Example #1
0
 // Start and end times are also used to clip the times for summary info.
 $report_start = mktime(0, 0, 0, $From_month + 0, $From_day + 0, $From_year + 0);
 $report_end = mktime(0, 0, 0, $To_month + 0, $To_day + 1, $To_year + 0);
 //   SQL result will contain the following columns:
 // Col Index  Description:
 //   1  [0]   Entry ID, not displayed -- used for linking to View script.
 //   2  [1]   Start time as Unix time_t
 //   3  [2]   End time as Unix time_t
 //   4  [3]   Entry name or short description, must be HTML escaped
 //   5  [4]   Entry description, must be HTML escaped
 //   6  [5]   Type, single char mapped to a string
 //   7  [6]   Created by (user name or IP addr), must be HTML escaped
 //   8  [7]   Creation timestamp, converted to Unix time_t by the database
 //   9  [8]   Area name, must be HTML escaped
 //  10  [9]   Room name, must be HTML escaped
 $sql = "SELECT e.id AS entry_id, e.start_time, e.end_time, e.name, e.description, " . "e.type, e.create_by, " . sql_syntax_timestamp_to_unix("e.timestamp") . " AS last_updated" . ", a.area_name, r.room_name" . " FROM {$tbl_entry} e, {$tbl_area} a, {$tbl_room} r" . " WHERE e.room_id = r.id AND r.area_id = a.id" . " AND e.start_time < {$report_end} AND e.end_time > {$report_start}";
 if (!empty($areamatch)) {
     // sql_syntax_caseless_contains() does the SQL escaping
     $sql .= " AND" . sql_syntax_caseless_contains("a.area_name", $areamatch);
 }
 if (!empty($roommatch)) {
     // sql_syntax_caseless_contains() does the SQL escaping
     $sql .= " AND" . sql_syntax_caseless_contains("r.room_name", $roommatch);
 }
 if (!empty($typematch)) {
     $sql .= " AND ";
     if (count($typematch) > 1) {
         $or_array = array();
         foreach ($typematch as $type) {
             $or_array[] = "e.type = '" . addslashes($type) . "'";
         }
Example #2
0
    }
    ${$var} = get_form_var($var, $var_type);
}
// Set the field order list
$field_order_list = array('name', 'area_name', 'room_name', 'start_time', 'end_time', 'description', 'type', 'create_by', 'confirmation_enabled', 'approval_enabled');
foreach ($custom_fields as $key => $value) {
    $field_order_list[] = $key;
}
$field_order_list[] = 'last_updated';
// PHASE 2:  SQL QUERY.  We do the SQL query now to see if there's anything there
if ($phase == 2) {
    // Start and end times are also used to clip the times for summary info.
    $report_start = mktime(0, 0, 0, $from_month + 0, $from_day + 0, $from_year + 0);
    $report_end = mktime(0, 0, 0, $to_month + 0, $to_day + 1, $to_year + 0);
    // Construct the SQL query
    $sql = "SELECT E.*, " . sql_syntax_timestamp_to_unix("E.timestamp") . " AS last_updated, " . "A.area_name, R.room_name, " . "A.approval_enabled, A.confirmation_enabled, A.enable_periods";
    if ($output_format == OUTPUT_ICAL) {
        // If we're producing an iCalendar then we'll also need the repeat
        // information in order to construct the recurrence rule
        $sql .= ", T.rep_type, T.end_date, T.rep_opt, T.rep_num_weeks, T.month_absolute, T.month_relative";
    }
    $sql .= " FROM {$tbl_area} A, {$tbl_room} R, {$tbl_entry} E";
    if ($output_format == OUTPUT_ICAL) {
        // We do a LEFT JOIN because we still want the single entries, ie the ones
        // that won't have a match in the repeat table
        $sql .= " LEFT JOIN {$tbl_repeat} T ON E.repeat_id=T.id";
    }
    $sql .= " WHERE E.room_id=R.id AND R.area_id=A.id" . " AND E.start_time < {$report_end} AND E.end_time > {$report_start}";
