$all_day = get_form_var('all_day', 'string');
// bool, actually
$type = get_form_var('type', 'string');
$rooms = get_form_var('rooms', 'array');
$returl = get_form_var('returl', 'string');
$rep_id = get_form_var('rep_id', 'int');
$edit_type = get_form_var('edit_type', 'string');
$id = get_form_var('id', 'int');
$rep_end_day = get_form_var('rep_end_day', 'int');
$rep_end_month = get_form_var('rep_end_month', 'int');
$rep_end_year = get_form_var('rep_end_year', 'int');
$rep_id = get_form_var('rep_id', 'int');
$rep_day = get_form_var('rep_day', 'array');
// array of bools
$rep_num_weeks = get_form_var('rep_num_weeks', 'int');
$private = get_form_var('private', 'string');
// bool, actually
// Truncate the name field to the maximum length as a precaution.
// Although the MAXLENGTH attribute is used in the <input> tag, this can
// sometimes be ignored by the browser, for example by Firefox when
// autocompletion is used. The user could also edit the HTML and remove
// the MAXLENGTH attribute. Passing an oversize string to some
// databases (eg some versions of PostgreSQL) results in an SQL error,
// rather than silent truncation of the string.
$name = substr($name, 0, ENTRY_NAME_LENGTH);
if (empty($area)) {
if (empty($rooms[0])) {
$area = get_default_area();
} else {
$area = get_area($rooms[0]);
}
$From_day = get_form_var('From_day', 'int');
$From_month = get_form_var('From_month', 'int');
$From_year = get_form_var('From_year', 'int');
$To_day = get_form_var('To_day', 'int');
$To_month = get_form_var('To_month', 'int');
$To_year = get_form_var('To_year', 'int');
$creatormatch = get_form_var('creatormatch', 'string');
$areamatch = get_form_var('areamatch', 'string');
$roommatch = get_form_var('roommatch', 'string');
$namematch = get_form_var('namematch', 'string');
$descrmatch = get_form_var('descrmatch', 'string');
$summarize = get_form_var('summarize', 'int');
$typematch = get_form_var('typematch', 'array');
$sortby = get_form_var('sortby', 'string');
$display = get_form_var('display', 'string');
$sumby = get_form_var('sumby', 'string');
# Require authenticated user if private bookings are required
if ($private_override == "private") {
if (!getAuthorised(1)) {
showAccessDenied($day, $month, $year, $area, "");
exit;
}
}
# Need to know user name and if they are an admin
$user = getUserName();
$is_admin = isset($user) && authGetUserLevel($user) >= 2;
//If we dont know the right date then make it up
if (!isset($day) or !isset($month) or !isset($year)) {
$day = date("d");
$month = date("m");
$year = date("Y");
// Hash the password for security
$value = md5($password0);
} else {
if ($fieldname == "level") {
$value = get_form_var('Field_level', 'int');
if (!isset($value)) {
$value = 0;
}
// Check that we are not trying to upgrade our level. This shouldn't be possible
// but someone might have spoofed the input in the edit form
if ($value > $level) {
Header("Location: edit_users.php");
exit;
}
} else {
$value = get_form_var("Field_{$fieldname}", $field_props[$fieldname]['type']);
}
}
}
}
// pre-process the field value for SQL
if ($field_props[$fieldname]['istext']) {
// Truncate the field to the maximum length as a precaution.
