function check_email($uemail)
{
global $control, $error;
if (!strlen($uemail)) {
$error = translate('Email address cannot be blank.');
return false;
}
$res = dbi_execute('SELECT cal_email FROM webcal_user WHERE cal_email = ?', array($uemail));
if ($res) {
$row = dbi_fetch_row($res);
if ($row[0] == $uemail) {
$control = '';
$error = translate('Email address already exists.');
return false;
}
}
return true;
}
function db_load_config()
{
global $webcalConfig;
while (list($key, $val) = each($webcalConfig)) {
$res = dbi_execute('SELECT cal_value FROM webcal_config
WHERE cal_setting = ?', array($key), false, false);
$sql = 'INSERT INTO webcal_config ( cal_setting, cal_value ) VALUES (?,?)';
if (!$res) {
dbi_execute($sql, array($key, $val));
} else {
// SQLite returns $res always.
$row = dbi_fetch_row($res);
if (!isset($row[0])) {
dbi_execute($sql, array($key, $val));
}
dbi_free_result($res);
}
}
}
function delete_palm_events($login)
{
$res = dbi_execute('SELECT cal_id FROM webcal_import_data
WHERE cal_login = ? AND cal_import_type = ?', array($login, 'palm'));
if ($res) {
while ($row = dbi_fetch_row($res)) {
dbi_execute('DELETE FROM webcal_blob WHERE cal_id = ?', array($row[0]));
dbi_execute('DELETE FROM webcal_entry_log WHERE cal_entry_id = ?', array($row[0]));
dbi_execute('DELETE FROM webcal_entry_repeats WHERE cal_id = ?', array($row[0]));
dbi_execute('DELETE FROM webcal_entry_repeats_not WHERE cal_id = ?', array($row[0]));
dbi_execute('DELETE FROM webcal_import_data WHERE cal_id = ?', array($row[0]));
dbi_execute('DELETE FROM webcal_reminders WHERE cal_id = ?', array($row[0]));
dbi_execute('DELETE FROM webcal_site_extras WHERE cal_id = ?', array($row[0]));
dbi_execute('DELETE FROM webcal_entry_user WHERE cal_id = ?', array($row[0]));
dbi_execute('DELETE FROM webcal_entry WHERE cal_id = ?', array($row[0]));
}
}
dbi_free_result($res);
return 1;
}
function save_layer($layer_user, $layeruser, $layercolor, $dups, $id)
{
global $error, $layers;
if ($layer_user == $layeruser) {
$error = translate('You cannot create a layer for yourself.');
}
load_user_layers($layer_user, 1);
if (!empty($layeruser) && $error == '') {
// Existing layer entry.
if (!empty($layers[$id]['cal_layeruser'])) {
// Update existing layer entry for this user.
$layerid = $layers[$id]['cal_layerid'];
dbi_execute('UPDATE webcal_user_layers SET cal_layeruser = ?,
cal_color = ?, cal_dups = ? WHERE cal_layerid = ?', array($layeruser, $layercolor, $dups, $layerid));
} else {
// New layer entry.
// Check for existing layer for user. Can only have one layer per user.
$res = dbi_execute('SELECT COUNT( cal_layerid ) FROM webcal_user_layers
WHERE cal_login = ? AND cal_layeruser = ?', array($layer_user, $layeruser));
if ($res) {
$row = dbi_fetch_row($res);
if ($row[0] > 0) {
$error = translate('You can only create one layer for each user.');
}
dbi_free_result($res);
}
if ($error == '') {
$res = dbi_execute('SELECT MAX( cal_layerid ) FROM webcal_user_layers');
if ($res) {
$row = dbi_fetch_row($res);
$layerid = $row[0] + 1;
} else {
$layerid = 1;
}
dbi_execute('INSERT INTO webcal_user_layers ( cal_layerid, cal_login,
cal_layeruser, cal_color, cal_dups ) VALUES ( ?, ?, ?, ?, ? )', array($layerid, $layer_user, $layeruser, $layercolor, $dups));
}
}
}
}
function doDbSanityCheck()
{
global $db_database, $db_host, $db_login;
$dieMsgStr = 'Error finding WebCalendar tables in database "' . $db_database . '" using db login "' . $db_login . '" on db server "' . $db_host . '".<br /><br />
Have you created the database tables as specified in the
<a href="docs/WebCalendar-SysAdmin.html" ' . ' target="other">WebCalendar System Administrator\'s Guide</a>?';
$res = @dbi_execute('SELECT COUNT( cal_value ) FROM webcal_config', array(), false, false);
if ($res) {
if ($row = dbi_fetch_row($res)) {
// Found database. All is peachy.
dbi_free_result($res);
} else {
// Error accessing table.
// User has wrong db name or has not created tables.
