Ejemplo n.º 1
0
 function save($oData)
 {
     if ($oData['id_reparto']) {
         //UPDATE
         $sql = "UPDATE repartos SET fecha_reparto = '" . dateToMySQL($oData['fecha_reparto']) . "', id_zona = " . $oData['zona_reparto'] . ", id_repartidor = " . $oData['repartidor_reparto'] . ", id_reparto_estado = " . $oData['estado_reparto'] . ", descripcion_reparto = '" . utf8_decode(addslashes($oData['descripcion_reparto'])) . "' WHERE id_reparto = " . $oData['id_reparto'];
     } else {
         //INSERT
         $sql = "INSERT INTO repartos (fecha_reparto, id_zona, id_repartidor, id_reparto_estado, descripcion_reparto)\n\t\t\t\t\t\t\tVALUES ('" . dateToMySQL($oData['fecha_reparto']) . "', " . $oData['zona_reparto'] . ", " . $oData['repartidor_reparto'] . ", " . $oData['estado_reparto'] . ", '" . utf8_decode(addslashes($oData['descripcion_reparto'])) . "') ";
     }
     if (!mysql_query($sql)) {
         die('Error: ' . mysql_error());
         return false;
     } else {
         return true;
     }
 }
Ejemplo n.º 2
0
    $ext = mysql_result($result, 0, 5);
    $groupBy = mysql_result($result, 0, 7);
    $sortBy = mysql_result($result, 0, 8);
    $cleanUp = explode("\n", mysql_result($result, 0, 9));
    $dateFormat = mysql_result($result, 0, 10);
    $curDate = $curCategory = '';
    header('Content-Type:text/plain; charset=' . $hc_lang_config['CharSet']);
    if ($mID == 2) {
        header('Content-Disposition:attachment; filename=' . date("YmdGis") . '_HeliosCalendarOutput' . $ext);
    }
    $query = 'SELECT e.Title, e.Description, e.StartTime, e.EndTime, e.Cost, e.IsBillboard, e.ContactName, e.ContactEmail, e.ContactPhone, e.ContactURL, 
						er.Space, e.LocID, e.LocationName, e.LocationAddress, e.LocationAddress2, e.LocationCity, e.LocationState, e.LocationZip, e.LocCountry, 
						l.Name, l.Address, l.Address2, l.City, l.State, l.Zip, l.Country, l.URL, ';
    $query .= $groupBy >= 2 ? 'MIN(e.StartDate), MAX(e.StartDate), NULL, NULL' : 'NULL, NULL, e.PkID, e.StartDate';
    $query .= $groupBy == 0 || $groupBy == 3 ? ', c.CategoryName ' : ', NULL';
    $query .= " FROM " . HC_TblPrefix . "events e\r\n\t\t\t\t\t\tLEFT JOIN " . HC_TblPrefix . "eventcategories ec ON (e.PkID = ec.EventID)\r\n\t\t\t\t\t\tLEFT JOIN " . HC_TblPrefix . "categories c ON (c.PkID = ec.CategoryID  AND c.PkID IN (" . $catIDWhere . "))\r\n\t\t\t\t\t\tLEFT JOIN " . HC_TblPrefix . "locations l ON (e.LocID = l.PkID)\r\n\t\t\t\t\t\tLEFT JOIN " . HC_TblPrefix . "eventrsvps er ON (e.PkID = er.EventID)\r\n\t\t\t\t\tWHERE e.IsActive = 1 AND e.IsApproved = 1 AND\r\n\t\t\t\t\t\t(e.StartDate BETWEEN '" . dateToMySQL($_POST['startDate'], $hc_cfg[24]) . "' AND '" . dateToMySQL($_POST['endDate'], $hc_cfg[24]) . "')\r\n\t\t\t\t\t\tAND c.IsActive = 1 AND e.Title IS NOT NULL\r\n\t\t\t\t\tGROUP BY e.Title, e.Description, e.StartTime, e.EndTime, e.Cost, e.IsBillboard, e.ContactName, e.ContactEmail, e.ContactPhone, e.ContactURL, \r\n\t\t\t\t\t\t\ter.Space, e.LocID, e.LocationName, e.LocationAddress, e.LocationAddress2, e.LocationCity, e.LocationState, e.LocationZip, e.LocCountry, \r\n\t\t\t\t\t\t\tl.Name, l.Address, l.Address2, l.City, l.State, l.Zip, l.Country, l.URL";
    switch ($groupBy) {
        case 0:
            $query .= ", e.PkID, e.StartDate, c.CategoryName";
            break;
        case 1:
            $query .= ", e.PkID, e.StartDate";
            break;
        case 2:
        case 3:
            $query .= ", c.CategoryName";
            break;
    }
    switch ($sortBy) {
        case 0:
            $query .= " ORDER BY c.CategoryName, e.StartDate, e.Title";
Ejemplo n.º 3
0
    if ($hc_cfg[31] == 12) {
        $startTimeHour = $startTimeAMPM == 'PM' ? $startTimeHour < 12 ? $startTimeHour + 12 : $startTimeHour : ($startTimeHour == 12 ? 0 : $startTimeHour);
        if (!isset($_POST['ignoreendtime'])) {
            $endTimeHour = $endTimeAMPM == 'PM' ? $endTimeHour < 12 ? $endTimeHour + 12 : $endTimeHour : ($endTimeHour == 12 ? 0 : $endTimeHour);
        }
    }
    $tbd = 0;
    $startTime = "'" . $startTimeHour . ":" . $startTimeMins . ":00'";
    $endTime = !isset($_POST['ignoreendtime']) ? "'" . $endTimeHour . ":" . $endTimeMins . ":00'" : 'NULL';
} else {
    $startTime = $endTime = 'NULL';
    $tbd = $_POST['specialtime'] == 'allday' ? 1 : 2;
}
if (isset($_POST['recurCheck'])) {
    $seriesID = "'" . DecHex(microtime() * 9999999) . DecHex(microtime() * 5555555) . DecHex(microtime() * 1111111) . "'";
    $stopDate = isset($_POST['recurEndDate']) ? dateToMySQL(cIn($_POST['recurEndDate']), $hc_cfg[24]) : '';
    $curDate = $eventDate;
    switch ($_POST['recurType']) {
        case 'daily':
            $days = isset($_POST['dailyDays']) ? cIn($_POST['dailyDays']) : 1;
            if ($_POST['dailyOptions'] == 'EveryXDays') {
                while (strtotime($curDate) <= strtotime($stopDate)) {
                    $dates[] = $curDate;
                    $dateParts = explode("-", $curDate);
                    $curDate = date("Y-m-d", mktime(0, 0, 0, $dateParts[1], $dateParts[2] + $days, $dateParts[0]));
                }
            } else {
                while (strtotime($curDate) <= strtotime($stopDate)) {
                    $dateParts = explode("-", $curDate);
