<?phpsession_start();require_once("json.php");require_once("config.php");

1. <?php
2. session_start();
3. require_once("json.php");
4. require_once("config.php");
5. require_once("ldapclass.php");
6. require_once('radius.class.php');
7.  
8.  
9. $debug = 0;
10. $ip_radius_server = "10.140.10.58";
11. $shared_secret = "sRNKM1X$";
12.  
13. if (isset($_POST["username"])) {
14.  
15. // Radius Handler
16. $authentication = $_POST["secret"] . $_POST["fortitoken"];
17. $radius = new Radius($ip_radius_server, $shared_secret);
18. $radius->SetNasPort(0);
19. $radius->SetNasIpAddress('1.2.3.4'); // Needed for some devices (not always auto-detected)
20. $result = $radius->AccessRequest($_POST["username"], $authentication);
21.  
22. if ($result) {
23. error_log(print_r('Authentication Accepted', TRUE));
24.  
25. $conn = mysql_connect($dbaddr, $dbuser, $dbpass);
26. if (!$conn)
27. die('Could not connect to : ' . mysql_error());
28. @mysql_select_db("carri", $conn) or die("Unable to select database.");
29.  
30. //################################# LDAP AUTHENTICATION START ###############################
31.  
32. $adServer = "localhost"; //We're forwarding ports via ssh so all connections will be on localhost
33.  
34. $username = $_POST['username'];
35. $password = $_POST['secret'];
36.  
37. $username = strtolower($username);
38.  
39. $parts = preg_split("/@/", $username);
40. switch ($parts[1]) {
41. case "sprint.com":
42. $ldapuser = $parts[0];
43. $ldapdmn = 'EXT';
44. $ldapport = 400;
45. $ldapdn = 'dc=ext,dc=saveology,dc=com';
46. break;
47. case "qdext.com":
48. $ldapuser = $parts[0];
49. $ldapdmn = 'EXT';
50. $ldapport = 400;
51. $ldapdn = 'dc=ext,dc=saveology,dc=com';
52. break;
53. default:
54. $ldapuser = $username;
55. $ldapdmn = 'ELEPHANTGROUP';
56. $ldapport = 389;
57. $ldapdn = 'dc=elephantgroup,dc=local';
58. break;
59. }
60.  
61. $Ldap = new ldapInfo;
62.  
63.  
64. $MyConn = $Ldap->ldapConnect($adServer, $ldapport, $ldapuser, $password, $ldapdmn, $ldapdn);
65.  
66.  
67. if ($MyConn == "49") {
68. // $query = "INSERT INTO Events (EventTypeID,Severity,EventName,EventDesc) VALUES (1,3,'Failed Login Attempt', 'Attempt to login as \\'";
69. // $query.= $_GET["username"] . "\\' failed (invalid password) from " . $_SERVER["REMOTE_ADDR"] . "')";
70. //echo $query;
71.  
72. //mysql_query($query);
73. echo "{success:false}";
74. error_log(print_r('Rejected at MyConn 49', TRUE));
75. header('Location: https://carri.qologydirect.com/unauthorized.php');
76. exit();
77. }
78.  
79.  
