function process_form()
{
global $phpcid, $vars, $phpcdb, $phpc_script;
verify_token();
if (empty($vars['user_name'])) {
return message(__('You must specify a user name'));
}
if (empty($vars['password1'])) {
return message(__('You must specify a password'));
}
if (empty($vars['password2']) || $vars['password1'] != $vars['password2']) {
return message(__('Your passwords did not match'));
}
$make_admin = empty($vars['make_admin']) ? 0 : 1;
$passwd = md5($vars['password1']);
if ($phpcdb->get_user_by_name($vars["user_name"])) {
return message(__('User already exists.'));
}
$uid = $phpcdb->create_user($vars["user_name"], $passwd, $make_admin);
if (!empty($vars['groups'])) {
foreach ($vars['groups'] as $gid) {
$phpcdb->user_add_group($uid, $gid);
}
}
return message(__('Added user.'));
}
function process_form()
{
global $phpcid, $vars, $phpcdb, $phpc_script, $phpc_cal;
verify_token();
$user = $phpcdb->get_user($vars["uid"]);
// Remove existing groups for this calendar
foreach ($user->get_groups() as $group) {
if ($group["cid"] == $phpcid) {
$phpcdb->user_remove_group($vars["uid"], $group["gid"]);
}
}
$valid_groups = array();
foreach ($phpc_cal->get_groups() as $group) {
$valid_groups[] = $group["gid"];
}
if (!empty($vars["groups"])) {
foreach ($vars["groups"] as $gid) {
if (!in_array($gid, $valid_groups)) {
soft_error("Invalid gid");
}
$phpcdb->user_add_group($vars["uid"], $gid);
}
}
return message(__('Groups updated.'));
}
function process_form()
{
global $vars, $phpcdb, $phpc_script;
verify_token();
$cid = $phpcdb->create_calendar();
foreach (get_config_options() as $item) {
$name = $item[0];
$type = $item[2];
if ($type == PHPC_CHECK) {
if (isset($vars[$name])) {
$value = "1";
} else {
$value = "0";
}
} else {
if (isset($vars[$name])) {
$value = $vars[$name];
} else {
soft_error(__("{$name} was not set."));
}
}
$phpcdb->create_config($cid, $name, $value);
}
message(__('Calendar created.'));
}
function password_submit()
{
global $vars, $phpcdb, $phpc_user;
if (!is_user()) {
return tag('div', __('You must be logged in.'));
}
verify_token();
if (!$phpc_user->is_password_editable()) {
soft_error(__('You do not have permission to change your password.'));
}
if (!isset($vars['old_password'])) {
return tag('div', __('You must specify your old password.'));
} else {
$old_password = $vars['old_password'];
}
if ($phpc_user->password != md5($old_password)) {
return tag('div', __('The password you entered did not match your old password.'));
}
if (empty($vars['password1'])) {
return tag('div', __('You must specify a password'));
}
if (empty($vars['password2']) || $vars['password1'] != $vars['password2']) {
return tag('div', __('Your passwords did not match'));
}
$passwd = md5($vars['password1']);
$phpcdb->set_password($phpc_user->get_uid(), $passwd);
return tag('div', __('Password updated.'));
}
function user_settings_submit()
{
global $phpcid, $vars, $phpcdb, $phpc_user_tz, $phpc_user_lang, $phpc_prefix, $phpc_user, $phpc_script;
verify_token();
// If we have a timezone, make sure it's valid
if (!empty($vars["timezone"]) && !in_array($vars['timezone'], timezone_identifiers_list())) {
soft_error(__("Invalid timezone."));
}
// Expire 20 years in the future, give or take.
