function checkExpiredDemoUser($userid, $groups = 0) { global $mode, $skin, $noHTMLwrappers; if ($groups == 0) { $groups = getUsersGroups($userid, 1); } if (count($groups) != 1) { return; } $tmp = array_values($groups); if ($tmp[0] != 'demo') { return; } $query = "SELECT start " . "FROM log " . "WHERE userid = {$userid} " . "AND finalend < NOW() " . "ORDER BY start " . "LIMIT 3"; $qh = doQuery($query, 101); $expire = time() - SECINDAY * 3; $rows = mysql_num_rows($qh); if ($row = mysql_fetch_assoc($qh)) { if ($rows >= 3 || datetimeToUnix($row['start']) < $expire) { if (in_array($mode, $noHTMLwrappers)) { # do a redirect and handle removal on next page load so user can # be notified - doesn't always work, but handles a few extra # cases header("Location: " . BASEURL . SCRIPT); } else { $nodemoid = getUserGroupID('nodemo', getAffiliationID('ITECS')); $query = "DELETE FROM usergroupmembers " . "WHERE userid = {$userid}"; # because updateGroups doesn't # delete from custom groups doQuery($query, 101); updateGroups(array($nodemoid), $userid); checkUpdateServerRequestGroups($groupid); if (empty($skin)) { $skin = 'default'; require_once "themes/{$skin}/page.php"; } $mode = 'expiredemouser'; printHTMLHeader(); print "<h2>Account Expired</h2>\n"; print "The account you are using is a demo account that has now expired. "; print "You cannot make any more reservations. Please contact <a href=\""; print "mailto:" . HELPEMAIL . "\">" . HELPEMAIL . "</a> if you need "; print "further access to VCL.<br>\n"; } cleanSemaphore(); # probably not needed but ensures we do not leave stale entries printHTMLFooter(); dbDisconnect(); exit; } } }
<?php include_once 'includes/functions.php'; include_once 'includes/db_connect.php'; sec_session_start(); if (!login_check($mysqli)) { header('Location: index.php?error=login'); } $schools = getUsersSchools($mysqli, $_SESSION["user_id"]); $groups = getUsersGroups($mysqli, $_SESSION["user_id"]); ?> <!DOCTYPE html> <html> <head> <title>After School</title> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="stylesheet" href="css/main.css" /> <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js"></script> <script src="js/schoolAjax.js"></script> <script src="js/memberAjax.js"></script> </head> <body> <a href="includes/logout.php">Logout</a> <a href="user.php?id=<?php echo $_SESSION["user_id"]; ?> ">Profile</a>
<?php include_once "includes/functions.php"; include_once "includes/db_connect.php"; sec_session_start(); $userId = $_GET['id']; $member = getMember($mysqli, $userId); $schools = getUsersSchools($mysqli, $userId); $groups = getUsersGroups($mysqli, $userId); ?> <!DOCTYPE html> <html> <head> <title>After School</title> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="stylesheet" href="css/main.css" /> <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js"></script> <script src="js/schoolAjax.js"></script> </head> <body> <img src="<?php echo $member["image"]; ?> " height="150" width="150"> <h2><?php echo $member["firstName"] . ' ' . $member["lastName"]; ?> </h2>
function updateLDAPUser($authtype, $userid) { global $authMechs; $esc_userid = mysql_real_escape_string($userid); $userData = getLDAPUserData($authtype, $userid); if (is_null($userData)) { return NULL; } $affilid = $authMechs[$authtype]['affiliationid']; $now = unixToDatetime(time()); // select desired data from db $qbase = "SELECT i.name AS IMtype, " . "u.IMid AS IMid, " . "u.affiliationid, " . "af.name AS affiliation, " . "af.shibonly, " . "u.emailnotices, " . "u.preferredname AS preferredname, " . "u.uid AS uid, " . "u.id AS id, " . "u.width AS width, " . "u.height AS