0byt3m1n1
Path:
/
data
/
applications
/
aps.bak
/
webcalendar
/
1.2.3-0
/
standard
/
htdocs
/
[
Home
]
File: view_entry.php
<?php /* $Id: view_entry.php,v 1.174.2.13 2010/08/15 03:27:44 cknudsen Exp $ * * Description: * Presents page to view an event with links to edit, delete * confirm, copy, add event * * Input Parameters: * id (*) - cal_id of requested event * date - yyyymmdd format of requested event * user - user to display * log - show activity log (any non-empty value) * (*) required field */ include_once 'includes/init.php'; include 'includes/xcal.php'; // only to display recurrance info // Load Doc classes for attachments and comments include 'includes/classes/Doc.class'; include 'includes/classes/DocList.class'; include 'includes/classes/AttachmentList.class'; include 'includes/classes/CommentList.class'; // Make sure this user is allowed to look at this calendar. $can_approve = $can_edit = $can_view = false; $is_my_event = false; // Is this user owner or participant? $is_confidential = $is_private = $rss_view = false; $error = $eType = $event_status = ''; $log = getGetValue ( 'log' ); $show_log = ! empty ( $log ); $can_email = 'Y'; $areYouSureStr = str_replace ( 'XXX', translate ( 'entry' ), translate ( 'Are you sure you want to delete this XXX?' ) ); $pri[1] = translate ( 'High' ); $pri[2] = translate ( 'Medium' ); $pri[3] = translate ( 'Low' ); if ( empty ( $id ) || $id <= 0 || ! is_numeric ( $id ) ) $error = translate ( 'Invalid entry id.' ); $hide_details = ( $login == '__public__' && ! empty ( $OVERRIDE_PUBLIC ) && $OVERRIDE_PUBLIC == 'Y' ); // Check if we can display basic info for RSS FEED $rssuser = getGetValue ( 'rssuser' ); if ( ! empty ( $rssuser ) ) { $user_rss_enabled = get_pref_setting ( $rssuser, 'USER_RSS_ENABLED' ); $user_remote_access = get_pref_setting ( $rssuser, 'USER_REMOTE_ACCESS' ); $user_rss_timezone = get_pref_setting ( $rssuser, 'TIMEZONE' ); $rss_view = ( $RSS_ENABLED == 'Y' && $user_rss_enabled == 'Y' && $friendly == 1 && ! empty ( $rssuser ) && isset ( $user_remote_access ) ); if ( $rss_view == true ) { if ( $login == '__public__') $user = $rssuser; $hide_details = false; // Make sure the displayed time is accurate. set_env ( 'TZ', $user_rss_timezone ); } } // Is this user a participant or the creator of the event? // If assistant is doing this, then we need to switch login to user in the sql. $sqlparm = ( $is_assistant ? $user : $login ); $res = dbi_execute ( 'SELECT we.cal_id, we.cal_create_by FROM webcal_entry we, webcal_entry_user weu WHERE we.cal_id = weu.cal_id AND we.cal_id = ? AND ( we.cal_create_by = ? OR weu.cal_login = ? )', array ( $id, $sqlparm, $sqlparm ) ); if ( $res ) { $row = dbi_fetch_row ( $res ); if ( $row && $row[0] > 0 ) { $can_view = $is_my_event = true; $creator = $row[1]; } dbi_free_result ( $res ); } // Update the task percentage for this user. if ( ! empty ( $_POST ) && $is_my_event ) { $upercent = getPostValue ( 'upercent' ); if ( $upercent >= 0 && $upercent <= 100 ) { dbi_execute ( 'UPDATE webcal_entry_user SET cal_percent = ? WHERE cal_login = ? AND cal_id = ?', array ( $upercent, $login, $id ) ); activity_log ( $id, $login, $creator, LOG_UPDATE_T, translate ( 'Update Task Percentage' ) . ' ' . $upercent . '%' ); } // Check if all other user percent is 100%, if so, set cal_complete date. $others_complete = getPostValue ( 'others_complete' ); if ( $upercent == 100 && $others_complete == 'yes' ) { dbi_execute ( 'UPDATE webcal_entry SET cal_completed = ? WHERE cal_id = ?', array ( gmdate ( 'Ymd', time () ), $id ) ); activity_log ( $id, $login, $creator, LOG_UPDATE_T, translate ( 'Completed' ) ); } } // Load event info now. $res = dbi_execute ( 'SELECT cal_create_by, cal_date, cal_time, cal_mod_date, cal_mod_time, cal_duration, cal_priority, cal_type, cal_access, cal_name, cal_description, cal_location, cal_url, cal_due_date, cal_due_time, cal_completed FROM webcal_entry WHERE cal_id = ?', array ( $id ) ); if ( ! $res ) $error = str_replace ('XXX', $id, translate ( 'Invalid entry id XXX.' ) ); else { $row = dbi_fetch_row ( $res ); if ( $row ) { $create_by = $row[0]; $orig_date = $row[1]; $event_time = $row[2]; $mod_date = $row[3]; $mod_time = sprintf ( "%06d", $row[4] ); $duration = $row[5]; $cal_priority = $row[6]; $cal_type = $row[7]; $cal_access = $row[8]; if ( strpos ( 'NT', $cal_type ) !