if (empty($start_hour) && $morningstarts < 10) { $start_hour = "0{$morningstarts}"; } if (empty($start_hour)) { $start_hour = "{$morningstarts}"; } if (empty($start_min)) { $start_min = "00"; } // Remove "Undefined variable" notice if (!isset($rep_num_weeks)) { $rep_num_weeks = ""; } $enable_periods ? toPeriodString($start_min, $duration, $dur_units) : toTimeString($duration, $dur_units); #now that we know all the data to fill the form with we start drawing it if (!getWritable($create_by, getUserName())) { showAccessDenied($day, $month, $year, $area); exit; } print_header($day, $month, $year, $area); ?> <SCRIPT LANGUAGE="JavaScript"> // do a little form verifying function validate_and_submit () { // null strings and spaces only strings not allowed if(/(^$)|(^\s+$)/.test(document.forms["main"].name.value)) { alert ( "<?php echo get_vocab("you_have_not_entered") . '\\n' . get_vocab("brief_description");
/*---------------------------------------------------------------------------*\ | Edit a given entry - 1st phase: Get the user input. | \*---------------------------------------------------------------------------*/ if (isset($Action) && ($Action == "Edit" or $Action == "Add")) { if ($Id >= 0) { $result = sql_query("select * from {$tbl_users} where id={$Id}"); $data = sql_row_keyed($result, 0); sql_free($result); } if ($Id == -1 || !$data) { foreach ($fields as $fieldname) { $data[$fieldname] = ""; } } /* First make sure the user is authorized */ if (!$initial_user_creation && !getWritable($data['name'], $user)) { showAccessDenied(0, 0, 0, "", ""); exit; } print_header(0, 0, 0, 0, ""); if ($initial_user_creation == 1) { print "<h3>" . get_vocab("no_users_initial") . "</h3>\n"; print "<p>" . get_vocab("no_users_create_first_admin") . "</p>\n"; } print "<div id=\"form_container\">"; print "<form id=\"form_edit_users\" method=\"post\" action=\"" . htmlspecialchars(basename($PHP_SELF)) . "\">\n"; ?> <fieldset class="admin"> <legend><?php echo $Action == "Edit" ? get_vocab("edit_user") : get_vocab("add_new_user"); ?>
$hide_title = 1; } } else { if (isset($_GET['del_entry_in_conflict']) && $_GET['del_entry_in_conflict'] == 'yes') { grrDelEntryInConflict($room_id, $starttime, $endtime - 1, $ignore_id, $repeat_id, 0); } $err .= mrbsCheckFree($room_id, $starttime, $endtime - 1, $ignore_id, $repeat_id); } } } if (empty($err) && $error_booking_in_past == 'no' && $error_duree_max_resa_area == 'no' && $error_delais_max_resa_room == 'no' && $error_delais_min_resa_room == 'no' && $error_booking_room_out == 'no' && $error_date_option_reservation == 'no' && $error_chevaussement == 'no' && $error_qui_peut_reserver_pour == 'no' && $error_heure_debut_fin == 'no') { $compt_room = 0; foreach ($_GET['rooms'] as $room_id) { $area = mrbsGetRoomArea($room_id); if (isset($id) && $id != 0) { if (!getWritable($beneficiaire, getUserName(), $id)) { showAccessDenied($back); exit; } } if (authUserAccesArea(getUserName(), $area) == 0) { showAccessDenied($back); exit; } if (isset($id) and $id != 0) { $compt = 0; } else { $compt = 1; } if ($rep_type != 0 && !empty($reps)) { if (UserRoomMaxBooking(getUserName(), $room_id, count($reps) - 1 + $compt + $compt_room) == 0) {
} print "<td>{$right}</td>\n"; /* Fall through to display the name */ } if ($j == 2) { continue; } /* Display the data, if any. */ if ($col_value == "") { $col_value = " "; // IE doesn't print a frame around void data. } print "<td>{$col_value}</td>\n"; } print "<td>\n"; if (getWritable($name, $user)) { print "<form method=\"post\" action=\"" . htmlspecialchars(basename($PHP_SELF)) . "\">\n"; print " <div>\n"; print " <input type=\"hidden\" name=\"Action\" value=\"Edit\">\n"; print " <input type=\"hidden\" name=\"Id\" value=\"{$this_id}\">\n"; print " <input style=\"margin:0\" type=\"submit\" value=\"" . get_vocab("edit") . "\">\n"; print " </div>\n"; print "</form>\n"; } else { print " \n"; } print "</td>\n"; print "</tr>\n"; } print "</tbody>\n"; print "</table>\n";
