<?php
/* Declares the WebCalendar class.
*
* @author Adam Roben <adam.roben@gmail.com>
* @copyright Craig Knudsen, <cknudsen@cknudsen.com>, http://www.k5n.us/cknudsen
* @license http://www.gnu.org/licenses/gpl.html GNU GPL
* @version $Id: WebCalendar.class,v 1.108.2.11 2008/09/28 00:40:06 cknudsen Exp $
* @package WebCalendar
*/
/* The WebCalendar.
*
* Right now this class's functionality is limited to initialization routines.
*
* @todo Get rid of all the global variables.
* @todo Organize initialization steps more logically.
*/
class WebCalendar {
/* Filename of the page the user is viewing.
*
* @var string
*
* @access private
*/
var $_filename;
/* WebCalendar install directory.
*
* @var string
*
* @access private
*/
var $_directory;
/* A map from filenames to initialization phases.
*
* This array holds the initialization steps for each page. Steps are
* separated into phases, and listed in the order they should be executed,
* and are the names of the WebCalendar::methods that should be called,
* without the `_Init' prefix.
*
* @var array
*
* @access private
*
* @todo Make it possible to distinguish between files in different directories
* (e.g. login.php and ws/login.php).
*/
var $_filePhaseMap =
array ( '/^(about|nulogin|login|login-app|register|controlpanel|upcoming)\.php$/' =>
array (
array ( 'Config', 'PHPDBI', 'Functions' ),
array ( 'User', 'Connect' ) ),
'/^(ajax|css_cacher|js_cacher|icalclient|freebusy|publish|rss|rss_unapproved|rss_activity_log|get_reminders|get_events|ws)\.php$/' =>
array (
array ( 'Config', 'PHPDBI', 'Functions' ),
array ( 'User', 'Validate', 'Connect', 'SiteExtras', 'Access' ) ),
'/^convert_passwords\.php$/' =>
array (
array ( 'Config', 'PHPDBI' ),
array () ),
'/^send_reminders|reload_remotes\.php$/' =>
array (
array ( 'Config', 'PHPDBI', 'Functions' ),
array ( 'User', 'SiteExtras' ) ),
/* This is for files which have called include('includes/init.php'). */
'/^init\.php$/' =>
array (
array ( 'InitFirstPhase', 'Config', 'PHPDBI', 'Functions' ),
array ( 'User', 'Validate', 'Connect', 'SiteExtras', 'Access', 'InitSecondPhase' ) )
);
/* WebCalendar constructor.
*
* @param string $path Full path of file being viewed.
*
* @return WebCalendar New WebCalendar object.
*
* @access public
*/
function WebCalendar ( $path ) {
$this->_filename = basename ( $path );
$this->_directory = dirname ( __FILE__ ) . '/../../';
// Define a value to prevent direct access to files.
define ( '_ISVALID', 1 );
}
// cek: This function is used by some other apps that I have developed
// but have not released.
function addExternalPage ( $pattern, $initArray ) {
$this->_filePhaseMap[$pattern] = $initArray;
}
/* First part of initializations from includes/init.php.
*
* @access private
*/
function _initInitFirstPhase () {
global $DMW, $HTTP_GET_VARS, $HTTP_POST_VARS, $PHP_SELF, $SCRIPT, $self,
$special, $user_inc;
// Make sure another app in the same domain doesn't have a 'user' cookie.
if ( empty ( $HTTP_GET_VARS ) )
$HTTP_GET_VARS = $_GET;
if ( empty ( $HTTP_POST_VARS ) )
$HTTP_POST_VARS = $_POST;
if ( ! empty ( $HTTP_GET_VARS ) && empty ( $HTTP_GET_VARS['user'] ) && !
empty ( $HTTP_POST_VARS ) && empty ( $HTTP_POST_VARS['user'] ) &&
isset ( $GLOBALS['user'] ) )
unset ( $GLOBALS['user'] );
// Get script name.
$self = $_SERVER['PHP_SELF'];
if ( empty ( $self ) )
$self = $PHP_SELF;
preg_match ( '/\/(\w+\.php)/', $self, $match );
$SCRIPT = $match[1];
// Several files need a no-cache header and some of the same code.
$special = array ( 'month.php', 'day.php', 'week.php',
'week_details.php', 'year.php', 'minical.php' );
$DMW = in_array ( $SCRIPT, $special );
// Unset some variables that shouldn't be set.
unset ( $user_inc );
}
/* Second part of initializations from includes/init.php.
