THIS IS STILL EXPERIMENTAL CODE do not use in production. * @note this script is supposed to be at: egw-root/icalsrv.php * * @version 0.9.36-ng-a1 first version for NAPI-3.1 (write in non owner rscs) * @date 20060410 * @author Jan van Lieshout Rewrite and extension for egw 1.2. * (see: @url http://www.egroupware.org ) * * Based on some code from: * @author RalfBecker@outdoor-training.de (some original code base) * * license:
* This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the * Free Software Foundation; either version 2 of the License, or (at your * option) any later version. * * @todo make this 'ical-service' enabled/disabled from the egw * admin interface * @todo make the definition of virtual calendars possible from a 'ical-service' web * user interface user * @bug if you dont have enough privilages to access a personal calendar of someone * icalsrv will not give you an access denied error, but will just return no events * from this calendar. (Needed otherwise you cannot collect events from multiple resources * into a single virtual calendar. * * @todo make code robust against xss attacke etc. */ //-------- basic operation configuration variables ---------- $logdir = false; // set to false for no logging #$logdir = '/tmp'; // set to a valid (writable) directory to get log file generation // set to true for debug logging to errorlog #$isdebug = True; $isdebug = False; /** Disallow users to import in non owned calendars and infologs * @var boolean $disable_nonowner_import */ $disable_nonowner_import = false; // icalsrv variant with session setup modeled after xmlrpc.php $GLOBALS['egw_info'] = array(); $GLOBALS['egw_info']['flags'] = array( 'currentapp' => 'login', 'noheader' => True, 'disable_Template_class' => True ); include('header.inc.php'); // silly for now but who knows... $GLOBALS['egw_info']['server']['icalsrv'] = true; /** Control and status of the icalsrv session setup * @bug icalsrv enabled checking is not yet working... * @var array $icalsrv */ $icalsrv = array(); // Somehow check if icalsrv is enabled none of the 2 ways works yet.. // either via 1: $icalsrv['enabled'] = isset($GLOBALS['egw_info']['user']['apps']['icalsrv']); // or via 2: the configdata $c =& CreateObject('phpgwapi.config','icalsrv'); $c->read_repository(); $config =& $c->config_data; unset($c); $icalsrv['enabled'] = $config['icalsrv_enabled']; // or via 3: force it! Yes this works :-) $icalsrv['enabled'] = true; if(!$icalsrv['enabled']) { fail_exit('IcalSRV not enabled','403'); } // now check if we have a session there (according to cookie and auth) // define this function ourselves if not there.. if(!function_exists('getallheaders')) { function getallheaders(){ settype($headers,'array'); foreach($_SERVER as $h => $v) { if(ereg('HTTP_(.+)',$h,$hp)){ $headers[$hp[1]] = $v; } } return $headers; } } $headers = getallheaders(); $auth_header = $headers['Authorization'] ? $headers['Authorization'] : $headers['authorization']; if(eregi('Basic *([^ ]*)',$auth_header,$auth)) { list($sessionid,$kp3) = explode(':',base64_decode($auth[1])); // echo "auth='$auth[1]', sessionid='$sessionid', kp3='$kp3'\n"; } else { $sessionid = get_var('sessionid',array('COOKIE','GET')); $kp3 = get_var('kp3',array('COOKIE','GET')); } if($icalsrv['session_ok'] = $GLOBALS['egw']->session->verify($sessionid,$kp3)){ $s_user_id = $GLOBALS['egw_info']['user']['account_id']; // check if the new user is the one from the session $a_user_id = $GLOBALS['egw']->accounts->name2id($_SERVER['PHP_AUTH_USER']); if( !($a_user_id == $s_user_id)){ $icalsrv['session_ok'] = false; } } else { if($isdebug) error_log('NO OLD SESSION'); } if (!$icalsrv['session_ok'] and isset($_SERVER['PHP_AUTH_USER']) and isset($_SERVER['PHP_AUTH_PW'])) { $login = $_SERVER['PHP_AUTH_USER']; $domain = 'default'; $sess_id = $GLOBALS['egw']->session->create($login.'@'.$domain, $_SERVER['PHP_AUTH_PW'], 'text'); if ($sess_id) { $icalsrv['session_ok'] = true; $GLOBALS['egw_info']['user']['account_id'] = $sess_id->account_id; } } if($icalsrv['session_ok']){ $icalsrv['authed'] = $GLOBALS['egw']->auth->authenticate($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']); } // bad session or bad authentication so please re-authenticate.. if (!