예제 #1
0
function rsvp_admin_guest()
{
    global $wpdb;
    if (count($_POST) > 0 && !empty($_POST['firstName']) && !empty($_POST['lastName'])) {
        check_admin_referer('rsvp_add_guest');
        $passcode = isset($_POST['passcode']) ? $_POST['passcode'] : "";
        if (isset($_SESSION[EDIT_SESSION_KEY]) && is_numeric($_SESSION[EDIT_SESSION_KEY])) {
            $wpdb->update(ATTENDEES_TABLE, array("firstName" => trim($_POST['firstName']), "lastName" => trim($_POST['lastName']), "email" => trim($_POST['email']), "personalGreeting" => trim($_POST['personalGreeting']), "rsvpStatus" => trim($_POST['rsvpStatus'])), array("id" => $_SESSION[EDIT_SESSION_KEY]), array("%s", "%s", "%s", "%s", "%s"), array("%d"));
            rsvp_printQueryDebugInfo();
            $attendeeId = $_SESSION[EDIT_SESSION_KEY];
            $wpdb->query($wpdb->prepare("DELETE FROM " . ASSOCIATED_ATTENDEES_TABLE . " WHERE attendeeId = %d", $attendeeId));
            $wpdb->query($wpdb->prepare("DELETE FROM " . ASSOCIATED_ATTENDEES_TABLE . " WHERE associatedAttendeeID = %d", $attendeeId));
        } else {
            $wpdb->insert(ATTENDEES_TABLE, array("firstName" => trim($_POST['firstName']), "lastName" => trim($_POST['lastName']), "email" => trim($_POST['email']), "personalGreeting" => trim($_POST['personalGreeting']), "rsvpStatus" => trim($_POST['rsvpStatus'])), array('%s', '%s', '%s', '%s', '%s'));
            $attendeeId = $wpdb->insert_id;
        }
        if (isset($_POST['associatedAttendees']) && is_array($_POST['associatedAttendees'])) {
            foreach ($_POST['associatedAttendees'] as $aid) {
                if (is_numeric($aid) && $aid > 0) {
                    $wpdb->insert(ASSOCIATED_ATTENDEES_TABLE, array("attendeeID" => $attendeeId, "associatedAttendeeID" => $aid), array("%d", "%d"));
                    $wpdb->insert(ASSOCIATED_ATTENDEES_TABLE, array("attendeeID" => $aid, "associatedAttendeeID" => $attendeeId), array("%d", "%d"));
                }
            }
        }
        if (rsvp_require_passcode()) {
            if (empty($passcode)) {
                $passcode = rsvp_generate_passcode();
            }
            if (rsvp_require_unique_passcode() && !rsvp_is_passcode_unique($passcode, $attendeeId)) {
                $passcode = rsvp_generate_passcode();
            }
            $wpdb->update(ATTENDEES_TABLE, array("passcode" => trim($passcode)), array("id" => $attendeeId), array("%s"), array("%d"));
        }
        ?>
			<p>Attendee <?php 
        echo htmlspecialchars(stripslashes($_POST['firstName'] . " " . $_POST['lastName']));
        ?>
 has been successfully saved</p>
			<p>
				<a href="<?php 
        echo get_option('siteurl');
        ?>
/wp-admin/admin.php?page=rsvp-top-level">Continue to Attendee List</a> | 
				<a href="<?php 
        echo get_option('siteurl');
        ?>
/wp-admin/admin.php?page=rsvp-admin-guest">Add a Guest</a> 
			</p>
	<?php 
    } else {
        $attendee = null;
        unset($_SESSION[EDIT_SESSION_KEY]);
        $associatedAttendees = array();
        $firstName = "";
        $lastName = "";
        $email = "";
        $personalGreeting = "";
        $rsvpStatus = "NoResponse";
        $passcode = "";
        if (isset($_GET['id']) && is_numeric($_GET['id'])) {
            $attendee = $wpdb->get_row("SELECT id, firstName, lastName, email, personalGreeting, rsvpStatus, passcode FROM " . ATTENDEES_TABLE . " WHERE id = " . $_GET['id']);
            if ($attendee != null) {
                $_SESSION[EDIT_SESSION_KEY] = $attendee->id;
                $firstName = stripslashes($attendee->firstName);
                $lastName = stripslashes($attendee->lastName);
                $email = stripslashes($attendee->email);
