function Lenses_admin_update_company($args)
{
// Clean input from the form.
$company = pnVarCleanFromInput('company');
// Extract any extra arguments.
extract($args);
// Confirm $authid hidden field from form template.
if (!pnSecConfirmAuthKey()) {
pnSessionSetVar('errormsg', pnVarPrepHTMLDisplay(_BADAUTHKEY));
return pnRedirect(pnModURL('Lenses', 'admin', 'main'));
}
// Attempt to update company.
if (pnModAPIFunc('Lenses', 'admin', 'update_company', array('company' => $company))) {
pnSessionSetVar('statusmsg', pnVarPrepHTMLDisplay(_UPDATESUCCEDED));
}
// No output. Redirect user.
return pnRedirect(pnModURL('Lenses', 'admin', 'viewall_companies'));
}
function postcalendar_user_submit($args)
{
// We need at least ADD permission to submit an event
if (!(bool) PC_ACCESS_ADD) {
return _POSTCALENDARNOAUTH;
}
$output = new pnHTML();
$output->SetInputMode(_PNH_VERBATIMINPUT);
// get the theme globals :: is there a better way to do this?
pnThemeLoad(pnUserGetTheme());
global $bgcolor1, $bgcolor2, $bgcolor3, $bgcolor4, $bgcolor5, $textcolor1, $textcolor2;
// $category = pnVarCleanFromInput('event_category');
$category = pnVarCleanFromInput('category');
if (!empty($category)) {
$category = unserialize(base64_decode($category));
//print_r($category);
} else {
//print_r($_POST);
$cat = $_POST['category'];
$category = unserialize(base64_decode($cat));
//print_r($category);
}
//print_r($category);
// echo("<!-- Here is the argument array: -->\n");
// foreach ($args as $tmpkey => $tmpval) { // debugging
// echo("<!-- $tmpkey => '$tmpval' -->\n");
// }
extract($args);
$Date =& postcalendar_getDate();
$year = substr($Date, 0, 4);
$month = substr($Date, 4, 2);
$day = substr($Date, 6, 2);
// basic event information
$event_desc = pnVarCleanFromInput('event_desc');
$event_category = pnVarCleanFromInput('event_category');
$event_subject = pnVarCleanFromInput('event_subject');
$event_sharing = pnVarCleanFromInput('event_sharing');
$event_topic = pnVarCleanFromInput('event_topic');
//id of the user the event is for
$event_userid = pnVarCleanFromInput('event_userid');
if (!is_numeric($event_userid)) {
$event_userid = 0;
}
$event_pid = pnVarCleanFromInput('event_pid');
if (!is_numeric($event_pid)) {
$event_pid = "";
}
// event start information
$event_startmonth = pnVarCleanFromInput('event_startmonth');
$event_startday = pnVarCleanFromInput('event_startday');
$event_startyear = pnVarCleanFromInput('event_startyear');
$event_starttimeh = pnVarCleanFromInput('event_starttimeh');
$event_starttimem = pnVarCleanFromInput('event_starttimem');
$event_startampm = pnVarCleanFromInput('event_startampm');
// location data
$event_location = pnVarCleanFromInput('event_location');
$event_street1 = pnVarCleanFromInput('event_street1');
$event_street2 = pnVarCleanFromInput('event_street2');
$event_city = pnVarCleanFromInput('event_city');
$event_state = pnVarCleanFromInput('event_state');
$event_postal = pnVarCleanFromInput('event_postal');
$event_location_info = serialize(compact('event_location', 'event_street1', 'event_street2', 'event_city', 'event_state', 'event_postal'));
// contact data
$event_contname = pnVarCleanFromInput('event_contname');
$event_conttel = pnVarCleanFromInput('event_conttel');
$event_contemail = pnVarCleanFromInput('event_contemail');
$event_website = pnVarCleanFromInput('event_website');
$event_fee = pnVarCleanFromInput('event_fee');
$event_patient_name = pnVarCleanFromInput('patient_name');
// event repeating data
if (is_array($category)) {
//$event_subject =
$event_desc = $category['desc'];
$event_category = $category['id'];
$event_duration = $category['event_duration'];
//seconds of the event
$event_dur_hours = $event_duration / (60 * 60);
//seconds divided by 60 seconds * 60 minutes
$event_dur_minutes = $event_duration % (60 * 60) / 60;
$event_repeat = $category['event_repeat'];
$event_repeat_freq = $category['event_repeat_freq'];
$event_repeat_freq_type = $category['event_repeat_freq_type'];
$event_repeat_on_num = $category['event_repeat_on_num'];
$event_repeat_on_day = $category['event_repeat_on_day'];
$event_repeat_on_freq = $category['event_repeat_on_freq'];
$event_recurrspec = serialize(compact('event_repeat_freq', 'event_repeat_freq_type', 'event_repeat_on_num', 'event_repeat_on_day', 'event_repeat_on_freq'));
// event end information
$multiple = $category['end_date_freq'] . " ";
switch ($category['end_date_type']) {
case REPEAT_EVERY_DAY:
case REPEAT_EVERY_WORK_DAY:
//end date is in days
$multiple .= "days";
break;
case REPEAT_EVERY_WEEK:
//end date is in weeks
$multiple .= "weeks";
break;
case REPEAT_EVERY_MONTH:
//end date is in months
$multiple .= "months";
break;
case REPEAT_EVERY_YEAR:
//end date is in years
$multiple .= "years";
break;
}
$edate = strtotime(pnVarCleanFromInput('Date'));
$event_startmonth = date("m", $edate);
$event_startday = date("d", $edate);
$event_startyear = date("Y", $edate);
$event_enddate = strtotime(pnVarCleanFromInput('Date') . " + " . $multiple);
$event_endmonth = date("m", $event_enddate);
$event_endday = date("d", $event_enddate);
$event_endyear = date("Y", $event_enddate);
$event_endtype = $category['end_date_flag'];
// I'm pretty sure this was a bug since 'event_all_day' appears nowhere
// else in the code, but it's hard to tell WTF is going on.
