/WebCalendar-1.2.5/includes/classes/WebCalendar.class.orig
Unknown | 983 lines | 874 code | 109 blank | 0 comment | 0 complexity | af38583a7e29a11fce241f3610da9c01 MD5 | raw file
Possible License(s): LGPL-2.1
- <?php
- /* Declares the WebCalendar class.
- *
- * @author Adam Roben <adam.roben@gmail.com>
- * @copyright Craig Knudsen, <cknudsen@cknudsen.com>, http://www.k5n.us/cknudsen
- * @license http://www.gnu.org/licenses/gpl.html GNU GPL
- * @version $Id: WebCalendar.class,v 1.108.2.15 2011/07/12 19:25:12 rjones6061 Exp $
- * @package WebCalendar
- */
- /* The WebCalendar.
- *
- * Right now this class's functionality is limited to initialization routines.
- *
- * @todo Get rid of all the global variables.
- * @todo Organize initialization steps more logically.
- */
- class WebCalendar {
- /* Filename of the page the user is viewing.
- *
- * @var string
- *
- * @access private
- */
- var $_filename;
- /* WebCalendar install directory.
- *
- * @var string
- *
- * @access private
- */
- var $_directory;
- /* A map from filenames to initialization phases.
- *
- * This array holds the initialization steps for each page. Steps are
- * separated into phases, and listed in the order they should be executed,
- * and are the names of the WebCalendar::methods that should be called,
- * without the `_Init' prefix.
- *
- * @var array
- *
- * @access private
- *
- * @todo Make it possible to distinguish between files in different directories
- * (e.g. login.php and ws/login.php).
- */
- var $_filePhaseMap =
- array ( '/^(about|nulogin|login|login-app|register|controlpanel|upcoming)\.php$/' =>
- array (
- array ( 'Config', 'PHPDBI', 'Functions' ),
- array ( 'User', 'Connect' ) ),
- '/^(ajax|css_cacher|js_cacher|icalclient|freebusy|publish|rss|rss_unapproved|rss_activity_log|get_reminders|get_events|ws)\.php$/' =>
- array (
- array ( 'Config', 'PHPDBI', 'Functions' ),
- array ( 'User', 'Validate', 'Connect', 'SiteExtras', 'Access' ) ),
- '/^convert_passwords\.php$/' =>
- array (
- array ( 'Config', 'PHPDBI' ),
- array () ),
- '/^send_reminders|reload_remotes\.php$/' =>
- array (
- array ( 'Config', 'PHPDBI', 'Functions' ),
- array ( 'User', 'SiteExtras' ) ),
- /* This is for files which have called include('includes/init.php'). */
- '/^init\.php$/' =>
- array (
- array ( 'InitFirstPhase', 'Config', 'PHPDBI', 'Functions' ),
- array ( 'User', 'Validate', 'Connect', 'SiteExtras', 'Access', 'InitSecondPhase' ) )
- );
- /* WebCalendar constructor.
- *
- * @param string $path Full path of file being viewed.
- *
- * @return WebCalendar New WebCalendar object.
- *
- * @access public
- */
- function WebCalendar ( $path ) {
- $this->_filename = basename ( $path );
- $this->_directory = dirname ( __FILE__ ) . '/../../';
- // Define a value to prevent direct access to files.
- define ( '_ISVALID', 1 );
- }
- // cek: This function is used by some other apps that I have developed
- // but have not released.
- function addExternalPage ( $pattern, $initArray ) {
- $this->_filePhaseMap[$pattern] = $initArray;
- }
- /* First part of initializations from includes/init.php.
- *
- * @access private
- */
- function _initInitFirstPhase () {
- global $DMW, $HTTP_GET_VARS, $HTTP_POST_VARS, $PHP_SELF, $SCRIPT, $self,
- $special, $user_inc;
- // Make sure another app in the same domain doesn't have a 'user' cookie.
- if ( empty ( $HTTP_GET_VARS ) )
- $HTTP_GET_VARS = $_GET;
- if ( empty ( $HTTP_POST_VARS ) )
- $HTTP_POST_VARS = $_POST;
- if ( ! empty ( $HTTP_GET_VARS ) && empty ( $HTTP_GET_VARS['user'] ) && !
- empty ( $HTTP_POST_VARS ) && empty ( $HTTP_POST_VARS['user'] ) &&
- isset ( $GLOBALS['user'] ) )
- unset ( $GLOBALS['user'] );
- // Get script name.
- $self = $_SERVER['PHP_SELF'];
- if ( empty ( $self ) )
- $self = $PHP_SELF;
- preg_match ( '/\/(\w+\.php)/', $self, $match );
- $SCRIPT = $match[1];
- // Several files need a no-cache header and some of the same code.
- $special = array ( 'month.php', 'day.php', 'week.php',
- 'week_details.php', 'year.php', 'minical.php' );
- $DMW = in_array ( $SCRIPT, $special );
- // Security precaution. Don't allow <script> to be included in
- // a URL in any way.
