diff options
| author | Chad Little <clittle@users.sourceforge.net> | 2003-05-13 04:14:22 +0000 |
|---|---|---|
| committer | Chad Little <clittle@users.sourceforge.net> | 2003-05-13 04:14:22 +0000 |
| commit | 9e07f4f2019973e0a42d6b1e21534572efee8013 (patch) | |
| tree | c563774c0a1cc28a883818a24c84dd0a1cdd5f7f | |
| parent | 61c18056b9f85a789b789e7ddbe6fad09e74d92f (diff) | |
| download | phpicalendar-9e07f4f2019973e0a42d6b1e21534572efee8013.tar.gz phpicalendar-9e07f4f2019973e0a42d6b1e21534572efee8013.tar.bz2 phpicalendar-9e07f4f2019973e0a42d6b1e21534572efee8013.zip | |
part two of admin.php
| -rw-r--r-- | admin.php | 217 | ||||
| -rw-r--r-- | config.inc.php | 13 | ||||
| -rw-r--r-- | functions/upload_functions.php | 83 | ||||
| -rw-r--r-- | languages/english.inc.php | 3 |
4 files changed, 121 insertions, 195 deletions
@@ -1,10 +1,9 @@ <?php -// TODO - Remove before going live -//error_reporting (E_ALL); +session_start(); define('BASE', './'); include (BASE.'functions/init.inc.php'); -include (BASE.'functions/upload_functions.php'); +include (BASE.'functions/admin_functions.php'); // Redirect if administration is not allowed if ($allow_admin != "yes") { @@ -12,50 +11,31 @@ if ($allow_admin != "yes") { die(); } -// Load variables from forms, query strings, and cookies into local scope +// Load variables from forms and query strings into local scope if($HTTP_POST_VARS) {extract($HTTP_POST_VARS, EXTR_PREFIX_SAME, "post_");} if($HTTP_GET_VARS) {extract($HTTP_GET_VARS, EXTR_PREFIX_SAME, "get_");} -if($HTTP_COOKIE_VARS) {extract($HTTP_COOKIE_VARS, EXTR_PREFIX_SAME, "cookie_");} -// Logout by clearing user info in cookies +// Logout by clearing session variables if ($action == "logout") { - setcookie("md5_password",""); - setcookie("username",""); + $HTTP_SESSION_VARS['phpical_loggedin'] = FALSE; + unset($HTTP_SESSION_VARS['phpical_username']); + unset($HTTP_SESSION_VARS['phpical_password']); } -// if $external_auth == 'yes', don't do any authentication -if ($external_auth == "yes") { +// if $auth_method == 'none', don't do any authentication +if ($auth_method == "none") { $is_loged_in = TRUE; } // Check if The User is Identified else { $is_loged_in = FALSE; - if (isset($username) && $action != "logout") { - if (!isset($HTTP_COOKIE_VARS["md5_password"])) { - $md5_password = md5($password); - } - else { - $md5_password = $HTTP_COOKIE_VARS["md5_password"]; - } - if ($admin_username == $username && md5($admin_password) == $md5_password) { -//TODO lastusername doesn't appear to be working - $is_loged_in = TRUE; - setcookie("lastusername", $username, time()+1012324305); - setcookie("username", $username); - setcookie("md5_password", $md5_password); - } - else { - $login_error = "<font color=\"red\">$invalid_login_lang</font>"; - $is_loged_in = FALSE; - } + if (is_loggedin()) { + $is_loged_in = TRUE; } - - if ($is_loged_in == FALSE) { - setcookie("username",""); - setcookie("password",""); - setcookie("md5_password",""); + if (isset($username) && $action != "logout") { + $is_loged_in = login ($username, $password); } } @@ -68,17 +48,6 @@ else { <meta http-equiv="content-type" content="text/html;charset=UTF-8"> <title><?php echo "$admin_header_lang"; ?></title> <link rel="stylesheet" type="text/css" href="<?php echo BASE."styles/$style_sheet/default.css"; ?>"> - - <script> - <!-- - function verify(){ - msg = "<?php echo $confirm_lang; ?