} if ($groups_enabled == "Y") { $INC = array('js/assistant_edit.php'); } else { $INC = ''; } print_header($INC); ?> <form action="assistant_edit_handler.php" method="post" name="assistanteditform"> <?php if ($user) { echo "<input type=\"hidden\" name=\"user\" value=\"{$user}\" />\n"; } if ($is_nonuser_admin) { nonuser_load_variables($user, "nonuser"); echo "<h2>" . $nonuserfullname . " " . translate("Assistants") . "<br />\n-- " . translate("Admin mode") . " --</h2>\n"; } else { echo "<h2>" . translate("Your assistants") . "</h2>\n"; } ?> <a title="<?php etranslate("Admin"); ?> " class="nav" href="adminhome.php">« <?php etranslate("Admin"); ?> </a><br /><br /> <table style="border-width:0px;"> <tr><td style="vertical-align:top;">
/** * Load info about a user (first name, last name, admin) and set globally. * * @param string $user User login * @param string $prefix Variable prefix to use * * @return bool True on success */ function user_load_variables($login, $prefix) { global $PUBLIC_ACCESS_FULLNAME, $NONUSER_PREFIX, $cached_user_var; $ret = false; if (!empty($cached_user_var[$login][$prefix])) { return $cached_user_var[$login][$prefix]; } $cached_user_var = array(); if ($NONUSER_PREFIX && substr($login, 0, strlen($NONUSER_PREFIX)) == $NONUSER_PREFIX) { nonuser_load_variables($login, $prefix); return true; } if ($login == '__public__' || $login == '__default__') { $GLOBALS[$prefix . 'login'] = $login; $GLOBALS[$prefix . 'firstname'] = ''; $GLOBALS[$prefix . 'lastname'] = ''; $GLOBALS[$prefix . 'is_admin'] = 'N'; $GLOBALS[$prefix . 'email'] = ''; $GLOBALS[$prefix . 'fullname'] = $login == '__public__' ? $PUBLIC_ACCESS_FULLNAME : translate('DEFAULT CONFIGURATION'); $GLOBALS[$prefix . 'password'] = ''; return true; } $sql = 'SELECT cal_firstname, cal_lastname, cal_is_admin, cal_email, cal_passwd FROM webcal_user WHERE cal_login = ?'; $res = dbi_execute($sql, array($login)); if ($res) { if ($row = dbi_fetch_row($res)) { $GLOBALS[$prefix . 'login'] = $login; $GLOBALS[$prefix . 'firstname'] = $row[0]; $GLOBALS[$prefix . 'lastname'] = $row[1]; $GLOBALS[$prefix . 'is_admin'] = $row[2]; $GLOBALS[$prefix . 'email'] = empty($row[3]) ? '' : $row[3]; if (strlen($row[0]) && strlen($row[1])) { $GLOBALS[$prefix . 'fullname'] = "{$row['0']} {$row['1']}"; } else { $GLOBALS[$prefix . 'fullname'] = $login; } $GLOBALS[$prefix . 'password'] = $row[4]; $ret = true; } dbi_free_result($res); } else { $error = db_error(); return false; } //save these results $cached_user_var[$login][$prefix] = $ret; return $ret; }
//Prh ... add user to edit_template to get/set correct template $openStr = "\"window.open( 'edit_template.php?type=%s&user=%s','cal_template','dependent,menubar,scrollbars,height=500,width=500,outerHeight=520,outerWidth=520' );\""; $currenttab = getPostValue('currenttab', 'settings'); $currenttab = !empty($currenttab) ? $currenttab : 'settings'; $BodyX = 'onload="altrows(); showTab( \'' . $currenttab . '\' );"'; $INC = array('js/visible.php', 'js/pref.php'); print_header($INC, '', $BodyX); ?> <h2><?php if ($updating_public) { echo translate($PUBLIC_ACCESS_FULLNAME) . ' '; } etranslate('Preferences'); if ($is_nonuser_admin || $is_admin && substr($prefuser, 0, 5) == '_NUC_') { nonuser_load_variables($user, 'nonuser'); echo '<br /><strong>-- ' . translate('Admin mode') . ': ' . $nonuserfullname . " --</strong>\n"; } $qryStr = !empty($_SERVER['QUERY_STRING']) ? '?' . $_SERVER['QUERY_STRING'] : ''; $formaction = substr($self, strrpos($self, '/') + 1) . $qryStr; ?