}
// deleteBooking
// Set up inital date
$_SESSION["todaydate"] = date('Ymd');
// Checks if currentweek button has been pressed
// to call setToCurrentWeek function
if (isset($_POST["currentweek"])) {
setToCurrentWeek();
} elseif (isset($_POST["nextweek"])) {
setToNextWeek($_POST["nextweek"]);
} elseif (isset($_POST["prevweek"])) {
setToPreviousWeek($_POST["prevweek"]);
} elseif (isset($_POST["book"])) {
createBooking($_POST["book"], $conn);
} elseif (isset($_POST["undo"])) {
deleteBooking($_POST["undo"], $conn);
} else {
setToCurrentWeek();
}
// else
// Establish the date of each day, store in individual variables
$mondate = $_SESSION["mondate"];
// calculate whole week
$tuedate = findNextDate($mondate);
$weddate = findNextDate($tuedate);
$thudate = findNextDate($weddate);
$fridate = findNextDate($thudate);
?>
<!-- Form used to change to previous or next week
Set values to current mondate, so that next mondate
Can be set as +1 week (or -1 week for previous)-->
$numBlocks = $numBlocks - 1;
}
//change the endtime to appropriate value
$row['endTime'] = date("H:i:s", $endTime);
$end = $row['endTime'];
}
}
//Cancel booking
//This is not the user and the user is not an admin
if ($bookingUserID != $_SESSION["netID"] && $_SESSION["class"] != "Admin") {
http_response_code(406);
//Invalid Entry
} else {
//it is the user's own booking or they are admin
foreach ($bookingIDList as $bid) {
deleteBooking($db, $bid);
}
$admin = false;
if ($_SESSION["class"] == "Admin" && $bookingUserID != $_SESSION["netID"]) {
//cancelled by admin
$admin = true;
$to = $bookingUserID . "@queensu.ca";
} else {
$to = userEmail();
}
cancelRecurring($room, $building, $cancelDates, $start, $end, $reason, $desc, $numP, $db, $to, $admin);
http_response_code(200);
//success
}
//Close the connection
$db = NULL;
cancelBooking($room, $building, $startDate, $start, $end, $reason, $desc, $numP, $db, $to, true);
//determnes which week the booking was booked in
$week = determineWhichWeek($bookingDate);
//return hours to the appropriate week and group
for ($i = 0; $i < count($hrsSourceList); $i++) {
if (strtolower($hrsSourceList[$i]) == "weekly") {
returnWeeklyHoursToUser($db, $week, $bookingUserID, 0.5);
} else {
returnSpecialHoursToUser($db, $bookingUserID, $hrsSourceList[$i], 0.5);
}
}
http_response_code(200);
//success
} else {
//otherwise they are admin or deleting a faculty booking
deleteBooking($db, $bookingID);
//check if admin is deleting a different user's booking
if ($bookingUserID != $_SESSION["netID"]) {
$to = $bookingUserID . "@queensu.ca";
cancelBooking($room, $building, $startDate, $start, $end, $reason, $desc, $numP, $db, $to, true);
} else {
$to = userEmail();
cancelBooking($room, $building, $startDate, $start, $end, $reason, $desc, $numP, $db, $to, false);
}
}
http_response_code(200);
//sucess
}
}
}
//Close the connection
function saveBooking($activityids, $edit_userid = FALSE)
{
include_once "includes/sessionhandler.php";
require "includes/config.php";
$userid = $_SESSION['loginuserid'];
$activity_data = $_SESSION['activitydetails'];
if ($edit_userid) {
$userid = $edit_userid;
}
deleteBooking($userid);
$activitiesfordb = implode("|", $activityids);
if (mysql_query("INSERT INTO `activities_bookings` (`user_id` ,`bookings`) VALUES ('{$userid}', '{$activitiesfordb}');")) {
for ($i = 0; $i < count($activityids); $i++) {
if ($activity_data[$activityids[$i]]) {
//allocate a place (adjust counter)
mysql_query("UPDATE `activities` SET `placestaken` = `placestaken` + 1 WHERE `id` = {$activityids[$i]} LIMIT 1 ;");
}
}
if ($edit_userid) {
$_SESSION['message'] = 2;
} else {
//refresh booking id cache in session
$user_bookings = mysql_query("SELECT * FROM `activities_bookings` WHERE `user_id` = {$userid} LIMIT 1;");
$user_bookings = mysql_fetch_object($user_bookings);
$user_bookings->bookings = explode("|", $user_bookings->bookings);
$_SESSION['userbookings'] = $user_bookings;
$_SESSION['booked_activitys'] = $activityids;
}
} else {
$_SESSION['message'] = 22;
unset($_SESSION['booked_activitys']);