80. $AdGroups = $Ldap->ldapGetGroups();
81. //############################### LDAP AUTH DONE, GET GROUPS AND ATTRIBS ########################
82. #var_dump($AdGroups);
83. #exit;
84. foreach ($AdGroups as $value) {
85. switch ($value) {
86. case 'CN=CarriGroup_Sprint,OU=Carri,OU=Security Groups,DC=EXT,DC=SAVEOLOGY,DC=COM':
87. $gid = "40";
88. break;
89. case 'CN=CarriGroup_Default,OU=Carri,OU=Security Groups,DC=elephantgroup,DC=local':
90. $gid = "0";
91. break;
92. case 'CN=CarriGroup_Sprint,OU=External,OU=Carri,OU=Security Groups,DC=elephantgroup,DC=local':
93. $gid = "40";
94. break;
95. case 'CN=CarriGroup_Jamaica,OU=Carri,OU=Security Groups,DC=elephantgroup,DC=local':
96. $gid = "21";
97. break;
98. case 'CN=CarriGroup_FocusES,OU=Carri,OU=Security Groups,DC=elephantgroup,DC=local':
99. $gid = "12";
100. break;
101. case 'CN=CarriGroup_KG,OU=Carri,OU=Security Groups,DC=elephantgroup,DC=local':
102. $gid = "2";
103. break;
104. case 'CN=CarriGroup_SprintRetention,OU=Carri,OU=Security Groups,DC=elephantgroup,DC=local':
105. $gid = "0";
106. break;
107. case 'CN=CarriLevel_1,OU=Carri,OU=Security Groups,DC=EXT,DC=SAVEOLOGY,DC=COM':
108. $ulvl = "1";
109. break;
110. case 'CN=CarriLevel_3,OU=Carri,OU=Security Groups,DC=elephantgroup,DC=local':
111. $ulvl = "5";
112. break;
113. case 'CN=CarriLevel_2,OU=Carri,OU=Security Groups,DC=elephantgroup,DC=local':
114. $ulvl = "4";
115. break;
116. case 'CN=CarriLevel_1,OU=Carri,OU=Security Groups,DC=elephantgroup,DC=local':
117. $ulvl = "1";
118. break;
119. case 'Default':
120. $gid = "0";
121. $ulvl = "0";
122. break;
123. }
124. }
125. $MyAttribs = array(
126. "employeeid",
127. "samaccountname",
128. "displayname"
129. ); //Sets up attrib list array
130. $GetAttrib = $Ldap->ldapGetAttrib($ldapuser, $MyAttribs); //Gets list of attributes from LdapQuery
131.  
132. $_SESSION["user"]["userid"] = '150'; //$GetAttrib['employeeid'];
133. // $_SESSION["user"]["userid"] = $GetAttrib['employeeid']; //'150';
134. $_SESSION["user"]["groupid"] = $gid;
135. $_SESSION["user"]["username"] = $GetAttrib['samaccountname'];
136. $_SESSION["user"]["fullname"] = $GetAttrib['displayname'];
137. $_SESSION["user"]["level"] = $ulvl;
138.  
139. #var_dump($_SESSION["user"]);
140.  
141. if ($gid == "" || $ulvl == "") {
142. error_log(print_r('Rejected at gid or ulvl', TRUE));
143. header('Location: https://carri.qologydirect.com/unauthorized.php');
144. exit();
145. } else {
146. unset($Ldap);
147. }
148.  
149. } else {
150. error_log(print_r('Authentication Rejected', TRUE));
151. echo "{success:false}";
152. exit();
153. }
154.  
155.  
156. //echo $_SESSION["user"]["userid"]." ".$_SESSION["user"]["groupid"]." ".$_SESSION["user"]["username"]." ".$_SESSION["user"]["fullname"]." ".$_SESSION["user"]["level"];
157. //$query = "INSERT INTO Events (EventTypeID,Severity,EventName,EventDesc) VALUES (1,1,'Successful Login', '";
158. //$query.= $_SESSION["user"]["fullname"] . " logged in as \\'" . $_SESSION["user"]["username"] . "\\' from " . $_SERVER["REMOTE_ADDR"] . "')";
159. //mysql_query($query);
160. echo "{success: true}";
161.  
162. }
163.  
164. if (isset($_GET["info"])) {
165. $conn = mysql_connect($dbaddr, $dbuser, $dbpass);
166. if (!$conn)
167. die('Failed to connect: ' . mysql_error());
168. @mysql_select_db("ucn", $conn) or die('Failed to select db: ' . mysql_error());
169.  
170. $rs1 = mysql_query("SELECT R.ContactID, R.StatusDate, C.StartDate FROM ucn.Recordings R JOIN ContactIDs C ON R.ContactID=C.ContactID WHERE R.Status&2=2 ORDER BY R.ContactID DESC LIMIT 1");
171. if (!$rs1)
172. die('rs1: Query failed. ' . mysql_error());
173. $rs2 = mysql_query("SELECT ContactID,StartDate FROM ucn.ContactIDs ORDER BY ContactID DESC LIMIT 1");
174. if (!$rs2)
175. die('rs1: Query failed. ' . mysql_error());
176.  
