/**
* Loads all the language translation into an array for quick lookup.
*
* <b>Note:</b> There is no need to call this manually. It will be invoked by
* {@link translate()} the first time it is called.
*/
function load_translation_text()
{
global $lang_file, $translations, $basedir, $PUBLIC_ACCESS_FULLNAME, $fullname;
$translations = array();
if (strlen($basedir)) {
$lang_file_2 = "{$basedir}/{$lang_file}";
if (file_exists($lang_file_2)) {
$lang_file = $lang_file_2;
}
}
if (!file_exists($lang_file)) {
die_miserable_death("Cannot find language file: {$lang_file}");
}
$fp = fopen($lang_file, "r");
if (!$fp) {
die_miserable_death("Could not open language file: {$lang_file}");
}
while (!feof($fp)) {
$buffer = fgets($fp, 4096);
$buffer = trim($buffer);
// stripslashes may cause problems with Japanese translations
// if so, we may have to make this configurable.
if (get_magic_quotes_runtime()) {
$buffer = stripslashes($buffer);
}
if (substr($buffer, 0, 1) == "#" || strlen($buffer) == 0) {
continue;
}
$pos = strpos($buffer, ":");
$abbrev = substr($buffer, 0, $pos);
$abbrev = trim($abbrev);
$trans = substr($buffer, $pos + 1);
$trans = trim($trans);
$translations[$abbrev] = $trans;
//echo "Abbrev: $abbrev<br />Trans: $trans<br />\n";
}
fclose($fp);
$PUBLIC_ACCESS_FULLNAME = translate("Public Access");
if ($fullname == "Public Access") {
$fullname = $PUBLIC_ACCESS_FULLNAME;
}
}
function doDbSanityCheck()
{
global $db_database, $db_host, $db_login;
$dieMsgStr = 'Error finding WebCalendar tables in database "' . $db_database . '" using db login "' . $db_login . '" on db server "' . $db_host . '".<br /><br />
Have you created the database tables as specified in the
<a href="docs/WebCalendar-SysAdmin.html" ' . ' target="other">WebCalendar System Administrator\'s Guide</a>?';
$res = @dbi_execute('SELECT COUNT( cal_value ) FROM webcal_config', array(), false, false);
if ($res) {
if ($row = dbi_fetch_row($res)) {
// Found database. All is peachy.
dbi_free_result($res);
} else {
// Error accessing table.
// User has wrong db name or has not created tables.
// Note: can't translate this since translate.php is not included yet.
dbi_free_result($res);
die_miserable_death($dieMsgStr);
}
} else {
die_miserable_death($dieMsgStr);
}
}
function doDbSanityCheck()
{
global $db_login, $db_host, $db_database;
$res = @dbi_query("SELECT COUNT(cal_value) FROM webcal_config", false, false);
if ($res) {
if ($row = dbi_fetch_row($res)) {
// Found database. All is peachy.
dbi_free_result($res);
} else {
// Error accessing table.
// User has wrong db name or has not created tables.
// Note: cannot translate this since we have not included
// translate.php yet.
dbi_free_result($res);
die_miserable_death("Error finding WebCalendar tables in database '{$db_database}' " . "using db login '{$db_login}' on db server '{$db_host}'.<br/><br/>\n" . "Have you created the database tables as specified in the " . "<a href=\"docs/WebCalendar-SysAdmin.html\" target=\"other\">WebCalendar " . "System Administrator's Guide</a>?");
}
} else {
// Error accessing table.
// User has wrong db name or has not created tables.
// Note: cannot translate this since we have not included translate.php yet.
die_miserable_death("Error finding WebCalendar tables in database '{$db_database}' " . "using db login '{$db_login}' on db server '{$db_host}'.<br/><br/>\n" . "Have you created the database tables as specified in the " . "<a href=\"docs/WebCalendar-SysAdmin.html\" target=\"other\">WebCalendar " . "System Administrator's Guide</a>?");
}
}
function save_pref($prefs, $src)
{
global $my_theme, $prefuser;
while (list($key, $value) = each($prefs)) {
if ($src == 'post') {
$setting = substr($key, 5);
$prefix = substr($key, 0, 5);
if ($prefix != 'pref_') {
continue;
}
// validate key name. should start with "pref_" and not include
// any unusual characters that might cause SQL injection
if (!preg_match('/pref_[A-Za-z0-9_]+$/', $key)) {
die_miserable_death(str_replace('XXX', $key, translate('Invalid setting name XXX.')));
}
} else {
$setting = $key;
$prefix = 'pref_';
}
//echo "Setting = $setting, key = $key, prefix = $prefix<br />\n";
if (strlen($setting) > 0 && $prefix == 'pref_') {
if ($setting == 'THEME' && $value != 'none') {
$my_theme = strtolower($value);
}
$sql = 'DELETE FROM webcal_user_pref WHERE cal_login = ? ' . 'AND cal_setting = ?';
dbi_execute($sql, array($prefuser, $setting));
if (strlen($value) > 0) {
$setting = strtoupper($setting);
$sql = 'INSERT INTO webcal_user_pref ' . '( cal_login, cal_setting, cal_value ) VALUES ' . '( ?, ?, ? )';
if (!dbi_execute($sql, array($prefuser, $setting, $value))) {
$error = 'Unable to update preference: ' . dbi_error() . '<br /><br /><span class="bold">SQL:</span>' . $sql;
break;
}
}
}
}
}
function get_wc_path($filename)
{
if (preg_match('/(.*)security_audit.php/', __FILE__, $matches)) {
$fileLoc = $matches[1] . $filename;
return $fileLoc;
} else {
// Oops. This file is not named security_audit.php
die_miserable_death('Crap! Someone renamed security_audit.php');
}
}
function getValue($name, $format = '', $fatal = false)
{
global $settings;
$val = getPostValue($name);
if (!isset($val)) {
$val = getGetValue($name);
}
// for older PHP versions...