// $event_allday = $category['event_all_day'];
$event_allday = $category['all_day'];
} else {
$event_dur_hours = pnVarCleanFromInput('event_dur_hours');
$event_dur_minutes = pnVarCleanFromInput('event_dur_minutes');
$event_duration = 60 * 60 * $event_dur_hours + 60 * $event_dur_minutes;
$event_repeat = pnVarCleanFromInput('event_repeat');
$event_repeat_freq = pnVarCleanFromInput('event_repeat_freq');
$event_repeat_freq_type = pnVarCleanFromInput('event_repeat_freq_type');
$event_repeat_on_num = pnVarCleanFromInput('event_repeat_on_num');
$event_repeat_on_day = pnVarCleanFromInput('event_repeat_on_day');
$event_repeat_on_freq = pnVarCleanFromInput('event_repeat_on_freq');
$event_recurrspec = serialize(compact('event_repeat_freq', 'event_repeat_freq_type', 'event_repeat_on_num', 'event_repeat_on_day', 'event_repeat_on_freq'));
// event end information
$event_endmonth = pnVarCleanFromInput('event_endmonth');
$event_endday = pnVarCleanFromInput('event_endday');
$event_endyear = pnVarCleanFromInput('event_endyear');
$event_endtype = pnVarCleanFromInput('event_endtype');
$event_allday = pnVarCleanFromInput('event_allday');
}
// Added by Rod:
if ($event_allday) {
$event_starttimeh = 0;
$event_starttimem = 0;
$event_startampm = 1;
$event_dur_hours = 24;
$event_dur_minutes = 0;
$event_duration = 60 * 60 * $event_dur_hours;
}
$form_action = pnVarCleanFromInput('form_action');
$pc_html_or_text = pnVarCleanFromInput('pc_html_or_text');
$pc_event_id = pnVarCleanFromInput('pc_event_id');
$data_loaded = pnVarCleanFromInput('data_loaded');
$is_update = pnVarCleanFromInput('is_update');
$authid = pnVarCleanFromInput('authid');
//pennfirm uname matchup future fix
//if(pnUserLoggedIn()) { $uname = pnUserGetVar('uname'); }
//else { $uname = pnConfigGetVar('anonymous'); }
$uname = $_SESSION['authUser'];
if (!isset($event_repeat)) {
$event_repeat = 0;
}
if (!isset($pc_event_id) || empty($pc_event_id) || $data_loaded) {
// lets wrap all the data into array for passing to submit and preview functions
$eventdata = compact('event_subject', 'event_desc', 'event_sharing', 'event_category', 'event_topic', 'event_startmonth', 'event_startday', 'event_startyear', 'event_starttimeh', 'event_starttimem', 'event_startampm', 'event_endmonth', 'event_endday', 'event_endyear', 'event_endtype', 'event_dur_hours', 'event_dur_minutes', 'event_duration', 'event_allday', 'event_location', 'event_street1', 'event_street2', 'event_city', 'event_state', 'event_postal', 'event_location_info', 'event_contname', 'event_conttel', 'event_contemail', 'event_website', 'event_fee', 'event_repeat', 'event_repeat_freq', 'event_repeat_freq_type', 'event_repeat_on_num', 'event_repeat_on_day', 'event_repeat_on_freq', 'event_recurrspec', 'uname', "event_userid", "event_pid", 'Date', 'year', 'month', 'day', 'pc_html_or_text', 'event_patient_name', 'event_pid');
$eventdata['is_update'] = $is_update;
$eventdata['pc_event_id'] = $pc_event_id;
$eventdata['data_loaded'] = true;
$eventdata['category'] = base64_encode(serialize($category));
} else {
$event =& postcalendar_userapi_pcGetEventDetails($pc_event_id);
//echo "uname is:$uname other name is: ".$event['uname'] . "<br />";
if ($uname != $event['uname']) {
if (!validateGroupStatus($uname, getUsername($event['uname']))) {
return _PC_CAN_NOT_EDIT;
}
}
$eventdata['event_subject'] = $event['title'];
$eventdata['event_desc'] = $event['hometext'];
$eventdata['event_sharing'] = $event['sharing'];
$eventdata['event_category'] = $event['catid'];
$eventdata['event_topic'] = $event['topic'];
$eventdata['event_startmonth'] = substr($event['eventDate'], 5, 2);
$eventdata['event_startday'] = substr($event['eventDate'], 8, 2);
$eventdata['event_startyear'] = substr($event['eventDate'], 0, 4);
$eventdata['event_starttimeh'] = substr($event['startTime'], 0, 2);
$eventdata['event_starttimem'] = substr($event['startTime'], 3, 2);
$eventdata['event_startampm'] = $eventdata['event_starttimeh'] < 12 ? 1 : 2;
//1 is am , 2 is pm
$eventdata['event_endmonth'] = substr($event['endDate'], 5, 2);
$eventdata['event_endday'] = substr($event['endDate'], 8, 2);
$eventdata['event_endyear'] = substr($event['endDate'], 0, 4);
$eventdata['event_endtype'] = $event['endDate'] == '0000-00-00' ? '0' : '1';
$eventdata['event_dur_hours'] = $event['duration_hours'];
$eventdata['event_dur_minutes'] = $event['duration_minutes'];
$eventdata['event_duration'] = $event['duration'];
$eventdata['event_allday'] = $event['alldayevent'];
$loc_data = unserialize($event['location']);
$eventdata['event_location'] = $loc_data['event_location'];
$eventdata['event_street1'] = $loc_data['event_street1'];
$eventdata['event_street2'] = $loc_data['event_street2'];
$eventdata['event_city'] = $loc_data['event_city'];
