function get_announcements_block()
{
$buffer = '';
if (is_user_granted_permission(PERM_ADMIN_ANNOUNCEMENTS)) {
// include a login warning if user password and email are still the defaults
if (get_opendb_session_var('user_id') == 'admin') {
$announcements_rs = get_admin_announcements_rs();
while (list(, $announcement_r) = each($announcements_rs)) {
$buffer .= "<li><h4>" . $announcement_r['heading'] . "</h4>\n\t\t\t\t\t<p class=\"content\">" . $announcement_r['message'] . "<a class=\"adminLink\" href=\"" . $announcement_r['link'] . "\">" . $announcement_r['link_text'] . "</a></p>";
}
}
}
if (get_opendb_config_var('welcome.announcements', 'enable') !== FALSE && is_user_granted_permission(PERM_VIEW_ANNOUNCEMENTS)) {
$results = fetch_announcement_rs('submit_on', 'DESC', 0, get_opendb_config_var('welcome.announcements', 'display_count'), 'Y', 'Y');
if ($results) {
while ($announcement_r = db_fetch_assoc($results)) {
$buffer .= "<li><h4>" . $announcement_r['title'] . "</h4>";
$buffer .= "<small class=\"submitDate\">" . get_localised_timestamp(get_opendb_config_var('welcome.announcements', 'datetime_mask'), $announcement_r['submit_on']) . "</small>";
$buffer .= "<p class=\"content\">" . nl2br($announcement_r['content']) . "</p></li>";
}
db_free_result($results);
}
}
if (strlen($buffer) > 0) {
return "\n<div id=\"announcements\">" . "<h3>" . get_opendb_lang_var('announcements') . "</h3>" . "\n<ul>" . $buffer . "\n</ul></div>";
} else {
return NULL;
}
}
function export_type_items(&$exportPlugin, $page_title, $s_item_type, $item_id, $instance_no, $owner_id, $restrict_status_type_r = NULL)
{
// the $restrict_status_type_r is ignored for a single item
if (is_numeric($item_id) && is_numeric($instance_no)) {
send_header($exportPlugin, $page_title);
$item_r = fetch_item_instance_r($item_id, $instance_no);
if ($item_r['owner_id'] == get_opendb_session_var('user_id') || is_user_granted_permission(PERM_VIEW_ITEM_DISPLAY)) {
send_data(get_export_type_item($exportPlugin, $item_id, $instance_no, $item_r['s_item_type'], $item_r['title'], $owner_id));
}
send_footer($exportPlugin);
return TRUE;
} else {
$itemresults = fetch_export_item_rs($s_item_type, $owner_id, $restrict_status_type_r);
if ($itemresults) {
send_header($exportPlugin, $page_title);
while ($item_r = db_fetch_assoc($itemresults)) {
send_data(get_export_type_item($exportPlugin, $item_r['item_id'], NULL, $item_r['s_item_type'], $item_r['title'], $owner_id, $include_parent_related_item));
}
db_free_result($itemresults);
send_footer($exportPlugin);
return TRUE;
}
}
//else
return FALSE;
}
function _theme_footer()
{
global $PHP_SELF;
$user_id = get_opendb_session_var('user_id');
if (is_site_public_access()) {
$user_id = NULL;
}
$pageId = basename($PHP_SELF, '.php');
if (function_exists('theme_footer')) {
return theme_footer($pageId, $user_id);
} else {
return NULL;
}
}
function get_list_username($user_id, $mode, $subject = NULL, $redirect_link = NULL, $redirect_url = NULL)
{
// Do not include email link, if Current User.
if ($user_id == get_opendb_session_var('user_id')) {
return get_opendb_lang_var('current_user', array('fullname' => fetch_user_name($user_id), 'user_id' => $user_id));
} else {
$user_name = get_opendb_lang_var('user_name', array('fullname' => fetch_user_name($user_id), 'user_id' => $user_id));
if (is_user_granted_permission(PERM_VIEW_USER_PROFILE)) {
return "<a href=\"user_profile.php?uid=" . $user_id . "&subject=" . urlencode(ifempty($subject, get_opendb_lang_var('no_subject'))) . "&redirect_link=" . urlencode($redirect_link) . "&redirect_url=" . urlencode($redirect_url) . "\" title=\"" . htmlspecialchars(get_opendb_lang_var('user_profile')) . "\">{$user_name}</a>";
} else {
return $user_name;
}
}
}
/**
* Is current user able to see UID address
*
* @param unknown_type $HTTP_VARS
* @param unknown_type $address_type_r
* @return unknown
*/
function is_user_address_visible($HTTP_VARS, $address_type_r)
{
if ($address_type_r['public_address_ind'] == 'Y') {
return TRUE;
} else {
if (is_user_granted_permission(PERM_ADMIN_USER_PROFILE)) {
return TRUE;
} else {
if ($address_type_r['borrow_address_ind'] == 'Y' && is_owner_and_borrower(get_opendb_session_var('user_id'), $HTTP_VARS['uid']) || is_owner_and_borrower($HTTP_VARS['uid'], get_opendb_session_var('user_id'))) {
return TRUE;
} else {
return FALSE;
}
}
}
}
function insert_announcement($title, $content, $display_days)
{
$title = addslashes(replace_newlines(trim($title)));
$content = addslashes(replace_newlines(trim($content)));
if (strlen($title) > 0 && strlen($content) > 0 && is_numeric($display_days)) {
$query = "INSERT INTO announcement (user_id, title, content, display_days, closed_ind)" . " VALUES('" . get_opendb_session_var('user_id') . "'," . "'" . $title . "'," . "'" . $content . "'," . $display_days . ", " . "'N')";
$insert = db_query($query);
if (db_affected_rows() > 0) {
opendb_logger(OPENDB_LOG_INFO, __FILE__, __FUNCTION__, NULL, array($title, $content, $display_days));
return TRUE;
} else {
opendb_logger(OPENDB_LOG_ERROR, __FILE__, __FUNCTION__, db_error(), array($title, $content, $display_days));
return FALSE;
}
} else {
return FALSE;
}
}
function fetch_export_item_instance_rs($s_item_type, $owner_id)
{
$query = "SELECT i.id as item_id, ii.instance_no, i.title, i.s_item_type, ii.owner_id, ii.borrow_duration, ii.s_status_type, ii.status_comment, UNIX_TIMESTAMP(ii.update_on) AS update_on " . "FROM user u, item i, item_instance ii, s_status_type sst " . "WHERE u.user_id = ii.owner_id AND i.id = ii.item_id AND sst.s_status_type = ii.s_status_type ";
if (strlen($s_item_type) > 0) {
$query .= "AND i.s_item_type = '{$s_item_type}'";
}
// can only export items for active users.
$query .= "AND u.active_ind = 'Y' ";
if (strlen($owner_id) > 0) {
$query .= " AND ii.owner_id = '{$owner_id}' ";
}
if (!is_user_granted_permission(PERM_ITEM_ADMIN)) {
$query .= " AND ( sst.hidden_ind = 'N' OR ii.owner_id = '" . get_opendb_session_var('user_id') . "') ";
}
$query .= "ORDER by i.id, ii.instance_no";
$result = db_query($query);
if ($result && db_num_rows($result) > 0) {
return $result;
} else {
return FALSE;
}
}
/**
* NOTE: PRIVATE FUNCTION.
Will return the FROM and WHERE clauses for a selection from the item table.
If $owner_id defined, will limit to only items owned by owner_id
If $s_item_type defined, will limit to only items of that type.
If $category defined, will limit to only items of that category.
If $letter defined will limit to item.title starting with that letter.
If $interest_level defined will limit to items with that interest level or higher.
@param $HTTP_VARS['...'] variables supported:
owner_id, s_item_type, s_item_type[], s_item_type_group, title, title_match, category,
rating, attribute_type, lookup_attribute_val, attribute_val, attr_match,
update_on, datetimemask, update_on_days, letter, start_item_id
s_status_type[], status_comment, not_s_status_type[], interest_level
*/
function from_and_where_clause($HTTP_VARS, $column_display_config_rs = NULL, $query_type = 'LISTING')
{
// For checking whether count (DISTINCT ...) is supported, and thus
// whether we have to do any special processing!
$from_r[] = 'item i';
$from_r[] = 'item_instance ii';
$where_r[] = 'ii.item_id = i.id';
// only parent items should ever be listed.
//
// Owner restriction
//
if (strlen($HTTP_VARS['owner_id']) > 0) {
$where_r[] = 'ii.owner_id = \'' . $HTTP_VARS['owner_id'] . '\'';
} else {
if (strlen($HTTP_VARS['not_owner_id']) > 0) {
//For not showing current user items.
