load_global_settings(); load_user_preferences(); $WebCalendar->setLanguage(); // Load user name, etc. user_load_variables($login, ''); // See if a user login was specified in the URL $user = getGetValue('user'); // translate 'public' to be '__public__' if ($user == 'public') { $user = '******'; } // Make sure the current user has proper permissions to see unapproved // events for the specified user. We're not checking to see if if ($user != '') { if (access_is_enabled()) { if (!access_user_calendar('approve', $user)) { // not allowed $user = login; } } else { if (!$is_admin && $user != $login && !$is_assistant && !access_is_enabled()) { $user = $login; } } } // If not, user current user's login if ($user == '') { $user = $login; } $charset = empty($LANGUAGE) ? 'iso-8859-1' : translate('charset'); // This should work ok with RSS, may need to hardcode fallback value.
<?php /* $Id: month.php,v 1.95.2.9 2010/08/15 18:54:34 cknudsen Exp $ */ include_once 'includes/init.php'; //check UAC if (!access_can_access_function(ACCESS_MONTH) || !empty($user) && !access_user_calendar('view', $user)) { send_to_preferred_view(); } if ($user != $login && $is_nonuser_admin) { load_user_layers($user); } else { if (empty($user)) { load_user_layers(); } } $cat_id = getValue('cat_id', '-?[0-9,\\-]*', true); load_user_categories(); $next = mktime(0, 0, 0, $thismonth + 1, 1, $thisyear); $nextYmd = date('Ymd', $next); $nextyear = substr($nextYmd, 0, 4); $nextmonth = substr($nextYmd, 4, 2); $prev = mktime(0, 0, 0, $thismonth - 1, 1, $thisyear); $prevYmd = date('Ymd', $prev); $prevyear = substr($prevYmd, 0, 4); $prevmonth = substr($prevYmd, 4, 2); if ($BOLD_DAYS_IN_YEAR == 'Y') { $boldDays = true; $startdate = mktime(0, 0, 0, $prevmonth, 0, $prevyear); $enddate = mktime(23, 59, 59, $nextmonth + 1, 0, $nextyear); } else { $boldDays = false;
function print_entry_timebar($event, $date) { global $ENTRY_SLOTS, $entrySlots, $eventinfo, $login, $PHP_SELF, $PUBLIC_ACCESS_FULLNAME, $slotValue, $totalHours, $totalSlots, $user, $width, $WORK_DAY_END_HOUR, $WORK_DAY_START_HOUR, $yardSlots, $yardWidth; static $key = 0; $insidespan = false; $ret = ''; if (access_is_enabled()) { $temp = $event->getLogin(); $can_access = access_user_calendar('view', $temp, '', $event->getCalType(), $event->getAccess()); $time_only = access_user_calendar('time', $temp); } else { $can_access = CAN_DOALL; $time_only = 'N'; } $id = $event->getID(); $name = $event->getName(); $linkid = "pop{$id}-{$key}"; $key++; $day_start = $WORK_DAY_START_HOUR * 60; $day_end = $WORK_DAY_END_HOUR * 60; if ($day_end <= $day_start) { $day_end = $day_start + 60; } //Avoid exceptions. $time = date('His', $event->getDateTimeTS()); $startminutes = time_to_minutes($time); $endminutes = time_to_minutes(date('His', $event->getEndDateTimeTS())); $duration = $event->getDuration(); if ($event->isAllDay()) { // All day event. $ev_duration = $totalSlots; $start_padding = 0; } else { if ($event->isUntimed()) { $ev_duration = $start_padding = 0; } else { // Must be timed. $start_padding = round(($startminutes - $day_start) / $slotValue); if ($start_padding < 0) { $start_padding = 0; } if ($startminutes > $day_end || $endminutes < $day_start) { $ev_duration = 1; } else { if ($duration > 0) { $ev_duration = intval($duration / $slotValue); // Event starts before workday. if ($startminutes < $day_start) { $ev_duration = $ev_duration - (int) ($day_start - $startminutes) / $slotValue; } // Event ends after workday. if ($endminutes > $day_end) { $ev_duration = $ev_duration - (int) ($endminutes - $day_end) / $slotValue; } } } } } $end_padding = $totalSlots - $start_padding - $ev_duration + 1; // If event is past viewing area. if ($start_padding >= $totalSlots) { $ev_duration = 1; $start_padding = $totalSlots - 1; } // Choose where to position the text (pos=0->before,pos=1->on,pos=2->after). if ($ev_duration / $totalSlots >= 0.3) { $pos = 1; } elseif ($end_padding / $totalSlots >= 0.3) { $pos = 2; } else { $pos = 0; } $ret .