"Fossies" - the Fresh Open Source Software Archive

Member "mrbs-1.9.2/web/admin.php" (14 Oct 2020, 16941 Bytes) of package /linux/www/mrbs-1.9.2.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) PHP source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file. For more information about "admin.php" see the Fossies "Dox" file reference documentation and the last Fossies "Diffs" side-by-side code changes report: 1.9.0_vs_1.9.1.

    1 <?php
    2 namespace MRBS;
    3 
    4 use MRBS\Form\Form;
    5 use MRBS\Form\ElementButton;
    6 use MRBS\Form\ElementFieldset;
    7 use MRBS\Form\ElementImg;
    8 use MRBS\Form\ElementInputImage;
    9 use MRBS\Form\FieldInputEmail;
   10 use MRBS\Form\FieldInputNumber;
   11 use MRBS\Form\FieldInputText;
   12 use MRBS\Form\FieldInputSubmit;
   13 use MRBS\Form\FieldSelect;
   14 
   15 
   16 require "defaultincludes.inc";
   17 
   18 
   19 function generate_room_delete_form($room, $area)
   20 {
   21   $form = new Form();
   22 
   23   $attributes = array('action' => multisite('del.php'),
   24                       'method' => 'post');
   25 
   26   $form->setAttributes($attributes);
   27 
   28   // Hidden inputs
   29   $hidden_inputs = array('type' => 'room',
   30                          'area' => $area,
   31                          'room' => $room);
   32   $form->addHiddenInputs($hidden_inputs);
   33 
   34   // The button
   35   $element = new ElementInputImage();
   36   $element->setAttributes(array('class'  => 'button',
   37                                 'src'    => 'images/delete.png',
   38                                 'width'  => '16',
   39                                 'height' => '16',
   40                                 'title'  => get_vocab('delete'),
   41                                 'alt'    => get_vocab('delete')));
   42   $form->addElement($element);
   43 
   44   $form->render();
   45 }
   46 
   47 
   48 function generate_area_change_form($enabled_areas, $disabled_areas)
   49 {
   50   global $area, $day, $month, $year;
   51 
   52   $form = new Form();
   53 
   54   $attributes = array('class'  => 'areaChangeForm',
   55                       'action' => multisite(this_page()),
   56                       'method' => 'post');
   57 
   58   $form->setAttributes($attributes);
   59 
   60   // Hidden inputs for page day, month, year
   61   $hidden_inputs = array('day'   => $day,
   62                          'month' => $month,
   63                          'year'  => $year);
   64   $form->addHiddenInputs($hidden_inputs);
   65 
   66   // Now the visible fields
   67   $fieldset = new ElementFieldset();
   68   $fieldset->addLegend('');
   69 
   70   // The area select
   71   if (is_admin())
   72   {
   73     $options = array(get_vocab("enabled") => $enabled_areas,
   74                      get_vocab("disabled") => $disabled_areas);
   75   }
   76   else
   77   {
   78     $options = $enabled_areas;
   79   }
   80 
   81   $field = new FieldSelect();
   82   $field->setLabel(get_vocab('area'))
   83         ->setControlAttributes(array('id'       => 'area_select',
   84                                      'name'     => 'area',
   85                                      'class'    => 'room_area_select',
   86                                      'onchange' => 'this.form.submit()'))
   87         ->addSelectOptions($options, $area, true);
   88   $fieldset->addElement($field);
   89 
   90   // The change area button (won't be needed or displayed if JavaScript is enabled)
   91   $field = new FieldInputSubmit();
   92   $field->setAttribute('class', 'js_none')
   93         ->setControlAttributes(array('value' => get_vocab('change'),
   94                                      'name'  => 'change'));
   95   $fieldset->addElement($field);
   96 
   97   // If they're an admin then give them edit and delete buttons for the area
   98   if (is_admin())
   99   {
  100     $img = new ElementImg();
  101     $img->setAttributes(array('src'   => 'images/edit.png',
  102                               'alt'   => get_vocab('edit')));
  103     $button = new ElementButton();
  104     $button->setAttributes(array('class'      => 'image',
  105                                  'title' => get_vocab('edit'),
  106                                  'formaction' => multisite('edit_area.php')))
  107            ->addElement($img);
  108     $fieldset->addElement($button);
  109 
  110     $img = new ElementImg();
  111     $img->setAttributes(array('src'   => 'images/delete.png',
