}
$sql .= '?';
$query_params[] = $my_users[$i]['cal_login'];
}
$res = dbi_execute($sql . ' )', $query_params);
if ($res) {
$row = dbi_fetch_row($res);
if ($row && $row[0] > 0) {
$can_view = true;
}
dbi_free_result($res);
}
}
// If we didn't indicate we need to check groups, then this user
// can't view this event.
if (!$check_group && !access_is_enabled()) {
$can_view = false;
}
}
}
$hide_details = $login == '__public__' && !empty($OVERRIDE_PUBLIC) && $OVERRIDE_PUBLIC == 'Y';
// If they still cannot view, make sure they are not looking at a nonuser
// calendar event where the nonuser is the _only_ participant.
if (empty($error) && !$can_view && !empty($NONUSER_ENABLED) && $NONUSER_ENABLED == 'Y') {
$nonusers = get_nonuser_cals();
$nonuser_lookup = array();
for ($i = 0, $cnt = count($nonusers); $i < $cnt; $i++) {
$nonuser_lookup[$nonusers[$i]['cal_login']] = 1;
}
$res = dbi_execute('SELECT cal_login FROM webcal_entry_user
WHERE cal_id = ? AND cal_status in ( \'A\', \'W\' )', array($id));
$can_show_log = access_can_access_function(ACCESS_ACTIVITY_LOG);
}
if ($can_show_log) {
$hideActivityStr = translate('Hide activity log');
$showActivityStr = translate('Show activity log');
echo '
<li><a title="' . (!$show_log ? $showActivityStr . '" class="nav" href="view_entry.php?id=' . $id . '&log=1">' . $showActivityStr : $hideActivityStr . '" class="nav" href="view_entry.php?id=' . $id . '">' . $hideActivityStr) . '</a></li>';
}
echo '
</ul>';
if ($can_show_log && $show_log) {
$PAGE_SIZE = 25;
// number of entries to show at once
echo generate_activity_log($id);
}
if (access_can_access_function(ACCESS_EXPORT) && (!$is_private && !$is_confidential || !access_is_enabled()) && !$hide_details) {
$exportStr = translate('Export');
$exportThisStr = translate('Export this entry to');
$palmStr = translate('Palm Pilot');
$selectStr = generate_export_select();
$userStr = !empty($user) ? '<input type="hidden" name="user" value="' . $user . '" />' : '';
echo <<<EOT
<br />
<form method="post" name="exportform" action="export_handler.php">
<label for="exformat">{$exportThisStr}: </label>
{$selectStr}
<input type="hidden" name="id" value="{$id}" />
{$userStr}
<input type="submit" value="{$exportStr}" />
</form>
EOT;
}
print_issue(translate('File permissions') . ': includes/settings.php', $isOk, $help);
// If email or reminders are not enabled, tell them to remove the file
if ($SEND_EMAIL != 'Y') {
// Reminders are disabled!
$isOk = !file_exists('tools/send_reminders.php');
$help = translate('Because you have email disabled, you should remove this file.');
print_issue(translate('File exists') . ': tools/send_reminders.php', $isOk, $help);
} else {
// Is tools/send_reminders.php in the 'standard' location
$isOk = !file_exists('tools/send_reminders.php');
$help = translate('If you are not using this file, remove it. Otherwise, it should be moved to a different location.') . '<br/><tt>' . get_wc_path('tools/send_reminders.php') . '</tt>';
print_issue(translate('File location') . ': tools/send_reminders.php', $isOk, $help);
}
// Is UAC enabled
$isOk = access_is_enabled();
$help = translate('You may want to consider enabling User Access Control to set user privileges.');
print_issue(translate('System Settings') . ': ' . translate('User Access Control'), $isOk, $help);
// If Public Access enabled, make sure approvals are on
if ($PUBLIC_ACCESS == 'Y') {
$isOk = $PUBLIC_ACCESS_CAN_ADD != 'Y' || $PUBLIC_ACCESS_ADD_NEEDS_APPROVAL == 'Y';
$help = translate('It is recommended that public event submissions be approved');
print_issue(translate('System Settings') . ': ' . translate('Public access new events require approval'), $isOk, $help);
$isOk = $ENABLE_CAPTCHA == 'Y';
$help = translate('CAPTCHA is recommended to guard againt automated event submissions.');
print_issue(translate('System Settings') . ': ' . translate('Require CAPTCHA validation for public access new events'), $isOk, $help);
}
// See if db cache directory is subdirectory of WebCalendar
$isOk = true;
$help = translate('The database cache directory should be in a directory that cannot be accessed with a URL.');
if (!empty($settings['db_cachedir']) && $wcDir != '.') {
}
}
}
}
}
// Now, mark event as deleted for all users.
dbi_execute('UPDATE webcal_entry_user SET cal_status = \'D\' WHERE cal_id = ?', array($id));
// Delete External users for this event
dbi_execute('DELETE FROM webcal_entry_ext_user WHERE cal_id = ?', array($id));
}
} else {
// Not the owner of the event, but participant or noncal_admin.
// Just set the status to 'D' instead of deleting.
$del_user = !empty($other_user) ? $other_user : $login;
if (!empty($user) && $user != $login) {
if ($is_admin || $my_event || $can_edit && $is_assistant || access_is_enabled() && access_user_calendar('edit', $user)) {
$del_user = $user;
} else {
// Error: user cannot delete from other user's calendar.
$error = print_not_auth(6);
}
}
if (empty($error)) {
if ($override_repeat) {
dbi_execute('INSERT INTO webcal_entry_repeats_not
( cal_id, cal_date, cal_exdate ) VALUES ( ?, ?, ? )', array($id, $date, 1));
// Should we log this to the activity log???
} else {
dbi_execute('UPDATE webcal_entry_user SET cal_status = ?
