//Deal with items
$deletesql = "delete from {$db_prefix}items where itEventID = {$eventid} and itItemID in(" . ba_db_real_escape_string($link, $_POST['hRemovedItemIDs']) . ")";
ba_db_query($link, $deletesql);
foreach ($_POST as $key => $value) {
if (substr($key, 0, 7) == "hItemID") {
$iItemID = (int) $value;
$ticket = setBoolValue($_POST["chkTicket{$value}"]);
$meal = setBoolValue($_POST["chkMeal{$value}"]);
$bunk = setBoolValue($_POST["chkBunk{$value}"]);
$allowmultiple = setBoolValue($_POST["chkAllowMultiple{$value}"]);
$mandatory = setBoolValue($_POST["chkMandatory{$value}"]);
$itemdescription = ba_db_real_escape_string($link, $_POST["txtItemDescription{$value}"]);
$availability = ba_db_real_escape_string($link, $_POST["cboAvailability{$value}"]);
$availablefrom = ba_db_real_escape_string($link, $_POST["txtAvailableFrom{$value}"]);
$availableto = ba_db_real_escape_string($link, $_POST["txtAvailableTo{$value}"]);
$itemcost = sanitiseAmount($_POST["txtItemCost{$value}"], True);
if ($iItemID > 0) {
$updatequery = "UPDATE {$db_prefix}items set ";
$updatequery .= "itTicket = {$ticket}, ";
$updatequery .= "itMeal = {$meal}, ";
$updatequery .= "itBunk = {$bunk}, ";
$updatequery .= "itAllowMultiple = {$allowmultiple}, ";
$updatequery .= "itMandatory = {$mandatory}, ";
$updatequery .= "itDescription = '{$itemdescription}', ";
$updatequery .= "itAvailability = '{$availability}', ";
$updatequery .= "itAvailableFrom = '{$availablefrom}', ";
$updatequery .= "itAvailableTo = '{$availableto}', ";
$updatequery .= "itItemCost = {$itemcost} ";
$updatequery .= "WHERE itItemID = {$iItemID}";
ba_db_query($link, $updatequery);
$itemidlist .= "," . $iItemID;
include '../inc/inc_head_db.php';
include '../inc/inc_admin.php';
include '../inc/inc_head_html.php';
include '../inc/inc_commonqueries.php';
$db_prefix = DB_PREFIX;
$eventinfo = getEventDetails($_GET['EventID'], 0, 'admin.php');
$eventid = $eventinfo['evEventID'];
if ($_POST['btnSubmit'] != '' && CheckReferrer('admin_markpaid.php')) {
foreach ($_POST as $key => $value) {
if (substr($key, 0, 8) == "hBooking") {
$iBookingID = $value;
$paid = (int) $_POST["chkPayPl{$value}"];
$meal = (int) $_POST["chkMealPl{$value}"];
$gate = (int) $_POST["chkGatePl{$value}"];
$amountpaid = sanitiseAmount($_POST["txtAmountPaid{$value}"]);
$amountexpected = sanitiseAmount($_POST["txtAmountExpected{$value}"]);
//Mark player as paid
if ($paid != 0) {
//Set up UPDATE & SELECT queries
$sql_update = "UPDATE {$db_prefix}bookings SET bkDatePaymentConfirmed = '" . date('Y-m-d') . "', bkAmountPaid = {$amountpaid}, bkAmountExpected = {$amountexpected} WHERE bkID = " . $iBookingID;
$sql_select = "SELECT plPlayerID, plFirstName, plSurname, plEmail, plEmailPaymentReceived ";
$sql_select .= "FROM {$db_prefix}players INNER JOIN {$db_prefix}bookings on bkPlayerID = plPlayerID WHERE bkID = " . $iBookingID;
//Run UPDATE query to set paid date
ba_db_query($link, $sql_update);
//Run SELECT query and send e-mail
$result = ba_db_query($link, $sql_select);
$row = ba_db_fetch_assoc($result);
$sBody = "Your payment for the upcoming event has been received and you have been marked as paid.\n";
$sBody .= "You are now fully booked.\n\nThank you.\n\n";
$sBody .= "Player ID: " . PID_PREFIX . sprintf('%03s', $row['plPlayerID']) . "\n";
$sBody .= "OOC Name: " . $row['plFirstName'] . " " . $row['plSurname'];
