diff options
author | Chad Little <clittle@users.sourceforge.net> | 2003-05-13 04:14:22 +0000 |
---|---|---|
committer | Chad Little <clittle@users.sourceforge.net> | 2003-05-13 04:14:22 +0000 |
commit | 9e07f4f2019973e0a42d6b1e21534572efee8013 (patch) | |
tree | c563774c0a1cc28a883818a24c84dd0a1cdd5f7f /admin.php | |
parent | 61c18056b9f85a789b789e7ddbe6fad09e74d92f (diff) | |
download | phpicalendar-9e07f4f2019973e0a42d6b1e21534572efee8013.tar.gz phpicalendar-9e07f4f2019973e0a42d6b1e21534572efee8013.tar.bz2 phpicalendar-9e07f4f2019973e0a42d6b1e21534572efee8013.zip |
part two of admin.php
Diffstat (limited to 'admin.php')
-rw-r--r-- | admin.php | 217 |
1 files changed, 112 insertions, 105 deletions
@@ -1,10 +1,9 @@ <?php -// TODO - Remove before going live -//error_reporting (E_ALL); +session_start(); define('BASE', './'); include (BASE.'functions/init.inc.php'); -include (BASE.'functions/upload_functions.php'); +include (BASE.'functions/admin_functions.php'); // Redirect if administration is not allowed if ($allow_admin != "yes") { @@ -12,50 +11,31 @@ if ($allow_admin != "yes") { die(); } -// Load variables from forms, query strings, and cookies into local scope +// Load variables from forms and query strings into local scope if($HTTP_POST_VARS) {extract($HTTP_POST_VARS, EXTR_PREFIX_SAME, "post_");} if($HTTP_GET_VARS) {extract($HTTP_GET_VARS, EXTR_PREFIX_SAME, "get_");} -if($HTTP_COOKIE_VARS) {extract($HTTP_COOKIE_VARS, EXTR_PREFIX_SAME, "cookie_");} -// Logout by clearing user info in cookies +// Logout by clearing session variables if ($action == "logout") { - setcookie("md5_password",""); - setcookie("username",""); + $HTTP_SESSION_VARS['phpical_loggedin'] = FALSE; + unset($HTTP_SESSION_VARS['phpical_username']); + unset($HTTP_SESSION_VARS['phpical_password']); } -// if $external_auth == 'yes', don't do any authentication -if ($external_auth == "yes") { +// if $auth_method == 'none', don't do any authentication +if ($auth_method == "none") { $is_loged_in = TRUE; } // Check if The User is Identified else { $is_loged_in = FALSE; - if (isset($username) && $action != "logout") { - if (!isset($HTTP_COOKIE_VARS["md5_password"])) { - $md5_password = md5($password); - } - else { - $md5_password = $HTTP_COOKIE_VARS["md5_password"]; - } - if ($admin_username == $username && md5($admin_password) == $md5_password) { -//TODO lastusername doesn't appear to be working - $is_loged_in = TRUE; - setcookie("lastusername", $username, time()+1012324305); - setcookie("username", $username); - setcookie("md5_password", $md5_password); - } - else { - $login_error = "<font color=\"red\">$invalid_login_lang</font>"; - $is_loged_in = FALSE; - } + if (is_loggedin()) { + $is_loged_in = TRUE; } - - if ($is_loged_in == FALSE) { - setcookie("username",""); - setcookie("password",""); - setcookie("md5_password",""); + if (isset($username) && $action != "logout") { + $is_loged_in = login ($username, $password); } } @@ -68,17 +48,6 @@ else { <meta http-equiv="content-type" content="text/html;charset=UTF-8"> <title><?php echo "$admin_header_lang"; ?></title> <link rel="stylesheet" type="text/css" href="<?php echo BASE."styles/$style_sheet/default.css"; ?>"> - - <script> - <!-- - function verify(){ - msg = "<?php echo $confirm_lang; ?>"; - //all we have to do is return the return value of the confirm() method - return confirm(msg); - } - --> - </script> - </head> <body bgcolor="#FFFFFF"> <center> @@ -93,7 +62,7 @@ else { <tr> <td align="left" width="20" class="navback"> </td> <td align="center" class="navback" nowrap valign="middle"><font class="H20"><?php echo "$admin_header_lang"; ?