function getEventDetails($eventid, $requirebookingsopen, $failureURL)
{
global $today, $db_prefix, $link;
if ($failureURL == '') {
$failureURL = 'start.php';
}
$eventid = htmlentities(stripslashes($eventid));
$eventid = (int) $eventid;
$sql = "Select * FROM {$db_prefix}events where ";
if ($requirebookingsopen) {
$sql .= "evBookingsOpen <= '" . $today . "' and evBookingsClose >= '" . $today . "' and ";
}
$sql .= " evEventID = " . $eventid;
$result = ba_db_query($link, $sql);
if (ba_db_num_rows($result) == 0) {
$sMsg = "The selected event is not currently open for bookings";
$sURL = fnSystemURL() . $failureURL . '?warn=' . urlencode($sMsg);
header("Location: {$sURL}");
}
return ba_db_fetch_assoc($result);
}
function CheckReferrer($Referrer_Check, $Referrer_Check_2 = "")
{
global $PLAYER_ID;
$bForceLogin = True;
//Get referrer, minus the query string
$sReferrer = parse_url($_SERVER['HTTP_REFERER'], PHP_URL_SCHEME) . '://' . parse_url($_SERVER['HTTP_REFERER'], PHP_URL_HOST) . parse_url($_SERVER['HTTP_REFERER'], PHP_URL_PATH);
if ($sReferrer == fnSystemURL() . $Referrer_Check) {
$bForceLogin = False;
}
if ($sReferrer == fnSystemURL() . $Referrer_Check_2) {
$bForceLogin = False;
}
//Special case - start page, with trailing slash but no 'index.php'
if (fnSystemURL() == $sReferrer && $Referrer_Check == 'index.php') {
$bForceLogin = False;
}
//Special case - start page, with no trailing slash
if (substr(fnSystemURL(), 0, strlen(fnSystemURL()) - 1) == $Referrer && $Referrer_Check == 'index.php') {
$bForceLogin = False;
}
if ($bForceLogin) {
//Delete any existing session and force new login
$sql = "DELETE FROM " . DB_PREFIX . "sessions WHERE ssPlayerID = {$PLAYER_ID}";
ba_db_query($link, $sql);
LogWarning("Form submitted from {$sReferrer} (expected " . fnSystemURL() . "{$Referrer_Check})\nPlayer ID: {$PLAYER_ID}");
ForceLogin();
} else {
return True;
}
}
| Bitsand. If not, see <http://www.gnu.org/licenses/>.
+---------------------------------------------------------------------------*/
include 'inc/inc_head_db.php';
include 'inc/inc_head_html.php';
include 'inc/inc_paypalbutton.php';
$bookingid = (int) htmlentities(stripslashes($_GET['BookingID']));
$sql = "Select * FROM {$db_prefix}bookings inner join {$db_prefix}events on evEventID = bkEventID where bkPlayerID = {$PLAYER_ID} and bkID = " . $bookingid;
$otherpaymentsql = "select * from {$db_prefix}paymentrequests inner join {$db_prefix}players on plEmail = prEmail inner join {$db_prefix}bookings on bkID = prBookingID inner join {$db_prefix}events on evEventID = bkEventID where bkID = {$bookingid} and plPlayerID = {$PLAYER_ID}";
$paymentrequest = 0;
$result = ba_db_query($link, $sql);
if (ba_db_num_rows($result) == 0) {
$result = ba_db_query($link, $otherpaymentsql);
$paymentrequest = 1;
if (ba_db_num_rows($result) == 0) {
$sMsg = "You cannot view this booking";
$sURL = fnSystemURL() . 'start.php?warn=' . urlencode($sMsg);
header("Location: {$sURL}");
}
}
$bookinginfo = ba_db_fetch_assoc($result);
?>
<script type='text/javascript'>
function updatePaypalButton()
{
$('#txtAnotherAmount').attr('value',Number($('#txtAnotherAmount').attr('value')).toFixed(2));
if ($('#txtAnotherAmount').attr('value') == "NaN") { $('#txtAnotherAmount').attr('value', "0.00");}
$('#anotheramount').attr('value', $('#txtAnotherAmount').attr('value'));
}
}
if (substr($key, 0, 7) == "txtitem") {
$itemid = (int) str_replace("txtitem", "", $key);
if ($itemid > 0) {
$value = (int) $value;
$newitemsql = "insert into {$db_prefix}bookingitems (biBookingID, biItemID, biQuantity) VALUES ({$bookingid}, {$itemid}, {$value})";
ba_db_query($link, $newitemsql);
}
}
}
if ($overrideexpected == 0) {
resetExpectedAmount($bookingid);
}
}
if ($newbooking == 1) {
$sURL = fnSystemURL() . 'admin_booking.php?BookingID=' . $bookingid;
header("Location: {$sURL}");
}
$sql = "select * from {$db_prefix}bookingitems inner join {$db_prefix}items where biItemID = itItemID and biBookingID = {$bookingid}";
