/**
* A handle_quick_checkout will only ever handle one request at a time, because
* they are initiated from item_display & listings.php, but not borrow.php
*/
function handle_quick_checkout($item_id, $instance_no, $borrower_id, $borrow_duration, $more_information, &$errors)
{
if (!is_user_valid($borrower_id)) {
$errors = get_opendb_lang_var('invalid_borrower_user', 'user_id', $borrower_id);
return FALSE;
} else {
if (!is_user_granted_permission(PERM_USER_BORROWER, $borrower_id)) {
$errors = get_opendb_lang_var('user_must_be_borrower', 'user_id', $borrower_id);
return FALSE;
} else {
if (!is_user_allowed_to_checkout_item($item_id, $instance_no)) {
$errors = get_opendb_lang_var('not_owner_of_item');
return FALSE;
} else {
if (is_user_owner_of_item($item_id, $instance_no, $borrower_id) && get_opendb_config_var('borrow', 'owner_self_checkout') !== TRUE) {
$errors = get_opendb_lang_var('cannot_checkout_items_you_own');
return FALSE;
} else {
if (is_item_borrowed($item_id, $instance_no)) {
$errors = get_opendb_lang_var('item_is_already_checked_out');
return FALSE;
}
}
}
}
}
$sequence_number = fetch_borrowed_item_seq_no($item_id, $instance_no, 'R', $borrower_id);
if ($sequence_number !== FALSE) {
if (get_opendb_config_var('borrow', 'quick_checkout_use_existing_reservation') !== FALSE) {
if (check_out_item($sequence_number, $borrow_duration, $more_information)) {
return $sequence_number;
} else {
return FALSE;
}
} else {
$errors = get_opendb_lang_var('user_has_reservation', 'user_id', $borrower_id);
return FALSE;
}
} else {
//if($sequence_number !== FALSE)
$status_type_r = fetch_status_type_r(fetch_item_s_status_type($item_id, $instance_no));
if ($status_type_r['borrow_ind'] == 'Y') {
$new_borrowed_item_id = quick_check_out_item($item_id, $instance_no, $borrower_id, $borrow_duration, $more_information);
if ($new_borrowed_item_id !== FALSE) {
return $new_borrowed_item_id;
} else {
return FALSE;
}
} else {
$errors = get_opendb_lang_var('s_status_type_items_cannot_be_borrowed', 's_status_type_desc', $status_type_r['description']);
return FALSE;
}
}
}
function handle_user_insert(&$HTTP_VARS, &$errors)
{
if (!is_user_valid($HTTP_VARS['user_id'])) {
$HTTP_VARS['user_id'] = strtolower(filter_input_field("filtered(20,20,a-zA-Z0-9_.)", $HTTP_VARS['user_id']));
if (!validate_input_field(get_opendb_lang_var('userid'), "filtered(20,20,a-zA-Z0-9_.)", "Y", $HTTP_VARS['user_id'], $errors)) {
return FALSE;
}
if (validate_user_info(NULL, $HTTP_VARS, $address_provided_r, $errors)) {
if ($HTTP_VARS['op'] == 'signup') {
// no password saved when signing up, as user still must be activated
$active_ind = 'X';
// Will be reset when user activated
$HTTP_VARS['pwd'] = NULL;
} else {
$active_ind = 'Y';
if (strlen($HTTP_VARS['pwd']) == 0) {
if (is_valid_opendb_mailer()) {
$HTTP_VARS['pwd'] = generate_password(8);
} else {
$errors[] = array('error' => get_opendb_lang_var('passwd_not_specified'));
return FALSE;
}
} else {
if ($HTTP_VARS['pwd'] != $HTTP_VARS['confirmpwd']) {
$errors[] = array('error' => get_opendb_lang_var('passwds_do_not_match'));
return FALSE;
}
}
}
// We want to validate and perform inserts even in signup mode
if (insert_user($HTTP_VARS['user_id'], $HTTP_VARS['fullname'], $HTTP_VARS['pwd'], $HTTP_VARS['user_role'], $HTTP_VARS['uid_language'], $HTTP_VARS['uid_theme'], $HTTP_VARS['email_addr'], $active_ind)) {
$user_r = fetch_user_r($HTTP_VARS['user_id']);
return update_user_addresses($user_r, $address_provided_r, $HTTP_VARS, $errors);
} else {
$db_error = db_error();
$errors[] = array('error' => get_opendb_lang_var('user_not_added', 'user_id', $HTTP_VARS['user_id']), 'detail' => $db_error);
return FALSE;
}
} else {
return FALSE;
}
} else {
$errors[] = array('error' => get_opendb_lang_var('user_exists', 'user_id', $HTTP_VARS['user_id']), 'detail' => '');
return FALSE;
}
}
function perform_newpassword($HTTP_VARS, &$errors)
{
if (!is_user_valid($HTTP_VARS['uid'])) {
opendb_logger(OPENDB_LOG_WARN, __FILE__, __FUNCTION__, 'New password request failure: User does not exist', array($HTTP_VARS['uid']));
// make user look successful to prevent mining for valid userids
return TRUE;
} else {
if (!is_user_active($HTTP_VARS['uid'])) {
// Do not allow new password operation for 'deactivated' user.
