require 'lib/mailgun-php/vendor/autoload.php';
use Mailgun\Mailgun;
//Conn
include 'config.php';
//Hide bug
if (isset($_POST['HideBug'])) {
if (isset($_POST["BugID"])) {
$id = SanitizeInput($_POST["BugID"]);
$sql = "UPDATE bugs SET DisplayBug=0 WHERE ID={$id}";
if ($result = $conn->query($sql)) {
die("Buggen visas inte längre!");
}
}
}
$data = SanitizeInput(json_encode($_POST));
$sql = "INSERT INTO bugs (Bugdata, DisplayBug) VALUES ('{$data}', 1)";
//Execute
if ($conn->query($sql) === TRUE) {
echo "Buggen har rapporterats!";
header("Location: ../bugg?done=yes");
//Your credentials
$mg = new Mailgun("key-50d4758b888eb62ba8ae9f475d36f4d2");
$domain = "mailgun.ghostops.nu";
try {
$result = $mg->sendMessage($domain, array('from' => 'UK-Sidan <*****@*****.**>', 'to' => "*****@*****.**", 'subject' => 'Ny Bugg på UK-sidan', 'html' => "En ny bugg har registrerats på UK-sidan: {$data}"));
} catch (Exception $e) {
die("Händer det här är något fel...");
}
} else {
echo "Error: " . $sql . "<br>" . $conn->error;
<?php
//Conn to config
include 'config.php';
$runnerID = SanitizeInput($_POST['runner']);
//Get runner name
$name = "";
$query = "SELECT FirstName, LastName FROM runners WHERE ID = {$runnerID}";
if ($result = $conn->query($query)) {
while ($row = $result->fetch_row()) {
$name .= $row[0] . " ";
$name .= $row[1];
}
}
//Delete person
$query = "DELETE FROM runners WHERE ID = {$runnerID}";
if ($result = $conn->query($query)) {
echo "{$name} har blivit avanmäld!";
} else {
echo "Ett fel uppstod!";
}
<?php
include 'config.php';
$track = $_POST["Track"];
print_r($track);
//Sanitize all input
foreach ($track as $key => $value) {
$track[$key] = SanitizeInput($value);
}
$sql = "UPDATE tracks\n\t\t\tSET EventID='" . $track["EventID"] . "',\n\t\t\t\tTrackID='" . $track["TrackID"] . "',\n\t\t\t\tName='" . $track["Name"] . "',\n\t\t\t\tLength='" . $track["Length"] . "' \n\t\t\tWHERE ID=" . $track["ID"] . ";";
//Execute
if ($conn->query($sql) === TRUE) {
header("Location: ../admin?track=" . $track["ID"] . "&event=" . $track["EventID"] . "&success");
} else {
echo "Error: " . $sql . "<br>" . $conn->error;
}
<?php
//Conn to config
include 'config.php';
if (!isset($_POST['event'])) {
die(0);
}
//Get multiple events
$event = SanitizeInput($_POST['event']);
$event = explode(',', $event);
foreach ($event as $key => $value) {
if (!empty($value)) {
//Delete event
$query = "DELETE FROM event WHERE EventID = {$value}";
if ($result = $conn->query($query)) {
echo "Event {$value} har tagits bort!<br>";
} else {
echo "Ett fel uppstod!<br>";
}
//Delete tracks
$query = "DELETE FROM tracks WHERE EventID = {$value}";
if ($result = $conn->query($query)) {
echo "Bana {$value} har tagits bort!<br>";
} else {
echo "Ett fel uppstod!<br>";
}
//Delete runners
$query = "DELETE FROM runners WHERE EventID = {$value}";
if ($result = $conn->query($query)) {
echo "Anmälda för event {$value} har tagits bort!<br>";
} else {
$relayPublic = false;
//Check for password POST
$pwd = isset($_POST["pwd"]) ? $_POST['pwd'] : '';
$wrongPwd = isset($_POST["wrongPwd"]) ? $_POST['wrongPwd'] : '';
