function rsvp_admin_guest()
{
global $wpdb;
if (count($_POST) > 0 && !empty($_POST['firstName']) && !empty($_POST['lastName'])) {
check_admin_referer('rsvp_add_guest');
$passcode = isset($_POST['passcode']) ? $_POST['passcode'] : "";
if (isset($_SESSION[EDIT_SESSION_KEY]) && is_numeric($_SESSION[EDIT_SESSION_KEY])) {
$wpdb->update(ATTENDEES_TABLE, array("firstName" => trim($_POST['firstName']), "lastName" => trim($_POST['lastName']), "email" => trim($_POST['email']), "personalGreeting" => trim($_POST['personalGreeting']), "rsvpStatus" => trim($_POST['rsvpStatus'])), array("id" => $_SESSION[EDIT_SESSION_KEY]), array("%s", "%s", "%s", "%s", "%s"), array("%d"));
rsvp_printQueryDebugInfo();
$attendeeId = $_SESSION[EDIT_SESSION_KEY];
$wpdb->query($wpdb->prepare("DELETE FROM " . ASSOCIATED_ATTENDEES_TABLE . " WHERE attendeeId = %d", $attendeeId));
$wpdb->query($wpdb->prepare("DELETE FROM " . ASSOCIATED_ATTENDEES_TABLE . " WHERE associatedAttendeeID = %d", $attendeeId));
} else {
$wpdb->insert(ATTENDEES_TABLE, array("firstName" => trim($_POST['firstName']), "lastName" => trim($_POST['lastName']), "email" => trim($_POST['email']), "personalGreeting" => trim($_POST['personalGreeting']), "rsvpStatus" => trim($_POST['rsvpStatus'])), array('%s', '%s', '%s', '%s', '%s'));
$attendeeId = $wpdb->insert_id;
}
if (isset($_POST['associatedAttendees']) && is_array($_POST['associatedAttendees'])) {
foreach ($_POST['associatedAttendees'] as $aid) {
if (is_numeric($aid) && $aid > 0) {
$wpdb->insert(ASSOCIATED_ATTENDEES_TABLE, array("attendeeID" => $attendeeId, "associatedAttendeeID" => $aid), array("%d", "%d"));
$wpdb->insert(ASSOCIATED_ATTENDEES_TABLE, array("attendeeID" => $aid, "associatedAttendeeID" => $attendeeId), array("%d", "%d"));
}
}
}
if (rsvp_require_passcode()) {
if (empty($passcode)) {
$passcode = rsvp_generate_passcode();
}
if (rsvp_require_unique_passcode() && !rsvp_is_passcode_unique($passcode, $attendeeId)) {
$passcode = rsvp_generate_passcode();
}
$wpdb->update(ATTENDEES_TABLE, array("passcode" => trim($passcode)), array("id" => $attendeeId), array("%s"), array("%d"));
}
?>
<p>Attendee <?php
echo htmlspecialchars(stripslashes($_POST['firstName'] . " " . $_POST['lastName']));
?>
has been successfully saved</p>
<p>
<a href="<?php
echo get_option('siteurl');
?>
/wp-admin/admin.php?page=rsvp-top-level">Continue to Attendee List</a> |
<a href="<?php
echo get_option('siteurl');
?>
/wp-admin/admin.php?page=rsvp-admin-guest">Add a Guest</a>
</p>
<?php
} else {
$attendee = null;
unset($_SESSION[EDIT_SESSION_KEY]);
$associatedAttendees = array();
$firstName = "";
$lastName = "";
$email = "";
$personalGreeting = "";
$rsvpStatus = "NoResponse";
$passcode = "";
if (isset($_GET['id']) && is_numeric($_GET['id'])) {
$attendee = $wpdb->get_row("SELECT id, firstName, lastName, email, personalGreeting, rsvpStatus, passcode FROM " . ATTENDEES_TABLE . " WHERE id = " . $_GET['id']);
if ($attendee != null) {
$_SESSION[EDIT_SESSION_KEY] = $attendee->id;
$firstName = stripslashes($attendee->firstName);
$lastName = stripslashes($attendee->lastName);
$email = stripslashes($attendee->email);
