if ($choice == 1 || $choice == 2 || $choice == 3) { $event = getEvent($postData['event_id']); if ($event) { $qry = "UPDATE \n\t\t\t\t\t\tdate_userchoice\n\t\t\t\t\tSET\n\t\t\t\t\t\tchoice = '" . mysqli_real_escape_string($connection, $choice) . "'\n\t\t\t\t\tWHERE \n\t\t\t\t\t\tid = '" . mysqli_real_escape_string($connection, $choiceId) . "'\n\t\t\t\t\tAND\n\t\t\t\t\t\tevent_date_id = '" . mysqli_real_escape_string($connection, $event_date_id) . "'"; $result = mysqli_query($connection, $qry); if ($result) { $data['result'] = true; if (allUsersMadeChoice($event['id'])) { $creatorOfEvent = getCreatorOfEvent($event['id']); if ($creatorOfEvent) { $html = ' Hoi ' . $creatorOfEvent['name'] . ',<br> Iedereen heeft een datum gekozen voor je evenement <b>' . $event['name'] . '</b><br> <a href="http://www.tengwerda.nl/prikkr/#/event/overview/' . $event['code'] . '/' . $creatorOfEvent['code'] . '">Bekijk welke geschikte datum(s) er zijn!</a>.<br> '; mailIt($creatorOfEvent['email'], 'De stemmen zijn geteld voor "' . $creatorOfEvent['name'] . '" op Prikkr', $html); } } } } } } function getEvent($eventId) { global $connection; $qry = "SELECT * FROM event WHERE id = '" . mysqli_real_escape_string($connection, $eventId) . "'"; if ($result = mysqli_query($connection, $qry)) { $event = array(); while ($row = mysqli_fetch_array($result)) { $event['id'] = $row['id']; $event['name'] = $row['name'];
$result = mysqli_query($connection, $qry); if (!$result) { $data['result'] = false; } } } //Mail all users with an update if ($allUsers) { $emails = array(); foreach ($allUsers as $user) { $html = ' Hoi ' . $user['name'] . ',<br> Het evenement "' . $postData['name'] . '" waar je voor ingeschreven bent is zojuist gewijzigd. Je kan het evenement <a href="http://www.tengwerda.nl/prikkr/#/event/' . $eventCode . '/' . $user['code'] . '">hier</a> terug vinden. '; mailIt($user['email'], $postData['name'] . ' is gewijzigd op Prikkr', $html); } } $query = "SELECT * FROM event WHERE id=" . mysqli_real_escape_string($connection, $eventId) . " LIMIT 1"; $result = mysqli_query($connection, $query); if ($result) { while ($row = mysqli_fetch_array($result)) { $data[] = array('id' => $row['id'], 'name' => $row['name'], 'description' => $row['description'], 'location' => $row['location'], 'code' => $row['code'], 'creator_code' => $creatorCode); } } else { $data['result'] = false; } } } } else { $data['result'] = false;
if (eregi("\r", $mail)) { die("<B>Error Exit</B> Possible Spam Bot attack. Carriage return not allowed in header"); } if (eregi("\n", $mail)) { die("<B>Error Exit</B> Possible Spam Bot attack. Line feed not allowed in header"); } if (eregi("\r", $bcc)) { die("<B>Error Exit</B> Possible Spam Bot attack. Carriage return not allowed in bcc"); } if (eregi("\n", $bcc)) { die("<B>Error Exit</B> Possible Spam Bot attack. Line feed not allowed in bcc"); } //// //print "<br> Recipients are $recipient"; $content .= "\n\n"; mailIt(stripslashes($content), stripslashes($subject), $email, $recipient, $bcc); // } // If an auto responder defined in form, check existance & send it if exists. // For security reasons the responder file MUST exist in the same directory as the script. $autores = basename($config->getDirective('auto_responder')); $resto = getPostValue('email'); if ($autores != '') { if (file_exists($autores)) { $fd = fopen($autores, "rb"); $ar_message = fread($fd, filesize($autores)); fclose($fd); $ressubj = "RE: {$subject}"; if (!mail($resto, $ressubj, $ar_message, "From: {$recipient_in['0']}\nContent-Type: text/html\n")) { issueSingleError("An undetermined error occured while attempting to send a response."); }
} //Save the creator of the event aswell as a user. if (isset($postData['creator_name']) && !empty($postData['creator_name']) && isset($postData['creator_email']) && !empty($postData['creator_email'])) { $creatorCode = createCode(); $qry = "INSERT INTO \n\t\t\t\t\t\t\tevent_user (event_id, name, email, code, is_creator) \n\t\t\t\t\t\tVALUES (\n\t\t\t\t\t\t\t'" . mysqli_real_escape_string($connection, $addedId) . "',\n\t\t\t\t\t\t\t'" . mysqli_real_escape_string($connection, $postData['creator_name']) . "', \n\t\t\t\t\t\t\t'" . mysqli_real_escape_string($connection, $postData['creator_email']) . "', \n\t\t\t\t\t\t\t'" . mysqli_real_escape_string($connection, $creatorCode) . "',\n\t\t\t\t\t\t\t1\n\t\t\t\t\t\t)"; $result = mysqli_query($connection, $qry); if (!$result) { $data['result'] = false; } else { $userIds[] = mysqli_insert_id($connection); $html = ' Hoi ' . $postData['creator_name'] . ',<br> Je evenement "' . $postData['name'] . '" is aangemaakt en een mail is verstuurd naar alle opgegeven vrienden.<br> <a href="http://www.tengwerda.nl/prikkr/#/event/' . $code . '/' . $creatorCode . '">Geef je eigen keuze door</a> of <a href="http://www.tengwerda.nl/prikkr/#/event/overview/' . $code . '/' . $creatorCode . '">Bekijk wat je vrienden tot nu ingevuld hebben</a>.<br> '; mailIt($postData['creator_email'], 'Je bent uitgenodigd voor evenement "' . $postData['name'] . '" op Prikkr', $html); } } if (count($dateIds) > 0 && count($userIds) > 0) { foreach ($userIds as $userId) { foreach ($dateIds as $id) { //Save the user choice in a seperate table; we'll be saving this for later handling later //The user choice, obviously, is 0 at this moment $qry = "INSERT INTO \n\t\t\t\t\t\t\t\t\tdate_userchoice (user_id, event_date_id) \n\t\t\t\t\t\t\t\tVALUES (\n\t\t\t\t\t\t\t\t\t'" . mysqli_real_escape_string($connection, $userId) . "', \n\t\t\t\t\t\t\t\t\t'" . mysqli_real_escape_string($connection, $id) . "'\n\t\t\t\t\t\t\t\t)"; $result = mysqli_query($connection, $qry); if (!$result) { $data['result'] = false; } } } }