function checkExpiredDemoUser($userid, $groups = 0)
{
global $mode, $skin, $noHTMLwrappers;
if ($groups == 0) {
$groups = getUsersGroups($userid, 1);
}
if (count($groups) != 1) {
return;
}
$tmp = array_values($groups);
if ($tmp[0] != 'demo') {
return;
}
$query = "SELECT start " . "FROM log " . "WHERE userid = {$userid} " . "AND finalend < NOW() " . "ORDER BY start " . "LIMIT 3";
$qh = doQuery($query, 101);
$expire = time() - SECINDAY * 3;
$rows = mysql_num_rows($qh);
if ($row = mysql_fetch_assoc($qh)) {
if ($rows >= 3 || datetimeToUnix($row['start']) < $expire) {
if (in_array($mode, $noHTMLwrappers)) {
# do a redirect and handle removal on next page load so user can
# be notified - doesn't always work, but handles a few extra
# cases
header("Location: " . BASEURL . SCRIPT);
} else {
$nodemoid = getUserGroupID('nodemo', getAffiliationID('ITECS'));
$query = "DELETE FROM usergroupmembers " . "WHERE userid = {$userid}";
# because updateGroups doesn't
# delete from custom groups
doQuery($query, 101);
updateGroups(array($nodemoid), $userid);
checkUpdateServerRequestGroups($groupid);
if (empty($skin)) {
$skin = 'default';
require_once "themes/{$skin}/page.php";
}
$mode = 'expiredemouser';
printHTMLHeader();
print "<h2>Account Expired</h2>\n";
print "The account you are using is a demo account that has now expired. ";
print "You cannot make any more reservations. Please contact <a href=\"";
print "mailto:" . HELPEMAIL . "\">" . HELPEMAIL . "</a> if you need ";
print "further access to VCL.<br>\n";
}
cleanSemaphore();
# probably not needed but ensures we do not leave stale entries
printHTMLFooter();
dbDisconnect();
exit;
}
}
}
<?php
include_once 'includes/functions.php';
include_once 'includes/db_connect.php';
sec_session_start();
if (!login_check($mysqli)) {
header('Location: index.php?error=login');
}
$schools = getUsersSchools($mysqli, $_SESSION["user_id"]);
$groups = getUsersGroups($mysqli, $_SESSION["user_id"]);
?>
<!DOCTYPE html>
<html>
<head>
<title>After School</title>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" href="css/main.css" />
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js"></script>
<script src="js/schoolAjax.js"></script>
<script src="js/memberAjax.js"></script>
</head>
<body>
<a href="includes/logout.php">Logout</a>
<a href="user.php?id=<?php
echo $_SESSION["user_id"];
?>
">Profile</a>
<?php
include_once "includes/functions.php";
include_once "includes/db_connect.php";
sec_session_start();
$userId = $_GET['id'];
$member = getMember($mysqli, $userId);
$schools = getUsersSchools($mysqli, $userId);
$groups = getUsersGroups($mysqli, $userId);
?>
<!DOCTYPE html>
<html>
<head>
<title>After School</title>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" href="css/main.css" />
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js"></script>
<script src="js/schoolAjax.js"></script>
</head>
<body>
<img src="<?php
echo $member["image"];
?>
" height="150" width="150">
<h2><?php
echo $member["firstName"] . ' ' . $member["lastName"];
?>
</h2>
function updateLDAPUser($authtype, $userid)
{
global $authMechs;
$esc_userid = mysql_real_escape_string($userid);
$userData = getLDAPUserData($authtype, $userid);
if (is_null($userData)) {
return NULL;
}
$affilid = $authMechs[$authtype]['affiliationid'];
$now = unixToDatetime(time());
// select desired data from db
$qbase = "SELECT i.name AS IMtype, " . "u.IMid AS IMid, " . "u.affiliationid, " . "af.name AS affiliation, " . "af.shibonly, " . "u.emailnotices, " . "u.preferredname AS preferredname, " . "u.uid AS uid, " . "u.id AS id, " . "u.width AS width, " . "u.height AS height, " . "u.bpp AS bpp, " . "u.audiomode AS audiomode, " . "u.mapdrives AS mapdrives, " . "u.mapprinters AS mapprinters, " . "u.mapserial AS mapserial, " . "COALESCE(u.rdpport, 3389) AS rdpport, " . "u.showallgroups " . "FROM user u, " . "IMtype i, " . "affiliation af " . "WHERE u.IMtypeid = i.id AND " . "af.id = {$affilid} AND ";
