include $CSS_PREFIX . 'inc/inc_head_html.php';
//Report all errors except E_NOTICE
error_reporting(E_ALL ^ E_NOTICE);
$db_prefix = DB_PREFIX;
$key = CRYPT_KEY;
if ($_POST['btnSubmit'] != '' && $_POST['txtKey'] == CRYPT_KEY && CheckReferrer('initial_config.php')) {
//Set up update query to change config values
$updateQuery = "UPDATE `{$db_prefix}config` SET ";
$updateQuery .= "cnEVENT_CONTACT_NAME = '" . ba_db_real_escape_string($link, $_POST['txtEVENT_CONTACT_NAME']) . "', ";
$updateQuery .= "cnEVENT_CONTACT_MAIL = '" . ba_db_real_escape_string($link, $_POST['txtEVENT_CONTACT_MAIL']) . "', ";
$updateQuery .= "cnTECH_CONTACT_NAME = '" . ba_db_real_escape_string($link, $_POST['txtTECH_CONTACT_NAME']) . "', ";
$updateQuery .= "cnTECH_CONTACT_MAIL = '" . ba_db_real_escape_string($link, $_POST['txtTECH_CONTACT_MAIL']) . "', ";
$updateQuery .= "cnTITLE = '" . ba_db_real_escape_string($link, $_POST['txtTITLE']) . "', ";
$updateQuery .= "cnSYSTEM_NAME = '" . ba_db_real_escape_string($link, $_POST['txtSYSTEM_NAME']) . "', ";
$updateQuery .= "cnMIN_PASS_LEN = " . ba_db_real_escape_string($link, (int) $_POST['txtMIN_PASS_LEN']) . ", ";
$updateQuery .= "cnSEND_PASSWORD = "******"SELECT plEmail FROM {$db_prefix}players WHERE plPlayerID = " . ROOT_USER_ID;
$result = ba_db_query($link, $sql);
$row = ba_db_fetch_assoc($result);
$root_email = $row['plEmail'];
if (!ba_db_query($link, $updateQuery)) {
$sWarn = "There was a problem updating the config details";
LogError("There was a problem updating the config details. Admin ID: {$PLAYER_ID}");
//E-mail root
$subject = SYSTEM_NAME . " - Error updating config details";
$body = "Someone tried to change the config details, but an error was encountered. See the log for more details";
mail($root_email, $subject, $body, "From:" . SYSTEM_NAME . " <" . EVENT_CONTACT_MAIL . ">");
} else {
$sMessage = "The config settings have been successfully updated.";
//E-mail root
$eventidsql = "select max(evEventID) as newID from {$db_prefix}events";
$result = ba_db_query($link, $eventidsql);
$eventidarray = ba_db_fetch_assoc($result);
$eventid = $eventidarray['newID'];
}
//Deal with items
$deletesql = "delete from {$db_prefix}items where itEventID = {$eventid} and itItemID in(" . ba_db_real_escape_string($link, $_POST['hRemovedItemIDs']) . ")";
ba_db_query($link, $deletesql);
foreach ($_POST as $key => $value) {
if (substr($key, 0, 7) == "hItemID") {
$iItemID = (int) $value;
$ticket = setBoolValue($_POST["chkTicket{$value}"]);
$meal = setBoolValue($_POST["chkMeal{$value}"]);
$bunk = setBoolValue($_POST["chkBunk{$value}"]);
$allowmultiple = setBoolValue($_POST["chkAllowMultiple{$value}"]);
$mandatory = setBoolValue($_POST["chkMandatory{$value}"]);
$itemdescription = ba_db_real_escape_string($link, $_POST["txtItemDescription{$value}"]);
$availability = ba_db_real_escape_string($link, $_POST["cboAvailability{$value}"]);
