function uploadFile($tmpLocation, $fileName) { // upload images and put them in sensible places // check images are to be uploaded //get some details about the current user $userID = get_user_id($_SESSION['valid_user']); //the dir to upload the file to on the server //this dir must be writiable by php (chmod 757 ought to do it) //$dir = "./attachments/"; if ($tmpLocation) { // check file name and make it unix friendly $pattern = '/[^a-zA-Z0-9_\\.]/'; $replacement = "_"; $fileName = preg_replace($pattern, $replacement, $fileName); //$dest = $dir . $fileName ; $dest = DIR_FS_ATTACHMENTS . $fileName; if (copy($tmpLocation, $dest)) { //it worked, now note this in the database $query = "INSERT INTO " . EMAILSHOT_ATTACHMENTS_TEMP . " ( attachment_id, user_id, filename ) VALUES ( '', '" . $userID . "', '" . mysql_real_escape_string($fileName) . "' );"; //echo "<hr>$query" ; if ($result = wrap_db_query($query)) { //get the attachment_id (auto) for the entry just added to the temp attachments table //$thisAttachmentID = wrap_db_insert_id() ; //and finally, return the filesize to the item that called this function return FileSize($dest); } //if you get here then the db insert failed so echo "<!-- Insert to DB failed -->"; return false; } else { echo "<!-- Copy to server failed -->"; return false; } } else { echo "<!-- hmmm, somethings a bit dodgy... -->"; } }
} $page_info_message = 'Group deleted successfully.'; break; default: break; } } //get all our current groups $sql = 'SELECT group_id, group_name FROM ' . BOOKING_GROUPS_TABLE . ' ORDER BY group_name ASC'; //it would be neater to include a count of the number of members at the same time but it is impossible to get groups with 0 members to be returned this way, hence the extra query for each group done later in the loop. //$sql = 'SELECT g.group_id, g.group_name, COUNT(m.user_group_id) AS num_members FROM ' . BOOKING_GROUPS_TABLE . ' AS g, ' . BOOKING_USER_GROUPS_TABLE . ' AS m WHERE m.group_id=g.group_id GROUP BY g.group_id ORDER BY g.group_name ASC' ; $res = wrap_db_query($sql); if ($res) { while ($row = wrap_db_fetch_array($res)) { $membershipSql = 'SELECT COUNT(user_group_id) AS numMembers FROM ' . BOOKING_USER_GROUPS_TABLE . ' WHERE group_id=' . $row['group_id']; if ($membershipRes = wrap_db_query($membershipSql)) { if ($membershipRow = wrap_db_fetch_array($membershipRes)) { $row['num_members'] = $membershipRow['numMembers']; } } $groups[] = $row; } } include_once "header.php"; ?> <br /> Use the controls below to add/edit or delete user groups (as used when sending mailshots).<br /> <br /> <form name="form1" method="post" action="<?php echo FILENAME_ADMIN_MODIFY_GROUPS; ?>
?> <input type="hidden" name="submitted" value="submitted"> </p> </form> <b>Current Products</b> <table width="752" border="0" cellpadding="4" cellspacing="2"> <tr> <th class="BgcolorDull2" width="258">Name</th> <th width="100" class="BgcolorDull2">Price</th> <th width="100" class="BgcolorDull2">Quantity</th> <th width="100" class="BgcolorDull2">Currency</th> <th width="142" class="BgcolorDull2">Control</th> </tr> <?php //get all our current products except for the default product $result = wrap_db_query("SELECT * FROM " . BOOKING_PRODUCT_ITEM . " where id not in('1') ORDER BY product_name ASC"); if ($result) { $i = 0; while ($fields = wrap_db_fetch_array($result)) { $i++; $class = 'BgcolorNormal'; if ($i % 2 == 1) { $class = 'BgcolorBody'; } ?> <tr> <td width="258" align="left" class="<?php echo $class; ?> "><?php echo stripslashes($fields['product_name']);
