Esempio n. 1
0
function get_announcements_block()
{
    $buffer = '';
    if (is_user_granted_permission(PERM_ADMIN_ANNOUNCEMENTS)) {
        // include a login warning if user password and email are still the defaults
        if (get_opendb_session_var('user_id') == 'admin') {
            $announcements_rs = get_admin_announcements_rs();
            while (list(, $announcement_r) = each($announcements_rs)) {
                $buffer .= "<li><h4>" . $announcement_r['heading'] . "</h4>\n\t\t\t\t\t<p class=\"content\">" . $announcement_r['message'] . "<a class=\"adminLink\" href=\"" . $announcement_r['link'] . "\">" . $announcement_r['link_text'] . "</a></p>";
            }
        }
    }
    if (get_opendb_config_var('welcome.announcements', 'enable') !== FALSE && is_user_granted_permission(PERM_VIEW_ANNOUNCEMENTS)) {
        $results = fetch_announcement_rs('submit_on', 'DESC', 0, get_opendb_config_var('welcome.announcements', 'display_count'), 'Y', 'Y');
        if ($results) {
            while ($announcement_r = db_fetch_assoc($results)) {
                $buffer .= "<li><h4>" . $announcement_r['title'] . "</h4>";
                $buffer .= "<small class=\"submitDate\">" . get_localised_timestamp(get_opendb_config_var('welcome.announcements', 'datetime_mask'), $announcement_r['submit_on']) . "</small>";
                $buffer .= "<p class=\"content\">" . nl2br($announcement_r['content']) . "</p></li>";
            }
            db_free_result($results);
        }
    }
    if (strlen($buffer) > 0) {
        return "\n<div id=\"announcements\">" . "<h3>" . get_opendb_lang_var('announcements') . "</h3>" . "\n<ul>" . $buffer . "\n</ul></div>";
    } else {
        return NULL;
    }
}
Esempio n. 2
0
function export_type_items(&$exportPlugin, $page_title, $s_item_type, $item_id, $instance_no, $owner_id, $restrict_status_type_r = NULL)
{
    // the $restrict_status_type_r is ignored for a single item
    if (is_numeric($item_id) && is_numeric($instance_no)) {
        send_header($exportPlugin, $page_title);
        $item_r = fetch_item_instance_r($item_id, $instance_no);
        if ($item_r['owner_id'] == get_opendb_session_var('user_id') || is_user_granted_permission(PERM_VIEW_ITEM_DISPLAY)) {
            send_data(get_export_type_item($exportPlugin, $item_id, $instance_no, $item_r['s_item_type'], $item_r['title'], $owner_id));
        }
        send_footer($exportPlugin);
        return TRUE;
    } else {
        $itemresults = fetch_export_item_rs($s_item_type, $owner_id, $restrict_status_type_r);
        if ($itemresults) {
            send_header($exportPlugin, $page_title);
            while ($item_r = db_fetch_assoc($itemresults)) {
                send_data(get_export_type_item($exportPlugin, $item_r['item_id'], NULL, $item_r['s_item_type'], $item_r['title'], $owner_id, $include_parent_related_item));
            }
            db_free_result($itemresults);
            send_footer($exportPlugin);
            return TRUE;
        }
    }
    //else
    return FALSE;
}
Esempio n. 3
0
function _theme_footer()
{
    global $PHP_SELF;
    $user_id = get_opendb_session_var('user_id');
    if (is_site_public_access()) {
        $user_id = NULL;
    }
    $pageId = basename($PHP_SELF, '.php');
    if (function_exists('theme_footer')) {
        return theme_footer($pageId, $user_id);
    } else {
        return NULL;
    }
}
Esempio n. 4
0
function get_list_username($user_id, $mode, $subject = NULL, $redirect_link = NULL, $redirect_url = NULL)
{
    // Do not include email link, if Current User.
    if ($user_id == get_opendb_session_var('user_id')) {
        return get_opendb_lang_var('current_user', array('fullname' => fetch_user_name($user_id), 'user_id' => $user_id));
    } else {
        $user_name = get_opendb_lang_var('user_name', array('fullname' => fetch_user_name($user_id), 'user_id' => $user_id));
        if (is_user_granted_permission(PERM_VIEW_USER_PROFILE)) {
            return "<a href=\"user_profile.php?uid=" . $user_id . "&subject=" . urlencode(ifempty($subject, get_opendb_lang_var('no_subject'))) . "&redirect_link=" . urlencode($redirect_link) . "&redirect_url=" . urlencode($redirect_url) . "\" title=\"" . htmlspecialchars(get_opendb_lang_var('user_profile')) . "\">{$user_name}</a>";
        } else {
            return $user_name;
        }
    }
}
Esempio n. 5
0
/**
 * Is current user able to see UID address 
 *
 * @param unknown_type $HTTP_VARS
 * @param unknown_type $address_type_r
 * @return unknown
 */
function is_user_address_visible($HTTP_VARS, $address_type_r)
{
    if ($address_type_r['public_address_ind'] == 'Y') {
        return TRUE;
    } else {
        if (is_user_granted_permission(PERM_ADMIN_USER_PROFILE)) {
            return TRUE;
        } else {
            if ($address_type_r['borrow_address_ind'] == 'Y' && is_owner_and_borrower(get_opendb_session_var('user_id'), $HTTP_VARS['uid']) || is_owner_and_borrower($HTTP_VARS['uid'], get_opendb_session_var('user_id'))) {
                return TRUE;
            } else {
                return FALSE;
            }
        }
    }
}
Esempio n. 6
0
function insert_announcement($title, $content, $display_days)
{
    $title = addslashes(replace_newlines(trim($title)));
    $content = addslashes(replace_newlines(trim($content)));
    if (strlen($title) > 0 && strlen($content) > 0 && is_numeric($display_days)) {
        $query = "INSERT INTO announcement (user_id, title, content, display_days, closed_ind)" . " VALUES('" . get_opendb_session_var('user_id') . "'," . "'" . $title . "'," . "'" . $content . "'," . $display_days . ", " . "'N')";
        $insert = db_query($query);
        if (db_affected_rows() > 0) {
            opendb_logger(OPENDB_LOG_INFO, __FILE__, __FUNCTION__, NULL, array($title, $content, $display_days));
            return TRUE;
        } else {
            opendb_logger(OPENDB_LOG_ERROR, __FILE__, __FUNCTION__, db_error(), array($title, $content, $display_days));
            return FALSE;
        }
    } else {
        return FALSE;
    }
}
Esempio n. 7
0
function fetch_export_item_instance_rs($s_item_type, $owner_id)
{
    $query = "SELECT i.id as item_id, ii.instance_no, i.title, i.s_item_type, ii.owner_id, ii.borrow_duration, ii.s_status_type, ii.status_comment, UNIX_TIMESTAMP(ii.update_on) AS update_on " . "FROM user u, item i, item_instance ii, s_status_type sst " . "WHERE u.user_id = ii.owner_id AND i.id = ii.item_id AND sst.s_status_type = ii.s_status_type ";
    if (strlen($s_item_type) > 0) {
        $query .= "AND i.s_item_type = '{$s_item_type}'";
    }
    // can only export items for active users.
    $query .= "AND u.active_ind = 'Y' ";
    if (strlen($owner_id) > 0) {
        $query .= " AND ii.owner_id = '{$owner_id}' ";
    }
    if (!is_user_granted_permission(PERM_ITEM_ADMIN)) {
        $query .= " AND ( sst.hidden_ind = 'N' OR ii.owner_id = '" . get_opendb_session_var('user_id') . "') ";
    }
    $query .= "ORDER by i.id, ii.instance_no";
    $result = db_query($query);
    if ($result && db_num_rows($result) > 0) {
        return $result;
    } else {
        return FALSE;
    }
}
Esempio n. 8
0
/**
* 	NOTE: PRIVATE FUNCTION.

	Will return the FROM and WHERE clauses for a selection from the item table.
	
	If $owner_id defined, will limit to only items owned by owner_id
	If $s_item_type defined, will limit to only items of that type.
	If $category defined, will limit to only items of that category.
	If $letter defined will limit to item.title starting with that letter.
	If $interest_level defined will limit to items with that interest level or higher.
	
	@param $HTTP_VARS['...'] variables supported: 
		owner_id, s_item_type, s_item_type[], s_item_type_group, title, title_match, category,
		rating, attribute_type, lookup_attribute_val, attribute_val, attr_match, 
		update_on, datetimemask, update_on_days, letter, start_item_id
		s_status_type[], status_comment, not_s_status_type[], interest_level
*/
function from_and_where_clause($HTTP_VARS, $column_display_config_rs = NULL, $query_type = 'LISTING')
{
    // For checking whether count (DISTINCT ...) is supported, and thus
    // whether we have to do any special processing!
    $from_r[] = 'item i';
    $from_r[] = 'item_instance ii';
    $where_r[] = 'ii.item_id = i.id';
    // only parent items should ever be listed.
    //
    // Owner restriction
    //
    if (strlen($HTTP_VARS['owner_id']) > 0) {
        $where_r[] = 'ii.owner_id = \'' . $HTTP_VARS['owner_id'] . '\'';
    } else {
        if (strlen($HTTP_VARS['not_owner_id']) > 0) {
            //For not showing current user items.