                $personalGreeting = stripslashes($attendee->personalGreeting);
                $rsvpStatus = $attendee->rsvpStatus;
                $passcode = stripslashes($attendee->passcode);
                // Get the associated attendees and add them to an array
                $associations = $wpdb->get_results("SELECT associatedAttendeeID FROM " . ASSOCIATED_ATTENDEES_TABLE . " WHERE attendeeId = " . $attendee->id . " UNION " . "SELECT attendeeID FROM " . ASSOCIATED_ATTENDEES_TABLE . " WHERE associatedAttendeeID = " . $attendee->id);
                foreach ($associations as $aId) {
                    $associatedAttendees[] = $aId->associatedAttendeeID;
                }
            }
        }
        ?>
			<form name="contact" action="admin.php?page=rsvp-admin-guest" method="post">
				<?php 
        wp_nonce_field('rsvp_add_guest');
        ?>
				<p class="submit">
					<input type="submit" class="button-primary" value="<?php 
        _e('Save');
        ?>
" />
				</p>
				<table class="form-table">
					<tr valign="top">
						<th scope="row"><label for="firstName"><?php 
        echo __("First Name", 'rsvp-plugin');
        ?>
:</label></th>
						<td align="left"><input type="text" name="firstName" id="firstName" size="30" value="<?php 
        echo htmlspecialchars($firstName);
        ?>
" /></td>
					</tr>
					<tr valign="top">
						<th scope="row"><label for="lastName"><?php 
        echo __("Last Name", 'rsvp-plugin');
        ?>
:</label></th>
						<td align="left"><input type="text" name="lastName" id="lastName" size="30" value="<?php 
        echo htmlspecialchars($lastName);
        ?>
" /></td>
					</tr>
					<tr valign="top">
						<th scope="row"><label for="email"><?php 
        echo __("Email", 'rsvp-plugin');
        ?>
:</label></th>
						<td align="left"><input type="text" name="email" id="email" size="30" value="<?php 
        echo htmlspecialchars($email);
        ?>
" /></td>
					</tr>
					<?php 
        if (rsvp_require_passcode()) {
            ?>
						<tr valign="top">
							<th scope="row"><label for="passcode">Passcode:</label></th>
							<td align="left"><input type="text" name="passcode" id="passcode" size="30" value="<?php 
            echo htmlspecialchars($passcode);
            ?>
" maxlength="6" /></td>
						</tr>
					<?php 
        }
        ?>
					<tr>
						<th scope="row"><label for="rsvpStatus">RSVP Status</label></th>
						<td align="left">
							<select name="rsvpStatus" id="rsvpStatus" size="1">
								<option value="NoResponse" <?php 
        echo $rsvpStatus == "NoResponse" ? " selected=\"selected\"" : "";
        ?>
>No Response</option>
								<option value="Yes" <?php 
        echo $rsvpStatus == "Yes" ? " selected=\"selected\"" : "";
        ?>
>Yes</option>									
								<option value="No" <?php 
        echo $rsvpStatus == "No" ? " selected=\"selected\"" : "";
        ?>
>No</option>
							</select>
						</td>
					</tr>
					<tr valign="top">
						<th scope="row" valign="top"><label for="personalGreeting">Custom Message:</label></th>
						<td align="left"><textarea name="personalGreeting" id="personalGreeting" rows="5" cols="40"><?php 
        echo htmlspecialchars($personalGreeting);
        ?>
</textarea></td>
					</tr>
					<tr valign="top">
						<th scope="row">Associated Attendees:</th>
						<td align="left">
							<select name="associatedAttendees[]" multiple="multiple" size="5" style="height: 200px;">
								<?php 
        $attendees = $wpdb->get_results("SELECT id, firstName, lastName FROM " . $wpdb->prefix . "attendees ORDER BY lastName, firstName");
        foreach ($attendees as $a) {
            if ($a->id != $_SESSION[EDIT_SESSION_KEY]) {
                ?>
											<option value="<?php 
                echo $a->id;
                ?>
