function get_announcements_block()
{
$buffer = '';
if (is_user_granted_permission(PERM_ADMIN_ANNOUNCEMENTS)) {
// include a login warning if user password and email are still the defaults
if (get_opendb_session_var('user_id') == 'admin') {
$announcements_rs = get_admin_announcements_rs();
while (list(, $announcement_r) = each($announcements_rs)) {
$buffer .= "<li><h4>" . $announcement_r['heading'] . "</h4>\n\t\t\t\t\t<p class=\"content\">" . $announcement_r['message'] . "<a class=\"adminLink\" href=\"" . $announcement_r['link'] . "\">" . $announcement_r['link_text'] . "</a></p>";
}
}
}
if (get_opendb_config_var('welcome.announcements', 'enable') !== FALSE && is_user_granted_permission(PERM_VIEW_ANNOUNCEMENTS)) {
$results = fetch_announcement_rs('submit_on', 'DESC', 0, get_opendb_config_var('welcome.announcements', 'display_count'), 'Y', 'Y');
if ($results) {
while ($announcement_r = db_fetch_assoc($results)) {
$buffer .= "<li><h4>" . $announcement_r['title'] . "</h4>";
$buffer .= "<small class=\"submitDate\">" . get_localised_timestamp(get_opendb_config_var('welcome.announcements', 'datetime_mask'), $announcement_r['submit_on']) . "</small>";
$buffer .= "<p class=\"content\">" . nl2br($announcement_r['content']) . "</p></li>";
}
db_free_result($results);
}
}
if (strlen($buffer) > 0) {
return "\n<div id=\"announcements\">" . "<h3>" . get_opendb_lang_var('announcements') . "</h3>" . "\n<ul>" . $buffer . "\n</ul></div>";
} else {
return NULL;
}
}
function export_type_items(&$exportPlugin, $page_title, $s_item_type, $item_id, $instance_no, $owner_id, $restrict_status_type_r = NULL)
{
// the $restrict_status_type_r is ignored for a single item
if (is_numeric($item_id) && is_numeric($instance_no)) {
send_header($exportPlugin, $page_title);
$item_r = fetch_item_instance_r($item_id, $instance_no);
if ($item_r['owner_id'] == get_opendb_session_var('user_id') || is_user_granted_permission(PERM_VIEW_ITEM_DISPLAY)) {
send_data(get_export_type_item($exportPlugin, $item_id, $instance_no, $item_r['s_item_type'], $item_r['title'], $owner_id));
}
send_footer($exportPlugin);
return TRUE;
} else {
$itemresults = fetch_export_item_rs($s_item_type, $owner_id, $restrict_status_type_r);
if ($itemresults) {
send_header($exportPlugin, $page_title);
while ($item_r = db_fetch_assoc($itemresults)) {
send_data(get_export_type_item($exportPlugin, $item_r['item_id'], NULL, $item_r['s_item_type'], $item_r['title'], $owner_id, $include_parent_related_item));
}
db_free_result($itemresults);
send_footer($exportPlugin);
return TRUE;
}
}
//else
return FALSE;
}
function isAvailable($userid)
{
if (($this->getConfigId() == NULL || get_opendb_config_var($this->getConfigId(), 'enable') === TRUE) && ($this->getPermId() == NULL || is_user_granted_permission($this->getPermId(), $userid))) {
return TRUE;
} else {
return FALSE;
}
}
function theme_header($pageid, $title, $include_menu, $mode, $user_id)
{
global $PHP_SELF;
global $HTTP_VARS;
global $ADMIN_TYPE;
if ($pageid == 'install') {
$pageTitle = get_opendb_title_and_version() . " Installation";
} else {
$pageTitle = get_opendb_title();
}
echo "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\">" . "\n<html>" . "\n<head>" . "\n<title>" . $pageTitle . (!empty($title) ? " - {$title}" : "") . "</title>" . "\n<meta http-equiv=\"Content-Type\" content=\"" . get_content_type_charset() . "\">" . "\n<link rel=\"icon\" href=\"" . theme_image_src("icon-16x16.png") . "\" type=\"image/png\" />" . "\n<link rel=\"search\" type=\"application/opensearchdescription+xml\" title=\"" . get_opendb_title() . " Title Search\" href=\"./searchplugins.php?type=title\">" . "\n<link rel=\"search\" type=\"application/opensearchdescription+xml\" title=\"" . get_opendb_title() . " UPC Search\" href=\"./searchplugins.php?type=upc\">" . get_theme_css($pageid, $mode) . get_opendb_rss_feeds_links() . get_theme_javascript($pageid) . "</head>" . "\n<body>";
echo "<div id=\"header\">";
echo "<h1><a href=\"index.php\">" . $pageTitle . "</a></h1>";
if ($include_menu) {
echo "<ul class=\"headerLinks\">";
$help_page = get_opendb_help_page($pageid);
if ($help_page != NULL) {
echo "<li class=\"help\"><a href=\"help.php?page=" . $help_page . "\" target=\"_new\" title=\"" . get_opendb_lang_var('help') . "\">" . theme_image("help.png") . "</a></li>";
}
$printable_page_url = get_printable_page_url($pageid);
if ($printable_page_url != NULL) {
echo "<li><a href=\"" . $printable_page_url . "\" target=\"_new\" title=\"" . get_opendb_lang_var('printable_version') . "\">" . theme_image("printable.gif") . "</a></li>";
}
if (is_exists_my_reserve_basket($user_id)) {
echo "<li><a href=\"borrow.php?op=my_reserve_basket\">" . theme_image("basket.png", get_opendb_lang_var('item_reserve_list')) . "</a></li>";
}
if (is_user_granted_permission(PERM_VIEW_LISTINGS, NULL, TRUE)) {
echo "<li><form class=\"quickSearch\" action=\"listings.php\">" . "<input type=\"hidden\" name=\"search_list\" value=\"y\">" . "<input type=\"hidden\" name=\"title_match\" value=\"partial\">" . "<input type=\"text\" class=\"text\" name=\"title\" size=\"10\" value=\"Title Search\" onfocus=\"if(this.value=='Title Search'){this.value='';this.style.color='black';}\" onblur=\"if(this.value==''){this.value='Title Search';this.style.color='gray';}\">" . "</form></li>";
}
if (is_user_granted_permission(PERM_VIEW_ADVANCED_SEARCH, NULL, TRUE)) {
echo "<li><a href=\"search.php\" title=\"" . get_opendb_lang_var('advanced_search') . "\">" . get_opendb_lang_var('advanced') . "</a></li>";
}
if (strlen($user_id) > 0) {
echo "<li class=\"login\"><a href=\"logout.php\">" . get_opendb_lang_var('logout', 'user_id', $user_id) . "</a></li>";
} else {
echo "<li class=\"login\"><a href=\"login.php?op=login\">" . get_opendb_lang_var('login') . "</a></li>";
}
echo "</ul>";
}
echo "</div>";
echo "<div id=\"content\" class=\"{$pageid}Content\">";
if ($include_menu) {
if ($pageid == 'admin') {
echo "\n<div id=\"admin-menu\" class=\"menuContainer toggleContainer\" onclick=\"return toggleVisible('admin-menu');\">\r\n <span id=\"admin-menu-toggle\" class=\"menuToggle toggleHidden\">" . get_opendb_lang_var('admin_tools') . "</span>\r\n <div id=\"admin-menu-content\" class=\"menuContent elementHidden\">\r\n <h2 class=\"menu\">Admin Tools</h2>";
$menu_options_rs = get_system_admin_tools_menu();
echo get_menu_options_list($menu_options_rs);
echo "\n</div>";
echo "\n</div>";
}
echo "\n<div id=\"menu\" class=\"menuContainer toggleContainer\" onclick=\"return toggleVisible('menu');\">";
echo "<span id=\"menu-toggle\" class=\"menuToggle toggleHidden\">" . get_opendb_lang_var('main_menu') . "</span>";
echo "<div id=\"menu-content\" class=\"menuContent elementHidden\">";
echo "<h2 class=\"menu\">" . get_opendb_lang_var('main_menu') . '</h2>';
echo get_menu_options_list(get_menu_options($user_id));
echo "\n</div>";
echo "\n</div>";
}
}
function get_opendb_rss_feeds()
{
$feeds_r = array();
if (is_user_granted_permission(PERM_VIEW_ANNOUNCEMENTS)) {
$feeds_r[] = array(feed => 'announcements', title => get_opendb_lang_var('announcements'));
}
if (is_user_granted_permission(PERM_VIEW_LISTINGS)) {
$feeds_r[] = array(feed => 'new_items', title => get_opendb_lang_var('new_items_added'));
}
return $feeds_r;
}
function get_list_username($user_id, $mode, $subject = NULL, $redirect_link = NULL, $redirect_url = NULL)
{
// Do not include email link, if Current User.
if ($user_id == get_opendb_session_var('user_id')) {
return get_opendb_lang_var('current_user', array('fullname' => fetch_user_name($user_id), 'user_id' => $user_id));
} else {
$user_name = get_opendb_lang_var('user_name', array('fullname' => fetch_user_name($user_id), 'user_id' => $user_id));
if (is_user_granted_permission(PERM_VIEW_USER_PROFILE)) {
return "<a href=\"user_profile.php?uid=" . $user_id . "&subject=" . urlencode(ifempty($subject, get_opendb_lang_var('no_subject'))) . "&redirect_link=" . urlencode($redirect_link) . "&redirect_url=" . urlencode($redirect_url) . "\" title=\"" . htmlspecialchars(get_opendb_lang_var('user_profile')) . "\">{$user_name}</a>";
} else {
return $user_name;
}
}
}
/**
* Is current user able to see UID address
*
* @param unknown_type $HTTP_VARS
* @param unknown_type $address_type_r
* @return unknown
*/
function is_user_address_visible($HTTP_VARS, $address_type_r)
{
if ($address_type_r['public_address_ind'] == 'Y') {
return TRUE;
} else {
if (is_user_granted_permission(PERM_ADMIN_USER_PROFILE)) {
return TRUE;
} else {
if ($address_type_r['borrow_address_ind'] == 'Y' && is_owner_and_borrower(get_opendb_session_var('user_id'), $HTTP_VARS['uid']) || is_owner_and_borrower($HTTP_VARS['uid'], get_opendb_session_var('user_id'))) {
return TRUE;
} else {
return FALSE;
}
}
}
}
function fetch_export_item_instance_rs($s_item_type, $owner_id)
{
$query = "SELECT i.id as item_id, ii.instance_no, i.title, i.s_item_type, ii.owner_id, ii.borrow_duration, ii.s_status_type, ii.status_comment, UNIX_TIMESTAMP(ii.update_on) AS update_on " . "FROM user u, item i, item_instance ii, s_status_type sst " . "WHERE u.user_id = ii.owner_id AND i.id = ii.item_id AND sst.s_status_type = ii.s_status_type ";
if (strlen($s_item_type) > 0) {
$query .= "AND i.s_item_type = '{$s_item_type}'";
}
// can only export items for active users.
