| [ Index ] |
|
Code source de WebCalendar 1.0.5 |
1 <?php 2 if ( empty ( $PHP_SELF ) && ! empty ( $_SERVER ) && 3 ! empty ( $_SERVER['PHP_SELF'] ) ) { 4 $PHP_SELF = $_SERVER['PHP_SELF']; 5 } 6 if ( ! empty ( $PHP_SELF ) && preg_match ( "/\/includes\//", $PHP_SELF ) ) { 7 die ( "You can't access this file directly!" ); 8 } 9 10 // This file contains all the functions for getting information 11 // about users via NIS. So, if you want to use an authentication scheme 12 // other than the webcal_user table, you can just create a new 13 // version of each function found below. 14 // 15 // Note: this application assumes that usernames (logins) are unique. 16 // 17 // Note #2: If you are using HTTP-based authentication, then you still 18 // need these functions and you will still need to add users to 19 // webcal_user. 20 21 // Set some global config variables about your system. 22 // For NIS (which is maintained external to WebCalendar), don't let them 23 // add/delete users or change passwords. 24 $user_can_update_password = false; 25 $admin_can_add_user = false; 26 $admin_can_delete_user = false; 27 28 // $user_external_group = 100; 29 $user_external_email = "domain.com"; 30 31 // Check to see if a given login/password is valid. If invalid, 32 // the error message will be placed in $error (a global variable). 33 // params: 34 // $login - user login 35 // $password - user password 36 // returns: true or false 37 function user_valid_login ( $login, $password ) { 38 global $error,$user_external_group,$user_external_email; 39 $ret = false; 40 41 $data = @yp_match (yp_get_default_domain(), "passwd.byname", $login); 42 if ( strlen ( $data ) ) { 43 $data = explode ( ":", $data ); 44 if ( $user_external_group && $user_external_group != $data[3] ) { 45 $error = translate ("Invalid login"); 46 return $ret; 47 } 48 if ( $data[1] == crypt ( $password, substr ( $data[1], 0, 2 ) ) ) { 49 if ( count ( $data ) >= 4 ) { 50 $ret = true; 51 // Check for user in webcal_user. 52 // If in NIS and not in DB, then insert... 53 $sql = "SELECT cal_login FROM webcal_user WHERE cal_login = '" . 54 $login . "'"; 55 $res = dbi_query ( $sql ); 56 if ( ! $res || ! dbi_fetch_row ( $res ) ) { 57 // insert user 58 $uname = explode ( " ", $data[4] ); 59 $ufirstname = $uname[0]; 60 $ulastname = $uname[count ( $uname ) - 1]; 61 $sql = "INSERT INTO webcal_user " . 62 "( cal_login, cal_lastname, cal_firstname, " . 63 "cal_is_admin, cal_email ) " . 64 "VALUES ( '$login', '$ulastname', '$ufirstname', " . 65 "'N', '$login" . "@" . "$user_external_email')"; 66 if ( ! dbi_query ( $sql ) ) { 67 $error = translate("Database error") . ": " . dbi_error(); 68 $ret = false; 69 } 70 } 71 } else { 72 $error = translate ("Invalid login") . ": " . 73 translate("incorrect password" ); 74 $ret = false; 75 } 76 } 77 } else { 78 // no such user 79 $error = translate ("Invalid login") . ": " . translate("no such user"); 80 $ret = false; 81 } 82 return $ret; 83 } 84 85 // Check to see if a given login/crypted password is valid. If invalid, 86 // the error message will be placed in $error. 87 // params: 88 // $login - user login 89 // $crypt_password - crypted user password 90 // returns: true or false 91 function user_valid_crypt ( $login, $crypt_password ) { 92 return true; 93 // NOT YET IMPLEMENTED FOR NIS. 94 } 95 96 97 // Load info about a user (first name, last name, admin) and set 98 // globally. 99 // params: 100 // $user - user login 101 // $prefix - variable prefix to use 102 function user_load_variables ( $login, $prefix ) { 103 global $PUBLIC_ACCESS_FULLNAME, $NONUSER_PREFIX; 104 105 if ($NONUSER_PREFIX && substr($login, 0, strlen($NONUSER_PREFIX) ) == $NONUSER_PREFIX) { 106 nonuser_load_variables ( $login, $prefix ); 107 return true; 108 } 109 110 if ( $login == "__public__" ) { 111 $GLOBALS[$prefix . "login"] = $login; 112 $GLOBALS[$prefix . "firstname"] = ""; 113 $GLOBALS[$prefix . "lastname"] = ""; 114 $GLOBALS[$prefix . "is_admin"] = "N"; 115 $GLOBALS[$prefix . "email"] = ""; 116 $GLOBALS[$prefix . "fullname"] = $PUBLIC_ACCESS_FULLNAME; 117 $GLOBALS[$prefix . "password"] = ""; 118 return true; 119 } 120 $sql = 121 "SELECT cal_firstname, cal_lastname, cal_is_admin, cal_email, cal_passwd " . 