From a60b34f624544fff2b85678c4773a73193598388 Mon Sep 17 00:00:00 2001
From: Chad Little <clittle@users.sourceforge.net>
Date: Fri, 1 Oct 2004 22:26:25 +0000
Subject: Continued work on admin functions. Needs testing.

---
 README                      |  1 +
 admin.php                   | 57 +++++++++++++++++++++++++++++++++++++++++----
 config.inc.php              |  4 ++--
 templates/default/admin.tpl | 17 ++++++--------
 4 files changed, 62 insertions(+), 17 deletions(-)

diff --git a/README b/README
index a47a5d4..a7841f4 100644
--- a/README
+++ b/README
@@ -86,6 +86,7 @@ Changes:
 	-Added iCal specific publish.php.
 	-Fixed stat bug.
 	-PHP5 support added.
+	-Admin page works again.
 	-Requires PHP 4.1.0 or greater now.
 	-Various Bug fixes.
 
diff --git a/admin.php b/admin.php
index a00eb2b..48726f5 100644
--- a/admin.php
+++ b/admin.php
@@ -15,10 +15,8 @@ if ($allow_admin != "yes") {
 if($_POST) 	{extract($_POST, EXTR_PREFIX_SAME, "post_");}
 if($_GET)  	{extract($_GET, EXTR_PREFIX_SAME, "get_");}
 
-if (!isset($action)) $action = '';
-
 // Logout by clearing session variables
-if ((isset($action)) && ($action == "logout")) {
+if ((isset($_GET['action'])) && ($_GET['action'] == 'logout')) {
 	$_SESSION['phpical_loggedin'] = FALSE;
 	unset($_SESSION['phpical_username']);
 	unset($_SESSION['phpical_password']);
@@ -26,7 +24,10 @@ if ((isset($action)) && ($action == "logout")) {
 
 
 // if $auth_method == 'none', don't do any authentication
-if ($auth_method == "none") {
+$username = $_POST['username'];
+$password = $_POST['password'];
+
+if ($auth_method == 'none') {
 	$is_loged_in = TRUE;
 } else {
 	$is_loged_in = FALSE;
@@ -34,11 +35,53 @@ if ($auth_method == "none") {
 	if (is_loggedin()) {
 		$is_loged_in = TRUE;
 	}
-	if (isset($username) && $action != "logout") {
+	
+	if (isset($username) && $_GET['action'] != 'logout') {
 		$is_loged_in = login ($username, $password);
 	}
 }
 
+$login_good = ($is_loged_in) ? '' : 'oops';
+$login_bad	= ((!$is_loged_in) && ($_GET['action'] == 'login')) ? 'oops' : '';
+
+// Delete a calendar
+// Not at all secure - need to strip out path info if used by users besides admin in the future
+$delete_msg = '';
+if ($_POST['action'] == 'delete') {
+	foreach ($delete_calendar as $filename) {
+		if (!delete_cal(urldecode($filename))) {
+			$delete_msg = $delete_msg . '<font color="red">' . $lang['l_delete_error'] . ' ' . urldecode(substr($filename,0,-4)) . '</font><br />';
+		} else {
+			$delete_msg = $delete_msg . '<font color="green">' . urldecode(substr($filename,0,-4)) . ' ' . $lang['l_delete_success'] . '</font><br />';
+		}
+	}
+}
+
+// Add or Update a calendar
+$addupdate_msg 	= '';
+if ((isset($_POST['action']))  && ($_POST['action'] == 'addupdate')) {
+	for ($filenumber = 1; $filenumber < 6; $filenumber++) {
+		$file = $HTTP_POST_FILES['calfile'];
+		$addupdate_success = FALSE;
+
+		if (!is_uploaded_file_v4($file['tmp_name'][$filenumber])) {
+			$upload_error = get_upload_error($file['error'][$filenumber]);
+		} elseif (!is_uploaded_ics($file['name'][$filenumber])) {
+			$upload_error = $upload_error_type_lang;
+		} elseif (!copy_cal($file['tmp_name'][$filenumber], $file['name'][$filenumber])) {
+			$upload_error = $copy_error_lang . " " . $file['tmp_name'][$filenumber] . " - " . $calendar_path . "/" . $file['name'][$filenumber];
+		} else {
+			$addupdate_success = TRUE;
+		}
+		
+		if ($addupdate_success == TRUE) {
+			$addupdate_msg = $addupdate_msg . '<font color="green">'.$lang['l_cal_file'].' #'.$filenumber.': '.$lang['l_action_success'].'</font><br />';
+		} else {
+			$addupdate_msg = $addupdate_msg . '<font color="red">'.$lang['l_cal_file'].' #'.$filenumber.': '.$lang['l_upload_error'].'</font><br />';
+		}
+	}
+}
+
 $calendar_name = $lang['l_admin_header'];
 