                    $curDayOfWeek = date("w", mktime(0, 0, 0, $dateParts[1], $dateParts[2], $dateParts[0]));
                    if ($curDayOfWeek != 0 and $curDayOfWeek != 6 or $eventDate == $curDate) {
Ejemplo n.º 4
0
         if (!isset($_POST['ignoreendtime'])) {
             $endTimeHour = $_POST['endTimeAMPM'] == 'PM' ? $_POST['endTimeHour'] < 12 ? $_POST['endTimeHour'] + 12 : $_POST['endTimeHour'] : ($_POST['endTimeHour'] == 12 ? 0 : $_POST['endTimeHour']);
         }
     }
     $startTime = "'" . cIn($startTimeHour) . ":" . cIn($_POST['startTimeMins']) . ":00'";
     $endTime = !isset($_POST['ignoreendtime']) ? "'" . cIn($endTimeHour) . ":" . cIn($_POST['endTimeMins']) . ":00'" : 'NULL';
 } else {
     $startTime = $endTime = 'NULL';
     $tbd = $_POST['specialtime'] == 'allday' ? 1 : 2;
 }
 if (isset($_POST['recurCheck'])) {
     $seriesID = "'" . DecHex(microtime() * 9999999) . DecHex(microtime() * 5555555) . DecHex(microtime() * 1111111) . "'";
     $dateE = explode('-', $eventDate);
     $curDate = $eventDate;
     if (isset($dateE[2])) {
         $stopDate = dateToMySQL(htmlspecialchars($_POST['recurEndDate']), $hc_cfg[24]);
     } else {
         $stopDate = date("Y-m-d");
     }
     switch (htmlspecialchars($_POST['recurType'])) {
         case 'daily':
             $days = isset($_POST['dailyDays']) ? cIn($_POST['dailyDays']) : 1;
             if (htmlspecialchars($_POST['dailyOptions']) == 'EveryXDays') {
                 while (strtotime($curDate) <= strtotime($stopDate)) {
                     $dates[] = $curDate;
                     $dateParts = explode("-", $curDate);
                     $curDate = date("Y-m-d", mktime(0, 0, 0, $dateParts[1], $dateParts[2] + $days, $dateParts[0]));
                 }
             } else {
                 while (strtotime($curDate) <= strtotime($stopDate)) {
                     $dateParts = explode("-", $curDate);
Ejemplo n.º 5
0
 function save($oData)
 {
     if (!$oData["id_orden_compra"]) {
         begin();
         $detalle = array();
         $cabecera = array();
         $cabecera = explode("@@", $oData["cabecera"]);
         $detalle = explode("||", $oData["detalle"]);
         $sql = "INSERT INTO  ordenes_compra (id_proveedor, fecha_orden_compra, nro_orden_compra, generada)\r\n\t\t\t\t\tVALUES (" . $cabecera[0] . ", '" . dateToMySQL($cabecera[1]) . "', " . $cabecera[2] . ", 1)";
         if (!mysql_query($sql)) {
             die('Error: ' . mysql_error());
             rollback();
             return false;
         } else {
             $id = mysql_insert_id();
             foreach ($detalle as $detail) {
                 $values = explode("@@", $detail);
                 $sql = "INSERT INTO detalle_ordenes_compra (id_orden_compra, id_producto, cantidad_detalle_orden_compra) VALUES  (" . $id . ", " . $values[0] . ", " . $values[1] . ")";
                 if (!mysql_query($sql)) {
                     die('Error: ' . mysql_error());
                     rollback();
                     break;
                 }
             }
             if ($cabecera[2]) {
                 $nroVta = $cabecera[2] + 1;
             }
             $sql = "UPDATE parametros SET valor_parametro = " . $nroVta . " WHERE nombre_parametro='nro_orden_compra'";
             if (!mysql_query($sql)) {
                 die('Error: ' . mysql_error());
                 rollback();
                 break;
             } else {
                 commit();
                 return true;
             }
             return false;
         }
     } else {
         $sql = "delete from detalle_ordenes_compra where id_orden_compra=" . $oData["id_orden_compra"];
         getRS($sql);
         $sql = "delete from ordenes_compra where id_orden_compra=" . $oData["id_orden_compra"];
         getRS($sql);
         begin();
         $detalle = array();
         $cabecera = array();
         $cabecera = explode("@@", $oData["cabecera"]);
         $detalle = explode("||", $oData["detalle"]);
         $sql = "INSERT INTO  ordenes_compra (id_proveedor, fecha_orden_compra, nro_orden_compra, generada)\r\n\t\t\t\t\tVALUES (" . $cabecera[0] . ", '" . dateToMySQL($cabecera[1]) . "', " . $cabecera[2] . ", 1)";
         if (!mysql_query($sql)) {
             die('Error: ' . mysql_error());
             rollback();
             return false;
         } else {
             $id = mysql_insert_id();
             foreach ($detalle as $detail) {
                 $values = explode("@@", $detail);
                 $sql = "INSERT INTO detalle_ordenes_compra (id_orden_compra, id_producto, cantidad_detalle_orden_compra) VALUES  (" . $id . ", " . $values[0] . ", " . $values[1] . ")";
                 if (!mysql_query($sql)) {
                     die('Error: ' . mysql_error());
                     rollback();
                     break;
                 }
             }
             if ($cabecera[2]) {
                 $nroVta = $cabecera[2] + 1;
             }
             $sql = "UPDATE parametros SET valor_parametro = " . $nroVta . " WHERE nombre_parametro='nro_orden_compra'";
             if (!mysql_query($sql)) {
                 die('Error: ' . mysql_error());
                 rollback();
                 break;
             } else {
                 commit();
                 return true;
             }
             return false;
