event.php3

Event Calendar是一个在线事件日程

<?php
//  Simon's Rock Web Calendar
//  Copyright (C) 1999-2000 Ryan Krebs and Simon's Rock College of Bard
//  Please read the accompanying files "COPYING" and "COPYRIGHT"
//  for more information

if( !$EVENT_INCLUDED ) {
$EVENT_INCLUDED = 1;
include( 'error/error.php3' );
include( 'sql/sql.php3' );
include( 'pulldown.php3' );
include( 'checkbox.php3' );

class SRCEvent {

// The base event class has everything from the table, as well as an error var
//   and string vars for those that are stored as IDs.
	var $event_id, $title, $description, $location_id, $audience_id;
	var $category_id, $start_time, $end_time, $submitted_time;
	var $submitter_id, $approver_id, $info_url, $info_email, $error;
	var $location, $audience, $category, $submitter, $approver, $hide_oc;
	var $weekday_id, $weekday, $modify_id, $modified_submitter;
	var $modified_submit_time, $modified_title;

// The constructor takes everything and sticks it into the instance's vars
	function SRCEvent( $new_submitter, $new_title, $new_description,
			$new_location, $new_audience, $new_category,
			$new_start_time, $new_end_time = 0, $new_info_url = "",
			$new_info_email = "", $new_approver_id = 0,
			$new_hide_oc = 0, $new_weekday_id = "",
			$new_modify_id = "" ) {
		
		$this->submitter_id = $new_submitter;
// need to get rid of "s, since they don't work in value fields
		$this->title = stripSlashes( $new_title );
		$this->title = ereg_replace( "\"", "&quot;", $this->title );
		$this->title = addSlashes( $this->title );
// the description, however, can keep quotes in html tags.
		$this->description = stripSlashes( $new_description );
		$this->description = ereg_replace( "\"", "&quot;", $this->description );
//		$this->description = ereg_replace( "\"", "&quot;", $this->description );
		while( ($new_description = ereg_replace( "(<.*)&quot;(.*>)", "\\1\"\\2", $this->description ) )
			!= $this->description ) {
			$this->description = $new_description;
		}
		$this->description = addSlashes( $this->description );
		$this->location_id = $new_location;
		if( !is_array( $new_audience ) ) {
			$this->audience_id[0] = $new_audience;
		} else {
			$this->audience_id = $new_audience;
		}
		if( !is_array( $new_category ) ) {
			$this->category_id[0] = $new_category;
		} else {
			$this->category_id = $new_category;
		}
		if( !isSet( $new_weekday_id ) ) {
			$this->weekday_id[0] = -1;
		} elseif( !is_array( $new_weekday_id ) ) {
			$this->weekday_id[0] = $new_weekday_id;
		} else {
			$this->weekday_id = $new_weekday_id;
		}
		$this->start_time = $new_start_time;
		$this->end_time = $new_end_time;
		$this->info_url = $new_info_url;
		$this->info_email = $new_info_email;
		$this->approver_id = $new_approver_id;
		$this->submitted_time = mktime();
		$this->hide_oc = $new_hide_oc;
		$this->modify_id = $new_modify_id;
	}

// Validate event looks at stuff like dates and empty strings
	function validateEvent() {
		if ( ($this->title == "") || ($this->description == "") ) {
			$this->error = "A required field (" .
				( $this->title ? "description" : "title" )
				. ") was not filled.";
			return 0;
		}

// If the e-mail address is incomplete, stick a default ending on it.
		if( ($this->info_email) && (!ereg( "@", $this->info_email))) {
			$this->info_email .= "@" . $GLOBALS["config_domain"];
		}

// If the URL doesn't start with anything recognizable, stick on http
		if( ($this->info_url) && (!ereg( "^(http|ftp|https)://", $this->info_url ))) {
			$this->info_url = "http://" . $this->info_url;
		}
// And if there are no dots in the server name, append the domain from the config.inc file
		if( ($this->info_url) && (ereg(
"^(http|ftp|https)://([[:alnum:]]+)$", $this->info_url, $regs ))) {
			$this->info_url .= "." . $GLOBALS["config_domain"] . "/";
		} 

		if( $this->info_url) {
			$this->info_url = ereg_replace( 
"(^(http|ftp|https)://([^./]+))(/(([^[:space:]])*)$)",
				"\\1." . $GLOBALS["config_domain"] . "\\4",
				$this->info_url );
		}

		if ( $this->end_time && ($this->start_time > $this->end_time)) {
$this->error = "The ending time is before the beginning time.";
			return 0;
		}

