PluginProbe ʕ •ᴥ•ʔ
Appointment Booking Calendar / 1.3.57
Appointment Booking Calendar v1.3.57
1.4.04 1.4.03 1.4.02 trunk 1.3.51 1.3.52 1.3.53 1.3.54 1.3.55 1.3.56 1.3.57 1.3.58 1.3.59 1.3.60 1.3.61 1.3.62 1.3.63 1.3.64 1.3.65 1.3.66 1.3.67 1.3.68 1.3.69 1.3.70 1.3.71 1.3.72 1.3.73 1.3.74 1.3.75 1.3.76 1.3.77 1.3.78 1.3.79 1.3.80 1.3.81 1.3.82 1.3.83 1.3.84 1.3.85 1.3.86 1.3.87 1.3.88 1.3.89 1.3.90 1.3.91 1.3.92 1.3.93 1.3.94 1.3.95 1.3.96 1.3.97 1.3.98 1.3.99 1.4.01
appointment-booking-calendar / inc / cpabc_appointments_admin_int_bookings_list.inc.php
appointment-booking-calendar / inc Last commit date
banner.php 5 years ago cp-feedback.php 5 years ago cp_admin_int_edition.inc.php 5 years ago cpabc_appointments_admin_addbk.inc.php 5 years ago cpabc_appointments_admin_int.inc.php 5 years ago cpabc_appointments_admin_int_bookings_list.inc.php 5 years ago cpabc_appointments_admin_int_calendar_list.inc.php 5 years ago cpabc_apps_go.inc.php 5 years ago cpabc_apps_on.inc.php 5 years ago cpabc_publish_wizzard.inc.php 5 years ago cpabc_scheduler.inc.php 5 years ago index.html 5 years ago
cpabc_appointments_admin_int_bookings_list.inc.php
233 lines
1 <?php
2
3 if ( !is_admin() )
4 {
5 echo 'Direct access not allowed.';
6 exit;
7 }
8
9 if (!defined('CP_CALENDAR_ID'))
10 define ('CP_CALENDAR_ID', 1);
11
12 global $wpdb;
13
14 $message = "";
15
16 $records_per_page = 50;
17
18 function cpabc_bklist_verify_nonce() {
19 if (isset($_GET['rsave']) && $_GET['rsave'] != '')
20 $nonce = sanitize_text_field($_GET['rsave']);
21 else
22 $nonce = sanitize_text_field($_POST['rsave']);
23 $verify_nonce = wp_verify_nonce( $nonce, 'uname_abc_bklist');
24 if (!$verify_nonce)
25 {
26 echo 'Error: Form cannot be authenticated (nonce failed). Please contact our <a href="https://abc.dwbooster.com/contact-us">support service</a> for verification and solution. Thank you.';
27 exit;
28 }
29 }
30
31 if (isset($_GET['delmark']) && $_GET['delmark'] != '')
32 {
33 cpabc_bklist_verify_nonce();
34 for ($i=0; $i<=$records_per_page; $i++)
35 if (isset($_GET['c'.$i]) && $_GET['c'.$i] != '')
36 $wpdb->query( $wpdb->prepare('DELETE FROM `'.CPABC_APPOINTMENTS_CALENDARS_TABLE_NAME.'` WHERE id=%d', $_GET['c'.$i]) );
37 $message = "Marked items deleted";
38 }
39 else if (isset($_GET['ld']) && $_GET['ld'] != '')
40 {
41 cpabc_bklist_verify_nonce();
42 $wpdb->query( $wpdb->prepare('DELETE FROM `'.CPABC_APPOINTMENTS_CALENDARS_TABLE_NAME.'` WHERE id=%d', $_GET['ld']) );
43 $message = "Item deleted";
44 }
45 else if (isset($_GET['del']) && $_GET['del'] == 'all')
46 {
47 cpabc_bklist_verify_nonce();
48 $wpdb->query( $wpdb->prepare( 'DELETE FROM `'.CPABC_APPOINTMENTS_CALENDARS_TABLE_NAME.'` WHERE appointment_calendar_id=%d', CP_CALENDAR_ID ) );
49 $message = "All items deleted";
50 }
51
52
53 $mycalendarrows = $wpdb->get_results( 'SELECT * FROM '.CPABC_APPOINTMENTS_CONFIG_TABLE_NAME .' WHERE `'.CPABC_TDEAPP_CONFIG_ID.'`='.CP_CALENDAR_ID);
54
55 if ( 'POST' == $_SERVER['REQUEST_METHOD'] && isset( $_POST['cpabc_appointments_post_options'] ) )
56 echo "<div id='setting-error-settings_updated' class='updated settings-error'> <p><strong>Settings saved.</strong></p></div>";
57
58 $current_user = wp_get_current_user();
59
60 if (cpabc_appointment_is_administrator() || $mycalendarrows[0]->conwer == $current_user->ID) {
61
62 $current_page = intval(cpabc_get_get_param("p"));
63 if (!$current_page) $current_page = 1;
64
65 $cond = '';
66 if (cpabc_get_get_param("search") != '')
67 {
68 $search_text = sanitize_text_field($_GET["search"]);
