multisite('del.php'), 'method' => 'post'); $form->setAttributes($attributes); // Hidden inputs $hidden_inputs = array('type' => 'room', 'area' => $area, 'room' => $room); $form->addHiddenInputs($hidden_inputs); // The button $element = new ElementInputImage(); $element->setAttributes(array('class' => 'button', 'src' => 'images/delete.png', 'width' => '16', 'height' => '16', 'title' => get_vocab('delete'), 'alt' => get_vocab('delete'))); $form->addElement($element); $form->render(); } function generate_area_change_form($enabled_areas, $disabled_areas) { global $area, $day, $month, $year; $form = new Form(); $attributes = array('class' => 'areaChangeForm', 'action' => multisite(this_page()), 'method' => 'post'); $form->setAttributes($attributes); // Hidden inputs for page day, month, year $hidden_inputs = array('day' => $day, 'month' => $month, 'year' => $year); $form->addHiddenInputs($hidden_inputs); // Now the visible fields $fieldset = new ElementFieldset(); $fieldset->addLegend(''); // The area select if (is_admin()) { $options = array(get_vocab("enabled") => $enabled_areas, get_vocab("disabled") => $disabled_areas); } else { $options = $enabled_areas; } $field = new FieldSelect(); $field->setLabel(get_vocab('area')) ->setControlAttributes(array('id' => 'area_select', 'name' => 'area', 'class' => 'room_area_select', 'onchange' => 'this.form.submit()')) ->addSelectOptions($options, $area, true); $fieldset->addElement($field); // The change area button (won't be needed or displayed if JavaScript is enabled) $field = new FieldInputSubmit(); $field->setAttribute('class', 'js_none') ->setControlAttributes(array('value' => get_vocab('change'), 'name' => 'change')); $fieldset->addElement($field); // If they're an admin then give them edit and delete buttons for the area if (is_admin()) { $img = new ElementImg(); $img->setAttributes(array('src' => 'images/edit.png', 'alt' => get_vocab('edit'))); $button = new ElementButton(); $button->setAttributes(array('class' => 'image', 'title' => get_vocab('edit'), 'formaction' => multisite('edit_area.php'))) ->addElement($img); $fieldset->addElement($button); $img = new ElementImg(); $img->setAttributes(array('src' => 'images/delete.png', 'alt' => get_vocab('delete'))); $button = new ElementButton(); $button->setAttributes(array('class' => 'image', 'title' => get_vocab('delete'), 'formaction' => multisite('del.php?type=area'))) ->addElement($img); $fieldset->addElement($button); } $form->addElement($fieldset); $form->render(); } function generate_new_area_form() { $form = new Form(); $attributes = array('id' => 'add_area', 'class' => 'form_admin standard', 'action' => multisite('add.php'), 'method' => 'post'); $form->setAttributes($attributes); // Hidden field for the type of operation $form->addHiddenInput('type', 'area'); // Now the visible fields $fieldset = new ElementFieldset(); $fieldset->addLegend(get_vocab('addarea')); // The name field $field = new FieldInputText(); $field->setLabel(get_vocab('name')) ->setControlAttributes(array('id' => 'area_name', 'name' => 'name', 'required' => true, 'maxlength' => maxlength('area.area_name'))); $fieldset->addElement($field); // The submit button $field = new FieldInputSubmit(); $field->setControlAttributes(array('value' => get_vocab('addarea'), 'class' => 'submit')); $fieldset->addElement($field); $form->addElement($fieldset); $form->render(); } function generate_new_room_form() { global $area; $form = new Form(); $attributes = array('id' => 'add_room', 'class' => 'form_admin standard', 'action' => multisite('add.php'), 'method' => 'post'); $form->setAttributes($attributes); // Hidden inputs $hidden_inputs = array('type' => 'room', 'area' => $area); $form->addHiddenInputs($hidden_inputs); // Visible fields $fieldset = new ElementFieldset(); $fieldset->addLegend(get_vocab('addroom')); // The name field $field = new FieldInputText(); $field->setLabel(get_vocab('name')) ->setControlAttributes(array('id' => 'room_name', 'name' => 'name', 'required' => true, 'maxlength' => maxlength('room.room_name'))); $fieldset->addElement($field); // The description field $field = new FieldInputText(); $field->setLabel(get_vocab('description')) ->setControlAttributes(array('id' => 'room_description', 'name' => 'description', 'maxlength' => maxlength('room.description'))); $fieldset->addElement($field); // Capacity $field = new FieldInputNumber(); $field->setLabel(get_vocab('capacity')) ->setControlAttributes(array('name' => 'capacity', 'min' => '0')); $fieldset->addElement($field); // The email field $field = new FieldInputEmail(); $field->setLabel(get_vocab('room_admin_email')) ->setLabelAttribute('title', get_vocab('email_list_note')) ->setControlAttributes(array('id' => 'room_admin_email', 'name' => 'room_admin_email', 'multiple' => true)); $fieldset->addElement($field); // The submit button $field = new FieldInputSubmit(); $field->setControlAttributes(array('value' => get_vocab('addroom'), 'class' => 'submit')); $fieldset->addElement($field); $form->addElement($fieldset); $form->render(); } // Check the CSRF token. // Only check the token if the page is accessed via a POST request. Therefore // this page should not take any action, but only display data. Form::checkToken($post_only=true); // Check the user is authorised for this page checkAuthorised(this_page()); // Get non-standard form variables $error = get_form_var('error', 'string'); $context = array( 'view' => $view, 'view_all' => $view_all, 'year' => $year, 'month' => $month, 'day' => $day, 'area' => isset($area) ? $area : null, 'room' => isset($room) ? $room : null ); print_header($context); // Get the details we need for this area if (isset($area)) { $sql = "SELECT area_name, custom_html FROM " . _tbl('area') . " WHERE id=? LIMIT 1"; $res = db()->query($sql, array($area)); if ($res->count() == 1) { $row = $res->next_row_keyed(); $area_name = $row['area_name']; $custom_html = $row['custom_html']; } } echo "