>"; - //all we have to do is return the return value of the confirm() method - return confirm(msg); - } - --> - </script> - </head> <body bgcolor="#FFFFFF"> <center> @@ -93,7 +62,7 @@ else { <tr> <td align="left" width="20" class="navback"> </td> <td align="center" class="navback" nowrap valign="middle"><font class="H20"><?php echo "$admin_header_lang"; ?></font></td> - <td align="right" width="20" class="navback" nowrap valign="middle"><font class="G10"><?php if ($external_auth != "yes" && $is_loged_in == TRUE) { echo "<a href=\"{$HTTP_SERVER_VARS['PHP_SELF']}?action=logout\">{$logout_lang}</a>"; } ?></font> </td> + <td align="right" width="20" class="navback" nowrap valign="middle"><font class="G10"><?php if ($auth_method != "none" && $is_loged_in == TRUE) { echo "<a href=\"{$HTTP_SERVER_VARS['PHP_SELF']}?action=logout\">{$logout_lang}</a>"; } ?></font> </td> </tr> <tr> <td colspan="3" class="dayborder"><img src="images/spacer.gif" width="1" height="5" alt=" "></td> @@ -108,12 +77,15 @@ else { // If User is Not Logged In, Display The Login Page if ($is_loged_in == FALSE) { + if (isset($username)) + $login_error = "<font color=\"red\">$invalid_login_lang</font>"; + echo <<<EOT <form action="{$HTTP_SERVER_VARS['PHP_SELF']}" method="post"> <table cellspacing="0" cellpadding="0"> <tr> <td nowrap>{$username_lang}: </td> - <td align="left"><input type="text" name="username" value="$lastusername"></td> + <td align="left"><input type="text" name="username"></td> </tr> <tr> <td>{$password_lang}: </td> @@ -156,32 +128,44 @@ EOT; // Add or Update a calendar if ($action == "addupdate") { - $addupdate_success = FALSE; - if (!is_uploaded_file_v4($HTTP_POST_FILES['calfile']['tmp_name'])) { - $upload_error = get_upload_error($HTTP_POST_FILES['calfile']); - } - elseif (!is_uploaded_ics($HTTP_POST_FILES['calfile']['name'])) { - $upload_error = $upload_error_type_lang; - } - // copy() should be replaced with move_uploaded_file(), but only if we can require PHP 4 >= 4.0.3 - elseif (!copy($HTTP_POST_FILES['calfile']['tmp_name'], $calendar_path . "/" . $HTTP_POST_FILES['calfile']['name'])) { - $upload_error = $copy_error_lang . " " . $HTTP_POST_FILES['calfile']['tmp_name'] . " - " . $calendar_path . "/" . $HTTP_POST_FILES['calfile']['name']; - } - else { - $addupdate_success = TRUE; + $addupdate_msg = ""; + + for($filenumber=1; $filenumber<6; $filenumber++) { + $file = $HTTP_POST_FILES['calfile']; + $addupdate_success = FALSE; + + if (!is_uploaded_file_v4($file['tmp_name'][$filenumber])) { + $upload_error = get_upload_error($file['error'][$filenumber]); + } + elseif (!is_uploaded_ics($file['name'][$filenumber])) { + $upload_error = $upload_error_type_lang; + } + elseif (!copy_cal($file['tmp_name'][$filenumber], $file['name'][$filenumber])) { + $upload_error = $copy_error_lang . " " . $file['tmp_name'][$filenumber] . " - " . $calendar_path . "/" . $file['name'][$filenumber]; + } + else { + $addupdate_success = TRUE; + } + + if ($addupdate_success) + $addupdate_msg = $addupdate_msg . "<font color=\"green\">{$cal_file_lang} {$filenumber}: {$action_success_lang}</font><br>"; + else + $addupdate_msg = $addupdate_msg . "<font color=\"red\">{$cal_file_lang} {$filenumber}: {$upload_error}</font><br>"; } } // Delete a calendar // Not at all secure - need to strip out path info if used by users besides admin in the future if ($action == "delete") { - $delete_success = FALSE; - - if (!unlink($calendar_path . "/" . urldecode($delete_calendar))) { - $delete_error = $delete_error_lang . " " . $calendar_path . "/" . urldecode($delete_calendar); - } - else { - $delete_success = TRUE; + $delete_msg = ""; + + foreach ($delete_calendar as $filename) { + if (!delete_cal(urldecode($filename))) { + $delete_msg = $delete_msg . "<font color=\"red\">" . $delete_error_lang . " " . urldecode(substr($filename,0,-4)) . "</font><br>"; + } + else { + $delete_msg = $delete_msg . "<font color=\"green\">" . urldecode(substr($filename,0,-4)) . " " . $delete_success_lang . "</font><br>"; + } } } @@ -190,70 +174,93 @@ if ($action == "delete") { <h2><?php echo $addupdate_cal_lang; ?></h2> <p><?php echo $addupdate_desc_lang; ?></p> -<form action="<?php echo $HTTP_SERVER_VARS['PHP_SELF']; ?>" method="post" enctype="multipart/form-data" <?php if($confirm_changes != "no") { echo "onSubmit=\"return verify()\""; } ?> > +<form action="<?php echo $HTTP_SERVER_VARS['PHP_SELF']; ?>" method="post" enctype="multipart/form-data"> <input type="hidden" name="action" value="addupdate"> <table border="0" cellspacing="0"> <tr> - <td nowrap><?php echo $cal_file_lang; ?>: </td> - <td><input type="file" name="calfile"></td> + <td nowrap><?php echo $cal_file_lang; ?> 1: </td> + <td><input type="file" name="calfile[1]"></td> + </tr> + <tr> + <td nowrap><?php echo $cal_file_lang; ?> 2: </td> + <td><input type="file" name="calfile[2]"></td> + </tr> + <tr> + <td nowrap><?php echo $cal_file_lang; ?> 3: </td> + <td><input type="file" name="calfile[3]"></td> + </tr> + <tr> + <td nowrap><?php echo $cal_file_lang; ?> 4: </td> + <td><input type="file" name="calfile[4]"></td> + </tr> + <tr> + <td nowrap><?php echo $cal_file_lang; ?> 5: </td> + <td><input type="file" name="calfile[5]"></td> </tr> <tr> <td> </td> <td><input type="submit" value="<?php echo $submit_lang; ?>"></td> </tr> <tr> - <td align="center" colspan="2"><?php if($addupdate_success) { echo "<font color=\"green\">{$action_success_lang}</font>"; } ?><font color="red"><?php echo $upload_error; ?></font> </td> + <td align="center" colspan="2"><?php echo $addupdate_msg; ?> </td> </tr> </table> </form> - + <h2><?php echo $delete_cal_lang; ?></h2> -<form action="<?php echo $HTTP_SERVER_VARS['PHP_SELF']; ?>" method="post" <?php if($confirm_changes != "no") { echo "onSubmit=\"return verify()\""; } ?> > +<form action="<?php echo $HTTP_SERVER_VARS['PHP_SELF']; ?>" method="post"> <input type="hidden" name="action" value="delete"> <table border="0" cellspacing="0"> - <tr> - <td nowrap><?php echo $cal_file_lang; ?>: </td> - <td> - <?php + <?php - // Begin Calendar Selection - // - print "<select name=\"delete_calendar\">\n"; - $filelist = get_calendar_files($calendar_path); - foreach ($filelist as $file) { - $cal_filename_tmp = substr($file,0,-4); - $cal_tmp = urlencode($file); - $cal_displayname_tmp = str_replace("32", " ", $cal_filename_tmp); - print "<option value=\"$cal_tmp\">$cal_displayname_tmp $calendar_lang</option>\n"; - } - print "</select>\n"; - ?> - </td> - </tr> - <tr> - <td> </td> - <td><input type="submit" value="<?php echo $submit_lang; ?>"></td> - </tr> - <tr> - <td align="center" colspan="2"><?php if($delete_success) { echo "<font color=\"green\">{$action_success_lang}</font>"; } ?><font color="red"><?php echo $delete_error; ?