if (array_key_exists('numericid', $userData) && is_numeric($userData['numericid'])) {
$query = $qbase . "u.uid = {$userData['numericid']}";
} else {
$query = $qbase . "u.unityid = '{$esc_userid}' AND " . "u.affiliationid = {$affilid}";
}
$qh = doQuery($query, 255);
$updateuid = 0;
# check to see if there is a matching entry where uid is NULL but unityid and affiliationid match
if (array_key_exists('numericid', $userData) && is_numeric($userData['numericid']) && !mysql_num_rows($qh)) {
$updateuid = 1;
$query = $qbase . "u.unityid = '{$esc_userid}' AND " . "u.affiliationid = {$affilid}";
$qh = doQuery($query, 255);
}
// if get a row
// update db
// update results from select
if ($user = mysql_fetch_assoc($qh)) {
$user["unityid"] = $userid;
$user["firstname"] = $userData['first'];
$user["lastname"] = $userData["last"];
$user["email"] = $userData["email"];
$user["lastupdated"] = $now;
$query = "UPDATE user " . "SET unityid = '{$esc_userid}', " . "firstname = '{$userData['first']}', " . "lastname = '{$userData['last']}', " . "email = '{$userData['email']}', ";
if ($updateuid) {
$query .= "uid = {$userData['numericid']}, ";
}
$query .= "lastupdated = '{$now}' ";
if (array_key_exists('numericid', $userData) && is_numeric($userData['numericid']) && !$updateuid) {
$query .= "WHERE uid = {$userData['numericid']}";
} else {
$query .= "WHERE unityid = '{$esc_userid}' AND " . "affiliationid = {$affilid}";
}
doQuery($query, 256, 'vcl', 1);
} else {
// call addLDAPUser
$id = addLDAPUser($authtype, $userid);
$query = "SELECT u.unityid AS unityid, " . "u.affiliationid, " . "af.name AS affiliation, " . "u.firstname AS firstname, " . "u.lastname AS lastname, " . "u.preferredname AS preferredname, " . "u.email AS email, " . "i.name AS IMtype, " . "u.IMid AS IMid, " . "u.uid AS uid, " . "u.id AS id, " . "u.width AS width, " . "u.height AS height, " . "u.bpp AS bpp, " . "u.audiomode AS audiomode, " . "u.mapdrives AS mapdrives, " . "u.mapprinters AS mapprinters, " . "u.mapserial AS mapserial, " . "COALESCE(u.rdpport, 3389) AS rdpport, " . "u.showallgroups, " . "u.usepublickeys, " . "u.sshpublickeys, " . "u.lastupdated AS lastupdated " . "FROM user u, " . "IMtype i, " . "affiliation af " . "WHERE u.IMtypeid = i.id AND " . "u.affiliationid = af.id AND " . "u.id = {$id}";
$qh = doQuery($query, 101);
if (!($user = mysql_fetch_assoc($qh))) {
return NULL;
}
$user['sshpublickeys'] = htmlspecialchars($user['sshpublickeys']);
}
// TODO handle generic updating of groups
switch (getAffiliationName($affilid)) {
case 'EXAMPLE1':
updateEXAMPLE1Groups($user);
break;
default:
//TODO possibly add to a default group
}
$user["groups"] = getUsersGroups($user["id"], 1);
$user["groupperms"] = getUsersGroupPerms(array_keys($user['groups']));
$user["privileges"] = getOverallUserPrivs($user["id"]);
$user['login'] = $user['unityid'];
return $user;
}
function getUserMaxTimes($uid = 0)
{
global $user;
$return = array("initial" => 0, "total" => 0, "extend" => 0);
if ($uid == 0) {
$groupids = array_keys($user["groups"]);
} else {
$groupids = array_keys(getUsersGroups($uid, 1));
}
if (!count($groupids)) {
array_push($groupids, getUserGroupID(DEFAULTGROUP));
}
$allgroups = getUserGroups();
foreach ($groupids as $id) {
if ($return["initial"] < $allgroups[$id]["initialmaxtime"]) {
$return["initial"] = $allgroups[$id]["initialmaxtime"];
}
if ($return["total"] < $allgroups[$id]["totalmaxtime"]) {
$return["total"] = $allgroups[$id]["totalmaxtime"];
}
