$all_day = get_form_var('all_day', 'string'); // bool, actually $type = get_form_var('type', 'string'); $rooms = get_form_var('rooms', 'array'); $returl = get_form_var('returl', 'string'); $rep_id = get_form_var('rep_id', 'int'); $edit_type = get_form_var('edit_type', 'string'); $id = get_form_var('id', 'int'); $rep_end_day = get_form_var('rep_end_day', 'int'); $rep_end_month = get_form_var('rep_end_month', 'int'); $rep_end_year = get_form_var('rep_end_year', 'int'); $rep_id = get_form_var('rep_id', 'int'); $rep_day = get_form_var('rep_day', 'array'); // array of bools $rep_num_weeks = get_form_var('rep_num_weeks', 'int'); $private = get_form_var('private', 'string'); // bool, actually // Truncate the name field to the maximum length as a precaution. // Although the MAXLENGTH attribute is used in the <input> tag, this can // sometimes be ignored by the browser, for example by Firefox when // autocompletion is used. The user could also edit the HTML and remove // the MAXLENGTH attribute. Passing an oversize string to some // databases (eg some versions of PostgreSQL) results in an SQL error, // rather than silent truncation of the string. $name = substr($name, 0, ENTRY_NAME_LENGTH); if (empty($area)) { if (empty($rooms[0])) { $area = get_default_area(); } else { $area = get_area($rooms[0]); }
$From_day = get_form_var('From_day', 'int'); $From_month = get_form_var('From_month', 'int'); $From_year = get_form_var('From_year', 'int'); $To_day = get_form_var('To_day', 'int'); $To_month = get_form_var('To_month', 'int'); $To_year = get_form_var('To_year', 'int'); $creatormatch = get_form_var('creatormatch', 'string'); $areamatch = get_form_var('areamatch', 'string'); $roommatch = get_form_var('roommatch', 'string'); $namematch = get_form_var('namematch', 'string'); $descrmatch = get_form_var('descrmatch', 'string'); $summarize = get_form_var('summarize', 'int'); $typematch = get_form_var('typematch', 'array'); $sortby = get_form_var('sortby', 'string'); $display = get_form_var('display', 'string'); $sumby = get_form_var('sumby', 'string'); # Require authenticated user if private bookings are required if ($private_override == "private") { if (!getAuthorised(1)) { showAccessDenied($day, $month, $year, $area, ""); exit; } } # Need to know user name and if they are an admin $user = getUserName(); $is_admin = isset($user) && authGetUserLevel($user) >= 2; //If we dont know the right date then make it up if (!isset($day) or !isset($month) or !isset($year)) { $day = date("d"); $month = date("m"); $year = date("Y");
// Hash the password for security $value = md5($password0); } else { if ($fieldname == "level") { $value = get_form_var('Field_level', 'int'); if (!isset($value)) { $value = 0; } // Check that we are not trying to upgrade our level. This shouldn't be possible // but someone might have spoofed the input in the edit form if ($value > $level) { Header("Location: edit_users.php"); exit; } } else { $value = get_form_var("Field_{$fieldname}", $field_props[$fieldname]['type']); } } } } // pre-process the field value for SQL if ($field_props[$fieldname]['istext']) { // Truncate the field to the maximum length as a precaution. if (isset($maxlength["users.{$fieldname}"])) { $value = substr($value, 0, $maxlength["users.{$fieldname}"]); } $value = "'" . addslashes($value) . "'"; } else { if ($field_props[$fieldname]['isbool']) { if ($value && $value == true) { $value = "TRUE";
<?php // $Id$ require_once "grab_globals.inc.php"; include "config.inc.php"; include "functions.inc"; include "dbsys.inc"; // Get form variables $day = get_form_var('day', 'int'); $month = get_form_var('month', 'int'); $year = get_form_var('year', 'int'); $area = get_form_var('area', 'int'); $room = get_form_var('room', 'int'); $id = get_form_var('id', 'int'); $series = get_form_var('series', 'int'); // If we dont know the right date then make it up if (!isset($day) or !isset($month) or !isset($year)) { $day = date("d"); $month = date("m"); $year = date("Y"); } if (empty($area)) { $area = get_default_area(); } print_header($day, $month, $year, $area, isset($room) ? $room : ""); if (empty($series)) { $series = 0; } else { $series = 1; } if ($series) {
