[PHPiCalendar-Commits] phpicalendar admin.php,NONE,1.1 README,1.43,1.44 config.inc.php,1.98,1.99

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Update of /cvsroot/phpicalendar/phpicalendar
In directory sc8-pr-cvs1:/tmp/cvs-serv15475

Modified Files:
	README config.inc.php 
Added Files:
	admin.php 
Log Message:
Initial check-in for Administration controls.


--- NEW FILE: admin.php ---
<?php
// TODO - Remove before going live
//error_reporting (E_ALL);

define('BASE', './');
include (BASE.'functions/init.inc.php');
include (BASE.'functions/upload_functions.php');

// Redirect if administration is not allowed
if ($allow_admin != "yes") {
	header("Location: index.php");
	die();
}

// Load variables from forms, query strings, and cookies into local scope
if($HTTP_POST_VARS) 	{extract($HTTP_POST_VARS, EXTR_PREFIX_SAME, "post_");}
if($HTTP_GET_VARS)  	{extract($HTTP_GET_VARS, EXTR_PREFIX_SAME, "get_");}
if($HTTP_COOKIE_VARS)	{extract($HTTP_COOKIE_VARS, EXTR_PREFIX_SAME, "cookie_");}

// Logout by clearing user info in cookies
if ($action == "logout") {
    setcookie("md5_password","");
	setcookie("username","");
}


// if $external_auth == 'yes', don't do any authentication
if ($external_auth == "yes") {
	$is_loged_in = TRUE;
}
// Check if The User is Identified
else {
	$is_loged_in = FALSE;
	
	if (isset($username) && $action != "logout") {
	    if (!isset($HTTP_COOKIE_VARS["md5_password"])) {
			$md5_password = md5($password);
	    }
	    else {
			$md5_password = $HTTP_COOKIE_VARS["md5_password"];
	    }
		if ($admin_username == $username && md5($admin_password) == $md5_password) {
//TODO lastusername doesn't appear to be working
			$is_loged_in = TRUE;
			setcookie("lastusername", $username, time()+1012324305);
			setcookie("username", $username);
			setcookie("md5_password", $md5_password);
		}
		else {
			$login_error = "<font color=\"red\">$invalid_login_lang</font>";
			$is_loged_in = FALSE;
		}
	}
	
	if ($is_loged_in == FALSE) {
		setcookie("username","");
		setcookie("password","");
		setcookie("md5_password","");
	}
}

?>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
        "http://www.w3.org/TR/1999/REC-html401-19991224/loose.dtd">
<html>
<head>
	<meta http-equiv="content-type" content="text/html;charset=UTF-8">
	<title><?php echo "$admin_header_lang"; ?></title>
  	<link rel="stylesheet" type="text/css" href="<?php echo BASE."styles/$style_sheet/default.css"; ?>">
  	
  	<script>
  	<!--
		function verify(){
		    msg = "<?php echo $confirm_lang; ?>";
		    //all we have to do is return the return value of the confirm() method
		    return confirm(msg);
		}
	-->
	</script>

</head>
<body bgcolor="#FFFFFF">
<center>

<?php include (BASE.'includes/header.inc.php'); ?>

<table width="640" border="0" cellspacing="0" cellpadding="0" class="calborder">
	<tr>
		<td align="center" valign="middle">

			<table width="100%" border="0" cellspacing="0" cellpadding="0">
				<tr>
					<td align="left" width="20" class="navback">&nbsp;</td>
					<td align="center" class="navback" nowrap valign="middle"><font class="H20"><?php echo "$admin_header_lang"; ?></font></td>
					<td align="right" width="20" class="navback" nowrap valign="middle"><font class="G10"><?php if ($external_auth != "yes" && $is_loged_in == TRUE) { echo "<a href=\"{$HTTP_SERVER_VARS['PHP_SELF']}?action=logout\">{$logout_lang}</a>"; } ?></font>&nbsp;</td>
				</tr>
				<tr>
					<td colspan="3" class="dayborder"><img src="images/spacer.gif" width="1" height="5" alt=" "></td>
				</tr>
				<tr>
					<td align="left" width="20">&nbsp;</td>
					<td colspan="2">

<?php 


// If User is Not Logged In, Display The Login Page
if ($is_loged_in == FALSE) {
    echo <<<EOT
	<form action="{$HTTP_SERVER_VARS['PHP_SELF']}" method="post">
		<table cellspacing="0" cellpadding="0">
			<tr>
				<td nowrap>{$username_lang}: </td>
				<td align="left"><input type="text" name="username" value="$lastusername"></td>
			</tr>
			<tr>
				<td>{$password_lang}: </td>
				<td align="left"><input type="password" name="password"></td>
			</tr>
			<tr>
				<td>&nbsp;</td>
				<td align="left"><input type="submit" value="{$login_lang}"></td>
			</tr>
			<tr>
				<td align="center" colspan="3">{$login_error}&nbsp;</td>
			</tr>
	    </table>
	</form>
EOT;


	echo "
					</td>
				</tr>
			</table>
		</td>
	</tr>
</table>";

	include (BASE.'includes/footer.inc.php');
	
	echo "
	</center>
	</body>
	</html>";
	
	die();
}


// The user is logged in if we get here


// Add or Update a calendar
if ($action == "addupdate") {
	$addupdate_success = FALSE;
	if (!is_uploaded_file_v4($HTTP_POST_FILES['calfile']['tmp_name'])) {
		$upload_error = get_upload_error($HTTP_POST_FILES['calfile']);
	}
	elseif (!is_uploaded_ics($HTTP_POST_FILES['calfile']['name'])) {
		$upload_error = $upload_error_type_lang;
	}
	// copy() should be replaced with move_uploaded_file(), but only if we can require PHP 4 >= 4.0.3
	elseif (!copy($HTTP_POST_FILES['calfile']['tmp_name'], $calendar_path . "/" . $HTTP_POST_FILES['calfile']['name'])) {
		$upload_error = $copy_error_lang . " " . $HTTP_POST_FILES['calfile']['tmp_name'] . " - " . $calendar_path . "/" . $HTTP_POST_FILES['calfile']['name'];
	}
	else {
		$addupdate_success = TRUE;
	}
}

