if (empty($start_hour) && $morningstarts < 10) {
$start_hour = "0{$morningstarts}";
}
if (empty($start_hour)) {
$start_hour = "{$morningstarts}";
}
if (empty($start_min)) {
$start_min = "00";
}
// Remove "Undefined variable" notice
if (!isset($rep_num_weeks)) {
$rep_num_weeks = "";
}
$enable_periods ? toPeriodString($start_min, $duration, $dur_units) : toTimeString($duration, $dur_units);
#now that we know all the data to fill the form with we start drawing it
if (!getWritable($create_by, getUserName())) {
showAccessDenied($day, $month, $year, $area);
exit;
}
print_header($day, $month, $year, $area);
?>
<SCRIPT LANGUAGE="JavaScript">
// do a little form verifying
function validate_and_submit ()
{
// null strings and spaces only strings not allowed
if(/(^$)|(^\s+$)/.test(document.forms["main"].name.value))
{
alert ( "<?php
echo get_vocab("you_have_not_entered") . '\\n' . get_vocab("brief_description");
/*---------------------------------------------------------------------------*\
| Edit a given entry - 1st phase: Get the user input. |
\*---------------------------------------------------------------------------*/
if (isset($Action) && ($Action == "Edit" or $Action == "Add")) {
if ($Id >= 0) {
$result = sql_query("select * from {$tbl_users} where id={$Id}");
$data = sql_row_keyed($result, 0);
sql_free($result);
}
if ($Id == -1 || !$data) {
foreach ($fields as $fieldname) {
$data[$fieldname] = "";
}
}
/* First make sure the user is authorized */
if (!$initial_user_creation && !getWritable($data['name'], $user)) {
showAccessDenied(0, 0, 0, "", "");
exit;
}
print_header(0, 0, 0, 0, "");
if ($initial_user_creation == 1) {
print "<h3>" . get_vocab("no_users_initial") . "</h3>\n";
print "<p>" . get_vocab("no_users_create_first_admin") . "</p>\n";
}
print "<div id=\"form_container\">";
print "<form id=\"form_edit_users\" method=\"post\" action=\"" . htmlspecialchars(basename($PHP_SELF)) . "\">\n";
?>
<fieldset class="admin">
<legend><?php
echo $Action == "Edit" ? get_vocab("edit_user") : get_vocab("add_new_user");
?>
$hide_title = 1;
}
} else {
if (isset($_GET['del_entry_in_conflict']) && $_GET['del_entry_in_conflict'] == 'yes') {
grrDelEntryInConflict($room_id, $starttime, $endtime - 1, $ignore_id, $repeat_id, 0);
}
$err .= mrbsCheckFree($room_id, $starttime, $endtime - 1, $ignore_id, $repeat_id);
}
}
}
if (empty($err) && $error_booking_in_past == 'no' && $error_duree_max_resa_area == 'no' && $error_delais_max_resa_room == 'no' && $error_delais_min_resa_room == 'no' && $error_booking_room_out == 'no' && $error_date_option_reservation == 'no' && $error_chevaussement == 'no' && $error_qui_peut_reserver_pour == 'no' && $error_heure_debut_fin == 'no') {
$compt_room = 0;
foreach ($_GET['rooms'] as $room_id) {
$area = mrbsGetRoomArea($room_id);
if (isset($id) && $id != 0) {
if (!getWritable($beneficiaire, getUserName(), $id)) {
showAccessDenied($back);
exit;
}
}
if (authUserAccesArea(getUserName(), $area) == 0) {
showAccessDenied($back);
exit;
}
if (isset($id) and $id != 0) {
$compt = 0;
} else {
$compt = 1;
}
if ($rep_type != 0 && !empty($reps)) {
if (UserRoomMaxBooking(getUserName(), $room_id, count($reps) - 1 + $compt + $compt_room) == 0) {
}
print "<td>{$right}</td>\n";
/* Fall through to display the name */
}
if ($j == 2) {
continue;
}
/* Display the data, if any. */
if ($col_value == "") {
$col_value = " ";
// IE doesn't print a frame around void data.