$repeats_allowed = $is_admin || empty($auth['only_admin_can_book_repeat']); $row = mrbsGetBookingInfo($id, $series); $room = $row['room_id']; $area = $row['area_id']; // Get the area settings for the entry's area. In particular we want // to know how to display private/public bookings in this area. get_area_settings($row['area_id']); // Work out whether the room or area is disabled $room_disabled = $row['room_disabled'] || $row['area_disabled']; // Get the status $status = $row['status']; // Get the creator $create_by = $row['create_by']; // Work out whether this event should be kept private $private = $row['status'] & STATUS_PRIVATE; $writeable = getWritable($row['create_by'], $user, $row['room_id']); $keep_private = is_private_event($private) && !$writeable; // Work out when the last reminder was sent $last_reminded = empty($row['reminded']) ? $row['last_updated'] : $row['reminded']; if ($series == 1) { $repeat_id = $id; // Save the repeat_id // I also need to set $id to the value of a single entry as it is a // single entry from a series that is used by del_entry.php and // edit_entry.php // So I will look for the first entry in the series where the entry is // as per the original series settings $sql = "SELECT id\n FROM {$tbl_entry}\n WHERE repeat_id={$id} AND entry_type=" . ENTRY_RPT_ORIGINAL . "\n ORDER BY start_time\n LIMIT 1"; $id = sql_query1($sql); if ($id < 1) { // if all entries in series have been modified then
fatal_error(FALSE, get_vocab("fatal_db_error")); } } else { // New booking: get the room_id from the form if (!isset($rooms[0])) { // $rooms[0] should always be set, because you can only get here // from edit_entry.php, where it will be set. If it's not set // then something's gone wrong - probably somebody trying to call // edit_entry_handler.php directly from the browser - so get out // of here and go somewhere safe. header("Location: index.php"); exit; } $target_room = $rooms[0]; } if (!getWritable($create_by, $user, $target_room)) { showAccessDenied($day, $month, $year, $area, isset($room) ? $room : ""); exit; } if ($enable_periods) { $resolution = 60; } // Now work out the start and times $starttime = mktime(0, 0, $start_seconds, $start_month, $start_day, $start_year); $endtime = mktime(0, 0, $end_seconds, $end_month, $end_day, $end_year); // If we're using periods then the endtime we've been returned by the form is actually // the beginning of the last period in the booking (it's more intuitive for users this way) // so we need to add on 60 seconds (1 period) if ($enable_periods) { $endtime = $endtime + 60; }
trigger_error(sql_error(), E_USER_WARNING); fatal_error(TRUE, get_vocab("fatal_db_error")); } else { for ($i = 0; $row = sql_row_keyed($res, $i); $i++) { if ($debug_flag) { echo "<br>DEBUG: result {$i}, id " . $row['id'] . ", starts " . $row['start_time'] . ", ends " . $row['end_time'] . "\n"; } if ($debug_flag) { echo "<br>DEBUG: Entry " . $row['id'] . " day {$day_num}\n"; } $d[$day_num]["id"][] = $row['id']; $d[$day_num]["color"][] = $row['type']; $d[$day_num]["is_repeat"][] = !empty($row['repeat_id']); // Handle private events if (is_private_event($row['status'] & STATUS_PRIVATE)) { if (getWritable($row['create_by'], $user, $room)) { $private = FALSE; } else { $private = TRUE; } } else { $private = FALSE; } if ($private & $is_private_field['entry.name']) { $d[$day_num]["status"][] = $row['status'] | STATUS_PRIVATE; // Set the private bit $d[$day_num]["shortdescrip"][] = '[' . get_vocab('unavailable') . ']'; } else { $d[$day_num]["status"][] = $row['status'] & ~STATUS_PRIVATE; // Clear the private bit $d[$day_num]["shortdescrip"][] = htmlspecialchars($row['name']);
