<?php
require_once '../dbconnection.php';
// establishes a connection to the db called $conn
require_once '../auth.php';
//ldap authorisation file
if (check_auth_ldap($conn) == 1 && $_SESSION['access'] >= $editor) {
echo '<div id="main-content-area">';
//check the required variables have been posted and set variables to use them
if (empty($_GET['panel'])) {
$errors['message'] = 'No panel defined';
}
if (isset($_GET['panel'])) {
$panel = $_GET['panel'];
}
if (empty($_GET['department'])) {
$errors['message'] = 'No department defined';
}
if (isset($_GET['department'])) {
$department = $_GET['department'];
}
//if there are errors display a message and stop
if (!empty($errors)) {
AWESOME_error($errors['message']);
exit;
} else {
//start the main page bit
//get the human name of the department from the db
$query = $conn->prepare('SELECT humanName FROM departments WHERE name = :name');
$query->bindValue(':name', $department, PDO::PARAM_STR);
$query->execute();
<script src="js/fullcalendar.min.js"></script>
<script src="js/bootstrap-datetimepicker.min.js"></script>
<script src="js/calendar-main.js"></script>
<script src="js/awesome.js"></script>
<!-- HTML5 shim and Respond.js for IE8 support of HTML5 elements and media queries -->
<!-- WARNING: Respond.js doesn't work if you view the page via file:// -->
<!--[if lt IE 9]>
<script src="https://oss.maxcdn.com/html5shiv/3.7.2/html5shiv.min.js"></script>
<script src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script>
<![endif]-->
<?php
require_once 'dbconnection.php';
// establishes a connection to the db called $conn
require_once 'auth.php';
//LDAP authentification
if (check_auth_ldap($conn)) {
echo '<script>var loggedin = true;</script>';
$query = $conn->prepare('SELECT email, name FROM users WHERE username = :username');
$query->bindValue(':username', $_SESSION['username'], PDO::PARAM_STR);
$query->execute();
$row = $query->fetch(PDO::FETCH_ASSOC);
echo '<script>var username = "******";</script>';
echo '<script>var email = "' . $row['email'] . '";</script>';
if (checkSecGroup('Home Calendar Editors')) {
echo '<script>var foh = true;</script>';
} else {
echo '<script>var foh = false;</script>';
}
} else {
echo '<script>var loggedin = false;</script>';
echo '<script>var foh = false;</script>';
<?php
require_once 'dbconnection.php';
// establishes a connection to the db called $conn
$ldapreturn = check_auth_ldap($conn);
$user = 0;
$editor = 5;
$admin = 10;
if ($ldapreturn == 49) {
?>
<!-- Modal -->
<div class="modal fade" id="ldaperrorModal">
<div class="modal-dialog">
<div class="modal-content">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-label="Close"><span aria-hidden="true">×</span></button>
<h4 class="modal-title">Login Error</h4>
</div>
<div class="modal-body">
<p>Authentication failed: Username or Password incorrect.</p>
</div>
<div class="modal-footer">
<button type="button" class="btn btn-default" data-dismiss="modal">Close</button>
</div>
</div><!-- /.modal-content -->
</div><!-- /.modal-dialog -->
</div><!-- /.modal -->
<script type="text/javascript"> $('#ldaperrorModal').modal('show'); </script>
<?php
}
if ($ldapreturn == 999) {
</label>
</div>
</div>
</div>
<!-- locationtext -->
<div class="form-group">
<label class="col-md-3 control-label" for="locationtext"></label>
<div class="col-md-6">
<textarea class="form-control" id="locationtext" name="locationtext" style="height:100px" disabled><?php
echo $row['location'] == 3 ? $row['locationtext'] : '';
?>
</textarea>
</div>
</div>
<?php
if (check_auth_ldap($conn) == 1) {
echo '<input type="hidden" name="username" value="' . $_SESSION['username'] . '">';
}
?>
<div class="progress" id="locationprogress">
<div class="progress-bar progress-bar-striped active" role="progressbar" aria-valuenow="100" aria-valuemin="100" aria-valuemax="100" style="width:100%">
Please Wait...
</div>
</div>
<div class="col-md-3"></div>
<div class="col-md-6">
<button type="button" class="btn btn-danger" data-dismiss="modal"><span class="glyphicon glyphicon-remove"></span> Cancel</button>
<button class="btn btn-success" type="submit"><span class="glyphicon glyphicon-ok"></span> Save changes</button>
</div>
</fieldset>
</form>
<?php
require_once '../dbconnection.php';
// Require DB Connection
require_once '../auth.php';
//LDAP authentification
//check the session hasn't expired before changing anything
if (check_auth_ldap($conn) || $_POST['type'] == 'getEvents') {
//do something to the calendar
switch ($_POST['type']) {
case 'getEvents':
if ($_POST['filter'] == 'all') {
//this needs changing to catch events that start before start
$query = $conn->prepare('SELECT * FROM calendar WHERE start < :end AND :start < end');
} else {
$query = $conn->prepare('SELECT * FROM calendar WHERE color = :color AND start BETWEEN :start AND :end ORDER BY start ASC');
$query->bindValue(':color', $_POST['filter']);
}
$query->bindValue(':start', $_POST['start']);
$query->bindValue(':end', $_POST['end']);
break;
case 'addEvent':
$query = $conn->prepare('INSERT INTO calendar (title, start, end, description, color, allDay, email, username) VALUES (:title, :start, :end, :description, :color, :allDay, :email, :username)');
break;
case 'deleteEvent':
$query = $conn->prepare('DELETE FROM calendar WHERE id = :id');
$query->bindValue(':id', $_POST['id']);
break;
case 'updateEvent':
$query = $conn->prepare('UPDATE calendar SET title = :title, start = :start, end = :end, description = :description, color = :color, allDay = :allDay, email = :email, username = :username WHERE id = :id');
$query->bindValue(':id', $_POST['id']);
