kill admin.php; misc other changes; bump rc num

Author: Jim Hu

admin/index.php

@@ -1,9 +1,11 @@
 <?php
 define('BASE', '../');
+$current_view = 'admin';
+require_once(BASE.'functions/init.inc.php');
 require_once(BASE.'functions/admin_functions.php');
-require_once(BASE.'functions/ical_parser.php');
 require_once(BASE.'functions/template.php');
-header("Content-Type: text/html; charset=$charset");
+
+#echo "<pre>";print_r($_REQUEST);
 
 if (empty($phpiCal_config->default_path)) {
 	if (isset($_SERVER['HTTPS']) || strtolower($_SERVER['HTTPS']) == 'on' ) {
@@ -12,13 +14,9 @@
 		$default_path = 'http://'.$_SERVER['SERVER_NAME'].':'.$_SERVER['SERVER_PORT'].substr($_SERVER['PHP_SELF'],0,strpos($_SERVER['PHP_SELF'],'/admin/'));
 	}
 }
-if ($phpiCal_config->allow_admin != 'yes') {
-	exit(error('The administration menu has been turned off.', $cal, '../'));
-}
-
-// Load variables from forms and query strings into local scope
-if($_POST) 	{extract($_POST, EXTR_PREFIX_SAME, "post_");}
-if($_GET)  	{extract($_GET, EXTR_PREFIX_SAME, "get_");}
+#if ($phpiCal_config->allow_admin != 'yes') {
+	exit(error('The administration menu has been turned off.', '', '/..'));
+#}
 
 // Logout by clearing session variables
 if ((isset($_GET['action'])) && ($_GET['action'] == 'logout')) {
@@ -27,12 +25,11 @@
 	unset($_SESSION['phpical_password']);
 }
 
-
 // if $auth_method == 'server', don't do any authentication
-$username = $_POST['username'];
-$password = $_POST['password'];
+$username = @$_POST['username'];
+$password = @$_POST['password'];
 
-if ($auth_method == 'server') {
+if ($phpiCal_config->auth_method == 'server') {
 	$is_loged_in = TRUE;
 } else {
 	$is_loged_in = FALSE;
@@ -41,19 +38,20 @@
 		$is_loged_in = TRUE;
 	}
 
-	if (isset($username) && $_GET['action'] != 'logout') {
+	if (isset($username) && @$_GET['action'] != 'logout') {
 		$is_loged_in = login ($username, $password);
 	}
 }
 
 $login_good = ($is_loged_in) ? '' : 'oops';
-$login_bad	= ((!$is_loged_in) && ($_GET['action'] == 'login')) ? 'oops' : '';
+$login_bad	= ((!$is_loged_in) && (@$_GET['action'] == 'login')) ? 'oops' : '';
+$delete_msg = '';
+$addupdate_msg 	= '';
 if(is_loggedin()){
 	// Delete a calendar
 	// Not at all secure - need to strip out path info if used by users besides admin in the future
-	$delete_msg = '';
-	if ($_POST['action'] == 'delete') {
-		foreach ($delete_calendar as $filename) {
+	if (isset($_POST['action']) && $_POST['action'] == 'delete') {
+		foreach ($_POST['delete_calendar'] as $filename) {
 			if (!delete_cal(urldecode($filename))) {
 				$delete_msg = $delete_msg . '<font color="red">' . $lang['l_delete_error'] . ' ' . urldecode(substr($filename,0,-4)) . '</font><br />';
 			} else {
@@ -63,8 +61,7 @@
 	}
 