if (isset($maxlength["users.{$fieldname}"])) {
$value = substr($value, 0, $maxlength["users.{$fieldname}"]);
}
$value = "'" . addslashes($value) . "'";
} else {
if ($field_props[$fieldname]['isbool']) {
if ($value && $value == true) {
$value = "TRUE";
<?php
// $Id$
require_once "grab_globals.inc.php";
include "config.inc.php";
include "functions.inc";
include "dbsys.inc";
// Get form variables
$day = get_form_var('day', 'int');
$month = get_form_var('month', 'int');
$year = get_form_var('year', 'int');
$area = get_form_var('area', 'int');
$room = get_form_var('room', 'int');
$id = get_form_var('id', 'int');
$series = get_form_var('series', 'int');
// If we dont know the right date then make it up
if (!isset($day) or !isset($month) or !isset($year)) {
$day = date("d");
$month = date("m");
$year = date("Y");
}
if (empty($area)) {
$area = get_default_area();
}
print_header($day, $month, $year, $area, isset($room) ? $room : "");
if (empty($series)) {
$series = 0;
} else {
$series = 1;
}
if ($series) {
<?php
// $Id$
require_once "grab_globals.inc.php";
include "config.inc.php";
include "{$dbsys}.inc";
include "mrbs_auth.inc";
include "functions.inc";
include "version.inc";
// Get form variables
$day = get_form_var('day', 'int');
$month = get_form_var('month', 'int');
$year = get_form_var('year', 'int');
$area = get_form_var('area', 'int');
$room = get_form_var('room', 'int');
// If we dont know the right date then make it up
if (!isset($day) or !isset($month) or !isset($year)) {
$day = date("d");
$month = date("m");
$year = date("Y");
}
if (empty($area)) {
$area = get_default_area();
}
print_header($day, $month, $year, $area, isset($room) ? $room : "");
echo "<h3>" . get_vocab("about_mrbs") . "</h3>\n";
echo "<table id=\"version_info\">\n";
echo "<tr><td><a href=\"http://mrbs.sourceforge.net\">" . get_vocab("mrbs") . "</a>:</td><td>" . get_mrbs_version() . "</td></tr>\n";
echo "<tr><td>" . get_vocab("database") . ":</td><td>" . sql_version() . "</td></tr>\n";
echo "<tr><td>" . get_vocab("system") . ":</td><td>" . php_uname() . "</td></tr>\n";
echo "<tr><td>" . get_vocab("servertime") . ":</td><td>" . utf8_strftime("%c", time()) . "</td></tr>\n";
include "mrbs_auth.inc";
// Get form variables
$day = get_form_var('day', 'int');
$month = get_form_var('month', 'int');
$year = get_form_var('year', 'int');
$area = get_form_var('area', 'int');
$room = get_form_var('room', 'int');
$room_name = get_form_var('room_name', 'string');
$area_name = get_form_var('area_name', 'string');
$description = get_form_var('description', 'string');
$capacity = get_form_var('capacity', 'int');
$room_admin_email = get_form_var('room_admin_email', 'string');
$area_admin_email = get_form_var('area_admin_email', 'string');
$change_done = get_form_var('change_done', 'string');
$change_room = get_form_var('change_room', 'string');
$change_area = get_form_var('change_area', 'string');
// If we dont know the right date then make it up
if (!isset($day) or !isset($month) or !isset($year)) {
$day = date("d");
$month = date("m");
$year = date("Y");
}
if (!getAuthorised(2)) {
showAccessDenied($day, $month, $year, $area, "");
exit;
}
// Done changing area or room information?
if (isset($change_done)) {
if (!empty($room)) {
$area = sql_query1("SELECT area_id from {$tbl_room} where id={$room}");
}
$Id = sql_query1("select max(id) from {$tbl_users};") + 1;
/* Use the last index + 1 */
/* Note: If the table is empty, sql_query1 returns -1. So use index 0. */
}
$i = 0;
foreach ($fields as $fieldname) {
if ($fieldname == "id") {
$value = $Id;
} else {
if ($fieldname == "name") {
$value = strtolower(get_form_var('Field_name', 'string'));
} else {
if ($fieldname == "password" && $password0 != "") {
$value = md5($password0);
} else {
$value = get_form_var("Field_{$fieldname}", $field_props[$fieldname]['istext'] ? 'string' : 'int');
}
}
}
if ($i > 0) {
$operation = $operation . ", ";
}
if ($field_props[$fieldname]['istext']) {
$operation .= "'" . slashes($value) . "'";
} else {
if ($field_props[$fieldname]['isnum'] && $value == "") {
$value = "0";
}
$operation = $operation . $value;
}
$i++;
<?php
// $Id: day.php 2374 2012-08-12 19:11:43Z cimorrison $
require "defaultincludes.inc";
require_once "mincals.inc";
require_once "functions_table.inc";
// Get non-standard form variables
$timetohighlight = get_form_var('timetohighlight', 'int');
$ajax = get_form_var('ajax', 'int');
// Check the user is authorised for this page
checkAuthorised();
$inner_html = day_table_innerhtml($day, $month, $year, $room, $area, $timetohighlight);
if ($ajax) {
echo $inner_html;
exit;
}
// Form the room parameter for use in query strings. We want to preserve room information
// if possible when switching between views
$room_param = empty($room) ? "" : "&room={$room}";
$timestamp = mktime(12, 0, 0, $month, $day, $year);
// print the page header
print_header($day, $month, $year, $area, isset($room) ? $room : "");
echo "<div id=\"dwm_header\" class=\"screenonly\">\n";
// Show all available areas
echo make_area_select_html('day.php', $area, $year, $month, $day);
// Draw the three month calendars
if (!$display_calendar_bottom) {
minicals($year, $month, $day, $area, $room, 'day');
}
echo "</div>\n";
//y? are year, month and day of yesterday
exit;
} else {
$values = array();
$q_string = $Id >= 0 ? "Action=Edit" : "Action=Add";
foreach ($fields as $field) {
$fieldname = $field['name'];
$type = get_form_var_type($field);
if ($fieldname == 'id') {
// id: don't need to do anything except add the id to the query string;
// the field itself is auto-incremented
$q_string .= "&Id={$Id}";
continue;
}
// first, get all the other form variables and put them into an array, $values, which
// we will use for entering into the database assuming we pass validation
$values[$fieldname] = get_form_var(VAR_PREFIX . $fieldname, $type);
// Truncate the field to the maximum length as a precaution.
