function db_error_logger($errno, $errstr, $errfile = "", $errline = "", $errorcontext = array()){
	
		$errno = makeStringSafe($errno);
		$errstr = makeStringSafe($errstr);
		$errfile = makeStringSafe($errfile);
		$errline = makeStringSafe($errline);
		
		if($errno < E_STRICT){
	
			doQuery("INSERT INTO ".getDBPrefix()."_error_log set user_id = '".getSessionVariable("user_id")."', error_number = '".$errno."',
				message = '".$errstr."', file = '".$errfile."', line_number = '".$errline."', context = '".serialize($errorcontext)."',
				time = '".getCurrentMySQLDateTime()."'");
				
			$errorrow = mysql_fetch_assoc(doQuery("SELECT error_id FROM ".getDBPrefix()."_error_log ORDER BY error_id DESC LIMIT 1"));
			
			if(getConfigVar('error_output') == ERROR_OUTPUT_DBID || getConfigVar('error_output') == ERROR_OUTPUT_BOTH){
			
				echo "<h4 style=\"color: #FF0000;\">An error occured! If you would like to report this error, please report that your 'ERROR_ID' is '".$errorrow['error_id']."'.</h4>";
			
			}
		
		}
		
		return !(getConfigVar("error_output") == ERROR_OUTPUT_PHP || getConfigVar("error_output") == ERROR_OUTPUT_BOTH);
	
	}
	public function testCreateReservationFromWeekdaytoWeekend(){
	
		$this->setSessionUserAdmin();
		$startDate = '2011-11-18'; # A Friday
		$length = 1;
		$endDate = '2011-11-21'; # The Next Monday
		$actualLength = 3;
		$equipId = 1;
		$userComment = "test user comment";
		$adminComment = "test admin comment";
		$modStatus = RES_STATUS_PENDING;
		
		createReservation(getSessionVariable('user_id'), $equipId, $startDate, $length, $userComment, $adminComment, $modStatus);
		
		$actualReservation = mysql_fetch_assoc(doQuery("select * from ".getConfigVar('db_prefix')."_reservations ORDER BY res_id DESC LIMIT 1"));
		
		$this->assertEquals(getSessionVariable('user_id'), $actualReservation['user_id'], "User IDs not equal");
		$this->assertEquals($equipId, $actualReservation['equip_id'], "Equip IDs not equal");
		$this->assertEquals($startDate, $actualReservation['start_date'], "Start dates not equal");
		$this->assertEquals($actualLength, $actualReservation['length'], "Lengths not equal");
		$this->assertEquals($endDate, $actualReservation['end_date'], "End dates not equal");
		$this->assertEquals($userComment, $actualReservation['user_comment'], "User comments not equal");
		$this->assertEquals($adminComment, $actualReservation['admin_comment'], "Admin comments not equal");
		$this->assertEquals($modStatus, $actualReservation['mod_status'], "Statuses not equal");
	
	}
Ejemplo n.º 3
0
function checkAuthResult()
{
    $code = getVariable('code', FALSE);
    $state = getVariable('state', FALSE);
    $provider = createProvider([], []);
    $oauthUnguessable = getSessionVariable('oauthUnguessable', null);
    if (!$code || !$state || !$oauthUnguessable) {
        return;
    }
    if ($state !== $oauthUnguessable) {
        //Miss-match on what we're tring to validated.
        echo "Mismatch on secret'";
        return;
    }
    try {
        $api = $provider->make('DebugGithub');
        //$client
        /** @var  $api DebugGithub */
        $command = $api->oauthAuthorize(GITHUB_CLIENT_ID, GITHUB_CLIENT_SECRET, $code, "http://" . SERVER_HOSTNAME . "/github/return.php");
        $accessResponse = $command->execute();
        setSessionVariable(GITHUB_ACCESS_RESPONSE_KEY, $accessResponse);
        if ($accessResponse->oauthScopes) {
            echo "You are now authed for the following scopes:<br/>";
            foreach ($accessResponse->oauthScopes as $scope) {
                echo $scope . "<br/>";
            }
        }
    } catch (GithubArtaxServiceException $fae) {
        echo "Exception processing response: " . $fae->getMessage();
    }
}
Ejemplo n.º 4
0
function checkAuthResult()
{
    $code = getVariable('code', FALSE);
    $state = getVariable('state', FALSE);
    $oauthUnguessable = getSessionVariable('oauthUnguessable', null);
    if (!$code || !$state || !$oauthUnguessable) {
        return;
    }
    if ($state != $oauthUnguessable) {
        //Miss-match on what we're tring to validated.
        echo "Miss-match on secret'";
        return;
    }
    try {
        $api = new \AABTest\GithubAPI\GithubAPI();
        $command = $api->accessToken(GITHUB_CLIENT_ID, GITHUB_CLIENT_SECRET, $code, "http://" . SERVER_HOSTNAME . "/github/return.php");
        $response = $command->execute();
        setSessionVariable('githubAccess', $response);
        echo "You are now authed for the following scopes:<br/>";
        foreach ($response->scopes as $scope) {
            echo $scope . "<br/>";
        }
    } catch (\AABTest\GithubAPI\GithubAPIException $fae) {
        echo "Exception processing response: " . $fae->getMessage();
    }
}
Ejemplo n.º 5
0
function checkAuthResult()
{
    $oauthToken = getVariable('oauth_token', FALSE);
    $oauthVerifier = getVariable('oauth_verifier', FALSE);
    /** @var \AABTest\OauthRequestToken $oauthRequest */
    $oauthRequest = getSessionVariable('oauthRequest', null);
    if (!$oauthToken || !$oauthVerifier || !$oauthRequest) {
        return;
    }
    if ($oauthToken != $oauthRequest->oauthToken) {
        //Miss-match on what we're tring to validated.
        return;
    }
    try {
        $oauthConfig = new OauthConfig(FLICKR_KEY, FLICKR_SECRET);
        $oauthService = new \ArtaxApiBuilder\Service\FlickrOauth1($oauthConfig);
        $oauthService->setOauthToken($oauthRequest->oauthToken);
        $oauthService->setTokenSecret($oauthRequest->oauthTokenSecret);
        $api = new \AABTest\FlickrAPI\FlickrAPI(FLICKR_KEY, $oauthService);
        $command = $api->GetOauthAccessToken($oauthVerifier);
        $oauthAccessToken = $command->execute();
        setSessionVariable('oauthAccessToken', $oauthAccessToken);
        echo "Oauth is confirmed - username is:" . $oauthAccessToken->user->username;
    } catch (\AABTest\FlickrAPI\FlickrAPIException $fae) {
        echo "Exception processing response: " . $fae->getResponse()->getBody();
    }
}
         $name = $entries[0]['givenname'][0] . " " . $entries[0]['sn'][0];
         $email = $username . "@" . getConfigVar('ldap_domain');
         newUser($username, $name, "", $email);
     }
 }
 @ldap_close($connect);
 $userresult = getUserByUsername($username);
 $user = mysql_fetch_assoc($userresult);
 sendNewUserNoticeToAdmins($user['user_id']);
 return $userresult;
	public function testGetSessionVariableShouldGetValue()
	{
		$variableName = "varTestSet";
		$expectedValue = "TestValue2";
		
