// Search for indexes "user_name", "user_password", etc, in the localization array.
if (isset($vocab["user_" . $name])) {
return get_vocab("user_" . $name);
}
// If there is no entry (likely if user-defined fields have been added), return itself.
return $name;
}
/*---------------------------------------------------------------------------*\
| Authenticate the current user |
\*---------------------------------------------------------------------------*/
$initial_user_creation = 0;
if ($nusers > 0) {
$user = getUserName();
$level = authGetUserLevel($user);
// Do not allow unidentified people to browse the list.
if (!getAuthorised(1)) {
showAccessDenied($day, $month, $year, $area, "");
exit;
}
} else {
$initial_user_creation = 1;
if (!isset($Action)) {
$Action = "Add";
$Id = -1;
}
$level = $max_level;
$user = "";
// to avoid an undefined variable notice
}
/*---------------------------------------------------------------------------*\
| Edit a given entry - 1st phase: Get the user input. |
<?php
# $Id: add.php,v 1.1 2007/06/22 23:45:27 amagrace Exp $
require_once "grab_globals.inc.php";
include "config.inc.php";
include "functions.inc";
include "{$dbsys}.inc";
include "mrbs_auth.inc";
if (!getAuthorised(2)) {
showAccessDenied($day, $month, $year, $area);
exit;
}
# This file is for adding new areas/rooms
# we need to do different things depending on if its a room
# or an area
if ($type == "area") {
$area_name_q = slashes($name);
$sql = "insert into {$tbl_area} (area_name) values ('{$area_name_q}')";
if (sql_command($sql) < 0) {
fatal_error(1, "<p>" . sql_error());
}
$area = sql_insert_id("{$tbl_area}", "id");
}
if ($type == "room") {
$room_name_q = slashes($name);
$description_q = slashes($description);
if (empty($capacity)) {
$capacity = 0;
}
$sql = "insert into {$tbl_room} (room_name, area_id, description, capacity)\n\t values ('{$room_name_q}',{$area}, '{$description_q}',{$capacity})";
if (sql_command($sql) < 0) {
global $twentyfourhour_format;
$edit_series = true;
$room_order = "room_name";
#If we dont know the right date then make it up
if (!isset($day) or !isset($month) or !isset($year)) {
$day = date("d");
$month = date("m");
$year = date("Y");
}
if (empty($area)) {
$area = get_default_area();
}
if (!isset($edit_type)) {
$edit_type = "";
}
if (!getAuthorised(getUserName(), getUserPassword(), 1)) {
showAccessDenied($day, $month, $year, $area);
exit;
}
# This page will either add or modify a booking
# We need to know:
# Name of booker
# Description of meeting
# Date (option select box for day, month, year)
# Time
# Duration
# Internal/External
# Firstly we need to know if this is a new booking or modifying an old one
# and if it's a modification we need to get all the old data from the db.
# If we had $id passed in then it's a modification.
if (isset($id)) {
require_once "grab_globals.inc.php";
require_once "config.inc.php";
require_once "functions.inc";
require_once "dbsys.inc";
require_once "mrbs_auth.inc";
// Get form variables
$day = get_form_var('day', 'int');
$month = get_form_var('month', 'int');
$year = get_form_var('year', 'int');
$area = get_form_var('area', 'int');
$name = get_form_var('name', 'string');
$description = get_form_var('description', 'string');
$capacity = get_form_var('capacity', 'int');
$type = get_form_var('type', 'string');
$required_level = isset($max_level) ? $max_level : 2;
if (!getAuthorised($required_level)) {
showAccessDenied($day, $month, $year, $area, "");
exit;
}
// This file is for adding new areas/rooms
// we need to do different things depending on if its a room
// or an area
if ($type == "area") {
// Truncate the name field to the maximum length as a precaution.
