Fix a possible race condition in the PaintWeb DML code.
[moodle/mihaisucan.git] / calendar / event.php
blob0238c90f0d6844649ae85cca92a79a9252f4350b
1 <?php // $Id$
3 /////////////////////////////////////////////////////////////////////////////
4 // //
5 // NOTICE OF COPYRIGHT //
6 // //
7 // Moodle - Calendar extension //
8 // //
9 // Copyright (C) 2003-2004 Greek School Network www.sch.gr //
10 // //
11 // Designed by: //
12 // Avgoustos Tsinakos (tsinakos@teikav.edu.gr) //
13 // Jon Papaioannou (pj@moodle.org) //
14 // //
15 // Programming and development: //
16 // Jon Papaioannou (pj@moodle.org) //
17 // //
18 // For bugs, suggestions, etc contact: //
19 // Jon Papaioannou (pj@moodle.org) //
20 // //
21 // The current module was developed at the University of Macedonia //
22 // (www.uom.gr) under the funding of the Greek School Network (www.sch.gr) //
23 // The aim of this project is to provide additional and improved //
24 // functionality to the Asynchronous Distance Education service that the //
25 // Greek School Network deploys. //
26 // //
27 // This program is free software; you can redistribute it and/or modify //
28 // it under the terms of the GNU General Public License as published by //
29 // the Free Software Foundation; either version 2 of the License, or //
30 // (at your option) any later version. //
31 // //
32 // This program is distributed in the hope that it will be useful, //
33 // but WITHOUT ANY WARRANTY; without even the implied warranty of //
34 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the //
35 // GNU General Public License for more details: //
36 // //
37 // http://www.gnu.org/copyleft/gpl.html //
38 // //
39 /////////////////////////////////////////////////////////////////////////////
41 require_once('../config.php');
42 require_once($CFG->dirroot.'/calendar/lib.php');
43 require_once($CFG->dirroot.'/course/lib.php');
44 require_once($CFG->dirroot.'/mod/forum/lib.php');
46 require_login();
48 $action = required_param('action', PARAM_ALPHA);
49 $eventid = optional_param('id', 0, PARAM_INT);
50 $eventtype = optional_param('type', 'select', PARAM_ALPHA);
51 $urlcourse = optional_param('course', 0, PARAM_INT);
52 $cal_y = optional_param('cal_y');
53 $cal_m = optional_param('cal_m');
54 $cal_d = optional_param('cal_d');
56 if(isguest()) {
57 // Guests cannot do anything with events
58 redirect(CALENDAR_URL.'view.php?view=upcoming&amp;course='.$urlcourse);
61 $focus = '';
63 if(!$site = get_site()) {
64 redirect($CFG->wwwroot.'/'.$CFG->admin.'/index.php');
67 $strcalendar = get_string('calendar', 'calendar');
69 // Initialize the session variables
70 calendar_session_vars();
72 $now = usergetdate(time());
73 $navlinks = array();
74 $calendar_navlink = array('name' => $strcalendar,
75 'link' =>calendar_get_link_href(CALENDAR_URL.'view.php?view=upcoming&amp;course='.$urlcourse.'&amp;',
76 $now['mday'], $now['mon'], $now['year']),
77 'type' => 'misc');
79 $day = intval($now['mday']);
80 $mon = intval($now['mon']);
81 $yr = intval($now['year']);
83 if ($usehtmleditor = can_use_richtext_editor()) {
84 $defaultformat = FORMAT_HTML;
85 } else {
86 $defaultformat = FORMAT_MOODLE;
89 // If a course has been supplied in the URL, change the filters to show that one
90 if($urlcourse > 0 && record_exists('course', 'id', $urlcourse)) {
91 require_login($urlcourse, false);
93 if($urlcourse == SITEID) {
94 // If coming from the site page, show all courses
95 $SESSION->cal_courses_shown = calendar_get_default_courses(true);
96 calendar_set_referring_course(0);
98 else {
99 // Otherwise show just this one
