load_global_settings();
load_user_preferences();
$WebCalendar->setLanguage();
// Load user name, etc.
user_load_variables($login, '');
// See if a user login was specified in the URL
$user = getGetValue('user');
// translate 'public' to be '__public__'
if ($user == 'public') {
$user = '******';
}
// Make sure the current user has proper permissions to see unapproved
// events for the specified user. We're not checking to see if
if ($user != '') {
if (access_is_enabled()) {
if (!access_user_calendar('approve', $user)) {
// not allowed
$user = login;
}
} else {
if (!$is_admin && $user != $login && !$is_assistant && !access_is_enabled()) {
$user = $login;
}
}
}
// If not, user current user's login
if ($user == '') {
$user = $login;
}
$charset = empty($LANGUAGE) ? 'iso-8859-1' : translate('charset');
// This should work ok with RSS, may need to hardcode fallback value.
<?php
/* $Id: month.php,v 1.95.2.9 2010/08/15 18:54:34 cknudsen Exp $ */
include_once 'includes/init.php';
//check UAC
if (!access_can_access_function(ACCESS_MONTH) || !empty($user) && !access_user_calendar('view', $user)) {
send_to_preferred_view();
}
if ($user != $login && $is_nonuser_admin) {
load_user_layers($user);
} else {
if (empty($user)) {
load_user_layers();
}
}
$cat_id = getValue('cat_id', '-?[0-9,\\-]*', true);
load_user_categories();
$next = mktime(0, 0, 0, $thismonth + 1, 1, $thisyear);
$nextYmd = date('Ymd', $next);
$nextyear = substr($nextYmd, 0, 4);
$nextmonth = substr($nextYmd, 4, 2);
$prev = mktime(0, 0, 0, $thismonth - 1, 1, $thisyear);
$prevYmd = date('Ymd', $prev);
$prevyear = substr($prevYmd, 0, 4);
$prevmonth = substr($prevYmd, 4, 2);
if ($BOLD_DAYS_IN_YEAR == 'Y') {
$boldDays = true;
$startdate = mktime(0, 0, 0, $prevmonth, 0, $prevyear);
$enddate = mktime(23, 59, 59, $nextmonth + 1, 0, $nextyear);
} else {
$boldDays = false;
function print_entry_timebar($event, $date)
{
global $ENTRY_SLOTS, $entrySlots, $eventinfo, $login, $PHP_SELF, $PUBLIC_ACCESS_FULLNAME, $slotValue, $totalHours, $totalSlots, $user, $width, $WORK_DAY_END_HOUR, $WORK_DAY_START_HOUR, $yardSlots, $yardWidth;
static $key = 0;
$insidespan = false;
$ret = '';
if (access_is_enabled()) {
$temp = $event->getLogin();
$can_access = access_user_calendar('view', $temp, '', $event->getCalType(), $event->getAccess());
$time_only = access_user_calendar('time', $temp);
} else {
$can_access = CAN_DOALL;
$time_only = 'N';
}
$id = $event->getID();
$name = $event->getName();
$linkid = "pop{$id}-{$key}";
$key++;
$day_start = $WORK_DAY_START_HOUR * 60;
$day_end = $WORK_DAY_END_HOUR * 60;
if ($day_end <= $day_start) {
$day_end = $day_start + 60;
}
//Avoid exceptions.
$time = date('His', $event->getDateTimeTS());
$startminutes = time_to_minutes($time);
$endminutes = time_to_minutes(date('His', $event->getEndDateTimeTS()));
$duration = $event->getDuration();
if ($event->isAllDay()) {
// All day event.
$ev_duration = $totalSlots;
$start_padding = 0;
} else {
if ($event->isUntimed()) {
$ev_duration = $start_padding = 0;
} else {
// Must be timed.