            $where_r[] = 'ii.owner_id <> \'' . $HTTP_VARS['not_owner_id'] . '\'';
        }
    }
    //
    // Item Type / Item Type group restriction
    //
    if (!is_array($HTTP_VARS['s_item_type']) && strlen($HTTP_VARS['s_item_type']) > 0) {
        $where_r[] = 'i.s_item_type = \'' . $HTTP_VARS['s_item_type'] . '\'';
    } else {
        if (strlen($HTTP_VARS['s_item_type_group']) > 0) {
            $from_r[] = 's_item_type_group_rltshp sitgr';
            $where_r[] = 'sitgr.s_item_type = i.s_item_type';
            $where_r[] = 'sitgr.s_item_type_group = \'' . $HTTP_VARS['s_item_type_group'] . '\'';
        } else {
            if (is_not_empty_array($HTTP_VARS['s_item_type'])) {
                $where_r[] = 'i.s_item_type IN(' . format_sql_in_clause($HTTP_VARS['s_item_type']) . ')';
            }
        }
    }
    $from_r[] = 's_status_type sst';
    $where_r[] = 'sst.s_status_type = ii.s_status_type';
    //
    // Status Type restriction
    //
    if (is_not_empty_array($HTTP_VARS['s_status_type'])) {
        $where_r[] = 'sst.s_status_type IN(' . format_sql_in_clause($HTTP_VARS['s_status_type']) . ')';
    } else {
        if ($HTTP_VARS['s_status_type'] != 'ALL' && strlen($HTTP_VARS['s_status_type']) > 0) {
            $where_r[] = 'sst.s_status_type = \'' . $HTTP_VARS['s_status_type'] . '\'';
        }
    }
    // no need for such a restriction if current user is item admin
    if (!is_user_granted_permission(PERM_ITEM_ADMIN)) {
        $where_r[] = "( sst.hidden_ind = 'N' OR ii.owner_id = '" . get_opendb_session_var('user_id') . "') ";
    }
    //
    // User and Status type restriction
    //
    if (strcmp($HTTP_VARS['owner_id'], get_opendb_session_var('user_id')) !== 0) {
        // not current user
        $from_r[] = 'user u';
        $where_r[] = 'u.user_id = ii.owner_id';
        $where_r[] = 'u.active_ind = \'Y\'';
    }
    //
    // Status Comment restriction
    //
    if (strlen($HTTP_VARS['status_comment']) > 0) {
        // Escape only the single quote!
        $HTTP_VARS['status_comment'] = str_replace("'", "\\'", $HTTP_VARS['status_comment']);
        if ($HTTP_VARS['status_comment_match'] != 'exact') {
            $parser = new BooleanParser();
            $statements = $parser->parseBooleanStatement($HTTP_VARS['status_comment']);
            if (is_array($statements)) {
                $where_r[] = build_boolean_clause($statements, 'ii.status_comment', $HTTP_VARS['status_comment_match'], 'AND', $HTTP_VARS['status_comment_case']);
            }
        } else {
            if (is_null($HTTP_VARS['status_comment_case'])) {
                $where_r[] = 'ii.status_comment = \'' . $HTTP_VARS['status_comment'] . '\'';
            } else {
                $where_r[] = 'BINARY ii.status_comment = \'' . $HTTP_VARS['status_comment'] . '\'';
            }
        }
    }
    //
    // Title restriction
    //
    if (strlen($HTTP_VARS['title']) > 0) {
        // Escape only the single quote!
        $HTTP_VARS['title'] = str_replace("'", "\\'", $HTTP_VARS['title']);
        if ($HTTP_VARS['title_match'] != 'exact') {
            $parser = new BooleanParser();
            $statements = $parser->parseBooleanStatement($HTTP_VARS['title']);
            if (is_array($statements)) {
                $where_r[] = build_boolean_clause($statements, 'i.title', $HTTP_VARS['title_match'], 'AND', $HTTP_VARS['title_case']);
            }
        } else {
            if (is_null($HTTP_VARS['title_case'])) {
                $where_r[] = 'i.title = \'' . $HTTP_VARS['title'] . '\'';
            } else {
                $where_r[] = 'BINARY i.title = \'' . $HTTP_VARS['title'] . '\'';
            }
        }
    } else {
        if (strlen($HTTP_VARS['letter']) > 0) {
            // Numeric match.
            if ($HTTP_VARS['letter'] == '#') {
                $where_r[] = 'ASCII(LEFT(title,1)) BETWEEN ASCII(\'0\') AND ASCII(\'9\')';
            } else {
                $where_r[] = 'UPPER(LEFT(i.title,1)) = \'' . strtoupper($HTTP_VARS['letter']) . '\'';
            }
        }
    }
    //
    // Last Updated support
    //
    if (strlen($HTTP_VARS['update_on']) > 0) {
        if (strlen($HTTP_VARS['datetimemask']) > 0) {
            $timestamp = get_timestamp_for_datetime($HTTP_VARS['update_on'], $HTTP_VARS['datetimemask']);
            if ($timestamp !== FALSE) {
                $where_r[] = 'ii.update_on >= FROM_UNIXTIME(' . $timestamp . ')';
            } else {
                // by default get items from 1 day ago, if update_on can not be parsed correctly.
                $where_r[] = 'TO_DAYS(ii.update_on) >= (TO_DAYS(now())-1)';
            }
        } else {
            $where_r[] = 'ii.update_on >= \'' . $HTTP_VARS['update_on'] . '\'';
        }
    } else {
        if (is_numeric($HTTP_VARS['update_on_days'])) {
            // GIve us all records updated in the last however many days.
            $where_r[] = 'TO_DAYS(ii.update_on) >= (TO_DAYS(now())-' . $HTTP_VARS['update_on_days'] . ')';
        }
    }
    //
    // Item Attribute listing/restriction
    //
    if (is_array($column_display_config_rs)) {
        for ($i = 0; $i < count($column_display_config_rs); $i++) {
            if ($column_display_config_rs[$i]['column_type'] == 's_attribute_type') {
                if ($column_display_config_rs[$i]['search_attribute_ind'] != 'y') {
                    // either LISTING or COUNT
                    if ($query_type != 'COUNT') {
                        $left_join = 'LEFT JOIN item_attribute ia' . $i . ' ON ' . 'ia' . $i . '.item_id = i.id AND (ia' . $i . '.instance_no = 0 OR ia' . $i . '.instance_no = ii.instance_no) AND ia' . $i . '.s_attribute_type = \'' . $column_display_config_rs[$i]['s_attribute_type'] . '\' AND ia' . $i . '.attribute_no = 1';
                        // So we can work out which search attribute types to display
                        if (is_numeric($column_display_config_rs[$i]['order_no'])) {
                            $left_join .= ' AND ia' . $i . '.order_no = ' . $column_display_config_rs[$i]['order_no'];
                        }
                        $left_join_from_r[] = $left_join;
                    }
                } else {
                    // search attribute
                    $from_r[] = 'item_attribute ia' . $i;
                    // now do the where clause.
                    $where_r[] = 'ia' . $i . '.item_id = i.id AND (ia' . $i . '.instance_no = 0 OR ia' . $i . '.instance_no = ii.instance_no) AND ia' . $i . '.s_attribute_type = \'' . $column_display_config_rs[$i]['s_attribute_type'] . '\'';
                    // AND ia'.$i.'.attribute_no = 1';
                    if (strlen($column_display_config_rs[$i]['attribute_val']) > 0 && $column_display_config_rs[$i]['attribute_val'] != '%' && $column_display_config_rs[$i]['attr_match'] != 'exact') {
                        $parser = new BooleanParser();
                        $statements = $parser->parseBooleanStatement(strtoupper(str_replace("'", "\\'", $column_display_config_rs[$i]['attribute_val'])));
                        if (is_array($statements)) {
                            if ($column_display_config_rs[$i]['lookup_attribute_ind'] == 'Y') {
                                $where_r[] = build_boolean_clause($statements, 'ia' . $i . '.lookup_attribute_val', 'plain', 'AND', $HTTP_VARS['attr_case']);
                            } else {
                                $where_r[] = build_boolean_clause($statements, 'ia' . $i . '.attribute_val', $column_display_config_rs[$i]['attr_match'], 'AND', $HTTP_VARS['attr_case']);
                            }
                        }
                    } else {
                        if (strlen($column_display_config_rs[$i]['lookup_attribute_val']) > 0 && $column_display_config_rs[$i]['lookup_attribute_val'] != '%' && $column_display_config_rs[$i]['lookup_attribute_ind'] == 'Y') {
                            $value = str_replace("'", "\\'", $column_display_config_rs[$i]['lookup_attribute_val']);
                            $where_r[] = 'ia' . $i . '.lookup_attribute_val = \'' . str_replace('\\_', '_', $value) . '\'';
                        } else {
                            if (strlen($column_display_config_rs[$i]['attribute_val']) > 0 && $column_display_config_rs[$i]['attribute_val'] != '%') {
                                if (starts_with($column_display_config_rs[$i]['attribute_val'], '"') && ends_with($column_display_config_rs[$i]['attribute_val'], '"')) {
                                    $column_display_config_rs[$i]['attribute_val'] = substr($column_display_config_rs[$i]['attribute_val'], 1, -1);
                                }
                                $value = strtoupper(str_replace("'", "\\'", $column_display_config_rs[$i]['attribute_val']));
                                $where_r[] = 'UPPER(ia' . $i . '.attribute_val) = \'' . str_replace('\\_', '_', $value) . '\'';
                            }
                        }
                    }
                    if (strlen($HTTP_VARS['attr_update_on']) > 0) {
                        if (strlen($HTTP_VARS['datetimemask']) > 0) {
                            $timestamp = get_timestamp_for_datetime($HTTP_VARS['attr_update_on'], $HTTP_VARS['datetimemask']);
                            if ($timestamp !== FALSE) {
                                $where_r[] = 'ia' . $i . '.update_on >= FROM_UNIXTIME(' . $timestamp . ')';
                            } else {
                                // by default get items from 1 day ago, if update_on can not be parsed correctly.