*
* @access private
*/
function _initInitSecondPhase () {
global $ALLOW_VIEW_OTHER, $can_add, $can_add, $cat_id, $CATEGORIES_ENABLED,
$CATEGORY_VIEW, $caturl, $date, $DMW, $friendly, $override, $fullname, $GROUPS_ENABLED,
$hour, $id, $is_admin, $is_assistant, $is_nonuser, $login, $minute, $month,
$NONUSER_ENABLED, $nonusers, $ovrd, $PUBLIC_ACCESS, $PUBLIC_ACCESS_CAN_ADD,
$PUBLIC_ACCESS_FULLNAME, $PUBLIC_ACCESS_OTHERS, $readonly, $u_url, $user,
$user_fullname, $USER_SEES_ONLY_HIS_GROUPS, $userlist, $valid_user, $year;
load_global_settings ();
$this->setLanguage ();
if ( empty ( $ovrd ) )
load_user_preferences ();
// Error-check some commonly used form variable names.
$cat_id = getValue ( 'cat_id', '[\-0-9]+' );
$date = getValue ( 'date', '[0-9]+' );
$friendly = getValue ( 'friendly', '[01]' );
$override = getValue ( 'override', '[01]' );
$hour = getValue ( 'hour', '[0-9]+' );
$id = getValue ( 'id', '[0-9]+', true );
$minute = getValue ( 'minute', '[0-9]+' );
$month = getValue ( 'month', '[0-9]+' );
$user = getValue ( 'user', '[A-Za-z0-9_\.=@,\-]*', true );
$year = getValue ( 'year', '[0-9]+' );
if ( empty ( $PUBLIC_ACCESS ) )
$PUBLIC_ACCESS = 'N';
// Initialize access settings ($user_access string)
// and make sure user is allowed to view the current page.
access_init ();
if ( ! access_can_view_page () ) {
$user_BGCOLOR = get_pref_setting ( $login, 'BGCOLOR' );
echo '<html>
<head>
<title>' . generate_application_name () . ' ' . translate ( 'Error' ) . '</title>
</head>
<body bgcolor="' . $user_BGCOLOR . '">
' . print_not_auth ( true ) . '
</body>
</html>';
exit;
}
$can_add = false;
// Load if $SCRIPT is in $special array:
if ( $DMW ) {
// Tell the browser not to cache.
// send_no_cache_header ();
if ( $ALLOW_VIEW_OTHER != 'Y' && ! $is_admin && ! $is_assistant )
$user = '';
$can_add = ( $readonly == 'N' || $is_admin == 'Y' );
if ( $PUBLIC_ACCESS == 'Y' && $login == '__public__' ) {
if ( $PUBLIC_ACCESS_CAN_ADD != 'Y' )
$can_add = false;
if ( $PUBLIC_ACCESS_OTHERS != 'Y' )
$user = ''; // Security precaution.
}
if ( $is_nonuser )
$can_add = false;
if ( $GROUPS_ENABLED == 'Y' && $USER_SEES_ONLY_HIS_GROUPS == 'Y' && ! $is_admin ) {
$userlist = get_my_users ();
$valid_user = false;
if ( ! empty ( $NONUSER_ENABLED ) && $NONUSER_ENABLED == 'Y' ) {
$nonusers = get_my_nonusers ( $login, true );
$userlist = array_merge ( $nonusers, $userlist );
}
for ( $i = 0; $i < count ( $userlist ); $i++ ) {
if ( $user == $userlist[$i]['cal_login'] )
$valid_user = true;
}
if ( ! $valid_user )
$user = ''; // Security precaution.
}
if ( ! empty ( $user ) ) {
$u_url = 'user=' . $user . '&';
user_load_variables ( $user, 'user_' );
if ( $user == '__public__' )
$user_fullname = translate ( $PUBLIC_ACCESS_FULLNAME );
} else {
$u_url = '';
$user_fullname = $fullname;
if ( $login == '__public__' )
$user_fullname = translate ( $PUBLIC_ACCESS_FULLNAME );
}
set_today ( $date );
remember_this_view ();
if ( $CATEGORIES_ENABLED == 'Y' ) {
if ( ! empty ( $cat_id ) ) {
} elseif ( ! empty ( $CATEGORY_VIEW ) && ! isset ( $_GET['cat_id'] ) )
$cat_id = $CATEGORY_VIEW;
else
$cat_id = '';
} else
$cat_id = '';
$caturl = ( empty ( $cat_id ) ? '' : '&cat_id=' . $cat_id );
}
}
/* Initializations from includes/assert.php.