$start_padding = round(($startminutes - $day_start) / $slotValue);
if ($start_padding < 0) {
$start_padding = 0;
}
if ($startminutes > $day_end || $endminutes < $day_start) {
$ev_duration = 1;
} else {
if ($duration > 0) {
$ev_duration = intval($duration / $slotValue);
// Event starts before workday.
if ($startminutes < $day_start) {
$ev_duration = $ev_duration - (int) ($day_start - $startminutes) / $slotValue;
}
// Event ends after workday.
if ($endminutes > $day_end) {
$ev_duration = $ev_duration - (int) ($endminutes - $day_end) / $slotValue;
}
}
}
}
}
$end_padding = $totalSlots - $start_padding - $ev_duration + 1;
// If event is past viewing area.
if ($start_padding >= $totalSlots) {
$ev_duration = 1;
$start_padding = $totalSlots - 1;
}
// Choose where to position the text (pos=0->before,pos=1->on,pos=2->after).
if ($ev_duration / $totalSlots >= 0.3) {
$pos = 1;
} elseif ($end_padding / $totalSlots >= 0.3) {
$pos = 2;
} else {
$pos = 0;
}
$ret .= '
<!-- ENTRY BAR -->
<tr class="entrycont">' . ($start_padding > 0 ? '
<td class="alignright" colspan="' . $start_padding . '">' : '');
if ($pos > 0) {
if (!$event->isUntimed()) {
$ret .= ($start_padding > 0 ? ' </td>' : '') . '
<td class="entry" colspan="' . $ev_duration . '">' . ($pos > 1 ? ' </td>
<td class="alignleft" colspan="' . $end_padding . '">' : '');
} else {
// Untimed, just display text.
$ret .= '
<td colspan="' . $totalSlots . '">';
}
}
$tempClone = $event->getClone();
$tempPri = $event->getPriority() < 4;
return $ret . ($tempPri ? '<strong>' : '') . ($can_access != 0 && $time_only != 'Y' ? '
<a class="entry" id="' . $linkid . '" href="view_entry.php?id=' . $id . '&date=' . ($tempClone ? $tempClone : $date) . (strlen($user) > 0 ? '&user='******'') . '">' : '') . '[' . ($event->getLogin() == '__public__' ? $PUBLIC_ACCESS_FULLNAME : $event->getLogin()) . '] ' . build_entry_label($event, 'eventinfo-' . $linkid, $can_access, $event->isAllDay() ? translate('All day event') : (!$event->isUntimed() ? display_time($event->getDatetime()) . ($event->getDuration() > 0 ? ' - ' . display_time($event->getEndDateTime(), 2) : '') : ''), $time_only) . ($insidespan ? '</span>' : '') . '</a>' . ($tempPri ? '</strong>' : '') . '</td>' . ($pos < 2 ? ($pos < 1 ? '
<td class="entry" colspan="' . $ev_duration . '"> </td>' : '') . ($end_padding > 1 ? '
<td class="alignleft" colspan="' . $end_padding . '"> </td>' : '') : '') . '
</tr>';
}
if (!access_is_enabled() || access_can_access_function(ACCESS_ANOTHER_CALENDAR)) {
// Get count of users this user can see. If > 1, then...
$ulist = array_merge(get_my_users($login, 'view'), get_my_nonusers($login, true, 'view'));
//remove duplicates if any
if (function_exists('array_intersect_key')) {
$ulist = array_intersect_key($ulist, array_unique(array_map('serialize', $ulist)));
}
if (count($ulist) > 1) {
$select_user_url = 'select_user.php';
}
}
}
}
}
// Only display some links if we're viewing our own calendar.
if (empty($user) || $user == $login || !empty($user) && access_is_enabled() && access_user_calendar('view', $user)) {
// Search
if (access_can_access_function(ACCESS_SEARCH, $user)) {
$search_url = 'search.php';
}
}
if (empty($user) || $user == $login) {
// Import/Export
if (access_is_enabled() || $login != '__public__' && !$is_nonuser) {
if ($readonly != 'Y' && access_can_access_function(ACCESS_IMPORT, $user)) {
$import_url = 'import.php';
}
if (access_can_access_function(ACCESS_EXPORT, $user)) {
$export_url = 'export.php';
}
}
function build_entry_popup($popupid, $user, $description = '', $time, $site_extras = '', $location = '', $name = '', $id = '', $reminder = '')
{
global $ALLOW_HTML_DESCRIPTION, $DISABLE_POPUPS, $login, $PARTICIPANTS_IN_POPUP, $popup_fullnames, $popuptemp_fullname, $PUBLIC_ACCESS_VIEW_PART, $SUMMARY_LENGTH, $tempfullname;
if (!empty($DISABLE_POPUPS) && $DISABLE_POPUPS == 'Y') {
return;
}
// Restrict info if time only set.
