Added username/password login to access locked calendars. Moved

calendar availability logic (with support for login) to a
calendar_functions.php file.

RSS feeds support the login feature when determining which calendars
to return.

Styles updated for the login box.

4 files changed, 152 insertions, 78 deletions

diff --git a/functions/admin_functions.php b/functions/admin_functions.php
index 325a9dd..207dcf7 100644
--- a/functions/admin_functions.php
+++ b/functions/admin_functions.php
@@ -284,23 +284,4 @@ function is_uploaded_ics ($filename) {
 	}
 }
 
-// Get all calendar filenames (not including path)
-//
-// argo: string path to calendar files
-// returns array filenames (not including path)
-function get_calendar_files($calendar_path) {
-	global $error_path_lang;
-	
-	$dir_handle = @opendir($calendar_path) or die(error(sprintf($error_path_lang, $calendar_path)));
-	$filelist = array();
-	while ($file = readdir($dir_handle)) {
-		if (preg_match("/^[^.].+\.ics$/", $file)) {
-			array_push($filelist, $file);
-		}
-	}
-	closedir($dir_handle);
-	natcasesort($filelist);
-	return $filelist;
-}
-
-?>
\ No newline at end of file
+?>
diff --git a/functions/calendar_functions.php b/functions/calendar_functions.php
new file mode 100644
index 0000000..84f22cc
--- /dev/null
+++ b/functions/calendar_functions.php
@@ -0,0 +1,113 @@
+<?php
+
+// This function returns a list of all calendars that the current user
+// has access to. Basically, all local calendars found in the calendar
+// directory, plus any webcals listed in the configuration file, but
+// excluding blacklisted calendars and locked calendars which the user,
+// if logged in, does not have access to.
+//
+// $username		= The username. Empty if no username provided.
+// $password		= The password. Empty if no password provided.
+// $cal_filename	= The calendar name without .ics.
+// $admin			= True if this is an administrative request, in
+//					  which case all local calendars only will be
+//					  returned.
+function availableCalendars($username, $password, $cal_filename, $admin = false) {
+	// Import globals.
+	global $calendar_path, $blacklisted_cals, $list_webcals, $locked_cals, $locked_map, $error_path_lang, $error_restrictedcal_lang, $ALL_CALENDARS_COMBINED;
+
+	// Create the list of available calendars.
+	$calendars = array();
+
+	// Grab the list of unlocked calendars.
+	$unlocked_cals = array();
+	if (isset($locked_map["$username:$password"])) {
+		$unlocked_cals = $locked_map["$username:$password"];
+	}
+	
+	// Include all local and web calendars if asking for all calendars
+	// combined.
+	if ($cal_filename == $ALL_CALENDARS_COMBINED || $admin) {
+		// Add local calendars.
+		$dir_handle = @opendir($calendar_path)
+			or die(error(sprintf($error_path_lang, $calendar_path), $cal_filename));
+		while (($file = readdir($dir_handle)) != false) {
+			// Make sure this is not a dot file and it ends with .ics,
+			// and that it is not blacklisted.
+			if (!preg_match("/^[^.].+\.ics$/i", $file)) continue;
+			$cal_name = substr($file, 0, -4);
+			if (in_array($cal_name, $blacklisted_cals)) continue;
+			
+			// Exclude locked calendars.
+			if (!$admin &&
+				in_array($cal_name, $locked_cals) &&
+				!in_array($cal_name, $unlocked_cals))
+			{
+				continue;
+			}
+			
+			// Add this calendar.
+			array_push($calendars, "$calendar_path/$file");
+		}
+		
+		// Add web calendars.
+		if (!$admin) {
+			foreach ($list_webcals as $file) {
+				// Make sure the URL ends with .ics.
+				if (!preg_match("/.ics$/i", $file)) continue;
+				
+				// Add this calendar.
+				array_push($calendars, $file);
+			}
+		}
+	}
+	
+	// Otherwise just include the requested calendar.
+	else {
+		// Make sure this is not a blacklisted calendar. We don't have
+		// to remove a .ics suffix because it would not have been passed
+		// in the argument.
+		if (in_array($cal_filename, $blacklisted_cals))
+			exit(error($error_restrictedcal_lang, $cal_filename));
+		
+		// Make sure this calendar is not locked.
+		if (in_array($cal_filename, $locked_cals) &&
+			!in_array($cal_filename, $unlocked_cals))
+		{
+			// Use the invalid calendar message so that the user is
+			// not made aware of locked calendars.
+			exit(error($error_invalidcal_lang, $cal_filename));
+		}
+		
+		// Add this calendar.
+		array_push($calendars, "$calendar_path/$cal_filename.ics");
+	}
+	
+	// Return the sorted calendar list.
+	natcasesort($calendars);
+	return $calendars;
+}
+
+// This function returns the result of the availableCalendars function
+// but only includes the calendar filename (including the .ics) and not
+// the entire path.
+//
+// $username		= The username. Empty if no username provided.
+// $password		= The password. Empty if no password provided.
+// $cal_filename	= The calendar name without .ics.
+// $admin			= True if this is an administrative request, in
+//					  which case all local calendars only will be
+//					  returned.
+function availableCalendarNames($username, $password, $cal_filename, $admin = false) {
+	// Grab the available calendar paths.
+	$calendars = availableCalendars($username, $password, $cal_filename, $admin);
+
+	// Strip the paths off the calendars.
+	foreach (array_keys($calendars) as $key) {
+		$calendars[$key] = basename($calendars[$key]);
+	}
+	
+	// Return the sorted calendar names.
+	natcasesort($calendars);
+	return $calendars;
+}
diff --git a/functions/init.inc.php b/functions/init.inc.php
index 512a487..c2ce6a8 100644
--- a/functions/init.inc.php
+++ b/functions/init.inc.php
@@ -12,6 +12,7 @@ $ALL_CALENDARS_COMBINED = 'all_calendars_combined971';
 if (!defined('BASE')) define('BASE', './');
 include(BASE.'config.inc.php');
 include(BASE.'functions/error.php');
+include(BASE.'functions/calendar_functions.php');
 if (isset($HTTP_COOKIE_VARS['phpicalendar'])) {
 	$phpicalendar = unserialize(stripslashes($HTTP_COOKIE_VARS['phpicalendar']));
 	if (isset($phpicalendar['cookie_language'])) 	$language 			= $phpicalendar['cookie_language'];
@@ -22,6 +23,34 @@ if (isset($HTTP_COOKIE_VARS['phpicalendar'])) {
 	if (isset($phpicalendar['cookie_time']))		$day_start			= $phpicalendar['cookie_time'];
 }
 
