aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorWesley Miaw <josuah@users.sourceforge.net>2004-05-14 21:09:16 +0000
committerWesley Miaw <josuah@users.sourceforge.net>2004-05-14 21:09:16 +0000
commit911d0baa7862a6e1e0c9129ab4177ff9712a319c (patch)
tree4748165c6c77d70701406e28a30d4482f8cfcb30
parent7abcabed195eafe55c9973644cffc72c38b74c9c (diff)
downloadphpicalendar-911d0baa7862a6e1e0c9129ab4177ff9712a319c.tar.gz
phpicalendar-911d0baa7862a6e1e0c9129ab4177ff9712a319c.tar.bz2
phpicalendar-911d0baa7862a6e1e0c9129ab4177ff9712a319c.zip
Implemented user login via cookies and/or sessions with templates.
-rw-r--r--config.inc.php1
-rw-r--r--day.php13
-rw-r--r--functions/init.inc.php52
-rw-r--r--functions/template.php2
-rw-r--r--functions/userauth_functions.php143
-rw-r--r--templates/default/sidebar.tpl37
-rw-r--r--week.php13
7 files changed, 216 insertions, 45 deletions
diff --git a/config.inc.php b/config.inc.php
index 11d4deb..74e901d 100644
--- a/config.inc.php
+++ b/config.inc.php
@@ -44,6 +44,7 @@ $printview_default = 'no'; // Set print view as the default view. day, week,
$show_todos = 'yes'; // Show your todo list on the side of day and week view.
$show_completed = 'no'; // Show completed todos on your todo list.
$allow_login = 'no'; // Set to yes to prompt for login to unlock calendars.
+$login_cookies = 'no'; // Set to yes to store authentication information via (unencrypted) cookies. Set to no to use sessions.
// Webdav style publishing
$phpicalendar_publishing = ''; // Set to '1' to enable remote webdav style publish. See 'calendars/publish.php' for complete information;
diff --git a/day.php b/day.php
index bfa8d4b..053e8e9 100644
--- a/day.php
+++ b/day.php
@@ -33,6 +33,12 @@ $list_weeks = list_weeks();
$list_jumps = list_jumps();
$list_calcolors = list_calcolors();
+// login/logout
+$is_logged_in = ($username != '' && !$invalid_login) ? true : false;
+$show_user_login = (!$is_logged_in && $allow_login);
+$login_querys = login_querys();
+$logout_querys = logout_querys();
+
$page = new Page(BASE.'templates/'.$template.'/day.tpl');
$page->replace_tags(array(
@@ -56,7 +62,12 @@ $page->replace_tags(array(
'next_day' => $next_day,
'prev_day' => $prev_day,
'show_goto' => '',
- 'is_logged_in' => '',
+ 'show_user_login' => $show_user_login,
+ 'invalid_login' => $invalid_login,
+ 'login_querys' => $login_querys,
+ 'is_logged_in' => $is_logged_in,
+ 'username' => $username,
+ 'logout_querys' => $logout_querys,
'list_icals' => $list_icals,
'list_years' => $list_years,
'list_months' => $list_months,
diff --git a/functions/init.inc.php b/functions/init.inc.php
index 5be4847..68ef2b7 100644
--- a/functions/init.inc.php
+++ b/functions/init.inc.php
@@ -21,6 +21,7 @@ if (!defined('BASE')) define('BASE', './');
include_once(BASE.'config.inc.php');
include_once(BASE.'functions/error.php');
include_once(BASE.'functions/calendar_functions.php');
+include_once(BASE.'functions/userauth_functions.php');
if (isset($HTTP_COOKIE_VARS['phpicalendar'])) {
$phpicalendar = unserialize(stripslashes($HTTP_COOKIE_VARS['phpicalendar']));
if (isset($phpicalendar['cookie_language'])) $language = $phpicalendar['cookie_language'];
@@ -38,47 +39,16 @@ if ($cookie_uri == '') {
if ($bleed_time == '') $bleed_time = $day_start;
-// If not HTTP authenticated, try login via cookies or the web page.
-$username = ''; $password = '';
-if (!isset($_SERVER['PHP_AUTH_USER'])) {
- // Look for a login cookie.