*
* @access private
*/
function _initAssert () {
// Initialize assert options.
assert_options ( ASSERT_CALLBACK, 'assert_handler' );
assert_options ( ASSERT_ACTIVE, 1 );
}
/* Initializations from includes/config.php.
*
* @access private
*/
function _initConfig () {
do_config ( $this->absolutePath ( 'includes/settings.php' ) );
}
/* Initializations from includes/dbi4php.php.
*
* @access private
*/
function _initPHPDBI () {
global $phpdbiVerbose;
// Enable the following to show the actual database error in the browser.
// It is more secure to not show this info, so this should only be turned
// on for debugging purposes.
if ( ! isset ( $phpdbiVerbose ) )
$phpdbiVerbose = false;
}
/* Initializations from includes/functions.php.
*
* @access private
*/
function _initFunctions () {
global $byday_names, $byday_values, $days_per_month, $db_login, $db_password,
$ldays_per_month,
$offsets, $PHP_SELF, $settings, $weekday_names;
/**#@+
* Used for activity log.
*/
define ( 'LOG_APPROVE', 'A' );
define ( 'LOG_APPROVE_J', 'P' );
define ( 'LOG_APPROVE_T', 'H' );
define ( 'LOG_ATTACHMENT', 'T' );
define ( 'LOG_COMMENT', 'M' );
define ( 'LOG_CREATE', 'C' );
define ( 'LOG_CREATE_J', 'I' );
define ( 'LOG_CREATE_T', 'G' );
define ( 'LOG_DELETE', 'D' );
define ( 'LOG_DELETE_J', 'V' );
define ( 'LOG_DELETE_T', 'L' );
define ( 'LOG_LOGIN_FAILURE', 'x' );
define ( 'LOG_NEWUSER_EMAIL', 'E' );
define ( 'LOG_NEWUSER_FULL', 'F' );
define ( 'LOG_NOTIFICATION', 'N' );
define ( 'LOG_REJECT', 'X' );
define ( 'LOG_REJECT_J', 'Q' );
define ( 'LOG_REJECT_T', 'J' );
define ( 'LOG_REMINDER', 'R' );
define ( 'LOG_UPDATE', 'U' );
define ( 'LOG_UPDATE_J', 'S' );
define ( 'LOG_UPDATE_T', 'K' );
define ( 'LOG_USER_ADD', 'a' );
define ( 'LOG_USER_DELETE', 'd' );
define ( 'LOG_USER_UPDATE', 'u' );
/**#@-*/
/* Number of seconds in:
*/
define ( 'ONE_HOUR', 3600 );
define ( 'ONE_DAY', 86400 );
define ( 'ONE_WEEK', 604800 );
/* Arrays containing the number of days in each month
* in a leap year and a non-leap year.
*
* @global array $ldays_per_month
* @global array $days_per_month
*/
$ldays_per_month =
$days_per_month = array ( 0, 31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31 );
$ldays_per_month[2] = 29;
/* Array containing the short names for the days of the week.
*
* @global array $weekday_names
*/
$weekday_names = array ( 'Sun', 'Mon', 'Tue', 'Wed', 'Thu', 'Fri', 'Sat' );
/* Array containing the BYDAY names for the days of the week.
*
* @global array $byday_name
*/
$byday_names = array ( 'SU', 'MO', 'TU', 'WE', 'TH', 'FR', 'SA' );
/* Array containing the number value of the days of the week.
*
* @global array $days_per_week
*/
$days_of_week = array_flip ( $weekday_names );
/* Array containing the number value of the ical ByDay abbreviations.
*
* @global array $byday_values
*/
$byday_values = array_flip ( $byday_names );
/* Pull out cookies and place them in global variables */
if ( ! empty ( $_COOKIE['webcalendar_session'] ) )
$GLOBALS['webcalendar_session'] = $_COOKIE['webcalendar_session'];
if ( ! empty ( $_COOKIE['webcalendar_login'] ) )
$GLOBALS['webcalendar_login'] = $_COOKIE['webcalendar_login'];
if ( ! empty ( $_COOKIE['webcalendar_last_view'] ) )
$GLOBALS['webcalendar_last_view'] = $_COOKIE['webcalendar_last_view'];
if ( ! empty ( $_COOKIE['webcalendar_csscache'] ) )
$GLOBALS['webcalendar_csscache'] = $_COOKIE['webcalendar_csscache'];
// Don't allow a user to put "login=XXX" in the URL
// if they are not coming from the login.php page.
if ( empty ( $PHP_SELF ) && ! empty ( $_SERVER['PHP_SELF'] ) )
$PHP_SELF = $_SERVER['PHP_SELF']; // Backward compatibility.
if ( empty ( $PHP_SELF ) )
$PHP_SELF = ''; // This happens when running send_reminders.php from CL.
if ( ! strstr ( $PHP_SELF, 'login.php' ) && ! empty ( $GLOBALS['login'] ) )
$GLOBALS['login'] = '';
// Define an array to use to jumble up the key: $offsets
// We define a unique key to scramble the cookie we generate.