		if( $this->weekday_id[0] == -1 ) {
			if( !$this->end_time ) {
				$this->weekday_id[0] = date( "w", $this->start_time );
			} else {
				$temp_stamp = mktime( 0,0,0,
					date("m",$this->start_time),
					date("j",$this->start_time),
					date("Y",$this->start_time) );
				while( ($temp_stamp <= $this->end_time) &&
					(!$included_weekday[date("w", $temp_stamp)]) ) {
					$included_weekday[date( "w", $temp_stamp )] = 1;
					$temp_stamp += 86400;
				}
				$j=0;
				for( $i=0; $i<7; $i++ ) {
					if( $included_weekday[$i] )
						$this->weekday_id[$j++] = $i;
				}
			}
		} else {
			if( !$this->end_time ) {
				if( (count($this->weekday_id)>1) ||
					($this->weekday_id[0] !=
						date( "w", $this->start_time ))){
					$this->error = "A day of the week that "
						. "selected is invalid for the "
						. "time you specified.";
					return 0;
				}
			} else {
				$temp_stamp = mktime( 0,0,0,
					date("m",$this->start_time),
					date("j",$this->start_time),
					date("Y",$this->start_time) );
				while( ($temp_stamp <= $this->end_time) &&
					(!$valid_weekday[ date("w", $temp_stamp)]) ) {
					$valid_weekday[	date( "w", $temp_stamp ) ] = 1;
					$temp_stamp += 86400;
				}
				$j=0;
				for( $i=0; $i<count($this->weekday_id); $i++ ) {
					if( !$valid_weekday[$this->weekday_id[$i]] ) {
						$this->error = "A selected day of the "
							. "week is not included in the"
							. " time interval you specified.";
						return 0;
					}
				}
			}
		}

		return 1;
	}

	function submitEvent() {
		if( !$this->submitter_id ) {
$this->error = "Your user ID got lost somewhere along the way.  " .
"Either your session expired or you have cookies disabled in your web browser."
. "  Make sure you've got cookies enabled and log in again.  Then you can " .
"try clicking the back button a couple times to get back to the form, so " .
"you won't have to type everything in again.";
			return 0;
		}

// If this is an approved modification, then we can just update the existing event.
		if( $this->approver_id && $this->modify_id ) {
			$this->event_id = $this->modify_id;
			$this->modify_id = "";
			return $this->updateEvent();
		}

		if (!$db_conn = connectRWToCalendar()) {
			$this->error = $php_errormsg;
			return 0;
		}

		if(! $result_id = @pg_exec( $db_conn, "BEGIN WORK" ) ) {
			$this->error = $php_errormsg;
			$this->error .= " beginning work in submit.";
			return 0;
		}

// simple (or not) SQL statement to insert the event into the database
$query = "INSERT INTO srcevent( title, description, location_id,"
. " start_time, end_time, submitted_time, submitter_id, approver_id, info_url, "
. "info_email, hide_oc, modify_id ) VALUES ( '" . $this->title . "', '" .
$this->description . "', " . $this->location_id . ", " . $this->start_time .
", " . $this->end_time . ", " . $this->submitted_time . ", " .
$this->submitter_id . ", " .
($this->approver_id ? $this->approver_id : "NULL") . ", " .
($this->info_url ? "'".$this->info_url."'" : "NULL") . ", " .
($this->info_email ? "'".$this->info_email."'" : "NULL") . ", " .
($this->hide_oc ? $this->hide_oc : "NULL" ) . ", " .
($this->modify_id ? $this->modify_id : "NULL" ) .
")";
		if (! $result_id = @pg_exec( $db_conn, $query ) ) {
			$this->error = $php_errormsg . "at submit exec.";
			$this->error .= " QUERY= " . $query;
			@pg_exec( $db_conn, "ROLLBACK WORK" );
			return 0;
		}

// We need to search again to get the event_id.  The OID will be unique.

		$oid = pg_getLastOID( $result_id );
		$query = "SELECT event_id from srcEvent where oid = " . $oid;
		if (! $result_id = @pg_exec( $db_conn, $query ) ) {
			$this->error = $php_errormsg . " at select in submit.";
			$this->error .= " QUERY= " . $query;
			@pg_exec( $db_conn, "ROLLBACK WORK" );
			return 0;
		}
		if( !($this->event_id =
				pg_result( $result_id, 0, "event_id" ))) {
			$this->error = $php_errormsg . " at select in submit.";
			@pg_exec( $db_conn, "ROLLBACK WORK" );
			return 0;
		}