177. $rs3 = mysql_query("SELECT COUNT(1) FROM ucn.Recordings R WHERE Status&134=2");
178. if (!$rs3)
179. die('rs2: Query failed. ' . mysql_error());
180. $rs4 = mysql_query("SELECT COUNT(1) FROM ucn.Recordings R WHERE Status&3=1");
181. if (!$rs4)
182. die('rs3: Query failed. ' . mysql_error());
183.  
184. $rw1 = mysql_fetch_array($rs1);
185. $rw2 = mysql_fetch_array($rs2);
186. $tc1 = mysql_result($rs3, 0, 0);
187. $tc2 = mysql_result($rs4, 0, 0);
188.  
189. #Added by TOR
190. $df = shell_exec('df -h | egrep -v "Vol|tmpfs"');
191. $wload = trim(shell_exec('w|grep load'));
192.  
193. echo "<pre>";
194. echo "$wload\n";
195. echo "\n";
196. echo "Newest Recording:\t" . $rw1[0] . " (" . $rw1[2] . ")\n";
197. echo "Newest Contact:\t\t" . $rw2[0] . " (" . $rw2[1] . ")\n\n";
198. echo "Recordings left to transcode: " . $tc1 . "\n";
199. echo "Recordings left on FTP: " . $tc2 . "\n";
200. echo "\n";
201. echo "\n";
202. echo "$df\n";
203. echo "</pre>";
204. }
205.  
206. if (isset($_GET['recs'])) // ACLs=1
207. {
208. $conn = mysql_connect($dbaddr, $dbuser, $dbpass);
209. $today = date('Y-m-d');
210. if (!$conn)
211. die('Failed to connect: ' . mysql_error());
212. @mysql_select_db("ucn", $conn) or die('Failed to select db: ' . mysql_error());
213.  
214. if (!isset($_SESSION["user"]["groupid"]))
215. $_SESSION["user"]["groupid"] = 0;
216.  
217. $qs = "SELECT r.RecordingID,r.ContactID,r.Status,r.StatusDate,r.Server,r.Path, c.StartDate AS CallDate,c.SkillID,c.AgentID, a.AgentName,t.TeamName,s.SkillName, c.QueueTime, c.AgentTime";
218. $qs .= " FROM Recordings r LEFT JOIN ContactIDs c ON c.ContactID=r.ContactID LEFT JOIN Agents a ON a.AgentID=c.AgentID LEFT JOIN Teams t ON t.TeamID=c.TeamID LEFT JOIN Skills s ON s.SkillID=c.SkillID WHERE 1=1";
219. if (isset($_POST['cid']) && $_POST['cid'] != '')
220. $qs .= " AND r.ContactID='" . $_POST['cid'] . "'";
221. if (isset($_POST['calldate']) && $_POST['calldate'] != '')
222. $qs .= " AND DATE(c.StartDate)='" . $_POST['calldate'] . "'";
223. if (isset($_POST['skillids']) && $_POST['skillids'] != '')
224. $qs .= " AND c.SkillID IN (" . $_POST['skillids'] . ")";
225. if (isset($_POST['aid']) && $_POST['aid'] != '') {
226. $aid = $_POST['aid'];
227. if (is_numeric($aid))
228. $qs .= " AND c.AgentID=$aid";
229. else
230. $qs .= " AND a.AgentName LIKE '$aid%'";
231. }
232. if (isset($_POST['tid']) && $_POST['tid'] != '') {
233. $tid = $_POST['tid'];
234. if (is_numeric($tid))
235. $qs .= " AND c.TeamID=$tid";
236. else
237. $qs .= " AND t.TeamName LIKE '$tid%'";
238. }
239. #Commented out to allow recordings with no agent attached TOR 11-10-2010
240. #$qs .= " AND AgentTime>0";
241. $qs .= " AND " . ApplyACLs($_SESSION["user"]["groupid"]);
242. $qs .= " ORDER BY r.ContactID DESC LIMIT 500";
243.  
244. $rs = mysql_query($qs);
245.  