//activities weren't stored so clear cache
}
}
$bookingsql = "Select * FROM {$db_prefix}bookings inner join {$db_prefix}events on evEventID = bkEventID inner join {$db_prefix}players on plPlayerID = bkPlayerID where bkID = " . $bookingid;
} else {
$bookingsql = "Select * FROM {$db_prefix}events cross join {$db_prefix}players where evEventID = " . $eventid . " and plPlayerID = " . $playerid;
}
$result = ba_db_query($link, $bookingsql);
$bookinginfo = ba_db_fetch_assoc($result);
if ($playerid == 0 && ba_db_num_rows($result) == 0) {
$sMsg = "You cannot view this booking";
$sURL = fnSystemURL() . 'admin.php?warn=' . urlencode($sMsg);
header("Location: {$sURL}");
}
$eventinfo = getEventDetails($bookinginfo['evEventID'], 0);
//Delete
if (($_POST['btnDelete'] != '' || $_POST['btnDeleteAndRebook'] != '') && CheckReferrer('admin_booking.php')) {
if ($_POST['txtConfirm'] == 'CONFIRM') {
deleteBooking($bookinginfo['bkID']);
if ($_POST['btnDelete'] != '') {
$sURL = fnSystemURL() . 'admin_manageevent.php?EventID=' . $bookinginfo['bkEventID'];
} else {
$sURL = fnSystemURL() . 'admin_booking.php?PlayerID=' . $bookinginfo['bkPlayerID'] . "&EventID=" . $bookinginfo['bkEventID'];
}
header("Location: {$sURL}");
}
}
//Update
if ($_POST['btnSave'] != '' && CheckReferrer('admin_booking.php')) {
$bookas = htmlentities(stripslashes($_POST['cboBookAs']));
$overriddenvalue = htmlentities(stripslashes($_POST['txtOverriddenExpectedValue']));
$overrideexpected = (int) $_POST['chkOverride'];
$overriddenpaidvalue = htmlentities(stripslashes($_POST['txtOverriddenAmountPaid']));
$overridepaid = (int) $_POST['chkOverridePaid'];
<![endif]-->
</head>
<body>
<!-- Main jumbotron for a primary marketing message or call to action -->
<?php
include "../common/process_DB.php";
if (!isset($_SESSION["User"])) {
printAlert("danger", "You haven't sign in yet!", "index.php");
exit;
}
$result = $_SESSION["User"];
printNavbar($result);
print '</div>';
if (isset($_POST['Delete'])) {
$suc = deleteBooking($_SESSION["Email"], $_POST['HotelName'], $_POST['HotelAddr'], $_POST['RoomType'], $_POST['RoomQuant'], $_POST['StartDate'], $_POST['EndDate']);
if ($suc) {
printAlert("success", "Deleted", "index.php");
} else {
printAlert("failure", "Failed", "index.php");
}
}
$userEmail = $_SESSION["Email"];
$userName = $_SESSION["User"];
?>
<div class="container theme-showcase" role="main">
<div class="jumbotron">
<div class="container"><div class="panel-group" role="tablist">
<div class="panel panel-default">
<div class="panel-heading" role="tab" id="collapseListGroupHeading1">
<label>
// change session variable
$_SESSION["password"] = $password;
}
}
} catch (Exception $e) {
echo "An error occured:<br>";
echo $e->getMessage();
} finally {
echo "<button id='dismiss'>Dismiss</button>";
echo "</form>";
echo "</p>";
}
}
// Checks if a booking has been deleted through POST
if (isset($_POST['deletebooking'])) {
deleteBooking($_POST['deletebooking']);
}
// If new user has been entered
if (isset($_POST['newuser'])) {
createNewUser($_POST['newusername'], $_POST['newuserfullname'], $_POST['newuserpwd']);
}
// If Delete button pressed on one of the users
if (isset($_POST['deleteuser'])) {
deleteUser($_POST['deleteuser']);
}
// If Make Admin has been pressed
if (isset($_POST['makeadmin'])) {
makeAdmin($_POST['makeadmin']);
}
// If allow book vehicles has been pressed
if (isset($_POST['bookvehicles'])) {
getPendingPaperwork($_REQUEST);
break;
case "embedhtmlreport":
embedReport($_REQUEST);
break;
case "loadpane":
showAdminPane($_REQUEST);
break;
case "getactivity":
getActivityByID($_REQUEST['actid']);
break;
case "deleteactivity":
deleteActivity($_REQUEST['actid']);
break;
case "deletebooking":
deleteBooking($_REQUEST['uid']);
break;
case "generateuserlist":
showUserList($_REQUEST);
break;
case "generategrouplist":
showGroupList($_REQUEST);
break;
case "editbooking":
editBooking($_REQUEST['userid']);
break;
case "getpaperwork":
getPaperworkByID($_REQUEST['papid']);
break;
case "deletepaperwork":
deletePaperwork($_REQUEST['papid']);
