function display_buttons($row, $is_series) { global $PHP_SELF; global $user, $reminder_interval; $last_reminded = empty($row['reminded']) ? $row['last_updated'] : $row['reminded']; $returl = $PHP_SELF; $target_id = $is_series ? $row['repeat_id'] : $row['id']; // When we're going to view_entry.php we need to pass the id and series // in a query string rather than as hidden inputs. That's because some // pages called by view_entry use HTTP_REFERER to form a return URL, and // view_entry needs to have a valid id. $query_string = "id={$target_id}"; $query_string .= $is_series ? "&series=1" : ""; if (auth_book_admin($user, $row['room_id'])) { // accept echo "<form action=\"confirm_entry_handler.php\" method=\"post\">\n"; echo "<div>\n"; echo "<input type=\"hidden\" name=\"action\" value=\"accept\">\n"; echo "<input type=\"hidden\" name=\"id\" value=\"{$target_id}\">\n"; echo "<input type=\"hidden\" name=\"series\" value=\"{$is_series}\">\n"; echo "<input type=\"hidden\" name=\"returl\" value=\"" . htmlspecialchars($returl) . "\">\n"; echo "<input type=\"submit\" value=\"" . get_vocab("accept") . "\">\n"; echo "</div>\n"; echo "</form>\n"; // reject echo "<form action=\"view_entry.php?{$query_string}\" method=\"post\">\n"; echo "<div>\n"; echo "<input type=\"hidden\" name=\"action\" value=\"reject\">\n"; echo "<input type=\"hidden\" name=\"returl\" value=\"" . htmlspecialchars($returl) . "\">\n"; echo "<input type=\"submit\" value=\"" . get_vocab("reject") . "\">\n"; echo "</div>\n"; echo "</form>\n"; // more info echo "<form action=\"view_entry.php?{$query_string}\" method=\"post\">\n"; echo "<div>\n"; echo "<input type=\"hidden\" name=\"action\" value=\"more_info\">\n"; echo "<input type=\"hidden\" name=\"returl\" value=\"" . htmlspecialchars($returl) . "\">\n"; echo "<input type=\"submit\" value=\"" . get_vocab("more_info") . "\">\n"; echo "</div>\n"; echo "</form>\n"; } else { // Work out whether enough time has elapsed since the last reminder $not_yet_time = working_time_diff(time(), $last_reminded) < $reminder_interval; // if enough time has passed since the last reminder // output a "Remind Admin" button, otherwise nothing if ($not_yet_time) { echo " "; } else { echo "<form action=\"confirm_entry_handler.php\" method=\"post\">\n"; echo "<div>\n"; echo "<input type=\"hidden\" name=\"action\" value=\"remind_admin\">\n"; echo "<input type=\"hidden\" name=\"id\" value=\"" . $row['id'] . "\">\n"; echo "<input type=\"hidden\" name=\"returl\" value=\"" . htmlspecialchars($returl) . "\">\n"; echo "<input type=\"submit\" value=\"" . get_vocab("remind_admin") . "\">\n"; echo "</div>\n"; echo "</form>\n"; } } }
function display_buttons($row, $is_series) { global $PHP_SELF; global $user, $reminders_enabled, $reminder_interval; $last_reminded = empty($row['reminded']) ? $row['last_updated'] : $row['reminded']; $returl = $PHP_SELF; $target_id = $is_series ? $row['repeat_id'] : $row['id']; // When we're going to view_entry.php we need to pass the id and series // in a query string rather than as hidden inputs. That's because some // pages called by view_entry use HTTP_REFERER to form a return URL, and // view_entry needs to have a valid id. $query_string = "id={$target_id}"; $query_string .= $is_series ? "&series=1" : ""; if (auth_book_admin($user, $row['room_id'])) { // approve echo "<form action=\"approve_entry_handler.php\" method=\"post\">\n"; echo "<div>\n"; echo "<input type=\"hidden\" name=\"action\" value=\"approve\">\n"; echo "<input type=\"hidden\" name=\"id\" value=\"{$target_id}\">\n"; echo "<input type=\"hidden\" name=\"series\" value=\"{$is_series}\">\n"; echo "<input type=\"hidden\" name=\"returl\" value=\"" . htmlspecialchars($returl) . "\">\n"; echo "<input type=\"submit\" value=\"" . get_vocab("approve") . "\">\n"; echo "</div>\n"; echo "</form>\n"; // reject echo "<form action=\"view_entry.php?