function getEventDetails($eventid, $requirebookingsopen, $failureURL) { global $today, $db_prefix, $link; if ($failureURL == '') { $failureURL = 'start.php'; } $eventid = htmlentities(stripslashes($eventid)); $eventid = (int) $eventid; $sql = "Select * FROM {$db_prefix}events where "; if ($requirebookingsopen) { $sql .= "evBookingsOpen <= '" . $today . "' and evBookingsClose >= '" . $today . "' and "; } $sql .= " evEventID = " . $eventid; $result = ba_db_query($link, $sql); if (ba_db_num_rows($result) == 0) { $sMsg = "The selected event is not currently open for bookings"; $sURL = fnSystemURL() . $failureURL . '?warn=' . urlencode($sMsg); header("Location: {$sURL}"); } return ba_db_fetch_assoc($result); }
function CheckReferrer($Referrer_Check, $Referrer_Check_2 = "") { global $PLAYER_ID; $bForceLogin = True; //Get referrer, minus the query string $sReferrer = parse_url($_SERVER['HTTP_REFERER'], PHP_URL_SCHEME) . '://' . parse_url($_SERVER['HTTP_REFERER'], PHP_URL_HOST) . parse_url($_SERVER['HTTP_REFERER'], PHP_URL_PATH); if ($sReferrer == fnSystemURL() . $Referrer_Check) { $bForceLogin = False; } if ($sReferrer == fnSystemURL() . $Referrer_Check_2) { $bForceLogin = False; } //Special case - start page, with trailing slash but no 'index.php' if (fnSystemURL() == $sReferrer && $Referrer_Check == 'index.php') { $bForceLogin = False; } //Special case - start page, with no trailing slash if (substr(fnSystemURL(), 0, strlen(fnSystemURL()) - 1) == $Referrer && $Referrer_Check == 'index.php') { $bForceLogin = False; } if ($bForceLogin) { //Delete any existing session and force new login $sql = "DELETE FROM " . DB_PREFIX . "sessions WHERE ssPlayerID = {$PLAYER_ID}"; ba_db_query($link, $sql); LogWarning("Form submitted from {$sReferrer} (expected " . fnSystemURL() . "{$Referrer_Check})\nPlayer ID: {$PLAYER_ID}"); ForceLogin(); } else { return True; } }
| Bitsand. If not, see <http://www.gnu.org/licenses/>. +---------------------------------------------------------------------------*/ include 'inc/inc_head_db.php'; include 'inc/inc_head_html.php'; include 'inc/inc_paypalbutton.php'; $bookingid = (int) htmlentities(stripslashes($_GET['BookingID'])); $sql = "Select * FROM {$db_prefix}bookings inner join {$db_prefix}events on evEventID = bkEventID where bkPlayerID = {$PLAYER_ID} and bkID = " . $bookingid; $otherpaymentsql = "select * from {$db_prefix}paymentrequests inner join {$db_prefix}players on plEmail = prEmail inner join {$db_prefix}bookings on bkID = prBookingID inner join {$db_prefix}events on evEventID = bkEventID where bkID = {$bookingid} and plPlayerID = {$PLAYER_ID}"; $paymentrequest = 0; $result = ba_db_query($link, $sql); if (ba_db_num_rows($result) == 0) { $result = ba_db_query($link, $otherpaymentsql); $paymentrequest = 1; if (ba_db_num_rows($result) == 0) { $sMsg = "You cannot view this booking"; $sURL = fnSystemURL() . 'start.php?warn=' . urlencode($sMsg); header("Location: {$sURL}"); } } $bookinginfo = ba_db_fetch_assoc($result); ?> <script type='text/javascript'> function updatePaypalButton() { $('#txtAnotherAmount').attr('value',Number($('#txtAnotherAmount').attr('value')).toFixed(2)); if ($('#txtAnotherAmount').attr('value') == "NaN") { $('#txtAnotherAmount').attr('value', "0.00");} $('#anotheramount').attr('value', $('#txtAnotherAmount').attr('value')); }
