Location: PHPKode > projects > Convener > manage/editmeeting.php
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
"http://www.w3.org/TR/html4/strict.dtd">

<html>
<head>
	<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=ISO-8859-1">
	<title>Update meeting</title>
	<style type="text/css" media="screen">@import "convener.css";</style>
</head>
<body>
<div id="wrapper">
	<div id="menu"><?php include('menu.php');?>
	</div>
	<div id="content"> 

<?php 

/* TO DO: If questionnaires are not yet sent, convener should also be able to change existing participants & suggestions
 *	
 * TO CONSIDER: If convener adds new participants afterwards he should probably be able to send questionnaires only to them (not
 *		to confuse existing participants who have already received the questionnaires).
 *		
 *		If convener also adds new suggestions afterwards, the questionnaires should be sent again with notice of the update.		
 */
	
require('../config.php');
require('../dbfunc.php');
$conveners_id = 1; // now for testing, set by authentication when it's ready
$meetings_id = escape_smart($_GET['m']);

if($_POST['ok']) { // the form was submitted
	// --- validate and escape post-data to new variables and arrays
	$email = $firstname = $lastname = $sd = $ed = $st = $et = $loc = $free = NULL;
	if ($_POST['firstname']) foreach($_POST['firstname'] as $key => $value) {
		if ($value AND $value != "") {
			$firstname[$key] = escape_smart($_POST['firstname'][$key]);
		}
	}
	if ($_POST['lastname']) foreach($_POST['lastname'] as $key => $value) {
		if ($value AND $value != "") {
			$lastname[$key] = escape_smart($_POST['lastname'][$key]);
		}
	}
	if ($_POST['email']) foreach($_POST['email'] as $key => $value) {
		if ($value) { // scandinavian letters are possible in domain names since August 2005
			if (eregi('^[a-öA-Ö0-9._-]+@[a-öA-Ö0-9._-]+\.([a-öA-Ö]{2,4})$', $value)) { 
				if ($key != 0 AND in_array($value, $email)) {
					die("<h2>Duplicate e-mail address</h2><p>Same e-mail address not allowed to many participants: <b>$value</b></p>");
				} else { 
					$email[$key] = escape_smart($_POST['email'][$key]);   
				}
			} else {
				die("<h2>Invalid e-mail address</h2><p>Invalid email address in participants, please go back and check e-mail addresses!</p>"); 
      			}
		// --- handling this later, remove belowe soon if everything ok OR could be used for warning about the fact
		//$result = mysql_query("SELECT * FROM participants WHERE email = '$email[$key]' AND conveners_id='$conveners_id'", 
		//$link);
		//if (mysql_num_rows($result) != 0) die("<p>Participant with email address <b>$value</b> already in your contacts!</p>");
		}
	}
	if ($_POST['group']) foreach($_POST['group'] as $key => $value) {
		if ($value AND $value != "") {
			$group[$key] = escape_smart($_POST['group'][$key]);
		}
	}

	if($_POST['title']) {
		$title = escape_smart($_POST['title']);
	} else {
		die("<h2>Missing values</h2><p>No title for the meeting given!</p>");
	}
	if($_POST['desc']) {
		$desc = escape_smart($_POST['desc']);
	} else {
		die("<h2>Missing values</h2><p>No description for the meeting given!</p>");
	}
	if($_POST['dldate']) {
		if (preg_match("/^([123456789][[:digit:]]{3})-(0[1-9]|1[012])-(0[1-9]|[12][[:digit:]]|3[01])$/", $_POST['dldate'], 
		$date_part) && checkdate($date_part[2], $date_part[3], $date_part[1])) {
			$dldate = escape_smart($_POST['dldate']);
		} else { // date invalid
			die("<h2>Invalid deadline date</h2><p>Invalid deadline date for answering, check date!</p>");
		}
	} else {
		die("<h2>Missing values</h2><p>No deadline date for answering given!</p>");
	}
	if($_POST['dltime']) {
		$arr = explode(":", $_POST['dltime']);
		if($arr[0] > 23 OR $arr[0] < 0 OR $arr[1] > 59 OR $arr[1] < 0 OR !is_numeric($arr[0]) OR !is_numeric($arr[1])) {
			die("<h2>Invalid time</h2><p>Invalid deadline time for answering, check time!</p>");
		} else { // time valid
			$dltime = escape_smart($_POST['dltime']);
		}
	} else {
		die("<h2>Missing values</h2><p>No deadline time for answering given!</p>");
	}
		
