-
Notifications
You must be signed in to change notification settings - Fork 0
/
index.php
executable file
·296 lines (270 loc) · 11.6 KB
/
index.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
<?php
// Begin the PHP session so we have a place to store the username
session_start();
require_once('php/connect.php');
$client_id = $OKTA_CLIENT_ID;
$client_secret = $OKTA_CLIENT_SECRET;
$redirect_uri = $OKTA_REDIRECT_URL;
$metadata_url = $OKTA_METADATA_URL;
$authorization_endpoint = $OKTA_AUTHORIZATION_ENDPOINT;
// Fetch the authorization server metadata which contains a few URLs
// that we need later, such as the authorization and token endpoints
$metadata = http($metadata_url);
if(isset($_GET['code'])) {
if($_SESSION['state'] != $_GET['state']) {
die('Authorization server returned an invalid state parameter');
}
if(isset($_GET['error'])) {
die('Authorization server returned an error: '.htmlspecialchars($_GET['error']));
}
$response = http($metadata->token_endpoint, [
'grant_type' => 'authorization_code',
'code' => $_GET['code'],
'redirect_uri' => $redirect_uri,
'client_id' => $client_id,
'client_secret' => $client_secret,
]);
if(!isset($response->access_token)) {
die('Error fetching access token');
}
$token = http($metadata->introspection_endpoint, [
'token' => $response->access_token,
'client_id' => $client_id,
'client_secret' => $client_secret,
]);
if($token->active == 1) {
$_SESSION['username'] = $token->username;
//header('Location: /');
header('Location: ' . $redirect_uri);
die();
}
}
// If there is a username, they are logged in, and we'll show the logged-in view
if(isset($_SESSION['username'])) {
$username_parts = explode("@", $_SESSION['username']);
$username_short = $username_parts[0];
$conn = db_connect();
$query = $conn->query("SELECT * FROM signoff_project_admins WHERE username = '$username_short'");
if ($query->num_rows > 0) {
setcookie('SignOffAdminUser', $username_short, time() + 60*60*24*30, '/');
header("Location: admin.php");
}
}
// If there is no username, they are logged out, so show them the login link
if(!isset($_SESSION['username'])) {
// Generate a random state parameter for CSRF security
//$_SESSION['state'] = bin2hex(random_bytes(5));
$_SESSION['state'] = bin2hex(openssl_random_pseudo_bytes(5));
// Build the authorization URL by starting with the authorization endpoint
// and adding a few query string parameters identifying this application
$authorize_url = $authorization_endpoint.'?'.http_build_query([
'response_type' => 'code',
'client_id' => $client_id,
'redirect_uri' => $redirect_uri,
'state' => $_SESSION['state'],
'scope' => 'openid',
]);
//echo '<p>Not logged in</p>';
//echo '<p><a href="'.$authorize_url.'">Log In</a></p>';
header('Location: ' . $authorize_url);
die();
}
function http($url, $params=false) {
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
if($params)
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($params));
return json_decode(curl_exec($ch));
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<!-- The above 3 meta tags *must* come first in the head; any other head content must come *after* these tags -->
<meta name="description" content="">
<meta name="author" content="">
<link rel="icon" href="favicon.ico">
<title>Sign-off</title>
<!-- Bootstrap core CSS -->
<link href="css/bootstrap.min.css" rel="stylesheet">
<!-- Bootstrap theme -->
<!--<link href="css/bootstrap-theme.min.css" rel="stylesheet">-->
<!-- Bootstrap select theme -->
<link href="css/bootstrap-select.min.css" rel="stylesheet">
<link href="css/bootstrap-table.min.css" rel="stylesheet">
<link href="css/bootstrap.icon-large.min.css" rel="stylesheet">
<link rel="icon" href="images/grey-favicon.png" type="image/png">
<!-- Custom styles for this template -->
<!--<link href="theme.css" rel="stylesheet">-->
<!-- HTML5 shim and Respond.js for IE8 support of HTML5 elements and media queries -->
<!--[if lt IE 9]>
<script src="https://oss.maxcdn.com/html5shiv/3.7.2/html5shiv.min.js"></script>
<script src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script>
<![endif]-->
</head>
<body role="document">
<style>
body {
padding-top: 10px;
padding-bottom: 30px;
}
</style>
<p><a href="index.php" style='position:absolute;margin-left:12px;display:block;'>Sign-off Requests</a></p>
<div class="container" style='max-width: 980px;'>
<div class='row'>
<p style='text-align: center;'><img src='images/PMOLogo.jpg' height=100/></p>
</div>
<div class='row'>
<div class='col-md-6'>
<h3>Your Pending Sign-off Requests</h3>
<div id='noRequests' style="display: none;">
<p>You do not have any Sign-off requests.</p>
</div>
</div>
</div>
<!-- Begin Requests Panel -->
<div class='row' id="pendingRequestsRow">
<div class="panel panel-default">
<!--<div class="panel-heading"><h3 class='panel-title'>Requests</h3></div>-->
<!-- Table -->
<!--<div class='input-group' style='margin: 5px;'>
<span class="input-group-addon" id="basic-addon1"><span class="glyphicon glyphicon-search" aria-hidden="true"></span></span>
<input class="form-control" type='text' id='filter' placeholder='Type here to filter these results.'></input>
</div>-->
<div id='tableLoading' style="display: none;">
