From: <cl...@us...> - 2003-05-13 04:14:25
|
Update of /cvsroot/phpicalendar/phpicalendar In directory sc8-pr-cvs1:/tmp/cvs-serv7779 Modified Files: admin.php config.inc.php Log Message: part two of admin.php Index: admin.php =================================================================== RCS file: /cvsroot/phpicalendar/phpicalendar/admin.php,v retrieving revision 1.1 retrieving revision 1.2 diff -C2 -d -r1.1 -r1.2 *** admin.php 30 Mar 2003 00:31:38 -0000 1.1 --- admin.php 13 May 2003 04:14:22 -0000 1.2 *************** *** 1,9 **** <?php ! // TODO - Remove before going live ! //error_reporting (E_ALL); define('BASE', './'); include (BASE.'functions/init.inc.php'); ! include (BASE.'functions/upload_functions.php'); // Redirect if administration is not allowed --- 1,8 ---- <?php ! session_start(); define('BASE', './'); include (BASE.'functions/init.inc.php'); ! include (BASE.'functions/admin_functions.php'); // Redirect if administration is not allowed *************** *** 13,30 **** } ! // Load variables from forms, query strings, and cookies into local scope if($HTTP_POST_VARS) {extract($HTTP_POST_VARS, EXTR_PREFIX_SAME, "post_");} if($HTTP_GET_VARS) {extract($HTTP_GET_VARS, EXTR_PREFIX_SAME, "get_");} - if($HTTP_COOKIE_VARS) {extract($HTTP_COOKIE_VARS, EXTR_PREFIX_SAME, "cookie_");} ! // Logout by clearing user info in cookies if ($action == "logout") { ! setcookie("md5_password",""); ! setcookie("username",""); } ! // if $external_auth == 'yes', don't do any authentication ! if ($external_auth == "yes") { $is_loged_in = TRUE; } --- 12,29 ---- } ! // Load variables from forms and query strings into local scope if($HTTP_POST_VARS) {extract($HTTP_POST_VARS, EXTR_PREFIX_SAME, "post_");} if($HTTP_GET_VARS) {extract($HTTP_GET_VARS, EXTR_PREFIX_SAME, "get_");} ! // Logout by clearing session variables if ($action == "logout") { ! $HTTP_SESSION_VARS['phpical_loggedin'] = FALSE; ! unset($HTTP_SESSION_VARS['phpical_username']); ! unset($HTTP_SESSION_VARS['phpical_password']); } ! // if $auth_method == 'none', don't do any authentication ! if ($auth_method == "none") { $is_loged_in = TRUE; } *************** *** 33,60 **** $is_loged_in = FALSE; ! if (isset($username) && $action != "logout") { ! if (!isset($HTTP_COOKIE_VARS["md5_password"])) { ! $md5_password = md5($password); ! } ! else { ! $md5_password = $HTTP_COOKIE_VARS["md5_password"]; ! } ! if ($admin_username == $username && md5($admin_password) == $md5_password) { ! //TODO lastusername doesn't appear to be working ! $is_loged_in = TRUE; ! setcookie("lastusername", $username, time()+1012324305); ! setcookie("username", $username); ! setcookie("md5_password", $md5_password); ! } ! else { ! $login_error = "<font color=\"red\">$invalid_login_lang</font>"; ! $is_loged_in = FALSE; ! } } ! ! if ($is_loged_in == FALSE) { ! setcookie("username",""); ! setcookie("password",""); ! setcookie("md5_password",""); } } --- 32,40 ---- $is_loged_in = FALSE; ! if (is_loggedin()) { ! $is_loged_in = TRUE; } ! if (isset($username) && $action != "logout") { ! $is_loged_in = login ($username, $password); } } *************** *** 69,83 **** <title><?php echo "$admin_header_lang"; ?></title> <link rel="stylesheet" type="text/css" href="<?php echo BASE."styles/$style_sheet/default.css"; ?>"> - - <script> - <!-- - function verify(){ - msg = "<?php echo $confirm_lang; ?>"; - //all we have to do is return the return value of the confirm() method - return confirm(msg); - } - --> - </script> - </head> <body bgcolor="#FFFFFF"> --- 49,52 ---- *************** *** 94,98 **** <td align="left" width="20" class="navback"> </td> <td align="center" class="navback" nowrap valign="middle"><font class="H20"><?php echo "$admin_header_lang"; ?