From 9e07f4f2019973e0a42d6b1e21534572efee8013 Mon Sep 17 00:00:00 2001
From: Chad Little <clittle@users.sourceforge.net>
Date: Tue, 13 May 2003 04:14:22 +0000
Subject: part two of admin.php

---
 admin.php | 217 ++++++++++++++++++++++++++++++++------------------------------
 1 file changed, 112 insertions(+), 105 deletions(-)

(limited to 'admin.php')

diff --git a/admin.php b/admin.php
index aadf7c0..159e8bf 100644
--- a/admin.php
+++ b/admin.php
@@ -1,10 +1,9 @@
 <?php
-// TODO - Remove before going live
-//error_reporting (E_ALL);
+session_start();
 
 define('BASE', './');
 include (BASE.'functions/init.inc.php');
-include (BASE.'functions/upload_functions.php');
+include (BASE.'functions/admin_functions.php');
 
 // Redirect if administration is not allowed
 if ($allow_admin != "yes") {
@@ -12,50 +11,31 @@ if ($allow_admin != "yes") {
 	die();
 }
 
-// Load variables from forms, query strings, and cookies into local scope
+// Load variables from forms and query strings into local scope
 if($HTTP_POST_VARS) 	{extract($HTTP_POST_VARS, EXTR_PREFIX_SAME, "post_");}
 if($HTTP_GET_VARS)  	{extract($HTTP_GET_VARS, EXTR_PREFIX_SAME, "get_");}
-if($HTTP_COOKIE_VARS)	{extract($HTTP_COOKIE_VARS, EXTR_PREFIX_SAME, "cookie_");}
 
-// Logout by clearing user info in cookies
+// Logout by clearing session variables
 if ($action == "logout") {
-    setcookie("md5_password","");
-	setcookie("username","");
+	$HTTP_SESSION_VARS['phpical_loggedin'] = FALSE;
+	unset($HTTP_SESSION_VARS['phpical_username']);
+	unset($HTTP_SESSION_VARS['phpical_password']);
 }
 
 
-// if $external_auth == 'yes', don't do any authentication
-if ($external_auth == "yes") {
+// if $auth_method == 'none', don't do any authentication
+if ($auth_method == "none") {
 	$is_loged_in = TRUE;
 }
 // Check if The User is Identified
 else {
 	$is_loged_in = FALSE;
 	
-	if (isset($username) && $action != "logout") {
-	    if (!isset($HTTP_COOKIE_VARS["md5_password"])) {
-			$md5_password = md5($password);
-	    }
-	    else {
-			$md5_password = $HTTP_COOKIE_VARS["md5_password"];
-	    }
-		if ($admin_username == $username && md5($admin_password) == $md5_password) {
-//TODO lastusername doesn't appear to be working
-			$is_loged_in = TRUE;
-			setcookie("lastusername", $username, time()+1012324305);
-			setcookie("username", $username);
-			setcookie("md5_password", $md5_password);
-		}
-		else {
-			$login_error = "<font color=\"red\">$invalid_login_lang</font>";
-			$is_loged_in = FALSE;
-		}
+	if (is_loggedin()) {
+		$is_loged_in = TRUE;
 	}
-	
-	if ($is_loged_in == FALSE) {
-		setcookie("username","");
-		setcookie("password","");
-		setcookie("md5_password","");
+	if (isset($username) && $action != "logout") {
+		$is_loged_in = login ($username, $password);
 	}
 }
 
@@ -68,17 +48,6 @@ else {
 	<meta http-equiv="content-type" content="text/html;charset=UTF-8">
 	<title><?php echo "$admin_header_lang"; ?></title>
   	<link rel="stylesheet" type="text/css" href="<?php echo BASE."styles/$style_sheet/default.css"; ?>">
-  	
-  	<script>
-  	<!--
-		function verify(){
-		    msg = "<?php echo $confirm_lang; ?>";
-		    //all we have to do is return the return value of the confirm() method
-		    return confirm(msg);
-		}
-	-->
-	</script>
-
 </head>
 <body bgcolor="#FFFFFF">
 <center>
@@ -93,7 +62,7 @@ else {
 				<tr>
 					<td align="left" width="20" class="navback">&nbsp;</td>
 					<td align="center" class="navback" nowrap valign="middle"><font class="H20"><?php echo "$admin_header_lang"; ?></font></td>
-					<td align="right" width="20" class="navback" nowrap valign="middle"><font class="G10"><?php if ($external_auth != "yes" && $is_loged_in == TRUE) { echo "<a href=\"{$HTTP_SERVER_VARS['PHP_SELF']}?action=logout\">{$logout_lang}</a>"; } ?></font>&nbsp;</td>
+					<td align="right" width="20" class="navback" nowrap valign="middle"><font class="G10"><?php if ($auth_method != "none" && $is_loged_in == TRUE) { echo "<a href=\"{$HTTP_SERVER_VARS['PHP_SELF']}?action=logout\">{$logout_lang}</a>"; } ?></font>&nbsp;</td>
 				</tr>
 				<tr>
 					<td colspan="3" class="dayborder"><img src="images/spacer.gif" width="1" height="5" alt=" "></td>
@@ -108,12 +77,15 @@ else {
 
