function get_bookings($ids_only = false, $status = false)
{
global $wpdb;
$status_condition = $blog_condition = '';
if (is_multisite()) {
if (!is_main_site()) {
//not the main blog, force single blog search
$blog_condition = "AND e.blog_id=" . get_current_blog_id();
} elseif (is_main_site() && !get_option('dbem_ms_global_events')) {
$blog_condition = "AND (e.blog_id=" . get_current_blog_id() . ' OR e.blog_id IS NULL)';
}
}
if (is_numeric($status)) {
$status_condition = " AND booking_status={$status}";
} elseif (EM_Object::array_is_numeric($status)) {
$status_condition = " AND booking_status IN (" . implode(',', $status) . ")";
}
$EM_Booking = em_get_booking();
//empty booking for fields
$results = $wpdb->get_results("SELECT b." . implode(', b.', array_keys($EM_Booking->fields)) . " FROM " . EM_BOOKINGS_TABLE . " b, " . EM_EVENTS_TABLE . " e WHERE e.event_id=b.event_id AND person_id={$this->ID} {$blog_condition} {$status_condition} ORDER BY " . get_option('dbem_bookings_default_orderby', 'event_start_date') . " " . get_option('dbem_bookings_default_order', 'ASC'), ARRAY_A);
$bookings = array();
if ($ids_only) {
foreach ($results as $booking_data) {
$bookings[] = $booking_data['booking_id'];
}
return apply_filters('em_person_get_bookings', $bookings, $this);
} else {
foreach ($results as $booking_data) {
$bookings[] = em_get_booking($booking_data);
}
return apply_filters('em_person_get_bookings', new EM_Bookings($bookings), $this);
}
}
function can_manage($event_ids = false, $admin_capability = false, $user_to_check = false)
{
global $wpdb;
if (current_user_can('edit_others_events')) {
return apply_filters('em_events_can_manage', true, $event_ids);
}
if (EM_Object::array_is_numeric($event_ids)) {
$condition = implode(" OR event_id=", $event_ids);
//we try to find any of these events that don't belong to this user
$results = $wpdb->get_var("SELECT COUNT(*) FROM " . EM_EVENTS_TABLE . " WHERE event_owner != '" . get_current_user_id() . "' event_id={$condition};");
return apply_filters('em_events_can_manage', $results == 0, $event_ids);
}
return apply_filters('em_events_can_manage', false, $event_ids);
}
/**
* Performs actions on init. This works for both ajax and normal requests, the return results depends if an em_ajax flag is passed via POST or GET.
*/
function em_init_actions()
{
global $wpdb, $EM_Notices, $EM_Event;
if (defined('DOING_AJAX') && DOING_AJAX) {
$_REQUEST['em_ajax'] = true;
}
//NOTE - No EM objects are globalized at this point, as we're hitting early init mode.
//TODO Clean this up.... use a uniformed way of calling EM Ajax actions
if (!empty($_REQUEST['em_ajax']) || !empty($_REQUEST['em_ajax_action'])) {
if (isset($_REQUEST['em_ajax_action']) && $_REQUEST['em_ajax_action'] == 'get_location') {
if (isset($_REQUEST['id'])) {
$EM_Location = new EM_Location($_REQUEST['id'], 'location_id');
$location_array = $EM_Location->to_array();
$location_array['location_balloon'] = $EM_Location->output(get_option('dbem_location_baloon_format'));
echo EM_Object::json_encode($location_array);
}
die;
}
if (isset($_REQUEST['em_ajax_action']) && $_REQUEST['em_ajax_action'] == 'delete_ticket') {
if (isset($_REQUEST['id'])) {
$EM_Ticket = new EM_Ticket($_REQUEST['id']);
$result = $EM_Ticket->delete();
if ($result) {
$result = array('result' => true);
} else {
$result = array('result' => false, 'error' => $EM_Ticket->feedback_message);
}
} else {
$result = array('result' => false, 'error' => __('No ticket id provided', 'dbem'));
}
echo EM_Object::json_encode($result);
die;
}
if (isset($_REQUEST['query']) && $_REQUEST['query'] == 'GlobalMapData') {
$EM_Locations = EM_Locations::get($_REQUEST);
$json_locations = array();
foreach ($EM_Locations as $location_key => $EM_Location) {
$json_locations[$location_key] = $EM_Location->to_array();
$json_locations[$location_key]['location_balloon'] = $EM_Location->output(get_option('dbem_map_text_format'));
}
echo EM_Object::json_encode($json_locations);
die;
}
if (isset($_REQUEST['ajaxCalendar']) && $_REQUEST['ajaxCalendar']) {
//FIXME if long events enabled originally, this won't show up on ajax call
echo EM_Calendar::output($_REQUEST, false);
die;
}
}
//Event Actions
if (!empty($_REQUEST['action']) && substr($_REQUEST['action'], 0, 5) == 'event') {
//Load the event object, with saved event if requested
if (!empty($_REQUEST['event_id'])) {
$EM_Event = new EM_Event($_REQUEST['event_id']);
} else {
$EM_Event = new EM_Event();
}
//Save Event, only via BP or via [event_form]
if ($_REQUEST['action'] == 'event_save' && $EM_Event->can_manage('edit_events', 'edit_others_events')) {
//Check Nonces
if (!wp_verify_nonce($_REQUEST['_wpnonce'], 'wpnonce_event_save')) {
exit('Trying to perform an illegal action.');
}
//Grab and validate submitted data
if ($EM_Event->get_post() && $EM_Event->save()) {
//EM_Event gets the event if submitted via POST and validates it (safer than to depend on JS)
$events_result = true;
//Success notice
if (is_user_logged_in()) {
$EM_Notices->add_confirm($EM_Event->output(get_option('dbem_events_form_result_success')), true);
} else {
$EM_Notices->add_confirm($EM_Event->output(get_option('dbem_events_anonymous_result_success')), true);
}
$redirect = !empty($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : wp_get_referer();
$redirect = em_add_get_params($redirect, array('success' => 1));
wp_redirect($redirect);
exit;
} else {
$EM_Notices->add_error($EM_Event->get_errors());
$events_result = false;
}
}
if ($_REQUEST['action'] == 'event_duplicate' && wp_verify_nonce($_REQUEST['_wpnonce'], 'event_duplicate_' . $EM_Event->event_id)) {
$EM_Event = $EM_Event->duplicate();
if ($EM_Event === false) {
$EM_Notices->add_error($EM_Event->errors, true);
} else {
$EM_Notices->add_confirm($EM_Event->feedback_message, true);
}
wp_redirect(wp_get_referer());
exit;
}
if ($_REQUEST['action'] == 'event_delete' && wp_verify_nonce($_REQUEST['_wpnonce'], 'event_delete_' . $EM_Event->event_id)) {
//DELETE action
$selectedEvents = !empty($_REQUEST['events']) ? $_REQUEST['events'] : '';
if (EM_Object::array_is_numeric($selectedEvents)) {
$events_result = EM_Events::delete($selectedEvents);
} elseif (is_object($EM_Event)) {
$events_result = $EM_Event->delete();
}
$plural = count($selectedEvents) > 1 ? __('Events', 'dbem') : __('Event', 'dbem');
if ($events_result) {
$message = !empty($EM_Event->feedback_message) ? $EM_Event->feedback_message : sprintf(__('%s successfully deleted.', 'dbem'), $plural);
$EM_Notices->add_confirm($message, true);
} else {
$message = !empty($EM_Event->errors) ? $EM_Event->errors : sprintf(__('%s could not be deleted.', 'dbem'), $plural);
$EM_Notices->add_error($message, true);
}
wp_redirect(wp_get_referer());
exit;
} elseif ($_REQUEST['action'] == 'event_detach' && wp_verify_nonce($_REQUEST['_wpnonce'], 'event_detach_' . get_current_user_id() . '_' . $EM_Event->event_id)) {
//Detach event and move on
if ($EM_Event->detach()) {
$EM_Notices->add_confirm($EM_Event->feedback_message, true);
} else {
$EM_Notices->add_error($EM_Event->errors, true);
}
wp_redirect(wp_get_referer());
exit;
} elseif ($_REQUEST['action'] == 'event_attach' && !empty($_REQUEST['undo_id']) && wp_verify_nonce($_REQUEST['_wpnonce'], 'event_attach_' . get_current_user_id() . '_' . $EM_Event->event_id)) {
//Detach event and move on
if ($EM_Event->attach($_REQUEST['undo_id'])) {
$EM_Notices->add_confirm($EM_Event->feedback_message, true);
} else {
$EM_Notices->add_error($EM_Event->errors, true);
}
wp_redirect(wp_get_referer());
exit;
}
//AJAX Exit
if (isset($events_result) && !empty($_REQUEST['em_ajax'])) {
if ($events_result) {
$return = array('result' => true, 'message' => $EM_Event->feedback_message);
} else {
$return = array('result' => false, 'message' => $EM_Event->feedback_message, 'errors' => $EM_Event->errors);
}
}
}
//Location Actions
if (!empty($_REQUEST['action']) && substr($_REQUEST['action'], 0, 8) == 'location') {
global $EM_Location, $EM_Notices;
//Load the location object, with saved event if requested
if (!empty($_REQUEST['location_id'])) {
$EM_Location = new EM_Location($_REQUEST['location_id']);
} else {
$EM_Location = new EM_Location();
}
if ($_REQUEST['action'] == 'location_save' && current_user_can('edit_locations')) {
if (get_site_option('dbem_ms_mainblog_locations')) {
EM_Object::ms_global_switch();
}
//switch to main blog if locations are global
//Check Nonces
em_verify_nonce('location_save');
//Grab and validate submitted data
if ($EM_Location->get_post() && $EM_Location->save()) {
//EM_location gets the location if submitted via POST and validates it (safer than to depend on JS)
$EM_Notices->add_confirm($EM_Location->feedback_message, true);
$redirect = !empty($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : wp_get_referer();
wp_redirect($redirect);
exit;
} else {
$EM_Notices->add_error($EM_Location->get_errors());
$result = false;
}
if (get_site_option('dbem_ms_mainblog_locations')) {
EM_Object::ms_global_switch_back();
}
} elseif (!empty($_REQUEST['action']) && $_REQUEST['action'] == "location_delete") {
//delete location
//get object or objects
if (!empty($_REQUEST['locations']) || !empty($_REQUEST['location_id'])) {
$args = !empty($_REQUEST['locations']) ? $_REQUEST['locations'] : $_REQUEST['location_id'];
$locations = EM_Locations::get($args);
foreach ($locations as $location) {
if (!$location->delete()) {
$EM_Notices->add_error($location->get_errors());
$errors = true;
}
}
if (empty($errors)) {
$result = true;
$location_term = count($locations) > 1 ? __('Locations', 'dbem') : __('Location', 'dbem');
$EM_Notices->add_confirm(sprintf(__('%s successfully deleted', 'dbem'), $location_term));
} else {
$result = false;
}
}
} elseif (!empty($_REQUEST['action']) && $_REQUEST['action'] == "locations_search" && (!empty($_REQUEST['term']) || !empty($_REQUEST['q']))) {
$results = array();
if (is_user_logged_in() || get_option('dbem_events_anonymous_submissions') && user_can(get_option('dbem_events_anonymous_user'), 'read_others_locations')) {
$location_cond = is_user_logged_in() && !current_user_can('read_others_locations') ? "AND location_owner=" . get_current_user_id() : '';
$term = isset($_REQUEST['term']) ? '%' . $_REQUEST['term'] . '%' : '%' . $_REQUEST['q'] . '%';
$sql = $wpdb->prepare("\r\n\t\t\t\t\tSELECT \r\n\t\t\t\t\t\tlocation_id AS `id`,\r\n\t\t\t\t\t\tConcat( location_name, ', ', location_address, ', ', location_town) AS `label`,\r\n\t\t\t\t\t\tlocation_name AS `value`,\r\n\t\t\t\t\t\tlocation_address AS `address`, \r\n\t\t\t\t\t\tlocation_town AS `town`, \r\n\t\t\t\t\t\tlocation_state AS `state`,\r\n\t\t\t\t\t\tlocation_region AS `region`,\r\n\t\t\t\t\t\tlocation_postcode AS `postcode`,\r\n\t\t\t\t\t\tlocation_country AS `country`\r\n\t\t\t\t\tFROM " . EM_LOCATIONS_TABLE . " \r\n\t\t\t\t\tWHERE ( `location_name` LIKE %s ) AND location_status=1 {$location_cond} LIMIT 10\r\n\t\t\t\t", $term);
$results = $wpdb->get_results($sql);
}
echo EM_Object::json_encode($results);
die;
}
if (isset($result) && $result && !empty($_REQUEST['em_ajax'])) {
$return = array('result' => true, 'message' => $EM_Location->feedback_message);
echo EM_Object::json_encode($return);
die;
} elseif (isset($result) && !$result && !empty($_REQUEST['em_ajax'])) {
$return = array('result' => false, 'message' => $EM_Location->feedback_message, 'errors' => $EM_Notices->get_errors());
echo EM_Object::json_encode($return);
die;
}
}
//Booking Actions
if (!empty($_REQUEST['action']) && substr($_REQUEST['action'], 0, 7) == 'booking' && (is_user_logged_in() || $_REQUEST['action'] == 'booking_add' && get_option('dbem_bookings_anonymous'))) {
global $EM_Event, $EM_Booking, $EM_Person;
//Load the booking object, with saved booking if requested
$EM_Booking = !empty($_REQUEST['booking_id']) ? new EM_Booking($_REQUEST['booking_id']) : new EM_Booking();
if (!empty($EM_Booking->event_id)) {
//Load the event object, with saved event if requested
$EM_Event = $EM_Booking->get_event();
} elseif (!empty($_REQUEST['event_id'])) {
$EM_Event = new EM_Event($_REQUEST['event_id']);
}
$allowed_actions = array('bookings_approve' => 'approve', 'bookings_reject' => 'reject', 'bookings_unapprove' => 'unapprove', 'bookings_delete' => 'delete');
$result = false;
$feedback = '';
if ($_REQUEST['action'] == 'booking_add') {
//ADD/EDIT Booking
ob_start();
em_verify_nonce('booking_add');
if (!is_user_logged_in() || get_option('dbem_bookings_double') || !$EM_Event->get_bookings()->has_booking(get_current_user_id())) {
$post_validation = $EM_Booking->get_post();
do_action('em_booking_add', $EM_Event, $EM_Booking, $post_validation);
if ($post_validation) {
//Does this user need to be registered first?
