function resetPassword()
{
$id = $_POST['pk1'];
$pwd = md5($_POST['pk2']);
$qry = "UPDATE {$_SESSION['DB_PREFIX']}members SET passwd = '{$pwd}' WHERE member_id = {$id}";
$result = mysql_query($qry);
sendUserMessage($id, "Password reset", "<h1>You password has been reset to <i>" . $_POST['pk2'] . "</i>");
}
function reject()
{
$qry = "UPDATE {$_SESSION['DB_PREFIX']}members " . "SET accepted = 'X' " . "WHERE member_id = " . $_POST['pk1'];
$result = mysql_query($qry);
if (!$result) {
logError($qry . " = " . mysql_error());
}
sendUserMessage($_POST['pk1'], "User Registration", "Welcome to Oracle logs.<br>Unfortunately, your user registration has been rejected.");
}
public function notifyCleaner($id)
{
$sql = "SELECT A.name AS clientname\n\t\t\t\t\tFROM {$_SESSION['DB_PREFIX']}client A\n\t\t\t\t\tWHERE id = " . $this->clientid;
$result = mysql_query($sql);
if ($result) {
while ($member = mysql_fetch_assoc($result)) {
$memberid = $_POST['memberid'];
$enddate = convertStringToDate($_POST['canceldate']);
if ($enddate == "") {
$enddate = "0000-00-00";
}
if ($this->weekday != $_POST['weekday'] || $this->staffid != $_POST['memberid']) {
// logError("WEEK DAY OR STAFF CHANGED", false);
$clientname = $member['clientname'];
$lines = "Shift allocated to you on " . $this->getWeekDay($_POST['weekday']) . " " . $_POST['starttime'] . "-" . $_POST['endtime'] . " for {$clientname}\n";
sendUserMessage($memberid, "Work Allocation", $lines);
}
if ($this->weekday != $_POST['weekday']) {
// logError("WEEK DAY CHANGED", false);
$sql = "DELETE FROM {$_SESSION['DB_PREFIX']}diary \n\t\t \t\t\t\t\tWHERE scheduleid = {$id}\n\t\t \t\t\t\t\tAND status = 'U'\n\t\t \t\t\t\t\tAND deleted != 'Y'";
$itemresult = mysql_query($sql);
if (!$itemresult) {
logError($sql . " - " . mysql_error());
}
} else {
if ($this->staffid != $_POST['memberid']) {
// logError("STAFF CHANGED", false);
$sql = "UPDATE {$_SESSION['DB_PREFIX']}diary \n\t\t\t\t\t\t\t\tSET memberid = {$memberid}\n\t\t \t\t\t\t\tWHERE scheduleid = {$id}\n\t\t \t\t\t\t\tAND status = 'U'\n\t\t \t\t\t\t\tAND deleted != 'Y'";
$itemresult = mysql_query($sql);
if (!$itemresult) {
logError($sql . " - " . mysql_error());
}
}
}
if ($this->enddate != $enddate) {
// logError("END DATE CHANGED: $enddate" . " - " . $this->enddate, false);
$sql = "DELETE FROM {$_SESSION['DB_PREFIX']}diary \n\t\t \t\t\t\t\tWHERE scheduleid = {$id}\n\t\t \t\t\t\t\tAND starttime > '{$enddate}'\n\t\t \t\t\t\t\tAND status = 'U'\n\t\t \t\t\t\t\tAND deleted != 'Y'";
$itemresult = mysql_query($sql);
if (!$itemresult) {
logError($sql . " - " . mysql_error());
}
}
if ($this->starttime != $_POST['starttime'] || $this->endtime != $_POST['endtime']) {
$starttime = $_POST['starttime'];
$endtime = $_POST['endtime'];
// logError("STAFF CHANGED", false);
$sql = "UPDATE {$_SESSION['DB_PREFIX']}diary \n\t\t\t\t\t\t\t\tSET starttime = '{$starttime}',\n\t\t\t\t\t\t\t\tendtime = '{$endtime}'\n\t\t \t\t\t\t\tWHERE scheduleid = {$id}\n\t\t \t\t\t\t\tAND status = 'U'\n\t\t \t\t\t\t\tAND deleted != 'Y'";
