0byt3m1n1
Path:
/
data
/
applications
/
aps.bak
/
webcalendar
/
1.2.0-4
/
standard
/
htdocs
/
includes
/
classes
/
[
Home
]
File: WebCalendar.class
<?php /* Declares the WebCalendar class. * * @author Adam Roben <adam.roben@gmail.com> * @copyright Craig Knudsen, <cknudsen@cknudsen.com>, http://www.k5n.us/cknudsen * @license http://www.gnu.org/licenses/gpl.html GNU GPL * @version $Id: WebCalendar.class,v 1.108.2.11 2008/09/28 00:40:06 cknudsen Exp $ * @package WebCalendar */ /* The WebCalendar. * * Right now this class's functionality is limited to initialization routines. * * @todo Get rid of all the global variables. * @todo Organize initialization steps more logically. */ class WebCalendar { /* Filename of the page the user is viewing. * * @var string * * @access private */ var $_filename; /* WebCalendar install directory. * * @var string * * @access private */ var $_directory; /* A map from filenames to initialization phases. * * This array holds the initialization steps for each page. Steps are * separated into phases, and listed in the order they should be executed, * and are the names of the WebCalendar::methods that should be called, * without the `_Init' prefix. * * @var array * * @access private * * @todo Make it possible to distinguish between files in different directories * (e.g. login.php and ws/login.php). */ var $_filePhaseMap = array ( '/^(about|nulogin|login|login-app|register|controlpanel|upcoming)\.php$/' => array ( array ( 'Config', 'PHPDBI', 'Functions' ), array ( 'User', 'Connect' ) ), '/^(ajax|css_cacher|js_cacher|icalclient|freebusy|publish|rss|rss_unapproved|rss_activity_log|get_reminders|get_events|ws)\.php$/' => array ( array ( 'Config', 'PHPDBI', 'Functions' ), array ( 'User', 'Validate', 'Connect', 'SiteExtras', 'Access' ) ), '/^convert_passwords\.php$/' => array ( array ( 'Config', 'PHPDBI' ), array () ), '/^send_reminders|reload_remotes\.php$/' => array ( array ( 'Config', 'PHPDBI', 'Functions' ), array ( 'User', 'SiteExtras' ) ), /* This is for files which have called include('includes/init.php'). */ '/^init\.php$/' => array ( array ( 'InitFirstPhase', 'Config', 'PHPDBI', 'Functions' ), array ( 'User', 'Validate', 'Connect', 'SiteExtras', 'Access', 'InitSecondPhase' ) ) ); /* WebCalendar constructor. * * @param string $path Full path of file being viewed. * * @return WebCalendar New WebCalendar object. * * @access public */ function WebCalendar ( $path ) { $this->_filename = basename ( $path ); $this->_directory = dirname ( __FILE__ ) . '/../../'; // Define a value to prevent direct access to files. define ( '_ISVALID', 1 ); } // cek: This function is used by some other apps that I have developed // but have not released. function addExternalPage ( $pattern, $initArray ) { $this->_filePhaseMap[$pattern] = $initArray; } /* First part of initializations from includes/init.php. * * @access private */ function _initInitFirstPhase () { global $DMW, $HTTP_GET_VARS, $HTTP_POST_VARS, $PHP_SELF, $SCRIPT, $self, $special, $user_inc; // Make sure another app in the same domain doesn't have a 'user' cookie. if ( empty ( $HTTP_GET_VARS ) ) $HTTP_GET_VARS = $_GET; if ( empty ( $HTTP_POST_VARS ) ) $HTTP_POST_VARS = $_POST; if ( ! empty ( $HTTP_GET_VARS ) && empty ( $HTTP_GET_VARS['user'] ) && ! empty ( $HTTP_POST_VARS ) && empty ( $HTTP_POST_VARS['user'] ) && isset ( $GLOBALS['user'] ) ) unset ( $GLOBALS['user'] ); // Get script name. $self = $_SERVER['PHP_SELF']; if ( empty ( $self ) ) $self = $PHP_SELF; preg_match ( '/\/(\w+\.php)/', $self, $match ); $SCRIPT = $match[1]; // Several files need a