$details = true;
if (function_exists('access_is_enabled') && access_is_enabled() && $user != $login) {
$time_only = access_user_calendar('time', $user);
$details = $time_only == 'N' ? 1 : 0;
}
$ret = '<dl id="' . $popupid . '" class="popup">' . "\n";
if (empty($popup_fullnames)) {
$popup_fullnames = array();
}
$partList = array();
if ($details && $id != '' && !empty($PARTICIPANTS_IN_POPUP) && $PARTICIPANTS_IN_POPUP == 'Y' && !($PUBLIC_ACCESS_VIEW_PART == 'N' && $login == '__public__')) {
$rows = dbi_get_cached_rows('SELECT cal_login, cal_status
FROM webcal_entry_user WHERE cal_id = ? AND cal_status IN ( \'A\',\'W\' )', array($id));
if ($rows) {
for ($i = 0, $cnt = count($rows); $i < $cnt; $i++) {
$row = $rows[$i];
$participants[] = $row;
}
}
for ($i = 0, $cnt = count($participants); $i < $cnt; $i++) {
user_load_variables($participants[$i][0], 'temp');
$partList[] = $tempfullname . ' ' . ($participants[$i][1] == 'W' ? '(?)' : '');
}
$rows = dbi_get_cached_rows('SELECT cal_fullname FROM webcal_entry_ext_user
WHERE cal_id = ? ORDER by cal_fullname', array($id));
if ($rows) {
$extStr = translate('External User');
for ($i = 0, $cnt = count($rows); $i < $cnt; $i++) {
$row = $rows[$i];
$partList[] = $row[0] . ' (' . $extStr . ')';
}
}
}
if ($user != $login) {
if (empty($popup_fullnames[$user])) {
user_load_variables($user, 'popuptemp_');
$popup_fullnames[$user] = $popuptemp_fullname;
}
$ret .= '<dt>' . translate('User') . ":</dt>\n<dd>{$popup_fullnames[$user]}</dd>\n";
}
$ret .= ($SUMMARY_LENGTH < 80 && strlen($name) && $details ? '<dt>' . htmlspecialchars(substr($name, 0, 40)) . "</dt>\n" : '') . (strlen($time) ? '<dt>' . translate('Time') . ":</dt>\n<dd>{$time}</dd>\n" : '') . (!empty($location) && $details ? '<dt>' . translate('Location') . ":</dt>\n<dd> {$location}</dd>\n" : '') . (!empty($reminder) && $details ? '<dt>' . translate('Send Reminder') . ":</dt>\n<dd> {$reminder}</dd>\n" : '');
if (!empty($partList) && $details) {
$ret .= '<dt>' . translate('Participants') . ":</dt>\n";
foreach ($partList as $parts) {
$ret .= "<dd> {$parts}</dd>\n";
}
}
if (!empty($description) && $details) {
$ret .= '<dt>' . translate('Description') . ":</dt>\n<dd>";
if (!empty($ALLOW_HTML_DESCRIPTION) && $ALLOW_HTML_DESCRIPTION == 'Y') {
// Replace &s and decode special characters.
$str = unhtmlentities(str_replace('&amp;', '&', str_replace('&', '&', $description)));
// If there is no HTML found, then go ahead and replace
// the line breaks ("\n") with the HTML break ("<br />").
$ret .= strstr($str, '<') && strstr($str, '>') ? $str : nl2br($str);
} else {
// HTML not allowed in description, escape everything.
