From ab88aa25e6d76bb56ea43a798768e966d29bef46 Mon Sep 17 00:00:00 2001
From: Wesley Miaw <josuah@users.sourceforge.net>
Date: Mon, 24 Nov 2003 04:05:37 +0000
Subject: Added HTTP authentication support. Modifications to non-HTTP
 authentication login so that the two are mutually exclusive.

Moved calendar <option> listing into calendar_functions.php so it can
be shared by the navigation (via list_icals.php) and also by the
preferences.php file.

Fixed typo of $show_login to $allow_login.

Added E_ERROR to the debug error level, so fatal errors are logged.
---
 config.inc.php                   | 10 +++--
 functions/calendar_functions.php | 93 +++++++++++++++++++++++++++++++++++++---
 functions/init.inc.php           | 57 ++++++++++++++----------
 functions/list_icals.php         | 30 ++-----------
 includes/calendar_nav.php        |  2 +-
 includes/login.php               |  5 ++-
 includes/sidebar.php             |  2 +-
 preferences.php                  | 37 +---------------
 8 files changed, 137 insertions(+), 99 deletions(-)

diff --git a/config.inc.php b/config.inc.php
index 2e125a2..b1462e5 100644
--- a/config.inc.php
+++ b/config.inc.php
@@ -43,7 +43,7 @@ $allow_preferences		= 'yes';			// Allow visitors to change various preferences v
 $printview_default		= 'no';				// Set print view as the default view. day, week, and month only supported views for $default_view (listed well above).
 $show_todos				= 'yes';			// Show your todo list on the side of day and week view.
 $show_completed			= 'no';				// Show completed todos on your todo list.
-$show_login				= 'no';				// Set to yes to prompt for login to unlock calendars.
+$allow_login			= 'no';				// Set to yes to prompt for login to unlock calendars.
 
 // Webdav style publishing
 $phpicalendar_publishing = '';				// Set to '1' to enable remote webdav style publish. See 'calendars/publish.php' for complete information;
@@ -80,5 +80,9 @@ $locked_map['user3:pass'] = array('');		// listed in the $locked_cals, again wit
 $locked_map['user4:pass'] = array('');		// Example: $locked_map['username:password'] = array('Locked1', 'Locked2');
 // add more lines as necessary
 
-
-?>
+$apache_map['user1'] = array('');			// Map HTTP authenticated users to specific calendars. Users listed here and
+$apache_map['user2'] = array('');			// authenticated via HTTP will not see the public calendars, and will not be
+$apache_map['user3'] = array('');			// given any login/logout options. Calendar names not include the .ics suffix.
+$apache_map['user4'] = array('');			// Example: $apache_map['username'] = array('Calendar1', 'Calendar2');
+// add more lines as necessary
+?>
\ No newline at end of file
diff --git a/functions/calendar_functions.php b/functions/calendar_functions.php
index 84f22cc..45cf670 100644
--- a/functions/calendar_functions.php
+++ b/functions/calendar_functions.php
@@ -14,11 +14,17 @@
 //					  returned.
 function availableCalendars($username, $password, $cal_filename, $admin = false) {
 	// Import globals.
-	global $calendar_path, $blacklisted_cals, $list_webcals, $locked_cals, $locked_map, $error_path_lang, $error_restrictedcal_lang, $ALL_CALENDARS_COMBINED;
+	global $calendar_path, $blacklisted_cals, $list_webcals, $locked_cals, $locked_map, $apache_map, $error_path_lang, $error_restrictedcal_lang, $error_invalidcal_lang, $ALL_CALENDARS_COMBINED, $_SERVER;
 
 	// Create the list of available calendars.
 	$calendars = array();
 
+	// Grab any HTTP authentication.
+	unset($http_user);
+	if (isset($_SERVER['PHP_AUTH_USER'])) {
+		$http_user = $_SERVER['PHP_AUTH_USER'];
+	}
+
 	// Grab the list of unlocked calendars.
 	$unlocked_cals = array();
 	if (isset($locked_map["$username:$password"])) {
@@ -37,9 +43,15 @@ function availableCalendars($username, $password, $cal_filename, $admin = false)
 			if (!preg_match("/^[^.].+\.ics$/i", $file)) continue;
 			$cal_name = substr($file, 0, -4);
 			if (in_array($cal_name, $blacklisted_cals)) continue;
+
+			// If HTTP authenticated, make sure this calendar is available
+			// to the user.
+			if (isset($http_user)) {
+				if (!in_array($cal_name, $apache_map[$http_user])) continue;
+			}
 			
