2 if ( empty ( $PHP_SELF ) && ! empty ( $_SERVER ) &&
3 ! empty ( $_SERVER['PHP_SELF'] ) ) {
4 $PHP_SELF = $_SERVER['PHP_SELF'];
6 if ( ! empty ( $PHP_SELF ) && preg_match ( "/\/includes\//", $PHP_SELF ) ) {
7 die ( "You can't access this file directly!" );
10 // This file contains all the functions for getting information
11 // about users via NIS. So, if you want to use an authentication scheme
12 // other than the webcal_user table, you can just create a new
13 // version of each function found below.
15 // Note: this application assumes that usernames (logins) are unique.
17 // Note #2: If you are using HTTP-based authentication, then you still
18 // need these functions and you will still need to add users to
21 // Set some global config variables about your system.
22 // For NIS (which is maintained external to WebCalendar), don't let them
23 // add/delete users or change passwords.
24 $user_can_update_password = false;
25 $admin_can_add_user = false;
26 $admin_can_delete_user = false;
28 // $user_external_group = 100;
29 $user_external_email = "domain.com";
31 // Check to see if a given login/password is valid. If invalid,
32 // the error message will be placed in $error (a global variable).
34 // $login - user login
35 // $password - user password
36 // returns: true or false
37 function user_valid_login ( $login, $password ) {
38 global $error,$user_external_group,$user_external_email;
41 $data = @yp_match (yp_get_default_domain(), "passwd.byname", $login);
42 if ( strlen ( $data ) ) {
43 $data = explode ( ":", $data );
44 if ( $user_external_group && $user_external_group != $data[3] ) {
45 $error = translate ("Invalid login");
48 if ( $data[1] == crypt ( $password, substr ( $data[1], 0, 2 ) ) ) {
49 if ( count ( $data ) >= 4 ) {
51 // Check for user in webcal_user.
52 // If in NIS and not in DB, then insert...
53 $sql = "SELECT cal_login FROM webcal_user WHERE cal_login = '" .
55 $res = dbi_query ( $sql );
56 if ( ! $res || ! dbi_fetch_row ( $res ) ) {
58 $uname = explode ( " ", $data[4] );
59 $ufirstname = $uname[0];
60 $ulastname = $uname[count ( $uname ) - 1];
61 $sql = "INSERT INTO webcal_user " .
62 "( cal_login, cal_lastname, cal_firstname, " .
63 "cal_is_admin, cal_email ) " .
64 "VALUES ( '$login', '$ulastname', '$ufirstname', " .
65 "'N', '$login" . "@" . "$user_external_email')";
66 if ( ! dbi_query ( $sql ) ) {
67 $error = translate("Database error") . ": " . dbi_error();
72 $error = translate ("Invalid login") . ": " .
73 translate("incorrect password" );
79 $error = translate ("Invalid login") . ": " . translate("no such user");
85 // Check to see if a given login/crypted password is valid. If invalid,
86 // the error message will be placed in $error.
88 // $login - user login
89 // $crypt_password - crypted user password
90 // returns: true or false
91 function user_valid_crypt ( $login, $crypt_password ) {
93 // NOT YET IMPLEMENTED FOR NIS.
97 // Load info about a user (first name, last name, admin) and set
100 // $user - user login
101 // $prefix - variable prefix to use
102 function user_load_variables ( $login, $prefix ) {
103 global $PUBLIC_ACCESS_FULLNAME, $NONUSER_PREFIX;
105 if ($NONUSER_PREFIX && substr($login, 0, strlen($NONUSER_PREFIX) ) == $NONUSER_PREFIX) {
106 nonuser_load_variables ( $login, $prefix );
110 if ( $login == "__public__" ) {
111 $GLOBALS[$prefix . "login"] = $login;
112 $GLOBALS[$prefix . "firstname"] = "";
113 $GLOBALS[$prefix . "lastname"] = "";
114 $GLOBALS[$prefix . "is_admin"] = "N";
115 $GLOBALS[$prefix . "email"] = "";
116 $GLOBALS[$prefix . "fullname"] = $PUBLIC_ACCESS_FULLNAME;
117 $GLOBALS[$prefix . "password"] = "";
121 "SELECT cal_firstname, cal_lastname, cal_is_admin, cal_email, cal_passwd " .