+// Look for a login cookie.
+unset($username, $password);
+if (isset($HTTP_COOKIE_VARS['phpicalendar_login'])) {
+	$login_cookie = unserialize(stripslashes($HTTP_COOKIE_VARS['phpicalendar_login']));
+	if (isset($login_cookie['username']))	$username = $login_cookie['username'];
+	if (isset($login_cookie['password']))	$password = $login_cookie['password'];
+}
+
+// Look for a new username and password.
+if (isset($HTTP_GET_VARS['username']))			$username = $HTTP_GET_VARS['username'];
+else if (isset($HTTP_POST_VARS['username']))	$username = $HTTP_POST_VARS['username'];
+if (isset($HTTP_GET_VARS['password']))			$password = $HTTP_GET_VARS['password'];
+else if (isset($HTTP_POST_VARS['password']))	$password = $HTTP_POST_VARS['password'];
+
+// Set the login cookie if logging in. Clear it if logging out.
+if (isset($HTTP_GET_VARS['action'])) {
+	$action = $HTTP_GET_VARS['action'];
+} else {
+	$action = '';
+}
+if ($action == 'login') {
+	$the_cookie = serialize(array('username' => $username, 'password' => $password));
+	setcookie('phpicalendar_login', $the_cookie, time()+(60*60*24*7*12*10), '/', $cookie_uri, 0);
+} else if ($action == 'logout') {
+	setcookie('phpicalendar_login', '', time()-(60*60*24*7), '/', $cookie_uri, 0);
+	unset($username, $password);
+}
+
 // language support
 $language = strtolower($language);
 $lang_file = BASE.'/languages/'.$language.'.inc.php';
@@ -99,42 +128,8 @@ if ($is_webcal) {
 		exit(error($error_restrictedcal_lang, $cal_filename));
 	} else {
 		if (!isset($filename)) {
-			// empty the filelist array
-			$cal_filelist = array();
-			if ($cal == $ALL_CALENDARS_COMBINED) { // Create an array with the paths to all files to be combined
-				// Note: code here is similar to code in list_icals.php
-				// open directory
-				$dir_handle = @opendir($calendar_path) or die(error(sprintf($error_path_lang, $calendar_path), $cal_filename));
-	
-				// build the array
-				while (false != ($file = readdir($dir_handle))) {
-					if (preg_match("/^[^.].+\.ics$/", $file) &&
-						!in_array(substr($file, 0, -4), $blacklisted_cals)) {
-							$file = $calendar_path.'/'.$file;
-							array_push($cal_filelist, $file);
-					}
-				}
-				// add webcals
-				foreach ($list_webcals as $file) {
-					if (preg_match("/^[^.].+\.ics$/", $file)) {
-						array_push($cal_filelist, $file);
-					}
-				}
-				natcasesort($cal_filelist);
-			} else { // Handle a single file
-				$filename = $calendar_path.'/'.$cal_filename.'.ics';
-				if (true == false) {
-					$dir_handle = @opendir($calendar_path) or die(error(sprintf($error_path_lang, $calendar_path), $cal_filename));
-					while ($file = readdir($dir_handle)) {
-						if (substr($file, -4) == '.ics') {
-							$cal = urlencode(substr($file, 0, -4));
-							$filename = $calendar_path.'/'.$file;
-							break;
-						}
-					}
-				}
-				array_push($cal_filelist, $filename);
-			}
+			$cal_filelist = availableCalendars($username, $password, $cal_filename);
+			if (count($cal_filelist) == 1) $filename = $cal_filelist[0];
 		}
 		
