$forum = $_GET['forum'];
if (empty($action)) {
$content .= "<table>";
$qFindForums = db_query("SELECT * FROM " . $sql_prefix . "_forums WHERE eventID = '{$sessioninfo->eventID}' AND disabled = 0");
while ($rFindForums = db_fetch($qFindForums)) {
$link_start = "<a href=?module=forum&action=viewForum&forum={$rFindForums->ID}>";
$content .= "<tr><td>";
$content .= $link_start . $rFindForums->name . "</a>";
$content .= "</td><td>";
$content .= $link_start . $rFindForums->description . "</a>";
$content .= "</td></tr>";
}
// End rFindForums
$content .= "</table>";
} elseif ($action == "viewForum" && isset($forum)) {
if (acl_access("forum", $forum, $sessioninfo->eventID) && $sessioninfo->userID > 1) {
$content .= "<a href=?module=forum&action=newThread&forum={$forum}>" . lang("Start new thread", "forum") . "</a>";
}
$content .= "<table>";
$qFindThreads = db_query("SELECT * FROM " . $sql_prefix . "_forumThreads WHERE forumID = '" . db_escape($forum) . "' AND threadDeleted = 0 ORDER BY lastPost DESC");
while ($rFindThreads = db_fetch($qFindThreads)) {
$link_start = "<a href=?module=forum&action=viewThread&thread={$rFindThreads->ID}>";
$content .= "<tr><td>";
$content .= $link_start . $rFindThreads->threadTopic . "</a>";
$content .= "</td><td>";
$qFindLastPost = db_query("SELECT * FROM " . $sql_prefix . "_forumPosts WHERE threadID = '{$rFindThreads->ID}' ORDER BY postTimestamp DESC LIMIT 0,1");
$rFindLastPost = db_fetch($qFindLastPost);
$content .= lang("Last post by: ", "forum");
$content .= user_profile($rFindLastPost->postAuthor);
$content .= " " . date("Y-m-d H:m:s", $rFindLastPost->postTimestamp);
$content .= "</td></tr>\n\n";
<?php
// TODO: Allow toggling wakeup-service (js) (default: false)
$usertable = $sql_prefix . "_users";
$ticketstable = $sql_prefix . "_tickets";
$sleeperstable = $sql_prefix . "_sleepers";
if (!config('enable_sleepers', $sessioninfo->eventID)) {
die(_('Module not activated'));
}
require __DIR__ . "/WakeupManager.php";
$wakeupManager = new WakeupManager($sessioninfo->eventID, $sleeperstable);
$acl_access = acl_access('sleepers', "", $sessioninfo->eventID);
if ($acl_access != 'Admin' and $acl_access != 'Write') {
die(_('No access'));
}
$content .= "<h2>" . _('Sleepers') . "</h2>\n";
if ($action == 'addsleeper') {
$userid = $_GET['userid'];
if (empty($userid) or !is_numeric($userid)) {
header('Location: ?module=sleepers');
die;
}
if (!user_exists($userid) || is_user_sleeping($userid) == true) {
header('Location: ?module=sleepers');
die;
}
$q = sprintf('INSERT INTO %s (eventID, userID) VALUES (%s, %s)', $sleeperstable, $sessioninfo->eventID, db_escape($userid));
db_query($q);
$log['userID'] = $userid;
log_add("sleepers", "addsleeper", serialize($log));
header('Location: ?module=sleepers');
<?php
/**
* Arrival module, this is a rewrite of the old module.
*/
$ticketManager = TicketManager::getInstance();
$usertable = $sql_prefix . "_users";
$ticketstable = $sql_prefix . "_tickets";
$tickettypestable = $sql_prefix . "_ticketTypes";
$thisModule = "arrival";
$action = isset($_GET['action']) ? $_GET['action'] : null;
$acl_ticket = acl_access("ticketadmin", "", $sessioninfo->eventID);
$acl_seating = acl_access("seating", "", $sessioninfo->eventID);
// Check if user has permission to tickets
if ($acl_ticket == 'No') {
printNoAccessError();
}
$content .= "\n <h1 class=\"page-title\">" . _("Arrival") . "</h1>\n <div class=\"arrival\">";
switch ($action) {
//==================================================================================
// Ticket detail display
case "changeuser":
$ticketID = isset($_GET['ticket']) && is_numeric($_GET['ticket']) ? intval($_GET['ticket']) : -1;
if ($ticketID < 1) {
$content .= "<p>Ugyldig parametere</p>";
} else {
$ticket = $ticketManager->getTicket($ticketID);
$changeType = isset($_GET['type']) ? $_GET['type'] : 'user';
/* HANDLERS */
if (isset($_GET['set']) && is_numeric($_GET['set']) == true && intval($_GET['set']) > 0) {
$ret = "index.php?module={$thisModule}&action=ticketdetail&ticket=" . $ticketID . "&changed=" . $changeType;
<?php
$action = $_GET['action'];
if (!config("users_may_register")) {
die("users may not register yet");
}
if (!($sessioninfo->userID <= 1 or acl_access("userAdmin", "", $sessioninfo->eventID) != 'No')) {
header('Location: index.php');
die;
}
if ($action == "register") {
$username = $_POST['username'];
$pass1 = $_POST['pass1'];
$pass2 = $_POST['pass2'];
$EMail = $_POST['EMail'];
$firstName = $_POST['firstName'];
$lastName = $_POST['lastName'];
$gender = $_POST['gender'];
$birthDay = $_POST['birthDay'];
$birthMonth = $_POST['birthMonth'];
$birthYear = $_POST['birthYear'];
$address = $_POST['address'];
$postnumber = $_POST['postnumber'];
$cellphone = $_POST['cellphone'];
if (empty($username)) {
$register_invalid = lang("Please provide a username", "register");
}
if (strlen($username) <= 1) {
$register_invalid = lang("Please provide a username", "register");
}
if (!strchr($email, "@") && strchr($email, ".")) {
db_query("INSERT INTO " . $sql_prefix . "_userPreferences\n\t\t\t\tSET userID = '" . db_escape($userID) . "',\n\t\t\t\tname = '{$prefname}',\n\t\t\t\tvalue = '" . db_escape($POST) . "'");
$log_old[$prefname] = "FALSE";
$log_new[$prefname] = $POST;
} else {
db_query("UPDATE " . $sql_prefix . "_userPreferences SET value = '" . db_escape($POST) . "'\n\t\t\t\tWHERE userID = '" . db_escape($userID) . "'\n\t\t\t\tAND name = '{$prefname}'");
$rFindPref = db_fetch($qFindPref);
$log_old[$prefname] = $rFindPref->value;
$log_new[$prefname] = $POST;
}
}
// End for
log_add("edituser", "doEditPreferences", serialize($log_new), serialize($log_old));
header("Location: ?module=edituserinfo&action=editPreferences&user={$userID}&change=success");
