banner.php
1 year ago
cp-feedback.php
1 year ago
cp_admin_int_edition.inc.php
1 year ago
cpabc_appointments_admin_addbk.inc.php
1 year ago
cpabc_appointments_admin_int.inc.php
1 year ago
cpabc_appointments_admin_int_bookings_list.inc.php
1 year ago
cpabc_appointments_admin_int_calendar_list.inc.php
1 year ago
cpabc_appointments_admin_int_edit_booking.inc.php
1 year ago
cpabc_apps_go.inc.php
1 year ago
cpabc_apps_on.inc.php
1 year ago
cpabc_publish_wizzard.inc.php
1 year ago
cpabc_scheduler.inc.php
1 year ago
index.html
1 year ago
cpabc_appointments_admin_int_edit_booking.inc.php
252 lines
| 1 | <?php |
| 2 | |
| 3 | if ( !is_admin() ) |
| 4 | { |
| 5 | echo 'Direct access not allowed.'; |
| 6 | exit; |
| 7 | } |
| 8 | |
| 9 | if (!defined('CP_CALENDAR_ID')) |
| 10 | define ('CP_CALENDAR_ID',intval($_GET["cal"])); |
| 11 | |
| 12 | global $wpdb; |
| 13 | |
| 14 | $current_user = wp_get_current_user(); |
| 15 | |
| 16 | function cpabcedit_verify_nonce() { |
| 17 | if (isset($_GET['rsaveedit']) && $_GET['rsaveedit'] != '') |
| 18 | $nonce = sanitize_text_field($_GET['rsaveedit']); |
| 19 | else |
| 20 | $nonce = sanitize_text_field($_POST['rsaveedit']); |
| 21 | $verify_nonce = wp_verify_nonce( $nonce, 'uname_abc_editlist'); |
| 22 | if (!$verify_nonce) |
| 23 | { |
| 24 | echo 'Error: Form cannot be authenticated (nonce failed). Please contact our <a href="https://abc.dwbooster.com/contact-us">support service</a> for verification and solution. Thank you.'; |
| 25 | exit; |
| 26 | } |
| 27 | } |
| 28 | |
| 29 | if (cpabc_appointment_is_administrator() || $mycalendarrows[0]->conwer == $current_user->ID) { |
| 30 | |
| 31 | $event = $wpdb->get_results( "SELECT * FROM ".CPABC_APPOINTMENTS_CALENDARS_TABLE_NAME." WHERE id=".intval($_GET["edit"]) ); |
| 32 | $event = $event[0]; |
| 33 | |
| 34 | if ($event->reference != '') |
| 35 | { |
| 36 | $form_data = json_decode(cpabc_appointment_cleanJSON(cpabc_get_option('form_structure', CPABC_APPOINTMENTS_DEFAULT_form_structure))); |
| 37 | |
| 38 | $org_booking = $wpdb->get_results( "SELECT buffered_date FROM ".CPABC_APPOINTMENTS_TABLE_NAME." WHERE id=".intval($event->reference) ); |
| 39 | $params = unserialize($org_booking[0]->buffered_date); |
| 40 | unset($params["QUANTITY"]); |
| 41 | unset($params["DATE"]); |
| 42 | unset($params["TIME"]); |
| 43 | } |
| 44 | else |
| 45 | $params["description"] = $event->description; |
| 46 | |
| 47 | if (count($_POST) > 0) |
| 48 | { |
| 49 | cpabcedit_verify_nonce(); |
| 50 | $datatime = sanitize_text_field($_POST["datatime"])." ".sanitize_text_field($_POST["datatime_hour"]).":".sanitize_text_field($_POST["datatime_minutes"]).":00"; |
| 51 | if (cpabc_get_option('calendar_militarytime', CPABC_APPOINTMENTS_DEFAULT_CALENDAR_MILITARYTIME) == '0') $format = "g:i A"; else $format = "H:i"; |
| 52 | $dfoption = cpabc_get_option('calendar_dateformat', CPABC_APPOINTMENTS_DEFAULT_CALENDAR_DATEFORMAT); |