$where_r[] = 'ii.owner_id <> \'' . $HTTP_VARS['not_owner_id'] . '\'';
}
}
//
// Item Type / Item Type group restriction
//
if (!is_array($HTTP_VARS['s_item_type']) && strlen($HTTP_VARS['s_item_type']) > 0) {
$where_r[] = 'i.s_item_type = \'' . $HTTP_VARS['s_item_type'] . '\'';
} else {
if (strlen($HTTP_VARS['s_item_type_group']) > 0) {
$from_r[] = 's_item_type_group_rltshp sitgr';
$where_r[] = 'sitgr.s_item_type = i.s_item_type';
$where_r[] = 'sitgr.s_item_type_group = \'' . $HTTP_VARS['s_item_type_group'] . '\'';
} else {
if (is_not_empty_array($HTTP_VARS['s_item_type'])) {
$where_r[] = 'i.s_item_type IN(' . format_sql_in_clause($HTTP_VARS['s_item_type']) . ')';
}
}
}
$from_r[] = 's_status_type sst';
$where_r[] = 'sst.s_status_type = ii.s_status_type';
//
// Status Type restriction
//
if (is_not_empty_array($HTTP_VARS['s_status_type'])) {
$where_r[] = 'sst.s_status_type IN(' . format_sql_in_clause($HTTP_VARS['s_status_type']) . ')';
} else {
if ($HTTP_VARS['s_status_type'] != 'ALL' && strlen($HTTP_VARS['s_status_type']) > 0) {
$where_r[] = 'sst.s_status_type = \'' . $HTTP_VARS['s_status_type'] . '\'';
}
}
// no need for such a restriction if current user is item admin
if (!is_user_granted_permission(PERM_ITEM_ADMIN)) {
$where_r[] = "( sst.hidden_ind = 'N' OR ii.owner_id = '" . get_opendb_session_var('user_id') . "') ";
}
//
// User and Status type restriction
//
if (strcmp($HTTP_VARS['owner_id'], get_opendb_session_var('user_id')) !== 0) {
// not current user
$from_r[] = 'user u';
$where_r[] = 'u.user_id = ii.owner_id';
$where_r[] = 'u.active_ind = \'Y\'';
}
//
// Status Comment restriction
//
if (strlen($HTTP_VARS['status_comment']) > 0) {
// Escape only the single quote!
$HTTP_VARS['status_comment'] = str_replace("'", "\\'", $HTTP_VARS['status_comment']);
if ($HTTP_VARS['status_comment_match'] != 'exact') {
$parser = new BooleanParser();
$statements = $parser->parseBooleanStatement($HTTP_VARS['status_comment']);
if (is_array($statements)) {
$where_r[] = build_boolean_clause($statements, 'ii.status_comment', $HTTP_VARS['status_comment_match'], 'AND', $HTTP_VARS['status_comment_case']);
}
} else {
if (is_null($HTTP_VARS['status_comment_case'])) {
$where_r[] = 'ii.status_comment = \'' . $HTTP_VARS['status_comment'] . '\'';
} else {
$where_r[] = 'BINARY ii.status_comment = \'' . $HTTP_VARS['status_comment'] . '\'';
}
}
}
//
// Title restriction
//
if (strlen($HTTP_VARS['title']) > 0) {
// Escape only the single quote!
$HTTP_VARS['title'] = str_replace("'", "\\'", $HTTP_VARS['title']);
if ($HTTP_VARS['title_match'] != 'exact') {
$parser = new BooleanParser();
$statements = $parser->parseBooleanStatement($HTTP_VARS['title']);
if (is_array($statements)) {
$where_r[] = build_boolean_clause($statements, 'i.title', $HTTP_VARS['title_match'], 'AND', $HTTP_VARS['title_case']);
}
} else {
if (is_null($HTTP_VARS['title_case'])) {
$where_r[] = 'i.title = \'' . $HTTP_VARS['title'] . '\'';
} else {
$where_r[] = 'BINARY i.title = \'' . $HTTP_VARS['title'] . '\'';
}
}
} else {
if (strlen($HTTP_VARS['letter']) > 0) {
// Numeric match.
if ($HTTP_VARS['letter'] == '#') {
$where_r[] = 'ASCII(LEFT(title,1)) BETWEEN ASCII(\'0\') AND ASCII(\'9\')';
} else {
$where_r[] = 'UPPER(LEFT(i.title,1)) = \'' . strtoupper($HTTP_VARS['letter']) . '\'';
}
}
}
//
// Last Updated support
//
if (strlen($HTTP_VARS['update_on']) > 0) {
if (strlen($HTTP_VARS['datetimemask']) > 0) {
$timestamp = get_timestamp_for_datetime($HTTP_VARS['update_on'], $HTTP_VARS['datetimemask']);
if ($timestamp !== FALSE) {
$where_r[] = 'ii.update_on >= FROM_UNIXTIME(' . $timestamp . ')';
} else {
// by default get items from 1 day ago, if update_on can not be parsed correctly.
$where_r[] = 'TO_DAYS(ii.update_on) >= (TO_DAYS(now())-1)';
}
} else {
$where_r[] = 'ii.update_on >= \'' . $HTTP_VARS['update_on'] . '\'';
}
} else {
if (is_numeric($HTTP_VARS['update_on_days'])) {
// GIve us all records updated in the last however many days.
$where_r[] = 'TO_DAYS(ii.update_on) >= (TO_DAYS(now())-' . $HTTP_VARS['update_on_days'] . ')';
}
}
//
// Item Attribute listing/restriction
//
if (is_array($column_display_config_rs)) {
for ($i = 0; $i < count($column_display_config_rs); $i++) {
if ($column_display_config_rs[$i]['column_type'] == 's_attribute_type') {
if ($column_display_config_rs[$i]['search_attribute_ind'] != 'y') {
// either LISTING or COUNT
if ($query_type != 'COUNT') {
$left_join = 'LEFT JOIN item_attribute ia' . $i . ' ON ' . 'ia' . $i . '.item_id = i.id AND (ia' . $i . '.instance_no = 0 OR ia' . $i . '.instance_no = ii.instance_no) AND ia' . $i . '.s_attribute_type = \'' . $column_display_config_rs[$i]['s_attribute_type'] . '\' AND ia' . $i . '.attribute_no = 1';
// So we can work out which search attribute types to display
if (is_numeric($column_display_config_rs[$i]['order_no'])) {
$left_join .= ' AND ia' . $i . '.order_no = ' . $column_display_config_rs[$i]['order_no'];
}
$left_join_from_r[] = $left_join;
}
} else {
// search attribute
$from_r[] = 'item_attribute ia' . $i;
// now do the where clause.
$where_r[] = 'ia' . $i . '.item_id = i.id AND (ia' . $i . '.instance_no = 0 OR ia' . $i . '.instance_no = ii.instance_no) AND ia' . $i . '.s_attribute_type = \'' . $column_display_config_rs[$i]['s_attribute_type'] . '\'';
// AND ia'.$i.'.attribute_no = 1';
if (strlen($column_display_config_rs[$i]['attribute_val']) > 0 && $column_display_config_rs[$i]['attribute_val'] != '%' && $column_display_config_rs[$i]['attr_match'] != 'exact') {
$parser = new BooleanParser();
$statements = $parser->parseBooleanStatement(strtoupper(str_replace("'", "\\'", $column_display_config_rs[$i]['attribute_val'])));
if (is_array($statements)) {
if ($column_display_config_rs[$i]['lookup_attribute_ind'] == 'Y') {
$where_r[] = build_boolean_clause($statements, 'ia' . $i . '.lookup_attribute_val', 'plain', 'AND', $HTTP_VARS['attr_case']);
} else {
$where_r[] = build_boolean_clause($statements, 'ia' . $i . '.attribute_val', $column_display_config_rs[$i]['attr_match'], 'AND', $HTTP_VARS['attr_case']);
}
}
} else {
if (strlen($column_display_config_rs[$i]['lookup_attribute_val']) > 0 && $column_display_config_rs[$i]['lookup_attribute_val'] != '%' && $column_display_config_rs[$i]['lookup_attribute_ind'] == 'Y') {
$value = str_replace("'", "\\'", $column_display_config_rs[$i]['lookup_attribute_val']);
$where_r[] = 'ia' . $i . '.lookup_attribute_val = \'' . str_replace('\\_', '_', $value) . '\'';
} else {
if (strlen($column_display_config_rs[$i]['attribute_val']) > 0 && $column_display_config_rs[$i]['attribute_val'] != '%') {
if (starts_with($column_display_config_rs[$i]['attribute_val'], '"') && ends_with($column_display_config_rs[$i]['attribute_val'], '"')) {
$column_display_config_rs[$i]['attribute_val'] = substr($column_display_config_rs[$i]['attribute_val'], 1, -1);
}
$value = strtoupper(str_replace("'", "\\'", $column_display_config_rs[$i]['attribute_val']));
$where_r[] = 'UPPER(ia' . $i . '.attribute_val) = \'' . str_replace('\\_', '_', $value) . '\'';
}
}
}
if (strlen($HTTP_VARS['attr_update_on']) > 0) {
if (strlen($HTTP_VARS['datetimemask']) > 0) {
$timestamp = get_timestamp_for_datetime($HTTP_VARS['attr_update_on'], $HTTP_VARS['datetimemask']);
if ($timestamp !== FALSE) {
$where_r[] = 'ia' . $i . '.update_on >= FROM_UNIXTIME(' . $timestamp . ')';
} else {
// by default get items from 1 day ago, if update_on can not be parsed correctly.
