* @copyright Catalyst .Net Ltd, Morphoss Ltd * @license http://gnu.org/copyleft/gpl.html GNU GPL v2 or later */ if ( preg_match('{/always.php$}', $_SERVER['SCRIPT_NAME'] ) ) header('Location: index.php'); // Ensure the configuration starts out as an empty object. $c = (object) array(); $c->script_start_time = microtime(true); // Ditto for a few other global things unset($session); unset($request); unset($dbconn); unset($_awl_dbconn); unset($include_properties); // An ultra-simple exception handler to catch errors that occur // before we get a more functional exception handler in place... function early_exception_handler($e) { echo "Uncaught early exception: ", $e->getMessage(), "\nAt line ", $e->getLine(), " of ", $e->getFile(), "\n"; $trace = array_reverse($e->getTrace()); foreach( $trace AS $k => $v ) { printf( "=====================================================\n%s[%d] %s%s%s()\n", $v['file'], $v['line'], (isset($v['class'])?$v['class']:''), (isset($v['type'])?$v['type']:''), (isset($v['function'])?$v['function']:'') ); } } set_exception_handler('early_exception_handler'); // Default some of the configurable values $c->sysabbr = 'davical'; $c->admin_email = 'admin@davical.example.com'; $c->system_name = 'DAViCal CalDAV Server'; $c->domain_name = (isset($_SERVER['SERVER_NAME'])?$_SERVER['SERVER_NAME']:$_SERVER['SERVER_ADDR']); $c->save_time_zone_defs = true; $c->collections_always_exist = false; $c->allow_get_email_visibility = false; $c->permission_scan_depth = 2; $c->expand_pdo_parameters = true; $c->home_calendar_name = 'home'; $c->enable_row_linking = true; $c->enable_scheduling = false; $c->http_auth_mode = 'Basic'; // $c->default_locale = array('es_MX', 'es_AR', 'es', 'pt'); // An array of locales to try, or just a single locale // $c->local_tzid = 'Pacific/Auckland'; // Perhaps we should read from /etc/timezone - I wonder how standard that is? $c->default_locale = 'en'; $c->locale_path = '../locale'; $c->base_url = preg_replace('#/[^/]+\.php.*$#', '', $_SERVER['SCRIPT_NAME']); $c->base_directory = preg_replace('#/[^/]*$#', '', $_SERVER['DOCUMENT_ROOT']); $c->default_privileges = array('read-free-busy', 'schedule-deliver'); $c->stylesheets = array( $c->base_url.'/davical.css' ); $c->images = $c->base_url . '/images'; // Add a default for newly created users $c->template_usr = array( 'active' => true, 'locale' => 'en_GB', 'date_format_type' => 'E', 'email_ok' => date('Y-m-d') ); $c->hide_TODO = true; // VTODO only visible to collection owner $c->readonly_webdav_collections = true; // WebDAV access is readonly // Kind of private configuration values $c->total_query_time = 0; $c->dbg = array(); // Utilities if ( ! @include_once('AWLUtilities.php') ) { $try_paths = array( '../../awl/inc' , '/usr/share/awl/inc' , '/usr/local/share/awl/inc' ); foreach( $try_paths AS $awl_include_path ) { if ( @file_exists($awl_include_path.'/AWLUtilities.php') ) { set_include_path( $awl_include_path. PATH_SEPARATOR. get_include_path()); break; } } if ( ! @include_once('AWLUtilities.php') ) { echo "Could not find the AWL libraries. Are they installed? Check your include_path in php.ini!