| [ PHPXref.com ] | [ Generated: Sun Jul 20 19:05:01 2008 ] | [ OneOrZero 1.6.3 ] |
| [ Index ] [ Variables ] [ Functions ] [ Classes ] [ Constants ] [ Statistics ] | ||
[Summary view] [Print] [Text view]
1 <?php 2 3 4 /** 5 * file: common.php 6 * 7 * This file contains common functions for the helpdesk program. 8 * 9 /*************************************************************************** 10 * This program is free software; you can redistribute it and/or 11 * modify it under the terms of the GNU General Public 12 * License as published by the Free Software Foundation; either 13 * version 2.1 of the License, or (at your option) any later version. 14 * 15 * This program is distributed in the hope that it will be useful, 16 * but WITHOUT ANY WARRANTY; without even the implied warranty of 17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 18 * General Public License for more details. 19 * 20 * You should have received a copy of the GNU General Public 21 * License along with This program; if not, write to: 22 * Free Software Foundation, Inc. 23 * 59 Temple Place 24 * Suite 330 25 * Boston, MA 02111-1307 USA 26 * 27 * Copyright 2005 One or Zero 28 * info@oneorzero.com 29 * http://www.oneorzero.com 30 * Developers: OneOrZero Team / Contributors: OneOrZero Community 31 ****************************************************************************/ 32 33 ///** 34 //* function getVariables(): 35 //* Takes no arguments. Gets the variables out of the settings table and returns them as an array. 36 //*/ 37 //function getVariables() { 38 // global $settings_table, $db; 39 // 40 // $sql = "select * from $settings_table"; 41 // $result = $db->query($sql); 42 // $row = $db->fetch_array($result); 43 // 44 // return $row; 45 //} 46 47 /** 48 * function isEmpty(): 49 * Takes a table name as an argument. Selects everything from that table. Returns true if the number 50 * of rows is greater than 0, otherwise false. 51 */ 52 function isEmpty($table) 53 { 54 global $db; 55 56 $sql= "select * from $table"; 57 $result= $db->query($sql); 58 $num_rows= $db->num_rows($result); 59 60 if ($num_rows > 0) 61 { 62 return false; 63 } 64 else 65 { 66 return true; 67 } 68 } 69 70 /** 71 * function checkPassword(): 72 * Takes two arguments, both strings. If strings are equal to each other, return boolean true. Else, 73 * return boolean false. 74 */ 75 function checkPwd($pwd1, $pwd2) 76 { 77 if ($pwd1 == $pwd2) 78 return true; 79 else 80 return false; 81 } 82 83 /** 84 * function userExists(): 85 * Takes one string as an argument. Queries the user table and returns true if the user name is found. 86 * Else, returns false. 87 */ 88 function userExists($name) 89 { 90 global $users_table, $db; 91 92 $sql= "select user_name from $users_table where user_name='$name'"; 93 $result= $db->query($sql); 94 $num_rows= $db->num_rows($result); 95 96 if ($num_rows != 0) 97 return true; 98 else 99 return false; 100 } 101 102 /** 103 * function isCookieSet(): 104 * Takes no arguments. Returns boolean true or false if the presence of the cookie is detected. 105 * References checkUser(); 106 */ 107 function isCookieSet() 108 { 109 if (checkUser($_SESSION["user"], $_SESSION["enc_pwd"]) && $_SESSION["user"] != '') 110 return true; 111 else 112 return false; 113 } 114 115 /** 116 * function checkUser(): 117 * Takes two string arguments. Name is the user name, pwd is the md5 encoded password. Connects to the 118 * database and checks to see if the specified user exists. If so, the password in the database is 119 * compared to the pwd argument. If those match, then return boolean true. All other cases, return boolean 120 * false. 121 * References checkPassword(), connect(), disconnect(); 122 */ 123 // Brilliant LDAP Hack Modified Line 124 //function checkUser($name, $pwd) { 125 function checkUserDB($name, $pwd) 126 { 127 global $users_table, $db; 128 // compare $name to what's in the database. 129 // return true if the name is found in the database and the password matches. 130 131 $sql= "select * from ".$users_table." where user_name='".