| [ Index ] |
|
Code source de WebCalendar 1.0.5 |
1 <?php 2 if ( empty ( $PHP_SELF ) && ! empty ( $_SERVER ) && 3 ! empty ( $_SERVER['PHP_SELF'] ) ) { 4 $PHP_SELF = $_SERVER['PHP_SELF']; 5 } 6 if ( ! empty ( $PHP_SELF ) && preg_match ( "/\/includes\//", $PHP_SELF ) ) { 7 die ( "You can't access this file directly!" ); 8 } 9 10 // This file contains all the functions for getting information 11 // about users. So, if you want to use an authentication scheme 12 // other than the webcal_user table, you can just create a new 13 // version of each function found below. 14 // 15 // Note: this application assumes that usernames (logins) are unique. 16 // 17 // Note #2: If you are using HTTP-based authentication, then you still 18 // need these functions and you will still need to add users to 19 // webcal_user. 20 21 // Set some global config variables about your system. 22 $user_can_update_password = true; 23 $admin_can_add_user = true; 24 $admin_can_delete_user = true; 25 26 27 // Check to see if a given login/password is valid. If invalid, 28 // the error message will be placed in $error. 29 // params: 30 // $login - user login 31 // $password - user password 32 // returns: true or false 33 function user_valid_login ( $login, $password ) { 34 global $error; 35 $ret = false; 36 37 $sql = "SELECT cal_login FROM webcal_user WHERE " . 38 "cal_login = '" . $login . "' AND cal_passwd = '" . md5($password) . "'"; 39 $res = dbi_query ( $sql ); 40 if ( $res ) { 41 $row = dbi_fetch_row ( $res ); 42 if ( $row && $row[0] != "" ) { 43 // MySQL seems to do case insensitive matching, so double-check 44 // the login. 45 if ( $row[0] == $login ) 46 $ret = true; // found login/password 47 else 48 $error = translate ("Invalid login") . ": " . 49 translate("incorrect password"); 50 } else { 51 $error = translate ("Invalid login"); 52 // Could be no such user or bad password 53 // Check if user exists, so we can tell. 54 $res2 = dbi_query ( "SELECT cal_login FROM webcal_user " . 55 "WHERE cal_login = '$login'" ); 56 if ( $res2 ) { 57 $row = dbi_fetch_row ( $res2 ); 58 if ( $row && ! empty ( $row[0] ) ) { 59 // got a valid username, but wrong password 60 $error = translate ("Invalid login") . ": " . 61 translate("incorrect password" ); 62 } else { 63 // No such user. 64 $error = translate ("Invalid login") . ": " . 65 translate("no such user" ); 66 } 67 dbi_free_result ( $res2 ); 68 } 69 } 70 dbi_free_result ( $res ); 71 } else { 72 $error = translate("Database error") . ": " . dbi_error(); 73 } 74 75 return $ret; 76 } 77 78 // Check to see if a given login/crypted password is valid. If invalid, 79 // the error message will be placed in $error. 80 // params: 81 // $login - user login 82 // $crypt_password - crypted user password 83 // returns: true or false 84 function user_valid_crypt ( $login, $crypt_password ) { 85 global $error; 86 $ret = false; 87 88 $salt = substr($crypt_password, 0, 2); 89 90 $sql = "SELECT cal_login, cal_passwd FROM webcal_user WHERE " . 91 "cal_login = '" . $login . "'"; 92 $res = dbi_query ( $sql ); 93 if ( $res ) { 94 $row = dbi_fetch_row ( $res ); 95 if ( $row && $row[0] != "" ) { 96 // MySQL seems to do case insensitive matching, so double-check 97 // the login. 98 // also check if password matches 99 if ( ($row[0] == $login) && (crypt($row[1], $salt) == $crypt_password) ) 100 $ret = true; // found login/password 101 else 102 //$error = translate ("Invalid login"); 103 $error = "Invalid login"; 104 } else { 105 //$error = translate ("Invalid login"); 106 $error = "Invalid login"; 107 } 108 dbi_free_result ( $res ); 109 } else { 110 //$error = translate("Database error") . ": " . dbi_error(); 111 $error = "Database error: " . dbi_error(); 112 } 113 114 return $ret; 115 } 116 117 // Load info about a user (first name, last name, admin) and set 118 // globally. 