$query .= "AND u.active_ind = 'Y' ";
if (strlen($owner_id) > 0) {
$query .= " AND ii.owner_id = '{$owner_id}' ";
}
if (!is_user_granted_permission(PERM_ITEM_ADMIN)) {
$query .= " AND ( sst.hidden_ind = 'N' OR ii.owner_id = '" . get_opendb_session_var('user_id') . "') ";
}
$query .= "ORDER by i.id, ii.instance_no";
$result = db_query($query);
if ($result && db_num_rows($result) > 0) {
return $result;
} else {
return FALSE;
}
}
} else {
// final fallback
output_cache_file($file_cache_r['url']);
}
return TRUE;
} else {
return FALSE;
}
}
if (is_site_enabled()) {
if (is_opendb_valid_session() || is_site_public_access()) {
$isThumbnail = ifempty($HTTP_VARS['op'], 'fullscreen') == 'thumbnail';
if (is_numeric($HTTP_VARS['id'])) {
$file_cache_r = fetch_file_cache_r($HTTP_VARS['id']);
if ($file_cache_r !== FALSE) {
if ($file_cache_r['cache_type'] != 'ITEM' || is_user_granted_permission(PERM_VIEW_ITEM_COVERS)) {
handle_file_cache($file_cache_r, $isThumbnail);
} else {
opendb_not_authorised_page();
}
} else {
opendb_operation_not_available();
}
} else {
if (strlen($HTTP_VARS['tmpId']) > 0) {
$url = get_url_from_temp_file_cache($HTTP_VARS['tmpId']);
if ($url !== FALSE) {
output_cache_file($url);
} else {
opendb_operation_not_available();
}
} else {
if ($HTTP_VARS['op'] == 'send_to_uids' && (is_not_empty_array($HTTP_VARS['user_id_rs']) || strlen(trim($HTTP_VARS['checked_user_id_rs_list'])) > 0)) {
if ($HTTP_VARS['op2'] == 'send' && send_email_to_userids($HTTP_VARS['user_id_rs'], $from_user_r['user_id'], $HTTP_VARS['subject'], $HTTP_VARS['message'], $errors)) {
// do nothing
} else {
show_email_form(get_user_ids_tovalue($HTTP_VARS['user_id_rs']), get_opendb_lang_var('site_users', 'user_desc', get_opendb_config_var('site', 'title')), $from_user_r['user_id'], $from_user_r['fullname'], $HTTP_VARS['subject'], $HTTP_VARS['message'], $HTTP_VARS, $errors);
}
}
}
echo _theme_footer();
} else {
opendb_not_authorised_page(PERM_ADMIN_SEND_EMAIL, $HTTP_VARS);
}
} else {
if ($HTTP_VARS['op'] == 'send_to_uid' && is_user_permitted_to_receive_email($HTTP_VARS['uid'])) {
if (is_user_granted_permission(PERM_SEND_EMAIL)) {
echo _theme_header(get_opendb_lang_var('send_email'), $HTTP_VARS['inc_menu']);
echo "<h2>" . get_opendb_lang_var('send_email') . "</h2>";
$from_user_r = fetch_user_r(get_opendb_session_var('user_id'));
$HTTP_VARS['toname'] = trim(strip_tags($HTTP_VARS['toname']));
if ($HTTP_VARS['op2'] == 'send' && send_email_to_userids(array($HTTP_VARS['uid']), $from_user_r['user_id'], $HTTP_VARS['subject'], $HTTP_VARS['message'], $errors)) {
// do nothing
} else {
show_email_form($HTTP_VARS['uid'], fetch_user_name($HTTP_VARS['uid']), $from_user_r['user_id'], $from_user_r['fullname'], $HTTP_VARS['subject'], $HTTP_VARS['message'], $HTTP_VARS, $errors);
}
echo _theme_footer();
} else {
opendb_not_authorised_page(PERM_SEND_EMAIL, $HTTP_VARS);
}
} else {
opendb_operation_not_available();
function is_user_admin_changed_user()
{
if (get_opendb_config_var('login', 'enable_change_user') !== FALSE && strlen(get_opendb_session_var('admin_user_id')) > 0 && is_user_granted_permission(PERM_ADMIN_LOGIN, get_opendb_session_var('admin_user_id'))) {
return TRUE;
} else {
return FALSE;
}
}
function is_exists_my_reserve_basket($borrower_id)
{
// the right to be a borrower can be revoked at any time, even if
// a user has active borrower records.
if (is_user_granted_permission(PERM_USER_BORROWER, $borrower_id)) {
return fetch_my_basket_item_cnt($borrower_id) > 0;
} else {
return FALSE;
}
}
function perform_newpassword($HTTP_VARS, &$errors)
{
if (!is_user_valid($HTTP_VARS['uid'])) {
opendb_logger(OPENDB_LOG_WARN, __FILE__, __FUNCTION__, 'New password request failure: User does not exist', array($HTTP_VARS['uid']));
// make user look successful to prevent mining for valid userids
return TRUE;
} else {
if (!is_user_active($HTTP_VARS['uid'])) {
// Do not allow new password operation for 'deactivated' user.
opendb_logger(OPENDB_LOG_WARN, __FILE__, __FUNCTION__, 'New password request failure: User is not active', array($HTTP_VARS['uid']));
return FALSE;
} else {
if (!is_user_granted_permission(PERM_CHANGE_PASSWORD, $HTTP_VARS['uid'])) {
opendb_logger(OPENDB_LOG_WARN, __FILE__, __FUNCTION__, 'New password request failure: User does not have permission to change password', array($HTTP_VARS['uid']));
return FALSE;
} else {
if (get_opendb_config_var('user_admin', 'user_passwd_change_allowed') === FALSE && !is_user_granted_permission(PERM_ADMIN_CHANGE_PASSWORD)) {
opendb_logger(OPENDB_LOG_WARN, __FILE__, __FUNCTION__, 'New password request failure: Password change is disabled', array($HTTP_VARS['uid']));
return FALSE;
} else {
opendb_logger(OPENDB_LOG_INFO, __FILE__, __FUNCTION__, 'User requested to be emailed a new password', array($HTTP_VARS['uid']));
$user_r = fetch_user_r($HTTP_VARS['uid']);
$user_passwd = generate_password(8);
// only send if valid user (email)
if (strlen($user_r['email_addr']) > 0) {
$pass_result = update_user_passwd($HTTP_VARS['uid'], $user_passwd);
if ($pass_result === TRUE) {
$subject = get_opendb_lang_var('lost_password');
$message = get_opendb_lang_var('to_user_email_intro', 'fullname', $user_r['fullname']) . "\n\n" . get_opendb_lang_var('new_passwd_email') . "\n\n" . get_opendb_lang_var('userid') . ": " . $HTTP_VARS['uid'] . "\n" . get_opendb_lang_var('password') . ": " . $user_passwd;
if (opendb_user_email($user_r['user_id'], NULL, $subject, $message, $errors)) {
return TRUE;
} else {
return "EMAIL_NOT_SENT";
}
}
} else {
$errors[] = "User '" . $HTTP_VARS['uid'] . "' does not have a valid email address.";
return FALSE;
}
}
}
}
}
}
$result = fetch_item_instance_history_rs($item_r['item_id'], $item_r['instance_no'], $listingObject->getCurrentOrderBy(), $listingObject->getCurrentSortOrder(), $listingObject->getStartIndex(), $listingObject->getItemsPerPage());
}
} else {
$result = fetch_item_instance_history_rs($item_r['item_id'], $item_r['instance_no'], $listingObject->getCurrentOrderBy(), $listingObject->getCurrentSortOrder());
}
} else {
opendb_not_authorised_page();
}
} else {
echo _theme_header(get_opendb_lang_var('item_not_found'));
echo "<p class=\"error\">" . get_opendb_lang_var('item_not_found') . "</p>";
echo _theme_footer();
}
} else {
if ($HTTP_VARS['op'] == 'my_history') {
if (is_user_valid($HTTP_VARS['uid']) && $HTTP_VARS['uid'] !== get_opendb_session_var('user_id') && is_user_granted_permission(PERM_ADMIN_BORROWER)) {
$page_title = get_opendb_lang_var('borrower_history_for_fullname', array('fullname' => fetch_user_name($HTTP_VARS['uid']), 'user_id' => $HTTP_VARS['uid']));
if (is_numeric($listingObject->getItemsPerPage())) {
$listingObject->setTotalItems(fetch_my_history_item_cnt($HTTP_VARS['uid']));
if ($listingObject->getTotalItemCount() > 0) {
$result = fetch_my_history_item_rs($HTTP_VARS['uid'], $listingObject->getCurrentOrderBy(), $listingObject->getCurrentSortOrder(), $listingObject->getStartIndex(), $listingObject->getItemsPerPage());
}
} else {
$result = fetch_my_history_item_rs($HTTP_VARS['uid'], $listingObject->getCurrentOrderBy(), $listingObject->getCurrentSortOrder());
}
} else {
$page_title = get_opendb_lang_var('my_history');
if (is_numeric($listingObject->getItemsPerPage())) {
$listingObject->setTotalItems(fetch_my_history_item_cnt(get_opendb_session_var('user_id')));
if ($listingObject->getTotalItemCount() > 0) {
$result = fetch_my_history_item_rs(get_opendb_session_var('user_id'), $listingObject->getCurrentOrderBy(), $listingObject->getCurrentSortOrder(), $listingObject->getStartIndex(), $listingObject->getItemsPerPage());
function handle_item_relation_delete($item_r, $status_type_r, $HTTP_VARS, &$errors)
{
if ($item_r['owner_id'] != get_opendb_session_var('user_id') && !is_user_granted_permission(PERM_ITEM_ADMIN)) {
$errors = array('error' => get_opendb_lang_var('cannot_delete_relation_item_not_owned'), 'detail' => '');
opendb_logger(OPENDB_LOG_WARN, __FILE__, __FUNCTION__, 'User to delete item relationship they do not own', $item_r);
return FALSE;
}
if ($HTTP_VARS['confirmed'] == 'true') {
delete_related_item_instance_relationship($item_r['item_id'], $item_r['instance_no'], $HTTP_VARS['parent_item_id'], $HTTP_VARS['parent_instance_no']);
} else {
if ($HTTP_VARS['confirmed'] != 'false') {
return "__CONFIRM__";
} else {
// confirmation required.
