Beispiel #1
0
/**
* Return XML for a single component from the DB
*
* @param array $properties The properties for this component
* @param string $item The DB row data for this component
*
* @return string An XML document which is the response for the component
*/
function component_to_xml($properties, $item)
{
    global $session, $c, $request, $reply;
    dbg_error_log("REPORT", "Building XML Response for item '%s'", $item->dav_name);
    $denied = array();
    $unsupported = array();
    $caldav_data = $item->caldav_data;
    $displayname = preg_replace('{^.*/}', '', $item->dav_name);
    $type = 'unknown';
    $contenttype = 'text/plain';
    switch ($item->caldav_type) {
        case 'VJOURNAL':
        case 'VEVENT':
        case 'VTODO':
            $displayname = $item->summary;
            $type = 'calendar';
            $contenttype = 'text/calendar';
            break;
        case 'VCARD':
            $displayname = $item->fn;
            $type = 'vcard';
            $contenttype = 'text/vcard';
            break;
    }
    if (isset($properties['calendar-data']) || isset($properties['displayname'])) {
        if (!$request->AllowedTo('all') && $session->user_no != $item->user_no) {
            // the user is not admin / owner of this calendarlooking at his calendar and can not admin the other cal
            /** @todo We should examine the ORGANIZER and ATTENDEE fields in the event.  If this person is there then they should see this */
            if ($type == 'calendar' && $item->class == 'CONFIDENTIAL' || !$request->AllowedTo('read')) {
                $ical = new iCalComponent($caldav_data);
                $resources = $ical->GetComponents('VTIMEZONE', false);
                $first = $resources[0];
                // if the event is confidential we fake one that just says "Busy"
                $confidential = new iCalComponent();
                $confidential->SetType($first->GetType());
                $confidential->AddProperty('SUMMARY', translate('Busy'));
                $confidential->AddProperty('CLASS', 'CONFIDENTIAL');
                $confidential->SetProperties($first->GetProperties('DTSTART'), 'DTSTART');
                $confidential->SetProperties($first->GetProperties('RRULE'), 'RRULE');
                $confidential->SetProperties($first->GetProperties('DURATION'), 'DURATION');
                $confidential->SetProperties($first->GetProperties('DTEND'), 'DTEND');
                $confidential->SetProperties($first->GetProperties('UID'), 'UID');
                $ical->SetComponents(array($confidential), $confidential->GetType());
                $caldav_data = $ical->Render();
                $displayname = translate('Busy');
            }
        }
    }
    $url = ConstructURL($item->dav_name);
    $prop = new XMLElement("prop");
    foreach ($properties as $k => $v) {
        switch ($k) {
            case 'getcontentlength':
                $contentlength = strlen($caldav_data);
                $prop->NewElement($k, $contentlength);
                break;
            case 'getlastmodified':
                $prop->NewElement($k, ISODateToHTTPDate($item->modified));
                break;
            case 'calendar-data':
                if ($type == 'calendar') {
                    $reply->CalDAVElement($prop, $k, $caldav_data);
                } else {
                    $unsupported[] = $k;
                }
                break;
            case 'address-data':
                if ($type == 'vcard') {
                    $reply->CardDAVElement($prop, $k, $caldav_data);
                } else {
                    $unsupported[] = $k;
                }
                break;
            case 'getcontenttype':
                $prop->NewElement($k, $contenttype);
                break;
            case 'current-user-principal':
                $prop->NewElement("current-user-principal", $request->current_user_principal_xml);
                break;
            case 'displayname':
                $prop->NewElement($k, $displayname);
                break;
            case 'resourcetype':
                $prop->NewElement($k);
                // Just an empty resourcetype for a non-collection.