== false ) $eType = 'task'; if ( $hide_details ) { $description = $name = $overrideStr = translate ( $OVERRIDE_PUBLIC_TEXT ); if ( ! empty ( $row[11] ) ) $location = $overrideStr; if ( ! empty ( $row[12] ) ) $url = $overrideStr; } else { $name = $row[9]; $description = $row[10]; $location = $row[11]; $url = $row[12]; } $due_date = $row[13]; $due_time = $row[14]; $cal_completed = $row[15]; } else $error = str_replace ('XXX', $id, translate ( 'Invalid entry id XXX.' ) ); dbi_free_result ( $res ); } if ( empty ( $error ) ) { // don't shift date if All Day or Untimed $display_date = ( $event_time > 0 || ( $event_time == 0 && $duration != 1440 ) ? date ( 'Ymd', date_to_epoch ( $orig_date . sprintf ( "%06d", $event_time ) ) ) : $orig_date ); if ( ! empty ( $year ) ) $thisyear = $year; if ( ! empty ( $month ) ) $thismonth = $month; // Check UAC. $euser = ( empty ( $user ) ? ( $is_my_event ? $login : $create_by ) : $user ); $time_only = 'N'; if ( access_is_enabled () ) { $can_approve = access_user_calendar ( 'approve', $euser, $login, $cal_type, $cal_access ); $can_edit = access_user_calendar ( 'edit', $create_by, $login, $cal_type, $cal_access ); $can_view = access_user_calendar ( 'view', $euser, $login, $cal_type, $cal_access ); $time_only = access_user_calendar ( 'time', $euser, $login, $cal_type, $cal_access ); } if ( $is_admin || $is_nonuser_admin || $is_assistant ) $can_view = true; // Commented out by RJ. Not sure of the reason for this code // if ( ($login != '__public__') && ($PUBLIC_ACCESS_OTHERS == 'Y') ) { // $can_view = true; // } $can_edit = ( $can_edit || $is_admin || $is_nonuser_admin && $user == $create_by || ( $is_assistant && ! $is_private && $user == $create_by ) || ( $readonly != 'Y' && ( $login == $create_by || $single_user == 'Y' ) ) ); if ( $readonly == 'Y' || $is_nonuser || ( $PUBLIC_ACCESS == 'Y' && $login == '__public__' ) ) $can_edit = false; if ( ! $can_view ) { // if not a participant in the event, must be allowed to look at // other user's calendar. $check_group = ( $login == '__public__' && $PUBLIC_ACCESS_OTHERS == 'Y' ) || $ALLOW_VIEW_OTHER == 'Y'; // If $check_group is true, it means this user can look at the event only if // they are in the same group as some of the people in the event. This gets // kind of tricky. If there is a participant from a different group, do we // still show it? For now, the answer is no. This could be configurable // somehow, but how many lines of text would it need in the admin page to // describe this scenario? Would confuse 99.9% of users. // In summary, make sure at least one event participant is in one of // this user's groups. $my_users = get_my_users (); $my_usercnt = count ( $my_users ); if ( is_array ( $my_users ) && $my_usercnt ) { $sql_params = array (); $sql = 'SELECT we.cal_id FROM webcal_entry we, webcal_entry_user weu WHERE we.cal_id = weu.cal_id AND we.cal_id = ? AND weu.cal_login IN ( '; $sql_params[] = $id; for ( $i = 0; $i < $my_usercnt; $i++ ) { $sql .= ( $i > 0 ? ', ' : '' ) . '?'; $sql_params[] = $my_users[$i]['cal_login']; } $res = dbi_execute ( $sql . ' )', $sql_params ); if ( $res ) { $row = dbi_fetch_row ( $res ); if ( $row && $row[0] > 0 ) $can_view = true; dbi_free_result ( $res ); } } // If we didn't indicate we need to check groups, // then this user can't view this event. if ( ! $check_group || access_is_enabled () ) $can_view = false; } } //end $error test // If they still cannot view, make sure they are not looking at a nonuser // calendar event where the nonuser is the _only_ participant. if ( empty ( $error ) && ! $can_view && ! empty ( $NONUSER_ENABLED ) && $NONUSER_ENABLED == 'Y' ) { $nonusers = get_nonuser_cals (); $nonuser_lookup = array (); for ( $i = 0, $cnt = count ( $nonusers ); $i < $cnt; $i++ ) { $nonuser_lookup[$nonusers[$i]['cal_login']] = 1; } $res = dbi_execute ( 'SELECT cal_login FROM webcal_entry_user WHERE cal_id = ? AND cal_status IN (\'A\',\'W\')', array ( $id ) ); $found_nonuser_cal = $found_reg_user = false; if ( $res ) { while ( $row = dbi_fetch_row ( $res ) ) { if ( ! empty ( $nonuser_lookup[$row[0]] ) ) $found_nonuser_cal = true; else $found_reg_user = true; } dbi_free_result ( $res ); } // Does this event contain only nonuser calendars as participants? // If so, then grant access. if ( $found_nonuser_cal && ! $found_reg_user && ! access_is_enabled () ) $can_view = true; } // Final case. If 'public visible by default' is on and 'public' is // a participant to this event, then anyone can view the event. if ( ! $can_view && ! empty ( $PUBLIC_ACCESS_DEFAULT_VISIBLE ) && $PUBLIC_ACCESS_DEFAULT_VISIBLE == 'Y' ) { // check to see if 'public' was a participant $res = dbi_execute ( 'SELECT cal_login FROM webcal_entry_user ' . "WHERE cal_id = ? AND cal_login = '__public__'" . 