function postcalendar_userapi_eventDetail($args, $admin = false) { if (!(bool) PC_ACCESS_READ) { return _POSTCALENDARNOAUTH; } // get the theme globals :: is there a better way to do this? pnThemeLoad(pnUserGetTheme()); global $bgcolor1, $bgcolor2, $bgcolor3, $bgcolor4, $bgcolor5; global $textcolor1, $textcolor2; $popup = pnVarCleanFromInput('popup'); extract($args); unset($args); if (!isset($cacheid)) { $cacheid = null; } if (!isset($eid)) { return false; } if (!isset($nopop)) { $nopop = false; } $uid = pnUserGetVar('uid'); //================================================================= // Find out what Template we're using //================================================================= $template_name = _SETTING_TEMPLATE; if (!isset($template_name)) { $template_name = 'default'; } //================================================================= // Setup Smarty Template Engine //================================================================= $tpl = new pcSmarty(); if ($admin) { $template = $template_name . '/admin/details.html'; $args['cacheid'] = ''; $print = 0; $Date =& postcalendar_getDate(); $tpl->caching = false; } else { $template = $template_name . '/user/details.html'; } if (!$tpl->is_cached($template, $cacheid)) { // let's get the DB information list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); // get the event's information $event =& postcalendar_userapi_pcGetEventDetails($eid); // if the above is false, it's a private event for another user // we should not diplay this - so we just exit gracefully if ($event === false) { return false; } //================================================================= // get event's topic information //================================================================= $topics_table = $pntable['topics']; $topics_column = $pntable['topics_column']; $topicsql = "SELECT {$topics_column['topictext']},{$topics_column['topicimage']}\n FROM {$topics_table}\n WHERE {$topics_column['topicid']} = {$event['topic']}\n LIMIT 1"; $topic_result = $dbconn->Execute($topicsql); list($event['topictext'], $event['topicimg']) = $topic_result->fields; $location = unserialize($event['location']); $event['location'] = $location['event_location']; $event['street1'] = $location['event_street1']; $event['street2'] = $location['event_street2']; $event['city'] = $location['event_city']; $event['state'] = $location['event_state']; $event['postal'] = $location['event_postal']; $event['date'] = str_replace('-', '', $Date); //================================================================= // populate the template //================================================================= if (!empty($event['location']) || !empty($event['street1']) || !empty($event['street2']) || !empty($event['city']) || !empty($event['state']) || !empty($event['postal'])) { $tpl->assign('LOCATION_INFO', true); } else { $tpl->assign('LOCATION_INFO', false); } if (!empty($event['contname']) || !empty($event['contemail']) || !empty($event['conttel']) || !empty($event['website'])) { $tpl->assign('CONTACT_INFO', true); } else { $tpl->assign('CONTACT_INFO', false); } $display_type = substr($event['hometext'], 0, 6); if ($display_type == ':text:') { $prepFunction = 'pcVarPrepForDisplay'; $event['hometext'] = substr($event['hometext'], 6); } elseif ($display_type == ':html:') { $prepFunction = 'pcVarPrepHTMLDisplay'; $event['hometext'] = substr($event['hometext'], 6); } else { $prepFunction = 'pcVarPrepHTMLDisplay'; } unset($display_type); // prep the vars for output $event['title'] =& $prepFunction($event['title']); $event['hometext'] =& $prepFunction($event['hometext']); $event['desc'] =& $event['hometext']; $event['conttel'] =& $prepFunction($event['conttel']); $event['contname'] =& $prepFunction($event['contname']); $event['contemail'] =& $prepFunction($event['contemail']); $event['website'] =& $prepFunction(postcalendar_makeValidURL($event['website'])); $event['fee'] =& $prepFunction($event['fee']); $event['location'] =& $prepFunction($event['location']); $event['street1'] =& $prepFunction($event['street1']); $event['street2'] =& $prepFunction($event['street2']); $event['city'] =& $prepFunction($event['city']); $event['state'] =& $prepFunction($event['state']); $event['postal'] =& $prepFunction($event['postal']); $tpl->assign_by_ref('A_EVENT', $event); //================================================================= // populate the template $ADMIN_OPTIONS //================================================================= $target = ''; if (_SETTING_OPEN_NEW_WINDOW) { $target = 'target="csCalendar"'; } $admin_edit_url = $admin_delete_url = ''; if (pnSecAuthAction(0, 'PostCalendar::', '::', ACCESS_ADMIN)) { $admin_edit_url = pnModURL(__POSTCALENDAR__, 'admin', 'submit', array('pc_event_id' => $eid)); $admin_delete_url = pnModURL(__POSTCALENDAR__, 'admin', 'adminevents', array('action' => _ACTION_DELETE, 'pc_event_id' => $eid)); } $user_edit_url = $user_delete_url = ''; if (pnUserLoggedIn()) { $logged_in_uname = $_SESSION['authUser']; } else { $logged_in_uname = ''; } $can_edit = false; if (pnSecAuthAction(0, 'PostCalendar::', '::', ACCESS_ADD) && validateGroupStatus($logged_in_uname, getUsername($event['uname']))) { $user_edit_url = pnModURL(__POSTCALENDAR__, 'user', 'submit', array('pc_event_id' => $eid)); $user_delete_url = pnModURL(__POSTCALENDAR__, 'user', 'delete', array('pc_event_id' => $eid)); $can_edit = true; } $tpl->assign('STYLE', $GLOBALS['style']); $tpl->assign_by_ref('ADMIN_TARGET', $target); $tpl->assign_by_ref('ADMIN_EDIT', $admin_edit_url); $tpl->assign_by_ref('ADMIN_DELETE', $admin_delete_url); $tpl->assign_by_ref('USER_TARGET', $target); $tpl->assign_by_ref('USER_EDIT', $user_edit_url); $tpl->assign_by_ref('USER_DELETE', $user_delete_url); $tpl->assign_by_ref('USER_CAN_EDIT', $can_edit); } //================================================================= // Parse the template //================================================================= if ($popup != 1 && $print != 1) { $output = "\n\n<!-- START POSTCALENDAR OUTPUT [-: HTTP://POSTCALENDAR.TV :-] -->\n\n"; $output .= $tpl->fetch($template, $cacheid); $output .= "\n\n<!-- END POSTCALENDAR OUTPUT [-: HTTP://POSTCALENDAR.TV :-] -->\n\n"; } else { $theme = pnUserGetTheme(); echo "<html><head>"; echo "<LINK REL=\"StyleSheet\" HREF=\"themes/{$theme}/style/styleNN.css\" TYPE=\"text/css\">\n\n\n"; echo "<style type=\"text/css\">\n"; echo "@import url(\"themes/{$theme}/style/style.css\"); "; echo "</style>\n"; echo "</head><body>\n"; $tpl->display($template, $cacheid); echo postcalendar_footer(); echo "\n</body></html>"; session_write_close(); exit; } return $output; }
/** * postcalendar_userapi_pcQueryEvents * INPUT * $args = Array of values possibly containing: * $provider_id = array of provider ID numbers * * Returns an array containing the event's information * @params array(key=>value) * @params string key eventstatus * @params int value -1 == hidden ; 0 == queued ; 1 == approved * @return array $events[][] */ function &postcalendar_userapi_pcQueryEvents($args) { $end = '0000-00-00'; extract($args); // echo "<!