function db_error_logger($errno, $errstr, $errfile = "", $errline = "", $errorcontext = array()){ $errno = makeStringSafe($errno); $errstr = makeStringSafe($errstr); $errfile = makeStringSafe($errfile); $errline = makeStringSafe($errline); if($errno < E_STRICT){ doQuery("INSERT INTO ".getDBPrefix()."_error_log set user_id = '".getSessionVariable("user_id")."', error_number = '".$errno."', message = '".$errstr."', file = '".$errfile."', line_number = '".$errline."', context = '".serialize($errorcontext)."', time = '".getCurrentMySQLDateTime()."'"); $errorrow = mysql_fetch_assoc(doQuery("SELECT error_id FROM ".getDBPrefix()."_error_log ORDER BY error_id DESC LIMIT 1")); if(getConfigVar('error_output') == ERROR_OUTPUT_DBID || getConfigVar('error_output') == ERROR_OUTPUT_BOTH){ echo "<h4 style=\"color: #FF0000;\">An error occured! If you would like to report this error, please report that your 'ERROR_ID' is '".$errorrow['error_id']."'.</h4>"; } } return !(getConfigVar("error_output") == ERROR_OUTPUT_PHP || getConfigVar("error_output") == ERROR_OUTPUT_BOTH); }
function addToLog($userid, $action, $description) { $userid = makeStringSafe($userid); $action = makeStringSafe($action); $description = makeStringSafe($description); $mysqldate = getCurrentMySQLDateTime(); $ip = getClientIP(); $hostname = getClientHostname(); doQuery("INSERT INTO " . getDBPrefix() . "_log SET user_id = '" . $userid . "', action_type = '" . $action . "', action_description = '" . $description . "', date = '" . $mysqldate . "', ip = '" . $ip . "', hostname='" . $hostname . "'"); }
function isEquipmentReserved($equipid, $date) { $equipid = makeStringSafe($equipid); $date = makeStringSafe($date); $start_Date = new DateTime($date); $start_Date->modify("+3 day"); //$interval = new DateInterval("P3D"); //$start_Date->add($interval); $result = doQuery("SELECT * FROM " . getDBPrefix() . "_reservations WHERE equip_id = '" . $equipid . "' AND (mod_status = '" . RES_STATUS_CONFIRMED . "' or mod_status = '" . RES_STATUS_PENDING . "') AND (start_date BETWEEN '" . $date . "' and '" . $start_Date->format("Y-m-d") . "')"); if (mysql_num_rows($result) > 0) { return true; } else { return false; } }
function deleteMessage($messageid){ $messageid = makeStringSafe($messageid); doQuery("DELETE FROM ".getDBPrefix()."_messages WHERE message_id = '".$messageid."' LIMIT 1"); }
function getReservationsByEquipIDandDate($equip, $startdate, $enddate) { $equip = makeStringSafe($equip); $startdate = makeStringSafe($startdate); $enddate = makeStringSafe($enddate); return doQuery("SELECT * FROM " . getDBPrefix() . "_reservations WHERE\r\n\tequip_id = '" . $equip . "' AND \r\n\t(mod_status = '" . RES_STATUS_PENDING . "' OR mod_status = '" . RES_STATUS_CONFIRMED . "' OR mod_status = '" . RES_STATUS_CHECKED_OUT . "')\r\n\tAND ((start_date BETWEEN '" . $startdate . "' AND '" . $enddate . "') OR (end_date BETWEEN '" . $startdate . "' AND '" . $enddate . "'))"); }
<?php /* Radford Reservation System Author: Andrew Melton Filename: getpicture.php Purpose: This will get and display the picture for equipment with the equipid provided by the GET variable 'equip' Known Bugs/Fixes: None */ header("Content-type: image/jpeg"); session_start(); $equipid = $_GET['equip']; require 'functions.php'; $equipid = makeMySQLSafe($equipid); $pictureloc = "./pics/"; $row = mysql_fetch_assoc(doQuery("SELECT picture FROM " . getDBPrefix() . "_equipment WHERE equip_id = '" . $equipid . "'")); if ($row['picture'] == "") { $pictureloc = $pictureloc . "nopic.jpg"; } else { $pictureloc = $pictureloc . $row['picture']; } readfile($pictureloc); exit(0);
} function getUserByUsername($username) { $username = makeStringSafe($username); return doQuery("SELECT * FROM " . getDBPrefix() . "_users WHERE username = '******'");
<?php
return $result; } function getCurrentMessages() { $date = getCurrentMySQLDate();
$result = doQuery("SELECT * FROM " . getDBPrefix() . "_blackouts WHERE (start_date <= '" . $start . "' and end_date >= '" . $start . "') OR (start_date <= '" . $end . "' and end_date >= '" . $end . "')"); if (mysql_num_rows($result) > 0) { return true; } else {
$userid = makeStringSafe($userid); return doQuery("SELECT * FROM " . getDBPrefix() . "_warnings WHERE user_id = '" . $userid . "'"); } function getWarningByID($warnid) {