} elseif ($action == "profilePicture" && isset($_GET['user'])) {
$user = $_GET['user'];
$userAdmin_acl = acl_access("userAdmin", "", 1);
if ($user == $sessioninfo->userID) {
} elseif ($userAdmin_acl == 'Admin' || $userAdmin_acl == 'Write') {
} else {
die(lang("Not access to edit profile picture", "edituserinfo"));
}
$qFindProfile = db_query("SELECT * FROM " . $sql_prefix . "_files WHERE extra = '" . db_escape($user) . "' AND file_type = 'profilepic'");
if (db_num($qFindProfile) > 0) {
$rFindProfile = db_fetch($qFindProfile);
$content .= "<img src='{$rFindProfile->file_path}'>";
}
$content .= '<form enctype="multipart/form-data" action="upload.php" method="POST">';
$content .= '<input type="hidden" name="file_type" value="profilepic" />';
$content .= _("Choose file to upload: ");
$content .= "<input name=uploadfile type=file />";
$content .= "<input type=submit value='" . _("Upload picture") . "' />";
}
// End else
$content .= "</td></tr>";
}
// End for
}
// End if acl_access(globaladmin);
$content .= "</table>";
} elseif ($action == "doChangeRights" && !empty($_GET['groupID']) && !empty($_GET['accessmodule'])) {
$newright = $_REQUEST['groupRight'];
$groupID = $_GET['groupID'];
$accessmodule = $_GET['accessmodule'];
if (acl_access("eventadmin", "", $eventID) != 'Admin') {
die("Sorry, you have to be eventadmin to give eventrights");
}
if (in_array($accessmodule, $globalaccess) && acl_access("globaladmin", "", 0) != 'Admin') {
die("Sorry, you have to be globaladmin to give globalrights");
}
if (in_array($accessmodule, $globalaccess)) {
$event = 1;
} else {
$event = $eventID;
}
$qCheckExisting = db_query("SELECT * FROM " . $sql_prefix . "_ACLs\n\t\tWHERE groupID = '" . db_escape($groupID) . "'\n\t\tAND accessmodule = '" . db_escape($accessmodule) . "'\n\t\tAND eventID = {$event}");
if (db_num($qCheckExisting) == 0) {
db_query("INSERT INTO " . $sql_prefix . "_ACLs SET groupID = '" . db_escape($groupID) . "',\n\t\t\taccessmodule = '" . db_escape($accessmodule) . "',\n\t\t\taccess = '" . db_escape($newright) . "',\n\t\t\teventID = {$event}");
} else {
db_query("UPDATE " . $sql_prefix . "_ACLs SET access = '" . db_escape($newright) . "'\n\t\t\tWHERE accessmodule = '" . db_escape($accessmodule) . "'\n\t\t\tAND groupID = '" . db_escape($groupID) . "'\n\t\t\tAND eventID = {$event}");
}
// End else
$log_new['groupID'] = $groupID;
<?php
$acl_access = acl_access("sendSMS", "", 1);
if ($acl_access != 'Write' && $acl_access != 'Admin') {
die("No access to SMS");
}
$action = $_GET['action'];
if (empty($action)) {
$design_head .= "<script type='text/javascript'>\n\t\t\t function checkLength(from, where) {\n\t\t\t\t\t\t var len = document.getElementById(from).value.length;\n\t\t\t\t\t\t document.getElementById(where).innerHTML = len;\n\t\t\t\t\t\t\t} \n\t\t\t\t\t\t</script>\n\t\t\t\t\t\t ";
$content .= "<h2>" . _("Create SMS") . "</h2>";
$content .= "<table>";
$content .= "<form method='POST' action='?module=SMS&action=previewSMS'>\n";
$content .= "<tr><td>";
$content .= _("Select recipient(s):") . " <select name='toSmsList'>";
for ($i = 0; $i < count($smsList); $i++) {
$content .= "<option value='{$i}'>" . $smsList[$i]['name'] . "</option>\n";
}
$content .= "</select></td></tr>";
$content .= "<tr><td>";
# FIXME? Hardcoded textarea width and height
$content .= "<textarea style='margin-top: 10px; width: 300px; height: 200px;' onkeyup='checkLength(\"message\", \"count\");' onkeydown='checkLength(\"message\", \"count\");' id='message' name='message'></textarea>";
$content .= "</td></tr><tr><td>";
$content .= "<input type='submit' value='" . _("Preview SMS") . "'>";
$content .= "</td></tr>";
$content .= "<tr><th>";
$content .= _("Number of characters entered:") . " ";
$content .= "<span id='count'>0</span>";
$content .= "</th></tr>";
$content .= "</form></table>";
} elseif ($action == "previewSMS" && isset($_POST['toSmsList'])) {
$toSmsList = $_POST['toSmsList'];
<?php
$action = $_GET['action'];
$acl_access = acl_access("crewlist", "", $sessioninfo->eventID);
if ($acl_access == 'No') {
die("No access");
}
if (empty($action)) {
// add design-file
$qGetCrewMembers = db_query("SELECT DISTINCT gm.userID FROM " . $sql_prefix . "_group_members gm \n\t\tJOIN " . $sql_prefix . "_ACLs acl ON acl.groupID=gm.groupID\n\t\tWHERE acl.accessmodule = 'crewlist' AND acl.access != 'No' AND acl.eventID = '{$sessioninfo->eventID}'");
$totalcrewmembers = db_num($qGetCrewMembers);
$content .= "<h2>" . _("Crewlist") . "</h2>\n";
$content .= '<table class="table">';
$content .= "<thead><tr><th>";
$content .= lang("Name", "crewlist");
$content .= "</th><th>";
$content .= lang("Nick", "crewlist");
$content .= "</th><th>";
$content .= lang("EMail", "crewlist");
$content .= "</th><th>";
$content .= lang("Cellphone", "crewlist");
$content .= "</th><th>";
$content .= lang("Access", "crewlist");
$content .= "</th></tr></thead><tbody>";
$listrowcount = 1;
while ($rGetCrewMembers = db_fetch($qGetCrewMembers)) {
$qCrewinfo = db_query("SELECT * FROM " . $sql_prefix . "_users WHERE ID = '{$rGetCrewMembers->userID}'");
$rCrewinfo = db_fetch($qCrewinfo);
$content .= "<tr class='crewlistRow" . $listrowcount . "'><td>";
$content .= $rCrewinfo->firstName . " " . $rCrewinfo->lastName;
$content .= "</td><td>";
<?php
// FIXME: using nonexistant acl "logview" to make this globaladmin-only until we get global acls working
if (acl_access("logview", "", $sessioninfo->eventID) != 'No') {
$action = $_GET['action'];
$design_head .= "<link rel='stylesheet' type='text/css' href='templates/shared/logs.css' />";
if (!isset($action)) {
// FIXME: Hardcoding number of logentries to show:
$num_of_rows = 30;
$content .= "<h2>" . lang("Last 30 logentries", "logs") . "</h2>";
