function eme_add_multibooking_form($event_ids, $template_id_header = 0, $template_id_entry, $template_id_footer = 0, $eme_register_empty_seats = 0, $show_message = 1) { // we need template ids $format_header = eme_get_template_format($template_id_header); $format_entry = eme_get_template_format($template_id_entry); $format_footer = eme_get_template_format($template_id_footer); $events = eme_get_event($event_ids); // rsvp not active or no rsvp for this event, then return foreach ($events as $event) { if (!eme_is_event_rsvp($event)) { return; } $registration_wp_users_only = $event['registration_wp_users_only']; if ($registration_wp_users_only) { // we require a user to be WP registered to be able to book if (!is_user_logged_in()) { return; } } } #$destination = eme_event_url($event)."#eme-rsvp-message"; if (isset($_GET['lang'])) { $language = eme_strip_tags($_GET['lang']); $destination = "?lang=" . $language . "#eme-rsvp-message"; } else { $destination = "#eme-rsvp-message"; } // after the add or delete booking, we do a POST to the same page using javascript to show just the result // this has 2 advantages: you can give arguments in the post, and refreshing the page won't repeat the booking action, just the post showing the result // a javascript redir using window.replace + GET would work too, but that leaves an ugly GET url if (isset($_POST['eme_eventAction']) && $_POST['eme_eventAction'] == 'add_bookings' && isset($_POST['eme_event_ids'])) { $event_ids = $_POST['eme_event_ids']; $events = eme_get_event($event_ids); if (has_filter('eme_eval_multibooking_form_post_filter')) { $eval_filter_return = apply_filters('eme_eval_multibooking_form_post_filter', $events); } else { $eval_filter_return = array(0 => 1, 1 => ''); } if (is_array($eval_filter_return) && !$eval_filter_return[0]) { // the result of own eval rules failed, so let's use that as a result $booking_ids_done = 0; $form_result_message = $eval_filter_return[1]; } else { $send_mail = 1; $booking_res = eme_multibook_seats($events, $send_mail, $format_entry); $form_result_message = $booking_res[0]; $booking_ids_done = $booking_res[1]; } $post_string = "{"; // let's decide for the first event wether or not payment is needed if ($booking_ids_done && eme_event_can_pay_online($events[0])) { $payment_id = eme_get_bookings_payment_id($booking_ids_done); if (!empty($payment_id)) { // you did a successfull registration, so now we decide wether to show the form again, or the payment form // but to make sure people don't mess with the booking id in the url, we use wp_nonce // by default the nonce is valid for 24 hours $eme_payment_nonce = wp_create_nonce('eme_payment_id' . $payment_id); // create the JS array that will be used to post $post_arr = array("eme_eventAction" => 'pay_bookings', "eme_message" => $form_result_message, "eme_payment_id" => $payment_id, "eme_payment_nonce" => $eme_payment_nonce); } else { // no payment registered (price=0) $post_arr = array("eme_eventAction" => 'message', "eme_message" => $form_result_message, "booking_done" => 1); } } elseif ($booking_ids_done) { $post_arr = array("eme_eventAction" => 'message', "eme_message" => $form_result_message, "booking_done" => 1); } else { // booking failed: we add $_POST to the json, so we can pre-fill the form so the user can just correct the mistake $post_arr = stripslashes_deep($_POST); $post_arr['eme_eventAction'] = 'message'; $post_arr['eme_message'] = $form_result_message; } // this should not be reposted (useless list of event ids now) unset($post_arr['eme_event_ids']); // and some parts should be formatted differently in the name (php makes arrays, but we need it as names for javascript) if (isset($post_arr['bookings'])) { foreach ($post_arr['bookings'] as $key => $val) { $post_arr['bookings[' . $key . '][bookedSeats]'] = $val['bookedSeats']; } unset($post_arr['bookings']); } $post_string = json_encode($post_arr); ?