diff options
| author | Chad Little <clittle@users.sourceforge.net> | 2004-10-01 22:26:25 +0000 |
|---|---|---|
| committer | Chad Little <clittle@users.sourceforge.net> | 2004-10-01 22:26:25 +0000 |
| commit | a60b34f624544fff2b85678c4773a73193598388 (patch) | |
| tree | c83bab12b939daad828963a793beb43dc4a27c29 | |
| parent | a217399d237bda9bdb1e3a2ca2d8897b84acacff (diff) | |
| download | phpicalendar-a60b34f624544fff2b85678c4773a73193598388.tar.gz phpicalendar-a60b34f624544fff2b85678c4773a73193598388.tar.bz2 phpicalendar-a60b34f624544fff2b85678c4773a73193598388.zip | |
Continued work on admin functions. Needs testing.
| -rw-r--r-- | README | 1 | ||||
| -rw-r--r-- | admin.php | 57 | ||||
| -rw-r--r-- | config.inc.php | 4 | ||||
| -rw-r--r-- | templates/default/admin.tpl | 17 |
4 files changed, 62 insertions, 17 deletions
@@ -86,6 +86,7 @@ Changes: -Added iCal specific publish.php. -Fixed stat bug. -PHP5 support added. + -Admin page works again. -Requires PHP 4.1.0 or greater now. -Various Bug fixes. @@ -15,10 +15,8 @@ if ($allow_admin != "yes") { if($_POST) {extract($_POST, EXTR_PREFIX_SAME, "post_");} if($_GET) {extract($_GET, EXTR_PREFIX_SAME, "get_");} -if (!isset($action)) $action = ''; - // Logout by clearing session variables -if ((isset($action)) && ($action == "logout")) { +if ((isset($_GET['action'])) && ($_GET['action'] == 'logout')) { $_SESSION['phpical_loggedin'] = FALSE; unset($_SESSION['phpical_username']); unset($_SESSION['phpical_password']); @@ -26,7 +24,10 @@ if ((isset($action)) && ($action == "logout")) { // if $auth_method == 'none', don't do any authentication -if ($auth_method == "none") { +$username = $_POST['username']; +$password = $_POST['password']; + +if ($auth_method == 'none') { $is_loged_in = TRUE; } else { $is_loged_in = FALSE; @@ -34,11 +35,53 @@ if ($auth_method == "none") { if (is_loggedin()) { $is_loged_in = TRUE; } - if (isset($username) && $action != "logout") { + + if (isset($username) && $_GET['action'] != 'logout') { $is_loged_in = login ($username, $password); } } +$login_good = ($is_loged_in) ? '' : 'oops'; +$login_bad = ((!$is_loged_in) && ($_GET['action'] == 'login')) ? 'oops' : ''; + +// Delete a calendar +// Not at all secure - need to strip out path info if used by users besides admin in the future +$delete_msg = ''; +if ($_POST['action'] == 'delete') { + foreach ($delete_calendar as $filename) { + if (!delete_cal(urldecode($filename))) { + $delete_msg = $delete_msg . '<font color="red">' . $lang['l_delete_error'] . ' ' . urldecode(substr($filename,0,-4)) . '</font><br />'; + } else { + $delete_msg = $delete_msg . '<font color="green">' . urldecode(substr($filename,0,-4)) . ' ' . $lang['l_delete_success'] . '</font><br />'; + } + } +} + +// Add or Update a calendar +$addupdate_msg = ''; +if ((isset($_POST['action'])) && ($_POST['action'] == 'addupdate')) { + for ($filenumber = 1; $filenumber < 6; $filenumber++) { + $file = $HTTP_POST_FILES['calfile']; + $addupdate_success = FALSE; + + if (!is_uploaded_file_v4($file['tmp_name'][$filenumber])) { + $upload_error = get_upload_error($file['error'][$filenumber]); + } elseif (!is_uploaded_ics($file['name'][$filenumber])) { + $upload_error = $upload_error_type_lang; + } elseif (!copy_cal($file['tmp_name'][$filenumber], $file['name'][$filenumber])) { + $upload_error = $copy_error_lang . " " . $file['tmp_name'][$filenumber] . " - " . $calendar_path . "/" . $file['name'][$filenumber]; + } else { + $addupdate_success = TRUE; + } + + if ($addupdate_success == TRUE) { + $addupdate_msg = $addupdate_msg . '<font color="green">'.$lang['l_cal_file'].' #'.$filenumber.': '.$lang['l_action_success'].'</font><br />'; + } else { + $addupdate_msg = $addupdate_msg . '<font color="red">'.$lang['l_cal_file'].' #'.$filenumber.': '.$lang['l_upload_error'].'</font><br />'; + } + } +} + $calendar_name = $lang['l_admin_header']; $page = new Page(BASE.'templates/'.