while ($myBuddies = wrap_db_fetch_array($Buddies)) { $myBuddyBuddyIDs[] = $myBuddies['buddy_id']; } // get pending buddies for our user $pendingBuddies = wrap_db_query("SELECT user_id, buddy_id FROM " . BOOKING_BUDDIES_PENDING . " where buddy_id = '" . $user_info['user_id'] . "' OR user_id='" . $user_info['user_id'] . "'"); while ($myPendingBuddies = wrap_db_fetch_array($pendingBuddies)) { $myPendingUserBuddyIDs[] = $myPendingBuddies['user_id']; $myPendingBuddyBuddyIDs[] = $myPendingBuddies['buddy_id']; } // if the user does not have any pending buddies, set the pending session variable to false // so that the indicator flag in the control panel does not show if (!is_array($myPendingBuddyBuddyIDs)) { $_SESSION['number_pending_buddies'] = false; } // get our current buddies $allUsers = wrap_db_query("SELECT user_id, username, firstname, lastname, email FROM " . BOOKING_USER_TABLE . " where user_id <> '" . $user_info['user_id'] . "' AND is_admin = '0' ORDER BY lastname, firstname, username"); while ($myUsers = wrap_db_fetch_array($allUsers)) { foreach ($myUsers as $item) { $my_users[$myUsers['user_id']]['user_id'] = $myUsers['user_id']; $my_users[$myUsers['user_id']]['username'] = $myUsers['username']; $my_users[$myUsers['user_id']]['firstname'] = $myUsers['firstname']; $my_users[$myUsers['user_id']]['lastname'] = $myUsers['lastname']; $my_users[$myUsers['user_id']]['email'] = $myUsers['email']; } } // java script for allow or deny links ?> <script language="JavaScript" type="text/javascript"> <!-- function allow ( selectedtype ) {
<?php //get a list of non-admin users $result = wrap_db_query("SELECT user_id, username, firstname, lastname, email FROM " . BOOKING_USER_TABLE . " WHERE is_admin = '0' ORDER BY lastname, firstname, username"); if ($result) { while ($fields = wrap_db_fetch_array($result)) { echo '<option value="' . $fields['user_id'] . '" title="' . $fields['email'] . '">' . $fields['lastname'] . ', ' . $fields['firstname'] . ' (' . $fields['username'] . ')</option>' . "\n\t\t"; } } ?> </select> </td> <td><input type="submit" name="Submit" value="->" class="ButtonStyle"><br><br><input type="submit" name="Submit" value="<-" class="ButtonStyle"></td> <td><select name="admin_select" size="15"> <?php //get a list of non-admin users $result = wrap_db_query("SELECT user_id, username, firstname, lastname, email FROM " . BOOKING_USER_TABLE . " WHERE is_admin = '1' ORDER BY lastname, firstname, username"); if ($result) { while ($fields = wrap_db_fetch_array($result)) { echo '<option value="' . $fields['user_id'] . '" title="' . $fields['email'] . '">' . $fields['lastname'] . ', ' . $fields['firstname'] . ' (' . $fields['username'] . ')</option>' . "\n\t\t"; //check if this is the main admin account if ($fields['username'] == 'admin') { $admin_account_id = $fields['user_id']; } } } ?> </select></td> </tr> </table> <?php //output a hidden field containing the id of the admin account
<br> - Create a new e-mail mailshot: <input type="button" class="ButtonStyle" value="GO" name="newMailButton" onclick="document.location.href='<?php echo FILENAME_ADMIN_EMAIL_MAILSHOT; ?> '" style="margin-left: 20px;"><br> <br> <br> <?php //output all previously sent emails with links to edit / delete $currentUserID = get_user_id($_SESSION['valid_user']); $sql = 'SELECT email_id, subject, DATE_FORMAT( sent, \'%d/%m/%Y %H:%i\' ) AS sent_time FROM ' . EMAILSHOT_SENT_EMAILS . ' WHERE sent_by_user_id=' . $currentUserID . ' ORDER BY sent DESC'; //echo "<hr>$sql" ; $res = wrap_db_query($sql); $numMails = wrap_db_num_rows($res); if ($numMails > 0) { ?> - Edit or delete a previous e-mail mailshot:<br> <br> <table border="0" cellpadding="4" cellspacing="2" style="margin-left: 10px;"> <tr> <th class="BgcolorDull2" width="150">Subject</th> <th class="BgcolorDull2">Sent</th> <th class="BgcolorDull2">Control</th> </tr> <?php $i = 0; while ($row = wrap_db_fetch_array($res)) {
