PageRenderTime 62ms CodeModel.GetById 25ms RepoModel.GetById 0ms app.codeStats 1ms

/WebCalendar-1.2.5/includes/classes/WebCalendar.class.orig

#
Unknown | 983 lines | 874 code | 109 blank | 0 comment | 0 complexity | af38583a7e29a11fce241f3610da9c01 MD5 | raw file
Possible License(s): LGPL-2.1 
    

  1. <?php
    2. 

  2. /* Declares the WebCalendar class.
    3. 

  3.  *
    4. 

  4.  * @author Adam Roben <adam.roben@gmail.com>
    5. 

  5.  * @copyright Craig Knudsen, <cknudsen@cknudsen.com>, http://www.k5n.us/cknudsen
    6. 

  6.  * @license http://www.gnu.org/licenses/gpl.html GNU GPL
    7. 

  7.  * @version $Id: WebCalendar.class,v 1.108.2.15 2011/07/12 19:25:12 rjones6061 Exp $
    8. 

  8.  * @package WebCalendar
    9. 

  9.  */
    10. 

  10. 

  11. /* The WebCalendar.
    12. 

  12.  *
    13. 

  13.  * Right now this class's functionality is limited to initialization routines.
    14. 

  14.  *
    15. 

  15.  * @todo Get rid of all the global variables.
    16. 

  16.  * @todo Organize initialization steps more logically.
    17. 

  17.  */
    18. 

  18. class WebCalendar {
    19. 

  19.   /* Filename of the page the user is viewing.
    20. 

  20.    *
    21. 

  21.    * @var string
    22. 

  22.    *
    23. 

  23.    * @access private
    24. 

  24.    */
    25. 

  25.   var $_filename;
    26. 

  26. 

  27.   /* WebCalendar install directory.
    28. 

  28.    *
    29. 

  29.    * @var string
    30. 

  30.    *
    31. 

  31.    * @access private
    32. 

  32.    */
    33. 

  33.   var $_directory;
    34. 

  34. 

  35.   /* A map from filenames to initialization phases.
    36. 

  36.    *
    37. 

  37.    * This array holds the initialization steps for each page. Steps are
    38. 

  38.    * separated into phases, and listed in the order they should be executed,
    39. 

  39.    * and are the names of the WebCalendar::methods that should be called,
    40. 

  40.    * without the `_Init' prefix.
    41. 

  41.    *
    42. 

  42.    * @var array
    43. 

  43.    *
    44. 

  44.    * @access private
    45. 

  45.    *
    46. 

  46.    * @todo Make it possible to distinguish between files in different directories
    47. 

  47.    * (e.g. login.php and ws/login.php).
    48. 

  48.    */
    49. 

  49.   var $_filePhaseMap =
    50. 

  50.   array ( '/^(about|nulogin|login|login-app|register|controlpanel|upcoming)\.php$/' =>
    51. 

  51.     array (
    52. 

  52.       array ( 'Config', 'PHPDBI', 'Functions' ),
    53. 

  53.       array ( 'User', 'Connect' ) ),
    54. 

  54.     '/^(ajax|css_cacher|js_cacher|icalclient|freebusy|publish|rss|rss_unapproved|rss_activity_log|get_reminders|get_events|ws)\.php$/' =>
    55. 

  55.     array (
    56. 

  56.       array ( 'Config', 'PHPDBI', 'Functions' ),
    57. 

  57.       array ( 'User', 'Validate', 'Connect', 'SiteExtras', 'Access' ) ),
    58. 

  58.     '/^convert_passwords\.php$/' =>
    59. 

  59.     array (
    60. 

  60.       array ( 'Config', 'PHPDBI' ),
    61. 

  61.       array () ),
    62. 

  62.     '/^send_reminders|reload_remotes\.php$/' =>
    63. 

  63.     array (
    64. 

  64.       array ( 'Config', 'PHPDBI', 'Functions' ),
    65. 

  65.       array ( 'User', 'SiteExtras' ) ),
    66. 

  66.     /* This is for files which have called include('includes/init.php'). */
    67. 

  67.     '/^init\.php$/' =>
    68. 

  68.     array (
    69. 

  69.       array ( 'InitFirstPhase', 'Config', 'PHPDBI', 'Functions' ),
    70. 

  70.       array ( 'User', 'Validate', 'Connect', 'SiteExtras', 'Access', 'InitSecondPhase' ) )
    71. 

  71.     );
    72. 

  72. 

  73.   /* WebCalendar constructor.
    74. 

  74.    *
    75. 

  75.    * @param string $path Full path of file being viewed.
    76. 

  76.    *
    77. 

  77.    * @return WebCalendar New WebCalendar object.
    78. 

  78.    *
    79. 

  79.    * @access public
    80. 

  80.    */
    81. 

  81.   function WebCalendar ( $path ) {
    82. 

  82.     $this->_filename = basename ( $path );
    83. 

  83.     $this->_directory = dirname ( __FILE__ ) . '/../../';
    84. 

  84.     // Define a value to prevent direct access to files.
    85. 

  85.     define ( '_ISVALID', 1 );
    86. 

  86.   }
    87. 

  87. 

  88.   // cek: This function is used by some other apps that I have developed
    89. 

  89.   // but have not released.
    90. 

  90.   function addExternalPage ( $pattern, $initArray ) {
    91. 

  91.     $this->_filePhaseMap[$pattern] = $initArray;
    92. 

  92.   }
    93. 

  93. 

  94.   /* First part of initializations from includes/init.php.
    95. 

  95.    *
    96. 

  96.    * @access private
    97. 

  97.    */
    98. 

  98.   function _initInitFirstPhase () {
    99. 

  99.     global $DMW, $HTTP_GET_VARS, $HTTP_POST_VARS, $PHP_SELF, $SCRIPT, $self,
    100. 

  100.     $special, $user_inc;
    101. 

  101. 

  102.     // Make sure another app in the same domain doesn't have a 'user' cookie.
    103. 

  103.     if ( empty ( $HTTP_GET_VARS ) )
    104. 

  104.       $HTTP_GET_VARS = $_GET;
    105. 

  105. 

  106.     if ( empty ( $HTTP_POST_VARS ) )
    107. 

  107.       $HTTP_POST_VARS = $_POST;
    108. 

  108. 

  109.     if ( ! empty ( $HTTP_GET_VARS ) && empty ( $HTTP_GET_VARS['user'] ) && !
    110. 

  110.         empty ( $HTTP_POST_VARS ) && empty ( $HTTP_POST_VARS['user'] ) &&
    111. 

  111.         isset ( $GLOBALS['user'] ) )
    112. 

  112.       unset ( $GLOBALS['user'] );
    113. 

  113. 

  114.     // Get script name.
    115. 

  115.     $self = $_SERVER['PHP_SELF'];
    116. 

  116.     if ( empty ( $self ) )
    117. 

  117.       $self = $PHP_SELF;
    118. 

  118. 

  119.     preg_match ( '/\/(\w+\.php)/', $self, $match );
    120. 

  120.     $SCRIPT = $match[1];
    121. 

  121. 

  122.     // Several files need a no-cache header and some of the same code.
    123. 

  123.     $special = array ( 'month.php', 'day.php', 'week.php',
    124. 

