function checkIfSetDelete($con)
{
$appointmentID = $_GET['app'];
if (isset($_POST['delete'])) {
deleteAppointment($con, $appointmentID);
}
}
function createAppointment()
{
global $_GET, $_SESSION, $user_admin;
// create the recieved variables
extract($_GET);
// check for valid input
// check if start date is before end date
$v = new validate();
$time_parts = explode(":", $ap_start_time);
$start_time = mktime($time_parts[0], $time_parts[1], 0, $ap_month, $ap_day, $ap_year);
$time_parts = explode(":", $ap_end_time);
$end_time = mktime($time_parts[0], $time_parts[1], 0, $ap_month, $ap_day, $ap_year);
// format variables to correct format for database
isset($ap_entireday) ? $ap_entireday = 1 : ($ap_entireday = 0);
isset($ap_private) ? $ap_private = 1 : ($ap_private = 0);
isset($ap_repet) ? 1 : ($ap_repet = 'N');
isset($ap_repet_forever) ? $ap_repet_forever = 1 : ($ap_repet_forever = 0);
if ($end_time < $start_time && $ap_entireday == 0) {
$errlist[] = "The ending date/time for appointment is before the starting date/time.";
}
if (!$v->isOk($ap_title, "string", 1, 200, "")) {
$errlist[] = "No or erraneous title.";
}
if (!$v->isOk($ap_location, "string", 0, 200, "")) {
$errlist[] = "No or erraneous location.";
}
if (!$v->isOk($ap_homepage, "url", 0, 200, "")) {
$errlist[] = "No or erraneous homepage.";
}
if (!$v->isOk(str_replace($ap_description, '@', ''), "string", 0, 1000000, "")) {
$errlist[] = "No or erraneous description.";
}
if (isset($ap_category) && $v->isOk($ap_category, "num", 0, 9, "")) {
$rslt = db_exec("SELECT * FROM diary_categories WHERE category_id='{$ap_category}'");
if (pg_num_rows($rslt) == 0) {
$errlist[] = "Invalid category chosen: {$value}.";
}
} else {
$errlist[] = "Invalid category chosen: {$value}.";
}
// check if notify period valid
if (!isset($ap_notify)) {
$ap_notify = 3;
} else {
if ($ap_notify < 0 && $ap_notify > 14) {
$errlist[] = "Invalid notification period.";
}
}
// check if may add to this person's diary (if permissions or owner or admin)
if ($_SESSION["USER_NAME"] != $ap_diaryowner) {
// check if has permissions
$sql = "SELECT * FROM diary_privileges\r\n\t\t\tWHERE privilege = 'W' AND priv_owner = '" . USER_NAME . "' AND diary_owner = '{$ap_diaryowner}'";
$rslt = db_exec($sql) or errDie("Error reading diary privileges.");
if (pg_num_rows($rslt) < 1) {
$errlist[] = "You have no permissions to modify {$ap_diaryowner}'s diary.";
}
}
// check to see if dates are valid
if (checkdate($ap_month, $ap_day, $ap_year) == FALSE) {
$errlist[] = "Invalid entry date specified";
}
$rep_date = "{$ap_repet_year}-{$ap_repet_month}-{$ap_repet_day}";
$start_time = date("Y-m-d H:i:s", $start_time);
$end_time = date("Y-m-d H:i:s", $end_time);
// only do the repetition date checks if repetitions is not NONE and FOREVER is false
if ($ap_repet != 'N' && $ap_repet_forever == 0) {
// check to see if repetition date is valid
if (checkdate($ap_repet_month, $ap_repet_day, $ap_repet_year) == FALSE) {
$errlist[] = "Invalid repetition ending date specified";
} else {
if (mktime(0, 0, 0, $ap_repet_month, $ap_repet_day, $ap_repet_year) < mktime(0, 0, 0, $ap_month, $ap_day, $ap_year)) {
$errlist[] = "The date the repetitions should end is before the date it should start.";
}
}
}
// if errors was found, print them and create the appointment creation window, filling in all the values
if (isset($errlist) && is_array($errlist)) {
$OUTPUT = "<p " . TMPL_calAppointmentStyle . ">The following errors was found:<br>";
foreach ($errlist as $key => $err) {