></font></td> ! <td align="right" width="20" class="navback" nowrap valign="middle"><font class="G10"><?php if ($external_auth != "yes" && $is_loged_in == TRUE) { echo "<a href=\"{$HTTP_SERVER_VARS['PHP_SELF']}?action=logout\">{$logout_lang}</a>"; } ?></font> </td> </tr> <tr> --- 63,67 ---- <td align="left" width="20" class="navback"> </td> <td align="center" class="navback" nowrap valign="middle"><font class="H20"><?php echo "$admin_header_lang"; ?></font></td> ! <td align="right" width="20" class="navback" nowrap valign="middle"><font class="G10"><?php if ($auth_method != "none" && $is_loged_in == TRUE) { echo "<a href=\"{$HTTP_SERVER_VARS['PHP_SELF']}?action=logout\">{$logout_lang}</a>"; } ?></font> </td> </tr> <tr> *************** *** 109,112 **** --- 78,84 ---- // If User is Not Logged In, Display The Login Page if ($is_loged_in == FALSE) { + if (isset($username)) + $login_error = "<font color=\"red\">$invalid_login_lang</font>"; + echo <<<EOT <form action="{$HTTP_SERVER_VARS['PHP_SELF']}" method="post"> *************** *** 114,118 **** <tr> <td nowrap>{$username_lang}: </td> ! <td align="left"><input type="text" name="username" value="$lastusername"></td> </tr> <tr> --- 86,90 ---- <tr> <td nowrap>{$username_lang}: </td> ! <td align="left"><input type="text" name="username"></td> </tr> <tr> *************** *** 157,173 **** // Add or Update a calendar if ($action == "addupdate") { ! $addupdate_success = FALSE; ! if (!is_uploaded_file_v4($HTTP_POST_FILES['calfile']['tmp_name'])) { ! $upload_error = get_upload_error($HTTP_POST_FILES['calfile']); ! } ! elseif (!is_uploaded_ics($HTTP_POST_FILES['calfile']['name'])) { ! $upload_error = $upload_error_type_lang; ! } ! // copy() should be replaced with move_uploaded_file(), but only if we can require PHP 4 >= 4.0.3 ! elseif (!copy($HTTP_POST_FILES['calfile']['tmp_name'], $calendar_path . "/" . $HTTP_POST_FILES['calfile']['name'])) { ! $upload_error = $copy_error_lang . " " . $HTTP_POST_FILES['calfile']['tmp_name'] . " - " . $calendar_path . "/" . $HTTP_POST_FILES['calfile']['name']; ! } ! else { ! $addupdate_success = TRUE; } } --- 129,155 ---- // Add or Update a calendar if ($action == "addupdate") { ! $addupdate_msg = ""; ! ! for($filenumber=1; $filenumber<6; $filenumber++) { ! $file = $HTTP_POST_FILES['calfile']; ! $addupdate_success = FALSE; ! ! if (!is_uploaded_file_v4($file['tmp_name'][$filenumber])) { ! $upload_error = get_upload_error($file['error'][$filenumber]); ! } ! elseif (!is_uploaded_ics($file['name'][$filenumber])) { ! $upload_error = $upload_error_type_lang; ! } ! elseif (!copy_cal($file['tmp_name'][$filenumber], $file['name'][$filenumber])) { ! $upload_error = $copy_error_lang . " " . $file['tmp_name'][$filenumber] . " - " . $calendar_path . "/" . $file['name'][$filenumber]; ! } ! else { ! $addupdate_success = TRUE; ! } ! ! if ($addupdate_success) ! $addupdate_msg = $addupdate_msg . "<font color=\"green\">{$cal_file_lang} {$filenumber}: {$action_success_lang}</font><br>"; ! else ! $addupdate_msg = $addupdate_msg . "<font color=\"red\">{$cal_file_lang} {$filenumber}: {$upload_error}</font><br>"; } } *************** *** 176,186 **** // Not at all secure - need to strip out path info if used by users besides admin in the future if ($action == "delete") { ! $delete_success = FALSE; ! ! if (!unlink($calendar_path . "/" . urldecode($delete_calendar))) { ! $delete_error = $delete_error_lang . " " . $calendar_path . "/" . urldecode($delete_calendar); ! } ! else { ! $delete_success = TRUE; } } --- 158,170 ---- // Not at all secure - need