\n"; exit; } } // Ensure that ../inc is in our included paths as early as possible set_include_path( '../inc'. PATH_SEPARATOR. get_include_path()); /** We actually discovered this and worked around it earlier, but we can't log it until the utilties are loaded */ if ( !isset($_SERVER['SERVER_NAME']) ) { @dbg_error_log( 'WARN', "Your webserver is not setting the SERVER_NAME parameter. You may need to set \$c->domain_name in your configuration. Using IP address meanhwhile..." ); } /** * Calculate the simplest form of reference to this page, excluding the PATH_INFO following the script name. */ $c->protocol_server_port = sprintf( '%s://%s%s', (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on'? 'https' : 'http'), $_SERVER['SERVER_NAME'], ( ( (!isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] != 'on') && $_SERVER['SERVER_PORT'] == 80 ) || (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on' && $_SERVER['SERVER_PORT'] == 443 ) ? '' : ':'.$_SERVER['SERVER_PORT'] ) ); $c->protocol_server_port_script = $c->protocol_server_port . ($_SERVER['SCRIPT_NAME'] == '/index.php' ? '' : $_SERVER['SCRIPT_NAME']); /** * We use @file_exists because things like open_basedir might noisily deny * access which could break DAViCal completely by causing output to start * too early. */ ob_start( ); if ( @file_exists('/etc/davical/'.$_SERVER['SERVER_NAME'].'-conf.php') ) { include('/etc/davical/'.$_SERVER['SERVER_NAME'].'-conf.php'); } else if ( @file_exists('/etc/davical/config.php') ) { include('/etc/davical/config.php'); } else if ( @file_exists('/usr/local/etc/davical/'.$_SERVER['SERVER_NAME'].'-conf.php') ) { include('/usr/local/etc/davical/'.$_SERVER['SERVER_NAME'].'-conf.php'); } else if ( @file_exists('/usr/local/etc/davical/config.php') ) { include('/usr/local/etc/davical/config.php'); } else if ( @file_exists('../config/config.php') ) { include('../config/config.php'); } else if ( @file_exists('config/config.php') ) { include('config/config.php'); } else { include('davical_configuration_missing.php'); exit; } $config_warnings = trim(ob_get_contents()); ob_end_clean(); if ( !isset($c->page_title) ) $c->page_title = $c->system_name; if ( isset($_SERVER['HTTP_X_DAVICAL_TESTCASE']) ) { @dbg_error_log( 'LOG', '==========> Test case =%s=', $_SERVER['HTTP_X_DAVICAL_TESTCASE'] ); } else if ( isset($c->dbg['script_start']) && $c->dbg['script_start'] ) { // Only log this if more than a little debugging of some sort is turned on, somewhere @dbg_error_log( 'LOG', '==========> method =%s= =%s= =%s= =%s= =%s=', $_SERVER['REQUEST_METHOD'], $c->protocol_server_port_script, $_SERVER['PATH_INFO'], $c->base_url, $c->base_directory ); } /** * Now that we have loaded the configuration file we can switch to a * default site locale. This may be overridden by each user. */ putenv("LANG=". $c->default_locale); awl_set_locale($c->default_locale); init_gettext( 'davical', $c->locale_path ); /** * Work out our version * */ $c->code_version = 0; $c->version_string = '0.9.9.2'; // The actual version # is replaced into that during the build /release process if ( isset($c->version_string) && preg_match( '/(\d+)\.(\d+)\.(\d+)(.*)/', $c->version_string, $matches) ) { $c->code_major = $matches[1]; $c->code_minor = $matches[2]; $c->code_patch = $matches[3]; $c->code_version = (($c->code_major * 1000) + $c->code_minor).'.'.$c->code_patch; dbg_error_log('caldav', 'Version (%d.%d.%d) == %s', $c->code_major, $c->code_minor, $c->code_patch, $c->code_version); header( sprintf('Server: %d.