// If we have not been provided with a room_id if (empty($room_id)) { $sql = "SELECT id FROM {$tbl_room} WHERE disabled=0 LIMIT 1"; $res = sql_query($sql); $row = sql_row_keyed($res, 0); $room_id = $row['id']; } // Determine the area id of the room in question first $area_id = mrbsGetRoomArea($room_id); // Remove "Undefined variable" notice if (!isset($rep_num_weeks)) { $rep_num_weeks = ""; } $enable_periods ? toPeriodString($start_min, $duration, $dur_units) : toTimeString($duration, $dur_units); //now that we know all the data to fill the form with we start drawing it if (!getWritable($create_by, $user, $room_id)) { showAccessDenied($day, $month, $year, $area, isset($room) ? $room : ""); exit; } print_header($day, $month, $year, $area, isset($room) ? $room : ""); // Get the details of all the enabled rooms $rooms = array(); $sql = "SELECT R.id, R.room_name, R.area_id\n FROM {$tbl_room} R, {$tbl_area} A\n WHERE R.area_id = A.id\n AND R.disabled=0\n AND A.disabled=0\n ORDER BY R.area_id, R.sort_key"; $res = sql_query($sql); if ($res) { for ($i = 0; $row = sql_row_keyed($res, $i); $i++) { $rooms[$row['id']] = $row; } } // Get the details of all the enabled areas $areas = array();
die; } if ($info = mrbsGetEntryInfo($id)) { $day = strftime('%d', $info['start_time']); $month = strftime('%m', $info['start_time']); $year = strftime('%Y', $info['start_time']); $area = mrbsGetRoomArea($info['room_id']); $back = ''; if (isset($_SERVER['HTTP_REFERER'])) { $back = htmlspecialchars($_SERVER['HTTP_REFERER']); } if (authGetUserLevel(getUserName(), -1) < 1) { showAccessDenied($back); exit; } if (!getWritable($info['beneficiaire'], getUserName(), $id)) { showAccessDenied($back); exit; } if (authUserAccesArea(getUserName(), $area) == 0) { showAccessDenied($back); exit; } if (Settings::get('automatic_mail') == 'yes') { $_SESSION['session_message_error'] = send_mail($id, 3, $dformat); } $room_id = grr_sql_query1('SELECT ' . TABLE_PREFIX . '_entry.room_id FROM ' . TABLE_PREFIX . '_entry, ' . TABLE_PREFIX . '_room WHERE ' . TABLE_PREFIX . '_entry.room_id = ' . TABLE_PREFIX . '_room.id AND ' . TABLE_PREFIX . "_entry.id='" . $id . "'"); $date_now = time(); get_planning_area_values($area); if (!verif_booking_date(getUserName(), $id, $room_id, -1, $date_now, $enable_periods) || verif_booking_date(getUserName(), $id, $room_id, -1, $date_now, $enable_periods) && $can_delete_or_create != 'y') { showAccessDenied($back);
echo '<tr>', PHP_EOL, '<td><b>', get_vocab("rep_rep_day"), '</b></td>', PHP_EOL, '<td>', $opt, '</td>', PHP_EOL, '</tr>', PHP_EOL; } else { echo '<tr>', PHP_EOL, '<td><b>', get_vocab("rep_rep_days"), '</b></td>', PHP_EOL, '<td>', $opt, '</td>', PHP_EOL, '</tr>', PHP_EOL; } } } if ($rep_type == 6) { if (Settings::get("jours_cycles_actif") == "Oui" && intval($jour_cycle) > -1) { echo '<tr>', PHP_EOL, '<td><b>', get_vocab("rep_rep_day"), '</b></td>', PHP_EOL, '<td>', get_vocab('jour_cycle'), ' ', $jour_cycle, '</td>', PHP_EOL, '</tr>', PHP_EOL; } } echo '<tr><td><b>' . get_vocab("date") . get_vocab("deux_points") . '</b></td><td>' . $start_date . '</td></tr>'; echo '<tr><td><b>' . get_vocab("duration") . '</b></td><td>' . $duration . ' ' . $dur_units . '</td></tr>'; echo '<tr><td><b>' . get_vocab('rep_end_date') . '</b></td><td>' . $rep_end_date . '</td></tr>'; } if (getWritable($beneficiaire, getUserName(), $id) && verif_booking_date(getUserName(), $id, $room_id, -1, $date_now, $enable_periods) && verif_delais_min_resa_room(getUserName(), $room_id, $row[10]) && !