owncalendar/share.php

179 lines
No EOL
6.7 KiB
PHP

<?php
/**
* Copyright (c) 2014 Michał "rysiek" Woźniak <rysiek@hackerspace.pl>
* This file is licensed under the Affero General Public License version 3 or
* later.
* See the COPYING-README file.
*/
OCP\App::checkAppEnabled('calendar');
function calendar404($msg=null) {
$errorTemplate = new OCP\Template('calendar', 'part.404', '');
if ($msg !== null) $errorTemplate->assign('message', $msg);
$errorContent = $errorTemplate->fetchPage();
header('HTTP/1.0 404 Not Found');
$tmpl = new OCP\Template('', '404', 'guest');
$tmpl->assign('content', $errorContent);
$tmpl->printPage();
exit();
}
function calendar403() {
header('HTTP/1.0 403 Forbidden');
$tmpl = new OCP\Template('', '403', 'guest');
$tmpl->printPage();
exit();
}
if (\OC_Appconfig::getValue('core', 'shareapi_allow_links', 'yes') !== 'yes')
calendar404('Link-sharing is disabled by admin.');
if (isset($_GET['t'])) {
$token = $_GET['t'];
$linkItem = OCP\Share::getShareByToken($token, false);
if (is_array($linkItem) && isset($linkItem['uid_owner'])) {
// seems to be a valid share
$rootLinkItem = OCP\Share::resolveReShare($linkItem);
}
}
// apparently, we have something to work with
if (isset($rootLinkItem)) {
// is there a type?
if (!isset($linkItem['item_type'])) {
// nope -> 404
OCP\Util::writeLog('share', 'No item type set for share id: ' . $linkItem['id'], \OCP\Util::ERROR);
calendar404('No such share.');
}
// the full URL
$url = OCP\Util::linkToPublic('calendar') . '&t=' . $token;
// let's set the token in the session for further reference
\OC::$session->set('public_link_token', $token);
\OC::$session->set('public_link_owner', $linkItem['uid_owner']);
// do we have a password on this share?
if (isset($linkItem['share_with'])) {
// do we have a password in POST?
if (isset($_POST['password'])) {
// cool, let's use it, shall we?
$password = $_POST['password'];
// there is a single SHARE_TYPE that is of use here: SHARE_TYPE_LINK
if ($linkItem['share_type'] == OCP\Share::SHARE_TYPE_LINK) {
// Check Password
$hasher = new PasswordHash(8, (CRYPT_BLOWFISH != 1));
// does the password match?
if (!($hasher->CheckPassword($password.OC_Config::getValue('passwordsalt', ''),
$linkItem['share_with']))) {
// NOPE! Chuck Testa! Log it.
OCP\Util::writeLog('share', 'Wrong password!', \OCP\Util::ERROR);
// inform the user
$tmpl = new OCP\Template('calendar', 'authenticate', 'guest');
$tmpl->assign('URL', $url);
$tmpl->assign('wrongpw', true);
$tmpl->printPage();
exit();
} else {
// Save item id in session for future requests
\OC::$session->set('public_link_authenticated', $linkItem['id']);
}
// this only works for SHARE_TYPE_LINK, hence...
} else {
// ...if it is not SHARE_TYPE_LINK, complain!
OCP\Util::writeLog('share', 'Unknown share type '.$linkItem['share_type']
.' for share id '.$linkItem['id'], \OCP\Util::ERROR);
calendar404('Unknown share type.');
}
} else {
// Check if item id is set in session
if ( ! \OC::$session->exists('public_link_authenticated')
|| \OC::$session->get('public_link_authenticated') !== $linkItem['id']
) {
// Prompt for password
$tmpl = new OCP\Template('calendar', 'authenticate', 'guest');
$tmpl->assign('URL', $url);
$tmpl->printPage();
exit();
}
}
}
// Download the item
if (isset($_GET['download'])) {
OCP\Util::writeLog('calendar', __FILE__ . ' : ' . __METHOD__, OCP\Util::ERROR);
// calendar
if ($linkItem['item_type'] === 'calendar') {
OCP\Util::writeLog('calendar', __FILE__ . ' : ' . __METHOD__, OCP\Util::ERROR);
$data = OC_Calendar_App::getCalendar($rootLinkItem['item_source'], true, true);
$type = OC_Calendar_Export::CALENDAR;
// event
} else {
OCP\Util::writeLog('calendar', __FILE__ . ' : ' . __METHOD__, OCP\Util::ERROR);
$data = OC_Calendar_App::getEventObject($rootLinkItem['item_source'], true, true);
$type = OC_Calendar_Export::EVENT;
}
if(!$data) {
OCP\Util::writeLog('share', 'forbidden!', \OCP\Util::ERROR);
header('HTTP/1.0 403 Forbidden');
exit;
}
header('Content-Type: text/calendar');
header('Content-Disposition: inline; filename=' . str_replace(' ', '-', $data['displayname']) . '.ics');
// export the data
// if it is a link-shared concrete event, ignore security
// calendars should be shared *with* security enabled, so as to not divulge private/busy events
echo OC_Calendar_Export::export($rootLinkItem['item_source'], $type, ($type !== OC_Calendar_Export::EVENT) );
exit();
// Display the calendar
} elseif ($linkItem['item_type'] === 'calendar') {
OCP\Util::addscript('calendar/3rdparty/fullcalendar', 'fullcalendar');
OCP\Util::addStyle('calendar/3rdparty/fullcalendar', 'fullcalendar');
OCP\Util::addscript('3rdparty/timepicker', 'jquery.ui.timepicker');
OCP\Util::addStyle('3rdparty/timepicker', 'jquery.ui.timepicker');
OCP\Util::addscript('calendar', 'calendar');
OCP\Util::addStyle('calendar', 'style');
OCP\Util::addStyle('calendar', 'tooltips');
OCP\Util::addscript('', 'jquery.multiselect');
OCP\Util::addStyle('', 'jquery.multiselect');
OCP\Util::addscript('calendar','jquery.multi-autocomplete');
OCP\Util::addscript('','tags');
OCP\Util::addscript('calendar','on-event');
OCP\Util::addscript('calendar','settings');
OCP\App::setActiveNavigationEntry('calendar_index');
$tmpl = new OCP\Template('calendar', 'calendar', 'base');
$tmpl->assign('link_shared_calendar_name', $linkItem['item_target']);
$tmpl->assign('link_shared_calendar_owner', $linkItem['uid_owner']);
$tmpl->assign('link_shared_calendar_url', $url);
$tmpl->assign('timezone', OC_Calendar_App::$tz);
$tmpl->assign('timezones',DateTimeZone::listIdentifiers());
$tmpl->printPage();
// Display the event
} elseif ($linkItem['item_type'] === 'event') {
OCP\Util::addStyle('calendar', 'style');
OCP\Util::addStyle('calendar', 'tooltips');
OCP\Util::addscript('calendar','settings');
OCP\App::setActiveNavigationEntry('calendar_index');
$tmpl = new OCP\Template('calendar', 'event', 'base');
$tmpl->assign('link_shared_event', $linkItem);
$tmpl->assign('link_shared_event_url', $url);
$tmpl->assign('timezone', OC_Calendar_App::$tz);
$tmpl->assign('timezones',DateTimeZone::listIdentifiers());
$tmpl->printPage();
}
exit();
} else {
OCP\Util::writeLog('share', 'could not resolve linkItem', \OCP\Util::DEBUG);
}
calendar404();