Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- session_start();
- require_once("json.php");
- require_once("config.php");
- require_once("ldapclass.php");
- $debug = 0;
- if(isset($_POST["username"]))
- {
- $conn = mysql_connect( $dbaddr, $dbuser, $dbpass);
- if(!$conn) die('Could not connect to : ' . mysql_error());
- @mysql_select_db("carri", $conn) or die("Unable to select database.");
- //################################# LDAP AUTHENTICATION START ###############################
- $adServer = "localhost"; //We're forwarding ports via ssh so all connections will be on localhost
- $username = $_POST['username'];
- $password = $_POST['secret'];
- $username = strtolower($username);
- $parts=preg_split("/@/", $username);
- switch($parts[1])
- {
- case "sprint.com":
- $ldapuser=$parts[0];
- $ldapdmn='EXT';
- $ldapport=400;
- $ldapdn='dc=ext,dc=saveology,dc=com';
- break;
- case "qdext.com":
- $ldapuser=$parts[0];
- $ldapdmn='EXT';
- $ldapport=400;
- $ldapdn='dc=ext,dc=saveology,dc=com';
- break;
- default:
- $ldapuser=$username;
- $ldapdmn='ELEPHANTGROUP';
- $ldapport=389;
- $ldapdn='dc=elephantgroup,dc=local';
- break;
- }
- $Ldap = new ldapInfo;
- $MyConn = $Ldap->ldapConnect($adServer,$ldapport,$ldapuser,$password,$ldapdmn,$ldapdn);
- if ($MyConn == "49")
- {
- // $query = "INSERT INTO Events (EventTypeID,Severity,EventName,EventDesc) VALUES (1,3,'Failed Login Attempt', 'Attempt to login as \\'";
- // $query.= $_GET["username"] . "\\' failed (invalid password) from " . $_SERVER["REMOTE_ADDR"] . "')";
- //echo $query;
- //mysql_query($query);
- echo "{success:false}";
- header('Location: https://carri.qologydirect.com/unauthorized.php');
- exit();
- }
- $AdGroups=$Ldap->ldapGetGroups();
- //############################### LDAP AUTH DONE, GET GROUPS AND ATTRIBS ########################
- #var_dump($AdGroups);
- #exit;
- foreach($AdGroups as $value)
- {
- switch ($value) {
- case 'CN=CarriGroup_Sprint,OU=Carri,OU=Security Groups,DC=EXT,DC=SAVEOLOGY,DC=COM' :
- $gid = "40";
- break;
- case 'CN=CarriGroup_Default,OU=Carri,OU=Security Groups,DC=elephantgroup,DC=local' :
- $gid = "0";
- break;
- case 'CN=CarriGroup_Sprint,OU=External,OU=Carri,OU=Security Groups,DC=elephantgroup,DC=local' :
- $gid = "40";
- break;
- case 'CN=CarriGroup_Jamaica,OU=Carri,OU=Security Groups,DC=elephantgroup,DC=local' :
- $gid = "21";
- break;
- case 'CN=CarriGroup_FocusES,OU=Carri,OU=Security Groups,DC=elephantgroup,DC=local' :
- $gid = "12";
- break;
- case 'CN=CarriGroup_KG,OU=Carri,OU=Security Groups,DC=elephantgroup,DC=local' :
- $gid = "2";
- break;
- case 'CN=CarriGroup_SprintRetention,OU=Carri,OU=Security Groups,DC=elephantgroup,DC=local' :
- $gid = "0";
- break;
- case 'CN=CarriLevel_1,OU=Carri,OU=Security Groups,DC=EXT,DC=SAVEOLOGY,DC=COM' :
- $ulvl = "1";
- break;
- case 'CN=CarriLevel_3,OU=Carri,OU=Security Groups,DC=elephantgroup,DC=local' :
- $ulvl = "5";
- break;
- case 'CN=CarriLevel_2,OU=Carri,OU=Security Groups,DC=elephantgroup,DC=local' :
- $ulvl = "4";
- break;
- case 'CN=CarriLevel_1,OU=Carri,OU=Security Groups,DC=elephantgroup,DC=local' :
- $ulvl = "1";