height, " . "u.bpp AS bpp, " . "u.audiomode AS audiomode, " . "u.mapdrives AS mapdrives, " . "u.mapprinters AS mapprinters, " . "u.mapserial AS mapserial, " . "COALESCE(u.rdpport, 3389) AS rdpport, " . "u.showallgroups " . "FROM user u, " . "IMtype i, " . "affiliation af " . "WHERE u.IMtypeid = i.id AND " . "af.id = {$affilid} AND "; if (array_key_exists('numericid', $userData) && is_numeric($userData['numericid'])) { $query = $qbase . "u.uid = {$userData['numericid']}"; } else { $query = $qbase . "u.unityid = '{$esc_userid}' AND " . "u.affiliationid = {$affilid}"; } $qh = doQuery($query, 255); $updateuid = 0; # check to see if there is a matching entry where uid is NULL but unityid and affiliationid match if (array_key_exists('numericid', $userData) && is_numeric($userData['numericid']) && !mysql_num_rows($qh)) { $updateuid = 1; $query = $qbase . "u.unityid = '{$esc_userid}' AND " . "u.affiliationid = {$affilid}"; $qh = doQuery($query, 255); } // if get a row // update db // update results from select if ($user = mysql_fetch_assoc($qh)) { $user["unityid"] = $userid; $user["firstname"] = $userData['first']; $user["lastname"] = $userData["last"]; $user["email"] = $userData["email"]; $user["lastupdated"] = $now; $query = "UPDATE user " . "SET unityid = '{$esc_userid}', " . "firstname = '{$userData['first']}', " . "lastname = '{$userData['last']}', " . "email = '{$userData['email']}', "; if ($updateuid) { $query .= "uid = {$userData['numericid']}, "; } $query .= "lastupdated = '{$now}' "; if (array_key_exists('numericid', $userData) && is_numeric($userData['numericid']) && !$updateuid) { $query .= "WHERE uid = {$userData['numericid']}"; } else { $query .= "WHERE unityid = '{$esc_userid}' AND " . "affiliationid = {$affilid}"; } doQuery($query, 256, 'vcl', 1); } else { // call addLDAPUser $id = addLDAPUser($authtype, $userid); $query = "SELECT u.unityid AS unityid, " . "u.affiliationid, " . "af.name AS affiliation, " . "u.firstname AS firstname, " . "u.lastname AS lastname, " . "u.preferredname AS preferredname, " . "u.email AS email, " . "i.name AS IMtype, " . "u.IMid AS IMid, " . "u.uid AS uid, " . "u.id AS id, " . "u.width AS width, " . "u.height AS height, " . "u.bpp AS bpp, " . "u.audiomode AS audiomode, " . "u.mapdrives AS mapdrives, " . "u.mapprinters AS mapprinters, " . "u.mapserial AS mapserial, " . "COALESCE(u.rdpport, 3389) AS rdpport, " . "u.showallgroups, " . "u.usepublickeys, " . "u.sshpublickeys, " . "u.lastupdated AS lastupdated " . "FROM user u, " . "IMtype i, " . "affiliation af " . "WHERE u.IMtypeid = i.id AND " . "u.affiliationid = af.id AND " . "u.id = {$id}"; $qh = doQuery($query, 101); if (!($user = mysql_fetch_assoc($qh))) { return NULL; } $user['sshpublickeys'] = htmlspecialchars($user['sshpublickeys']); } // TODO handle generic updating of groups switch (getAffiliationName($affilid)) { case 'EXAMPLE1': updateEXAMPLE1Groups($user); break; default: //TODO possibly add to a default group } $user["groups"] = getUsersGroups($user["id"], 1); $user["groupperms"] = getUsersGroupPerms(array_keys($user['groups'])); $user["privileges"] = getOverallUserPrivs($user["id"]); $user['login'] = $user['unityid']; return $user; }
function getUserMaxTimes($uid = 0) { global $user; $return = array("initial" => 0, "total" => 0, "extend" => 0); if ($uid == 0) { $groupids = array_keys($user["groups"]); } else { $groupids = array_keys(getUsersGroups($uid, 1)); } if (!count($groupids)) { array_push($groupids, getUserGroupID(DEFAULTGROUP)); } $allgroups = getUserGroups(); foreach ($groupids as $id) { if ($return["initial"] < $allgroups[$id]["initialmaxtime"]) { $return["initial"] = $allgroups[$id]["initialmaxtime"]; } if ($return["total"] < $allgroups[$id]["totalmaxtime"]) { $return["total"] = $allgroups[$id]["totalmaxtime"]; } if ($return["extend"] < $allgroups[$id]["maxextendtime"]) { $return["extend"] = $allgroups[$id]["maxextendtime"]; } } return $return; }
