public static function is_owner($uid, $calID) { $db = CalendarPluginDB::get(); $p = $db->prepare_statement("SELECT c.calendarID,c.name FROM\n calendars AS c LEFT JOIN permissions AS p\n ON c.calendarID=p.calendarID WHERE\n p.uid=? AND p.classID = 4 and c.calendarID=?"); $results = $db->exec_statement($p, array($uid, $calID)); if ($db->num_rows($results) > 0) { return True; } return False; }
private function writeICal($id, $filename) { global $FANNIE_OP_DB; $dbc = CalendarPluginDB::get(); $cal = new CalendarsModel($dbc); $cal->calendarID($id); $cal->load(); $query = ' SELECT m.eventID, m.eventDate, m.eventText, m.uid, u.real_name, u.name FROM monthview_events AS m LEFT JOIN ' . $FANNIE_OP_DB . $dbc->sep() . 'Users AS u ON m.uid=u.uid WHERE m.calendarID = ?'; if (FormLib::get('export') != 1) { $query .= ' AND m.eventDate >= ' . $dbc->curdate(); } $query .= ' ORDER BY eventDate DESC'; $prep = $dbc->prepare($query); $res = $dbc->execute($prep, array($id)); $fp = fopen($filename, 'w'); fwrite($fp, "BEGIN:VCALENDAR\r\n"); fwrite($fp, "VERSION:2.0\r\n"); fwrite($fp, "PRODID:-//FannieCalendarPlugin//NONSGML v1.0//EN\r\n"); fwrite($fp, "X-WR-CALNAME:" . $cal->name() . "\r\n"); fwrite($fp, "CALSCALE:GREGORIAN\r\n"); $now = gmdate('Ymd') . 'T' . gmdate('His') . 'Z'; while ($row = $dbc->fetch_row($res)) { $times = $this->getTime($row['eventText']); $date_stem = date('Y-m-d', strtotime($row['eventDate'])); fwrite($fp, "BEGIN:VEVENT\r\n"); fwrite($fp, "UID:" . sha1($row['eventID']) . '@' . $_SERVER['HTTP_HOST'] . "\r\n"); if ($times && strtotime($date_stem . ' ' . $times['start'] . ':00') && strtotime($date_stem . ' ' . $times['end'] . ':00')) { $startTime = strtotime($date_stem . ' ' . $times['start'] . ':00'); $endTime = strtotime($date_stem . ' ' . $times['end'] . ':00'); fwrite($fp, "DTSTART:" . gmdate('Ymd\\THis\\Z', $startTime) . "\r\n"); fwrite($fp, "DTEND:" . gmdate('Ymd\\THis\\Z', $endTime) . "\r\n"); } else { fwrite($fp, "DTSTART;VALUE=DATE:" . date('Ymd', strtotime($row['eventDate'])) . "\r\n"); } fwrite($fp, "DTSTAMP:" . $now . "\r\n"); $row['eventText'] = $this->br2nl($row['eventText']); fwrite($fp, "DESCRIPTION:" . $this->escapeString($row['eventText']) . "\r\n"); $summary = explode("\n", $row['eventText'], 2); fwrite($fp, "SUMMARY:" . $this->escapeString($summary[0]) . "\r\n"); fwrite($fp, "ORGANIZER;CN=" . $row['real_name'] . ":" . $row['name'] . '@' . $_SERVER['HTTP_HOST'] . "\r\n"); fwrite($fp, "LAST-MODIFIED:" . $now . "\r\n"); fwrite($fp, "END:VEVENT\r\n"); } fwrite($fp, "END:VCALENDAR\r\n"); }
public function get_view() { $dbc = CalendarPluginDB::get(); $calendars = new CalendarsModel($dbc); $ret = '<form method="get" action="' . $_SERVER['PHP_SELF'] . '"> <input type="hidden" name="_method" value="delete" /> <div class="form-group"> <label>Delete Calendar</label> <select name="id" class="form-control"> <option value="0">Choose one...</option>'; $ret .= $calendars->toOptions(); $ret .= '</select> </div> <div class="form-group"> <button type="submit" class="btn btn-danger">Delete</button> </div> </form>'; return $ret; }
public function get_id_leave_id_handler() { $dbc = CalendarPluginDB::get(); $model = new AttendeesModel($dbc); $model->eventID($this->id); $model->uid($this->leave_id); $model->delete(); header('Location: CalendarAttendedEventPage.php?id=' . $this->id); return false; }
public function run($args = array()) { global $FANNIE_URL; $data = array(); $action = FormLib::get_form_value('action'); if ($action !== '') { $data[] = $action; switch ($action) { case 'save_or_add_event': $calID = FormLib::get('id', 0); $text = FormLib::get('text'); $text = str_replace('<br>', "\n", $text); $text = htmlspecialchars($text); $text = str_replace("\n", '<br>', $text); $db = CalendarPluginDB::get(); $event = new MonthviewEventsModel($db); $eventID = FormLib::get('eventID', false); if ($eventID !