%d', $c->code_major, $c->code_minor) ); } /** * Force the domain name to what was in the configuration file */ $_SERVER['SERVER_NAME'] = $c->domain_name; require_once('AwlQuery.php'); $c->want_dbversion = array(1,2,9); $c->schema_version = 0; $qry = new AwlQuery( 'SELECT schema_major, schema_minor, schema_patch FROM awl_db_revision ORDER BY schema_id DESC LIMIT 1;' ); if ( $qry->Exec('always',__LINE__,__FILE__) && $row = $qry->Fetch() ) { $c->schema_version = doubleval( sprintf( '%d%03d.%03d', $row->schema_major, $row->schema_minor, $row->schema_patch) ); $c->wanted_version = doubleval( sprintf( '%d%03d.%03d', $c->want_dbversion[0], $c->want_dbversion[1], $c->want_dbversion[2]) ); $c->schema_major = $row->schema_major; $c->schema_minor = $row->schema_minor; $c->schema_patch = $row->schema_patch; if ( $c->schema_version < $c->wanted_version ) { $c->messages[] = sprintf( 'Database schema needs upgrading. Current: %d.%d.%d, Desired: %d.%d.%d', $row->schema_major, $row->schema_minor, $row->schema_patch, $c->want_dbversion[0], $c->want_dbversion[1], $c->want_dbversion[2]); } if ( isset($_SERVER['HTTP_X_DAVICAL_TESTCASE']) ) $qry->QDo('SET TIMEZONE TO \'Pacific/Auckland\''); } $_known_users_name = array(); $_known_users_id = array(); $_known_users_pid = array(); function _davical_get_principal_query_cached( $where, $parameter ) { global $c, $session, $_known_users_name, $_known_users_id, $_known_users_pid; $sql = 'SELECT *, to_char(updated at time zone \'GMT\',\'Dy, DD Mon IYYY HH24:MI:SS "GMT"\') AS modified, principal.*, '; if ( isset($session->principal_id) ) { $sql .= 'pprivs(:session_principal::int8,principal.principal_id,:scan_depth::int) AS privileges '; $params = array( ':session_principal' => $session->principal_id, ':scan_depth' => $c->permission_scan_depth ); } else { $sql .= '0::BIT(24) AS privileges '; $params = array( ); } $sql .= 'FROM usr LEFT JOIN principal USING(user_no) WHERE '. $where; $params[':param'] = $parameter; $qry = new AwlQuery( $sql, $params ); if ( $qry->Exec('always',__LINE__,__FILE__) && $qry->rows() == 1 && $row = $qry->Fetch() ) { if ( isset($session->principal_id) ) { $_known_users_name[$row->username] = $row; $_known_users_id[$row->user_no] = $row; $_known_users_pid[$row->principal_id] = $row; } return $row; } return false; } /** * Return a user record identified by a username, caching it for any subsequent lookup * @param string $username The username of the record to retrieve * @param boolean $use_cache Whether or not to use the cache (default: yes) */ function getUserByName( $username, $use_cache = true ) { global $_known_users_name; settype($username,"string"); if ( $use_cache && isset( $_known_users_name[$username] ) ) return $_known_users_name[$username]; if (is_numeric($username)) return _davical_get_principal_query_cached( 'username = :param', $username ); else return _davical_get_principal_query_cached( 'lower(username) = lower(:param)', $username ); } /** * Return a user record identified by e-mail address, caching it for any subsequent lookup * @param string $email The email address of the user record to retrieve * @param boolean $use_cache Whether or not to use the cache (default: yes) */ function getUserByEMail( $email, $use_cache = true ) { global $_known_users_name; if ( $use_cache ) { /** We don't actually maintain a cache-access by e-mail, since it's rare */ foreach( $_known_users_name AS $k => $v ) { if ( strtolower($email) == strtolower($v->email) ) return $v; } } return _davical_get_principal_query_cached( 'email = :param', $email ); } /** * Return a user record identified by a user_no, caching it for any subsequent lookup * @param int $user_no The ID of the record to