return "__ABORTED__";
}
}
}
function build_borrower_stats()
{
if (get_opendb_config_var('borrow', 'enable') !== FALSE) {
echo "<h3>" . get_opendb_lang_var('borrow_stats') . "</h3>";
echo "<table class=\"itemStats\">";
echo "<tr class=\"navbar\">";
echo "<th>" . get_opendb_lang_var('owner') . "</th>";
echo "<th>" . theme_image('reserved.gif', get_opendb_lang_var('reserved'), "borrowed_item") . "</th>";
echo "<th>" . theme_image('borrowed.gif', get_opendb_lang_var('borrowed'), "borrowed_item") . "</th>";
echo "</tr>";
$result = fetch_user_rs(PERM_ITEM_OWNER);
if ($result) {
$toggle = TRUE;
// Totals.
$sum_loaned = 0;
$sum_reserved = 0;
while ($user_r = db_fetch_assoc($result)) {
$user_name = get_opendb_lang_var('user_name', array('fullname' => $user_r['fullname'], 'user_id' => $user_r['user_id']));
echo "<tr class=\"data\"><th>";
if (is_user_granted_permission(PERM_VIEW_USER_PROFILE)) {
echo "<a href=\"user_profile.php?uid=" . $user_r['user_id'] . "\">" . $user_name . "</a>";
} else {
echo $user_name;
}
echo "</th>";
$reserved_total = fetch_owner_reserved_item_cnt($user_r['user_id']);
$sum_reserved += $reserved_total;
echo "\n<td>";
if ($reserved_total > 0) {
echo $reserved_total;
} else {
echo "-";
}
echo "</td>";
$loan_total = fetch_owner_borrowed_item_cnt($user_r['user_id']);
$sum_loaned += $loan_total;
echo "\n<td>";
if ($loan_total > 0) {
echo $loan_total;
} else {
echo "-";
}
echo "</td>";
echo "</tr>";
}
//while ($user_r = db_fetch_assoc($result))
db_free_result($result);
echo "<tr class=\"data totals\"><th>" . get_opendb_lang_var('totals') . "</th>";
// sum loaned.
if (get_opendb_config_var('borrow', 'enable') !== FALSE) {
echo "<td>" . $sum_reserved . "</td>";
echo "<td>" . $sum_loaned . "</td>";
}
echo "</tr>";
}
echo "</table>";
}
}
function get_menu_options($user_id)
{
$menu_options = array();
if (is_user_granted_permission(PERM_ITEM_OWNER, $user_id)) {
$menu_options['items'][] = array(link => get_opendb_lang_var('add_new_item'), url => "item_input.php?op=site-add&owner_id={$user_id}");
$menu_options['listings'][] = array(link => get_opendb_lang_var('list_my_items'), url => "listings.php?owner_id={$user_id}");
}
if (is_user_granted_permission(PERM_VIEW_LISTINGS)) {
$menu_options['listings'][] = array(link => get_opendb_lang_var('list_all_items'), url => "listings.php");
}
if (is_file_upload_enabled()) {
if (is_user_granted_permission(PERM_ADMIN_IMPORT, $user_id)) {
$menu_options['items'][] = array(link => get_opendb_lang_var('import_items'), url => "import.php");
} else {
if (is_user_granted_permission(PERM_USER_IMPORT, $user_id)) {
$menu_options['items'][] = array(link => get_opendb_lang_var('import_my_items'), url => "import.php");
}
}
}
if (is_user_granted_permission(PERM_ADMIN_EXPORT, $user_id)) {
$menu_options['items'][] = array(link => get_opendb_lang_var('export_items'), url => "export.php");
} else {
if (is_user_granted_permission(PERM_USER_EXPORT, $user_id)) {
$menu_options['items'][] = array(link => get_opendb_lang_var('export_my_items'), url => "export.php");
}
}
if (get_opendb_config_var('borrow', 'enable') !== FALSE) {
if (is_exists_borrowed() && is_user_granted_permission(PERM_ADMIN_BORROWER, $user_id)) {
$menu_options['borrow'][] = array(link => get_opendb_lang_var('items_borrowed'), url => "borrow.php?op=all_borrowed");
}
if (is_exists_reserved() && is_user_granted_permission(PERM_ADMIN_BORROWER, $user_id)) {
$menu_options['borrow'][] = array(link => get_opendb_lang_var('items_reserved'), url => "borrow.php?op=all_reserved");
}
if (is_exists_borrower_history($user_id) && is_user_granted_permission(PERM_USER_BORROWER, $user_id)) {
$menu_options['borrow'][] = array(link => get_opendb_lang_var('my_history'), url => "borrow.php?op=my_history");
}
if (is_exists_borrower_borrowed($user_id) && is_user_granted_permission(PERM_USER_BORROWER, $user_id)) {
$menu_options['borrow'][] = array(link => get_opendb_lang_var('my_borrowed_items'), url => "borrow.php?op=my_borrowed");
}
if (is_exists_borrower_reserved($user_id) && is_user_granted_permission(PERM_USER_BORROWER, $user_id)) {
$menu_options['borrow'][] = array(link => get_opendb_lang_var('my_reserved_items'), url => "borrow.php?op=my_reserved");
}
if (get_opendb_config_var('borrow', 'reserve_basket') !== FALSE && is_exists_my_reserve_basket($user_id)) {
$menu_options['borrow'][] = array(link => get_opendb_lang_var('item_reserve_list'), url => "borrow.php?op=my_reserve_basket&order_by=title&sortorder=ASC");
}
if (is_user_granted_permission(PERM_ITEM_OWNER, $user_id)) {
if (is_exists_owner_reserved($user_id)) {
$menu_options['borrow'][] = array(link => get_opendb_lang_var('check_out_item(s)'), url => "borrow.php?op=owner_reserved");
}
if (is_exists_owner_borrowed($user_id)) {
$menu_options['borrow'][] = array(link => get_opendb_lang_var('check_in_item(s)'), url => "borrow.php?op=owner_borrowed");
}
}
if (is_user_granted_permission(PERM_ADMIN_BORROWER, $user_id)) {
if (is_exists_history()) {
$menu_options['borrow'][] = array(link => get_opendb_lang_var('borrower_history'), url => "borrow.php?op=admin_history");
}
$menu_options['borrow'][] = array(link => get_opendb_lang_var('quick_check_out'), url => "quick_checkout.php?op=checkout");
$menu_options['borrow'][] = array(link => get_opendb_lang_var('quick_check_in'), url => "quick_checkout.php?op=checkin");
}
}
if (is_user_granted_permission(PERM_VIEW_ADVANCED_SEARCH)) {
$menu_options['search'][] = array(link => get_opendb_lang_var('advanced_search'), url => "search.php");
}
if (is_user_granted_permission(PERM_VIEW_STATS)) {
$menu_options['stats'][] = array(link => get_opendb_lang_var('statistics'), url => "stats.php");
}
if (is_exists_opendb_rss_feeds()) {
$menu_options['feeds'][] = array(link => get_opendb_lang_var('rss_feeds'), url => "rss.php");
}
if (is_user_granted_permission(PERM_EDIT_USER_PROFILE, $user_id)) {
$menu_options['users'][] = array(link => get_opendb_lang_var('edit_my_info'), url => "user_admin.php?op=edit&user_id={$user_id}");
}
if (get_opendb_config_var('user_admin', 'user_passwd_change_allowed') !== FALSE && is_user_granted_permission(PERM_CHANGE_PASSWORD, $user_id)) {
$menu_options['users'][] = array(link => get_opendb_lang_var('change_my_password'), url => "user_admin.php?op=change_password&user_id={$user_id}");
}
if (is_user_granted_permission(PERM_ADMIN_USER_LISTING, $user_id)) {
if (is_exist_users_not_activated()) {
$menu_options['users'][] = array(link => get_opendb_lang_var('activate_users'), url => "user_listing.php?restrict_active_ind=X&order_by=fullname&sortorder=ASC");
}
$menu_options['users'][] = array(link => get_opendb_lang_var('user_list'), url => "user_listing.php?order_by=fullname&sortorder=ASC");
}
if (is_user_granted_permission(PERM_ADMIN_CREATE_USER, $user_id)) {
$menu_options['users'][] = array(link => get_opendb_lang_var('add_new_user'), url => "user_admin.php?op=new_user");
}
if (is_user_granted_permission(PERM_ADMIN_CHANGE_USER, $user_id)) {
$menu_options['users'][] = array(link => get_opendb_lang_var('change_user'), url => "user_admin.php?op=change_user");
}
if (is_user_granted_permission(PERM_ADMIN_SEND_EMAIL, $user_id)) {
if (is_valid_opendb_mailer()) {
$menu_options['users'][] = array(link => get_opendb_lang_var('email_users'), url => "email.php?op=send_to_all");
}
}
if (is_user_granted_permission(PERM_ADMIN_TOOLS, $user_id)) {
$menu_options['admin_tools'][] = array(link => get_opendb_lang_var('admin_tools'), url => "admin.php");
}
return $menu_options;
}
$arrayOfUniqueCatValuesCount = 0;
// Now sort all values into alphabetical order!