100 $SESSION->cal_courses_shown = $urlcourse;
101 calendar_set_referring_course($SESSION->cal_courses_shown);
105 $form = null;
107 switch($action) {
108 case 'delete':
109 $title = get_string('deleteevent', 'calendar');
110 $event = get_record('event', 'id', $eventid);
111 if($event === false) {
112 error('Invalid event');
114 if(!calendar_edit_event_allowed($event)) {
115 error('You are not authorized to do this');
117 break;
119 case 'edit':
120 $title = get_string('editevent', 'calendar');
121 $event = get_record('event', 'id', $eventid);
122 $repeats = optional_param('repeats', 0, PARAM_INT);
124 if($event === false) {
125 error('Invalid event');
127 if(!calendar_edit_event_allowed($event)) {
128 error('You are not authorized to do this');
131 if($form = data_submitted()) {
133 $form->name = clean_param(strip_tags($form->name,'<lang><span>'), PARAM_CLEAN);
135 $form->timestart = make_timestamp($form->startyr, $form->startmon, $form->startday, $form->starthr, $form->startmin);
136 if($form->duration == 1) {
137 $form->timeduration = make_timestamp($form->endyr, $form->endmon, $form->endday, $form->endhr, $form->endmin) - $form->timestart;
138 if($form->timeduration < 0) {
139 $form->timeduration = 0;
142 else if($form->duration == 2) {
143 $form->timeduration = $form->minutes * MINSECS;
145 else {
146 $form->timeduration = 0;
149 validate_form($form, $err);
151 if (count($err) == 0) {
153 if($event->repeatid && $repeats) {
154 // Update all
155 if($form->timestart >= $event->timestart) {
156 $timestartoffset = 'timestart + '.($form->timestart - $event->timestart);
158 else {
159 $timestartoffset = 'timestart - '.($event->timestart - $form->timestart);
162 execute_sql('UPDATE '.$CFG->prefix.'event SET '.
163 'name = \''.$form->name.'\','.
164 'description = \''.$form->description.'\','.
165 'timestart = '.$timestartoffset.','.
166 'timeduration = '.$form->timeduration.','.
167 'timemodified = '.time().' WHERE repeatid = '.$event->repeatid);
169 /// Log the event update.
170 add_to_log($form->courseid, 'calendar', 'edit all', 'event.php?action=edit&amp;id='.$form->id, stripslashes($form->name));
173 else {
174 // Update this
175 $form->timemodified = time();
176 update_record('event', $form);
178 /// Log the event update.
179 add_to_log($form->courseid, 'calendar', 'edit', 'event.php?action=edit&amp;id='.$form->id, stripslashes($form->name));
182 // OK, now redirect to day view
183 redirect(CALENDAR_URL.'view.php?view=day&amp;course='.$urlcourse.'&cal_d='.$form->startday.'&cal_m='.$form->startmon.'&cal_y='.$form->startyr);
185 else {
186 foreach ($err as $key => $value) {
187 $focus = 'form.'.$key;
191 break;
193 case 'new':
194 $title = get_string('newevent', 'calendar');
195 $form = data_submitted();
196 if(!empty($form) && !empty($form->name)) {
198 $form->name = clean_text(strip_tags($form->name, '<lang><span>'));
200 $form->timestart = make_timestamp($form->startyr, $form->startmon, $form->startday, $form->starthr, $form->startmin);
201 if($form->duration == 1) {
202 $form->timeduration = make_timestamp($form->endyr, $form->endmon, $form->endday, $form->endhr, $form->endmin) - $form->timestart;
203 if($form->timeduration < 0) {
204 $form->timeduration = 0;
207 else if ($form->duration == 2) {
208 $form->timeduration = $form->minutes * MINSECS;
210 else {
211 $form->timeduration = 0;
213 if(!calendar_add_event_allowed($form)) {
214 error('You are not authorized to do this');
216 validate_form($form, $err);
217 if (count($err) == 0) {
218 $form->timemodified = time();
220 /// Get the event id for the log record.
