Dokeos PHP Cross Reference Learning Management Systems

Source: /main/reservation/rsys.php - 1904 lines - 84555 bytes - Summary - Text - Print

   1  <?php
   2  //* For licensing terms, see /dokeos_license.txt */
   3  
   4  /**
   5  ==============================================================================
   6  *    @package dokeos.booking
   7  ==============================================================================
   8  */
   9  
  10  // language file that needs to be included
  11  $language_file = 'reservation';
  12  
  13  // resetting the course
  14  $cidReset = true;
  15  
  16  // including the global Dokeos file
  17  require_once  ('../inc/global.inc.php');
  18  
  19  // including additional libraries
  20  require_once  'rcalendar.php';
  21  require_once (api_get_path(LIBRARY_PATH).'formvalidator/FormValidator.class.php');
  22  
  23  // the section (for the tabs)
  24  $this_section = SECTION_COURSES;
  25  
  26  // initialisation of the reservation system
  27  Rsys :: init();
  28  
  29  class Rsys {
  30      /**
  31       *  Get required database-vars from inc/lib/database.lib.php and load them into the $GLOBALS['_rsys']-array
  32       *
  33       */
  34  	function init() {
  35          // reservation database tables
  36          $GLOBALS['_rsys']['dbtables']['item']               = Database :: get_main_table(TABLE_MAIN_RESERVATION_ITEM);
  37          $GLOBALS['_rsys']['dbtables']['reservation']      = Database :: get_main_table(TABLE_MAIN_RESERVATION_RESERVATION);
  38          $GLOBALS['_rsys']['dbtables']['subscription']     = Database :: get_main_table(TABLE_MAIN_RESERVATION_SUBSCRIBTION);
  39          $GLOBALS['_rsys']['dbtables']['category']          = Database :: get_main_table(TABLE_MAIN_RESERVATION_CATEGORY);
  40          $GLOBALS['_rsys']['dbtables']['item_rights']     = Database :: get_main_table(TABLE_MAIN_RESERVATION_ITEM_RIGHTS);
  41      }
  42  
  43      /**
  44       *  Get the full tag for a reservation specific database table
  45       *
  46       *  @param  -   String  $table      The table-name
  47       */
  48  	function getTable($table) {
  49          return $GLOBALS['_rsys']['dbtables'][$table];
  50      }
  51  
  52      /**
  53       *  Get number of subscriptions of a reservationperiod
  54       *
  55       *  @return -   int     The amount of subscriptions
  56       */
  57  	function get_num_subscriptions_reservationperiods($res_id) {
  58          $sql = "SELECT COUNT(*) FROM ".Rsys :: getTable("subscription")." s
  59              WHERE s.reservation_id = '".Database::escape_string($res_id)."'";
  60          return @ Database::result(Database::query($sql, __FILE__, __LINE__), 0, 0);
  61      }
  62  
  63      /**
  64       *  Validates the access to a certain reservation-script
  65       *
  66       *  @param  -   String  $section    The section (= script-file)
  67       *  @param  -   int     $id         An id (sometimes this is required to get rights for a unique row in the database)
  68       */
  69  	function protect_script($section, $id = null) {
  70          $uid = api_get_user_id();
  71          switch ($section) {
  72              case 'm_item' :
  73                  if (!api_is_platform_admin() && Rsys :: check_user_status() <> 1)
  74                      api_protect_admin_script();
  75                  break;
  76              case 'm_category' :
  77                  api_protect_admin_script();
  78                  break;
  79              case 'm_reservation' :
  80                  if (!api_is_platform_admin() && Rsys :: check_user_status() <> 1)
  81                      api_protect_admin_script();
  82                  break;
  83          }
  84      }
  85  
  86      /**
  87       *  Formats a message with a goto-link
  88       *
  89       *  @param  -   String  $msg        The message
  90       *  @param  -   String  $page       The page-script
  91       *  @param  -   String  $pageheader The tag to display as link
  92       */
  93  	function get_return_msg($msg, $page, $pageheader) {
  94          $target_url = api_get_path(WEB_PATH).'main/reservation/'.$page;
  95          $return = get_lang('GoTo');
  96          return $msg."<br /><br /><a href=\"$target_url\">$return $pageheader</a>";
  97      }
  98  
  99      /**
 100       *  Formats a message with a goto-link
 101       *
 102       *  @param  -   String  $msg        The message
 103       *  @param  -   String  $page       The page-script
 104       *  @param  -   String  $pageheader The tag to display as link
 105       */
 106  	function get_return_msg2($msg, $page, $pageheader) {
 107          $return = get_lang('GoTo');
 108          return $msg."<br /><br /><a href=\"$page\">$return $pageheader</a>";
 109      }
 110  
 111      /**
 112       *  Returns a timestamp from a mysql DATETIME
 113       *
 114       *  @param  -   String  $dt     DATETIME (0000-00-00 00:00:00)
 115       *  @return -   int             timestamp
 116       */
 117  	function mysql_datetime_to_timestamp($dt) {
 118          $yr = strval(substr($dt, 0, 4));
 119          $mo = strval(substr($dt, 5, 2));
 120          $da = strval(substr($dt, 8, 2));
 121          $hr = strval(substr($dt, 11, 2));
 122          $mi = strval(substr($dt, 14, 2));
 123          $se = strval(substr($dt, 17, 2));
 124          return mktime($hr, $mi, $se, $mo, $da, $yr);
 125      }
 126  
 127  	function mysql_datetime_to_array($dt) {
 128          $offset = strpos($dt, '-');
 129          $dat['year'] = strval(substr($dt, 0, $offset));
 130          $dat['month'] = strval(substr($dt, $offset +1, strpos($dt, '-', $offset +1) - ($offset +1)));
 131          $offset = strpos($dt, '-', $offset +1);
 132          $dat['day'] = strval(substr($dt, $offset +1, strpos($dt, ' ', $offset +1) - ($offset +1)));
 133          $offset = strpos($dt, ' ', $offset +1);
 134          $dat['hour'] = strval(substr($dt, $offset +1, strpos($dt, ':', $offset +1) - ($offset +1)));
 135          $offset = strpos($dt, ':', $offset +1);
 136          $dat['minute'] = strval(substr($dt, $offset +1, strpos($dt, ':', $offset +1) - ($offset +1)));
 137          $offset = strpos($dt, ':', $offset +1);
 138          $dat['second'] = strval(substr($dt, $offset +1, strlen($dt) - $offset +1));
 139          return $dat;
 140      }
 141  
 142  	function timestamp_to_datetime($timestamp) {
 143          return date('Y-m-d H:i:s', $timestamp);
 144      }
 145  
 146  	function check_user_status() {
 147          $user_info = api_get_user_info(api_get_user_id());
 148          return $user_info['status'];
 149      }
 150      /*
 151       ============================================================================================
 152  
 153                                          CATEGORIES
 154  
 155       ============================================================================================
 156      */
 157  
 158      /**
 159       *  Adds a category
 160       *
 161       *  @param  -   String  $name   The name
 162       *  @return -   int             The id
 163       */
 164  	function add_category($naam) {
 165          if (Rsys :: check_category($naam)) {
 166              $sql = "INSERT INTO ".Rsys :: getTable("category")." (name) VALUES ('".Database::escape_string($naam)."')";
 167              Database::query($sql, __FILE__, __LINE__);
 168              return Database::insert_id();
 169          }
 170          return false;
 171      }
 172  
 173      /**
 174       *  Controls if the category already exists
 175       *
 176       *  @param  -   String  $name   The name
 177       *  @return -   boolean         True or False
 178       */
 179  	function check_category($name, $id=0) {
 180          $sql = "SELECT name FROM ".Rsys :: getTable("category")." WHERE LCASE(name)='".strtolower(Database::escape_string($name))."' AND id<>".Database::escape_string($id)."";
 181          $Result = Database::query($sql, __FILE__, __LINE__);
 182          return (Database::num_rows($Result) == 0);
 183      }
 184  
 185      /**
 186       *  Edits a category
 187       *
 188       *  @param  -   String  $name   The name
 189       *  @param  -   int     $id     The id
 190       */
 191  	function edit_category($id, $name) {
 192          if (Rsys :: check_category($name, $id)) {
 193              $sql = "UPDATE ".Rsys :: getTable("category")." SET name = '".Database::escape_string($name)."' WHERE id =".Database::escape_string($id)."";
 194              Database::query($sql, __FILE__, __LINE__);
 195              return $id;
 196          }
 197          return false;
 198      }
 199  
 200      /**
 201       *  Deletes a category
 202       *
 203       *  @param  -   int     $id     The id
 204       */
 205  	function delete_category($id) {
 206          $sql = "SELECT id FROM ".Rsys :: getTable("item")." WHERE category_id=".Database::escape_string($id)."";
 207          $result = Database::query($sql, __FILE__, __LINE__);
 208          if (Database::num_rows($result) == 0) {
 209              $sql2 = "DELETE FROM ".Rsys :: getTable("category")." WHERE id =".Database::escape_string($id)."";
 210              Database::query($sql2, __FILE__, __LINE__);
 211              return 0;
 212          } else {
 213              return Database::num_rows($result);
 214          }
 215  
 216      }
 217  
 218      /**
 219       *  Gets a category from database (give no param to get ALL categories)
 220       *
 221       *  @param  -   int     $id         The id of the category
 222       *  @param  -   String  $orderby    (sql) ORDER BY $orderby
 223       *  @return -   Array               One or all rows of the category-table
 224       */
 225  	function get_category($id = null, $orderby = "name ASC") {
 226          $sql = "SELECT * FROM ".Rsys :: getTable("category");
 227          if (!empty ($id))
 228              $sql .= " WHERE id = ".Database::escape_string($id)."";
 229          else
 230              $sql .= " ORDER BY ".$orderby;
 231          $arr = Database::store_result(Database::query($sql, __FILE__, __LINE__));
 232          if (!empty ($id))
 233              return $arr[0];
 234          else
 235              return $arr;
 236      }
 237  
 238      /**
 239       *  Gets all categories that have items in them (for the current user)
 240  
 241       *  @param  -   String  $orderby    (sql) ORDER BY $orderby
 242       *  @return -   Array               All rows of the category-table that have items
 243       */
 244  	function get_category_with_items($orderby = "c.name ASC") {
 245          $sql = "SELECT c.* FROM ".Rsys :: getTable("category")." c
 246                          INNER JOIN ".Rsys :: getTable("item")." i ON i.category_id =c.id
 247                          LEFT JOIN ".Rsys :: getTable("item_rights")." ir ON ir.item_id=i.id
 248                          LEFT JOIN ".Database :: get_main_table(TABLE_MAIN_CLASS)." cl ON ir.class_id=cl.id AND ir.item_id = i.id
 249                          LEFT JOIN ".Database :: get_main_table(TABLE_MAIN_CLASS_USER)." cu ON cu.class_id = cl.id
 250                          WHERE (cu.user_id='".api_get_user_id()."' AND ir.view_right=1) OR i.creator='".api_get_user_id()."'  OR 1=". (api_is_platform_admin() ? 1 : 0)."
 251                          GROUP BY c.id ORDER BY ".$orderby;
 252  
 253          $arr = Database::store_result(Database::query($sql, __FILE__, __LINE__));
 254          return $arr;
 255      }
 256  
 257      /**
 258       *  Gets all categories that have items in them (for the current user)
 259  
 260       *  @param  -   String  $orderby    (sql) ORDER BY $orderby
 261       *  @return -   Array               All rows of the category-table that have items
 262       */
 263  	function get_category_with_items_manager($orderby = "c.name ASC") {
 264          $sql = "SELECT c.* FROM ".Rsys :: getTable("category")." c
 265                          INNER JOIN ".Rsys :: getTable("item")." i ON i.category_id =c.id
 266                          LEFT JOIN ".Rsys :: getTable("item_rights")." ir ON ir.item_id=i.id
 267                          LEFT JOIN ".Database :: get_main_table(TABLE_MAIN_CLASS)." cl ON ir.class_id=cl.id AND ir.item_id = i.id
 268                          LEFT JOIN ".Database :: get_main_table(TABLE_MAIN_CLASS_USER)." cu ON cu.class_id = cl.id
 269                          WHERE (cu.user_id='".api_get_user_id()."' AND (ir.edit_right=1 OR ir.delete_right=1)) OR i.creator='".api_get_user_id()."'  OR 1=". (api_is_platform_admin() ? 1 : 0)."
 270                          GROUP BY c.id ORDER BY ".$orderby;
 271  
 272          $arr = Database::store_result(Database::query($sql, __FILE__, __LINE__));
 273          return $arr;
 274      }
 275  
 276      /**
 277       *  Returns categories for a sortable table based on the params
 278       *
 279       *  @param  -   int     $from       Index of the first item to return.