// Note: can't translate this since translate.php is not included yet.
dbi_free_result($res);
die_miserable_death($dieMsgStr);
}
} else {
die_miserable_death($dieMsgStr);
}
}
function save_pref($prefs, $src)
{
global $my_theme, $prefuser;
while (list($key, $value) = each($prefs)) {
if ($src == 'post') {
$setting = substr($key, 5);
$prefix = substr($key, 0, 5);
if ($prefix != 'pref_') {
continue;
}
// validate key name. should start with "pref_" and not include
// any unusual characters that might cause SQL injection
if (!preg_match('/pref_[A-Za-z0-9_]+$/', $key)) {
die_miserable_death(str_replace('XXX', $key, translate('Invalid setting name XXX.')));
}
} else {
$setting = $key;
$prefix = 'pref_';
}
//echo "Setting = $setting, key = $key, prefix = $prefix<br />\n";
if (strlen($setting) > 0 && $prefix == 'pref_') {
if ($setting == 'THEME' && $value != 'none') {
$my_theme = strtolower($value);
}
$sql = 'DELETE FROM webcal_user_pref WHERE cal_login = ? ' . 'AND cal_setting = ?';
dbi_execute($sql, array($prefuser, $setting));
if (strlen($value) > 0) {
$setting = strtoupper($setting);
$sql = 'INSERT INTO webcal_user_pref ' . '( cal_login, cal_setting, cal_value ) VALUES ' . '( ?, ?, ? )';
if (!dbi_execute($sql, array($prefuser, $setting, $value))) {
$error = 'Unable to update preference: ' . dbi_error() . '<br /><br /><span class="bold">SQL:</span>' . $sql;
break;
}
}
}
}
}
function save_pref($prefs, $src)
{
global $error, $my_theme, $prad;
if (!$prad) {
global $prefuser;
}
$pos = $prad ? 6 : 5;
while (list($key, $value) = each($prefs)) {
if ($src == 'post') {
$prefix = substr($key, 0, $pos);
$setting = substr($key, $pos);
if (!$prad && $prefix != 'pref_' || $prad && $key == 'currenttab') {
continue;
}
// .
// Validate key name.
// If $prad not true, should start with "pref_"
// else should start with "admin_",
// and not include any unusual characters that might be an SQL injection attack.
if (!$prad && !preg_match('/pref_[A-Za-z0-9_]+$/', $key) || $prad && !preg_match('/admin_[A-Za-z0-9_]+$/', $key)) {
die_miserable_death(str_replace('XXX', $key, translate('Invalid setting name XXX.')));
}
} else {
$prefix = $prad ? 'admin_' : 'pref_';
$setting = $key;
}
if (strlen($setting) > 0 && $prefix == 'pref_' || $prefix == 'admin_') {
if ($setting == 'THEME' && $value != 'none') {
$my_theme = strtolower($value);
}
if ($prad) {
$setting = strtoupper($setting);
$sql = 'DELETE FROM webcal_config WHERE cal_setting = ?';
if (!dbi_execute($sql, array($setting))) {
$error = db_error(false, $sql);
break;
}
if (strlen($value) > 0) {
$sql = 'INSERT INTO webcal_config ( cal_setting, cal_value ) VALUES ( ?, ? )';
if (!dbi_execute($sql, array($setting, $value))) {
$error = db_error(false, $sql);
break;
}
}
} else {
dbi_execute('DELETE FROM webcal_user_pref WHERE cal_login = ?
AND cal_setting = ?', array($prefuser, $setting));
if (strlen($value) > 0) {
$setting = strtoupper($setting);
$sql = 'INSERT INTO webcal_user_pref ( cal_login, cal_setting,
cal_value ) VALUES ( ?, ?, ? )';
if (!dbi_execute($sql, array($prefuser, $setting, $value))) {
$error = 'Unable to update preference: ' . dbi_error() . '<br /><br /><span class="bold">SQL:</span>' . $sql;
break;
}
}
}
}
}
// Reload preferences so any CSS changes will take effect.
load_global_settings();
load_user_preferences();
}
function access_load_user_functions($user)
{
global $is_admin;
static $permissions;
if (!empty($permissions[$user])) {
return $permissions[$user];
}
$ret = '';
$rets = array();
$users = array($user, '__default__');
for ($i = 0, $cnt = count($users); $i < $cnt && empty($ret); $i++) {
$res = dbi_execute('SELECT cal_permissions FROM webcal_access_function
WHERE cal_login = ?', array($users[$i]));
assert('$res');
if ($row = dbi_fetch_row($res)) {
$rets[$users[$i]] = $row[0];
}
dbi_free_result($res);
}
// If still no setting found, then assume access to everything
// if an admin user, otherwise access to all non-admin functions.
if (!empty($rets[$user])) {
$ret = $rets[$user];
} else {
if (!empty($rets['__default__'])) {
$ret = $rets['__default__'];
} else {
for ($i = 0; $i < ACCESS_NUMBER_FUNCTIONS; $i++) {
$ret .= get_default_function_access($i, $user);
}
}
}
// do_debug ( $user . " " . $ret);
$permissions[$user] = $ret;
return $ret;
}
}
// Parse $users.
$exp = split(',', $users);
$groups = $selected = $sql_params = array();
for ($i = 0, $cnt = count($exp); $i < $cnt; $i++) {
$selected[$exp[$i]] = 1;
}
$owner = $is_nonuser_admin || $is_assistant ? $user : $login;
// Load list of groups.