$result = ba_db_query($link, $sql);
$itemselected = array();
$usedidlist = "";
//Building a list of items for this booking, we'll update bunk and meal status here as well
$bunkandmealstatussql = "update {$db_prefix}bookings set bkBunkRequested = 0, bkBunkAllocated = 0, bkMealTicket = 0";
while ($row = ba_db_fetch_assoc($result)) {
array_push($itemselected, $row);
$usedidlist .= $row['itItemID'] . ",";
if ($row['itBunk'] == 1) {
$bunkandmealstatussql .= ", bkBunkRequested = 1, bkBunkAllocated = 1";
}
if ($row['itMeal'] == 1) {
ba_db_query($link, $sql);
//Remove payment requests
$sql = "DELETE FROM " . DB_PREFIX . "paymentrequests where prBookingID in ({$usedidlist})";
ba_db_query($link, $sql);
//Remove bookings
$sql = "DELETE FROM " . DB_PREFIX . "bookings where bkEventID = {$eventid}";
ba_db_query($link, $sql);
//Remove items
$sql = "DELETE FROM " . DB_PREFIX . "items where itEventID = {$eventid}";
ba_db_query($link, $sql);
//Remove event
$sql = "DELETE FROM " . DB_PREFIX . "events where evEventID = {$eventid}";
ba_db_query($link, $sql);
//Remove all records from bookings table
$sMsg = "Event " . htmlentities(stripslashes($eventinfo['evEventName'])) . " has been deleted";
$sURL = fnSystemURL() . 'admin.php?warn=' . urlencode($sMsg);
header("Location: {$sURL}");
} else {
$sWarn = "CONFIRM was not entered correctly in the text box. It must be all upper case.";
}
}
include '../inc/inc_head_html.php';
?>
<script type="text/javascript">
<!--
function fnConfirm () {
return confirm ("Are you sure you want to delete this event, including all bookings?")
}
// -->
</script>
<?php
/*-----------------------------------------------------------------------------
| Bitsand - an online booking system for Live Role Play events
|
| File inc/index.php
| Summary: The sole purpose of this file is to prevent people viewing the
| contents of this directory. It simply redirects the browser to
| the start page
| Author: Russell Phillips
| Copyright: (C) 2006 - 2015 The Bitsand Project
| (http://github.com/PeteAUK/bitsand)
|
| Bitsand is free software; you can redistribute it and/or modify it under the
| terms of the GNU General Public License as published by the Free Software
| Foundation, either version 3 of the License, or (at your option) any later
| version.
|
| Bitsand is distributed in the hope that it will be useful, but WITHOUT ANY
| WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
| FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
| details.
|
| You should have received a copy of the GNU General Public License along with
| Bitsand. If not, see <http://www.gnu.org/licenses/>.
+---------------------------------------------------------------------------*/
require 'inc_config.php';
include 'inc_head_db.php';
header("Location: " . fnSystemURL());
}
$sql = "DELETE FROM {$db_prefix}guildmembers WHERE gmPlayerID = {$PLAYER_ID}";
if (!ba_db_query($link, $sql)) {
$sWarn = "There was a problem clearing character details";
LogError("Error clearing character details (guildmembers) (admin).\nPlayer ID: {$PLAYER_ID}");
}
$sql = "DELETE FROM {$db_prefix}skillstaken WHERE stPlayerID = {$PLAYER_ID}";
if (!ba_db_query($link, $sql)) {
$sWarn = "There was a problem clearing character details";
LogError("Error clearing character details (skillstaken) (admin).\nPlayer ID: {$PLAYER_ID}");
}
$sURL = fnSystemURL() . 'ic_form.php';
header("Location: {$sURL}");
}
if (strtolower($_POST['btnSubmit']) == 'no' && CheckReferrer('ic_confirmclear.php')) {
$sURL = fnSystemURL() . 'ic_form.php';
header("Location: {$sURL}");
}
include 'inc/inc_head_html.php';
include 'inc/inc_forms.php';
?>
<h1><?php
echo TITLE;
?>
- Clear IC Details</h1>
<p>
<strong>Are you sure you want to clear your character information?</strong>
</p>
<p>
Once it's confirmed it cannot be undone, you will need to re-enter your information.