$registration = true;
//TODO do some ticket validation before registering the user
if ($EM_Event->get_bookings()->get_available_spaces() >= $EM_Booking->get_spaces(true)) {
if ((!is_user_logged_in() || defined('EM_FORCE_REGISTRATION')) && get_option('dbem_bookings_anonymous') && !get_option('dbem_bookings_registration_disable')) {
//find random username - less options for user, less things go wrong
$username_root = explode('@', $_REQUEST['user_email']);
$username_rand = $username_root[0] . rand(1, 1000);
while (username_exists($username_root[0] . rand(1, 1000))) {
$username_rand = $username_root[0] . rand(1, 1000);
}
$_REQUEST['dbem_phone'] = !empty($_REQUEST['dbem_phone']) ? $_REQUEST['dbem_phone'] : '';
//fix to prevent warnings
$_REQUEST['user_name'] = !empty($_REQUEST['user_name']) ? $_REQUEST['user_name'] : '';
//fix to prevent warnings
$user_data = array('user_login' => $username_rand, 'user_email' => $_REQUEST['user_email'], 'user_name' => $_REQUEST['user_name'], 'dbem_phone' => $_REQUEST['dbem_phone']);
$id = em_register_new_user($user_data);
if (is_numeric($id)) {
$EM_Person = new EM_Person($id);
$EM_Booking->person_id = $id;
$feedback = get_option('dbem_booking_feedback_new_user');
$EM_Notices->add_confirm($feedback);
} else {
$registration = false;
if (is_object($id) && get_class($id) == 'WP_Error') {
/* @var $id WP_Error */
if ($id->get_error_code() == 'email_exists') {
$EM_Notices->add_error(get_option('dbem_booking_feedback_email_exists'));
} else {
$EM_Notices->add_error($id->get_error_messages());
}
} else {
$EM_Notices->add_error(get_option('dbem_booking_feedback_reg_error'));
}
}
} elseif ((!is_user_logged_in() || defined('EM_FORCE_REGISTRATION')) && get_option('dbem_bookings_registration_disable')) {
//Validate name, phone and email
$user_data = array();
if (empty($EM_Booking->booking_meta['registration'])) {
$EM_Booking->booking_meta['registration'] = array();
}
// Check the e-mail address
if ($_REQUEST['user_email'] == '') {
$registration = false;
$EM_Notices->add_error(__('<strong>ERROR</strong>: Please type your e-mail address.', 'dbem'));
} elseif (!is_email($_REQUEST['user_email'])) {
$registration = false;
$EM_Notices->add_error(__('<strong>ERROR</strong>: The email address isn’t correct.', 'dbem'));
} elseif (email_exists($_REQUEST['user_email'])) {
$registration = false;
$EM_Notices->add_error(get_option('dbem_booking_feedback_email_exists'));
} else {
$user_data['user_email'] = $_REQUEST['user_email'];
}
//Check the user name
if (!empty($_REQUEST['user_name'])) {
$name_string = explode(' ', wp_kses($_REQUEST['user_name'], array()));
$user_data['first_name'] = array_shift($name_string);
$user_data['last_name'] = implode(' ', $name_string);
}
//Check the first/last name
if (!empty($_REQUEST['first_name'])) {
$user_data['first_name'] = wp_kses($_REQUEST['first_name'], array());
}
if (!empty($_REQUEST['last_name'])) {
$user_data['last_name'] = wp_kses($_REQUEST['last_name'], array());
}
//Check the phone
if (!empty($_REQUEST['dbem_phone'])) {
$user_data['dbem_phone'] = wp_kses($_REQUEST['dbem_phone'], array());
}
//Add booking meta
$EM_Booking->booking_meta['registration'] = array_merge($EM_Booking->booking_meta['registration'], $user_data);
//in case someone else added stuff
//Save default person to booking
$EM_Booking->person_id = get_option('dbem_bookings_registration_user');
} elseif (!is_user_logged_in()) {
$registration = false;
$EM_Notices->add_error(get_option('dbem_booking_feedback_log_in'));
} elseif (empty($EM_Booking->person_id)) {
//user must be logged in, so we make this person the current user id
$EM_Booking->person_id = get_current_user_id();
}
}
$EM_Bookings = $EM_Event->get_bookings();
if ($registration && $EM_Bookings->add($EM_Booking)) {
$result = true;
$EM_Notices->add_confirm($EM_Bookings->feedback_message);
$feedback = $EM_Bookings->feedback_message;
} else {
$result = false;
$EM_Notices->add_error($EM_Bookings->get_errors());
$feedback = $EM_Bookings->feedback_message;
}
} else {
$result = false;
$EM_Notices->add_error($EM_Booking->get_errors());
}
} else {
$result = false;
$feedback = get_option('dbem_booking_feedback_already_booked');
$EM_Notices->add_error($feedback);
}
ob_clean();
} elseif ($_REQUEST['action'] == 'booking_add_one' && is_object($EM_Event) && is_user_logged_in()) {
//ADD/EDIT Booking
em_verify_nonce('booking_add_one');
if (!$EM_Event->get_bookings()->has_booking(get_current_user_id()) || get_option('dbem_bookings_double')) {
$EM_Booking = new EM_Booking(array('person_id' => get_current_user_id(), 'event_id' => $EM_Event->event_id, 'booking_spaces' => 1));
//new booking
$EM_Ticket = $EM_Event->get_bookings()->get_tickets()->get_first();
//get first ticket in this event and book one place there. similar to getting the form values in EM_Booking::get_post_values()
$EM_Ticket_Booking = new EM_Ticket_Booking(array('ticket_id' => $EM_Ticket->ticket_id, 'ticket_booking_spaces' => 1));
$EM_Booking->tickets_bookings = new EM_Tickets_Bookings();
$EM_Booking->tickets_bookings->booking = $EM_Ticket_Booking->booking = $EM_Booking;
$EM_Booking->tickets_bookings->add($EM_Ticket_Booking);
//Now save booking
if ($EM_Event->get_bookings()->add($EM_Booking)) {
$result = true;
$EM_Notices->add_confirm($EM_Event->get_bookings()->feedback_message);
$feedback = $EM_Event->get_bookings()->feedback_message;
} else {
$result = false;
$EM_Notices->add_error($EM_Event->get_bookings()->get_errors());
$feedback = $EM_Event->get_bookings()->feedback_message;
}
} else {
$result = false;
$feedback = get_option('dbem_booking_feedback_already_booked');
$EM_Notices->add_error($feedback);
}
} elseif ($_REQUEST['action'] == 'booking_cancel') {
//Cancel Booking
em_verify_nonce('booking_cancel');
if ($EM_Booking->can_manage() || $EM_Booking->person->ID == get_current_user_id() && get_option('dbem_bookings_user_cancellation')) {
if ($EM_Booking->cancel()) {
$result = true;
if (!defined('DOING_AJAX')) {
if ($EM_Booking->person->ID == get_current_user_id()) {
$EM_Notices->add_confirm(get_option('dbem_booking_feedback_cancelled'), true);
} else {
$EM_Notices->add_confirm($EM_Booking->feedback_message, true);
}
wp_redirect($_SERVER['HTTP_REFERER']);
exit;
}
} else {
$result = false;
$EM_Notices->add_error($EM_Booking->get_errors());
$feedback = $EM_Booking->feedback_message;
}
} else {
$EM_Notices->add_error(__('You must log in to cancel your booking.', 'dbem'));
}
//TODO user action shouldn't check permission, booking object should.
} elseif (array_key_exists($_REQUEST['action'], $allowed_actions) && $EM_Event->can_manage('manage_bookings', 'manage_others_bookings')) {
//Event Admin only actions
$action = $allowed_actions[$_REQUEST['action']];
//Just do it here, since we may be deleting bookings of different events.
if (!empty($_REQUEST['bookings']) && EM_Object::array_is_numeric($_REQUEST['bookings'])) {
$results = array();
foreach ($_REQUEST['bookings'] as $booking_id) {
$EM_Booking = new EM_Booking($booking_id);
$result = $EM_Booking->{$action}();
$results[] = $result;
if (!in_array(false, $results) && !$result) {
$feedback = $EM_Booking->feedback_message;
}
}
$result = !in_array(false, $results);
} elseif (is_object($EM_Booking)) {
$result = $EM_Booking->{$action}();
$feedback = $EM_Booking->feedback_message;
}
//FIXME not adhereing to object's feedback or error message, like other bits in this file.
