function db_error_logger($errno, $errstr, $errfile = "", $errline = "", $errorcontext = array()){
$errno = makeStringSafe($errno);
$errstr = makeStringSafe($errstr);
$errfile = makeStringSafe($errfile);
$errline = makeStringSafe($errline);
if($errno < E_STRICT){
doQuery("INSERT INTO ".getDBPrefix()."_error_log set user_id = '".getSessionVariable("user_id")."', error_number = '".$errno."',
message = '".$errstr."', file = '".$errfile."', line_number = '".$errline."', context = '".serialize($errorcontext)."',
time = '".getCurrentMySQLDateTime()."'");
$errorrow = mysql_fetch_assoc(doQuery("SELECT error_id FROM ".getDBPrefix()."_error_log ORDER BY error_id DESC LIMIT 1"));
if(getConfigVar('error_output') == ERROR_OUTPUT_DBID || getConfigVar('error_output') == ERROR_OUTPUT_BOTH){
echo "<h4 style=\"color: #FF0000;\">An error occured! If you would like to report this error, please report that your 'ERROR_ID' is '".$errorrow['error_id']."'.</h4>";
}
}
return !(getConfigVar("error_output") == ERROR_OUTPUT_PHP || getConfigVar("error_output") == ERROR_OUTPUT_BOTH);
}
public function testCreateReservationFromWeekdaytoWeekend(){
$this->setSessionUserAdmin();
$startDate = '2011-11-18'; # A Friday
$length = 1;
$endDate = '2011-11-21'; # The Next Monday
$actualLength = 3;
$equipId = 1;
$userComment = "test user comment";
$adminComment = "test admin comment";
$modStatus = RES_STATUS_PENDING;
createReservation(getSessionVariable('user_id'), $equipId, $startDate, $length, $userComment, $adminComment, $modStatus);
$actualReservation = mysql_fetch_assoc(doQuery("select * from ".getConfigVar('db_prefix')."_reservations ORDER BY res_id DESC LIMIT 1"));
$this->assertEquals(getSessionVariable('user_id'), $actualReservation['user_id'], "User IDs not equal");
$this->assertEquals($equipId, $actualReservation['equip_id'], "Equip IDs not equal");
$this->assertEquals($startDate, $actualReservation['start_date'], "Start dates not equal");
$this->assertEquals($actualLength, $actualReservation['length'], "Lengths not equal");
$this->assertEquals($endDate, $actualReservation['end_date'], "End dates not equal");
$this->assertEquals($userComment, $actualReservation['user_comment'], "User comments not equal");
$this->assertEquals($adminComment, $actualReservation['admin_comment'], "Admin comments not equal");
$this->assertEquals($modStatus, $actualReservation['mod_status'], "Statuses not equal");
}
function checkAuthResult()
{
$code = getVariable('code', FALSE);
$state = getVariable('state', FALSE);
$provider = createProvider([], []);
$oauthUnguessable = getSessionVariable('oauthUnguessable', null);
if (!$code || !$state || !$oauthUnguessable) {
return;
}
if ($state !== $oauthUnguessable) {
//Miss-match on what we're tring to validated.
echo "Mismatch on secret'";
return;
}
try {
$api = $provider->make('DebugGithub');
//$client
/** @var $api DebugGithub */
$command = $api->oauthAuthorize(GITHUB_CLIENT_ID, GITHUB_CLIENT_SECRET, $code, "http://" . SERVER_HOSTNAME . "/github/return.php");
$accessResponse = $command->execute();
setSessionVariable(GITHUB_ACCESS_RESPONSE_KEY, $accessResponse);
if ($accessResponse->oauthScopes) {
echo "You are now authed for the following scopes:<br/>";
foreach ($accessResponse->oauthScopes as $scope) {
echo $scope . "<br/>";
}
}
} catch (GithubArtaxServiceException $fae) {
echo "Exception processing response: " . $fae->getMessage();
}
}
function checkAuthResult()
{
$code = getVariable('code', FALSE);
$state = getVariable('state', FALSE);
$oauthUnguessable = getSessionVariable('oauthUnguessable', null);
if (!$code || !$state || !$oauthUnguessable) {
return;
}
if ($state != $oauthUnguessable) {
//Miss-match on what we're tring to validated.
echo "Miss-match on secret'";
return;
}
try {
$api = new \AABTest\GithubAPI\GithubAPI();
$command = $api->accessToken(GITHUB_CLIENT_ID, GITHUB_CLIENT_SECRET, $code, "http://" . SERVER_HOSTNAME . "/github/return.php");
$response = $command->execute();
setSessionVariable('githubAccess', $response);
echo "You are now authed for the following scopes:<br/>";
foreach ($response->scopes as $scope) {
echo $scope . "<br/>";
}
} catch (\AABTest\GithubAPI\GithubAPIException $fae) {
echo "Exception processing response: " . $fae->getMessage();
}
}
function checkAuthResult()
{
$oauthToken = getVariable('oauth_token', FALSE);
$oauthVerifier = getVariable('oauth_verifier', FALSE);
/** @var \AABTest\OauthRequestToken $oauthRequest */
$oauthRequest = getSessionVariable('oauthRequest', null);
if (!$oauthToken || !$oauthVerifier || !$oauthRequest) {
return;
}
if ($oauthToken != $oauthRequest->oauthToken) {
//Miss-match on what we're tring to validated.