- if ( preg_match ( '/\s*script/i', $_SERVER['QUERY_STRING'] ) ) {
- // No need to have a graceful exit for this since it should only
- // happen to malicioius crapweasels.
- echo "<html><body><h2>User Error</h2><p>Bite me.</p></html>\n";
- exit;
- }
- // Unset some variables that shouldn't be set.
- unset ( $user_inc );
- }
- /* Second part of initializations from includes/init.php.
- *
- * @access private
- */
- function _initInitSecondPhase () {
- global $ALLOW_VIEW_OTHER, $can_add, $can_add, $cat_id, $CATEGORIES_ENABLED,
- $CATEGORY_VIEW, $caturl, $date, $DMW, $friendly, $override, $fullname, $GROUPS_ENABLED,
- $hour, $id, $is_admin, $is_assistant, $is_nonuser, $login, $minute, $month,
- $NONUSER_ENABLED, $nonusers, $ovrd, $PUBLIC_ACCESS, $PUBLIC_ACCESS_CAN_ADD,
- $PUBLIC_ACCESS_FULLNAME, $PUBLIC_ACCESS_OTHERS, $readonly, $u_url, $user,
- $user_fullname, $USER_SEES_ONLY_HIS_GROUPS, $userlist, $valid_user, $year;
- load_global_settings ();
- $this->setLanguage ();
- if ( empty ( $ovrd ) )
- load_user_preferences ();
- // Error-check some commonly used form variable names.
- $cat_id = getValue ( 'cat_id', '[\-0-9,]+' );
- $date = getValue ( 'date', '[0-9]+' );
- $friendly = getValue ( 'friendly', '[01]' );
- $override = getValue ( 'override', '[01]' );
- $hour = getValue ( 'hour', '[0-9]+' );
- $id = getValue ( 'id', '[0-9]+', true );
- $minute = getValue ( 'minute', '[0-9]+' );
- $month = getValue ( 'month', '[0-9]+' );
- $user = getValue ( 'user', '[A-Za-z0-9_\.=@,\-]*', true );
- $year = getValue ( 'year', '[0-9]+' );
- if ( empty ( $PUBLIC_ACCESS ) )
- $PUBLIC_ACCESS = 'N';
- // Initialize access settings ($user_access string)
- // and make sure user is allowed to view the current page.
- access_init ();
- if ( ! access_can_view_page () ) {
- $user_BGCOLOR = get_pref_setting ( $login, 'BGCOLOR' );
- echo '<html>
- <head>
- <title>' . generate_application_name () . ' ' . translate ( 'Error' ) . '</title>
- </head>
- <body bgcolor="' . $user_BGCOLOR . '">
- ' . print_not_auth ( true ) . '
- </body>
- </html>';
- exit;
- }
- $can_add = false;
- // Load if $SCRIPT is in $special array:
- if ( $DMW ) {
- // Tell the browser not to cache.
- // send_no_cache_header ();
- if ( $ALLOW_VIEW_OTHER != 'Y' && ! $is_admin && ! $is_assistant )
- $user = '';
- $can_add = ( $readonly == 'N' || $is_admin == 'Y' );
- if ( $PUBLIC_ACCESS == 'Y' && $login == '__public__' ) {
- if ( $PUBLIC_ACCESS_CAN_ADD != 'Y' )
- $can_add = false;
- if ( $PUBLIC_ACCESS_OTHERS != 'Y' )
- $user = ''; // Security precaution.
- }
- if ( $is_nonuser )
- $can_add = false;
- if ( $GROUPS_ENABLED == 'Y' && $USER_SEES_ONLY_HIS_GROUPS == 'Y' && ! $is_admin ) {
- $userlist = get_my_users ();
- $valid_user = false;
- if ( ! empty ( $NONUSER_ENABLED ) && $NONUSER_ENABLED == 'Y' ) {
- $nonusers = get_my_nonusers ( $login, true );
- $userlist = array_merge ( $nonusers, $userlist );
- }
- for ( $i = 0; $i < count ( $userlist ); $i++ ) {
- if ( $user == $userlist[$i]['cal_login'] )
- $valid_user = true;
- }
- if ( ! $valid_user )
- $user = ''; // Security precaution.
- }
- if ( ! empty ( $user ) ) {
- $u_url = 'user=' . $user . '&';
- user_load_variables ( $user, 'user_' );
- if ( $user == '__public__' )
- $user_fullname = translate ( $PUBLIC_ACCESS_FULLNAME );
- } else {
- $u_url = '';
- $user_fullname = $fullname;
- if ( $login == '__public__' )
- $user_fullname = translate ( $PUBLIC_ACCESS_FULLNAME );
- }
- set_today ( $date );
- remember_this_view ();
- if ( $CATEGORIES_ENABLED == 'Y' ) {
- if ( ! empty ( $cat_id ) ) {
- } elseif ( ! empty ( $CATEGORY_VIEW ) && ! isset ( $_GET['cat_id'] ) )
- $cat_id = $CATEGORY_VIEW;
- else
- $cat_id = '';
- } else
- $cat_id = '';
- $caturl = ( empty ( $cat_id ) ? '' : '&cat_id=' . $cat_id );
- }
- }
- /* Initializations from includes/assert.php.
