function addItem($bookingid, $itemtype)
{
global $today, $db_prefix, $link;
$itemfilter = ' 1 = 0';
if (strtolower($itemtype) == "meal") {
$itemfilter = ' itMeal = 1';
}
if (strtolower($itemtype) == "bunk") {
$itemfilter = ' itBunk = 1';
}
$sql = "Select bkBookAs, bkEventID from {$db_prefix}bookings where bkID = " . $bookingid;
$result = ba_db_query($link, $sql);
$bookas = ba_db_fetch_assoc($result);
$eventid = $bookas['bkEventID'];
$bookas = $bookas['bkBookAs'];
//Run another query here to add an item of meal ticket
$sql = "select itItemID from {$db_prefix}items where {$itemfilter} and itEventID = {$eventid} and itAvailability in ('All','{$bookas}') ";
$sql .= "and itAvailableFrom <= '" . $today . "' and itAvailableTo >= '" . $today . "'";
$sql .= " order by itAvailability desc limit 1";
$result = ba_db_query($link, $sql);
if (ba_db_num_rows($result) > 0) {
$itemid = ba_db_fetch_assoc($result);
$sql = "insert into {$db_prefix}bookingitems (biBookingID, biItemID, biQuantity) VALUES ({$bookingid}, " . $itemid['itItemID'] . ", 1)";
$result = ba_db_query($link, $sql);
}
}
<h1><?php
echo TITLE;
?>
</h1>
<h2>Book for event - <?php
echo htmlentities(stripslashes($eventinfo['evEventName']));
?>
</h2>
<?php
//Check if player has entered IC data
$sql = "SELECT chName FROM {$db_prefix}characters WHERE chPlayerID = {$PLAYER_ID}";
$result = ba_db_query($link, $sql);
$iIC = ba_db_num_rows($result);
if ($iIC == 0) {
echo "<p>Note that you cannot book as a player unless you enter your IC details</p>\n";
} else {
//Check skills cost is valid, expand in future to include a better check
$sql = "select sum(skCost) as pointsspent from {$db_prefix}skillstaken inner join {$db_prefix}skills on stSkillID = skID where stPlayerID = {$PLAYER_ID}";
$result = ba_db_query($link, $sql);
$pointsspent = ba_db_fetch_assoc($result);
if ($pointsspent['pointsspent'] > MAX_CHAR_PTS) {
echo "<p>You must select fewer skills before you can book as a player</p>\n";
$iIC = 0;
}
}
if (GetBookingTypeAvailability($eventinfo['evEventID'], "All", $eventinfo['evTotalSpaces']) == 1) {
$playerspaces = GetBookingTypeAvailability($eventinfo['evEventID'], "Player", $eventinfo['evPlayerSpaces']);
$monsterspaces = GetBookingTypeAvailability($eventinfo['evEventID'], "Monster", $eventinfo['evMonsterSpaces']);
$sql = "SELECT evEventID, evEventName, evEventDate FROM {$db_prefix}events WHERE evBookingsClose < '" . $today . "' ORDER BY evEventDate DESC";
$result = ba_db_query($link, $sql);
echo "<h4>Events where booking has closed</h4>";
if (ba_db_num_rows($result) == 0) {
echo "<p>There are no events closed to bookings</p>";
} else {
echo "<table>";
while ($row = ba_db_fetch_assoc($result)) {
echo "<tr><td><a href='admin_manageevent.php?EventID=" . $row['evEventID'] . "'>" . htmlentities(stripslashes($row['evEventName'])) . "</a></td><td>" . $row['evEventDate'] . "</td></tr>";
}
echo "</table>";
}
$sql = "SELECT evEventID, evEventName, evEventDate FROM {$db_prefix}events WHERE evBookingsOpen > '" . $today . "' ORDER BY evEventDate DESC";
$result = ba_db_query($link, $sql);
echo "<h4>Events where booking has not yet opened</h4>";
if (ba_db_num_rows($result) == 0) {
echo "<p>There are no events where booking has not yet opened</p>";
} else {
echo "<table>";
while ($row = ba_db_fetch_assoc($result)) {
echo "<tr><td><a href='admin_manageevent.php?EventID=" . $row['evEventID'] . "'>" . htmlentities(stripslashes($row['evEventName'])) . "</a></td><td>" . $row['evEventDate'] . "</td></tr>";
}
echo "</table>";
}
?>
<h3>Player Admin</h3>
<p>
The reports below are based on <i>all</i> the data in the database, not just those people that have booked for the upcoming event.