return;
}
try {
$oauthConfig = new OauthConfig(FLICKR_KEY, FLICKR_SECRET);
$oauthService = new \ArtaxApiBuilder\Service\FlickrOauth1($oauthConfig);
$oauthService->setOauthToken($oauthRequest->oauthToken);
$oauthService->setTokenSecret($oauthRequest->oauthTokenSecret);
$api = new \AABTest\FlickrAPI\FlickrAPI(FLICKR_KEY, $oauthService);
$command = $api->GetOauthAccessToken($oauthVerifier);
$oauthAccessToken = $command->execute();
setSessionVariable('oauthAccessToken', $oauthAccessToken);
echo "Oauth is confirmed - username is:" . $oauthAccessToken->user->username;
} catch (\AABTest\FlickrAPI\FlickrAPIException $fae) {
echo "Exception processing response: " . $fae->getResponse()->getBody();
}
}
$name = $entries[0]['givenname'][0] . " " . $entries[0]['sn'][0];
$email = $username . "@" . getConfigVar('ldap_domain');
newUser($username, $name, "", $email);
}
}
@ldap_close($connect);
$userresult = getUserByUsername($username);
$user = mysql_fetch_assoc($userresult);
sendNewUserNoticeToAdmins($user['user_id']);
return $userresult;
public function testGetSessionVariableShouldGetValue()
{
$variableName = "varTestSet";
$expectedValue = "TestValue2";
setSessionVariable($variableName, $expectedValue);
$actualValue = getSessionVariable($variableName);
$this->assertEquals($expectedValue, $actualValue,
"getSessionVariable(variable_name, value) got incorrect value.");
}
function addEquipment($name, $type, $serial, $description, $max, $picture, $minuserlevel, $checkoutfrom)
{
$name = makeStringSafe($name);
$type = makeStringSafe($type);
$serial = makeStringSafe($serial);
$description = makeStringSafe($description);
$max = makeStringSafe($max);
$picture = makeStringSafe($picture);
$minuserlevel = makeStringSafe($minuserlevel);
$checkoutfrom = makeStringSafe($checkoutfrom);
doQuery("INSERT INTO " . getDBPrefix() . "_equipment SET name = '" . $name . "', type = '" . $type . "', serial = '" . $serial . "', description = '" . $description . "', max_length = '" . $max . "', picture = '" . $picture . "', min_user_level = '" . $minuserlevel . "', checkoutfrom = '" . $checkoutfrom . "'");
$equip = mysql_fetch_assoc(doQuery("SELECT equip_id FROM " . getDBPrefix() . "_equipment ORDER BY equip_id DESC LIMIT 1"));
logAddEquipment(getSessionVariable('user_id'), $equip['equip_id']);
}
<?php
if ($pageid == "warnuser") {
$user = mysql_fetch_assoc(getUserByID($_GET['user_id']));
echo "\r\n\r\n\t\t<center><h3>Warn " . $user['name'] . "</h3></center>\r\n\r\n\t\t<form action=\"./index.php?pageid=submitwarning\" method=\"POST\">\r\n\t\t<input type=\"hidden\" name=\"user_id\" value=\"" . $_GET['user_id'] . "\">\r\n\t\t\t<table class=\"warning\">\r\n\t\t\t\r\n\t\t\t\t<tr>\r\n\t\t\t\t\r\n\t\t\t\t\t<td colspan=2 class=\"centeredcellbold\">Warn Reason</td>\r\n\t\t\t\t\t\r\n\t\t\t\t</tr>\r\n\t\t\t\t\r\n\t\t\t\t<tr>\r\n\t\t\t\t\r\n\t\t\t\t\t<td colspan=2 class=\"centeredcellbold\"><textarea cols=\"55\" rows=\"7\" name=\"reason\"></textarea></td>\r\n\t\t\t\t\r\n\t\t\t\t</tr>\r\n\t\t\t\t\r\n\t\t\t\t<tr>\r\n\t\t\t\t\r\n\t\t\t\t\t<td class=\"centeredcell\"><select name=\"type\"><option value=\"1\">Active</option><option value=\"2\">Notification</option><option value=\"3\">Inactive</option></select></td>\r\n\t\t\t\t\t<td class=\"centeredcell\"><input type=\"submit\" value=\"Warn\"></textarea></td>\r\n\t\t\t\t\r\n\t\t\t\t</tr>\r\n\t\t\t\r\n\t\t\t</table>\r\n\t\t\r\n\t\t</form>\r\n\r\n\t";
} else {
if ($pageid == "submitwarning") {
warnUser($_POST['user_id'], $_POST['reason'], $_POST['type']);
$user = mysql_fetch_assoc(getUserByID($_POST['user_id']));
echo "<center><h3>" . $user['name'] . " Warned</h3><a href=\"./index.php?pageid=edituser&user="******"\">View User</a></center>";
} else {
if ($pageid == "viewwarnings") {
if (getSessionVariable('user_level') < getConfigVar("admin_rank") && getSessionVariable('user_id') != $_GET['user_id']) {
echo "<center><h3><font color=\"#FF0000\">Error: You are not authorized to view other user's warnings.</font></h3></center>";
} else {
$warnings = getWarningsForUser($_GET['user_id']);
$user = mysql_fetch_assoc(getUserByID($_GET['user_id']));
$options = "";
while ($row = mysql_fetch_assoc($warnings)) {
$options = $options . "<option value=\"" . $row['warn_id'] . "\">" . $row['time'] . " - " . getWarningType($row['type']) . "</option>";
}
echo "<center><h3>View Warnings For " . $user['name'] . "</h3>";
if ($options != "") {
echo "<form action=\"index.php\" method=\"GET\">\r\n\t\t\t<input type=\"hidden\" name=\"pageid\" value=\"editwarning\">\r\n\t\t\t<select name=\"warn_id\">" . $options . "</select><input type=\"submit\" value=\"View\"></form></center>";
} else {
echo "<h4>User has no warnings.</h4>";
}
}
} else {
if ($pageid == "editwarning" || $pageid == "savewarning") {
$message = "";
<?php
require "githubBootstrap.php";
use GithubService\GithubArtaxService\GithubArtaxServiceException;
use Amp\Artax\DnsException;
echo <<<END
<html>
<body>
<h3><a href='/'>Oauth test home</a> </h3>
END;
/** @var $accessResponse \GithubService\Model\AccessResponse */
$accessResponse = getSessionVariable(GITHUB_ACCESS_RESPONSE_KEY);
if ($accessResponse) {
if (!$accessResponse instanceof GithubService\Model\AccessResponse) {
//class was renamed...or something else bad happened.