221 $eventid = insert_record('event', $form, true);
223 /// Use the event id as the repeatid to link repeat entries together
224 if ($form->repeat) {
225 $form->repeatid = $form->id = $eventid;
226 update_record('event', $form); // update the row, to set its repeatid
229 /// Log the event entry.
230 add_to_log($form->courseid, 'calendar', 'add', 'event.php?action=edit&amp;id='.$eventid, stripslashes($form->name));
232 if ($form->repeat) {
233 for($i = 1; $i < $form->repeats; $i++) {
234 // What's the DST offset for the previous repeat?
235 $dst_offset_prev = dst_offset_on($form->timestart);
237 $form->timestart += WEEKSECS;
239 // If the offset has changed in the meantime, update this repeat accordingly
240 $form->timestart += $dst_offset_prev - dst_offset_on($form->timestart);
242 /// Get the event id for the log record.
243 $eventid = insert_record('event', $form, true);
245 /// Log the event entry.
246 add_to_log($form->courseid, 'calendar', 'add', 'event.php?action=edit&amp;id='.$eventid, stripslashes($form->name));
249 // OK, now redirect to day view
250 redirect(CALENDAR_URL.'view.php?view=day&amp;course='.$urlcourse.'&cal_d='.$form->startday.'&cal_m='.$form->startmon.'&cal_y='.$form->startyr);
252 else {
253 foreach ($err as $key => $value) {
254 $focus = 'form.'.$key;
258 break;
259 default: // no action
260 $title='';
261 break;
264 $form = stripslashes_recursive($form);
266 if (!empty($SESSION->cal_course_referer)) {
267 // TODO: This is part of the Great $course Hack in Moodle. Replace it at some point.
268 $course = get_record('course', 'id', $SESSION->cal_course_referer);
269 } else {
270 $course = $site;
272 require_login($course, false);
274 $navlinks[] = $calendar_navlink;
275 $navlinks[] = array('name' => $title, 'link' => null, 'type' => 'misc');
276 $navigation = build_navigation($navlinks);
277 print_header($site->shortname.': '.$strcalendar.': '.$title, $strcalendar, $navigation,
278 'eventform.name', '', true, '', user_login_string($site));
280 echo calendar_overlib_html();
282 echo '<table id="calendar">';
283 echo '<tr><td class="maincalendar">';
285 switch($action) {
286 case 'delete':
287 $confirm = optional_param('confirm', 0, PARAM_INT);
288 $repeats = optional_param('repeats', 0, PARAM_INT);
289 if($confirm) {
290 // Kill it and redirect to day view
291 if(($event = get_record('event', 'id', $eventid)) !== false) {
293 if($event->repeatid && $repeats) {
294 delete_records('event', 'repeatid', $event->repeatid);
295 add_to_log($event->courseid, 'calendar', 'delete all', '', $event->name);
297 else {
298 delete_records('event', 'id', $eventid);
299 add_to_log($event->courseid, 'calendar', 'delete', '', $event->name);
303 echo '</td></tr></table>';
304 redirect(CALENDAR_URL.'view.php?view=day&amp;course='.$urlcourse.'&cal_d='.$_REQUEST['d'].'&cal_m='.$_REQUEST['m'].'&cal_y='.$_REQUEST['y']);
307 else {
308 $eventtime = usergetdate($event->timestart);
309 $m = $eventtime['mon'];
310 $d = $eventtime['mday'];
311 $y = $eventtime['year'];
313 if($event->repeatid) {
314 $fetch = get_record_sql('SELECT 1, COUNT(id) AS repeatcount FROM '.$CFG->prefix.'event WHERE repeatid = '.$event->repeatid);
315 $repeatcount = $fetch->repeatcount;
317 else {
318 $repeatcount = 0;
