function dbUnlockTable($pdo = null) { global $_lockedTable; $pdo = is_null($pdo) ? FlexiModelUtil::getInstance()->getXPDO() : $pdo; $_lockedTable = array(); //free all tables return dbExecute("UNLOCK TABLES", array(), $pdo); }
function simpleDB($qry, $verbose, $write = false) { // Returns the single value from a query, return false in an error // Handle memcache global $memcache; if (isset($memcache) && !$write) { // Create a lookup key for memcache $memcache_key = md5(DB_DATABASE . $qry); // Lookup value in memcache $result = $memcache->get($memcache_key); // If memcache doesn't have the result if ($result) { return $result; } } // Connect to the database with the READ or WRITE account if ($write) { $mysqli = @new mysqli(DB_HOST, DB_WRITE_USERNAME, DB_WRITE_PASSWORD, DB_DATABASE, DB_PORT); } else { $mysqli = @new mysqli(DB_HOST, DB_READ_USERNAME, DB_READ_PASSWORD, DB_DATABASE, DB_PORT); } // If there is an error in the database connection, prevent the page from loading //if ($mysqli->connect_error) die("Database is offline for maintenance: ".$mysqli->connect_error); if ($mysqli->connect_error) { die("Database is offline for maintenance."); } // Prepare the SQL statement $stmt = $mysqli->prepare($qry); $return = false; // Execute the statement if (dbExecute($stmt, $verbose, $mysqli)) { // Store the result $stmt->store_result(); // Count the number of rows before binding $rowcount = $mysqli->affected_rows; // If SQL is using SELECT, return the results if (!$write) { try { // Bind the result if (!@$stmt->bind_result($a)) { // If the statement caused an error, throw an error throw new Exception(mysqli_errno($mysqli) . ": " . mysqli_error($mysqli)); } // If a record is returned if ($rowcount > 0) { while ($stmt->fetch()) { // Return the first variable $return = stripslashes($a); } } else { $return = false; } } catch (Exception $e) { // If the output should be verbose if ($verbose) { $output = "Query error: " . $qry . " - " . $e->getMessage(); print_r($output); } } } } // Close the connection $stmt->close(); // Handle memcache if (isset($memcache) && !$write) { $memcache->set($memcache_key, $result, MEMCACHE_ADD_FLAG, MEMCACHE_ADD_TIMEOUT); } return $return; }
<?php include __DIR__ . "/include.php"; check_access(TEACHER); list($user, $email, $password, $password2) = apiCheckParams("user", "email", "password", "password2"); apiCheck(isAdmin() || $user === $_SESSION["user"], "Keine Berechtigung"); apiCheck(dbExists("SELECT id FROM user WHERE id = :id", ["id" => $user]), "Unbekannter Benutzer"); if ($email) { apiCheck(filter_var($email, FILTER_VALIDATE_EMAIL), "Bitte eine gültige Email angeben."); apiCheck(!dbExists("SELECT id FROM user WHERE email = :email", ['email' => $email]), "Diese E-Mail-Adresse ist bereits vergeben."); } apiCheck($password == $password2, "Die Passwörter müssen übereinstimmen."); apiAction(function () use($user, $password, $email) { if ($email) { dbExecute("UPDATE user SET email = :email WHERE id = :id", ["email" => $email, "id" => $user]); } if ($password) { $password_hash = password_hash($password, PASSWORD_DEFAULT); dbExecute("UPDATE user SET password = :password WHERE id = :id", ["password" => $password_hash, "id" => $user]); } });
