diff options
author | Wesley Miaw <josuah@users.sourceforge.net> | 2003-11-24 04:05:37 +0000 |
---|---|---|
committer | Wesley Miaw <josuah@users.sourceforge.net> | 2003-11-24 04:05:37 +0000 |
commit | ab88aa25e6d76bb56ea43a798768e966d29bef46 (patch) | |
tree | fa61e8ccad7153bd723faee99fe9409eceff8f64 | |
parent | 10db09b2d4a060f69872cf088f0bb65b16856835 (diff) | |
download | phpicalendar-ab88aa25e6d76bb56ea43a798768e966d29bef46.tar.gz phpicalendar-ab88aa25e6d76bb56ea43a798768e966d29bef46.tar.bz2 phpicalendar-ab88aa25e6d76bb56ea43a798768e966d29bef46.zip |
Added HTTP authentication support. Modifications to non-HTTP
authentication login so that the two are mutually exclusive.
Moved calendar <option> listing into calendar_functions.php so it can
be shared by the navigation (via list_icals.php) and also by the
preferences.php file.
Fixed typo of $show_login to $allow_login.
Added E_ERROR to the debug error level, so fatal errors are logged.
-rw-r--r-- | config.inc.php | 10 | ||||
-rw-r--r-- | functions/calendar_functions.php | 93 | ||||
-rw-r--r-- | functions/init.inc.php | 57 | ||||
-rw-r--r-- | functions/list_icals.php | 30 | ||||
-rw-r--r-- | includes/calendar_nav.php | 2 | ||||
-rw-r--r-- | includes/login.php | 5 | ||||
-rw-r--r-- | includes/sidebar.php | 2 | ||||
-rw-r--r-- | preferences.php | 37 |
8 files changed, 137 insertions, 99 deletions
diff --git a/config.inc.php b/config.inc.php index 2e125a2..b1462e5 100644 --- a/config.inc.php +++ b/config.inc.php @@ -43,7 +43,7 @@ $allow_preferences = 'yes'; // Allow visitors to change various preferences v $printview_default = 'no'; // Set print view as the default view. day, week, and month only supported views for $default_view (listed well above). $show_todos = 'yes'; // Show your todo list on the side of day and week view. $show_completed = 'no'; // Show completed todos on your todo list. -$show_login = 'no'; // Set to yes to prompt for login to unlock calendars. +$allow_login = 'no'; // Set to yes to prompt for login to unlock calendars. // Webdav style publishing $phpicalendar_publishing = ''; // Set to '1' to enable remote webdav style publish. See 'calendars/publish.php' for complete information; @@ -80,5 +80,9 @@ $locked_map['user3:pass'] = array(''); // listed in the $locked_cals, again wit $locked_map['user4:pass'] = array(''); // Example: $locked_map['username:password'] = array('Locked1', 'Locked2'); // add more lines as necessary - -?> +$apache_map['user1'] = array(''); // Map HTTP authenticated users to specific calendars. Users listed here and +$apache_map['user2'] = array(''); // authenticated via HTTP will not see the public calendars, and will not be +$apache_map['user3'] = array(''); // given any login/logout options. Calendar names not include the .ics suffix. +$apache_map['user4'] = array(''); // Example: $apache_map['username'] = array('Calendar1', 'Calendar2'); +// add more lines as necessary +?>
\ No newline at end of file diff --git a/functions/calendar_functions.php b/functions/calendar_functions.php index 84f22cc..45cf670 100644 --- a/functions/calendar_functions.php +++ b/functions/calendar_functions.php @@ -14,11 +14,17 @@ // returned. function availableCalendars($username, $password, $cal_filename, $admin = false) { // Import globals. - global $calendar_path, $blacklisted_cals, $list_webcals, $locked_cals, $locked_map, $error_path_lang, $error_restrictedcal_lang, $ALL_CALENDARS_COMBINED; + global $calendar_path, $blacklisted_cals, $list_webcals, $locked_cals, $locked_map, $apache_map, $error_path_lang, $error_restrictedcal_lang, $error_invalidcal_lang, $ALL_CALENDARS_COMBINED, $_SERVER; // Create the list of available calendars. $calendars = array(); + // Grab any HTTP authentication. + unset($http_user); + if (isset($_SERVER['PHP_AUTH_USER'])) { + $http_user = $_SERVER['PHP_AUTH_USER']; + } + // Grab the list of unlocked calendars. $unlocked_cals = array(); if (isset($locked_map["$username:$password"])) { @@ -37,9 +43,15 @@ function availableCalendars($username, $password, $cal_filename, $admin = false) if (!preg_match("/^[^.].