</p>
$sql = "SELECT plPlayerID, " . "bkBookAs, " . "bkDatePaymentConfirmed " . "FROM {$db_prefix}players, {$db_prefix}bookings " . "WHERE bkBookAs LIKE 'Monster' AND plPlayerID = bkPlayerID AND bkDatePaymentConfirmed <> '' AND bkDatePaymentConfirmed <> '0000-00-00' and bkEventID = {$eventid}";
$result = ba_db_query($link, $sql);
$iMonsters = ba_db_num_rows($result);
} else {
$iMonsters = 0;
}
$sql = "SELECT plPlayerID, " . "bkBookAs, " . "bkDatePaymentConfirmed " . "FROM {$db_prefix}players, {$db_prefix}bookings " . "WHERE bkBookAs LIKE 'Player' AND plPlayerID = bkPlayerID AND bkDatePaymentConfirmed <> '' AND bkDatePaymentConfirmed <> '0000-00-00' and bkEventID = {$eventid}";
$result = ba_db_query($link, $sql);
$iPlayers = ba_db_num_rows($result);
$sql = "SELECT plPlayerID, " . "bkBookAs, " . "bkDatePaymentConfirmed " . "FROM {$db_prefix}players, {$db_prefix}bookings " . "WHERE bkBookAs LIKE 'Staff' AND plPlayerID = bkPlayerID AND bkDatePaymentConfirmed <> '' AND bkDatePaymentConfirmed <> '0000-00-00' and bkEventID = {$eventid}";
$result = ba_db_query($link, $sql);
$iStaff = ba_db_num_rows($result);
$iTotal = $iMonsters + $iPlayers + $iStaff;
$sql = "SELECT bkDatePaymentConfirmed " . "FROM {$db_prefix}bookings " . "WHERE bkDatePaymentConfirmed <> '' AND bkDatePaymentConfirmed <> '0000-00-00' AND bkPayOnGate = 1 and bkEventID = {$eventid}";
$result = ba_db_query($link, $sql);
$iPayOnGate = ba_db_num_rows($result);
if (ALLOW_MONSTER_BOOKINGS) {
echo "{$iMonsters} monsters, ";
}
echo "{$iPlayers} players, {$iStaff} staff. ({$iTotal} total)<br>\n";
echo "{$iPayOnGate} will be paying on the gate\n";
?>
</p>
<p>
<b>Notes:</b><br>
This is only for those people booked on this system. If you are expecting bookings on the gate, you may need more. Also, if characters die, you may need more cards and/or lore sheets for the new characters.