  124.       'week_details.php', 'year.php', 'minical.php' );
    125. 

  125.     $DMW = in_array ( $SCRIPT, $special );
    126. 

  126. 

  127.     // Security precaution.  Don't allow <script> to be included in
    128. 

  128.     // a URL in any way.
    129. 

  129.     if ( preg_match ( '/\s*script/i', $_SERVER['QUERY_STRING'] ) ) {
    130. 

  130.       // No need to have a graceful exit for this since it should only
    131. 

  131.       // happen to malicioius crapweasels.
    132. 

  132.       echo "<html><body><h2>User Error</h2><p>Bite me.</p></html>\n";
    133. 

  133.       exit;
    134. 

  134.     }
    135. 

  135. 

  136.     // Unset some variables that shouldn't be set.
    137. 

  137.     unset ( $user_inc );
    138. 

  138.   }
    139. 

  139. 

  140.   /* Second part of initializations from includes/init.php.
    141. 

  141.    *
    142. 

  142.    * @access private
    143. 

  143.    */
    144. 

  144.   function _initInitSecondPhase () {
    145. 

  145.     global $ALLOW_VIEW_OTHER, $can_add, $can_add, $cat_id, $CATEGORIES_ENABLED,
    146. 

  146.     $CATEGORY_VIEW, $caturl, $date, $DMW, $friendly, $override, $fullname, $GROUPS_ENABLED,
    147. 

  147.     $hour, $id, $is_admin, $is_assistant, $is_nonuser, $login, $minute, $month,
    148. 

  148.     $NONUSER_ENABLED, $nonusers, $ovrd, $PUBLIC_ACCESS, $PUBLIC_ACCESS_CAN_ADD,
    149. 

  149.     $PUBLIC_ACCESS_FULLNAME, $PUBLIC_ACCESS_OTHERS, $readonly, $u_url, $user,
    150. 

  150.     $user_fullname, $USER_SEES_ONLY_HIS_GROUPS, $userlist, $valid_user, $year;
    151. 

  151. 

  152.     load_global_settings ();
    153. 

  153. 

  154.     $this->setLanguage ();
    155. 

  155. 

  156.     if ( empty ( $ovrd ) )
    157. 

  157.       load_user_preferences ();
    158. 

  158. 

  159.     // Error-check some commonly used form variable names.
    160. 

  160.     $cat_id = getValue ( 'cat_id', '[\-0-9,]+' );
    161. 

  161.     $date = getValue ( 'date', '[0-9]+' );
    162. 

  162.     $friendly = getValue ( 'friendly', '[01]' );
    163. 

  163.     $override = getValue ( 'override', '[01]' );
    164. 

  164.     $hour = getValue ( 'hour', '[0-9]+' );
    165. 

  165.     $id = getValue ( 'id', '[0-9]+', true );
    166. 

  166.     $minute = getValue ( 'minute', '[0-9]+' );
    167. 

  167.     $month = getValue ( 'month', '[0-9]+' );
    168. 

  168.     $user = getValue ( 'user', '[A-Za-z0-9_\.=@,\-]*', true );
    169. 

  169.     $year = getValue ( 'year', '[0-9]+' );
    170. 

  170.     if ( empty ( $PUBLIC_ACCESS ) )
    171. 

  171.       $PUBLIC_ACCESS = 'N';
    172. 

  172. 

  173.     // Initialize access settings ($user_access string)
    174. 

  174.     // and make sure user is allowed to view the current page.
    175. 

  175.     access_init ();
    176. 

  176.     if ( ! access_can_view_page () ) {
    177. 

  177.       $user_BGCOLOR = get_pref_setting ( $login, 'BGCOLOR' );
    178. 

  178.       echo '<html>
    179. 

  179.   <head>
    180. 

  180.     <title>' . generate_application_name () . ' ' . translate ( 'Error' ) . '</title>
    181. 

  181.   </head>
    182. 

  182.   <body bgcolor="' . $user_BGCOLOR . '">
    183. 

  183.     ' . print_not_auth ( true ) . '
    184. 

  184.   </body>
    185. 

  185. </html>';
    186. 

  186.       exit;
    187. 

  187.     }
    188. 

  188. 

  189.     $can_add = false;
    190. 

  190.     // Load if $SCRIPT is in $special array:
    191. 

  191.     if ( $DMW ) {
    192. 

  192.       // Tell the browser not to cache.
    193. 

  193.       // send_no_cache_header ();
    194. 

  194. 

  195.       if ( $ALLOW_VIEW_OTHER != 'Y' && ! $is_admin && ! $is_assistant )
    196. 

  196.         $user = '';
    197. 

  197. 

  198.       $can_add = ( $readonly == 'N' || $is_admin == 'Y' );
    199. 

  199.       if ( $PUBLIC_ACCESS == 'Y' && $login == '__public__' ) {
    200. 

  200.         if ( $PUBLIC_ACCESS_CAN_ADD != 'Y' )
    201. 

  201.           $can_add = false;
    202. 

  202. 

  203.         if ( $PUBLIC_ACCESS_OTHERS != 'Y' )
    204. 

  204.           $user = ''; // Security precaution.
    205. 

  205.       }
    206. 

  206.       if ( $is_nonuser )
    207. 

  207.         $can_add = false;
    208. 

  208. 

  209.       if ( $GROUPS_ENABLED == 'Y' && $USER_SEES_ONLY_HIS_GROUPS == 'Y' && ! $is_admin ) {
    210. 

  210.         $userlist = get_my_users ();
    211. 

  211.         $valid_user = false;
    212. 

  212.         if ( ! empty ( $NONUSER_ENABLED ) && $NONUSER_ENABLED == 'Y' ) {
    213. 

  213.           $nonusers = get_my_nonusers ( $login, true );
    214. 

  214.           $userlist = array_merge ( $nonusers, $userlist );
    215. 

  215.         }
    216. 

  216.         for ( $i = 0; $i < count ( $userlist ); $i++ ) {
    217. 

  217.           if ( $user == $userlist[$i]['cal_login'] )
    218. 

  218.             $valid_user = true;
    219. 

  219.         }
    220. 

  220.         if ( ! $valid_user )
    221. 

  221.           $user = ''; // Security precaution.
    222. 

  222.       }
    223. 

  223. 

  224.       if ( ! empty ( $user ) ) {
    225. 

  225.         $u_url = 'user=' . $user . '&amp;';
    226. 

  226.         user_load_variables ( $user, 'user_' );
    227. 

  227.         if ( $user == '__public__' )
    228. 

  228.           $user_fullname = translate ( $PUBLIC_ACCESS_FULLNAME );
    229. 

  229.       } else {
    230. 

  230.         $u_url = '';
    231. 

  231.         $user_fullname = $fullname;
    232. 

  232.         if ( $login == '__public__' )
    233. 

  233.           $user_fullname = translate ( $PUBLIC_ACCESS_FULLNAME );
    234. 

  234.       }
    235. 

  235. 

  236.       set_today ( $date );
    237. 

  237. 

  238.       remember_this_view ();
    239. 

  239. 

  240.       if ( $CATEGORIES_ENABLED == 'Y' ) {
    241. 

  241.         if ( ! empty ( $cat_id ) ) {
    242. 