$where_r[] = 'TO_DAYS(ia' . $i . '.update_on) >= (TO_DAYS(now())-1)';
}
} else {
$where_r[] = 'ia' . $i . '.update_on >= \'' . $HTTP_VARS['attr_update_on'] . '\'';
}
} else {
if (is_numeric($HTTP_VARS['attr_update_on_days'])) {
// GIve us all records updated in the last however many days.
$where_r[] = 'TO_DAYS(ia' . $i . '.update_on) >= (TO_DAYS(now())-' . $HTTP_VARS['attr_update_on_days'] . ')';
}
}
}
} else {
if ($column_display_config_rs[$i]['column_type'] == 's_field_type') {
if ($column_display_config_rs[$i]['s_field_type'] == 'CATEGORY') {
$from_r[] = 's_item_attribute_type catsiat';
$from_r[] = 's_attribute_type catsat';
$where_r[] = 'catsiat.s_item_type = i.s_item_type AND catsat.s_attribute_type = catsiat.s_attribute_type AND catsat.s_field_type = \'CATEGORY\'';
$left_join_clause = 'LEFT JOIN item_attribute catia ON ' . 'catia.item_id = i.id AND (catia.instance_no = 0 OR catia.instance_no = ii.instance_no) AND catia.s_attribute_type = catsiat.s_attribute_type AND catia.order_no = catsiat.order_no';
if (strlen($HTTP_VARS['category']) > 0 || strcasecmp($HTTP_VARS['attr_match'], 'category') === 0 && strlen($HTTP_VARS['attribute_val']) > 0) {
// Support specifying $attribute_val for $category where $attr_match=="category"!
// If item_type && item_type_group are not set!
if (strlen($HTTP_VARS['attribute_type']) > 0 && !is_array($HTTP_VARS['s_item_type']) && strlen($HTTP_VARS['s_item_type']) == 0 && strlen($HTTP_VARS['s_item_type_group']) == 0) {
$where_r[] = 'catsat.s_attribute_type = \'' . $HTTP_VARS['attribute_type'] . '\'';
}
// Escape single quotes only.
$value = strtoupper(str_replace("'", "\\'", ifempty($HTTP_VARS['category'], $HTTP_VARS['attribute_val'])));
$where_r[] = 'UPPER(catia.lookup_attribute_val) = \'' . str_replace('\\_', '_', $value) . '\'';
} else {
$left_join_clause .= ' AND catia.attribute_no = 1';
}
$left_join_from_r[] = $left_join_clause;
} else {
if ($column_display_config_rs[$i]['s_field_type'] == 'INTEREST') {
// can only restrict interest level if its displayed as a column
if (strlen($HTTP_VARS['interest_level']) > 0) {
$where_r[] = "it.item_id = ii.item_id AND it.instance_no = ii.instance_no AND it.user_id = '" . get_opendb_session_var('user_id') . "'" . " AND it.level >= " . $HTTP_VARS['interest_level'];
$from_r[] = "user_item_interest it";
} else {
$left_join_from_r[] = "LEFT JOIN user_item_interest it ON it.item_id = i.id AND it.instance_no = ii.instance_no AND it.user_id = '" . get_opendb_session_var('user_id') . "'";
}
}
}
}
}
}
}
// If attribute_val specified without a attribute_type, then do a loose join to item_attribute table,
// only on attribute_val column.
if (strlen($HTTP_VARS['attribute_type']) == 0 && (strlen($HTTP_VARS['attribute_val']) > 0 || strlen($HTTP_VARS['attr_update_on']) > 0 || strlen($HTTP_VARS['attr_update_on_days']) > 0)) {
$from_r[] = 'item_attribute ia';
// now do the where clause.
$where_r[] = 'ia.item_id = i.id ';
//AND ia.attribute_no = 1';
if ($HTTP_VARS['attr_match'] != 'exact') {
$parser = new BooleanParser();
$statements = $parser->parseBooleanStatement(strtoupper(str_replace("'", "\\'", $HTTP_VARS['attribute_val'])));
if (is_array($statements)) {
if (is_lookup_attribute_type($HTTP_VARS['attribute_type'])) {
$where_r[] = build_boolean_clause($statements, 'ia.lookup_attribute_val', 'plain', 'AND', $HTTP_VARS['attr_case']);
} else {
$where_r[] = build_boolean_clause($statements, 'ia.attribute_val', $HTTP_VARS['attr_match'], 'AND', $HTTP_VARS['attr_case']);
}
}
} else {
// attr_match = 'exact'
if (is_lookup_attribute_type($HTTP_VARS['attribute_type'])) {
$value = str_replace("'", "\\'", $HTTP_VARS['attribute_val']);
$where_r[] = 'ia.lookup_attribute_val = \'' . str_replace('\\_', '_', $value) . '\'';
} else {
$value = str_replace("'", "\\'", $HTTP_VARS['attribute_val']);
if (is_null($HTTP_VARS['attr_case'])) {
$where_r[] = '( ia.attribute_val = \'' . str_replace('\\_', '_', $value) . '\' OR ' . 'ia.attribute_val LIKE \'% ' . $value . ' %\' OR ' . 'ia.attribute_val LIKE \'' . $value . ' %\' OR ' . 'ia.attribute_val LIKE \'% ' . $value . '\')';
} else {
$where_r[] = '( BINARY ia.attribute_val = \'' . str_replace('\\_', '_', $value) . '\' OR ' . 'ia.attribute_val LIKE BINARY \'% ' . $value . ' %\' OR ' . 'ia.attribute_val LIKE BINARY \'' . $value . ' %\' OR ' . 'ia.attribute_val LIKE BINARY \'% ' . $value . '\')';
}
}
}
if (strlen($HTTP_VARS['attr_update_on']) > 0) {
if (strlen($HTTP_VARS['datetimemask']) > 0) {
$timestamp = get_timestamp_for_datetime($HTTP_VARS['attr_update_on'], $HTTP_VARS['datetimemask']);
if ($timestamp !== FALSE) {
$where_r[] = 'ia.update_on >= FROM_UNIXTIME(' . $timestamp . ')';
} else {
// by default get items from 1 day ago, if update_on can not be parsed correctly.
$where_r[] = 'TO_DAYS(ia.update_on) >= (TO_DAYS(now())-1)';
}
} else {
$where_r[] = 'ia.update_on >= \'' . $HTTP_VARS['attr_update_on'] . '\'';
}
} else {
if (is_numeric($HTTP_VARS['attr_update_on_days'])) {
// GIve us all records updated in the last however many days.
$where_r[] = 'TO_DAYS(ia.update_on) >= (TO_DAYS(now())-' . $HTTP_VARS['attr_update_on_days'] . ')';
}
}
}
//
// Review restrictions
//
if (strlen($HTTP_VARS['rating']) > 0) {
$where_r[] = 'r.item_id = i.id AND r.rating >= ' . $HTTP_VARS['rating'];
$from_r[] = 'review r';
}
//
// Item ID range restriction (Used by Import script)
//
if (strlen($HTTP_VARS['item_id_range']) > 0) {
$where_r[] = 'i.id IN (' . expand_number_range($HTTP_VARS['item_id_range']) . ')';
}
//
// Now build the SQL query
//
if (is_array($from_r)) {
$from_clause = '';
for ($i = 0; $i < count($from_r); $i++) {
if (strlen($from_clause) > 0) {
$from_clause .= ', ';
}
$from_clause .= $from_r[$i];
}
$query .= 'FROM (' . $from_clause . ') ';
}
if (is_array($left_join_from_r)) {
$left_join_from_clause = '';
for ($i = 0; $i < count($left_join_from_r); $i++) {
if (strlen($left_join_from_clause) > 0) {
$left_join_from_clause .= ' ';
}
$left_join_from_clause .= $left_join_from_r[$i];
}
$query .= $left_join_from_clause . ' ';
}
if (is_array($where_r)) {
$where_clause = '';
for ($i = 0; $i < count($where_r); $i++) {
if (strlen($where_clause) > 0) {
$where_clause .= ' AND ';
}
$where_clause .= $where_r[$i];
}
$query .= 'WHERE ' . $where_clause;
}
return $query;
}
// do nothing
} else {
show_email_form(get_user_ids_tovalue($HTTP_VARS['user_id_rs']), get_opendb_lang_var('site_users', 'user_desc', get_opendb_config_var('site', 'title')), $from_user_r['user_id'], $from_user_r['fullname'], $HTTP_VARS['subject'], $HTTP_VARS['message'], $HTTP_VARS, $errors);
}
}
}
echo _theme_footer();
} else {
opendb_not_authorised_page(PERM_ADMIN_SEND_EMAIL, $HTTP_VARS);
}
} else {
if ($HTTP_VARS['op'] == 'send_to_uid' && is_user_permitted_to_receive_email($HTTP_VARS['uid'])) {
if (is_user_granted_permission(PERM_SEND_EMAIL)) {
echo _theme_header(get_opendb_lang_var('send_email'), $HTTP_VARS['inc_menu']);
echo "<h2>" . get_opendb_lang_var('send_email') . "</h2>";
$from_user_r = fetch_user_r(get_opendb_session_var('user_id'));
$HTTP_VARS['toname'] = trim(strip_tags($HTTP_VARS['toname']));
if ($HTTP_VARS['op2'] == 'send' && send_email_to_userids(array($HTTP_VARS['uid']), $from_user_r['user_id'], $HTTP_VARS['subject'], $HTTP_VARS['message'], $errors)) {
// do nothing
} else {
show_email_form($HTTP_VARS['uid'], fetch_user_name($HTTP_VARS['uid']), $from_user_r['user_id'], $from_user_r['fullname'], $HTTP_VARS['subject'], $HTTP_VARS['message'], $HTTP_VARS, $errors);
}
echo _theme_footer();
} else {
opendb_not_authorised_page(PERM_SEND_EMAIL, $HTTP_VARS);
}
} else {
opendb_operation_not_available();
}
}
}
function is_opendb_valid_session()
{
if (is_opendb_configured()) {
if (get_opendb_session_var('login_time') != NULL && get_opendb_session_var('last_access_time') != NULL && get_opendb_session_var('user_id') != NULL && get_opendb_session_var('hash_check') != NULL) {
$site_r = get_opendb_config_var('site');
// A valid session as far as the variables go at least.
if ($site_r['security_hash'] == get_opendb_session_var('hash_check')) {
// idle_timeout is how long between requests a login session
// can remain valid. If login_timeout is set, then this controls
// how long a session can remain active overall.