opendb_logger(OPENDB_LOG_WARN, __FILE__, __FUNCTION__, 'New password request failure: User is not active', array($HTTP_VARS['uid']));
return FALSE;
} else {
if (!is_user_granted_permission(PERM_CHANGE_PASSWORD, $HTTP_VARS['uid'])) {
opendb_logger(OPENDB_LOG_WARN, __FILE__, __FUNCTION__, 'New password request failure: User does not have permission to change password', array($HTTP_VARS['uid']));
return FALSE;
} else {
if (get_opendb_config_var('user_admin', 'user_passwd_change_allowed') === FALSE && !is_user_granted_permission(PERM_ADMIN_CHANGE_PASSWORD)) {
opendb_logger(OPENDB_LOG_WARN, __FILE__, __FUNCTION__, 'New password request failure: Password change is disabled', array($HTTP_VARS['uid']));
return FALSE;
} else {
opendb_logger(OPENDB_LOG_INFO, __FILE__, __FUNCTION__, 'User requested to be emailed a new password', array($HTTP_VARS['uid']));
$user_r = fetch_user_r($HTTP_VARS['uid']);
$user_passwd = generate_password(8);
// only send if valid user (email)
if (strlen($user_r['email_addr']) > 0) {
$pass_result = update_user_passwd($HTTP_VARS['uid'], $user_passwd);
if ($pass_result === TRUE) {
$subject = get_opendb_lang_var('lost_password');
$message = get_opendb_lang_var('to_user_email_intro', 'fullname', $user_r['fullname']) . "\n\n" . get_opendb_lang_var('new_passwd_email') . "\n\n" . get_opendb_lang_var('userid') . ": " . $HTTP_VARS['uid'] . "\n" . get_opendb_lang_var('password') . ": " . $user_passwd;
if (opendb_user_email($user_r['user_id'], NULL, $subject, $message, $errors)) {
return TRUE;
} else {
return "EMAIL_NOT_SENT";
}
}
} else {
$errors[] = "User '" . $HTTP_VARS['uid'] . "' does not have a valid email address.";
return FALSE;
}
}
}
}
}
}
/**
* The table structure could be more sophisticated where a message is sent to multiple
* addresses, but since the email function does not provide this, I see no reason to
* do anything more complicated.