$sql = 'SELECT wg.cal_group_id, wg.cal_name FROM webcal_group wg';
if ($USER_SEES_ONLY_HIS_GROUPS == 'Y') {
$sql .= ', webcal_group_user wgu WHERE wg.cal_group_id = wgu.cal_group_id
AND wgu.cal_login = ?';
$sql_params[] = $owner;
}
$res = dbi_execute($sql . ' ORDER BY wg.cal_name', $sql_params);
if ($res) {
while ($row = dbi_fetch_row($res)) {
$groups[] = array('cal_group_id' => $row[0], 'cal_name' => $row[1]);
}
dbi_free_result($res);
}
print_header('', '', '', true, false, true);
ob_start();
echo '
<script language="javascript" type="text/javascript">';
include 'includes/js/usersel.php';
echo '
</script>
<center>
<form action="#" name="userselform">
}
}
// TODO: Move this SQL along with the SQL in activity_log.php to a shared function.
$sql_params = array();
$sql = 'SELECT wel.cal_login, wel.cal_user_cal, wel.cal_type, wel.cal_date,
wel.cal_time, we.cal_name, wel.cal_log_id
FROM webcal_entry_log wel, webcal_entry we WHERE wel.cal_entry_id = we.cal_id ';
if (!empty($startid)) {
$sql .= 'AND wel.cal_log_id <= ? ';
$sql_params[] = $startid;
}
$sql .= 'ORDER BY wel.cal_log_id DESC';
if (!empty($WS_DEBUG) && $WS_DEBUG) {
ws_log_message('SQL> ' . $sql . "\n\n");
}
$res = dbi_execute($sql, $sql_params);
$out = '
<activitylog>';
if ($res) {
$out .= '
<!-- in if -->';
$cnt = 0;
while (($row = dbi_fetch_row($res)) && $cnt < $num) {
$out .= '
<!-- in while type: $row[2] -->
<log>
<login>' . ws_escape_xml($row[0]) . '</login>
<calendar>' . ws_escape_xml($row[1]) . '</calendar>
<type>' . ws_escape_xml($row[2]) . '</type>
<date>' . ws_escape_xml($row[3]) . '</date>
<time>' . ws_escape_xml($row[4]) . '</time>
if ($nlastname) {
$sql .= ' cal_lastname = ?,';
$sql_params[] = $nlastname;
}
if ($nfirstname) {
$sql .= ' cal_firstname = ?,';
$sql_params[] = $nfirstname;
}
$sql_params[] = $nadmin;
$sql_params[] = $nid;
if (!dbi_execute($sql . ' cal_admin = ? WHERE cal_login = ?', $sql_params)) {
$error = db_error();
}
} else {
// Adding
if (preg_match('/^[\\w]+$/', $nid)) {
$nid = $NONUSER_PREFIX . $nid;
if (!dbi_execute('INSERT INTO webcal_nonuser_cals ( cal_login,
cal_firstname, cal_lastname, cal_admin ) VALUES ( ?, ?, ?, ? )', array($nid, $nfirstname, $nlastname, $nadmin))) {
$error = db_error();
}
} else {
$error = translate('Calendar ID') . ' ' . translate('word characters only') . '.';
}
}
}
if (empty($error)) {
do_redirect('nonusers.php');
}
print_header();
echo print_error($error) . print_trailer();
/**
* Get a list of users and return info in an array.
*
* @return array Array of user info
*/
function user_get_users($publicOnly = false)
{
global $PUBLIC_ACCESS, $PUBLIC_ACCESS_FULLNAME, $USER_SORT_ORDER;
$count = 0;
$ret = array();
if ($PUBLIC_ACCESS == 'Y') {
$ret[$count++] = array('cal_login' => '__public__', 'cal_lastname' => '', 'cal_firstname' => '', 'cal_is_admin' => 'N', 'cal_email' => '', 'cal_password' => '', 'cal_fullname' => $PUBLIC_ACCESS_FULLNAME);
}
if ($publicOnly) {
return $ret;
}
0 - ($order1 = empty($USER_SORT_ORDER) ? 'cal_lastname, cal_firstname,' : "{$USER_SORT_ORDER},");
$res = dbi_execute('SELECT cal_login, cal_lastname, cal_firstname,
cal_is_admin, cal_email, cal_passwd FROM webcal_user
ORDER BY $order1 cal_login');
if ($res) {
while ($row = dbi_fetch_row($res)) {
if (strlen($row[1]) && strlen($row[2])) {
$fullname = $order1 == 'cal_lastname, cal_firstname,' ? "{$row['1']} {$row['2']}" : "{$row['2']} {$row['1']}";
} else {
$fullname = $row[0];
}
$ret[$count++] = array('cal_login' => $row[0], 'cal_lastname' => $row[1], 'cal_firstname' => $row[2], 'cal_is_admin' => $row[3], 'cal_email' => empty($row[4]) ? '' : $row[4], 'cal_password' => $row[5], 'cal_fullname' => $fullname);
}
dbi_free_result($res);
}
//no need to call sort_users () as the sql can sort for us
return $ret;
}
function user_delete_user($user)
{
// Get event ids for all events this user is a participant
$events = get_users_event_ids($user);
// Now count number of participants in each event...