</p>
<?php
include '../inc/inc_foot.php';
//Do not need login check for this page
$bLoginCheck = False;
include 'inc/inc_head_db.php';
$db_prefix = DB_PREFIX;
// Get POST into variables
$email = $_POST['email'];
$password = sha1($_POST['password'] . PW_SALT);
$ic = (int) $_POST['ic'];
//Set up & run query
$sql = "SELECT plPlayerID FROM {$db_prefix}players " . "WHERE plEmail LIKE '" . ba_db_real_escape_string($link, $email) . "' AND plPassword = '******'";
$result = ba_db_query($link, $sql);
if (ba_db_num_rows($result) > 1) {
//Log warning if there was more than one row returned
LogWarning("export.php - more than one result from e-mail and password\n{$sql}");
}
if (ba_db_num_rows($result) > 0) {
//Successfully logged in
$row = ba_db_fetch_assoc($result);
$id = $row['plPlayerID'];
} else {
die("ERROR: Wrong e-mail or password");
}
// Export as a CSV file
header("Content-Type: text/csv");
// Get OOC details
$key = CRYPT_KEY;
$sql = "SELECT plFirstName, " . "plSurname, " . "AES_DECRYPT(pleAddress1, '{$key}') AS dAddress1, " . "AES_DECRYPT(pleAddress2, '{$key}') AS dAddress2, " . "AES_DECRYPT(pleAddress3, '{$key}') AS dAddress3, " . "AES_DECRYPT(pleAddress4, '{$key}') AS dAddress4, " . "AES_DECRYPT(plePostcode, '{$key}') AS dPostcode, " . "AES_DECRYPT(pleTelephone, '{$key}') AS dTelephone, " . "AES_DECRYPT(pleMobile, '{$key}') AS dMobile, " . "plEmail, " . "plDOB, " . "AES_DECRYPT(pleMedicalInfo, '{$key}') AS dMedicalInfo, " . "plEmergencyName, " . "AES_DECRYPT(pleEmergencyNumber, '{$key}') AS dEmergencyNumber, " . "plEmergencyRelationship, " . "plCarRegistration, " . "plDietary " . "FROM {$db_prefix}players WHERE plPlayerID = {$id}";
$result = ba_db_query($link, $sql);
$row = ba_db_fetch_assoc($result);
//OOC CSV line - replace double-quotes, newlines & commas
echo str_replace(array('"', "\n", ","), array("'", ";", ";"), stripslashes($row['plFirstName'])) . ',';
//Initialise error message
$sWarn = '';
$db_prefix = DB_PREFIX;
if ($_POST['btnSubmit'] != '' && CheckReferrer('ic_form.php')) {
$sNameWarn = IC_Check();
//Character details - check if character exists
$sql = "SELECT * FROM {$db_prefix}characters WHERE chPlayerID = {$PLAYER_ID}";
$result = ba_db_query($link, $sql);
//If character does not exist insert a row so that UPDATE query will work
if (ba_db_num_rows($result) == 0) {
$sql = "INSERT INTO {$db_prefix}characters (chPlayerID) VALUES ({$PLAYER_ID})";
if (!ba_db_query($link, $sql)) {
$sWarn = "There was a problem updating your IC details";
LogError("Error inserting player ID into characters table prior to running UPDATE query.\nPlayer ID: {$PLAYER_ID}");
}
} elseif (ba_db_num_rows($result) > 1) {
LogWarning("Multiple rows in characters table with player ID {$PLAYER_ID}");
}
if ($_POST['selGroup'] == 'Other (enter name below)') {
$sSelGroupName = '';
} else {
$sSelGroupName = $_POST['selGroup'];
}
if ($_POST['selAncestor'] == 'Other (enter name below)') {
$sSelAncestorName = '';
} else {
$sSelAncestorName = $_POST['selAncestor'];
}
//Build up UPDATE query
if ($sNameWarn == '') {
//IC Check passed try to save
$bookingsql = "insert into {$db_prefix}bookings (bkPlayerID, bkBookAs, bkEventID, bkDateICConfirmed, bkDateOOCConfirmed, bkAmountPaid, bkAmountExpected, bkInQueue) VALUES (" . $playerid . ", '" . $bookas . "', " . $eventid . ", '" . $today . "', '" . $today . "', 0, " . $expectedvalue . ", 0)";