function updateLDAPUser($authtype, $userid) { global $authMechs; $userData = getLDAPUserData($authtype, $userid); if (is_null($userData)) { return NULL; } $affilid = $authMechs[$authtype]['affiliationid']; $now = unixToDatetime(time()); // select desired data from db $query = "SELECT i.name AS IMtype, " . "u.IMid AS IMid, " . "u.affiliationid, " . "af.name AS affiliation, " . "af.shibonly, " . "u.emailnotices, " . "a.name AS adminlevel, " . "a.id AS adminlevelid, " . "u.preferredname AS preferredname, " . "u.uid AS uid, " . "u.id AS id, " . "u.width AS width, " . "u.height AS height, " . "u.bpp AS bpp, " . "u.audiomode AS audiomode, " . "u.mapdrives AS mapdrives, " . "u.mapprinters AS mapprinters, " . "u.mapserial AS mapserial, " . "u.showallgroups " . "FROM user u, " . "IMtype i, " . "adminlevel a, " . "affiliation af " . "WHERE u.IMtypeid = i.id AND " . "u.adminlevelid = a.id AND " . "af.id = {$affilid} AND "; if (array_key_exists('numericid', $userData) && is_numeric($userData['numericid'])) { $query .= "u.uid = " . $userData["numericid"]; } else { $query .= "u.unityid = '{$userid}' AND " . "u.affiliationid = {$affilid}"; } $qh = doQuery($query, 255); // if get a row // update db // update results from select if ($user = mysql_fetch_assoc($qh)) { $user["unityid"] = $userid; $user["firstname"] = $userData['first']; $user["lastname"] = $userData["last"]; $user["email"] = $userData["email"]; $user["lastupdated"] = $now; $query = "UPDATE user " . "SET unityid = '{$userid}', " . "firstname = '{$userData['first']}', " . "lastname = '{$userData['last']}', " . "email = '{$userData['email']}', " . "lastupdated = '{$now}' "; if (array_key_exists('numericid', $userData) && is_numeric($userData['numericid'])) { $query .= "WHERE uid = " . $userData["numericid"]; } else { $query .= "WHERE unityid = '{$userid}' AND " . "affiliationid = {$affilid}"; } doQuery($query, 256, 'vcl', 1); } else { // call addLDAPUser $id = addLDAPUser($authtype, $userid); $query = "SELECT u.unityid AS unityid, " . "u.affiliationid, " . "af.name AS affiliation, " . "u.firstname AS firstname, " . "u.lastname AS lastname, " . "u.preferredname AS preferredname, " . "u.email AS email, " . "i.name AS IMtype, " . "u.IMid AS IMid, " . "u.uid AS uid, " . "u.id AS id, " . "a.name AS adminlevel, " . "a.id AS adminlevelid, " . "u.width AS width, " . "u.height AS height, " . "u.bpp AS bpp, " . "u.audiomode AS audiomode, " . "u.mapdrives AS mapdrives, " . "u.mapprinters AS mapprinters, " . "u.mapserial AS mapserial, " . "u.showallgroups, " . "u.lastupdated AS lastupdated " . "FROM user u, " . "IMtype i, " . "affiliation af, " . "adminlevel a " . "WHERE u.IMtypeid = i.id AND " . "u.adminlevelid = a.id AND " . "u.affiliationid = af.id AND " . "u.id = {$id}"; $qh = doQuery($query, 101); if (!($user = mysql_fetch_assoc($qh))) { return NULL; } } // TODO handle generic updating of groups switch (getAffiliationName($affilid)) { case 'EXAMPLE1': updateEXAMPLE1Groups($user); break; default: //TODO possibly add to a default group } $user["groups"] = getUsersGroups($user["id"], 1); $user["privileges"] = getOverallUserPrivs($user["id"]); $user['login'] = $user['unityid']; return $user; }