}
print "<td>{$col_value}</td>\n";
}
print "<td>\n";
if (getWritable($name, $user)) {
print "<form method=\"post\" action=\"" . htmlspecialchars(basename($PHP_SELF)) . "\">\n";
print " <div>\n";
print " <input type=\"hidden\" name=\"Action\" value=\"Edit\">\n";
print " <input type=\"hidden\" name=\"Id\" value=\"{$this_id}\">\n";
print " <input style=\"margin:0\" type=\"submit\" value=\"" . get_vocab("edit") . "\">\n";
print " </div>\n";
print "</form>\n";
} else {
print " \n";
}
print "</td>\n";
print "</tr>\n";
}
print "</tbody>\n";
print "</table>\n";
$repeats_allowed = $is_admin || empty($auth['only_admin_can_book_repeat']);
$row = mrbsGetBookingInfo($id, $series);
$room = $row['room_id'];
$area = $row['area_id'];
// Get the area settings for the entry's area. In particular we want
// to know how to display private/public bookings in this area.
get_area_settings($row['area_id']);
// Work out whether the room or area is disabled
$room_disabled = $row['room_disabled'] || $row['area_disabled'];
// Get the status
$status = $row['status'];
// Get the creator
$create_by = $row['create_by'];
// Work out whether this event should be kept private
$private = $row['status'] & STATUS_PRIVATE;
$writeable = getWritable($row['create_by'], $user, $row['room_id']);
$keep_private = is_private_event($private) && !$writeable;
// Work out when the last reminder was sent
$last_reminded = empty($row['reminded']) ? $row['last_updated'] : $row['reminded'];
if ($series == 1) {
$repeat_id = $id;
// Save the repeat_id
// I also need to set $id to the value of a single entry as it is a
// single entry from a series that is used by del_entry.php and
// edit_entry.php
// So I will look for the first entry in the series where the entry is
// as per the original series settings
$sql = "SELECT id\n FROM {$tbl_entry}\n WHERE repeat_id={$id} AND entry_type=" . ENTRY_RPT_ORIGINAL . "\n ORDER BY start_time\n LIMIT 1";
$id = sql_query1($sql);
if ($id < 1) {
// if all entries in series have been modified then
fatal_error(FALSE, get_vocab("fatal_db_error"));
}
} else {
// New booking: get the room_id from the form
if (!isset($rooms[0])) {
// $rooms[0] should always be set, because you can only get here
// from edit_entry.php, where it will be set. If it's not set
// then something's gone wrong - probably somebody trying to call
// edit_entry_handler.php directly from the browser - so get out
// of here and go somewhere safe.
header("Location: index.php");
exit;
}
$target_room = $rooms[0];
}
if (!getWritable($create_by, $user, $target_room)) {
showAccessDenied($day, $month, $year, $area, isset($room) ? $room : "");
exit;
}
if ($enable_periods) {
$resolution = 60;
}
// Now work out the start and times
$starttime = mktime(0, 0, $start_seconds, $start_month, $start_day, $start_year);
$endtime = mktime(0, 0, $end_seconds, $end_month, $end_day, $end_year);
// If we're using periods then the endtime we've been returned by the form is actually
// the beginning of the last period in the booking (it's more intuitive for users this way)
// so we need to add on 60 seconds (1 period)
if ($enable_periods) {
$endtime = $endtime + 60;
}
trigger_error(sql_error(), E_USER_WARNING);
fatal_error(TRUE, get_vocab("fatal_db_error"));
} else {
for ($i = 0; $row = sql_row_keyed($res, $i); $i++) {
if ($debug_flag) {
echo "<br>DEBUG: result {$i}, id " . $row['id'] . ", starts " . $row['start_time'] . ", ends " . $row['end_time'] . "\n";
}
if ($debug_flag) {
echo "<br>DEBUG: Entry " . $row['id'] . " day {$day_num}\n";
}
$d[$day_num]["id"][] = $row['id'];
$d[$day_num]["color"][] = $row['type'];