'AND cal_status IN (\'A\',\'W\')', array ( $id ) ); if ( $res ) { while ( $row = dbi_fetch_row ( $res ) ) { if ( ! empty ( $row[0] ) && $row[0] == '__public__' ) { // public is participant $can_view = true; } } dbi_free_result ( $res ); } } $printerStr = generate_printer_friendly ( 'view_entry.php' ); print_header (); if ( ! empty ( $error ) ) { echo print_error ( $error ) . print_trailer (); exit; } if ( ! empty ( $user ) && $login != $user ) { // If viewing another user's calendar, check the status of the // event on their calendar (to see if it's deleted). $res = dbi_execute ( 'SELECT cal_status FROM webcal_entry_user WHERE cal_login = ? AND cal_id = ?', array ( $user, $id ) ); if ( $res ) { if ( $row = dbi_fetch_row ( $res ) ) $event_status = $row[0]; dbi_free_result ( $res ); } } else { // We are viewing event on user's own calendar, so check the // status on their own calendar. $res = dbi_execute ( 'SELECT cal_id, cal_status FROM webcal_entry_user WHERE cal_login = ? AND cal_id = ?', array ( $login, $id ) ); if ( $res ) { $row = dbi_fetch_row ( $res ); $event_status = $row[1]; dbi_free_result ( $res ); } } // This section commented out by RJ // This code allows viewing events not otherwise authorized // At this point, if we don't have the event status, then this user is not // viewing an event from his own calendar and not viewing an event from someone // else's calendar. They probably got here from the search results page // (or possibly by hand typing in the URL.) // Check to make sure that it hasn't been deleted from everyone's calendar. //if ( empty ( $event_status ) ) { // $res = dbi_execute ( 'SELECT cal_status FROM webcal_entry_user // WHERE cal_status <> "D" ORDER BY cal_status', array () ); // if ( $res ) { // if ( $row = dbi_fetch_row ( $res ) ) // $event_status = $row[0]; // dbi_free_result ( $res ); // } //} // If we have no event status yet, it must have been deleted. if ( ( empty ( $event_status ) && ! $is_admin ) || ( ! $can_view && empty ( $rss_view ) ) ) { echo print_not_auth ( 33, true ) . print_trailer (); exit; } // We can bypass $can_view if coming from RSS if ( ( ! $can_view && empty ( $rss_view ) ) ) { echo print_not_auth ( 8, true ) . print_trailer (); exit; } // save date so the trailer links are for the same time period $thisyear = intval ( $orig_date / 10000 ); $thismonth = ( $orig_date / 100 ) % 100; $thisday = $orig_date % 100; // $subject is used for mailto URLs. $subject = generate_application_name () . ': ' . $name; // Remove the '"' character since it causes some mailers to barf $subject = str_replace ( ' "', '', $subject ); $subject = htmlspecialchars ( $subject ); $event_repeats = false; // Build info string for repeating events and end date. $res = dbi_execute ( 'SELECT cal_type FROM webcal_entry_repeats WHERE cal_id = ?', array ( $id ) ); $rep_str = ''; if ( $res ) { if ( $tmprow = dbi_fetch_row ( $res ) ) $event_repeats = true; dbi_free_result ( $res ); } /* calculate end time */ $end_str = ( $event_time >= 0 && $duration > 0 ? '-' . display_time ( $display_date . add_duration ( $event_time, $duration % 1440 ), 2 ) : '' ); // get the email adress of the creator of the entry user_load_variables ( $create_by, 'createby_' ); $email_addr = empty ( $createby_email ) ? '' : $createby_email; // If Private and not this user's event or // Confidential and not user's and not assistant, // then they cannot see name or description. // if ( $row[8] == "R" && ! $is_my_event && ! $is_admin ) { if ( $cal_access == 'R' && ! $is_my_event && ! access_is_enabled () ) { $is_private = true; $description = $name = '[' . translate ( 'Private' ) . ']'; } else if ( $cal_access == 'C' && ! $is_my_event && ! $is_assistant && ! access_is_enabled () ) { $is_confidential = true; $description = $name = '[' . translate ( 'Confidential' ) . ']'; } $event_date = ( $event_repeats && ! empty ( $date ) ? $date : ( $event_time > 0 ? date ( 'Ymd', date_to_epoch ( $orig_date . sprintf ( "%06d", $event_time ) ) ) : $orig_date ) ); // Get category Info if ( $CATEGORIES_ENABLED == 'Y' ) { $categories = get_categories_by_id ( $id, ( ( ! empty ( $user ) && strlen ( $user ) ) && ( $is_assistant || $is_admin ) ? $user : $login ), true ); $category = implode ( ', ', $categories ); } // get reminders $reminder = getReminders ( $id, true ); echo ' <h2>' . $name . ( $is_nonuser_admin || ( $is_admin && ! empty ( $user ) && $user == '__public__' ) ? ' ( ' . translate ( 'Admin mode' ) . ' )' : '' ) . ( $is_assistant ? ' ( ' . translate ( 'Assistant mode' ) . ' )' : '' ) . '</h2> <table width="100%" summary=""> <tr> <td class="aligntop bold" width="10%">' . translate ( 'Description' ) . ':</td> <td>'; if ( ! empty ( $ALLOW_HTML_DESCRIPTION ) && $ALLOW_HTML_DESCRIPTION == 'Y' ) { $str = $description; // $str = str_replace ( '&', '&', $description ); $str = str_replace ( '&amp;', '&', $str ); // If there is no HTML found, then go ahead and replace // the line breaks ("\n") with the HTML break. echo ( strstr ( $str, '<' ) && strstr ( $str, '>' ) ? $str // found some html... : nl2br ( activate_urls ( $str ) ) ); } else