$personalGreeting = stripslashes($attendee->personalGreeting);
$rsvpStatus = $attendee->rsvpStatus;
$passcode = stripslashes($attendee->passcode);
// Get the associated attendees and add them to an array
$associations = $wpdb->get_results("SELECT associatedAttendeeID FROM " . ASSOCIATED_ATTENDEES_TABLE . " WHERE attendeeId = " . $attendee->id . " UNION " . "SELECT attendeeID FROM " . ASSOCIATED_ATTENDEES_TABLE . " WHERE associatedAttendeeID = " . $attendee->id);
foreach ($associations as $aId) {
$associatedAttendees[] = $aId->associatedAttendeeID;
}
}
}
?>
<form name="contact" action="admin.php?page=rsvp-admin-guest" method="post">
<?php
wp_nonce_field('rsvp_add_guest');
?>
<p class="submit">
<input type="submit" class="button-primary" value="<?php
_e('Save');
?>
" />
</p>
<table class="form-table">
<tr valign="top">
<th scope="row"><label for="firstName"><?php
echo __("First Name", 'rsvp-plugin');
?>
:</label></th>
<td align="left"><input type="text" name="firstName" id="firstName" size="30" value="<?php
echo htmlspecialchars($firstName);
?>
" /></td>
</tr>
<tr valign="top">
<th scope="row"><label for="lastName"><?php
echo __("Last Name", 'rsvp-plugin');
?>
:</label></th>
<td align="left"><input type="text" name="lastName" id="lastName" size="30" value="<?php
echo htmlspecialchars($lastName);
?>
" /></td>
</tr>
<tr valign="top">
<th scope="row"><label for="email"><?php
echo __("Email", 'rsvp-plugin');
?>
:</label></th>
<td align="left"><input type="text" name="email" id="email" size="30" value="<?php
echo htmlspecialchars($email);
?>
" /></td>
</tr>
<?php
if (rsvp_require_passcode()) {
?>
<tr valign="top">
<th scope="row"><label for="passcode">Passcode:</label></th>
<td align="left"><input type="text" name="passcode" id="passcode" size="30" value="<?php
echo htmlspecialchars($passcode);
?>
" maxlength="6" /></td>
</tr>
<?php
}
?>
<tr>
<th scope="row"><label for="rsvpStatus">RSVP Status</label></th>
<td align="left">
<select name="rsvpStatus" id="rsvpStatus" size="1">
<option value="NoResponse" <?php
echo $rsvpStatus == "NoResponse" ? " selected=\"selected\"" : "";
?>
>No Response</option>
<option value="Yes" <?php
echo $rsvpStatus == "Yes" ? " selected=\"selected\"" : "";
?>
>Yes</option>
<option value="No" <?php
echo $rsvpStatus == "No" ? " selected=\"selected\"" : "";
?>
>No</option>
</select>
</td>
</tr>
<tr valign="top">
<th scope="row" valign="top"><label for="personalGreeting">Custom Message:</label></th>
<td align="left"><textarea name="personalGreeting" id="personalGreeting" rows="5" cols="40"><?php
echo htmlspecialchars($personalGreeting);
?>
</textarea></td>
</tr>
<tr valign="top">
<th scope="row">Associated Attendees:</th>
<td align="left">
<select name="associatedAttendees[]" multiple="multiple" size="5" style="height: 200px;">
<?php
$attendees = $wpdb->get_results("SELECT id, firstName, lastName FROM " . $wpdb->prefix . "attendees ORDER BY lastName, firstName");
foreach ($attendees as $a) {
if ($a->id != $_SESSION[EDIT_SESSION_KEY]) {
?>
<option value="<?php
echo $a->id;
?>
"
<?php