  112                               'alt'   => get_vocab('delete')));
  113     $button = new ElementButton();
  114     $button->setAttributes(array('class'      => 'image',
  115                                  'title' => get_vocab('delete'),
  116                                  'formaction' => multisite('del.php?type=area')))
  117            ->addElement($img);
  118     $fieldset->addElement($button);
  119   }
  120 
  121   $form->addElement($fieldset);
  122 
  123   $form->render();
  124 }
  125 
  126 
  127 function generate_new_area_form()
  128 {
  129   $form = new Form();
  130 
  131   $attributes = array('id'     => 'add_area',
  132                       'class'  => 'form_admin standard',
  133                       'action' => multisite('add.php'),
  134                       'method' => 'post');
  135 
  136   $form->setAttributes($attributes);
  137 
  138   // Hidden field for the type of operation
  139   $form->addHiddenInput('type', 'area');
  140 
  141   // Now the visible fields
  142   $fieldset = new ElementFieldset();
  143   $fieldset->addLegend(get_vocab('addarea'));
  144 
  145   // The name field
  146   $field = new FieldInputText();
  147   $field->setLabel(get_vocab('name'))
  148         ->setControlAttributes(array('id'        => 'area_name',
  149                                      'name'      => 'name',
  150                                      'required'  => true,
  151                                      'maxlength' => maxlength('area.area_name')));
  152   $fieldset->addElement($field);
  153 
  154   // The submit button
  155   $field = new FieldInputSubmit();
  156   $field->setControlAttributes(array('value' => get_vocab('addarea'),
  157                                      'class' => 'submit'));
  158   $fieldset->addElement($field);
  159 
  160   $form->addElement($fieldset);
  161 
  162   $form->render();
  163 }
  164 
  165 
  166 function generate_new_room_form()
  167 {
  168   global $area;
  169 
  170   $form = new Form();
  171 
  172   $attributes = array('id'     => 'add_room',
  173                       'class'  => 'form_admin standard',
  174                       'action' => multisite('add.php'),
  175                       'method' => 'post');
  176 
  177   $form->setAttributes($attributes);
  178 
  179   // Hidden inputs
  180   $hidden_inputs = array('type' => 'room',
  181                          'area' => $area);
  182   $form->addHiddenInputs($hidden_inputs);
  183 
  184   // Visible fields
  185   $fieldset = new ElementFieldset();
  186   $fieldset->addLegend(get_vocab('addroom'));
  187 
  188   // The name field
  189   $field = new FieldInputText();
  190   $field->setLabel(get_vocab('name'))
  191         ->setControlAttributes(array('id'        => 'room_name',
  192                                      'name'      => 'name',
  193                                      'required'  => true,
  194                                      'maxlength' => maxlength('room.room_name')));
  195   $fieldset->addElement($field);
  196 
  197   // The description field
  198   $field = new FieldInputText();
  199   $field->setLabel(get_vocab('description'))
  200         ->setControlAttributes(array('id'        => 'room_description',
  201                                      'name'      => 'description',
  202                                      'maxlength' => maxlength('room.description')));
  203   $fieldset->addElement($field);
  204 
  205   // Capacity
  206   $field = new FieldInputNumber();
  207   $field->setLabel(get_vocab('capacity'))
  208         ->setControlAttributes(array('name' => 'capacity',
  209                                      'min'  => '0'));
  210   $fieldset->addElement($field);
  211 
  212   // The email field
  213   $field = new FieldInputEmail();
  214   $field->setLabel(get_vocab('room_admin_email'))
  215         ->setLabelAttribute('title', get_vocab('email_list_note'))
  216         ->setControlAttributes(array('id'       => 'room_admin_email',
  217                                      'name'     => 'room_admin_email',
  218                                      'multiple' => true));
  219   $fieldset->addElement($field);
  220 
  221   // The submit button
  222   $field = new FieldInputSubmit();
  223   $field->setControlAttributes(array('value' => get_vocab('addroom'),
  224                                      'class' => 'submit'));
  225   $fieldset->addElement($field);
  226 
  227   $form->addElement($fieldset);
  228 
  229   $form->render();
  230 }
  231 
  232 
  233 // Check the CSRF token.
