function GetBookingTypeAvailability($eventid, $bookingtype, $spaces) { //Returns -1 if no booking allowed //Returns 1 if booking allowed //Returns 0 if booking will be placed in queue as speaces are full. global $link, $today, $db_prefix; $sql = "select count(itItemID) from {$db_prefix}items where itTicket = 1 and itAvailableFrom <= '{$today}' and itAvailableTo >= '{$today}' and itAvailability in ('All', '{$bookingtype}') and itEventID = {$eventid}"; $result = ba_db_query($link, $sql); $TicketTypeAvailable = ba_db_fetch_row($result); $TicketTypeAvailableCount = $TicketTypeAvailable[0]; if ($TicketTypeAvailableCount == 0 && $bookingtype != "All") { return -1; } $sql = "select count(bkID) as BookingCount from {$db_prefix}bookings where bkInQueue = 0 and bkEventID = {$eventid} "; if ($bookingtype != "All") { $sql .= " and bkBookAs = '{$bookingtype}'"; } $result = ba_db_query($link, $sql); $BookingCount = ba_db_fetch_assoc($result); $BookingCount = $BookingCount['BookingCount']; if ($BookingCount >= $spaces) { if (QUEUE_OVER_LIMIT) { return 0; } else { return -1; } } return 1; }
</p> <table class = 'sortable' border = 1> <tr> <th>Player ID</th> <th>OOC First Name</th> <th>OOC Surname</th> <th>E-mail</th> <th>Car Registration</th> <th>Character Name</th> <th colspan = '4'>Actions</th> </tr> <?php //$bNone is True if no rows were displayed $bNone = True; while ($row = ba_db_fetch_assoc($result)) { echo "<tr class = 'highlight'><td>" . PID_PREFIX . sprintf('%03s', $row['plPlayerID']); if ($row['plPassword'] == 'ACCOUNT DISABLED') { echo " (account disabled)"; } echo "</td>"; echo "<td>" . htmlentities(stripslashes($row["plFirstName"])) . "</td>\n"; echo "<td>" . htmlentities(stripslashes($row["plSurname"])) . "</td>\n"; $sMail = htmlentities(stripslashes($row["plEmail"])); echo "<td><a href = 'mailto:{$sMail}'>{$sMail}</a></td>\n"; echo "<td>" . htmlentities(stripslashes($row["plCarRegistration"])) . "</td>\n"; echo "<td>" . htmlentities(stripslashes($row["chName"])) . "</td>\n"; echo "<td><a href = 'admin_edit_ooc.php?pid=" . $row['plPlayerID'] . "'>edit OOC data</a></td>\n"; echo "<td><a href = 'admin_edit_ic.php?pid=" . $row['plPlayerID'] . "'>edit IC data</a></td>\n"; echo "<td><a href = 'admin_viewdetails.php?pid=" . $row['plPlayerID'] . "'>view OOC & IC details</a></td>\n"; echo "<td><a href = 'admin_pw_reset.php?pid=" . $row['plPlayerID'] . "'>reset password</a></td></tr>\n";
<h2><?php echo htmlentities(stripslashes($eventinfo['evEventName'])); ?> </h2> <p> Required for the pre-booked characters: </p> <h3>Booked Item Summary</h3> <?php $sql = "select itDescription, itAvailability, ifnull(sum(biQuantity),0) as itBookingCount from {$db_prefix}items left outer join {$db_prefix}bookingitems on itItemID = biItemID inner join {$db_prefix}bookings on bkID = biBookingID where itEventID = {$eventid} and bkDatePaymentConfirmed <> '' AND bkDatePaymentConfirmed <> '0000-00-00' group by itItemID"; $result = ba_db_query($link, $sql); echo "<table><tr><th>Item name</th><th>Availability</th><th>Booking Count</th></tr>"; while ($itembooking = ba_db_fetch_assoc($result)) { echo "<tr><td>" . $itembooking['itDescription'] . "</td><td>" . $itembooking['itAvailability'] . "</td><td>" . $itembooking['itBookingCount'] . "</td></tr>"; } echo "</table>"; echo "<h3>Power Cards</h3>\n"; echo "<p>{$iCards} Power cards per day\n<br>"; echo $iHerbLore * 5 . " Herb cards\n</p>\n"; echo "<h3>Lore Sheets</h3>\n"; echo "<p>{$iSenseMagic} Sense Magic lore sheets<br>\n"; echo "{$iEvaluate} Evaluate lore sheets<br>\n"; echo "{$iPotionLore} Potion Lore lore sheets<br>\n"; echo "{$iPoisonLore} Poison Lore lore sheets<br>\n"; echo "{$iRecForgery} Recognise Forgery lore sheets<br>\n"; echo "{$iHerbLore} Herb Lore lore sheets<br>\n</p>\n"; echo "<h3>Other</h3>\n"; echo "<p>{$iTranslate} characters have the Translate Named Script OSP<br>\n";
//Mark as paid. //Custom value is the bookingid //Don't set bkAmountExpected, and we add to amount paid, allowing potential for partial payments in future. $custom = (int) $custom; $sql = "UPDATE {$db_prefix}bookings SET bkDatePaymentConfirmed = '" . date('Y-m-d') . "', bkAmountPaid = bkAmountPaid + " . $payment_amount . " WHERE bkID = " . $custom; //Run UPDATE query to set paid date ba_db_query($link, $sql); //Mark bunk as allocated if one was requested $sql = "UPDATE {$db_prefix}bookings SET bkBunkAllocated = 1 WHERE bkBunkRequested = 1 and bkID = " . $custom; //Run UPDATE query to set assign bunk ba_db_query($link, $sql); } //Get details for e-mail $sql_select = "SELECT plFirstName, plSurname, plEmail FROM {$db_prefix}players WHERE plPlayerID = " . $item_number; $result = ba_db_query($link, $sql_select); $row = ba_db_fetch_assoc($result); //Send e-mail $sBody = "Your payment for the upcoming event has been received.\n"; if (PAYPAL_AUTO_MARK_PAID) { $sBody .= "You are now fully booked.\n\n"; } else { $sBody .= "You will be fully booked once your booking has been confirmed by a system administrator.\n\n"; } $sBody .= "Thank you.\n\n"; $sBody .= "Player ID: " . PID_PREFIX . sprintf('%03s', $iPlayerID) . "\n"; $sBody .= "OOC Name: " . $row['plFirstName'] . " " . $row['plSurname']; if ($bEmailPaymentReceived) { mail($row['plEmail'], SYSTEM_NAME . ' - payment received', $sBody, "From:" . SYSTEM_NAME . " <" . EVENT_CONTACT_MAIL . ">"); } //Clear any payment requests for this booking $sql = "delete from {$db_prefix}paymentrequests where prBookingID = " . $custom;
} //Do not redirect if there are any warnings (required fields not filled in, etc) if ($sWarn == '') { //Make up URL & redirect $sURL = fnSystemURL() . "admin_viewdetails.php?pid={$admin_player_id}&green=" . urlencode("OOC details updated"); header("Location: {$sURL}"); } } else { $sWarn = "There was a problem updating the OOC details"; LogError("Error updating OOC information (admin_edit_ooc.php). Player ID: {$admin_player_id}"); } } //Get existing details if there are any $sql = "SELECT plFirstName, " . "plSurname, " . "AES_DECRYPT(pleAddress1, '{$key}') AS dAddress1, " . "AES_DECRYPT(pleAddress2, '{$key}') AS dAddress2, " . "AES_DECRYPT(pleAddress3, '{$key}') AS dAddress3, " . "AES_DECRYPT(pleAddress4, '{$key}') AS dAddress4, " . "AES_DECRYPT(plePostcode, '{$key}') AS dPostcode, " . "AES_DECRYPT(pleTelephone, '{$key}') AS dTelephone, " . "AES_DECRYPT(pleMobile, '{$key}') AS dMobile, " . "plEmail, " . "plDOB, " . "AES_DECRYPT(pleMedicalInfo, '{$key}') AS dMedicalInfo, " . "plEmergencyName, " . "AES_DECRYPT(pleEmergencyNumber, '{$key}') AS dEmergencyNumber, " . "plEmergencyRelationship, " . "plCarRegistration, " . "plDietary, " . "plNotes, " . "plAdminNotes, " . "plEventPackByPost, " . "plRefNumber, " . "plMarshal " . "FROM {$db_prefix}players WHERE plPlayerID = {$admin_player_id}"; $result = ba_db_query($link, $sql); $playerrow = ba_db_fetch_assoc($result); include '../inc/inc_head_html.php'; include '../inc/inc_js_forms.php'; ?> <h1><?php echo TITLE; ?> - Admin OOC Edit</h1> <?php if ($sWarn != '') { echo "<p class = 'warn'>{$sWarn}</p>"; } ?>