$ret .= nl2br(htmlspecialchars($description));
}
$ret .= "</dd>\n";
}
//if $description
return $ret . (empty($site_extras) ? '' : $site_extras) . "</dl>\n";
}
$can_email = access_user_calendar('email', $templogin);
}
echo '
';
if (strlen($tempemail) > 0 && $can_email != 'N') {
echo '<a href="mailto:' . $tempemail . '?subject=' . $subject . '">' . $tempfullname . '</a>';
$allmails[] = $tempemail;
} else {
echo $tempfullname;
}
echo ' (?)<br />';
}
for ($i = 0; $i < $num_rej; $i++) {
user_load_variables($rejected[$i], 'temp');
if (access_is_enabled()) {
$can_email = access_user_calendar('email', $templogin);
}
echo '
<strike>' . (strlen($tempemail) > 0 && $can_email != 'N' ? '<a href="mailto:' . $tempemail . '?subject=' . $subject . '">' . $tempfullname . '</a>' : $tempfullname) . '</strike> (' . translate('Rejected') . ')<br />';
}
}
echo '
</td>
</tr>';
}
// end participants
$can_edit = $can_edit || $is_admin || $is_nonuser_admin && $user == $create_by || $is_assistant && !$is_private && $user == $create_by || $readonly != 'Y' && ($login != '__public__' && $login == $create_by || $single_user == 'Y');
if (empty($event_status)) {
// this only happens when an admin views a deleted event that he is
// not a participant for. Set to $event_status to "D" just to get
// rid of all the edit/delete links below.
}
}
//end new/old event
// Some users report that they get an error on duplicate keys
// on the following add... As a safety measure, delete any
// existing entry with the id. Ignore the result.
dbi_execute('DELETE FROM webcal_entry_user WHERE cal_id = ? AND cal_login = ?', array($id, $participants[$i]));
if (!dbi_execute('INSERT INTO webcal_entry_user ( cal_id, cal_login,
cal_status, cal_percent ) VALUES ( ?, ?, ?, ? )', array($id, $participants[$i], $status, $new_percent))) {
$error = $dberror . dbi_error();
break;
} else {
// Check UAC.
$can_email = 'Y';
if (access_is_enabled()) {
$can_email = access_user_calendar('email', $participants[$i], $login);
}
// Don't send mail if we are editing a non-user calendar and we are the admin.
if (!$is_nonuser_admin && $can_email == 'Y') {
// Only send mail if their email address is filled in.
$do_send = get_pref_setting($participants[$i], $newevent ? 'EMAIL_EVENT_ADDED' : 'EMAIL_EVENT_UPDATED');
$htmlmail = get_pref_setting($participants[$i], 'EMAIL_HTML');
$t_format = get_pref_setting($participants[$i], 'TIME_FORMAT');
$user_TIMEZONE = get_pref_setting($participants[$i], 'TIMEZONE');
set_env('TZ', $user_TIMEZONE);
$user_language = get_pref_setting($participants[$i], 'LANGUAGE');
user_load_variables($participants[$i], 'temp');
if (boss_must_be_notified($login, $participants[$i]) && !empty($tempemail) && $do_send == 'Y' && $send_user_mail && $SEND_EMAIL != 'N') {
// We send to creator if they want it.
if ($send_own != 'Y' && $participants[$i] == $login) {
continue;
function list_unapproved($user)
{
global $eventinfo, $key, $login, $NONUSER_ENABLED, $noret, $temp_fullname;
user_load_variables($user, 'temp_');
$rssLink = '<a href="rss_unapproved.php?user='******'"><img src="images/rss.png" width="14" height="14" alt="RSS 2.0 - ' . htmlspecialchars($temp_fullname) . '" border="0"/></a>';
$count = 0;
$ret = '';
$sql = 'SELECT we.cal_id, we.cal_name, we.cal_description, weu.cal_login,
we.cal_priority, we.cal_date, we.cal_time, we.cal_duration,
weu.cal_status, we.cal_type
FROM webcal_entry we, webcal_entry_user weu
WHERE we.cal_id = weu.cal_id AND weu.cal_login = ? AND weu.cal_status = \'W\'
ORDER BY weu.cal_login, we.cal_date';
$rows = dbi_get_cached_rows($sql, array($user));
if ($rows) {
$allDayStr = translate('All day event');
$appConStr = translate('Approve/Confirm');
$appSelStr = translate('Approve Selected');
$checkAllStr = translate('Check All');
$deleteStr = translate('Delete');
$emailStr = translate('Emails Will Not Be Sent');
$rejectSelStr = translate('Reject Selected');
$rejectStr = translate('Reject');
$uncheckAllStr = translate('Uncheck All');
$viewStr = translate('View this entry');
for ($i = 0, $cnt = count($rows); $i < $cnt; $i++) {
$row = $rows[$i];
$key++;
$id = $row[0];
$name = $row[1];
$description = $row[2];
$cal_user = $row[3];
$pri = $row[4];
$date = $row[5];
$time = sprintf("%06d", $row[6]);
$duration = $row[7];
$status = $row[8];
$type = $row[9];
$view_link = 'view_entry';
$entryID = 'entry' . $type . $id;
$linkid = "pop{$id}-{$key}";
$timestr = '';
if ($time > 0 || $time == 0 && $duration != 1440) {
$eventstart = date_to_epoch($date . $time);
$eventstop = $eventstart + $duration;
$eventdate = date_to_str(date('Ymd', $eventstart));
$timestr = display_time('', 0, $eventstart) . ($duration > 0 ? ' - ' . display_time('', 0, $eventstop) : '');
} else {
// Don't shift date if All Day or Untimed.