		setSessionVariable($variableName, $expectedValue);
		$actualValue = getSessionVariable($variableName);
		
		$this->assertEquals($expectedValue, $actualValue,
			"getSessionVariable(variable_name, value) got incorrect value.");
			
	}
function addEquipment($name, $type, $serial, $description, $max, $picture, $minuserlevel, $checkoutfrom)
{
    $name = makeStringSafe($name);
    $type = makeStringSafe($type);
    $serial = makeStringSafe($serial);
    $description = makeStringSafe($description);
    $max = makeStringSafe($max);
    $picture = makeStringSafe($picture);
    $minuserlevel = makeStringSafe($minuserlevel);
    $checkoutfrom = makeStringSafe($checkoutfrom);
    doQuery("INSERT INTO " . getDBPrefix() . "_equipment SET name = '" . $name . "', type = '" . $type . "', serial = '" . $serial . "', description = '" . $description . "', max_length = '" . $max . "', picture = '" . $picture . "', min_user_level = '" . $minuserlevel . "', checkoutfrom = '" . $checkoutfrom . "'");
    $equip = mysql_fetch_assoc(doQuery("SELECT equip_id FROM " . getDBPrefix() . "_equipment ORDER BY equip_id DESC LIMIT 1"));
    logAddEquipment(getSessionVariable('user_id'), $equip['equip_id']);
}
Ejemplo n.º 9
0
<?php

if ($pageid == "warnuser") {
    $user = mysql_fetch_assoc(getUserByID($_GET['user_id']));
    echo "\r\n\r\n\t\t<center><h3>Warn " . $user['name'] . "</h3></center>\r\n\r\n\t\t<form action=\"./index.php?pageid=submitwarning\" method=\"POST\">\r\n\t\t<input type=\"hidden\" name=\"user_id\" value=\"" . $_GET['user_id'] . "\">\r\n\t\t\t<table class=\"warning\">\r\n\t\t\t\r\n\t\t\t\t<tr>\r\n\t\t\t\t\r\n\t\t\t\t\t<td colspan=2 class=\"centeredcellbold\">Warn Reason</td>\r\n\t\t\t\t\t\r\n\t\t\t\t</tr>\r\n\t\t\t\t\r\n\t\t\t\t<tr>\r\n\t\t\t\t\r\n\t\t\t\t\t<td colspan=2 class=\"centeredcellbold\"><textarea cols=\"55\" rows=\"7\" name=\"reason\"></textarea></td>\r\n\t\t\t\t\r\n\t\t\t\t</tr>\r\n\t\t\t\t\r\n\t\t\t\t<tr>\r\n\t\t\t\t\r\n\t\t\t\t\t<td class=\"centeredcell\"><select name=\"type\"><option value=\"1\">Active</option><option value=\"2\">Notification</option><option value=\"3\">Inactive</option></select></td>\r\n\t\t\t\t\t<td class=\"centeredcell\"><input type=\"submit\" value=\"Warn\"></textarea></td>\r\n\t\t\t\t\r\n\t\t\t\t</tr>\r\n\t\t\t\r\n\t\t\t</table>\r\n\t\t\r\n\t\t</form>\r\n\r\n\t";
} else {
    if ($pageid == "submitwarning") {
        warnUser($_POST['user_id'], $_POST['reason'], $_POST['type']);
        $user = mysql_fetch_assoc(getUserByID($_POST['user_id']));
        echo "<center><h3>" . $user['name'] . " Warned</h3><a href=\"./index.php?pageid=edituser&user="******"\">View User</a></center>";
    } else {
        if ($pageid == "viewwarnings") {
            if (getSessionVariable('user_level') < getConfigVar("admin_rank") && getSessionVariable('user_id') != $_GET['user_id']) {
                echo "<center><h3><font color=\"#FF0000\">Error: You are not authorized to view other user's warnings.</font></h3></center>";
            } else {
                $warnings = getWarningsForUser($_GET['user_id']);
                $user = mysql_fetch_assoc(getUserByID($_GET['user_id']));
                $options = "";
                while ($row = mysql_fetch_assoc($warnings)) {
                    $options = $options . "<option value=\"" . $row['warn_id'] . "\">" . $row['time'] . " - " . getWarningType($row['type']) . "</option>";
                }
                echo "<center><h3>View Warnings For " . $user['name'] . "</h3>";
                if ($options != "") {
                    echo "<form action=\"index.php\" method=\"GET\">\r\n\t\t\t<input type=\"hidden\" name=\"pageid\" value=\"editwarning\">\r\n\t\t\t<select name=\"warn_id\">" . $options . "</select><input type=\"submit\" value=\"View\"></form></center>";
                } else {
                    echo "<h4>User has no warnings.</h4>";
                }
            }
        } else {
            if ($pageid == "editwarning" || $pageid == "savewarning") {
                $message = "";
Ejemplo n.º 10
0
<?php