<?php // $Id$ require_once "grab_globals.inc.php"; include "config.inc.php"; include "{$dbsys}.inc"; include "mrbs_auth.inc"; include "functions.inc"; include "version.inc"; // Get form variables $day = get_form_var('day', 'int'); $month = get_form_var('month', 'int'); $year = get_form_var('year', 'int'); $area = get_form_var('area', 'int'); $room = get_form_var('room', 'int'); // If we dont know the right date then make it up if (!isset($day) or !isset($month) or !isset($year)) { $day = date("d"); $month = date("m"); $year = date("Y"); } if (empty($area)) { $area = get_default_area(); } print_header($day, $month, $year, $area, isset($room) ? $room : ""); echo "<h3>" . get_vocab("about_mrbs") . "</h3>\n"; echo "<table id=\"version_info\">\n"; echo "<tr><td><a href=\"http://mrbs.sourceforge.net\">" . get_vocab("mrbs") . "</a>:</td><td>" . get_mrbs_version() . "</td></tr>\n"; echo "<tr><td>" . get_vocab("database") . ":</td><td>" . sql_version() . "</td></tr>\n"; echo "<tr><td>" . get_vocab("system") . ":</td><td>" . php_uname() . "</td></tr>\n"; echo "<tr><td>" . get_vocab("servertime") . ":</td><td>" . utf8_strftime("%c", time()) . "</td></tr>\n";
include "mrbs_auth.inc"; // Get form variables $day = get_form_var('day', 'int'); $month = get_form_var('month', 'int'); $year = get_form_var('year', 'int'); $area = get_form_var('area', 'int'); $room = get_form_var('room', 'int'); $room_name = get_form_var('room_name', 'string'); $area_name = get_form_var('area_name', 'string'); $description = get_form_var('description', 'string'); $capacity = get_form_var('capacity', 'int'); $room_admin_email = get_form_var('room_admin_email', 'string'); $area_admin_email = get_form_var('area_admin_email', 'string'); $change_done = get_form_var('change_done', 'string'); $change_room = get_form_var('change_room', 'string'); $change_area = get_form_var('change_area', 'string'); // If we dont know the right date then make it up if (!isset($day) or !isset($month) or !isset($year)) { $day = date("d"); $month = date("m"); $year = date("Y"); } if (!getAuthorised(2)) { showAccessDenied($day, $month, $year, $area, ""); exit; } // Done changing area or room information? if (isset($change_done)) { if (!empty($room)) { $area = sql_query1("SELECT area_id from {$tbl_room} where id={$room}"); }
$Id = sql_query1("select max(id) from {$tbl_users};") + 1; /* Use the last index + 1 */ /* Note: If the table is empty, sql_query1 returns -1. So use index 0. */ } $i = 0; foreach ($fields as $fieldname) { if ($fieldname == "id") { $value = $Id; } else { if ($fieldname == "name") { $value = strtolower(get_form_var('Field_name', 'string')); } else { if ($fieldname == "password" && $password0 != "") { $value = md5($password0); } else { $value = get_form_var("Field_{$fieldname}", $field_props[$fieldname]['istext'] ? 'string' : 'int'); } } } if ($i > 0) { $operation = $operation . ", "; } if ($field_props[$fieldname]['istext']) { $operation .= "'" . slashes($value) . "'"; } else { if ($field_props[$fieldname]['isnum'] && $value == "") { $value = "0"; } $operation = $operation . $value; } $i++;
