function checkIfSetDelete($con)
{
    $appointmentID = $_GET['app'];
    if (isset($_POST['delete'])) {
        deleteAppointment($con, $appointmentID);
    }
}
function createAppointment()
{
    global $_GET, $_SESSION, $user_admin;
    // create the recieved variables
    extract($_GET);
    // check for valid input
    // check if start date is before end date
    $v = new validate();
    $time_parts = explode(":", $ap_start_time);
    $start_time = mktime($time_parts[0], $time_parts[1], 0, $ap_month, $ap_day, $ap_year);
    $time_parts = explode(":", $ap_end_time);
    $end_time = mktime($time_parts[0], $time_parts[1], 0, $ap_month, $ap_day, $ap_year);
    // format variables to correct format for database
    isset($ap_entireday) ? $ap_entireday = 1 : ($ap_entireday = 0);
    isset($ap_private) ? $ap_private = 1 : ($ap_private = 0);
    isset($ap_repet) ? 1 : ($ap_repet = 'N');
    isset($ap_repet_forever) ? $ap_repet_forever = 1 : ($ap_repet_forever = 0);
    if ($end_time < $start_time && $ap_entireday == 0) {
        $errlist[] = "The ending date/time for appointment is before the starting date/time.";
    }
    if (!$v->isOk($ap_title, "string", 1, 200, "")) {
        $errlist[] = "No or erraneous title.";
    }
    if (!$v->isOk($ap_location, "string", 0, 200, "")) {
        $errlist[] = "No or erraneous location.";
    }
    if (!$v->isOk($ap_homepage, "url", 0, 200, "")) {
        $errlist[] = "No or erraneous homepage.";
    }
    if (!$v->isOk(str_replace($ap_description, '@', ''), "string", 0, 1000000, "")) {
        $errlist[] = "No or erraneous description.";
    }
    if (isset($ap_category) && $v->isOk($ap_category, "num", 0, 9, "")) {
        $rslt = db_exec("SELECT * FROM diary_categories WHERE category_id='{$ap_category}'");
        if (pg_num_rows($rslt) == 0) {
            $errlist[] = "Invalid category chosen: {$value}.";
        }
    } else {
        $errlist[] = "Invalid category chosen: {$value}.";
    }
    // check if notify period valid
    if (!isset($ap_notify)) {
        $ap_notify = 3;
    } else {
        if ($ap_notify < 0 && $ap_notify > 14) {
            $errlist[] = "Invalid notification period.";
        }
    }
    // check if may add to this person's diary (if permissions or owner or admin)
    if ($_SESSION["USER_NAME"] != $ap_diaryowner) {
        // check if has permissions
        $sql = "SELECT * FROM diary_privileges\r\n\t\t\tWHERE privilege = 'W' AND priv_owner = '" . USER_NAME . "' AND diary_owner = '{$ap_diaryowner}'";
        $rslt = db_exec($sql) or errDie("Error reading diary privileges.");
        if (pg_num_rows($rslt) < 1) {
            $errlist[] = "You have no permissions to modify {$ap_diaryowner}'s diary.";
        }
    }
    // check to see if dates are valid
    if (checkdate($ap_month, $ap_day, $ap_year) == FALSE) {
        $errlist[] = "Invalid entry date specified";
    }
    $rep_date = "{$ap_repet_year}-{$ap_repet_month}-{$ap_repet_day}";
    $start_time = date("Y-m-d H:i:s", $start_time);
    $end_time = date("Y-m-d H:i:s", $end_time);
    // only do the repetition date checks if repetitions is not NONE and FOREVER is false
    if ($ap_repet != 'N' && $ap_repet_forever == 0) {
        // check to see if repetition date is valid
        if (checkdate($ap_repet_month, $ap_repet_day, $ap_repet_year) == FALSE) {
            $errlist[] = "Invalid repetition ending date specified";
        } else {
            if (mktime(0, 0, 0, $ap_repet_month, $ap_repet_day, $ap_repet_year) < mktime(0, 0, 0, $ap_month, $ap_day, $ap_year)) {
                $errlist[] = "The date the repetitions should end is before the date it should start.";
            }
        }
    }
    // if errors was found, print them and create the appointment creation window, filling in all the values
    if (isset($errlist) && is_array($errlist)) {
        $OUTPUT = "<p " . TMPL_calAppointmentStyle . ">The following errors was found:<br>";
        foreach ($errlist as $key => $err) {
            $OUTPUT .= "<li class=err>{$err}</li>";
        }
        $OUTPUT .= "</p>";
        $OUTPUT .= enterAppointment();
        return $OUTPUT;
    } else {
        // create the diary entry
        pglib_transaction("BEGIN");
