aboutsummaryrefslogtreecommitdiffstats
path: root/admin/index.php
blob: 815bb449ccaec99ed0f52c0e73b2838d858d0011 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
<?php
define('BASE', '../');
$current_view = 'admin';
require_once(BASE.'functions/init.inc.php');
require_once(BASE.'functions/admin_functions.php');
require_once(BASE.'functions/template.php');

#echo "<pre>";print_r($_REQUEST);

if (empty($phpiCal_config->default_path)) {
	if (isset($_SERVER['HTTPS']) || strtolower($_SERVER['HTTPS']) == 'on' ) {
		$default_path = 'https://'.$_SERVER['SERVER_NAME'].':'.$_SERVER['SERVER_PORT'].substr($_SERVER['PHP_SELF'],0,strpos($_SERVER['PHP_SELF'],'/admin/'));
	} else {
		$default_path = 'http://'.$_SERVER['SERVER_NAME'].':'.$_SERVER['SERVER_PORT'].substr($_SERVER['PHP_SELF'],0,strpos($_SERVER['PHP_SELF'],'/admin/'));
	}
}
#if ($phpiCal_config->allow_admin != 'yes') {
	exit(error('The administration menu has been turned off.', '', '/..'));
#}

// Logout by clearing session variables
if ((isset($_GET['action'])) && ($_GET['action'] == 'logout')) {
	$_SESSION['phpical_loggedin'] = FALSE;
	unset($_SESSION['phpical_username']);
	unset($_SESSION['phpical_password']);
}

// if $auth_method == 'server', don't do any authentication
$username = @$_POST['username'];
$password = @$_POST['password'];

if ($phpiCal_config->auth_method == 'server') {
	$is_loged_in = TRUE;
} else {
	$is_loged_in = FALSE;
	
	if (is_loggedin()) {
		$is_loged_in = TRUE;
	}
	
	if (isset($username) && @$_GET['action'] != 'logout') {
		$is_loged_in = login ($username, $password);
	}
}

$login_good = ($is_loged_in) ? '' : 'oops';
$login_bad	= ((!$is_loged_in) && (@$_GET['action'] == 'login')) ? 'oops' : '';
$delete_msg = '';
$addupdate_msg 	= '';
if(is_loggedin()){
	// Delete a calendar
	// Not at all secure - need to strip out path info if used by users besides admin in the future
	if (isset($_POST['action']) && $_POST['action'] == 'delete') {
		foreach ($_POST['delete_calendar'] as $filename) {
			if (!delete_cal(urldecode($filename))) {
				$delete_msg = $delete_msg . '<font color="red">' . $lang['l_delete_error'] . ' ' . urldecode(substr($filename,0,-4)) . '</font><br />';
			} else {
				$delete_msg = $delete_msg . '<font color="green">' . urldecode(substr($filename,0,-4)) . ' ' . $lang['l_delete_success'] . '</font><br />';
			}
		}
	}
	
	// Add or Update a calendar
	if (isset($_POST['action'])  && $_POST['action'] == 'addupdate') {
		for ($filenumber = 1; $filenumber < 6; $filenumber++) {
			$file = $_FILES['calfile'];
			$addupdate_success = FALSE;
	
			if (!is_uploaded_file_v4($file['tmp_name'][$filenumber])) {
				$upload_error = get_upload_error($file['error'][$filenumber]);
			} elseif (!is_uploaded_ics($file['name'][$filenumber])) {
				$upload_error = $upload_error_type_lang;
			} elseif (!copy_cal($file['tmp_name'][$filenumber], $file['name'][$filenumber])) {
				$upload_error = $copy_error_lang . " " . $file['tmp_name'][$filenumber] . " - " . $calendar_path . "/" . $file['name'][$filenumber];
			} else {
				$addupdate_success = TRUE;
			}
			
			if ($addupdate_success == TRUE) {
				$addupdate_msg = $addupdate_msg . '<font color="green">'.$lang['l_cal_file'].' #'.$filenumber.': '.$lang['l_action_success'].'</font><br />';
			} else {
				$addupdate_msg = $addupdate_msg . '<font color="red">'.$lang['l_cal_file'].' #'.$filenumber.': '.$lang['l_upload_error'].'</font><br />';
			}
		}
	}
}

$calendar_name = $lang['l_admin_header'];

$page = new Page(BASE.'templates/'.$phpiCal_config->template.'/admin.tpl');

$page->replace_files(array(
	'header'			=> BASE.'templates/'.$phpiCal_config->template.'/header.tpl',
	'footer'			=> BASE.'templates/'.$phpiCal_config->template.'/footer.tpl'
	));

$page->replace_tags(array(
	'version'			=> $phpiCal_config->phpicalendar_version,
	'event_js'			=> '',
	'charset'			=> $phpiCal_config->charset,
	'default_path'		=> $phpiCal_config->default_path."/..",
	'template'			=> $phpiCal_config->template,
	'cal'				=> $cal,
	'getdate'			=> $getdate,
	'calendar_name'		=> $calendar_name,
	'display_date'		=> '',
	'current_view'		=> $current_view,
#	'sidebar_date'		=> $sidebar_date,
	'rss_powered'	 	=> $rss_powered,
	'rss_available' 	=> '',
	'rss_valid' 		=> '',
	'show_search' 		=> '',
	'login_error'		=> $login_bad,
	'display_login'		=> $login_good,
	'delete_msg'		=> $delete_msg,
	'addupdate_msg'		=> $addupdate_msg,
	'l_day'				=> $lang['l_day'],
	'l_week'			=> $lang['l_week'],
	'l_month'			=> $lang['l_month'],
	'l_year'			=> $lang['l_year'],
	'l_admin_header'	=> $lang['l_admin_header'],
	'l_admin_subhead'	=> $lang['l_admin_subhead'],
	'l_invalid_login'	=> $lang['l_invalid_login'],
	'l_username'		=> $lang['l_username'],
	'l_password'		=> $lang['l_password'],
	'l_cal_file'		=> $lang['l_cal_file'],
	'l_delete_cal'		=> $lang['l_delete_cal'],
	'l_delete'			=> $lang['l_delete'],
	'l_logout'			=> $lang['l_logout'],
	'l_login'			=> $lang['l_login'],
	'l_submit'			=> $lang['l_submit'],
	'l_addupdate_cal'	=> $lang['l_addupdate_cal'],
	'l_addupdate_desc'	=> $lang['l_addupdate_desc'],
	'l_powered_by'		=> $lang['l_powered_by'],
	'l_this_site_is'	=> $lang['l_this_site_is']			
	));

$page->draw_admin();
$page->output();

?>

© 2014-2020 Faster IT GmbH | imprint | privacy policy