if ($return["extend"] < $allgroups[$id]["maxextendtime"]) {
$return["extend"] = $allgroups[$id]["maxextendtime"];
}
}
return $return;
}
function updateLDAPUser($authtype, $userid)
{
global $authMechs;
$userData = getLDAPUserData($authtype, $userid);
if (is_null($userData)) {
return NULL;
}
$affilid = $authMechs[$authtype]['affiliationid'];
$now = unixToDatetime(time());
// select desired data from db
$query = "SELECT i.name AS IMtype, " . "u.IMid AS IMid, " . "u.affiliationid, " . "af.name AS affiliation, " . "af.shibonly, " . "u.emailnotices, " . "a.name AS adminlevel, " . "a.id AS adminlevelid, " . "u.preferredname AS preferredname, " . "u.uid AS uid, " . "u.id AS id, " . "u.width AS width, " . "u.height AS height, " . "u.bpp AS bpp, " . "u.audiomode AS audiomode, " . "u.mapdrives AS mapdrives, " . "u.mapprinters AS mapprinters, " . "u.mapserial AS mapserial, " . "u.showallgroups " . "FROM user u, " . "IMtype i, " . "adminlevel a, " . "affiliation af " . "WHERE u.IMtypeid = i.id AND " . "u.adminlevelid = a.id AND " . "af.id = {$affilid} AND ";
if (array_key_exists('numericid', $userData) && is_numeric($userData['numericid'])) {
$query .= "u.uid = " . $userData["numericid"];
} else {
$query .= "u.unityid = '{$userid}' AND " . "u.affiliationid = {$affilid}";
}
$qh = doQuery($query, 255);
// if get a row
// update db
// update results from select
if ($user = mysql_fetch_assoc($qh)) {
$user["unityid"] = $userid;
$user["firstname"] = $userData['first'];
$user["lastname"] = $userData["last"];
$user["email"] = $userData["email"];
$user["lastupdated"] = $now;
$query = "UPDATE user " . "SET unityid = '{$userid}', " . "firstname = '{$userData['first']}', " . "lastname = '{$userData['last']}', " . "email = '{$userData['email']}', " . "lastupdated = '{$now}' ";
if (array_key_exists('numericid', $userData) && is_numeric($userData['numericid'])) {
$query .= "WHERE uid = " . $userData["numericid"];
} else {
$query .= "WHERE unityid = '{$userid}' AND " . "affiliationid = {$affilid}";
}
doQuery($query, 256, 'vcl', 1);
} else {
// call addLDAPUser
$id = addLDAPUser($authtype, $userid);
$query = "SELECT u.unityid AS unityid, " . "u.affiliationid, " . "af.name AS affiliation, " . "u.firstname AS firstname, " . "u.lastname AS lastname, " . "u.preferredname AS preferredname, " . "u.email AS email, " . "i.name AS IMtype, " . "u.IMid AS IMid, " . "u.uid AS uid, " . "u.id AS id, " . "a.name AS adminlevel, " . "a.id AS adminlevelid, " . "u.width AS width, " . "u.height AS height, " . "u.bpp AS bpp, " . "u.audiomode AS audiomode, " . "u.mapdrives AS mapdrives, " . "u.mapprinters AS mapprinters, " . "u.mapserial AS mapserial, " . "u.showallgroups, " . "u.lastupdated AS lastupdated " . "FROM user u, " . "IMtype i, " . "affiliation af, " . "adminlevel a " . "WHERE u.IMtypeid = i.id AND " . "u.adminlevelid = a.id AND " . "u.affiliationid = af.id AND " . "u.id = {$id}";
$qh = doQuery($query, 101);
if (!($user = mysql_fetch_assoc($qh))) {
return NULL;
}
}
// TODO handle generic updating of groups
switch (getAffiliationName($affilid)) {
case 'EXAMPLE1':
updateEXAMPLE1Groups($user);
break;
default:
//TODO possibly add to a default group
}
$user["groups"] = getUsersGroups($user["id"], 1);
$user["privileges"] = getOverallUserPrivs($user["id"]);
$user['login'] = $user['unityid'];
return $user;
}
/**
* Reads in an .xml file and returns a SimpleXMLElement object that represents
* the file.
*
* Note that because this function must be called first, calls to parseConfig()
* and getUsersGroups() have been added to ensure that all necessary parsing
* will be complete by the time the content is needed for use.
*
* @param $xmlFile This parameter can either be a SimpleXMLElement or a string.