setSessionVariable(GITHUB_ACCESS_RESPONSE_KEY, null);
$accessResponse = null;
}
}
$shareClasses = [];
if ($accessResponse) {
$shareClasses['GithubService\\Model\\AccessResponse'] = $accessResponse;
}
$provider = createProvider([], $shareClasses);
//These actions need to be done before the rest of the page.
$action = getVariable('action');
switch ($action) {
case 'delete':
unsetSessionVariable(GITHUB_ACCESS_RESPONSE_KEY);
$accessResponse = null;
break;
}else{
$message = "<font color=\"#005500\"><b>Error: A Required Field Was Left Blank</b></font><br><br>";
}
}
else if($pageid == "saveemail"){
$email = $_POST['email'];
if($email != ""){
changeUserEmail(getSessionVariable('user_id'), $email);
$user = mysql_fetch_assoc(getUserByID(getSessionVariable('user_id')));
$message = "<font color=\"#005500\"><b>Email Updated!</b></font><br><br>";
}else{
$message = "<font color=\"#FF0000\"><b>Error: Email Field Was Left Blank</b></font><br><br>";
}
}
$pageData = "
<center><h3>My Account</h3>".$message."</center>
require "flickrBootstrap.php";
use ArtaxApiBuilder\Service\OauthConfig;
$action = getVariable('action');
if ($action === 'delete') {
unsetSessionVariable('oauthAccessToken');
unsetSessionVariable('oauthRequest');
}
echo <<<END
<html>
<body>
<h3><a href='/'>Oauth test home</a> </h3>
END;
/** @var \AABTest\OauthAccessToken $oauthAccessToken */
$oauthAccessToken = getSessionVariable('oauthAccessToken');
if ($oauthAccessToken == null) {
echo "<p>You are not flickr authorised.</p>";
createOauthRequest();
} else {
echo "<p>You are flickr authorised.</p>";
showFlickrStatus($oauthAccessToken);
echo "<p><a href='/flickr/index.php?action=delete'>Delete authority</a></p>";
}
echo <<<END
</body>
</html>
END;
function showFlickrStatus(\AABTest\OauthAccessToken $oauthAccessToken)
}
}
$page = $page . "<center><h3>You need to be logged in to view this page.</h3>\n\t\t<font color=\"#FF0000\">" . $errormessage . "</font></center>\n\t\t<form action=\"./confirmReservation.php\" method=\"POST\">\n\t\t\t<input type=\"hidden\" name=\"resid\" value=\"" . $resid . "\"><input type=\"hidden\" name=\"page\" value=\"login\">\n\t\t\t<table class=\"login\">\n\t\t\t\t<tr>\n\t\t\t\t\t<td colspan=2 class=\"header\">User Login</td>\n\t\t\t\t</tr>\n\t\t\t\t<tr>\n\t\t\t\t\t<td class=\"centeredcellbold\">Username</td>\n\t\t\t\t\t<td class=\"centeredcell\"><input type=\"text\" name=\"id\"></td>\n\t\t\t\t</tr>\n\t\t\t\t<tr>\n\t\t\t\t\t<td class=\"centeredcellbold\">Password</td>\n\t\t\t\t\t<td class=\"centeredcell\"><input type=\"password\" name=\"pass\"></td>\n\t\t\t\t</tr>\n\t\t\t\t<tr>\n\t\t\t\t\t<td colspan=2 class=\"centeredcellbold\"><input type=\"submit\" value=\"Login\"></td>\n\t\t\t\t</tr>\n\t\t\t</table>\n\t\t</form>";
}
}
}
?>
<html>
<head>
<LINK REL=StyleSheet HREF="./style.css" TYPE="text/css">
<title><?php
if (issetSessionVariable('user_level') && getSessionVariable('user_level') >= RES_USERLEVEL_ADMIN) {
echo "Reservation Confirmation Page";
}
?>
</title>
</head>
<body>
<?php
echo $page;
?>
$status = "D";
}
else if($row['mod_status']==RES_STATUS_CHECKED_IN){
$status = "CI";
}
else if($row['mod_status']==RES_STATUS_CHECKED_OUT){
$status = "CO";
}
$equip = mysql_fetch_assoc(getEquipmentByID($row['equip_id']));
$user = mysql_fetch_assoc(getUserByID($row['user_id']));
$editlink = " - ";
if(getSessionVariable('user_level') == getConfigVar("admin_rank")){
$editlink = "<a href=\"./index.php?pageid=editreservation&resid=".$row['res_id']."\">Edit</a>";
}
$browsetable = $browsetable . "<tr><td class=\"centeredcell\"><a href=\"./userinfo.php?user_id=".$user['user_id']."\" target=\"_BLANK\">".$user['name']."</a></td><td class=\"centeredcell\">".$equip['name']."</td><td class=\"centeredcell\">".$row['start_date']."</td><td class=\"centeredcell\">".$status."</td><td class=\"centeredcell\">".$row['end_date']."</td><td class=\"centeredcell\"><a href=\"./index.php?pageid=viewreservation&resid=".$row['res_id']."\">View</a></td><td class=\"centeredcell\">".$editlink."</td></tr>";
