function db_error($doExit = false, $sql = '') { global $settings; $ret = str_replace('XXX', dbi_error(), translate('Database error XXX.')) . (!empty($settings['mode']) && $settings['mode'] == 'dev' && !empty($sql) ? '<br />SQL:<br />' . $sql : ''); if ($doExit) { echo $ret; exit; } else { return $ret; } }
function save_pref($prefs, $src) { global $my_theme, $prefuser; while (list($key, $value) = each($prefs)) { if ($src == 'post') { $setting = substr($key, 5); $prefix = substr($key, 0, 5); if ($prefix != 'pref_') { continue; } // validate key name. should start with "pref_" and not include // any unusual characters that might cause SQL injection if (!preg_match('/pref_[A-Za-z0-9_]+$/', $key)) { die_miserable_death(str_replace('XXX', $key, translate('Invalid setting name XXX.'))); } } else { $setting = $key; $prefix = 'pref_'; } //echo "Setting = $setting, key = $key, prefix = $prefix<br />\n"; if (strlen($setting) > 0 && $prefix == 'pref_') { if ($setting == 'THEME' && $value != 'none') { $my_theme = strtolower($value); } $sql = 'DELETE FROM webcal_user_pref WHERE cal_login = ? ' . 'AND cal_setting = ?'; dbi_execute($sql, array($prefuser, $setting)); if (strlen($value) > 0) { $setting = strtoupper($setting); $sql = 'INSERT INTO webcal_user_pref ' . '( cal_login, cal_setting, cal_value ) VALUES ' . '( ?, ?, ? )'; if (!dbi_execute($sql, array($prefuser, $setting, $value))) { $error = 'Unable to update preference: ' . dbi_error() . '<br /><br /><span class="bold">SQL:</span>' . $sql; break; } } } } }
if (!$is_admin) { $error = translate("You are not authorized"); } if ($error == "") { while (list($key, $value) = each($HTTP_POST_VARS)) { $setting = substr($key, 6); if (strlen($setting) > 0) { $sql = "DELETE FROM webcal_config WHERE cal_setting = '{$setting}'"; if (!dbi_query($sql)) { $error = translate("Error") . ": " . dbi_error() . "<P><B>SQL:</B> {$sql}"; break; } if (strlen($value) > 0) { $sql = "INSERT INTO webcal_config " . "( cal_setting, cal_value ) VALUES " . "( '{$setting}', '{$value}' )"; if (!dbi_query($sql)) { $error = translate("Error") . ": " . dbi_error() . "<P><B>SQL:</B> {$sql}"; break; } } } } } if (empty($error)) { if (empty($ovrd)) { do_redirect("admin.php"); } else { do_redirect("admin.php?ovrd={$ovrd}"); } } ?> <HTML>
function convert_server_to_GMT($offset = 0, $cutoffdate = '') { // Default value. $error = translate('Conversion Successful'); // Don't allow $offsets over 24. if (abs($offset) > 24) { $offset = 0; } // Do webcal_entry update. $res = dbi_execute('SELECT cal_date, cal_time, cal_id, cal_duration FROM webcal_entry'); if ($res) { while ($row = dbi_fetch_row($res)) { $cal_date = $row[0]; $cal_time = sprintf("%06d", $row[1]); $cal_id = $row[2]; $cal_duration = $row[3]; // Skip Untimed or All Day events. if ($cal_time == -1 || $cal_time == 0 && $cal_duration == 1440) { continue; } else { $sy = substr($cal_date, 0, 4); $sm = substr($cal_date, 4, 2); $sd = substr($cal_date, 6, 2); $sh = substr($cal_time, 0, 2); $si = substr($cal_time, 2, 2); $ss = substr($cal_time, 4, 2); $new_datetime = empty($offset) ? mktime($sh, $si, $ss, $sm, $sd, $sy) : gmmktime($sh + $offset, $si, $ss, $sm, $sd, $sy); $new_cal_date = gmdate('Ymd', $new_datetime); $new_cal_time = gmdate('His', $new_datetime); $cutoff = !empty($cutoffdate) ? ' AND cal_date <= ?' : ''; // Now update row with new data. if (!dbi_execute('UPDATE webcal_entry SET cal_date = ?, cal_time = ? WHERE cal_id = ?' . $cutoff, array($new_cal_date, $new_cal_time, $cal_id, $cutoffdate))) { return str_replace('XXX', array('webcal_entry', dbi_error()), translate('Error updating table XXX')); } } } dbi_free_result($res); } // Do webcal_entry_logs update. $res = dbi_execute('SELECT cal_date, cal_time, cal_log_id FROM webcal_entry_log'); if ($res) { while ($row = dbi_fetch_row($res)) { $cal_date = $row[0]; $cal_time = sprintf("%06d", $row[1]); $cal_log_id = $row[2]; $sy = substr($cal_date, 0, 4); $sm = substr($cal_date, 4, 2); $sd = substr($cal_date, 6, 2); $sh = substr($cal_time, 0, 2); $si = substr($cal_time, 2, 2); $ss = substr($cal_time, 4, 2); $new_datetime = mktime($sh, $si, $ss, $sm, $sd, $sy); $new_cal_date = gmdate('Ymd', $new_datetime); $new_cal_time = gmdate('His', $new_datetime); // Now update row with new data if (!dbi_execute('UPDATE webcal_entry_log SET cal_date = ?, cal_time = ? WHERE cal_log_id = ?', array($new_cal_date, $new_cal_time, $cal_log_id))) { return str_replace('XXX', array('webcal_entry_log', dbi_error()), translate('Error updating table XXX')); } } dbi_free_result($res); } // Update Conversion Flag in webcal_config. // Delete any existing entry. if (!dbi_execute('DELETE FROM webcal_config WHERE cal_setting = \'WEBCAL_TZ_CONVERSION\'')) { return str_replace('XXX', dbi_error(), translate('Database error XXX.')); } if (!dbi_execute('INSERT INTO webcal_config ( cal_setting, cal_value ) VALUES ( \'WEBCAL_TZ_CONVERSION\', \'Y\' )')) { return str_replace('XXX', dbi_error(), translate('Database error XXX.')); } return $error; }
function import_data($data, $overwrite, $type) { global $login, $count_con, $count_suc, $error_num, $ImportType, $LOG_CREATE; global $single_user, $single_user_login, $allow_conflicts; global $numDeleted, $errormsg; global $calUser, $H2COLOR, $sqlLog; $oldUIDs = array(); $oldIds = array(); $firstEventId = 0; $importId = 1; // Generate a unique import id $res = dbi_query("SELECT MAX(cal_import_id) FROM webcal_import"); if ($res) { if ($row = dbi_fetch_row($res)) { $importId = $row[0] + 1; } dbi_free_result($res); } $sql = "INSERT INTO webcal_import ( cal_import_id, cal_name, " . "cal_date, cal_type, cal_login ) VALUES ( {$importId}, NULL, " . date("Ymd") . ", '{$type}', '{$login}' )"; if (!dbi_query($sql)) { $errormsg = translate("Database error") . ": " . dbi_error(); return; } foreach ($data as $Entry) { $priority = 2; $participants[0] = $calUser; // Some additional date/time info $START = $Entry['StartTime'] > 0 ? localtime($Entry['StartTime']) : 0; $END = $Entry['EndTime'] > 0 ? localtime($Entry['EndTime']) : 0; $Entry['StartMinute'] = sprintf("%02d", $START[1]); $Entry['StartHour'] = sprintf("%02d", $START[2]); $Entry['StartDay'] = sprintf("%02d", $START[3]); $Entry['StartMonth'] = sprintf("%02d", $START[4] + 