API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Oct 10th, 2017
97
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 16.87 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. session_start();
  3. require_once("json.php");
  4. require_once("config.php");
  5. require_once("ldapclass.php");
  6.  
  7. $debug = 0;
  8.  
  9. if(isset($_POST["username"]))
  10. {
  11. $conn = mysql_connect( $dbaddr, $dbuser, $dbpass);
  12. if(!$conn) die('Could not connect to : ' . mysql_error());
  13. @mysql_select_db("carri", $conn) or die("Unable to select database.");
  14.  
  15. //################################# LDAP AUTHENTICATION START ###############################
  16.  
  17. $adServer = "localhost"; //We're forwarding ports via ssh so all connections will be on localhost
  18.  
  19. $username = $_POST['username'];
  20. $password = $_POST['secret'];
  21.  
  22. $username = strtolower($username);
  23.  
  24. $parts=preg_split("/@/", $username);
  25. switch($parts[1])
  26. {
  27. case "sprint.com":
  28. $ldapuser=$parts[0];
  29. $ldapdmn='EXT';
  30. $ldapport=400;
  31. $ldapdn='dc=ext,dc=saveology,dc=com';
  32. break;
  33. case "qdext.com":
  34. $ldapuser=$parts[0];
  35. $ldapdmn='EXT';
  36. $ldapport=400;
  37. $ldapdn='dc=ext,dc=saveology,dc=com';
  38. break;
  39. default:
  40. $ldapuser=$username;
  41. $ldapdmn='ELEPHANTGROUP';
  42. $ldapport=389;
  43. $ldapdn='dc=elephantgroup,dc=local';
  44. break;
  45. }
  46.  
  47. $Ldap = new ldapInfo;
  48.  
  49.  
  50. $MyConn = $Ldap->ldapConnect($adServer,$ldapport,$ldapuser,$password,$ldapdmn,$ldapdn);
  51.  
  52.  
  53. if ($MyConn == "49")
  54. {
  55. // $query = "INSERT INTO Events (EventTypeID,Severity,EventName,EventDesc) VALUES (1,3,'Failed Login Attempt', 'Attempt to login as \\'";
  56. // $query.= $_GET["username"] . "\\' failed (invalid password) from " . $_SERVER["REMOTE_ADDR"] . "')";
  57. //echo $query;
  58.  
  59. //mysql_query($query);
  60. echo "{success:false}";
  61.  
  62. header('Location: https://carri.qologydirect.com/unauthorized.php');
  63. exit();
  64. }
  65.  
  66.  
  67. $AdGroups=$Ldap->ldapGetGroups();
  68. //############################### LDAP AUTH DONE, GET GROUPS AND ATTRIBS ########################
  69. #var_dump($AdGroups);
  70. #exit;
  71. foreach($AdGroups as $value)
  72. {
  73. switch ($value) {
  74. case 'CN=CarriGroup_Sprint,OU=Carri,OU=Security Groups,DC=EXT,DC=SAVEOLOGY,DC=COM' :
  75. $gid = "40";
  76. break;
  77. case 'CN=CarriGroup_Default,OU=Carri,OU=Security Groups,DC=elephantgroup,DC=local' :
  78. $gid = "0";
  79. break;
  80. case 'CN=CarriGroup_Sprint,OU=External,OU=Carri,OU=Security Groups,DC=elephantgroup,DC=local' :
  81. $gid = "40";
  82. break;
  83. case 'CN=CarriGroup_Jamaica,OU=Carri,OU=Security Groups,DC=elephantgroup,DC=local' :
  84. $gid = "21";
  85. break;
  86. case 'CN=CarriGroup_FocusES,OU=Carri,OU=Security Groups,DC=elephantgroup,DC=local' :
  87. $gid = "12";
  88. break;
  89. case 'CN=CarriGroup_KG,OU=Carri,OU=Security Groups,DC=elephantgroup,DC=local' :
  90. $gid = "2";
  91. break;
  92. case 'CN=CarriGroup_SprintRetention,OU=Carri,OU=Security Groups,DC=elephantgroup,DC=local' :
  93. $gid = "0";
  94. break;
  95. case 'CN=CarriLevel_1,OU=Carri,OU=Security Groups,DC=EXT,DC=SAVEOLOGY,DC=COM' :
  96. $ulvl = "1";
  97. break;
  98. case 'CN=CarriLevel_3,OU=Carri,OU=Security Groups,DC=elephantgroup,DC=local' :
  99. $ulvl = "5";
  100. break;
  101. case 'CN=CarriLevel_2,OU=Carri,OU=Security Groups,DC=elephantgroup,DC=local' :
  102. $ulvl = "4";
  103. break;
  104. case 'CN=CarriLevel_1,OU=Carri,OU=Security Groups,DC=elephantgroup,DC=local' :
  105. $ulvl = "1";
  106. break;
  107. case 'Default' :
  108. $gid = "0"; $ulvl = "0";
  109. break;
  110. }
  111. }
  112. $MyAttribs = array("employeeid","samaccountname","displayname"); //Sets up attrib list array
  113. $GetAttrib = $Ldap->ldapGetAttrib($ldapuser,$MyAttribs); //Gets list of attributes from LdapQuery
  114.  
