PageRenderTime 36ms CodeModel.GetById 19ms app.highlight 13ms RepoModel.GetById 1ms app.codeStats 0ms

/WebCalendar-1.2.5/del_entry.php

#
PHP | 275 lines | 232 code | 17 blank | 26 comment | 58 complexity | f3441ebbb07604ec7e5375d17d5767df MD5 | raw file
  1<?php
  2/* $Id: del_entry.php,v 1.75.2.5 2012/02/28 02:07:45 cknudsen Exp $ */
  3include_once 'includes/init.php';
  4require ( 'includes/classes/WebCalMailer.class' );
  5$mail = new WebCalMailer;
  6
  7require_valide_referring_url ();
  8
  9$can_edit = $my_event = false;
 10$other_user = '';
 11
 12// First, check to see if this user should be able to delete this event.
 13if ( $id > 0 ) {
 14  // Then see who has access to edit this entry.
 15  $can_edit = ( $is_admin || $readonly != 'Y' );
 16
 17  // If assistant is doing this, then we need to switch login to user in the SQL.
 18  $query_params = array ();
 19  $query_params[] = $id;
 20  $sql = 'SELECT we.cal_id, we.cal_type FROM webcal_entry we,
 21    webcal_entry_user weu WHERE we.cal_id = weu.cal_id AND we.cal_id = ? ';
 22  if ( ! $is_admin ) {
 23    $sql .= ' AND ( we.cal_create_by = ? OR weu.cal_login = ? )';
 24    $sqlparm = ( $is_assistant ? $user : $login );
 25    $query_params[] = $sqlparm;
 26    $query_params[] = $sqlparm;
 27  }
 28  $res = dbi_execute ( $sql, $query_params );
 29  if ( $res ) {
 30    $row = dbi_fetch_row ( $res );
 31    if ( $row && $row[0] > 0 )
 32      $can_edit = true;
 33
 34    $activity_type = $row[1];
 35    dbi_free_result ( $res );
 36  }
 37}
 38if ( strpos ( 'EM', $activity_type ) !== false ) {
 39  $log_delete = LOG_DELETE;
 40  $log_reject = LOG_REJECT;
 41} else {
 42  $log_delete = LOG_DELETE_T;
 43  $log_reject = LOG_REJECT_T;
 44}
 45// See who owns the event. Owner should be able to delete.
 46$res = dbi_execute ( 'SELECT cal_create_by FROM webcal_entry WHERE cal_id = ?',
 47  array ( $id ) );
 48if ( $res ) {
 49  $row = dbi_fetch_row ( $res );
 50  $owner = $row[0];
 51  dbi_free_result ( $res );
 52
 53  if ( $owner == $login || $is_assistant && $user == $owner || $is_nonuser_admin )
 54    $can_edit = $my_event = true;
 55
 56  // Check UAC.
 57  if ( access_is_enabled () && ! $is_admin )
 58    $can_edit = access_user_calendar ( 'edit', $owner );
 59}
 60
 61// If the user is the event creator or their assistant
 62// allow them to delete the event from another user's calendar.
 63// It's essentially the same thing as editing the event and removing the
 64// user from the participants list.
 65if ( $my_event && ! empty ( $user ) && $user != $login && ! $is_assistant )
 66  $other_user = $user;
 67
 68if ( $readonly == 'Y' )
 69  $can_edit = false;
 70
 71// If User Access Control is enabled, check to see if the current
 72// user is allowed to delete events from the other user's calendar.
 73if ( ! $can_edit && access_is_enabled () && ! empty ( $user ) &&
 74    access_user_calendar ( 'edit', $user ) )
 75  $can_edit = true;
 76
 77if ( ! $can_edit )
 78  $error = print_not_auth (6);
 79
 80// Is this a repeating event?
 81$event_repeats = false;
 82$res = dbi_execute ( 'SELECT COUNT( cal_id ) FROM webcal_entry_repeats
 83  WHERE cal_id = ?', array ( $id ) );
 84if ( $res ) {
 85  $row = dbi_fetch_row ( $res );
 86  if ( $row[0] > 0 )
 87    $event_repeats = true;
 88
 89  dbi_free_result ( $res );
 90}
 91$override_repeat = false;
 92if ( ! empty ( $date ) && $event_repeats && ! empty ( $override ) )
 93  $override_repeat = true;
 94
 95if ( $id > 0 && empty ( $error ) ) {
 96  if ( ! empty ( $date ) )
 97    $thisdate = $date;
 98  else {
 99    $res = dbi_execute ( 'SELECT cal_date FROM webcal_entry WHERE cal_id = ?',
100      array ( $id ) );
101    if ( $res ) {
102      // date format is 19991231
103      $row = dbi_fetch_row ( $res );
104      $thisdate = $row[0];
105    }
106  }
107
108  // Only allow delete of webcal_entry & webcal_entry_repeats
109  // if owner or admin, not participant.