<p style='text-align: center;'>Loading <img width=30 height=30 src="images/loading.gif"/></p>
</div>
<table class="table table-striped" id='pendingProjectRequestTable'>
<thead>
<th>Project</th>
<th>Status</th>
<th class='hidden-xs'>Date</th>
<th class='hidden-xs hidden-sm hidden-md'>Identifier</th>
<th class='hidden'>Sprint</th>
<th class='hidden'>App Designer Projects</th>
<th class='hidden'>PL/SQL Objects</th>
<th class='hidden'>Other Objects</th>
<th class='hidden-xs hidden-sm hidden-md'>Requested By</th>
</thead>
<tbody class="searchable" id="pendingProjectRequestTableBody">
<!--populated by loadProjectRequests(); -->
<tbody>
</table>
</div>
</div>
<div class='row' style="margin-top:16px;">
<div class='col-md-6'>
<h4>Your Completed Sign-off Requests <small><em>past 12 months</em></small></h4>
<div id='receivedNoRequests' style="display: none;">
<p>You do not have any Sign-off requests.</p>
</div>
</div>
</div>
<div class='row' id="receivedRequestsRow">
<div class="panel panel-default">
<table class="table table-striped" id='receivedProjectRequestTable'>
<thead>
<th>Project</th>
<th>Status</th>
<th class='hidden-xs'>Date</th>
<th class='hidden-xs hidden-sm hidden-md'>Identifier</th>
<th class='hidden'>Sprint</th>
<th class='hidden'>App Designer Projects</th>
<th class='hidden'>PL/SQL Objects</th>
<th class='hidden'>Other Objects</th>
<th class='hidden-xs hidden-sm hidden-md'>Requested By</th>
</thead>
<tbody class="searchable" id="receivedProjectRequestTableBody">
<!--populated by loadProjectRequests(); -->
<tbody>
</table>
</div>
</div>
<!-- End Requests Panel -->
</div>
</div>
<!-- Bootstrap core JavaScript
================================================== -->
<!-- Placed at the end of the document so the pages load faster -->
<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.11.2/jquery.min.js"></script>
<script src="js/bootstrap.min.js"></script>
<script src="js/bootstrap-select.min.js"></script>
<script src="js/bootstrap-table.min.js"></script>
<script>
var userId = "<?php echo $username_short;?>";
function loadProjectRequestsByUser(type) {
$('#' + type + "ProjectRequestTable").hide();
$("#tableLoading").show();
$.ajaxSetup({ cache: false });
$.getJSON("php/loadProjectRequestsByUser.php", {
userId: userId,
}, function(data) {
$('#' + type + 'ProjectRequestTableBody').html("");
var html = "";
var len = data[type].length;
if(len === 0) {
$("#tableLoading").hide();
$("#" + type + "requestsRow").hide();
$("#noRequests").show();
}
else {
for (var i = 0; i< len; i++) {
html+= "<tr>";
var t = data[type][i].requestDate.split(/[- :]/);
var d = new Date(t[0], t[1]-1, t[2], t[3], t[4], t[5]);
if (data[type][i].projectName.length > 72) {
cutStr = "";
cutStr = data[type][i].projectName;
cutStr = cutStr.substring(0,72) + "...";
html += "<td style='font-size:1.2em;'><a href='respond.php?requestId=" + data[type][i].requestId + "'>" + cutStr + "</a></td>";
} else {
html += "<td style='font-size:1.2em;'><a href='respond.php?requestId=" + data[type][i].requestId + "'>" + data[type][i].projectName + "</a></td>";
}
if (data[type][i].status == "Pending") {
html += "<td><span class='label label-primary hidden-xs hidden-md hidden-sm'>" + data[type][i].status + "</span><span class='label label-primary hidden-lg'>P</span></td>";
}
if (data[type][i].status == "Received") {
html += "<td><span class='label label-success hidden-xs hidden-md hidden-sm'>Completed</span><span class='label label-success hidden-lg'>C</span></td>";
}
if (data[type][i].status == "Declined") {
html += "<td><span class='label label-danger hidden-xs hidden-md hidden-sm'>" + data[type][i].status + "</span><span class='label label-danger hidden-lg'>D</span></td>";
}
html += "<td class='hidden-xs'>" + (d.getMonth() + 1) + "/" + d.getDate() + "/" + d.getFullYear() + "</td>";
if (data[type][i].typeOfWork == "project") {
html += "<td class='hidden-xs hidden-sm hidden-md'>" + data[type][i].projectId + "</td>";
} else if (data[type][i].typeOfWork == "ticket") {
html += "<td class='hidden-xs hidden-sm hidden-md'>TICK:" + data[type][i].ticketNumber + "</td>";
} else if (data[type][i].typeOfWork == "req") {
html += "<td class='hidden-xs hidden-sm hidden-md'>Doc: " + data[type][i].projectId + "</td>";
} else {
html += "<td class='hidden-xs hidden-sm hidden-md'>ERROR</td>";
}
html += "<td class='hidden'>sprint:" + data[type][i].sprint + "</td>";
html += "<td class='hidden'>" + data[type][i].appDesignerProjs + "</td>";
html += "<td class='hidden'>" + data[type][i].plsqlObjects + "</td>";
html += "<td class='hidden'>" + data[type][i].otherObjects + "</td>";
html += "<td class='hidden-xs hidden-sm hidden-md'>" + data[type][i].authorFullName + "</td>";
html += "</tr>";
}
$('#' + type + 'ProjectRequestTableBody').append(html);
$("#tableLoading").hide();
$('#' + type + "ProjectRequestTable").show();
}
$.ajaxSetup({ cache: true });
});
}
$(document).ready(function() {
var pending = 'pending';
var received = 'received';
loadProjectRequestsByUser(pending);
loadProjectRequestsByUser(received);
});
</script>
<!--<script src="js/docs.min.js"></script> -->
<!-- IE10 viewport hack for Surface/desktop Windows 8 bug -->
<!--<script src="js/ie10-viewport-bug-workaround.js"></script>-->
</body>
</html>