no-cache header and some of the same code. $special = array ( 'month.php', 'day.php', 'week.php', 'week_details.php', 'year.php', 'minical.php' ); $DMW = in_array ( $SCRIPT, $special ); // Unset some variables that shouldn't be set. unset ( $user_inc ); } /* Second part of initializations from includes/init.php. * * @access private */ function _initInitSecondPhase () { global $ALLOW_VIEW_OTHER, $can_add, $can_add, $cat_id, $CATEGORIES_ENABLED, $CATEGORY_VIEW, $caturl, $date, $DMW, $friendly, $override, $fullname, $GROUPS_ENABLED, $hour, $id, $is_admin, $is_assistant, $is_nonuser, $login, $minute, $month, $NONUSER_ENABLED, $nonusers, $ovrd, $PUBLIC_ACCESS, $PUBLIC_ACCESS_CAN_ADD, $PUBLIC_ACCESS_FULLNAME, $PUBLIC_ACCESS_OTHERS, $readonly, $u_url, $user, $user_fullname, $USER_SEES_ONLY_HIS_GROUPS, $userlist, $valid_user, $year; load_global_settings (); $this->setLanguage (); if ( empty ( $ovrd ) ) load_user_preferences (); // Error-check some commonly used form variable names. $cat_id = getValue ( 'cat_id', '[\-0-9]+' ); $date = getValue ( 'date', '[0-9]+' ); $friendly = getValue ( 'friendly', '[01]' ); $override = getValue ( 'override', '[01]' ); $hour = getValue ( 'hour', '[0-9]+' ); $id = getValue ( 'id', '[0-9]+', true ); $minute = getValue ( 'minute', '[0-9]+' ); $month = getValue ( 'month', '[0-9]+' ); $user = getValue ( 'user', '[A-Za-z0-9_\.=@,\-]*', true ); $year = getValue ( 'year', '[0-9]+' ); if ( empty ( $PUBLIC_ACCESS ) ) $PUBLIC_ACCESS = 'N'; // Initialize access settings ($user_access string) // and make sure user is allowed to view the current page. access_init (); if ( ! access_can_view_page () ) { $user_BGCOLOR = get_pref_setting ( $login, 'BGCOLOR' ); echo '<html> <head> <title>' . generate_application_name () . ' ' . translate ( 'Error' ) . '</title> </head> <body bgcolor="' . $user_BGCOLOR . '"> ' . print_not_auth ( true ) . ' </body> </html>'; exit; } $can_add = false; // Load if $SCRIPT is in $special array: if ( $DMW ) { // Tell the browser not to cache. // send_no_cache_header (); if ( $ALLOW_VIEW_OTHER != 'Y' && ! $is_admin && ! $is_assistant ) $user = ''; $can_add = ( $readonly == 'N' || $is_admin == 'Y' ); if ( $PUBLIC_ACCESS == 'Y' && $login == '__public__' ) { if ( $PUBLIC_ACCESS_CAN_ADD != 'Y' ) $can_add = false; if ( $PUBLIC_ACCESS_OTHERS != 'Y' ) $user = ''; // Security precaution. } if ( $is_nonuser ) $can_add = false; if ( $GROUPS_ENABLED == 'Y' && $USER_SEES_ONLY_HIS_GROUPS == 'Y' && ! $is_admin ) { $userlist = get_my_users (); $valid_user = false; if ( ! empty ( $NONUSER_ENABLED ) && $NONUSER_ENABLED == 'Y' ) { $nonusers = get_my_nonusers ( $login, true ); $userlist = array_merge ( $nonusers, $userlist ); } for ( $i = 0; $i < count ( $userlist ); $i++ ) { if ( $user == $userlist[$i]['cal_login'] ) $valid_user = true; } if ( ! $valid_user ) $user = ''; // Security precaution. } if ( ! empty ( $user ) ) { $u_url = 'user=' . $user . '&'; user_load_variables ( $user, 'user_' ); if ( $user == '__public__' ) $user_fullname = translate ( $PUBLIC_ACCESS_FULLNAME ); } else { $u_url = ''; $user_fullname = $fullname; if ( $login == '__public__' ) $user_fullname = translate ( $PUBLIC_ACCESS_FULLNAME ); } set_today ( $date ); remember_this_view (); if ( $CATEGORIES_ENABLED == 'Y' ) { if ( ! empty ( $cat_id ) ) { } elseif ( ! empty ( $CATEGORY_VIEW ) && ! isset ( $_GET['cat_id'] ) ) $cat_id = $CATEGORY_VIEW; else $cat_id = ''; } else $cat_id = ''; $caturl = ( empty ( $cat_id ) ? '' : '&cat_id=' . $cat_id ); } } /* Initializations from includes/assert.php. * * @access private */ function _initAssert () { // Initialize assert options. assert_options ( ASSERT_CALLBACK, 'assert_handler' ); assert_options ( ASSERT_ACTIVE, 1 ); } /* Initializations from includes/config.php. * * @access private */ function _initConfig () { do_config ( $this->absolutePath ( 'includes/settings.php' ) ); } /* Initializations from includes/dbi4php.php. * * @access private */ function _initPHPDBI () { global $phpdbiVerbose; // Enable the following to show the actual database error in the browser. // It is more secure to not show this info, so this should only be turned // on for debugging purposes. if ( ! isset ( $phpdbiVerbose ) ) $phpdbiVerbose = false; } /* Initializations from includes/functions.php. * * @access private */ function _initFunctions () { global $byday_names, $byday_values, $days_per_month, $db_login, $db_password, $ldays_per_month, $offsets, $PHP_SELF, $settings, $weekday_names; /**#@+ * Used for activity log. */ define ( 'LOG_APPROVE', 'A' ); define ( 'LOG_APPROVE_J', 'P' ); define ( 'LOG_APPROVE_T', 'H' ); define ( 'LOG_ATTACHMENT', 'T' ); define ( 'LOG_COMMENT', 'M' ); define ( 'LOG_CREATE', 'C' ); define ( 'LOG_CREATE_J', 'I' ); define ( 'LOG_CREATE_T', 'G' ); define ( 'LOG_DELETE', 'D' ); define ( 'LOG_DELETE_J', 'V' ); define ( 'LOG_DELETE_T', 'L' ); define ( 'LOG_LOGIN_FAILURE', 'x' ); define ( 'LOG_NEWUSER_EMAIL', 'E' ); define ( 'LOG_NEWUSER_FULL', 'F' ); define ( 'LOG_NOTIFICATION', 'N' ); define ( 'LOG_REJECT', 'X' ); define ( 'LOG_REJECT_J', 'Q' ); define ( 'LOG_REJECT_T', 'J' ); define ( 'LOG_REMINDER', 'R' ); define ( 'LOG_UPDATE', 'U' ); define ( 'LOG_UPDATE_J', 'S' ); define ( 'LOG_UPDATE_T', 'K' ); define ( 'LOG_USER_ADD', 'a' ); define ( 'LOG_USER_DELETE', 'd' ); define ( 'LOG_USER_UPDATE', 'u' ); /**#@-*/ /* Number of seconds in: */ define ( 'ONE_HOUR', 3600 ); define ( 'ONE_DAY', 86400 ); define ( 'ONE_WEEK', 604800 ); /* Arrays containing the number of days in each month * in a leap year and a non-leap year. * * @global array $ldays_per_month * @global array $days_per_month */ $ldays_per_month = $days_per_month = array ( 0, 31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31 ); $ldays_per_month[2] = 29; /* Array containing the short names for the days of the week. * * @global array $weekday_names */ $weekday_names = array ( 'Sun', 'Mon', 'Tue', 'Wed', 'Thu', 'Fri', 'Sat' ); /* Array containing the BYDAY names for the days of the week. * * @global array $byday_name */ $byday_names = array ( 'SU', 'MO', 'TU', 'WE', 'TH', 'FR', 'SA' ); /* Array containing the number value of the days of the week. * * @global array $days_per_week */ $days_of_week = array_flip ( $weekday_names ); /* Array containing the number value of the ical ByDay abbreviations. * * @global array $byday_values */ $byday_values = array_flip ( $byday_names ); /* Pull out cookies and place them in global variables */ if ( ! empty ( $_COOKIE['webcalendar_session'] ) ) $GLOBALS['webcalendar_session'] = $_COOKIE['webcalendar_session']; if ( ! empty ( $_COOKIE['webcalendar_login'] ) ) $GLOBALS['webcalendar_login'] = $_COOKIE['webcalendar_login']; if ( ! empty ( $_COOKIE['webcalendar_last_view'] ) ) $GLOBALS['webcalendar_last_view'] = $_COOKIE['webcalendar_last_view']; if ( ! empty ( $_COOKIE['webcalendar_csscache'] ) ) $GLOBALS['webcalendar_csscache'] = $_COOKIE['webcalendar_csscache']; // Don't allow a user to put "login=XXX" in the URL // if they are not coming from the login.php page. if ( empty ( $PHP_SELF ) && ! empty ( $_SERVER['PHP_SELF'] ) ) $PHP_SELF = $_SERVER['PHP_SELF']; // Backward compatibility. if ( empty ( $PHP_SELF ) ) $PHP_SELF = ''; // This happens when running send_reminders.php from CL. if ( ! strstr ( $PHP_SELF, 'login.php' ) && ! empty ( $GLOBALS['login'] ) ) $GLOBALS['login'] = ''; // Define an array to use to jumble up the key: $offsets // We define a unique key to scramble the cookie we generate. // We use the admin install password that the user set to make // the salt unique for each WebCalendar install. $salt = ( ! empty ( $settings ) && ! empty ( $settings['install_password'] ) ? $settings['install_password'] : md5 ( $db_login ) ); $salt_len = strlen ( $salt ); $salt2 = md5 ( empty ( $db_password ) ? 'oogabooga' : $db_password ); $salt2_len = strlen ( $salt2 ); $offsets = array (); for ( $i = 0; $i < $salt_len || $i < $salt2_len; $i++ ) { $offsets[$i] = 0; if ( $i < $salt_len ) $offsets[$i] += ord ( substr ( $salt, $i, 1 ) ); if ( $i < $salt2_len ) $offsets[$i] += ord ( substr ( $salt2, $i, 1 ) ); $offsets[$i] %= 128; } } /* Initializations from includes/user*.php. * * This is a placeholder for now. We are letting includes/user*.php handle * its own initialization. * * @access private * * @todo Make an Authentication interface class and create a subclass for * each user*.php page. */ function _initUser () { } /* Initializations from includes/validate.php. * * @access private */ function _initValidate () { global $c, $cryptpw, $db_database, $db_host, $db_login, $db_password, $encoded_login, $HTTP_ENV_VARS, $HTTP_SERVER_VARS, $is_nonuser, $login, $login_return_path, $PHP_AUTH_USER, $REMOTE_USER, $SCRIPT, $session_not_found, $settings, $single_user, $single_user_login, $use_http_auth, $user_inc, $validate_redirect, $webcalendar_session; /* If WebCalendar is configured to use http authentication, then we can * use _initValidate (). If we are not using http auth, icalclient.php will * create its own http auth since an iCal client cannot login via a * web-based login. Publish.php does need to validate if not http_auth. */ if ( ! $use_http_auth && ( $this->_filename == 'css_cacher.php' || $this->_filename == 'icalclient.php' || $this->_filename == 'rss_unapproved.php' || $this->_filename == 'rss_activity_log.php' || $this->_filename == 'js_cacher.php' || $this->_filename == 'publish.php' ) ) { return; } $is_nonuser = $session_not_found = $validate_redirect = false; // Catch-all for getting the username when using HTTP-authentication. if ( $use_http_auth ) { if ( empty ( $PHP_AUTH_USER ) ) { if ( ! empty ( $_SERVER ) && isset ( $_SERVER['PHP_AUTH_USER'] ) ) $PHP_AUTH_USER = $_SERVER['PHP_AUTH_USER']; else if ( ! empty ( $HTTP_SERVER_VARS ) && isset ( $HTTP_SERVER_VARS['PHP_AUTH_USER'] ) ) $PHP_AUTH_USER = $HTTP_SERVER_VARS['PHP_AUTH_USER']; else if ( isset ( $REMOTE_USER ) ) $PHP_AUTH_USER = $REMOTE_USER; else if ( ! empty ( $_ENV ) && isset ( $_ENV['REMOTE_USER'] ) ) $PHP_AUTH_USER = $_ENV['REMOTE_USER']; else if ( ! empty ( $HTTP_ENV_VARS ) && isset ( $HTTP_ENV_VARS['REMOTE_USER'] ) ) $PHP_AUTH_USER = $HTTP_ENV_VARS['REMOTE_USER']; else if ( @getenv ( 'REMOTE_USER' ) ) $PHP_AUTH_USER = getenv ( 'REMOTE_USER' ); else if ( isset ( $AUTH_USER ) ) $PHP_AUTH_USER = $AUTH_USER; else if ( ! empty ( $_ENV ) && isset ( $_ENV['AUTH_USER'] ) ) $PHP_AUTH_USER = $_ENV['AUTH_USER']; else if ( ! empty ( $HTTP_ENV_VARS ) && isset ( $HTTP_ENV_VARS['AUTH_USER'] ) ) $PHP_AUTH_USER = $HTTP_ENV_VARS['AUTH_USER']; else if ( @getenv ( 'AUTH_USER' ) ) $PHP_AUTH_USER = getenv ( 'AUTH_USER' ); } } if ( $single_user == 'Y' ) $login = $single_user_login; else { if ( $use_http_auth ) { // HTTP server did validation for us.... if ( empty ( $PHP_AUTH_USER ) ) $session_not_found = true; else $login = $PHP_AUTH_USER; } else if ( substr ( $user_inc, 0, 9 ) == 'user-app-' ) { // Make sure we are connected to the database for session check. $c = @dbi_connect ( $db_host, $db_login, $db_password, $db_database ); if ( ! $c ) die_miserable_death ( 'Error connecting to database:<blockquote>' . dbi_error () . '</blockquote>' ); // Use another application's authentication. if ( $login != user_logged_in () ) $session_not_found = true; } else { @session_start (); if ( ! empty ( $_SESSION['webcal_login'] ) ) $login = $_SESSION['webcal_login']; if ( ! empty ( $_SESSION['webcalendar_session'] ) ) $webcalendar_session = $_SESSION['webcalendar_session']; if ( empty ( $login ) && empty ( $webcalendar_session ) ) $session_not_found = true; else if ( empty ( $_SESSION['webcal_login'] ) && // Check for cookie... ! empty ( $webcalendar_session ) ) { $encoded_login = $webcalendar_session; if ( empty ( $encoded_login ) ) // Invalid session cookie. $session_not_found = true; else { $login_pw = split( '\|', decode_string ( $encoded_login ) ); $login = $login_pw[0]; $cryptpw = $login_pw[1]; // Security fix. Don't allow certain types of characters in // the login. WebCalendar does not escape the login name in // SQL requests. So, if the user were able to set the login // name to be "x';drop table u;", // they may be able to affect the database. // NOTE: we also changed the cookie encoding from WebCalendar 1.0.X // to WebCalendar 1.1.X+, so this causes a bad cookie error. if ( ! empty ( $login ) && $login != addslashes ( $login ) ) { // The following deletes the bad cookie. So, the user just needs // to reload. SetCookie ( 'webcalendar_session', '', 0 ); die_miserable_death ( 'Illegal characters in login <tt>' . htmlentities ( $login ) . '</tt>' . "Press browser reload to clear bad cookie." ); } // Make sure we are connected to the database for password check. $c = @dbi_connect ( $db_host, $db_login, $db_password, $db_database ); if ( ! $c ) die_miserable_death ( 'Error connecting to database:<blockquote>' . dbi_error () . '</blockquote>' ); doDbSanityCheck (); if ( $cryptpw == 'nonuser' ) { if ( ! nonuser_load_variables ( $login, 'nutemp_' ) ) // No such nonuser cal. die_miserable_death ( 'Invalid nonuser calendar.' ); if ( empty ( $GLOBALS['nutemp_is_public'] ) || $GLOBALS['nutemp_is_public'] != 'Y' ) die_miserable_death ( 'Nonuser calendar is not public.' ); $is_nonuser = true; } else if ( ! user_valid_crypt ( $login, $cryptpw ) ) do_redirect ( 'login.php' . ( empty ( $login_return_path ) ? '' : '?return_path=' . $login_return_path ) ); @session_start (); $_SESSION['webcal_login'] = $login; $_SESSION['webcalendar_session'] = $webcalendar_session; } } } } } /* Initializations from includes/connect.php. * * @access private */ function _initConnect () { global $c, $db_database, $db_host, $db_login, $db_password, $firstname, $fullname, $is_admin, $is_nonuser, $LANGUAGE, $lastname, $login, $login_email, $login_firstname, $login_fullname, $login_is_admin, $login_lastname, $login_login, $login_url, $not_auth, $PHP_AUTH_USER, $PHP_SELF, $PROGRAM_VERSION, $pub_acc_enabled, $PUBLIC_ACCESS_CAN_ADD, $readonly, $SCRIPT, $session_not_found, $single_user, $single_user_login, $use_http_auth, $user_email, $user_inc; // db settings are in config.php. // Establish a database connection. // This may have happened in validate.php, depending on settings. // If not, do it now. if ( empty ( $c ) ) { $c = dbi_connect ( $db_host, $db_login, $db_password, $db_database ); if ( ! $c ) die_miserable_death ( 'Error