require "githubBootstrap.php";
use GithubService\GithubArtaxService\GithubArtaxServiceException;
use Amp\Artax\DnsException;
echo <<<END
<html>
<body>
<h3><a href='/'>Oauth test home</a> </h3>
END;
/** @var  $accessResponse \GithubService\Model\AccessResponse */
$accessResponse = getSessionVariable(GITHUB_ACCESS_RESPONSE_KEY);
if ($accessResponse) {
    if (!$accessResponse instanceof GithubService\Model\AccessResponse) {
        //class was renamed...or something else bad happened.
        setSessionVariable(GITHUB_ACCESS_RESPONSE_KEY, null);
        $accessResponse = null;
    }
}
$shareClasses = [];
if ($accessResponse) {
    $shareClasses['GithubService\\Model\\AccessResponse'] = $accessResponse;
}
$provider = createProvider([], $shareClasses);
//These actions need to be done before the rest of the page.
$action = getVariable('action');
switch ($action) {
    case 'delete':
        unsetSessionVariable(GITHUB_ACCESS_RESPONSE_KEY);
        $accessResponse = null;
        break;
	}else{
		
		$message = "<font color=\"#005500\"><b>Error: A Required Field Was Left Blank</b></font><br><br>";
	
	}

}
else if($pageid == "saveemail"){

	$email = $_POST['email'];
	
	if($email != ""){

		changeUserEmail(getSessionVariable('user_id'), $email);
		
		$user = mysql_fetch_assoc(getUserByID(getSessionVariable('user_id')));
		
		$message = "<font color=\"#005500\"><b>Email Updated!</b></font><br><br>";
	
	}else{
		
		$message = "<font color=\"#FF0000\"><b>Error: Email Field Was Left Blank</b></font><br><br>";
	
	}

}


$pageData = "
	<center><h3>My Account</h3>".$message."</center>
	
Ejemplo n.º 12
0
require "flickrBootstrap.php";
use ArtaxApiBuilder\Service\OauthConfig;
$action = getVariable('action');
if ($action === 'delete') {
    unsetSessionVariable('oauthAccessToken');
    unsetSessionVariable('oauthRequest');
}
echo <<<END

<html>
<body>
<h3><a href='/'>Oauth test home</a> </h3>
END;
/** @var \AABTest\OauthAccessToken $oauthAccessToken */
$oauthAccessToken = getSessionVariable('oauthAccessToken');
if ($oauthAccessToken == null) {
    echo "<p>You are not flickr authorised.</p>";
    createOauthRequest();
} else {
    echo "<p>You are flickr authorised.</p>";
    showFlickrStatus($oauthAccessToken);
    echo "<p><a href='/flickr/index.php?action=delete'>Delete authority</a></p>";
}
echo <<<END

</body>
</html>

END;
function showFlickrStatus(\AABTest\OauthAccessToken $oauthAccessToken)
                }
            }
            $page = $page . "<center><h3>You need to be logged in to view this page.</h3>\n\t\t<font color=\"#FF0000\">" . $errormessage . "</font></center>\n\t\t<form action=\"./confirmReservation.php\" method=\"POST\">\n\t\t\t<input type=\"hidden\" name=\"resid\" value=\"" . $resid . "\"><input type=\"hidden\" name=\"page\" value=\"login\">\n\t\t\t<table class=\"login\">\n\t\t\t\t<tr>\n\t\t\t\t\t<td colspan=2 class=\"header\">User Login</td>\n\t\t\t\t</tr>\n\t\t\t\t<tr>\n\t\t\t\t\t<td class=\"centeredcellbold\">Username</td>\n\t\t\t\t\t<td class=\"centeredcell\"><input type=\"text\" name=\"id\"></td>\n\t\t\t\t</tr>\n\t\t\t\t<tr>\n\t\t\t\t\t<td class=\"centeredcellbold\">Password</td>\n\t\t\t\t\t<td class=\"centeredcell\"><input type=\"password\" name=\"pass\"></td>\n\t\t\t\t</tr>\n\t\t\t\t<tr>\n\t\t\t\t\t<td colspan=2 class=\"centeredcellbold\"><input type=\"submit\" value=\"Login\"></td>\n\t\t\t\t</tr>\n\t\t\t</table>\n\t\t</form>";
        }
    }
}
?>

<html>

<head>

<LINK REL=StyleSheet HREF="./style.css" TYPE="text/css">

<title><?php 
if (issetSessionVariable('user_level') && getSessionVariable('user_level') >= RES_USERLEVEL_ADMIN) {
    echo "Reservation Confirmation Page";
}
?>
</title>

</head>

<body>



<?php 
echo $page;
?>
		$status = "D";
	
	}
	else if($row['mod_status']==RES_STATUS_CHECKED_IN){
	
		$status = "CI";
	