122 "FROM webcal_user WHERE cal_login = '" . $login . "'";
123 $res = dbi_query ( $sql );
125 if ( $row = dbi_fetch_row ( $res ) ) {
126 $GLOBALS[$prefix . "login"] = $login;
127 $GLOBALS[$prefix . "firstname"] = $row[0];
128 $GLOBALS[$prefix . "lastname"] = $row[1];
129 $GLOBALS[$prefix . "is_admin"] = $row[2];
130 $GLOBALS[$prefix . "email"] = empty ( $row[3] ) ? "" : $row[3];
131 if ( strlen ( $row[0] ) && strlen ( $row[1] ) )
132 $GLOBALS[$prefix . "fullname"] = "$row[0] $row[1]";
133 elseif ( strlen ( $row[1] ) && ! strlen ( $row[0] ) )
134 $GLOBALS[$prefix . "fullname"] = "$row[1]";
136 $GLOBALS[$prefix . "fullname"] = $login;
137 $GLOBALS[$prefix . "password"] = $row[4];
139 dbi_free_result ( $res );
141 $error = translate ("Database error") . ": " . dbi_error ();
149 // $user - user login
150 // $password - user password
151 // $firstname - first name
152 // $lastname - last name
153 // $email - email address
154 // $admin - is admin? ("Y" or "N")
155 function user_add_user ( $user, $password, $firstname, $lastname, $email,
159 if ( $user == "__public__" ) {
160 $error = translate ("Invalid user login");
164 if ( strlen ( $email ) )
165 $uemail = "'" . $email . "'";
168 if ( strlen ( $firstname ) )
169 $ufirstname = "'" . $firstname . "'";
171 $ufirstname = "NULL";
172 if ( strlen ( $lastname ) )
173 $ulastname = "'" . $lastname . "'";
176 if ( strlen ( $password ) )
177 $upassword = "'" . $password . "'";
182 $sql = "INSERT INTO webcal_user " .
183 "( cal_login, cal_lastname, cal_firstname, " .
184 "cal_is_admin, cal_passwd, cal_email ) " .
185 "VALUES ( '$user', $ulastname, $ufirstname, " .
186 "'$admin', $upassword, $uemail )";
187 if ( ! dbi_query ( $sql ) ) {
188 $error = translate ("Database error") . ": " . dbi_error ();
196 // $user - user login
197 // $firstname - first name
198 // $lastname - last name
199 // $email - email address
200 // $admin - is admin?
201 function user_update_user ( $user, $firstname, $lastname, $email, $admin ) {
204 if ( $user == "__public__" ) {
205 $error = translate ("Invalid user login");
208 if ( strlen ( $email ) )
209 $uemail = "'" . $email . "'";
212 if ( strlen ( $firstname ) )
213 $ufirstname = "'" . $firstname . "'";
215 $ufirstname = "NULL";
216 if ( strlen ( $lastname ) )
217 $ulastname = "'" . $lastname . "'";
223 $sql = "UPDATE webcal_user SET cal_lastname = $ulastname, " .
224 "cal_firstname = $ufirstname, cal_email = $uemail," .
225 "cal_is_admin = '$admin' WHERE cal_login = '$user'";
226 if ( ! dbi_query ( $sql ) ) {
227 $error = translate ("Database error") . ": " . dbi_error ();
233 // Update user password
235 // $user - user login
236 // $password - last name
237 function user_update_user_password ( $user, $password ) {
240 $sql = "UPDATE webcal_user SET cal_passwd = '$password' " .
241 "WHERE cal_login = '$user'";
242 if ( ! dbi_query ( $sql ) ) {
243 $error = translate ("Database error") . ": " . dbi_error ();
249 // Delete a user from the system.
250 // We assume that we've already checked to make sure this user doesn't
251 // have events still in the database.
253 // $user - user to delete
254 function user_delete_user ( $user ) {
256 // Get event ids for all events this user is a participant
258 $res = dbi_query ( "SELECT webcal_entry.cal_id " .