if (isset($maxlength["users.{$fieldname}"])) {
$values[$fieldname] = substr($values[$fieldname], 0, $maxlength["users.{$fieldname}"]);
}
// we will also put the data into a query string which we will use for passing
// back to this page if we fail validation. This will enable us to reload the
// form with the original data so that the user doesn't have to
// re-enter it. (Instead of passing the data in a query string we
// could pass them as session variables, but at the moment MRBS does
// not rely on PHP sessions).
switch ($fieldname) {
// some of the fields get special treatment
case 'name':
// name: convert it to lower case
$q_string .= "&{$fieldname}=" . urlencode($values[$fieldname]);
echo "</td>\n</tr>\n";
}
}
// Get non-standard form variables
$search_str = get_form_var('search_str', 'string');
$search_pos = get_form_var('search_pos', 'int');
$total = get_form_var('total', 'int');
$advanced = get_form_var('advanced', 'int');
$ajax = get_form_var('ajax', 'int');
// Set if this is an Ajax request
$datatable = get_form_var('datatable', 'int');
// Will only be set if we're using DataTables
// Get the start day/month/year and make them the current day/month/year
$day = get_form_var('from_day', 'int');
$month = get_form_var('from_month', 'int');
$year = get_form_var('from_year', 'int');
// If we haven't been given a sensible date then use today's
if (!isset($day) || !isset($month) || !isset($year) || !checkdate($month, $day, $year)) {
$day = date("d");
$month = date("m");
$year = date("Y");
}
// Check the user is authorised for this page
checkAuthorised();
// Also need to know whether they have admin rights
$user = getUserName();
$is_admin = isset($user) && authGetUserLevel($user) >= 2;
// Set up for Ajax. We need to know whether we're capable of dealing with Ajax
// requests, which will only be if (a) the browser is using DataTables and (b)
// we can do JSON encoding. We also need to initialise the JSON data array.
