function auth_ldap(&$login, &$pass)
{
global $set;
$lpw = 'LDAP|' . $login;
$stH = stPrep("SELECT `ID`,`name` FROM `users` WHERE `password` LIKE ? AND `status` >= 0");
stExec($stH, array($lpw));
$row = $stH->fetch(PDO::FETCH_ASSOC);
//fetch user details
$stH = null;
if ($row) {
// authenticate with ldap
if ($set['ldapEnv'] != '') {
putenv($set['ldapEnv']);
}
if (!($conn = @ldap_connect($set['ldapURI'], $set['ldapPort']))) {
return "LDAP connection to " . $set['ldapURI'] . " Port " . $set['ldapPort'] . " failed";
}
ldap_set_option($conn, LDAP_OPT_PROTOCOL_VERSION, $set['ldapProto']);
$binddn = $set['ldapUID'] . '=' . $login . ',' . $set['ldapDN'];
if (!($ret = @ldap_bind($conn, $binddn, $pass))) {
return "LDAP bind using {$binddn} failed";
}
$pass = $lpw;
$login = $row['name'];
}
return '';
}
function cronUserChk()
{
global $set;
//calculate minimum last login date required to keep account
$minLoginDate = date("Y-m-d", time() - $set['maxNoLogin'] * 86400);
//remove user accounts for users not logged in since $minLoginDate
//but never delete the public access user and admin user!
$stH = stPrep("DELETE FROM `users` WHERE `ID` > 2 AND `login1` < ?");
stExec($stH, array($minLoginDate));
$nrRemoved = $stH->rowCount();
return $nrRemoved;
}
function notifyNow(&$evt, $what)
{
//notify added/edited/deleted event
global $xx, $set, $nml, $apd, $app, $tit, $cid, $sda, $eda, $sti, $eti, $r_t, $ald, $chd, $uid, $repTxt;
$emlStyle = "background:#FFFFDD; color:#000099; font:12px arial, sans-serif;";
//email body style definition
//get category data
$stH = stPrep("SELECT `name`,`color`,`bgColor`,`checkBx`,`checkLb`,`checkMk` FROM `categories` WHERE `ID` = ?");
stExec($stH, array($cid));
$row = $stH->fetch(PDO::FETCH_ASSOC);
$stH = null;
//compose email message
$noteText = $what == 'add_exe' ? $xx['evt_event_added'] : ($what == 'upd_exe' ? $xx['evt_event_edited'] : $xx['evt_event_deleted']);
$dateTime = $sda;
if ($sti) {
$dateTime .= ' ' . $xx['at_time'] . ' ' . $sti;
}
if ($eda or $eti) {
$dateTime .= ' -';
}
if ($eda) {
$dateTime .= ' ' . $eda;
}
if ($eda and $eti) {
$dateTime .= ' ' . $xx['at_time'];
}
if ($eti) {
$dateTime .= ' ' . $eti;
}
$dateTime .= ($ald == 'all' ? ' ' . $xx['evt_all_day'] : '') . ($r_t ? ' (' . $repTxt . ')' : '');
$evD = DDtoID($sda);
$status = '';
if (!$eda and !$r_t) {
//no multi-day and not repeating
if ($row['checkBx']) {
$status .= $row['checkLb'] . ': ' . (strpos($chd, $evD) ? $row['checkMk'] : '- -');
}
}
$subject = "{$set['calendarTitle']} - {$noteText}: {$tit}";
$catColor = ($row['color'] ? "color:{$row['color']};" : "") . ($row['bgColor'] ? "background-color:{$row['bgColor']};" : "");
$eStyle = $catColor ? " style=\"{$catColor}\"" : "";
$eBoxStyle = ' style="padding-left:5px;' . (($app and !$apd) ? ' border-left:2px solid #ff0000;' : '') . '"';
$calUrl = $set['calendarUrl'] . (strpos($set['calendarUrl'], '?', 6) ? '&' : '?') . 'cD=' . $evD;
$evtText = makeE($evt, $set['evtTemplGen'], 'td', '', '12345');
$msgText = "\n<html>\n<head>\n<title>{$set['calendarTitle']} {$xx['evt_mailer']}</title>\n<style type='text/css'>\nbody, p, table {{$emlStyle}}\ntd {vertical-align:top;}\n</style>\n</head>\n<body>\n<p>{$set['calendarTitle']} {$xx['evt_mailer']} " . IDtoDD(date("Y-m-d")) . "</p>\n<p>{$noteText}:</p>\n<table{$eBoxStyle}>\n\t<tr><td>{$xx['evt_title']}:</td><td><b><span{$eStyle}>{$tit}</span></b></td></tr>\n\t" . ($status ? "<tr><td>{$xx['evt_status']}:</td><td>{$status}</td></tr>" : '') . "\n\t<tr><td>{$xx['evt_date_time']}:</td><td>{$dateTime}</td></tr>\n\t{$evtText}\n</table>\n<p><a href='{$calUrl}'>{$xx['evt_open_calendar']}</a></p>\n</body>\n</html>\n";
