public function postAction($request, $db) { if (!isset($request->user_id)) { throw new Exception("You must be logged in to create data", 400); } if (isset($request->url_elements[4])) { switch ($request->url_elements[4]) { case 'attending': // the body of this request is completely irrelevant // The logged in user *is* attending the event. Use DELETE to unattend $event_id = $this->getItemId($request); $event_mapper = new EventMapper($db, $request); $event_mapper->setUserAttendance($event_id, $request->user_id); header("Location: " . $request->base . $request->path_info, null, 201); return; default: throw new Exception("Operation not supported, sorry", 404); } } else { // Create a new event, pending unless user has privs // incoming data $event = array(); $errors = array(); $event['name'] = filter_var($request->getParameter("name"), FILTER_SANITIZE_STRING); if (empty($event['name'])) { $errors[] = "'name' is a required field"; } $event['description'] = filter_var($request->getParameter("description"), FILTER_SANITIZE_STRING); if (empty($event['description'])) { $errors[] = "'description' is a required field"; } $event['location'] = filter_var($request->getParameter("location"), FILTER_SANITIZE_STRING); if (empty($event['location'])) { $errors[] = "'location' is a required field (for virtual events, 'online' works)"; } $start_date = strtotime($request->getParameter("start_date")); $end_date = strtotime($request->getParameter("end_date")); if (!$start_date || !$end_date) { $errors[] = "Both 'start_date' and 'end_date' must be supplied in a recognised format"; } else { // if the dates are okay, sort out timezones $event['tz_continent'] = filter_var($request->getParameter("tz_continent"), FILTER_SANITIZE_STRING); $event['tz_place'] = filter_var($request->getParameter("tz_place"), FILTER_SANITIZE_STRING); try { // make the timezone, and read in times with respect to that $tz = new DateTimeZone($event['tz_continent'] . '/' . $event['tz_place']); $start_date = new DateTime($request->getParameter("start_date"), $tz); $end_date = new DateTime($request->getParameter("end_date"), $tz); $event['start_date'] = $start_date->format('U'); $event['end_date'] = $end_date->format('U'); } catch (Exception $e) { // the time zone isn't right $errors[] = "The fields 'tz_continent' and 'tz_place' must be supplied and valid " . "(e.g. Europe and London)"; } } // optional fields - only check if we have no errors as we may need // access to $tz. if (!$errors) { $href = filter_var($request->getParameter("href"), FILTER_VALIDATE_URL); if ($href) { $event['href'] = $href; } $cfp_url = filter_var($request->getParameter("cfp_url"), FILTER_VALIDATE_URL); if ($cfp_url) { $event['cfp_url'] = $cfp_url; } $cfp_start_date = strtotime($request->getParameter("cfp_start_date")); if ($cfp_start_date) { $cfp_start_date = new DateTime($request->getParameter("cfp_start_date"), $tz); $event['cfp_start_date'] = $cfp_start_date->format('U'); } $cfp_end_date = strtotime($request->getParameter("cfp_end_date")); if ($cfp_end_date) { $cfp_end_date = new DateTime($request->getParameter("cfp_end_date"), $tz); $event['cfp_end_date'] = $cfp_end_date->format('U'); } $latitude = filter_var($request->getParameter("latitude"), FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION); if ($latitude) { $event['latitude'] = $latitude; } $longitude = filter_var($request->getParameter("longitude"), FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION); if ($longitude) { $event['longitude'] = $longitude; } $incoming_tag_list = $request->getParameter('tags'); if (is_array($incoming_tag_list)) { $tags = array_map(function ($tag) { $tag = filter_var($tag, FILTER_SANITIZE_STRING); $tag = trim($tag); $tag = strtolower($tag); return $tag; }, $incoming_tag_list); } } // How does it look? With no errors, we can proceed if ($errors) { throw new Exception(implode(". ", $errors), 400); } else { $user_mapper = new UserMapper($db, $request); $event_mapper = new EventMapper($db, $request); $event_owner = $user_mapper->getUserById($request->user_id); $event['contact_name'] = $event_owner['users'][0]['full_name']; // When a site admin creates an event, we want to approve it immediately $approveEventOnCreation = $user_mapper->isSiteAdmin($request->user_id); // Do we want to automatically approve when testing? if (isset($this->config['features']['allow_auto_approve_events']) && $this->config['features']['allow_auto_approve_events']) { if ($request->getParameter("auto_approve_event") == "true") { // The test suite sends this extra field, if we got // this far then this platform supports this $approveEventOnCreation = true; } } if ($approveEventOnCreation) { $event_id = $event_mapper->createEvent($event, true); // redirect to event listing header("Location: " . $request->base . $request->path_info . '/' . $event_id, null, 201); } else { $event_id = $event_mapper->createEvent($event); // set status to accepted; a pending event won't be visible header("Location: " . $request->base . $request->path_info, null, 202); } // now set the current user as host and attending $event_mapper->addUserAsHost($event_id, $request->user_id); $event_mapper->setUserAttendance($event_id, $request->user_id); if (isset($tags)) { $event_mapper->setTags($event_id, $tags); } // Send an email if we didn't auto-approve if (!$user_mapper->isSiteAdmin($request->user_id)) { $event = $event_mapper->getPendingEventById($event_id, true); $count = $event_mapper->getPendingEventsCount(); $recipients = $user_mapper->getSiteAdminEmails(); $emailService = new EventSubmissionEmailService($this->config, $recipients, $event, $count); $emailService->sendEmail(); } exit; } } }