246. #var_dump($_SESSION["user"]);
247. # echo $qs;
248.  
249. //if(!$rs) die("Query failed [$qs]: " . mysql_error());
250. #echo $qs;
251. #echo mysql_num_rows($rs);
252.  
253. if (!$rs) {
254. die("Query failed [$qs]: " . mysql_error());
255. } else {
256. $clean = preg_replace("/\'|\"/", "", $qs);
257. $username = $_SESSION["user"]["username"];
258. $fullname = $_SESSION["user"]["fullname"];
259. $query = "Insert into carri.AccessLog (UserName, FullName, Date, Details) Values ('" . $username . "','" . $fullname . "','" . date('Y-m-d H:i:s') . "','" . $clean . "');";
260. mysql_query($query) or die("Query failed [$query]: " . mysql_error());
261.  
262. //$query ="Insert into carri.AccessLog (UserName, FullName, Date, Details) Values ('".$_SESSION["user"]["username"]."'.'".$_SESSION["user"]["fullname"]."','".date('Y-m-d H:i:s')."','".$qs."');";
263. //mysql_query($query) or die("Query failed [$query]: " . mysql_error());
264. }
265.  
266. $t = array();
267. while ($obj = mysql_fetch_object($rs))
268. $t[] = $obj;
269. $json = new Services_JSON();
270. $r['total'] = count($t);
271. $r['ulvl'] = $_SESSION["user"]["level"];
272. $r['unme'] = $_SESSION["user"]["username"];
273. $r['data'] = $t;
274. print_r($json->encode($r));
275. }
276.  
277.  
278. if (isset($_GET["recstats"])) {
279. $conn = mysql_connect($dbaddr, $dbuser, $dbpass);
280. if (!$conn)
281. die('Failed to connect: ' . mysql_error());
282. @mysql_select_db("ucn", $conn) or die('Failed to select db: ' . mysql_error());
283.  
284. $qs = "SELECT * FROM ucn.RecordingStatus";
285. $rs = mysql_query($qs);
286. if (!$rs)
287. die("Query failed [$qs]: " . mysql_error());
288.  
289. $t = array();
290. while ($obj = mysql_fetch_object($rs))
291. $t[] = $obj;
292. $json = new Services_JSON();
293. $r['total'] = count($t);
294. $r['data'] = $t;
295. print_r($json->encode($r));
296. }
297.  
298.  
299. if (isset($_GET["skills"])) // ACLs=0
300. {
301. $conn = mysql_connect($dbaddr, $dbuser, $dbpass);
302. if (!$conn)
303. die('Failed to connect: ' . mysql_error());
304. @mysql_select_db("ucn", $conn) or die('Failed to select db: ' . mysql_error());
305.  
306. $q1 = '1=1';
307.  
308. $q1 = ApplyACLs($_SESSION["user"]["groupid"]);
309. $qs = "SELECT * FROM ucn.Skills c WHERE $q1 ORDER BY SkillName";
310. $rs = mysql_query($qs);
311. if (!$rs)
312. die("Query failed [$qs]: " . mysql_error());
313.  
314. $t = array();
315. $t = array();
316. $t = array();
317. while ($obj = mysql_fetch_object($rs))
318. $t[] = $obj;
319. $json = new Services_JSON();
320. $r['total'] = count($t);
321. $r['data'] = $t;
322. print_r($json->encode($r));
323. }
324.  
325.  
326. if (isset($_GET["agents"])) // ACLs=0
327. {
328. $conn = mysql_connect($dbaddr, $dbuser, $dbpass);
329. if (!$conn)
330. die('Failed to connect: ' . mysql_error());
331. @mysql_select_db("ucn", $conn) or die('Failed to select db: ' . mysql_error());
332.  
333. $qs = "SELECT * FROM ucn.Agents ORDER BY AgentName";
334. $rs = mysql_query($qs);
335. if (!$rs)
336. die("Query failed [$qs]: " . mysql_error());
337.  