if (!isset($val) && get_magic_quotes_gpc() == 1 && !empty($GLOBALS[$name])) {
$val = $GLOBALS[$name];
}
if (!isset($val)) {
return '';
}
if (!empty($format) && !preg_match('/^' . $format . '$/', $val)) {
// does not match
if ($fatal) {
if ($settings['mode'] == 'dev') {
$error_str = ' "' . $val . '"';
} else {
$error_str = '';
}
die_miserable_death(translate('Fatal Error') . ': ' . translate('Invalid data format for') . ' ' . $name . $error_str);
}
// ignore value
return '';
}
preventHacking($name, $val);
return $val;
}
<?php
/* $Id: admin_handler.php,v 1.7.4.3 2005/11/29 15:28:25 cknudsen Exp $ */
include_once 'includes/init.php';
$error = "";
if (!$is_admin) {
$error = translate("You are not authorized");
}
if ($error == "") {
while (list($key, $value) = each($HTTP_POST_VARS)) {
$setting = substr($key, 6);
// validate key name. should start with "admin_" and not include
// any unusual characters that might cause SQL injection
if (!preg_match('/admin_[A-Za-z0-9_]+$/', $key)) {
die_miserable_death('Invalid admin setting name "' . $key . '"');
}
if (strlen($setting) > 0) {
$sql = "DELETE FROM webcal_config WHERE cal_setting = '{$setting}'";
if (!dbi_query($sql)) {
$error = translate("Error") . ": " . dbi_error() . "<br /><br /><span style=\"font-weight:bold;\">SQL:</span> {$sql}";
break;
}
if (strlen($value) > 0) {
$sql = "INSERT INTO webcal_config " . "( cal_setting, cal_value ) VALUES " . "( '{$setting}', '{$value}' )";
if (!dbi_query($sql)) {
$error = translate("Error") . ": " . dbi_error() . "<br /><br /><span style=\"font-weight:bold;\">SQL:</span> {$sql}";
break;
}
}
}
}
$_SERVER['PHP_AUTH_PW'] = $_SERVER['PHP_AUTH_USER'] = '';
unset($_SERVER['PHP_AUTH_USER']);
unset($_SERVER['PHP_AUTH_PW']);
header('WWW-Authenticate: Basic realm="' . $appStr . '"');
header('HTTP/1.0 401 Unauthorized');
exit;
}
}
load_global_settings();
load_user_preferences();
$WebCalendar->setLanguage();
// Load user name, etc.
user_load_variables($login, '');
// Make sure the have privileges to access the activity log
if (!$is_admin || access_is_enabled() && !access_can_access_function(ACCESS_ACTIVITY_LOG)) {
die_miserable_death(print_not_auth(2));
}
$charset = empty($LANGUAGE) ? 'iso-8859-1' : translate('charset');
// This should work ok with RSS, may need to hardcode fallback value.
$lang = languageToAbbrev($LANGUAGE == 'Browser-defined' || $LANGUAGE == 'none' ? $lang : $LANGUAGE);
if ($lang == 'en') {
$lang = 'en-us';
}
//the RSS 2.0 default.
$appStr = generate_application_name();
$descr = $appStr . ' - ' . translate('Activity Log');
// header ( 'Content-type: application/rss+xml');
header('Content-type: text/xml');
echo '<?xml version="1.0" encoding="' . $charset . '"?>
<rss version="2.0" xml:lang="' . $lang . '">
<channel>
function load_translation_text()
{
global $lang_file, $settings, $translation_loaded, $translations;
if ($translation_loaded) {
// No need to run this twice.
return;
}
$eng_file = 'translations/English-US.txt';
$lang_cache = substr($lang_file, strrpos($lang_file, '/') + 1);
$lang_file_2 = '';
if (defined('__WC_BASEDIR')) {
if (!file_exists($lang_file)) {
$lang_file_2 = __WC_BASEDIR . '/' . $lang_file;
}
if (file_exists($lang_file_2)) {
$lang_file = $lang_file_2;
}
if (!file_exists($lang_file)) {
$lang_file = 'translations/' . $lang_cache;
}
}
if (!file_exists($lang_file)) {
$lang_file = $eng_file;
}
if (!file_exists($lang_file)) {
die_miserable_death('Cannot find language file: ' . $lang_file);
}
$cached_base_file = $cached_file = $cachedir = '';
$can_save = false;
if (!file_exists($eng_file)) {
$eng_file = '../' . $eng_file;
}
// Check for 'cachedir' in settings. If found, then we will save
// the parsed translation file there as a serialized array.
// Ensure we use the proper cachedir name.
if (!empty($settings['cachedir']) && is_dir($settings['cachedir'])) {
$cachedir = $settings['cachedir'];
} else {
if (!empty($settings['db_cachedir']) && is_dir($settings['db_cachedir'])) {
$cachedir = $settings['db_cachedir'];
}
}
if (!empty($cachedir) && function_exists('file_get_contents')) {
$cached_base_file = $cached_file = $cachedir . '/translations/';
$cached_base_file .= 'English-US.txt';
$cached_file .= $lang_cache;
$cache_tran_dir = dirname($cached_file);
if (!is_dir($cache_tran_dir)) {
@mkdir($cache_tran_dir, 0777);
@chmod($cache_tran_dir, 0777);
/*
// Do we really want to die if we can't save the cache file?
