Location: PHPKode > projects > ACollab > events/edit_event.php
<?php
/****************************************************************************************/
/* ACollab                                                                              */
/****************************************************************************************/
/* Copyright (c) 2002-2004  Adaptive Technology Resource Centre / University of Toronto */
/*                                                                                      */
/* http://atutor.ca/acollab                                                             */
/*                                                                                      */
/* This program is free software. You may redistribute it and/or                        */
/* modify it under the terms of the GNU General Public License                          */
/* as published by the Free Software Foundation; either version 2 of the License,       */
/* or (at your option) any later version.                                               */
/*                                                                                      */
/* This program is distributed in the hope that it will be useful, but                  */
/* WITHOUT ANY WARRANTY; without even the implied warranty of                           */
/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.                                 */
/* See the GNU General Public License for more details.                                 */
/*                                                                                      */
/* You may access the GNU General Public License at:                                    */
/* http://www.opensource.org/licenses/gpl-license.php                                   */
/*                                                                                      */
/* You may contact the Adaptive Technology Resource Centre at                           */
/* Robarts Library, University of Toronto                                               */
/* 130 St. George Street, Toronto, Ontario, Canada M5S 1A5                              */
/* Further contact information is available at http://www.utoronto.ca/atrc/             */
/****************************************************************************************/
/* Programmer:                                                                          */
/* Joel Kronenberg - ATRC                                                               */
/****************************************************************************************/
// $Id: edit_event.php 477 2005-03-29 21:36:22Z shozubq $

define('AC_INCLUDE_PATH', '../include/');

require(AC_INCLUDE_PATH.'vitals.inc.php');
require(AC_INCLUDE_PATH.'lib/folders.inc.php');
authenticate(USER_CLIENT, USER_GROUP_ADMIN);

if ($_POST['cancel']) {
	Header('Location: index.php');
	exit;
}

$eid = intval($_REQUEST['eid']);

if (isset($_POST['submit'])) {

	$_POST['event_title'] = trim($_POST['event_title']);
	$_POST['description'] = trim($_POST['description']);

	$_POST['start_year']	= intval($_POST['start_year']);
	$_POST['start_month']	= intval($_POST['start_month']);
	$_POST['start_day']		= intval($_POST['start_day']);
	$_POST['start_hour']	= intval($_POST['start_hour']);
	$_POST['start_min']		= intval($_POST['start_min']);

	$_POST['end_year']	= intval($_POST['end_year']);
	$_POST['end_month']	= intval($_POST['end_month']);
	$_POST['end_day']	= intval($_POST['end_day']);
	$_POST['end_hour']	= intval($_POST['end_hour']);
	$_POST['end_min']	= intval($_POST['end_min']);

	$_POST['folder'] = intval($_POST['folder']);

	if ($_POST['title'] == '') {
		$errors[] = E_EVENT_EMPTY_TITLE;
	}

	if (is_uploaded_file($_FILES['file']['tmp_name']) && $_POST['folder'] == '') {
		$errors[] = E_FOLDER_NOT_SELECTED;
	}

	if ($_POST['description'] == '') {
		$errors[] = E_EVENT_EMPTY_DESC;
	}

	if (!checkdate($_POST['start_month'], $_POST['start_day'], $_POST['start_year'])) {
		$errors[] = E_EVENT_SDATE_INVALID;
	}

	if ((($_POST['end_year'] > 0) || ($_POST['end_month'] > 0) || ($_POST['end_day'] > 0)) 
		&& (!checkdate($_POST['end_month'], $_POST['end_day'], $_POST['end_year']))) {
			$errors[] = E_EVENT_EDATE_INVALID;
	}
	
	$start_stamp= mktime ($_POST['start_hour'], $_POST['start_min'], 0, $_POST['start_month'], $_POST['start_day'], $_POST['start_year']);
	$end_stamp	= mktime ($_POST['end_hour'], $_POST['end_min'], 0, $_POST['end_month'], $_POST['end_day'], $_POST['end_year']);
	if (($end_stamp > 0) && ($start_stamp >= $end_stamp)) {
		$errors[] = E_EVENT_SEDATE_INVALID;
	}

	$_POST['start_month']	= str_pad($_POST['start_month'], 2, '0', STR_PAD_LEFT);
	$_POST['start_day']		= str_pad($_POST['start_day'],	 2, '0', STR_PAD_LEFT);
	$_POST['start_hour']	= str_pad($_POST['start_hour'],  2, '0', STR_PAD_LEFT);
	$_POST['start_min']		= str_pad($_POST['start_min'],   2, '0', STR_PAD_LEFT);

