/**
* Return XML for a single component from the DB
*
* @param array $properties The properties for this component
* @param string $item The DB row data for this component
*
* @return string An XML document which is the response for the component
*/
function component_to_xml($properties, $item)
{
global $session, $c, $request, $reply;
dbg_error_log("REPORT", "Building XML Response for item '%s'", $item->dav_name);
$denied = array();
$unsupported = array();
$caldav_data = $item->caldav_data;
$displayname = preg_replace('{^.*/}', '', $item->dav_name);
$type = 'unknown';
$contenttype = 'text/plain';
switch ($item->caldav_type) {
case 'VJOURNAL':
case 'VEVENT':
case 'VTODO':
$displayname = $item->summary;
$type = 'calendar';
$contenttype = 'text/calendar';
break;
case 'VCARD':
$displayname = $item->fn;
$type = 'vcard';
$contenttype = 'text/vcard';
break;
}
if (isset($properties['calendar-data']) || isset($properties['displayname'])) {
if (!$request->AllowedTo('all') && $session->user_no != $item->user_no) {
// the user is not admin / owner of this calendarlooking at his calendar and can not admin the other cal
/** @todo We should examine the ORGANIZER and ATTENDEE fields in the event. If this person is there then they should see this */
if ($type == 'calendar' && $item->class == 'CONFIDENTIAL' || !$request->AllowedTo('read')) {
$ical = new iCalComponent($caldav_data);
$resources = $ical->GetComponents('VTIMEZONE', false);
$first = $resources[0];
// if the event is confidential we fake one that just says "Busy"
$confidential = new iCalComponent();
$confidential->SetType($first->GetType());
$confidential->AddProperty('SUMMARY', translate('Busy'));
$confidential->AddProperty('CLASS', 'CONFIDENTIAL');
$confidential->SetProperties($first->GetProperties('DTSTART'), 'DTSTART');
$confidential->SetProperties($first->GetProperties('RRULE'), 'RRULE');
$confidential->SetProperties($first->GetProperties('DURATION'), 'DURATION');
$confidential->SetProperties($first->GetProperties('DTEND'), 'DTEND');
$confidential->SetProperties($first->GetProperties('UID'), 'UID');
$ical->SetComponents(array($confidential), $confidential->GetType());
$caldav_data = $ical->Render();
$displayname = translate('Busy');
}
}
}
$url = ConstructURL($item->dav_name);
$prop = new XMLElement("prop");
foreach ($properties as $k => $v) {
switch ($k) {
case 'getcontentlength':
$contentlength = strlen($caldav_data);
$prop->NewElement($k, $contentlength);
break;
case 'getlastmodified':
$prop->NewElement($k, ISODateToHTTPDate($item->modified));
break;
case 'calendar-data':
if ($type == 'calendar') {
$reply->CalDAVElement($prop, $k, $caldav_data);
} else {
$unsupported[] = $k;
}
break;
case 'address-data':
if ($type == 'vcard') {
$reply->CardDAVElement($prop, $k, $caldav_data);
} else {
$unsupported[] = $k;
}
break;
case 'getcontenttype':
$prop->NewElement($k, $contenttype);
break;
case 'current-user-principal':
$prop->NewElement("current-user-principal", $request->current_user_principal_xml);
break;
case 'displayname':
$prop->NewElement($k, $displayname);
break;
case 'resourcetype':
$prop->NewElement($k);
// Just an empty resourcetype for a non-collection.
