function get_booking_options($event_id)
{
//get the id's and descriptions for options chosen by the user
$savedUserBookingOptions = null;
$userBookingResult = wrap_db_query("SELECT e.option_id, o.description FROM " . BOOKING_EVENT_OPTIONS_TABLE . " AS e, " . BOOKING_OPTIONS_TABLE . " AS o WHERE e.event_id='" . $event_id . "' AND e.option_id=o.option_id");
if ($userBookingResult && wrap_db_num_rows($userBookingResult) > 0) {
while ($userBookingFields = wrap_db_fetch_array($userBookingResult)) {
$savedUserBookingOptions[] = array('id' => $userBookingFields['option_id'], 'desc' => $userBookingFields['description']);
}
}
return $savedUserBookingOptions;
}
</script>
<textarea name="bookingOptionsDesc" rows="5" cols="60" readonly="true"><?php
if (isset($_REQUEST['bookingOptionsDesc'])) {
echo stripslashes($_REQUEST['bookingOptionsDesc']);
}
?>
</textarea><br>
<table border="0" cellpadding="0" cellspacing="2">
<?php
//load any saved booking option preferences this user may have
$savedUserPrefOptions = null;
//only non-admins can save their preferences, admins should have to tick them each time
if (!$is_admin) {
$userPrefResult = wrap_db_query("SELECT option_id FROM " . BOOKING_USER_OPTIONS_TABLE . " WHERE user_id='" . $bookingByUserID . "'");
if ($userPrefResult && wrap_db_num_rows($userPrefResult) > 0) {
while ($userPrefFields = wrap_db_fetch_array($userPrefResult)) {
$savedUserPrefOptions[] = $userPrefFields['option_id'];
}
}
}
$rightCol = false;
for ($r = 0; $fields = wrap_db_fetch_array($result); $r++) {
//is this a left or right column?
if ($r % 2 == 0) {
//left column
echo '<tr align="left"><td>';
$rightCol = false;
} else {
//right column
echo '<td width="20"> </td><td>';
- Create a new e-mail mailshot: <input type="button" class="ButtonStyle" value="GO" name="newMailButton" onclick="document.location.href='<?php
echo FILENAME_ADMIN_EMAIL_MAILSHOT;
?>
'" style="margin-left: 20px;"><br>
<br>
<br>
<?php
//output all previously sent emails with links to edit / delete
$currentUserID = get_user_id($_SESSION['valid_user']);
$sql = 'SELECT email_id, subject, DATE_FORMAT( sent, \'%d/%m/%Y %H:%i\' ) AS sent_time FROM ' . EMAILSHOT_SENT_EMAILS . ' WHERE sent_by_user_id=' . $currentUserID . ' ORDER BY sent DESC';
//echo "<hr>$sql" ;
$res = wrap_db_query($sql);
$numMails = wrap_db_num_rows($res);
if ($numMails > 0) {
?>
- Edit or delete a previous e-mail mailshot:<br>
<br>
<table border="0" cellpadding="4" cellspacing="2" style="margin-left: 10px;">
<tr>
<th class="BgcolorDull2" width="150">Subject</th>
<th class="BgcolorDull2">Sent</th>
<th class="BgcolorDull2">Control</th>
</tr>
<?php
$i = 0;
while ($row = wrap_db_fetch_array($res)) {
$class = 'BgcolorNormal';
</tr>
</table>
<?php
//Load the user info
$user_info = get_user(get_user_id($_SESSION['valid_user']));
// Check we have permissions to buy credits
if (wrap_session_is_registered("admin_user") || $user_info['booking_credits'] == 'Not used' || $_SESSION['PAYMENT_GATEWAY'] != '1' || !is_numeric($user_info['user_id'])) {
echo "<p>You do not have permission to purchase booking credits. Please contact an Administrator.</p>";
include_once "footer.php";
include_once "application_bottom.php";
die;
}
// Load the products based on the users group membership
$result = wrap_db_query("SELECT DISTINCT bpi.id, bpi.product_name, bpi.quantity, bpi.mc_gross, bpi.mc_currency \n\t\t\t\t\t\t\tFROM (" . BOOKING_PRODUCT_ITEM . " bpi LEFT JOIN " . BOOKING_PRODUCT_GROUPS . " bpg ON bpg.product_id = bpi.id ) \n\t\t\t\t\t\t\tWHERE group_id IN (SELECT DISTINCT group_id FROM " . BOOKING_USER_GROUPS_TABLE . " WHERE user_id = " . $user_info['user_id'] . ") ORDER BY bpi.product_name, bpi.quantity");
// If there are no products assigned, load the default
if (!(wrap_db_num_rows($result) >= 1) || !$result) {
$result = wrap_db_query("SELECT DISTINCT id, product_name, quantity, mc_gross, mc_currency FROM " . BOOKING_PRODUCT_ITEM . " WHERE id = '1' LIMIT 1");
