diff options
author | Wesley Miaw <josuah@users.sourceforge.net> | 2004-05-14 21:09:16 +0000 |
---|---|---|
committer | Wesley Miaw <josuah@users.sourceforge.net> | 2004-05-14 21:09:16 +0000 |
commit | 911d0baa7862a6e1e0c9129ab4177ff9712a319c (patch) | |
tree | 4748165c6c77d70701406e28a30d4482f8cfcb30 | |
parent | 7abcabed195eafe55c9973644cffc72c38b74c9c (diff) | |
download | phpicalendar-911d0baa7862a6e1e0c9129ab4177ff9712a319c.tar.gz phpicalendar-911d0baa7862a6e1e0c9129ab4177ff9712a319c.tar.bz2 phpicalendar-911d0baa7862a6e1e0c9129ab4177ff9712a319c.zip |
Implemented user login via cookies and/or sessions with templates.
-rw-r--r-- | config.inc.php | 1 | ||||
-rw-r--r-- | day.php | 13 | ||||
-rw-r--r-- | functions/init.inc.php | 52 | ||||
-rw-r--r-- | functions/template.php | 2 | ||||
-rw-r--r-- | functions/userauth_functions.php | 143 | ||||
-rw-r--r-- | templates/default/sidebar.tpl | 37 | ||||
-rw-r--r-- | week.php | 13 |
7 files changed, 216 insertions, 45 deletions
diff --git a/config.inc.php b/config.inc.php index 11d4deb..74e901d 100644 --- a/config.inc.php +++ b/config.inc.php @@ -44,6 +44,7 @@ $printview_default = 'no'; // Set print view as the default view. day, week, $show_todos = 'yes'; // Show your todo list on the side of day and week view. $show_completed = 'no'; // Show completed todos on your todo list. $allow_login = 'no'; // Set to yes to prompt for login to unlock calendars. +$login_cookies = 'no'; // Set to yes to store authentication information via (unencrypted) cookies. Set to no to use sessions. // Webdav style publishing $phpicalendar_publishing = ''; // Set to '1' to enable remote webdav style publish. See 'calendars/publish.php' for complete information; @@ -33,6 +33,12 @@ $list_weeks = list_weeks(); $list_jumps = list_jumps(); $list_calcolors = list_calcolors(); +// login/logout +$is_logged_in = ($username != '' && !$invalid_login) ? true : false; +$show_user_login = (!$is_logged_in && $allow_login); +$login_querys = login_querys(); +$logout_querys = logout_querys(); + $page = new Page(BASE.'templates/'.$template.'/day.tpl'); $page->replace_tags(array( @@ -56,7 +62,12 @@ $page->replace_tags(array( 'next_day' => $next_day, 'prev_day' => $prev_day, 'show_goto' => '', - 'is_logged_in' => '', + 'show_user_login' => $show_user_login, + 'invalid_login' => $invalid_login, + 'login_querys' => $login_querys, + 'is_logged_in' => $is_logged_in, + 'username' => $username, + 'logout_querys' => $logout_querys, 'list_icals' => $list_icals, 'list_years' => $list_years, 'list_months' => $list_months, diff --git a/functions/init.inc.php b/functions/init.inc.php index 5be4847..68ef2b7 100644 --- a/functions/init.inc.php +++ b/functions/init.inc.php @@ -21,6 +21,7 @@ if (!defined('BASE')) define('BASE', './'); include_once(BASE.'config.inc.php'); include_once(BASE.'functions/error.php'); include_once(BASE.'functions/calendar_functions.php'); +include_once(BASE.'functions/userauth_functions.php'); if (isset($HTTP_COOKIE_VARS['phpicalendar'])) { $phpicalendar = unserialize(stripslashes($HTTP_COOKIE_VARS['phpicalendar'])); if (isset($phpicalendar['cookie_language'])) $language = $phpicalendar['cookie_language']; @@ -38,47 +39,16 @@ if ($cookie_uri == '') { if ($bleed_time == '') $bleed_time = $day_start; -// If not HTTP authenticated, try login via cookies or the web page. -$username = ''; $password = ''; -if (!isset($_SERVER['PHP_AUTH_USER'])) { - // Look for a login cookie. - if (isset($HTTP_COOKIE_VARS['phpicalendar_login'])) { - $login_cookie = unserialize(stripslashes($HTTP_COOKIE_VARS['phpicalendar_login'])); - if (isset($login_cookie['username'])) $username = $login_cookie['username']; - if (isset($login_cookie['password'])) $password = $login_cookie['password']; - } - - // Look for a new username and password. - if (isset($HTTP_GET_VARS['username'])) $username = $HTTP_GET_VARS['username']; - else if (isset($HTTP_POST_VARS['username'])) $username = $HTTP_POST_VARS['username']; - if (isset($HTTP_GET_VARS['password'])) $password = $HTTP_GET_VARS['password']; - else if (isset($HTTP_POST_VARS['password'])) $password = $HTTP_POST_VARS['password']; - - // Grab the action (login or logout). - if (isset($HTTP_GET_VARS['action'])) $action = $HTTP_GET_VARS['action']; - else if (isset($HTTP_POST_VARS['action'])) $action = $HTTP_POST_VARS['action']; - else $action = ''; - - // Check to make sure the username and password is valid. - if ($action == 'login' && !key_exists("$username:$password", $locked_map)) { - // Don't login, instead logout. - $action = 'logout'; - - // Remember the invalid login, because we may want to - // display a message elsewhere. - $invalid_login = true; - } else { - $invalid_login = false; - } - - // Set the login cookie if logging in. Clear it if logging out. - if ($action == 'login') { - $the_cookie = serialize(array('username' => $username, 'password' => $password)); - setcookie('phpicalendar_login', $the_cookie, time()+(60*60*24*7*12*10), '/', $cookie_uri, 0); - } else if ($action == 'logout') { - setcookie('phpicalendar_login', '', time()-(60*60*24*7), '/', $cookie_uri, 0); - $username = ''; $password = ''; - } +// Grab the action (login or logout). +if (isset($HTTP_GET_VARS['action'])) $action = $HTTP_GET_VARS['action']; +else if (isset($HTTP_POST_VARS['action'])) $action = $HTTP_POST_VARS['action']; +else $action = ''; + +// Login and/or logout. +list($username, $password, $invalid_login) = user_login(); +if ($action != 'login') $invalid_login = false; +if ($action == 'logout' || $invalid_login) { + list($username, $password) = user_logout(); } // language support diff --git a/functions/template.php b/functions/template.php index 4c2ebb5..481069d 100644 --- a/functions/template.php +++ b/functions/template.php @@ -869,4 +869,4 @@ class Page { print($this->page); } } -?> +?>
\ No newline at end of file diff --git a/functions/userauth_functions.php b/functions/userauth_functions.php new file mode 100644 index 0000000..403076d --- /dev/null +++ b/functions/userauth_functions.php @@ -0,0 +1,143 @@ +<?php +// Generate the login query string. +// +// Returns the login query string. +function login_querys() { + global $QUERY_STRING; + + // Remove the username, password, and action values. + $querys = preg_replace('/(username|password|action)=[^&]+/', '', $QUERY_STRING); + + // Return the login query string. + $querys = preg_replace('/&&/', '', $querys); + return $querys; +} + +// Generate the logout query string. +// +// Returns the logout query string. +function logout_querys() { + global $QUERY_STRING; + + // Make sure the action is logout. + $querys = preg_replace('/action=[^&]+/', 'action=logout', $QUERY_STRING); + if ($querys == $QUERY_STRING) $querys .