First release to attempt installation on another machine.

TODO

@@ -1,9 +1,8 @@
-Critical
+Desirable
  - accept the free/busy information as a PUT
-
-Important
  - Parse the normal PUT requests so we know when time is available
  - Understand the repeat frequencies so ditto...
 
-Nice
+Important
  - Some form of admin functionality
+ - Ability to group users, and to give read/write permission to groups / individuals

debian/changelog

@@ -1,3 +1,9 @@
+rscds (0.1.1) unstable; urgency=low
+
+  * Time for a real-world-ish release.
+
+ -- Andrew McMillan <debian@mcmillan.net.nz>  Tue, 12 Sep 2006 05:10:32 -0500
+
 rscds (0.1.0) unstable; urgency=low
 
   * Initial Debian packaging

debian/rscds.postinst

@@ -0,0 +1,15 @@
+#!/bin/sh
+
+set -e
+
+[ -n "${DEBUG}" ] && set -o xtrace
+PACKAGE=::package::
+[ -n "${DEBUG}" ] && echo "PostInst Parameters: $@"
+
+
+case $1 in
+  configure)
+    ;;
+esac
+
+#DEBHELPER#

debian/rscds.postrm

@@ -0,0 +1,15 @@
+#!/bin/sh
+
+set -e
+
+[ -n "${DEBUG}" ] && set -o xtrace
+PACKAGE=::package::
+
+[ -n "${DEBUG}" ] && echo "PostRM Parameters: $@"
+
+case $1 in
+  purge)
+    ;;
+esac
+
+#DEBHELPER#

debian/rscds.prerm

@@ -0,0 +1,15 @@
+#!/bin/sh
+
+set -e
+
+[ -n "${DEBUG}" ] && set -o xtrace
+PACKAGE=::package::
+
+[ -n "${DEBUG}" ] && echo "PreRM Parameters: $@"
+
+case $1 in
+  remove)
+    ;;
+esac
+
+#DEBHELPER#

htdocs/caldav.php

@@ -1,5 +1,6 @@
 <?php
 require_once("always.php");
+require_once("BasicAuthSession.php");
 
 $raw_headers = apache_request_headers();
 $raw_post = file_get_contents ( 'php://input');

htdocs/freebusy.php

@@ -0,0 +1,20 @@
+<?php
+require_once("always.php");
+
+$raw_headers = apache_request_headers();
+$raw_post = file_get_contents ( 'php://input');
+
+switch ( $_SERVER['REQUEST_METHOD'] ) {
+  case 'GET':
+    include_once("freebusy-GET.php");
+    break;
+
+  default:
+    dbg_error_log( "freebusy", "Unhandled request method >>%s<<", $_SERVER['REQUEST_METHOD'] );
+    dbg_log_array( "freebusy", 'HEADERS', $raw_headers );
+    dbg_log_array( "freebusy", '_SERVER', $_SERVER, true );
+    dbg_error_log( "freebusy", "RAW: %s", str_replace("\n", "",str_replace("\r", "", $raw_post)) );
+}
+
+
+?>

htdocs/index.php

@@ -0,0 +1,18 @@
+<?php
+require_once("always.php");
+require_once("RSCDSSession.php");
+$session->LoginRequired();
+
+?>
+<html>
+<head>
+<meta/>
+<title>Really Simple CalDAV Store</title>
+</head>
+<body>
+<h1>These are the admin pages...</h1>
+<?php
+  echo "<p>You appear to be logged on as $session->username ($session->fullname)</p>";
+?>
+</body>
+</html>