 // If User is Not Logged In, Display The Login Page
 if ($is_loged_in == FALSE) {
+	if (isset($username))
+		$login_error =  "<font color=\"red\">$invalid_login_lang</font>";
+		
     echo <<<EOT
 	<form action="{$HTTP_SERVER_VARS['PHP_SELF']}" method="post">
 		<table cellspacing="0" cellpadding="0">
 			<tr>
 				<td nowrap>{$username_lang}: </td>
-				<td align="left"><input type="text" name="username" value="$lastusername"></td>
+				<td align="left"><input type="text" name="username"></td>
 			</tr>
 			<tr>
 				<td>{$password_lang}: </td>
@@ -156,32 +128,44 @@ EOT;
 
 // Add or Update a calendar
 if ($action == "addupdate") {
-	$addupdate_success = FALSE;
-	if (!is_uploaded_file_v4($HTTP_POST_FILES['calfile']['tmp_name'])) {
-		$upload_error = get_upload_error($HTTP_POST_FILES['calfile']);
-	}
-	elseif (!is_uploaded_ics($HTTP_POST_FILES['calfile']['name'])) {
-		$upload_error = $upload_error_type_lang;
-	}
-	// copy() should be replaced with move_uploaded_file(), but only if we can require PHP 4 >= 4.0.3
-	elseif (!copy($HTTP_POST_FILES['calfile']['tmp_name'], $calendar_path . "/" . $HTTP_POST_FILES['calfile']['name'])) {
-		$upload_error = $copy_error_lang . " " . $HTTP_POST_FILES['calfile']['tmp_name'] . " - " . $calendar_path . "/" . $HTTP_POST_FILES['calfile']['name'];
-	}
-	else {
-		$addupdate_success = TRUE;
+	$addupdate_msg = "";
+
+	for($filenumber=1; $filenumber<6; $filenumber++) {
+		$file = $HTTP_POST_FILES['calfile'];
+		$addupdate_success = FALSE;
+
+		if (!is_uploaded_file_v4($file['tmp_name'][$filenumber])) {
+			$upload_error = get_upload_error($file['error'][$filenumber]);
+		}
+		elseif (!is_uploaded_ics($file['name'][$filenumber])) {
+			$upload_error = $upload_error_type_lang;
+		}
+		elseif (!copy_cal($file['tmp_name'][$filenumber], $file['name'][$filenumber])) {
+			$upload_error = $copy_error_lang . " " . $file['tmp_name'][$filenumber] . " - " . $calendar_path . "/" . $file['name'][$filenumber];
+		}
+		else {
+			$addupdate_success = TRUE;
+		}
+		
+		if ($addupdate_success)
+			$addupdate_msg = $addupdate_msg . "<font color=\"green\">{$cal_file_lang} {$filenumber}: {$action_success_lang}</font><br>";
+		else
+			$addupdate_msg = $addupdate_msg . "<font color=\"red\">{$cal_file_lang} {$filenumber}: {$upload_error}</font><br>";
 	}
 }
 
 // Delete a calendar
 //  Not at all secure - need to strip out path info if used by users besides admin in the future
 if ($action == "delete") {
-	$delete_success = FALSE;
-	
-	if (!unlink($calendar_path . "/" . urldecode($delete_calendar))) {
-		$delete_error = $delete_error_lang . " " . $calendar_path . "/" . urldecode($delete_calendar);
-	}
-	else {
-		$delete_success = TRUE;
+	$delete_msg = "";
+
+	foreach ($delete_calendar as $filename) {
+		if (!delete_cal(urldecode($filename))) {
+			$delete_msg = $delete_msg . "<font color=\"red\">" . $delete_error_lang . " " . urldecode(substr($filename,0,-4)) . "</font><br>";
+		}
+		else {
+			$delete_msg = $delete_msg . "<font color=\"green\">" . urldecode(substr($filename,0,-4)) . " " . $delete_success_lang . "</font><br>";
+		}
 	}
 }
 
