| [ Index ] |
|
Code source de eGroupWare 1.2.106-2 |
1 <?php 2 /* WARNING: EXPERIMENTAL CODE DO NOT USE FOR PRODUCTION */ 3 /** 4 * @file 5 * IcalsrvNG: Export and Import Egw events and task as ICalendar over http using 6 * Virtual Calendars 7 * 8 * Possible clients include Mozilla Calendar/Sunbird, Korganizer, Apple Ical 9 * and Evolution. 10 * @note <b> THIS IS STILL EXPERIMENTAL CODE </b> do not use in production. 11 * @note this script is supposed to be at: egw-root/icalsrv.php 12 * 13 * @version 0.9.37-ng-a2 added a todo plan for v0.9.40 14 * @date 20060510 15 * @since 0.9.37-ng-a1 removed fixed default domain authentication 16 * @since 0.9.36-ng-a1 first version for NAPI-3.1 (write in non owner rscs) 17 * @author Jan van Lieshout <jvl (at) xs4all.nl> Rewrite and extension for egw 1.2. 18 * (see: @url http://www.egroupware.org ) 19 * $Id: icalsrv.php 21629 2006-05-23 14:21:54Z prito $ 20 * Based on some code from: 21 * @author RalfBecker@outdoor-training.de (some original code base) 22 * 23 * <b>license:</b><br> 24 * This program is free software; you can redistribute it and/or modify it 25 * under the terms of the GNU General Public License as published by the 26 * Free Software Foundation; either version 2 of the License, or (at your 27 * option) any later version. 28 * 29 * @todo make this 'ical-service' enabled/disabled from the egw 30 * admin interface 31 * @todo make the definition of virtual calendars possible from a 'ical-service' web 32 * user interface user 33 * @todo (for 0.9.40 versions) move much parsing of the vc to class.vcsrv.inc.php 34 * and add the $vcpath var where pathinfo is parsed to communicate to vc_X class 35 * @bug if you dont have enough privilages to access a personal calendar of someone 36 * icalsrv will not give you an access denied error, but will just return no events 37 * from this calendar. (Needed otherwise you cannot collect events from multiple resources 38 * into a single virtual calendar. 39 * 40 * @todo make code robust against xss attacke etc. 41 */ 42 43 //-------- basic operation configuration variables ---------- 44 45 $logdir = false; // set to false for no logging 46 #$logdir = '/tmp'; // set to a valid (writable) directory to get log file generation 47 48 // set to true for debug logging to errorlog 49 #$isdebug = True; 50 $isdebug = False; 51 52 /** Disallow users to import in non owned calendars and infologs 53 * @var boolean $disable_nonowner_import 54 */ 55 $disable_nonowner_import = false; 56 57 // icalsrv variant with session setup modeled after xmlrpc.php 58 59 $GLOBALS['egw_info'] = array(); 60 $GLOBALS['egw_info']['flags'] = 61 array( 62 'currentapp' => 'login', 63 'noheader' => True, 64 'disable_Template_class' => True 65 ); 66 include('header.inc.php'); 67 68 // silly for now but who knows... 69 $GLOBALS['egw_info']['server']['icalsrv'] = true; 70 71 /** Control and status of the icalsrv session setup 72 * @bug icalsrv enabled checking is not yet working... 73 * @var array $icalsrv 74 */ 75 $icalsrv = array(); 76 77 // Somehow check if icalsrv is enabled none of the 2 ways works yet.. 78 // either via 1: 79 $icalsrv['enabled'] = isset($GLOBALS['egw_info']['user']['apps']['icalsrv']); 80 // or via 2: the configdata 81 $c =& CreateObject('phpgwapi.config','icalsrv'); 82 $c->read_repository(); 83 $config =& $c->config_data; 84 unset($c); 85 $icalsrv['enabled'] = $config['icalsrv_enabled']; 86 87 // or via 3: force it! Yes this works :-) 88 $icalsrv['enabled'] = true; 89 90 if(!