1); $Entry['StartYear'] = sprintf("%04d", $START[5] + 1900); $Entry['EndMinute'] = sprintf("%02d", $END[1]); $Entry['EndHour'] = sprintf("%02d", $END[2]); $Entry['EndDay'] = sprintf("%02d", $END[3]); $Entry['EndMonth'] = sprintf("%02d", $END[4] + 1); $Entry['EndYear'] = sprintf("%04d", $END[5] + 1900); if ($overwrite && !empty($Entry['UID'])) { $oldUIDs[$Entry['UID']]++; } // Check for untimed if ($Entry['Untimed'] == 1) { $Entry['StartMinute'] = ''; $Entry['StartHour'] = ''; $Entry['EndMinute'] = ''; $Entry['EndHour'] = ''; } // first check for any schedule conflicts if (empty($allow_conflicts) && $Entry['Duration'] != 0) { $date = mktime(0, 0, 0, $Entry['StartMonth'], $Entry['StartDay'], $Entry['StartYear']); $endt = !empty($Entry['Repeat']['EndTime']) ? $Entry['Repeat']['EndTime'] : 'NULL'; $dayst = !empty($Entry['Repeat']['RepeatDays']) ? $Entry['Repeat']['RepeatDays'] : "nnnnnnn"; $ex_days = array(); if (!empty($Entry['Repeat']['Exceptions'])) { foreach ($Entry['Repeat']['Exceptions'] as $ex_date) { $ex_days[] = date("Ymd", $ex_date); } } $dates = get_all_dates($date, RepeatType($Entry['Repeat']['Interval']), $endt, $dayst, $ex_days, $Entry['Repeat']['Frequency']); $overlap = overlap($dates, $Entry['Duration'], $Entry['StartHour'], $Entry['StartMinute'], $participants, $login, 0); } if (empty($error) && !empty($overlap)) { $error = translate("The following conflicts with the suggested time") . ":<ul>{$overlap}</ul>\n"; } if (empty($error)) { $updateMode = false; // See if event already is there from prior import. // The same UID is used for all events imported at once with iCal. // So, we still don't have enough info to find the exact // event we want to replace. We could just delete all // existing events that correspond to the UID. /************************************************************************ Not sure what to do with this code since I don't know how Palm and vCal use the UID stuff yet... if ( ! empty ( $Entry['UID'] ) ) { $res = dbi_query ( "SELECT webcal_import_data.cal_id " . "FROM webcal_import_data, webcal_entry_user " . "WHERE cal_import_type = 'ical' AND " . "webcal_import_data.cal_id = webcal_entry_user.cal_id AND " . "webcal_entry_user.cal_login = '******' AND " . "cal_external_id = '$Entry[UID]'" ); if ( $res ) { if ( $row = dbi_fetch_row ( $res ) ) { if ( ! empty ( $row[0] ) ) { $id = $row[0]; $updateMode = true; // update rather than add a new event } } } } ************************************************************************/ // Add the Event $res = dbi_query("SELECT MAX(cal_id) FROM webcal_entry"); if ($res) { $row = dbi_fetch_row($res); $id = $row[0] + 1; dbi_free_result($res); } else { $id = 1; //$error = "Unable to select MAX cal_id: " . dbi_error () . "<br /><br />\n<b>SQL:</b> $sql"; //break; } if ($firstEventId == 0) { $firstEventId = $id; } $names = array(); $values = array(); $names[] = 'cal_id'; $values[] = "{$id}"; if (!$updateMode) { $names[] = 'cal_create_by'; $values[] = "'{$login}'"; } $names[] = 'cal_date'; $values[] = sprintf("%04d%02d%02d", $Entry['StartYear'], $Entry['StartMonth'], $Entry['StartDay']); $names[] = 'cal_time'; $values[] = $Entry['Untimed'] == 1 ? "-1" : sprintf("%02d%02d00", $Entry['StartHour'], $Entry['StartMinute']); $names[] = 'cal_mod_date'; $values[] = date("Ymd"); $names[] = 'cal_mod_time'; $values[] = date("Gis"); $names[] = 'cal_duration'; $values[] = sprintf("%d", $Entry['Duration']); $names[] = 'cal_priority'; $values[] = $priority; $names[] = 'cal_access'; $values[] = $Entry['Private'] == 1 ? "'R'" : "'P'"; $names[] = 'cal_type'; $values[] = $Entry['Repeat'] ? "'M'" : "'E'"; if (strlen($Entry['Summary']) == 0) { $Entry['Summary'] = translate("Unnamed Event"); } if (strlen($Entry['Description']) == 0) { $Entry['Description'] = $Entry['Summary']; } $Entry['Summary'] = str_replace("\\n", "\n", $Entry['Summary']); $Entry['Summary'] = str_replace("\\'", "'", $Entry['Summary']); $Entry['Summary'] = str_replace("\\\"", "\"", $Entry['Summary']); $Entry['Summary'] = str_replace("'", "\\'", $Entry['Summary']); $names[] = 'cal_name'; $values[] = "'" . $Entry['Summary'] . "'"; $Entry['Description'] = str_replace("\\n", "\n", $Entry['Description']); $Entry['Description'] = str_replace("\\'", "'", $Entry['Description']); $Entry['Description'] = str_replace("\\\"", "\"", $Entry['Description']); $Entry['Description'] = str_replace("'", "\\'", $Entry['Description']); // limit length to 1024 chars since we setup tables that way if (strlen($Entry['Description']) >= 1024) { $Entry['Description'] = substr($Entry['Description'], 0, 1019) . "..."; } $names[] = 'cal_description'; $values[] = "'" . $Entry['Description'] . "'"; //echo "Summary:<p>" . nl2br ( htmlspecialchars ( $Entry['Summary'] ) ) . "</p>"; //echo "Description:<p>" . nl2br ( htmlspecialchars ( $Entry['Description'] ) ) . "</p>"; exit; if ($updateMode) { $sql = "UPDATE webcal_entry SET "; for ($f = 0; $f < count($names); $f++) { if ($f > 0) { $sql .= ", "; } $sql .= $names[$f] . " = " . $values[$f]; } $sql .= " WHERE cal_id = {$id}"; } else { $sql = "INSERT INTO webcal_entry ( " . implode(", ", $names) . " ) VALUES ( " . implode(", ", $values) . " )"; } if (empty($error)) { $sqlLog .= $sql . "<br />\n"; //echo "SQL: $sql <br />\n"; if (!dbi_query($sql)) { $error .= "<p>" . translate("Database error") . ": " . dbi_error() . "</p>\n"; break; } } // log add/update activity_log($id, $login, $login, $updateMode ? $LOG_UPDATE : $LOG_CREATE, "Import from {$ImportType}"); if ($single_user == "Y") { $participants[0] = $single_user_login; } // Now add to webcal_import_data if (!$updateMode) { if ($ImportType == "PALMDESKTOP") { $sql = "INSERT INTO webcal_import_data ( cal_import_id, cal_id, " . "cal_login, cal_import_type, cal_external_id ) VALUES ( " . "{$importId}, {$id}, '{$calUser}', 'palm', '{$Entry['RecordID']}' )"; $sqlLog .= $sql . "<br />\n"; if (!dbi_query($sql)) { $error = translate("Database error") . ": " . dbi_error(); break; } } else { if ($ImportType == "VCAL") { $uid = empty($Entry['UID']) ? "null" : "'{$Entry['UID']}'"; if (strlen($uid) > 200) { $uid = "NULL"; } $sql = "INSERT INTO webcal_import_data ( cal_import_id, cal_id, " . "cal_login, cal_import_type, cal_external_id ) VALUES ( " . "{$importId}, {$id}, '{$calUser}', 'vcal', {$uid} )"; $sqlLog .