> <script type="text/javascript"> function postwith (to,p) { var myForm = document.createElement("form"); myForm.method="post" ; myForm.action = to ; for (var k in p) { var myInput = document.createElement("input") ; myInput.setAttribute("name", k) ; myInput.setAttribute("value", p[k]); myForm.appendChild(myInput) ; } document.body.appendChild(myForm) ; myForm.submit() ; document.body.removeChild(myForm) ; } <?php echo "postwith('{$destination}',{$post_string});"; ?> </script> <?php return; } if (isset($_POST['eme_eventAction']) && $_POST['eme_eventAction'] == 'pay_bookings' && isset($_POST['eme_message']) && isset($_POST['eme_payment_id'])) { $payment_id = $_POST['eme_payment_id']; // due to the double POST javascript, the eme_message is escaped again, so we need stripslashes // but the message may contain html, so no html sanitize $form_result_message = eme_translate(stripslashes_deep($_POST['eme_message'])); // verify the nonce, to make sure people didn't mess with the booking id if (!isset($_POST['eme_payment_nonce']) || !wp_verify_nonce($_POST['eme_payment_nonce'], 'eme_payment_id' . $payment_id)) { return; } else { return eme_multipayment_form($payment_id, $form_result_message); } } $message_is_result_of_booking = 0; if (isset($_POST['eme_eventAction']) && $_POST['eme_eventAction'] == 'message' && isset($_POST['eme_message'])) { // due to the double POST javascript, the eme_message is escaped again, so we need stripslashes // but the message may contain html, so no html sanitize $form_result_message = eme_translate(stripslashes_deep($_POST['eme_message'])); if (isset($_POST['booking_done'])) { $message_is_result_of_booking = 1; } } $ret_string = "<div id='eme-rsvp-message'>"; if ($show_message && !empty($form_result_message)) { $ret_string .= "<div class='eme-rsvp-message'>{$form_result_message}</div>"; } $form_html = ""; if (!$message_is_result_of_booking || $message_is_result_of_booking && get_option('eme_rsvp_show_form_after_booking')) { $form_html = "<form id='eme-rsvp-form' name='booking-form' method='post' action='{$destination}'>"; // add a nonce for extra security $form_html .= wp_nonce_field('add_booking', 'eme_rsvp_nonce', false, false); // also add a honeypot field: if it gets completed with data, // it's a bot, since a humand can't see this (using CSS to render it invisible) $form_html .= "<span id='honeypot_check'>Keep this field blank: <input type='text' name='honeypot_check' value='' /></span>\n\t\t <input type='hidden' name='eme_eventAction' value='add_bookings' />\n\t\t <input type='hidden' name='eme_register_empty_seats' value='{$eme_register_empty_seats}' />\n\t\t "; $form_html .= eme_replace_extra_multibooking_formfields_placeholders($format_header); $cur_time = time(); foreach ($events as $event) { $event_id = $event['event_id']; $event_rsvp_startdatetime = strtotime($event['event_start_date'] . " " . $event['event_start_time']); $event_rsvp_enddatetime = strtotime($event['event_end_date'] . " " . $event['event_end_time']); if ($event['event_properties']['rsvp_end_target'] == 'start') { $event_rsvp_datetime = $event_rsvp_startdatetime; } else { $event_rsvp_datetime = $event_rsvp_enddatetime; } if ($cur_time + $event['rsvp_number_days'] * 60 * 60 * 24 + $event['rsvp_number_hours'] * 60 * 60 > $event_rsvp_datetime || $cur_time >= $event_rsvp_enddatetime) { //$form_html.="<div class='eme-rsvp-message'>".__('Bookings no longer allowed on this date.', 'eme')."