" . get_vocab("administration") . "

\n"; if (!empty($error)) { echo "

" . htmlspecialchars(get_vocab($error)) . "

\n"; } // TOP SECTION: THE FORM FOR SELECTING AN AREA echo "
\n"; $sql = "SELECT id, area_name, disabled FROM " . _tbl('area') . " ORDER BY disabled, sort_key"; $res = db()->query($sql); $enabled_areas = array(); $disabled_areas = array(); while (false !== ($row = $res->next_row_keyed())) { if ($row['disabled']) { $disabled_areas[$row['id']] = $row['area_name']; } else { $enabled_areas[$row['id']] = $row['area_name']; } } $areas_defined = !empty($enabled_areas) || !empty($disabled_areas); if (!$areas_defined) { echo "

" . get_vocab("noareas") . "

\n"; } else { if (!is_admin() && empty($enabled_areas)) { echo "

" . get_vocab("noareas_enabled") . "

\n"; } else { // If there are some areas to display, then show the area form generate_area_change_form($enabled_areas, $disabled_areas); } } if (is_admin()) { // New area form generate_new_area_form(); } echo "
"; // area_form // Now the custom HTML if ($auth['allow_custom_html']) { echo "
\n"; // no htmlspecialchars() because we want the HTML! echo (isset($custom_html)) ? "$custom_html\n" : ""; echo "
\n"; } // BOTTOM SECTION: ROOMS IN THE SELECTED AREA // Only display the bottom section if the user is an admin or // else if there are some areas that can be displayed if (is_admin() || !empty($enabled_areas)) { echo "

\n"; echo get_vocab("rooms"); if(isset($area_name)) { echo " " . get_vocab("in") . " " . htmlspecialchars($area_name); } echo "

\n"; echo "
\n"; if (isset($area)) { $rooms = get_rooms($area, true); if (count($rooms) == 0) { echo "

" . get_vocab("norooms") . "