<?php include __DIR__ . "/include.php"; list($email) = apiCheckParams("email"); $email = trim($email); apiCheck(filter_var($email, FILTER_VALIDATE_EMAIL), "Bitte eine gültige Email angeben."); apiAction(function () use($email) { // don't leak information over registered emails $user = fetch("SELECT id FROM user WHERE email = :email", ["email" => $email]); if ($user !== false) { // from http://stackoverflow.com/a/17649993 $rand = bin2hex(openssl_random_pseudo_bytes(16)); dbExecute("INSERT INTO forgot (id, user, created_at) VALUES (:rand, :user, NOW())", ["user" => $user->id, "rand" => $rand]); own_mail($email, "Passwort vergessen", "Hallo,\r\num dein Passwort zurückzusetzen gehe bitte auf diesen Link: https://www.weltfairsteher.de/resetPassword.php?forgotid={$rand}\r\nViele Grüße\r\nDein Weltfairsteher Team"); } });
/** * Prepare to remove a cache of classes * * @param array $params Database access data and other parameters * * @return bool */ function doRemoveCache($params) { $result = true; $pdoErrorMsg = ''; \Includes\Decorator\Utils\CacheManager::cleanupCacheIndicators(); \Includes\Decorator\Utils\CacheManager::cleanupRebuildIndicator(); // Remove all LiteCommerce tables if exists $connection = dbConnect($params, $pdoErrorMsg); if ($connection) { // Check if LiteCommerce tables is already exists $res = dbFetchAll('SHOW TABLES LIKE \'xlite_%\''); if (is_array($res)) { dbExecute('SET FOREIGN_KEY_CHECKS=0', $pdoErrorMsg); foreach ($res as $row) { $tableName = array_pop($row); $pdoErrorMsg = ''; $_query = sprintf('DROP TABLE `%s`', $tableName); dbExecute($_query, $pdoErrorMsg); if (!empty($pdoErrorMsg)) { $result = false; break; } } $pdoErrorMsg2 = ''; dbExecute('SET FOREIGN_KEY_CHECKS=1', $pdoErrorMsg2); if (empty($pdoErrorMsg)) { $pdoErrorMsg = $pdoErrorMsg2; } } } else { $result = false; } if (!$result) { x_install_log(xtr('doRemoveCache() failed'), $pdoErrorMsg); } return $result; }
<?php include __DIR__ . "/include.php"; check_access(ADMIN); list($points, $description) = apiCheckParams("points", "description"); $description = trim($description); apiCheck(ctype_digit($points), "Punkte müssen eine Zahl sein"); apiCheck(!dbExists("SELECT id FROM milestone WHERE points = :p", ["p" => $points]), "Punkte schon vorhanden"); apiCheck(strlen($description) !== 0, "Beschreibung darf nicht leer sein"); apiAction(function () use($points, $description) { dbExecute("INSERT INTO milestone (points, description) VALUES (:points, :description)", ["points" => $points, "description" => $description]); });
<?php include __DIR__ . "/include.php"; check_access(ADMIN); list($id) = apiCheckParams("id"); apiAction(function () use($id) { dbExecute("DELETE FROM feedback WHERE challenge = :id", ['id' => $id]); dbExecute("DELETE FROM solved_challenge WHERE challenge = :id", ['id' => $id]); dbExecute("DELETE FROM challenge WHERE id = :id", ['id' => $id]); });
<?php include __DIR__ . "/include.php"; check_access(ADMIN); list($m, $points, $description) = apiCheckParams("milestone", "points", "description"); $description = trim($description); apiCheck(dbExists("SELECT id FROM milestone WHERE id = :id", ["id" => $m]), "Unbekannte Etappe"); if ($points) { apiCheck(ctype_digit($points), "Punkte müssen eine Zahl sein"); apiCheck(!dbExists("SELECT id FROM milestone WHERE points = :p", ["p" => $points]), "Punkte schon vorhanden"); } apiAction(function () use($m, $points, $description) { if ($points) { dbExecute("UPDATE milestone SET points = :points WHERE id = :id", ["points" => $points, "id" => $m]); } if ($description) { dbExecute("UPDATE milestone SET description = :description WHERE id = :id", ["description" => $description, "id" => $m]); } });