$result = ba_db_query($link, $bookingsql);
$bookingid = ba_insert_id($link);
$playerid = 0;
$eventid = 0;
$newbooking = 1;
}
//Get event and booking details
if ($bookingid > 0) {
$bookingsql = "Select * FROM {$db_prefix}bookings inner join {$db_prefix}events on evEventID = bkEventID inner join {$db_prefix}players on plPlayerID = bkPlayerID where bkID = " . $bookingid;
} else {
$bookingsql = "Select * FROM {$db_prefix}events cross join {$db_prefix}players where evEventID = " . $eventid . " and plPlayerID = " . $playerid;
}
$result = ba_db_query($link, $bookingsql);
$bookinginfo = ba_db_fetch_assoc($result);
if ($playerid == 0 && ba_db_num_rows($result) == 0) {
$sMsg = "You cannot view this booking";
$sURL = fnSystemURL() . 'admin.php?warn=' . urlencode($sMsg);
header("Location: {$sURL}");
}
$eventinfo = getEventDetails($bookinginfo['evEventID'], 0);
//Delete
if (($_POST['btnDelete'] != '' || $_POST['btnDeleteAndRebook'] != '') && CheckReferrer('admin_booking.php')) {
if ($_POST['txtConfirm'] == 'CONFIRM') {
deleteBooking($bookinginfo['bkID']);
if ($_POST['btnDelete'] != '') {
$sURL = fnSystemURL() . 'admin_manageevent.php?EventID=' . $bookinginfo['bkEventID'];
} else {
$sURL = fnSystemURL() . 'admin_booking.php?PlayerID=' . $bookinginfo['bkPlayerID'] . "&EventID=" . $bookinginfo['bkEventID'];
}
header("Location: {$sURL}");
$bookingtype = str_replace("Staff", $stafftext, $row['bkBookAs']);
echo "<td>" . htmlentities(stripslashes($bookingtype)) . "</td>\n</tr>\n";
}
echo "</table>";
if ($eventinfo['evAllowMonsterBookings']) {
$sql = "SELECT plPlayerID, " . "bkBookAs, " . "bkDatePaymentConfirmed " . "FROM {$db_prefix}players, {$db_prefix}bookings " . "WHERE bkBookAs LIKE 'Monster' AND plPlayerID = bkPlayerID AND bkDatePaymentConfirmed <> '' AND bkDatePaymentConfirmed <> '0000-00-00' AND bkEventID = " . $eventinfo['evEventID'];
$result = ba_db_query($link, $sql);
$iMonsters = ba_db_num_rows($result);
} else {
$iMonsters = 0;
}
$sql = "SELECT plPlayerID, " . "bkBookAs, " . "bkDatePaymentConfirmed " . "FROM {$db_prefix}players, {$db_prefix}bookings " . "WHERE bkBookAs LIKE 'Player' AND plPlayerID = bkPlayerID AND bkDatePaymentConfirmed <> '' AND bkDatePaymentConfirmed <> '0000-00-00' AND bkEventID = " . $eventinfo['evEventID'];
$result = ba_db_query($link, $sql);
$iPlayers = ba_db_num_rows($result);
$sql = "SELECT plPlayerID, " . "bkBookAs, " . "bkDatePaymentConfirmed " . "FROM {$db_prefix}players, {$db_prefix}bookings " . "WHERE bkBookAs LIKE 'Staff' AND plPlayerID = bkPlayerID AND bkDatePaymentConfirmed <> '' AND bkDatePaymentConfirmed <> '0000-00-00' AND bkEventID = " . $eventinfo['evEventID'];
$result = ba_db_query($link, $sql);
$iStaff = ba_db_num_rows($result);
$iTotal = $iMonsters + $iPlayers + $iStaff;
$iCrew = $iMonsters + $iStaff;
echo "<p>\n";
echo "{$iStaff} {$stafftext}, ";
if ($eventinfo['evAllowMonsterBookings']) {
echo "{$iMonsters} Monsters, ";
}
echo "{$iPlayers} Players. ({$iTotal} total)\n</p>";
echo "<p class = 'smallprint'><a href = 'bookings_rss.php?event={$eventinfo['evEventID']}'>RSS feed of bookings for this event</a></p>\n";
} else {
echo "<p>The list of bookings for this event is only available if you are logged into the system.</p>";
}
echo "<p class = 'smallprint'><a href='iCalendar.php'>iCalendar feed of events</a></p>\n";
include 'inc/inc_foot.php';
