<?PHP
// Schedule operations handler
//
// Version: $Revision: 1.9 $
// Date: $Date: 2007/09/05 11:27:45 $
//
// Copyright (c) 2006 - 2007 Benjamin Oshrin
// License restrictions apply, see LICENSE for details.
$auth_required = 1;
include('../lib/mrsbs.inc');
// We must have a place to go back to
if(isset($rvar_return))
$op_ret = $rvar_return;
else
mexit($tx['op.err.badparam'], 1);
// Verify that the requested operation is authorized
if(isset($rvar_mtgid))
$mtgid = $rvar_mtgid;
else
$mtgid = -1;
if(authorize("schedule", $rvar_op, $mtgid))
{
$result = $tx['op.err.badparam'];
switch($rvar_op)
{
case "begin":
// Allocate a new meeting ID and create an entry for it. Clone an
// existing meeting if provided and authorized.
if(isset($rvar_cloneid) && $rvar_cloneid > 0
&& authorize("schedule", "clone"))
$newid = create_new_meeting($rvar_cloneid);
else
$newid = create_new_meeting();
if($newid > -1)
{
// Chop any parameters in $op_ret and append $newid -- duplicated in
// "what", below
$x = explode("?", $op_ret);
$op_ret = $x[0] . "?mtgid=" . $newid;
$result = $tx['op.newmtgid'] . " (" . $newid . ")";
}
else
{
$result = $tx['op.failed'] . ": " . $dbc->ErrorMsg();
$err++;
}
break; // begin
case "cancel":
if(cancel_meeting($mtgid))
$result = $tx['op.successful'] . ": " . $tx['op.canceled.mtg'];
else
{
$result = $tx['op.failed'] . ": " . $dbc->ErrorMsg();
$err++;
}
break; // cancel
case "confirmloc":
if(confirm_meeting_location($mtgid))
$result = $tx['op.successful'] . ": " . $tx['op.confirmed'];
else
{
$result = $tx['op.failed'] . ": " . $dbc->ErrorMsg();
$err++;
}
break; // confirmloc
case "location":
switch($rvar_loc)
{
case 'l':
$newlocid = $rvar_location;
break;
case 't':
$newlocid = -2;
break;
case 'n':
default:
$newlocid = -1;
break;
}
if(change_meeting_location($mtgid, $newlocid))
$result = $tx['op.successful'] . ": " . $tx['op.changed'];
else
{
$result = $tx['op.failed'] . ": " . $dbc->ErrorMsg();
$err++;
}
break; // confirmloc
break; // location
case "notify":
if(send_notifications($rvar_mtgid, $rvar_note,
((isset($rvar_all) && ($rvar_all == "some")) ?
$rvar_recipients : false)))
$result = $tx['op.successful'] . ": " . $tx['op.sentinvites'];
else
{
$result = $tx['op.failed'] . ": " . $dbc->ErrorMsg();
$err++;
}
break; // notify
case "recalculate":
case "calculate":
$ch = schedule_event($rvar_mtgid);
if($ch)
{
if(send_notifications($rvar_mtgid, "", false, $ch))
$result = $tx['op.successful'] . ": " . $tx['op.sentinvites'];
else
{
$result = $tx['op.failed'] . ": " . $dbc->ErrorMsg();
$err++;
}
}
else
$result = $tx['op.successful'] . ": " . $tx['op.recalculate.same'];
break; // recalculate
case "send":
if(send_invitations($rvar_mtgid, $rvar_note,
((isset($rvar_all) && ($rvar_all == "some")) ?