*
* @param unknown_type $item_id
* @param unknown_type $author_id
* @param unknown_type $comment
* @param unknown_type $rating
* @return unknown
*/
function insert_email($to_user_id, $from_user_id, $from_email_addr, $subject, $message)
{
$to_user_id = trim($to_user_id);
$from_user_id = trim($from_user_id);
$from_email_addr = trim($from_email_addr);
if (!is_user_valid($to_user_id)) {
opendb_logger(OPENDB_LOG_ERROR, __FILE__, __FUNCTION__, 'Invalid To User', array($to_user_id, $from_user_id, $from_email_addr, $subject));
return FALSE;
} else {
if (strlen($from_user_id) > 0 && !is_user_valid($from_user_id)) {
opendb_logger(OPENDB_LOG_ERROR, __FILE__, __FUNCTION__, 'Invalid From User', array($to_user_id, $from_user_id, $from_email_addr, $subject));
return FALSE;
} else {
if (strlen($from_user_id) == 0 && (strlen($from_email_addr) == 0 || !is_valid_email_addr($from_email_addr))) {
opendb_logger(OPENDB_LOG_ERROR, __FILE__, __FUNCTION__, 'Invalid From Email', array($to_user_id, $from_user_id, $from_email_addr, $subject));
return FALSE;
}
}
}
if (strlen($from_user_id) > 0) {
$from_email_addr = NULL;
} else {
$from_email_addr = addslashes($from_email_addr);
}
$subject = addslashes(trim($subject));
$message = addslashes(replace_newlines(trim($message)));
$query = "INSERT INTO mailbox (to_user_id,from_user_id,from_email_addr,subject,message)" . "VALUES ('{$to_user_id}'," . (strlen($from_user_id) > 0 ? "'{$from_user_id}'" : "NULL") . "," . (strlen($from_email_addr) > 0 ? "'{$from_email_addr}'" : "NULL") . ", '{$subject}','{$message}')";
$insert = db_query($query);
if ($insert && db_affected_rows() > 0) {
opendb_logger(OPENDB_LOG_INFO, __FILE__, __FUNCTION__, NULL, array($to_user_id, $from_user_id, $from_email_addr, $subject));
return TRUE;
} else {
opendb_logger(OPENDB_LOG_ERROR, __FILE__, __FUNCTION__, db_error(), array($to_user_id, $from_user_id, $from_email_addr, $subject));
return FALSE;
}
}
$result = fetch_item_instance_history_rs($item_r['item_id'], $item_r['instance_no'], $listingObject->getCurrentOrderBy(), $listingObject->getCurrentSortOrder(), $listingObject->getStartIndex(), $listingObject->getItemsPerPage());
}
} else {
$result = fetch_item_instance_history_rs($item_r['item_id'], $item_r['instance_no'], $listingObject->getCurrentOrderBy(), $listingObject->getCurrentSortOrder());
}
} else {
opendb_not_authorised_page();
}
} else {
echo _theme_header(get_opendb_lang_var('item_not_found'));
echo "<p class=\"error\">" . get_opendb_lang_var('item_not_found') . "</p>";
echo _theme_footer();
}
} else {
if ($HTTP_VARS['op'] == 'my_history') {
if (is_user_valid($HTTP_VARS['uid']) && $HTTP_VARS['uid'] !== get_opendb_session_var('user_id') && is_user_granted_permission(PERM_ADMIN_BORROWER)) {
$page_title = get_opendb_lang_var('borrower_history_for_fullname', array('fullname' => fetch_user_name($HTTP_VARS['uid']), 'user_id' => $HTTP_VARS['uid']));
if (is_numeric($listingObject->getItemsPerPage())) {
$listingObject->setTotalItems(fetch_my_history_item_cnt($HTTP_VARS['uid']));
if ($listingObject->getTotalItemCount() > 0) {
$result = fetch_my_history_item_rs($HTTP_VARS['uid'], $listingObject->getCurrentOrderBy(), $listingObject->getCurrentSortOrder(), $listingObject->getStartIndex(), $listingObject->getItemsPerPage());
}
} else {
$result = fetch_my_history_item_rs($HTTP_VARS['uid'], $listingObject->getCurrentOrderBy(), $listingObject->getCurrentSortOrder());
}
} else {
$page_title = get_opendb_lang_var('my_history');
if (is_numeric($listingObject->getItemsPerPage())) {
$listingObject->setTotalItems(fetch_my_history_item_cnt(get_opendb_session_var('user_id')));
if ($listingObject->getTotalItemCount() > 0) {
$result = fetch_my_history_item_rs(get_opendb_session_var('user_id'), $listingObject->getCurrentOrderBy(), $listingObject->getCurrentSortOrder(), $listingObject->getStartIndex(), $listingObject->getItemsPerPage());
function is_user_permitted_to_receive_email($user_id)
{
return is_user_valid($user_id) && is_user_active($user_id) && is_user_granted_permission(PERM_RECEIVE_EMAIL, $user_id);
}