$OUTPUT .= "<li class=err>{$err}</li>";
}
$OUTPUT .= "</p>";
$OUTPUT .= enterAppointment();
return $OUTPUT;
} else {
// create the diary entry
pglib_transaction("BEGIN");
// if this was a modification, delete the old one
deleteAppointment();
$sql = "INSERT INTO diary_entries\r\n\t\t\t\t(username,time_start,time_end,time_entireday,title,location,\r\n\t\t\t\thomepage,description,type,repetitions,rep_date,rep_forever,\r\n\t\t\t\tcategory_id,notify)\r\n\t\t\tVALUES('{$ap_diaryowner}','{$start_time}','{$end_time}','{$ap_entireday}','{$ap_title}','{$ap_location}',\r\n\t\t\t\t'{$ap_homepage}','{$ap_description}','{$ap_private}','{$ap_repet}','{$rep_date}','{$ap_repet_forever}',\r\n\t\t\t\t '{$ap_category}','{$ap_notify}')";
db_exec($sql) or errDie("Error inserting diary entry. Please contact Administrator");
$entry_id = pglib_lastid("diary_entries", "entry_id");
pglib_transaction("COMMIT") or die("Error writing to database. Please contact your nearest integrator.");
// create the required, not required and optional entry details
$arr_required = explode(";", $ap_required);
$arr_notrequired = explode(";", $ap_notrequired);
$arr_optional = explode(";", $ap_optional);
// insert each as a group setting or user setting (groups are departments and start with @)
if (is_array($arr_required)) {
foreach ($arr_required as $arr => $arrval) {
if ($arrval != "") {
if ($arrval[0] == '@') {
db_exec("INSERT INTO diary_entries_details VALUES('{$entry_id}', '', '{$arrval}','R')");
} else {
db_exec("INSERT INTO diary_entries_details VALUES('{$entry_id}', '{$arrval}', '','R')");
}
}
}
}
if (is_array($arr_notrequired)) {
foreach ($arr_notrequired as $arr => $arrval) {
if ($arrval != "") {
if ($arrval[0] == '@') {
db_exec("INSERT INTO diary_entries_details VALUES('{$entry_id}', '', '{$arrval}','N')");
} else {
db_exec("INSERT INTO diary_entries_details VALUES('{$entry_id}', '{$arrval}', '','N')");
}
}
}
}
if (is_array($arr_optional)) {
foreach ($arr_optional as $arr => $arrval) {
if ($arrval != "") {
if ($arrval[0] == '@') {
db_exec("INSERT INTO diary_entries_details VALUES('{$entry_id}', '', '{$arrval}','O')");
} else {
db_exec("INSERT INTO diary_entries_details VALUES('{$entry_id}', '{$arrval}', '','O')");
}
}
}
}
// notify all on the required, not required and optional list
//print "NOTIFY ALL ON REQUIRED, NOT REQUIRED AND OPTIONAL LIST<br>";
// quit
$OUTPUT = "\r\n\t\t<script>\r\n\t\t\t\twindow.opener.parent.mainframe.location.reload();\r\n\t\t\t\twindow.close();\r\n\t\t</script>";
}
return $OUTPUT;
}
$errors = validateAdd($_POST);
if (count($errors) == 0) {
addAppointment($_POST['teacher'], $_POST['parent'], $_POST['time']);
addNotice($_POST['teacher'], $_POST['parent'], $_POST['time']);
echo 'success';
} else {
echo '<div class="error"><ul>';
foreach ($errors as $error) {
echo '<li>' . $error . '</li>';
}
echo '</ul></div>';
}
} elseif (isset($_GET['delete'])) {
$errors = validateDelete($_POST);
if (count($errors) == 0) {
deleteAppointment($_POST['teacher'], $_POST['parent'], $_POST['time']);
deleteNotice($_POST['teacher'], $_POST['parent'], $_POST['time']);
echo 'success';
} else {
echo '<div class="error"><ul>';
foreach ($errors as $error) {
echo '<li>' . $error . '</li>';
}
echo '</ul></div>';
}
}
} else {
$teacher_id = $_GET['teacher'];
$time = $_GET['time'];
$end = $time + $time_increments;
$count_query = 'SELECT COUNT(*) FROM appointments WHERE `teacher`= ' . $teacher_id . ' AND `time` >= ' . $time . ' AND `time` < ' . $end;