retrieve * @param boolean $use_cache Whether or not to use the cache (default: yes) */ function getUserByID( $user_no, $use_cache = true ) { global $c, $session, $_known_users_id; if ( $use_cache && isset( $_known_users_id[$user_no] ) ) return $_known_users_id[$user_no]; return _davical_get_principal_query_cached( 'user_no = :param', $user_no ); } /** * Return a user record identified by a user_no, caching it for any subsequent lookup * @param int $user_no The ID of the record to retrieve * @param boolean $use_cache Whether or not to use the cache (default: yes) */ function getPrincipalByID( $principal_id, $use_cache = true ) { global $c, $session, $_known_users_pid; if ( $use_cache && isset( $_known_users_pid[$principal_id] ) ) return $_known_users_pid[$principal_id]; return _davical_get_principal_query_cached( 'principal_id = :param', $principal_id ); } /** * Return the HTTP status code description for a given code. Hopefully * this is an efficient way to code this. * @return string The text for a give HTTP status code, in english */ function getStatusMessage($status) { switch( $status ) { case 100: $ans = 'Continue'; break; case 101: $ans = 'Switching Protocols'; break; case 200: $ans = 'OK'; break; case 201: $ans = 'Created'; break; case 202: $ans = 'Accepted'; break; case 203: $ans = 'Non-Authoritative Information'; break; case 204: $ans = 'No Content'; break; case 205: $ans = 'Reset Content'; break; case 206: $ans = 'Partial Content'; break; case 207: $ans = 'Multi-Status'; break; case 300: $ans = 'Multiple Choices'; break; case 301: $ans = 'Moved Permanently'; break; case 302: $ans = 'Found'; break; case 303: $ans = 'See Other'; break; case 304: $ans = 'Not Modified'; break; case 305: $ans = 'Use Proxy'; break; case 307: $ans = 'Temporary Redirect'; break; case 400: $ans = 'Bad Request'; break; case 401: $ans = 'Unauthorized'; break; case 402: $ans = 'Payment Required'; break; case 403: $ans = 'Forbidden'; break; case 404: $ans = 'Not Found'; break; case 405: $ans = 'Method Not Allowed'; break; case 406: $ans = 'Not Acceptable'; break; case 407: $ans = 'Proxy Authentication Required'; break; case 408: $ans = 'Request Timeout'; break; case 409: $ans = 'Conflict'; break; case 410: $ans = 'Gone'; break; case 411: $ans = 'Length Required'; break; case 412: $ans = 'Precondition Failed'; break; case 413: $ans = 'Request Entity Too Large'; break; case 414: $ans = 'Request-URI Too Long'; break; case 415: $ans = 'Unsupported Media Type'; break; case 416: $ans = 'Requested Range Not Satisfiable'; break; case 417: $ans = 'Expectation Failed'; break; case 422: $ans = 'Unprocessable Entity'; break; case 423: $ans = 'Locked'; break; case 424: $ans = 'Failed Dependency'; break; case 500: $ans = 'Internal Server Error'; break; case 501: $ans = 'Not Implemented'; break; case 502: $ans = 'Bad Gateway'; break; case 503: $ans = 'Service Unavailable'; break; case 504: $ans = 'Gateway Timeout'; break; case 505: $ans = 'HTTP Version Not Supported'; break; default: $ans = 'Unknown HTTP Status Code '.$status; } return $ans; } /** * Construct a URL from the supplied dav_name. The URL will be urlencoded, * except for any '/' characters in it. * @param string $partial_path The part of the path after the script name */ function ConstructURL( $partial_path, $force_script = false ) { global $c; $partial_path = rawurlencode($partial_path); $partial_path = str_replace( '%2F', '/', $partial_path); if ( ! isset($c->_url_script_path) ) { $c->_url_script_path = (preg_match('#/$#', $c->protocol_server_port_script) ? 