<?php include __DIR__ . "/include.php"; check_access(ADMIN); list($name, $teacher, $class) = apiCheckParams("name", "teacher", "class"); $name = trim($name); apiCheck(dbExists("SELECT id FROM class WHERE id = :id", ["id" => $class]), "Klasse existiert nicht."); if (!empty($name)) { apiCheck(!dbExists("SELECT id FROM class WHERE name = :name", ["name" => $name]), "Name ist bereits vorhanden."); } if ($teacher >= 0) { apiCheck(dbExists("SELECT id FROM user WHERE id = :id", ["id" => $teacher]), "Lehrer existiert nicht."); } apiAction(function () use($class, $name, $teacher, $db) { if (!empty($name)) { dbExecute("UPDATE class SET name = :name WHERE id = :id ", ["name" => $name, "id" => $class]); } if ($teacher >= 0) { dbExecute("UPDATE class SET teacher = :teacher WHERE id = :id ", ["teacher" => $teacher, "id" => $class]); } });
/** * Execute a set of SQL queries from file * * @param string $fileName The name of file which contains SQL queries * @param bool $ignoreErrors Ignore errors flag * @param bool $is_restore ? * * @return bool */ function uploadQuery($fileName, $ignoreErrors = false, $is_restore = false) { $fp = @fopen($fileName, 'rb'); if (!$fp) { echo '<font color="red">[Failed to open ' . $fileName . ']</font></pre>' . "\n"; return false; } $command = ''; $counter = 1; while (!feof($fp)) { $c = ''; // read SQL statement from file do { $c .= fgets($fp, 1024); $endPos = strlen($c) - 1; } while (substr($c, $endPos) != "\n" && !feof($fp)); $c = chop($c); // skip comments if (substr($c, 0, 1) == '#' || substr($c, 0, 2) == '--') { continue; } // parse SQL statement $command .= $c; if (substr($command, -1) == ';') { $command = substr($command, 0, strlen($command) - 1); $table_name = ''; if (preg_match('/^CREATE TABLE `?([_a-zA-Z0-9]*)`?/i', $command, $matches)) { $table_name = $matches[1]; echo 'Creating table [' . $table_name . '] ... '; } elseif (preg_match('/^ALTER TABLE `?([_a-zA-Z0-9]*)`?/i', $command, $matches)) { $table_name = $matches[1]; echo 'Altering table [' . $table_name . '] ... '; } elseif (preg_match('/^DROP TABLE IF EXISTS `?([_a-zA-Z0-9]*)`?/i', $command, $matches)) { $table_name = $matches[1]; echo 'Deleting table [' . $table_name . '] ... '; } else { $counter++; } // Execute SQL query dbExecute($command, $myerr); // check for errors if (!empty($myerr)) { showQueryStatus($myerr, $ignoreErrors); if (!$ignoreErrors) { break; } } elseif ($table_name != "") { echo '<font color="green">[OK]</font><br />' . "\n"; } elseif (!($counter % 5)) { echo '.'; } $command = ''; flush(); } } fclose($fp); if ($counter > 20) { print "<br />\n"; } return !$is_restore && $ignoreErrors ? true : empty($myerr); }
$userid = fetch("SELECT user, created_at FROM forgot WHERE id = :id", ["id" => $forgotid]); $valid = true; $delete = false; if ($userid === false) { $valid = false; } else { if (strtotime($userid->created_at) + EXPIRE_TIME < time()) { // expired $valid = false; $delete = true; } } if ($valid) { $delete = true; // log the user in $user = fetch("SELECT id, role FROM user WHERE id = :id", ["id" => $userid->user]); $_SESSION["role"] = $user->role; $_SESSION["user"] = $user->id; ?> <b style="margin-left: 30%;"> Jippie, Sie sind wieder da! In wenigen Augenblicken geht´s weiter... </b> <script type="text/javascript"> setTimeout(function() {window.location = "teacher.php#changeUser"}, 1); </script> <?php } else { echo "Ungültiger Link!"; } if ($delete) { dbExecute("DELETE FROM forgot WHERE id = :id", ["id" => $forgotid]); } include "include/footer.php";
