2 if ( empty ( $PHP_SELF ) && ! empty ( $_SERVER ) &&
3 ! empty ( $_SERVER['PHP_SELF'] ) ) {
4 $PHP_SELF = $_SERVER['PHP_SELF'];
6 if ( ! empty ( $PHP_SELF ) && preg_match ( "/\/includes\//", $PHP_SELF ) ) {
7 die ( "You can't access this file directly!" );
10 // This file contains all the functions for getting information
11 // about users. So, if you want to use an authentication scheme
12 // other than the webcal_user table, you can just create a new
13 // version of each function found below.
15 // Note: this application assumes that usernames (logins) are unique.
17 // Note #2: If you are using HTTP-based authentication, then you still
18 // need these functions and you will still need to add users to
21 // Set some global config variables about your system.
22 $user_can_update_password = true;
23 $admin_can_add_user = true;
24 $admin_can_delete_user = true;
27 // Check to see if a given login/password is valid. If invalid,
28 // the error message will be placed in $error.
30 // $login - user login
31 // $password - user password
32 // returns: true or false
33 function user_valid_login ( $login, $password ) {
37 $sql = "SELECT cal_login FROM webcal_user WHERE " .
38 "cal_login = '" . $login . "' AND cal_passwd = '" . $password . "'";
39 // "cal_login = '" . $login . "' AND cal_passwd = '" . md5($password) . "'";
40 $res = dbi_query ( $sql );
42 $row = dbi_fetch_row ( $res );
43 if ( $row && $row[0] != "" ) {
44 // MySQL seems to do case insensitive matching, so double-check
46 if ( $row[0] == $login )
47 $ret = true; // found login/password
49 $error = translate ("Invalid login") . ": " .
50 translate("incorrect password");
52 $error = translate ("Invalid login");
53 // Could be no such user or bad password
54 // Check if user exists, so we can tell.
55 $res2 = dbi_query ( "SELECT cal_login FROM webcal_user " .
56 "WHERE cal_login = '$login'" );
58 $row = dbi_fetch_row ( $res2 );
59 if ( $row && ! empty ( $row[0] ) ) {
60 // got a valid username, but wrong password
61 $error = translate ("Invalid login") . ": " .
62 translate("incorrect password" );
65 $error = translate ("Invalid login") . ": " .
66 translate("no such user" );
68 dbi_free_result ( $res2 );
71 dbi_free_result ( $res );
73 $error = translate("Database error") . ": " . dbi_error();
79 // Check to see if a given login/crypted password is valid. If invalid,
80 // the error message will be placed in $error.
82 // $login - user login
83 // $crypt_password - crypted user password
84 // returns: true or false
85 function user_valid_crypt ( $login, $crypt_password ) {
89 $salt = substr($crypt_password, 0, 2);
91 $sql = "SELECT cal_login, cal_passwd FROM webcal_user WHERE " .
92 "cal_login = '" . $login . "'";
93 $res = dbi_query ( $sql );
95 $row = dbi_fetch_row ( $res );
96 if ( $row && $row[0] != "" ) {
97 // MySQL seems to do case insensitive matching, so double-check
99 // also check if password matches
100 if ( ($row[0] == $login) && (crypt($row[1], $salt) == $crypt_password) )
101 $ret = true; // found login/password
103 //$error = translate ("Invalid login");
104 $error = "Invalid login";
106 //$error = translate ("Invalid login");
107 $error = "Invalid login";
109 dbi_free_result ( $res );
111 //$error = translate("Database error") . ": " . dbi_error();
112 $error = "Database error: " . dbi_error();
118 // Load info about a user (first name, last name, admin) and set
121 // $user - user login
122 // $prefix - variable prefix to use
123 function user_load_variables ( $login, $prefix ) {
124 global $PUBLIC_ACCESS_FULLNAME, $NONUSER_PREFIX;
126 if ($NONUSER_PREFIX && substr($login, 0, strlen($NONUSER_PREFIX) ) == $NONUSER_PREFIX) {
127 nonuser_load_variables ( $login, $prefix );
131 if ( $login == "__public__" ) {
132 $GLOBALS[$prefix . "login"] = $login;
133 $GLOBALS[$prefix . "firstname"] = "";
134 $GLOBALS[$prefix . "lastname"] = "";
135 $GLOBALS[$prefix . "is_admin"] = "N";
136 $GLOBALS[$prefix . "email"] = "";
137 $GLOBALS[$prefix . "fullname"] = $PUBLIC_ACCESS_FULLNAME;
138 $GLOBALS[$prefix . "password"] = "";
142 "SELECT cal_firstname, cal_lastname, cal_is_admin, cal_email, cal_passwd " .