$ajax_capable = $datatable && function_exists('json_encode');
}
echo "</ul></li>\n";
}
echo "</ul>\n";
echo "</div>\n";
return FALSE;
}
// Check the user is authorised for this page
checkAuthorised();
print_header($day, $month, $year, $area, $room);
$import = get_form_var('import', 'string');
$area_room_order = get_form_var('area_room_order', 'string', 'area_room');
$area_room_delimiter = get_form_var('area_room_delimiter', 'string', $default_area_room_delimiter);
$area_room_create = get_form_var('area_room_create', 'string', '0');
$import_default_type = get_form_var('import_default_type', 'string', $default_type);
$skip = get_form_var('skip', 'string', empty($skip_default) ? '0' : '1');
// PHASE 2 - Process the files
// ---------------------------
if (!empty($import)) {
if ($_FILES['ics_file']['error'] !== UPLOAD_ERR_OK) {
echo "<p>\n";
echo get_vocab("upload_failed");
switch ($_FILES['ics_file']['error']) {
case UPLOAD_ERR_INI_SIZE:
echo "<br>\n";
echo get_vocab("max_allowed_file_size") . " " . ini_get('upload_max_filesize');
break;
case UPLOAD_ERR_NO_FILE:
echo "<br>\n";
echo get_vocab("no_file");
break;
<?php
// $Id: approve_entry_handler.php 2798 2013-12-13 13:52:20Z cimorrison $
// Handles actions on bookings awaiting approval
require "defaultincludes.inc";
require_once "mrbs_sql.inc";
require_once "functions_mail.inc";
// Get non-standard form variables
$action = get_form_var('action', 'string');
$id = get_form_var('id', 'int');
$series = get_form_var('series', 'int');
$returl = get_form_var('returl', 'string');
$note = get_form_var('note', 'string');
// Check the user is authorised for this page
checkAuthorised();
$user = getUserName();
// Retrieve the booking details
$data = mrbsGetBookingInfo($id, $series);
$room_id = $data['room_id'];
// Initialise $mail_previous so that we can use it as a parameter for notifyAdminOnBooking
$mail_previous = array();
$start_times = array();
// Give the return URL a query string if it doesn't already have one
if (strpos($returl, '?') === FALSE) {
$returl .= "?year={$year}&month={$month}&day={$day}&area={$area}&room={$room}";
}
if (isset($action)) {
if ($need_to_send_mail) {
$is_new_entry = TRUE;
// Treat it as a new entry unless told otherwise
}
If these are not specified the script will use your normal MRBS
database credentials:<br>
Database admin username: <input type="text" name="admin_username"><br>
Database admin password: <input type="password" name="admin_password"><br>
</div>
<br>
<input type="submit" value="Do it">
</form>
<?php
} else {
# A 2D array listing the columns that need to be converted to UTF-8
$update_columns = array($tbl_area => array('area_name', 'custom_html'), $tbl_room => array('room_name', 'description', 'room_admin_email', 'custom_html'), $tbl_entry => array('create_by', 'name', 'description', 'info_user', 'info_text'), $tbl_repeat => array('create_by', 'name', 'description', 'info_user', 'info_text'), $tbl_users => array('name', 'password', 'email'));
$admin_username = get_form_var('admin_username', 'string');
$admin_password = get_form_var('admin_password', 'string');
$change_collation = get_form_var('change_collation', 'int');
if (is_null($change_collation)) {
$change_collation = 0;
}
if (is_null($admin_username) || $admin_username == '') {
$admin_username = $db_login;
$admin_password = $db_password;
}
$db_handle = sql_connect($dbsys, $db_host, $admin_username, $admin_password, $db_database);
echo '
<p>
Starting update, this could take a while...
</p>
';
if ($encoding != 'utf-8') {
<?php
// $Id$
require_once "defaultincludes.inc";
// Get form variables
$day = get_form_var('day', 'int');
$month = get_form_var('month', 'int');
$year = get_form_var('year', 'int');
$area = get_form_var('area', 'int');
$room = get_form_var('room', 'int');
$search_str = get_form_var('search_str', 'string');
$search_pos = get_form_var('search_pos', 'int');
$total = get_form_var('total', 'int');
$advanced = get_form_var('advanced', 'int');
$user = getUserName();
$is_admin = isset($user) && authGetUserLevel($user) >= 2;
// If we dont know the right date then make it up
if (!isset($day) or !isset($month) or !isset($year)) {
$day = date("d");
$month = date("m");
$year = date("Y");
}
if (empty($area)) {
$area = get_default_area();
}
// Need all these different versions with different escaping.