$content .= "<table class='logs'>";
$content .= "<tr>";
$content .= "<th>" . lang("Log", "logs") . "#</th>";
$content .= "<th>" . lang("Timestamp", "logs") . "</th>";
$content .= "<th>" . lang("User", "logs") . "</th>";
$content .= "<th>" . lang("Logmodule", "logs") . "</th>";
$content .= "<th>" . lang("Logtype", "logs") . "</th>";
$content .= "<th>" . lang("IP", "logs") . " / " . lang("Host", "logs") . "</th>";
$content .= "<th>" . lang("URL", "logs") . "</th>";
$content .= "</tr>";
$logquery = sprintf('SELECT ID, userID, INET_NTOA(userIP) as userIP, userHost, eventID, logModule, logFunction, logTextNew, logTextOld, logURL, logTime FROM %s_logs ORDER BY ID DESC LIMIT %s', $sql_prefix, $num_of_rows);
$logresult = db_query($logquery);
$numrow = 1;
while ($log = db_fetch($logresult)) {
$userip = $log->userIP;
if (!empty($log->userHost) && $log->userHost != "NULL") {
$userip .= " (" . $log->userHost . ")";
}
$content .= "<tr class='logrow" . $numrow . "' onClick='location.href=\"index.php?module=logs&action=details&id=" . $log->ID . "\"' >";
$content .= "<td>" . $log->ID . "</td>";
$content .= "<td>" . $log->logTime . "</td>";
<?php
$eventID = $sessioninfo->eventID;
if (acl_access("ticketadmin", "", $eventID) != 'Admin') {
die("You do not have ticketadmin-rights");
}
$action = $_GET['action'];
if (!isset($action) || $action == "editticket") {
$qListTickets = db_query("SELECT * FROM " . $sql_prefix . "_ticketTypes WHERE eventID = '{$eventID}'");
if (db_num($qListTickets) != 0 && $action != 'editticket') {
$content .= '<table>';
$content .= '<tr><th>' . lang("Ticketnumber", "ticketadmin");
$content .= '</th><th>' . lang("Ticketname", "ticketadmin");
$content .= '</th><th>' . lang("Tickettype", "ticketadmin");
$content .= '</th><th>' . lang("Price", "ticketadmin");
$content .= '</th><th>' . lang("Number of tickets", "ticketadmin");
$content .= '</th><th>' . lang("Sold tickets of type (total/seated/paid)", "ticketadmin");
$content .= '</th></tr>';
while ($rListTickets = db_fetch($qListTickets)) {
$content .= "<tr><td>\n";
$content .= $rListTickets->ticketTypeID;
$content .= "</td><td>\n";
$content .= "<a href=\"?module=ticketadmin&action=editticket&editticket={$rListTickets->ticketTypeID}\">\n";
$content .= $rListTickets->name;
$content .= "</a></td><td>\n";
$content .= lang($rListTickets->type, "ticketadmin");
$content .= "</td><td>\n";
$content .= $rListTickets->price;
$content .= "</td><td>\n";
$content .= $rListTickets->maxTickets;
$content .= "</td><td class=tdLink onClick='location.href=\"?module=ticketadmin&action=listTickets&tickettype={$rListTickets->ticketTypeID}\"'>\n";
<?php
$acl = acl_access("dashboard", "", $sessioninfo->eventID);
if ($acl == 'No') {
die(_("No access to dashboard"));
}
$action = $_GET['dashboard'];
if (empty($action)) {
$design_head .= "<meta http-equiv='refresh' content='10'>";
$content .= "<table border=1 style='font-size: 200%;'>";
$content .= "<tr><th>";
$content .= _("Tickets sold");
$content .= "</th><th>";
$content .= _("Kiosk sales");
$content .= "</th></tr>";
$content .= "<tr><td>";
// Security
$content .= "<b>" . _("Money earned") . "</b>: ";
$qCountTicketsPrice = db_query("SELECT SUM(price) AS price FROM " . $sql_prefix . "_tickets t \n\tJOIN " . $sql_prefix . "_ticketTypes tt \n\tON tt.ticketTypeID=t.ticketType \n\tWHERE t.paid='yes' AND tt.eventID = '{$sessioninfo->eventID}'");
$rCountTicketsPrice = db_fetch($qCountTicketsPrice);
if ($rCountTicketsPrice->price > 0) {
$content .= $rCountTicketsPrice->price;
} else {
$content .= "0";
}
$content .= "<br />";
$content .= "<b>" . _("Tickets sold") . "</b>: ";
$qCountTicketsSold = db_query("SELECT COUNT(*) AS amount FROM " . $sql_prefix . "_tickets t\n\tJOIN " . $sql_prefix . "_ticketTypes tt\n\tON tt.ticketTypeID=t.ticketType\n\tWHERE t.paid='yes' AND tt.eventID = '{$sessioninfo->eventID}'");
$rCountTicketsSold = db_fetch($qCountTicketsSold);
$content .= $rCountTicketsSold->amount;
$content .= "</td><td>";
$qCheckUser = db_query("SELECT COUNT(*) AS count FROM " . $sql_prefix . "_group_members\n\t\tWHERE userID = '" . db_escape($userID) . "'\n\t\tAND groupID = " . db_escape($groupID));
$rCheckUser = db_fetch($qCheckUser);
if ($rCheckUser->count != 0) {
header("Location: ?module=groups&action=addGroupMember&groupID={$groupID}&errormsg=" . lang("User already member of group", "groups"));
} else {
db_query("INSERT INTO " . $sql_prefix . "_group_members SET\n\t\t\tgroupID = " . db_escape($groupID) . ",\n\t\t\tuserID = " . db_escape($userID) . ",\n\t\t\taccess = 'Read'");
$log_new['userID'] = $userID;
$log_new['groupID'] = $groupID;
log_add("groups", "addmember", serialize($log_new));
header("Location: ?module=groups&action=listGroup&groupID={$groupID}");
}
// End else
} elseif ($action == 'doChangeGroupRights' && !empty($groupID) && !empty($_GET['userID'])) {
// Do test of users group-rights
if (acl_access("grouprights", $groupID, 1) != 'Admin') {
if (acl_access("eventadmin", "", $sessioninfo->eventID) != 'Admin') {
die("Sorry, you need admin-rights to do this!");
}
}
$access = $_POST['groupRights'];
$log_new['userID'] = $_GET['userID'];
$log_new['groupID'] = $groupID;
if ($access == "No") {
db_query("DELETE FROM " . $sql_prefix . "_group_members WHERE groupID = '" . db_escape($groupID) . "'\n\t\t\tAND userID = '" . db_escape($_GET['userID']) . "'");
log_add("groups", "changeGroupRights_remove", serialize($log_new));
} else {
db_query("UPDATE " . $sql_prefix . "_group_members\n\t\t\tSET access = '" . db_escape($access) . "'\n\t\t\tWHERE groupID = '" . db_escape($groupID) . "'\n\t\t\tAND userID = '" . db_escape($_GET['userID']) . "'");
$log_new['access'] = $access;