></font> </td> + // Print Calendar Checkboxes + // + $COLUMNS_TO_PRINT = 3; + $column = 1; + $filelist = get_calendar_files($calendar_path); + foreach ($filelist as $file) { + if ($column > $COLUMNS_TO_PRINT) { + echo "</tr>"; + $column = 1; + } + if ($column == 1) { + echo "<tr>"; + } + + $cal_filename_tmp = substr($file,0,-4); + $cal_tmp = urlencode($file); + $cal_displayname_tmp = str_replace("32", " ", $cal_filename_tmp); + + echo "<td align=\"left\"><input name=\"delete_calendar[]\" value=\"$cal_tmp\" type=\"checkbox\">$cal_displayname_tmp</td>\n"; + + $column++; + } + // Print remaining empty columns if necessary + $number_of_columns = count($filelist); + while (gettype($number_of_columns/$COLUMNS_TO_PRINT) != "integer") { + echo "<td> </td>"; + $number_of_columns++; + } + ?> </tr> </table> + <p><input type="submit" value="<?php echo $delete_lang; ?>"></p> + <p><?php echo $delete_msg; ?> </p> </form> - -<?php -echo " </td> </tr> </table> </td> </tr> -</table>"; +</table> -include (BASE.'includes/footer.inc.php'); -echo "</center> - </body> - </html>"; -?> +<?php include (BASE.'includes/footer.inc.php'); ?> + + +</center> +</body> +</html> + diff --git a/config.inc.php b/config.inc.php index 1f6489e..0f2984f 100644 --- a/config.inc.php +++ b/config.inc.php @@ -47,12 +47,13 @@ $show_todos = 'yes'; // Show your todo list on the side of day and week vie $show_completed = 'yes'; // Show completed todos on your todo list. // Administration settings -$allow_admin = 'yes'; // Set to yes to allow the admin page - remember to change the default password -$external_auth = 'no'; // Set to yes if external authentication (such as HTTP Authentication) is used and no authentican should be performed by PHP iCalendar -$admin_username = 'clittle'; // The username for the administrator -$admin_password = 'jackhamm3r'; // change this if allow_admin is set to yes -$confirm_changes = 'yes'; // Set to no to eliminate the confirmation popup on administration form submits - +$allow_admin = 'yes'; // Set to yes to allow the admin page - remember to change the default password if using 'internal' as the $auth_method +$auth_method = 'ftp'; // Valid values are: 'ftp', 'internal', or 'none'. 'ftp' uses the ftp server's username and password as well as ftp commands to delete and copy files. 'internal' uses $auth_internal_username and $auth_internal_password defined below - CHANGE the password. 'none' uses NO authentication - meant to be used with another form of authentication such as http basic. +$auth_internal_username = 'admin'; // Only used if $auth_method='internal'. The username for the administrator. +$auth_internal_password = 'default'; // Only used if $auth_method='internal'. The password for the administrator. +$ftp_server = 'localhost'; // Only used if $auth_method='ftp'. The ftp server name. 'localhost' will work for most servers. +$ftp_calendar_path = ''; // Only used if $auth_method='ftp'. The full path to the calendar directory on the ftp server. If = '', will attempt to deduce the path based on $calendar_path, but may not be accurate depending on ftp server config. + $blacklisted_cals[] = ''; // Fill in between the quotes the name of the calendars $blacklisted_cals[] = ''; // you wish to 'blacklist' or that you don't want to show up in your calendar $blacklisted_cals[] = ''; // list. This should be the exact calendar filename without .ics diff --git a/functions/upload_functions.php b/functions/upload_functions.php index 376e3cd..e69de29 100644 --- a/functions/upload_functions.php +++ b/functions/upload_functions.php @@ -1,83 +0,0 @@ -<?php -// Is the file uploaded truly a file via HTTP POST - used to thwart a user from trying to trick the script from working on other files -// -// arg0: string filename -// returns boolean is the uploaded a file -function is_uploaded_file_v4 ($filename) { - if (!