$name."'"; 132 $result= $db->query($sql); 133 $num_rows= $db->num_rows($result); 134 135 if ($num_rows != 1) 136 return false; 137 138 $row= $db->fetch_array($result); 139 140 if (!checkPwd($pwd, $row['password'])) 141 return false; 142 143 if ($row[user] == 0 && $name != '' and $row[viewer] != 1) 144 { 145 require_once "common/style.php"; 146 printerror("Your account is not active."); 147 exit; 148 } 149 150 // if user the password for the given user is correct, return true 151 return true; 152 } 153 154 //Brilliant LDAP Hack Start 155 function checkUserLDAP($name, $pwd) 156 { 157 global $users_table, $db; 158 global $ldap_host, $ldap_binddn, $ldap_bindpwd, $ldap_rootdn, $ldap_searchattr; 159 global $ldap_fname, $ldap_lname, $ldap_uname, $ldap_email_add, $pass, $ldap_office, $ldap_phone, $ldap_context, $ldap_default_level, $default_theme, $helpdesk_name; 160 global $lang_err_modfname, $lang_err_modlname, $lang_err_modemail, $lang_err_crefname, $lang_err_crelname, $lang_err_creemail, $lang_err_noauth, $lang_err_nopass, $lang_err_nouser, $lang_err_nosearch, $lang_err_nobind; 161 162 //compare $name to what's in the database. 163 //return true if the name is found in the database and the password matches. 164 165 $sql= "select * from ".$users_table." where user_name='".$name."'"; 166 $result= $db->query($sql); 167 $num_rows= $db->num_rows($result); 168 169 $row= $db->fetch_array($result); 170 171 $ldapconn= ldap_connect($ldap_host); 172 if (!$ldapconn) 173 { 174 if (isset ($_POST[login])) 175 { 176 require_once "common/style.php"; 177 printerror($lang_err_noconnect); 178 } 179 180 return false; 181 } 182 $ldapbind= @ ldap_bind($ldapconn, $ldap_binddn, $ldap_bindpwd); 183 if (!$ldapbind) 184 { 185 ldap_close($ldapconn); 186 if (isset ($_POST[login])) 187 { 188 require_once "common/style.php"; 189 printerror($lang_err_nobind); 190 } 191 return false; 192 } 193 $filter= "($ldap_searchattr=$name)"; 194 $justthese= array ($ldap_fname, $ldap_lname, $ldap_uname, $ldap_email_add, $ldap_office, $ldap_phone, $ldap_context); 195 196 $sr= ldap_search($ldapconn, $ldap_rootdn, $filter, $justthese); 197 if (!sr) 198 { 199 ldap_close($ldapconn); 200 if (isset ($_POST[login])) 201 { 202 require_once "common/style.php"; 203 printerror($lang_err_nosearch); 204 } 205 return false; 206 } 207 $info= ldap_get_entries($ldapconn, $sr); 208 if ($info["count"] < 1) 209 { 210 ldap_close($ldapconn); 211 if (isset ($_POST[login])) 212 { 213 require_once "common/style.php"; 214 printerror($lang_err_nouser); 215 } 216 return false; 217 } 218 if (!isset ($pwd) || $pwd == '') 219 { 220 ldap_close($ldapconn); 221 if (isset ($_POST[login])) 222 { 223 require_once "common/style.php"; 224 printerror($lang_err_nopass); 225 } 226 return false; 227 } 228 if ($auth_method == 'AD'){ 229 $userbind = $name."@".ldap_domain; 230 }else 231 $userbind= $info[0]["$ldap_context"]; 232 if (!@ ldap_bind($ldapconn, $userbind, $pwd)) 233 { 234 ldap_close($ldapconn); 235 if (isset ($_POST[login])) 236 { 237 require_once "common/style.php"; 238 printerror($lang_err_noauth); 239 } 240 return false; 241 } 242 $fname= $info[0]["$ldap_fname"][0]; 243 $lname= $info[0]["$ldap_lname"][0]; 244 $uname= $info[0]["$ldap_uname"][0]; 245 $email_add= $info[0]["$ldap_email_add"][0]; 246 $pass= md5($_SESSION[enc_pwd]); 247 $office= $info[0]["$ldap_office"][0]; 248 $phone= $info[0]["$ldap_phone"][0]; 249 250 if ($num_rows != 1) 251 { 252 253 if (isset ($fname) && isset ($lname) && isset ($uname) && isset ($email_add) && $fname != "" && $lname != "" && $uname != "" && $email_add != "") 254 { 255 256 // Insert the user info into the OZH DB 257 $sql= "insert into $users_table values(NULL,'".$fname."','".$lname."','".$uname."','".$email_add."','','".$pass."','".$office."','".$phone."',1,1,0,0,'".$default_theme."','','','','','',0,'English',0,'')"; 258 $result= $db->query($sql); 259 260 // Populates the result var with the new datas.... 261 $sql= "select * from ".$users_table." where user_name='".$name."'"; 262 $result= $db->query($sql); 263 $row= $db->fetch_array($result); 264 } 265 else 266 { 267 require_once "common/style.php"; 268 if (!isset ($fname)) 269 printerror($lang_err_crefname); 270 if (!isset ($lname)) 271 printerror($lang_err_crelname); 272 if (!isset ($email_add)) 273 printerror($lang_err_creemail); 274 return false; 275 } 276 } 277 if ($num_rows == 1) 278 { 279 280 if (isset ($fname) && isset ($lname) && isset ($uname) && isset ($email_add) && $fname != "" && $lname != "" && $uname != "" && $email_add != "") 281 { 282 283 // Update the user info into the OZH DB 284 $sql= "update $users_table set first_name='".