if (is_array($arrayOfUniqueCategories)) {
asort($arrayOfUniqueCategories);
reset($arrayOfUniqueCategories);
while (list($value, $display) = each($arrayOfUniqueCategories)) {
$arrayOfUniqueCatValues .= "\narrayOfUniqueCatValues[{$arrayOfUniqueCatValuesCount}] = new LookupAttribute('',\"{$value}\",\"{$display}\");";
$arrayOfUniqueCatValuesCount++;
}
}
// Now wrap and return
return "\n<script language=\"JavaScript\">\n<!-- // hide from stupid browsers\n" . $buffer . "\n// -->\n</script>\n";
}
if (is_site_enabled()) {
if (is_opendb_valid_session() || is_site_public_access()) {
if (is_user_granted_permission(PERM_VIEW_ADVANCED_SEARCH)) {
$page_title = get_opendb_lang_var('advanced_search');
echo _theme_header($page_title);
echo encode_search_javascript_arrays($item_type_rs, $category_type_rs, $item_attribute_type_rs);
echo "<h2>" . $page_title . "</h2>";
echo "\n<form name=\"search\" method=\"GET\" action=\"listings.php\">";
echo "\n<input type=\"hidden\" name=\"datetimemask\" value=\"" . get_opendb_config_var('search', 'datetime_mask') . "\">";
echo "\n<input type=\"hidden\" name=\"search_list\" value=\"y\">";
echo "<table class=\"searchForm\">";
echo format_field(get_opendb_lang_var('title'), "\n<input type=\"text\" class=\"text\" id=\"search-title\" size=\"50\" name=\"title\">" . "\n<ul class=\"searchInputOptions\">" . "\n<li><input type=\"radio\" class=\"radio\" name=\"title_match\" value=\"word\">" . get_opendb_lang_var('word_match') . "</li>" . "\n<li><input type=\"radio\" class=\"radio\" name=\"title_match\" value=\"partial\" CHECKED>" . get_opendb_lang_var('partial_match') . "</li>" . "\n<li><input type=\"radio\" class=\"radio\" name=\"title_match\" value=\"exact\">" . get_opendb_lang_var('exact_match') . "</li>" . "\n<li><input type=\"checkbox\" class=\"checkbox\" name=\"title_case\" value=\"case_sensitive\">" . get_opendb_lang_var('case_sensitive') . "</li>" . "\n</ul>");
if (@count($category_type_rs) > 1) {
$catTypeSelect = "<select name=\"category\" id=\"search-category\">" . "\n<option value=\"\">-------------- " . get_opendb_lang_var('all') . " --------------";
reset($category_type_rs);
while (list($value, $display) = each($category_type_rs)) {
$catTypeSelect .= "\n<option value=\"{$value}\">{$display}";
}
function get_upload_form($HTTP_VARS)
{
global $PHP_SELF;
$buffer .= "\n<form name=\"main\" action=\"{$PHP_SELF}\" method=\"POST\" enctype=\"multipart/form-data\">";
$buffer .= "\n<input type=\"hidden\" name=\"op\" value=\"upload\">";
$buffer .= "\n<table>";
if (is_user_granted_permission(PERM_ADMIN_IMPORT)) {
$buffer .= format_field(get_opendb_lang_var('owner'), custom_select('owner_id', fetch_user_rs(PERM_USER_IMPORT), '%fullname% (%user_id%)', 1, ifempty($HTTP_VARS['owner_id'], get_opendb_session_var('user_id')), 'user_id'));
} else {
$buffer .= "\n<input type=\"hidden\" name=\"owner_id\" value=\"" . $HTTP_VARS['owner_id'] . "\">";
}
$buffer .= format_field(get_opendb_lang_var('item_type'), single_select('s_item_type', fetch_item_type_rs(TRUE), "%value% - %display%", NULL, $HTTP_VARS['s_item_type']));
$buffer .= format_field(get_opendb_lang_var('file'), "<input type=\"file\" class=\"file\" size=\"25\" name=\"uploadfile\">");
$buffer .= "\n</table>";
$buffer .= "\n<input type=\"submit\" class=\"submit\" value=\"" . get_opendb_lang_var('submit') . "\">";
$buffer .= "\n</form>";
return $buffer;
}
echo format_footer_links($instance_info_links_r);
echo "</div>";
if (get_opendb_config_var('item_review', 'enable') !== FALSE) {
echo "<div class=\"{$otherTabsClass}\" id=\"reviews\">";
echo get_item_review_block($item_r);
echo "</div>";
}
echo "</div>";
// end of tab content
echo "</div>";
// end of tabContainer
} else {
echo _theme_header(get_opendb_lang_var('item_not_found'));
echo "<p class=\"error\">" . get_opendb_lang_var('item_not_found') . "</p>";
}
if (is_export_plugin(get_opendb_config_var('item_display', 'export_link')) && is_user_granted_permission(PERM_USER_EXPORT)) {
$footer_links_r[] = array(url => "export.php?op=export&plugin=" . get_opendb_config_var('item_display', 'export_link') . "&item_id=" . $item_r['item_id'] . "&instance_no=" . $item_r['instance_no'], text => get_opendb_lang_var('export_item_record'));
}
// Include a Back to Listing link.
if (is_opendb_session_var('listing_url_vars')) {
$footer_links_r[] = array(url => "listings.php?" . get_url_string(get_opendb_session_var('listing_url_vars')), text => get_opendb_lang_var('back_to_listing'));
}
echo format_footer_links($footer_links_r);
echo _theme_footer();
} else {
opendb_not_authorised_page(PERM_VIEW_ITEM_DISPLAY, $HTTP_VARS);
}
} else {
// invalid login, so login instead.
redirect_login($PHP_SELF, $HTTP_VARS);
}
Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
$_OVRD_OPENDB_LANGUAGE = 'english';
// This must be first - includes config.php
require_once "./include/begin.inc.php";
include_once "./lib/database.php";
include_once "./lib/auth.php";
include_once "./lib/logging.php";
include_once "./lib/utils.php";
include_once "./lib/parseutils.php";
include_once "./lib/widgets.php";
include_once "./lib/admin.php";
define('OPENDB_ADMIN_TOOLS', 'true');
if (is_site_enabled()) {
if (is_opendb_valid_session()) {
if (is_user_granted_permission(PERM_ADMIN_TOOLS)) {
$HTTP_VARS['type'] = ifempty($HTTP_VARS['type'], 'config');
$ADMIN_TYPE = $HTTP_VARS['type'];
$ADMIN_DIR = './admin/' . $ADMIN_TYPE;
if (file_exists("./admin/" . $ADMIN_TYPE . "/functions.php")) {
include_once "./admin/" . $ADMIN_TYPE . "/functions.php";
}
if (file_exists("./admin/" . $ADMIN_TYPE . "/ajaxjobs.php")) {
require_once "./lib/xajax/xajax_core/xajax.inc.php";
$xajax = new xajax("admin.php?type={$ADMIN_TYPE}");
$xajax->configure('javascript URI', 'lib/xajax/');
$xajax->configure('debug', false);
$xajax->configure('statusMessages', true);
$xajax->configure('waitCursor', true);
include_once "./admin/" . $ADMIN_TYPE . "/ajaxjobs.php";
$xajax->processRequest();
/**
* NOTE: PRIVATE FUNCTION.
Will return the FROM and WHERE clauses for a selection from the item table.
If $owner_id defined, will limit to only items owned by owner_id
If $s_item_type defined, will limit to only items of that type.
If $category defined, will limit to only items of that category.
If $letter defined will limit to item.title starting with that letter.
If $interest_level defined will limit to items with that interest level or higher.
@param $HTTP_VARS['...'] variables supported:
owner_id, s_item_type, s_item_type[], s_item_type_group, title, title_match, category,
rating, attribute_type, lookup_attribute_val, attribute_val, attr_match,
update_on, datetimemask, update_on_days, letter, start_item_id
s_status_type[], status_comment, not_s_status_type[], interest_level
*/
function from_and_where_clause($HTTP_VARS, $column_display_config_rs = NULL, $query_type = 'LISTING')
{
// For checking whether count (DISTINCT ...) is supported, and thus
// whether we have to do any special processing!
$from_r[] = 'item i';
$from_r[] = 'item_instance ii';
$where_r[] = 'ii.item_id = i.id';
// only parent items should ever be listed.
//
// Owner restriction
//
if (strlen($HTTP_VARS['owner_id']) > 0) {
$where_r[] = 'ii.owner_id = \'' . $HTTP_VARS['owner_id'] . '\'';
} else {
if (strlen($HTTP_VARS['not_owner_id']) > 0) {
//For not showing current user items.