$expiration_time = time() + 20 * 365 * 24 * 60 * 60;
// One hour in the past
$past_time = time() - 3600;
if (!empty($vars["timezone"])) {
setcookie("{$phpc_prefix}tz", $vars['timezone'], $expiration_time);
} else {
setcookie("{$phpc_prefix}tz", '', $past_time);
}
if (!empty($vars["language"])) {
setcookie("{$phpc_prefix}lang", $vars['language'], $expiration_time);
} else {
setcookie("{$phpc_prefix}lang", '', $past_time);
}
if (is_user()) {
$uid = $phpc_user->get_uid();
$phpcdb->set_user_default_cid($uid, $vars['default_cid']);
$phpcdb->set_timezone($uid, $vars['timezone']);
$phpcdb->set_language($uid, $vars['language']);
$phpc_user_tz = $vars["timezone"];
$phpc_user_lang = $vars["language"];
}
return message_redirect(__('Settings updated.'), "{$phpc_script}?action=user_settings&phpcid={$phpcid}");
}
function settings_submit()
{
global $phpcid, $vars, $phpcdb, $phpc_user_tz, $phpc_user_lang, $phpc_prefix, $phpc_user;
verify_token();
// Expire 20 years in the future, give or take.
$expiration_time = time() + 20 * 365 * 24 * 60 * 60;
// One hour in the past
$past_time = time() - 3600;
if (!empty($vars["timezone"])) {
setcookie("{$phpc_prefix}tz", $vars['timezone'], $expiration_time);
} else {
setcookie("{$phpc_prefix}tz", '', $past_time);
}
if (!empty($vars["language"])) {
setcookie("{$phpc_prefix}lang", $vars['language'], $expiration_time);
} else {
setcookie("{$phpc_prefix}lang", '', $past_time);
}
if (is_user()) {
$uid = $phpc_user->get_uid();
$phpcdb->set_timezone($uid, $vars['timezone']);
$phpcdb->set_language($uid, $vars['language']);
$phpc_user_tz = $vars["timezone"];
$phpc_user_lang = $vars["language"];
}
return message(__('Settings updated.'));
}
if ($format != $translation) {
$args[0] = format_number($number);
}
return vsprintf($format, $args);
}
function switch_lang()
{
global $LANG, $langs;
echo "<form action='' method='post'>\n<div id='lang'>";
echo lang('Language') . ": " . html_select("lang", $langs, $LANG, "this.form.submit();");
echo " <input type='submit' value='" . lang('Use') . "' class='hidden'>\n";
echo "<input type='hidden' name='token' value='" . get_token() . "'>\n";
// $token may be empty in auth.inc.php
echo "</div>\n</form>\n";
}
if (isset($_POST["lang"]) && verify_token()) {
// $error not yet available
cookie("adminer_lang", $_POST["lang"]);
$_SESSION["lang"] = $_POST["lang"];
// cookies may be disabled
$_SESSION["translations"] = array();
// used in compiled version
adminer_redirect(remove_from_uri());
}
$LANG = "en";
if (isset($langs[$_COOKIE["adminer_lang"]])) {
cookie("adminer_lang", $_COOKIE["adminer_lang"]);
$LANG = $_COOKIE["adminer_lang"];
} elseif (isset($langs[$_SESSION["lang"]])) {
$LANG = $_SESSION["lang"];
} else {
function process_form()
{
global $vars, $phpcdb, $phpc_cal, $phpcid, $phpc_script;
if (!isset($vars['eid']) && !isset($vars['oid'])) {
soft_error(__("Cannot create occurrence."));
}
$start_ts = get_timestamp("start");
$end_ts = get_timestamp("end");
switch ($vars["time-type"]) {
case 'normal':
$time_type = 0;
break;
case 'full':
$time_type = 1;
break;
case 'tba':
$time_type = 2;
break;
default:
soft_error(__("Unrecognized Time Type."));
}
$duration = $end_ts - $start_ts;
if ($duration < 0) {
soft_error(__("An event cannot have an end earlier than its start."));
}
verify_token();
if (!$phpc_cal->can_write()) {
permission_error(__('You do not have permission to write to this calendar.'));
}
if (!isset($vars['oid'])) {
$modify = false;
if (!isset($vars["eid"])) {
soft_error(__("EID not set."));
}
$oid = $phpcdb->create_occurrence($vars["eid"], $time_type, $start_ts, $end_ts);
} else {
$modify = true;
$oid = $vars["oid"];
$phpcdb->modify_occurrence($oid, $time_type, $start_ts, $end_ts);
}