  242.         } elseif ( ! empty ( $CATEGORY_VIEW ) && ! isset ( $_GET['cat_id'] ) )
    243. 

  243.           $cat_id = $CATEGORY_VIEW;
    244. 

  244.         else
    245. 

  245.           $cat_id = '';
    246. 

  246.       } else
    247. 

  247.         $cat_id = '';
    248. 

  248. 

  249.       $caturl = ( empty ( $cat_id ) ? '' : '&amp;cat_id=' . $cat_id );
    250. 

  250.     }
    251. 

  251.   }
    252. 

  252. 

  253.   /* Initializations from includes/assert.php.
    254. 

  254.    *
    255. 

  255.    * @access private
    256. 

  256.    */
    257. 

  257.   function _initAssert () {
    258. 

  258.     // Initialize assert options.
    259. 

  259.     assert_options ( ASSERT_CALLBACK, 'assert_handler' );
    260. 

  260.     assert_options ( ASSERT_ACTIVE, 1 );
    261. 

  261.   }
    262. 

  262. 

  263.   /* Initializations from includes/config.php.
    264. 

  264.    *
    265. 

  265.    * @access private
    266. 

  266.    */
    267. 

  267.   function _initConfig () {
    268. 

  268.     do_config ( $this->absolutePath ( 'includes/settings.php' ) );
    269. 

  269.   }
    270. 

  270. 

  271.   /* Initializations from includes/dbi4php.php.
    272. 

  272.    *
    273. 

  273.    * @access private
    274. 

  274.    */
    275. 

  275.   function _initPHPDBI () {
    276. 

  276.     global $phpdbiVerbose;
    277. 

  277. 

  278.     // Enable the following to show the actual database error in the browser.
    279. 

  279.     // It is more secure to not show this info, so this should only be turned
    280. 

  280.     // on for debugging purposes.
    281. 

  281.     if ( ! isset ( $phpdbiVerbose ) )
    282. 

  282.       $phpdbiVerbose = false;
    283. 

  283.   }
    284. 

  284. 

  285.   /* Initializations from includes/functions.php.
    286. 

  286.    *
    287. 

  287.    * @access private
    288. 

  288.    */
    289. 

  289.   function _initFunctions () {
    290. 

  290.     global $byday_names, $byday_values, $days_per_month, $db_login, $db_password,
    291. 

  291.     $ldays_per_month,
    292. 

  292.     $offsets, $PHP_SELF, $settings, $weekday_names;
    293. 

  293. 

  294.     /**#@+
    295. 

  295.      * Used for activity log.
    296. 

  296.      */
    297. 

  297.     define ( 'LOG_APPROVE',       'A' );
    298. 

  298.     define ( 'LOG_APPROVE_J',     'P' );
    299. 

  299.     define ( 'LOG_APPROVE_T',     'H' );
    300. 

  300.     define ( 'LOG_ATTACHMENT',    'T' );
    301. 

  301.     define ( 'LOG_COMMENT',       'M' );
    302. 

  302.     define ( 'LOG_CREATE',        'C' );
    303. 

  303.     define ( 'LOG_CREATE_J',      'I' );
    304. 

  304.     define ( 'LOG_CREATE_T',      'G' );
    305. 

  305.     define ( 'LOG_DELETE',        'D' );
    306. 

  306.     define ( 'LOG_DELETE_J',      'V' );
    307. 

  307.     define ( 'LOG_DELETE_T',      'L' );
    308. 

  308.     define ( 'LOG_LOGIN_FAILURE', 'x' );
    309. 

  309.     define ( 'LOG_NEWUSER_EMAIL', 'E' );
    310. 

  310.     define ( 'LOG_NEWUSER_FULL',  'F' );
    311. 

  311.     define ( 'LOG_NOTIFICATION',  'N' );
    312. 

  312.     define ( 'LOG_REJECT',        'X' );
    313. 

  313.     define ( 'LOG_REJECT_J',      'Q' );
    314. 

  314.     define ( 'LOG_REJECT_T',      'J' );
    315. 

  315.     define ( 'LOG_REMINDER',      'R' );
    316. 

  316.     define ( 'LOG_UPDATE',        'U' );
    317. 

  317.     define ( 'LOG_UPDATE_J',      'S' );
    318. 

  318.     define ( 'LOG_UPDATE_T',      'K' );
    319. 

  319.     define ( 'LOG_USER_ADD',      'a' );
    320. 

  320.     define ( 'LOG_USER_DELETE',   'd' );
    321. 

  321.     define ( 'LOG_USER_UPDATE',   'u' );
    322. 

  322.     /**#@-*/
    323. 

  323. 

  324.     /* Number of seconds in:
    325. 

  325.      */
    326. 

  326.     define ( 'ONE_HOUR', 3600 );
    327. 

  327.     define ( 'ONE_DAY',  86400 );
    328. 

  328.     define ( 'ONE_WEEK', 604800 );
    329. 

  329. 

  330.     /* Arrays containing the number of days in each month
    331. 

  331.      * in a leap year and a non-leap year.
    332. 

  332.      *
    333. 

  333.      * @global array $ldays_per_month
    334. 

  334.      * @global array $days_per_month
    335. 

  335.      */
    336. 

  336.     $ldays_per_month =
    337. 

  337.     $days_per_month = array ( 0, 31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31 );
    338. 

  338.     $ldays_per_month[2] = 29;
    339. 

  339. 

  340.     /* Array containing the short names for the days of the week.
    341. 

  341.      *
    342. 

  342.      * @global array $weekday_names
    343. 

  343.      */
    344. 

  344.     $weekday_names = array ( 'Sun', 'Mon', 'Tue', 'Wed', 'Thu', 'Fri', 'Sat' );
    345. 

  345. 

  346.     /* Array containing the BYDAY names for the days of the week.
    347. 

  347.      *
    348. 

  348.      * @global array $byday_name
    349. 

  349.      */
    350. 

  350.     $byday_names = array ( 'SU', 'MO', 'TU', 'WE', 'TH', 'FR', 'SA' );
    351. 

  351. 

  352.     /* Array containing the number value of the days of the week.
    353. 

  353.      *
    354. 

  354.      * @global array $days_per_week
    355. 

  355.      */
    356. 

  356.     $days_of_week = array_flip ( $weekday_names );
    357. 

  357. 

  358.     /* Array containing the number value of the ical ByDay abbreviations.
    359. 

  359.      *
    360. 

  360.      * @global array $byday_values
    361. 

  361.      */
    362. 

  362.     $byday_values = array_flip ( $byday_names );
    363. 

  363. 

  364.     /* Pull out cookies and place them in global variables */
    365. 

  365.     if ( ! empty ( $_COOKIE['webcalendar_session'] ) )
    366. 

  366.       $GLOBALS['webcalendar_session'] = $_COOKIE['webcalendar_session'];
    367. 

  367.     if ( ! empty ( $_COOKIE['webcalendar_login'] ) )
    368. 

  368.       $GLOBALS['webcalendar_login'] = $_COOKIE['webcalendar_login'];
    369. 

  369.     if ( ! empty ( $_COOKIE['webcalendar_last_view'] ) )
    370. 

  370.       $GLOBALS['webcalendar_last_view'] = $_COOKIE['webcalendar_last_view'];
    371. 