</div></div>"; continue; } // you can book the available number of seats, with a max of x per time $min_allowed = $event['event_properties']['min_allowed']; // the next gives the number of available seats, even for multiprice $avail_seats = eme_get_available_seats($event_id); // no seats anymore? No booking form then ... but only if it is required that the min number of // bookings should be >0 (it can be=0 for attendance bookings) if (eme_is_multi($min_allowed)) { $min = eme_get_multitotal($min_allowed); } else { $min = $min_allowed; } if ($avail_seats == 0 && $min > 0) { // we show the message concerning 'no more seats' only if it is not after a successful booking //if (!$message_is_result_of_booking) // $form_html.="<div class='eme-rsvp-message'>".__('Bookings no longer possible: no seats available anymore', 'eme')."</div>"; } else { $form_html .= "<input type='hidden' name='eme_event_ids[]' value='{$event_id}' />"; // regular formfield replacement here, but indicate that it is for multibooking $form_html .= eme_replace_formfields_placeholders($event, "", $format_entry, 1); } } $form_html .= eme_replace_extra_multibooking_formfields_placeholders($format_footer); $form_html .= "</form>"; if (has_filter('eme_add_booking_form_filter')) { $form_html = apply_filters('eme_add_booking_form_filter', $form_html); } } return $ret_string . $form_html . "</div>"; }
function eme_events_page_content() { global $wpdb; $format_header = get_option('eme_event_list_item_format_header'); if (empty($format_header)) { $format_header = DEFAULT_EVENT_LIST_HEADER_FORMAT; } $format_footer = get_option('eme_event_list_item_format_footer'); if (empty($format_footer)) { $format_footer = DEFAULT_EVENT_LIST_FOOTER_FORMAT; } if (isset($_REQUEST['eme_cancel_booking'])) { // GET for cancel links, POST for the cancel form $payment_randomid = eme_strip_tags($_REQUEST['eme_cancel_booking']); return eme_cancel_confirm_form($payment_randomid); } elseif (isset($_POST['eme_confirm_cancel_booking']) && isset($_POST['eme_pmt_rndid'])) { $payment_randomid = eme_strip_tags($_POST['eme_pmt_rndid']); $payment = eme_get_payment(0, $payment_randomid); $booking_ids = eme_get_payment_booking_ids($payment['id']); if (isset($_POST['eme_rsvp_nonce']) && wp_verify_nonce($_POST['eme_rsvp_nonce'], "cancel booking {$payment_randomid}")) { foreach ($booking_ids as $booking_id) { $booking = eme_get_booking($booking_id); // delete the booking before the mail is sent, so free spaces are correct eme_delete_booking($booking_id); eme_email_rsvp_booking($booking, "cancelRegistration"); // delete the booking answers after the mail is sent, so the answers can still be used in the mail eme_delete_answers($booking_id); } eme_delete_payment($payment['id']); } return "<div class='eme-rsvp-message'>" . __("The bookings have been cancelled", 'eme') . "</div>"; } elseif (get_query_var('eme_pmt_result') && get_option('eme_payment_show_custom_return_page')) { // show the result of a payment, but not for a multi-booking payment result $result = get_query_var('eme_pmt_result'); if ($result == 'succes') { $format = get_option('eme_payment_succes_format'); } else { $format = get_option('eme_payment_fail_format'); } if (get_option('eme_payment_add_bookingid_to_return') && get_query_var('eme_pmt_id') && get_query_var('event_id')) { $event = eme_get_event(intval(get_query_var('event_id'))); $payment_id = intval(get_query_var('eme_pmt_id')); $booking_ids = eme_get_payment_booking_ids($payment_id); if ($booking_ids) { // since each booking is for a different event, we can't know which one to show // so we show only the first one $booking = eme_get_booking($booking_ids[0]); return eme_replace_booking_placeholders($format, $event, $booking); } else { return; } } elseif (get_query_var('event_id')) { $event = eme_get_event(intval(get_query_var('event_id'))); return eme_replace_placeholders($format, $event); } else { return $format; } } elseif (get_query_var('eme_pmt_id')) { $payment_id = intval(get_query_var('eme_pmt_id')); $booking_ids = eme_get_payment_booking_ids($payment_id); if (count($booking_ids) == 1) { $page_body = eme_payment_form("", $payment_id); } else { $page_body = eme_multipayment_form($payment_id); } return $page_body; } if (get_query_var('eme_town')) { $eme_town = eme_sanitize_request(get_query_var('eme_town')); $location_ids = join(',', eme_get_town_location_ids($eme_town)); $stored_format = get_option('eme_event_list_item_format'); if (count($location_ids) > 0) { $format_header = get_option('eme_location_list_item_format_header'); if (empty($format_header)) { $format_header = DEFAULT_EVENT_LIST_HEADER_FORMAT; } $format_footer = get_option('eme_location_list_item_format_footer'); if (empty($format_footer)) { $format_footer = DEFAULT_EVENT_LIST_FOOTER_FORMAT; } $page_body = eme_get_events_list(get_option('eme_event_list_number_items'), "future", "ASC", $stored_format, $format_header, $format_footer, 0, '', '', 0, '', '', 0, $location_ids); } else { $page_body = "<div id='events-no-events'>" . get_option('eme_no_events_message') . "</div>"; } return $page_body; } if (get_query_var('location_id')) { $location = eme_get_location(intval(get_query_var('location_id'))); $single_location_format = get_option('eme_single_location_format'); $page_body = eme_replace_locations_placeholders($single_location_format, $location); return $page_body; } if (!get_query_var('calendar_day') && get_query_var('eme_event_cat')) { $format_header = get_option('eme_cat_event_list_item_format_header'); if (empty($format_header)) { $format_header = DEFAULT_CAT_EVENT_LIST_HEADER_FORMAT; } $format_footer = get_option('eme_cat_event_list_item_format_footer'); if (empty($format_footer)) { $format_footer = DEFAULT_CAT_EVENT_LIST_FOOTER_FORMAT; } $eme_event_cat = eme_sanitize_request(get_query_var('eme_event_cat')); $cat_ids = join(',', eme_get_category_ids($eme_event_cat)); $stored_format = get_option('eme_event_list_item_format'); if (!empty($cat_ids)) { $page_body = eme_get_events_list(get_option('eme_event_list_number_items'), "future", "ASC", $stored_format, $format_header, $format_footer, 0, $cat_ids); } else { $page_body = "<div id='events-no-events'>" . get_option('eme_no_events_message') . "</div>"; } return $page_body; } //if (isset ( $_REQUEST['event_id'] ) && $_REQUEST['event_id'] != '') { if (eme_is_single_event_page()) { // single event page $event_id = intval(get_query_var('event_id')); return eme_display_single_event($event_id); } elseif (get_query_var('calendar_day')) { $scope = eme_sanitize_request(get_query_var('calendar_day')); $location_id = isset($_GET['location_id']) ? urldecode($_GET['location_id']) : ''; $category = isset($_GET['category']) ? urldecode($_GET['category']) : ''; $notcategory = isset($_GET['notcategory']) ? urldecode($_GET['notcategory']) : ''; $author = isset($_GET['author']) ? urldecode($_GET['author']) : ''; $contact_person = isset($_GET['contact_person']) ? urldecode($_GET['contact_person']) : ''; $event_list_item_format = get_option('eme_event_list_item_format'); $show_single_event = 1; $page_body = eme_get_events_list(0, $scope, "ASC", $event_list_item_format, $format_header, $format_footer, $location_id, $category, '', 0, $author, $contact_person, 0, '', 0, 1, 0, $notcategory, 0, 0, 0, 0, "", $show_single_event); return $page_body; } else { // Multiple events page isset($_GET['scope']) ? $scope = eme_sanitize_request($_GET['scope']) : ($scope = "future"); $stored_format = get_option('eme_event_list_item_format'); if (get_option('eme_display_calendar_in_events_page')) { $page_body = eme_get_calendar('full=1'); } else { $page_body = eme_get_events_list(get_option('eme_event_list_number_items'), $scope, "ASC", $stored_format, $format_header, $format_footer, 0); } return $page_body; } }