                                $where_r[] = 'TO_DAYS(ia' . $i . '.update_on) >= (TO_DAYS(now())-1)';
                            }
                        } else {
                            $where_r[] = 'ia' . $i . '.update_on >= \'' . $HTTP_VARS['attr_update_on'] . '\'';
                        }
                    } else {
                        if (is_numeric($HTTP_VARS['attr_update_on_days'])) {
                            // GIve us all records updated in the last however many days.
                            $where_r[] = 'TO_DAYS(ia' . $i . '.update_on) >= (TO_DAYS(now())-' . $HTTP_VARS['attr_update_on_days'] . ')';
                        }
                    }
                }
            } else {
                if ($column_display_config_rs[$i]['column_type'] == 's_field_type') {
                    if ($column_display_config_rs[$i]['s_field_type'] == 'CATEGORY') {
                        $from_r[] = 's_item_attribute_type catsiat';
                        $from_r[] = 's_attribute_type catsat';
                        $where_r[] = 'catsiat.s_item_type = i.s_item_type AND catsat.s_attribute_type = catsiat.s_attribute_type AND catsat.s_field_type = \'CATEGORY\'';
                        $left_join_clause = 'LEFT JOIN item_attribute catia ON ' . 'catia.item_id = i.id AND (catia.instance_no = 0 OR catia.instance_no = ii.instance_no) AND catia.s_attribute_type = catsiat.s_attribute_type AND catia.order_no = catsiat.order_no';
                        if (strlen($HTTP_VARS['category']) > 0 || strcasecmp($HTTP_VARS['attr_match'], 'category') === 0 && strlen($HTTP_VARS['attribute_val']) > 0) {
                            // Support specifying $attribute_val for $category where $attr_match=="category"!
                            // If item_type && item_type_group are not set!
                            if (strlen($HTTP_VARS['attribute_type']) > 0 && !is_array($HTTP_VARS['s_item_type']) && strlen($HTTP_VARS['s_item_type']) == 0 && strlen($HTTP_VARS['s_item_type_group']) == 0) {
                                $where_r[] = 'catsat.s_attribute_type = \'' . $HTTP_VARS['attribute_type'] . '\'';
                            }
                            // Escape single quotes only.
                            $value = strtoupper(str_replace("'", "\\'", ifempty($HTTP_VARS['category'], $HTTP_VARS['attribute_val'])));
                            $where_r[] = 'UPPER(catia.lookup_attribute_val) = \'' . str_replace('\\_', '_', $value) . '\'';
                        } else {
                            $left_join_clause .= ' AND catia.attribute_no = 1';
                        }
                        $left_join_from_r[] = $left_join_clause;
                    } else {
                        if ($column_display_config_rs[$i]['s_field_type'] == 'INTEREST') {
                            // can only restrict interest level if its displayed as a column
                            if (strlen($HTTP_VARS['interest_level']) > 0) {
                                $where_r[] = "it.item_id = ii.item_id AND it.instance_no = ii.instance_no AND it.user_id = '" . get_opendb_session_var('user_id') . "'" . " AND it.level >= " . $HTTP_VARS['interest_level'];
                                $from_r[] = "user_item_interest it";
                            } else {
                                $left_join_from_r[] = "LEFT JOIN user_item_interest it ON it.item_id = i.id AND it.instance_no = ii.instance_no AND it.user_id = '" . get_opendb_session_var('user_id') . "'";
                            }
                        }
                    }
                }
            }
        }
    }
    // If attribute_val specified without a attribute_type, then do a loose join to item_attribute table,
    // only on attribute_val column.
    if (strlen($HTTP_VARS['attribute_type']) == 0 && (strlen($HTTP_VARS['attribute_val']) > 0 || strlen($HTTP_VARS['attr_update_on']) > 0 || strlen($HTTP_VARS['attr_update_on_days']) > 0)) {
        $from_r[] = 'item_attribute ia';
        // now do the where clause.
        $where_r[] = 'ia.item_id = i.id ';
        //AND ia.attribute_no = 1';
        if ($HTTP_VARS['attr_match'] != 'exact') {
            $parser = new BooleanParser();
            $statements = $parser->parseBooleanStatement(strtoupper(str_replace("'", "\\'", $HTTP_VARS['attribute_val'])));
            if (is_array($statements)) {
                if (is_lookup_attribute_type($HTTP_VARS['attribute_type'])) {
                    $where_r[] = build_boolean_clause($statements, 'ia.lookup_attribute_val', 'plain', 'AND', $HTTP_VARS['attr_case']);
                } else {
                    $where_r[] = build_boolean_clause($statements, 'ia.attribute_val', $HTTP_VARS['attr_match'], 'AND', $HTTP_VARS['attr_case']);
                }
            }
        } else {
            // attr_match = 'exact'
            if (is_lookup_attribute_type($HTTP_VARS['attribute_type'])) {
                $value = str_replace("'", "\\'", $HTTP_VARS['attribute_val']);
                $where_r[] = 'ia.lookup_attribute_val = \'' . str_replace('\\_', '_', $value) . '\'';
            } else {
                $value = str_replace("'", "\\'", $HTTP_VARS['attribute_val']);
                if (is_null($HTTP_VARS['attr_case'])) {
                    $where_r[] = '( ia.attribute_val = \'' . str_replace('\\_', '_', $value) . '\' OR ' . 'ia.attribute_val LIKE \'% ' . $value . ' %\' OR ' . 'ia.attribute_val LIKE \'' . $value . ' %\' OR ' . 'ia.attribute_val LIKE \'% ' . $value . '\')';
                } else {
                    $where_r[] = '( BINARY ia.attribute_val = \'' . str_replace('\\_', '_', $value) . '\' OR ' . 'ia.attribute_val LIKE BINARY \'% ' . $value . ' %\' OR ' . 'ia.attribute_val LIKE BINARY \'' . $value . ' %\' OR ' . 'ia.attribute_val LIKE BINARY \'% ' . $value . '\')';
                }
            }
        }
        if (strlen($HTTP_VARS['attr_update_on']) > 0) {
            if (strlen($HTTP_VARS['datetimemask']) > 0) {
                $timestamp = get_timestamp_for_datetime($HTTP_VARS['attr_update_on'], $HTTP_VARS['datetimemask']);
                if ($timestamp !== FALSE) {
                    $where_r[] = 'ia.update_on >= FROM_UNIXTIME(' . $timestamp . ')';
                } else {
                    // by default get items from 1 day ago, if update_on can not be parsed correctly.
                    $where_r[] = 'TO_DAYS(ia.update_on) >= (TO_DAYS(now())-1)';
                }
            } else {
                $where_r[] = 'ia.update_on >= \'' . $HTTP_VARS['attr_update_on'] . '\'';
            }
        } else {
            if (is_numeric($HTTP_VARS['attr_update_on_days'])) {
                // GIve us all records updated in the last however many days.
                $where_r[] = 'TO_DAYS(ia.update_on) >= (TO_DAYS(now())-' . $HTTP_VARS['attr_update_on_days'] . ')';
            }
        }
    }
    //
    // Review restrictions
    //
    if (strlen($HTTP_VARS['rating']) > 0) {
        $where_r[] = 'r.item_id = i.id AND r.rating >= ' . $HTTP_VARS['rating'];
        $from_r[] = 'review r';
    }
    //
    // Item ID range restriction (Used by Import script)
    //
    if (strlen($HTTP_VARS['item_id_range']) > 0) {
        $where_r[] = 'i.id IN (' . expand_number_range($HTTP_VARS['item_id_range']) . ')';
    }
    //
    // Now build the SQL query
    //
    if (is_array($from_r)) {
        $from_clause = '';
        for ($i = 0; $i < count($from_r); $i++) {
            if (strlen($from_clause) > 0) {
                $from_clause .= ', ';
            }
            $from_clause .= $from_r[$i];
        }
        $query .= 'FROM (' . $from_clause . ') ';
    }
    if (is_array($left_join_from_r)) {
        $left_join_from_clause = '';
        for ($i = 0; $i < count($left_join_from_r); $i++) {
            if (strlen($left_join_from_clause) > 0) {
                $left_join_from_clause .= ' ';
            }
            $left_join_from_clause .= $left_join_from_r[$i];
        }
        $query .= $left_join_from_clause . ' ';
    }
    if (is_array($where_r)) {
        $where_clause = '';
        for ($i = 0; $i < count($where_r); $i++) {
            if (strlen($where_clause) > 0) {
                $where_clause .= ' AND ';
            }
            $where_clause .= $where_r[$i];
        }
        $query .= 'WHERE ' . $where_clause;
    }
    return $query;
}
Esempio n. 9
0
                         // do nothing
                     } else {
                         show_email_form(get_user_ids_tovalue($HTTP_VARS['user_id_rs']), get_opendb_lang_var('site_users', 'user_desc', get_opendb_config_var('site', 'title')), $from_user_r['user_id'], $from_user_r['fullname'], $HTTP_VARS['subject'], $HTTP_VARS['message'], $HTTP_VARS, $errors);
                     }
                 }
             }
             echo _theme_footer();
         } else {
             opendb_not_authorised_page(PERM_ADMIN_SEND_EMAIL, $HTTP_VARS);
         }
     } else {
         if ($HTTP_VARS['op'] == 'send_to_uid' && is_user_permitted_to_receive_email($HTTP_VARS['uid'])) {
             if (is_user_granted_permission(PERM_SEND_EMAIL)) {
                 echo _theme_header(get_opendb_lang_var('send_email'), $HTTP_VARS['inc_menu']);
                 echo "<h2>" . get_opendb_lang_var('send_email') . "</h2>";
                 $from_user_r = fetch_user_r(get_opendb_session_var('user_id'));
                 $HTTP_VARS['toname'] = trim(strip_tags($HTTP_VARS['toname']));
                 if ($HTTP_VARS['op2'] == 'send' && send_email_to_userids(array($HTTP_VARS['uid']), $from_user_r['user_id'], $HTTP_VARS['subject'], $HTTP_VARS['message'], $errors)) {
                     // do nothing
                 } else {
                     show_email_form($HTTP_VARS['uid'], fetch_user_name($HTTP_VARS['uid']), $from_user_r['user_id'], $from_user_r['fullname'], $HTTP_VARS['subject'], $HTTP_VARS['message'], $HTTP_VARS, $errors);
                 }
                 echo _theme_footer();
             } else {
                 opendb_not_authorised_page(PERM_SEND_EMAIL, $HTTP_VARS);
             }
         } else {
             opendb_operation_not_available();
         }
     }
 }
Esempio n. 10
0
function is_opendb_valid_session()
{
    if (is_opendb_configured()) {
        if (get_opendb_session_var('login_time') != NULL && get_opendb_session_var('last_access_time') != NULL && get_opendb_session_var('user_id') != NULL && get_opendb_session_var('hash_check') != NULL) {
            $site_r = get_opendb_config_var('site');
            // A valid session as far as the variables go at least.
            if ($site_r['security_hash'] == get_opendb_session_var('hash_check')) {
                // idle_timeout is how long between requests a login session
                // can remain valid.  If login_timeout is set, then this controls
                // how long a session can remain active overall.