= '&action=logout'; + + // Remove references to the username or password. + $querys = preg_replace('/(username|password)=[^&]+/', '', $querys); + + // Return the logout query string. + $querys = preg_replace('/&&/', '', $querys); + return $querys; +} + +// Authenticate the user. The submitted login data is checked for +// validity against the locked map. The login data will be saved in +// cookies or the session depending on the configuration. The variable +// $invalid_login will be set true or false depending on whether or not +// a valid login was found. +// +// This authentication method only applies to non-HTTP authentication. +// +// Returns the username and password found, which will be empty strings +// if no valid login is found. Returns a boolean invalid_login to +// indicate that the login is invalid. +function user_login() { + global $HTTP_COOKIE_VARS, $HTTP_GET_VARS, $HTTP_POST_VARS, $_SERVER; + global $login_cookies, $cookie_uri, $locked_map; + + // Initialize return values. + $invalid_login = false; + $username = ''; $password = ''; + + // If not HTTP authenticated, try login via cookies or the web page. + if (isset($_SERVER['PHP_AUTH_USER'])) { + return array($username, $password, $invalid_login); + } + + // Look for a login cookie. + if ($login_cookies == 'yes' && + isset($HTTP_COOKIE_VARS['phpicalendar_login'])) + { + $login_cookie = unserialize(stripslashes($HTTP_COOKIE_VARS['phpicalendar_login'])); + if (isset($login_cookie['username']) && + isset($login_cookie['password'])) + { + $username = $login_cookie['username']; + $password = $login_cookie['password']; + } + } + + // Look for session authentication. + if ($login_cookies != 'yes') { + if (!session_id()) { + session_start(); + setcookie(session_name(), session_id(), time()+(60*60*24*7*12*10), '/', $cookie_uri, 0); + } + if (isset($_SESSION['username']) && + isset($_SESSION['password'])) + { + $username = $_SESSION['username']; + $password = $_SESSION['password']; + } + } + + // Look for a new username and password. + if (isset($HTTP_GET_VARS['username']) && + isset($HTTP_GET_VARS['password'])) + { + $username = $HTTP_GET_VARS['username']; + $password = $HTTP_GET_VARS['password']; + } else if (isset($HTTP_POST_VARS['username']) && + isset($HTTP_POST_VARS['password'])) + { + $username = $HTTP_POST_VARS['username']; + $password = $HTTP_POST_VARS['password']; + } + + // Check to make sure the username and password is valid. + if (!key_exists("$username:$password", $locked_map)) { + // Remember the invalid login, because we may want to display + // a message elsewhere or check validity. + return array($username, $password, true); + } + + // Set the login cookie or session authentication values. + if ($login_cookies == 'yes') { + $the_cookie = serialize(array('username' => $username, 'password' => $password)); + setcookie('phpicalendar_login', $the_cookie, time()+(60*60*24*7*12*10), '/', $cookie_uri, 0); + } else { + $_SESSION['username'] = $username; + $_SESSION['password'] = $password; + } + + // Return the username and password. + return array($username, $password, $invalid_login); +} + +// Logout the user. The username and password stored in cookies or the +// session will be deleted. +// +// Returns an empty username and password. +function user_logout() { + global $login_cookies, $cookie_uri; + + // Clear the login cookie or session authentication values. + if ($login_cookies == 'yes') { + setcookie('phpicalendar_login', '', time()-(60*60*24*7), '/', $cookie_uri, 0); + } else { + // Check if the session has already been started. + if (!session_id()) { + session_start(); + setcookie(session_name(), session_id(), time()+(60*60*24*7*12*10), '/', $cookie_uri, 0); + } + + // Clear the session authentication values. + unset($_SESSION['username']); + unset($_SESSION['password']); + } + + // Return empty username and password. + return array('', ''); +} +?