122 "FROM webcal_user WHERE cal_login = '" . $login . "'"; 123 $res = dbi_query ( $sql ); 124 if ( $res ) { 125 if ( $row = dbi_fetch_row ( $res ) ) { 126 $GLOBALS[$prefix . "login"] = $login; 127 $GLOBALS[$prefix . "firstname"] = $row[0]; 128 $GLOBALS[$prefix . "lastname"] = $row[1]; 129 $GLOBALS[$prefix . "is_admin"] = $row[2]; 130 $GLOBALS[$prefix . "email"] = empty ( $row[3] ) ? "" : $row[3]; 131 if ( strlen ( $row[0] ) && strlen ( $row[1] ) ) 132 $GLOBALS[$prefix . "fullname"] = "$row[0] $row[1]"; 133 elseif ( strlen ( $row[1] ) && ! strlen ( $row[0] ) ) 134 $GLOBALS[$prefix . "fullname"] = "$row[1]"; 135 else 136 $GLOBALS[$prefix . "fullname"] = $login; 137 $GLOBALS[$prefix . "password"] = $row[4]; 138 } 139 dbi_free_result ( $res ); 140 } else { 141 $error = translate ("Database error") . ": " . dbi_error (); 142 return false; 143 } 144 return true; 145 } 146 147 // Add a new user. 148 // params: 149 // $user - user login 150 // $password - user password 151 // $firstname - first name 152 // $lastname - last name 153 // $email - email address 154 // $admin - is admin? ("Y" or "N") 155 function user_add_user ( $user, $password, $firstname, $lastname, $email, 156 $admin ) { 157 global $error; 158 159 if ( $user == "__public__" ) { 160 $error = translate ("Invalid user login"); 161 return false; 162 } 163 164 if ( strlen ( $email ) ) 165 $uemail = "'" . $email . "'"; 166 else 167 $uemail = "NULL"; 168 if ( strlen ( $firstname ) ) 169 $ufirstname = "'" . $firstname . "'"; 170 else 171 $ufirstname = "NULL"; 172 if ( strlen ( $lastname ) ) 173 $ulastname = "'" . $lastname . "'"; 174 else 175 $ulastname = "NULL"; 176 if ( strlen ( $password ) ) 177 $upassword = "'" . $password . "'"; 178 else 179 $upassword = "NULL"; 180 if ( $admin != "Y" ) 181 $admin = "N"; 182 $sql = "INSERT INTO webcal_user " . 183 "( cal_login, cal_lastname, cal_firstname, " . 184 "cal_is_admin, cal_passwd, cal_email ) " . 185 "VALUES ( '$user', $ulastname, $ufirstname, " . 186 "'$admin', $upassword, $uemail )"; 187 if ( ! dbi_query ( $sql ) ) { 188 $error = translate ("Database error") . ": " . dbi_error (); 189 return false; 190 } 191 return true; 192 } 193 194 // Update a user 195 // params: 196 // $user - user login 197 // $firstname - first name 198 // $lastname - last name 199 // $email - email address 200 // $admin - is admin? 201 function user_update_user ( $user, $firstname, $lastname, $email, $admin ) { 202 global $error; 203 204 if ( $user == "__public__" ) { 205 $error = translate ("Invalid user login"); 206 return false; 207 } 208 if ( strlen ( $email ) ) 209 $uemail = "'" . $email . "'"; 210 else 211 $uemail = "NULL"; 212 if ( strlen ( $firstname ) ) 213 $ufirstname = "'" . $firstname . "'"; 214 else 215 $ufirstname = "NULL"; 216 if ( strlen ( $lastname ) ) 217 $ulastname = "'" . $lastname . "'"; 218 else 219 $ulastname = "NULL"; 220 if ( $admin != "Y" ) 221 $admin = "N"; 222 223 $sql = "UPDATE webcal_user SET cal_lastname = $ulastname, " . 224 "cal_firstname = $ufirstname, cal_email = $uemail," . 225 "cal_is_admin = '$admin' WHERE cal_login = '$user'"; 226 if ( ! dbi_query ( $sql ) ) { 227 $error = translate ("Database error") . ": " . dbi_error (); 228 return false; 229 } 230 return true; 231 } 232 233 // Update user password 234 // params: 235 // $user - user login 236 // $password - last name 237 function user_update_user_password ( $user, $password ) { 238 global $error; 239 240 $sql = "UPDATE webcal_user SET cal_passwd = '$password' " . 241 "WHERE cal_login = '$user'"; 242 if ( ! dbi_query ( $sql ) ) { 243 $error = translate ("Database error") . ": " . dbi_error (); 244 return false; 245 } 246 return true; 247 } 248 249 // Delete a user from the system. 250 // We assume that we've already checked to make sure this user doesn't 251 // have events still in the database. 