' /></td></tr> <tr><td>Staff Bunks</td><td><input type='text' name='txtStaffBunks' value='<?php echo $eventinfo['evStaffBunks']; ?> ' /></td></tr> <tr><td>Total Bunks</td><td><input type='text' name='txtTotalBunks' value='<?php echo $eventinfo['evTotalBunks']; ?> ' /></td></tr> <tr><td>Event Items<br>To allow players to get a reduction, add an item with a negative price (eg "Pot washing: -10")</td><td> <table id='itemtable'> <tr><th>Item name</th><th>Availability</th><th>Ticket</th><th>Meal</th><th>Bunk</th><th>From</th><th>To</th><th>Cost</th><th>Multiple</th><th>Mandatory</th></tr> <?php $sql = "Select * from {$db_prefix}items where itEventID = {$eventid}"; $result = ba_db_query($link, $sql); while ($item = ba_db_fetch_assoc($result)) { echo "<tr id='rowItem" . $item['itItemID'] . "'>"; echo "<td><input type='hidden' name='hItemID" . $item['itItemID'] . "' value='" . $item['itItemID'] . "'/>"; echo "<input type='text' name='txtItemDescription" . $item['itItemID'] . "' value='" . $item['itDescription'] . "' /></td>"; echo "<td><select name='cboAvailability" . $item['itItemID'] . "'>"; echo "<option "; if ($item['itAvailability'] == 'All') { echo 'selected '; } echo "value='All'>All</option>"; echo "<option "; if ($item['itAvailability'] == 'Player') { echo 'selected '; } echo "value='Player'>Player</option>"; echo "<option ";
$queuereason = "your character is not a member of the default faction."; } //Deal with being over the limit if (QUEUE_OVER_LIMIT) { if ($bookinginfo['bkBookAs'] == "Player") { $spaces = $eventinfo['evPlayerSpaces']; } if ($bookinginfo['bkBookAs'] == "Monster") { $spaces = $eventinfo['evMonsterSpaces']; } if ($bookinginfo['bkBookAs'] == "Staff") { $spaces = $eventinfo['evStaffSpaces']; } $limitsql = "select count(bkID) as BookingCount from {$db_prefix}bookings where bkInQueue = 0 and bkBookAs ='" . $bookinginfo['bkBookAs'] . "' and bkEventID = {$eventid} "; $limitresult = ba_db_query($link, $limitsql); $BookingCount = ba_db_fetch_assoc($limitresult); $BookingCount = $BookingCount['BookingCount']; if ($BookingCount > $spaces) { $bookinginfo['bkInQueue'] = 1; $queuereason = "there are no spaces remaining of your booking type."; } } } if ($bookinginfo['bkInQueue'] == 0) { if ($bookingtotal > 0) { echo "<table class='payment'>"; echo "<tr><td>Pay Later</td><td><a href='start.php'>Pay later</a></td></tr>"; if (USE_PAY_PAL) { echo "<tr><td>Pay balance of £{$bookingtotal} via Paypal:</td><td>"; generatePaypalButton("Event booking - " . $bookinginfo['evEventName'] . " (" . PID_PREFIX . sprintf('%03s', $PLAYER_ID) . ")", $PLAYER_ID, $bookingtotal, $bookinginfo['bkID']); echo "</td></tr>";