to strip out path info if used by users besides admin in the future if ($action == "delete") { ! $delete_msg = ""; ! ! foreach ($delete_calendar as $filename) { ! if (!delete_cal(urldecode($filename))) { ! $delete_msg = $delete_msg . "<font color=\"red\">" . $delete_error_lang . " " . urldecode(substr($filename,0,-4)) . "</font><br>"; ! } ! else { ! $delete_msg = $delete_msg . "<font color=\"green\">" . urldecode(substr($filename,0,-4)) . " " . $delete_success_lang . "</font><br>"; ! } } } *************** *** 191,200 **** <h2><?php echo $addupdate_cal_lang; ?></h2> <p><?php echo $addupdate_desc_lang; ?></p> ! <form action="<?php echo $HTTP_SERVER_VARS['PHP_SELF']; ?>" method="post" enctype="multipart/form-data" <?php if($confirm_changes != "no") { echo "onSubmit=\"return verify()\""; } ?> > <input type="hidden" name="action" value="addupdate"> <table border="0" cellspacing="0"> <tr> ! <td nowrap><?php echo $cal_file_lang; ?>: </td> ! <td><input type="file" name="calfile"></td> </tr> <tr> --- 175,200 ---- <h2><?php echo $addupdate_cal_lang; ?></h2> <p><?php echo $addupdate_desc_lang; ?></p> ! <form action="<?php echo $HTTP_SERVER_VARS['PHP_SELF']; ?>" method="post" enctype="multipart/form-data"> <input type="hidden" name="action" value="addupdate"> <table border="0" cellspacing="0"> <tr> ! <td nowrap><?php echo $cal_file_lang; ?> 1: </td> ! <td><input type="file" name="calfile[1]"></td> ! </tr> ! <tr> ! <td nowrap><?php echo $cal_file_lang; ?> 2: </td> ! <td><input type="file" name="calfile[2]"></td> ! </tr> ! <tr> ! <td nowrap><?php echo $cal_file_lang; ?> 3: </td> ! <td><input type="file" name="calfile[3]"></td> ! </tr> ! <tr> ! <td nowrap><?php echo $cal_file_lang; ?> 4: </td> ! <td><input type="file" name="calfile[4]"></td> ! </tr> ! <tr> ! <td nowrap><?php echo $cal_file_lang; ?> 5: </td> ! <td><input type="file" name="calfile[5]"></td> </tr> <tr> *************** *** 203,247 **** </tr> <tr> ! <td align="center" colspan="2"><?php if($addupdate_success) { echo "<font color=\"green\">{$action_success_lang}</font>"; } ?><font color="red"><?php echo $upload_error; ?></font> </td> </tr> </table> </form> ! <h2><?php echo $delete_cal_lang; ?></h2> ! <form action="<?php echo $HTTP_SERVER_VARS['PHP_SELF']; ?>" method="post" <?php if($confirm_changes != "no") { echo "onSubmit=\"return verify()\""; } ?> > <input type="hidden" name="action" value="delete"> <table border="0" cellspacing="0"> ! <tr> ! <td nowrap><?php echo $cal_file_lang; ?>: </td> ! <td> ! <?php ! // Begin Calendar Selection ! // ! print "<select name=\"delete_calendar\">\n"; ! $filelist = get_calendar_files($calendar_path); ! foreach ($filelist as $file) { ! $cal_filename_tmp = substr($file,0,-4); ! $cal_tmp = urlencode($file); ! $cal_displayname_tmp = str_replace("32", " ", $cal_filename_tmp); ! print "<option value=\"$cal_tmp\">$cal_displayname_tmp $calendar_lang</option>\n"; ! } ! print "</select>\n"; ! ?> ! </td> ! </tr> ! <tr> ! <td> </td> ! <td><input type="submit" value="<?php echo $submit_lang; ?>"></td> ! </tr> ! <tr> ! <td align="center" colspan="2"><?php if($delete_success) { echo "<font color=\"green\">{$action_success_lang}</font>"; } ?><font color="red"><?php echo $delete_error; ?></font> </td> </tr> </table> </form> - - <?php - echo " </td> </tr> --- 203,252 ---- </tr> <tr> ! <td align="center" colspan="2"><?php echo $addupdate_msg; ?> </td> </tr> </table> </form> ! <h2><?php echo $delete_cal_lang; ?></h2> ! <form action="<?php echo $HTTP_SERVER_VARS['PHP_SELF']; ?