         }
     }
 }
Ejemplo n.º 6
0
include '../loader.php';
admin_logged_in();
action_headers();
$token = '';
$token = $token == '' && isset($_POST['token']) ? cIn(strip_tags($_POST['token'])) : $token;
$token = $token == '' && isset($_GET['tkn']) ? cIn(strip_tags($_GET['tkn'])) : $token;
if (!check_form_token($token)) {
    go_home();
}
include HCLANG . '/admin/newsletter.php';
if (!isset($_GET['dID'])) {
    $mID = isset($_POST['mID']) && is_numeric($_POST['mID']) ? cIn($_POST['mID']) : 0;
    $title = isset($_POST['mailTitle']) ? cIn($_POST['mailTitle']) : '';
    $subject = isset($_POST['mailSubj']) ? cIn($_POST['mailSubj']) : '';
    $startDate = isset($_POST['startDate']) ? dateToMySQL(cIn($_POST['startDate']), $hc_cfg[24]) : '';
    $endDate = isset($_POST['endDate']) ? dateToMySQL(cIn($_POST['endDate']), $hc_cfg[24]) : '';
    $template = isset($_POST['templateID']) && is_numeric($_POST['templateID']) ? cIn($_POST['templateID']) : 0;
    $archive = isset($_POST['archStatus']) && is_numeric($_POST['archStatus']) ? cIn($_POST['archStatus']) : 0;
    $message = isset($_POST['mailMsg']) ? cIn(cleanQuotes($_POST['mailMsg'], 0), 0) : '';
    $result = doQuery("SELECT PkID FROM " . HC_TblPrefix . "mailers WHERE PkID = '" . $mID . "'");
    if (hasRows($result)) {
        $msg = 1;
        doQuery("UPDATE " . HC_TblPrefix . "mailers\r\n\t\t\t\t\tSET Title = '" . $title . "',\r\n\t\t\t\t\t\tSubject = '" . $subject . "',\r\n\t\t\t\t\t\tStartDate = '" . $startDate . "',\r\n\t\t\t\t\t\tEndDate = '" . $endDate . "',\r\n\t\t\t\t\t\tTemplateID = '" . $template . "',\r\n\t\t\t\t\t\tMessage = '" . $message . "',\r\n\t\t\t\t\t\tLastModDate = '" . date("Y-m-d") . "',\r\n\t\t\t\t\t\tIsArchive = '" . $archive . "'\r\n\t\t\t\t\tWHERE PkID = '" . $mID . "'");
    } else {
        $msg = 2;
        doQuery("INSERT INTO " . HC_TblPrefix . "mailers(Title,Subject,StartDate,EndDate,TemplateID,Message,CreatedDate,LastModDate,IsArchive,IsActive)\r\n\t\t\t\t\tVALUES('" . $title . "',\r\n\t\t\t\t\t\t'" . $subject . "',\r\n\t\t\t\t\t\t'" . $startDate . "',\r\n\t\t\t\t\t\t'" . $endDate . "',\r\n\t\t\t\t\t\t'" . $template . "',\r\n\t\t\t\t\t\t'" . $message . "',\r\n\t\t\t\t\t\t'" . date("Y-m-d") . "',\r\n\t\t\t\t\t\t'" . date("Y-m-d") . "',\r\n\t\t\t\t\t\t'" . $archive . "',\r\n\t\t\t\t\t\t1)");
        $result = doQuery("SELECT LAST_INSERT_ID() FROM " . HC_TblPrefix . "events");
        $mID = mysql_result($result, 0, 0);
    }
    if (isset($_POST['grpID'])) {
        doQuery("DELETE FROM " . HC_TblPrefix . "mailersgroups WHERE MailerID = '" . $mID . "'");
Ejemplo n.º 7
0
$eventDesc = preg_replace($filter, '', $eventDesc);
$locID = isset($_POST['locPreset']) ? htmlspecialchars(strip_tags($_POST['locPreset'])) : NULL;
$contactName = isset($_POST['contactName']) ? htmlspecialchars(strip_tags($_POST['contactName'])) : NULL;
$contactEmail = isset($_POST['contactEmail']) ? htmlspecialchars(strip_tags($_POST['contactEmail'])) : NULL;
$contactPhone = isset($_POST['contactPhone']) ? htmlspecialchars(strip_tags($_POST['contactPhone'])) : NULL;
$contactURL = isset($_POST['contactURL']) ? cIn(htmlspecialchars(strip_tags($_POST['contactURL']))) : NULL;
$contactURL = preg_match('/^https?:\\/\\//', $contactURL) || $contactURL == '' ? $contactURL : 'http://' . $contactURL;
$cost = isset($_POST['cost']) ? htmlspecialchars(strip_tags($_POST['cost'])) : NULL;
$startTimeHour = isset($_POST['startTimeHour']) ? strip_tags($_POST['startTimeHour']) : NULL;
$endTimeHour = isset($_POST['endTimeHour']) ? strip_tags($_POST['endTimeHour']) : NULL;
$adminMessage = isset($_POST['adminmessage']) ? cIn(htmlspecialchars(cleanQuotes(strip_tags($_POST['adminmessage'])))) : '';
$rsvp_type = isset($_POST['rsvp_type']) && is_numeric($_POST['rsvp_type']) ? htmlspecialchars(strip_tags($_POST['rsvp_type'])) : 0;
$rsvp_space = isset($_POST['rsvp_space']) && is_numeric($_POST['rsvp_space']) ? htmlspecialchars(strip_tags($_POST['rsvp_space'])) : 0;
$rsvp_disp = isset($_POST['rsvpFor']) && is_numeric($_POST['rsvpFor']) ? htmlspecialchars(strip_tags($_POST['rsvpFor'])) : 0;
$rsvp_open = isset($_POST['openDate']) ? dateToMySQL(htmlspecialchars(strip_tags($_POST['openDate'])), $hc_cfg[24]) : '';
$rsvp_close = isset($_POST['closeDate']) ? dateToMySQL(htmlspecialchars(strip_tags($_POST['closeDate'])), $hc_cfg[24]) : '';
$rsvp_notice = isset($_POST['rsvpEmail']) && is_numeric($_POST['rsvpEmail']) ? htmlspecialchars(strip_tags($_POST['rsvpEmail'])) : 0;
$eID = isset($_POST['eID']) ? cIn(htmlspecialchars(strip_tags($_POST['eID']))) : 0;
if ($locID > 0) {
    $locName = $locAddress = $locAddress2 = $locCity = $locState = $locZip = $locCountry = '';
} else {
    $locName = htmlspecialchars(strip_tags(cleanQuotes($_POST['locName'])));
    $locAddress = htmlspecialchars(strip_tags($_POST['locAddress']));
    $locAddress2 = htmlspecialchars(strip_tags($_POST['locAddress2']));
    $locCity = htmlspecialchars(strip_tags($_POST['locCity']));
    $locState = htmlspecialchars(strip_tags($_POST['locState']));
    $locZip = htmlspecialchars(strip_tags($_POST['locZip']));
    $locCountry = htmlspecialchars(strip_tags($_POST['locCountry']));
}
$stop += $subName != '' ? 0 : 1;
$stop += preg_match('/^([a-zA-Z0-9_\\.\\-])+\\@(([a-zA-Z0-9\\-])+\\.)+([a-zA-Z0-9]{2,4})+$/', $subEmail) == 1 ? 0 : 1;
