aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--config.inc.php10
-rw-r--r--functions/calendar_functions.php93
-rw-r--r--functions/init.inc.php57
-rw-r--r--functions/list_icals.php30
-rw-r--r--includes/calendar_nav.php2
-rw-r--r--includes/login.php5
-rw-r--r--includes/sidebar.php2
-rw-r--r--preferences.php37
8 files changed, 137 insertions, 99 deletions
diff --git a/config.inc.php b/config.inc.php
index 2e125a2..b1462e5 100644
--- a/config.inc.php
+++ b/config.inc.php
@@ -43,7 +43,7 @@ $allow_preferences = 'yes'; // Allow visitors to change various preferences v
$printview_default = 'no'; // Set print view as the default view. day, week, and month only supported views for $default_view (listed well above).
$show_todos = 'yes'; // Show your todo list on the side of day and week view.
$show_completed = 'no'; // Show completed todos on your todo list.
-$show_login = 'no'; // Set to yes to prompt for login to unlock calendars.
+$allow_login = 'no'; // Set to yes to prompt for login to unlock calendars.
// Webdav style publishing
$phpicalendar_publishing = ''; // Set to '1' to enable remote webdav style publish. See 'calendars/publish.php' for complete information;
@@ -80,5 +80,9 @@ $locked_map['user3:pass'] = array(''); // listed in the $locked_cals, again wit
$locked_map['user4:pass'] = array(''); // Example: $locked_map['username:password'] = array('Locked1', 'Locked2');
// add more lines as necessary
-
-?>
+$apache_map['user1'] = array(''); // Map HTTP authenticated users to specific calendars. Users listed here and
+$apache_map['user2'] = array(''); // authenticated via HTTP will not see the public calendars, and will not be
+$apache_map['user3'] = array(''); // given any login/logout options. Calendar names not include the .ics suffix.
+$apache_map['user4'] = array(''); // Example: $apache_map['username'] = array('Calendar1', 'Calendar2');
+// add more lines as necessary
+?> \ No newline at end of file
diff --git a/functions/calendar_functions.php b/functions/calendar_functions.php
index 84f22cc..45cf670 100644
--- a/functions/calendar_functions.php
+++ b/functions/calendar_functions.php
@@ -14,11 +14,17 @@
// returned.
function availableCalendars($username, $password, $cal_filename, $admin = false) {
// Import globals.
- global $calendar_path, $blacklisted_cals, $list_webcals, $locked_cals, $locked_map, $error_path_lang, $error_restrictedcal_lang, $ALL_CALENDARS_COMBINED;
+ global $calendar_path, $blacklisted_cals, $list_webcals, $locked_cals, $locked_map, $apache_map, $error_path_lang, $error_restrictedcal_lang, $error_invalidcal_lang, $ALL_CALENDARS_COMBINED, $_SERVER;
// Create the list of available calendars.
$calendars = array();
+ // Grab any HTTP authentication.
+ unset($http_user);
+ if (isset($_SERVER['PHP_AUTH_USER'])) {
+ $http_user = $_SERVER['PHP_AUTH_USER'];
+ }
+
// Grab the list of unlocked calendars.
$unlocked_cals = array();
if (isset($locked_map["$username:$password"])) {
@@ -37,9 +43,15 @@ function availableCalendars($username, $password, $cal_filename, $admin = false)
if (!preg_match("/^[^.].+\.ics$/i", $file)) continue;
$cal_name = substr($file, 0, -4);
if (in_array($cal_name, $blacklisted_cals)) continue;
+
+ // If HTTP authenticated, make sure this calendar is available
+ // to the user.
+ if (isset($http_user)) {
+ if (!in_array($cal_name, $apache_map[$http_user])) continue;
+ }
- // Exclude locked calendars.
- if (!$admin &&
+ // Otherwise exclude locked calendars.
+ else if (!$admin &&
in_array($cal_name, $locked_cals) &&
!in_array($cal_name, $unlocked_cals))
{
@@ -51,7 +63,7 @@ function availableCalendars($username, $password, $cal_filename, $admin = false)
}
// Add web calendars.