> <img src="images/help.gif" alt="<?php etranslate('Help'); ?> " class="help" onclick="window.open( 'help_pref.php', 'cal_help', 'dependent,menubar,scrollbars,height=400,width=400,innerHeight=420,outerWidth=420' );" /></h2> <form action="<?php echo htmlspecialchars($formaction); ?> " method="post" onsubmit="return valid_form( this );" name="prefform">
if (!$NONUSER_PREFIX) { echo print_error_header() . translate('NONUSER_PREFIX not set') . '. </body> </html>'; exit; } $add = getValue('add'); $nid = getValue('nid'); // Adding/Editing nonuser calendar. if (($add == '1' || !empty($nid)) && empty($error)) { $userlist = user_get_users(); $button = translate('Add', true); $buttonAction = 'Add'; $nid = clean_html($nid); if (!empty($nid)) { nonuser_load_variables($nid, 'nonusertemp_'); $id_display = $nid . ' <input type="hidden" name="nid" value="' . $nid . '" />'; $button = translate('Save', true); $buttonAction = 'Save'; //$nonusertemp_login = substr ( $nonusertemp_login, // strlen ( $NONUSER_PREFIX ) ); } else { $id_display = ' <input type="text" name="nid" id="calid" size="20" ' . 'onchange="check_name();" maxlength="20" /> ' . translate('word characters only'); } ob_start(); echo ' <form action="edit_nonusers_handler.php" name="editnonuser" method="post" ' . 'onsubmit="return valid_form( this );">' . (empty($nonusertemp_admin) ? '' : ' <input type="hidden" name="old_admin" value="' . $nonusertemp_admin . '" />') . ' <h2>' . (empty($nid) ? translate('Add User') : translate('Edit User')) . '</h2>
function user_load_variables($login, $prefix) { global $PUBLIC_ACCESS_FULLNAME, $NONUSER_PREFIX; if ($NONUSER_PREFIX && substr($login, 0, strlen($NONUSER_PREFIX)) == $NONUSER_PREFIX) { nonuser_load_variables($login, $prefix); return true; } if ($login == "__public__") { $GLOBALS[$prefix . "login"] = $login; $GLOBALS[$prefix . "firstname"] = ""; $GLOBALS[$prefix . "lastname"] = ""; $GLOBALS[$prefix . "is_admin"] = "N"; $GLOBALS[$prefix . "email"] = ""; $GLOBALS[$prefix . "fullname"] = $PUBLIC_ACCESS_FULLNAME; $GLOBALS[$prefix . "password"] = ""; return true; } $sql = "SELECT cal_firstname, cal_lastname, cal_is_admin, cal_email, cal_passwd " . "FROM webcal_user WHERE cal_login = '******'"; $res = dbi_query($sql); if ($res) { if ($row = dbi_fetch_row($res)) { $GLOBALS[$prefix . "login"] = $login; $GLOBALS[$prefix . "firstname"] = $row[0]; $GLOBALS[$prefix . "lastname"] = $row[1]; $GLOBALS[$prefix . "is_admin"] = $row[2]; $GLOBALS[$prefix . "email"] = empty($row[3]) ? "" : $row[3]; if (strlen($row[0]) && strlen($row[1])) { $GLOBALS[$prefix . "fullname"] = "{$row['0']} {$row['1']}"; } else { $GLOBALS[$prefix . "fullname"] = $login; } $GLOBALS[$prefix . "password"] = $row[4]; } dbi_free_result($res); } else { $error = translate("Database error") . ": " . dbi_error(); return false; } return true; }