$fname."',last_name='".$lname."',user_name='".$uname."',email='".$email_add."',password='".$pass."',office='".$office."',phone='".$phone."' where user_name='".$name."'"; 285 $result= $db->query($sql); 286 287 // Populates the result var with the new datas.... 288 $sql= "select * from ".$users_table." where user_name='".$name."'"; 289 $result= $db->query($sql); 290 $row= $db->fetch_array($result); 291 } 292 else 293 { 294 require_once "common/style.php"; 295 if (!isset ($fname)) 296 printerror($lang_err_modfname); 297 if (!isset ($lname)) 298 printerror($lang_err_modlname); 299 if (!isset ($email_add)) 300 printerror($lang_err_modemail); 301 return false; 302 } 303 } 304 ldap_close($ldapconn); 305 306 if ($row[user] == 0 && $name != '') 307 { 308 require_once "common/style.php"; 309 printerror("Your account is not active."); 310 exit; 311 } 312 313 //if user the password for the given user is correct, return true 314 return true; 315 316 } 317 function getMD5() 318 { 319 global $auth_method, $pass; 320 if ($auth_method == "LDAP" || "AD") 321 $pass= $_POST[password]; 322 if ($auth_method == "DB") 323 $pass= md5($_POST[password]); 324 325 return $pass; 326 } 327 328 function checkUser($name, $pwd) 329 { 330 global $auth_method; 331 332 switch ($auth_method) 333 { 334 case "DB" : 335 return checkUserDB($name, $pwd); 336 break; 337 338 case "LDAP": 339 return checkUserLDAP($name, $pwd); 340 break; 341 case "AD": 342 return checkUserLDAP($name, $pwd); 343 break; 344 } 345 346 return false; 347 348 } 349 // Brilliant LDAP Hack Stop 350 /** 351 * function getTotalUsers(): 352 * Takes no arguments. Queries the user table and returns the number of different users there are as 353 * an integer value. 354 */ 355 function getTotalUsers() 356 { 357 global $users_table, $db; 358 359 $sql= "select id from $users_table"; 360 $result= $db->query($sql); 361 //$row = $db->fetch_array($result); 362 $total_users= $db->num_rows($result); 363 364 return $total_users; 365 } 366 367 //Brilliant LDAP Hack Start 368 function encPwd($pwd) 369 { 370 global $auth_type; 371 372 if ($auth_type == "ldap") 373 return $pwd; 374 375 return md5($pwd); 376 } 377 //Brilliant LDAP Hack Stop 378 /** 379 * function getTotalAdmins(): 380 * Takes no arguments. Queries the user table and returns the number of different users there are as 381 * an integer value. 382 */ 383 function getTotalAdmins() 384 { 385 global $users_table, $db; 386 387 $sql= "select id from $users_table where admin=1"; 388 $result= $db->query($sql); 389 //$row = $db->fetch_array($result); 390 $num_admins= $db->num_rows($result); 391 392 return $num_admins; 393 } 394 395 /** 396 * function getTotalSupporters(): 397 * Takes no arguments. Queries the user table and returns the number of different users there are as 398 * an integer value. 399 */ 400 function getTotalSupporters() 401 { 402 global $users_table, $db; 403 404 $sql= "select id from $users_table where supporter=1"; 405 $result= $db->query($sql); 406 //$row = $db->fetch_array($result); 407 $num_supps= $db->num_rows($result); 408 409 return $num_supps; 410 } 411 412 /** 413 * function getUserInfo(): 414 * Takes one integer value as an input. Queries the user table and returns an array containing all of 415 * the information that the database contains about the user with the id specified. 416 */ 417 function getUserInfo($id) 418 { 419 global $users_table, $db; 420 421 $sql= "select * from $users_table where id=$id"; 422 $result= $db->query($sql); 423 $row= $db->fetch_array($result); 424 425 return $row; 426 } 427 428 /** 429 * function listMembers(): 430 * Takes a user id and a category as an input. The category determines whether the data is queried 431 * from all users or from only supporters. It simply lists the members of the particular group along 432 * with a link to delete that particular user. 433 */ 434 function listMembers($id, $cat) 435 { 436 global $sgroups_table, $ugroups_table, $db, $lang_delete, $table_prefix; 437 438 if ($cat == 'users') 439 $group_table= $table_prefix."ugroup".