WHERE cal_id = ? AND cal_login = ?', array('D', $id, $del_user));
activity_log($id, $login, $login, $log_reject, '');
function access_can_view_page($page = '', $user = '')
{
global $access_user, $is_admin, $login, $page_lookup, $page_lookup_ex, $PHP_SELF;
if (!access_is_enabled()) {
return true;
}
if (empty($user) && !empty($login)) {
$user = $login;
}
assert('! empty ( $user )');
if (empty($page) && !empty($PHP_SELF)) {
$page = $PHP_SELF;
}
assert('! empty ( $page )');
$page = basename($page);
// Handle special cases for publish.php and freebusy.php.
if (substr($page, -3) == 'ics') {
$page = 'publish.php';
}
if (substr($page, -3) == 'ifb') {
$page = 'freebusy.php';
}
// First, check list of exceptions to our rules.
if (!empty($page_lookup_ex[$page])) {
return true;
}
for ($i = 0; $i <= ACCESS_NUMBER_FUNCTIONS; $i++) {
if (!empty($page_lookup[$i]) && preg_match("/{$page_lookup[$i]}/", $page)) {
$page_id = $i;
}
}
//echo "page_id = $page_id<br />page = $page<br />\n";
// If the specified user is the currently logged in user, then we have already
// loaded this user's access, stored in the global variable $access_user.
$access = !empty($login) && $user == $login && !empty($access_user) ? $access_user : access_load_user_functions($user);
assert('! empty ( $access )');
// If we did not find a page id, then this is also a WebCalendar bug.
// (Someone needs to add another entry in the $page_lookup[] array.)
$yesno = substr($access, $page_id, 1);
// No setting found. Use default values.
if (empty($yesno)) {
$yesno = get_default_function_access($page_id, $user);
}
//echo "yesno = $yesno<br />\n";
assert('! empty ( $yesno )');
return $yesno == 'Y';
}
// See if a user login was specified in the URL
$user = getGetValue('user');
// translate 'public' to be '__public__'
if ($user == 'public') {
$user = '******';
}
// Make sure the current user has proper permissions to see unapproved
// events for the specified user. We're not checking to see if
if ($user != '') {
if (access_is_enabled()) {
if (!access_user_calendar('approve', $user)) {
// not allowed
$user = login;
}
} else {
if (!$is_admin && $user != $login && !$is_assistant && !access_is_enabled()) {
$user = $login;
}
}
}
// If not, user current user's login
if ($user == '') {
$user = $login;
}
$charset = empty($LANGUAGE) ? 'iso-8859-1' : translate('charset');
// This should work ok with RSS, may need to hardcode fallback value.
$lang = languageToAbbrev($LANGUAGE == 'Browser-defined' || $LANGUAGE == 'none' ? $lang : $LANGUAGE);
if ($lang == 'en') {
$lang = 'en-us';
}
//the RSS 2.0 default.
if (access_is_enabled()) {
$show_others = access_can_access_function(ACCESS_ADVANCED_SEARCH);
} else {
if ($login != '__public__' && !$is_nonuser && !empty($ALLOW_VIEW_OTHER) && $ALLOW_VIEW_OTHER == 'Y') {
$show_others = true;
} else {
if ($login == '__public__' && !empty($PUBLIC_ACCESS_OTHERS) && $PUBLIC_ACCESS_OTHERS == 'Y') {
$show_others = true;
}
}
}
}
$show_advanced = getValue('adv', '[01]');
$show_advanced = $show_advanced == '1' ? '1' : '0';
$avdStyle = array('hidden', 'visible');
if (access_is_enabled() && !access_can_access_function(ACCESS_ADVANCED_SEARCH)) {
$show_advanced = false;
}
load_user_categories();
$selected = ' selected="selected" ';
$advSearchStr = translate('Advanced Search');
$searchStr = translate('Search');
$INC = array();
if ($show_advanced) {
$INC[] = 'js/visible.php';
}
if ($show_others) {
$INC[] = 'js/search.php/true';
}
print_header($INC);
ob_start();
function build_entry_popup($popupid, $user, $description = '', $time, $site_extras = '', $location = '', $name = '', $id = '', $reminder = '')
{
global $ALLOW_HTML_DESCRIPTION, $DISABLE_POPUPS, $login, $PARTICIPANTS_IN_POPUP, $popup_fullnames, $popuptemp_fullname, $PUBLIC_ACCESS_VIEW_PART, $SUMMARY_LENGTH, $tempfullname;
if (!empty($DISABLE_POPUPS) && $DISABLE_POPUPS == 'Y') {
return;
}
// Restrict info if time only set.