 280       *  @param  -   int     $per_page   The number of items to return
 281       *  @param  -   int     $column     The number of the column on which the data should be sorted
 282       *  @param  -   String  $direction  In which order should the data be sorted (ASC or DESC)
 283       */
 284  	function get_table_categories($from, $per_page, $column, $direction) {
 285          $sql = "SELECT id AS col0, name as col1, id AS col2 FROM ".Rsys :: getTable("category");
 286          if (isset ($_GET['keyword'])) {
 287              $keyword = Database::escape_string($_GET['keyword']);
 288              $sql .= " WHERE name LIKE '%".Database::escape_string($keyword)."%' OR id LIKE '%".Database::escape_string($keyword)."%'";
 289          }
 290          $from = intval($from);
 291          $per_page = intval($per_page);
 292          $column = intval($column);
 293          if(!in_array($direction, array('ASC','DESC'))) {
 294              $direction = 'ASC';
 295          }
 296  
 297          $sql .= " ORDER BY col".$column." ".$direction." LIMIT ".$from.",".$per_page;
 298          $result = Database::query($sql, __FILE__, __LINE__);
 299          while ($array = Database::fetch_array($result, 'NUM'))
 300              $arr[] = $array;
 301          return $arr;
 302      }
 303  
 304      /**
 305       *  Get number of categories
 306       *
 307       *  @return -   int     The amount of categories
 308       */
 309  	function get_num_categories() {
 310          $sql = "SELECT COUNT(id) FROM ".Rsys :: getTable("category");
 311          if (isset ($_GET['keyword'])) {
 312              $keyword = Database::escape_string($_GET['keyword']);
 313              $sql .= " WHERE name LIKE '%".Database::escape_string($keyword)."%' OR id LIKE '%".Database::escape_string($keyword)."%'";
 314          }
 315          return @ Database::result(Database::query($sql, __FILE__, __LINE__), 0, 0);
 316      }
 317  
 318      /*
 319       ============================================================================================
 320  
 321                                          ITEMS
 322  
 323       ============================================================================================
 324      */
 325  
 326      /**
 327       *     Controls if an item in a certain category already exist
 328       *
 329       *  @param  -   String  $name           The name
 330       *  @param  -   String  $category         The category id
 331       *  @return -   Boolean                   True or false
 332       */
 333  	function check_item($item, $category, $id=0) {
 334          $sql = "SELECT name FROM ".Rsys :: getTable("item")."
 335                              WHERE LCASE(name)='".strtolower(Database::escape_string($item))."'
 336                              AND category_id=".Database::escape_string($category)."
 337                              AND id<>".Database::escape_string($id)."";
 338          $Result = Database::query($sql, __FILE__, __LINE__);
 339          return (Database::num_rows($Result) == 0);
 340      }
 341  
 342      /**
 343       *  Adds an item
 344       *
 345       *  @param  -   String  $name           The name
 346       *  @param  -   String  $description    The description
 347       *  @param  -   int     $category       The category-ID
 348       *  @param  -   String     $courseCode  The course-Code (optional)
 349       *  @return -   int                     The id
 350       */
 351  	function add_item($name, $description, $category, $course = "") {
 352          if (Rsys :: check_item($name, $category)) {
 353              $sql = "INSERT INTO ".Rsys :: getTable("item")." (category_id,course_code,name,description,creator) VALUES ('".Database::escape_string($category)."','".Database::escape_string($course)."','".Database::escape_string($name)."','".Database::escape_string($description)."','".api_get_user_id()."')";
 354              Database::query($sql, __FILE__, __LINE__);
 355              return Database::insert_id();
 356          }
 357          return false;
 358      }
 359  
 360      /**
 361       *  Edits an item
 362       *
 363       *  @param  -   int     $id             The id
 364       *  @param  -   String  $name           The name
 365       *  @param  -   String  $description    The description
 366       *  @param  -   int     $category       The category-ID
 367       *  @param  -   String     $courseCode  The course-Code (optional)
 368       */
 369  	function edit_item($id, $name, $description, $category, $course = "", $always_available) {
 370          if (!Rsys :: item_allow($id, 'edit'))
 371              return false;
 372          if (!Rsys :: check_item($name, $category, $id))
 373              return false;
 374          $sql = "UPDATE ".Rsys :: getTable("item")." SET category_id='".Database::escape_string($category)."',course_code='".Database::escape_string($course)."',name='".Database::escape_string($name)."',description='".Database::escape_string($description)."', always_available='".Database::escape_string($always_available)."' WHERE id ='".Database::escape_string($id)."'";
 375          Database::query($sql, __FILE__, __LINE__);
 376          return $id;
 377      }
 378  
 379      /**
 380       *  Deletes an item and all linked item-rights
 381       *
 382       *  @param  -   int     $id     The id
 383       */
 384  	function delete_item($id) {
 385          if (!Rsys :: item_allow($id, 'delete'))
 386              return false;
 387          $sql = "SELECT id,end_at FROM".Rsys :: getTable('reservation')." WHERE item_id=".Database::escape_string($id)."";
 388          $result = Database::query($sql, __FILE__, __LINE__);
 389          while ($array = Database::fetch_array($result)) {
 390              if (Rsys :: mysql_datetime_to_timestamp(date('Y-m-d H:i:s')) <= Rsys :: mysql_datetime_to_timestamp($array[1]))
 391                  $checked = true;
 392          }
 393          if (!$checked) {
 394              $sql = "DELETE FROM ".Rsys :: getTable("item")." WHERE id =".Database::escape_string($id)."";
 395              Database::query($sql, __FILE__, __LINE__);
 396              $sql = "DELETE FROM ".Rsys :: getTable("item_rights")." WHERE item_id =".Database::escape_string($id)."";
 397              Database::query($sql, __FILE__, __LINE__);
 398              $sql = "DELETE FROM ".Rsys :: getTable("reservation")." WHERE item_id =".Database::escape_string($id)."";
 399              Database::query($sql, __FILE__, __LINE__);
 400              return '0';
 401          } else {
 402              return Database::num_rows($result);
 403          }
 404  
 405      }
 406  
 407  	function item_allow($item_id, $right) {
 408          // Creator heeft alle rechten
 409          switch ($right) {
 410              case 'm_rights' : // manage rights of item (only for creator and admin)
 411                  $x = '';
 412                  break;
 413              case 'edit' :
 414                  $x = ' ir.edit_right=1 ';
 415                  break;
 416              case 'delete' :
 417                  $x = ' ir.delete_right=1 ';
 418                  break;
 419              case 'm_reservation' :
 420                  $x = ' ir.m_reservation=1 ';
 421                  break;
 422              case 'view' :
 423                  $x = ' ir.view_right=1 ';
 424                  break;
 425          }
 426          $sql = "SELECT i.id FROM ".Rsys :: getTable("item")." i
 427                          LEFT JOIN ".Rsys :: getTable("item_rights")." ir ON ir.item_id=i.id
 428                          LEFT JOIN ".Database :: get_main_table(TABLE_MAIN_CLASS)." c ON ir.class_id=c.id AND ir.item_id = i.id
 429                          LEFT JOIN ".Database :: get_main_table(TABLE_MAIN_CLASS_USER)." cu ON cu.class_id = c.id
 430                          WHERE i.id='".Database::escape_string($item_id)."' AND (". (!empty ($x) ? "(cu.user_id='".api_get_user_id()."' AND ".$x.") OR " : '')." i.creator='".api_get_user_id()."'  OR 1=". (api_is_platform_admin() ? 1 : 0).")";
 431          return Database::num_rows(Database::query($sql, __FILE__, __LINE__)) > 0;
 432      }
 433  
 434      /**
 435       *  Gets an item from the database (give no param to get ALL items)
 436       *
 437       *  @param  -   int     $id         The id of the item
 438       *  @param  -   String  $orderby    (sql) ORDER BY $orderby
 439       *  @return -   Array               The returned rows
 440       */
 441  	function get_item($id = null, $orderby = "name ASC") {
 442          $id = Database::escape_string($id);
 443          $sql = "SELECT i.* FROM ".Rsys :: getTable("item")." i";
 444          if (!empty ($id)) {
 445              if (!Rsys :: item_allow($id, 'view') AND !api_is_platform_admin()) {
 446                  return false;
 447              }
 448              $sql .= " WHERE i.id = '".$id."'";
 449          } else
 450              $sql .= " LEFT JOIN ".Rsys :: getTable("item_rights")." ir ON ir.item_id=i.id LEFT JOIN ".Database :: get_main_table(TABLE_MAIN_CLASS)." c ON ir.class_id=c.id AND ir.item_id = i.id LEFT JOIN ".Database :: get_main_table(TABLE_MAIN_CLASS_USER)." cu ON cu.class_id = c.id WHERE (cu.user_id='".api_get_user_id()."' AND ir.view_right=1) OR i.creator='".api_get_user_id()."'  OR 1=". (api_is_platform_admin() ? 1 : 0)."  ORDER BY ".$orderby;
 451          $arr = Database::store_result(Database::query($sql, __FILE__, __LINE__));
 452          if (!empty ($id))
 453              return $arr[0]; // Return one row only
 454          else
 455              return $arr;
 456      }
 457  
 458      /**
 459       *  Returns the blackout-status for an item
 460       *
 461       *  @param  -   int     $itemid    The id of the item
 462       *  @return -   boolean             true if blackout, false if not
 463       */
 464  	function is_blackout($itemid) {
 465          $sql = "SELECT id FROM ".Rsys :: getTable("item");
 466          $sql .= " WHERE id = ".Database::escape_string($itemid)." AND blackout=1";
 467          return Database::num_rows(Database::query($sql, __FILE__, __LINE__)) == 1;
 468      }
 469  
 470      /**
 471       *  Gets all items of a certain category from the database
 472       *
 473       *  @param  -   int     $id         The id of the category
 474       *  @param  -   String  $orderby    (sql) ORDER BY $orderby
 475       *  @return -   Array               The returned rows
 476       */
 477  	function get_category_items($id, $orderby = "name ASC") {
 478          $sql = "SELECT * FROM ".Rsys :: getTable("item")." WHERE category_id = ".Database::escape_string($id)." ORDER BY ".$orderby;
 479          $arr = Database::store_result(Database::query($sql, __FILE__, __LINE__));
 480          return $arr;
 481      }
 482  
 483      /**
 484       *  Gets all items of a certain course from the database
 485       *
 486       *  @param  -   int     $id         The id of the course
 487       *  @param  -   String  $orderby    (sql) ORDER BY $orderby
 488       *  @return -   Array               The returned rows
 489       */
 490  	function get_course_items($id, $orderby = "name ASC") {
 491          $sql = "SELECT * FROM ".Rsys :: getTable("item")." WHERE course_id = ".Database::escape_string($id)." ORDER BY ".$orderby;
 492          $arr = Database::store_result(Database::query($sql, __FILE__, __LINE__));
 493          return $arr;
 494      }
 495  
 496      /**
 497       *  Returns items for a sortable table based on the params
 498       *
 499       *  @param  -   int     $from       Index of the first item to return.
 500       *  @param  -   int     $per_page   The number of items to return
 501       *  @param  -   int     $column     The number of the column on which the data should be sorted
 502       *  @param  -   String  $direction  In which order should the data be sorted (ASC or DESC)
 503       *  @return -   Array               The returned rows
 504       */
 505  	function get_table_items($from, $per_page, $column, $direction) {
 506          $sql = "SELECT i.id AS col0, i.name as col1, i.description AS col2, ca.name AS col3, IF(i.creator='".api_get_user_id()."','".get_lang('Yes')."','".get_lang('No')."') AS col4, i.id AS col5
 507                          FROM ".Rsys :: getTable("item")." i INNER JOIN ".Rsys :: getTable("category")." ca ON i.category_id = ca.id
 508                              LEFT JOIN ".Rsys :: getTable("item_rights")." ir ON ir.item_id=i.id
 509                              LEFT JOIN ".Database :: get_main_table(TABLE_MAIN_CLASS)." c ON ir.class_id=c.id AND ir.item_id = i.id
 510                              LEFT JOIN ".Database :: get_main_table(TABLE_MAIN_CLASS_USER)." cu ON cu.class_id = c.id
 511                              WHERE ((cu.user_id='".api_get_user_id()."' AND (ir.edit_right=1 OR ir.delete_right=1)) OR i.creator='".api_get_user_id()."'  OR 1=". (api_is_platform_admin() ? 1 : 0).")";
 512  
 513          if (!empty ($_GET['cat']) && $_GET['cat'] <> 0) {
 514              $sql .= " AND ca.id = '".Database::escape_string($_GET['cat'])."' ";
 515          }
 516  
 517          $from = intval($from);
 518          $per_page = intval($per_page);
 519          $column = intval($column);
 520          if(!in_array($direction, array('ASC','DESC'))) {
 521              $direction = 'ASC';
 522          }
 523  
 524          $sql .= " GROUP BY i.id ORDER BY col".$column." ".$direction." LIMIT ".$from.",".$per_page;
 525          $result = Database::query($sql, __FILE__, __LINE__);
 526  
 527          while ($array = Database::fetch_array($result, 'NUM')) {
 528              if (!$array[4])
 529                  $array[4] = '-';
 530              $arr[] = $array;
 531          }
 532          return $arr;
 533      }
 534  
 535      /**
 536       *  Get number of items
 537       *
 538       *  @return -   int     The amount of items
 539       */
 540  	function get_num_items() {
 541          $sql = "SELECT COUNT(DISTINCT i.id) FROM ".Rsys :: getTable("item")." i
 542                              LEFT JOIN ".Rsys :: getTable("item_rights")." ir ON ir.item_id=i.id
 543                              LEFT JOIN ".Database :: get_main_table(TABLE_MAIN_CLASS)." c ON ir.class_id=c.id AND ir.item_id = i.id
 544                              LEFT JOIN ".Database :: get_main_table(TABLE_MAIN_CLASS_USER)." cu ON cu.class_id = c.id
 545                              WHERE ( 1=". (api_is_platform_admin() ? 1 : 0)."
 546                              OR ((cu.user_id='".api_get_user_id()."' AND (ir.edit_right=1 OR ir.delete_right=1)) OR i.creator='".api_get_user_id()."' ))";
 547  
 548           return @ Database::result(Database::query($sql, __FILE__, __LINE__), 0, 0);
 549      }
 550  
 551      /**
 552       *  Returns the rights for an item for sortable table based on the params
 553       *
 554       *  @param  -   int     $from       Index of the first item to return.