// Or should we just run without it?
if ( ! is_dir ( $cache_tran_dir ) )
die_miserable_death ( 'Error creating translation cache directory: "'
. $cache_tran_dir
. '"<br /><br />Please check the permissions of the directory: "'
. $cachedir . '"' );
*/
}
$can_save = is_writable($cache_tran_dir);
}
$new_install = !strstr($_SERVER['SCRIPT_NAME'], 'install/index.php');
$translations = array();
// First set default $translations[]
// by reading the base English-US.txt file or it's cache.
if (empty($cached_base_file)) {
read_trans_file($eng_file);
} else {
if (!file_exists($cached_base_file) || filemtime($eng_file) > filemtime($cached_base_file)) {
read_trans_file($eng_file, $cached_base_file);
} else {
// Cache is newer.
$translations = unserialize(file_get_contents($cached_base_file));
}
}
// Then, if language is not English,
// read in the user's language file to overwrite the array.
// This will ensure that any << MISSING >> phrases at least have a default.
if ($lang_file !== $eng_file) {
if (empty($cached_file)) {
read_trans_file($lang_file);
} else {
if (!file_exists($cached_file) || filemtime($lang_file) > filemtime($cached_file)) {
read_trans_file($lang_file, $cached_file);
} else {
// Cache is newer.
$translations = unserialize(file_get_contents($cached_file));
}
}
}
$translation_loaded = true;
}
$layerid += $row[0];
}
dbi_execute('INSERT INTO webcal_user_layers ( cal_layerid, cal_login,
cal_layeruser, cal_color, cal_dups ) VALUES ( ?, ?, ?, ?, ? )', array($layerid, $login, $nid, $layercolor, 'N'));
$layer_found = true;
}
}
}
// Add entry in UAC access table for new admin and remove for old admin.
// First delete any record for this user/nuc combo.
dbi_execute('DELETE FROM webcal_access_user WHERE cal_login = ?
AND cal_other_user = ?', array($nadmin, $nid));
if (!dbi_execute('INSERT INTO webcal_access_user ( cal_login,
cal_other_user, cal_can_view, cal_can_edit, cal_can_approve, cal_can_invite,
cal_can_email, cal_see_time_only ) VALUES ( ?, ?, ?, ?, ?, ?, ?, ? )', array($nadmin, $nid, 511, 511, 511, 'Y', 'Y', 'N'))) {
die_miserable_death(translate('Database error') . ': ' . dbi_error());
}
}
if (!empty($reload)) {
$data = array();
$calUser = $nid;
$overwrite = true;
$type = 'remoteics';
// We will check ics first.
$data = parse_ical($nurl, $type);
// TODO it may be a vcs file.
// if ( count ( $data ) == 0 ) {
// $data = parse_vcal ( $nurl );
// }
// We may be processing an hCalendar.
// $data sometimes has a count of 1 but is not a valid array.
function assert_handler($script, $line, $msg = '')
{
if (empty($msg)) {
$msg = 'Assertion failed<br />' . "\n";
}
$trace = function_exists('debug_backtrace') ? assert_backtrace() : basename($script) . ': ' . $line . ' ' . $msg;
$msg .= (function_exists('debug_backtrace') ? '<b>Stack Trace:</b><br /><br />' : '') . '<blockquote><tt>' . nl2br($trace) . '</tt></blockquote>';
if (function_exists('die_miserable_death')) {
die_miserable_death($msg);
} else {
echo '<html><head><title>WebCalendar Error</title></head>
<body><h2>WebCalendar Error</h2><p>' . $msg . '</p></body></html>
';
exit;
}
}
if (!dbi_execute('INSERT INTO webcal_blob ( cal_blob_id, cal_id,
cal_login, cal_name, cal_description, cal_size, cal_mime_type, cal_type,
cal_mod_date, cal_mod_time, cal_blob )
VALUES ( ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ? )', array($nextid, $id, $login, $filename, $description, $filesize, $mimetype, 'A', date('Ymd'), date('His'), NULL))) {
$error = db_error();
} else {
if (!dbi_update_blob('webcal_blob', 'cal_blob', "cal_blob_id = {$nextid}", $data)) {
$error = db_error();
} else {
// success! redirect to view event page
activity_log($id, $login, $login, LOG_ATTACHMENT, $filename);
do_redirect("view_entry.php?id={$id}");
}
}
} else {
die_miserable_death('Unsupported type');
// programmer error
}
}
if (!empty($error)) {
print_header();
echo print_error($error);
echo print_trailer();
exit;
}
}
print_header();
?>
<h2><?php
echo $title;
?>
function dbi_clear_cache()
{
global $db_connection_info;
if (empty($db_connection_info['cachedir'])) {
return 0;
}
$cnt = 0;
$fd = @opendir($db_connection_info['cachedir']);
if (empty($fd)) {
dbi_fatal_error(translate('Error opening cache dir') . ': ' . $db_connection_info['cachedir']);
}
$b = 0;
$errcnt = 0;
$errstr = '';
while (false !== ($file = readdir($fd))) {
if (preg_match('/^\\S\\S\\S\\S\\S\\S\\S\\S\\S\\S+.dat$/', $file)) {
// echo 'Deleting ' . $file . '<br />';
$cnt++;
$fullpath = $db_connection_info['cachedir'] . '/' . $file;
$b += filesize($fullpath);
if (!@unlink($fullpath)) {
$errcnt++;
$errstr .= '<!-- ' . translate('Error') . ': ' . str_replace('XXX', translate('delete'), translate('Could not XXX file')) . " {$file}. -->\n";
// TODO: log this somewhere???