    if ($output_format == OUTPUT_ICAL) {
        // We can't export periods in an iCalendar yet
        $sql .= " AND A.enable_periods=0";
Example #3
0
    display_buttons($row, FALSE);
    echo "</td>\n";
    echo "</tr>\n";
}
// Check the user is authorised for this page
checkAuthorised();
// Also need to know whether they have admin rights
$user = getUserName();
$is_admin = authGetUserLevel($user) >= 2;
$user_level = authGetUserLevel($user);
print_header($day, $month, $year, $area, isset($room) ? $room : "");
echo "<h1>" . get_vocab("pending") . "</h1>\n";
// Get a list of all bookings awaiting approval
// We are only interested in areas where approval is required
$sql_approval_enabled = some_area_predicate('approval_enabled');
$sql = "SELECT E.id, E.name, E.room_id, E.start_time, E.create_by, " . sql_syntax_timestamp_to_unix("E.timestamp") . " AS last_updated,\n               E.reminded, E.repeat_id,\n               M.room_name, M.area_id, A.area_name, A.enable_periods,\n               E.info_time AS entry_info_time, E.info_user AS entry_info_user,\n               T.info_time AS repeat_info_time, T.info_user AS repeat_info_user\n          FROM {$tbl_room} AS M, {$tbl_area} AS A,";
if ($user_level != 0) {
    $sql .= " mrbs_users U,";
}
$sql .= "{$tbl_entry} AS E\n     LEFT JOIN {$tbl_repeat} AS T ON E.repeat_id=T.id\n         WHERE E.room_id = M.id\n           AND M.area_id = A.id\n           AND M.disabled = 0\n           AND A.disabled = 0\n           AND {$sql_approval_enabled}\n           AND (E.status&" . STATUS_AWAITING_APPROVAL . " != 0)";
// Ordinary users can only see their own bookings
// if (!$is_admin)
if ($user_level == 0) {
    // echo "here0";
    $sql .= " AND E.create_by='" . sql_escape($user) . "'";
}
if ($user_level > 0) {
    // echo "here1";
    // $sql .= " AND A.area_admin='" . sql_escape($user) . "'";
    $sql .= " AND U.name ='" . $user . "' AND U.area_id = A.id";
}
    echo "<td>\n";
    display_buttons($row, FALSE);
    echo "</td>\n";
    echo "</tr>\n";
}
// Check the user is authorised for this page
checkAuthorised();
// Also need to know whether they have admin rights
$user = getUserName();
$is_admin = authGetUserLevel($user) >= 2;
print_header($day, $month, $year, $area, isset($room) ? $room : "");
echo "<h1>" . get_vocab("pending") . "</h1>\n";
// Get a list of all bookings awaiting approval
// We are only interested in areas where approval is required
$sql_approval_enabled = some_area_predicate('approval_enabled');
$sql = "SELECT E.id, E.name, E.room_id, E.start_time, E.create_by, " . sql_syntax_timestamp_to_unix("E.timestamp") . " AS last_updated,\n               E.reminded, E.repeat_id,\n               M.room_name, M.area_id, A.area_name, A.enable_periods,\n               E.info_time AS entry_info_time, E.info_user AS entry_info_user,\n               T.info_time AS repeat_info_time, T.info_user AS repeat_info_user\n          FROM {$tbl_room} AS M, {$tbl_area} AS A, {$tbl_entry} AS E\n     LEFT JOIN {$tbl_repeat} AS T ON E.repeat_id=T.id\n         WHERE E.room_id = M.id\n           AND M.area_id = A.id\n           AND M.disabled = 0\n           AND A.disabled = 0\n           AND {$sql_approval_enabled}\n           AND (E.status&" . STATUS_AWAITING_APPROVAL . " != 0)";
// Ordinary users can only see their own bookings
if (!$is_admin) {
    $sql .= " AND E.create_by='" . sql_escape($user) . "'";
}
// We want entries for a series to appear together so that we can display
// them as a separate table below the main entry for the series.