                break;
            case 'getetag':
                $prop->NewElement($k, '"' . $item->dav_etag . '"');
                break;
            case '"current-user-privilege-set"':
                $prop->NewElement($k, privileges($request->permissions));
                break;
            case 'SOME-DENIED-PROPERTY':
                /** indicating the style for future expansion */
                $denied[] = $k;
                break;
            default:
                dbg_error_log('REPORT', "Request for unsupported property '%s' of calendar item.", $v);
                $unsupported[] = $k;
        }
    }
    $status = new XMLElement("status", "HTTP/1.1 200 OK");
    $propstat = new XMLElement("propstat", array($prop, $status));
    $href = new XMLElement("href", $url);
    $elements = array($href, $propstat);
    if (count($denied) > 0) {
        $status = new XMLElement("status", "HTTP/1.1 403 Forbidden");
        $noprop = new XMLElement("prop");
        foreach ($denied as $k => $v) {
            $noprop->NewElement(strtolower($v));
        }
        $elements[] = new XMLElement("propstat", array($noprop, $status));
    }
    if (count($unsupported) > 0) {
        $status = new XMLElement("status", "HTTP/1.1 404 Not Found");
        $noprop = new XMLElement("prop");
        foreach ($unsupported as $k => $v) {
            $noprop->NewElement(strtolower($v));
        }
        $elements[] = new XMLElement("propstat", array($noprop, $status));
    }
    $response = new XMLElement("response", $elements);
    return $response;
}
<?php

if (!$user or privileges($mysql_link, !$user['role_id'], array('ADD_MESS'))) {
    $_SESSION['msg']['message'] = setMessage('Ошибка доступа, у вас нет прав для посещения данный страницы. Пожалуйста, <a href="/?action=login">войдите под своей учётной записью</a> или <a href="/?action=registration">загеристрируйтесь</a>', 'error');
    $content = '';
} else {
    $user_messages = getUserMessages($mysql_link, $user['user_id']);
    if (is_array($user_messages)) {
        $user_messages = messageIntro($user_messages);
    }
    $content = template('user_messages.tpl.php', array('user_messages' => $user_messages));
}
include_once 'ressources/class.main_cf.inc';
include_once 'ressources/charts.php';
include_once 'ressources/class.syslogs.inc';
include_once 'ressources/class.system.network.inc';
include_once 'ressources/class.os.system.inc';
include_once dirname(__FILE__) . "/ressources/class.mysql.squid.builder.php";
if (isset($_GET["popup"])) {
    popup();
    exit;
}
if (isset($_POST["new-password"])) {
    SaveAccount();
    exit;
}
if (isset($_GET["privs"])) {
    privileges();
    exit;
}
page();
function page()
{
    $page = CurrentPageName();
    $tpl = new templates();
    $t = time();
    $html = "\n\t\n\t<table style='width:100%' class=form>\n\t<tr>\n\t\t<td colspan=2 style='font-size:22px'>{myaccount}</td>\n\t</tr>\n\t<tr>\n\t<td width=1% valign='top'><img src='img/user-server-128.png'></td>\n\t<td width=100%' valign='top'><span id='{$t}'></span>\n\t</tr>\n\t</table>\n\t<script>\n\t\tLoadAjax('{$t}','{$page}?popup=yes&t={$t}');\n\t</script>\n";
    echo $tpl->_ENGINE_parse_body($html);
}
function popup()
{
    $page = CurrentPageName();
    $tpl = new templates();
Beispiel #4
0
<!DOCTYPE html>

<?php 
include "../db/db.php";
include_once 'actions/misc_functions.php';
session_start();
if (isset($_SESSION['kiosk']['user_id'])) {
    $user_id = $_SESSION['kiosk']['user_id'];
} else {
    header("location: login.php");
}
$privileges = privileges($user_id);
if ($privileges['priv_admin']) {
    // header("location: index.php");
} else {
    if ($privileges['priv_bull']) {
        header("location: faculty_managepost.php");
    } else {
        if ($privileges['priv_cms1'] || $privileges['priv_cms2'] || $privileges['priv_cms3']) {
            header("location: cms.php");
        } else {
            if ($privileges['priv_ois1'] || $privileges['priv_ois2']) {
                header("location: unit_management.php");
            }
        }
    }
}
?>