                $current_time = time();
                if (!is_numeric($site_r['login_timeout']) || $current_time - get_opendb_session_var('login_time') < $site_r['login_timeout']) {
                    if (!is_numeric($site_r['idle_timeout']) || $current_time - get_opendb_session_var('last_access_time') < $site_r['idle_timeout']) {
                        if (is_user_active(get_opendb_session_var('user_id'))) {
                            // reset the time, as we are only interested in idle session tests.
                            $_SESSION['last_access_time'] = $current_time;
                            return TRUE;
                        } else {
                            opendb_logger(OPENDB_LOG_WARN, __FILE__, __FUNCTION__, 'Invalid user encountered');
                            return FALSE;
                        }
                    }
                }
            } else {
                //if($site_r['security_hash'] == get_opendb_session_var('hash_check'))
                opendb_logger(OPENDB_LOG_WARN, __FILE__, __FUNCTION__, 'Invalid security-hash login invalidated');
                return FALSE;
            }
        }
    }
    //if(is_opendb_configured())
    //else
    return FALSE;
}
Esempio n. 11
0
function has_role_permission($role_name)
{
    $user_r = fetch_user_r(get_opendb_session_var('user_id'));
    if ($user_r['user_role'] == null) {
        // Explicitly set role name to public access by default.
        $user_r['user_role'] = get_public_access_rolename();
    }
    $role_r = fetch_role_r($role_name);
    if ($role_r['priority'] == null || $role_r['priority'] == '') {
        // Explicitly set permission to lowest value by default.
        $role_r['priority'] = 0;
    }
    $user_role_r = fetch_role_r($user_r['user_role']);
    if ($role_r['priority'] <= $user_role_r['priority']) {
        return true;
    } else {
        return false;
    }
}
Esempio n. 12
0
function getListingFiltersBlock()
{
    global $PHP_SELF;
    global $HTTP_VARS;
    $buffer = '';
    if ($HTTP_VARS['listings.filters'] != 'N' && get_opendb_config_var('listings.filters', 'enable') !== FALSE) {
        $excluded_vars_list = NULL;
        $buffer .= "<div id=\"listing-filters\" class=\"menuContainer toggleContainer\">";
        $buffer .= "<span id=\"listing-filters-toggle\" class=\"menuToggle toggleHidden\" onclick=\"return toggleVisible('listing-filters');\">" . get_opendb_lang_var('listing_filters') . "</span>";
        $buffer .= "<div id=\"listing-filters-content\" class=\"menuContent elementHidden\"\">";
        $buffer .= "<h2 class=\"menu\">" . get_opendb_lang_var('listing_filters') . "</h2>";
        $buffer .= "<form name=\"listing-filters\" action=\"{$PHP_SELF}\" method=\"GET\">";
        $buffer .= "<ul>";
        if (get_opendb_config_var('listings.filters', 'show_owner_lov') !== FALSE) {
            $excluded_vars_list[] = 'owner_id';
            $buffer .= "<li><label for=\"select-owner_id\">" . get_opendb_lang_var('owner_id') . "</label>\n\t\t\t\t<select id=\"select-owner_id\" name=\"owner_id\">\n\t\t\t\t<option value=\"\"></option>" . custom_select('owner_id', fetch_user_rs(PERM_ITEM_OWNER), '%fullname% (%user_id%)', 'NA', $HTTP_VARS['owner_id'], 'user_id') . "\n</select></li>";
        }
        if (get_opendb_config_var('listings.filters', 'show_s_status_type_lov') !== FALSE) {
            if (!is_array($HTTP_VARS['s_status_type']) || $HTTP_VARS['search_list'] != 'y' && $HTTP_VARS['attribute_list'] != 'y') {
                $results = fetch_status_type_rs();
                if ($results && db_num_rows($results) > 1) {
                    $excluded_vars_list[] = 's_status_type';
                    $buffer .= "<li><label for=\"select-s_status_type\">" . get_opendb_lang_var('s_status_type') . "</label>\n\t\t\t\t\t\t<select id=\"select-s_status_type\" name=\"s_status_type\">\n\t\t\t\t\t\t<option value=\"\"></option>" . custom_select('owner_id', $results, '%s_status_type% - %description%', 'NA', $HTTP_VARS['s_status_type'], 's_status_type') . "\n</select></li>";
                }
            }
        }
        if (get_opendb_config_var('listings.filters', 'show_item_type_group_lov') !== FALSE) {
            $v_item_type_groups = get_list_item_type_groups();
            if (is_not_empty_array($v_item_type_groups)) {
                $excluded_vars_list[] = 's_item_type_group';
                $buffer .= "<li><label for=\"select-s_item_type_group\">" . get_opendb_lang_var('s_item_type_group') . "</label>\n\t\t\t\t\t<select id=\"select-s_item_type_group\" name=\"s_item_type_group\">\n\t\t\t\t\t<option value=\"\"></option>" . custom_select('s_item_type_group', $v_item_type_groups, '%value% - %display%', 'NA', $HTTP_VARS['s_item_type_group'], 'value') . "\n</select></li>";
            }
        }
        if (get_opendb_config_var('listings.filters', 'show_item_type_lov') !== FALSE) {
            $v_item_types = get_list_item_types(NULL);
            if (is_not_empty_array($v_item_type_groups)) {
                $excluded_vars_list[] = 's_item_type';
                $buffer .= "<li><label for=\"select-s_item_type\">" . get_opendb_lang_var('s_item_type') . "</label>\n\t\t\t\t\t<select id=\"select-s_item_type\" name=\"s_item_type\">\n\t\t\t\t\t<option value=\"\"></option>" . custom_select('s_item_type', $v_item_types, '%value% - %display%', 'NA', $HTTP_VARS['s_item_type'], 'value') . "\n</select></li>";
            }
        }
        if (get_opendb_config_var('listings.filters', 'show_interest') !== FALSE) {
            $buffer .= "<li><label for=\"select-interest\">" . get_opendb_lang_var('interest_only_marked') . "</label>" . "<input type=\"checkbox\" class=\"checkbox\" id=\"select-interest\" name=\"interest_level\" value=\"1\"" . ($HTTP_VARS['interest_level'] >= 1 ? ' CHECKED' : '') . "></li>";
            $excluded_vars_list[] = 'interest_level';
        }
        if ($HTTP_VARS['owner_id'] != get_opendb_session_var('user_id')) {
            $buffer .= "<li><label for=\"exclude-current-user\">" . get_opendb_lang_var('exclude_current_user') . "</label>" . "<input type=\"checkbox\" class=\"checkbox\" id=\"exclude-current-user\" name=\"not_owner_id\" value=\"" . get_opendb_session_var('user_id') . "\"" . ($HTTP_VARS['not_owner_id'] == get_opendb_session_var('user_id') ? ' CHECKED' : '') . "></li>";
            $excluded_vars_list[] = 'not_owner_id';
        }
        $buffer .= "</ul>";
        $buffer .= get_url_fields($HTTP_VARS, NULL, $excluded_vars_list);
        $buffer .= "<input type=\"submit\" class=\"submit\" value=\"" . get_opendb_lang_var('submit') . "\">";
        $buffer .= "</form>";
        $buffer .= "</div>";
        $buffer .= "</div>";
    }
    return $buffer;
}
Esempio n. 13
0
function is_item_borrowed_by_user($item_id, $instance_no, $borrower_id = NULL)
{
    if ($borrower_id == NULL) {
        $borrower_id = get_opendb_session_var('user_id');
    }
    // In this case, we will not do a reserve, if the borrower has already reserved,
    // or borrowed the item.