}
$browsetable = $browsetable . "</table>";
echo "
<script language=\"JavaScript\" id=\"jscal1x\">
var cal1x = new CalendarPopup(\"testdiv1\");
</script>
<center>
<h3>Browse Reservations</h3>
<?php
if(issetSessionVariable('user_level')){
if(getSessionVariable('user_level') >= RES_USERLEVEL_ADMIN){
}
else{
echo "Error: You don't have permissions to access this page!";
die("");
}
}
else{
echo "Error: You don't have permissions to access this page!";
die("");
}
if($pageid == "messages"){
$messages = getAllMessages();
$select = "<select name=\"messageid\">";
while($row = mysql_fetch_assoc($messages)){
$select = $select . "<option value=\"".$row['message_id']."\">".$row['start_date']." to ".$row['end_date']." - Priority ".$row['priority']."</option>";
}
$select = $select . "</select>";
} else {
if ($pageid == "createmessage") {
require 'adminfunctions.php';
$startdate = $_POST['startdate'];
$enddate = $_POST['enddate'];
$priority = $_POST['priority'];
$body = $_POST['body'];
addMessage(getSessionVariable('user_id'), $startdate, $enddate, $priority, $body);
echo "<center><h3>New Message Created!</h3></center>";
} else {
if ($pageid == "savemessage") {
require 'adminfunctions.php';
$messageid = $_POST['messageid'];
$startdate = $_POST['startdate'];
$enddate = $_POST['enddate'];
$priority = $_POST['priority'];
$body = $_POST['body'];
saveMessage($messageid, getSessionVariable('user_id'), $startdate, $enddate, $priority, $body);
echo "<center><h3>Message Saved!</h3></center>";
} else {
if ($pageid == "deletemessage") {
require 'adminfunctions.php';
$messageid = $_POST['messageid'];
deleteMessage($messageid);
echo "<center><h3>Message Deleted</h3></center>";
}
}
}
}
}
}
<?php
function deleteReservation($res_id)
{
$res_id = makeStringSafe($res_id);
doQuery("DELETE FROM " . getDBPrefix() . "_reservations WHERE res_id = " . $res_id . "");
logAdminDeleteReservation(getSessionVariable('user_id'), $res_id);
}
Purpose:
This is the first page shown to a logged in user. It displays the current
pickup/drop off schedule along with the users recent reservations.
Known Bugs/Fixes:
None
*/
$messages = "";
$mesResult = getCurrentMessages();
if (mysql_num_rows($mesResult) > 0) {
$messages = "<h3>System Messages</h3>";
while ($row = mysql_fetch_assoc($mesResult)) {
$messages = $messages . "<div class=\"messageoutter\"><div class=\"priority" . $row['priority'] . "message\">" . $row['body'] . "</div></div>";
}
}
$equipment = "";
$resresult = getReservationsByUserID(getSessionVariable('user_id'), 5);
while ($row = mysql_fetch_assoc($resresult)) {
$equip = mysql_fetch_assoc(getEquipmentByID($row['equip_id']));
$status = "unknown";
if ($row['mod_status'] == RES_STATUS_PENDING) {
$status = "Pending";
} else {
if ($row['mod_status'] == RES_STATUS_CONFIRMED) {
$status = "Approved";
} else {
if ($row['mod_status'] == RES_STATUS_DENIED) {
$status = "Denied";
} else {
if ($row['mod_status'] == RES_STATUS_CHECKED_IN) {
$status = "Checked-In";
} else {
<?php
if(!issetSessionVariable('user_level') || getSessionVariable('user_level') < RES_USERLEVEL_ADMIN){
die("You don't have permission to access this page!");
}else{
$displayhome = true;
$equipmessage = "";
if(isset($_POST['myaction']) && $_POST['myaction'] == "new"){
if($_POST['form'] == "equipment"){
$displayhome = false;
require 'newequip.php';
}
}
else if(isset($_POST['myaction']) && $_POST['myaction'] == "delete"){
if($_POST['form'] == "equipment"){
deleteEquipmentByID($_POST['selector']);
}