	}
	else if($row['mod_status']==RES_STATUS_CHECKED_OUT){
		$status = "CO";
	}

	$equip = mysql_fetch_assoc(getEquipmentByID($row['equip_id']));
	$user = mysql_fetch_assoc(getUserByID($row['user_id']));
	$editlink = "&nbsp;&nbsp;-&nbsp;&nbsp;";
	if(getSessionVariable('user_level') == getConfigVar("admin_rank")){
		$editlink = "<a href=\"./index.php?pageid=editreservation&resid=".$row['res_id']."\">Edit</a>";
	}
	$browsetable = $browsetable . "<tr><td class=\"centeredcell\"><a href=\"./userinfo.php?user_id=".$user['user_id']."\" target=\"_BLANK\">".$user['name']."</a></td><td class=\"centeredcell\">".$equip['name']."</td><td class=\"centeredcell\">".$row['start_date']."</td><td class=\"centeredcell\">".$status."</td><td class=\"centeredcell\">".$row['end_date']."</td><td class=\"centeredcell\"><a href=\"./index.php?pageid=viewreservation&resid=".$row['res_id']."\">View</a></td><td class=\"centeredcell\">".$editlink."</td></tr>";

}

$browsetable = $browsetable . "</table>";

echo "
<script language=\"JavaScript\" id=\"jscal1x\">
var cal1x = new CalendarPopup(\"testdiv1\");
</script>

<center>
	<h3>Browse Reservations</h3>
<?php
if(issetSessionVariable('user_level')){
	if(getSessionVariable('user_level') >= RES_USERLEVEL_ADMIN){
	
		
	
	}
	else{
		echo "Error: You don't have permissions to access this page!";
		die("");
		
	}
	
}
else{
	echo "Error: You don't have permissions to access this page!";
	die("");
}
if($pageid == "messages"){
	$messages = getAllMessages();
	
	$select = "<select name=\"messageid\">";
	
	while($row = mysql_fetch_assoc($messages)){
	
		$select = $select . "<option value=\"".$row['message_id']."\">".$row['start_date']." to ".$row['end_date']." - Priority ".$row['priority']."</option>";
	
	}
	
	$select = $select . "</select>";
Ejemplo n.º 16
0
        } else {
            if ($pageid == "createmessage") {
                require 'adminfunctions.php';
                $startdate = $_POST['startdate'];
                $enddate = $_POST['enddate'];
                $priority = $_POST['priority'];
                $body = $_POST['body'];
                addMessage(getSessionVariable('user_id'), $startdate, $enddate, $priority, $body);
                echo "<center><h3>New Message Created!</h3></center>";
            } else {
                if ($pageid == "savemessage") {
                    require 'adminfunctions.php';
                    $messageid = $_POST['messageid'];
                    $startdate = $_POST['startdate'];
                    $enddate = $_POST['enddate'];
                    $priority = $_POST['priority'];
                    $body = $_POST['body'];
                    saveMessage($messageid, getSessionVariable('user_id'), $startdate, $enddate, $priority, $body);
                    echo "<center><h3>Message Saved!</h3></center>";
                } else {
                    if ($pageid == "deletemessage") {
                        require 'adminfunctions.php';
                        $messageid = $_POST['messageid'];
                        deleteMessage($messageid);
                        echo "<center><h3>Message Deleted</h3></center>";
                    }
                }
            }
        }
    }
}
function deleteReservation($res_id)
{
    $res_id = makeStringSafe($res_id);
    doQuery("DELETE FROM " . getDBPrefix() . "_reservations WHERE res_id = " . $res_id . "");
    logAdminDeleteReservation(getSessionVariable('user_id'), $res_id);
}
Ejemplo n.º 19
0
Purpose:
This is the first page shown to a logged in user. It displays the current
pickup/drop off schedule along with the users recent reservations.
Known Bugs/Fixes:
None
*/
$messages = "";
$mesResult = getCurrentMessages();
if (mysql_num_rows($mesResult) > 0) {
    $messages = "<h3>System Messages</h3>";
    while ($row = mysql_fetch_assoc($mesResult)) {
        $messages = $messages . "<div class=\"messageoutter\"><div class=\"priority" . $row['priority'] . "message\">" . $row['body'] . "</div></div>";
    }
}
$equipment = "";
$resresult = getReservationsByUserID(getSessionVariable('user_id'), 5);
while ($row = mysql_fetch_assoc($resresult)) {
    $equip = mysql_fetch_assoc(getEquipmentByID($row['equip_id']));
    $status = "unknown";
    if ($row['mod_status'] == RES_STATUS_PENDING) {
        $status = "Pending";
    } else {
        if ($row['mod_status'] == RES_STATUS_CONFIRMED) {
            $status = "Approved";
        } else {
            if ($row['mod_status'] == RES_STATUS_DENIED) {
                $status = "Denied";
            } else {
                if ($row['mod_status'] == RES_STATUS_CHECKED_IN) {
                    $status = "Checked-In";
                } else {
<?php

	if(!issetSessionVariable('user_level') || getSessionVariable('user_level') < RES_USERLEVEL_ADMIN){
	
		die("You don't have permission to access this page!");
	
	}else{
	
		$displayhome = true;
		$equipmessage = "";
	
		if(isset($_POST['myaction']) && $_POST['myaction'] == "new"){
		
			if($_POST['form'] == "equipment"){
				
				$displayhome = false;
				require 'newequip.php';
			
			}
			
		
		}
		else if(isset($_POST['myaction']) && $_POST['myaction'] == "delete"){
		
			if($_POST['form'] == "equipment"){
			
				deleteEquipmentByID($_POST['selector']);
			