$icalsrv['enabled']) { 91 fail_exit('IcalSRV not enabled','403'); 92 } 93 94 // now check if we have a session there (according to cookie and auth) 95 // define this function ourselves if not there.. 96 if(!function_exists('getallheaders')) { 97 function getallheaders(){ 98 settype($headers,'array'); 99 foreach($_SERVER as $h => $v) { 100 if(ereg('HTTP_(.+)',$h,$hp)){ 101 $headers[$hp[1]] = $v; 102 } 103 } 104 return $headers; 105 } 106 } 107 $headers = getallheaders(); 108 $auth_header = $headers['Authorization'] 109 ? $headers['Authorization'] : $headers['authorization']; 110 if(eregi('Basic *([^ ]*)',$auth_header,$auth)) { 111 list($sessionid,$kp3) = explode(':',base64_decode($auth[1])); 112 // echo "auth='$auth[1]', sessionid='$sessionid', kp3='$kp3'\n"; 113 } else { 114 $sessionid = get_var('sessionid',array('COOKIE','GET')); 115 $kp3 = get_var('kp3',array('COOKIE','GET')); 116 } 117 118 if($icalsrv['session_ok'] = $GLOBALS['egw']->session->verify($sessionid,$kp3)){ 119 $s_user_id = $GLOBALS['egw_info']['user']['account_id']; 120 // check if the new user is the one from the session 121 $a_user_id = $GLOBALS['egw']->accounts->name2id($_SERVER['PHP_AUTH_USER']); 122 if( !($a_user_id == $s_user_id)){ 123 $icalsrv['session_ok'] = false; 124 } 125 } else { 126 if($isdebug) 127 error_log('NO OLD SESSION'); 128 } 129 130 if (!$icalsrv['session_ok'] and isset($_SERVER['PHP_AUTH_USER']) 131 and isset($_SERVER['PHP_AUTH_PW'])) { 132 // $login = $_SERVER['PHP_AUTH_USER']; 133 // $domain = 'default'; 134 // check for a possible valid login domain present as parameter 135 if(isset($_GET['domain'])){ 136 $domain = $_GET['domain']; 137 }else{ 138 $domain = $GLOBALS['egw_info']['server']['default_domain']; 139 } 140 if(!array_key_exists($domain, $GLOBALS['egw_domain'])){ 141 error_log('icalsrv.php: login, invalid domain:' .$domain); 142 } else { 143 $userlogin = $_SERVER['PHP_AUTH_USER'] . '@' . $domain; 144 if($isdebug) 145 error_log('TRY NEW SESSION FOR login:' . $userlogin); 146 147 $sess_id = $GLOBALS['egw']->session->create($userlogin, $_SERVER['PHP_AUTH_PW'], 148 'text'); 149 } 150 if ($sess_id) { 151 $icalsrv['session_ok'] = true; 152 $GLOBALS['egw_info']['user']['account_id'] = $sess_id->account_id; 153 } 154 } 155 156 if($icalsrv['session_ok']){ 157 $icalsrv['authed'] = $GLOBALS['egw']->auth->authenticate($_SERVER['PHP_AUTH_USER'], 158 $_SERVER['PHP_AUTH_PW']); 159 } 160 161 // bad session or bad authentication so please re-authenticate.. 162 if (!($icalsrv['session_ok'] && $icalsrv['authed'])) { 163 header('WWW-Authenticate: Basic realm="ICal Server"'); 164 header('HTTP/1.1 401 Unauthorized'); 165 exit; 166 } 167 168 169 // oke we have a session! 170 171 // now set the variables that will control the working mode of icalvircal 172 // the defines are in the egwical_resourcehandler sourcefile 173 require_once EGW_SERVER_ROOT. '/egwical/inc/class.egwical_resourcehandler.inc.php' ; 174 175 /** uid mapping export configuration switch 176 * @var int 177 * Parameter that determines, a the time of export from Egw (aka dowload by client), how 178 * ical elements (like VEVENT's) get their uid fields filled, from data in 179 * the related Egroupware element. 180 * See further in @ref secuidmapping in the egwical_resourcehandler documentation. 181 */ 182 $uid_export_mode = UMM_ID2UID; 183 184 /** uid mapping import configuration switch 185 * @var int 186 * Parameter that determines, at the time of import into Egw (aka publish by client), how 187 * ical elements (like VEVENT's) will find, based on their uid fields, related egw 188 * elements, that are then updated with the ical info. 189 * See further in @ref secuidmapping in the egwical_resourcehandler documentation. 