$current_time = time();
if (!is_numeric($site_r['login_timeout']) || $current_time - get_opendb_session_var('login_time') < $site_r['login_timeout']) {
if (!is_numeric($site_r['idle_timeout']) || $current_time - get_opendb_session_var('last_access_time') < $site_r['idle_timeout']) {
if (is_user_active(get_opendb_session_var('user_id'))) {
// reset the time, as we are only interested in idle session tests.
$_SESSION['last_access_time'] = $current_time;
return TRUE;
} else {
opendb_logger(OPENDB_LOG_WARN, __FILE__, __FUNCTION__, 'Invalid user encountered');
return FALSE;
}
}
}
} else {
//if($site_r['security_hash'] == get_opendb_session_var('hash_check'))
opendb_logger(OPENDB_LOG_WARN, __FILE__, __FUNCTION__, 'Invalid security-hash login invalidated');
return FALSE;
}
}
}
//if(is_opendb_configured())
//else
return FALSE;
}
function has_role_permission($role_name)
{
$user_r = fetch_user_r(get_opendb_session_var('user_id'));
if ($user_r['user_role'] == null) {
// Explicitly set role name to public access by default.
$user_r['user_role'] = get_public_access_rolename();
}
$role_r = fetch_role_r($role_name);
if ($role_r['priority'] == null || $role_r['priority'] == '') {
// Explicitly set permission to lowest value by default.
$role_r['priority'] = 0;
}
$user_role_r = fetch_role_r($user_r['user_role']);
if ($role_r['priority'] <= $user_role_r['priority']) {
return true;
} else {
return false;
}
}
function getListingFiltersBlock()
{
global $PHP_SELF;
global $HTTP_VARS;
$buffer = '';
if ($HTTP_VARS['listings.filters'] != 'N' && get_opendb_config_var('listings.filters', 'enable') !== FALSE) {
$excluded_vars_list = NULL;
$buffer .= "<div id=\"listing-filters\" class=\"menuContainer toggleContainer\">";
$buffer .= "<span id=\"listing-filters-toggle\" class=\"menuToggle toggleHidden\" onclick=\"return toggleVisible('listing-filters');\">" . get_opendb_lang_var('listing_filters') . "</span>";
$buffer .= "<div id=\"listing-filters-content\" class=\"menuContent elementHidden\"\">";
$buffer .= "<h2 class=\"menu\">" . get_opendb_lang_var('listing_filters') . "</h2>";
$buffer .= "<form name=\"listing-filters\" action=\"{$PHP_SELF}\" method=\"GET\">";
$buffer .= "<ul>";
if (get_opendb_config_var('listings.filters', 'show_owner_lov') !== FALSE) {
$excluded_vars_list[] = 'owner_id';
$buffer .= "<li><label for=\"select-owner_id\">" . get_opendb_lang_var('owner_id') . "</label>\n\t\t\t\t<select id=\"select-owner_id\" name=\"owner_id\">\n\t\t\t\t<option value=\"\"></option>" . custom_select('owner_id', fetch_user_rs(PERM_ITEM_OWNER), '%fullname% (%user_id%)', 'NA', $HTTP_VARS['owner_id'], 'user_id') . "\n</select></li>";
}
if (get_opendb_config_var('listings.filters', 'show_s_status_type_lov') !== FALSE) {
if (!is_array($HTTP_VARS['s_status_type']) || $HTTP_VARS['search_list'] != 'y' && $HTTP_VARS['attribute_list'] != 'y') {
$results = fetch_status_type_rs();
if ($results && db_num_rows($results) > 1) {
$excluded_vars_list[] = 's_status_type';
$buffer .= "<li><label for=\"select-s_status_type\">" . get_opendb_lang_var('s_status_type') . "</label>\n\t\t\t\t\t\t<select id=\"select-s_status_type\" name=\"s_status_type\">\n\t\t\t\t\t\t<option value=\"\"></option>" . custom_select('owner_id', $results, '%s_status_type% - %description%', 'NA', $HTTP_VARS['s_status_type'], 's_status_type') . "\n</select></li>";
}
}
}
if (get_opendb_config_var('listings.filters', 'show_item_type_group_lov') !== FALSE) {
$v_item_type_groups = get_list_item_type_groups();
if (is_not_empty_array($v_item_type_groups)) {
$excluded_vars_list[] = 's_item_type_group';
$buffer .= "<li><label for=\"select-s_item_type_group\">" . get_opendb_lang_var('s_item_type_group') . "</label>\n\t\t\t\t\t<select id=\"select-s_item_type_group\" name=\"s_item_type_group\">\n\t\t\t\t\t<option value=\"\"></option>" . custom_select('s_item_type_group', $v_item_type_groups, '%value% - %display%', 'NA', $HTTP_VARS['s_item_type_group'], 'value') . "\n</select></li>";
}
}
if (get_opendb_config_var('listings.filters', 'show_item_type_lov') !== FALSE) {
$v_item_types = get_list_item_types(NULL);
if (is_not_empty_array($v_item_type_groups)) {
$excluded_vars_list[] = 's_item_type';
$buffer .= "<li><label for=\"select-s_item_type\">" . get_opendb_lang_var('s_item_type') . "</label>\n\t\t\t\t\t<select id=\"select-s_item_type\" name=\"s_item_type\">\n\t\t\t\t\t<option value=\"\"></option>" . custom_select('s_item_type', $v_item_types, '%value% - %display%', 'NA', $HTTP_VARS['s_item_type'], 'value') . "\n</select></li>";
}
}
if (get_opendb_config_var('listings.filters', 'show_interest') !== FALSE) {
$buffer .= "<li><label for=\"select-interest\">" . get_opendb_lang_var('interest_only_marked') . "</label>" . "<input type=\"checkbox\" class=\"checkbox\" id=\"select-interest\" name=\"interest_level\" value=\"1\"" . ($HTTP_VARS['interest_level'] >= 1 ? ' CHECKED' : '') . "></li>";
$excluded_vars_list[] = 'interest_level';
}
if ($HTTP_VARS['owner_id'] != get_opendb_session_var('user_id')) {
$buffer .= "<li><label for=\"exclude-current-user\">" . get_opendb_lang_var('exclude_current_user') . "</label>" . "<input type=\"checkbox\" class=\"checkbox\" id=\"exclude-current-user\" name=\"not_owner_id\" value=\"" . get_opendb_session_var('user_id') . "\"" . ($HTTP_VARS['not_owner_id'] == get_opendb_session_var('user_id') ? ' CHECKED' : '') . "></li>";
$excluded_vars_list[] = 'not_owner_id';
}
$buffer .= "</ul>";
$buffer .= get_url_fields($HTTP_VARS, NULL, $excluded_vars_list);
$buffer .= "<input type=\"submit\" class=\"submit\" value=\"" . get_opendb_lang_var('submit') . "\">";
$buffer .= "</form>";
$buffer .= "</div>";
$buffer .= "</div>";
}
return $buffer;
}
function is_item_borrowed_by_user($item_id, $instance_no, $borrower_id = NULL)
{
if ($borrower_id == NULL) {
$borrower_id = get_opendb_session_var('user_id');
}
// In this case, we will not do a reserve, if the borrower has already reserved,
// or borrowed the item.
