entries for dn=".$dn."."; + return "No results returned by ldap_get_entries for dn='".$dn."'."; @ldap_unbind($con); $found = false; - foreach ($srData[0]['member'] as $member) - if (strpos($member, "cn=".$userCommonName.",")===0) + foreach ($srData[0]['member'] as $member) { + if (strpos($member, "cn=".$userCommonName.",")===0) { return ""; + } + } - return "Sorry, your credentials don't match!"; + return "You need to be in the Operations group to access this page"; } if (isset($_GET['logout'])) { - Header( "HTTP/1.0 401 Logout successfull!"); - exit(); + header( "HTTP/1.0 401 Logout successfull!"); + return; } @@ -85,9 +90,11 @@ $m = $_GET['m']; -if (!mysql_connect($dbhost, $dbuser, $dbpass)) - return log_sql_error("connect: ".$dbhost."[".$dbuser."]", mysql_error()); +$sql = new mysqli($dbhost, $dbuser, $dbpass); -if (!mysql_select_db($dbname)) - return log_sql_error("select_db: ".$dbname, mysql_error()); +if ($sql->connect_error) + return log_sql_error("connect: ".$dbhost."[".$dbuser."]", $sql->connect_error); + +if (!$sql->select_db($dbname)) + return log_sql_error("select_db: ".$dbname, $sql->error); if (isset($_GET['comment'])) @@ -97,16 +104,17 @@ $query .= " AND d=".$_GET['d']; - $result = mysql_query($query); + $result = $sql->query($query); if (!$result) - return log_sql_error($query, mysql_error()); + return log_sql_error($query, $sql->error); if (isset($_GET['d'])) { - $row = mysql_fetch_array($result, MYSQL_NUM); - print($row[1]); + $row = $result->fetch_array(); + if ($row) + print($row[1]); return; } - while ($row = mysql_fetch_array($result, MYSQL_NUM)) + while ($row = $result->fetch_array()) { printf("%04d%02d%s", strlen($row[1]), $row[0], $row[1]); @@ -139,6 +147,6 @@ $query = "DELETE FROM Comments WHERE y=".$y." AND m=".$m." AND d=".$d; - if (!mysql_query($query)) - return log_sql_error($query, mysql_error()); + if (!$sql->query($query)) + return log_sql_error($query, $sql->error); if (strlen($c)<=0) @@ -146,6 +154,6 @@ $query = "INSERT Comments SET y=".$y.", m=".$m.", d=".$d.", c='".$c."'"; - if (!mysql_query($query)) - return log_sql_error($query, mysql_error()); + if (!$sql->query($query)) + return log_sql_error($query, $sql->error); return; @@ -155,14 +163,14 @@ $query = "DELETE FROM Data WHERE y=".$y." AND m=".$m." AND d=".$d." AND u='".$u."'"; - if (!mysql_query($query)) - return log_sql_error($query, mysql_error()); + if (!$sql->query($query)) + return log_sql_error($query, $sql->error); - if (mysql_affected_rows()==0) + if ($sql->affected_rows==0) { $x = $_GET['x']; $query = "INSERT Data SET y=".$y.", m=".$m.", d=".$d.", x=".$x.", u='".$u."'"; - if (!mysql_query($query)) - return log_sql_error($query, mysql_error()); + if (!$sql->query($query)) + return log_sql_error($query, $sql->error); } } @@ -172,10 +180,10 @@ $query .= " AND d=".$_GET['d']; -$result = mysql_query($query); +$result = $sql->query($query); if (!$result) - if (!mysql_query($query)) - return log_sql_error($query, mysql_error()); + if (!$sql->query($query)) + return log_sql_error($query, $sql->error); -while ($row = mysql_fetch_array($result, MYSQL_NUM)) +while ($row = $result->fetch_array()) print($row[0]."\t".$row[1]."\t".$row[2]."\n"); ?>