From 911d0baa7862a6e1e0c9129ab4177ff9712a319c Mon Sep 17 00:00:00 2001
From: Wesley Miaw <josuah@users.sourceforge.net>
Date: Fri, 14 May 2004 21:09:16 +0000
Subject: Implemented user login via cookies and/or sessions with templates.

---
 config.inc.php                   |   1 +
 day.php                          |  13 +++-
 functions/init.inc.php           |  52 +++-----------
 functions/template.php           |   2 +-
 functions/userauth_functions.php | 143 +++++++++++++++++++++++++++++++++++++++
 templates/default/sidebar.tpl    |  37 +++++++++-
 week.php                         |  13 +++-
 7 files changed, 216 insertions(+), 45 deletions(-)
 create mode 100644 functions/userauth_functions.php

diff --git a/config.inc.php b/config.inc.php
index 11d4deb..74e901d 100644
--- a/config.inc.php
+++ b/config.inc.php
@@ -44,6 +44,7 @@ $printview_default		= 'no';				// Set print view as the default view. day, week,
 $show_todos				= 'yes';			// Show your todo list on the side of day and week view.
 $show_completed			= 'no';				// Show completed todos on your todo list.
 $allow_login			= 'no';				// Set to yes to prompt for login to unlock calendars.
+$login_cookies			= 'no';			// Set to yes to store authentication information via (unencrypted) cookies. Set to no to use sessions.
 
 // Webdav style publishing
 $phpicalendar_publishing = '';				// Set to '1' to enable remote webdav style publish. See 'calendars/publish.php' for complete information;
diff --git a/day.php b/day.php
index bfa8d4b..053e8e9 100644
--- a/day.php
+++ b/day.php
@@ -33,6 +33,12 @@ $list_weeks 	= list_weeks();
 $list_jumps 	= list_jumps();
 $list_calcolors = list_calcolors();
 
+// login/logout
+$is_logged_in = ($username != '' && !$invalid_login) ? true : false;
+$show_user_login = (!$is_logged_in && $allow_login);
+$login_querys = login_querys();
+$logout_querys = logout_querys();
+
 $page = new Page(BASE.'templates/'.$template.'/day.tpl');
 
 $page->replace_tags(array(
@@ -56,7 +62,12 @@ $page->replace_tags(array(
 	'next_day' 			=> $next_day,
 	'prev_day'	 		=> $prev_day,
 	'show_goto' 		=> '',
-	'is_logged_in' 		=> '',
+	'show_user_login'	=> $show_user_login,
+	'invalid_login'		=> $invalid_login,
+	'login_querys'		=> $login_querys,
+	'is_logged_in' 		=> $is_logged_in,
+	'username'			=> $username,
+	'logout_querys'		=> $logout_querys,
 	'list_icals' 		=> $list_icals,
 	'list_years' 		=> $list_years,
 	'list_months' 		=> $list_months,
diff --git a/functions/init.inc.php b/functions/init.inc.php
index 5be4847..68ef2b7 100644
--- a/functions/init.inc.php
+++ b/functions/init.inc.php
@@ -21,6 +21,7 @@ if (!defined('BASE')) define('BASE', './');
 include_once(BASE.'config.inc.php');
 include_once(BASE.'functions/error.php');
 include_once(BASE.'functions/calendar_functions.php');
+include_once(BASE.'functions/userauth_functions.php');
 if (isset($HTTP_COOKIE_VARS['phpicalendar'])) {
 	$phpicalendar = unserialize(stripslashes($HTTP_COOKIE_VARS['phpicalendar']));
 	if (isset($phpicalendar['cookie_language'])) 	$language 			= $phpicalendar['cookie_language'];
@@ -38,47 +39,16 @@ if ($cookie_uri == '') {
 
 if ($bleed_time == '') $bleed_time = $day_start;
 