$d[$day_num]["is_repeat"][] = !empty($row['repeat_id']);
// Handle private events
if (is_private_event($row['status'] & STATUS_PRIVATE)) {
if (getWritable($row['create_by'], $user, $room)) {
$private = FALSE;
} else {
$private = TRUE;
}
} else {
$private = FALSE;
}
if ($private & $is_private_field['entry.name']) {
$d[$day_num]["status"][] = $row['status'] | STATUS_PRIVATE;
// Set the private bit
$d[$day_num]["shortdescrip"][] = '[' . get_vocab('unavailable') . ']';
} else {
$d[$day_num]["status"][] = $row['status'] & ~STATUS_PRIVATE;
// Clear the private bit
$d[$day_num]["shortdescrip"][] = htmlspecialchars($row['name']);
// If we have not been provided with a room_id
if (empty($room_id)) {
$sql = "SELECT id FROM {$tbl_room} WHERE disabled=0 LIMIT 1";
$res = sql_query($sql);
$row = sql_row_keyed($res, 0);
$room_id = $row['id'];
}
// Determine the area id of the room in question first
$area_id = mrbsGetRoomArea($room_id);
// Remove "Undefined variable" notice
if (!isset($rep_num_weeks)) {
$rep_num_weeks = "";
}
$enable_periods ? toPeriodString($start_min, $duration, $dur_units) : toTimeString($duration, $dur_units);
//now that we know all the data to fill the form with we start drawing it
if (!getWritable($create_by, $user, $room_id)) {
showAccessDenied($day, $month, $year, $area, isset($room) ? $room : "");
exit;
}
print_header($day, $month, $year, $area, isset($room) ? $room : "");
// Get the details of all the enabled rooms
$rooms = array();
$sql = "SELECT R.id, R.room_name, R.area_id\n FROM {$tbl_room} R, {$tbl_area} A\n WHERE R.area_id = A.id\n AND R.disabled=0\n AND A.disabled=0\n ORDER BY R.area_id, R.sort_key";
$res = sql_query($sql);
if ($res) {
for ($i = 0; $row = sql_row_keyed($res, $i); $i++) {
$rooms[$row['id']] = $row;
}
}
// Get the details of all the enabled areas
$areas = array();
die;
}
if ($info = mrbsGetEntryInfo($id)) {
$day = strftime('%d', $info['start_time']);
$month = strftime('%m', $info['start_time']);
$year = strftime('%Y', $info['start_time']);
$area = mrbsGetRoomArea($info['room_id']);
$back = '';
if (isset($_SERVER['HTTP_REFERER'])) {
$back = htmlspecialchars($_SERVER['HTTP_REFERER']);
}
if (authGetUserLevel(getUserName(), -1) < 1) {
showAccessDenied($back);
exit;
}
if (!getWritable($info['beneficiaire'], getUserName(), $id)) {
showAccessDenied($back);
exit;
}
if (authUserAccesArea(getUserName(), $area) == 0) {
showAccessDenied($back);
exit;
}
if (Settings::get('automatic_mail') == 'yes') {
$_SESSION['session_message_error'] = send_mail($id, 3, $dformat);
}
$room_id = grr_sql_query1('SELECT ' . TABLE_PREFIX . '_entry.room_id FROM ' . TABLE_PREFIX . '_entry, ' . TABLE_PREFIX . '_room WHERE ' . TABLE_PREFIX . '_entry.room_id = ' . TABLE_PREFIX . '_room.id AND ' . TABLE_PREFIX . "_entry.id='" . $id . "'");
$date_now = time();
get_planning_area_values($area);
if (!verif_booking_date(getUserName(), $id, $room_id, -1, $date_now, $enable_periods) || verif_booking_date(getUserName(), $id, $room_id, -1, $date_now, $enable_periods) && $can_delete_or_create != 'y') {
showAccessDenied($back);
echo '<tr>', PHP_EOL, '<td><b>', get_vocab("rep_rep_day"), '</b></td>', PHP_EOL, '<td>', $opt, '</td>', PHP_EOL, '</tr>', PHP_EOL;
} else {
echo '<tr>', PHP_EOL, '<td><b>', get_vocab("rep_rep_days"), '</b></td>', PHP_EOL, '<td>', $opt, '</td>', PHP_EOL, '</tr>', PHP_EOL;
}
}
}
if ($rep_type == 6) {
if (Settings::get("jours_cycles_actif") == "Oui" && intval($jour_cycle) > -1) {
echo '<tr>', PHP_EOL, '<td><b>', get_vocab("rep_rep_day"), '</b></td>', PHP_EOL, '<td>', get_vocab('jour_cycle'), ' ', $jour_cycle, '</td>', PHP_EOL, '</tr>', PHP_EOL;
