function get_booking_options($event_id) { //get the id's and descriptions for options chosen by the user $savedUserBookingOptions = null; $userBookingResult = wrap_db_query("SELECT e.option_id, o.description FROM " . BOOKING_EVENT_OPTIONS_TABLE . " AS e, " . BOOKING_OPTIONS_TABLE . " AS o WHERE e.event_id='" . $event_id . "' AND e.option_id=o.option_id"); if ($userBookingResult && wrap_db_num_rows($userBookingResult) > 0) { while ($userBookingFields = wrap_db_fetch_array($userBookingResult)) { $savedUserBookingOptions[] = array('id' => $userBookingFields['option_id'], 'desc' => $userBookingFields['description']); } } return $savedUserBookingOptions; }
</script> <textarea name="bookingOptionsDesc" rows="5" cols="60" readonly="true"><?php if (isset($_REQUEST['bookingOptionsDesc'])) { echo stripslashes($_REQUEST['bookingOptionsDesc']); } ?> </textarea><br> <table border="0" cellpadding="0" cellspacing="2"> <?php //load any saved booking option preferences this user may have $savedUserPrefOptions = null; //only non-admins can save their preferences, admins should have to tick them each time if (!$is_admin) { $userPrefResult = wrap_db_query("SELECT option_id FROM " . BOOKING_USER_OPTIONS_TABLE . " WHERE user_id='" . $bookingByUserID . "'"); if ($userPrefResult && wrap_db_num_rows($userPrefResult) > 0) { while ($userPrefFields = wrap_db_fetch_array($userPrefResult)) { $savedUserPrefOptions[] = $userPrefFields['option_id']; } } } $rightCol = false; for ($r = 0; $fields = wrap_db_fetch_array($result); $r++) { //is this a left or right column? if ($r % 2 == 0) { //left column echo '<tr align="left"><td>'; $rightCol = false; } else { //right column echo '<td width="20"> </td><td>';
- Create a new e-mail mailshot: <input type="button" class="ButtonStyle" value="GO" name="newMailButton" onclick="document.location.href='<?php echo FILENAME_ADMIN_EMAIL_MAILSHOT; ?> '" style="margin-left: 20px;"><br> <br> <br> <?php //output all previously sent emails with links to edit / delete $currentUserID = get_user_id($_SESSION['valid_user']); $sql = 'SELECT email_id, subject, DATE_FORMAT( sent, \'%d/%m/%Y %H:%i\' ) AS sent_time FROM ' . EMAILSHOT_SENT_EMAILS . ' WHERE sent_by_user_id=' . $currentUserID . ' ORDER BY sent DESC'; //echo "<hr>$sql" ; $res = wrap_db_query($sql); $numMails = wrap_db_num_rows($res); if ($numMails > 0) { ?> - Edit or delete a previous e-mail mailshot:<br> <br> <table border="0" cellpadding="4" cellspacing="2" style="margin-left: 10px;"> <tr> <th class="BgcolorDull2" width="150">Subject</th> <th class="BgcolorDull2">Sent</th> <th class="BgcolorDull2">Control</th> </tr> <?php $i = 0; while ($row = wrap_db_fetch_array($res)) { $class = 'BgcolorNormal';
</tr> </table> <?php //Load the user info $user_info = get_user(get_user_id($_SESSION['valid_user'])); // Check we have permissions to buy credits if (wrap_session_is_registered("admin_user") || $user_info['booking_credits'] == 'Not used' || $_SESSION['PAYMENT_GATEWAY'] != '1' || !is_numeric($user_info['user_id'])) { echo "<p>You do not have permission to purchase booking credits. Please contact an Administrator.</p>"; include_once "footer.php"; include_once "application_bottom.php"; die; } // Load the products based on the users group membership $result = wrap_db_query("SELECT DISTINCT bpi.id, bpi.product_name, bpi.quantity, bpi.mc_gross, bpi.mc_currency \n\t\t\t\t\t\t\tFROM (" . BOOKING_PRODUCT_ITEM . " bpi LEFT JOIN " . BOOKING_PRODUCT_GROUPS . " bpg ON bpg.product_id = bpi.id ) \n\t\t\t\t\t\t\tWHERE group_id IN (SELECT DISTINCT group_id FROM " . BOOKING_USER_GROUPS_TABLE . " WHERE user_id = " . $user_info['user_id'] . ") ORDER BY bpi.product_name, bpi.quantity"); // If there are no products assigned, load the default if (!(wrap_db_num_rows($result) >= 1) || !$result) { $result = wrap_db_query("SELECT DISTINCT id, product_name, quantity, mc_gross, mc_currency FROM " . BOOKING_PRODUCT_ITEM . " WHERE id = '1' LIMIT 1"); } if ($result) { while ($products = wrap_db_fetch_array($result)) { // LIVE // https://www.sandbox.paypal.com/cgi-bin/webscr ?> <p> <form action="https://www.paypal.com/cgi-bin/webscr" method="post"> <input type="hidden" name="notify_url" value="<?php echo DOMAIN_NAME . substr(DIR_WS_SCRIPTS, 1) . "paypal_ipn_res.php"; ?> "> <input type="hidden" name="cmd" value="_xclick"> <input type="hidden" name="business" value="<?php