  115. $_SESSION["user"]["userid"] = '150'; //$GetAttrib['employeeid'];
  116. // $_SESSION["user"]["userid"] = $GetAttrib['employeeid']; //'150';
  117. $_SESSION["user"]["groupid"] = $gid;
  118. $_SESSION["user"]["username"] = $GetAttrib['samaccountname'];
  119. $_SESSION["user"]["fullname"] = $GetAttrib['displayname'];
  120. $_SESSION["user"]["level"] = $ulvl;
  121.  
  122. #var_dump($_SESSION["user"]);
  123.  
  124. if ($gid == "" || $ulvl == "")
  125. {
  126. header('Location: https://carri.qologydirect.com/unauthorized.php');
  127. exit();
  128. }
  129. else
  130. {
  131. unset($Ldap);
  132. }
  133. //echo $_SESSION["user"]["userid"]." ".$_SESSION["user"]["groupid"]." ".$_SESSION["user"]["username"]." ".$_SESSION["user"]["fullname"]." ".$_SESSION["user"]["level"];
  134. //$query = "INSERT INTO Events (EventTypeID,Severity,EventName,EventDesc) VALUES (1,1,'Successful Login', '";
  135. //$query.= $_SESSION["user"]["fullname"] . " logged in as \\'" . $_SESSION["user"]["username"] . "\\' from " . $_SERVER["REMOTE_ADDR"] . "')";
  136. //mysql_query($query);
  137. echo "{success: true}";
  138. }
  139. if(isset($_GET["info"]))
  140. {
  141. $conn = mysql_connect($dbaddr, $dbuser, $dbpass);
  142. if(!$conn) die('Failed to connect: ' . mysql_error());
  143. @mysql_select_db("ucn", $conn) or die('Failed to select db: ' . mysql_error());
  144.  
  145. $rs1=mysql_query("SELECT R.ContactID, R.StatusDate, C.StartDate FROM ucn.Recordings R JOIN ContactIDs C ON R.ContactID=C.ContactID WHERE R.Status&2=2 ORDER BY R.ContactID DESC LIMIT 1");
  146. if(!$rs1) die('rs1: Query failed. ' . mysql_error());
  147. $rs2=mysql_query("SELECT ContactID,StartDate FROM ucn.ContactIDs ORDER BY ContactID DESC LIMIT 1");
  148. if(!$rs2) die('rs1: Query failed. ' . mysql_error());
  149.  
  150. $rs3=mysql_query("SELECT COUNT(1) FROM ucn.Recordings R WHERE Status&134=2");
  151. if(!$rs3) die('rs2: Query failed. ' . mysql_error());
  152. $rs4=mysql_query("SELECT COUNT(1) FROM ucn.Recordings R WHERE Status&3=1");
  153. if(!$rs4) die('rs3: Query failed. ' . mysql_error());
  154.  