$query = "SELECT 'X' FROM borrowed_item " . "WHERE item_id = '{$item_id}' AND instance_no = '{$instance_no}' AND " . "borrower_id = '" . $borrower_id . "' AND " . "status = 'B'";
$result = db_query($query);
if ($result && db_num_rows($result) > 0) {
db_free_result($result);
return TRUE;
}
return FALSE;
}
function handle_item_relation_delete($item_r, $status_type_r, $HTTP_VARS, &$errors)
{
if ($item_r['owner_id'] != get_opendb_session_var('user_id') && !is_user_granted_permission(PERM_ITEM_ADMIN)) {
$errors = array('error' => get_opendb_lang_var('cannot_delete_relation_item_not_owned'), 'detail' => '');
opendb_logger(OPENDB_LOG_WARN, __FILE__, __FUNCTION__, 'User to delete item relationship they do not own', $item_r);
return FALSE;
}
if ($HTTP_VARS['confirmed'] == 'true') {
delete_related_item_instance_relationship($item_r['item_id'], $item_r['instance_no'], $HTTP_VARS['parent_item_id'], $HTTP_VARS['parent_instance_no']);
} else {
if ($HTTP_VARS['confirmed'] != 'false') {
return "__CONFIRM__";
} else {
// confirmation required.
return "__ABORTED__";
}
}
}
}
}
if (strlen($_OPENDB_THEME) == 0) {
if (is_exists_theme(get_opendb_config_var('site', 'theme'))) {
$_OPENDB_THEME = get_opendb_config_var('site', 'theme');
} else {
$_OPENDB_THEME = 'default';
}
}
}
if (is_exists_language($_OVRD_OPENDB_LANGUAGE)) {
$_OPENDB_LANGUAGE = $_OVRD_OPENDB_LANGUAGE;
} else {
unset($_OPENDB_LANGUAGE);
if (strlen(get_opendb_session_var('user_id')) > 0 && get_opendb_config_var('user_admin', 'user_language_support') !== FALSE) {
$user_language = fetch_user_language(get_opendb_session_var('user_id'));
if (is_exists_language($user_language)) {
$_OPENDB_LANGUAGE = $user_language;
}
}
if (strlen($_OPENDB_LANGUAGE) == 0) {
if (is_exists_language(get_opendb_config_var('site', 'language'))) {
$_OPENDB_LANGUAGE = strtoupper(get_opendb_config_var('site', 'language'));
} else {
$_OPENDB_LANGUAGE = fetch_default_language();
}
}
}
}
}
if ($HTTP_VARS['mode'] == 'job') {
echo "</div>";
}
echo "</div>";
// end of tab content
echo "</div>";
// end of tabContainer
} else {
echo _theme_header(get_opendb_lang_var('item_not_found'));
echo "<p class=\"error\">" . get_opendb_lang_var('item_not_found') . "</p>";
}
if (is_export_plugin(get_opendb_config_var('item_display', 'export_link')) && is_user_granted_permission(PERM_USER_EXPORT)) {
$footer_links_r[] = array(url => "export.php?op=export&plugin=" . get_opendb_config_var('item_display', 'export_link') . "&item_id=" . $item_r['item_id'] . "&instance_no=" . $item_r['instance_no'], text => get_opendb_lang_var('export_item_record'));
}
// Include a Back to Listing link.
if (is_opendb_session_var('listing_url_vars')) {
$footer_links_r[] = array(url => "listings.php?" . get_url_string(get_opendb_session_var('listing_url_vars')), text => get_opendb_lang_var('back_to_listing'));
}
echo format_footer_links($footer_links_r);
echo _theme_footer();
} else {
opendb_not_authorised_page(PERM_VIEW_ITEM_DISPLAY, $HTTP_VARS);
}
} else {
// invalid login, so login instead.
redirect_login($PHP_SELF, $HTTP_VARS);
}
} else {
//if(is_site_enabled())
opendb_site_disabled();
}
// Cleanup after begin.inc.php
function get_upload_form($HTTP_VARS)
{
global $PHP_SELF;
$buffer .= "\n<form name=\"main\" action=\"{$PHP_SELF}\" method=\"POST\" enctype=\"multipart/form-data\">";
$buffer .= "\n<input type=\"hidden\" name=\"op\" value=\"upload\">";
$buffer .= "\n<table>";
if (is_user_granted_permission(PERM_ADMIN_IMPORT)) {
$buffer .= format_field(get_opendb_lang_var('owner'), custom_select('owner_id', fetch_user_rs(PERM_USER_IMPORT), '%fullname% (%user_id%)', 1, ifempty($HTTP_VARS['owner_id'], get_opendb_session_var('user_id')), 'user_id'));
} else {
$buffer .= "\n<input type=\"hidden\" name=\"owner_id\" value=\"" . $HTTP_VARS['owner_id'] . "\">";
}
$buffer .= format_field(get_opendb_lang_var('item_type'), single_select('s_item_type', fetch_item_type_rs(TRUE), "%value% - %display%", NULL, $HTTP_VARS['s_item_type']));
$buffer .= format_field(get_opendb_lang_var('file'), "<input type=\"file\" class=\"file\" size=\"25\" name=\"uploadfile\">");
$buffer .= "\n</table>";
$buffer .= "\n<input type=\"submit\" class=\"submit\" value=\"" . get_opendb_lang_var('submit') . "\">";
$buffer .= "\n</form>";
return $buffer;
}
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
// This must be first - includes config.php
require_once "./include/begin.inc.php";
include_once "./lib/database.php";
include_once "./lib/auth.php";
include_once "./lib/logging.php";
include_once "./lib/widgets.php";
include_once "./lib/http.php";
include_once "./lib/importcache.php";
if (is_user_admin_changed_user()) {
opendb_logger(OPENDB_LOG_INFO, __FILE__, __FUNCTION__, 'Administrator logging out change user');
$user_r = fetch_user_r(get_opendb_session_var('admin_user_id'));
register_opendb_session_var('user_id', get_opendb_session_var('admin_user_id'));
unregister_opendb_session_var('admin_user_id');
opendb_redirect('index.php');
} else {
opendb_logger(OPENDB_LOG_INFO, __FILE__, __FUNCTION__, 'User logged out');
if (strlen(get_opendb_session_var('user_id')) > 0) {
import_cache_delete_for_user(get_opendb_session_var('user_id'));
}
@session_destroy();
$params = session_get_cookie_params();
setcookie(session_name(), '', 0, $params['path'], $params['domain'], $params['secure'], isset($params['httponly']));
remove_opendb_remember_me();
opendb_redirect('index.php');
}
// Cleanup after begin.inc.php
require_once "./include/end.inc.php";
function is_opendb_session_var($name)
{
return get_opendb_session_var($name) !== NULL;
}
function writeRowImpl($row_column_rs)
{
if ($this->_toggle) {
$this->rowclass = "oddRow";
} else {
$this->rowclass = "evenRow";
}
$this->_write("\n<tr class=\"" . $this->rowclass . "\">");
for ($i = 0; $i < count($row_column_rs); $i++) {
$header_column_r = $this->_header_column_rs[$i];
$columnClass = NULL;
if (strlen($header_column_r['fieldname']) > 0) {
$columnClass = $header_column_r['fieldname'];
}
switch ($row_column_rs[$i]['column_type']) {
case 'action_links':
$this->_write('<td class="action_links ' . $columnClass . '">');
$this->_write(ifempty(format_action_links($row_column_rs[$i]['action_links']), get_opendb_lang_var('not_applicable')));
$this->_write('</td>');
break;
case 'username':
$this->_write('<td class="username ' . $columnClass . '">');
$user_id = $row_column_rs[$i]['user_id'];
$fullname = $row_column_rs[$i]['fullname'];
if ($user_id == get_opendb_session_var('user_id')) {
$this->_write(get_opendb_lang_var('current_user', array('fullname' => $fullname, 'user_id' => $user_id)));
} else {
$user_name = get_opendb_lang_var('user_name', array('fullname' => $fullname, 'user_id' => $user_id));
if ($this->_include_href_links && is_user_granted_permission(PERM_VIEW_USER_PROFILE)) {
$item_title = '';
// lets find the title column.
for ($j = 0; $j < count($row_column_rs); $j++) {
if ($row_column_rs[$j]['column_type'] == 'title') {
$item_title = trim(strip_tags($row_column_rs[$j]['item_title']));
break;
}
}
$url = "user_profile.php?uid=" . $user_id;
if (is_array($row_column_rs[$i]['extra_http_vars'])) {
$url .= "&" . get_url_string($row_column_rs[$i]['extra_http_vars']);
}
$url .= "&subject=" . urlencode(ifempty($item_title, get_opendb_lang_var('no_subject')));
$this->_write("<a href=\"{$url}\" title=\"" . htmlspecialchars(get_opendb_lang_var('user_profile')) . "\">{$user_name}</a>");
} else {
$this->_write($user_name);
}
}
$this->_write('</td>');
break;
case 'interest':
// opendb_logger(OPENDB_LOG_INFO, __FILE__, __FUNCTION__, "_xajax=" . $_xajax===NULL?"nulles":"nonnul");
$item_id = $row_column_rs[$i]['item_id'];
$instance_no = $row_column_rs[$i]['instance_no'];
$level = $row_column_rs[$i]['level'];
if ($level > 0) {
$this->addHelpEntry(get_opendb_lang_var('interest_help'), 'interest_1.gif', 'interest');
$new_level_value = 0;
$level_display .= "<img" . " id=\"interest_level_{$item_id}" . "_{$instance_no}\"" . " src=\"" . theme_image_src('interest_1.gif') . "\"" . " alt=\"" . get_opendb_lang_var('interest_remove') . "\"" . " title=\"" . get_opendb_lang_var('interest_remove') . "\"" . " onclick=\"xajax_ajax_update_interest_level('{$item_id}', '{$instance_no}', document.getElementById('new_level_value_{$item_id}\\_{$instance_no}').value);\"" . " style=\"cursor:pointer;\"" . " >";
} else {
$new_level_value = 1;
$level_display .= "<img" . " id=\"interest_level_{$item_id}" . "_{$instance_no}\"" . " src=\"" . theme_image_src('interest_0.gif') . "\"" . " alt=\"" . get_opendb_lang_var('interest_mark') . "\"" . " title=\"" . get_opendb_lang_var('interest_mark') . "\"" . " onclick=\"xajax_ajax_update_interest_level('{$item_id}','{$instance_no}', document.getElementById('new_level_value_{$item_id}\\_{$instance_no}').value);\"" . " style=\"cursor:pointer;\"" . " >";
}
$this->_write('<td class="interest ' . $columnClass . '">');
$this->_write("<input id=\"new_level_value_{$item_id}" . "_{$instance_no}\" type=\"hidden\" value=\"{$new_level_value}\" />");
$this->_write($level_display);
$this->_write('</td>');
break;
case 'item_type_image':
$this->_write('<td class="item_type_image ' . $columnClass . '">');
$s_item_type = $row_column_rs[$i]['s_item_type'];
if (!is_array($this->_item_type_rs[$s_item_type]) || strlen($this->_item_type_rs[$s_item_type]['image']) == 0) {
$this->_item_type_rs[$s_item_type] = fetch_item_type_r($s_item_type);
// expand to the actual location once only.
