function loginLDAPUser($user, $pass, $config, $domain = false) { $errorText = ''; $validUser = false; //user lookup $mysqli = $config->mysqli; $sql_user = strtoupper($mysqli->real_escape_string($user)); $myq = "SELECT * FROM EMPLOYEE WHERE ID='" . $sql_user . "'"; $result = $mysqli->query($myq); //show SQL error msg if query failed if (!$result) { throw new Exception("Database Error [{$mysqli->errno}] {$mysqli->error}"); } else { } //no loop, should be exactly one result $resultAssoc = $result->fetch_assoc(); // Check user existence if (strcasecmp($user, $resultAssoc['ID']) == 0) { $errorText = "User Found <br />"; $admin = $resultAssoc['ADMINLVL']; //Check LDAP status if ($resultAssoc['isLDAP']) { //login using LDAP Password if ($user != "" && $pass != "") { if ($resultAssoc['isMCO']) { $ldap_domain = $config->ldap_MCO_domain; $cnx = ldap_connect($config->ldap_MCO_server); } else { $ldap_domain = $config->domain; $cnx = ldap_connect($config->ldap_server); } $ldaprdn = $user . '@' . $ldap_domain; ldap_set_option($cnx, LDAP_OPT_PROTOCOL_VERSION, 3); //Set the LDAP Protocol used by your AD service ldap_set_option($cnx, LDAP_OPT_REFERRALS, 0); //This was necessary for my AD to do anything if (ldap_bind($cnx, $ldaprdn, $pass)) { //Authorization success $errorText .= " and Valid password "; //Set Last Login $lastLogin = new DateTime($resultAssoc['LASTLOGIN']); $_SESSION['lastLogin'] = $lastLogin->format('m-d-Y H:i'); //Update last login $myq = "UPDATE `PAYROLL`.`EMPLOYEE` SET `LASTLOGIN` = NOW() WHERE CONVERT(`EMPLOYEE`.`ID` USING utf8) = '" . strtoupper($user) . "' LIMIT 1;"; $mysqli = connectToSQL(); $result = $mysqli->query($myq); //show SQL error msg if query failed if (!$result) { throw new Exception("Database Error [{$mysqli->errno}] {$mysqli->error}"); } $_SESSION['userIDnum'] = $resultAssoc['IDNUM']; $_SESSION['userName'] = $user; $_SESSION['admin'] = $admin; $_SESSION['validUser'] = true; $_SESSION['isLDAP'] = true; $_SESSION['timeout'] = time(); //session_regenerate_id(); $validUser = true; $configNew = new Config(); $configNew->setAdmin(isset($_SESSION['admin']) ? $_SESSION['admin'] : -1); addLog($configNew, 'Logged in to system'); echo '<meta http-equiv="refresh" content="0;url=' . $_SERVER['REQUEST_URI'] . '" />'; } else { $errorText .= "Failed to authenticate user: "******"UPDATE `PAYROLL`.`EMPLOYEE` SET `LASTLOGIN` = NOW() WHERE CONVERT(`EMPLOYEE`.`ID` USING utf8) = '" . strtoupper($user) . "' LIMIT 1;"; $mysqli = connectToSQL(); $result = $mysqli->query($myq); //show SQL error msg if query failed if (!$result) { throw new Exception("Database Error [{$mysqli->errno}] {$mysqli->error}"); } $errorText .= " and Valid password "; $_SESSION['userIDnum'] = $resultAssoc['IDNUM']; $_SESSION['userName'] = $user; $_SESSION['admin'] = $admin; $_SESSION['validUser'] = true; $_SESSION['isLDAP'] = false; $_SESSION['timeout'] = time(); //session_regenerate_id(); $validUser = true; $configNew = new Config(); $configNew->setAdmin(isset($_SESSION['admin']) ? $_SESSION['admin'] : -1); addLog($configNew, 'Logged in to system'); echo '<meta http-equiv="refresh" content="0;url=' . $_SERVER['PHP_SELF'] . '" />'; } } } else { if ($user != "" && $pass != "") { //Attempt login and registration for Mahoning County Domain // if(strcmp($domain, "MAHONINGCO") == 0){ $ldap_domain = $config->ldap_MCO_domain; $cnx = ldap_connect($config->ldap_MCO_server); // } // else{ // $ldap_domain =$config->domain; // $cnx = ldap_connect($config->ldap_server); // } $ldaprdn = $user . '@' . $ldap_domain; ldap_set_option($cnx, LDAP_OPT_PROTOCOL_VERSION, 3); //Set the LDAP Protocol used by your AD service ldap_set_option($cnx, LDAP_OPT_REFERRALS, 0); //This was necessary for my AD to do anything if ($ldapbind = ldap_bind($cnx, $ldaprdn, $pass)) { //Authorization success $admin = "0"; error_reporting(E_ALL ^ E_NOTICE); //Suppress some unnecessary messages //Split given domain into LDAP Base DN $temp = explode(".", $ldap_domain); $dn = null; foreach ($temp as $dc) { if (empty($dn)) { $dn = "DC=" . $dc; } else { $dn = $dn . ",DC=" . $dc; } } // if(strcmp($domain, "MAHONINGCO") == 0) // $dn = $config->ldap_MCO_OU.$dn; $userToFind = $user; $filter = "(&(objectCategory=person)(objectClass=user)"; $filter .= "(|(samaccountname=*" . $userToFind . "*)(sn=*" . $userToFind . "*)(displayname=*" . $userToFind . "*)"; $filter .= "(mail=*" . $userToFind . "*)(department=*" . $userToFind . "*)(title=*" . $userToFind . "*)))"; //Search fields $isAuthOU = false; $dnAppend = $dn; foreach ($config->ldap_MCSO_OUS as $dn) { $dn = $dn . $dnAppend; $res = ldap_search($cnx, $dn, $filter); $info = ldap_get_entries($cnx, $res); if ($info['count'] > 0) { $isAuthOU = true; break; } } $res = ldap_search($cnx, $dn, $filter); $info = ldap_get_entries($cnx, $res); if ($isAuthOU) { if (strcmp($domain, "MAHONINGCO") == 0) { registerUser($user, $pass, $pass, $admin, "1", "1"); } else { registerUser($user, $pass, $pass, $admin, "1"); } $idNum = getUserID($config, $user); $myq = "UPDATE `PAYROLL`.`EMPLOYEE` SET \n `LNAME` = '" . $info[0]["sn"][0] . "',\n `FNAME` = '" . $info[0]["givenname"][0] . "'\n WHERE EMPLOYEE.IDNUM = '" . $idNum . "'"; //Perform SQL Query $result = $mysqli->query($myq); $errorText .= " and Valid password "; //Set Session variables $_SESSION['userIDnum'] = getUserID($config, $user); $_SESSION['lastLogin'] = "******"; $_SESSION['userName'] = $user; $_SESSION['admin'] = $admin; $_SESSION['validUser'] = true; $_SESSION['isLDAP'] = true; $_SESSION['timeout'] = time(); //session_regenerate_id(); $validUser = true; $configNew = new Config(); $configNew->setAdmin(isset($_SESSION['admin']) ? $_SESSION['admin'] : -1); addLog($configNew, 'Logged in to system'); echo '<meta http-equiv="refresh" content="0;url=' . $_SERVER['PHP_SELF'] . '?updateProfile=true" />'; } else { $errorText .= "WARNING! Failed to authenticate as a Sheriff user: "******"Failed to authenticate user: "******"Invalid Input: Missing Arguments"; } if ($validUser != true) { $errorText .= "Invalid username or password!"; } else { $errorText = NULL; } return $errorText; }