$eventdate = date_to_str($date);
// If All Day display in popup.
if ($time == 0 && $duration == 1440) {
$timestr = $allDayStr;
}
}
$ret .= ($count == 0 ? '
<tr>
<td colspan="5"><h3>' . $temp_fullname . ' ' . $rssLink . '</h3></td>
</tr>' : '') . '
<tr ' . ($count % 2 == 0 ? '' : 'class="odd"') . '>
<td width="5%" align="right"><input type="checkbox" name="' . $entryID . '" value="' . $user . '"/></td>
<td><a title="' . $viewStr . '" class="entry" id="' . $linkid . '" href="' . $view_link . '.php?id=' . $id . '&user='******'">' . htmlspecialchars($name) . '</a> (' . $eventdate . '):</td>' . '
<td align="center"><input type="image" src="images/check.gif" title="' . $appConStr . '" onclick="return do_confirm( \'approve\', \'' . $cal_user . '\', \'' . $entryID . '\' );" /></td>' . '
<td align="center"><input type="image" src="images/rejected.gif" title="' . $rejectStr . '" onclick="return do_confirm( \'reject\', \'' . $cal_user . '\', \'' . $entryID . '\' );" /></td>' . (!access_is_enabled() || access_user_calendar('edit', $user) ? '
<td align="center"><input type="image" src="images/delete.png" title="' . $deleteStr . '" onclick="return do_confirm( \'delete\', \'' . $cal_user . '\', \'' . $entryID . '\' );\\" /></td>' : '') . '
</tr>';
$eventinfo .= build_entry_popup('eventinfo-' . $linkid, $cal_user, $description, $timestr, site_extras_for_popup($id));
$count++;
}
if ($count > 1) {
$ret .= '
<tr>
<td colspan="5" nowrap="nowrap">
<img src="images/select.gif" border="0" alt="" />
<label><a title="' . $checkAllStr . '" onclick="check_all( \'' . $user . '\' );">' . $checkAllStr . '</a> / <a title="' . $uncheckAllStr . '" onclick="uncheck_all( \'' . $user . '\' );">' . $uncheckAllStr . '</a></label>
<input type="image" src="images/check.gif" title="' . $appSelStr . '" onclick="return do_confirm( \'approveSelected\', \'' . $cal_user . '\' );" />
<input type="image" src="images/rejected.gif" title="' . $rejectSelStr . '" onclick="return do_confirm( \'rejectSelected\', \'' . $cal_user . '\' );" /> ( ' . $emailStr . ' )
</td>
</tr>';
}
}
if ($count == 0) {
$noret .= '
<tr>
<td colspan="5" class="nounapproved">' . str_replace('XXX', $temp_fullname, translate('No unapproved entries for XXX.')) . ' ' . $rssLink . '</td>
</tr>';
}
return $ret;
}
}
}
}
}
}
// Now, mark event as deleted for all users.
dbi_execute('UPDATE webcal_entry_user SET cal_status = \'D\' WHERE cal_id = ?', array($id));
// Delete External users for this event
dbi_execute('DELETE FROM webcal_entry_ext_user WHERE cal_id = ?', array($id));
}
} else {
// Not the owner of the event, but participant or noncal_admin.
// Just set the status to 'D' instead of deleting.
$del_user = !empty($other_user) ? $other_user : $login;
if (!empty($user) && $user != $login) {
if ($is_admin || $my_event || $can_edit && $is_assistant || access_is_enabled() && access_user_calendar('edit', $user)) {
$del_user = $user;
} else {
// Error: user cannot delete from other user's calendar.