  371.     if ( ! empty ( $_COOKIE['webcalendar_csscache'] ) )
    372. 

  372.       $GLOBALS['webcalendar_csscache'] = $_COOKIE['webcalendar_csscache'];
    373. 

  373. 

  374.     // Don't allow a user to put "login=XXX" in the URL
    375. 

  375.     // if they are not coming from the login.php page.
    376. 

  376.     if ( empty ( $PHP_SELF ) && ! empty ( $_SERVER['PHP_SELF'] ) )
    377. 

  377.       $PHP_SELF = $_SERVER['PHP_SELF']; // Backward compatibility.
    378. 

  378. 

  379.     if ( empty ( $PHP_SELF ) )
    380. 

  380.       $PHP_SELF = ''; // This happens when running send_reminders.php from CL.
    381. 

  381. 

  382.     if ( ! strstr ( $PHP_SELF, 'login.php' ) && ! empty ( $GLOBALS['login'] ) )
    383. 

  383.       $GLOBALS['login'] = '';
    384. 

  384. 

  385.     // Define an array to use to jumble up the key: $offsets
    386. 

  386.     // We define a unique key to scramble the cookie we generate.
    387. 

  387.     // We use the admin install password that the user set to make
    388. 

  388.     // the salt unique for each WebCalendar install.
    389. 

  389.     $salt = ( ! empty ( $settings ) && ! empty ( $settings['install_password'] )
    390. 

  390.       ? $settings['install_password'] : md5 ( $db_login ) );
    391. 

  391.     $salt_len = strlen ( $salt );
    392. 

  392. 

  393.     $salt2 =  md5 ( empty ( $db_password ) ? 'oogabooga' : $db_password );
    394. 

  394.     $salt2_len = strlen ( $salt2 );
    395. 

  395. 

  396.     $offsets = array ();
    397. 

  397.     for ( $i = 0; $i < $salt_len || $i < $salt2_len; $i++ ) {
    398. 

  398.       $offsets[$i] = 0;
    399. 

  399.       if ( $i < $salt_len )
    400. 

  400.         $offsets[$i] += ord ( substr ( $salt, $i, 1 ) );
    401. 

  401. 

  402.       if ( $i < $salt2_len )
    403. 

  403.         $offsets[$i] += ord ( substr ( $salt2, $i, 1 ) );
    404. 

  404. 

  405.       $offsets[$i] %= 128;
    406. 

  406.     }
    407. 

  407.   }
    408. 

  408. 

  409.   /* Initializations from includes/user*.php.
    410. 

  410.    *
    411. 

  411.    * This is a placeholder for now. We are letting includes/user*.php handle
    412. 

  412.    * its own initialization.
    413. 

  413.    *
    414. 

  414.    * @access private
    415. 

  415.    *
    416. 

  416.    * @todo Make an Authentication interface class and create a subclass for
    417. 

  417.    *       each user*.php page.
    418. 

  418.    */
    419. 

  419.   function _initUser () {
    420. 

  420.   }
    421. 

  421. 

  422.   /* Initializations from includes/validate.php.
    423. 

  423.    *
    424. 

  424.    * @access private
    425. 

  425.    */
    426. 

  426.   function _initValidate () {
    427. 

  427.     global $c, $cryptpw, $db_database, $db_host, $db_login, $db_password,
    428. 

  428.     $encoded_login, $HTTP_ENV_VARS, $HTTP_SERVER_VARS, $is_nonuser, $login,
    429. 

  429.     $login_return_path, $PHP_AUTH_USER, $REMOTE_USER, $SCRIPT,
    430. 

  430.     $session_not_found, $settings, $single_user, $single_user_login,
    431. 

  431.     $use_http_auth, $user_inc, $validate_redirect, $webcalendar_session;
    432. 

  432. 

  433.     /* If WebCalendar is configured to use http authentication, then we can
    434. 

  434.      * use _initValidate (). If we are not using http auth, icalclient.php will
    435. 

  435.      * create its own http auth since an iCal client cannot login via a
    436. 

  436.      * web-based login. Publish.php does need to validate if not http_auth.
    437. 

  437.      */
    438. 

  438.     if ( ! $use_http_auth &&
    439. 

  439.       ( $this->_filename == 'css_cacher.php' ||
    440. 

  440.         $this->_filename == 'icalclient.php' ||
    441. 

  441.         $this->_filename == 'rss_unapproved.php' ||
    442. 

  442.         $this->_filename == 'rss_activity_log.php' ||
    443. 

  443.         $this->_filename == 'js_cacher.php' ||
    444. 

  444.         $this->_filename == 'publish.php' ) ) {
    445. 

  445.       return;
    446. 

  446.     }
    447. 

  447. 

  448.     $is_nonuser = $session_not_found = $validate_redirect = false;
    449. 

  449. 

  450.     // Catch-all for getting the username when using HTTP-authentication.
    451. 

  451.     if ( $use_http_auth ) {
    452. 

  452.       if ( empty ( $PHP_AUTH_USER ) ) {
    453. 

  453.         if ( ! empty ( $_SERVER ) && isset ( $_SERVER['PHP_AUTH_USER'] ) )
    454. 

  454.           $PHP_AUTH_USER = $_SERVER['PHP_AUTH_USER'];
    455. 

  455.         else
    456. 

  456.         if ( ! empty ( $HTTP_SERVER_VARS ) &&
    457. 

  457.             isset ( $HTTP_SERVER_VARS['PHP_AUTH_USER'] ) )
    458. 

  458.           $PHP_AUTH_USER = $HTTP_SERVER_VARS['PHP_AUTH_USER'];
    459. 

  459.         else
    460. 

  460.         if ( isset ( $REMOTE_USER ) )
    461. 

  461.           $PHP_AUTH_USER = $REMOTE_USER;
    462. 

  462.         else
    463. 

  463.         if ( ! empty ( $_ENV ) && isset ( $_ENV['REMOTE_USER'] ) )
    464. 

  464.           $PHP_AUTH_USER = $_ENV['REMOTE_USER'];
    465. 

  465.         else
    466. 

  466.         if ( ! empty ( $HTTP_ENV_VARS ) && isset ( $HTTP_ENV_VARS['REMOTE_USER'] ) )
    467. 

  467.           $PHP_AUTH_USER = $HTTP_ENV_VARS['REMOTE_USER'];
    468. 

  468.         else
    469. 

  469.         if ( @getenv ( 'REMOTE_USER' ) )
    470. 

  470.           $PHP_AUTH_USER = getenv ( 'REMOTE_USER' );
    471. 

  471.         else
    472. 

  472.         if ( isset ( $AUTH_USER ) )
    473. 

  473.           $PHP_AUTH_USER = $AUTH_USER;
    474. 

  474.         else
    475. 

  475.         if ( ! empty ( $_ENV ) && isset ( $_ENV['AUTH_USER'] ) )
    476. 

  476.           $PHP_AUTH_USER = $_ENV['AUTH_USER'];
    477. 

  477.         else
    478. 

  478.         if ( ! empty ( $HTTP_ENV_VARS ) && isset ( $HTTP_ENV_VARS['AUTH_USER'] ) )
    479. 

  479.           $PHP_AUTH_USER = $HTTP_ENV_VARS['AUTH_USER'];
    480. 

  480.         else
    481. 

