public static function delete_event($event_id) { $event_id = (int) $event_id; $db = cmsms()->GetDb(); $mod = cms_utils::get_module('CGCalendar'); $events_table_name = $mod->events_table_name; $events_to_categories_table_name = $mod->events_to_categories_table_name; $event_field_values_table_name = $mod->event_field_values_table_name; if ($event_id < 1) { return FALSE; } $query = 'SELECT * FROM ' . $events_table_name . ' WHERE event_id = ? OR event_parent_id = ? ORDER BY event_parent_id DESC'; $rows = $db->GetArray($query, array($event_id, $event_id)); if (cmsms()->is_frontend_request()) { // userid has to match the owner $feu = cms_utils::get_module('FrontEndUsers'); if (!$feu) { return; } $userid = $feu->LoggedInId(); foreach ($rows as $row) { if ($row['event_created_by'] != $userid) { // oops, we can't delete anything audit($event_id, $mod->GetName(), "FEU user {$userid} attempted to delete an event owned by somebody else"); return FALSE; } } } else { // admin request. if (!$mod->CheckPermission('Modify Calendar')) { // userid has to match the owner.. and we have to have permission to edit my events if (!$mod->CheckPermission('Edit My Calendar Events')) { $userid = get_userid(FALSE) * -1 - 100; foreach ($rows as $row) { if ($row['event_created_by'] != $userid) { // oops. we can't delete this event. audit($event_id, $mod->GetName(), "Admin user {$userid} attempted to delete an event owned by somebody else"); return FALSE; } } } } } $query1 = 'DELETE FROM ' . $event_field_values_table_name . ' WHERE event_id = ?'; $query2 = 'DELETE FROM ' . $events_to_categories_table_name . ' WHERE event_id = ?'; $query3 = 'DELETE FROM ' . $events_table_name . ' WHERE event_parent_id = ?'; $query4 = 'DELETE FROM ' . $events_table_name . ' WHERE event_id = ?'; foreach ($rows as $one) { $db->Execute($query1, array($event_id)); $db->Execute($query2, array($event_id)); } $db->Execute($query1, array($event_id)); $db->Execute($query2, array($event_id)); $db->Execute($query3, array($event_id)); $db->Execute($query4, array($event_id)); $mod->SendEvent('EventDeleted', array('event_id' => $event_id)); $cgcal = cms_utils::get_module('CGCalendar'); $search = cms_utils::get_search_module(); if ($search) { $search->DeleteWords($cgcal->GetName(), $event_id); } return TRUE; }
// handle the custom fields $now = $db->DbTimeStamp(time()); $query = 'INSERT INTO ' . cms_db_prefix() . "module_news_fieldvals\n (news_id, fielddef_id, value, create_date, modified_date)\n VALUES (?,?,?,{$now},{$now})"; foreach ($params as $key => $value) { $value = trim($value); if (empty($value)) { continue; } if (preg_match('/^news_customfield_/', $key)) { $field_id = intval(substr($key, 17)); $db->Execute($query, array($articleid, $field_id, $value)); } } // should've checked those errors too, but eh, I'm up for the odds. //Update search index $module = cms_utils::get_search_module(); if (is_object($module)) { $module->AddWords($this->GetName(), $articleid, 'article', $content . ' ' . $summary . ' ' . $title . ' ' . $title, $useexp == 1 ? $enddate : NULL); } // Send an email $do_send_email = true; $do_redirect = true; // send an event @$this->SendEvent('NewsArticleAdded', array('news_id' => $articleid, 'category_id' => $category_id, 'title' => $title, 'content' => $content, 'summary' => $summary, 'status' => $status, 'start_time' => $startdate, 'end_time' => $enddate, 'useexp' => $useexp)); // put mention into the admin log audit('', 'News Frontend Submit', 'Article added'); // and we're done $smarty->assign('message', $this->Lang('articleadded')); } } }