321 // Display confirmation form
322 echo '<div class="header">'.get_string('deleteevent', 'calendar').': '.$event->name.'</div>';
323 echo '<h2>'.get_string('confirmeventdelete', 'calendar').'</h2>';
324 if($repeatcount > 1) {
325 echo '<p>'.get_string('youcandeleteallrepeats', 'calendar', $repeatcount).'</p>';
327 echo '<div class="eventlist">';
328 $event->time = calendar_format_event_time($event, time(), '', false);
329 calendar_print_event($event);
330 echo '</div>';
331 include('event_delete.html');
333 break;
335 case 'edit':
336 if(empty($form)) {
337 $form->name = $event->name;
338 $form->courseid = $event->courseid; // Not to update, but for date validation
339 $form->description = $event->description;
340 $form->timestart = $event->timestart;
341 $form->timeduration = $event->timeduration;
342 $form->id = $event->id;
343 $form->format = $defaultformat;
344 if($event->timeduration > HOURSECS) {
345 // More than one hour, so default to normal duration mode
346 $form->duration = 1;
347 $form->minutes = '';
349 else if($event->timeduration) {
350 // Up to one hour, "minutes" mode probably is better here
351 $form->duration = 2;
352 $form->minutes = $event->timeduration / MINSECS;
354 else {
355 // No duration
356 $form->duration = 0;
357 $form->minutes = '';
361 if (!empty($form->courseid)) {
362 // TODO: This is part of the Great $course Hack in Moodle. Replace it at some point.
363 $course = get_record('course', 'id', $form->courseid);
364 } else {
365 $course = $site;
368 if($event->repeatid) {
369 $fetch = get_record_sql('SELECT 1, COUNT(id) AS repeatcount FROM '.$CFG->prefix.'event WHERE repeatid = '.$event->repeatid);
370 $repeatcount = $fetch->repeatcount;
372 else {
373 $repeatcount = 0;
376 echo '<div class="header">'.get_string('editevent', 'calendar').'</div>';
377 include('event_edit.html');
378 if ($usehtmleditor) {
379 use_html_editor("description");
381 break;
383 case 'new':
384 if($cal_y && $cal_m && $cal_d && checkdate($cal_m, $cal_d, $cal_y)) {
385 $form->timestart = make_timestamp($cal_y, $cal_m, $cal_d, 0, 0, 0);
387 else if($cal_y && $cal_m && checkdate($cal_m, 1, $cal_y)) {
388 if($cal_y == $now['year'] && $cal_m == $now['mon']) {
389 $form->timestart = make_timestamp($cal_y, $cal_m, $now['mday'], 0, 0, 0);
391 else {
392 $form->timestart = make_timestamp($cal_y, $cal_m, 1, 0, 0, 0);
395 if(!isset($form->timestart) or $form->timestart < 0) {
396 $form->timestart = time();
399 calendar_get_allowed_types($allowed);
400 if(!$allowed->groups && !$allowed->courses && !$allowed->site) {
401 // Take the shortcut
402 $eventtype = 'user';
405 $header = '';
407 switch($eventtype) {
408 case 'user':
409 $form->name = '';
410 $form->description = '';
411 $form->courseid = 0;
412 $form->groupid = 0;
413 $form->userid = $USER->id;
414 $form->modulename = '';
415 $form->eventtype = '';
416 $form->instance = 0;
417 $form->timeduration = 0;
418 $form->duration = 0;
419 $form->repeat = 0;
420 $form->repeats = '';
421 $form->minutes = '';
422 $form->type = 'user';
423 $header = get_string('typeuser', 'calendar');
424 break;
425 case 'group':
426 $groupid = optional_param('groupid', 0, PARAM_INT);
427 if (! ($group = groups_get_group($groupid))) { //TODO:check.