} if (substr($key, 0, 7) == "txtitem") { $itemid = (int) str_replace("txtitem", "", $key); if ($itemid > 0) { $value = (int) $value; $newitemsql = "insert into {$db_prefix}bookingitems (biBookingID, biItemID, biQuantity) VALUES ({$bookingid}, {$itemid}, {$value})"; ba_db_query($link, $newitemsql); } } } if ($overrideexpected == 0) { resetExpectedAmount($bookingid); } } if ($newbooking == 1) { $sURL = fnSystemURL() . 'admin_booking.php?BookingID=' . $bookingid; header("Location: {$sURL}"); } $sql = "select * from {$db_prefix}bookingitems inner join {$db_prefix}items where biItemID = itItemID and biBookingID = {$bookingid}"; $result = ba_db_query($link, $sql); $itemselected = array(); $usedidlist = ""; //Building a list of items for this booking, we'll update bunk and meal status here as well $bunkandmealstatussql = "update {$db_prefix}bookings set bkBunkRequested = 0, bkBunkAllocated = 0, bkMealTicket = 0"; while ($row = ba_db_fetch_assoc($result)) { array_push($itemselected, $row); $usedidlist .= $row['itItemID'] . ","; if ($row['itBunk'] == 1) { $bunkandmealstatussql .= ", bkBunkRequested = 1, bkBunkAllocated = 1"; } if ($row['itMeal'] == 1) {
ba_db_query($link, $sql); //Remove payment requests $sql = "DELETE FROM " . DB_PREFIX . "paymentrequests where prBookingID in ({$usedidlist})"; ba_db_query($link, $sql); //Remove bookings $sql = "DELETE FROM " . DB_PREFIX . "bookings where bkEventID = {$eventid}"; ba_db_query($link, $sql); //Remove items $sql = "DELETE FROM " . DB_PREFIX . "items where itEventID = {$eventid}"; ba_db_query($link, $sql); //Remove event $sql = "DELETE FROM " . DB_PREFIX . "events where evEventID = {$eventid}"; ba_db_query($link, $sql); //Remove all records from bookings table $sMsg = "Event " . htmlentities(stripslashes($eventinfo['evEventName'])) . " has been deleted"; $sURL = fnSystemURL() . 'admin.php?warn=' . urlencode($sMsg); header("Location: {$sURL}"); } else { $sWarn = "CONFIRM was not entered correctly in the text box. It must be all upper case."; } } include '../inc/inc_head_html.php'; ?> <script type="text/javascript"> <!-- function fnConfirm () { return confirm ("Are you sure you want to delete this event, including all bookings?") } // --> </script>
<?php /*----------------------------------------------------------------------------- | Bitsand - an online booking system for Live Role Play events | | File inc/index.php | Summary: The sole purpose of this file is to prevent people viewing the | contents of this directory. It simply redirects the browser to | the start page | Author: Russell Phillips | Copyright: (C) 2006 - 2015 The Bitsand Project | (http://github.com/PeteAUK/bitsand) | | Bitsand is free software; you can redistribute it and/or modify it under the | terms of the GNU General Public License as published by the Free Software | Foundation, either version 3 of the License, or (at your option) any later | version. | | Bitsand is distributed in the hope that it will be useful, but WITHOUT ANY | WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS | FOR A PARTICULAR PURPOSE. See the GNU General Public License for more | details. | | You should have received a copy of the GNU General Public License along with | Bitsand. If not, see <http://www.gnu.org/licenses/>. +---------------------------------------------------------------------------*/ require 'inc_config.php'; include 'inc_head_db.php'; header("Location: " . fnSystemURL());
