[PHPiCalendar-Commits] phpicalendar admin.php,1.1,1.2 config.inc.php,1.100,1.101

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Update of /cvsroot/phpicalendar/phpicalendar
In directory sc8-pr-cvs1:/tmp/cvs-serv7779

Modified Files:
	admin.php config.inc.php 
Log Message:
part two of admin.php

Index: admin.php
===================================================================
RCS file: /cvsroot/phpicalendar/phpicalendar/admin.php,v
retrieving revision 1.1
retrieving revision 1.2
diff -C2 -d -r1.1 -r1.2
*** admin.php	30 Mar 2003 00:31:38 -0000	1.1
--- admin.php	13 May 2003 04:14:22 -0000	1.2
***************
*** 1,9 ****
  <?php
! // TODO - Remove before going live
! //error_reporting (E_ALL);

  define('BASE', './');
  include (BASE.'functions/init.inc.php');
! include (BASE.'functions/upload_functions.php');

  // Redirect if administration is not allowed
--- 1,8 ----
  <?php
! session_start();

  define('BASE', './');
  include (BASE.'functions/init.inc.php');
! include (BASE.'functions/admin_functions.php');

  // Redirect if administration is not allowed
***************
*** 13,30 ****
  }

! // Load variables from forms, query strings, and cookies into local scope
  if($HTTP_POST_VARS) 	{extract($HTTP_POST_VARS, EXTR_PREFIX_SAME, "post_");}
  if($HTTP_GET_VARS)  	{extract($HTTP_GET_VARS, EXTR_PREFIX_SAME, "get_");}
- if($HTTP_COOKIE_VARS)	{extract($HTTP_COOKIE_VARS, EXTR_PREFIX_SAME, "cookie_");}

! // Logout by clearing user info in cookies
  if ($action == "logout") {
!     setcookie("md5_password","");
! 	setcookie("username","");
  }

! // if $external_auth == 'yes', don't do any authentication
! if ($external_auth == "yes") {
  	$is_loged_in = TRUE;
  }
--- 12,29 ----
  }

! // Load variables from forms and query strings into local scope
  if($HTTP_POST_VARS) 	{extract($HTTP_POST_VARS, EXTR_PREFIX_SAME, "post_");}
  if($HTTP_GET_VARS)  	{extract($HTTP_GET_VARS, EXTR_PREFIX_SAME, "get_");}

! // Logout by clearing session variables
  if ($action == "logout") {
! 	$HTTP_SESSION_VARS['phpical_loggedin'] = FALSE;
! 	unset($HTTP_SESSION_VARS['phpical_username']);
! 	unset($HTTP_SESSION_VARS['phpical_password']);
  }

! // if $auth_method == 'none', don't do any authentication
! if ($auth_method == "none") {
  	$is_loged_in = TRUE;
  }
***************
*** 33,60 ****
  	$is_loged_in = FALSE;

! 	if (isset($username) && $action != "logout") {
! 	    if (!isset($HTTP_COOKIE_VARS["md5_password"])) {
! 			$md5_password = md5($password);
! 	    }
! 	    else {
! 			$md5_password = $HTTP_COOKIE_VARS["md5_password"];
! 	    }
! 		if ($admin_username == $username && md5($admin_password) == $md5_password) {
! //TODO lastusername doesn't appear to be working
! 			$is_loged_in = TRUE;
! 			setcookie("lastusername", $username, time()+1012324305);
! 			setcookie("username", $username);
! 			setcookie("md5_password", $md5_password);
! 		}
! 		else {
! 			$login_error = "<font color=\"red\">$invalid_login_lang</font>";
! 			$is_loged_in = FALSE;
! 		}
  	}
! 	
! 	if ($is_loged_in == FALSE) {
! 		setcookie("username","");
! 		setcookie("password","");
! 		setcookie("md5_password","");
  	}
  }
--- 32,40 ----
  	$is_loged_in = FALSE;