//If event is not set
if ($event == "") {
$redirectOption = "stafett";
die(include 'php/views/allevents.php');
}
//If relay is not set
if ($relayID == "") {
die(include 'php/views/allrelays.php');
}
//Get relay ID if not "new"
if (isset($_GET['relay']) && !empty($_GET['relay']) && $_GET['relay'] != "new") {
$relayID = SanitizeInput($_GET["relay"]);
//Get relay name if there is any
if ($query = $conn->query("SELECT RelayName FROM relays WHERE RelayID = {$relayID} AND EventID = {$event}")) {
$relayName = $query->fetch_object()->RelayName;
} else {
die(include 'php/views/notfound.php');
}
//Get public status
if ($query = $conn->query("SELECT Public FROM relays WHERE RelayID = {$relayID} AND EventID = {$event}")) {
$relayPublic = $query->fetch_object()->Public;
}
//If a relay with same ID already exists
$abc = range('A', 'Z');
$Relays = "";
if ($relayJSON = $conn->query("SELECT RelayTeam FROM relays WHERE RelayID = {$relayID} AND EventID = {$event}")) {
$RelayTeam = json_decode($relayJSON->fetch_object()->RelayTeam, true);
//Conn
include 'config.php';
$runnerFirstName = SanitizeInput($_POST['runnerFirstName']);
$runnerLastName = SanitizeInput($_POST['runnerLastName']);
$runnerMsg = SanitizeInput($_POST['runnerMsg']);
$runnerTrack = SanitizeInput($_POST['runnerTrack']);
$eventID = SanitizeInput($_POST["eventID"]);
$userID = SanitizeInput($_POST["userID"]);
//Event required data
$runnerBday = isset($_POST["birthday"]) ? $_POST['birthday'] : '';
$runnerSex = isset($_POST["sex"]) ? $_POST['sex'] : '';
$runnerSI = isset($_POST["siNumber"]) ? $_POST['siNumber'] : '';
$runnerData = ["Födelsedatum" => $runnerBday, "Kön" => $runnerSex, "SI-Nummer" => $runnerSI];
$runnerData = json_encode($runnerData, JSON_UNESCAPED_UNICODE);
$runnerData = SanitizeInput($runnerData);
//Check if name is empty
if ($runnerFirstName == "") {
$runnerFirstName = "Inget förnamn";
}
if ($runnerLastName == "") {
$runnerLastName = "Inget efternamn";
}
if ($runnerMsg == "") {
$runnerMsg = "";
}
if ($runnerTrack == "none" || !isset($runnerTrack)) {
$trackdata = GetTrackData($conn, $eventID);
if (empty($trackdata)) {
$sql = "INSERT INTO runners (FirstName, LastName, UserID, EventID, Track, RelayConfirm, RelayMessage, RunnerData) \n\t\t\tVALUES ('{$runnerFirstName}', '{$runnerLastName}', '{$userID}', {$eventID}, 1, '', '{$runnerMsg}', '{$runnerData}')";
} else {
<?php
//Conn
include 'config.php';
$eventID = SanitizeInput($_POST['eventID']);
$relayID = SanitizeInput($_POST['relayID']);
$runnerID = SanitizeInput($_POST["runnerID"]);
$run = SanitizeInput($_POST["run"]);
$msg = SanitizeInput($_POST["runnerMsg"]);
$sql = "UPDATE runners SET RelayConfirm = '{$run}', RelayMessage = '{$msg}' WHERE ID = {$runnerID} AND EventID = {$eventID}";
if ($conn->query($sql) === TRUE) {
echo "Uppställningen har sparats!";
} else {
echo "Error: " . $sql . "<br>" . $conn->error;
}
<?php
//Conn
include 'config.php';
$event = SanitizeInput($_POST['eventID']);
$relay = SanitizeInput($_POST['relayID']);
$query = "DELETE FROM relays WHERE EventID = {$event} AND RelayID = {$relay}";
if ($result = $conn->query($query)) {
