function db_error_logger($errno, $errstr, $errfile = "", $errline = "", $errorcontext = array()){
$errno = makeStringSafe($errno);
$errstr = makeStringSafe($errstr);
$errfile = makeStringSafe($errfile);
$errline = makeStringSafe($errline);
if($errno < E_STRICT){
doQuery("INSERT INTO ".getDBPrefix()."_error_log set user_id = '".getSessionVariable("user_id")."', error_number = '".$errno."',
message = '".$errstr."', file = '".$errfile."', line_number = '".$errline."', context = '".serialize($errorcontext)."',
time = '".getCurrentMySQLDateTime()."'");
$errorrow = mysql_fetch_assoc(doQuery("SELECT error_id FROM ".getDBPrefix()."_error_log ORDER BY error_id DESC LIMIT 1"));
if(getConfigVar('error_output') == ERROR_OUTPUT_DBID || getConfigVar('error_output') == ERROR_OUTPUT_BOTH){
echo "<h4 style=\"color: #FF0000;\">An error occured! If you would like to report this error, please report that your 'ERROR_ID' is '".$errorrow['error_id']."'.</h4>";
}
}
return !(getConfigVar("error_output") == ERROR_OUTPUT_PHP || getConfigVar("error_output") == ERROR_OUTPUT_BOTH);
}
function addToLog($userid, $action, $description)
{
$userid = makeStringSafe($userid);
$action = makeStringSafe($action);
$description = makeStringSafe($description);
$mysqldate = getCurrentMySQLDateTime();
$ip = getClientIP();
$hostname = getClientHostname();
doQuery("INSERT INTO " . getDBPrefix() . "_log SET user_id = '" . $userid . "', action_type = '" . $action . "', action_description = '" . $description . "', date = '" . $mysqldate . "', ip = '" . $ip . "', hostname='" . $hostname . "'");
}
function isEquipmentReserved($equipid, $date)
{
$equipid = makeStringSafe($equipid);
$date = makeStringSafe($date);
$start_Date = new DateTime($date);
$start_Date->modify("+3 day");
//$interval = new DateInterval("P3D");
//$start_Date->add($interval);
$result = doQuery("SELECT * FROM " . getDBPrefix() . "_reservations WHERE equip_id = '" . $equipid . "' AND (mod_status = '" . RES_STATUS_CONFIRMED . "' or mod_status = '" . RES_STATUS_PENDING . "') AND (start_date BETWEEN '" . $date . "' and '" . $start_Date->format("Y-m-d") . "')");
if (mysql_num_rows($result) > 0) {
return true;
} else {
return false;
}
}
function deleteMessage($messageid){
$messageid = makeStringSafe($messageid);
doQuery("DELETE FROM ".getDBPrefix()."_messages WHERE message_id = '".$messageid."' LIMIT 1");
}
function getReservationsByEquipIDandDate($equip, $startdate, $enddate)
{
$equip = makeStringSafe($equip);
$startdate = makeStringSafe($startdate);
$enddate = makeStringSafe($enddate);
return doQuery("SELECT * FROM " . getDBPrefix() . "_reservations WHERE\r\n\tequip_id = '" . $equip . "' AND \r\n\t(mod_status = '" . RES_STATUS_PENDING . "' OR mod_status = '" . RES_STATUS_CONFIRMED . "' OR mod_status = '" . RES_STATUS_CHECKED_OUT . "')\r\n\tAND ((start_date BETWEEN '" . $startdate . "' AND '" . $enddate . "') OR (end_date BETWEEN '" . $startdate . "' AND '" . $enddate . "'))");
}
<?php
/*
Radford Reservation System
Author: Andrew Melton
Filename: getpicture.php
Purpose:
This will get and display the picture for equipment with the equipid
provided by the GET variable 'equip'
Known Bugs/Fixes:
None
*/
header("Content-type: image/jpeg");
session_start();
$equipid = $_GET['equip'];
require 'functions.php';
$equipid = makeMySQLSafe($equipid);
$pictureloc = "./pics/";
$row = mysql_fetch_assoc(doQuery("SELECT picture FROM " . getDBPrefix() . "_equipment WHERE equip_id = '" . $equipid . "'"));
if ($row['picture'] == "") {
$pictureloc = $pictureloc . "nopic.jpg";
} else {
$pictureloc = $pictureloc . $row['picture'];
}
readfile($pictureloc);
exit(0);
}
function getUserByUsername($username)
{
$username = makeStringSafe($username);
return doQuery("SELECT * FROM " . getDBPrefix() . "_users WHERE username = '******'");
<?php
return $result;
}
function getCurrentMessages()
{
$date = getCurrentMySQLDate();
<?php
$result = doQuery("SELECT * FROM " . getDBPrefix() . "_blackouts WHERE (start_date <= '" . $start . "' and end_date >= '" . $start . "') OR (start_date <= '" . $end . "' and end_date >= '" . $end . "')");
if (mysql_num_rows($result) > 0) {
return true;
} else {
<?php
<?php
$userid = makeStringSafe($userid);
return doQuery("SELECT * FROM " . getDBPrefix() . "_warnings WHERE user_id = '" . $userid . "'");
}
function getWarningByID($warnid)
{