    $query = "SELECT 'X' FROM borrowed_item " . "WHERE item_id = '{$item_id}' AND instance_no = '{$instance_no}' AND " . "borrower_id = '" . $borrower_id . "' AND " . "status = 'B'";
    $result = db_query($query);
    if ($result && db_num_rows($result) > 0) {
        db_free_result($result);
        return TRUE;
    }
    return FALSE;
}
Esempio n. 14
0
function handle_item_relation_delete($item_r, $status_type_r, $HTTP_VARS, &$errors)
{
    if ($item_r['owner_id'] != get_opendb_session_var('user_id') && !is_user_granted_permission(PERM_ITEM_ADMIN)) {
        $errors = array('error' => get_opendb_lang_var('cannot_delete_relation_item_not_owned'), 'detail' => '');
        opendb_logger(OPENDB_LOG_WARN, __FILE__, __FUNCTION__, 'User to delete item relationship they do not own', $item_r);
        return FALSE;
    }
    if ($HTTP_VARS['confirmed'] == 'true') {
        delete_related_item_instance_relationship($item_r['item_id'], $item_r['instance_no'], $HTTP_VARS['parent_item_id'], $HTTP_VARS['parent_instance_no']);
    } else {
        if ($HTTP_VARS['confirmed'] != 'false') {
            return "__CONFIRM__";
        } else {
            // confirmation required.
            return "__ABORTED__";
        }
    }
}
Esempio n. 15
0
                 }
             }
             if (strlen($_OPENDB_THEME) == 0) {
                 if (is_exists_theme(get_opendb_config_var('site', 'theme'))) {
                     $_OPENDB_THEME = get_opendb_config_var('site', 'theme');
                 } else {
                     $_OPENDB_THEME = 'default';
                 }
             }
         }
         if (is_exists_language($_OVRD_OPENDB_LANGUAGE)) {
             $_OPENDB_LANGUAGE = $_OVRD_OPENDB_LANGUAGE;
         } else {
             unset($_OPENDB_LANGUAGE);
             if (strlen(get_opendb_session_var('user_id')) > 0 && get_opendb_config_var('user_admin', 'user_language_support') !== FALSE) {
                 $user_language = fetch_user_language(get_opendb_session_var('user_id'));
                 if (is_exists_language($user_language)) {
                     $_OPENDB_LANGUAGE = $user_language;
                 }
             }
             if (strlen($_OPENDB_LANGUAGE) == 0) {
                 if (is_exists_language(get_opendb_config_var('site', 'language'))) {
                     $_OPENDB_LANGUAGE = strtoupper(get_opendb_config_var('site', 'language'));
                 } else {
                     $_OPENDB_LANGUAGE = fetch_default_language();
                 }
             }
         }
     }
 }
 if ($HTTP_VARS['mode'] == 'job') {
Esempio n. 16
0
                    echo "</div>";
                }
                echo "</div>";
                // end of tab content
                echo "</div>";
                // end of tabContainer
            } else {
                echo _theme_header(get_opendb_lang_var('item_not_found'));
                echo "<p class=\"error\">" . get_opendb_lang_var('item_not_found') . "</p>";
            }
            if (is_export_plugin(get_opendb_config_var('item_display', 'export_link')) && is_user_granted_permission(PERM_USER_EXPORT)) {
                $footer_links_r[] = array(url => "export.php?op=export&plugin=" . get_opendb_config_var('item_display', 'export_link') . "&item_id=" . $item_r['item_id'] . "&instance_no=" . $item_r['instance_no'], text => get_opendb_lang_var('export_item_record'));
            }
            // Include a Back to Listing link.
            if (is_opendb_session_var('listing_url_vars')) {
                $footer_links_r[] = array(url => "listings.php?" . get_url_string(get_opendb_session_var('listing_url_vars')), text => get_opendb_lang_var('back_to_listing'));
            }
            echo format_footer_links($footer_links_r);
            echo _theme_footer();
        } else {
            opendb_not_authorised_page(PERM_VIEW_ITEM_DISPLAY, $HTTP_VARS);
        }
    } else {
        // invalid login, so login instead.
        redirect_login($PHP_SELF, $HTTP_VARS);
    }
} else {
    //if(is_site_enabled())
    opendb_site_disabled();
}
// Cleanup after begin.inc.php
Esempio n. 17
0
function get_upload_form($HTTP_VARS)
{
    global $PHP_SELF;
    $buffer .= "\n<form name=\"main\" action=\"{$PHP_SELF}\" method=\"POST\" enctype=\"multipart/form-data\">";
    $buffer .= "\n<input type=\"hidden\" name=\"op\" value=\"upload\">";
    $buffer .= "\n<table>";
    if (is_user_granted_permission(PERM_ADMIN_IMPORT)) {
        $buffer .= format_field(get_opendb_lang_var('owner'), custom_select('owner_id', fetch_user_rs(PERM_USER_IMPORT), '%fullname% (%user_id%)', 1, ifempty($HTTP_VARS['owner_id'], get_opendb_session_var('user_id')), 'user_id'));
    } else {
        $buffer .= "\n<input type=\"hidden\" name=\"owner_id\" value=\"" . $HTTP_VARS['owner_id'] . "\">";
    }
    $buffer .= format_field(get_opendb_lang_var('item_type'), single_select('s_item_type', fetch_item_type_rs(TRUE), "%value% - %display%", NULL, $HTTP_VARS['s_item_type']));
    $buffer .= format_field(get_opendb_lang_var('file'), "<input type=\"file\" class=\"file\" size=\"25\" name=\"uploadfile\">");
    $buffer .= "\n</table>";
    $buffer .= "\n<input type=\"submit\" class=\"submit\" value=\"" . get_opendb_lang_var('submit') . "\">";
    $buffer .= "\n</form>";
    return $buffer;
}
Esempio n. 18
0
   You should have received a copy of the GNU General Public License
   along with this program; if not, write to the Free Software
   Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
*/
// This must be first - includes config.php
require_once "./include/begin.inc.php";
include_once "./lib/database.php";
include_once "./lib/auth.php";
include_once "./lib/logging.php";
include_once "./lib/widgets.php";
include_once "./lib/http.php";
include_once "./lib/importcache.php";
if (is_user_admin_changed_user()) {
    opendb_logger(OPENDB_LOG_INFO, __FILE__, __FUNCTION__, 'Administrator logging out change user');
    $user_r = fetch_user_r(get_opendb_session_var('admin_user_id'));
    register_opendb_session_var('user_id', get_opendb_session_var('admin_user_id'));
    unregister_opendb_session_var('admin_user_id');
    opendb_redirect('index.php');
} else {
    opendb_logger(OPENDB_LOG_INFO, __FILE__, __FUNCTION__, 'User logged out');
    if (strlen(get_opendb_session_var('user_id')) > 0) {
        import_cache_delete_for_user(get_opendb_session_var('user_id'));
    }
    @session_destroy();
    $params = session_get_cookie_params();
    setcookie(session_name(), '', 0, $params['path'], $params['domain'], $params['secure'], isset($params['httponly']));
    remove_opendb_remember_me();
    opendb_redirect('index.php');
}
// Cleanup after begin.inc.php
require_once "./include/end.inc.php";
Esempio n. 19
0
function is_opendb_session_var($name)
{
    return get_opendb_session_var($name) !== NULL;
}
Esempio n. 20
0
 function writeRowImpl($row_column_rs)
 {
     if ($this->_toggle) {
         $this->rowclass = "oddRow";
     } else {
         $this->rowclass = "evenRow";
     }
     $this->_write("\n<tr class=\"" . $this->rowclass . "\">");
     for ($i = 0; $i < count($row_column_rs); $i++) {
         $header_column_r = $this->_header_column_rs[$i];
         $columnClass = NULL;
         if (strlen($header_column_r['fieldname']) > 0) {
             $columnClass = $header_column_r['fieldname'];
         }
         switch ($row_column_rs[$i]['column_type']) {
             case 'action_links':
                 $this->_write('<td class="action_links ' . $columnClass . '">');
                 $this->_write(ifempty(format_action_links($row_column_rs[$i]['action_links']), get_opendb_lang_var('not_applicable')));
                 $this->_write('</td>');
                 break;
             case 'username':
                 $this->_write('<td class="username ' . $columnClass . '">');
                 $user_id = $row_column_rs[$i]['user_id'];
                 $fullname = $row_column_rs[$i]['fullname'];
                 if ($user_id == get_opendb_session_var('user_id')) {
                     $this->_write(get_opendb_lang_var('current_user', array('fullname' => $fullname, 'user_id' => $user_id)));
                 } else {
                     $user_name = get_opendb_lang_var('user_name', array('fullname' => $fullname, 'user_id' => $user_id));
                     if ($this->_include_href_links && is_user_granted_permission(PERM_VIEW_USER_PROFILE)) {
                         $item_title = '';
                         // lets find the title column.
                         for ($j = 0; $j < count($row_column_rs); $j++) {
                             if ($row_column_rs[$j]['column_type'] == 'title') {
                                 $item_title = trim(strip_tags($row_column_rs[$j]['item_title']));
                                 break;
                             }
                         }
                         $url = "user_profile.php?uid=" . $user_id;
                         if (is_array($row_column_rs[$i]['extra_http_vars'])) {
                             $url .= "&" . get_url_string($row_column_rs[$i]['extra_http_vars']);
                         }
                         $url .= "&subject=" . urlencode(ifempty($item_title, get_opendb_lang_var('no_subject')));
                         $this->_write("<a href=\"{$url}\" title=\"" . htmlspecialchars(get_opendb_lang_var('user_profile')) . "\">{$user_name}</a>");
                     } else {
                         $this->_write($user_name);
                     }
                 }
                 $this->_write('</td>');
                 break;
             case 'interest':
                 // 					opendb_logger(OPENDB_LOG_INFO, __FILE__, __FUNCTION__, "_xajax=" . $_xajax===NULL?"nulles":"nonnul");
                 $item_id = $row_column_rs[$i]['item_id'];
                 $instance_no = $row_column_rs[$i]['instance_no'];
                 $level = $row_column_rs[$i]['level'];
                 if ($level > 0) {
                     $this->addHelpEntry(get_opendb_lang_var('interest_help'), 'interest_1.gif', 'interest');
                     $new_level_value = 0;
                     $level_display .= "<img" . " id=\"interest_level_{$item_id}" . "_{$instance_no}\"" . " src=\"" . theme_image_src('interest_1.gif') . "\"" . " alt=\"" . get_opendb_lang_var('interest_remove') . "\"" . " title=\"" . get_opendb_lang_var('interest_remove') . "\"" . " onclick=\"xajax_ajax_update_interest_level('{$item_id}', '{$instance_no}', document.getElementById('new_level_value_{$item_id}\\_{$instance_no}').value);\"" . " style=\"cursor:pointer;\"" . " >";
                 } else {
                     $new_level_value = 1;
                     $level_display .= "<img" . " id=\"interest_level_{$item_id}" . "_{$instance_no}\"" . " src=\"" . theme_image_src('interest_0.gif') . "\"" . " alt=\"" . get_opendb_lang_var('interest_mark') . "\"" . " title=\"" . get_opendb_lang_var('interest_mark') . "\"" . " onclick=\"xajax_ajax_update_interest_level('{$item_id}','{$instance_no}', document.getElementById('new_level_value_{$item_id}\\_{$instance_no}').value);\"" . " style=\"cursor:pointer;\"" . " >";
                 }
                 $this->_write('<td class="interest ' . $columnClass . '">');
                 $this->_write("<input id=\"new_level_value_{$item_id}" . "_{$instance_no}\" type=\"hidden\" value=\"{$new_level_value}\" />");
                 $this->_write($level_display);
                 $this->_write('</td>');
                 break;
             case 'item_type_image':
                 $this->_write('<td class="item_type_image ' . $columnClass . '">');
                 $s_item_type = $row_column_rs[$i]['s_item_type'];
                 if (!is_array($this->_item_type_rs[$s_item_type]) || strlen($this->_item_type_rs[$s_item_type]['image']) == 0) {
                     $this->_item_type_rs[$s_item_type] = fetch_item_type_r($s_item_type);
                     // expand to the actual location once only.