$eventdata['event_state'] = $loc_data['event_state'];
$eventdata['event_postal'] = $loc_data['event_postal'];
$eventdata['event_location_info'] = $loc_data;
$eventdata['event_contname'] = $event['contname'];
$eventdata['event_conttel'] = $event['conttel'];
$eventdata['event_contemail'] = $event['contemail'];
$eventdata['event_website'] = $event['website'];
$eventdata['event_fee'] = $event['fee'];
$eventdata['event_repeat'] = $event['recurrtype'];
$rspecs = unserialize($event['recurrspec']);
$eventdata['event_repeat_freq'] = $rspecs['event_repeat_freq'];
$eventdata['event_repeat_freq_type'] = $rspecs['event_repeat_freq_type'];
$eventdata['event_repeat_on_num'] = $rspecs['event_repeat_on_num'];
$eventdata['event_repeat_on_day'] = $rspecs['event_repeat_on_day'];
$eventdata['event_repeat_on_freq'] = $rspecs['event_repeat_on_freq'];
$eventdata['event_recurrspec'] = $rspecs;
$eventdata['uname'] = $uname;
$eventdata['event_userid'] = $event['event_userid'];
$eventdata['event_pid'] = $event['pid'];
$eventdata['event_aid'] = $event['aid'];
$eventdata['Date'] = $Date;
$eventdata['year'] = $year;
$eventdata['month'] = $month;
$eventdata['day'] = $day;
$eventdata['is_update'] = true;
$eventdata['pc_event_id'] = $pc_event_id;
$event_data['patient_name'] = $event_patient_name;
$eventdata['data_loaded'] = true;
$eventdata['pc_html_or_text'] = $pc_html_or_text;
$eventdata['category'] = base64_encode(serialize($category));
}
// lets get the module's information
$modinfo = pnModGetInfo(pnModGetIDFromName(__POSTCALENDAR__));
$categories = pnModAPIFunc(__POSTCALENDAR__, 'user', 'getCategories');
$output->tabindex = 1;
//================================================================
// ERROR CHECKING
//================================================================
// removed event_desc as a required_var
$required_vars = array('event_subject');
$required_name = array(_PC_EVENT_TITLE, _PC_EVENT_DESC);
$error_msg = '';
$output->SetOutputMode(_PNH_RETURNOUTPUT);
$reqCount = count($required_vars);
//print_r($eventdata);
for ($r = 0; $r < $reqCount; $r++) {
if (empty(${$required_vars}[$r]) || !preg_match('/\\S/i', ${$required_vars}[$r])) {
$error_msg .= $output->Text('<b>' . $required_name[$r] . '</b> ' . _PC_SUBMIT_ERROR4);
$error_msg .= $output->Linebreak();
}
}
unset($reqCount);
// check repeating frequencies
if ($event_repeat == REPEAT) {
//can't have a repeating event that doesnt have an end date
if ($event_endtype == 0) {
$error_msg .= $output->Text("Repeating events must have an end date set.");
$error_msg .= $output->Linebreak();
}
if (!isset($event_repeat_freq) || $event_repeat_freq < 1 || empty($event_repeat_freq)) {
$error_msg .= $output->Text(_PC_SUBMIT_ERROR5);
$error_msg .= $output->Linebreak();
} elseif (!is_numeric($event_repeat_freq)) {
$error_msg .= $output->Text(_PC_SUBMIT_ERROR6);
$error_msg .= $output->Linebreak();
}
} elseif ($event_repeat == REPEAT_ON) {
//can't have a repeating event that doesnt have an end date
if ($event_endtype == 0) {
$error_msg .= $output->Text("Repeating events must have an end date set.");
$error_msg .= $output->Linebreak();
}
if (!isset($event_repeat_on_freq) || $event_repeat_on_freq < 1 || empty($event_repeat_on_freq)) {
$error_msg .= $output->Text(_PC_SUBMIT_ERROR5);
$error_msg .= $output->Linebreak();
} elseif (!is_numeric($event_repeat_on_freq)) {
$error_msg .= $output->Text(_PC_SUBMIT_ERROR6);
$error_msg .= $output->Linebreak();
}
}
// check date validity
if (_SETTING_TIME_24HOUR) {
$startTime = $event_starttimeh . ':' . $event_starttimem;
$endTime = $event_endtimeh . ':' . $event_endtimem;
} else {
if ($event_startampm == _AM_VAL) {
$event_starttimeh = $event_starttimeh == 12 ? '00' : $event_starttimeh;
} else {
$event_starttimeh = $event_starttimeh != 12 ? $event_starttimeh += 12 : $event_starttimeh;
}
$startTime = $event_starttimeh . ':' . $event_starttimem;
}
$sdate = strtotime($event_startyear . '-' . $event_startmonth . '-' . $event_startday);
$edate = strtotime($event_endyear . '-' . $event_endmonth . '-' . $event_endday);
$tdate = strtotime(date('Y-m-d'));
if ($edate < $sdate && $event_endtype == 1) {
$error_msg .= $output->Text(_PC_SUBMIT_ERROR1);
$error_msg .= $output->Linebreak();
}
if (!checkdate($event_startmonth, $event_startday, $event_startyear)) {
$error_msg .= $output->Text(_PC_SUBMIT_ERROR2 . " '{$event_startyear}-{$event_startmonth}-{$event_startday}'");
$error_msg .= $output->Linebreak();
}
if (!checkdate($event_endmonth, $event_endday, $event_endyear)) {
$error_msg .= $output->Text(_PC_SUBMIT_ERROR3 . " '{$event_endyear}-{$event_endmonth}-{$event_endday}'");
$error_msg .= $output->Linebreak();
}
//check limit on category
if (($ret = checkCategoryLimits($eventdata)) != null) {
