$admincomment = $_POST['admincomment']; $status = $_POST['status']; confirmReservation($resid, $admincomment, $status); $message = "Reservation Updated!"; } } if ((isset($_GET['resid']) || isset($_POST['resid'])) && issetSessionVariable('user_level')) { if (isset($_GET['resid'])) { $resid = $_GET['resid']; } else { if (isset($_POST['resid'])) { $resid = $_POST['resid']; } } if (getSessionVariable('user_level') >= RES_USERLEVEL_ADMIN) { $resresult = getReservationByID($resid); if (mysql_num_rows($resresult) > 0) { $reservation = mysql_fetch_assoc($resresult); $user = mysql_fetch_assoc(getUserByID($reservation['user_id'])); $equipment = mysql_fetch_assoc(getEquipmentByID($reservation['equip_id'])); $accept = ""; $deny = ""; if ($reservation['mod_status'] == RES_STATUS_CONFIRMED) { $accept = "selected"; } else { if ($reservation['mod_status'] == RES_STATUS_DENIED) { $deny = "selected"; } } $status = ""; if ($reservation['mod_status'] == RES_STATUS_CONFIRMED) {
function confirmReservation($resid, $admincomment, $status) { $resid = makeStringSafe($resid); $admincomment = makeStringSafe($admincomment); $status = makeStringSafe($status); doQuery("UPDATE " . getDBPrefix() . "_reservations SET admin_comment = '" . $admincomment . "', mod_status = '" . $status . "' WHERE res_id = '" . $resid . "'"); $res = mysql_fetch_assoc(getReservationByID($resid)); $user = mysql_fetch_assoc(getUserByID($res['user_id'])); sendReservationNoticeToUser($user['email'], $resid, $status, $admincomment); logAdminConfirmReservation(getSessionVariable('user_id'), $resid); }
variable "resid". Known Bugs/Fixes: None */ if (isset($_GET['resid'])) { $resid = $_GET['resid']; } else { if (isset($_POST['resid'])) { $resid = $_POST['resid']; updateReservation($resid, $_POST['startdate'], $_POST['enddate']); } } /* Get the information of this reseravtion, the user, and the equipment involved. */ $reservation = mysql_fetch_assoc(getReservationByID($resid)); $user = mysql_fetch_assoc(getUserByID($reservation['user_id'])); $equipment = mysql_fetch_assoc(getEquipmentByID($reservation['equip_id'])); if ($reservation['mod_status'] == RES_STATUS_CONFIRMED) { $status = "<font color=\"#005500\">Current Status: Confirmed</font>"; } else { if ($reservation['mod_status'] == RES_STATUS_CHECKED_OUT) { $status = "<font color=\"#005500\">Current Status: Checked-Out</font>"; } else { if ($reservation['mod_status'] == RES_STATUS_CHECKED_IN) { $status = "<font color=\"#005500\">Current Status: Checked-In</font>"; } else { if ($reservation['mod_status'] == RES_STATUS_PENDING) { $status = "Current Status: Pending"; } else { $status = "<font color=\"#FF0000\">Current Status: Denied</font>";