echo "<center><h3>Make Reservation</h3>" . $message . "\r\n\t\t\r\n\t\t<form action=\"./index.php?pageid=finishmakeres\" method=\"POST\">\r\n\t\t\r\n\t\t\t<input type=\"hidden\" name=\"user_id\" value=\"" . $userid . "\">\r\n\t\t\t<input type=\"hidden\" name=\"equip_id\" value=\"" . $equipid . "\">\r\n\t\t\t<input type=\"hidden\" name=\"startdate\" value=\"" . $startdate . "\">\r\n\t\t\t<input type=\"hidden\" name=\"length\" value=\"" . $length . "\">\r\n\t\t\t<input type=\"hidden\" name=\"usercomment\" value=\"" . $usercomment . "\">\r\n\t\t\t<input type=\"hidden\" name=\"admincomment\" value=\"" . $admincomment . "\">\r\n\t\t\r\n\t\t\tAre you sure you want to make this reservation?<br>\r\n\t\t\t<input type=\"radio\" name=\"confirm\" value=\"yes\">: Yes -- <input type=\"radio\" name=\"confirm\" value=\"no\">: No\r\n\t\t\t<br><input type=\"submit\" value=\"continue\">\r\n\t\t\r\n\t\t</form></center>\r\n\t\t\r\n\t\t";
$alreadyRes = true;
} else {
if (isset($_POST['confirm']) && $_POST['confirm'] == "no") {
$alreadyRes = true;
$message = "<font color=\"#005500\"><b>Reservation Aborted.</b></font><br><br>";
}
}
if (!$alreadyRes && $equipid != "" && $startdate != "" && $length != "") {
createAdminReservation(getSessionVariable('user_id'), $userid, $equipid, $startdate, $length, $usercomment, $admincomment, 1);
$message = "<font color=\"#005500\"><b>Successfully created new reservation!</b></font><br><br>";
}
}
$users = "<select name=\"user_id\">";
$userresult = getAllUsersOrderByName();
while ($row = mysql_fetch_assoc($userresult)) {
$users = $users . "<option value=\"" . $row['user_id'] . "\">" . $row['name'] . "</option>";
}
$equipment = "<select name=\"equip_id\">";
$equipresult = getAllEquipment();
while ($row = mysql_fetch_assoc($equipresult)) {
if (getSessionVariable('user_level') >= $row['min_user_level']) {
$equipment = $equipment . "<option value=\"" . $row['equip_id'] . "\">" . $row['name'] . " -- Max: " . $row['max_length'] . " day(s)</option>";
}
}
$equipment = $equipment . "</select>";
if (!$alreadyRes) {
echo "\r\n<script language=\"JavaScript\" id=\"jscal1x\">\r\nvar cal1x = new CalendarPopup(\"testdiv1\");\r\n</script>\r\n\r\n\t<center><h3>Make Reservation</h3>" . $message . "</center>\r\n\t\r\n\t<form action=\"./index.php?pageid=finishmakeres\" method=\"POST\">\r\n\t\r\n\t<table class=\"reservation\">\r\n\t\r\n\t\t<tr>\r\n\r\n\t\t\t<td colspan=4 class=\"header\">Reservation Information</td>\r\n\t\t\t\r\n\t\t</tr>\r\n\t\t<tr>\r\n\r\n\t\t\t<td class=\"centeredcellbold\">User</td>\r\n\t\t\t<td colspan=3 class=\"centeredcell\">" . $users . "</td>\r\n\t\t\t\r\n\t\t</tr>\r\n\t\r\n\t\t<tr>\r\n\r\n\t\t\t<td class=\"centeredcellbold\">Equipment</td>\r\n\t\t\t<td colspan=3 class=\"centeredcell\">" . $equipment . "</td>\r\n\t\t\t\r\n\t\t</tr>\r\n\t\r\n\t\t<tr>\r\n\t\t\r\n\t\t\t<td class=\"centeredcellbold\">Date (YYYY-MM-DD)</td>\r\n\t\t\t<td class=\"centeredcell\"><input type=\"text\" name=\"startdate\" id=\"startdate\" onClick=\"cal1x.select(document.forms[0].startdate,'anchor1x','yyyy-MM-dd'); return false;\"><a style=\"visibility:hidden;\" name=\"anchor1x\" id=\"anchor1x\">a</a></td>\r\n\t\t\t<td class=\"centeredcellbold\">Length</th>\r\n\t\t\t<td class=\"centeredcell\"><input type=\"text\" size=5 name=\"length\"></td>\r\n\t\r\n\t\t</tr>\r\n\t\r\n\t\t<!--<tr>\r\n\t\t\t\r\n\t\t\t<td colspan=4 class=\"centeredcellbold\">Pickup Time: \r\n\t\t\t\t<select name=\"pickup\">\r\n\t\t\t\t\t<option value=\"10am-12pm (Monday/Friday)\">10am-12pm (Monday/Friday)</option>\r\n\t\t\t\t\t<option value=\"9am-12pm (Tuesday)\">9am-12pm (Tuesday)</option>\r\n\t\t\t\t\t<option value-\"9-10 (Wednesday/Thursday)\">9-10 (Wednesday/Thursday)</option>\r\n\t\t\t\t\t<option value=\"2pm-4pm (Wednesday)\">2pm-4pm (Wednesday)</option>\r\n\t\t\t\t\t<option value=\"12pm-2pm (Thursday)\">12pm-2pm (Thursday)</option>\r\n\t\t\t\t</select>\r\n\t\t\t</td>\r\n\t\t\t\t\r\n\t\t</tr>-->\r\n\r\n\t\t<tr>\r\n\t\t\r\n\t\t\t<td colspan=1 