$details = true;
if (function_exists('access_is_enabled') && access_is_enabled() && $user != $login) {
$time_only = access_user_calendar('time', $user);
$details = $time_only == 'N' ? 1 : 0;
}
$ret = '<dl id="' . $popupid . '" class="popup">' . "\n";
if (empty($popup_fullnames)) {
$popup_fullnames = array();
}
$partList = array();
if ($details && $id != '' && !empty($PARTICIPANTS_IN_POPUP) && $PARTICIPANTS_IN_POPUP == 'Y' && !($PUBLIC_ACCESS_VIEW_PART == 'N' && $login == '__public__')) {
$rows = dbi_get_cached_rows('SELECT cal_login, cal_status
FROM webcal_entry_user WHERE cal_id = ? AND cal_status IN ( \'A\',\'W\' )', array($id));
if ($rows) {
for ($i = 0, $cnt = count($rows); $i < $cnt; $i++) {
$row = $rows[$i];
$participants[] = $row;
}
}
for ($i = 0, $cnt = count($participants); $i < $cnt; $i++) {
user_load_variables($participants[$i][0], 'temp');
$partList[] = $tempfullname . ' ' . ($participants[$i][1] == 'W' ? '(?)' : '');
}
$rows = dbi_get_cached_rows('SELECT cal_fullname FROM webcal_entry_ext_user
WHERE cal_id = ? ORDER by cal_fullname', array($id));
if ($rows) {
$extStr = translate('External User');
for ($i = 0, $cnt = count($rows); $i < $cnt; $i++) {
$row = $rows[$i];
$partList[] = $row[0] . ' (' . $extStr . ')';
}
}
}
if ($user != $login) {
if (empty($popup_fullnames[$user])) {
user_load_variables($user, 'popuptemp_');
$popup_fullnames[$user] = $popuptemp_fullname;
}
$ret .= '<dt>' . translate('User') . ":</dt>\n<dd>{$popup_fullnames[$user]}</dd>\n";
}
$ret .= ($SUMMARY_LENGTH < 80 && strlen($name) && $details ? '<dt>' . htmlspecialchars(substr($name, 0, 40)) . "</dt>\n" : '') . (strlen($time) ? '<dt>' . translate('Time') . ":</dt>\n<dd>{$time}</dd>\n" : '') . (!empty($location) && $details ? '<dt>' . translate('Location') . ":</dt>\n<dd> {$location}</dd>\n" : '') . (!empty($reminder) && $details ? '<dt>' . translate('Send Reminder') . ":</dt>\n<dd> {$reminder}</dd>\n" : '');
if (!empty($partList) && $details) {
$ret .= '<dt>' . translate('Participants') . ":</dt>\n";
foreach ($partList as $parts) {
$ret .= "<dd> {$parts}</dd>\n";
}
}
if (!empty($description) && $details) {
$ret .= '<dt>' . translate('Description') . ":</dt>\n<dd>";
if (!empty($ALLOW_HTML_DESCRIPTION) && $ALLOW_HTML_DESCRIPTION == 'Y') {
// Replace &s and decode special characters.
$str = unhtmlentities(str_replace('&amp;', '&', str_replace('&', '&', $description)));
// If there is no HTML found, then go ahead and replace
// the line breaks ("\n") with the HTML break ("<br />").
$ret .= strstr($str, '<') && strstr($str, '>') ? $str : nl2br($str);
} else {
// HTML not allowed in description, escape everything.
$ret .= nl2br(htmlspecialchars($description));
}
$ret .= "</dd>\n";
}
//if $description
return $ret . (empty($site_extras) ? '' : $site_extras) . "</dl>\n";
}
}
//modif LCS
if (!access_is_enabled() && $login != '__public__' || access_can_access_function(ACCESS_IMPORT)) {
$help_list['Import EDT'] = 'lcs_help_import.php';
}
if (!access_is_enabled() && $login != '__public__' || access_can_access_function(ACCESS_IMPORT)) {
$help_list['Import masse'] = 'lcs_help_import2.php';
}
//eom
if (!access_is_enabled() && $login != '__public__' || access_can_access_function(ACCESS_PREFERENCES)) {
$help_list['Preferences'] = 'help_pref.php';
}
if (access_is_enabled() && $login != '__public__') {
$help_list['User Access Control'] = 'help_uac.php';
}
if ($is_admin && !access_is_enabled() || access_can_access_function(ACCESS_IMPORT)) {
$help_list['System Settings'] = 'help_admin.php';
}
$help_list['Documentation'] = 'help_docs.php';
$help_list['Report Bug'] = 'help_bug.php';
$helpListStr = '
<div class="helplist">
' . translate('Page') . ': ';
$page = 0;
if (empty($thispage)) {
$thispage = 0;
}
foreach ($help_list as $key => $val) {
$page++;
$helpListStr .= '
<a' . ($page == $thispage ? ' class="current"' : '') . ' title="' . translate($key) . '" href="' . $val . '?thispage=' . $page . '">' . $page . '</a>';
} elseif ($extra_type == EXTRA_TEXT) {
$size = $extra_arg1 > 0 ? $extra_arg1 : 50;
echo '
<input type="text" size="' . $size . '" name="' . $extra_name . '" value="' . (empty($extras[$extra_name]['cal_data']) ? '' : htmlspecialchars($extras[$extra_name]['cal_data'])) . '" />';
} elseif ($extra_type == EXTRA_MULTILINETEXT) {
echo '
<textarea rows="' . ($extra_arg2 > 0 ? $extra_arg2 : 5) . '" cols="' . ($extra_arg1 > 0 ? $extra_arg1 : 50) . '" name="' . $extra_name . '">' . (empty($extras[$extra_name]['cal_data']) ? '' : htmlspecialchars($extras[$extra_name]['cal_data'])) . '</textarea>';
} elseif ($extra_type == EXTRA_USER) {
// Show list of calendar users...
echo '
<select name="' . $extra_name . '">
<option value="">None</option>';
$userlist = get_my_users(get_my_users);
$usercnt = count($userlist);
for ($j = 0; $j < $usercnt; $j++) {
if (access_is_enabled() && !access_user_calendar('view', $userlist[$j]['cal_login'])) {
continue;
}
// Cannot view calendar so cannot add to their cal.
echo '
<option value="' . $userlist[$j]['cal_login'] . '"' . (!empty($extras[$extra_name]['cal_data']) && $userlist[$j]['cal_login'] == $extras[$extra_name]['cal_data'] ? $selected : '') . '>' . $userlist[$j]['cal_fullname'] . '</option>';
}
echo '
</select>';
} elseif ($extra_type == EXTRA_SELECTLIST) {
// Show custom select list.