  155. $rw1=mysql_fetch_array($rs1);
  156. $rw2=mysql_fetch_array($rs2);
  157. $tc1=mysql_result($rs3,0,0);
  158. $tc2=mysql_result($rs4,0,0);
  159.  
  160. #Added by TOR
  161. $df=shell_exec('df -h | egrep -v "Vol|tmpfs"');
  162. $wload=trim(shell_exec('w|grep load'));
  163.  
  164. echo "<pre>";
  165. echo "$wload\n";
  166. echo "\n";
  167. echo "Newest Recording:\t" . $rw1[0] . " (" . $rw1[2] . ")\n";
  168. echo "Newest Contact:\t\t" . $rw2[0] . " (" . $rw2[1] . ")\n\n";
  169. echo "Recordings left to transcode: " . $tc1 . "\n";
  170. echo "Recordings left on FTP: " . $tc2 . "\n";
  171. echo "\n";
  172. echo "\n";
  173. echo "$df\n";
  174. echo "</pre>";
  175. }
  176.  
  177. if(isset($_GET['recs'])) // ACLs=1
  178. {
  179. $conn = mysql_connect($dbaddr, $dbuser, $dbpass);
  180. $today = date('Y-m-d');
  181. if(!$conn) die('Failed to connect: ' . mysql_error());
  182. @mysql_select_db("ucn", $conn) or die('Failed to select db: ' . mysql_error());
  183.  
  184. if(!isset($_SESSION["user"]["groupid"])) $_SESSION["user"]["groupid"]=0;
  185.  
  186. $qs = "SELECT r.RecordingID,r.ContactID,r.Status,r.StatusDate,r.Server,r.Path, c.StartDate AS CallDate,c.SkillID,c.AgentID, a.AgentName,t.TeamName,s.SkillName, c.QueueTime, c.AgentTime";
  187. $qs .= " FROM Recordings r LEFT JOIN ContactIDs c ON c.ContactID=r.ContactID LEFT JOIN Agents a ON a.AgentID=c.AgentID LEFT JOIN Teams t ON t.TeamID=c.TeamID LEFT JOIN Skills s ON s.SkillID=c.SkillID WHERE 1=1";
  188. if(isset($_POST['cid']) && $_POST['cid']!='') $qs .= " AND r.ContactID='" . $_POST['cid'] . "'";
  189. if(isset($_POST['calldate']) && $_POST['calldate']!='') $qs .= " AND DATE(c.StartDate)='" . $_POST['calldate'] . "'";
  190. if(isset($_POST['skillids']) && $_POST['skillids']!='') $qs .= " AND c.SkillID IN (" . $_POST['skillids'] . ")";
  191. if(isset($_POST['aid']) && $_POST['aid']!='')
  192. {
  193. $aid = $_POST['aid'];
  194. if(is_numeric($aid)) $qs .= " AND c.AgentID=$aid";
  195. else $qs .= " AND a.AgentName LIKE '$aid%'";
  196. }
  197. if(isset($_POST['tid']) && $_POST['tid']!='')
  198. {
  199. $tid = $_POST['tid'];
  200. if(is_numeric($tid)) $qs .= " AND c.TeamID=$tid";
  201. else $qs .= " AND t.TeamName LIKE '$tid%'";
  202. }
  203. #Commented out to allow recordings with no agent attached TOR 11-10-2010
  204. #$qs .= " AND AgentTime>0";
  205. $qs .= " AND " . ApplyACLs($_SESSION["user"]["groupid"]);
  206. $qs .= " ORDER BY r.ContactID DESC LIMIT 500";
  207.  
  208. $rs = mysql_query($qs);
  209.  
  210. #var_dump($_SESSION["user"]);
  211. # echo $qs;
  212.  
  213. //if(!$rs) die("Query failed [$qs]: " . mysql_error());
  214. #echo $qs;
  215. #echo mysql_num_rows($rs);
  216.  