			}
			
		
        echo "<center><h3>Make Reservation</h3>" . $message . "\r\n\t\t\r\n\t\t<form action=\"./index.php?pageid=finishmakeres\" method=\"POST\">\r\n\t\t\r\n\t\t\t<input type=\"hidden\" name=\"user_id\" value=\"" . $userid . "\">\r\n\t\t\t<input type=\"hidden\" name=\"equip_id\" value=\"" . $equipid . "\">\r\n\t\t\t<input type=\"hidden\" name=\"startdate\" value=\"" . $startdate . "\">\r\n\t\t\t<input type=\"hidden\" name=\"length\" value=\"" . $length . "\">\r\n\t\t\t<input type=\"hidden\" name=\"usercomment\" value=\"" . $usercomment . "\">\r\n\t\t\t<input type=\"hidden\" name=\"admincomment\" value=\"" . $admincomment . "\">\r\n\t\t\r\n\t\t\tAre you sure you want to make this reservation?<br>\r\n\t\t\t<input type=\"radio\" name=\"confirm\" value=\"yes\">: Yes -- <input type=\"radio\" name=\"confirm\" value=\"no\">: No\r\n\t\t\t<br><input type=\"submit\" value=\"continue\">\r\n\t\t\r\n\t\t</form></center>\r\n\t\t\r\n\t\t";
        $alreadyRes = true;
    } else {
        if (isset($_POST['confirm']) && $_POST['confirm'] == "no") {
            $alreadyRes = true;
            $message = "<font color=\"#005500\"><b>Reservation Aborted.</b></font><br><br>";
        }
    }
    if (!$alreadyRes && $equipid != "" && $startdate != "" && $length != "") {
        createAdminReservation(getSessionVariable('user_id'), $userid, $equipid, $startdate, $length, $usercomment, $admincomment, 1);
        $message = "<font color=\"#005500\"><b>Successfully created new reservation!</b></font><br><br>";
    }
}
$users = "<select name=\"user_id\">";
$userresult = getAllUsersOrderByName();
while ($row = mysql_fetch_assoc($userresult)) {
    $users = $users . "<option value=\"" . $row['user_id'] . "\">" . $row['name'] . "</option>";
}
$equipment = "<select name=\"equip_id\">";
$equipresult = getAllEquipment();
while ($row = mysql_fetch_assoc($equipresult)) {
    if (getSessionVariable('user_level') >= $row['min_user_level']) {
        $equipment = $equipment . "<option value=\"" . $row['equip_id'] . "\">" . $row['name'] . " -- Max: " . $row['max_length'] . " day(s)</option>";
    }
}
$equipment = $equipment . "</select>";
if (!$alreadyRes) {
    echo "\r\n<script language=\"JavaScript\" id=\"jscal1x\">\r\nvar cal1x = new CalendarPopup(\"testdiv1\");\r\n</script>\r\n\r\n\t<center><h3>Make Reservation</h3>" . $message . "</center>\r\n\t\r\n\t<form action=\"./index.php?pageid=finishmakeres\" method=\"POST\">\r\n\t\r\n\t<table class=\"reservation\">\r\n\t\r\n\t\t<tr>\r\n\r\n\t\t\t<td colspan=4 class=\"header\">Reservation Information</td>\r\n\t\t\t\r\n\t\t</tr>\r\n\t\t<tr>\r\n\r\n\t\t\t<td class=\"centeredcellbold\">User</td>\r\n\t\t\t<td colspan=3 class=\"centeredcell\">" . $users . "</td>\r\n\t\t\t\r\n\t\t</tr>\r\n\t\r\n\t\t<tr>\r\n\r\n\t\t\t<td class=\"centeredcellbold\">Equipment</td>\r\n\t\t\t<td colspan=3 class=\"centeredcell\">" . $equipment . "</td>\r\n\t\t\t\r\n\t\t</tr>\r\n\t\r\n\t\t<tr>\r\n\t\t\r\n\t\t\t<td class=\"centeredcellbold\">Date (YYYY-MM-DD)</td>\r\n\t\t\t<td class=\"centeredcell\"><input type=\"text\" name=\"startdate\" id=\"startdate\" onClick=\"cal1x.select(document.forms[0].startdate,'anchor1x','yyyy-MM-dd'); return false;\"><a style=\"visibility:hidden;\" name=\"anchor1x\" id=\"anchor1x\">a</a></td>\r\n\t\t\t<td class=\"centeredcellbold\">Length</th>\r\n\t\t\t<td class=\"centeredcell\"><input type=\"text\" size=5 name=\"length\"></td>\r\n\t\r\n\t\t</tr>\r\n\t\r\n\t\t<!--<tr>\r\n\t\t\t\r\n\t\t\t<td colspan=4 class=\"centeredcellbold\">Pickup Time: \r\n\t\t\t\t<select name=\"pickup\">\r\n\t\t\t\t\t<option value=\"10am-12pm (Monday/Friday)\">10am-12pm (Monday/Friday)</option>\r\n\t\t\t\t\t<option value=\"9am-12pm (Tuesday)\">9am-12pm (Tuesday)</option>\r\n\t\t\t\t\t<option value-\"9-10 (Wednesday/Thursday)\">9-10 (Wednesday/Thursday)</option>\r\n\t\t\t\t\t<option value=\"2pm-4pm (Wednesday)\">2pm-4pm (Wednesday)</option>\r\n\t\t\t\t\t<option value=\"12pm-2pm (Thursday)\">12pm-2pm (Thursday)</option>\r\n\t\t\t\t</select>\r\n\t\t\t</td>\r\n\t\t\t\t\r\n\t\t</tr>-->\r\n\r\n\t\t<tr>\r\n\t\t\r\n\t\t\t<td colspan=1 class=\"centeredcellbold\">User Comment</td>\r\n\t\t\t<td class=\"centeredcell\" colspan=3><textarea rows=5 cols=45 name=\"usercomment\"></textarea></td>\r\n\t\t\r\n\t\t</tr>\r\n\r\n\t\t<tr>\r\n\t\t\r\n\t\t\t<td colspan=1 class=\"centeredcellbold\">Admin Comment</td>\r\n\t\t\t<td class=\"centeredcell\" colspan=3><textarea rows=5 cols=45 name=\"admincomment\"></textarea></td>\r\n\t\t\r\n\t\t</tr>\r\n\t\t\t\r\n\t\t\t<tr>\r\n\t\t\t\r\n\t\t\t\t<td colspan=4 class=\"centeredcellbold\"><input type=\"submit\" value=\"Reserve\"></td>\r\n\t\r\n\t\t\t</tr>\r\n\t\t\t\r\n\t\t</table>\r\n\t\t</form><DIV ID=\"testdiv1\" STYLE=\"position:absolute;visibility:hidden;background-color:white;\"></DIV>";
} else {
    echo "<center><h3>Make Reservation</h3>" . $message . "</center>";
}
					<td class=\"centeredcellbold\">Password</td>
					<td class=\"centeredcell\"><input type=\"password\" name=\"pass\"></td>
				</tr>
				<tr>
					<td colspan=2 class=\"centeredcellbold\"><input type=\"submit\" value=\"Login\"></td>
				</tr>
			</table>
		</form>";

