<?php require_once '../dbconnection.php'; // establishes a connection to the db called $conn require_once '../auth.php'; //ldap authorisation file if (check_auth_ldap($conn) == 1 && $_SESSION['access'] >= $editor) { echo '<div id="main-content-area">'; //check the required variables have been posted and set variables to use them if (empty($_GET['panel'])) { $errors['message'] = 'No panel defined'; } if (isset($_GET['panel'])) { $panel = $_GET['panel']; } if (empty($_GET['department'])) { $errors['message'] = 'No department defined'; } if (isset($_GET['department'])) { $department = $_GET['department']; } //if there are errors display a message and stop if (!empty($errors)) { AWESOME_error($errors['message']); exit; } else { //start the main page bit //get the human name of the department from the db $query = $conn->prepare('SELECT humanName FROM departments WHERE name = :name'); $query->bindValue(':name', $department, PDO::PARAM_STR); $query->execute();
<script src="js/fullcalendar.min.js"></script> <script src="js/bootstrap-datetimepicker.min.js"></script> <script src="js/calendar-main.js"></script> <script src="js/awesome.js"></script> <!-- HTML5 shim and Respond.js for IE8 support of HTML5 elements and media queries --> <!-- WARNING: Respond.js doesn't work if you view the page via file:// --> <!--[if lt IE 9]> <script src="https://oss.maxcdn.com/html5shiv/3.7.2/html5shiv.min.js"></script> <script src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script> <![endif]--> <?php require_once 'dbconnection.php'; // establishes a connection to the db called $conn require_once 'auth.php'; //LDAP authentification if (check_auth_ldap($conn)) { echo '<script>var loggedin = true;</script>'; $query = $conn->prepare('SELECT email, name FROM users WHERE username = :username'); $query->bindValue(':username', $_SESSION['username'], PDO::PARAM_STR); $query->execute(); $row = $query->fetch(PDO::FETCH_ASSOC); echo '<script>var username = "******";</script>'; echo '<script>var email = "' . $row['email'] . '";</script>'; if (checkSecGroup('Home Calendar Editors')) { echo '<script>var foh = true;</script>'; } else { echo '<script>var foh = false;</script>'; } } else { echo '<script>var loggedin = false;</script>'; echo '<script>var foh = false;</script>';
<?php require_once 'dbconnection.php'; // establishes a connection to the db called $conn $ldapreturn = check_auth_ldap($conn); $user = 0; $editor = 5; $admin = 10; if ($ldapreturn == 49) { ?> <!-- Modal --> <div class="modal fade" id="ldaperrorModal"> <div class="modal-dialog"> <div class="modal-content"> <div class="modal-header"> <button type="button" class="close" data-dismiss="modal" aria-label="Close"><span aria-hidden="true">×</span></button> <h4 class="modal-title">Login Error</h4> </div> <div class="modal-body"> <p>Authentication failed: Username or Password incorrect.</p> </div> <div class="modal-footer"> <button type="button" class="btn btn-default" data-dismiss="modal">Close</button> </div> </div><!-- /.modal-content --> </div><!-- /.modal-dialog --> </div><!-- /.modal --> <script type="text/javascript"> $('#ldaperrorModal').modal('show'); </script> <?php } if ($ldapreturn == 999) {
</label> </div> </div> </div> <!-- locationtext --> <div class="form-group"> <label class="col-md-3 control-label" for="locationtext"></label> <div class="col-md-6"> <textarea class="form-control" id="locationtext" name="locationtext" style="height:100px" disabled><?php echo $row['location'] == 3 ? $row['locationtext'] : ''; ?> </textarea> </div> </div> <?php if (check_auth_ldap($conn) == 1) { echo '<input type="hidden" name="username" value="' . $_SESSION['username'] . '">'; } ?> <div class="progress" id="locationprogress"> <div class="progress-bar progress-bar-striped active" role="progressbar" aria-valuenow="100" aria-valuemin="100" aria-valuemax="100" style="width:100%"> Please Wait... </div> </div> <div class="col-md-3"></div> <div class="col-md-6"> <button type="button" class="btn btn-danger" data-dismiss="modal"><span class="glyphicon glyphicon-remove"></span> Cancel</button> <button class="btn btn-success" type="submit"><span class="glyphicon glyphicon-ok"></span> Save changes</button> </div> </fieldset> </form>
<?php require_once '../dbconnection.php'; // Require DB Connection require_once '../auth.php'; //LDAP authentification //check the session hasn't expired before changing anything if (check_auth_ldap($conn) || $_POST['type'] == 'getEvents') { //do something to the calendar switch ($_POST['type']) { case 'getEvents': if ($_POST['filter'] == 'all') { //this needs changing to catch events that start before start $query = $conn->prepare('SELECT * FROM calendar WHERE start < :end AND :start < end'); } else { $query = $conn->prepare('SELECT * FROM calendar WHERE color = :color AND start BETWEEN :start AND :end ORDER BY start ASC'); $query->bindValue(':color', $_POST['filter']); } $query->bindValue(':start', $_POST['start']); $query->bindValue(':end', $_POST['end']); break; case 'addEvent': $query = $conn->prepare('INSERT INTO calendar (title, start, end, description, color, allDay, email, username) VALUES (:title, :start, :end, :description, :color, :allDay, :email, :username)'); break; case 'deleteEvent': $query = $conn->prepare('DELETE FROM calendar WHERE id = :id'); $query->bindValue(':id', $_POST['id']); break; case 'updateEvent': $query = $conn->prepare('UPDATE calendar SET title = :title, start = :start, end = :end, description = :description, color = :color, allDay = :allDay, email = :email, username = :username WHERE id = :id'); $query->bindValue(':id', $_POST['id']);