Ejemplo n.º 8
0
 * @license GNU General Public License version 2 or later; see LICENSE
 */
define('isHC', true);
define('isAction', true);
include dirname(__FILE__) . '/loader.php';
action_headers();
post_only();
$target = CalRoot;
$uID = isset($_POST['uID']) && is_numeric($_POST['uID']) ? cIn(strip_tags($_POST['uID'])) : 0;
$result = doQuery("SELECT PkID FROM " . HC_TblPrefix . "users WHERE PkID = '" . $uID . "'");
if (!user_check_status() || !hasRows($result)) {
    session_destroy();
} else {
    $email = isset($_POST['email']) ? cIn(htmlentities(strip_tags($_POST['email']))) : '';
    $email = preg_match('/^([a-zA-Z0-9_\\.\\-])+\\@(([a-zA-Z0-9\\-])+\\.)+([a-zA-Z0-9]{2,4})+$/', $email) == 1 ? $email : '';
    $birthdate = isset($_POST['birthdate']) ? cIn(dateToMySQL(htmlentities(strip_tags($_POST['birthdate'])), $hc_cfg[24])) : '';
    $birthdate = strtotime($birthdate) <= strtotime('-13 years') ? $birthdate : '';
    $location = isset($_POST['user_loc']) ? cIn(htmlentities(strip_tags($_POST['user_loc']))) : '';
    $api_key = isset($_POST['regen_apik']) ? ", APIKey = '" . cIn(md5(sha1($email . $birthdate . $location . rand() * date("U")))) . "' " : '';
    doQuery("UPDATE " . HC_TblPrefix . "users SET Email = '" . $email . "', Birthdate = '" . $birthdate . "', Location = '" . $location . "'{$api_key} WHERE PkID = '" . $uID . "'");
    if ($email != '' && $birthdate != '') {
        if (isset($_SESSION['new_user'])) {
            unset($_SESSION['new_user']);
        }
        if (isset($_SESSION['new_user_bday'])) {
            unset($_SESSION['new_user_bday']);
        }
        if (isset($_SESSION['new_user_email'])) {
            unset($_SESSION['new_user_email']);
        }
    }
Ejemplo n.º 9
0
/**
 * Output Event Search Results
 * @since 2.0.0
 * @version 2.0.0
 * @return void
 */
function sr_forms_search_result()
{
    global $hc_cfg, $hc_lang_search;
    $sQuery = $rQuery = $link = $date = '';
    if ($_SERVER['REQUEST_METHOD'] == 'POST') {
        $startDate = isset($_POST['startDate']) ? strtotime(dateToMySQL(cIn(strip_tags($_POST['startDate'])), $hc_cfg[24])) : strtotime(SYSDATE);
        $endDate = isset($_POST['endDate']) ? strtotime(dateToMySQL(cIn(strip_tags($_POST['endDate'])), $hc_cfg[24])) : strtotime(SYSDATE) + 86400 * $hc_cfg[53];
        $keyword = isset($_POST['keyword']) ? strip_tags(str_replace("'", "\"", $_POST['keyword'])) : '';
        $keyword .= isset($_POST['hc_search_keyword']) ? strip_tags(str_replace("'", "\"", urldecode($_POST['hc_search_keyword']))) : '';
        $location = isset($_POST['locPreset']) ? cIn(strip_tags($_POST['locPreset'])) : '';
        $city = isset($_POST['city']) ? cIn(strip_tags($_POST['city'])) : '';
        $state = isset($_POST['locState']) ? cIn(strip_tags($_POST['locState'])) : '';
        $postal = isset($_POST['postal']) ? cIn(strip_tags($_POST['postal'])) : '';
        $catIDs = isset($_POST['catID']) ? implode(',', array_filter($_POST['catID'], 'is_numeric')) : '';
        $doRecur = isset($_POST['recurSet']) && $_POST['recurSet'] == 1 ? 1 : 0;
    } else {
        $startDate = isset($_GET['s']) ? cIn(strip_tags(urldecode($_GET['s']))) : strtotime(SYSDATE);
        $endDate = isset($_GET['e']) ? cIn(strip_tags(urldecode($_GET['e']))) : strtotime(SYSDATE) + 86400 * $hc_cfg[53];
        $keyword = isset($_GET['k']) ? strip_tags(str_replace("\"", "'", html_entity_decode(urldecode($_GET['k'])))) : '';
        $location = isset($_GET['l']) ? cIn(strip_tags(urldecode(cIn($_GET['l'])))) : '';
        $city = isset($_GET['c']) ? cIn(strip_tags(urldecode($_GET['c']))) : '';
        $state = isset($_GET['st']) ? cIn(strip_tags(urldecode($_GET['st']))) : '';
        $postal = isset($_GET['p']) ? cIn(strip_tags(urldecode($_GET['p']))) : '';
        $catIDs = isset($_GET['t']) ? implode(',', array_filter(explode(',', urldecode($_GET['t'])), 'is_numeric')) : '';
        $doRecur = isset($_GET['r']) && $_GET['r'] == 1 ? 1 : 0;
    }
    if ($keyword != '') {
        $sQuery .= " AND MATCH(e.Title,e.LocationName,e.Description) AGAINST('" . cIn($keyword, 0) . "' IN BOOLEAN MODE) ";
        $link .= "&amp;k=" . urlencode(cleanXMLChars(cOut($keyword), 1));
    }
    if (is_numeric($location) && $location > 0) {
        $sQuery .= " AND l.PkID = '" . $location . "'";
        $link .= "&amp;l=" . urlencode($location);
    }
    if ($city != '') {
        $sQuery .= " AND (l.IsActive = 1 OR l.IsActive is NULL) AND (e.LocationCity = '" . cIn($city) . "' OR l.City = '" . cIn($city) . "')";
        $link .= "&amp;c=" . urlencode($city);
    }
    if ($state != '') {
        $sQuery .= " AND (e.LocationState = '" . cIn($state) . "' or l.State = '" . cIn($state) . "')";
        $link .= "&amp;st=" . urlencode($state);
    }
    if ($postal != '') {
        $sQuery .= " AND (e.LocationZip = '" . cIn($postal) . "' or l.Zip = '" . cIn($postal) . "')";
        $link .= "&amp;p=" . urlencode(cIn($postal));
    }
    if ($catIDs != '') {
        $sQuery .= " AND (ec.CategoryID In(" . cIn($catIDs) . "))";
        $link .= "&amp;t=" . urlencode($catIDs);
    }
    if ($doRecur == 1) {
