} $sql .= ")"; if ($sFirstName != '' || $sSurname != '') { $result = ba_db_query($link, $sql); } echo "<h3>Search Results</h3>\n"; if ($sFirstName == '' && $sSurname == '') { echo "<i>No search term entered</i>"; } elseif (ba_db_num_rows($result) == 0) { echo "<i>No non-admin users found</i>"; } else { echo "<table class = 'sortable'>\n"; echo "<tr><th>PlayerID</th><th>First Name</th><th>Surname</th><th colspan = '2'> </th></tr>\n"; while ($row = ba_db_fetch_assoc($result)) { echo "<tr class = 'highlight'>\n"; if ($row['plPassword'] == 'ACCOUNT DISABLED') { echo "<td>" . PID_PREFIX . sprintf('%03s', $row['plPlayerID']) . " (account disabled)</td>\n"; } else { echo "<td>" . PID_PREFIX . sprintf('%03s', $row['plPlayerID']) . "</td>\n"; } echo "<td>" . htmlentities(stripslashes($row['plFirstName'])) . "</td>\n"; echo "<td>" . htmlentities(stripslashes($row['plSurname'])) . "</td>\n"; $sEmail = htmlentities(stripslashes($row['plEmail'])); echo "<td><a href = 'mailto:" . Obfuscate($sEmail) . "'>E-mail</a></td>\n"; echo "<td><a href = 'root_admins.php?action=add&id={$row['plPlayerID']}'>Add</td>\n"; echo "</tr>\n"; } echo "</table>\n"; } } include '../inc/inc_foot.php';
echo "<p class = 'warn'>" . htmlentities($_GET['warn']) . $sMessage . "</p>\n"; } ?> <form action = 'index.php' method = 'post'> <table class = 'blockmid'> <tr> <td>E-mail address:</td> <td><input name = 'txtEmail' class = 'text'></td> </tr><tr> <td>Password:</td> <td><input name = 'txtPassword' type = 'password' class = 'text'></td> </tr><tr> <td colspan = '2' class = 'mid'><input type = 'submit' name = 'btnSubmit' value = 'Login'> <input type = 'reset' value = "Reset form"></td> </tr> </table> </form> <ul> <li>Not registered? <a href = "register.php">Register</a></li> <li>Forgotten your password? <a href = "retrieve.php">Get a new password</a></li> <li>Please ensure that you have read and understood the <a href = "terms.php">terms & conditions</a></li> <?php echo "<li>Problem? See the <a href = 'faq.php'>FAQ</a> or <a href = 'mailto:" . Obfuscate(EVENT_CONTACT_MAIL) . "'>E-mail " . EVENT_CONTACT_NAME . "</a> with event queries, <a href = 'mailto:" . Obfuscate(TECH_CONTACT_MAIL) . "'>E-mail " . TECH_CONTACT_NAME . "</a> with web site problems.</li>\n"; ?> <li><a href='iCalendar.php'>iCalendar feed of events</a></li> </ul> <?php include 'inc/inc_foot.php';
//Do not need login check for this page $bLoginCheck = False; include 'inc/inc_head_db.php'; include 'inc/inc_head_html.php'; ?> <h1><?php echo TITLE; ?> - FAQ</h1> <?php $db_prefix = DB_PREFIX; $sql = "SELECT faqOrder, faqQuestion, faqAnswer FROM {$db_prefix}faq ORDER BY faqOrder"; $result = ba_db_query($link, $sql); while ($row = ba_db_fetch_assoc($result)) { $faqQuestion = htmlentities($row['faqQuestion']); $faqAnswer = htmlentities($row['faqAnswer']); $faqQuestion = str_replace("EVENT_MAIL", "<a href = 'mailto:" . Obfuscate(EVENT_CONTACT_MAIL) . "'>" . EVENT_CONTACT_NAME . "</a>", $faqQuestion); $faqQuestion = str_replace("TECH_MAIL", "<a href = 'mailto:" . Obfuscate(TECH_CONTACT_MAIL) . "'>" . TECH_CONTACT_NAME . "</a>", $faqQuestion); $faqQuestion = str_replace("PLAYER_ID", player_ID(), $faqQuestion); $faqAnswer = str_replace("EVENT_MAIL", "<a href = 'mailto:" . Obfuscate(EVENT_CONTACT_MAIL) . "'>" . EVENT_CONTACT_NAME . "</a>", $faqAnswer); $faqAnswer = str_replace("TECH_MAIL", "<a href = 'mailto:" . Obfuscate(TECH_CONTACT_MAIL) . "'>" . TECH_CONTACT_NAME . "</a>", $faqAnswer); $faqAnswer = str_replace("PLAYER_ID", player_ID(), $faqAnswer); echo "<p class = 'question'>" . stripslashes($faqQuestion) . "</p>\n"; echo "<p>" . stripslashes($faqAnswer) . "</p>\n"; } ?> <?php include 'inc/inc_foot.php';
$osresult = ba_db_query($link, "SELECT ospName FROM {$db_prefix}ospstaken, {$db_prefix}osps WHERE otPlayerID = " . $record['plPlayerID'] . " AND ospID = otOspID ORDER BY ospName"); $oslist = ""; while ($osrow = ba_db_fetch_assoc($osresult)) { $oslist .= htmlentities(stripslashes($osrow['ospName'])) . ", "; } if (strlen($oslist) > 0) { $oslist = substr_replace($oslist, "", -2); } $output .= $indentItem . "Occupational Skills: " . $oslist; $output .= $indentItem . "Notes: " . $record['chNotes']; $output .= $endIndent . $endIndent . $endPara; $output .= $endIndent . $endPara; $output .= $startPara; $output .= "If any of the above information is incorrect, please let "; if ($buttonpressed == 1) { $output .= EVENT_CONTACT_NAME . " (<a href = 'mailto:" . Obfuscate(EVENT_CONTACT_MAIL) . "'>" . EVENT_CONTACT_MAIL . "</a>) know as soon as possible."; } else { $output .= EVENT_CONTACT_NAME . " (" . EVENT_CONTACT_MAIL . ") know as soon as possible."; } $output .= $endPara; $output .= $startPara; $output .= "We look forward to seeing you at the event."; $output .= $endPara; if ($buttonpressed == 1) { $output .= "<hr />"; echo $output; } else { if ($buttonpressed == 2) { echo "Sending confirmation e-mail to " . $record['plFirstName'] . " " . $record['plSurname'] . " (" . PID_PREFIX . sprintf('%03s', $record['plPlayerID']) . ")<br />\n"; ini_set("sendmail_from", EVENT_CONTACT_MAIL); $mail = mail($record['plEmail'], SYSTEM_NAME . ' - Final Confirmation for ' . $eventinfo['evEventName'], $output, "From:" . SYSTEM_NAME . " <" . EVENT_CONTACT_MAIL . ">", '-f' . EVENT_CONTACT_MAIL);
$sql = "UPDATE " . DB_PREFIX . "players SET plPassword = '******', plLoginCounter = 0 " . "WHERE plEmail LIKE '" . ba_db_real_escape_string($link, $sEmail) . "'"; $result = ba_db_query($link, $sql); if (ba_db_affected_rows($link) == 0) { //No changes made. $sMsg = 'E-mail not found. Password not reset. Please check and try again'; } else { //Send e-mail $sTo = $sEmail; $sSubject = SYSTEM_NAME . " - password reset"; $sBody = "Hi,\nYour password at " . SYSTEM_NAME . " has been reset. " . "Your new password is:\n{$sNewPass}\nYou can log in using this new password.\n\n" . fnSystemURL(); ini_set("sendmail_from", EVENT_CONTACT_MAIL); $mail = mail($sTo, $sSubject, $sBody, "From:" . SYSTEM_NAME . " <" . EVENT_CONTACT_MAIL . ">", '-f' . EVENT_CONTACT_MAIL); if ($mail) { $sMsg = "A new password has been sent to {$sEmail}. Please check your e-mail for your new password.