<?php include __DIR__ . "/include.php"; check_access(ADMIN); list($teacher) = apiCheckParams("teacher"); apiCheck(dbExists("SELECT id FROM user WHERE id = :teacher AND role != :admin", ['teacher' => $teacher, "admin" => ADMIN]), "Lehrer existiert nicht oder ist ein Admin"); apiCheck(!dbExists("SELECT id FROM class WHERE teacher = :id", ["id" => $teacher]), "Benutzer kann nur entfernt werden, wenn er keine Klassen mehr hat."); apiAction(function () use($teacher, $db) { $statement = $db->prepare("DELETE FROM user WHERE id = :teacher"); $result = $statement->execute(['teacher' => $teacher]); dbExecute("DELETE FROM forgot WHERE user = :id", ["id" => $id]); });
<?php include __DIR__ . "/include.php"; check_access(ADMIN); list($id) = apiCheckParams("id"); apiAction(function () use($id) { dbExecute("UPDATE challenge SET author = NULL WHERE author = :id", ["id" => $id]); dbExecute("DELETE FROM solved_challenge WHERE class = :id", ['id' => $id]); dbExecute("DELETE FROM suggested WHERE class = :id", ['id' => $id]); dbExecute("DELETE FROM class WHERE id = :id", ['id' => $id]); });
function zdb_Execute($tagId, &$arrayTag, &$arrayTagId, $arrayOrder) { $arrParam = $arrayTag[$tagId][ztagParam]; $strId = $arrParam["id"]; $strUse = $arrParam["use"]; $errorMessage .= ztagParamCheck($arrParam, "use"); if ($arrayTag[$tagId][ztagContentWidth]) { $strContent = ztagVars($arrayTag[$tagId][ztagContent], $arrayTagId); $strLocalId = $strUse; if ($strId) { $strLocalId = $strId; $arrayTagId[$strId][ztagIdValue] = $strContent; $arrayTagId[$strId][ztagIdLength] = strlen($strContent); $arrayTagId[$strId][ztagIdType] = idTypeExecute; $arrayTagId[$strId][ztagIdHandle] = $arrayTagId[$strUse][ztagIdHandle]; } dbExecute($arrayTagId[$strLocalId][ztagIdHandle], $strContent); } else { $errorMessage .= "<br />Tag Execute cannot be empty!"; } ztagError($errorMessage, $arrayTag, $tagId); }
/** * Building cache and installing database * * @param array $params * @param boolean $silentMode Silent mode * * @return bool */ function module_install_cache(&$params, $silentMode = false) { global $error; $result = false; if (!empty($params['new_installation']) && 'Y' == $params['demo']) { $dump_file = LC_DIR_ROOT . 'dump.sql'; if (file_exists($dump_file) && is_readable($dump_file)) { echo xtr('Uploading dump.sql into database...'); $sql = file_get_contents($dump_file); $sql = str_replace('`xlite_', '`' . $params['mysqlprefix'], $sql); $randPrefix = rand(0, 99); $sql = str_replace('`FK_', '`FK_' . $randPrefix, $sql); $sql = str_replace('`IDX_', '`IDX_' . $randPrefix, $sql); // Drop existing X-Cart tables if (doDropDatabaseTables($params)) { // Load SQL dump to the database $pdoErrorMsg = ''; dbExecute($sql, $pdoErrorMsg); if (empty($pdoErrorMsg)) { $result = true; } } @unlink($dump_file); if ($result) { echo '<span class="status-ok">OK</span>'; echo '<br /><p>' . xtr('Redirecting to the next step...') . '</p>'; ?> <script type="text/javascript"> function isProcessComplete() { if (document.getElementById('next-button')) { setNextButtonDisabled(false, true); setNextButtonDisabled(true); document.getElementById('back-button').disabled = 'disabled'; } else { setTimeout('isProcessComplete()', 1000); } } window.onload = function () { setNextButtonDisabled(true); } setTimeout('isProcessComplete()', 1000); </script> <?php } } } if (!