143 "FROM webcal_user WHERE cal_login = '" . $login . "'";
144 $res = dbi_query ( $sql );
146 if ( $row = dbi_fetch_row ( $res ) ) {
147 $GLOBALS[$prefix . "login"] = $login;
148 $GLOBALS[$prefix . "firstname"] = $row[0];
149 $GLOBALS[$prefix . "lastname"] = $row[1];
150 $GLOBALS[$prefix . "is_admin"] = $row[2];
151 $GLOBALS[$prefix . "email"] = empty ( $row[3] ) ? "" : $row[3];
152 if ( strlen ( $row[0] ) && strlen ( $row[1] ) )
153 $GLOBALS[$prefix . "fullname"] = "$row[0] $row[1]";
155 $GLOBALS[$prefix . "fullname"] = $login;
156 $GLOBALS[$prefix . "password"] = $row[4];
158 dbi_free_result ( $res );
160 $error = translate ("Database error") . ": " . dbi_error ();
168 // $user - user login
169 // $password - user password
170 // $firstname - first name
171 // $lastname - last name
172 // $email - email address
173 // $admin - is admin? ("Y" or "N")
174 function user_add_user ( $user, $password, $firstname, $lastname, $email,
178 if ( $user == "__public__" ) {
179 $error = translate ("Invalid user login");
183 if ( strlen ( $email ) )
184 $uemail = "'" . $email . "'";
187 if ( strlen ( $firstname ) )
188 $ufirstname = "'" . $firstname . "'";
190 $ufirstname = "NULL";
191 if ( strlen ( $lastname ) )
192 $ulastname = "'" . $lastname . "'";
195 if ( strlen ( $password ) )
196 $upassword = "'" . md5($password) . "'";
201 $sql = "INSERT INTO webcal_user " .
202 "( cal_login, cal_lastname, cal_firstname, " .
203 "cal_is_admin, cal_passwd, cal_email ) " .
204 "VALUES ( '$user', $ulastname, $ufirstname, " .
205 "'$admin', $upassword, $uemail )";
206 if ( ! dbi_query ( $sql ) ) {
207 $error = translate ("Database error") . ": " . dbi_error ();
215 // $user - user login
216 // $firstname - first name
217 // $lastname - last name
218 // $email - email address
219 // $admin - is admin?
220 function user_update_user ( $user, $firstname, $lastname, $email, $admin ) {
223 if ( $user == "__public__" ) {
224 $error = translate ("Invalid user login");
227 if ( strlen ( $email ) )
228 $uemail = "'" . $email . "'";
231 if ( strlen ( $firstname ) )
232 $ufirstname = "'" . $firstname . "'";
234 $ufirstname = "NULL";
235 if ( strlen ( $lastname ) )
236 $ulastname = "'" . $lastname . "'";
242 $sql = "UPDATE webcal_user SET cal_lastname = $ulastname, " .
243 "cal_firstname = $ufirstname, cal_email = $uemail," .
244 "cal_is_admin = '$admin' WHERE cal_login = '$user'";
245 if ( ! dbi_query ( $sql ) ) {
246 $error = translate ("Database error") . ": " . dbi_error ();
252 // Update user password
254 // $user - user login
255 // $password - last name
256 function user_update_user_password ( $user, $password ) {
259 $sql = "UPDATE webcal_user SET cal_passwd = '".md5($password)."' " .
260 "WHERE cal_login = '$user'";
261 if ( ! dbi_query ( $sql ) ) {
262 $error = translate ("Database error") . ": " . dbi_error ();
268 // Delete a user from the system.
269 // We assume that we've already checked to make sure this user doesn't
270 // have events still in the database.