== false) { $event->eventID($eventID); $event->eventText($text); if (!empty($text)) { $event->save(); } else { $event->delete(); } } else { $date = FormLib::get('datestr'); $uid = FormLib::get('uid'); $event->eventDate($date); $event->calendarID($calID); $event->uid($uid); $event->eventText($text); if (!empty($text)) { $eventID = $event->save(); $data = array(); echo $eventID; } } $calendar = new CalendarsModel($db); $calendar->calendarID($calID); $calendar->modified(1); $calendar->save(); break; case 'monthview_save': $date = FormLib::get_form_value('date'); $id = FormLib::get_form_value('id', 0); $text = FormLib::get_form_value('text'); $uid = FormLib::get_form_value('uid', 0); $db = CalendarPluginDB::get(); $chkP = $db->prepare_statement("SELECT calendarID FROM monthview_events \n WHERE eventDate=? and uid=? and calendarID=?"); $rowCheck = $db->exec_statement($chkP, array($date, $uid, $id)); if ($db->num_rows($rowCheck) <= 0 && $text != "") { $insP = $db->prepare_statement("INSERT INTO monthview_events \n (calendarID, eventDate, eventText, uid) VALUES (?,?,?,?)"); $db->exec_statement($insP, array($id, $date, $text, $uid)); } else { if ($text == "") { $delP = $db->prepare_statement("DELETE FROM monthview_events WHERE\n calendarID=? AND eventDate=?\n AND uid=?"); $db->exec_statement($delP, array($id, $date, $uid)); } else { $upP = $db->prepare_statement("UPDATE monthview_events SET\n eventText=?\n WHERE calendarID=? AND eventDate=?\n AND uid=?"); $db->exec_statement($upP, array($text, $id, $date, $uid)); } } $calendar = new CalendarsModel($db); $calendar->calendarID($id); $calendar->modified(1); $calendar->save(); break; case 'createCalendar': $name = FormLib::get_form_value('name'); $uid = FormLib::get_form_value('uid', 0); $db = CalendarPluginDB::get(); $p = $db->prepare_statement("INSERT INTO calendars (name) VALUES (?)"); $db->exec_statement($p, array($name)); $id = $db->insert_id(); $p = $db->prepare_statement("INSERT INTO permissions (calendarID,uid,classID)\n VALUES (?,?,4)"); $db->exec_statement($p, array($id, $uid)); $data[] = "<p class=\"index\"><a href=\"?calID={$id}&view=month\">{$name}</a></p>"; break; case 'createSubscription': $db = CalendarPluginDB::get(); $name = FormLib::get('name'); $url = FormLib::get('url'); $uid = FormLib::get_form_value('uid', 0); $subscription = new CalendarSubscriptionsModel($db); $subscription->url($url); $subscriptionID = $subscription->save(); $calendar = new CalendarsModel($db); $calendar->name($name); $calendar->calendarSubscriptionID($subscriptionID); $calendarID = $calendar->save(); $permissions = new PermissionsModel($db); $permissions->calendarID($calendarID); $permissions->uid($uid); $permissions->classID(4); $permissions->save(); $data[] = 'Subscribed'; break; case 'savePrefs': $calID = FormLib::get_form_value('calID'); $name = str_replace("'", "''", $_GET['name']); $name = FormLib::get_form_value('name'); $viewers = FormLib::get_form_value('viewers', array()); $writers = FormLib::get_form_value('writers', array()); $db = CalendarPluginDB::get(); $calendar = new CalendarsModel($db); $calendar->calendarID($calID); $calendar->load(); $calendar->name($name); $calendar->save(); $p = $db->prepare_statement("DELETE FROM permissions WHERE calendarID=? and classID < 4"); $db->exec_statement($p, array($calID)); $insP = $db->prepare_statement("INSERT INTO permissions (calendarID,uid,classID) VALUES (?,?,?)"); if ($viewers != "") { foreach (explode(",", $viewers) as $v) { $db->exec_statement($insP, array($calID, $v, 1)); } } if ($writers != "") { foreach (explode(",", $writers) as $w) { $db->exec_statement($insP, array($calID, $w, 2)); } } if (FormLib::get('url')) { $url = FormLib::get('url'); $sub = new CalendarSubscriptionsModel($db); $sub->calendarSubscriptionID($calendar->calendarSubscriptionID()); $sub->url($url); $sub->save(); } break; case 'weekview_save': $timestamp = FormLib::get_form_value('ts'); $date = date('Y-m-d H:i:00', $timestamp); $calID = FormLib::get_form_value('id', 0); $text = trim(FormLib::get_form_value('text')); $eID = FormLib::get('eventID', false); $uid = FannieAuth::getUID(FannieAuth::checkLogin()); $pat = '/#(\\d+)/'; $rep = '<a href="' . $FANNIE_URL . 