| 53 | if ($dfoption == '0') |
| 54 | $format = "m/d/Y ".$format; |
| 55 | else if ($dfoption == '2') |
| 56 | $format = "d.m.Y ".$format; |
| 57 | else |
| 58 | $format = "d/m/Y ".$format; |
| 59 | |
| 60 | |
| 61 | // save quantity |
| 62 | // save title |
| 63 | // save buffered_date en original table |
| 64 | // save description in destination table |
| 65 | // track who editied the item |
| 66 | |
| 67 | $military_time = cpabc_get_option('calendar_militarytime', CPABC_APPOINTMENTS_DEFAULT_CALENDAR_MILITARYTIME); |
| 68 | if (cpabc_get_option('calendar_militarytime', CPABC_APPOINTMENTS_DEFAULT_CALENDAR_MILITARYTIME) == '0') $format_t = "g:i A"; else $format_t = "H:i"; |
| 69 | if (cpabc_get_option('calendar_dateformat', CPABC_APPOINTMENTS_DEFAULT_CALENDAR_DATEFORMAT) == '0') $format_d = "m/d/Y "; else $format_d = "d/m/Y "; |
| 70 | |
| 71 | $params_new = $params ; |
| 72 | $params_new['DATE'] = date($format_d,strtotime( sanitize_text_field($_POST["datatime"]) )); |
| 73 | $params_new['TIME'] = date($format_t,strtotime( sanitize_text_field($_POST["datatime_hour"]) .":". sanitize_text_field($_POST["datatime_minutes"]) )); |
| 74 | $params_new['QUANTITY'] = intval($_POST['quantity']); |
| 75 | |
| 76 | foreach ($params as $item => $value) |
| 77 | if (isset($_POST[$item])) |
| 78 | $params_new[$item] = sanitize_text_field($_POST[$item]); |
| 79 | |
| 80 | $description = cpabc_get_option('uname','').'<br />'.date($format, strtotime($datatime)).'<br />'; |
| 81 | $description_customer = cpabc_get_option('uname','').'<br />'.date($format, strtotime($datatime)).'<br />'; |
| 82 | foreach ($params_new as $item => $value) |
| 83 | if ($value != '' && $item != 'DATE' && $item != 'TIME' && $item != 'QUANTITY' && $item != 'UTIMEZONE' |
| 84 | && $item != 'PRICE' && $item != 'request_timestamp' && $item != 'MAINDATE') |
| 85 | { |
| 86 | $name = cpabc_appointments_get_field_name($item,$form_data[0]); |
| 87 | //if ($name == 'ADULTS') |
| 88 | // $name = cpabc_get_option('quantity_field_label',CPABC_APPOINTMENTS_ENABLE_QUANTITY_FIELD_LABEL); |
| 89 | //else if ($name == 'JUNIORS') |
| 90 | // $name = cpabc_get_option('quantity_field_two_label',CPABC_APPOINTMENTS_ENABLE_QUANTITY_FIELD_TWO_LABEL); |
| 91 | $description .= $name.': '.$value.'<br />'; |
| 92 | |
| 93 | if ($name != 'Juniors' && $name != 'IP' && $name != 'PRICE' && $name != 'DATE_CUSTOMER' && $name != 'TIME_CUSTOMER' ) |
| 94 | $description_customer .= $name.': '.$value.'<br />'; |
| 95 | } |
| 96 | |
| 97 | if ($event->reference == '') $description = $_POST["description"]; |
| 98 | |
| 99 | $data1 = array( |
| 100 | 'datatime' => $datatime, |
| 101 | 'quantity' => intval($_POST['quantity']), |
| 102 | 'title' => sanitize_text_field($_POST["title"]), |
| 103 | 'description' => $description, |
| 104 | 'description_customer' => $description_customer, |