= ' <!-- ENTRY BAR --> <tr class="entrycont">' . ($start_padding > 0 ? ' <td class="alignright" colspan="' . $start_padding . '">' : ''); if ($pos > 0) { if (!$event->isUntimed()) { $ret .= ($start_padding > 0 ? ' </td>' : '') . ' <td class="entry" colspan="' . $ev_duration . '">' . ($pos > 1 ? ' </td> <td class="alignleft" colspan="' . $end_padding . '">' : ''); } else { // Untimed, just display text. $ret .= ' <td colspan="' . $totalSlots . '">'; } } $tempClone = $event->getClone(); $tempPri = $event->getPriority() < 4; return $ret . ($tempPri ? '<strong>' : '') . ($can_access != 0 && $time_only != 'Y' ? ' <a class="entry" id="' . $linkid . '" href="view_entry.php?id=' . $id . '&date=' . ($tempClone ? $tempClone : $date) . (strlen($user) > 0 ? '&user='******'') . '">' : '') . '[' . ($event->getLogin() == '__public__' ? $PUBLIC_ACCESS_FULLNAME : $event->getLogin()) . '] ' . build_entry_label($event, 'eventinfo-' . $linkid, $can_access, $event->isAllDay() ? translate('All day event') : (!$event->isUntimed() ? display_time($event->getDatetime()) . ($event->getDuration() > 0 ? ' - ' . display_time($event->getEndDateTime(), 2) : '') : ''), $time_only) . ($insidespan ? '</span>' : '') . '</a>' . ($tempPri ? '</strong>' : '') . '</td>' . ($pos < 2 ? ($pos < 1 ? ' <td class="entry" colspan="' . $ev_duration . '"> </td>' : '') . ($end_padding > 1 ? ' <td class="alignleft" colspan="' . $end_padding . '"> </td>' : '') : '') . ' </tr>'; }
if (!access_is_enabled() || access_can_access_function(ACCESS_ANOTHER_CALENDAR)) { // Get count of users this user can see. If > 1, then... $ulist = array_merge(get_my_users($login, 'view'), get_my_nonusers($login, true, 'view')); //remove duplicates if any if (function_exists('array_intersect_key')) { $ulist = array_intersect_key($ulist, array_unique(array_map('serialize', $ulist))); } if (count($ulist) > 1) { $select_user_url = 'select_user.php'; } } } } } // Only display some links if we're viewing our own calendar. if (empty($user) || $user == $login || !empty($user) && access_is_enabled() && access_user_calendar('view', $user)) { // Search if (access_can_access_function(ACCESS_SEARCH, $user)) { $search_url = 'search.php'; } } if (empty($user) || $user == $login) { // Import/Export if (access_is_enabled() || $login != '__public__' && !$is_nonuser) { if ($readonly != 'Y' && access_can_access_function(ACCESS_IMPORT, $user)) { $import_url = 'import.php'; } if (access_can_access_function(ACCESS_EXPORT, $user)) { $export_url = 'export.php'; } }
function build_entry_popup($popupid, $user, $description = '', $time, $site_extras = '', $location = '', $name = '', $id = '', $reminder = '') { global $ALLOW_HTML_DESCRIPTION, $DISABLE_POPUPS, $login, $PARTICIPANTS_IN_POPUP, $popup_fullnames, $popuptemp_fullname, $PUBLIC_ACCESS_VIEW_PART, $SUMMARY_LENGTH, $tempfullname; if (!empty($DISABLE_POPUPS) && $DISABLE_POPUPS == 'Y') { return; } // Restrict info if time only set. $details = true; if (function_exists('access_is_enabled') && access_is_enabled() && $user != $login) { $time_only = access_user_calendar('time', $user); $details = $time_only == 'N' ? 1 : 0; } $ret = '<dl id="' . $popupid . '" class="popup">' . "\n"; if (empty($popup_fullnames)) { $popup_fullnames = array(); } $partList = array(); if ($details && $id != '' && !empty($PARTICIPANTS_IN_POPUP) && $PARTICIPANTS_IN_POPUP == 'Y' && !