-// If not HTTP authenticated, try login via cookies or the web page.
-$username = ''; $password = '';
-if (!isset($_SERVER['PHP_AUTH_USER'])) {
-	// Look for a login cookie.
-	if (isset($HTTP_COOKIE_VARS['phpicalendar_login'])) {
-		$login_cookie = unserialize(stripslashes($HTTP_COOKIE_VARS['phpicalendar_login']));
-		if (isset($login_cookie['username']))	$username = $login_cookie['username'];
-		if (isset($login_cookie['password']))	$password = $login_cookie['password'];
-	}
-
-	// Look for a new username and password.
-	if (isset($HTTP_GET_VARS['username']))			$username = $HTTP_GET_VARS['username'];
-	else if (isset($HTTP_POST_VARS['username']))	$username = $HTTP_POST_VARS['username'];
-	if (isset($HTTP_GET_VARS['password']))			$password = $HTTP_GET_VARS['password'];
-	else if (isset($HTTP_POST_VARS['password']))	$password = $HTTP_POST_VARS['password'];
-
-	// Grab the action (login or logout).
-	if (isset($HTTP_GET_VARS['action']))			$action = $HTTP_GET_VARS['action'];
-	else if (isset($HTTP_POST_VARS['action']))		$action = $HTTP_POST_VARS['action'];
-	else											$action = '';
-
-	// Check to make sure the username and password is valid.
-	if ($action == 'login' && !key_exists("$username:$password", $locked_map)) {
-		// Don't login, instead logout.
-		$action = 'logout';
-
-		// Remember the invalid login, because we may want to
-		// display a message elsewhere.
-		$invalid_login = true;
-	} else {
-		$invalid_login = false;
-	}
-
-	// Set the login cookie if logging in. Clear it if logging out.
-	if ($action == 'login') {
-		$the_cookie = serialize(array('username' => $username, 'password' => $password));
-		setcookie('phpicalendar_login', $the_cookie, time()+(60*60*24*7*12*10), '/', $cookie_uri, 0);
-	} else if ($action == 'logout') {
-		setcookie('phpicalendar_login', '', time()-(60*60*24*7), '/', $cookie_uri, 0);
-		$username = ''; $password = '';
-	}
+// Grab the action (login or logout).
+if (isset($HTTP_GET_VARS['action']))			$action = $HTTP_GET_VARS['action'];
+else if (isset($HTTP_POST_VARS['action']))		$action = $HTTP_POST_VARS['action'];
+else											$action = '';
+	
+// Login and/or logout.
+list($username, $password, $invalid_login) = user_login();
+if ($action != 'login') $invalid_login = false;
+if ($action == 'logout' || $invalid_login) {
+	list($username, $password) = user_logout();
 }
 