 555       *  @param  -   int     $per_page   The number of items to return
 556       *  @param  -   int     $column     The number of the column on which the data should be sorted
 557       *  @param  -   String  $direction  In which order should the data be sorted (ASC or DESC)
 558       *  @return -   Array               The returned rows
 559       */
 560  	function get_table_itemrights($from, $per_page, $column, $direction) {
 561          $itemid = Database::escape_string($_GET['item_id']);
 562          $sql = "SELECT id, name FROM ".Database :: get_main_table(TABLE_MAIN_CLASS);
 563          $result = Database::query($sql, __FILE__, __LINE__);
 564          while ($array = Database::fetch_array($result, 'NUM')) {
 565              $arr[] = $array;
 566          }
 567          $sql = "SELECT item_id, class_id,edit_right,delete_right,m_reservation,view_right
 568                  FROM ".Rsys :: getTable("item_rights")." WHERE item_id=".$itemid;
 569          $result = Database::query($sql, __FILE__, __LINE__);
 570          while ($array = Database::fetch_array($result, 'NUM')) {
 571              $arr1[] = $array;
 572          }
 573          $count = -1;
 574          if (count($arr)>0) {
 575              foreach ($arr as $lijn) {
 576                  $count ++;
 577                  $controle = false;
 578                  $tabel[$count][0] = $itemid."-".$lijn[0];
 579                  $tabel[$count][1] = $lijn[1];
 580                  foreach ($arr1 as $lijn2) {
 581                      if ($lijn2[1] == $lijn[0]) {
 582  
 583                          if ($lijn2[2] == 0) {
 584                              $tabel[$count][2] = '<img src="../img/wrong.gif" onclick="document.location.href=\'m_item.php?action=m_rights&subaction=switch&class_id='.$lijn[0].'&item_id='.$itemid.'&switch=edit&set=1\'" />';
 585                          } else {
 586                              $tabel[$count][2] = '<img src="../img/right.gif" onclick="document.location.href=\'m_item.php?action=m_rights&subaction=switch&class_id='.$lijn[0].'&item_id='.$itemid.'&switch=edit&set=0\'" />';
 587                          }
 588                          if ($lijn2[3] == 0) {
 589                              $tabel[$count][3] = '<img src="../img/wrong.gif" onclick="document.location.href=\'m_item.php?action=m_rights&subaction=switch&class_id='.$lijn[0].'&item_id='.$itemid.'&switch=delete&set=1\'" />';
 590                          } else {
 591                              $tabel[$count][3] = '<img src="../img/right.gif" onclick="document.location.href=\'m_item.php?action=m_rights&subaction=switch&class_id='.$lijn[0].'&item_id='.$itemid.'&switch=delete&set=0\'" />';
 592                          }
 593                          if ($lijn2[4] == 0) {
 594                              $tabel[$count][4] = '<img src="../img/wrong.gif" onclick="document.location.href=\'m_item.php?action=m_rights&subaction=switch&class_id='.$lijn[0].'&item_id='.$itemid.'&switch=manage&set=1\'" />';
 595                          } else {
 596                              $tabel[$count][4] = '<img src="../img/right.gif" onclick="document.location.href=\'m_item.php?action=m_rights&subaction=switch&class_id='.$lijn[0].'&item_id='.$itemid.'&switch=manage&set=0\'" />';
 597                          }
 598                          if ($lijn2[5] == 0) {
 599                                  $tabel[$count][5] = '<img src="../img/wrong.gif" onclick="document.location.href=\'m_item.php?action=m_rights&subaction=switch&class_id='.$lijn[0].'&item_id='.$itemid.'&switch=view&set=1\'" />';
 600                          } else {
 601                              $tabel[$count][5] = '<img src="../img/right.gif" onclick="document.location.href=\'m_item.php?action=m_rights&subaction=switch&class_id='.$lijn[0].'&item_id='.$itemid.'&switch=view&set=0\'" />';
 602                          }
 603              $controle = true;
 604              }
 605              }
 606              if (!$controle) {
 607                  $tabel[$count][2] = '<img src="../img/wrong.gif" onclick="document.location.href=\'m_item.php?action=m_rights&subaction=switch&class_id='.$lijn[0].'&item_id='.$itemid.'&switch=edit&set=1\'" />';
 608                  $tabel[$count][3] = '<img src="../img/wrong.gif" onclick="document.location.href=\'m_item.php?action=m_rights&subaction=switch&class_id='.$lijn[0].'&item_id='.$itemid.'&switch=delete&set=1\'" />';
 609                  $tabel[$count][4] = '<img src="../img/wrong.gif" onclick="document.location.href=\'m_item.php?action=m_rights&subaction=switch&class_id='.$lijn[0].'&item_id='.$itemid.'&switch=manage&set=1\'" />';
 610                  $tabel[$count][5] = '<img src="../img/wrong.gif" onclick="document.location.href=\'m_item.php?action=m_rights&subaction=switch&class_id='.$lijn[0].'&item_id='.$itemid.'&switch=view&set=1\'" />';
 611              }
 612              $tabel[$count][6] = $itemid."-".$lijn[0];
 613              }
 614          }
 615          return $tabel;
 616      }
 617  
 618  	function set_new_right($item_id, $class_id, $column, $value) {
 619          $item_id = Database::escape_string($item_id);
 620          $class_id = Database::escape_string($class_id);
 621          $value = Database::escape_string($value);
 622          $column = Database::escape_string($column);
 623  
 624          $sql = "SELECT item_id FROM ".Rsys :: getTable("item_rights")."WHERE item_id=".$item_id." AND class_id=".$class_id;
 625          $result = Database::query($sql, __FILE__, __LINE__);
 626          $switcher = Database::num_rows($result);
 627          if ($switcher > 0) {
 628              $sql = $sql = "UPDATE ".Rsys :: getTable("item_rights")." SET ".$column."='".$value."' WHERE class_id = '".$class_id."' AND item_id ='".$item_id."'";
 629              Database::query($sql, __FILE__, __LINE__);
 630          } else {
 631              $sql = "INSERT INTO ".Rsys :: getTable("item_rights")." (item_id,class_id,".$column.") VALUES ('".$item_id."','".$class_id."','".$value."')";
 632              Database::query($sql, __FILE__, __LINE__);
 633          }
 634      }
 635  
 636      /**
 637       *  Get number of itemrights
 638       *
 639       *  @return -   int     The amount of itemrights
 640       */
 641  	function get_num_itemrights() {
 642          $sql = "SELECT COUNT(id) FROM ".Database :: get_main_table(TABLE_MAIN_CLASS);
 643          return @ Database::result(Database::query($sql, __FILE__, __LINE__), 0, 0);
 644      }
 645  
 646      /**
 647       *  Get all classes where the item hasn't already defined rights for
 648       *
 649       *  @param  -   int     $item_id    The id of the item
 650       *  @return -   Array               The returned rows
 651       */
 652  	function get_itemfiltered_class($item_id) {
 653          $item_id = Database::escape_string($item_id);
 654          $sql = "SELECT * FROM ".Database :: get_main_table(TABLE_MAIN_CLASS)."
 655                  WHERE id NOT IN (SELECT class_id  FROM ".Rsys :: getTable("item_rights")." WHERE item_id='".$item_id."') ORDER BY name ASC, code ASC";
 656          $arr = Database::store_result(Database::query($sql, __FILE__, __LINE__));
 657          return $arr;
 658      }
 659  
 660      /**
 661       *  Get number of classes where the item hasn't already defined rights for
 662       *
 663       *  @param  -   int     $item_id    The id of the item
 664       *  @return -   int                 The amount
 665       */
 666  	function get_num_itemfiltered_class($item_id) {
 667          $item_id = Database::escape_string($item_id);
 668          $sql = "SELECT COUNT(id) FROM ".Database :: get_main_table(TABLE_MAIN_CLASS)." WHERE id NOT IN (SELECT class_id  FROM ".Rsys :: getTable("item_rights")." WHERE item_id='".$item_id."') ORDER BY name ASC, code ASC";
 669          return Database::result(Database::query($sql, __FILE__, __LINE__), 0, 0);
 670      }
 671  
 672      /**
 673       *  Adds an item-right
 674       *
 675       *  @param  -   int     $item_id        Item-ID
 676       *  @param  -   int     $class_id       Class-ID
 677       *  @param  -   int     $edit           Edit Right
 678       *  @param  -   int     $delete         Delete Right
 679       *  @param  -   int     $m_reservation  Manage reservations Right
 680       */
 681  	function add_item_right($item_id, $class_id, $edit, $delete, $m_reservation) {
 682          if (!Rsys :: item_allow($item_id, 'm_rights'))
 683              return false;
 684          $sql = "INSERT INTO ".Rsys :: getTable("item_rights")." (item_id,class_id,edit_right,delete_right,m_reservation) VALUES ('".Database::escape_string($item_id)."','".Database::escape_string($class_id)."','".Database::escape_string($edit)."','".Database::escape_string($delete)."','".Database::escape_string($m_reservation)."')";
 685          Database::query($sql, __FILE__, __LINE__);
 686      }
 687  
 688      /**
 689       *  Edits an item-right
 690       *
 691       *  @param  -   int     $item_id        Item-ID
 692       *  @param  -   int     $class_id       Class-ID
 693       *  @param  -   int     $edit           Edit Right
 694       *  @param  -   int     $delete         Delete Right
 695       *  @param  -   int     $m_reservation  Manage reservations Right
 696       *  @return -   int                     The id
 697       */
 698  	function edit_item_right($item_id, $class_id, $edit, $delete, $m_reservation) {
 699          $item_id = Database::escape_string($item_id);
 700          $class_id = Database::escape_string($class_id);
 701  
 702          if (!Rsys :: item_allow($item_id, 'm_rights'))
 703              return false;
 704          $sql = "UPDATE ".Rsys :: getTable("item_rights")." SET edit_right='".Database::escape_string($edit)."', delete_right='".Database::escape_string($delete)."', m_reservation='".Database::escape_string($m_reservation)."'  WHERE class_id = '".$class_id."' AND item_id ='".$item_id."'";
 705          Database::query($sql, __FILE__, __LINE__);
 706      }
 707  
 708      /**
 709       *  Deletes an item-right
 710       *
 711       *  @param  -   int     $id     The id
 712       */
 713  	function delete_item_right($item_id, $class_id) {
 714          $item_id = Database::escape_string($item_id);
 715          $class_id = Database::escape_string($class_id);
 716  
 717          if (!Rsys :: item_allow($item_id, 'm_rights'))
 718              return false;
 719          $sql = "DELETE FROM ".Rsys :: getTable("item_rights")." WHERE item_id='".$item_id."' AND class_id='".$class_id."'";
 720          Database::query($sql, __FILE__, __LINE__);
 721      }
 722  
 723  	function get_class_group($class_id) {
 724          $class_id = Database::escape_string($class_id);
 725          $sql = "SELECT * FROM ".Database :: get_main_table(TABLE_MAIN_CLASS)." WHERE id='".$class_id."'";
 726          $arr = Database::store_result(Database::query($sql, __FILE__, __LINE__));
 727          return $arr;
 728      }
 729  
 730  	function get_item_rights($item_id, $class_id) {
 731          $item_id = Database::escape_string($item_id);
 732          $class_id = Database::escape_string($class_id);
 733  
 734          $sql = "SELECT * FROM ".Rsys :: getTable('item_rights')." WHERE item_id='".$item_id."' AND class_id='".$class_id."'";
 735          $arr = Database::store_result(Database::query($sql, __FILE__, __LINE__));
 736          return $arr;
 737      }
 738  
 739  	function black_out_changer($item_id) {
 740          $item_id = Database::escape_string($item_id);
 741          $sql = "SELECT blackout FROM ".Rsys :: getTable("item")." WHERE id='".$item_id."'";
 742          $Value = Database::store_result(Database::query($sql, __FILE__, __LINE__));
 743          ($Value[0][0] == 0 ? $changedValue = 1 : $changedValue = 0);
 744          $sql = "UPDATE ".Rsys :: getTable("item")." SET blackout='".$changedValue."'  WHERE id = '".$item_id."'";
 745          Database::query($sql, __FILE__, __LINE__);
 746          Rsys :: black_out_notifier($item_id, $Value[0][0]);
 747          return $changedValue;
 748      }
 749  
 750  	function black_out_notifier($item_id, $value) {
 751          $item_id = Database::escape_string($item_id);
 752          $value = Database::escape_string($value);
 753  
 754          $sql = "SELECT id, timepicker FROM ".Rsys :: getTable('reservation')."
