function check_email($uemail) { global $control, $error; if (!strlen($uemail)) { $error = translate('Email address cannot be blank.'); return false; } $res = dbi_execute('SELECT cal_email FROM webcal_user WHERE cal_email = ?', array($uemail)); if ($res) { $row = dbi_fetch_row($res); if ($row[0] == $uemail) { $control = ''; $error = translate('Email address already exists.'); return false; } } return true; }
function db_load_config() { global $webcalConfig; while (list($key, $val) = each($webcalConfig)) { $res = dbi_execute('SELECT cal_value FROM webcal_config WHERE cal_setting = ?', array($key), false, false); $sql = 'INSERT INTO webcal_config ( cal_setting, cal_value ) VALUES (?,?)'; if (!$res) { dbi_execute($sql, array($key, $val)); } else { // SQLite returns $res always. $row = dbi_fetch_row($res); if (!isset($row[0])) { dbi_execute($sql, array($key, $val)); } dbi_free_result($res); } } }
function delete_palm_events($login) { $res = dbi_execute('SELECT cal_id FROM webcal_import_data WHERE cal_login = ? AND cal_import_type = ?', array($login, 'palm')); if ($res) { while ($row = dbi_fetch_row($res)) { dbi_execute('DELETE FROM webcal_blob WHERE cal_id = ?', array($row[0])); dbi_execute('DELETE FROM webcal_entry_log WHERE cal_entry_id = ?', array($row[0])); dbi_execute('DELETE FROM webcal_entry_repeats WHERE cal_id = ?', array($row[0])); dbi_execute('DELETE FROM webcal_entry_repeats_not WHERE cal_id = ?', array($row[0])); dbi_execute('DELETE FROM webcal_import_data WHERE cal_id = ?', array($row[0])); dbi_execute('DELETE FROM webcal_reminders WHERE cal_id = ?', array($row[0])); dbi_execute('DELETE FROM webcal_site_extras WHERE cal_id = ?', array($row[0])); dbi_execute('DELETE FROM webcal_entry_user WHERE cal_id = ?', array($row[0])); dbi_execute('DELETE FROM webcal_entry WHERE cal_id = ?', array($row[0])); } } dbi_free_result($res); return 1; }
function save_layer($layer_user, $layeruser, $layercolor, $dups, $id) { global $error, $layers; if ($layer_user == $layeruser) { $error = translate('You cannot create a layer for yourself.'); } load_user_layers($layer_user, 1); if (!empty($layeruser) && $error == '') { // Existing layer entry. if (!empty($layers[$id]['cal_layeruser'])) { // Update existing layer entry for this user. $layerid = $layers[$id]['cal_layerid']; dbi_execute('UPDATE webcal_user_layers SET cal_layeruser = ?, cal_color = ?, cal_dups = ? WHERE cal_layerid = ?', array($layeruser, $layercolor, $dups, $layerid)); } else { // New layer entry. // Check for existing layer for user. Can only have one layer per user. $res = dbi_execute('SELECT COUNT( cal_layerid ) FROM webcal_user_layers WHERE cal_login = ? AND cal_layeruser = ?', array($layer_user, $layeruser)); if ($res) { $row = dbi_fetch_row($res); if ($row[0] > 0) { $error = translate('You can only create one layer for each user.'); } dbi_free_result($res); } if ($error == '') { $res = dbi_execute('SELECT MAX( cal_layerid ) FROM webcal_user_layers'); if ($res) { $row = dbi_fetch_row($res); $layerid = $row[0] + 1; } else { $layerid = 1; } dbi_execute('INSERT INTO webcal_user_layers ( cal_layerid, cal_login, cal_layeruser, cal_color, cal_dups ) VALUES ( ?, ?, ?, ?, ? )', array($layerid, $layer_user, $layeruser, $layercolor, $dups)); } } } }
function doDbSanityCheck() { global $db_database, $db_host, $db_login; $dieMsgStr = 'Error finding WebCalendar tables in database "' . $db_database . '" using db login "' . $db_login . '" on db server "' . $db_host . '".<br /><br /> Have you created the database tables as specified in the <a href="docs/WebCalendar-SysAdmin.html" ' . ' target="other">WebCalendar System Administrator\'s Guide</a>?'; $res = @dbi_execute('SELECT COUNT( cal_value ) FROM webcal_config', array(), false, false); if ($res) { if ($row = dbi_fetch_row($res)) { // Found database. All is peachy. dbi_free_result($res); } else { // Error accessing table. // User has wrong db name or has not created tables. // Note: can't translate this since translate.php is not included yet. dbi_free_result($res); die_miserable_death($dieMsgStr); } } else { die_miserable_death($dieMsgStr); } }