log_add("groups", "changeGroupRights", serialize($log_new));
}
// End else
<?php
if (acl_access("translate", 0, 0) != 'Admin') {
die("You do not have access to translate-interface");
}
$action = $_GET['action'];
$language = $_GET['language'];
$mode = $_GET['mode'];
if (empty($mode)) {
$mode = "untranslated";
}
if (!isset($action)) {
switch ($mode) {
case "untranslated":
$queryWhere = "language = '" . db_escape($language) . "' AND translated IS NULL AND ignoreExport = 0";
break;
default:
$queryWhere = "1";
// Default to anything
break;
}
// End switch
$qGetTranslateList = db_query("SELECT * FROM " . $sql_prefix . "_lang WHERE " . $queryWhere);
$content .= '<table>';
while ($rGetTranslateList = db_fetch($qGetTranslateList)) {
$content .= "<form method=POST action=?module=translate&action=changeTranslation&language={$language}&translationID={$rGetTranslateList->ID}>\n";
$content .= "<tr><td>";
$content .= $rGetTranslateList->string;
$content .= "</td><td>";
$content .= "<textarea name=translated cols=50 rows=3>{$rGetTranslateList->translated}</textarea>";
$content .= "</td><td>";
<?php
$acl = acl_access("kiosk_admin", "", $sessioninfo->eventID);
if ($acl == 'No') {
die("No access!");
}
$action = $_GET['action'];
if (empty($action)) {
$content .= "<ul>";
$content .= "<li><a href=?module=kioskadmin&action=wareTypes>" . lang("Admin waretypes") . "</a></li>\n";
$content .= "<li><a href=?module=kioskadmin&action=wares>" . lang("Admin wares") . "</a></li>\n";
$content .= "<li><a href=?module=kioskadmin&action=credit>" . _("Admin credit") . "</a></li>\n";
$content .= "</ul>";
$content .= "<ul>";
$content .= "<li><a href=?module=kioskadmin&action=printBarcodes>" . lang("Print barcodes") . "</a></li>\n";
$content .= "</ul>";
} elseif ($action == "wareTypes") {
$content .= "<p><a href=\"?module=kioskadmin\">" . _("Back to kioskadmin overview") . "</a></p>";
$content .= "<h2>" . _("Kiosk Ware types") . "</h2>";
$qWareTypes = db_query("SELECT * FROM " . $sql_prefix . "_kiosk_waretypes");
if (db_num($qWareTypes) > 0) {
$content .= "<table class='better-table kioskware-types'><tr><th style='width: 80%'>" . _("Name") . "</th><th>" . _("Actions") . "</th></tr>";
while ($rWareTypes = db_fetch($qWareTypes)) {
$content .= "<tr>";
$content .= "<td class='tdLink' onClick='location.href=\"?module=kioskadmin&action=editWareType&wareType={$rWareTypes->ID}\"'>";
$content .= $rWareTypes->typeName . "</td><td>";
// Edit button
$content .= "<form style='display:inline;' action='?module=kioskadmin&action=editWaretype&wareType=" . $rWareTypes->ID . "' method='post'><input type='submit' value='" . _("Edit") . "' /></form>";
// Delete button
$content .= " <form style='display:inline;' action='?module=kioskadmin&action=rmWaretype&wareType=" . $rWareTypes->ID . "' method='post'><input type='submit' value='" . _("Remove") . "' /></form>";
$content .= "</td></tr>";
<?php
$acl_access = acl_access("seatadmin", "", $sessioninfo->eventID);
$action = $_GET['action'];
$type = $_POST['type'];
if ($acl_access != 'Admin') {
die("Sorry, you do not have access to this!");
}
if ($action == "updateSeat") {
if ($type == "d" or $type == "w" or $type == "o" or $type == "b" or $type == "n") {
$action = "doUpdateSeat";
} elseif ($type == "a") {
// type is area, we need to do something about this
/* FIXME */
} elseif ($type == "p" && !isset($_POST['seatpassword'])) {
// type is password-protected seat
// $seatcontent .= "<form method=POST action=?module=seatadmin&action=doUpdateSeat>\n";
$seatcontent .= "<p class=\"nopad\"><input type=\"text\" name=\"seatpassword\" />\n";
$seatcontent .= "<input type=\"submit\" value='" . lang("Set password", "seatadmin") . "'></p>";
// $seatcontent .= "</form>";
} elseif ($type == "p" && isset($_POST['seatpassword'])) {
$action = "doUpdateSeat";
} elseif ($type == "g" && !isset($_POST['group'])) {
// type is group-protected
$seatcontent .= "<select name=\"group\">\n";
$qGroups = db_query("SELECT ID,groupname,groupType FROM " . $sql_prefix . "_groups\n\t\t\tWHERE\n\t\t\t(eventID = 1 AND groupType = 'clan')\n\t\t\tOR\n\t\t\t(eventID = {$sessioninfo->eventID} AND groupType = 'access')\n\t\t\tORDER BY groupname ASC\n\t\t\t");
while ($rGroups = db_fetch($qGroups)) {
$seatcontent .= "<option value=\"{$rGroups->ID}\">";
$seatcontent .= $rGroups->groupname . " (" . $rGroups->groupType . ")";
$seatcontent .= "</option>\n";
}
log_add("wannabeadmin", "changeQuestion", serialize($log_new));
header("Location: ?module=wannabeadmin&action=questions");
} elseif ($action == "listApplications") {
$design_head .= '<link href="templates/shared/wannabe.css" rel="stylesheet" type="text/css">';
$content .= "<table><tr>";
$content .= "<th>" . lang("Applicant", "wannabeadmin") . "</th>";
$qListCrews = db_query("SELECT * FROM " . $sql_prefix . "_wannabeCrews WHERE eventID = '{$sessioninfo->eventID}'");
while ($rListCrews = db_fetch($qListCrews)) {
$content .= "<th>{$rListCrews->crewname}</th>\n";
$crewlist[] = $rListCrews->ID;
}
$qListApplications = db_query("SELECT DISTINCT userID FROM " . $sql_prefix . "_wannabeResponse res\n\t\tJOIN " . $sql_prefix . "_wannabeQuestions ques ON res.questionID=ques.ID WHERE ques.eventID = {$eventID}");
if (db_num($qListApplications) != 0) {
while ($rListApplications = db_fetch($qListApplications)) {
$content .= "<tr><td";
if (acl_access("crewlist", "", $sessioninfo->eventID, $rListApplications->userID, 0) != 'No') {
$content .= " class='wannabeCommentStyle1'";
}
$content .= ">";
$content .= "<a href=\"?module=wannabeadmin&action=viewApplication&user={$rListApplications->userID}\">";
$content .= display_username($rListApplications->userID);
$content .= "</a></td>\n";
for ($i = 0; $i < count($crewlist); $i++) {