 $page = new Page(BASE.'templates/'.$template.'/admin.tpl');
@@ -63,6 +106,10 @@ $page->replace_tags(array(
 	'rss_available' 	=> '',
 	'rss_valid' 		=> '',
 	'show_search' 		=> '',
+	'login_error'		=> $login_bad,
+	'display_login'		=> $login_good,
+	'delete_msg'		=> $delete_msg,
+	'addupdate_msg'	=> $addupdate_msg,
 	'l_day'				=> $lang['l_day'],
 	'l_week'			=> $lang['l_week'],
 	'l_month'			=> $lang['l_month'],
diff --git a/config.inc.php b/config.inc.php
index 54ccbd8..90d052a 100644
--- a/config.inc.php
+++ b/config.inc.php
@@ -52,9 +52,9 @@ $phpicalendar_publishing = '';				// Set to '1' to enable remote webdav style pu
 
 // Administration settings (admin.php)
 $allow_admin			= 'yes';				// Set to yes to allow the admin page - remember to change the default password if using 'internal' as the $auth_method			
-$auth_method			= 'ftp';			// Valid values are: 'ftp', 'internal', or 'none'. 'ftp' uses the ftp server's username and password as well as ftp commands to delete and copy files. 'internal' uses $auth_internal_username and $auth_internal_password defined below - CHANGE the password. 'none' uses NO authentication - meant to be used with another form of authentication such as http basic.
+$auth_method			= 'internal';			// Valid values are: 'ftp', 'internal', or 'none'. 'ftp' uses the ftp server's username and password as well as ftp commands to delete and copy files. 'internal' uses $auth_internal_username and $auth_internal_password defined below - CHANGE the password. 'none' uses NO authentication - meant to be used with another form of authentication such as http basic.
 $auth_internal_username	= 'admin';			// Only used if $auth_method='internal'. The username for the administrator.
-$auth_internal_password	= 'default';		// Only used if $auth_method='internal'. The password for the administrator.
+$auth_internal_password	= 'admin';		// Only used if $auth_method='internal'. The password for the administrator.
 $ftp_server				= 'localhost';		// Only used if $auth_method='ftp'. The ftp server name. 'localhost' will work for most servers.
 $ftp_calendar_path		= '';				// Only used if $auth_method='ftp'. The full path to the calendar directory on the ftp server. If = '', will attempt to deduce the path based on $calendar_path, but may not be accurate depending on ftp server config.
 
diff --git a/templates/default/admin.tpl b/templates/default/admin.tpl
index ae79330..2bf9b61 100644
--- a/templates/default/admin.tpl
+++ b/templates/default/admin.tpl
@@ -28,7 +28,7 @@
 	<tr>
 		<td align="right">
 			<!-- switch logged_in2 on -->
-			<a href="admin.php?action=logout\">{L_LOGOUT}</a>&nbsp;
+			<a href="admin.php?action=logout">{L_LOGOUT}</a>&nbsp;
 			<!-- switch logged_in2 off -->
 		</td>
 	</tr>
@@ -38,13 +38,12 @@
 				<tr>
 					<td width="2%"></td>
 					<td width="98%" valign="top" align="left">
-
 						<!-- switch login_error on -->
-						<font color="red">{L_INVALID_LOGIN}</font>
+						<font color="red">{L_INVALID_LOGIN}</font><br /><br />
 						<!-- switch login_error off -->
 	
 						<!-- switch display_login on -->
-						<form action="admin.php" method="post">
+						<form action="admin.php?action=login" method="post">
 							<table cellspacing="0" cellpadding="0">
 								<tr>
 									<td nowrap>{L_USERNAME}: </td>
@@ -58,21 +57,19 @@
 									<td>&nbsp;</td>
 									<td align="left"><input type="submit" value="{L_LOGIN}"></td>
 								</tr>
+								<!--
 								<tr>
 									<td align="center" colspan="3">{LOGIN_ERROR}&nbsp;</td>
 								</tr>
+								-->
 							</table>
 						</form>
 						<!-- switch display_login off -->
 						
 						
 						<!-- switch logged_in on -->
-						
-						<!-- switch action_message on -->
-						<font color="green">{L_CAL_FILE} {FILENUMBER}: {ACTION_MSG}</font><br />
-						<!-- switch action_message off -->
-						<b>{L_ADDUPDATE_CAL}</b>
-						<p>{L_ADDUPDATE_DESC}</p>
+						<b>{L_ADDUPDATE_CAL}</b><br />
+						{L_ADDUPDATE_DESC}<br /><br />
 						<form action="admin.php" method="post" enctype="multipart/form-data">
 							<input type="hidden" name="action" value="addupdate">
 							<table width="100%" border="0" cellspacing="0" cellpadding="2" class="G10B">
-- 
cgit v1.2.3