  234 // Only check the token if the page is accessed via a POST request.  Therefore
  235 // this page should not take any action, but only display data.
  236 Form::checkToken($post_only=true);
  237 
  238 // Check the user is authorised for this page
  239 checkAuthorised(this_page());
  240 
  241 
  242 
  243 // Get non-standard form variables
  244 $error = get_form_var('error', 'string');
  245 
  246 
  247 $context = array(
  248     'view'      => $view,
  249     'view_all'  => $view_all,
  250     'year'      => $year,
  251     'month'     => $month,
  252     'day'       => $day,
  253     'area'      => isset($area) ? $area : null,
  254     'room'      => isset($room) ? $room : null
  255   );
  256 
  257 print_header($context);
  258 
  259 // Get the details we need for this area
  260 if (isset($area))
  261 {
  262   $sql = "SELECT area_name, custom_html
  263             FROM " . _tbl('area') . "
  264            WHERE id=?
  265            LIMIT 1";
  266 
  267   $res = db()->query($sql, array($area));
  268 
  269   if ($res->count() == 1)
  270   {
  271     $row = $res->next_row_keyed();
  272     $area_name = $row['area_name'];
  273     $custom_html = $row['custom_html'];
  274   }
  275 }
  276 
  277 
  278 echo "<h2>" . get_vocab("administration") . "</h2>\n";
  279 if (!empty($error))
  280 {
  281   echo "<p class=\"error\">" . htmlspecialchars(get_vocab($error)) . "</p>\n";
  282 }
  283 
  284 // TOP SECTION:  THE FORM FOR SELECTING AN AREA
  285 echo "<div id=\"area_form\">\n";
  286 
  287 $sql = "SELECT id, area_name, disabled
  288           FROM " . _tbl('area') . "
  289       ORDER BY disabled, sort_key";
  290 $res = db()->query($sql);
  291 
  292 $enabled_areas = array();
  293 $disabled_areas = array();
  294 
  295 while (false !== ($row = $res->next_row_keyed()))
  296 {
  297   if ($row['disabled'])
  298   {
  299     $disabled_areas[$row['id']] = $row['area_name'];
  300   }
  301   else
  302   {
  303     $enabled_areas[$row['id']] = $row['area_name'];
  304   }
  305 }
  306 
  307 $areas_defined = !empty($enabled_areas) || !empty($disabled_areas);
  308 
  309 if (!$areas_defined)
  310 {
  311   echo "<p>" . get_vocab("noareas") . "</p>\n";
  312 }
  313 else
  314 {
  315   if (!is_admin() && empty($enabled_areas))
  316   {
  317     echo "<p>" . get_vocab("noareas_enabled") . "</p>\n";
  318   }
  319   else
  320   {
  321     // If there are some areas to display, then show the area form
  322     generate_area_change_form($enabled_areas, $disabled_areas);
  323   }
  324 }
  325 
  326 if (is_admin())
  327 {
  328   // New area form
  329   generate_new_area_form();
  330 }
  331 echo "</div>";  // area_form
  332 
  333 
  334 // Now the custom HTML
  335 if ($auth['allow_custom_html'])
  336 {
  337   echo "<div id=\"div_custom_html\">\n";
  338   // no htmlspecialchars() because we want the HTML!
