[geeklog-cvs] geeklog-1.3/public_html calendar_event.php,1.26,1.27
dhaun at geeklog.net
dhaun at geeklog.net
Sun Jan 4 17:14:40 EST 2004
Update of /usr/cvs/geeklog/geeklog-1.3/public_html
In directory geeklog_prod:/tmp/cvs-serv4210
Modified Files:
calendar_event.php
Log Message:
More GET/POST parameter filtering. Also fixed a few display bugs along the way.
Index: calendar_event.php
===================================================================
RCS file: /usr/cvs/geeklog/geeklog-1.3/public_html/calendar_event.php,v
retrieving revision 1.26
retrieving revision 1.27
diff -C2 -d -r1.26 -r1.27
*** calendar_event.php 30 Aug 2003 16:39:13 -0000 1.26
--- calendar_event.php 4 Jan 2004 22:14:38 -0000 1.27
***************
*** 51,59 ****
global $_USER, $LANG02, $_CONF, $_TABLES;
- $retval .= COM_startBlock($LANG02[11]);
$eventsql = "SELECT *, datestart AS start, dateend AS end, timestart, timeend, allday FROM {$_TABLES['events']} WHERE eid='$eid'";
$result = DB_query($eventsql);
$nrows = DB_numRows($result);
if ($nrows == 1) {
$A = DB_fetchArray($result);
$cal_template = new Template($_CONF['path_layout'] . 'calendar');
--- 51,59 ----
global $_USER, $LANG02, $_CONF, $_TABLES;
$eventsql = "SELECT *, datestart AS start, dateend AS end, timestart, timeend, allday FROM {$_TABLES['events']} WHERE eid='$eid'";
$result = DB_query($eventsql);
$nrows = DB_numRows($result);
if ($nrows == 1) {
+ $retval .= COM_startBlock($LANG02[11]);
$A = DB_fetchArray($result);
$cal_template = new Template($_CONF['path_layout'] . 'calendar');
***************
*** 65,70 ****
$cal_template->set_var('event_title',stripslashes($A['title']));
! if (!empty($A['url'])) {
! $cal_template->set_var('event_begin_anchortag', '<a href="' . $A['url'] . '" target="_blank">');
$cal_template->set_var('event_end_anchortag', '</a>');
} else {
--- 65,70 ----
$cal_template->set_var('event_title',stripslashes($A['title']));
! if (!empty ($A['url']) && ($A['url'] != 'http://')) {
! $cal_template->set_var('event_begin_anchortag', '<a href="' . $A['url'] . '">');
$cal_template->set_var('event_end_anchortag', '</a>');
} else {
***************
*** 99,102 ****
--- 99,103 ----
$cal_template->parse('output','addevent');
$retval .= $cal_template->finish($cal_template->get_var('output'));
+ $retval .= COM_endBlock ();
} else {
$retval .= COM_showMessage(23);
***************
*** 117,121 ****
* @emailreminder string Not used yet, for future functionality
*/
! function saveuserevent($eid, $reminder, $emailreminder, $mode)
{
global $_TABLES, $MESSAGE, $_USER, $_CONF;
--- 118,122 ----
* @emailreminder string Not used yet, for future functionality
*/
! function saveuserevent($eid, $reminder, $emailreminder)
{
global $_TABLES, $MESSAGE, $_USER, $_CONF;
***************
*** 134,142 ****
*/
$savesql = "INSERT INTO {$_TABLES['personal_events']} (eid,uid,title,event_type,datestart,dateend,allday,address1,address2,city,state,zipcode,url,description,group_id,owner_id,perm_owner,perm_group,perm_members,perm_anon) SELECT eid," . $_USER['uid'] . ",title,event_type,datestart,dateend,allday,address1,address2,city,state,zipcode,url,description,group_id,owner_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['events']} WHERE eid = '{$eid}'";
DB_query($savesql);
! return COM_refresh("{$_CONF['site_url']}/calendar.php?mode=$mode&msg=24");