 755                  WHERE item_id='".$item_id."' AND subscribers > '0'";
 756          $value == 1 ? $sql .= " AND end_at >= (NOW()-7000000) " : $sql .= " AND end_at >= NOW()";
 757          $reservations = Database::query($sql, __FILE__, __LINE__);
 758          while ($reservation = Database::fetch_array($reservations)) {
 759              $sql = "SELECT user_id FROM ".Rsys :: getTable('subscription')." WHERE reservation_id='".$reservation[0]."'";
 760              if ($reservation[1] == 1) {
 761                  $sql .= " AND end_at >= NOW() ";
 762              }
 763              $subscriptions = Database::query($sql, __FILE__, __LINE__);
 764              while ($subscription = Database::fetch_array($subscriptions)) {
 765                  $user_info = api_get_user_info($subscription[0]);
 766                  $sql2 = "SELECT name FROM ".Rsys :: getTable('item')." WHERE id='".$item_id."'";
 767                  $items = Database::query($sql2, __FILE__, __LINE__);
 768                  $item = Database::fetch_array($items);
 769                  $item_name=$item['name'];
 770                  if ($reservation[1] == 0)
 771                  {
 772                      //er wordt geen gebruik gemaakt van een timepicker dus begin en einddatum kan opgehaald worden uit reservation
 773                      $sql2 = "SELECT start_at,end_at FROM ".Rsys :: getTable('reservation')." WHERE id='".$reservation[0]."'";
 774                  }
 775                  else
 776                  {
 777                      //er wordt gebruik gemaakt van een timepicker dus begin en einddatum kan opgehaald worden uit subscriptions
 778                      $sql2 = "SELECT start_at,end_at FROM ".Rsys :: getTable('subscription')." WHERE reservation_id='".$reservation[0]."'";
 779                  }
 780                  $items = Database::query($sql2, __FILE__, __LINE__);
 781                  $item = Database::fetch_array($items);
 782                  $begindatum = $item['start_at'];
 783                  $einddatum = $item['end_at'];
 784  
 785                  if ($value==1) {
 786                      $inhoud = str_replace('#NAME#', $item_name, get_lang('ReservationActive'));
 787                      $inhoud = str_replace('#BEGIN#', $begindatum, $inhoud);
 788                      $inhoud = str_replace('#BEGIN#', $einddatum, $inhoud);
 789                      $titel = str_replace('#NAME#', $item_name, get_lang('ReservationAvailable'));
 790                  } else {
 791                      $inhoud = str_replace('#NAME#', $item_name, get_lang('ReservationCancelled'));
 792                      $inhoud = str_replace('#BEGIN#', $begindatum, $inhoud);
 793                      $inhoud = str_replace('#BEGIN#', $einddatum, $inhoud);
 794                      $titel = str_replace('#NAME#', $item_name, get_lang('ReservationUnavailable'));
 795                  }
 796  
 797  
 798                  api_send_mail($user_info['mail'], $titel, $inhoud);
 799              }
 800          }
 801      }
 802  
 803      /*
 804       ============================================================================================
 805  
 806                                          RESERVATION PERIODS
 807  
 808       ============================================================================================
 809      */
 810  
 811  	function recurrence_list() {
 812          $arr['1'] = get_lang('EveryDay');
 813          $arr['7'] = get_lang('EveryWeek');
 814          //$arr['month'] = get_lang('EveryMonth');
 815          return $arr;
 816      }
 817  
 818  	function check_date($item_id, $start_date, $end_date, $start_at, $end_at) {
 819          $item_id = Database::escape_string($item_id);
 820          $start_date = Database::escape_string($start_date);
 821          $end_date = Database::escape_string($end_date);
 822          $start_at = Database::escape_string($start_at);
 823          $end_at = Database::escape_string($end_at);
 824  
 825  
 826          $sql = "SELECT * FROM ".Rsys :: getTable('reservation')." WHERE item_id='".$item_id."' ORDER BY start_at";
 827          $result = Database::query($sql, __FILE__, __LINE__);
 828  
 829          while ($array = Database::fetch_array($result)) {
 830              $GLOBALS['start_date'] = $array[5];
 831              $GLOBALS['end_date'] = $array[6];
 832              if (Rsys :: mysql_datetime_to_timestamp($array[5]) <= $start_date && Rsys :: mysql_datetime_to_timestamp($array[6]) >= $start_date) {
 833                  return $array[0];
 834              }
 835              if (Rsys :: mysql_datetime_to_timestamp($array[5]) <= $end_date && Rsys :: mysql_datetime_to_timestamp($array[6]) >= $end_date)
 836                  return $array[0];
 837          }
 838  
 839          $sql = "SELECT id, start_at, end_at FROM ".Rsys :: getTable('reservation')."
 840                  WHERE ((start_at > '".$start_at."' AND
 841                      start_at < '".$end_at."') OR
 842                      (end_at > '".$start_at."' AND
 843                      end_at < '".$end_at."') OR (start_at <= '".$start_at."' AND end_at >= '".$end_at."')) AND item_id='".$item_id."'";
 844          $result = Database::fetch_array(Database::query($sql, __FILE__, __LINE__));
 845          if (count($result) != 0){
 846              $GLOBALS['start_date'] = $result[1];
 847              $GLOBALS['end_date'] = $result[2];
 848              return $result[0];
 849          }
 850          return 0;
 851      }
 852  
 853  	function check_date_edit($item_id, $start_date, $end_date, $start_at, $end_at, $reservation_id) {
 854          $item_id = Database::escape_string($item_id);
 855          $reservation_id = Database::escape_string($reservation_id);
 856          $start_date = Database::escape_string($start_date);
 857          $end_date = Database::escape_string($end_date);
 858          $start_at = Database::escape_string($start_at);
 859          $end_at = Database::escape_string($end_at);
 860  
 861  
 862          $sql = "SELECT * FROM ".Rsys :: getTable('reservation')." WHERE item_id='".$item_id."' AND id <> '".$reservation_id."' ORDER BY start_at";
 863          $result = Database::query($sql, __FILE__, __LINE__);
 864  
 865          while ($array = Database::fetch_array($result)) {
 866              $GLOBALS['start_date'] = $array[5];
 867              $GLOBALS['end_date'] = $array[6];
 868              if (Rsys :: mysql_datetime_to_timestamp($array[5]) < $start_date && Rsys :: mysql_datetime_to_timestamp($array[6]) > $start_date) {
 869                  return $array[0];
 870              }
 871              if (Rsys :: mysql_datetime_to_timestamp($array[5]) < $end_date && Rsys :: mysql_datetime_to_timestamp($array[6]) > $end_date)
 872                  return $array[0];
 873          }
 874  
 875          $sql = "SELECT id FROM ".Rsys :: getTable('reservation')."
 876                                          WHERE ((start_at > '".$start_at."' AND
 877                                                start_at < '".$end_at."') OR
 878                                                (end_at > '".$start_at."' AND
 879                                                end_at < '".$end_at."') OR
 880                                                (start_at <= '".$start_at."' AND
 881                                                end_at >= '".$end_at."')) AND item_id='".$item_id."' AND id <> '".$reservation_id."'";
 882          $result = Database::fetch_array(Database::query($sql, __FILE__, __LINE__));
 883  
 884          if (count($result) != 0){
 885              $GLOBALS['start_date'] = $result[1];
 886              $GLOBALS['end_date'] = $result[2];
 887              return $result[0];
 888          }
 889          return 0;
 890      }
 891  
 892  	function get_category_rights() {
 893          $sql = "SELECT cat.id as catid,cat.name as catname
 894                                          FROM ".Rsys :: getTable('category')." cat
 895                                          LEFT JOIN ".Rsys :: getTable('item')." i ON cat.id=i.category_id
 896                                          LEFT JOIN ".Rsys :: getTable('item_rights')." ir ON ir.item_id=i.id
 897                                          LEFT JOIN ".Database :: get_main_table(TABLE_MAIN_CLASS)." c ON ir.class_id=c.id AND ir.item_id = i.id
 898                                          LEFT JOIN ".Database :: get_main_table(TABLE_MAIN_CLASS_USER)." cu ON cu.class_id = c.id
 899                                          WHERE (cu.user_id='".api_get_user_id()."' AND ir.m_reservation=1 ) OR i.creator='".api_get_user_id()."' OR 1=". (api_is_platform_admin() ? 1 : 0)." ORDER BY cat.name ASC";
 900          $result = Database::query($sql, __FILE__, __LINE__);
 901          while ($array = Database::fetch_array($result))
 902              $arr[$array['catid']] = $array['catname'];
 903          return $arr;
 904      }
 905  
 906      /**
 907       *  Returns an array with items from a category linked to rights(used by m_reservations.php)
 908       */
 909  	function get_cat_r_items($category) {
 910          $category = Database::escape_string($category);
 911          $sql = "SELECT i.id,i.name as catitem
 912                                          FROM ".Rsys :: getTable('item')." i
 913                                          INNER JOIN ".Rsys :: getTable('category')." cat ON cat.id=i.category_id
 914                                          LEFT JOIN ".Rsys :: getTable('item_rights')." ir ON ir.item_id=i.id
 915                                          LEFT JOIN ".Database :: get_main_table(TABLE_MAIN_CLASS)." c ON ir.class_id=c.id AND ir.item_id = i.id
 916                                          LEFT JOIN ".Database :: get_main_table(TABLE_MAIN_CLASS_USER)." cu ON cu.class_id = c.id
 917                                          WHERE ((cu.user_id='".api_get_user_id()."' AND ir.m_reservation=1 ) OR i.creator='".api_get_user_id()."' OR 1=". (api_is_platform_admin() ? 1 : 0).") AND (category_id =".$category.")
 918                                          ORDER BY cat.name ASC, i.name ASC";
 919          $result = Database::query($sql, __FILE__, __LINE__);
 920          while ($array = Database::fetch_array($result))
 921              $arr[$array['id']] = $array['catitem'];
 922          return $arr;
 923      }
 924  
 925      /**
 926       *  Returns an array with [ itemID => "category/item" ] with view_rights (used by reservation.php)
 927       */
 928  	function get_cat_items($category) {
 929          $category = Database::escape_string($category);
 930          $sql = "SELECT i.id,i.name as catitem
 931                  FROM ".Rsys :: getTable('item')." i
 932                  INNER JOIN ".Rsys :: getTable('category')." cat ON cat.id=i.category_id
 933                  LEFT JOIN ".Rsys :: getTable('item_rights')." ir ON ir.item_id=i.id
 934                  LEFT JOIN ".Database :: get_main_table(TABLE_MAIN_CLASS)." c ON ir.class_id=c.id AND ir.item_id = i.id
 935                  LEFT JOIN ".Database :: get_main_table(TABLE_MAIN_CLASS_USER)." cu ON cu.class_id = c.id
 936                  WHERE ((cu.user_id='".api_get_user_id()."' AND ir.view_right=1 ) OR i.creator='".api_get_user_id()."' OR 1=". (api_is_platform_admin() ? 1 : 0).") AND (category_id =".$category.")
 937                  ORDER BY cat.name ASC, i.name ASC";
 938          $result = Database::query($sql, __FILE__, __LINE__);
 939          while ($array = Database::fetch_array($result))
 940              $arr[$array['id']] = $array['catitem'];
 941          return $arr;
 942      }
 943  
 944      /**
 945       *  Returns the reservations for sortable table based on the params
 946       *
 947       *  @param  -   int     $from       Index of the first item to return.
 948       *  @param  -   int     $per_page   The number of items to return
 949       *  @param  -   int     $column     The number of the column on which the data should be sorted
 950       *  @param  -   String  $direction  In which order should the data be sorted (ASC or DESC)
 951       *  @return -   Array               The returned rows
 952       */
 953  	function get_table_reservations($from, $per_page, $column, $direction) {
 954          $sql = "SELECT DISTINCT r.id AS col0, i.name AS col1,  DATE_FORMAT(r.start_at,'%Y-%m-%d %H:%i') AS col2, DATE_FORMAT(r.end_at,'%Y-%m-%d %H:%i') AS col3," .
