public function remove()
{
$signup = self::load_signup();
if ($signup->event->enddate <= time()) {
Site::Flash("error", "It is not possible to edit this booking");
Redirect("bookings/{$signup->id}");
}
$signup_id = mysql_real_escape_string($signup->id);
$id = mysql_real_escape_string($_GET['id']);
$service = EventService::find("event_services.id = {$id} AND event_services.event_signup_id = {$signup_id}");
if ($service) {
if (!$service->paid or $service->service->cost == 0) {
if ($this->csrf) {
$service->destroy();
Site::Flash("notice", "{$service->service->name} has been removed from your booking");
} else {
Site::Flash("error", "Invalid URL for removing this service");
}
Redirect("bookings/{$signup_id}");
} else {
Site::Flash("error", "You cannot remove services that are already paid for");
Redirect("bookings/{$signup_id}");
}
} else {
Error404();
}
}
protected static function load_event_service($signup_id, $id = null)
{
if (!$id) {
$id = $_GET['id'];
}
$id = mysql_real_escape_string($id);
$signup_id = mysql_real_escape_string($signup_id);
$service = EventService::find("event_services.id = '{$id}' AND event_signups.id = '{$signup_id}'");
if ($service) {
return $service;
} else {
Error404();
}
}
public function user_index()
{
$user_id = mysql_real_escape_string(Site::CurrentUser()->id);
// Code from Cart->create() // First check CRSF
if ($this->post) {
// From the post data, build the cart items
$raw_items = array();
if (isset($_POST['items']['signups'])) {
foreach ($_POST['items']['signups'] as $id => $value) {
$id = mysql_real_escape_string($id);
$signup = EventSignup::find("event_signups.user_id = '{$user_id}' AND event_signups.id = '{$id}'");
if ($signup && !$signup->paid && !$signup->is_soldout()) {
$raw_items[$signup->id]['signup'] = $signup;
}
}
}
if (isset($_POST['items']['services'])) {
$service_count = array();
foreach ($_POST['items']['services'] as $id => $value) {
$id = mysql_real_escape_string($id);
$service = EventService::find("event_signups.user_id = '{$user_id}' AND event_services.id = '{$id}'");
if ($service && !$service->paid && $service->service->available()) {
if (isset($service_count[$service->service->id])) {
$service_count[$service->service->id]++;
} else {
$service_count[$service->service->id] = 1;
}
if ($service->service->available() == -1 || $service_count[$service->service->id] <= $service->service->available()) {
if ($service->event_signup->paid || isset($raw_items[$service->event_signup->id]['signup'])) {
$raw_items[$service->event_signup->id]['services'][] = $service;
}
}
}
}
}
// Sort properly
$items = array();
foreach ($raw_items as $id => $parts) {
if (isset($parts['signup'])) {
$items[] = $parts['signup'];
}
if (isset($parts['services'])) {
$items = array_merge($items, $parts['services']);
}
}
if (count($items) == 0) {
Site::Flash("error", "None of the items you selected could be paid for.");
Redirect("bookings");
}
$hash = Cart::hash_items($items);
$cart = Cart::find("carts.hash = '{$hash}' AND carts.hash IS NOT NULL");
if (!$cart) {
$cart = new Cart();
$cart->user_id = $user_id;
$cart->hash = $hash;
if ($cart->save()) {
foreach ($items as $item) {
$cart->add_item($item);
}
} else {
Site::Flash("error", "Unable to create cart.");
Redirect("bookings");
}
}
Redirect("bookings/pay/{$cart->id}");
} elseif ($this->post) {
global $site;
$site['flash']['error'] = "Invalid form submission";
}
// Fetch all signups in event order and iterate through them
$items = array();
$signups = EventSignup::find_all("event_signups.user_id = '{$user_id}' AND events.enddate >= NOW()", "events.startdate DESC");
foreach ($signups as $signup) {
if (!$signup->paid) {
$items[] = $signup;
} else {
foreach ($signup->event_services() as $service) {
if (!$service->paid) {
$items[] = $signup;
break;
}
}
}
}
$this->assign("items", $items);
// Traditional My Bookings Page
$unpaid = EventSignup::find_all("event_signups.user_id = '{$user_id}' AND event_signups.paid = false", "events.startdate DESC");
$paid = EventSignup::find_all("event_signups.user_id = '{$user_id}' AND event_signups.paid = true AND voucher = false", "events.startdate DESC");
$vouchers = EventSignup::find_all("event_signups.user_id = '{$user_id}' AND event_signups.paid = true AND voucher = true", "events.startdate DESC");
$this->assign("unpaid", $unpaid);
$this->assign("paid", $paid);
$this->assign("vouchers", $vouchers);
$this->title = "My Bookings";
$this->render("event_signup/user_index.tpl");
}
