Esempio n. 1
0
require 'lib/mailgun-php/vendor/autoload.php';
use Mailgun\Mailgun;
//Conn
include 'config.php';
//Hide bug
if (isset($_POST['HideBug'])) {
    if (isset($_POST["BugID"])) {
        $id = SanitizeInput($_POST["BugID"]);
        $sql = "UPDATE bugs SET DisplayBug=0 WHERE ID={$id}";
        if ($result = $conn->query($sql)) {
            die("Buggen visas inte längre!");
        }
    }
}
$data = SanitizeInput(json_encode($_POST));
$sql = "INSERT INTO bugs (Bugdata, DisplayBug) VALUES ('{$data}', 1)";
//Execute
if ($conn->query($sql) === TRUE) {
    echo "Buggen har rapporterats!";
    header("Location: ../bugg?done=yes");
    //Your credentials
    $mg = new Mailgun("key-50d4758b888eb62ba8ae9f475d36f4d2");
    $domain = "mailgun.ghostops.nu";
    try {
        $result = $mg->sendMessage($domain, array('from' => 'UK-Sidan <*****@*****.**>', 'to' => "*****@*****.**", 'subject' => 'Ny Bugg på UK-sidan', 'html' => "En ny bugg har registrerats på UK-sidan: {$data}"));
    } catch (Exception $e) {
        die("Händer det här är något fel...");
    }
} else {
    echo "Error: " . $sql . "<br>" . $conn->error;
Esempio n. 2
0
<?php

//Conn to config
include 'config.php';
$runnerID = SanitizeInput($_POST['runner']);
//Get runner name
$name = "";
$query = "SELECT FirstName, LastName FROM runners WHERE ID = {$runnerID}";
if ($result = $conn->query($query)) {
    while ($row = $result->fetch_row()) {
        $name .= $row[0] . " ";
        $name .= $row[1];
    }
}
//Delete person
$query = "DELETE FROM runners WHERE ID = {$runnerID}";
if ($result = $conn->query($query)) {
    echo "{$name} har blivit avanmäld!";
} else {
    echo "Ett fel uppstod!";
}
Esempio n. 3
0
<?php

include 'config.php';
$track = $_POST["Track"];
print_r($track);
//Sanitize all input
foreach ($track as $key => $value) {
    $track[$key] = SanitizeInput($value);
}
$sql = "UPDATE tracks\n\t\t\tSET EventID='" . $track["EventID"] . "',\n\t\t\t\tTrackID='" . $track["TrackID"] . "',\n\t\t\t\tName='" . $track["Name"] . "',\n\t\t\t\tLength='" . $track["Length"] . "'  \n\t\t\tWHERE ID=" . $track["ID"] . ";";
//Execute
if ($conn->query($sql) === TRUE) {
    header("Location: ../admin?track=" . $track["ID"] . "&event=" . $track["EventID"] . "&success");
} else {
    echo "Error: " . $sql . "<br>" . $conn->error;
}
Esempio n. 4
0
<?php

