1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
|
<?php
include 'database.php';
function book() {
$resource_id = $_POST['resource_id'];
$resource_name = $_POST['resource_name'];
$user_id = $_POST['user_id'];
$start = $_POST['start'];
$end = $_POST['end'];
$purpose = $_POST['purpose'];
$query = "select role.name as rolename from user, role, user_role where user.user_id = ".$user_id." and role.role_id=user_role.role_id and user_role.user_id=user.user_id;";
$result = mysql_query($query);
if(mysql_num_rows($result) == 0) {
echo "1"; //return a code instead of a meesage. Display the message later in javascript according to the returned code.
//echo "Booking not possible (your account is not associated with a role). Please contact the administrator.";
exit;
}
$is_only_lab_owner = true;
while ($row = mysql_fetch_array($result)) {
$rolename = $row['rolename'];
if ($rolename != "lab_owner") $is_only_lab_owner = false;
}
if ($is_only_lab_owner) {
$query = "select * from user u inner join user_resource r on r.user_id=u.user_id and u.user_id=".$user_id." and r.resource_id=".$resource_id.";";
$result = mysql_query($query);
if(mysql_num_rows($result) == 0) {
echo "2";
//echo "You are not allowed to book this resource. ";
exit;
}
}
$query = "INSERT INTO booking (resource_id, user_id, starttime, endtime, purpose) VALUES (".$resource_id.",".$user_id.",'".$start."','".$end."', '".$purpose."');";
$result = mysql_query($query);
if(mysql_insert_id()>0){
echo "Booking successful. The resource '".$resource_name."' is booked from ".$start." to ".$end.".";
}
else{
echo "Mysql Error : ".mysql_error().". Query = ".$query;
}
}
function getBookedDates() {
$resource_id = $_POST['resource_id'];
$query = "SELECT b.booking_id, b.resource_id,u.name as username,u.email,b.starttime,b.endtime,b.creation,b.purpose FROM booking as b,user as u WHERE b.resource_id=".$resource_id." AND b.user_id=u.user_id;";
$result = mysql_query($query);
$events = array();
while ($row = mysql_fetch_array($result)) {
$e = array();
$e['id'] = $row['booking_id'];
$e['booker_name'] = $row['username'];
$e['booker_email'] = $row['email'];
$e['title'] = $row['purpose'];
$e['start'] = $row['starttime'];
$e['end'] = $row['endtime'];
$e['bookdate'] = $row['creation'];
// Merge the event array into the return array
array_push($events, $e);
}
echo json_encode($events);
}
$action = $_POST['action'];
connectDB();
if ($action == "book") {
book();
} elseif ($action == "getBookedDates" ) {
getBookedDates();
} else {
echo "Invalid POST action.";
}
closeDB();
?>
|