*
* @author Andrew Darwin <*****@*****.**>
*/
function initializeContent($xmlFile)
{
global $contentXML;
if (is_null($contentXML)) {
if ($xmlFile instanceof SimpleXMLElement) {
$contentXML = $xmlFile;
} else {
$xmlFile = getPathToXMLFile($xmlFile);
if (file_exists($xmlFile)) {
//$xmlFile should be a string
$contentXML = simplexml_load_file($xmlFile);
} else {
return null;
}
}
logMessage("Loaded content xml into memory");
getUsersGroups();
}
return $contentXML;
}
function updateITECSUser($userid)
{
global $ENABLE_ITECSAUTH;
if (!$ENABLE_ITECSAUTH) {
return NULL;
}
$query = "SELECT id AS uid, " . "first, " . "last, " . "email, " . "created " . "FROM user " . "WHERE email = '{$userid}'";
$qh = doQuery($query, 101, "accounts");
if (!($userData = mysql_fetch_assoc($qh))) {
return NULL;
}
$now = unixToDatetime(time());
// select desired data from db
$query = "SELECT i.name AS IMtype, " . "u.IMid AS IMid, " . "u.affiliationid, " . "af.name AS affiliation, " . "a.name AS adminlevel, " . "a.id AS adminlevelid, " . "u.preferredname AS preferredname, " . "u.uid AS uid, " . "u.id AS id, " . "u.width AS width, " . "u.height AS height, " . "u.bpp AS bpp, " . "u.audiomode AS audiomode, " . "u.mapdrives AS mapdrives, " . "u.mapprinters AS mapprinters, " . "u.mapserial AS mapserial, " . "u.showallgroups " . "FROM user u, " . "IMtype i, " . "affiliation af, " . "adminlevel a " . "WHERE u.IMtypeid = i.id AND " . "u.adminlevelid = a.id AND " . "u.affiliationid = af.id AND " . "u.uid = " . $userData["uid"];
$qh = doQuery($query, 255);
// if get a row
// update db
// update results from select
$esc_userid = mysql_escape_string($userid);
$first = mysql_escape_string($userData['first']);
$last = mysql_escape_string($userData['last']);
$email = mysql_escape_string($userData['email']);
if ($user = mysql_fetch_assoc($qh)) {
$user["unityid"] = $userid;
$user["firstname"] = $userData['first'];
$user["lastname"] = $userData["last"];
$user["email"] = $userData["email"];
$user["lastupdated"] = $now;
$query = "UPDATE user " . "SET unityid = '{$esc_userid}', " . "firstname = '{$first}', " . "lastname = '{$last}', " . "email = '{$email}', " . "lastupdated = '{$now}' " . "WHERE uid = " . $userData["uid"];
doQuery($query, 256, 'vcl', 1);
} else {
// call addITECSUser
$id = addITECSUser($userid);
$query = "SELECT u.unityid AS unityid, " . "u.affiliationid, " . "af.name AS affiliation, " . "u.firstname AS firstname, " . "u.lastname AS lastname, " . "u.preferredname AS preferredname, " . "u.email AS email, " . "i.name AS IMtype, " . "u.IMid AS IMid, " . "u.uid AS uid, " . "u.id AS id, " . "a.name AS adminlevel, " . "a.id AS adminlevelid, " . "u.width AS width, " . "u.height AS height, " . "u.bpp AS bpp, " . "u.audiomode AS audiomode, " . "u.mapdrives AS mapdrives, " . "u.mapprinters AS mapprinters, " . "u.mapserial AS mapserial, " . "u.showallgroups, " . "u.lastupdated AS lastupdated " . "FROM user u, " . "IMtype i, " . "affiliation af, " . "adminlevel a " . "WHERE u.IMtypeid = i.id AND " . "u.adminlevelid = a.id AND " . "u.affiliationid = af.id AND " . "u.id = {$id}";
$qh = doQuery($query, 101);
$user = mysql_fetch_assoc($qh);
# add account to demo group
$demoid = getUserGroupID('demo', getAffiliationID('ITECS'));
updateGroups(array($demoid), $user['id']);
}
$user["groups"] = getUsersGroups($user["id"], 1);
checkExpiredDemoUser($user['id'], $user['groups']);
$user["privileges"] = getOverallUserPrivs($user["id"]);
$tmparr = explode('@', $user['unityid']);
$user['login'] = $tmparr[0];
return $user;
}
function userLookup()
{
global $user;