$result) { $result = doPrepareFixtures($params, $silentMode); if ($result) { doRemoveCache(null); ?> <div id="cache-rebuild-failed" class="cache-error" style="display: none;"><span><?php echo xtr('Oops! Cache rebuild failed.'); ?> </span> <?php echo xtr('Check for possible reasons <a href="http://kb.x-cart.com/pages/viewpage.action?pageId=7504578">here</a>.'); ?> </div> <iframe id="process_iframe" style="padding-top: 15px;" src="admin.php?doNotRedirectAfterCacheIsBuilt&<?php echo time(); ?> " width="100%" height="300" frameborder="0" marginheight="10" marginwidth="10"></iframe> <br /> <br /> <br /> <?php echo xtr('Building cache notice'); ?> <script type="text/javascript"> var errCount = 0; var isStopped = false; function isProcessComplete() { var iframe = document.getElementById('process_iframe').contentWindow.document; if (iframe.getElementById('finish')) { resetCacheWindowContent(); } else { if (iframe.readyState == 'complete') { if (errCount > 60) { var pattern = /^.*Deploying store \[step (\d+) of (\d+)\].*$/m; var matches = iframe.body.innerHTML.match(pattern); processCacheRebuildFailure(matches); isStopped = true; } else { errCount = errCount + 1; } } else { errCount = 0; } setTimeout('isProcessComplete()', 1000); } } setTimeout('isProcessComplete()', 1000); </script> <?php } else { fatal_error(xtr('Error has encountered while creating fixtures or modules list.'), 'file', 'fixtures'); } $error = true; } return false; }
<?php include __DIR__ . "/include.php"; //check_access(TEACHER); list($link, $title, $type, $category, $captcha) = apiCheckParams("link", "title", "type", "category", "captcha_code"); apiCheck(strlen($link) != 0, "Link darf nicht leer sein"); apiCheck(strlen($title) != 0, "Titel darf nicht leer sein"); apiCheck($category == "other" || array_filter($categories, function ($cat) use($category) { return $cat->name === $category; }), "Ungültige Kategorie"); apiCheck(array_filter($leckerwissenTypes, function ($t) use($type) { return $t["name"] === $type; }), "Ungültiger Typ"); apiCheck($captcha === $_SESSION['captcha_spam'], "Der Captcha-Code war leider falsch!"); apiAction(function () use($link, $title, $type, $category) { dbExecute("INSERT INTO leckerwissen (link, title, type, category) VALUES (:link, :title, :type, :category)", ["link" => $link, "title" => $title, "type" => $type, "category" => $category]); });
<?php include __DIR__ . "/include.php"; check_access(ADMIN); list($id, $table) = apiCheckParams("id", "table"); // user has special rules (can't delete admin) if (in_array($table, ["leckerwissen", "milestone", "suggested", "solved_challenge"])) { apiCheck(dbExists("SELECT id FROM {$table} WHERE id = :id", ['id' => $id]), "Eintrag existiert nicht!"); } else { apiAddError("Ungültiger Tabellenname"); } apiAction(function () use($id, $table) { dbExecute("DELETE FROM {$table} WHERE id = :id", ['id' => $id]); });
