function showEventBrief($idEvent, $showRelationship = true)
{
if (!isUserLoggedIn()) {
throw new RuntimeException("You need to be logged in.");
}
if (!canSeeEvent($_SESSION["userid"], $idEvent)) {
throw new RuntimeException("You do not have access to this event.");
}
$event = getEvent($idEvent);
$canEdit = isUserLoggedIn() && $event["owner"] === getUserID();
echo '<div class="event_brief" id="event' . $idEvent . '">';
echo '<div class="name"><a href="view_event.php?id=' . $idEvent . '">';
echo '<h2>' . htmlspecialchars($event["name"]) . '</h2>';
echo '</a></div>';
if ($showRelationship) {
if ($canEdit) {
echo '<div class="owner"></div>';
} else {
if (isUserRegisteredInEvent(getUserID(), $idEvent)) {
echo '<div class="registered"></div>';
} else {
echo '<div class="not_registered"></div>';
}
}
}
echo '<img src="database/event_image.php?id=' . $idEvent . '" alt="' . htmlspecialchars($event["name"]) . '" width="64" height="64" />';
echo '<div class="description">';
echo '<p class="description">' . htmlspecialchars($event["description"]) . '</p>';
echo '</div>';
echo '<datetime>' . htmlspecialchars($event["date"]) . '</datetime>';
echo '</div>';
}
require_once INCLUDES_PATH . "/events.php";
require_once DATABASE_PATH . "/events.php";
try {
if (!isset($_POST["id"])) {
http_response_code(400);
echo 'Missing event ID.';
} else {
if (!isUserLoggedIn()) {
http_response_code(403);
echo 'You need to login to unregister this event.';
} else {
if (!validateCSRFToken($_POST["csrf_token"])) {
http_response_code(403);
echo 'Invalid CSRF token.';
} else {
$event_id = $_POST["id"];
if (!canSeeEvent(getUserID(), $event_id)) {
http_response_code(403);
echo 'You do not have access to edit this event.';
} else {
unregisterFromEvent(getUserID(), $idEvent);
}
}
}
}
} catch (InvalidArgumentException $e) {
http_response_code(400);
echo $e->getMessage();
} catch (Exception $e) {
http_response_code(500);
}
<?php
define("NO_SESSION_REGENERATION", true);
require_once __DIR__ . "/../config.php";
require_once DATABASE_PATH . "/connection.php";
require_once DATABASE_PATH . "/events.php";
require_once INCLUDES_PATH . "/events.php";
require_once INCLUDES_PATH . "/authentication.php";
if (!isset($_GET["id"])) {
echo "Missing event ID.";
http_response_code(400);
} else {
if (!isUserLoggedIn()) {
echo "You are not logged in.";
http_response_code(401);
} else {
if (!canSeeEvent(getUserID(), $_GET["id"])) {
echo "You do not have access to this event.";
http_response_code(403);
} else {
$event = getEvent($_GET["id"]);
if ($event && !@is_null($event["imagePath"])) {
header('Location: ../' . $event['imagePath']);
die;
} else {
header('Location: ../images/event_default.png');
die;
}
}
}
}
if (!isset($_GET["action"])) {
http_response_code(400);
echo 'Missing action value.';
} else {
if (!isUserLoggedIn()) {
http_response_code(403);
echo 'You need to login to edit this event.';
} else {
if (!validateCSRFToken(rawurldecode($_GET["csrf_token"]))) {
http_response_code(403);
echo 'Invalid CSRF token.';
} else {
$event_id = $_GET["idEvent"];
$user_id = getUserID();
$register = $_GET["action"];
if (!canSeeEvent($user_id, $event_id)) {
http_response_code(403);
echo 'You do not have access to this event.';
} else {
if ($register) {
registerInEvent($user_id, $event_id);
} else {
unregisterFromEvent($user_id, $event_id);
}
header("Location: view_event.php?id=" . $event_id);
}
}
}
}
}
} catch (InvalidArgumentException $e) {
require_once INCLUDES_PATH . "/utils.php";
require_once DATABASE_PATH . "/comment.php";
require INCLUDES_PATH . "/write_comment_action.php";
require INCLUDES_PATH . "/write_reply_action.php";
require INCLUDES_PATH . "/invite_user_action.php";
require INCLUDES_PATH . "/edit_event_image_action.php";
try {
if (!isset($_GET["id"])) {
http_response_code(400);
showError('Missing event ID.');
} else {
if (!isUserLoggedIn()) {
http_response_code(403);
showError('You need to login to view this event.');
} else {
if (!canSeeEvent($_SESSION["userid"], $_GET["id"])) {
http_response_code(403);
showError('You do not have access to this event.');
} else {
$idEvent = $_GET["id"];
$event = getEvent($idEvent);
$canEdit = isUserLoggedIn() && $event["owner"] === getUserID();
echo '<div class="event" id="event' . $idEvent . '">';
if ($canEdit) {
echo '<a href="delete_event.php?id=' . $idEvent . '&csrf_token=' . rawurlencode($_SESSION['csrf_token']) . '" class="delete" id="delete_event" onclick="return confirm(\'Are you sure you want to delete this event?\');"><div alt="Delete Event"></div></a>';
$public = $event["public"];
if ($public) {
echo '<a href="change_event_privacy.php?id=' . $idEvent . '&action=0&csrf_token=' . rawurlencode($_SESSION['csrf_token']) . '" class="change_privacy public" id="change_privacy"><div alt="Change Event Privacy"></div><p class="description">Make me private</p></a>';
} else {
echo '<a href="change_event_privacy.php?id=' . $idEvent . '&action=1&csrf_token=' . rawurlencode($_SESSION['csrf_token']) . '" class="change_privacy private" id="change_privacy"><div alt="Change Event Privacy"></div><p class="description">Make me public</p></a>';
}