119 // params: 120 // $user - user login 121 // $prefix - variable prefix to use 122 function user_load_variables ( $login, $prefix ) { 123 global $PUBLIC_ACCESS_FULLNAME, $NONUSER_PREFIX; 124 125 if ($NONUSER_PREFIX && substr($login, 0, strlen($NONUSER_PREFIX) ) == $NONUSER_PREFIX) { 126 nonuser_load_variables ( $login, $prefix ); 127 return true; 128 } 129 130 if ( $login == "__public__" ) { 131 $GLOBALS[$prefix . "login"] = $login; 132 $GLOBALS[$prefix . "firstname"] = ""; 133 $GLOBALS[$prefix . "lastname"] = ""; 134 $GLOBALS[$prefix . "is_admin"] = "N"; 135 $GLOBALS[$prefix . "email"] = ""; 136 $GLOBALS[$prefix . "fullname"] = $PUBLIC_ACCESS_FULLNAME; 137 $GLOBALS[$prefix . "password"] = ""; 138 return true; 139 } 140 $sql = 141 "SELECT cal_firstname, cal_lastname, cal_is_admin, cal_email, cal_passwd " . 142 "FROM webcal_user WHERE cal_login = '" . $login . "'"; 143 $res = dbi_query ( $sql ); 144 if ( $res ) { 145 if ( $row = dbi_fetch_row ( $res ) ) { 146 $GLOBALS[$prefix . "login"] = $login; 147 $GLOBALS[$prefix . "firstname"] = $row[0]; 148 $GLOBALS[$prefix . "lastname"] = $row[1]; 149 $GLOBALS[$prefix . "is_admin"] = $row[2]; 150 $GLOBALS[$prefix . "email"] = empty ( $row[3] ) ? "" : $row[3]; 151 if ( strlen ( $row[0] ) && strlen ( $row[1] ) ) 152 $GLOBALS[$prefix . "fullname"] = "$row[0] $row[1]"; 153 else 154 $GLOBALS[$prefix . "fullname"] = $login; 155 $GLOBALS[$prefix . "password"] = $row[4]; 156 } 157 dbi_free_result ( $res ); 158 } else { 159 $error = translate ("Database error") . ": " . dbi_error (); 160 return false; 161 } 162 return true; 163 } 164 165 // Add a new user. 166 // params: 167 // $user - user login 168 // $password - user password 169 // $firstname - first name 170 // $lastname - last name 171 // $email - email address 172 // $admin - is admin? ("Y" or "N") 173 function user_add_user ( $user, $password, $firstname, $lastname, $email, 174 $admin ) { 175 global $error; 176 177 if ( $user == "__public__" ) { 178 $error = translate ("Invalid user login"); 179 return false; 180 } 181 182 if ( strlen ( $email ) ) 183 $uemail = "'" . $email . "'"; 184 else 185 $uemail = "NULL"; 186 if ( strlen ( $firstname ) ) 187 $ufirstname = "'" . $firstname . "'"; 188 else 189 $ufirstname = "NULL"; 190 if ( strlen ( $lastname ) ) 191 $ulastname = "'" . $lastname . "'"; 192 else 193 $ulastname = "NULL"; 194 if ( strlen ( $password ) ) 195 $upassword = "'" . md5($password) . "'"; 196 else 197 $upassword = "NULL"; 198 if ( $admin != "Y" ) 199 $admin = "N"; 200 $sql = "INSERT INTO webcal_user " . 201 "( cal_login, cal_lastname, cal_firstname, " . 202 "cal_is_admin, cal_passwd, cal_email ) " . 203 "VALUES ( '$user', $ulastname, $ufirstname, " . 204 "'$admin', $upassword, $uemail )"; 205 if ( ! dbi_query ( $sql ) ) { 206 $error = translate ("Database error") . ": " . dbi_error (); 207 return false; 208 } 209 return true; 210 } 211 212 // Update a user 213 // params: 214 // $user - user login 215 // $firstname - first name 216 // $lastname - last name 217 // $email - email address 218 // $admin - is admin? 219 function user_update_user ( $user, $firstname, $lastname, $email, $admin ) { 220 global $error; 221 222 if ( $user == "__public__" ) { 223 $error = translate ("Invalid user login"); 224 return false; 225 } 226 if ( strlen ( $email ) ) 227 $uemail = "'" . $email . "'"; 228 else 229 $uemail = "NULL"; 230 if ( strlen ( $firstname ) ) 231 $ufirstname = "'" . $firstname . "'"; 232 else 233 $ufirstname = "NULL"; 234 if ( strlen ( $lastname ) ) 235 $ulastname = "'" . $lastname . "'"; 236 else 237 $ulastname = "NULL"; 238 if ( $admin != "Y" ) 239 $admin = "N"; 240 241 $sql = "UPDATE webcal_user SET cal_lastname = $ulastname, " . 242 "cal_firstname = $ufirstname, cal_email = $uemail," . 243 "cal_is_admin = '$admin' WHERE cal_login = '$user'"; 244 if ( ! dbi_query ( $sql ) ) { 245 $error = translate ("Database error") . ": " . dbi_error (); 246 return false; 247 } 248 return true; 249 } 250 251 // Update user password 252 // params: 253 // $user - user login 254 // $password - last name 255 function user_update_user_password ( $user, $password ) { 256 global $error; 257 258 $sql = "UPDATE webcal_user SET cal_passwd = '".md5($password)."' " . 259 "WHERE cal_login = '$user'"; 260 if ( ! dbi_query ( $sql ) ) { 261 $error = translate ("Database error") . ": " . dbi_error (); 262 return false; 263 } 264 return true; 265 } 266 267 // Delete a user from the system. 