272 // $user - user to delete
273 function user_delete_user ( $user ) {
274 // Get event ids for all events this user is a participant
276 $res = dbi_query ( "SELECT webcal_entry.cal_id " .
277 "FROM webcal_entry, webcal_entry_user " .
278 "WHERE webcal_entry.cal_id = webcal_entry_user.cal_id " .
279 "AND webcal_entry_user.cal_login = '$user'" );
281 while ( $row = dbi_fetch_row ( $res ) ) {
286 // Now count number of participants in each event...
287 // If just 1, then save id to be deleted
288 $delete_em = array ();
289 for ( $i = 0; $i < count ( $events ); $i++ ) {
290 $res = dbi_query ( "SELECT COUNT(*) FROM webcal_entry_user " .
291 "WHERE cal_id = " . $events[$i] );
293 if ( $row = dbi_fetch_row ( $res ) ) {
295 $delete_em[] = $events[$i];
297 dbi_free_result ( $res );
300 // Now delete events that were just for this user
301 for ( $i = 0; $i < count ( $delete_em ); $i++ ) {
302 dbi_query ( "DELETE FROM webcal_entry WHERE cal_id = " . $delete_em[$i] );
305 // Delete user participation from events
306 dbi_query ( "DELETE FROM webcal_entry_user WHERE cal_login = '$user'" );
308 // Delete preferences
309 dbi_query ( "DELETE FROM webcal_user_pref WHERE cal_login = '$user'" );
311 // Delete from groups
312 dbi_query ( "DELETE FROM webcal_group_user WHERE cal_login = '$user'" );
314 // Delete bosses & assistants
315 dbi_query ( "DELETE FROM webcal_asst WHERE cal_boss = '$user'" );
316 dbi_query ( "DELETE FROM webcal_asst WHERE cal_assistant = '$user'" );
318 // Delete user's views
319 $delete_em = array ();
320 $res = dbi_query ( "SELECT cal_view_id FROM webcal_view " .
321 "WHERE cal_owner = '$user'" );
323 while ( $row = dbi_fetch_row ( $res ) ) {
324 $delete_em[] = $row[0];
326 dbi_free_result ( $res );
328 for ( $i = 0; $i < count ( $delete_em ); $i++ ) {
329 dbi_query ( "DELETE FROM webcal_view_user WHERE cal_view_id = " .
332 dbi_query ( "DELETE FROM webcal_view WHERE cal_owner = '$user'" );
335 dbi_query ( "DELETE FROM webcal_user_layers WHERE cal_login = '$user'" );
337 // Delete any layers other users may have that point to this user.
338 dbi_query ( "DELETE FROM webcal_user_layers WHERE cal_layeruser = '$user'" );
341 dbi_query ( "DELETE FROM webcal_user WHERE cal_login = '$user'" );
344 // Get a list of users and return info in an array.
345 function user_get_users () {
346 global $public_access, $PUBLIC_ACCESS_FULLNAME;
350 if ( $public_access == "Y" )
351 $ret[$count++] = array (
352 "cal_login" => "__public__",
353 "cal_lastname" => "",
354 "cal_firstname" => "",
355 "cal_is_admin" => "N",
357 "cal_password" => "",
358 "cal_fullname" => $PUBLIC_ACCESS_FULLNAME );
359 $res = dbi_query ( "SELECT cal_login, cal_lastname, cal_firstname, " .
360 "cal_is_admin, cal_email, cal_passwd FROM webcal_user " .
361 "ORDER BY cal_lastname, cal_firstname, cal_login" );
363 while ( $row = dbi_fetch_row ( $res ) ) {
364 if ( strlen ( $row[1] ) && strlen ( $row[2] ) )
365 $fullname = "$row[2] $row[1]";
368 $ret[$count++] = array (
369 "cal_login" => $row[0],
370 "cal_lastname" => $row[1],
371 "cal_firstname" => $row[2],
372 "cal_is_admin" => $row[3],
373 "cal_email" => empty ( $row[4] ) ? "" : $row[4],
374 "cal_password" => $row[5],
375 "cal_fullname" => $fullname
378 dbi_free_result ( $res );