-
Notifications
You must be signed in to change notification settings - Fork 75
/
nulogin.php
83 lines (63 loc) · 2.46 KB
/
nulogin.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
<?php
/**
* This page handles logins for nonuser calendars.
*/
require_once 'includes/translate.php';
require_once 'includes/classes/WebCalendar.php';
$WebCalendar = new WebCalendar( __FILE__ );
require_once 'includes/config.php';
require_once 'includes/dbi4php.php';
require_once 'includes/formvars.php';
require_once 'includes/functions.php';
$WebCalendar->initializeFirstPhase();
require_once "includes/$user_inc";
require_once 'includes/access.php';
require_once 'includes/gradient.php';
$WebCalendar->initializeSecondPhase();
load_global_settings();
$WebCalendar->setLanguage();
if ( $single_user == 'Y'/* No login for single-user mode.*/ ||
$use_http_auth )/* No web login for HTTP-based authentication.*/
die_miserable_death ( print_not_auth() );
$login = getValue ('login');
if (empty($login))
die_miserable_death( translate( 'A login must be specified.' ) );
$login2 = chkXSS('login');
if($login != $login2)
die_miserable_death( translate( 'A login must be specified.' ) );
$badLoginStr = translate('Illegal characters in login XXX.');
if ($login != addslashes($login) || $login != htmlentities(trim($login)))
die_miserable_death( str_replace('XXX', htmlentities($login), $badLoginStr));
$login = htmlentities(trim($login));
$date = getValue ( 'date' );
$return_path = getValue ( 'return_path' );
// Was a return path set?
$url = ( ! empty ( $return_path )
? clean_whitespace ( $return_path
. ( ! empty ( $date ) ? '?date=' . $date : '' ) )
: 'index.php' );
if ( $login == '__public__' )
do_redirect ( $url );
if ( ! nonuser_load_variables ( $login, 'temp_' ) )
die_miserable_death ( translate ( 'No such nonuser calendar' )
. ": $login" );
if ( empty ( $temp_is_public ) || $temp_is_public != 'Y' )
die_miserable_death ( print_not_auth() );
// calculate path for cookie
if ( empty ( $PHP_SELF ) )
$PHP_SELF = $_SERVER['PHP_SELF'];
$cookie_path = str_replace ( 'nulogin.php', '', $PHP_SELF );
// echo "Cookie path: $cookie_path\n";
$login = trim ( $login );
$badLoginStr = translate ( 'Illegal characters in login XXX.' );
if ( $login != addslashes ( $login ) )
die_miserable_death (
str_replace ( 'XXX', htmlentities ( $login ), $badLoginStr ) );
// Allow proper login using NUC name
$encoded_login = encode_string ( $login . '|nonuser' );
// set login to expire in 365 days
sendCookie ( 'webcalendar_session', $encoded_login,
( ! empty ( $remember ) && $remember == 'yes' ?
31536000 + time() : 0 ), $cookie_path );
do_redirect ( $url );
?>