	$_POST['end_year']	= str_pad($_POST['end_year'],  4, '0', STR_PAD_LEFT);
	$_POST['end_month']	= str_pad($_POST['end_month'], 2, '0', STR_PAD_LEFT);
	$_POST['end_day']	= str_pad($_POST['end_day'],   2, '0', STR_PAD_LEFT);
	$_POST['end_hour']	= str_pad($_POST['end_hour'],  2, '0', STR_PAD_LEFT);
	$_POST['end_min']	= str_pad($_POST['end_min'],   2, '0', STR_PAD_LEFT);

	$start_date = $_POST['start_year'].'-'.$_POST['start_month'].'-'.$_POST['start_day'].' '.$_POST['start_hour'].':'.$_POST['start_min'].':00';
	$end_date	= $_POST['end_year'].'-'.$_POST['end_month'].'-'.$_POST['end_day'].' '.$_POST['end_hour'].':'.$_POST['end_min'].':00';

	if (!$errors) {
		$_POST['title'] = $addslashes($_POST['title']);
		$_POST['description'] = $addslashes($_POST['description']);

		$sql	= "UPDATE ".TABLE_PREFIX."events SET title='$_POST[title]', description='$_POST[description]', start_date='$start_date', end_date='$end_date' WHERE event_id=$eid";
		mysql_query($sql,$db);

		$sql	= "DELETE FROM ".TABLE_PREFIX."events_files WHERE event_id=$eid";
		mysql_query($sql, $db);

		/* add the related files */
		if (is_array($_POST['files'])){
			$num_files = count($_POST['files']);
			$sql = '';
			for($i = 1; $i <= $num_files; $i++) {
				if ($_POST['files'][$i] != '') {
					$sql .= '('.$eid.','.$_POST['files'][$i].'),';
				}
			}
			$sql = substr($sql, 0, -1);
			if ($sql != '') {
				$sql = 'INSERT INTO '.TABLE_PREFIX.'events_files VALUES '.$sql;
				mysql_query($sql, $db);
			}
		}

		if (is_uploaded_file($_FILES['file']['tmp_name'])) {
			$sql	= "INSERT INTO ".TABLE_PREFIX."files VALUES (0, $_SESSION[group_id], $_SESSION[member_id], $_POST[folder], NOW(), '{$_FILES[file][name]}', '$_POST[title]', 0, 0, 0)";

			if (mysql_query($sql, $db)) {
				$file_id = mysql_insert_id($db);
								
				$sql = "INSERT INTO ".TABLE_PREFIX."files_revisions VALUES (0, $file_id, $_SESSION[member_id], NOW(), '{$_FILES[file][name]}', '{$_FILES[file][size]}', '$_POST[description]',0)";
					
				if (mysql_query($sql, $db)) {
					$revision_id = mysql_insert_id($db);
					
					$char = substr($revision_id, 0, 1).'/';

					if (move_uploaded_file($_FILES['file']['tmp_name'], UPLOAD_DIR.$char.$revision_id)) {
						/* for added security we add the sticky bit "1" so that only the owner of this file can delete it */
						@chmod(UPLOAD_DIR.$char.$file_id, 01600);

						$sql = "UPDATE ".TABLE_PREFIX."files SET num_revisions=1 WHERE file_id=$file_id";
						$result = mysql_query($sql, $db);

						$sql_event = "INSERT INTO ".TABLE_PREFIX."events_files VALUES ($eid, $revision_id)";
						$result = mysql_query($sql_event, $db);
					} else {
						/* undo the file we just added, b/c it didn't save correctly. */
						$sql = "DELETE FROM ".TABLE_PREFIX."files_revisions WHERE revision_id=$revision_id";
						$result = mysql_query($sql, $db);
					}
				}
			}
		}

		Header('Location: index.php?f='.F_EVENT_EDITED);
		exit;
	}

}

$_SECTION[0][0] = _AC('home');
$_SECTION[0][1] = 'home.php';
$_SECTION[1][0] = _AC('events_calendar');
$_SECTION[1][1] = 'events/';
$_SECTION[2][0] = _AC('edit_event');

require(AC_INCLUDE_PATH.'header.inc.php');

if (isset($errors)) {
	print_errors($errors);
	unset($errors);
}

	$sql = "SELECT * FROM ".TABLE_PREFIX."events WHERE event_id=$eid";
	$result = mysql_query($sql,$db);
	if (!($row = mysql_fetch_assoc($result))) {
		$errors[] = E_EVENT_NOT_FOUND;
		print_errors($errors);
		require (AC_INCLUDE_PATH.'footer.inc.php');
		exit;
	} else if (($row['member_id'] != $_SESSION['member_id'])  && !authenticate(USER_GROUP_ADMIN, USER_RETURN_CHECK)){
		/* actually permission is denied, but for security we fake a "FNF" */
		$errors[] = E_EVENT_NOT_FOUND;
		print_errors($errors);
		require (AC_INCLUDE_PATH.'footer.inc.php');
		exit;
	}