}
}
}
if ($errcnt > 10) {
// They don't have correct permissions set.
die_miserable_death("Error removing temporary file.<br/><br/>The permissions for the following directory do not support the db_cachedir option in includes/settings.php:<br/><blockquote>" . $db_connection_info['cachedir'] . "</blockquote>", 'dbCacheError');
}
return $cnt;
}
//end if ( $repType )
}
function transmit_header($mime, $file)
{
// header ( 'Content-Type: application/octet-stream' );
header('Content-Type: ' . $mime);
header('Content-Disposition: attachment; filename="' . $file . '"');
header('Pragma: private');
header('Cache-control: private, must-revalidate');
}
/* ********************************** */
/* Let's go */
/* ********************************** */
$format = getValue('format');
if ($format != 'ical' && $format != 'vcal' && $format != 'pilot-csv' && $format != 'pilot-text') {
die_miserable_death('Invalid format "' . htmlspecialchars($format) . '"');
}
$id = getValue('id', '-?[0-9]+', true);
$use_all_dates = getPostValue('use_all_dates');
if (strtolower($use_all_dates) != 'y') {
$use_all_dates = '';
}
$include_layers = getPostValue('include_layers');
if (strtolower($include_layers) != 'y') {
$include_layers = '';
}
$include_deleted = getPostValue('include_deleted');
if (strtolower($include_deleted) != 'y') {
$include_deleted = '';
}
$cat_filter = getPostValue('cat_filter');
/**
* Require a valid HTT_REFERER value in the HTTP header. This will
* prevent XSRF (cross-site request forgery).
*
* For example, suppose a * a "bad guy" sends an email with a link that
* would delete an event in webcalendar to the admin. If the admin user
* clicks on that link we don't want to actually delete the event.
*/
function require_valide_referring_url()
{
global $SERVER_URL;
if (empty($_SERVER['HTTP_REFERER'])) {
// Missing the REFERER value
//die_miserable_death ( translate ( 'Invalid referring URL' ) );
// Unfortunately, some version of MSIE do not send this info.
return true;
}
if (!preg_match("@{$SERVER_URL}@i", $_SERVER['HTTP_REFERER'])) {
// Gotcha. URL of referring page is not the same as our server.
// This can be an instance of XSRF.
// (This may also happen when more than address is used for your server.
// However, you're not supposed to do that with this version of
// WebCalendar anyhow...)
die_miserable_death(translate('Invalid referring URL'));
}
}
$date = getValue('date');
$return_path = getValue('return_path');
// Was a return path set?
$url = !empty($return_path) ? clean_whitespace($return_path . (!empty($date) ? '?date=' . $date : '')) : 'index.php';
if ($login == '__public__') {
do_redirect($url);
}
if (!nonuser_load_variables($login, 'temp_')) {
die_miserable_death(translate('No such nonuser calendar') . ": {$login}");
}
if (empty($temp_is_public) || $temp_is_public != 'Y') {
die_miserable_death(print_not_auth(24));
}
// calculate path for cookie
if (empty($PHP_SELF)) {
$PHP_SELF = $_SERVER['PHP_SELF'];
}
$cookie_path = str_replace('nulogin.php', '', $PHP_SELF);
// echo "Cookie path: $cookie_path\n";
if (get_magic_quotes_gpc()) {
$login = stripslashes($login);
}
$login = trim($login);
if ($login != addslashes($login)) {
die_miserable_death(translate('Illegal characters in login') . ' <tt>' . htmlentities($login) . '</tt>.');
}
// Allow proper login using NUC name
$encoded_login = encode_string($login . '|nonuser');
// set login to expire in 365 days
SetCookie('webcalendar_session', $encoded_login, !empty($remember) && $remember == 'yes' ? 86400 * 365 + time() : 0, $cookie_path);
do_redirect($url);
}
$approve_total = $edit_total = $view_total = 0;
for ($i = 1; $i <= 256;) {
$approve_total += getPostValue('a_' . $i);
$edit_total += getPostValue('e_' . $i);
$view_total += getPostValue('v_' . $i);
$i += $i;
}
$email = getPostValue('email');
$invite = getPostValue('invite');
$time = getPostValue('time');
if (!dbi_execute('INSERT INTO webcal_access_user ( cal_login,
cal_other_user, cal_can_view, cal_can_edit, cal_can_approve,
cal_can_invite, cal_can_email, cal_see_time_only )
VALUES ( ?, ?, ?, ?, ?, ?, ?, ? )', array($puser, $pouser, $view_total > 0 ? $view_total : 0, $edit_total > 0 && $puser != '__public__' ? $edit_total : 0, $approve_total > 0 && $puser != '__public__' ? $approve_total : 0, strlen($invite) ? $invite : 'N', strlen($email) ? $email : 'N', strlen($time) ? $time : 'N'))) {
die_miserable_death(str_replace('XXX', dbi_error(), $dbErrStr));
}
$saved = true;
}
}
$checked = ' checked="checked"';
$guser = getPostValue('guser');
$selected = ' selected="selected"';
//if ( $guser == '__default__' ) {
// $otheruser = $guser;
// $user_fullname = $defConfigStr;
//} else
$otheruser = getPostValue('otheruser');
if ($otheruser == '__default__') {
$otheruser_fullname = $defConfigStr;
$otheruser_login = '******';
// If we are in single user mode, make sure that the login selected is
// a valid login.
if ($single_user == 'Y') {
if (empty($single_user_login)) {
die_miserable_death("You have not defined <tt>single_user_login</tt> in " . "<tt>includes/settings.php</tt>");
}
$res = dbi_query("SELECT COUNT(*) FROM webcal_user " . "WHERE cal_login = '******'");
if (!$res) {
echo "Database error: " . dbi_error();
exit;
}
$row = dbi_fetch_row($res);
if ($row[0] == 0) {
// User specified as single_user_login does not exist
if (!dbi_query("INSERT INTO webcal_user ( cal_login, " . "cal_passwd, cal_is_admin ) VALUES ( '{$single_user_login}', " . "'" . md5($single_user_login) . "', 'Y' )")) {
die_miserable_death("User <tt>{$single_user_login}</tt> does not " . "exist in <tt>webcal_user</tt> table and was not able to add " . "it for you:<br /><blockquote>" . dbi_error() . "</blockquote>");
}
// User was added... should we tell them?
