| Server IP : 172.64.80.1 / Your IP : 216.73.216.175 Web Server : LiteSpeed System : Linux srv13.swhc.ca 4.18.0-553.126.2.lve.el8.x86_64 #1 SMP Thu May 28 14:12:30 UTC 2026 x86_64 User : hongluck ( 2522) PHP Version : 7.4.33 Disable Function : NONE MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : ON | Sudo : OFF | Pkexec : OFF Directory : /home/hongluck/public_html/old site/webcal/includes/ |
Upload File : |
<?php
if ( empty ( $PHP_SELF ) && ! empty ( $_SERVER ) &&
! empty ( $_SERVER['PHP_SELF'] ) ) {
$PHP_SELF = $_SERVER['PHP_SELF'];
}
if ( ! empty ( $PHP_SELF ) && preg_match ( "/\/includes\//", $PHP_SELF ) ) {
die ( "You can't access this file directly!" );
}
// This file contains all the functions for getting information
// about users. So, if you want to use an authentication scheme
// other than the webcal_user table, you can just create a new
// version of each function found below.
//
// Note: this application assumes that usernames (logins) are unique.
//
// Note #2: If you are using HTTP-based authentication, then you still
// need these functions and you will still need to add users to
// webcal_user.
// Set some global config variables about your system.
$user_can_update_password = true;
$admin_can_add_user = true;
$admin_can_delete_user = true;
// Check to see if a given login/password is valid. If invalid,
// the error message will be placed in $error.
// params:
// $login - user login
// $password - user password
// returns: true or false
function user_valid_login ( $login, $password ) {
global $error;
$ret = false;
$sql = "SELECT cal_login FROM webcal_user WHERE " .
"cal_login = '" . $login . "' AND cal_passwd = '" . md5($password) . "'";
$res = dbi_query ( $sql );
if ( $res ) {
$row = dbi_fetch_row ( $res );
if ( $row && $row[0] != "" ) {
// MySQL seems to do case insensitive matching, so double-check
// the login.
if ( $row[0] == $login )
$ret = true; // found login/password
else
$error = translate ("Invalid login") . ": " .
translate("incorrect password");
} else {
$error = translate ("Invalid login");
// Could be no such user or bad password
// Check if user exists, so we can tell.
$res2 = dbi_query ( "SELECT cal_login FROM webcal_user " .
"WHERE cal_login = '$login'" );
if ( $res2 ) {
$row = dbi_fetch_row ( $res2 );
if ( $row && ! empty ( $row[0] ) ) {
// got a valid username, but wrong password
$error = translate ("Invalid login") . ": " .
translate("incorrect password" );
} else {
// No such user.
$error = translate ("Invalid login") . ": " .
translate("no such user" );
}
dbi_free_result ( $res2 );
}
}
dbi_free_result ( $res );
} else {
$error = translate("Database error") . ": " . dbi_error();
}
return $ret;
}
// Check to see if a given login/crypted password is valid. If invalid,
// the error message will be placed in $error.
// params:
// $login - user login
// $crypt_password - crypted user password
// returns: true or false
function user_valid_crypt ( $login, $crypt_password ) {
global $error;
$ret = false;
$salt = substr($crypt_password, 0, 2);
$sql = "SELECT cal_login, cal_passwd FROM webcal_user WHERE " .
"cal_login = '" . $login . "'";
$res = dbi_query ( $sql );
if ( $res ) {
$row = dbi_fetch_row ( $res );
if ( $row && $row[0] != "" ) {
// MySQL seems to do case insensitive matching, so double-check
// the login.
// also check if password matches
if ( ($row[0] == $login) && (crypt($row[1], $salt) == $crypt_password) )
$ret = true; // found login/password
else
//$error = translate ("Invalid login");
$error = "Invalid login";
} else {
//$error = translate ("Invalid login");
$error = "Invalid login";
}
dbi_free_result ( $res );
} else {
//$error = translate("Database error") . ": " . dbi_error();
$error = "Database error: " . dbi_error();
}
return $ret;
}
// Load info about a user (first name, last name, admin) and set
// globally.