function user_load_variables($login, $prefix) { global $PUBLIC_ACCESS_FULLNAME, $NONUSER_PREFIX, $cached_user_var; global $app_host, $app_login, $app_pass, $app_db, $app_user_table; global $c, $db_host, $db_login, $db_password, $db_database, $app_same_db; if (!empty($cached_user_var[$login][$prefix])) { return $cached_user_var[$login][$prefix]; } $cached_user_var = array(); if ($NONUSER_PREFIX && substr($login, 0, strlen($NONUSER_PREFIX)) == $NONUSER_PREFIX) { nonuser_load_variables($login, $prefix); return true; } if ($login == '__public__') { $GLOBALS[$prefix . 'login'] = $login; $GLOBALS[$prefix . 'firstname'] = ''; $GLOBALS[$prefix . 'lastname'] = ''; $GLOBALS[$prefix . 'is_admin'] = 'N'; $GLOBALS[$prefix . 'email'] = ''; $GLOBALS[$prefix . 'fullname'] = $PUBLIC_ACCESS_FULLNAME; $GLOBALS[$prefix . 'password'] = ''; return true; } // if application is in a separate db, we have to connect to it if ($app_same_db != '1') { $c = dbi_connect($app_host, $app_login, $app_pass, $app_db); } $sql = "SELECT id, name, username, email FROM {$app_user_table} WHERE username = '******'"; $res = dbi_query($sql); if ($res) { if ($row = dbi_fetch_row($res)) { $flname = explode(' ', $row[1]); $fname = isset($flname[1]) ? $flname[0] : $row[1]; $lname = isset($flname[1]) ? $flname[1] : ''; $GLOBALS[$prefix . 'login'] = $login; $GLOBALS[$prefix . 'firstname'] = $fname; $GLOBALS[$prefix . 'lastname'] = $lname; $GLOBALS[$prefix . 'is_admin'] = user_is_admin($row[0], get_admins()); $GLOBALS[$prefix . 'email'] = $row[3]; $GLOBALS[$prefix . 'fullname'] = $row[1]; } dbi_free_result($res); } else { $error = db_error(); return false; } // if application is in a separate db, we have to connect back to the webcal db if ($app_same_db != '1') { $c = dbi_connect($db_host, $db_login, $db_password, $db_database); } //save these results $cached_user_var[$login][$prefix] = true; return true; }
if ($use_http_auth) { /* No web login for HTTP-based authentication.*/ die_miserable_death(print_not_auth(23)); } $login = getValue('login'); if (empty($login)) { die_miserable_death(translate('A login must be specified') . '.'); } $date = getValue('date'); $return_path = getValue('return_path'); // Was a return path set? $url = !empty($return_path) ? clean_whitespace($return_path . (!empty($date) ? '?date=' . $date : '')) : 'index.php'; if ($login == '__public__') { do_redirect($url); } if (!nonuser_load_variables($login, 'temp_')) { die_miserable_death(translate('No such nonuser calendar') . ": {$login}"); } if (empty($temp_is_public) || $temp_is_public != 'Y') { die_miserable_death(print_not_auth(24)); } // calculate path for cookie if (empty($PHP_SELF)) { $PHP_SELF = $_SERVER['PHP_SELF']; } $cookie_path = str_replace('nulogin.php', '', $PHP_SELF); // echo "Cookie path: $cookie_path\n"; if (get_magic_quotes_gpc()) { $login = stripslashes($login); } $login = trim($login);
function user_load_variables($login, $prefix) { global $ds, $error, $ldap_base_dn, $ldap_login_attr, $ldap_user_attr, $ldap_user_filter, $NONUSER_PREFIX, $PUBLIC_ACCESS_FULLNAME, $cached_user_var; if (!empty($cached_user_var[$login][$prefix])) { return $cached_user_var[$login][$prefix]; } $cached_user_var = array(); if ($NONUSER_PREFIX && substr($login, 0, strlen($NONUSER_PREFIX)) == $NONUSER_PREFIX) { nonuser_load_variables($login, $prefix); return true; } if ($login == '__public__') { $GLOBALS[$prefix . 'login'] = $login; $GLOBALS[$prefix . 'firstname'] = ''; $GLOBALS[$prefix . 'lastname'] = ''; $GLOBALS[$prefix . 'is_admin'] = 'N'; $GLOBALS[$prefix . 'email'] = ''; $GLOBALS[$prefix . 'fullname'] = $PUBLIC_ACCESS_FULLNAME; $GLOBALS[$prefix . 