3 if ( empty ( $PHP_SELF ) && ! empty ( $_SERVER ) &&
4 ! empty ( $_SERVER['PHP_SELF'] ) ) {
5 $PHP_SELF = $_SERVER['PHP_SELF'];
7 if ( ! empty ( $PHP_SELF ) && preg_match ( "/\/includes\//", $PHP_SELF ) ) {
8 die ( "You can't access this file directly!" );
11 // This file contains all the functions for getting information
12 // about users from PostNuke 0.7.2x.
14 // Reference to the application means the external application (postnuke)
16 // user-app-*.php auth files assume the following:
17 // - login ids are unique within the application
18 // - user administration is done through the application
20 // The following functions had to be configured to work with the application:
21 // - user_logged_in (returns login id if true)
22 // - get_admins (returns an array of admin login ids)
23 // - user_get_users (returns array of users)
24 // - user_load_variables (loads info about a user)
26 /************************* Config ***********************************/
28 //------ Postnuke Specific Settings ------//
29 // PostNuke session id cookie
30 $pn_sid = 'POSTNUKESID';
32 // Name of table containing users
33 $pn_user_table = 'nuke_users';
35 // Name of table containing sessions
36 $pn_session_table = 'nuke_session_info';
38 // Name of table containing group memberships
39 $pn_group_table = 'nuke_group_membership';
41 // Name of table containing settings
42 $pn_settings_table = 'nuke_module_vars';
44 // Set the group id of the postnuke group you want to be webcal admins.
45 // Default is set to the postnuke 'Admins' group
49 //------ General Application Settings ------//
50 // What is the full URL to the login page (including http:// or https://)
51 $app_login_page = 'http://www.mysite.com/postnuke/html/user.php?op=loginscreen&module=NS-User';
53 // Is there a parameter we can pass to tell the application to
54 // redirect the user back to the calendar after login?
55 $app_redir_param = 'url'; // postnuke uses 'url'
57 // What is the full URL to the logout page (including http:// or https://)
58 $app_logout_page = 'http://www.mysite.com/postnuke/html/user.php?module=NS-User&op=logout';
60 // Are the application's tables in the same database as webcalendar's?
61 $app_same_db = '0'; // 1 = yes, 0 = no
63 // Only need configure the rest if $app_same_db != 1
65 // Name of database containing the app's tables
68 // Host that the app's db is on
69 $app_host = 'localhost';
71 // Login/Password to access the app's database
72 $app_login = 'pnuser';
73 $app_pass = 'pnpassword';
75 /*************************** End Config *****************************/
78 // User administration should be done through the aplication's interface
79 $user_can_update_password = false;
80 $admin_can_add_user = false;
81 $admin_can_delete_user = false;
84 // Checks to see if the user is logged into the application
86 function user_logged_in() {
87 global $pn_sid, $_COOKIE;
89 // First check to see if the user even has a session cookie
90 if (empty($_COOKIE[$pn_sid])) return false;
92 // Check to see if the session is still valid
93 if (! $login = pn_active_session($_COOKIE[$pn_sid]) ) return false;
95 // Update the session last access time
96 pn_update_session($_COOKIE[$pn_sid]);
102 // Checks to see if the session has a user associated with it and
103 // if the session is timed out
105 function pn_active_session($sid) {
106 global $pn_user_table, $pn_session_table, $pn_settings_table;
107 global $app_host, $app_login, $app_pass, $app_db, $app_same_db;
108 global $c, $db_host, $db_login, $db_password, $db_database;
110 // if postnuke is in a separate db, we have to connect to it
111 if ($app_same_db != '1') $c = dbi_connect($app_host, $app_login, $app_pass, $app_db);
113 // get login and last access time
114 $sql = "SELECT pn_uname, pn_lastused FROM $pn_user_table, $pn_session_table WHERE pn_sessid = '$sid' ".