//send notifications
if ($nml) {
//email address(es) to notify
$sender = $set['notifSender'] ? $uid : 0;
sendMail($subject, $msgText, $nml, $sender);
}
}
function cronEventChk()
{
global $set;
//initialize
$todayDT = date("Y-m-d H:i");
$expireD = date("Y-m-d", time() - $set['eventExp'] * 86400);
//expire date
//delete events (set status to -1) which expired >= $set['eventExp'] days ago
$stH = stPrep("UPDATE `events`\n\t\tSET `status` = -1, `mDateTime` = ?\n\t\tWHERE ((SELECT `repeat` FROM `categories` AS c WHERE c.`ID` = `catID`) = 0 AND `rType` = 0 AND CASE WHEN `eDate` != '9999-00-00' THEN `eDate` ELSE `sDate` END <= ?) OR `rUntil` <= ?\n\t");
stExec($stH, array($todayDT, $expireD, $expireD));
$nrDeleted = $stH->rowCount();
return $nrDeleted;
}
function deleteUser($user)
{
//delete user account
global $ax;
do {
if ($user['id'] == $_SESSION['uid']) {
$msg = $ax['usr_cant_delete_yourself'];
break;
}
$stH = stPrep("UPDATE `users` SET `status` = -1 WHERE `ID` = ?");
stExec($stH, array($user['id']));
$deleted = $stH->rowCount();
if (!$deleted) {
$msg = "Database Error: {$ax['usr_not_deleted']}";
break;
}
$msg = $ax['usr_deleted'];
} while (false);
return $msg;
}
function deleteCat($cat)
{
//delete category
global $ax;
$stH = stPrep("UPDATE `categories` SET `sequence` = 0, `status` = -1 WHERE `ID` = ?");
stExec($stH, array($cat['id']));
$count = $stH->rowCount();
if (!$count) {
$msg = "Database Error: {$ax['cat_not_deleted']}";
} else {
$msg = $ax['cat_deleted'];
//renumber sequence
$stH = dbQuery("SELECT `ID` FROM `categories` WHERE `status` >= 0 ORDER BY `sequence`");
$rowArray = $stH->fetchAll(PDO::FETCH_ASSOC);
$stH = null;
$stH = stPrep("UPDATE `categories` SET `sequence` = ? WHERE `ID` = ?");
$count = 1;
foreach ($rowArray as $row) {
stExec($stH, array($count++, $row['ID']));
}
}
return $msg;
}
function deleteGroup($group)
{
//delete user group
global $ax;
do {
$stH = stPrep("SELECT `name` FROM `users` WHERE `groupID` = ? AND `status` >= 0 limit 1");
stExec($stH, array($group['id']));
$row = $stH->fetch(PDO::FETCH_ASSOC);
$stH = null;
if ($row) {
//group is in use
$msg = $ax['grp_in_use'] . ' - ' . $ax['grp_not_deleted'];
break;
}
$stH = stPrep("UPDATE `groups` SET `status` = -1 WHERE `ID` = ?");
stExec($stH, array($group['id']));
$deleted = $stH->rowCount();
if (!$deleted) {
$msg = "Database Error: {$ax['grp_not_deleted']}";
break;
}
$msg = $ax['grp_deleted'];
} while (false);
return $msg;
}
$defCal = $dbDef;
}
//create current calendar list
$curCalList = '';
foreach ($calIDs as $ID => $title) {
$curCalList .= "<br> {$ID} = {$title}" . ($ID == $defCal ? " <span class='mark'>(default)</span>" : '');
}
if (!empty($curCalList)) {
$curCalList = substr($curCalList, 4);
}
//remove first <br>
//connect to db and get admin credentials
if (!empty($dbDef)) {
if ($dbH = dbConnect($dbDef, 0)) {
//connect to default db
if ($stH = stPrep("SELECT name, email, password FROM `users` WHERE ID = ?", 0)) {
stExec($stH, array(2));
//get admin user data
$row = $stH->fetch(PDO::FETCH_ASSOC);
$stH = null;
//release statement handle!
