PluginProbe ʕ •ᴥ•ʔ
Appointment Booking Calendar / 1.3.94
Appointment Booking Calendar v1.3.94
1.4.04 1.4.03 1.4.02 trunk 1.3.51 1.3.52 1.3.53 1.3.54 1.3.55 1.3.56 1.3.57 1.3.58 1.3.59 1.3.60 1.3.61 1.3.62 1.3.63 1.3.64 1.3.65 1.3.66 1.3.67 1.3.68 1.3.69 1.3.70 1.3.71 1.3.72 1.3.73 1.3.74 1.3.75 1.3.76 1.3.77 1.3.78 1.3.79 1.3.80 1.3.81 1.3.82 1.3.83 1.3.84 1.3.85 1.3.86 1.3.87 1.3.88 1.3.89 1.3.90 1.3.91 1.3.92 1.3.93 1.3.94 1.3.95 1.3.96 1.3.97 1.3.98 1.3.99 1.4.01
appointment-booking-calendar / inc / cpabc_appointments_admin_int_edit_booking.inc.php
appointment-booking-calendar / inc Last commit date
banner.php 1 year ago cp-feedback.php 1 year ago cp_admin_int_edition.inc.php 1 year ago cpabc_appointments_admin_addbk.inc.php 1 year ago cpabc_appointments_admin_int.inc.php 1 year ago cpabc_appointments_admin_int_bookings_list.inc.php 1 year ago cpabc_appointments_admin_int_calendar_list.inc.php 1 year ago cpabc_appointments_admin_int_edit_booking.inc.php 1 year ago cpabc_apps_go.inc.php 1 year ago cpabc_apps_on.inc.php 1 year ago cpabc_publish_wizzard.inc.php 1 year ago cpabc_scheduler.inc.php 1 year ago index.html 1 year ago
cpabc_appointments_admin_int_edit_booking.inc.php
252 lines
1 <?php
2
3 if ( !is_admin() )
4 {
5 echo 'Direct access not allowed.';
6 exit;
7 }
8
9 if (!defined('CP_CALENDAR_ID'))
10 define ('CP_CALENDAR_ID',intval($_GET["cal"]));
11
12 global $wpdb;
13
14 $current_user = wp_get_current_user();
15
16 function cpabcedit_verify_nonce() {
17 if (isset($_GET['rsaveedit']) && $_GET['rsaveedit'] != '')
18 $nonce = sanitize_text_field($_GET['rsaveedit']);
19 else
20 $nonce = sanitize_text_field($_POST['rsaveedit']);
21 $verify_nonce = wp_verify_nonce( $nonce, 'uname_abc_editlist');
22 if (!$verify_nonce)
23 {
24 echo 'Error: Form cannot be authenticated (nonce failed). Please contact our <a href="https://abc.dwbooster.com/contact-us">support service</a> for verification and solution. Thank you.';
25 exit;
26 }
27 }
28
29 if (cpabc_appointment_is_administrator() || $mycalendarrows[0]->conwer == $current_user->ID) {
30
31 $event = $wpdb->get_results( "SELECT * FROM ".CPABC_APPOINTMENTS_CALENDARS_TABLE_NAME." WHERE id=".intval($_GET["edit"]) );
32 $event = $event[0];
33
34 if ($event->reference != '')
35 {
36 $form_data = json_decode(cpabc_appointment_cleanJSON(cpabc_get_option('form_structure', CPABC_APPOINTMENTS_DEFAULT_form_structure)));
37
38 $org_booking = $wpdb->get_results( "SELECT buffered_date FROM ".CPABC_APPOINTMENTS_TABLE_NAME." WHERE id=".intval($event->reference) );
39 $params = unserialize($org_booking[0]->buffered_date);
40 unset($params["QUANTITY"]);
41 unset($params["DATE"]);
42 unset($params["TIME"]);
43 }
44 else
45 $params["description"] = $event->description;
46
47 if (count($_POST) > 0)
48 {
49 cpabcedit_verify_nonce();
50 $datatime = sanitize_text_field($_POST["datatime"])." ".sanitize_text_field($_POST["datatime_hour"]).":".sanitize_text_field($_POST["datatime_minutes"]).":00";
51 if (cpabc_get_option('calendar_militarytime', CPABC_APPOINTMENTS_DEFAULT_CALENDAR_MILITARYTIME) == '0') $format = "g:i A"; else $format = "H:i";
52 $dfoption = cpabc_get_option('calendar_dateformat', CPABC_APPOINTMENTS_DEFAULT_CALENDAR_DATEFORMAT);
53 if ($dfoption == '0')
54 $format = "m/d/Y ".$format;
55 else if ($dfoption == '2')
56 $format = "d.m.Y ".$format;
57 else
58 $format = "d/m/Y ".$format;
59
60
61 // save quantity
62 // save title
63 // save buffered_date en original table
64 // save description in destination table
65 // track who editied the item
66