}

?>

<html>

	<head>
	
		<LINK REL=StyleSheet HREF="./style.css" TYPE="text/css">
		
		<title><?php if(issetSessionVariable('user_level') && getSessionVariable('user_level') >= RES_USERLEVEL_ADMIN) echo "Reservation Confirmation Page"; ?></title>
	
	</head>
	
	<body>
	
		<?php echo $page; ?>
	
	</body>

</html>
Ejemplo n.º 23
0
<?php

require "githubBootstrap.php";
use AABTest\GithubAPI\GithubAPI;
use AABTest\Github\AccessResponse;
use ArtaxApiBuilder\Service\StoredLink;
echo <<<END

<html>
<body>
<h3><a href='/'>Oauth test home</a> </h3>
END;
/** @var \AABTest\Github\AccessResponse */
$accessResponse = getSessionVariable('githubAccess');
//These actions need to be done before the rest of the page.
$action = getVariable('action');
switch ($action) {
    case 'delete':
        unsetSessionVariable('githubAccess');
        break;
    case 'revoke':
        revokeAuthority($accessResponse);
        break;
}
try {
    if ($accessResponse == null) {
        echo "<p>You are not github authorised.</p>";
        //        $scopes = [
        //            \ArtaxApiBuilder\Service\Github::SCOPE_USER_EMAIL,
        //            \ArtaxApiBuilder\Service\Github::SCOPE_ORG_READ,
        //            \ArtaxApiBuilder\Service\Github::SCOPE_USER
    $checkin = "";
    $userinfo = "\r\n\t\t<tr>\r\n\t\t\t\r\n\t\t\t<td class=\"centeredcellbold\">Name</th>\r\n\t\t\t<td class=\"centeredcell\">" . $user['name'] . "</td>\r\n\t\t\t<td class=\"centeredcellbold\">Warnings</th>\r\n\t\t\t<td class=\"centeredcell\">" . mysql_num_rows(getActiveWarningsForUser($user['user_id'])) . "(" . mysql_num_rows(getWarningsForUser($user['user_id'])) . ")</td>\r\n\t\t\t\r\n\t\t</tr>";
    $checkinCell = "&nbsp;-&nbsp;";
    if ($reservation['mod_status'] == RES_STATUS_CONFIRMED) {
        $checkinCell = "<input type=\"hidden\" value=\"checkout\" name=\"action\">\r\n\t\t\t\t<input type=\"hidden\" value=\"" . $resid . "\" name=\"resid\">\r\n\t\t\t\t<input type=\"submit\" value=\"Check Out\">";
    } else {
        if ($reservation['mod_status'] == RES_STATUS_CHECKED_OUT) {
            $checkinCell = "<input type=\"hidden\" value=\"checkin\" name=\"action\">\r\n\t\t\t\t<input type=\"hidden\" value=\"" . $resid . "\" name=\"resid\">\r\n\t\t\t\t<input type=\"submit\" value=\"Check In\">";
        }
    }
    /*
     If the logged in user is an admin, display the "check-in button"
    */
    if (issetSessionVariable('user_level') && getSessionVariable('user_level') >= RES_USERLEVEL_ADMIN) {
        $userinfo = "<tr>\r\n\t\t\t\r\n\t\t\t<td class=\"centeredcellbold\">Name</th>\r\n\t\t\t<td class=\"centeredcell\"><a href=\"./index.php?pageid=edituser&user="******"\">" . $user['name'] . "</a></td>\r\n\t\t\t<td class=\"centeredcellbold\">Warnings</th>\r\n\t\t\t<td class=\"centeredcell\"><a href=\"./index.php?pageid=viewwarnings&user_id=" . $user['user_id'] . "\">" . mysql_num_rows(getActiveWarningsForUser($user['user_id'])) . "(" . mysql_num_rows(getWarningsForUser($user['user_id'])) . ")</a></td>\r\n\t\t\t\r\n\t\t</tr>";