" 
															<?php 
                echo in_array($a->id, $associatedAttendees) ? "selected=\"selected\"" : "";
                ?>
><?php 
                echo htmlspecialchars(stripslashes($a->firstName) . " " . stripslashes($a->lastName));
                ?>
</option>
								<?php 
            }
        }
        ?>
							</select>
						</td>
					</tr>
				<?php 
        if ($attendee != null && $attendee->id > 0) {
            $sql = "SELECT question, answer FROM " . ATTENDEE_ANSWERS . " ans \n\t\t\t\t\t\tINNER JOIN " . QUESTIONS_TABLE . " q ON q.id = ans.questionID \n\t\t\t\t\t\tWHERE attendeeID = %d \n\t\t\t\t\t\tORDER BY q.sortOrder";
            $aRs = $wpdb->get_results($wpdb->prepare($sql, $attendee->id));
            if (count($aRs) > 0) {
                ?>
				<tr>
					<td colspan="2">
						<h4>Custom Questions Answered</h4>
						<table cellpadding="2" cellspacing="0" border="0">
							<tr>
								<th>Question</th>
								<th>Answer</th>
							</tr>
				<?php 
                foreach ($aRs as $a) {
                    ?>
							<tr>
								<td><?php 
                    echo stripslashes($a->question);
                    ?>
</td>
								<td><?php 
                    echo str_replace("||", ", ", stripslashes($a->answer));
                    ?>
</td>
							</tr>
				<?php 
                }
                ?>
						</table>
					</td>
				</tr>
				<?php 
            }
        }
        ?>
				</table>
				<p class="submit">
					<input type="submit" class="button-primary" value="<?php 
        _e('Save');
        ?>
" />
				</p>
			</form>
<?php 
    }
}
function rsvp_handleNewRsvp(&$output, &$text)
{
    global $wpdb, $rsvp_saved_form_vars;
    $thankYouPrimary = "";
    $thankYouAssociated = array();
    foreach ($_POST as $key => $val) {
        $rsvp_saved_form_vars[$key] = $val;
    }
    if (empty($_POST['attendeeFirstName']) || empty($_POST['attendeeLastName'])) {
        return rsvp_handlenewattendee($output, $text);
    }
    $rsvpPassword = "";
    $rsvpStatus = "No";
    if (strToUpper($_POST['mainRsvp']) == "Y") {
        $rsvpStatus = "Yes";
    }
    $kidsMeal = isset($_POST['mainKidsMeal']) && strToUpper($_POST['mainKidsMeal']) == "Y" ? "Y" : "N";
    $veggieMeal = isset($_POST['mainVeggieMeal']) && strToUpper($_POST['mainVeggieMeal']) == "Y" ? "Y" : "N";
    $thankYouPrimary = $_POST['attendeeFirstName'];
    $wpdb->insert(ATTENDEES_TABLE, array("rsvpDate" => date("Y-m-d"), "firstName" => $_POST['attendeeFirstName'], "lastName" => $_POST['attendeeLastName'], "email" => $_POST['mainEmail'], "rsvpStatus" => $rsvpStatus, "note" => $_POST['rsvp_note'], "kidsMeal" => $kidsMeal, "veggieMeal" => $veggieMeal), array("%s", "%s", "%s", "%s", "%s", "%s", "%s", "%s"));
    rsvp_printQueryDebugInfo();
    $attendeeID = $wpdb->insert_id;
    if (rsvp_require_passcode()) {
        $rsvpPassword = trim(rsvp_generate_passcode());
        $wpdb->update(ATTENDEES_TABLE, array("passcode" => $rsvpPassword), array("id" => $attendeeID), array("%s"), array("%d"));
    }
    rsvp_handleAdditionalQuestions($attendeeID, "mainquestion");
    $sql = "SELECT id, firstName FROM " . ATTENDEES_TABLE . " \n\t \tWHERE (id IN (SELECT attendeeID FROM " . ASSOCIATED_ATTENDEES_TABLE . " WHERE associatedAttendeeID = %d) \n\t\t\tOR id in (SELECT associatedAttendeeID FROM " . ASSOCIATED_ATTENDEES_TABLE . " WHERE attendeeID = %d)) \n\t\t\t AND rsvpStatus = 'NoResponse'";
    $associations = $wpdb->get_results($wpdb->prepare($sql, $attendeeID, $attendeeID));
    foreach ($associations as $a) {
        if (isset($_POST['attending' . $a->id]) && ($_POST['attending' . $a->id] == "Y" || $_POST['attending' . $a->id] == "N")) {
            if ($_POST['attending' . $a->id] == "Y") {