class=\"centeredcellbold\">User Comment</td>\r\n\t\t\t<td class=\"centeredcell\" colspan=3><textarea rows=5 cols=45 name=\"usercomment\"></textarea></td>\r\n\t\t\r\n\t\t</tr>\r\n\r\n\t\t<tr>\r\n\t\t\r\n\t\t\t<td colspan=1 class=\"centeredcellbold\">Admin Comment</td>\r\n\t\t\t<td class=\"centeredcell\" colspan=3><textarea rows=5 cols=45 name=\"admincomment\"></textarea></td>\r\n\t\t\r\n\t\t</tr>\r\n\t\t\t\r\n\t\t\t<tr>\r\n\t\t\t\r\n\t\t\t\t<td colspan=4 class=\"centeredcellbold\"><input type=\"submit\" value=\"Reserve\"></td>\r\n\t\r\n\t\t\t</tr>\r\n\t\t\t\r\n\t\t</table>\r\n\t\t</form><DIV ID=\"testdiv1\" STYLE=\"position:absolute;visibility:hidden;background-color:white;\"></DIV>";
} else {
echo "<center><h3>Make Reservation</h3>" . $message . "</center>";
}
<td class=\"centeredcellbold\">Password</td>
<td class=\"centeredcell\"><input type=\"password\" name=\"pass\"></td>
</tr>
<tr>
<td colspan=2 class=\"centeredcellbold\"><input type=\"submit\" value=\"Login\"></td>
</tr>
</table>
</form>";
}
?>
<html>
<head>
<LINK REL=StyleSheet HREF="./style.css" TYPE="text/css">
<title><?php if(issetSessionVariable('user_level') && getSessionVariable('user_level') >= RES_USERLEVEL_ADMIN) echo "Reservation Confirmation Page"; ?></title>
</head>
<body>
<?php echo $page; ?>
</body>
</html>
<?php
require "githubBootstrap.php";
use AABTest\GithubAPI\GithubAPI;
use AABTest\Github\AccessResponse;
use ArtaxApiBuilder\Service\StoredLink;
echo <<<END
<html>
<body>
<h3><a href='/'>Oauth test home</a> </h3>
END;
/** @var \AABTest\Github\AccessResponse */
$accessResponse = getSessionVariable('githubAccess');
//These actions need to be done before the rest of the page.
$action = getVariable('action');
switch ($action) {
case 'delete':
unsetSessionVariable('githubAccess');
break;
case 'revoke':
revokeAuthority($accessResponse);
break;
}
try {
if ($accessResponse == null) {
echo "<p>You are not github authorised.</p>";
// $scopes = [
// \ArtaxApiBuilder\Service\Github::SCOPE_USER_EMAIL,
// \ArtaxApiBuilder\Service\Github::SCOPE_ORG_READ,
// \ArtaxApiBuilder\Service\Github::SCOPE_USER
$checkin = "";
$userinfo = "\r\n\t\t<tr>\r\n\t\t\t\r\n\t\t\t<td class=\"centeredcellbold\">Name</th>\r\n\t\t\t<td class=\"centeredcell\">" . $user['name'] . "</td>\r\n\t\t\t<td class=\"centeredcellbold\">Warnings</th>\r\n\t\t\t<td class=\"centeredcell\">" . mysql_num_rows(getActiveWarningsForUser($user['user_id'])) . "(" . mysql_num_rows(getWarningsForUser($user['user_id'])) . ")</td>\r\n\t\t\t\r\n\t\t</tr>";
$checkinCell = " - ";
if ($reservation['mod_status'] == RES_STATUS_CONFIRMED) {
$checkinCell = "<input type=\"hidden\" value=\"checkout\" name=\"action\">\r\n\t\t\t\t<input type=\"hidden\" value=\"" . $resid . "\" name=\"resid\">\r\n\t\t\t\t<input type=\"submit\" value=\"Check Out\">";
} else {
if ($reservation['mod_status'] == RES_STATUS_CHECKED_OUT) {
$checkinCell = "<input type=\"hidden\" value=\"checkin\" name=\"action\">\r\n\t\t\t\t<input type=\"hidden\" value=\"" . $resid . "\" name=\"resid\">\r\n\t\t\t\t<input type=\"submit\" value=\"Check In\">";
}
}
/*
If the logged in user is an admin, display the "check-in button"
*/
if (issetSessionVariable('user_level') && getSessionVariable('user_level') >= RES_USERLEVEL_ADMIN) {
$userinfo = "<tr>\r\n\t\t\t\r\n\t\t\t<td class=\"centeredcellbold\">Name</th>\r\n\t\t\t<td class=\"centeredcell\"><a href=\"./index.php?pageid=edituser&user="******"\">" . $user['name'] . "</a></td>\r\n\t\t\t<td class=\"centeredcellbold\">Warnings</th>\r\n\t\t\t<td class=\"centeredcell\"><a href=\"./index.php?pageid=viewwarnings&user_id=" . $user['user_id'] . "\">" . mysql_num_rows(getActiveWarningsForUser($user['user_id'])) . "(" . mysql_num_rows(getWarningsForUser($user['user_id'])) . ")</a></td>\r\n\t\t\t\r\n\t\t</tr>";