echo in_array($a->id, $associatedAttendees) ? "selected=\"selected\"" : "";
?>
><?php
echo htmlspecialchars(stripslashes($a->firstName) . " " . stripslashes($a->lastName));
?>
</option>
<?php
}
}
?>
</select>
</td>
</tr>
<?php
if ($attendee != null && $attendee->id > 0) {
$sql = "SELECT question, answer FROM " . ATTENDEE_ANSWERS . " ans \n\t\t\t\t\t\tINNER JOIN " . QUESTIONS_TABLE . " q ON q.id = ans.questionID \n\t\t\t\t\t\tWHERE attendeeID = %d \n\t\t\t\t\t\tORDER BY q.sortOrder";
$aRs = $wpdb->get_results($wpdb->prepare($sql, $attendee->id));
if (count($aRs) > 0) {
?>
<tr>
<td colspan="2">
<h4>Custom Questions Answered</h4>
<table cellpadding="2" cellspacing="0" border="0">
<tr>
<th>Question</th>
<th>Answer</th>
</tr>
<?php
foreach ($aRs as $a) {
?>
<tr>
<td><?php
echo stripslashes($a->question);
?>
</td>
<td><?php
echo str_replace("||", ", ", stripslashes($a->answer));
?>
</td>
</tr>
<?php
}
?>
</table>
</td>
</tr>
<?php
}
}
?>
</table>
<p class="submit">
<input type="submit" class="button-primary" value="<?php
_e('Save');
?>
" />
</p>
</form>
<?php
}
}
function rsvp_handleNewRsvp(&$output, &$text)
{
global $wpdb, $rsvp_saved_form_vars;
$thankYouPrimary = "";
$thankYouAssociated = array();
foreach ($_POST as $key => $val) {
$rsvp_saved_form_vars[$key] = $val;
}
if (empty($_POST['attendeeFirstName']) || empty($_POST['attendeeLastName'])) {
return rsvp_handlenewattendee($output, $text);
}
$rsvpPassword = "";
$rsvpStatus = "No";
if (strToUpper($_POST['mainRsvp']) == "Y") {
$rsvpStatus = "Yes";
}
$kidsMeal = isset($_POST['mainKidsMeal']) && strToUpper($_POST['mainKidsMeal']) == "Y" ? "Y" : "N";
$veggieMeal = isset($_POST['mainVeggieMeal']) && strToUpper($_POST['mainVeggieMeal']) == "Y" ? "Y" : "N";
$thankYouPrimary = $_POST['attendeeFirstName'];
$wpdb->insert(ATTENDEES_TABLE, array("rsvpDate" => date("Y-m-d"), "firstName" => $_POST['attendeeFirstName'], "lastName" => $_POST['attendeeLastName'], "email" => $_POST['mainEmail'], "rsvpStatus" => $rsvpStatus, "note" => $_POST['rsvp_note'], "kidsMeal" => $kidsMeal, "veggieMeal" => $veggieMeal), array("%s", "%s", "%s", "%s", "%s", "%s", "%s", "%s"));
rsvp_printQueryDebugInfo();
$attendeeID = $wpdb->insert_id;
if (rsvp_require_passcode()) {
$rsvpPassword = trim(rsvp_generate_passcode());
$wpdb->update(ATTENDEES_TABLE, array("passcode" => $rsvpPassword), array("id" => $attendeeID), array("%s"), array("%d"));
}
rsvp_handleAdditionalQuestions($attendeeID, "mainquestion");
$sql = "SELECT id, firstName FROM " . ATTENDEES_TABLE . " \n\t \tWHERE (id IN (SELECT attendeeID FROM " . ASSOCIATED_ATTENDEES_TABLE . " WHERE associatedAttendeeID = %d) \n\t\t\tOR id in (SELECT associatedAttendeeID FROM " . ASSOCIATED_ATTENDEES_TABLE . " WHERE attendeeID = %d)) \n\t\t\t AND rsvpStatus = 'NoResponse'";
$associations = $wpdb->get_results($wpdb->prepare($sql, $attendeeID, $attendeeID));
foreach ($associations as $a) {
if (isset($_POST['attending' . $a->id]) && ($_POST['attending' . $a->id] == "Y" || $_POST['attending' . $a->id] == "N")) {
if ($_POST['attending' . $a->id] == "Y") {
$rsvpStatus = "Yes";
} else {
$rsvpStatus = "No";
}