echo nl2br ( activate_urls ( htmlspecialchars ( $description ) ) ); echo '</td> </tr>' . ( $DISABLE_LOCATION_FIELD != 'Y' && ! empty ( $location ) ? ' <tr> <td class="aligntop bold">' . translate ( 'Location' ) . ':</td> <td>' . $location . '</td> </tr>' : '' ) . ( $DISABLE_URL_FIELD != 'Y' && ! empty ( $url ) ? ' <tr> <td class="aligntop bold">' . translate ( 'URL' ) . ':</td> <td>' . activate_urls ( $url ) . '</td> </tr>' : '' ); if ( $event_status != 'A' && ! empty ( $event_status ) ) { echo ' <tr> <td class="aligntop bold">' . translate ( 'Status' ) . ':</td> <td>'; if ( $event_status == 'D' ) echo ( $eType == 'task' ? translate ( 'Declined' ) : translate ( 'Deleted' ) ); elseif ( $event_status == 'R' ) echo translate ( 'Rejected' ); elseif ( $event_status == 'W' ) echo ( $eType == 'task' ? translate ( 'Needs-Action' ) : translate ( 'Waiting for approval' ) ); echo '</td> </tr>'; } echo ' <tr> <td class="aligntop bold">' . ( $eType == 'task' ? translate ( 'Start Date' ) : translate ( 'Date' ) ) . ':</td> <td>' . date_to_str ( $display_date ) . ( $eType == 'task' ? '</td> </tr>' . ( $event_time >= 0 ? ' <tr> <td class="aligntop bold">' . translate ( 'Start Time' ) . ':</td> <td>' . display_time ( $display_date . sprintf ( "%06d", $event_time ), 2 ) . '</td> </tr>' : '' ) . ' <tr> <td class="aligntop bold">' . translate ( 'Due Date' ) . ':</td> <td>' . date_to_str ( $due_date ) . '</td> </tr> <tr> <td class="aligntop bold">' . translate ( 'Due Time' ) . ':</td> <td>' . display_time ( $due_date . sprintf ( "%06d", $due_time ), 2 ) . '</td> </tr>' . ( ! empty ( $cal_completed ) ? ' <tr> <td class="aligntop bold">' . translate ( 'Completed' ) . ':</td> <td>' . date_to_str ( $cal_completed ) : '' ) : '' ) . '</td> </tr>' . ( $event_repeats ? ' <tr> <td class="aligntop bold">' . translate ( 'Repeat Type' ) . ':</td> <td>' . export_recurrence_ical ( $id, true ) . '</td> </tr>' : '' ) . ( $eType != 'task' && $event_time >= 0 ? ' <tr> <td class="aligntop bold">' . translate ( 'Time' ) . ':</td> <td>' . ( $duration == 1440 && $event_time == 0 ? translate ( 'All day event' ) : display_time ( $display_date . sprintf ( "%06d", $event_time ), // Display TZID if no end time ( empty ( $end_str ) ? 2 : 0 ) ) . $end_str ) . '</td> </tr>' : '' ); if ( $duration > 0 && $duration != 1440 ) { $dur_h = intval ( $duration / 60 ); $dur_m = $duration - ( $dur_h * 60 ); echo ' <tr> <td class="aligntop bold">' . translate ( 'Duration' ) . ':</td> <td>' . ( $dur_h > 0 ? $dur_h . ' ' . translate ( 'hour' . ( $dur_h == 1 ? '' : 's' ) ) . ' ' : '' ) . ( $dur_m > 0 ? $dur_m . ' ' . translate ( 'minutes' ) : '' ) . '</td> </tr>'; } echo ( $DISABLE_PRIORITY_FIELD != 'Y' ? ' <tr> <td class="aligntop bold">' . translate ( 'Priority' ) . ':</td> <td>' . $cal_priority . '-' . $pri[ceil($cal_priority/3)] .'</td> </tr>' : '' ) . ( $DISABLE_ACCESS_FIELD != 'Y' ? ' <tr> <td class="aligntop bold">' . translate ( 'Access' ) . ':</td> <td>' . ( $cal_access == "P" ? translate ( 'Public' ) : ( $cal_access == 'C' ? translate ( 'Confidential' ) : translate ( 'Private' ) ) ) . '</td> </tr>' : '' ) . ( $CATEGORIES_ENABLED == 'Y' && ! empty ( $category ) ? ' <tr> <td class="aligntop bold">' . translate ( 'Category' ) . ':</td> <td>' . $category . '</td> </tr>' : '' ); // Display who originally created event // useful if assistant or Admin $proxy_fullname = ''; if ( ! empty ( $DISPLAY_CREATED_BYPROXY ) && $DISPLAY_CREATED_BYPROXY == 'Y' ) { $res = dbi_execute ( 'SELECT cal_login FROM webcal_entry_log WHERE webcal_entry_log.cal_entry_id = ? AND webcal_entry_log.cal_type = \'C\'', array ( $id ) ); if ( $res ) { $row3 = dbi_fetch_row ( $res ); if ( $row3 ) { user_load_variables ( $row3[0], 'proxy_' ); $proxy_fullname = ( $createby_fullname == $proxy_fullname ? '' : ' ( ' . translate ( 'by' ) . ' ' . $proxy_fullname . ' )' ); } dbi_free_result ( $res ); } } if ( $single_user == 'N' && ! empty ( $createby_fullname ) ) { echo ' <tr> <td class="aligntop bold">' . translate ( 'Created by' ) . ':</td> <td>'; if ( $is_private && ! access_is_enabled () ) echo '[' . translate ( 'Private' ) . ']</td> </tr>'; else if ( $is_confidential && ! access_is_enabled () ) echo '[' . translate ( 'Confidential' ) . ']</td> </tr>'; else { if ( access_is_enabled () ) $can_email = access_user_calendar ( 'email', $create_by ); $pubAccStr = ( $row[0] == '__public__' ? translate ( 'Public Access' ) : $createby_fullname ); echo ( strlen ( $email_addr ) && $can_email != 'N' ? '<a href="mailto:' . $email_addr . '?subject=' . $subject . '">' . $pubAccStr . '</a>' : $pubAccStr ) . $proxy_fullname . '</td> </tr>'; } } echo ' <tr> <td class="aligntop bold">' . translate ( 'Updated' ) . ':</td> <td>' . ( ! empty ( $GENERAL_USE_GMT ) && $GENERAL_USE_GMT == 'Y' ? date_to_str ( $mod_date ) . ' ' . display_time ( $mod_date . $mod_time, 3 ) : date_to_str ( date ( 'Ymd', date_to_epoch ( $mod_date . $mod_time ) ) ) . ' ' . display_time ( $mod_date . $mod_time, 2 ) ) . '</td> </tr>' // Display the reminder info if found. . ( ! empty ( $reminder ) ? ' <tr> <td class="aligntop bold">' . translate ( 'Send Reminder' ) . ':</td> <td>' . $reminder . '</td> </tr>' : '' ); // load any site-specific fields and display them $extras = get_site_extra_fields ( $id ); $site_extracnt = count ( $site_extras ); for ( $i = 0; $i < $site_extracnt; $i++ ) { if ( $site_extras[$i] == 'FIELDSET' ) continue; $extra_name = $site_extras[$i][0]; $extra_type = $site_extras[$i][2]; $extra_arg1 = $site_extras[$i][3]; $extra_arg2 = $site_extras[$i][4]; if ( ! empty ( $site_extras[$i][5] ) ) $extra_view = $site_extras[$i][5] & EXTRA_DISPLAY_VIEW; if ( ! empty ( $extras[$extra_name]['cal_name'] ) && ! empty ( $extra_view ) ) { echo ' <tr> <td class="aligntop bold">' . translate ( $site_extras[$i][1] ) . ':</td> <td>'; if ( $extra_type == EXTRA_URL ) { $target = ( ! empty ( $extra_arg1 ) ? ' target="' . $extra_arg1 . '" ' : '' ); echo ( strlen ( $extras[$extra_name]['cal_data'] ) ? '<a href="' . $extras[$extra_name]['cal_data'] . '"' . $target . '>' . $extras[$extra_name]['cal_data'] . '</a>' : '' ); } elseif ( $extra_type == EXTRA_EMAIL ) echo ( strlen ( $extras[$extra_name]['cal_data'] ) ? '<a href="mailto:' . $extras[$extra_name]['cal_data'] . '?subject=' . $subject . '">' . $extras[$extra_name]['cal_data'] . '</a>' : '' ); elseif ( $extra_type == EXTRA_DATE ) echo ( $extras[$extra_name]['cal_date'] > 0 ? date_to_str ( $extras[$extra_name]['cal_date'] ) : '' ); elseif ( $extra_type == EXTRA_TEXT || $extra_type == EXTRA_MULTILINETEXT ) echo nl2br ( $extras[$extra_name]['cal_data'] ); elseif ( $extra_type == EXTRA_USER || $extra_type == EXTRA_SELECTLIST || $extra_type == EXTRA_CHECKBOX ) echo $extras[$extra_name]['cal_data']; elseif ( $extra_type == EXTRA_RADIO ) echo $extra_arg1[$extras[$extra_name]['cal_data']]; echo '</td> </tr>'; } } // participants // Only ask for participants if we are multi-user. $allmails = array (); $show_participants = ( $DISABLE_PARTICIPANTS_FIELD != 'Y' ); if ( $is_admin ) $show_participants = true; if ( $PUBLIC_ACCESS == 'Y' && $login == '__public__' && ( $PUBLIC_ACCESS_OTHERS != 'Y' || $PUBLIC_ACCESS_VIEW_PART == 'N' ) ) $show_participants = false; if ( $single_user == 'N' && $show_participants ) { echo ' <tr> <td class="aligntop bold">' . translate ( 'Participants' ) . ':</td> <td>'; $num_app = $num_rej = $num_wait = 0; if ( $is_private && ! access_is_enabled () ) echo '[' . translate ( 'Private' ) . ']'; else if ( $is_confidential && ! access_is_enabled () ) echo '[' . translate ( 'Confidential' ) . ']'; else { $res = dbi_execute ( 'SELECT cal_login, cal_status, cal_percent FROM webcal_entry_user WHERE cal_id = ?' . ( $eType == 'task' ? ' AND cal_status IN ( \'A\', \'W\' )' : '' ), array ( $id ) ); $first = 1; if ( $res ) { while ( $row = dbi_fetch_row ( $res ) ) { $participants[] = $row; $pname = $row[0]; if ( $row[1] == 'A' ) $approved[$num_app++] = $pname; elseif ( $row[1] == 'R' ) $rejected[$num_rej++] = $pname; elseif ( $row[1] == 'W' ) $waiting[$num_wait++] = $pname; } dbi_free_result ( $res ); } else db_error () . '<br />'; } if ( $eType == 'task' ) { echo ' <table border="1" width="80%" cellspacing="0" cellpadding="1" summary=""> <th align="center">' . translate ( 'Participants' ) . '</th> <th align="center" colspan="2">' . translate ( 'Percentage Complete' ) . '</th>'; $others_complete = 'yes'; for ( $i = 0, $cnt = count ( $participants ); $i < $cnt; $i++ ) { user_load_variables ( $participants[$i][0], 'temp' ); if ( access_is_enabled () ) $can_email = access_user_calendar ( 'email', $templogin ); $spacer = 100 - $participants[$i][2]; $percentage = $participants[$i][2]; if ( $participants[$i][0] == $login ) $login_percentage = $participants[$i][2]; else if ( $participants[$i][2] < 100 ) $others_complete = 'no'; echo ' <tr> <td width="30%">'; if ( strlen ( $tempemail ) && $can_email != 'N' ) { echo '<a href="mailto:' . $tempemail . '?subject=' . $subject . '"> ' . $tempfullname . '</a>'; $allmails[] = $tempemail; } else echo ' ' . $tempfullname; echo '</td> <td width="5%" align="center">' . $percentage . '%</td> <td width="65%"> <img src="images/pix.gif" width="' . $percentage . '%" height="10"> <img src="images/spacer.gif" width="' . $spacer . '" height="10"> </td> </tr>'; } echo ' </table>'; } else { for ( $i = 0; $i < $num_app; $i++ ) { user_load_variables ( $approved[$i], 'temp' ); if ( access_is_enabled () ) $can_email = access_user_calendar ( 'email', $templogin ); echo ' '; if ( strlen ( $tempemail ) > 0 && $can_email != 'N' ) { echo '<a href="mailto:' . $tempemail . '?subject=' . $subject . '">' . $tempfullname . '</a>'; $allmails[] = $tempemail; } else echo $tempfullname; echo '<br />'; } // show external users here... if ( ! empty ( $ALLOW_EXTERNAL_USERS ) && $ALLOW_EXTERNAL_USERS == 'Y' ) { $external_users = event_get_external_users ( $id, 1 ); $ext_users = explode ( "\n", $external_users ); if ( is_array ( $ext_users ) ) { $externUserStr = translate ( 'External User' ); for ( $i = 0, $cnt = count ( $ext_users ); $i < $cnt; $i++ ) { if ( ! empty ( $ext_users[$i] ) ) { echo ' ' . $ext_users[$i] . ' (' . $externUserStr . ')<br />'; if ( preg_match ( '/mailto: (\S+)"/', $ext_users[$i], $match ) ) $allmails[] = $match[1]; } } } } for ( $i = 0; $i < $num_wait; $i++ ) { user_load_variables ( $waiting[$i], 'temp' ); if ( access_is_enabled () ) $can_email = access_user_calendar ( 'email', $templogin ); echo ' '; if ( strlen ( $tempemail ) > 0 && $can_email != 'N' ) { echo '<a href="mailto:' . $tempemail . '?subject=' . $subject . '">' . $tempfullname . '</a>'; $allmails[] = $tempemail; } else echo $tempfullname; echo ' (?)<br />'; } for ( $i = 0; $i < $num_rej; $i++ ) { user_load_variables ( $rejected[$i], 'temp' ); if ( access_is_enabled () ) $can_email = access_user_calendar ( 'email', $templogin ); echo ' <strike>' . ( strlen ( $tempemail ) > 0 && $can_email != 'N' ? '<a href="mailto:' . $tempemail . '?subject=' . $subject . '">' . $tempfullname . '</a>' : $tempfullname ) . '</strike> (' . translate ( 'Rejected' ) . ')<br />'; } } echo ' </td> </tr>'; } // end participants $can_edit = ( $can_edit || $is_admin || $is_nonuser_admin && ( $user == $create_by ) || ( $is_assistant && ! $is_private && ( $user == $create_by ) ) || ( $readonly != 'Y' && ( $login != '__public__' && $login == $create_by || $single_user == 'Y' ) ) ); if ( empty ( $event_status ) ) { // this only happens when an admin views a deleted event that he is // not a participant for. Set to $event_status to "D" just to get // rid of all the edit/delete links below. $event_status = 'D'; } if ( $eType == 'task' ) { // allow user to update their task completion percentage if ( empty ( $user ) && $readonly != 'Y' && $is_my_event && ( $login != '__public__' ) && ! $is_nonuser && $event_status != 'D' ) { echo ' <tr> <td class="aligntop bold"> <form action="view_entry.php?id=' . $id . '" method="post" name="setpercentage"> <input type="hidden" name="others_complete" value="' . $others_complete . '" />' . translate ( 'Update Task Percentage' ) . ' </td> <td> <select name="upercent" id="task_percent">'; for ( $i = 0; $i <= 100; $i += 10 ) { echo ' <option value="' . "$i\" " . ( $login_percentage == $i ? ' selected="selected"':'' ) . ' >' . $i . '</option>'; } echo ' </select> <input type="submit" value="' . translate ( 'Update' ) . '" /> </form> </td> <tr>'; } } if ( Doc::attachmentsEnabled () && $rss_view == false ) { echo ' <tr> <td class="aligntop bold">' . translate ( 'Attachments' ) . ':</td> <td>'; $attList =& new AttachmentList ( $id ); for ( $i = 0; $i < $attList->getSize (); $i++ ) { $a = $attList->getDoc ( $i ); echo ' ' . $a->getSummary () // show delete link if user can delete . ( $is_admin || $login == $a->getLogin () || user_is_assistant ( $login, $a->getLogin () ) || $login == $create_by || user_is_assistant ( $login, $create_by ) ? ' [<a href="docdel.php?blid=' . $a->getId () . '" onclick="return confirm( \'' . $areYouSureStr . '\' );">' . translate ( 'Delete' ) . '</a>]' : '' ) . '<br />'; } $num_app = $num_rej = $num_wait = 0; $num_attach = $attList->getSize (); echo ( $num_attach == 0 ? ' ' . translate ( 'None' ) . '<br />' :'' ) . ' </td> </tr>'; } if ( Doc::commentsEnabled () ) { echo ' <tr> <td class="aligntop bold">' . translate ( 'Comments' ) . ':</td> <td>'; $comList =& new CommentList ( $id ); $num_comment = $comList->getSize (); $comment_text = ''; for ( $i = 0; $i < $num_comment; $i++ ) { $cmt = $comList->getDoc ( $i ); user_load_variables ( $cmt->getLogin (), 'cmt_' ); $comment_text .