$where_r[] = 'ii.owner_id <> \'' . $HTTP_VARS['not_owner_id'] . '\'';
}
}
//
// Item Type / Item Type group restriction
//
if (!is_array($HTTP_VARS['s_item_type']) && strlen($HTTP_VARS['s_item_type']) > 0) {
$where_r[] = 'i.s_item_type = \'' . $HTTP_VARS['s_item_type'] . '\'';
} else {
if (strlen($HTTP_VARS['s_item_type_group']) > 0) {
$from_r[] = 's_item_type_group_rltshp sitgr';
$where_r[] = 'sitgr.s_item_type = i.s_item_type';
$where_r[] = 'sitgr.s_item_type_group = \'' . $HTTP_VARS['s_item_type_group'] . '\'';
} else {
if (is_not_empty_array($HTTP_VARS['s_item_type'])) {
$where_r[] = 'i.s_item_type IN(' . format_sql_in_clause($HTTP_VARS['s_item_type']) . ')';
}
}
}
$from_r[] = 's_status_type sst';
$where_r[] = 'sst.s_status_type = ii.s_status_type';
//
// Status Type restriction
//
if (is_not_empty_array($HTTP_VARS['s_status_type'])) {
$where_r[] = 'sst.s_status_type IN(' . format_sql_in_clause($HTTP_VARS['s_status_type']) . ')';
} else {
if ($HTTP_VARS['s_status_type'] != 'ALL' && strlen($HTTP_VARS['s_status_type']) > 0) {
$where_r[] = 'sst.s_status_type = \'' . $HTTP_VARS['s_status_type'] . '\'';
}
}
// no need for such a restriction if current user is item admin
if (!is_user_granted_permission(PERM_ITEM_ADMIN)) {
$where_r[] = "( sst.hidden_ind = 'N' OR ii.owner_id = '" . get_opendb_session_var('user_id') . "') ";
}
//
// User and Status type restriction
//
if (strcmp($HTTP_VARS['owner_id'], get_opendb_session_var('user_id')) !== 0) {
// not current user
$from_r[] = 'user u';
$where_r[] = 'u.user_id = ii.owner_id';
$where_r[] = 'u.active_ind = \'Y\'';
}
//
// Status Comment restriction
//
if (strlen($HTTP_VARS['status_comment']) > 0) {
// Escape only the single quote!
$HTTP_VARS['status_comment'] = str_replace("'", "\\'", $HTTP_VARS['status_comment']);
if ($HTTP_VARS['status_comment_match'] != 'exact') {
$parser = new BooleanParser();
$statements = $parser->parseBooleanStatement($HTTP_VARS['status_comment']);
if (is_array($statements)) {
$where_r[] = build_boolean_clause($statements, 'ii.status_comment', $HTTP_VARS['status_comment_match'], 'AND', $HTTP_VARS['status_comment_case']);
}
} else {
if (is_null($HTTP_VARS['status_comment_case'])) {
$where_r[] = 'ii.status_comment = \'' . $HTTP_VARS['status_comment'] . '\'';
} else {
$where_r[] = 'BINARY ii.status_comment = \'' . $HTTP_VARS['status_comment'] . '\'';
}
}
}
//
// Title restriction
//
if (strlen($HTTP_VARS['title']) > 0) {
// Escape only the single quote!
$HTTP_VARS['title'] = str_replace("'", "\\'", $HTTP_VARS['title']);
if ($HTTP_VARS['title_match'] != 'exact') {
$parser = new BooleanParser();
$statements = $parser->parseBooleanStatement($HTTP_VARS['title']);
if (is_array($statements)) {
$where_r[] = build_boolean_clause($statements, 'i.title', $HTTP_VARS['title_match'], 'AND', $HTTP_VARS['title_case']);
}
} else {
if (is_null($HTTP_VARS['title_case'])) {
$where_r[] = 'i.title = \'' . $HTTP_VARS['title'] . '\'';
} else {
$where_r[] = 'BINARY i.title = \'' . $HTTP_VARS['title'] . '\'';
}
}
} else {
if (strlen($HTTP_VARS['letter']) > 0) {
// Numeric match.
if ($HTTP_VARS['letter'] == '#') {
$where_r[] = 'ASCII(LEFT(title,1)) BETWEEN ASCII(\'0\') AND ASCII(\'9\')';
} else {
$where_r[] = 'UPPER(LEFT(i.title,1)) = \'' . strtoupper($HTTP_VARS['letter']) . '\'';
}
}
}
//
// Last Updated support
//
if (strlen($HTTP_VARS['update_on']) > 0) {
if (strlen($HTTP_VARS['datetimemask']) > 0) {
$timestamp = get_timestamp_for_datetime($HTTP_VARS['update_on'], $HTTP_VARS['datetimemask']);
if ($timestamp !== FALSE) {
$where_r[] = 'ii.update_on >= FROM_UNIXTIME(' . $timestamp . ')';
} else {
// by default get items from 1 day ago, if update_on can not be parsed correctly.
$where_r[] = 'TO_DAYS(ii.update_on) >= (TO_DAYS(now())-1)';
}
} else {
$where_r[] = 'ii.update_on >= \'' . $HTTP_VARS['update_on'] . '\'';
}
} else {
if (is_numeric($HTTP_VARS['update_on_days'])) {
// GIve us all records updated in the last however many days.
$where_r[] = 'TO_DAYS(ii.update_on) >= (TO_DAYS(now())-' . $HTTP_VARS['update_on_days'] . ')';
}
}
//
// Item Attribute listing/restriction
//
if (is_array($column_display_config_rs)) {
for ($i = 0; $i < count($column_display_config_rs); $i++) {
if ($column_display_config_rs[$i]['column_type'] == 's_attribute_type') {
if ($column_display_config_rs[$i]['search_attribute_ind'] != 'y') {
// either LISTING or COUNT
if ($query_type != 'COUNT') {
$left_join = 'LEFT JOIN item_attribute ia' . $i . ' ON ' . 'ia' . $i . '.item_id = i.id AND (ia' . $i . '.instance_no = 0 OR ia' . $i . '.instance_no = ii.instance_no) AND ia' . $i . '.s_attribute_type = \'' . $column_display_config_rs[$i]['s_attribute_type'] . '\' AND ia' . $i . '.attribute_no = 1';
// So we can work out which search attribute types to display
if (is_numeric($column_display_config_rs[$i]['order_no'])) {
$left_join .= ' AND ia' . $i . '.order_no = ' . $column_display_config_rs[$i]['order_no'];
}
$left_join_from_r[] = $left_join;
}
} else {
// search attribute
$from_r[] = 'item_attribute ia' . $i;
// now do the where clause.
$where_r[] = 'ia' . $i . '.item_id = i.id AND (ia' . $i . '.instance_no = 0 OR ia' . $i . '.instance_no = ii.instance_no) AND ia' . $i . '.s_attribute_type = \'' . $column_display_config_rs[$i]['s_attribute_type'] . '\'';
// AND ia'.$i.'.attribute_no = 1';
if (strlen($column_display_config_rs[$i]['attribute_val']) > 0 && $column_display_config_rs[$i]['attribute_val'] != '%' && $column_display_config_rs[$i]['attr_match'] != 'exact') {
$parser = new BooleanParser();
$statements = $parser->parseBooleanStatement(strtoupper(str_replace("'", "\\'", $column_display_config_rs[$i]['attribute_val'])));
if (is_array($statements)) {
if ($column_display_config_rs[$i]['lookup_attribute_ind'] == 'Y') {
$where_r[] = build_boolean_clause($statements, 'ia' . $i . '.lookup_attribute_val', 'plain', 'AND', $HTTP_VARS['attr_case']);
} else {
$where_r[] = build_boolean_clause($statements, 'ia' . $i . '.attribute_val', $column_display_config_rs[$i]['attr_match'], 'AND', $HTTP_VARS['attr_case']);
}
}
} else {
if (strlen($column_display_config_rs[$i]['lookup_attribute_val']) > 0 && $column_display_config_rs[$i]['lookup_attribute_val'] != '%' && $column_display_config_rs[$i]['lookup_attribute_ind'] == 'Y') {
$value = str_replace("'", "\\'", $column_display_config_rs[$i]['lookup_attribute_val']);
$where_r[] = 'ia' . $i . '.lookup_attribute_val = \'' . str_replace('\\_', '_', $value) . '\'';
} else {
if (strlen($column_display_config_rs[$i]['attribute_val']) > 0 && $column_display_config_rs[$i]['attribute_val'] != '%') {
if (starts_with($column_display_config_rs[$i]['attribute_val'], '"') && ends_with($column_display_config_rs[$i]['attribute_val'], '"')) {
$column_display_config_rs[$i]['attribute_val'] = substr($column_display_config_rs[$i]['attribute_val'], 1, -1);
}
$value = strtoupper(str_replace("'", "\\'", $column_display_config_rs[$i]['attribute_val']));
$where_r[] = 'UPPER(ia' . $i . '.attribute_val) = \'' . str_replace('\\_', '_', $value) . '\'';
}
}
}
if (strlen($HTTP_VARS['attr_update_on']) > 0) {
if (strlen($HTTP_VARS['datetimemask']) > 0) {
$timestamp = get_timestamp_for_datetime($HTTP_VARS['attr_update_on'], $HTTP_VARS['datetimemask']);
if ($timestamp !== FALSE) {
$where_r[] = 'ia' . $i . '.update_on >= FROM_UNIXTIME(' . $timestamp . ')';
} else {
// by default get items from 1 day ago, if update_on can not be parsed correctly.
$where_r[] = 'TO_DAYS(ia' . $i . '.update_on) >= (TO_DAYS(now())-1)';
}
} else {
$where_r[] = 'ia' . $i . '.update_on >= \'' . $HTTP_VARS['attr_update_on'] . '\'';
}
} else {
if (is_numeric($HTTP_VARS['attr_update_on_days'])) {
// GIve us all records updated in the last however many days.
