for ($i = 0; $i < $viewcnt; $i++) {
$views_link[] = '<a title="' . htmlspecialchars($views[$i]['cal_name']) . '" href="' . $views[$i]['url'] . (!empty($thisdate) ? '&date=' . $thisdate : '') . '">' . htmlspecialchars($views[$i]['cal_name']) . "</a>\n";
}
}
$views_linkcnt = count($views_link);
if ($views_linkcnt > 0) {
$tret .= '<br /><span class="prefix">' . translate('Views') . ':</span> ' . "\n";
for ($i = 0; $i < $views_linkcnt; $i++) {
$tret .= ($i > 0 ? ' | ' : '') . $views_link[$i];
}
}
$tret .= '<!-- REPORTS -->' . "\n";
if (!empty($REPORTS_ENABLED) && $REPORTS_ENABLED == 'Y' && access_can_access_function(ACCESS_REPORT)) {
$reports_link = array();
$rows = dbi_get_cached_rows('SELECT cal_report_name, cal_report_id
FROM webcal_report WHERE cal_login = ? OR ( cal_is_global = \'Y\'
AND cal_show_in_trailer = \'Y\' ) ORDER BY cal_report_id', array($login));
if ($rows) {
for ($i = 0, $cnt = count($rows); $i < $cnt; $i++) {
$row = $rows[$i];
$reports_link[] = '<a title="' . htmlspecialchars($row[0]) . '" href="report.php?report_id=' . $row[1] . (!empty($user) && $user != $login ? '&user='******'') . '">' . htmlspecialchars($row[0]) . '</a>';
}
}
$reports_linkcnt = count($reports_link);
if ($reports_linkcnt > 0) {
$tret .= '<br /><span class="prefix">' . translate('Reports') . ':</span> ' . "\n";
for ($i = 0; $i < $reports_linkcnt; $i++) {
$tret .= ($i > 0 ? ' | ' : '') . $reports_link[$i] . "\n";
}
}
}
function rss_activity_log($sys, $entries)
{
global $SERVER_URL, $login;
$sql_params = array();
$limit = $where = '';
switch ($GLOBALS['db_type']) {
case 'mysqli':
case 'mysql':
case 'postgresql':
$limit .= ' LIMIT ' . $entries;
break;
case 'oracle':
$where .= ' AND ROWNUM <= ' . $entries;
break;
}
$sql = 'SELECT wel.cal_login, wel.cal_user_cal, wel.cal_type, wel.cal_date,
wel.cal_time, wel.cal_text, ' . ($sys ? 'wel.cal_log_id FROM webcal_entry_log wel WHERE wel.cal_entry_id = 0' : 'we.cal_id, we.cal_name, wel.cal_log_id, we.cal_type, we.cal_description
FROM webcal_entry_log wel, webcal_entry we
WHERE wel.cal_entry_id = we.cal_id' . $where) . ' ORDER BY wel.cal_log_id DESC' . $limit;
$rows = dbi_get_cached_rows($sql, $sql_params);
$ret = '';
for ($i = 0; $i < count($rows) && $i < $entries; $i++) {
$row = $rows[$i];
$num = 0;
$l_login = $row[0];
$l_user = $row[1];
$l_type = $row[2];
$l_date = $row[3];
$l_time = $row[4];
$l_text = $row[5];
if ($sys) {
$l_id = $row[6];
$l_description = '';
} else {
$l_eid = $row[6];
$l_ename = $row[7];
$l_id = $row[8];
$l_etype = $row[9];
$l_description = $row[10];
// convert lines to <br> if no HTML formatting found
if (strpos($l_description, "</") == false) {
$l_description = nl2br($l_description);
}
}
$num++;
$unixtime = date_to_epoch($l_date . $l_time);
$subject = display_activity_log($l_type, $l_text, "\n");
$ret .= "<item>\n" . ' <title><![CDATA[' . $subject . ': ' . htmlspecialchars($l_ename) . ']]></title>' . "\n <link>" . $SERVER_URL . 'view_entry.php?id=' . $l_eid . "</link>\n" . ' <description><![CDATA[' . $l_description . ']]></description>' . "\n";