<br />\n" . "If you do not get the e-mail, check your Junk/Spam folder - it may have been marked as spam " . "(this appears to be particularly common with web-based e-mail services)"; } else { $sMsg = "There was an error sending your reset email. Please contact <a href = 'mailto:" . Obfuscate(TECH_CONTACT_MAIL) . "'>" . TECH_CONTACT_NAME . "</a> to reset your password manually"; } } if (ba_db_affected_rows($link) > 1) { //More than one record updated - log warning LogWarning("retrieve.php - Multiple records updated from SQL query\n{$sql}"); } } ?> <h1><?php echo TITLE; ?> - Lost Password</h1>
$sURL = fnSystemURL() . 'eventbooking.php?EventID=' . $bookinginfo['evEventID']; header("Location: {$sURL}"); } } } echo "<h2>Delete booking for event - " . htmlentities(stripslashes($bookinginfo['evEventName'])) . "</h2>"; ?> <p>Please confirm that you wish to delete your current booking for this event.</p> <?php if ($bookinginfo['bkInQueue'] == 1) { echo "<p>You will lose your place in the queue, and may miss out on a place at the event if you continue.</p>"; } if ($bookinginfo['bkAmountPaid'] > 0) { echo "<p>You will need to request a refund of any payment made, please contact <a href = 'mailto:" . Obfuscate(EVENT_CONTACT_MAIL) . "'>" . EVENT_CONTACT_NAME . "</a>.</p>"; } ?> <form method='POST' action='bookingconfirmdelete.php'> <table> <input type="hidden" value="<?php echo $bookingid; ?> " name='BookingID'/> <tr><td><input type="submit" name='rebook' value='Cancel this booking and rebook as a different type'/></td></tr> <tr><td><input type="submit" name='delete' value='Cancel this booking without rebooking'/></td></tr> <tr><td><input type="submit" name='cancel' value='Leave this booking'/></td></tr> </table> </form>
$result = ba_db_query($link, $sql); $iIC = ba_db_num_rows($result); //Check for OOC data needs to check for some actual data, as a record will always exist $sql = "SELECT plFirstName FROM {$db_prefix}players WHERE plPlayerID = {$PLAYER_ID}"; $result = ba_db_query($link, $sql); $row = ba_db_fetch_assoc($result); if ($row['plFirstName'] != '') { $bOOC = True; } else { $bOOC = False; } echo "<hr>\n<p>"; echo "Logged in with Player ID " . PID_PREFIX . sprintf('%03s', $PLAYER_ID) . "<br>\n"; echo "<ul>\n"; echo "<li><a href = '{$CSS_PREFIX}terms.php'>Terms & conditions</a></li>\n"; echo "<li>Problem? See the <a href = '{$CSS_PREFIX}faq.php'>FAQ</a>. Or e-mail <a href = 'mailto:" . Obfuscate(EVENT_CONTACT_MAIL) . "'>" . EVENT_CONTACT_NAME . "</a> with event queries, or <a href = 'mailto:" . Obfuscate(TECH_CONTACT_MAIL) . "'>" . TECH_CONTACT_NAME . "</a> with web site problems.</li>\n"; echo "</ul>\n"; } /* * Use include_once to include the version file so that we have access to the * BitsandVersion object. This is until we implement v9 with an MVC framework * with autoloader. */ if (file_exists(dirname(__FILE__) . DIRECTORY_SEPARATOR . 'version.php')) { include_once dirname(__FILE__) . DIRECTORY_SEPARATOR . 'version.php'; $version = ' v' . BitsandVersion::get(); } else { $version = ''; } ?>