// Delete a calendar
//  Not at all secure - need to strip out path info if used by users besides admin in the future
if ($action == "delete") {
	$delete_success = FALSE;
	
	if (!unlink($calendar_path . "/" . urldecode($delete_calendar))) {
		$delete_error = $delete_error_lang . " " . $calendar_path . "/" . urldecode($delete_calendar);
	}
	else {
		$delete_success = TRUE;
	}
}

?>


<h2><?php echo $addupdate_cal_lang; ?></h2>
<p><?php echo $addupdate_desc_lang; ?></p>
<form action="<?php echo $HTTP_SERVER_VARS['PHP_SELF']; ?>" method="post" enctype="multipart/form-data" <?php if($confirm_changes != "no") { echo "onSubmit=\"return verify()\""; } ?> >
    <input type="hidden" name="action" value="addupdate">
	<table border="0" cellspacing="0">
		<tr>
			<td nowrap><?php echo $cal_file_lang; ?>: </td>
			<td><input type="file" name="calfile"></td>
		</tr>
		<tr>
			<td>&nbsp;</td>
			<td><input type="submit" value="<?php echo $submit_lang; ?>"></td>
		</tr>
		<tr>
			<td align="center" colspan="2"><?php if($addupdate_success) { echo "<font color=\"green\">{$action_success_lang}</font>"; } ?><font color="red"><?php echo $upload_error; ?></font>&nbsp;</td>
		</tr>
    </table>
</form>
	
<h2><?php echo $delete_cal_lang; ?></h2>
<form action="<?php echo $HTTP_SERVER_VARS['PHP_SELF']; ?>" method="post" <?php if($confirm_changes != "no") { echo "onSubmit=\"return verify()\""; } ?> >
	<input type="hidden" name="action" value="delete">
	<table border="0" cellspacing="0">
		<tr>
			<td nowrap><?php echo $cal_file_lang; ?>: </td>
			<td>
				<?php
				
					// Begin Calendar Selection
					//
					print "<select name=\"delete_calendar\">\n";
					$filelist = get_calendar_files($calendar_path);
					foreach ($filelist as $file) {
						$cal_filename_tmp = substr($file,0,-4);
						$cal_tmp = urlencode($file);
						$cal_displayname_tmp = str_replace("32", " ", $cal_filename_tmp);
						print "<option value=\"$cal_tmp\">$cal_displayname_tmp $calendar_lang</option>\n";	
					}			
					print "</select>\n";
				?>
			</td>
		</tr>
		<tr>
			<td>&nbsp;</td>
			<td><input type="submit" value="<?php echo $submit_lang; ?>"></td>
		</tr>
		<tr>
			<td align="center" colspan="2"><?php if($delete_success) { echo "<font color=\"green\">{$action_success_lang}</font>"; } ?><font color="red"><?php echo $delete_error; ?></font>&nbsp;</td>
		</tr>
	</table>
</form>


<?php
echo "
					</td>
				</tr>
			</table>
		</td>
	</tr>
</table>";

include (BASE.'includes/footer.inc.php');

echo "</center>
	</body>
	</html>";
?>


Index: README
===================================================================
RCS file: /cvsroot/phpicalendar/phpicalendar/README,v
retrieving revision 1.43
retrieving revision 1.44
diff -C2 -d -r1.43 -r1.44
*** README	11 Mar 2003 23:02:07 -0000	1.43
--- README	30 Mar 2003 00:31:38 -0000	1.44
***************
*** 80,83 ****
--- 80,86 ----
  	-Added support for ATTENDEE
  	-Added support for STATUS
+ 	-Added admin.php for administration of calendars (uses cookies). See config.inc.php for configuration.
+ 		-Add or Update a calendar via a web interface
+ 		-Delete a calendar via a web interface
  
  0.9.1

Index: config.inc.php
===================================================================
RCS file: /cvsroot/phpicalendar/phpicalendar/config.inc.php,v
retrieving revision 1.98
retrieving revision 1.99
diff -C2 -d -r1.98 -r1.99
*** config.inc.php	24 Feb 2003 20:23:39 -0000	1.98
--- config.inc.php	30 Mar 2003 00:31:38 -0000	1.99
***************
*** 45,48 ****
--- 45,55 ----
  $show_todos				= 'yes';			// Show your todo list on the side of day and week view.
  $show_completed			= 'yes';			// Show completed todos on your todo list.
+ 
+ // Administration settings
+ $allow_admin			= 'yes';				// Set to yes to allow the admin page - remember to change the default password			
+ $external_auth			= 'no';				// Set to yes if external authentication (such as HTTP Authentication) is used and no authentican should be performed by PHP iCalendar
+ $admin_username			= 'clittle';			// The username for the administrator
+ $admin_password			= 'jackhamm3r';		// change this if allow_admin is set to yes
+ $confirm_changes		= 'yes';			// Set to no to eliminate the confirmation popup on administration form submits
  										
  $blacklisted_cals[] = '';					// Fill in between the quotes the name of the calendars