function save_pref($prefs, $src) { global $my_theme, $prefuser; while (list($key, $value) = each($prefs)) { if ($src == 'post') { $setting = substr($key, 5); $prefix = substr($key, 0, 5); if ($prefix != 'pref_') { continue; } // validate key name. should start with "pref_" and not include // any unusual characters that might cause SQL injection if (!preg_match('/pref_[A-Za-z0-9_]+$/', $key)) { die_miserable_death(str_replace('XXX', $key, translate('Invalid setting name XXX.'))); } } else { $setting = $key; $prefix = 'pref_'; } //echo "Setting = $setting, key = $key, prefix = $prefix<br />\n"; if (strlen($setting) > 0 && $prefix == 'pref_') { if ($setting == 'THEME' && $value != 'none') { $my_theme = strtolower($value); } $sql = 'DELETE FROM webcal_user_pref WHERE cal_login = ? ' . 'AND cal_setting = ?'; dbi_execute($sql, array($prefuser, $setting)); if (strlen($value) > 0) { $setting = strtoupper($setting); $sql = 'INSERT INTO webcal_user_pref ' . '( cal_login, cal_setting, cal_value ) VALUES ' . '( ?, ?, ? )'; if (!dbi_execute($sql, array($prefuser, $setting, $value))) { $error = 'Unable to update preference: ' . dbi_error() . '<br /><br /><span class="bold">SQL:</span>' . $sql; break; } } } } }
function save_pref($prefs, $src) { global $error, $my_theme, $prad; if (!$prad) { global $prefuser; } $pos = $prad ? 6 : 5; while (list($key, $value) = each($prefs)) { if ($src == 'post') { $prefix = substr($key, 0, $pos); $setting = substr($key, $pos); if (!$prad && $prefix != 'pref_' || $prad && $key == 'currenttab') { continue; } // . // Validate key name. // If $prad not true, should start with "pref_" // else should start with "admin_", // and not include any unusual characters that might be an SQL injection attack. if (!$prad && !preg_match('/pref_[A-Za-z0-9_]+$/', $key) || $prad && !preg_match('/admin_[A-Za-z0-9_]+$/', $key)) { die_miserable_death(str_replace('XXX', $key, translate('Invalid setting name XXX.'))); } } else { $prefix = $prad ? 'admin_' : 'pref_'; $setting = $key; } if (strlen($setting) > 0 && $prefix == 'pref_' || $prefix == 'admin_') { if ($setting == 'THEME' && $value != 'none') { $my_theme = strtolower($value); } if ($prad) { $setting = strtoupper($setting); $sql = 'DELETE FROM webcal_config WHERE cal_setting = ?'; if (!dbi_execute($sql, array($setting))) { $error = db_error(false, $sql); break; } if (strlen($value) > 0) { $sql = 'INSERT INTO webcal_config ( cal_setting, cal_value ) VALUES ( ?, ? )'; if (!dbi_execute($sql, array($setting, $value))) { $error = db_error(false, $sql); break; } } } else { dbi_execute('DELETE FROM webcal_user_pref WHERE cal_login = ? AND cal_setting = ?', array($prefuser, $setting)); if (strlen($value) > 0) { $setting = strtoupper($setting); $sql = 'INSERT INTO webcal_user_pref ( cal_login, cal_setting, cal_value ) VALUES ( ?, ?, ? )'; if (!dbi_execute($sql, array($prefuser, $setting, $value))) { $error = 'Unable to update preference: ' . dbi_error() . '<br /><br /><span class="bold">SQL:</span>' . $sql; break; } } } } } // Reload preferences so any CSS changes will take effect. load_global_settings(); load_user_preferences(); }
function access_load_user_functions($user) { global $is_admin; static $permissions; if (!empty($permissions[$user])) { return $permissions[$user]; } $ret = ''; $rets = array(); $users = array($user, '__default__'); for ($i = 0, $cnt = count($users); $i < $cnt && empty($ret); $i++) { $res = dbi_execute('SELECT cal_permissions FROM webcal_access_function WHERE cal_login = ?', array($users[$i])); assert('$res'); if ($row = dbi_fetch_row($res)) { $rets[$users[$i]] = $row[0]; } dbi_free_result($res); } // If still no setting found, then assume access to everything // if an admin user, otherwise access to all non-admin functions. if (!empty($rets[$user])) { $ret = $rets[$user]; } else { if (!empty($rets['__default__'])) { $ret = $rets['__default__']; } else { for ($i = 0; $i < ACCESS_NUMBER_FUNCTIONS; $i++) { $ret .= get_default_function_access($i, $user); } } } // do_debug ( $user . " " . $ret); $permissions[$user] = $ret; return $ret; }