// If just 1, then save id to be deleted
$delete_em = array();
for ($i = 0; $i < count($events); $i++) {
$res = dbi_execute('SELECT COUNT( * ) FROM webcal_entry_user WHERE cal_id = ?', array($events[$i]));
if ($res) {
if ($row = dbi_fetch_row($res)) {
if ($row[0] == 1) {
$delete_em[] = $events[$i];
}
}
dbi_free_result($res);
}
}
// Now delete events that were just for this user
for ($i = 0; $i < count($delete_em); $i++) {
dbi_execute("DELETE FROM webcal_entry_repeats WHERE cal_id = ?", array($delete_em[$i]));
dbi_execute("DELETE FROM webcal_entry_repeats_not WHERE cal_id = ?", array($delete_em[$i]));
dbi_execute("DELETE FROM webcal_entry_log WHERE cal_entry_id = ?", array($delete_em[$i]));
dbi_execute("DELETE FROM webcal_import_data WHERE cal_id = ?", array($delete_em[$i]));
dbi_execute("DELETE FROM webcal_site_extras WHERE cal_id = ?", array($delete_em[$i]));
dbi_execute("DELETE FROM webcal_entry_ext_user WHERE cal_id = ?", array($delete_em[$i]));
dbi_execute("DELETE FROM webcal_reminders WHERE cal_id = ?", array($delete_em[$i]));
dbi_execute("DELETE FROM webcal_blob WHERE cal_id = ?", array($delete_em[$i]));
dbi_execute("DELETE FROM webcal_entry WHERE cal_id = ?", array($delete_em[$i]));
}
// Delete user participation from events
dbi_execute("DELETE FROM webcal_entry_user WHERE cal_login = ?", array($user));
// Delete preferences
dbi_execute("DELETE FROM webcal_user_pref WHERE cal_login = ?", array($user));
// Delete from groups
dbi_execute("DELETE FROM webcal_group_user WHERE cal_login = ?", array($user));
// Delete bosses & assistants
dbi_execute("DELETE FROM webcal_asst WHERE cal_boss = ?", array($user));
dbi_execute("DELETE FROM webcal_asst WHERE cal_assistant = ?", array($user));
// Delete user's views
$delete_em = array();
$res = dbi_execute("SELECT cal_view_id FROM webcal_view WHERE cal_owner = ?", array($user));
if ($res) {
while ($row = dbi_fetch_row($res)) {
$delete_em[] = $row[0];
}
dbi_free_result($res);
}
for ($i = 0; $i < count($delete_em); $i++) {
dbi_execute("DELETE FROM webcal_view_user WHERE cal_view_id = ?", array($delete_em[$i]));
}
dbi_execute("DELETE FROM webcal_view WHERE cal_owner = ?", array($user));
//Delete them from any other user's views
dbi_execute("DELETE FROM webcal_view_user WHERE cal_login = ?", array($user));
// Delete layers
dbi_execute("DELETE FROM webcal_user_layers WHERE cal_login = ?", array($user));
// Delete any layers other users may have that point to this user.
dbi_execute("DELETE FROM webcal_user_layers WHERE cal_layeruser = ?", array($user));
// Delete user
dbi_execute("DELETE FROM webcal_user WHERE cal_login = ?", array($user));
// Delete function access
dbi_execute("DELETE FROM webcal_access_function WHERE cal_login = ?", array($user));
// Delete user access
dbi_execute("DELETE FROM webcal_access_user WHERE cal_login = ?", array($user));
dbi_execute("DELETE FROM webcal_access_user WHERE cal_other_user = ?", array($user));
// Delete user's categories
dbi_execute("DELETE FROM webcal_categories WHERE cat_owner = ?", array($user));
dbi_execute("DELETE FROM webcal_entry_categories WHERE cat_owner = ?", array($user));
// Delete user's reports
$delete_em = array();
$res = dbi_execute("SELECT cal_report_id FROM webcal_report WHERE cal_login = ?", array($user));
if ($res) {
while ($row = dbi_fetch_row($res)) {
$delete_em[] = $row[0];
}
dbi_free_result($res);
}
for ($i = 0; $i < count($delete_em); $i++) {
dbi_execute("DELETE FROM webcal_report_template WHERE cal_report_id = ?", array($delete_em[$i]));
}
dbi_execute("DELETE FROM webcal_report WHERE cal_login = ?", array($user));
//not sure about this one???
dbi_execute("DELETE FROM webcal_report WHERE cal_user = ?", array($user));
// Delete user templates
dbi_execute("DELETE FROM webcal_user_template WHERE cal_login = ?", array($user));
}
<td class="aligntop bold">' . translate('Created by') . ':</td>
<td>' . $groupowner . '</td>
</tr>' : '') . '
<tr>
<td class="aligntop bold"><label for="users">' . translate('Users') . ':</label></td>
<td>
<select name="users[]" id="users" size="10" multiple="multiple">';
// Get list of all users.
$users = user_get_users();
if ($NONUSER_ENABLED == 'Y') {
$nonusers = get_nonuser_cals();
$users = $NONUSER_AT_TOP == 'Y' ? array_merge($nonusers, $users) : array_merge($users, $nonusers);
}
// Get list of users for this group.
if (!$newgroup) {
$res = dbi_execute('SELECT cal_login FROM webcal_group_user
WHERE cal_group_id = ?', array($id));
if ($res) {
while ($row = dbi_fetch_row($res)) {
$groupuser[$row[0]] = 1;
}
dbi_free_result($res);
}
}
for ($i = 0, $cnt = count($users); $i < $cnt; $i++) {
$u = $users[$i]['cal_login'];
echo '
<option value="' . $u . '" ' . (!empty($groupuser[$u]) ? ' selected="selected"' : '') . '>' . $users[$i]['cal_fullname'] . '</option>';
}
echo '
</select>
</td>
include_once 'includes/init.php';
load_user_layers();
$status = getValue('status', '(on|off)', true);
$public = getValue('public');
if ($ALLOW_VIEW_OTHER != 'Y') {
print_header();
echo print_not_auth(7) . print_trailer();
exit;
}
$updating_public = false;
$url = 'layers.php';
if ($is_admin && !empty($public) && $PUBLIC_ACCESS == 'Y') {
$updating_public = true;
$layer_user = '******';
$url .= '?public=1';
} else {
$layer_user = $login;
}
dbi_execute('DELETE FROM webcal_user_pref WHERE cal_login = ?