($PUBLIC_ACCESS_VIEW_PART == 'N' && $login == '__public__')) { $rows = dbi_get_cached_rows('SELECT cal_login, cal_status FROM webcal_entry_user WHERE cal_id = ? AND cal_status IN ( \'A\',\'W\' )', array($id)); if ($rows) { for ($i = 0, $cnt = count($rows); $i < $cnt; $i++) { $row = $rows[$i]; $participants[] = $row; } } for ($i = 0, $cnt = count($participants); $i < $cnt; $i++) { user_load_variables($participants[$i][0], 'temp'); $partList[] = $tempfullname . ' ' . ($participants[$i][1] == 'W' ? '(?)' : ''); } $rows = dbi_get_cached_rows('SELECT cal_fullname FROM webcal_entry_ext_user WHERE cal_id = ? ORDER by cal_fullname', array($id)); if ($rows) { $extStr = translate('External User'); for ($i = 0, $cnt = count($rows); $i < $cnt; $i++) { $row = $rows[$i]; $partList[] = $row[0] . ' (' . $extStr . ')'; } } } if ($user != $login) { if (empty($popup_fullnames[$user])) { user_load_variables($user, 'popuptemp_'); $popup_fullnames[$user] = $popuptemp_fullname; } $ret .= '<dt>' . translate('User') . ":</dt>\n<dd>{$popup_fullnames[$user]}</dd>\n"; } $ret .= ($SUMMARY_LENGTH < 80 && strlen($name) && $details ? '<dt>' . htmlspecialchars(substr($name, 0, 40)) . "</dt>\n" : '') . (strlen($time) ? '<dt>' . translate('Time') . ":</dt>\n<dd>{$time}</dd>\n" : '') . (!empty($location) && $details ? '<dt>' . translate('Location') . ":</dt>\n<dd> {$location}</dd>\n" : '') . (!empty($reminder) && $details ? '<dt>' . translate('Send Reminder') . ":</dt>\n<dd> {$reminder}</dd>\n" : ''); if (!empty($partList) && $details) { $ret .= '<dt>' . translate('Participants') . ":</dt>\n"; foreach ($partList as $parts) { $ret .= "<dd> {$parts}</dd>\n"; } } if (!empty($description) && $details) { $ret .= '<dt>' . translate('Description') . ":</dt>\n<dd>"; if (!empty($ALLOW_HTML_DESCRIPTION) && $ALLOW_HTML_DESCRIPTION == 'Y') { // Replace &s and decode special characters. $str = unhtmlentities(str_replace('&amp;', '&', str_replace('&', '&', $description))); // If there is no HTML found, then go ahead and replace // the line breaks ("\n") with the HTML break ("<br />"). $ret .= strstr($str, '<') && strstr($str, '>') ? $str : nl2br($str); } else { // HTML not allowed in description, escape everything. $ret .= nl2br(htmlspecialchars($description)); } $ret .= "</dd>\n"; } //if $description return $ret . (empty($site_extras) ? '' : $site_extras) . "</dl>\n"; }
$can_email = access_user_calendar('email', $templogin); } echo ' '; if (strlen($tempemail) > 0 && $can_email != 'N') { echo '<a href="mailto:' . $tempemail . '?subject=' . $subject . '">' . $tempfullname . '</a>'; $allmails[] = $tempemail; } else { echo $tempfullname; } echo ' (?)<br />'; } for ($i = 0; $i < $num_rej; $i++) { user_load_variables($rejected[$i], 'temp'); if (access_is_enabled()) { $can_email = access_user_calendar('email', $templogin); } echo ' <strike>' . (strlen($tempemail) > 0 && $can_email != 'N' ? '<a href="mailto:' . $tempemail . '?subject=' . $subject . '">' . $tempfullname . '</a>' : $tempfullname) . '</strike> (' . translate('Rejected') . ')<br />'; } } echo ' </td> </tr>'; } // end participants $can_edit = $can_edit || $is_admin || $is_nonuser_admin && $user == $create_by || $is_assistant && !$is_private && $user == $create_by || $readonly != 'Y' && ($login != '__public__' && $login == $create_by || $single_user == 'Y'); if (empty($event_status)) { // this only happens when an admin views a deleted event that he is // not a participant for. Set to $event_status to "D" just to get // rid of all the edit/delete links below.
