protected function processUpdate() { global $db; if ($this->getElementValue('status') == "DELETE") { $this->processDelete(); } $sanitizer = Sanitizer::getInstance(); $sql = 'UPDATE signups SET status = :status, numberMachinesAllowed = :machinesAllowed, comments = concat(comments, "\\n", now(), " (", :staffUsername, ") - ", :comments, :changeMetadata), gigabit = :gigabit, ticketCost = :ticketCost WHERE id = :id'; $stmt = $db->prepare($sql); $stmt->bindValue(':id', $this->getElementValue('id')); $stmt->bindValue(':status', $this->getElementValue('status')); $stmt->bindValue(':comments', $sanitizer->formatString($this->getElementValue('comments'))); $stmt->bindValue(':gigabit', $sanitizer->formatBool($this->getElementValue('gigabit'))); $stmt->bindValue(':ticketCost', $this->getElementValue('ticketCost')); $stmt->bindValue(':staffUsername', Session::getUser()->getUsername()); $stmt->bindValue(':changeMetadata', $this->getChangeMetadata()); $stmt->bindValue(':machinesAllowed', $this->getElementValue('numberMachinesAllowed')); $stmt->execute(); $this->signup = $this->getSignup(); if ($this->getElementValue('status') == 'CANCELLED') { require_once 'includes/functions.seatingPlan.php'; removeSeat($this->signup['event'], $this->signup['userId']); } $sql = 'SELECT e.id FROM events e WHERE e.id = :eventId LIMIT 1'; $stmt = $db->prepare($sql); $stmt->bindValue(':eventId', $this->signup['event']); $stmt->execute(); logActivity('Signup updated for _u_ to event _e_ ' . $this->getElementValue('comments') . '. ' . $this->getChangeMetadata(), null, array('user' => $this->signup['user'], 'event' => $this->signup['event'])); redirect('viewEvent.php?id=' . $this->signup['event'], 'Signup edited.'); }
<?php set_include_path(get_include_path() . PATH_SEPARATOR . '../../'); require_once 'includes/common.php'; require_once 'includes/functions.seatingPlan.php'; use libAllure\Sanitizer; requirePrivOrRedirect('SUPERUSER'); $eventId = Sanitizer::getInstance()->filterUint('event'); $userId = Sanitizer::getInstance()->filterUint('user'); removeSeat($eventId, $userId); echo 'OK';
function swapUsersSeats($eventId, $userId1, $userId2) { $seat1 = getSeatForUser($eventId, $userId1); $seat2 = getSeatForUser($eventId, $userId2); if (empty($seat1) || empty($seat2)) { return; } // var_dump($seat1[0]['seat'], $seat2[0]['seat'], $userId1, $userId2); exit; removeSeat($eventId, $userId1, false); removeSeat($eventId, $userId2, false); setUserInSeat($eventId, $seat2[0]['seat'], $userId1); setUserInSeat($eventId, $seat1[0]['seat'], $userId2); }