session_save_path('C:\\temp'); } else { session_save_path('/var/www/sessions'); } //linux server session_start(); //Database related fucntions require_once 'bin/db_sqli.php'; //User Based Files require_once 'bin/db_config.php'; require_once 'bin/db_usr_menu.php'; require_once 'bin/usr_functions.php'; require_once 'bin/usr_display.php'; //Class Declarations for User Based Control $config = new Config(); $config->setAdmin(isset($_SESSION['admin']) ? $_SESSION['admin'] : -1); //Content Based Files require_once 'bin/wts_content.php'; require_once 'bin/wts_content_class.php'; //Class Declarations for Content Based Control $wts_content = new wts_content(); //Announcements with Admin backend require_once 'bin/wts_announce.php'; //Searching require_once 'bin/wts_search.php'; require_once 'bin/WTS_Classes/Employee.php'; //Time gain/use (leave) request functions require_once 'bin/time_request_functions.php'; include_once 'bin/Modules/TimeRequests/request_gui.php'; //WTS Logs //Secondary Employment Logs
function expungeRequest($mysqli, $referNum, $unExpunge = false, $delBtnIndex = false, $totalRows = false, $extraInputs = '') { $confirmBtn = isset($_POST['confirmBtn']) ? true : false; if ($unExpunge) { if (!isset($_POST['okBtn'])) { $myq = "UPDATE REQUEST \r\n SET STATUS='PENDING'\r\n WHERE REFER=" . $mysqli->real_escape_string($referNum); $result = $mysqli->query($myq); if (!SQLerrorCatch($mysqli, $result, $myq, $debug = false)) { $configNew = new Config(); $configNew->setAdmin(isset($_SESSION['admin']) ? $_SESSION['admin'] : -1); popUpMessage('Request ' . $referNum . ' Has been placed back into PENDING State. <div align="center"><form method="POST"> ' . $extraInputs . ' <input type="submit" name="okBtn" value="OK" /> </form></div>'); addLog($configNew->mysqli, 'UnExpunged Time Request with Ref# ' . $referNum); } } } else { if ($confirmBtn && !empty($_POST['expungedReason']) && $_SESSION['admin']) { $myq = "UPDATE REQUEST \r\n SET STATUS='EXPUNGED',\r\n HRAPP_ID='0',\r\n EX_REASON='" . $mysqli->real_escape_string($_POST['expungedReason']) . "',\r\n AUDITID='" . $mysqli->real_escape_string($_SESSION['userIDnum']) . "',\r\n IP= INET_ATON('" . $mysqli->real_escape_string($_SERVER['REMOTE_ADDR']) . "')\r\n WHERE REFER='" . $mysqli->real_escape_string($referNum) . "'"; $result = $mysqli->query($myq); if (!SQLerrorCatch($mysqli, $result, $myq, $debug = false)) { $configNew = new Config(); $configNew->setAdmin(isset($_SESSION['admin']) ? $_SESSION['admin'] : -1); addLog($configNew, 'Expunged Time Request with Ref# ' . $referNum); popUpMessage('Request ' . $referNum . ' expunged. <div align="center"><form method="POST" action="' . $_SERVER['REQUEST_URI'] . '"> ' . $extraInputs . ' <input type="submit" name="okBtn" value="OK" /> </form></div>'); } } else { if (!isset($_POST['okBtn'])) { $result = ""; if (isset($_POST['expungedReason'])) { if (empty($_POST['expungedReason'])) { $result = '<font color="red">Requires a Reason</font><br/>'; } } $echo = '<div align="center"><form method="POST" action="' . $_SERVER['REQUEST_URI'] . '"> <input name="deleteBtn' . $delBtnIndex . '" type="hidden" value="' . $referNum . '" /> <input type="hidden" name="totalRows" value="' . $totalRows . '" /> Request ' . $referNum . ' to be expunged<br/> ' . $result . ' Reason:<textarea name="expungedReason"></textarea><br/> <input type="submit" name="confirmBtn" value="CONFIRM EXPUNGE" /> <input type="submit" name="okBtn" value="CANCEL" /> ' . $extraInputs . ' </form></div>'; popUpMessage($echo); } } } }
<?php require_once '../config.php'; require_once '../extern/password.php'; Config::setAdmin(); $dbConnection = Config::getConnection(); require_once 'validate.php'; session_start();