} // Parse $users. $exp = split(',', $users); $groups = $selected = $sql_params = array(); for ($i = 0, $cnt = count($exp); $i < $cnt; $i++) { $selected[$exp[$i]] = 1; } $owner = $is_nonuser_admin || $is_assistant ? $user : $login; // Load list of groups. $sql = 'SELECT wg.cal_group_id, wg.cal_name FROM webcal_group wg'; if ($USER_SEES_ONLY_HIS_GROUPS == 'Y') { $sql .= ', webcal_group_user wgu WHERE wg.cal_group_id = wgu.cal_group_id AND wgu.cal_login = ?'; $sql_params[] = $owner; } $res = dbi_execute($sql . ' ORDER BY wg.cal_name', $sql_params); if ($res) { while ($row = dbi_fetch_row($res)) { $groups[] = array('cal_group_id' => $row[0], 'cal_name' => $row[1]); } dbi_free_result($res); } print_header('', '', '', true, false, true); ob_start(); echo ' <script language="javascript" type="text/javascript">'; include 'includes/js/usersel.php'; echo ' </script> <center> <form action="#" name="userselform">
} } // TODO: Move this SQL along with the SQL in activity_log.php to a shared function. $sql_params = array(); $sql = 'SELECT wel.cal_login, wel.cal_user_cal, wel.cal_type, wel.cal_date, wel.cal_time, we.cal_name, wel.cal_log_id FROM webcal_entry_log wel, webcal_entry we WHERE wel.cal_entry_id = we.cal_id '; if (!empty($startid)) { $sql .= 'AND wel.cal_log_id <= ? '; $sql_params[] = $startid; } $sql .= 'ORDER BY wel.cal_log_id DESC'; if (!empty($WS_DEBUG) && $WS_DEBUG) { ws_log_message('SQL> ' . $sql . "\n\n"); } $res = dbi_execute($sql, $sql_params); $out = ' <activitylog>'; if ($res) { $out .= ' <!-- in if -->'; $cnt = 0; while (($row = dbi_fetch_row($res)) && $cnt < $num) { $out .= ' <!-- in while type: $row[2] --> <log> <login>' . ws_escape_xml($row[0]) . '</login> <calendar>' . ws_escape_xml($row[1]) . '</calendar> <type>' . ws_escape_xml($row[2]) . '</type> <date>' . ws_escape_xml($row[3]) . '</date> <time>' . ws_escape_xml($row[4]) . '</time>
if ($nlastname) { $sql .= ' cal_lastname = ?,'; $sql_params[] = $nlastname; } if ($nfirstname) { $sql .= ' cal_firstname = ?,'; $sql_params[] = $nfirstname; } $sql_params[] = $nadmin; $sql_params[] = $nid; if (!dbi_execute($sql . ' cal_admin = ? WHERE cal_login = ?', $sql_params)) { $error = db_error(); } } else { // Adding if (preg_match('/^[\\w]+$/', $nid)) { $nid = $NONUSER_PREFIX . $nid; if (!dbi_execute('INSERT INTO webcal_nonuser_cals ( cal_login, cal_firstname, cal_lastname, cal_admin ) VALUES ( ?, ?, ?, ? )', array($nid, $nfirstname, $nlastname, $nadmin))) { $error = db_error(); } } else { $error = translate('Calendar ID') . ' ' . translate('word characters only') . '.'; } } } if (empty($error)) { do_redirect('nonusers.php'); } print_header(); echo print_error($error) . print_trailer();
/** * Get a list of users and return info in an array. * * @return array Array of user info */ function user_get_users($publicOnly = false) { global $PUBLIC_ACCESS, $PUBLIC_ACCESS_FULLNAME, $USER_SORT_ORDER; $count = 0; $ret = array(); if ($PUBLIC_ACCESS == 'Y') { $ret[$count++] = array('cal_login' => '__public__', 'cal_lastname' => '', 'cal_firstname' => '', 'cal_is_admin' => 'N', 'cal_email' => '', 'cal_password' => '', 'cal_fullname' => $PUBLIC_ACCESS_FULLNAME); } if ($publicOnly) { return $ret; } 0 - ($order1 = empty($USER_SORT_ORDER) ? 'cal_lastname, cal_firstname,' : "{$USER_SORT_ORDER},"); $res = dbi_execute('SELECT cal_login, cal_lastname, cal_firstname, cal_is_admin, cal_email, cal_passwd FROM webcal_user ORDER BY $order1 cal_login'); if ($res) { while ($row = dbi_fetch_row($res)) { if (strlen($row[1]) && strlen($row[2])) { $fullname = $order1 == 'cal_lastname, cal_firstname,' ? "{$row['1']} {$row['2']}" : "{$row['2']} {$row['1']}"; } else { $fullname = $row[0]; } $ret[$count++] = array('cal_login' => $row[0], 'cal_lastname' => $row[1], 'cal_firstname' => $row[2], 'cal_is_admin' => $row[3], 'cal_email' => empty($row[4]) ? '' : $row[4], 'cal_password' => $row[5], 'cal_fullname' => $fullname); } dbi_free_result($res); } //no need to call sort_users () as the sql can sort for us return $ret; }