'modules/plugins2.0/PIKiller/PIMemberPage.php?id=${1}" onclick="noBubble(event);">#${1}</a>'; $text = preg_replace($pat, $rep, $text); $db = CalendarPluginDB::get(); $model = new MonthviewEventsModel($db); if ($eID) { $model->eventID($eID); } if (empty($text) && $eID) { // delete empty event // no eID implies event doesn't exist // just opened/closed w/o content $model->delete(); } else { if (!empty($text)) { $model->uid($uid); $model->eventDate($date); $model->eventText($text); $model->calendarID($calID); $newID = $model->save(); if (!$eID) { $data[] = $newID; } } } break; } } return $data; }
public static function prefsView($calID, $uid) { global $FANNIE_OP_DB; if (!CalendarPluginPermissions::is_owner($uid, $calID)) { return "<h2>Either something goofed up or you aren't allowed to change\n settings for this calendar</h2>"; } $db = CalendarPluginDB::get(); $calendar = new CalendarsModel($db); $calendar->calendarID($calID); $calendar->load(); $name = $calendar->name(); $ret = "<body>"; $ret .= "<p>Name: <input type=text size=15 id=prefName value=\"{$name}\" />"; if ($calendar->calendarSubscriptionID()) { $sub = new CalendarSubscriptionsModel($db); $sub->calendarSubscriptionID($calendar->calendarSubscriptionID()); $sub->load(); $ret .= '</p><p>URL: <input type="text" size="50" id="sub-url" value="' . $sub->url() . '" />'; } $ret .= "</p><hr />"; $userP = $db->prepare_statement("SELECT uid,real_name,name FROM " . $FANNIE_OP_DB . $db->sep() . "Users \n WHERE uid<>? order by name,real_name"); $userR = $db->exec_statement($userP, array($uid)); $userOpts = array(); while ($userW = $db->fetch_row($userR)) { $name = $userW['real_name']; if ($name == '') { $name = $userW['name']; } else { if ($name == 'Array') { $name = $userW['name']; } } $userOpts[$userW['uid']] = "<option value=\"{$userW['uid']}\">{$name}</option>"; } $ret .= "<p>Users who can view this calendar (<i>left</i>):"; $ret .= "<table><tr>"; $viewP = $db->prepare_statement("SELECT p.uid,u.real_name,u.name FROM permissions as p\n LEFT JOIN " . $FANNIE_OP_DB . $db->sep() . "Users as u on p.uid=u.uid\n WHERE p.calendarID=?\n AND p.classID = 1"); $viewR = $db->exec_statement($viewP, array($calID)); $ret .= "<td><select id=prefViewers multiple size=10 style=\"min-width:50px\">"; while ($viewW = $db->fetch_row($viewR)) { $name = $userW['real_name']; if ($viewW[0] == -1) { $name = "Everyone"; } elseif ($name == '') { $name = $userW['name']; } else { if ($name == 'Array') { $name = $userW['name']; } } $ret .= "<option value={$viewW['0']}>{$name}</option>"; } $ret .= "</select></td>"; $ret .= "<td><input type=submit value=\"<<\" onclick=\"select_add('prefViewers2','prefViewers');\" /><p />"; $ret .= "<input type=submit value=\">>\" onclick=\"select_remove('prefViewers');\" /></td>"; $ret .= "<td><select id=prefViewers2 multiple size=10>"; $ret .= "<option value=-1>Everyone</option>"; foreach ($userOpts as $k => $v) { $ret .= $v; } $ret .= "</select></td>"; $ret .= "</tr></table>"; $ret .= "</p><hr />"; $ret .= "<p>Users who can write on this calendar (<i>left</i>):"; $ret .= "<table><tr>"; $viewP = $db->prepare_statement("SELECT p.uid,u.real_name,u.name FROM permissions as p\n LEFT JOIN " . $FANNIE_OP_DB . $db->sep() . "Users as u on p.uid=u.uid\n WHERE p.calendarID=?\n AND p.classID = 2"); $viewR = $db->exec_statement($viewP, array($calID)); $ret .= "<td><select id=prefWriters multiple size=10 style=\"min-width:50px\">"; while ($viewW = $db->fetch_row($viewR)) { $name = $userW['real_name']; if ($viewW[0] == -1) { $name = "Everyone"; } elseif ($name == '') { $name = $userW['name']; } else { if ($name == 'Array') { $name = $userW['name']; } } $ret .= "<option value={$viewW['0']}>{$name}</option>"; } $ret .= "</select></td>"; $ret .= "<td><input type=submit value=\"<<\" onclick=\"select_add('prefWriters2','prefWriters');\" /><p />"; $ret .= "<input type=submit value=\">>\" onclick=\"select_remove('prefWriters');\" /></td>"; $ret .= "<td><select id=prefWriters2 multiple size=10>"; $ret .= "<option value=-1>Everyone</option>"; foreach ($userOpts as $k => $v) { $ret .= $v; } $ret .= "</select></td>"; $ret .= "</tr></table>"; $ret .= "</p><hr />"; $ret .= "<input type=submit value=\"Save Settings\" onclick=\"savePrefs({$calID});return false;\" /> "; $ret .= "<input type=submit value=\"Back to Calendar\" onclick=\"top.location='?view=month&calID={$calID}';\" /> "; return $ret; }