}
dbi_free_result($res);
}
// global settings have not been loaded yet, so check for public_access now
$res = dbi_query("SELECT cal_value FROM webcal_config " . "WHERE cal_setting = 'public_access'");
$pub_acc_enabled = false;
if ($res) {
if ($row = dbi_fetch_row($res)) {
if ($row[0] == "Y") {
$pub_acc_enabled = true;
}
}
dbi_free_result($res);
// Load user preferences (to get the DISPLAY_UNAPPROVED and
// FREEBUSY_ENABLED pref for this user).
$login = $user;
load_user_preferences();
$WebCalendar->setLanguage();
// Load user name, etc.
user_load_variables($user, 'publish_');
if (empty($FREEBUSY_ENABLED) || $FREEBUSY_ENABLED != 'Y') {
header('Content-Type: text/plain');
echo 'user='******'No user specified.');
if (empty($user)) {
die_miserable_death($no_user);
}
$get_unapproved = false;
$datem = date('m');
$dateY = date('Y');
// Start date is beginning of this month.
$startdate = mktime(0, 0, 0, $datem, 0, $dateY);
// End date is one year from now.
// Seems kind of arbitrary, eh?
$enddate = mktime(0, 0, 0, $datem, 1, $dateY + 1);
/* Pre-Load the repeated events for quicker access. */
$repeated_events = read_repeated_events($user, $startdate, $enddate, '');
/* Pre-load the non-repeating events for quicker access. */
$events = read_events($user, $startdate, $enddate);
// Loop from start date until we reach end date...
$event_text = '';
function transmit_header($mime, $file)
{
header("Content-Type: application/octet-stream");
//header ( "Content-Type: $mime" );
header('Content-Disposition: attachment; filename="' . $file . '"');
header('Pragma: no-cache');
header('Cache-Control: no-cache');
}
//end function
/*******************************************/
/*** Let's go ***/
/*******************************************/
$id = getIntValue('id', true);
$format = getValue('format');
if ($format != 'ical' && $format != 'vcal' && $format != 'pilot-csv' && $format != 'pilot-text') {
die_miserable_death("Invalid format '" . $format . "'");
}
$use_all_dates = getPostValue('use_all_dates');
if ($use_all_dates != 'y') {
$use_all_dates = '';
}
$include_layers = getPostValue('include_layers');
if ($include_layers != 'y') {
$include_layers = '';
}
$fromyear = getIntValue('fromyear', true);
$frommonth = getIntValue('frommonth', true);
$fromday = getIntValue('fromday', true);
$endyear = getIntValue('endyear', true);
$endmonth = getIntValue('endmonth', true);
$endday = getIntValue('endday', true);
function connect_and_bind()
{
global $ds, $error, $ldap_server, $ldap_port, $ldap_version;
global $ldap_admin_dn, $ldap_admin_pwd, $ldap_start_tls, $set_ldap_version;
if (!function_exists('ldap_connect')) {
die_miserable_death('Your installation of PHP does not support LDAP');
}
$ret = false;
$ds = @ldap_connect($ldap_server, $ldap_port);
if ($ds) {
if ($set_ldap_version || $ldap_start_tls) {
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, $ldap_version);
}
if ($ldap_start_tls) {
if (!ldap_start_tls($ds)) {
$error = 'Could not start TLS for LDAP connection';
return $ret;
}
}
if ($ldap_admin_dn != '') {
$r = @ldap_bind($ds, $ldap_admin_dn, $ldap_admin_pwd);
} else {
$r = @ldap_bind($ds);
}
if (!$r) {
$error = 'Invalid Admin login for LDAP Server';
} else {
$ret = $r;
}
} else {
$error = 'Error connecting to LDAP server';
$ret = false;
}
return $ret;
}
function access_get_function_description($function)
{
switch ($function) {
case ACCESS_ACCESS_MANAGEMENT:
return translate('User Access Control');
case ACCESS_ACCOUNT_INFO:
return translate('Account');
case ACCESS_ACTIVITY_LOG:
return translate('Activity Log');
case ACCESS_SECURITY_AUDIT:
return translate('Security Audit');
case ACCESS_ADMIN_HOME:
return translate('Administrative Tools');
case ACCESS_ADVANCED_SEARCH:
return translate('Advanced Search');
case ACCESS_ANOTHER_CALENDAR:
return translate('Another Users Calendar');
case ACCESS_ASSISTANTS:
return translate('Assistants');
case ACCESS_CATEGORY_MANAGEMENT:
return translate('Category Management');
case ACCESS_DAY:
return translate('Day View');
case ACCESS_EVENT_EDIT:
return translate('Edit Event');
case ACCESS_EVENT_VIEW:
return translate('View Event');
case ACCESS_EXPORT:
return translate('Export');
case ACCESS_HELP:
return translate('Help');
case ACCESS_IMPORT:
return translate('Import');
case ACCESS_LAYERS:
return translate('Layers');
case ACCESS_MONTH:
return translate('Month View');