- *
- * @access private
- */
- function _initAssert () {
- // Initialize assert options.
- assert_options ( ASSERT_CALLBACK, 'assert_handler' );
- assert_options ( ASSERT_ACTIVE, 1 );
- }
- /* Initializations from includes/config.php.
- *
- * @access private
- */
- function _initConfig () {
- do_config ( $this->absolutePath ( 'includes/settings.php' ) );
- }
- /* Initializations from includes/dbi4php.php.
- *
- * @access private
- */
- function _initPHPDBI () {
- global $phpdbiVerbose;
- // Enable the following to show the actual database error in the browser.
- // It is more secure to not show this info, so this should only be turned
- // on for debugging purposes.
- if ( ! isset ( $phpdbiVerbose ) )
- $phpdbiVerbose = false;
- }
- /* Initializations from includes/functions.php.
- *
- * @access private
- */
- function _initFunctions () {
- global $byday_names, $byday_values, $days_per_month, $db_login, $db_password,
- $ldays_per_month,
- $offsets, $PHP_SELF, $settings, $weekday_names;
- /**#@+
- * Used for activity log.
- */
- define ( 'LOG_APPROVE', 'A' );
- define ( 'LOG_APPROVE_J', 'P' );
- define ( 'LOG_APPROVE_T', 'H' );
- define ( 'LOG_ATTACHMENT', 'T' );
- define ( 'LOG_COMMENT', 'M' );
- define ( 'LOG_CREATE', 'C' );
- define ( 'LOG_CREATE_J', 'I' );
- define ( 'LOG_CREATE_T', 'G' );
- define ( 'LOG_DELETE', 'D' );
- define ( 'LOG_DELETE_J', 'V' );
- define ( 'LOG_DELETE_T', 'L' );
- define ( 'LOG_LOGIN_FAILURE', 'x' );
- define ( 'LOG_NEWUSER_EMAIL', 'E' );
- define ( 'LOG_NEWUSER_FULL', 'F' );
- define ( 'LOG_NOTIFICATION', 'N' );
- define ( 'LOG_REJECT', 'X' );
- define ( 'LOG_REJECT_J', 'Q' );
- define ( 'LOG_REJECT_T', 'J' );
- define ( 'LOG_REMINDER', 'R' );
- define ( 'LOG_UPDATE', 'U' );
- define ( 'LOG_UPDATE_J', 'S' );
- define ( 'LOG_UPDATE_T', 'K' );
- define ( 'LOG_USER_ADD', 'a' );
- define ( 'LOG_USER_DELETE', 'd' );
- define ( 'LOG_USER_UPDATE', 'u' );
- /**#@-*/
- /* Number of seconds in:
- */
- define ( 'ONE_HOUR', 3600 );
- define ( 'ONE_DAY', 86400 );
- define ( 'ONE_WEEK', 604800 );
- /* Arrays containing the number of days in each month
- * in a leap year and a non-leap year.
- *
- * @global array $ldays_per_month
- * @global array $days_per_month
- */
- $ldays_per_month =
- $days_per_month = array ( 0, 31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31 );
- $ldays_per_month[2] = 29;
- /* Array containing the short names for the days of the week.
- *
- * @global array $weekday_names
- */
- $weekday_names = array ( 'Sun', 'Mon', 'Tue', 'Wed', 'Thu', 'Fri', 'Sat' );
- /* Array containing the BYDAY names for the days of the week.
- *
- * @global array $byday_name
- */
- $byday_names = array ( 'SU', 'MO', 'TU', 'WE', 'TH', 'FR', 'SA' );
- /* Array containing the number value of the days of the week.
- *
- * @global array $days_per_week
- */
- $days_of_week = array_flip ( $weekday_names );
- /* Array containing the number value of the ical ByDay abbreviations.
- *
- * @global array $byday_values
- */
- $byday_values = array_flip ( $byday_names );
- /* Pull out cookies and place them in global variables */
- if ( ! empty ( $_COOKIE['webcalendar_session'] ) )
- $GLOBALS['webcalendar_session'] = $_COOKIE['webcalendar_session'];
- if ( ! empty ( $_COOKIE['webcalendar_login'] ) )
- $GLOBALS['webcalendar_login'] = $_COOKIE['webcalendar_login'];
- if ( ! empty ( $_COOKIE['webcalendar_last_view'] ) )
- $GLOBALS['webcalendar_last_view'] = $_COOKIE['webcalendar_last_view'];
- if ( ! empty ( $_COOKIE['webcalendar_csscache'] ) )
- $GLOBALS['webcalendar_csscache'] = $_COOKIE['webcalendar_csscache'];
- // Don't allow a user to put "login=XXX" in the URL
- // if they are not coming from the login.php page.