Beispiel #5
0
/**
* Return XML for a single data item from the DB
*/
function item_to_xml($item)
{
    global $attribute_list, $session, $c, $request;
    dbg_error_log("PROPFIND", "Building XML Response for item '%s'", $item->dav_name);
    $item->properties = get_arbitrary_properties($item->dav_name);
    $url = $_SERVER['SCRIPT_NAME'] . $item->dav_name;
    $prop = new XMLElement("prop");
    if (isset($attribute_list['ALLPROP']) || isset($attribute_list['GETLASTMODIFIED'])) {
        $prop->NewElement("getlastmodified", isset($item->modified) ? $item->modified : false);
    }
    if (isset($attribute_list['ALLPROP']) || isset($attribute_list['GETCONTENTLENGTH'])) {
        $contentlength = strlen($item->caldav_data);
        $prop->NewElement("getcontentlength", $contentlength);
    }
    if (isset($attribute_list['ALLPROP']) || isset($attribute_list['GETCONTENTTYPE'])) {
        $prop->NewElement("getcontenttype", "text/calendar");
    }
    if (isset($attribute_list['ALLPROP']) || isset($attribute_list['CREATIONDATE'])) {
        $prop->NewElement("creationdate", $item->created);
    }
    /**
     * Non-collections should return an empty resource type, it appears from RFC2518 8.1.2
     */
    if (isset($attribute_list['ALLPROP']) || isset($attribute_list['RESOURCETYPE'])) {
        $prop->NewElement("resourcetype");
    }
    if (isset($attribute_list['ALLPROP']) || isset($attribute_list['DISPLAYNAME'])) {
        $prop->NewElement("displayname", $item->dav_displayname);
    }
    if (isset($attribute_list['ALLPROP']) || isset($attribute_list['GETETAG'])) {
        $prop->NewElement("getetag", '"' . $item->dav_etag . '"');
    }
    if (isset($attribute_list['ACL'])) {
        /**
         * FIXME: This information is semantically valid but presents an incorrect picture.
         */
        $principal = new XMLElement("principal");
        $principal->NewElement("authenticated");
        $grant = new XMLElement("grant", array(privileges($request->permissions)));
        $prop->NewElement("acl", new XMLElement("ace", array($principal, $grant)));
    }
    if (isset($attribute_list['ALLPROP']) || isset($attribute_list['GETCONTENTLANGUAGE'])) {
        $contentlength = strlen($item->caldav_data);
        $prop->NewElement("getcontentlanguage", $c->current_locale);
    }
    if (isset($attribute_list['ALLPROP']) || isset($attribute_list['CURRENT-USER-PRIVILEGE-SET'])) {
        $prop->NewElement("current-user-privilege-set", privileges($request->permissions));
    }
    if (isset($attribute_list['ALLPROP']) || isset($attribute_list['SUPPORTEDLOCK'])) {
        $prop->NewElement("supportedlock", new XMLElement("lockentry", array(new XMLElement("lockscope", new XMLElement("exclusive")), new XMLElement("locktype", new XMLElement("write")))));
    }
    $status = new XMLElement("status", "HTTP/1.1 200 OK");
    $propstat = new XMLElement("propstat", array($prop, $status));
    $href = new XMLElement("href", $url);
    $response = new XMLElement("response", array($href, $propstat));
    return $response;
}
Beispiel #6
0
/**
 * @param $mysql_link
 * @param $user
 * @param $action
 *
 * @return array
 */
function getMainMenu($mysql_link, $user, $action)
{
    $add_mess = '';
    if (!empty($user) and is_array($user)) {
        $add_mess = privileges($mysql_link, $user['role_id'], array('ADD_MESS'));
    }
    $menu = array(array('id' => 'home', 'name' => 'Главная', 'classes' => '', 'link' => '/'), array('id' => 'add-message', 'name' => 'Добавить объявление', 'classes' => '', 'link' => '?action=add_message'), array('id' => 'user-messages', 'name' => 'Ваши объявления', 'classes' => '', 'link' => '?action=user_messages'));
    foreach (get_type($mysql_link) as $i => $type) {
        $menu[] = array('id' => $type['type_id'] == 1 ? 'offer' : 'demand', 'name' => $type['name'], 'classes' => '', 'link' => "?type={$type['type_id']}");
    }
    foreach ($menu as $i => $item) {
        switch ($item['id']) {
            case 'home':
                if ($action == 'index' and !isset($_GET['type']) and !isset($_GET['cat'])) {