case ACCESS_PREFERENCES:
return translate('Preferences');
case ACCESS_PUBLISH:
return translate('Subscribe/Publish');
case ACCESS_REPORT:
return translate('Reports');
case ACCESS_SEARCH:
return translate('Search');
case ACCESS_SYSTEM_SETTINGS:
return translate('System Settings');
case ACCESS_TRAILER:
return translate('Common Trailer');
case ACCESS_USER_MANAGEMENT:
return translate('User Management');
case ACCESS_VIEW:
return translate('Views');
case ACCESS_VIEW_MANAGEMENT:
return translate('Manage Views');
case ACCESS_WEEK:
return translate('Week View');
case ACCESS_YEAR:
return translate('Year View');
default:
die_miserable_death(translate('Invalid function id') . ': ' . $function);
}
}
if ($single_user == "Y") {
// No login for single-user mode
do_redirect("index.php");
} else {
if ($use_http_auth) {
// There is no login page when using HTTP authorization
do_redirect("index.php");
} else {
if (!empty($login) && !empty($password)) {
if (get_magic_quotes_gpc()) {
$password = stripslashes($password);
$login = stripslashes($login);
}
$login = trim($login);
if ($login != addslashes($login)) {
die_miserable_death("Illegal characters in login " . "<tt>" . htmlentities($login) . "</tt>");
}
if (user_valid_login($login, $password)) {
user_load_variables($login, "");
// set login to expire in 365 days
srand((double) microtime() * 1000000);
$salt = chr(rand(ord('A'), ord('z'))) . chr(rand(ord('A'), ord('z')));
$encoded_login = encode_string($login . "|" . crypt($password, $salt));
if (!empty($settings['session']) && ($settings['session'] = 'php')) {
$_SESSION['webcalendar_session'] = $encoded_login;
} else {
if (!empty($remember) && $remember == "yes") {
SetCookie("webcalendar_session", $encoded_login, time() + 24 * 3600 * 365, $cookie_path);
} else {
SetCookie("webcalendar_session", $encoded_login, 0, $cookie_path);
}
function save_pref($prefs, $src)
{
global $error, $my_theme, $prad;
if (!$prad) {
global $prefuser;
}
$pos = $prad ? 6 : 5;
while (list($key, $value) = each($prefs)) {
if ($src == 'post') {
$prefix = substr($key, 0, $pos);
$setting = substr($key, $pos);
if (!$prad && $prefix != 'pref_' || $prad && $key == 'currenttab') {
continue;
}
// .
// Validate key name.
// If $prad not true, should start with "pref_"
// else should start with "admin_",
// and not include any unusual characters that might be an SQL injection attack.
if (!$prad && !preg_match('/pref_[A-Za-z0-9_]+$/', $key) || $prad && !preg_match('/admin_[A-Za-z0-9_]+$/', $key)) {
die_miserable_death(str_replace('XXX', $key, translate('Invalid setting name XXX.')));
}
} else {
$prefix = $prad ? 'admin_' : 'pref_';
$setting = $key;
}
if (strlen($setting) > 0 && $prefix == 'pref_' || $prefix == 'admin_') {
if ($setting == 'THEME' && $value != 'none') {
$my_theme = strtolower($value);
}
if ($prad) {
$setting = strtoupper($setting);
$sql = 'DELETE FROM webcal_config WHERE cal_setting = ?';
if (!dbi_execute($sql, array($setting))) {
$error = db_error(false, $sql);
break;
}
if (strlen($value) > 0) {
$sql = 'INSERT INTO webcal_config ( cal_setting, cal_value ) VALUES ( ?, ? )';
if (!dbi_execute($sql, array($setting, $value))) {
$error = db_error(false, $sql);
break;
}
}
} else {
dbi_execute('DELETE FROM webcal_user_pref WHERE cal_login = ?
AND cal_setting = ?', array($prefuser, $setting));
if (strlen($value) > 0) {
$setting = strtoupper($setting);
$sql = 'INSERT INTO webcal_user_pref ( cal_login, cal_setting,
cal_value ) VALUES ( ?, ?, ? )';
if (!dbi_execute($sql, array($prefuser, $setting, $value))) {
$error = 'Unable to update preference: ' . dbi_error() . '<br /><br /><span class="bold">SQL:</span>' . $sql;
break;
}
}
}
}
}
// Reload preferences so any CSS changes will take effect.
load_global_settings();
load_user_preferences();
}
function do_config($fileLoc)
{
global $db_database, $db_host, $db_login, $db_password, $db_persistent, $db_type, $NONUSER_PREFIX, $phpdbiVerbose, $PROGRAM_DATE, $PROGRAM_NAME, $PROGRAM_URL, $PROGRAM_VERSION, $readonly, $run_mode, $settings, $single_user, $single_user_login, $TROUBLE_URL, $use_http_auth, $user_inc;
$PROGRAM_VERSION = 'v1.2.7';
$PROGRAM_DATE = '22 Feb 2013';
$PROGRAM_NAME = 'WebCalendar ' . "{$PROGRAM_VERSION} ({$PROGRAM_DATE})";
$PROGRAM_URL = 'http://www.k5n.us/webcalendar.php';
$TROUBLE_URL = 'docs/WebCalendar-SysAdmin.html#trouble';
// Open settings file to read.