} ?> <tr> <td>Force users to select booking options:</td> <td width="20"> </td> <td><INPUT TYPE="radio" name="minUserBookingOptions" value="0"<?php echo $minUserBookingOptionsFlag != true ? ' checked="true"' : ''; ?> > No <INPUT TYPE="radio" name="minUserBookingOptions" value="1"<?php echo $minUserBookingOptionsFlag == true ? ' checked="true"' : ''; ?> > Yes</td> </tr> <?php $result = wrap_db_query("SELECT function_value FROM " . SETTINGS_TABLE . " WHERE name = 'admin_minimum_booking_options' LIMIT 0,1 ;"); if ($result) { if ($fields = wrap_db_fetch_array($result)) { //change 1's and 0's to true and false if ($fields['function_value'] > 0) { $minAdminBookingOptionsFlag = true; } else { $minAdminBookingOptionsFlag = false; } } } ?> <tr> <td>Force admins to select booking options:</td> <td width="20"> </td> <td><INPUT TYPE="radio" name="minAdminBookingOptions" value="0"<?php
</table> <?php //Load the user info $user_info = get_user(get_user_id($_SESSION['valid_user'])); // Check we have permissions to buy credits if (wrap_session_is_registered("admin_user") || $user_info['booking_credits'] == 'Not used' || $_SESSION['PAYMENT_GATEWAY'] != '1' || !is_numeric($user_info['user_id'])) { echo "<p>You do not have permission to purchase booking credits. Please contact an Administrator.</p>"; include_once "footer.php"; include_once "application_bottom.php"; die; } // Load the products based on the users group membership $result = wrap_db_query("SELECT DISTINCT bpi.id, bpi.product_name, bpi.quantity, bpi.mc_gross, bpi.mc_currency \n\t\t\t\t\t\t\tFROM (" . BOOKING_PRODUCT_ITEM . " bpi LEFT JOIN " . BOOKING_PRODUCT_GROUPS . " bpg ON bpg.product_id = bpi.id ) \n\t\t\t\t\t\t\tWHERE group_id IN (SELECT DISTINCT group_id FROM " . BOOKING_USER_GROUPS_TABLE . " WHERE user_id = " . $user_info['user_id'] . ") ORDER BY bpi.product_name, bpi.quantity"); // If there are no products assigned, load the default if (!(wrap_db_num_rows($result) >= 1) || !$result) { $result = wrap_db_query("SELECT DISTINCT id, product_name, quantity, mc_gross, mc_currency FROM " . BOOKING_PRODUCT_ITEM . " WHERE id = '1' LIMIT 1"); } if ($result) { while ($products = wrap_db_fetch_array($result)) { // LIVE // https://www.sandbox.paypal.com/cgi-bin/webscr ?> <p> <form action="https://www.paypal.com/cgi-bin/webscr" method="post"> <input type="hidden" name="notify_url" value="<?php echo DOMAIN_NAME . substr(DIR_WS_SCRIPTS, 1) . "paypal_ipn_res.php"; ?> "> <input type="hidden" name="cmd" value="_xclick"> <input type="hidden" name="business" value="<?php echo $_SESSION['PAYPAL_BUSINESS_EMAIL'];
function get_user($user_id) { // get user_id based on $id $result = wrap_db_query("SELECT * FROM " . BOOKING_USER_TABLE . " \r\n\t\t\t\t\t\tWHERE user_id = '" . wrap_db_escape_string($user_id) . "' LIMIT 1"); return wrap_db_fetch_array($result); }