                    $menu[$i]['classes'] = 'active';
                }
                break;
            case 'add-message':
                if ($action == 'add_message') {
                    $menu[$i]['classes'] = 'active';
                }
                break;
            case 'user-messages':
                if ($action == 'user_messages') {
                    $menu[$i]['classes'] = 'active';
                }
                break;
            case 'offer':
                if ($action == 'index' and isset($_GET['type']) and $_GET['type'] == 1) {
                    $menu[$i]['classes'] = 'active';
                }
                break;
            case 'demand':
                if ($action == 'index' and isset($_GET['type']) and $_GET['type'] == 2) {
                    $menu[$i]['classes'] = 'active';
                }
                break;
        }
        if (empty($user) and !is_array($user)) {
            if ($item['id'] == 'add-message' or $item['id'] == 'user-messages') {
                unset($menu[$i]);
            }
        } elseif (!$add_mess and $item['id'] == 'add-message') {
            unset($menu[$i]);
        }
    }
    return array_values($menu);
}
Beispiel #7
0
<?php

header('Content-Type: text/html; charset= utf-8');
session_start();
require_once 'config.php';
require_once 'functions.php';
$categories = getCategories($mysql_link);
$types = get_type($mysql_link);
$user = checkUser($mysql_link);
if (!empty($user) and is_array($user)) {
    $add_mess = privileges($mysql_link, $user['role_id'], array('ADD_MESS'));
}
$action = clearData($mysql_link, $_GET['action']);
if (!$action) {
    $action = 'index';
}
$title = getTitle($mysql_link, $action, $user, $types, $categories);
$main_menu = getMainMenu($mysql_link, $user, $action);
if (file_exists('actions/' . $action . '.inc.php')) {
    include 'actions/' . $action . '.inc.php';
} else {
    include 'actions/' . 'index.inc.php';
}
require_once THEME . 'index.tpl.php';
unset($_SESSION['msg']);
echo '<pre><br /><h4>Текущий пользователь</h4><br />';
print_r($user);
echo '</pre>';
echo '<pre><br /><h4>Данные SERVER</h4><br />';
print_r($_SERVER);
echo '</pre>';
Beispiel #8
0
/**
* Return XML for a single component from the DB
*
* @param array $properties The properties for this component
* @param string $item The DB row data for this component
*
* @return string An XML document which is the response for the component
*/
function component_to_xml($properties, $item)
{
    global $session, $c, $request, $reply;
    dbg_error_log("REPORT", "Building XML Response for item '%s'", $item->dav_name);
    $denied = array();
    $unsupported = array();
    $caldav_data = $item->caldav_data;
    $displayname = preg_replace('{^.*/}', '', $item->dav_name);
    $type = 'unknown';
    $contenttype = 'text/plain';
    switch (strtoupper($item->caldav_type)) {
        case 'VJOURNAL':
        case 'VEVENT':
        case 'VTODO':
            $displayname = $item->summary;
            $type = 'calendar';
            $contenttype = 'text/calendar';
            if (isset($properties['urn:ietf:params:xml:ns:caldav:calendar-data']) || isset($properties['DAV::displayname'])) {
                if (!$request->AllowedTo('all') && $session->user_no != $item->user_no) {
                    // the user is not admin / owner of this calendar looking at his calendar and can not admin the other cal
                    if ($item->class == 'CONFIDENTIAL' || !$request->AllowedTo('read')) {
                        dbg_error_log("REPORT", "Anonymising confidential event for: %s", $item->dav_name);
                        $vcal = new vCalendar($caldav_data);
                        $caldav_data = $vcal->Confidential()->Render();
                        $displayname = translate('Busy');
                    }
                }
            }
            if (isset($c->hide_alarm) && $c->hide_alarm) {
                $dav_resource = new DAVResource($item->dav_name);
                if (isset($properties['urn:ietf:params:xml:ns:caldav:calendar-data']) && !$dav_resource->HavePrivilegeTo('write')) {