  217. if(!$rs) {
  218. die("Query failed [$qs]: " . mysql_error());
  219. }
  220. else
  221. {
  222. $clean = preg_replace("/\'|\"/", "",$qs);
  223. $username = $_SESSION["user"]["username"];
  224. $fullname = $_SESSION["user"]["fullname"];
  225. $query ="Insert into carri.AccessLog (UserName, FullName, Date, Details) Values ('".$username."','".$fullname."','".date('Y-m-d H:i:s')."','".$clean."');";
  226. mysql_query($query) or die("Query failed [$query]: " . mysql_error());
  227.  
  228. //$query ="Insert into carri.AccessLog (UserName, FullName, Date, Details) Values ('".$_SESSION["user"]["username"]."'.'".$_SESSION["user"]["fullname"]."','".date('Y-m-d H:i:s')."','".$qs."');";
  229. //mysql_query($query) or die("Query failed [$query]: " . mysql_error());
  230. }
  231.  
  232. $t = array();
  233. while($obj=mysql_fetch_object($rs)) $t[]=$obj;
  234. $json = new Services_JSON();
  235. $r['total'] = count($t);
  236. $r['ulvl'] = $_SESSION["user"]["level"];
  237. $r['unme'] = $_SESSION["user"]["username"];
  238. $r['data'] = $t;
  239. print_r($json->encode($r));
  240. }
  241. if(isset($_GET["recstats"]))
  242. {
  243. $conn = mysql_connect($dbaddr, $dbuser, $dbpass);
  244. if(!$conn) die('Failed to connect: ' . mysql_error());
  245. @mysql_select_db("ucn", $conn) or die('Failed to select db: ' . mysql_error());
  246.  
  247. $qs = "SELECT * FROM ucn.RecordingStatus";
  248. $rs = mysql_query($qs);
  249. if(!$rs) die("Query failed [$qs]: " . mysql_error());
  250.  
  251. $t = array();
  252. while($obj=mysql_fetch_object($rs)) $t[]=$obj;
  253. $json = new Services_JSON();
  254. $r['total'] = count($t);
  255. $r['data'] = $t;
  256. print_r($json->encode($r));
  257. }
  258. if(isset($_GET["skills"])) // ACLs=0
  259. {
  260. $conn = mysql_connect($dbaddr, $dbuser, $dbpass);
  261. if(!$conn) die('Failed to connect: ' . mysql_error());
  262. @mysql_select_db("ucn", $conn) or die('Failed to select db: ' . mysql_error());
  263.  
  264. $q1 = '1=1';
  265.  
  266. $q1 = ApplyACLs($_SESSION["user"]["groupid"]);
  267. $qs = "SELECT * FROM ucn.Skills c WHERE $q1 ORDER BY SkillName";
  268. $rs = mysql_query($qs);
  269. if(!$rs) die("Query failed [$qs]: " . mysql_error());
  270.  
  271. $t = array();
  272. $t = array();
  273. $t = array();
  274. while($obj=mysql_fetch_object($rs)) $t[]=$obj;
  275. $json = new Services_JSON();
  276. $r['total'] = count($t);
  277. $r['data'] = $t;
  278. print_r($json->encode($r));
  279. }
  280. if(isset($_GET["agents"])) // ACLs=0
  281. {
  282. $conn = mysql_connect($dbaddr, $dbuser, $dbpass);
  283. if(!$conn) die('Failed to connect: ' . mysql_error());
  284. @mysql_select_db("ucn", $conn) or die('Failed to select db: ' . mysql_error());
  285.  
  286. $qs = "SELECT * FROM ucn.Agents ORDER BY AgentName";
  287. $rs = mysql_query($qs);
  288. if(!$rs) die("Query failed [$qs]: " . mysql_error());
  289.  
  290. $t = array();
  291. while($obj=mysql_fetch_object($rs)) $t[]=$obj;
  292. $json = new Services_JSON();
  293. $r['total'] = count($t);
  294. $r['data'] = $t;
  295. print_r($json->encode($r));
  296. }
  297. if(isset($_GET["teams"])) // ACLs=0
  298. {
  299. $conn = mysql_connect($dbaddr, $dbuser, $dbpass);
  300. if(!$conn) die('Failed to connect: ' . mysql_error());
  301. @mysql_select_db("ucn", $conn) or die('Failed to select db: ' . mysql_error());
  302.  