  339   echo (isset($custom_html)) ? "$custom_html\n" : "";
  340   echo "</div>\n";
  341 }
  342 
  343 
  344 // BOTTOM SECTION: ROOMS IN THE SELECTED AREA
  345 // Only display the bottom section if the user is an admin or
  346 // else if there are some areas that can be displayed
  347 if (is_admin() || !empty($enabled_areas))
  348 {
  349   echo "<h2>\n";
  350   echo get_vocab("rooms");
  351   if(isset($area_name))
  352   {
  353     echo " " . get_vocab("in") . " " . htmlspecialchars($area_name);
  354   }
  355   echo "</h2>\n";
  356 
  357   echo "<div id=\"room_form\">\n";
  358   if (isset($area))
  359   {
  360     $rooms = get_rooms($area, true);
  361 
  362     if (count($rooms) == 0)
  363     {
  364       echo "<p>" . get_vocab("norooms") . "</p>\n";
  365     }
  366     else
  367     {
  368        // Get the information about the fields in the room table
  369       $fields = db()->field_info(_tbl('room'));
  370 
  371       // See if there are going to be any rooms to display (in other words rooms if
  372       // you are not an admin whether any rooms are enabled)
  373       $n_displayable_rooms = 0;
  374       foreach ($rooms as $r)
  375       {
  376         if (is_admin() || !$r['disabled'])
  377         {
  378           $n_displayable_rooms++;
  379         }
  380       }
  381 
  382       if ($n_displayable_rooms == 0)
  383       {
  384         echo "<p>" . get_vocab("norooms_enabled") . "</p>\n";
  385       }
  386       else
  387       {
  388         echo "<div id=\"room_info\" class=\"datatable_container\">\n";
  389         // Build the table.    We deal with the name and disabled columns
  390         // first because they are not necessarily the first two columns in
  391         // the table (eg if you are running PostgreSQL and have upgraded your
  392         // database)
  393         echo "<table id=\"rooms_table\" class=\"admin_table display\">\n";
  394 
  395         // The header
  396         echo "<thead>\n";
  397         echo "<tr>\n";
  398 
  399         echo "<th>" . get_vocab("name") . "</th>\n";
  400         if (is_admin())
  401         {
  402           // Don't show ordinary users the disabled status:  they are only going to see enabled rooms
  403           echo "<th>" . get_vocab("enabled") . "</th>\n";
  404         }
  405         // ignore these columns, either because we don't want to display them,
  406         // or because we have already displayed them in the header column
  407         $ignore = array('id', 'area_id', 'room_name', 'disabled', 'sort_key', 'custom_html');
  408         foreach($fields as $field)
  409         {
  410           if (!in_array($field['name'], $ignore))
  411           {
  412             switch ($field['name'])
  413             {
  414               // the standard MRBS fields
  415               case 'description':
  416               case 'capacity':
  417               case 'room_admin_email':
  418               case 'invalid_types':
  419                 $text = get_vocab($field['name']);
  420                 break;
  421               // any user defined fields
  422               default:
  423                 $text = get_loc_field_name(_tbl('room'), $field['name']);
  424                 break;
  425             }
  426             // We don't use htmlspecialchars() here because the column names are
  427             // trusted and some of them may deliberately contain HTML entities (eg &nbsp;)
  428             echo "<th>$text</th>\n";
  429           }
  430         }
  431 
  432         if (is_admin())
  433         {
  434           echo "<th>&nbsp;</th>\n";
  435         }
  436 
  437         echo "</tr>\n";
  438         echo "</thead>\n";
  439 
  440         // The body
  441         echo "<tbody>\n";
  442         $row_class = "odd";
  443         foreach ($rooms as $r)
  444         {
  445           // Don't show ordinary users disabled rooms
  446           if (is_admin() || !$r['disabled'])
  447           {
  448             $row_class = ($row_class == "even") ? "odd" : "even";
  449             echo "<tr class=\"$row_class\">\n";
  450 
  451             $html_name = htmlspecialchars($r['room_name']);
  452             $href = multisite('edit_room.php?room=' . $r['id']);
  453             // We insert an invisible span containing the sort key so that the rooms will
  454             // be sorted properly
  455             echo "<td><div>" .