</p>
$sNotes = ba_db_real_escape_string($link, $sCharacterCSV[6]);
$sSpecial = ba_db_real_escape_string($link, $sCharacterCSV[7]);
//Build up character SQL
$sql = "INSERT INTO {$db_prefix}characters (" . "chPlayerID, " . "chName, " . "chPreferredName, " . "chRace, " . "chGender, " . "chFaction, " . "chNPC, " . "chNotes, " . "chOSP) " . "VALUES (" . "{$iPlayerID}, " . "'{$sName}', " . "'{$sPreferredname}', " . "'{$sRace}', " . "'{$sGender}', " . "'{$sFaction}', " . "'{$sNpc}', " . "'{$sNotes}', " . "'{$sSpecial}')";
// Insert character details
ba_db_query($link, $sql);
// Guilds
$sGuildCSV = explode(",", trim($csv[2]));
foreach ($sGuildCSV as $guild) {
$sql = "INSERT INTO {$db_prefix}guildmembers (gmPlayerID, gmName) " . "VALUES ({$iPlayerID}, '{$guild}')";
ba_db_query($link, $sql);
}
// Skills
$sSkillsCSV = explode(",", trim($csv[3]));
foreach ($sSkillsCSV as $skill) {
$sql = "INSERT INTO {$db_prefix}skillstaken (stPlayerID, stSkillID) " . "VALUES ({$iPlayerID}, {$skill})";
ba_db_query($link, $sql);
}
// OSPs
$sOspCSV = explode(",", trim($csv[4]));
foreach ($sOspCSV as $osp) {
$sql = "INSERT INTO {$db_prefix}ospstaken (otPlayerID, otOspID) " . "VALUES ({$iPlayerID}, {$osp})";
ba_db_query($link, $sql);
}
}
//Close link to database
ba_db_close($link);
//Redirect to index page
$sURL = fnSystemURL() . "index.php";
$sURL .= "?green=" . urlencode("Details imported. Please log in and check your details to ensure that they are correct");
header("Location: {$sURL}");
$eventid = (int) htmlentities(stripslashes($_GET['EventID']));
if ($eventid > 0) {
$eventinfo = getEventDetails($eventid, 0, 'admin.php');
}
$bid = (int) $_GET['bid'];
$db_prefix = DB_PREFIX;
//remove player from queue
if ($bid > 0 && CheckReferrer('admin_booking_queue.php')) {
$sql = "UPDATE {$db_prefix}bookings SET bkInQueue = 0 WHERE bkID = " . $bid;
ba_db_query($link, $sql);
//Send e-mail to tell them.
$result = ba_db_query($link, "SELECT plFirstName, plSurname, plEmail, plEmailRemovedFromQueue FROM {$db_prefix}players WHERE plPlayerID = {$bid}");
$row = ba_db_fetch_assoc($result);
$email = $row['plEmail'];
//Set up e-mail body
$sBody = "You have been removed from the booking queue at " . SYSTEM_NAME . ". " . "You can now finalise and pay for your booking.\n\n" . "Player ID: " . PID_PREFIX . sprintf('%03s', $bid) . "\n" . "OOC Name: " . $row['plFirstName'] . " " . $row['plSurname'] . "\n\n" . str_replace("admin/", "", fnSystemURL());
//Send e-mail
if ($row['plEmailRemovedFromQueue']) {
mail($email, SYSTEM_NAME . ' - Ready to Finalise', $sBody, "From:" . SYSTEM_NAME . " <" . EVENT_CONTACT_MAIL . ">");
}
}
//Get list of queued players
$sql = "SELECT bkID, plPlayerID, " . "plFirstName, " . "plSurname, " . "chName, " . "chFaction, " . "case when bkdateoocconfirmed > bkdateicconfirmed then bkdateoocconfirmed else bkdateicconfirmed end as bkDateConfirmed " . "FROM {$db_prefix}players, {$db_prefix}characters, {$db_prefix}bookings " . "WHERE plPlayerID = chPlayerID AND chPlayerID = bkPlayerID AND bkInQueue = 1" . " AND bkEventID = {$eventid}" . " ORDER BY bkDateConfirmed ASC";
$result = ba_db_query($link, $sql);
?>
<script src="../inc/sorttable.js" type="text/javascript"></script>
<h1><?php
echo TITLE;
?>
- Players In Booking Queue</h1>
$result = ba_db_query ($link, $sql);
$row = ba_db_fetch_assoc ($result);
if ($row['plBookAs'] == 'Player' && $row['chFaction'] != DEFAULT_FACTION) { $queuebooking = 1;}
}
$sql = "UPDATE {$db_prefix}bookings SET bkInQueue = $queuebooking WHERE bkPlayerID = $pid";
if (! ba_db_query ($link, $sql)) {
LogError ("Error updating queue type of booking.\nPlayer ID: $PLAYER_ID");
}
*/
//Send e-mail