-			// Exclude locked calendars.
-			if (!$admin &&
+			// Otherwise exclude locked calendars.
+			else if (!$admin &&
 				in_array($cal_name, $locked_cals) &&
 				!in_array($cal_name, $unlocked_cals))
 			{
@@ -51,7 +63,7 @@ function availableCalendars($username, $password, $cal_filename, $admin = false)
 		}
 		
 		// Add web calendars.
-		if (!$admin) {
+		if (!isset($http_user) && !$admin) {
 			foreach ($list_webcals as $file) {
 				// Make sure the URL ends with .ics.
 				if (!preg_match("/.ics$/i", $file)) continue;
@@ -69,9 +81,19 @@ function availableCalendars($username, $password, $cal_filename, $admin = false)
 		// in the argument.
 		if (in_array($cal_filename, $blacklisted_cals))
 			exit(error($error_restrictedcal_lang, $cal_filename));
+
+		// If HTTP authenticated, make sure this calendar is available
+		// to the user.
+		if (isset($http_user)) {
+			if (!in_array($cal_filename, $apache_map[$http_user])) {
+				// Use the invalid calendar message so that the user is
+				// not made aware of locked calendars.
+				exit(error($error_invalidcal_lang, $cal_filename));
+			}
+		}
 		
-		// Make sure this calendar is not locked.
-		if (in_array($cal_filename, $locked_cals) &&
+		// Otherwise make sure this calendar is not locked.
+		else if (in_array($cal_filename, $locked_cals) &&
 			!in_array($cal_filename, $unlocked_cals))
 		{
 			// Use the invalid calendar message so that the user is
@@ -111,3 +133,62 @@ function availableCalendarNames($username, $password, $cal_filename, $admin = fa
 	natcasesort($calendars);
 	return $calendars;
 }
+
+// This function prints out the calendars available to the user, for
+// selection. Should be enclosed within a <select>...</select>, which
+// is not printed out by this function.
+//
+// $cals	= The calendars (entire path, e.g. from availableCalendars).
+function display_ical_list($cals) {
+	global $cal, $ALL_CALENDARS_COMBINED, $current_view, $getdate, $calendar_lang, $all_cal_comb_lang;
+
+	// Print each calendar option.
+	foreach ($cals as $cal_tmp) {
+		// Format the calendar path for display.
+		//
+		// Only display the calendar name, replace all instances of "32" with " ",
+		// and remove the .ics suffix.
+		$cal_displayname_tmp = basename($cal_tmp);
+		$cal_displayname_tmp = str_replace("32", " ", $cal_displayname_tmp);
+		$cal_displayname_tmp = substr($cal_displayname_tmp, 0, -4);
+
+		// If this is a webcal, add 'Webcal' to the display name.
+		if (preg_match("/^(https?|webcal):\/\//i", $cal_tmp)) {
+			$cal_displayname_tmp .= " Webcal";
+		}
+
+		// Otherwise, remove all the path information, since that should
+		// not be used to identify local calendars. Also add the calendar
+		// label to the display name.
+		else {
+			// Strip path and .ics suffix.
+			$cal_tmp = basename($cal_tmp);
+			$cal_tmp = substr($cal_tmp, 0, -4);
+
+			// Add calendar label.
+			$cal_displayname_tmp .= " $calendar_lang";
+		}
+
+		// Encode the calendar path.
+		$cal_encoded_tmp = urlencode($cal_tmp);
+
+		// Display the option.
+		//
+		// The submitted calendar will be encoded, and always use http://
+		// if it is a webcal. So that is how we perform the comparison when
+		// trying to figure out if this is the selected calendar.
+		$cal_httpPrefix_tmp = str_replace('webcal://', 'http://', $cal_tmp);
+		if ($cal_httpPrefix_tmp == urldecode($cal)) {
+			print "<option value=\"$current_view.php?cal=$cal_encoded_tmp&amp;getdate=$getdate\" selected>$cal_displayname_tmp</option>";
+		} else {
+			print "<option value=\"$current_view.php?cal=$cal_encoded_tmp&amp;getdate=$getdate\">$cal_displayname_tmp</option>";	
+		}
+	}			
+
+	// option to open all (non-web) calenders together
+	if ($cal == $ALL_CALENDARS_COMBINED) {
+		print "<option value=\"$current_view.php?cal=$ALL_CALENDARS_COMBINED&amp;getdate=$getdate\" selected>$all_cal_comb_lang</option>";
+	} else {
+		print "<option value=\"$current_view.php?cal=$ALL_CALENDARS_COMBINED&amp;getdate=$getdate\">$all_cal_comb_lang</option>";
+	}
+}
\ No newline at end of file
diff --git a/functions/init.inc.php b/functions/init.inc.php
index 46f5bcc..7adb4e5 100644
--- a/functions/init.inc.php
+++ b/functions/init.inc.php
@@ -6,9 +6,17 @@
 //chmod(BASE.'calendars/School.ics',0666);
 