$itemresult = mysql_query($sql);
if (!$itemresult) {
logError($sql . " - " . mysql_error());
}
}
}
}
}
}
$_SESSION['SESS_FIRST_NAME'] = $fname;
$_SESSION['SESS_LAST_NAME'] = $lname;
$_SESSION['SESS_IMAGE_ID'] = $imageid;
$_SESSION['SESS_CUSTOMER_ID'] = $customerid;
sendRoleMessage("ADMIN", "User Registration", "User " . $login . " has been registered as a user.<br>Password : "******"User Registration", "<h3>Welcome {$fname} {$lname}.</h3><br>You have been invited to become a member of 'iAfrica Database'.<br>Please click on the <a href='" . getSiteConfigData()->domainurl . "/index.php'>link</a> to activate your account.<br><br><h4>Login details</h4>User ID : {$login}<br>Password : "******"location: system-register-success.php");
} else {
logError("1 Query failed:" . mysql_error());
}
} else {
$memberid = $_GET['id'];
$qry = "UPDATE {$_SESSION['DB_PREFIX']}members " . "SET email = '{$email}', " . "firstname = '{$fname}', " . "lastname = '{$lname}', " . "customerid = {$customerid}, " . "imageid = {$imageid}, " . "lastaccessdate = NOW(), ";
if (isset($_POST['postcode'])) {
$qry .= "postcode = '{$postcode}', ";
}
$qry .= "passwd = '" . md5($password) . "', metamodifieddate = NOW(), metamodifieduserid = " . getLoggedOnMemberID() . " " . "WHERE member_id = " . $_GET['id'];
$result = mysql_query($qry);
if (!$result) {
logError("UPDATE members failed:" . mysql_error());
}
$_SESSION['SESS_FIRST_NAME'] = $fname;
$_SESSION['SESS_LAST_NAME'] = $lname;
$_SESSION['SESS_IMAGE_ID'] = $imageid;
sendRoleMessage("ADMIN", "User Amendment", "<h3>User amendment.</h3><br>Your details have been amended by the System Administration.<br>Your password has been changed to: <i>{$password}</i>.");
sendUserMessage($memberid, "User Amendment", "<h3>User amendment.</h3><br>Your details have been amended by the System Administration.<br>Your password has been changed to: <i>{$password}</i>.");
header("location: system-register-amend.php");
}
//Check whether the query was successful or not
//Check whether the query was successful or not
if ($result) {
if (mysql_num_rows($result) == 1) {
$member = mysql_fetch_assoc($result);
$memberid = $member['member_id'];
srand(time());
for ($i = 0; $i < 10; $i++) {
$random = rand() % 52;
if ($random > 26) {
$random = $random - 26;
$random = $random + 32;
}
$word = $word . chr($random + 65);
}
$qry = "UPDATE {$_SESSION['DB_PREFIX']}members " . "SET passwd = '" . md5($word) . "', metamodifieddate = NOW(), metamodifieduserid = " . getLoggedOnMemberID() . " " . "WHERE member_id = {$memberid}";
$result = mysql_query($qry);
if (!$result) {
logError("Error RESET PASSWORD:"******" - " . mysql_error());
}
$errmsg_arr[] = "An email has been sent with a reset password.";
sendUserMessage($memberid, "Password reset", "Your password has been reset to {$word}.<br>Please contact your system administrator if you have any problems.");
sendRoleMessage("ADMIN", "Password reset", "User {$login} has had the password reset to {$word}.");
} else {
$errmsg_arr[] = "Invalid user.";
}
} else {