function user_delete_user($user) { // Get event ids for all events this user is a participant $events = get_users_event_ids($user); // Now count number of participants in each event... // If just 1, then save id to be deleted $delete_em = array(); for ($i = 0; $i < count($events); $i++) { $res = dbi_execute('SELECT COUNT( * ) FROM webcal_entry_user WHERE cal_id = ?', array($events[$i])); if ($res) { if ($row = dbi_fetch_row($res)) { if ($row[0] == 1) { $delete_em[] = $events[$i]; } } dbi_free_result($res); } } // Now delete events that were just for this user for ($i = 0; $i < count($delete_em); $i++) { dbi_execute("DELETE FROM webcal_entry_repeats WHERE cal_id = ?", array($delete_em[$i])); dbi_execute("DELETE FROM webcal_entry_repeats_not WHERE cal_id = ?", array($delete_em[$i])); dbi_execute("DELETE FROM webcal_entry_log WHERE cal_entry_id = ?", array($delete_em[$i])); dbi_execute("DELETE FROM webcal_import_data WHERE cal_id = ?", array($delete_em[$i])); dbi_execute("DELETE FROM webcal_site_extras WHERE cal_id = ?", array($delete_em[$i])); dbi_execute("DELETE FROM webcal_entry_ext_user WHERE cal_id = ?", array($delete_em[$i])); dbi_execute("DELETE FROM webcal_reminders WHERE cal_id = ?", array($delete_em[$i])); dbi_execute("DELETE FROM webcal_blob WHERE cal_id = ?", array($delete_em[$i])); dbi_execute("DELETE FROM webcal_entry WHERE cal_id = ?", array($delete_em[$i])); } // Delete user participation from events dbi_execute("DELETE FROM webcal_entry_user WHERE cal_login = ?", array($user)); // Delete preferences dbi_execute("DELETE FROM webcal_user_pref WHERE cal_login = ?", array($user)); // Delete from groups dbi_execute("DELETE FROM webcal_group_user WHERE cal_login = ?", array($user)); // Delete bosses & assistants dbi_execute("DELETE FROM webcal_asst WHERE cal_boss = ?", array($user)); dbi_execute("DELETE FROM webcal_asst WHERE cal_assistant = ?", array($user)); // Delete user's views $delete_em = array(); $res = dbi_execute("SELECT cal_view_id FROM webcal_view WHERE cal_owner = ?", array($user)); if ($res) { while ($row = dbi_fetch_row($res)) { $delete_em[] = $row[0]; } dbi_free_result($res); } for ($i = 0; $i < count($delete_em); $i++) { dbi_execute("DELETE FROM webcal_view_user WHERE cal_view_id = ?", array($delete_em[$i])); } dbi_execute("DELETE FROM webcal_view WHERE cal_owner = ?", array($user)); //Delete them from any other user's views dbi_execute("DELETE FROM webcal_view_user WHERE cal_login = ?", array($user)); // Delete layers dbi_execute("DELETE FROM webcal_user_layers WHERE cal_login = ?", array($user)); // Delete any layers other users may have that point to this user. dbi_execute("DELETE FROM webcal_user_layers WHERE cal_layeruser = ?", array($user)); // Delete user dbi_execute("DELETE FROM webcal_user WHERE cal_login = ?", array($user)); // Delete function access dbi_execute("DELETE FROM webcal_access_function WHERE cal_login = ?", array($user)); // Delete user access dbi_execute("DELETE FROM webcal_access_user WHERE cal_login = ?", array($user)); dbi_execute("DELETE FROM webcal_access_user WHERE cal_other_user = ?", array($user)); // Delete user's categories dbi_execute("DELETE FROM webcal_categories WHERE cat_owner = ?", array($user)); dbi_execute("DELETE FROM webcal_entry_categories WHERE cat_owner = ?", array($user)); // Delete user's reports $delete_em = array(); $res = dbi_execute("SELECT cal_report_id FROM webcal_report WHERE cal_login = ?", array($user)); if ($res) { while ($row = dbi_fetch_row($res)) { $delete_em[] = $row[0]; } dbi_free_result($res); } for ($i = 0; $i < count($delete_em); $i++) { dbi_execute("DELETE FROM webcal_report_template WHERE cal_report_id = ?", array($delete_em[$i])); } dbi_execute("DELETE FROM webcal_report WHERE cal_login = ?", array($user)); //not sure about this one??? dbi_execute("DELETE FROM webcal_report WHERE cal_user = ?", array($user)); // Delete user templates dbi_execute("DELETE FROM webcal_user_template WHERE cal_login = ?", array($user)); }
<td class="aligntop bold">' . translate('Created by') . ':</td> <td>' . $groupowner . '</td> </tr>' : '') . ' <tr> <td class="aligntop bold"><label for="users">' . translate('Users') . ':</label></td> <td> <select name="users[]" id="users" size="10" multiple="multiple">'; // Get list of all users. $users = user_get_users(); if ($NONUSER_ENABLED == 'Y') { $nonusers = get_nonuser_cals(); $users = $NONUSER_AT_TOP == 'Y' ? array_merge($nonusers, $users) : array_merge($users, $nonusers); } // Get list of users for this group. if (!$newgroup) { $res = dbi_execute('SELECT cal_login FROM webcal_group_user WHERE cal_group_id = ?', array($id)); if ($res) { while ($row = dbi_fetch_row($res)) { $groupuser[$row[0]] = 1; } dbi_free_result($res); } } for ($i = 0, $cnt = count($users); $i < $cnt; $i++) { $u = $users[$i]['cal_login']; echo ' <option value="' . $u . '" ' . (!empty($groupuser[$u]) ? ' selected="selected"' : '') . '>' . $users[$i]['cal_fullname'] . '</option>'; } echo ' </select> </td>