190 */ 191 $uid_import_mode = UMM_UID2ID; 192 193 /** 194 * @section secisuidmapping Basic Possible settings of UID to ID mapping. 195 * 196 * @warning the default setting in icalsrv.php is one of the 3 basic uid mapping modes: 197 * #The standard mode that allows a published client calendar to add new events and todos 198 * to the egw calendar, and allows to update already before published (to egw) and 199 * at least once downloaded (from egw) events and todos. 200 * . 201 * setting: <PRE>$uid_export_mode = UMM_ID2UID; $uid_import_mode = UMM_UID2ID; </PRE> (default) 202 * #The fool proof mode that will prevent accidental change or deletion of existing 203 * egw events or todos. Note that the price to pay is <i>duplication</i> on republishing or 204 * re-download! 205 * . 206 * setting: <PRE>$uid_export_mode = UMM_NEWUID; $uid_import_mode = UMM_NEWID; </PRE> (discouraged) 207 * #The flaky sync mode that in principle would make each event and todo recognizable by 208 * both the client and egw at each moment. In this mode a once given uid field is both used 209 * in the client and in egw. Unfortunately there are quite some problems with this, making it 210 * very unreliable to use! 211 * . 212 * setting: <PRE>$uid_export_mode = UMM_UID2UID; $uid_import_mode = UMM_UID2UID; </PRE> (discouraged!) 213 */ 214 215 /** allow elements gone(deleted) in egw to be imported again from client 216 * @var boolean $reimport_missing_elements 217 */ 218 $reimport_missing_elements = true; 219 220 221 //-------- end of basic operation configuration variables ---------- 222 223 224 #error_log('_SERVER:' . print_r($_SERVER, true)); 225 226 227 // go parse our request uri 228 $requri = $_SERVER['REQUEST_URI']; 229 $reqpath= $_SERVER['PATH_INFO']; 230 $reqagent = $_SERVER['HTTP_USER_AGENT']; 231 232 # maybe later also do something with content_type? 233 # if (!empty($_SERVER['CONTENT_TYPE'])) { 234 # if (strpos($_SERVER['CONTENT_TYPE'], 'application/vnd....+xml') !== false) { 235 # ical/ics ??? 236 237 238 // ex1: $requri='egroupware/icalsrv.php/demouser/todos.ics' 239 // then $reqpath='/demouser/todos.ics' 240 // $rvc_owner='demouser' 241 // $rvc_basename='/todos.ics' 242 // ex2:or $recuri ='egroupware/icalsrv.php/uk/holidays.ics' 243 // then $reqpath='/uk/holidays.ics' 244 // $rvc_owner = null; // unset 245 // $rvc_basename=null; // unset 246 // ex3: $requri='egroupware/icalsrv.php/demouser/todos?pw=mypw01' 247 // then $reqpath='/demouser/todos.ics' 248 // $rvc_owner='demouser' 249 // $rvc_basename='/todos.ics' 250 // $_GET['pw'] = 'mypw01' 251 252 // S-- parse the $reqpath to get $reqvircal names 253 unset($reqvircal_owner); 254 unset($reqvircal_owner_id); 255 unset($reqvircal_basename); 256 257 if(empty($_SERVER['PATH_INFO'])){ 258 // no specific calendar requested, so do default.ics 259 $reqvircal_pathname = '/default.ics'; 260 261 // try owner + base for a personal vircal request 262 } elseif (preg_match('#^/([\w]+)(/[^<^>^?]+)$#', $_SERVER['PATH_INFO'], $matches)){ 263 $reqvircal_pathname = $matches[0]; 264 $reqvircal_owner = $matches[1]; 265 $reqvircal_basename = $matches[2]; 266 267 if(!$reqvircal_owner_id = $GLOBALS['egw']->accounts->name2id($reqvircal_owner)){ 268 // owner is unknown, so forget about personal calendar 269 270 unset($reqvircal_owner); 271 unset($reqvircal_basename); 272 } 273 274 // check for decent non personal path 275 } elseif (preg_match('#^(/[^<^>]+)$#', $_SERVER['PATH_INFO'], $matches)){ 276 $reqvircal_pathname = $matches[0]; 277 278 // just default to standard path 279 } else { 280 $reqvircal_pathname = 'default.ics'; 281 } 282 283 284 if($isdebug) 285 error_log('http-user-agent:' . $reqagent . 