$availablefrom = ba_db_real_escape_string($link, $_POST["txtAvailableFrom{$value}"]);
$availableto = ba_db_real_escape_string($link, $_POST["txtAvailableTo{$value}"]);
$itemcost = sanitiseAmount($_POST["txtItemCost{$value}"], True);
if ($iItemID > 0) {
$updatequery = "UPDATE {$db_prefix}items set ";
$updatequery .= "itTicket = {$ticket}, ";
$updatequery .= "itMeal = {$meal}, ";
$updatequery .= "itBunk = {$bunk}, ";
$updatequery .= "itAllowMultiple = {$allowmultiple}, ";
$updatequery .= "itMandatory = {$mandatory}, ";
$updatequery .= "itDescription = '{$itemdescription}', ";
$updatequery .= "itAvailability = '{$availability}', ";
$updatequery .= "itAvailableFrom = '{$availablefrom}', ";
$updateQuery .= "cnANCESTOR_DROPDOWN = " . setBoolValue($_POST['chkANCESTOR_DROPDOWN']) . ", ";
$updateQuery .= "cnDEFAULT_FACTION = '" . ba_db_real_escape_string($link, $_POST['selDEFAULT_FACTION']) . "', ";
$updateQuery .= "cnNON_DEFAULT_FACTION_NOTES = " . setBoolValue($_POST['chkNON_DEFAULT_FACTION_NOTES']) . ", ";
$updateQuery .= "cnIC_NOTES_TEXT = '" . ba_db_real_escape_string($link, $_POST['txtIC_NOTES_TEXT']) . "', ";
$updateQuery .= "cnLOGIN_TIMEOUT = " . ba_db_real_escape_string($link, (int) $_POST['txtLOGIN_TIMEOUT']) . ", ";
$updateQuery .= "cnLOGIN_TRIES = " . ba_db_real_escape_string($link, (int) $_POST['txtLOGIN_TRIES']) . ", ";
$updateQuery .= "cnMIN_PASS_LEN = " . ba_db_real_escape_string($link, (int) $_POST['txtMIN_PASS_LEN']) . ", ";
$updateQuery .= "cnSEND_PASSWORD = "******", ";
$updateQuery .= "cnUSE_PAY_PAL = " . setBoolValue($_POST['chkUSE_PAY_PAL']) . ", ";
$updateQuery .= "cnPAYPAL_EMAIL = '" . ba_db_real_escape_string($link, $_POST['txtPAYPAL_EMAIL']) . "', ";
$updateQuery .= "cnNPC_LABEL = '" . ba_db_real_escape_string($link, $_POST['txtNPC_LABEL']) . "', ";
$updateQuery .= "cnPAYPAL_AUTO_MARK_PAID = " . setBoolValue($_POST['chkPAYPAL_AUTO_MARK_PAID']) . ", ";
$updateQuery .= "cnUSE_SHORT_OS_NAMES = " . setBoolValue($_POST['chkUSE_SHORT_OS_NAMES']) . ", ";
$updateQuery .= "cnALLOW_EVENT_PACK_BY_POST = " . setBoolValue($_POST['chkALLOW_EVENT_PACK_BY_POST']) . ", ";
$updateQuery .= "cnSTAFF_LABEL = '" . ba_db_real_escape_string($link, $_POST['txtSTAFF_LABEL']) . "', ";
$updateQuery .= "cnQUEUE_OVER_LIMIT = " . setBoolValue($_POST['chkQUEUE_OVER_LIMIT']);
//Update database
$bUpdate = ba_db_query($link, $updateQuery);
}
if ($_POST['btnSubmit'] != '' && CheckReferrer('admin_changeconfig.php')) {
//Get new config information from database
$sql = "SELECT * FROM {$db_prefix}config WHERE cnName = 'Default' ";
$result = ba_db_query($link, $sql);
if (ba_db_num_rows($result) == 1) {
$row = ba_db_fetch_assoc($result);
} else {
$sWarn = "Could not find config information in database";
}
//Compare old & new configs
foreach ($row as $col => $value) {
if ($row[$col] != $oldconfig[$col]) {