//TODO multiple deletion won't work in ajax
if (!empty($_REQUEST['em_ajax'])) {
if ($result) {
echo $feedback;
} else {
echo '<span style="color:red">' . $feedback . '</span>';
}
die;
}
} elseif ($_REQUEST['action'] == 'booking_save') {
em_verify_nonce('booking_save_' . $EM_Booking->booking_id);
do_action('em_booking_save', $EM_Event, $EM_Booking);
if ($EM_Booking->can_manage('manage_bookings', 'manage_others_bookings')) {
if ($EM_Booking->get_post(true) && $EM_Booking->save(false)) {
$EM_Notices->add_confirm($EM_Booking->feedback_message, true);
$redirect = !empty($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : wp_get_referer();
wp_redirect($redirect);
exit;
} else {
$result = false;
$EM_Notices->add_error($EM_Booking->get_errors());
$feedback = $EM_Booking->feedback_message;
}
}
} elseif ($_REQUEST['action'] == 'booking_set_status') {
em_verify_nonce('booking_set_status_' . $EM_Booking->booking_id);
if ($EM_Booking->can_manage('manage_bookings', 'manage_others_bookings') && $_REQUEST['booking_status'] != $EM_Booking->booking_status) {
if ($EM_Booking->set_status($_REQUEST['booking_status'], false)) {
if (!empty($_REQUEST['send_email'])) {
if ($EM_Booking->email(false)) {
$EM_Booking->feedback_message .= " " . __('Mail Sent.', 'dbem');
} else {
$EM_Booking->feedback_message .= ' <span style="color:red">' . __('ERROR : Mail Not Sent.', 'dbem') . '</span>';
}
}
$EM_Notices->add_confirm($EM_Booking->feedback_message, true);
$redirect = !empty($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : wp_get_referer();
wp_redirect($redirect);
exit;
} else {
$result = false;
$EM_Notices->add_error($EM_Booking->get_errors());
$feedback = $EM_Booking->feedback_message;
}
}
} elseif ($_REQUEST['action'] == 'booking_resend_email') {
em_verify_nonce('booking_resend_email_' . $EM_Booking->booking_id);
if ($EM_Booking->can_manage('manage_bookings', 'manage_others_bookings')) {
if ($EM_Booking->email(false, true)) {
$EM_Notices->add_confirm(__('Mail Sent.', 'dbem'), true);
$redirect = !empty($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : wp_get_referer();
wp_redirect($redirect);
exit;
} else {
$result = false;
$EM_Notices->add_error(__('ERROR : Mail Not Sent.', 'dbem'));
$feedback = $EM_Booking->feedback_message;
}
}
}
if ($result && defined('DOING_AJAX')) {
$return = array('result' => true, 'message' => $feedback);
echo EM_Object::json_encode(apply_filters('em_action_' . $_REQUEST['action'], $return, $EM_Booking));
die;
} elseif (!$result && defined('DOING_AJAX')) {
$return = array('result' => false, 'message' => $feedback, 'errors' => $EM_Notices->get_errors());
echo EM_Object::json_encode(apply_filters('em_action_' . $_REQUEST['action'], $return, $EM_Booking));
die;
}
} elseif (!empty($_REQUEST['action']) && $_REQUEST['action'] == 'booking_add' && !is_user_logged_in() && !get_option('dbem_bookings_anonymous')) {
$EM_Notices->add_error(get_option('dbem_booking_feedback_log_in'));
if (!$result && defined('DOING_AJAX')) {
$return = array('result' => false, 'message' => $EM_Booking->feedback_message, 'errors' => $EM_Notices->get_errors());
echo EM_Object::json_encode(apply_filters('em_action_' . $_REQUEST['action'], $return, $EM_Booking));
}
die;
}
//AJAX call for searches
if (!empty($_REQUEST['action']) && substr($_REQUEST['action'], 0, 6) == 'search') {
if ($_REQUEST['action'] == 'search_states') {
$results = array();
$conds = array();
if (!empty($_REQUEST['country'])) {
$conds[] = $wpdb->prepare("(location_country = '%s' OR location_country IS NULL )", $_REQUEST['country']);
}
if (!empty($_REQUEST['region'])) {
$conds[] = $wpdb->prepare("( location_region = '%s' OR location_region IS NULL )", $_REQUEST['region']);
}
$cond = count($conds) > 0 ? "AND " . implode(' AND ', $conds) : '';
$results = $wpdb->get_col("SELECT DISTINCT location_state FROM " . EM_LOCATIONS_TABLE . " WHERE location_state IS NOT NULL AND location_state != '' {$cond} ORDER BY location_state");
if ($_REQUEST['return_html']) {
//quick shortcut for quick html form manipulation
ob_start();
?>
<option value=''><?php
echo get_option('dbem_search_form_states_label');
?>
</option>
<?php
foreach ($results as $result) {
echo "<option>{$result}</option>";
}
$return = ob_get_clean();
echo apply_filters('em_ajax_search_states', $return);
exit;
} else {
echo EM_Object::json_encode($results);
exit;
}
}
if ($_REQUEST['action'] == 'search_towns') {
$results = array();
$conds = array();
if (!empty($_REQUEST['country'])) {
$conds[] = $wpdb->prepare("(location_country = '%s' OR location_country IS NULL )", $_REQUEST['country']);
}
if (!empty($_REQUEST['region'])) {
$conds[] = $wpdb->prepare("( location_region = '%s' OR location_region IS NULL )", $_REQUEST['region']);
}
if (!empty($_REQUEST['state'])) {
$conds[] = $wpdb->prepare("(location_state = '%s' OR location_state IS NULL )", $_REQUEST['state']);
}
$cond = count($conds) > 0 ? "AND " . implode(' AND ', $conds) : '';
$results = $wpdb->get_col("SELECT DISTINCT location_town FROM " . EM_LOCATIONS_TABLE . " WHERE location_town IS NOT NULL AND location_town != '' {$cond} ORDER BY location_town");
if ($_REQUEST['return_html']) {
//quick shortcut for quick html form manipulation
ob_start();
?>
<option value=''><?php
echo get_option('dbem_search_form_towns_label');
?>
</option>
<?php
foreach ($results as $result) {
echo "<option>{$result}</option>";
}
$return = ob_get_clean();
echo apply_filters('em_ajax_search_towns', $return);
exit;
} else {
echo EM_Object::json_encode($results);
exit;
}
}
if ($_REQUEST['action'] == 'search_regions') {
if (!empty($_REQUEST['country'])) {
$conds[] = $wpdb->prepare("(location_country = '%s' OR location_country IS NULL )", $_REQUEST['country']);
}
$cond = count($conds) > 0 ? "AND " . implode(' AND ', $conds) : '';
$results = $wpdb->get_results("SELECT DISTINCT location_region AS value FROM " . EM_LOCATIONS_TABLE . " WHERE location_region IS NOT NULL AND location_region != '' {$cond} ORDER BY location_region");
if ($_REQUEST['return_html']) {
//quick shortcut for quick html form manipulation
ob_start();
?>
<option value=''><?php
echo get_option('dbem_search_form_regions_label');
?>
</option>
<?php
foreach ($results as $result) {
echo "<option>{$result->value}</option>";
}
$return = ob_get_clean();
echo apply_filters('em_ajax_search_regions', $return);
exit;
} else {
echo EM_Object::json_encode($results);
exit;
}
} elseif ($_REQUEST['action'] == 'search_events' && get_option('dbem_events_page_search') && defined('DOING_AJAX')) {
$args = EM_Events::get_post_search();
$args['owner'] = false;
ob_start();
em_locate_template('templates/events-list.php', true, array('args' => $args));
//if successful, this template overrides the settings and defaults, including search
echo apply_filters('em_ajax_search_events', ob_get_clean(), $args);
exit;
}
}
//EM Ajax requests require this flag.
if (is_user_logged_in()) {
//Admin operations
//Specific Oject Ajax
if (!empty($_REQUEST['em_obj'])) {
switch ($_REQUEST['em_obj']) {
case 'em_bookings_events_table':
case 'em_bookings_pending_table':
case 'em_bookings_confirmed_table':
//add some admin files just in case
include_once 'admin/bookings/em-confirmed.php';
include_once 'admin/bookings/em-events.php';
include_once 'admin/bookings/em-pending.php';
call_user_func($_REQUEST['em_obj']);
exit;
break;
}
}
}
//Export CSV - WIP
if (!empty($_REQUEST['action']) && $_REQUEST['action'] == 'export_bookings_csv' && wp_verify_nonce($_REQUEST['_wpnonce'], 'export_bookings_csv')) {
//sort out cols
if (!empty($_REQUEST['cols']) && is_array($_REQUEST['cols'])) {
$cols = array();
foreach ($_REQUEST['cols'] as $col => $active) {
if ($active) {
$cols[] = $col;
}
}
$_REQUEST['cols'] = $cols;
}
$_REQUEST['limit'] = 0;
//generate bookings export according to search request
$show_tickets = !empty($_REQUEST['show_tickets']);
$EM_Bookings_Table = new EM_Bookings_Table($show_tickets);
header("Content-Type: application/octet-stream; charset=utf-8");
header("Content-Disposition: Attachment; filename=" . sanitize_title(get_bloginfo()) . "-bookings-export.csv");
echo sprintf(__('Exported booking on %s', 'dbem'), date_i18n('D d M Y h:i', current_time('timestamp'))) . "\n";
echo '"' . implode('","', $EM_Bookings_Table->get_headers(true)) . '"' . "\n";
//Rows
$EM_Bookings_Table->limit = 150;
//if you're having server memory issues, try messing with this number
$EM_Bookings = $EM_Bookings_Table->get_bookings();
$handle = fopen("php://output", "w");
while (!empty($EM_Bookings)) {
foreach ($EM_Bookings as $EM_Booking) {
//Display all values
/* @var $EM_Booking EM_Booking */
/* @var $EM_Ticket_Booking EM_Ticket_Booking */
if ($show_tickets) {
foreach ($EM_Booking->get_tickets_bookings()->tickets_bookings as $EM_Ticket_Booking) {
$row = $EM_Bookings_Table->get_row_csv($EM_Ticket_Booking);
fputcsv($handle, $row);
}
} else {
$row = $EM_Bookings_Table->get_row_csv($EM_Booking);
fputcsv($handle, $row);
}
}
//reiterate loop
$EM_Bookings_Table->offset += $EM_Bookings_Table->limit;
$EM_Bookings = $EM_Bookings_Table->get_bookings();
}
fclose($handle);
exit;
}
}
/**
* Performs actions on init. This works for both ajax and normal requests, the return results depends if an em_ajax flag is passed via POST or GET.
*/
function em_init_actions()
{
global $wpdb, $EM_Notices, $EM_Event;
if (defined('DOING_AJAX') && DOING_AJAX) {
$_REQUEST['em_ajax'] = true;
}
//NOTE - No EM objects are globalized at this point, as we're hitting early init mode.
//TODO Clean this up.... use a uniformed way of calling EM Ajax actions
if (!empty($_REQUEST['em_ajax']) || !empty($_REQUEST['em_ajax_action'])) {
if (isset($_REQUEST['em_ajax_action']) && $_REQUEST['em_ajax_action'] == 'get_location') {
if (isset($_REQUEST['id'])) {
$EM_Location = new EM_Location($_REQUEST['id'], 'location_id');
$location_array = $EM_Location->to_array();
$location_array['location_balloon'] = $EM_Location->output(get_option('dbem_location_baloon_format'));
echo EM_Object::json_encode($location_array);
}
die;
}
if (isset($_REQUEST['em_ajax_action']) && $_REQUEST['em_ajax_action'] == 'delete_ticket') {
if (isset($_REQUEST['id'])) {
$EM_Ticket = new EM_Ticket($_REQUEST['id']);
$result = $EM_Ticket->delete();
if ($result) {
$result = array('result' => true);
} else {
$result = array('result' => false, 'error' => $EM_Ticket->feedback_message);
}
} else {
$result = array('result' => false, 'error' => __('No ticket id provided', 'dbem'));
}
echo EM_Object::json_encode($result);
die;
}
if (isset($_REQUEST['query']) && $_REQUEST['query'] == 'GlobalMapData') {
$EM_Locations = EM_Locations::get($_REQUEST);
$json_locations = array();
foreach ($EM_Locations as $location_key => $EM_Location) {
$json_locations[$location_key] = $EM_Location->to_array();
$json_locations[$location_key]['location_balloon'] = $EM_Location->output(get_option('dbem_map_text_format'));
}
echo EM_Object::json_encode($json_locations);
die;
}
if (isset($_REQUEST['ajaxCalendar']) && $_REQUEST['ajaxCalendar']) {
//FIXME if long events enabled originally, this won't show up on ajax call
echo EM_Calendar::output($_REQUEST, false);
die;
}
}
//Event Actions
if (!empty($_REQUEST['action']) && substr($_REQUEST['action'], 0, 5) == 'event') {
//Load the event object, with saved event if requested
if (!empty($_REQUEST['event_id'])) {
$EM_Event = new EM_Event($_REQUEST['event_id']);
} else {
$EM_Event = new EM_Event();
}
//Save Event, only via BP or via [event_form]
if ($_REQUEST['action'] == 'event_save' && $EM_Event->can_manage('edit_events', 'edit_others_events')) {
//Check Nonces
if (!wp_verify_nonce($_REQUEST['_wpnonce'], 'wpnonce_event_save')) {
exit('Trying to perform an illegal action.');
}
//Grab and validate submitted data
if ($EM_Event->get_post() && $EM_Event->save()) {