                $rsvpStatus = "Yes";
            } else {
                $rsvpStatus = "No";
            }
            $thankYouAssociated[] = stripslashes($a->firstName);
            $wpdb->update(ATTENDEES_TABLE, array("rsvpDate" => date("Y-m-d"), "rsvpStatus" => $rsvpStatus, "email" => $_POST['attending' . $a->id . "Email"], "kidsMeal" => strToUpper(isset($_POST['attending' . $a->id . 'KidsMeal']) ? $_POST['attending' . $a->id . 'KidsMeal'] : "N") == "Y" ? "Y" : "N", "veggieMeal" => strToUpper(isset($_POST['attending' . $a->id . 'VeggieMeal']) ? $_POST['attending' . $a->id . 'VeggieMeal'] : "N") == "Y" ? "Y" : "N"), array("id" => $a->id), array("%s", "%s", "%s", "%s", "%s"), array("%d"));
            rsvp_printQueryDebugInfo();
            rsvp_handleAdditionalQuestions($a->id, $a->id . "question");
        }
    }
    if (get_option(OPTION_HIDE_ADD_ADDITIONAL) != "Y") {
        if (is_numeric($_POST['additionalRsvp']) && $_POST['additionalRsvp'] > 0) {
            for ($i = 1; $i <= $_POST['additionalRsvp']; $i++) {
                $numGuests = 3;
                if (get_option(OPTION_RSVP_NUM_ADDITIONAL_GUESTS) != "") {
                    $numGuests = get_optioN(OPTION_RSVP_NUM_ADDITIONAL_GUESTS);
                    if (!is_numeric($numGuests) || $numGuests < 0) {
                        $numGuests = 3;
                    }
                }
                if ($i <= $numGuests && !empty($_POST['newAttending' . $i . 'FirstName']) && !empty($_POST['newAttending' . $i . 'LastName'])) {
                    $thankYouAssociated[] = $_POST['newAttending' . $i . 'FirstName'];
                    $wpdb->insert(ATTENDEES_TABLE, array("firstName" => trim($_POST['newAttending' . $i . 'FirstName']), "lastName" => trim($_POST['newAttending' . $i . 'LastName']), "email" => trim($_POST['newAttending' . $i . "Email"]), "rsvpDate" => date("Y-m-d"), "rsvpStatus" => $_POST['newAttending' . $i] == "Y" ? "Yes" : "No", "kidsMeal" => isset($_POST['newAttending' . $i . 'KidsMeal']) ? $_POST['newAttending' . $i . 'KidsMeal'] : "N", "veggieMeal" => isset($_POST['newAttending' . $i . 'VeggieMeal']) ? $_POST['newAttending' . $i . 'VeggieMeal'] : "N", "additionalAttendee" => "Y"), array('%s', '%s', '%s', '%s', '%s', '%s', '%s'));
                    rsvp_printQueryDebugInfo();
                    $newAid = $wpdb->insert_id;
                    rsvp_handleAdditionalQuestions($newAid, $i . 'question');
                    // Add associations for this new user
                    $wpdb->insert(ASSOCIATED_ATTENDEES_TABLE, array("attendeeID" => $newAid, "associatedAttendeeID" => $attendeeID), array("%d", "%d"));
                    rsvp_printQueryDebugInfo();
                    $wpdb->query("INSERT INTO " . ASSOCIATED_ATTENDEES_TABLE . "(attendeeID, associatedAttendeeID)\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t SELECT " . $newAid . ", associatedAttendeeID \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t FROM " . ASSOCIATED_ATTENDEES_TABLE . " \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t WHERE attendeeID = " . $attendeeID);
                    rsvp_printQueryDebugInfo();
                }
            }
        }
    }
    if (get_option(OPTION_NOTIFY_ON_RSVP) == "Y" && get_option(OPTION_NOTIFY_EMAIL) != "") {
        $sql = "SELECT firstName, lastName, rsvpStatus, note, kidsMeal, veggieMeal FROM " . ATTENDEES_TABLE . " WHERE id= " . $attendeeID;
        $attendee = $wpdb->get_results($sql);
        if (count($attendee) > 0) {
            $body = "Hello, \r\n\r\n";
            $body .= stripslashes($attendee[0]->firstName) . " " . stripslashes($attendee[0]->lastName) . " has submitted their RSVP and has RSVP'd with '" . $attendee[0]->rsvpStatus . "'.\r\n";
            if (get_option(OPTION_HIDE_KIDS_MEAL) != "Y") {