if (!empty($search_str)) {
$search_url = urlencode($search_str);
$search_html = htmlspecialchars($search_str);
}
print_header($day, $month, $year, $area, isset($room) ? $room : "");
include "config.inc.php";
include "functions.inc";
include "{$dbsys}.inc";
include "mrbs_auth.inc";
global $twentyfourhour_format;
// Get form variables
$day = get_form_var('day', 'int');
$month = get_form_var('month', 'int');
$year = get_form_var('year', 'int');
$hour = get_form_var('hour', 'int');
$minute = get_form_var('minute', 'int');
$area = get_form_var('area', 'int');
$room = get_form_var('room', 'int');
$id = get_form_var('id', 'int');
$copy = get_form_var('copy', 'int');
$edit_type = get_form_var('edit_type', 'string');
// If we dont know the right date then make it up
if (!isset($day) or !isset($month) or !isset($year)) {
$day = date("d");
$month = date("m");
$year = date("Y");
}
if (empty($area)) {
$area = get_default_area();
}
if (!isset($edit_type)) {
$edit_type = "";
}
if (!getAuthorised(1)) {
showAccessDenied($day, $month, $year, $area);
exit;
<?php
// $Id$
// An Ajax function to check which of an array of time slots is invalid. (We need to do
// this server side because the client does not have sophisticated enough timezone
// handling facilities)
//
// Input parameters:
// $id the request id so that the client can match results to requests
// $slots an array of slot times in seconds from the start of the calendar day
// $day
// $month
// $year
// $tz
//
// Returns an array of slots which are invalid
require "defaultincludes.inc";
// Check the user is authorised for this page
checkAuthorised();
// Get the non-standard form vatiables ($day, $month and $year are standard)
$id = get_form_var('id', 'string');
$slots = get_form_var('slots', 'array');
$tz = get_form_var('tz', 'string');
$result = array('id' => $id, 'slots' => array());
foreach ($slots as $s) {
if (is_invalid_datetime(0, 0, $s, $month, $day, $year, $tz)) {
$result['slots'][] = $s;
}
}
echo json_encode($result);
<?php
// $Id$
// mrbs/month.php - Month-at-a-time view
require_once "grab_globals.inc.php";
include "config.inc.php";
include "functions.inc";
include "{$dbsys}.inc";
include "mrbs_auth.inc";
include "mincals.inc";
// Get form variables
$month = get_form_var('month', 'int');
$year = get_form_var('year', 'int');
$area = get_form_var('area', 'int');
$room = get_form_var('room', 'int');
$debug_flag = get_form_var('debug_flag', 'int');
// 3-value compare: Returns result of compare as "< " "= " or "> ".
function cmp3($a, $b)
{
if ($a < $b) {
return "< ";
}
if ($a == $b) {
return "= ";
}
return "> ";
}
// Default parameters:
if (empty($debug_flag)) {
$debug_flag = 0;
}
<?php
// $Id$
require_once "grab_globals.inc.php";
include "config.inc.php";
include "functions.inc";
include "dbsys.inc";
include "mrbs_auth.inc";
// Get form variables
$day = get_form_var('day', 'int');
$month = get_form_var('month', 'int');
$year = get_form_var('year', 'int');
$area = get_form_var('area', 'int');
$room = get_form_var('room', 'int');
$area_name = get_form_var('area_name', 'string');
// If we dont know the right date then make it up
if (!isset($day) or !isset($month) or !isset($year)) {
$day = date("d");
$month = date("m");
$year = date("Y");
}
if (empty($area)) {
$area = get_default_area();
}
if (!getAuthorised(2)) {
showAccessDenied($day, $month, $year, $area, "");
exit;
}
print_header($day, $month, $year, isset($area) ? $area : "", isset($room) ? $room : "");
// If area is set but area name is not known, get the name.
if (isset($area)) {
$dur_units = get_form_var('dur_units', 'string');
$all_day = get_form_var('all_day', 'string');
// bool, actually
$type = get_form_var('type', 'string');
$rooms = get_form_var('rooms', 'array');
$returl = get_form_var('returl', 'string');
$rep_id = get_form_var('rep_id', 'int');
$edit_type = get_form_var('edit_type', 'string');
$id = get_form_var('id', 'int');
$rep_end_day = get_form_var('rep_end_day', 'int');
$rep_end_month = get_form_var('rep_end_month', 'int');
$rep_end_year = get_form_var('rep_end_year', 'int');
$rep_id = get_form_var('rep_id', 'int');
$rep_day = get_form_var('rep_day', 'array');
// array of bools
$rep_num_weeks = get_form_var('rep_num_weeks', 'int');
// If we dont know the right date then make it up
if (!isset($day) or !isset($month) or !isset($year)) {