- if (!$admin) {
+ if (!isset($http_user) && !$admin) {
foreach ($list_webcals as $file) {
// Make sure the URL ends with .ics.
if (!preg_match("/.ics$/i", $file)) continue;
@@ -69,9 +81,19 @@ function availableCalendars($username, $password, $cal_filename, $admin = false)
// in the argument.
if (in_array($cal_filename, $blacklisted_cals))
exit(error($error_restrictedcal_lang, $cal_filename));
+
+ // If HTTP authenticated, make sure this calendar is available
+ // to the user.
+ if (isset($http_user)) {
+ if (!in_array($cal_filename, $apache_map[$http_user])) {
+ // Use the invalid calendar message so that the user is
+ // not made aware of locked calendars.
+ exit(error($error_invalidcal_lang, $cal_filename));
+ }
+ }
- // Make sure this calendar is not locked.
- if (in_array($cal_filename, $locked_cals) &&
+ // Otherwise make sure this calendar is not locked.
+ else if (in_array($cal_filename, $locked_cals) &&
!in_array($cal_filename, $unlocked_cals))
{
// Use the invalid calendar message so that the user is
@@ -111,3 +133,62 @@ function availableCalendarNames($username, $password, $cal_filename, $admin = fa
natcasesort($calendars);
return $calendars;
}
+
+// This function prints out the calendars available to the user, for
+// selection. Should be enclosed within a <select>...</select>, which
+// is not printed out by this function.
+//
+// $cals = The calendars (entire path, e.g. from availableCalendars).
+function display_ical_list($cals) {
+ global $cal, $ALL_CALENDARS_COMBINED, $current_view, $getdate, $calendar_lang, $all_cal_comb_lang;
+
+ // Print each calendar option.
+ foreach ($cals as $cal_tmp) {
+ // Format the calendar path for display.
+ //
+ // Only display the calendar name, replace all instances of "32" with " ",
+ // and remove the .ics suffix.
+ $cal_displayname_tmp = basename($cal_tmp);
+ $cal_displayname_tmp = str_replace("32", " ", $cal_displayname_tmp);
+ $cal_displayname_tmp = substr($cal_displayname_tmp, 0, -4);
+
+ // If this is a webcal, add 'Webcal' to the display name.
+ if (preg_match("/^(https?|webcal):\/\//i", $cal_tmp)) {
+ $cal_displayname_tmp .= " Webcal";
+ }
+
+ // Otherwise, remove all the path information, since that should
+ // not be used to identify local calendars. Also add the calendar
+ // label to the display name.
+ else {
+ // Strip path and .ics suffix.
+ $cal_tmp = basename($cal_tmp);
+ $cal_tmp = substr($cal_tmp, 0, -4);
+
+ // Add calendar label.
+ $cal_displayname_tmp .= " $calendar_lang";
+ }
+
+ // Encode the calendar path.
+ $cal_encoded_tmp = urlencode($cal_tmp);
+
+ // Display the option.
+ //
+ // The submitted calendar will be encoded, and always use http://
+ // if it is a webcal. So that is how we perform the comparison when
+ // trying to figure out if this is the selected calendar.
+ $cal_httpPrefix_tmp = str_replace('webcal://', 'http://', $cal_tmp);
+ if ($cal_httpPrefix_tmp == urldecode($cal)) {
+ print "<option value=\"$current_view.php?cal=$cal_encoded_tmp&amp;getdate=$getdate\" selected>$cal_displayname_tmp</option>";
+ } else {
+ print "<option value=\"$current_view.php?cal=$cal_encoded_tmp&amp;getdate=$getdate\">$cal_displayname_tmp</option>";
+ }
+ }
+
+ // option to open all (non-web) calenders together
+ if ($cal == $ALL_CALENDARS_COMBINED) {
+ print "<option value=\"$current_view.php?cal=$ALL_CALENDARS_COMBINED&amp;getdate=$getdate\" selected>$all_cal_comb_lang</option>";
+ } else {
+ print "<option value=\"$current_view.php?cal=$ALL_CALENDARS_COMBINED&amp;getdate=$getdate\">$all_cal_comb_lang</option>";
+ }
+} \ No newline at end of file
diff --git a/functions/init.inc.php b/functions/init.inc.php
index 46f5bcc..7adb4e5 100644
--- a/functions/init.inc.php
+++ b/functions/init.inc.php
@@ -6,9 +6,17 @@
//chmod(BASE.'calendars/School.ics',0666);
// uncomment when developing, comment for shipping version
-error_reporting (E_WARNING);
+error_reporting (E_ERROR | E_WARNING);
+// Older versions of PHP do not define $_SERVER. Define it here instead.