<?php //set some additional one-time session variables if they do not already exist //this saves repeating db queries for what are basically static values // //rahter than doing a separate query for each value, we now pull all of the //values in one go and use a switch statement to follow the correct behaviour //for the various options if (!isset($_SESSION['PUBLIC_REGISTER_FLAG']) || !isset($_SESSION['ADVANCE_BOOKING_LIMIT']) || !isset($_SESSION['MINIMUM_ADVANCE_BOOKING_LIMIT']) || !isset($_SESSION['ADVANCE_CANCEL_LIMIT']) || !isset($_SESSION['SHOW_USER_DETAILS']) || !isset($_SESSION['MINIMUM_USER_BOOKING_OPIONS']) || !isset($_SESSION['MINIMUM_ADMIN_BOOKING_OPIONS']) || !isset($_SESSION['BOOKING_CONF_EMAILS_SEND']) || !isset($_SESSION['BOOKING_CONF_EMAILS_FROM_NAME']) || !isset($_SESSION['BOOKING_CONF_EMAILS_FROM']) || !isset($_SESSION['BOOKING_CONF_EMAILS_SUBJECT']) || !isset($_SESSION['BOOKING_CONF_EMAILS_BODY']) || !isset($_SESSION['BOOKING_CONF_EMAILS_CC']) || !isset($_SESSION['BUDDY_LIST_EMAILS_SEND']) || !isset($_SESSION['BUDDY_LIST_EMAILS_FROM_NAME']) || !isset($_SESSION['BUDDY_LIST_EMAILS_FROM']) || !isset($_SESSION['BUDDY_LIST_EMAILS_SUBJECT']) || !isset($_SESSION['BUDDY_LIST_EMAILS_BODY']) || !isset($_SESSION['PAYMENT_GATEWAY']) || !isset($_SESSION['PAYPAL_BUSINESS_EMAIL']) || !isset($_SESSION['PAYPAL_NOTIFICATION_EMAIL']) || !isset($_SESSION['USER_REGISTER_EMAIL_TO'])) { $result = wrap_db_query("SELECT name, function_value FROM " . SETTINGS_TABLE . " ;"); if ($result) { while ($fields = wrap_db_fetch_array($result)) { //see which parameter we are dealing with switch ($fields['name']) { case 'public_register': $set_val_to = false; if ($fields['function_value'] == '1') { //allow new user registrations $set_val_to = true; } $_SESSION['PUBLIC_REGISTER_FLAG'] = $set_val_to; break; case 'booking_hours_limit': //a safe default. Also used in case the db query fails for some reason //$set_val_to = 336 ; // 336 = 14 days x 24 hours in a day $_SESSION['ADVANCE_BOOKING_LIMIT'] = $fields['function_value']; break; case 'cancellation_hours_limit': //a safe default. Also used in case the db query fails for some reason //$set_val_to = 6 ; // hours $_SESSION['ADVANCE_CANCEL_LIMIT'] = $fields['function_value'];
$users_full_name = $fields['firstname'] . ' ' . $fields['lastname']; } echo '>' . $fields['lastname'] . ', ' . $fields['firstname'] . ' (' . $fields['username'] . ')</option>' . "\n\t\t"; } } ?> </select> </td> </form> <td width="10"> </td> <td valign="top"> <?php if ($_POST['user_select'] != '') { //check that we have not just made a successful update if ($page_success_message == '') { $result = wrap_db_query("SELECT * FROM " . BOOKING_USER_TABLE . " WHERE user_id = '" . $_POST['user_select'] . "' LIMIT 0,1"); if ($result) { if ($fields = wrap_db_fetch_array($result)) { ?> <form method="post" action="<?php echo FILENAME_ADMIN_UPDATE; ?> "> <table cellpadding="2" cellspacing="0" border="0"> <tr><td colspan="2" align="center" class="BgcolorDull2"><b>Required Details</b></td></tr> <tr><td align="right" class="BgcolorDull2" width="32%">Username:<br /><span class="FontBlackSmall"><em>(max 16 chars)</em></span></td> <td class="BgcolorDull2"><INPUT TYPE="text" name="username" value="<?php echo $_POST['username'] ? stripslashes($_POST['username']) : $fields['username']; ?> " size="16" maxlength="16"></td></tr>
<td class="<?php echo $row_color; ?> "><?php if ($fields['credit_type_booking_days'] == '0') { echo "Use Site Default"; } else { echo $fields['credit_type_booking_days']; } ?> </td> <?php if ($_SESSION['PAYMENT_GATEWAY'] === true) { // For each user, load their products and groups $result2 = wrap_db_query("SELECT DISTINCT bpi.id, bpi.product_name, bpi.quantity, bpi.mc_gross, bpi.mc_currency \n\t\t\t\t\t\t\tFROM (" . BOOKING_PRODUCT_ITEM . " bpi LEFT JOIN " . BOOKING_PRODUCT_GROUPS . " bpg ON bpg.product_id = bpi.id ) \n\t\t\t\t\t\t\tWHERE group_id IN (SELECT DISTINCT group_id FROM " . BOOKING_USER_GROUPS_TABLE . " WHERE user_id = " . $fields['user_id'] . ") ORDER BY bpi.quantity"); ?> <td class="<?php echo $row_color; ?> "> <?php while ($products = wrap_db_fetch_array($result2)) { echo $products['product_name'] . " (" . $products['mc_gross'] . " " . $products['mc_currency'] . ", " . $products['quantity'] . " credits)<br />"; } ?> </td> <?php } ?> </tr>
