/**
* @param $userid
* @return object
*
*/
function generateInvoiceNumber($userid)
{
$userid = convertForInsert($userid);
$sql = "INSERT INTO `tbl_invoices` (InvoiceID, UserID) VALUES (NULL, " . $userid . ");";
$mysqli = new mysqli(Database::dbserver, Database::dbuser, Database::dbpass, Database::dbname);
$mysqli->query($sql);
$insertid = $mysqli->insert_id;
$mysqli->close();
$data = array("success" => true, "invoiceid" => $insertid);
return json_encode($data);
}
<?php
session_start();
require 'lib/db.php';
function convertForInsert($str)
{
if ($str != "") {
$str = "\"" . $str . "\"";
} else {
$str = "NULL";
}
return $str;
}
$ip = convertForInsert($_SERVER["REMOTE_ADDR"]);
$vote = convertForInsert($_GET["vote"]);
$sql = "\n INSERT INTO tbl_Votes\n (VoteID, IP_Address, Vote)\n VALUES\n (NULL, {$ip}, {$vote});\n";
$result = mysql_query($sql);
if (!$result) {
echo mysql_error($result);
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />
<title>BUMC Scrapbook Crop Registratrion</title>
<link href="registration.css" rel="stylesheet" type="text/css" />
<link rel="shortcut icon" href="images/site.ico">
if (!isset($_SESSION['authUser'])) {
$cancelProcess = true;
header("Location: login.php");
}
if (isset($_POST['getSettings']) && !$cancelProcess) {
$userid = $_SESSION['UserID'];
$mysqli = new mysqli(db::dbserver, db::dbuser, db::dbpass, db::dbname);
$sql = "SELECT * FROM tbl_Settings WHERE UserID='" . $userid . "'";
$rs = $mysqli->query($sql);
while ($row = $rs->fetch_assoc()) {
$settingid = $row['SettingID'];
$email = $row['Email'];
$friendlyemail = $row['FriendlyEmail'];
$bcc = $row['bcc'];
}
$data = array("success" => true, "message" => "Success!", "id" => $settingid, "email" => $email, "friendlyemail" => $friendlyemail, "bcc" => $bcc);
echo json_encode($data);
$rs->free();
$mysqli->close();
}
//getSettings
if (isset($_POST['newEventID']) && !$cancelProcess) {
$userid = convertForInsert($_SESSION['UserID']);
$eventid = convertForInsert($_POST['newEventID']);
$mysqli = new mysqli(db::dbserver, db::dbuser, db::dbpass, db::dbname);
$sql = "UPDATE tblLastEvent SET EventID = " . $eventid . " WHERE UserID = " . $userid;
$mysqli->query($sql);
$mysqli->close();
$data = array("success" => true, "message" => "Success!");
echo json_encode($data);
}
function getPaymentPlan($eventid, $userid)
{
$data = "";
$dataArray = array();
$mysqli = new mysqli(db::dbserver, db::dbuser, db::dbpass, db::dbname);
$eventid = convertForInsert($eventid);
$sql = "SELECT\n tbl_payment_timeframes.*,\n tbl_payment_type.*\n FROM `tbl_payment_timeframes`\n LEFT JOIN `tbl_payment_type` ON `tbl_payment_timeframes`.PaymentTypeID = `tbl_payment_type`.PaymentTypeID\n WHERE `tbl_payment_timeframes`.EventID = {$eventid} AND `tbl_payment_timeframes`.UserID = {$userid}";
$rs = $mysqli->query($sql);
try {
while ($row = $rs->fetch_assoc()) {
$data['TimeFrameID'] = convertNullToBlank($row['TimeFrameID']);
$data['EventID'] = convertNullToBlank($row['EventID']);
$data['Note'] = convertNullToBlank($row['Note']);
$data['StartDate'] = convertNullToBlank($row['StartDate']);
$data['EndDate'] = convertNullToBlank($row['EndDate']);
$data['Amount'] = convertNullToBlank($row['Amount']);
$data['Form'] = convertNullToBlank($row['Form']);
$dataArray[] = $data;
}
return $dataArray;
} catch (Exception $e) {
return false;
//something went wrong
}
}
$_SESSION['requestedtablebuddies'] = $_POST['requestedtablebuddies'];
$_SESSION['notetohostess'] = $_POST['notetohostess'];
//$_SESSION['typeOfFood'] = $_POST['typeOfFood'];
$userid = getUserID($eventid);
$name = convertForInsert($mysqli->real_escape_string($_SESSION['name']));
$emailaddress = convertForInsert($mysqli->real_escape_string($_SESSION['emailaddress']));
$streetaddress = convertForInsert($mysqli->real_escape_string($_SESSION['streetaddress']));
$csz = convertForInsert($mysqli->real_escape_string($_SESSION['csz']));
$phone = convertForInsert($mysqli->real_escape_string($_SESSION['phone']));
$payby = convertForInsert($mysqli->real_escape_string($_SESSION['payby']));
$returningguest = convertForInsert($mysqli->real_escape_string($_SESSION['returningguest']));
//$food = convertForInsert($mysqli->real_escape_string($_SESSION['food']));
$heardabout = convertForInsert($mysqli->real_escape_string($_SESSION['heardabout']));
$referredby = convertForInsert($mysqli->real_escape_string($_SESSION['referredby']));
$requestedtablebuddies = convertForInsert($mysqli->real_escape_string($_SESSION['requestedtablebuddies']));
$notetohostess = convertForInsert($mysqli->real_escape_string($_SESSION['notetohostess']));
//$typeOfFood = convertForInsert($mysqli->real_escape_string($_SESSION['typeOfFood']));
//build e-mail string
//send email and sql statement
if (!$cancelProcess) {
$sql = "INSERT INTO registration (UserID, EventID, Name, EmailAddress, StreetAddress, CSZ, Phone, PayBy, ReturningGuest, Food, HeardAbout, ReferredBy, EnteredBy, RequestedTableBuddies, NoteToHostess, Paid, FoodCategory, CustomMessageBdySent) ";
//$sql = $sql."VALUES ('".$userid."','".$eventid."','".$_SESSION['name']."','".$_SESSION['emailaddress']."','".$_SESSION['streetaddress']."','".$_SESSION['csz']."','".$_SESSION['phone']."','".$_SESSION['payby']."','".$_SESSION['returningguest']."','','".$_SESSION['heardabout']."','".$_SESSION['referredby']."', 'Online','".$_SESSION['requestedtablebuddies']."','".$_SESSION['notetohostess']."', 'N', 'NULL', '0')";
$sql = $sql . "VALUES (" . $userid . "," . $eventid . "," . $name . "," . $emailaddress . "," . $streetaddress . "," . $csz . "," . $phone . "," . $payby . "," . $returningguest . ", NULL," . $heardabout . "," . $referredby . ", 'Online'," . $requestedtablebuddies . "," . $notetohostess . ", 'N', NULL, 0)";
$result = $mysqli->query($sql);
if (!$result) {
echo mysqli_error($mysqli);
//TODO: This needs to be a better error layout for users
$cancelProcess = true;
}
// multiple recipients
$to = $_SESSION['emailaddress'];