$sql .= " ORDER BY repeat_id, start_time";
$res = sql_query($sql);
if (!$res) {
    trigger_error(sql_error(), E_USER_WARNING);
    fatal_error(FALSE, get_vocab("fatal_db_error"));
}
if (sql_count($res) == 0) {
    echo "<p>" . get_vocab("none_outstanding") . "</p>\n";
} else {
Example #5
0
 # Start and end times are also used to clip the times for summary info.
 $report_start = mktime(0, 0, 0, $From_month, $From_day, $From_year);
 $report_end = mktime(0, 0, 0, $To_month, $To_day + 1, $To_year);
 #   SQL result will contain the following columns:
 # Col Index  Description:
 #   1  [0]   Entry ID, not displayed -- used for linking to View script.
 #   2  [1]   Start time as Unix time_t
 #   3  [2]   End time as Unix time_t
 #   4  [3]   Entry name or short description, must be HTML escaped
 #   5  [4]   Entry description, must be HTML escaped
 #   6  [5]   Type, single char mapped to a string
 #   7  [6]   Created by (user name or IP addr), must be HTML escaped
 #   8  [7]   Creation timestamp, converted to Unix time_t by the database
 #   9  [8]   Area name, must be HTML escaped
 #  10  [9]   Room name, must be HTML escaped
 $sql = "SELECT e.id, e.start_time, e.end_time, e.name, e.description, " . "e.type, e.create_by, " . sql_syntax_timestamp_to_unix("e.timestamp") . ", a.area_name, r.room_name" . " FROM mrbs_entry e, mrbs_area a, mrbs_room r" . " WHERE e.room_id = r.id AND r.area_id = a.id" . " AND e.start_time < {$report_end} AND e.end_time > {$report_start}";
 if (!empty($areamatch)) {
     $sql .= " AND" . sql_syntax_caseless_contains("a.area_name", $areamatch);
 }
 if (!empty($roommatch)) {
     $sql .= " AND" . sql_syntax_caseless_contains("r.room_name", $roommatch);
 }
 if (!empty($namematch)) {
     $sql .= " AND" . sql_syntax_caseless_contains("e.name", $namematch);
 }
 if (!empty($descrmatch)) {
     $sql .= " AND" . sql_syntax_caseless_contains("e.description", $descrmatch);
 }
 # Order by Area, Room, Start date/time:
 $sql .= " ORDER BY 9,10,2";
 # echo "<p>DEBUG: SQL: <tt> $sql </tt>\n";
Example #6
0
    $month = date("m");
    $year = date("Y");
}
if (empty($area)) {
    $area = get_default_area();
}
print_header($day, $month, $year, $area, isset($room) ? $room : "");
if (empty($series)) {
    $series = 0;
} else {
    $series = 1;
}
if ($series) {
    $sql = "\n   SELECT {$tbl_repeat}.name,\n          {$tbl_repeat}.description,\n          {$tbl_repeat}.create_by,\n          {$tbl_room}.room_name,\n          {$tbl_area}.area_name,\n          {$tbl_repeat}.type,\n          {$tbl_repeat}.room_id,\n          " . sql_syntax_timestamp_to_unix("{$tbl_repeat}.timestamp") . " AS last_updated,\n          ({$tbl_repeat}.end_time - {$tbl_repeat}.start_time) AS duration,\n          {$tbl_repeat}.start_time,\n          {$tbl_repeat}.end_time,\n          {$tbl_repeat}.rep_type,\n          {$tbl_repeat}.end_date,\n          {$tbl_repeat}.rep_opt,\n          {$tbl_repeat}.rep_num_weeks\n\n   FROM  {$tbl_repeat}, {$tbl_room}, {$tbl_area}\n   WHERE {$tbl_repeat}.room_id = {$tbl_room}.id\n      AND {$tbl_room}.area_id = {$tbl_area}.id\n      AND {$tbl_repeat}.id={$id}\n   ";
} else {