  456                  "<span>" . htmlspecialchars($r['sort_key']) . "</span>" .
  457                  "<a title=\"$html_name\" href=\"" . htmlspecialchars($href) . "\">$html_name</a>" .
  458                  "</div></td>\n";
  459             if (is_admin())
  460             {
  461               // Don't show ordinary users the disabled status:  they are only going to see enabled rooms
  462               echo "<td class=\"boolean\"><div>" . ((!$r['disabled']) ? "<img src=\"images/check.png\" alt=\"check mark\" width=\"16\" height=\"16\">" : "&nbsp;") . "</div></td>\n";
  463             }
  464             foreach($fields as $field)
  465             {
  466               if (!in_array($field['name'], $ignore))
  467               {
  468                 switch ($field['name'])
  469                 {
  470                   // the standard MRBS fields
  471                   case 'description':
  472                   case 'room_admin_email':
  473                     echo "<td><div>" . htmlspecialchars($r[$field['name']]) . "</div></td>\n";
  474                     break;
  475                   case 'capacity':
  476                     echo "<td class=\"int\"><div>" . $r[$field['name']] . "</div></td>\n";
  477                     break;
  478                   case 'invalid_types':
  479                     echo "<td><div>" . get_type_names($r[$field['name']]) . "</div></td>\n";
  480                     break;
  481                   // any user defined fields
  482                   default:
  483                     if (($field['nature'] == 'boolean') ||
  484                         (($field['nature'] == 'integer') && isset($field['length']) && ($field['length'] <= 2)) )
  485                     {
  486                       // booleans: represent by a checkmark
  487                       echo "<td class=\"boolean\"><div>";
  488                       echo (!empty($r[$field['name']])) ? "<img src=\"images/check.png\" alt=\"check mark\" width=\"16\" height=\"16\">" : "&nbsp;";
  489                       echo "</div></td>\n";
  490                     }
  491                     elseif (($field['nature'] == 'integer') && isset($field['length']) && ($field['length'] > 2))
  492                     {
  493                       // integer values
  494                       echo "<td class=\"int\"><div>" . $r[$field['name']] . "</div></td>\n";
  495                     }
  496                     else
  497                     {
  498                       // strings
  499                       $value = $r[$field['name']];
  500                       $html = "<td title=\"" . htmlspecialchars($value) . "\"><div>";
  501                       // Truncate before conversion, otherwise you could chop off in the middle of an entity
  502                       $html .= htmlspecialchars(utf8_substr($value, 0, $max_content_length));
  503                       $html .= (utf8_strlen($value) > $max_content_length) ? '&hellip;' : '';
  504                       $html .= "</div></td>\n";
  505                       echo $html;
  506                     }
  507                     break;
  508                 }  // switch
  509               }  // if
  510             }  // foreach
  511 
  512             // Give admins a delete button
  513             if (is_admin())
  514             {
  515               echo "<td>\n<div>\n";
  516               generate_room_delete_form($r['id'], $area);
  517 
  518 
  519               echo "</div>\n</td>\n";
  520             }
  521 
  522             echo "</tr>\n";
  523           }
  524         }
  525 
  526         echo "</tbody>\n";
  527         echo "</table>\n";
  528         echo "</div>\n";
  529 
  530       }
  531     }
  532   }
  533   else
  534   {
  535     echo get_vocab("noarea");
  536   }
  537 
  538   // Give admins a form for adding rooms to the area - provided
  539   // there's an area selected
  540   if (is_admin() && $areas_defined && !empty($area))
  541   {
  542     generate_new_room_form();
  543   }
  544   echo "</div>\n";
  545 }
  546 
  547 print_footer();