//EM_Event gets the event if submitted via POST and validates it (safer than to depend on JS)
$events_result = true;
//Success notice
if (is_user_logged_in()) {
if (empty($_REQUEST['event_id'])) {
$EM_Notices->add_confirm($EM_Event->output(get_option('dbem_events_form_result_success')), true);
} else {
$EM_Notices->add_confirm($EM_Event->output(get_option('dbem_events_form_result_success_updated')), true);
}
} else {
$EM_Notices->add_confirm($EM_Event->output(get_option('dbem_events_anonymous_result_success')), true);
}
$redirect = !empty($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : wp_get_referer();
$redirect = em_add_get_params($redirect, array('success' => 1), false, false);
wp_redirect($redirect);
exit;
} else {
$EM_Notices->add_error($EM_Event->get_errors());
$events_result = false;
}
}
if ($_REQUEST['action'] == 'event_duplicate' && wp_verify_nonce($_REQUEST['_wpnonce'], 'event_duplicate_' . $EM_Event->event_id)) {
$event = $EM_Event->duplicate();
if ($event === false) {
$EM_Notices->add_error($EM_Event->errors, true);
wp_redirect(wp_get_referer());
} else {
$EM_Notices->add_confirm($EM_Event->feedback_message, true);
wp_redirect($event->get_edit_url());
}
exit;
}
if ($_REQUEST['action'] == 'event_delete' && wp_verify_nonce($_REQUEST['_wpnonce'], 'event_delete_' . $EM_Event->event_id)) {
//DELETE action
$selectedEvents = !empty($_REQUEST['events']) ? $_REQUEST['events'] : '';
if (EM_Object::array_is_numeric($selectedEvents)) {
$events_result = EM_Events::delete($selectedEvents);
} elseif (is_object($EM_Event)) {
$events_result = $EM_Event->delete();
}
$plural = count($selectedEvents) > 1 ? __('Events', 'dbem') : __('Event', 'dbem');
if ($events_result) {
$message = !empty($EM_Event->feedback_message) ? $EM_Event->feedback_message : sprintf(__('%s successfully deleted.', 'dbem'), $plural);
$EM_Notices->add_confirm($message, true);
} else {
$message = !empty($EM_Event->errors) ? $EM_Event->errors : sprintf(__('%s could not be deleted.', 'dbem'), $plural);
$EM_Notices->add_error($message, true);
}
wp_redirect(wp_get_referer());
exit;
} elseif ($_REQUEST['action'] == 'event_detach' && wp_verify_nonce($_REQUEST['_wpnonce'], 'event_detach_' . get_current_user_id() . '_' . $EM_Event->event_id)) {
//Detach event and move on
if ($EM_Event->detach()) {
$EM_Notices->add_confirm($EM_Event->feedback_message, true);
} else {
$EM_Notices->add_error($EM_Event->errors, true);
}
wp_redirect(wp_get_referer());
exit;
} elseif ($_REQUEST['action'] == 'event_attach' && !empty($_REQUEST['undo_id']) && wp_verify_nonce($_REQUEST['_wpnonce'], 'event_attach_' . get_current_user_id() . '_' . $EM_Event->event_id)) {
//Detach event and move on
if ($EM_Event->attach($_REQUEST['undo_id'])) {
$EM_Notices->add_confirm($EM_Event->feedback_message, true);
} else {
$EM_Notices->add_error($EM_Event->errors, true);
}
wp_redirect(wp_get_referer());
exit;
}
//AJAX Exit
if (isset($events_result) && !empty($_REQUEST['em_ajax'])) {
if ($events_result) {
$return = array('result' => true, 'message' => $EM_Event->feedback_message);
} else {
$return = array('result' => false, 'message' => $EM_Event->feedback_message, 'errors' => $EM_Event->errors);
}
echo EM_Object::json_encode($return);
edit();
}
}
//Location Actions
if (!empty($_REQUEST['action']) && substr($_REQUEST['action'], 0, 8) == 'location') {
global $EM_Location, $EM_Notices;
//Load the location object, with saved event if requested
if (!empty($_REQUEST['location_id'])) {
$EM_Location = new EM_Location($_REQUEST['location_id']);
} else {
$EM_Location = new EM_Location();
}
if ($_REQUEST['action'] == 'location_save' && $EM_Location->can_manage('edit_locations', 'edit_others_locations')) {
//Check Nonces
em_verify_nonce('location_save');
//Grab and validate submitted data
if ($EM_Location->get_post() && $EM_Location->save()) {
//EM_location gets the location if submitted via POST and validates it (safer than to depend on JS)
$EM_Notices->add_confirm($EM_Location->feedback_message, true);
$redirect = !empty($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : wp_get_referer();
wp_redirect($redirect);
exit;
} else {
$EM_Notices->add_error($EM_Location->get_errors());
$result = false;
}
} elseif (!empty($_REQUEST['action']) && $_REQUEST['action'] == "location_delete") {
//delete location
//get object or objects
if (!empty($_REQUEST['locations']) || !empty($_REQUEST['location_id'])) {
$args = !empty($_REQUEST['locations']) ? $_REQUEST['locations'] : $_REQUEST['location_id'];
$locations = EM_Locations::get($args);
foreach ($locations as $location) {
if (!$location->delete()) {
$EM_Notices->add_error($location->get_errors());
$errors = true;
}
}
if (empty($errors)) {
$result = true;
$location_term = count($locations) > 1 ? __('Locations', 'dbem') : __('Location', 'dbem');
$EM_Notices->add_confirm(sprintf(__('%s successfully deleted', 'dbem'), $location_term));
} else {
$result = false;
}
}
} elseif (!empty($_REQUEST['action']) && $_REQUEST['action'] == "locations_search" && (!empty($_REQUEST['term']) || !empty($_REQUEST['q']))) {
$results = array();
if (is_user_logged_in() || get_option('dbem_events_anonymous_submissions') && user_can(get_option('dbem_events_anonymous_user'), 'read_others_locations')) {
$location_cond = is_user_logged_in() && !current_user_can('read_others_locations') ? "AND location_owner=" . get_current_user_id() : '';
if (!is_user_logged_in() && get_option('dbem_events_anonymous_submissions')) {
if (!user_can(get_option('dbem_events_anonymous_user'), 'read_private_locations')) {
$location_cond = " AND location_private=0";
}
} elseif (is_user_logged_in() && !current_user_can('read_private_locations')) {
$location_cond = " AND location_private=0";
} elseif (!is_user_logged_in()) {
$location_cond = " AND location_private=0";
}
$location_cond = apply_filters('em_actions_locations_search_cond', $location_cond);
$term = isset($_REQUEST['term']) ? '%' . $_REQUEST['term'] . '%' : '%' . $_REQUEST['q'] . '%';
$sql = $wpdb->prepare("\n\t\t\t\t\tSELECT \n\t\t\t\t\t\tlocation_id AS `id`,\n\t\t\t\t\t\tConcat( location_name ) AS `label`,\n\t\t\t\t\t\tlocation_name AS `value`,\n\t\t\t\t\t\tlocation_address AS `address`, \n\t\t\t\t\t\tlocation_town AS `town`, \n\t\t\t\t\t\tlocation_state AS `state`,\n\t\t\t\t\t\tlocation_region AS `region`,\n\t\t\t\t\t\tlocation_postcode AS `postcode`,\n\t\t\t\t\t\tlocation_country AS `country`\n\t\t\t\t\tFROM " . EM_LOCATIONS_TABLE . " \n\t\t\t\t\tWHERE ( `location_name` LIKE %s ) AND location_status=1 {$location_cond} LIMIT 10\n\t\t\t\t", $term);
$results = $wpdb->get_results($sql);
}
echo EM_Object::json_encode($results);
die;
}
if (isset($result) && $result && !empty($_REQUEST['em_ajax'])) {
$return = array('result' => true, 'message' => $EM_Location->feedback_message);
echo EM_Object::json_encode($return);
die;
} elseif (isset($result) && !$result && !empty($_REQUEST['em_ajax'])) {
$return = array('result' => false, 'message' => $EM_Location->feedback_message, 'errors' => $EM_Notices->get_errors());
echo EM_Object::json_encode($return);
die;
}
}
//Booking Actions
if (!empty($_REQUEST['action']) && substr($_REQUEST['action'], 0, 7) == 'booking' && (is_user_logged_in() || $_REQUEST['action'] == 'booking_add' && get_option('dbem_bookings_anonymous'))) {
global $EM_Event, $EM_Booking, $EM_Person;
//Load the booking object, with saved booking if requested
$EM_Booking = !empty($_REQUEST['booking_id']) ? em_get_booking($_REQUEST['booking_id']) : em_get_booking();
if (!empty($EM_Booking->event_id)) {
//Load the event object, with saved event if requested
$EM_Event = $EM_Booking->get_event();
} elseif (!empty($_REQUEST['event_id'])) {
$EM_Event = new EM_Event($_REQUEST['event_id']);
}
$allowed_actions = array('bookings_approve' => 'approve', 'bookings_reject' => 'reject', 'bookings_unapprove' => 'unapprove', 'bookings_delete' => 'delete');
$result = false;
$feedback = '';
if ($_REQUEST['action'] == 'booking_add') {
//ADD/EDIT Booking
ob_start();
if (!defined('WP_CACHE') || !WP_CACHE) {
em_verify_nonce('booking_add');
}
if (!is_user_logged_in() || get_option('dbem_bookings_double') || !$EM_Event->get_bookings()->has_booking(get_current_user_id())) {
$EM_Booking->get_post();
$post_validation = $EM_Booking->validate();
do_action('em_booking_add', $EM_Event, $EM_Booking, $post_validation);
if ($post_validation) {
//register the user - or not depending - according to the booking
$registration = em_booking_add_registration($EM_Booking);
$EM_Bookings = $EM_Event->get_bookings();
if ($registration && $EM_Bookings->add($EM_Booking)) {
if (is_user_logged_in() && is_multisite() && !is_user_member_of_blog(get_current_user_id(), get_current_blog_id())) {
add_user_to_blog(get_current_blog_id(), get_current_user_id(), get_option('default_role'));
}
$result = true;
$EM_Notices->add_confirm($EM_Bookings->feedback_message);
$feedback = $EM_Bookings->feedback_message;
} else {
$result = false;
if (!$registration) {
$EM_Notices->add_error($EM_Booking->get_errors());
$feedback = $EM_Booking->feedback_message;
} else {
$EM_Notices->add_error($EM_Bookings->get_errors());
$feedback = $EM_Bookings->feedback_message;
}
}
global $em_temp_user_data;
$em_temp_user_data = false;
//delete registered user temp info (if exists)
} else {
$result = false;
$EM_Notices->add_error($EM_Booking->get_errors());
}
} else {
$result = false;
$feedback = get_option('dbem_booking_feedback_already_booked');
$EM_Notices->add_error($feedback);
}
ob_clean();
} elseif ($_REQUEST['action'] == 'booking_add_one' && is_object($EM_Event) && is_user_logged_in()) {
//ADD/EDIT Booking
em_verify_nonce('booking_add_one');
if (!$EM_Event->get_bookings()->has_booking(get_current_user_id()) || get_option('dbem_bookings_double')) {
$EM_Booking = em_get_booking(array('person_id' => get_current_user_id(), 'event_id' => $EM_Event->event_id, 'booking_spaces' => 1));
//new booking
$EM_Ticket = $EM_Event->get_bookings()->get_tickets()->get_first();
//get first ticket in this event and book one place there. similar to getting the form values in EM_Booking::get_post_values()
$EM_Ticket_Booking = new EM_Ticket_Booking(array('ticket_id' => $EM_Ticket->ticket_id, 'ticket_booking_spaces' => 1));
$EM_Booking->tickets_bookings = new EM_Tickets_Bookings();
$EM_Booking->tickets_bookings->booking = $EM_Ticket_Booking->booking = $EM_Booking;
$EM_Booking->tickets_bookings->add($EM_Ticket_Booking);
//Now save booking
if ($EM_Event->get_bookings()->add($EM_Booking)) {
$result = true;
$EM_Notices->add_confirm($EM_Event->get_bookings()->feedback_message);
$feedback = $EM_Event->get_bookings()->feedback_message;
} else {
$result = false;
$EM_Notices->add_error($EM_Event->get_bookings()->get_errors());
$feedback = $EM_Event->get_bookings()->feedback_message;
}
} else {
$result = false;
$feedback = get_option('dbem_booking_feedback_already_booked');
$EM_Notices->add_error($feedback);
}
} elseif ($_REQUEST['action'] == 'booking_cancel') {
//Cancel Booking
em_verify_nonce('booking_cancel');
if ($EM_Booking->can_manage() || $EM_Booking->person->ID == get_current_user_id() && get_option('dbem_bookings_user_cancellation')) {
if ($EM_Booking->cancel()) {
$result = true;
if (!defined('DOING_AJAX')) {
if ($EM_Booking->person->ID == get_current_user_id()) {
$EM_Notices->add_confirm(get_option('dbem_booking_feedback_cancelled'), true);
} else {
$EM_Notices->add_confirm($EM_Booking->feedback_message, true);
}
wp_redirect($_SERVER['HTTP_REFERER']);
exit;
}
} else {
$result = false;
$EM_Notices->add_error($EM_Booking->get_errors());
$feedback = $EM_Booking->feedback_message;
}
} else {
$EM_Notices->add_error(__('You must log in to cancel your booking.', 'dbem'));
}
//TODO user action shouldn't check permission, booking object should.