> diff --git a/templates/default/sidebar.tpl b/templates/default/sidebar.tpl index 48b3585..7df2dff 100644 --- a/templates/default/sidebar.tpl +++ b/templates/default/sidebar.tpl @@ -1,3 +1,38 @@ +<!-- switch show_user_login on --> +<form style="margin-bottom:0;" action="{CURRENT_VIEW}.php?{LOGIN_QUERYS}" method="GET"> +<input type="hidden" name="action" value="login"> +<table width="170" border="0" cellpadding="0" cellspacing="0" class="calborder"> + <tr> + <td colspan="2" align="center" class="sideback"><div style="height: 17px; margin-top: 3px;" class="G10BOLD">{L_LOGIN}</div></td> + </tr> + <!-- switch invalid_login on --> + <tr> + <td colspan="2" bgcolor="#FFFFFF" align="left"> + <div style="padding-left: 5px; padding-top: 5px; padding-right: 5px;"> + <font color="red">{L_INVALID_LOGIN}</font> + </div> + </td> + </tr> + <!-- switch invalid_login off --> + <tr> + <td bgcolor="#FFFFFF" align="left" valign="middle"><div style="padding-left: 5px; padding-top: 5px;">Username:</div></td> + <td bgcolor="#FFFFFF" align="right" valign="middle"><div style="padding-right: 5px; padding-top: 5px;"><input type="text" name="username" size="10"></div></td> + </tr> + <tr> + <td bgcolor="#FFFFFF" align="left" valign="middle"><div style="padding-left: 5px; padding-bottom: 5px;">Password:</div></td> + <td bgcolor="#FFFFFF" align="right" valign="middle"><div style="padding-right: 5px; padding-bottom: 5px;"><input type="password" name="password" size="10"></div></td> + </tr> +</table> +</form> +<table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td class="tbll"><img src="images/spacer.gif" alt="" width="8" height="4" /></td> + <td class="tblbot"><img src="images/spacer.gif" alt="" width="8" height="4" /></td> + <td class="tblr"><img src="images/spacer.gif" alt="" width="8" height="4" /></td> + </tr> +</table> +<img src="images/spacer.gif" width="1" height="10" alt=" " /><br /> +<!-- switch show_user_login off --> <table width="170" border="0" cellpadding="0" cellspacing="0" class="calborder"> <tr> <td align="left" valign="top" width="24" class="sideback"><a class="psf" href="day.php?cal={CAL}&getdate={PREV_DAY}"><img src="templates/{TEMPLATE}/images/left_arrows.gif" alt="{L_PREV}" width="16" height="20" border="0" align="left"></a></td> @@ -17,7 +52,7 @@ <a class="psf" href="{SUBSCRIBE_PATH}">{L_SUBSCRIBE}</a> | <a class="psf" href="{DOWNLOAD_FILENAME}">{L_DOWNLOAD}</a><br> <!-- switch display_download off --> <!-- switch is_logged_in on --> - <a class="psf" href="{SCRIPT_NAME}?{QUERYS}">Logout {USERNAME}</a> + <a class="psf" href="{CURRENT_VIEW}.php?{LOGOUT_QUERYS}">{L_LOGOUT} {USERNAME}</a> <!-- switch is_logged_in off --> </div> </td> @@ -36,6 +36,12 @@ $list_weeks = list_weeks(); $list_jumps = list_jumps(); $list_calcolors = list_calcolors(); +// login/logout +$is_logged_in = ($username != '' && !$invalid_login) ? true : false; +$show_user_login = (!$is_logged_in && $allow_login); +$login_querys = login_querys(); +$logout_querys = logout_querys(); + $page = new Page(BASE.'templates/'.$template.'/week.tpl'); $page->replace_tags(array( @@ -61,7 +67,12 @@ $page->replace_tags(array( 'prev_day' => $prev_day, 'prev_week' => $prev_week, 'show_goto' => '', - 'is_logged_in' => '', + 'show_user_login' => $show_user_login, + 'invalid_login' => $invalid_login, + 'login_querys' => $login_querys, + 'is_logged_in' => $is_logged_in, + 'username' => $username, + 'logout_querys' => $logout_querys, 'list_icals' => $list_icals, 'list_years' => $list_years, 'list_months' => $list_months, |