public function remove() { $signup = self::load_signup(); if ($signup->event->enddate <= time()) { Site::Flash("error", "It is not possible to edit this booking"); Redirect("bookings/{$signup->id}"); } $signup_id = mysql_real_escape_string($signup->id); $id = mysql_real_escape_string($_GET['id']); $service = EventService::find("event_services.id = {$id} AND event_services.event_signup_id = {$signup_id}"); if ($service) { if (!$service->paid or $service->service->cost == 0) { if ($this->csrf) { $service->destroy(); Site::Flash("notice", "{$service->service->name} has been removed from your booking"); } else { Site::Flash("error", "Invalid URL for removing this service"); } Redirect("bookings/{$signup_id}"); } else { Site::Flash("error", "You cannot remove services that are already paid for"); Redirect("bookings/{$signup_id}"); } } else { Error404(); } }
protected static function load_event_service($signup_id, $id = null) { if (!$id) { $id = $_GET['id']; } $id = mysql_real_escape_string($id); $signup_id = mysql_real_escape_string($signup_id); $service = EventService::find("event_services.id = '{$id}' AND event_signups.id = '{$signup_id}'"); if ($service) { return $service; } else { Error404(); } }
public function user_index() { $user_id = mysql_real_escape_string(Site::CurrentUser()->id); // Code from Cart->create() // First check CRSF if ($this->post) { // From the post data, build the cart items $raw_items = array(); if (isset($_POST['items']['signups'])) { foreach ($_POST['items']['signups'] as $id => $value) { $id = mysql_real_escape_string($id); $signup = EventSignup::find("event_signups.user_id = '{$user_id}' AND event_signups.id = '{$id}'"); if ($signup && !$signup->paid && !$signup->is_soldout()) { $raw_items[$signup->id]['signup'] = $signup; } } } if (isset($_POST['items']['services'])) { $service_count = array(); foreach ($_POST['items']['services'] as $id => $value) { $id = mysql_real_escape_string($id); $service = EventService::find("event_signups.user_id = '{$user_id}' AND event_services.id = '{$id}'"); if ($service && !$service->paid && $service->service->available()) { if (isset($service_count[$service->service->id])) { $service_count[$service->service->id]++; } else { $service_count[$service->service->id] = 1; } if ($service->service->available() == -1 || $service_count[$service->service->id] <= $service->service->available()) { if ($service->event_signup->paid || isset($raw_items[$service->event_signup->id]['signup'])) { $raw_items[$service->event_signup->id]['services'][] = $service; } } } } } // Sort properly $items = array(); foreach ($raw_items as $id => $parts) { if (isset($parts['signup'])) { $items[] = $parts['signup']; } if (isset($parts['services'])) { $items = array_merge($items, $parts['services']); } } if (count($items) == 0) { Site::Flash("error", "None of the items you selected could be paid for."); Redirect("bookings"); } $hash = Cart::hash_items($items); $cart = Cart::find("carts.hash = '{$hash}' AND carts.hash IS NOT NULL"); if (!$cart) { $cart = new Cart(); $cart->user_id = $user_id; $cart->hash = $hash; if ($cart->save()) { foreach ($items as $item) { $cart->add_item($item); } } else { Site::Flash("error", "Unable to create cart."); Redirect("bookings"); } } Redirect("bookings/pay/{$cart->id}"); } elseif ($this->post) { global $site; $site['flash']['error'] = "Invalid form submission"; } // Fetch all signups in event order and iterate through them $items = array(); $signups = EventSignup::find_all("event_signups.user_id = '{$user_id}' AND events.enddate >= NOW()", "events.startdate DESC"); foreach ($signups as $signup) { if (!$signup->paid) { $items[] = $signup; } else { foreach ($signup->event_services() as $service) { if (!$service->paid) { $items[] = $signup; break; } } } } $this->assign("items", $items); // Traditional My Bookings Page $unpaid = EventSignup::find_all("event_signups.user_id = '{$user_id}' AND event_signups.paid = false", "events.startdate DESC"); $paid = EventSignup::find_all("event_signups.user_id = '{$user_id}' AND event_signups.paid = true AND voucher = false", "events.startdate DESC"); $vouchers = EventSignup::find_all("event_signups.user_id = '{$user_id}' AND event_signups.paid = true AND voucher = true", "events.startdate DESC"); $this->assign("unpaid", $unpaid); $this->assign("paid", $paid); $this->assign("vouchers", $vouchers); $this->title = "My Bookings"; $this->render("event_signup/user_index.tpl"); }