- if (isset($HTTP_COOKIE_VARS['phpicalendar_login'])) {
- $login_cookie = unserialize(stripslashes($HTTP_COOKIE_VARS['phpicalendar_login']));
- if (isset($login_cookie['username'])) $username = $login_cookie['username'];
- if (isset($login_cookie['password'])) $password = $login_cookie['password'];
- }
-
- // Look for a new username and password.
- if (isset($HTTP_GET_VARS['username'])) $username = $HTTP_GET_VARS['username'];
- else if (isset($HTTP_POST_VARS['username'])) $username = $HTTP_POST_VARS['username'];
- if (isset($HTTP_GET_VARS['password'])) $password = $HTTP_GET_VARS['password'];
- else if (isset($HTTP_POST_VARS['password'])) $password = $HTTP_POST_VARS['password'];
-
- // Grab the action (login or logout).
- if (isset($HTTP_GET_VARS['action'])) $action = $HTTP_GET_VARS['action'];
- else if (isset($HTTP_POST_VARS['action'])) $action = $HTTP_POST_VARS['action'];
- else $action = '';
-
- // Check to make sure the username and password is valid.
- if ($action == 'login' && !key_exists("$username:$password", $locked_map)) {
- // Don't login, instead logout.
- $action = 'logout';
-
- // Remember the invalid login, because we may want to
- // display a message elsewhere.
- $invalid_login = true;
- } else {
- $invalid_login = false;
- }
-
- // Set the login cookie if logging in. Clear it if logging out.
- if ($action == 'login') {
- $the_cookie = serialize(array('username' => $username, 'password' => $password));
- setcookie('phpicalendar_login', $the_cookie, time()+(60*60*24*7*12*10), '/', $cookie_uri, 0);
- } else if ($action == 'logout') {
- setcookie('phpicalendar_login', '', time()-(60*60*24*7), '/', $cookie_uri, 0);
- $username = ''; $password = '';
- }
+// Grab the action (login or logout).
+if (isset($HTTP_GET_VARS['action'])) $action = $HTTP_GET_VARS['action'];
+else if (isset($HTTP_POST_VARS['action'])) $action = $HTTP_POST_VARS['action'];
+else $action = '';
+
+// Login and/or logout.
+list($username, $password, $invalid_login) = user_login();
+if ($action != 'login') $invalid_login = false;
+if ($action == 'logout' || $invalid_login) {
+ list($username, $password) = user_logout();
}
// language support
diff --git a/functions/template.php b/functions/template.php
index 4c2ebb5..481069d 100644
--- a/functions/template.php
+++ b/functions/template.php
@@ -869,4 +869,4 @@ class Page {
print($this->page);
}
}
-?>
+?> \ No newline at end of file
diff --git a/functions/userauth_functions.php b/functions/userauth_functions.php
new file mode 100644
index 0000000..403076d
--- /dev/null
+++ b/functions/userauth_functions.php
@@ -0,0 +1,143 @@
+<?php
+// Generate the login query string.
+//
+// Returns the login query string.
+function login_querys() {
+ global $QUERY_STRING;
+
+ // Remove the username, password, and action values.
+ $querys = preg_replace('/(username|password|action)=[^&]+/', '', $QUERY_STRING);
+
+ // Return the login query string.
+ $querys = preg_replace('/&&/', '', $querys);
+ return $querys;
+}
+
+// Generate the logout query string.
+//
+// Returns the logout query string.
+function logout_querys() {
+ global $QUERY_STRING;
+
+ // Make sure the action is logout.
+ $querys = preg_replace('/action=[^&]+/', 'action=logout', $QUERY_STRING);
+ if ($querys == $QUERY_STRING) $querys .= '&action=logout';
+
+ // Remove references to the username or password.
+ $querys = preg_replace('/(username|password)=[^&]+/', '', $querys);
+
+ // Return the logout query string.
+ $querys = preg_replace('/&&/', '', $querys);
+ return $querys;
+}
+
+// Authenticate the user. The submitted login data is checked for
+// validity against the locked map. The login data will be saved in
+// cookies or the session depending on the configuration. The variable
+// $invalid_login will be set true or false depending on whether or not
+// a valid login was found.
+//
+// This authentication method only applies to non-HTTP authentication.