                $body .= "Kids Meal: " . $attendee[0]->kidsMeal . "\r\n";
            }
            if (get_option(OPTION_HIDE_VEGGIE) != "Y") {
                $body .= "Vegetarian Meal: " . $attendee[0]->veggieMeal . "\r\n";
            }
            if (get_option(RSVP_OPTION_HIDE_NOTE) != "Y") {
                $body .= "Note: " . stripslashes($attendee[0]->note) . "\r\n";
            }
            $sql = "SELECT question, answer FROM " . QUESTIONS_TABLE . " q \n\t\t\t\tLEFT JOIN " . ATTENDEE_ANSWERS . " ans ON q.id = ans.questionID AND ans.attendeeID = %d \n\t\t\t\tORDER BY q.sortOrder, q.id";
            $aRs = $wpdb->get_results($wpdb->prepare($sql, $attendeeID));
            if (count($aRs) > 0) {
                $body .= "\r\n\r\n--== Custom Questions ==--\r\n";
                foreach ($aRs as $a) {
                    $body .= stripslashes($a->question) . ": " . stripslashes($a->answer) . "\r\n";
                }
            }
            $sql = "SELECT firstName, lastName, rsvpStatus FROM " . ATTENDEES_TABLE . " \n\t\t\t \tWHERE id IN (SELECT attendeeID FROM " . ASSOCIATED_ATTENDEES_TABLE . " WHERE associatedAttendeeID = %d) \n\t\t\t\t\tOR id in (SELECT associatedAttendeeID FROM " . ASSOCIATED_ATTENDEES_TABLE . " WHERE attendeeID = %d)";
            $associations = $wpdb->get_results($wpdb->prepare($sql, $attendeeID, $attendeeID));
            if (count($associations) > 0) {
                foreach ($associations as $a) {
                    $body .= "\r\n\r\n--== Associated Attendees ==--\r\n";
                    $body .= stripslashes($a->firstName . " " . $a->lastName) . " rsvp status: " . $a->rsvpStatus . "\r\n";
                }
            }
            $emailAddy = get_option(OPTION_NOTIFY_EMAIL);
            $headers = "";
            if (get_option(OPTION_RSVP_DISABLE_CUSTOM_EMAIL_FROM) != "Y") {
                $headers = 'From: ' . $emailAddy . "\r\n";
            }
            wp_mail($emailAddy, "New RSVP Submission", $body, $headers);
        }
    }
    if (get_option(OPTION_RSVP_GUEST_EMAIL_CONFIRMATION) == "Y" && !empty($_POST['mainEmail'])) {
        $sql = "SELECT firstName, lastName, email, rsvpStatus FROM " . ATTENDEES_TABLE . " WHERE id= " . $attendeeID;
        $attendee = $wpdb->get_results($sql);
        if (count($attendee) > 0) {
            $body = "Hello " . stripslashes($attendee[0]->firstName) . " " . stripslashes($attendee[0]->lastName) . ", \r\n\r\n";
            $body .= "You have successfully RSVP'd with '" . $attendee[0]->rsvpStatus . "'.";
            $sql = "SELECT firstName, lastName, rsvpStatus FROM " . ATTENDEES_TABLE . " \n\t\t\t \tWHERE id IN (SELECT attendeeID FROM " . ASSOCIATED_ATTENDEES_TABLE . " WHERE associatedAttendeeID = %d) \n\t\t\t\t\tOR id in (SELECT associatedAttendeeID FROM " . ASSOCIATED_ATTENDEES_TABLE . " WHERE attendeeID = %d)";
            $associations = $wpdb->get_results($wpdb->prepare($sql, $attendeeID, $attendeeID));
            if (count($associations) > 0) {
                foreach ($associations as $a) {
                    $body .= "\r\n\r\n--== Associated Attendees ==--\r\n";
                    $body .= stripslashes($a->firstName . " " . $a->lastName) . " rsvp status: " . $a->rsvpStatus . "\r\n";
                }
            }
            $emailAddy = get_option(OPTION_NOTIFY_EMAIL);
            $headers = "";
            if (!empty($emailAddy) && get_option(OPTION_RSVP_DISABLE_CUSTOM_EMAIL_FROM) != "Y") {
                $headers = 'From: ' . $emailAddy . "\r\n";
            }
            wp_mail($attendee[0]->email, "RSVP Confirmation", $body, $headers);
        }
    }
    return rsvp_handle_output($text, rsvp_frontend_new_atendee_thankyou($thankYouPrimary, $thankYouAssociated, $rsvpPassword));
}