$extraSelectArr = $isMultiple = $multiselect = '';
if (is_array($extra_arg1)) {
$extra_arg1cnt = count($extra_arg1);
if ($extra_arg2 > 0) {
$multiselect = ' multiple="multiple" size="' . min($extra_arg2, $extra_arg1cnt) . '" ';
$myusers = get_my_users('', 'view');
$userlookup = array();
for ($i = 0, $cnt = count($myusers); $i < $cnt; $i++) {
$userlookup[$myusers[$i]['cal_login']] = 1;
}
$newlist = array();
$cnt = count($users);
for ($i = 0; $i < $cnt; $i++) {
if (!empty($userlookup[$users[$i]])) {
$newlist[] = $users[$i];
}
}
$users = $newlist;
}
// Now, use access control to remove more users :-)
if (access_is_enabled() && !$is_admin) {
$newlist = array();
for ($i = 0; $i < count($users); $i++) {
if (access_user_calendar('view', $users[$i])) {
$newlist[] = $users[$i];
//echo "can access $users[$i] <br>";
} else {
//echo "cannot access $users[$i] <br>";
}
}
$users = $newlist;
}
}
if (empty($users) || empty($users[0])) {
$search_others = false;
}
function get_users_to_approve()
{
global $is_admin, $login, $NONUSER_ENABLED, $PUBLIC_ACCESS, $user;
$app_user_hash = $app_users = $my_non_users = array();
$non_users = get_nonuser_cals();
foreach ($non_users as $nonuser) {
if (user_is_nonuser_admin($login, $nonuser['cal_login'])) {
$my_non_users[]['cal_login'] = $nonuser['cal_login'];
// echo $nonuser['cal_login'] . "<br />";
}
}
// First, we list ourself.
$app_users[] = $login;
$app_user_hash[$login] = 1;
if (access_is_enabled()) {
$all = !empty($NONUSER_ENABLED) && $NONUSER_ENABLED == 'Y' ? array_merge(get_my_users(), $my_non_users) : get_my_users();
for ($j = 0, $cnt = count($all); $j < $cnt; $j++) {
$x = $all[$j]['cal_login'];
if (access_user_calendar('approve', $x)) {
if (empty($app_user_hash[$x])) {
$app_users[] = $x;
$app_user_hash[$x] = 1;
}
}
}
} else {
if ($is_admin && $PUBLIC_ACCESS == 'Y' && (empty($user) || $user != '__public__')) {
$app_users[] = '__public__';
$app_users_hash['__public__'] = 1;
}
$all = $my_non_users;
for ($j = 0, $cnt = count($all); $j < $cnt; $j++) {
$x = $all[$j]['cal_login'];
if (empty($app_user_hash[$x])) {
$app_users[] = $x;
$app_user_hash[$x] = 1;
}
}
}
return $app_users;
}
/**
* Remove any users from the view list who this user is not
* allowed to view.
* @param int $view_id id of the view
* @return the array of valid users
*/
function view_get_user_list($view_id)
{
global $error, $login, $is_admin, $NONUSER_ENABLED, $USER_SEES_ONLY_HIS_GROUPS;
// get users in this view
$res = dbi_execute('SELECT cal_login FROM webcal_view_user WHERE cal_view_id = ?', array($view_id));
$ret = array();
$all_users = false;
if ($res) {
while ($row = dbi_fetch_row($res)) {
$ret[] = $row[0];
if ($row[0] == '__all__') {
$all_users = true;
}
}
dbi_free_result($res);
} else {
$error = db_error();
}
if ($all_users) {
$users = get_my_users('', 'view');
$ret = array();
$usercnt = count($users);
for ($i = 0; $i < $usercnt; $i++) {
$ret[] = $users[$i]['cal_login'];
}
} else {
$myusers = get_my_users('', 'view');
if (!empty($NONUSER_ENABLED) && $NONUSER_ENABLED == 'Y') {
$myusers = array_merge($myusers, get_my_nonusers($login, true, 'view'));
}
// Make sure this user is allowed to see all users in this view
// If this is a global view, it may include users that this user
// is not allowed to see.
if (!empty($USER_SEES_ONLY_HIS_GROUPS) && $USER_SEES_ONLY_HIS_GROUPS == 'Y') {
$userlookup = array();
$myusercnt = count($myusers);
for ($i = 0; $i < $myusercnt; $i++) {
$userlookup[$myusers[$i]['cal_login']] = 1;
}
$newlist = array();
$retcnt = count($ret);
for ($i = 0; $i < $retcnt; $i++) {
if (!empty($userlookup[$ret[$i]])) {
$newlist[] = $ret[$i];
}
}
$ret = $newlist;
}
//Sort user list...
$sortlist = array();
$myusercnt = count($myusers);
$retcnt = count($ret);
for ($i = 0; $i < $myusercnt; $i++) {
for ($j = 0; $j < $retcnt; $j++) {
if ($myusers[$i]['cal_login'] == $ret[$j]) {
$sortlist[] = $ret[$j];
break;
}
}
}
$ret = $sortlist;
}
// If user access control enabled, check against that as well.
if (access_is_enabled() && !$is_admin) {
$newlist = array();
$retcnt = count($ret);
for ($i = 0; $i < $retcnt; $i++) {
if (access_user_calendar('view', $ret[$i])) {
$newlist[] = $ret[$i];
}
}
$ret = $newlist;
}
//echo "<pre>"; print_r ( $ret ); echo "</pre>\n";
return $ret;
}
}
}
}
//end new/old event
// Some users report that they get an error on duplicate keys
// on the following add... As a safety measure, delete any
// existing entry with the id. Ignore the result.
dbi_execute('DELETE FROM webcal_entry_user WHERE cal_id = ? AND cal_login = ?', array($id, $participants[$i]));
if (!dbi_execute('INSERT INTO webcal_entry_user ( cal_id, cal_login,
cal_status, cal_percent ) VALUES ( ?, ?, ?, ? )', array($id, $participants[$i], $status, $new_percent))) {
$error = $dberror . dbi_error();
break;
} else {
// Check UAC.