115 "AND $pn_session_table.pn_uid <> 0 AND $pn_session_table.pn_uid=$pn_user_table.pn_uid ";
116 $res = dbi_query ( $sql );
118 while ( $row = dbi_fetch_row ( $res ) ) {
122 dbi_free_result ( $res );
125 // Get inactive session time limit and see if we have passed it
126 $sql = "SELECT pn_value FROM $pn_settings_table WHERE pn_modname = '/PNConfig' AND pn_name = 'secinactivemins'";
127 $res = dbi_query ( $sql );
129 while ( $row = dbi_fetch_row ( $res ) ) {
130 $tmp = explode('"', $row[0]);
131 if (($tmp[1] > 0) && ($tmp[1] < ((time() - $last) / 60))) return false;
133 dbi_free_result ( $res );
136 // if postnuke is in a separate db, we have to connect back to the webcal db
137 if ($app_same_db != '1') $c = dbi_connect($db_host, $db_login, $db_password, $db_database);
143 // Updates the session table to set the last access time to now
144 function pn_update_session($sid) {
145 global $pn_session_table;
146 global $app_host, $app_login, $app_pass, $app_db, $app_same_db;
147 global $c, $db_host, $db_login, $db_password, $db_database;
149 // if postnuke is in a separate db, we have to connect to it
150 if ($app_same_db != '1') $c = dbi_connect($app_host, $app_login, $app_pass, $app_db);
152 // get login and last access time
153 $sql = "UPDATE $pn_session_table SET pn_lastused = '".time()."' WHERE pn_sessid = '$sid' ";
156 // if postnuke is in a separate db, we have to connect back to the webcal db
157 if ($app_same_db != '1') $c = dbi_connect($db_host, $db_login, $db_password, $db_database);
163 // Searches postnuke database for $pn_admin_gid and returns an array of the group members.
164 // Do this search only once per request.
165 // returns: array of admin ids
166 function get_admins() {
167 global $cached_admins, $pn_group_table, $pn_admin_gid;
168 global $app_host, $app_login, $app_pass, $app_db, $app_same_db;
169 global $c, $db_host, $db_login, $db_password, $db_database;
171 if ( ! empty ( $cached_admins ) ) return $cached_admins;
172 $cached_admins = array ();
174 // if postnuke is in a separate db, we have to connect to it
175 if ($app_same_db != '1') $c = dbi_connect($app_host, $app_login, $app_pass, $app_db);
177 $sql = "SELECT pn_uid FROM $pn_group_table WHERE pn_gid = $pn_admin_gid && pn_uid <> 2";
178 $res = dbi_query ( $sql );
180 while ( $row = dbi_fetch_row ( $res ) ) {
181 $cached_admins[] = $row[0];
185 // if postnuke is in a separate db, we have to connect back to the webcal db
186 if ($app_same_db != '1') $c = dbi_connect($db_host, $db_login, $db_password, $db_database);
188 return $cached_admins;
192 /// Get a list of users and return info in an array.
193 // returns: array of users
194 function user_get_users () {
195 global $public_access, $PUBLIC_ACCESS_FULLNAME, $pn_user_table;
196 global $app_host, $app_login, $app_pass, $app_db, $app_same_db;
197 global $c, $db_host, $db_login, $db_password, $db_database;
199 $Admins = get_admins();
202 if ( $public_access == "Y" )
203 $ret[$count++] = array (
204 "cal_login" => "__public__",
205 "cal_lastname" => "",
206 "cal_firstname" => "",
207 "cal_is_admin" => "N",
209 "cal_password" => "",
210 "cal_fullname" => $PUBLIC_ACCESS_FULLNAME );
212 // if postnuke is in a separate db, we have to connect to it
213 if ($app_same_db != '1') $c = dbi_connect($app_host, $app_login, $app_pass, $app_db);
215 $sql = "SELECT pn_uid, pn_name, pn_uname, pn_email FROM $pn_user_table WHERE pn_uid <> 1 && pn_uid <> 2 ORDER BY pn_name";
216 $res = dbi_query ( $sql );
218 while ( $row = dbi_fetch_row ( $res ) ) {
219 list($fname, $lname) = split (" ",$row[1]);
220 $ret[$count++] = array (
221 "cal_login" => $row[2],
222 "cal_lastname" => $lname,
223 "cal_firstname" => $fname,
224 "cal_is_admin" => user_is_admin($row[0],$Admins),
225 "cal_email" => $row[3],
226 "cal_fullname" => $row[1]
229 dbi_free_result ( $res );
231 // if postnuke is in a separate db, we have to connect back to the webcal db
232 if ($app_same_db != '1') $c = dbi_connect($db_host, $db_login, $db_password, $db_database);
238 // Load info about a user (first name, last name, admin) and set globally.