#$qListMyComment = db_query("SELECT * FROM ".$sql_prefix."_wannabeComment WHERE crewID = '$crewlist[$i]' AND adminID = '$sessioninfo->userID' AND userID = '$rListApplications->userID'");
#$rListMyComment = db_fetch($qListMyComment);
$qListAvgScore = db_query("SELECT ROUND(AVG(approval), 0) AS approval FROM " . $sql_prefix . "_wannabeComment WHERE crewID = '{$crewlist[$i]}' AND userID = '{$rListApplications->userID}'");
$rListAvgScore = db_fetch($qListAvgScore);
$content .= "<td class=wannabeCommentStyle" . $rListAvgScore->approval . ">";
$content .= "</td>\n";
}
// End for
<?php
$design_head .= "<link rel='stylesheet' href='templates/shared/useradmin.css' type='text/css' />";
$acl_useradmin = acl_access("userAdmin", "", 1);
// Checking if no access to useradmin
if ($acl_useradmin == 'No') {
header('Location: index.php?emsg="No access"');
die;
}
// else, got atleast read-access to userAdmin:
$action = $_GET['action'];
if (!isset($action) or empty($action)) {
$content .= "<h2>" . lang("User administration", "useradmin") . "</h2>";
$content .= "<form action='index.php' method='GET'>\n";
$content .= "<input type='hidden' name='module' value='useradmin' />\n";
$content .= "<input type='hidden' name='action' value='listall' />\n";
$content .= "<input type='submit' value='" . lang("View all users", "useradmin") . "' />\n";
$content .= "</form>\n\n";
$content .= "<h3>Regular search</h3>\n";
$content .= "Searches for nick, first or last name and email address\n";
$content .= "<form method='GET' action='index.php'>\n";
$content .= "<input type='hidden' name='module' value='useradmin' />\n";
$content .= "<input type='hidden' name='action' value='search' />\n";
$content .= "<input type='text' name='search' />\n";
$content .= " <input type='submit' value='" . lang("Search", "useradmin") . "' />\n";
$content .= "</form>\n\n";
// $content .= "<h3>Detailed search</h3>";
// $content .= "Search for users with tickets for a specific event";
} elseif ($action == 'listall' || $action == 'search') {
$content .= "<h2>" . lang("List of all users", "useradmin") . "</h2>";
$content .= "<a href='index.php?module=useradmin'>" . lang("Back to user administration", "useradmin") . "</a>";
// Signing on user
#die("
case "FFA":
// Signing on user
db_query("INSERT INTO " . $sql_prefix . "_compoSignup SET\n\t\t\t\tcompoID = '" . db_escape($compo) . "',\n\t\t\t\tuserID = '" . db_escape($sessioninfo->userID) . "'");
break;
}
// End switch
header("Location: ?module=compos&action=listSignedup&compo={$compo}");
} elseif ($action == "removeSignup" && isset($compo)) {
$qCompoInfo = db_query("SELECT * FROM " . $sql_prefix . "_compos WHERE ID = '" . db_escape($compo) . "'");
$rCompoInfo = db_fetch($qCompoInfo);
switch ($rCompoInfo->type) {
case "clan":
$clanID = $_POST['clanID'];
$acl = acl_access("grouprights", $clanID, "", $sessioninfo->userID);
if ($acl == 'Admin' || $acl == 'Write') {
db_query("DELETE FROM " . $sql_prefix . "_compoSignup\n\t\t\t\t\tWHERE compoID = '" . db_escape($compo) . "'\n\t\t\t\t\tAND clanID = '" . db_escape($clanID) . "'");
}
// End if acl == Admin||Write
break;
case "1on1":
// Remove user
// Remove user
case "FFA":
// Remove user
db_query("DELETE FROM " . $sql_prefix . "_compoSignup WHERE\n\t\t\t\tcompoID = '" . db_escape($compo) . "' AND\n\t\t\t\tuserID = '" . db_escape($sessioninfo->userID) . "'");
break;
}
// End switch
header("Location: ?module=compos&action=listSignedup&compo={$compo}");
<?php
$request = \Symfony\Component\HttpFoundation\Request::createFromGlobals();
$acl = acl_access("kiosk_sales", "", $sessioninfo->eventID);
if ($acl == 'No') {
$content .= "Error, no access!";
return;
}
$kiosk = new \Lancms\Kiosk\LanKiosk();
$kioskSession = \Lancms\Kiosk\LanKioskSession::create(null, null);
$kioskGui = new \Lancms\Kiosk\KioskGui();
$kioskGui->prepare($kioskSession);
$action = $request->query->getAlnum("action");
if (!$request->query->has("action")) {
$kioskGui->front();
} elseif ($action == "endSession") {
$kioskGui->endSession();
} elseif ($action == "addWare") {
$kioskGui->addWare();
} elseif ($action == "removeWare") {
$kioskGui->removeWare();
} elseif ($action == "sell") {
if ($_POST['credit'] == 'yes' and $sessioninfo->kioskSaleTo > 1) {
$credit = 1;
} else {
$credit = 0;
}
$qCreateSale = db_query("INSERT INTO " . $sql_prefix . "_kiosk_sales \n SET salesPerson = '{$sessioninfo->userID}',\n saleTime = '" . time() . "',\n soldTo = '" . $sessioninfo->kioskSaleTo . "',\n credit = '{$credit}',\n eventID = '{$sessioninfo->eventID}'");
$qSaleID = db_query("SELECT ID FROM " . $sql_prefix . "_kiosk_sales \n WHERE salesPerson = '{$sessioninfo->userID}' \n AND eventID = '{$sessioninfo->eventID}'\n ORDER BY ID DESC LIMIT 0,1");
$rSaleID = db_fetch($qSaleID);
$saleID = $rSaleID->ID;
$content .= "</td>";
}
// End else
if ($rFindTicket->status != 'deleted' && $acl_ticket == ('Write' || 'Admin')) {
$content .= "<td class='tdLink arrival-actions-common' style='background-color: orange;'";
$content .= " onClick='location.href=\"?module=arrival&action=deleteTicket&ticketID={$ticket}\"'>";
$content .= lang("Delete ticket", "arrival");
$content .= "</td>";
} elseif ($rFindTicket->status == 'deleted') {
$content .= "<td class='arrival-actions-common' style='background-color: red;'>";
$content .= lang("Deleted", "arrival");
$content .= "</td>";
}
$content .= "</tr></table>\n\n";
$content .= "<br />\n";
$userACL = acl_access("userAdmin", "", 1);
if ($userACL == 'Write' || $userACL == 'Admin') {
$content .= sprintf("<form method='POST' action='?module=edituserinfo&action=editUserinfo&user=%s'><input type='submit' value='%s' /></form>\n", $rFindTicket->user, _('Edit userinfo'));
}
//XXX: Should extra access be needed for changing owner?