  481.         if ( @getenv ( 'AUTH_USER' ) )
    482. 

  482.           $PHP_AUTH_USER = getenv ( 'AUTH_USER' );
    483. 

  483.       }
    484. 

  484.     }
    485. 

  485. 

  486.     if ( $single_user == 'Y' )
    487. 

  487.       $login = $single_user_login;
    488. 

  488.     else {
    489. 

  489.       if ( $use_http_auth ) {
    490. 

  490.         // HTTP server did validation for us....
    491. 

  491.         if ( empty ( $PHP_AUTH_USER ) )
    492. 

  492.           $session_not_found = true;
    493. 

  493.         else
    494. 

  494.           $login = $PHP_AUTH_USER;
    495. 

  495.       } else
    496. 

  496.       if ( substr ( $user_inc, 0, 9 ) == 'user-app-' ) {
    497. 

  497.         // Make sure we are connected to the database for session check.
    498. 

  498.         $c = @dbi_connect ( $db_host, $db_login, $db_password, $db_database );
    499. 

  499.         if ( ! $c )
    500. 

  500.           die_miserable_death ( 'Error connecting to database:<blockquote>'
    501. 

  501.              . dbi_error () . '</blockquote>' );
    502. 

  502. 

  503.         // Use another application's authentication.
    504. 

  504.         if ( $login != user_logged_in () )
    505. 

  505.           $session_not_found = true;
    506. 

  506.       } else {
    507. 

  507.         @session_start ();
    508. 

  508.         if ( ! empty ( $_SESSION['webcal_login'] ) )
    509. 

  509.           $login = $_SESSION['webcal_login'];
    510. 

  510. 

  511.         if ( ! empty ( $_SESSION['webcalendar_session'] ) )
    512. 

  512.           $webcalendar_session = $_SESSION['webcalendar_session'];
    513. 

  513. 

  514.         if ( empty ( $login ) && empty ( $webcalendar_session ) )
    515. 

  515.           $session_not_found = true;
    516. 

  516.         else
    517. 

  517.         if ( empty ( $_SESSION['webcal_login'] ) &&
    518. 

  518.             // Check for cookie...
    519. 

  519.             ! empty ( $webcalendar_session ) ) {
    520. 

  520.           $encoded_login = $webcalendar_session;
    521. 

  521.           if ( empty ( $encoded_login ) )
    522. 

  522.             // Invalid session cookie.
    523. 

  523.             $session_not_found = true;
    524. 

  524.           else {
    525. 

  525.             $login_pw = explode( '|', decode_string ( $encoded_login ) );
    526. 

  526.             $login = $login_pw[0];
    527. 

  527.             $cryptpw = $login_pw[1];
    528. 

  528. 

  529.             // Security fix. Don't allow certain types of characters in
    530. 

  530.             // the login. WebCalendar does not escape the login name in
    531. 

  531.             // SQL requests. So, if the user were able to set the login
    532. 

  532.             // name to be "x';drop table u;",
    533. 

  533.             // they may be able to affect the database.
    534. 

  534.             // NOTE: we also changed the cookie encoding from WebCalendar 1.0.X
    535. 

  535.             // to WebCalendar 1.1.X+, so this causes a bad cookie error.
    536. 

  536.             if ( ! empty ( $login ) && $login != addslashes ( $login ) ) {
    537. 

  537.               // The following deletes the bad cookie.  So, the user just needs
    538. 

  538.               // to reload.
    539. 

  539.               SetCookie ( 'webcalendar_session', '', 0 );
    540. 

  540.               die_miserable_death ( 'Illegal characters in login <tt>'
    541. 

  541.                  . htmlentities ( $login ) . '</tt>' .
    542. 

  542.                  "Press browser reload to clear bad cookie." );
    543. 

  543.             }
    544. 

  544. 

  545.             // Make sure we are connected to the database for password check.
    546. 

  546.             $c = @dbi_connect ( $db_host, $db_login, $db_password, $db_database );
    547. 

  547.             if ( ! $c )
    548. 

  548.               die_miserable_death ( 'Error connecting to database:<blockquote>'
    549. 

  549.                  . dbi_error () . '</blockquote>' );
    550. 

  550. 

  551.             doDbSanityCheck ();
    552. 

  552.             if ( $cryptpw == 'nonuser' ) {
    553. 

  553.               if ( ! nonuser_load_variables ( $login, 'nutemp_' ) )
    554. 

  554.                 // No such nonuser cal.
    555. 

  555.                 die_miserable_death ( 'Invalid nonuser calendar.' );
    556. 

  556. 

  557.               if ( empty ( $GLOBALS['nutemp_is_public'] ) ||
    558. 

  558.                 $GLOBALS['nutemp_is_public'] != 'Y' )
    559. 

  559.                 die_miserable_death ( 'Nonuser calendar is not public.' );
    560. 

  560. 

  561.               $is_nonuser = true;
    562. 

  562.             } else
    563. 

  563.             if ( ! user_valid_crypt ( $login, $cryptpw ) )
    564. 

  564.               do_redirect ( 'login.php' . ( empty ( $login_return_path )
    565. 

  565.                   ? '' : '?return_path=' . $login_return_path ) );
    566. 

  566. 

  567.             @session_start ();
    568. 

  568.             $_SESSION['webcal_login'] = $login;
    569. 

  569.             $_SESSION['webcalendar_session'] = $webcalendar_session;
    570. 

  570.           }
    571. 

  571.         }
    572. 

  572.       }
    573. 

  573.     }
    574. 

  574.   }
    575. 

  575. 

  576.   /* Initializations from includes/connect.php.
    577. 

  577.    *
    578. 

  578.    * @access private
    579. 

  579.    */
    580. 

  580.   function _initConnect () {
    581. 

  581.     global $c, $db_database, $db_host, $db_login, $db_password, $firstname,
    582. 

  582.     $fullname, $is_admin, $is_nonuser, $LANGUAGE, $lastname, $login,
    583. 

  583.     $login_email, $login_firstname, $login_fullname, $login_is_admin,
    584. 

  584.     $login_lastname, $login_login, $login_url, $not_auth, $PHP_AUTH_USER,
    585. 

  585.     $PHP_SELF, $PROGRAM_VERSION, $pub_acc_enabled, $PUBLIC_ACCESS_CAN_ADD,
    586. 

  586.     $readonly, $SCRIPT, $session_not_found, $single_user, $single_user_login,
    587. 

  587.     $use_http_auth, $user_email, $user_inc;
    588. 

  588. 

  589.     // db settings are in config.php.
    590. 

  590. 

  591.     // Establish a database connection.
    592. 

  592.     // This may have happened in validate.php, depending on settings.
    593. 

  593.     // If not, do it now.
    594. 

  594.     if ( empty ( $c ) ) {
    595. 

  595.       $c = dbi_connect ( $db_host, $db_login, $db_password, $db_database );
    596. 

  596.       if ( ! $c )
    597. 

  597.         die_miserable_death ( 'Error connecting to database:<blockquote>'
    598. 

  598.            . dbi_error () . '</blockquote>' );
    599. 

  599. 

  600.       // Do a sanity check on the database,
    601. 

  601.       // making sure we can at least access the webcal_config table.
    602. 

  602.       if ( function_exists ( 'doDbSanityCheck' ) )
    603. 