	// --- basic check for forgotten values, make it better in the new form validator 
	if (sizeof($firstname) != sizeof($lastname)) die ("<h2>Missing values</h2><p>Number of first names and last names doesn't match,
	check that every firstname has lastname attached and vice versa!</p>");
	if (sizeof($lastname) != sizeof($email)) die ("<h2>Missing values</h2><p>Number of participant names and emails doesn't match,
	check that every participant name has email attached and vice versa!</p>"); 	
	//die("Not yet dead"); //debugging
		
	// --- update table meetings
	mysql_query("UPDATE meetings SET title = '$title', description = '$desc', deadline = '$dldate $dltime' 
	WHERE meetings_id = '$meetings_id'", $link) OR die(MYSQL_ERROR());
	
	// --- insert every participant into table participants
	if($lastname) foreach($lastname as $key => $value) {
		if ($value) {
			// --- query if participant with that email already in contacts
			$result = mysql_query("SELECT participants_id FROM participants WHERE email = '$email[$key]' 
			AND conveners_id='$conveners_id'", $link);
			if (mysql_num_rows($result) == 0) mysql_query("INSERT INTO participants (email, firstname, lastname, conveners_id) 
			VALUES ('$email[$key]', '$firstname[$key]', '$lastname[$key]', '$conveners_id')", $link) OR 
			die("Could not add participant: " . mysql_error());
		}
	}

	// --- insert every participants_id into connecting table meetings_have_participants
	if ($email) foreach($email as $key => $value) {
		$result = mysql_query("SELECT participants_id FROM participants WHERE email='$email[$key]' AND conveners_id='$conveners_id'"
		, $link);
		$participants_id = mysql_fetch_row($result);
		mysql_query("INSERT INTO meetings_have_participants (meetings_id, participants_id) VALUES ('$meetings_id', 
		'$participants_id[0]')", $link);// OR die(MYSQL_ERROR());
	}
	// --- loop through groups and insert all the members into table meetings_have_participants
	if ($group) foreach($group as $value) {
		$result = mysql_query("SELECT participants_id FROM groups_have_participants WHERE groups_id = '$value'", $link);
		while ($row = mysql_fetch_array($result, MYSQL_NUM)) {
			@mysql_query("INSERT INTO meetings_have_participants (meetings_id, participants_id) VALUES ('$meetings_id', 
			'$row[0]')", $link); // could be duplicates between groups
		}
	}
	
	// --- everything ok
	echo '<h2>Meeting updated!</h2><p><a href="viewmeeting.php?m=' . $meetings_id . '">View meeting</a> and send questionnaires</p>';
	
} elseif ($_POST['deletem']) {
	// --- "Delete meeting" was pressed or several meetings selected for deletion
	echo '<h2>Delete meetings</h2><ul>';
	if (is_array($_POST['m'])) {
		foreach ($_POST['m'] as $value) {
			$value = escape_smart($value);
			//echo $sql = "DELETE FROM meetings WHERE meetings_id = '$value' LIMIT 1";
			mysql_query("DELETE FROM meetings WHERE meetings_id = '$value' LIMIT 1", $link) OR die(MYSQL_ERROR());
			echo "<li>Meeting $value deleted</li>";
		}
	} else {
		$meetings_id = escape_smart($_POST['m']);
		//echo $sql = "DELETE FROM meetings WHERE meetings_id = '$meetings_id' LIMIT 1";
		mysql_query("DELETE FROM meetings WHERE meetings_id = '$meetings_id' LIMIT 1", $link) OR die(MYSQL_ERROR());
		echo "<li>Meeting $meetings_id deleted</li>";
	}
	echo '</ul><p><a href="editmeeting.php">Edit meetings</a></p>';
	