} } //end new/old event // Some users report that they get an error on duplicate keys // on the following add... As a safety measure, delete any // existing entry with the id. Ignore the result. dbi_execute('DELETE FROM webcal_entry_user WHERE cal_id = ? AND cal_login = ?', array($id, $participants[$i])); if (!dbi_execute('INSERT INTO webcal_entry_user ( cal_id, cal_login, cal_status, cal_percent ) VALUES ( ?, ?, ?, ? )', array($id, $participants[$i], $status, $new_percent))) { $error = $dberror . dbi_error(); break; } else { // Check UAC. $can_email = 'Y'; if (access_is_enabled()) { $can_email = access_user_calendar('email', $participants[$i], $login); } // Don't send mail if we are editing a non-user calendar and we are the admin. if (!$is_nonuser_admin && $can_email == 'Y') { // Only send mail if their email address is filled in. $do_send = get_pref_setting($participants[$i], $newevent ? 'EMAIL_EVENT_ADDED' : 'EMAIL_EVENT_UPDATED'); $htmlmail = get_pref_setting($participants[$i], 'EMAIL_HTML'); $t_format = get_pref_setting($participants[$i], 'TIME_FORMAT'); $user_TIMEZONE = get_pref_setting($participants[$i], 'TIMEZONE'); set_env('TZ', $user_TIMEZONE); $user_language = get_pref_setting($participants[$i], 'LANGUAGE'); user_load_variables($participants[$i], 'temp'); if (boss_must_be_notified($login, $participants[$i]) && !empty($tempemail) && $do_send == 'Y' && $send_user_mail && $SEND_EMAIL != 'N') { // We send to creator if they want it. if ($send_own != 'Y' && $participants[$i] == $login) { continue;
function list_unapproved($user) { global $eventinfo, $key, $login, $NONUSER_ENABLED, $noret, $temp_fullname; user_load_variables($user, 'temp_'); $rssLink = '<a href="rss_unapproved.php?user='******'"><img src="images/rss.png" width="14" height="14" alt="RSS 2.0 - ' . htmlspecialchars($temp_fullname) . '" border="0"/></a>'; $count = 0; $ret = ''; $sql = 'SELECT we.cal_id, we.cal_name, we.cal_description, weu.cal_login, we.cal_priority, we.cal_date, we.cal_time, we.cal_duration, weu.cal_status, we.cal_type FROM webcal_entry we, webcal_entry_user weu WHERE we.cal_id = weu.cal_id AND weu.cal_login = ? AND weu.cal_status = \'W\' ORDER BY weu.cal_login, we.cal_date'; $rows = dbi_get_cached_rows($sql, array($user)); if ($rows) { $allDayStr = translate('All day event'); $appConStr = translate('Approve/Confirm'); $appSelStr = translate('Approve Selected'); $checkAllStr = translate('Check All'); $deleteStr = translate('Delete'); $emailStr = translate('Emails Will Not Be Sent'); $rejectSelStr = translate('Reject Selected'); $rejectStr = translate('Reject'); $uncheckAllStr = translate('Uncheck All'); $viewStr = translate('View this entry'); for ($i = 0, $cnt = count($rows); $i < $cnt; $i++) { $row = $rows[$i]; $key++; $id = $row[0]; $name = $row[1]; $description = $row[2]; $cal_user = $row[3]; $pri = $row[4]; $date = $row[5]; $time = sprintf("%06d", $row[6]); $duration = $row[7]; $status = $row[8]; $type = $row[9]; $view_link = 'view_entry'; $entryID = 'entry' . $type . $id; $linkid = "pop{$id}-{$key}"; $timestr = ''; if ($time > 0 || $time == 0 && $duration != 1440) { $eventstart = date_to_epoch($date . $time); $eventstop = $eventstart + $duration; $eventdate = date_to_str(date('Ymd', $eventstart)); $timestr = display_time('', 0, $eventstart) . ($duration > 0 ? ' - ' . display_time('', 0, $eventstop) : ''); } else { // Don't shift date if All Day or Untimed. $eventdate = date_to_str($date); // If All Day display in popup. if ($time == 0 && $duration == 1440) { $timestr = $allDayStr; } } $ret .