<?php // $Id: day.php 2374 2012-08-12 19:11:43Z cimorrison $ require "defaultincludes.inc"; require_once "mincals.inc"; require_once "functions_table.inc"; // Get non-standard form variables $timetohighlight = get_form_var('timetohighlight', 'int'); $ajax = get_form_var('ajax', 'int'); // Check the user is authorised for this page checkAuthorised(); $inner_html = day_table_innerhtml($day, $month, $year, $room, $area, $timetohighlight); if ($ajax) { echo $inner_html; exit; } // Form the room parameter for use in query strings. We want to preserve room information // if possible when switching between views $room_param = empty($room) ? "" : "&room={$room}"; $timestamp = mktime(12, 0, 0, $month, $day, $year); // print the page header print_header($day, $month, $year, $area, isset($room) ? $room : ""); echo "<div id=\"dwm_header\" class=\"screenonly\">\n"; // Show all available areas echo make_area_select_html('day.php', $area, $year, $month, $day); // Draw the three month calendars if (!$display_calendar_bottom) { minicals($year, $month, $day, $area, $room, 'day'); } echo "</div>\n"; //y? are year, month and day of yesterday
exit; } else { $values = array(); $q_string = $Id >= 0 ? "Action=Edit" : "Action=Add"; foreach ($fields as $field) { $fieldname = $field['name']; $type = get_form_var_type($field); if ($fieldname == 'id') { // id: don't need to do anything except add the id to the query string; // the field itself is auto-incremented $q_string .= "&Id={$Id}"; continue; } // first, get all the other form variables and put them into an array, $values, which // we will use for entering into the database assuming we pass validation $values[$fieldname] = get_form_var(VAR_PREFIX . $fieldname, $type); // Truncate the field to the maximum length as a precaution. if (isset($maxlength["users.{$fieldname}"])) { $values[$fieldname] = substr($values[$fieldname], 0, $maxlength["users.{$fieldname}"]); } // we will also put the data into a query string which we will use for passing // back to this page if we fail validation. This will enable us to reload the // form with the original data so that the user doesn't have to // re-enter it. (Instead of passing the data in a query string we // could pass them as session variables, but at the moment MRBS does // not rely on PHP sessions). switch ($fieldname) { // some of the fields get special treatment case 'name': // name: convert it to lower case $q_string .= "&{$fieldname}=" . urlencode($values[$fieldname]);
echo "</td>\n</tr>\n"; } } // Get non-standard form variables $search_str = get_form_var('search_str', 'string'); $search_pos = get_form_var('search_pos', 'int'); $total = get_form_var('total', 'int'); $advanced = get_form_var('advanced', 'int'); $ajax = get_form_var('ajax', 'int'); // Set if this is an Ajax request $datatable = get_form_var('datatable', 'int'); // Will only be set if we're using DataTables // Get the start day/month/year and make them the current day/month/year $day = get_form_var('from_day', 'int'); $month = get_form_var('from_month', 'int'); $year = get_form_var('from_year', 'int'); // If we haven't been given a sensible date then use today's if (!isset($day) || !isset($month) || !isset($year) || !checkdate($month, $day, $year)) { $day = date("d"); $month = date("m"); $year = date("Y"); } // Check the user is authorised for this page checkAuthorised(); // Also need to know whether they have admin rights $user = getUserName(); $is_admin = isset($user) && authGetUserLevel($user) >= 2; // Set up for Ajax. We need to know whether we're capable of dealing with Ajax // requests, which will only be if (a) the browser is using DataTables and (b) // we can do JSON encoding. We also need to initialise the JSON data array. $ajax_capable = $datatable && function_exists('json_encode');
} echo "</ul></li>\n"; } echo "</ul>\n"; echo "</div>\n"; return FALSE; } // Check the user is authorised for this page checkAuthorised(); print_header($day, $month, $year, $area, $room); $import = get_form_var('import', 'string'); $area_room_order = get_form_var('area_room_order', 'string', 'area_room'); $area_room_delimiter = get_form_var('area_room_delimiter', 'string', $default_area_room_delimiter); $area_room_create = get_form_var('area_room_create', 'string', '0'); $import_default_type = get_form_var('import_default_type', 'string', $default_type); $skip = get_form_var('skip', 'string', empty($skip_default) ? '0' : '1'); // PHASE 2 - Process the files // --------------------------- if (!empty($import)) { if ($_FILES['ics_file']['error'] !== UPLOAD_ERR_OK) { echo "<p>\n"; echo get_vocab("upload_failed"); switch ($_FILES['ics_file']['error']) { case UPLOAD_ERR_INI_SIZE: echo "<br>\n"; echo get_vocab("max_allowed_file_size") . " " . ini_get('upload_max_filesize'); break; case UPLOAD_ERR_NO_FILE: echo "<br>\n"; echo get_vocab("no_file"); break;