 // language support
diff --git a/functions/template.php b/functions/template.php
index 4c2ebb5..481069d 100644
--- a/functions/template.php
+++ b/functions/template.php
@@ -869,4 +869,4 @@ class Page {
 		print($this->page);
 	}
 }
-?> 
+?>
\ No newline at end of file
diff --git a/functions/userauth_functions.php b/functions/userauth_functions.php
new file mode 100644
index 0000000..403076d
--- /dev/null
+++ b/functions/userauth_functions.php
@@ -0,0 +1,143 @@
+<?php
+// Generate the login query string.
+//
+// Returns the login query string.
+function login_querys() {
+	global $QUERY_STRING;
+	
+	// Remove the username, password, and action values.
+	$querys = preg_replace('/(username|password|action)=[^&]+/', '', $QUERY_STRING);
+
+	// Return the login query string.
+	$querys = preg_replace('/&&/', '', $querys);
+	return $querys;
+}
+
+// Generate the logout query string.
+//
+// Returns the logout query string.
+function logout_querys() {
+	global $QUERY_STRING;
+	
+	// Make sure the action is logout.
+	$querys = preg_replace('/action=[^&]+/', 'action=logout', $QUERY_STRING);
+	if ($querys == $QUERY_STRING) $querys .= '&action=logout';
+	
+	// Remove references to the username or password.
+	$querys = preg_replace('/(username|password)=[^&]+/', '', $querys);
+	
+	// Return the logout query string.
+	$querys = preg_replace('/&&/', '', $querys);
+	return $querys;
+}
+
+// Authenticate the user. The submitted login data is checked for
+// validity against the locked map. The login data will be saved in
+// cookies or the session depending on the configuration. The variable
+// $invalid_login will be set true or false depending on whether or not
+// a valid login was found.
+//
+// This authentication method only applies to non-HTTP authentication.
+//
+// Returns the username and password found, which will be empty strings
+// if no valid login is found. Returns a boolean invalid_login to
+// indicate that the login is invalid.
+function user_login() {
+	global $HTTP_COOKIE_VARS, $HTTP_GET_VARS, $HTTP_POST_VARS, $_SERVER;
+	global $login_cookies, $cookie_uri, $locked_map;
+	
+	// Initialize return values.
+	$invalid_login = false;
+	$username = ''; $password = '';
+	
+	// If not HTTP authenticated, try login via cookies or the web page.
+	if (isset($_SERVER['PHP_AUTH_USER'])) {
+		return array($username, $password, $invalid_login);
+	}
+
+	// Look for a login cookie.
+	if ($login_cookies == 'yes' &&
+		isset($HTTP_COOKIE_VARS['phpicalendar_login']))
+	{
+		$login_cookie = unserialize(stripslashes($HTTP_COOKIE_VARS['phpicalendar_login']));
+		if (isset($login_cookie['username']) &&
+			isset($login_cookie['password']))
+		{
+			$username = $login_cookie['username'];
+			$password = $login_cookie['password'];
+		}
+	}
+	
+	// Look for session authentication.
+	if ($login_cookies != 'yes') {
+		if (!session_id()) {
+			session_start();
+			setcookie(session_name(), session_id(), time()+(60*60*24*7*12*10), '/', $cookie_uri, 0);
+		}
+		if (isset($_SESSION['username']) &&
+			isset($_SESSION['password']))
+		{
+			$username = $_SESSION['username'];
+			$password = $_SESSION['password'];
+		}
+	}
+	
+	// Look for a new username and password.
+	if (isset($HTTP_GET_VARS['username']) &&
+		isset($HTTP_GET_VARS['password']))
+	{
+		$username = $HTTP_GET_VARS['username'];
+		$password = $HTTP_GET_VARS['password'];
+	} else if (isset($HTTP_POST_VARS['username']) &&
+			   isset($HTTP_POST_VARS['password']))
+	{
+		$username = $HTTP_POST_VARS['username'];
+		$password = $HTTP_POST_VARS['password'];
+	}
+	
+	// Check to make sure the username and password is valid.
+	if (!key_exists("$username:$password", $locked_map)) {
+		// Remember the invalid login, because we may want to display
+		// a message elsewhere or check validity.
+		return array($username, $password, true);
+	}
+	
+	// Set the login cookie or session authentication values.
+	if ($login_cookies == 'yes') {
+		$the_cookie = serialize(array('username' => $username, 'password' => $password));
+		setcookie('phpicalendar_login', $the_cookie, time()+(60*60*24*7*12*10), '/', $cookie_uri, 0);
+	} else {
+		$_SESSION['username'] = $username;
+		$_SESSION['password'] = $password;
+	}
+	
+	// Return the username and password.
+	return array($username, $password, $invalid_login);
+}
+
+// Logout the user. The username and password stored in cookies or the
+// session will be deleted.
+//