// params:
// $user - user login
// $prefix - variable prefix to use
function user_load_variables ( $login, $prefix ) {
global $PUBLIC_ACCESS_FULLNAME, $NONUSER_PREFIX;
if ($NONUSER_PREFIX && substr($login, 0, strlen($NONUSER_PREFIX) ) == $NONUSER_PREFIX) {
nonuser_load_variables ( $login, $prefix );
return true;
}
if ( $login == "__public__" ) {
$GLOBALS[$prefix . "login"] = $login;
$GLOBALS[$prefix . "firstname"] = "";
$GLOBALS[$prefix . "lastname"] = "";
$GLOBALS[$prefix . "is_admin"] = "N";
$GLOBALS[$prefix . "email"] = "";
$GLOBALS[$prefix . "fullname"] = $PUBLIC_ACCESS_FULLNAME;
$GLOBALS[$prefix . "password"] = "";
return true;
}
$sql =
"SELECT cal_firstname, cal_lastname, cal_is_admin, cal_email, cal_passwd " .
"FROM webcal_user WHERE cal_login = '" . $login . "'";
$res = dbi_query ( $sql );
if ( $res ) {
if ( $row = dbi_fetch_row ( $res ) ) {
$GLOBALS[$prefix . "login"] = $login;
$GLOBALS[$prefix . "firstname"] = $row[0];
$GLOBALS[$prefix . "lastname"] = $row[1];
$GLOBALS[$prefix . "is_admin"] = $row[2];
$GLOBALS[$prefix . "email"] = empty ( $row[3] ) ? "" : $row[3];
if ( strlen ( $row[0] ) && strlen ( $row[1] ) )
$GLOBALS[$prefix . "fullname"] = "$row[0] $row[1]";
else
$GLOBALS[$prefix . "fullname"] = $login;
$GLOBALS[$prefix . "password"] = $row[4];
}
dbi_free_result ( $res );
} else {
$error = translate ("Database error") . ": " . dbi_error ();
return false;
}
return true;
}
// Add a new user.
// params:
// $user - user login
// $password - user password
// $firstname - first name
// $lastname - last name
// $email - email address
// $admin - is admin? ("Y" or "N")
function user_add_user ( $user, $password, $firstname, $lastname, $email,
$admin ) {
global $error;
if ( $user == "__public__" ) {
$error = translate ("Invalid user login");
return false;
}
if ( strlen ( $email ) )
$uemail = "'" . $email . "'";
else
$uemail = "NULL";
if ( strlen ( $firstname ) )
$ufirstname = "'" . $firstname . "'";
else
$ufirstname = "NULL";
if ( strlen ( $lastname ) )
$ulastname = "'" . $lastname . "'";
else
$ulastname = "NULL";
if ( strlen ( $password ) )
$upassword = "'" . md5($password) . "'";
else
$upassword = "NULL";
if ( $admin != "Y" )
$admin = "N";
$sql = "INSERT INTO webcal_user " .
"( cal_login, cal_lastname, cal_firstname, " .
"cal_is_admin, cal_passwd, cal_email ) " .
"VALUES ( '$user', $ulastname, $ufirstname, " .
"'$admin', $upassword, $uemail )";
if ( ! dbi_query ( $sql ) ) {
$error = translate ("Database error") . ": " . dbi_error ();
return false;
}
return true;
}
// Update a user
// params:
// $user - user login
// $firstname - first name
// $lastname - last name
// $email - email address
// $admin - is admin?
function user_update_user ( $user, $firstname, $lastname, $email, $admin ) {
global $error;
if ( $user == "__public__" ) {
$error = translate ("Invalid user login");
return false;
}
if ( strlen ( $email ) )
$uemail = "'" . $email . "'";
else
$uemail = "NULL";
if ( strlen ( $firstname ) )
$ufirstname = "'" . $firstname . "'";
else
$ufirstname = "NULL";
if ( strlen ( $lastname ) )
$ulastname = "'" . $lastname . "'";
else
$ulastname = "NULL";
if ( $admin != "Y" )
$admin = "N";
$sql = "UPDATE webcal_user SET cal_lastname = $ulastname, " .
"cal_firstname = $ufirstname, cal_email = $uemail," .
"cal_is_admin = '$admin' WHERE cal_login = '$user'";
if ( ! dbi_query ( $sql ) ) {
$error = translate ("Database error") . ": " . dbi_error ();
return false;
}
return true;
}
// Update user password
// params:
// $user - user login
// $password - last name
function user_update_user_password ( $user, $password ) {
global $error;
$sql = "UPDATE webcal_user SET cal_passwd = '".md5($password)."' " .