connecting to database:<blockquote>' . dbi_error () . '</blockquote>' ); // Do a sanity check on the database, // making sure we can at least access the webcal_config table. if ( function_exists ( 'doDbSanityCheck' ) ) doDbSanityCheck (); // Check the current installation version. // Redirect user to install page if it is different from stored value. // This will prevent running WebCalendar until UPGRADING.html has been // read and required upgrade actions completed. $rows = dbi_get_cached_rows ( 'SELECT cal_value FROM webcal_config WHERE cal_setting = \'WEBCAL_PROGRAM_VERSION\'' ); if ( $rows ) { $row = $rows[0]; if ( $row[0] != $PROGRAM_VERSION ) { // & does not work here...leave it as & header ( 'Location: install/index.php?action=mismatch&version=' . $row[0] ); exit;} } } // If we are in single user mode, // make sure that the login selected is a valid login. if ( $single_user == 'Y' ) { if ( empty ( $single_user_login ) ) die_miserable_death ( 'You have not defined <tt>single_user_login</tt> ' . 'in <tt>includes/settings.php</tt>' ); $res = dbi_execute ( 'SELECT COUNT( * ) FROM webcal_user WHERE cal_login = ?', array ( $single_user_login ) ); if ( ! $res ) { echo 'Database error: ' . dbi_error (); exit; } $row = dbi_fetch_row ( $res ); if ( $row[0] == 0 ) { // User specified as single_user_login does not exist. if ( ! dbi_execute ( 'INSERT INTO webcal_user ( cal_login, cal_passwd, cal_is_admin ) VALUES ( ?, ?, ? )', array ( $single_user_login, md5 ( $single_user_login ), 'Y' ) ) ) die_miserable_death ( 'User <tt>' . $single_user_login . '</tt> does not exist in <tt>webcal_user</tt> table and we were ' . 'not able to add it for you:<br /><blockquote>' . dbi_error () . '</blockquote>' ); // User was added... should we tell them? } dbi_free_result ( $res ); } // Global settings have not been loaded yet, so check for public_access now. $rows = dbi_get_cached_rows ( 'SELECT cal_value FROM webcal_config WHERE cal_setting = \'PUBLIC_ACCESS\'' ); if ( $rows ) { $row = $rows[0]; } $pub_acc_enabled = ( ! empty ( $row ) && $row[0] == 'Y' ); if ( $pub_acc_enabled ) { $rows = dbi_get_cached_rows ( 'SELECT cal_value FROM webcal_config WHERE cal_setting = \'PUBLIC_ACCESS_CAN_ADD\'' ); if ( $rows && $row == $rows[0] ) $PUBLIC_ACCESS_CAN_ADD = $row[0]; } if ( empty ( $PHP_SELF ) ) $PHP_SELF = $_SERVER['PHP_SELF']; if ( empty ( $login_url ) ) $login_url = 'login.php'; $login_url .= ( strstr ( $login_url, '?' ) ? '&' : '?' ) . ( empty ( $login_return_path ) ? '' : 'return_path=' . $login_return_path ); // If sent here from an email and not logged in, //save URI and redirect to login. $em = getGetValue ( 'em' ); $view_via_email = false; if ( ! empty ( $em ) && empty ( $login ) ) { remember_this_view (); $view_via_email = true; } if ( empty ( $session_not_found ) ) $session_not_found = false; if ( ! $view_via_email && $pub_acc_enabled && ! empty ( $session_not_found ) ) { $firstname = $lastname = $user_email = ''; $fullname = 'Public Access'; // Will be translated after translation is loaded. $is_admin = false; $login = '__public__'; } else if ( $view_via_email || ( ! $pub_acc_enabled && $session_not_found && ! $use_http_auth ) ) { if ( substr ( $user_inc, 0, 9 ) == 'user-app-' ) app_login_screen ( clean_whitespace ( $SCRIPT ) ); else { do_redirect ( $login_url ); exit; } } $is_nonuser = false; if ( empty ( $login ) && $use_http_auth ) { if ( strstr ( $PHP_SELF, "login.php" ) ) { // Ignore since login.php will redirect to index.php. } else send_http_login (); } else if ( ! empty ( $login ) ) { // They are already logged in ($login