></font></td> - <td align="right" width="20" class="navback" nowrap valign="middle"><font class="G10"><?php if ($external_auth != "yes" && $is_loged_in == TRUE) { echo "<a href=\"{$HTTP_SERVER_VARS['PHP_SELF']}?action=logout\">{$logout_lang}</a>"; } ?></font> </td> + <td align="right" width="20" class="navback" nowrap valign="middle"><font class="G10"><?php if ($auth_method != "none" && $is_loged_in == TRUE) { echo "<a href=\"{$HTTP_SERVER_VARS['PHP_SELF']}?action=logout\">{$logout_lang}</a>"; } ?></font> </td> </tr> <tr> <td colspan="3" class="dayborder"><img src="images/spacer.gif" width="1" height="5" alt=" "></td> @@ -108,12 +77,15 @@ else { // If User is Not Logged In, Display The Login Page if ($is_loged_in == FALSE) { + if (isset($username)) + $login_error = "<font color=\"red\">$invalid_login_lang</font>"; + echo <<<EOT <form action="{$HTTP_SERVER_VARS['PHP_SELF']}" method="post"> <table cellspacing="0" cellpadding="0"> <tr> <td nowrap>{$username_lang}: </td> - <td align="left"><input type="text" name="username" value="$lastusername"></td> + <td align="left"><input type="text" name="username"></td> </tr> <tr> <td>{$password_lang}: </td> @@ -156,32 +128,44 @@ EOT; // Add or Update a calendar if ($action == "addupdate") { - $addupdate_success = FALSE; - if (!is_uploaded_file_v4($HTTP_POST_FILES['calfile']['tmp_name'])) { - $upload_error = get_upload_error($HTTP_POST_FILES['calfile']); - } - elseif (!is_uploaded_ics($HTTP_POST_FILES['calfile']['name'])) { - $upload_error = $upload_error_type_lang; - } - // copy() should be replaced with move_uploaded_file(), but only if we can require PHP 4 >= 4.0.3 - elseif (!copy($HTTP_POST_FILES['calfile']['tmp_name'], $calendar_path . "/" . $HTTP_POST_FILES['calfile']['name'])) { - $upload_error = $copy_error_lang . " " . $HTTP_POST_FILES['calfile']['tmp_name'] . " - " . $calendar_path . "/" . $HTTP_POST_FILES['calfile']['name']; - } - else { - $addupdate_success = TRUE; + $addupdate_msg = ""; + + for($filenumber=1; $filenumber<6; $filenumber++) { + $file = $HTTP_POST_FILES['calfile']; + $addupdate_success = FALSE; + + if (!is_uploaded_file_v4($file['tmp_name'][$filenumber])) { + $upload_error = get_upload_error($file['error'][$filenumber]); + } + elseif (!is_uploaded_ics($file['name'][$filenumber])) { + $upload_error = $upload_error_type_lang; + } + elseif (!copy_cal($file['tmp_name'][$filenumber], $file['name'][$filenumber])) { + $upload_error = $copy_error_lang . " " . $file['tmp_name'][$filenumber] . " - " . $calendar_path . "/" . $file['name'][$filenumber]; + } + else { + $addupdate_success = TRUE; + } + + if ($addupdate_success) + $addupdate_msg = $addupdate_msg . "<font color=\"green\">{$cal_file_lang} {$filenumber}: {$action_success_lang}</font><br>"; + else + $addupdate_msg = $addupdate_msg . "<font color=\"red\">{$cal_file_lang} {$filenumber}: {$upload_error}</font><br>"; } } // Delete a calendar // Not at all secure - need to strip out path info if used by users besides admin in the future if ($action == "delete") { - $delete_success = FALSE; - - if (!unlink($calendar_path . "/" . urldecode($delete_calendar))) { - $delete_error = $delete_error_lang . " " . $calendar_path . "/" . urldecode($delete_calendar); - } - else { - $delete_success = TRUE; + $delete_msg = ""; + + foreach ($delete_calendar as $filename) { + if (!delete_cal(urldecode($filename))) { + $delete_msg = $delete_msg . "<font color=\"red\">" . $delete_error_lang . " " . urldecode(substr($filename,0,-4)) . "</font><br>"; + } + else { + $delete_msg = $delete_msg . "<font color=\"green\">" . urldecode(substr($filename,0,-4)) . " " . $delete_success_lang . "</font><br>"; + } } } @@ -190,70 +174,93 @@ if ($action == "delete") { <h2><?php echo $addupdate_cal_lang; ?></h2> <p><?php echo $addupdate_desc_lang; ?></p> -<form action="<?php echo $HTTP_SERVER_VARS['PHP_SELF']; ?