$sBody = "Your OOC details have been confirmed at " . SYSTEM_NAME . ". " . "Both IC and OOC details must be confirmed before you can finalise your booking.\n\n" . "Player ID: " . PID_PREFIX . sprintf('%03s', $PLAYER_ID) . "\n" . "OOC Name: " . $row['plFirstName'] . " " . $row['plSurname'] . "\n\n" . fnSystemURL() . "\n";
if ($bEmailOOCChange) {
mail($row['plEmail'], SYSTEM_NAME . ' - OOC details', $sBody, "From:" . SYSTEM_NAME . " <" . EVENT_CONTACT_MAIL . ">");
}
//Make up URL & redirect
$sURL = fnSystemURL() . 'start.php?green=' . urlencode('Your OOC details have been confirmed');
header("Location: {$sURL}");
}
include 'inc/inc_head_html.php';
include 'inc/inc_forms.php';
?>
<h1><?php
echo TITLE;
?>
- OOC Details</h1>
<p>
<?php
if ($bConfirmed) {
echo "Your OOC information has been confirmed. You will not be able to change it until after the upcoming event.";
$sql = "SELECT COUNT(*) AS cMail FROM {$db_prefix}players WHERE plEmail = '{$sNewMail}'";
$result = ba_db_query($link, $sql);
$row = ba_db_fetch_assoc($result);
if ($row['cMail'] != '0') {
$sWarn = "The e-mail address {$sNewMail} is already registered";
} else {
//Get user's current e-mail address
$result = ba_db_query($link, "SELECT plFirstName, plSurname, plEmail FROM {$db_prefix}players WHERE plPlayerID = {$PLAYER_ID}");
$row = ba_db_fetch_assoc($result);
//Run update query & set message
$sCode = RandomString(10, 20);
$sql = "UPDATE {$db_prefix}players SET plNewMail = '{$sNewMail}', plNewMailCode = '" . ba_db_real_escape_string($link, $sCode) . "' " . "WHERE plPlayerID = {$PLAYER_ID}";
$result = ba_db_query($link, $sql);
$sGreen = "A confirmation code has been sent to both your existing, and your new, e-mail addresses.<br>" . "Follow the instructions in the e-mail to confirm the change of e-mail address";
//E-mail user with confirmation code and instructions
$sBody = "A request has been received for your e-mail address to be changed at " . SYSTEM_NAME . ". " . "In order to make this change, you must log on to " . SYSTEM_NAME . " at " . fnSystemURL() . " using your existing e-mail address and password, then go to the 'Change password' page " . "and enter the code below:\n\nCode: {$sCode}\n\n" . "Note that the code must be entered *exactly* as above - it is probably easiest to copy and paste it.\n\n" . "If you have any problems, or questions, e-mail " . TECH_CONTACT_NAME . " at " . TECH_CONTACT_MAIL . "\n\n" . "Player ID: " . PID_PREFIX . sprintf('%03s', $PLAYER_ID) . "\n" . "OOC Name: " . $row['plFirstName'] . " " . $row['plSurname'] . "\n\n" . fnSystemURL();
mail($row['plEmail'], SYSTEM_NAME . ' - email change', $sBody, "From:" . SYSTEM_NAME . " <" . EVENT_CONTACT_MAIL . ">");
mail(SafeEmail($_POST['txtEmail']), SYSTEM_NAME . ' - email change', $sBody, "From:" . SYSTEM_NAME . " <" . EVENT_CONTACT_MAIL . ">");
}
}
if ($_POST['btnConfirm'] != '' && CheckReferrer('change_password.php')) {
//Get user's e-mail address
$result = ba_db_query($link, "SELECT plNewMail, plNewMailCode FROM {$db_prefix}players WHERE plPlayerID = {$PLAYER_ID}");
$row = ba_db_fetch_assoc($result);
if ($row['plNewMailCode'] == $_POST['txtCode']) {
//Run update query & set message
$sql = "UPDATE {$db_prefix}players SET plEmail = '" . SafeEmail($row['plNewMail']) . "', plNewMail = '', plNewMailCode = '' " . "WHERE plPlayerID = {$PLAYER_ID}";
$result = ba_db_query($link, $sql);
if ($result === False) {
$sWarn = "There was a problem updating your e-mail address";
} else {
| Bitsand is distributed in the hope that it will be useful, but WITHOUT ANY
| WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
| FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
| details.
|
| You should have received a copy of the GNU General Public License along with
| Bitsand. If not, see <http://www.gnu.org/licenses/>.