is set in validate.php). if ( strstr ( $PHP_SELF, 'login.php' ) ) { // Ignore since login.php will redirect to index.php. } else if ( $login == '__public__' ) { $firstname = $lastname = $user_email = ''; $fullname = 'Public Access'; $is_admin = false; } else { user_load_variables ( $login, 'login_' ); if ( ! empty ( $login_login ) ) { $firstname = $login_firstname; $lastname = $login_lastname; $fullname = $login_fullname; $is_admin = ( $login_is_admin == 'Y' ); $is_nonuser = ( ! empty ( $GLOBALS['login_is_nonuser'] ) && $GLOBALS['login_is_nonuser'] ); $user_email = $login_email; } else { // Invalid login. if ( $use_http_auth ) send_http_login (); else // This shouldn't happen since login should be validated in validate.php. // If it does happen, it means we received an invalid login cookie. do_redirect ( $login_url . '&error=Invalid+session+found.' ); } } } // If they are accessing using the public login, restrict them from using // certain pages. $not_auth = false; if ( ! empty ( $login ) && $login == '__public__' || $is_nonuser ) { if ( strstr ( $PHP_SELF, 'views.php' ) || strstr ( $PHP_SELF, 'views_edit_handler.php' ) || strstr ( $PHP_SELF, 'category.php' ) || strstr ( $PHP_SELF, 'category_handler.php' ) || strstr ( $PHP_SELF, 'activity_log.php' ) || strstr ( $PHP_SELF, 'admin.php' ) || strstr ( $PHP_SELF, 'adminhome.php' ) || strstr ( $PHP_SELF, 'admin_handler.php' ) || strstr ( $PHP_SELF, 'groups.php' ) || strstr ( $PHP_SELF, 'group_edit_handler.php' ) || strstr ( $PHP_SELF, 'pref.php' ) || strstr ( $PHP_SELF, 'pref_handler.php' ) || strstr ( $PHP_SELF, 'edit_remotes.php' ) || strstr ( $PHP_SELF, 'edit_remotes_handler.php' ) || strstr ( $PHP_SELF, 'edit_user.php' ) || strstr ( $PHP_SELF, 'edit_user_handler.php' ) || strstr ( $PHP_SELF, 'approve_entry.php' ) || strstr ( $PHP_SELF, 'reject_entry.php' ) || strstr ( $PHP_SELF, 'del_entry.php' ) || strstr ( $PHP_SELF, 'set_entry_cat.php' ) || strstr ( $PHP_SELF, 'list_unapproved.php' ) || strstr ( $PHP_SELF, 'layers.php' ) || strstr ( $PHP_SELF, 'layer_toggle.php' ) || strstr ( $PHP_SELF, 'import.php' ) || strstr ( $PHP_SELF, 'import_handler.php' ) || strstr ( $PHP_SELF, 'edit_template.php' ) ) { $not_auth = true; } } if ( ! empty ( $login ) && ( empty ( $is_admin ) || ! $is_admin ) ) { if ( strstr ( $PHP_SELF, 'admin.php' ) || strstr ( $PHP_SELF, 'admin_handler.php' ) || strstr ( $PHP_SELF, 'groups.php' ) || strstr ( $PHP_SELF, 'group_edit.php' ) || strstr ( $PHP_SELF, 'group_edit_handler.php' ) || strstr ( $PHP_SELF, 'activity_log.php' ) ) { $not_auth = true; } } // restrict access if calendar is read-only if ( $readonly == 'Y' ) { //if ( strstr ( $PHP_SELF, 'activity_log.php' ) || if ( strstr ( $PHP_SELF, 'adminhome.php' ) || strstr ( $PHP_SELF, 'admin.php' ) || strstr ( $PHP_SELF, 'approve_entry.php' ) || strstr ( $PHP_SELF, 'category_handler.php' ) || strstr ( $PHP_SELF, 'category.php' ) || strstr ( $PHP_SELF, 'del_entry.php' ) || strstr ( $PHP_SELF, 'edit_report_handler.php' ) || strstr ( $PHP_SELF, 'edit_report.php' ) || strstr ( $PHP_SELF, 'edit_template.php' ) || strstr ( $PHP_SELF, 'edit_user_handler.php' ) || strstr ( $PHP_SELF, 'edit_user.php' ) || strstr ( $PHP_SELF, 'group_edit_handler.php' ) || strstr ( $PHP_SELF, 'groups.php' ) || strstr ( $PHP_SELF, 'import_handler.php' ) || strstr ( $PHP_SELF, 'import_handler.php' ) || strstr ( $PHP_SELF, 'import.php' ) || strstr ( $PHP_SELF, 'layers.php' ) || strstr ( $PHP_SELF, 'layer_toggle.php' ) || strstr ( $PHP_SELF, 'list_unapproved.php' ) || strstr ( $PHP_SELF, 'pref_handler.php' ) || strstr ( $PHP_SELF, 