<form name="form1" method="post" action="<?php echo FILENAME_ADMIN_MAX_BOOKINGS; ?> "> <table border="0" cellspacing="10" cellpadding="0"> <tr> <td><b>Users</b></td> <td> </td> <td> </td> </tr> <tr> <td><select name="user_select" size="15" onchange="document.form1.submit()"> <?php //get a list of users $result = wrap_db_query("SELECT user_id, username, firstname, lastname, email, max_bookings FROM " . BOOKING_USER_TABLE . " ORDER BY lastname, firstname, username"); if ($result) { while ($fields = wrap_db_fetch_array($result)) { $max_bookings = $fields['max_bookings'] . ' booking'; if ($fields['max_bookings'] > 1) { $max_bookings .= 's'; } if ($fields['max_bookings'] == 0) { $max_bookings = 'Unlimited bookings'; } echo '<option value="' . $fields['user_id'] . '" title="' . $fields['email'] . '"'; if ($_POST['user_select'] == $fields['user_id']) { echo ' selected="true"'; //store the users name and current limit for use in a later part of the form $users_full_name = $fields['firstname'] . ' ' . $fields['lastname']; $users_current_booking_limit = $fields['max_bookings'];
} } //the CC field may or may not have been submitted. If not, assume no CC to be sent if (isset($_POST['booking_email_cc_me']) && isset($_POST['booking_email_cc'])) { if (validate_email($_POST['booking_email_cc'])) { $query = "UPDATE " . SETTINGS_TABLE . " SET function_value ='" . mysql_real_escape_string($_POST['booking_email_cc']) . "' WHERE name = 'send_booking_conf_email_cc' LIMIT 1 ;"; wrap_db_query($query); //no need to check if it got added, the user will see this for themselves soon enough :) $_SESSION['BOOKING_CONF_EMAILS_CC'] = $_POST['booking_email_cc']; } else { $page_error_message .= "- The e-mail address for the 'CC' (copy of the e-mail to be sent to you) is not a valid e-mail address<br>"; } } else { //disable the cc sending option $query = "UPDATE " . SETTINGS_TABLE . " SET function_value = '' WHERE name = 'send_booking_conf_email_cc' LIMIT 1 ;"; wrap_db_query($query); //no need to check if it got added, the user will see this for themselves soon enough :) $_SESSION['BOOKING_CONF_EMAILS_CC'] = false; } } } } $show_admin_site_admin_menu = true; include_once "header.php"; ?> <br> <form method="POST" action="<?php echo FILENAME_ADMIN_EMAIL_OPTIONS; ?> " name="email_conf_form" onSubmit="return checkRequiredFields(this);"> <b>Booking Confirmation E-mail Settings:</b><br>
</textarea><br> <?php } else { echo stripslashes($event['description']); } ?> </td></tr> <?php //does this site use booking options? $result = wrap_db_query("SELECT option_id, description FROM " . BOOKING_OPTIONS_TABLE . " ORDER BY description ASC"); if ($result && wrap_db_num_rows($result) > 0) { //get the id's and descriptions for options chosen by the user $savedUserBookingOptionIDs = null; $savedUserBookingOptionDescriptions = null; $userBookingResult = wrap_db_query("SELECT e.option_id, o.description FROM " . BOOKING_EVENT_OPTIONS_TABLE . " AS e, " . BOOKING_OPTIONS_TABLE . " AS o WHERE e.event_id='" . $_REQUEST['event_id'] . "' AND e.option_id=o.option_id"); if ($userBookingResult && wrap_db_num_rows($userBookingResult) > 0) { while ($userBookingFields = wrap_db_fetch_array($userBookingResult)) { $savedUserBookingOptionsIDs[] = $userBookingFields['option_id']; $savedUserBookingOptionDescriptions[] = $userBookingFields['description']; } } $numBookingOptions = count($savedUserBookingOptionDescriptions); ?> <tr><td colspan="2" align="left" valign="top"><strong>Booking Options:</strong></td></tr> <tr><td colspan="2" align="left"> <?php if ($_REQUEST['action'] == 'modify') { //show tickable checkboxes ?>