$id; 440 if ($cat == 'supporters') 441 $group_table= $table_prefix."sgroup".$id; 442 443 $sql= "select * from $group_table where user_name != 'support_pool' order by user_name asc"; 444 $result= $db->query($sql); 445 446 echo "<tr><td class=back>"; 447 while ($row= $db->fetch_array($result)) 448 { 449 echo "<LI>"; 450 echo " $row[2] "; 451 if ($cat == 'users') 452 echo "<a href=control.php?t=users&act=uopt&table=$group_table&rm=delete&gid=$row[0]&g=$id>$lang_delete</a>?</LI>"; 453 if ($cat == 'supporters') 454 echo "<a href=control.php?t=users&act=sopt&table=$group_table&rm=delete&gid=$row[0]&g=$id>$lang_delete</a>?</LI>"; 455 } 456 457 echo "</td></tr>"; 458 } 459 460 /** 461 * function getAnnouncements(): 462 * Takes no arguments. Prints out the announcements from the announcement table in the database in 463 * an easy to read format. 464 */ 465 function getAnnouncements($flag) 466 { 467 global $announcements_limit, $announcement_table, $a, $db, $lang_delete, $lang_edit, $lang_dateformat; 468 if ($a == 1) 469 { 470 $sql= "select * from $announcement_table order by id desc"; 471 } 472 else 473 { 474 $sql= "select * from $announcement_table order by id desc limit $announcements_limit"; 475 } 476 477 $result= $db->query($sql); 478 $i= 0; 479 480 if ($flag == 'user' || $flag == 'supporter') 481 { 482 while ($row= $db->fetch_array($result)) 483 { 484 echo "\n<td class=date><b>".date("$lang_dateformat G:i", $row[1])."</b>"; 485 if ($i == $announcements_limit -1) 486 { 487 echo "<a name=place></a>"; 488 } 489 490 echo "\n</td></tr>"; 491 echo "\n<tr><td class=back2> ".nl2br($row[2])."\n</td></tr>"; 492 $i ++; 493 } 494 } 495 496 if ($flag == 'admin') 497 { 498 while ($row= $db->fetch_array($result)) 499 { 500 echo "<td class=date><b>".date("$lang_dateformat G:i", $row[1])."</b>"; 501 if ($i == $announcements_limit -1) 502 { 503 echo "<a name=place></a>"; 504 } 505 echo " "; 506 echo "<a href=\"index.php?t=delete&id=$row[0]\">$lang_delete</a>"; 507 508 echo ", <a href=\"index.php?m=update&id=$row[0]\">"; 509 echo " $lang_edit</a>?"; 510 511 echo "</td></tr>"; 512 echo "<tr><td class=back2> ".nl2br($row[2])."</td></tr>"; 513 $i ++; 514 } 515 } 516 } 517 518 /** 519 * function getUserList(): 520 * Takes a sting, integer, and string as inputs. The order variable contains the keyword which 521 * determines the order in which the users are listed. Offset is the variable that is passed around which 522 * helps determine what position we are at in the database (makes Next/Previous buttons work the way they 523 * should). Group variable signifies whether we are querying all users or just supporters. This function 524 * prints out the table with options to edit/delte/and view history links. 525 */ 526 function getUserList($order, $offset, $group) 527 { 528 global $users_table, $users_limit, $db, $admin_site_url, $lang_email, $lang_office, $lang_realname, $lang_username, $lang_infoforuser, $lang_edit, $lang_delete, $lang_stats; 529 530 if (!isset ($offset)) 531 $offset= 0; 532 533 $low= $offset; 534 // if the group is only supporters, grab only information about supporters and not all users. 535 if ($group == "admins") 536 { 537 switch ($order) 538 { 539 case ("user_name") : 540 $sql= "select * from $users_table where admin=1 and user_name != 'support_pool' order by user_name asc limit $low, $users_limit"; 541 break; 542 case ("office") : 543 $sql= "select * from $users_table where admin=1 and user_name != 'support_pool' order by office, user_name asc limit $low, $users_limit"; 544 break; 545 default : 546 $sql= "select * from $users_table where admin=1 and user_name != 'support_pool' order by id asc limit $low, $users_limit"; 547 break; 548 } 549 } 550 551 if ($group == "supporters") 552 { 553 switch ($order) 554 { 555 case ("user_name") : 556 $sql= "select * from $users_table where supporter=1 and user_name != 'support_pool' order by user_name asc limit $low, $users_limit"; 557 break; 558 case ("office") : 559 $sql= "select * from $users_table where supporter=1 a