include_once 'includes/init.php'; load_user_layers(); $status = getValue('status', '(on|off)', true); $public = getValue('public'); if ($ALLOW_VIEW_OTHER != 'Y') { print_header(); echo print_not_auth(7) . print_trailer(); exit; } $updating_public = false; $url = 'layers.php'; if ($is_admin && !empty($public) && $PUBLIC_ACCESS == 'Y') { $updating_public = true; $layer_user = '******'; $url .= '?public=1'; } else { $layer_user = $login; } dbi_execute('DELETE FROM webcal_user_pref WHERE cal_login = ? AND cal_setting = \'LAYERS_STATUS\'', array($layer_user)); $sql = 'INSERT INTO webcal_user_pref ( cal_login, cal_setting, cal_value ) VALUES ( ?, \'LAYERS_STATUS\', ? )'; if (!dbi_execute($sql, array($layer_user, $status == 'off' ? 'N' : 'Y'))) { $error = translate('Unable to update preference') . ': ' . dbi_error() . '<br /><br /><span class="bold">SQL:</span> ' . $sql; break; } if (empty($error)) { do_redirect($url); } print_header(); echo print_error($error, true) . print_trailer();
<?php /* $Id: groups.php,v 1.28 2007/08/02 12:57:51 umcesrjones Exp $ */ defined('_ISVALID') or die('You cannot access this file directly!'); $count = $lastrow = 0; $newGroupStr = translate('Add New Group'); $targetStr = 'target="grpiframe" onclick="showFrame( \'grpiframe\' );">'; ob_start(); echo ' <a name="tabgroups"></a> <div id="tabscontent_groups"> <a title="' . $newGroupStr . '" href="group_edit.php"' . $targetStr . $newGroupStr . '</a><br />'; $res = dbi_execute('SELECT cal_group_id, cal_name FROM webcal_group ORDER BY cal_name'); if ($res) { while ($row = dbi_fetch_row($res)) { echo ($count == 0 ? ' <ul>' : '') . ' <li><a title="' . $row[1] . '" href="group_edit.php?id=' . $row[0] . '"' . $targetStr . $row[1] . '</a></li>'; $count++; $lastrow = $row[0]; } if ($count > 0) { echo ' </ul>'; } dbi_free_result($res); } echo ' <iframe src="group_edit.php?id=' . $lastrow . '" name="grpiframe" id="grpiframe" style="width: 90%; border: 0; ' . 'height: 325px;"></iframe> </div>';
function update_status($status, $user, $id, $type = 'E') { global $error, $login; if (empty($status)) { return; } $log_type = ''; switch ($type) { case 'N': case 'T': $log_type = '_T'; break; case 'J': case 'O': $log_type = '_J'; } switch ($status) { case 'A': $log_type = constant('LOG_APPROVE' . $log_type); // translate ( 'Error approving event' ) $error_msg = translate('Error approving event XXX.'); break; case 'D': $log_type = constant('LOG_DELETE' . $log_type); // translate ( 'Error deleting event' ) $error_msg = translate('Error deleting event XXX.'); break; case 'R': $log_type = constant('LOG_REJECT' . $log_type); // translate ( 'Error rejecting event' ) $error_msg = translate('Error rejecting event XXX.'); } if (!dbi_execute('UPDATE webcal_entry_user SET cal_status = ? WHERE cal_login = ? AND cal_id = ?', array($status, $user, $id))) { $error = str_replace('XXX', dbi_error(), $error_msg); } else { activity_log($id, $login, $user, $log_type, ''); } }
} } if (strlen($ext_emails[$ext_count]) && empty($ext_names[$ext_count])) { $ext_names[$ext_count] = $ext_emails[$ext_count]; } $ext_count++; } } } } // Send notification if enabled. if (is_array($ext_names) && is_array($ext_emails)) { $ext_namescnt = count($ext_names); for ($i = 0; $i < $ext_namescnt; $i++) { if (strlen($ext_names[$i])) { if (!dbi_execute('INSERT INTO webcal_entry_ext_user ( cal_id, cal_fullname, cal_email ) VALUES ( ?, ?, ? )', array($id, $ext_names[$i], strlen($ext_emails[$i]) ? $ext_emails[$i] : null))) { $error = $dberror . dbi_error(); } // Send mail notification if enabled. // TODO: Move this code into a function... if ($EXTERNAL_NOTIFICATIONS == 'Y' && $SEND_EMAIL != 'N' && strlen($ext_emails[$i]) > 0) { if (!