$rvar_recipients : false))
&& update_meeting_status($rvar_mtgid, "I"))
$result = $tx['op.successful'] . ": " . $tx['op.sentinvites'];
else
{
$result = $tx['op.failed'] . ": " . $dbc->ErrorMsg();
$err++;
}
break; // send
case "sendnotify":
if(update_meeting_time($rvar_mtgid, -1)
&& update_meeting_status($rvar_mtgid, "S")
&& send_notifications($rvar_mtgid, $rvar_note))
$result = $tx['op.successful'] . ": " . $tx['op.sentinvites'];
else
{
$result = $tx['op.failed'] . ": " . $dbc->ErrorMsg();
$err++;
}
break; // sendnotify
case "uncancel":
if(reinstate_meeting($mtgid, "x"))
$result = $tx['op.successful'] . ": " . $tx['op.uncanceled.mtg'];
else
{
$result = $tx['op.failed'] . ": " . $dbc->ErrorMsg();
$err++;
}
break; // cancel
case "what":
// Update the 'what' part of the meeting
if($mtgid == -1)
{
// We need to first create a meeting
$mtgid = create_new_meeting();
if($mtgid > -1)
{
// Chop any parameters in $op_ret and append $newid -- copied from
// "begin", above
$x = explode("?", $op_ret);
$op_ret = $x[0] . "?mtgid=" . $mtgid;
$result = $tx['op.newmtgid'] . " (" . $mtgid . ")";
}
}
if(update_meeting_what($mtgid, $rvar_summary, $rvar_description))
$result = $tx['op.successful'];
else
{
$result = $tx['op.failed'] . ": " . $dbc->ErrorMsg();
$err++;
}
break; // what
case "when":
// Update the windows of the meeting
$froms = array();
$untils = array();
for($i = 0;$i < count($rvar_windowid);$i++)
{
$hmf = preg_split('/-/', $rvar_hmf[$i]);
$hmu = preg_split('/-/', $rvar_hmu[$i]);
// is_dst (the -1 parameter) is deprecated in php5
$froms[$i] = mktime($hmf[0], $hmf[1], 0, $rvar_mf[$i], $rvar_df[$i],
$rvar_yf[$i], -1);
$untils[$i] = mktime($hmu[0], $hmu[1], 0, $rvar_mu[$i], $rvar_du[$i],
$rvar_yu[$i], -1);
}
if(update_meeting_when($mtgid, $rvar_windowid, $rvar_pref, $froms, $untils,
$rvar_remove, $rvar_curpref, $rvar_curfrom,
$rvar_curuntil))
$result = $tx['op.successful'];
else
{
$result = $tx['op.failed'] . ": " . $dbc->ErrorMsg();
$err++;
}
break; // when
case "when2":
// Update duration and replyby
$hmr = preg_split('/-/', $rvar_hmr);
// is_dst (the -1 parameter) is deprecated in php5
$replyby = mktime($hmr[0], $hmr[1], 0, $rvar_mr, $rvar_dr, $rvar_yr, -1);
$dur = $rvar_duration;
if($dur > 0)
{
if($rvar_durunits == "h")
$dur *= 60;
elseif($rvar_durunits == "d")
$dur *= 1440;
if($rvar_replybym && $rvar_replybym=="on")
$rbm = "R";
else
$rbm = "W";
if(update_meeting_when2($mtgid, $dur, $replyby, $rbm,
$rvar_curduration, $rvar_curreplyby,
$rvar_curreplybym))
$result = $tx['op.successful'];
else
{
$result = $tx['op.failed'] . ": " . $dbc->ErrorMsg();
$err++;
}
}
else
{
$op_ret = "when2.php?mtgid=" . $mtgid;
$result = $tx['sd.time.baddur'];
$err++;
}
break; // when2
case "whennew":
$hmf = preg_split('/-/', $rvar_hmf);
$hmu = preg_split('/-/', $rvar_hmu);
// is_dst (the -1 parameter) is deprecated in php5
$begint = mktime($hmf[0], $hmf[1], 0, $rvar_mf, $rvar_df, $rvar_yf, -1);
$endt = mktime($hmu[0], $hmu[1], 0, $rvar_mu, $rvar_du, $rvar_yu, -1);
if($begint == $endt)
{
$result = $tx['sd.time.same'];
$err++;
}
elseif($begint > $endt)
{
$result = $tx['sd.time.backwards'];
$err++;
}
elseif(add_meeting_window($mtgid, $begint, $endt))
$result = $tx['op.successful'];
else
{
$result = $tx['op.failed'] . ": " . $dbc->ErrorMsg();
$err++;
}
// Stick the current values back in to repopulate the form
$op_ret .= "&mf=" . $rvar_mf .