<?php // $Id: approve_entry_handler.php 2798 2013-12-13 13:52:20Z cimorrison $ // Handles actions on bookings awaiting approval require "defaultincludes.inc"; require_once "mrbs_sql.inc"; require_once "functions_mail.inc"; // Get non-standard form variables $action = get_form_var('action', 'string'); $id = get_form_var('id', 'int'); $series = get_form_var('series', 'int'); $returl = get_form_var('returl', 'string'); $note = get_form_var('note', 'string'); // Check the user is authorised for this page checkAuthorised(); $user = getUserName(); // Retrieve the booking details $data = mrbsGetBookingInfo($id, $series); $room_id = $data['room_id']; // Initialise $mail_previous so that we can use it as a parameter for notifyAdminOnBooking $mail_previous = array(); $start_times = array(); // Give the return URL a query string if it doesn't already have one if (strpos($returl, '?') === FALSE) { $returl .= "?year={$year}&month={$month}&day={$day}&area={$area}&room={$room}"; } if (isset($action)) { if ($need_to_send_mail) { $is_new_entry = TRUE; // Treat it as a new entry unless told otherwise }
If these are not specified the script will use your normal MRBS database credentials:<br> Database admin username: <input type="text" name="admin_username"><br> Database admin password: <input type="password" name="admin_password"><br> </div> <br> <input type="submit" value="Do it"> </form> <?php } else { # A 2D array listing the columns that need to be converted to UTF-8 $update_columns = array($tbl_area => array('area_name', 'custom_html'), $tbl_room => array('room_name', 'description', 'room_admin_email', 'custom_html'), $tbl_entry => array('create_by', 'name', 'description', 'info_user', 'info_text'), $tbl_repeat => array('create_by', 'name', 'description', 'info_user', 'info_text'), $tbl_users => array('name', 'password', 'email')); $admin_username = get_form_var('admin_username', 'string'); $admin_password = get_form_var('admin_password', 'string'); $change_collation = get_form_var('change_collation', 'int'); if (is_null($change_collation)) { $change_collation = 0; } if (is_null($admin_username) || $admin_username == '') { $admin_username = $db_login; $admin_password = $db_password; } $db_handle = sql_connect($dbsys, $db_host, $admin_username, $admin_password, $db_database); echo ' <p> Starting update, this could take a while... </p> '; if ($encoding != 'utf-8') {
<?php // $Id$ require_once "defaultincludes.inc"; // Get form variables $day = get_form_var('day', 'int'); $month = get_form_var('month', 'int'); $year = get_form_var('year', 'int'); $area = get_form_var('area', 'int'); $room = get_form_var('room', 'int'); $search_str = get_form_var('search_str', 'string'); $search_pos = get_form_var('search_pos', 'int'); $total = get_form_var('total', 'int'); $advanced = get_form_var('advanced', 'int'); $user = getUserName(); $is_admin = isset($user) && authGetUserLevel($user) >= 2; // If we dont know the right date then make it up if (!isset($day) or !isset($month) or !isset($year)) { $day = date("d"); $month = date("m"); $year = date("Y"); } if (empty($area)) { $area = get_default_area(); } // Need all these different versions with different escaping. if (!empty($search_str)) { $search_url = urlencode($search_str); $search_html = htmlspecialchars($search_str); } print_header($day, $month, $year, $area, isset($room) ? $room : "");