+\.ics$/i", $file)) continue; $cal_name = substr($file, 0, -4); if (in_array($cal_name, $blacklisted_cals)) continue; + + // If HTTP authenticated, make sure this calendar is available + // to the user. + if (isset($http_user)) { + if (!in_array($cal_name, $apache_map[$http_user])) continue; + } - // Exclude locked calendars. - if (!$admin && + // Otherwise exclude locked calendars. + else if (!$admin && in_array($cal_name, $locked_cals) && !in_array($cal_name, $unlocked_cals)) { @@ -51,7 +63,7 @@ function availableCalendars($username, $password, $cal_filename, $admin = false) } // Add web calendars. - if (!$admin) { + if (!isset($http_user) && !$admin) { foreach ($list_webcals as $file) { // Make sure the URL ends with .ics. if (!preg_match("/.ics$/i", $file)) continue; @@ -69,9 +81,19 @@ function availableCalendars($username, $password, $cal_filename, $admin = false) // in the argument. if (in_array($cal_filename, $blacklisted_cals)) exit(error($error_restrictedcal_lang, $cal_filename)); + + // If HTTP authenticated, make sure this calendar is available + // to the user. + if (isset($http_user)) { + if (!in_array($cal_filename, $apache_map[$http_user])) { + // Use the invalid calendar message so that the user is + // not made aware of locked calendars. + exit(error($error_invalidcal_lang, $cal_filename)); + } + } - // Make sure this calendar is not locked. - if (in_array($cal_filename, $locked_cals) && + // Otherwise make sure this calendar is not locked. + else if (in_array($cal_filename, $locked_cals) && !in_array($cal_filename, $unlocked_cals)) { // Use the invalid calendar message so that the user is @@ -111,3 +133,62 @@ function availableCalendarNames($username, $password, $cal_filename, $admin = fa natcasesort($calendars); return $calendars; } + +// This function prints out the calendars available to the user, for +// selection. Should be enclosed within a <select>...</select>, which +// is not printed out by this function. +// +// $cals = The calendars (entire path, e.g. from availableCalendars). +function display_ical_list($cals) { + global $cal, $ALL_CALENDARS_COMBINED, $current_view, $getdate, $calendar_lang, $all_cal_comb_lang; + + // Print each calendar option. + foreach ($cals as $cal_tmp) { + // Format the calendar path for display. + // + // Only display the calendar name, replace all instances of "32" with " ", + // and remove the .ics suffix. + $cal_displayname_tmp = basename($cal_tmp); + $cal_displayname_tmp = str_replace("32", " ", $cal_displayname_tmp); + $cal_displayname_tmp = substr($cal_displayname_tmp, 0, -4); + + // If this is a webcal, add 'Webcal' to the display name. + if (preg_match("/^(https?|webcal):\/\//i", $cal_tmp)) { + $cal_displayname_tmp .= " Webcal"; + } + + // Otherwise, remove all the path information, since that should + // not be used to identify local calendars. Also add the calendar + // label to the display name. + else { + // Strip path and .ics suffix. + $cal_tmp = basename($cal_tmp); + $cal_tmp = substr($cal_tmp, 0, -4); + + // Add calendar label. + $cal_displayname_tmp .