} else { // display the form
	if (!$meetings_id) { // meeting not with GET
		// --- so start a form for selecting the meeting
		$result = mysql_query("SELECT title, meetings_id, deadline FROM meetings WHERE conveners_id = $conveners_id");
		echo '<h2>Select a meeting to edit</h2>';
		if (mysql_num_rows($result) == 0) {
			die('<p class="notice">No meetings found!</p><p>Please <a href="createmeeting.php">create a meeting</a> first.</p>');
		} else {		
			echo '<p>You can edit following meetings:</p><form action="editmeeting.php" method="post"><table><tr class="tblh">
			<td></td><td>Id</td><td>Name</td><td>Sugg. format</td><td>Deadline</td><td>Participants</td><td>Answer %</td></tr>'; 
			while ($row = mysql_fetch_assoc($result)) {
				$answp = 0;
				// --- query how many participants
				$result_part = mysql_query('SELECT COUNT(*) FROM meetings_have_participants WHERE meetings_id = ' . 
				$row['meetings_id']);
				$part = mysql_fetch_row($result_part);
				// --- query how many have answered (count participants grouped by suggestions)
				$result_answ = mysql_query("SELECT COUNT(participants_id) FROM answers WHERE meetings_id = " . $row['meetings_id']
				. " GROUP BY suggestions_id");
				$answ = mysql_fetch_row($result_answ);
				if (!$part[0] == 0) $answp = round($answ[0] / $part[0] * 100, 2);
				echo '<tr><td><input type="checkbox" name="m[]" value="' . $row['meetings_id'] . '" /></td><td>' . $row['meetings_id'] . '</td>
				<td><a href="editmeeting.php?m=' . $row['meetings_id'] . '">' . $row['title'] . '</a></td><td>' . 
				(suggformat($row['meetings_id']) == 0 ? 'Date and location' : 'Free text') . '</td><td>' . $row['deadline'] . '</td><td>' 
				. $part[0] . '</td><td>' . $answp . '</td></tr>';
			}
		}
		echo '</table><p><input type="submit" onClick="return confirmSubmit()" name="deletem" value="Delete selected" /></p></form>';
	
	} else { // got meeting with GET, display the update form
		// --- query current values for meeting
		$result = mysql_query("SELECT * FROM meetings WHERE meetings_id = $meetings_id", $link);
		$row = mysql_fetch_assoc($result);
		$dldate = substr($row['deadline'], 0, 10); // first 10 characters
		$dltime = substr($row['deadline'], 11); // last 5 characters
		echo "<form action=\"editmeeting.php?m=$meetings_id\" method=\"post\">
		<h2>Title</h2>
		<p><input type=\"text\" size=\"40\" maxlenght=\"255\" name=\"title\" value=\"" . $row['title'] . "\" /></p> 
		<h2>Invitation and description</h2>
		<p><textarea rows=\"7\" cols=\"40\" name=\"desc\">" . $row['description'] . "</textarea></p>
		<h2>Answering deadline</h2>
		<p><input type=\"text\" size=\"10\" maxlength=\"10\" name=\"dldate\" value=\"$dldate\" /> Date (yyyy-mm-dd) 
		<input type=\"text\" size=\"5\" maxlength=\"5\" name=\"dltime\" value=\"$dltime\" /> Time (hh:mm)</p><h2>Select participant groups</h2>";
			
		$result = mysql_query("SELECT groups_id, name FROM groups WHERE conveners_id = '$conveners_id'", $link);
		if (mysql_num_rows($result) > 0) {
			echo '<p><select name="group[]" multiple>';
			while ($row = mysql_fetch_assoc($result)) {
				echo '<option value="' . $row['groups_id'] . '">' . $row['name'] . '</option>';
			}
			echo '</select></p>';
		} else {
			echo '<p class="notice">No groups found!</p>';
		}
		
		echo '<h2>Add more participants</h2><table><tr><td class="noborder">First name</td><td class="noborder">Last name</td>
		<td class="noborder">E-mail</td></tr>';

		for($i = 1; $i <= 10; $i++) { // limitation: only 10 participants, editable in settings?
			echo '<tr><td class="noborder"><input type="text" name="firstname[]" size="12" maxlength="20" /></td> 
			<td class="noborder"><input type="text" name="lastname[]" size="17" maxlength="45" /></td>
			<td class="noborder"><input type="text" name="email[]" size="22" maxlength="45" /></p></td></tr>';
		}
	
		echo '</table><p><input type="submit" name="ok" value="Update meeting" /></p></form>';		
	}
}	

?>

</div>
</div>
</body>
</html>

Return current item: Convener