} $sql = "DELETE FROM {$db_prefix}guildmembers WHERE gmPlayerID = {$PLAYER_ID}"; if (!ba_db_query($link, $sql)) { $sWarn = "There was a problem clearing character details"; LogError("Error clearing character details (guildmembers) (admin).\nPlayer ID: {$PLAYER_ID}"); } $sql = "DELETE FROM {$db_prefix}skillstaken WHERE stPlayerID = {$PLAYER_ID}"; if (!ba_db_query($link, $sql)) { $sWarn = "There was a problem clearing character details"; LogError("Error clearing character details (skillstaken) (admin).\nPlayer ID: {$PLAYER_ID}"); } $sURL = fnSystemURL() . 'ic_form.php'; header("Location: {$sURL}"); } if (strtolower($_POST['btnSubmit']) == 'no' && CheckReferrer('ic_confirmclear.php')) { $sURL = fnSystemURL() . 'ic_form.php'; header("Location: {$sURL}"); } include 'inc/inc_head_html.php'; include 'inc/inc_forms.php'; ?> <h1><?php echo TITLE; ?> - Clear IC Details</h1> <p> <strong>Are you sure you want to clear your character information?</strong> </p> <p> Once it's confirmed it cannot be undone, you will need to re-enter your information. </p>
$sNotes = ba_db_real_escape_string($link, $sCharacterCSV[6]); $sSpecial = ba_db_real_escape_string($link, $sCharacterCSV[7]); //Build up character SQL $sql = "INSERT INTO {$db_prefix}characters (" . "chPlayerID, " . "chName, " . "chPreferredName, " . "chRace, " . "chGender, " . "chFaction, " . "chNPC, " . "chNotes, " . "chOSP) " . "VALUES (" . "{$iPlayerID}, " . "'{$sName}', " . "'{$sPreferredname}', " . "'{$sRace}', " . "'{$sGender}', " . "'{$sFaction}', " . "'{$sNpc}', " . "'{$sNotes}', " . "'{$sSpecial}')"; // Insert character details ba_db_query($link, $sql); // Guilds $sGuildCSV = explode(",", trim($csv[2])); foreach ($sGuildCSV as $guild) { $sql = "INSERT INTO {$db_prefix}guildmembers (gmPlayerID, gmName) " . "VALUES ({$iPlayerID}, '{$guild}')"; ba_db_query($link, $sql); } // Skills $sSkillsCSV = explode(",", trim($csv[3])); foreach ($sSkillsCSV as $skill) { $sql = "INSERT INTO {$db_prefix}skillstaken (stPlayerID, stSkillID) " . "VALUES ({$iPlayerID}, {$skill})"; ba_db_query($link, $sql); } // OSPs $sOspCSV = explode(",", trim($csv[4])); foreach ($sOspCSV as $osp) { $sql = "INSERT INTO {$db_prefix}ospstaken (otPlayerID, otOspID) " . "VALUES ({$iPlayerID}, {$osp})"; ba_db_query($link, $sql); } } //Close link to database ba_db_close($link); //Redirect to index page $sURL = fnSystemURL() . "index.php"; $sURL .= "?green=" . urlencode("Details imported. Please log in and check your details to ensure that they are correct"); header("Location: {$sURL}");
$eventid = (int) htmlentities(stripslashes($_GET['EventID'])); if ($eventid > 0) { $eventinfo = getEventDetails($eventid, 0, 'admin.php'); } $bid = (int) $_GET['bid']; $db_prefix = DB_PREFIX; //remove player from queue if ($bid > 0 && CheckReferrer('admin_booking_queue.php')) { $sql = "UPDATE {$db_prefix}bookings SET bkInQueue = 0 WHERE bkID = " . $bid; ba_db_query($link, $sql); //Send e-mail to tell them. $result = ba_db_query($link, "SELECT plFirstName, plSurname, plEmail, plEmailRemovedFromQueue FROM {$db_prefix}players WHERE plPlayerID = {$bid}"); $row = ba_db_fetch_assoc($result); $email = $row['plEmail']; //Set up e-mail body $sBody = "You have been removed from the booking queue at " . SYSTEM_NAME . ". " . "You can now finalise and pay for your booking.