echo "Lag borttaget";
}
<?php
include 'config.php';
$event = $_POST["Event"];
//Sanitize all input
foreach ($event as $key => $value) {
$event[$key] = SanitizeInput($value);
}
$sql = "UPDATE event\n\t\t\tSET EventID='" . $event["EventID"] . "',\n\t\t\t\tName='" . $event["Name"] . "',\n\t\t\t\tTracks='" . $event["Tracks"] . "',\n\t\t\t\tEventDate='" . $event["EventDate"] . "',\n\t\t\t\tEventInfo='" . $event["EventInfo"] . "',\n\t\t\t\tPassword='******',\n\t\t\t\tCreationDate='" . $event["CreationDate"] . "',\n\t\t\t\tClosingDate='" . $event["ClosingDate"] . "',\n\t\t\t\tBlockOnClose='" . $event["BlockOnClose"] . "',\n\t\t\t\tCreatorUserID='" . $event["CreatorUserID"] . "' \n\t\t\tWHERE ID=" . $event["ID"] . ";";
//Execute
if ($conn->query($sql) === TRUE) {
echo "Event " . $event["Name"] . " har lagts redigerats!\n";
header("Location: ../admin?event=" . $event["EventID"] . "&success");
} else {
echo "Error: " . $sql . "<br>" . $conn->error;
}
<?php
//DB
include 'config.php';
//Die if not posted
if ($event = !isset($_POST["eventID"])) {
die;
}
//Event
$event = SanitizeInput($_POST["eventID"]);
$eventName = "";
$eventTracks = 0;
//Event vars
$query = "SELECT Name, Tracks, EventData FROM event WHERE EventID = {$event}";
if ($result = $conn->query($query)) {
while ($row = $result->fetch_row()) {
$eventName = $row[0];
$eventTracks = $row[1];
$eventData = json_decode($row[2], true);
}
$result->close();
}
//Track vars
$Tracks = [];
$query = "SELECT Name, TrackID FROM tracks WHERE EventID = {$event} ORDER BY TrackID";
if ($result = $conn->query($query)) {
while ($row = $result->fetch_row()) {
$trackName = $row[0];
$trackID = $row[1];
$queryRunners = "SELECT FirstName, LastName, Track, ID, RunnerData FROM runners WHERE EventID = {$event} AND Track = {$trackID}";
$runnerIncrement = 0;
<?php
//Connect to db
include 'php/config.php';
//Get event ID
$event = isset($_GET["event"]) ? $_GET['event'] : '';
$event = SanitizeInput($event);
//List all events if event is not set
if ($_GET['event'] = '' || !isset($_GET['event'])) {
$redirectOption = "anmal";
die(include 'php/views/allevents.php');
}
//Get even data
$EventData = GetEventData($conn, $event);
$eventName = $EventData["Name"];
$eventTracks = $EventData["Tracks"];
$creatorID = $EventData["CreatorUserID"];
//Die if eventname and tracks don't exist
if ($eventName == '' && $eventTracks == 0) {
die(include 'php/views/notfound.php');
}
//If closing date has passed
$expired = false;
$hasEndtime = false;
if ($EventData["ClosingDate"] != "2099-01-01 23:59:59") {
$hasEndtime = true;
if (strtotime(date("Y-m-d H:i:s")) > strtotime($EventData["ClosingDate"])) {
$expired = true;
if ($EventData["BlockOnClose"]) {
die(include "php/views/expired.php");
}
<?php
//Conn
include 'config.php';
$eventID = SanitizeInput($_POST['eventID']);
$trackID = SanitizeInput($_POST['trackID']);
$trackName = SanitizeInput($_POST['trackName']);
$trackLength = SanitizeInput($_POST['trackLength']);
if ($trackName == "") {
$trackName = "Bana utan namn";
}
if ($trackLength == "") {
$trackLength = "Ingen längd";
}