 // uncomment when developing, comment for shipping version
-error_reporting (E_WARNING);
+error_reporting (E_ERROR | E_WARNING);
 
+// Older versions of PHP do not define $_SERVER. Define it here instead.
+if (!isset($_SERVER) && isset($HTTP_SERVER_VARS)) {
+	$_SERVER = &$HTTP_SERVER_VARS;
+}
+
+// Define some magic strings.
 $ALL_CALENDARS_COMBINED = 'all_calendars_combined971';
+
+// Pull in the configuration and some functions.
 if (!defined('BASE')) define('BASE', './');
 include(BASE.'config.inc.php');
 include(BASE.'functions/error.php');
@@ -23,33 +31,36 @@ if (isset($HTTP_COOKIE_VARS['phpicalendar'])) {
 	if (isset($phpicalendar['cookie_time']))		$day_start			= $phpicalendar['cookie_time'];
 }
 
+// Set the cookie URI.
 if ($cookie_uri == '') {
 	$cookie_uri = $HTTP_SERVER_VARS['SERVER_NAME'].substr($HTTP_SERVER_VARS['PHP_SELF'],0,strpos($HTTP_SERVER_VARS['PHP_SELF'], '/'));
 }
 
-// Look for a login cookie.
-unset($username, $password);
-if (isset($HTTP_COOKIE_VARS['phpicalendar_login'])) {
-	$login_cookie = unserialize(stripslashes($HTTP_COOKIE_VARS['phpicalendar_login']));
-	if (isset($login_cookie['username']))	$username = $login_cookie['username'];
-	if (isset($login_cookie['password']))	$password = $login_cookie['password'];
-}
+// If not HTTP authenticated, try login via cookies or the web page.
+$username = ''; $password = '';
+if (!isset($_SERVER['PHP_AUTH_USER'])) {
+	// Look for a login cookie.
+	if (isset($HTTP_COOKIE_VARS['phpicalendar_login'])) {
+		$login_cookie = unserialize(stripslashes($HTTP_COOKIE_VARS['phpicalendar_login']));
+		if (isset($login_cookie['username']))	$username = $login_cookie['username'];
+		if (isset($login_cookie['password']))	$password = $login_cookie['password'];
+	}
+
+	// Look for a new username and password.
+	if (isset($HTTP_GET_VARS['username']))			$username = $HTTP_GET_VARS['username'];
+	else if (isset($HTTP_POST_VARS['username']))	$username = $HTTP_POST_VARS['username'];
+	if (isset($HTTP_GET_VARS['password']))			$password = $HTTP_GET_VARS['password'];
+	else if (isset($HTTP_POST_VARS['password']))	$password = $HTTP_POST_VARS['password'];
 
-// Look for a new username and password.
-if (isset($HTTP_GET_VARS['username']))			$username = $HTTP_GET_VARS['username'];
-else if (isset($HTTP_POST_VARS['username']))	$username = $HTTP_POST_VARS['username'];
-if (isset($HTTP_GET_VARS['password']))			$password = $HTTP_GET_VARS['password'];
-else if (isset($HTTP_POST_VARS['password']))	$password = $HTTP_POST_VARS['password'];
-
-// Set the login cookie if logging in. Clear it if logging out.
-$action = (isset($_REQUEST['action'])) ? $_REQUEST['action'] : '';
-
-if ($action == 'login') {
-	$the_cookie = serialize(array('username' => $username, 'password' => $password));
-	setcookie('phpicalendar_login', $the_cookie, time()+(60*60*24*7*12*10), '/', $cookie_uri, 0);
-} else if ($action == 'logout') {
-	setcookie('phpicalendar_login', '', time()-(60*60*24*7), '/', $cookie_uri, 0);
-	unset($username, $password);
+	// Set the login cookie if logging in. Clear it if logging out.
+	$action = (isset($_REQUEST['action'])) ? $_REQUEST['action'] : '';
+	if ($action == 'login') {
+		$the_cookie = serialize(array('username' => $username, 'password' => $password));
+		setcookie('phpicalendar_login', $the_cookie, time()+(60*60*24*7*12*10), '/', $cookie_uri, 0);
+	} else if ($action == 'logout') {
+		setcookie('phpicalendar_login', '', time()-(60*60*24*7), '/', $cookie_uri, 0);
+		$username = ''; $password = '';
+	}
 }
 