        $rQuery = " AND e.SeriesID IS NULL \r\n                        UNION\r\n                        SELECT e.PkID, e.Title, e.StartDate, e.StartTime, e.EndTime, e.TBD, e.Image, e.IsFeature, e.HideDays, \r\n                            e.LocID, e.LocationName, e.LocationCity, e.LocationState, e.LocCountry,\r\n                            l.Name, l.City, l.State, l.Country, e.Cost, e.SeriesID, GROUP_CONCAT(c.CategoryName), e.Description, l.Address2\r\n                        FROM " . HC_TblPrefix . "events e\r\n                            LEFT JOIN " . HC_TblPrefix . "eventcategories ec ON (ec.EventID = e.PkID)\r\n                            LEFT JOIN " . HC_TblPrefix . "events e2 ON (e.SeriesID = e2.SeriesID AND e2.StartDate BETWEEN '" . date("Y-m-d", $startDate) . "' AND '" . date("Y-m-d", $endDate) . "' AND e.StartDate > e2.StartDate)\r\n                            LEFT JOIN " . HC_TblPrefix . "locations l ON (e.LocID = l.PkID)\r\n                            LEFT JOIN " . HC_TblPrefix . "categories c ON (ec.CategoryID = c.PkID)\r\n                        WHERE\r\n                            e2.StartDate IS NULL AND e.StartDate BETWEEN '" . date("Y-m-d", $startDate) . "' AND '" . date("Y-m-d", $endDate) . "'" . $sQuery . " AND e.IsActive = 1 AND e.IsApproved = 1 AND e.SeriesID IS NOT NULL \r\n                        GROUP BY e.SeriesID, e.PkID";
    }
    if ($doRecur == 0) {
        $rQuery = " GROUP BY e.PkId";
    }
    $startDate = $startDate == '' || !is_numeric($startDate) ? strtotime(SYSDATE) : $startDate;
    $endDate = $endDate == '' || !is_numeric($endDate) ? strtotime(SYSDATE) + $hc_cfg[53] * 86400 : $endDate;
    $result = doQuery("SELECT e.PkID, e.Title, e.StartDate, e.StartTime, e.EndTime, e.TBD, e.Image, e.IsFeature, e.HideDays, \r\n                            e.LocID, e.LocationName, e.LocationCity, e.LocationState, e.LocCountry,\r\n                            l.Name, l.City, l.State, l.Country, e.Cost, e.SeriesID, GROUP_CONCAT(c.CategoryName), e.Description, l.Address2\r\n                        FROM " . HC_TblPrefix . "events e\r\n                            LEFT JOIN " . HC_TblPrefix . "eventcategories ec ON (ec.EventID = e.PkID)\r\n                            LEFT JOIN " . HC_TblPrefix . "locations l ON (e.LocID = l.PkID)\r\n                            LEFT JOIN " . HC_TblPrefix . "categories c ON (ec.CategoryID = c.PkID)\r\n                        WHERE e.StartDate BETWEEN '" . date("Y-m-d", $startDate) . "' AND '" . date("Y-m-d", $endDate) . "'" . $sQuery . " AND e.IsActive = 1 AND e.IsApproved = 1" . $rQuery . " ORDER BY StartDate, TBD, StartTime, Title");
    if (!hasRows($result)) {
        echo '
            <p>' . $hc_lang_search['NoResults'] . '</p>
            <p><a href="' . CalRoot . '/index.php?com=search">' . $hc_lang_search['SearchAgain'] . '</a></p>';
        return 0;
    }
    echo '<p>' . $hc_lang_search['ResultLabel'] . ' [<a href="' . CalRoot . '/index.php?com=searchresult&amp;r=' . $doRecur . "&amp;s=" . urlencode($startDate) . "&amp;e=" . urlencode($endDate) . $link . '">' . $hc_lang_search['ResultLink'] . '</a>]';
    $cnt = 0;
    $row_number = 1;
    $show_images = 1;
    echo '<div id="events">';
    while ($row = mysql_fetch_row($result)) {
        if (is_null($row[0])) {
            continue;
        }
        //two matches in query lead to a null
        // if(($date != $row[2])){
        //     $date = $row[2];
        //     echo ($cnt > 0) ? '
        // </ul>' : '';
        //     echo '
        // <header>' . stampToDate($row[2], $hc_cfg[14]) . '</header>
        // <ul>';
        //     $cnt = 1;
        // }
        // $hl = ($cnt % 2 == 0) ? ' class="hl"' : '';
        // if($row[5] == 0){
        //     $time = ($row[3] != '') ? stampToDate($row[3], $hc_cfg[23]) : '';
        //     $time .= ($row[4] != '') ? ' - ' . stampToDate($row[4], $hc_cfg[23]) : '';
        //     $stamp = date("Y-m-d\Th:i:00.0",strtotime($row[2] . trim(' '.$row[3]))) . HCTZ;
        // } else {
        //     $time = ($row[5] == 1) ? $hc_lang_search['AllDay'] : $hc_lang_search['TBA'];
        //     $stamp = date("Y-m-d",strtotime($row[2]));}
        // echo '
        // <li'.$hl.'><time datetime="'.$stamp.'">'.$time.'</time><a href="'.CalRoot . '/index.php?eID='.$row[0].'">'.cOut($row[1]).'</a></li>';
        // ++$cnt;
        $color_class = sr_colorizer($row_number);
        $description = $hc_cfg[107] > 0 ? clean_truncate($row[21], $hc_cfg[107]) : $row[21];
        $categories = explode(",", $row[20]);
        //filtering out ACE
        switch (count($categories)) {
            case 0:
                $category = 'No Category';
                break;
            case 1:
                $category = substr($categories[0], 3);
                break;
            default:
                $category = substr($categories[0], -4) != '_ACE' ? substr($categories[0], 3) : substr($categories[1], 3);
                break;
        }
        $category = '<h4>' . $category . '</h4>';
        if ($date != $row[2]) {
            $date = $row[2];
            echo $cnt > 0 ? '</ul>' : '';
            echo '<h2>' . stampToDate($row[2], '%A, %B %d, %Y') . '</h2><ul>';
            $cnt = 1;
        }
        $limit = $row[8] > 0 ? cOut($row[8]) : $hc_cfg[134];
        $expire = $limit > 0 ? date("Y-m-d", strtotime($date) + $limit * 86400) : '';
        $cls = $cnt % 2 == 0 ? 'hl' : '';
        $cls .= $row[7] > 0 ? ' featured' : '';