if (strlen($this->_item_type_rs[$s_item_type]['image']) > 0) {
$this->_item_type_rs[$s_item_type]['image'] = theme_image_src($this->_item_type_rs[$s_item_type]['image']);
} else {
$this->_item_type_rs[$s_item_type]['image'] = 'none';
}
if (strlen($this->_item_type_rs[$s_item_type]['description']) > 0) {
$this->_item_type_rs[$s_item_type]['description'] = htmlspecialchars($this->_item_type_rs[$s_item_type]['description']);
} else {
$this->_item_type_rs[$s_item_type]['description'] = NULL;
}
}
if (strlen($this->_item_type_rs[$s_item_type]['image']) > 0 && $this->_item_type_rs[$s_item_type]['image'] != 'none') {
$this->_write(theme_image($this->_item_type_rs[$s_item_type]['image'], $this->_item_type_rs[$s_item_type]['description'], 's_item_type'));
} else {
// otherwise write the item type itself in place of the image.
$this->_write($s_item_type);
}
$this->_write('</td>');
break;
case 'theme_image':
$this->_write('<td class="' . $columnClass . '">');
$this->_write(theme_image($row_column_rs[$i]['src'], htmlspecialchars($row_column_rs[$i]['title']), $row_column_rs[$i]['type']));
$this->_write('</td>');
break;
case 'title':
$title_href_link = $row_column_rs[$i]['title_href_link'];
$is_item_reviewed = $row_column_rs[$i]['is_item_reviewed'];
$is_borrowed_or_returned = $row_column_rs[$i]['is_borrowed_or_returned'];
$item_title = '';
if ($this->_include_href_links && is_user_granted_permission(PERM_VIEW_ITEM_DISPLAY)) {
$item_title = '<a href="' . $title_href_link . '">' . $row_column_rs[$i]['item_title'] . '</a>';
} else {
$item_title = $row_column_rs[$i]['item_title'];
}
if ($is_item_reviewed) {
// show star if rated - Add it to the actual title, so we can do a bit more with title masks
$this->addHelpEntry(get_opendb_lang_var('item_reviewed'), 'rs.gif', 'item_reviewed');
$item_title .= theme_image('rs.gif', get_opendb_lang_var('item_reviewed'), 'item_reviewed');
}
if ($is_borrowed_or_returned) {
$this->addHelpEntry(get_opendb_lang_var('youve_borrow_or_return'), 'tick.gif', 'borrow_or_return');
$item_title .= theme_image("tick.gif", get_opendb_lang_var('youve_borrow_or_return'), 'borrow_or_return');
// show tick if previously borrowed or returned.
}
$this->_write('<td class="title ' . $columnClass . '">');
$this->_write($item_title);
$this->_write('</td>');
break;
case 'coverimage':
$item_cover_image = $row_column_rs[$i]['item_cover_image'];
$title_href_link = $row_column_rs[$i]['title_href_link'];
$this->_write('<td class="coverimage ' . $columnId . 'Column">');
$file_r = file_cache_get_image_r($item_cover_image, 'listing');
if (is_array($file_r)) {
$cover_image_tag = '<img src="' . $file_r['thumbnail']['url'] . '"';
if (is_numeric($file_r['thumbnail']['width'])) {
$cover_image_tag .= ' width="' . $file_r['thumbnail']['width'] . '"';
}
if (is_numeric($file_r['thumbnail']['height'])) {
$cover_image_tag .= ' height="' . $file_r['thumbnail']['height'] . '"';
}
$cover_image_tag .= '>';
if ($this->_mode != 'printable' && $this->_include_href_links) {
$cover_image_tag = '<a href="' . $title_href_link . '">' . $cover_image_tag . '</a>';
}
$this->_write($cover_image_tag);
}
$this->_write('</td>');
break;
case 'display':
$this->_write('<td class="' . $columnClass . '">');
$this->_write(get_display_field($row_column_rs[$i]['attribute_type'], $row_column_rs[$i]['prompt'], $row_column_rs[$i]['display_type'], $row_column_rs[$i]['value'], FALSE));
$this->_write('</td>');
break;
case 'attribute_display':
$this->_write('<td class="' . $columnClass . '">');
$this->_write(get_item_display_field($row_column_rs[$i]['item_r'], $row_column_rs[$i]['attribute_type_r'], $row_column_rs[$i]['value'], FALSE));
$this->_write('</td>');
break;
case 'checkbox':
$this->_write('<td class="checkbox">');
$value = $row_column_rs[$i]['value'];
$this->_write('<input type="checkbox" class="checkbox" name="' . $this->_header_column_rs[$i]['fieldname'] . '[]" value="' . $value . '">');
$this->_write('</td>');
break;
default:
$this->_write('<td class="' . $columnClass . '">');
$this->_write($row_column_rs[$i]['value']);
$this->_write('</td>');
break;
}
}
$this->_write("\n</tr>");
}
/**
* @param $item_r
*/
function addTitleColumn($item_r)
{
$s_item_type = $item_r['s_item_type'];
$is_item_reviewed = FALSE;
if (is_item_reviewed($item_r['item_id'])) {
$is_item_reviewed = TRUE;
}
$is_borrowed_or_returned = FALSE;
if (is_item_borrowed_or_returned_by_user($item_r['item_id'], $item_r['instance_no'], get_opendb_session_var('user_id'))) {
$is_borrowed_or_returned = TRUE;
}
$item_cover_image = FALSE;
$header_column_r = $this->findHeaderColumnByFieldname('title');
if ($header_column_r['cover_image_support'] === TRUE) {
$item_cover_image = NULL;
if (strlen($this->_item_type_rs[$s_item_type]['image_attribute_type']) === 0) {
$this->_item_type_rs[$s_item_type]['image_attribute_type_r'] = fetch_sfieldtype_item_attribute_type_r($s_item_type, 'IMAGE');
}
if (is_array($this->_item_type_rs[$s_item_type]['image_attribute_type_r'])) {
$attribute_type_r = $this->_item_type_rs[$s_item_type]['image_attribute_type_r'];
$item_cover_image = fetch_attribute_val($item_r['item_id'], $item_r['instance_no'], $attribute_type_r['s_attribute_type']);
// a kludge to use FALSE to test whether a default image should be displayed
if ($item_cover_image === FALSE) {
$item_cover_image = NULL;
}
}
}
$item_r['title'] = $this->_titleMaskCfg->expand_item_title($item_r);
$title_href_link = 'item_display.php?item_id=' . $item_r['item_id'] . '&instance_no=' . $item_r['instance_no'];
if ($item_cover_image !== FALSE) {
$this->_row_column_rs[] = array(column_type => 'coverimage', title_href_link => $title_href_link, item_cover_image => $item_cover_image);
}
$this->_row_column_rs[] = array(column_type => 'title', item_title => $item_r['title'], title_href_link => $title_href_link, is_item_reviewed => $is_item_reviewed, is_borrowed_or_returned => $is_borrowed_or_returned);
}
/**
* Will work out based on the $op what the title should be. It will
* return a complete heading, including calling the _theme_header
* and everything.
*/
function do_op_title($item_r, $status_type_r, $op)
{
global $titleMaskCfg;
global $HTTP_VARS;
// hack
if ($op == 'new' || $op == 'site' || $op == 'site-search' || $op == 'insert') {
if ($item_r['owner_id'] != get_opendb_session_var('user_id')) {
$item_title = get_opendb_lang_var('add_new_item_for_name', array('user_id' => $item_r['owner_id'], 'fullname' => fetch_user_name($item_r['owner_id'])));
} else {
$item_title = get_opendb_lang_var('add_new_item');
}
} else {
if ($op == 'update' || $op == 'delete' || $op == 'delete_related') {
$item_title = get_opendb_lang_var($op . '_item');
} else {
if ($op == 'refresh' || $op == 'edit' || $op == 'clone_item') {
if ($op == 'clone_item') {
$op = 'clone';
}
$item_title = get_opendb_lang_var($op . '_title', array('display_title' => $titleMaskCfg->expand_item_title($item_r)));
} else {
if ($op == 'newinstance') {
// temporarily remove instance_no so that title renders correctly.