AND cal_setting = \'LAYERS_STATUS\'', array($layer_user));
$sql = 'INSERT INTO webcal_user_pref ( cal_login, cal_setting, cal_value )
VALUES ( ?, \'LAYERS_STATUS\', ? )';
if (!dbi_execute($sql, array($layer_user, $status == 'off' ? 'N' : 'Y'))) {
$error = translate('Unable to update preference') . ': ' . dbi_error() . '<br /><br /><span class="bold">SQL:</span> ' . $sql;
break;
}
if (empty($error)) {
do_redirect($url);
}
print_header();
echo print_error($error, true) . print_trailer();
<?php
/* $Id: groups.php,v 1.28 2007/08/02 12:57:51 umcesrjones Exp $ */
defined('_ISVALID') or die('You cannot access this file directly!');
$count = $lastrow = 0;
$newGroupStr = translate('Add New Group');
$targetStr = 'target="grpiframe" onclick="showFrame( \'grpiframe\' );">';
ob_start();
echo '
<a name="tabgroups"></a>
<div id="tabscontent_groups">
<a title="' . $newGroupStr . '" href="group_edit.php"' . $targetStr . $newGroupStr . '</a><br />';
$res = dbi_execute('SELECT cal_group_id, cal_name FROM webcal_group
ORDER BY cal_name');
if ($res) {
while ($row = dbi_fetch_row($res)) {
echo ($count == 0 ? '
<ul>' : '') . '
<li><a title="' . $row[1] . '" href="group_edit.php?id=' . $row[0] . '"' . $targetStr . $row[1] . '</a></li>';
$count++;
$lastrow = $row[0];
}
if ($count > 0) {
echo '
</ul>';
}
dbi_free_result($res);
}
echo '
<iframe src="group_edit.php?id=' . $lastrow . '" name="grpiframe" id="grpiframe" style="width: 90%; border: 0; ' . 'height: 325px;"></iframe>
</div>';
function update_status($status, $user, $id, $type = 'E')
{
global $error, $login;
if (empty($status)) {
return;
}
$log_type = '';
switch ($type) {
case 'N':
case 'T':
$log_type = '_T';
break;
case 'J':
case 'O':
$log_type = '_J';
}
switch ($status) {
case 'A':
$log_type = constant('LOG_APPROVE' . $log_type);
// translate ( 'Error approving event' )
$error_msg = translate('Error approving event XXX.');
break;
case 'D':
$log_type = constant('LOG_DELETE' . $log_type);
// translate ( 'Error deleting event' )
$error_msg = translate('Error deleting event XXX.');
break;
case 'R':
$log_type = constant('LOG_REJECT' . $log_type);
// translate ( 'Error rejecting event' )
$error_msg = translate('Error rejecting event XXX.');
}
if (!dbi_execute('UPDATE webcal_entry_user SET cal_status = ?
WHERE cal_login = ? AND cal_id = ?', array($status, $user, $id))) {
$error = str_replace('XXX', dbi_error(), $error_msg);
} else {
activity_log($id, $login, $user, $log_type, '');
}
}
}
}
if (strlen($ext_emails[$ext_count]) && empty($ext_names[$ext_count])) {
$ext_names[$ext_count] = $ext_emails[$ext_count];
}
$ext_count++;
}
}
}
}
// Send notification if enabled.
if (is_array($ext_names) && is_array($ext_emails)) {
$ext_namescnt = count($ext_names);
for ($i = 0; $i < $ext_namescnt; $i++) {
if (strlen($ext_names[$i])) {
if (!dbi_execute('INSERT INTO webcal_entry_ext_user
( cal_id, cal_fullname, cal_email ) VALUES ( ?, ?, ? )', array($id, $ext_names[$i], strlen($ext_emails[$i]) ? $ext_emails[$i] : null))) {
$error = $dberror . dbi_error();
}
// Send mail notification if enabled.
// TODO: Move this code into a function...
if ($EXTERNAL_NOTIFICATIONS == 'Y' && $SEND_EMAIL != 'N' && strlen($ext_emails[$i]) > 0) {
if (!$newevent && isset($EXTERNAL_UPDATES) && $EXTERNAL_UPDATES == 'Y' || $newevent) {
$fmtdate = $timetype == 'T' ? date('Ymd', $eventstart) : gmdate('Ymd', $eventstart);
// Strip [\d] from duplicate Names before emailing.
