Revision: 2243
http://mrbs.svn.sourceforge.net/mrbs/?rev=2243&view=rev
Author: cimorrison
Date: 2012-01-11 18:15:20 +0000 (Wed, 11 Jan 2012)
Log Message:
-----------
Changed the way max_book_ahead works so that it tests the end time of a
proposed booking rather than the start time. This is to prevent users abusing
the system by using a very long duration to book the slot they want.
Modified Paths:
--------------
mrbs/trunk/web/lang.en
mrbs/trunk/web/mrbs_sql.inc
Modified: mrbs/trunk/web/lang.en
===================================================================
--- mrbs/trunk/web/lang.en 2012-01-11 17:49:16 UTC (rev 2242)
+++ mrbs/trunk/web/lang.en 2012-01-11 18:15:20 UTC (rev 2243)
@@ -177,7 +177,7 @@
$vocab["reason"] = "Reason";
$vocab["info_requested"] = "Information requested";
$vocab["min_time_before"] = "The minimum interval between now and the
start of a booking is";
-$vocab["max_time_before"] = "The maximum interval between now and the
start of a booking is";
+$vocab["max_time_before"] = "The maximum interval between now and the
end of a booking is";
$vocab["max_booking_duration"] = "The maximum duration of a booking is";
$vocab["skip_and_book"] = "Skip and book";
$vocab["skip_and_book_note"] = "Carry on with the booking, skipping past
the conflicting entries";
Modified: mrbs/trunk/web/mrbs_sql.inc
===================================================================
--- mrbs/trunk/web/mrbs_sql.inc 2012-01-11 17:49:16 UTC (rev 2242)
+++ mrbs/trunk/web/mrbs_sql.inc 2012-01-11 18:15:20 UTC (rev 2243)
@@ -139,6 +139,10 @@
// Check max_book_ahead (but not if we're deleting a booking because
// nobody's going to mind if a booking beyond the max_book_ahead date is
deleted)
+ //
+ // For the max_book_ahead case we check the endtime of the booking rather
than the starttime.
+ // This prevents somebody booking the slot they want by nbooking a starttime
within the period
+ // and then using a very long duration.
if ($max_book_ahead_enabled && !$delete)
{
if ($enable_periods)
@@ -146,7 +150,7 @@
$max_book_ahead_secs -= $max_book_ahead_secs%$secs_in_day;
}
$max_book_ahead = $max_book_ahead_secs;
- if (($starttime - $now) > $max_book_ahead)
+ if (($starttime + $duration - $now) > $max_book_ahead)
{
toTimeString($max_book_ahead, $units);
$errors[] = get_vocab("max_time_before") . " $max_book_ahead $units";
This was sent by the SourceForge.net collaborative development platform, the
world's largest Open Source development site.
------------------------------------------------------------------------------
Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don't need a complex
infrastructure or vast IT resources to deliver seamless, secure access to
virtual desktops. With this all-in-one solution, easily deploy virtual
desktops for less than the cost of PCs and save 60% on VDI infrastructure
costs. Try it free! http://p.sf.net/sfu/Citrix-VDIinabox
_______________________________________________
Mrbs-commits mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/mrbs-commits