break;
case 'getetag':
$prop->NewElement($k, '"' . $item->dav_etag . '"');
break;
case '"current-user-privilege-set"':
$prop->NewElement($k, privileges($request->permissions));
break;
case 'SOME-DENIED-PROPERTY':
/** indicating the style for future expansion */
$denied[] = $k;
break;
default:
dbg_error_log('REPORT', "Request for unsupported property '%s' of calendar item.", $v);
$unsupported[] = $k;
}
}
$status = new XMLElement("status", "HTTP/1.1 200 OK");
$propstat = new XMLElement("propstat", array($prop, $status));
$href = new XMLElement("href", $url);
$elements = array($href, $propstat);
if (count($denied) > 0) {
$status = new XMLElement("status", "HTTP/1.1 403 Forbidden");
$noprop = new XMLElement("prop");
foreach ($denied as $k => $v) {
$noprop->NewElement(strtolower($v));
}
$elements[] = new XMLElement("propstat", array($noprop, $status));
}
if (count($unsupported) > 0) {
$status = new XMLElement("status", "HTTP/1.1 404 Not Found");
$noprop = new XMLElement("prop");
foreach ($unsupported as $k => $v) {
$noprop->NewElement(strtolower($v));
}
$elements[] = new XMLElement("propstat", array($noprop, $status));
}
$response = new XMLElement("response", $elements);
return $response;
}
<?php
if (!$user or privileges($mysql_link, !$user['role_id'], array('ADD_MESS'))) {
$_SESSION['msg']['message'] = setMessage('Ошибка доступа, у вас нет прав для посещения данный страницы. Пожалуйста, <a href="/?action=login">войдите под своей учётной записью</a> или <a href="/?action=registration">загеристрируйтесь</a>', 'error');
$content = '';
} else {
$user_messages = getUserMessages($mysql_link, $user['user_id']);
if (is_array($user_messages)) {
$user_messages = messageIntro($user_messages);
}
$content = template('user_messages.tpl.php', array('user_messages' => $user_messages));
}
include_once 'ressources/class.main_cf.inc';
include_once 'ressources/charts.php';
include_once 'ressources/class.syslogs.inc';
include_once 'ressources/class.system.network.inc';
include_once 'ressources/class.os.system.inc';
include_once dirname(__FILE__) . "/ressources/class.mysql.squid.builder.php";
if (isset($_GET["popup"])) {
popup();
exit;
}
if (isset($_POST["new-password"])) {
SaveAccount();
exit;
}
if (isset($_GET["privs"])) {
privileges();
exit;
}
page();
function page()
{
$page = CurrentPageName();
$tpl = new templates();
$t = time();
$html = "\n\t\n\t<table style='width:100%' class=form>\n\t<tr>\n\t\t<td colspan=2 style='font-size:22px'>{myaccount}</td>\n\t</tr>\n\t<tr>\n\t<td width=1% valign='top'><img src='img/user-server-128.png'></td>\n\t<td width=100%' valign='top'><span id='{$t}'></span>\n\t</tr>\n\t</table>\n\t<script>\n\t\tLoadAjax('{$t}','{$page}?popup=yes&t={$t}');\n\t</script>\n";
echo $tpl->_ENGINE_parse_body($html);
}
function popup()
{
$page = CurrentPageName();
$tpl = new templates();
<!DOCTYPE html>
<?php
include "../db/db.php";
include_once 'actions/misc_functions.php';
session_start();
if (isset($_SESSION['kiosk']['user_id'])) {
$user_id = $_SESSION['kiosk']['user_id'];
} else {
header("location: login.php");
}
$privileges = privileges($user_id);
if ($privileges['priv_admin']) {
// header("location: index.php");
} else {
if ($privileges['priv_bull']) {
header("location: faculty_managepost.php");
} else {
if ($privileges['priv_cms1'] || $privileges['priv_cms2'] || $privileges['priv_cms3']) {
header("location: cms.php");
} else {
if ($privileges['priv_ois1'] || $privileges['priv_ois2']) {
header("location: unit_management.php");
}
}
}
}
?>
/**
* Return XML for a single data item from the DB
*/
function item_to_xml($item)
{
global $attribute_list, $session, $c, $request;
dbg_error_log("PROPFIND", "Building XML Response for item '%s'", $item->dav_name);
$item->properties = get_arbitrary_properties($item->dav_name);
$url = $_SERVER['SCRIPT_NAME'] . $item->dav_name;
$prop = new XMLElement("prop");
if (isset($attribute_list['ALLPROP']) || isset($attribute_list['GETLASTMODIFIED'])) {
$prop->NewElement("getlastmodified", isset($item->modified) ? $item->modified : false);
}
if (isset($attribute_list['ALLPROP']) || isset($attribute_list['GETCONTENTLENGTH'])) {
$contentlength = strlen($item->caldav_data);
$prop->NewElement("getcontentlength", $contentlength);
}
if (isset($attribute_list['ALLPROP']) || isset($attribute_list['GETCONTENTTYPE'])) {
$prop->NewElement("getcontenttype", "text/calendar");
}
if (isset($attribute_list['ALLPROP']) || isset($attribute_list['CREATIONDATE'])) {
$prop->NewElement("creationdate", $item->created);
}
/**
* Non-collections should return an empty resource type, it appears from RFC2518 8.1.2
*/
if (isset($attribute_list['ALLPROP']) || isset($attribute_list['RESOURCETYPE'])) {
$prop->NewElement("resourcetype");
}
if (isset($attribute_list['ALLPROP']) || isset($attribute_list['DISPLAYNAME'])) {
$prop->NewElement("displayname", $item->dav_displayname);
}
if (isset($attribute_list['ALLPROP']) || isset($attribute_list['GETETAG'])) {
$prop->NewElement("getetag", '"' . $item->dav_etag . '"');
}
if (isset($attribute_list['ACL'])) {
/**
* FIXME: This information is semantically valid but presents an incorrect picture.