$name = substr($name, 0, $maxlength['area.area_name']);
$area_name_q = addslashes($name);
// Acquire a mutex to lock out others who might be editing the area
if (!sql_mutex_lock("{$tbl_area}")) {
fatal_error(TRUE, get_vocab("failed_to_acquire"));
}
// Check that the area name is unique
$series = get_form_var('series', 'int');
$returl = get_form_var('returl', 'string');
if (empty($returl)) {
switch ($default_view) {
case "month":
$returl = "month.php";
break;
case "week":
$returl = "week.php";
break;
default:
$returl = "day.php";
}
$returl .= "?year={$year}&month={$month}&day={$day}&area={$area}";
}
if (getAuthorised(1) && ($info = mrbsGetEntryInfo($id))) {
$day = strftime("%d", $info["start_time"]);
$month = strftime("%m", $info["start_time"]);
$year = strftime("%Y", $info["start_time"]);
$area = mrbsGetRoomArea($info["room_id"]);
if (MAIL_ADMIN_ON_DELETE) {
require_once "functions_mail.inc";
// Gather all fields values for use in emails.
$mail_previous = getPreviousEntryData($id, $series);
}
sql_begin();
$result = mrbsDelEntry(getUserName(), $id, $series, 1);
sql_commit();
if ($result) {
// Send a mail to the Administrator
MAIL_ADMIN_ON_DELETE ? $result = notifyAdminOnDelete($mail_previous) : '';
<?php
# $Id$
include "config.inc";
include "functions.inc";
include "{$dbsys}.inc";
include "mrbs_auth.inc";
include "mrbs_sql.inc";
if (getAuthorised(getUserName(), getUserPassword(), 1) && ($info = mrbsGetEntryInfo($id))) {
$day = strftime("%d", $info["start_time"]);
$month = strftime("%m", $info["start_time"]);
$year = strftime("%Y", $info["start_time"]);
$area = mrbsGetRoomArea($info["room_id"]);
sql_begin();
$result = mrbsDelEntry(getUserName(), $id, $series, 1);
sql_commit();
if ($result) {
Header("Location: day.php?day={$day}&month={$month}&year={$year}&area={$area}");
exit;
}
}
// If you got this far then we got an access denied.
showAccessDenied($day, $month, $year, $area);
// $name = "name", "password", ...
// Search for indexes "user_name", "user_password", etc, in the localization array.
if (isset($vocab["user_" . $name])) {
return get_vocab("user_" . $name);
}
// If there is no entry (likely if user-defined fields have been added), return itself.
return $name;
}
/*---------------------------------------------------------------------------*\
| Authentify the current user |
\*---------------------------------------------------------------------------*/
if ($nusers > 0) {
$user = getUserName();
$level = authGetUserLevel($user, $auth["admin"]);
// Do not allow unidentified people to browse the list.
if (!getAuthorised($user, getUserPassword(), 1)) {
showAccessDenied($day, $month, $year, $area);
exit;
}
} else {
$user = "******";
$level = 2;
}
/*---------------------------------------------------------------------------*\
| Edit a given entry - 1st phase: Get the user input. |
\*---------------------------------------------------------------------------*/
if (isset($Action) && ($Action == "Edit" or $Action == "Add")) {
if ($Id >= 0) {
$result = sql_query("select * from {$tbl_users} where id={$Id}");
$data = sql_row($result, 0);
sql_free($result);
$note = "";
}
if (empty($returl)) {
switch ($default_view) {
case "month":
$returl = "month.php";
break;
case "week":
$returl = "week.php";
break;
default:
$returl = "day.php";
}
$returl .= "?year={$year}&month={$month}&day={$day}&area={$area}";
}
if (getAuthorised(1) && ($info = mrbsGetBookingInfo($id, FALSE, TRUE))) {
$user = getUserName();
// check that the user is allowed to delete this entry
if (isset($action) && ($action = "reject")) {
$authorised = auth_book_admin($user, $info['room_id']);
} else {
$authorised = getWritable($info['create_by'], $user, $info['room_id']);
}
if ($authorised) {
$day = strftime("%d", $info["start_time"]);
$month = strftime("%m", $info["start_time"]);
$year = strftime("%Y", $info["start_time"]);
$area = mrbsGetRoomArea($info["room_id"]);
$notify_by_email = $mail_settings['admin_on_delete'] || $mail_settings['book_admin_on_provisional'];
if ($notify_by_email) {
require_once "functions_mail.inc";