240 // $user - user login
241 // $prefix - variable prefix to use
242 function user_load_variables ( $login, $prefix ) {
243 global $PUBLIC_ACCESS_FULLNAME, $NONUSER_PREFIX;
244 global $app_host, $app_login, $app_pass, $app_db, $pn_user_table;
245 global $c, $db_host, $db_login, $db_password, $db_database, $app_same_db;
247 if ($NONUSER_PREFIX && substr($login, 0, strlen($NONUSER_PREFIX) ) == $NONUSER_PREFIX) {
248 nonuser_load_variables ( $login, $prefix );
252 if ( $login == "__public__" ) {
253 $GLOBALS[$prefix . "login"] = $login;
254 $GLOBALS[$prefix . "firstname"] = "";
255 $GLOBALS[$prefix . "lastname"] = "";
256 $GLOBALS[$prefix . "is_admin"] = "N";
257 $GLOBALS[$prefix . "email"] = "";
258 $GLOBALS[$prefix . "fullname"] = $PUBLIC_ACCESS_FULLNAME;
259 $GLOBALS[$prefix . "password"] = "";
263 // if postnuke is in a separate db, we have to connect to it
264 if ($app_same_db != '1') $c = dbi_connect($app_host, $app_login, $app_pass, $app_db);
266 $sql = "SELECT pn_uid, pn_name, pn_uname, pn_email FROM $pn_user_table WHERE pn_uname = '$login'";
268 $res = dbi_query ( $sql );
270 if ( $row = dbi_fetch_row ( $res ) ) {
271 list($fname, $lname) = split (" ",$row[1]);
272 $GLOBALS[$prefix . "login"] = $login;
273 $GLOBALS[$prefix . "firstname"] = $fname;
274 $GLOBALS[$prefix . "lastname"] = $lname;
275 $GLOBALS[$prefix . "is_admin"] = user_is_admin($row[0],get_admins());
276 $GLOBALS[$prefix . "email"] = $row[3];
277 $GLOBALS[$prefix . "fullname"] = $row[1];
279 dbi_free_result ( $res );
281 $error = "Database error: " . dbi_error ();
285 // if postnuke is in a separate db, we have to connect back to the webcal db
286 if ($app_same_db != '1') $c = dbi_connect($db_host, $db_login, $db_password, $db_database);
291 // Redirect the user to the application's login screen
292 function app_login_screen($return_path = 'index.php') {
293 global $app_login_page, $app_redir_param;
295 if ($return_path != '' && $app_redir_param != '') {
296 if (strstr($app_login_page, '?')) {
297 $app_login_page .= '&'.$app_redir_param.'='.$return_path;
299 $app_login_page .= '?'.$app_redir_param.'='.$return_path;
302 header("Location: $app_login_page");
307 // Test if a user is an admin, that is: if the user is a member of a special
308 // group in the postnuke database
310 // $values - the login name
311 // returns: Y if user is admin, N if not
312 function user_is_admin($uid,$Admins) {
315 } else if (in_array ($uid, $Admins)) {
322 // Functions we don't use with this file:
323 function user_update_user ( $user, $firstname, $lastname, $email, $admin ) {
325 $error = 'User admin not supported.'; return false;
327 function user_update_user_password ( $user, $password ) {
329 $error = 'User admin not supported.'; return false;
331 function user_delete_user ( $user ) {
333 $error = 'User admin not supported.'; return false;
335 function user_add_user ( $user, $password, $firstname, $lastname, $email, $admin ) {
337 $error = 'User admin not supported.'; return false;