\n\n" . "Player ID: " . PID_PREFIX . sprintf('%03s', $bid) . "\n" . "OOC Name: " . $row['plFirstName'] . " " . $row['plSurname'] . "\n\n" . str_replace("admin/", "", fnSystemURL()); //Send e-mail if ($row['plEmailRemovedFromQueue']) { mail($email, SYSTEM_NAME . ' - Ready to Finalise', $sBody, "From:" . SYSTEM_NAME . " <" . EVENT_CONTACT_MAIL . ">"); } } //Get list of queued players $sql = "SELECT bkID, plPlayerID, " . "plFirstName, " . "plSurname, " . "chName, " . "chFaction, " . "case when bkdateoocconfirmed > bkdateicconfirmed then bkdateoocconfirmed else bkdateicconfirmed end as bkDateConfirmed " . "FROM {$db_prefix}players, {$db_prefix}characters, {$db_prefix}bookings " . "WHERE plPlayerID = chPlayerID AND chPlayerID = bkPlayerID AND bkInQueue = 1" . " AND bkEventID = {$eventid}" . " ORDER BY bkDateConfirmed ASC"; $result = ba_db_query($link, $sql); ?> <script src="../inc/sorttable.js" type="text/javascript"></script> <h1><?php echo TITLE; ?> - Players In Booking Queue</h1>
$result = ba_db_query ($link, $sql); $row = ba_db_fetch_assoc ($result); if ($row['plBookAs'] == 'Player' && $row['chFaction'] != DEFAULT_FACTION) { $queuebooking = 1;} } $sql = "UPDATE {$db_prefix}bookings SET bkInQueue = $queuebooking WHERE bkPlayerID = $pid"; if (! ba_db_query ($link, $sql)) { LogError ("Error updating queue type of booking.\nPlayer ID: $PLAYER_ID"); } */ //Send e-mail $sBody = "Your OOC details have been confirmed at " . SYSTEM_NAME . ". " . "Both IC and OOC details must be confirmed before you can finalise your booking.\n\n" . "Player ID: " . PID_PREFIX . sprintf('%03s', $PLAYER_ID) . "\n" . "OOC Name: " . $row['plFirstName'] . " " . $row['plSurname'] . "\n\n" . fnSystemURL() . "\n"; if ($bEmailOOCChange) { mail($row['plEmail'], SYSTEM_NAME . ' - OOC details', $sBody, "From:" . SYSTEM_NAME . " <" . EVENT_CONTACT_MAIL . ">"); } //Make up URL & redirect $sURL = fnSystemURL() . 'start.php?green=' . urlencode('Your OOC details have been confirmed'); header("Location: {$sURL}"); } include 'inc/inc_head_html.php'; include 'inc/inc_forms.php'; ?> <h1><?php echo TITLE; ?> - OOC Details</h1> <p> <?php if ($bConfirmed) { echo "Your OOC information has been confirmed. You will not be able to change it until after the upcoming event.";
$sql = "SELECT COUNT(*) AS cMail FROM {$db_prefix}players WHERE plEmail = '{$sNewMail}'"; $result = ba_db_query($link, $sql); $row = ba_db_fetch_assoc($result); if ($row['cMail'] != '0') { $sWarn = "The e-mail address {$sNewMail} is already registered"; } else { //Get user's current e-mail address $result = ba_db_query($link, "SELECT plFirstName, plSurname, plEmail FROM {$db_prefix}players WHERE plPlayerID = {$PLAYER_ID}"); $row = ba_db_fetch_assoc($result); //Run update query & set message $sCode = RandomString(10, 20); $sql = "UPDATE {$db_prefix}players SET plNewMail = '{$sNewMail}', plNewMailCode = '" . ba_db_real_escape_string($link, $sCode) . "' " . "WHERE plPlayerID = {$PLAYER_ID}"; $result = ba_db_query($link, $sql); $sGreen = "A confirmation code has been sent to both your existing, and your new, e-mail addresses.<br>" . "Follow the instructions in the e-mail to confirm the change of e-mail address"; //E-mail user with confirmation code and instructions $sBody = "A request has been received for your e-mail address to be changed at " . SYSTEM_NAME . ". " . "In order to make this change, you must log on to " . SYSTEM_NAME . " at " . fnSystemURL() . " using your existing e-mail address and password, then go to the 'Change password' page " . "and enter the code below:\n\nCode: {$sCode}\n\n" . "Note that the code must be entered *exactly* as above - it is probably easiest to copy and paste it.