= ' <strong>' . htmlspecialchars ( $cmt->getDescription () ) . '</strong> - ' . $cmt_fullname . ' ' . translate ( 'at' ) . ' ' . date_to_str ( $cmt->getModDate (), '', false, true ) . ' ' . display_time ( $cmt->getModTime (), 2 ) // show delete link if user can delete . ( $is_admin || $login == $cmt->getLogin () || user_is_assistant ( $login, $cmt->getLogin () ) || $login == $create_by || user_is_assistant ( $login, $create_by ) ? ' [<a href="docdel.php?blid=' . $cmt->getId () . '" onclick="return confirm( \'' . $areYouSureStr . '\' );">' . translate ( 'Delete' ) . '</a>]' : '' )// end show delete link . '<br /> <blockquote id="eventcomment">' . nl2br ( activate_urls ( htmlspecialchars ( $cmt->getData () ) ) ) . ' </blockquote><div style="clear:both"></div>'; } if ( $num_comment == 0 ) echo translate ( 'None' ) . '<br />'; else { echo ' ' . $num_comment . ' ' . translate ( 'comments' ) . ' <input id="showbutton" type="button" value="' . translate ( 'Show' ) . '" onclick="showComments();" /> <input id="hidebutton" type="button" value="' . translate ( 'Hide' ) . '" onclick="hideComments();" /><br /> <div id="comtext">' . $comment_text . '</div>'; // We could put the following JS in includes/js/view_entry.php, // but we won't need it in many cases and we don't know whether // we need it until after would need to include it. // So, we will include it here instead. ?> <script language="JavaScript" type="text/javascript"> <!-- <![CDATA[ function showComments () { var x = document.getElementById ( "comtext" ) if ( x ) { x.style.display = "block"; } x = document.getElementById ( "showbutton" ) if ( x ) { x.style.display = "none"; } x = document.getElementById ( "hidebutton" ) if ( x ) { x.style.display = "block"; } } function hideComments () { var x = document.getElementById ( "comtext" ) if ( x ) { x.style.display = "none"; } x = document.getElementById ( "showbutton" ) if ( x ) { x.style.display = "block"; } x = document.getElementById ( "hidebutton" ) if ( x ) { x.style.display = "none"; } } hideComments (); //]]> --> </script> <?php } $num_app = $num_rej = $num_wait = 0; echo '</td> </tr>'; } $rdate = ( $event_repeats ? '&date=' . $event_date : '' ); $u_url = ( ! empty ( $user ) && $login != $user ? "&user=$user" : '' ); echo ' </table> <ul class="nav">'; // Show a printer-friendly link if ( empty ( $friendly ) ) echo $printerStr; if ( ( $is_my_event || $is_nonuser_admin || $is_assistant || $can_approve ) && $event_status == 'W' && $readonly == 'N' && $login != '__public__') { $approveStr = translate ( 'Approve/Confirm entry' ); $rejectStr = translate ( 'Reject entry' ); echo ' <li><a title="' . $approveStr . '" class="nav" href="approve_entry.php?id=' . $id . $u_url . '&type=E" onclick="return confirm( \'' . translate ( 'Approve this entry?', true ) . '\' );">' . $approveStr . '</a></li> <li><a title="' . $rejectStr . '" class="nav" href="reject_entry.php?id=' . $id . $u_url . '&type=E" onclick="return confirm( \'' . translate ( 'Reject this entry?', true ) . '\' );">' . $rejectStr . '</a></li>'; } // TODO add these permissions to the UAC list $can_add_attach = ( Doc::attachmentsEnabled () && $login != '__public__' && ( ( $login == $create_by ) || ( $is_my_event && $ALLOW_ATTACH_PART == 'Y' ) || ( $ALLOW_ATTACH_ANY == 'Y' ) || $is_admin ) ); $can_add_comment = ( Doc::commentsEnabled () && $login != '__public__' && ( ( $login == $create_by ) || ( $is_my_event && $ALLOW_COMMENTS_PART == 'Y' ) || ( $ALLOW_COMMENTS_ANY == 'Y' ) || $is_admin ) ); if ( $can_add_attach && $event_status != 'D' ) { $addAttchStr = translate ( 'Add Attachment' ); echo ' <li><a title="' . $addAttchStr . '" class="nav" href="docadd.php?type=A&id=' . $id . $u_url . '">' . $addAttchStr . '</a></li>'; } if ( $can_add_comment && $event_status != 'D' ) { $addCommentStr = translate ( 'Add Comment' ); echo ' <li><a title="' . $addCommentStr . '" class="nav" href="docadd.php?type=C&id=' . $id . $u_url . '">' . $addCommentStr . '</a></li>'; } // If approved, but event category not set (and user does not have permission // to edit where they could also set the category), then allow them to // set it through set_cat.php. if ( empty ( $user ) && $CATEGORIES_ENABLED == 'Y' && $readonly != 'Y' && $is_my_event && $login != '__public__' && ! $is_nonuser && $event_status != 'D' && ! $can_edit ) { $setCatStr = translate ( 'Set category' ); echo ' <li><a title="' . $setCatStr . '" class="nav" href="set_entry_cat.php?id=' . $id . $rdate . '">' . $setCatStr . '</a></li>'; } $addToMineStr = translate ( 'Add to My Calendar' ); $copyStr = translate ( 'Copy entry' ); $deleteAllStr = translate ( 'This will delete this entry for all users.', true ); $deleteEntryStr = translate ( 'Delete entry' ); $editEntryStr = translate ( 'Edit entry' ); //TODO Don't show if $user != $login and not assistant // This will be easier with UAC always on if ( $can_edit && $event_status != 'D' && ! $is_nonuser && $readonly != 'Y' ) { if ( $event_repeats ) { $editAllDatesStr = translate ( 'Edit repeating entry for all dates' ); $deleteAllDatesStr = translate ( 'Delete repeating event for all dates' ); echo ' <li><a title="' . $editAllDatesStr . '" class="nav" href="edit_entry.php?id=' . $id . $u_url . '">' . $editAllDatesStr . '</a></li>'; // Don't allow override of first event if ( ! empty ( $date ) && $date != $orig_date ) { $editThisDateStr = translate ( 'Edit entry for this date' ); echo ' <li><a title="' . $editThisDateStr . '" class="nav" ' . 