// We use the admin install password that the user set to make
// the salt unique for each WebCalendar install.
$salt = ( ! empty ( $settings ) && ! empty ( $settings['install_password'] )
? $settings['install_password'] : md5 ( $db_login ) );
$salt_len = strlen ( $salt );
$salt2 = md5 ( empty ( $db_password ) ? 'oogabooga' : $db_password );
$salt2_len = strlen ( $salt2 );
$offsets = array ();
for ( $i = 0; $i < $salt_len || $i < $salt2_len; $i++ ) {
$offsets[$i] = 0;
if ( $i < $salt_len )
$offsets[$i] += ord ( substr ( $salt, $i, 1 ) );
if ( $i < $salt2_len )
$offsets[$i] += ord ( substr ( $salt2, $i, 1 ) );
$offsets[$i] %= 128;
}
}
/* Initializations from includes/user*.php.
*
* This is a placeholder for now. We are letting includes/user*.php handle
* its own initialization.
*
* @access private
*
* @todo Make an Authentication interface class and create a subclass for
* each user*.php page.
*/
function _initUser () {
}
/* Initializations from includes/validate.php.
*
* @access private
*/
function _initValidate () {
global $c, $cryptpw, $db_database, $db_host, $db_login, $db_password,
$encoded_login, $HTTP_ENV_VARS, $HTTP_SERVER_VARS, $is_nonuser, $login,
$login_return_path, $PHP_AUTH_USER, $REMOTE_USER, $SCRIPT,
$session_not_found, $settings, $single_user, $single_user_login,
$use_http_auth, $user_inc, $validate_redirect, $webcalendar_session;
/* If WebCalendar is configured to use http authentication, then we can
* use _initValidate (). If we are not using http auth, icalclient.php will
* create its own http auth since an iCal client cannot login via a
* web-based login. Publish.php does need to validate if not http_auth.
*/
if ( ! $use_http_auth &&
( $this->_filename == 'css_cacher.php' ||
$this->_filename == 'icalclient.php' ||
$this->_filename == 'rss_unapproved.php' ||
$this->_filename == 'rss_activity_log.php' ||
$this->_filename == 'js_cacher.php' ||
$this->_filename == 'publish.php' ) ) {
return;
}
$is_nonuser = $session_not_found = $validate_redirect = false;
// Catch-all for getting the username when using HTTP-authentication.
if ( $use_http_auth ) {
if ( empty ( $PHP_AUTH_USER ) ) {
if ( ! empty ( $_SERVER ) && isset ( $_SERVER['PHP_AUTH_USER'] ) )
$PHP_AUTH_USER = $_SERVER['PHP_AUTH_USER'];
else
if ( ! empty ( $HTTP_SERVER_VARS ) &&
isset ( $HTTP_SERVER_VARS['PHP_AUTH_USER'] ) )
$PHP_AUTH_USER = $HTTP_SERVER_VARS['PHP_AUTH_USER'];
else
if ( isset ( $REMOTE_USER ) )
$PHP_AUTH_USER = $REMOTE_USER;
else
if ( ! empty ( $_ENV ) && isset ( $_ENV['REMOTE_USER'] ) )
$PHP_AUTH_USER = $_ENV['REMOTE_USER'];
else
if ( ! empty ( $HTTP_ENV_VARS ) && isset ( $HTTP_ENV_VARS['REMOTE_USER'] ) )
$PHP_AUTH_USER = $HTTP_ENV_VARS['REMOTE_USER'];
else
if ( @getenv ( 'REMOTE_USER' ) )
$PHP_AUTH_USER = getenv ( 'REMOTE_USER' );
else
if ( isset ( $AUTH_USER ) )
$PHP_AUTH_USER = $AUTH_USER;
else
if ( ! empty ( $_ENV ) && isset ( $_ENV['AUTH_USER'] ) )
$PHP_AUTH_USER = $_ENV['AUTH_USER'];
else
if ( ! empty ( $HTTP_ENV_VARS ) && isset ( $HTTP_ENV_VARS['AUTH_USER'] ) )
$PHP_AUTH_USER = $HTTP_ENV_VARS['AUTH_USER'];
else
if ( @getenv ( 'AUTH_USER' ) )
$PHP_AUTH_USER = getenv ( 'AUTH_USER' );
}
}
if ( $single_user == 'Y' )
$login = $single_user_login;
else {
if ( $use_http_auth ) {
// HTTP server did validation for us....
if ( empty ( $PHP_AUTH_USER ) )
$session_not_found = true;
else
$login = $PHP_AUTH_USER;
} else
if ( substr ( $user_inc, 0, 9 ) == 'user-app-' ) {
// Make sure we are connected to the database for session check.