                     if (strlen($this->_item_type_rs[$s_item_type]['image']) > 0) {
                         $this->_item_type_rs[$s_item_type]['image'] = theme_image_src($this->_item_type_rs[$s_item_type]['image']);
                     } else {
                         $this->_item_type_rs[$s_item_type]['image'] = 'none';
                     }
                     if (strlen($this->_item_type_rs[$s_item_type]['description']) > 0) {
                         $this->_item_type_rs[$s_item_type]['description'] = htmlspecialchars($this->_item_type_rs[$s_item_type]['description']);
                     } else {
                         $this->_item_type_rs[$s_item_type]['description'] = NULL;
                     }
                 }
                 if (strlen($this->_item_type_rs[$s_item_type]['image']) > 0 && $this->_item_type_rs[$s_item_type]['image'] != 'none') {
                     $this->_write(theme_image($this->_item_type_rs[$s_item_type]['image'], $this->_item_type_rs[$s_item_type]['description'], 's_item_type'));
                 } else {
                     // otherwise write the item type itself in place of the image.
                     $this->_write($s_item_type);
                 }
                 $this->_write('</td>');
                 break;
             case 'theme_image':
                 $this->_write('<td class="' . $columnClass . '">');
                 $this->_write(theme_image($row_column_rs[$i]['src'], htmlspecialchars($row_column_rs[$i]['title']), $row_column_rs[$i]['type']));
                 $this->_write('</td>');
                 break;
             case 'title':
                 $title_href_link = $row_column_rs[$i]['title_href_link'];
                 $is_item_reviewed = $row_column_rs[$i]['is_item_reviewed'];
                 $is_borrowed_or_returned = $row_column_rs[$i]['is_borrowed_or_returned'];
                 $item_title = '';
                 if ($this->_include_href_links && is_user_granted_permission(PERM_VIEW_ITEM_DISPLAY)) {
                     $item_title = '<a href="' . $title_href_link . '">' . $row_column_rs[$i]['item_title'] . '</a>';
                 } else {
                     $item_title = $row_column_rs[$i]['item_title'];
                 }
                 if ($is_item_reviewed) {
                     // show star if rated - Add it to the actual title, so we can do a bit more with title masks
                     $this->addHelpEntry(get_opendb_lang_var('item_reviewed'), 'rs.gif', 'item_reviewed');
                     $item_title .= theme_image('rs.gif', get_opendb_lang_var('item_reviewed'), 'item_reviewed');
                 }
                 if ($is_borrowed_or_returned) {
                     $this->addHelpEntry(get_opendb_lang_var('youve_borrow_or_return'), 'tick.gif', 'borrow_or_return');
                     $item_title .= theme_image("tick.gif", get_opendb_lang_var('youve_borrow_or_return'), 'borrow_or_return');
                     // show tick if previously borrowed or returned.
                 }
                 $this->_write('<td class="title ' . $columnClass . '">');
                 $this->_write($item_title);
                 $this->_write('</td>');
                 break;
             case 'coverimage':
                 $item_cover_image = $row_column_rs[$i]['item_cover_image'];
                 $title_href_link = $row_column_rs[$i]['title_href_link'];
                 $this->_write('<td class="coverimage ' . $columnId . 'Column">');
                 $file_r = file_cache_get_image_r($item_cover_image, 'listing');
                 if (is_array($file_r)) {
                     $cover_image_tag = '<img src="' . $file_r['thumbnail']['url'] . '"';
                     if (is_numeric($file_r['thumbnail']['width'])) {
                         $cover_image_tag .= ' width="' . $file_r['thumbnail']['width'] . '"';
                     }
                     if (is_numeric($file_r['thumbnail']['height'])) {
                         $cover_image_tag .= ' height="' . $file_r['thumbnail']['height'] . '"';
                     }
                     $cover_image_tag .= '>';
                     if ($this->_mode != 'printable' && $this->_include_href_links) {
                         $cover_image_tag = '<a href="' . $title_href_link . '">' . $cover_image_tag . '</a>';
                     }
                     $this->_write($cover_image_tag);
                 }
                 $this->_write('</td>');
                 break;
             case 'display':
                 $this->_write('<td class="' . $columnClass . '">');
                 $this->_write(get_display_field($row_column_rs[$i]['attribute_type'], $row_column_rs[$i]['prompt'], $row_column_rs[$i]['display_type'], $row_column_rs[$i]['value'], FALSE));
                 $this->_write('</td>');
                 break;
             case 'attribute_display':
                 $this->_write('<td class="' . $columnClass . '">');
                 $this->_write(get_item_display_field($row_column_rs[$i]['item_r'], $row_column_rs[$i]['attribute_type_r'], $row_column_rs[$i]['value'], FALSE));
                 $this->_write('</td>');
                 break;
             case 'checkbox':
                 $this->_write('<td class="checkbox">');
                 $value = $row_column_rs[$i]['value'];
                 $this->_write('<input type="checkbox" class="checkbox" name="' . $this->_header_column_rs[$i]['fieldname'] . '[]" value="' . $value . '">');
                 $this->_write('</td>');
                 break;
             default:
                 $this->_write('<td class="' . $columnClass . '">');
                 $this->_write($row_column_rs[$i]['value']);
                 $this->_write('</td>');
                 break;
         }
     }
     $this->_write("\n</tr>");
 }
Esempio n. 21
0
 /**
  * @param $item_r
  */
 function addTitleColumn($item_r)
 {
     $s_item_type = $item_r['s_item_type'];
     $is_item_reviewed = FALSE;
     if (is_item_reviewed($item_r['item_id'])) {
         $is_item_reviewed = TRUE;
     }
     $is_borrowed_or_returned = FALSE;
     if (is_item_borrowed_or_returned_by_user($item_r['item_id'], $item_r['instance_no'], get_opendb_session_var('user_id'))) {
         $is_borrowed_or_returned = TRUE;
     }
     $item_cover_image = FALSE;
     $header_column_r = $this->findHeaderColumnByFieldname('title');
     if ($header_column_r['cover_image_support'] === TRUE) {
         $item_cover_image = NULL;
         if (strlen($this->_item_type_rs[$s_item_type]['image_attribute_type']) === 0) {
             $this->_item_type_rs[$s_item_type]['image_attribute_type_r'] = fetch_sfieldtype_item_attribute_type_r($s_item_type, 'IMAGE');
         }
         if (is_array($this->_item_type_rs[$s_item_type]['image_attribute_type_r'])) {
             $attribute_type_r = $this->_item_type_rs[$s_item_type]['image_attribute_type_r'];
             $item_cover_image = fetch_attribute_val($item_r['item_id'], $item_r['instance_no'], $attribute_type_r['s_attribute_type']);
             // a kludge to use FALSE to test whether a default image should be displayed
             if ($item_cover_image === FALSE) {
                 $item_cover_image = NULL;
             }
         }
     }
     $item_r['title'] = $this->_titleMaskCfg->expand_item_title($item_r);
     $title_href_link = 'item_display.php?item_id=' . $item_r['item_id'] . '&instance_no=' . $item_r['instance_no'];
     if ($item_cover_image !== FALSE) {
         $this->_row_column_rs[] = array(column_type => 'coverimage', title_href_link => $title_href_link, item_cover_image => $item_cover_image);
     }
     $this->_row_column_rs[] = array(column_type => 'title', item_title => $item_r['title'], title_href_link => $title_href_link, is_item_reviewed => $is_item_reviewed, is_borrowed_or_returned => $is_borrowed_or_returned);
 }
Esempio n. 22
0
/**
 * Will work out based on the $op what the title should be.  It will
 * return a complete heading, including calling the _theme_header
 * and everything.