	if ($_POST['submit']) {
		$row['title'] = $_POST['title'];
		$row['description']	= $_POST['description'];
	} else {
		$start_date = $row['start_date'];
		$end_date = $row['end_date'];
		$sql = "SELECT file_id FROM ".TABLE_PREFIX."events_files WHERE event_id=$eid";
		$result = mysql_query($sql,$db);
		$_POST['files'][] = '';
		while ($file_row = mysql_fetch_assoc($result)) {
			$_POST['files'][] = $file_row['file_id'];
		}
	}

?>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" name="form" enctype="multipart/form-data" name="form" id="form">
	<input type="hidden" name="eid" value="<?php echo $eid; ?>" />
	<table border="0" cellspacing="0" cellpadding="2" align="center" class="box2" width="75%">
	<tr>
		<th colspan="5" class="box"><h3><?php echo _AC('edit_event').'&nbsp;&nbsp;'; print_popup_help('help_add_event');?></h3></th>
	</tr>
	<tr>
		<td class="row1" colspan="4"><p><?php echo _AC('event_files'); ?></p></td>
		<td class="row1">&nbsp;</td>
	</tr>
	<tr>
		<td class="row1">&nbsp;</td>
		<td colspan="3" class="row1"><img src="images/clr.gif" height="1" width="1" alt="" /><br /><?php
			echo _AC('denotes_required', '<img src="images/required.gif" height="14" width="14" alt="'._AC('required_field').'" />');
		?><br /></td>
		<td class="row1">&nbsp;</td>
	</tr>
	<tr>
		<td class="row1">&nbsp;</td>
		<td class="row1" align="right"><b><?php echo _AC('start_date'); ?>:</b></td>
		<td class="row1"><img src="images/required.gif" height="14" width="14" alt="<?php echo _AC('required_field'); ?>" /></td>
		<td class="row1"><?php
			echo date_print_select($start_date, 'start', false, AT_DATE_SHOW_DATES);
		?></td>
		<td class="row1">&nbsp;</td>
	</tr>
	<tr>
		<td class="row1">&nbsp;</td>
		<td class="row1" align="right"><b><?php echo _AC('start_time'); ?>:</b></td>
		<td class="row1">&nbsp;</td>
		<td class="row1"><?php
			echo date_print_select($start_date, 'start', true, AT_DATE_SHOW_TIME);
		?></td>
		<td class="row1">&nbsp;</td>
	</tr>
	<tr>
		<td class="row1">&nbsp;</td>
		<td class="row1" align="right"><b><?php echo _AC('end_date'); ?>:</b></td>
		<td class="row1">&nbsp;</td>
		<td class="row1"><?php
			echo date_print_select($end_date, 'end', true, AT_DATE_SHOW_DATES);
		?></td>
		<td class="row1">&nbsp;</td>
	</tr>
	<tr>
		<td class="row1">&nbsp;</td>
		<td class="row1" align="right"><b><?php echo _AC('end_time'); ?>:</b></td>
		<td class="row1">&nbsp;</td>
		<td class="row1"><?php
			echo date_print_select($end_date, 'end', true, AT_DATE_SHOW_TIME);
		?></td>
		<td class="row1">&nbsp;</td>
	</tr>
	<tr>
		<td class="row1">&nbsp;</td>
		<td class="row1" align="right"><label for="title"><b><?php echo _AC('event_title'); ?>:</b></label></td>
		<td class="row1"><img src="images/required.gif" height="14" width="14" alt="<?php echo _AC('required_field'); ?>" /></td>
		<td class="row1"><input type="text" name="title" class="input" size="45" maxlength="100" id="title" value="<?php echo htmlentities($row['title']); ?>" onfocus="this.className='input highlight'" onblur="this.className='input'" /></td>
		<td class="row1">&nbsp;</td>
	</tr>
	<tr>
		<td class="row1">&nbsp;</td>
		<td class="row1" align="right" valign="top"><label for="desc"><b><?php echo _AC('description'); ?>:</b></label></td>
		<td class="row1" valign="top"><img src="images/required.gif" height="14" width="14" alt="<?php echo _AC('required_field'); ?>" class="img" /></td>
		<td class="row1"><textarea name="description" id="desc" cols="50" rows="10" class="input" onfocus="this.className='input highlight'" onblur="this.className='input'"><?php echo $row['description']; ?></textarea></td>
		<td class="row1">&nbsp;</td>
	</tr>
	<tr>
		<td class="row1">&nbsp;</td>
		<td class="row1" align="center" colspan="3"><?php echo _AC('event_attach_files'); ?></td>
		<td class="row1">&nbsp;</td>
	</tr>
	<?php
		$sql = "SELECT MAX(FR.revision_id), FR.file_id, F.title FROM ".TABLE_PREFIX."files F, ".TABLE_PREFIX."files_revisions FR WHERE F.folder_id > 0 AND F.group_id=$_SESSION[group_id] AND F.file_id=FR.file_id GROUP BY F.file_id, F.title";
		$result = mysql_query($sql, $db);
		$files  = array();
		while ($row = mysql_fetch_array($result)) {
			$files[$row['file_id']] = $row;
		}
		$num_files = count($files);