$checkin = "<tr>\r\n\t\t\t\t\t\r\n\t\t\t\t\t<form action=\"./index.php?pageid=viewreservation\" method=\"POST\">\r\n\t\t\t\t\t<td class=\"centeredcellbold\">\r\n\t\t\t\t\t" . $checkinCell . "\r\n\t\t\t\t\t</td>\r\n\t\t\t\t\t</form>\r\n\t\t\t\t\t<form action=\"./index.php?pageid=viewreservation\" method=\"POST\" onSubmit=\"return confirm('Are you sure you want to delete this reservation?')\">\r\n\t\t\t\t\t<td class=\"centeredcellbold\">\r\n\t\t\t\t\t\t<input type=\"hidden\" value=\"delete\" name=\"action\">\r\n\t\t\t\t\t\t<input type=\"hidden\" value=\"" . $resid . "\" name=\"resid\">\r\n\t\t\t\t\t\t<input type=\"submit\" value=\"Delete\">\r\n\t\t\t\t\t</td>\r\n\t\t\t\t\t</form>\r\n\t\t\t\t\t<form action=\"./index.php?pageid=viewreservation\" method=\"POST\">\r\n\t\t\t\t\t<td class=\"centeredcellbold\">\r\n\t\t\t\t\t\t<input type=\"hidden\" value=\"update\" name=\"action\">\r\n\t\t\t\t\t\t<input type=\"hidden\" value=\"" . $resid . "\" name=\"resid\">\r\n\t\t\t\t\t\t<select name=\"status\">\r\n\t\t\t\t\t\t\t<option value=1>Approve</option>\r\n\t\t\t\t\t\t\t<option value=2>Deny</option>\r\n\t\t\t\t\t\t</select>\r\n\t\t\t\t\t</td>\r\n\t\t\t\t\t<td class=\"centeredcellbold\">\r\n\t\t\t\t\t\t<input type=\"hidden\" value=\"update\" name=\"action\">\r\n\t\t\t\t\t\t<input type=\"hidden\" value=\"" . $resid . "\" name=\"resid\">\r\n\t\t\t\t\t\t<input type=\"submit\" value=\"Update\">\r\n\t\t\t\t\t</td>\r\n\t\t\t\t\t</form>\r\n\t\t\t\t\t\r\n\t\t\t\t</tr>";
} else {
if (issetSessionVariable('user_level') && getSessionVariable('user_level') == RES_USERLEVEL_LEADER) {
if ($checkinCell == " - ") {
$checkinCell = "No Available Action (Reservation Pending, Denied, or Checked-in)";
}
$checkin = "<tr><form action=\"./index.php?pageid=viewreservation\" method=\"POST\"><td class=\"centeredcellbold\" colspan=4>" . $checkinCell . "</td></form></tr>";
}
}
$page = $page . "\r\n\t<center><h3>Reseravation Info</h3></center>\r\n\t<table class=\"viewreservation\">\r\n\t\t<tr>\r\n\t\t\t\r\n\t\t\t<td colspan=4 class=\"header\">User Information</td>\r\n\t\t\t\r\n\t\t</tr>\r\n\t\t" . $userinfo . "\r\n\t\t<tr>\r\n\t\t\t\r\n\t\t\t<td colspan=4 class=\"header\">Equipment Information</td>\r\n\t\t\t\r\n\t\t</tr>\r\n\t\t<tr>\r\n\t\t\t\r\n\t\t\t<td colspan=2 class=\"centeredcellbold\">Name</th>\r\n\t\t\t<td colspan=2 class=\"centeredcell\"><a href=\"./index.php?pageid=moreinfo&equipid=" . $equipment['equip_id'] . "\">" . $equipment['name'] . "</a></td>\r\n\t\t\t\r\n\t\t</tr>\r\n\t\t<tr>\r\n\t\t\t\r\n\t\t\t<td colspan=4 class=\"header\">Reservation Information</td>\r\n\t\t\r\n\t\t</tr>\r\n\t\t<tr>\r\n\t\t\r\n\t\t\t<td class=\"centeredcellbold\">Start Date</td>\r\n\t\t\t<td class=\"centeredcell\">" . $reservation['start_date'] . "</td>\r\n\t\t\t<td class=\"centeredcellbold\">End Date</td>\r\n\t\t\t<td class=\"centeredcell\">" . $reservation['end_date'] . "</td>\r\n\t\t\t\r\n\t\t</tr>\r\n\t\t<tr>\r\n\t\t\t<td colspan=4 class=\"centeredcellbold\">" . $status . "</td>\r\n\t\t</tr>\r\n\t\t<tr>\r\n\t\t\t\r\n\t\t\t<td colspan=4 class=\"centeredcellbold\">User Comment</td>\r\n\t\t\t\r\n\t\t</tr>\r\n\t\t<tr>\r\n\t\t\t\r\n\t\t\t<td colspan=4 class=\"topaligncell\"> " . $reservation['user_comment'] . "</td>\r\n\t\t\t\r\n\t\t</tr>\r\n\t\t<tr>\r\n\t\t\t\r\n\t\t\t<td colspan=4 class=\"centeredcellbold\">Admin Comment</td>\r\n\t\t\t\r\n\t\t</tr>\r\n\t\t<tr>\r\n\t\t\t\r\n\t\t\t<td colspan=4 class=\"topaligncell\"> " . $reservation['admin_comment'] . "</td>\r\n\t\t\t\r\n\t\t</tr>\r\n\t\t" . $checkin . "\r\n\t\r\n\t</table>\r\n\r\n";
} else {
if (isset($_POST['action']) && $_POST['action'] == "delete") {
$page = $page . "<br><h3>Reservation Deleted</h3>";
}
}
echo $page;
<?php
if (mysql_num_rows(getActiveWarningsForUser(getSessionVariable('user_id'))) < RES_WARNING_MAX_ACTIVE) {
if (isset($_GET['equipid'])) {
$equipid = $_GET['equipid'];