        if ($row[5] == 0) {
            $time = $row[3] != '' ? stampToDate($row[3], $hc_cfg[23]) : '';
            $time .= $row[4] != '' ? ' - ' . stampToDate($row[4], $hc_cfg[23]) : '';
            //$stamp = date("Y-m-d\Th:i:00",strtotime($row[2] . trim(' '.$row[3]))) . HCTZ;
            $stamp = stampToDate($row[2], '%A, %B %d');
            //$hc_cfg[14]
        } else {
            $time = $row[5] == 1 ? $hc_lang_event['AllDay'] : $hc_lang_event['TBA'];
            $stamp = $row[2];
            $stamp = stampToDate($row[2], '%A, %B %d');
        }
        echo '
            <li ' . ($cls != '' ? 'class="' . $color_class . ' ' . trim($cls) . '" ' : 'class="' . $color_class . '"') . 'itemscope itemtype="http://schema.org/Event">
                <a href="' . CalRoot . '/index.php?eID=' . $row[0] . '">' . '<div class="event-content-container">' . $category . '<h3 itemprop="name">' . cOut($row[1]) . '</h3><div class="date-time">
                <span itemprop="startDate" datetime="' . $stamp . '">' . $stamp . ', ' . $time . '</span>
                <span class="location"><i class="fa fa-map-marker"></i> ' . $row[14] . ($row[22] != '' ? ' - ' . $row[22] : '') . '</span></div><p>' . strip_tags(cOut($description)) . '<span class="readmore">&nbsp;READ MORE</span></p></div>' . ($show_images == 1 && $row[6] != '' ? '<div class="event-image-container" style="background-image: url(' . $row[6] . '); min-width:' . (strlen($row[1]) > 43 ? 325 : 287) . 'px;"></div>' : '') . '</a></li>';
        ++$cnt;
        ++$row_number;
        //<img itemprop="image" src="'.$row[6].'" class="eimage_b" />
    }
    echo '</ul></div>';
}
Ejemplo n.º 10
0
$featured = isset($_POST['eventFeatured']) && is_numeric($_POST['eventFeatured']) ? cIn($_POST['eventFeatured']) : '0';
$hide = isset($_POST['eventHide']) && is_numeric($_POST['eventHide']) ? cIn($_POST['eventHide']) : '0';
$msgID = 2;
$dates = array();
$catID = isset($_POST['catID']) ? array_filter($_POST['catID'], 'is_numeric') : '';
$apiFail = false;
$locName = $locAddress = $locAddress2 = $locCity = $locState = $locZip = $locCountry = '';
$allowRegistration = isset($_POST['eventRegistration']) ? cIn($_POST['eventRegistration']) : '0';
$maxRegistration = $allowRegistration == 1 ? cIn($_POST['eventRegAvailable']) : 0;
$follow_up = isset($_POST['follow_up']) ? cIn($_POST['follow_up']) : 0;
$fnote = isset($_POST['follow_note']) ? cIn(cleanQuotes($_POST['follow_note'])) : '';
$rsvp_type = isset($_POST['rsvp_type']) && is_numeric($_POST['rsvp_type']) ? cIn($_POST['rsvp_type']) : 0;
$rsvp_space = isset($_POST['rsvp_space']) && is_numeric($_POST['rsvp_space']) ? cIn($_POST['rsvp_space']) : 0;
$rsvp_disp = isset($_POST['rsvpFor']) && is_numeric($_POST['rsvpFor']) ? cIn($_POST['rsvpFor']) : 0;
$rsvp_open = isset($_POST['openDate']) ? dateToMySQL(cIn($_POST['openDate']), $hc_cfg[24]) : '';
$rsvp_close = isset($_POST['closeDate']) ? dateToMySQL(cIn($_POST['closeDate']), $hc_cfg[24]) : '';
$rsvp_notice = isset($_POST['rsvpEmail']) && is_numeric($_POST['rsvpEmail']) ? cIn($_POST['rsvpEmail']) : 0;
$subname = isset($_POST['subname']) ? cIn($_POST['subname']) : '';
$subemail = isset($_POST['subemail']) ? cIn($_POST['subemail']) : '';
$sendmsg = isset($_POST['sendmsg']) && $_POST['sendmsg'] != "no" ? 1 : 0;
$message = isset($_POST['message']) ? $_POST['message'] : '';
if ($locID == 0) {
    $locName = cIn(cleanQuotes($_POST['locName']));
    $locAddress = cIn($_POST['locAddress']);
    $locAddress2 = cIn($_POST['locAddress2']);
    $locCity = cIn($_POST['locCity']);
    $locState = cIn($_POST['locState']);
    $locZip = cIn($_POST['locZip']);
    $locCountry = cIn($_POST['locCountry']);
    if (isset($_POST['newLoc'])) {
        $locString = str_replace("<br />", ", ", buildAddress($locAddress, $locAddress2, $locCity, $locState, $locZip, $locCountry, $hc_lang_config['AddressType']));
Ejemplo n.º 11
0
action_headers();
$token = '';
$token = $token == '' && isset($_POST['token']) ? cIn(strip_tags($_POST['token'])) : $token;
$token = $token == '' && isset($_GET['tkn']) ? cIn(strip_tags($_GET['tkn'])) : $token;
if (!check_form_token($token)) {
    go_home();
}
$target = AdminRoot . '/index.php?com=user';
if (!isset($_GET['dID']) && !isset($_GET['bID'])) {
    $uID = isset($_POST['uID']) && is_numeric($_POST['uID']) ? cIn(strip_tags($_POST['uID'])) : 0;
    $email = isset($_POST['email']) ? cIn(strip_tags($_POST['email'])) : '';
    $level = isset($_POST['level']) && is_numeric($_POST['level']) ? cIn(strip_tags($_POST['level'])) : 0;
    $banned = isset($_POST['banned']) && is_numeric($_POST['banned']) ? cIn(strip_tags($_POST['banned'])) : 0;
    $api = isset($_POST['api']) && is_numeric($_POST['api']) ? cIn(strip_tags($_POST['api'])) : 0;
    $location = isset($_POST['location']) ? cIn(strip_tags($_POST['location'])) : '';
    $birthdate = isset($_POST['birthdate']) ? dateToMySQL(cIn($_POST['birthdate']), $hc_cfg[24]) : '';
    $catID = isset($_POST['catID']) ? array_filter($_POST['catID'], 'is_numeric') : '';
    $cats = isset($catID[0]) ? implode(',', $catID) : '';
    if ($banned == 1) {
        $level = 0;
        doQuery("UPDATE " . HC_TblPrefix . "events SET OwnerID = 0 WHERE OwnerID = '" . $uID . "'");
    }