if ($oid != 0) {
if ($modify) {
$message = __("Modified occurence: ");
} else {
$message = __("Created occurence: ");
}
return message_redirect(tag('', $message, create_event_link($oid, 'display_event', $oid)), "{$phpc_script}?action=display_event&phpcid={$phpcid}&oid={$oid}");
} else {
return message_redirect(__('Error submitting occurrence.'), "{$phpc_script}?action=display_month&phpcid={$phpcid}");
}
}
function process_form()
{
global $vars, $phpcdb, $phpc_cal, $phpcid, $phpc_script, $phpc_user;
// When modifying events, this is the value of the checkbox that
// determines if the date should change
$modify_occur = !isset($vars['eid']) || !empty($vars['phpc-modify']);
if ($modify_occur) {
$start_ts = get_timestamp("start");
$end_ts = get_timestamp("end");
switch ($vars["time-type"]) {
case 'normal':
$time_type = 0;
break;
case 'full':
$time_type = 1;
break;
case 'tba':
$time_type = 2;
break;
default:
soft_error(__("Unrecognized Time Type."));
}
$duration = $end_ts - $start_ts;
if ($duration < 0) {
message(__("An event cannot have an end earlier than its start."));
return display_form();
}
}
verify_token();
if (0) {
permission_error(__('You do not have permission to write to this calendar.'));
}
if ($phpc_cal->can_create_readonly() && !empty($vars['readonly'])) {
$readonly = true;
} else {
$readonly = false;
}
$catid = empty($vars['catid']) ? false : $vars['catid'];
if (!isset($vars['eid'])) {
$modify = false;
$eid = $phpcdb->create_event($phpcid, $phpc_user->get_uid(), $vars["subject"], $vars["description"], $readonly, $catid);
} else {
$modify = true;
$eid = $vars['eid'];
$phpcdb->modify_event($eid, $vars['subject'], $vars['description'], $readonly, $catid);
if ($modify_occur) {
$phpcdb->delete_occurrences($eid);
}
}
if ($modify_occur) {
$oid = $phpcdb->create_occurrence($eid, $time_type, $start_ts, $end_ts);
$occurrences = 1;
switch ($vars["repeats"]) {
case "never":
break;
case 'daily':
if (!isset($vars["every-day"])) {
soft_error(__("Required field \"every-day\" is not set."));
}
$ndays = $vars["every-day"];
if ($ndays < 1) {
soft_error(__("every-day must be greater than 1"));
}
$daily_until = get_timestamp("daily-until");
while ($occurrences <= 730) {
$start_ts = add_days($start_ts, $ndays);
$end_ts = add_days($end_ts, $ndays);
if (days_between($start_ts, $daily_until) < 0) {
break;
}
$phpcdb->create_occurrence($eid, $time_type, $start_ts, $end_ts);
$occurrences++;
}
break;
case 'weekly':
if (!isset($vars["every-week"])) {
soft_error(__("Required field \"every-week\" is not set."));
}
if ($vars["every-week"] < 1) {
soft_error(__("every-week must be greater than 1"));
}
$ndays = $vars["every-week"] * 7;
$weekly_until = get_timestamp("weekly-until");
while ($occurrences <= 730) {
$start_ts = add_days($start_ts, $ndays);
$end_ts = add_days($end_ts, $ndays);
if (days_between($start_ts, $weekly_until) < 0) {
break;
}
$phpcdb->create_occurrence($eid, $time_type, $start_ts, $end_ts);
$occurrences++;
}
break;
case 'monthly':
if (!isset($vars["every-month"])) {
soft_error(__("Required field \"every-month\" is not set."));
}
if ($vars["every-month"] < 1) {
soft_error(__("every-month must be greater than 1"));
}
$nmonths = $vars["every-month"];
$monthly_until = get_timestamp("monthly-until");
while ($occurrences <= 730) {
$start_ts = add_months($start_ts, $nmonths);
$end_ts = add_months($end_ts, $nmonths);
if (days_between($start_ts, $monthly_until) < 0) {
break;
}
$phpcdb->create_occurrence($eid, $time_type, $start_ts, $end_ts);
$occurrences++;
}
break;
case 'yearly':
if (!isset($vars["every-year"])) {
soft_error(__("Required field \"every-year\" is not set."));
}
if ($vars["every-year"] < 1) {
soft_error(__("every-month must be greater than 1"));