$where_r[] = 'TO_DAYS(ia' . $i . '.update_on) >= (TO_DAYS(now())-' . $HTTP_VARS['attr_update_on_days'] . ')';
}
}
}
} else {
if ($column_display_config_rs[$i]['column_type'] == 's_field_type') {
if ($column_display_config_rs[$i]['s_field_type'] == 'CATEGORY') {
$from_r[] = 's_item_attribute_type catsiat';
$from_r[] = 's_attribute_type catsat';
$where_r[] = 'catsiat.s_item_type = i.s_item_type AND catsat.s_attribute_type = catsiat.s_attribute_type AND catsat.s_field_type = \'CATEGORY\'';
$left_join_clause = 'LEFT JOIN item_attribute catia ON ' . 'catia.item_id = i.id AND (catia.instance_no = 0 OR catia.instance_no = ii.instance_no) AND catia.s_attribute_type = catsiat.s_attribute_type AND catia.order_no = catsiat.order_no';
if (strlen($HTTP_VARS['category']) > 0 || strcasecmp($HTTP_VARS['attr_match'], 'category') === 0 && strlen($HTTP_VARS['attribute_val']) > 0) {
// Support specifying $attribute_val for $category where $attr_match=="category"!
// If item_type && item_type_group are not set!
if (strlen($HTTP_VARS['attribute_type']) > 0 && !is_array($HTTP_VARS['s_item_type']) && strlen($HTTP_VARS['s_item_type']) == 0 && strlen($HTTP_VARS['s_item_type_group']) == 0) {
$where_r[] = 'catsat.s_attribute_type = \'' . $HTTP_VARS['attribute_type'] . '\'';
}
// Escape single quotes only.
$value = strtoupper(str_replace("'", "\\'", ifempty($HTTP_VARS['category'], $HTTP_VARS['attribute_val'])));
$where_r[] = 'UPPER(catia.lookup_attribute_val) = \'' . str_replace('\\_', '_', $value) . '\'';
} else {
$left_join_clause .= ' AND catia.attribute_no = 1';
}
$left_join_from_r[] = $left_join_clause;
} else {
if ($column_display_config_rs[$i]['s_field_type'] == 'INTEREST') {
// can only restrict interest level if its displayed as a column
if (strlen($HTTP_VARS['interest_level']) > 0) {
$where_r[] = "it.item_id = ii.item_id AND it.instance_no = ii.instance_no AND it.user_id = '" . get_opendb_session_var('user_id') . "'" . " AND it.level >= " . $HTTP_VARS['interest_level'];
$from_r[] = "user_item_interest it";
} else {
$left_join_from_r[] = "LEFT JOIN user_item_interest it ON it.item_id = i.id AND it.instance_no = ii.instance_no AND it.user_id = '" . get_opendb_session_var('user_id') . "'";
}
}
}
}
}
}
}
// If attribute_val specified without a attribute_type, then do a loose join to item_attribute table,
// only on attribute_val column.
if (strlen($HTTP_VARS['attribute_type']) == 0 && (strlen($HTTP_VARS['attribute_val']) > 0 || strlen($HTTP_VARS['attr_update_on']) > 0 || strlen($HTTP_VARS['attr_update_on_days']) > 0)) {
$from_r[] = 'item_attribute ia';
// now do the where clause.
$where_r[] = 'ia.item_id = i.id ';
//AND ia.attribute_no = 1';
if ($HTTP_VARS['attr_match'] != 'exact') {
$parser = new BooleanParser();
$statements = $parser->parseBooleanStatement(strtoupper(str_replace("'", "\\'", $HTTP_VARS['attribute_val'])));
if (is_array($statements)) {
if (is_lookup_attribute_type($HTTP_VARS['attribute_type'])) {
$where_r[] = build_boolean_clause($statements, 'ia.lookup_attribute_val', 'plain', 'AND', $HTTP_VARS['attr_case']);
} else {
$where_r[] = build_boolean_clause($statements, 'ia.attribute_val', $HTTP_VARS['attr_match'], 'AND', $HTTP_VARS['attr_case']);
}
}
} else {
// attr_match = 'exact'
if (is_lookup_attribute_type($HTTP_VARS['attribute_type'])) {
$value = str_replace("'", "\\'", $HTTP_VARS['attribute_val']);
$where_r[] = 'ia.lookup_attribute_val = \'' . str_replace('\\_', '_', $value) . '\'';
} else {
$value = str_replace("'", "\\'", $HTTP_VARS['attribute_val']);
if (is_null($HTTP_VARS['attr_case'])) {
$where_r[] = '( ia.attribute_val = \'' . str_replace('\\_', '_', $value) . '\' OR ' . 'ia.attribute_val LIKE \'% ' . $value . ' %\' OR ' . 'ia.attribute_val LIKE \'' . $value . ' %\' OR ' . 'ia.attribute_val LIKE \'% ' . $value . '\')';
} else {
$where_r[] = '( BINARY ia.attribute_val = \'' . str_replace('\\_', '_', $value) . '\' OR ' . 'ia.attribute_val LIKE BINARY \'% ' . $value . ' %\' OR ' . 'ia.attribute_val LIKE BINARY \'' . $value . ' %\' OR ' . 'ia.attribute_val LIKE BINARY \'% ' . $value . '\')';
}
}
}
if (strlen($HTTP_VARS['attr_update_on']) > 0) {
if (strlen($HTTP_VARS['datetimemask']) > 0) {
$timestamp = get_timestamp_for_datetime($HTTP_VARS['attr_update_on'], $HTTP_VARS['datetimemask']);
if ($timestamp !== FALSE) {
$where_r[] = 'ia.update_on >= FROM_UNIXTIME(' . $timestamp . ')';
} else {
// by default get items from 1 day ago, if update_on can not be parsed correctly.
$where_r[] = 'TO_DAYS(ia.update_on) >= (TO_DAYS(now())-1)';
}
} else {
$where_r[] = 'ia.update_on >= \'' . $HTTP_VARS['attr_update_on'] . '\'';
}
} else {
if (is_numeric($HTTP_VARS['attr_update_on_days'])) {
// GIve us all records updated in the last however many days.
$where_r[] = 'TO_DAYS(ia.update_on) >= (TO_DAYS(now())-' . $HTTP_VARS['attr_update_on_days'] . ')';
}
}
}
//
// Review restrictions
//
if (strlen($HTTP_VARS['rating']) > 0) {
$where_r[] = 'r.item_id = i.id AND r.rating >= ' . $HTTP_VARS['rating'];
$from_r[] = 'review r';
}
//
// Item ID range restriction (Used by Import script)
//
if (strlen($HTTP_VARS['item_id_range']) > 0) {
$where_r[] = 'i.id IN (' . expand_number_range($HTTP_VARS['item_id_range']) . ')';
}
//
// Now build the SQL query
//
if (is_array($from_r)) {
$from_clause = '';
for ($i = 0; $i < count($from_r); $i++) {
if (strlen($from_clause) > 0) {
$from_clause .= ', ';
}
$from_clause .= $from_r[$i];
}
$query .= 'FROM (' . $from_clause . ') ';
}
if (is_array($left_join_from_r)) {
$left_join_from_clause = '';
for ($i = 0; $i < count($left_join_from_r); $i++) {
if (strlen($left_join_from_clause) > 0) {
$left_join_from_clause .= ' ';
}
$left_join_from_clause .= $left_join_from_r[$i];
}
$query .= $left_join_from_clause . ' ';
}
if (is_array($where_r)) {
$where_clause = '';
for ($i = 0; $i < count($where_r); $i++) {
if (strlen($where_clause) > 0) {
$where_clause .= ' AND ';
}
$where_clause .= $where_r[$i];
}
$query .= 'WHERE ' . $where_clause;
}
return $query;
}
if ($HTTP_VARS['confirmed'] == 'false') {
echo "<p class=\"success\">" . get_opendb_lang_var('review_not_deleted') . "</p>";
} else {
echo get_op_confirm_form($PHP_SELF, get_opendb_lang_var('confirm_delete_review'), $HTTP_VARS);
}
}
} else {
echo "<p class=\"error\">" . get_opendb_lang_var('operation_not_available') . "</p>";
}
} else {
echo "<p class=\"error\">" . get_opendb_lang_var('operation_not_available') . "</p>";
}
} else {
if ($HTTP_VARS['op'] == 'edit') {
if (get_opendb_config_var('item_review', 'update_support') !== FALSE) {
if (is_review_author($review_r['sequence_number']) || is_user_granted_permission(PERM_ADMIN_REVIEWER)) {
echo get_edit_form('update', $review_r, $HTTP_VARS);
} else {
echo "<p class=\"error\">" . get_opendb_lang_var('operation_not_available') . "</p>";
}
} else {
echo "<p class=\"error\">" . get_opendb_lang_var('operation_not_available') . "</p>";
}
} else {
if ($HTTP_VARS['op'] == 'add') {
echo get_edit_form('insert', array(), $HTTP_VARS);
}
}
}
}
}
function handle_new_or_site($op, $item_r, $status_type_r, $HTTP_VARS, &$errors)
{
if (is_user_granted_permission(PERM_ITEM_OWNER) && $item_r['owner_id'] == get_opendb_session_var('user_id') || is_user_granted_permission(PERM_ITEM_ADMIN)) {
if (is_valid_item_type_structure($item_r['s_item_type'])) {
$formContents = get_edit_form($op, $item_r, $status_type_r, $HTTP_VARS);
if ($formContents != FALSE) {
return $formContents;
} else {
$errors = array('error' => get_opendb_lang_var('undefined_error'), detail => '');
return FALSE;
}
} else {
$errors = array('error' => get_opendb_lang_var('invalid_item_type_structure', 's_item_type', $item_r['s_item_type']), 'detail' => '');
return FALSE;
}
} else {
$errors = array('error' => get_opendb_lang_var('operation_not_available'));