$c = @dbi_connect ( $db_host, $db_login, $db_password, $db_database );
if ( ! $c )
die_miserable_death ( 'Error connecting to database:<blockquote>'
. dbi_error () . '</blockquote>' );
// Use another application's authentication.
if ( $login != user_logged_in () )
$session_not_found = true;
} else {
@session_start ();
if ( ! empty ( $_SESSION['webcal_login'] ) )
$login = $_SESSION['webcal_login'];
if ( ! empty ( $_SESSION['webcalendar_session'] ) )
$webcalendar_session = $_SESSION['webcalendar_session'];
if ( empty ( $login ) && empty ( $webcalendar_session ) )
$session_not_found = true;
else
if ( empty ( $_SESSION['webcal_login'] ) &&
// Check for cookie...
! empty ( $webcalendar_session ) ) {
$encoded_login = $webcalendar_session;
if ( empty ( $encoded_login ) )
// Invalid session cookie.
$session_not_found = true;
else {
$login_pw = split( '\|', decode_string ( $encoded_login ) );
$login = $login_pw[0];
$cryptpw = $login_pw[1];
// Security fix. Don't allow certain types of characters in
// the login. WebCalendar does not escape the login name in
// SQL requests. So, if the user were able to set the login
// name to be "x';drop table u;",
// they may be able to affect the database.
// NOTE: we also changed the cookie encoding from WebCalendar 1.0.X
// to WebCalendar 1.1.X+, so this causes a bad cookie error.
if ( ! empty ( $login ) && $login != addslashes ( $login ) ) {
// The following deletes the bad cookie. So, the user just needs
// to reload.
SetCookie ( 'webcalendar_session', '', 0 );
die_miserable_death ( 'Illegal characters in login <tt>'
. htmlentities ( $login ) . '</tt>' .
"Press browser reload to clear bad cookie." );
}
// Make sure we are connected to the database for password check.
$c = @dbi_connect ( $db_host, $db_login, $db_password, $db_database );
if ( ! $c )
die_miserable_death ( 'Error connecting to database:<blockquote>'
. dbi_error () . '</blockquote>' );
doDbSanityCheck ();
if ( $cryptpw == 'nonuser' ) {
if ( ! nonuser_load_variables ( $login, 'nutemp_' ) )
// No such nonuser cal.
die_miserable_death ( 'Invalid nonuser calendar.' );
if ( empty ( $GLOBALS['nutemp_is_public'] ) ||
$GLOBALS['nutemp_is_public'] != 'Y' )
die_miserable_death ( 'Nonuser calendar is not public.' );
$is_nonuser = true;
} else
if ( ! user_valid_crypt ( $login, $cryptpw ) )
do_redirect ( 'login.php' . ( empty ( $login_return_path )
? '' : '?return_path=' . $login_return_path ) );
@session_start ();
$_SESSION['webcal_login'] = $login;
$_SESSION['webcalendar_session'] = $webcalendar_session;
}
}
}
}
}
/* Initializations from includes/connect.php.
*
* @access private
*/
function _initConnect () {
global $c, $db_database, $db_host, $db_login, $db_password, $firstname,
$fullname, $is_admin, $is_nonuser, $LANGUAGE, $lastname, $login,
$login_email, $login_firstname, $login_fullname, $login_is_admin,
$login_lastname, $login_login, $login_url, $not_auth, $PHP_AUTH_USER,
$PHP_SELF, $PROGRAM_VERSION, $pub_acc_enabled, $PUBLIC_ACCESS_CAN_ADD,
$readonly, $SCRIPT, $session_not_found, $single_user, $single_user_login,
$use_http_auth, $user_email, $user_inc;
// db settings are in config.php.
// Establish a database connection.
// This may have happened in validate.php, depending on settings.
// If not, do it now.
if ( empty ( $c ) ) {
$c = dbi_connect ( $db_host, $db_login, $db_password, $db_database );
if ( ! $c )
die_miserable_death ( 'Error connecting to database:<blockquote>'
. dbi_error () . '</blockquote>' );
// Do a sanity check on the database,
// making sure we can at least access the webcal_config table.
if ( function_exists ( 'doDbSanityCheck' ) )
doDbSanityCheck ();
// Check the current installation version.