>" method="post" enctype="multipart/form-data" <?php if($confirm_changes != "no") { echo "onSubmit=\"return verify()\""; } ?> > +<form action="<?php echo $HTTP_SERVER_VARS['PHP_SELF']; ?>" method="post" enctype="multipart/form-data"> <input type="hidden" name="action" value="addupdate"> <table border="0" cellspacing="0"> <tr> - <td nowrap><?php echo $cal_file_lang; ?>: </td> - <td><input type="file" name="calfile"></td> + <td nowrap><?php echo $cal_file_lang; ?> 1: </td> + <td><input type="file" name="calfile[1]"></td> + </tr> + <tr> + <td nowrap><?php echo $cal_file_lang; ?> 2: </td> + <td><input type="file" name="calfile[2]"></td> + </tr> + <tr> + <td nowrap><?php echo $cal_file_lang; ?> 3: </td> + <td><input type="file" name="calfile[3]"></td> + </tr> + <tr> + <td nowrap><?php echo $cal_file_lang; ?> 4: </td> + <td><input type="file" name="calfile[4]"></td> + </tr> + <tr> + <td nowrap><?php echo $cal_file_lang; ?> 5: </td> + <td><input type="file" name="calfile[5]"></td> </tr> <tr> <td> </td> <td><input type="submit" value="<?php echo $submit_lang; ?>"></td> </tr> <tr> - <td align="center" colspan="2"><?php if($addupdate_success) { echo "<font color=\"green\">{$action_success_lang}</font>"; } ?><font color="red"><?php echo $upload_error; ?></font> </td> + <td align="center" colspan="2"><?php echo $addupdate_msg; ?> </td> </tr> </table> </form> - + <h2><?php echo $delete_cal_lang; ?></h2> -<form action="<?php echo $HTTP_SERVER_VARS['PHP_SELF']; ?>" method="post" <?php if($confirm_changes != "no") { echo "onSubmit=\"return verify()\""; } ?> > +<form action="<?php echo $HTTP_SERVER_VARS['PHP_SELF']; ?>" method="post"> <input type="hidden" name="action" value="delete"> <table border="0" cellspacing="0"> - <tr> - <td nowrap><?php echo $cal_file_lang; ?>: </td> - <td> - <?php + <?php - // Begin Calendar Selection - // - print "<select name=\"delete_calendar\">\n"; - $filelist = get_calendar_files($calendar_path); - foreach ($filelist as $file) { - $cal_filename_tmp = substr($file,0,-4); - $cal_tmp = urlencode($file); - $cal_displayname_tmp = str_replace("32", " ", $cal_filename_tmp); - print "<option value=\"$cal_tmp\">$cal_displayname_tmp $calendar_lang</option>\n"; - } - print "</select>\n"; - ?> - </td> - </tr> - <tr> - <td> </td> - <td><input type="submit" value="<?php echo $submit_lang; ?>"></td> - </tr> - <tr> - <td align="center" colspan="2"><?php if($delete_success) { echo "<font color=\"green\">{$action_success_lang}</font>"; } ?><font color="red"><?php echo $delete_error; ?></font> </td> + // Print Calendar Checkboxes + // + $COLUMNS_TO_PRINT = 3; + $column = 1; + $filelist = get_calendar_files($calendar_path); + foreach ($filelist as $file) { + if ($column > $COLUMNS_TO_PRINT) { + echo "</tr>"; + $column = 1; + } + if ($column == 1) { + echo "<tr>"; + } + + $cal_filename_tmp = substr($file,0,-4); + $cal_tmp = urlencode($file); + $cal_displayname_tmp = str_replace("32", " ", $cal_filename_tmp); + + echo "<td align=\"left\"><input name=\"delete_calendar[]\" value=\"$cal_tmp\" type=\"checkbox\">$cal_displayname_tmp</td>\n"; + + $column++; + } + // Print remaining empty columns if necessary + $number_of_columns = count($filelist); + while (gettype($number_of_columns/$COLUMNS_TO_PRINT) != "integer") { + echo "<td> </td>"; + $number_of_columns++; + } + ?> </tr> </table> + <p><input type="submit" value="<?php echo $delete_lang; ?>"></p> + <p><?php echo $delete_msg; ?> </p> </form> - -<?php -echo " </td> </tr> </table> </td> </tr> -</table>"; +</table> -include (BASE.'includes/footer.inc.php'); -echo "</center> - </body> - </html>"; -?> +<?php include (BASE.'includes/footer.inc.php'); ?> + + +</center> +</body> +</html> + |