// Search for indexes "user_name", "user_password", etc, in the localization array. if (isset($vocab["user_" . $name])) { return get_vocab("user_" . $name); } // If there is no entry (likely if user-defined fields have been added), return itself. return $name; } /*---------------------------------------------------------------------------*\ | Authenticate the current user | \*---------------------------------------------------------------------------*/ $initial_user_creation = 0; if ($nusers > 0) { $user = getUserName(); $level = authGetUserLevel($user); // Do not allow unidentified people to browse the list. if (!getAuthorised(1)) { showAccessDenied($day, $month, $year, $area, ""); exit; } } else { $initial_user_creation = 1; if (!isset($Action)) { $Action = "Add"; $Id = -1; } $level = $max_level; $user = ""; // to avoid an undefined variable notice } /*---------------------------------------------------------------------------*\ | Edit a given entry - 1st phase: Get the user input. |
<?php # $Id: add.php,v 1.1 2007/06/22 23:45:27 amagrace Exp $ require_once "grab_globals.inc.php"; include "config.inc.php"; include "functions.inc"; include "{$dbsys}.inc"; include "mrbs_auth.inc"; if (!getAuthorised(2)) { showAccessDenied($day, $month, $year, $area); exit; } # This file is for adding new areas/rooms # we need to do different things depending on if its a room # or an area if ($type == "area") { $area_name_q = slashes($name); $sql = "insert into {$tbl_area} (area_name) values ('{$area_name_q}')"; if (sql_command($sql) < 0) { fatal_error(1, "<p>" . sql_error()); } $area = sql_insert_id("{$tbl_area}", "id"); } if ($type == "room") { $room_name_q = slashes($name); $description_q = slashes($description); if (empty($capacity)) { $capacity = 0; } $sql = "insert into {$tbl_room} (room_name, area_id, description, capacity)\n\t values ('{$room_name_q}',{$area}, '{$description_q}',{$capacity})"; if (sql_command($sql) < 0) {
global $twentyfourhour_format; $edit_series = true; $room_order = "room_name"; #If we dont know the right date then make it up if (!isset($day) or !isset($month) or !isset($year)) { $day = date("d"); $month = date("m"); $year = date("Y"); } if (empty($area)) { $area = get_default_area(); } if (!isset($edit_type)) { $edit_type = ""; } if (!getAuthorised(getUserName(), getUserPassword(), 1)) { showAccessDenied($day, $month, $year, $area); exit; } # This page will either add or modify a booking # We need to know: # Name of booker # Description of meeting # Date (option select box for day, month, year) # Time # Duration # Internal/External # Firstly we need to know if this is a new booking or modifying an old one # and if it's a modification we need to get all the old data from the db. # If we had $id passed in then it's a modification. if (isset($id)) {
require_once "grab_globals.inc.php"; require_once "config.inc.php"; require_once "functions.inc"; require_once "dbsys.inc"; require_once "mrbs_auth.inc"; // Get form variables $day = get_form_var('day', 'int'); $month = get_form_var('month', 'int'); $year = get_form_var('year', 'int'); $area = get_form_var('area', 'int'); $name = get_form_var('name', 'string'); $description = get_form_var('description', 'string'); $capacity = get_form_var('capacity', 'int'); $type = get_form_var('type', 'string'); $required_level = isset($max_level) ? $max_level : 2; if (!getAuthorised($required_level)) { showAccessDenied($day, $month, $year, $area, ""); exit; } // This file is for adding new areas/rooms // we need to do different things depending on if its a room // or an area if ($type == "area") { // Truncate the name field to the maximum length as a precaution. $name = substr($name, 0, $maxlength['area.area_name']); $area_name_q = addslashes($name); // Acquire a mutex to lock out others who might be editing the area if (!sql_mutex_lock("{$tbl_area}")) { fatal_error(TRUE, get_vocab("failed_to_acquire")); } // Check that the area name is unique