    $sql = "\n   SELECT {$tbl_entry}.name,\n          {$tbl_entry}.description,\n          {$tbl_entry}.create_by,\n          {$tbl_room}.room_name,\n          {$tbl_area}.area_name,\n          {$tbl_entry}.type,\n          {$tbl_entry}.room_id,\n          " . sql_syntax_timestamp_to_unix("{$tbl_entry}.timestamp") . " AS last_updated,\n          ({$tbl_entry}.end_time - {$tbl_entry}.start_time) AS duration,\n          {$tbl_entry}.start_time,\n          {$tbl_entry}.end_time,\n          {$tbl_entry}.repeat_id\n\n   FROM  {$tbl_entry}, {$tbl_room}, {$tbl_area}\n   WHERE {$tbl_entry}.room_id = {$tbl_room}.id\n      AND {$tbl_room}.area_id = {$tbl_area}.id\n      AND {$tbl_entry}.id={$id}\n   ";
}
$res = sql_query($sql);
if (!$res) {
    fatal_error(0, sql_error());
}
if (sql_count($res) < 1) {
    fatal_error(0, $series ? get_vocab("invalid_series_id") : get_vocab("invalid_entry_id"));
}
$row = sql_row_keyed($res, 0);
sql_free($res);
$name = htmlspecialchars($row['name']);
$description = htmlspecialchars($row['description']);
$create_by = htmlspecialchars($row['create_by']);
$room_name = htmlspecialchars($row['room_name']);
$area_name = htmlspecialchars($row['area_name']);
Example #7
0
#   SQL result will contain the following columns:
# Col Index  Description:
#   1  [0]   Entry ID, not displayed -- used for linking to View script.
#   2  [1]   Start time as Unix time_t
#   3  [2]   End time as Unix time_t
#   4  [3]   Entry name or short description, must be HTML escaped
#   5  [4]   Entry description, must be HTML escaped
#   6  [5]   Type, single char mapped to a string
#   7  [6]   Created by (user name or IP addr), must be HTML escaped
#   8  [7]   Creation timestamp, converted to Unix time_t by the database
#   9  [8]   Area name, must be HTML escaped
#  10  [9]   Room name, must be HTML escaped

	$sql = "SELECT e.id, e.start_time, e.end_time, e.name, e.description, "
		. "e.type, e.create_by, "
		.  sql_syntax_timestamp_to_unix("e.timestamp")
		. ", a.area_name, r.room_name"
		. " FROM mrbs_entry e, mrbs_area a, mrbs_room r"
		. " WHERE e.room_id = r.id AND r.area_id = a.id"
		. " AND e.start_time < $report_end AND e.end_time > $report_start";

	if (!empty($areamatch))
		$sql .= " AND" .  sql_syntax_caseless_contains("a.area_name", $areamatch);
	if (!empty($roommatch))
		$sql .= " AND" .  sql_syntax_caseless_contains("r.room_name", $roommatch);
	if (!empty($namematch))
		$sql .= " AND" .  sql_syntax_caseless_contains("e.name", $namematch);
	if (!empty($descrmatch))
		$sql .= " AND" .  sql_syntax_caseless_contains("e.description", $descrmatch);

	# Order by Area, Room, Start date/time:
Example #8
0
# $Id$
require_once "grab_globals.inc.php";
include "config.inc";
include "functions.inc";
include "{$dbsys}.inc";
#If we dont know the right date then make it up
if (!isset($day) or !isset($month) or !isset($year)) {
    $day = date("d");
    $month = date("m");
    $year = date("Y");
}
if (empty($area)) {
    $area = get_default_area();
}
print_header($day, $month, $year, $area);
$sql = "\nSELECT mrbs_entry.name,\n       mrbs_entry.description,\n       mrbs_entry.create_by,\n       mrbs_room.room_name,\n       mrbs_area.area_name,\n       mrbs_entry.type,\n       mrbs_entry.room_id,\n       mrbs_entry.repeat_id,\n    " . sql_syntax_timestamp_to_unix("mrbs_entry.timestamp") . ",\n       (mrbs_entry.end_time - mrbs_entry.start_time),\n       mrbs_entry.start_time,\n       mrbs_entry.end_time\n\nFROM mrbs_entry, mrbs_room, mrbs_area\nWHERE mrbs_entry.room_id = mrbs_room.id\n  AND mrbs_room.area_id = mrbs_area.id\n  AND mrbs_entry.id={$id}\n";
$res = sql_query($sql);
if (!$res) {
    fatal_error(0, sql_error());
}
if (sql_count($res) < 1) {
    fatal_error(0, $vocab['invalid_entry_id']);
}
$row = sql_row($res, 0);
sql_free($res);