$error = print_not_auth(6);
}
}
if (empty($error)) {
if ($override_repeat) {
dbi_execute('INSERT INTO webcal_entry_repeats_not
( cal_id, cal_date, cal_exdate ) VALUES ( ?, ?, ? )', array($id, $date, 1));
// Should we log this to the activity log???
} else {
dbi_execute('UPDATE webcal_entry_user SET cal_status = ?
WHERE cal_id = ? AND cal_login = ?', array('D', $id, $del_user));
activity_log($id, $login, $login, $log_reject, '');
} elseif ($extra_type == EXTRA_TEXT) {
$size = $extra_arg1 > 0 ? $extra_arg1 : 50;
echo '
<input type="text" size="' . $size . '" name="' . $extra_name . '" value="' . (empty($extras[$extra_name]['cal_data']) ? '' : htmlspecialchars($extras[$extra_name]['cal_data'])) . '" />';
} elseif ($extra_type == EXTRA_MULTILINETEXT) {
echo '
<textarea rows="' . ($extra_arg2 > 0 ? $extra_arg2 : 5) . '" cols="' . ($extra_arg1 > 0 ? $extra_arg1 : 50) . '" name="' . $extra_name . '">' . (empty($extras[$extra_name]['cal_data']) ? '' : htmlspecialchars($extras[$extra_name]['cal_data'])) . '</textarea>';
} elseif ($extra_type == EXTRA_USER) {
// Show list of calendar users...
echo '
<select name="' . $extra_name . '">
<option value="">None</option>';
$userlist = get_my_users(get_my_users);
$usercnt = count($userlist);
for ($j = 0; $j < $usercnt; $j++) {
if (access_is_enabled() && !access_user_calendar('view', $userlist[$j]['cal_login'])) {
continue;
}
// Cannot view calendar so cannot add to their cal.
echo '
<option value="' . $userlist[$j]['cal_login'] . '"' . (!empty($extras[$extra_name]['cal_data']) && $userlist[$j]['cal_login'] == $extras[$extra_name]['cal_data'] ? $selected : '') . '>' . $userlist[$j]['cal_fullname'] . '</option>';
}
echo '
</select>';
} elseif ($extra_type == EXTRA_SELECTLIST) {
// Show custom select list.
$extraSelectArr = $isMultiple = $multiselect = '';
if (is_array($extra_arg1)) {
$extra_arg1cnt = count($extra_arg1);
if ($extra_arg2 > 0) {
$multiselect = ' multiple="multiple" size="' . min($extra_arg2, $extra_arg1cnt) . '" ';
// Get the name of the event.
$res = dbi_execute('SELECT cal_name, cal_description, cal_date, cal_time,
cal_create_by FROM webcal_entry WHERE cal_id = ?', array($id));
if ($res) {
$row = dbi_fetch_row($res);
$name = $row[0];
$description = $row[1];
$fmtdate = $row[2];
$time = sprintf("%06d", $row[3]);
$creator = $row[4];
dbi_free_result($res);
}
$eventstart = date_to_epoch($fmtdate . $time);
// TODO figure out if creator wants approved comment email.
// Check UAC.