if (!empty($row)) {
//found
if (!$adName) {
$adName = $row['name'];
}
if (!$adMail) {
$adMail = $row['email'];
}
$adPwMd5 = $row['password'];
if ($adPwMd5 and !$adPwrd) {
//set language
if (isset($_POST["cL"])) {
$_SESSION['cL'] = $_POST['cL'];
} elseif (empty($_SESSION['cL'])) {
$_SESSION['cL'] = $set['language'];
}
if (!file_exists('./lang/ui-' . strtolower($_SESSION['cL']) . '.php')) {
$_SESSION['cL'] = 'English';
}
require './lang/ui-' . strtolower($_SESSION['cL']) . '.php';
//get user data & set privs
if (isset($_GET["logout"])) {
$_SESSION['uid'] = 1;
}
//public user
$stH = stPrep("SELECT u.`ID`,u.`name`,u.`email`,g.`privs`,g.`catIDs`,g.`rEvents`,g.`mEvents`,g.`pEvents` FROM `users` AS u INNER JOIN `groups` AS g ON g.`ID` = u.`groupID` WHERE u.`ID` = 1 OR u.`ID` = ? ORDER BY u.`ID` DESC");
//if userID not found, revert to public user
stExec($stH, array($_SESSION['uid']));
$row = $stH->fetch(PDO::FETCH_NUM);
list($uid, $uname, $umail, $privs, $ucats, $revts, $mevts, $pevts) = $row;
//user & group data
$row = $stH->fetch(PDO::FETCH_NUM);
$pcats = $row != false ? $row[4] : '';
//public view categories
$stH = null;
//release statement handle
if ($uid == 1) {
//public user
$_SESSION['uid'] = 1;
$uname = $xx['idx_public_name'];
}
function sendMail($subject, $message, $emlList, $senderId = 0)
{
global $set, $rxEmailX;
if ($senderId) {
//sender is user
$stH = stPrep("SELECT `name`, `email` FROM `users` WHERE `ID` = ? limit 1");
stExec($stH, array($senderId));
list($name, $email) = $stH->fetch(PDO::FETCH_NUM);
$from = "\"{$name}\" <{$email}>";
} else {
//sender is calendar
$from = '"' . translit($set['calendarTitle'], true) . '" <' . $set['calendarEmail'] . '>';
}
$notArray = explode(";", $emlList);
$emlArray = array();
foreach ($notArray as $emlAorL) {
//create email address list
if (strpos($emlAorL, '@')) {
//email address
$emlArray[] = $emlAorL;
} else {
//email list
$emlAorL .= strpos($emlAorL, '.') ? '' : '.txt';
if (file_exists("./emlists/{$emlAorL}")) {
$emlArray = array_merge($emlArray, file("./emlists/{$emlAorL}", FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES));
}
}
}
$recipList = '';
foreach ($emlArray as $emlAddress) {
//create recipients list
$emlAddress = trim($emlAddress);
if (preg_match($rxEmailX, $emlAddress)) {
//valid email address
$recipList .= ', ' . $emlAddress;
}
}
$recipList = ltrim($recipList, ' ,');
$subject = '=?utf-8?B?' . base64_encode(htmlspecialchars_decode($subject, ENT_QUOTES)) . '?=';
//follow RFC 1342 for utf-8 encoding
if ($set['mailServer'] <= 1) {
//mail via PHP
$headers = "MIME-Version: 1.0\nContent-type: text/html; charset=utf-8\nFrom: {$from}\nBcc: {$recipList}\nDate: " . date(DATE_RFC2822);
if (!mail(null, $subject, $message, $headers)) {
//send PHP mail
logMessage('luxcal', "PHP mail to {$recipList} failed.", true);
return false;
}
// logMessage('luxcal',"PHP mail sent . . .\n- To: ".strip_tags("{$recipList}\n- Subject: {$subject} \n- Message: {$message}"),true); //TEST