public function run() { $dbc = CalendarPluginDB::get(); /** Use prepare statements instead of models for efficiency. Could be issuing a large number of queries with many subscriptions */ $uidP = $dbc->prepare(' SELECT eventID FROM monthview_events WHERE calendarID=? AND subscriptionUID=?'); $insertP = $dbc->prepare(' INSERT INTO monthview_events (calendarID, eventDate, eventText, uid, subscriptionUID) VALUES (?, ?, ?, 0, ?)'); $updateP = $dbc->prepare(' UPDATE monthview_events SET eventDate=?, eventText=? WHERE eventID=?'); $calendarsQ = ' SELECT c.calendarID, s.url FROM calendars AS c INNER JOIN CalendarSubscriptions AS s ON c.calendarSubscriptionID=s.calendarSubscriptionID'; $calendarsR = $dbc->query($calendarsQ); $our_tz = new DateTimeZone(date_default_timezone_get()); /** For each subscribed calendar: * Download the feed URL to temporary storage * Parse the feed data and extract VEvents * Loop through the events and add/update them * Delete any events in the calendar that a) do not match one of the event unique IDs b) fall within the same timespan as the parsed events These two conditions *probably* indicate the event was deleted in the source calendar */ while ($calendarsW = $dbc->fetchRow($calendarsR)) { $calendarID = $calendarsW['calendarID']; $file = $this->downloadFeed($calendarsW['url']); if ($file === false) { // error downloading feed continue; } $fp = fopen($file, 'r'); $document = Sabre\VObject\Reader::read($fp, Sabre\VObject\Reader::OPTION_FORGIVING); $events = $document->getBaseComponents('VEvent'); $subscribedIDs = array(); $earliest = new DateTime('today'); $latest = new DateTime('today'); foreach ($events as $event) { if (!isset($event->DTSTART) || !isset($event->UID)) { // malformed event continue; } $summary = false; if (isset($event->SUMMARY)) { $summary = $event->SUMMARY->getValue(); } $description = false; if (isset($event->DESCRIPTION)) { $description = $event->DESCRIPTION->getValue(); } if (!$summary && !$description) { // event has no useful content continue; } $uniqueID = $event->UID; $start = $event->DTSTART->getDateTime(); $start->setTimezone($our_tz); $hours = false; if ($event->DTEND) { $end = $event->DTEND->getDateTime(); $end->setTimezone($our_tz); if ($start->format('Y-m-d') == $end->format('Y-m-d')) { $t1 = $start->format('H:ia'); $t2 = $end->format('H:ia'); if ($t1 != $t2) { $hours = $t1 . ' - ' . $t2; } } } $eventText = ''; if ($hours) { $eventText .= $hours . "\n"; } if ($summary) { $eventText .= $summary . "\n"; } if ($description) { $eventText .= $description . "\n"; } $uidR = $dbc->execute($uidP, array($calendarID, $uniqueID)); if ($dbc->numRows($uidR) == 0) { $dbc->execute($insertP, array($calendarID, $start->format('Y-m-d'), nl2br($eventText), $uniqueID)); } else { $uidW = $dbc->fetchRow($uidR); $dbc->execute($updateP, array($start->format('Y-m-d'), nl2br($eventText), $uidW['eventID'])); } $subscribedIDs[] = $uniqueID; if ($start < $earliest) { $earliest = $start; } if ($start > $latest) { $latest = $start; } } if (count($subscribedIDs) > 0) { $cleanQ = ' DELETE FROM monthview_events WHERE calendarID=? AND eventDate BETWEEN ? AND ? AND subscriptionUID NOT IN ('; $cleanArgs = array($calendarID, $earliest->format('Y-m-d'), $latest->format('Y-m-d')); foreach ($subscribedIDs as $sID) { $cleanQ .= '?,'; $cleanArgs[] = $sID; } $cleanQ = substr($cleanQ, 0, strlen($cleanQ) - 1); $cleanQ .= ')'; $cleanP = $dbc->prepare($cleanQ); $cleanR = $dbc->execute($cleanP, $cleanArgs); } fclose($fp); unlink($file); } }