extern/egroupware_official
1
0
Fork 0
mirror of https://github.com/EGroupware/egroupware.git synced 2024-11-23 00:13:35 +01:00
Code Issues Packages Projects Releases Wiki Activity

rel. 0.9.34-ng-a4x now acl working

Browse Source
This commit is contained in:
Jan v. Lieshout 2006-04-07 22:11:25 +00:00
parent 9601390322
commit 3353946f62
1 changed files with 123 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

163
icalsrv.php
View File

@ -10,8 +10,8 @@
* @note <b> THIS IS STILL EXPERIMENTAL CODE </b> do not use in production. * @note <b> THIS IS STILL EXPERIMENTAL CODE </b> do not use in production.
* @note this script is supposed to be at: egw-root/icalsrv.php * @note this script is supposed to be at: egw-root/icalsrv.php
* *
* @version 0.9.33NG-a4 first version for use with virtual calendars * @version 0.9.34-ng-a4x first version with xmlrpc copied session handling
* @date 20060329 * @date 20060407
* @author Jan van Lieshout <jvl (at) xs4all.nl> Rewrite and extension for egw 1.2. * @author Jan van Lieshout <jvl (at) xs4all.nl> Rewrite and extension for egw 1.2.
* (see: @url http://www.egroupware.org ) * (see: @url http://www.egroupware.org )
* *
@ -34,8 +34,6 @@
* into a single virtual calendar. * into a single virtual calendar.
* *
* @todo make code robust against xss attacke etc. * @todo make code robust against xss attacke etc.
* @todo check that the reqvircal_owner is the same as the logged in user or ....
* @todo add possibly some ACL checking and granting via the vircal definitions
*/ */
//-------- basic operation configuration variables ---------- //-------- basic operation configuration variables ----------
@ -47,21 +45,107 @@ $logdir = false; // set to false for no logging
#$isdebug = True; #$isdebug = True;
$isdebug = False; $isdebug = False;
// add flags array to egw_info // icalsrv variant with session setup modeled after xmlrpc.php
$GLOBALS['egw_info'] = array('flags' => array(),);
// for sure, configure noapi flags $GLOBALS['egw_info'] = array();
$GLOBALS['egw_info']['flags'] = array( $GLOBALS['egw_info']['flags'] =
'currentapp' => 'login', array(
'noheader' => True, 'currentapp' => 'login',
'nonavbar' => True, 'noheader' => True,
'disable_Template_class' => True, 'disable_Template_class' => True
'noapi' => True );
); include('header.inc.php');
#$GLOBALS['egw_info']['flags']['currentapp'] = 'home'; // silly for now but who knows...
include('./header.inc.php'); $GLOBALS['egw_info']['server']['icalsrv'] = true;
include ('./phpgwapi/inc/functions.inc.php');
/** Control and status of the icalsrv session setup
* @bug icalsrv enabled checking is not yet working...
* @var array $icalsrv
*/
$icalsrv = array();
// Somehow check if icalsrv is enabled none of the 2 ways works yet..
// either via 1:
$icalsrv['enabled'] = isset($GLOBALS['egw_info']['user']['apps']['icalsrv']);
// or via 2: the configdata
$c =& CreateObject('phpgwapi.config','icalsrv');
$c->read_repository();
$config =& $c->config_data;
unset($c);
$icalsrv['enabled'] = $config['icalsrv_enabled'];
// or via 3: force it! Yes this works :-)
$icalsrv['enabled'] = true;
if(!$icalsrv['enabled']) {
fail_exit('IcalSRV not enabled','403');
}
// now check if we have a session there (according to cookie and auth)
// define this function ourselves if not there..
if(!function_exists('getallheaders')) {
function getallheaders(){
settype($headers,'array');
foreach($_SERVER as $h => $v) {
if(ereg('HTTP_(.+)',$h,$hp)){
$headers[$hp[1]] = $v;
}
}
return $headers;
}
}
$headers = getallheaders();
$auth_header = $headers['Authorization']
? $headers['Authorization'] : $headers['authorization'];
if(eregi('Basic *([^ ]*)',$auth_header,$auth)) {
list($sessionid,$kp3) = explode(':',base64_decode($auth[1]));
// echo "auth='$auth[1]', sessionid='$sessionid', kp3='$kp3'\n";
} else {
$sessionid = get_var('sessionid',array('COOKIE','GET'));
$kp3 = get_var('kp3',array('COOKIE','GET'));
}
if($icalsrv['session_ok'] = $GLOBALS['egw']->session->verify($sessionid,$kp3)){
$s_user_id = $GLOBALS['egw_info']['user']['account_id'];
// check if the new user is the one from the session
$a_user_id = $GLOBALS['egw']->accounts->name2id($_SERVER['PHP_AUTH_USER']);
if( !($a_user_id == $s_user_id)){
$icalsrv['session_ok'] = false;
}
} else {
if($isdebug)
error_log('NO OLD SESSION');
}
if (!$icalsrv['session_ok'] and isset($_SERVER['PHP_AUTH_USER'])
and isset($_SERVER['PHP_AUTH_PW'])) {
$login = $_SERVER['PHP_AUTH_USER'];
$domain = 'default';
$sess_id = $GLOBALS['egw']->session->create($login.'@'.$domain, $_SERVER['PHP_AUTH_PW'],
'text');
if ($sess_id) {
$icalsrv['session_ok'] = true;
$GLOBALS['egw_info']['user']['account_id'] = $sess_id->account_id;