428 calendar_get_allowed_types($allowed);
429 $eventtype = 'select';
431 else {
432 $form->name = '';
433 $form->description = '';
434 $form->courseid = $group->courseid;
435 $form->groupid = $group->id;
436 $form->userid = $USER->id;
437 $form->modulename = '';
438 $form->eventtype = '';
439 $form->instance = 0;
440 $form->timeduration = 0;
441 $form->duration = 0;
442 $form->repeat = 0;
443 $form->repeats = '';
444 $form->minutes = '';
445 $form->type = 'group';
446 $header = get_string('typegroup', 'calendar');
448 break;
449 case 'course':
450 $courseid = optional_param('courseid', 0, PARAM_INT);
451 if(!record_exists('course', 'id', $courseid)) {
452 calendar_get_allowed_types($allowed);
453 $eventtype = 'select';
455 else {
456 $form->name = '';
457 $form->description = '';
458 $form->courseid = $courseid;
459 $form->groupid = 0;
460 $form->userid = $USER->id;
461 $form->modulename = '';
462 $form->eventtype = '';
463 $form->instance = 0;
464 $form->timeduration = 0;
465 $form->duration = 0;
466 $form->repeat = 0;
467 $form->repeats = '';
468 $form->minutes = '';
469 $form->type = 'course';
470 $header = get_string('typecourse', 'calendar');
472 break;
473 case 'site':
474 $form->name = '';
475 $form->description = '';
476 $form->courseid = SITEID;
477 $form->groupid = 0;
478 $form->userid = $USER->id;
479 $form->modulename = '';
480 $form->eventtype = '';
481 $form->instance = 0;
482 $form->timeduration = 0;
483 $form->duration = 0;
484 $form->repeat = 0;
485 $form->repeats = '';
486 $form->minutes = '';
487 $form->type = 'site';
488 $header = get_string('typesite', 'calendar');
489 break;
490 case 'select':
491 break;
492 default:
493 error('Unsupported event type');
496 $form->format = $defaultformat;
497 if(!empty($header)) {
498 $header = ' ('.$header.')';
501 echo '<div class="header">'.get_string('newevent', 'calendar').$header.'</div>';
503 if($eventtype == 'select') {
504 $courseid = optional_param('courseid', $SESSION->cal_course_referer, PARAM_INT);
505 if ($courseid == 0) { // workaround by Dan for bug #6130
506 $courseid = SITEID;
508 if (!$course = get_record('course', 'id', $courseid)) {
509 error('Incorrect course ID');
512 $groupid = groups_get_course_group($course);
514 echo '<h2>'.get_string('eventkind', 'calendar').':</h2>';
515 echo '<div id="selecteventtype">';
516 include('event_select.html');
517 echo '</div>';
519 else {
520 include('event_new.html');
521 if ($usehtmleditor) {
522 use_html_editor("description");
526 break;
528 echo '</td>';
530 // START: Last column (3-month display)
532 $defaultcourses = calendar_get_default_courses();
533 //calendar_set_filters($courses, $groups, $users, $defaultcourses, $defaultcourses);
535 // when adding an event you can not be a guest, so I think it's reasonalbe to ignore defaultcourses
536 // MDL-10353
537 calendar_set_filters($courses, $groups, $users);
538 list($prevmon, $prevyr) = calendar_sub_month($mon, $yr);
539 list($nextmon, $nextyr) = calendar_add_month($mon, $yr);
541 echo '<td class="sidecalendar">';
542 echo '<div class="sideblock">';
543 echo '<div class="header"><h2>'.get_string('eventskey', 'calendar').'</h2></div>';
544 echo '<div class="filters">';
545 echo calendar_filter_controls('event', 'action='.$action.'&amp;type='.$eventtype.'&amp;id='.$eventid);
546 echo '</div>';
547 echo '</div>';
549 echo '<div class="sideblock">';
550 echo '<div class="header"><h2>'.get_string('monthlyview', 'calendar').'</h2></div>';