//$ret .=
// ' <category><![CDATA[' . $category . ']]></category>' . "\n";
/* RSS 2.0 date format Wed, 02 Oct 2002 13:00:00 GMT */
$ret .= '<pubDate>' . gmdate('D, d M Y H:i:s', $unixtime) . ' GMT</pubDate>' . "\n" . ' <guid>' . $SERVER_URL . 'view_entry.php?id=' . $l_eid . '&friendly=1&rssuser='******'&date=' . $l_date . "</guid>\n";
$ret .= "</item>\n\n";
}
return $ret;
}
function list_unapproved($user)
{
global $login, $SERVER_URL;
$count = 0;
$ret = '';
$sql = 'SELECT we.cal_id, we.cal_name, we.cal_description, weu.cal_login,
we.cal_priority, we.cal_date, we.cal_time, we.cal_duration,
weu.cal_status, we.cal_type
FROM webcal_entry we, webcal_entry_user weu
WHERE we.cal_id = weu.cal_id AND weu.cal_login = ? AND weu.cal_status = \'W\'
ORDER BY weu.cal_login, we.cal_date';
$rows = dbi_get_cached_rows($sql, array($user));
if ($rows) {
$allDayStr = translate('All day event');
$appConStr = translate('Approve/Confirm');
$appSelStr = translate('Approve Selected');
$checkAllStr = translate('Check All');
$deleteStr = translate('Delete');
$emailStr = translate('Emails Will Not Be Sent');
$rejectSelStr = translate('Reject Selected');
$rejectStr = translate('Reject');
$uncheckAllStr = translate('Uncheck All');
$viewStr = translate('View this entry');
for ($i = 0, $cnt = count($rows); $i < $cnt; $i++) {
$row = $rows[$i];
$id = $row[0];
$name = $row[1];
$description = $row[2];
$cal_user = $row[3];
$pri = $row[4];
$date = $row[5];
$time = sprintf("%06d", $row[6]);
$duration = $row[7];
$status = $row[8];
$type = $row[9];
$view_link = 'view_entry';
$entryID = 'entry' . $type . $id;
$unixtime = date_to_epoch($date . $time);
$timestr = '';
if ($time > 0 || $time == 0 && $duration != 1440) {
$eventstart = date_to_epoch($date . $time);
$eventstop = $eventstart + $duration;
$eventdate = date_to_str(date('Ymd', $eventstart));
$timestr = display_time('', 0, $eventstart) . ($duration > 0 ? ' - ' . display_time('', 0, $eventstop) : '');
} else {
// Don't shift date if All Day or Untimed.
$eventdate = date_to_str($date);
// If All Day display in popup.
if ($time == 0 && $duration == 1440) {
$timestr = $allDayStr;
}
}
$ret .= "<item>\n" . ' <title><![CDATA[' . htmlspecialchars($name) . ']]></title>' . "\n <link>" . $SERVER_URL . $view_link . '.php?id=' . $id . '&user='******' <description><![CDATA[' . $description . ']]></description>' . "\n";
$ret .= ' <category><![CDATA[' . $category . ']]></category>' . "\n";
/* RSS 2.0 date format Wed, 02 Oct 2002 13:00:00 GMT */
$ret .= '<pubDate>' . gmdate('D, d M Y H:i:s', $unixtime) . ' GMT</pubDate>' . "\n" . ' <guid>' . $SERVER_URL . 'view_entry.php?id=' . $id . '&friendly=1&rssuser='******'&date=' . $d . "</guid>\n";
$ret .= "</item>\n\n";
}
}
return $ret;
}
function get_site_extra_fields($eventid)
{
$rows = dbi_get_cached_rows('SELECT cal_name, cal_type, cal_date, cal_remind,
cal_data FROM webcal_site_extras WHERE cal_id = ?', array($eventid));
$extras = array();
if ($rows) {
for ($i = 0, $cnt = count($rows); $i < $cnt; $i++) {
$row = $rows[$i];
// Save by cal_name (e.g. "URL").