$ext_names[$i] = trim(preg_replace('/\\[[\\d]]/', '', $ext_names[$i]));
$msg = str_replace('XXX', $ext_names[$i], $helloStr) . "\n\n" . str_replace('XXX', $login_fullname, $newevent ? $newAppStr : $updAppStr) . "\n" . str_replace('XXX', $name, $subjStr) . "\n\n" . str_replace('XXX', $description, $descStr) . "\n\n" . str_replace('XXX', date_to_str($fmtdate), $dateStr) . "\n" . ($timetype == 'T' ? str_replace('XXX', display_time('', !empty($GENERAL_USE_GMT) && $GENERAL_USE_GMT == 'Y' ? 3 : 6, $eventstart), $timeStr) : '') . $extra_email_data;
// Don't send HTML to external adresses.
// Always attach iCalendar file to external users
$mail->WC_Send($login_fullname, $ext_emails[$i], $ext_names[$i], $name, $msg, 'N', $from, $id);
}
}
if ($PUBLIC_ACCESS == 'Y' && $login == '__public__' && ($PUBLIC_ACCESS_OTHERS != 'Y' || $PUBLIC_ACCESS_VIEW_PART == 'N')) {
$show_participants = false;
}
if ($single_user == 'N' && $show_participants) {
echo '
<tr>
<td class="aligntop bold">' . translate('Participants') . ':</td>
<td>';
$num_app = $num_rej = $num_wait = 0;
if ($is_private && !access_is_enabled()) {
echo '[' . translate('Private') . ']';
} else {
if ($is_confidential && !access_is_enabled()) {
echo '[' . translate('Confidential') . ']';
} else {
$res = dbi_execute('SELECT cal_login, cal_status, cal_percent
FROM webcal_entry_user WHERE cal_id = ?' . ($eType == 'task' ? ' AND cal_status IN ( \'A\', \'W\' )' : ''), array($id));
$first = 1;
if ($res) {
while ($row = dbi_fetch_row($res)) {
$participants[] = $row;
$pname = $row[0];
if ($row[1] == 'A') {
$approved[$num_app++] = $pname;
} elseif ($row[1] == 'R') {
$rejected[$num_rej++] = $pname;
} elseif ($row[1] == 'W') {
$waiting[$num_wait++] = $pname;
}
}
dbi_free_result($res);
} else {
function db_populate($install_filename, $display_sql)
{
global $show_all_errors, $str_parsed_sql;
if ($install_filename == '') {
return;
}
$current_pointer = false;
$full_sql = '';
$magic = @get_magic_quotes_runtime();
@set_magic_quotes_runtime(0);
$fd = @fopen('sql/' . $install_filename, 'r', true);
// Discard everything up to the required point in the upgrade file.
while (!feof($fd) && empty($current_pointer)) {
$data = trim(fgets($fd, 4096), "\r\n ");
if (strpos(strtoupper($data), strtoupper($_SESSION['install_file'])) || substr($_SESSION['install_file'], 0, 6) == 'tables') {
$current_pointer = true;
}
}
// We already have a $data item from above.
if (substr($data, 0, 2) == "/*" && substr($_SESSION['install_file'], 0, 6) != 'tables') {
// Do nothing...We skip over comments in upgrade files.
} else {
$full_sql .= $data;
}
// We need to strip out the comments from upgrade files.
while (!feof($fd)) {
$data = trim(fgets($fd, 4096), "\r\n ");
if (substr($data, 0, 2) == '/*' && substr($_SESSION['install_file'], 0, 6) != 'tables') {
// Do nothing...We skip over comments in upgrade files.
} else {
$full_sql .= $data;
}
}
@set_magic_quotes_runtime($magic);
fclose($fd);
$parsed_sql = parse_sql($full_sql);
// String version of parsed_sql that is used if displaying SQL only.
$str_parsed_sql = '';
for ($i = 0, $sqlCntStr = count($parsed_sql); $i < $sqlCntStr; $i++) {
if (empty($display_sql)) {
if ($show_all_errors == true) {
echo $parsed_sql[$i] . '<br />';
}
dbi_execute($parsed_sql[$i], array(), false, $show_all_errors);
} else {
$str_parsed_sql .= $parsed_sql[$i] . "\n\n";
}
}
// Enable warnings.
show_errors(true);
}
function get_ids($sql, $ALL = '')
{
global $sqlLog;
$ids = array();
$sqlLog .= $sql . "<br />\n";
$res = dbi_execute($sql);
if ($res) {
while ($row = dbi_fetch_row($res)) {
if ($ALL == 1) {
$ids[] = $row[0];
} else {
//ONLY Delete event if no other participants.
$ID = $row[0];
$res2 = dbi_execute('SELECT COUNT( * ) FROM webcal_entry_user
WHERE cal_id = ?', array($ID));
if ($res2) {
if ($row2 = dbi_fetch_row($res2)) {
if ($row2[0] == 1) {
$ids[] = $ID;
}
}
dbi_free_result($res2);
}
}
// End if ($ALL)
}
// End while
}
dbi_free_result($res);
return $ids;
}
<?php
/* $Id: assistant_edit_handler.php,v 1.19.2.2 2012/02/28 02:07:45 cknudsen Exp $ */
include_once 'includes/init.php';
require_valide_referring_url();
$user = getPostValue('user');
$users = getPostValue('users');
$error = '';
if ($user != $login) {
$user = ($is_admin || $is_nonuser_admin) && $user ? $user : $login;
}
# update user list
dbi_execute('DELETE FROM webcal_asst WHERE cal_boss = ?', array($user));
if (!empty($users)) {
for ($i = 0, $cnt = count($users); $i < $cnt; $i++) {
dbi_execute('INSERT INTO webcal_asst ( cal_boss, cal_assistant )
VALUES ( ?, ? )', array($user, $users[$i]));
}
}
echo error_check('assistant_edit.php' . (($is_admin || $is_nonuser_admin) && $login != $user ? '?user='******''));
echo $nonuserfullname . ' ' . $assistStr . '<br />
-- ' . translate('Admin mode') . ' --';
} else {
echo translate('Your assistants');
}
echo '</h2>
' . display_admin_link() . '
<table>
<tr>
<td class="aligntop"><label for="users">' . $assistStr . ':</label></td>
<td>
<select name="users[]" id="users" size="10" multiple="multiple">';
// Get list of all users.
