Location: PHPKode > projects > Convener > manage/createmeeting.php
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
"http://www.w3.org/TR/html4/strict.dtd">

<html>
<head>
	<title>Create a meeting</title>
	<style type="text/css" media="screen">@import "convener.css";</style>
</head>
<body>
<div id="wrapper">
	<div id="menu"><?php include('menu.php');?>
	</div>
	<div id="content"> 

<?php 

// TODO: opinion importance factor for participants:) which is normally 1 but can be f.ex. 0.8, 1.1, 100 (into settings: OIF ON/OFF)

require('../config.php');
require('../dbfunc.php');
$conveners_id = 1; // now for testing, set by authentication when it's ready
$result = mysql_query("SELECT freesuggestions FROM settings WHERE settings_id = 1");
$fs = mysql_fetch_row($result);	

if($_POST['ok']) { // the form was submitted
	// -- initialize variables
	$email = $firstname = $lastname = $sd = $ed = $st = $et = $loc = $free = NULL;
	//var_dump($_POST);
	// --- validate and escape post-data to new variables and arrays
	if($_POST['lastname']) foreach($_POST['firstname'] as $key => $value) {
		if ($value AND $value != "") {
			$firstname[$key] = escape_smart($_POST['firstname'][$key]);
		}
	}
	if($_POST['lastname']) foreach($_POST['lastname'] as $key => $value) {
		if ($value AND $value != "") {
			$lastname[$key] = escape_smart($_POST['lastname'][$key]);
		}
	}
	if($_POST['email']) foreach($_POST['email'] as $key => $value) {
		if ($value AND $value != "") { // scandinavian letters are possible in domain names since August 2005
			if (eregi('^[a-öA-Ö0-9._-]+@[a-öA-Ö0-9._-]+\.([a-öA-Ö]{2,4})$', $value)) { 
				if ($key != 0 AND in_array($value, $email)) {
					die("<h2>Duplicate e-mail address</h2><p>Same e-mail address not allowed to many participants: <b>$value</b></p>");
				} else {
					$email[$key] = escape_smart($_POST['email'][$key]);   
				}
			} else {
				die("<h2>Invalid e-mail address</h2><p>Invalid email address in participants, please go back and check e-mail addresses!</p>");
      			}
		// --- handling this later, remove belowe soon if everything ok OR could be used for warning about the fact
		//$result = mysql_query("SELECT * FROM participants WHERE email = '$email[$key]' AND conveners_id='$conveners_id'", 
		//$link);
		//if (mysql_num_rows($result) != 0) die("<p>Participant with email address <b>$value</b> already in your contacts!</p>");
		}
	}
	if($_POST['sd']) foreach($_POST['sd'] as $key => $value) {
		if ($value AND $value != "") { // check date
			if (preg_match("/^([123456789][[:digit:]]{3})-(0[1-9]|1[012])-(0[1-9]|[12][[:digit:]]|3[01])$/", $value, $date_part) 
			&& checkdate($date_part[2], $date_part[3], $date_part[1])) {
				$sd[$key] = escape_smart($_POST['sd'][$key]);
			} else { // date invalid
				die("<h2>Invalid date</h2><p>Invalid starting date in suggestions, please go back and check dates!</p>");
			}
		}
		if ($_POST['ed'][$key]) {
			if (preg_match("/^([123456789][[:digit:]]{3})-(0[1-9]|1[012])-(0[1-9]|[12][[:digit:]]|3[01])$/", $_POST['ed'][$key], 
			$date_part) && checkdate($date_part[2], $date_part[3], $date_part[1])) {
				$ed[$key] = escape_smart($_POST['ed'][$key]);
			} else { // date invalid
				die("<h2>Invalid date</h2><p>Invalid ending date in suggestions, please go back and check dates!</p>");
			}		
		} elseif (!$_POST['ed'][$key] AND $value) {
			$ed[$key] = $sd[$key];
		}
	}
	if($_POST['st']) foreach($_POST['st'] as $key => $value) {
		if ($value AND $value != "") { // check time
			$arr = explode(":", $value);
			if($arr[0] > 23 OR $arr[0] < 0 OR $arr[1] > 59 OR $arr[1] < 0 OR !is_numeric($arr[0]) OR !is_numeric($arr[1])) {
				die("<h2>Invalid time</h2><p>Invalid starting time in suggestions, please go back and check times!</p>");
			} else { // time valid
				$st[$key] = escape_smart($_POST['st'][$key]);
			}
		}
	}
	if($_POST['et']) foreach($_POST['et'] as $key => $value) {
		if ($value AND $value != "") { // check time 
			$arr = explode(":", $value);
			if($arr[0] > 23 OR $arr[0] < 0 OR $arr[1] > 59 OR $arr[1] < 0 OR !is_numeric($arr[0]) OR !is_numeric($arr[1])) {
				die("<h2>Invalid time</h2><p>Invalid ending time in suggestions, please go back and check times!</p>");
			} else { // time valid
				$et[$key] = escape_smart($_POST['et'][$key]);
			}
		}
	}
	if($_POST['loc']) foreach($_POST['loc'] as $key => $value) {
		if ($value AND $value != "") {
			$loc[$key] = escape_smart($_POST['loc'][$key]);
		}
	}