 955                     "DATE_FORMAT(r.subscribe_from,'%Y-%m-%d %k:%i') AS col4, DATE_FORMAT(r.subscribe_until,'%Y-%m-%d %k:%i') AS col5,IF(timepicker <> 0, '".get_lang('TimePicker')."',CONCAT(r.subscribers,'/',r.max_users)) AS col6, r.notes AS col7, r.id as col8
 956                  FROM ".Rsys :: getTable('reservation')." r
 957                  INNER JOIN ".Rsys :: getTable('item')." i ON r.item_id=i.id
 958                  LEFT JOIN ".Rsys :: getTable('item_rights')." ir ON ir.item_id=i.id
 959                  LEFT JOIN ".Database :: get_main_table(TABLE_MAIN_CLASS)." c ON ir.class_id=c.id AND ir.item_id = i.id
 960                  LEFT JOIN ".Database :: get_main_table(TABLE_MAIN_CLASS_USER)." cu ON cu.class_id = c.id
 961                  WHERE ((ir.m_reservation=1 AND cu.user_id='".api_get_user_id()."') OR i.creator='".api_get_user_id()."' OR 1=". (api_is_platform_admin() ? 1 : 0).")";
 962          if (isset ($_GET['keyword'])) {
 963              $keyword = Database::escape_string($_GET['keyword']);
 964              $sql .= "AND (i.name LIKE '%".$keyword."%' OR i.description LIKE '%".$keyword."%' OR r.notes LIKE '%".$keyword."%')";
 965          }
 966          // show only the booking periods of a certain resource
 967          if (is_numeric($_GET['resource']) AND !empty($_GET['resource']))
 968          {
 969              $sql .= "AND i.id = '".Database::escape_string(Security::Remove_XSS($_GET['resource']))."'";
 970          }
 971          // show only the booking periods of a certain resource category
 972          if (is_numeric($_GET['resource_category']) AND !empty($_GET['resource_category']))
 973          {
 974              $sql .= "AND i.category_id = '".Database::escape_string(Security::Remove_XSS($_GET['resource_category']))."'";
 975          }             
 976  
 977          $from = intval($from);
 978          $per_page = intval($per_page);
 979          $column = intval($column);
 980          if(!in_array($direction, array('ASC','DESC'))) {
 981              $direction = 'ASC';
 982          }
 983  
 984          $sql .= " ORDER BY col".$column." ".$direction." LIMIT ".$from.",".$per_page;
 985          $result = Database::query($sql, __FILE__, __LINE__);
 986          while ($array = Database::fetch_array($result, 'NUM')) {
 987              $arr[] = $array;
 988          }
 989          return $arr;
 990      }
 991  
 992  	function check_edit_right($id) {
 993          $id = Database::escape_string($id);
 994          $sql = "SELECT r.id
 995                  FROM ".Rsys :: getTable('reservation')." r
 996                  INNER JOIN ".Rsys :: getTable('item')." i ON r.item_id=i.id
 997                  LEFT JOIN ".Rsys :: getTable('item_rights')." ir ON ir.item_id=i.id
 998                  LEFT JOIN ".Database :: get_main_table(TABLE_MAIN_CLASS)." c ON ir.class_id=c.id AND ir.item_id = i.id
 999                  LEFT JOIN ".Database :: get_main_table(TABLE_MAIN_CLASS_USER)." cu ON cu.class_id = c.id
1000                  WHERE ((cu.user_id='".api_get_user_id()."'AND ir.edit_right=1) OR 1=". (api_is_platform_admin() ? 1 : 0).") AND r.id='".$id."'";
1001          $result = Database::query($sql, __FILE__, __LINE__);
1002          while ($array = Database::fetch_array($result, 'NUM')) {
1003              $arr[] = $array;
1004          }
1005          return $result;
1006      }
1007  
1008  	function check_delete_right($id) {
1009          $id = Database::escape_string($id);
1010          $sql = "SELECT r.id
1011                  FROM ".Rsys :: getTable('reservation')." r
1012                  INNER JOIN ".Rsys :: getTable('item')." i ON r.item_id=i.id
1013                  LEFT JOIN ".Rsys :: getTable('item_rights')." ir ON ir.item_id=i.id
1014                  LEFT JOIN ".Database :: get_main_table(TABLE_MAIN_CLASS)." c ON ir.class_id=c.id AND ir.item_id = i.id
1015                  LEFT JOIN ".Database :: get_main_table(TABLE_MAIN_CLASS_USER)." cu ON cu.class_id = c.id
1016                  WHERE ((cu.user_id='".api_get_user_id()."'AND ir.delete_right=1) OR 1=". (api_is_platform_admin() ? 1 : 0).") AND r.id='".$id."'";
1017          $result = Database::query($sql, __FILE__, __LINE__);
1018          while ($array = Database::fetch_array($result, 'NUM')) {
1019              $arr[] = $array;
1020          }
1021          return $arr;
1022      }
1023  
1024  	function check_auto_accept($id) {
1025          $id = Database::escape_string($id);
1026          $sql = "SELECT auto_accept FROM ".Rsys :: getTable('reservation')." WHERE id='".$id."'";
1027          return Database::result(Database::query($sql, __FILE__, __LINE__), 0, 0);
1028      }
1029  
1030      /**
1031       *  Get number of reservations
1032       *
1033       *  @return -   int                 The amount
1034       */
1035  	function get_num_reservations() {
1036          $sql = "SELECT COUNT(DISTINCT r.id)
1037                  FROM ".Rsys :: getTable('reservation')." r
1038                  LEFT JOIN ".Rsys :: getTable('item')." i ON i.id=r.item_id
1039                  LEFT JOIN ".Rsys :: getTable('item_rights')." ir ON ir.item_id=r.item_id
1040                  LEFT JOIN ".Database :: get_main_table(TABLE_MAIN_CLASS)." c ON ir.class_id=c.id AND ir.item_id = r.item_id
1041                  LEFT JOIN ".Database :: get_main_table(TABLE_MAIN_CLASS_USER)." cu ON cu.class_id = c.id
1042                  WHERE ((ir.m_reservation=1 AND cu.user_id='".api_get_user_id()."') OR i.creator='".api_get_user_id()."' OR 1=". (api_is_platform_admin() ? 1 : 0).')';
1043          if (isset ($_GET['keyword'])) {
1044              $keyword = Database::escape_string($_GET['keyword']);
1045              $sql .= " AND (i.name LIKE '%".$keyword."%' OR i.description LIKE '%".$keyword."%' OR r.notes LIKE '%".$keyword."%')";
1046          }
1047          // count only the booking periods of a certain resource
1048          if (is_numeric($_GET['resource']) AND !empty($_GET['resource']))
1049          {
1050              $sql .= "AND i.id = '".Database::escape_string(Security::Remove_XSS($_GET['resource']))."'";
1051          }
1052          // count only the booking periods of a certain resource category
1053          if (is_numeric($_GET['resource_category']) AND !empty($_GET['resource_category']))
1054          {
1055              $sql .= "AND i.category_id = '".Database::escape_string(Security::Remove_XSS($_GET['resource_category']))."'";
1056          }        
1057          return Database::result(api_sql_query($sql, __FILE__, __LINE__), 0, 0);
1058      }
1059  
1060      /**
1061       *  Adds a reservation
1062       *
1063       *  @param  -   $item_id,$auto_accept,$max_users,$start_at,$end_at,$subscribe_until,$notes
1064       *  @return -   FALSE if there is something wrong with the dates, a mysql_insert_id() if everything went perfectly
1065       */
1066  	function add_reservation($item_id, $auto_accept, $max_users, $start_at, $end_at, $subscribe_from, $subscribe_until, $notes, $timepicker, $min, $max,$subid) {
1067          $stamp_start = Rsys :: mysql_datetime_to_timestamp($start_at);
1068          $stamp_end = Rsys :: mysql_datetime_to_timestamp($end_at);
1069  
1070          $stamp_start_date = date( 'Y-m-d',$stamp_start);
1071          $stamp_end_date = date( 'Y-m-d',$stamp_end);
1072  
1073          if (Rsys :: check_date($item_id, $stamp_start, $stamp_end, $start_at, $end_at) <> 0)
1074              return 1;
1075          if ($subscribe_until != 0) {
1076              $stamp_until = Rsys :: mysql_datetime_to_timestamp($subscribe_until);
1077              if ($stamp_until > $stamp_start)
1078                  return 2;
1079          }
1080          if ($start_at < (date( 'Y-m-d H:i:s',time())))
1081                  return 3;
1082          if (($stamp_start_date != $stamp_end_date) && $timepicker == '1')
1083          {
1084              return 4;
1085          }
1086  
1087          // without timepicker
1088          if($timepicker == '0')
1089          {
1090              if ($min != '0' || $max != '0')
1091              {
1092                  //kan niet verschillen van 0!
1093                  //return 5;
1094              }
1095          }
1096          // with timepicker
1097          else
1098          {
1099              if (!($max==0 && $min==0))
1100              {
1101                  if ($max < $min)
1102                  {
1103                      return 6;
1104                      //maximum kan niet kleiner zijn dan minimum
1105                  }
1106                  else
1107                  {
1108                      $stamp = ($stamp_end - $stamp_start)/ 60;
1109                      if (($stamp/$max)<1)
1110                      {
1111                          return 7;
1112                          // er past geen blok van het tijdverschil
1113                      }
1114                  }
1115              }
1116          }
1117  
1118          $sql = "INSERT INTO ".Rsys :: getTable("reservation")." (item_id,auto_accept,max_users,start_at,end_at,subscribe_from,subscribe_until,notes,timepicker,timepicker_min,timepicker_max,subid) VALUES ('".Database::escape_string($item_id)."','".Database::escape_string($auto_accept)."','". (intval($max_users) > 1 ? $max_users : 1)."','".Database::escape_string($start_at)."','".Database::escape_string($end_at)."','".Database::escape_string($subscribe_from)."','".Database::escape_string($subscribe_until)."','".Database::escape_string($notes)."','".$timepicker."','".$min."','".$max."','". ($subid == 0 ? 0 : $subid)."')";
1119          Database::query($sql, __FILE__, __LINE__);
1120          return 0;
1121      }
1122  
1123      /**
1124       *  Edits a reservation
1125       *
1126       *  @param  -   int     $id     The reservation-ID
1127       *  @param  -   $item_id,$auto_accept,$max_users,$start_at,$end_at,$subscribe_until,$notes
1128       *  @return -   FALSE if there is something wrong with the dates, TRUE if everything went perfectly
1129       *
1130       */
1131  	function edit_reservation($id, $item_id, $auto_accept, $max_users, $start_at, $end_at, $subscribe_from, $subscribe_until, $notes, $timepicker) {
1132          $id = Database::escape_string($id);
1133  
1134          if (!Rsys :: item_allow($item_id, 'm_reservation'))
1135              return false;
1136          $stamp_start = Rsys :: mysql_datetime_to_timestamp($start_at);
1137          $stamp_end = Rsys :: mysql_datetime_to_timestamp($end_at);
1138  
1139          $stamp_start_date = date( 'Y-m-d',$stamp_start);
1140          $stamp_end_date = date( 'Y-m-d',$stamp_end);
1141          if (Rsys :: check_date_edit($item_id, $stamp_start, $stamp_end, $start_at, $end_at, $id) <> 0)
1142              return 1;
1143          if ($subscribe_until != 0) {
1144              $stamp_until = Rsys :: mysql_datetime_to_timestamp($subscribe_until);
1145              if ($stamp_until > $stamp_start)
1146                  return 2;
1147          }
1148          $sql = "SELECT timepicker, subscribers FROM ".Rsys :: getTable("reservation")." WHERE id='".$id."'";
1149          $result = Database::fetch_array(Database::query($sql, __FILE__, __LINE__));
1150          if ($result[0] == 0 && $result[1] > $max_users) {
1151              return 3;
1152          }
1153          if (($stamp_start_date != $stamp_end_date) && $timepicker == '1')
1154          {
1155              return 4;
1156          }
1157          if ($auto_accept == 1) {
1158              $sql = "SELECT dummy FROM ".Rsys :: getTable("subscription")." WHERE reservation_id='".$id."'";
1159              $result = Database::query($sql, __FILE__, __LINE__);
1160              while ($array = Database::fetch_array($result, 'NUM')) {
1161                  Rsys :: set_accepted($array[0], 1);
1162              }
1163          } else {
1164              $auto_accept = 0;
1165          }
1166          $sql = "UPDATE ".Rsys :: getTable("reservation")." SET item_id='".Database::escape_string($item_id)."',auto_accept='".Database::escape_string($auto_accept)."',max_users='". ($max_users > 1 ? $max_users : 1)."',start_at='".Database::escape_string($start_at)."',end_at='".Database::escape_string($end_at)."',subscribe_from='".Database::escape_string($subscribe_from)."',subscribe_until='".Database::escape_string($subscribe_until)."',notes='".Database::escape_string($notes)."' WHERE id='".$id."'";
1167          Database::query($sql, __FILE__, __LINE__);
1168          return 0;
1169      }
1170  
1171      /**
1172       *  Deletes a reservation
1173       */
1174  	function delete_reservation($id) {
1175          $id = Database::escape_string($id);
1176  
1177          $sql = "SELECT id FROM ".Rsys :: getTable("reservation")."WHERE id='".$id."' OR subid='".$id."'";
1178          $result2 = Database::query($sql, __FILE__, __LINE__);
1179          while ($arr = Database::fetch_array($result2, 'NUM')) {
1180              $sql = "SELECT s.dummy, s.user_id, i.name, r.start_at, r.end_at
1181                      FROM ".Rsys :: getTable("subscription")." s
1182                      INNER JOIN ".Rsys :: getTable("reservation")." r ON s.reservation_id = r.id
1183                      INNER JOIN ".Rsys :: getTable("item")." i ON r.item_id = i.id
1184                      WHERE s.reservation_id='".$arr[0]."'";
1185              $result = Database::query($sql, __FILE__, __LINE__);
1186              while ($array = Database::fetch_array($result, 'NUM')) {
1187                  $user_info = api_get_user_info($array[1]);
1188                  api_send_mail($user_info['mail'], str_replace('#NAME#', $array[2], get_lang("ReservationDeleteTitle")), str_replace('#START#', $array[3], str_replace('#END#', $array[4], str_replace('#NAME#', $array[2], get_lang("ReservationDeleteMessage")))));
1189                  $sql = "DELETE FROM ".Rsys :: getTable("subscription")." WHERE dummy='".$array[0]."'";
1190                  Database::query($sql, __FILE__, __LINE__);
1191              }
1192              $sql = "DELETE FROM ".Rsys :: getTable("reservation")." WHERE id='".$arr[0]."'";
1193              Database::query($sql, __FILE__, __LINE__);
1194          }
1195      }
1196  
1197  	function is_owner_item($id) {
1198          $id = Database::escape_string($id);
1199          $sql = "SELECT creator FROM ".Rsys :: getTable('item')." i ,".Rsys :: getTable('reservation')." r
1200              where i.id = r.item_id
1201              and r.id = '".$id."'
