forked from craigk5n/webcalendar
-
Notifications
You must be signed in to change notification settings - Fork 0
/
add_entry.php
60 lines (56 loc) · 1.74 KB
/
add_entry.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
<?php
require_once 'includes/init.php';
$error = '';
// Only proceed if id was passed.
if ( $id > 0 ) {
// Double check to make sure user doesn't already have the event.
$is_my_event = $is_private = false;
$res = dbi_execute ( 'SELECT cal_id
FROM webcal_entry_user
WHERE cal_login = ?
AND cal_id = ?', [$login, $id] );
if ( $res ) {
$row = dbi_fetch_row ( $res );
if ( $row[0] == $id ) {
$is_my_event = true;
echo str_replace ( 'XXX', $id,
translate ( 'Event XXX is already on your calendar.' ) );
exit;
}
dbi_free_result ( $res );
}
// Now lets make sure the user is allowed to add the event (not private).
$res = dbi_execute ( 'SELECT cal_access
FROM webcal_entry
WHERE cal_id = ?', [$id] );
if ( ! $res ) {
echo str_replace ( 'XXX', $id, translate ( 'Invalid entry id XXX.' ) );
exit;
}
$mayNotAddStr =
translate ( 'a XXX event may not be added to your calendar' );
$row = dbi_fetch_row ( $res );
if ( ! $is_my_event ) {
if ( $row[0] == 'C' && ! $is_assistant && ! $is_nonuser_admin ) {
// Assistants are allowed to see confidential stuff.
$is_private = true;
echo str_replace ( 'XXX', translate ( 'confidential' ), $mayNotAddStr );
exit;
} else
if ( $row[0] == 'R' ) {
$is_private = true;
echo str_replace ( 'XXX', translate ( 'private' ), $mayNotAddStr );
exit;
}
}
// Add the event.
if ( $readonly == 'N' && ! $is_my_event && ! $is_private ) {
if ( ! dbi_execute ( 'INSERT INTO webcal_entry_user ( cal_id, cal_login, cal_status ) VALUES
( ?, ?, ? )', [$id, $login, 'A'] ) )
$error = str_replace ( 'XXX', dbi_error(),
translate ( 'Error adding event XXX.' ) );
}
}
send_to_preferred_view();
exit;
?>