-- args = "; print_r($args); echo " -->\n"; // debugging // $pc_username = pnVarCleanFromInput('pc_username'); $pc_username = $_SESSION['pc_username']; // from Michael Brinson 2006-09-19 if (empty($pc_username) || is_array($pc_username)) { $pc_username = "******"; } //echo "DEBUG pc_username: $pc_username \n"; // debugging $topic = pnVarCleanFromInput('pc_topic'); $category = pnVarCleanFromInput('pc_category'); if (!empty($pc_username) && strtolower($pc_username) != 'anonymous') { if ($pc_username == '__PC_ALL__' || $pc_username == -1) { $ruserid = -1; } else { $ruserid = getIDfromUser($pc_username); } } if (!isset($eventstatus)) { $eventstatus = 1; } // sanity check on eventstatus if ((int) $eventstatus < -1 || (int) $eventstatus > 1) { $eventstatus = 1; } if (!isset($start)) { $start = Date_Calc::dateNow('%Y-%m-%d'); } list($sy, $sm, $sd) = explode('-', $start); list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); // link to the events tables $table = $pntable['postcalendar_events']; $cattable = $pntable['postcalendar_categories']; $topictable = $pntable['postcalendar_topics']; $sql = "SELECT DISTINCT a.pc_eid, a.pc_informant, a.pc_catid, " . "a.pc_title, a.pc_time, a.pc_hometext, a.pc_eventDate, a.pc_duration, " . "a.pc_endDate, a.pc_startTime, a.pc_recurrtype, a.pc_recurrfreq, " . "a.pc_recurrspec, a.pc_topic, a.pc_alldayevent, a.pc_location, " . "a.pc_conttel, a.pc_contname, a.pc_contemail, a.pc_website, a.pc_fee, " . "a.pc_sharing, a.pc_prefcatid, b.pc_catcolor, b.pc_catname, " . "b.pc_catdesc, a.pc_pid, a.pc_apptstatus, a.pc_aid, " . "concat(u.fname,' ',u.lname) as provider_name, " . "concat(pd.lname,', ',pd.fname) as patient_name, " . "concat(u2.fname, ' ', u2.lname) as owner_name, " . "DOB as patient_dob, a.pc_facility, pd.pubpid " . "FROM ( {$table} AS a ) " . "LEFT JOIN {$cattable} AS b ON b.pc_catid = a.pc_catid " . "LEFT JOIN users as u ON a.pc_aid = u.id " . "LEFT JOIN users as u2 ON a.pc_aid = u2.id " . "LEFT JOIN patient_data as pd ON a.pc_pid = pd.pid " . "WHERE a.pc_eventstatus = {$eventstatus} " . "AND ((a.pc_endDate >= '{$start}' AND a.pc_eventDate <= '{$end}') OR " . "(a.pc_endDate = '0000-00-00' AND a.pc_eventDate >= '{$start}' AND " . "a.pc_eventDate <= '{$end}')) "; //================================== //FACILITY FILTERING (lemonsoftware)(CHEMED) if ($_SESSION['pc_facility']) { $pc_facility = $_SESSION['pc_facility']; $sql .= " AND a.pc_facility = {$pc_facility} "; /* AND u.facility_id = $pc_facility AND u2.facility_id = $pc_facility "; */ } else { if ($pc_facility) { // pc_facility could be provided in the search arguments -- JRM March 2008 $sql .= " AND a.pc_facility = {$pc_facility} "; /*. " AND u.facility_id = $pc_facility". " AND u2.facility_id = $pc_facility "; */ } } //EOS FACILITY FILTERING (lemonsoftware) //================================== // The above 3 lines replaced these: // AND (a.pc_endDate >= '$start' OR a.pc_endDate = '0000-00-00') // AND a.pc_eventDate <= '$end' "; if (!empty($providerID)) { $ruserid = $providerID; } // eliminate ruserid if we're trying to query by provider_id -- JRM if (!empty($provider_id)) { unset($ruserid); } if (isset($ruserid)) { // get all events for the specified username if ($ruserid == -1) { $sql .= "AND (a.pc_sharing = '" . SHARING_BUSY . "' "; $sql .= "OR a.pc_sharing = '" . SHARING_PUBLIC . "') "; } else { $sql .= "AND a.pc_aid IN (0, " . $ruserid . ") "; } } elseif (!pnUserLoggedIn()) { // get all events for anonymous users $sql .= "AND a.pc_sharing = '" . SHARING_GLOBAL . "' "; } elseif (!empty($provider_id)) { // get all events for a variety of provider IDs -- JRM if ($provider_id[0] != "_ALL_") { /**add all the events from the clinic provider id = 0*/ $sql .