$was_del) { $message_confirmation = str_replace("'", "\\'", get_vocab("confirmdel") . get_vocab("deleteseries")); echo '<tr>', PHP_EOL, '<td colspan="2">', PHP_EOL, '<input class="btn btn-primary" type="button" onclick="location.href=\'edit_entry.php?id=', $id, '&edit_type=series&day=', $day, '&month=', $month, '&year=', $year, '&page=', $page, '\'" value="', get_vocab("editseries"), '"></td>', PHP_EOL, '</tr>', PHP_EOL; echo '<tr>', PHP_EOL, '<td colspan="2">', PHP_EOL, '<a class="btn btn-danger" type="button" href="del_entry.php?id=', $id, '&series=1&day=', $day, '&month=', $month, '&year=', $year, '&page=', $page, '" onclick="return confirm(\'', $message_confirmation, '\');">', get_vocab("deleteseries"), '</a></td>', PHP_EOL, '</tr>', PHP_EOL; } echo '</table>', PHP_EOL, '</fieldset>', PHP_EOL; } if (!isset($area_id)) { $area_id = 1; } if (!isset($room)) { $room = 1; } if (authGetUserLevel(getUserName(), $area_id, "area") > 1 || authGetUserLevel(getUserName(), $room) >= 4) { echo '<br><input class="btn btn-primary" onclick="myFunction(', $id, ')" value="', get_vocab("Generer_pdf"), '" >', PHP_EOL; }
break; case "week": $returl = "week.php"; break; default: $returl = "day.php"; } $returl .= "?year={$year}&month={$month}&day={$day}&area={$area}"; } if (getAuthorised(1) && ($info = mrbsGetBookingInfo($id, FALSE, TRUE))) { $user = getUserName(); // check that the user is allowed to delete this entry if (isset($action) && ($action = "reject")) { $authorised = auth_book_admin($user, $info['room_id']); } else { $authorised = getWritable($info['create_by'], $user, $info['room_id']); } if ($authorised) { $day = strftime("%d", $info["start_time"]); $month = strftime("%m", $info["start_time"]); $year = strftime("%Y", $info["start_time"]); $area = mrbsGetRoomArea($info["room_id"]); $notify_by_email = $mail_settings['admin_on_delete'] || $mail_settings['book_admin_on_provisional']; if ($notify_by_email) { require_once "functions_mail.inc"; // Gather all fields values for use in emails. $mail_previous = getPreviousEntryData($id, $series); } sql_begin(); $result = mrbsDelEntry(getUserName(), $id, $series, 1); sql_commit();
if($info = mrbsGetEntryInfo($id)) { $day = strftime("%d", $info["start_time"]); $month = strftime("%m", $info["start_time"]); $year = strftime("%Y", $info["start_time"]); $area = mrbsGetRoomArea($info["room_id"]); $back = ""; if (isset($_SERVER['HTTP_REFERER'])) $back = grr_htmlSpecialChars($_SERVER['HTTP_REFERER']); if(authGetUserLevel(getUserName(),-1) < 1) { showAccessDenied($day, $month, $year, $area,$back); exit(); } if(!getWritable($info["beneficiaire"], getUserName(),$id)) { showAccessDenied($day, $month, $year, $area,$back); exit; } if(authUserAccesArea(getUserName(), $area)==0) { showAccessDenied($day, $month, $year, $area,$back); exit(); } grr_sql_begin(); if (getSettingValue("automatic_mail") == 'yes') { $_SESSION['session_message_error'] = send_mail($id,3,$dformat); } // On vérifie les dates