$day = date("d");
$month = date("m");
$year = date("Y");
}
if (empty($area)) {
$area = get_default_area();
}
if (!getAuthorised(1)) {
showAccessDenied($day, $month, $year, $area);
exit;
}
if (!getWritable($create_by, getUserName())) {
showAccessDenied($day, $month, $year, $area);
}
// Get non-standard form variables
$hour = get_form_var('hour', 'int');
$minute = get_form_var('minute', 'int');
$period = get_form_var('period', 'int');
$id = get_form_var('id', 'int');
$copy = get_form_var('copy', 'int');
$edit_type = get_form_var('edit_type', 'string', '');
$returl = get_form_var('returl', 'string');
// The following variables are used when coming via a JavaScript drag select
$drag = get_form_var('drag', 'int');
$start_seconds = get_form_var('start_seconds', 'int');
$end_seconds = get_form_var('end_seconds', 'int');
$selected_rooms = get_form_var('rooms', 'array');
$start_date = get_form_var('start_date', 'string');
$end_date = get_form_var('end_date', 'string');
// Check the user is authorised for this page
checkAuthorised();
// Also need to know whether they have admin rights
$user = getUserName();
$is_admin = authGetUserLevel($user) >= 2;
// You're only allowed to make repeat bookings if you're an admin
// or else if $auth['only_admin_can_book_repeat'] is not set
$repeats_allowed = $is_admin || empty($auth['only_admin_can_book_repeat']);
// Similarly for multi-day
$multiday_allowed = $is_admin || empty($auth['only_admin_can_book_multiday']);
// Similarly for multiple room selection
$multiroom_allowed = $is_admin || empty($auth['only_admin_can_select_multiroom']);
if (isset($start_seconds)) {
$minutes = intval($start_seconds / 60);
if ($enable_periods) {
$result = $sql_mysqli_conn->query($sql);
while ($row = $result->fetch_assoc()) {
$team = $row['team'];
if ($team != 'test') {
echo '<h2>' . $team . '</h2>';
$sql2 = "SELECT * FROM users WHERE team ='" . $team . "' ORDER BY name ";
$result2 = $sql_mysqli_conn->query($sql2);
while ($row2 = $result2->fetch_assoc()) {
echo '<a href="temp.php?user='******'code'] . '">' . $row2['name'] . '</a><br />';
}
}
}
$result->free();
$result2->free();
} else {
$timetohighlight = get_form_var('timetohighlight', 'int');
$this_user_name = get_area_name($user);
echo "<div id=\"dwm\">\n";
echo "<h2>" . htmlspecialchars("{$this_user_name}") . "</h2>\n";
echo "</div>\n";
$i = mktime(12, 0, 0, $month, $day - 7, $year);
$yy = date("Y", $i);
$ym = date("m", $i);
$yd = date("d", $i);
$i = mktime(12, 0, 0, $month, $day + 7, $year);
$ty = date("Y", $i);
$tm = date("m", $i);
$td = date("d", $i);
// Show Go to week before and after links
$before_after_links_html = "\n<div class=\"screenonly\">\n <div class=\"date_nav\">\n <div class=\"date_before\">\n <a href=\"temp.php?year={$yy}&month={$ym}&day={$yd}&user={$user}\">\n << " . get_vocab("weekbefore") . "\n </a>\n </div>\n <div class=\"date_now\">\n <a href=\"temp.php?user={$user}\">\n " . get_vocab("gotothisweek") . "\n </a>\n </div>\n <div class=\"date_after\">\n <a href=\"temp.php?year={$ty}&month={$tm}&day={$td}&user={$user}\">\n " . get_vocab("weekafter") . " >>\n </a>\n </div>\n </div>\n</div>\n";
print $before_after_links_html;
echo "<input type=\"hidden\" name=\"action\" value=\"{$action_type}\">\n";
echo "<input type=\"submit\" value=\"{$submit_value}\">\n";
echo "</fieldset>\n";
echo "</form>\n";
echo "</td>\n";
echo "<tr>\n";
}
// Get non-standard form variables
//
// If $series is TRUE, it means that the $id is the id of an
// entry in the repeat table. Otherwise it's from the entry table.
$id = get_form_var('id', 'int');
$series = get_form_var('series', 'int');
$action = get_form_var('action', 'string');
$returl = get_form_var('returl', 'string');
$error = get_form_var('error', 'string');
// Check the user is authorised for this page
checkAuthorised();
// Also need to know whether they have admin rights
$user = getUserName();
$is_admin = authGetUserLevel($user) >= 2;
// You're only allowed to make repeat bookings if you're an admin
// or else if $auth['only_admin_can_book_repeat'] is not set
$repeats_allowed = $is_admin || empty($auth['only_admin_can_book_repeat']);
$row = mrbsGetBookingInfo($id, $series);
$room = $row['room_id'];
$area = $row['area_id'];
// Get the area settings for the entry's area. In particular we want
// to know how to display private/public bookings in this area.