//Conn to config
include 'config.php';
if (!isset($_POST['event'])) {
    die(0);
}
//Get multiple events
$event = SanitizeInput($_POST['event']);
$event = explode(',', $event);
foreach ($event as $key => $value) {
    if (!empty($value)) {
        //Delete event
        $query = "DELETE FROM event WHERE EventID = {$value}";
        if ($result = $conn->query($query)) {
            echo "Event {$value} har tagits bort!<br>";
        } else {
            echo "Ett fel uppstod!<br>";
        }
        //Delete tracks
        $query = "DELETE FROM tracks WHERE EventID = {$value}";
        if ($result = $conn->query($query)) {
            echo "Bana {$value} har tagits bort!<br>";
        } else {
            echo "Ett fel uppstod!<br>";
        }
        //Delete runners
        $query = "DELETE FROM runners WHERE EventID = {$value}";
        if ($result = $conn->query($query)) {
            echo "Anmälda för event {$value} har tagits bort!<br>";
        } else {
Esempio n. 5
0
$relayPublic = false;
//Check for password POST
$pwd = isset($_POST["pwd"]) ? $_POST['pwd'] : '';
$wrongPwd = isset($_POST["wrongPwd"]) ? $_POST['wrongPwd'] : '';
//If event is not set
if ($event == "") {
    $redirectOption = "stafett";
    die(include 'php/views/allevents.php');
}
//If relay is not set
if ($relayID == "") {
    die(include 'php/views/allrelays.php');
}
//Get relay ID if not "new"
if (isset($_GET['relay']) && !empty($_GET['relay']) && $_GET['relay'] != "new") {
    $relayID = SanitizeInput($_GET["relay"]);
    //Get relay name if there is any
    if ($query = $conn->query("SELECT RelayName FROM relays WHERE RelayID = {$relayID} AND EventID = {$event}")) {
        $relayName = $query->fetch_object()->RelayName;
    } else {
        die(include 'php/views/notfound.php');
    }
    //Get public status
    if ($query = $conn->query("SELECT Public FROM relays WHERE RelayID = {$relayID} AND EventID = {$event}")) {
        $relayPublic = $query->fetch_object()->Public;
    }
    //If a relay with same ID already exists
    $abc = range('A', 'Z');
    $Relays = "";
    if ($relayJSON = $conn->query("SELECT RelayTeam FROM relays WHERE RelayID = {$relayID} AND EventID = {$event}")) {
        $RelayTeam = json_decode($relayJSON->fetch_object()->RelayTeam, true);
Esempio n. 6
0
//Conn
include 'config.php';
$runnerFirstName = SanitizeInput($_POST['runnerFirstName']);
$runnerLastName = SanitizeInput($_POST['runnerLastName']);
$runnerMsg = SanitizeInput($_POST['runnerMsg']);
$runnerTrack = SanitizeInput($_POST['runnerTrack']);
$eventID = SanitizeInput($_POST["eventID"]);
$userID = SanitizeInput($_POST["userID"]);
//Event required data
$runnerBday = isset($_POST["birthday"]) ? $_POST['birthday'] : '';
$runnerSex = isset($_POST["sex"]) ? $_POST['sex'] : '';
$runnerSI = isset($_POST["siNumber"]) ? $_POST['siNumber'] : '';
$runnerData = ["Födelsedatum" => $runnerBday, "Kön" => $runnerSex, "SI-Nummer" => $runnerSI];
$runnerData = json_encode($runnerData, JSON_UNESCAPED_UNICODE);
$runnerData = SanitizeInput($runnerData);
//Check if name is empty
if ($runnerFirstName == "") {
    $runnerFirstName = "Inget förnamn";
}
if ($runnerLastName == "") {
    $runnerLastName = "Inget efternamn";
}
if ($runnerMsg == "") {
    $runnerMsg = "";
}
if ($runnerTrack == "none" || !isset($runnerTrack)) {
    $trackdata = GetTrackData($conn, $eventID);
    if (empty($trackdata)) {
        $sql = "INSERT INTO runners (FirstName, LastName, UserID, EventID, Track, RelayConfirm, RelayMessage, RunnerData) \n\t\t\tVALUES ('{$runnerFirstName}', '{$runnerLastName}', '{$userID}', {$eventID}, 1, '', '{$runnerMsg}', '{$runnerData}')";
    } else {
Esempio n. 7
0
<?php

//Conn
include 'config.php';
$eventID = SanitizeInput($_POST['eventID']);
$relayID = SanitizeInput($_POST['relayID']);
$runnerID = SanitizeInput($_POST["runnerID"]);
$run = SanitizeInput($_POST["run"]);
$msg = SanitizeInput($_POST["runnerMsg"]);
$sql = "UPDATE runners SET RelayConfirm = '{$run}', RelayMessage = '{$msg}' WHERE ID = {$runnerID} AND EventID = {$eventID}";
if ($conn->query($sql) === TRUE) {
    echo "Uppställningen har sparats!";
} else {
    echo "Error: " . $sql . "<br>" . $conn->error;
}
Esempio n. 8
0
<?php