 */
function do_op_title($item_r, $status_type_r, $op)
{
    global $titleMaskCfg;
    global $HTTP_VARS;
    // hack
    if ($op == 'new' || $op == 'site' || $op == 'site-search' || $op == 'insert') {
        if ($item_r['owner_id'] != get_opendb_session_var('user_id')) {
            $item_title = get_opendb_lang_var('add_new_item_for_name', array('user_id' => $item_r['owner_id'], 'fullname' => fetch_user_name($item_r['owner_id'])));
        } else {
            $item_title = get_opendb_lang_var('add_new_item');
        }
    } else {
        if ($op == 'update' || $op == 'delete' || $op == 'delete_related') {
            $item_title = get_opendb_lang_var($op . '_item');
        } else {
            if ($op == 'refresh' || $op == 'edit' || $op == 'clone_item') {
                if ($op == 'clone_item') {
                    $op = 'clone';
                }
                $item_title = get_opendb_lang_var($op . '_title', array('display_title' => $titleMaskCfg->expand_item_title($item_r)));
            } else {
                if ($op == 'newinstance') {
                    // temporarily remove instance_no so that title renders correctly.
                    $item_r['instance_no'] = NULL;
                    $item_title = get_opendb_lang_var('new_item_instance_title', array('display_title' => $titleMaskCfg->expand_item_title($item_r)));
                }
            }
        }
    }
    echo _theme_header($item_title, $HTTP_VARS['inc_menu']);
    echo "<h2>" . $item_title . " " . get_item_image($item_r['s_item_type']) . "</h2>\n";
}
Esempio n. 23
0
function is_review_author($sequence_number, $author_id = NULL)
{
    if ($author_id == NULL) {
        $author_id = get_opendb_session_var('user_id');
    }
    $query = "SELECT author_id FROM review " . "WHERE sequence_number = {$sequence_number}";
    $result = db_query($query);
    if ($result && db_num_rows($result) > 0) {
        $found = db_fetch_assoc($result);
        db_free_result($result);
        if ($found && $found['author_id'] == $author_id) {
            return TRUE;
        }
    }
    //else
    return FALSE;
}
Esempio n. 24
0
function get_related_items_listing($item_r, $HTTP_VARS, $related_mode)
{
    global $PHP_SELF;
    $buffer = '';
    $results = fetch_item_instance_relationship_rs($item_r['item_id'], $item_r['instance_no'], $related_mode);
    if ($results) {
        $listingObject = new HTML_Listing($PHP_SELF, $HTTP_VARS);
        $listingObject->setBufferOutput(TRUE);
        $listingObject->setNoRowsMessage(get_opendb_lang_var('no_items_found'));
        $listingObject->setShowItemImages(TRUE);
        $listingObject->setIncludeFooter(FALSE);
        $listingObject->addHeaderColumn(get_opendb_lang_var('type'), 'type', FALSE);
        $listingObject->addHeaderColumn(get_opendb_lang_var('title'), 'title', FALSE);
        $listingObject->addHeaderColumn(get_opendb_lang_var('action'), 'action', FALSE);
        $listingObject->addHeaderColumn(get_opendb_lang_var('status'), 'status', FALSE);
        $listingObject->addHeaderColumn(get_opendb_lang_var('status_comment'), 'status_comment', FALSE);
        $listingObject->addHeaderColumn(get_opendb_lang_var('category'), 'category', FALSE);
        $listingObject->startListing(NULL);
        while ($related_item_r = db_fetch_assoc($results)) {
            $listingObject->startRow();
            $listingObject->addItemTypeImageColumn($related_item_r['s_item_type']);
            $listingObject->addTitleColumn($related_item_r);
            $action_links_rs = NULL;
            if (is_user_granted_permission(PERM_ITEM_OWNER) && get_opendb_session_var('user_id') === $item_r['owner_id'] || is_user_granted_permission(PERM_ITEM_ADMIN)) {
                $action_links_rs[] = array(url => 'item_input.php?op=edit&item_id=' . $related_item_r['item_id'] . '&instance_no=' . $related_item_r['instance_no'], img => 'edit.gif', text => get_opendb_lang_var('edit'));
                if (get_opendb_config_var('listings', 'show_refresh_actions') && is_item_legal_site_type($related_item_r['s_item_type'])) {
                    $action_links_rs[] = array(url => 'item_input.php?op=site-refresh&item_id=' . $related_item_r['item_id'] . '&instance_no=' . $related_item_r['instance_no'], img => 'refresh.gif', text => get_opendb_lang_var('refresh'));
                }
                $action_links_rs[] = array(url => 'item_input.php?op=delete&item_id=' . $related_item_r['item_id'] . '&instance_no=' . $related_item_r['instance_no'] . '&parent_item_id=' . $item_r['item_id'] . '&parent_instance_no=' . $item_r['instance_no'], img => 'delete.gif', text => get_opendb_lang_var('delete'));
                $action_links_rs[] = array(url => 'item_input.php?op=delete-relation&item_id=' . $item_r['item_id'] . '&instance_no=' . $item_r['instance_no'] . '&parent_item_id=' . $related_item_r['item_id'] . '&parent_instance_no=' . $related_item_r['instance_no'], img => 'delete.gif', text => get_opendb_lang_var('delete_relationship'));
            }
            $listingObject->addActionColumn($action_links_rs);
            $status_type_r = fetch_status_type_r($related_item_r['s_status_type']);
            $listingObject->addThemeImageColumn($status_type_r['img'], $status_type_r['description'], $status_type_r['description'], 's_status_type');
            //type
            // If a comment is allowed and defined, add it in.
            if ($status_type_r['status_comment_ind'] == 'Y' || get_opendb_session_var('user_id') === $related_item_r['owner_id'] || is_user_granted_permission(PERM_ITEM_ADMIN)) {
                // support newlines in this field
                $listingObject->addColumn(nl2br($related_item_r['status_comment']));
            } else {
                $listingObject->addColumn(get_opendb_lang_var('not_applicable'));
            }
            $attribute_type_r = fetch_sfieldtype_item_attribute_type_r($related_item_r['s_item_type'], 'CATEGORY');
            if (is_array($attribute_type_r)) {
                if ($attribute_type_r['lookup_attribute_ind'] === 'Y') {
                    $attribute_val = fetch_attribute_val_r($related_item_r['item_id'], $related_item_r['instance_no'], $attribute_type_r['s_attribute_type'], $attribute_type_r['order_no']);
                } else {
                    $attribute_val = fetch_attribute_val($related_item_r['item_id'], $related_item_r['instance_no'], $attribute_type_r['s_attribute_type'], $attribute_type_r['order_no']);
                }
                $listingObject->addAttrDisplayColumn($related_item_r, $attribute_type_r, $attribute_val);
            }
            $listingObject->endRow();
        }
        $listingObject->endListing();
        $buffer =& $listingObject->getContents();
        unset($listingObject);
        return $buffer;
    } else {
        return NULL;
    }
}
Esempio n. 25
0
function ajax_remove_all_interest_level()
{
    $user_id = get_opendb_session_var('user_id');
    $objResponse = new xajaxResponse();
    if (db_remove_all_interest_level($user_id)) {
        // We update all the images
        $objResponse->call(doRemoveInterestAllInterestLevel, theme_image_src('interest_0.gif'), get_opendb_lang_var('interest_mark'));
    }
    return $objResponse;
}
Esempio n. 26
0
/**
	Appends the given text to the logfile

	This function does some checking to make sure the entry does not
	go over 4000 characters, so as not to confuse the logfile.php
	script.
*/
function opendb_logger($msgtype, $file, $function, $message = NULL, $params_r = NULL)
{
    if (get_opendb_config_var('logging', 'enable') !== FALSE) {
        $entry['datetime'] = date("d/m/y H:i:s");
        // get time and date
        $entry['ip'] = ifempty(get_http_env("REMOTE_ADDR"), "0.0.0.0");
        $entry['user_id'] = get_opendb_session_var('user_id');
        $entry['admin_user_id'] = get_opendb_session_var('admin_user_id');
        if (strlen($entry['admin_user_id']) == 0) {
            $entry['admin_user_id'] = '-';
        }
        $msgtype = strtoupper($msgtype);
        if (!in_array($msgtype, array('E', 'I', 'W'))) {
            $msgtype = 'E';
        }
        // temp bit here!