$can_email = 'Y';
if (access_is_enabled()) {
$can_email = access_user_calendar('email', $participants[$i], $login);
}
// Don't send mail if we are editing a non-user calendar and we are the admin.
if (!$is_nonuser_admin && $can_email == 'Y') {
// Only send mail if their email address is filled in.
$do_send = get_pref_setting($participants[$i], $newevent ? 'EMAIL_EVENT_ADDED' : 'EMAIL_EVENT_UPDATED');
$htmlmail = get_pref_setting($participants[$i], 'EMAIL_HTML');
$t_format = get_pref_setting($participants[$i], 'TIME_FORMAT');
$user_TIMEZONE = get_pref_setting($participants[$i], 'TIMEZONE');
set_env('TZ', $user_TIMEZONE);
$user_language = get_pref_setting($participants[$i], 'LANGUAGE');
user_load_variables($participants[$i], 'temp');
if (boss_must_be_notified($login, $participants[$i]) && !empty($tempemail) && $do_send == 'Y' && $send_user_mail && $SEND_EMAIL != 'N') {
// We send to creator if they want it.
if ($send_own != 'Y' && $participants[$i] == $login) {
// Get the name of the event.
$res = dbi_execute('SELECT cal_name, cal_description, cal_date, cal_time,
cal_create_by FROM webcal_entry WHERE cal_id = ?', array($id));
if ($res) {
$row = dbi_fetch_row($res);
$name = $row[0];
$description = $row[1];
$fmtdate = $row[2];
$time = sprintf("%06d", $row[3]);
$creator = $row[4];
dbi_free_result($res);
}
$eventstart = date_to_epoch($fmtdate . $time);
// TODO figure out if creator wants approved comment email.
// Check UAC.
$send_user_mail = access_is_enabled() ? access_user_calendar('email', $creator, $login) : 'Y';
$htmlmail = get_pref_setting($creator, 'EMAIL_HTML');
user_load_variables($creator, 'temp');
$user_TIMEZONE = get_pref_setting($creator, 'TIMEZONE');
set_env('TZ', $user_TIMEZONE);
$user_language = get_pref_setting($creator, 'LANGUAGE');
if ($send_user_mail == 'Y' && strlen($tempemail) && $SEND_EMAIL != 'N') {
reset_language(empty($user_language) || $user_language == 'none' ? $LANGUAGE : $user_language);
// translate ( 'Hello' )
$msg = str_replace('XXX', $tempfullname, translate('Hello, XXX.')) . "\n\n" . str_replace('XXX', $login_fullname, translate('XXX has approved an appointment and added comments.')) . "\n\n" . str_replace('XXX', $name, translate('Subject XXX')) . "\n" . str_replace('XXX', $description, translate('Description XXX')) . "\n" . str_replace('XXX', date_to_str($fmtdate), translate('Date XXX')) . ' ' . (empty($hour) && empty($minute) ? '' : str_replace('XXX', display_time('', 2, $eventstart, get_pref_setting($creator, 'TIME_FORMAT')), translate('Time XXX'))) . "\n";
if (!empty($SERVER_URL)) {
// DON'T change & to & here. email will handle it
$url = $SERVER_URL . 'view_entry.php?id=' . $id . '&em=1';
if ($htmlmail == 'Y') {
$url = activate_urls($url);
}
}
}
// Add Menu Extra if defined.
if (!empty($menuExtras[5])) {
$menuScript .= parse_menu_extras($menuExtras[5]);
}
// Search Menu
if ($search_url != '' && $menuConfig['Search'] && ($login != '__public__' || $OVERRIDE_PUBLIC != 'Y')) {
jscMenu_menu('Search');
$doAdv = false;
if (!empty($menuConfig['Advanced Search'])) {
// Use UAC if enabled...
if (access_is_enabled() && access_can_access_function(ACCESS_ADVANCED_SEARCH)) {
$doAdv = true;
} else {
if (!access_is_enabled() && !$is_nonuser && $login != '__public__') {
$doAdv = true;
}
}
}
if ($doAdv) {
jscMenu_item('search.png', 'Advanced Search', 'search.php?adv=1');
jscMenu_divider();
}
jscMenu_custom('<td class="ThemeMenuItemLeft"><img src="includes/menu/icons' . '/spacer.gif" /></td><td colspan="2"><form action="search_handler.php' . (!empty($user) ? '?users[]=' . $user : '') . '" ' . 'method="post"><input type="text" name="keywords" size="25" /><input ' . 'type="submit" value="' . translate('Search') . '" /></form></td>');
jscMenu_close();
}
// Add Menu Extra if defined.
if (!empty($menuExtras[6])) {
$menuScript .= parse_menu_extras($menuExtras[6]);
}
if ($is_admin) {
$names[] = translate('Delete Events');
$links[] = 'purge.php';
}
/*
This Activity Log link shows ALL activity for ALL events, so you really need
to be an admin user for this. Enabling "Activity Log" in UAC just gives you
access to the log for your _own_ events or other events you have access to.