$extras[$row[0]] = array('cal_name' => $row[0], 'cal_type' => $row[1], 'cal_date' => $row[2], 'cal_remind' => $row[3], 'cal_data' => $row[4]);
}
}
return $extras;
}
/**
* Load info about a user (first name, last name, admin) and set globally.
*
* @param string $user User login
* @param string $prefix Variable prefix to use
*
* @return bool True on success
*/
function user_load_variables($login, $prefix)
{
global $PUBLIC_ACCESS_FULLNAME, $NONUSER_PREFIX, $cached_user_var, $SCRIPT;
$ret = false;
if (!empty($cached_user_var[$login][$prefix])) {
return $cached_user_var[$login][$prefix];
}
$cached_user_var = array();
//help prevent spoofed username attempts from disclosing fullpath
$GLOBALS[$prefix . 'fullname'] = '';
if ($NONUSER_PREFIX && substr($login, 0, strlen($NONUSER_PREFIX)) == $NONUSER_PREFIX) {
nonuser_load_variables($login, $prefix);
return true;
}
if ($login == '__public__' || $login == '__default__') {
$GLOBALS[$prefix . 'login'] = $login;
$GLOBALS[$prefix . 'firstname'] = '';
$GLOBALS[$prefix . 'lastname'] = '';
$GLOBALS[$prefix . 'is_admin'] = 'N';
$GLOBALS[$prefix . 'email'] = '';
$GLOBALS[$prefix . 'fullname'] = $login == '__public__' ? $PUBLIC_ACCESS_FULLNAME : translate('DEFAULT CONFIGURATION');
$GLOBALS[$prefix . 'password'] = '';
return true;
}
$sql = 'SELECT cal_firstname, cal_lastname, cal_is_admin, cal_email, cal_passwd, ' . 'cal_enabled FROM webcal_user WHERE cal_login = ?';
$rows = dbi_get_cached_rows($sql, array($login));
if ($rows) {
$row = $rows[0];
$GLOBALS[$prefix . 'login'] = $login;
$GLOBALS[$prefix . 'firstname'] = $row[0];
$GLOBALS[$prefix . 'lastname'] = $row[1];
$GLOBALS[$prefix . 'is_admin'] = $row[2];
$GLOBALS[$prefix . 'email'] = empty($row[3]) ? '' : $row[3];
if (strlen($row[0]) && strlen($row[1])) {
$GLOBALS[$prefix . 'fullname'] = "{$row['0']} {$row['1']}";
} else {
$GLOBALS[$prefix . 'fullname'] = $login;
}
$GLOBALS[$prefix . 'password'] = $row[4];
$GLOBALS[$prefix . 'enabled'] = $row[5];
$ret = true;
} else {
return false;
}
//save these results
$cached_user_var[$login][$prefix] = $ret;
return $ret;
}
function do_config($fileLoc)
{
global $db_database, $db_host, $db_login, $db_password, $db_persistent, $db_type, $NONUSER_PREFIX, $phpdbiVerbose, $PROGRAM_DATE, $PROGRAM_NAME, $PROGRAM_URL, $PROGRAM_VERSION, $readonly, $run_mode, $settings, $single_user, $single_user_login, $TROUBLE_URL, $use_http_auth, $user_inc;
$PROGRAM_VERSION = 'v1.2.7';
$PROGRAM_DATE = '22 Feb 2013';
$PROGRAM_NAME = 'WebCalendar ' . "{$PROGRAM_VERSION} ({$PROGRAM_DATE})";
$PROGRAM_URL = 'http://www.k5n.us/webcalendar.php';
$TROUBLE_URL = 'docs/WebCalendar-SysAdmin.html#trouble';
// Open settings file to read.