include "config.inc.php"; include "functions.inc"; include "{$dbsys}.inc"; include "mrbs_auth.inc"; global $twentyfourhour_format; // Get form variables $day = get_form_var('day', 'int'); $month = get_form_var('month', 'int'); $year = get_form_var('year', 'int'); $hour = get_form_var('hour', 'int'); $minute = get_form_var('minute', 'int'); $area = get_form_var('area', 'int'); $room = get_form_var('room', 'int'); $id = get_form_var('id', 'int'); $copy = get_form_var('copy', 'int'); $edit_type = get_form_var('edit_type', 'string'); // If we dont know the right date then make it up if (!isset($day) or !isset($month) or !isset($year)) { $day = date("d"); $month = date("m"); $year = date("Y"); } if (empty($area)) { $area = get_default_area(); } if (!isset($edit_type)) { $edit_type = ""; } if (!getAuthorised(1)) { showAccessDenied($day, $month, $year, $area); exit;
<?php // $Id$ // An Ajax function to check which of an array of time slots is invalid. (We need to do // this server side because the client does not have sophisticated enough timezone // handling facilities) // // Input parameters: // $id the request id so that the client can match results to requests // $slots an array of slot times in seconds from the start of the calendar day // $day // $month // $year // $tz // // Returns an array of slots which are invalid require "defaultincludes.inc"; // Check the user is authorised for this page checkAuthorised(); // Get the non-standard form vatiables ($day, $month and $year are standard) $id = get_form_var('id', 'string'); $slots = get_form_var('slots', 'array'); $tz = get_form_var('tz', 'string'); $result = array('id' => $id, 'slots' => array()); foreach ($slots as $s) { if (is_invalid_datetime(0, 0, $s, $month, $day, $year, $tz)) { $result['slots'][] = $s; } } echo json_encode($result);
<?php // $Id$ // mrbs/month.php - Month-at-a-time view require_once "grab_globals.inc.php"; include "config.inc.php"; include "functions.inc"; include "{$dbsys}.inc"; include "mrbs_auth.inc"; include "mincals.inc"; // Get form variables $month = get_form_var('month', 'int'); $year = get_form_var('year', 'int'); $area = get_form_var('area', 'int'); $room = get_form_var('room', 'int'); $debug_flag = get_form_var('debug_flag', 'int'); // 3-value compare: Returns result of compare as "< " "= " or "> ". function cmp3($a, $b) { if ($a < $b) { return "< "; } if ($a == $b) { return "= "; } return "> "; } // Default parameters: if (empty($debug_flag)) { $debug_flag = 0; }
<?php // $Id$ require_once "grab_globals.inc.php"; include "config.inc.php"; include "functions.inc"; include "dbsys.inc"; include "mrbs_auth.inc"; // Get form variables $day = get_form_var('day', 'int'); $month = get_form_var('month', 'int'); $year = get_form_var('year', 'int'); $area = get_form_var('area', 'int'); $room = get_form_var('room', 'int'); $area_name = get_form_var('area_name', 'string'); // If we dont know the right date then make it up if (!isset($day) or !isset($month) or !isset($year)) { $day = date("d"); $month = date("m"); $year = date("Y"); } if (empty($area)) { $area = get_default_area(); } if (!getAuthorised(2)) { showAccessDenied($day, $month, $year, $area, ""); exit; } print_header($day, $month, $year, isset($area) ? $area : "", isset($room) ? $room : ""); // If area is set but area name is not known, get the name. if (isset($area)) {
$dur_units = get_form_var('dur_units', 'string'); $all_day = get_form_var('all_day', 'string'); // bool, actually $type = get_form_var('type', 'string'); $rooms = get_form_var('rooms', 'array'); $returl = get_form_var('returl', 'string'); $rep_id = get_form_var('rep_id', 'int'); $edit_type = get_form_var('edit_type', 'string'); $id = get_form_var('id', 'int'); $rep_end_day = get_form_var('rep_end_day', 'int'); $rep_end_month = get_form_var('rep_end_month', 'int'); $rep_end_year = get_form_var('rep_end_year', 'int'); $rep_id = get_form_var('rep_id', 'int'); $rep_day = get_form_var('rep_day', 'array'); // array of bools $rep_num_weeks = get_form_var('rep_num_weeks', 'int'); // If we dont know the right date then make it up if (!isset($day) or !isset($month) or !isset($year)) { $day = date("d"); $month = date("m"); $year = date("Y"); } if (empty($area)) { $area = get_default_area(); } if (!getAuthorised(1)) { showAccessDenied($day, $month, $year, $area); exit; } if (!getWritable($create_by, getUserName())) { showAccessDenied($day, $month, $year, $area);