- if ( empty ( $PHP_SELF ) && ! empty ( $_SERVER['PHP_SELF'] ) )
- $PHP_SELF = $_SERVER['PHP_SELF']; // Backward compatibility.
- if ( empty ( $PHP_SELF ) )
- $PHP_SELF = ''; // This happens when running send_reminders.php from CL.
- if ( ! strstr ( $PHP_SELF, 'login.php' ) && ! empty ( $GLOBALS['login'] ) )
- $GLOBALS['login'] = '';
- // Define an array to use to jumble up the key: $offsets
- // We define a unique key to scramble the cookie we generate.
- // We use the admin install password that the user set to make
- // the salt unique for each WebCalendar install.
- $salt = ( ! empty ( $settings ) && ! empty ( $settings['install_password'] )
- ? $settings['install_password'] : md5 ( $db_login ) );
- $salt_len = strlen ( $salt );
- $salt2 = md5 ( empty ( $db_password ) ? 'oogabooga' : $db_password );
- $salt2_len = strlen ( $salt2 );
- $offsets = array ();
- for ( $i = 0; $i < $salt_len || $i < $salt2_len; $i++ ) {
- $offsets[$i] = 0;
- if ( $i < $salt_len )
- $offsets[$i] += ord ( substr ( $salt, $i, 1 ) );
- if ( $i < $salt2_len )
- $offsets[$i] += ord ( substr ( $salt2, $i, 1 ) );
- $offsets[$i] %= 128;
- }
- }
- /* Initializations from includes/user*.php.
- *
- * This is a placeholder for now. We are letting includes/user*.php handle
- * its own initialization.
- *
- * @access private
- *
- * @todo Make an Authentication interface class and create a subclass for
- * each user*.php page.
- */
- function _initUser () {
- }
- /* Initializations from includes/validate.php.
- *
- * @access private
- */
- function _initValidate () {
- global $c, $cryptpw, $db_database, $db_host, $db_login, $db_password,
- $encoded_login, $HTTP_ENV_VARS, $HTTP_SERVER_VARS, $is_nonuser, $login,
- $login_return_path, $PHP_AUTH_USER, $REMOTE_USER, $SCRIPT,
- $session_not_found, $settings, $single_user, $single_user_login,
- $use_http_auth, $user_inc, $validate_redirect, $webcalendar_session;
- /* If WebCalendar is configured to use http authentication, then we can
- * use _initValidate (). If we are not using http auth, icalclient.php will
- * create its own http auth since an iCal client cannot login via a
- * web-based login. Publish.php does need to validate if not http_auth.
- */
- if ( ! $use_http_auth &&
- ( $this->_filename == 'css_cacher.php' ||
- $this->_filename == 'icalclient.php' ||
- $this->_filename == 'rss_unapproved.php' ||
- $this->_filename == 'rss_activity_log.php' ||
- $this->_filename == 'js_cacher.php' ||
- $this->_filename == 'publish.php' ) ) {
- return;
- }
- $is_nonuser = $session_not_found = $validate_redirect = false;
- // Catch-all for getting the username when using HTTP-authentication.
- if ( $use_http_auth ) {
- if ( empty ( $PHP_AUTH_USER ) ) {
- if ( ! empty ( $_SERVER ) && isset ( $_SERVER['PHP_AUTH_USER'] ) )
- $PHP_AUTH_USER = $_SERVER['PHP_AUTH_USER'];
- else
- if ( ! empty ( $HTTP_SERVER_VARS ) &&
- isset ( $HTTP_SERVER_VARS['PHP_AUTH_USER'] ) )
- $PHP_AUTH_USER = $HTTP_SERVER_VARS['PHP_AUTH_USER'];
- else
- if ( isset ( $REMOTE_USER ) )
- $PHP_AUTH_USER = $REMOTE_USER;
- else
- if ( ! empty ( $_ENV ) && isset ( $_ENV['REMOTE_USER'] ) )
- $PHP_AUTH_USER = $_ENV['REMOTE_USER'];
- else
- if ( ! empty ( $HTTP_ENV_VARS ) && isset ( $HTTP_ENV_VARS['REMOTE_USER'] ) )
- $PHP_AUTH_USER = $HTTP_ENV_VARS['REMOTE_USER'];
- else
- if ( @getenv ( 'REMOTE_USER' ) )
- $PHP_AUTH_USER = getenv ( 'REMOTE_USER' );
- else
- if ( isset ( $AUTH_USER ) )
- $PHP_AUTH_USER = $AUTH_USER;
- else
- if ( ! empty ( $_ENV ) && isset ( $_ENV['AUTH_USER'] ) )
- $PHP_AUTH_USER = $_ENV['AUTH_USER'];
- else
- if ( ! empty ( $HTTP_ENV_VARS ) && isset ( $HTTP_ENV_VARS['AUTH_USER'] ) )
- $PHP_AUTH_USER = $HTTP_ENV_VARS['AUTH_USER'];
- else
- if ( @getenv ( 'AUTH_USER' ) )
- $PHP_AUTH_USER = getenv ( 'AUTH_USER' );
- }
- }
- if ( $single_user == 'Y' )
- $login = $single_user_login;
- else {
- if ( $use_http_auth ) {
- // HTTP server did validation for us....