        switch ($msgtype) {
            case 'E':
                $entry['type'] = 'ERROR';
                break;
            case 'W':
                $entry['type'] = 'WARN';
                break;
            case 'I':
                $entry['type'] = 'INFO';
                break;
        }
        $entry['parameters'] = expand_opendb_logger_params($params_r);
        if (strlen($entry['parameters']) == 0) {
            $entry['parameters'] = '-';
        }
        if (strlen($file) > 0) {
            $entry['file'] = str_replace('\\', '/', $file);
        } else {
            $entry['file'] = '-';
        }
        if (strlen($function) > 0 && $function != 'unknown') {
            $entry['function'] = $function;
        } else {
            $entry['function'] = '-';
        }
        if (strlen($message) > 0) {
            $entry['message'] = $message;
        } else {
            $entry['message'] = '-';
        }
        $fileptr = @fopen(get_opendb_config_var('logging', 'file'), 'a');
        if ($fileptr) {
            $entry['datetime'] = '[' . $entry['datetime'] . ']';
            if ($entry['parameters'] != '-') {
                $entry['parameters'] = '"' . addslashes(replace_newlines($entry['parameters'])) . '"';
            }
            if ($entry['message'] != '-') {
                $entry['message'] = '"' . addslashes(replace_newlines($entry['message'])) . '"';
            }
            $line = $entry['datetime'] . ' ' . $entry['type'] . ' ' . $entry['ip'] . ' ' . $entry['user_id'] . ' ' . $entry['admin_user_id'] . ' ' . $entry['file'] . ' ' . $entry['function'] . ' ' . $entry['parameters'] . ' ' . $entry['message'];
            fwrite($fileptr, $line . "\n");
            fclose($fileptr);
        }
    }
}
Esempio n. 27
0
                         $HTTP_VARS['op'] = 'my_reserve_basket';
                         if (is_exists_item_instance($HTTP_VARS['item_id'], $HTTP_VARS['instance_no'])) {
                             $footer_links_r[] = array(url => "item_display.php?item_id=" . $HTTP_VARS['item_id'] . "&instance_no=" . $HTTP_VARS['instance_no'], text => get_opendb_lang_var('back_to_item'));
                         }
                         if (is_opendb_session_var('listing_url_vars')) {
                             $footer_links_r[] = array(url => "listings.php?" . get_url_string(get_opendb_session_var('listing_url_vars')), text => get_opendb_lang_var('back_to_listing'));
                         }
                     } else {
                         if ($HTTP_VARS['op'] == 'admin_history') {
                             echo _theme_header(get_opendb_lang_var('borrower_history'));
                             echo "<h2>" . get_opendb_lang_var('borrower_history') . "</h2>";
                             echo "\n<form action=\"{$PHP_SELF}\" method=\"GET\">";
                             echo "\n<input type=\"hidden\" name=\"op\" value=\"my_history\">";
                             echo "\n<table>";
                             $results = fetch_user_rs(PERM_USER_BORROWER, ROLE_PERMISSIONS_INCLUDE, INCLUDE_CURRENT_USER, EXCLUDE_DEACTIVATED_USER, "fullname", "ASC");
                             echo format_field(get_opendb_lang_var('borrower'), custom_select('uid', $results, '%fullname% (%user_id%)', 1, get_opendb_session_var('user_id'), 'user_id'));
                             echo "</table>";
                             echo "<input type=\"submit\" class=\"submit\" value=\"" . get_opendb_lang_var('submit') . "\">";
                             echo "</form>";
                             echo _theme_footer();
                             $show_listings = FALSE;
                         } else {
                             opendb_operation_not_available();
                             $show_listings = FALSE;
                         }
                     }
                 }
             }
         }
     }
 }
Esempio n. 28
0
 unset($v_listing_url_vars['show_deactivated_users_cbox']);
 register_opendb_session_var('user_listing_url_vars', $v_listing_url_vars);
 while ($user_r = db_fetch_assoc($result)) {
     $user_is_active = is_user_active($user_r['user_id']);
     $listingObject->startRow();
     // todo - consider disabling for guest users!
     if ($HTTP_VARS['restrict_active_ind'] != 'X' ? $user_is_active : TRUE) {
         $listingObject->addCheckboxColumn($user_r['user_id'], FALSE);
     } else {
         $listingObject->addColumn();
     }
     $user_name = get_opendb_lang_var('user_name', array('fullname' => $user_r['fullname'], 'user_id' => $user_r['user_id']));
     $listingObject->addColumn('<a href="user_profile.php?uid=' . $user_r['user_id'] . '" title="' . get_opendb_lang_var('user_profile') . '">' . $user_name . '</a>');
     $action_links_rs = NULL;
     $action_links_rs[] = array(url => 'user_admin.php?op=edit&user_id=' . $user_r['user_id'], img => 'edit_user.gif', text => get_opendb_lang_var('edit'));
     if ($user_r['user_id'] != get_opendb_session_var('user_id')) {
         if ($user_r['active_ind'] == 'X') {
             $action_links_rs[] = array(url => 'user_admin.php?op=delete&user_id=' . $user_r['user_id'], img => 'delete_user.gif', text => get_opendb_lang_var('delete_user'));
         } else {
             if ($user_is_active) {
                 $action_links_rs[] = array(url => 'user_admin.php?op=deactivate&user_id=' . $user_r['user_id'], img => 'deactivate_user.gif', text => get_opendb_lang_var('deactivate_user'));
             }
         }
         if (!$user_is_active) {
             $action_links_rs[] = array(url => 'user_admin.php?op=activate&user_id=' . $user_r['user_id'], img => 'activate_user.gif', text => get_opendb_lang_var('activate_user'));
         }
     }
     $action_links_rs[] = array(url => 'user_admin.php?op=change_password&user_id=' . $user_r['user_id'], img => 'change_password.gif', text => get_opendb_lang_var('change_password'));
     $listingObject->addActionColumn($action_links_rs);
     $listingObject->addColumn($user_r['role_description']);
     if ($HTTP_VARS['restrict_active_ind'] != 'X') {
Esempio n. 29
0
function handle_user_deactivate($user_id, $HTTP_VARS, &$errors)
{
    if ($user_id == get_opendb_session_var('user_id')) {
        $errors[] = array('error' => get_opendb_lang_var('cannot_deactivate_yourself'), 'detail' => '');
        return FALSE;
    } else {
        if (fetch_my_borrowed_item_cnt($user_id) > 0) {
            $errors[] = array('error' => get_opendb_lang_var('user_with_borrows_not_deactivated'), 'detail' => '');
            return FALSE;
        } else {
            if (fetch_owner_borrowed_item_cnt($user_id) > 0) {
                $errors[] = array('error' => get_opendb_lang_var('user_with_owner_borrows_not_deactivated'), 'detail' => '');
                return FALSE;
            } else {
                if ($HTTP_VARS['confirmed'] == 'true') {
                    // Cancel all reservations.
                    $results = fetch_owner_reserved_item_rs($user_id);
                    if ($results) {
                        while ($borrowed_item_r = db_fetch_assoc($results)) {
                            cancel_reserve_item($borrowed_item_r['sequence_number']);
                        }
                        db_free_result($results);
                    }
                    $results = fetch_my_reserved_item_rs($user_id);
                    if ($results) {
                        while ($borrowed_item_r = db_fetch_assoc($results)) {
                            cancel_reserve_item($borrowed_item_r['sequence_number']);
                        }
                        db_free_result($results);
                    }
                    // deactivate user.
                    if (deactivate_user($user_id)) {
                        return TRUE;
                    } else {
                        return FALSE;
                    }
                } else {
                    if ($HTTP_VARS['confirmed'] != 'false') {
                        // confirmation required.
                        return "__CONFIRM__";
                    } else {
                        return "__ABORTED__";
                    }
                }
            }
        }
    }
}
Esempio n. 30
0
/**
 */
function process_borrow_results($op, $mode, $heading, $success_intro, $failure_intro, $more_information, $success_item_rs, $failure_item_rs, $email_notification = TRUE)
{
    $titleMaskCfg = new TitleMask(array('item_borrow', 'item_display'));
    if (is_not_empty_array($success_item_rs)) {
        // Sort the items by user, so we can send emails for multiple
        // items, instead of individually.
        $borrowed_item_user_r = array();
        while (list(, $borrowed_item_r) = each($success_item_rs)) {
            $item_r = fetch_item_instance_r($borrowed_item_r['item_id'], $borrowed_item_r['instance_no']);
            $item_r['title'] = $titleMaskCfg->expand_item_title($item_r);
            $item_entry_r['display_title'] = get_opendb_lang_var('borrow_item_title_listing', array('display_title' => $item_r['title'], 'item_id' => $item_r['item_id'], 'instance_no' => $item_r['instance_no']));
            // A array of item_entries.
            //$item_entry_r['item'] = $item_r;
            $item_entry_r['detail'] = get_borrow_details($op, $item_r, $borrowed_item_r);
            // When reserving or cancelling and the current user is the borrower, we want to
            // send the email to the owner, in all other cases the email should go to the
            // borrower.
            if (($op == 'reserve' || $op == 'cancel_reserve') && get_opendb_session_var('user_id') == $borrowed_item_r['borrower_id']) {
                $to_user = $item_r['owner_id'];
            } else {
                $to_user = $borrowed_item_r['borrower_id'];
            }
            // Now add an entry to this user array.
            $borrowed_item_user_r[$to_user][] = $item_entry_r;
        }
        $success_results = array();
        while (list($to_user, $item_entry_rs) = each($borrowed_item_user_r)) {
            $errors = NULL;
            if (is_valid_opendb_mailer() && $email_notification !== FALSE) {
                // How can the from user be anything but the currently logged in user!
                $email_result = send_notification_email($to_user, get_opendb_session_var('user_id'), $heading, $success_intro, $more_information, $item_entry_rs, $errors);
            }
            $display_title_r = NULL;
            reset($item_entry_rs);
            while (list(, $item_entry_r) = each($item_entry_rs)) {
                $display_title_r[] = $item_entry_r['display_title'];
            }
            $user_name = get_opendb_lang_var('user_name', array('fullname' => fetch_user_name($to_user), 'user_id' => $to_user));
            $success_results_rs[] = array(user_name => $user_name, display_titles => $display_title_r, email_result => $email_result, email_errors => $errors);
        }
        if (is_not_empty_array($success_results_rs)) {
            if ($mode == 'job') {
                display_job_success_borrow_results($success_intro, $success_results_rs);
            } else {
                display_html_success_borrow_results($success_intro, $success_results_rs);
            }
        }
    }
    if (is_not_empty_array($failure_item_rs)) {
        $failure_results = array();
        while (list(, $borrowed_item_r) = each($failure_item_rs)) {
            $item_r = fetch_item_instance_r($borrowed_item_r['item_id'], $borrowed_item_r['instance_no']);
            // Expand title mask.
            $item_r['title'] = $titleMaskCfg->expand_item_title($item_r);
            $display_title = get_opendb_lang_var('borrow_item_title_listing', array('display_title' => $item_r['title'], 'item_id' => $item_r['item_id'], 'instance_no' => $item_r['instance_no']));
            // Now display any errors if present.
            if (strlen($borrowed_item_r['errors']) > 0) {
                $borrow_error_details = get_opendb_lang_var('borrow_error_detail', 'error', $borrowed_item_r['errors']);
            }
            $failure_results[] = array(display_title => $display_title, errors => array($borrow_error_details));
        }
        if (is_not_empty_array($failure_results)) {
            if ($mode == 'job') {
                display_job_failure_borrow_results($failure_intro, $failure_results);
            } else {
                display_html_failure_borrow_results($failure_intro, $failure_results);
            }
        }
    }
}