$settings = array();
if (file_exists($fileLoc)) {
$fd = @fopen($fileLoc, 'rb', true);
}
if (empty($fd) && defined('__WC_INCLUDEDIR')) {
$fd = @fopen(__WC_INCLUDEDIR . '/settings.php', 'rb', true);
if ($fd) {
$fileLoc = __WC_INCLUDEDIR . '/settings.php';
}
}
// If still empty.... use __FILE__.
if (empty($fd)) {
$testName = get_full_include_path("settings.php");
$fd = @fopen($fileLoc, 'rb', true);
if ($fd) {
$fileLoc = $testName;
}
}
if (empty($fd) || filesize($fileLoc) == 0) {
// There is no settings.php file.
// Redirect user to install page if it exists.
if (file_exists('install/index.php')) {
header('Location: install/index.php');
exit;
} else {
die_miserable_death(translate('Could not find settings.php file...'));
}
}
// We don't use fgets () since it seems to have problems with Mac-formatted
// text files. Instead, we read in the entire file, and split the lines manually.
$data = '';
while (!feof($fd)) {
$data .= fgets($fd, 4096);
}
fclose($fd);
// Replace any combination of carriage return (\r) and new line (\n)
// with a single new line.
$data = preg_replace("/[\r\n]+/", "\n", $data);
// Split the data into lines.
$configLines = explode("\n", $data);
for ($n = 0, $cnt = count($configLines); $n < $cnt; $n++) {
$buffer = trim($configLines[$n], "\r\n ");
if (preg_match('/^#|\\/\\*/', $buffer) || preg_match('/^<\\?/', $buffer) || preg_match('/^\\?>/', $buffer)) {
// end PHP code
continue;
}
if (preg_match('/(\\S+):\\s*(\\S+)/', $buffer, $matches)) {
$settings[$matches[1]] = $matches[2];
}
// echo "settings $matches[1] => $matches[2]<br />";
}
$configLines = $data = '';
// Extract db settings into global vars.
$db_database = $settings['db_database'];
$db_host = $settings['db_host'];
$db_login = $settings['db_login'];
$db_password = $settings['db_password'];
$db_persistent = preg_match('/(1|yes|true|on)/i', $settings['db_persistent']) ? '1' : '0';
$db_type = $settings['db_type'];
// If no db settings, then user has likely started install but not yet
// completed. So, send them back to the install script.
if (empty($db_type)) {
if (file_exists('install/index.php')) {
header('Location: install/index.php');
exit;
} else {
die_miserable_death(translate('Incomplete settings.php file...'));
}
}
// Use 'db_cachedir' if found, otherwise look for 'cachedir'.
if (!empty($settings['db_cachedir'])) {
dbi_init_cache($settings['db_cachedir']);
} else {
if (!empty($settings['cachedir'])) {
dbi_init_cache($settings['cachedir']);
}
}
if (!empty($settings['db_debug']) && preg_match('/(1|true|yes|enable|on)/i', $settings['db_debug'])) {
dbi_set_debug(true);
}
foreach (array('db_type', 'db_host', 'db_login', 'db_password') as $s) {
if (empty($settings[$s])) {
die_miserable_death(str_replace('XXX', $s, translate('Could not find XXX defined in...')));
}
}
// Allow special settings of 'none' in some settings[] values.
// This can be used for db servers not using TCP port for connection.
$db_host = $db_host == 'none' ? '' : $db_host;
$db_password = $db_password == 'none' ? '' : $db_password;
$readonly = preg_match('/(1|yes|true|on)/i', $settings['readonly']) ? 'Y' : 'N';
if (empty($settings['mode'])) {
$settings['mode'] = 'prod';
}
$run_mode = preg_match('/(dev)/i', $settings['mode']) ? 'dev' : 'prod';
$phpdbiVerbose = $run_mode == 'dev';
$single_user = preg_match('/(1|yes|true|on)/i', $settings['single_user']) ? 'Y' : 'N';
if ($single_user == 'Y') {
$single_user_login = $settings['single_user_login'];
}
if ($single_user == 'Y' && empty($single_user_login)) {
die_miserable_death(str_replace('XXX', 'single_user_login', translate('You must define XXX in')));
}
$use_http_auth = preg_match('/(1|yes|true|on)/i', $settings['use_http_auth']) ? true : false;
// Type of user authentication.
$user_inc = $settings['user_inc'];
// If sqlite, the db file is in the include directory
if ($db_type == 'sqlite') {
$db_database = get_full_include_path($db_database);
}
// Check the current installation version.
// Redirect user to install page if it is different from stored value.
// This will prevent running WebCalendar until UPGRADING.html has been
// read and required upgrade actions completed.
$c = @dbi_connect($db_host, $db_login, $db_password, $db_database, false);
if ($c) {
$rows = dbi_get_cached_rows('SELECT cal_value FROM webcal_config
WHERE cal_setting = \'WEBCAL_PROGRAM_VERSION\'');
if (!$rows) {
// & does not work here...leave it as &.
header('Location: install/index.php?action=mismatch&version=UNKNOWN');
exit;
} else {
$row = $rows[0];
if (empty($row) || $row[0] != $PROGRAM_VERSION) {
// & does not work here...leave it as &.
header('Location: install/index.php?action=mismatch&version=' . (empty($row) ? 'UNKNOWN' : $row[0]));
exit;
}
}
dbi_close($c);
} else {
// Must mean we don't have a settings.php file.
// NOTE: if we get a connect error when running send_reminders.php,
// we may want to show that error message here.
// & does not work here...leave it as &.
header('Location: install/index.php?action=mismatch&version=UNKNOWN');
exit;
}
// We can add extra 'nonuser' calendars such as a holiday, corporate,
// departmental, etc. We need a unique prefix for these calendars
// so we don't get them mixed up with real logins. This prefix should be
// a maximum of 5 characters and should NOT change once set!