110  // If a user was specified, then only delete that user (not here) even if we
111  // are the owner or an admin.
112  if ( ( $is_admin || $my_event ) && ! $other_user ) {
113    // Email participants that the event was deleted.
114    // First, get list of participants (with status Approved or Waiting on approval).
115    $res = dbi_execute ( 'SELECT cal_login FROM webcal_entry_user
116      WHERE cal_id = ? AND cal_status IN ( \'A\', \'W\' )', array ( $id ) );
117    $partlogin = array ();
118    if ( $res ) {
119      while ( $row = dbi_fetch_row ( $res ) ) {
120        $partlogin[] = $row[0];
121      }
122      dbi_free_result ( $res );
123    }
124    // Get event name.
125    $res = dbi_execute ( 'SELECT cal_name, cal_date, cal_time FROM webcal_entry
126      WHERE cal_id = ?', array ( $id ) );
127    if ( $res ) {
128      $row = dbi_fetch_row ( $res );
129      $name = $row[0];
130      $fmtdate = $row[1];
131      $time = sprintf ( "%06d", $row[2] );
132      dbi_free_result ( $res );
133    }
134
135    $eventstart = date_to_epoch ( $fmtdate . $time );
136    $TIME_FORMAT = 24;
137    for ( $i = 0, $cnt = count ( $partlogin ); $i < $cnt; $i++ ) {
138      // Log the deletion.
139      activity_log ( $id, $login, $partlogin[$i], $log_delete, '' );
140      // Check UAC.
141      $can_email = ( access_is_enabled ()
142        ? access_user_calendar ( 'email', $partlogin[$i], $login ) : false );
143
144      // Don't email the logged in user.
145      if ( $can_email && $partlogin[$i] != $login ) {
146        set_env ( 'TZ', get_pref_setting ( $partlogin[$i], 'TIMEZONE' ) );
147        $user_language = get_pref_setting ( $partlogin[$i], 'LANGUAGE' );
148        user_load_variables ( $partlogin[$i], 'temp' );
149        if ( ! $is_nonuser_admin && $partlogin[$i] != $login &&
150          get_pref_setting ( $partlogin[$i], 'EMAIL_EVENT_DELETED' ) == 'Y' &&
151            boss_must_be_notified ( $login, $partlogin[$i] ) && !
152            empty ( $tempemail ) && $SEND_EMAIL != 'N' ) {
153          reset_language ( empty ( $user_language ) || $user_language == 'none'
154            ? $LANGUAGE : $user_language );
155          // Use WebCalMailer class.
156          $mail->WC_Send ( $login_fullname, $tempemail, $tempfullname, $name,
157            str_replace ( 'XXX', $tempfullname, translate ( 'Hello, XXX.' ) )
158             . ".\n\n" . str_replace ( 'XXX', $login_fullname,
159              // translate ( 'An appointment has been canceled for you by' )
160              translate ( 'XXX has canceled an appointment.' ) ) . "\n"
161             . str_replace ( 'XXX', $name, translate ( 'Subject XXX' ) ) . "\"\n"
162             . str_replace ( 'XXX', date_to_str ( $thisdate ),
163              translate ( 'Date XXX' ) ) . "\n"
164             . ( ! empty ( $eventtime ) && $eventtime != '-1'
165              ? str_replace ( 'XXX', display_time ( '', 2, $eventstart,
166                  get_pref_setting ( $partlogin[$i], 'TIME_FORMAT' ) ),
167                translate ( 'Time XXX' ) ) : '' ) . "\n\n",
168            // Apply user's GMT offset and display their TZID.
169            get_pref_setting ( $partlogin[$i], 'EMAIL_HTML' ), $login_email );
170        }
171      }
172    }
173
174    // Instead of deleting from the database...
175    // mark it as deleted by setting the status for each participant to "D"
176    // (instead of "A"/Accepted, "W"/Waiting-on-approval or "R"/Rejected).