= $sql . "<br />\n"; if (!dbi_query($sql)) { $error = translate("Database error") . ": " . dbi_error(); break; } } else { if ($ImportType == "ICAL") { $uid = empty($Entry['UID']) ? "null" : "'{$Entry['UID']}'"; if (strlen($uid) > 200) { $uid = "NULL"; } $sql = "INSERT INTO webcal_import_data ( cal_import_id, cal_id, " . "cal_login, cal_import_type, cal_external_id ) VALUES ( " . "{$importId}, {$id}, '{$calUser}', 'ical', {$uid} )"; $sqlLog .= $sql . "<br />\n"; if (!dbi_query($sql)) { $error = translate("Database error") . ": " . dbi_error(); break; } } } } } // Now add participants if (!$updateMode) { $status = $login == "__public__" ? 'W' : 'A'; if (empty($cat_id)) { $cat_id = 'NULL'; } $sql = "INSERT INTO webcal_entry_user " . "( cal_id, cal_login, cal_status, cal_category ) VALUES ( {$id}, '" . $participants[0] . "', '{$status}', {$cat_id} )"; $sqlLog .= $sql . "<br />\n"; if (!dbi_query($sql)) { $error = translate("Database error") . ": " . dbi_error(); break; } } // Add repeating info if ($updateMode) { // remove old repeating info dbi_query("DELETE FROM webcal_entry_repeats WHERE cal_id = {$id}"); dbi_query("DELETE FROM webcal_entry_repeats_not WHERE cal_id = {$id}"); } if (!empty($Entry['Repeat']['Interval'])) { //while ( list($k,$v) = each ( $Entry['Repeat'] ) ) { // echo "$k: $v <br />\n"; //} $rpt_type = RepeatType($Entry['Repeat']['Interval']); $freq = $Entry['Repeat']['Frequency'] ? $Entry['Repeat']['Frequency'] : 1; if (strlen($Entry['Repeat']['EndTime'])) { $REND = localtime($Entry['Repeat']['EndTime']); $end = sprintf("%04d%02d%02d", $REND[5] + 1900, $REND[4] + 1, $REND[3]); } else { $end = 'NULL'; } $days = !empty($Entry['Repeat']['RepeatDays']) ? "'" . $Entry['Repeat']['RepeatDays'] . "'" : 'NULL'; $sql = "INSERT INTO webcal_entry_repeats ( cal_id, " . "cal_type, cal_end, cal_days, cal_frequency ) VALUES " . "( {$id}, '{$rpt_type}', {$end}, {$days}, {$freq} )"; $sqlLog .= $sql . "<br />\n"; if (!dbi_query($sql)) { $error = "Unable to add to webcal_entry_repeats: " . dbi_error() . "<br /><br />\n<b>SQL:</b> {$sql}"; break; } // Repeating Exceptions... if (!empty($Entry['Repeat']['Exceptions'])) { foreach ($Entry['Repeat']['Exceptions'] as $ex_date) { $ex_date = date("Ymd", $ex_date); $sql = "INSERT INTO webcal_entry_repeats_not ( cal_id, cal_date ) VALUES ( {$id}, {$ex_date} )"; $sqlLog .= $sql . "<br />\n"; if (!dbi_query($sql)) { $error = "Unable to add to webcal_entry_repeats_not: " . dbi_error() . "<br /><br />\n<b>SQL:</b> {$sql}"; break; } } } } // End Repeat // Add Alarm info -> site_extras if ($updateMode) { dbi_query("DELETE FROM webcal_site_extras WHERE cal_id = {$id}"); } if ($Entry['AlarmSet'] == 1) { $RM = $Entry['AlarmAdvanceAmount']; if ($Entry['AlarmAdvanceType'] == 1) { $RM = $RM * 60; } if ($Entry['AlarmAdvanceType'] == 2) { $RM = $RM * 60 * 24; } $sql = "INSERT INTO webcal_site_extras ( cal_id, " . "cal_name, cal_type, cal_remind, cal_data ) VALUES " . "( {$id}, 'Reminder', 7, 1, {$RM} )"; $sqlLog .= $sql . "<br />\n"; if (!dbi_query($sql)) { $error = translate("Database error") . ": " . dbi_error(); } } } if (!empty($error) && empty($overlap)) { $error_num++; echo "<h2>" . translate("Error") . "</h2>\n<blockquote>\n"; echo $error . "</blockquote>\n<br />\n"; } // Conflicting if (!empty($overlap)) { echo "<b><h2>" . translate("Scheduling Conflict") . ": "; $count_con++; echo "</h2></b>"; if ($Entry['Duration'] > 0) { $time = display_time($Entry['StartHour'] . $Entry['StartMinute'] . "00") . " - " . display_time($Entry['EndHour'] . $Entry['EndMinute'] . "00"); } $dd = $Entry['StartMonth'] . "-" . $Entry['StartDay'] . "-" . $Entry['StartYear']; echo "<a class=\"entry\" href=\"view_entry.php?id={$id}"; echo "\" onmouseover=\"window.status='" . translate("View this entry") . "'; return true;\" onmouseout=\"window.status=''; return true;\">"; $Entry['Summary'] = str_replace("''", "'", $Entry['Summary']); $Entry['Summary'] = str_replace("'", "\\'", $Entry['Summary']); echo htmlspecialchars($Entry['Summary']); echo "</a> (" . $dd; $time = trim($time); if (!empty($time)) { echo " " . $time; } echo ")<br />\n"; etranslate("conflicts with the following existing calendar entries"); echo ":<ul>\n" . $overlap . "</ul>\n"; } else { // No Conflict echo "<b><h2>" . translate("Event Imported") . ":</h2></b>\n"; $count_suc++; if ($Entry['Duration'] > 0) { $time = display_time($Entry['StartHour'] . $Entry['StartMinute'] . "00") . " - " . display_time($Entry['EndHour'] . $Entry['EndMinute'] . "00"); } $dateYmd = sprintf("%04d%02d%02d", $Entry['StartYear'], $Entry['StartMonth'], $Entry['StartDay']); $dd = date_to_str($dateYmd); echo "<a class=\"entry\" href=\"view_entry.php?id={$id}"; echo "\" onmouseover=\"window.status='" . translate("View this entry") . "'; return true;\" onmouseout=\"window.status=''; return true;\">"; $Entry['Summary'] = str_replace("''", "'", $Entry['Summary']); $Entry['Summary'] = str_replace("\\", "", $Entry['Summary']); echo htmlspecialchars($Entry['Summary']); echo "</a> (" . $dd; if (!empty($time)) { echo " " . $time; } echo ")<br />\n"; } // Reset Variables $overlap = $error = $dd = $time = ''; } // Mark old events from prior import as deleted. if ($overwrite && count($oldUIDs) > 0) { // We could do this with a single SQL using sub-select, but // I'm pretty sure MySQL does not support it. $old = array_keys($oldUIDs); for ($i = 0; $i < count($old); $i++) { $sql = "SELECT cal_id FROM webcal_import_data WHERE " . "cal_import_type = '{$type}' AND " . "cal_external_id = '{$old[$i]}' AND " . "cal_login = '******' AND " . "cal_id < {$firstEventId}"; $res = dbi_query($sql); if ($res) { while ($row = dbi_fetch_row($res)) { $oldIds[] = $row[0]; } dbi_free_result($res); } else { echo translate("Database error") . ": " . dbi_error() . "<br />\n"; } } for ($i = 0; $i < count($oldIds); $i++) { $sql = "UPDATE webcal_entry_user SET cal_status = 'D' " . "WHERE cal_id = {$oldIds[$i]}"; $sqlLog .= $sql . "<br />\n"; dbi_query($sql); $numDeleted++; } } //echo "<b>SQL:</b><br />\n$sqlLog\n"; }