$userid = processInputVar("userid", ARG_STRING);
if (get_magic_quotes_gpc()) {
$userid = stripslashes($userid);
}
$affilid = processInputVar('affiliationid', ARG_NUMERIC, $user['affiliationid']);
$force = processInputVar('force', ARG_NUMERIC, 0);
print "<div align=center>\n";
print "<H2>User Lookup</H2>\n";
print "<FORM action=\"" . BASEURL . SCRIPT . "\" method=post>\n";
print "<TABLE>\n";
print " <TR>\n";
print " <TH>Name (last, first) or User ID:</TH>\n";
print " <TD><INPUT type=text name=userid value=\"{$userid}\" size=25></TD>\n";
if (checkUserHasPerm('User Lookup (global)')) {
$affils = getAffiliations();
print " <TD>\n";
print "@";
printSelectInput("affiliationid", $affils, $affilid);
print " </TD>\n";
}
print " </TR>\n";
print " <TR>\n";
print " <TD colspan=2>\n";
print " <input type=checkbox id=force name=force value=1>\n";
print " <label for=force>Attempt forcing an update from LDAP (User ID only)</label>\n";
print " </TD>\n";
print " </TR>\n";
print " <TR>\n";
print " <TD colspan=3 align=center><INPUT type=submit value=Submit>\n";
print " </TR>\n";
print "</TABLE>\n";
$cont = addContinuationsEntry('submitUserLookup');
print "<INPUT type=hidden name=continuation value=\"{$cont}\">\n";
print "</FORM><br>\n";
if (!empty($userid)) {
$esc_userid = mysql_real_escape_string($userid);
if (preg_match('/,/', $userid)) {
$mode = 'name';
$force = 0;
} else {
$mode = 'userid';
}
if (!checkUserHasPerm('User Lookup (global)') && $user['affiliationid'] != $affilid) {
print "<font color=red>{$userid} not found</font><br>\n";
return;
}
if ($mode == 'userid') {
$query = "SELECT id " . "FROM user " . "WHERE unityid = '{$esc_userid}' AND " . "affiliationid = {$affilid}";
$affilname = getAffiliationName($affilid);
$userid = "{$userid}@{$affilname}";
$esc_userid = "{$esc_userid}@{$affilname}";
} else {
$tmp = explode(',', $userid);
$last = mysql_real_escape_string(trim($tmp[0]));
$first = mysql_real_escape_string(trim($tmp[1]));
$query = "SELECT CONCAT(u.unityid, '@', a.name) AS unityid " . "FROM user u, " . "affiliation a " . "WHERE u.firstname = '{$first}' AND " . "u.lastname = '{$last}' AND " . "u.affiliationid = {$affilid} AND " . "a.id = {$affilid}";
}
$qh = doQuery($query, 101);
if (!mysql_num_rows($qh)) {
if ($mode == 'name') {
print "<font color=red>User not found</font><br>\n";
return;
} else {
print "<font color=red>{$userid} not currently found in VCL user database, will try to add...</font><br>\n";
}
} elseif ($force) {
$_SESSION['userresources'] = array();
$row = mysql_fetch_assoc($qh);
$newtime = unixToDatetime(time() - SECINDAY - 5);
$query = "UPDATE user SET lastupdated = '{$newtime}' WHERE id = {$row['id']}";
doQuery($query, 101);
} elseif ($mode == 'name') {
$row = mysql_fetch_assoc($qh);
$userid = $row['unityid'];
$esc_userid = $row['unityid'];
}
$userdata = getUserInfo($esc_userid);
if (is_null($userdata)) {
$userdata = getUserInfo($esc_userid, 1);
if (is_null($userdata)) {
print "<font color=red>{$userid} not found</font><br>\n";
return;
}
}
$userdata["groups"] = getUsersGroups($userdata["id"], 1, 1);
print "<TABLE>\n";
if (!empty($userdata['unityid'])) {
print " <TR>\n";
print " <TH align=right>User ID:</TH>\n";
print " <TD>{$userdata["unityid"]}</TD>\n";
print " </TR>\n";
}
if (!empty($userdata['firstname'])) {
print " <TR>\n";
print " <TH align=right>First Name:</TH>\n";
print " <TD>{$userdata["firstname"]}</TD>\n";
print " </TR>\n";
}
if (!empty($userdata['lastname'])) {
print " <TR>\n";
print " <TH align=right>Last Name:</TH>\n";
print " <TD>{$userdata["lastname"]}</TD>\n";
print " </TR>\n";
}