*/
if ($is_admin && (!access_is_enabled() || access_can_access_function(ACCESS_ACTIVITY_LOG))) {
$names[] = translate('Activity Log');
$links[] = 'activity_log.php';
$names[] = translate('System Log');
$links[] = 'activity_log.php?system=1';
}
if ($is_admin || !access_is_enabled() || access_is_enabled && access_can_access_function(ACCESS_SECURITY_AUDIT)) {
$names[] = translate('Security Audit');
$links[] = 'security_audit.php';
}
if ($is_admin && !empty($PUBLIC_ACCESS) && $PUBLIC_ACCESS == 'Y') {
$names[] = translate('Public Preferences');
$links[] = 'pref.php?public=1';
}
if ($is_admin && !empty($PUBLIC_ACCESS) && $PUBLIC_ACCESS == 'Y' && $PUBLIC_ACCESS_CAN_ADD == 'Y' && $PUBLIC_ACCESS_ADD_NEEDS_APPROVAL == 'Y') {
$names[] = translate('Unapproved Public Events');
$links[] = 'list_unapproved.php?user=__public__';
}
}
echo '
<h2>' . translate('Administrative Tools') . '</h2>
<table class="admin">';
if (empty($login) || $login != $_SERVER['PHP_AUTH_USER']) {
$_SERVER['PHP_AUTH_PW'] = $_SERVER['PHP_AUTH_USER'] = '';
unset($_SERVER['PHP_AUTH_USER']);
unset($_SERVER['PHP_AUTH_PW']);
header('WWW-Authenticate: Basic realm="' . $appStr . '"');
header('HTTP/1.0 401 Unauthorized');
exit;
}
}
load_global_settings();
load_user_preferences();
$WebCalendar->setLanguage();
// Load user name, etc.
user_load_variables($login, '');
// Make sure the have privileges to access the activity log
if (!$is_admin || access_is_enabled() && !access_can_access_function(ACCESS_ACTIVITY_LOG)) {
die_miserable_death(print_not_auth(2));
}
$charset = empty($LANGUAGE) ? 'iso-8859-1' : translate('charset');
// This should work ok with RSS, may need to hardcode fallback value.
$lang = languageToAbbrev($LANGUAGE == 'Browser-defined' || $LANGUAGE == 'none' ? $lang : $LANGUAGE);
if ($lang == 'en') {
$lang = 'en-us';
}
//the RSS 2.0 default.
$appStr = generate_application_name();
$descr = $appStr . ' - ' . translate('Activity Log');
// header ( 'Content-type: application/rss+xml');
header('Content-type: text/xml');
echo '<?xml version="1.0" encoding="' . $charset . '"?>
<rss version="2.0" xml:lang="' . $lang . '">
- handles form submittal from edit_user.php
- provides user with confirmation of successful operation
- refreshes the parent frame (users.php)
This structure is mirrored for groups & nonusers
*/
include_once 'includes/init.php';
if (empty($login) || $login == '__public__') {
// Do not allow public access.
do_redirect(empty($STARTVIEW) ? 'month.php' : $STARTVIEW);
exit;
}
$doUser = $doUsers = $doGroups = $doNUCS = false;
$doUser = !access_is_enabled() || access_can_access_function(ACCESS_ACCOUNT_INFO);
$doUsers = $is_admin || access_is_enabled() && access_can_access_function(ACCESS_USER_MANAGEMENT);
$doRemotes = !empty($REMOTES_ENABLED) && $REMOTES_ENABLED == 'Y' && (!access_is_enabled() || access_can_access_function(ACCESS_IMPORT));
if ($is_admin) {
$doGroups = !empty($GROUPS_ENABLED) && $GROUPS_ENABLED == 'Y';
$doNUCS = !empty($NONUSER_ENABLED) && $NONUSER_ENABLED == 'Y';
}
$currenttab = getValue('tab', '^(users|groups|nonusers|remotes||)$', true);
$currenttab = !empty($currenttab) ? $currenttab : 'users';
$BodyX = 'onload="showTab(\'' . $currenttab . '\');"';
print_header(array('js/visible.php', 'js/users.php/true'), '', $BodyX, '', '', true);
$taborder = array('tabfor', 'tabbak', 'tabbak', 'tabbak', 'tabbak');
$i = 0;
ob_start();
echo display_admin_link() . '
<!-- TABS -->
<div id="tabs">' . ($doUser || $doUsers ? '
<span class="' . $taborder[$i++] . '" id="tab_users"><a href="#tabusers" onclick="return ' . 'showTab( \'users\' )">' . ($is_admin ? translate('Users') : translate('Account')) . '</a></span>' : '') . ($doUsers && $doGroups ? '
function print_entry_timebar($event, $date)
{
global $ENTRY_SLOTS, $entrySlots, $eventinfo, $login, $PHP_SELF, $PUBLIC_ACCESS_FULLNAME, $slotValue, $totalHours, $totalSlots, $user, $width, $WORK_DAY_END_HOUR, $WORK_DAY_START_HOUR, $yardSlots, $yardWidth;
static $key = 0;
$insidespan = false;
$ret = '';
if (access_is_enabled()) {
$temp = $event->getLogin();
$can_access = access_user_calendar('view', $temp, '', $event->getCalType(), $event->getAccess());
$time_only = access_user_calendar('time', $temp);
} else {
$can_access = CAN_DOALL;
$time_only = 'N';
}
$id = $event->getID();
$name = $event->getName();
$linkid = "pop{$id}-{$key}";
$key++;
$day_start = $WORK_DAY_START_HOUR * 60;
$day_end = $WORK_DAY_END_HOUR * 60;
if ($day_end <= $day_start) {
$day_end = $day_start + 60;
}
//Avoid exceptions.
$time = date('His', $event->getDateTimeTS());
$startminutes = time_to_minutes($time);
$endminutes = time_to_minutes(date('His', $event->getEndDateTimeTS()));
$duration = $event->getDuration();
if ($event->isAllDay()) {
// All day event.
$ev_duration = $totalSlots;
$start_padding = 0;
} else {
if ($event->isUntimed()) {
$ev_duration = $start_padding = 0;
} else {
// Must be timed.