- if ( empty ( $PHP_AUTH_USER ) )
- $session_not_found = true;
- else
- $login = $PHP_AUTH_USER;
- } else
- if ( substr ( $user_inc, 0, 9 ) == 'user-app-' ) {
- // Make sure we are connected to the database for session check.
- $c = @dbi_connect ( $db_host, $db_login, $db_password, $db_database );
- if ( ! $c )
- die_miserable_death ( 'Error connecting to database:<blockquote>'
- . dbi_error () . '</blockquote>' );
- // Use another application's authentication.
- if ( $login != user_logged_in () )
- $session_not_found = true;
- } else {
- @session_start ();
- if ( ! empty ( $_SESSION['webcal_login'] ) )
- $login = $_SESSION['webcal_login'];
- if ( ! empty ( $_SESSION['webcalendar_session'] ) )
- $webcalendar_session = $_SESSION['webcalendar_session'];
- if ( empty ( $login ) && empty ( $webcalendar_session ) )
- $session_not_found = true;
- else
- if ( empty ( $_SESSION['webcal_login'] ) &&
- // Check for cookie...
- ! empty ( $webcalendar_session ) ) {
- $encoded_login = $webcalendar_session;
- if ( empty ( $encoded_login ) )
- // Invalid session cookie.
- $session_not_found = true;
- else {
- $login_pw = explode( '|', decode_string ( $encoded_login ) );
- $login = $login_pw[0];
- $cryptpw = $login_pw[1];
- // Security fix. Don't allow certain types of characters in
- // the login. WebCalendar does not escape the login name in
- // SQL requests. So, if the user were able to set the login
- // name to be "x';drop table u;",
- // they may be able to affect the database.
- // NOTE: we also changed the cookie encoding from WebCalendar 1.0.X
- // to WebCalendar 1.1.X+, so this causes a bad cookie error.
- if ( ! empty ( $login ) && $login != addslashes ( $login ) ) {
- // The following deletes the bad cookie. So, the user just needs
- // to reload.
- SetCookie ( 'webcalendar_session', '', 0 );
- die_miserable_death ( 'Illegal characters in login <tt>'
- . htmlentities ( $login ) . '</tt>' .
- "Press browser reload to clear bad cookie." );
- }
- // Make sure we are connected to the database for password check.
- $c = @dbi_connect ( $db_host, $db_login, $db_password, $db_database );
- if ( ! $c )
- die_miserable_death ( 'Error connecting to database:<blockquote>'
- . dbi_error () . '</blockquote>' );
- doDbSanityCheck ();
- if ( $cryptpw == 'nonuser' ) {
- if ( ! nonuser_load_variables ( $login, 'nutemp_' ) )
- // No such nonuser cal.
- die_miserable_death ( 'Invalid nonuser calendar.' );
- if ( empty ( $GLOBALS['nutemp_is_public'] ) ||
- $GLOBALS['nutemp_is_public'] != 'Y' )
- die_miserable_death ( 'Nonuser calendar is not public.' );
- $is_nonuser = true;
- } else
- if ( ! user_valid_crypt ( $login, $cryptpw ) )
- do_redirect ( 'login.php' . ( empty ( $login_return_path )
- ? '' : '?return_path=' . $login_return_path ) );
- @session_start ();
- $_SESSION['webcal_login'] = $login;
- $_SESSION['webcalendar_session'] = $webcalendar_session;
- }
- }
- }
- }
- }
- /* Initializations from includes/connect.php.
- *
- * @access private
- */
- function _initConnect () {
- global $c, $db_database, $db_host, $db_login, $db_password, $firstname,
- $fullname, $is_admin, $is_nonuser, $LANGUAGE, $lastname, $login,
- $login_email, $login_firstname, $login_fullname, $login_is_admin,
- $login_lastname, $login_login, $login_url, $not_auth, $PHP_AUTH_USER,
- $PHP_SELF, $PROGRAM_VERSION, $pub_acc_enabled, $PUBLIC_ACCESS_CAN_ADD,
- $readonly, $SCRIPT, $session_not_found, $single_user, $single_user_login,
- $use_http_auth, $user_email, $user_inc;
- // db settings are in config.php.
- // Establish a database connection.
- // This may have happened in validate.php, depending on settings.
- // If not, do it now.