} // Get non-standard form variables $hour = get_form_var('hour', 'int'); $minute = get_form_var('minute', 'int'); $period = get_form_var('period', 'int'); $id = get_form_var('id', 'int'); $copy = get_form_var('copy', 'int'); $edit_type = get_form_var('edit_type', 'string', ''); $returl = get_form_var('returl', 'string'); // The following variables are used when coming via a JavaScript drag select $drag = get_form_var('drag', 'int'); $start_seconds = get_form_var('start_seconds', 'int'); $end_seconds = get_form_var('end_seconds', 'int'); $selected_rooms = get_form_var('rooms', 'array'); $start_date = get_form_var('start_date', 'string'); $end_date = get_form_var('end_date', 'string'); // Check the user is authorised for this page checkAuthorised(); // Also need to know whether they have admin rights $user = getUserName(); $is_admin = authGetUserLevel($user) >= 2; // You're only allowed to make repeat bookings if you're an admin // or else if $auth['only_admin_can_book_repeat'] is not set $repeats_allowed = $is_admin || empty($auth['only_admin_can_book_repeat']); // Similarly for multi-day $multiday_allowed = $is_admin || empty($auth['only_admin_can_book_multiday']); // Similarly for multiple room selection $multiroom_allowed = $is_admin || empty($auth['only_admin_can_select_multiroom']); if (isset($start_seconds)) { $minutes = intval($start_seconds / 60); if ($enable_periods) {
$result = $sql_mysqli_conn->query($sql); while ($row = $result->fetch_assoc()) { $team = $row['team']; if ($team != 'test') { echo '<h2>' . $team . '</h2>'; $sql2 = "SELECT * FROM users WHERE team ='" . $team . "' ORDER BY name "; $result2 = $sql_mysqli_conn->query($sql2); while ($row2 = $result2->fetch_assoc()) { echo '<a href="temp.php?user='******'code'] . '">' . $row2['name'] . '</a><br />'; } } } $result->free(); $result2->free(); } else { $timetohighlight = get_form_var('timetohighlight', 'int'); $this_user_name = get_area_name($user); echo "<div id=\"dwm\">\n"; echo "<h2>" . htmlspecialchars("{$this_user_name}") . "</h2>\n"; echo "</div>\n"; $i = mktime(12, 0, 0, $month, $day - 7, $year); $yy = date("Y", $i); $ym = date("m", $i); $yd = date("d", $i); $i = mktime(12, 0, 0, $month, $day + 7, $year); $ty = date("Y", $i); $tm = date("m", $i); $td = date("d", $i); // Show Go to week before and after links $before_after_links_html = "\n<div class=\"screenonly\">\n <div class=\"date_nav\">\n <div class=\"date_before\">\n <a href=\"temp.php?year={$yy}&month={$ym}&day={$yd}&user={$user}\">\n << " . get_vocab("weekbefore") . "\n </a>\n </div>\n <div class=\"date_now\">\n <a href=\"temp.php?user={$user}\">\n " . get_vocab("gotothisweek") . "\n </a>\n </div>\n <div class=\"date_after\">\n <a href=\"temp.php?year={$ty}&month={$tm}&day={$td}&user={$user}\">\n " . get_vocab("weekafter") . " >>\n </a>\n </div>\n </div>\n</div>\n"; print $before_after_links_html;