$start_padding = round(($startminutes - $day_start) / $slotValue);
if ($start_padding < 0) {
$start_padding = 0;
}
if ($startminutes > $day_end || $endminutes < $day_start) {
$ev_duration = 1;
} else {
if ($duration > 0) {
$ev_duration = intval($duration / $slotValue);
// Event starts before workday.
if ($startminutes < $day_start) {
$ev_duration = $ev_duration - (int) ($day_start - $startminutes) / $slotValue;
}
// Event ends after workday.
if ($endminutes > $day_end) {
$ev_duration = $ev_duration - (int) ($endminutes - $day_end) / $slotValue;
}
}
}
}
}
$end_padding = $totalSlots - $start_padding - $ev_duration + 1;
// If event is past viewing area.
if ($start_padding >= $totalSlots) {
$ev_duration = 1;
$start_padding = $totalSlots - 1;
}
// Choose where to position the text (pos=0->before,pos=1->on,pos=2->after).
if ($ev_duration / $totalSlots >= 0.3) {
$pos = 1;
} elseif ($end_padding / $totalSlots >= 0.3) {
$pos = 2;
} else {
$pos = 0;
}
$ret .= '
<!-- ENTRY BAR -->
<tr class="entrycont">' . ($start_padding > 0 ? '
<td class="alignright" colspan="' . $start_padding . '">' : '');
if ($pos > 0) {
if (!$event->isUntimed()) {
$ret .= ($start_padding > 0 ? ' </td>' : '') . '
<td class="entry" colspan="' . $ev_duration . '">' . ($pos > 1 ? ' </td>
<td class="alignleft" colspan="' . $end_padding . '">' : '');
} else {
// Untimed, just display text.
$ret .= '
<td colspan="' . $totalSlots . '">';
}
}
$tempClone = $event->getClone();
$tempPri = $event->getPriority() < 4;
return $ret . ($tempPri ? '<strong>' : '') . ($can_access != 0 && $time_only != 'Y' ? '
<a class="entry" id="' . $linkid . '" href="view_entry.php?id=' . $id . '&date=' . ($tempClone ? $tempClone : $date) . (strlen($user) > 0 ? '&user='******'') . '">' : '') . '[' . ($event->getLogin() == '__public__' ? $PUBLIC_ACCESS_FULLNAME : $event->getLogin()) . '] ' . build_entry_label($event, 'eventinfo-' . $linkid, $can_access, $event->isAllDay() ? translate('All day event') : (!$event->isUntimed() ? display_time($event->getDatetime()) . ($event->getDuration() > 0 ? ' - ' . display_time($event->getEndDateTime(), 2) : '') : ''), $time_only) . ($insidespan ? '</span>' : '') . '</a>' . ($tempPri ? '</strong>' : '') . '</td>' . ($pos < 2 ? ($pos < 1 ? '
<td class="entry" colspan="' . $ev_duration . '"> </td>' : '') . ($end_padding > 1 ? '
<td class="alignleft" colspan="' . $end_padding . '"> </td>' : '') : '') . '
</tr>';
}
function list_unapproved($user)
{
global $eventinfo, $key, $login, $NONUSER_ENABLED, $noret, $temp_fullname;
user_load_variables($user, 'temp_');
$rssLink = '<a href="rss_unapproved.php?user='******'"><img src="images/rss.png" width="14" height="14" alt="RSS 2.0 - ' . htmlspecialchars($temp_fullname) . '" border="0"/></a>';
$count = 0;
$ret = '';
$sql = 'SELECT we.cal_id, we.cal_name, we.cal_description, weu.cal_login,
we.cal_priority, we.cal_date, we.cal_time, we.cal_duration,
weu.cal_status, we.cal_type
FROM webcal_entry we, webcal_entry_user weu
WHERE we.cal_id = weu.cal_id AND weu.cal_login = ? AND weu.cal_status = \'W\'
ORDER BY weu.cal_login, we.cal_date';
$rows = dbi_get_cached_rows($sql, array($user));
if ($rows) {
$allDayStr = translate('All day event');
$appConStr = translate('Approve/Confirm');
$appSelStr = translate('Approve Selected');
$checkAllStr = translate('Check All');
$deleteStr = translate('Delete');
$emailStr = translate('Emails Will Not Be Sent');
$rejectSelStr = translate('Reject Selected');
$rejectStr = translate('Reject');
$uncheckAllStr = translate('Uncheck All');
$viewStr = translate('View this entry');
for ($i = 0, $cnt = count($rows); $i < $cnt; $i++) {
$row = $rows[$i];
$key++;
$id = $row[0];
$name = $row[1];
$description = $row[2];
$cal_user = $row[3];
$pri = $row[4];
$date = $row[5];
$time = sprintf("%06d", $row[6]);
$duration = $row[7];
$status = $row[8];
$type = $row[9];
$view_link = 'view_entry';
$entryID = 'entry' . $type . $id;
$linkid = "pop{$id}-{$key}";
$timestr = '';
if ($time > 0 || $time == 0 && $duration != 1440) {
$eventstart = date_to_epoch($date . $time);
$eventstop = $eventstart + $duration;
$eventdate = date_to_str(date('Ymd', $eventstart));
$timestr = display_time('', 0, $eventstart) . ($duration > 0 ? ' - ' . display_time('', 0, $eventstop) : '');
} else {
// Don't shift date if All Day or Untimed.