- if ( empty ( $c ) ) {
- $c = dbi_connect ( $db_host, $db_login, $db_password, $db_database );
- if ( ! $c )
- die_miserable_death ( 'Error connecting to database:<blockquote>'
- . dbi_error () . '</blockquote>' );
- // Do a sanity check on the database,
- // making sure we can at least access the webcal_config table.
- if ( function_exists ( 'doDbSanityCheck' ) )
- doDbSanityCheck ();
- // Check the current installation version.
- // Redirect user to install page if it is different from stored value.
- // This will prevent running WebCalendar until UPGRADING.html has been
- // read and required upgrade actions completed.
- $rows = dbi_get_cached_rows ( 'SELECT cal_value FROM webcal_config
- WHERE cal_setting = \'WEBCAL_PROGRAM_VERSION\'' );
- if ( $rows ) {
- $row = $rows[0];
- if ( $row[0] != $PROGRAM_VERSION ) {
- // & does not work here...leave it as &
- header ( 'Location: install/index.php?action=mismatch&version='
- . $row[0] );
- exit;}
- }
- }
- // If we are in single user mode,
- // make sure that the login selected is a valid login.
- if ( $single_user == 'Y' ) {
- if ( empty ( $single_user_login ) )
- die_miserable_death ( 'You have not defined <tt>single_user_login</tt> '
- . 'in <tt>includes/settings.php</tt>' );
- $res = dbi_execute ( 'SELECT COUNT( * ) FROM webcal_user
- WHERE cal_login = ?', array ( $single_user_login ) );
- if ( ! $res ) {
- echo 'Database error: ' . dbi_error ();
- exit;
- }
- $row = dbi_fetch_row ( $res );
- if ( $row[0] == 0 ) {
- // User specified as single_user_login does not exist.
- if ( ! dbi_execute ( 'INSERT INTO webcal_user ( cal_login, cal_passwd,
- cal_is_admin ) VALUES ( ?, ?, ? )',
- array ( $single_user_login, md5 ( $single_user_login ), 'Y' ) ) )
- die_miserable_death ( 'User <tt>' . $single_user_login
- . '</tt> does not exist in <tt>webcal_user</tt> table and we were '
- . 'not able to add it for you:<br /><blockquote>' . dbi_error ()
- . '</blockquote>' );
- // User was added... should we tell them?
- }
- dbi_free_result ( $res );
- }
- // Global settings have not been loaded yet, so check for public_access now.
- $rows = dbi_get_cached_rows ( 'SELECT cal_value FROM webcal_config
- WHERE cal_setting = \'PUBLIC_ACCESS\'' );
- if ( $rows ) {
- $row = $rows[0];
- }
- $pub_acc_enabled = ( ! empty ( $row ) && $row[0] == 'Y' );
- if ( $pub_acc_enabled ) {
- $rows = dbi_get_cached_rows ( 'SELECT cal_value FROM webcal_config
- WHERE cal_setting = \'PUBLIC_ACCESS_CAN_ADD\'' );
- if ( $rows && $row == $rows[0] )
- $PUBLIC_ACCESS_CAN_ADD = $row[0];
- }
- if ( empty ( $PHP_SELF ) )
- $PHP_SELF = $_SERVER['PHP_SELF'];
- if ( empty ( $login_url ) )
- $login_url = 'login.php';
- $login_url .= ( strstr ( $login_url, '?' ) ? '&' : '?' )
- . ( empty ( $login_return_path ) ? '' : 'return_path='
- . $login_return_path );
- // If sent here from an email and not logged in,
- //save URI and redirect to login.
- $em = getGetValue ( 'em' );
- $view_via_email = false;
- if ( ! empty ( $em ) && empty ( $login ) ) {
- remember_this_view ();
- $view_via_email = true;
- }
- if ( empty ( $session_not_found ) )
- $session_not_found = false;
- if ( ! $view_via_email && $pub_acc_enabled && ! empty ( $session_not_found ) ) {
- $firstname = $lastname = $user_email = '';
- $fullname = 'Public Access'; // Will be translated after translation is loaded.
- $is_admin = false;
- $login = '__public__';
- } else
- if ( $view_via_email || ( ! $pub_acc_enabled && $session_not_found
- && ! $use_http_auth ) ) {
- if ( substr ( $user_inc, 0, 9 ) == 'user-app-' )
- app_login_screen ( clean_whitespace ( $SCRIPT ) );
- else {
- do_redirect ( $login_url );
- exit;
- }
- }
- $is_nonuser = false;
- if ( empty ( $login ) && $use_http_auth ) {
- if ( strstr ( $PHP_SELF, "login.php" ) ) {
- // Ignore since login.php will redirect to index.php.
- } else
- send_http_login ();
- } else
- if ( ! empty ( $login ) ) {
- // They are already logged in ($login is set in validate.php).
- if ( strstr ( $PHP_SELF, 'login.php' ) ) {
- // Ignore since login.php will redirect to index.php.