= ($count == 0 ? ' <tr> <td colspan="5"><h3>' . $temp_fullname . ' ' . $rssLink . '</h3></td> </tr>' : '') . ' <tr ' . ($count % 2 == 0 ? '' : 'class="odd"') . '> <td width="5%" align="right"><input type="checkbox" name="' . $entryID . '" value="' . $user . '"/></td> <td><a title="' . $viewStr . '" class="entry" id="' . $linkid . '" href="' . $view_link . '.php?id=' . $id . '&user='******'">' . htmlspecialchars($name) . '</a> (' . $eventdate . '):</td>' . ' <td align="center"><input type="image" src="images/check.gif" title="' . $appConStr . '" onclick="return do_confirm( \'approve\', \'' . $cal_user . '\', \'' . $entryID . '\' );" /></td>' . ' <td align="center"><input type="image" src="images/rejected.gif" title="' . $rejectStr . '" onclick="return do_confirm( \'reject\', \'' . $cal_user . '\', \'' . $entryID . '\' );" /></td>' . (!access_is_enabled() || access_user_calendar('edit', $user) ? ' <td align="center"><input type="image" src="images/delete.png" title="' . $deleteStr . '" onclick="return do_confirm( \'delete\', \'' . $cal_user . '\', \'' . $entryID . '\' );\\" /></td>' : '') . ' </tr>'; $eventinfo .= build_entry_popup('eventinfo-' . $linkid, $cal_user, $description, $timestr, site_extras_for_popup($id)); $count++; } if ($count > 1) { $ret .= ' <tr> <td colspan="5" nowrap="nowrap"> <img src="images/select.gif" border="0" alt="" /> <label><a title="' . $checkAllStr . '" onclick="check_all( \'' . $user . '\' );">' . $checkAllStr . '</a> / <a title="' . $uncheckAllStr . '" onclick="uncheck_all( \'' . $user . '\' );">' . $uncheckAllStr . '</a></label> <input type="image" src="images/check.gif" title="' . $appSelStr . '" onclick="return do_confirm( \'approveSelected\', \'' . $cal_user . '\' );" /> <input type="image" src="images/rejected.gif" title="' . $rejectSelStr . '" onclick="return do_confirm( \'rejectSelected\', \'' . $cal_user . '\' );" /> ( ' . $emailStr . ' ) </td> </tr>'; } } if ($count == 0) { $noret .= ' <tr> <td colspan="5" class="nounapproved">' . str_replace('XXX', $temp_fullname, translate('No unapproved entries for XXX.')) . ' ' . $rssLink . '</td> </tr>'; } return $ret; }
} } } } } // Now, mark event as deleted for all users. dbi_execute('UPDATE webcal_entry_user SET cal_status = \'D\' WHERE cal_id = ?', array($id)); // Delete External users for this event dbi_execute('DELETE FROM webcal_entry_ext_user WHERE cal_id = ?', array($id)); } } else { // Not the owner of the event, but participant or noncal_admin. // Just set the status to 'D' instead of deleting. $del_user = !empty($other_user) ? $other_user : $login; if (!empty($user) && $user != $login) { if ($is_admin || $my_event || $can_edit && $is_assistant || access_is_enabled() && access_user_calendar('edit', $user)) { $del_user = $user; } else { // Error: user cannot delete from other user's calendar. $error = print_not_auth(6); } } if (empty($error)) { if ($override_repeat) { dbi_execute('INSERT INTO webcal_entry_repeats_not ( cal_id, cal_date, cal_exdate ) VALUES ( ?, ?, ? )', array($id, $date, 1)); // Should we log this to the activity log??? } else { dbi_execute('UPDATE webcal_entry_user SET cal_status = ? WHERE cal_id = ? AND cal_login = ?', array('D', $id, $del_user)); activity_log($id, $login, $login, $log_reject, '');