$errmsg_arr[] = "Invalid user.";
}
}
$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
header("location: passwordchanged.php");
function rejectHoliday()
{
$id = $_POST['holidayid'];
$reason = $_POST['reasonnotes'];
$qry = "UPDATE {$_SESSION['DB_PREFIX']}holiday SET " . "acceptedby = null, " . "accepteddate = null, " . "reason = '" . mysql_escape_string($reason) . "', " . "rejectedby = " . getLoggedOnMemberID() . ", " . "rejecteddate = NOW() " . "WHERE id = {$id}";
$result = mysql_query($qry);
if (!$result) {
logError($qry . " - " . mysql_error());
}
$qry = "SELECT A.memberid, A.reason, " . "DATE_FORMAT(A.startdate, '%d/%m/%Y') AS startdate, " . "DATE_FORMAT(A.enddate, '%d/%m/%Y') AS enddate " . "FROM {$_SESSION['DB_PREFIX']}holiday A " . "WHERE A.id = {$id}";
$result = mysql_query($qry);
if ($result) {
while ($member = mysql_fetch_assoc($result)) {
sendUserMessage($member['memberid'], "Holiday rejected", "Holiday has been rejected between " . $member['startdate'] . " and " . $member['enddate'] . ", reason: " . $member['reason']);
}
}
}
include "system-header.php";
if (isset($_POST['user'])) {
$guid = $_GET['key'];
$login = $_POST['user'];
$passwd = md5($_POST['password']);
$qry = "SELECT * " . "FROM {$_SESSION['DB_PREFIX']}members " . "WHERE accepted = 'N' " . "AND login = '******' " . "AND passwd = '{$passwd}' " . "AND guid = '{$guid}'";
$result = mysql_query($qry);
if ($result) {
while ($member = mysql_fetch_assoc($result)) {
$memberid = $member['member_id'];
$qry = "UPDATE {$_SESSION['DB_PREFIX']}members " . "SET accepted = 'Y', metamodifieddate = NOW(), metamodifieduserid = " . getLoggedOnMemberID() . " " . "WHERE member_id = {$memberid}";
$itemresult = mysql_query($qry);
if (!$itemresult) {
logError($qry . " = " . mysql_error());
}
sendUserMessage($memberid, "User Registration", "Welcome to Oracle logs.<br>Your user registration has been accepted.");
echo "<h4>Welcome to Oracle logs.<br>Your user registration has been accepted.</h4>";
}
}
} else {
?>
<form method="POST" id="activateform" name="activateform" class="entryform">
<table>
<tr>
<td>Login</td>
<td>
<input required="true" type="text" id="user" name="user" />
</td>
</tr>
<tr>
<td>Password</td>
$playerid = $_POST['player'][$i];
$qry = "INSERT INTO {$_SESSION['DB_PREFIX']}matchplayerdetails \n\t\t\t\t\t(\n\t\t\t\t\t\tmatchid, playerid, metacreateduserid, metamodifieduserid, \n\t\t\t\t\t\tmetacreateddate, metamodifieddate\n\t\t\t\t\t)\n\t\t\t\t\tVALUES\n\t\t\t\t\t(\n\t\t\t\t\t\t{$matchid}, {$playerid}, {$memberid}, {$memberid}, \n\t\t\t\t\t\tNOW(), NOW()\n\t\t\t\t\t)";
$result = mysql_query($qry);
if (!$result) {
logError($qry . " - " . mysql_error());
}
}
$details = "Match report attached for match on " . $_POST['matchdate'];
$file = "uploads/matchform{$id}" . session_id() . ".pdf";
$report = new MatchCardReport('P', 'mm', 'A4', $matchid);
$report->Output($file, "F");
logError("MATCH CARD SUBMITTED FOR TEAM:{$teamid} ID:{$matchid}", false);
sendTeamMessage($teamid, "Match Report Confirmed", $details, "", array($file));
