adm_program/modules/rooms/rooms_function.php from Admidio/admidio

adm_program/modules/rooms/rooms_function.php
Summary

Maintainability

0 mins
Test Coverage

Issues
<?php
/**
 ***********************************************************************************************
 * Various functions for rooms handling
 *
 * @copyright The Admidio Team
 * @see https://www.admidio.org/
 * @license https://www.gnu.org/licenses/gpl-2.0.html GNU General Public License v2.0 only
 *
 * Parameters:
 *
 * room_uuid : UUID of room, that should be shown
 * mode      : edit - create or edit room
 *             delete - delete room
 ***********************************************************************************************
 */
use Admidio\Exception;

try {
    require_once(__DIR__ . '/../../system/common.php');

    // Initialize and check the parameters
    $getRoomUuid = admFuncVariableIsValid($_GET, 'room_uuid', 'uuid');
    $getMode = admFuncVariableIsValid($_GET, 'mode', 'string', array('requireValue' => true, 'validValues' => array('edit', 'delete')));

    // only authorized users are allowed to edit the rooms
    if (!$gCurrentUser->isAdministrator()) {
        throw new Exception('SYS_NO_RIGHTS');
    }

    $room = new TableRooms($gDb);

    if ($getRoomUuid !== '') {
        $room->readDataByUuid($getRoomUuid);
    }

    if ($getMode === 'edit') {
        // check form field input and sanitized it from malicious content
        $roomsEditForm = $gCurrentSession->getFormObject($_POST['admidio-csrf-token']);
        $formValues = $roomsEditForm->validate($_POST);

        // write form values into the room object
        foreach ($formValues as $key => $value) {
            if (str_starts_with($key, 'room_')) {
                $room->setValue($key, $value);
            }
        }

        $room->save();

        $gNavigation->deleteLastUrl();
        echo json_encode(array('status' => 'success', 'url' => $gNavigation->getUrl()));
        exit();
    } // delete the room
    elseif ($getMode === 'delete') {
        // check the CSRF token of the form against the session token
        SecurityUtils::validateCsrfToken($_POST['admidio-csrf-token']);

        $sql = 'SELECT 1
              FROM ' . TBL_EVENTS . '
             WHERE dat_room_id = ? -- $room->getValue(\'room_id\') ';
        $statement = $gDb->queryPrepared($sql, array($room->getValue('room_id')));

        if ($statement->rowCount() === 0) {
            $room->delete();
        } else {
            throw new Exception('SYS_ROOM_COULD_NOT_BE_DELETED');
        }
        echo json_encode(array('status' => 'success'));
        exit();
    }
} catch (Exception $e) {
    echo json_encode(array('status' => 'error', 'message' => $e->getMessage()));
}