} elseif ($set['mailServer'] == 2) {
//mail via SMTP server
$headers = "MIME-Version: 1.0\nContent-type: text/html; charset=utf-8\nDate: " . date(DATE_RFC2822);
if (!smtpMail($from, $recipList, $subject, $message, $headers)) {
// send SMTP mail
return false;
}
// logMessage('luxcal',"SMTP mail sent . . .\n- To: ".strip_tags("{$recipList}\n- Subject: {$subject} \n- Message: {$message}"),true); //TEST
}
return '- ' . str_replace("@", "[at]", $recipList);
}
$chk = isset($_POST['cbx']) ? $_POST['cbx'] == 'yes' ? 1 : 0 : 0;
//check?
}
//update event
//update database
if (isset($_POST['checkExe'])) {
$mdt = date("Y-m-d H:i");
//set checked
if ($chk) {
if (!strpos($chd, $evD)) {
$chd .= ";{$evD}";
}
//check
} elseif (strpos($chd, $evD)) {
//uncheck
$chd = str_replace(";{$evD}", '', $chd);
}
$stH = stPrep("UPDATE `events` SET `checked` = ?, `editor` = ?, `mDateTime` = ? WHERE `ID` = ?");
stExec($stH, array($chd, $uname, $mdt, $eid));
//update events table
//refresh calendar and close this window
echo "\n<script>done('cr');</script>\n";
//close form - reload cal
} else {
//display form
$catColor = (!empty($col) ? "color:{$col};" : '') . (!empty($bco) ? "background-color:{$bco};" : '');
echo "<form id='event' name='event' method='post' action='index.php?lc&xP=11'>\n\t<input type='hidden' name='token' value='{$_SESSION['token']}'>\n\t<input type='hidden' name='eid' value='{$eid}'>\n\t<input type='hidden' name='evD' value='{$evD}'>\n\t<input type='hidden' name='chd' value='{$chd}'>\n\t<table class='evtForm'>\n\t<tr><td class='floatC'>" . '<span' . ($catColor ? " style='{$catColor}'" : '') . ">{$tit}</span>\n<br><br>\n\n\t<input type='checkbox' name='cbx' id='cbx' value='yes'" . ($chk ? " checked='checked'" : '') . "><label for='cbx'>{$clb}</label> \n\n\t</td></tr>\n\n\t</table>\n\n\t<div class='floatC'>\n\n\t<input type='submit' name='checkExe' value=\"{$xx['evt_save']}\"> \n\n\t<button type='button' onclick='javascript:self.close();'>{$xx['evt_close']}</button>\n\n\t</div>\n</form>\n";
}
?>
function addEvents()
{
global $ax, $birthdayID, $dFormat, $tFormat;
$msg = '';
$nofEvents = count($_POST['title']);
$added = $dropped = 0;
for ($i = 0; $i < $nofEvents; $i++) {
if (empty($_POST['ignore'][$i])) {
$title = strip_tags($_POST['title'][$i]);
$venue = strip_tags($_POST['venue'][$i]);
$descr = strip_tags($_POST['descr'][$i], '<a>');
//allow URLs
$descr = addUrlImgTags($descr, 'x-');
//add URL link tags
$sDate = DDtoID($_POST['sDate'][$i], $dFormat);
$eDate = $_POST['eDate'][$i] ? DDtoID($_POST['eDate'][$i], $dFormat) : "9999-00-00";
$sTime = DTtoIT($_POST['sTime'][$i], $tFormat);
$eTime = $_POST['eTime'][$i] ? DTtoIT($_POST['eTime'][$i], $tFormat) : "99:00:00";
if (empty($sTime)) {
//all day
$sTime = '00:00';
$eTime = '23:59';
}
$catID = $_POST['catID'][$i] ? $_POST['catID'][$i] : 1;
//no cat