$thankYouAssociated[] = stripslashes($a->firstName);
$wpdb->update(ATTENDEES_TABLE, array("rsvpDate" => date("Y-m-d"), "rsvpStatus" => $rsvpStatus, "email" => $_POST['attending' . $a->id . "Email"], "kidsMeal" => strToUpper(isset($_POST['attending' . $a->id . 'KidsMeal']) ? $_POST['attending' . $a->id . 'KidsMeal'] : "N") == "Y" ? "Y" : "N", "veggieMeal" => strToUpper(isset($_POST['attending' . $a->id . 'VeggieMeal']) ? $_POST['attending' . $a->id . 'VeggieMeal'] : "N") == "Y" ? "Y" : "N"), array("id" => $a->id), array("%s", "%s", "%s", "%s", "%s"), array("%d"));
rsvp_printQueryDebugInfo();
rsvp_handleAdditionalQuestions($a->id, $a->id . "question");
}
}
if (get_option(OPTION_HIDE_ADD_ADDITIONAL) != "Y") {
if (is_numeric($_POST['additionalRsvp']) && $_POST['additionalRsvp'] > 0) {
for ($i = 1; $i <= $_POST['additionalRsvp']; $i++) {
$numGuests = 3;
if (get_option(OPTION_RSVP_NUM_ADDITIONAL_GUESTS) != "") {
$numGuests = get_optioN(OPTION_RSVP_NUM_ADDITIONAL_GUESTS);
if (!is_numeric($numGuests) || $numGuests < 0) {
$numGuests = 3;
}
}
if ($i <= $numGuests && !empty($_POST['newAttending' . $i . 'FirstName']) && !empty($_POST['newAttending' . $i . 'LastName'])) {
$thankYouAssociated[] = $_POST['newAttending' . $i . 'FirstName'];
$wpdb->insert(ATTENDEES_TABLE, array("firstName" => trim($_POST['newAttending' . $i . 'FirstName']), "lastName" => trim($_POST['newAttending' . $i . 'LastName']), "email" => trim($_POST['newAttending' . $i . "Email"]), "rsvpDate" => date("Y-m-d"), "rsvpStatus" => $_POST['newAttending' . $i] == "Y" ? "Yes" : "No", "kidsMeal" => isset($_POST['newAttending' . $i . 'KidsMeal']) ? $_POST['newAttending' . $i . 'KidsMeal'] : "N", "veggieMeal" => isset($_POST['newAttending' . $i . 'VeggieMeal']) ? $_POST['newAttending' . $i . 'VeggieMeal'] : "N", "additionalAttendee" => "Y"), array('%s', '%s', '%s', '%s', '%s', '%s', '%s'));
rsvp_printQueryDebugInfo();
$newAid = $wpdb->insert_id;
rsvp_handleAdditionalQuestions($newAid, $i . 'question');
// Add associations for this new user
$wpdb->insert(ASSOCIATED_ATTENDEES_TABLE, array("attendeeID" => $newAid, "associatedAttendeeID" => $attendeeID), array("%d", "%d"));
rsvp_printQueryDebugInfo();
$wpdb->query("INSERT INTO " . ASSOCIATED_ATTENDEES_TABLE . "(attendeeID, associatedAttendeeID)\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t SELECT " . $newAid . ", associatedAttendeeID \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t FROM " . ASSOCIATED_ATTENDEES_TABLE . " \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t WHERE attendeeID = " . $attendeeID);
rsvp_printQueryDebugInfo();
}
}
}
}
if (get_option(OPTION_NOTIFY_ON_RSVP) == "Y" && get_option(OPTION_NOTIFY_EMAIL) != "") {
$sql = "SELECT firstName, lastName, rsvpStatus, note, kidsMeal, veggieMeal FROM " . ATTENDEES_TABLE . " WHERE id= " . $attendeeID;
$attendee = $wpdb->get_results($sql);
if (count($attendee) > 0) {
$body = "Hello, \r\n\r\n";
$body .= stripslashes($attendee[0]->firstName) . " " . stripslashes($attendee[0]->lastName) . " has submitted their RSVP and has RSVP'd with '" . $attendee[0]->rsvpStatus . "'.\r\n";