$iYear = substr($dPaid, 0, 4); $iMonth = substr($dPaid, 5, 2); $iDate = substr($dPaid, 8, 2); $sPaid = "{$iDate}-{$iMonth}-{$iYear}"; echo '"' . $sPaid . '",'; //Amounts paid echo '"' . $row['bkAmountPaid'] . '",'; echo '"' . $row['bkAmountExpected'] . '",'; //OSPs - one per column if (USE_SHORT_OS_NAMES) { $osps = ba_db_query($link, "SELECT ospShortName as ospExportName, otOspID, otAdditionalText FROM {$db_prefix}ospstaken, {$db_prefix}osps " . "WHERE otPlayerID = {$row['plPlayerID']} AND ospID = otOspID ORDER BY ospShortName"); } else { $osps = ba_db_query($link, "SELECT ospName as ospExportName, otOspID, otAdditionalText FROM {$db_prefix}ospstaken, {$db_prefix}osps " . "WHERE otPlayerID = {$row['plPlayerID']} AND ospID = otOspID ORDER BY ospName"); } $sOSList = ""; while ($record = ba_db_fetch_assoc($osps)) { $sOSList .= '"' . stripslashes($record['ospExportName']); if ($record['otAdditionalText'] != "") { $sOSList .= " (" . stripslashes($record['otAdditionalText']) . ")"; } $sOSList .= '",'; //Extra spell card OSPs if ($record['otOspID'] == 6) { $iCards = $iCards + 4; } if ($record['otOspID'] == 7) { $iCards = $iCards + 8; } if ($record['otOspID'] == 3) { $iCards = $iCards + 12; }
if ($row['plFirstName'] == '' || $row['plSurname'] == '') { $bAllOOCInfo = False; } if ($row['dAddress1'] == '' || $row['plEmergencyName'] == '') { $bAllOOCInfo = False; } if ($row['dEmergencyNumber'] == '' || $row['plEmergencyRelationship'] == '') { $bAllOOCInfo = False; } if ($row['plCarRegistration'] == '' || $row['plDietary'] == 'Select one') { $bAllOOCInfo = False; } //Get bookings details. Determine if player is booked $booking_sql = "SELECT * FROM {$db_prefix}bookings WHERE bkPlayerID = {$PLAYER_ID}"; $booking_result = ba_db_query($link, $booking_sql); $booking_row = ba_db_fetch_assoc($booking_result); $sOOC = $booking_row['bkDateOOCConfirmed']; if ($sOOC == '' || $sOOC == '0000-00-00') { $bConfirmed = False; } else { $bConfirmed = True; } if (strtolower($_POST['btnSubmit']) == 'edit' && CheckReferrer('ooc_view.php')) { //Make up URL $sURL = fnSystemURL() . 'ooc_form.php'; header("Location: {$sURL}"); } elseif (strtolower($_POST['btnSubmit']) == 'confirm' && CheckReferrer('ooc_view.php')) { $sDate = date('Y-m-d'); //Check if player already has an entry in bookings table $sql = "SELECT * FROM {$db_prefix}bookings WHERE bkPlayerID = {$PLAYER_ID}"; $result = ba_db_query($link, $sql);
} else { echo $cellstart . formatdata($row['chAncestor'], $bHTML) . $cellend . $separator; } echo $cellstart . formatdata($row['chNotes'], $bHTML) . $cellend . $separator; //Get OSPs $db_prefix = DB_PREFIX; $ospSql = "SELECT otID, ospName, otAdditionalText FROM {$db_prefix}osps, {$db_prefix}ospstaken " . "WHERE otPlayerID = " . $row['plPlayerID'] . " AND otospID = ospID order by ospName"; $rOSPs = ba_db_query($link, $ospSql); echo $cellstart; while ($record = ba_db_fetch_assoc($rOSPs)) { $celldata = $record['ospName']; if ($record['otAdditionalText'] != "") { $celldata .= " (" . $record['otAdditionalText'] . ")"; } echo formatdata($celldata, $bHTML) . '; '; } echo $cellend . $separator; //Get skills $db_prefix = DB_PREFIX; $skSql = "SELECT stSkillID, skName FROM {$db_prefix}skills, {$db_prefix}skillstaken " . "WHERE stPlayerID = " . $row['plPlayerID'] . " AND stSkillID = skID order by skName"; $rSkills = ba_db_query($link, $skSql); echo $cellstart; while ($record = ba_db_fetch_assoc($rSkills)) { echo formatdata($record['skName'], $bHTML) . '; '; } echo $cellend . $rowend; } if ($_GET['action'] == 'view') { echo "</table>\n"; include '../inc/inc_foot.php'; }