} elseif (array_key_exists($_REQUEST['action'], $allowed_actions) && $EM_Event->can_manage('manage_bookings', 'manage_others_bookings')) {
//Event Admin only actions
$action = $allowed_actions[$_REQUEST['action']];
//Just do it here, since we may be deleting bookings of different events.
if (!empty($_REQUEST['bookings']) && EM_Object::array_is_numeric($_REQUEST['bookings'])) {
$results = array();
foreach ($_REQUEST['bookings'] as $booking_id) {
$EM_Booking = em_get_booking($booking_id);
$result = $EM_Booking->{$action}();
$results[] = $result;
if (!in_array(false, $results) && !$result) {
$feedback = $EM_Booking->feedback_message;
}
}
$result = !in_array(false, $results);
} elseif (is_object($EM_Booking)) {
$result = $EM_Booking->{$action}();
$feedback = $EM_Booking->feedback_message;
}
//FIXME not adhereing to object's feedback or error message, like other bits in this file.
//TODO multiple deletion won't work in ajax
if (!empty($_REQUEST['em_ajax'])) {
if ($result) {
echo $feedback;
} else {
echo '<span style="color:red">' . $feedback . '</span>';
}
die;
} else {
if ($result) {
$EM_Notices->add_confirm($feedback);
} else {
$EM_Notices->add_error($feedback);
}
}
} elseif ($_REQUEST['action'] == 'booking_save') {
em_verify_nonce('booking_save_' . $EM_Booking->booking_id);
do_action('em_booking_save', $EM_Event, $EM_Booking);
if ($EM_Booking->can_manage('manage_bookings', 'manage_others_bookings')) {
if ($EM_Booking->get_post(true) && $EM_Booking->validate(true) && $EM_Booking->save(false)) {
$EM_Notices->add_confirm($EM_Booking->feedback_message, true);
$redirect = !empty($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : wp_get_referer();
wp_redirect($redirect);
exit;
} else {
$result = false;
$EM_Notices->add_error($EM_Booking->get_errors());
$feedback = $EM_Booking->feedback_message;
}
}
} elseif ($_REQUEST['action'] == 'booking_set_status') {
em_verify_nonce('booking_set_status_' . $EM_Booking->booking_id);
if ($EM_Booking->can_manage('manage_bookings', 'manage_others_bookings') && $_REQUEST['booking_status'] != $EM_Booking->booking_status) {
if ($EM_Booking->set_status($_REQUEST['booking_status'], false, true)) {
if (!empty($_REQUEST['send_email'])) {
if ($EM_Booking->email()) {
if ($EM_Booking->mails_sent > 0) {
$EM_Booking->feedback_message .= " " . __('Email Sent.', 'dbem');
} else {
$EM_Booking->feedback_message .= " " . _x('No emails to send for this booking.', 'bookings', 'dbem');
}
} else {
$EM_Booking->feedback_message .= ' <span style="color:red">' . __('ERROR : Email Not Sent.', 'dbem') . '</span>';
}
}
$EM_Notices->add_confirm($EM_Booking->feedback_message, true);
$redirect = !empty($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : wp_get_referer();
wp_redirect($redirect);
exit;
} else {
$result = false;
$EM_Notices->add_error($EM_Booking->get_errors());
$feedback = $EM_Booking->feedback_message;
}
}
} elseif ($_REQUEST['action'] == 'booking_resend_email') {
em_verify_nonce('booking_resend_email_' . $EM_Booking->booking_id);
if ($EM_Booking->can_manage('manage_bookings', 'manage_others_bookings')) {
if ($EM_Booking->email(false, true)) {
if ($EM_Booking->mails_sent > 0) {
$EM_Notices->add_confirm(__('Email Sent.', 'dbem'), true);
} else {
$EM_Notices->add_confirm(_x('No emails to send for this booking.', 'bookings', 'dbem'), true);
}
$redirect = !empty($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : wp_get_referer();
wp_redirect($redirect);
exit;
} else {
$result = false;
$EM_Notices->add_error(__('ERROR : Email Not Sent.', 'dbem'));
$feedback = $EM_Booking->feedback_message;
}
}
} elseif ($_REQUEST['action'] == 'booking_modify_person') {
em_verify_nonce('booking_modify_person_' . $EM_Booking->booking_id);
if ($EM_Booking->can_manage('manage_bookings', 'manage_others_bookings')) {
global $wpdb;
$no_user = get_option('dbem_bookings_registration_disable') && $EM_Booking->get_person()->ID == get_option('dbem_bookings_registration_user');
if ($no_user && $EM_Booking->get_person_post() && $wpdb->update(EM_BOOKINGS_TABLE, array('booking_meta' => serialize($EM_Booking->booking_meta)), array('booking_id' => $EM_Booking->booking_id))) {
$EM_Notices->add_confirm($EM_Booking->feedback_message, true);
$redirect = !empty($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : wp_get_referer();
wp_redirect($redirect);
exit;
} else {
$result = false;
$EM_Notices->add_error($EM_Booking->get_errors());
$feedback = $EM_Booking->feedback_message;
}
}
do_action('em_booking_modify_person', $EM_Event, $EM_Booking);
}
if ($result && defined('DOING_AJAX')) {
$return = array('result' => true, 'message' => $feedback);
header('Content-Type: application/javascript; charset=UTF-8', true);
//add this for HTTP -> HTTPS requests which assume it's a cross-site request
echo EM_Object::json_encode(apply_filters('em_action_' . $_REQUEST['action'], $return, $EM_Booking));
die;
} elseif (!$result && defined('DOING_AJAX')) {
$return = array('result' => false, 'message' => $feedback, 'errors' => $EM_Notices->get_errors());
header('Content-Type: application/javascript; charset=UTF-8', true);
//add this for HTTP -> HTTPS requests which assume it's a cross-site request
echo EM_Object::json_encode(apply_filters('em_action_' . $_REQUEST['action'], $return, $EM_Booking));
die;
}
} elseif (!empty($_REQUEST['action']) && $_REQUEST['action'] == 'booking_add' && !is_user_logged_in() && !get_option('dbem_bookings_anonymous')) {
$EM_Notices->add_error(get_option('dbem_booking_feedback_log_in'));
if (!$result && defined('DOING_AJAX')) {
$return = array('result' => false, 'message' => $EM_Booking->feedback_message, 'errors' => $EM_Notices->get_errors());
echo EM_Object::json_encode(apply_filters('em_action_' . $_REQUEST['action'], $return, $EM_Booking));
}
die;
}
//AJAX call for searches
if (!empty($_REQUEST['action']) && substr($_REQUEST['action'], 0, 6) == 'search') {
//default search arts
if ($_REQUEST['action'] == 'search_states') {
$results = array();
$conds = array();
if (!empty($_REQUEST['country'])) {
$conds[] = $wpdb->prepare("(location_country = '%s' OR location_country IS NULL )", $_REQUEST['country']);
}
if (!empty($_REQUEST['region'])) {
$conds[] = $wpdb->prepare("( location_region = '%s' )", $_REQUEST['region']);
}
$cond = count($conds) > 0 ? "AND " . implode(' AND ', $conds) : '';
$results = $wpdb->get_col("SELECT DISTINCT location_state FROM " . EM_LOCATIONS_TABLE . " WHERE location_state IS NOT NULL AND location_state != '' {$cond} ORDER BY location_state");
if ($_REQUEST['return_html']) {
//quick shortcut for quick html form manipulation
ob_start();
?>
<option value=''><?php
echo get_option('dbem_search_form_states_label');
?>
</option>
<?php
foreach ($results as $result) {
echo "<option>{$result}</option>";
}
$return = ob_get_clean();
echo apply_filters('em_ajax_search_states', $return);
exit;
} else {
echo EM_Object::json_encode($results);
exit;
}
}
if ($_REQUEST['action'] == 'search_towns') {
$results = array();
$conds = array();
if (!empty($_REQUEST['country'])) {
$conds[] = $wpdb->prepare("(location_country = '%s' OR location_country IS NULL )", $_REQUEST['country']);
}
if (!empty($_REQUEST['region'])) {
$conds[] = $wpdb->prepare("( location_region = '%s' )", $_REQUEST['region']);
}
if (!empty($_REQUEST['state'])) {
$conds[] = $wpdb->prepare("(location_state = '%s' )", $_REQUEST['state']);
}
$cond = count($conds) > 0 ? "AND " . implode(' AND ', $conds) : '';
$results = $wpdb->get_col("SELECT DISTINCT location_town FROM " . EM_LOCATIONS_TABLE . " WHERE location_town IS NOT NULL AND location_town != '' {$cond} ORDER BY location_town");
if ($_REQUEST['return_html']) {
//quick shortcut for quick html form manipulation
ob_start();
?>
<option value=''><?php
echo get_option('dbem_search_form_towns_label');
?>
</option>
<?php
foreach ($results as $result) {
echo "<option>{$result}</option>";
}
$return = ob_get_clean();
echo apply_filters('em_ajax_search_towns', $return);
exit;
} else {
echo EM_Object::json_encode($results);
exit;
}
}
if ($_REQUEST['action'] == 'search_regions') {
$results = array();
if (!empty($_REQUEST['country'])) {
$conds[] = $wpdb->prepare("(location_country = '%s' )", $_REQUEST['country']);
}
$cond = count($conds) > 0 ? "AND " . implode(' AND ', $conds) : '';
$results = $wpdb->get_results("SELECT DISTINCT location_region AS value FROM " . EM_LOCATIONS_TABLE . " WHERE location_region IS NOT NULL AND location_region != '' {$cond} ORDER BY location_region");
if ($_REQUEST['return_html']) {
//quick shortcut for quick html form manipulation
ob_start();
?>
<option value=''><?php
echo get_option('dbem_search_form_regions_label');
?>
</option>
<?php
foreach ($results as $result) {
echo "<option>{$result->value}</option>";
}
$return = ob_get_clean();
echo apply_filters('em_ajax_search_regions', $return);
exit;
} else {
echo EM_Object::json_encode($results);
exit;
}
}
}
//EM Ajax requests require this flag.
if (is_user_logged_in()) {
//Admin operations
//Specific Oject Ajax
if (!empty($_REQUEST['em_obj'])) {
switch ($_REQUEST['em_obj']) {
case 'em_bookings_events_table':
include_once 'admin/bookings/em-events.php';
em_bookings_events_table();
exit;
break;
case 'em_bookings_pending_table':
include_once 'admin/bookings/em-pending.php';
em_bookings_pending_table();
exit;
break;
case 'em_bookings_confirmed_table':
//add some admin files just in case
include_once 'admin/bookings/em-confirmed.php';
em_bookings_confirmed_table();
exit;
break;
}
}
}
//Export CSV - WIP
if (!empty($_REQUEST['action']) && $_REQUEST['action'] == 'export_bookings_csv' && wp_verify_nonce($_REQUEST['_wpnonce'], 'export_bookings_csv')) {
if (!empty($_REQUEST['event_id'])) {
$EM_Event = em_get_event($_REQUEST['event_id']);
}
//sort out cols
if (!empty($_REQUEST['cols']) && is_array($_REQUEST['cols'])) {
$cols = array();
foreach ($_REQUEST['cols'] as $col => $active) {
if ($active) {
$cols[] = $col;
}
}
$_REQUEST['cols'] = $cols;
}
$_REQUEST['limit'] = 0;
//generate bookings export according to search request
$show_tickets = !empty($_REQUEST['show_tickets']);
$EM_Bookings_Table = new EM_Bookings_Table($show_tickets);
header("Content-Type: application/octet-stream; charset=utf-8");
$file_name = !empty($EM_Event->event_slug) ? $EM_Event->event_slug : get_bloginfo();
header("Content-Disposition: Attachment; filename=" . sanitize_title($file_name) . "-bookings-export.csv");
do_action('em_csv_header_output');
echo "";
// UTF-8 for MS Excel (a little hacky... but does the job)
if (!defined('EM_CSV_DISABLE_HEADERS') || !EM_CSV_DISABLE_HEADERS) {
if (!empty($_REQUEST['event_id'])) {
echo __('Event', 'dbem') . ' : ' . $EM_Event->event_name . "\n";
if ($EM_Event->location_id > 0) {
echo __('Where', 'dbem') . ' - ' . $EM_Event->get_location()->location_name . "\n";
}
echo __('When', 'dbem') . ' : ' . $EM_Event->output('#_EVENTDATES - #_EVENTTIMES') . "\n";
}
echo sprintf(__('Exported booking on %s', 'dbem'), date_i18n('D d M Y h:i', current_time('timestamp'))) . "\n";
}
echo '"' . implode('","', $EM_Bookings_Table->get_headers(true)) . '"' . "\n";
//Rows
$EM_Bookings_Table->limit = 150;
//if you're having server memory issues, try messing with this number
$EM_Bookings = $EM_Bookings_Table->get_bookings();
$handle = fopen("php://output", "w");
$delimiter = !defined('EM_CSV_DELIMITER') ? ',' : EM_CSV_DELIMITER;
while (!empty($EM_Bookings->bookings)) {
foreach ($EM_Bookings->bookings as $EM_Booking) {
//Display all values
/* @var $EM_Booking EM_Booking */
/* @var $EM_Ticket_Booking EM_Ticket_Booking */
if ($show_tickets) {
foreach ($EM_Booking->get_tickets_bookings()->tickets_bookings as $EM_Ticket_Booking) {
$row = $EM_Bookings_Table->get_row_csv($EM_Ticket_Booking);
fputcsv($handle, $row, $delimiter);
}
} else {
$row = $EM_Bookings_Table->get_row_csv($EM_Booking);
fputcsv($handle, $row, $delimiter);
}
}
//reiterate loop
$EM_Bookings_Table->offset += $EM_Bookings_Table->limit;
$EM_Bookings = $EM_Bookings_Table->get_bookings();
}
fclose($handle);
exit;
}
}
/**
* @param int $status
* @param array|int $booking_ids
* @return bool
*/
function set_status($status, $booking_ids)
{
//FIXME there is a vulnerability where any user can approve/reject bookings if they know the ID
if (EM_Object::array_is_numeric($booking_ids)) {
//Get all the bookings
$results = array();
$mails = array();
foreach ($booking_ids as $booking_id) {
$EM_Booking = new EM_Booking($booking_id);
$results[] = $EM_Booking->set_status($status);
}
if (!in_array('false', $results)) {
$this->feedback_message = __('Bookings %s. Mails Sent.', 'dbem');
return true;
} else {
//TODO Better error handling needed if some bookings fail approval/failure
$this->feedback_message = __('An error occurred.', 'dbem');
return false;
}
} elseif (is_numeric($booking_ids) || is_object($booking_ids)) {
$EM_Booking = is_object($booking_ids) && get_class($booking_ids) == 'EM_Booking' ? $booking_ids : new EM_Booking($booking_ids);
$result = $EM_Booking->set_status($status);
$this->feedback_message = $EM_Booking->feedback_message;
return $result;
}
return false;
}
/**
* Performs actions on init. This works for both ajax and normal requests, the return results depends if an em_ajax flag is passed via POST or GET.