/** * Add a new user. * * @param string $user User login * @param string $password User password * @param string $firstname User first name * @param string $lastname User last name * @param string $email User email address * @param string $admin Is the user an administrator? ('Y' or 'N') * * @return bool True on success * * @global string Error message */ function user_add_user($user, $password, $firstname, $lastname, $email, $admin, $enabled = 'Y') { global $error; if ($user == '__public__') { $error = translate('Invalid user login', true); return false; } if (strlen($email)) { $uemail = $email; } else { $uemail = NULL; } if (strlen($firstname)) { $ufirstname = $firstname; } else { $ufirstname = NULL; } if (strlen($lastname)) { $ulastname = $lastname; } else { $ulastname = NULL; } if (strlen($password)) { $upassword = md5($password); } else { $upassword = NULL; } if ($admin != 'Y') { $admin = 'N'; } $sql = 'INSERT INTO webcal_user ( cal_login, cal_lastname, cal_firstname, cal_is_admin, cal_passwd, cal_email, cal_enabled ) VALUES ( ?, ?, ?, ?, ?, ? )'; if (!dbi_execute($sql, array($user, $ulastname, $ufirstname, $admin, $upassword, $uemail, $enabled))) { $error = translate('Database error', true) . ': ' . dbi_error(); return false; } return true; }
function dbtable_update($tablear, $tablename, $valuesar) { global $error; $sql = "UPDATE " . $tablename . " SET"; if (!is_array($tablear)) { echo "Error: dbtable_update parameter 1 is not an array!<br />\n"; exit; } if (!is_array($valuesar)) { echo "Error: dbtable_update parameter 3 is not an array!<br />\n"; exit; } $first = 1; for ($i = 0; $i < count($tablear); $i++) { if (!empty($tablear[$i]["iskey"])) { continue; } if ($first) { $first = 0; } else { $sql .= ", "; } if (empty($tablear[$i]["name"])) { echo "Error: dbtable_update {$tablename} field {$i} does not define name.\n"; exit; } $sql .= " " . $tablear[$i]["name"] . " = "; if (empty($valuesar[$i])) { $sql .= "NULL"; } else { if ($tablear[$i]["type"] == "int" || $tablear[$i]["type"] == "date") { $sql .= $valuesar[$i]; } else { $sql .= "'" . $valuesar[$i] . "'"; } } } $sql .= " WHERE"; $first = 1; for ($i = 0; $i < count($tablear); $i++) { if (empty($tablear[$i]["iskey"])) { continue; } if ($first) { $first = 0; } else { $sql .= " AND"; } if (empty($valuesar[$i])) { echo "Error: you must set field {$i} (" . $tablear[$i]["name"] . ") by hand. Cannot be empty."; exit; } $sql .= " " . $tablear[$i]["name"] . " = '" . $valuesar[$i] . "'"; } //echo "SQL: $sql <p>\n"; if (!dbi_query($sql)) { // Shouldn't happen... complain if it does. $error = translate("Database error") . ": " . dbi_error(); return false; } return true; }
$db_persistent = false; $db_type = getGetValue('db_type'); $db_host = getGetValue('db_host'); $db_database = getGetValue('db_database'); $db_login = getGetValue('db_login'); $db_password = getGetValue('db_password'); echo "<html><head><title>WebCalendar: Db Connection Test</title>\n" . "</head><body style=\"background-color: #fff;\">\n"; echo "<p><b>Connection Result:</b></p><blockquote>"; $c = dbi_connect($db_host, $db_login, $db_password, $db_database); if ($c) { echo "<span style=\"color: #0f0;\">Success</span></blockquote>"; $_SESSION['db_success'] = true; // TODO: update the text in the main window to indicate success } else { echo "<span style=\"color: #0f0;\">Failure</span</blockquote>"; echo "<br/><br/><b>Reason:</b><blockquote>" . dbi_error() . "</blockquote>\n"; } echo "<br/><br/><br/><div align=\"center\"><form><input align=\"middle\" type=\"button\" onclick=\"window.close()\" value=\"Close\" /></form></div>\n"; echo "</p>"; echo "<script language=\"JavaScript\" type=\"text/javascript\">\n"; echo "<!-- <![CDATA[\n"; echo "window.opener.show_db_status ( " . ($c ? "true" : "false") . " );\n"; echo "//]]> -->\n</script>\n"; echo "</body></html>\n"; } else { // Not valid user echo "You are not authorized."; // etranslate ( "You are not authorized" ); } exit; }
function save_pref($prefs, $src) { global $error, $my_theme, $prad; if (!$prad) { global $prefuser; } $pos = $prad ? 6 : 5; while (list($key, $value) = each($prefs)) { if ($src == 'post') { $prefix = substr($key, 0, $pos); $setting = substr($key, $pos); if (!$prad && $prefix != 'pref_' || $prad && $key == 'currenttab') { continue; } // . // Validate key name. // If $prad not true, should start with "pref_" // else should start with "admin_", // and not include any unusual characters that might be an SQL injection attack. if (!$prad && !preg_match('/pref_[A-Za-z0-9_]+$/', $key) || $prad && !preg_match('/admin_[A-Za-z0-9_]+$/', $key)) { die_miserable_death(str_replace('XXX', $key, translate('Invalid setting name XXX.'))); } } else { $prefix = $prad ? 'admin_' : 'pref_'; $setting = $key; } if (strlen($setting) > 0 && $prefix == 'pref_' || $prefix == 'admin_') { if ($setting == 'THEME' && $value != 'none') { $my_theme = strtolower($value); } if ($prad) { $setting = strtoupper($setting); $sql = 'DELETE FROM webcal_config WHERE cal_setting = ?'; if (!dbi_execute($sql, array($setting))) { $error = db_error(false, $sql); break; } if (strlen($value) > 0) { $sql = 'INSERT INTO webcal_config ( cal_setting, cal_value ) VALUES ( ?, ? )'; if (!dbi_execute($sql, array($setting, $value))) { $error = db_error(false, $sql); break; } } } else { dbi_execute('DELETE FROM webcal_user_pref WHERE cal_login = ? AND cal_setting = ?', array($prefuser, $setting)); if (strlen($value) > 0) { $setting = strtoupper($setting); $sql = 'INSERT INTO webcal_user_pref ( cal_login, cal_setting, cal_value ) VALUES ( ?, ?, ? )'; if (!dbi_execute($sql, array($prefuser, $setting, $value))) { $error = 'Unable to update preference: ' . dbi_error() . '<br /><br /><span class="bold">SQL:</span>' . $sql; break; } } } } } // Reload preferences so any CSS changes will take effect. load_global_settings(); load_user_preferences(); }
} // First, look at the passwords. If we find and md5 hash in there, // (it will have 32 chars instead of < 25 like in the old version), // then we know this script was already run. $sql = "SELECT cal_passwd FROM webcal_user"; $res = dbi_query($sql); $doneBefore = false; if ($res) { if ($row = dbi_fetch_row($res)) { if (strlen($row[0]) > 30) { $doneBefore = true; } } dbi_free_result($res); } else { echo "Database error: " . dbi_error(); exit; } if ($doneBefore) { echo "Passwords were already converted to md5!\n<br />\n"; exit; } // See if webcal_user.cal_passwd will allow 32 characters $sql = "DESC webcal_user"; $res = dbi_query($sql); while ($row = dbi_fetch_row($res)) { if ($row[Field] == 'cal_passwd') { preg_match("/([0-9]+)/", $row[Type], $match); if ($match[1] < 32) { $sql = "ALTER TABLE webcal_user MODIFY cal_passwd VARCHAR(32) NULL"; // Use the following on older MySQL versions