338. $t = array();
339. while ($obj = mysql_fetch_object($rs))
340. $t[] = $obj;
341. $json = new Services_JSON();
342. $r['total'] = count($t);
343. $r['data'] = $t;
344. print_r($json->encode($r));
345. }
346. if (isset($_GET["teams"])) // ACLs=0
347. {
348. $conn = mysql_connect($dbaddr, $dbuser, $dbpass);
349. if (!$conn)
350. die('Failed to connect: ' . mysql_error());
351. @mysql_select_db("ucn", $conn) or die('Failed to select db: ' . mysql_error());
352.  
353. $qs = "SELECT * FROM ucn.Teams ORDER BY TeamName";
354. $rs = mysql_query($qs);
355. if (!$rs)
356. die("Query failed [$qs]: " . mysql_error());
357.  
358. $t = array();
359. while ($obj = mysql_fetch_object($rs))
360. $t[] = $obj;
361. $json = new Services_JSON();
362. $r['total'] = count($t);
363. $r['data'] = $t;
364. print_r($json->encode($r));
365. }
366. if (isset($_GET["events"])) {
367. $conn = mysql_connect($dbaddr, $dbuser, $dbpass);
368. if (!$conn)
369. die('Could not connect to : ' . mysql_error());
370. @mysql_select_db("carri", $conn) or die('Failed to select db: ' . mysql_error());
371. $t = array();
372. $rs = mysql_query("SELECT * FROM Events e ORDER BY EventDate DESC LIMIT 100");
373. while ($obj = mysql_fetch_object($rs))
374. $t[] = $obj;
375. $json = new Services_JSON();
376. $resarr['total'] = count($t);
377. $resarr['data'] = $t;
378. $output = $json->encode($resarr);
379. print_r($output);
380. }
381.  
382. if (isset($_GET["test"])) {
383. function get_client_ip_env()
384. {
385. $ipaddress = '';
386. if (getenv('HTTP_CLIENT_IP'))
387. $ipaddress = getenv('HTTP_CLIENT_IP');
388. else if (getenv('HTTP_X_FORWARDED_FOR'))
389. $ipaddress = getenv('HTTP_X_FORWARDED_FOR');
390. else if (getenv('HTTP_X_FORWARDED'))
391. $ipaddress = getenv('HTTP_X_FORWARDED');
392. else if (getenv('HTTP_FORWARDED_FOR'))
393. $ipaddress = getenv('HTTP_FORWARDED_FOR');
394. else if (getenv('HTTP_FORWARDED'))
395. $ipaddress = getenv('HTTP_FORWARDED');
396. else if (getenv('REMOTE_ADDR'))
397. $ipaddress = getenv('REMOTE_ADDR');
398. else
399. $ipaddress = 'UNKNOWN';
400.  
401. return $ipaddress;
402. }
403.  
404.  
405.  
406. $ldaphost = "localhost"; // your ldap servers
407. $ldapport = 389; // your ldap server's port number
408. $ldapconn = ldap_connect($ldaphost, $ldapport);
409.  
410. if ($ldapconn) {
411. echo 'LDAP Connection OK! <br>';
412. } else {
413. echo 'LDAP Connection FAILED! <br>';
414. }
415.  
416. $ldaprdn = 'elephantgroup' . "\\" . 'tpolack';
417.  
418. ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
419. ldap_set_option($ldapconn, LDAP_OPT_REFERRALS, 0);
420.  
421. $bind = ldap_bind($ldapconn, $ldaprdn, 'Temp1234');
422.  
423. ldap_get_option($bind, LDAP_OPT_ERROR_NUMBER, $optErrorNumber);
424.  
425. if (!$bind) {
426. echo '<p>LDAP Bind FAILED!</p>';
427. echo 'LDAP set options: ' . ldap_error($ldapconn) . '! <br>';
428. echo 'LDAP error #: ' . ldap_error($bind) . '! <br>';
429. } else {
430. echo 'Client IP: ' . get_client_ip_env() . '! <br>';
431. echo 'LDAP Bind OK! <br>';
432. echo 'LDAP set options: ' . ldap_error($ldapconn) . '! <br>';
433. echo 'User Info: ' . $_SESSION["user"]["fullname"] . ' ' . $_SESSION["user"]["username"] . '! <br> ';
434. }
435.  