} if ($category) { apiCheck(array_filter($categories, function ($cat) use($category) { return $cat->name === $category; }), "Ungültige Kategorie"); } if ($location) { apiCheck(array_filter($locationTypes, function ($lt) use($location) { return $lt["name"] === $location; }), "Ungültige Location!"); } apiAction(function () use($c, $name, $desc, $points, $category, $location, $extrapoints) { if ($name) { dbExecute("UPDATE challenge SET name = :name WHERE id = :id", ["id" => $c, "name" => $name]); } if ($desc) { dbExecute("UPDATE challenge SET description = :desc WHERE id = :id", ["id" => $c, "desc" => $desc]); } if ($points) { dbExecute("UPDATE challenge SET points = :points WHERE id = :id", ["id" => $c, "points" => $points]); } if ($extrapoints !== "nochange") { dbExecute("UPDATE challenge SET extrapoints = :extrapoints WHERE id = :id", ["id" => $c, "extrapoints" => $extrapoints]); } if ($category) { dbExecute("UPDATE challenge SET category = :category WHERE id = :id", ["id" => $c, "category" => $category]); } if ($location) { dbExecute("UPDATE challenge SET location = :location WHERE id = :id", ["id" => $c, "location" => $location]); } });
<?php include __DIR__ . "/include.php"; check_access(TEACHER); list($challenge, $fun, $integration, $duration, $problems, $comment) = apiCheckParams("challenge", "fun", "integration", "duration", "problems", "comment"); apiCheck(ctype_digit($fun) && ctype_digit($integration) && ctype_digit($duration) && ctype_digit($problems), "Werte müssen Zahlen sein!"); $challengeRow = fetch("SELECT name FROM challenge WHERE id = :id", ["id" => $challenge]); apiCheck($challengeRow !== false, "Unbekannte Challenge"); apiAction(function () use($challenge, $fun, $integration, $duration, $problems, $comment, $challengeRow) { dbExecute("INSERT INTO feedback (challenge, fun, integration, duration, problems, comment) VALUES (:challenge, :fun, :integration, :duration, :problems, :comment)", ["challenge" => $challenge, "fun" => $fun, "integration" => $integration, "duration" => $duration, "problems" => $problems, "comment" => $comment]); own_mail("*****@*****.**", "Neues Feedback", "Es ist ein neues Feedback für die Challenge " . e($challengeRow->name) . " eingegangen.\r\nGehe auf www.weltfairsteher.de/feedback.php zu anzeigen!"); });
<?php include __DIR__ . "/include.php"; check_access(ADMIN); list($lw, $link, $title, $type, $category) = apiCheckParams("lw", "link", "title", "type", "category"); apiCheck(dbExists("SELECT id FROM leckerwissen WHERE id = :id", ["id" => $lw]), "Ungültiges Leckerwissen"); if ($category) { apiCheck($category == "other" || array_filter($categories, function ($cat) use($category) { return $cat->name === $category; }), "Ungültige Kategorie"); } if ($type) { apiCheck(array_filter($leckerwissenTypes, function ($t) use($type) { return $t["name"] === $type; }), "Ungültiger Typ"); } apiAction(function () use($lw, $link, $title, $type, $category) { if ($link) { dbExecute("UPDATE leckerwissen SET link = :link WHERE id = :id", ["id" => $lw, "link" => $link]); } if ($title) { dbExecute("UPDATE leckerwissen SET title = :title WHERE id = :id", ["id" => $lw, "title" => $title]); } if ($category) { dbExecute("UPDATE leckerwissen SET category = :category WHERE id = :id", ["id" => $lw, "category" => $category]); } if ($type) { dbExecute("UPDATE leckerwissen SET type = :type WHERE id = :id", ["id" => $lw, "type" => $type]); } });