+---------------------------------------------------------------------------*/
include 'inc/inc_head_db.php';
$db_prefix = DB_PREFIX;
if ($_POST['btnSubmit'] != '' && (CheckReferrer('booking.php') || CheckReferrer('eventbookingconfirm.php'))) {
$bookingid = (int) $_POST['hBooking'];
$email = htmlentities(stripslashes($_POST['txtEmail']));
if ($bookingid > 0) {
$sBody = "You have recieved a request to make a payment for an event at " . SYSTEM_NAME . ". " . "\n\nIf you have an account then please login to make this payment.\n" . "Otherwise you must create an account if you wish to make a payment, using this e-mail address.\n\n" . "If you have recieved this request in error, then please ignore it, or contact " . EVENT_CONTACT_NAME . " (" . EVENT_CONTACT_MAIL . ") if you have any questions.";
"\n\n" . fnSystemURL();
mail($email, SYSTEM_NAME . ' - Payment Request', $sBody, "From:" . SYSTEM_NAME . " <" . EVENT_CONTACT_MAIL . ">");
$sql = "INSERT INTO {$db_prefix}paymentrequests (prEmail, prBookingID) VALUES ('{$email}', {$bookingid})";
ba_db_query($link, $sql);
}
}
if ($_GET['green'] != '') {
$sGreen .= htmlentities($_GET['green']);
}
if ($_GET['warn'] != '') {
$sWarn .= htmlentities($_GET['warn']);
}
include 'inc/inc_head_html.php';
?>
<h1><?php
$sNewPass .= chr(rand(97, 122));
break;
}
}
//Get salted hash of new password and run UPDATE query
$sHashPass = sha1($sNewPass . PW_SALT);
$sql = "UPDATE " . DB_PREFIX . "players SET plPassword = '******', plLoginCounter = 0 " . "WHERE plEmail LIKE '" . ba_db_real_escape_string($link, $sEmail) . "'";
$result = ba_db_query($link, $sql);
if (ba_db_affected_rows($link) == 0) {
//No changes made.
$sMsg = 'E-mail not found. Password not reset. Please check and try again';
} else {
//Send e-mail
$sTo = $sEmail;
$sSubject = SYSTEM_NAME . " - password reset";
$sBody = "Hi,\nYour password at " . SYSTEM_NAME . " has been reset. " . "Your new password is:\n{$sNewPass}\nYou can log in using this new password.\n\n" . fnSystemURL();
ini_set("sendmail_from", EVENT_CONTACT_MAIL);
$mail = mail($sTo, $sSubject, $sBody, "From:" . SYSTEM_NAME . " <" . EVENT_CONTACT_MAIL . ">", '-f' . EVENT_CONTACT_MAIL);
if ($mail) {
$sMsg = "A new password has been sent to {$sEmail}. Please check your e-mail for your new password.<br />\n" . "If you do not get the e-mail, check your Junk/Spam folder - it may have been marked as spam " . "(this appears to be particularly common with web-based e-mail services)";
} else {
$sMsg = "There was an error sending your reset email. Please contact <a href = 'mailto:" . Obfuscate(TECH_CONTACT_MAIL) . "'>" . TECH_CONTACT_NAME . "</a> to reset your password manually";
}
}
if (ba_db_affected_rows($link) > 1) {
//More than one record updated - log warning
LogWarning("retrieve.php - Multiple records updated from SQL query\n{$sql}");
}
}
?>
curl_setopt($ch, CURLOPT_REFERER, $systems_url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$result = curl_exec($ch);
curl_close($ch);
if ($result) {
$ba_systems_file = explode("\n", $result);
}
}
if ($ba_systems_file) {
// Tidy up the retrieved file, drop all of the rem lines and then sort
$ba_systems = array();
foreach ($ba_systems_file as $line) {
if (substr(trim($line), 0, 1) != '#' && !empty(trim($line))) {
$line = explode("\t", $line);
// We don't need to include our own site
if (strpos($line[2], fnSystemURL()) === false) {
$ba_systems[$line[0]] = array('system' => $line[1], 'url' => $line[2]);
}
}
}
ksort($ba_systems);
?>
<h2>Copy Details From Another System</h2>
<p>
If you are registered on another copy of Bitsand, simply select the system from the drop-down box below and enter your user name and password on that system. Your details will be copied over automatically.