if (!empty($userdata['preferredname'])) {
print " <TR>\n";
print " <TH align=right>Preferred Name:</TH>\n";
print " <TD>{$userdata["preferredname"]}</TD>\n";
print " </TR>\n";
}
if (!empty($userdata['affiliation'])) {
print " <TR>\n";
print " <TH align=right>Affiliation:</TH>\n";
print " <TD>{$userdata["affiliation"]}</TD>\n";
print " </TR>\n";
}
if (!empty($userdata['email'])) {
print " <TR>\n";
print " <TH align=right>Email:</TH>\n";
print " <TD>{$userdata["email"]}</TD>\n";
print " </TR>\n";
}
print " <TR>\n";
print " <TH align=right style=\"vertical-align: top\">Groups:</TH>\n";
print " <TD>\n";
uasort($userdata["groups"], "sortKeepIndex");
foreach ($userdata["groups"] as $group) {
print " {$group}<br>\n";
}
print " </TD>\n";
print " </TR>\n";
print " <TR>\n";
print " <TH align=right style=\"vertical-align: top\">User Group Permissions:</TH>\n";
print " <TD>\n";
if (count($userdata['groupperms'])) {
foreach ($userdata['groupperms'] as $perm) {
print " {$perm}<br>\n";
}
} else {
print " No additional user group permissions\n";
}
print " </TD>\n";
print " </TR>\n";
print " <TR>\n";
print " <TH align=right style=\"vertical-align: top\">Privileges (found somewhere in the tree):</TH>\n";
print " <TD>\n";
uasort($userdata["privileges"], "sortKeepIndex");
foreach ($userdata["privileges"] as $priv) {
if ($priv == "block" || $priv == "cascade") {
continue;
}
print " {$priv}<br>\n";
}
print " </TD>\n";
print " </TR>\n";
print "</TABLE>\n";
# get user's resources
$userResources = getUserResources(array("imageCheckOut"), array("available"), 0, 0, $userdata['id']);
# find nodes where user has privileges
$query = "SELECT p.name AS privnode, " . "upt.name AS userprivtype, " . "up.privnodeid " . "FROM userpriv up, " . "privnode p, " . "userprivtype upt " . "WHERE up.privnodeid = p.id AND " . "up.userprivtypeid = upt.id AND " . "up.userid = {$userdata['id']} " . "ORDER BY p.name, " . "upt.name";
$qh = doQuery($query, 101);
if (mysql_num_rows($qh)) {
print "Nodes where user is granted privileges:<br>\n";
print "<TABLE>\n";
$privnodeid = 0;
while ($row = mysql_fetch_assoc($qh)) {
if ($privnodeid != $row['privnodeid']) {
if ($privnodeid) {
print " </TD>\n";
print " </TR>\n";
}
print " <TR>\n";
$privnodeid = $row['privnodeid'];
$path = getNodePath($privnodeid);
print " <TH align=right>{$path}</TH>\n";
print " <TD>\n";
}
print " {$row['userprivtype']}<br>\n";
}
print " </TD>\n";
print " </TR>\n";
print "</TABLE>\n";
}
# find nodes where user's groups have privileges
if (!empty($userdata['groups'])) {
$query = "SELECT DISTINCT p.name AS privnode, " . "upt.name AS userprivtype, " . "up.privnodeid " . "FROM userpriv up, " . "privnode p, " . "userprivtype upt " . "WHERE up.privnodeid = p.id AND " . "up.userprivtypeid = upt.id AND " . "upt.name != 'cascade' AND " . "upt.name != 'block' AND " . "up.usergroupid IN (" . implode(',', array_keys($userdata['groups'])) . ") " . "ORDER BY p.name, " . "upt.name";
$qh = doQuery($query, 101);
if (mysql_num_rows($qh)) {
print "Nodes where user's groups are granted privileges:<br>\n";
print "<TABLE>\n";
$privnodeid = 0;
while ($row = mysql_fetch_assoc($qh)) {
if ($privnodeid != $row['privnodeid']) {
if ($privnodeid) {
print " </TD>\n";
print " </TR>\n";
}
print " <TR>\n";
$privnodeid = $row['privnodeid'];
$path = getNodePath($privnodeid);
print " <TH align=right>{$path}</TH>\n";
print " <TD>\n";
}
print " {$row['userprivtype']}<br>\n";
}
print " </TD>\n";
print " </TR>\n";
print "</TABLE>\n";
}
}
print "<table>\n";
print " <tr>\n";
print " <th>Images User Has Access To:<th>\n";
print " <td>\n";