$series = get_form_var('series', 'int'); $returl = get_form_var('returl', 'string'); if (empty($returl)) { switch ($default_view) { case "month": $returl = "month.php"; break; case "week": $returl = "week.php"; break; default: $returl = "day.php"; } $returl .= "?year={$year}&month={$month}&day={$day}&area={$area}"; } if (getAuthorised(1) && ($info = mrbsGetEntryInfo($id))) { $day = strftime("%d", $info["start_time"]); $month = strftime("%m", $info["start_time"]); $year = strftime("%Y", $info["start_time"]); $area = mrbsGetRoomArea($info["room_id"]); if (MAIL_ADMIN_ON_DELETE) { require_once "functions_mail.inc"; // Gather all fields values for use in emails. $mail_previous = getPreviousEntryData($id, $series); } sql_begin(); $result = mrbsDelEntry(getUserName(), $id, $series, 1); sql_commit(); if ($result) { // Send a mail to the Administrator MAIL_ADMIN_ON_DELETE ? $result = notifyAdminOnDelete($mail_previous) : '';
<?php # $Id$ include "config.inc"; include "functions.inc"; include "{$dbsys}.inc"; include "mrbs_auth.inc"; include "mrbs_sql.inc"; if (getAuthorised(getUserName(), getUserPassword(), 1) && ($info = mrbsGetEntryInfo($id))) { $day = strftime("%d", $info["start_time"]); $month = strftime("%m", $info["start_time"]); $year = strftime("%Y", $info["start_time"]); $area = mrbsGetRoomArea($info["room_id"]); sql_begin(); $result = mrbsDelEntry(getUserName(), $id, $series, 1); sql_commit(); if ($result) { Header("Location: day.php?day={$day}&month={$month}&year={$year}&area={$area}"); exit; } } // If you got this far then we got an access denied. showAccessDenied($day, $month, $year, $area);
// $name = "name", "password", ... // Search for indexes "user_name", "user_password", etc, in the localization array. if (isset($vocab["user_" . $name])) { return get_vocab("user_" . $name); } // If there is no entry (likely if user-defined fields have been added), return itself. return $name; } /*---------------------------------------------------------------------------*\ | Authentify the current user | \*---------------------------------------------------------------------------*/ if ($nusers > 0) { $user = getUserName(); $level = authGetUserLevel($user, $auth["admin"]); // Do not allow unidentified people to browse the list. if (!getAuthorised($user, getUserPassword(), 1)) { showAccessDenied($day, $month, $year, $area); exit; } } else { $user = "******"; $level = 2; } /*---------------------------------------------------------------------------*\ | Edit a given entry - 1st phase: Get the user input. | \*---------------------------------------------------------------------------*/ if (isset($Action) && ($Action == "Edit" or $Action == "Add")) { if ($Id >= 0) { $result = sql_query("select * from {$tbl_users} where id={$Id}"); $data = sql_row($result, 0); sql_free($result);
$note = ""; } if (empty($returl)) { switch ($default_view) { case "month": $returl = "month.php"; break; case "week": $returl = "week.php"; break; default: $returl = "day.php"; } $returl .= "?year={$year}&month={$month}&day={$day}&area={$area}"; } if (getAuthorised(1) && ($info = mrbsGetBookingInfo($id, FALSE, TRUE))) { $user = getUserName(); // check that the user is allowed to delete this entry if (isset($action) && ($action = "reject")) { $authorised = auth_book_admin($user, $info['room_id']); } else { $authorised = getWritable($info['create_by'], $user, $info['room_id']); } if ($authorised) { $day = strftime("%d", $info["start_time"]); $month = strftime("%m", $info["start_time"]); $year = strftime("%Y", $info["start_time"]); $area = mrbsGetRoomArea($info["room_id"]); $notify_by_email = $mail_settings['admin_on_delete'] || $mail_settings['book_admin_on_provisional']; if ($notify_by_email) { require_once "functions_mail.inc";