echo "<input type=\"hidden\" name=\"action\" value=\"{$action_type}\">\n"; echo "<input type=\"submit\" value=\"{$submit_value}\">\n"; echo "</fieldset>\n"; echo "</form>\n"; echo "</td>\n"; echo "<tr>\n"; } // Get non-standard form variables // // If $series is TRUE, it means that the $id is the id of an // entry in the repeat table. Otherwise it's from the entry table. $id = get_form_var('id', 'int'); $series = get_form_var('series', 'int'); $action = get_form_var('action', 'string'); $returl = get_form_var('returl', 'string'); $error = get_form_var('error', 'string'); // Check the user is authorised for this page checkAuthorised(); // Also need to know whether they have admin rights $user = getUserName(); $is_admin = authGetUserLevel($user) >= 2; // You're only allowed to make repeat bookings if you're an admin // or else if $auth['only_admin_can_book_repeat'] is not set $repeats_allowed = $is_admin || empty($auth['only_admin_can_book_repeat']); $row = mrbsGetBookingInfo($id, $series); $room = $row['room_id']; $area = $row['area_id']; // Get the area settings for the entry's area. In particular we want // to know how to display private/public bookings in this area. get_area_settings($row['area_id']); // Work out whether the room or area is disabled
<?php // $Id$ require_once "defaultincludes.inc"; // Get form variables $day = get_form_var('day', 'int'); $month = get_form_var('month', 'int'); $year = get_form_var('year', 'int'); $area = get_form_var('area', 'int'); $room = get_form_var('room', 'int'); $area_name = get_form_var('area_name', 'string'); $error = get_form_var('error', 'string'); // the image buttons: need to specify edit_x rather than edit etc. because // IE6 only returns _x and _y $edit_x = get_form_var('edit_x', 'int'); $delete_x = get_form_var('delete_x', 'int'); // If we dont know the right date then make it up if (!isset($day) or !isset($month) or !isset($year)) { $day = date("d"); $month = date("m"); $year = date("Y"); } if (empty($area)) { $area = get_default_area(); } // Check to see whether the Edit or Delete buttons have been pressed and redirect // as appropriate $std_query_string = "area={$area}&day={$day}&month={$month}&year={$year}"; if (isset($edit_x)) { $location = $location = "edit_area_room.php?{$std_query_string}"; header("Location: {$location}");
// (2) email notifications are not sent, even if they are normally configured // to be sent. Sending many thousands of emails in the space of a few // seconds could overwhelm many mail servers, or break the usage policies // on hosted systems. require "defaultincludes.inc"; require_once "mrbs_sql.inc"; // Check the user is authorised for this page checkAuthorised(); // Check that the user has the highest level of admin rights $user = getUserName(); $level = authGetUserLevel($user); if ($level < $max_level) { exit; } // Get non-standard form variables $ids = get_form_var('ids', 'array'); // Check that $ids consists of an array of integers, to guard against SQL injection foreach ($ids as $id) { if (!is_numeric($id) || intval($id) != $id || $id < 0) { exit; } } // Everything looks OK - go ahead and delete the entries // Note on performance. It is much quicker to delete entries using the // WHERE id IN method below than looping through mrbsDelEntry(). Testing // for 100 entries gave 2.5ms for the IN method against 37.6s for the looping // method - ie approx 15 times faster. For 1,000 rows the IN method was 19 // times faster. // // Because we are not using mrbsDelEntry() we have to delete any orphaned // rows in the repeat table ourselves - but this does not take long.
<?php // $Id$ require_once "grab_globals.inc.php"; include "config.inc.php"; include "functions.inc"; include "{$dbsys}.inc"; include "mrbs_auth.inc"; // Get form variables $day = get_form_var('day', 'int'); $month = get_form_var('month', 'int'); $year = get_form_var('year', 'int'); $area = get_form_var('area', 'int'); $room = get_form_var('room', 'int'); $type = get_form_var('type', 'string'); $confirm = get_form_var('confirm', 'string'); // If we dont know the right date then make it up if (!isset($day) or !isset($month) or !isset($year)) { $day = date("d"); $month = date("m"); $year = date("Y"); } if (empty($area)) { $area = get_default_area(); } if (!getAuthorised(2)) { showAccessDenied($day, $month, $year, $area); exit; } // This is gonna blast away something. We want them to be really // really sure that this is what they want to do.