($icalsrv['session_ok'] && $icalsrv['authed'])) { header('WWW-Authenticate: Basic realm="ICal Server"'); header('HTTP/1.1 401 Unauthorized'); exit; } // oke we have a session! // now set the variables that will control the working mode of icalvircal // the defines are in the egwical_resourcehandler sourcefile require_once EGW_SERVER_ROOT. '/egwical/inc/class.egwical_resourcehandler.inc.php' ; /** uid mapping export configuration switch * @var int * Parameter that determines, a the time of export from Egw (aka dowload by client), how * ical elements (like VEVENT's) get their uid fields filled, from data in * the related Egroupware element. * See further in @ref secuidmapping in the egwical_resourcehandler documentation. */ $uid_export_mode = UMM_ID2UID; /** uid mapping import configuration switch * @var int * Parameter that determines, at the time of import into Egw (aka publish by client), how * ical elements (like VEVENT's) will find, based on their uid fields, related egw * elements, that are then updated with the ical info. * See further in @ref secuidmapping in the egwical_resourcehandler documentation. */ $uid_import_mode = UMM_UID2ID; /** * @section secisuidmapping Basic Possible settings of UID to ID mapping. * * @warning the default setting in icalsrv.php is one of the 3 basic uid mapping modes: * #The standard mode that allows a published client calendar to add new events and todos * to the egw calendar, and allows to update already before published (to egw) and * at least once downloaded (from egw) events and todos. * . * setting:
$uid_export_mode = UMM_ID2UID; $uid_import_mode = UMM_UID2ID; 
(default) * #The fool proof mode that will prevent accidental change or deletion of existing * egw events or todos. Note that the price to pay is duplication on republishing or * re-download! * . * setting:
$uid_export_mode = UMM_NEWUID; $uid_import_mode = UMM_NEWID; 
(discouraged) * #The flaky sync mode that in principle would make each event and todo recognizable by * both the client and egw at each moment. In this mode a once given uid field is both used * in the client and in egw. Unfortunately there are quite some problems with this, making it * very unreliable to use! * . * setting:
$uid_export_mode = UMM_UID2UID; $uid_import_mode = UMM_UID2UID; 
(discouraged!) */ /** allow elements gone(deleted) in egw to be imported again from client * @var boolean $reimport_missing_elements */ $reimport_missing_elements = true; //-------- end of basic operation configuration variables ---------- #error_log('_SERVER:' . print_r($_SERVER, true)); // go parse our request uri $requri = $_SERVER['REQUEST_URI']; $reqpath= $_SERVER['PATH_INFO']; $reqagent = $_SERVER['HTTP_USER_AGENT']; # maybe later also do something with content_type? # if (!empty($_SERVER['CONTENT_TYPE'])) { # if (strpos($_SERVER['CONTENT_TYPE'], 'application/vnd....+xml') !== false) { # ical/ics ??? // ex1: $requri='egroupware/icalsrv.php/demouser/todos.ics' // then $reqpath='/demouser/todos.ics' // $rvc_owner='demouser' // $rvc_basename='/todos.ics' // ex2:or $recuri ='egroupware/icalsrv.php/uk/holidays.ics' // then $reqpath='/uk/holidays.ics' // $rvc_owner = null; // unset // $rvc_basename=null; // unset // ex3: $requri='egroupware/icalsrv.php/demouser/todos?pw=mypw01' // then $reqpath='/demouser/todos.ics' // $rvc_owner='demouser' // $rvc_basename='/todos.ics' // $_GET['pw'] = 'mypw01' // S-- parse the $reqpath to get $reqvircal names unset($reqvircal_owner); unset($reqvircal_owner_id); unset($reqvircal_basename); if(empty($_SERVER['PATH_INFO'])){ // no specific calendar requested, so do default.ics $reqvircal_pathname = '/default.ics'; // try owner + base for a personal vircal request } elseif (preg_match('#^/([\w]+)(/[^<^>^?]+)$#', $_SERVER['PATH_INFO'], $matches)){ $reqvircal_pathname = $matches[0]; $reqvircal_owner = $matches[1]; $reqvircal_basename = $matches[2]; if(!$reqvircal_owner_id = $GLOBALS['egw']->accounts->name2id($reqvircal_owner)){ // owner is unknown, so forget about personal calendar unset($reqvircal_owner); unset($reqvircal_basename); } // check for decent non personal path } elseif (preg_match('#^(/[^<^>]+)$#', $_SERVER['PATH_INFO'], $matches)){ $reqvircal_pathname = $matches[0]; // just default to standard path } else { $reqvircal_pathname = 'default.ics'; } if($isdebug) error_log('http-user-agent:' . $reqagent . ',pathinfo:' . $reqpath . ',rvc_pathname:' . $reqvircal_pathname . ',rvc_owner:' . $reqvircal_owner . ',rvc_owner_id:' . $reqvircal_owner_id . ',rvc_basename:' . $reqvircal_basename); // S1A search for the requested calendar in the vircal_ardb's if(is_numeric($reqvircal_owner_id)){ // check if the requested personal calender is provided by the owner.. /** * @todo 1. create somehow the list of available personal vircal arstores * note: this should be done via preferences and read repository, but how.... * I have to find out and write it... */ // find personal database of (array stored) virtual calendars $cnmsg = 'calendar [' . $reqvircal_basename . '] for user [' . $reqvircal_owner . ']'; $vo_personal_vircal_ardb =& CreateObject('icalsrv.personal_vircal_ardb', $reqvircal_owner_id); if(!