                    dbg_error_log("REPORT", "Stripping event alarms for: %s", $item->dav_name);
                    $vcal = new vCalendar($caldav_data);
                    $vcal->ClearComponents('VALARM');
                    $caldav_data = $vcal->Render();
                }
            }
            break;
        case 'VCARD':
            $displayname = $item->fn;
            $type = 'vcard';
            $contenttype = 'text/vcard';
            break;
    }
    $url = ConstructURL($item->dav_name);
    $prop = new XMLElement("prop");
    $need_resource = false;
    foreach ($properties as $full_tag => $v) {
        $base_tag = preg_replace('{^.*:}', '', $full_tag);
        switch ($full_tag) {
            case 'DAV::getcontentlength':
                $contentlength = strlen($caldav_data);
                $prop->NewElement($base_tag, $contentlength);
                break;
            case 'DAV::getlastmodified':
                $prop->NewElement($base_tag, ISODateToHTTPDate($item->modified));
                break;
            case 'urn:ietf:params:xml:ns:caldav:calendar-data':
                if ($type == 'calendar') {
                    $reply->CalDAVElement($prop, $base_tag, $caldav_data);
                } else {
                    $unsupported[] = $base_tag;
                }
                break;
            case 'urn:ietf:params:xml:ns:carddav:address-data':
                if ($type == 'vcard') {
                    $reply->CardDAVElement($prop, $base_tag, $caldav_data);
                } else {
                    $unsupported[] = $base_tag;
                }
                break;
            case 'DAV::getcontenttype':
                $prop->NewElement($base_tag, $contenttype);
                break;
            case 'DAV::current-user-principal':
                $prop->NewElement("current-user-principal", $request->current_user_principal_xml);
                break;
            case 'DAV::displayname':
                $prop->NewElement($base_tag, $displayname);
                break;
            case 'DAV::resourcetype':
                $prop->NewElement($base_tag);
                // Just an empty resourcetype for a non-collection.
                break;
            case 'DAV::getetag':
                $prop->NewElement($base_tag, '"' . $item->dav_etag . '"');
                break;
            case '"current-user-privilege-set"':
                $prop->NewElement($base_tag, privileges($request->permissions));
                break;
            default:
                // It's harder.  We need the DAVResource() to get this one.
                $need_resource = true;
        }
        if ($need_resource) {
            break;
        }
    }
    $href = new XMLElement("href", $url);
    if ($need_resource) {
        if (!isset($dav_resource)) {
            $dav_resource = new DAVResource($item->dav_name);
        }
        $elements = $dav_resource->GetPropStat(array_keys($properties), $reply);
        array_unshift($elements, $href);
    } else {
        $elements = array($href);
        $status = new XMLElement("status", "HTTP/1.1 200 OK");
        $elements[] = new XMLElement("propstat", array($prop, $status));
        if (count($denied) > 0) {
            $status = new XMLElement("status", "HTTP/1.1 403 Forbidden");
            $noprop = new XMLElement("prop");
            foreach ($denied as $k => $v) {
                $reply->NSElement($noprop, $v);
            }
            $elements[] = new XMLElement("propstat", array($noprop, $status));
        }
        if (!$request->PreferMinimal() && count($unsupported) > 0) {
            $status = new XMLElement("status", "HTTP/1.1 404 Not Found");
            $noprop = new XMLElement("prop");
            foreach ($unsupported as $k => $v) {
                $reply->NSElement($noprop, $v);
            }
            $elements[] = new XMLElement("propstat", array($noprop, $status));
        }
    }
    $response = new XMLElement("response", $elements);
    return $response;
}