function update_user_information($username, $firstname, $lastname, $email) { // check if username is unique $result = wrap_db_query("SELECT user_id FROM " . BOOKING_USER_TABLE . " WHERE username='******'"); if (!$result) { return false; // no result } else { if (wrap_db_num_rows($result) == 1) { // one result row $fields = wrap_db_fetch_array($result); $user_id = $fields['user_id']; } else { return false; } } if (empty($user_id)) { return false; } // if ok, put in db and return result $result = wrap_db_query("UPDATE " . BOOKING_USER_TABLE . " SET \r\n\t\t\t\t\t\tfirstname = '" . wrap_db_escape_string($firstname) . "',\r\n\t\t\t\t\t\tlastname = '" . wrap_db_escape_string($lastname) . "',\r\n\t\t\t\t\t\temail = '" . wrap_db_escape_string($email) . "' \r\n\t\t\t\t\t\tWHERE username = '******' " . " AND user_id = '" . wrap_db_escape_string($user_id) . "'"); if (!$result) { return false; } else { return true; } }
$buddyCountSql = "SELECT COUNT(user_id) FROM " . BOOKING_BUDDIES . " "; $BuddyRes = wrap_db_query($buddyCountSql); if ($BuddyRes) { while ($row = wrap_db_fetch_array($BuddyRes)) { $buddyCount = $row[0]; } } $pendingBuddyCountSql = "SELECT COUNT(user_id) FROM " . BOOKING_BUDDIES_PENDING . " "; $pendingBuddyRes = wrap_db_query($pendingBuddyCountSql); if ($pendingBuddyRes) { while ($row1 = wrap_db_fetch_array($pendingBuddyRes)) { $pendingBuddyCount = $row1[0]; } } $userCountSql = "SELECT COUNT(user_id) FROM " . BOOKING_USER_TABLE . " WHERE is_admin = '0'"; $UserRes = wrap_db_query($userCountSql); if ($UserRes) { while ($row2 = wrap_db_fetch_array($UserRes)) { $userCount = $row2[0]; } } // calculate percentage of users using BLN $decimal = $buddyCount / $userCount; $percentage = $decimal * 100; ?> <br> Usage Statistics: </p> <table border="0" cellpadding="4" cellspacing="2" id="booking_email_table" style="filter: progid:DXImageTransform.Microsoft.Alpha(opacity=<?php echo $_SESSION['BUDDY_LIST_EMAILS_SEND'] ? '100' : '50'; ?>
echo '>' . $fields['lastname'] . ', ' . $fields['firstname'] . ' (' . $fields['username'] . ')</option>' . "\n\t\t"; } } ?> </select> </td> </form> <td width="99%" valign="top"><?php if ($_POST['user_select'] != '' || $all == true) { //check that we have not just made a successful update if ($all == true) { $query = "SELECT * FROM " . PAYPAL_TRANSACTIONS . " order by payment_date LIMIT 100"; } else { $query = "SELECT * FROM " . PAYPAL_TRANSACTIONS . " WHERE n27_user_id = '" . $_POST['user_select'] . "' order by payment_date LIMIT 30"; } $result = wrap_db_query($query); if ($result && wrap_db_num_rows($result) > 0) { if ($all == true) { echo "Last 100 transactions for all users:<br /><br />"; } else { echo "Last 30 transactions:<br /><br />"; } ?> <table width="98%" border="0" cellpadding="2" cellspacing="0"> <tr> <td width="22%" class="BgcolorDull2">Date</td> <td width="19%" class="BgcolorDull2">Payer Name</td> <td width="27%" class="BgcolorDull2">Payer Email</td> <td width="8%" class="BgcolorDull2" align="center">Quantity</td> <td width="8%" class="BgcolorDull2">Value</td> <td width="8%" class="BgcolorDull2" align="center">Currency</td>
