} // If they're not an admin and multi-day bookings are not allowed, then // set the end date to the start date if (!$is_admin && $auth['only_admin_can_book_multiday']) { $end_day = $start_day; $end_month = $start_month; $end_year = $start_year; } // If this is an Ajax request and we're being asked to commit the booking, then // we'll only have been supplied with parameters that need to be changed. Fill in // the rest from the existing boking information. // Note: we assume that // (1) this is not a series (we can't cope with them yet) // (2) we always get passed start_seconds and end_seconds in the Ajax data if ($ajax && $commit) { $old_booking = mrbsGetBookingInfo($id, FALSE); foreach ($formvars as $var => $var_type) { if (!isset(${$var}) || $var_type == 'array' && empty(${$var})) { switch ($var) { case 'rooms': $rooms = array($old_booking['room_id']); break; case 'original_room_id': ${$var} = $old_booking['room_id']; break; case 'private': ${$var} = $old_booking['status'] & STATUS_PRIVATE; break; case 'confirmed': ${$var} = !($old_booking['status'] & STATUS_TENTATIVE); break;
// If $series is TRUE, it means that the $id is the id of an // entry in the repeat table. Otherwise it's from the entry table. $id = get_form_var('id', 'int'); $series = get_form_var('series', 'int'); $action = get_form_var('action', 'string'); $returl = get_form_var('returl', 'string'); $error = get_form_var('error', 'string'); // Check the user is authorised for this page checkAuthorised(); // Also need to know whether they have admin rights $user = getUserName(); $is_admin = authGetUserLevel($user) >= 2; // You're only allowed to make repeat bookings if you're an admin // or else if $auth['only_admin_can_book_repeat'] is not set $repeats_allowed = $is_admin || empty($auth['only_admin_can_book_repeat']); $row = mrbsGetBookingInfo($id, $series); $room = $row['room_id']; $area = $row['area_id']; // Get the area settings for the entry's area. In particular we want // to know how to display private/public bookings in this area. get_area_settings($row['area_id']); // Work out whether the room or area is disabled $room_disabled = $row['room_disabled'] || $row['area_disabled']; // Get the status $status = $row['status']; // Get the creator $create_by = $row['create_by']; // Work out whether this event should be kept private $private = $row['status'] & STATUS_PRIVATE; $writeable = getWritable($row['create_by'], $user, $row['room_id']); $keep_private = is_private_event($private) && !$writeable;
// Would be better to avoid a database access just for that. // Ran only if we need details if ($mail_settings['details']) { $sql = "SELECT R.room_name, A.area_name\n FROM {$tbl_room} R, {$tbl_area} A\n WHERE R.id={$room_id} AND R.area_id = A.id\n LIMIT 1"; $res = sql_query($sql); $row = sql_row_keyed($res, 0); $data['room_name'] = $row['room_name']; $data['area_name'] = $row['area_name']; } // If this is a modified entry then get the previous entry data // so that we can highlight the changes if (isset($id)) { if ($edit_type == "series") { $mail_previous = mrbsGetBookingInfo($repeat_id, TRUE); } else { $mail_previous = mrbsGetBookingInfo($id, FALSE); } } else { $mail_previous = array(); } // Send the email $result = notifyAdminOnBooking($data, $mail_previous, !isset($id), $is_repeat_table); } } } // end foreach $rooms // Delete the original entry if (isset($id)) { mrbsDelEntry($user, $id, $edit_type == "series", 1); } sql_mutex_unlock("{$tbl_entry}");
$is_new_entry = TRUE; // Treat it as a new entry unless told otherwise } // If we have to approve or reject a booking, check that we have rights to do so // for this room if (($action == "approve" || $action == "reject") && !auth_book_admin($user, $room_id)) { showAccessDenied($day, $month, $year, $area, isset($room) ? $room : ""); exit; } switch ($action) { // ACTION = "APPROVE" case 'approve': if ($need_to_send_mail) { $is_new_entry = FALSE; // Get the current booking data, before we change anything, for use in emails $mail_previous = mrbsGetBookingInfo($id, $series); } $start_times = mrbsApproveEntry($id, $series); $result = $start_times !== FALSE; if ($result === FALSE) { $returl .= "&error=approve_failed"; } break; // ACTION = "MORE_INFO" // ACTION = "MORE_INFO" case 'more_info': // update the last reminded time (the ball is back in the // originator's court, so the clock gets reset) mrbsUpdateLastReminded($id, $series); // update the more info fields mrbsUpdateMoreInfo($id, $series, $user, $note);
$note = ""; } if (empty($returl)) { switch ($default_view) { case "month": $returl = "month.php"; break; case "week": $returl = "week.php"; break; default: $returl = "day.php"; } $returl .= "?year={$year}&month={$month}&day={$day}&area={$area}"; } if (getAuthorised(1) && ($info = mrbsGetBookingInfo($id, FALSE, TRUE))) { $user = getUserName(); // check that the user is allowed to delete this entry if (isset($action) && ($action = "reject")) { $authorised = auth_book_admin($user, $info['room_id']); } else { $authorised = getWritable($info['create_by'], $user, $info['room_id']); } if ($authorised) { $day = strftime("%d", $info["start_time"]); $month = strftime("%m", $info["start_time"]); $year = strftime("%Y", $info["start_time"]); $area = mrbsGetRoomArea($info["room_id"]); $notify_by_email = $mail_settings['admin_on_delete'] || $mail_settings['book_admin_on_provisional']; if ($notify_by_email) { require_once "functions_mail.inc";
$result = TRUE; // We'll assume success and end an email anyway break; // ACTION = "REMIND" // ACTION = "REMIND" case 'remind': // update the last reminded time mrbsUpdateLastReminded($id, $series); $result = TRUE; // We'll assume success and end an email anyway break; default: $result = FALSE; // should not get here break; } // switch ($action) // Now send an email if required and the operation was successful if ($result && $need_to_send_mail) { // Retrieve the booking details which we will need for the email $data = mrbsGetBookingInfo($id, $series); // Get the area settings for this area (we will need to know if periods are enabled // so that we will kniow whether to include iCalendar information in the email) get_area_settings($data['area_id']); // Send the email $result = notifyAdminOnBooking($data, $mail_previous, $is_new_entry, $series, $action, $note); } } // Now it's all done go back to the previous view header("Location: {$returl}"); exit;