<?php
/*
 *  ConPortal - Pomona College ITS & Bucknell University ISR scheduling appplication
 *  Copyright (C) 2005-2007  Pomona College, Bucknell University
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of version 2 of the GNU General Public License
 *  as published by the Free Software Foundation.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License
 *  along with this program; if not, write to the Free Software
 *  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 */

require_once('../standard.php');

	// If this page is POSTed to, OR part of a quickPunch, do stuff
if($_SERVER['REQUEST_METHOD']=='POST' || $_SESSION['doQuickPunch'] == TRUE)
{
	$ipOK = true;
	$inout = "";
	$posted = true;
	$punched = isPunchedIn($_SESSION['pid']);

		if($punched==TRUE)
		{
			$ipOK = punchOut($_SESSION['pid']);
			$inout = "out";
		}
		else 
		{
			$ipOK = punchIn($_SESSION['pid']);
			$inout = "in";
		}
		//if login isn't ok, set session variable so the show button function can display error, and silently tattle!
	if(!($ipOK))
	{ 
		$_SESSION['ipOK'] = $ipOK;
		
		$user = getNameForUser($_SESSION['pid']);
		$body = "Pssst! \n  " . $user . " tried to log " . $inout ." from host: " . $_SERVER['REMOTE_ADDR'] . " and was rejected.";  
					
		$subject = "Pssst!  Punch" . $inout ." from unacceptable host detected!";
					
		$to = SUPERS;
		
		send_email($body, $subject, $to);
		if($_SESSION['doQuickPunch'] == TRUE)
		{
			/* Snarky version

			$_SESSION['frontPagePunchResult'] = "<br>You cannot punch in or out from your current location. <br><br> Orbital disintegration ray satellites acquiring your geospatial coordinates... <br><br>Arming primary weapon array... <br><br>Target lock engaged.<br><br>Primary plasma chamber has achived firing temperature; discharging at specified coordinates.  <br><br><br><br>Have a nice day!  :)";  */

			$_SESSION['frontPagePunchResult'] = "<br>You cannot punch in or out from your current location. <br>";

			unset($_SESSION['ldap']);
			unset($_SESSION['pid']);
			unset($_SESSION['username']);
			unset($_SESSION['doQuickPunch']);
			header("Location: " . BASE_URL . "index.php");
		}
	}
    	if($_POST['fromWhere'] == "QuickPunch")
	{
		header("Location: " . BASE_URL . "index.php");	
	}
	else if($_POST['fromWhere'] == "ThenLogout")
	{
		header("Location: " . BASE_URL . "redirects/logout.php");
	}
	else if($_SESSION['doQuickPunch'] == TRUE)
	{
		if($inout=="out")
		{
			$_SESSION['frontPagePunchResult'] = "You have punched out.";
		}
		else
		{
			$_SESSION['frontPagePunchResult'] = "You have punched in.";
		} 

		// don't destroy session yet!  Just enough to force the login page to be displayed
		// (and also clear the doQuickPunch just to prevent some wierd replay attack)
		unset($_SESSION['ldap']);
		unset($_SESSION['pid']);
		unset($_SESSION['username']);
		unset($_SESSION['doQuickPunch']);
		header("Location: " . BASE_URL . "index.php");
	}
	else
	{		
  		header("Location: " . BASE_URL . "punch_in_out.php");	
	}
}
else
{
   error("Something wasn't filled out properly!  Now I am sad!");
   display_errors();
}
xhtml_footer();
?>