  303. $qs = "SELECT * FROM ucn.Teams ORDER BY TeamName";
  304. $rs = mysql_query($qs);
  305. if(!$rs) die("Query failed [$qs]: " . mysql_error());
  306.  
  307. $t = array();
  308. while($obj=mysql_fetch_object($rs)) $t[]=$obj;
  309. $json = new Services_JSON();
  310. $r['total'] = count($t);
  311. $r['data'] = $t;
  312. print_r($json->encode($r));
  313. }
  314. if(isset($_GET["events"]))
  315. {
  316. $conn = mysql_connect($dbaddr, $dbuser, $dbpass);
  317. if(!$conn) die('Could not connect to : ' . mysql_error());
  318. @mysql_select_db("carri", $conn) or die('Failed to select db: ' . mysql_error());
  319. $t = array();
  320. $rs=mysql_query("SELECT * FROM Events e ORDER BY EventDate DESC LIMIT 100");
  321. while($obj=mysql_fetch_object($rs)) $t[]=$obj;
  322. $json = new Services_JSON();
  323. $resarr['total'] = count($t);
  324. $resarr['data'] = $t;
  325. $output = $json->encode($resarr);
  326. print_r($output);
  327. }
  328.  
  329. if(isset($_GET["test"]))
  330. {
  331. function get_client_ip_env() {
  332. $ipaddress = '';
  333. if (getenv('HTTP_CLIENT_IP'))
  334. $ipaddress = getenv('HTTP_CLIENT_IP');
  335. else if(getenv('HTTP_X_FORWARDED_FOR'))
  336. $ipaddress = getenv('HTTP_X_FORWARDED_FOR');
  337. else if(getenv('HTTP_X_FORWARDED'))
  338. $ipaddress = getenv('HTTP_X_FORWARDED');
  339. else if(getenv('HTTP_FORWARDED_FOR'))
  340. $ipaddress = getenv('HTTP_FORWARDED_FOR');
  341. else if(getenv('HTTP_FORWARDED'))
  342. $ipaddress = getenv('HTTP_FORWARDED');
  343. else if(getenv('REMOTE_ADDR'))
  344. $ipaddress = getenv('REMOTE_ADDR');
  345. else
  346. $ipaddress = 'UNKNOWN';
  347.  
  348. return $ipaddress;
  349. }
  350.  
  351.  
  352.  
  353. $ldaphost = "localhost"; // your ldap servers
  354. $ldapport = 389; // your ldap server's port number
  355. $ldapconn = ldap_connect($ldaphost, $ldapport);
  356.  
  357. if($ldapconn){echo 'LDAP Connection OK! <br>';} else {echo 'LDAP Connection FAILED! <br>';}
  358.  
  359. $ldaprdn = 'elephantgroup' . "\\" . 'tpolack';
  360.  
  361. ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
  362. ldap_set_option($ldapconn, LDAP_OPT_REFERRALS, 0);
  363.  
  364. $bind = ldap_bind($ldapconn, $ldaprdn, 'Temp1234');
  365.  
  366. ldap_get_option($bind,LDAP_OPT_ERROR_NUMBER,$optErrorNumber);
  367.  
  368. if (! $bind)
  369. {
  370. echo '<p>LDAP Bind FAILED!</p>';
  371. echo 'LDAP set options: '.ldap_error($ldapconn).'! <br>';
  372. echo 'LDAP error #: '.ldap_error($bind).'! <br>';
  373. }
  374. else
  375. {
  376. echo 'Client IP: '.get_client_ip_env().'! <br>';
  377. echo 'LDAP Bind OK! <br>';
  378. echo 'LDAP set options: '.ldap_error($ldapconn).'! <br>';
  379. echo 'User Info: '.$_SESSION["user"]["fullname"].' '.$_SESSION["user"]["username"].'! <br> ';
  380. }
  381.  