- break;
- case 'Default' :
- $gid = "0"; $ulvl = "0";
- break;
- }
- }
- $MyAttribs = array("employeeid","samaccountname","displayname"); //Sets up attrib list array
- $GetAttrib = $Ldap->ldapGetAttrib($ldapuser,$MyAttribs); //Gets list of attributes from LdapQuery
- $_SESSION["user"]["userid"] = '150'; //$GetAttrib['employeeid'];
- // $_SESSION["user"]["userid"] = $GetAttrib['employeeid']; //'150';
- $_SESSION["user"]["groupid"] = $gid;
- $_SESSION["user"]["username"] = $GetAttrib['samaccountname'];
- $_SESSION["user"]["fullname"] = $GetAttrib['displayname'];
- $_SESSION["user"]["level"] = $ulvl;
- #var_dump($_SESSION["user"]);
- if ($gid == "" || $ulvl == "")
- {
- header('Location: https://carri.qologydirect.com/unauthorized.php');
- exit();
- }
- else
- {
- unset($Ldap);
- }
- //echo $_SESSION["user"]["userid"]." ".$_SESSION["user"]["groupid"]." ".$_SESSION["user"]["username"]." ".$_SESSION["user"]["fullname"]." ".$_SESSION["user"]["level"];
- //$query = "INSERT INTO Events (EventTypeID,Severity,EventName,EventDesc) VALUES (1,1,'Successful Login', '";
- //$query.= $_SESSION["user"]["fullname"] . " logged in as \\'" . $_SESSION["user"]["username"] . "\\' from " . $_SERVER["REMOTE_ADDR"] . "')";
- //mysql_query($query);
- echo "{success: true}";
- }
- if(isset($_GET["info"]))
- {
- $conn = mysql_connect($dbaddr, $dbuser, $dbpass);
- if(!$conn) die('Failed to connect: ' . mysql_error());
- @mysql_select_db("ucn", $conn) or die('Failed to select db: ' . mysql_error());
- $rs1=mysql_query("SELECT R.ContactID, R.StatusDate, C.StartDate FROM ucn.Recordings R JOIN ContactIDs C ON R.ContactID=C.ContactID WHERE R.Status&2=2 ORDER BY R.ContactID DESC LIMIT 1");
- if(!$rs1) die('rs1: Query failed. ' . mysql_error());
- $rs2=mysql_query("SELECT ContactID,StartDate FROM ucn.ContactIDs ORDER BY ContactID DESC LIMIT 1");
- if(!$rs2) die('rs1: Query failed. ' . mysql_error());
- $rs3=mysql_query("SELECT COUNT(1) FROM ucn.Recordings R WHERE Status&134=2");
- if(!$rs3) die('rs2: Query failed. ' . mysql_error());
- $rs4=mysql_query("SELECT COUNT(1) FROM ucn.Recordings R WHERE Status&3=1");
- if(!$rs4) die('rs3: Query failed. ' . mysql_error());
- $rw1=mysql_fetch_array($rs1);
- $rw2=mysql_fetch_array($rs2);
- $tc1=mysql_result($rs3,0,0);
- $tc2=mysql_result($rs4,0,0);
- #Added by TOR
- $df=shell_exec('df -h | egrep -v "Vol|tmpfs"');
- $wload=trim(shell_exec('w|grep load'));
- echo "<pre>";
- echo "$wload\n";
- echo "\n";
- echo "Newest Recording:\t" . $rw1[0] . " (" . $rw1[2] . ")\n";
- echo "Newest Contact:\t\t" . $rw2[0] . " (" . $rw2[1] . ")\n\n";
- echo "Recordings left to transcode: " . $tc1 . "\n";
- echo "Recordings left on FTP: " . $tc2 . "\n";
- echo "\n";
- echo "\n";
- echo "$df\n";
- echo "</pre>";
- }
- if(isset($_GET['recs'])) // ACLs=1
- {
- $conn = mysql_connect($dbaddr, $dbuser, $dbpass);
- $today = date('Y-m-d');
- if(!$conn) die('Failed to connect: ' . mysql_error());
- @mysql_select_db("ucn", $conn) or die('Failed to select db: ' . mysql_error());
- if(!isset($_SESSION["user"]["groupid"])) $_SESSION["user"]["groupid"]=0;