= "AND a.pc_aid in (0," . implode(",", $provider_id) . ") "; } } else { // get all events for logged in user plus global events $sql .= "AND (a.pc_aid IN (0," . $_SESSION['authUserID'] . ") OR a.pc_sharing = '" . SHARING_GLOBAL . "') "; } //====================================================================== // START SEARCH FUNCTIONALITY //====================================================================== if (!empty($s_keywords)) { $sql .= "AND ({$s_keywords}) "; } if (!empty($s_category)) { $sql .= "AND ({$s_category}) "; } if (!empty($s_topic)) { $sql .= "AND ({$s_topic}) "; } if (!empty($category)) { $sql .= "AND (a.pc_catid = '" . pnVarPrepForStore($category) . "') "; } if (!empty($topic)) { $sql .= "AND (a.pc_topic = '" . pnVarPrepForStore($topic) . "') "; } //====================================================================== // Search sort and limitation //====================================================================== if (empty($sort)) { $sql .= "GROUP BY a.pc_eid ORDER BY a.pc_time DESC"; } else { $sql .= "GROUP BY a.pc_eid ORDER BY a.{$sort}"; } //====================================================================== // END SEARCH FUNCTIONALITY //====================================================================== //echo "<br>sq: $sql<br />"; // echo "<!-- " . $sql . " -->\n"; // debugging $result = $dbconn->Execute($sql); if ($dbconn->ErrorNo() != 0) { die($dbconn->ErrorMsg()); } // put the information into an array for easy access $events = array(); // return an empty array if we don't have any results if (!isset($result)) { return $events; } for ($i = 0; !$result->EOF; $result->MoveNext()) { // WHY are we using an array for intermediate storage??? -- Rod // get the results from the query if (isset($tmp)) { unset($tmp); } $tmp = array(); list($tmp['eid'], $tmp['uname'], $tmp['catid'], $tmp['title'], $tmp['time'], $tmp['hometext'], $tmp['eventDate'], $tmp['duration'], $tmp['endDate'], $tmp['startTime'], $tmp['recurrtype'], $tmp['recurrfreq'], $tmp['recurrspec'], $tmp['topic'], $tmp['alldayevent'], $tmp['location'], $tmp['conttel'], $tmp['contname'], $tmp['contemail'], $tmp['website'], $tmp['fee'], $tmp['sharing'], $tmp['prefcatid'], $tmp['catcolor'], $tmp['catname'], $tmp['catdesc'], $tmp['pid'], $tmp['apptstatus'], $tmp['aid'], $tmp['provider_name'], $tmp['patient_name'], $tmp['owner_name'], $tmp['patient_dob'], $tmp['facility'], $tmp['pubpid']) = $result->fields; // grab the name of the topic $topicname = pcGetTopicName($tmp['topic']); // get the user id of event's author $cuserid = @$nuke_users[strtolower($tmp['uname'])]; // check the current event's permissions // the user does not have permission to view this event // if any of the following evaluate as false if (!pnSecAuthAction(0, 'PostCalendar::Event', "{$tmp['title']}::{$tmp['eid']}", ACCESS_OVERVIEW)) { continue; } elseif (!pnSecAuthAction(0, 'PostCalendar::Category', "{$tmp['catname']}::{$tmp['catid']}", ACCESS_OVERVIEW)) { continue; } elseif (!pnSecAuthAction(0, 'PostCalendar::User', "{$tmp['uname']}::{$cuserid}", ACCESS_OVERVIEW)) { continue; } elseif (!pnSecAuthAction(0, 'PostCalendar::Topic', "{$topicname}::{$tmp['topic']}", ACCESS_OVERVIEW)) { continue; } elseif ($tmp['sharing'] == SHARING_PRIVATE && $cuserid != $userid) { continue; } // add event to the array if we passed the permissions check // this is the common information $events[$i]['intervals'] = $tmp['duration'] / 60 / $GLOBALS['day_calandar_interval']; //sets the number of rows this event should span $events[$i]['eid'] = $tmp['eid']; $events[$i]['uname'] = $tmp['uname']; $events[$i]['uid'] = $cuserid; $events[$i]['catid'] = $tmp['catid']; $events[$i]['time'] = $tmp['time']; $events[$i]['eventDate'] = $tmp['eventDate']; $events[$i]['duration'] = $tmp['duration']; // there has to be a more intelligent way to do this @(list($events[$i]['duration_hours'], $dmin) = @explode('.', $tmp['duration'] / 60 / 60)); $events[$i]['duration_minutes'] = substr(sprintf('%.2f', '.' . 60 * ($dmin / 100)), 2, 2); //'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' $events[$i]['endDate'] = $tmp['endDate']; $events[$i]['startTime'] = $tmp['startTime']; $events[$i]['recurrtype'] = $tmp['recurrtype']; $events[$i]['recurrfreq'] = $tmp['recurrfreq']; $events[$i]['recurrspec'] = $tmp['recurrspec']; $events[$i]['topic'] = $tmp['topic']; $events[$i]['alldayevent'] = $tmp['alldayevent']; $events[$i]['catcolor'] = $tmp['catcolor']; // Modified 06-2009 by BM to translate the category if applicable $events[$i]['catname'] = xl_appt_category($tmp['catname']); $events[$i]['catdesc'] = $tmp['catdesc']; $events[$i]['pid'] = $tmp['pid']; $events[$i]['apptstatus'] = $tmp['apptstatus']; $events[$i]['pubpid'] = $tmp['pubpid']; $events[$i]['patient_name'] = $tmp['patient_name']; $events[$i]['provider_name'] = $tmp['provider_name']; $events[$i]['owner_name'] = $tmp['owner_name']; $events[$i]['patient_dob'] = $tmp['patient_dob']; $events[$i]['patient_age'] = getPatientAge($tmp['patient_dob']); $events[$i]['facility'] = getFacility($tmp['facility']); $events[$i]['sharing'] = $tmp['sharing']; $events[$i]['prefcatid'] = $tmp['prefcatid']; $events[$i]['aid'] = $tmp['aid']; $events[$i]['topictext'] = $topicname; $events[$i]['intervals'] = ceil($tmp['duration'] / 60 / $GLOBALS['calendar_interval']); if ($events[$i]['intervals'] == 0) { $events[$i]['intervals'] = 1; } // is this a public event to be shown as busy? if ($tmp['sharing'] == SHARING_BUSY && $cuserid != $userid) { // make it not display any information $events[$i]['title'] = _USER_BUSY_TITLE; $events[$i]['hometext'] = _USER_BUSY_MESSAGE; $events[$i]['desc'] = _USER_BUSY_MESSAGE; $events[$i]['conttel'] = ''; $events[$i]['contname'] = ''; $events[$i]['contemail'] = ''; $events[$i]['website'] = ''; $events[$i]['fee'] = ''; $events[$i]['location'] = ''; $events[$i]['street1'] = ''; $events[$i]['street2'] = ''; $events[$i]['city'] = ''; $events[$i]['state'] = ''; $events[$i]['postal'] = ''; } else { $display_type = substr($tmp['hometext'], 0, 6); if ($display_type == ':text:') { $prepFunction = 'pcVarPrepForDisplay'; $tmp['hometext'] = substr($tmp['hometext'], 6); } elseif ($display_type == ':html:') { $prepFunction = 'pcVarPrepHTMLDisplay'; $tmp['hometext'] = substr($tmp['hometext'], 6); } else { $prepFunction = 'pcVarPrepHTMLDisplay'; } unset($display_type); $events[$i]['title'] = $prepFunction($tmp['title']); $events[$i]['hometext'] = $prepFunction($tmp['hometext']); $events[$i]['desc'] = $events[$i]['hometext']; $events[$i]['conttel'] = $prepFunction($tmp['conttel']); $events[$i]['contname'] = $prepFunction($tmp['contname']); $events[$i]['contemail'] = $prepFunction($tmp['contemail']); $events[$i]['website'] = $prepFunction(postcalendar_makeValidURL($tmp['website'])); $events[$i]['fee'] = $prepFunction($tmp['fee']); $loc = unserialize($tmp['location']); $events[$i]['location'] = $prepFunction($loc['event_location']); $events[$i]['street1'] = $prepFunction($loc['event_street1']); $events[$i]['street2'] = $prepFunction($loc['event_street2']); $events[$i]['city'] = $prepFunction($loc['event_city']); $events[$i]['state'] = $prepFunction($loc['event_state']); $events[$i]['postal'] = $prepFunction($loc['event_postal']); } $i++; } unset($tmp); $result->Close(); return $events; }