}
$message = "";
if ($pageid == "finishres") {
$userid = getSessionVariable('user_id');
$equipid = $_POST['equip_id'];
$startdate = $_POST['startdate'];
$length = $_POST['length'];
$usercomment = $_POST['usercomment'];
$start_Date = new DateTime('' . $startdate . ' 00:00:00');
$start_Date->modify("+" . $length . " day");
//$interval = new DateInterval("P".$length."D");
//$start_Date->add($interval);
$enddate = $start_Date->format("Y-m-d");
$numrows = mysql_num_rows(getReservationsByEquipIDandDate($equipid, $startdate, $enddate));
if ($numrows > 0) {
$message = "<font color=\"#FF0000\"><b>Error: There already is a reservation durring your start date and end date.</b><br>Please check <a href=\"./viewsched.php?equipid=" . $equipid . "\" target=\"_blank\">the shedule</a>.</font><br><br>";
} else {
if ($numrows == 0 && ($equipid != "" && $startdate != "" && $length != "")) {
$equipment = mysql_fetch_assoc(getEquipmentByID($equipid));
if ($equipment['max_length'] < $length) {
$message = "<font color=\"#FF0000\"><b>Error: Cannot reserve this equipment for that long.</b></font><br><br>";
} else {
if (isDateRangeBlackedOut($startdate, $enddate)) {
$message = "<font color=\"#FF0000\"><b>Error: Date Range Blacked-Out.</b></font><br><br>";
} else {
if ($equipment['checkoutfrom'] != -1) {
if (isset($_GET['pageid'])) {
$pageid = $_GET['pageid'];
}
if ($pageid == "logout") {
session_unset();
$pageid = "login";
}
$navi = "";
$admin = "";
/*
Check to see if there is a user logged in. If so, check their "user_level."
The standard navigation links will always be displayed, if the user is an
admin the admin links will also be displayed.
*/
if (issetSessionVariable('user_level')) {
$userlevel = getSessionVariable('user_level');
if ($userlevel == RES_USERLEVEL_NOLOGIN) {
$navi = $navi . "<tr><td class=\"navi\">\r\n\t\t\t\t<a href=\"./index.php?pageid=logout\" class=\"navi\">Logout</a>\r\n\t\t\t</td></tr>";
}
if ($userlevel > RES_USERLEVEL_NOLOGIN) {
$navi = $navi . "<tr><td class=\"navi\">\r\n\t\t\t\t<a href=\"./index.php?pageid=home\" class=\"navi\">Home</a> - \r\n\t\t\t\t<a href=\"./index.php?pageid=ourequip\" class=\"navi\">Our Equipment</a> - \r\n\t\t\t\t<a href=\"./index.php?pageid=myaccount\" class=\"navi\">My Account</a> - \r\n\t\t\t\t<a href=\"./index.php?pageid=policies\" class=\"navi\">Our Policies</a> - \r\n\t\t\t\t<a href=\"./index.php?pageid=logout\" class=\"navi\">Logout</a>\r\n\t\t\t</td></tr>";
}
if ($userlevel == getConfigVar("moderator_rank")) {
$navi = $navi . "<tr>\r\n\t\t\t<td class=\"adminnaviouter\">\r\n\t\t\t\t<table cellpadding=0 cellspacing=0 border=0 class=\"adminnavi\">\r\n\t\t\t\t\t<tr>\r\n\t\t\t\t\t\t<td class=\"adminnaviinner\">\r\n\t\t\t\t\t\t\t  <a href=\"./index.php?pageid=browseres\" class=\"navi\">Browse Reservations</a>  \r\n\t\t\t\t\t\t</td>\r\n\t\t\t\t\t</tr>\r\n\t\t\t\t</table>\r\n\t\t\t</td>";
}
if ($userlevel >= getConfigVar("admin_rank")) {
$navi = $navi . "<tr>\r\n\t\t\r\n\t\t\t<td class=\"adminnaviouter\">\r\n\t\t\t\t<table cellpadding=0 cellspacing=0 border=0 class=\"adminnavi\">\r\n\t\t\t\t\t<tr>\r\n\t\t\t\t\t\t<td class=\"adminnaviinner\">\r\n\t\t\t\t\t\t\t <a href=\"./index.php?pageid=manageusers\" class=\"navi\">Users</a> - \r\n\t\t\t\t\t\t\t<a href=\"./index.php?pageid=manageequip\" class=\"navi\">Equipment</a> - \r\n\t\t\t\t\t\t\t<a href=\"./index.php?pageid=browseres\" class=\"navi\">Browse Reservations</a> - \r\n\t\t\t\t\t\t\t<a href=\"./index.php?pageid=makeres\" class=\"navi\">Make Reservation</a> - \r\n\t\t\t\t\t\t\t<a href=\"./index.php?pageid=manageblackouts\" class=\"navi\">Blackouts</a> - \r\n\t\t\t\t\t\t\t<a href=\"./index.php?pageid=messages\" class=\"navi\">Messages</a> \r\n\t\t\t\t\t\t</td>\r\n\t\t\t\t\t</tr>\r\n\t\t\t\t</table>\r\n\t\t\t</td>\r\n\t\t\t\r\n\t\t</tr>";
}
} else {
$pageid = "login";
}