+if (!isset($_SERVER) && isset($HTTP_SERVER_VARS)) {
+ $_SERVER = &$HTTP_SERVER_VARS;
+}
+
+// Define some magic strings.
$ALL_CALENDARS_COMBINED = 'all_calendars_combined971';
+
+// Pull in the configuration and some functions.
if (!defined('BASE')) define('BASE', './');
include(BASE.'config.inc.php');
include(BASE.'functions/error.php');
@@ -23,33 +31,36 @@ if (isset($HTTP_COOKIE_VARS['phpicalendar'])) {
if (isset($phpicalendar['cookie_time'])) $day_start = $phpicalendar['cookie_time'];
}
+// Set the cookie URI.
if ($cookie_uri == '') {
$cookie_uri = $HTTP_SERVER_VARS['SERVER_NAME'].substr($HTTP_SERVER_VARS['PHP_SELF'],0,strpos($HTTP_SERVER_VARS['PHP_SELF'], '/'));
}
-// Look for a login cookie.
-unset($username, $password);
-if (isset($HTTP_COOKIE_VARS['phpicalendar_login'])) {
- $login_cookie = unserialize(stripslashes($HTTP_COOKIE_VARS['phpicalendar_login']));
- if (isset($login_cookie['username'])) $username = $login_cookie['username'];
- if (isset($login_cookie['password'])) $password = $login_cookie['password'];
-}
+// If not HTTP authenticated, try login via cookies or the web page.
+$username = ''; $password = '';
+if (!isset($_SERVER['PHP_AUTH_USER'])) {
+ // Look for a login cookie.
+ if (isset($HTTP_COOKIE_VARS['phpicalendar_login'])) {
+ $login_cookie = unserialize(stripslashes($HTTP_COOKIE_VARS['phpicalendar_login']));
+ if (isset($login_cookie['username'])) $username = $login_cookie['username'];
+ if (isset($login_cookie['password'])) $password = $login_cookie['password'];
+ }
+
+ // Look for a new username and password.
+ if (isset($HTTP_GET_VARS['username'])) $username = $HTTP_GET_VARS['username'];
+ else if (isset($HTTP_POST_VARS['username'])) $username = $HTTP_POST_VARS['username'];
+ if (isset($HTTP_GET_VARS['password'])) $password = $HTTP_GET_VARS['password'];
+ else if (isset($HTTP_POST_VARS['password'])) $password = $HTTP_POST_VARS['password'];
-// Look for a new username and password.
-if (isset($HTTP_GET_VARS['username'])) $username = $HTTP_GET_VARS['username'];
-else if (isset($HTTP_POST_VARS['username'])) $username = $HTTP_POST_VARS['username'];
-if (isset($HTTP_GET_VARS['password'])) $password = $HTTP_GET_VARS['password'];
-else if (isset($HTTP_POST_VARS['password'])) $password = $HTTP_POST_VARS['password'];
-
-// Set the login cookie if logging in. Clear it if logging out.
-$action = (isset($_REQUEST['action'])) ? $_REQUEST['action'] : '';
-
-if ($action == 'login') {
- $the_cookie = serialize(array('username' => $username, 'password' => $password));
- setcookie('phpicalendar_login', $the_cookie, time()+(60*60*24*7*12*10), '/', $cookie_uri, 0);
-} else if ($action == 'logout') {
- setcookie('phpicalendar_login', '', time()-(60*60*24*7), '/', $cookie_uri, 0);
- unset($username, $password);
+ // Set the login cookie if logging in. Clear it if logging out.