\n"; } else { // Get the information about the fields in the room table $fields = db()->field_info(_tbl('room')); // See if there are going to be any rooms to display (in other words rooms if // you are not an admin whether any rooms are enabled) $n_displayable_rooms = 0; foreach ($rooms as $r) { if (is_admin() || !$r['disabled']) { $n_displayable_rooms++; } } if ($n_displayable_rooms == 0) { echo "

" . get_vocab("norooms_enabled") . "

\n"; } else { echo "
\n"; // Build the table. We deal with the name and disabled columns // first because they are not necessarily the first two columns in // the table (eg if you are running PostgreSQL and have upgraded your // database) echo "\n"; // The header echo "\n"; echo "\n"; echo "\n"; if (is_admin()) { // Don't show ordinary users the disabled status: they are only going to see enabled rooms echo "\n"; } // ignore these columns, either because we don't want to display them, // or because we have already displayed them in the header column $ignore = array('id', 'area_id', 'room_name', 'disabled', 'sort_key', 'custom_html'); foreach($fields as $field) { if (!in_array($field['name'], $ignore)) { switch ($field['name']) { // the standard MRBS fields case 'description': case 'capacity': case 'room_admin_email': case 'invalid_types': $text = get_vocab($field['name']); break; // any user defined fields default: $text = get_loc_field_name(_tbl('room'), $field['name']); break; } // We don't use htmlspecialchars() here because the column names are // trusted and some of them may deliberately contain HTML entities (eg  ) echo "\n"; } } if (is_admin()) { echo "\n"; } echo "\n"; echo "\n"; // The body echo "\n"; $row_class = "odd"; foreach ($rooms as $r) { // Don't show ordinary users disabled rooms if (is_admin() || !$r['disabled']) { $row_class = ($row_class == "even") ? "odd" : "even"; echo "\n"; $html_name = htmlspecialchars($r['room_name']); $href = multisite('edit_room.php?room=' . $r['id']); // We insert an invisible span containing the sort key so that the rooms will // be sorted properly echo "\n"; if (is_admin()) { // Don't show ordinary users the disabled status: they are only going to see enabled rooms echo "\n"; } foreach($fields as $field) { if (!in_array($field['name'], $ignore)) { switch ($field['name']) { // the standard MRBS fields case 'description': case 'room_admin_email': echo "\n"; break; case 'capacity': echo "\n"; break; case 'invalid_types': echo "\n"; break; // any user defined fields default: if (($field['nature'] == 'boolean') || (($field['nature'] == 'integer') && isset($field['length']) && ($field['length'] <= 2)) ) { // booleans: represent by a checkmark echo "\n"; } elseif (($field['nature'] == 'integer') && isset($field['length']) && ($field['length'] > 2)) { // integer values echo "\n"; } else { // strings $value = $r[$field['name']]; $html = "\n"; echo $html; } break; } // switch } // if } // foreach // Give admins a delete button if (is_admin()) { echo "\n"; } echo "\n"; } } echo "\n"; echo "
" . get_vocab("name") . "" . get_vocab("enabled") . "$text 
" . "" . htmlspecialchars($r['sort_key']) . "" . "$html_name" . "
" . ((!$r['disabled']) ? "\"check" : " ") . "
" . htmlspecialchars($r[$field['name']]) . "
" . $r[$field['name']] . "
" . get_type_names($r[$field['name']]) . "
"; echo (!empty($r[$field['name']])) ? "\"check" : " "; echo "
" . $r[$field['name']] . "
"; // Truncate before conversion, otherwise you could chop off in the middle of an entity $html .= htmlspecialchars(utf8_substr($value, 0, $max_content_length)); $html .= (utf8_strlen($value) > $max_content_length) ? '…' : ''; $html .= "
\n
\n"; generate_room_delete_form($r['id'], $area); echo "
\n
\n"; echo "
\n"; } } } else { echo get_vocab("noarea"); } // Give admins a form for adding rooms to the area - provided // there's an area selected if (is_admin() && $areas_defined && !empty($area)) { generate_new_room_form(); } echo "
\n"; } print_footer();