$newevent && isset($EXTERNAL_UPDATES) && $EXTERNAL_UPDATES == 'Y' || $newevent) { $fmtdate = $timetype == 'T' ? date('Ymd', $eventstart) : gmdate('Ymd', $eventstart); // Strip [\d] from duplicate Names before emailing. $ext_names[$i] = trim(preg_replace('/\\[[\\d]]/', '', $ext_names[$i])); $msg = str_replace('XXX', $ext_names[$i], $helloStr) . "\n\n" . str_replace('XXX', $login_fullname, $newevent ? $newAppStr : $updAppStr) . "\n" . str_replace('XXX', $name, $subjStr) . "\n\n" . str_replace('XXX', $description, $descStr) . "\n\n" . str_replace('XXX', date_to_str($fmtdate), $dateStr) . "\n" . ($timetype == 'T' ? str_replace('XXX', display_time('', !empty($GENERAL_USE_GMT) && $GENERAL_USE_GMT == 'Y' ? 3 : 6, $eventstart), $timeStr) : '') . $extra_email_data; // Don't send HTML to external adresses. // Always attach iCalendar file to external users $mail->WC_Send($login_fullname, $ext_emails[$i], $ext_names[$i], $name, $msg, 'N', $from, $id); } }
if ($PUBLIC_ACCESS == 'Y' && $login == '__public__' && ($PUBLIC_ACCESS_OTHERS != 'Y' || $PUBLIC_ACCESS_VIEW_PART == 'N')) { $show_participants = false; } if ($single_user == 'N' && $show_participants) { echo ' <tr> <td class="aligntop bold">' . translate('Participants') . ':</td> <td>'; $num_app = $num_rej = $num_wait = 0; if ($is_private && !access_is_enabled()) { echo '[' . translate('Private') . ']'; } else { if ($is_confidential && !access_is_enabled()) { echo '[' . translate('Confidential') . ']'; } else { $res = dbi_execute('SELECT cal_login, cal_status, cal_percent FROM webcal_entry_user WHERE cal_id = ?' . ($eType == 'task' ? ' AND cal_status IN ( \'A\', \'W\' )' : ''), array($id)); $first = 1; if ($res) { while ($row = dbi_fetch_row($res)) { $participants[] = $row; $pname = $row[0]; if ($row[1] == 'A') { $approved[$num_app++] = $pname; } elseif ($row[1] == 'R') { $rejected[$num_rej++] = $pname; } elseif ($row[1] == 'W') { $waiting[$num_wait++] = $pname; } } dbi_free_result($res); } else {
function db_populate($install_filename, $display_sql) { global $show_all_errors, $str_parsed_sql; if ($install_filename == '') { return; } $current_pointer = false; $full_sql = ''; $magic = @get_magic_quotes_runtime(); @set_magic_quotes_runtime(0); $fd = @fopen('sql/' . $install_filename, 'r', true); // Discard everything up to the required point in the upgrade file. while (!feof($fd) && empty($current_pointer)) { $data = trim(fgets($fd, 4096), "\r\n "); if (strpos(strtoupper($data), strtoupper($_SESSION['install_file'])) || substr($_SESSION['install_file'], 0, 6) == 'tables') { $current_pointer = true; } } // We already have a $data item from above. if (substr($data, 0, 2) == "/*" && substr($_SESSION['install_file'], 0, 6) != 'tables') { // Do nothing...We skip over comments in upgrade files. } else { $full_sql .= $data; } // We need to strip out the comments from upgrade files. while (!feof($fd)) { $data = trim(fgets($fd, 4096), "\r\n "); if (substr($data, 0, 2) == '/*' && substr($_SESSION['install_file'], 0, 6) != 'tables') { // Do nothing...We skip over comments in upgrade files. } else { $full_sql .= $data; } } @set_magic_quotes_runtime($magic); fclose($fd); $parsed_sql = parse_sql($full_sql); // String version of parsed_sql that is used if displaying SQL only. $str_parsed_sql = ''; for ($i = 0, $sqlCntStr = count($parsed_sql); $i < $sqlCntStr; $i++) { if (empty($display_sql)) { if ($show_all_errors == true) { echo $parsed_sql[$i] . '<br />'; } dbi_execute($parsed_sql[$i], array(), false, $show_all_errors); } else { $str_parsed_sql .= $parsed_sql[$i] . "\n\n"; } } // Enable warnings. show_errors(true); }
function get_ids($sql, $ALL = '') { global $sqlLog; $ids = array(); $sqlLog .= $sql . "<br />\n"; $res = dbi_execute($sql); if ($res) { while ($row = dbi_fetch_row($res)) { if ($ALL == 1) { $ids[] = $row[0]; } else { //ONLY Delete event if no other participants. $ID = $row[0]; $res2 = dbi_execute('SELECT COUNT( * ) FROM webcal_entry_user WHERE cal_id = ?', array($ID)); if ($res2) { if ($row2 = dbi_fetch_row($res2)) { if ($row2[0] == 1) { $ids[] = $ID; } } dbi_free_result($res2); } } // End if ($ALL) } // End while } dbi_free_result($res); return $ids; }
<?php /* $Id: assistant_edit_handler.php,v 1.19.2.2 2012/02/28 02:07:45 cknudsen Exp $ */ include_once 'includes/init.php'; require_valide_referring_url(); $user = getPostValue('user'); $users = getPostValue('users'); $error = ''; if ($user != $login) { $user = ($is_admin || $is_nonuser_admin) && $user ? $user : $login; } # update user list dbi_execute('DELETE FROM webcal_asst WHERE cal_boss = ?', array($user)); if (!empty($users)) { for ($i = 0, $cnt = count($users); $i < $cnt; $i++) { dbi_execute('INSERT INTO webcal_asst ( cal_boss, cal_assistant ) VALUES ( ?, ? )', array($user, $users[$i])); } } echo error_check('assistant_edit.php' . (($is_admin || $is_nonuser_admin) && $login != $user ? '?user='******''));