(is_object($vo_personal_vircal_ardb))){ error_log('icalsrv.php: couldnot create personal vircal_ardb for user:' . $reqvircal_owner); fail_exit('couldnot access' . $cnmsg, '403'); } // check if a //list.html is requested if ($reqvircal_basename == '/list.html'){ echo $vo_personal_vircal_ardb->listing(1); $GLOBALS['egw']->common->egw_exit(); } # error_log('vo_personal_vircal_ardb:' . print_r($vo_personal_vircal_ardb->calendars, true)); // search our calendar in personal vircal database if(!($vircal_arstore = $vo_personal_vircal_ardb->calendars[$reqvircal_basename])){ error_log('icalsrv.php: ' . $cnmsg . ' not found.'); fail_exit($cnmsg . ' not found.' , '404'); } // oke we have a valid personal vircal in array_storage format! } else { // check if the requested system calender is provided by system $cnmsg = 'system calendar [' . $reqvircal_pathname . ']'; /** * @todo 1. create somehow the list of available system vircal * arstores note: this should be done via preferences and read * repository, but how.... I have to find out */ // find system database of (array stored) virtual calendars $system_vircal_ardb = CreateObject('icalsrv.system_vircal_ardb'); if(!(is_object($system_vircal_ardb))){ error_log('icalsrv.php: couldnot create system vircal_ardb'); fail_exit('couldnot access ' . $cnmsg, '403'); } // check if a /list.html is requested if ($reqvircal_pathname == '/list.html'){ echo $system_vircal_ardb->listing(1); $GLOBALS['egw']->common->egw_exit(); } // search our calendar in system vircal database if(!($vircal_arstore = $system_vircal_ardb->calendars[$reqvircal_pathname])){ fail_exit($cnmsg . ' not found', '404'); } // oke we have a valid system vircal in array_storage format! } if($isdebug) error_log('vircal_arstore:' . print_r($vircal_arstore, true)); // build a virtual calendar with ical facilities from the found vircal // array_storage data $icalvc =& CreateObject('icalsrv.icalvircal'); if(! $icalvc->fromArray($vircal_arstore)){ error_log('icalsrv.php: ' . $cnmsg . ' couldnot restore from repository.' ); fail_exit($cnmsg . ' internal problem ' , '403'); } // YES: $icalvc created ok! acces rights needs to be checked though! // HACK: ATM basic auth is always needed!! (JVL) ,so we force icalvc into it $icalvc->auth = ':basic'; // check if the virtual calendar demands authentication if(strpos($icalvc->auth,'none') !== false){ // no authentication demanded so continue } elseif(strpos($icalvc->auth,'basic') !== false){ //basic http authentication demanded //so exit on non authenticated http request //-- As we atm only allow authenticated users the // actions in the next lines are already done at the begining // of this file -- // if ((!isset($_SERVER['PHP_AUTH_USER'])) || // (!$GLOBALS['egw']->auth->authenticate($_SERVER['PHP_AUTH_USER'], // $_SERVER['PHP_AUTH_PW']))) { // if($isdebug) // error_log('SESSION IS SETUP, BUT AUTHENTICATE FAILED'.$_SERVER['PHP_AUTH_USER'] ); // header('WWW-Authenticate: Basic realm="ICal Server"'); // header('HTTP/1.1 401 Unauthorized'); // exit; // } // // else, use the active basic authentication to set preferences // $user_id = $GLOBALS['egw']->accounts->name2id($_SERVER['PHP_AUTH_USER']); // $GLOBALS['egw_info']['user']['account_id'] = $user_id; // error_log(' ACCOUNT SETUP FOR' // . $GLOBALS['egw_info']['user']['account_id']); } elseif(strpos($icalvc->auth,'ssl') !== false){ // ssl demanded, check if we are in https authenticated connection // if not redirect to https error_log('icalsrv.php:' . $cnmsg . ' demands secure connection'); fail_exit($cnmsg . ' demands secure connection: please use https', '403'); } else { error_log('*** icalsrv.php:' . $cnmsg . ' requires unknown authentication method:' . $icalcv->auth); fail_exit($cnmsg . ' demands unavailable authentication method:' . $icalcv->auth, '403'); } /** * @todo this extra password checkin should, at least for logged-in users, * better be incorporated in the ACL checkings. At some time... */ // check if an extra password is needed too if(strpos($icalvc->auth,'passw') !