{$query_string}\" method=\"post\">\n"; echo "<div>\n"; echo "<input type=\"hidden\" name=\"action\" value=\"reject\">\n"; echo "<input type=\"hidden\" name=\"returl\" value=\"" . htmlspecialchars($returl) . "\">\n"; echo "<input type=\"submit\" value=\"" . get_vocab("reject") . "\">\n"; echo "</div>\n"; echo "</form>\n"; // more info $info_time = $is_series ? $row['repeat_info_time'] : $row['entry_info_time']; $info_user = $is_series ? $row['repeat_info_user'] : $row['entry_info_user']; if (empty($info_time)) { $info_title = get_vocab("no_request_yet"); } else { $info_title = get_vocab("last_request") . ' ' . time_date_string($info_time); if (!empty($info_user)) { $info_title .= " " . get_vocab("by") . " {$info_user}"; } } echo "<form action=\"view_entry.php?{$query_string}\" method=\"post\">\n"; echo "<div>\n"; echo "<input type=\"hidden\" name=\"action\" value=\"more_info\">\n"; echo "<input type=\"hidden\" name=\"returl\" value=\"" . htmlspecialchars($returl) . "\">\n"; echo "<input type=\"submit\" title=\"" . htmlspecialchars($info_title) . "\" value=\"" . get_vocab("more_info") . "\">\n"; echo "</div>\n"; echo "</form>\n"; } else { // get the area settings for this room get_area_settings(get_area($row['room_id'])); // if enough time has passed since the last reminder // output a "Remind Admin" button, otherwise nothing if ($reminders_enabled && working_time_diff(time(), $last_reminded) >= $reminder_interval) { echo "<form action=\"approve_entry_handler.php\" method=\"post\">\n"; echo "<div>\n"; echo "<input type=\"hidden\" name=\"action\" value=\"remind_admin\">\n"; echo "<input type=\"hidden\" name=\"id\" value=\"" . $row['id'] . "\">\n"; echo "<input type=\"hidden\" name=\"returl\" value=\"" . htmlspecialchars($returl) . "\">\n"; echo "<input type=\"submit\" value=\"" . get_vocab("remind_admin") . "\">\n"; echo "</div>\n"; echo "</form>\n"; } else { echo " "; } } }
$booking[$key] = $value; } // Set the various bits in the status field as appropriate // (Note: the status field is the only one that can differ by room) $status = 0; // Privacy status if ($isprivate) { $status |= STATUS_PRIVATE; // Set the private bit } // If we are using booking approvals then we need to work out whether the // status of this booking is approved. If the user is allowed to approve // bookings for this room, then the status will be approved, since they are // in effect immediately approving their own booking. Otherwise the booking // will need to approved. if ($approval_enabled && !auth_book_admin($user, $room_id)) { $status |= STATUS_AWAITING_APPROVAL; } // Confirmation status if ($confirmation_enabled && !$confirmed) { $status |= STATUS_TENTATIVE; } $booking['status'] = $status; $bookings[] = $booking; } $just_check = $ajax && function_exists('json_encode') && !$commit; $this_id = isset($id) ? $id : NULL; $result = mrbsMakeBookings($bookings, $this_id, $just_check, $skip, $original_room_id, $need_to_send_mail, $edit_type); // If we weren't just checking and this was a succesful booking and // we were editing an existing booking, then delete the old booking if (!$just_check && $result['valid_booking'] && isset($id)) {
$info_user = $series ? $repeat_info_user : $entry_info_user; $info_text = $series ? $repeat_info_text : $entry_info_text; if (empty($info_time)) { $value = ''; } else { $value = get_vocab("sent_at") . time_date_string($info_time); if (!empty($info_user)) { $value .= "\n" . get_vocab("by") . " {$info_user}"; } $value .= "\n----\n"; $value .= $info_text; } generateTextArea("approve_entry_handler.php", $target_id, $series, "more_info", $returl, get_vocab("send"), get_vocab("request_more_info"), $value); } else { // Buttons for those who are allowed to approve this booking if (auth_book_admin($user, $row['room_id'])) { if (!$series) { generateApproveButtons($id, FALSE); } if (!empty($repeat_id) || $series) { generateApproveButtons($repeat_id, TRUE); } } elseif ($user == $create_by) { generateOwnerButtons($id, $series); } else { // But valid HTML requires that there's something inside the <tfoot></tfoot> echo "<tr><td></td><td></td></tr>\n"; } } echo "</tfoot>\n"; }