$content .= sprintf("<form method='POST' action='?module=arrival&action=changeowner&ticket=%d'><input type='submit' value='%s' /></form>\n", $rFindTicket->ticketID, _('Change owner'));
$content .= sprintf("<form method='POST' action='?module=arrival&action=changeuser&ticket=%d'><input type='submit' value='%s' /></form>\n", $rFindTicket->ticketID, _('Change user'));
} elseif ($action == "changeowner" && isset($_GET['ticket'])) {
$ticket = $_GET['ticket'];
$toUser = isset($_GET['toUser']) ? $_GET['toUser'] : null;
$query = isset($_POST['query']) ? $_POST['query'] : null;
if ($toUser) {
db_query("UPDATE " . $sql_prefix . "_tickets SET owner = '" . db_escape($toUser) . "' WHERE ticketID = '" . db_escape($ticket) . "'");
header("Location: ?module=arrival&action=ticketdetail&ticket={$ticket}");
}
$content .= "<h2>" . _("Search for new owner") . "</h2>\n";
<?php
$action = $_GET['action'];
$list = $_GET['list'];
$option = $_GET['option'];
if (!empty($list)) {
$acl = acl_access("listing", $list, $sessioninfo->eventID);
if ($acl == 'No') {
die("No access");
}
}
$globalacl = acl_access("listing", "", $sessioninfo->eventID);
if (!isset($action)) {
$content .= "<table>";
for ($i = 0; $i < count($listingtype); $i++) {
$content .= "<tr><td>";
if ($listingtype[$i]['option'] == 1) {
$do_action = 'option';
} else {
$do_action = 'viewlist';
}
$content .= "<a href=?module=listing&action={$do_action}&list={$i}>";
$content .= $listingtype[$i]['name'] . "</a>";
$content .= "</td></tr>";
}
$content .= "</table>";
} elseif ($action == "option" && isset($list)) {
$content .= "<form method=GET>\n";
$content .= "<input type=hidden name='module' value='listing'>\n";
$content .= "<input type=hidden name='action' value='viewlist'>\n";
$content .= "<input type=hidden name='list' value='{$list}'>\n";
<?php
$action = $_REQUEST['action'];
if (acl_access("globaladmin", "", 0) != "Admin") {
die("You do not have propper rights!");
}
if (!isset($action)) {
$content .= "<table>";
$content .= "<tr><th>" . lang("Event name", "globaladmin");
$content .= "</th><th>";
$content .= lang("Admin this event", "globaladmin");
$content .= "</th><th>" . lang("Set event public", "globaladmin");
$content .= "</th><th>" . _("Is open");
$content .= "</th><th>" . _("Design");
$content .= "</th></tr>\n\n";
$qListEvents = db_query("SELECT * FROM " . $sql_prefix . "_events WHERE ID != 1");
$rownum = 1;
while ($rListEvents = db_fetch($qListEvents)) {
if ($rownum == 3) {
$rownum = 1;
}
$content .= "<tr class='row" . $rownum . "'><td>";
$content .= $rListEvents->eventname;
$content .= "</td><td>";
$content .= "<a href=\"?module=events&action=setCurrentEvent&eventID={$rListEvents->ID}\">";
$content .= lang("Set active", "globaladmin");
$content .= "</a>";
$content .= "</td><td>";
if ($rListEvents->eventPublic == 1) {
$content .= "<a href=\"?module=globaladmin&eventID={$rListEvents->ID}&action=setPrivate\">" . lang("Public", "globaladmin") . "</a>";
} else {
<?php
$manager = NewsArticleManger::getInstance();
$acl = acl_access("news", "", $sessioninfo->eventID);
$global_acl = acl_access("news", "", 1);
$content .= "<div class=\"newsadmin\">";
if ($action == "newsadmin" && ($acl == 'Admin' || $acl == 'Write')) {
$articles = $manager->getArticles($sessioninfo->eventID);
if (count($articles) > 0) {
$content .= "<h2>" . _("Manage news articles") . "</h2>";
$content .= "<table class='better-table'><tbody><tr><th>" . _("Name") . "</th><th>" . _("Actions") . "</th></tr>";
foreach ($articles as $article) {
$content .= "\n\t\t\t<tr>\n\t\t\t\t<td>" . $article->getHeader() . "\n\t\t\t\t" . ($article->isActive() ? " <span style=\"color:#01B501; font-style:italic;\">(" . _("Published") . ")</span>" : " <span style=\"color:#EA0505; font-style:italic;\">(" . _("Draft") . ")</span>") . "\n\t\t\t\t" . ($article->isGlobal() ? " <span style=\"color:#E29405; font-style:italic;\">(" . _("Global") . ")</span>" : "") . "\n\t\t\t\t</td>\n\t\t\t\t<td>\n\t\t\t\t\t<button onclick=\"window.location = '?module={$module}&action=editArticle&articleID=" . $article->getArticleID() . "';\">" . _("Edit") . "</button>\n\t\t\t\t\t<button onclick=\"window.location = '?module={$module}&action=deleteArticle&articleID=" . $article->getArticleID() . "';\">" . _("Delete") . "</button>\n\t\t\t\t</td>\n\t\t\t</tr>\n\n";
}
// end foreach
$content .= "</tbody></table>\n\n";
}
// end if
$content .= "<div class=\"create-form\"><h2>" . _("Create new article") . "</h2>";
$content .= "<form method=\"post\" action=\"?module=news&action=doAddArticle\">\n";
$content .= "<input type=\"text\" name=\"articleHeader\" placeholder=\"" . _("Article header...") . "\" />\n";
$content .= "<input type=\"submit\" value='" . lang("Add new article", "news") . "' />\n";
$content .= "</form></div>";
$content .= "";
} elseif ($action == "doAddArticle" && ($acl == 'Admin' || $acl == 'Write')) {
$header = $_POST['articleHeader'];
$global_article = $_POST['global_article'];
// Check if the article should be global, and set var
if (($global_acl == 'Admin' || $global_acl == 'Write') && $global_article == 'on') {
$global_article = true;
} else {
<?php
$userid = $_GET['user'];
$useradminread = acl_access("userAdmin", "", 1);
$userR = db_query("SELECT * FROM " . $sql_prefix . "_users WHERE ID = '" . db_escape($userid) . "'");
$user = db_fetch($userR);
$border = "style='border: solid 1px black; border-collapse: collapse;'";
$content .= "<table {$border}>\n";
$content .= sprintf("<tr><th %s>%s</th><td %s>%s</td></tr>\n", $border, _('Name'), $border, $user->firstName . " " . $user->lastName);
$content .= sprintf("<tr><th %s>%s</th><td %s>%s</td></tr>\n", $border, _('Nick'), $border, $user->nick);
if ($useradminread != "No") {
$content .= sprintf("<tr><th %s>%s</th><td %s>%s</td></tr>\n", $border, _('Email'), $border, $user->EMail);
$content .= sprintf("<tr><th %s>%s</th><td %s>%s</td></tr>\n", $border, _('Cellphone'), $border, $user->cellphone);
$content .= sprintf("<tr><th %s>%s</th><td %s>%s</td></tr>\n", $border, _('Gender'), $border, _($user->gender));
$content .= sprintf("<tr><th %s>%s</th><td %s>%s</td></tr>\n", $border, _('Birthday'), $border, $user->birthDay . ". " . $user->birthMonth . " " . $user->birthYear);