} elseif ($extra_type == EXTRA_TEXT) { $size = $extra_arg1 > 0 ? $extra_arg1 : 50; echo ' <input type="text" size="' . $size . '" name="' . $extra_name . '" value="' . (empty($extras[$extra_name]['cal_data']) ? '' : htmlspecialchars($extras[$extra_name]['cal_data'])) . '" />'; } elseif ($extra_type == EXTRA_MULTILINETEXT) { echo ' <textarea rows="' . ($extra_arg2 > 0 ? $extra_arg2 : 5) . '" cols="' . ($extra_arg1 > 0 ? $extra_arg1 : 50) . '" name="' . $extra_name . '">' . (empty($extras[$extra_name]['cal_data']) ? '' : htmlspecialchars($extras[$extra_name]['cal_data'])) . '</textarea>'; } elseif ($extra_type == EXTRA_USER) { // Show list of calendar users... echo ' <select name="' . $extra_name . '"> <option value="">None</option>'; $userlist = get_my_users(get_my_users); $usercnt = count($userlist); for ($j = 0; $j < $usercnt; $j++) { if (access_is_enabled() && !access_user_calendar('view', $userlist[$j]['cal_login'])) { continue; } // Cannot view calendar so cannot add to their cal. echo ' <option value="' . $userlist[$j]['cal_login'] . '"' . (!empty($extras[$extra_name]['cal_data']) && $userlist[$j]['cal_login'] == $extras[$extra_name]['cal_data'] ? $selected : '') . '>' . $userlist[$j]['cal_fullname'] . '</option>'; } echo ' </select>'; } elseif ($extra_type == EXTRA_SELECTLIST) { // Show custom select list. $extraSelectArr = $isMultiple = $multiselect = ''; if (is_array($extra_arg1)) { $extra_arg1cnt = count($extra_arg1); if ($extra_arg2 > 0) { $multiselect = ' multiple="multiple" size="' . min($extra_arg2, $extra_arg1cnt) . '" ';
// Get the name of the event. $res = dbi_execute('SELECT cal_name, cal_description, cal_date, cal_time, cal_create_by FROM webcal_entry WHERE cal_id = ?', array($id)); if ($res) { $row = dbi_fetch_row($res); $name = $row[0]; $description = $row[1]; $fmtdate = $row[2]; $time = sprintf("%06d", $row[3]); $creator = $row[4]; dbi_free_result($res); } $eventstart = date_to_epoch($fmtdate . $time); // TODO figure out if creator wants approved comment email. // Check UAC. $send_user_mail = access_is_enabled() ? access_user_calendar('email', $creator, $login) : 'Y'; $htmlmail = get_pref_setting($creator, 'EMAIL_HTML'); user_load_variables($creator, 'temp'); $user_TIMEZONE = get_pref_setting($creator, 'TIMEZONE'); set_env('TZ', $user_TIMEZONE); $user_language = get_pref_setting($creator, 'LANGUAGE'); if ($send_user_mail == 'Y' && strlen($tempemail) && $SEND_EMAIL != 'N') { reset_language(empty($user_language) || $user_language == 'none' ? $LANGUAGE : $user_language); // translate ( 'Hello' ) $msg = str_replace('XXX', $tempfullname, translate('Hello, XXX.')) . "\n\n" . str_replace('XXX', $login_fullname, translate('XXX has approved an appointment and added comments.')) . "\n\n" . str_replace('XXX', $name, translate('Subject XXX')) . "\n" . str_replace('XXX', $description, translate('Description XXX')) . "\n" . str_replace('XXX', date_to_str($fmtdate), translate('Date XXX')) . ' ' . (empty($hour) && empty($minute) ? '' : str_replace('XXX', display_time('', 2, $eventstart, get_pref_setting($creator, 'TIME_FORMAT')), translate('Time XXX'))) . "\n"; if (!empty($SERVER_URL)) { // DON'T change & to & here. email will handle it $url = $SERVER_URL . 'view_entry.php?id=' . $id . '&em=1'; if ($htmlmail == 'Y') { $url = activate_urls($url); }