# Note: Removed stripslashes() calls from name and description. Previous
# versions of MRBS mistakenly had the backslash-escapes in the actual database
# records because of an extra addslashes going on. Fix your database and
# leave this code alone, please.
$name = htmlspecialchars($row[0]);
$description = htmlspecialchars($row[1]);
Example #9
0
    $year = date("Y");
}
if (empty($area)) {
    $area = get_default_area();
}
if (!getAuthorised(1)) {
    showAccessDenied($day, $month, $year, $area, isset($room) ? $room : "");
    exit;
}
$user = getUserName();
$is_admin = authGetUserLevel($user) >= 2;
print_header($day, $month, $year, $area, isset($room) ? $room : "");
echo "<h1>" . get_vocab("pending") . "</h1>\n";
// Get a list of all the provisional bookings
// We are only interested in areas where provisional bookings are enabled
$sql = "SELECT E.id, E.name, E.room_id, E.start_time, E.create_by, " . sql_syntax_timestamp_to_unix("E.timestamp") . " AS last_updated,\n               E.reminded, E.repeat_id,\n               R.room_name, R.area_id, A.area_name\n        FROM  {$tbl_room} AS R, {$tbl_area} AS A, {$tbl_entry} AS E\n        WHERE E.room_id = R.id\n          AND R.area_id = A.id\n          AND A.provisional_enabled>0\n          AND status=" . STATUS_PROVISIONAL;
// Ordinary users can only see their own bookings
if (!$is_admin) {
    $sql .= " AND E.create_by='" . addslashes($user) . "'";
}
// We want entries for a series to appear together so that we can display
// them as a separate table below the main entry for the series.
$sql .= " ORDER BY repeat_id, start_time";
$res = sql_query($sql);
if (!$res) {
    fatal_error(0, sql_error());
}
if (sql_count($res) == 0) {
    echo "<p>" . get_vocab("none_outstanding") . "</p>\n";
} else {
    echo "<table id=\"pending_list\" class=\"admin_table\">\n";
Example #10
0
    $month = date("m");
    $year = date("Y");
}
if (empty($area)) {
    $area = get_default_area();
}
print_header($day, $month, $year, $area);
if (empty($series)) {
    $series = 0;
} else {
    $series = 1;
}
if ($series) {
    $sql = "\n\tSELECT {$tbl_repeat}.name,\n\t       {$tbl_repeat}.description,\n\t       {$tbl_repeat}.create_by,\n\t       {$tbl_room}.room_name,\n\t       {$tbl_area}.area_name,\n\t       {$tbl_repeat}.type,\n\t       {$tbl_repeat}.room_id,\n\t       " . sql_syntax_timestamp_to_unix("{$tbl_repeat}.timestamp") . ",\n\t       ({$tbl_repeat}.end_time - {$tbl_repeat}.start_time),\n\t       {$tbl_repeat}.start_time,\n\t       {$tbl_repeat}.end_time,\n\t       {$tbl_repeat}.rep_type,\n\t       {$tbl_repeat}.end_date,\n\t       {$tbl_repeat}.rep_opt,\n\t       {$tbl_repeat}.rep_num_weeks\n\n\tFROM  {$tbl_repeat}, {$tbl_room}, {$tbl_area}\n\tWHERE {$tbl_repeat}.room_id = {$tbl_room}.id\n\t\tAND {$tbl_room}.area_id = {$tbl_area}.id\n\t\tAND {$tbl_repeat}.id={$id}\n\t";
} else {