</p>
<form action="import.php" method="post">
<table class="blockmid">
<tr>
if ($sWarn != '') {
$sWarn = "The following problems were found:<br>\n" . $sWarn;
}
//Do not redirect if there are any warnings (required fields not filled in, etc)
if ($sWarn == '') {
//Get user's e-mail address
$result = ba_db_query($link, "SELECT plFirstName, plSurname, plEmail FROM {$db_prefix}players WHERE plPlayerID = {$PLAYER_ID}");
$row = ba_db_fetch_assoc($result);
$email = $row['plEmail'];
//Send e-mail
$sBody = "Your IC details have been entered at " . SYSTEM_NAME . ".\n\n" . "Player ID: " . PID_PREFIX . sprintf('%03s', $PLAYER_ID) . "\n" . "OOC Name: " . $row['plFirstName'] . " " . $row['plSurname'] . "\n\n" . fnSystemURL();
if ($bEmailICChange) {
mail($email, SYSTEM_NAME . ' - IC details', $sBody, "From:" . SYSTEM_NAME . " <" . EVENT_CONTACT_MAIL . ">");
}
//Make up URL & redirect
$sURL = fnSystemURL() . 'start.php?green=' . urlencode('Your IC details have been updated');
header("Location: {$sURL}");
}
}
include 'inc/inc_head_html.php';
include 'inc/inc_js_forms.php';
//Get existing details if there are any
$sql = "SELECT * FROM {$db_prefix}characters WHERE chPlayerID = {$PLAYER_ID}";
$result = ba_db_query($link, $sql);
$row = ba_db_fetch_assoc($result);
$sNotes = $row['chNotes'];
$sOSP = $row['chOSP'];
?>
<h1><?php
echo TITLE;
}
//Get user's e-mail address
$result = ba_db_query($link, "SELECT plEmail FROM {$db_prefix}players WHERE plPlayerID = {$admin_player_id}");
$row = ba_db_fetch_assoc($result);
$sEmail = $row['plEmail'];
if (SEND_PASSWORD) {
//E-mail user with new password
$sBody = "Your password for " . SYSTEM_NAME . " has been changed. " . "Your new details are below:\n\n" . "E-mail: {$sEmail}\nPassword: {$_POST[txtPassword1]}\n" . "Player ID: " . PID_PREFIX . sprintf('%03s', $admin_player_id) . "\n" . "OOC Name: " . $row['plFirstName'] . " " . $row['plSurname'] . "\n\n" . fnSystemURL();
mail($sEmail, SYSTEM_NAME . ' - password change', $sBody, "From:" . SYSTEM_NAME . " <" . EVENT_CONTACT_MAIL . ">");
}
} else {
$sWarn = "There was a problem resetting the password<br>\n";
LogError("Error updating OOC information (admin_pw_reset.php). Player ID: {$admin_player_id}");
}
//Redirect to start page
$sURL = fnSystemURL() . '../start.php?green=' . urlencode('Password has been reset, and account enabled, for player ID ' . PID_PREFIX . sprintf('%03s', $admin_player_id));
if (SEND_PASSWORD) {
$sURL .= '. The new password has been e-mailed to the player';
}
header("Location: {$sURL}");
}
}
include '../inc/inc_head_html.php';
?>
<h1><?php
echo TITLE;
?>
- Password Reset</h1>
<h2>Reset Password for Player ID <?php
$marshal = stripslashes($_POST["cboMarshal{$value}"]);
$sEmail = ba_db_real_escape_string($link, SafeEmail($_POST['txtEmail']));
$sql = "UPDATE {$db_prefix}players SET plFirstName = '" . ba_db_real_escape_string($link, $_POST['txtFirstName']) . "', " . "plSurname = '" . ba_db_real_escape_string($link, $_POST['txtSurname']) . "', " . "pleAddress1 = AES_ENCRYPT('" . ba_db_real_escape_string($link, $_POST['txtAddress1']) . "', '{$key}'), " . "pleAddress2 = AES_ENCRYPT('" . ba_db_real_escape_string($link, $_POST['txtAddress2']) . "', '{$key}'), " . "pleAddress3 = AES_ENCRYPT('" . ba_db_real_escape_string($link, $_POST['txtAddress3']) . "', '{$key}'), " . "pleAddress4 = AES_ENCRYPT('" . ba_db_real_escape_string($link, $_POST['txtAddress4']) . "', '{$key}'), " . "plePostcode = AES_ENCRYPT('" . ba_db_real_escape_string($link, $_POST['txtPostcode']) . "', '{$key}'), " . "pleTelephone = AES_ENCRYPT('" . ba_db_real_escape_string($link, $_POST['txtPhone']) . "', '{$key}'), " . "pleMobile = AES_ENCRYPT('" . ba_db_real_escape_string($link, $_POST['txtMobile']) . "', '{$key}'), " . "plEmail = '{$sEmail}', " . "plDOB = '{$dob}', " . "pleMedicalInfo = AES_ENCRYPT('" . ba_db_real_escape_string($link, $sMedInfo) . "', '{$key}'), " . "plEmergencyName = '" . ba_db_real_escape_string($link, $_POST['txtEmergencyName']) . "', " . "pleEmergencyNumber = AES_ENCRYPT('" . ba_db_real_escape_string($link, $_POST['txtEmergencyNumber']) . "', '{$key}'), " . "plEmergencyRelationship = '" . ba_db_real_escape_string($link, $_POST['txtEmergencyRelationship']) . "', " . "plCarRegistration = '{$sCarReg}', " . "plDietary = '" . ba_db_real_escape_string($link, $_POST['selDiet']) . "', " . "plNotes = '" . ba_db_real_escape_string($link, $_POST['txtNotes']) . "', " . "plAdminNotes = '" . ba_db_real_escape_string($link, $_POST['txtAdminNotes']) . "', ";
$sql .= "plRefNumber = {$refnumber}, plMarshal = '{$marshal}',";
$sql .= "plEventPackByPost = {$iByPost} ";
$sql .= "WHERE plPlayerID = {$admin_player_id}";
//Run UPDATE query
if (ba_db_query($link, $sql)) {
//Query should affect exactly one row. Log a warning if it affected more
if (ba_db_affected_rows($link) > 1) {
LogWarning("More than one row updated during admin OOC update (admin_edit_ooc.php). Player ID: {$admin_player_id}");
}
//Do not redirect if there are any warnings (required fields not filled in, etc)
if ($sWarn == '') {
//Make up URL & redirect
$sURL = fnSystemURL() . "admin_viewdetails.php?pid={$admin_player_id}&green=" . urlencode("OOC details updated");
header("Location: {$sURL}");
}
} else {
$sWarn = "There was a problem updating the OOC details";
LogError("Error updating OOC information (admin_edit_ooc.php). Player ID: {$admin_player_id}");
}
}
//Get existing details if there are any
$sql = "SELECT plFirstName, " . "plSurname, " . "AES_DECRYPT(pleAddress1, '{$key}') AS dAddress1, " . "AES_DECRYPT(pleAddress2, '{$key}') AS dAddress2, " . "AES_DECRYPT(pleAddress3, '{$key}') AS dAddress3, " . "AES_DECRYPT(pleAddress4, '{$key}') AS dAddress4, " . "AES_DECRYPT(plePostcode, '{$key}') AS dPostcode, " . "AES_DECRYPT(pleTelephone, '{$key}') AS dTelephone, " . "AES_DECRYPT(pleMobile, '{$key}') AS dMobile, " . "plEmail, " . "plDOB, " . "AES_DECRYPT(pleMedicalInfo, '{$key}') AS dMedicalInfo, " . "plEmergencyName, " . "AES_DECRYPT(pleEmergencyNumber, '{$key}') AS dEmergencyNumber, " . "plEmergencyRelationship, " . "plCarRegistration, " . "plDietary, " . "plNotes, " . "plAdminNotes, " . "plEventPackByPost, " . "plRefNumber, " . "plMarshal " . "FROM {$db_prefix}players WHERE plPlayerID = {$admin_player_id}";
$result = ba_db_query($link, $sql);
$playerrow = ba_db_fetch_assoc($result);
include '../inc/inc_head_html.php';
include '../inc/inc_js_forms.php';
?>
include 'inc/inc_head_html.php';
?>
<h1><?php
echo TITLE;
?>
- Download</h1>
<p>
This booking system runs on Bitsand, a web-based booking system for LRP events. Bitsand is copyright (c) 2006 - 2015 <a href = "https://github.com/PeteAUK/bitsand">The Bitsand Project</a>.
</p>
<p>
Bitsand is free software; you can redistribute it and/or modify it under the terms of the <a href = "http://www.gnu.org/licenses/gpl.html">GNU General Public License</a> as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version.
</p>
<?php
//Display notice about lion background image if this is the Lions' system
if (fnSystemURL() == 'http://bookings.lionsfaction.co.uk/' || fnSystemURL() == 'https://bookings.lionsfaction.co.uk/') {
echo '<p>The lion background image is modified from an <a href = "http://flickr.com/photos/stuartyeates/216280481/">image by Stuart Yeates</a>, released under the Creative Commons <a href = "http://creativecommons.org/licenses/by-sa/3.0/">Attribution-ShareAlike 3.0</a> licence. The modified image is available from the <a href = "https://github.com/PeteAUK/bitsand">Bitsand Project</a></p>';
}
?>
<p>
Full source code is available from the <a href = "https://github.com/PeteAUK/bitsand">Bitsand Github repository</a>. There is also an <a href = "https://github.com/PeteAUK/bitsand/issues">issue tracker</a>, where bugs and feature requests can be registered.