*/
function em_init_actions()
{
global $wpdb, $EM_Notices, $EM_Event;
//NOTE - No EM objects are globalized at this point, as we're hitting early init mode.
//TODO Clean this up.... use a uniformed way of calling EM Ajax actions
if (!empty($_REQUEST['em_ajax']) || !empty($_REQUEST['em_ajax_action'])) {
if (isset($_REQUEST['em_ajax_action']) && $_REQUEST['em_ajax_action'] == 'get_location') {
if (isset($_REQUEST['id'])) {
$EM_Location = new EM_Location($_REQUEST['id']);
$location_array = $EM_Location->to_array();
$location_array['location_balloon'] = $EM_Location->output(get_option('dbem_location_baloon_format'));
echo EM_Object::json_encode($location_array);
}
die;
}
if (isset($_REQUEST['em_ajax_action']) && $_REQUEST['em_ajax_action'] == 'delete_ticket') {
if (isset($_REQUEST['id'])) {
$EM_Ticket = new EM_Ticket($_REQUEST['id']);
$result = $EM_Ticket->delete();
if ($result) {
$result = array('result' => true);
} else {
$result = array('result' => false, 'error' => $EM_Ticket->feedback_message);
}
} else {
$result = array('result' => false, 'error' => __('No ticket id provided', 'dbem'));
}
echo EM_Object::json_encode($result);
die;
}
if (isset($_REQUEST['query']) && $_REQUEST['query'] == 'GlobalMapData') {
$EM_Locations = EM_Locations::get($_REQUEST);
$json_locations = array();
foreach ($EM_Locations as $location_key => $EM_Location) {
$json_locations[$location_key] = $EM_Location->to_array();
$json_locations[$location_key]['location_balloon'] = $EM_Location->output(get_option('dbem_map_text_format'));
}
echo EM_Object::json_encode($json_locations);
die;
}
if (isset($_REQUEST['ajaxCalendar']) && $_REQUEST['ajaxCalendar']) {
//FIXME if long events enabled originally, this won't show up on ajax call
echo EM_Calendar::output($_REQUEST);
die;
}
}
//Event Actions
if (!empty($_REQUEST['action']) && substr($_REQUEST['action'], 0, 5) == 'event') {
//Load the event object, with saved event if requested
if (!empty($_REQUEST['event_id'])) {
$EM_Event = new EM_Event($_REQUEST['event_id']);
} else {
$EM_Event = new EM_Event();
}
if ($_REQUEST['action'] == 'event_save' && current_user_can('edit_events')) {
//Check Nonces
if (is_admin()) {
if (!wp_verify_nonce($_REQUEST['_wpnonce'] && 'event_save')) {
check_admin_referer('trigger_error');
}
} else {
if (!wp_verify_nonce($_REQUEST['_wpnonce'] && 'event_save')) {
exit('Trying to perform an illegal action.');
}
}
//Grab and validate submitted data
if ($EM_Event->get_post() && $EM_Event->save()) {
//EM_Event gets the event if submitted via POST and validates it (safer than to depend on JS)
$EM_Notices->add_confirm($EM_Event->feedback_message);
if (is_admin()) {
$page = !empty($_REQUEST['pno']) ? $_REQUEST['pno'] : '';
$scope = !empty($_REQUEST['scope']) ? $_REQUEST['scope'] : '';
//wp_redirect( get_bloginfo('wpurl').'/wp-admin/admin.php?page=events-manager&pno='.$page.'&scope='.$scope.'&message='.urlencode($EM_Event->feedback_message));
} else {
$redirect = !empty($_REQUEST['redirect_to']) ? $_REQUEST['redirect_to'] : wp_get_referer();
wp_redirect($redirect);
}
$events_result = true;
} else {
$EM_Notices->add_error($EM_Event->get_errors());
$events_result = false;
}
}
if ($_REQUEST['action'] == 'event_duplicate') {
global $EZSQL_ERROR;
$EM_Event = $EM_Event->duplicate();
if ($EM_Event === false) {
$EM_Notices->add_error($EM_Event->errors, true);
} else {
if ($EM_Event->id == $_REQUEST['event_id']) {
$EM_Notices->add_confirm($EM_Event->feedback_message . " " . sprintf(__('You are now viewing the duplicated %s.', 'dbem'), __('event', 'dbem')), true);
} else {
$EM_Notices->add_confirm($EM_Event->feedback_message, true);
}
}
}
if ($_REQUEST['action'] == 'event_delete') {
//DELETE action
$selectedEvents = !empty($_REQUEST['events']) ? $_REQUEST['events'] : '';
if (EM_Object::array_is_numeric($selectedEvents)) {
$events_result = EM_Events::delete($selectedEvents);
} elseif (is_object($EM_Event)) {
$events_result = $EM_Event->delete();
}
$plural = count($selectedEvents) > 1 ? __('Events', 'dbem') : __('Event', 'dbem');
if ($events_result) {
$message = is_object($EM_Event) ? $EM_Event->feedback_message : sprintf(__('%s successfully deleted.', 'dbem'), $plural);
$EM_Notices->add_confirm($message);
} else {
$message = is_object($EM_Event) ? $EM_Event->errors : sprintf(__('%s could not be deleted.', 'dbem'), $plural);
$EM_Notices->add_confirm($message);
}
} elseif ($_REQUEST['action'] == 'event_approve') {
//Approve Action
$events_result = $EM_Event->approve();
if ($events_result) {
$EM_Notices->add_confirm($EM_Event->feedback_message);
} else {
$EM_Notices->add_error($EM_Event->errors);
}
}
//AJAX Exit
if (isset($events_result) && !empty($_REQUEST['em_ajax'])) {
if ($events_result) {
$return = array('result' => true, 'message' => $EM_Event->feedback_message);
} else {
$return = array('result' => false, 'message' => $EM_Event->feedback_message, 'errors' => $EM_Event->errors);
}
}
}
//Location Actions
if (!empty($_REQUEST['action']) && substr($_REQUEST['action'], 0, 8) == 'location') {
global $EM_Location, $EM_Notices;
//Load the location object, with saved event if requested
if (!empty($_REQUEST['location_id'])) {
$EM_Location = new EM_Location($_REQUEST['location_id']);
} else {
$EM_Location = new EM_Location();
}
if ($_REQUEST['action'] == 'location_save' && current_user_can('edit_locations')) {
//Check Nonces
em_verify_nonce('location_save');
//Grab and validate submitted data
if ($EM_Location->get_post() && $EM_Location->save()) {
//EM_location gets the location if submitted via POST and validates it (safer than to depend on JS)
$EM_Notices->add_confirm($EM_Location->feedback_message);
$result = true;
} else {
$EM_Notices->add_error($EM_Location->get_errors());
$result = false;
}
} elseif (!empty($_REQUEST['action']) && $_REQUEST['action'] == "location_delete") {
//delete location
//get object or objects
if (!empty($_REQUEST['locations']) || !empty($_REQUEST['location_id'])) {
$args = !empty($_REQUEST['locations']) ? $_REQUEST['locations'] : $_REQUEST['location_id'];
$locations = EM_Locations::get($args);
foreach ($locations as $location) {
if (!$location->delete()) {
$EM_Notices->add_error($location->get_errors());
$errors = true;
}
}
if (empty($errors)) {
$result = true;
$location_term = count($locations) > 1 ? __('Locations', 'dbem') : __('Location', 'dbem');
$EM_Notices->add_confirm(sprintf(__('%s successfully deleted', 'dbem'), $location_term));
} else {
$result = false;
}
}
}
if (isset($result) && $result && !empty($_REQUEST['em_ajax'])) {
$return = array('result' => true, 'message' => $EM_Location->feedback_message);
echo EM_Object::json_encode($return);
die;
} elseif (isset($result) && !$result && !empty($_REQUEST['em_ajax'])) {
$return = array('result' => false, 'message' => $EM_Location->feedback_message, 'errors' => $EM_Notices->get_errors());
echo EM_Object::json_encode($return);
die;
}
}
//Category Actions
if (!empty($_REQUEST['action']) && substr($_REQUEST['action'], 0, 8) == 'category') {
global $EM_Category, $EM_Notices;
//Load the category object, with saved event if requested
if (!empty($_REQUEST['category_id'])) {
$EM_Category = new EM_Category($_REQUEST['category_id']);
} else {
$EM_Category = new EM_Category();
}
if ($_REQUEST['action'] == 'category_save' && current_user_can('edit_categories')) {
//Check Nonces
em_verify_nonce('category_save');
//Grab and validate submitted data
if ($EM_Category->get_post() && $EM_Category->save()) {
//EM_Category gets the category if submitted via POST and validates it (safer than to depend on JS)
$EM_Notices->add_confirm($EM_Category->feedback_message);
$result = true;
} else {
$EM_Notices->add_error($EM_Category->get_errors());
$result = false;
}
} elseif (!empty($_REQUEST['action']) && $_REQUEST['action'] == "category_delete") {
//delete category
//get object or objects
if (!empty($_REQUEST['categories']) || !empty($_REQUEST['category_id'])) {
$args = !empty($_REQUEST['categories']) ? $_REQUEST['categories'] : $_REQUEST['category_id'];
$categories = EM_Categories::get($args);
foreach ($categories as $category) {
if (!$category->delete()) {
$EM_Notices->add_error($category->get_errors());
$errors = true;
}
}
if (empty($errors)) {
$result = true;
$category_term = count($categories) > 1 ? __('EM_Categories', 'dbem') : __('Category', 'dbem');
$EM_Notices->add_confirm(sprintf(__('%s successfully deleted', 'dbem'), $category_term));
} else {
$result = false;
}
}
}
if (isset($result) && $result && !empty($_REQUEST['em_ajax'])) {
$return = array('result' => true, 'message' => $EM_Category->feedback_message);
echo EM_Object::json_encode($return);
die;
} elseif (isset($result) && !$result && !empty($_REQUEST['em_ajax'])) {
$return = array('result' => false, 'message' => $EM_Category->feedback_message, 'errors' => $EM_Notices->get_errors());
echo EM_Object::json_encode($return);
die;
}
}
//Booking Actions
if (!empty($_REQUEST['action']) && substr($_REQUEST['action'], 0, 7) == 'booking' && (is_user_logged_in() || $_REQUEST['action'] == 'booking_add' && get_option('dbem_bookings_anonymous'))) {
global $EM_Event, $EM_Booking, $EM_Person;
//Load the event object, with saved event if requested
$EM_Event = !empty($_REQUEST['event_id']) ? new EM_Event($_REQUEST['event_id']) : new EM_Event();
//Load the booking object, with saved booking if requested
$EM_Booking = !empty($_REQUEST['booking_id']) ? new EM_Booking($_REQUEST['booking_id']) : new EM_Booking();
$allowed_actions = array('bookings_approve' => 'approve', 'bookings_reject' => 'reject', 'bookings_unapprove' => 'unapprove', 'bookings_delete' => 'delete');
$result = false;
if ($_REQUEST['action'] == 'booking_add') {
//ADD/EDIT Booking
em_verify_nonce('booking_add');
do_action('em_booking_add', $EM_Event, $EM_Booking);
if ($EM_Booking->get_post()) {
//Does this user need to be registered first?