1202              and i.creator ='".api_get_user_id()."'";
1203          $result = Database::query($sql, __FILE__, __LINE__);
1204          if (Database::num_rows($result) != 0)
1205              return 1;
1206          return 0;
1207      }
1208  
1209  	function get_reservation($id,$return_type = 'NUM',$fields=array()) {
1210          $id = Database::escape_string($id);
1211  
1212          $sql = "SELECT ";
1213          if (!empty($fields))
1214          {
1215              $sql .= implode(',',$fields);
1216          }
1217          else 
1218          {
1219              $sql .= " * ";
1220          }
1221          $sql .= "
1222                  FROM ".Rsys :: getTable('reservation')." r
1223                  INNER JOIN ".Rsys :: getTable('item')." i ON r.item_id=i.id
1224                  LEFT JOIN ".Rsys :: getTable('item_rights')." ir ON ir.item_id=i.id
1225                  LEFT JOIN ".Database :: get_main_table(TABLE_MAIN_CLASS)." c ON ir.class_id=c.id AND ir.item_id = i.id
1226                  LEFT JOIN ".Database :: get_main_table(TABLE_MAIN_CLASS_USER)." cu ON cu.class_id = c.id
1227                  WHERE (cu.user_id='".api_get_user_id()."' OR 1=". (api_is_platform_admin() ? 1 : 0)." OR 1=".(Rsys :: is_owner_item("$id")? 1 : 0).") AND r.id='".$id."'";
1228          $result = Database::query($sql, __FILE__, __LINE__);
1229          while ($array = Database::fetch_array($result, $return_type))
1230              $arr[] = $array;
1231          return $arr;
1232      }
1233  
1234  	function get_num_subscriptions_overview() {
1235  
1236          $sql = "SELECT  COUNT(s.reservation_id)
1237                  FROM ".Rsys :: getTable('subscription')." s, ".Rsys :: getTable('reservation')." r1, ".Database :: get_main_table(TABLE_MAIN_USER)." u," .Rsys :: getTable('item')." i1
1238                  where r1.id = s.reservation_id
1239                  and i1.id = r1.item_id
1240                  and u.user_id = s.user_id
1241                  and s.reservation_id IN
1242                      (SELECT DISTINCT(r2.id)
1243                      FROM ".Rsys :: getTable('reservation')." r2
1244                      LEFT JOIN ".Rsys :: getTable('item')." i2 ON i2.id=r2.item_id
1245                      LEFT JOIN ".Rsys :: getTable('item_rights')." ir ON ir.item_id=r2.item_id
1246                      LEFT JOIN ".Database :: get_main_table(TABLE_MAIN_CLASS)." c ON ir.class_id=c.id AND ir.item_id = r2.item_id
1247                      LEFT JOIN ".Database :: get_main_table(TABLE_MAIN_CLASS_USER)." cu ON cu.class_id = c.id
1248                      WHERE ((ir.m_reservation=1 AND cu.user_id='".api_get_user_id()."')
1249                      OR i2.creator='".api_get_user_id()."'
1250                      OR 1=". (api_is_platform_admin() ? 1 : 0)."))";
1251                if (isset ($_GET['keyword'])) {
1252                      $keyword = Database::escape_string($_GET['keyword']);
1253                      $sql .= " AND (i1.name LIKE '%".$keyword."%' or r1.start_at LIKE '%".$keyword."%' or r1.end_at LIKE '%".$keyword."%' or u.lastname LIKE '%".$keyword."%' or u.firstname LIKE '%".$keyword."%' or s.start_at LIKE '%".$keyword."%' or s.end_at LIKE '%".$keyword."%')";
1254              }
1255          return Database::result(Database::query($sql, __FILE__, __LINE__), 0, 0);
1256      }
1257  
1258  	function get_table_subcribed_reservations($from, $per_page, $column, $direction) {
1259  
1260          $from = intval($from);
1261          $per_page = intval($per_page);
1262          $column = intval($column);
1263          if(!in_array($direction, array('ASC','DESC'))) {
1264              $direction = 'ASC';
1265          }
1266  
1267          $sql = "SELECT  i1.name as col0,c.name as col1,
1268                  DATE_FORMAT(r1.start_at ,'%Y-%m-%d %H:%i') as col2,
1269                  DATE_FORMAT(r1.end_at ,'%Y-%m-%d %H:%i') as col3, ".(api_is_western_name_order() ? "CONCAT(u.firstname,' ',u.lastname)" : "CONCAT(u.lastname,' ',u.firstname)")." as col4,
1270                  DATE_FORMAT(s.start_at ,'%Y-%m-%d %H:%i')  as col5,
1271                  DATE_FORMAT(s.end_at ,'%Y-%m-%d %H:%i')    as col6, s.accepted as col7
1272                  FROM ".Rsys :: getTable('subscription')." s, ".Rsys :: getTable('reservation')." r1, ".Database :: get_main_table(TABLE_MAIN_USER)." u," .Rsys :: getTable('item')." i1,".Rsys :: getTable('category')." c
1273                  WHERE r1.id = s.reservation_id
1274                  and c.id = i1.category_id
1275                  and i1.id = r1.item_id
1276                  and u.user_id = s.user_id
1277                  and s.reservation_id IN
1278                      (SELECT DISTINCT(r2.id)
1279                      FROM ".Rsys :: getTable('reservation')." r2
1280                      LEFT JOIN ".Rsys :: getTable('item')." i2 ON i2.id=r2.item_id
1281                      LEFT JOIN ".Rsys :: getTable('item_rights')." ir ON ir.item_id=r2.item_id
1282                      LEFT JOIN ".Database :: get_main_table(TABLE_MAIN_CLASS)." c ON ir.class_id=c.id AND ir.item_id = r2.item_id
1283                      LEFT JOIN ".Database :: get_main_table(TABLE_MAIN_CLASS_USER)." cu ON cu.class_id = c.id
1284                      WHERE ((ir.m_reservation=1 AND cu.user_id='".api_get_user_id()."')
1285                      OR i2.creator='".api_get_user_id()."'
1286                      OR 1=". (api_is_platform_admin() ? 1 : 0)."))";
1287                if (isset ($_GET['keyword'])) {
1288                      $keyword = Database::escape_string($_GET['keyword']);
1289                      $sql .= " AND (i1.name LIKE '%".$keyword."%' or c.name LIKE '%".$keyword."%' or r1.start_at LIKE '%".$keyword."%' or r1.end_at LIKE '%".$keyword."%' or u.lastname LIKE '%".$keyword."%' or u.firstname LIKE '%".$keyword."%' or s.start_at LIKE '%".$keyword."%' or s.end_at LIKE '%".$keyword."%')";
1290              }
1291          $sql .= " ORDER BY col".$column." ".$direction." LIMIT ".$from.",".$per_page;
1292          /*$result = Database::query($sql, __FILE__, __LINE__);
1293          while ($array = Database::fetch_array($result, 'NUM'))
1294              $arr[] = $array;*/
1295          $result = Database::query($sql, __FILE__, __LINE__);
1296          while ($array = Database::fetch_array($result, 'NUM')) {
1297              $row = array();
1298              $row[] = $array[0];
1299              $row[] = $array[1];
1300              $row[] = $array[2];
1301              $row[] = $array[3];
1302              $row[] = $array[4];
1303              if ($array[5]=='0000-00-00 00:00') {
1304                  $row[] = $array[2];
1305              }
1306              else {
1307                  $row[] = $array[5];
1308              }
1309              if ($array[6]=='0000-00-00 00:00') {
1310                  $row[] = $array[3];
1311              }
1312              else {
1313                  $row[] = $array[6];
1314              }
1315  
1316              if ($array[7]=='1')
1317              {
1318                  $row[] = get_lang('Yes');
1319              }
1320              else {
1321                  $row[] = get_lang('No');
1322              }
1323              $arr[] = $row;
1324          }
1325          return $arr;
1326      }
1327  
1328  
1329  	function get_num_waiting_users() {
1330          $sql = "SELECT COUNT(DISTINCT dummy) FROM ".Rsys :: getTable('subscription');
1331          if (isset ($_GET['rid'])) {
1332              $sql .= " WHERE reservation_id = '".intval($_GET['rid'])."'";
1333          }
1334          return Database::result(Database::query($sql, __FILE__, __LINE__), 0, 0);
1335      }
1336  
1337  	function get_table_waiting_users($from, $per_page, $column, $direction) {
1338  
1339          $from = intval($from);
1340          $per_page = intval($per_page);
1341          $column = intval($column);
1342          if(!in_array($direction, array('ASC','DESC'))) {
1343              $direction = 'ASC';
1344          }
1345  
1346  
1347          /*$sql = "SELECT dummy AS col0, ".(api_is_western_name_order() ? "CONCAT(u.firstname,' ',u.lastname)" : "CONCAT(u.lastname,' ',u.firstname)")." AS col1, s.user_id AS col2, accepted AS col3
1348                                       FROM ".Rsys :: getTable('subscription')." s
1349                                       INNER JOIN ".Database :: get_main_table(TABLE_MAIN_USER)." u ON s.user_id = u.user_id ";
1350          if (!empty ($_GET['rid'])) {
1351              $sql .= " WHERE s.reservation_id = '".$_GET['rid']."'";
1352          }
1353          $sql .= " ORDER BY col".$column." ".$direction." LIMIT ".$from.",".$per_page;*/
1354          $sql = "SELECT dummy AS col0, ".(api_is_western_name_order() ? "CONCAT(u.firstname,' ',u.lastname)" : "CONCAT(u.lastname,' ',u.firstname)")." AS col1, s.user_id AS col2, accepted AS col3, r.start_at, r.end_at, s.start_at, s.end_at
1355              FROM ".Rsys :: getTable('subscription')." s,".Database :: get_main_table(TABLE_MAIN_USER)." u,".Database :: get_main_table(TABLE_MAIN_RESERVATION_RESERVATION)." r
1356              where u.user_id = s.user_id
1357              and s.reservation_id = r.id";
1358  
1359          if (!empty ($_GET['rid'])) {
1360              $sql .= " and r.id = '".Database::escape_string($_GET['rid'])."'";
1361          }
1362          $sql .= " ORDER BY col".$column." ".$direction." LIMIT ".$from.",".$per_page;
1363          $result = Database::query($sql, __FILE__, __LINE__);
1364          while ($array = Database::fetch_array($result, 'NUM')) {
1365              $arr[] = $array;
1366          }
1367          $count = 0;
1368          $x = count($arr);
1369          while ($count < $x) {
1370              $sql = "SELECT name
1371                      FROM ".Database :: get_main_table(TABLE_MAIN_CLASS)." cl
1372                      INNER JOIN ".Database :: get_main_table(TABLE_MAIN_CLASS_USER)." cu ON cu.class_id = cl.id
1373                      WHERE cu.user_id=".$arr[$count][2]." LIMIT 1";
1374              $result = Database::query($sql, __FILE__, __LINE__);
1375              while ($array = Database::fetch_array($result, 'NUM')) {
1376                  $arr2[] = $array;
1377              }
1378              $arr[$count][2] = $arr2[0][0];
1379              $count ++;
1380          }
1381          $count = -1;
1382          if (is_array($arr)) {
1383              foreach ($arr as $lijn) {
1384                  $count ++;
1385                  $controle = false;
1386                  $tabel[$count][0] = $lijn[0];
1387                  $tabel[$count][1] = $lijn[1];
1388                  if ($lijn[3] == 0) {
1389                      $tabel[$count][5] = '<img src="../img/wrong.gif" onclick="document.location.href=\'m_reservation.php?action=accept&rid='.$_GET['rid'].'&amp;dummy='.$lijn[0].'&switch=edit&set=1\'" />';
1390                  } else {
1391                      $tabel[$count][5] = '<img src="../img/right.gif" onclick="document.location.href=\'m_reservation.php?action=accept&rid='.$_GET['rid'].'&amp;dummy='.$lijn[0].'&switch=edit&set=0\'" />';
1392                  }
1393                  $tabel[$count][2] = $lijn[2];
1394                  if ($lijn[6] == '0000-00-00 00:00:00' && $lijn[7] == '0000-00-00 00:00:00')
1395                  {
1396                      $tabel[$count][3] = $lijn[4];
1397                      $tabel[$count][4] = $lijn[5];
1398                  }
1399                  else
1400                  {
1401                      $tabel[$count][3] = $lijn[6];
1402                      $tabel[$count][4] = $lijn[7];
1403                  }
1404                  $tabel[$count][6] = '<img src="../img/wrong.gif" onclick="document.location.href=\'m_reservation.php?action=accept&rid='.$_GET['rid'].'&amp;dummy='.$lijn[0].'&switch=delete\'" />';
1405              }
1406          }
1407          return $tabel;
1408      }
1409  
1410  	function set_accepted($id, $value) {
1411          global $subscription;
1412  
1413          $id = Database::escape_string($id);
1414          $value = Database::escape_string($value);
1415          $sql = "UPDATE ".Rsys :: getTable('subscription')." SET ACCEPTED='".$value."' WHERE dummy='".$id."'";
1416          Database::query($sql, __FILE__, __LINE__);
1417          $user_info = api_get_user_info($subscription[0]);
1418          $sql = "SELECT name FROM ".Rsys :: getTable('subscription')." s
1419                      INNER JOIN ".Rsys :: getTable('reservation')." r ON s.reservation_id = r.id
1420                      INNER JOIN ".Rsys :: getTable('item')." i ON r.item_id = i.id
1421                      WHERE dummy='".$id."'";
1422          $items = Database::query($sql, __FILE__, __LINE__);
1423          $item = Database::fetch_array($items);
1424          $item_name = $item[0];
1425  
1426          $sql = "SELECT start_at, end_at, timepicker
1427              from ".Rsys :: getTable('reservation')."
1428              where id in (    SELECT reservation_id
1429                          from ".Rsys :: getTable('subscription')."
1430                      where dummy ='".$id."')";
1431          $items = Database::query($sql, __FILE__, __LINE__);
1432          $item = Database::fetch_array($items);
1433          if ($item['timepicker'] == '1')
1434          {
1435              $sql = "SELECT start_at, end_at
1436                      from ".Rsys :: getTable('subscription')."