 // language support
diff --git a/functions/list_icals.php b/functions/list_icals.php
index c4d5211..81984f7 100644
--- a/functions/list_icals.php
+++ b/functions/list_icals.php
@@ -3,33 +3,9 @@ if ($display_ical_list == "yes") {
 	echo "<select name=\"action\" class=\"query_style\" onChange=\"window.location=(this.options[this.selectedIndex].value+'";
 	if (isset($query)) echo $query;
 	echo "');\">";
-
-	$all_cals = availableCalendars($username, $password, $ALL_CALENDARS_COMBINED);
-	foreach ($all_cals as $cal_tmp) {
-		$cal_displayname_tmp = basename($cal_tmp);
-		$cal_displayname_tmp = str_replace("32", " ", $cal_displayname_tmp);
-		$cal_displayname_tmp = substr($cal_displayname_tmp, 0, -4);
-
-		if (preg_match("/^(https?|webcal):\/\//i", $cal_tmp)) {
-			$cal_displayname_tmp .= " Webcal";
-		} else {
-			$cal_tmp = basename($cal_tmp);
-			$cal_tmp = substr($cal_tmp, 0, -4);
-			$cal_displayname_tmp .= " $calendar_lang";
-		}
-		$cal_encoded_tmp = urlencode($cal_tmp);
-		$cal_httpPrefix_tmp = str_replace('webcal://', 'http://', $cal_tmp);
-		if ($cal_httpPrefix_tmp == urldecode($cal)) {
-			print "<option value=\"$current_view.php?cal=$cal_encoded_tmp&amp;getdate=$getdate\" selected>$cal_displayname_tmp</option>";
-		} else {
-			print "<option value=\"$current_view.php?cal=$cal_encoded_tmp&amp;getdate=$getdate\">$cal_displayname_tmp</option>";	
-		}
-	}			
-	if ($cal == $ALL_CALENDARS_COMBINED) {
-		print "<option value=\"$current_view.php?cal=$ALL_CALENDARS_COMBINED&amp;getdate=$getdate\" selected>$all_cal_comb_lang</option>";
-	} else {
-		print "<option value=\"$current_view.php?cal=$ALL_CALENDARS_COMBINED&amp;getdate=$getdate\">$all_cal_comb_lang</option>";
-	}
+	
+	// List the calendars.
+	display_ical_list(availableCalendars($username, $password, $ALL_CALENDARS_COMBINED));
 	
 	print "</select>";
 }
diff --git a/includes/calendar_nav.php b/includes/calendar_nav.php
index fc82742..f4e7285 100644
--- a/includes/calendar_nav.php
+++ b/includes/calendar_nav.php
@@ -150,7 +150,7 @@
 												echo "<a class=\"psf\" href=\"print.php?cal=$cal&amp;getdate=$getdate&amp;printview=$current_view\">$goprint_lang</a><br>\n";
 												if ($allow_preferences != 'no') echo "<a class=\"psf\" href=\"preferences.php?cal=$cal&amp;getdate=$getdate\">$preferences_lang</a><br>\n";
 												if ($cal != $ALL_CALENDARS_COMBINED && $subscribe_path != '' && $download_filename != '') echo "<a class=\"psf\" href=\"$subscribe_path\">$subscribe_lang</a>&nbsp;|&nbsp;<a class=\"psf\" href=\"$download_filename\">$download_lang</a>\n";
-												if (isset($username)) {
+												if ($username != '') {
 													$querys = preg_replace("/action=[^&]+/", "action=logout", $QUERY_STRING);
 													if ($querys == $QUERY_STRING) $querys .= "&action=logout";
 													$querys = preg_replace("/(username|password)=[^&]+/", "", $querys);
diff --git a/includes/login.php b/includes/login.php
index f374c31..06b7381 100644
--- a/includes/login.php
+++ b/includes/login.php
@@ -1,6 +1,7 @@
 <?php
-	// Hide the login block if logged in or there are no lock usernames.
-	if (!isset($username) && $show_login == 'yes') {
+	// Hide the login block if logged in, there are no lock usernames,
+	// or if authenticated via HTTP.
+	if ($username == '' && $allow_login == 'yes' && !isset($_SERVER['PHP_AUTH_USER'])) {
 		// Set the login table width if not set.
 		if (!isset($login_width)) $login_width = "100%";
 