 		// Sets the download and subscribe paths from the config if present.
diff --git a/functions/list_icals.php b/functions/list_icals.php
index 9382656..c2e6ce4 100644
--- a/functions/list_icals.php
+++ b/functions/list_icals.php
@@ -8,16 +8,8 @@ if ($display_ical_list == "yes") {
 	// open file
 	$dir_handle = @opendir($calendar_path) or die(error(sprintf($error_path_lang, $calendar_path), $cal_filename));
 	
-	// empty the filelist array
-	$filelist = array();
-
-	// build the <option> tags
-	while (false != ($file = readdir($dir_handle))) {
-		if (preg_match("/^[^.].+\.ics$/", $file)) {
-			array_push($filelist, $file);
-		}
-	}
-	natcasesort($filelist);
+	// Grab all calendars.
+	$filelist = availableCalendarNames($username, $password, $ALL_CALENDARS_COMBINED);
 	foreach ($filelist as $file) {
 		
 		// $cal_filename is the filename of the calendar without .ics
@@ -26,13 +18,11 @@ if ($display_ical_list == "yes") {
 		$cal_filename_tmp = substr($file,0,-4);
 		$cal_tmp = urlencode($cal_filename_tmp);
 		$cal_displayname_tmp = str_replace("32", " ", $cal_filename_tmp);
-		if (!in_array($cal_filename_tmp, $blacklisted_cals)) {
-			if ($cal_tmp == $cal) {
-				print "<option value=\"$current_view.php?cal=$cal_tmp&amp;getdate=$getdate\" selected>$cal_displayname_tmp $calendar_lang</option>";
-			} else {
-				print "<option value=\"$current_view.php?cal=$cal_tmp&amp;getdate=$getdate\">$cal_displayname_tmp $calendar_lang</option>";	
-			}
-		}	
+		if ($cal_tmp == $cal) {
+			print "<option value=\"$current_view.php?cal=$cal_tmp\" selected>$cal_displayname_tmp $calendar_lang</option>\n";
+		} else {
+			print "<option value=\"$current_view.php?cal=$cal_tmp\">$cal_displayname_tmp $calendar_lang</option>\n";	
+		}
 	}			
 
 	// option to open all (non-web) calenders together
@@ -55,14 +45,9 @@ if ($display_ical_list == "yes") {
 			}		
 		}
 	}
-
-	// close file
-	closedir($dir_handle);
 	
 	// finish <select>
 	print "</select>";
 	
 }
-
-
 ?>