$send_user_mail = access_is_enabled() ? access_user_calendar('email', $creator, $login) : 'Y';
$htmlmail = get_pref_setting($creator, 'EMAIL_HTML');
user_load_variables($creator, 'temp');
$user_TIMEZONE = get_pref_setting($creator, 'TIMEZONE');
set_env('TZ', $user_TIMEZONE);
$user_language = get_pref_setting($creator, 'LANGUAGE');
if ($send_user_mail == 'Y' && strlen($tempemail) && $SEND_EMAIL != 'N') {
reset_language(empty($user_language) || $user_language == 'none' ? $LANGUAGE : $user_language);
// translate ( 'Hello' )
$msg = str_replace('XXX', $tempfullname, translate('Hello, XXX.')) . "\n\n" . str_replace('XXX', $login_fullname, translate('XXX has approved an appointment and added comments.')) . "\n\n" . str_replace('XXX', $name, translate('Subject XXX')) . "\n" . str_replace('XXX', $description, translate('Description XXX')) . "\n" . str_replace('XXX', date_to_str($fmtdate), translate('Date XXX')) . ' ' . (empty($hour) && empty($minute) ? '' : str_replace('XXX', display_time('', 2, $eventstart, get_pref_setting($creator, 'TIME_FORMAT')), translate('Time XXX'))) . "\n";
if (!empty($SERVER_URL)) {
// DON'T change & to & here. email will handle it
$url = $SERVER_URL . 'view_entry.php?id=' . $id . '&em=1';
if ($htmlmail == 'Y') {
$url = activate_urls($url);
}
if (empty($ALLOW_COMMENTS) || $ALLOW_COMMENTS != 'Y') {
$error = print_not_auth(10);
} else {
if (empty($error) && $ALLOW_COMMENTS_PART == 'Y' && $is_my_event) {
$can_add = true;
} else {
if ($ALLOW_COMMENTS_ANY == 'Y') {
$can_add = true;
}
}
}
}
}
//check UAC
if (access_is_enabled()) {
$can_add = $can_add || access_user_calendar('edit', $user);
}
if (!$can_add) {
$error = print_not_auth(6);
}
if (!empty($error)) {
print_header();
echo print_error($error);
echo print_trailer();
exit;
}
// Handle possible POST first
if (empty($REQUEST_METHOD)) {
$REQUEST_METHOD = $_SERVER['REQUEST_METHOD'];
}
if ($REQUEST_METHOD == 'POST') {
if ($res) {
$row = dbi_fetch_row($res);
$name = $row[0];
$description = $row[1];
$fmtdate = $row[2];
$time = sprintf("%06d", $row[3]);
dbi_free_result($res);
}
$eventstart = date_to_epoch($fmtdate . $time);
for ($i = 0, $cnt = count($partlogin); $i < $cnt; $i++) {
// does this user want email for this?
$send_user_mail = get_pref_setting($partlogin[$i], 'EMAIL_EVENT_REJECTED');
//check UAC
$can_mail = 'Y';
if (access_is_enabled()) {
$can_mail = access_user_calendar('email', $partlogin[$i], $login);
}
$htmlmail = get_pref_setting($partlogin[$i], 'EMAIL_HTML');
$t_format = get_pref_setting($partlogin[$i], 'TIME_FORMAT');
user_load_variables($partlogin[$i], 'temp');
$user_TIMEZONE = get_pref_setting($partlogin[$i], 'TIMEZONE');
set_env('TZ', $user_TIMEZONE);
$user_language = get_pref_setting($partlogin[$i], 'LANGUAGE');
if ($send_user_mail == 'Y' && strlen($tempemail) && $SEND_EMAIL != 'N' && $can_mail == 'Y') {
if (empty($user_language) || $user_language == 'none') {
reset_language($LANGUAGE);
} else {
reset_language($user_language);
}
$msg = translate('Hello') . ', ' . $tempfullname . ".\n\n" . translate('An appointment has been rejected by') . ' ' . $login_fullname . ".\n\n" . translate('The subject was') . ' "' . $name . " \"\n" . translate('The description is') . ' "' . $description . "\"\n" . translate('Date') . ': ' . date_to_str($fmtdate) . "\n" . (empty($hour) && empty($minute) ? '' : translate('Time') . ': ' . display_time('', 2, $eventstart, $t_format)) . "\n";
if (!empty($SERVER_URL)) {
$userlookup[$myusers[$i]['cal_login']] = 1;
}
$newlist = array();
$cnt = count($users);
for ($i = 0; $i < $cnt; $i++) {
if (!empty($userlookup[$users[$i]])) {
$newlist[] = $users[$i];
}
}
$users = $newlist;
}
// Now, use access control to remove more users :-)
if (access_is_enabled() && !$is_admin) {
$newlist = array();
for ($i = 0; $i < count($users); $i++) {
if (access_user_calendar('view', $users[$i])) {
$newlist[] = $users[$i];
//echo "can access $users[$i] <br>";
} else {
//echo "cannot access $users[$i] <br>";
}
}
$users = $newlist;
}
}
if (empty($users) || empty($users[0])) {
$search_others = false;
}
//Get advanced filters
$cat_filter = getPostValue('cat_filter');
$extra_filter = getPostValue('extra_filter');
function get_users_to_approve()
{
global $is_admin, $login, $NONUSER_ENABLED, $PUBLIC_ACCESS, $user;
$app_user_hash = $app_users = $my_non_users = array();
$non_users = get_nonuser_cals();
foreach ($non_users as $nonuser) {
if (user_is_nonuser_admin($login, $nonuser['cal_login'])) {
$my_non_users[]['cal_login'] = $nonuser['cal_login'];
// echo $nonuser['cal_login'] . "<br />";
}
}
// First, we list ourself.