- $qs = "SELECT r.RecordingID,r.ContactID,r.Status,r.StatusDate,r.Server,r.Path, c.StartDate AS CallDate,c.SkillID,c.AgentID, a.AgentName,t.TeamName,s.SkillName, c.QueueTime, c.AgentTime";
- $qs .= " FROM Recordings r LEFT JOIN ContactIDs c ON c.ContactID=r.ContactID LEFT JOIN Agents a ON a.AgentID=c.AgentID LEFT JOIN Teams t ON t.TeamID=c.TeamID LEFT JOIN Skills s ON s.SkillID=c.SkillID WHERE 1=1";
- if(isset($_POST['cid']) && $_POST['cid']!='') $qs .= " AND r.ContactID='" . $_POST['cid'] . "'";
- if(isset($_POST['calldate']) && $_POST['calldate']!='') $qs .= " AND DATE(c.StartDate)='" . $_POST['calldate'] . "'";
- if(isset($_POST['skillids']) && $_POST['skillids']!='') $qs .= " AND c.SkillID IN (" . $_POST['skillids'] . ")";
- if(isset($_POST['aid']) && $_POST['aid']!='')
- {
- $aid = $_POST['aid'];
- if(is_numeric($aid)) $qs .= " AND c.AgentID=$aid";
- else $qs .= " AND a.AgentName LIKE '$aid%'";
- }
- if(isset($_POST['tid']) && $_POST['tid']!='')
- {
- $tid = $_POST['tid'];
- if(is_numeric($tid)) $qs .= " AND c.TeamID=$tid";
- else $qs .= " AND t.TeamName LIKE '$tid%'";
- }
- #Commented out to allow recordings with no agent attached TOR 11-10-2010
- #$qs .= " AND AgentTime>0";
- $qs .= " AND " . ApplyACLs($_SESSION["user"]["groupid"]);
- $qs .= " ORDER BY r.ContactID DESC LIMIT 500";
- $rs = mysql_query($qs);
- #var_dump($_SESSION["user"]);
- # echo $qs;
- //if(!$rs) die("Query failed [$qs]: " . mysql_error());
- #echo $qs;
- #echo mysql_num_rows($rs);
- if(!$rs) {
- die("Query failed [$qs]: " . mysql_error());
- }
- else
- {
- $clean = preg_replace("/\'|\"/", "",$qs);
- $username = $_SESSION["user"]["username"];
- $fullname = $_SESSION["user"]["fullname"];
- $query ="Insert into carri.AccessLog (UserName, FullName, Date, Details) Values ('".$username."','".$fullname."','".date('Y-m-d H:i:s')."','".$clean."');";
- mysql_query($query) or die("Query failed [$query]: " . mysql_error());
- //$query ="Insert into carri.AccessLog (UserName, FullName, Date, Details) Values ('".$_SESSION["user"]["username"]."'.'".$_SESSION["user"]["fullname"]."','".date('Y-m-d H:i:s')."','".$qs."');";
- //mysql_query($query) or die("Query failed [$query]: " . mysql_error());
- }
- $t = array();
- while($obj=mysql_fetch_object($rs)) $t[]=$obj;
- $json = new Services_JSON();
- $r['total'] = count($t);
- $r['ulvl'] = $_SESSION["user"]["level"];
- $r['unme'] = $_SESSION["user"]["username"];
- $r['data'] = $t;
- print_r($json->encode($r));
- }
- if(isset($_GET["recstats"]))
- {
- $conn = mysql_connect($dbaddr, $dbuser, $dbpass);
- if(!$conn) die('Failed to connect: ' . mysql_error());
- @mysql_select_db("ucn", $conn) or die('Failed to select db: ' . mysql_error());
- $qs = "SELECT * FROM ucn.RecordingStatus";
- $rs = mysql_query($qs);
- if(!$rs) die("Query failed [$qs]: " . mysql_error());
- $t = array();
- while($obj=mysql_fetch_object($rs)) $t[]=$obj;
- $json = new Services_JSON();
- $r['total'] = count($t);
- $r['data'] = $t;
- print_r($json->encode($r));
- }
- if(isset($_GET["skills"])) // ACLs=0
- {
- $conn = mysql_connect($dbaddr, $dbuser, $dbpass);
- if(!$conn) die('Failed to connect: ' . mysql_error());