67 $military_time = cpabc_get_option('calendar_militarytime', CPABC_APPOINTMENTS_DEFAULT_CALENDAR_MILITARYTIME);
68 if (cpabc_get_option('calendar_militarytime', CPABC_APPOINTMENTS_DEFAULT_CALENDAR_MILITARYTIME) == '0') $format_t = "g:i A"; else $format_t = "H:i";
69 if (cpabc_get_option('calendar_dateformat', CPABC_APPOINTMENTS_DEFAULT_CALENDAR_DATEFORMAT) == '0') $format_d = "m/d/Y "; else $format_d = "d/m/Y ";
70
71 $params_new = $params ;
72 $params_new['DATE'] = date($format_d,strtotime( sanitize_text_field($_POST["datatime"]) ));
73 $params_new['TIME'] = date($format_t,strtotime( sanitize_text_field($_POST["datatime_hour"]) .":". sanitize_text_field($_POST["datatime_minutes"]) ));
74 $params_new['QUANTITY'] = intval($_POST['quantity']);
75
76 foreach ($params as $item => $value)
77 if (isset($_POST[$item]))
78 $params_new[$item] = sanitize_text_field($_POST[$item]);
79
80 $description = cpabc_get_option('uname','').'<br />'.date($format, strtotime($datatime)).'<br />';
81 $description_customer = cpabc_get_option('uname','').'<br />'.date($format, strtotime($datatime)).'<br />';
82 foreach ($params_new as $item => $value)
83 if ($value != '' && $item != 'DATE' && $item != 'TIME' && $item != 'QUANTITY' && $item != 'UTIMEZONE'
84 && $item != 'PRICE' && $item != 'request_timestamp' && $item != 'MAINDATE')
85 {
86 $name = cpabc_appointments_get_field_name($item,$form_data[0]);
87 //if ($name == 'ADULTS')
88 // $name = cpabc_get_option('quantity_field_label',CPABC_APPOINTMENTS_ENABLE_QUANTITY_FIELD_LABEL);
89 //else if ($name == 'JUNIORS')
90 // $name = cpabc_get_option('quantity_field_two_label',CPABC_APPOINTMENTS_ENABLE_QUANTITY_FIELD_TWO_LABEL);
91 $description .= $name.': '.$value.'<br />';
92
93 if ($name != 'Juniors' && $name != 'IP' && $name != 'PRICE' && $name != 'DATE_CUSTOMER' && $name != 'TIME_CUSTOMER' )
94 $description_customer .= $name.': '.$value.'<br />';
95 }
96
97 if ($event->reference == '') $description = $_POST["description"];
98
99 $data1 = array(
100 'datatime' => $datatime,
101 'quantity' => intval($_POST['quantity']),
102 'title' => sanitize_text_field($_POST["title"]),
103 'description' => $description,
104 'description_customer' => $description_customer,
105 'who_edited' => $current_user->ID
106 );
107
108 $data2 = array(
109 'booked_time_unformatted' => $datatime,
110 'booked_time' => date($format, strtotime($datatime)),
111 'booked_time_customer' => date($format, strtotime($datatime)),
112 'quantity' => intval($_POST['quantity']),
113 'buffered_date' => serialize($params_new)
114 );
115
116
117 $wpdb->update ( CPABC_APPOINTMENTS_CALENDARS_TABLE_NAME, $data1, array( 'id' => intval($_GET["edit"]) ));
118 if ($event->reference != '') $wpdb->update ( CPABC_APPOINTMENTS_TABLE_NAME, $data2, array( 'id' => intval($event->reference) ));
119
120 echo '<script type="text/javascript"> document.location = "admin.php?page=cpabc_appointments&cal='.intval($_GET["cal"]).'&list=1&message=Item updated&r="+Math.random();</script>';
121 exit;
122 }
123
124 $date = date("Y-m-d", strtotime($event->datatime));
125 $hour = intval (date("G", strtotime($event->datatime)));
126 $minute = intval(date("i", strtotime($event->datatime)));
127 if (strlen($minute)==2 && $minute[0] == '0') $minute = $minute[1];
128
129 $nonce_un = wp_create_nonce( 'uname_abc_editlist' );
130
131 ?>
132
133 <div class="wrap">
134 <h1>Edit Booking</h1>
135
136 <form method="post" name="dexeditfrm" action="">
137 <input type="hidden" name="rsaveedit" value="<?php echo esc_attr($nonce_un); ?>" />
138 <div id="metabox_basic_settings" class="postbox" >