286 ',pathinfo:' . $reqpath . ',rvc_pathname:' . $reqvircal_pathname . 287 ',rvc_owner:' . $reqvircal_owner . ',rvc_owner_id:' . $reqvircal_owner_id . 288 ',rvc_basename:' . $reqvircal_basename); 289 290 // S1A search for the requested calendar in the vircal_ardb's 291 if(is_numeric($reqvircal_owner_id)){ 292 // check if the requested personal calender is provided by the owner.. 293 294 /** 295 * @todo 1. create somehow the list of available personal vircal arstores 296 * note: this should be done via preferences and read repository, but how.... 297 * I have to find out and write it... 298 */ 299 300 // find personal database of (array stored) virtual calendars 301 $cnmsg = 'calendar [' . $reqvircal_basename . '] for user [' . $reqvircal_owner . ']'; 302 $vo_personal_vircal_ardb =& CreateObject('icalsrv.personal_vircal_ardb', $reqvircal_owner_id); 303 if(!(is_object($vo_personal_vircal_ardb))){ 304 error_log('icalsrv.php: couldnot create personal vircal_ardb for user:' . $reqvircal_owner); 305 fail_exit('couldnot access' . $cnmsg, '403'); 306 } 307 308 // check if a /<username>/list.html is requested 309 if ($reqvircal_basename == '/list.html'){ 310 echo $vo_personal_vircal_ardb->listing(1); 311 $GLOBALS['egw']->common->egw_exit(); 312 } 313 314 # error_log('vo_personal_vircal_ardb:' . print_r($vo_personal_vircal_ardb->calendars, true)); 315 316 // search our calendar in personal vircal database 317 if(!($vircal_arstore = $vo_personal_vircal_ardb->calendars[$reqvircal_basename])){ 318 error_log('icalsrv.php: ' . $cnmsg . ' not found.'); 319 fail_exit($cnmsg . ' not found.' , '404'); 320 } 321 // oke we have a valid personal vircal in array_storage format! 322 323 } else { 324 // check if the requested system calender is provided by system 325 $cnmsg = 'system calendar [' . $reqvircal_pathname . ']'; 326 /** 327 * @todo 1. create somehow the list of available system vircal 328 * arstores note: this should be done via preferences and read 329 * repository, but how.... I have to find out 330 */ 331 332 // find system database of (array stored) virtual calendars 333 $system_vircal_ardb = CreateObject('icalsrv.system_vircal_ardb'); 334 if(!(is_object($system_vircal_ardb))){ 335 error_log('icalsrv.php: couldnot create system vircal_ardb'); 336 fail_exit('couldnot access ' . $cnmsg, '403'); 337 } 338 339 // check if a /list.html is requested 340 if ($reqvircal_pathname == '/list.html'){ 341 echo $system_vircal_ardb->listing(1); 342 $GLOBALS['egw']->common->egw_exit(); 343 } 344 345 // search our calendar in system vircal database 346 if(!($vircal_arstore = $system_vircal_ardb->calendars[$reqvircal_pathname])){ 347 fail_exit($cnmsg . ' not found', '404'); 348 } 349 // oke we have a valid system vircal in array_storage format! 350 351 } 352 if($isdebug) 353 error_log('vircal_arstore:' . print_r($vircal_arstore, true)); 354 355 // build a virtual calendar with ical facilities from the found vircal 356 // array_storage data 357 $icalvc =& CreateObject('icalsrv.icalvircal'); 358 if(! $icalvc->fromArray($vircal_arstore)){ 359 error_log('icalsrv.php: ' . $cnmsg . ' couldnot restore from repository.' ); 360 fail_exit($cnmsg . ' internal problem ' , '403'); 361 } 362 363 // YES: $icalvc created ok! acces rights needs to be checked though! 