$users = get_my_users();
// Get list of users for this view.
$res = dbi_execute('SELECT cal_boss, cal_assistant FROM webcal_asst
WHERE cal_boss = ?', array($user));
if ($res) {
while ($row = dbi_fetch_row($res)) {
$assistantuser[$row[1]] = 1;
}
dbi_free_result($res);
}
/*
for ( $i = 0, $cnt = count ( $users ); $i < $cnt; $i++ ) {
$u = $users[$i]['cal_login'];
if ( $u == $login || $u == '__public__' )
continue;
echo '
<option value="' . $u . '"'
. ( ! empty ( $assistantuser[$u] ) ? ' selected="selected"' : '' ) . '>'
. $users[$i]['cal_fullname'] . '</option>';
if (!$res) {
echo str_replace('XXX', $id, translate('Invalid entry id XXX.'));
exit;
}
$mayNotAddStr = translate('a XXX event may not be added to your calendar');
$row = dbi_fetch_row($res);
if (!$is_my_event) {
if ($row[0] == 'C' && !$is_assistant && !$is_nonuser_admin) {
// Assistants are allowed to see confidential stuff.
$is_private = true;
echo str_replace('XXX', translate('confidential'), $mayNotAddStr);
exit;
} else {
if ($row[0] == 'R') {
$is_private = true;
echo str_replace('XXX', translate('private'), $mayNotAddStr);
exit;
}
}
}
// Add the event.
if ($readonly == 'N' && !$is_my_event && !$is_private) {
if (!dbi_execute('INSERT INTO webcal_entry_user ( cal_id, cal_login,
cal_status ) VALUES ( ?, ?, ? )', array($id, $login, 'A'))) {
// translate ( 'Error adding event' )
$error = str_replace('XXX', dbi_error(), translate('Error adding event XXX.'));
}
}
}
send_to_preferred_view();
exit;
$res = dbi_execute('SELECT cal_create_by FROM webcal_entry WHERE cal_id = ?', array($event_id));
if ($res) {
if ($row = dbi_fetch_row($res)) {
$event_owner = $row[0];
if ($event_owner == $login || user_is_assistant($login, $event_owner)) {
$can_delete = true;
}
}
dbi_free_result($res);
}
}
if (empty($error) && !$can_delete) {
$error = print_not_auth(6);
}
if (empty($error) && $can_delete) {
if (!dbi_execute('DELETE FROM webcal_blob WHERE cal_blob_id = ?', array($blid))) {
$error = db_error();
} else {
if ($event_id > 0) {
$removeStr = translate('Removed');
if ($type == 'A') {
activity_log($event_id, $login, $login, LOG_ATTACHMENT, $removeStr . ': ' . $name);
} elseif ($type == 'C') {
activity_log($event_id, $login, $login, LOG_COMMENT, $removeStr);
}
}
if ($event_id > 0) {
do_redirect('view_entry.php?id=' . $event_id);
}
do_redirect(get_preferred_view());
}
// can't view this event.
if (!$check_group && !access_is_enabled()) {
$can_view = false;
}
}
}
$hide_details = $login == '__public__' && !empty($OVERRIDE_PUBLIC) && $OVERRIDE_PUBLIC == 'Y';
// If they still cannot view, make sure they are not looking at a nonuser
// calendar event where the nonuser is the _only_ participant.
if (empty($error) && !$can_view && !empty($NONUSER_ENABLED) && $NONUSER_ENABLED == 'Y') {
$nonusers = get_nonuser_cals();
$nonuser_lookup = array();
for ($i = 0, $cnt = count($nonusers); $i < $cnt; $i++) {
$nonuser_lookup[$nonusers[$i]['cal_login']] = 1;
}
$res = dbi_execute('SELECT cal_login FROM webcal_entry_user
WHERE cal_id = ? AND cal_status in ( \'A\', \'W\' )', array($id));
$found_nonuser_cal = $found_reg_user = false;
if ($res) {
while ($row = dbi_fetch_row($res)) {
if (!empty($nonuser_lookup[$row[0]])) {
$found_nonuser_cal = true;
} else {
$found_reg_user = true;
}
}
dbi_free_result($res);
}
// Does this event contain only nonuser calendars as participants?
// If so, then grant access.
if ($found_nonuser_cal && !$found_reg_user) {
$can_view = true;
SET cat_name = ?, cat_color = ? WHERE cat_id = ?', array($catname, $catcolor, $id))) {
$error = db_error();
}
if (!empty($delIcon) && $delIcon == 'Y') {
renameIcon($id);
}
} else {
// Add new category.