/** mrbsDelEntry() * * Delete an entry, or optionally all entrys. * * $user - Who's making the request * $id - The entry to delete * $series - If set, delete the series, except user modified entrys * $all - If set, include user modified entrys in the series delete * * Returns: * 0 - An error occured * non-zero - The entry was deleted */ function mrbsDelEntry($user, $id, $series, $all) { global $tbl_entry, $tbl_repeat; $repeat_id = sql_query1("SELECT repeat_id FROM {$tbl_entry} WHERE id={$id}"); if ($repeat_id < 0) { return 0; } $sql = "SELECT create_by, id, entry_type FROM {$tbl_entry} WHERE "; if ($series) { $sql .= "repeat_id={$repeat_id}"; } else { $sql .= "id={$id}"; } $res = sql_query($sql); $removed = 0; for ($i = 0; $row = sql_row($res, $i); $i++) { if (!getWritable($row[0], $user)) { continue; } if ($series && $row[2] == 2 && !$all) { continue; } if (sql_command("DELETE FROM {$tbl_entry} WHERE id=" . $row[1]) > 0) { $removed++; } } if ($repeat_id > 0 && sql_query1("SELECT count(*) FROM {$tbl_entry} WHERE repeat_id={$repeat_id}") == 0) { sql_command("DELETE FROM {$tbl_repeat} WHERE id={$repeat_id}"); } return $removed > 0; }
/** mrbsDelEntry() * * Delete an entry, or optionally all entrys. * * $user - Who's making the request * $id - The entry to delete * $series - If set, delete the series, except user modified entrys * $all - If set, include user modified entrys in the series delete * * Returns: * 0 - An error occured * non-zero - The entry was deleted */ function mrbsDelEntry($user, $id, $series, $all) { global $correct_diff_time_local_serveur, $enable_periods; $date_now = mktime(); $id_room = grr_sql_query1("select room_id FROM ".TABLE_PREFIX."_entry WHERE id='".$id."'"); $repeat_id = grr_sql_query1("SELECT repeat_id FROM ".TABLE_PREFIX."_entry WHERE id='".$id."'"); if ($repeat_id < 0) return 0; $sql = "SELECT beneficiaire, id, entry_type FROM ".TABLE_PREFIX."_entry WHERE "; if(($series) and ($repeat_id > 0)) $sql .= "repeat_id='".protect_data_sql($repeat_id)."'"; else $sql .= "id='".$id."'"; $res = grr_sql_query($sql); $removed = 0; for ($i = 0; ($row = grr_sql_row($res, $i)); $i++) { if(!getWritable($row[0], $user, $id)) continue; if (!verif_booking_date($user, $row[1], $id_room, "", $date_now, $enable_periods, "")) continue; if($series && $row[2] == 2 && !$all) continue; if (grr_sql_command("DELETE FROM ".TABLE_PREFIX."_entry WHERE id=" . $row[1]) > 0) $removed++; grr_sql_command("DELETE FROM ".TABLE_PREFIX."_entry_moderate WHERE id=" . $row[1]); } if ($repeat_id > 0 && grr_sql_query1("SELECT count(*) FROM ".TABLE_PREFIX."_entry WHERE repeat_id='".protect_data_sql($repeat_id)."'") == 0) grr_sql_command("DELETE FROM ".TABLE_PREFIX."_repeat WHERE id='".$repeat_id."'"); return $removed > 0; }
} $row = sql_row_keyed($res, 0); sql_free($res); $name = htmlspecialchars($row['name']); $description = htmlspecialchars($row['description']); $create_by = htmlspecialchars($row['create_by']); $room_name = htmlspecialchars($row['room_name']); $area_name = htmlspecialchars($row['area_name']); $type = $row['type']; $private = $row['private']; $room_id = $row['room_id']; $updated = time_date_string($row['last_updated']); // need to make DST correct in opposite direction to entry creation // so that user see what he expects to see $duration = $row['duration'] - cross_dst($row['start_time'], $row['end_time']); $writeable = getWritable($create_by, $user); if (is_private_event($private) && !$writeable) { $name = "[" . get_vocab('private') . "]"; $description = $name; $create_by = $name; $keep_private = TRUE; } else { $keep_private = FALSE; } if ($enable_periods) { list($start_period, $start_date) = period_date_string($row['start_time']); } else { $start_date = time_date_string($row['start_time']); } if ($enable_periods) { list(, $end_date) = period_date_string($row['end_time'], -1);