        $checkin = "<tr>\r\n\t\t\t\t\t\r\n\t\t\t\t\t<form action=\"./index.php?pageid=viewreservation\" method=\"POST\">\r\n\t\t\t\t\t<td class=\"centeredcellbold\">\r\n\t\t\t\t\t" . $checkinCell . "\r\n\t\t\t\t\t</td>\r\n\t\t\t\t\t</form>\r\n\t\t\t\t\t<form action=\"./index.php?pageid=viewreservation\" method=\"POST\" onSubmit=\"return confirm('Are you sure you want to delete this reservation?')\">\r\n\t\t\t\t\t<td class=\"centeredcellbold\">\r\n\t\t\t\t\t\t<input type=\"hidden\" value=\"delete\" name=\"action\">\r\n\t\t\t\t\t\t<input type=\"hidden\" value=\"" . $resid . "\" name=\"resid\">\r\n\t\t\t\t\t\t<input type=\"submit\" value=\"Delete\">\r\n\t\t\t\t\t</td>\r\n\t\t\t\t\t</form>\r\n\t\t\t\t\t<form action=\"./index.php?pageid=viewreservation\" method=\"POST\">\r\n\t\t\t\t\t<td class=\"centeredcellbold\">\r\n\t\t\t\t\t\t<input type=\"hidden\" value=\"update\" name=\"action\">\r\n\t\t\t\t\t\t<input type=\"hidden\" value=\"" . $resid . "\" name=\"resid\">\r\n\t\t\t\t\t\t<select name=\"status\">\r\n\t\t\t\t\t\t\t<option value=1>Approve</option>\r\n\t\t\t\t\t\t\t<option value=2>Deny</option>\r\n\t\t\t\t\t\t</select>\r\n\t\t\t\t\t</td>\r\n\t\t\t\t\t<td class=\"centeredcellbold\">\r\n\t\t\t\t\t\t<input type=\"hidden\" value=\"update\" name=\"action\">\r\n\t\t\t\t\t\t<input type=\"hidden\" value=\"" . $resid . "\" name=\"resid\">\r\n\t\t\t\t\t\t<input type=\"submit\" value=\"Update\">\r\n\t\t\t\t\t</td>\r\n\t\t\t\t\t</form>\r\n\t\t\t\t\t\r\n\t\t\t\t</tr>";
    } else {
        if (issetSessionVariable('user_level') && getSessionVariable('user_level') == RES_USERLEVEL_LEADER) {
            if ($checkinCell == "&nbsp;-&nbsp;") {
                $checkinCell = "No Available Action (Reservation Pending, Denied, or Checked-in)";
            }
            $checkin = "<tr><form action=\"./index.php?pageid=viewreservation\" method=\"POST\"><td class=\"centeredcellbold\" colspan=4>" . $checkinCell . "</td></form></tr>";
        }
    }
    $page = $page . "\r\n\t<center><h3>Reseravation Info</h3></center>\r\n\t<table class=\"viewreservation\">\r\n\t\t<tr>\r\n\t\t\t\r\n\t\t\t<td colspan=4 class=\"header\">User Information</td>\r\n\t\t\t\r\n\t\t</tr>\r\n\t\t" . $userinfo . "\r\n\t\t<tr>\r\n\t\t\t\r\n\t\t\t<td colspan=4 class=\"header\">Equipment Information</td>\r\n\t\t\t\r\n\t\t</tr>\r\n\t\t<tr>\r\n\t\t\t\r\n\t\t\t<td colspan=2 class=\"centeredcellbold\">Name</th>\r\n\t\t\t<td colspan=2 class=\"centeredcell\"><a href=\"./index.php?pageid=moreinfo&equipid=" . $equipment['equip_id'] . "\">" . $equipment['name'] . "</a></td>\r\n\t\t\t\r\n\t\t</tr>\r\n\t\t<tr>\r\n\t\t\t\r\n\t\t\t<td colspan=4 class=\"header\">Reservation Information</td>\r\n\t\t\r\n\t\t</tr>\r\n\t\t<tr>\r\n\t\t\r\n\t\t\t<td class=\"centeredcellbold\">Start Date</td>\r\n\t\t\t<td class=\"centeredcell\">" . $reservation['start_date'] . "</td>\r\n\t\t\t<td class=\"centeredcellbold\">End Date</td>\r\n\t\t\t<td class=\"centeredcell\">" . $reservation['end_date'] . "</td>\r\n\t\t\t\r\n\t\t</tr>\r\n\t\t<tr>\r\n\t\t\t<td colspan=4 class=\"centeredcellbold\">" . $status . "</td>\r\n\t\t</tr>\r\n\t\t<tr>\r\n\t\t\t\r\n\t\t\t<td colspan=4 class=\"centeredcellbold\">User Comment</td>\r\n\t\t\t\r\n\t\t</tr>\r\n\t\t<tr>\r\n\t\t\t\r\n\t\t\t<td colspan=4 class=\"topaligncell\">&nbsp;" . $reservation['user_comment'] . "</td>\r\n\t\t\t\r\n\t\t</tr>\r\n\t\t<tr>\r\n\t\t\t\r\n\t\t\t<td colspan=4 class=\"centeredcellbold\">Admin Comment</td>\r\n\t\t\t\r\n\t\t</tr>\r\n\t\t<tr>\r\n\t\t\t\r\n\t\t\t<td colspan=4 class=\"topaligncell\">&nbsp;" . $reservation['admin_comment'] . "</td>\r\n\t\t\t\r\n\t\t</tr>\r\n\t\t" . $checkin . "\r\n\t\r\n\t</table>\r\n\r\n";
} else {
    if (isset($_POST['action']) && $_POST['action'] == "delete") {
        $page = $page . "<br><h3>Reservation Deleted</h3>";
    }
}
echo $page;
<?php