get_area_settings($row['area_id']);
// Work out whether the room or area is disabled
<?php
// $Id$
require_once "defaultincludes.inc";
// Get form variables
$day = get_form_var('day', 'int');
$month = get_form_var('month', 'int');
$year = get_form_var('year', 'int');
$area = get_form_var('area', 'int');
$room = get_form_var('room', 'int');
$area_name = get_form_var('area_name', 'string');
$error = get_form_var('error', 'string');
// the image buttons: need to specify edit_x rather than edit etc. because
// IE6 only returns _x and _y
$edit_x = get_form_var('edit_x', 'int');
$delete_x = get_form_var('delete_x', 'int');
// If we dont know the right date then make it up
if (!isset($day) or !isset($month) or !isset($year)) {
$day = date("d");
$month = date("m");
$year = date("Y");
}
if (empty($area)) {
$area = get_default_area();
}
// Check to see whether the Edit or Delete buttons have been pressed and redirect
// as appropriate
$std_query_string = "area={$area}&day={$day}&month={$month}&year={$year}";
if (isset($edit_x)) {
$location = $location = "edit_area_room.php?{$std_query_string}";
header("Location: {$location}");
// (2) email notifications are not sent, even if they are normally configured
// to be sent. Sending many thousands of emails in the space of a few
// seconds could overwhelm many mail servers, or break the usage policies
// on hosted systems.
require "defaultincludes.inc";
require_once "mrbs_sql.inc";
// Check the user is authorised for this page
checkAuthorised();
// Check that the user has the highest level of admin rights
$user = getUserName();
$level = authGetUserLevel($user);
if ($level < $max_level) {
exit;
}
// Get non-standard form variables
$ids = get_form_var('ids', 'array');
// Check that $ids consists of an array of integers, to guard against SQL injection
foreach ($ids as $id) {
if (!is_numeric($id) || intval($id) != $id || $id < 0) {
exit;
}
}
// Everything looks OK - go ahead and delete the entries
// Note on performance. It is much quicker to delete entries using the
// WHERE id IN method below than looping through mrbsDelEntry(). Testing
// for 100 entries gave 2.5ms for the IN method against 37.6s for the looping
// method - ie approx 15 times faster. For 1,000 rows the IN method was 19
// times faster.
//
// Because we are not using mrbsDelEntry() we have to delete any orphaned
// rows in the repeat table ourselves - but this does not take long.
<?php
// $Id$
require_once "grab_globals.inc.php";
include "config.inc.php";
include "functions.inc";
include "{$dbsys}.inc";
include "mrbs_auth.inc";
// Get form variables
$day = get_form_var('day', 'int');
$month = get_form_var('month', 'int');
$year = get_form_var('year', 'int');
$area = get_form_var('area', 'int');
$room = get_form_var('room', 'int');
$type = get_form_var('type', 'string');
$confirm = get_form_var('confirm', 'string');
// If we dont know the right date then make it up
if (!isset($day) or !isset($month) or !isset($year)) {
$day = date("d");
$month = date("m");
$year = date("Y");
}
if (empty($area)) {
$area = get_default_area();
}
if (!getAuthorised(2)) {
showAccessDenied($day, $month, $year, $area);
exit;
}
// This is gonna blast away something. We want them to be really
// really sure that this is what they want to do.
if (!in_array($field['name'], $standard_fields['entry'])) {
switch ($field['nature']) {
case 'character':
$f_type = 'string';
break;
case 'integer':
$f_type = 'int';
break;
// We can only really deal with the types above at the moment
// We can only really deal with the types above at the moment
default:
$f_type = 'string';
break;
}
$var = VAR_PREFIX . $field['name'];
$custom_fields[$field['name']] = get_form_var($var, $f_type);
if ($f_type == 'int' && $custom_fields[$field['name']] === '') {
$custom_fields[$field['name']] = NULL;
}
}
}
// (3) Clean up the form variables
// -------------------------------
// Form validation checks. Normally checked for client side.