$NONUSER_PREFIX = '_NUC_';
if ($single_user != 'Y') {
$single_user_login = '';
}
}
if ($single_user == 'Y') {
// No login for single-user mode
do_redirect('index.php');
} else {
if ($use_http_auth) {
// There is no login page when using HTTP authorization
do_redirect('index.php');
} else {
if (!empty($login) && !empty($password) && !$logout) {
if (get_magic_quotes_gpc()) {
$password = stripslashes($password);
$login = stripslashes($login);
}
$login = trim($login);
if ($login != addslashes($login)) {
die_miserable_death('Illegal characters in login ' . '<tt>' . htmlentities($login) . '</tt>');
}
if (user_valid_login($login, $password)) {
user_load_variables($login, '');
$encoded_login = encode_string($login . '|' . crypt($password));
// set login to expire in 365 days
if (!empty($remember) && $remember == 'yes') {
SetCookie('webcalendar_session', $encoded_login, time() + 24 * 3600 * 365, $cookie_path);
} else {
SetCookie('webcalendar_session', $encoded_login, 0, $cookie_path);
}
// The cookie "webcalendar_login" is provided as a convenience to
// other apps that may wish to find out what the last calendar
// login was, so they can use week_ssi.php as a server-side include.
// As such, it's not a security risk to have it un-encoded since it
// is not used to allow logins within this app. It is used to
/**
* Gets the value resulting from either HTTP GET method or HTTP POST method.
*
* <b>Note:</b> The return value will be affected by the value of
* <var>magic_quotes_gpc</var> in the php.ini file.
*
* <b>Note:</b> If you need to get an integer value, yuou can use the
* getIntValue function.
*
* @param string $name Name used in the HTML form or found in the URL
* @param string $format A regular expression format that the input must match.
* If the input does not match, an empty string is
* returned and a warning is sent to the browser. If The
* <var>$fatal</var> parameter is true, then execution
* will also stop when the input does not match the
* format.
* @param bool $fatal Is it considered a fatal error requiring execution to
* stop if the value retrieved does not match the format
* regular expression?
*
* @return string The value used in the HTML form (or URL)
*
* @uses getGetValue
* @uses getPostValue
*/
function getValue($name, $format = "", $fatal = false)
{
$val = getPostValue($name);
if (!isset($val)) {
$val = getGetValue($name);
}
// for older PHP versions...
if (!isset($val) && get_magic_quotes_gpc() == 1 && !empty($GLOBALS[$name])) {
$val = $GLOBALS[$name];
}
if (!isset($val)) {
return "";
}
if (!empty($format) && !preg_match("/^" . $format . "\$/", $val)) {
// does not match
if ($fatal) {
die_miserable_death("Fatal Error: Invalid data format for {$name}");
}
// ignore value
return "";
}
return $val;
}
// translate("Holo (Taiwanese)")
// translate("Hungarian")
// translate("Icelandic")
// translate("Italian")
// translate("Japanese")
// translate("Korean")
// translate("Norwegian")
// translate("Polish")
// translate("Portuguese")
// translate("Portuguese/Brazil")
// translate("Romanian")
// translate("Russian")
// translate("Spanish")
// translate("Swedish")
// translate("Turkish")
// translate("Welsh")
if ($single_user != "Y") {
$single_user_login = "";
}
// Make sure magic quotes is enabled, since this app requires it.
if (get_magic_quotes_gpc() == 0) {
ob_start();
phpinfo();
$val = ob_get_contents();
ob_end_clean();
$loc = '';
if (preg_match("/>([^<>]*php.ini)</", $val, $matches)) {
$loc = "Please edit the following file and restart your server:" . "<br /><br />\n" . "<blockquote>\n<tt>" . $matches[1] . "</tt>\n</blockquote>\n";
}
die_miserable_death("You must reconfigure your <tt>php.ini</tt> file to " . "have <span style=\"font-weight:bold;\">magic_quotes_gpc</span> set " . " to <span style=\"font-weight:bold;\">ON</span>.<br /><br />\n" . $loc);
}
$error = print_not_auth(21);
}
if ($allow_user_override) {
$u = getValue('user', '[A-Za-z0-9_\\.=@,\\-]+', true);
if (!empty($u)) {
$login = $user = $u;
}
// We also set $login since some functions assume that it is set.
}
load_user_preferences();
user_load_variables($login, 'minical_');
if ($user != '__public__' && !nonuser_load_variables($login, 'minica_')) {
die_miserable_death(str_replace('XXX', $login, translate('No such nonuser calendar XXX.')));
}
if ($user != '__public__' && (empty($minical_is_public) || $minical_is_public != 'Y')) {
die_miserable_death(translate('This Calendar is not Public.'));
}
$next = mktime(0, 0, 0, $thismonth + 1, 1, $thisyear);
$nextmonth = date('m', $next);
$nextyear = date('Y', $next);
$prev = mktime(0, 0, 0, $thismonth - 1, 1, $thisyear);
$prevmonth = date('m', $prev);
$prevyear = date('Y', $prev);
$boldDays = true;
$startdate = mktime(0, 0, 0, $thismonth, 0, $thisyear);
$enddate = mktime(23, 59, 59, $thismonth + 1, 0, $thisyear);
// Don't display custom header.
print_header('', generate_refresh_meta(), '', true);
/* Pre-Load the repeated events for quicker access. */
$repeated_events = read_repeated_events($user, $startdate, $enddate, $cat_id);
/* Pre-load the non-repeating events for quicker access. */