$tmp_file = get_cfg_var('upload_tmp_dir')) { - $tmp_file = dirname(tempnam('', '')); - } - $tmp_file .= '/' . basename($filename); - // For Windows compat - $filename = str_replace ("\\", "/", $filename); - $tmp_file = str_replace ("\\", "/", $tmp_file); - // User might have trailing slash in php.ini... - return (ereg_replace('/+', '/', $tmp_file) == $filename); -} - -// return the appropriate error message if the file upload had an error -// -// arg0: array file array from $HTTP_POST_FILES -// returns string error message -function get_upload_error ($uploaded_file) { - global $php_error_lang; - global $upload_error_lang; - global $upload_error_gen_lang; - - if (isset($uploaded_file['error'])) { - // This is only available in PHP >= 4.2.0 - $error = $php_error_lang . " "; - switch($uploaded_file['error']) { - case 0: //no error; possible file attack! - case 1: //uploaded file exceeds the upload_max_filesize directive in php.ini - case 2: //uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the html form - case 3: //uploaded file was only partially uploaded - case 4: //no file was uploaded - $error = $error . $uploaded_file['error'] . ": " . $upload_error_lang[$uploaded_file['error']]; - break; - default: //a default error, just in case! :) - $error = $error . $uploaded_file['error'] . ": " . $upload_error_gen_lang; - break; - } - } - else { - $error = $upload_error_gen_lang; - } - - return $error; -} - -// Check to see that the file has an .ics extension -// -// arg0: string filename -// returns booloean does the filename end in .ics -function is_uploaded_ics ($filename) { - // Check the file extension for .ics. Can also check the the mime type, but it's not reliable so why bother... - if(preg_match("/.ics$/i", $filename)) { - return TRUE; - } - else { - return FALSE; - } -} - -// Get all calendar filenames (not including path) -// -// argo: string path to calendar files -// returns array filenames (not including path) -function get_calendar_files($calendar_path) { - global $error_path_lang; - - $dir_handle = @opendir($calendar_path) or die(error(sprintf($error_path_lang, $calendar_path))); - $filelist = array(); - while ($file = readdir($dir_handle)) { - if (substr($file, -4) == ".ics") { - array_push($filelist, $file); - } - } - closedir($dir_handle); - natcasesort($filelist); - return $filelist; -} - -?>
\ No newline at end of file diff --git a/languages/english.inc.php b/languages/english.inc.php index 664922e..5a1daa6 100644 --- a/languages/english.inc.php +++ b/languages/english.inc.php @@ -102,7 +102,6 @@ $addupdate_desc_lang = 'Add a calendar by uploading a new file. Update a calenda $delete_cal_lang = 'Delete a Calendar'; $logout_lang = 'Logout'; $cal_file_lang = 'Calendar File'; -$confirm_lang = 'Are you sure?'; $php_error_lang = 'PHP Error'; $upload_error_gen_lang = 'There was a problem with your upload.'; $upload_error_lang[0] = 'There was a problem with your upload.'; @@ -113,8 +112,10 @@ $upload_error_lang[4] = 'You must select a file for upload.'; $upload_error_type_lang = 'Only .ics files may be uploaded.'; $copy_error_lang = 'Failed to copy file'; $delete_error_lang = 'Failed to delete file'; +$delete_success_lang = 'was deleted successfully.'; $action_success_lang = 'Your action was successful.'; $submit_lang = 'Submit'; +$delete_lang = 'Delete'; |