1437                  where dummy ='".$id."'";
1438              $items = Database::query($sql, __FILE__, __LINE__);
1439              $item = Database::fetch_array($items);
1440          }
1441          $begin_datum = $item['start_at'];
1442          $eind_datum = $item['end_at'];
1443  
1444          if ($value==1) {
1445              $titel = str_replace('#ITEM#', $item_name, get_lang('ReservationAccepted'));
1446              $inhoud = str_replace('#ITEM#', $item_name, get_lang('ReservationForItemAccepted'));
1447          } else {
1448              $titel = str_replace('#ITEM#', $item_name, get_lang('ReservationDenied'));
1449              $inhoud = str_replace('#ITEM#', $item_name, get_lang('ReservationForDenied'));
1450          }
1451  
1452          $inhoud = str_replace('#BEGIN', $begin_datum, $inhoud);
1453          $inhoud = str_replace('#END', $eind_datum, $inhoud);
1454          api_send_mail($user_info['mail'], $titel, $inhoud);
1455      }
1456  
1457      /*
1458       ============================================================================================
1459  
1460                                          RESERVATION
1461  
1462       ============================================================================================
1463      */
1464  
1465  	function check_date_subscription($reservation_id, $start_at, $end_at) {
1466          $reservation_id = Database::escape_string($reservation_id);
1467          $start_at = Database::escape_string($start_at);
1468          $end_at = Database::escape_string($end_at);
1469  
1470  
1471          $sql = "SELECT id, start_at, end_at FROM ".Rsys :: getTable('reservation')."
1472                  WHERE start_at > '".$start_at."' AND id='".$reservation_id."' ";
1473          $result = Database::query($sql, __FILE__, __LINE__);
1474          if (Database::num_rows($result) != 0){
1475              $result2 = Database::fetch_array($result);
1476              $GLOBALS['start_date'] = $result2[1];
1477              $GLOBALS['end_date'] = $result2[2];
1478              return 1;
1479          }
1480  
1481          $sql = "SELECT id, start_at, end_at FROM ".Rsys :: getTable('reservation')."
1482                  WHERE end_at < '".$end_at."' AND id='".$reservation_id."' ";
1483          $result = Database::query($sql, __FILE__, __LINE__);
1484          if (Database::num_rows($result) != 0){
1485              $result2 = Database::fetch_array($result);
1486              $GLOBALS['start_date'] = $result2[1];
1487              $GLOBALS['end_date'] = $result2[2];
1488              return 1;
1489          }
1490  
1491  
1492          $sql = "SELECT * FROM ".Rsys :: getTable('subscription')." WHERE reservation_id='".$reservation_id."' ORDER BY start_at";
1493          $result = Database::query($sql, __FILE__, __LINE__);
1494          while ($array = Database::fetch_array($result)) {
1495              $GLOBALS['start_date'] = $array[4];
1496              $GLOBALS['end_date'] = $array[5];
1497              if (Rsys :: mysql_datetime_to_timestamp($array[4]) < Rsys :: mysql_datetime_to_timestamp($start_at) && Rsys :: mysql_datetime_to_timestamp($array[5]) > Rsys :: mysql_datetime_to_timestamp($start_at)) {
1498                  return $array[0];
1499              }
1500              if (Rsys :: mysql_datetime_to_timestamp($array[4]) < Rsys :: mysql_datetime_to_timestamp($end_at) && Rsys :: mysql_datetime_to_timestamp($array[5]) > Rsys :: mysql_datetime_to_timestamp($end_at))
1501                  return $array[0];
1502          }
1503          $sql = "SELECT dummy, start_at ,end_at FROM ".Rsys :: getTable('subscription')."
1504                                          WHERE ((start_at > '".$start_at."' AND
1505                                                start_at < '".$end_at."') OR
1506                                                (end_at > '".$start_at."' AND
1507                                                end_at < '".$end_at."')OR
1508                                                (start_at <= '".$start_at."' AND
1509                                                end_at >= '".$end_at."')) AND reservation_id='".$reservation_id."' ";
1510          $result = Database::fetch_array(Database::query($sql, __FILE__, __LINE__));
1511          if (count($result) != 0){
1512              $GLOBALS['start_date'] = $result[1];
1513              $GLOBALS['end_date'] = $result[2];
1514              return $result[0];
1515          }
1516          return 0;
1517      }
1518  
1519  	function check_date_month_calendar($date, $itemid) {
1520          $itemid = Database::escape_string($itemid);
1521          $date = Database::escape_string($date);
1522  
1523          $sql = "SELECT id FROM ".Rsys :: getTable('reservation')."
1524                  WHERE ((DATE_FORMAT(start_at, '%Y-%m-%e') = '".$date."' OR DATE_FORMAT(end_at, '%Y-%m-%e') = '".$date."'
1525                  OR (start_at <= '".$date." 00:00:00' AND end_at >= '".$date." 00:00:00' ) OR (start_at>='".$date." 00:00:00' AND start_at<='".$date." 23:59:59')) AND (subscribers < max_users OR timepicker=1)) AND item_id= '".$itemid."'";
1526          /*
1527              WHERE item_id='".$itemid."'  AND
1528                          ((start_at<='".$date."' AND end_at>='".$date."') OR (start_at>='".$date."' AND start_at<='".$date."'))";
1529  
1530  
1531           */
1532          $result = Database::query($sql, __FILE__, __LINE__);
1533          if (Database::num_rows($result) != 0)
1534              return true;
1535          return false;
1536      }
1537  
1538      /**
1539       *  With this you make a reservartion
1540       *
1541       * @param -        int        $reservation_id        The id off the reservation
1542       */
1543  	function add_subscription($reservation_id, $user_id, $accepted, $item_id) {
1544          $reservation_id = Database::escape_string($reservation_id);
1545          $user_id = Database::escape_string($user_id);
1546          $accepted = Database::escape_string($accepted);
1547  
1548          $sql = "SELECT user_id FROM ".Rsys :: getTable("subscription")." WHERE user_id='".$user_id."' AND reservation_id='".$reservation_id."'";
1549          if (Database::num_rows(Database::query($sql, __FILE__, __LINE__)) == 0) {
1550              $sql = "INSERT INTO ".Rsys :: getTable("subscription")." (user_id,reservation_id,accepted) VALUES ('".Database::escape_string($user_id)."','".Database::escape_string($reservation_id)."','". ($accepted ? '1' : '0')."')";
1551              Database::query($sql, __FILE__, __LINE__);
1552              $sql = "UPDATE ".Rsys :: getTable("reservation")." SET subscribers=subscribers+1 WHERE id='".$reservation_id."'";
1553              Database::query($sql, __FILE__, __LINE__);
1554              $sql = "SELECT s.user_id, i.name, r.start_at, r.end_at
1555                      FROM ".Rsys :: getTable("subscription")." s
1556                      INNER JOIN ".Rsys :: getTable("reservation")." r ON s.reservation_id = r.id
1557                      INNER JOIN ".Rsys :: getTable("item")." i ON r.item_id = i.id
1558                      WHERE reservation_id='".$reservation_id."' AND user_id='".$user_id."'";
1559              $result = Database::store_result(Database::query($sql, __FILE__, __LINE__));
1560              $user_info = api_get_user_info();
1561              $titel = str_replace('#ITEM#', $result[0][1], get_lang("ReservationMadeTitle"));
1562              $inhoud = str_replace('#ITEM#', $result[0][1], str_replace('#START#', $result[0][2], str_replace('#END#', $result[0][3], get_lang("ReservationMadeMessage"))));
1563              api_send_mail($user_info['mail'], $titel, $inhoud);
1564              return 0;
1565          }
1566          return 1;
1567      }
1568  
1569      /**
1570       *  With this you make a reservartion
1571       *
1572       * @param -        int        $reservation_id        The id off the reservation
1573       */
1574  	function add_subscription_timepicker($reservation_id, $user_id, $start_date, $end_date, $accepted, $min, $max, $item=0) {
1575  
1576          $start_date = Database::escape_string($start_date);
1577          $end_date = Database::escape_string($end_date);
1578          if ($item==0)
1579          {        
1580          if (Rsys :: check_date_subscription($reservation_id, $start_date, $end_date) <> 0)
1581              {
1582              return 1;
1583              }
1584          if (!($min==0 && $max ==0)){
1585              if ((Rsys :: mysql_datetime_to_timestamp($end_date)-Rsys :: mysql_datetime_to_timestamp($start_date)) < ($min*60))
1586                  {
1587                  return 2;
1588                  }
1589              if ((Rsys :: mysql_datetime_to_timestamp($end_date)-Rsys :: mysql_datetime_to_timestamp($start_date)) > ($max*60))
1590                  {
1591                  return 3;
1592          }
1593          }
1594          }
1595          else 
1596          {
1597              $accepted = 1;            
1598          }
1599          
1600          //echo $start_date.' tot '.$end_date.'<hr />';
1601          // check if we have a reservation period that exceeds the 
1602          if (date('d',Rsys :: mysql_datetime_to_timestamp($start_date)) <> date('d',Rsys :: mysql_datetime_to_timestamp($end_date)) OR date('m',$start_date) <> date('m',$end_date) OR date('Y',$start_date) <> date('Y',$end_date))
1603          {
1604              $count = 0;
1605              $temp_end_date_datetime = substr($start_date,0,10).' 23:59:59';
1606              while (Rsys :: mysql_datetime_to_timestamp($temp_end_date_datetime) < Rsys :: mysql_datetime_to_timestamp($end_date) OR $count>10)
1607              {
1608                  //echo 'van: '.$start_date.' tot: '.$temp_end_date_datetime.'<br />';
1609                  $sql = "INSERT INTO ".Rsys :: getTable("subscription")." (user_id,reservation_id,accepted,start_at,end_at,item_id) VALUES ('".Database::escape_string($user_id)."','".Database::escape_string($reservation_id)."','". ($accepted ? '1' : '0')."','".$start_date."','".$temp_end_date_datetime."','".Database::escape_string($item)."')";
1610                  //echo $sql.'<br />';    
1611                  api_sql_query($sql, __FILE__, __LINE__);                    
1612                  $temp_end_date_datetime = Rsys :: timestamp_to_datetime(Rsys :: mysql_datetime_to_timestamp($temp_end_date_datetime) + (24*60*60));
1613                  $start_date = Rsys :: timestamp_to_datetime(Rsys :: mysql_datetime_to_timestamp(substr($start_date,0,10).' 00:00:00') + (24*60*60));
1614                  $count++;
1615              }
1616              
1617              // and finally we add the last remaining bit of the day
1618              //echo 'van: '.$start_date.' tot: '.$end_date.'<br />';
1619              $sql = "INSERT INTO ".Rsys :: getTable("subscription")." (user_id,reservation_id,accepted,start_at,end_at,item_id) VALUES ('".Database::escape_string($user_id)."','".Database::escape_string($reservation_id)."','". ($accepted ? '1' : '0')."','".$start_date."','".$end_date."','".Database::escape_string($item)."')";
1620              //echo $sql.'<br />';    
1621              api_sql_query($sql, __FILE__, __LINE__);        
1622          }
1623          else 
1624          {
1625              $sql = "INSERT INTO ".Rsys :: getTable("subscription")." (user_id,reservation_id,accepted,start_at,end_at,item_id) VALUES ('".Database::escape_string($user_id)."','".Database::escape_string($reservation_id)."','". ($accepted ? '1' : '0')."','".$start_date."','".$end_date."','".Database::escape_string($item)."')";
1626              //echo $sql;
1627          api_sql_query($sql, __FILE__, __LINE__);
1628          }        
1629          return 0;
1630      }
1631  
1632      /**
1633       *  Delete subscription
1634       */
1635  	function delete_subscription($reservation_id, $dummy) {
1636          $sql = "DELETE FROM ".Rsys :: getTable("subscription")." WHERE dummy='".Database::escape_string($dummy)."'";
1637          Database::query($sql, __FILE__, __LINE__);
1638          
1639          if (is_numeric($reservation_id))
1640          {        
1641          $sql = "UPDATE ".Rsys :: getTable("reservation")." SET subscribers=subscribers-1 WHERE id='".Database::escape_string($reservation_id)."'";
1642          Database::query($sql, __FILE__, __LINE__);
1643      }
1644      }
1645  
1646      /**
1647       *  Returns the subscriptions of the user for a sortable table based on the params
1648       *
1649       *  @param  -   int     $from       Index of the first item to return.