// Redirect user to install page if it is different from stored value.
// This will prevent running WebCalendar until UPGRADING.html has been
// read and required upgrade actions completed.
$rows = dbi_get_cached_rows ( 'SELECT cal_value FROM webcal_config
WHERE cal_setting = \'WEBCAL_PROGRAM_VERSION\'' );
if ( $rows ) {
$row = $rows[0];
if ( $row[0] != $PROGRAM_VERSION ) {
// & does not work here...leave it as &
header ( 'Location: install/index.php?action=mismatch&version='
. $row[0] );
exit;}
}
}
// If we are in single user mode,
// make sure that the login selected is a valid login.
if ( $single_user == 'Y' ) {
if ( empty ( $single_user_login ) )
die_miserable_death ( 'You have not defined <tt>single_user_login</tt> '
. 'in <tt>includes/settings.php</tt>' );
$res = dbi_execute ( 'SELECT COUNT( * ) FROM webcal_user
WHERE cal_login = ?', array ( $single_user_login ) );
if ( ! $res ) {
echo 'Database error: ' . dbi_error ();
exit;
}
$row = dbi_fetch_row ( $res );
if ( $row[0] == 0 ) {
// User specified as single_user_login does not exist.
if ( ! dbi_execute ( 'INSERT INTO webcal_user ( cal_login, cal_passwd,
cal_is_admin ) VALUES ( ?, ?, ? )',
array ( $single_user_login, md5 ( $single_user_login ), 'Y' ) ) )
die_miserable_death ( 'User <tt>' . $single_user_login
. '</tt> does not exist in <tt>webcal_user</tt> table and we were '
. 'not able to add it for you:<br /><blockquote>' . dbi_error ()
. '</blockquote>' );
// User was added... should we tell them?
}
dbi_free_result ( $res );
}
// Global settings have not been loaded yet, so check for public_access now.
$rows = dbi_get_cached_rows ( 'SELECT cal_value FROM webcal_config
WHERE cal_setting = \'PUBLIC_ACCESS\'' );
if ( $rows ) {
$row = $rows[0];
}
$pub_acc_enabled = ( ! empty ( $row ) && $row[0] == 'Y' );
if ( $pub_acc_enabled ) {
$rows = dbi_get_cached_rows ( 'SELECT cal_value FROM webcal_config
WHERE cal_setting = \'PUBLIC_ACCESS_CAN_ADD\'' );
if ( $rows && $row == $rows[0] )
$PUBLIC_ACCESS_CAN_ADD = $row[0];
}
if ( empty ( $PHP_SELF ) )
$PHP_SELF = $_SERVER['PHP_SELF'];
if ( empty ( $login_url ) )
$login_url = 'login.php';
$login_url .= ( strstr ( $login_url, '?' ) ? '&' : '?' )
. ( empty ( $login_return_path ) ? '' : 'return_path='
. $login_return_path );
// If sent here from an email and not logged in,
//save URI and redirect to login.
$em = getGetValue ( 'em' );
$view_via_email = false;
if ( ! empty ( $em ) && empty ( $login ) ) {
remember_this_view ();
$view_via_email = true;
}
if ( empty ( $session_not_found ) )
$session_not_found = false;
if ( ! $view_via_email && $pub_acc_enabled && ! empty ( $session_not_found ) ) {
$firstname = $lastname = $user_email = '';
$fullname = 'Public Access'; // Will be translated after translation is loaded.
$is_admin = false;
$login = '__public__';
} else
if ( $view_via_email || ( ! $pub_acc_enabled && $session_not_found
&& ! $use_http_auth ) ) {
if ( substr ( $user_inc, 0, 9 ) == 'user-app-' )
app_login_screen ( clean_whitespace ( $SCRIPT ) );
else {
do_redirect ( $login_url );
exit;
}
}
$is_nonuser = false;
if ( empty ( $login ) && $use_http_auth ) {
if ( strstr ( $PHP_SELF, "login.php" ) ) {
// Ignore since login.php will redirect to index.php.
} else
send_http_login ();
} else
if ( ! empty ( $login ) ) {
// They are already logged in ($login is set in validate.php).
if ( strstr ( $PHP_SELF, 'login.php' ) ) {
// Ignore since login.php will redirect to index.php.