}
if ($result) {
while ($products = wrap_db_fetch_array($result)) {
// LIVE
// https://www.sandbox.paypal.com/cgi-bin/webscr
?>
<p>
<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
<input type="hidden" name="notify_url" value="<?php
echo DOMAIN_NAME . substr(DIR_WS_SCRIPTS, 1) . "paypal_ipn_res.php";
?>
">
<input type="hidden" name="cmd" value="_xclick">
<input type="hidden" name="business" value="<?php
}
}
?>
</select>
</td>
</form>
<td width="99%" valign="top"><?php
if ($_POST['user_select'] != '' || $all == true) {
//check that we have not just made a successful update
if ($all == true) {
$query = "SELECT * FROM " . PAYPAL_TRANSACTIONS . " order by payment_date LIMIT 100";
} else {
$query = "SELECT * FROM " . PAYPAL_TRANSACTIONS . " WHERE n27_user_id = '" . $_POST['user_select'] . "' order by payment_date LIMIT 30";
}
$result = wrap_db_query($query);
if ($result && wrap_db_num_rows($result) > 0) {
if ($all == true) {
echo "Last 100 transactions for all users:<br /><br />";
} else {
echo "Last 30 transactions:<br /><br />";
}
?>
<table width="98%" border="0" cellpadding="2" cellspacing="0">
<tr>
<td width="22%" class="BgcolorDull2">Date</td>
<td width="19%" class="BgcolorDull2">Payer Name</td>
<td width="27%" class="BgcolorDull2">Payer Email</td>
<td width="8%" class="BgcolorDull2" align="center">Quantity</td>
<td width="8%" class="BgcolorDull2">Value</td>
<td width="8%" class="BgcolorDull2" align="center">Currency</td>
<td width="8%" class="BgcolorDull2">Status</td>
//now insert all our new entries... foreach on $_POST['product_ids']
if (is_array($_POST['product_ids']) && sizeof($_POST['product_ids']) > 0) {
foreach ($_POST['product_ids'] as $product_id) {
$sql = 'INSERT INTO ' . BOOKING_PRODUCT_GROUPS . ' ( product_id , group_id , created ) VALUES ( "' . mysql_real_escape_string($product_id) . '" , "' . mysql_real_escape_string($_POST['group_id']) . '" , NOW() ) ';
$res = wrap_db_query($sql);
}
}
//note changes were made okay
$page_info_message = 'Changes to product/group assignment saved successfully';
}
}
//get users in any specified group id
if (isset($_REQUEST['group_id']) && trim($_REQUEST['group_id']) > 0) {
$sql = 'SELECT * FROM ' . BOOKING_PRODUCT_GROUPS . ' WHERE group_id=' . $_REQUEST['group_id'];
$res = wrap_db_query($sql);
if ($res && wrap_db_num_rows($res) > 0) {
while ($row = wrap_db_fetch_array($res)) {
$thisGroupsProducts[] = $row['product_id'];
}
}
}
//get all our current groups
$sql = 'SELECT group_id, group_name FROM ' . BOOKING_GROUPS_TABLE . ' ORDER BY group_name ASC';
$res = wrap_db_query($sql);
if ($res) {
while ($row = wrap_db_fetch_array($res)) {
$groups[] = $row;
}
}
//get all available products
$sql = 'SELECT id , product_name, mc_currency, mc_gross FROM ' . BOOKING_PRODUCT_ITEM . ' WHERE id > 1 ORDER BY product_name ASC';
function update_user_information($username, $firstname, $lastname, $email)
{
// check if username is unique
$result = wrap_db_query("SELECT user_id FROM " . BOOKING_USER_TABLE . " WHERE username='******'");
if (!$result) {
return false;
// no result
} else {
if (wrap_db_num_rows($result) == 1) {
// one result row
$fields = wrap_db_fetch_array($result);
$user_id = $fields['user_id'];
} else {
return false;
}
}
if (empty($user_id)) {
return false;
}
// if ok, put in db and return result
$result = wrap_db_query("UPDATE " . BOOKING_USER_TABLE . " SET \r\n\t\t\t\t\t\tfirstname = '" . wrap_db_escape_string($firstname) . "',\r\n\t\t\t\t\t\tlastname = '" . wrap_db_escape_string($lastname) . "',\r\n\t\t\t\t\t\temail = '" . wrap_db_escape_string($email) . "' \r\n\t\t\t\t\t\tWHERE username = '******' " . " AND user_id = '" . wrap_db_escape_string($user_id) . "'");
if (!$result) {
return false;
} else {
return true;
}
}
<?php
} else {
echo stripslashes($event['description']);
}
?>
</td></tr>
<?php
//does this site use booking options?