}
$nyears = $vars["every-year"];
$yearly_until = get_timestamp("yearly-until");
while ($occurrences <= 730) {
$start_ts = add_years($start_ts, $nyears);
$end_ts = add_years($end_ts, $nyears);
if (days_between($start_ts, $yearly_until) < 0) {
break;
}
$phpcdb->create_occurrence($eid, $time_type, $start_ts, $end_ts);
$occurrences++;
}
break;
default:
soft_error(__("Invalid event type."));
}
}
if ($eid != 0) {
if ($modify) {
$message = __("Modified event: ");
} else {
$message = __("Created event: ");
}
/* before
return message_redirect(tag($eid, $message,
create_event_link('', 'display_event',
$eid)), */
return message_redirect(tag('', $message, create_event_link('', 'display_event', '')), "{$phpc_script}?action=display_event&phpcid={$phpcid}&oid={$oid}");
/* <-- before last paremeter was &eid=$eid instead of &oid=$oid */
} else {
return message_redirect(__('Error submitting event.'), "{$phpc_script}?action=display_month&phpcid={$phpcid}");
}
}
echo "</select>";
echo " <input type='submit' value='" . lang('Use') . "' class='hidden'>\n";
echo "<input type='hidden' name='token' value='" . get_token() . "'>\n";
// $token may be empty in auth.inc.php
echo "</div>\n</form>\n";
}
if (isset($_POST["lang"]) && verify_token()) {
// $error not yet available
cookie("adminer_lang", $_POST["lang"]);
$_SESSION["lang"] = $_POST["lang"];
// cookies may be disabled
$_SESSION["translations"] = array();
// used in compiled version
redirect(remove_from_uri());
}
if (isset($_POST["theme"]) && verify_token()) {
// $error not yet available
if ($_POST["theme"] == 'default') {
setcookie("adminer_theme", null, time() - 3600);
if (file_exists("./adminer.css")) {
unlink("./adminer.css");
}
} else {
copy("../designs/" . $_POST["theme"] . "/adminer.css", "./adminer.css");
cookie("adminer_theme", $_REQUEST["theme"]);
}
redirect(remove_from_uri());
}
$LANG = "en";
if (isset($langs[$_COOKIE["adminer_lang"]])) {
cookie("adminer_lang", $_COOKIE["adminer_lang"]);
exit;
}
$connection = connect();
}
$driver = new Min_Driver($connection);
if (!is_object($connection) || !$adminer->login($_GET["username"], get_password())) {
auth_error(is_string($connection) ? $connection : lang('Invalid credentials.'));
}
if ($auth && $_POST["token"]) {
$_POST["token"] = $token;
// reset token after explicit login
}
$error = '';
///< @var string
if ($_POST) {
if (!verify_token()) {
$ini = "max_input_vars";
$max_vars = ini_get($ini);
if (extension_loaded("suhosin")) {
foreach (array("suhosin.request.max_vars", "suhosin.post.max_vars") as $key) {
$val = ini_get($key);
if ($val && (!$max_vars || $val < $max_vars)) {
$ini = $key;
$max_vars = $val;
}
}
}
$error = !$_POST["token"] && $max_vars ? lang('Maximum number of allowed fields exceeded. Please increase %s.', "'{$ini}'") : lang('Invalid CSRF token. Send the form again.') . ' ' . lang('If you did not send this request from Adminer then close this page.');
}
} elseif ($_SERVER["REQUEST_METHOD"] == "POST") {
// posted form with no data means that post_max_size exceeded because Adminer always sends token at least
function ensure_privileged_api_data_and_token_or_slave($db)
{
$data = ensure_privileged_api_data();
if (should_authenticate_as_slave($data)) {
verify_slave($db, $data);
} else {
if (!verify_token(array_get($data, 'token'))) {
exit_with_error('InvalidToken');
}
}
return $data;
}
"Content-Type: application/x-www-form-urlencoded"
,"Authorization: $token"
));
$response = Array();
parse_str(curl_exec($ch), $response);
curl_close($ch);
return $response;
}
}
// AUTH FIRST
// Verify token
$headers = apache_request_headers();
if(isset($headers['Authorization'])) {
$token = $headers['Authorization'];
$response = verify_token($token);