} else
if ( $login == '__public__' ) {
$firstname = $lastname = $user_email = '';
$fullname = 'Public Access';
$is_admin = false;
} else {
user_load_variables ( $login, 'login_' );
if ( ! empty ( $login_login ) ) {
$firstname = $login_firstname;
$lastname = $login_lastname;
$fullname = $login_fullname;
$is_admin = ( $login_is_admin == 'Y' );
$is_nonuser = ( ! empty ( $GLOBALS['login_is_nonuser'] ) &&
$GLOBALS['login_is_nonuser'] );
$user_email = $login_email;
} else {
// Invalid login.
if ( $use_http_auth )
send_http_login ();
else
// This shouldn't happen since login should be validated in validate.php.
// If it does happen, it means we received an invalid login cookie.
do_redirect ( $login_url . '&error=Invalid+session+found.' );
}
}
}
// If they are accessing using the public login, restrict them from using
// certain pages.
$not_auth = false;
if ( ! empty ( $login ) && $login == '__public__' || $is_nonuser ) {
if ( strstr ( $PHP_SELF, 'views.php' ) ||
strstr ( $PHP_SELF, 'views_edit_handler.php' ) ||
strstr ( $PHP_SELF, 'category.php' ) ||
strstr ( $PHP_SELF, 'category_handler.php' ) ||
strstr ( $PHP_SELF, 'activity_log.php' ) ||
strstr ( $PHP_SELF, 'admin.php' ) ||
strstr ( $PHP_SELF, 'adminhome.php' ) ||
strstr ( $PHP_SELF, 'admin_handler.php' ) ||
strstr ( $PHP_SELF, 'groups.php' ) ||
strstr ( $PHP_SELF, 'group_edit_handler.php' ) ||
strstr ( $PHP_SELF, 'pref.php' ) ||
strstr ( $PHP_SELF, 'pref_handler.php' ) ||
strstr ( $PHP_SELF, 'edit_remotes.php' ) ||
strstr ( $PHP_SELF, 'edit_remotes_handler.php' ) ||
strstr ( $PHP_SELF, 'edit_user.php' ) ||
strstr ( $PHP_SELF, 'edit_user_handler.php' ) ||
strstr ( $PHP_SELF, 'approve_entry.php' ) ||
strstr ( $PHP_SELF, 'reject_entry.php' ) ||
strstr ( $PHP_SELF, 'del_entry.php' ) ||
strstr ( $PHP_SELF, 'set_entry_cat.php' ) ||
strstr ( $PHP_SELF, 'list_unapproved.php' ) ||
strstr ( $PHP_SELF, 'layers.php' ) ||
strstr ( $PHP_SELF, 'layer_toggle.php' ) ||
strstr ( $PHP_SELF, 'import.php' ) ||
strstr ( $PHP_SELF, 'import_handler.php' ) ||
strstr ( $PHP_SELF, 'edit_template.php' ) ) {
$not_auth = true;
}
}
if ( ! empty ( $login ) && ( empty ( $is_admin ) || ! $is_admin ) ) {
if ( strstr ( $PHP_SELF, 'admin.php' ) ||
strstr ( $PHP_SELF, 'admin_handler.php' ) ||
strstr ( $PHP_SELF, 'groups.php' ) ||
strstr ( $PHP_SELF, 'group_edit.php' ) ||
strstr ( $PHP_SELF, 'group_edit_handler.php' ) ||
strstr ( $PHP_SELF, 'activity_log.php' ) ) {
$not_auth = true;
}
}
// restrict access if calendar is read-only
if ( $readonly == 'Y' ) {
//if ( strstr ( $PHP_SELF, 'activity_log.php' ) ||
if ( strstr ( $PHP_SELF, 'adminhome.php' ) ||
strstr ( $PHP_SELF, 'admin.php' ) ||
strstr ( $PHP_SELF, 'approve_entry.php' ) ||
strstr ( $PHP_SELF, 'category_handler.php' ) ||
strstr ( $PHP_SELF, 'category.php' ) ||
strstr ( $PHP_SELF, 'del_entry.php' ) ||
strstr ( $PHP_SELF, 'edit_report_handler.php' ) ||
strstr ( $PHP_SELF, 'edit_report.php' ) ||
strstr ( $PHP_SELF, 'edit_template.php' ) ||
strstr ( $PHP_SELF, 'edit_user_handler.php' ) ||
strstr ( $PHP_SELF, 'edit_user.php' ) ||
strstr ( $PHP_SELF, 'group_edit_handler.php' ) ||
strstr ( $PHP_SELF, 'groups.php' ) ||
strstr ( $PHP_SELF, 'import_handler.php' ) ||
strstr ( $PHP_SELF, 'import_handler.php' ) ||
strstr ( $PHP_SELF, 'import.php' ) ||
strstr ( $PHP_SELF, 'layers.php' ) ||
strstr ( $PHP_SELF, 'layer_toggle.php' ) ||
strstr ( $PHP_SELF, 'list_unapproved.php' ) ||
strstr ( $PHP_SELF, 'pref_handler.php' ) ||
strstr ( $PHP_SELF, 'pref.php' ) ||
strstr ( $PHP_SELF, 'pref_handler.php' ) ||
