app/controllers/ical.php


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82

<?php
/*
 * ical.php - iCalendar export controller
 *
 * Copyright (C) 2011 - Peter Thienel <thienel@data-quest.de>, Elmar Ludwig
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License as
 * published by the Free Software Foundation; either version 2 of
 * the License, or (at your option) any later version.
 */
class iCalController extends StudipController
{

    function before_filter(&$action, &$args) {
        // allow only "word" characters in arguments
        $this->validate_args($args);
    }

    /**
     * Handles the download the calendar data as iCalendar for the
     * user identified by $key.
     *
     *
     * @global Seminar_User $user
     * @global Seminar_Perm $perm
     * @param string $key
     * @param string $type type of export
     */
    function index_action($key = '')
    {
        if (mb_strlen($key)) {
            $user_id = IcalExport::getUserIdByKey($key);
        } else {
            $username = $_SERVER['PHP_AUTH_USER'];
            $password = $_SERVER['PHP_AUTH_PW'];
            if (isset($username) && isset($password)) {
                $result = StudipAuthAbstract::CheckAuthentication($username, $password);
            }
            if (isset($result) && $result['uid'] !== false) {
                $user_id = $result['uid'];
            } else {
               $this->response->add_header('WWW-Authenticate', 'Basic realm="Stud.IP Login"');
               $this->set_status(401);
               $this->render_text('authentication failed');
               return;
            }
        }

        if ($user_id) {
            $GLOBALS['user'] = new Seminar_User($user_id);
            $GLOBALS['perm'] = new Seminar_Perm();

            $extype = 'ALL_EVENTS';
            $export = new CalendarExport(new CalendarWriterICalendar());
            $export->exportFromDatabase($user_id, strtotime('-4 week'), 2114377200, 'ALL_EVENTS');

            if ($GLOBALS['_calendar_error']->getMaxStatus(ErrorHandler::ERROR_CRITICAL)) {
                $this->set_status(500);
                $this->render_nothing();
                return;
            }
            $content = join($export->getExport());
            if (mb_stripos($_SERVER['HTTP_USER_AGENT'], 'google-calendar') !== false) {
                $content = str_replace(['CLASS:PRIVATE','CLASS:CONFIDENTIAL'], 'CLASS:PUBLIC', $content);
            }
            $this->response->add_header('Content-Type', 'text/calendar;charset=utf-8');
            $this->response->add_header('Content-Disposition', 'attachment; filename="studip.ics"');
            $this->response->add_header('Content-Transfer-Encoding', 'binary');
            $this->response->add_header('Pragma', 'public');
            $this->response->add_header('Cache-Control', 'private');
            $this->response->add_header('Content-Length', strlen($content));
            $this->render_text($content);
        } else {
            // delayed response to prevent brute force attacks ???

            $this->set_status(400);
            $this->render_nothing();
        }
    }

}