foreach ($userResources['image'] as $img) {
print " {$img}<br>\n";
}
print " </td>\n";
print " </tr>\n";
print "</table>\n";
# login history
$query = "SELECT authmech, " . "timestamp, " . "passfail, " . "remoteIP, " . "code " . "FROM loginlog " . "WHERE (user = '******'unityid']}' OR " . "user = '******'unityid']}@{$userdata['affiliation']}') AND " . "affiliationid = {$userdata['affiliationid']} " . "ORDER BY timestamp DESC " . "LIMIT 8";
$logins = array();
$qh = doQuery($query);
while ($row = mysql_fetch_assoc($qh)) {
$logins[] = $row;
}
if (count($logins)) {
$logins = array_reverse($logins);
print "<h3>Login History (last 8 attempts)</h3>\n";
print "<table summary=\"login attempts\">\n";
print "<colgroup>\n";
print "<col class=\"logincol\" />\n";
print "<col class=\"logincol\" />\n";
print "<col class=\"logincol\" />\n";
print "<col class=\"logincol\" />\n";
print "<col />\n";
print "</colgroup>\n";
print " <tr>\n";
print " <th>Authentication Method</th>\n";
print " <th>Timestamp</th>\n";
print " <th>Result</th>\n";
print " <th>Remote IP</th>\n";
print " <th>Extra Info</th>\n";
print " </tr>\n";
foreach ($logins as $login) {
print " <tr>\n";
print " <td class=\"logincell\">{$login['authmech']}</td>\n";
$ts = prettyDatetime($login['timestamp'], 1);
print " <td class=\"logincell\">{$ts}</td>\n";
if ($login['passfail']) {
print " <td class=\"logincell\"><font color=\"#008000\">Pass</font></td>\n";
} else {
print " <td class=\"logincell\"><font color=\"red\">Fail</font></td>\n";
}
print " <td class=\"logincell\">{$login['remoteIP']}</td>\n";
print " <td class=\"logincell\">{$login['code']}</td>\n";
print " </tr>\n";
}
print "</table>\n";
} else {
print "<h3>Login History</h3>\n";
print "There are no login attempts by this user.<br>\n";
}
# reservation history
$requests = array();
$query = "SELECT DATE_FORMAT(l.start, '%W, %b %D, %Y, %h:%i %p') AS start, " . "DATE_FORMAT(l.finalend, '%W, %b %D, %Y, %h:%i %p') AS end, " . "c.hostname, " . "i.prettyname AS prettyimage, " . "s.IPaddress, " . "l.ending " . "FROM log l, " . "image i, " . "computer c, " . "sublog s " . "WHERE l.userid = {$userdata['id']} AND " . "s.logid = l.id AND " . "i.id = s.imageid AND " . "c.id = s.computerid " . "ORDER BY l.start DESC " . "LIMIT 5";
$qh = doQuery($query, 290);
while ($row = mysql_fetch_assoc($qh)) {
array_push($requests, $row);
}
$requests = array_reverse($requests);
if (!empty($requests)) {
print "<h3>User's last " . count($requests) . " reservations:</h3>\n";
print "<table>\n";
$first = 1;
foreach ($requests as $req) {
if ($first) {
$first = 0;
} else {
print " <tr>\n";
print " <td colspan=2><hr></td>\n";
print " </tr>\n";
}
print " <tr>\n";
print " <th align=right>Image:</th>\n";
print " <td>{$req['prettyimage']}</td>\n";
print " </tr>\n";
print " <tr>\n";
print " <th align=right>Computer:</th>\n";
print " <td>{$req['hostname']}</td>\n";
print " </tr>\n";
print " <tr>\n";
print " <th align=right>Start:</th>\n";
print " <td>{$req['start']}</td>\n";
print " </tr>\n";
print " <tr>\n";
print " <th align=right>End:</th>\n";
print " <td>{$req['end']}</td>\n";
print " </tr>\n";
if ($req['IPaddress'] != '') {
print " <tr>\n";
print " <th align=right>IP Address:</th>\n";
print " <td>{$req['IPaddress']}</td>\n";
print " </tr>\n";
}
print " <tr>\n";
print " <th align=right>Ending:</th>\n";
print " <td>{$req['ending']}</td>\n";
print " </tr>\n";
}
print "</table>\n";
} else {
print "User made no reservations in the past week.<br>\n";
}
# current reservations
$requests = array();