>" method="post"> <input type="hidden" name="action" value="delete"> <table border="0" cellspacing="0"> ! <?php ! // Print Calendar Checkboxes ! // ! $COLUMNS_TO_PRINT = 3; ! $column = 1; ! $filelist = get_calendar_files($calendar_path); ! foreach ($filelist as $file) { ! if ($column > $COLUMNS_TO_PRINT) { ! echo "</tr>"; ! $column = 1; ! } ! if ($column == 1) { ! echo "<tr>"; ! } ! ! $cal_filename_tmp = substr($file,0,-4); ! $cal_tmp = urlencode($file); ! $cal_displayname_tmp = str_replace("32", " ", $cal_filename_tmp); ! ! echo "<td align=\"left\"><input name=\"delete_calendar[]\" value=\"$cal_tmp\" type=\"checkbox\">$cal_displayname_tmp</td>\n"; ! ! $column++; ! } ! // Print remaining empty columns if necessary ! $number_of_columns = count($filelist); ! while (gettype($number_of_columns/$COLUMNS_TO_PRINT) != "integer") { ! echo "<td> </td>"; ! $number_of_columns++; ! } ! ?> </tr> </table> + <p><input type="submit" value="<?php echo $delete_lang; ?>"></p> + <p><?php echo $delete_msg; ?> </p> </form> </td> </tr> *************** *** 249,259 **** </td> </tr> ! </table>"; - include (BASE.'includes/footer.inc.php'); ! echo "</center> ! </body> ! </html>"; ! ?> --- 254,266 ---- </td> </tr> ! </table> ! <?php include (BASE.'includes/footer.inc.php'); ?> ! ! ! </center> ! </body> ! </html> ! Index: config.inc.php =================================================================== RCS file: /cvsroot/phpicalendar/phpicalendar/config.inc.php,v retrieving revision 1.100 retrieving revision 1.101 diff -C2 -d -r1.100 -r1.101 *** config.inc.php 9 May 2003 20:28:56 -0000 1.100 --- config.inc.php 13 May 2003 04:14:22 -0000 1.101 *************** *** 48,57 **** // Administration settings ! $allow_admin = 'yes'; // Set to yes to allow the admin page - remember to change the default password ! $external_auth = 'no'; // Set to yes if external authentication (such as HTTP Authentication) is used and no authentican should be performed by PHP iCalendar ! $admin_username = 'clittle'; // The username for the administrator ! $admin_password = 'jackhamm3r'; // change this if allow_admin is set to yes ! $confirm_changes = 'yes'; // Set to no to eliminate the confirmation popup on administration form submits ! $blacklisted_cals[] = ''; // Fill in between the quotes the name of the calendars $blacklisted_cals[] = ''; // you wish to 'blacklist' or that you don't want to show up in your calendar --- 48,58 ---- // Administration settings ! $allow_admin = 'yes'; // Set to yes to allow the admin page - remember to change the default password if using 'internal' as the $auth_method ! $auth_method = 'ftp'; // Valid values are: 'ftp', 'internal', or 'none'. 'ftp' uses the ftp server's username and password as well as ftp commands to delete and copy files. 'internal' uses $auth_internal_username and $auth_internal_password defined below - CHANGE the password. 'none' uses NO authentication - meant to be used with another form of authentication such as http basic. ! $auth_internal_username = 'admin'; // Only used if $auth_method='internal'. The username for the administrator. ! $auth_internal_password = 'default'; // Only used if $auth_method='internal'. The password for the administrator. ! $ftp_server = 'localhost'; // Only used if $auth_method='ftp'. The ftp server name. 'localhost' will work for most servers. ! $ftp_calendar_path = ''; // Only used if $auth_method='ftp'. The full path to the calendar directory on the ftp server. If = '', will attempt to deduce the path based on $calendar_path, but may not be accurate depending on ftp server config. ! $blacklisted_cals[] = ''; // Fill in between the quotes the name of the calendars $blacklisted_cals[] = ''; // you wish to 'blacklist' or that you don't want to show up in your calendar |