-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathindex.php
128 lines (106 loc) · 3.62 KB
/
index.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
<?php
/******************************************************************************
*
* Subrion - open source content management system
* Copyright (C) 2016 Intelliants, LLC <http://www.intelliants.com>
*
* This file is part of Subrion.
*
* Subrion is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Subrion is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with Subrion. If not, see <http://www.gnu.org/licenses/>.
*
*
* @link http://www.subrion.org/
*
******************************************************************************/
if ($iaView->getRequestType() == iaView::REQUEST_JSON)
{
$iaDb->setTable('availability_calendar');
switch ($pageAction)
{
case iaCore::ACTION_ADD:
$out = array('message' => '', 'error' => true);
$id = isset($_POST['id']) ? (int)$_POST['id'] : 0;
$data = array(
'date' => isset($_POST['date']) && isset($_POST['date']) ? $_POST['date'] : 0,
'description' => isset($_POST['description']) ? strip_tags(iaSanitize::sql($_POST['description'])) : '',
'item' => isset($_POST['item']) ? iaSanitize::sql($_POST['item']) : '',
'item_id' => isset($_POST['item_id']) ? (int)$_POST['item_id'] : 0,
'member_id' => iaUsers::getIdentity()->id,
'status' => 'busy'
);
$member_id = $iaDb->one('`member_id`', "`id` = " . $data['item_id'], $data['item']);
if (!$member_id)
{
$out['message'] = iaLanguage::get('av_unknown_item');
}
elseif ($member_id != $_SESSION['user']['id'])
{
$out['message'] = iaLanguage::get('av_not_your_item');
}
if (!$id)
{
if ($iaDb->insert($data))
{
$out['message'] = iaLanguage::get('av_saved');
$out['error'] = false;
}
else
{
$out['message'] = iaLanguage::get('av_error_saving');
}
}
if ($out['error'] === false)
{
unset($out['error']);
}
$iaView->assign($out);
break;
case iaCore::ACTION_DELETE:
$out = array('message' => iaLanguage::get('unknown_error'), 'error' => true);
$item_id = isset($_POST['item_id']) ? (int)$_POST['item_id'] : 0;
$item = isset($_POST['item']) ? iaSanitize::sql($_POST['item']) : 0;
$date = isset($_POST['date']) ? $_POST['date'] : 0;
$member_id = $iaDb->one('`member_id`', "`id` = " . $data['item_id'], $data['item']);
if (!$member_id)
{
$out['message'] = iaLanguage::get('av_unknown_item');
}
elseif ($member_id != $_SESSION['user']['id'])
{
$out['message'] = iaLanguage::get('av_not_your_item');
}
$iaDb->delete("`item` = '{$item}' AND `item_id` = '{$item_id}' AND `date` = '{$date}'");
$out['message'] = iaLanguage::get('av_deleted');
$out['error'] = false;
$iaView->assign($out);
break;
case iaCore::ACTION_READ:
$item = isset($_GET['item']) ? iaSanitize::sql($_GET['item']) : false;
$itemId = isset($_GET['item_id']) ? (int)$_GET['item_id'] : false;
$month = isset($_GET['month']) ? $_GET['month'] : false;
$where = '1';
if ($item && $itemId)
{
$where = "`item` = '{$item}' AND `item_id` = '{$itemId}'";
}
if ($month)
{
$where .= " AND DATE_FORMAT(`date`, '%Y-%m') = '" . $month . "'";
}
$out = $iaDb->all(iaDb::ALL_COLUMNS_SELECTION, $where);
$iaView->assign($out);
break;
}
$iaDb->resetTable();
}