    $sql = "\n\tSELECT {$tbl_entry}.name,\n\t       {$tbl_entry}.description,\n\t       {$tbl_entry}.create_by,\n\t       {$tbl_room}.room_name,\n\t       {$tbl_area}.area_name,\n\t       {$tbl_entry}.type,\n\t       {$tbl_entry}.room_id,\n\t       " . sql_syntax_timestamp_to_unix("{$tbl_entry}.timestamp") . ",\n\t       ({$tbl_entry}.end_time - {$tbl_entry}.start_time),\n\t       {$tbl_entry}.start_time,\n\t       {$tbl_entry}.end_time,\n\t       {$tbl_entry}.repeat_id\n\n\tFROM  {$tbl_entry}, {$tbl_room}, {$tbl_area}\n\tWHERE {$tbl_entry}.room_id = {$tbl_room}.id\n\t\tAND {$tbl_room}.area_id = {$tbl_area}.id\n\t\tAND {$tbl_entry}.id={$id}\n\t";
}
$res = sql_query($sql);
if (!$res) {
    fatal_error(0, sql_error());
}
if (sql_count($res) < 1) {
    fatal_error(0, $series ? get_vocab("invalid_series_id") : get_vocab("invalid_entry_id"));
}
$row = sql_row($res, 0);
sql_free($res);
# Note: Removed stripslashes() calls from name and description. Previous
# versions of MRBS mistakenly had the backslash-escapes in the actual database
# records because of an extra addslashes going on. Fix your database and
# leave this code alone, please.
$name = htmlspecialchars($row[0]);
Example #11
0
 // Start and end times are also used to clip the times for summary info.
 $report_start = mktime(0, 0, 0, $From_month + 0, $From_day + 0, $From_year + 0);
 $report_end = mktime(0, 0, 0, $To_month + 0, $To_day + 1, $To_year + 0);
 //   SQL result will contain the following columns:
 // Col Index  Description:
 //   1  [0]   Entry ID, not displayed -- used for linking to View script.
 //   2  [1]   Start time as Unix time_t
 //   3  [2]   End time as Unix time_t
 //   4  [3]   Entry name or short description, must be HTML escaped
 //   5  [4]   Entry description, must be HTML escaped
 //   6  [5]   Type, single char mapped to a string
 //   7  [6]   Created by (user name or IP addr), must be HTML escaped
 //   8  [7]   Creation timestamp, converted to Unix time_t by the database
 //   9  [8]   Area name, must be HTML escaped
 //  10  [9]   Room name, must be HTML escaped
 $sql = "SELECT E.id AS entry_id, E.start_time, E.end_time, E.name, E.description, " . "E.type, E.create_by, " . sql_syntax_timestamp_to_unix("E.timestamp") . " AS last_updated" . ", A.area_name, R.room_name" . " FROM {$tbl_entry} E, {$tbl_area} A, {$tbl_room} R" . " WHERE E.room_id = R.id AND R.area_id = A.id" . " AND E.start_time < {$report_end} AND E.end_time > {$report_start}";
 if (!empty($areamatch)) {
     // sql_syntax_caseless_contains() does the SQL escaping
     $sql .= " AND" . sql_syntax_caseless_contains("A.area_name", $areamatch);
 }
 if (!empty($roommatch)) {
     // sql_syntax_caseless_contains() does the SQL escaping
     $sql .= " AND" . sql_syntax_caseless_contains("R.room_name", $roommatch);
 }
 if (!empty($typematch)) {
     $sql .= " AND ";
     if (count($typematch) > 1) {
         $or_array = array();
         foreach ($typematch as $type) {
             $or_array[] = "E.type = '" . addslashes($type) . "'";
         }