$registration = true;
//TODO do some ticket validation before registering the user
if ($_REQUEST['register_user'] && get_option('dbem_bookings_anonymous')) {
//find random username - less options for user, less things go wrong
$username_root = explode('@', $_REQUEST['user_email']);
$username_rand = $username_root[0] . rand(1, 1000);
while (username_exists($username_root[0] . rand(1, 1000))) {
$username_rand = $username_root[0] . rand(1, 1000);
}
$id = em_register_new_user($username_rand, $_REQUEST['user_email'], $_REQUEST['user_name'], $_REQUEST['user_phone']);
if (is_numeric($id)) {
$EM_Person = new EM_Person($id);
$EM_Booking->person_id = $id;
$EM_Notices->add_confirm(__('A new user account has been created for you. Please check your email for access details.', 'dbem'));
} else {
$registration = false;
if (is_object($id) && get_class($id) == 'WP_Error') {
/* @var $id WP_Error */
if ($id->get_error_code() == 'email_exists') {
$EM_Notices->add_error(__('This email already exists in our system, please log in to register to proceed with your booking.', 'dbem'));
} else {
$EM_Notices->add_error($id->get_error_messages());
}
} else {
$EM_Notices->add_error(__('There was a problem creating a user account, please contact a website administrator.', 'dbem'));
}
}
}
if ($EM_Event->get_bookings()->add($EM_Booking) && $registration) {
$result = true;
$EM_Notices->add_confirm($EM_Event->get_bookings()->feedback_message);
} else {
ob_start();
echo "<pre>";
print_r($id);
echo "</pre>";
$EM_Booking->feedback_message = ob_get_clean();
$EM_Notices->add_error($EM_Event->get_bookings()->get_errors());
}
} else {
$result = false;
$EM_Notices->add_error($EM_Booking->get_errors());
}
} elseif ($_REQUEST['action'] == 'booking_add_one' && is_object($EM_Event) && is_user_logged_in()) {
//ADD/EDIT Booking
em_verify_nonce('booking_add_one');
$EM_Booking = new EM_Booking(array('person_id' => get_current_user_id(), 'event_id' => $EM_Event->id));
//new booking
//get first ticket in this event and book one place there.
$EM_Ticket = $EM_Event->get_bookings()->get_tickets()->get_first();
$EM_Ticket_Booking = new EM_Ticket_Booking(array('ticket_id' => $EM_Ticket->id, 'ticket_booking_spaces' => 1));
$EM_Booking->get_tickets_bookings();
$EM_Booking->tickets_bookings->tickets_bookings[] = $EM_Ticket_Booking;
//Now save booking
if ($EM_Event->get_bookings()->add($EM_Booking)) {
$EM_Booking = $booking;
$result = true;
$EM_Notices->add_confirm($EM_Event->get_bookings()->feedback_message);
} else {
$EM_Notices->add_error($EM_Event->get_bookings()->get_errors());
}
} elseif ($_REQUEST['action'] == 'booking_cancel') {
//Cancel Booking
em_verify_nonce('booking_cancel');
if ($EM_Booking->can_manage() || $EM_Booking->person->ID == get_current_user_id()) {
if ($EM_Booking->cancel()) {
$result = true;
if (!defined('DOING_AJAX')) {
if ($EM_Booking->person->ID == get_current_user_id()) {
$EM_Notices->add_confirm(sprintf(__('Booking %s', 'dbem'), __('Cancelled', 'dbem')), true);
} else {
$EM_Notices->add_confirm($EM_Booking->feedback_message, true);
}
wp_redirect($_SERVER['HTTP_REFERER']);
exit;
}
} else {
$EM_Notices->add_error($EM_Booking->get_errors());
}
} else {
$EM_Notices->add_error(__('You must log in to cancel your booking.', 'dbem'));
}
} elseif (array_key_exists($_REQUEST['action'], $allowed_actions) && $EM_Event->can_manage('manage_bookings', 'manage_others_bookings')) {
//Event Admin only actions
$action = $allowed_actions[$_REQUEST['action']];
//Just do it here, since we may be deleting bookings of different events.
if (!empty($_REQUEST['bookings']) && EM_Object::array_is_numeric($_REQUEST['bookings'])) {
$results = array();
foreach ($_REQUEST['bookings'] as $booking_id) {
$EM_Booking = new EM_Booking($booking_id);
$result = $EM_Booking->{$action}();
$results[] = $result;
if (!in_array(false, $results) && !$result) {
$feedback = $EM_Booking->feedback_message;
}
}
$result = !in_array(false, $results);
} elseif (is_object($EM_Booking)) {
$result = $EM_Booking->{$action}();
$feedback = $EM_Booking->feedback_message;
}
//FIXME not adhereing to object's feedback or error message, like other bits in this file.
//TODO multiple deletion won't work in ajax
if (isset($result) && !empty($_REQUEST['em_ajax'])) {
if ($result) {
echo $feedback;
} else {
echo '<span style="color:red">' . $feedback . '</span>';
}
die;
}
}
if ($result && defined('DOING_AJAX')) {
$return = array('result' => true, 'message' => $EM_Booking->feedback_message);
echo EM_Object::json_encode($return);
die;
} elseif (!$result && defined('DOING_AJAX')) {
$return = array('result' => false, 'message' => $EM_Booking->feedback_message, 'errors' => $EM_Notices->get_errors());
echo EM_Object::json_encode($return);
die;
}
} elseif (!empty($_REQUEST['action']) && $_REQUEST['action'] == 'booking_add' && !is_user_logged_in() && !get_option('dbem_bookings_anonymous')) {
$EM_Notices->add_error(__('You must log in before you make a booking.', 'dbem'));
if (!$result && defined('DOING_AJAX')) {
$return = array('result' => false, 'message' => $EM_Booking->feedback_message, 'errors' => $EM_Notices->get_errors());
echo EM_Object::json_encode($return);
}
die;
}
//AJAX call for searches
if (!empty($_REQUEST['action']) && substr($_REQUEST['action'], 0, 6) == 'search') {
if ($_REQUEST['action'] == 'search_states' && wp_verify_nonce($_REQUEST['_wpnonce'], 'search_states')) {
if (!empty($_REQUEST['country'])) {
$results = $wpdb->get_results($wpdb->prepare("SELECT DISTINCT location_state AS value, location_country AS country, CONCAT(location_state, ', ', location_country) AS label FROM " . EM_LOCATIONS_TABLE . " WHERE location_state IS NOT NULL AND location_state != '' AND location_country=%s", $_REQUEST['country']));
} elseif (!empty($_REQUEST['region'])) {
$results = $wpdb->get_results($wpdb->prepare("SELECT DISTINCT location_state AS value, location_country AS country, CONCAT(location_state, ', ', location_country) AS label FROM " . EM_LOCATIONS_TABLE . " WHERE location_state IS NOT NULL AND location_state != '' AND location_region=%s", $_REQUEST['region']));
} else {
$results = $wpdb->get_results($wpdb->prepare("SELECT DISTINCT location_state AS value, location_country AS country, CONCAT(location_state, ', ', location_country) AS label FROM " . EM_LOCATIONS_TABLE, $_REQUEST['country'] . "WHERE location_state IS NOT NULL AND location_state != ''"));
}
if ($_REQUEST['return_html']) {
//quick shortcut for quick html form manipulation
ob_start();
?>
<option value=''><?php
_e('All States', 'dbem');
?>
</option>
<?php
foreach ($results as $result) {
echo "<option>{$result->value}</option>";
}
$return = ob_get_clean();
echo apply_filters('em_ajax_search_states', $return);
exit;
} else {
echo EM_Object::json_encode($results);
exit;
}
}
if ($_REQUEST['action'] == 'search_regions' && wp_verify_nonce($_REQUEST['_wpnonce'], 'search_regions')) {
if (!empty($_REQUEST['country'])) {
$results = $wpdb->get_results($wpdb->prepare("SELECT DISTINCT location_region AS value, location_country AS country, CONCAT(location_region, ', ', location_country) AS label FROM " . EM_LOCATIONS_TABLE . " WHERE location_region IS NOT NULL AND location_region != '' AND location_country=%s", $_REQUEST['country']));
} else {
$results = $wpdb->get_results($wpdb->prepare("SELECT DISTINCT location_region AS value, location_country AS country, CONCAT(location_region, ', ', location_country) AS label FROM " . EM_LOCATIONS_TABLE . " WHERE location_region IS NOT NULL AND location_region != ''", $_REQUEST['country']));
}
if ($_REQUEST['return_html']) {
//quick shortcut for quick html form manipulation
ob_start();
?>
<option value=''><?php
_e('All Regions', 'dbem');
?>
</option>
<?php
foreach ($results as $result) {
echo "<option>{$result->value}</option>";
}
$return = ob_get_clean();
echo apply_filters('em_ajax_search_regions', $return);
exit;
} else {
echo EM_Object::json_encode($results);
exit;
}
} elseif ($_REQUEST['action'] == 'search_events' && wp_verify_nonce($_POST['_wpnonce'], 'search_events') && get_option('dbem_events_page_search')) {
$args = EM_Events::get_post_search();
ob_start();
em_locate_template('templates/events-list.php', true, array('args' => $args));
//if successful, this template overrides the settings and defaults, including search
echo apply_filters('em_ajax_search_events', ob_get_clean(), $args);
exit;
}
}
//EM Ajax requests require this flag.
if (is_admin() && is_user_logged_in()) {
//Admin operations
//Specific Oject Ajax
if (!empty($_REQUEST['em_obj'])) {
switch ($_REQUEST['em_obj']) {
case 'em_bookings_events_table':
case 'em_bookings_pending_table':
case 'em_bookings_confirmed_table':
call_user_func($_REQUEST['em_obj']);
break;
}
die;
}
}
}
function em_ajax_actions()
{
//TODO Clean this up.... use a uniformed way of calling EM Ajax actions
if (!empty($_REQUEST['em_ajax']) || !empty($_REQUEST['em_ajax_action'])) {
if (isset($_REQUEST['dbem_ajax_action']) && $_REQUEST['dbem_ajax_action'] == 'booking_data') {
if (isset($_REQUEST['id'])) {
$EM_Event = new EM_Event($_REQUEST['id']);
echo "[{bookedSeats:" . $EM_Event->get_bookings()->get_booked_seats() . ", availableSeats:" . $EM_Event->get_bookings()->get_available_seats() . "}]";
}
die;
}
if (isset($_REQUEST['em_ajax_action']) && $_REQUEST['em_ajax_action'] == 'get_location') {
if (isset($_REQUEST['id'])) {
$EM_Location = new EM_Location($_REQUEST['id']);
$location_array = $EM_Location->to_array();
$location_array['location_balloon'] = $EM_Location->output(get_option('dbem_location_baloon_format'));
echo EM_Object::json_encode($location_array);
}
die;
}
if (isset($_REQUEST['query']) && $_REQUEST['query'] == 'GlobalMapData') {
$locations = EM_Locations::get($_REQUEST);
$json_locations = array();
foreach ($locations as $location_key => $location) {
$json_locations[$location_key] = $location->to_array();
$json_locations[$location_key]['location_balloon'] = $location->output(get_option('dbem_map_text_format'));
}
echo EM_Object::json_encode($json_locations);
die;
}
if (isset($_REQUEST['ajaxCalendar']) && $_REQUEST['ajaxCalendar']) {
//FIXME if long events enabled originally, this won't show up on ajax call
echo EM_Calendar::output($_REQUEST);
die;
}
//EM Ajax requests require this flag.
if (is_admin()) {
//Admin operations
//Booking Actions
global $EM_Booking;
if (!empty($_REQUEST['bookings']) || is_object($EM_Booking)) {
if (is_object($EM_Booking)) {
$_REQUEST['bookings'] = $EM_Booking;
//small hack to prevent unecessary db reads
}
$EM_Bookings = new EM_Bookings();
//Empty, not bound to event.
if ($_REQUEST['action'] == 'bookings_approve') {
$EM_Bookings->approve($_REQUEST['bookings']);
echo $EM_Bookings->feedback_message;
die;
} elseif ($_REQUEST['action'] == 'bookings_reject') {
$EM_Bookings->reject($_REQUEST['bookings']);
echo $EM_Bookings->feedback_message;
die;
} elseif ($_REQUEST['action'] == 'bookings_unapprove') {
$EM_Bookings->unapprove($_REQUEST['bookings']);
echo $EM_Bookings->feedback_message;
die;
} elseif ($_REQUEST['action'] == 'bookings_delete') {
//Just do it here, since we may be deleting bookings of different events.