259 "FROM webcal_entry, webcal_entry_user " .
260 "WHERE webcal_entry.cal_id = webcal_entry_user.cal_id " .
261 "AND webcal_entry_user.cal_login = '$user'" );
263 while ( $row = dbi_fetch_row ( $res ) ) {
268 // Now count number of participants in each event...
269 // If just 1, then save id to be deleted
270 $delete_em = array ();
271 for ( $i = 0; $i < count ( $events ); $i++ ) {
272 $res = dbi_query ( "SELECT COUNT(*) FROM webcal_entry_user " .
273 "WHERE cal_id = " . $events[$i] );
275 if ( $row = dbi_fetch_row ( $res ) ) {
277 $delete_em[] = $events[$i];
279 dbi_free_result ( $res );
282 // Now delete events that were just for this user
283 for ( $i = 0; $i < count ( $delete_em ); $i++ ) {
284 dbi_query ( "DELETE FROM webcal_entry WHERE cal_id = " . $delete_em[$i] );
287 // Delete user participation from events
288 dbi_query ( "DELETE FROM webcal_entry_user WHERE cal_login = '$user'" );
290 // Delete preferences
291 dbi_query ( "DELETE FROM webcal_user_pref WHERE cal_login = '$user'" );
293 // Delete from groups
294 dbi_query ( "DELETE FROM webcal_group_user WHERE cal_login = '$user'" );
296 // Delete bosses & assistants
297 dbi_query ( "DELETE FROM webcal_asst WHERE cal_boss = '$user'" );
298 dbi_query ( "DELETE FROM webcal_asst WHERE cal_assistant = '$user'" );
300 // Delete user's views
301 $delete_em = array ();
302 $res = dbi_query ( "SELECT cal_view_id FROM webcal_view " .
303 "WHERE cal_owner = '$user'" );
305 while ( $row = dbi_fetch_row ( $res ) ) {
306 $delete_em[] = $row[0];
308 dbi_free_result ( $res );
310 for ( $i = 0; $i < count ( $delete_em ); $i++ ) {
311 dbi_query ( "DELETE FROM webcal_view_user WHERE cal_view_id = " .
314 dbi_query ( "DELETE FROM webcal_view WHERE cal_owner = '$user'" );
317 dbi_query ( "DELETE FROM webcal_user_layers WHERE cal_login = '$user'" );
319 // Delete any layers other users may have that point to this user.
320 dbi_query ( "DELETE FROM webcal_user_layers WHERE cal_layeruser = '$user'" );
323 dbi_query ( "DELETE FROM webcal_user WHERE cal_login = '$user'" );
326 // Get a list of users and return info in an array.
327 function user_get_users () {
328 global $public_access, $PUBLIC_ACCESS_FULLNAME;
332 if ( $public_access == "Y" )
333 $ret[$count++] = array (
334 "cal_login" => "__public__",
335 "cal_lastname" => "",
336 "cal_firstname" => "",
337 "cal_is_admin" => "N",
339 "cal_password" => "",
340 "cal_fullname" => $PUBLIC_ACCESS_FULLNAME );
341 $res = dbi_query ( "SELECT cal_login, cal_lastname, cal_firstname, " .
342 "cal_is_admin, cal_email, cal_passwd FROM webcal_user " .
343 "ORDER BY cal_lastname, cal_firstname, cal_login" );
345 while ( $row = dbi_fetch_row ( $res ) ) {
346 if ( strlen ( $row[1] ) && strlen ( $row[2] ) )
347 $fullname = "$row[2] $row[1]";
348 elseif ( strlen ( $row[1] ) && ! strlen ( $row[2] ) )
349 $fullname = "$row[1]";
352 $ret[$count++] = array (
353 "cal_login" => $row[0],
354 "cal_lastname" => $row[1],
355 "cal_firstname" => $row[2],
356 "cal_is_admin" => $row[3],
357 "cal_email" => empty ( $row[4] ) ? "" : $row[4],
358 "cal_password" => $row[5],
359 "cal_fullname" => $fullname
362 dbi_free_result ( $res );