- } else
- if ( $login == '__public__' ) {
- $firstname = $lastname = $user_email = '';
- $fullname = 'Public Access';
- $is_admin = false;
- } else {
- user_load_variables ( $login, 'login_' );
- if ( ! empty ( $login_login ) ) {
- $firstname = $login_firstname;
- $lastname = $login_lastname;
- $fullname = $login_fullname;
- $is_admin = ( $login_is_admin == 'Y' );
- $is_nonuser = ( ! empty ( $GLOBALS['login_is_nonuser'] ) &&
- $GLOBALS['login_is_nonuser'] );
- $user_email = $login_email;
- } else {
- // Invalid login.
- if ( $use_http_auth ) {
- if ($pub_acc_enabled) {
- $login = '__public__';
- $firstname = $lastname = $user_email = '';
- $fullname = 'Public Access';
- $is_admin = false;
- } else
- send_http_login ();
- } else
- // This shouldn't happen since login should be validated in validate.php.
- // If it does happen, it means we received an invalid login cookie.
- do_redirect ( $login_url . '&error=Invalid+session+found.' );
- }
- }
- }
- // If they are accessing using the public login, restrict them from using
- // certain pages.
- $not_auth = false;
- if ( ! empty ( $login ) && $login == '__public__' || $is_nonuser ) {
- if ( strstr ( $PHP_SELF, 'views.php' ) ||
- strstr ( $PHP_SELF, 'views_edit_handler.php' ) ||
- strstr ( $PHP_SELF, 'category.php' ) ||
- strstr ( $PHP_SELF, 'category_handler.php' ) ||
- strstr ( $PHP_SELF, 'activity_log.php' ) ||
- strstr ( $PHP_SELF, 'admin.php' ) ||
- strstr ( $PHP_SELF, 'adminhome.php' ) ||
- strstr ( $PHP_SELF, 'admin_handler.php' ) ||
- strstr ( $PHP_SELF, 'groups.php' ) ||
- strstr ( $PHP_SELF, 'group_edit_handler.php' ) ||
- strstr ( $PHP_SELF, 'pref.php' ) ||
- strstr ( $PHP_SELF, 'pref_handler.php' ) ||
- strstr ( $PHP_SELF, 'edit_remotes.php' ) ||
- strstr ( $PHP_SELF, 'edit_remotes_handler.php' ) ||
- strstr ( $PHP_SELF, 'edit_user.php' ) ||
- strstr ( $PHP_SELF, 'edit_user_handler.php' ) ||
- strstr ( $PHP_SELF, 'approve_entry.php' ) ||
- strstr ( $PHP_SELF, 'reject_entry.php' ) ||
- strstr ( $PHP_SELF, 'del_entry.php' ) ||
- strstr ( $PHP_SELF, 'set_entry_cat.php' ) ||
- strstr ( $PHP_SELF, 'list_unapproved.php' ) ||
- strstr ( $PHP_SELF, 'layers.php' ) ||
- strstr ( $PHP_SELF, 'layer_toggle.php' ) ||
- strstr ( $PHP_SELF, 'import.php' ) ||
- strstr ( $PHP_SELF, 'import_handler.php' ) ||
- strstr ( $PHP_SELF, 'edit_template.php' ) ) {
- $not_auth = true;
- }
- }
- if ( ! empty ( $login ) && ( empty ( $is_admin ) || ! $is_admin ) ) {
- if ( strstr ( $PHP_SELF, 'admin.php' ) ||
- strstr ( $PHP_SELF, 'admin_handler.php' ) ||
- strstr ( $PHP_SELF, 'groups.php' ) ||
- strstr ( $PHP_SELF, 'group_edit.php' ) ||
- strstr ( $PHP_SELF, 'group_edit_handler.php' ) ||
- strstr ( $PHP_SELF, 'activity_log.php' ) ) {
- $not_auth = true;
- }
- }
- // restrict access if calendar is read-only
- if ( $readonly == 'Y' ) {
- //if ( strstr ( $PHP_SELF, 'activity_log.php' ) ||
- if ( strstr ( $PHP_SELF, 'adminhome.php' ) ||
- strstr ( $PHP_SELF, 'admin.php' ) ||
- strstr ( $PHP_SELF, 'approve_entry.php' ) ||
- strstr ( $PHP_SELF, 'category_handler.php' ) ||
- strstr ( $PHP_SELF, 'category.php' ) ||
- strstr ( $PHP_SELF, 'del_entry.php' ) ||
- strstr ( $PHP_SELF, 'edit_report_handler.php' ) ||
- strstr ( $PHP_SELF, 'edit_report.php' ) ||
- strstr ( $PHP_SELF, 'edit_template.php' ) ||
- strstr ( $PHP_SELF, 'edit_user_handler.php' ) ||
- strstr ( $PHP_SELF, 'edit_user.php' ) ||
- strstr ( $PHP_SELF, 'group_edit_handler.php' ) ||
- strstr ( $PHP_SELF, 'groups.php' ) ||
- strstr ( $PHP_SELF, 'import_handler.php' ) ||
- strstr ( $PHP_SELF, 'import_handler.php' ) ||
- strstr ( $PHP_SELF, 'import.php' ) ||
- strstr ( $PHP_SELF, 'layers.php' ) ||
- strstr ( $PHP_SELF, 'layer_toggle.php' ) ||
- strstr ( $PHP_SELF, 'list_unapproved.php' ) ||
- strstr ( $PHP_SELF, 'pref_handler.php' ) ||
- strstr ( $PHP_SELF, 'pref.php' ) ||
- strstr ( $PHP_SELF, 'pref_handler.php' ) ||
- strstr ( $PHP_SELF, 'purge.php' ) ||
- strstr ( $PHP_SELF, 'register.php' ) ||
- strstr ( $PHP_SELF, 'reject_entry.php' ) ||
- strstr ( $PHP_SELF, 'set_entry_cat.php' ) ||
- strstr ( $PHP_SELF, 'users.php' ) ||
- strstr ( $PHP_SELF, 'views_edit_handler.php' ) ||
- strstr ( $PHP_SELF, 'views.php' ) ) {
- $not_auth = true;
- }
- }
- // An attempt will be made to translate
- if ( $not_auth ) {
- load_user_preferences ();
- $error = ( function_exists ( 'translate' )
- ? translate ( 'You are not authorized.' ) : 'You are not authorized.' );
- die_miserable_death ( $error );
- }
- }
- /* Initializations from includes/site-extras.php.