$error_msg .= $output->Text("This category has a limit of {$ret['limit']} between {$ret['start']} and {$ret['end']} which you have exceeded.");
$error_msg .= $output->Linebreak();
//$output->Text(pnModAPIFunc('PostCalendar','user','buildSubmitForm',$eventdata));
//return $output->GetOutput();
}
//echo "fa: " . $form_action . " double_book: " . pnVarCleanFromInput("double_book") . " update: " . $eventdata['is_update'] . " em: " . $error_msg;
//event collision check
if ($form_action == "commit" && pnVarCleanFromInput("double_book") != 1 && !$eventdata['is_update'] && empty($error_msg)) {
//check on new shceduling events(in or out of office) to make sure that
//you don't have more than one set per day
//event category 1 is in office, event category 2 is out of office
if ($eventdata['event_category'] == 2 || $eventdata['event_category'] == 3) {
$searchargs = array();
$searchargs['start'] = $eventdata['event_startmonth'] . "/" . $eventdata['event_startday'] . "/" . $eventdata['event_startyear'];
$searchargs['end'] = $eventdata['event_endmonth'] . "/" . $eventdata['event_endday'] . "/" . $eventdata['event_endyear'];
$searchargs['provider_id'] = $eventdata['event_userid'];
//faFLag uses pcgeteventsfa, which can search on provider
$searchargs['faFlag'] = true;
$searchargs['s_keywords'] = " (a.pc_catid = 2 OR a.pc_catid = 3) ";
//print_r($searchargs);
$eventsByDate =& postcalendar_userapi_pcGetEvents($searchargs);
$ekey = md5($event_data['subject'] . date("U") . rand(0, 1000));
$oldstatus = $eventdata['event_status'];
$oldtitle = $eventdata['event_subject'];
$old_patient_name = $eventdata['patient_name'];
$old_dur_hours = $eventdata['event_dur_hours'];
$old_dur_min = $eventdata['event_dur_minutes'];
$old_duration = $eventdata['event_duration'];
$eventdata['event_subject'] = mysql_real_escape_string($ekey);
$eventdata['event_status'] = _EVENT_TEMPORARY;
if (!pnModAPIFunc(__POSTCALENDAR__, 'user', 'submitEvent', $eventdata)) {
$error_msg .= $output->Text('<center><div style="padding:5px; border:1px solid red; background-color: pink;">');
$error_msg .= $output->Text("<b>The system was unable to check you event for conflicts with other events because there was a problem with your database.</b><br />");
$error_msg .= $output->Text('</div></center>');
$error_msg .= $output->Linebreak();
$error_msg .= $output->Text($dbconn->ErrorMsg());
}
$searchargs['s_keywords'] = " (a.pc_catid = 2 OR a.pc_catid = 3) AND a.pc_title = '" . $eventdata['event_subject'] . "' ";
$searchargs['event_status'] = _EVENT_TEMPORARY;
$submitEventByDate =& postcalendar_userapi_pcGetEvents($searchargs);
if (!delete_event($ekey)) {
$error_msg .= $output->Text('<center><div style="padding:5px; border:1px solid red; background-color: pink;">');
$error_msg .= $output->Text("<b>The system was unable to delete a temporary record it created, this may have left the database in an inconsistent state.</b><br />");
$error_msg .= $output->Text('</div></center>');
$error_msg .= $output->Linebreak();
$error_msg .= $output->Text($dbconn->ErrorMsg());
}
$eventdata['event_status'] = $oldstatus;
$eventdata['event_subject'] = $oldtitle;
$eventdata['patient_name '] = $old_patient_name;
$eventdata['event_dur_hours'] = $old_dur_hour;
$eventdata['event_dur_minutes'] = $old_dur_min;
foreach ($submitEventByDate as $date => $newevent) {
if (count($eventsByDate[$date]) > 0 && count($newevent) > 0) {
foreach ($eventsByDate[$date] as $con_event) {
if ($con_event['catid'] == $newevent[0]['catid']) {
$error_msg .= $output->Text('There is a conflict on ' . $date . ' with event ' . $con_event['title']);
$error_msg .= $output->Linebreak();
}
}
}
}
/*echo "<br /><br />";
print_r($eventsByDate);
echo "<br /><br />";
print_r($submitEventByDate);*/
}
$colls = checkEventCollision($eventdata);
if (count($colls) > 0) {
foreach ($colls as $coll) {
$error_msg .= $output->Text("Event Collides with: " . $coll['title'] . " at " . date("g:i a", strtotime($coll['startTime'])) . "<br />");
$error_msg .= $output->Linebreak();
}
$error_msg .= $output->Text("Submit again to \"Double Book\" <br />To change values click back in your browser.");
$error_msg .= $output->Linebreak();
// the following line will display "DOUBLE BOOKED" if when adding an event there is a collistion with anothe appointment
//$eventdata['event_subject'] = "DOUBLE BOOKED " . $eventdata['event_subject'];
$eventdata['double_book'] = 1;
}
}
$output->SetOutputMode(_PNH_KEEPOUTPUT);
if ($form_action == 'preview') {
//================================================================
// Preview the event
//================================================================
// check authid
if (!pnSecConfirmAuthKey()) {
return _NO_DIRECT_ACCESS;
