2
if ( empty ( $PHP_SELF ) && ! empty ( $_SERVER ) &&
3
! empty ( $_SERVER['PHP_SELF'] ) ) {
4
$PHP_SELF = $_SERVER['PHP_SELF'];
6
if ( ! empty ( $PHP_SELF ) && preg_match ( "/\/includes\//", $PHP_SELF ) ) {
7
die ( "You can't access this file directly!" );
12
// Do a sanity check. Make sure we can access webcal_config table.
13
// We call this right after the first call to dbi_connect() (from
14
// either connect.php or here in validate.php).
2
/* $Id: validate.php,v 1.25 2007/07/12 19:29:12 bbannon Exp $ */
3
// Do a sanity check. Make sure we can access webcal_config table. We call this
4
// right after the first call to dbi_connect ()
5
// (from either the WebCalendar class or here in validate.php).
15
6
function doDbSanityCheck () {
16
global $db_login, $db_host, $db_database;
17
$res = @dbi_query ( "SELECT COUNT(cal_value) FROM webcal_config",
7
global $db_database, $db_host, $db_login;
8
$dieMsgStr = 'Error finding WebCalendar tables in database "' . $db_database
9
. '" using db login "' . $db_login . '" on db server "' . $db_host
11
Have you created the database tables as specified in the
12
<a href="docs/WebCalendar-SysAdmin.html" '
13
. ' target="other">WebCalendar System Administrator\'s Guide</a>?';
14
$res = @dbi_execute ( 'SELECT COUNT( cal_value ) FROM webcal_config',
15
array (), false, false );
20
if ( $row = dbi_fetch_row ( $res ) ) {
21
// Found database. All is peachy.
17
if ( $row = dbi_fetch_row ( $res ) )
18
// Found database. All is peachy.
22
19
dbi_free_result ( $res );
24
21
// Error accessing table.
25
22
// User has wrong db name or has not created tables.
26
// Note: cannot translate this since we have not included
23
// Note: can't translate this since translate.php is not included yet.
28
24
dbi_free_result ( $res );
30
"Error finding WebCalendar tables in database '$db_database' " .
31
"using db login '$db_login' on db server '$db_host'.<br/><br/>\n" .
32
"Have you created the database tables as specified in the " .
33
"<a href=\"docs/WebCalendar-SysAdmin.html\" target=\"other\">WebCalendar " .
34
"System Administrator's Guide</a>?" );
37
// Error accessing table.
38
// User has wrong db name or has not created tables.
39
// Note: cannot translate this since we have not included translate.php yet.
41
"Error finding WebCalendar tables in database '$db_database' " .
42
"using db login '$db_login' on db server '$db_host'.<br/><br/>\n" .
43
"Have you created the database tables as specified in the " .
44
"<a href=\"docs/WebCalendar-SysAdmin.html\" target=\"other\">WebCalendar " .
45
"System Administrator's Guide</a>?" );
49
$validate_redirect = false;
50
$session_not_found = false;
52
// Catch-all for getting the username when using HTTP-authentication
53
if ( $use_http_auth ) {
54
if ( empty ( $PHP_AUTH_USER ) ) {
55
if ( !empty ( $_SERVER ) && isset ( $_SERVER['PHP_AUTH_USER'] ) ) {
56
$PHP_AUTH_USER = $_SERVER['PHP_AUTH_USER'];
57
} else if ( !empty ( $HTTP_SERVER_VARS ) &&
58
isset ( $HTTP_SERVER_VARS['PHP_AUTH_USER'] ) ) {
59
$PHP_AUTH_USER = $HTTP_SERVER_VARS['PHP_AUTH_USER'];
60
} else if ( isset ( $REMOTE_USER ) ) {
61
$PHP_AUTH_USER = $REMOTE_USER;
62
} else if ( !empty ( $_ENV ) && isset ( $_ENV['REMOTE_USER'] ) ) {
63
$PHP_AUTH_USER = $_ENV['REMOTE_USER'];
64
} else if ( !empty ( $HTTP_ENV_VARS ) &&
65
isset ( $HTTP_ENV_VARS['REMOTE_USER'] ) ) {
66
$PHP_AUTH_USER = $HTTP_ENV_VARS['REMOTE_USER'];
67
} else if ( @getenv ( 'REMOTE_USER' ) ) {
68
$PHP_AUTH_USER = getenv ( 'REMOTE_USER' );
69
} else if ( isset ( $AUTH_USER ) ) {
70
$PHP_AUTH_USER = $AUTH_USER;
71
} else if ( !empty ( $_ENV ) && isset ( $_ENV['AUTH_USER'] ) ) {
72
$PHP_AUTH_USER = $_ENV['AUTH_USER'];
73
} else if ( !empty ( $HTTP_ENV_VARS ) &&
74
isset ( $HTTP_ENV_VARS['AUTH_USER'] ) ) {
75
$PHP_AUTH_USER = $HTTP_ENV_VARS['AUTH_USER'];
76
} else if ( @getenv ( 'AUTH_USER' ) ) {
77
$PHP_AUTH_USER = getenv ( 'AUTH_USER' );
82
if ( $single_user == "Y" ) {
83
$login = $single_user_login;
85
if ( $use_http_auth ) {
86
// HTTP server did validation for us....
87
if ( empty ( $PHP_AUTH_USER ) )
88
$session_not_found = true;
90
$login = $PHP_AUTH_USER;
92
} elseif ( substr($user_inc,0,9) == 'user-app-' ) {
93
// Use another application's authentication
94
if (! $login = user_logged_in()) app_login_screen(clean_whitespace($login_return_path));
97
if ( ! empty ( $settings['session'] ) && $settings['session'] == 'php' ) {
99
if ( ! empty ( $_SESSION['webcalendar_session'] ) ) {
100
$webcalendar_session = $_SESSION['webcalendar_session'];
103
// We can't actually check the database yet since we haven't connected
104
// to the database. That happens in connect.php.
106
// Check for session. If not found, then note it for later
107
// handling in connect.php.
108
else if ( empty ( $webcalendar_session ) && empty ( $login ) ) {
109
$session_not_found = true;
113
// Check for cookie...
114
if ( ! empty ( $webcalendar_session ) ) {
115
$encoded_login = $webcalendar_session;
116
if ( empty ( $encoded_login ) ) {
117
// invalid session cookie
118
$session_not_found = true;
120
$login_pw = split('\|', decode_string ($encoded_login));
121
$login = $login_pw[0];
122
$cryptpw = $login_pw[1];
123
// Security fix. Don't allow certain types of characters in
124
// the login. WebCalendar does not escape the login name in
125
// SQL requests. So, if the user were able to set the login
126
// name to be "x';drop table u;",
127
// they may be able to affect the database.
128
if ( ! empty ( $login ) ) {
129
if ( $login != addslashes ( $login ) ) {
130
die_miserable_death ( "Illegal characters in login " .
131
"<tt>" . htmlentities ( $login ) . "</tt>" );
134
// make sure we are connected to the database for password check
135
$c = @dbi_connect ( $db_host, $db_login, $db_password, $db_database );
137
die_miserable_death (
138
"Error connecting to database:<blockquote>" .
139
dbi_error () . "</blockquote>\n" );
143
if (!user_valid_crypt($login, $cryptpw)) {
144
do_debug ( "User not logged in; redirecting to login page" );
145
if ( empty ( $login_return_path ) )
146
do_redirect ( "login.php" );
148
do_redirect ( "login.php?return_path=$login_return_path" );
151
do_debug ( "Decoded login from cookie: $login" );
25
die_miserable_death ( $dieMsgStr );
28
die_miserable_death ( $dieMsgStr );