364 365 // HACK: ATM basic auth is always needed!! (JVL) ,so we force icalvc into it 366 $icalvc->auth = ':basic'; 367 368 369 // check if the virtual calendar demands authentication 370 if(strpos($icalvc->auth,'none') !== false){ 371 // no authentication demanded so continue 372 373 } elseif(strpos($icalvc->auth,'basic') !== false){ 374 //basic http authentication demanded 375 //so exit on non authenticated http request 376 377 //-- As we atm only allow authenticated users the 378 // actions in the next lines are already done at the begining 379 // of this file -- 380 // if ((!isset($_SERVER['PHP_AUTH_USER'])) || 381 // (!$GLOBALS['egw']->auth->authenticate($_SERVER['PHP_AUTH_USER'], 382 // $_SERVER['PHP_AUTH_PW']))) { 383 // if($isdebug) 384 // error_log('SESSION IS SETUP, BUT AUTHENTICATE FAILED'.$_SERVER['PHP_AUTH_USER'] ); 385 // header('WWW-Authenticate: Basic realm="ICal Server"'); 386 // header('HTTP/1.1 401 Unauthorized'); 387 // exit; 388 // } 389 390 // // else, use the active basic authentication to set preferences 391 // $user_id = $GLOBALS['egw']->accounts->name2id($_SERVER['PHP_AUTH_USER']); 392 // $GLOBALS['egw_info']['user']['account_id'] = $user_id; 393 // error_log(' ACCOUNT SETUP FOR' 394 // . $GLOBALS['egw_info']['user']['account_id']); 395 396 397 } elseif(strpos($icalvc->auth,'ssl') !== false){ 398 // ssl demanded, check if we are in https authenticated connection 399 // if not redirect to https 400 error_log('icalsrv.php:' . $cnmsg . ' demands secure connection'); 401 fail_exit($cnmsg . ' demands secure connection: please use https', '403'); 402 403 } else { 404 error_log('*** icalsrv.php:' . $cnmsg . ' requires unknown authentication method:' 405 . $icalcv->auth); 406 fail_exit($cnmsg . ' demands unavailable authentication method:' 407 . $icalcv->auth, '403'); 408 } 409 410 411 /** 412 * @todo this extra password checkin should, at least for logged-in users, 413 * better be incorporated in the ACL checkings. At some time... 414 */ 415 // check if an extra password is needed too 416 if(strpos($icalvc->auth,'passw') !== false){ 417 //extra parameter password authentication demanded 418 //so exit if pw parameter is not valid 419 if ((!isset($_GET['password'])) || 420 (!$icalvc->pw !== $_GET['password']) ) { 421 error_log('icalsrv.php:' . $cnmsg . ' demands extra password parameter'); 422 fail_exit($cnmsg . ' demands extra password parameter', '403'); 423 } 424 } 425 426 // now we are authenticated enough 427 // go setup import and export mode in our ical virtual calendar 428 429 $icalvc->uid_mapping_export = $uid_export_mode; 430 $icalvc->uid_mapping_import = $uid_import_mode; 431 $icalvc->reimport_missing_elements = $reimport_missing_elements; 432 $logmsg = ""; 433 434 // oke now process the actual import or export to/from icalvc.. 435 if ($_SERVER['REQUEST_METHOD'] == 'PUT') { 436 // *** PUT Request so do an Import ************* 437 438 if($isdebug) 439 error_log('icalsrv.php: importing, by user:' .$GLOBALS['egw_info']['user']['account_id'] 440 . ' for virtual calendar of: ' . $reqvircal_owner_id); 441 // check if importing in not owned calendars is disabled 442 if($reqvircal_owner_id 443 && ($GLOBALS['egw_info']['user']['account_id'] !== $reqvircal_owner_id)){ 444 if($disable_nonowner_import){ 445 error_log('icalsrv.php: importing in non owner calendars currently disabled'); 446 fail_exit('importing in non owner calendars currently disabled', '403'); 447 } 448 } 449 if(isset($reqvircal_owner_id) && ($reqvircal_owner_id < 0)){ 450 error_log('icalsrv.php: importing in group calendars not allowed'); 451 fail_exit('importing in groupcalendars is not allowed', '403'); 452 } 453 454 // I0 read the payload 455 $logmsg = 'IMPORTING in '. $importMode . ' mode'; 456 $fpput = fopen("php://input", "r"); 457 $vcalstr = ""; 458 while ($data = fread($fpput, 1024)){ 459 $vcalstr .