function resetExpectedAmount($bookingid) { global $today, $db_prefix, $link; $sql = "select sum(biQuantity * itItemCost) as Expected from {$db_prefix}bookingitems inner join {$db_prefix}items on biItemID = itItemID where biBookingID = {$bookingid}"; $result = ba_db_query($link, $sql); $expected = ba_db_fetch_assoc($result); $expected = $expected['Expected']; $sql = "update {$db_prefix}bookings set bkAmountExpected = {$expected} where bkID = {$bookingid}"; $result = ba_db_query($link, $sql); }
} if ($PLAYER_ID != 0) { if ($sOOC == '' || $sOOC == '0000-00-00') { echo "<li><a href = '{$CSS_PREFIX}ooc_form.php'>OOC information</a></li>\n"; } else { echo "<li><a href = '{$CSS_PREFIX}ooc_view.php'>OOC information</a></li>\n"; } if ($sDateIC == '' || $sDateIC == '0000-00-00') { echo "<li><a href = '{$CSS_PREFIX}ic_form.php'>IC information</a></li>\n"; } else { echo "<li><a href = '{$CSS_PREFIX}ic_view.php'>IC information</a></li>\n"; } //Show link to admin page if user is an admin or root user $sql = "SELECT plAccess FROM " . DB_PREFIX . "players WHERE plPlayerID = {$PLAYER_ID}"; $result = ba_db_query($link, $sql); $inc_head_html_row = ba_db_fetch_assoc($result); if ($inc_head_html_row['plAccess'] == 'admin' || ROOT_USER_ID == $PLAYER_ID) { echo "<li><a href = '{$CSS_PREFIX}admin/admin.php'>Admin</a></li>\n"; } } echo "</ul>"; echo "</div>"; if (($inc_head_html_row['plAccess'] == 'admin' || ROOT_USER_ID == $PLAYER_ID) && $PLAYER_ID != 0) { //Check for install & NON_WEB directories if (file_exists(dirname($_SERVER["SCRIPT_FILENAME"]) . "/install")) { echo "<span class = 'sans-warn'>The <a href = 'install/'>install</a> directory is present. It should be removed if the system is live</span><br />"; } if (file_exists(dirname($_SERVER["SCRIPT_FILENAME"]) . "/NON_WEB")) { echo "<span class = 'sans-warn'>The NON_WEB directory is present. It should be removed</span><br />"; } }
| Bitsand. If not, see <http://www.gnu.org/licenses/>. +---------------------------------------------------------------------------*/ include 'inc/inc_head_db.php'; include 'inc/inc_head_html.php'; $bookingid = (int) htmlentities(stripslashes($_GET['BookingID'])); if ($bookingid == 0) { $bookingid = (int) htmlentities(stripslashes($_POST['BookingID'])); } $sql = "Select * FROM {$db_prefix}bookings inner join {$db_prefix}events on evEventID = bkEventID where bkPlayerID = {$PLAYER_ID} and bkID = " . $bookingid; $result = ba_db_query($link, $sql); if (ba_db_num_rows($result) == 0) { $sMsg = "You cannot view this booking"; $sURL = fnSystemURL() . 'start.php?warn=' . urlencode($sMsg); header("Location: {$sURL}"); } $bookinginfo = ba_db_fetch_assoc($result); if ($_POST['cancel'] != null) { $sURL = fnSystemURL() . 'booking.php?BookingID=' . $bookingid; header("Location: {$sURL}"); } else { if ($_POST['delete'] != null || $_POST['rebook'] != null) { $sql = "DELETE FROM {$db_prefix}bookingitems WHERE biBookingID = " . $bookingid; ba_db_query($link, $sql); $sql = "DELETE FROM {$db_prefix}paymentrequests WHERE prBookingID = " . $bookingid; ba_db_query($link, $sql); $sql = "DELETE FROM {$db_prefix}bookings WHERE bkID = " . $bookingid; ba_db_query($link, $sql); if ($_POST['delete'] != null) { $sMsg = "Your booking has been cancelled for " . htmlentities(stripslashes($bookinginfo['evEventName'])); $sURL = fnSystemURL() . 'start.php?warn=' . urlencode($sMsg); header("Location: {$sURL}");