  603.         doDbSanityCheck ();
    604. 

  604. 

  605.       // Check the current installation version.
    606. 

  606.       // Redirect user to install page if it is different from stored value.
    607. 

  607.       // This will prevent running WebCalendar until UPGRADING.html has been
    608. 

  608.       // read and required upgrade actions completed.
    609. 

  609.       $rows = dbi_get_cached_rows ( 'SELECT cal_value FROM webcal_config
    610. 

  610.          WHERE cal_setting = \'WEBCAL_PROGRAM_VERSION\'' );
    611. 

  611.       if ( $rows ) {
    612. 

  612.         $row = $rows[0];
    613. 

  613.         if ( $row[0] != $PROGRAM_VERSION ) {
    614. 

  614.           // &amp; does not work here...leave it as &
    615. 

  615.           header ( 'Location: install/index.php?action=mismatch&version='
    616. 

  616.             . $row[0] );
    617. 

  617.         exit;}
    618. 

  618. 

  619.       }
    620. 

  620.     }
    621. 

  621. 

  622.     // If we are in single user mode,
    623. 

  623.     // make sure that the login selected is a valid login.
    624. 

  624.     if ( $single_user == 'Y' ) {
    625. 

  625.       if ( empty ( $single_user_login ) )
    626. 

  626.         die_miserable_death ( 'You have not defined <tt>single_user_login</tt> '
    627. 

  627.            . 'in <tt>includes/settings.php</tt>' );
    628. 

  628. 

  629.       $res = dbi_execute ( 'SELECT COUNT( * ) FROM webcal_user
    630. 

  630.         WHERE cal_login = ?', array ( $single_user_login ) );
    631. 

  631.       if ( ! $res ) {
    632. 

  632.         echo 'Database error: ' . dbi_error ();
    633. 

  633.         exit;
    634. 

  634.       }
    635. 

  635.       $row = dbi_fetch_row ( $res );
    636. 

  636.       if ( $row[0] == 0 ) {
    637. 

  637.         // User specified as single_user_login does not exist.
    638. 

  638.         if ( ! dbi_execute ( 'INSERT INTO webcal_user ( cal_login, cal_passwd,
    639. 

  639.           cal_is_admin ) VALUES ( ?, ?, ? )',
    640. 

  640.             array ( $single_user_login, md5 ( $single_user_login ), 'Y' ) ) )
    641. 

  641.           die_miserable_death ( 'User <tt>' . $single_user_login
    642. 

  642.              . '</tt> does not exist in <tt>webcal_user</tt> table and we were '
    643. 

  643.              . 'not able to add it for you:<br /><blockquote>' . dbi_error ()
    644. 

  644.              . '</blockquote>' );
    645. 

  645. 

  646.         // User was added... should we tell them?
    647. 

  647.       }
    648. 

  648.       dbi_free_result ( $res );
    649. 

  649.     }
    650. 

  650.     // Global settings have not been loaded yet, so check for public_access now.
    651. 

  651.     $rows = dbi_get_cached_rows ( 'SELECT cal_value FROM webcal_config
    652. 

  652.       WHERE cal_setting = \'PUBLIC_ACCESS\'' );
    653. 

  653.     if ( $rows ) {
    654. 

  654.       $row = $rows[0];
    655. 

  655.     }
    656. 

  656.     $pub_acc_enabled = ( ! empty ( $row ) && $row[0] == 'Y' );
    657. 

  657. 

  658.     if ( $pub_acc_enabled ) {
    659. 

  659. 

  660.       $rows = dbi_get_cached_rows ( 'SELECT cal_value FROM webcal_config
    661. 

  661.         WHERE cal_setting = \'PUBLIC_ACCESS_CAN_ADD\'' );
    662. 

  662.       if ( $rows && $row == $rows[0] )
    663. 

  663.         $PUBLIC_ACCESS_CAN_ADD = $row[0];
    664. 

  664.     }
    665. 

  665. 

  666.     if ( empty ( $PHP_SELF ) )
    667. 

  667.       $PHP_SELF = $_SERVER['PHP_SELF'];
    668. 

  668. 

  669.     if ( empty ( $login_url ) )
    670. 

  670.       $login_url = 'login.php';
    671. 

  671. 

  672.     $login_url .= ( strstr ( $login_url, '?' ) ? '&amp;' : '?' )
    673. 

  673.      . ( empty ( $login_return_path ) ? '' : 'return_path=' 
    674. 

  674.      . $login_return_path );
    675. 

  675. 

  676.     // If sent here from an email and not logged in, 
    677. 

  677.     //save URI and redirect to login.
    678. 

  678.     $em = getGetValue ( 'em' );
    679. 

  679.         $view_via_email = false;
    680. 

  680.     if ( ! empty ( $em ) && empty ( $login ) ) {
    681. 

  681.       remember_this_view ();
    682. 

  682.           $view_via_email = true;
    683. 

  683.     }
    684. 

  684. 

  685.     if ( empty ( $session_not_found ) )
    686. 

  686.       $session_not_found = false;
    687. 

  687. 

  688.     if ( ! $view_via_email && $pub_acc_enabled && ! empty ( $session_not_found ) ) {
    689. 

  689.       $firstname = $lastname = $user_email = '';
    690. 

  690.       $fullname = 'Public Access'; // Will be translated after translation is loaded.
    691. 

  691.       $is_admin = false;
    692. 

  692.       $login = '__public__';
    693. 

  693.     } else
    694. 

  694.     if ( $view_via_email || ( ! $pub_acc_enabled && $session_not_found 
    695. 

  695.           && ! $use_http_auth ) ) {
    696. 

  696.       if ( substr ( $user_inc, 0, 9 ) == 'user-app-' )
    697. 

  697.         app_login_screen ( clean_whitespace ( $SCRIPT ) );
    698. 

  698.       else {
    699. 

  699.         do_redirect ( $login_url );
    700. 

  700.         exit;
    701. 

  701.       }
    702. 

  702.     }
    703. 

  703. 

  704.     $is_nonuser = false;
    705. 

  705. 

  706.     if ( empty ( $login ) && $use_http_auth ) {
    707. 

  707.       if ( strstr ( $PHP_SELF, "login.php" ) ) {
    708. 

  708.         // Ignore since login.php will redirect to index.php.
    709. 

  709.       } else
    710. 

  710.         send_http_login ();
    711. 

  711.     } else
    712. 

  712.     if ( ! empty ( $login ) ) {
    713. 

  713.       // They are already logged in ($login is set in validate.php).
    714. 

  714.       if ( strstr ( $PHP_SELF, 'login.php' ) ) {
    715. 

  715.         // Ignore since login.php will redirect to index.php.
    716. 

  716.       } else
    717. 

  717.       if ( $login == '__public__' ) {
    718. 

  718.         $firstname = $lastname = $user_email = '';
    719. 

  719.         $fullname = 'Public Access';
    720. 

  720.         $is_admin = false;
    721. 

  721.       } else {
    722. 

  722.         user_load_variables ( $login, 'login_' );
    723. 

  723.         if ( ! empty ( $login_login ) ) {
    724. 

  724.           $firstname = $login_firstname;
    725. 

  725.           $lastname = $login_lastname;
    726. 