}
--- 135,147 ----
*/
+ // Try to delete the event first in case it has already been added
+ DB_query ("DELETE FROM {$_TABLES['personal_events']} WHERE uid={$_USER['uid']} AND eid='$eid'");
+
$savesql = "INSERT INTO {$_TABLES['personal_events']} (eid,uid,title,event_type,datestart,dateend,allday,address1,address2,city,state,zipcode,url,description,group_id,owner_id,perm_owner,perm_group,perm_members,perm_anon) SELECT eid," . $_USER['uid'] . ",title,event_type,datestart,dateend,allday,address1,address2,city,state,zipcode,url,description,group_id,owner_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['events']} WHERE eid = '{$eid}'";
DB_query($savesql);
! return COM_refresh ($_CONF['site_url']
! . '/calendar.php?mode=personal&msg=24');
}
***************
*** 371,401 ****
$display = '';
switch ($action) {
case 'addevent':
$display .= COM_siteHeader();
! if (!empty($eid)) {
! $display .= adduserevent($eid);
} else {
! $display .= COM_showMessage(23);
}
! $display .= COM_endBlock() . COM_siteFooter();
break;
case 'saveuserevent':
! if (!empty($eid)) {
! $display .= saveuserevent($eid,$remind,$emailreminder,$mode);
} else {
! $display .= COM_siteHeader();
! $display .= COM_showMessage(23);
! $display .= COM_siteFooter();
}
break;
case 'deleteevent':
! DB_query("DELETE FROM {$_TABLES['personal_events']} WHERE uid={$_USER['uid']} AND eid='$eid'");
! $display .= COM_refresh($_CONF['site_url'] . '/calendar.php?mode=personal&msg=26');
break;
default:
! if (!empty($eid)) {
if ($mode == 'personal' AND DB_count($_TABLES['events'],'eid',$eid) == 0) {
$display .= COM_siteHeader('menu');
--- 376,426 ----
$display = '';
+ if (isset ($HTTP_POST_VARS['action'])) {
+ $action = COM_applyFilter ($HTTP_POST_VARS['action']);
+ } else {
+ $action = COM_applyFilter ($HTTP_GET_VARS['action']);
+ }
+
switch ($action) {
case 'addevent':
$display .= COM_siteHeader();
! $eid = COM_applyFilter ($HTTP_GET_VARS['eid']);
! if (!empty ($eid)) {
! $display .= adduserevent ($eid);
} else {
! $display .= COM_showMessage (23);
}
! $display .= COM_siteFooter ();
break;
+
case 'saveuserevent':
! $eid = COM_applyFilter ($HTTP_POST_VARS['eid']);
! if (!empty ($eid)) {
! $display .= saveuserevent ($eid, $HTTP_POST_VARS['remind'],
! $HTTP_POST_VARS['emailreminder']);
} else {
! $display .= COM_siteHeader ();
! $display .= COM_showMessage (23);
! $display .= COM_siteFooter ();
}
break;
+
case 'deleteevent':
! $eid = COM_applyFilter ($HTTP_GET_VARS['eid']);
! if (!empty ($eid) && ($_USER['uid'] > 1)) {
! DB_query ("DELETE FROM {$_TABLES['personal_events']} WHERE uid={$_USER['uid']} AND eid='$eid'");
! $display .= COM_refresh ($_CONF['site_url']
! . '/calendar.php?mode=personal&msg=26');
! } else {
! $display .= COM_refresh ($_CONF['site_url'] . '/index.php');
! }
break;
+
default:
! $mode = COM_applyFilter ($HTTP_GET_VARS['mode']);
! $eid = COM_applyFilter ($HTTP_GET_VARS['eid']);
! if (!empty ($eid)) {
if ($mode == 'personal' AND DB_count($_TABLES['events'],'eid',$eid) == 0) {
$display .= COM_siteHeader('menu');
***************
*** 419,425 ****
}
} else {
! $display .= COM_startBlock($LANG30[10] . " $month/$day/$year");
! $thedate= $year . "-". $month . "-" . $day;