opendb_logger(OPENDB_LOG_WARN, __FILE__, __FUNCTION__, 'User attempted to insert an item for another user', $item_r);
return FALSE;
}
}
function validate_borrower_id($borrower_id, &$errors)
{
if (strlen($borrower_id) > 0) {
if (!is_user_active($borrower_id)) {
$errors[] = get_opendb_lang_var('invalid_borrower_user', 'user_id', $HTTP_VARS['borrower_id']);
return FALSE;
} else {
if (!is_user_granted_permission(PERM_USER_BORROWER, $borrower_id)) {
$errors[] = get_opendb_lang_var('user_must_be_borrower', 'user_id', $HTTP_VARS['borrower_id']);
return FALSE;
} else {
return TRUE;
}
}
} else {
return FALSE;
}
}
function get_related_items_listing($item_r, $HTTP_VARS, $related_mode)
{
global $PHP_SELF;
$buffer = '';
$results = fetch_item_instance_relationship_rs($item_r['item_id'], $item_r['instance_no'], $related_mode);
if ($results) {
$listingObject = new HTML_Listing($PHP_SELF, $HTTP_VARS);
$listingObject->setBufferOutput(TRUE);
$listingObject->setNoRowsMessage(get_opendb_lang_var('no_items_found'));
$listingObject->setShowItemImages(TRUE);
$listingObject->setIncludeFooter(FALSE);
$listingObject->addHeaderColumn(get_opendb_lang_var('type'), 'type', FALSE);
$listingObject->addHeaderColumn(get_opendb_lang_var('title'), 'title', FALSE);
$listingObject->addHeaderColumn(get_opendb_lang_var('action'), 'action', FALSE);
$listingObject->addHeaderColumn(get_opendb_lang_var('status'), 'status', FALSE);
$listingObject->addHeaderColumn(get_opendb_lang_var('status_comment'), 'status_comment', FALSE);
$listingObject->addHeaderColumn(get_opendb_lang_var('category'), 'category', FALSE);
$listingObject->startListing(NULL);
while ($related_item_r = db_fetch_assoc($results)) {
$listingObject->startRow();
$listingObject->addItemTypeImageColumn($related_item_r['s_item_type']);
$listingObject->addTitleColumn($related_item_r);
$action_links_rs = NULL;
if (is_user_granted_permission(PERM_ITEM_OWNER) && get_opendb_session_var('user_id') === $item_r['owner_id'] || is_user_granted_permission(PERM_ITEM_ADMIN)) {
$action_links_rs[] = array(url => 'item_input.php?op=edit&item_id=' . $related_item_r['item_id'] . '&instance_no=' . $related_item_r['instance_no'], img => 'edit.gif', text => get_opendb_lang_var('edit'));
if (get_opendb_config_var('listings', 'show_refresh_actions') && is_item_legal_site_type($related_item_r['s_item_type'])) {
$action_links_rs[] = array(url => 'item_input.php?op=site-refresh&item_id=' . $related_item_r['item_id'] . '&instance_no=' . $related_item_r['instance_no'], img => 'refresh.gif', text => get_opendb_lang_var('refresh'));
}
$action_links_rs[] = array(url => 'item_input.php?op=delete&item_id=' . $related_item_r['item_id'] . '&instance_no=' . $related_item_r['instance_no'] . '&parent_item_id=' . $item_r['item_id'] . '&parent_instance_no=' . $item_r['instance_no'], img => 'delete.gif', text => get_opendb_lang_var('delete'));
$action_links_rs[] = array(url => 'item_input.php?op=delete-relation&item_id=' . $item_r['item_id'] . '&instance_no=' . $item_r['instance_no'] . '&parent_item_id=' . $related_item_r['item_id'] . '&parent_instance_no=' . $related_item_r['instance_no'], img => 'delete.gif', text => get_opendb_lang_var('delete_relationship'));
}
$listingObject->addActionColumn($action_links_rs);
$status_type_r = fetch_status_type_r($related_item_r['s_status_type']);
$listingObject->addThemeImageColumn($status_type_r['img'], $status_type_r['description'], $status_type_r['description'], 's_status_type');
//type
// If a comment is allowed and defined, add it in.
if ($status_type_r['status_comment_ind'] == 'Y' || get_opendb_session_var('user_id') === $related_item_r['owner_id'] || is_user_granted_permission(PERM_ITEM_ADMIN)) {
// support newlines in this field
$listingObject->addColumn(nl2br($related_item_r['status_comment']));
} else {
$listingObject->addColumn(get_opendb_lang_var('not_applicable'));
}
$attribute_type_r = fetch_sfieldtype_item_attribute_type_r($related_item_r['s_item_type'], 'CATEGORY');
if (is_array($attribute_type_r)) {
if ($attribute_type_r['lookup_attribute_ind'] === 'Y') {
$attribute_val = fetch_attribute_val_r($related_item_r['item_id'], $related_item_r['instance_no'], $attribute_type_r['s_attribute_type'], $attribute_type_r['order_no']);
} else {
$attribute_val = fetch_attribute_val($related_item_r['item_id'], $related_item_r['instance_no'], $attribute_type_r['s_attribute_type'], $attribute_type_r['order_no']);
}
$listingObject->addAttrDisplayColumn($related_item_r, $attribute_type_r, $attribute_val);
}
$listingObject->endRow();
}
$listingObject->endListing();
$buffer =& $listingObject->getContents();
unset($listingObject);
return $buffer;
} else {
return NULL;
}
}
}
if (get_opendb_config_var('borrow', 'enable') !== FALSE && get_opendb_config_var('listings.borrow', 'enable') !== FALSE) {
if (is_item_borrowed($item_r['item_id'], $item_r['instance_no'])) {
if (is_user_allowed_to_checkin_item($item_r['item_id'], $item_r['instance_no'])) {
$action_links_rs[] = array(url => 'item_borrow.php?op=check_in&item_id=' . $item_r['item_id'] . '&instance_no=' . $item_r['instance_no'], img => 'check_in_item.gif', text => get_opendb_lang_var('check_in_item'));
}
} else {
if (get_opendb_config_var('borrow', 'quick_checkout') !== FALSE && get_opendb_config_var('listings.borrow', 'quick_checkout_action') !== FALSE && $status_type_rs[$item_r['s_status_type']]['borrow_ind'] == 'Y' && is_user_allowed_to_checkout_item($item_r['item_id'], $item_r['instance_no'])) {
$action_links_rs[] = array(url => 'item_borrow.php?op=quick_check_out&item_id=' . $item_r['item_id'] . '&instance_no=' . $item_r['instance_no'], img => 'quick_check_out.gif', text => get_opendb_lang_var('quick_check_out'));
}
}
}
if ($item_r['owner_id'] != get_opendb_session_var('user_id')) {
// Reservation/Cancel Information.
if (get_opendb_config_var('borrow', 'enable') !== FALSE && get_opendb_config_var('listings.borrow', 'enable') !== FALSE) {
if (is_user_granted_permission(PERM_USER_BORROWER) && $status_type_rs[$item_r['s_status_type']]['borrow_ind'] == 'Y') {
if (is_item_reserved_or_borrowed($item_r['item_id'], $item_r['instance_no'])) {
if (is_item_reserved_by_user($item_r['item_id'], $item_r['instance_no'])) {
$action_links_rs[] = array(url => 'item_borrow.php?op=cancel_reserve&item_id=' . $item_r['item_id'] . '&instance_no=' . $item_r['instance_no'], img => 'cancel_reserve.gif', text => get_opendb_lang_var('cancel'));
} else {
if (!is_item_borrowed_by_user($item_r['item_id'], $item_r['instance_no'])) {
if ((get_opendb_config_var('borrow', 'allow_reserve_if_borrowed') !== FALSE || !is_item_borrowed($item_r['item_id'], $item_r['instance_no'])) && (get_opendb_config_var('borrow', 'allow_multi_reserve') !== FALSE || !is_item_reserved($item_r['item_id'], $item_r['instance_no']))) {
if (get_opendb_config_var('borrow', 'reserve_basket') !== FALSE && get_opendb_config_var('listings.borrow', 'basket_action') !== FALSE) {
$action_links_rs[] = array(url => 'borrow.php?op=update_my_reserve_basket&item_id=' . $item_r['item_id'] . '&instance_no=' . $item_r['instance_no'], img => 'add_reserve_basket.gif', text => get_opendb_lang_var('add_to_reserve_list'));
}
if (get_opendb_config_var('listings.borrow', 'reserve_action') !== FALSE) {
$action_links_rs[] = array(url => 'item_borrow.php?op=reserve&item_id=' . $item_r['item_id'] . '&instance_no=' . $item_r['instance_no'], img => 'reserve_item.gif', text => get_opendb_lang_var('reserve'));
}
}
}
}
function is_user_permitted_to_receive_email($user_id)
{
return is_user_valid($user_id) && is_user_active($user_id) && is_user_granted_permission(PERM_RECEIVE_EMAIL, $user_id);
}
function handle_user_password_change($user_id, $HTTP_VARS, &$errors)
{
$user_r = fetch_user_r($user_id);
if (is_not_empty_array($user_r)) {
// If at least one password specified, we will try to perform update.