function get_credit_types() { $result = wrap_db_query("SELECT * FROM " . BOOKING_CREDIT_TYPES); $returnArray = null; if (!$result) { return false; // general connection or query error } else { if (wrap_db_num_rows($result) == 0) { return false; // no results - odd! } else { while ($fields = wrap_db_fetch_array($result)) { $returnArray[] = array('credit_type_id' => $fields['credit_type_id'], 'credit_type_name' => $fields['credit_type_name'], 'credit_type_booking_days' => $fields['credit_type_booking_days']); } } } return $returnArray; }
// --> </script> <textarea name="bookingOptionsDesc" rows="5" cols="60" readonly="true"><?php if (isset($_REQUEST['bookingOptionsDesc'])) { echo stripslashes($_REQUEST['bookingOptionsDesc']); } ?> </textarea><br> <table border="0" cellpadding="0" cellspacing="2"> <?php //load any saved booking option preferences this user may have $savedUserPrefOptions = null; //only non-admins can save their preferences, admins should have to tick them each time if (!$is_admin) { $userPrefResult = wrap_db_query("SELECT option_id FROM " . BOOKING_USER_OPTIONS_TABLE . " WHERE user_id='" . $bookingByUserID . "'"); if ($userPrefResult && wrap_db_num_rows($userPrefResult) > 0) { while ($userPrefFields = wrap_db_fetch_array($userPrefResult)) { $savedUserPrefOptions[] = $userPrefFields['option_id']; } } } $rightCol = false; for ($r = 0; $fields = wrap_db_fetch_array($result); $r++) { //is this a left or right column? if ($r % 2 == 0) { //left column echo '<tr align="left"><td>'; $rightCol = false; } else { //right column
<form name="form1" method="post" action="<?php echo FILENAME_ADMIN_BOOKING_CREDITS; ?> "> <table border="0" cellspacing="10" cellpadding="0"> <tr> <td><b>Users</b></td> <td> </td> <td> </td> </tr> <tr> <td valign="top"><select name="user_select" size="15" onchange="document.form1.submit()"> <?php //get a list of users $result = wrap_db_query("SELECT user_id, username, firstname, lastname, email, max_bookings, booking_credits FROM " . BOOKING_USER_TABLE . " WHERE is_admin='0' ORDER BY lastname, firstname, username"); if ($result) { while ($fields = wrap_db_fetch_array($result)) { $user_booking_credits = $fields['booking_credits']; if ($fields['booking_credits'] != 'Not used') { $user_booking_credits .= ' credit'; if ($fields['booking_credits'] != 1) { $user_booking_credits .= 's'; } } echo '<option value="' . $fields['user_id'] . '" title="' . $fields['email'] . '"'; if ($_POST['user_select'] == $fields['user_id']) { echo ' selected="true"'; //store the users name and current limit for use in a later part of the form $users_full_name = $fields['firstname'] . ' ' . $fields['lastname']; $users_current_booking_limit = $fields['max_bookings'];
function get_booking_options($event_id) { //get the id's and descriptions for options chosen by the user $savedUserBookingOptions = null; $userBookingResult = wrap_db_query("SELECT e.option_id, o.description FROM " . BOOKING_EVENT_OPTIONS_TABLE . " AS e, " . BOOKING_OPTIONS_TABLE . " AS o WHERE e.event_id='" . $event_id . "' AND e.option_id=o.option_id"); if ($userBookingResult && wrap_db_num_rows($userBookingResult) > 0) { while ($userBookingFields = wrap_db_fetch_array($userBookingResult)) { $savedUserBookingOptions[] = array('id' => $userBookingFields['option_id'], 'desc' => $userBookingFields['description']); } } return $savedUserBookingOptions; }