+ $action = (isset($_REQUEST['action'])) ? $_REQUEST['action'] : '';
+ if ($action == 'login') {
+ $the_cookie = serialize(array('username' => $username, 'password' => $password));
+ setcookie('phpicalendar_login', $the_cookie, time()+(60*60*24*7*12*10), '/', $cookie_uri, 0);
+ } else if ($action == 'logout') {
+ setcookie('phpicalendar_login', '', time()-(60*60*24*7), '/', $cookie_uri, 0);
+ $username = ''; $password = '';
+ }
}
// language support
diff --git a/functions/list_icals.php b/functions/list_icals.php
index c4d5211..81984f7 100644
--- a/functions/list_icals.php
+++ b/functions/list_icals.php
@@ -3,33 +3,9 @@ if ($display_ical_list == "yes") {
echo "<select name=\"action\" class=\"query_style\" onChange=\"window.location=(this.options[this.selectedIndex].value+'";
if (isset($query)) echo $query;
echo "');\">";
-
- $all_cals = availableCalendars($username, $password, $ALL_CALENDARS_COMBINED);
- foreach ($all_cals as $cal_tmp) {
- $cal_displayname_tmp = basename($cal_tmp);
- $cal_displayname_tmp = str_replace("32", " ", $cal_displayname_tmp);
- $cal_displayname_tmp = substr($cal_displayname_tmp, 0, -4);
-
- if (preg_match("/^(https?|webcal):\/\//i", $cal_tmp)) {
- $cal_displayname_tmp .= " Webcal";
- } else {
- $cal_tmp = basename($cal_tmp);
- $cal_tmp = substr($cal_tmp, 0, -4);
- $cal_displayname_tmp .= " $calendar_lang";
- }
- $cal_encoded_tmp = urlencode($cal_tmp);
- $cal_httpPrefix_tmp = str_replace('webcal://', 'http://', $cal_tmp);
- if ($cal_httpPrefix_tmp == urldecode($cal)) {
- print "<option value=\"$current_view.php?cal=$cal_encoded_tmp&amp;getdate=$getdate\" selected>$cal_displayname_tmp</option>";
- } else {
- print "<option value=\"$current_view.php?cal=$cal_encoded_tmp&amp;getdate=$getdate\">$cal_displayname_tmp</option>";
- }
- }
- if ($cal == $ALL_CALENDARS_COMBINED) {
- print "<option value=\"$current_view.php?cal=$ALL_CALENDARS_COMBINED&amp;getdate=$getdate\" selected>$all_cal_comb_lang</option>";
- } else {
- print "<option value=\"$current_view.php?cal=$ALL_CALENDARS_COMBINED&amp;getdate=$getdate\">$all_cal_comb_lang</option>";
- }
+
+ // List the calendars.
+ display_ical_list(availableCalendars($username, $password, $ALL_CALENDARS_COMBINED));
print "</select>";
}
diff --git a/includes/calendar_nav.php b/includes/calendar_nav.php
index fc82742..f4e7285 100644
--- a/includes/calendar_nav.php
+++ b/includes/calendar_nav.php
@@ -150,7 +150,7 @@
echo "<a class=\"psf\" href=\"print.php?cal=$cal&amp;getdate=$getdate&amp;printview=$current_view\">$goprint_lang</a><br>\n";
if ($allow_preferences != 'no') echo "<a class=\"psf\" href=\"preferences.php?cal=$cal&amp;getdate=$getdate\">$preferences_lang</a><br>\n";
if ($cal != $ALL_CALENDARS_COMBINED && $subscribe_path != '' && $download_filename != '') echo "<a class=\"psf\" href=\"$subscribe_path\">$subscribe_lang</a>&nbsp;|&nbsp;<a class=\"psf\" href=\"$download_filename\">$download_lang</a>\n";
- if (isset($username)) {
+ if ($username != '') {
$querys = preg_replace("/action=[^&]+/", "action=logout", $QUERY_STRING);
if ($querys == $QUERY_STRING) $querys .= "&action=logout";
$querys = preg_replace("/(username|password)=[^&]+/", "", $querys);
diff --git a/includes/login.php b/includes/login.php
index f374c31..06b7381 100644
--- a/includes/login.php
+++ b/includes/login.php
@@ -1,6 +1,7 @@
<?php
- // Hide the login block if logged in or there are no lock usernames.
- if (!isset($username) && $show_login == 'yes') {
+ // Hide the login block if logged in, there are no lock usernames,
+ // or if authenticated via HTTP.