        // if this was a modification, delete the old one
        deleteAppointment();
        $sql = "INSERT INTO diary_entries\r\n\t\t\t\t(username,time_start,time_end,time_entireday,title,location,\r\n\t\t\t\thomepage,description,type,repetitions,rep_date,rep_forever,\r\n\t\t\t\tcategory_id,notify)\r\n\t\t\tVALUES('{$ap_diaryowner}','{$start_time}','{$end_time}','{$ap_entireday}','{$ap_title}','{$ap_location}',\r\n\t\t\t\t'{$ap_homepage}','{$ap_description}','{$ap_private}','{$ap_repet}','{$rep_date}','{$ap_repet_forever}',\r\n\t\t\t\t '{$ap_category}','{$ap_notify}')";
        db_exec($sql) or errDie("Error inserting diary entry. Please contact Administrator");
        $entry_id = pglib_lastid("diary_entries", "entry_id");
        pglib_transaction("COMMIT") or die("Error writing to database. Please contact your nearest integrator.");
        // create the required, not required and optional entry details
        $arr_required = explode(";", $ap_required);
        $arr_notrequired = explode(";", $ap_notrequired);
        $arr_optional = explode(";", $ap_optional);
        // insert each as a group setting or user setting (groups are departments and start with @)
        if (is_array($arr_required)) {
            foreach ($arr_required as $arr => $arrval) {
                if ($arrval != "") {
                    if ($arrval[0] == '@') {
                        db_exec("INSERT INTO diary_entries_details VALUES('{$entry_id}', '', '{$arrval}','R')");
                    } else {
                        db_exec("INSERT INTO diary_entries_details VALUES('{$entry_id}', '{$arrval}', '','R')");
                    }
                }
            }
        }
        if (is_array($arr_notrequired)) {
            foreach ($arr_notrequired as $arr => $arrval) {
                if ($arrval != "") {
                    if ($arrval[0] == '@') {
                        db_exec("INSERT INTO diary_entries_details VALUES('{$entry_id}', '', '{$arrval}','N')");
                    } else {
                        db_exec("INSERT INTO diary_entries_details VALUES('{$entry_id}', '{$arrval}', '','N')");
                    }
                }
            }
        }
        if (is_array($arr_optional)) {
            foreach ($arr_optional as $arr => $arrval) {
                if ($arrval != "") {
                    if ($arrval[0] == '@') {
                        db_exec("INSERT INTO diary_entries_details VALUES('{$entry_id}', '', '{$arrval}','O')");
                    } else {
                        db_exec("INSERT INTO diary_entries_details VALUES('{$entry_id}', '{$arrval}', '','O')");
                    }
                }
            }
        }
        // notify all on the required, not required and optional list
        //print "NOTIFY ALL ON REQUIRED, NOT REQUIRED AND OPTIONAL LIST<br>";
        // quit
        $OUTPUT = "\r\n\t\t<script>\r\n\t\t\t\twindow.opener.parent.mainframe.location.reload();\r\n\t\t\t\twindow.close();\r\n\t\t</script>";
    }
    return $OUTPUT;
}
Beispiel #3
0
        $errors = validateAdd($_POST);
        if (count($errors) == 0) {
            addAppointment($_POST['teacher'], $_POST['parent'], $_POST['time']);
            addNotice($_POST['teacher'], $_POST['parent'], $_POST['time']);
            echo 'success';
        } else {
            echo '<div class="error"><ul>';
            foreach ($errors as $error) {
                echo '<li>' . $error . '</li>';
            }
            echo '</ul></div>';
        }
    } elseif (isset($_GET['delete'])) {
        $errors = validateDelete($_POST);
        if (count($errors) == 0) {
            deleteAppointment($_POST['teacher'], $_POST['parent'], $_POST['time']);
            deleteNotice($_POST['teacher'], $_POST['parent'], $_POST['time']);
            echo 'success';
        } else {
            echo '<div class="error"><ul>';
            foreach ($errors as $error) {
                echo '<li>' . $error . '</li>';
            }
            echo '</ul></div>';
        }
    }
} else {
    $teacher_id = $_GET['teacher'];
    $time = $_GET['time'];
    $end = $time + $time_increments;
    $count_query = 'SELECT COUNT(*) FROM appointments WHERE `teacher`= ' . $teacher_id . ' AND `time` >= ' . $time . ' AND `time` < ' . $end;