$template.'/admin.tpl'); @@ -63,6 +106,10 @@ $page->replace_tags(array( 'rss_available' => '', 'rss_valid' => '', 'show_search' => '', + 'login_error' => $login_bad, + 'display_login' => $login_good, + 'delete_msg' => $delete_msg, + 'addupdate_msg' => $addupdate_msg, 'l_day' => $lang['l_day'], 'l_week' => $lang['l_week'], 'l_month' => $lang['l_month'], diff --git a/config.inc.php b/config.inc.php index 54ccbd8..90d052a 100644 --- a/config.inc.php +++ b/config.inc.php @@ -52,9 +52,9 @@ $phpicalendar_publishing = ''; // Set to '1' to enable remote webdav style pu // Administration settings (admin.php) $allow_admin = 'yes'; // Set to yes to allow the admin page - remember to change the default password if using 'internal' as the $auth_method -$auth_method = 'ftp'; // Valid values are: 'ftp', 'internal', or 'none'. 'ftp' uses the ftp server's username and password as well as ftp commands to delete and copy files. 'internal' uses $auth_internal_username and $auth_internal_password defined below - CHANGE the password. 'none' uses NO authentication - meant to be used with another form of authentication such as http basic. +$auth_method = 'internal'; // Valid values are: 'ftp', 'internal', or 'none'. 'ftp' uses the ftp server's username and password as well as ftp commands to delete and copy files. 'internal' uses $auth_internal_username and $auth_internal_password defined below - CHANGE the password. 'none' uses NO authentication - meant to be used with another form of authentication such as http basic. $auth_internal_username = 'admin'; // Only used if $auth_method='internal'. The username for the administrator. -$auth_internal_password = 'default'; // Only used if $auth_method='internal'. The password for the administrator. +$auth_internal_password = 'admin'; // Only used if $auth_method='internal'. The password for the administrator. $ftp_server = 'localhost'; // Only used if $auth_method='ftp'. The ftp server name. 'localhost' will work for most servers. $ftp_calendar_path = ''; // Only used if $auth_method='ftp'. The full path to the calendar directory on the ftp server. If = '', will attempt to deduce the path based on $calendar_path, but may not be accurate depending on ftp server config. diff --git a/templates/default/admin.tpl b/templates/default/admin.tpl index ae79330..2bf9b61 100644 --- a/templates/default/admin.tpl +++ b/templates/default/admin.tpl @@ -28,7 +28,7 @@ <tr> <td align="right"> <!-- switch logged_in2 on --> - <a href="admin.php?action=logout\">{L_LOGOUT}</a> + <a href="admin.php?action=logout">{L_LOGOUT}</a> <!-- switch logged_in2 off --> </td> </tr> @@ -38,13 +38,12 @@ <tr> <td width="2%"></td> <td width="98%" valign="top" align="left"> - <!-- switch login_error on --> - <font color="red">{L_INVALID_LOGIN}</font> + <font color="red">{L_INVALID_LOGIN}</font><br /><br /> <!-- switch login_error off --> <!-- switch display_login on --> - <form action="admin.php" method="post"> + <form action="admin.php?action=login" method="post"> <table cellspacing="0" cellpadding="0"> <tr> <td nowrap>{L_USERNAME}: </td> @@ -58,21 +57,19 @@ <td> </td> <td align="left"><input type="submit" value="{L_LOGIN}"></td> </tr> + <!-- <tr> <td align="center" colspan="3">{LOGIN_ERROR} </td> </tr> + --> </table> </form> <!-- switch display_login off --> <!-- switch logged_in on --> - - <!-- switch action_message on --> - <font color="green">{L_CAL_FILE} {FILENUMBER}: {ACTION_MSG}</font><br /> - <!-- switch action_message off --> - <b>{L_ADDUPDATE_CAL}</b> - <p>{L_ADDUPDATE_DESC}</p> + <b>{L_ADDUPDATE_CAL}</b><br /> + {L_ADDUPDATE_DESC}<br /><br /> <form action="admin.php" method="post" enctype="multipart/form-data"> <input type="hidden" name="action" value="addupdate"> <table width="100%" border="0" cellspacing="0" cellpadding="2" class="G10B"> |