/** * Reads in an .xml file and returns a SimpleXMLElement object that represents * the file. * * Note that because this function must be called first, calls to parseConfig() * and getUsersGroups() have been added to ensure that all necessary parsing * will be complete by the time the content is needed for use. * * @param $xmlFile This parameter can either be a SimpleXMLElement or a string. * * @author Andrew Darwin <*****@*****.**> */ function initializeContent($xmlFile) { global $contentXML; if (is_null($contentXML)) { if ($xmlFile instanceof SimpleXMLElement) { $contentXML = $xmlFile; } else { $xmlFile = getPathToXMLFile($xmlFile); if (file_exists($xmlFile)) { //$xmlFile should be a string $contentXML = simplexml_load_file($xmlFile); } else { return null; } } logMessage("Loaded content xml into memory"); getUsersGroups(); } return $contentXML; }
function updateITECSUser($userid) { global $ENABLE_ITECSAUTH; if (!$ENABLE_ITECSAUTH) { return NULL; } $query = "SELECT id AS uid, " . "first, " . "last, " . "email, " . "created " . "FROM user " . "WHERE email = '{$userid}'"; $qh = doQuery($query, 101, "accounts"); if (!($userData = mysql_fetch_assoc($qh))) { return NULL; } $now = unixToDatetime(time()); // select desired data from db $query = "SELECT i.name AS IMtype, " . "u.IMid AS IMid, " . "u.affiliationid, " . "af.name AS affiliation, " . "a.name AS adminlevel, " . "a.id AS adminlevelid, " . "u.preferredname AS preferredname, " . "u.uid AS uid, " . "u.id AS id, " . "u.width AS width, " . "u.height AS height, " . "u.bpp AS bpp, " . "u.audiomode AS audiomode, " . "u.mapdrives AS mapdrives, " . "u.mapprinters AS mapprinters, " . "u.mapserial AS mapserial, " . "u.showallgroups " . "FROM user u, " . "IMtype i, " . "affiliation af, " . "adminlevel a " . "WHERE u.IMtypeid = i.id AND " . "u.adminlevelid = a.id AND " . "u.affiliationid = af.id AND " . "u.uid = " . $userData["uid"]; $qh = doQuery($query, 255); // if get a row // update db // update results from select $esc_userid = mysql_escape_string($userid); $first = mysql_escape_string($userData['first']); $last = mysql_escape_string($userData['last']); $email = mysql_escape_string($userData['email']); if ($user = mysql_fetch_assoc($qh)) { $user["unityid"] = $userid; $user["firstname"] = $userData['first']; $user["lastname"] = $userData["last"]; $user["email"] = $userData["email"]; $user["lastupdated"] = $now; $query = "UPDATE user " . "SET unityid = '{$esc_userid}', " . "firstname = '{$first}', " . "lastname = '{$last}', " . "email = '{$email}', " . "lastupdated = '{$now}' " . "WHERE uid = " . $userData["uid"]; doQuery($query, 256, 'vcl', 1); } else { // call addITECSUser $id = addITECSUser($userid); $query = "SELECT u.unityid AS unityid, " . "u.affiliationid, " . "af.name AS affiliation, " . "u.firstname AS firstname, " . "u.lastname AS lastname, " . "u.preferredname AS preferredname, " . "u.email AS email, " . "i.name AS IMtype, " . "u.IMid AS IMid, " . "u.uid AS uid, " . "u.id AS id, " . "a.name AS adminlevel, " . "a.id AS adminlevelid, " . "u.width AS width, " . "u.height AS height, " . "u.bpp AS bpp, " . "u.audiomode AS audiomode, " . "u.mapdrives AS mapdrives, " . "u.mapprinters AS mapprinters, " . "u.mapserial AS mapserial, " . "u.showallgroups, " . "u.lastupdated AS lastupdated " . "FROM user u, " . "IMtype i, " . "affiliation af, " . "adminlevel a " . "WHERE u.IMtypeid = i.id AND " . "u.adminlevelid = a.id AND " . "u.affiliationid = af.id AND " . "u.id = {$id}"; $qh = doQuery($query, 101); $user = mysql_fetch_assoc($qh); # add account to demo group $demoid = getUserGroupID('demo', getAffiliationID('ITECS')); updateGroups(array($demoid), $user['id']); } $user["groups"] = getUsersGroups($user["id"], 1); checkExpiredDemoUser($user['id'], $user['groups']); $user["privileges"] = getOverallUserPrivs($user["id"]); $tmparr = explode('@', $user['unityid']); $user['login'] = $tmparr[0]; return $user; }