    doQuery("UPDATE " . HC_TblPrefix . "users SET\r\n\t\t\t\t\tEmail = '" . $email . "',\r\n\t\t\t\t\tLevel = '" . $level . "',\r\n\t\t\t\t\tIsBanned = '" . $banned . "',\r\n\t\t\t\t\tLocation = '" . $location . "',\r\n\t\t\t\t\tBirthdate = " . ($birthdate != '' ? "'" . $birthdate . "'" : "NULL") . ",\r\n\t\t\t\t\tCategories = '" . $cats . "',\r\n\t\t\t\t\tAPIAccess = '" . $api . "'\r\n\t\t\t\tWHERE PkID = '" . $uID . "'");
    $target = AdminRoot . '/index.php?com=useredit&uID=' . $uID . '&msg=1';
} else {
    if (isset($_GET['dID'])) {
        $dID = isset($_GET['dID']) && is_numeric($_GET['dID']) ? cIn(strip_tags($_GET['dID'])) : 0;
        $b = isset($_GET['b']) && is_numeric($_GET['b']) && $_GET['b'] <= 1 ? cIn(strip_tags($_GET['b'])) : 0;
        doQuery("DELETE FROM " . HC_TblPrefix . "users WHERE PkID = '" . $dID . "'");
        doQuery("UPDATE " . HC_TblPrefix . "events SET OwnerID = 0 WHERE OwnerID = '" . $dID . "'");
        $target = AdminRoot . '/index.php?com=user&msg=1' . ($b == 1 ? '&b=1' : '');
Ejemplo n.º 12
0
    $apiFail = true;
    $errorMsg = 'Eventbrite API Settings Unavailable.';
} else {
    $ebAPI = cOut(mysql_result($result, 0, 1));
    $ebUser = cOut(mysql_result($result, 1, 1));
    if ($ebAPI == '' || $ebUser == '') {
        $apiFail = true;
        $errorMsg = 'Eventbrite API Settings Missing.';
    } else {
        for ($x = 1; $x <= 5; ++$x) {
            $ticketID = isset($_POST['ticketid' . $x]) ? cIn($_POST['ticketid' . $x]) : '';
            $ticket = isset($_POST['ticket' . $x]) ? cIn($_POST['ticket' . $x]) : '';
            $priceType = isset($_POST['priceType' . $x]) ? cIn($_POST['priceType' . $x]) : '';
            $qty = isset($_POST['qty' . $x]) ? cIn($_POST['qty' . $x]) : '';
            $fee = isset($_POST['fee' . $x]) ? '0' : '1';
            $end = isset($_POST['end' . $x]) && $_POST['end' . $x] != '' ? dateToMySQL(cIn($_POST['end' . $x]), $hc_cfg[24]) : $eventDate;
            $end = $end > $eventDate ? $eventDate . " " . str_replace("'", "", $startTime) : $end . " 00:00:00";
            if ($ticket == '') {
                break;
            }
            switch ($priceType) {
                case 0:
                    //	fixed
                    $donation = '0';
                    $price = isset($_POST['price' . $x]) ? cIn($_POST['price' . $x]) : '';
                    break;
                case 1:
                    //	free
                    $donation = '0';
                    $price = '0.00';
                    break;
Ejemplo n.º 13
0
<?php

/**
 * @package Helios Calendar
 * @license GNU General Public License version 2 or later; see LICENSE
 */
if (!defined('hcAdmin')) {
    header("HTTP/1.1 403 No Direct Access");
    exit;
}
include HCLANG . '/admin/search.php';
$sID = isset($_POST['sID']) && is_numeric($_POST['sID']) ? cIn($_POST['sID']) : 0;
$startDate = isset($_POST['startDate']) ? strtotime(dateToMySQL(cIn(strip_tags($_POST['startDate'])), $hc_cfg[24])) : strtotime('1970-01-01');
$endDate = isset($_POST['endDate']) ? strtotime(dateToMySQL(cIn(strip_tags($_POST['endDate'])), $hc_cfg[24])) : strtotime('1970-01-01');
$keyword = isset($_POST['keyword']) ? strip_tags(str_replace("'", "\"", $_POST['keyword'])) : '';
$location = isset($_POST['locPreset']) ? cIn(strip_tags($_POST['locPreset'])) : '';
$city = isset($_POST['city']) ? cIn(strip_tags($_POST['city'])) : '';
$state = isset($_POST['locState']) ? cIn(strip_tags($_POST['locState'])) : '';
$postal = isset($_POST['postal']) ? cIn(strip_tags($_POST['postal'])) : '';
$catIDs = isset($_POST['catID']) ? implode(',', array_filter($_POST['catID'], 'is_numeric')) : '';
$seriesOnly = isset($_POST['seriesonly']) ? 1 : 0;
$series = isset($_GET['srsID']) ? cIn(strip_tags($_GET['srsID'])) : '';
$usrID = isset($_POST['usrID']) && is_numeric($_POST['usrID']) ? cIn($_POST['usrID']) : 0;
if (isset($_GET['msg']) && is_numeric($_GET['msg'])) {
    switch ($_GET['msg']) {
        case "1":
            feedback(1, $hc_lang_search['Feed03']);
            break;
    }
}
if ($sID == 1 || $series != '') {
Ejemplo n.º 14
0
/**
 * Output Event Search Results
 * @since 2.0.0
 * @version 2.0.0
 * @return void
 */
function search_result()
{
    global $hc_cfg, $hc_lang_search;
    $sQuery = $rQuery = $link = $date = '';
    if ($_SERVER['REQUEST_METHOD'] == 'POST') {
        $startDate = isset($_POST['startDate']) ? strtotime(dateToMySQL(cIn(strip_tags($_POST['startDate'])), $hc_cfg[24])) : strtotime(SYSDATE);
        $endDate = isset($_POST['endDate']) ? strtotime(dateToMySQL(cIn(strip_tags($_POST['endDate'])), $hc_cfg[24])) : strtotime(SYSDATE) + 86400 * $hc_cfg[53];
        $keyword = isset($_POST['keyword']) ? strip_tags(str_replace("'", "\"", $_POST['keyword'])) : '';
        $keyword .= isset($_POST['hc_search_keyword']) ? strip_tags(str_replace("'", "\"", urldecode($_POST['hc_search_keyword']))) : '';
        $location = isset($_POST['locPreset']) ? cIn(strip_tags($_POST['locPreset'])) : '';
        $city = isset($_POST['city']) ? cIn(strip_tags($_POST['city'])) : '';
        $state = isset($_POST['locState']) ? cIn(strip_tags($_POST['locState'])) : '';
        $postal = isset($_POST['postal']) ? cIn(strip_tags($_POST['postal'])) : '';
        $catIDs = isset($_POST['catID']) ? implode(',', array_filter($_POST['catID'], 'is_numeric')) : '';