@@ -190,70 +174,93 @@ if ($action == "delete") {
 
 <h2><?php echo $addupdate_cal_lang; ?></h2>
 <p><?php echo $addupdate_desc_lang; ?></p>
-<form action="<?php echo $HTTP_SERVER_VARS['PHP_SELF']; ?>" method="post" enctype="multipart/form-data" <?php if($confirm_changes != "no") { echo "onSubmit=\"return verify()\""; } ?> >
+<form action="<?php echo $HTTP_SERVER_VARS['PHP_SELF']; ?>" method="post" enctype="multipart/form-data">
     <input type="hidden" name="action" value="addupdate">
 	<table border="0" cellspacing="0">
 		<tr>
-			<td nowrap><?php echo $cal_file_lang; ?>: </td>
-			<td><input type="file" name="calfile"></td>
+			<td nowrap><?php echo $cal_file_lang; ?> 1: </td>
+			<td><input type="file" name="calfile[1]"></td>
+		</tr>
+		<tr>
+			<td nowrap><?php echo $cal_file_lang; ?> 2: </td>
+			<td><input type="file" name="calfile[2]"></td>
+		</tr>
+		<tr>
+			<td nowrap><?php echo $cal_file_lang; ?> 3: </td>
+			<td><input type="file" name="calfile[3]"></td>
+		</tr>
+		<tr>
+			<td nowrap><?php echo $cal_file_lang; ?> 4: </td>
+			<td><input type="file" name="calfile[4]"></td>
+		</tr>
+		<tr>
+			<td nowrap><?php echo $cal_file_lang; ?> 5: </td>
+			<td><input type="file" name="calfile[5]"></td>
 		</tr>
 		<tr>
 			<td>&nbsp;</td>
 			<td><input type="submit" value="<?php echo $submit_lang; ?>"></td>
 		</tr>
 		<tr>
-			<td align="center" colspan="2"><?php if($addupdate_success) { echo "<font color=\"green\">{$action_success_lang}</font>"; } ?><font color="red"><?php echo $upload_error; ?></font>&nbsp;</td>
+			<td align="center" colspan="2"><?php echo $addupdate_msg; ?>&nbsp;</td>
 		</tr>
     </table>
 </form>
-	
+
 <h2><?php echo $delete_cal_lang; ?></h2>
-<form action="<?php echo $HTTP_SERVER_VARS['PHP_SELF']; ?>" method="post" <?php if($confirm_changes != "no") { echo "onSubmit=\"return verify()\""; } ?> >
+<form action="<?php echo $HTTP_SERVER_VARS['PHP_SELF']; ?>" method="post">
 	<input type="hidden" name="action" value="delete">
 	<table border="0" cellspacing="0">
-		<tr>
-			<td nowrap><?php echo $cal_file_lang; ?>: </td>
-			<td>
-				<?php
+		<?php
 				
-					// Begin Calendar Selection
-					//
-					print "<select name=\"delete_calendar\">\n";
-					$filelist = get_calendar_files($calendar_path);
-					foreach ($filelist as $file) {
-						$cal_filename_tmp = substr($file,0,-4);
-						$cal_tmp = urlencode($file);
-						$cal_displayname_tmp = str_replace("32", " ", $cal_filename_tmp);
-						print "<option value=\"$cal_tmp\">$cal_displayname_tmp $calendar_lang</option>\n";	
-					}			
-					print "</select>\n";
-				?>
-			</td>
-		</tr>
-		<tr>
-			<td>&nbsp;</td>
-			<td><input type="submit" value="<?php echo $submit_lang; ?>"></td>
-		</tr>
-		<tr>
-			<td align="center" colspan="2"><?php if($delete_success) { echo "<font color=\"green\">{$action_success_lang}</font>"; } ?><font color="red"><?php echo $delete_error; ?></font>&nbsp;</td>
+			// Print Calendar Checkboxes
+			//
+			$COLUMNS_TO_PRINT = 3;
+			$column = 1;
+			$filelist = get_calendar_files($calendar_path);
+			foreach ($filelist as $file) {
+				if ($column > $COLUMNS_TO_PRINT) {
+					echo "</tr>";
+					$column = 1;
+				}
+				if ($column == 1) {
+					echo "<tr>";
+				}
+				
+				$cal_filename_tmp = substr($file,0,-4);
+				$cal_tmp = urlencode($file);
+				$cal_displayname_tmp = str_replace("32", " ", $cal_filename_tmp);
+				
+				echo "<td align=\"left\"><input name=\"delete_calendar[]\" value=\"$cal_tmp\" type=\"checkbox\">$cal_displayname_tmp</td>\n";
+				
+				$column++;
+			}
+			// Print remaining empty columns if necessary
+			$number_of_columns = count($filelist);
+			while (gettype($number_of_columns/$COLUMNS_TO_PRINT) != "integer") {
+				echo "<td>&nbsp;</td>";
+				$number_of_columns++;
+			}
+		?>
 		</tr>
 	</table>
+	<p><input type="submit" value="<?php echo $delete_lang; ?>"></p>
+	<p><?php echo $delete_msg; ?>&nbsp;</p>
 </form>
 
-
-<?php
-echo "
 					</td>
 				</tr>
 			</table>
 		</td>
 	</tr>
-</table>";
+</table>
 
-include (BASE.'includes/footer.inc.php');
 
-echo "</center>
-	</body>
-	</html>";
-?>
+<?php include (BASE.'includes/footer.inc.php'); ?>
+
+
+</center>
+</body>
+</html>
+
 
-- 
cgit v1.2.3