function userLookup() { global $user; $userid = processInputVar("userid", ARG_STRING); if (get_magic_quotes_gpc()) { $userid = stripslashes($userid); } $affilid = processInputVar('affiliationid', ARG_NUMERIC, $user['affiliationid']); $force = processInputVar('force', ARG_NUMERIC, 0); print "<div align=center>\n"; print "<H2>User Lookup</H2>\n"; print "<FORM action=\"" . BASEURL . SCRIPT . "\" method=post>\n"; print "<TABLE>\n"; print " <TR>\n"; print " <TH>Name (last, first) or User ID:</TH>\n"; print " <TD><INPUT type=text name=userid value=\"{$userid}\" size=25></TD>\n"; if (checkUserHasPerm('User Lookup (global)')) { $affils = getAffiliations(); print " <TD>\n"; print "@"; printSelectInput("affiliationid", $affils, $affilid); print " </TD>\n"; } print " </TR>\n"; print " <TR>\n"; print " <TD colspan=2>\n"; print " <input type=checkbox id=force name=force value=1>\n"; print " <label for=force>Attempt forcing an update from LDAP (User ID only)</label>\n"; print " </TD>\n"; print " </TR>\n"; print " <TR>\n"; print " <TD colspan=3 align=center><INPUT type=submit value=Submit>\n"; print " </TR>\n"; print "</TABLE>\n"; $cont = addContinuationsEntry('submitUserLookup'); print "<INPUT type=hidden name=continuation value=\"{$cont}\">\n"; print "</FORM><br>\n"; if (!empty($userid)) { $esc_userid = mysql_real_escape_string($userid); if (preg_match('/,/', $userid)) { $mode = 'name'; $force = 0; } else { $mode = 'userid'; } if (!checkUserHasPerm('User Lookup (global)') && $user['affiliationid'] != $affilid) { print "<font color=red>{$userid} not found</font><br>\n"; return; } if ($mode == 'userid') { $query = "SELECT id " . "FROM user " . "WHERE unityid = '{$esc_userid}' AND " . "affiliationid = {$affilid}"; $affilname = getAffiliationName($affilid); $userid = "{$userid}@{$affilname}"; $esc_userid = "{$esc_userid}@{$affilname}"; } else { $tmp = explode(',', $userid); $last = mysql_real_escape_string(trim($tmp[0])); $first = mysql_real_escape_string(trim($tmp[1])); $query = "SELECT CONCAT(u.unityid, '@', a.name) AS unityid " . "FROM user u, " . "affiliation a " . "WHERE u.firstname = '{$first}' AND " . "u.lastname = '{$last}' AND " . "u.affiliationid = {$affilid} AND " . "a.id = {$affilid}"; } $qh = doQuery($query, 101); if (!mysql_num_rows($qh)) { if ($mode == 'name') { print "<font color=red>User not found</font><br>\n"; return; } else { print "<font color=red>{$userid} not currently found in VCL user database, will try to add...</font><br>\n"; } } elseif ($force) { $_SESSION['userresources'] = array(); $row = mysql_fetch_assoc($qh); $newtime = unixToDatetime(time() - SECINDAY - 5); $query = "UPDATE user SET lastupdated = '{$newtime}' WHERE id = {$row['id']}"; doQuery($query, 101); } elseif ($mode == 'name') { $row = mysql_fetch_assoc($qh); $userid = $row['unityid']; $esc_userid = $row['unityid']; } $userdata = getUserInfo($esc_userid); if (is_null($userdata)) { $userdata = getUserInfo($esc_userid, 1); if (is_null($userdata)) { print "<font color=red>{$userid} not found</font><br>\n"; return; } } $userdata["groups"] = getUsersGroups($userdata["id"], 1, 1); print "<TABLE>\n"; if (!empty($userdata['unityid'])) { print " <TR>\n"; print " <TH align=right>User ID:</TH>\n"; print " <TD>{$userdata["unityid"]}</TD>\n"; print " </TR>\n"; } if (!empty($userdata['firstname'])) { print " <TR>\n"; print " <TH align=right>First Name:</TH>\n"; print " <TD>{$userdata["firstname"]}</TD>\n"; print " </TR>\n"; } if (!empty($userdata['lastname'])) { print " <TR>\n"; print " <TH align=right>Last Name:</TH>\n"; print " <TD>{$userdata["lastname"]}</TD>\n"; print " </TR>\n"; } if (!empty($userdata['preferredname'])) { print " <TR>\n"; print " <TH align=right>Preferred Name:</TH>\n"; print " <TD>{$userdata["preferredname"]}</TD>\n"; print " </TR>\n"; } if (!empty($userdata['affiliation'])) { print " <TR>\n"; print " <TH align=right>Affiliation:</TH>\n"; print " <TD>{$userdata["affiliation"]}</TD>\n"; print " </TR>\n"; } if (!empty($userdata['email'])) { print " <TR>\n"; print " <TH align=right>Email:</TH>\n"; print " <TD>{$userdata["email"]}</TD>\n"; print " </TR>\n"; } print " <TR>\n"; print " <TH align=right style=\"vertical-align: top\">Groups:</TH>\n"; print " <TD>\n"; uasort($userdata["groups"], "sortKeepIndex"); foreach ($userdata["groups"] as $group) { print " {$group}<br>\n"; } print " </TD>\n"; print " </TR>\n"; print " <TR>\n"; print " <TH align=right style=\"vertical-align: top\">User Group Permissions:</TH>\n"; print " <TD>\n"; if (count($userdata['groupperms'])) { foreach ($userdata['groupperms'] as $perm) { print " {$perm}<br>\n"; } } else { print " No additional user group permissions\n"; } print " </TD>\n"; print " </TR>\n"; print " <TR>\n"; print " <TH align=right style=\"vertical-align: top\">Privileges (found somewhere in the tree):</TH>\n"; print " <TD>\n"; uasort($userdata["privileges"], "sortKeepIndex"); foreach ($userdata["privileges"] as $priv) { if ($priv == "block" || $priv == "cascade") { continue; } print " {$priv}<br>\n"; } print " </TD>\n"; print " </TR>\n"; print "</TABLE>\n"; # get user's resources $userResources = getUserResources(array("imageCheckOut"), array("available"), 0, 0, $userdata['id']); # find nodes where user has privileges $query = "SELECT p.name AS privnode, " . "upt.name AS userprivtype, " . "up.privnodeid " . "FROM userpriv up, " . "privnode p, " . "userprivtype upt " . "WHERE up.privnodeid = p.id AND " . "up.userprivtypeid = upt.id AND " . "up.userid = {$userdata['id']} " . "ORDER BY p.name, " . "upt.name"; $qh = doQuery($query, 101); if (mysql_num_rows($qh)) { print "Nodes where user is granted privileges:<br>\n"; print "<TABLE>\n"; $privnodeid = 0; while ($row = mysql_fetch_assoc($qh)) { if ($privnodeid != $row['privnodeid']) { if ($privnodeid) { print " </TD>\n"; print " </TR>\n"; } print " <TR>\n"; $privnodeid = $row['privnodeid']; $path = getNodePath($privnodeid); print " <TH align=right>{$path}</TH>\n"; print " <TD>\n"; } print " {$row['userprivtype']}<br>\n"; } print " </TD>\n"; print " </TR>\n"; print "</TABLE>\n"; } # find nodes where user's groups have privileges if (!empty($userdata['groups'])) { $query = "SELECT DISTINCT p.name AS privnode, " . "upt.name AS userprivtype, " . "up.privnodeid " . "FROM userpriv up, " . "privnode p, " . "userprivtype upt " . "WHERE up.privnodeid = p.id AND " . "up.userprivtypeid = upt.id AND " . "upt.name != 'cascade' AND " . "upt.name != 'block' AND " . "up.usergroupid IN (" . implode(',', array_keys($userdata['groups'])) . ") " . "ORDER BY p.name, " . "upt.name"; $qh = doQuery($query, 101); if (mysql_num_rows($qh)) { print "Nodes where user's groups are granted privileges:<br>\n"; print "<TABLE>\n"; $privnodeid = 0; while ($row = mysql_fetch_assoc($qh)) { if ($privnodeid != $row['privnodeid']) { if ($privnodeid) { print " </TD>\n"; print " </TR>\n"; } print " <TR>\n"; $privnodeid = $row['privnodeid']; $path = getNodePath($privnodeid); print " <TH align=right>{$path}</TH>\n"; print " <TD>\n"; } print " {$row['userprivtype']}<br>\n"; } print " </TD>\n"; print " </TR>\n"; print "</TABLE>\n"; } } print "<table>\n"; print " <tr>\n"; print " <th>Images User Has Access To:<th>\n"; print " <td>\n"; foreach ($userResources['image'] as $img) { print " {$img}<br>\n"; } print " </td>\n"; print " </tr>\n"; print "</table>\n"; # login history $query = "SELECT authmech, " . "timestamp, " . "passfail, " . "remoteIP, " . "code " . "FROM loginlog " . "WHERE (user = '******'unityid']}' OR " . "user = '******'unityid']}@{$userdata['affiliation']}') AND " . "affiliationid = {$userdata['affiliationid']} " . "ORDER BY timestamp DESC " . "LIMIT 8"; $logins = array(); $qh = doQuery($query); while ($row = mysql_fetch_assoc($qh)) { $logins[] = $row; } if (count($logins)) { $logins = array_reverse($logins); print "<h3>Login History (last 8 attempts)</h3>\n"; print "<table summary=\"login attempts\">\n"; print "<colgroup>\n"; print "<col class=\"logincol\" />\n"; print "<col class=\"logincol\" />\n"; print "<col class=\"logincol\" />\n"; print "<col class=\"logincol\" />\n"; print "<col />\n"; print "</colgroup>\n"; print " <tr>\n"; print " <th>Authentication Method</th>\n"; print " <th>Timestamp</th>\n"; print " <th>Result</th>\n"; print " <th>Remote IP</th>\n"; print " <th>Extra Info</th>\n"; print " </tr>\n"; foreach ($logins as $login) { print " <tr>\n"; print " <td class=\"logincell\">{$login['authmech']}</td>\n"; $ts = prettyDatetime($login['timestamp'], 1); print " <td class=\"logincell\">{$ts}</td>\n"; if ($login['passfail']) { print " <td class=\"logincell\"><font color=\"#008000\">Pass</font></td>\n"; } else { print " <td class=\"logincell\"><font color=\"red\">Fail</font></td>\n"; } print " <td class=\"logincell\">{$login['remoteIP']}</td>\n"; print " <td class=\"logincell\">{$login['code']}</td>\n"; print " </tr>\n"; } print "</table>\n"; } else { print "<h3>Login History</h3>\n"; print "There are no login attempts by this user.<br>\n"; } # reservation history $requests = array(); $query = "SELECT DATE_FORMAT(l.start, '%W, %b %D, %Y, %h:%i %p') AS start, " . "DATE_FORMAT(l.finalend, '%W, %b %D, %Y, %h:%i %p') AS end, " . "c.hostname, " . "i.prettyname AS prettyimage, " . "s.IPaddress, " . "l.ending " . "FROM log l, " . "image i, " . "computer c, " . "sublog s " . "WHERE l.userid = {$userdata['id']} AND " . "s.logid = l.id AND " . "i.id = s.imageid AND " . "c.id = s.computerid " . "ORDER BY l.start DESC " . "LIMIT 5"; $qh = doQuery($query, 290); while ($row = mysql_fetch_assoc($qh)) { array_push($requests, $row); } $requests = array_reverse($requests); if (!empty($requests)) { print "<h3>User's last " . count($requests) . " reservations:</h3>\n"; print "<table>\n"; $first = 1; foreach ($requests as $req) { if ($first) { $first = 0; } else { print " <tr>\n"; print " <td colspan=2><hr></td>\n"; print " </tr>\n"; } print " <tr>\n"; print " <th align=right>Image:</th>\n"; print " <td>{$req['prettyimage']}</td>\n"; print " </tr>\n"; print " <tr>\n"; print " <th align=right>Computer:</th>\n"; print " <td>{$req['hostname']}</td>\n"; print " </tr>\n"; print " <tr>\n"; print " <th align=right>Start:</th>\n"; print " <td>{$req['start']}</td>\n"; print " </tr>\n"; print " <tr>\n"; print " <th align=right>End:</th>\n"; print " <td>{$req['end']}</td>\n"; print " </tr>\n"; if ($req['IPaddress'] != '') { print " <tr>\n"; print " <th align=right>IP Address:</th>\n"; print " <td>{$req['IPaddress']}</td>\n"; print " </tr>\n"; } print " <tr>\n"; print " <th align=right>Ending:</th>\n"; print " <td>{$req['ending']}</td>\n"; print " </tr>\n"; } print "</table>\n"; } else { print "User made no reservations in the past week.