if (empty($ALLOW_COMMENTS) || $ALLOW_COMMENTS != 'Y') { $error = print_not_auth(10); } else { if (empty($error) && $ALLOW_COMMENTS_PART == 'Y' && $is_my_event) { $can_add = true; } else { if ($ALLOW_COMMENTS_ANY == 'Y') { $can_add = true; } } } } } //check UAC if (access_is_enabled()) { $can_add = $can_add || access_user_calendar('edit', $user); } if (!$can_add) { $error = print_not_auth(6); } if (!empty($error)) { print_header(); echo print_error($error); echo print_trailer(); exit; } // Handle possible POST first if (empty($REQUEST_METHOD)) { $REQUEST_METHOD = $_SERVER['REQUEST_METHOD']; } if ($REQUEST_METHOD == 'POST') {
if ($res) { $row = dbi_fetch_row($res); $name = $row[0]; $description = $row[1]; $fmtdate = $row[2]; $time = sprintf("%06d", $row[3]); dbi_free_result($res); } $eventstart = date_to_epoch($fmtdate . $time); for ($i = 0, $cnt = count($partlogin); $i < $cnt; $i++) { // does this user want email for this? $send_user_mail = get_pref_setting($partlogin[$i], 'EMAIL_EVENT_REJECTED'); //check UAC $can_mail = 'Y'; if (access_is_enabled()) { $can_mail = access_user_calendar('email', $partlogin[$i], $login); } $htmlmail = get_pref_setting($partlogin[$i], 'EMAIL_HTML'); $t_format = get_pref_setting($partlogin[$i], 'TIME_FORMAT'); user_load_variables($partlogin[$i], 'temp'); $user_TIMEZONE = get_pref_setting($partlogin[$i], 'TIMEZONE'); set_env('TZ', $user_TIMEZONE); $user_language = get_pref_setting($partlogin[$i], 'LANGUAGE'); if ($send_user_mail == 'Y' && strlen($tempemail) && $SEND_EMAIL != 'N' && $can_mail == 'Y') { if (empty($user_language) || $user_language == 'none') { reset_language($LANGUAGE); } else { reset_language($user_language); } $msg = translate('Hello') . ', ' . $tempfullname . ".\n\n" . translate('An appointment has been rejected by') . ' ' . $login_fullname . ".\n\n" . translate('The subject was') . ' "' . $name . " \"\n" . translate('The description is') . ' "' . $description . "\"\n" . translate('Date') . ': ' . date_to_str($fmtdate) . "\n" . (empty($hour) && empty($minute) ? '' : translate('Time') . ': ' . display_time('', 2, $eventstart, $t_format)) . "\n"; if (!empty($SERVER_URL)) {
$userlookup[$myusers[$i]['cal_login']] = 1; } $newlist = array(); $cnt = count($users); for ($i = 0; $i < $cnt; $i++) { if (!empty($userlookup[$users[$i]])) { $newlist[] = $users[$i]; } } $users = $newlist; } // Now, use access control to remove more users :-) if (access_is_enabled() && !$is_admin) { $newlist = array(); for ($i = 0; $i < count($users); $i++) { if (access_user_calendar('view', $users[$i])) { $newlist[] = $users[$i]; //echo "can access $users[$i] <br>"; } else { //echo "cannot access $users[$i] <br>"; } } $users = $newlist; } } if (empty($users) || empty($users[0])) { $search_others = false; } //Get advanced filters $cat_filter = getPostValue('cat_filter'); $extra_filter = getPostValue('extra_filter');