}
}
if($icalsrv['session_ok']){
$icalsrv['authed'] = $GLOBALS['egw']->auth->authenticate($_SERVER['PHP_AUTH_USER'],
$_SERVER['PHP_AUTH_PW']);
}
// bad session or bad authentication so please re-authenticate..
if (!($icalsrv['session_ok'] && $icalsrv['authed'])) {
header('WWW-Authenticate: Basic realm="ICal Server"');
header('HTTP/1.1 401 Unauthorized');
exit;
}
// no debug for rest needed atm
$isdebug =false;
// oke we have a session!
// now set the variables that will control the working mode of icalvircal // now set the variables that will control the working mode of icalvircal
// the defines are in the egwical_resourcehandler sourcefile // the defines are in the egwical_resourcehandler sourcefile
@ -113,8 +197,7 @@ $uid_import_mode = UMM_UID2ID;
$reimport_missing_elements = true; $reimport_missing_elements = true;
//-------- end of basic operation configuration variables ---------- //-------- end of basic operation configuration variables ----------
#error_log('_SERVER:' . print_r($_SERVER, true)); #error_log('_SERVER:' . print_r($_SERVER, true));
@ -126,7 +209,7 @@ $reqagent = $_SERVER['HTTP_USER_AGENT'];
# maybe later also do something with content_type? # maybe later also do something with content_type?
# if (!empty($_SERVER['CONTENT_TYPE'])) { # if (!empty($_SERVER['CONTENT_TYPE'])) {
# if (strpos($_SERVER['CONTENT_TYPE'], 'application/vnd.syncml+xml') !== false) { # if (strpos($_SERVER['CONTENT_TYPE'], 'application/vnd....+xml') !== false) {
# ical/ics ??? # ical/ics ???
@ -219,8 +302,9 @@ if(is_numeric($reqvircal_owner_id)){
// check if the requested system calender is provided by system // check if the requested system calender is provided by system
$cnmsg = 'system calendar [' . $reqvircal_pathname . ']'; $cnmsg = 'system calendar [' . $reqvircal_pathname . ']';
/** /**
* @todo 1. create somehow the list of available system vircal arstores * @todo 1. create somehow the list of available system vircal
* note: this should be done via preferences and read repository, but how.... I have to find out * arstores note: this should be done via preferences and read
* repository, but how.... I have to find out
*/ */
// find system database of (array stored) virtual calendars // find system database of (array stored) virtual calendars
@ -260,8 +344,6 @@ if(! $icalvc->fromArray($vircal_arstore)){
$icalvc->auth = ':basic'; $icalvc->auth = ':basic';
// check if the virtual calendar demands authentication // check if the virtual calendar demands authentication
if(strpos($icalvc->auth,'none') !== false){ if(strpos($icalvc->auth,'none') !== false){
// no authentication demanded so continue // no authentication demanded so continue
@ -269,24 +351,25 @@ if(strpos($icalvc->auth,'none') !== false){
} elseif(strpos($icalvc->auth,'basic') !== false){ } elseif(strpos($icalvc->auth,'basic') !== false){
//basic http authentication demanded //basic http authentication demanded
//so exit on non authenticated http request //so exit on non authenticated http request
if ((!isset($_SERVER['PHP_AUTH_USER'])) ||
(!$GLOBALS['egw']->auth->authenticate($_SERVER['PHP_AUTH_USER'],
$_SERVER['PHP_AUTH_PW']))) {
header('WWW-Authenticate: Basic realm="ICal Server"');
header('HTTP/1.1 401 Unauthorized');
exit;
}
// else, use the active basic authentication to set preferences //-- As we atm only allow authenticated users the
$user_id = $GLOBALS['egw']->accounts->name2id($_SERVER['PHP_AUTH_USER']); // actions in the next lines are already done at the begining
// of this file --
// if ((!isset($_SERVER['PHP_AUTH_USER'])) ||
// (!$GLOBALS['egw']->auth->authenticate($_SERVER['PHP_AUTH_USER'],
// $_SERVER['PHP_AUTH_PW']))) {
// if($isdebug)
// error_log('SESSION IS SETUP, BUT AUTHENTICATE FAILED'.$_SERVER['PHP_AUTH_USER'] );
// header('WWW-Authenticate: Basic realm="ICal Server"');
// header('HTTP/1.1 401 Unauthorized');
// exit;
// }
$GLOBALS['egw']->preferences->account_id = $user_id; // // else, use the active basic authentication to set preferences
$GLOBALS['egw_info']['user']['preferences'] = // $user_id = $GLOBALS['egw']->accounts->name2id($_SERVER['PHP_AUTH_USER']);
$GLOBALS['egw']->preferences->read_repository(); // $GLOBALS['egw_info']['user']['account_id'] = $user_id;
// error_log(' ACCOUNT SETUP FOR'
// NEXT LINE WILL PREVENT THE access of granted calendars and infologs somehow ???? // . $GLOBALS['egw_info']['user']['account_id']);
$GLOBALS['egw_info']['user']['account_id'] = $user_id;
$GLOBALS['egw_info']['user']['account_lid'] = $_SERVER['PHP_AUTH_USER'];
} elseif(strpos($icalvc->auth,'ssl') !== false){ } elseif(strpos($icalvc->auth,'ssl') !== false){