}
if (!empty($error_msg)) {
$preview = false;
$output->Text('<table border="0" width="100%" cellpadding="1" cellspacing="0"><tr><td bgcolor="red">');
$output->Text('<table border="0" width="100%" cellpadding="1" cellspacing="0"><tr><td bgcolor="pink">');
$output->Text('<center><b>' . _PC_SUBMIT_ERROR . '</b></center>');
$output->Linebreak();
$output->Text($error_msg);
$output->Text('</td></td></table>');
$output->Text('</td></td></table>');
$output->Linebreak(2);
} else {
$output->Text(pnModAPIFunc(__POSTCALENDAR__, 'user', 'eventPreview', $eventdata));
$output->Linebreak();
}
} elseif ($form_action == 'commit') {
//================================================================
// Enter the event into the DB
//================================================================
if (!empty($error_msg)) {
if (!pnSecConfirmAuthKey(true)) {
return _NO_DIRECT_ACCESS;
}
} else {
if (!pnSecConfirmAuthKey()) {
return _NO_DIRECT_ACCESS;
}
}
if (!empty($error_msg)) {
$preview = false;
$output->Text('<table border="0" width="100%" cellpadding="1" cellspacing="0"><tr><td bgcolor="red">');
$output->Text('<table border="0" width="100%" cellpadding="1" cellspacing="0"><tr><td bgcolor="pink">');
$output->Text('<center><b>' . _PC_SUBMIT_ERROR . '</b></center>');
$output->Linebreak();
$output->Text($error_msg);
$output->Text('</td></td></table>');
$output->Text('</td></td></table>');
$output->Linebreak(2);
} else {
if (!pnModAPIFunc(__POSTCALENDAR__, 'user', 'submitEvent', $eventdata)) {
$output->Text('<center><div style="padding:5px; border:1px solid red; background-color: pink;">');
$output->Text("<b>" . _PC_EVENT_SUBMISSION_FAILED . "</b>");
$output->Text('</div></center>');
$output->Linebreak();
$output->Text($dbconn->ErrorMsg());
} else {
// clear the Smarty cache
$tpl = new pcSmarty();
$tpl->clear_all_cache();
$output->Text('<center><div style="padding:5px; border:1px solid green; background-color: lightgreen;">');
if ($is_update) {
$output->Text("<b>" . _PC_EVENT_EDIT_SUCCESS . "</b>");
} else {
$output->Text("<b>" . _PC_EVENT_SUBMISSION_SUCCESS . "</b>");
}
$output->Text('</div></center>');
$output->Linebreak();
// clear the form vars
$event_subject = $event_desc = $event_sharing = $event_category = $event_topic = $event_startmonth = $event_startday = $event_startyear = $event_starttimeh = $event_starttimem = $event_startampm = $event_endmonth = $event_endday = $event_endyear = $event_endtype = $event_dur_hours = $event_dur_minutes = $event_duration = $event_allday = $event_location = $event_street1 = $event_street2 = $event_city = $event_state = $event_postal = $event_location_info = $event_contname = $event_conttel = $event_contemail = $event_website = $event_fee = $event_repeat = $event_repeat_freq = $event_repeat_freq_type = $event_repeat_on_num = $event_repeat_on_day = $event_repeat_on_freq = $event_recurrspec = $uname = $Date = $year = $month = $day = $pc_html_or_text = $event_patient_name = $evnet_pid = null;
$is_update = false;
$pc_event_id = 0;
//$_SESSION['category'] = "";
// lets wrap all the data into array for passing to submit and preview functions
$eventdata = compact('event_subject', 'event_desc', 'event_sharing', 'event_category', 'event_topic', 'event_startmonth', 'event_startday', 'event_startyear', 'event_starttimeh', 'event_starttimem', 'event_startampm', 'event_endmonth', 'event_endday', 'event_endyear', 'event_endtype', 'event_dur_hours', 'event_dur_minutes', 'event_duration', 'event_allday', 'event_location', 'event_street1', 'event_street2', 'event_city', 'event_state', 'event_postal', 'event_location_info', 'event_contname', 'event_conttel', 'event_contemail', 'event_website', 'event_fee', 'event_repeat', 'event_repeat_freq', 'event_repeat_freq_type', 'event_repeat_on_num', 'event_repeat_on_day', 'event_repeat_on_freq', 'event_recurrspec', 'uname', 'Date', 'year', 'month', 'day', 'pc_html_or_text', 'is_update', 'pc_event_id', 'event_patient_name');
//if no using the no_nav format then show form again after submit
if (pnVarCleanFromInput("no_nav") == 1) {
return $output->GetOutput();
}
}
}
}
$output->Text(pnModAPIFunc('PostCalendar', 'user', 'buildSubmitForm', $eventdata));
return $output->GetOutput();
}
function modules_admin_regenerate()
{
// Security check
if (!pnSecConfirmAuthKey()) {
pnSessionSetVar('errormsg', _BADAUTHKEY);
pnRedirect(pnModURL('Modules', 'admin', 'list'));
return true;
}
// Load in API
pnModAPILoad('Modules', 'admin');
// Regenerate modules
if (pnModAPIFunc('Modules', 'admin', 'regenerate')) {
// Success
pnSessionSetVar('statusmsg', _MODREGENERATED);
}
pnRedirect(pnModURL('Modules', 'admin', 'list'));
return true;
}
function Lenses_admin_update_lens($args)
{
// Clean input from the form.