 	// Add or Update a calendar
-	$addupdate_msg 	= '';
-	if ((isset($_POST['action']))  && ($_POST['action'] == 'addupdate')) {
+	if (isset($_POST['action'])  && $_POST['action'] == 'addupdate') {
 		for ($filenumber = 1; $filenumber < 6; $filenumber++) {
 			$file = $_FILES['calfile'];
 			$addupdate_success = FALSE;
@@ -101,15 +98,15 @@
 	'version'			=> $phpiCal_config->phpicalendar_version,
 	'event_js'			=> '',
 	'charset'			=> $phpiCal_config->charset,
-	'default_path'		=> "../".$phpiCal_config->default_path,
+	'default_path'		=> $phpiCal_config->default_path."/..",
 	'template'			=> $phpiCal_config->template,
 	'cal'				=> $cal,
 	'getdate'			=> $getdate,
 	'calendar_name'		=> $calendar_name,
-	'display_date'		=> $display_date,
+	'display_date'		=> '',
 	'current_view'		=> $current_view,
-	'sidebar_date'		=> $sidebar_date,
-	'rss_powered'	 	=> $phpiCal_config->rss_powered,
+#	'sidebar_date'		=> $sidebar_date,
+	'rss_powered'	 	=> $rss_powered,
 	'rss_available' 	=> '',
 	'rss_valid' 		=> '',
 	'show_search' 		=> '',

calendars/test.ics

@@ -1,6 +1,6 @@
 BEGIN:VCALENDAR
 VERSION:2.0
-X-WR-CALNAME:testing \,comma
+X-WR-CALNAME:testing\, comma
 PRODID:-//Apple Computer\, Inc//iCal 2.0//EN
 X-WR-RELCALID:E47AF849-67C8-49F0-AA36-9FD7495400FD
 X-WR-TIMEZONE:US/Pacific

config.inc.php

@@ -29,7 +29,7 @@
 #     'cookie_uri'           => '', 
 #     'download_uri'         => '', 	
 #     'allow_webcals'          => 'yes',
-     'recursive_path'          => 'yes',
+#     'recursive_path'          => 'yes',
 
 /*     ** Timezones **
 If timezone is not set, all events show in the local time of the source calendar.  This isn't a problem if all your calendars are in the same timezone.  If you set a timezone for the server, events in other timezones are shown when they occur at the server's time.
@@ -57,7 +57,6 @@
 #     'show_todos'           => 'no',
 #     'show_completed'       => 'no',
       'allow_login'          => 'yes',	           // Set to yes to prompt for login to unlock calendars.
-#     'allow_admin'          => 'yes', 
 #     'week_start_day'       => 'Monday',          // Day of the week your week starts on
 #     'week_length'          => '5',	           // Number of days to display in the week view
 #     'day_start'            => '0600',	           // Start time for day grid
@@ -80,11 +79,11 @@
 these arrays provide extra calendar options.
 
 */
-$list_webcals[] = array(
+$list_webcals = array(
 #	'webcal://dimer.tamu.edu/calendars/seminars/Biochem.ics'
 );
 $more_webcals['recur_tests'] = array();
-$locked_cals[] = array(
+$locked_cals = array(
 
 );
 /*     ========= SPECIAL CALENDARS =========

default_config.php

@@ -2,7 +2,7 @@
 class Configs{
 	private static $instance;
 	private function __construct(){
-		$this->phpicalendar_version = '2.3rc1.4';
+		$this->phpicalendar_version = '2.3rc1.6';
 	// Configuration file for PHP iCalendar 2.25rc1
 	//
 	// To set values, change the text between the single quotes
@@ -33,6 +33,7 @@ private function __construct(){
 		$this->cookie_uri				= ''; 				// The HTTP URL to the PHP iCalendar directory, ie. http://www.example.com/phpicalendar -- AUTO SETTING -- Only set if you are having cookie issues.
 		$this->download_uri				= ''; 				// The HTTP URL to your calendars directory, ie. http://www.example.com/phpicalendar/calendars -- AUTO SETTING -- Only set if you are having subscribe issues.
 		$this->default_path				= ''; 				// The HTTP URL to the PHP iCalendar directory, ie. http://www.example.com/phpicalendar
+		$this->cpath	     			= ''; 				// optional subdirectory
 		$this->charset					= 'UTF-8';			// Character set your calendar is in, suggested UTF-8, or iso-8859-1 for most languages.
 