  382. $conn = mysql_connect($dbaddr, $dbuser, $dbpass);
  383. if(!$conn) die('Could not connect to : ' . mysql_error());
  384. if(@mysql_select_db("carri", $conn) or die('Failed to select db: ' . mysql_error())){
  385. echo "Database Connected OK! <br>";
  386.  
  387. }
  388. if (isset($_SESSION["user"]["groupid"]) && $_SESSION["user"]["level"] >= 5) {
  389. echo "GroupID: ".$_SESSION["user"]["groupid"]."<br>";
  390. echo "UserID: ".$_SESSION["user"]["level"]."<br>";
  391. echo ApplyACLs($_SESSION["user"]["groupid"])."<br>";
  392.  
  393. $query ="Insert into carri.AccessLog (UserName, FullName, Date, Details) Values ('".$_SESSION["user"]["username"]."','".$_SESSION["user"]["fullname"]."','".date('Y-m-d H:i:s')."','".$query."');";
  394. mysql_query($query) or die("Query failed [$query]: " . mysql_error());
  395. }
  396. }
  397.  
  398. function ApplyACLs($gid)
  399. {
  400. $qs = "SELECT * FROM carri.ACLs WHERE Access=1 AND GroupID=$gid ";
  401. $rs = mysql_query($qs); if(!$rs) die("Query failed [$qs]: " . mysql_error());
  402. if(mysql_numrows($rs)>0)
  403. {
  404. $tids = array(); $tstr = "";
  405. $cids = array(); $cstr = "";
  406. $sids = array(); $sstr = "";
  407. for($i=0;$i<mysql_numrows($rs);$i++)
  408. {
  409. $rtid = mysql_result($rs,$i,"TeamID");
  410. $rcid = mysql_result($rs,$i,"CampaignID");
  411. $rsid = mysql_result($rs,$i,"SkillID");
  412. if($rtid) $tids[]=$rtid;
  413. if($rcid) $cids[]=$rcid;
  414. if($rsid) $sids[]=$rsid;
  415. }
  416. foreach($tids as $t)
  417. {
  418. if($tstr) $tstr .= " OR ";
  419. $tstr .= "c.TeamID=$t";
  420. }
  421. foreach($cids as $c)
  422. {
  423. if($cstr) $cstr .= " OR ";
  424. $cstr .= "c.CampaignID=$c";
  425. }
  426. foreach($sids as $s)
  427. {
  428. if($sstr) $sstr .= " OR ";
  429. $sstr .= "c.SkillID=$s";
  430. }
  431. if($tstr) $tstr="($tstr)"; else $tstr="1";
  432. if($cstr) $cstr="($cstr)"; else $cstr="1";
  433. if($sstr) $sstr="($sstr)"; else $sstr="1";
  434. $qstr = "$tstr AND $cstr AND $sstr";
  435. }
  436. // Restriction based on Approved ContactIDs....
  437. $qs = "SELECT * FROM carri.ACLs WHERE Access=2 AND GroupID=$gid";
  438. $rs = mysql_query($qs); if(!$rs) die("Query failed [$qs]: " . mysql_error());
  439. if(mysql_numrows($rs)>0)
  440. {
  441. $qs = "SELECT ContactID FROM carri.Approved WHERE GroupID=$gid";
  442. $rs2 = mysql_query($qs); if(!$rs2) die("Query failed [$qs]: " . mysql_error());
  443. $cstr = "";
  444. for($i=0;$i<mysql_numrows($rs2);$i++)
  445. {
  446. $cid = mysql_result($rs2,$i,"ContactID");
  447. if($cstr) $cstr .= " OR ";
  448. $cstr .= "c.ContactID=$cid";
  449. }
  450. if($cstr) $cstr="($cstr)"; else $cstr="1";
  451. if($qstr) $qstr .= " AND $cstr"; else $qstr = $cstr;
  452. }
  453. if(!$qstr) $qstr=1;
  454. $qstr = "($qstr)";
  455. return $qstr;
  456. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!