+//
+// Returns the username and password found, which will be empty strings
+// if no valid login is found. Returns a boolean invalid_login to
+// indicate that the login is invalid.
+function user_login() {
+ global $HTTP_COOKIE_VARS, $HTTP_GET_VARS, $HTTP_POST_VARS, $_SERVER;
+ global $login_cookies, $cookie_uri, $locked_map;
+
+ // Initialize return values.
+ $invalid_login = false;
+ $username = ''; $password = '';
+
+ // If not HTTP authenticated, try login via cookies or the web page.
+ if (isset($_SERVER['PHP_AUTH_USER'])) {
+ return array($username, $password, $invalid_login);
+ }
+
+ // Look for a login cookie.
+ if ($login_cookies == 'yes' &&
+ isset($HTTP_COOKIE_VARS['phpicalendar_login']))
+ {
+ $login_cookie = unserialize(stripslashes($HTTP_COOKIE_VARS['phpicalendar_login']));
+ if (isset($login_cookie['username']) &&
+ isset($login_cookie['password']))
+ {
+ $username = $login_cookie['username'];
+ $password = $login_cookie['password'];
+ }
+ }
+
+ // Look for session authentication.
+ if ($login_cookies != 'yes') {
+ if (!session_id()) {
+ session_start();
+ setcookie(session_name(), session_id(), time()+(60*60*24*7*12*10), '/', $cookie_uri, 0);
+ }
+ if (isset($_SESSION['username']) &&
+ isset($_SESSION['password']))
+ {
+ $username = $_SESSION['username'];
+ $password = $_SESSION['password'];
+ }
+ }
+
+ // Look for a new username and password.
+ if (isset($HTTP_GET_VARS['username']) &&
+ isset($HTTP_GET_VARS['password']))
+ {
+ $username = $HTTP_GET_VARS['username'];
+ $password = $HTTP_GET_VARS['password'];
+ } else if (isset($HTTP_POST_VARS['username']) &&
+ isset($HTTP_POST_VARS['password']))
+ {
+ $username = $HTTP_POST_VARS['username'];
+ $password = $HTTP_POST_VARS['password'];
+ }
+
+ // Check to make sure the username and password is valid.
+ if (!key_exists("$username:$password", $locked_map)) {
+ // Remember the invalid login, because we may want to display
+ // a message elsewhere or check validity.
+ return array($username, $password, true);
+ }
+
+ // Set the login cookie or session authentication values.
+ if ($login_cookies == 'yes') {
+ $the_cookie = serialize(array('username' => $username, 'password' => $password));
+ setcookie('phpicalendar_login', $the_cookie, time()+(60*60*24*7*12*10), '/', $cookie_uri, 0);
+ } else {
+ $_SESSION['username'] = $username;
+ $_SESSION['password'] = $password;
+ }
+
+ // Return the username and password.
+ return array($username, $password, $invalid_login);
+}
+
+// Logout the user. The username and password stored in cookies or the
+// session will be deleted.
+//
+// Returns an empty username and password.
+function user_logout() {
+ global $login_cookies, $cookie_uri;
+
+ // Clear the login cookie or session authentication values.
+ if ($login_cookies == 'yes') {
+ setcookie('phpicalendar_login', '', time()-(60*60*24*7), '/', $cookie_uri, 0);
+ } else {
+ // Check if the session has already been started.
+ if (!session_id()) {
+ session_start();
+ setcookie(session_name(), session_id(), time()+(60*60*24*7*12*10), '/', $cookie_uri, 0);
+ }
+
+ // Clear the session authentication values.
+ unset($_SESSION['username']);
+ unset($_SESSION['password']);
+ }
+
+ // Return empty username and password.