echo $nonuserfullname . ' ' . $assistStr . '<br /> -- ' . translate('Admin mode') . ' --'; } else { echo translate('Your assistants'); } echo '</h2> ' . display_admin_link() . ' <table> <tr> <td class="aligntop"><label for="users">' . $assistStr . ':</label></td> <td> <select name="users[]" id="users" size="10" multiple="multiple">'; // Get list of all users. $users = get_my_users(); // Get list of users for this view. $res = dbi_execute('SELECT cal_boss, cal_assistant FROM webcal_asst WHERE cal_boss = ?', array($user)); if ($res) { while ($row = dbi_fetch_row($res)) { $assistantuser[$row[1]] = 1; } dbi_free_result($res); } /* for ( $i = 0, $cnt = count ( $users ); $i < $cnt; $i++ ) { $u = $users[$i]['cal_login']; if ( $u == $login || $u == '__public__' ) continue; echo ' <option value="' . $u . '"' . ( ! empty ( $assistantuser[$u] ) ? ' selected="selected"' : '' ) . '>' . $users[$i]['cal_fullname'] . '</option>';
if (!$res) { echo str_replace('XXX', $id, translate('Invalid entry id XXX.')); exit; } $mayNotAddStr = translate('a XXX event may not be added to your calendar'); $row = dbi_fetch_row($res); if (!$is_my_event) { if ($row[0] == 'C' && !$is_assistant && !$is_nonuser_admin) { // Assistants are allowed to see confidential stuff. $is_private = true; echo str_replace('XXX', translate('confidential'), $mayNotAddStr); exit; } else { if ($row[0] == 'R') { $is_private = true; echo str_replace('XXX', translate('private'), $mayNotAddStr); exit; } } } // Add the event. if ($readonly == 'N' && !$is_my_event && !$is_private) { if (!dbi_execute('INSERT INTO webcal_entry_user ( cal_id, cal_login, cal_status ) VALUES ( ?, ?, ? )', array($id, $login, 'A'))) { // translate ( 'Error adding event' ) $error = str_replace('XXX', dbi_error(), translate('Error adding event XXX.')); } } } send_to_preferred_view(); exit;
$res = dbi_execute('SELECT cal_create_by FROM webcal_entry WHERE cal_id = ?', array($event_id)); if ($res) { if ($row = dbi_fetch_row($res)) { $event_owner = $row[0]; if ($event_owner == $login || user_is_assistant($login, $event_owner)) { $can_delete = true; } } dbi_free_result($res); } } if (empty($error) && !$can_delete) { $error = print_not_auth(6); } if (empty($error) && $can_delete) { if (!dbi_execute('DELETE FROM webcal_blob WHERE cal_blob_id = ?', array($blid))) { $error = db_error(); } else { if ($event_id > 0) { $removeStr = translate('Removed'); if ($type == 'A') { activity_log($event_id, $login, $login, LOG_ATTACHMENT, $removeStr . ': ' . $name); } elseif ($type == 'C') { activity_log($event_id, $login, $login, LOG_COMMENT, $removeStr); } } if ($event_id > 0) { do_redirect('view_entry.php?id=' . $event_id); } do_redirect(get_preferred_view()); }
// can't view this event. if (!$check_group && !access_is_enabled()) { $can_view = false; } } } $hide_details = $login == '__public__' && !empty($OVERRIDE_PUBLIC) && $OVERRIDE_PUBLIC == 'Y'; // If they still cannot view, make sure they are not looking at a nonuser // calendar event where the nonuser is the _only_ participant. if (empty($error) && !$can_view && !empty($NONUSER_ENABLED) && $NONUSER_ENABLED == 'Y') { $nonusers = get_nonuser_cals(); $nonuser_lookup = array(); for ($i = 0, $cnt = count($nonusers); $i < $cnt; $i++) { $nonuser_lookup[$nonusers[$i]['cal_login']] = 1; } $res = dbi_execute('SELECT cal_login FROM webcal_entry_user WHERE cal_id = ? AND cal_status in ( \'A\', \'W\' )', array($id)); $found_nonuser_cal = $found_reg_user = false; if ($res) { while ($row = dbi_fetch_row($res)) { if (!empty($nonuser_lookup[$row[0]])) { $found_nonuser_cal = true; } else { $found_reg_user = true; } } dbi_free_result($res); } // Does this event contain only nonuser calendars as participants? // If so, then grant access. if ($found_nonuser_cal && !$found_reg_user) { $can_view = true;