$content .= sprintf("<tr><th %s>%s</th><td %s>%s</td></tr>\n", $border, _('Address'), $border, $user->street);
$content .= sprintf("<tr><th %s>%s</th><td %s>%s</td></tr>\n", $border, _('Postnumber'), $border, $user->postNumber);
}
$qFindGroups = db_query("SELECT g.groupname,e.eventname FROM (" . $sql_prefix . "_groups g JOIN " . $sql_prefix . "_group_members gm ON gm.groupID=g.ID) JOIN " . $sql_prefix . "_events e ON g.eventID=e.ID WHERE gm.userID = '" . $user->ID . "'");
if (db_num($qFindGroups)) {
$content .= "<tr><th>";
$content .= _("Groupmemberships");
$content .= "</th><td><ul>";
while ($rFindGroups = db_fetch($qFindGroups)) {
$content .= "<li>" . $rFindGroups->eventname . " – " . $rFindGroups->groupname . "</li>\n";
}
$content .= "</ul></td></tr>\n\n\n";
}
$content .= "</table>\n";
if ($useradminread != "No") {
$content .= "<br />\n";
function seating_rights($seatX, $seatY, $ticketID, $eventID, $password = 0)
{
global $sql_prefix;
global $sessioninfo;
$qSeatInfo = db_query("SELECT * FROM " . $sql_prefix . "_seatReg WHERE eventID = '{$eventID}'\n AND seatX = '{$seatX}' AND seatY = '{$seatY}'");
$rSeatInfo = db_fetch($qSeatInfo);
$seating_enabled = config("seating_enabled", $eventID);
$returncode = 0;
// Check event-rights
$acl_event_seating = acl_access("seating", "", $eventID);
// Check if the seat is already taken
$qCheckAlreadySeated = db_query("SELECT seatingID FROM " . $sql_prefix . "_seatReg_seatings WHERE\n eventID = '{$eventID}' AND seatX = '{$seatX}' AND seatY = '{$seatY}'");
if (db_num($qCheckAlreadySeated) != 0) {
$returncode = FALSE;
} elseif ($acl_event_seating == 'Admin' || $acl_event_seating == 'Write') {
$returncode = TRUE;
} elseif ($seating_enabled == 1) {
// Seating is enabled for this event?
// Get info about the ticket
$qTicketInfo = db_query("SELECT * FROM " . $sql_prefix . "_tickets WHERE eventID = '{$eventID}' AND\n\tticketID = '{$ticketID}'");
$rTicketInfo = db_fetch($qTicketInfo);
if ($rTicketInfo->owner == $sessioninfo->userID || $rTicketInfo->user == $sessioninfo->userID) {
$type = $rSeatInfo->type;
switch ($type) {
case 'd':
// Seat is a normal seat
$returncode = 1;
break;
case 'g':
// Groupprotected. Check if access to group
if (acl_access("grouprights", $rSeatInfo->extra, "", $sessioninfo->userID) != 'No') {
$returncode = 1;
}
break;
case 'p':
// Password-protected. Check if password correct
if ($password == $rSeatInfo->extra) {
$returncode = 1;
}
#die("password: $password, matching against $rSeatInfo->extra");
break;
case 'r':
// Right-protected. Check if the user has that right.
if (acl_access($rSeatInfo->extra, "", "", $sessioninfo->userID) != 'No') {
$returncode = 1;
}
default:
die("type: " . $type);
}
// End switch($type)
}
// End if rTicketInfo->owner || user == session-userID
}
// End elseif(config(seating_enabled))
return $returncode;
}
$qFindTicket = db_query("SELECT * FROM " . $sql_prefix . "_tickets WHERE ticketID = '" . db_escape($ticket) . "'");
$rFindTicket = db_fetch($qFindTicket);
if ($sessioninfo->userID != $rFindTicket->owner && acl_access("seating", "", $sessioninfo->eventID) != 'Admin') {
} else {
db_query("UPDATE " . $sql_prefix . "_tickets SET user = '******' WHERE ticketID = '" . db_escape($ticket) . "'");
}
$logmsg['new_user'] = $toOwner;
$logmsg['ticket'] = $ticket;
log_add("ticketorder", "changeUser", serialize($logmsg));
header("Location: ?module=ticketorder");
} elseif (($action == "cancelTicket" || $action == "doCancelTicket") && isset($_GET['ticket'])) {
$ticket = $_GET['ticket'];
$qGetTicketInfo = db_query("SELECT * FROM " . $sql_prefix . "_tickets WHERE ticketID = '" . db_escape($ticket) . "'");
$rGetTicketInfo = db_fetch($qGetTicketInfo);
$allow_cancel = false;
if (acl_access("ticketadmin", "", $sessioninfo->eventID) == ('Admin' || 'Write')) {
$allow_cancel = true;
} elseif ($sessioninfo->userID == $rGetTicketInfo->owner) {
$allow_cancel = true;
}
if ($action == "cancelTicket" && $allow_cancel == true) {
$content .= lang("Are you sure you wish to delete this ticket?", "ticketorder");
$content .= "<br><a href=?module=ticketorder>" . lang("No, this would be a mistake", "ticketorder") . "</a> - ";
$content .= "<a href=?module=ticketorder&action=doCancelTicket&ticket={$ticket}>" . lang("Yes, I don't need it", "ticketorder") . "</a>";
} elseif ($action == "doCancelTicket" && $allow_cancel == true) {
// Delete the ticket
db_query("DELETE FROM " . $sql_prefix . "_tickets WHERE ticketID = '" . db_escape($ticket) . "'");
$logmsg[] = $rGetTicketInfo->ticketID;
$logmsg[] = $rGetTicketInfo->ticketType;
$logmsg[] = $rGetTicketInfo->owner;
$logmsg[] = $rGetTicketInfo->user;
<?php
$acl = acl_access("infoscreen", "", $sessioninfo->eventID);
if ($acl == 'No' || $acl == 'Read') {
die("No access to infoscreens");
}
$action = $_GET['action'];
$slidetable = $sql_prefix . "_infoscreensSlides";
$queuetable = $sql_prefix . "_infoscreensQueues";
$screentable = $sql_prefix . "_infoscreens";
if (empty($action)) {
$content .= "<h2>" . _("Infoscreens") . "</h2>\n";
$content .= "<p>" . _('Remember that all slides must be considered public!') . "</p>\n";
#### START - screens ####
$content .= "<div style='border: solid 1px black; border-collapse: collapse; padding: 10px;'>\n";
$content .= "<h3>" . _('Screens') . "</h3>";
$qFindScreens = db_query("SELECT * FROM " . $sql_prefix . "_infoscreens WHERE eventID = '{$sessioninfo->eventID}'");
$nFindScreens = db_num($qFindScreens);
if ($nFindScreens > 0) {
$content .= "<table style='border: solid 1px black; border-collapse: collapse;'>";
$content .= sprintf("<tr><th>%s</th><th>%s</th><th>%s</th></tr>", _("Name"), _("Preview"), _("Remove"));
while ($rFindScreens = db_fetch($qFindScreens)) {
$content .= "<tr><td style='border: solid 1px black; border-collapse: collapse;'>";
$content .= $rFindScreens->name;
$content .= "</td><td style='border: solid 1px black; border-collapse: collapse; padding: 3px;'>\n";
$content .= "<a href='party.php?s={$rFindScreens->ID}'>" . _("Link to screen") . "</a></td>";
// Show remove button if has admin acl.