//Conn
include 'config.php';
$event = SanitizeInput($_POST['eventID']);
$relay = SanitizeInput($_POST['relayID']);
$query = "DELETE FROM relays WHERE EventID = {$event} AND RelayID = {$relay}";
if ($result = $conn->query($query)) {
    echo "Lag borttaget";
}
Esempio n. 9
0
<?php

include 'config.php';
$event = $_POST["Event"];
//Sanitize all input
foreach ($event as $key => $value) {
    $event[$key] = SanitizeInput($value);
}
$sql = "UPDATE event\n\t\t\tSET EventID='" . $event["EventID"] . "',\n\t\t\t\tName='" . $event["Name"] . "',\n\t\t\t\tTracks='" . $event["Tracks"] . "',\n\t\t\t\tEventDate='" . $event["EventDate"] . "',\n\t\t\t\tEventInfo='" . $event["EventInfo"] . "',\n\t\t\t\tPassword='******',\n\t\t\t\tCreationDate='" . $event["CreationDate"] . "',\n\t\t\t\tClosingDate='" . $event["ClosingDate"] . "',\n\t\t\t\tBlockOnClose='" . $event["BlockOnClose"] . "',\n\t\t\t\tCreatorUserID='" . $event["CreatorUserID"] . "' \n\t\t\tWHERE ID=" . $event["ID"] . ";";
//Execute
if ($conn->query($sql) === TRUE) {
    echo "Event " . $event["Name"] . " har lagts redigerats!\n";
    header("Location: ../admin?event=" . $event["EventID"] . "&success");
} else {
    echo "Error: " . $sql . "<br>" . $conn->error;
}
Esempio n. 10
0
<?php

//DB
include 'config.php';
//Die if not posted
if ($event = !isset($_POST["eventID"])) {
    die;
}
//Event
$event = SanitizeInput($_POST["eventID"]);
$eventName = "";
$eventTracks = 0;
//Event vars
$query = "SELECT Name, Tracks, EventData FROM event WHERE EventID = {$event}";
if ($result = $conn->query($query)) {
    while ($row = $result->fetch_row()) {
        $eventName = $row[0];
        $eventTracks = $row[1];
        $eventData = json_decode($row[2], true);
    }
    $result->close();
}
//Track vars
$Tracks = [];
$query = "SELECT Name, TrackID FROM tracks WHERE EventID = {$event} ORDER BY TrackID";
if ($result = $conn->query($query)) {
    while ($row = $result->fetch_row()) {
        $trackName = $row[0];
        $trackID = $row[1];
        $queryRunners = "SELECT FirstName, LastName, Track, ID, RunnerData FROM runners WHERE EventID = {$event} AND Track = {$trackID}";
        $runnerIncrement = 0;
Esempio n. 11
0
<?php

//Connect to db
include 'php/config.php';
//Get event ID
$event = isset($_GET["event"]) ? $_GET['event'] : '';
$event = SanitizeInput($event);
//List all events if event is not set
if ($_GET['event'] = '' || !isset($_GET['event'])) {
    $redirectOption = "anmal";
    die(include 'php/views/allevents.php');
}
//Get even data
$EventData = GetEventData($conn, $event);
$eventName = $EventData["Name"];
$eventTracks = $EventData["Tracks"];
$creatorID = $EventData["CreatorUserID"];
//Die if eventname and tracks don't exist
if ($eventName == '' && $eventTracks == 0) {
    die(include 'php/views/notfound.php');
}
//If closing date has passed
$expired = false;
$hasEndtime = false;
if ($EventData["ClosingDate"] != "2099-01-01 23:59:59") {
    $hasEndtime = true;
    if (strtotime(date("Y-m-d H:i:s")) > strtotime($EventData["ClosingDate"])) {
        $expired = true;
        if ($EventData["BlockOnClose"]) {
            die(include "php/views/expired.php");
        }
Esempio n. 12
0
<?php