$room_id = $data['room_id']; // Initialise $mail_previous so that we can use it as a parameter for notifyAdminOnBooking $mail_previous = array(); $start_times = array(); // Give the return URL a query string if it doesn't already have one if (strpos($returl, '?') === FALSE) { $returl .= "?year={$year}&month={$month}&day={$day}&area={$area}&room={$room}"; } if (isset($action)) { if ($need_to_send_mail) { $is_new_entry = TRUE; // Treat it as a new entry unless told otherwise } // If we have to approve or reject a booking, check that we have rights to do so // for this room if (($action == "approve" || $action == "reject") && !auth_book_admin($user, $room_id)) { showAccessDenied($day, $month, $year, $area, isset($room) ? $room : ""); exit; } switch ($action) { // ACTION = "APPROVE" case 'approve': if ($need_to_send_mail) { $is_new_entry = FALSE; // Get the current booking data, before we change anything, for use in emails $mail_previous = mrbsGetBookingInfo($id, $series); } $start_times = mrbsApproveEntry($id, $series); $result = $start_times !== FALSE; if ($result === FALSE) { $returl .= "&error=approve_failed";
case "month": $returl = "month.php"; break; case "week": $returl = "week.php"; break; default: $returl = "day.php"; } $returl .= "?year={$year}&month={$month}&day={$day}&area={$area}"; } if (getAuthorised(1) && ($info = mrbsGetBookingInfo($id, FALSE, TRUE))) { $user = getUserName(); // check that the user is allowed to delete this entry if (isset($action) && ($action = "reject")) { $authorised = auth_book_admin($user, $info['room_id']); } else { $authorised = getWritable($info['create_by'], $user, $info['room_id']); } if ($authorised) { $day = strftime("%d", $info["start_time"]); $month = strftime("%m", $info["start_time"]); $year = strftime("%Y", $info["start_time"]); $area = mrbsGetRoomArea($info["room_id"]); $notify_by_email = $mail_settings['admin_on_delete'] || $mail_settings['book_admin_on_provisional']; if ($notify_by_email) { require_once "functions_mail.inc"; // Gather all fields values for use in emails. $mail_previous = getPreviousEntryData($id, $series); } sql_begin();
$info_user = $series ? $repeat_info_user : $entry_info_user; $info_text = $series ? $repeat_info_text : $entry_info_text; if (empty($info_time)) { $value = ''; } else { $value = get_vocab("sent_at") . time_date_string($info_time); if (!empty($info_user)) { $value .= "\n" . get_vocab("by") . " {$info_user}"; } $value .= "\n----\n"; $value .= $info_text; } generateTextArea("approve_entry_handler.php", $target_id, $series, "more_info", $returl, get_vocab("send"), get_vocab("request_more_info"), $value); } else { // Buttons for those who are allowed to approve this booking if (auth_book_admin($user, $room_id)) { if (!$series) { generateApproveButtons($id, FALSE); } if (!empty($repeat_id) || $series) { generateApproveButtons($repeat_id, TRUE); } } elseif ($user == $create_by) { generateOwnerButtons($id, $series); } else { // But valid HTML requires that there's something inside the <tfoot></tfoot> echo "<tr><td></td><td></td></tr>\n"; } } echo "</tfoot>\n"; }
$valid_booking = FALSE; $rules_broken[] = $tmp; } } } } // end foreach rooms // If the rooms were free, go ahead an process the bookings if ($valid_booking) { foreach ($rooms as $room_id) { // If we're using provisional booking then we need to work out whether the // status of this booking is confirmed. If the user is allowed to confirm // bookings for this room, then the status will be confirmed , since they are // in effect immediately confirming their own booking. if ($provisional_enabled) { $status = auth_book_admin($user, $room_id) ? STATUS_CONFIRMED : STATUS_PROVISIONAL; } else { $status = STATUS_CONFIRMED; } if ($edit_type == "series") { $booking = mrbsCreateRepeatingEntrys($starttime, $endtime, $rep_type, $rep_enddate, $rep_opt, $room_id, $create_by, $name, $type, $description, isset($rep_num_weeks) ? $rep_num_weeks : 0, $isprivate, $status); $new_id = $booking['id']; // Send a mail to the Administrator if ($mail_settings['admin_on_bookings'] or $mail_settings['area_admin_on_bookings'] or $mail_settings['room_admin_on_bookings'] or $mail_settings['booker'] or $mail_settings['book_admin_on_provisional']) { require_once "functions_mail.inc"; // Send a mail only if this a new entry, or if this is an // edited entry but we have to send mail on every change, // and if mrbsCreateRepeatingEntrys is successful if ((isset($id) && $mail_settings['admin_all'] or !isset($id)) && 0 != $new_id) { // Get room name and area name. Would be better to avoid // a database access just for that. Ran only if we need