}
}
echo '<tr><td><b>' . get_vocab("date") . get_vocab("deux_points") . '</b></td><td>' . $start_date . '</td></tr>';
echo '<tr><td><b>' . get_vocab("duration") . '</b></td><td>' . $duration . ' ' . $dur_units . '</td></tr>';
echo '<tr><td><b>' . get_vocab('rep_end_date') . '</b></td><td>' . $rep_end_date . '</td></tr>';
}
if (getWritable($beneficiaire, getUserName(), $id) && verif_booking_date(getUserName(), $id, $room_id, -1, $date_now, $enable_periods) && verif_delais_min_resa_room(getUserName(), $room_id, $row[10]) && !$was_del) {
$message_confirmation = str_replace("'", "\\'", get_vocab("confirmdel") . get_vocab("deleteseries"));
echo '<tr>', PHP_EOL, '<td colspan="2">', PHP_EOL, '<input class="btn btn-primary" type="button" onclick="location.href=\'edit_entry.php?id=', $id, '&edit_type=series&day=', $day, '&month=', $month, '&year=', $year, '&page=', $page, '\'" value="', get_vocab("editseries"), '"></td>', PHP_EOL, '</tr>', PHP_EOL;
echo '<tr>', PHP_EOL, '<td colspan="2">', PHP_EOL, '<a class="btn btn-danger" type="button" href="del_entry.php?id=', $id, '&series=1&day=', $day, '&month=', $month, '&year=', $year, '&page=', $page, '" onclick="return confirm(\'', $message_confirmation, '\');">', get_vocab("deleteseries"), '</a></td>', PHP_EOL, '</tr>', PHP_EOL;
}
echo '</table>', PHP_EOL, '</fieldset>', PHP_EOL;
}
if (!isset($area_id)) {
$area_id = 1;
}
if (!isset($room)) {
$room = 1;
}
if (authGetUserLevel(getUserName(), $area_id, "area") > 1 || authGetUserLevel(getUserName(), $room) >= 4) {
echo '<br><input class="btn btn-primary" onclick="myFunction(', $id, ')" value="', get_vocab("Generer_pdf"), '" >', PHP_EOL;
}
break;
case "week":
$returl = "week.php";
break;
default:
$returl = "day.php";
}
$returl .= "?year={$year}&month={$month}&day={$day}&area={$area}";
}
if (getAuthorised(1) && ($info = mrbsGetBookingInfo($id, FALSE, TRUE))) {
$user = getUserName();
// check that the user is allowed to delete this entry
if (isset($action) && ($action = "reject")) {
$authorised = auth_book_admin($user, $info['room_id']);
} else {
$authorised = getWritable($info['create_by'], $user, $info['room_id']);
}
if ($authorised) {
$day = strftime("%d", $info["start_time"]);
$month = strftime("%m", $info["start_time"]);
$year = strftime("%Y", $info["start_time"]);
$area = mrbsGetRoomArea($info["room_id"]);
$notify_by_email = $mail_settings['admin_on_delete'] || $mail_settings['book_admin_on_provisional'];
if ($notify_by_email) {
require_once "functions_mail.inc";
// Gather all fields values for use in emails.
$mail_previous = getPreviousEntryData($id, $series);
}
sql_begin();
$result = mrbsDelEntry(getUserName(), $id, $series, 1);
sql_commit();
if($info = mrbsGetEntryInfo($id))
{
$day = strftime("%d", $info["start_time"]);
$month = strftime("%m", $info["start_time"]);
$year = strftime("%Y", $info["start_time"]);
$area = mrbsGetRoomArea($info["room_id"]);
$back = "";
if (isset($_SERVER['HTTP_REFERER'])) $back = grr_htmlSpecialChars($_SERVER['HTTP_REFERER']);
if(authGetUserLevel(getUserName(),-1) < 1)
{
showAccessDenied($day, $month, $year, $area,$back);
exit();
}
if(!getWritable($info["beneficiaire"], getUserName(),$id))
{
showAccessDenied($day, $month, $year, $area,$back);
exit;
}
if(authUserAccesArea(getUserName(), $area)==0)
{
showAccessDenied($day, $month, $year, $area,$back);
exit();
}
grr_sql_begin();
if (getSettingValue("automatic_mail") == 'yes') {
$_SESSION['session_message_error'] = send_mail($id,3,$dformat);
}
// On vérifie les dates
/** mrbsDelEntry()
*
* Delete an entry, or optionally all entrys.