- @mysql_select_db("ucn", $conn) or die('Failed to select db: ' . mysql_error());
- $q1 = '1=1';
- $q1 = ApplyACLs($_SESSION["user"]["groupid"]);
- $qs = "SELECT * FROM ucn.Skills c WHERE $q1 ORDER BY SkillName";
- $rs = mysql_query($qs);
- if(!$rs) die("Query failed [$qs]: " . mysql_error());
- $t = array();
- $t = array();
- $t = array();
- while($obj=mysql_fetch_object($rs)) $t[]=$obj;
- $json = new Services_JSON();
- $r['total'] = count($t);
- $r['data'] = $t;
- print_r($json->encode($r));
- }
- if(isset($_GET["agents"])) // ACLs=0
- {
- $conn = mysql_connect($dbaddr, $dbuser, $dbpass);
- if(!$conn) die('Failed to connect: ' . mysql_error());
- @mysql_select_db("ucn", $conn) or die('Failed to select db: ' . mysql_error());
- $qs = "SELECT * FROM ucn.Agents ORDER BY AgentName";
- $rs = mysql_query($qs);
- if(!$rs) die("Query failed [$qs]: " . mysql_error());
- $t = array();
- while($obj=mysql_fetch_object($rs)) $t[]=$obj;
- $json = new Services_JSON();
- $r['total'] = count($t);
- $r['data'] = $t;
- print_r($json->encode($r));
- }
- if(isset($_GET["teams"])) // ACLs=0
- {
- $conn = mysql_connect($dbaddr, $dbuser, $dbpass);
- if(!$conn) die('Failed to connect: ' . mysql_error());
- @mysql_select_db("ucn", $conn) or die('Failed to select db: ' . mysql_error());
- $qs = "SELECT * FROM ucn.Teams ORDER BY TeamName";
- $rs = mysql_query($qs);
- if(!$rs) die("Query failed [$qs]: " . mysql_error());
- $t = array();
- while($obj=mysql_fetch_object($rs)) $t[]=$obj;
- $json = new Services_JSON();
- $r['total'] = count($t);
- $r['data'] = $t;
- print_r($json->encode($r));
- }
- if(isset($_GET["events"]))
- {
- $conn = mysql_connect($dbaddr, $dbuser, $dbpass);
- if(!$conn) die('Could not connect to : ' . mysql_error());
- @mysql_select_db("carri", $conn) or die('Failed to select db: ' . mysql_error());
- $t = array();
- $rs=mysql_query("SELECT * FROM Events e ORDER BY EventDate DESC LIMIT 100");
- while($obj=mysql_fetch_object($rs)) $t[]=$obj;
- $json = new Services_JSON();
- $resarr['total'] = count($t);
- $resarr['data'] = $t;
- $output = $json->encode($resarr);
- print_r($output);
- }
- if(isset($_GET["test"]))
- {
- function get_client_ip_env() {
- $ipaddress = '';
- if (getenv('HTTP_CLIENT_IP'))
- $ipaddress = getenv('HTTP_CLIENT_IP');
- else if(getenv('HTTP_X_FORWARDED_FOR'))
- $ipaddress = getenv('HTTP_X_FORWARDED_FOR');
- else if(getenv('HTTP_X_FORWARDED'))
- $ipaddress = getenv('HTTP_X_FORWARDED');
- else if(getenv('HTTP_FORWARDED_FOR'))
- $ipaddress = getenv('HTTP_FORWARDED_FOR');
- else if(getenv('HTTP_FORWARDED'))
- $ipaddress = getenv('HTTP_FORWARDED');
- else if(getenv('REMOTE_ADDR'))
- $ipaddress = getenv('REMOTE_ADDR');
- else
- $ipaddress = 'UNKNOWN';
- return $ipaddress;
- }
- $ldaphost = "localhost"; // your ldap servers
- $ldapport = 389; // your ldap server's port number
- $ldapconn = ldap_connect($ldaphost, $ldapport);
- if($ldapconn){echo 'LDAP Connection OK! <br>';} else {echo 'LDAP Connection FAILED! <br>';}
- $ldaprdn = 'elephantgroup' . "\\" . 'tpolack';
- ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