$me = @$response['me'];
$iss = @$response['issued_by'];
$client = @$response['client_id'];
$scope = @$response['scope'];
}else{
header("HTTP/1.1 403 Forbidden");
echo "403: No authorization header set.";
exit;
}
if(empty($response)){
header("HTTP/1.1 401 Unauthorized");
echo "401: Access token could not be verified.";
exit;
}elseif(stripos($me, "rhiaro.co.uk") === false || $scope != "update"){
function process_form()
{
global $vars, $phpcdb, $phpc_script, $phpc_user, $phpc_cal;
// When modifying events, this is the value of the checkbox that
// determines if the date should change
$modify_occur = !isset($vars['eid']) || !empty($vars['phpc-modify']);
if ($modify_occur) {
$start_ts = get_timestamp("start");
$end_ts = get_timestamp("end");
switch ($vars["time-type"]) {
case 'normal':
$time_type = 0;
break;
case 'full':
$time_type = 1;
break;
case 'tba':
$time_type = 2;
break;
default:
soft_error(__("Unrecognized Time Type."));
}
$duration = $end_ts - $start_ts;
if ($duration < 0) {
throw new Exception(__("An event cannot have an end earlier than its start."));
}
}
verify_token();
if (!isset($vars['cid'])) {
throw new Exception(__("Calendar ID is not set."));
}
$cid = $vars['cid'];
$calendar = $phpcdb->get_calendar($cid);
if (!$calendar->can_write()) {
permission_error(__('You do not have permission to write to this calendar.'));
}
if ($calendar->can_create_readonly() && !empty($vars['readonly'])) {
$readonly = true;
} else {
$readonly = false;
}
$catid = empty($vars['catid']) ? false : $vars['catid'];
if (!isset($vars['eid'])) {
$modify = false;
$eid = $phpcdb->create_event($cid, $phpc_user->get_uid(), $vars["subject"], $vars["description"], $readonly, $catid);
} else {
$modify = true;
$eid = $vars['eid'];
$phpcdb->modify_event($eid, $vars['subject'], $vars['description'], $readonly, $catid);
if ($modify_occur) {
$phpcdb->delete_occurrences($eid);
}
}
foreach ($phpc_cal->get_fields() as $field) {
$fid = $field['fid'];
if (empty($vars["phpc-field-{$fid}"])) {
if ($field['required']) {
throw new Exception(sprintf(__('Field "%s" is required but was not set.'), $field['name']));
}
continue;
}
$phpcdb->add_event_field($eid, $fid, $vars["phpc-field-{$fid}"]);
}
if ($modify_occur) {
$occurrences = 0;
$n = 1;
$until = $start_ts;
switch ($vars['repeats']) {
case 'daily':
check_input("every-day");
$n = $vars["every-day"];
$until = get_timestamp("daily-until");
break;
case 'weekly':
check_input("every-week");
$n = $vars["every-week"] * 7;
$until = get_timestamp("weekly-until");
break;
case 'monthly':
check_input("every-month");
$n = $vars["every-month"];
$until = get_timestamp("monthly-until");
break;
case 'yearly':
check_input("every-year");
$n = $vars["every-year"];
$until = get_timestamp("yearly-until");
break;
}
if ($n < 1) {
soft_error(__('Increment must be 1 or greater.'));
}
while ($occurrences <= 730 && days_between($start_ts, $until) >= 0) {
$oid = $phpcdb->create_occurrence($eid, $time_type, $start_ts, $end_ts);
$occurrences++;
switch ($vars["repeats"]) {
case 'daily':
case 'weekly':
$start_ts = add_days($start_ts, $n);
$end_ts = add_days($end_ts, $n);
break;
case 'monthly':
$start_ts = add_months($start_ts, $n);
$end_ts = add_months($end_ts, $n);
break;
case 'yearly':
$start_ts = add_years($start_ts, $n);
$end_ts = add_years($end_ts, $n);
break;
default:
break 2;
}
}
}
if ($eid != 0) {
if ($modify) {
$message = __("Modified event: ");
} else {
$message = __("Created event: ");
}
return message_redirect(tag('', $message, create_event_link($eid, 'display_event', $eid)), "{$phpc_script}?action=display_event&eid={$eid}");
} else {
return message_redirect(__('Error submitting event.'), "{$phpc_script}?action=display_month&phpcid={$cid}");
}
}