$sql = "INSERT INTO tracks (EventID, TrackID, Name, Length) VALUES ({$eventID}, {$trackID}, '{$trackName}', '{$trackLength}')";
if ($conn->query($sql) === TRUE) {
echo "Bana {$trackName} har lagts till.\n";
} else {
echo "Error: " . $sql . "<br>" . $conn->error;
}
if (file_exists("php/{$filename}")) {
require "php/{$filename}";
} else {
die("functions not found");
}
}
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
$conn->set_charset('utf8mb4');
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
//Sanitize input
function SanitizeInput($input)
{
$sanitized = strip_tags(addslashes($input));
return $sanitized;
}
//User ID
$userIDGet = isset($_GET["uid"]) ? $_GET['uid'] : '';
if ($userIDGet != "") {
$userID = SanitizeInput($userIDGet);
setcookie("userID", $userIDGet, time() + 31556926);
} else {
$userID = isset($_COOKIE["userID"]) ? $_COOKIE['userID'] : '';
if (!isset($_COOKIE["userID"]) || $_COOKIE["userID"] == "") {
$userID = md5(uniqid(rand(), true));
setcookie("userID", $userID, time() + 31556926);
}
}
die("Too many relays.");
} else {
$row = SanitizeInput(substr($key, -2, 1));
}
}
$col = SanitizeInput(substr($key, -1, 1));
//Get item values
$RelayRunners[$row][$col] = SanitizeInput($value);
}
}
//Other vars
$eventID = SanitizeInput($_POST['eventID']);
$relayID = SanitizeInput($_POST['relayID']);
$relayName = SanitizeInput($_POST['relayName']);
$publicRelay = isset($_POST['publicRelay']) ? $_POST['publicRelay'] : '0';
$publicRelay = SanitizeInput($publicRelay);
//Check for empty name
if ($relayName == "") {
$relayName = "Inget namn";
}
//Team JSON
$RelayRunnersJSON = json_encode($RelayRunners);
$query = "SELECT max(RelayID) FROM relays WHERE EventID = {$eventID}";
if ($result = $conn->query($query)) {
//If the relay already exists, update it
if ($result->fetch_row()[0] >= $relayID) {
$sql = "UPDATE relays SET RelayTeam = '{$RelayRunnersJSON}', Public = {$publicRelay}, RelayName = '{$relayName}' WHERE RelayID = {$relayID} AND EventID = {$eventID}";
} else {
$sql = "INSERT INTO relays (EventID, RelayID, RelayName, RelayTeam, Public) VALUES ({$eventID}, {$relayID}, '{$relayName}', '{$RelayRunnersJSON}', 0)";
}
}
<?php
//Conn
include 'config.php';
$eventID = SanitizeInput($_POST['eventID']);
$eventName = SanitizeInput($_POST['eventName']);
$eventDate = SanitizeInput($_POST['eventDate']);
$eventDesc = SanitizeInput($_POST['eventDesc']);
$eventCreationDate = SanitizeInput($_POST['eventCreationDate']);
$trackCount = SanitizeInput($_POST['trackCount']);
$userID = SanitizeInput($_POST['userID']);
$eventData = SanitizeInput($_POST['eventData']);
//Check if name is empty
if ($eventName == "") {
$eventName = "Inget namn";
}
//Init default advanced options
$eventPassword = "";
$eventCloseDate = "2099-01-01 23:59:59";
$blockOnCloseDate = 0;
//
//Advanced options
//
//Password
if (strlen($_POST['eventPassword']) > 0) {
//Password SQL
$eventPassword = $_POST['eventPassword'];
//Encrypt password
$salt = strtr(base64_encode(mcrypt_create_iv(16, MCRYPT_DEV_URANDOM)), '+', '.');
$salt = sprintf("\$2a\$%02d\$", 4) . $salt;
$eventPassword = crypt($eventPassword, $salt);