// Don't bother with them if this is an Ajax request.
if (!$ajax) {
if ($name == '') {
invalid_booking(get_vocab('must_set_description'));
}
if (empty($rooms)) {
invalid_booking(get_vocab('no_rooms_selected'));
if (!in_array($key, $report_search_field_order)) {
$report_search_field_order[] = $key;
}
}
$field_natures[$key] = $field['nature'];
$field_lengths[$key] = $field['length'];
}
// Get the custom form inputs
foreach ($custom_fields as $key => $value) {
$var = "match_{$key}";
if ($field_natures[$key] == 'integer' && $field_lengths[$key] > 2) {
$var_type = 'int';
} else {
$var_type = 'string';
}
${$var} = get_form_var($var, $var_type);
}
// Set the field order list
$field_order_list = array('name', 'area_name', 'room_name', 'start_time', 'end_time', 'description', 'type', 'create_by', 'confirmation_enabled', 'approval_enabled');
foreach ($custom_fields as $key => $value) {
$field_order_list[] = $key;
}
$field_order_list[] = 'last_updated';
// PHASE 2: SQL QUERY. We do the SQL query now to see if there's anything there
if ($phase == 2) {
// Start and end times are also used to clip the times for summary info.
$report_start = mktime(0, 0, 0, $from_month + 0, $from_day + 0, $from_year + 0);
$report_end = mktime(0, 0, 0, $to_month + 0, $to_day + 1, $to_year + 0);
// Construct the SQL query
$sql = "SELECT E.*, " . sql_syntax_timestamp_to_unix("E.timestamp") . " AS last_updated, " . "A.area_name, R.room_name, " . "A.approval_enabled, A.confirmation_enabled, A.enable_periods";
if ($output_format == OUTPUT_ICAL) {
// $Id$
require_once "grab_globals.inc.php";
require_once "config.inc.php";
require_once "functions.inc";
require_once "dbsys.inc";
require_once "mrbs_auth.inc";
require_once "mrbs_sql.inc";
// Get form variables
$day = get_form_var('day', 'int');
$month = get_form_var('month', 'int');
$year = get_form_var('year', 'int');
$area = get_form_var('area', 'int');
$id = get_form_var('id', 'int');
$series = get_form_var('series', 'int');
$returl = get_form_var('returl', 'string');
if (empty($returl)) {
switch ($default_view) {
case "month":
$returl = "month.php";
break;
case "week":
$returl = "week.php";
break;
default:
$returl = "day.php";
}
$returl .= "?year={$year}&month={$month}&day={$day}&area={$area}";
}
if (getAuthorised(1) && ($info = mrbsGetEntryInfo($id))) {
$day = strftime("%d", $info["start_time"]);
<?php
// $Id$
require "defaultincludes.inc";
require_once "mrbs_sql.inc";
// Get non-standard form variables
$name = get_form_var('name', 'string');
$description = get_form_var('description', 'string');
$capacity = get_form_var('capacity', 'int');
$type = get_form_var('type', 'string');
// Check the user is authorised for this page
checkAuthorised();
// This file is for adding new areas/rooms
$error = '';
// First of all check that we've got an area or room name
if (!isset($name) || $name === '') {
$error = "empty_name";
} elseif ($type == "area") {
$area = mrbsAddArea($name, $error);
} elseif ($type == "room") {
$room = mrbsAddRoom($name, $area, $error, $description, $capacity);
}
$returl = "admin.php?area={$area}" . (!empty($error) ? "&error={$error}" : "");
header("Location: {$returl}");
exit;
} else {
$values = array();
$q_string = $Id >= 0 ? "Action=Edit" : "Action=Add";
foreach ($fields as $field) {
$fieldname = $field['name'];
$type = get_form_var_type($field);
if ($fieldname == 'id') {
// id: don't need to do anything except add the id to the query string;
// the field itself is auto-incremented
$q_string .= "&Id={$Id}";
continue;
}
// first, get all the other form variables and put them into an array, $values, which
// we will use for entering into the database assuming we pass validation
$values[$fieldname] = get_form_var("Field_{$fieldname}", $type);
// Truncate the field to the maximum length as a precaution.
if (isset($maxlength["users.{$fieldname}"])) {
$values[$fieldname] = substr($values[$fieldname], 0, $maxlength["users.{$fieldname}"]);
}
// we will also put the data into a query string which we will use for passing
// back to this page if we fail validation. This will enable us to reload the
// form with the original data so that the user doesn't have to
// re-enter it. (Instead of passing the data in a query string we
// could pass them as session variables, but at the moment MRBS does
// not rely on PHP sessions).
switch ($fieldname) {
// some of the fields get special treatment
case 'name':
// name: convert it to lower case
$q_string .= "&{$fieldname}=" . urlencode($values[$fieldname]);