if (mysql_num_rows(getActiveWarningsForUser(getSessionVariable('user_id'))) < RES_WARNING_MAX_ACTIVE) {
    if (isset($_GET['equipid'])) {
        $equipid = $_GET['equipid'];
    }
    $message = "";
    if ($pageid == "finishres") {
        $userid = getSessionVariable('user_id');
        $equipid = $_POST['equip_id'];
        $startdate = $_POST['startdate'];
        $length = $_POST['length'];
        $usercomment = $_POST['usercomment'];
        $start_Date = new DateTime('' . $startdate . ' 00:00:00');
        $start_Date->modify("+" . $length . " day");
        //$interval = new DateInterval("P".$length."D");
        //$start_Date->add($interval);
        $enddate = $start_Date->format("Y-m-d");
        $numrows = mysql_num_rows(getReservationsByEquipIDandDate($equipid, $startdate, $enddate));
        if ($numrows > 0) {
            $message = "<font color=\"#FF0000\"><b>Error: There already is a reservation durring your start date and end date.</b><br>Please check <a href=\"./viewsched.php?equipid=" . $equipid . "\" target=\"_blank\">the shedule</a>.</font><br><br>";
        } else {
            if ($numrows == 0 && ($equipid != "" && $startdate != "" && $length != "")) {
                $equipment = mysql_fetch_assoc(getEquipmentByID($equipid));
                if ($equipment['max_length'] < $length) {
                    $message = "<font color=\"#FF0000\"><b>Error: Cannot reserve this equipment for that long.</b></font><br><br>";
                } else {
                    if (isDateRangeBlackedOut($startdate, $enddate)) {
                        $message = "<font color=\"#FF0000\"><b>Error: Date Range Blacked-Out.</b></font><br><br>";
                    } else {
                        if ($equipment['checkoutfrom'] != -1) {
Ejemplo n.º 26
0
if (isset($_GET['pageid'])) {
    $pageid = $_GET['pageid'];
}
if ($pageid == "logout") {
    session_unset();
    $pageid = "login";
}
$navi = "";
$admin = "";
/*
Check to see if there is a user logged in. If so, check their "user_level."
The standard navigation links will always be displayed, if the user is an
admin the admin links will also be displayed.
*/
if (issetSessionVariable('user_level')) {
    $userlevel = getSessionVariable('user_level');
    if ($userlevel == RES_USERLEVEL_NOLOGIN) {
        $navi = $navi . "<tr><td class=\"navi\">\r\n\t\t\t\t<a href=\"./index.php?pageid=logout\" class=\"navi\">Logout</a>\r\n\t\t\t</td></tr>";
    }
    if ($userlevel > RES_USERLEVEL_NOLOGIN) {
        $navi = $navi . "<tr><td class=\"navi\">\r\n\t\t\t\t<a href=\"./index.php?pageid=home\" class=\"navi\">Home</a> - \r\n\t\t\t\t<a href=\"./index.php?pageid=ourequip\" class=\"navi\">Our Equipment</a> - \r\n\t\t\t\t<a href=\"./index.php?pageid=myaccount\" class=\"navi\">My Account</a> - \r\n\t\t\t\t<a href=\"./index.php?pageid=policies\" class=\"navi\">Our Policies</a> - \r\n\t\t\t\t<a href=\"./index.php?pageid=logout\" class=\"navi\">Logout</a>\r\n\t\t\t</td></tr>";
    }
    if ($userlevel == getConfigVar("moderator_rank")) {
        $navi = $navi . "<tr>\r\n\t\t\t<td class=\"adminnaviouter\">\r\n\t\t\t\t<table cellpadding=0 cellspacing=0 border=0 class=\"adminnavi\">\r\n\t\t\t\t\t<tr>\r\n\t\t\t\t\t\t<td class=\"adminnaviinner\">\r\n\t\t\t\t\t\t\t&nbsp;&nbsp<a href=\"./index.php?pageid=browseres\" class=\"navi\">Browse Reservations</a>&nbsp;&nbsp\r\n\t\t\t\t\t\t</td>\r\n\t\t\t\t\t</tr>\r\n\t\t\t\t</table>\r\n\t\t\t</td>";
    }
    if ($userlevel >= getConfigVar("admin_rank")) {
        $navi = $navi . "<tr>\r\n\t\t\r\n\t\t\t<td class=\"adminnaviouter\">\r\n\t\t\t\t<table cellpadding=0 cellspacing=0 border=0 class=\"adminnavi\">\r\n\t\t\t\t\t<tr>\r\n\t\t\t\t\t\t<td class=\"adminnaviinner\">\r\n\t\t\t\t\t\t\t&nbsp;&nbsp;<a href=\"./index.php?pageid=manageusers\" class=\"navi\">Users</a> - \r\n\t\t\t\t\t\t\t<a href=\"./index.php?pageid=manageequip\" class=\"navi\">Equipment</a> - \r\n\t\t\t\t\t\t\t<a href=\"./index.php?pageid=browseres\" class=\"navi\">Browse Reservations</a> - \r\n\t\t\t\t\t\t\t<a href=\"./index.php?pageid=makeres\" class=\"navi\">Make Reservation</a> - \r\n\t\t\t\t\t\t\t<a href=\"./index.php?pageid=manageblackouts\" class=\"navi\">Blackouts</a> - \r\n\t\t\t\t\t\t\t<a href=\"./index.php?pageid=messages\" class=\"navi\">Messages</a>&nbsp;&nbsp;\r\n\t\t\t\t\t\t</td>\r\n\t\t\t\t\t</tr>\r\n\t\t\t\t</table>\r\n\t\t\t</td>\r\n\t\t\t\r\n\t\t</tr>";
    }
} else {
    $pageid = "login";
}