<?php include __DIR__ . "/include.php"; check_access(TEACHER); list($class, $challenge) = apiCheckParams("class", "challenge"); $user = $_SESSION["user"]; $extra = isset($_POST["extra"]); apiCheck(dbExists(isTeacher() ? "SELECT id FROM class WHERE id = :class AND teacher = :teacher" : "SELECT id FROM class WHERE id = :class AND :teacher != -1", ['class' => $class, "teacher" => $user]), "Ungültige Klasse"); apiCheck(dbExists("SELECT id FROM challenge WHERE id = :id", ["id" => $challenge]), "Ungültige Challenge"); apiCheck(!dbExists("SELECT * FROM solved_challenge WHERE class = :class AND challenge = :challenge", ["class" => $class, "challenge" => $challenge]), "Challenge wurde von der Klasse schon gelöst"); apiCheck(!$extra || dbExists("SELECT id FROM challenge WHERE id = :id AND extrapoints IS NOT NULL", ["id" => $challenge]), "Kann keine Extrapunkte für Challenge ohne Extrapunkte setzen!"); apiAction(function () use($class, $challenge, $extra) { checkMilestone($class, function () use($class, $challenge, $extra) { dbExecute("INSERT INTO solved_challenge (class, challenge, extra, at) VALUES (:class, :challenge, :extra, NOW())", ["class" => $class, "challenge" => $challenge, "extra" => $extra]); }); });
$extrapoints = null; } apiCheck(ctype_digit($points), "Punkte müssen eine Zahl sein"); apiCheck(!$extrapoints || ctype_digit($extrapoints), "Extrapunkte müssen eine Zahl sein"); apiCheck(strlen($title) !== 0, "Titel darf nicht leer sein"); apiCheck(strlen($desc) !== 0, "Beschreibung darf nicht leer sein"); apiCheck(isAdmin() || dbExists("SELECT id FROM class WHERE id = :id AND teacher = :teacher", ["id" => $class, "teacher" => $user]), "Keine Berechtigung für diese Klasse"); apiCheck(!$suggested || dbExists("SELECT id FROM class WHERE id = :id", ["id" => $class]), "Ungültige Klasse"); apiCheck(isAdmin() || $suggested, "Keine Berechtigung"); apiCheck($suggested || $category === "selfmade" || array_filter($categories, function ($cat) use($category) { return $cat->name === $category; }), "Ungültige Kategorie"); apiCheck(array_filter($locationTypes, function ($lt) use($location) { return $lt["name"] === $location; }), "Ungültige Location!"); apiCheck(!$suggested || fetch("SELECT COUNT(*) AS count FROM (SELECT class FROM suggested UNION ALL SELECT author AS class FROM challenge) AS c WHERE c.class = :id", ["id" => $class])->count < MAX_SELFMADE_PER_CLASS, "Es sind maximal " . MAX_SELFMADE_PER_CLASS . " Eigenkreationen pro Klasse erlaubt."); apiAction(function () use($title, $desc, $class, $points, $suggested, $category, $location, $extrapoints) { if ($suggested) { dbExecute("INSERT INTO suggested (title, description, class, points, location, extrapoints) VALUES (:title, :desc, :class, :points, :location, :extrapoints)", ["title" => $title, "desc" => $desc, "class" => $class, "points" => $points, "location" => $location, "extrapoints" => $extrapoints]); foreach (fetchAll("SELECT email FROM user WHERE role = :admin", ["admin" => ADMIN]) as $admin) { own_mail($admin->email, "Challenge vorgeschlagen", "Es wurde eine neue Challenge vorgeschlagen.\r\n\r\nTitel: {$title}\r\nBeschreibung:\r\n{$desc}\r\n\r\nZum Ablehnen oder Bestätigen bitte auf www.weltfairsteher.de/admin.php gehen."); } } else { if (!dbExists("SELECT id FROM class WHERE id = :id", ["id" => $class])) { $class = NULL; } checkMilestone($class, function () use($title, $desc, $class, $points, $suggested, $category, $location, $extrapoints) { dbExecute("INSERT INTO challenge (name, description, author, points, category, author_time, location, extrapoints) VALUES (:title, :desc, :class, :points, :category, NOW(), :location, :extrapoints)", ["title" => $title, "desc" => $desc, "class" => $class, "points" => $points, "location" => $location, "category" => $category, "extrapoints" => $extrapoints]); }); } });