| 105 | 'who_edited' => $current_user->ID |
| 106 | ); |
| 107 | |
| 108 | $data2 = array( |
| 109 | 'booked_time_unformatted' => $datatime, |
| 110 | 'booked_time' => date($format, strtotime($datatime)), |
| 111 | 'booked_time_customer' => date($format, strtotime($datatime)), |
| 112 | 'quantity' => intval($_POST['quantity']), |
| 113 | 'buffered_date' => serialize($params_new) |
| 114 | ); |
| 115 | |
| 116 | |
| 117 | $wpdb->update ( CPABC_APPOINTMENTS_CALENDARS_TABLE_NAME, $data1, array( 'id' => intval($_GET["edit"]) )); |
| 118 | if ($event->reference != '') $wpdb->update ( CPABC_APPOINTMENTS_TABLE_NAME, $data2, array( 'id' => intval($event->reference) )); |
| 119 | |
| 120 | echo '<script type="text/javascript"> document.location = "admin.php?page=cpabc_appointments&cal='.intval($_GET["cal"]).'&list=1&message=Item updated&r="+Math.random();</script>'; |
| 121 | exit; |
| 122 | } |
| 123 | |
| 124 | $date = date("Y-m-d", strtotime($event->datatime)); |
| 125 | $hour = intval (date("G", strtotime($event->datatime))); |
| 126 | $minute = intval(date("i", strtotime($event->datatime))); |
| 127 | if (strlen($minute)==2 && $minute[0] == '0') $minute = $minute[1]; |
| 128 | |
| 129 | $nonce_un = wp_create_nonce( 'uname_abc_editlist' ); |
| 130 | |
| 131 | ?> |
| 132 | |
| 133 | <div class="wrap"> |
| 134 | <h1>Edit Booking</h1> |
| 135 | |
| 136 | <form method="post" name="dexeditfrm" action=""> |
| 137 | <input type="hidden" name="rsaveedit" value="<?php echo esc_attr($nonce_un); ?>" /> |
| 138 | <div id="metabox_basic_settings" class="postbox" > |
| 139 | <h3 class='hndle' style="padding:5px;"><span>Appointment Data</span></h3> |
| 140 | <div class="inside"> |
| 141 | <table class="form-table"> |
| 142 | <tr valign="top"> |
| 143 | <th scope="row">Date</th> |
| 144 | <td><input type="text" name="datatime" id="datatime" size="40" value="<?php echo esc_attr($date); ?>" /></td> |
| 145 | </tr> |
| 146 | <tr valign="top"> |
| 147 | <th scope="row">Time</th> |
| 148 | <td> |
| 149 | <select name="datatime_hour"> |
| 150 | <?php for ($i=0;$i<24;$i++) echo '<option'.($i==$hour?' selected':'').'>'.esc_html(($i<10?'0':'').$i).'</option>'; ?> |
| 151 | </select> : |
| 152 | <select name="datatime_minutes"> |
| 153 | <?php for ($i=0;$i<60;$i+=5) echo '<option'.($i==$minute?' selected':'').'>'.esc_html(($i<10?"0":"").$i).'</option>'; ?> |
| 154 | </select> |
| 155 | </td> |
| 156 | </tr> |
| 157 | <tr valign="top"> |
| 158 | <th scope="row">Appointment Title</th> |
| 159 | <td><input type="text" name="title" size="40" value="<?php echo esc_attr($event->title); ?>" /></td> |
| 160 | </tr> |
| 161 | <tr valign="top"> |
| 162 | <th scope="row">Quantity</th> |
| 163 | <td> |
| 164 | <select name="quantity"> |
| 165 | <?php for ($i=1;$i<$event->quantity+20;$i++) { ?> |
| 166 | <option <?php if (intval($event->quantity)==$i) echo ' selected'; ?>><?php echo intval($i); ?></option> |