// Get new id.
$res = dbi_execute('SELECT MAX( cat_id ) FROM webcal_categories');
if ($res) {
$row = dbi_fetch_row($res);
$id = $row[0] + 1;
dbi_free_result($res);
$catowner = $is_admin ? $isglobal == 'Y' ? null : $login : $login;
if (!dbi_execute('INSERT INTO webcal_categories ( cat_id, cat_owner,
cat_name, cat_color ) VALUES ( ?, ?, ?, ? )', array($id, $catowner, $catname, $catcolor))) {
$error = db_error();
}
} else {
$error = db_error();
}
}
if (empty($delIcon) && is_dir($icon_path) && (!empty($ENABLE_ICON_UPLOADS) && $ENABLE_ICON_UPLOADS == 'Y' || $is_admin)) {
// Save icon if uploaded.
if (!empty($file['tmp_name'])) {
if ($file['type'] == 'image/gif' && $file['size'] <= $icon_max_size) {
// $icon_props = getimagesize ( $file['tmp_name'] );
// print_r ($icon_props );
$path_parts = pathinfo($_SERVER['SCRIPT_FILENAME']);
$fullIcon = $path_parts['dirname'] . '/' . $icon_path . 'cat-' . $id . '.gif';
renameIcon($id);
// Only creator or an admin can edit/delete the event.
$error = print_not_auth(3);
}
// If we are editing a public user report we need to set $updating_public.
if ($is_admin && $report_login == '__public__') {
$updating_public = true;
}
} else {
// translate ( 'Invalid report id.' )
$error = str_replace('XXX', $report_id, translate('Invalid report id XXX.'));
}
dbi_free_result($res);
} else {
$error = db_error();
}
$res = dbi_execute('SELECT cal_template_type, cal_template_text
FROM webcal_report_template WHERE cal_report_id = ?', array($report_id));
if ($res) {
while ($row = dbi_fetch_row($res)) {
if ($row[0] == 'D') {
$day_template = $row[1];
} elseif ($row[0] == 'E') {
$event_template = $row[1];
} elseif ($row[0] == 'P') {
$page_template = $row[1];
}
}
dbi_free_result($res);
}
} else {
// Default values for new report.
$report_allow_nav = $report_include_header = 'Y';
}
if (empty($HTTP_USER_AGENT)) {
$HTTP_USER_AGENT = $_SERVER['HTTP_USER_AGENT'];
}
print_header('', '', '', true);
ob_start();
echo $helpListStr . '
<h2>' . translate('Report Bug') . '</h2>
<p>' . translate('Please include all the information below when reporting a bug.') . ($LANGUAGE != 'English-US' ? ' ' . str_replace('XXX', translate(get_browser_language(true)), translate('Also, please use English rather than XXX.')) : '') . '</p>
<form action="http://sourceforge.net/tracker/" target="_new">
<input type="hidden" name="func" value="add" />
<input type="hidden" name="group_id" value="3870" />
<input type="hidden" name="atid" value="103870" />
<input type="submit" value="' . translate('Report Bug') . '" />
</form>
<h3>' . translate('System Settings') . '</h3>
<div>';
$tmp_arr = array('PROGRAM_NAME' => $PROGRAM_NAME, 'SERVER_SOFTWARE' => $SERVER_SOFTWARE, 'Web Browser' => $HTTP_USER_AGENT, 'PHP Version' => phpversion(), 'Default Encoding' => ini_get('default_charset'), 'db_type' => $db_type, 'readonly' => $readonly, 'single_user' => $single_user, 'single_user_login' => $single_user_login, 'use_http_auth' => $use_http_auth ? 'Y' : 'N', 'user_inc' => $user_inc);
$res = dbi_execute('SELECT cal_setting, cal_value
FROM webcal_config ORDER BY cal_setting');
if ($res) {
while ($row = dbi_fetch_row($res)) {
$tmp_arr[$row[0]] = $row[1];
}
dbi_free_result($res);
}
list_help($tmp_arr);
ob_end_flush();
echo '
</div>
' . print_trailer(false, true, true);
cal_last_update = ? WHERE cal_group_id = ?', array($groupname, $dateYmd, $id))) {
$error = db_error();
}
} else {
# new... get new id first
$res = dbi_execute('SELECT MAX( cal_group_id ) FROM webcal_group');
if ($res) {
$row = dbi_fetch_row($res);
$id = $row[0];
$id++;
dbi_free_result($res);
if (!dbi_execute('INSERT INTO webcal_group ( cal_group_id, cal_owner,
cal_name, cal_last_update ) VALUES ( ?, ?, ?, ? )', array($id, $login, $groupname, $dateYmd))) {
$error = db_error();
}
} else {
$error = db_error();
}
}
}
# update user list
if (empty($error) && !empty($users)) {
dbi_execute('DELETE FROM webcal_group_user WHERE cal_group_id = ?', array($id));
for ($i = 0, $cnt = count($users); $i < $cnt; $i++) {
dbi_execute('INSERT INTO webcal_group_user ( cal_group_id, cal_login )
VALUES ( ?, ? )', array($id, $users[$i]));
}
}
}
}
echo error_check('users.php', false);