  726.           $fullname = $login_fullname;
    727. 

  727.           $is_admin = ( $login_is_admin == 'Y' );
    728. 

  728.           $is_nonuser = ( ! empty ( $GLOBALS['login_is_nonuser'] ) &&
    729. 

  729.             $GLOBALS['login_is_nonuser'] );
    730. 

  730.           $user_email = $login_email;
    731. 

  731.         } else {
    732. 

  732.           // Invalid login.
    733. 

  733.           if ( $use_http_auth ) {
    734. 

  734.             if ($pub_acc_enabled) {
    735. 

  735.               $login = '__public__';
    736. 

  736.               $firstname = $lastname = $user_email = '';
    737. 

  737.               $fullname = 'Public Access';
    738. 

  738.               $is_admin = false;
    739. 

  739.             } else
    740. 

  740.               send_http_login ();
    741. 

  741.           } else
    742. 

  742.             // This shouldn't happen since login should be validated in validate.php.
    743. 

  743.             // If it does happen, it means we received an invalid login cookie.
    744. 

  744.             do_redirect ( $login_url . '&amp;error=Invalid+session+found.' );
    745. 

  745.         }
    746. 

  746.       }
    747. 

  747.     }
    748. 

  748. 

  749.     // If they are accessing using the public login, restrict them from using
    750. 

  750.     // certain pages.
    751. 

  751.     $not_auth = false;
    752. 

  752.     if ( ! empty ( $login ) && $login == '__public__' || $is_nonuser ) {
    753. 

  753.       if ( strstr ( $PHP_SELF, 'views.php' ) ||
    754. 

  754.         strstr ( $PHP_SELF, 'views_edit_handler.php' ) ||
    755. 

  755.         strstr ( $PHP_SELF, 'category.php' ) ||
    756. 

  756.         strstr ( $PHP_SELF, 'category_handler.php' ) ||
    757. 

  757.         strstr ( $PHP_SELF, 'activity_log.php' ) ||
    758. 

  758.         strstr ( $PHP_SELF, 'admin.php' ) ||
    759. 

  759.         strstr ( $PHP_SELF, 'adminhome.php' ) ||
    760. 

  760.         strstr ( $PHP_SELF, 'admin_handler.php' ) ||
    761. 

  761.         strstr ( $PHP_SELF, 'groups.php' ) ||
    762. 

  762.         strstr ( $PHP_SELF, 'group_edit_handler.php' ) ||
    763. 

  763.         strstr ( $PHP_SELF, 'pref.php' ) ||
    764. 

  764.         strstr ( $PHP_SELF, 'pref_handler.php' ) ||
    765. 

  765.         strstr ( $PHP_SELF, 'edit_remotes.php' ) ||
    766. 

  766.         strstr ( $PHP_SELF, 'edit_remotes_handler.php' ) ||
    767. 

  767.         strstr ( $PHP_SELF, 'edit_user.php' ) ||
    768. 

  768.         strstr ( $PHP_SELF, 'edit_user_handler.php' ) ||
    769. 

  769.         strstr ( $PHP_SELF, 'approve_entry.php' ) ||
    770. 

  770.         strstr ( $PHP_SELF, 'reject_entry.php' ) ||
    771. 

  771.         strstr ( $PHP_SELF, 'del_entry.php' ) ||
    772. 

  772.         strstr ( $PHP_SELF, 'set_entry_cat.php' ) ||
    773. 

  773.         strstr ( $PHP_SELF, 'list_unapproved.php' ) ||
    774. 

  774.         strstr ( $PHP_SELF, 'layers.php' ) ||
    775. 

  775.         strstr ( $PHP_SELF, 'layer_toggle.php' ) ||
    776. 

  776.         strstr ( $PHP_SELF, 'import.php' ) ||
    777. 

  777.         strstr ( $PHP_SELF, 'import_handler.php' ) ||
    778. 

  778.         strstr ( $PHP_SELF, 'edit_template.php' ) ) {
    779. 

  779.         $not_auth = true;
    780. 

  780.       }
    781. 

  781.     }
    782. 

  782. 

  783.     if ( ! empty ( $login ) && ( empty ( $is_admin ) || ! $is_admin ) ) {
    784. 

  784.       if ( strstr ( $PHP_SELF, 'admin.php' ) ||
    785. 

  785.         strstr ( $PHP_SELF, 'admin_handler.php' ) ||
    786. 

  786.         strstr ( $PHP_SELF, 'groups.php' ) ||
    787. 

  787.         strstr ( $PHP_SELF, 'group_edit.php' ) ||
    788. 

  788.         strstr ( $PHP_SELF, 'group_edit_handler.php' ) ||
    789. 

  789.         strstr ( $PHP_SELF, 'activity_log.php' ) ) {
    790. 

  790.         $not_auth = true;
    791. 

  791.       }
    792. 

  792.     }
    793. 

  793. 

  794.     // restrict access if calendar is read-only
    795. 

  795.     if ( $readonly == 'Y' ) {
    796. 

  796.       //if ( strstr ( $PHP_SELF, 'activity_log.php' ) ||
    797. 

  797.       if ( strstr ( $PHP_SELF, 'adminhome.php' ) ||
    798. 

  798.         strstr ( $PHP_SELF, 'admin.php' ) ||
    799. 

  799.         strstr ( $PHP_SELF, 'approve_entry.php' ) ||
    800. 

  800.         strstr ( $PHP_SELF, 'category_handler.php' ) ||
    801. 

  801.         strstr ( $PHP_SELF, 'category.php' ) ||
    802. 

  802.         strstr ( $PHP_SELF, 'del_entry.php' ) ||
    803. 

  803.         strstr ( $PHP_SELF, 'edit_report_handler.php' ) ||
    804. 

  804.         strstr ( $PHP_SELF, 'edit_report.php' ) ||
    805. 

  805.         strstr ( $PHP_SELF, 'edit_template.php' ) ||
    806. 

  806.         strstr ( $PHP_SELF, 'edit_user_handler.php' ) ||
    807. 

  807.         strstr ( $PHP_SELF, 'edit_user.php' ) ||
    808. 

  808.         strstr ( $PHP_SELF, 'group_edit_handler.php' ) ||
    809. 

  809.         strstr ( $PHP_SELF, 'groups.php' ) ||
    810. 

  810.         strstr ( $PHP_SELF, 'import_handler.php' ) ||
    811. 

  811.         strstr ( $PHP_SELF, 'import_handler.php' ) ||
    812. 

  812.         strstr ( $PHP_SELF, 'import.php' ) ||
    813. 

  813.         strstr ( $PHP_SELF, 'layers.php' ) ||
    814. 

  814.         strstr ( $PHP_SELF, 'layer_toggle.php' ) ||
    815. 

  815.         strstr ( $PHP_SELF, 'list_unapproved.php' ) ||
    816. 

  816.         strstr ( $PHP_SELF, 'pref_handler.php' ) ||
    817. 

  817.         strstr ( $PHP_SELF, 'pref.php' ) ||
    818. 

  818.         strstr ( $PHP_SELF, 'pref_handler.php' ) ||
    819. 

  819.         strstr ( $PHP_SELF, 'purge.php' ) ||
    820. 

  820.         strstr ( $PHP_SELF, 'register.php' ) ||
    821. 