diff --git a/includes/sidebar.php b/includes/sidebar.php
index fbbf43f..82d5301 100644
--- a/includes/sidebar.php
+++ b/includes/sidebar.php
@@ -39,7 +39,7 @@ $search_box = '<form style="margin-bottom:0;" action="search.php" method="GET"><
 				echo "<a class=\"psf\" href=\"print.php?cal=$cal&amp;getdate=$getdate&amp;printview=$current_view\">$goprint_lang</a><br>\n";
 				if ($allow_preferences != 'no') echo "<a class=\"psf\" href=\"preferences.php?cal=$cal&amp;getdate=$getdate\">$preferences_lang</a><br>\n";
 				if ($cal != $ALL_CALENDARS_COMBINED && $subscribe_path != '' && $download_filename != '') echo "<a class=\"psf\" href=\"$subscribe_path\">$subscribe_lang</a>&nbsp;|&nbsp;<a class=\"psf\" href=\"$download_filename\">$download_lang</a>\n";
-				if (isset($username)) {
+				if ($username != '') {
 					$querys = preg_replace("/action=[^&]+/", "action=logout", $QUERY_STRING);
 					if ($querys == $QUERY_STRING) $querys .= '&action=logout';
 					$querys = preg_replace("/(username|password)=[^&]+/", "", $querys);
diff --git a/preferences.php b/preferences.php
index 7c67ec7..2aa7ba0 100644
--- a/preferences.php
+++ b/preferences.php
@@ -2,7 +2,6 @@
 
 define('BASE','./');
 include(BASE.'functions/ical_parser.php');
-include(BASE.'functions/calendar_functions.php');
 $display_date = $preferences_lang;
 
 if ($cookie_uri == '') {
@@ -158,41 +157,7 @@ include (BASE.'includes/header.inc.php');
 												// Begin Calendar Selection
 												//
 												print "<select name=\"cookie_calendar\" class=\"query_style\">\n";
-												$filelist = availableCalendarNames($username, $password, $ALL_CALENDARS_COMBINED);
-												foreach ($filelist as $file) {
-													$cal_filename_tmp = substr($file,0,-4);
-													$cal_tmp = urlencode($cal_filename_tmp);
-													$cal_displayname_tmp = str_replace("32", " ", $cal_filename_tmp);
-													if (!in_array($cal_filename_tmp, $blacklisted_cals)) {
-														if ($cal_tmp == $cookie_calendar) {
-															print "<option value=\"$cal_tmp\" selected>$cal_displayname_tmp $calendar_lang</option>\n";
-														} else {
-															print "<option value=\"$cal_tmp\">$cal_displayname_tmp $calendar_lang</option>\n";	
-														}		
-													}	
-												}
-												// add option to open all (non-web) calenders together
-												// Todo: add $all_calenders_combined_lang (plural) in the language-specific files and use it here
-												if ($cookie_calendar == $ALL_CALENDARS_COMBINED) {
-													print "<option value=\"$ALL_CALENDARS_COMBINED\" selected>$all_cal_comb_lang</option>\n";
-												} else {
-													print "<option value=\"$ALL_CALENDARS_COMBINED\">$all_cal_comb_lang</option>\n";
-												}
-			
-												foreach($list_webcals as $cal_tmp) {
-													if ($cal_tmp != '') {
-														$cal_displayname_tmp = basename($cal_tmp);
-														$cal_displayname_tmp = str_replace("32", " ", $cal_displayname_tmp);
-														$cal_displayname_tmp = substr($cal_displayname_tmp,0,-4);
-														$cal_encoded_tmp = urlencode($cal_tmp);
-														if ($cal_tmp == $cal_httpPrefix || $cal_tmp == $cal_webcalPrefix) {
-															print "<option value=\"$cal_encoded_tmp\" selected>$cal_displayname_tmp Webcal</option>\n";
-														} else {
-															print "<option value=\"$cal_encoded_tmp\">$cal_displayname_tmp Webcal</option>\n";	
-														}		
-													}
-												}
-												closedir($dir_handle);
+												display_ical_list(availableCalendars($username, $password, $ALL_CALENDARS_COMBINED));
 												print "</select>\n";
 											?>
 										</td>
-- 
cgit v1.2.3