if (!in_array($field['name'], $standard_fields['entry'])) { switch ($field['nature']) { case 'character': $f_type = 'string'; break; case 'integer': $f_type = 'int'; break; // We can only really deal with the types above at the moment // We can only really deal with the types above at the moment default: $f_type = 'string'; break; } $var = VAR_PREFIX . $field['name']; $custom_fields[$field['name']] = get_form_var($var, $f_type); if ($f_type == 'int' && $custom_fields[$field['name']] === '') { $custom_fields[$field['name']] = NULL; } } } // (3) Clean up the form variables // ------------------------------- // Form validation checks. Normally checked for client side. // Don't bother with them if this is an Ajax request. if (!$ajax) { if ($name == '') { invalid_booking(get_vocab('must_set_description')); } if (empty($rooms)) { invalid_booking(get_vocab('no_rooms_selected'));
if (!in_array($key, $report_search_field_order)) { $report_search_field_order[] = $key; } } $field_natures[$key] = $field['nature']; $field_lengths[$key] = $field['length']; } // Get the custom form inputs foreach ($custom_fields as $key => $value) { $var = "match_{$key}"; if ($field_natures[$key] == 'integer' && $field_lengths[$key] > 2) { $var_type = 'int'; } else { $var_type = 'string'; } ${$var} = get_form_var($var, $var_type); } // Set the field order list $field_order_list = array('name', 'area_name', 'room_name', 'start_time', 'end_time', 'description', 'type', 'create_by', 'confirmation_enabled', 'approval_enabled'); foreach ($custom_fields as $key => $value) { $field_order_list[] = $key; } $field_order_list[] = 'last_updated'; // PHASE 2: SQL QUERY. We do the SQL query now to see if there's anything there if ($phase == 2) { // Start and end times are also used to clip the times for summary info. $report_start = mktime(0, 0, 0, $from_month + 0, $from_day + 0, $from_year + 0); $report_end = mktime(0, 0, 0, $to_month + 0, $to_day + 1, $to_year + 0); // Construct the SQL query $sql = "SELECT E.*, " . sql_syntax_timestamp_to_unix("E.timestamp") . " AS last_updated, " . "A.area_name, R.room_name, " . "A.approval_enabled, A.confirmation_enabled, A.enable_periods"; if ($output_format == OUTPUT_ICAL) {
// $Id$ require_once "grab_globals.inc.php"; require_once "config.inc.php"; require_once "functions.inc"; require_once "dbsys.inc"; require_once "mrbs_auth.inc"; require_once "mrbs_sql.inc"; // Get form variables $day = get_form_var('day', 'int'); $month = get_form_var('month', 'int'); $year = get_form_var('year', 'int'); $area = get_form_var('area', 'int'); $id = get_form_var('id', 'int'); $series = get_form_var('series', 'int'); $returl = get_form_var('returl', 'string'); if (empty($returl)) { switch ($default_view) { case "month": $returl = "month.php"; break; case "week": $returl = "week.php"; break; default: $returl = "day.php"; } $returl .= "?year={$year}&month={$month}&day={$day}&area={$area}"; } if (getAuthorised(1) && ($info = mrbsGetEntryInfo($id))) { $day = strftime("%d", $info["start_time"]);
<?php // $Id$ require "defaultincludes.inc"; require_once "mrbs_sql.inc"; // Get non-standard form variables $name = get_form_var('name', 'string'); $description = get_form_var('description', 'string'); $capacity = get_form_var('capacity', 'int'); $type = get_form_var('type', 'string'); // Check the user is authorised for this page checkAuthorised(); // This file is for adding new areas/rooms $error = ''; // First of all check that we've got an area or room name if (!isset($name) || $name === '') { $error = "empty_name"; } elseif ($type == "area") { $area = mrbsAddArea($name, $error); } elseif ($type == "room") { $room = mrbsAddRoom($name, $area, $error, $description, $capacity); } $returl = "admin.php?area={$area}" . (!empty($error) ? "&error={$error}" : ""); header("Location: {$returl}");
exit; } else { $values = array(); $q_string = $Id >= 0 ? "Action=Edit" : "Action=Add"; foreach ($fields as $field) { $fieldname = $field['name']; $type = get_form_var_type($field); if ($fieldname == 'id') { // id: don't need to do anything except add the id to the query string; // the field itself is auto-incremented $q_string .= "&Id={$Id}"; continue; } // first, get all the other form variables and put them into an array, $values, which // we will use for entering into the database assuming we pass validation $values[$fieldname] = get_form_var("Field_{$fieldname}", $type); // Truncate the field to the maximum length as a precaution. if (isset($maxlength["users.{$fieldname}"])) { $values[$fieldname] = substr($values[$fieldname], 0, $maxlength["users.{$fieldname}"]); } // we will also put the data into a query string which we will use for passing // back to this page if we fail validation. This will enable us to reload the // form with the original data so that the user doesn't have to // re-enter it. (Instead of passing the data in a query string we // could pass them as session variables, but at the moment MRBS does // not rely on PHP sessions). switch ($fieldname) { // some of the fields get special treatment case 'name': // name: convert it to lower case $q_string .= "&{$fieldname}=" . urlencode($values[$fieldname]);