if (strlen($HTTP_VARS['pwd']) > 0 || strlen($HTTP_VARS['confirmpwd']) > 0) {
if (get_opendb_config_var('user_admin', 'user_passwd_change_allowed') !== FALSE || is_user_granted_permission(PERM_ADMIN_CHANGE_PASSWORD)) {
if ($HTTP_VARS['pwd'] != $HTTP_VARS['confirmpwd']) {
$error = get_opendb_lang_var('passwds_do_not_match');
} else {
if (strlen($HTTP_VARS['pwd']) == 0) {
$error = get_opendb_lang_var('passwd_not_specified');
} else {
if (update_user_passwd($user_id, $HTTP_VARS['pwd'])) {
return TRUE;
} else {
$error = db_error();
return FALSE;
}
}
}
} else {
return FALSE;
}
} else {
$error = get_opendb_lang_var('passwd_not_specified');
return FALSE;
}
} else {
return FALSE;
}
}
function writeRowImpl($row_column_rs)
{
if ($this->_toggle) {
$this->rowclass = "oddRow";
} else {
$this->rowclass = "evenRow";
}
$this->_write("\n<tr class=\"" . $this->rowclass . "\">");
for ($i = 0; $i < count($row_column_rs); $i++) {
$header_column_r = $this->_header_column_rs[$i];
$columnClass = NULL;
if (strlen($header_column_r['fieldname']) > 0) {
$columnClass = $header_column_r['fieldname'];
}
switch ($row_column_rs[$i]['column_type']) {
case 'action_links':
$this->_write('<td class="action_links ' . $columnClass . '">');
$this->_write(ifempty(format_action_links($row_column_rs[$i]['action_links']), get_opendb_lang_var('not_applicable')));
$this->_write('</td>');
break;
case 'username':
$this->_write('<td class="username ' . $columnClass . '">');
$user_id = $row_column_rs[$i]['user_id'];
$fullname = $row_column_rs[$i]['fullname'];
if ($user_id == get_opendb_session_var('user_id')) {
$this->_write(get_opendb_lang_var('current_user', array('fullname' => $fullname, 'user_id' => $user_id)));
} else {
$user_name = get_opendb_lang_var('user_name', array('fullname' => $fullname, 'user_id' => $user_id));
if ($this->_include_href_links && is_user_granted_permission(PERM_VIEW_USER_PROFILE)) {
$item_title = '';
// lets find the title column.
for ($j = 0; $j < count($row_column_rs); $j++) {
if ($row_column_rs[$j]['column_type'] == 'title') {
$item_title = trim(strip_tags($row_column_rs[$j]['item_title']));
break;
}
}
$url = "user_profile.php?uid=" . $user_id;
if (is_array($row_column_rs[$i]['extra_http_vars'])) {
$url .= "&" . get_url_string($row_column_rs[$i]['extra_http_vars']);
}
$url .= "&subject=" . urlencode(ifempty($item_title, get_opendb_lang_var('no_subject')));
$this->_write("<a href=\"{$url}\" title=\"" . htmlspecialchars(get_opendb_lang_var('user_profile')) . "\">{$user_name}</a>");
} else {
$this->_write($user_name);
}
}
$this->_write('</td>');
break;
case 'interest':
// opendb_logger(OPENDB_LOG_INFO, __FILE__, __FUNCTION__, "_xajax=" . $_xajax===NULL?"nulles":"nonnul");
$item_id = $row_column_rs[$i]['item_id'];
$instance_no = $row_column_rs[$i]['instance_no'];
$level = $row_column_rs[$i]['level'];
if ($level > 0) {
$this->addHelpEntry(get_opendb_lang_var('interest_help'), 'interest_1.gif', 'interest');
$new_level_value = 0;
$level_display .= "<img" . " id=\"interest_level_{$item_id}" . "_{$instance_no}\"" . " src=\"" . theme_image_src('interest_1.gif') . "\"" . " alt=\"" . get_opendb_lang_var('interest_remove') . "\"" . " title=\"" . get_opendb_lang_var('interest_remove') . "\"" . " onclick=\"xajax_ajax_update_interest_level('{$item_id}', '{$instance_no}', document.getElementById('new_level_value_{$item_id}\\_{$instance_no}').value);\"" . " style=\"cursor:pointer;\"" . " >";
} else {
$new_level_value = 1;
$level_display .= "<img" . " id=\"interest_level_{$item_id}" . "_{$instance_no}\"" . " src=\"" . theme_image_src('interest_0.gif') . "\"" . " alt=\"" . get_opendb_lang_var('interest_mark') . "\"" . " title=\"" . get_opendb_lang_var('interest_mark') . "\"" . " onclick=\"xajax_ajax_update_interest_level('{$item_id}','{$instance_no}', document.getElementById('new_level_value_{$item_id}\\_{$instance_no}').value);\"" . " style=\"cursor:pointer;\"" . " >";
}
$this->_write('<td class="interest ' . $columnClass . '">');
$this->_write("<input id=\"new_level_value_{$item_id}" . "_{$instance_no}\" type=\"hidden\" value=\"{$new_level_value}\" />");
$this->_write($level_display);
$this->_write('</td>');
break;
case 'item_type_image':
$this->_write('<td class="item_type_image ' . $columnClass . '">');
$s_item_type = $row_column_rs[$i]['s_item_type'];
if (!is_array($this->_item_type_rs[$s_item_type]) || strlen($this->_item_type_rs[$s_item_type]['image']) == 0) {
$this->_item_type_rs[$s_item_type] = fetch_item_type_r($s_item_type);
// expand to the actual location once only.
if (strlen($this->_item_type_rs[$s_item_type]['image']) > 0) {
$this->_item_type_rs[$s_item_type]['image'] = theme_image_src($this->_item_type_rs[$s_item_type]['image']);
} else {
$this->_item_type_rs[$s_item_type]['image'] = 'none';
}
if (strlen($this->_item_type_rs[$s_item_type]['description']) > 0) {
$this->_item_type_rs[$s_item_type]['description'] = htmlspecialchars($this->_item_type_rs[$s_item_type]['description']);
} else {
$this->_item_type_rs[$s_item_type]['description'] = NULL;
}
}
if (strlen($this->_item_type_rs[$s_item_type]['image']) > 0 && $this->_item_type_rs[$s_item_type]['image'] != 'none') {
$this->_write(theme_image($this->_item_type_rs[$s_item_type]['image'], $this->_item_type_rs[$s_item_type]['description'], 's_item_type'));
} else {
// otherwise write the item type itself in place of the image.
$this->_write($s_item_type);
}
$this->_write('</td>');
break;
case 'theme_image':
$this->_write('<td class="' . $columnClass . '">');
$this->_write(theme_image($row_column_rs[$i]['src'], htmlspecialchars($row_column_rs[$i]['title']), $row_column_rs[$i]['type']));
$this->_write('</td>');
break;
case 'title':
$title_href_link = $row_column_rs[$i]['title_href_link'];
$is_item_reviewed = $row_column_rs[$i]['is_item_reviewed'];
$is_borrowed_or_returned = $row_column_rs[$i]['is_borrowed_or_returned'];
$item_title = '';
if ($this->_include_href_links && is_user_granted_permission(PERM_VIEW_ITEM_DISPLAY)) {
$item_title = '<a href="' . $title_href_link . '">' . $row_column_rs[$i]['item_title'] . '</a>';
} else {
$item_title = $row_column_rs[$i]['item_title'];
}
if ($is_item_reviewed) {
// show star if rated - Add it to the actual title, so we can do a bit more with title masks
$this->addHelpEntry(get_opendb_lang_var('item_reviewed'), 'rs.gif', 'item_reviewed');
$item_title .= theme_image('rs.gif', get_opendb_lang_var('item_reviewed'), 'item_reviewed');
}
if ($is_borrowed_or_returned) {
$this->addHelpEntry(get_opendb_lang_var('youve_borrow_or_return'), 'tick.gif', 'borrow_or_return');
$item_title .= theme_image("tick.gif", get_opendb_lang_var('youve_borrow_or_return'), 'borrow_or_return');
// show tick if previously borrowed or returned.
}
$this->_write('<td class="title ' . $columnClass . '">');
$this->_write($item_title);
$this->_write('</td>');
break;
case 'coverimage':
$item_cover_image = $row_column_rs[$i]['item_cover_image'];
$title_href_link = $row_column_rs[$i]['title_href_link'];
$this->_write('<td class="coverimage ' . $columnId . 'Column">');
$file_r = file_cache_get_image_r($item_cover_image, 'listing');
if (is_array($file_r)) {
$cover_image_tag = '<img src="' . $file_r['thumbnail']['url'] . '"';
if (is_numeric($file_r['thumbnail']['width'])) {
$cover_image_tag .= ' width="' . $file_r['thumbnail']['width'] . '"';
}
if (is_numeric($file_r['thumbnail']['height'])) {
$cover_image_tag .= ' height="' . $file_r['thumbnail']['height'] . '"';
}
$cover_image_tag .= '>';
if ($this->_mode != 'printable' && $this->_include_href_links) {
$cover_image_tag = '<a href="' . $title_href_link . '">' . $cover_image_tag . '</a>';
}
$this->_write($cover_image_tag);
}
$this->_write('</td>');
break;
case 'display':
$this->_write('<td class="' . $columnClass . '">');
$this->_write(get_display_field($row_column_rs[$i]['attribute_type'], $row_column_rs[$i]['prompt'], $row_column_rs[$i]['display_type'], $row_column_rs[$i]['value'], FALSE));
$this->_write('</td>');
break;
case 'attribute_display':
$this->_write('<td class="' . $columnClass . '">');
$this->_write(get_item_display_field($row_column_rs[$i]['item_r'], $row_column_rs[$i]['attribute_type_r'], $row_column_rs[$i]['value'], FALSE));
$this->_write('</td>');
break;
case 'checkbox':
$this->_write('<td class="checkbox">');
$value = $row_column_rs[$i]['value'];
$this->_write('<input type="checkbox" class="checkbox" name="' . $this->_header_column_rs[$i]['fieldname'] . '[]" value="' . $value . '">');
$this->_write('</td>');
break;
default:
$this->_write('<td class="' . $columnClass . '">');
$this->_write($row_column_rs[$i]['value']);
$this->_write('</td>');
break;
}
}
$this->_write("\n</tr>");
}