 		// Yes/No questions --- 'yes' means Yes, anything else means no. 'yes' must be lowercase.

error.php

@@ -3,18 +3,11 @@
 require_once(BASE.'functions/template.php');
 
 
-function error($error_msg='There was an error processing the request.', $file='NONE', $error_base='./') {
-	global $language, $enable_rss, $lang, $charset, $phpiCal_config;
+function error($error_msg='There was an error processing the request.', $file='NONE', $error_base='') {
+	global $getdate, $rss_powered, $lang, $phpiCal_config, $cal;
 	if (!isset($template))					$template = $phpiCal_config->template;
-	if (!isset($lang['l_powered_by']))		$lang['l_powered_by'] = 'Powered by';
-	if (!isset($lang['l_error_title']))		$lang['l_error_title'] = 'Error!';
-	if (!isset($lang['l_error_window']))	$lang['l_error_window'] = 'There was an error!';
-	if (!isset($lang['l_error_calendar']))	$lang['l_error_calendar'] = 'The calendar "%s" was being processed when this error occurred.';
-	if (!isset($lang['l_error_back']))		$lang['l_error_back'] = 'Please use the "Back" button to return.';
-	if (!isset($lang['l_this_site_is']))	$lang['l_this_site_is'] = 'This site is';
-	if (!isset($enable_rss))				$enable_rss = 'no';
 
-	$error_calendar 	= sprintf($lang['l_error_calendar'], $file);
+	$error_calendar 	= sprintf($lang['l_error_calendar'], print_r($file,true));
 	$current_view 		= 'error';
 	$display_date 		= $lang['l_error_title'];
 	$calendar_name 		= $lang['l_error_title'];
@@ -27,7 +20,6 @@ function error($error_msg='There was an error processing the request.', $file='N
 			$default_path = 'http://'.$_SERVER['SERVER_NAME'].':'.$_SERVER['SERVER_PORT'].substr($_SERVER['PHP_SELF'],0,strpos($_SERVER['PHP_SELF'],'/rss/'));
 		}
 	}
-	
 	$page = new Page(BASE.'templates/'.$template.'/error.tpl');
 
 	$page->replace_files(array(
@@ -36,12 +28,12 @@ function error($error_msg='There was an error processing the request.', $file='N
 	));
 
 	$page->replace_tags(array(
-		'version'			=> $phpicalendar_version,
-		'default_path'		=> $default_path.'/',
+		'version'			=> $phpiCal_config->phpicalendar_version,
+		'default_path'		=> $phpiCal_config->default_path.$error_base,
 		'template'			=> $template,
 		'cal'				=> $cal,
 		'getdate'			=> $getdate,
-		'charset'			=> $charset,
+		'charset'			=> $phpiCal_config->charset,
 		'calendar_name'		=> $calendar_name,
 		'display_date'		=> $display_date,
 		'rss_powered'	 	=> $rss_powered,
@@ -55,7 +47,8 @@ function error($error_msg='There was an error processing the request.', $file='N
 		'generated'	 		=> $generated,
 		'l_powered_by'		=> $lang['l_powered_by'],
 		'l_error_back'		=> $lang['l_error_back'],
-		'l_error_window'	=> $lang['l_error_window']
+		'l_error_window'	=> $lang['l_error_window'],
+		'l_this_site_is'	=> $lang['l_this_site_is']			
 
 		));
 

functions/admin_functions.php

@@ -47,10 +47,10 @@ function login ($username, $password) {
 // arg1: string password
 // returns boolean was login successful
 function login_ftp ($username, $password) {
-	global $ftp_server, $ftp_port;
+	global $phpiCal_config;
 