$session_not_found = true; } else { // Check for cookie... if (!empty($webcalendar_session)) { $encoded_login = $webcalendar_session; if (empty($encoded_login)) { // invalid session cookie $session_not_found = true; } else { $login_pw = split('\\|', decode_string($encoded_login)); $login = $login_pw[0]; $cryptpw = $login_pw[1]; // make sure we are connected to the database for password check $c = dbi_connect($db_host, $db_login, $db_password, $db_database); if (!$c) { echo "Error connecting to database:<BLOCKQUOTE>" . dbi_error() . "</BLOCKQUOTE>\n"; exit; } if (!user_valid_crypt($login, $cryptpw)) { do_debug("User not logged in; redirecting to login page"); if (empty($login_return_path)) { do_redirect("login.php"); } else { do_redirect("login.php?return_path={$login_return_path}"); } } do_debug("Decoded login from cookie: {$login}"); } } } }
// a valid login. if ($single_user == 'Y') { if (empty($single_user_login)) { echo "<html><head><title>Setup error</title>\n" . "</head>\n<body><h2>Setup error</h2><p>" . "You have not defined <tt>single_user_login</tt> in " . "<tt>includes/settings.php</tt></p></body></html>\n"; exit; } $res = dbi_query("SELECT COUNT(*) FROM webcal_user " . "WHERE cal_login = '******'"); if (!$res) { echo "Database error: " . dbi_error(); exit; } $row = dbi_fetch_row($res); if ($row[0] == 0) { // User specified as single_user_login does not exist if (!dbi_query("INSERT INTO webcal_user ( cal_login, " . "cal_passwd, cal_is_admin ) VALUES ( '{$single_user_login}', " . "'" . md5($single_user_login) . "', 'Y' )")) { echo "<b>Error:</b> user <tt>{$single_user_login}</tt> does not " . "exist in webcal_user table and was not able to add it for you:<br />" . dbi_error(); exit; } // User was added... should we tell them? } dbi_free_result($res); } // global settings have not been loaded yet, so check for public_access now $res = dbi_query("SELECT cal_value FROM webcal_config " . "WHERE cal_setting = 'public_access'"); $pub_acc_enabled = false; if ($res) { if ($row = dbi_fetch_row($res)) { if ($row[0] == "Y") { $pub_acc_enabled = true; } }
function user_is_participant($id, $user) { $ret = false; $rows = dbi_get_cached_rows('SELECT COUNT( cal_id ) FROM webcal_entry_user WHERE cal_id = ? AND cal_login = ? AND cal_status IN ( \'A\',\'W\' )', array($id, $user)); if (!$rows) { die_miserable_death(str_replace('XXX', dbi_error(), translate('Database error XXX.'))); } if (!empty($rows[0])) { $row = $rows[0]; if (!empty($row)) { $ret = $row[0] > 0; } } return $ret; }
function dbi_query($sql) { if (strcmp($GLOBALS["db_type"], "mysql") == 0) { $res = mysql_query($sql); if (!$res) { dbi_fatal_error("Error executing query: " . dbi_error() . "\n\n<P>\n" . $sql); } return $res; } else { if (strcmp($GLOBALS["db_type"], "oracle") == 0) { $GLOBALS["oracle_statement"] = OCIParse($GLOBALS["oracle_connection"], $sql); return OCIExecute($GLOBALS["oracle_statement"], OCI_COMMIT_ON_SUCCESS); } else { if (strcmp($GLOBALS["db_type"], "postgresql") == 0) { $GLOBALS["postgresql_row"] = 0; $GLOBALS["postgresql_row"] = 0; $res = pg_exec($GLOBALS["postgresql_connection"], $sql); if (!$res) { dbi_fatal_error("Error executing query: " . dbi_error() . "\n\n<P>\n" . $sql); } $GLOBALS["postgresql_numrows"] = pg_numrows($res); return $res; } else { if (strcmp($GLOBALS["db_type"], "odbc") == 0) { return odbc_exec($GLOBALS["odbc_connection"], $sql); } else { if (strcmp($GLOBALS["db_type"], "ibase") == 0) { $res = ibase_query($sql); if (!$res) { dbi_fatal_error("Error executing query: " . dbi_error() . "\n\n<P>\n" . $sql); } return $res; } else { dbi_fatal_error("dbi_query(): db_type not defined."); } } } } } }
/** * Check to see if a given login/crypted password is valid. * * If invalid, the error message will be placed in $error. * * @param string $login User login * @param string $crypt_password Encrypted user password * * @return bool True on success * * @global string Error message */ function user_valid_crypt($login, $crypt_password) { global $error; $ret = false; $sql = 'SELECT cal_login, cal_passwd FROM webcal_user WHERE cal_login = ?'; $res = dbi_execute($sql, array($login)); if ($res) { $row = dbi_fetch_row($res); if ($row && $row[0] != '') { // MySQL seems to do case insensitive matching, so double-check // the login. // also check if password matches if ($row[0] == $login && crypt($row[1], $crypt_password) == $crypt_password) { $ret = true; } else { $error = 'Invalid login'; } } else { $error = 'Invalid login'; } dbi_free_result($res); } else { $error = 'Database error: ' . dbi_error(); } return $ret; }
if (strlen($ext_emails[$ext_count]) && empty($ext_names[$ext_count])) { $ext_names[$ext_count] = $ext_emails[$ext_count]; } $ext_count++; } } } } // Send notification if enabled. if (is_array($ext_names) && is_array($ext_emails)) { $ext_namescnt = count($ext_names); for ($i = 0; $i < $ext_namescnt; $i++) { if (strlen($ext_names[$i])) { if (!dbi_execute('INSERT INTO webcal_entry_ext_user ( cal_id, cal_fullname, cal_email ) VALUES ( ?, ?, ? )', array($id, $ext_names[$i], strlen($ext_emails[$i]) ? $ext_emails[$i] : null))) { $error = $dberror . dbi_error(); } // Send mail notification if enabled. // TODO: Move this code into a function... if ($EXTERNAL_NOTIFICATIONS == 'Y' && $SEND_EMAIL != 'N' && strlen($ext_emails[$i]) > 0) { if (!$newevent && isset($EXTERNAL_UPDATES) && $EXTERNAL_UPDATES == 'Y' || $newevent) { $fmtdate = $timetype == 'T' ? date('Ymd', $eventstart) : gmdate('Ymd', $eventstart); // Strip [\d] from duplicate Names before emailing. $ext_names[$i] = trim(preg_replace('/\\[[\\d]]/', '', $ext_names[$i])); $msg = str_replace('XXX', $ext_names[$i], $helloStr) . "\n\n" . str_replace('XXX', $login_fullname, $newevent ? $newAppStr : $updAppStr) . "\n" . str_replace('XXX', $name, $subjStr) . "\n\n" . str_replace('XXX', $description, $descStr) . "\n\n" . str_replace('XXX', date_to_str($fmtdate), $dateStr) . "\n" . ($timetype == 'T' ? str_replace('XXX', display_time('', !empty($GENERAL_USE_GMT) && $GENERAL_USE_GMT == 'Y' ? 3 : 6, $eventstart), $timeStr) : '') . $extra_email_data; // Don't send HTML to external adresses. // Always attach iCalendar file to external users $mail->WC_Send($login_fullname, $ext_emails[$i], $ext_names[$i], $name, $msg, 'N', $from, $id); } } }