$lens_data = pnVarCleanFromInput('lens_data');
$bc = pnVarCleanFromInput('bc');
$enh_colors = pnVarCleanFromInput('enh_colors');
$opaque_colors = pnVarCleanFromInput('opaque_colors');
// Extract any extra arguments.
extract($args);
// Confirm $authid hidden field from form template.
if (!pnSecConfirmAuthKey()) {
pnSessionSetVar('errormsg', pnVarPrepHTMLDisplay(_BADAUTHKEY));
return pnRedirect(pnModURL('Lenses', 'admin', 'main'));
}
//take the arrays for the base curves and the simple opaque and enhancer colors
//and create a string that's added to the appropriate parts of the $lens_data array
$lens_data[bc_simple] = $bc[0] . " " . $bc[1] . " " . $bc[2];
$lens_data[enh_names_simple] = "";
$lens_data[opaque_names_simple] = "";
foreach ($enh_colors as $value) {
$lens_data[enh_names_simple] .= $value . " ";
}
foreach ($opaque_colors as $value) {
$lens_data[opaque_names_simple] .= $value . " ";
}
// Attempt to update lens.
if (pnModAPIFunc('Lenses', 'admin', 'update_lens', array('lens_data' => $lens_data))) {
pnSessionSetVar('statusmsg', pnVarPrepHTMLDisplay(_UPDATESUCCEDED));
}
// No output. Redirect user.
return pnRedirect(pnModURL('Lenses', 'user', 'view', array('tid' => $lens_data[tid])));
}
function renameGroup()
{
$module = pnVarCleanFromInput('module');
list($gid, $gname) = pnVarCleanFromInput('gid', 'gname');
if (!pnSecConfirmAuthKey()) {
include 'header.php';
echo _BADAUTHKEY;
include 'footer.php';
exit;
}
list($dbconn) = pnDBGetConn();
$pntable = pnDBGetTables();
$groupstable = $pntable['groups'];
$groupscolumn =& $pntable['groups_column'];
// Get details on current group
$query = "SELECT {$groupscolumn['name']}\n FROM {$groupstable}\n WHERE {$groupscolumn['gid']}='" . (int) pnVarPrepForStore($gid) . "'";
$result = $dbconn->Execute($query);
if ($result->EOF) {
die("No such group ID {$gid}");
}
list($oldgname) = $result->fields;
$result->Close();
if (!pnSecAuthAction(0, 'Groups::', "{$oldgname}::{$gid}", ACCESS_EDIT)) {
include 'header.php';
GraphicAdmin();
OpenTable();
echo "<CENTER><A HREF=\"admin.php?module=" . $module . "&op=secviewgroups\" CLASS=\"pn-title\"><FONT SIZE=\"4\"<B>" . _GROUPADMIN . "</B></FONT></A><font class=\"pn-normal\">: " . pnVarPrepForDisplay($gname) . "</font></CENTER>";
CloseTable();
echo _GROUPSEDITNOAUTH;
include 'footer.php';
return;
}
$query = "UPDATE {$groupstable}\n SET {$groupscolumn['name']}=\"{$gname}\"\n WHERE {$groupscolumn['gid']}='" . (int) pnVarPrepForStore($gid) . "'";
$dbconn->Execute($query);
pnRedirect('admin.php?module=' . $module . '&op=secviewgroup&gid=' . $gid);
}
function deletemsg()
{
list($mid, $ok) = pnVarCleanFromInput('mid', 'ok');
if (!isset($ok)) {
$ok = 0;
}
list($dbconn) = pnDBGetConn();
$pntable = pnDBGetTables();
$column =& $pntable['message_column'];
$result = $dbconn->Execute("SELECT {$column['title']}\n FROM {$pntable['message']}\n WHERE {$column['mid']} = '" . pnVarPrepForStore($mid) . "'");
list($title) = $result->fields;
$result->Close();
if (!pnSecAuthAction(0, 'Messages::', "{$title}::{$mid}", ACCESS_DELETE)) {
include 'header.php';
echo _MESSAGESDELNOAUTH;
include 'footer.php';
return;
}
if ($ok) {
if (!pnSecConfirmAuthKey()) {
include 'header.php';
echo _BADAUTHKEY;
include 'footer.php';
return;
}
$result = $dbconn->Execute("DELETE FROM {$pntable['message']}\n WHERE {$column['mid']}='" . pnVarPrepForStore($mid) . "'");
if ($dbconn->ErrorNo() != 0) {
error_log("Error: " . $dbconn->ErrorMsg());
echo $dbconn->ErrorNo() . ": " . $dbconn->ErrorMsg() . "<br>";
return;
}
pnRedirect('admin.php?module=' . $GLOBALS['module'] . '&op=messages');
} else {
include "header.php";
GraphicAdmin();
OpenTable();
echo "<center><font class=\"pn-title\"><b>" . _MESSAGESADMIN . "</b></font></center>";
CloseTable();
OpenTable();
echo "<center><font class=\"pn-normal\">" . _REMOVEMSG . " <b>{$mid} </font></b>";
echo "<table><tr><td>\n";
echo myTextForm("admin.php?module=" . $GLOBALS['module'] . "&op=messages", _NO);
echo "</td><td>\n";
echo myTextForm("admin.php?module=" . $GLOBALS['module'] . "&op=deletemsg&mid={$mid}&ok=1&authid=" . pnSecGenAuthKey(), _YES);
echo "</td></tr></table>\n";
echo "</center>\n";
CloseTable();
include "footer.php";
}
}
function user_admin_setConfig($var)
{
if (!pnSecConfirmAuthKey()) {
include 'header.php';
echo _BADAUTHKEY;
include 'footer.php';
exit;
}
// Escape some characters in these variables.
// hehe, I like doing this, much cleaner :-)
$fixvars = array();
// todo: make FixConfigQuotes global / replace with other function
foreach ($fixvars as $v) {
// $var[$v] = FixConfigQuotes($var[$v]);
}
// Set any numerical variables that havn't been set, to 0. i.e. paranoia check :-)