<br>\n"; } # current reservations $requests = array(); $query = "SELECT DATE_FORMAT(rq.start, '%W, %b %D, %Y, %h:%i %p') AS start, " . "DATE_FORMAT(rq.end, '%W, %b %D, %Y, %h:%i %p') AS end, " . "rq.id AS requestid, " . "MIN(rs.id) AS reservationid, " . "c.hostname AS computer, " . "i.prettyname AS prettyimage, " . "c.IPaddress AS compIP, " . "rs.remoteIP AS userIP, " . "ch.hostname AS vmhost, " . "mn.hostname AS managementnode, " . "srq.name AS servername, " . "aug.name AS admingroup, " . "lug.name AS logingroup, " . "s1.name AS state, " . "s2.name AS laststate " . "FROM image i, " . "managementnode mn, " . "request rq " . "LEFT JOIN reservation rs ON (rs.requestid = rq.id) " . "LEFT JOIN computer c ON (rs.computerid = c.id) " . "LEFT JOIN vmhost vh ON (c.vmhostid = vh.id) " . "LEFT JOIN computer ch ON (vh.computerid = ch.id) " . "LEFT JOIN serverrequest srq ON (srq.requestid = rq.id) " . "LEFT JOIN usergroup aug ON (aug.id = srq.admingroupid) " . "LEFT JOIN usergroup lug ON (lug.id = srq.logingroupid) " . "LEFT JOIN state s1 ON (s1.id = rq.stateid) " . "LEFT JOIN state s2 ON (s2.id = rq.laststateid) " . "WHERE rq.userid = {$userdata['id']} AND " . "i.id = rs.imageid AND " . "mn.id = rs.managementnodeid " . "GROUP BY rq.id " . "ORDER BY rq.start"; $qh = doQuery($query, 290); while ($row = mysql_fetch_assoc($qh)) { array_push($requests, $row); } $requests = array_reverse($requests); if (!empty($requests)) { print "<h3>User's current reservations:</h3>\n"; print "<table>\n"; $first = 1; foreach ($requests as $req) { if ($first) { $first = 0; } else { print " <tr>\n"; print " <td colspan=2><hr></td>\n"; print " </tr>\n"; } print " <tr>\n"; print " <th align=right>Request ID:</th>\n"; print " <td>{$req['requestid']}</td>\n"; print " </tr>\n"; if ($req['servername'] != '') { print " <tr>\n"; print " <th align=right>Reservation Name:</th>\n"; print " <td>{$req['servername']}</td>\n"; print " </tr>\n"; } print " <tr>\n"; print " <th align=right>Image:</th>\n"; print " <td>{$req['prettyimage']}</td>\n"; print " </tr>\n"; print " <tr>\n"; print " <th align=right>State:</th>\n"; if ($req['state'] == 'pending') { print " <td>{$req['laststate']}</td>\n"; } else { print " <td>{$req['state']}</td>\n"; } print " </tr>\n"; print " <tr>\n"; print " <th align=right>Computer:</th>\n"; print " <td>{$req['computer']}</td>\n"; print " </tr>\n"; if (!empty($req['vmhost'])) { print " <tr>\n"; print " <th align=right>VM Host:</th>\n"; print " <td>{$req['vmhost']}</td>\n"; print " </tr>\n"; } print " <tr>\n"; print " <th align=right>Start:</th>\n"; print " <td>{$req['start']}</td>\n"; print " </tr>\n"; print " <tr>\n"; print " <th align=right>End:</th>\n"; if ($req['end'] == 'Friday, Jan 1st, 2038, 12:00 AM') { print " <td>(indefinite)</td>\n"; } else { print " <td>{$req['end']}</td>\n"; } print " </tr>\n"; if ($req['compIP'] != '') { print " <tr>\n"; print " <th align=right>Node's IP Address:</th>\n"; print " <td>{$req['compIP']}</td>\n"; print " </tr>\n"; } if ($req['userIP'] != '') { print " <tr>\n"; print " <th align=right>User's IP Address:</th>\n"; print " <td>{$req['userIP']}</td>\n"; print " </tr>\n"; } if ($req['admingroup'] != '') { print " <tr>\n"; print " <th align=right>Admin Group:</th>\n"; print " <td>{$req['admingroup']}</td>\n"; print " </tr>\n"; } if ($req['logingroup'] != '') { print " <tr>\n"; print " <th align=right>Access Group:</th>\n"; print " <td>{$req['logingroup']}</td>\n"; print " </tr>\n"; } print " <tr>\n"; print " <th align=right>Management Node:</th>\n"; print " <td>{$req['managementnode']}</td>\n"; print " </tr>\n"; } print "</table>\n"; } else { print "User does not have any current reservations.<br>\n"; } } print "</div>\n"; }