$result = wrap_db_query("SELECT option_id, description FROM " . BOOKING_OPTIONS_TABLE . " ORDER BY description ASC");
if ($result && wrap_db_num_rows($result) > 0) {
//get the id's and descriptions for options chosen by the user
$savedUserBookingOptionIDs = null;
$savedUserBookingOptionDescriptions = null;
$userBookingResult = wrap_db_query("SELECT e.option_id, o.description FROM " . BOOKING_EVENT_OPTIONS_TABLE . " AS e, " . BOOKING_OPTIONS_TABLE . " AS o WHERE e.event_id='" . $_REQUEST['event_id'] . "' AND e.option_id=o.option_id");
if ($userBookingResult && wrap_db_num_rows($userBookingResult) > 0) {
while ($userBookingFields = wrap_db_fetch_array($userBookingResult)) {
$savedUserBookingOptionsIDs[] = $userBookingFields['option_id'];
$savedUserBookingOptionDescriptions[] = $userBookingFields['description'];
}
}
$numBookingOptions = count($savedUserBookingOptionDescriptions);
?>
<tr><td colspan="2" align="left" valign="top"><strong>Booking Options:</strong></td></tr>
<tr><td colspan="2" align="left">
<?php
if ($_REQUEST['action'] == 'modify') {
//show tickable checkboxes
?>
<table border="0" cellpadding="0" cellspacing="2">
$numAttachments = wrap_db_num_rows($res);
if ($numAttachments > 0) {
$row = wrap_db_fetch_array($res);
//delete the item from the db
$sql = 'DELETE FROM ' . EMAILSHOT_ATTACHMENTS_TEMP . ' WHERE attachment_id=' . $_GET['del_attach_id'] . ' LIMIT 1';
$res = wrap_db_query($sql);
//check if this attachment is still linked into any stored mailshots in the sent items table, if so we must not delete it
$sql2 = 'SELECT attachment_id FROM ' . EMAILSHOT_ATTACHMENTS . ' WHERE filename="' . $row['filename'] . '" LIMIT 0,1';
$res2 = wrap_db_query($sql2);
if (wrap_db_num_rows($res2) < 1) {
//delete each file from the file system
unlink(DIR_FS_ATTACHMENTS . $row['filename']);
}
}
}
//echo time() . '<br>';
//output all unattached temp files belonging to the current user with a link to remove them from this e-mail in case they are no longer wanted
$currentUserID = get_user_id($_SESSION['valid_user']);
$sql = 'SELECT attachment_id, user_id, filename FROM ' . EMAILSHOT_ATTACHMENTS_TEMP . ' WHERE user_id=' . $currentUserID . ' ORDER BY attachment_id ASC';
//echo "<hr>$sql" ;
$res = wrap_db_query($sql);
$numAttachments = wrap_db_num_rows($res);
if ($numAttachments > 0) {
while ($row = wrap_db_fetch_array($res)) {
echo htmlentities($row['filename']) . ' [<a href="view_mailshot_attachments.php?del_attach_id=' . $row['attachment_id'] . '">remove</a>]<br />';
}
} else {
echo '(none)';
}
include_once "footer.php";
include_once "application_bottom.php";
function get_credit_types()
{
$result = wrap_db_query("SELECT * FROM " . BOOKING_CREDIT_TYPES);
$returnArray = null;
if (!$result) {
return false;
// general connection or query error
} else {
if (wrap_db_num_rows($result) == 0) {
return false;
// no results - odd!
} else {
while ($fields = wrap_db_fetch_array($result)) {
$returnArray[] = array('credit_type_id' => $fields['credit_type_id'], 'credit_type_name' => $fields['credit_type_name'], 'credit_type_booking_days' => $fields['credit_type_booking_days']);
}
}
}
return $returnArray;
}
?>
<br>
<br>
<br>
<?php
}
?>
<b>Current Bookings:</b><br>
<br>
<?php
// Check how many upcoming bookings the user already has reserved in the system
$showedABooking = false;
$user_events_result = get_user_events($user_info['username'], true, 50);
//get a max of 50 results
$num_events_results = wrap_db_num_rows($user_events_result);
if ($num_events_results >= 50) {
echo "NOTE: You currently have more than 50 advance bookings. Only the next 50 are shown below.<br><br>";
}
?>
<table cellpadding="2" cellspacing="0" border="0" style="margin-left: 20px;">
<?php
while ($user_events_row = wrap_db_fetch_array($user_events_result)) {
// echo '<pre>' ;
// print_r( $user_events_row ) ;
// echo '</pre>' ;
$display_dates_and_time_ranges = get_event_dates_and_time_ranges($user_events_row['event_id'], $user_events_row['location']);
if (count($display_dates_and_time_ranges) > 0) {
reset($display_dates_and_time_ranges);
foreach ($display_dates_and_time_ranges as $display_date_and_time) {
list($date, $time_range) = explode(" ", $display_date_and_time);
function add_event($username, $scheduled_date_time_data, $subject, $location, $starting_date_time, $ending_date_time, $recur_interval, $recur_freq, $recur_until_date, $description)
{
// Add new event to the database
// Use global $location_db_name
global $location_db_name;
// Check for repeat event; 'double click'
// This might be removed in the future due to a future JavaScript function.