- *
- * This is a placeholder for now.
- *
- * @access private
- *
- * @todo Figure out what should go here.
- */
- function _initSiteExtras () {
- }
- /* Initializations from includes/access.php.
- *
- * @access private
- */
- function _initAccess () {
- global $access_other_cals;
- // Global variable used to cache permissions
- $access_other_cals = array ();
- }
- /* Initializations from includes/translate.php.
- *
- * @access private
- */
- function _initTranslate () {
- global $lang, $lang_file, $LANGUAGE, $PUBLIC_ACCESS_FULLNAME,
- $translation_loaded, $enable_mbstring;
- if ( empty ( $LANGUAGE ) )
- $LANGUAGE = 'English-US'; // Default
- // If set to use browser settings,
- // use the user's language preferences from their browser.
- $lang = $LANGUAGE;
- if ( $LANGUAGE == 'Browser-defined' || $LANGUAGE == 'none' ) {
- $lang = get_browser_language ();
- if ( $lang == 'none' )
- $lang = '';
- }
- if ( strlen ( $lang ) == 0 || $lang == 'none' )
- $lang = 'English-US'; // Default
- $lang_file = 'translations/' . $lang . '.txt';
- if (extension_loaded('mbstring')) {
- $mb_lang = strtok($lang, '-');
- if (@mb_language($mb_lang) && mb_internal_encoding(translate('charset'))) {
- $enable_mbstring = true;
- } else {
- $enable_mbstring = false;
- }
- }
- $translation_loaded = false;
- $PUBLIC_ACCESS_FULLNAME = 'Public Access'; // default
- }
- /* Gets the initialization phases for the page being viewed.
- *
- * @return array Array of initialization phases.
- *
- * @access private
- */
- function _getPhases () {
- global $user_inc;
- foreach ( $this->_filePhaseMap as $pattern => $phases ) {
- if ( preg_match ( $pattern, $this->_filename ) !== 0 )
- return $phases;
- }
- die_miserable_death ( '_getPhases: could not find \'' . $this->_filename
- . '\' in _filePhaseMap.' );
- }
- /* Gets the initialization steps for the current page and phase.
- *
- * @param int $phase Initialization phase number
- *
- * @return array Array of initialization steps.
- *
- * @access private
- */
- function _getSteps ( $phase ) {
- $phases = $this->_getPhases ();
- return $phases[$phase - 1];
- }
- /* Performs initialization steps.
- *
- * @param int $phase Which step of initialization should we perform?
- *
- * @access private
- */
- function _doInit ( $phase ) {
- $steps = $this->_getSteps ( $phase );
- foreach ( $steps as $step ) {
- $function = "_init$step";
- $this->$function ();
- }
- }
- /* Begins initialization of WebCalendar.
- *
- * @param string $path Full path of page being viewed
- *
- * @access public
- */
- function initializeFirstPhase () {
- $this->_doInit ( 1 );
- }
- /* Continues initialization of WebCalendar.
- *
- * @param string $path Full path of page being viewed
- *
- * @access public
- */
- function initializeSecondPhase () {
- $this->_doInit ( 2 );
- }
- /* Sets the translation language.
- *
- * @access public
- */
- function setLanguage () {
- $this->_initTranslate ();
- }
- /* Construct an absolute path.
- *
- * @param string $path The path relative to the WebCalendar install directory
- *
- * @return string The absolute path
- */
- function absolutePath ( $path ) {
- return $this->_directory . $path;
- }
- }
- ?>