if (get_option(OPTION_HIDE_KIDS_MEAL) != "Y") {
$body .= "Kids Meal: " . $attendee[0]->kidsMeal . "\r\n";
}
if (get_option(OPTION_HIDE_VEGGIE) != "Y") {
$body .= "Vegetarian Meal: " . $attendee[0]->veggieMeal . "\r\n";
}
if (get_option(RSVP_OPTION_HIDE_NOTE) != "Y") {
$body .= "Note: " . stripslashes($attendee[0]->note) . "\r\n";
}
$sql = "SELECT question, answer FROM " . QUESTIONS_TABLE . " q \n\t\t\t\tLEFT JOIN " . ATTENDEE_ANSWERS . " ans ON q.id = ans.questionID AND ans.attendeeID = %d \n\t\t\t\tORDER BY q.sortOrder, q.id";
$aRs = $wpdb->get_results($wpdb->prepare($sql, $attendeeID));
if (count($aRs) > 0) {
$body .= "\r\n\r\n--== Custom Questions ==--\r\n";
foreach ($aRs as $a) {
$body .= stripslashes($a->question) . ": " . stripslashes($a->answer) . "\r\n";
}
}
$sql = "SELECT firstName, lastName, rsvpStatus FROM " . ATTENDEES_TABLE . " \n\t\t\t \tWHERE id IN (SELECT attendeeID FROM " . ASSOCIATED_ATTENDEES_TABLE . " WHERE associatedAttendeeID = %d) \n\t\t\t\t\tOR id in (SELECT associatedAttendeeID FROM " . ASSOCIATED_ATTENDEES_TABLE . " WHERE attendeeID = %d)";
$associations = $wpdb->get_results($wpdb->prepare($sql, $attendeeID, $attendeeID));
if (count($associations) > 0) {
foreach ($associations as $a) {
$body .= "\r\n\r\n--== Associated Attendees ==--\r\n";
$body .= stripslashes($a->firstName . " " . $a->lastName) . " rsvp status: " . $a->rsvpStatus . "\r\n";
}
}
$emailAddy = get_option(OPTION_NOTIFY_EMAIL);
$headers = "";
if (get_option(OPTION_RSVP_DISABLE_CUSTOM_EMAIL_FROM) != "Y") {
$headers = 'From: ' . $emailAddy . "\r\n";
}
wp_mail($emailAddy, "New RSVP Submission", $body, $headers);
}
}
if (get_option(OPTION_RSVP_GUEST_EMAIL_CONFIRMATION) == "Y" && !empty($_POST['mainEmail'])) {
$sql = "SELECT firstName, lastName, email, rsvpStatus FROM " . ATTENDEES_TABLE . " WHERE id= " . $attendeeID;
$attendee = $wpdb->get_results($sql);
if (count($attendee) > 0) {
$body = "Hello " . stripslashes($attendee[0]->firstName) . " " . stripslashes($attendee[0]->lastName) . ", \r\n\r\n";
$body .= "You have successfully RSVP'd with '" . $attendee[0]->rsvpStatus . "'.";
$sql = "SELECT firstName, lastName, rsvpStatus FROM " . ATTENDEES_TABLE . " \n\t\t\t \tWHERE id IN (SELECT attendeeID FROM " . ASSOCIATED_ATTENDEES_TABLE . " WHERE associatedAttendeeID = %d) \n\t\t\t\t\tOR id in (SELECT associatedAttendeeID FROM " . ASSOCIATED_ATTENDEES_TABLE . " WHERE attendeeID = %d)";
$associations = $wpdb->get_results($wpdb->prepare($sql, $attendeeID, $attendeeID));
if (count($associations) > 0) {
foreach ($associations as $a) {
$body .= "\r\n\r\n--== Associated Attendees ==--\r\n";
$body .= stripslashes($a->firstName . " " . $a->lastName) . " rsvp status: " . $a->rsvpStatus . "\r\n";
}
}
$emailAddy = get_option(OPTION_NOTIFY_EMAIL);
$headers = "";
if (!empty($emailAddy) && get_option(OPTION_RSVP_DISABLE_CUSTOM_EMAIL_FROM) != "Y") {
$headers = 'From: ' . $emailAddy . "\r\n";
}
wp_mail($attendee[0]->email, "RSVP Confirmation", $body, $headers);
}
}
return rsvp_handle_output($text, rsvp_frontend_new_atendee_thankyou($thankYouPrimary, $thankYouAssociated, $rsvpPassword));
}