$fixvars = array();
foreach ($fixvars as $v) {
if (empty($var[$v])) {
$var[$v] = 0;
}
}
// all variables starting with x are the config vars.
while (list($key, $val) = each($var)) {
if (substr($key, 0, 1) == 'x') {
pnConfigSetVar(substr($key, 1), $val);
}
}
pnRedirect('admin.php');
}
function referers_admin_delete($var)
{
if (!pnSecConfirmAuthKey()) {
include 'header.php';
echo _BADAUTHKEY;
include 'footer.php';
exit;
}
if (!pnSecAuthAction(0, 'Referers::', '::', ACCESS_ADMIN)) {
include 'header.php';
echo _REFERERSDELNOAUTH;
include 'footer.php';
}
list($dbconn) = pnDBGetConn();
$pntable = pnDBGetTables();
$dbconn->Execute("DELETE FROM {$pntable['referer']}");
pnRedirect('admin.php');
}
function dplink_admin_updateconfig()
{
// Get parameters from whatever input we need.
$_loc = pnVarCleanFromInput('url');
$_window = pnVarCleanFromInput('use_window');
$_wrap = pnVarCleanFromInput('use_postwrap');
// Confirm authorisation code.
if (!pnSecConfirmAuthKey()) {
pnSessionSetVar('errormsg', _BADAUTHKEY);
pnRedirect(pnModURL('dplink', 'admin', ''));
return true;
}
// Update module variables.
pnModSetVar('dplink', 'url', $_loc);
pnModSetVar('dplink', 'use_window', $_window);
pnModSetVar('dplink', 'use_postwrap', $_wrap);
// This function generated no output, and so now it is complete we redirect
// the user to an appropriate page for them to carry on their work
pnRedirect('admin.php');
// Return
return true;
}
/**
* This is a standard function to update the configuration parameters of the
* module given the information passed back by the modification form
*/
function template_admin_updateconfig()
{
// Get parameters from whatever input we need. All arguments to this
// function should be obtained from pnVarCleanFromInput(), getting them
// from other places such as the environment is not allowed, as that makes
// assumptions that will not hold in future versions of PostNuke
$bold = pnVarCleanFromInput('bold');
// Confirm authorisation code. This checks that the form had a valid
// authorisation code attached to it. If it did not then the function will
// proceed no further as it is possible that this is an attempt at sending
// in false data to the system
if (!pnSecConfirmAuthKey()) {
pnSessionSetVar('errormsg', _BADAUTHKEY);
pnRedirect(pnModURL('Template', 'admin', 'view'));
return true;
}
// Update module variables. Note that depending on the HTML structure used
// to obtain the information from the user it is possible that the values
// might be unset, so it is important to check them all and assign them
// default values if required
if (!isset($bold)) {
$bold = 0;
}
pnModSetVar('template', 'bold', $bold);
if (!isset($itemsperpage)) {
$itemsperpage = 10;
}
pnModSetVar('template', 'itemsperpage', $itemsperpage);
// This function generated no output, and so now it is complete we redirect
// the user to an appropriate page for them to carry on their work
pnRedirect(pnModURL('Template', 'admin', 'view'));
// Return
return true;
}
/**
* Update the configuration
*
* This is a standard function to update the configuration parameters of the
* module given the information passed back by the modification form
* Modify configuration
*
* @author Jim McDonald
* @param bold print items in bold
* @param itemsperpage number of items per page
*/
function Example_admin_updateconfig()
{
// Security check - important to do this as early as possible to avoid
// potential security holes or just too much wasted processing
if (!pnSecAuthAction(0, 'Example::', '::', ACCESS_ADMIN)) {
return pnVarPrepHTMLDisplay(_MODULENOAUTH);
}
// Get parameters from whatever input we need. All arguments to this
// function should be obtained from pnVarCleanFromInput(), getting them
// from other places such as the environment is not allowed, as that makes
// assumptions that will not hold in future versions of PostNuke
list($bold, $itemsperpage) = pnVarCleanFromInput('bold', 'itemsperpage');
// Confirm authorisation code. This checks that the form had a valid
// authorisation code attached to it. If it did not then the function will
// proceed no further as it is possible that this is an attempt at sending
// in false data to the system
if (!pnSecConfirmAuthKey()) {
pnSessionSetVar('errormsg', pnVarPrepHTMLDisplay(_BADAUTHKEY));
return pnRedirect(pnModURL('Example', 'admin', 'view'));
}
// Update module variables. Note that depending on the HTML structure used
// to obtain the information from the user it is possible that the values
// might be empty, so it is important to check them all and assign them
// default values if required.