== false){ //extra parameter password authentication demanded //so exit if pw parameter is not valid if ((!isset($_GET['password'])) || (!$icalvc->pw !== $_GET['password']) ) { error_log('icalsrv.php:' . $cnmsg . ' demands extra password parameter'); fail_exit($cnmsg . ' demands extra password parameter', '403'); } } // now we are authenticated enough // go setup import and export mode in our ical virtual calendar $icalvc->uid_mapping_export = $uid_export_mode; $icalvc->uid_mapping_import = $uid_import_mode; $icalvc->reimport_missing_elements = $reimport_missing_elements; $logmsg = ""; // oke now process the actual import or export to/from icalvc.. if ($_SERVER['REQUEST_METHOD'] == 'PUT') { // *** PUT Request so do an Import ************* if($isdebug) error_log('icalsrv.php: importing, by user:' .$GLOBALS['egw_info']['user']['account_id'] . ' for virtual calendar of: ' . $reqvircal_owner_id); // check if importing in not owned calendars is disabled if($reqvircal_owner_id && ($GLOBALS['egw_info']['user']['account_id'] !== $reqvircal_owner_id)){ if($disable_nonowner_import){ error_log('icalsrv.php: importing in non owner calendars currently disabled'); fail_exit('importing in non owner calendars currently disabled', '403'); } } if(isset($reqvircal_owner_id) && ($reqvircal_owner_id < 0)){ error_log('icalsrv.php: importing in group calendars not allowed'); fail_exit('importing in groupcalendars is not allowed', '403'); } // I0 read the payload $logmsg = 'IMPORTING in '. $importMode . ' mode'; $fpput = fopen("php://input", "r"); $vcalstr = ""; while ($data = fread($fpput, 1024)){ $vcalstr .= $data; } fclose($fpput); // import the icaldata into the virtual calendar // note: ProductType is auto derived from $vcalstr $import_table =& $icalvc->import_vcal($vcalstr); // count the successes.. if ($import_table === false) { $msg = 'icalsrv.php: importing '. $cnmsg . ' ERRORS'; fail_exit($msg,'403'); } else { $logmsg .= "\n imported " . $cnmsg . ' : '; foreach ($import_table as $rsc_class => $vids){ $logmsg .= "\n resource: " . $rsc_class . ' : ' . count($vids) .' elements OK'; } } // DONE importing if($logdir) log_ical($logmsg,"import",$vcalstr); // handle response ... $GLOBALS['egw']->common->egw_exit(); } else { // *** GET (or POST?) Request so do an export $logmsg = 'EXPORTING'; // derive a ProductType from our http Agent and set it in icalvc $icalvc->deviceType = egwical_resourcehandler::httpUserAgent2deviceType($reqagent); // export the data from the virtual calendar $vcalstr = $icalvc->export_vcal(); // handle response if ($vcalstr === false) { $msg = 'icalsrv.php: exporting '. $cnmsg . ' ERRORS'; fail_exit($msg,'403'); } else { $logmsg .= "\n exported " . $cnmsg ." : OK "; } // DONE exporting if($logdir) log_ical($logmsg,"export",$vcalstr); // handle response ... echo $vcalstr; $GLOBALS['egw']->common->egw_exit(); } // // --- SOME UTILITY FUNCTIONS ------- /** * Exit with an error message in html * @param $msg string * message that gets return as html error description */ function fail_exit($msg, $errno = '403') { // log the error in the http server error logging files error_log('resp: ' . $errno . ' ' . $msg); // return http error $errno can this be done this way? header('HTTP/1.1 '. $errno . ' ' . $msg); # header('HTTP/1.1 403 ' . $msg); $GLOBALS['egw']->common->egw_exit(); } /* * Log info and data to logfiles if logging is set * * @param $msg string with loginfo * @param $data data to be logged * @param $icalmethod $string value can be import or export * @global $logdir string/boolean log directory. Set to false to disab logging */ function log_ical($msg,$icalmethod="data",$data) { global $logdir; if (!$logdir) return; // loggin seems off // some info used for logging $logstamp = date("U"); $loguser = $_SERVER['PHP_AUTH_USER']; $logdate = date("Ymd:His"); // filename for log info, only used when logging is on $fnloginfo = "$logdir/ical.log"; // log info $fnlogdata = $logdir . "/ical." . $icalmethod . '.' . $logstamp . ".ics"; $fp = fopen("$fnloginfo",'a+'); fwrite($fp,"\n\n$loguser on $logdate : $msg, \n data in $fnlogdata "); fclose($fp); // log data $fp = fopen("$fnlogdata", "w"); fputs($fp, $data); fclose($fp); } ?>