} } ?> </select> </td> </form> <td width="99%" valign="top"><?php if ($_POST['user_select'] != '' || $all == true) { //check that we have not just made a successful update if ($all == true) { $query = "SELECT * FROM " . PAYPAL_TRANSACTIONS . " order by payment_date LIMIT 100"; } else { $query = "SELECT * FROM " . PAYPAL_TRANSACTIONS . " WHERE n27_user_id = '" . $_POST['user_select'] . "' order by payment_date LIMIT 30"; } $result = wrap_db_query($query); if ($result && wrap_db_num_rows($result) > 0) { if ($all == true) { echo "Last 100 transactions for all users:<br /><br />"; } else { echo "Last 30 transactions:<br /><br />"; } ?> <table width="98%" border="0" cellpadding="2" cellspacing="0"> <tr> <td width="22%" class="BgcolorDull2">Date</td> <td width="19%" class="BgcolorDull2">Payer Name</td> <td width="27%" class="BgcolorDull2">Payer Email</td> <td width="8%" class="BgcolorDull2" align="center">Quantity</td> <td width="8%" class="BgcolorDull2">Value</td> <td width="8%" class="BgcolorDull2" align="center">Currency</td> <td width="8%" class="BgcolorDull2">Status</td>
//now insert all our new entries... foreach on $_POST['product_ids'] if (is_array($_POST['product_ids']) && sizeof($_POST['product_ids']) > 0) { foreach ($_POST['product_ids'] as $product_id) { $sql = 'INSERT INTO ' . BOOKING_PRODUCT_GROUPS . ' ( product_id , group_id , created ) VALUES ( "' . mysql_real_escape_string($product_id) . '" , "' . mysql_real_escape_string($_POST['group_id']) . '" , NOW() ) '; $res = wrap_db_query($sql); } } //note changes were made okay $page_info_message = 'Changes to product/group assignment saved successfully'; } } //get users in any specified group id if (isset($_REQUEST['group_id']) && trim($_REQUEST['group_id']) > 0) { $sql = 'SELECT * FROM ' . BOOKING_PRODUCT_GROUPS . ' WHERE group_id=' . $_REQUEST['group_id']; $res = wrap_db_query($sql); if ($res && wrap_db_num_rows($res) > 0) { while ($row = wrap_db_fetch_array($res)) { $thisGroupsProducts[] = $row['product_id']; } } } //get all our current groups $sql = 'SELECT group_id, group_name FROM ' . BOOKING_GROUPS_TABLE . ' ORDER BY group_name ASC'; $res = wrap_db_query($sql); if ($res) { while ($row = wrap_db_fetch_array($res)) { $groups[] = $row; } } //get all available products $sql = 'SELECT id , product_name, mc_currency, mc_gross FROM ' . BOOKING_PRODUCT_ITEM . ' WHERE id > 1 ORDER BY product_name ASC';
function update_user_information($username, $firstname, $lastname, $email) { // check if username is unique $result = wrap_db_query("SELECT user_id FROM " . BOOKING_USER_TABLE . " WHERE username='******'"); if (!$result) { return false; // no result } else { if (wrap_db_num_rows($result) == 1) { // one result row $fields = wrap_db_fetch_array($result); $user_id = $fields['user_id']; } else { return false; } } if (empty($user_id)) { return false; } // if ok, put in db and return result $result = wrap_db_query("UPDATE " . BOOKING_USER_TABLE . " SET \r\n\t\t\t\t\t\tfirstname = '" . wrap_db_escape_string($firstname) . "',\r\n\t\t\t\t\t\tlastname = '" . wrap_db_escape_string($lastname) . "',\r\n\t\t\t\t\t\temail = '" . wrap_db_escape_string($email) . "' \r\n\t\t\t\t\t\tWHERE username = '******' " . " AND user_id = '" . wrap_db_escape_string($user_id) . "'"); if (!$result) { return false; } else { return true; } }