\n\n" . "If you have any problems, or questions, e-mail " . TECH_CONTACT_NAME . " at " . TECH_CONTACT_MAIL . "\n\n" . "Player ID: " . PID_PREFIX . sprintf('%03s', $PLAYER_ID) . "\n" . "OOC Name: " . $row['plFirstName'] . " " . $row['plSurname'] . "\n\n" . fnSystemURL(); mail($row['plEmail'], SYSTEM_NAME . ' - email change', $sBody, "From:" . SYSTEM_NAME . " <" . EVENT_CONTACT_MAIL . ">"); mail(SafeEmail($_POST['txtEmail']), SYSTEM_NAME . ' - email change', $sBody, "From:" . SYSTEM_NAME . " <" . EVENT_CONTACT_MAIL . ">"); } } if ($_POST['btnConfirm'] != '' && CheckReferrer('change_password.php')) { //Get user's e-mail address $result = ba_db_query($link, "SELECT plNewMail, plNewMailCode FROM {$db_prefix}players WHERE plPlayerID = {$PLAYER_ID}"); $row = ba_db_fetch_assoc($result); if ($row['plNewMailCode'] == $_POST['txtCode']) { //Run update query & set message $sql = "UPDATE {$db_prefix}players SET plEmail = '" . SafeEmail($row['plNewMail']) . "', plNewMail = '', plNewMailCode = '' " . "WHERE plPlayerID = {$PLAYER_ID}"; $result = ba_db_query($link, $sql); if ($result === False) { $sWarn = "There was a problem updating your e-mail address"; } else {
| Bitsand is distributed in the hope that it will be useful, but WITHOUT ANY | WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS | FOR A PARTICULAR PURPOSE. See the GNU General Public License for more | details. | | You should have received a copy of the GNU General Public License along with | Bitsand. If not, see <http://www.gnu.org/licenses/>. +---------------------------------------------------------------------------*/ include 'inc/inc_head_db.php'; $db_prefix = DB_PREFIX; if ($_POST['btnSubmit'] != '' && (CheckReferrer('booking.php') || CheckReferrer('eventbookingconfirm.php'))) { $bookingid = (int) $_POST['hBooking']; $email = htmlentities(stripslashes($_POST['txtEmail'])); if ($bookingid > 0) { $sBody = "You have recieved a request to make a payment for an event at " . SYSTEM_NAME . ". " . "\n\nIf you have an account then please login to make this payment.\n" . "Otherwise you must create an account if you wish to make a payment, using this e-mail address.\n\n" . "If you have recieved this request in error, then please ignore it, or contact " . EVENT_CONTACT_NAME . " (" . EVENT_CONTACT_MAIL . ") if you have any questions."; "\n\n" . fnSystemURL(); mail($email, SYSTEM_NAME . ' - Payment Request', $sBody, "From:" . SYSTEM_NAME . " <" . EVENT_CONTACT_MAIL . ">"); $sql = "INSERT INTO {$db_prefix}paymentrequests (prEmail, prBookingID) VALUES ('{$email}', {$bookingid})"; ba_db_query($link, $sql); } } if ($_GET['green'] != '') { $sGreen .= htmlentities($_GET['green']); } if ($_GET['warn'] != '') { $sWarn .= htmlentities($_GET['warn']); } include 'inc/inc_head_html.php'; ?> <h1><?php
$sNewPass .= chr(rand(97, 122)); break; } } //Get salted hash of new password and run UPDATE query $sHashPass = sha1($sNewPass . PW_SALT); $sql = "UPDATE " . DB_PREFIX . "players SET plPassword = '******', plLoginCounter = 0 " . "WHERE plEmail LIKE '" . ba_db_real_escape_string($link, $sEmail) . "'"; $result = ba_db_query($link, $sql); if (ba_db_affected_rows($link) == 0) { //No changes made. $sMsg = 'E-mail not found. Password not reset. Please check and try again'; } else { //Send e-mail $sTo = $sEmail; $sSubject = SYSTEM_NAME . " - password reset"; $sBody = "Hi,\nYour password at " . SYSTEM_NAME . " has been reset. " . "Your new password is:\n{$sNewPass}\nYou can log in using this new password.