	if($_POST['free']) foreach($_POST['free'] as $key => $value) {
		if ($value AND $value != "") {
			$free[$key] = escape_smart($_POST['free'][$key]);
		}
	}

	if($_POST['group']) foreach($_POST['group'] as $key => $value) {
		if ($value AND $value != "") {
			$group[$key] = escape_smart($_POST['group'][$key]);
		}
	}
	
	if($_POST['title']) {
		$title = escape_smart($_POST['title']);
	} else {
		die("<h2>Missing values</h2><p>No title for the meeting given!</p>");
	}
	if($_POST['desc']) {
		$desc = escape_smart($_POST['desc']);
	} else {
		die("<h2>Missing values</h2><p>No description for the meeting given!</p>");
	}
	if($_POST['dldate']) {
		if (preg_match("/^([123456789][[:digit:]]{3})-(0[1-9]|1[012])-(0[1-9]|[12][[:digit:]]|3[01])$/", $_POST['dldate'], 
		$date_part) && checkdate($date_part[2], $date_part[3], $date_part[1])) {
			$dldate = escape_smart($_POST['dldate']);
		} else { // date invalid
			die("<h2>Invalid deadline date</h2><p>Invalid deadline date for answering, check date!</p>");
		}
	} else {
		die("<h2>Missing values</h2><p>No deadline date for answering given!</p>");
	}
	if($_POST['dltime']) {
		$arr = explode(":", $_POST['dltime']);
		if($arr[0] > 23 OR $arr[0] < 0 OR $arr[1] > 59 OR $arr[1] < 0 OR !is_numeric($arr[0]) OR !is_numeric($arr[1])) {
			die("<h2>Invalid time</h2><p>Invalid deadline time for answering, check time!</p>");
		} else { // time valid
			$dltime = escape_smart($_POST['dltime']);
		}
	} else {
		die("<h2>Missing values</h2><p>No deadline time for answering given!</p>");
	}

	// --- basic check for forgotten values, make it better in the new form validator 
	if (!$lastname[0] AND !$group[0]) echo("<p>WARNING: You didn't enter any participants!</p>");
	if (sizeof($firstname) != sizeof($lastname)) die ("<h2>Missing values</h2><p>Number of first names and last names doesn't match,
	check that every firstname has lastname attached and vice versa!</p>");
	if (sizeof($lastname) != sizeof($email)) die ("<h2>Missing values</h2><p>Number of participant names and emails doesn't match,
	check that every participant name has email attached and vice versa!</p>"); 
	
	if ($fs[0] == 0) { // settings.freesuggestions=0 -> every suggestion has starting datetime, optional ending datetime and location
		if (sizeof($sd) != sizeof($st) OR sizeof($sd) != sizeof($et) OR sizeof($sd) != sizeof($loc)) die("<h2>Missing values</h2>
		<p>Missing value(s) in suggestions</p>");
		if (sizeof($sd) < 2) die("<h2>Missing values</h2><p>You must enter at least two suggestions!</p>");
	} else {
		if (sizeof($free) < 2) die("<h2>Missing values</h2><p>You must enter at least two suggestions!</p>");
	}
	
	/*echo '<pre>';
	var_dump($firstname, $lastname, $email, $conveners_id, $group, $free, $sd, $ed);
	echo '</pre>';
	die("Not yet dead"); // debugging*/
	
	// --- get next auto_index meetings_id	
	$result = mysql_query("SHOW TABLE STATUS LIKE 'meetings'", $link);
	$row = mysql_fetch_assoc($result);
	$next_ai = $row['Auto_increment'];
	
	// --- insert new meeting into table meetings
	mysql_query("INSERT INTO meetings (conveners_id, title, description, deadline) 
	VALUES ('$conveners_id', '$title', '$desc', '$dldate $dltime')", $link) OR die("1 " . mysql_error());
	
	// --- insert every suggestion into table suggestions
	if ($fs[0] == 0) { // date+location suggestions
		foreach($sd as $key => $value) {
			mysql_query("INSERT INTO suggestions (meetings_id, starttime, endtime, location) VALUES 
			('$next_ai', '$sd[$key] $st[$key]', '$ed[$key] $et[$key]', '$loc[$key]')", $link) OR die("Could not add 
			suggestion: " . mysql_error());
		}
	} else { // freetext suggestions
		foreach($free as $key => $value) {
			mysql_query("INSERT INTO suggestions (meetings_id, freetext) VALUES ('$next_ai', '$free[$key]')") OR die("Could not
			add suggestion: " . mysql_error());
		}
	}
		
	// --- insert every participant into table participants
	if($lastname) foreach($lastname as $key => $value) {
		if ($value) {
			// --- query if participant with that email already in contacts
			$result = mysql_query("SELECT participants_id FROM participants WHERE email = '$email[$key]' 
			AND conveners_id='$conveners_id'", $link);
			if (mysql_num_rows($result) == 0) mysql_query("INSERT INTO participants (email, firstname, lastname, conveners_id) 
			VALUES ('$email[$key]', '$firstname[$key]', '$lastname[$key]', '$conveners_id')", $link) OR 
			die("Could not add participant: " . mysql_error());
		}
	}