69 $cond .= " AND (title like '%".esc_sql($search_text)."%' OR description LIKE '%".esc_sql($search_text)."%')";
70 }
71 if (cpabc_get_get_param("dfrom") != '') $cond .= " AND (datatime >= '".esc_sql(sanitize_text_field($_GET["dfrom"]))."')";
72 if (cpabc_get_get_param("dto") != '') $cond .= " AND (datatime <= '".esc_sql(sanitize_text_field($_GET["dto"]))." 23:59:59')";
73
74
75 $events = $wpdb->get_results( "SELECT * FROM ".CPABC_APPOINTMENTS_CALENDARS_TABLE_NAME." WHERE appointment_calendar_id=".CP_CALENDAR_ID.$cond." ORDER BY datatime DESC" );
76 $total_pages = ceil(count($events) / $records_per_page);
77
78 if ($message) echo "<div id='setting-error-settings_updated' class='updated settings-error'><p><strong>".$message."</strong></p></div>";
79
80 $nonce_un = wp_create_nonce( 'uname_abc_bklist' );
81
82 ?>
83 <script type="text/javascript">
84 function cp_deleteMessageItem(id)
85 {
86 if (confirm('Are you sure that you want to delete this item?'))
87 {
88 document.location = 'admin.php?page=cpabc_appointments.php&rsave=<?php echo $nonce_un; ?>&cal=<?php echo intval($_GET["cal"]); ?>&list=1&ld='+id+'&r='+Math.random();
89 }
90 }
91 function do_dexapp_deleteall()
92 {
93 if (confirm('Are you sure that you want to delete ALL bookings for this calendar? Note: This action cannot be undone.'))
94 {
95 document.location = 'admin.php?page=cpabc_appointments.php&rsave=<?php echo $nonce_un; ?>&cal=<?php echo intval($_GET["cal"]); ?>&list=1&del=all&r='+Math.random();
96 }
97 }
98 </script>
99 <div class="wrap">
100 <h1>Appointment Booking Calendar - Bookings List</h1>
101
102 <input type="button" name="backbtn" value="Back to items list..." onclick="document.location='admin.php?page=cpabc_appointments.php';">
103
104
105 <div id="normal-sortables" class="meta-box-sortables">
106 <hr />
107 <h3>This booking list applies only to: <?php echo $mycalendarrows[0]->uname; ?></h3>
108 </div>
109
110
111 <form action="admin.php" method="get">
112 <input type="hidden" name="page" value="cpabc_appointments.php" />
113 <input type="hidden" name="cal" value="<?php echo CP_CALENDAR_ID; ?>" />
114 <input type="hidden" name="list" value="1" />
115 Search for: <input type="text" name="search" value="<?php echo esc_attr(cpabc_get_get_param("search")); ?>" /> &nbsp; &nbsp; &nbsp;
116 From: <input autocomplete="off" type="text" id="dfrom" name="dfrom" value="<?php echo esc_attr(cpabc_get_get_param("dfrom")); ?>" /> &nbsp; &nbsp; &nbsp;
117 To: <input autocomplete="off" type="text" id="dto" name="dto" value="<?php echo esc_attr(cpabc_get_get_param("dto")); ?>" /> &nbsp; &nbsp; &nbsp;
118 <nobr><span class="submit"><input type="submit" name="ds" value="Filter" /></span> &nbsp; &nbsp; &nbsp;
119 <span class="submit"><input type="submit" name="cpabc_appointments_csv" value="Export to CSV" /></span></nobr>
120
121 </form>
122
123 <br />
124
125 <?php
126
127
128 echo paginate_links( array(
129 'base' => 'admin.php?page=cpabc_appointments.php&cal='.CP_CALENDAR_ID.'&list=1%_%&dfrom='.urlencode(sanitize_text_field(cpabc_get_get_param("dfrom"))).'&dto='.urlencode(sanitize_text_field(cpabc_get_get_param("dto"))).'&search='.urlencode(sanitize_text_field(cpabc_get_get_param("search"))),
130 'format' => '&p=%#%',
131 'total' => $total_pages,
132 'current' => $current_page,
133 'show_all' => False,
134 'end_size' => 1,
135 'mid_size' => 2,
136 'prev_next' => True,
137 'prev_text' => '&laquo; '.__('Previous','appointment-booking-calendar'),
138 'next_text' => __('Next','appointment-booking-calendar').' &raquo;',