\n\n" . fnSystemURL(); ini_set("sendmail_from", EVENT_CONTACT_MAIL); $mail = mail($sTo, $sSubject, $sBody, "From:" . SYSTEM_NAME . " <" . EVENT_CONTACT_MAIL . ">", '-f' . EVENT_CONTACT_MAIL); if ($mail) { $sMsg = "A new password has been sent to {$sEmail}. Please check your e-mail for your new password.<br />\n" . "If you do not get the e-mail, check your Junk/Spam folder - it may have been marked as spam " . "(this appears to be particularly common with web-based e-mail services)"; } else { $sMsg = "There was an error sending your reset email. Please contact <a href = 'mailto:" . Obfuscate(TECH_CONTACT_MAIL) . "'>" . TECH_CONTACT_NAME . "</a> to reset your password manually"; } } if (ba_db_affected_rows($link) > 1) { //More than one record updated - log warning LogWarning("retrieve.php - Multiple records updated from SQL query\n{$sql}"); } } ?>
curl_setopt($ch, CURLOPT_REFERER, $systems_url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); $result = curl_exec($ch); curl_close($ch); if ($result) { $ba_systems_file = explode("\n", $result); } } if ($ba_systems_file) { // Tidy up the retrieved file, drop all of the rem lines and then sort $ba_systems = array(); foreach ($ba_systems_file as $line) { if (substr(trim($line), 0, 1) != '#' && !empty(trim($line))) { $line = explode("\t", $line); // We don't need to include our own site if (strpos($line[2], fnSystemURL()) === false) { $ba_systems[$line[0]] = array('system' => $line[1], 'url' => $line[2]); } } } ksort($ba_systems); ?> <h2>Copy Details From Another System</h2> <p> If you are registered on another copy of Bitsand, simply select the system from the drop-down box below and enter your user name and password on that system. Your details will be copied over automatically. </p> <form action="import.php" method="post"> <table class="blockmid"> <tr>
if ($sWarn != '') { $sWarn = "The following problems were found:<br>\n" . $sWarn; } //Do not redirect if there are any warnings (required fields not filled in, etc) if ($sWarn == '') { //Get user's e-mail address $result = ba_db_query($link, "SELECT plFirstName, plSurname, plEmail FROM {$db_prefix}players WHERE plPlayerID = {$PLAYER_ID}"); $row = ba_db_fetch_assoc($result); $email = $row['plEmail']; //Send e-mail $sBody = "Your IC details have been entered at " . SYSTEM_NAME . ".\n\n" . "Player ID: " . PID_PREFIX . sprintf('%03s', $PLAYER_ID) . "\n" . "OOC Name: " . $row['plFirstName'] . " " . $row['plSurname'] . "\n\n" . fnSystemURL(); if ($bEmailICChange) { mail($email, SYSTEM_NAME . ' - IC details', $sBody, "From:" . SYSTEM_NAME . " <" . EVENT_CONTACT_MAIL . ">"); } //Make up URL & redirect $sURL = fnSystemURL() . 'start.php?green=' . urlencode('Your IC details have been updated'); header("Location: {$sURL}"); } } include 'inc/inc_head_html.php'; include 'inc/inc_js_forms.php'; //Get existing details if there are any $sql = "SELECT * FROM {$db_prefix}characters WHERE chPlayerID = {$PLAYER_ID}"; $result = ba_db_query($link, $sql); $row = ba_db_fetch_assoc($result); $sNotes = $row['chNotes']; $sOSP = $row['chOSP']; ?> <h1><?php echo TITLE;