if ($acl == 'Admin') {
$content .= "<td style='border: solid 1px black; border-collapse: collapse; padding: 3px;'>";
$content .= "<form action='?module=infoscreens&action=rmScreen' method='post'>";
$content .= "<input type='hidden' name='screenID' value='{$rFindScreens->ID}'>";
<?php
$eventID = $sessioninfo->eventID;
$acl_access = acl_access("FAQ", "", $eventID);
$action = $_GET['action'];
$faqID = $_GET['faqID'];
#if($acl_access == "No")
# die("You do not have access to this!");
if ($action == "read") {
// Read FAQs for current event.
$qFAQs = db_query("SELECT * FROM " . $sql_prefix . "_FAQ \n\t\tWHERE eventID = '" . db_escape($eventID) . "'");
while ($rFAQs = db_fetch($qFAQs)) {
$content .= "<br /><a name=#" . $rFAQs->ID . " href=?module=FAQ&action=read&faqID={$rFAQs->ID}>";
$content .= $rFAQs->question;
$content .= "</a>\n\n";
if ($faqID == $rFAQs->ID) {
// The user has requested to view the current FAQ-ID
$content .= "<br /><br />{$rFAQs->answer}";
}
// End if $faqID == $rFAQs->ID
}
// End while $rFAQs = db_fetch()
} elseif ($action == "adminFAQs") {
// Do ACL-check if you have rights to do this
if ($acl_access != 'Admin') {
die("You have to have admin-rights to administer FAQs");
}
$qFAQs = db_query("SELECT * FROM " . $sql_prefix . "_FAQ\n\t\tWHERE eventID = '" . db_escape($eventID) . "'");
if (db_num($qFAQs) != 0) {
$content .= '<table>';
while ($rFAQs = db_fetch($qFAQs)) {
$bgcolor = 'green';
}
$content .= "<tr bgcolor='{$bgcolor}'><td>";
$content .= $rFindSoldTickets->resellerTicketID;
$content .= "</td><td>";
$content .= $rFindSoldTickets->resellerID;
$content .= "</td><td>";
$content .= date("Y/m/d H:i", $rFindSoldTickets->saleTime);
$content .= "</td></tr>";
}
// End while
$content .= "</table>";
} elseif ($action == "addTicket" && !empty($_GET['type'])) {
$amount = $_POST['amount'];
$type = $_GET['type'];
if (acl_access("reseller", $type, $sessioninfo->eventID) == 'No') {
die("No access to this ticketType");
}
while ($amount) {
$md5 = md5(rand(0, 10000));
$string = strtoupper(substr($md5, 0, 10));
$qCheckAlreadyUsed = db_query("SELECT * FROM " . $sql_prefix . "_ticketReseller WHERE resellerTicketID = '{$string}'");
if (db_num($qCheckAlreadyUsed) == 0) {
// Key is not already used, use it
db_query("INSERT INTO " . $sql_prefix . "_ticketReseller \n\t\t\t\tSET resellerTicketID = '{$string}',\n\t\t\t\tticketType = '" . db_escape($type) . "',\n\t\t\t\teventID = '{$sessioninfo->eventID}',\n\t\t\t\tresellerID = '{$sessioninfo->userID}',\n\t\t\t\tsaleTime = '" . time() . "'\n\t\t\t");
$content .= "<h1>" . $string . "</h1><br />";
$amount--;
}
// End if
}
// End while
<?php
$action = $_GET['action'];
$acl = acl_access("forum", "", $sessioninfo->eventID);
if ($acl != 'Admin') {
die("No access to forumadmin");
}
$forumID = $_GET['forumID'];
if (!isset($action) || $action == "editForum" && isset($_GET['forumID'])) {
$qFindForums = db_query("SELECT * FROM " . $sql_prefix . "_forums WHERE eventID = '{$sessioninfo->eventID}'");
$content .= "<table>";
while ($rFindForums = db_fetch($qFindForums)) {
$content .= "<tr><td class=tdLink onClick='location.href=\"?module=forumadmin&action=editForum&forumID={$rFindForums->ID}\"'>{$rFindForums->name}</td>";
if ($rFindForums->disabled == 0) {
$lang_text = lang("Enabled");
} else {
$lang_text = lang("Disabled");
}
$content .= "<td><a href=?module=forumadmin&action=enableddisabled&forumID={$rFindForums->ID}>{$lang_text}</a>";
$content .= "</td></tr>\n";
}
// End while
$content .= "</table>\n\n";
if ($action == "editForum") {
$qFindForum = db_query("SELECT * FROM " . $sql_prefix . "_forums WHERE eventID = '{$sessioninfo->eventID}' \n\t\t\tAND ID = '" . db_escape($_GET['forumID']) . "'");
$rFindForum = db_fetch($qFindForum);
$content .= "<form method=POST action='?module=forumadmin&action=editForum&forumID=" . $_GET['forumID'] . "'>\n";
$submit_text = lang("Change forum");
} else {
$content .= "<form method=POST action='?module=forumadmin&action=addForum'>\n";
$submit_text = lang("Add forum");