+// Returns an empty username and password.
+function user_logout() {
+	global $login_cookies, $cookie_uri;
+	
+	// Clear the login cookie or session authentication values.
+	if ($login_cookies == 'yes') {
+		setcookie('phpicalendar_login', '', time()-(60*60*24*7), '/', $cookie_uri, 0);
+	} else {
+		// Check if the session has already been started.
+		if (!session_id()) {
+			session_start();
+			setcookie(session_name(), session_id(), time()+(60*60*24*7*12*10), '/', $cookie_uri, 0);
+		}
+	
+		// Clear the session authentication values.
+		unset($_SESSION['username']);
+		unset($_SESSION['password']);
+	}
+	
+	// Return empty username and password.
+	return array('', '');
+}
+?>
diff --git a/templates/default/sidebar.tpl b/templates/default/sidebar.tpl
index 48b3585..7df2dff 100644
--- a/templates/default/sidebar.tpl
+++ b/templates/default/sidebar.tpl
@@ -1,3 +1,38 @@
+<!-- switch show_user_login on -->
+<form style="margin-bottom:0;" action="{CURRENT_VIEW}.php?{LOGIN_QUERYS}" method="GET">
+<input type="hidden" name="action" value="login">
+<table width="170" border="0" cellpadding="0" cellspacing="0" class="calborder">
+	<tr>
+		<td colspan="2" align="center" class="sideback"><div style="height: 17px; margin-top: 3px;" class="G10BOLD">{L_LOGIN}</div></td>
+	</tr>
+	<!-- switch invalid_login on -->
+	<tr>
+		<td colspan="2" bgcolor="#FFFFFF" align="left">
+			<div style="padding-left: 5px; padding-top: 5px; padding-right: 5px;">
+				<font color="red">{L_INVALID_LOGIN}</font>
+			</div>
+		</td>
+	</tr>
+	<!-- switch invalid_login off -->
+	<tr>
+		<td bgcolor="#FFFFFF" align="left" valign="middle"><div style="padding-left: 5px; padding-top: 5px;">Username:</div></td>
+		<td bgcolor="#FFFFFF" align="right" valign="middle"><div style="padding-right: 5px; padding-top: 5px;"><input type="text" name="username" size="10"></div></td>
+	</tr>
+	<tr>
+		<td bgcolor="#FFFFFF" align="left" valign="middle"><div style="padding-left: 5px; padding-bottom: 5px;">Password:</div></td>
+		<td bgcolor="#FFFFFF" align="right" valign="middle"><div style="padding-right: 5px; padding-bottom: 5px;"><input type="password" name="password" size="10"></div></td>
+	</tr>
+</table>
+</form>
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+	<tr>
+		<td class="tbll"><img src="images/spacer.gif" alt="" width="8" height="4" /></td>
+		<td class="tblbot"><img src="images/spacer.gif" alt="" width="8" height="4" /></td>
+		<td class="tblr"><img src="images/spacer.gif" alt="" width="8" height="4" /></td>
+	</tr>
+</table>
+<img src="images/spacer.gif" width="1" height="10" alt=" " /><br />
+<!-- switch show_user_login off -->
 <table width="170" border="0" cellpadding="0" cellspacing="0" class="calborder">
 	<tr>
 		<td align="left" valign="top" width="24" class="sideback"><a class="psf" href="day.php?cal={CAL}&amp;getdate={PREV_DAY}"><img src="templates/{TEMPLATE}/images/left_arrows.gif" alt="{L_PREV}" width="16" height="20" border="0" align="left"></a></td>
@@ -17,7 +52,7 @@
 				<a class="psf" href="{SUBSCRIBE_PATH}">{L_SUBSCRIBE}</a>&nbsp;|&nbsp;<a class="psf" href="{DOWNLOAD_FILENAME}">{L_DOWNLOAD}</a><br>
 				<!-- switch display_download off -->
 				<!-- switch is_logged_in on -->
-				<a class="psf" href="{SCRIPT_NAME}?{QUERYS}">Logout {USERNAME}</a>
+				<a class="psf" href="{CURRENT_VIEW}.php?{LOGOUT_QUERYS}">{L_LOGOUT} {USERNAME}</a>
 				<!-- switch is_logged_in off -->
 			</div>
 		</td>
diff --git a/week.php b/week.php
index 1bf410d..42a74ef 100644
--- a/week.php
+++ b/week.php
@@ -36,6 +36,12 @@ $list_weeks 	= list_weeks();
 $list_jumps 	= list_jumps();
 $list_calcolors = list_calcolors();
 
+// login/logout
+$is_logged_in = ($username != '' && !$invalid_login) ? true : false;
+$show_user_login = (!$is_logged_in && $allow_login);
+$login_querys = login_querys();
+$logout_querys = logout_querys();
+
 $page = new Page(BASE.'templates/'.$template.'/week.tpl');
 
 $page->replace_tags(array(
@@ -61,7 +67,12 @@ $page->replace_tags(array(
 	'prev_day'	 		=> $prev_day,
 	'prev_week'	 		=> $prev_week,
 	'show_goto' 		=> '',
-	'is_logged_in' 		=> '',
+	'show_user_login'	=> $show_user_login,
+	'invalid_login'		=> $invalid_login,
+	'login_querys'		=> $login_querys,
+	'is_logged_in' 		=> $is_logged_in,
+	'username'			=> $username,
+	'logout_querys'		=> $logout_querys,
 	'list_icals' 		=> $list_icals,
 	'list_years' 		=> $list_years,
 	'list_months' 		=> $list_months,
-- 
cgit v1.2.3