$item_r['instance_no'] = NULL;
$item_title = get_opendb_lang_var('new_item_instance_title', array('display_title' => $titleMaskCfg->expand_item_title($item_r)));
}
}
}
}
echo _theme_header($item_title, $HTTP_VARS['inc_menu']);
echo "<h2>" . $item_title . " " . get_item_image($item_r['s_item_type']) . "</h2>\n";
}
function is_review_author($sequence_number, $author_id = NULL)
{
if ($author_id == NULL) {
$author_id = get_opendb_session_var('user_id');
}
$query = "SELECT author_id FROM review " . "WHERE sequence_number = {$sequence_number}";
$result = db_query($query);
if ($result && db_num_rows($result) > 0) {
$found = db_fetch_assoc($result);
db_free_result($result);
if ($found && $found['author_id'] == $author_id) {
return TRUE;
}
}
//else
return FALSE;
}
function get_related_items_listing($item_r, $HTTP_VARS, $related_mode)
{
global $PHP_SELF;
$buffer = '';
$results = fetch_item_instance_relationship_rs($item_r['item_id'], $item_r['instance_no'], $related_mode);
if ($results) {
$listingObject = new HTML_Listing($PHP_SELF, $HTTP_VARS);
$listingObject->setBufferOutput(TRUE);
$listingObject->setNoRowsMessage(get_opendb_lang_var('no_items_found'));
$listingObject->setShowItemImages(TRUE);
$listingObject->setIncludeFooter(FALSE);
$listingObject->addHeaderColumn(get_opendb_lang_var('type'), 'type', FALSE);
$listingObject->addHeaderColumn(get_opendb_lang_var('title'), 'title', FALSE);
$listingObject->addHeaderColumn(get_opendb_lang_var('action'), 'action', FALSE);
$listingObject->addHeaderColumn(get_opendb_lang_var('status'), 'status', FALSE);
$listingObject->addHeaderColumn(get_opendb_lang_var('status_comment'), 'status_comment', FALSE);
$listingObject->addHeaderColumn(get_opendb_lang_var('category'), 'category', FALSE);
$listingObject->startListing(NULL);
while ($related_item_r = db_fetch_assoc($results)) {
$listingObject->startRow();
$listingObject->addItemTypeImageColumn($related_item_r['s_item_type']);
$listingObject->addTitleColumn($related_item_r);
$action_links_rs = NULL;
if (is_user_granted_permission(PERM_ITEM_OWNER) && get_opendb_session_var('user_id') === $item_r['owner_id'] || is_user_granted_permission(PERM_ITEM_ADMIN)) {
$action_links_rs[] = array(url => 'item_input.php?op=edit&item_id=' . $related_item_r['item_id'] . '&instance_no=' . $related_item_r['instance_no'], img => 'edit.gif', text => get_opendb_lang_var('edit'));
if (get_opendb_config_var('listings', 'show_refresh_actions') && is_item_legal_site_type($related_item_r['s_item_type'])) {
$action_links_rs[] = array(url => 'item_input.php?op=site-refresh&item_id=' . $related_item_r['item_id'] . '&instance_no=' . $related_item_r['instance_no'], img => 'refresh.gif', text => get_opendb_lang_var('refresh'));
}
$action_links_rs[] = array(url => 'item_input.php?op=delete&item_id=' . $related_item_r['item_id'] . '&instance_no=' . $related_item_r['instance_no'] . '&parent_item_id=' . $item_r['item_id'] . '&parent_instance_no=' . $item_r['instance_no'], img => 'delete.gif', text => get_opendb_lang_var('delete'));
$action_links_rs[] = array(url => 'item_input.php?op=delete-relation&item_id=' . $item_r['item_id'] . '&instance_no=' . $item_r['instance_no'] . '&parent_item_id=' . $related_item_r['item_id'] . '&parent_instance_no=' . $related_item_r['instance_no'], img => 'delete.gif', text => get_opendb_lang_var('delete_relationship'));
}
$listingObject->addActionColumn($action_links_rs);
$status_type_r = fetch_status_type_r($related_item_r['s_status_type']);
$listingObject->addThemeImageColumn($status_type_r['img'], $status_type_r['description'], $status_type_r['description'], 's_status_type');
//type
// If a comment is allowed and defined, add it in.
if ($status_type_r['status_comment_ind'] == 'Y' || get_opendb_session_var('user_id') === $related_item_r['owner_id'] || is_user_granted_permission(PERM_ITEM_ADMIN)) {
// support newlines in this field
$listingObject->addColumn(nl2br($related_item_r['status_comment']));
} else {
$listingObject->addColumn(get_opendb_lang_var('not_applicable'));
}
$attribute_type_r = fetch_sfieldtype_item_attribute_type_r($related_item_r['s_item_type'], 'CATEGORY');
if (is_array($attribute_type_r)) {
if ($attribute_type_r['lookup_attribute_ind'] === 'Y') {
$attribute_val = fetch_attribute_val_r($related_item_r['item_id'], $related_item_r['instance_no'], $attribute_type_r['s_attribute_type'], $attribute_type_r['order_no']);
} else {
$attribute_val = fetch_attribute_val($related_item_r['item_id'], $related_item_r['instance_no'], $attribute_type_r['s_attribute_type'], $attribute_type_r['order_no']);
}
$listingObject->addAttrDisplayColumn($related_item_r, $attribute_type_r, $attribute_val);
}
$listingObject->endRow();
}
$listingObject->endListing();
$buffer =& $listingObject->getContents();
unset($listingObject);
return $buffer;
} else {
return NULL;
}
}
function ajax_remove_all_interest_level()
{
$user_id = get_opendb_session_var('user_id');
$objResponse = new xajaxResponse();
if (db_remove_all_interest_level($user_id)) {
// We update all the images
$objResponse->call(doRemoveInterestAllInterestLevel, theme_image_src('interest_0.gif'), get_opendb_lang_var('interest_mark'));
}
return $objResponse;
}
/**
Appends the given text to the logfile
This function does some checking to make sure the entry does not
go over 4000 characters, so as not to confuse the logfile.php
script.
*/
function opendb_logger($msgtype, $file, $function, $message = NULL, $params_r = NULL)
{
if (get_opendb_config_var('logging', 'enable') !== FALSE) {
$entry['datetime'] = date("d/m/y H:i:s");
// get time and date
$entry['ip'] = ifempty(get_http_env("REMOTE_ADDR"), "0.0.0.0");
$entry['user_id'] = get_opendb_session_var('user_id');
$entry['admin_user_id'] = get_opendb_session_var('admin_user_id');
if (strlen($entry['admin_user_id']) == 0) {
$entry['admin_user_id'] = '-';
}
$msgtype = strtoupper($msgtype);
if (!in_array($msgtype, array('E', 'I', 'W'))) {
$msgtype = 'E';
}
// temp bit here!