strstr ( $PHP_SELF, 'purge.php' ) ||
strstr ( $PHP_SELF, 'register.php' ) ||
strstr ( $PHP_SELF, 'reject_entry.php' ) ||
strstr ( $PHP_SELF, 'set_entry_cat.php' ) ||
strstr ( $PHP_SELF, 'users.php' ) ||
strstr ( $PHP_SELF, 'views_edit_handler.php' ) ||
strstr ( $PHP_SELF, 'views.php' ) ) {
$not_auth = true;
}
}
// An attempt will be made to translate
if ( $not_auth ) {
load_user_preferences ();
$error = ( function_exists ( 'translate' )
? translate ( 'You are not authorized.' ) : 'You are not authorized.' );
die_miserable_death ( $error );
}
}
/* Initializations from includes/site-extras.php.
*
* This is a placeholder for now.
*
* @access private
*
* @todo Figure out what should go here.
*/
function _initSiteExtras () {
}
/* Initializations from includes/access.php.
*
* @access private
*/
function _initAccess () {
global $access_other_cals;
// Global variable used to cache permissions
$access_other_cals = array ();
}
/* Initializations from includes/translate.php.
*
* @access private
*/
function _initTranslate () {
global $lang, $lang_file, $LANGUAGE, $PUBLIC_ACCESS_FULLNAME,
$translation_loaded, $enable_mbstring;
if ( empty ( $LANGUAGE ) )
$LANGUAGE = 'English-US'; // Default
// If set to use browser settings,
// use the user's language preferences from their browser.
$lang = $LANGUAGE;
if ( $LANGUAGE == 'Browser-defined' || $LANGUAGE == 'none' ) {
$lang = get_browser_language ();
if ( $lang == 'none' )
$lang = '';
}
if ( strlen ( $lang ) == 0 || $lang == 'none' )
$lang = 'English-US'; // Default
$lang_file = 'translations/' . $lang . '.txt';
if (extension_loaded('mbstring')) {
$mb_lang = strtok($lang, '-');
if (mb_language($mb_lang) && mb_internal_encoding(translate('charset'))) {
$enable_mbstring = true;
} else {
$enable_mbstring = false;
}
}
$translation_loaded = false;
$PUBLIC_ACCESS_FULLNAME = 'Public Access'; // default
}
/* Gets the initialization phases for the page being viewed.
*
* @return array Array of initialization phases.
*
* @access private
*/
function _getPhases () {
global $user_inc;
foreach ( $this->_filePhaseMap as $pattern => $phases ) {
if ( preg_match ( $pattern, $this->_filename ) !== 0 )
return $phases;
}
die_miserable_death ( '_getPhases: could not find \'' . $this->_filename
. '\' in _filePhaseMap.' );
}
/* Gets the initialization steps for the current page and phase.
*
* @param int $phase Initialization phase number
*
* @return array Array of initialization steps.
*
* @access private
*/
function _getSteps ( $phase ) {
$phases = $this->_getPhases ();
return $phases[$phase - 1];
}
/* Performs initialization steps.
*
* @param int $phase Which step of initialization should we perform?
*
* @access private
*/
function _doInit ( $phase ) {
$steps = $this->_getSteps ( $phase );
foreach ( $steps as $step ) {
$function = "_init$step";
$this->$function ();
}
}
/* Begins initialization of WebCalendar.
*
* @param string $path Full path of page being viewed
*
* @access public
*/
function initializeFirstPhase () {
$this->_doInit ( 1 );
}
/* Continues initialization of WebCalendar.
*
* @param string $path Full path of page being viewed
*
* @access public
*/
function initializeSecondPhase () {
$this->_doInit ( 2 );
}
/* Sets the translation language.
*
* @access public
*/
function setLanguage () {
$this->_initTranslate ();
}
/* Construct an absolute path.
*
* @param string $path The path relative to the WebCalendar install directory
*
* @return string The absolute path
*/
function absolutePath ( $path ) {
return $this->_directory . $path;
}
}
?>