- ldap_set_option($ldapconn, LDAP_OPT_REFERRALS, 0);
- $bind = ldap_bind($ldapconn, $ldaprdn, 'Temp1234');
- ldap_get_option($bind,LDAP_OPT_ERROR_NUMBER,$optErrorNumber);
- if (! $bind)
- {
- echo '<p>LDAP Bind FAILED!</p>';
- echo 'LDAP set options: '.ldap_error($ldapconn).'! <br>';
- echo 'LDAP error #: '.ldap_error($bind).'! <br>';
- }
- else
- {
- echo 'Client IP: '.get_client_ip_env().'! <br>';
- echo 'LDAP Bind OK! <br>';
- echo 'LDAP set options: '.ldap_error($ldapconn).'! <br>';
- echo 'User Info: '.$_SESSION["user"]["fullname"].' '.$_SESSION["user"]["username"].'! <br> ';
- }
- $conn = mysql_connect($dbaddr, $dbuser, $dbpass);
- if(!$conn) die('Could not connect to : ' . mysql_error());
- if(@mysql_select_db("carri", $conn) or die('Failed to select db: ' . mysql_error())){
- echo "Database Connected OK! <br>";
- }
- if (isset($_SESSION["user"]["groupid"]) && $_SESSION["user"]["level"] >= 5) {
- echo "GroupID: ".$_SESSION["user"]["groupid"]."<br>";
- echo "UserID: ".$_SESSION["user"]["level"]."<br>";
- echo ApplyACLs($_SESSION["user"]["groupid"])."<br>";
- $query ="Insert into carri.AccessLog (UserName, FullName, Date, Details) Values ('".$_SESSION["user"]["username"]."','".$_SESSION["user"]["fullname"]."','".date('Y-m-d H:i:s')."','".$query."');";
- mysql_query($query) or die("Query failed [$query]: " . mysql_error());
- }
- }
- function ApplyACLs($gid)
- {
- $qs = "SELECT * FROM carri.ACLs WHERE Access=1 AND GroupID=$gid ";
- $rs = mysql_query($qs); if(!$rs) die("Query failed [$qs]: " . mysql_error());
- if(mysql_numrows($rs)>0)
- {
- $tids = array(); $tstr = "";
- $cids = array(); $cstr = "";
- $sids = array(); $sstr = "";
- for($i=0;$i<mysql_numrows($rs);$i++)
- {
- $rtid = mysql_result($rs,$i,"TeamID");
- $rcid = mysql_result($rs,$i,"CampaignID");
- $rsid = mysql_result($rs,$i,"SkillID");
- if($rtid) $tids[]=$rtid;
- if($rcid) $cids[]=$rcid;
- if($rsid) $sids[]=$rsid;
- }
- foreach($tids as $t)
- {
- if($tstr) $tstr .= " OR ";
- $tstr .= "c.TeamID=$t";
- }
- foreach($cids as $c)
- {
- if($cstr) $cstr .= " OR ";
- $cstr .= "c.CampaignID=$c";
- }
- foreach($sids as $s)
- {
- if($sstr) $sstr .= " OR ";
- $sstr .= "c.SkillID=$s";
- }
- if($tstr) $tstr="($tstr)"; else $tstr="1";
- if($cstr) $cstr="($cstr)"; else $cstr="1";
- if($sstr) $sstr="($sstr)"; else $sstr="1";
- $qstr = "$tstr AND $cstr AND $sstr";
- }
- // Restriction based on Approved ContactIDs....
- $qs = "SELECT * FROM carri.ACLs WHERE Access=2 AND GroupID=$gid";
- $rs = mysql_query($qs); if(!$rs) die("Query failed [$qs]: " . mysql_error());
- if(mysql_numrows($rs)>0)
- {
- $qs = "SELECT ContactID FROM carri.Approved WHERE GroupID=$gid";
- $rs2 = mysql_query($qs); if(!$rs2) die("Query failed [$qs]: " . mysql_error());
- $cstr = "";
- for($i=0;$i<mysql_numrows($rs2);$i++)
- {
- $cid = mysql_result($rs2,$i,"ContactID");
- if($cstr) $cstr .= " OR ";
- $cstr .= "c.ContactID=$cid";
- }
- if($cstr) $cstr="($cstr)"; else $cstr="1";
- if($qstr) $qstr .= " AND $cstr"; else $qstr = $cstr;
- }
- if(!$qstr) $qstr=1;
- $qstr = "($qstr)";
- return $qstr;
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement