2 if ( empty ( $PHP_SELF ) && ! empty ( $_SERVER ) &&
3 ! empty ( $_SERVER['PHP_SELF'] ) ) {
4 $PHP_SELF = $_SERVER['PHP_SELF'];
6 if ( ! empty ( $PHP_SELF ) && preg_match ( "/\/includes\//", $PHP_SELF ) ) {
7 die ( "You can't access this file directly!" );
10 // db settings are in config.php
12 // Establish a database connection.
13 // This may have happened in validate.php, depending on settings.
16 $c = dbi_connect ( $db_host, $db_login, $db_password, $db_database );
19 "Error connecting to database:<blockquote>" .
20 dbi_error () . "</blockquote>\n" );
22 // Do a sanity check on the database, making sure we can
23 // at least access the webcal_config table.
24 if ( function_exists ( "doDbSanityCheck" ) ) {
29 // If we are in single user mode, make sure that the login selected is
31 if ( $single_user == 'Y' ) {
32 if ( empty ( $single_user_login ) ) {
33 die_miserable_death ( "You have not defined <tt>single_user_login</tt> in " .
34 "<tt>includes/settings.php</tt>" );
36 $res = dbi_query ( "SELECT COUNT(*) FROM webcal_user " .
37 "WHERE cal_login = '$single_user_login'" );
39 echo "Database error: " . dbi_error (); exit;
41 $row = dbi_fetch_row ( $res );
43 // User specified as single_user_login does not exist
44 if ( ! dbi_query ( "INSERT INTO webcal_user ( cal_login, " .
45 "cal_passwd, cal_is_admin ) VALUES ( '$single_user_login', " .
46 "'" . md5($single_user_login) . "', 'Y' )" ) ) {
47 die_miserable_death ( "User <tt>$single_user_login</tt> does not " .
48 "exist in <tt>webcal_user</tt> table and was not able to add " .
49 "it for you:<br /><blockquote>" .
50 dbi_error () . "</blockquote>" );
52 // User was added... should we tell them?
54 dbi_free_result ( $res );
58 // global settings have not been loaded yet, so check for public_access now
59 $res = dbi_query ( "SELECT cal_value FROM webcal_config " .
60 "WHERE cal_setting = 'public_access'" );
61 $pub_acc_enabled = false;
63 if ( $row = dbi_fetch_row ( $res ) ) {
65 $pub_acc_enabled = true;
67 dbi_free_result ( $res );
69 if ( $pub_acc_enabled ) {
70 $res = dbi_query ( "SELECT cal_value FROM webcal_config " .
71 "WHERE cal_setting = 'public_access_can_add'" );
73 if ( $row = dbi_fetch_row ( $res ) ) {
74 $public_access_can_add = $row[0];
76 dbi_free_result ( $res );
80 // Debugging stuff :-)
81 //echo "pub_acc_enabled = " . ( $pub_acc_enabled ? "true" : "false" ) . " <br />";
82 //echo "session_not_found = " . ( $session_not_found ? "true" : "false" ) . " <br />";
83 //echo "use_http_auth = " . ( $use_http_auth ? "true" : "false" ) . " <br />";
84 //echo "PHP_AUTH_USER = $PHP_AUTH_USER <br />";
85 //echo "login = $login <br />";
88 if ( empty ( $PHP_SELF ) )
89 $PHP_SELF = $_SERVER["PHP_SELF"];
91 if ( empty ( $login_url ) )
92 $login_url = "login.php";
93 if ( strstr ( $login_url, "?" ) )
94 $login_url .= "&";
97 if ( ! empty ( $login_return_path ) )
98 $login_url .= "return_path=$login_return_path";
101 if ( empty ( $session_not_found ) )
102 $session_not_found = false;
104 if ( $pub_acc_enabled && ! empty ( $session_not_found ) ) {
105 $login = "__public__";
109 $fullname = "Public Access"; // Will be translated after translation is loaded
111 } else if ( ! $pub_acc_enabled && $session_not_found && ! $use_http_auth ) {
112 do_redirect ( $login_url );
116 if ( empty ( $login ) && $use_http_auth ) {
117 if ( strstr ( $PHP_SELF, "login.php" ) ) {
118 // ignore since login.php will redirect to index.php
122 } else if ( ! empty ( $login ) ) {
123 // they are already logged in ($login is set in validate.php)
124 if ( strstr ( $PHP_SELF, "login.php" ) ) {
125 // ignore since login.php will redirect to index.php
126 } else if ( $login == "__public__" ) {
130 $fullname = "Public Access";
133 user_load_variables ( $login, "login_" );
134 if ( ! empty ( $login_login ) ) {
135 $is_admin = ( $login_is_admin == "Y" ? true : false );
136 $lastname = $login_lastname;
137 $firstname = $login_firstname;
138 $fullname = $login_fullname;
139 $user_email = $login_email;
142 if ( $use_http_auth ) {
145 // This shouldn't happen since login should be validated in validate.php
146 // If it does happen, it means we received an invalid login cookie.