$setting = substr($key, 6); // validate key name. should start with "admin_" and not include // any unusual characters that might cause SQL injection if (!preg_match('/admin_[A-Za-z0-9_]+$/', $key)) { die_miserable_death('Invalid admin setting name "' . $key . '"'); } if (strlen($setting) > 0) { $sql = "DELETE FROM webcal_config WHERE cal_setting = '{$setting}'"; if (!dbi_query($sql)) { $error = translate("Error") . ": " . dbi_error() . "<br /><br /><span style=\"font-weight:bold;\">SQL:</span> {$sql}"; break; } if (strlen($value) > 0) { $sql = "INSERT INTO webcal_config " . "( cal_setting, cal_value ) VALUES " . "( '{$setting}', '{$value}' )"; if (!dbi_query($sql)) { $error = translate("Error") . ": " . dbi_error() . "<br /><br /><span style=\"font-weight:bold;\">SQL:</span> {$sql}"; break; } } } } } if (empty($error)) { if (empty($ovrd)) { do_redirect("admin.php"); } else { do_redirect("admin.php?ovrd={$ovrd}"); } } print_header(); ?>
// If we are in single user mode, make sure that the login selected is // a valid login. if ($single_user == 'Y') { if (empty($single_user_login)) { die_miserable_death("You have not defined <tt>single_user_login</tt> in " . "<tt>includes/settings.php</tt>"); } $res = dbi_query("SELECT COUNT(*) FROM webcal_user " . "WHERE cal_login = '******'"); if (!$res) { echo "Database error: " . dbi_error(); exit; } $row = dbi_fetch_row($res); if ($row[0] == 0) { // User specified as single_user_login does not exist if (!dbi_query("INSERT INTO webcal_user ( cal_login, " . "cal_passwd, cal_is_admin ) VALUES ( '{$single_user_login}', " . "'" . md5($single_user_login) . "', 'Y' )")) { die_miserable_death("User <tt>{$single_user_login}</tt> does not " . "exist in <tt>webcal_user</tt> table and was not able to add " . "it for you:<br /><blockquote>" . dbi_error() . "</blockquote>"); } // User was added... should we tell them? } dbi_free_result($res); } // global settings have not been loaded yet, so check for public_access now $res = dbi_query("SELECT cal_value FROM webcal_config " . "WHERE cal_setting = 'public_access'"); $pub_acc_enabled = false; if ($res) { if ($row = dbi_fetch_row($res)) { if ($row[0] == "Y") { $pub_acc_enabled = true; } } dbi_free_result($res);
} else { $app_user = $is_assistant || $is_nonuser_admin ? $user : $login; } if (empty($error) && $id > 0) { if (!dbi_query("UPDATE webcal_entry_user SET cal_status = 'R' " . "WHERE cal_login = '******' AND cal_id = {$id}")) { $error = translate("Error approving event") . ": " . dbi_error(); } else { activity_log($id, $login, $app_user, $LOG_REJECT, ""); } // Update any extension events related to this one. $res = dbi_query("SELECT cal_id FROM webcal_entry " . "WHERE cal_ext_for_id = {$id}"); if ($res) { if ($row = dbi_fetch_row($res)) { $ext_id = $row[0]; if (!dbi_query("UPDATE webcal_entry_user SET cal_status = 'R' " . "WHERE cal_login = '******' AND cal_id = {$ext_id}")) { $error = translate("Error approving event") . ": " . dbi_error(); } } dbi_free_result($res); } // Email participants to notify that it was rejected. // Get list of participants $sql = "SELECT cal_login FROM webcal_entry_user WHERE cal_id = {$id} and cal_status = 'A'"; //echo $sql."<br />"; $res = dbi_query($sql); if ($res) { while ($row = dbi_fetch_row($res)) { $partlogin[] = $row[0]; } dbi_free_result($res); }
} $updating_public = false; if ($is_admin && !empty($public) && $public_access == "Y") { $updating_public = true; $layer_user = "******"; $url = 'layers.php?public=1'; } else { $layer_user = $login; $url = 'layers.php'; } $sql = "DELETE FROM webcal_user_pref WHERE cal_login = '******' " . "AND cal_setting = 'LAYERS_STATUS'"; dbi_query($sql); $value = $status == "off" ? "N" : "Y"; $sql = "INSERT INTO webcal_user_pref " . "( cal_login, cal_setting, cal_value ) VALUES " . "( '{$layer_user}', 'LAYERS_STATUS', '{$value}' )"; if (!dbi_query($sql)) { $error = "Unable to update preference: " . dbi_error() . "<br /><br /><span style=\"font-weight:bold;\">SQL:</span> {$sql}"; break; } if (empty($error)) { do_redirect($url); } print_header(); ?> <h2><?php etranslate("Error"); ?> </h2> <?php etranslate("The following error occurred");
function user_update_user_password($user, $password) { global $error; $sql = "UPDATE webcal_user SET cal_passwd = '" . md5($password) . "' " . "WHERE cal_login = '******'"; if (!dbi_query($sql)) { $error = translate("Database error") . ": " . dbi_error(); return false; } return true; }
function check_for_conflicts($dates, $duration, $hour, $minute, $participants, $login, $id) { global $single_user_login, $single_user; global $repeated_events, $limit_appts, $limit_appts_number; if (!count($dates)) { return false; } $evtcnt = array(); $sql = "SELECT distinct webcal_entry_user.cal_login, webcal_entry.cal_time," . "webcal_entry.cal_duration, webcal_entry.cal_name, " . "webcal_entry.cal_id, webcal_entry.cal_ext_for_id, " . "webcal_entry.cal_access, " . "webcal_entry_user.cal_status, webcal_entry.cal_date " . "FROM webcal_entry, webcal_entry_user " . "WHERE webcal_entry.cal_id = webcal_entry_user.cal_id " . "AND ("; for ($x = 0; $x < count($dates); $x++) { if ($x != 0) { $sql .= " OR "; } $sql .= "webcal_entry.cal_date = " . date("Ymd", $dates[$x]); } $sql .= ") AND webcal_entry.cal_time >= 0 " . "AND webcal_entry_user.cal_status IN ('A','W') AND ( "; if ($single_user == "Y") { $participants[0] = $single_user_login; } else { if (strlen($participants[0]) == 0) { // likely called from a form with 1 user $participants[0] = $login; } } for ($i = 0; $i < count($participants); $i++) { if ($i > 0) { $sql .= " OR "; } $sql .= " webcal_entry_user.cal_login = '******'"; } $sql .