From d6405b94fff1853f6654ecb85eea79721827b6ca Mon Sep 17 00:00:00 2001 From: Jim Hu Date: Sun, 28 Dec 2008 10:50:57 +0000 Subject: kill admin.php; misc other changes; bump rc num --- admin/index.php | 45 +++++++++++++++++++++------------------------ 1 file changed, 21 insertions(+), 24 deletions(-) (limited to 'admin') diff --git a/admin/index.php b/admin/index.php index ef85465..815bb44 100644 --- a/admin/index.php +++ b/admin/index.php @@ -1,9 +1,11 @@ ";print_r($_REQUEST); if (empty($phpiCal_config->default_path)) { if (isset($_SERVER['HTTPS']) || strtolower($_SERVER['HTTPS']) == 'on' ) { @@ -12,13 +14,9 @@ if (empty($phpiCal_config->default_path)) { $default_path = 'http://'.$_SERVER['SERVER_NAME'].':'.$_SERVER['SERVER_PORT'].substr($_SERVER['PHP_SELF'],0,strpos($_SERVER['PHP_SELF'],'/admin/')); } } -if ($phpiCal_config->allow_admin != 'yes') { - exit(error('The administration menu has been turned off.', $cal, '../')); -} - -// Load variables from forms and query strings into local scope -if($_POST) {extract($_POST, EXTR_PREFIX_SAME, "post_");} -if($_GET) {extract($_GET, EXTR_PREFIX_SAME, "get_");} +#if ($phpiCal_config->allow_admin != 'yes') { + exit(error('The administration menu has been turned off.', '', '/..')); +#} // Logout by clearing session variables if ((isset($_GET['action'])) && ($_GET['action'] == 'logout')) { @@ -27,12 +25,11 @@ if ((isset($_GET['action'])) && ($_GET['action'] == 'logout')) { unset($_SESSION['phpical_password']); } - // if $auth_method == 'server', don't do any authentication -$username = $_POST['username']; -$password = $_POST['password']; +$username = @$_POST['username']; +$password = @$_POST['password']; -if ($auth_method == 'server') { +if ($phpiCal_config->auth_method == 'server') { $is_loged_in = TRUE; } else { $is_loged_in = FALSE; @@ -41,19 +38,20 @@ if ($auth_method == 'server') { $is_loged_in = TRUE; } - if (isset($username) && $_GET['action'] != 'logout') { + if (isset($username) && @$_GET['action'] != 'logout') { $is_loged_in = login ($username, $password); } } $login_good = ($is_loged_in) ? '' : 'oops'; -$login_bad = ((!$is_loged_in) && ($_GET['action'] == 'login')) ? 'oops' : ''; +$login_bad = ((!$is_loged_in) && (@$_GET['action'] == 'login')) ? 'oops' : ''; +$delete_msg = ''; +$addupdate_msg = ''; if(is_loggedin()){ // Delete a calendar // Not at all secure - need to strip out path info if used by users besides admin in the future - $delete_msg = ''; - if ($_POST['action'] == 'delete') { - foreach ($delete_calendar as $filename) { + if (isset($_POST['action']) && $_POST['action'] == 'delete') { + foreach ($_POST['delete_calendar'] as $filename) { if (!delete_cal(urldecode($filename))) { $delete_msg = $delete_msg . '' . $lang['l_delete_error'] . ' ' . urldecode(substr($filename,0,-4)) . '
'; } else { @@ -63,8 +61,7 @@ if(is_loggedin()){ } // Add or Update a calendar - $addupdate_msg = ''; - if ((isset($_POST['action'])) && ($_POST['action'] == 'addupdate')) { + if (isset($_POST['action']) && $_POST['action'] == 'addupdate') { for ($filenumber = 1; $filenumber < 6; $filenumber++) { $file = $_FILES['calfile']; $addupdate_success = FALSE; @@ -101,15 +98,15 @@ $page->replace_tags(array( 'version' => $phpiCal_config->phpicalendar_version, 'event_js' => '', 'charset' => $phpiCal_config->charset, - 'default_path' => "../".$phpiCal_config->default_path, + 'default_path' => $phpiCal_config->default_path."/..", 'template' => $phpiCal_config->template, 'cal' => $cal, 'getdate' => $getdate, 'calendar_name' => $calendar_name, - 'display_date' => $display_date, + 'display_date' => '', 'current_view' => $current_view, - 'sidebar_date' => $sidebar_date, - 'rss_powered' => $phpiCal_config->rss_powered, +# 'sidebar_date' => $sidebar_date, + 'rss_powered' => $rss_powered, 'rss_available' => '', 'rss_valid' => '', 'show_search' => '', -- cgit v1.2.3