147 //echo "Error getting user info for login \"$login\".";
148 do_redirect ( $login_url . "&error=Invalid+session+found." );
153 //else if ( ! $single_user ) {
154 // echo "Error(3)! no login info found: " . dbi_error () . "<br /><span style=\"font-weight:bold;\">SQL:</span> $sql";
158 // If they are accessing using the public login, restrict them from using
161 if ( ! empty ( $login ) && $login == "__public__" ) {
162 if ( strstr ( $PHP_SELF, "views.php" ) ||
163 strstr ( $PHP_SELF, "views_edit_handler.php" ) ||
164 strstr ( $PHP_SELF, "category.php" ) ||
165 strstr ( $PHP_SELF, "category_handler.php" ) ||
166 strstr ( $PHP_SELF, "activity_log.php" ) ||
167 strstr ( $PHP_SELF, "admin.php" ) ||
168 strstr ( $PHP_SELF, "adminhome.php" ) ||
169 strstr ( $PHP_SELF, "admin_handler.php" ) ||
170 strstr ( $PHP_SELF, "groups.php" ) ||
171 strstr ( $PHP_SELF, "group_edit_handler.php" ) ||
172 strstr ( $PHP_SELF, "pref.php" ) ||
173 strstr ( $PHP_SELF, "pref_handler.php" ) ||
174 strstr ( $PHP_SELF, "edit_user.php" ) ||
175 strstr ( $PHP_SELF, "edit_user_handler.php" ) ||
176 strstr ( $PHP_SELF, "approve_entry.php" ) ||
177 strstr ( $PHP_SELF, "reject_entry.php" ) ||
178 strstr ( $PHP_SELF, "del_entry.php" ) ||
179 strstr ( $PHP_SELF, "set_entry_cat.php" ) ||
180 strstr ( $PHP_SELF, "list_unapproved.php" ) ||
181 strstr ( $PHP_SELF, "layers.php" ) ||
182 strstr ( $PHP_SELF, "layer_toggle.php" ) ||
183 strstr ( $PHP_SELF, "import.php" ) ||
184 strstr ( $PHP_SELF, "import_handler.php" ) ||
185 strstr ( $PHP_SELF, "edit_template.php" ) ) {
188 if ( $public_access_can_add != 'Y' ) { // do not allow add
189 if ( strstr ( $PHP_SELF, "edit_entry.php" ) ||
190 strstr ( $PHP_SELF, "edit_entry_handler.php" ) ) {
196 if ( empty ( $is_admin ) || ! $is_admin ) {
197 if ( strstr ( $PHP_SELF, "admin.php" ) ||
198 strstr ( $PHP_SELF, "admin_handler.php" ) ||
199 strstr ( $PHP_SELF, "groups.php" ) ||
200 strstr ( $PHP_SELF, "group_edit.php" ) ||
201 strstr ( $PHP_SELF, "group_edit_handler.php" ) ||
202 strstr ( $PHP_SELF, "edit_template.php" ) ||
203 strstr ( $PHP_SELF, "activity_log.php" ) ) {
208 // restrict access if calendar is read-only
209 if ( $readonly == "Y" ) {
210 if ( strstr ( $PHP_SELF, "activity_log.php" ) ||
211 strstr ( $PHP_SELF, "adminhome.php" ) ||
212 strstr ( $PHP_SELF, "admin.php" ) ||
213 strstr ( $PHP_SELF, "approve_entry.php" ) ||
214 strstr ( $PHP_SELF, "category_handler.php" ) ||
215 strstr ( $PHP_SELF, "category.php" ) ||
216 strstr ( $PHP_SELF, "del_entry.php" ) ||
217 strstr ( $PHP_SELF, "edit_report_handler.php" ) ||
218 strstr ( $PHP_SELF, "edit_report.php" ) ||
219 strstr ( $PHP_SELF, "edit_template.php" ) ||
220 strstr ( $PHP_SELF, "edit_user_handler.php" ) ||
221 strstr ( $PHP_SELF, "edit_user.php" ) ||
222 strstr ( $PHP_SELF, "group_edit_handler.php" ) ||
223 strstr ( $PHP_SELF, "groups.php" ) ||
224 strstr ( $PHP_SELF, "import_handler.php" ) ||
225 strstr ( $PHP_SELF, "import_handler.php" ) ||
226 strstr ( $PHP_SELF, "import.php" ) ||
227 strstr ( $PHP_SELF, "layers.php" ) ||
228 strstr ( $PHP_SELF, "layer_toggle.php" ) ||
229 strstr ( $PHP_SELF, "list_unapproved.php" ) ||
230 strstr ( $PHP_SELF, "pref_handler.php" ) ||
231 strstr ( $PHP_SELF, "pref.php" ) ||
232 strstr ( $PHP_SELF, "pref_handler.php" ) ||
233 strstr ( $PHP_SELF, "purge.php" ) ||
234 strstr ( $PHP_SELF, "reject_entry.php" ) ||
235 strstr ( $PHP_SELF, "set_entry_cat.php" ) ||
236 strstr ( $PHP_SELF, "users.php" ) ||
237 strstr ( $PHP_SELF, "views_edit_handler.php" ) ||
238 strstr ( $PHP_SELF, "views.php" ) ) {
243 // We can't call translate() here because translate.php gets loaded
244 // after this include file :-(
245 // So, instead of an error message that may be in the wrong language,
246 // just redirect to some other page.
249 echo "<html>\n<head>\n<title>" . translate($application_name) . " " .
250 translate("Error") . "</title>\n</head>\n<body>\n";
251 echo "<h2>" . translate ( "Error" ) . "</h2>\n" .
252 translate ( "You are not authorized" );
254 do_redirect ( "week.php" );