Added HTTP authentication support. Modifications to non-HTTP

authentication login so that the two are mutually exclusive.

Moved calendar <option> listing into calendar_functions.php so it can
be shared by the navigation (via list_icals.php) and also by the
preferences.php file.

Fixed typo of $show_login to $allow_login.

Added E_ERROR to the debug error level, so fatal errors are logged.

1 files changed, 87 insertions, 6 deletions

diff --git a/functions/calendar_functions.php b/functions/calendar_functions.php
index 84f22cc..45cf670 100644
--- a/functions/calendar_functions.php
+++ b/functions/calendar_functions.php
@@ -14,11 +14,17 @@
 //					  returned.
 function availableCalendars($username, $password, $cal_filename, $admin = false) {
 	// Import globals.
-	global $calendar_path, $blacklisted_cals, $list_webcals, $locked_cals, $locked_map, $error_path_lang, $error_restrictedcal_lang, $ALL_CALENDARS_COMBINED;
+	global $calendar_path, $blacklisted_cals, $list_webcals, $locked_cals, $locked_map, $apache_map, $error_path_lang, $error_restrictedcal_lang, $error_invalidcal_lang, $ALL_CALENDARS_COMBINED, $_SERVER;
 
 	// Create the list of available calendars.
 	$calendars = array();
 
+	// Grab any HTTP authentication.
+	unset($http_user);
+	if (isset($_SERVER['PHP_AUTH_USER'])) {
+		$http_user = $_SERVER['PHP_AUTH_USER'];
+	}
+
 	// Grab the list of unlocked calendars.
 	$unlocked_cals = array();
 	if (isset($locked_map["$username:$password"])) {
@@ -37,9 +43,15 @@ function availableCalendars($username, $password, $cal_filename, $admin = false)
 			if (!preg_match("/^[^.].+\.ics$/i", $file)) continue;
 			$cal_name = substr($file, 0, -4);
 			if (in_array($cal_name, $blacklisted_cals)) continue;
+
+			// If HTTP authenticated, make sure this calendar is available
+			// to the user.
+			if (isset($http_user)) {
+				if (!in_array($cal_name, $apache_map[$http_user])) continue;
+			}
 			
-			// Exclude locked calendars.
-			if (!$admin &&
+			// Otherwise exclude locked calendars.
+			else if (!$admin &&
 				in_array($cal_name, $locked_cals) &&
 				!in_array($cal_name, $unlocked_cals))
 			{
@@ -51,7 +63,7 @@ function availableCalendars($username, $password, $cal_filename, $admin = false)
 		}
 		
 		// Add web calendars.
-		if (!$admin) {
+		if (!isset($http_user) && !$admin) {
 			foreach ($list_webcals as $file) {
 				// Make sure the URL ends with .ics.
 				if (!preg_match("/.ics$/i", $file)) continue;
@@ -69,9 +81,19 @@ function availableCalendars($username, $password, $cal_filename, $admin = false)
 		// in the argument.
 		if (in_array($cal_filename, $blacklisted_cals))
 			exit(error($error_restrictedcal_lang, $cal_filename));
+
+		// If HTTP authenticated, make sure this calendar is available
+		// to the user.
+		if (isset($http_user)) {
+			if (!in_array($cal_filename, $apache_map[$http_user])) {
+				// Use the invalid calendar message so that the user is
+				// not made aware of locked calendars.
+				exit(error($error_invalidcal_lang, $cal_filename));
+			}
+		}
 		
-		// Make sure this calendar is not locked.
-		if (in_array($cal_filename, $locked_cals) &&
+		// Otherwise make sure this calendar is not locked.
+		else if (in_array($cal_filename, $locked_cals) &&
 			!in_array($cal_filename, $unlocked_cals))
 		{
 			// Use the invalid calendar message so that the user is
@@ -111,3 +133,62 @@ function availableCalendarNames($username, $password, $cal_filename, $admin = fa
 	natcasesort($calendars);
 	return $calendars;
 }
+
+// This function prints out the calendars available to the user, for
+// selection. Should be enclosed within a <select>...</select>, which
+// is not printed out by this function.
+//
+// $cals	= The calendars (entire path, e.g. from availableCalendars).
+function display_ical_list($cals) {
+	global $cal, $ALL_CALENDARS_COMBINED, $current_view, $getdate, $calendar_lang, $all_cal_comb_lang;
+
+	// Print each calendar option.
+	foreach ($cals as $cal_tmp) {
+		// Format the calendar path for display.
+		//
+		// Only display the calendar name, replace all instances of "32" with " ",
+		// and remove the .ics suffix.
+		$cal_displayname_tmp = basename($cal_tmp);
+		$cal_displayname_tmp = str_replace("32", " ", $cal_displayname_tmp);
+		$cal_displayname_tmp = substr($cal_displayname_tmp, 0, -4);
+
+		// If this is a webcal, add 'Webcal' to the display name.
+		if (preg_match("/^(https?|webcal):\/\//i", $cal_tmp)) {
+			$cal_displayname_tmp .= " Webcal";
+		}
+
+		// Otherwise, remove all the path information, since that should
+		// not be used to identify local calendars. Also add the calendar
+		// label to the display name.
+		else {
+			// Strip path and .ics suffix.
+			$cal_tmp = basename($cal_tmp);
+			$cal_tmp = substr($cal_tmp, 0, -4);
+
+			// Add calendar label.
+			$cal_displayname_tmp .= " $calendar_lang";
+		}
+
+		// Encode the calendar path.
+		$cal_encoded_tmp = urlencode($cal_tmp);
+
+		// Display the option.
+		//
+		// The submitted calendar will be encoded, and always use http://
+		// if it is a webcal. So that is how we perform the comparison when
+		// trying to figure out if this is the selected calendar.
+		$cal_httpPrefix_tmp = str_replace('webcal://', 'http://', $cal_tmp);
+		if ($cal_httpPrefix_tmp == urldecode($cal)) {
+			print "<option value=\"$current_view.php?cal=$cal_encoded_tmp&amp;getdate=$getdate\" selected>$cal_displayname_tmp</option>";
+		} else {
+			print "<option value=\"$current_view.php?cal=$cal_encoded_tmp&amp;getdate=$getdate\">$cal_displayname_tmp</option>";	
+		}
+	}			
+
+	// option to open all (non-web) calenders together
+	if ($cal == $ALL_CALENDARS_COMBINED) {
+		print "<option value=\"$current_view.php?cal=$ALL_CALENDARS_COMBINED&amp;getdate=$getdate\" selected>$all_cal_comb_lang</option>";
+	} else {
+		print "<option value=\"$current_view.php?cal=$ALL_CALENDARS_COMBINED&amp;getdate=$getdate\">$all_cal_comb_lang</option>";
+	}
+}
\ No newline at end of file