		if ($num_files == 0) {
	?>
		<tr>
			<td class="row1">&nbsp;</td>
			<td class="row1" align="right"><b><?php echo _AC('file_1'); ?>:</b></td>
			<td class="row1">&nbsp;</td>
			<td class="row1"><?php echo _AC('no_files_available'); ?></td>
			<td class="row1">&nbsp;</td>
		</tr>
	<?php } else { 
			for($i=1; $i<=min($num_files, 5); $i++) { ?>
		<tr>
			<td class="row1">&nbsp;</td>
			<td class="row1" align="right"><b><?php echo _AC('file_'.$i); ?>:</b></td>
			<td class="row1">&nbsp;</td>
			<td class="row1"><?php
				echo '<select name="files['.$i.']">';
				echo '<option></option>';
				echo '<option>-- '._AC('drafting_room').' --</option>';
					$current_section = FILE_DRAFTING;
					foreach ($files as $key => $value) {
						if ($current_section != $value['section_type']) {
							echo '<option>-- '._AC('library').' --</option>';
							$current_section = $value['section_type'];
						}
						echo '<option value="'.$value[0].'"';
						if (($_POST['files'][$i] != 0) && ($_POST['files'][$i] == $value[0])) {
							echo ' selected="selected"';
						}
						echo '>'.$value['title'].'</option>';
					}
					echo '</select>';
					?></td>
			<td class="row1">&nbsp;</td>
		</tr>
<?php 
			}
		}
		$folders = get_folders();
	
		//can only upload files if a public folder exists
		if ($folders) {
?>

	<tr>
		<td class="row1">&nbsp;</td>
		<td class="row1" align="right">
			<label for="file"><strong><?php echo _AC('upload_file'); ?></strong></label>
		</td>
		<td class="row1">&nbsp;</td>
		<td class="row1">
			<input type="file" name="file" id="file" class="input" size="30" onfocus="this.className='input highlight'" onblur="this.className='input'" />
		</td>
		<td class="row1">&nbsp;</td>
	</tr>
	<tr>
		<td class="row1">&nbsp;</td>
		<td class="row1" align="right"valign="top">
			<label for="file"><strong><?php echo _AC('folder'); ?></strong></label>
		</td>
		<td class="row1">&nbsp;</td>
		<td class="row1"><?php
			echo '<select name="folder" size="5" id="folder" class="input" onfocus="this.className=\'input highlight\'" onblur="this.className=\'input\'">';

			echo '<optgroup label="'._AC('group_folders').'">';

			foreach ($folders as $id => $folder) {
				if ($id != 0) {
					echo '<option value="'.$id.'"';
					if ($id == $fid) {
						echo ' selected="selected"';
					}
					echo '>'.$folder['title'].'</option>';
				}						
			}
			echo '</optgroup></select>';
		?></td>
		<td class="row1">&nbsp;</td>
	</tr>
<?php
	} else {
?>
	<tr>
		<td class="row1">&nbsp;</td>
		<td class="row1" align="center" colspan="3"><?php echo _AC('no_folders_found'); ?></td>
		<td class="row1">&nbsp;</td>
	</tr>
<?php
	}
?>
	<tr>
		<td class="row1">&nbsp;</td>
		<td class="row1" colspan="3" align="right"><br /><input type="submit" name="submit" value=" <?php echo _AC('edit'); ?> " class="submitY" onfocus="this.className='submitY highlight'" onblur="this.className='submitY'" /> &nbsp; <input type="submit" name="cancel" value="<?php echo _AC('cancel'); ?>" class="submitN" onfocus="this.className='submitN highlight'" onblur="this.className='submitN'" /><br /><br /></td>
		<td class="row1">&nbsp;</td>
	</tr>
	</table>
</form>
<?php
	require(AC_INCLUDE_PATH.'footer.inc.php');
?>
Return current item: ACollab