1650       *  @param  -   int     $per_page   The number of items to return
1651       *  @param  -   int     $column     The number of the column on which the data should be sorted
1652       *  @param  -   String  $direction  In which order should the data be sorted (ASC or DESC)
1653       *  @return -   Array               The returned rows
1654       */
1655  	function get_table_subscriptions($from, $per_page, $column, $direction) {
1656  
1657          $from = intval($from);
1658          $per_page = intval($per_page);
1659          $column = intval($column);
1660          if(!in_array($direction, array('ASC','DESC'))) {
1661              $direction = 'ASC';
1662          }
1663  
1664          $sql = "SELECT CONCAT(s.reservation_id,'-',s.dummy) AS col0, i.name AS col1, DATE_FORMAT(s.start_at ,'%Y-%m-%d %H:%i')  AS col2, DATE_FORMAT(s.end_at ,'%Y-%m-%d %H:%i') AS col3, CONCAT(s.reservation_id,'-',s.dummy) AS col4, DATE_FORMAT(r.start_at ,'%Y-%m-%d %H:%i') , DATE_FORMAT(r.end_at ,'%Y-%m-%d %H:%i') , s.accepted,i.blackout
1665                  FROM ".Rsys :: getTable("subscription")." s
1666                  INNER JOIN ".Rsys :: getTable("reservation")." r ON r.id = s.reservation_id
1667                  INNER JOIN ".Rsys :: getTable("item")." i ON i.id=r.item_id
1668                  WHERE s.user_id = '".api_get_user_id()."'";
1669          $sql .= "ORDER BY col".$column." ".$direction." LIMIT ".$from.",".$per_page;
1670          $result = Database::query($sql, __FILE__, __LINE__);
1671          while ($array = Database::fetch_array($result, 'NUM'))
1672          {    $row = array();
1673              $row[] = $array[0];
1674              $row[] = $array[1];
1675  
1676              if($array[2]=='0000-00-00 00:00' && $array[3]=='0000-00-00 00:00')
1677              {
1678                  $row[] = $array[5];
1679                  $row[] = $array[6];
1680              }
1681              else
1682              {
1683                  $row[] = $array[2];
1684                  $row[] = $array[3];
1685              }
1686              if ($array[8]=='1')
1687              {
1688                  $row[] = get_lang('Blackout');
1689              }
1690              else
1691              {
1692                  if ($array[7]=='1')
1693                  {
1694                      $row[] = get_lang('Yes');
1695                  }else
1696                  {
1697                      $row[] = get_lang('No');
1698                  }
1699              }
1700              $row[] = $array[4];
1701              $arr[] = $row;
1702          }
1703          return $arr;
1704  
1705      }
1706  
1707      /**
1708       *  Get number of subscriptions of the user
1709       *
1710       *  @return -   int     The amount of itemrights
1711       */
1712  	function get_num_subscriptions() {
1713          $sql = "SELECT COUNT(*) FROM ".Rsys :: getTable("subscription")." s
1714                          INNER JOIN ".Rsys :: getTable("reservation")." r ON r.id = s.reservation_id
1715                          INNER JOIN ".Rsys :: getTable("item")." i ON i.id=r.item_id
1716                          WHERE s.user_id = '".api_get_user_id()."'";
1717          return @ Database::result(Database::query($sql, __FILE__, __LINE__), 0, 0);
1718      }
1719  
1720      /**
1721       *  Returns $reservation_id=>"START_AT - END_AT"
1722       */
1723      /*function get_item_reservations($item_id){
1724          $sql="SELECT r.id AS reservation_id, r.start_at, r.end_at
1725                  FROM ".Rsys::getTable('reservation')." r
1726                  INNER JOIN ".Rsys::getTable('item')." i ON r.item_id=i.id
1727                  WHERE i.id='".$item_id."'"; //  AND r.subscribe_until < NOW() // TODO: subscribe_until controle
1728          $result=Database::query($sql, __FILE__, __LINE__);
1729          while($array=mysql_fetch_array($result))
1730              $arr[$array['reservation_id']]=$array['start_at'].' - '.$array['end_at'];
1731          return $arr;
1732      }*/
1733  
1734      /**
1735       *  Returns ALL reservations of a certain item with start_date between $from and $till
1736       *
1737       *  @param  -   String  $from   DateTime
1738       *  @param  -   String  $till   DateTime
1739       *  @param  -   int     $itemid The itemId
1740       *  @return -   Array   ['reservations'][RESERVATION_ID]=all info + array with all corresponding subscriptions
1741       *                      ['min_start_at']    = the minimal start_at in all reservations (usefull to build table)
1742       *                      ['max_end_at']      = the maximal end_at in all reservations   (usefull to build table)
1743       */
1744  	function get_item_reservations($from, $till, $itemid) {
1745          $itemid = Database::escape_string($itemid);
1746          $till = Database::escape_string($till);
1747          $from = Database::escape_string($from);
1748  
1749  
1750  
1751          $sql = "SELECT r.*,i.name as item_name FROM ".Rsys :: getTable('reservation')." r
1752                                          INNER JOIN ".Rsys :: getTable('item')." i ON r.item_id=i.id
1753                                          LEFT JOIN ".Rsys :: getTable('item_rights')." ir ON ir.item_id=i.id
1754                                          LEFT JOIN ".Database :: get_main_table(TABLE_MAIN_CLASS)." c ON ir.class_id=c.id AND ir.item_id = i.id
1755                                          LEFT JOIN ".Database :: get_main_table(TABLE_MAIN_CLASS_USER)." cu ON cu.class_id = c.id
1756                                          WHERE r.item_id='".$itemid."' AND (((cu.user_id='".api_get_user_id()."' AND ir.view_right=1) OR 1=". (api_is_platform_admin() ? 1 : 0).") AND
1757                                          (r.start_at<='".$from."' AND r.end_at>='".$from."') OR (r.start_at>='".$from."' AND r.start_at<='".$till."')) ORDER BY start_at ASC";
1758          $result = Database::query($sql, __FILE__, __LINE__);
1759          $max_start_at = -1;
1760          $min_end_at = -1;
1761          $ids = '';
1762          $from_stamp = Rsys :: mysql_datetime_to_timestamp($from);
1763          $till_stamp = Rsys :: mysql_datetime_to_timestamp($till);
1764          if (mysql_num_rows($result) == 0)
1765              return false;
1766          while ($array = mysql_fetch_array($result)) {
1767              $ids .= $array['id'].',';
1768              $current_start_at = Rsys :: mysql_datetime_to_timestamp($array['start_at']);
1769              $current_end_at = Rsys :: mysql_datetime_to_timestamp($array['end_at']);
1770              if ($from_stamp > $current_start_at)
1771                  $array['start_at'] = $from;
1772              $rarr['reservations'][$array['id']]['info'] = $array;
1773              /*
1774              if ($max_start_at == -1 || $current_start_at < $rarr['min_start_at'])
1775                  $rarr['min_start_at'] = $current_start_at;
1776              if ($current_end_at > $rarr['max_end_at'])
1777                  $rarr['max_end_at'] = $current_end_at;*/
1778          }
1779          $ids = substr($ids, 0, -1);
1780          $sql = "SELECT * FROM ".Rsys :: getTable('subscription')." WHERE reservation_id IN (".$ids.") AND (start_at='0000-00-00 00:00:00' OR (start_at<='".$from."' AND end_at>='".$from."') OR (start_at>='".$from."' AND start_at<='".$till."')) ORDER BY start_at ASC";
1781          $result = Database::query($sql, __FILE__, __LINE__);
1782          while ($array = mysql_fetch_array($result, MYSQL_ASSOC)) {
1783              // echo $array['reservation_id'].': '.$array['start_at'].'-'.$array['end_at'].'<br />';
1784              if ($rarr['reservations'][$array['reservation_id']]['info']['timepicker']) {
1785                  $current_start_at = Rsys :: mysql_datetime_to_timestamp($array['start_at']);
1786                  $current_end_at = Rsys :: mysql_datetime_to_timestamp($array['end_at']);
1787                  if ($current_start_at < $from_stamp) //&& $current_end_at>=$from_stamp) || ($current_start_at>=$from_stamp && $current_start_at<=$till_stamp)))
1788                      $array['start_at'] = $from;
1789                  if ($current_end_at > $till_stamp)
1790                      $array['end_at'] = $till;
1791              }
1792              $rarr['reservations'][$array['reservation_id']]['subscriptions'][] = $array;
1793          }
1794          return $rarr;
1795      }
1796  
1797  	function get_item_always_available_subscriptions($from, $till, $itemid) {
1798          $sql = "SELECT * FROM ".Rsys :: getTable('subscription')." WHERE item_id = '".Database::escape_string($itemid)."' AND (start_at='0000-00-00 00:00:00' OR (start_at<='".$from."' AND end_at>='".$from."') OR (start_at>='".$from."' AND start_at<='".$till."')) ORDER BY start_at ASC";
1799          $result = api_sql_query($sql, __FILE__, __LINE__);
1800          while ($array = mysql_fetch_array($result, MYSQL_ASSOC)) {
1801              // echo $array['reservation_id'].': '.$array['start_at'].'-'.$array['end_at'].'<br />';
1802              /*
1803              if ($rarr['reservations'][$array['reservation_id']]['info']['timepicker']) {
1804                  $current_start_at = Rsys :: mysql_datetime_to_timestamp($array['start_at']);
1805                  $current_end_at = Rsys :: mysql_datetime_to_timestamp($array['end_at']);
1806                  if ($current_start_at < $from_stamp) //&& $current_end_at>=$from_stamp) || ($current_start_at>=$from_stamp && $current_start_at<=$till_stamp)))
1807                      $array['start_at'] = $from;
1808                  if ($current_end_at > $till_stamp)
1809                      $array['end_at'] = $till;
1810              }*/
1811              $rarr[(int)substr($array['start_at'],8,2)][] = $array;
1812          }
1813          return $rarr;
1814      }    
1815  
1816      /**
1817       *  Returns $reservation_id=>"START_AT - END_AT"
1818       */
1819  	function get_item_subfiltered_reservations($item_id) {
1820          $sql = "SELECT r.id AS reservation_id, r.start_at, r.end_at
1821                                          FROM ".Rsys :: getTable('reservation')." r
1822                                          INNER JOIN ".Rsys :: getTable('item')." i ON r.item_id=i.id
1823                                          WHERE r.id NOT IN (SELECT s.reservation_id FROM ".Rsys :: getTable('subscription')." s WHERE r.id=s.reservation_id AND s.user_id='".api_get_user_id()."') AND i.id='".$item_id."'"; //  AND r.subscribe_until < NOW() // TODO: subscribe_until controle
1824          $result = Database::query($sql, __FILE__, __LINE__);
1825          while ($array = mysql_fetch_array($result))
1826              $arr[$array['reservation_id']] = $array['start_at'].' - '.$array['end_at'];
1827          return $arr;
1828      }
1829  
1830      /**
1831       *  Returns ALL subscriptions between $from and $till
1832       *
1833       *  @param  -   String  $from   DateTime
1834       *  @param  -   String  $till   DateTime
1835       */
1836  	function get_subscriptions($from, $till) {
1837          // TODO: only return for current user...
1838          $sql = "SELECT r.*,s.start_at AS tp_start,s.end_at AS tp_end,s.accepted FROM ".Rsys :: getTable('subscription')." s INNER JOIN ".Rsys :: getTable('reservation')." r ON s.reservation_id = r.id WHERE ((r.timepicker=0 AND r.start_at>='".$from."' AND r.end_at<='".$till."') OR (s.start_at>='".$from."' AND s.end_at<='".$till."'))";
1839          $result = Database::query($sql, __FILE__, __LINE__);
1840          while ($array = mysql_fetch_array($result)) {
1841              $arr[] = $array;
1842              if ($arr['timepicker'] == 1) {
1843                  $arr['start_at'] = $arr['tp_start'];
1844                  $arr['end_at'] = $arr['tp_end'];
1845              }
1846          }
1847          return $arr;
1848      }
1849  	function get_item_id($item_name)
1850      {
1851          $sql = "SELECT id FROM ".Rsys :: getTable('item')." WHERE name='".$item_name."'";
1852          $result = Database::query($sql, __FILE__, __LINE__);
1853          $result_array = mysql_fetch_array($result);
1854          return $result_array['id'];
1855      }
1856      
1857  	function menu()
1858      {
1859          switch($_SERVER['SCRIPT_FILENAME'])
1860          {
1861              case api_get_path(SYS_CODE_PATH).'reservation/mysubscriptions.php':
1862                  $subscription_active = ' class="active" ';
1863                  break;
1864              case api_get_path(SYS_CODE_PATH).'reservation/reservation.php':
1865                  $reservation_active = ' class="active" ';
1866                  break;
1867              case api_get_path(SYS_CODE_PATH).'reservation/m_item.php':
1868                  $item_active = ' class="active" ';
1869                  break;
1870              case api_get_path(SYS_CODE_PATH).'reservation/m_reservation.php':
1871                  $period_active = ' class="active" ';
1872                  break;
1873              case api_get_path(SYS_CODE_PATH).'reservation/subscribe.php':
1874                  $reservation_active = ' class="active" ';
1875                  break;                
1876          }
1877          
1878          echo '<div id="tabbed_menu">';
1879          echo '    <ul id="tabbed_menu_tabs">';
1880          echo '        <li><a href="mysubscriptions.php"'.$subscription_active.'>'.get_lang('MyRes').'</a></li>';
1881          echo '        <li><a href="reservation.php"'.$reservation_active.'>'.get_lang('ResMan').'</a></li>';
1882          require_once ('rsys.php');
1883          if(api_is_platform_admin() || Rsys :: check_user_status() == 1)
1884          { // Only for admins & teachers...
1885              echo '        <li><a href="m_item.php"'.$item_active.'>'.get_lang('ItemsMan').'</a></li>';
1886              echo '        <li><a href="m_reservation.php"'.$period_active.'>'.get_lang('ResPeriodMan').'</a></li>';    
1887          }
1888          echo '    </ul></div>';        
1889      }
1890  
1891  }
1892  
1893  /*
1894  $img=imagecreate(1,1);
1895  $color=imagecolorallocate($img, 220, 90, 0);
1896  imagefill($img,0,0,$color);
1897  imagejpeg($img,'../img/px_orange.gif',100);
1898  
1899  $img=imagecreate(1,1);
1900  $color=imagecolorallocate($img, 0, 0, 0);
1901  imagefill($img,0,0,$color);
1902  imagejpeg($img,'../img/px_black.gif',100);
1903  */
1904  ?>

title

Description

title

Description

title

Description

title

title

Body