! 	if (is_loggedin()) {
! 		$is_loged_in = TRUE;
  	}
! 	if (isset($username) && $action != "logout") {
! 		$is_loged_in = login ($username, $password);
  	}
  }
***************
*** 69,83 ****
  	<title><?php echo "$admin_header_lang"; ?></title>
    	<link rel="stylesheet" type="text/css" href="<?php echo BASE."styles/$style_sheet/default.css"; ?>">
-   	
-   	<script>
-   	<!--
- 		function verify(){
- 		    msg = "<?php echo $confirm_lang; ?>";
- 		    //all we have to do is return the return value of the confirm() method
- 		    return confirm(msg);
- 		}
- 	-->
- 	</script>
- 
  </head>
  <body bgcolor="#FFFFFF">
--- 49,52 ----
***************
*** 94,98 ****
  					<td align="left" width="20" class="navback">&nbsp;</td>
  					<td align="center" class="navback" nowrap valign="middle"><font class="H20"><?php echo "$admin_header_lang"; ?></font></td>
! 					<td align="right" width="20" class="navback" nowrap valign="middle"><font class="G10"><?php if ($external_auth != "yes" && $is_loged_in == TRUE) { echo "<a href=\"{$HTTP_SERVER_VARS['PHP_SELF']}?action=logout\">{$logout_lang}</a>"; } ?></font>&nbsp;</td>
  				</tr>
  				<tr>
--- 63,67 ----
  					<td align="left" width="20" class="navback">&nbsp;</td>
  					<td align="center" class="navback" nowrap valign="middle"><font class="H20"><?php echo "$admin_header_lang"; ?></font></td>
! 					<td align="right" width="20" class="navback" nowrap valign="middle"><font class="G10"><?php if ($auth_method != "none" && $is_loged_in == TRUE) { echo "<a href=\"{$HTTP_SERVER_VARS['PHP_SELF']}?action=logout\">{$logout_lang}</a>"; } ?></font>&nbsp;</td>
  				</tr>
  				<tr>
***************
*** 109,112 ****
--- 78,84 ----
  // If User is Not Logged In, Display The Login Page
  if ($is_loged_in == FALSE) {
+ 	if (isset($username))
+ 		$login_error =  "<font color=\"red\">$invalid_login_lang</font>";
+ 		
      echo <<<EOT
  	<form action="{$HTTP_SERVER_VARS['PHP_SELF']}" method="post">
***************
*** 114,118 ****
  			<tr>
  				<td nowrap>{$username_lang}: </td>
! 				<td align="left"><input type="text" name="username" value="$lastusername"></td>
  			</tr>
  			<tr>
--- 86,90 ----
  			<tr>
  				<td nowrap>{$username_lang}: </td>
! 				<td align="left"><input type="text" name="username"></td>
  			</tr>
  			<tr>
***************
*** 157,173 ****
  // Add or Update a calendar
  if ($action == "addupdate") {
! 	$addupdate_success = FALSE;
! 	if (!is_uploaded_file_v4($HTTP_POST_FILES['calfile']['tmp_name'])) {
! 		$upload_error = get_upload_error($HTTP_POST_FILES['calfile']);
! 	}
! 	elseif (!is_uploaded_ics($HTTP_POST_FILES['calfile']['name'])) {
! 		$upload_error = $upload_error_type_lang;
! 	}
! 	// copy() should be replaced with move_uploaded_file(), but only if we can require PHP 4 >= 4.0.3
! 	elseif (!copy($HTTP_POST_FILES['calfile']['tmp_name'], $calendar_path . "/" . $HTTP_POST_FILES['calfile']['name'])) {
! 		$upload_error = $copy_error_lang . " " . $HTTP_POST_FILES['calfile']['tmp_name'] . " - " . $calendar_path . "/" . $HTTP_POST_FILES['calfile']['name'];
! 	}
! 	else {
! 		$addupdate_success = TRUE;
  	}
  }
--- 129,155 ----
  // Add or Update a calendar
  if ($action == "addupdate") {
! 	$addupdate_msg = "";
! 
! 	for($filenumber=1; $filenumber<6; $filenumber++) {
! 		$file = $HTTP_POST_FILES['calfile'];
! 		$addupdate_success = FALSE;
! 
! 		if (!is_uploaded_file_v4($file['tmp_name'][$filenumber])) {
! 			$upload_error = get_upload_error($file['error'][$filenumber]);
! 		}
! 		elseif (!is_uploaded_ics($file['name'][$filenumber])) {
! 			$upload_error = $upload_error_type_lang;
! 		}
! 		elseif (!copy_cal($file['tmp_name'][$filenumber], $file['name'][$filenumber])) {