// with the event ID, we can add the things that are stored in other tables
		for( $i = 0; $i < count( $this->audience_id ); $i++ ) {
$query = "INSERT INTO srcAudienceList ( event_id, audience_id ) VALUES ( "
. $this->event_id . ", " . $this->audience_id[$i] . " )";
			if (! $result_id = pg_exec( $db_conn, $query ) ) {
				$this->error = $php_errormsg . "inserting audiences";
				$this->error .= " QUERY= ". $query;
				@pg_exec( $db_conn, "ROLLBACK WORK" );
				return 0;
			}
		}

		for( $i = 0; $i < count( $this->category_id ); $i++ ) {
$query = "INSERT INTO srcCategoryList ( event_id, category_id ) VALUES ( "
. $this->event_id . ", " . $this->category_id[$i] . " )";
			if (! $result_id = pg_exec( $db_conn, $query ) ) {
				$this->error = $php_errormsg . "inserting categories";
				$this->error .= " QUERY= " . $query;
				@pg_exec( $db_conn, "ROLLBACK WORK" );
				return 0;
			}
		}

		for( $i = 0; $i < count( $this->weekday_id ); $i++ ) {
$query = "INSERT INTO srcweekdaylist ( event_id, day ) VALUES ( "
. $this->event_id . ", " . $this->weekday_id[$i] . " )";
			if (! $result_id = pg_exec( $db_conn, $query ) ) {
				$this->error = $php_errormsg . "inserting weekdays";
				$this->error .= " QUERY= " . $query;
				@pg_exec( $db_conn, "ROLLBACK WORK" );
				return 0;
			}
		}

		$timestamps = $this->generateTimestampArray();

		for( $i = 0; $i < count( $timestamps ); $i++ ) {
$query = "INSERT INTO srcindex ( event_id, timestamp ) VALUES ( "
. $this->event_id . ", " . $timestamps[$i] . " )";
			if (! $result_id = pg_exec( $db_conn, $query ) ) {
				$this->error = $php_errormsg . "updating index";
				$this->error .= " QUERY= " . $query;
				@pg_exec( $db_conn, "ROLLBACK WORK" );
				return 0;
			}
		}

		if( !$result_id = @pg_exec( $db_conn, "COMMIT WORK" ) ) {
			$this->error = $php_errormsg;
			$this->error .= " committing work in submit.";
			@pg_exec( $db_conn, "ROLLBACK WORK" );
			return 0;
		}

		pg_close( $db_conn );

// Bruce Tenison, generous guy that he is, supplied me with some code for
//  emailing location administrators when an event is submitted.
		if( !$this->approver_id ) {
			if (!$db_conn = connectROToAuth()) {
				$this->error = $php_errormsg;
				return 0;
			}

//  Select rows from the permissions table for this location or -1 (all)
			$query = "SELECT user_id, permissions, location_id "
				. "FROM permissions WHERE location_id = " .
				$this->location_id . " OR location_id = -1";
			if (! $result_id = @pg_exec( $db_conn, $query ) ) {
				$this->error = $php_errormsg . " at select in submit.";
				$this->error .= " QUERY= " . $query;
				return 0;
			}

			$num_rows = pg_numrows( $result_id );
			for( $i = 0; $i < $num_rows ; $i++ ) {
				$stuff = pg_fetch_array( $result_id, $i );
				$uid = $stuff["user_id"];
				$perms = $stuff["permissions"];
				$locationid = $stuff["location_id"];
// Now we need to check if the user has permission to approve this entry
// I'm going to look at this in two sections (makes more sense to me that way)
// 1)  If the submitter_id of the entry is the same as the permissions
//	user_id, check the approve_own bit
// 2)  If the submitter_id of the entry is NOT the same as the permissions
//	user_id, check the approve_other bit
				if ( (($this->submitter_id == $uid) &&
						($perms & $GLOBALS["pApproveOwn"]))
					|| (($this->submitter_id != $uid) &&
						($perms & $GLOBALS["pApproveOther"]))){

					exec( $GLOBALS["config_getuidinfo"]
						. " $uid", $dummy, $err_num );
					if( $err_num ) {
						$this->error = "An administrator's "
							. "email address could not be"
							. " found.  The event will be"
							. " submitted anyway.";
						return 0;
					}
					$temp_array = split( ":", $dummy[0] );
					unset( $dummy );

					$mailto = $temp_array[0] . "@" . $GLOBALS["config_domain"];
					$mailfrom = $GLOBALS["config_webmaster"];
					$subject = "Event submission";
					$message = "An event was submitted to the " .
						"online event calendar, as included "
						. "below:\n\n";
					$message .= $this->returnEventText();

					mail( $mailto, $subject, $message, "From: $mailfrom" );
				}
			}
			pg_close( $db_conn );
		}

		return $this->event_id;
	}

	function rejectEvent( $rejecter_id, $reason = "" ) {

// remove the event from the database and notify the submitter
		$return = $this->deleteEvent();
		if( !$return )
			return 0;

// mail support to inform submitter of rejection.
		exec( $GLOBALS["config_getuidinfo"] . " $this->submitter_id",
			$dummy, $err_num );
		if( $err_num ) {
$this->error = "The submitter's e-mail address could not be retrieved.";