'password'] = ''; return true; } $ret = false; if ($r = connect_and_bind()) { $sr = @ldap_search($ds, $ldap_base_dn, "(&({$ldap_login_attr}={$login}){$ldap_user_filter} )", $ldap_user_attr); if (!$sr) { $error = 'Error searching LDAP server: ' . ldap_error($ds); } else { $info = @ldap_get_entries($ds, $sr); if ($info['count'] != 1) { $error = 'Invalid login'; } else { // modif lcs $tmp_cn = utf8_decode($info[0]["cn"][0]); $tmp_sn = " " . utf8_decode($info[0]["sn"][0]); $tmp_cal_firstname = ereg_replace($tmp_sn, "", $tmp_cn); $GLOBALS[$prefix . 'login'] = $login; $GLOBALS[$prefix . 'firstname'] = $tmp_cal_firstname; $GLOBALS[$prefix . 'lastname'] = utf8_decode($info[0]["sn"][0]); $GLOBALS[$prefix . 'email'] = $info[0][$ldap_user_attr[4]][0]; $GLOBALS[$prefix . 'fullname'] = utf8_decode($info[0]["cn"][0]); $GLOBALS[$prefix . 'is_admin'] = user_is_admin($login, get_admins()); $ret = true; // eom } @ldap_free_result($sr); } @ldap_close($ds); } //save these results $cached_user_var[$login][$prefix] = $ret; return $ret; }
/** * Load info about a user (first name, last name, admin) and set globally. * * @param string $user User login * @param string $prefix Variable prefix to use * * @return bool True on success */ function user_load_variables($login, $prefix) { global $PUBLIC_ACCESS_FULLNAME, $NONUSER_PREFIX, $cached_user_var, $SCRIPT; $ret = false; if (!empty($cached_user_var[$login][$prefix])) { return $cached_user_var[$login][$prefix]; } $cached_user_var = array(); //help prevent spoofed username attempts from disclosing fullpath $GLOBALS[$prefix . 'fullname'] = ''; if ($NONUSER_PREFIX && substr($login, 0, strlen($NONUSER_PREFIX)) == $NONUSER_PREFIX) { nonuser_load_variables($login, $prefix); return true; } if ($login == '__public__' || $login == '__default__') { $GLOBALS[$prefix . 'login'] = $login; $GLOBALS[$prefix . 'firstname'] = ''; $GLOBALS[$prefix . 'lastname'] = ''; $GLOBALS[$prefix . 'is_admin'] = 'N'; $GLOBALS[$prefix . 'email'] = ''; $GLOBALS[$prefix . 'fullname'] = $login == '__public__' ? $PUBLIC_ACCESS_FULLNAME : translate('DEFAULT CONFIGURATION'); $GLOBALS[$prefix . 'password'] = ''; return true; } $sql = 'SELECT cal_firstname, cal_lastname, cal_is_admin, cal_email, cal_passwd, ' . 'cal_enabled FROM webcal_user WHERE cal_login = ?'; $rows = dbi_get_cached_rows($sql, array($login)); if ($rows) { $row = $rows[0]; $GLOBALS[$prefix . 'login'] = $login; $GLOBALS[$prefix . 'firstname'] = $row[0]; $GLOBALS[$prefix . 'lastname'] = $row[1]; $GLOBALS[$prefix . 'is_admin'] = $row[2]; $GLOBALS[$prefix . 'email'] = empty($row[3]) ? '' : $row[3]; if (strlen($row[0]) && strlen($row[1])) { $GLOBALS[$prefix . 'fullname'] = "{$row['0']} {$row['1']}"; } else { $GLOBALS[$prefix . 'fullname'] = $login; } $GLOBALS[$prefix . 'password'] = $row[4]; $GLOBALS[$prefix . 'enabled'] = $row[5]; $ret = true; } else { return false; } //save these results $cached_user_var[$login][$prefix] = $ret; return $ret; }