*/
$principal = new XMLElement("principal");
$principal->NewElement("authenticated");
$grant = new XMLElement("grant", array(privileges($request->permissions)));
$prop->NewElement("acl", new XMLElement("ace", array($principal, $grant)));
}
if (isset($attribute_list['ALLPROP']) || isset($attribute_list['GETCONTENTLANGUAGE'])) {
$contentlength = strlen($item->caldav_data);
$prop->NewElement("getcontentlanguage", $c->current_locale);
}
if (isset($attribute_list['ALLPROP']) || isset($attribute_list['CURRENT-USER-PRIVILEGE-SET'])) {
$prop->NewElement("current-user-privilege-set", privileges($request->permissions));
}
if (isset($attribute_list['ALLPROP']) || isset($attribute_list['SUPPORTEDLOCK'])) {
$prop->NewElement("supportedlock", new XMLElement("lockentry", array(new XMLElement("lockscope", new XMLElement("exclusive")), new XMLElement("locktype", new XMLElement("write")))));
}
$status = new XMLElement("status", "HTTP/1.1 200 OK");
$propstat = new XMLElement("propstat", array($prop, $status));
$href = new XMLElement("href", $url);
$response = new XMLElement("response", array($href, $propstat));
return $response;
}
/**
* @param $mysql_link
* @param $user
* @param $action
*
* @return array
*/
function getMainMenu($mysql_link, $user, $action)
{
$add_mess = '';
if (!empty($user) and is_array($user)) {
$add_mess = privileges($mysql_link, $user['role_id'], array('ADD_MESS'));
}
$menu = array(array('id' => 'home', 'name' => 'Главная', 'classes' => '', 'link' => '/'), array('id' => 'add-message', 'name' => 'Добавить объявление', 'classes' => '', 'link' => '?action=add_message'), array('id' => 'user-messages', 'name' => 'Ваши объявления', 'classes' => '', 'link' => '?action=user_messages'));
foreach (get_type($mysql_link) as $i => $type) {
$menu[] = array('id' => $type['type_id'] == 1 ? 'offer' : 'demand', 'name' => $type['name'], 'classes' => '', 'link' => "?type={$type['type_id']}");
}
foreach ($menu as $i => $item) {
switch ($item['id']) {
case 'home':
if ($action == 'index' and !isset($_GET['type']) and !isset($_GET['cat'])) {
$menu[$i]['classes'] = 'active';
}
break;
case 'add-message':
if ($action == 'add_message') {
$menu[$i]['classes'] = 'active';
}
break;
case 'user-messages':
if ($action == 'user_messages') {
$menu[$i]['classes'] = 'active';
}
break;
case 'offer':
if ($action == 'index' and isset($_GET['type']) and $_GET['type'] == 1) {
$menu[$i]['classes'] = 'active';
}
break;
case 'demand':
if ($action == 'index' and isset($_GET['type']) and $_GET['type'] == 2) {
$menu[$i]['classes'] = 'active';
}
break;
}
if (empty($user) and !is_array($user)) {
if ($item['id'] == 'add-message' or $item['id'] == 'user-messages') {
unset($menu[$i]);
}
} elseif (!$add_mess and $item['id'] == 'add-message') {
unset($menu[$i]);
}
}
return array_values($menu);
}
<?php
header('Content-Type: text/html; charset= utf-8');
session_start();
require_once 'config.php';
require_once 'functions.php';
$categories = getCategories($mysql_link);
$types = get_type($mysql_link);
$user = checkUser($mysql_link);
if (!empty($user) and is_array($user)) {
$add_mess = privileges($mysql_link, $user['role_id'], array('ADD_MESS'));
}
$action = clearData($mysql_link, $_GET['action']);
if (!$action) {
$action = 'index';
}
$title = getTitle($mysql_link, $action, $user, $types, $categories);
$main_menu = getMainMenu($mysql_link, $user, $action);
if (file_exists('actions/' . $action . '.inc.php')) {
include 'actions/' . $action . '.inc.php';
} else {
include 'actions/' . 'index.inc.php';
}
require_once THEME . 'index.tpl.php';
unset($_SESSION['msg']);
echo '<pre><br /><h4>Текущий пользователь</h4><br />';
print_r($user);
echo '</pre>';
echo '<pre><br /><h4>Данные SERVER</h4><br />';
print_r($_SERVER);
echo '</pre>';
/**
* Return XML for a single component from the DB
*
* @param array $properties The properties for this component
* @param string $item The DB row data for this component
*
* @return string An XML document which is the response for the component
*/
function component_to_xml($properties, $item)
{
global $session, $c, $request, $reply;