= $data; 460 } 461 fclose($fpput); 462 463 // import the icaldata into the virtual calendar 464 // note: ProductType is auto derived from $vcalstr 465 $import_table =& $icalvc->import_vcal($vcalstr); 466 467 // count the successes.. 468 if ($import_table === false) { 469 $msg = 'icalsrv.php: importing '. $cnmsg . ' ERRORS'; 470 fail_exit($msg,'403'); 471 } else { 472 $logmsg .= "\n imported " . $cnmsg . ' : '; 473 foreach ($import_table as $rsc_class => $vids){ 474 $logmsg .= "\n resource: " . $rsc_class . ' : ' . count($vids) .' elements OK'; 475 } 476 477 } 478 // DONE importing 479 if($logdir) log_ical($logmsg,"import",$vcalstr); 480 481 // handle response ... 482 $GLOBALS['egw']->common->egw_exit(); 483 484 } else { 485 486 // *** GET (or POST?) Request so do an export 487 $logmsg = 'EXPORTING'; 488 // derive a ProductType from our http Agent and set it in icalvc 489 $icalvc->deviceType = egwical_resourcehandler::httpUserAgent2deviceType($reqagent); 490 491 // export the data from the virtual calendar 492 $vcalstr = $icalvc->export_vcal(); 493 494 // handle response 495 if ($vcalstr === false) { 496 $msg = 'icalsrv.php: exporting '. $cnmsg . ' ERRORS'; 497 fail_exit($msg,'403'); 498 } else { 499 $logmsg .= "\n exported " . $cnmsg ." : OK "; 500 } 501 // DONE exporting 502 503 if($logdir) log_ical($logmsg,"export",$vcalstr); 504 // handle response ... 505 $content_type = egwical_resourcehandler::deviceType2contentType($icalvc->deviceType); 506 if($content_type){ 507 header($content_type); 508 } 509 echo $vcalstr; 510 $GLOBALS['egw']->common->egw_exit(); 511 512 } 513 514 515 516 // // --- SOME UTILITY FUNCTIONS ------- 517 518 /** 519 * Exit with an error message in html 520 * @param $msg string 521 * message that gets return as html error description 522 */ 523 function fail_exit($msg, $errno = '403') 524 { 525 // log the error in the http server error logging files 526 error_log('resp: ' . $errno . ' ' . $msg); 527 // return http error $errno can this be done this way? 528 header('HTTP/1.1 '. $errno . ' ' . $msg); 529 # header('HTTP/1.1 403 ' . $msg); 530 $GLOBALS['egw']->common->egw_exit(); 531 } 532 533 534 535 536 /* 537 * Log info and data to logfiles if logging is set 538 * 539 * @param $msg string with loginfo 540 * @param $data data to be logged 541 * @param $icalmethod $string value can be import or export 542 * @global $logdir string/boolean log directory. Set to false to disab logging 543 */ 544 function log_ical($msg,$icalmethod="data",$data) 545 { 546 global $logdir; 547 if (!$logdir) return; // loggin seems off 548 549 // some info used for logging 550 $logstamp = date("U"); 551 $loguser = $_SERVER['PHP_AUTH_USER']; 552 $logdate = date("Ymd:His"); 553 // filename for log info, only used when logging is on 554 $fnloginfo = "$logdir/ical.log"; 555 556 // log info 557 $fnlogdata = $logdir . "/ical." . $icalmethod . '.' . $logstamp . ".ics"; 558 $fp = fopen("$fnloginfo",'a+'); 559 fwrite($fp,"\n\n$loguser on $logdate : $msg, \n data in $fnlogdata "); 560 fclose($fp); 561 // log data 562 $fp = fopen("$fnlogdata", "w"); 563 fputs($fp, $data); 564 fclose($fp); 565 } 566 567 568 569 570 ?>
titre
Description
Corps
titre
Description
Corps
titre
Description
Corps
titre
Corps
| Généré le : Sun Feb 25 17:20:01 2007 | par Balluche grâce à PHPXref 0.7 |