function user_load_variables($login, $prefix) { global $PUBLIC_ACCESS_FULLNAME, $NONUSER_PREFIX; global $app_host, $app_login, $app_pass, $app_db, $pn_user_table; global $c, $db_host, $db_login, $db_password, $db_database, $app_same_db; if ($NONUSER_PREFIX && substr($login, 0, strlen($NONUSER_PREFIX)) == $NONUSER_PREFIX) { nonuser_load_variables($login, $prefix); return true; } if ($login == "__public__") { $GLOBALS[$prefix . "login"] = $login; $GLOBALS[$prefix . "firstname"] = ""; $GLOBALS[$prefix . "lastname"] = ""; $GLOBALS[$prefix . "is_admin"] = "N"; $GLOBALS[$prefix . "email"] = ""; $GLOBALS[$prefix . "fullname"] = $PUBLIC_ACCESS_FULLNAME; $GLOBALS[$prefix . "password"] = ""; return true; } // if postnuke is in a separate db, we have to connect to it if ($app_same_db != '1') { $c = dbi_connect($app_host, $app_login, $app_pass, $app_db); } $sql = "SELECT pn_uid, pn_name, pn_uname, pn_email FROM {$pn_user_table} WHERE pn_uname = '{$login}'"; $res = dbi_query($sql); if ($res) { if ($row = dbi_fetch_row($res)) { list($fname, $lname) = split(" ", $row[1]); $GLOBALS[$prefix . "login"] = $login; $GLOBALS[$prefix . "firstname"] = $fname; $GLOBALS[$prefix . "lastname"] = $lname; $GLOBALS[$prefix . "is_admin"] = user_is_admin($row[0], get_admins()); $GLOBALS[$prefix . "email"] = $row[3]; $GLOBALS[$prefix . "fullname"] = $row[1]; } dbi_free_result($res); } else { $error = "Database error: " . dbi_error(); return false; } // if postnuke is in a separate db, we have to connect back to the webcal db if ($app_same_db != '1') { $c = dbi_connect($db_host, $db_login, $db_password, $db_database); } return true; }
function user_load_variables($login, $prefix) { global $error, $ldap_server, $ldap_port, $ldap_base_dn, $ldap_login_attr, $ldap_user_attr; global $ldap_admin_dn, $ldap_admin_pwd, $PUBLIC_ACCESS_FULLNAME, $NONUSER_PREFIX; if ($NONUSER_PREFIX && substr($login, 0, strlen($NONUSER_PREFIX)) == $NONUSER_PREFIX) { nonuser_load_variables($login, $prefix); return true; } if ($login == "__public__") { $GLOBALS[$prefix . "login"] = $login; $GLOBALS[$prefix . "firstname"] = ""; $GLOBALS[$prefix . "lastname"] = ""; $GLOBALS[$prefix . "is_admin"] = "N"; $GLOBALS[$prefix . "email"] = ""; $GLOBALS[$prefix . "fullname"] = $PUBLIC_ACCESS_FULLNAME; $GLOBALS[$prefix . "password"] = ""; return true; } $ret = false; $ds = @ldap_connect($ldap_server, $ldap_port); if ($ds) { if ($ldap_admin_dn != "") { // bind as administrator $r = @ldap_bind($ds, $ldap_admin_dn, $ldap_admin_pwd); } else { $r = @ldap_bind($ds); // bind as anonymous } if (!$r) { $error = "Invalid Admin's login for LDAP Server"; } else { // search for user $sr = @ldap_search($ds, $ldap_base_dn, "({$ldap_login_attr}={$login})", $ldap_user_attr); if (!$sr) { $error = "Error searching LDAP server: " . ldap_error(); } else { $info = @ldap_get_entries($ds, $sr); if ($info["count"] != 1) { $error = translate("Invalid login"); } else { $GLOBALS[$prefix . "login"] = $login; $GLOBALS[$prefix . "firstname"] = $info[0][$ldap_user_attr[2]][0]; $GLOBALS[$prefix . "lastname"] = $info[0][$ldap_user_attr[1]][0]; $GLOBALS[$prefix . "email"] = $info[0][$ldap_user_attr[4]][0]; $GLOBALS[$prefix . "fullname"] = $info[0][$ldap_user_attr[3]][0]; $GLOBALS[$prefix . "is_admin"] = user_is_admin($login, get_admins()); $ret = true; } @ldap_free_result($sr); } } @ldap_close($ds); } else { $error = "Error connecting to LDAP server"; } return $ret; }