  821.         strstr ( $PHP_SELF, 'reject_entry.php' ) ||
    822. 

  822.         strstr ( $PHP_SELF, 'set_entry_cat.php' ) ||
    823. 

  823.         strstr ( $PHP_SELF, 'users.php' ) ||
    824. 

  824.         strstr ( $PHP_SELF, 'views_edit_handler.php' ) ||
    825. 

  825.         strstr ( $PHP_SELF, 'views.php' ) ) {
    826. 

  826.         $not_auth = true;
    827. 

  827.       }
    828. 

  828.     }
    829. 

  829. 

  830.     // An attempt will be made to translate
    831. 

  831.     if ( $not_auth ) {
    832. 

  832.       load_user_preferences ();
    833. 

  833.       $error = ( function_exists ( 'translate' )
    834. 

  834.         ? translate ( 'You are not authorized.' ) : 'You are not authorized.' );
    835. 

  835.       die_miserable_death ( $error );
    836. 

  836.     }
    837. 

  837.   }
    838. 

  838. 

  839.   /* Initializations from includes/site-extras.php.
    840. 

  840.    *
    841. 

  841.    * This is a placeholder for now.
    842. 

  842.    *
    843. 

  843.    * @access private
    844. 

  844.    *
    845. 

  845.    * @todo Figure out what should go here.
    846. 

  846.    */
    847. 

  847.   function _initSiteExtras () {
    848. 

  848.   }
    849. 

  849. 

  850.   /* Initializations from includes/access.php.
    851. 

  851.    *
    852. 

  852.    * @access private
    853. 

  853.    */
    854. 

  854.   function _initAccess () {
    855. 

  855.     global $access_other_cals;
    856. 

  856. 

  857.     // Global variable used to cache permissions
    858. 

  858.     $access_other_cals = array ();
    859. 

  859.   }
    860. 

  860. 

  861.   /* Initializations from includes/translate.php.
    862. 

  862.    *
    863. 

  863.    * @access private
    864. 

  864.    */
    865. 

  865.   function _initTranslate () {
    866. 

  866.     global $lang, $lang_file, $LANGUAGE, $PUBLIC_ACCESS_FULLNAME,
    867. 

  867.     $translation_loaded, $enable_mbstring;
    868. 

  868. 

  869.     if ( empty ( $LANGUAGE ) )
    870. 

  870.       $LANGUAGE = 'English-US'; // Default
    871. 

  871. 

  872.     // If set to use browser settings,
    873. 

  873.     // use the user's language preferences from their browser.
    874. 

  874.     $lang = $LANGUAGE;
    875. 

  875.     if ( $LANGUAGE == 'Browser-defined' || $LANGUAGE == 'none' ) {
    876. 

  876.       $lang = get_browser_language ();
    877. 

  877.       if ( $lang == 'none' )
    878. 

  878.         $lang = '';
    879. 

  879.     }
    880. 

  880.     if ( strlen ( $lang ) == 0 || $lang == 'none' )
    881. 

  881.       $lang = 'English-US'; // Default
    882. 

  882. 

  883.     $lang_file = 'translations/' . $lang . '.txt';
    884. 

  884. 

  885.     if (extension_loaded('mbstring')) {
    886. 

  886.       $mb_lang = strtok($lang, '-');
    887. 

  887.       if (@mb_language($mb_lang) && mb_internal_encoding(translate('charset'))) {
    888. 

  888.         $enable_mbstring = true;
    889. 

  889.       } else {
    890. 

  890.         $enable_mbstring = false;
    891. 

  891.       }
    892. 

  892.     }
    893. 

  893. 

  894.     $translation_loaded = false;
    895. 

  895. 

  896.     $PUBLIC_ACCESS_FULLNAME = 'Public Access'; // default
    897. 

  897.   }
    898. 

  898. 

  899.   /* Gets the initialization phases for the page being viewed.
    900. 

  900.    *
    901. 

  901.    * @return array Array of initialization phases.
    902. 

  902.    *
    903. 

  903.    * @access private
    904. 

  904.    */
    905. 

  905.   function _getPhases () {
    906. 

  906.     global $user_inc;
    907. 

  907. 

  908.     foreach ( $this->_filePhaseMap as $pattern => $phases ) {
    909. 

  909.       if ( preg_match ( $pattern, $this->_filename ) !== 0 )
    910. 

  910.         return $phases;
    911. 

  911.     }
    912. 

  912.     die_miserable_death ( '_getPhases: could not find \'' . $this->_filename
    913. 

  913.        . '\' in _filePhaseMap.' );
    914. 

  914.   }
    915. 

  915. 

  916.   /* Gets the initialization steps for the current page and phase.
    917. 

  917.    *
    918. 

  918.    * @param int $phase Initialization phase number
    919. 

  919.    *
    920. 

  920.    * @return array Array of initialization steps.
    921. 

  921.    *
    922. 

  922.    * @access private
    923. 

  923.    */
    924. 

  924.   function _getSteps ( $phase ) {
    925. 

  925.     $phases = $this->_getPhases ();
    926. 

  926. 

  927.     return $phases[$phase - 1];
    928. 

  928.   }
    929. 

  929. 

  930.   /* Performs initialization steps.
    931. 

  931.    *
    932. 

  932.    * @param int $phase Which step of initialization should we perform?
    933. 

  933.    *
    934. 

  934.    * @access private
    935. 

  935.    */
    936. 

  936.   function _doInit ( $phase ) {
    937. 

  937.     $steps = $this->_getSteps ( $phase );
    938. 

  938.     foreach ( $steps as $step ) {
    939. 

  939.       $function = "_init$step";
    940. 

  940.       $this->$function ();
    941. 

  941.     }
    942. 

  942.   }
    943. 

  943. 

  944.   /* Begins initialization of WebCalendar.
    945. 

  945.    *
    946. 

  946.    * @param string $path Full path of page being viewed
    947. 

  947.    *
    948. 

  948.    * @access public
    949. 

  949.    */
    950. 

  950.   function initializeFirstPhase () {
    951. 

  951.     $this->_doInit ( 1 );
    952. 

  952.   }
    953. 

  953. 

  954.   /* Continues initialization of WebCalendar.
    955. 

  955.    *
    956. 

  956.    * @param string $path Full path of page being viewed
    957. 

  957.    *
    958. 

  958.    * @access public
    959. 

  959.    */
    960. 

  960.   function initializeSecondPhase () {
    961. 

  961.     $this->_doInit ( 2 );
    962. 

  962.   }
    963. 

  963. 

  964.   /* Sets the translation language.
    965. 

  965.    *
    966. 

  966.    * @access public
    967. 

  967.    */
    968. 

  968.   function setLanguage () {
    969. 

  969.     $this->_initTranslate ();
    970. 

  970.   }
    971. 

  971. 

  972.   /* Construct an absolute path.
    973. 

  973.    *
    974. 

  974.    * @param string $path The path relative to the WebCalendar install directory
    975. 

  975.    *
    976. 

  976.    * @return string The absolute path
    977. 

  977.    */
    978. 

  978.   function absolutePath ( $path ) {
    979. 

  979.     return $this->_directory . $path;
    980. 

  980.   }
    981. 

  981. }
    982. 

  982. 

  983. ?>
    984. 

  984.