} elseif (strlen($_POST['passwd']) < 6 || strlen($_POST['passwd']) > 16) { // check password length $page_title = "User Registration Problem"; $page_error_message = "Your password must be between 6 and 16 characters. Please try again."; } elseif ($_SESSION['security_code'] != $_POST['security_code'] || empty($_SESSION['security_code'])) { $page_title = "User Registration Problem"; $page_error_message = "Invalid security code. Please enter the letters shown within the image."; } // Check if the username is already in use $result = wrap_db_query("SELECT username FROM " . BOOKING_USER_TABLE . " WHERE username ='******'username'])) . "' LIMIT 1"); if ($result && wrap_db_num_rows($result) > 0) { $page_title = "User Registration Problem"; $page_error_message = "Username already taken. Please choose another."; } // Check if the email is already in use $result = wrap_db_query("SELECT email FROM " . BOOKING_USER_TABLE . " WHERE email ='" . strtolower(trim($_POST['email'])) . "' LIMIT 1"); if ($result && wrap_db_num_rows($result) > 0) { $page_title = "User Registration Problem"; $page_error_message = "Email address already in use. Please choose another."; } if ($page_error_message == '') { // attempt to register if no error message $reg_result = register($_POST['username'], $_POST['passwd'], $_POST['firstname'], $_POST['lastname'], $_POST['groups'], $_POST['email']); if ($reg_result) { // register session variable unset($_SESSION['security_code']); $_SESSION['valid_user'] = $_POST['username']; wrap_session_register("valid_user"); $page_title = "Registration Successful!"; } else { // register problem: username taken, database error
wrap_session_register("block_book"); } //booking credits remaining $_SESSION['booking_credits'] = remaining_booking_credits($_REQUEST['username']); // Member check // check if the user is a member or not - but only if they are not an admin as this flag is not used for admins if (!wrap_session_is_registered("admin_user")) { $_SESSION['is_member'] = is_member($_REQUEST['username']); } //can they view other users bookings? if (is_admin($_REQUEST['username'])) { //admins can always see everyone elses bookings $_SESSION['SHOW_USER_DETAILS'] = true; } else { //how about regular users? This will depend on the site wide value set by an admin $result = wrap_db_query("SELECT function_value FROM " . SETTINGS_TABLE . " WHERE name = 'user_details_viewing' LIMIT 0,1 ;"); if ($result) { if ($fields = wrap_db_fetch_array($result)) { //change 1's and 0's to true and false if ($fields['function_value'] == "1") { $_SESSION['SHOW_USER_DETAILS'] = true; } else { $_SESSION['SHOW_USER_DETAILS'] = false; } } } } } else { // login failed, show error page $display_login_form = true; $page_error_message = "You could not be logged in. Please try again.";
<?php // user_nav_widget.php // Display the User Navigation/Functions Bar // If booking_credits session var is not present, refresh the users credit value // Ths way we can force a refresh by unsetting this var e.g. after a paypal transaction $user_info = get_user(get_user_id($_SESSION['valid_user'])); if (!wrap_session_is_registered("admin_user") && $user_info['booking_credits'] !== 'Not used' && $_SESSION['PAYMENT_GATEWAY'] == '1' && is_numeric($user_info['user_id'])) { $result = wrap_db_query("SELECT booking_credits FROM " . BOOKING_USER_TABLE . " where user_id = '" . $user_info['user_id'] . "'"); if ($result) { while ($fields = wrap_db_fetch_array($result)) { $_SESSION['booking_credits'] = $fields['booking_credits']; } } } ?> <table cellspacing="1" cellpadding="1" width="100%" border="0"> <tr> <td nowrap="nowrap" align="center" valign="middle" class="BgcolorDull2"> <img src="<?php echo DIR_WS_IMAGES; ?> /spacer.gif" width="15" height="15" /> User Functions: <?php if (isset($_SESSION['valid_user']) && $_SESSION['valid_user'] != '') { echo '<a href="' . FILENAME_MY_BOOKWAKE_VIEW . '"><b>' . $_SESSION['valid_user'] . '</b>'; if ($_SESSION['booking_credits'] != 'Not used') { echo ' (<b>' . $_SESSION['booking_credits'] . '</b> credit'; if ($_SESSION['booking_credits'] != 1) {