/** * @param int $status * @param array|int $booking_ids * @return bool */ function set_status($status, $booking_ids) { //FIXME status should work with instantiated object //FIXME there is a vulnerability where any user can approve/reject bookings if they know the ID if ($this->array_is_numeric($booking_ids)) { //Get all the bookings $results = array(); $mails = array(); foreach ($booking_ids as $booking_id) { $EM_Booking = new EM_Booking($booking_id); if (!$EM_Booking->can_manage()) { $this->feedback_message = __('Bookings %s. Mails Sent.', 'dbem'); return false; } $results[] = $EM_Booking->set_status($status); } if (!in_array('false', $results)) { $this->feedback_message = __('Bookings %s. Mails Sent.', 'dbem'); return true; } else { //TODO Better error handling needed if some bookings fail approval/failure $this->feedback_message = __('An error occurred.', 'dbem'); return false; } } elseif (is_numeric($booking_ids) || is_object($booking_ids)) { $EM_Booking = is_object($booking_ids) && get_class($booking_ids) == 'EM_Booking' ? $booking_ids : new EM_Booking($booking_ids); $result = $EM_Booking->set_status($status); $this->feedback_message = $EM_Booking->feedback_message; return $result; } return false; }
/** * Hooks into em_booking_get_post and validates the * @param boolean $result * @param EM_Booking $EM_Booking * @return bool */ public static function em_booking_get_post($result, $EM_Booking) { //get, store and validate post data $EM_Form = self::get_form($EM_Booking->event_id); if (self::$form_id > 0) { if (empty($EM_Booking->booking_id) || !empty($EM_Booking->booking_id) && $EM_Booking->can_manage()) { foreach ($EM_Booking->get_tickets_bookings()->tickets_bookings as $EM_Ticket_Booking) { for ($i = 0; $i < $EM_Ticket_Booking->ticket_booking_spaces; $i++) { $EM_Booking->booking_meta['attendees'][$EM_Ticket_Booking->ticket_id][$i] = array(); foreach ($EM_Form->fields as $field) { $field['label'] = str_replace('#NUM#', $i + 1, $field['label']); } if ($EM_Form->get_post(false, $EM_Ticket_Booking->ticket_id, $i)) { //passing false for $validate, since it'll be done in em_booking_validate hook foreach ($EM_Form->get_values() as $fieldid => $value) { //get results and put them into booking meta $EM_Booking->booking_meta['attendees'][$EM_Ticket_Booking->ticket_id][$i][$fieldid] = $value; } } } } } if (count($EM_Form->get_errors()) > 0) { $result = false; $EM_Booking->add_error($EM_Form->get_errors()); } } return $result; }