177    if ( $override_repeat ) {
178      dbi_execute ( 'INSERT INTO webcal_entry_repeats_not
179        ( cal_id, cal_date, cal_exdate ) VALUES ( ?, ?, ? )',
180        array ( $id, $date, 1 ) );
181      // Should we log this to the activity log???
182    } else {
183      // If it's a repeating event, delete any event exceptions that were entered.
184      if ( $event_repeats ) {
185        $res = dbi_execute ( 'SELECT cal_id FROM webcal_entry WHERE cal_group_id = ?',
186          array ( $id ) );
187        if ( $res ) {
188          $ex_events = array ();
189          while ( $row = dbi_fetch_row ( $res ) ) {
190            $ex_events[] = $row[0];
191          }
192          dbi_free_result ( $res );
193          for ( $i = 0, $cnt = count ( $ex_events ); $i < $cnt; $i++ ) {
194            $res = dbi_execute ( 'SELECT cal_login FROM
195              webcal_entry_user WHERE cal_id = ?', array ( $ex_events[$i] ) );
196            if ( $res ) {
197              $delusers = array ();
198              while ( $row = dbi_fetch_row ( $res ) ) {
199                $delusers[] = $row[0];
200              }
201              dbi_free_result ( $res );
202              for ( $j = 0, $cnt = count ( $delusers ); $j < $cnt; $j++ ) {
203                // Log the deletion.
204                activity_log ( $ex_events[$i], $login, $delusers[$j],
205                  $log_delete, '' );
206                dbi_execute ( 'UPDATE webcal_entry_user SET cal_status = ?
207                  WHERE cal_id = ? AND cal_login = ?',
208                  array ( 'D', $ex_events[$i], $delusers[$j] ) );
209              }
210            }
211          }
212        }
213      }
214
215      // Now, mark event as deleted for all users.
216      dbi_execute ( 'UPDATE webcal_entry_user SET cal_status = \'D\' WHERE cal_id = ?',
217        array ( $id ) );
218
219      // Delete External users for this event
220      dbi_execute ( 'DELETE FROM webcal_entry_ext_user WHERE cal_id = ?',
221        array ( $id ) );
222    }
223  } else {
224    // Not the owner of the event, but participant or noncal_admin.
225    // Just  set the status to 'D' instead of deleting.
226    $del_user = ( ! empty ( $other_user ) ? $other_user : $login );
227    if ( ! empty ( $user ) && $user != $login ) {
228      if ( $is_admin || $my_event || ( $can_edit && $is_assistant ) ||
229          ( access_is_enabled () &&
230            access_user_calendar ( 'edit', $user ) ) ) {
231        $del_user = $user;
232      } else
233        // Error: user cannot delete from other user's calendar.
234        $error = print_not_auth (6);
235    }
236    if ( empty ( $error ) ) {
237      if ( $override_repeat ) {
238        dbi_execute ( 'INSERT INTO webcal_entry_repeats_not
239          ( cal_id, cal_date, cal_exdate ) VALUES ( ?, ?, ? )',
240          array ( $id, $date, 1 ) );
241        // Should we log this to the activity log???
242      } else {
243        dbi_execute ( 'UPDATE webcal_entry_user SET cal_status = ?
244          WHERE cal_id = ? AND cal_login = ?', array ( 'D', $id, $del_user ) );
245        activity_log ( $id, $login, $login, $log_reject, '' );
246      }
247    }
248  }
249}
250
251$ret = getValue ( 'ret' );
252$return_view = get_last_view ();
253
254if ( ! empty ( $ret ) ) {
255  if ( $ret == 'listall' )
256    $url = 'list_unapproved.php';
257  else
258  if ( $ret == 'list' )
259    $url = 'list_unapproved.php' . ( empty ( $user ) ? '' : '?user=' . $user );
260} else
261if ( ! empty ( $return_view ) )
262  do_redirect ( $return_view );
263else
264  $url = get_preferred_view ( '', empty ( $user ) ? '' : 'user=' . $user );
265
266// Return to login TIMEZONE.
267set_env ( 'TZ', $TIMEZONE );
268if ( empty ( $error ) && empty ( $mailerError ) ) {
269  do_redirect ( $url );
270  exit;
271}
272// Process errors.
273$mail->MailError ( $mailerError, $error );
274
275?>