'caldav.php' : ''); $c->_url_script_path = $c->protocol_server_port_script . $c->_url_script_path; } $url = $c->_url_script_path; if ( $force_script ) { if ( ! preg_match( '#/caldav\.php$#', $url ) ) $url .= '/caldav.php'; } $url .= $partial_path; $url = preg_replace( '#^(https?://.+)//#', '$1/', $url ); // Ensure we don't double any '/' $url = preg_replace('#^https?://[^/]+#', '', $url ); // Remove any protocol + hostname portion return $url; } /** * Deconstruct a dav_name from the supplied URL. The dav_name will be urldecoded. * * @param string $partial_path The part of the path after the script name */ function DeconstructURL( $url, $force_script = false ) { global $c; $dav_name = rawurldecode($url); /** Allow a path like .../username/calendar.ics to translate into the calendar URL */ if ( preg_match( '#^(/[^/]+/[^/]+).ics$#', $dav_name, $matches ) ) { $dav_name = $matches[1]. '/'; } /** remove any leading protocol/server/port/prefix... */ if ( !isset($c->deconstruction_base_path) ) $c->deconstruction_base_path = ConstructURL('/'); if ( preg_match( '%^(.*?)'.str_replace('%', '\\%',$c->deconstruction_base_path).'(.*)$%', $dav_name, $matches ) ) { if ( $matches[1] == '' || $matches[1] == $c->protocol_server_port ) { $dav_name = $matches[2]; } } /** strip doubled slashes */ if ( strstr($dav_name,'//') ) $dav_name = preg_replace( '#//+#', '/', $dav_name); if ( substr($dav_name,0,1) != '/' ) $dav_name = '/'.$dav_name; return $dav_name; } /** * Convert a date from ISO format into the sad old HTTP format. * @param string $isodate The date to convert */ function ISODateToHTTPDate( $isodate ) { // Use strtotime since strptime is not available on Windows platform. return( gmstrftime('%a, %d %b %Y %T GMT', strtotime($isodate)) ); } /** * Convert a date into ISO format into the sparkly new ISO format. * @param string $indate The date to convert */ function DateToISODate( $indate ) { // Use strtotime since strptime is not available on Windows platform. return( date('c', strtotime($indate)) ); } /** * Given a privilege string, or an array of privilege strings, return a bit mask * of the privileges. * @param mixed $raw_privs The string (or array of strings) of privilege names * @return integer A bit mask of the privileges. */ define("DAVICAL_MAXPRIV", "65535"); define("DAVICAL_ADDRESSBOOK_MAXPRIV", "1023"); function privilege_to_bits( $raw_privs ) { $out_priv = 0; if ( gettype($raw_privs) == 'string' ) $raw_privs = array( $raw_privs ); if ( ! is_array($raw_privs) ) $raw_privs = array($raw_privs); foreach( $raw_privs AS $priv ) { $trim_priv = trim(strtolower(preg_replace( '/^.*:/', '', $priv))); switch( $trim_priv ) { case 'read' : $out_priv |= 1; break; case 'write-properties' : $out_priv |= 2; break; case 'write-content' : $out_priv |= 4; break; case 'unlock' : $out_priv |= 8; break; case 'read-acl' : $out_priv |= 16; break; case 'read-current-user-privilege-set' : $out_priv |= 32; break; case 'bind' : $out_priv |= 64; break; case 'unbind' : $out_priv |= 128; break; case 'write-acl' : $out_priv |= 256; break; case 'read-free-busy' : $out_priv |= 512; break; case 'schedule-deliver-invite' : $out_priv |= 1024; break; case 'schedule-deliver-reply' : $out_priv |= 2048; break; case 'schedule-query-freebusy' : $out_priv |= 4096; break; case 'schedule-send-invite' : $out_priv |= 