552 echo '<div class="minicalendarblock minicalendartop">';
553 echo calendar_top_controls('display', array('id' => $urlcourse, 'm' => $prevmon, 'y' => $prevyr));
554 echo calendar_get_mini($courses, $groups, $users, $prevmon, $prevyr);
555 echo '</div><div class="minicalendarblock">';
556 echo calendar_top_controls('display', array('id' => $urlcourse, 'm' => $mon, 'y' => $yr));
557 echo calendar_get_mini($courses, $groups, $users, $mon, $yr);
558 echo '</div><div class="minicalendarblock">';
559 echo calendar_top_controls('display', array('id' => $urlcourse, 'm' => $nextmon, 'y' => $nextyr));
560 echo calendar_get_mini($courses, $groups, $users, $nextmon, $nextyr);
561 echo '</div>';
562 echo '</div>';
564 echo '</td>';
565 echo '</tr></table>';
567 print_footer();
570 function validate_form(&$form, &$err) {
572 $form->name = trim($form->name);
573 $form->description = trim($form->description);
575 if(empty($form->name)) {
576 $err['name'] = get_string('errornoeventname', 'calendar');
578 /* Allow events without a description
579 if(empty($form->description)) {
580 $err['description'] = get_string('errornodescription', 'calendar');
583 if(!checkdate($form->startmon, $form->startday, $form->startyr)) {
584 $err['timestart'] = get_string('errorinvaliddate', 'calendar');
586 if($form->duration == 2 and !checkdate($form->endmon, $form->endday, $form->endyr)) {
587 $err['timeduration'] = get_string('errorinvaliddate', 'calendar');
589 if($form->duration == 2 and !($form->minutes > 0 and $form->minutes < 1000)) {
590 $err['minutes'] = get_string('errorinvalidminutes', 'calendar');
592 if (!empty($form->repeat) and !($form->repeats > 1 and $form->repeats < 100)) {
593 $err['repeats'] = get_string('errorinvalidrepeats', 'calendar');
595 if(!empty($form->courseid)) {
596 // Timestamps must be >= course startdate
597 $course = get_record('course', 'id', $form->courseid);
598 if($course === false) {
599 error('Event belongs to invalid course');
601 else if($form->timestart < $course->startdate) {
602 $err['timestart'] = get_string('errorbeforecoursestart', 'calendar');
607 function calendar_add_event_allowed($event) {
608 global $USER;
610 // can not be using guest account
611 if (empty($USER->id) or $USER->username == 'guest') {
612 return false;
615 $sitecontext = get_context_instance(CONTEXT_SYSTEM);
616 // if user has manageentries at site level, always return true
617 if (has_capability('moodle/calendar:manageentries', $sitecontext)) {
618 return true;
621 switch ($event->type) {
622 case 'course':
623 return has_capability('moodle/calendar:manageentries', get_context_instance(CONTEXT_COURSE, $event->courseid));
625 case 'group':
626 // Allow users to add/edit group events if:
627 // 1) They have manageentries (= entries for whole course)
628 // 2) They have managegroupentries AND are in the group
629 $group = get_record('groups', 'id', $event->groupid);
630 return $group && (
631 has_capability('moodle/calendar:manageentries', get_context_instance(CONTEXT_COURSE, $group->courseid)) ||
632 (has_capability('moodle/calendar:managegroupentries', get_context_instance(CONTEXT_COURSE, $group->courseid))
633 && groups_is_member($event->groupid)));
635 case 'user':
636 if ($event->userid == $USER->id) {
637 return (has_capability('moodle/calendar:manageownentries', $sitecontext));
639 //there is no 'break;' intentionally
641 case 'site':
642 return has_capability('moodle/calendar:manageentries', get_context_instance(CONTEXT_COURSE, SITEID));
644 default:
645 return false;