| 167 | <?php } ?> |
| 168 | </select> |
| 169 | </td> |
| 170 | </tr> |
| 171 | <?php |
| 172 | $excluded = explode(",",get_option('CPABC_EXCLUDED_COLUMNS',"")); |
| 173 | for ($i=0; $i<count($excluded); $i++) |
| 174 | $excluded[$i] = strtolower(trim($excluded[$i])); |
| 175 | $excluded[] = 'utimezone'; |
| 176 | $excluded[] = 'couponcode'; |
| 177 | $excluded[] = 'request_timestamp'; |
| 178 | foreach ($params as $item => $value) |
| 179 | { |
| 180 | if (!is_array($value) && !in_array(strtolower($item), $excluded)) |
| 181 | { |
| 182 | ?> |
| 183 | <tr valign="top"> |
| 184 | <th scope="row"><?php |
| 185 | $name = cpabc_appointments_get_field_name($item,$form_data[0]); |
| 186 | //if ($name == 'ADULTS') |
| 187 | // echo cpabc_get_option('quantity_field_label',CPABC_APPOINTMENTS_ENABLE_QUANTITY_FIELD_LABEL); |
| 188 | //else if ($name == 'JUNIORS') |
| 189 | // echo cpabc_get_option('quantity_field_two_label',CPABC_APPOINTMENTS_ENABLE_QUANTITY_FIELD_TWO_LABEL); |
| 190 | //else |
| 191 | echo esc_html($name); |
| 192 | ?></th> |
| 193 | <td> |
| 194 | <?php if (!is_array($value) && (strpos($value,"\n") > 0 || strlen($value) > 80)) { ?> |
| 195 | <textarea cols="85" name="<?php echo esc_attr($item); ?>"><?php echo esc_textarea($value); ?></textarea> |
| 196 | <?php } else { ?> |
| 197 | <input type="text" name="<?php echo esc_attr($item); ?>" value="<?php echo esc_attr(is_array($value) ? implode(",", $value) : esc_attr($value)); ?>" /> |
| 198 | <?php } ?> |
| 199 | </td> |
| 200 | </tr> |
| 201 | <?php |
| 202 | } |
| 203 | else |
| 204 | { |
| 205 | if (false) { |
| 206 | ?><input type="hidden" name="<?php echo esc_attr($item); ?>" value="<?php echo esc_attr(serialize($value)); ?>" /><?php |
| 207 | } |
| 208 | } |
| 209 | } |
| 210 | ?> |
| 211 | </table> |
| 212 | </div> |
| 213 | </div> |
| 214 | |
| 215 | |
| 216 | |
| 217 | <p class="submit"><input type="submit" name="submit" id="submit" class="button-primary" value="Save" /> <input type="button" value="Cancel" onclick="javascript:gobackapp();"></p> |
| 218 | |
| 219 | |
| 220 | |
| 221 | </form> |
| 222 | |
| 223 | </div> |
| 224 | |
| 225 | <script type="text/javascript"> |
| 226 | var $j = jQuery.noConflict(); |
| 227 | $j(function() { |
| 228 | $j("#datatime").datepicker({ |
| 229 | dateFormat: 'yy-mm-dd' |
| 230 | }); |
| 231 | }); |
| 232 | function gobackapp() |
| 233 | { |
| 234 | document.location = 'admin.php?page=cpabc_appointments&cal=<?php echo intval($_GET["cal"]); ?>&list=1&r='+Math.random(); |
| 235 | } |
| 236 | </script> |
| 237 | |
| 238 | |
| 239 | <?php } else { ?> |
| 240 | <br /> |
| 241 | The current user logged in doesn't have enough permissions to edit this item. Please log in as administrator to get full access. |
| 242 | |
| 243 | <?php } ?> |
| 244 | |
| 245 | |
| 246 | |
| 247 | |
| 248 | |
| 249 | |
| 250 | |
| 251 | |
| 252 |