! $datesql = "SELECT *,datestart AS start,dateend AS end FROM {$_TABLES['events']} WHERE \"$thedate\" BETWEEN DATE_FORMAT(datestart,'%Y-%m-%d') and DATE_FORMAT(dateend,'%Y-%m-%d') ORDER BY datestart asc,title";
}
$cal_templates = new Template($_CONF['path_layout'] . 'calendar');
--- 444,453 ----
}
} else {
! $display .= COM_siteHeader ('menu');
! $display .= COM_startBlock ($LANG30[10] . ' '
! . strftime ($_CONF['shortdate'],
! mktime (0, 0, 0, $month, $day, $year)));
! $thedate = sprintf ('%4d-%02d-%02d', $year, $month, $day);
! $datesql = "SELECT *,datestart AS start,dateend AS end FROM {$_TABLES['events']} WHERE \"$thedate\" BETWEEN DATE_FORMAT(datestart,'%Y-%m-%d') and DATE_FORMAT(dateend,'%Y-%m-%d') ORDER BY datestart ASC,title";
}
$cal_templates = new Template($_CONF['path_layout'] . 'calendar');
***************
*** 443,447 ****
$cal_templates->parse('output','events');
$display .= $cal_templates->finish($cal_templates->get_var('output'));
! $display .= $LANG02[1];
} else {
$cal = new Calendar();
--- 471,475 ----
$cal_templates->parse('output','events');
$display .= $cal_templates->finish($cal_templates->get_var('output'));
! $display .= $LANG02[2];
} else {
$cal = new Calendar();
***************
*** 473,486 ****
if (!empty($_USER['uid']) AND $_CONF['personalcalendars'] == 1) {
! $tmpresult = DB_query("SELECT * FROM {$_TABLES["personal_events"]} WHERE eid='{$A["eid"]}' AND uid={$_USER['uid']}");
$tmpnrows = DB_numRows($tmpresult);
if ($tmpnrows > 0) {
$cal_templates->set_var('addremove_begin_anchortag','<a href="'
! . $_CONF['site_url'] . '/calendar_event.php?eid=' . $A['eid'] . '&mode=' . $mode . '&action=deleteevent">');
$cal_templates->set_var('lang_addremovefromcal',$LANG02[10]);
$cal_templates->set_var('addremove_end_anchortag', '</a>');
} else {
$cal_templates->set_var('addremove_begin_anchortag','<a href="'
! . $_CONF['site_url'] . '/calendar_event.php?eid=' . $A['eid'] . '&mode=' . $mode . '&action=addevent">');
$cal_templates->set_var('lang_addremovefromcal',$LANG02[9]);
$cal_templates->set_var('addremove_end_anchortag', '</a>');
--- 501,514 ----
if (!empty($_USER['uid']) AND $_CONF['personalcalendars'] == 1) {
! $tmpresult = DB_query("SELECT * FROM {$_TABLES['personal_events']} WHERE eid='{$A['eid']}' AND uid={$_USER['uid']}");
$tmpnrows = DB_numRows($tmpresult);
if ($tmpnrows > 0) {
$cal_templates->set_var('addremove_begin_anchortag','<a href="'
! . $_CONF['site_url'] . '/calendar_event.php?eid=' . $A['eid'] . '&mode=personal&action=deleteevent">');
$cal_templates->set_var('lang_addremovefromcal',$LANG02[10]);
$cal_templates->set_var('addremove_end_anchortag', '</a>');
} else {
$cal_templates->set_var('addremove_begin_anchortag','<a href="'
! . $_CONF['site_url'] . '/calendar_event.php?eid=' . $A['eid'] . '&mode=personal&action=addevent">');
$cal_templates->set_var('lang_addremovefromcal',$LANG02[9]);
$cal_templates->set_var('addremove_end_anchortag', '</a>');
***************
*** 558,564 ****
}
}
}
- $cal_templates->parse('output','events');
- $display .= $cal_templates->finish($cal_templates->get_var('output'));
$display .= COM_endBlock() . COM_siteFooter();
--- 586,592 ----
}
}
+ $cal_templates->parse('output','events');
+ $display .= $cal_templates->finish($cal_templates->get_var('output'));
}
$display .= COM_endBlock() . COM_siteFooter();
More information about the geeklog-cvs
mailing list