$rType = $rInterval = $rPeriod = $rMonth = 0;
if (!empty($_POST['birthday'][$i]) or $catID == $birthdayID) {
//birthday
$catID = $birthdayID;
$rType = 1;
$rInterval = 1;
$rPeriod = 4;
$eDate = "9999-00-00";
}
if (!eventInDb($title, $sDate, $eDate, $sTime, $eTime)) {
//add event to db
$q = "INSERT INTO `events` (`title`,`venue`,`text1`,`catID`,`userID`,`sDate`,`eDate`,`sTime`,`eTime`,`rType`,`rInterval`,`rPeriod`,`rMonth`,`aDateTime`,`mDateTime`) VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?,?,?)";
$stH = stPrep($q);
$result = stExec($stH, array($title, $venue, $descr, $catID, $_SESSION['uid'], $sDate, $eDate, $sTime, $eTime, $rType, $rInterval, $rPeriod, $rMonth, date("Y-m-d H:i"), date("Y-m-d H:i")));
if ($result) {
$added++;
} else {
$msg = $ax['iex_db_error'];
}
} else {
$dropped++;
}
}
}
if (!$msg) {
$msg = "{$added} {$ax['iex_events_added']}" . ($dropped > 0 ? " / {$dropped} {$ax['iex_events_dropped']}" : '');
}
return $msg;
}
$l_uname = $l_un_em;
}
echo "<legend>{$ax['log_register']}</legend><br>\n\t\t<form method='post' action='index.php?lc&xP=20'>\n\t\t<input type='hidden' name='token' value='{$_SESSION['token']}'>\n\t\t<input type='hidden' name='xcode' value='{$nowTS}'>\n\t\t<input type='hidden' name='l_un_em' value='{$l_un_em}'>\n\t\t{$ax['log_un']}<br><input tabindex='1' type='text' name='l_uname' id='uname' size='50' value='{$l_uname}'><br><br>\n\t\t{$ax['log_em']}<br><input tabindex='2' type='text' name='l_email' size='50' value='{$l_email}'><br><br>\n\t\t{$ax['log_ui_language']} \n\t\t<select name='l_lang'>\n";
$files = scandir("lang/");
foreach ($files as $file) {
if (substr($file, 0, 3) == "ui-") {
$lang = strtolower(substr($file, 3, -4));
echo "<option value=\"{$lang}\"" . (strtolower($l_lang) == $lang ? " selected='selected'" : '') . '>' . ucfirst($lang) . "</option>\n";
}
}
echo "</select><br><br>\n\t\t<input class='floatR button' type='submit' name='exereg' value=\"{$ax['log_register']}\">\n\t\t<input type='submit' name='back' value=\"{$ax['back']}\">\n\t\t</form>\n";
} elseif (isset($_POST["chg"]) or isset($_POST["exechg"])) {
//change my data
if ($l_un_em and $l_pword) {
$md5_pw = md5($l_pword);
$stH = stPrep("SELECT `language` FROM `users` WHERE (`name` = ? OR `email` = ?) AND (`password` = ? OR `tPassword` = ?)");
stExec($stH, array($l_un_em, $l_un_em, $md5_pw, $md5_pw));
$row = $stH->fetch(PDO::FETCH_ASSOC);
//fetch user details
$stH = null;
if ($row) {
$l_lang = $row['language'];
}
}
echo "<legend>{$ax['log_change_my_data']}</legend><br>\n\t\t<form method='post' action='index.php?lc&xP=20'>\n\t\t<input type='hidden' name='token' value='{$_SESSION['token']}'>\n\t\t<input type='hidden' name='xcode' value='{$nowTS}'>\n\t\t{$ax['log_un_or_em']}<br><input tabindex='1' type='text' name='l_un_em' id='uname' size='50' value=\"{$l_un_em}\"><br><br>\n\t\t{$ax['log_pw']}<br><input tabindex='2' type='password' name='l_pword' size='50'><br><br>\n\t\t{$ax['log_ui_language']} \n\t\t<select name='l_lang'>\n";