 	// set up basic connection
-	$conn_id = @ftp_connect($ftp_server, $ftp_port); 
+	$conn_id = @ftp_connect($phpiCal_config->ftp_server, $phpiCal_config->ftp_port); 
 	if (!$conn_id) exit(error('Cannot connect to FTP server', $filename));
 	// login with username and password
 	$login_result = @ftp_login($conn_id, $username, $password); 
@@ -88,6 +88,7 @@ function delete_cal ($filename) {
 	global $_SESSION;
 	global $phpiCal_config;
 	global $calendar_path;
+	echo $filename;
 
 	if ($phpiCal_config->auth_method == 'ftp') {
 		$filename = get_ftp_calendar_path() . "/" . $filename;
@@ -115,12 +116,11 @@ function delete_cal ($filename) {
 		return TRUE;
 	} else {
 		#$filename = $calendar_path . "/" . $filename;
-	
 		$delete = unlink($filename); 
 		clearstatcache();
 		if (@file_exists($filename)) { 
 			$filesys = eregi_replace("/","\\", $filename); 
-			$delete = system("del $filesys");
+			$delete = system("rm -f $filesys");
 			clearstatcache();
 			if (@file_exists($filename)) { 
 				$delete = chmod ($filename, 0775); 

functions/calendar_functions.php

@@ -41,19 +41,17 @@ function availableCalendars($username, $password, $cal_filename, $admin = false)
 
 	// This array keeps track of paths we need to search.
 	$search_paths = array($phpiCal_config->calendar_path);
-		
 	// Add web calendars.
 	if ($cal_filename_local[0] == $phpiCal_config->ALL_CALENDARS_COMBINED || $admin)	{
 		if (!isset($http_user) && !$admin) {
 			foreach ($list_webcals as $file) {
 				// Make sure the URL ends with .ics.
-				if (!preg_match("/.ics$/i", $file)) continue;			
+				if (!is_string($file)) continue;			
 				// Add this calendar.
 				array_push($calendars, $file);
 			}
 		}
-	}
-	
+	}	
 	// Set some booleans that will dictate our search.
 	$find_all = ($cal_filename_local[0] == $phpiCal_config->ALL_CALENDARS_COMBINED || $admin);
 
@@ -74,10 +72,10 @@ function availableCalendars($username, $password, $cal_filename, $admin = false)
 		// used to identify the calendar filename.
 		if ($find_all || $phpiCal_config->recursive_path == 'yes' || $phpiCal_config->support_ical == 'yes') {
 			// Open the directory.
-			$dir_handle = @opendir($search_path)
-				or die(error(sprintf($lang['l_error_path'], $search_path), implode(',', $cal_filename)));
+			$dir_handle = opendir($search_path)
+				or die(error("cal fn 78:".sprintf($lang['l_error_path'], $search_path), implode(',', $cal_filename)));
 			if ($dir_handle === false)
-				die(error(sprintf($lang['l_error_path'], $search_path), implode(',', $cal_filename)));
+				die(error(" cal fn 80:".sprintf($lang['l_error_path'], $search_path), implode(',', $cal_filename)));
 
 			// Add each file in the directory that does not begin with a dot.
 			while (false !== ($file = readdir($dir_handle))) {
@@ -110,7 +108,7 @@ function availableCalendars($username, $password, $cal_filename, $admin = false)
 			if (in_array($cal_name, $blacklisted_cals)) continue;
 			// If HTTP authenticated, make sure this calendar is available
 			// to the user.
-			if (isset($http_user) && !in_array($cal_name, $apache_map[$http_user])) continue;
+			if (isset($http_user) && isset($apache_map[$http_user]) && !in_array($cal_name, $apache_map[$http_user])) continue;
 
 			// Make sure this calendar is not locked.
 			if (!$admin && in_array($cal_name, $locked_cals) && !in_array($cal_name, $unlocked_cals)) continue;
@@ -157,10 +155,10 @@ function availableCalendarNames($username, $password, $cal_filename, $admin = fa
 //
 // $cal_path	= The path to the calendar file.
 function getCalendarName($cal_path) {
-	global $support_ical;
+	global $phpiCal_config;
 