sendRoleMessage("LEAGUE", "Match Report Confirmed", $details, "", array($file));
if (isset($_SESSION['SUPER_USER'])) {
sendUserMessage($_SESSION['SUPER_USER'], "Match Report Confirmed", $details, "", array($file));
}
if ($_POST['refereescore'] <= 60 && $_POST['refereescore'] > 0) {
$refname = GetRefereeName($refereeid);
$refdetails = "Referee {$refname} has scored {$refereescore}<br><br>Report:<br>" . $_POST['refereeremarks'];
if (trim(getSiteConfigData()->refereereportemail) != "") {
smtpmailer(getSiteConfigData()->refereereportemail, "*****@*****.**", $_SESSION['SESS_TEAM_EMAIL'], "Referee Report", $refdetails);
}
}
} catch (Exception $e) {
logError("Signing image: " . $e->getMessage());
}
mysql_query("COMMIT");
header("location: matchconfirm.php?id={$matchid}");
?>
$memberid = $_POST['cleanerid'];
$clientname = $_POST['clientname'];
$weekday = $_POST['weekday'];
if ($weekday == 0) {
$day = "Sunday";
}
if ($weekday == 1) {
$day = "Monday";
}
if ($weekday == 2) {
$day = "Tuesday";
}
if ($weekday == 3) {
$day = "Wednesday";
}
if ($weekday == 4) {
$day = "Thursday";
}
if ($weekday == 5) {
$day = "Friday";
}
if ($weekday == 6) {
$day = "Saturday";
}
sendUserMessage($memberid, "Schedule change", "Client '{$clientname}' scheduled for '{$day}' has been cancelled");
$qry = "DELETE FROM {$_SESSION['DB_PREFIX']}diary WHERE scheduleid = {$id} AND status = 'U'";
$result = mysql_query($qry);
if (!$result) {
logError($qry . " - " . mysql_error());
}
mysql_query("COMMIT");
<?php
require_once "system-db.php";
start_db();
$id = $_POST['id'];
$sql = "UPDATE {$_SESSION['DB_PREFIX']}diary \n\t\t\tSET deleted = 'Y'\n\t\t\tWHERE id = {$id}";
if (!mysql_query($sql)) {
logError($sql . " - " . mysql_error());
}
$sql = "SELECT DATE_FORMAT(A.starttime, '%d/%m/%Y %H:%i') AS starttime, A.memberid,\n\t\t\tB.name AS clientname\n\t\t\tFROM {$_SESSION['DB_PREFIX']}diary A\n\t\t\tINNER JOIN {$_SESSION['DB_PREFIX']}client B\n\t\t\tON B.id = A.clientid\n\t\t\tWHERE id = {$id}";
$result = mysql_query($sql);
if ($result) {
while ($member = mysql_fetch_assoc($result)) {
$memberid = $member['id'];
$date = $member['starttime'];
$clientname = $member['clientname'];
sendUserMessage($memberid, "Cancellation", "The shift allocated to you on the {$date} for {$clientname} has been cancelled");
}
}
mysql_query("COMMIT");
$id = $_POST['id'];
$clientid = $_POST['clientid'];
$memberid = $_POST['memberid'];
$startdate = convertStringToDate($_POST['startdate']) . " " . $_POST['starttime'];
$enddate = convertStringToDate($_POST['enddate']) . " " . $_POST['endtime'];
$status = $_POST['status'];
if ($status == "U") {
$sql = "SELECT DATE_FORMAT(A.starttime, '%d/%m/%Y %H:%i') AS starttime, A.memberid,\n\t\t\t\tB.name AS clientname, C.name AS originalclientname\n\t\t\t\tFROM {$_SESSION['DB_PREFIX']}diary A\n\t\t\t\tINNER JOIN {$_SESSION['DB_PREFIX']}client B\n\t\t\t\tON B.id = A.clientid\n\t\t\t\tINNER JOIN {$_SESSION['DB_PREFIX']}client C\n\t\t\t\tON C.id = {$clientid}\n\t\t\t\tWHERE id = {$id}";
$result = mysql_query($sql);