	// --- insert every participants_id into connecting table meetings_have_participants
	if($lastname) foreach($email as $key => $value) {
		$result = mysql_query("SELECT participants_id FROM participants WHERE email='$email[$key]' AND conveners_id='$conveners_id'"
		, $link);
		$participants_id = mysql_fetch_row($result);
		mysql_query("INSERT INTO meetings_have_participants (meetings_id, participants_id) VALUES ('$next_ai', 
		'$participants_id[0]')", $link) OR die("Could not add participant into meetings_have_participants: " . mysql_error());
	}
	// --- loop through groups and insert all the members into table meetings_have_participants
	if($group) foreach($group as $value) {
		$result = mysql_query("SELECT participants_id FROM groups_have_participants WHERE groups_id = '$value'", $link);
		while ($row = mysql_fetch_array($result, MYSQL_NUM)) {
			@mysql_query("INSERT INTO meetings_have_participants (meetings_id, participants_id) VALUES ('$next_ai', 
			'$row[0]')", $link); // could be duplicates between groups
		}
	}
	// --- everything ok
	echo '<h2>Meeting saved!</h2><p><a href="viewmeeting.php?m=' . $next_ai . '">View meeting</a> and send questionnaires</p>';
	
} else {
	// --- display the form
	echo "<h1>Create a meeting</h1><form action=\"createmeeting.php\" method=\"post\">
	<h2>Title</h2>
	<p><input type=\"text\" size=\"40\" maxlength=\"255\" name=\"title\" /></p> 
	<h2>Invitation and description</h2>
	<p><textarea rows=\"7\" cols=\"40\" name=\"desc\"></textarea></p>
	<h2>Answering deadline</h2>
	<p><input type=\"text\" size=\"10\" maxlength=\"10\" name=\"dldate\" /> Date (yyyy-mm-dd) 
	<input type=\"text\" size=\"5\" maxlength=\"5\" name=\"dltime\" /> Time (hh:mm)</p><h2>Select participant groups</h2>";
		
	$result = mysql_query("SELECT groups_id, name FROM groups WHERE conveners_id = '$conveners_id'", $link);
	if (mysql_num_rows($result) > 0) {
		echo '<p><select name="group[]" multiple>';
		while ($row = mysql_fetch_assoc($result)) {
			echo '<option value="' . $row['groups_id'] . '">' . $row['name'] . '</option>';
		}
		echo '</select></p>';
	} else {
		echo '<p class="notice">No groups found!</p>';
	}
		
	echo '<h2>Other participants</h2><table><tr><td class="noborder">First name</td><td class="noborder">Last name</td>
	<td class="noborder">E-mail</td></tr>';

	for($i = 1; $i <= 10; $i++) { // limitation: only 10 participants, editable in settings?
		echo '<tr><td class="noborder"><input type="text" name="firstname[]" size="12" maxlength="20" /></td> 
		<td class="noborder"><input type="text" name="lastname[]" size="17" maxlength="45" /></td>
		<td class="noborder"><input type="text" name="email[]" size="22" maxlength="45" /></td></tr>';
	}
	
	echo 	'</table><h2>Suggestions</h2>';
	if ($fs[0] == 0) { // settings.freesuggestions=0 -> every suggestion has starting datetime, optional ending datetime and location	
		echo '<table><tr><td class="noborder">No.</td><td class="noborder">Date (yyyy-mm-dd)</td>
		<td class="noborder">End date (if different)</td><td class="noborder">Starting time (hh:mm)</td>
		<td class="noborder">Ending time (hh:mm)</td><td class="noborder">Location</td></tr>';
		for($i = 1; $i <= 10; $i++) { // limitation: only 10 suggestions, editable in settings?
			echo '<tr><td class="noborder">' . $i . '.</td><td class="noborder"><input type="text" size="8" maxlength="10" name="sd[]" /></td>
			<td class="noborder"><input type="text" size="8" maxlength="10" name="ed[]" /></td>
			<td class="noborder"><input type="text" size="3" maxlength="5" name="st[]" /></td> 
			<td class="noborder"><input type="text" size="3" maxlength="5" name="et[]" /></td>
			<td class="noborder"><input type="text" size="15" maxlength="255" name="loc[]" /></td></tr>';
		}
	} else { // settings.freesuggestions!=0 -> single freetext field for each suggestion
		for($i = 1; $i <= 10; $i++) { // limitation: only 10 suggestions, editable in settings?
			echo '<table><tr><td class="noborder">' . $i . '. </td><td class="noborder"><input type="text" size="87" 
			maxlength="65535" name="free[]" /></td></tr>';	
		}
	}
	echo '</table><p><input type="submit" name="ok" value="Create meeting" /></p></form>';
}

?>
</div>
</div>
</body>
</html>
PHP Helpdesk script - 100% PHP source code. Try it now!
Return current item: Convener