switch ($msgtype) {
case 'E':
$entry['type'] = 'ERROR';
break;
case 'W':
$entry['type'] = 'WARN';
break;
case 'I':
$entry['type'] = 'INFO';
break;
}
$entry['parameters'] = expand_opendb_logger_params($params_r);
if (strlen($entry['parameters']) == 0) {
$entry['parameters'] = '-';
}
if (strlen($file) > 0) {
$entry['file'] = str_replace('\\', '/', $file);
} else {
$entry['file'] = '-';
}
if (strlen($function) > 0 && $function != 'unknown') {
$entry['function'] = $function;
} else {
$entry['function'] = '-';
}
if (strlen($message) > 0) {
$entry['message'] = $message;
} else {
$entry['message'] = '-';
}
$fileptr = @fopen(get_opendb_config_var('logging', 'file'), 'a');
if ($fileptr) {
$entry['datetime'] = '[' . $entry['datetime'] . ']';
if ($entry['parameters'] != '-') {
$entry['parameters'] = '"' . addslashes(replace_newlines($entry['parameters'])) . '"';
}
if ($entry['message'] != '-') {
$entry['message'] = '"' . addslashes(replace_newlines($entry['message'])) . '"';
}
$line = $entry['datetime'] . ' ' . $entry['type'] . ' ' . $entry['ip'] . ' ' . $entry['user_id'] . ' ' . $entry['admin_user_id'] . ' ' . $entry['file'] . ' ' . $entry['function'] . ' ' . $entry['parameters'] . ' ' . $entry['message'];
fwrite($fileptr, $line . "\n");
fclose($fileptr);
}
}
}
$HTTP_VARS['op'] = 'my_reserve_basket';
if (is_exists_item_instance($HTTP_VARS['item_id'], $HTTP_VARS['instance_no'])) {
$footer_links_r[] = array(url => "item_display.php?item_id=" . $HTTP_VARS['item_id'] . "&instance_no=" . $HTTP_VARS['instance_no'], text => get_opendb_lang_var('back_to_item'));
}
if (is_opendb_session_var('listing_url_vars')) {
$footer_links_r[] = array(url => "listings.php?" . get_url_string(get_opendb_session_var('listing_url_vars')), text => get_opendb_lang_var('back_to_listing'));
}
} else {
if ($HTTP_VARS['op'] == 'admin_history') {
echo _theme_header(get_opendb_lang_var('borrower_history'));
echo "<h2>" . get_opendb_lang_var('borrower_history') . "</h2>";
echo "\n<form action=\"{$PHP_SELF}\" method=\"GET\">";
echo "\n<input type=\"hidden\" name=\"op\" value=\"my_history\">";
echo "\n<table>";
$results = fetch_user_rs(PERM_USER_BORROWER, ROLE_PERMISSIONS_INCLUDE, INCLUDE_CURRENT_USER, EXCLUDE_DEACTIVATED_USER, "fullname", "ASC");
echo format_field(get_opendb_lang_var('borrower'), custom_select('uid', $results, '%fullname% (%user_id%)', 1, get_opendb_session_var('user_id'), 'user_id'));
echo "</table>";
echo "<input type=\"submit\" class=\"submit\" value=\"" . get_opendb_lang_var('submit') . "\">";
echo "</form>";
echo _theme_footer();
$show_listings = FALSE;
} else {
opendb_operation_not_available();
$show_listings = FALSE;
}
}
}
}
}
}
}
unset($v_listing_url_vars['show_deactivated_users_cbox']);
register_opendb_session_var('user_listing_url_vars', $v_listing_url_vars);
while ($user_r = db_fetch_assoc($result)) {
$user_is_active = is_user_active($user_r['user_id']);
$listingObject->startRow();
// todo - consider disabling for guest users!
if ($HTTP_VARS['restrict_active_ind'] != 'X' ? $user_is_active : TRUE) {
$listingObject->addCheckboxColumn($user_r['user_id'], FALSE);
} else {
$listingObject->addColumn();
}
$user_name = get_opendb_lang_var('user_name', array('fullname' => $user_r['fullname'], 'user_id' => $user_r['user_id']));
$listingObject->addColumn('<a href="user_profile.php?uid=' . $user_r['user_id'] . '" title="' . get_opendb_lang_var('user_profile') . '">' . $user_name . '</a>');
$action_links_rs = NULL;
$action_links_rs[] = array(url => 'user_admin.php?op=edit&user_id=' . $user_r['user_id'], img => 'edit_user.gif', text => get_opendb_lang_var('edit'));
if ($user_r['user_id'] != get_opendb_session_var('user_id')) {
if ($user_r['active_ind'] == 'X') {
$action_links_rs[] = array(url => 'user_admin.php?op=delete&user_id=' . $user_r['user_id'], img => 'delete_user.gif', text => get_opendb_lang_var('delete_user'));
} else {
if ($user_is_active) {
$action_links_rs[] = array(url => 'user_admin.php?op=deactivate&user_id=' . $user_r['user_id'], img => 'deactivate_user.gif', text => get_opendb_lang_var('deactivate_user'));
}
}
if (!$user_is_active) {
$action_links_rs[] = array(url => 'user_admin.php?op=activate&user_id=' . $user_r['user_id'], img => 'activate_user.gif', text => get_opendb_lang_var('activate_user'));
}
}
$action_links_rs[] = array(url => 'user_admin.php?op=change_password&user_id=' . $user_r['user_id'], img => 'change_password.gif', text => get_opendb_lang_var('change_password'));
$listingObject->addActionColumn($action_links_rs);
$listingObject->addColumn($user_r['role_description']);
if ($HTTP_VARS['restrict_active_ind'] != 'X') {
function handle_user_deactivate($user_id, $HTTP_VARS, &$errors)
{
if ($user_id == get_opendb_session_var('user_id')) {
$errors[] = array('error' => get_opendb_lang_var('cannot_deactivate_yourself'), 'detail' => '');
return FALSE;
} else {
if (fetch_my_borrowed_item_cnt($user_id) > 0) {
$errors[] = array('error' => get_opendb_lang_var('user_with_borrows_not_deactivated'), 'detail' => '');
return FALSE;
} else {
if (fetch_owner_borrowed_item_cnt($user_id) > 0) {
$errors[] = array('error' => get_opendb_lang_var('user_with_owner_borrows_not_deactivated'), 'detail' => '');
return FALSE;
} else {
if ($HTTP_VARS['confirmed'] == 'true') {
// Cancel all reservations.
$results = fetch_owner_reserved_item_rs($user_id);
if ($results) {
while ($borrowed_item_r = db_fetch_assoc($results)) {
cancel_reserve_item($borrowed_item_r['sequence_number']);
}
db_free_result($results);
}
$results = fetch_my_reserved_item_rs($user_id);
if ($results) {
while ($borrowed_item_r = db_fetch_assoc($results)) {
cancel_reserve_item($borrowed_item_r['sequence_number']);
}
db_free_result($results);
}
// deactivate user.
if (deactivate_user($user_id)) {
return TRUE;
} else {
return FALSE;
}
} else {
if ($HTTP_VARS['confirmed'] != 'false') {
// confirmation required.
return "__CONFIRM__";
} else {
return "__ABORTED__";
}
}
}
}
}
}
/**
*/
function process_borrow_results($op, $mode, $heading, $success_intro, $failure_intro, $more_information, $success_item_rs, $failure_item_rs, $email_notification = TRUE)
{
$titleMaskCfg = new TitleMask(array('item_borrow', 'item_display'));
if (is_not_empty_array($success_item_rs)) {
// Sort the items by user, so we can send emails for multiple
// items, instead of individually.
$borrowed_item_user_r = array();
while (list(, $borrowed_item_r) = each($success_item_rs)) {
$item_r = fetch_item_instance_r($borrowed_item_r['item_id'], $borrowed_item_r['instance_no']);
$item_r['title'] = $titleMaskCfg->expand_item_title($item_r);
$item_entry_r['display_title'] = get_opendb_lang_var('borrow_item_title_listing', array('display_title' => $item_r['title'], 'item_id' => $item_r['item_id'], 'instance_no' => $item_r['instance_no']));
// A array of item_entries.
//$item_entry_r['item'] = $item_r;
$item_entry_r['detail'] = get_borrow_details($op, $item_r, $borrowed_item_r);
// When reserving or cancelling and the current user is the borrower, we want to
// send the email to the owner, in all other cases the email should go to the
// borrower.
if (($op == 'reserve' || $op == 'cancel_reserve') && get_opendb_session_var('user_id') == $borrowed_item_r['borrower_id']) {
$to_user = $item_r['owner_id'];
} else {
$to_user = $borrowed_item_r['borrower_id'];
}
// Now add an entry to this user array.
$borrowed_item_user_r[$to_user][] = $item_entry_r;
}
$success_results = array();
while (list($to_user, $item_entry_rs) = each($borrowed_item_user_r)) {
$errors = NULL;
if (is_valid_opendb_mailer() && $email_notification !== FALSE) {
// How can the from user be anything but the currently logged in user!
$email_result = send_notification_email($to_user, get_opendb_session_var('user_id'), $heading, $success_intro, $more_information, $item_entry_rs, $errors);
}
$display_title_r = NULL;
reset($item_entry_rs);
while (list(, $item_entry_r) = each($item_entry_rs)) {
$display_title_r[] = $item_entry_r['display_title'];
}
$user_name = get_opendb_lang_var('user_name', array('fullname' => fetch_user_name($to_user), 'user_id' => $to_user));
$success_results_rs[] = array(user_name => $user_name, display_titles => $display_title_r, email_result => $email_result, email_errors => $errors);
}
if (is_not_empty_array($success_results_rs)) {
if ($mode == 'job') {
display_job_success_borrow_results($success_intro, $success_results_rs);
} else {
display_html_success_borrow_results($success_intro, $success_results_rs);
}
}
}
if (is_not_empty_array($failure_item_rs)) {
$failure_results = array();
while (list(, $borrowed_item_r) = each($failure_item_rs)) {
$item_r = fetch_item_instance_r($borrowed_item_r['item_id'], $borrowed_item_r['instance_no']);
// Expand title mask.
$item_r['title'] = $titleMaskCfg->expand_item_title($item_r);
$display_title = get_opendb_lang_var('borrow_item_title_listing', array('display_title' => $item_r['title'], 'item_id' => $item_r['item_id'], 'instance_no' => $item_r['instance_no']));
// Now display any errors if present.
if (strlen($borrowed_item_r['errors']) > 0) {
$borrow_error_details = get_opendb_lang_var('borrow_error_detail', 'error', $borrowed_item_r['errors']);
}
$failure_results[] = array(display_title => $display_title, errors => array($borrow_error_details));
}
if (is_not_empty_array($failure_results)) {
if ($mode == 'job') {
display_job_failure_borrow_results($failure_intro, $failure_results);
} else {
display_html_failure_borrow_results($failure_intro, $failure_results);
}
}
}
}