$result = wrap_db_query("SELECT event_id FROM " . BOOKING_USER_TABLE . ", " . BOOKING_EVENT_TABLE . " \r\n\t\t\t\t\t\tWHERE " . BOOKING_USER_TABLE . ".username='******' AND\r\n\t\t\t\t\t\t" . BOOKING_USER_TABLE . ".user_id = " . BOOKING_EVENT_TABLE . ".user_id AND \r\n\t\t\t\t\t\t" . BOOKING_EVENT_TABLE . ".subject = '" . wrap_db_escape_string($subject) . "' AND \r\n\t\t\t\t\t\t" . BOOKING_EVENT_TABLE . ".location = '" . wrap_db_escape_string($location) . "' AND \r\n\t\t\t\t\t\t" . BOOKING_EVENT_TABLE . ".starting_date_time = '" . wrap_db_escape_string($starting_date_time) . "' AND \r\n\t\t\t\t\t\t" . BOOKING_EVENT_TABLE . ".ending_date_time = '" . wrap_db_escape_string($ending_date_time) . "' AND \r\n\t\t\t\t\t\t" . BOOKING_EVENT_TABLE . ".recur_interval = '" . wrap_db_escape_string($recur_interval) . "' AND \r\n\t\t\t\t\t\t" . BOOKING_EVENT_TABLE . ".recur_freq = " . wrap_db_escape_string($recur_freq) . " AND \r\n\t\t\t\t\t\t" . BOOKING_EVENT_TABLE . ".recur_until_date = '" . wrap_db_escape_string($recur_until_date) . "' AND \r\n\t\t\t\t\t\t" . BOOKING_EVENT_TABLE . ".description = '" . wrap_db_escape_string($description) . "'");
//echo "Duplicate Rows: " . wrap_db_num_rows($result) . "<br />";
if ($result && wrap_db_num_rows($result) > 0) {
return false;
}
// get user_id based on current $username
$user_id = get_user_id($username);
if (empty($user_id)) {
return false;
}
// insert the new event
$result = wrap_db_query("INSERT INTO " . BOOKING_EVENT_TABLE . " SET \r\n\t\t\t\t\t\tuser_id = " . wrap_db_escape_string($user_id) . ", \r\n\t\t\t\t\t\tsubject = '" . wrap_db_escape_string($subject) . "', \r\n\t\t\t\t\t\tlocation = '" . wrap_db_escape_string($location) . "', \r\n\t\t\t\t\t\tstarting_date_time = '" . wrap_db_escape_string($starting_date_time) . "', \r\n\t\t\t\t\t\tending_date_time = '" . wrap_db_escape_string($ending_date_time) . "', \r\n\t\t\t\t\t\trecur_interval = '" . wrap_db_escape_string($recur_interval) . "', \r\n\t\t\t\t\t\trecur_freq = " . wrap_db_escape_string($recur_freq) . ", \r\n\t\t\t\t\t\trecur_until_date = '" . wrap_db_escape_string($recur_until_date) . "', \r\n\t\t\t\t\t\tdescription = '" . wrap_db_escape_string($description) . "', \r\n\t\t\t\t\t\tdate_time_added = NOW(), \r\n\t\t\t\t\t\tlast_mod_by_id = '', \r\n\t\t\t\t\t\tlast_mod_date_time = '0000-00-00 00:00:00'");
if (!$result) {
return false;
}
// Get the event_id (auto) for the event just added to the event table.
$event_id = wrap_db_insert_id();
// Insert the event_id into the schedule table at the appropriate date-time slots.
$add_date_time_error = false;
foreach ($scheduled_date_time_data as $date_time) {
$result = wrap_db_query("UPDATE " . DATE_TIME_SCHEDULE_TABLE . " \r\n\t\t\t\t\t\tSET " . $location_db_name[$location] . " = " . wrap_db_escape_string($event_id) . " \r\n\t\t\t\t\t\tWHERE schedule_date_time = '" . wrap_db_escape_string($date_time) . "' AND \r\n\t\t\t\t\t\t" . $location_db_name[$location] . " = 0");
//echo "location: $location, event_id: $event_id <br />";
if (!$result) {
$add_date_time_error = true;
}
}
if ($add_date_time_error == true) {
// Delete Event Info Function needs to be added here!
echo "ERROR! A date and time slot could not be filled properly!<br />";
return false;
}
return $event_id;
}