! 			$upload_error = $copy_error_lang . " " . $file['tmp_name'][$filenumber] . " - " . $calendar_path . "/" . $file['name'][$filenumber];
! 		}
! 		else {
! 			$addupdate_success = TRUE;
! 		}
! 		
! 		if ($addupdate_success)
! 			$addupdate_msg = $addupdate_msg . "<font color=\"green\">{$cal_file_lang} {$filenumber}: {$action_success_lang}</font><br>";
! 		else
! 			$addupdate_msg = $addupdate_msg . "<font color=\"red\">{$cal_file_lang} {$filenumber}: {$upload_error}</font><br>";
  	}
  }
***************
*** 176,186 ****
  //  Not at all secure - need to strip out path info if used by users besides admin in the future
  if ($action == "delete") {
! 	$delete_success = FALSE;
! 	
! 	if (!unlink($calendar_path . "/" . urldecode($delete_calendar))) {
! 		$delete_error = $delete_error_lang . " " . $calendar_path . "/" . urldecode($delete_calendar);
! 	}
! 	else {
! 		$delete_success = TRUE;
  	}
  }
--- 158,170 ----
  //  Not at all secure - need to strip out path info if used by users besides admin in the future
  if ($action == "delete") {
! 	$delete_msg = "";
! 
! 	foreach ($delete_calendar as $filename) {
! 		if (!delete_cal(urldecode($filename))) {
! 			$delete_msg = $delete_msg . "<font color=\"red\">" . $delete_error_lang . " " . urldecode(substr($filename,0,-4)) . "</font><br>";
! 		}
! 		else {
! 			$delete_msg = $delete_msg . "<font color=\"green\">" . urldecode(substr($filename,0,-4)) . " " . $delete_success_lang . "</font><br>";
! 		}
  	}
  }
***************
*** 191,200 ****
  <h2><?php echo $addupdate_cal_lang; ?></h2>
  <p><?php echo $addupdate_desc_lang; ?></p>
! <form action="<?php echo $HTTP_SERVER_VARS['PHP_SELF']; ?>" method="post" enctype="multipart/form-data" <?php if($confirm_changes != "no") { echo "onSubmit=\"return verify()\""; } ?> >
      <input type="hidden" name="action" value="addupdate">
  	<table border="0" cellspacing="0">
  		<tr>
! 			<td nowrap><?php echo $cal_file_lang; ?>: </td>
! 			<td><input type="file" name="calfile"></td>
  		</tr>
  		<tr>
--- 175,200 ----
  <h2><?php echo $addupdate_cal_lang; ?></h2>
  <p><?php echo $addupdate_desc_lang; ?></p>
! <form action="<?php echo $HTTP_SERVER_VARS['PHP_SELF']; ?>" method="post" enctype="multipart/form-data">
      <input type="hidden" name="action" value="addupdate">
  	<table border="0" cellspacing="0">
  		<tr>
! 			<td nowrap><?php echo $cal_file_lang; ?> 1: </td>
! 			<td><input type="file" name="calfile[1]"></td>
! 		</tr>
! 		<tr>
! 			<td nowrap><?php echo $cal_file_lang; ?> 2: </td>
! 			<td><input type="file" name="calfile[2]"></td>
! 		</tr>
! 		<tr>
! 			<td nowrap><?php echo $cal_file_lang; ?> 3: </td>
! 			<td><input type="file" name="calfile[3]"></td>
! 		</tr>
! 		<tr>
! 			<td nowrap><?php echo $cal_file_lang; ?> 4: </td>
! 			<td><input type="file" name="calfile[4]"></td>
! 		</tr>
! 		<tr>
! 			<td nowrap><?php echo $cal_file_lang; ?> 5: </td>
! 			<td><input type="file" name="calfile[5]"></td>
  		</tr>
  		<tr>
***************
*** 203,247 ****
  		</tr>
  		<tr>
! 			<td align="center" colspan="2"><?php if($addupdate_success) { echo "<font color=\"green\">{$action_success_lang}</font>"; } ?><font color="red"><?php echo $upload_error; ?></font>&nbsp;</td>
  		</tr>
      </table>
  </form>
! 	
  <h2><?php echo $delete_cal_lang; ?></h2>
! <form action="<?php echo $HTTP_SERVER_VARS['PHP_SELF']; ?>" method="post" <?php if($confirm_changes != "no") { echo "onSubmit=\"return verify()\""; } ?> >
  	<input type="hidden" name="action" value="delete">
  	<table border="0" cellspacing="0">
! 		<tr>
! 			<td nowrap><?php echo $cal_file_lang; ?>: </td>
! 			<td>
! 				<?php