'href="edit_entry.php?id=' . $id . $u_url . $rdate . '&override=1">' . $editThisDateStr . '</a></li>'; } echo ' <li><a title="' . $deleteAllDatesStr . '" class="nav" href="del_entry.php?id=' . $id . $u_url . '&override=1" onclick="return confirm( \'' . $areYouSureStr . "\\n\\n" . $deleteAllStr . '\' );">' . $deleteAllDatesStr . '</a></li>'; // Don't allow deletion of first event if ( ! empty ( $date ) && $date != $orig_date ) { $deleteOnlyStr = translate ( 'Delete entry only for this date' ); echo ' <li><a title="' . $deleteOnlyStr . '" class="nav" href="del_entry.php?id=' . $id . $u_url . $rdate . '&override=1" onclick="return confirm( \'' . $areYouSureStr . "\\n\\n" . $deleteAllStr . '\' );">' . $deleteOnlyStr . '</a></li>'; } } else { if ( ! empty( $user ) && $user != $login && ! $is_assistant ) { user_load_variables( $user, 'temp_' ); $delete_str = str_replace( 'XXX', $temp_fullname, translate( 'Delete entry from calendar of XXX' ) ); } else { $delete_str = $deleteEntryStr; } echo ' <li><a title="' . $editEntryStr . '" class="nav" href="edit_entry.php?id=' . $id . $u_url . '">' . $editEntryStr . '</a></li> <li><a title="' . $delete_str . '" class="nav" href="del_entry.php?id=' . $id . $u_url . $rdate . '" onclick="return confirm( \'' . $areYouSureStr . "\\n\\n" . ( empty ( $user ) || $user == $login || $is_assistant ? $deleteAllStr : '' ) . '\' );">' . $delete_str; echo '</a></li>'; } echo ' <li><a title="' . $copyStr . '" class="nav" href="edit_entry.php?id=' . $id . $u_url . '&copy=1">' . $copyStr . '</a></li>'; } elseif ( $readonly != 'Y' && ( $is_my_event || $is_nonuser_admin || $can_edit ) && ( $login != '__public__' ) && ! $is_nonuser && $event_status != 'D' ) { $delFromCalStr = translate ( 'This will delete the entry from your XXX calendar.', true ); echo ' <li><a title="' . $deleteEntryStr . '" class="nav" href="del_entry.php?id=' . $id . $u_url . $rdate . '" onclick="return confirm( \'' . $areYouSureStr . "\\n\\n" . str_replace ( 'XXX ', ( $is_assistant ? translate ( 'boss' ) . ' ' : '' ), $delFromCalStr ) // ( $is_assistant // ? translate ( 'This will delete the entry from your boss calendar.', true ) // : translate ( 'This will delete the entry from your calendar.', true ) ) . '\' );">' . $deleteEntryStr . ( $is_assistant ? ' ' . translate ( 'from your boss calendar' ) : '' ) . '</a></li> <li><a title="' . $copyStr . '" class="nav" href="edit_entry.php?id=' . $id . '&copy=1">' . $copyStr . '</a></li>'; } if ( $readonly != 'Y' && ! $is_my_event && ! $is_private && ! $is_confidential && $event_status != 'D' && $login != '__public__' && ! $is_nonuser ) echo ' <li><a title="' . $addToMineStr . '" class="nav" href="add_entry.php?id=' . $id . '" onclick="return confirm( \'' . translate ( 'Do you want to add this entry to your calendar?', true ) . "\\n\\n" . translate ( 'This will add the entry to your calendar.', true ) . '\' );">' . $addToMineStr . '</a></li>'; if ( $login != '__public__' && count ( $allmails ) > 0 ) { $emailAllStr = translate ( 'Email all participants' ); echo ' <li><a title="' . $emailAllStr . '" class="nav" href="mailto:' . implode ( ',', $allmails ) . '?subject=' . rawurlencode ( $subject ) . '">' . $emailAllStr . '</a></li>'; } $can_show_log = $is_admin; // default if access control is not enabled if ( access_is_enabled () ) $can_show_log = access_can_access_function ( ACCESS_ACTIVITY_LOG ); if ( $can_show_log ) { $hideActivityStr = translate ( 'Hide activity log' ); $showActivityStr = translate ( 'Show activity log' ); echo ' <li><a title="' . ( ! $show_log ? $showActivityStr . '" class="nav" href="view_entry.php?id=' . $id . '&log=1">' . $showActivityStr : $hideActivityStr . '" class="nav" href="view_entry.php?id=' . $id . '">' . $hideActivityStr ) . '</a></li>'; } echo ' </ul>'; if ( $can_show_log && $show_log ) { $PAGE_SIZE = 25; // number of entries to show at once echo generate_activity_log ( $id ); } if ( access_can_access_function ( ACCESS_EXPORT ) && ( ( ! $is_private && ! $is_confidential ) || ! access_is_enabled () ) && ! $hide_details ) { $exportStr = translate ( 'Export' ); $exportThisStr = translate ( 'Export this entry to' ); $palmStr = translate ( 'Palm Pilot' ); $selectStr = generate_export_select (); $userStr = ( ! empty ( $user ) ? '<input type="hidden" name="user" value="' . $user . '" />' : '' ); echo <<<EOT <br /> <form method="post" name="exportform" action="export_handler.php"> <label for="exformat">{$exportThisStr}: </label> {$selectStr} <input type="hidden" name="id" value="{$id}" /> {$userStr} <input type="submit" value="{$exportStr}" /> </form> EOT; } echo print_trailer ( empty ( $friendly ) ); ?>