= " )"; // make sure we don't get something past the end date of the // event we are saving. //echo "SQL: $sql<P>"; $conflicts = ""; $res = dbi_query($sql); $found = array(); $count = 0; if ($res) { $time1 = sprintf("%d%02d00", $hour, $minute); $duration1 = sprintf("%d", $duration); while ($row = dbi_fetch_row($res)) { //Add to an array to see if it has been found already for the next part. $found[$count++] = $row[4]; // see if either event overlaps one another if ($row[4] != $id && (empty($row[5]) || $row[5] != $id)) { $time2 = $row[1]; $duration2 = $row[2]; $cntkey = $user . "-" . $row[8]; $evtcnt[$cntkey]++; $over_limit = 0; if ($limit_appts == "Y" && $limit_appts_number > 0 && $evtcnt[$cntkey] >= $limit_appts_number) { $over_limit = 1; } if ($over_limit || times_overlap($time1, $duration1, $time2, $duration2)) { $conflicts .= "<LI>"; if ($single_user == "Y") { $conflicts .= "{$row['0']}: "; } if ($row[6] == 'R' && $row[0] != $login) { $conflicts .= "(" . translate("Private") . ")"; } else { $conflicts .= "<A HREF=\"view_entry.php?id={$row['4']}"; if ($user != $login) { $conflicts .= "&user={$user}"; } $conflicts .= "\">{$row['3']}</A>"; } if ($duration2 == 24 * 60) { $conflicts .= " (" . translate("All day event") . ")"; } else { $conflicts .= " (" . display_time($time2); if ($duration2 > 0) { $conflicts .= "-" . display_time(add_duration($time2, $duration2)); } $conflicts .= ")"; } $conflicts .= " on " . date_to_str($row[8]); if ($over_limit) { $tmp = translate("exceeds limit of XXX events per day"); $tmp = str_replace("XXX", $limit_appts_number, $tmp); $conflicts .= " (" . $tmp . ")"; } } } } dbi_free_result($res); } else { echo translate("Database error") . ": " . dbi_error(); exit; } //echo "<br>hello"; for ($q = 0; $q < count($participants); $q++) { $time1 = sprintf("%d%02d00", $hour, $minute); $duration1 = sprintf("%d", $duration); //This date filter is not necessary for functional reasons, but it eliminates some of the //events that couldn't possibly match. This could be made much more complex to put more //of the searching work onto the database server, or it could be dropped all together to put //the searching work onto the client. $date_filter = "AND (webcal_entry.cal_date <= " . date("Ymd", $dates[count($dates) - 1]); $date_filter .= " AND (webcal_entry_repeats.cal_end IS NULL OR webcal_entry_repeats.cal_end >= " . date("Ymd", $dates[0]) . "))"; //Read repeated events for the participants only once for a participant for //for performance reasons. $repeated_events = query_events($participants[$q], true, $date_filter); //for ($dd=0; $dd<count($repeated_events); $dd++) { // echo $repeated_events[$dd]['cal_id'] . "<BR>"; //} for ($i = 0; $i < count($dates); $i++) { $dateYmd = date("Ymd", $dates[$i]); $list = get_repeating_entries($participants[$q], $dateYmd); $thisyear = substr($dateYmd, 0, 4); $thismonth = substr($dateYmd, 4, 2); for ($j = 0; $j < count($list); $j++) { //okay we've narrowed it down to a day, now I just gotta check the time... //I hope this is right... $row = $list[$j]; if ($row['cal_id'] != $id && $row['cal_ext_for_id'] != $id) { $time2 = $row['cal_time']; $duration2 = $row['cal_duration']; if (times_overlap($time1, $duration1, $time2, $duration2)) { $conflicts .= "<LI>"; if ($single_user != "Y") { $conflicts .= $row['cal_login'] . ": "; } if ($row['cal_access'] == 'R' && $row['cal_login'] != $login) { $conflicts .= "(" . translate("Private") . ")"; } else { $conflicts .= "<A HREF=\"view_entry.php?id=" . $row['cal_id']; if ($user != $login) { $conflicts .= "&user={$user}"; } $conflicts .= "\">" . $row['cal_name'] . "</A>"; } $conflicts .= " (" . display_time($time2); if ($duration2 > 0) { $conflicts .= "-" . display_time(add_duration($time2, $duration2)); } $conflicts .= ")"; $conflicts .= " on " . date("l, F j, Y", $dates[$i]); } } } } } return $conflicts; }
// points to the base WebCalendar directory relative to // current working directory $includedir = "../includes"; include "{$includedir}/config.php"; include "{$includedir}/php-dbi.php"; include "{$includedir}/functions.php"; include "{$includedir}/{$user_inc}"; include "{$includedir}/site_extras.php"; $debug = false; // set to true to print debug info... $only_testing = false; // act like we're sending, but don't send -- for debugging // Establish a database connection. $c = dbi_connect($db_host, $db_login, $db_password, $db_database); if (!$c) { echo "Error connecting to database: " . dbi_error(); exit; } load_global_settings(); include "{$includedir}/translate.php"; if ($debug) { echo "<br />\n"; } // Get a list of people who have asked not to receive email $res = dbi_query("SELECT cal_login FROM webcal_user_pref " . "WHERE cal_setting = 'EMAIL_REMINDER' " . "AND cal_value = 'N'"); $noemail = array(); if ($res) { while ($row = dbi_fetch_row($res)) { $user = $row[0]; $noemail[$user] = 1; if ($debug) {
/** * Executes a SQL query. * * <b>Note:</b> Use the {@link dbi_error()} function to get error information * if the connection fails. * * @param string $sql SQL of query to execute * @param bool $fatalOnError Abort execution if there is a database error? * @param bool $showError Display error to user (including possibly the * SQL) if there is a database error? * * @return mixed The query result resource on queries (which can then be * passed to the {@link dbi_fetch_row()} function to obtain the * results), or true/false on insert or delete queries. */ function dbi_query($sql, $fatalOnError = true, $showError = true) { global $phpdbiVerbose; if (strcmp($GLOBALS["db_type"], "mysql") == 0) { $res = mysql_query($sql); if (!$res) { dbi_fatal_error("Error executing query." . $phpdbiVerbose ? dbi_error() . "\n\n<br />\n" . $sql : "" . "", $fatalOnError, $showError); } return $res; } else { if (strcmp($GLOBALS["db_type"], "mysqli") == 0) { $res = mysqli_query($GLOBALS["db_connection"], $sql); if (!$res) { dbi_fatal_error("Error executing query." . $phpdbiVerbose ? dbi_error() . "\n\n<br />\n" . $sql : "" . "", $fatalOnError, $showError); } return $res; } else { if (strcmp($GLOBALS["db_type"], "mssql") == 0) { $res = mssql_query($sql); if (!$res) { dbi_fatal_error("Error executing query." . $phpdbiVerbose ? dbi_error() . "\n\n<br />\n" . $sql : "" . "", $fatalOnError, $showError); } return $res; } else { if (strcmp($GLOBALS["db_type"], "oracle") == 0) { $GLOBALS["oracle_statement"] = OCIParse($GLOBALS["oracle_connection"], $sql); return OCIExecute($GLOBALS["oracle_statement"], OCI_COMMIT_ON_SUCCESS); } else { if (strcmp($GLOBALS["db_type"], "postgresql") == 0) { @($GLOBALS["postgresql_row[\"{$res}\"]"] = 0); $res = pg_exec($GLOBALS["postgresql_connection"], $sql); if (!