252 // params: 253 // $user - user to delete 254 function user_delete_user ( $user ) { 255 256 // Get event ids for all events this user is a participant 257 $events = array (); 258 $res = dbi_query ( "SELECT webcal_entry.cal_id " . 259 "FROM webcal_entry, webcal_entry_user " . 260 "WHERE webcal_entry.cal_id = webcal_entry_user.cal_id " . 261 "AND webcal_entry_user.cal_login = '$user'" ); 262 if ( $res ) { 263 while ( $row = dbi_fetch_row ( $res ) ) { 264 $events[] = $row[0]; 265 } 266 } 267 268 // Now count number of participants in each event... 269 // If just 1, then save id to be deleted 270 $delete_em = array (); 271 for ( $i = 0; $i < count ( $events ); $i++ ) { 272 $res = dbi_query ( "SELECT COUNT(*) FROM webcal_entry_user " . 273 "WHERE cal_id = " . $events[$i] ); 274 if ( $res ) { 275 if ( $row = dbi_fetch_row ( $res ) ) { 276 if ( $row[0] == 1 ) 277 $delete_em[] = $events[$i]; 278 } 279 dbi_free_result ( $res ); 280 } 281 } 282 // Now delete events that were just for this user 283 for ( $i = 0; $i < count ( $delete_em ); $i++ ) { 284 dbi_query ( "DELETE FROM webcal_entry WHERE cal_id = " . $delete_em[$i] ); 285 } 286 287 // Delete user participation from events 288 dbi_query ( "DELETE FROM webcal_entry_user WHERE cal_login = '$user'" ); 289 290 // Delete preferences 291 dbi_query ( "DELETE FROM webcal_user_pref WHERE cal_login = '$user'" ); 292 293 // Delete from groups 294 dbi_query ( "DELETE FROM webcal_group_user WHERE cal_login = '$user'" ); 295 296 // Delete bosses & assistants 297 dbi_query ( "DELETE FROM webcal_asst WHERE cal_boss = '$user'" ); 298 dbi_query ( "DELETE FROM webcal_asst WHERE cal_assistant = '$user'" ); 299 300 // Delete user's views 301 $delete_em = array (); 302 $res = dbi_query ( "SELECT cal_view_id FROM webcal_view " . 303 "WHERE cal_owner = '$user'" ); 304 if ( $res ) { 305 while ( $row = dbi_fetch_row ( $res ) ) { 306 $delete_em[] = $row[0]; 307 } 308 dbi_free_result ( $res ); 309 } 310 for ( $i = 0; $i < count ( $delete_em ); $i++ ) { 311 dbi_query ( "DELETE FROM webcal_view_user WHERE cal_view_id = " . 312 $delete_em[$i] ); 313 } 314 dbi_query ( "DELETE FROM webcal_view WHERE cal_owner = '$user'" ); 315 316 // Delete layers 317 dbi_query ( "DELETE FROM webcal_user_layers WHERE cal_login = '$user'" ); 318 319 // Delete any layers other users may have that point to this user. 320 dbi_query ( "DELETE FROM webcal_user_layers WHERE cal_layeruser = '$user'" ); 321 322 // Delete user 323 dbi_query ( "DELETE FROM webcal_user WHERE cal_login = '$user'" ); 324 } 325 326 // Get a list of users and return info in an array. 327 function user_get_users () { 328 global $public_access, $PUBLIC_ACCESS_FULLNAME; 329 330 $count = 0; 331 $ret = array (); 332 if ( $public_access == "Y" ) 333 $ret[$count++] = array ( 334 "cal_login" => "__public__", 335 "cal_lastname" => "", 336 "cal_firstname" => "", 337 "cal_is_admin" => "N", 338 "cal_email" => "", 339 "cal_password" => "", 340 "cal_fullname" => $PUBLIC_ACCESS_FULLNAME ); 341 $res = dbi_query ( "SELECT cal_login, cal_lastname, cal_firstname, " . 342 "cal_is_admin, cal_email, cal_passwd FROM webcal_user " . 343 "ORDER BY cal_lastname, cal_firstname, cal_login" ); 344 if ( $res ) { 345 while ( $row = dbi_fetch_row ( $res ) ) { 346 if ( strlen ( $row[1] ) && strlen ( $row[2] ) ) 347 $fullname = "$row[2] $row[1]"; 348 elseif ( strlen ( $row[1] ) && ! strlen ( $row[2] ) ) 349 $fullname = "$row[1]"; 350 else 351 $fullname = $row[0]; 352 $ret[$count++] = array ( 353 "cal_login" => $row[0], 354 "cal_lastname" => $row[1], 355 "cal_firstname" => $row[2], 356 "cal_is_admin" => $row[3], 357 "cal_email" => empty ( $row[4] ) ? "" : $row[4], 358 "cal_password" => $row[5], 359 "cal_fullname" => $fullname 360 ); 361 } 362 dbi_free_result ( $res ); 363 } 364 return $ret; 365 } 366 ?>
titre
Description
Corps
titre
Description
Corps
titre
Description
Corps
titre
Corps
| Généré le : Fri Nov 30 19:09:19 2007 | par Balluche grâce à PHPXref 0.7 |
|
|