function user_load_variables($login, $prefix) { global $error, $ds, $ldap_base_dn, $ldap_login_attr, $ldap_user_attr; global $PUBLIC_ACCESS_FULLNAME, $NONUSER_PREFIX; if ($NONUSER_PREFIX && substr($login, 0, strlen($NONUSER_PREFIX)) == $NONUSER_PREFIX) { nonuser_load_variables($login, $prefix); return true; } if ($login == '__public__') { $GLOBALS[$prefix . 'login'] = $login; $GLOBALS[$prefix . 'firstname'] = ''; $GLOBALS[$prefix . 'lastname'] = ''; $GLOBALS[$prefix . 'is_admin'] = 'N'; $GLOBALS[$prefix . 'email'] = ''; $GLOBALS[$prefix . 'fullname'] = $PUBLIC_ACCESS_FULLNAME; $GLOBALS[$prefix . 'password'] = ''; return true; } $ret = false; if ($r = connect_and_bind()) { $sr = @ldap_search($ds, $ldap_base_dn, "({$ldap_login_attr}={$login})", $ldap_user_attr); if (!$sr) { $error = 'Error searching LDAP server: ' . ldap_error(); } else { $info = @ldap_get_entries($ds, $sr); if ($info['count'] != 1) { $error = 'Invalid login'; } else { $GLOBALS[$prefix . 'login'] = $login; $GLOBALS[$prefix . 'firstname'] = $info[0][$ldap_user_attr[2]][0]; $GLOBALS[$prefix . 'lastname'] = $info[0][$ldap_user_attr[1]][0]; $GLOBALS[$prefix . 'email'] = $info[0][$ldap_user_attr[4]][0]; $GLOBALS[$prefix . 'fullname'] = $info[0][$ldap_user_attr[3]][0]; $GLOBALS[$prefix . 'is_admin'] = user_is_admin($login, get_admins()); $ret = true; } @ldap_free_result($sr); } @ldap_close($ds); } return $ret; }
// Set for use elsewhere as a global. $login = $user; //Error code if ($public_must_be_enabled && $PUBLIC_ACCESS != 'Y') { $error = print_not_auth(21); } if ($allow_user_override) { $u = getValue('user', '[A-Za-z0-9_\\.=@,\\-]+', true); if (!empty($u)) { $login = $user = $u; } // We also set $login since some functions assume that it is set. } load_user_preferences(); user_load_variables($login, 'minical_'); if ($user != '__public__' && !nonuser_load_variables($login, 'minica_')) { die_miserable_death(str_replace('XXX', $login, translate('No such nonuser calendar XXX.'))); } if ($user != '__public__' && (empty($minical_is_public) || $minical_is_public != 'Y')) { die_miserable_death(translate('This Calendar is not Public.')); } $next = mktime(0, 0, 0, $thismonth + 1, 1, $thisyear); $nextmonth = date('m', $next); $nextyear = date('Y', $next); $prev = mktime(0, 0, 0, $thismonth - 1, 1, $thisyear); $prevmonth = date('m', $prev); $prevyear = date('Y', $prev); $boldDays = true; $startdate = mktime(0, 0, 0, $thismonth, 0, $thisyear); $enddate = mktime(23, 59, 59, $thismonth + 1, 0, $thisyear); // Don't display custom header.
echo print_error($error) . ' </body> </html>'; exit; } $add = getValue('add'); $nid = getValue('nid'); // Adding/Editing remote calendar. if (($add == '1' || !empty($nid)) && empty($error)) { $userlist = get_nonuser_cals($login, true); if (empty($nid)) { $id_display = '<input type="text" name="nid" id="nid" size="20" ' . 'maxlength="20" onchange="check_name();" /> ' . translate('word characters only'); $lableStr = translate('Add Remote Calendar'); } else { $nid = clean_html($nid); nonuser_load_variables($nid, 'remotestemp_'); $button = translate('Save'); $buttonAction = 'Save'; $id_display = $nid . ' <input type="hidden" name="nid" id="nid" value="' . $nid . '" />'; $lableStr = translate('Edit Remote Calendar'); $remotestemp_login = substr($remotestemp_login, strlen($NONUSER_PREFIX)); } $button = translate('Add'); $buttonAction = 'Add'; $calIdStr = translate('Calendar ID'); $colorStr = translate('Color'); $confirmStr = str_replace('XXX', translate('entry'), translate('Are you sure you want to delete this XXX?')); $createLayerStr = translate('Create Layer'); $deleteStr = translate('Delete'); $firstNameStr = translate('First Name'); $lastNameStr = translate('Last Name');