} //Get user's e-mail address $result = ba_db_query($link, "SELECT plEmail FROM {$db_prefix}players WHERE plPlayerID = {$admin_player_id}"); $row = ba_db_fetch_assoc($result); $sEmail = $row['plEmail']; if (SEND_PASSWORD) { //E-mail user with new password $sBody = "Your password for " . SYSTEM_NAME . " has been changed. " . "Your new details are below:\n\n" . "E-mail: {$sEmail}\nPassword: {$_POST[txtPassword1]}\n" . "Player ID: " . PID_PREFIX . sprintf('%03s', $admin_player_id) . "\n" . "OOC Name: " . $row['plFirstName'] . " " . $row['plSurname'] . "\n\n" . fnSystemURL(); mail($sEmail, SYSTEM_NAME . ' - password change', $sBody, "From:" . SYSTEM_NAME . " <" . EVENT_CONTACT_MAIL . ">"); } } else { $sWarn = "There was a problem resetting the password<br>\n"; LogError("Error updating OOC information (admin_pw_reset.php). Player ID: {$admin_player_id}"); } //Redirect to start page $sURL = fnSystemURL() . '../start.php?green=' . urlencode('Password has been reset, and account enabled, for player ID ' . PID_PREFIX . sprintf('%03s', $admin_player_id)); if (SEND_PASSWORD) { $sURL .= '. The new password has been e-mailed to the player'; } header("Location: {$sURL}"); } } include '../inc/inc_head_html.php'; ?> <h1><?php echo TITLE; ?> - Password Reset</h1> <h2>Reset Password for Player ID <?php
$marshal = stripslashes($_POST["cboMarshal{$value}"]); $sEmail = ba_db_real_escape_string($link, SafeEmail($_POST['txtEmail'])); $sql = "UPDATE {$db_prefix}players SET plFirstName = '" . ba_db_real_escape_string($link, $_POST['txtFirstName']) . "', " . "plSurname = '" . ba_db_real_escape_string($link, $_POST['txtSurname']) . "', " . "pleAddress1 = AES_ENCRYPT('" . ba_db_real_escape_string($link, $_POST['txtAddress1']) . "', '{$key}'), " . "pleAddress2 = AES_ENCRYPT('" . ba_db_real_escape_string($link, $_POST['txtAddress2']) . "', '{$key}'), " . "pleAddress3 = AES_ENCRYPT('" . ba_db_real_escape_string($link, $_POST['txtAddress3']) . "', '{$key}'), " . "pleAddress4 = AES_ENCRYPT('" . ba_db_real_escape_string($link, $_POST['txtAddress4']) . "', '{$key}'), " . "plePostcode = AES_ENCRYPT('" . ba_db_real_escape_string($link, $_POST['txtPostcode']) . "', '{$key}'), " . "pleTelephone = AES_ENCRYPT('" . ba_db_real_escape_string($link, $_POST['txtPhone']) . "', '{$key}'), " . "pleMobile = AES_ENCRYPT('" . ba_db_real_escape_string($link, $_POST['txtMobile']) . "', '{$key}'), " . "plEmail = '{$sEmail}', " . "plDOB = '{$dob}', " . "pleMedicalInfo = AES_ENCRYPT('" . ba_db_real_escape_string($link, $sMedInfo) . "', '{$key}'), " . "plEmergencyName = '" . ba_db_real_escape_string($link, $_POST['txtEmergencyName']) . "', " . "pleEmergencyNumber = AES_ENCRYPT('" . ba_db_real_escape_string($link, $_POST['txtEmergencyNumber']) . "', '{$key}'), " . "plEmergencyRelationship = '" . ba_db_real_escape_string($link, $_POST['txtEmergencyRelationship']) . "', " . "plCarRegistration = '{$sCarReg}', " . "plDietary = '" . ba_db_real_escape_string($link, $_POST['selDiet']) . "', " . "plNotes = '" . ba_db_real_escape_string($link, $_POST['txtNotes']) . "', " . "plAdminNotes = '" . ba_db_real_escape_string($link, $_POST['txtAdminNotes']) . "', "; $sql .= "plRefNumber = {$refnumber}, plMarshal = '{$marshal}',"; $sql .= "plEventPackByPost = {$iByPost} "; $sql .