$query = "SELECT DATE_FORMAT(rq.start, '%W, %b %D, %Y, %h:%i %p') AS start, " . "DATE_FORMAT(rq.end, '%W, %b %D, %Y, %h:%i %p') AS end, " . "rq.id AS requestid, " . "MIN(rs.id) AS reservationid, " . "c.hostname AS computer, " . "i.prettyname AS prettyimage, " . "c.IPaddress AS compIP, " . "rs.remoteIP AS userIP, " . "ch.hostname AS vmhost, " . "mn.hostname AS managementnode, " . "srq.name AS servername, " . "aug.name AS admingroup, " . "lug.name AS logingroup, " . "s1.name AS state, " . "s2.name AS laststate " . "FROM image i, " . "managementnode mn, " . "request rq " . "LEFT JOIN reservation rs ON (rs.requestid = rq.id) " . "LEFT JOIN computer c ON (rs.computerid = c.id) " . "LEFT JOIN vmhost vh ON (c.vmhostid = vh.id) " . "LEFT JOIN computer ch ON (vh.computerid = ch.id) " . "LEFT JOIN serverrequest srq ON (srq.requestid = rq.id) " . "LEFT JOIN usergroup aug ON (aug.id = srq.admingroupid) " . "LEFT JOIN usergroup lug ON (lug.id = srq.logingroupid) " . "LEFT JOIN state s1 ON (s1.id = rq.stateid) " . "LEFT JOIN state s2 ON (s2.id = rq.laststateid) " . "WHERE rq.userid = {$userdata['id']} AND " . "i.id = rs.imageid AND " . "mn.id = rs.managementnodeid " . "GROUP BY rq.id " . "ORDER BY rq.start";
$qh = doQuery($query, 290);
while ($row = mysql_fetch_assoc($qh)) {
array_push($requests, $row);
}
$requests = array_reverse($requests);
if (!empty($requests)) {
print "<h3>User's current reservations:</h3>\n";
print "<table>\n";
$first = 1;
foreach ($requests as $req) {
if ($first) {
$first = 0;
} else {
print " <tr>\n";
print " <td colspan=2><hr></td>\n";
print " </tr>\n";
}
print " <tr>\n";
print " <th align=right>Request ID:</th>\n";
print " <td>{$req['requestid']}</td>\n";
print " </tr>\n";
if ($req['servername'] != '') {
print " <tr>\n";
print " <th align=right>Reservation Name:</th>\n";
print " <td>{$req['servername']}</td>\n";
print " </tr>\n";
}
print " <tr>\n";
print " <th align=right>Image:</th>\n";
print " <td>{$req['prettyimage']}</td>\n";
print " </tr>\n";
print " <tr>\n";
print " <th align=right>State:</th>\n";
if ($req['state'] == 'pending') {
print " <td>{$req['laststate']}</td>\n";
} else {
print " <td>{$req['state']}</td>\n";
}
print " </tr>\n";
print " <tr>\n";
print " <th align=right>Computer:</th>\n";
print " <td>{$req['computer']}</td>\n";
print " </tr>\n";
if (!empty($req['vmhost'])) {
print " <tr>\n";
print " <th align=right>VM Host:</th>\n";
print " <td>{$req['vmhost']}</td>\n";
print " </tr>\n";
}
print " <tr>\n";
print " <th align=right>Start:</th>\n";
print " <td>{$req['start']}</td>\n";
print " </tr>\n";
print " <tr>\n";
print " <th align=right>End:</th>\n";
if ($req['end'] == 'Friday, Jan 1st, 2038, 12:00 AM') {
print " <td>(indefinite)</td>\n";
} else {
print " <td>{$req['end']}</td>\n";
}
print " </tr>\n";
if ($req['compIP'] != '') {
print " <tr>\n";
print " <th align=right>Node's IP Address:</th>\n";
print " <td>{$req['compIP']}</td>\n";
print " </tr>\n";
}
if ($req['userIP'] != '') {
print " <tr>\n";
print " <th align=right>User's IP Address:</th>\n";
print " <td>{$req['userIP']}</td>\n";
print " </tr>\n";
}
if ($req['admingroup'] != '') {
print " <tr>\n";
print " <th align=right>Admin Group:</th>\n";
print " <td>{$req['admingroup']}</td>\n";
print " </tr>\n";
}
if ($req['logingroup'] != '') {
print " <tr>\n";
print " <th align=right>Access Group:</th>\n";
print " <td>{$req['logingroup']}</td>\n";
print " </tr>\n";
}
print " <tr>\n";
print " <th align=right>Management Node:</th>\n";
print " <td>{$req['managementnode']}</td>\n";
print " </tr>\n";
}
print "</table>\n";
} else {
print "User does not have any current reservations.<br>\n";
}
}
print "</div>\n";
}