268 // We assume that we've already checked to make sure this user doesn't 269 // have events still in the database. 270 // params: 271 // $user - user to delete 272 function user_delete_user ( $user ) { 273 // Get event ids for all events this user is a participant 274 $events = array (); 275 $res = dbi_query ( "SELECT webcal_entry.cal_id " . 276 "FROM webcal_entry, webcal_entry_user " . 277 "WHERE webcal_entry.cal_id = webcal_entry_user.cal_id " . 278 "AND webcal_entry_user.cal_login = '$user'" ); 279 if ( $res ) { 280 while ( $row = dbi_fetch_row ( $res ) ) { 281 $events[] = $row[0]; 282 } 283 } 284 285 // Now count number of participants in each event... 286 // If just 1, then save id to be deleted 287 $delete_em = array (); 288 for ( $i = 0; $i < count ( $events ); $i++ ) { 289 $res = dbi_query ( "SELECT COUNT(*) FROM webcal_entry_user " . 290 "WHERE cal_id = " . $events[$i] ); 291 if ( $res ) { 292 if ( $row = dbi_fetch_row ( $res ) ) { 293 if ( $row[0] == 1 ) 294 $delete_em[] = $events[$i]; 295 } 296 dbi_free_result ( $res ); 297 } 298 } 299 // Now delete events that were just for this user 300 for ( $i = 0; $i < count ( $delete_em ); $i++ ) { 301 dbi_query ( "DELETE FROM webcal_entry WHERE cal_id = " . $delete_em[$i] ); 302 } 303 304 // Delete user participation from events 305 dbi_query ( "DELETE FROM webcal_entry_user WHERE cal_login = '$user'" ); 306 307 // Delete preferences 308 dbi_query ( "DELETE FROM webcal_user_pref WHERE cal_login = '$user'" ); 309 310 // Delete from groups 311 dbi_query ( "DELETE FROM webcal_group_user WHERE cal_login = '$user'" ); 312 313 // Delete bosses & assistants 314 dbi_query ( "DELETE FROM webcal_asst WHERE cal_boss = '$user'" ); 315 dbi_query ( "DELETE FROM webcal_asst WHERE cal_assistant = '$user'" ); 316 317 // Delete user's views 318 $delete_em = array (); 319 $res = dbi_query ( "SELECT cal_view_id FROM webcal_view " . 320 "WHERE cal_owner = '$user'" ); 321 if ( $res ) { 322 while ( $row = dbi_fetch_row ( $res ) ) { 323 $delete_em[] = $row[0]; 324 } 325 dbi_free_result ( $res ); 326 } 327 for ( $i = 0; $i < count ( $delete_em ); $i++ ) { 328 dbi_query ( "DELETE FROM webcal_view_user WHERE cal_view_id = " . 329 $delete_em[$i] ); 330 } 331 dbi_query ( "DELETE FROM webcal_view WHERE cal_owner = '$user'" ); 332 333 // Delete layers 334 dbi_query ( "DELETE FROM webcal_user_layers WHERE cal_login = '$user'" ); 335 336 // Delete any layers other users may have that point to this user. 337 dbi_query ( "DELETE FROM webcal_user_layers WHERE cal_layeruser = '$user'" ); 338 339 // Delete user 340 dbi_query ( "DELETE FROM webcal_user WHERE cal_login = '$user'" ); 341 } 342 343 // Get a list of users and return info in an array. 344 function user_get_users () { 345 global $public_access, $PUBLIC_ACCESS_FULLNAME; 346 347 $count = 0; 348 $ret = array (); 349 if ( $public_access == "Y" ) 350 $ret[$count++] = array ( 351 "cal_login" => "__public__", 352 "cal_lastname" => "", 353 "cal_firstname" => "", 354 "cal_is_admin" => "N", 355 "cal_email" => "", 356 "cal_password" => "", 357 "cal_fullname" => $PUBLIC_ACCESS_FULLNAME ); 358 $res = dbi_query ( "SELECT cal_login, cal_lastname, cal_firstname, " . 359 "cal_is_admin, cal_email, cal_passwd FROM webcal_user " . 360 "ORDER BY cal_lastname, cal_firstname, cal_login" ); 361 if ( $res ) { 362 while ( $row = dbi_fetch_row ( $res ) ) { 363 if ( strlen ( $row[1] ) && strlen ( $row[2] ) ) 364 $fullname = "$row[2] $row[1]"; 365 else 366 $fullname = $row[0]; 367 $ret[$count++] = array ( 368 "cal_login" => $row[0], 369 "cal_lastname" => $row[1], 370 "cal_firstname" => $row[2], 371 "cal_is_admin" => $row[3], 372 "cal_email" => empty ( $row[4] ) ? "" : $row[4], 373 "cal_password" => $row[5], 374 "cal_fullname" => $fullname 375 ); 376 } 377 dbi_free_result ( $res ); 378 } 379 return $ret; 380 } 381 ?>
titre
Description
Corps
titre
Description
Corps
titre
Description
Corps
titre
Corps
| Généré le : Fri Nov 30 19:09:19 2007 | par Balluche grâce à PHPXref 0.7 |
|
|