$settings = array();
if (file_exists($fileLoc)) {
$fd = @fopen($fileLoc, 'rb', true);
}
if (empty($fd) && defined('__WC_INCLUDEDIR')) {
$fd = @fopen(__WC_INCLUDEDIR . '/settings.php', 'rb', true);
if ($fd) {
$fileLoc = __WC_INCLUDEDIR . '/settings.php';
}
}
// If still empty.... use __FILE__.
if (empty($fd)) {
$testName = get_full_include_path("settings.php");
$fd = @fopen($fileLoc, 'rb', true);
if ($fd) {
$fileLoc = $testName;
}
}
if (empty($fd) || filesize($fileLoc) == 0) {
// There is no settings.php file.
// Redirect user to install page if it exists.
if (file_exists('install/index.php')) {
header('Location: install/index.php');
exit;
} else {
die_miserable_death(translate('Could not find settings.php file...'));
}
}
// We don't use fgets () since it seems to have problems with Mac-formatted
// text files. Instead, we read in the entire file, and split the lines manually.
$data = '';
while (!feof($fd)) {
$data .= fgets($fd, 4096);
}
fclose($fd);
// Replace any combination of carriage return (\r) and new line (\n)
// with a single new line.
$data = preg_replace("/[\r\n]+/", "\n", $data);
// Split the data into lines.
$configLines = explode("\n", $data);
for ($n = 0, $cnt = count($configLines); $n < $cnt; $n++) {
$buffer = trim($configLines[$n], "\r\n ");
if (preg_match('/^#|\\/\\*/', $buffer) || preg_match('/^<\\?/', $buffer) || preg_match('/^\\?>/', $buffer)) {
// end PHP code
continue;
}
if (preg_match('/(\\S+):\\s*(\\S+)/', $buffer, $matches)) {
$settings[$matches[1]] = $matches[2];
}
// echo "settings $matches[1] => $matches[2]<br />";
}
$configLines = $data = '';
// Extract db settings into global vars.
$db_database = $settings['db_database'];
$db_host = $settings['db_host'];
$db_login = $settings['db_login'];
$db_password = $settings['db_password'];
$db_persistent = preg_match('/(1|yes|true|on)/i', $settings['db_persistent']) ? '1' : '0';
$db_type = $settings['db_type'];
// If no db settings, then user has likely started install but not yet
// completed. So, send them back to the install script.
if (empty($db_type)) {
if (file_exists('install/index.php')) {
header('Location: install/index.php');
exit;
} else {
die_miserable_death(translate('Incomplete settings.php file...'));
}
}
// Use 'db_cachedir' if found, otherwise look for 'cachedir'.
if (!empty($settings['db_cachedir'])) {
dbi_init_cache($settings['db_cachedir']);
} else {
if (!empty($settings['cachedir'])) {
dbi_init_cache($settings['cachedir']);
}
}
if (!empty($settings['db_debug']) && preg_match('/(1|true|yes|enable|on)/i', $settings['db_debug'])) {
dbi_set_debug(true);
}
foreach (array('db_type', 'db_host', 'db_login', 'db_password') as $s) {
if (empty($settings[$s])) {
die_miserable_death(str_replace('XXX', $s, translate('Could not find XXX defined in...')));
}
}
// Allow special settings of 'none' in some settings[] values.
// This can be used for db servers not using TCP port for connection.
$db_host = $db_host == 'none' ? '' : $db_host;
$db_password = $db_password == 'none' ? '' : $db_password;
$readonly = preg_match('/(1|yes|true|on)/i', $settings['readonly']) ? 'Y' : 'N';
if (empty($settings['mode'])) {
$settings['mode'] = 'prod';
}
$run_mode = preg_match('/(dev)/i', $settings['mode']) ? 'dev' : 'prod';
$phpdbiVerbose = $run_mode == 'dev';
$single_user = preg_match('/(1|yes|true|on)/i', $settings['single_user']) ? 'Y' : 'N';
if ($single_user == 'Y') {
$single_user_login = $settings['single_user_login'];
}
if ($single_user == 'Y' && empty($single_user_login)) {
die_miserable_death(str_replace('XXX', 'single_user_login', translate('You must define XXX in')));
}
$use_http_auth = preg_match('/(1|yes|true|on)/i', $settings['use_http_auth']) ? true : false;
// Type of user authentication.