= " $calendar_lang"; + } + + // Encode the calendar path. + $cal_encoded_tmp = urlencode($cal_tmp); + + // Display the option. + // + // The submitted calendar will be encoded, and always use http:// + // if it is a webcal. So that is how we perform the comparison when + // trying to figure out if this is the selected calendar. + $cal_httpPrefix_tmp = str_replace('webcal://', 'http://', $cal_tmp); + if ($cal_httpPrefix_tmp == urldecode($cal)) { + print "<option value=\"$current_view.php?cal=$cal_encoded_tmp&getdate=$getdate\" selected>$cal_displayname_tmp</option>"; + } else { + print "<option value=\"$current_view.php?cal=$cal_encoded_tmp&getdate=$getdate\">$cal_displayname_tmp</option>"; + } + } + + // option to open all (non-web) calenders together + if ($cal == $ALL_CALENDARS_COMBINED) { + print "<option value=\"$current_view.php?cal=$ALL_CALENDARS_COMBINED&getdate=$getdate\" selected>$all_cal_comb_lang</option>"; + } else { + print "<option value=\"$current_view.php?cal=$ALL_CALENDARS_COMBINED&getdate=$getdate\">$all_cal_comb_lang</option>"; + } +}
\ No newline at end of file diff --git a/functions/init.inc.php b/functions/init.inc.php index 46f5bcc..7adb4e5 100644 --- a/functions/init.inc.php +++ b/functions/init.inc.php @@ -6,9 +6,17 @@ //chmod(BASE.'calendars/School.ics',0666); // uncomment when developing, comment for shipping version -error_reporting (E_WARNING); +error_reporting (E_ERROR | E_WARNING); +// Older versions of PHP do not define $_SERVER. Define it here instead. +if (!isset($_SERVER) && isset($HTTP_SERVER_VARS)) { + $_SERVER = &$HTTP_SERVER_VARS; +} + +// Define some magic strings. $ALL_CALENDARS_COMBINED = 'all_calendars_combined971'; + +// Pull in the configuration and some functions. if (!defined('BASE')) define('BASE', './'); include(BASE.'config.inc.php'); include(BASE.'functions/error.php'); @@ -23,33 +31,36 @@ if (isset($HTTP_COOKIE_VARS['phpicalendar'])) { if (isset($phpicalendar['cookie_time'])) $day_start = $phpicalendar['cookie_time']; } +// Set the cookie URI. if ($cookie_uri == '') { $cookie_uri = $HTTP_SERVER_VARS['SERVER_NAME'].substr($HTTP_SERVER_VARS['PHP_SELF'],0,strpos($HTTP_SERVER_VARS['PHP_SELF'], '/')); } -// Look for a login cookie. -unset($username, $password); -if (isset($HTTP_COOKIE_VARS['phpicalendar_login'])) { - $login_cookie = unserialize(stripslashes($HTTP_COOKIE_VARS['phpicalendar_login'])); - if (isset($login_cookie['username'])) $username = $login_cookie['username']; - if (isset($login_cookie['password'])) $password = $login_cookie['password']; -} +// If not HTTP authenticated, try login via cookies or the web page. +$username = ''; $password = ''; +if (!isset($_SERVER['PHP_AUTH_USER'])) { + // Look for a login cookie. + if (isset($HTTP_COOKIE_VARS['phpicalendar_login'])) { + $login_cookie = unserialize(stripslashes($HTTP_COOKIE_VARS['phpicalendar_login'])); + if (isset($login_cookie['username'])) $username = $login_cookie['username']; + if (isset($login_cookie['password'])) $password = $login_cookie['password']; + } + + // Look for a new username and password. + if (isset($HTTP_GET_VARS['username'])) $username = $HTTP_GET_VARS['username']; + else if (isset($HTTP_POST_VARS['username'])) $username = $HTTP_POST_VARS['username']; + if (isset($HTTP_GET_VARS['password'])) $password = $HTTP_GET_VARS['password']; + else if (isset($HTTP_POST_VARS['password'])) $password = $HTTP_POST_VARS['password']; -// Look for a new username and password. -if (isset($HTTP_GET_VARS['username'])) $username = $HTTP_GET_VARS['username']; -else if (isset($HTTP_POST_VARS['username'])) $username = $HTTP_POST_VARS['username']; -if (isset($HTTP_GET_VARS['password'])) $password = $HTTP_GET_VARS['password']; -else if (isset($HTTP_POST_VARS['password'])) $password = $HTTP_POST_VARS['password']; - -// Set the login cookie if logging