function get_users_to_approve() { global $is_admin, $login, $NONUSER_ENABLED, $PUBLIC_ACCESS, $user; $app_user_hash = $app_users = $my_non_users = array(); $non_users = get_nonuser_cals(); foreach ($non_users as $nonuser) { if (user_is_nonuser_admin($login, $nonuser['cal_login'])) { $my_non_users[]['cal_login'] = $nonuser['cal_login']; // echo $nonuser['cal_login'] . "<br />"; } } // First, we list ourself. $app_users[] = $login; $app_user_hash[$login] = 1; if (access_is_enabled()) { $all = !empty($NONUSER_ENABLED) && $NONUSER_ENABLED == 'Y' ? array_merge(get_my_users(), $my_non_users) : get_my_users(); for ($j = 0, $cnt = count($all); $j < $cnt; $j++) { $x = $all[$j]['cal_login']; if (access_user_calendar('approve', $x)) { if (empty($app_user_hash[$x])) { $app_users[] = $x; $app_user_hash[$x] = 1; } } } } else { if ($is_admin && $PUBLIC_ACCESS == 'Y' && (empty($user) || $user != '__public__')) { $app_users[] = '__public__'; $app_users_hash['__public__'] = 1; } $all = $my_non_users; for ($j = 0, $cnt = count($all); $j < $cnt; $j++) { $x = $all[$j]['cal_login']; if (empty($app_user_hash[$x])) { $app_users[] = $x; $app_user_hash[$x] = 1; } } } return $app_users; }
/** * Remove any users from the view list who this user is not * allowed to view. * @param int $view_id id of the view * @return the array of valid users */ function view_get_user_list($view_id) { global $error, $login, $is_admin, $NONUSER_ENABLED, $USER_SEES_ONLY_HIS_GROUPS; // get users in this view $res = dbi_execute('SELECT cal_login FROM webcal_view_user WHERE cal_view_id = ?', array($view_id)); $ret = array(); $all_users = false; if ($res) { while ($row = dbi_fetch_row($res)) { $ret[] = $row[0]; if ($row[0] == '__all__') { $all_users = true; } } dbi_free_result($res); } else { $error = db_error(); } if ($all_users) { $users = get_my_users('', 'view'); $ret = array(); $usercnt = count($users); for ($i = 0; $i < $usercnt; $i++) { $ret[] = $users[$i]['cal_login']; } } else { $myusers = get_my_users('', 'view'); if (!empty($NONUSER_ENABLED) && $NONUSER_ENABLED == 'Y') { $myusers = array_merge($myusers, get_my_nonusers($login, true, 'view')); } // Make sure this user is allowed to see all users in this view // If this is a global view, it may include users that this user // is not allowed to see. if (!empty($USER_SEES_ONLY_HIS_GROUPS) && $USER_SEES_ONLY_HIS_GROUPS == 'Y') { $userlookup = array(); $myusercnt = count($myusers); for ($i = 0; $i < $myusercnt; $i++) { $userlookup[$myusers[$i]['cal_login']] = 1; } $newlist = array(); $retcnt = count($ret); for ($i = 0; $i < $retcnt; $i++) { if (!empty($userlookup[$ret[$i]])) { $newlist[] = $ret[$i]; } } $ret = $newlist; } //Sort user list... $sortlist = array(); $myusercnt = count($myusers); $retcnt = count($ret); for ($i = 0; $i < $myusercnt; $i++) { for ($j = 0; $j < $retcnt; $j++) { if ($myusers[$i]['cal_login'] == $ret[$j]) { $sortlist[] = $ret[$j]; break; } } } $ret = $sortlist; } // If user access control enabled, check against that as well. if (access_is_enabled() && !$is_admin) { $newlist = array(); $retcnt = count($ret); for ($i = 0; $i < $retcnt; $i++) { if (access_user_calendar('view', $ret[$i])) { $newlist[] = $ret[$i]; } } $ret = $newlist; } //echo "<pre>"; print_r ( $ret ); echo "</pre>\n"; return $ret; }