<?php } else { echo stripslashes($event['description']); } ?> </td></tr> <?php //does this site use booking options? $result = wrap_db_query("SELECT option_id, description FROM " . BOOKING_OPTIONS_TABLE . " ORDER BY description ASC"); if ($result && wrap_db_num_rows($result) > 0) { //get the id's and descriptions for options chosen by the user $savedUserBookingOptionIDs = null; $savedUserBookingOptionDescriptions = null; $userBookingResult = wrap_db_query("SELECT e.option_id, o.description FROM " . BOOKING_EVENT_OPTIONS_TABLE . " AS e, " . BOOKING_OPTIONS_TABLE . " AS o WHERE e.event_id='" . $_REQUEST['event_id'] . "' AND e.option_id=o.option_id"); if ($userBookingResult && wrap_db_num_rows($userBookingResult) > 0) { while ($userBookingFields = wrap_db_fetch_array($userBookingResult)) { $savedUserBookingOptionsIDs[] = $userBookingFields['option_id']; $savedUserBookingOptionDescriptions[] = $userBookingFields['description']; } } $numBookingOptions = count($savedUserBookingOptionDescriptions); ?> <tr><td colspan="2" align="left" valign="top"><strong>Booking Options:</strong></td></tr> <tr><td colspan="2" align="left"> <?php if ($_REQUEST['action'] == 'modify') { //show tickable checkboxes ?> <table border="0" cellpadding="0" cellspacing="2">
$numAttachments = wrap_db_num_rows($res); if ($numAttachments > 0) { $row = wrap_db_fetch_array($res); //delete the item from the db $sql = 'DELETE FROM ' . EMAILSHOT_ATTACHMENTS_TEMP . ' WHERE attachment_id=' . $_GET['del_attach_id'] . ' LIMIT 1'; $res = wrap_db_query($sql); //check if this attachment is still linked into any stored mailshots in the sent items table, if so we must not delete it $sql2 = 'SELECT attachment_id FROM ' . EMAILSHOT_ATTACHMENTS . ' WHERE filename="' . $row['filename'] . '" LIMIT 0,1'; $res2 = wrap_db_query($sql2); if (wrap_db_num_rows($res2) < 1) { //delete each file from the file system unlink(DIR_FS_ATTACHMENTS . $row['filename']); } } } //echo time() . '<br>'; //output all unattached temp files belonging to the current user with a link to remove them from this e-mail in case they are no longer wanted $currentUserID = get_user_id($_SESSION['valid_user']); $sql = 'SELECT attachment_id, user_id, filename FROM ' . EMAILSHOT_ATTACHMENTS_TEMP . ' WHERE user_id=' . $currentUserID . ' ORDER BY attachment_id ASC'; //echo "<hr>$sql" ; $res = wrap_db_query($sql); $numAttachments = wrap_db_num_rows($res); if ($numAttachments > 0) { while ($row = wrap_db_fetch_array($res)) { echo htmlentities($row['filename']) . ' [<a href="view_mailshot_attachments.php?del_attach_id=' . $row['attachment_id'] . '">remove</a>]<br />'; } } else { echo '(none)'; } include_once "footer.php"; include_once "application_bottom.php";
function get_credit_types() { $result = wrap_db_query("SELECT * FROM " . BOOKING_CREDIT_TYPES); $returnArray = null; if (!$result) { return false; // general connection or query error } else { if (wrap_db_num_rows($result) == 0) { return false; // no results - odd! } else { while ($fields = wrap_db_fetch_array($result)) { $returnArray[] = array('credit_type_id' => $fields['credit_type_id'], 'credit_type_name' => $fields['credit_type_name'], 'credit_type_booking_days' => $fields['credit_type_booking_days']); } } } return $returnArray; }
?> <br> <br> <br> <?php } ?> <b>Current Bookings:</b><br> <br> <?php // Check how many upcoming bookings the user already has reserved in the system $showedABooking = false; $user_events_result = get_user_events($user_info['username'], true, 50); //get a max of 50 results $num_events_results = wrap_db_num_rows($user_events_result); if ($num_events_results >= 50) { echo "NOTE: You currently have more than 50 advance bookings. Only the next 50 are shown below.<br><br>"; } ?> <table cellpadding="2" cellspacing="0" border="0" style="margin-left: 20px;"> <?php while ($user_events_row = wrap_db_fetch_array($user_events_result)) { // echo '<pre>' ; // print_r( $user_events_row ) ; // echo '</pre>' ; $display_dates_and_time_ranges = get_event_dates_and_time_ranges($user_events_row['event_id'], $user_events_row['location']); if (count($display_dates_and_time_ranges) > 0) { reset($display_dates_and_time_ranges); foreach ($display_dates_and_time_ranges as $display_date_and_time) { list($date, $time_range) = explode(" ", $display_date_and_time);