in. Clear it if logging out. -$action = (isset($_REQUEST['action'])) ? $_REQUEST['action'] : ''; - -if ($action == 'login') { - $the_cookie = serialize(array('username' => $username, 'password' => $password)); - setcookie('phpicalendar_login', $the_cookie, time()+(60*60*24*7*12*10), '/', $cookie_uri, 0); -} else if ($action == 'logout') { - setcookie('phpicalendar_login', '', time()-(60*60*24*7), '/', $cookie_uri, 0); - unset($username, $password); + // Set the login cookie if logging in. Clear it if logging out. + $action = (isset($_REQUEST['action'])) ? $_REQUEST['action'] : ''; + if ($action == 'login') { + $the_cookie = serialize(array('username' => $username, 'password' => $password)); + setcookie('phpicalendar_login', $the_cookie, time()+(60*60*24*7*12*10), '/', $cookie_uri, 0); + } else if ($action == 'logout') { + setcookie('phpicalendar_login', '', time()-(60*60*24*7), '/', $cookie_uri, 0); + $username = ''; $password = ''; + } } // language support diff --git a/functions/list_icals.php b/functions/list_icals.php index c4d5211..81984f7 100644 --- a/functions/list_icals.php +++ b/functions/list_icals.php @@ -3,33 +3,9 @@ if ($display_ical_list == "yes") { echo "<select name=\"action\" class=\"query_style\" onChange=\"window.location=(this.options[this.selectedIndex].value+'"; if (isset($query)) echo $query; echo "');\">"; - - $all_cals = availableCalendars($username, $password, $ALL_CALENDARS_COMBINED); - foreach ($all_cals as $cal_tmp) { - $cal_displayname_tmp = basename($cal_tmp); - $cal_displayname_tmp = str_replace("32", " ", $cal_displayname_tmp); - $cal_displayname_tmp = substr($cal_displayname_tmp, 0, -4); - - if (preg_match("/^(https?|webcal):\/\//i", $cal_tmp)) { - $cal_displayname_tmp .= " Webcal"; - } else { - $cal_tmp = basename($cal_tmp); - $cal_tmp = substr($cal_tmp, 0, -4); - $cal_displayname_tmp .= " $calendar_lang"; - } - $cal_encoded_tmp = urlencode($cal_tmp); - $cal_httpPrefix_tmp = str_replace('webcal://', 'http://', $cal_tmp); - if ($cal_httpPrefix_tmp == urldecode($cal)) { - print "<option value=\"$current_view.php?cal=$cal_encoded_tmp&getdate=$getdate\" selected>$cal_displayname_tmp</option>"; - } else { - print "<option value=\"$current_view.php?cal=$cal_encoded_tmp&getdate=$getdate\">$cal_displayname_tmp</option>"; - } - } - if ($cal == $ALL_CALENDARS_COMBINED) { - print "<option value=\"$current_view.php?cal=$ALL_CALENDARS_COMBINED&getdate=$getdate\" selected>$all_cal_comb_lang</option>"; - } else { - print "<option value=\"$current_view.php?cal=$ALL_CALENDARS_COMBINED&getdate=$getdate\">$all_cal_comb_lang</option>"; - } + + // List the calendars. + display_ical_list(availableCalendars($username, $password, $ALL_CALENDARS_COMBINED)); print "</select>"; } diff --git a/includes/calendar_nav.php b/includes/calendar_nav.php index fc82742..f4e7285 100644 --- a/includes/calendar_nav.php +++ b/includes/calendar_nav.php @@ -150,7 +150,7 @@ echo "<a class=\"psf\" href=\"print.php?cal=$cal&getdate=$getdate&printview=$current_view\">$goprint_lang</a><br>\n"; if ($allow_preferences != 'no') echo "<a class=\"psf\" href=\"preferences.php?cal=$cal&getdate=$getdate\">$preferences_lang</a><br>\n"; if ($cal != $ALL_CALENDARS_COMBINED && $subscribe_path != '' && $download_filename != '') echo "<a class=\"psf\" href=\"$subscribe_path\">$subscribe_lang</a> | <a class=\"psf\" href=\"$download_filename\">$download_lang</a>\n"; - if (isset($username)) { + if ($username != '') { $querys = preg_replace("/action=[^&]+/", "action=logout", $QUERY_STRING); if ($querys == $QUERY_STRING) $querys .