"&df=" . $rvar_df .
"&yf=" . $rvar_yf .
"&hf=" . $hmf[0] .
"&nf=" . $hmf[1] .
"&mu=" . $rvar_mu .
"&du=" . $rvar_du .
"&yu=" . $rvar_yu .
"&hu=" . $hmu[0] .
"&nu=" . $hmu[1];
break; // whennew
case "where":
// Update the potential sites for the meeting. We don't authorize
// permission to use locid here since the host should only be able
// to select from permitted locations, and we really need to
// enforce it at scheduling time.
$r = false;
switch($rvar_loc)
{
case "l":
$r = update_meeting_potential_locations($mtgid,
$rvar_locid,
$rvar_locpref);
break;
case "n":
case "t":
$r = update_meeting_location($mtgid, ($rvar_loc == "n" ? -1 : -2), "C");
break;
case "u":
// However, here we are effectively scheduling the room. If we
// were going to allocate a reservation (eg in mrbs) we would
// verify permission before proceeding.
$r = update_meeting_location($mtgid, $rvar_locuse, "C");
break;
}
if($r)
$result = $tx['op.successful'];
else
{
$result = $tx['op.failed'] . ": " . $dbc->ErrorMsg();
$err++;
}
break; // where
case "who":
// Update the attendees of the meeting
if(update_meeting_who($mtgid, $rvar_inviteid, $rvar_status, $rvar_remove,
$rvar_curstatus))
$result = $tx['op.successful'];
else
{
$result = $tx['op.failed'] . ": " . $dbc->ErrorMsg();
$err++;
}
break; // who
case "who2":
if(authorize("schedule", "host", $mtgid, $rvar_host))
{
// Update the host of the meeting
if(update_meeting_host($mtgid, $rvar_host))
{
if(authorize("schedule", "owner", $mtgid))
{
// Update the owner of the meeting if permitted
if(update_meeting_owner($mtgid, $rvar_owner))
$result = $tx['op.successful'];
else
{
$result = $tx['op.failed'] . ": " . $dbc->ErrorMsg();
$err++;
}
}
else
$result = $tx['op.successful'];
}
else
{
$result = $tx['op.failed'] . ": " . $dbc->ErrorMsg();
$err++;
}
}
else
{
$result = $tx['op.err.perm'];
$err++;
}
break; // host
case "whonew":
// Lookup the requested person. If one, add to the meeting,
// otherwise generate a list of candidates
$cinfo = false; // If 1 contact found, this is it
$mfound = false; // True if > 1 found
$dirq = false;
if(strchr($rvar_invitee, '@'))
{
// If we were given an email address, just jump directly to
// getting a contactid.
$cinfo = lookup_user_by_email($rvar_invitee);
}
else
{
// Lookup the string in the database and directory, and combine
// the results
$dinfo = search_contacts($rvar_invitee);
$dirq = directory_query($rvar_invitee);
if($dinfo && $dinfo['count']==1 && (!$dirq || $dirq['count'] == 0))
{
// Database matched 1, directory matched 0
$cinfo = $dinfo[0];
}
elseif((!$dinfo || $dinfo['count']==0) && $dirq && $dirq['count'] == 1)
{
// Database matched 0, directory matched 1
// Lookup the user by email to generate a contactid.
$cinfo = lookup_user_by_email($dirq[0]['mail'][0]);
}
elseif(($dinfo && $dinfo['count'] > 0) || ($dirq && $dirq['count'] > 0))
{
// Multiple found, consolidate and output database matches first.
// Check uniqueness on mail address since contactids may not have
// been assigned to directory matches.