inc/RSCDSSession.php

@@ -0,0 +1,159 @@
+<?php
+/**
+* Session handling class and associated functions
+*
+* This subpackage provides some functions that are useful around web
+* application session management.
+*
+* The class is intended to be as lightweight as possible while holding
+* all session data in the database:
+*  - Session hash is not predictable.
+*  - No clear text information is held in cookies.
+*  - Passwords are generally salted MD5 hashes, but individual users may
+*    have plain text passwords set by an administrator.
+*  - Temporary passwords are supported.
+*  - Logout is supported
+*  - "Remember me" cookies are supported, and will result in a new
+*    Session for each browser session.
+*
+* @package   rscds
+* @subpackage   RSCDSSession
+* @author    Andrew McMillan <andrew@catalyst.net.nz>
+* @copyright Catalyst .Net Ltd
+* @license   http://gnu.org/copyleft/gpl.html GNU GPL v2
+*/
+
+/**
+* All session data is held in the database.
+*/
+require_once('PgQuery.php');
+
+/**
+* @global resource $session
+* @name $session
+* The session object is global.
+*/
+$session = 1;  // Fake initialisation
+
+// The Session object uses some (optional) configurable SQL to load
+// the records related to the logged-on user...  (the where clause gets added).
+// It's very important that someone not be able to externally control this,
+// so we make it a function rather than a variable.
+/**
+* @todo Make this a defined constant
+*/
+function local_session_sql() {
+  $sql = <<<EOSQL
+SELECT session.*, usr.*
+        FROM session JOIN usr USING(user_no)
+EOSQL;
+  return $sql;
+}
+
+/**
+* We extend the AWL Session class.
+*/
+require_once('Session.php');
+
+Session::_CheckLogout();
+
+/**
+* A class for creating and holding session information.
+*
+* @package   rscds
+*/
+class RSCDSSession extends Session
+{
+
+  /**
+  * Create a new RSCDSSession object.
+  *
+  * We create a Session and extend it with some additional useful RSCDS
+  * related information.
+  *
+  * @param string $sid A session identifier.
+  */
+  function RSCDSSession( $sid="" ) {
+    $this->Session($sid);
+  }
+
+
+
+  /**
+  * Checks whether this user is a banker
+  *
+  * @return boolean Whether or not the logged in user is a banker
+  */
+  function IsAdmin() {
+    return ( $this->logged_in && isset($this->is_admin) && ($this->is_admin == 't') );
+  }
+
+
+  /**
+  * Returns a value for user_no which is within the legal values for this user,
+  * using a POST value or a GET value if available and allowed, otherwise using
+  * this user's value.
+  *
+  * @return int The sanitised value of user_no
+  */
+  function SanitisedUserNo( ) {
+    $user_no = 0;
+    if ( ! $this->logged_in ) return $user_no;
+
+    $user_no = $this->user_no;
+    if ( $this->AllowedTo("Admin") && (isset($_POST['user_no']) || isset($_GET['user_no'])) ) {
+      $user_no = intval(isset($_POST['user_no']) ? $_POST['user_no'] : $_GET['user_no'] );
+    }
+    if ( $user_no == 0 ) $user_no = $this->user_no;
+    return $user_no;
+  }
+
+
+/**
+* Checks that this user is logged in, and presents a login screen if they aren't.
+*
+* The function can optionally confirm whether they are a member of one of a list
+* of groups, and deny access if they are not a member of any of them.
+*
+* @param string $groups The list of groups that the user must be a member of one of to be allowed to proceed.
+* @return boolean Whether or not the user is logged in and is a member of one of the required groups.
+*/
+  function LoginRequired( $groups = "" ) {
+    global $c, $session, $main_menu, $sub_menu, $tab_menu;
+
+    if ( $this->logged_in && $groups == "" ) return;
+    if ( ! $this->logged_in ) {
+      $c->messages[] = "You must log in to use this system.";
+      include_once("page-header.php");
+      if ( function_exists("local_index_not_logged_in") ) {
+        local_index_not_logged_in();
+      }
+      else {
+        echo <<<EOHTML
+<h1>Log On Please</h1>
+<p>For access to the $c->system_name you should log on with
+the username and password that have been issued to you.</p>
+
+<p>If you would like to request access, please e-mail $c->admin_email.</p>
+EOHTML;
+        echo $this->RenderLoginPanel();
+      }
+    }
+    else {
+      $valid_groups = split(",", $groups);
+      foreach( $valid_groups AS $k => $v ) {
+        if ( $this->AllowedTo($v) ) return;
+      }
+      $c->messages[] = "You are not authorised to use this function.";
+      include_once("page-header.php");
+    }
+
+    include("page-footer.php");
+    exit;
+  }
+}
+
+$session = new RSCDSSession();
+$session->_CheckLogin();
+
+?>

inc/always.php

@@ -77,7 +77,5 @@ function dbg_log_array( $component, $name, $arr, $recursive = false ) {
 }
 
 include_once("PgQuery.php");
-include_once("BasicAuthSession.php");
-// include_once("iCalendar.php");
 
 ?>

rscds.webprj

@@ -30,5 +30,9 @@
     <item url="debian/rules" uploadstatus="1" />
     <item url="dba/rscds.sql" />
     <item url="htdocs/freebusy.php" />
+    <item url="htdocs/index.php" />
+    <item url="inc/RSCDSSession.php" />
+    <item url="inc/page-header.php" />
+    <item url="inc/page-footer.php" />
   </project>
 </webproject>