+ if ($username == '' && $allow_login == 'yes' && !isset($_SERVER['PHP_AUTH_USER'])) {
// Set the login table width if not set.
if (!isset($login_width)) $login_width = "100%";
diff --git a/includes/sidebar.php b/includes/sidebar.php
index fbbf43f..82d5301 100644
--- a/includes/sidebar.php
+++ b/includes/sidebar.php
@@ -39,7 +39,7 @@ $search_box = '<form style="margin-bottom:0;" action="search.php" method="GET"><
echo "<a class=\"psf\" href=\"print.php?cal=$cal&amp;getdate=$getdate&amp;printview=$current_view\">$goprint_lang</a><br>\n";
if ($allow_preferences != 'no') echo "<a class=\"psf\" href=\"preferences.php?cal=$cal&amp;getdate=$getdate\">$preferences_lang</a><br>\n";
if ($cal != $ALL_CALENDARS_COMBINED && $subscribe_path != '' && $download_filename != '') echo "<a class=\"psf\" href=\"$subscribe_path\">$subscribe_lang</a>&nbsp;|&nbsp;<a class=\"psf\" href=\"$download_filename\">$download_lang</a>\n";
- if (isset($username)) {
+ if ($username != '') {
$querys = preg_replace("/action=[^&]+/", "action=logout", $QUERY_STRING);
if ($querys == $QUERY_STRING) $querys .= '&action=logout';
$querys = preg_replace("/(username|password)=[^&]+/", "", $querys);
diff --git a/preferences.php b/preferences.php
index 7c67ec7..2aa7ba0 100644
--- a/preferences.php
+++ b/preferences.php
@@ -2,7 +2,6 @@
define('BASE','./');
include(BASE.'functions/ical_parser.php');
-include(BASE.'functions/calendar_functions.php');
$display_date = $preferences_lang;
if ($cookie_uri == '') {
@@ -158,41 +157,7 @@ include (BASE.'includes/header.inc.php');
// Begin Calendar Selection
//
print "<select name=\"cookie_calendar\" class=\"query_style\">\n";
- $filelist = availableCalendarNames($username, $password, $ALL_CALENDARS_COMBINED);
- foreach ($filelist as $file) {
- $cal_filename_tmp = substr($file,0,-4);
- $cal_tmp = urlencode($cal_filename_tmp);
- $cal_displayname_tmp = str_replace("32", " ", $cal_filename_tmp);
- if (!in_array($cal_filename_tmp, $blacklisted_cals)) {
- if ($cal_tmp == $cookie_calendar) {
- print "<option value=\"$cal_tmp\" selected>$cal_displayname_tmp $calendar_lang</option>\n";
- } else {
- print "<option value=\"$cal_tmp\">$cal_displayname_tmp $calendar_lang</option>\n";
- }
- }
- }
- // add option to open all (non-web) calenders together
- // Todo: add $all_calenders_combined_lang (plural) in the language-specific files and use it here
- if ($cookie_calendar == $ALL_CALENDARS_COMBINED) {
- print "<option value=\"$ALL_CALENDARS_COMBINED\" selected>$all_cal_comb_lang</option>\n";
- } else {
- print "<option value=\"$ALL_CALENDARS_COMBINED\">$all_cal_comb_lang</option>\n";
- }
-
- foreach($list_webcals as $cal_tmp) {
- if ($cal_tmp != '') {
- $cal_displayname_tmp = basename($cal_tmp);
- $cal_displayname_tmp = str_replace("32", " ", $cal_displayname_tmp);
- $cal_displayname_tmp = substr($cal_displayname_tmp,0,-4);
- $cal_encoded_tmp = urlencode($cal_tmp);
- if ($cal_tmp == $cal_httpPrefix || $cal_tmp == $cal_webcalPrefix) {
- print "<option value=\"$cal_encoded_tmp\" selected>$cal_displayname_tmp Webcal</option>\n";
- } else {
- print "<option value=\"$cal_encoded_tmp\">$cal_displayname_tmp Webcal</option>\n";
- }
- }
- }
- closedir($dir_handle);
+ display_ical_list(availableCalendars($username, $password, $ALL_CALENDARS_COMBINED));
print "</select>\n";
?>
</td>

© 2014-2024 Faster IT GmbH | imprint | privacy policy