$seen = array();
$scount = 0;
$p_op_ret = $rvar_mreturn . "&status=" . $rvar_status;
if($dinfo && $dinfo['count'] > 0)
{
for($i = 0;$i < $dinfo['count'];$i++)
{
if($dinfo[$i]['mail'] != "" && !isset($seen[$dinfo[$i]['mail']]))
{
$p_op_ret .= "&name[]=" .
render_name("full",
$dinfo[$i]['givenname'],
$dinfo[$i]['sn'],
$dinfo[$i]['mail']);
$p_op_ret .= "&candidate[]=" . $dinfo[$i]['mail'];
$seen[$dinfo[$i]['mail']] = true;
$scount++;
}
}
}
if($dirq && $dirq['count'] > 0)
{
for($i = 0;$i < $dirq['count'];$i++)
{
if($dirq[$i]['mail'][0] != "" &&
!isset($seen[$dirq[$i]['mail'][0]]))
{
$p_op_ret .= "&name[]=" .
render_name("full",
$dirq[$i]['givenname'][0],
$dirq[$i]['sn'][0],
$dirq[$i]['mail'][0]);
$p_op_ret .= "&candidate[]=" . $dirq[$i]['mail'][0];
$seen[$dinfo[$i]['mail']] = true;
$scount++;
}
}
}
// We might have found only one entry once consolidated.
// If so, return that entry.
if($scount == 1)
{
// In a sense it doesn't matter which entry we return, so we'll
// go with the database entry, which might have a preferred
// nickname.
$cinfo = $dinfo[0];
}
else
{
$op_ret = $p_op_ret;
$result = $tx['op.invitee.multiple'] . " " . $rvar_invitee;
$err++;
$mfound = true;
}
}
// else nothing found
}
if($cinfo)
{
switch(add_meeting_invitee($mtgid, $cinfo['contactid'], $rvar_status))
{
case -1:
$result = $tx['op.invitee.already'];
$err++;
break;
case 1:
$result = $tx['op.successful'];
break;
default:
$result = $tx['op.failed'] . ": " . $dbc->ErrorMsg();
$err++;
break;
}
}
elseif(!$mfound)
{
// No match, punt to add new contact
$op_ret = $rvar_nreturn . "&status=" . $rvar_status;
if(strchr($rvar_invitee, '@'))
$op_ret .= "&mail=" . $rvar_invitee;
else
{
$name = explode(" ", $rvar_invitee, 2);
$op_ret .= "&givenname=" . $name[0] . "&sn=" . $name[1];
}
$op_ret .= "&return=" . urlencode("../schedule/who.php?mtgid=" .
$rvar_mtgid);
$result = "";
}
break; // whonew
case "whorecent":
// That is who-recent, not whore-cent.
// For each person, see if the contactid exists and if so add to the mtg.
$w_total = count($rvar_invitees);
$w_good = 0;
$w_notfound = 0;
$w_already = 0;
for($i = 0;$i < $w_total;$i++)
{
if(get_contact($rvar_invitees[$i]))
{
if(add_meeting_invitee($rvar_mtgid, $rvar_invitees[$i], $rvar_status))
$w_good++;
else
$w_already++;
}
else
$w_notfound++;
}
if($w_total == $w_good)
$result = $tx['op.successful'];
else
{
$result = $tx['op.successful'] . ": " . $w_good . ", " .
$tx['op.invitee.already'] . ": " . $w_already . ", " .
$tx['ct.err.notfound'] . ": " . $w_notfound;
$err++;
}
break; // whorecent
case "null":
$result = "";
break;
default:
break;
}
}
else
{
$result = $tx['op.err.perm'];
$err++;
}
?>
<HTML>
<HEAD>
<META HTTP-EQUIV="refresh" CONTENT="<?PHP print (isset($err) ? "1" : "0");?>;URL=<?PHP
if(strstr($op_ret, "?")) $c = "&";
else $c = "?";
print hstr($op_ret);
if($result != "") print $c . (isset($err) ? "error=" : "result=") . hstr($result);
?>">
</HEAD>
<BODY BGCOLOR=gray>
<?PHP /*print $op_ret;*/?>
</BODY>
</HTML>