SET cat_name = ?, cat_color = ? WHERE cat_id = ?', array($catname, $catcolor, $id))) { $error = db_error(); } if (!empty($delIcon) && $delIcon == 'Y') { renameIcon($id); } } else { // Add new category. // Get new id. $res = dbi_execute('SELECT MAX( cat_id ) FROM webcal_categories'); if ($res) { $row = dbi_fetch_row($res); $id = $row[0] + 1; dbi_free_result($res); $catowner = $is_admin ? $isglobal == 'Y' ? null : $login : $login; if (!dbi_execute('INSERT INTO webcal_categories ( cat_id, cat_owner, cat_name, cat_color ) VALUES ( ?, ?, ?, ? )', array($id, $catowner, $catname, $catcolor))) { $error = db_error(); } } else { $error = db_error(); } } if (empty($delIcon) && is_dir($icon_path) && (!empty($ENABLE_ICON_UPLOADS) && $ENABLE_ICON_UPLOADS == 'Y' || $is_admin)) { // Save icon if uploaded. if (!empty($file['tmp_name'])) { if ($file['type'] == 'image/gif' && $file['size'] <= $icon_max_size) { // $icon_props = getimagesize ( $file['tmp_name'] ); // print_r ($icon_props ); $path_parts = pathinfo($_SERVER['SCRIPT_FILENAME']); $fullIcon = $path_parts['dirname'] . '/' . $icon_path . 'cat-' . $id . '.gif'; renameIcon($id);
// Only creator or an admin can edit/delete the event. $error = print_not_auth(3); } // If we are editing a public user report we need to set $updating_public. if ($is_admin && $report_login == '__public__') { $updating_public = true; } } else { // translate ( 'Invalid report id.' ) $error = str_replace('XXX', $report_id, translate('Invalid report id XXX.')); } dbi_free_result($res); } else { $error = db_error(); } $res = dbi_execute('SELECT cal_template_type, cal_template_text FROM webcal_report_template WHERE cal_report_id = ?', array($report_id)); if ($res) { while ($row = dbi_fetch_row($res)) { if ($row[0] == 'D') { $day_template = $row[1]; } elseif ($row[0] == 'E') { $event_template = $row[1]; } elseif ($row[0] == 'P') { $page_template = $row[1]; } } dbi_free_result($res); } } else { // Default values for new report. $report_allow_nav = $report_include_header = 'Y';
} if (empty($HTTP_USER_AGENT)) { $HTTP_USER_AGENT = $_SERVER['HTTP_USER_AGENT']; } print_header('', '', '', true); ob_start(); echo $helpListStr . ' <h2>' . translate('Report Bug') . '</h2> <p>' . translate('Please include all the information below when reporting a bug.') . ($LANGUAGE != 'English-US' ? ' ' . str_replace('XXX', translate(get_browser_language(true)), translate('Also, please use English rather than XXX.')) : '') . '</p> <form action="http://sourceforge.net/tracker/" target="_new"> <input type="hidden" name="func" value="add" /> <input type="hidden" name="group_id" value="3870" /> <input type="hidden" name="atid" value="103870" /> <input type="submit" value="' . translate('Report Bug') . '" /> </form> <h3>' . translate('System Settings') . '</h3> <div>'; $tmp_arr = array('PROGRAM_NAME' => $PROGRAM_NAME, 'SERVER_SOFTWARE' => $SERVER_SOFTWARE, 'Web Browser' => $HTTP_USER_AGENT, 'PHP Version' => phpversion(), 'Default Encoding' => ini_get('default_charset'), 'db_type' => $db_type, 'readonly' => $readonly, 'single_user' => $single_user, 'single_user_login' => $single_user_login, 'use_http_auth' => $use_http_auth ? 'Y' : 'N', 'user_inc' => $user_inc); $res = dbi_execute('SELECT cal_setting, cal_value FROM webcal_config ORDER BY cal_setting'); if ($res) { while ($row = dbi_fetch_row($res)) { $tmp_arr[$row[0]] = $row[1]; } dbi_free_result($res); } list_help($tmp_arr); ob_end_flush(); echo ' </div> ' . print_trailer(false, true, true);
cal_last_update = ? WHERE cal_group_id = ?', array($groupname, $dateYmd, $id))) { $error = db_error(); } } else { # new... get new id first $res = dbi_execute('SELECT MAX( cal_group_id ) FROM webcal_group'); if ($res) { $row = dbi_fetch_row($res); $id = $row[0]; $id++; dbi_free_result($res); if (!dbi_execute('INSERT INTO webcal_group ( cal_group_id, cal_owner, cal_name, cal_last_update ) VALUES ( ?, ?, ?, ? )', array($id, $login, $groupname, $dateYmd))) { $error = db_error(); } } else { $error = db_error(); } } } # update user list if (empty($error) && !empty($users)) { dbi_execute('DELETE FROM webcal_group_user WHERE cal_group_id = ?', array($id)); for ($i = 0, $cnt = count($users); $i < $cnt; $i++) { dbi_execute('INSERT INTO webcal_group_user ( cal_group_id, cal_login ) VALUES ( ?, ? )', array($id, $users[$i])); } } } } echo error_check('users.php', false);