if ($result) {
while ($member = mysql_fetch_assoc($result)) {
$memberid = $member['id'];
$originaldate = $member['starttime'];
$originalclient = $member['clientname'];
$date = $_POST['startdate'];
$clientname = $_POST['originalclientname'];
sendUserMessage($memberid, "Cancellation", "The shift originally allocated on {$originaldate} for {$originalclient} has been moved to {$date} for {$clientname}");
}
}
$sql = "UPDATE {$_SESSION['DB_PREFIX']}diary SET \n\t\t\t\tstarttime = '{$startdate}', \n\t\t\t\tendtime = '{$enddate}', \n\t\t\t\tmemberid = {$memberid},\n\t\t\t\tstatus = '{$status}',\n\t\t\t\tclientid = {$clientid}\n\t\t\t\tWHERE id = {$id}";
} else {
if ($status == "I") {
$sql = "UPDATE {$_SESSION['DB_PREFIX']}diary SET \n\t\t\t\tactualstarttime = '{$startdate}', \n\t\t\t\tstatus = '{$status}',\n\t\t\t\tendtime = '{$enddate}', \n\t\t\t\tmemberid = {$memberid},\n\t\t\t\tclientid = {$clientid}\n\t\t\t\tWHERE id = {$id}";
} else {
$sql = "UPDATE {$_SESSION['DB_PREFIX']}diary SET \n\t\t\t\tactualstarttime = '{$startdate}', \n\t\t\t\tactualendtime = '{$enddate}', \n\t\t\t\tstatus = '{$status}',\n\t\t\t\tmemberid = {$memberid},\n\t\t\t\tclientid = {$clientid}\n\t\t\t\tWHERE id = {$id}";
}
}
if (!mysql_query($sql)) {
logError($sql . " - " . mysql_error());
}
mysql_query("COMMIT");
$qry = "UPDATE {$_SESSION['DB_PREFIX']}team SET \n\t\t\t\t\tfirstname = '{$fname}', \n\t\t\t\t\tlastname = '{$lname}',\n\t\t\t\t\ttelephone = '{$landline}',\n\t\t\t\t\temail = '{$email}'\n\t\t\t\t\tWHERE id = {$clubid}";
$result = mysql_query($qry);
if (!$result) {
logError("UPDATE team failed ({$qry}):" . mysql_error());
}
}
mysql_query("COMMIT");
sendUserMessage(getLoggedOnMemberID(), "User Registration", "User " . $_POST['login'] . " has been registered as a user.<br>Password : "******"User Registration", "<h3>Welcome " . $_POST['fname'] . " " . $_POST['lname'] . ".</h3><br>You have been invited to become a member of 'Harrow Youth Football League'.<br>Please click on the <a href='" . getSiteConfigData()->domainurl . "/index.php'>link</a> to activate your account.<br><br><h4>Login details</h4>User ID : " . $_POST['login'] . "<br>Password : "******"location: system-register-success.php");
} else {
logError("1 Query failed:" . mysql_error());
}
} else {
$memberid = $_GET['id'];
$qry = "UPDATE {$_SESSION['DB_PREFIX']}members \n\t\t\t\tSET email = '{$email}', \n\t\t\t\tlandline = '{$landline}', \n\t\t\t\tfirstname = '{$fname}', \n\t\t\t\tlastname = '{$lname}', \n\t\t\t\tlastaccessdate = NOW() ";
if ($password != "") {
$qry .= ", passwd = '" . md5($password) . "' ";
}
$qry .= "WHERE member_id = {$memberid}";
$result = mysql_query($qry);
if (!$result) {
logError("UPDATE members failed:" . mysql_error());
}
$_SESSION['SESS_FIRST_NAME'] = $fname;
$_SESSION['SESS_LAST_NAME'] = $lname;
sendUserMessage(getLoggedOnMemberID(), "User Amendment", "<h3>User amendment.</h3><br>Your details have been amended.<br>");
header("location: system-register-amend.php");
}
//Check whether the query was successful or not