436. $conn = mysql_connect($dbaddr, $dbuser, $dbpass);
437. if (!$conn)
438. die('Could not connect to : ' . mysql_error());
439. if (@mysql_select_db("carri", $conn) or die('Failed to select db: ' . mysql_error())) {
440. echo "Database Connected OK! <br>";
441.  
442. }
443. if (isset($_SESSION["user"]["groupid"]) && $_SESSION["user"]["level"] >= 5) {
444. echo "GroupID: " . $_SESSION["user"]["groupid"] . "<br>";
445. echo "UserID: " . $_SESSION["user"]["level"] . "<br>";
446. echo ApplyACLs($_SESSION["user"]["groupid"]) . "<br>";
447.  
448. $query = "Insert into carri.AccessLog (UserName, FullName, Date, Details) Values ('" . $_SESSION["user"]["username"] . "','" . $_SESSION["user"]["fullname"] . "','" . date('Y-m-d H:i:s') . "','" . $query . "');";
449. mysql_query($query) or die("Query failed [$query]: " . mysql_error());
450. }
451. }
452.  
453. function ApplyACLs($gid)
454. {
455. $qs = "SELECT * FROM carri.ACLs WHERE Access=1 AND GroupID=$gid ";
456. $rs = mysql_query($qs);
457. if (!$rs)
458. die("Query failed [$qs]: " . mysql_error());
459. if (mysql_numrows($rs) > 0) {
460. $tids = array();
461. $tstr = "";
462. $cids = array();
463. $cstr = "";
464. $sids = array();
465. $sstr = "";
466. for ($i = 0; $i < mysql_numrows($rs); $i++) {
467. $rtid = mysql_result($rs, $i, "TeamID");
468. $rcid = mysql_result($rs, $i, "CampaignID");
469. $rsid = mysql_result($rs, $i, "SkillID");
470. if ($rtid)
471. $tids[] = $rtid;
472. if ($rcid)
473. $cids[] = $rcid;
474. if ($rsid)
475. $sids[] = $rsid;
476. }
477. foreach ($tids as $t) {
478. if ($tstr)
479. $tstr .= " OR ";
480. $tstr .= "c.TeamID=$t";
481. }
482. foreach ($cids as $c) {
483. if ($cstr)
484. $cstr .= " OR ";
485. $cstr .= "c.CampaignID=$c";
486. }
487. foreach ($sids as $s) {
488. if ($sstr)
489. $sstr .= " OR ";
490. $sstr .= "c.SkillID=$s";
491. }
492. if ($tstr)
493. $tstr = "($tstr)";
494. else
495. $tstr = "1";
496. if ($cstr)
497. $cstr = "($cstr)";
498. else
499. $cstr = "1";
500. if ($sstr)
501. $sstr = "($sstr)";
502. else
503. $sstr = "1";
504. $qstr = "$tstr AND $cstr AND $sstr";
505. }
506. // Restriction based on Approved ContactIDs....
507. $qs = "SELECT * FROM carri.ACLs WHERE Access=2 AND GroupID=$gid";
508. $rs = mysql_query($qs);
509. if (!$rs)
510. die("Query failed [$qs]: " . mysql_error());
511. if (mysql_numrows($rs) > 0) {
512. $qs = "SELECT ContactID FROM carri.Approved WHERE GroupID=$gid";
513. $rs2 = mysql_query($qs);
514. if (!$rs2)
515. die("Query failed [$qs]: " . mysql_error());
516. $cstr = "";
517. for ($i = 0; $i < mysql_numrows($rs2); $i++) {
518. $cid = mysql_result($rs2, $i, "ContactID");
519. if ($cstr)
520. $cstr .= " OR ";
521. $cstr .= "c.ContactID=$cid";
522. }
523. if ($cstr)
524. $cstr = "($cstr)";
525. else
526. $cstr = "1";
527. if ($qstr)
528. $qstr .= " AND $cstr";
529. else
530. $qstr = $cstr;
531. }
532. if (!$qstr)
533. $qstr = 1;
534. $qstr = "($qstr)";
535. return $qstr;
536. }
537.  
538. ?>