$app_users[] = $login;
$app_user_hash[$login] = 1;
if (access_is_enabled()) {
$all = !empty($NONUSER_ENABLED) && $NONUSER_ENABLED == 'Y' ? array_merge(get_my_users(), $my_non_users) : get_my_users();
for ($j = 0, $cnt = count($all); $j < $cnt; $j++) {
$x = $all[$j]['cal_login'];
if (access_user_calendar('approve', $x)) {
if (empty($app_user_hash[$x])) {
$app_users[] = $x;
$app_user_hash[$x] = 1;
}
}
}
} else {
if ($is_admin && $PUBLIC_ACCESS == 'Y' && (empty($user) || $user != '__public__')) {
$app_users[] = '__public__';
$app_users_hash['__public__'] = 1;
}
$all = $my_non_users;
for ($j = 0, $cnt = count($all); $j < $cnt; $j++) {
$x = $all[$j]['cal_login'];
if (empty($app_user_hash[$x])) {
$app_users[] = $x;
$app_user_hash[$x] = 1;
}
}
}
return $app_users;
}
/**
* Remove any users from the view list who this user is not
* allowed to view.
* @param int $view_id id of the view
* @return the array of valid users
*/
function view_get_user_list($view_id)
{
global $error, $login, $is_admin, $NONUSER_ENABLED, $USER_SEES_ONLY_HIS_GROUPS;
// get users in this view
$res = dbi_execute('SELECT cal_login FROM webcal_view_user WHERE cal_view_id = ?', array($view_id));
$ret = array();
$all_users = false;
if ($res) {
while ($row = dbi_fetch_row($res)) {
$ret[] = $row[0];
if ($row[0] == '__all__') {
$all_users = true;
}
}
dbi_free_result($res);
} else {
$error = db_error();
}
if ($all_users) {
$users = get_my_users('', 'view');
$ret = array();
$usercnt = count($users);
for ($i = 0; $i < $usercnt; $i++) {
$ret[] = $users[$i]['cal_login'];
}
} else {
$myusers = get_my_users('', 'view');
if (!empty($NONUSER_ENABLED) && $NONUSER_ENABLED == 'Y') {
$myusers = array_merge($myusers, get_my_nonusers($login, true, 'view'));
}
// Make sure this user is allowed to see all users in this view
// If this is a global view, it may include users that this user
// is not allowed to see.
if (!empty($USER_SEES_ONLY_HIS_GROUPS) && $USER_SEES_ONLY_HIS_GROUPS == 'Y') {
$userlookup = array();
$myusercnt = count($myusers);
for ($i = 0; $i < $myusercnt; $i++) {
$userlookup[$myusers[$i]['cal_login']] = 1;
}
$newlist = array();
$retcnt = count($ret);
for ($i = 0; $i < $retcnt; $i++) {
if (!empty($userlookup[$ret[$i]])) {
$newlist[] = $ret[$i];
}
}
$ret = $newlist;
}
//Sort user list...
$sortlist = array();
$myusercnt = count($myusers);
$retcnt = count($ret);
for ($i = 0; $i < $myusercnt; $i++) {
for ($j = 0; $j < $retcnt; $j++) {
if ($myusers[$i]['cal_login'] == $ret[$j]) {
$sortlist[] = $ret[$j];
break;
}
}
}
$ret = $sortlist;
}
// If user access control enabled, check against that as well.
if (access_is_enabled() && !$is_admin) {
$newlist = array();
$retcnt = count($ret);
for ($i = 0; $i < $retcnt; $i++) {
if (access_user_calendar('view', $ret[$i])) {
$newlist[] = $ret[$i];
}
}
$ret = $newlist;
}
//echo "<pre>"; print_r ( $ret ); echo "</pre>\n";
return $ret;
}