8192; break; case 'schedule-send-reply' : $out_priv |= 16384; break; case 'schedule-send-freebusy' : $out_priv |= 32768; break; /** Aggregates of Privileges */ case 'write' : $out_priv |= 198; break; // 2 + 4 + 64 + 128 case 'schedule-deliver' : $out_priv |= 7168; break; // 1024 + 2048 + 4096 case 'schedule-send' : $out_priv |= 57344; break; // 8192 + 16384 + 32768 case 'all' : $out_priv = DAVICAL_MAXPRIV; break; default: dbg_error_log( 'ERROR', 'Cannot convert privilege of "%s" into bits.', $priv ); } } // 'all' will include future privileges if ( ($out_priv & DAVICAL_MAXPRIV) >= DAVICAL_MAXPRIV ) $out_priv = pow(2,24) - 1; return $out_priv; } /** * Given a bit mask of the privileges, will return an array of the * text values of privileges. * @param integer $raw_bits A bit mask of the privileges. * @return mixed The string (or array of strings) of privilege names */ function bits_to_privilege( $raw_bits, $resourcetype = 'resource' ) { $out_priv = array(); if ( is_string($raw_bits) ) { $raw_bits = bindec($raw_bits); } if ( ($raw_bits & DAVICAL_MAXPRIV) == DAVICAL_MAXPRIV ) $out_priv[] = 'all'; if ( ($raw_bits & 1) != 0 ) $out_priv[] = 'DAV::read'; if ( ($raw_bits & 8) != 0 ) $out_priv[] = 'DAV::unlock'; if ( ($raw_bits & 16) != 0 ) $out_priv[] = 'DAV::read-acl'; if ( ($raw_bits & 32) != 0 ) $out_priv[] = 'DAV::read-current-user-privilege-set'; if ( ($raw_bits & 256) != 0 ) $out_priv[] = 'DAV::write-acl'; if ( ($resourcetype == 'calendar' || $resourcetype == 'proxy') && ($raw_bits & 512) != 0 ) $out_priv[] = 'urn:ietf:params:xml:ns:caldav:read-free-busy'; if ( ($raw_bits & 198) != 0 ) { if ( ($raw_bits & 198) == 198 ) $out_priv[] = 'DAV::write'; if ( ($raw_bits & 2) != 0 ) $out_priv[] = 'DAV::write-properties'; if ( ($raw_bits & 4) != 0 ) $out_priv[] = 'DAV::write-content'; if ( ($raw_bits & 64) != 0 ) $out_priv[] = 'DAV::bind'; if ( ($raw_bits & 128) != 0 ) $out_priv[] = 'DAV::unbind'; } if ( $resourcetype == 'schedule-inbox' && ($raw_bits & 7168) != 0 ) { if ( ($raw_bits & 7168) == 7168 ) $out_priv[] = 'urn:ietf:params:xml:ns:caldav:schedule-deliver'; if ( ($raw_bits & 1024) != 0 ) $out_priv[] = 'urn:ietf:params:xml:ns:caldav:schedule-deliver-invite'; if ( ($raw_bits & 2048) != 0 ) $out_priv[] = 'urn:ietf:params:xml:ns:caldav:schedule-deliver-reply'; if ( ($raw_bits & 4096) != 0 ) $out_priv[] = 'urn:ietf:params:xml:ns:caldav:schedule-query-freebusy'; } if ( $resourcetype == 'schedule-outbox' && ($raw_bits & 57344) != 0 ) { if ( ($raw_bits & 57344) == 57344 ) $out_priv[] = 'urn:ietf:params:xml:ns:caldav:schedule-send'; if ( ($raw_bits & 8192) != 0 ) $out_priv[] = 'urn:ietf:params:xml:ns:caldav:schedule-send-invite'; if ( ($raw_bits & 16384) != 0 ) $out_priv[] = 'urn:ietf:params:xml:ns:caldav:schedule-send-reply'; if ( ($raw_bits & 32768) != 0 ) $out_priv[] = 'urn:ietf:params:xml:ns:caldav:schedule-send-freebusy'; } // dbg_error_log( 'DAVResource', ' Privilege bit "%s" is "%s".', $raw_bits, implode(', ', $out_priv) ); return $out_priv; } /** * Returns the array of privilege names converted into XMLElements */ function privileges_to_XML( $privilege_names, &$xmldoc=null ) { if ( !isset($xmldoc) && isset($GLOBALS['reply']) ) $xmldoc = $GLOBALS['reply']; $privileges = array(); foreach( $privilege_names AS $k ) { $privilege = new XMLElement('privilege'); if ( isset($xmldoc) ) $xmldoc->NSElement($privilege,$k); else $privilege->NewElement($k); $privileges[] = $privilege; } return $privileges; }