/** * Initialize view variables and check permissions. * @param int $view_id id for the view */ function view_init($view_id) { global $views, $error, $login; global $ALLOW_VIEW_OTHER, $is_admin; global $view_name, $view_type, $custom_view; //set this to prove we in are inside a custom view page $custom_view = true; if ((empty($ALLOW_VIEW_OTHER) || $ALLOW_VIEW_OTHER == 'N') && !$is_admin) { // not allowed... send_to_preferred_view(); } if (empty($view_id)) { do_redirect('views.php'); } // Find view name in $views[] $view_name = ''; $view_type = ''; $viewcnt = count($views); for ($i = 0; $i < $viewcnt; $i++) { if ($views[$i]['cal_view_id'] == $view_id) { $view_name = htmlspecialchars($views[$i]['cal_name']); $view_type = $views[$i]['cal_view_type']; } } // If view_name not found, then the specified view id does not // belong to current user. if (empty($view_name)) { $error = print_not_auth(34); } }
* (*) required field * * Security: * Must have "allow view others" enabled ($allow_view_other) in * System Settings unless the user is an admin user ($is_admin). * If the view is not global, the user must be owner of the view. * If the view is global, then and user_sees_only_his_groups is * enabled, then we remove users not in this user's groups * (except for nonuser calendars... which we allow regardless of group). */ include_once 'includes/init.php'; $error = ""; $DAYS_PER_TABLE = 7; if ($allow_view_other == "N" && !$is_admin) { // not allowed... send_to_preferred_view(); } if (empty($id)) { do_redirect("views.php"); } // Find view name in $views[] $view_name = ""; for ($i = 0; $i < count($views); $i++) { if ($views[$i]['cal_view_id'] == $id) { $view_name = $views[$i]['cal_name']; } } // If view_name not found, then the specified view id does not // belong to current user. if (empty($view_name)) { $error = translate("You are not authorized");
} else { $days = "nnnnnnn"; } $sql = "INSERT INTO webcal_entry_repeats ( cal_id, " . "cal_type, cal_end, cal_days, cal_frequency ) VALUES " . "( {$id}, '{$rpt_type}', {$end}, '{$days}', {$freq} )"; dbi_query($sql); $msg .= "<span style=\"font-weight:bold;\">SQL:</span> {$sql}<br />\n<br />"; } } } // If we were editing this event, then go back to the last view (week, day, // month). If this is a new event, then go to the preferred view for // the date range that this event was added to. if (empty($error)) { $xdate = sprintf("%04d%02d%02d", $year, $month, $day); $user_args = empty($user) ? '' : "user={$user}"; send_to_preferred_view($xdate, $user_args); } print_header(); if (strlen($conflicts)) { ?> <h2><?php etranslate("Scheduling Conflict"); ?> </h2> <?php etranslate("Your suggested time of"); ?> <span style="font-weight:bold;"> <?php if (!empty($allday) && $allday == "Y") {
if ($row[0] == $id) { $is_my_event = true; echo "Event # " . $id . " is already on your calendar."; exit; } dbi_free_result($res); } // Now lets make sure the user is allowed to add the event (not private) $sql = "SELECT cal_access FROM webcal_entry WHERE cal_id = " . $id; $res = dbi_query($sql); if (!$res) { echo translate("Invalid entry id") . ": {$id}"; exit; } $row = dbi_fetch_row($res); if ($row[0] == "R" && !$is_my_event) { $is_private = true; etranslate("This is a private event and may not be added to your calendar."); exit; } else { $is_private = false; } // add the event if ($readonly == "N" && !$is_my_event && !$is_private) { if (!dbi_query("INSERT INTO webcal_entry_user ( cal_id, cal_login, cal_status ) VALUES ( {$id}, '{$login}', 'A' )")) { $error = translate("Error adding event") . ": " . dbi_error(); } } } send_to_preferred_view("", "user=" . $_GET['user']); exit;