//Conn
include 'config.php';
$eventID = SanitizeInput($_POST['eventID']);
$trackID = SanitizeInput($_POST['trackID']);
$trackName = SanitizeInput($_POST['trackName']);
$trackLength = SanitizeInput($_POST['trackLength']);
if ($trackName == "") {
    $trackName = "Bana utan namn";
}
if ($trackLength == "") {
    $trackLength = "Ingen längd";
}
$sql = "INSERT INTO tracks (EventID, TrackID, Name, Length) VALUES ({$eventID}, {$trackID}, '{$trackName}', '{$trackLength}')";
if ($conn->query($sql) === TRUE) {
    echo "Bana {$trackName} har lagts till.\n";
} else {
    echo "Error: " . $sql . "<br>" . $conn->error;
}
Esempio n. 13
0
    if (file_exists("php/{$filename}")) {
        require "php/{$filename}";
    } else {
        die("functions not found");
    }
}
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
$conn->set_charset('utf8mb4');
// Check connection
if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
}
//Sanitize input
function SanitizeInput($input)
{
    $sanitized = strip_tags(addslashes($input));
    return $sanitized;
}
//User ID
$userIDGet = isset($_GET["uid"]) ? $_GET['uid'] : '';
if ($userIDGet != "") {
    $userID = SanitizeInput($userIDGet);
    setcookie("userID", $userIDGet, time() + 31556926);
} else {
    $userID = isset($_COOKIE["userID"]) ? $_COOKIE['userID'] : '';
    if (!isset($_COOKIE["userID"]) || $_COOKIE["userID"] == "") {
        $userID = md5(uniqid(rand(), true));
        setcookie("userID", $userID, time() + 31556926);
    }
}
Esempio n. 14
0
                die("Too many relays.");
            } else {
                $row = SanitizeInput(substr($key, -2, 1));
            }
        }
        $col = SanitizeInput(substr($key, -1, 1));
        //Get item values
        $RelayRunners[$row][$col] = SanitizeInput($value);
    }
}
//Other vars
$eventID = SanitizeInput($_POST['eventID']);
$relayID = SanitizeInput($_POST['relayID']);
$relayName = SanitizeInput($_POST['relayName']);
$publicRelay = isset($_POST['publicRelay']) ? $_POST['publicRelay'] : '0';
$publicRelay = SanitizeInput($publicRelay);
//Check for empty name
if ($relayName == "") {
    $relayName = "Inget namn";
}
//Team JSON
$RelayRunnersJSON = json_encode($RelayRunners);
$query = "SELECT max(RelayID) FROM relays WHERE EventID = {$eventID}";
if ($result = $conn->query($query)) {
    //If the relay already exists, update it
    if ($result->fetch_row()[0] >= $relayID) {
        $sql = "UPDATE relays SET RelayTeam = '{$RelayRunnersJSON}', Public = {$publicRelay}, RelayName = '{$relayName}' WHERE RelayID = {$relayID} AND EventID = {$eventID}";
    } else {
        $sql = "INSERT INTO relays (EventID, RelayID, RelayName, RelayTeam, Public) VALUES ({$eventID}, {$relayID}, '{$relayName}', '{$RelayRunnersJSON}', 0)";
    }
}
Esempio n. 15
0
<?php

//Conn
include 'config.php';
$eventID = SanitizeInput($_POST['eventID']);
$eventName = SanitizeInput($_POST['eventName']);
$eventDate = SanitizeInput($_POST['eventDate']);
$eventDesc = SanitizeInput($_POST['eventDesc']);
$eventCreationDate = SanitizeInput($_POST['eventCreationDate']);
$trackCount = SanitizeInput($_POST['trackCount']);
$userID = SanitizeInput($_POST['userID']);
$eventData = SanitizeInput($_POST['eventData']);
//Check if name is empty
if ($eventName == "") {
    $eventName = "Inget namn";
}
//Init default advanced options
$eventPassword = "";
$eventCloseDate = "2099-01-01 23:59:59";
$blockOnCloseDate = 0;
//
//Advanced options
//
//Password
if (strlen($_POST['eventPassword']) > 0) {
    //Password SQL
    $eventPassword = $_POST['eventPassword'];
    //Encrypt password
    $salt = strtr(base64_encode(mcrypt_create_iv(16, MCRYPT_DEV_URANDOM)), '+', '.');
    $salt = sprintf("\$2a\$%02d\$", 4) . $salt;
    $eventPassword = crypt($eventPassword, $salt);