 	// If iCal is supported, check the directory for an Info.plist.
-	if ($support_ical == 'yes') {
+	if ($phpiCal_config->support_ical == 'yes') {
 		// Look for the Info.plist file.
 		$plist_filename = dirname($cal_path)."/Info.plist";
 		if (is_file($plist_filename)) {
@@ -186,7 +184,7 @@ function getCalendarName($cal_path) {
 //
 // $cals	= The calendars (entire path, e.g. from availableCalendars).
 function display_ical_list($cals, $pick=FALSE) {
-	global $cal, $current_view, $getdate, $calendar_lang, $all_cal_comb_lang, $cal_filelist, $cal_displaynames, $phpiCal_config;
+	global $cal, $current_view, $getdate, $lang, $calendar_lang, $all_cal_comb_lang, $cal_filelist, $cal_displaynames, $phpiCal_config;
 	// Print each calendar option.
 	$return = '';
 	foreach ($cals as $cal_tmp) {
@@ -216,7 +214,7 @@ function display_ical_list($cals, $pick=FALSE) {
 					if ($prop_pos !== false) $property = substr($property,0,$prop_pos);
 					$property = strtoupper($property);
 					if ($property == "X-WR-CALNAME"){
-						$cal_displayname_tmp = $data;
+						$cal_displayname_tmp = stripslashes($data);
 						break;
 					}
 				}	

functions/ical_parser.php

@@ -128,6 +128,7 @@
 			$line = trim(stripslashes($line));
 
 			switch ($line) {
+				case 'BEGIN:VFREEBUSY':
 				case 'BEGIN:VEVENT':
 					// each of these vars were being set to an empty string
 					unset (
@@ -165,7 +166,7 @@
 					$organizer		= array();
 
 					break;
-				
+				case 'END:VFREEBUSY':
 				case 'END:VEVENT':
 					include BASE."functions/parse/end_vevent.php";			
 					break;

functions/init.inc.php

@@ -75,14 +75,14 @@
 		substr($cal_filename, 0, 9) == 'webcal://')
 	{
 		#jump sends cal url without .ics extension.  Add it if needed.
-		if (substr($cal_filename, -4) != ".ics") $cal_filename .= ".ics";
+	#	if (substr($cal_filename, -4) != ".ics") $cal_filename .= ".ics";
 		$web_cals[] = $cal_filename;
 	}
 
 	// Otherwise it is a local calendar.
 	else {
 		// Check blacklisted.
-		if (in_array($cal_filename, $phpiCal_config->blacklisted_cals)  && $cal_filename !='') {
+		if (in_array($cal_filename, $blacklisted_cals)  && $cal_filename !='') {
 			exit(error($lang['l_error_restrictedcal'], $cal_filename));
 		}
 		$local_cals[] = urldecode(str_replace(".ics", '', basename($cal_filename)));

functions/init/cpaths.php

@@ -26,7 +26,7 @@
   $template = $user_template["$cpath"]; 
 }
 #set up specific webcals for a particular cpath
-if (isset($more_webcals) && is_array($more_webcals[$cpath])){
-	$list_webcals = array_merge($list_webcals, $more_webcals["$cpath"]);
+if (isset($more_webcals[$cpath]) && is_array($more_webcals[$cpath])){
+	foreach ($more_webcals[$cpath] as $wcal)$list_webcals[] = $wcal;
 }
 $phpiCal_config->setProperty('calendar_path',$calendar_path);

functions/init/date_range.php

@@ -33,6 +33,7 @@
 		$mArray_begin = mktime (0,0,0,$start_month,1,($start_year));
 		$mArray_end = mktime (0,0,0,$end_month,31,($end_year));
 		break;
+	case 'admin':
 	case 'error':
 	case 'preferences':
 		$mArray_begin = time();

functions/parse/parse_tzs.php

@@ -1,6 +1,6 @@
 <?php
 $ifile = @fopen($filename, "r");
-if ($ifile == FALSE) exit(error($lang['l_error_cantopen'], $filename));
+if ($ifile == FALSE) exit(error($lang['l_error_cantopen']." parse_tz", $filename));
 $nextline = fgets($ifile);
 if (trim($nextline) != 'BEGIN:VCALENDAR') exit(error($lang['l_error_invalidcal'], $filename));
 

functions/parse/recur_functions.php

@@ -251,4 +251,4 @@ function dump_times($times){
 	#var_dump($times);
 	foreach($times as $time) echo "\ndate:".date("Y-m-d H:i:s",$time);
 	echo "</pre>";
-}
+}