$user_inc = $settings['user_inc'];
// If sqlite, the db file is in the include directory
if ($db_type == 'sqlite') {
$db_database = get_full_include_path($db_database);
}
// Check the current installation version.
// Redirect user to install page if it is different from stored value.
// This will prevent running WebCalendar until UPGRADING.html has been
// read and required upgrade actions completed.
$c = @dbi_connect($db_host, $db_login, $db_password, $db_database, false);
if ($c) {
$rows = dbi_get_cached_rows('SELECT cal_value FROM webcal_config
WHERE cal_setting = \'WEBCAL_PROGRAM_VERSION\'');
if (!$rows) {
// & does not work here...leave it as &.
header('Location: install/index.php?action=mismatch&version=UNKNOWN');
exit;
} else {
$row = $rows[0];
if (empty($row) || $row[0] != $PROGRAM_VERSION) {
// & does not work here...leave it as &.
header('Location: install/index.php?action=mismatch&version=' . (empty($row) ? 'UNKNOWN' : $row[0]));
exit;
}
}
dbi_close($c);
} else {
// Must mean we don't have a settings.php file.
// NOTE: if we get a connect error when running send_reminders.php,
// we may want to show that error message here.
// & does not work here...leave it as &.
header('Location: install/index.php?action=mismatch&version=UNKNOWN');
exit;
}
// We can add extra 'nonuser' calendars such as a holiday, corporate,
// departmental, etc. We need a unique prefix for these calendars
// so we don't get them mixed up with real logins. This prefix should be
// a maximum of 5 characters and should NOT change once set!
$NONUSER_PREFIX = '_NUC_';
if ($single_user != 'Y') {
$single_user_login = '';
}
}
function list_unapproved($user)
{
global $eventinfo, $key, $login, $NONUSER_ENABLED, $noret, $temp_fullname;
user_load_variables($user, 'temp_');
$rssLink = '<a href="rss_unapproved.php?user='******'"><img src="images/rss.png" width="14" height="14" alt="RSS 2.0 - ' . htmlspecialchars($temp_fullname) . '" border="0"/></a>';
$count = 0;
$ret = '';
$sql = 'SELECT we.cal_id, we.cal_name, we.cal_description, weu.cal_login,
we.cal_priority, we.cal_date, we.cal_time, we.cal_duration,
weu.cal_status, we.cal_type
FROM webcal_entry we, webcal_entry_user weu
WHERE we.cal_id = weu.cal_id AND weu.cal_login = ? AND weu.cal_status = \'W\'
ORDER BY weu.cal_login, we.cal_date';
$rows = dbi_get_cached_rows($sql, array($user));
if ($rows) {
$allDayStr = translate('All day event');
$appConStr = translate('Approve/Confirm');
$appSelStr = translate('Approve Selected');
$checkAllStr = translate('Check All');
$deleteStr = translate('Delete');
$emailStr = translate('Emails Will Not Be Sent');
$rejectSelStr = translate('Reject Selected');
$rejectStr = translate('Reject');
$uncheckAllStr = translate('Uncheck All');
$viewStr = translate('View this entry');
for ($i = 0, $cnt = count($rows); $i < $cnt; $i++) {
$row = $rows[$i];
$key++;
$id = $row[0];
$name = $row[1];
$description = $row[2];
$cal_user = $row[3];
$pri = $row[4];
$date = $row[5];
$time = sprintf("%06d", $row[6]);
$duration = $row[7];
$status = $row[8];
$type = $row[9];
$view_link = 'view_entry';
$entryID = 'entry' . $type . $id;
$linkid = "pop{$id}-{$key}";
$timestr = '';
if ($time > 0 || $time == 0 && $duration != 1440) {
$eventstart = date_to_epoch($date . $time);
$eventstop = $eventstart + $duration;
$eventdate = date_to_str(date('Ymd', $eventstart));
$timestr = display_time('', 0, $eventstart) . ($duration > 0 ? ' - ' . display_time('', 0, $eventstop) : '');
} else {
// Don't shift date if All Day or Untimed.