$eventdate = date_to_str($date);
// If All Day display in popup.
if ($time == 0 && $duration == 1440) {
$timestr = $allDayStr;
}
}
$ret .= ($count == 0 ? '
<tr>
<td colspan="5"><h3>' . $temp_fullname . ' ' . $rssLink . '</h3></td>
</tr>' : '') . '
<tr ' . ($count % 2 == 0 ? '' : 'class="odd"') . '>
<td width="5%" align="right"><input type="checkbox" name="' . $entryID . '" value="' . $user . '"/></td>
<td><a title="' . $viewStr . '" class="entry" id="' . $linkid . '" href="' . $view_link . '.php?id=' . $id . '&user='******'">' . htmlspecialchars($name) . '</a> (' . $eventdate . '):</td>' . '
<td align="center"><input type="image" src="images/check.gif" title="' . $appConStr . '" onclick="return do_confirm( \'approve\', \'' . $cal_user . '\', \'' . $entryID . '\' );" /></td>' . '
<td align="center"><input type="image" src="images/rejected.gif" title="' . $rejectStr . '" onclick="return do_confirm( \'reject\', \'' . $cal_user . '\', \'' . $entryID . '\' );" /></td>' . (!access_is_enabled() || access_user_calendar('edit', $user) ? '
<td align="center"><input type="image" src="images/delete.png" title="' . $deleteStr . '" onclick="return do_confirm( \'delete\', \'' . $cal_user . '\', \'' . $entryID . '\' );\\" /></td>' : '') . '
</tr>';
$eventinfo .= build_entry_popup('eventinfo-' . $linkid, $cal_user, $description, $timestr, site_extras_for_popup($id));
$count++;
}
if ($count > 1) {
$ret .= '
<tr>
<td colspan="5" nowrap="nowrap">
<img src="images/select.gif" border="0" alt="" />
<label><a title="' . $checkAllStr . '" onclick="check_all( \'' . $user . '\' );">' . $checkAllStr . '</a> / <a title="' . $uncheckAllStr . '" onclick="uncheck_all( \'' . $user . '\' );">' . $uncheckAllStr . '</a></label>
<input type="image" src="images/check.gif" title="' . $appSelStr . '" onclick="return do_confirm( \'approveSelected\', \'' . $cal_user . '\' );" />
<input type="image" src="images/rejected.gif" title="' . $rejectSelStr . '" onclick="return do_confirm( \'rejectSelected\', \'' . $cal_user . '\' );" /> ( ' . $emailStr . ' )
</td>
</tr>';
}
}
if ($count == 0) {
$noret .= '
<tr>
<td colspan="5" class="nounapproved">' . str_replace('XXX', $temp_fullname, translate('No unapproved entries for XXX.')) . ' ' . $rssLink . '</td>
</tr>';
}
return $ret;
}
}
if (access_can_access_function(ACCESS_EXPORT)) {
$goto_link[] = '<a title="' . $exportStr . '" href="export.php">' . $exportStr . '</a>';
}
}
if ($can_add) {
if (!empty($thisyear)) {
$tmpYrStr = 'year=' . $thisyear . (!empty($thismonth) ? '&month=' . $thismonth : '') . (!empty($thisday) ? '&day=' . $thisday : '');
}
$goto_link[] = '<a title="' . $addNewEntryStr . '" href="edit_entry.php' . (!empty($thisyear) ? '?' . $tmpYrStr : '') . '">' . $addNewEntryStr . '</a>';
if ($DISPLAY_TASKS_IN_GRID == 'Y' || $DISPLAY_TASKS == 'Y') {
$goto_link[] = '<a title="' . $addNewTaskStr . '" href="edit_entry.php?eType=task' . (!empty($thisyear) ? '&' . $tmpYrStr : '') . '">' . $addNewTaskStr . '</a>';
}
}
}
$showHelp = access_is_enabled() ? access_can_access_function(ACCESS_HELP) : $login != '__public__' && !$is_nonuser;
if ($showHelp) {
$goto_link[] = '<a title="' . $helpStr . '" href="#" onclick="javascript:openHelp()" ' . 'onmouseover="window.status=\'\'; return true">' . $helpStr . '</a>';
}
if (count($goto_link) > 0) {
$tret .= '<span class="prefix">' . translate('Go to') . ':</span>' . "\n";
$gotocnt = count($goto_link);
for ($i = 0; $i < $gotocnt; $i++) {
$tret .= ($i > 0 ? ' | ' : '') . $goto_link[$i] . "\n";
}
}
$tret .= '<!-- VIEWS -->' . "\n";
$viewcnt = count($views);
if (access_can_access_function(ACCESS_VIEW) && $ALLOW_VIEW_OTHER != 'N' && $viewcnt > 0) {
for ($i = 0; $i < $viewcnt; $i++) {
$views_link[] = '<a title="' . htmlspecialchars($views[$i]['cal_name']) . '" href="' . $views[$i]['url'] . (!empty($thisdate) ? '&date=' . $thisdate : '') . '">' . htmlspecialchars($views[$i]['cal_name']) . "</a>\n";
* @license http://www.gnu.org/licenses/gpl.html GNU GPL
* @version $Id: edit_remotes.php,v 1.17.2.4 2007/11/12 20:47:48 umcesrjones Exp $
* @package WebCalendar
* @subpackage Edit Remotes
*
* Security
* $REMOTES_ENABLED must be enabled under System Settings and if
* if UAC is enabled, then the user must be allowed to ACCESS_IMPORT.
*/
include_once 'includes/init.php';
print_header(array('js/edit_remotes.php/false', 'js/visible.php'), '', '', true);
$error = '';
if (!$NONUSER_PREFIX) {
$error = translate('NONUSER_PREFIX not set');
}
if ($REMOTES_ENABLED != 'Y' || access_is_enabled() && !access_can_access_function(ACCESS_IMPORT)) {
$error = print_not_auth(11);
}
if ($error) {
echo print_error($error) . '
</body>
</html>';
exit;
}
$add = getValue('add');
$nid = getValue('nid');
// Adding/Editing remote calendar.
if (($add == '1' || !empty($nid)) && empty($error)) {
$userlist = get_nonuser_cals($login, true);
if (empty($nid)) {
$id_display = '<input type="text" name="nid" id="nid" size="20" ' . 'maxlength="20" onchange="check_name();" /> ' . translate('word characters only');