= "&action=logout"; $querys = preg_replace("/(username|password)=[^&]+/", "", $querys); diff --git a/includes/login.php b/includes/login.php index f374c31..06b7381 100644 --- a/includes/login.php +++ b/includes/login.php @@ -1,6 +1,7 @@ <?php - // Hide the login block if logged in or there are no lock usernames. - if (!isset($username) && $show_login == 'yes') { + // Hide the login block if logged in, there are no lock usernames, + // or if authenticated via HTTP. + if ($username == '' && $allow_login == 'yes' && !isset($_SERVER['PHP_AUTH_USER'])) { // Set the login table width if not set. if (!isset($login_width)) $login_width = "100%"; diff --git a/includes/sidebar.php b/includes/sidebar.php index fbbf43f..82d5301 100644 --- a/includes/sidebar.php +++ b/includes/sidebar.php @@ -39,7 +39,7 @@ $search_box = '<form style="margin-bottom:0;" action="search.php" method="GET">< echo "<a class=\"psf\" href=\"print.php?cal=$cal&getdate=$getdate&printview=$current_view\">$goprint_lang</a><br>\n"; if ($allow_preferences != 'no') echo "<a class=\"psf\" href=\"preferences.php?cal=$cal&getdate=$getdate\">$preferences_lang</a><br>\n"; if ($cal != $ALL_CALENDARS_COMBINED && $subscribe_path != '' && $download_filename != '') echo "<a class=\"psf\" href=\"$subscribe_path\">$subscribe_lang</a> | <a class=\"psf\" href=\"$download_filename\">$download_lang</a>\n"; - if (isset($username)) { + if ($username != '') { $querys = preg_replace("/action=[^&]+/", "action=logout", $QUERY_STRING); if ($querys == $QUERY_STRING) $querys .= '&action=logout'; $querys = preg_replace("/(username|password)=[^&]+/", "", $querys); diff --git a/preferences.php b/preferences.php index 7c67ec7..2aa7ba0 100644 --- a/preferences.php +++ b/preferences.php @@ -2,7 +2,6 @@ define('BASE','./'); include(BASE.'functions/ical_parser.php'); -include(BASE.'functions/calendar_functions.php'); $display_date = $preferences_lang; if ($cookie_uri == '') { @@ -158,41 +157,7 @@ include (BASE.'includes/header.inc.php'); // Begin Calendar Selection // print "<select name=\"cookie_calendar\" class=\"query_style\">\n"; - $filelist = availableCalendarNames($username, $password, $ALL_CALENDARS_COMBINED); - foreach ($filelist as $file) { - $cal_filename_tmp = substr($file,0,-4); - $cal_tmp = urlencode($cal_filename_tmp); - $cal_displayname_tmp = str_replace("32", " ", $cal_filename_tmp); - if (!in_array($cal_filename_tmp, $blacklisted_cals)) { - if ($cal_tmp == $cookie_calendar) { - print "<option value=\"$cal_tmp\" selected>$cal_displayname_tmp $calendar_lang</option>\n"; - } else { - print "<option value=\"$cal_tmp\">$cal_displayname_tmp $calendar_lang</option>\n"; - } - } - } - // add option to open all (non-web) calenders together - // Todo: add $all_calenders_combined_lang (plural) in the language-specific files and use it here - if ($cookie_calendar == $ALL_CALENDARS_COMBINED) { - print "<option value=\"$ALL_CALENDARS_COMBINED\" selected>$all_cal_comb_lang</option>\n"; - } else { - print "<option value=\"$ALL_CALENDARS_COMBINED\">$all_cal_comb_lang</option>\n"; - } - - foreach($list_webcals as $cal_tmp) { - if ($cal_tmp != '') { - $cal_displayname_tmp = basename($cal_tmp); - $cal_displayname_tmp = str_replace("32", " ", $cal_displayname_tmp); - $cal_displayname_tmp = substr($cal_displayname_tmp,0,-4); - $cal_encoded_tmp = urlencode($cal_tmp); - if ($cal_tmp == $cal_httpPrefix || $cal_tmp == $cal_webcalPrefix) { - print "<option value=\"$cal_encoded_tmp\" selected>$cal_displayname_tmp Webcal</option>\n"; - } else { - print "<option value=\"$cal_encoded_tmp\">$cal_displayname_tmp Webcal</option>\n"; - } - } - } - closedir($dir_handle); + display_ical_list(availableCalendars($username, $password, $ALL_CALENDARS_COMBINED)); print "</select>\n"; ?> </td> |