<?
header("Content-Type: text/html; charset=utf-8");
session_start();
if (isset($_SESSION['LAST_ACTIVITY']) && (time() - $_SESSION['LAST_ACTIVITY'] > 6000)) {
// last request was more than 30 minutes ago
session_unset(); // unset $_SESSION variable for the run-time
session_destroy(); // destroy session data in storage
}
$_SESSION['LAST_ACTIVITY'] = time(); // update last activity time stamp
header("Expires: 0");
$add = 'Login Area';
foreach (array_keys($_REQUEST) as $var) {
${$var} = $_REQUEST[$var];
//if ($name == "Admin12") {
//echo "<b>$var:</b> ${$var} <br>";
//}
}
if ($act == "exit")
{
session_unset();
session_destroy();
session_start();
}
if ($_SESSION['cmdlevel'])
$cmdlevel = $_SESSION['cmdlevel'];
if ($_SESSION['hostid'])
$agent_id = $_SESSION['hostid'];
if ($_SESSION['add'])
$add = $_SESSION['add'];
if ($_SESSION['id'])
$id = $_SESSION['id'];
if ($_SESSION['name'])
$name = $_SESSION['name'];
foreach (array_keys($_SESSION) as $var) {
${$var} = $_SESSION[$var];
//if ($name == "Admin12") {
//echo "from session: <b>$var:</b> ${$var} <br>";
//}
}
include 'functions.php';
include 'auth.php';
$logged_me_in_successfully234 = 0;
if (!$_SESSION['pass'] && !$_SESSION['name'])
{
$table = 'accounts';
$result=mysqli_query($link, "SELECT id, login, cmdlevel FROM $table WHERE login='".$name."' AND password='".md5($pass)."'");
$res1 = mysqli_fetch_array($result);
$cmdlevel = $res1['cmdlevel'];
$id = $res1['id'];
if ($cmdlevel == '10')
{
$add = "Head Administrator";
}
else if ($cmdlevel == '1')
{
$add = "Company Administrator";
}
else if ($cmdlevel == '2')
{
$add = "Company Operator";
}
if (mysqli_num_rows($result))
{
$_SESSION['pass']=$pass;
$_SESSION['name']=$name;
$_SESSION['add']=$add;
$_SESSION['cmdlevel']=$cmdlevel;
$_SESSION['id']=$id;
$logged_me_in_successfully234 = 1;
}
}
else
$logged_me_in_successfully234 = 1;
$query = mysqli_query($link, "update accounts set last_seen_web =NOW() where id=".$id);
?>
<!DOCTYPE html>
<meta charset="utf-8">
<html lang="en">
<title>ProSys Management</title>
<link rel="stylesheet" href="style.css">
<script src="/mail.js" type="text/javascript" encoding="utf-8"></script>
<script src="jquery.js" type="text/javascript"></script>
<body>
<?
$mycompany = getCompanyByAccount($id);
if (!isset($companyID))
{
// echo "ses com ".$_SESSION['company'];
if ($_SESSION['company'])
$companyID = $_SESSION['company'];
else
{
$companyID = $mycompany[0];
$_SESSION['company'] = $companyID;
}
}
else
{
$_SESSION['company'] = $companyID;
}
$companyname = getCompanyByID($companyID)[1];
//echo "
//<activecompanycontainer>
// <activecompany>Управление компанией: <b>$companyname</b></activecompany>
// <activecompany>Моя компания: <b>$mycompany[1]</b></activecompany>
//</activecompanycontainer>";
echo "<header>";
echo "
<h1 style ='color:white;'>ProSys Management ($add)</h1></header>";
//echo "<section> <h2>".$add." Area</h2> </section>";
if ($logged_me_in_successfully234 == 0)
{
echo "<center>";
GetEnterForm();
echo("<font color='red'><b>Access denied. Incorrect login or password</b><font>");
echo "</center>";
return;
}
echo "<menu>";
if ($cmdlevel == 10)
{
echo "<a href='?act=global'>Глобальное управление</a><br>";
echo "<a href='?act=devices'>Устройства</a><br>";
echo "<a href='?act=typeobject'>Типы объектов</a><br>";
echo "<a href='?act=object'>Объекты</a><br>";
}
if ($cmdlevel==1 || $cmdlevel == 10)
{
echo "<a href='?act=companies'>Компании</a><br>";
echo "<a href='?act=accounts'>Аккаунты</a><br>";
echo "<a href='?act=objects'>Объекты</a><br>";
echo "<a href='?act=jobs'>Должности</a><br>";
}
if ($cmdlevel==2 || $cmdlevel == 10)
{
echo "<a href='?act=markers'>Визуальные метки (QR)</a><br>";
echo "<a href='?act=tasktypes'>Типы задач</a><br>";
echo "<a href='?act=tasks'>Задачи активные</a><br>";
echo "<a href='?act=docs'>Документы</a><br>";
echo "<a href='?act=reports'>Отчеты</a><br>";
}
if ($cmdlevel==1 || $cmdlevel==2 || $cmdlevel == 10)
{
echo "<a href='?act=input_data'>Входные данные</a><br>";
echo "<a href='?act=staff'>Персонал</a><br>";
}
echo "<a href='?act=exit'>Выход</a><br>";
echo "</menu>";
echo "<nav>";
if ($cmdlevel==10) //head admins
{
switch($act)
{
case "global": include("global.php");break;
case "companies": include("companies.php");break;
case "accounts": include("accounts.php");break;
case "markers": include("markers.php");break;
case "tasks": include("tasks.php");break;
case "tasktypes": include("tasktypes.php");break;
case "docs": include("docs.php");break;
case "reports": include("reports.php");break;
case "devices": include("devices.php");break;
case "staff": include("staff.php");break;
case "objects": include("objects.php");break;
case "input_data": include("input_data.php");break;
case "jobs": include("jobs.php");break;
case "typeobject": include("typeobject.php");break;
case "object": include("object.php");break;
default:
}
}
else if ($cmdlevel==1) //company admin
{
switch($act)
{
case "companies": include("companies.php");break;
case "accounts": include("accounts.php");break;
case "markers": include("markers.php");break;
case "tasks": include("tasks.php");break;
case "tasktypes": include("tasktypes.php");break;
case "docs": include("docs.php");break;
case "reports": include("reports.php");break;
case "staff": include("staff.php");break;
case "objects": include("objects.php");break;
case "input_data": include("input_data.php");break;
case "jobs": include("jobs.php");break;
case "typeobject": include("typeobject.php");break;
case "object": include("object.php");break;
default:
}
}
else if ($cmdlevel==2) //company ops
{
switch($act)
{
case "markers": include("markers.php");break;
case "tasks": include("tasks.php");break;
case "tasktypes": include("tasktypes.php");break;
case "docs": include("docs.php");break;
case "reports": include("reports.php");break;
case "staff": include("staff.php");break;
case "input_data": include("input_data.php");break;
case "typeobject": include("typeobject.php");break;
case "object": include("object.php");break;
default:
}
}
echo "</nav>";
echo '</body>';
function GetEnterForm()
{
echo "<article>
<form method='post' action='?login'>
<table>
<tr>
<td width=70>
<b>Login</b>
</td>
<td>
</td>
<td>
<input type='text' name=name value=''><br/>
</td>
</tr>
<tr>
<td>
<b>Password </b>
</td>
<td>
</td>
<td>
<input type='password' name=pass value=''>
</td>
</tr>
<tr>
<td></td>
<td> </td>
<td>
<input type='submit' value='Enter'>
</td>
</tr>
</table>
</form>
</article>";
}
?>
</html>