dbg_error_log("REPORT", "Building XML Response for item '%s'", $item->dav_name);
$denied = array();
$unsupported = array();
$caldav_data = $item->caldav_data;
$displayname = preg_replace('{^.*/}', '', $item->dav_name);
$type = 'unknown';
$contenttype = 'text/plain';
switch (strtoupper($item->caldav_type)) {
case 'VJOURNAL':
case 'VEVENT':
case 'VTODO':
$displayname = $item->summary;
$type = 'calendar';
$contenttype = 'text/calendar';
if (isset($properties['urn:ietf:params:xml:ns:caldav:calendar-data']) || isset($properties['DAV::displayname'])) {
if (!$request->AllowedTo('all') && $session->user_no != $item->user_no) {
// the user is not admin / owner of this calendar looking at his calendar and can not admin the other cal
if ($item->class == 'CONFIDENTIAL' || !$request->AllowedTo('read')) {
dbg_error_log("REPORT", "Anonymising confidential event for: %s", $item->dav_name);
$vcal = new vCalendar($caldav_data);
$caldav_data = $vcal->Confidential()->Render();
$displayname = translate('Busy');
}
}
}
if (isset($c->hide_alarm) && $c->hide_alarm) {
$dav_resource = new DAVResource($item->dav_name);
if (isset($properties['urn:ietf:params:xml:ns:caldav:calendar-data']) && !$dav_resource->HavePrivilegeTo('write')) {
dbg_error_log("REPORT", "Stripping event alarms for: %s", $item->dav_name);
$vcal = new vCalendar($caldav_data);
$vcal->ClearComponents('VALARM');
$caldav_data = $vcal->Render();
}
}
break;
case 'VCARD':
$displayname = $item->fn;
$type = 'vcard';
$contenttype = 'text/vcard';
break;
}
$url = ConstructURL($item->dav_name);
$prop = new XMLElement("prop");
$need_resource = false;
foreach ($properties as $full_tag => $v) {
$base_tag = preg_replace('{^.*:}', '', $full_tag);
switch ($full_tag) {
case 'DAV::getcontentlength':
$contentlength = strlen($caldav_data);
$prop->NewElement($base_tag, $contentlength);
break;
case 'DAV::getlastmodified':
$prop->NewElement($base_tag, ISODateToHTTPDate($item->modified));
break;
case 'urn:ietf:params:xml:ns:caldav:calendar-data':
if ($type == 'calendar') {
$reply->CalDAVElement($prop, $base_tag, $caldav_data);
} else {
$unsupported[] = $base_tag;
}
break;
case 'urn:ietf:params:xml:ns:carddav:address-data':
if ($type == 'vcard') {
$reply->CardDAVElement($prop, $base_tag, $caldav_data);
} else {
$unsupported[] = $base_tag;
}
break;
case 'DAV::getcontenttype':
$prop->NewElement($base_tag, $contenttype);
break;
case 'DAV::current-user-principal':
$prop->NewElement("current-user-principal", $request->current_user_principal_xml);
break;
case 'DAV::displayname':
$prop->NewElement($base_tag, $displayname);
break;
case 'DAV::resourcetype':
$prop->NewElement($base_tag);
// Just an empty resourcetype for a non-collection.
break;
case 'DAV::getetag':
$prop->NewElement($base_tag, '"' . $item->dav_etag . '"');
break;
case '"current-user-privilege-set"':
$prop->NewElement($base_tag, privileges($request->permissions));
break;
default:
// It's harder. We need the DAVResource() to get this one.
$need_resource = true;
}
if ($need_resource) {
break;
}
}
$href = new XMLElement("href", $url);
if ($need_resource) {
if (!isset($dav_resource)) {
$dav_resource = new DAVResource($item->dav_name);
}
$elements = $dav_resource->GetPropStat(array_keys($properties), $reply);
array_unshift($elements, $href);
} else {
$elements = array($href);
$status = new XMLElement("status", "HTTP/1.1 200 OK");
$elements[] = new XMLElement("propstat", array($prop, $status));
if (count($denied) > 0) {
$status = new XMLElement("status", "HTTP/1.1 403 Forbidden");
$noprop = new XMLElement("prop");
foreach ($denied as $k => $v) {
$reply->NSElement($noprop, $v);
}
$elements[] = new XMLElement("propstat", array($noprop, $status));
}
if (!$request->PreferMinimal() && count($unsupported) > 0) {
$status = new XMLElement("status", "HTTP/1.1 404 Not Found");
$noprop = new XMLElement("prop");
foreach ($unsupported as $k => $v) {
$reply->NSElement($noprop, $v);
}
$elements[] = new XMLElement("propstat", array($noprop, $status));
}
}
$response = new XMLElement("response", $elements);
return $response;
}