139 'type' => 'plain',
140 'add_args' => False
141 ) );
142
143 ?>
144
145 <div id="cpabc_printable_contents">
146 <form name="dex_table_form" id="dex_table_form" action="admin.php" method="get">
147 <input type="hidden" name="page" value="cpabc_appointments.php" />
148 <input type="hidden" name="cal" value="<?php echo intval($_GET["cal"]); ?>" />
149 <input type="hidden" name="list" value="1" />
150 <input type="hidden" name="rsave" value="<?php echo $nonce_un; ?>" />
151 <input type="hidden" name="delmark" value="1" />
152 <table class="wp-list-table widefat fixed pages" cellspacing="0" width="100%">
153 <thead>
154 <tr>
155 <th width="30" class="cpnopr"></th>
156 <th style="padding-left:7px;font-weight:bold;">Date</th>
157 <th style="padding-left:7px;font-weight:bold;">Title</th>
158 <th style="padding-left:7px;font-weight:bold;">Description</th>
159 <th style="padding-left:7px;font-weight:bold;">Quantity</th>
160 <th class="cpnopr" style="padding-left:7px;font-weight:bold;">Options</th>
161 </tr>
162 </thead>
163 <tbody id="the-list">
164 <?php for ($i=($current_page-1)*$records_per_page; $i<$current_page*$records_per_page; $i++) if (isset($events[$i])) { ?>
165 <tr class='<?php if (!($i%2)) { ?>alternate <?php } ?>author-self status-draft format-default iedit' valign="top">
166 <td width="1%" class="cpnopr"><input type="checkbox" name="c<?php echo $i-($current_page-1)*$records_per_page; ?>" value="<?php echo $events[$i]->id; ?>" /></td>
167 <td><?php echo substr($events[$i]->datatime,0,16); ?></td>
168 <td><?php echo str_replace('<','&lt;',$events[$i]->title); ?></td>
169 <td><?php echo str_replace('--br />','<br />',str_replace('<','&lt;',str_replace('<br />','--br />',$events[$i]->description))); ?></td>
170 <td><?php echo $events[$i]->quantity; ?></td>
171 <td class="cpnopr">
172 <input type="button" name="caldelete_<?php echo $events[$i]->id; ?>" value="Delete" onclick="cp_deleteMessageItem(<?php echo $events[$i]->id; ?>);" />
173 </td>
174 </tr>
175 <?php } ?>
176 </tbody>
177 </table>
178 </form>
179 </div>
180
181 <br /><input type="button" name="pbutton" value="Print" onclick="do_dexapp_print();" />
182 <div style="clear:both"></div>
183 <p class="submit" style="float:left;"><input type="button" name="pbutton" value="Delete marked items" onclick="do_dexapp_deletemarked();" /> &nbsp; &nbsp; &nbsp; </p>
184
185 <p class="submit" style="float:left;"><input type="button" name="pbutton" value="Delete All Bookings" onclick="do_dexapp_deleteall();" /></p>
186
187
188 </div>
189
190
191 <script type="text/javascript">
192 function do_dexapp_print()
193 {
194 w=window.open();
195 w.document.write("<style>.cpnopr{display:none;};table{border:2px solid black;width:100%;}th{border-bottom:2px solid black;text-align:left}td{padding-left:10px;border-bottom:1px solid black;}</style>"+document.getElementById('cpabc_printable_contents').innerHTML);
196 w.print();
197 }
198 function do_dexapp_deletemarked()
199 {
200 document.dex_table_form.submit();
201 }
202 var $j = jQuery.noConflict();
203 $j(function() {
204 $j("#dfrom").datepicker({
205 dateFormat: 'yy-mm-dd'
206 });
207 $j("#dto").datepicker({
208 dateFormat: 'yy-mm-dd'
209 });
210 });
211
212 </script>
213
214
215
216
217 <?php } else { ?>
218 <br />
219 The current user logged in doesn't have enough permissions to edit this calendar. This user can edit only his/her own calendars. Please log in as administrator to get access to all calendars.
220
221 <?php } ?>
222
223
224
225
226
227
228
229
230
231
232
233