$result = false;
if (EM_Object::array_is_numeric($_REQUEST['bookings'])) {
$results = array();
foreach ($_REQUEST['bookings'] as $booking_id) {
$EM_Booking = new EM_Booking($booking_id);
$results[] = $EM_Booking->delete();
}
$result = !in_array(false, $results);
} elseif (is_numeric($_REQUEST['bookings'])) {
$EM_Booking = new EM_Booking($_REQUEST['bookings']);
$result = $EM_Booking->delete();
} elseif (is_object($EM_Booking)) {
$result = $EM_Booking->delete();
}
if ($result) {
echo __('Booking Deleted', 'dbem');
} else {
echo '<span style="color:red">' . __('Booking deletion unsuccessful', 'dbem') . '</span>';
}
die;
}
}
//Specific Oject Ajax
if (!empty($_REQUEST['em_obj'])) {
switch ($_REQUEST['em_obj']) {
case 'em_bookings_events_table':
case 'em_bookings_pending_table':
case 'em_bookings_confirmed_table':
call_user_func($_REQUEST['em_obj']);
break;
}
die;
}
}
}
}
function can_manage($event_ids)
{
global $wpdb;
if (em_verify_admin()) {
return apply_filters('em_events_can_manage', true, $event_ids);
}
if (EM_Object::array_is_numeric($event_ids)) {
$condition = implode(" OR event_id=", $event_ids);
//Delete all the bookings
$results = $wpdb->query("SELECT event_author FROM " . $wpdb->prefix . EM_BOOKINGS_TABLE . " WHERE author_id != '" . get_current_user_id() . "' event_id={$condition};");
return apply_filters('em_events_can_manage', count($results) > 0, $event_ids);
}
return apply_filters('em_events_can_manage', false, $event_ids);
}
/**
* Determines whether to show event page or events page, and saves any updates to the event or events
* @return null
*/
function em_admin_events_page()
{
//TODO Simplify panel for events, use form flags to detect certain actions (e.g. submitted, etc)
global $wpdb;
global $EM_Event;
$action = !empty($_GET['action']) ? $_GET['action'] : '';
$order = !empty($_GET['order']) ? $_GET['order'] : 'ASC';
$limit = !empty($_GET['limit']) ? $_GET['limit'] : 20;
//Default limit
$page = !empty($_GET['pno']) ? $_GET['pno'] : 1;
$offset = $page > 1 ? ($page - 1) * $limit : 0;
$scope_names = array('past' => __('Past events', 'dbem'), 'all' => __('All events', 'dbem'), 'future' => __('Future events', 'dbem'));
$scope = !empty($_GET['scope']) && array_key_exists($_GET['scope'], $scope_names) ? $_GET['scope'] : 'future';
$selectedEvents = !empty($_GET['events']) ? $_GET['events'] : '';
// DELETE action
if ($action == 'deleteEvents' && EM_Object::array_is_numeric($selectedEvents)) {
EM_Events::delete($selectedEvents);
}
// No action, only showing the events list
switch ($scope) {
case "past":
$title = __('Past Events', 'dbem');
break;
case "all":
$title = __('All Events', 'dbem');
break;
default:
$title = __('Future Events', 'dbem');
$scope = "future";
}
$args = array('scope' => $scope, 'limit' => 0, 'order' => $order);
if (!get_option('dbem_permissions_events') && !em_verify_admin()) {
$args['owner'] = get_current_user_id();
}
$events = EM_Events::get($args);
$events_count = count($events);
$use_events_end = get_option('dbem_use_event_end');
?>
<div class="wrap">
<div id="icon-events" class="icon32"><br />
</div>
<h2>
<?php
echo $title;
?>
<a href="admin.php?page=events-manager-event" class="button add-new-h2"><?php
_e('Add New', 'dbem');
?>
</a>
</h2>
<?php
$link = array();
$link['past'] = "<a href='" . get_bloginfo('wpurl') . "/wp-admin/admin.php?page=events-manager&scope=past&order=desc'>" . __('Past events', 'dbem') . "</a>";
$link['all'] = " <a href='" . get_bloginfo('wpurl') . "/wp-admin/admin.php?page=events-manager&scope=all&order=desc'>" . __('All events', 'dbem') . "</a>";
$link['future'] = " <a href='" . get_bloginfo('wpurl') . "/wp-admin/admin.php?page=events-manager&scope=future'>" . __('Future events', 'dbem') . "</a>";
?>
<?php
if (!empty($_GET['error'])) {
?>
<div id='message' class='error'>
<p><?php
echo $_GET['error'];
?>
</p>
</div>
<?php
}
?>
<?php
if (!empty($_GET['message'])) {
?>
<div id='message' class='updated fade'>
<p><?php
echo $_GET['message'];
?>
</p>
</div>
<?php
}
?>
<form id="posts-filter" action="" method="get"><input type='hidden' name='page' value='events-manager' />
<ul class="subsubsub">
<li><a href='#' class="current"><?php
_e('Total', 'dbem');
?>
<span class="count">(<?php
echo count($events);
?>
)</span></a></li>
</ul>
<p class="search-box">
<label class="screen-reader-text" for="post-search-input"><?php
_e('Search Events', 'dbem');
?>
:</label>
<input type="text" id="post-search-input" name="em_search" value="<?php
echo !empty($_GET['em_search']) ? $_GET['em_search'] : '';
?>
" />
<input type="submit" value="<?php
_e('Search Events', 'dbem');
?>
" class="button" />
</p>
<div class="tablenav">
<div class="alignleft actions">
<select name="action">
<option value="-1" selected="selected"><?php
_e('Bulk Actions');
?>
</option>
<option value="deleteEvents"><?php
_e('Delete selected', 'dbem');
?>
</option>
</select>
<input type="submit" value="<?php
_e('Apply');
?>
" name="doaction2" id="doaction2" class="button-secondary action" />
<select name="scope">
<?php
foreach ($scope_names as $key => $value) {
$selected = "";
if ($key == $scope) {
$selected = "selected='selected'";
}
echo "<option value='{$key}' {$selected}>{$value}</option> ";
}
?>
</select>
<input id="post-query-submit" class="button-secondary" type="submit" value="<?php
_e('Filter');
?>
" />
</div>
<!--
<div class="view-switch">
<a href="/wp-admin/edit.php?mode=list"><img class="current" id="view-switch-list" src="http://wordpress.lan/wp-includes/images/blank.gif" width="20" height="20" title="List View" alt="List View" name="view-switch-list" /></a> <a href="/wp-admin/edit.php?mode=excerpt"><img id="view-switch-excerpt" src="http://wordpress.lan/wp-includes/images/blank.gif" width="20" height="20" title="Excerpt View" alt="Excerpt View" name="view-switch-excerpt" /></a>
</div>
-->
<?php
if ($events_count >= $limit) {
$page_link_template = em_add_get_params($_SERVER['REQUEST_URI'], array('pno' => '%PAGE%'));
$events_nav = em_admin_paginate($page_link_template, $events_count, $limit, $page, 5);
echo $events_nav;
}
?>
<br class="clear" />
</div>
<?php
if (empty($events)) {
// TODO localize
_e('no events', 'dbem');
} else {
?>
<table class="widefat">
<thead>
<tr>
<th class='manage-column column-cb check-column' scope='col'>
<input class='select-all' type="checkbox" value='1' />
</th>
<th><?php
_e('Name', 'dbem');
?>
</th>
<th> </th>
<th><?php
_e('Location', 'dbem');
?>
</th>
<th colspan="2"><?php
_e('Date and time', 'dbem');
?>
</th>
</tr>
</thead>
<tbody>
<?php
$rowno = 0;
$event_count = 0;
foreach ($events as $event) {
/* @var $event EM_Event */
if (($rowno < $limit || empty($limit)) && ($event_count >= $offset || $offset === 0)) {
$rowno++;
$class = $rowno % 2 ? ' class="alternate"' : '';
// FIXME set to american
$localised_start_date = date_i18n('D d M Y', $event->start);
$localised_end_date = date_i18n('D d M Y', $event->end);
$style = "";
$today = date("Y-m-d");
$location_summary = "<b>" . $event->location->name . "</b><br/>" . $event->location->address . " - " . $event->location->town;
$category = new EM_Category($event->category_id);
if ($event->start_date < $today && $event->end_date < $today) {
$style = "style ='background-color: #FADDB7;'";
}
?>
<tr <?php
echo "{$class} {$style}";
?>
>
<td>
<input type='checkbox' class='row-selector' value='<?php
echo $event->id;
?>
' name='events[]' />
</td>
<td>
<strong>
<a class="row-title" href="<?php
bloginfo('wpurl');
?>
/wp-admin/admin.php?page=events-manager-event&event_id=<?php
echo $event->id;
?>
&scope=<?php
echo $scope;
?>
&p=<?php
echo $page;
?>
"><?php
echo $event->name;
?>
</a>
</strong>
<?php
if (is_object($category)) {
?>
<br/><span title='<?php
echo __('Category', 'dbem') . ": " . $category->name;
?>
'><?php
echo $category->name;
?>
</span>
<?php
}
?>
<?php
if (get_option('dbem_rsvp_enabled') == 1 && $event->rsvp == 1) {
?>
<br/>
<a href="<?php
bloginfo('wpurl');
?>
/wp-admin/admin.php?page=events-manager-bookings&event_id=<?php
echo $event->id;
?>
"><?php
echo __("Bookings", 'dbem');
?>
</a> –
<?php
_e("Booked", 'dbem');
?>
: <?php
echo $event->get_bookings()->get_booked_seats() . "/" . $event->seats;
?>
<?php
if (get_option('dbem_bookings_approval') == 1) {
?>
| <?php
_e("Pending", 'dbem');
?>
: <?php
echo $event->get_bookings()->get_pending_seats();
?>
<?php
}
}
?>
</td>
<td>
<a href="<?php
bloginfo('wpurl');
?>
/wp-admin/admin.php?page=events-manager-event&action=duplicate&event_id=<?php
echo $event->id;
?>
&scope=<?php
echo $scope;
?>
&p=<?php
echo $page;
?>
" title="<?php
_e('Duplicate this event', 'dbem');
?>
">
<strong>+</strong>
</a>
</td>
<td>
<?php
echo $location_summary;
?>
</td>
<td>
<?php
echo $localised_start_date;
?>
<?php
echo $localised_end_date != $localised_start_date ? " - {$localised_end_date}" : '';
?>
<br />
<?php
//TODO Should 00:00 - 00:00 be treated as an all day event?
echo substr($event->start_time, 0, 5) . " - " . substr($event->end_time, 0, 5);
?>
</td>
<td>
<?php
if ($event->is_recurrence()) {
?>
<strong>
<?php
echo $event->get_recurrence_description();
?>
<br />
<a href="<?php
bloginfo('wpurl');
?>
/wp-admin/admin.php?page=events-manager-event&event_id=<?php
echo $event->recurrence_id;
?>
&scope=<?php
echo $scope;
?>
&p=<?php
echo $page;
?>
"><?php
_e('Reschedule', 'dbem');
?>
</a>
</strong>
<?php
}
?>
</td>
</tr>
<?php
}
$event_count++;
}
?>
</tbody>
</table>
<?php
}
// end of table
?>
<div class='tablenav'>
<div class="alignleft actions">
<br class='clear' />
</div>
<?php
if ($events_count >= $limit) {
?>
<div class="tablenav-pages">
<?php
echo $events_nav;
?>
</div>
<?php
}
?>
<br class='clear' />
</div>
</form>
</div>
<?php
}