! 					// Begin Calendar Selection
! 					//
! 					print "<select name=\"delete_calendar\">\n";
! 					$filelist = get_calendar_files($calendar_path);
! 					foreach ($filelist as $file) {
! 						$cal_filename_tmp = substr($file,0,-4);
! 						$cal_tmp = urlencode($file);
! 						$cal_displayname_tmp = str_replace("32", " ", $cal_filename_tmp);
! 						print "<option value=\"$cal_tmp\">$cal_displayname_tmp $calendar_lang</option>\n";	
! 					}			
! 					print "</select>\n";
! 				?>
! 			</td>
! 		</tr>
! 		<tr>
! 			<td>&nbsp;</td>
! 			<td><input type="submit" value="<?php echo $submit_lang; ?>"></td>
! 		</tr>
! 		<tr>
! 			<td align="center" colspan="2"><?php if($delete_success) { echo "<font color=\"green\">{$action_success_lang}</font>"; } ?><font color="red"><?php echo $delete_error; ?></font>&nbsp;</td>
  		</tr>
  	</table>
  </form>

- 
- <?php
- echo "
  					</td>
  				</tr>
--- 203,252 ----
  		</tr>
  		<tr>
! 			<td align="center" colspan="2"><?php echo $addupdate_msg; ?>&nbsp;</td>
  		</tr>
      </table>
  </form>
! 
  <h2><?php echo $delete_cal_lang; ?></h2>
! <form action="<?php echo $HTTP_SERVER_VARS['PHP_SELF']; ?>" method="post">
  	<input type="hidden" name="action" value="delete">
  	<table border="0" cellspacing="0">
! 		<?php

! 			// Print Calendar Checkboxes
! 			//
! 			$COLUMNS_TO_PRINT = 3;
! 			$column = 1;
! 			$filelist = get_calendar_files($calendar_path);
! 			foreach ($filelist as $file) {
! 				if ($column > $COLUMNS_TO_PRINT) {
! 					echo "</tr>";
! 					$column = 1;
! 				}
! 				if ($column == 1) {
! 					echo "<tr>";
! 				}
! 				
! 				$cal_filename_tmp = substr($file,0,-4);
! 				$cal_tmp = urlencode($file);
! 				$cal_displayname_tmp = str_replace("32", " ", $cal_filename_tmp);
! 				
! 				echo "<td align=\"left\"><input name=\"delete_calendar[]\" value=\"$cal_tmp\" type=\"checkbox\">$cal_displayname_tmp</td>\n";
! 				
! 				$column++;
! 			}
! 			// Print remaining empty columns if necessary
! 			$number_of_columns = count($filelist);
! 			while (gettype($number_of_columns/$COLUMNS_TO_PRINT) != "integer") {
! 				echo "<td>&nbsp;</td>";
! 				$number_of_columns++;
! 			}
! 		?>
  		</tr>
  	</table>
+ 	<p><input type="submit" value="<?php echo $delete_lang; ?>"></p>
+ 	<p><?php echo $delete_msg; ?>&nbsp;</p>
  </form>

  					</td>
  				</tr>
***************
*** 249,259 ****
  		</td>
  	</tr>
! </table>";

- include (BASE.'includes/footer.inc.php');

! echo "</center>
! 	</body>
! 	</html>";
! ?>

--- 254,266 ----
  		</td>
  	</tr>
! </table>

! <?php include (BASE.'includes/footer.inc.php'); ?>
! 
! 
! </center>
! </body>
! </html>
! 

Index: config.inc.php
===================================================================
RCS file: /cvsroot/phpicalendar/phpicalendar/config.inc.php,v
retrieving revision 1.100
retrieving revision 1.101
diff -C2 -d -r1.100 -r1.101
*** config.inc.php	9 May 2003 20:28:56 -0000	1.100
--- config.inc.php	13 May 2003 04:14:22 -0000	1.101
***************
*** 48,57 ****

  // Administration settings
! $allow_admin			= 'yes';				// Set to yes to allow the admin page - remember to change the default password			
! $external_auth			= 'no';				// Set to yes if external authentication (such as HTTP Authentication) is used and no authentican should be performed by PHP iCalendar
! $admin_username			= 'clittle';			// The username for the administrator
! $admin_password			= 'jackhamm3r';		// change this if allow_admin is set to yes
! $confirm_changes		= 'yes';			// Set to no to eliminate the confirmation popup on administration form submits
! 										
  $blacklisted_cals[] = '';					// Fill in between the quotes the name of the calendars 
  $blacklisted_cals[] = '';					// you wish to 'blacklist' or that you don't want to show up in your calendar
--- 48,58 ----

  // Administration settings
! $allow_admin			= 'yes';				// Set to yes to allow the admin page - remember to change the default password if using 'internal' as the $auth_method			
! $auth_method			= 'ftp';			// Valid values are: 'ftp', 'internal', or 'none'. 'ftp' uses the ftp server's username and password as well as ftp commands to delete and copy files. 'internal' uses $auth_internal_username and $auth_internal_password defined below - CHANGE the password. 'none' uses NO authentication - meant to be used with another form of authentication such as http basic.
! $auth_internal_username	= 'admin';			// Only used if $auth_method='internal'. The username for the administrator.
! $auth_internal_password	= 'default';		// Only used if $auth_method='internal'. The password for the administrator.
! $ftp_server				= 'localhost';		// Only used if $auth_method='ftp'. The ftp server name. 'localhost' will work for most servers.
! $ftp_calendar_path		= '';				// Only used if $auth_method='ftp'. The full path to the calendar directory on the ftp server. If = '', will attempt to deduce the path based on $calendar_path, but may not be accurate depending on ftp server config.
! 
  $blacklisted_cals[] = '';					// Fill in between the quotes the name of the calendars 
  $blacklisted_cals[] = '';					// you wish to 'blacklist' or that you don't want to show up in your calendar