+ return array('', '');
+}
+?>
diff --git a/templates/default/sidebar.tpl b/templates/default/sidebar.tpl
index 48b3585..7df2dff 100644
--- a/templates/default/sidebar.tpl
+++ b/templates/default/sidebar.tpl
@@ -1,3 +1,38 @@
+<!-- switch show_user_login on -->
+<form style="margin-bottom:0;" action="{CURRENT_VIEW}.php?{LOGIN_QUERYS}" method="GET">
+<input type="hidden" name="action" value="login">
+<table width="170" border="0" cellpadding="0" cellspacing="0" class="calborder">
+ <tr>
+ <td colspan="2" align="center" class="sideback"><div style="height: 17px; margin-top: 3px;" class="G10BOLD">{L_LOGIN}</div></td>
+ </tr>
+ <!-- switch invalid_login on -->
+ <tr>
+ <td colspan="2" bgcolor="#FFFFFF" align="left">
+ <div style="padding-left: 5px; padding-top: 5px; padding-right: 5px;">
+ <font color="red">{L_INVALID_LOGIN}</font>
+ </div>
+ </td>
+ </tr>
+ <!-- switch invalid_login off -->
+ <tr>
+ <td bgcolor="#FFFFFF" align="left" valign="middle"><div style="padding-left: 5px; padding-top: 5px;">Username:</div></td>
+ <td bgcolor="#FFFFFF" align="right" valign="middle"><div style="padding-right: 5px; padding-top: 5px;"><input type="text" name="username" size="10"></div></td>
+ </tr>
+ <tr>
+ <td bgcolor="#FFFFFF" align="left" valign="middle"><div style="padding-left: 5px; padding-bottom: 5px;">Password:</div></td>
+ <td bgcolor="#FFFFFF" align="right" valign="middle"><div style="padding-right: 5px; padding-bottom: 5px;"><input type="password" name="password" size="10"></div></td>
+ </tr>
+</table>
+</form>
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr>
+ <td class="tbll"><img src="images/spacer.gif" alt="" width="8" height="4" /></td>
+ <td class="tblbot"><img src="images/spacer.gif" alt="" width="8" height="4" /></td>
+ <td class="tblr"><img src="images/spacer.gif" alt="" width="8" height="4" /></td>
+ </tr>
+</table>
+<img src="images/spacer.gif" width="1" height="10" alt=" " /><br />
+<!-- switch show_user_login off -->
<table width="170" border="0" cellpadding="0" cellspacing="0" class="calborder">
<tr>
<td align="left" valign="top" width="24" class="sideback"><a class="psf" href="day.php?cal={CAL}&amp;getdate={PREV_DAY}"><img src="templates/{TEMPLATE}/images/left_arrows.gif" alt="{L_PREV}" width="16" height="20" border="0" align="left"></a></td>
@@ -17,7 +52,7 @@
<a class="psf" href="{SUBSCRIBE_PATH}">{L_SUBSCRIBE}</a>&nbsp;|&nbsp;<a class="psf" href="{DOWNLOAD_FILENAME}">{L_DOWNLOAD}</a><br>
<!-- switch display_download off -->
<!-- switch is_logged_in on -->
- <a class="psf" href="{SCRIPT_NAME}?{QUERYS}">Logout {USERNAME}</a>
+ <a class="psf" href="{CURRENT_VIEW}.php?{LOGOUT_QUERYS}">{L_LOGOUT} {USERNAME}</a>
<!-- switch is_logged_in off -->
</div>
</td>
diff --git a/week.php b/week.php
index 1bf410d..42a74ef 100644
--- a/week.php
+++ b/week.php
@@ -36,6 +36,12 @@ $list_weeks = list_weeks();
$list_jumps = list_jumps();
$list_calcolors = list_calcolors();
+// login/logout
+$is_logged_in = ($username != '' && !$invalid_login) ? true : false;
+$show_user_login = (!$is_logged_in && $allow_login);
+$login_querys = login_querys();
+$logout_querys = logout_querys();
+
$page = new Page(BASE.'templates/'.$template.'/week.tpl');
$page->replace_tags(array(
@@ -61,7 +67,12 @@ $page->replace_tags(array(
'prev_day' => $prev_day,
'prev_week' => $prev_week,
'show_goto' => '',
- 'is_logged_in' => '',
+ 'show_user_login' => $show_user_login,
+ 'invalid_login' => $invalid_login,
+ 'login_querys' => $login_querys,
+ 'is_logged_in' => $is_logged_in,
+ 'username' => $username,
+ 'logout_querys' => $logout_querys,
'list_icals' => $list_icals,
'list_years' => $list_years,
'list_months' => $list_months,

© 2014-2024 Faster IT GmbH | imprint | privacy policy