139 <h3 class='hndle' style="padding:5px;"><span>Appointment Data</span></h3>
140 <div class="inside">
141 <table class="form-table">
142 <tr valign="top">
143 <th scope="row">Date</th>
144 <td><input type="text" name="datatime" id="datatime" size="40" value="<?php echo esc_attr($date); ?>" /></td>
145 </tr>
146 <tr valign="top">
147 <th scope="row">Time</th>
148 <td>
149 <select name="datatime_hour">
150 <?php for ($i=0;$i<24;$i++) echo '<option'.($i==$hour?' selected':'').'>'.esc_html(($i<10?'0':'').$i).'</option>'; ?>
151 </select> :
152 <select name="datatime_minutes">
153 <?php for ($i=0;$i<60;$i+=5) echo '<option'.($i==$minute?' selected':'').'>'.esc_html(($i<10?"0":"").$i).'</option>'; ?>
154 </select>
155 </td>
156 </tr>
157 <tr valign="top">
158 <th scope="row">Appointment Title</th>
159 <td><input type="text" name="title" size="40" value="<?php echo esc_attr($event->title); ?>" /></td>
160 </tr>
161 <tr valign="top">
162 <th scope="row">Quantity</th>
163 <td>
164 <select name="quantity">
165 <?php for ($i=1;$i<$event->quantity+20;$i++) { ?>
166 <option <?php if (intval($event->quantity)==$i) echo ' selected'; ?>><?php echo intval($i); ?></option>
167 <?php } ?>
168 </select>
169 </td>
170 </tr>
171 <?php
172 $excluded = explode(",",get_option('CPABC_EXCLUDED_COLUMNS',""));
173 for ($i=0; $i<count($excluded); $i++)
174 $excluded[$i] = strtolower(trim($excluded[$i]));
175 $excluded[] = 'utimezone';
176 $excluded[] = 'couponcode';
177 $excluded[] = 'request_timestamp';
178 foreach ($params as $item => $value)
179 {
180 if (!is_array($value) && !in_array(strtolower($item), $excluded))
181 {
182 ?>
183 <tr valign="top">
184 <th scope="row"><?php
185 $name = cpabc_appointments_get_field_name($item,$form_data[0]);
186 //if ($name == 'ADULTS')
187 // echo cpabc_get_option('quantity_field_label',CPABC_APPOINTMENTS_ENABLE_QUANTITY_FIELD_LABEL);
188 //else if ($name == 'JUNIORS')
189 // echo cpabc_get_option('quantity_field_two_label',CPABC_APPOINTMENTS_ENABLE_QUANTITY_FIELD_TWO_LABEL);
190 //else
191 echo esc_html($name);
192 ?></th>
193 <td>
194 <?php if (!is_array($value) && (strpos($value,"\n") > 0 || strlen($value) > 80)) { ?>
195 <textarea cols="85" name="<?php echo esc_attr($item); ?>"><?php echo esc_textarea($value); ?></textarea>
196 <?php } else { ?>
197 <input type="text" name="<?php echo esc_attr($item); ?>" value="<?php echo esc_attr(is_array($value) ? implode(",", $value) : esc_attr($value)); ?>" />
198 <?php } ?>
199 </td>
200 </tr>
201 <?php
202 }
203 else
204 {
205 if (false) {
206 ?><input type="hidden" name="<?php echo esc_attr($item); ?>" value="<?php echo esc_attr(serialize($value)); ?>" /><?php
207 }
208 }
209 }
210 ?>
211 </table>
212 </div>
213 </div>
214
215
216
217 <p class="submit"><input type="submit" name="submit" id="submit" class="button-primary" value="Save" /> &nbsp; <input type="button" value="Cancel" onclick="javascript:gobackapp();"></p>
218
219
220
221 </form>
222
223 </div>
224
225 <script type="text/javascript">
226 var $j = jQuery.noConflict();
227 $j(function() {
228 $j("#datatime").datepicker({
229 dateFormat: 'yy-mm-dd'
230 });
231 });
232 function gobackapp()
233 {
234 document.location = 'admin.php?page=cpabc_appointments&cal=<?php echo intval($_GET["cal"]); ?>&list=1&r='+Math.random();
235 }
236 </script>
237
238
239 <?php } else { ?>
240 <br />
241 The current user logged in doesn't have enough permissions to edit this item. Please log in as administrator to get full access.
242
243 <?php } ?>
244
245
246
247
248
249
250
251
252