"WHERE cal_login = '$user'";
if ( ! dbi_query ( $sql ) ) {
$error = translate ("Database error") . ": " . dbi_error ();
return false;
}
return true;
}
// Delete a user from the system.
// We assume that we've already checked to make sure this user doesn't
// have events still in the database.
// params:
// $user - user to delete
function user_delete_user ( $user ) {
// Get event ids for all events this user is a participant
$events = array ();
$res = dbi_query ( "SELECT webcal_entry.cal_id " .
"FROM webcal_entry, webcal_entry_user " .
"WHERE webcal_entry.cal_id = webcal_entry_user.cal_id " .
"AND webcal_entry_user.cal_login = '$user'" );
if ( $res ) {
while ( $row = dbi_fetch_row ( $res ) ) {
$events[] = $row[0];
}
}
// Now count number of participants in each event...
// If just 1, then save id to be deleted
$delete_em = array ();
for ( $i = 0; $i < count ( $events ); $i++ ) {
$res = dbi_query ( "SELECT COUNT(*) FROM webcal_entry_user " .
"WHERE cal_id = " . $events[$i] );
if ( $res ) {
if ( $row = dbi_fetch_row ( $res ) ) {
if ( $row[0] == 1 )
$delete_em[] = $events[$i];
}
dbi_free_result ( $res );
}
}
// Now delete events that were just for this user
for ( $i = 0; $i < count ( $delete_em ); $i++ ) {
dbi_query ( "DELETE FROM webcal_entry WHERE cal_id = " . $delete_em[$i] );
}
// Delete user participation from events
dbi_query ( "DELETE FROM webcal_entry_user WHERE cal_login = '$user'" );
// Delete preferences
dbi_query ( "DELETE FROM webcal_user_pref WHERE cal_login = '$user'" );
// Delete from groups
dbi_query ( "DELETE FROM webcal_group_user WHERE cal_login = '$user'" );
// Delete bosses & assistants
dbi_query ( "DELETE FROM webcal_asst WHERE cal_boss = '$user'" );
dbi_query ( "DELETE FROM webcal_asst WHERE cal_assistant = '$user'" );
// Delete user's views
$delete_em = array ();
$res = dbi_query ( "SELECT cal_view_id FROM webcal_view " .
"WHERE cal_owner = '$user'" );
if ( $res ) {
while ( $row = dbi_fetch_row ( $res ) ) {
$delete_em[] = $row[0];
}
dbi_free_result ( $res );
}
for ( $i = 0; $i < count ( $delete_em ); $i++ ) {
dbi_query ( "DELETE FROM webcal_view_user WHERE cal_view_id = " .
$delete_em[$i] );
}
dbi_query ( "DELETE FROM webcal_view WHERE cal_owner = '$user'" );
// Delete layers
dbi_query ( "DELETE FROM webcal_user_layers WHERE cal_login = '$user'" );
// Delete any layers other users may have that point to this user.
dbi_query ( "DELETE FROM webcal_user_layers WHERE cal_layeruser = '$user'" );
// Delete user
dbi_query ( "DELETE FROM webcal_user WHERE cal_login = '$user'" );
}
// Get a list of users and return info in an array.
function user_get_users () {
global $public_access, $PUBLIC_ACCESS_FULLNAME;
$count = 0;
$ret = array ();
if ( $public_access == "Y" )
$ret[$count++] = array (
"cal_login" => "__public__",
"cal_lastname" => "",
"cal_firstname" => "",
"cal_is_admin" => "N",
"cal_email" => "",
"cal_password" => "",
"cal_fullname" => $PUBLIC_ACCESS_FULLNAME );
$res = dbi_query ( "SELECT cal_login, cal_lastname, cal_firstname, " .
"cal_is_admin, cal_email, cal_passwd FROM webcal_user " .
"ORDER BY cal_lastname, cal_firstname, cal_login" );
if ( $res ) {
while ( $row = dbi_fetch_row ( $res ) ) {
if ( strlen ( $row[1] ) && strlen ( $row[2] ) )
$fullname = "$row[2] $row[1]";
else
$fullname = $row[0];
$ret[$count++] = array (
"cal_login" => $row[0],
"cal_lastname" => $row[1],
"cal_firstname" => $row[2],
"cal_is_admin" => $row[3],
"cal_email" => empty ( $row[4] ) ? "" : $row[4],
"cal_password" => $row[5],
"cal_fullname" => $fullname
);
}
dbi_free_result ( $res );
}
return $ret;
}
?>