$eventdate = date_to_str($date);
// If All Day display in popup.
if ($time == 0 && $duration == 1440) {
$timestr = $allDayStr;
}
}
$ret .= ($count == 0 ? '
<tr>
<td colspan="5"><h3>' . $temp_fullname . ' ' . $rssLink . '</h3></td>
</tr>' : '') . '
<tr ' . ($count % 2 == 0 ? '' : 'class="odd"') . '>
<td width="5%" align="right"><input type="checkbox" name="' . $entryID . '" value="' . $user . '"/></td>
<td><a title="' . $viewStr . '" class="entry" id="' . $linkid . '" href="' . $view_link . '.php?id=' . $id . '&user='******'">' . htmlspecialchars($name) . '</a> (' . $eventdate . '):</td>' . '
<td align="center"><input type="image" src="images/check.gif" title="' . $appConStr . '" onclick="return do_confirm( \'approve\', \'' . $cal_user . '\', \'' . $entryID . '\' );" /></td>' . '
<td align="center"><input type="image" src="images/rejected.gif" title="' . $rejectStr . '" onclick="return do_confirm( \'reject\', \'' . $cal_user . '\', \'' . $entryID . '\' );" /></td>' . (!access_is_enabled() || access_user_calendar('edit', $user) ? '
<td align="center"><input type="image" src="images/delete.png" title="' . $deleteStr . '" onclick="return do_confirm( \'delete\', \'' . $cal_user . '\', \'' . $entryID . '\' );\\" /></td>' : '') . '
</tr>';
$eventinfo .= build_entry_popup('eventinfo-' . $linkid, $cal_user, $description, $timestr, site_extras_for_popup($id));
$count++;
}
if ($count > 1) {
$ret .= '
<tr>
<td colspan="5" nowrap="nowrap">
<img src="images/select.gif" border="0" alt="" />
<label><a title="' . $checkAllStr . '" onclick="check_all( \'' . $user . '\' );">' . $checkAllStr . '</a> / <a title="' . $uncheckAllStr . '" onclick="uncheck_all( \'' . $user . '\' );">' . $uncheckAllStr . '</a></label>
<input type="image" src="images/check.gif" title="' . $appSelStr . '" onclick="return do_confirm( \'approveSelected\', \'' . $cal_user . '\' );" />
<input type="image" src="images/rejected.gif" title="' . $rejectSelStr . '" onclick="return do_confirm( \'rejectSelected\', \'' . $cal_user . '\' );" /> ( ' . $emailStr . ' )
</td>
</tr>';
}
}
if ($count == 0) {
$noret .= '
<tr>
<td colspan="5" class="nounapproved">' . str_replace('XXX', $temp_fullname, translate('No unapproved entries for XXX.')) . ' ' . $rssLink . '</td>
</tr>';
}
return $ret;
}
function get_unapproved($user)
{
global $key, $login, $NONUSER_ENABLED, $temp_fullname;
$count = 0;
$ret = '';
user_load_variables($user, 'temp_');
// echo 'Listing events for ' . $user . '<br />';
$sql = 'SELECT we.cal_id, we.cal_name, we.cal_date, we.cal_time
FROM webcal_entry we, webcal_entry_user weu
WHERE we.cal_id = weu.cal_id AND weu.cal_login = ? AND weu.cal_status = \'W\'
ORDER BY we.cal_date';
$rows = dbi_get_cached_rows($sql, array($user));
echo '
<!-- SQL:
' . $sql . '
-->
';
if ($rows) {
for ($i = 0, $cnt = count($rows); $i < $cnt; $i++) {
$row = $rows[$i];
$id = $row[0];
$name = $row[1];
$date = $row[2];
$time = $row[3];
$ret .= process_event($id, $name, $date, $time, $user);
}
}
return $ret;
}