$files = scandir("lang/");
foreach ($files as $file) {
if (substr($file, 0, 3) == "ui-") {
$lang = strtolower(substr($file, 3, -4));
echo "<option value=\"{$lang}\"" . (strtolower($l_lang) == $lang ? " selected='selected'" : '') . '>' . ucfirst($lang) . "</option>\n";
}
function saveSettings(&$dbSet, $saveAll = true)
{
//save settings to calendar
global $defSet;
if ($saveAll) {
$stH = stPrep("DELETE FROM `settings`");
// empty table
} else {
$stH = stPrep("DELETE FROM `settings` WHERE `name` NOT LIKE 'calendar%'");
//empty table, except calendar values
}
if ($stH === false) {
return false;
}
$result = stExec($stH, null);
if ($result) {
//save settings
$stH = stPrep("REPLACE INTO `settings` VALUES (?,?,?)");
//save
if ($stH === false) {
return false;
}
foreach ($dbSet as $key => $value) {
if ($saveAll or substr($value, 0, 8) != 'calendar') {
if (!stExec($stH, array($key, $value, $defSet[$key][1]))) {
return false;
}
}
}
}
return $result;
}
function addEvents()
{
global $ax, $defcatID;
$msg = "";
$nofEvents = count($_POST['title']);
$added = $dropped = 0;
for ($i = 0; $i < $nofEvents; $i++) {
if (empty($_POST['delete'][$i]) and $_POST['r_t'][$i] >= 0) {
//if delete not ticked and repeat-type is valid
$title = htmlspecialchars_decode(trim($_POST['title'][$i]));
$venue = htmlspecialchars_decode(trim($_POST['venue'][$i]));
$descr = strip_tags(trim($_POST['descr'][$i]), '<a>');
$descr = addUrlImgTags($descr, 'x-');
//add URL link tags
$descr = str_ireplace(array("\r\n", "\n", "\r"), "<br>", $descr);
//allow URLs and replace newline by <br>
$sDate = DDtoID($_POST['sDate'][$i]);
$eDate = $_POST['eDate'][$i] ? DDtoID($_POST['eDate'][$i]) : "9999-00-00";
$sTime = DTtoIT($_POST['sTime'][$i]);
$eTime = $_POST['eTime'][$i] ? DTtoIT($_POST['eTime'][$i]) : "99:00:00";
if (empty($sTime)) {
//all day
$sTime = '00:00';
$eTime = '23:59';
}
$r_t = $_POST['r_t'][$i];
$r_i = $_POST['r_i'][$i];
$r_p = $_POST['r_p'][$i];
$r_m = $_POST['r_m'][$i];
$r_u = $_POST['r_u'][$i] ? DDtoID($_POST['r_u'][$i]) : "9999-00-00";
$catID = $_POST['catID'][$i] ? $_POST['catID'][$i] : 1;
//no cat
if (!eventInDb($title, $sDate, $eDate, $sTime, $eTime)) {
//add event to db
$q = "INSERT INTO `events` (`title`,`venue`,`text1`,`catID`,`userID`,`sDate`,`eDate`,`sTime`,`eTime`,`rType`,`rInterval`,`rPeriod`,`rMonth`,`rUntil`,`aDateTime`,`mDateTime`) VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?)";
$stH = stPrep($q);
$result = stExec($stH, array($title, $venue, $descr, $catID, $_SESSION['uid'], $sDate, $eDate, $sTime, $eTime, $r_t, $r_i, $r_p, $r_m, $r_u, date("Y-m-d H:i"), date("Y-m-d H:i")));
if ($result) {
$added++;
} else {
$msg = $ax['iex_db_error'];
}
} else {
$dropped++;
}
}
}
if (!$msg) {
$msg = $added . " " . $ax['iex_events_added'] . ($dropped > 0 ? " / {$dropped} {$ax['iex_events_dropped']}" : "");
}
return $msg;
}