        $doRecur = isset($_POST['recurSet']) && $_POST['recurSet'] == 1 ? 1 : 0;
    } else {
        $startDate = isset($_GET['s']) ? cIn(strip_tags(urldecode($_GET['s']))) : strtotime(SYSDATE);
        $endDate = isset($_GET['e']) ? cIn(strip_tags(urldecode($_GET['e']))) : strtotime(SYSDATE) + 86400 * $hc_cfg[53];
        $keyword = isset($_GET['k']) ? strip_tags(str_replace("\"", "'", html_entity_decode(urldecode($_GET['k'])))) : '';
        $location = isset($_GET['l']) ? cIn(strip_tags(urldecode(cIn($_GET['l'])))) : '';
        $city = isset($_GET['c']) ? cIn(strip_tags(urldecode($_GET['c']))) : '';
        $state = isset($_GET['st']) ? cIn(strip_tags(urldecode($_GET['st']))) : '';
        $postal = isset($_GET['p']) ? cIn(strip_tags(urldecode($_GET['p']))) : '';
        $catIDs = isset($_GET['t']) ? implode(',', array_filter(explode(',', urldecode($_GET['t'])), 'is_numeric')) : '';
        $doRecur = isset($_GET['r']) && $_GET['r'] == 1 ? 1 : 0;
    }
    if ($keyword != '') {
        $sQuery .= " AND MATCH(e.Title,e.LocationName,e.Description) AGAINST('" . cIn($keyword, 0) . "' IN BOOLEAN MODE) ";
        $link .= "&amp;k=" . urlencode(cleanXMLChars(cOut($keyword), 1));
    }
    if (is_numeric($location) && $location > 0) {
        $sQuery .= " AND l.PkID = '" . $location . "'";
        $link .= "&amp;l=" . urlencode($location);
    }
    if ($city != '') {
        $sQuery .= " AND (l.IsActive = 1 OR l.IsActive is NULL) AND (e.LocationCity = '" . cIn($city) . "' OR l.City = '" . cIn($city) . "')";
        $link .= "&amp;c=" . urlencode($city);
    }
    if ($state != '') {
        $sQuery .= " AND (e.LocationState = '" . cIn($state) . "' or l.State = '" . cIn($state) . "')";
        $link .= "&amp;st=" . urlencode($state);
    }
    if ($postal != '') {
        $sQuery .= " AND (e.LocationZip = '" . cIn($postal) . "' or l.Zip = '" . cIn($postal) . "')";
        $link .= "&amp;p=" . urlencode(cIn($postal));
    }
    if ($catIDs != '') {
        $sQuery .= " AND (ec.CategoryID In(" . cIn($catIDs) . "))";
        $link .= "&amp;t=" . urlencode($catIDs);
    }
    if ($doRecur == 1) {
        $rQuery = " AND SeriesID IS NULL \r\n\t\t\t\t\t\tUNION\r\n\t\t\t\t\t\tSELECT DISTINCT e.PkID, e.Title, e.StartDate, e.StartTime, e.EndTime, e.TBD\r\n\t\t\t\t\t\tFROM " . HC_TblPrefix . "events e\r\n\t\t\t\t\t\t\tLEFT JOIN " . HC_TblPrefix . "eventcategories ec ON (ec.EventID = e.PkID)\r\n\t\t\t\t\t\t\tLEFT JOIN " . HC_TblPrefix . "events e2 ON (e.SeriesID = e2.SeriesID AND e2.StartDate BETWEEN '" . date("Y-m-d", $startDate) . "' AND '" . date("Y-m-d", $endDate) . "' AND e.StartDate > e2.StartDate)\r\n\t\t\t\t\t\t\tLEFT JOIN " . HC_TblPrefix . "locations l ON (e.LocID = l.PkID)\r\n\t\t\t\t\t\tWHERE\r\n\t\t\t\t\t\t\te2.StartDate IS NULL AND e.StartDate BETWEEN '" . date("Y-m-d", $startDate) . "' AND '" . date("Y-m-d", $endDate) . "'" . $sQuery . " AND e.IsActive = 1 AND e.IsApproved = 1 AND e.SeriesID IS NOT NULL \r\n\t\t\t\t\t\tGROUP BY e.SeriesID, e.PkID, e.Title, e.StartDate, e.StartTime, e.EndTime, e.TBD";
    }
    $startDate = $startDate == '' || !is_numeric($startDate) ? strtotime(SYSDATE) : $startDate;
    $endDate = $endDate == '' || !is_numeric($endDate) ? strtotime(SYSDATE) + $hc_cfg[53] * 86400 : $endDate;
    $result = doQuery("SELECT DISTINCT e.PkID, e.Title, e.StartDate, e.StartTime, e.EndTime, e.TBD\r\n\t\t\t\t\t\tFROM " . HC_TblPrefix . "events e\r\n\t\t\t\t\t\t\tLEFT JOIN " . HC_TblPrefix . "eventcategories ec ON (ec.EventID = e.PkID)\r\n\t\t\t\t\t\t\tLEFT JOIN " . HC_TblPrefix . "locations l ON (e.LocID = l.PkID)\r\n\t\t\t\t\t\tWHERE e.StartDate BETWEEN '" . date("Y-m-d", $startDate) . "' AND '" . date("Y-m-d", $endDate) . "'" . $sQuery . " AND e.IsActive = 1 AND e.IsApproved = 1" . $rQuery . " ORDER BY StartDate, TBD, StartTime, Title");
    if (!hasRows($result)) {
        echo '
			<p>' . $hc_lang_search['NoResults'] . '</p>
			<p><a href="' . CalRoot . '/index.php?com=search">' . $hc_lang_search['SearchAgain'] . '</a></p>';
        return 0;
    }
    echo '<p>' . $hc_lang_search['ResultLabel'] . ' [<a href="' . CalRoot . '/index.php?com=searchresult&amp;r=' . $doRecur . "&amp;s=" . urlencode($startDate) . "&amp;e=" . urlencode($endDate) . $link . '">' . $hc_lang_search['ResultLink'] . '</a>]';
    $cnt = 0;
    while ($row = mysql_fetch_row($result)) {
        if ($date != $row[2]) {
            $date = $row[2];
            echo $cnt > 0 ? '
			</ul>' : '';
            echo '
			<header>' . stampToDate($row[2], $hc_cfg[14]) . '</header>
			<ul>';
            $cnt = 1;
        }
        $hl = $cnt % 2 == 0 ? ' class="hl"' : '';
        if ($row[5] == 0) {
            $time = $row[3] != '' ? stampToDate($row[3], $hc_cfg[23]) : '';
            $time .= $row[4] != '' ? ' - ' . stampToDate($row[4], $hc_cfg[23]) : '';
            $stamp = date("Y-m-d\\Th:i:00.0", strtotime($row[2] . trim(' ' . $row[3]))) . HCTZ;
        } else {
            $time = $row[5] == 1 ? $hc_lang_search['AllDay'] : $hc_lang_search['TBA'];
            $stamp = date("Y-m-d", strtotime($row[2]));
        }
        echo '
			<li' . $hl . '><time datetime="' . $stamp . '">' . $time . '</time><a href="' . CalRoot . '/index.php?eID=' . $row[0] . '">' . cOut($row[1]) . '</a></li>';
        ++$cnt;
    }
    echo '</ul>';
}