'pref.php' ) || strstr ( $PHP_SELF, 'pref_handler.php' ) || strstr ( $PHP_SELF, 'purge.php' ) || strstr ( $PHP_SELF, 'register.php' ) || strstr ( $PHP_SELF, 'reject_entry.php' ) || strstr ( $PHP_SELF, 'set_entry_cat.php' ) || strstr ( $PHP_SELF, 'users.php' ) || strstr ( $PHP_SELF, 'views_edit_handler.php' ) || strstr ( $PHP_SELF, 'views.php' ) ) { $not_auth = true; } } // An attempt will be made to translate if ( $not_auth ) { load_user_preferences (); $error = ( function_exists ( 'translate' ) ? translate ( 'You are not authorized.' ) : 'You are not authorized.' ); die_miserable_death ( $error ); } } /* Initializations from includes/site-extras.php. * * This is a placeholder for now. * * @access private * * @todo Figure out what should go here. */ function _initSiteExtras () { } /* Initializations from includes/access.php. * * @access private */ function _initAccess () { global $access_other_cals; // Global variable used to cache permissions $access_other_cals = array (); } /* Initializations from includes/translate.php. * * @access private */ function _initTranslate () { global $lang, $lang_file, $LANGUAGE, $PUBLIC_ACCESS_FULLNAME, $translation_loaded, $enable_mbstring; if ( empty ( $LANGUAGE ) ) $LANGUAGE = 'English-US'; // Default // If set to use browser settings, // use the user's language preferences from their browser. $lang = $LANGUAGE; if ( $LANGUAGE == 'Browser-defined' || $LANGUAGE == 'none' ) { $lang = get_browser_language (); if ( $lang == 'none' ) $lang = ''; } if ( strlen ( $lang ) == 0 || $lang == 'none' ) $lang = 'English-US'; // Default $lang_file = 'translations/' . $lang . '.txt'; if (extension_loaded('mbstring')) { $mb_lang = strtok($lang, '-'); if (mb_language($mb_lang) && mb_internal_encoding(translate('charset'))) { $enable_mbstring = true; } else { $enable_mbstring = false; } } $translation_loaded = false; $PUBLIC_ACCESS_FULLNAME = 'Public Access'; // default } /* Gets the initialization phases for the page being viewed. * * @return array Array of initialization phases. * * @access private */ function _getPhases () { global $user_inc; foreach ( $this->_filePhaseMap as $pattern => $phases ) { if ( preg_match ( $pattern, $this->_filename ) !== 0 ) return $phases; } die_miserable_death ( '_getPhases: could not find \'' . $this->_filename . '\' in _filePhaseMap.' ); } /* Gets the initialization steps for the current page and phase. * * @param int $phase Initialization phase number * * @return array Array of initialization steps. * * @access private */ function _getSteps ( $phase ) { $phases = $this->_getPhases (); return $phases[$phase - 1]; } /* Performs initialization steps. * * @param int $phase Which step of initialization should we perform? * * @access private */ function _doInit ( $phase ) { $steps = $this->_getSteps ( $phase ); foreach ( $steps as $step ) { $function = "_init$step"; $this->$function (); } } /* Begins initialization of WebCalendar. * * @param string $path Full path of page being viewed * * @access public */ function initializeFirstPhase () { $this->_doInit ( 1 ); } /* Continues initialization of WebCalendar. * * @param string $path Full path of page being viewed * * @access public */ function initializeSecondPhase () { $this->_doInit ( 2 ); } /* Sets the translation language. * * @access public */ function setLanguage () { $this->_initTranslate (); } /* Construct an absolute path. * * @param string $path The path relative to the WebCalendar install directory * * @return string The absolute path */ function absolutePath ( $path ) { return $this->_directory . $path; } } ?>