function add_event($username, $scheduled_date_time_data, $subject, $location, $starting_date_time, $ending_date_time, $recur_interval, $recur_freq, $recur_until_date, $description) { // Add new event to the database // Use global $location_db_name global $location_db_name; // Check for repeat event; 'double click' // This might be removed in the future due to a future JavaScript function. $result = wrap_db_query("SELECT event_id FROM " . BOOKING_USER_TABLE . ", " . BOOKING_EVENT_TABLE . " \r\n\t\t\t\t\t\tWHERE " . BOOKING_USER_TABLE . ".username='******' AND\r\n\t\t\t\t\t\t" . BOOKING_USER_TABLE . ".user_id = " . BOOKING_EVENT_TABLE . ".user_id AND \r\n\t\t\t\t\t\t" . BOOKING_EVENT_TABLE . ".subject = '" . wrap_db_escape_string($subject) . "' AND \r\n\t\t\t\t\t\t" . BOOKING_EVENT_TABLE . ".location = '" . wrap_db_escape_string($location) . "' AND \r\n\t\t\t\t\t\t" . BOOKING_EVENT_TABLE . ".starting_date_time = '" . wrap_db_escape_string($starting_date_time) . "' AND \r\n\t\t\t\t\t\t" . BOOKING_EVENT_TABLE . ".ending_date_time = '" . wrap_db_escape_string($ending_date_time) . "' AND \r\n\t\t\t\t\t\t" . BOOKING_EVENT_TABLE . ".recur_interval = '" . wrap_db_escape_string($recur_interval) . "' AND \r\n\t\t\t\t\t\t" . BOOKING_EVENT_TABLE . ".recur_freq = " . wrap_db_escape_string($recur_freq) . " AND \r\n\t\t\t\t\t\t" . BOOKING_EVENT_TABLE . ".recur_until_date = '" . wrap_db_escape_string($recur_until_date) . "' AND \r\n\t\t\t\t\t\t" . BOOKING_EVENT_TABLE . ".description = '" . wrap_db_escape_string($description) . "'"); //echo "Duplicate Rows: " . wrap_db_num_rows($result) . "<br />"; if ($result && wrap_db_num_rows($result) > 0) { return false; } // get user_id based on current $username $user_id = get_user_id($username); if (empty($user_id)) { return false; } // insert the new event $result = wrap_db_query("INSERT INTO " . BOOKING_EVENT_TABLE . " SET \r\n\t\t\t\t\t\tuser_id = " . wrap_db_escape_string($user_id) . ", \r\n\t\t\t\t\t\tsubject = '" . wrap_db_escape_string($subject) . "', \r\n\t\t\t\t\t\tlocation = '" . wrap_db_escape_string($location) . "', \r\n\t\t\t\t\t\tstarting_date_time = '" . wrap_db_escape_string($starting_date_time) . "', \r\n\t\t\t\t\t\tending_date_time = '" . wrap_db_escape_string($ending_date_time) . "', \r\n\t\t\t\t\t\trecur_interval = '" . wrap_db_escape_string($recur_interval) . "', \r\n\t\t\t\t\t\trecur_freq = " . wrap_db_escape_string($recur_freq) . ", \r\n\t\t\t\t\t\trecur_until_date = '" . wrap_db_escape_string($recur_until_date) . "', \r\n\t\t\t\t\t\tdescription = '" . wrap_db_escape_string($description) . "', \r\n\t\t\t\t\t\tdate_time_added = NOW(), \r\n\t\t\t\t\t\tlast_mod_by_id = '', \r\n\t\t\t\t\t\tlast_mod_date_time = '0000-00-00 00:00:00'"); if (!$result) { return false; } // Get the event_id (auto) for the event just added to the event table. $event_id = wrap_db_insert_id(); // Insert the event_id into the schedule table at the appropriate date-time slots. $add_date_time_error = false; foreach ($scheduled_date_time_data as $date_time) { $result = wrap_db_query("UPDATE " . DATE_TIME_SCHEDULE_TABLE . " \r\n\t\t\t\t\t\tSET " . $location_db_name[$location] . " = " . wrap_db_escape_string($event_id) . " \r\n\t\t\t\t\t\tWHERE schedule_date_time = '" . wrap_db_escape_string($date_time) . "' AND \r\n\t\t\t\t\t\t" . $location_db_name[$location] . " = 0"); //echo "location: $location, event_id: $event_id <br />"; if (!$result) { $add_date_time_error = true; } } if ($add_date_time_error == true) { // Delete Event Info Function needs to be added here! echo "ERROR! A date and time slot could not be filled properly!<br />"; return false; } return $event_id; }