-
Notifications
You must be signed in to change notification settings - Fork 0
/
event.php
265 lines (207 loc) · 7.74 KB
/
event.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
<?php include("include.php"); ?>
<?php
$group_authorized = false;
$auth_actions = "";
$invald = 0;
if(isset($_GET["id"])){
$event_id = intval($_GET["id"]);
if($stmt = $mysqli->prepare("SELECT event.title, event.description, event.start_time, event.end_time, location.lname, location.description, location.street, location.city, location.zip, g.group_id, g.group_name, g.username FROM event, location, `group` g WHERE event.lname=location.lname AND event.zip=location.zip AND g.group_id=event.group_id AND event.event_id=?")){
$stmt->bind_param("i",$event_id);
$stmt->execute();
$stmt->store_result();
$stmt->bind_result($event_title, $event_description, $event_start, $event_end, $location_name, $location_description, $location_street, $location_city, $location_zipcode, $group_id, $group_name, $group_creator);
$event = $stmt;
if($event->fetch()){
/*
* START IF EVENT FOUND
*/
// action bar (store in variable because used on top and bottom)
$actions = '<div class="actions"><a href="events.php">Back to List of Events</a> | <a href="group.php?id='.$group_id.'">Back to Group: '.$group_name.'</a>';
// status bar
$status = "";
if(isset($username)){
// check if user is in group (and then if authorized)
$group_member = false;
if($stmt = $mysqli->prepare("SELECT authorized FROM groupuser WHERE group_id=? AND username=?")){
$stmt->bind_param("is", $group_id, $username);
$stmt->execute();
$stmt->bind_result($g_authorized);
if($stmt->fetch()){
$group_member = true;
$group_authorized = $g_authorized;
}
$stmt->close();
}
// process any actions - only do actions if member is part of group
if(isset($_GET["action"])){
//if($group_member){
switch($_GET["action"]){
case "leave":
if($stmt = $mysqli->prepare("DELETE FROM eventuser WHERE event_id=? AND username=?")){
$stmt->bind_param("is",$event_id,$username);
$stmt->execute();
$stmt->close();
$success[] = "Successfully un-RSVP'd from event.";
}
break;
case "join":
// If user not in group, add user to group
if(!$group_member){
$user_auth = 0;
if($group_creator == $username){
$user_auth = 1;
}
if($stmt = $mysqli->prepare("INSERT INTO groupuser VALUES(?, ?, ?)")){
$stmt->bind_param("isi",$group_id, $username, $user_auth);
$stmt->execute();
$stmt->close();
$success[] = "Successfully joined group.";
}
$group_member = true;
}
if($stmt = $mysqli->prepare("INSERT INTO eventuser VALUES(?, ?, 1, 0)")){
$stmt->bind_param("is",$event_id, $username);
$stmt->execute();
$stmt->close();
$success[] = "Successfully RSVP'd to event.";
}
break;
case "del":
if($group_creator == $username){ // group creator can delete events only
// first delete all RSVPs
if($stmt = $mysqli->prepare("DELETE FROM eventuser WHERE event_id=?")){
$stmt->bind_param("i",$event_id);
$stmt->execute();
$stmt->close();
}
// next delete the event
if($stmt = $mysqli->prepare("DELETE FROM event WHERE event_id=?")){
$stmt->bind_param("i",$event_id);
$stmt->execute();
$stmt->close();
}
header("Location: group.php?id=".$group_id."&eventdel=true");
}
break;
}
//} else {
// $error[] = "You must be a group member to complete that action.";
//}
}
// find out if user is rsvp
if($group_member){
if($stmt = $mysqli->prepare("SELECT rsvp FROM eventuser WHERE username=? AND event_id=? AND rsvp=1")){
$stmt->bind_param("si",$username,$event_id);
$stmt->execute();
if($stmt->fetch()){
$status .= '<span class="status_member">RSVP\'d</span>';
$actions .= ' | <a href="event.php?id='.$event_id.'&action=leave" class="bad">Un-RSVP from Event</a>';
} else {
$actions .= ' | <a href="event.php?id='.$event_id.'&action=join" class="good">RSVP to Event</a>';
}
$stmt->close();
}
} else {
//$actions .= ' | You must be a group member to RSVP to this event';
$actions .= ' | <a href="event.php?id='.$event_id.'&action=join" class="good">Join Group and RSVP to Event</a>';
}
}
$actions .= '</div>';
if($group_creator == $username){
$auth_actions .= '<a href="event.php?id='.$event_id.'&action=del" class="bad">Delete Event</a>';
}
?>
<html>
<head>
<title><?php echo $event_title; ?></title>
<?php include("header.php"); ?>
</head>
<body>
<?php
include("body_header.php");
?>
<div id="title"><?php echo $event_title; ?>
<div id="description">Hosted by <strong><?php echo $group_name; ?></strong></div>
</div>
<?php
if($status != ""){
echo '<div id="status">'.$status.'</div>';
}
print_errors($error, $success);
if($auth_actions != ""){
echo '<div class="creator_actions"><div style="font-weight:bold;">Group Creator Actions:</div>'.$auth_actions.'</div>';
}
echo $actions;
?>
<div>
<table cellspacing="0" class="box">
<tr>
<td style="width:50%;">
<?php
echo '<div><strong>Hosted by: </strong> <a href="group.php?id='.$group_id.'">'.$group_name.'</a></div>';
echo '<div><strong>Start:</strong> '.(new Datetime($event_start))->format($EVENT_DATE_FORMAT).'</div>';
echo '<div><strong>End:</strong> '.(new Datetime($event_end))->format($EVENT_DATE_FORMAT).'</div><br />';
echo '<strong>Event Description:</strong><br />'.$event_description;
?>
</td>
<td style="width:50%;" rowspan="3">
<?php
echo '<strong>Members RSVP:</strong>';
if($stmt = $mysqli->prepare("SELECT username FROM eventuser WHERE event_id=? AND rsvp=1")){
$stmt->bind_param("i",$event_id);
$stmt->execute();
$stmt->bind_result($user);
while($stmt->fetch()){
//echo '<div><a href="user.php?username='.$username.'">'.$username.'</a></div>';
echo '<div><span class="member">'.htmlentities($user).'</span></div>';
}
$stmt->close();
}
?>
</td>
</tr>
<tr>
<td>
<strong>Location:</strong>
<div><?php echo '<a href="location.php?name='.$location_name.'&zipcode='.$location_zipcode.'">'.$location_name.'</a>'; ?></div>
<div><?php echo $location_street.' '.$location_zipcode.', '.$location_city; ?></div>
<br />
<div><?php echo $location_description; ?></div>
</td>
</tr>
</tr>
</table>
</div>
<?php
echo $actions;
include("body_footer.php");
?>
</body>
</html>
<?php
$event->close();
} else $invalid = 1;
} else $invalid = 1;
} else $invalid = 1;
if(isset($invalid) && $invalid == 1){
$actions = '<div class="actions"><a href="events.php">Back to List of Events</a></div>';
?>
<html>
<head>
<title>Event Not Found</title>
<?php include("header.php"); ?>
</head>
<body>
<?php include("body_header.php"); ?>
<div id="title">Event Not Found</div>
<?php echo $actions; ?>
<div id="main_box">
The event you are trying to access does not exist or has been deleted.
<br /><br />
<a href="events.php">Back to List of Events</a>
</div>
<?php echo $actions; ?>
<?php include("body_footer.php"); ?>
</body>
</html>
<?php } ?>