// ** Please note pnVarCleanFromInput will always return a set variable, even
// it's empty so isset() checking is not appropriate.
if (empty($bold)) {
$bold = false;
}
pnModSetVar('Example', 'bold', (bool) $bold);
if (empty($itemsperpage)) {
$itemsperpage = 10;
}
// make sure $itemsperpage is a positive integer
if (!is_integer($itemsperpage) || $itemsperpage < 1) {
pnSessionSetVar('errormsg', pnVarPrepForDisplay(_EXAMPLEITEMSPERPAGE));
$itemsperpage = (int) $itemsperpage;
if ($itemsperpage < 1) {
$itemsperpage = 25;
}
}
pnModSetVar('Example', 'itemsperpage', $itemsperpage);
// The configuration has been changed, so we clear all caches for
// this module.
$pnRender =& new pnRender('Example');
// Please note that by using clear_cache without any parameter,
// we clear all cached pages for this module.
$pnRender->clear_cache();
// the module configuration has been updated successfuly
pnSessionSetVar('statusmsg', _CONFIGUPDATED);
// Let any other modules know that the modules configuration has been updated
pnModCallHooks('module', 'updateconfig', 'Example', array('module' => 'Example'));
// This function generated no output, and so now it is complete we redirect
// the user to an appropriate page for them to carry on their work
return pnRedirect(pnModURL('Example', 'admin', 'view'));
}
function settings_admin_generate($vars)
{
if (!pnSecAuthAction(0, 'Settings::', '::', ACCESS_ADMIN)) {
include 'header.php';
echo _SETTINGSNOAUTH;
include 'footer.php';
return;
}
/*
* Write the vars
*/
// TODO - fix this so that it fetches each value manually, otherwise
// this is a security hole
if (!pnSecConfirmAuthKey()) {
include 'header.php';
echo _BADAUTHKEY;
include 'footer.php';
}
foreach ($vars as $name => $value) {
if (substr($name, 0, 1) == 'x') {
$var = pnVarCleanFromInput($name);
pnConfigSetVar(substr($name, 1), $var);
}
}
// Create
$allowedhtml = array();
$htmltags = settingsGetHTMLTags();
foreach ($htmltags as $htmltag) {
$tagval = pnVarCleanFromInput('htmlallow' . $htmltag . 'tag');
if ($tagval != 1 && $tagval != 2) {
$tagval = 0;
}
$allowedhtml[$htmltag] = $tagval;
}
pnConfigSetVar('AllowableHTML', $allowedhtml);
pnRedirect('admin.php');
}
/**
* Update module config.
*/
function Meds_admin_update_config()
{
// Permission check.
if (!pnSecAuthAction(0, 'Meds::', '::', ACCESS_ADMIN)) {
return pnVarPrepHTMLDisplay(_MODULENOAUTH);
}
// Clean arguments from URL.
$per_page = pnVarCleanFromInput('per_page');
// Confirm authorizaton to carry out this function's action.
if (!pnSecConfirmAuthKey()) {
pnSessionSetVar('errormsg', pnVarPrepHTMLDisplay(_BADAUTHKEY));
return pnRedirect(pnModURL('Meds', 'admin', 'main'));
}
// Ensure a default.
if (empty($per_page) || !is_numeric($per_page) || $per_page < 1) {
$per_page = 10;
}
// Set the module variable.
pnModSetVar('Meds', 'per_page', (int) $per_page);
// Start a new output object.
$pnRender =& new pnRender('Meds');
// Dump module cache.
$pnRender->clear_cache();
// Set a status message.
pnSessionSetVar('statusmsg', _CONFIGUPDATED);
// Let any hooks know that something occurred.
pnModCallHooks('module', 'updateconfig', 'Meds', array('module' => 'Meds'));
// Redirect user.
return pnRedirect(pnModURL('Meds', 'admin', 'main'));
}