$res) { dbi_fatal_error("Error executing query." . $phpdbiVerbose ? dbi_error() . "\n\n<br />\n" . $sql : "" . "", $fatalOnError, $showError); } $GLOBALS["postgresql_numrows[\"{$res}\"]"] = pg_numrows($res); return $res; } else { if (strcmp($GLOBALS["db_type"], "odbc") == 0) { return odbc_exec($GLOBALS["odbc_connection"], $sql); } else { if (strcmp($GLOBALS["db_type"], "ibm_db2") == 0) { $res = db2_exec($GLOBALS["ibm_db2_connection"], $sql); if (!$res) { dbi_fatal_error("Error executing query." . $phpdbiVerbose ? dbi_error() . "\n\n<br />\n" . $sql : "" . "", $fatalOnError, $showError); } return $res; } else { if (strcmp($GLOBALS["db_type"], "ibase") == 0) { $res = ibase_query($sql); if (!$res) { dbi_fatal_error("Error executing query." . $phpdbiVerbose ? dbi_error() . "\n\n<br />\n" . $sql : "" . "", $fatalOnError, $showError); } return $res; } else { dbi_fatal_error("dbi_query(): db_type not defined."); } } } } } } } } }
if ($row[0] == $id) { $is_my_event = true; echo "Event # " . $id . " is already on your calendar."; exit; } dbi_free_result($res); } // Now lets make sure the user is allowed to add the event (not private) $sql = "SELECT cal_access FROM webcal_entry WHERE cal_id = " . $id; $res = dbi_query($sql); if (!$res) { echo translate("Invalid entry id") . ": {$id}"; exit; } $row = dbi_fetch_row($res); if ($row[0] == "R" && !$is_my_event) { $is_private = true; etranslate("This is a private event and may not be added to your calendar."); exit; } else { $is_private = false; } // add the event if ($readonly == "N" && !$is_my_event && !$is_private) { if (!dbi_query("INSERT INTO webcal_entry_user ( cal_id, cal_login, cal_status ) VALUES ( {$id}, '{$login}', 'A' )")) { $error = translate("Error adding event") . ": " . dbi_error(); } } } send_to_preferred_view(); exit;
$login = $login_pw[0]; $cryptpw = $login_pw[1]; // Security fix. Don't allow certain types of characters in // the login. WebCalendar does not escape the login name in // SQL requests. So, if the user were able to set the login // name to be "x';drop table u;", // they may be able to affect the database. if (!empty($login)) { if ($login != addslashes($login)) { die_miserable_death("Illegal characters in login " . "<tt>" . htmlentities($login) . "</tt>"); } } // make sure we are connected to the database for password check $c = @dbi_connect($db_host, $db_login, $db_password, $db_database); if (!$c) { die_miserable_death("Error connecting to database:<blockquote>" . dbi_error() . "</blockquote>\n"); } doDbSanityCheck(); if (!user_valid_crypt($login, $cryptpw)) { do_debug("User not logged in; redirecting to login page"); if (empty($login_return_path)) { do_redirect("login.php"); } else { do_redirect("login.php?return_path={$login_return_path}"); } } do_debug("Decoded login from cookie: {$login}"); } } } }
include_once 'includes/init.php'; load_user_layers(); $status = getValue('status', '(on|off)', true); $public = getValue('public'); if ($ALLOW_VIEW_OTHER != 'Y') { print_header(); echo print_not_auth(7) . print_trailer(); exit; } $updating_public = false; $url = 'layers.php'; if ($is_admin && !empty($public) && $PUBLIC_ACCESS == 'Y') { $updating_public = true; $layer_user = '******'; $url .= '?public=1'; } else { $layer_user = $login; } dbi_execute('DELETE FROM webcal_user_pref WHERE cal_login = ? AND cal_setting = \'LAYERS_STATUS\'', array($layer_user)); $sql = 'INSERT INTO webcal_user_pref ( cal_login, cal_setting, cal_value ) VALUES ( ?, \'LAYERS_STATUS\', ? )'; if (!dbi_execute($sql, array($layer_user, $status == 'off' ? 'N' : 'Y'))) { $error = translate('Unable to update preference') . ': ' . dbi_error() . '<br /><br /><span class="bold">SQL:</span> ' . $sql; break; } if (empty($error)) { do_redirect($url); } print_header(); echo print_error($error, true) . print_trailer();
} if ($row[1] == 'A') { $approved[$num_app++] = $pname; } else { if ($row[1] == 'W') { $waiting[$num_wait++] = $pname; } else { if ($row[1] == 'R') { $rejected[$num_rej++] = $pname; } } } } dbi_free_result($res); } else { echo translate("Database error") . ": " . dbi_error() . "<br />\n"; } } for ($i = 0; $i < $num_app; $i++) { user_load_variables($approved[$i], "temp"); if (strlen($tempemail)) { echo "<a href=\"mailto:" . $tempemail . "?subject={$subject}\">" . $tempfullname . "</a><br />\n"; $allmails[] = $tempemail; } else { echo $tempfullname . "<br />\n"; } } // show external users here... if (!empty($allow_external_users) && $allow_external_users == "Y") { $external_users = event_get_external_users($id, 1); $ext_users = explode("\n", $external_users);
$sql .= " cal_lastname = '{$nlastname}', "; } if ($nfirstname) { $sql .= " cal_firstname = '{$nfirstname}', "; } $sql .= "cal_admin = '{$nadmin}' WHERE cal_login = '******'"; if (!dbi_query($sql)) { $error = translate("Database error") . ": " . dbi_error(); } } else { // Adding if (preg_match("/^[\\w]+\$/", $nid)) { $nid = $NONUSER_PREFIX . $nid; $sql = "INSERT INTO webcal_nonuser_cals " . "( cal_login, cal_firstname, cal_lastname, cal_admin ) " . "VALUES ( '{$nid}', '{$nfirstname}', '{$nlastname}', '{$nadmin}' )"; if (!dbi_query($sql)) { $error = translate("Database error") . ": " . dbi_error(); } } else { $error = translate("Calendar ID") . " " . translate("word characters only") . "."; } } } if (!empty($error)) { print_header('', '', '', true); ?> <h2><?php etranslate("Error"); ?> </h2>
<!-- in if -->'; $cnt = 0; while (($row = dbi_fetch_row($res)) && $cnt < $num) { $out .= ' <!-- in while type: $row[2] --> <log> <login>' . ws_escape_xml($row[0]) . '</login> <calendar>' . ws_escape_xml($row[1]) . '</calendar> <type>' . ws_escape_xml($row[2]) . '</type> <date>' . ws_escape_xml($row[3]) . '</date> <time>' . ws_escape_xml($row[4]) . '</time> <action>' . ws_escape_xml($row[5]) . '</action> <id>' . ws_escape_xml($row[6]) . '</id> </log> '; $cnt++; } dbi_free_result($res); } else { $out .= ' <error>' . ws_escape_xml(dbi_error()) . '</error>'; } $out .= ' </activitylog> '; // If web servic debugging is on... if (!empty($WS_DEBUG) && $WS_DEBUG) { ws_log_message($out); } // Send output now... echo $out;