*
* $user - Who's making the request
* $id - The entry to delete
* $series - If set, delete the series, except user modified entrys
* $all - If set, include user modified entrys in the series delete
*
* Returns:
* 0 - An error occured
* non-zero - The entry was deleted
*/
function mrbsDelEntry($user, $id, $series, $all)
{
global $tbl_entry, $tbl_repeat;
$repeat_id = sql_query1("SELECT repeat_id FROM {$tbl_entry} WHERE id={$id}");
if ($repeat_id < 0) {
return 0;
}
$sql = "SELECT create_by, id, entry_type FROM {$tbl_entry} WHERE ";
if ($series) {
$sql .= "repeat_id={$repeat_id}";
} else {
$sql .= "id={$id}";
}
$res = sql_query($sql);
$removed = 0;
for ($i = 0; $row = sql_row($res, $i); $i++) {
if (!getWritable($row[0], $user)) {
continue;
}
if ($series && $row[2] == 2 && !$all) {
continue;
}
if (sql_command("DELETE FROM {$tbl_entry} WHERE id=" . $row[1]) > 0) {
$removed++;
}
}
if ($repeat_id > 0 && sql_query1("SELECT count(*) FROM {$tbl_entry} WHERE repeat_id={$repeat_id}") == 0) {
sql_command("DELETE FROM {$tbl_repeat} WHERE id={$repeat_id}");
}
return $removed > 0;
}
/** mrbsDelEntry()
*
* Delete an entry, or optionally all entrys.
*
* $user - Who's making the request
* $id - The entry to delete
* $series - If set, delete the series, except user modified entrys
* $all - If set, include user modified entrys in the series delete
*
* Returns:
* 0 - An error occured
* non-zero - The entry was deleted
*/
function mrbsDelEntry($user, $id, $series, $all)
{
global $correct_diff_time_local_serveur, $enable_periods;
$date_now = mktime();
$id_room = grr_sql_query1("select room_id FROM ".TABLE_PREFIX."_entry WHERE id='".$id."'");
$repeat_id = grr_sql_query1("SELECT repeat_id FROM ".TABLE_PREFIX."_entry WHERE id='".$id."'");
if ($repeat_id < 0)
return 0;
$sql = "SELECT beneficiaire, id, entry_type FROM ".TABLE_PREFIX."_entry WHERE ";
if(($series) and ($repeat_id > 0))
$sql .= "repeat_id='".protect_data_sql($repeat_id)."'";
else
$sql .= "id='".$id."'";
$res = grr_sql_query($sql);
$removed = 0;
for ($i = 0; ($row = grr_sql_row($res, $i)); $i++)
{
if(!getWritable($row[0], $user, $id))
continue;
if (!verif_booking_date($user, $row[1], $id_room, "", $date_now, $enable_periods, ""))
continue;
if($series && $row[2] == 2 && !$all)
continue;
if (grr_sql_command("DELETE FROM ".TABLE_PREFIX."_entry WHERE id=" . $row[1]) > 0)
$removed++;
grr_sql_command("DELETE FROM ".TABLE_PREFIX."_entry_moderate WHERE id=" . $row[1]);
}
if ($repeat_id > 0 &&
grr_sql_query1("SELECT count(*) FROM ".TABLE_PREFIX."_entry WHERE repeat_id='".protect_data_sql($repeat_id)."'") == 0)
grr_sql_command("DELETE FROM ".TABLE_PREFIX."_repeat WHERE id='".$repeat_id."'");
return $removed > 0;
}
}
$row = sql_row_keyed($res, 0);
sql_free($res);
$name = htmlspecialchars($row['name']);
$description = htmlspecialchars($row['description']);
$create_by = htmlspecialchars($row['create_by']);
$room_name = htmlspecialchars($row['room_name']);
$area_name = htmlspecialchars($row['area_name']);
$type = $row['type'];
$private = $row['private'];
$room_id = $row['room_id'];
$updated = time_date_string($row['last_updated']);
// need to make DST correct in opposite direction to entry creation
// so that user see what he expects to see
$duration = $row['duration'] - cross_dst($row['start_time'], $row['end_time']);
$writeable = getWritable($create_by, $user);
if (is_private_event($private) && !$writeable) {
$name = "[" . get_vocab('private') . "]";
$description = $name;
$create_by = $name;
$keep_private = TRUE;
} else {
$keep_private = FALSE;
}
if ($enable_periods) {
list($start_period, $start_date) = period_date_string($row['start_time']);
} else {
$start_date = time_date_string($row['start_time']);
}
if ($enable_periods) {
list(, $end_date) = period_date_string($row['end_time'], -1);