</p>
<p>If you would like to be informed when new versions are released, please <a href="https://github.com/PeteAUK/bitsand/subscription">watch the Bitsand Github repository</a> or <a href="http://www.freelists.org/list/bitsand">sign up to our Mailing List</a></p>
<?php
include 'inc/inc_foot.php';
$row = ba_db_fetch_assoc($result);
$iLoginCounter = $row['plLoginCounter'];
$sql = "UPDATE {$db_prefix}players SET plLoginCounter = " . ++$iLoginCounter . " " . "WHERE plEmail LIKE '" . ba_db_real_escape_string($link, $sEmail) . "'";
//Log failed login attempt
$sLogWarn = "Failed login attempt\nE-mail: {$sEmail}\n" . "Attempt was made from IP address {$_SERVER['REMOTE_ADDR']}";
LogWarning($sLogWarn);
//Check for too many failed logins
if ($iLoginCounter > LOGIN_TRIES && $row['plPassword'] != 'ACCOUNT DISABLED') {
//Change SQL query so that plPassword and plLoginCounter are both updated
$sql = "UPDATE {$db_prefix}players SET plPassword = '******', plLoginCounter = " . $iLoginCounter . " WHERE plEmail LIKE '" . ba_db_real_escape_string($link, $sEmail) . "'";
$sMessage = "You have entered an incorrect password too many times. Your account has been disabled.<br>" . "An e-mail has been sent to your e-mail address with instructions on how to re-enable your account.";
//E-mail user
$sBody = "This is an automated message from " . SYSTEM_NAME . ". Your account has been disabled, because " . "an incorrect password was entered too many times. You can re-enable your account by resetting your " . "password (Follow the 'Get a new password' link from the front page). If you have any problems, " . "please contact " . TECH_CONTACT_NAME . " at " . TECH_CONTACT_MAIL . " to have your account re-enabled.\n\n" . fnSystemURL();
mail($sEmail, SYSTEM_NAME . ' - account disabled', $sBody, "From:" . SYSTEM_NAME . " <" . TECH_CONTACT_MAIL . ">");
//E-mail admin and log a warning
$sBody = "Account with e-mail address {$sEmail} has been disabled, after too many failed login attempts.\n" . "Latest attempt was from IP address {$_SERVER['REMOTE_ADDR']}\n" . "An e-mail has been sent to the user.\n\n" . fnSystemURL();
mail(TECH_CONTACT_MAIL, SYSTEM_NAME . ' - account disabled', $sBody, "From:" . SYSTEM_NAME . " <" . TECH_CONTACT_MAIL . ">");
LogWarning($sBody);
} elseif ($row['plPassword'] == 'ACCOUNT DISABLED') {
//Account has been previously disabled. Just display message - do not send e-mail
$sMessage = "Your account has been disabled. To re-enable it, either <a href = 'retrieve.php'>request a new password</a>" . " or e-mail " . TECH_CONTACT_NAME . ", using the link below";
}
//Run query to update plLoginCounter (and plPassword, if account is being disabled)
ba_db_query($link, $sql) . $sql;
}
} else {
//User is not logging in, so reset login cookies
//Cookies are reset here, but values will not be available until next page load. Note that Lynx (and others?)
//do not seem to reset cookies when they are set null value, so we set them to zero, then set them to null
setcookie('BA_PlayerID', 0);
setcookie('BA_PlayerID', '');
$sURL = fnSystemURL() . 'booking.php?BookingID=' . $bookingid;
header("Location: {$sURL}");
} else {
if ($_POST['delete'] != null || $_POST['rebook'] != null) {
$sql = "DELETE FROM {$db_prefix}bookingitems WHERE biBookingID = " . $bookingid;
ba_db_query($link, $sql);
$sql = "DELETE FROM {$db_prefix}paymentrequests WHERE prBookingID = " . $bookingid;
ba_db_query($link, $sql);
$sql = "DELETE FROM {$db_prefix}bookings WHERE bkID = " . $bookingid;
ba_db_query($link, $sql);
if ($_POST['delete'] != null) {
$sMsg = "Your booking has been cancelled for " . htmlentities(stripslashes($bookinginfo['evEventName']));
$sURL = fnSystemURL() . 'start.php?warn=' . urlencode($sMsg);
header("Location: {$sURL}");
} else {
$sURL = fnSystemURL() . 'eventbooking.php?EventID=' . $bookinginfo['evEventID'];
header("Location: {$sURL}");
}
}
}
echo "<h2>Delete booking for event - " . htmlentities(stripslashes($bookinginfo['evEventName'])) . "</h2>";
?>
<p>Please confirm that you wish to delete your current booking for this event.</p>
<?php
if ($bookinginfo['bkInQueue'] == 1) {
echo "<p>You will lose your place in the queue, and may miss out on a place at the event if you continue.</p>";
}
if ($bookinginfo['bkAmountPaid'] > 0) {
echo "<p>You will need to request a refund of any payment made, please contact <a href = 'mailto:" . Obfuscate(EVENT_CONTACT_MAIL) . "'>" . EVENT_CONTACT_NAME . "</a>.</p>";