= "WHERE plPlayerID = {$admin_player_id}"; //Run UPDATE query if (ba_db_query($link, $sql)) { //Query should affect exactly one row. Log a warning if it affected more if (ba_db_affected_rows($link) > 1) { LogWarning("More than one row updated during admin OOC update (admin_edit_ooc.php). Player ID: {$admin_player_id}"); } //Do not redirect if there are any warnings (required fields not filled in, etc) if ($sWarn == '') { //Make up URL & redirect $sURL = fnSystemURL() . "admin_viewdetails.php?pid={$admin_player_id}&green=" . urlencode("OOC details updated"); header("Location: {$sURL}"); } } else { $sWarn = "There was a problem updating the OOC details"; LogError("Error updating OOC information (admin_edit_ooc.php). Player ID: {$admin_player_id}"); } } //Get existing details if there are any $sql = "SELECT plFirstName, " . "plSurname, " . "AES_DECRYPT(pleAddress1, '{$key}') AS dAddress1, " . "AES_DECRYPT(pleAddress2, '{$key}') AS dAddress2, " . "AES_DECRYPT(pleAddress3, '{$key}') AS dAddress3, " . "AES_DECRYPT(pleAddress4, '{$key}') AS dAddress4, " . "AES_DECRYPT(plePostcode, '{$key}') AS dPostcode, " . "AES_DECRYPT(pleTelephone, '{$key}') AS dTelephone, " . "AES_DECRYPT(pleMobile, '{$key}') AS dMobile, " . "plEmail, " . "plDOB, " . "AES_DECRYPT(pleMedicalInfo, '{$key}') AS dMedicalInfo, " . "plEmergencyName, " . "AES_DECRYPT(pleEmergencyNumber, '{$key}') AS dEmergencyNumber, " . "plEmergencyRelationship, " . "plCarRegistration, " . "plDietary, " . "plNotes, " . "plAdminNotes, " . "plEventPackByPost, " . "plRefNumber, " . "plMarshal " . "FROM {$db_prefix}players WHERE plPlayerID = {$admin_player_id}"; $result = ba_db_query($link, $sql); $playerrow = ba_db_fetch_assoc($result); include '../inc/inc_head_html.php'; include '../inc/inc_js_forms.php'; ?>
include 'inc/inc_head_html.php'; ?> <h1><?php echo TITLE; ?> - Download</h1> <p> This booking system runs on Bitsand, a web-based booking system for LRP events. Bitsand is copyright (c) 2006 - 2015 <a href = "https://github.com/PeteAUK/bitsand">The Bitsand Project</a>. </p> <p> Bitsand is free software; you can redistribute it and/or modify it under the terms of the <a href = "http://www.gnu.org/licenses/gpl.html">GNU General Public License</a> as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. </p> <?php //Display notice about lion background image if this is the Lions' system if (fnSystemURL() == 'http://bookings.lionsfaction.co.uk/' || fnSystemURL() == 'https://bookings.lionsfaction.co.uk/') { echo '<p>The lion background image is modified from an <a href = "http://flickr.com/photos/stuartyeates/216280481/">image by Stuart Yeates</a>, released under the Creative Commons <a href = "http://creativecommons.org/licenses/by-sa/3.0/">Attribution-ShareAlike 3.0</a> licence. The modified image is available from the <a href = "https://github.com/PeteAUK/bitsand">Bitsand Project</a></p>'; } ?> <p> Full source code is available from the <a href = "https://github.com/PeteAUK/bitsand">Bitsand Github repository</a>. There is also an <a href = "https://github.com/PeteAUK/bitsand/issues">issue tracker</a>, where bugs and feature requests can be registered. </p> <p>If you would like to be informed when new versions are released, please <a href="https://github.com/PeteAUK/bitsand/subscription">watch the Bitsand Github repository</a> or <a href="http://www.freelists.org/list/bitsand">sign up to our Mailing List</a></p> <?php include 'inc/inc_foot.php';
$row = ba_db_fetch_assoc($result); $iLoginCounter = $row['plLoginCounter']; $sql = "UPDATE {$db_prefix}players SET plLoginCounter = " . ++$iLoginCounter . " " . "WHERE plEmail LIKE '" . ba_db_real_escape_string($link, $sEmail) . "'"; //Log failed login attempt $sLogWarn = "Failed login attempt\nE-mail: {$sEmail}\n" . "Attempt was made from IP address {$_SERVER['REMOTE_ADDR']}"; LogWarning($sLogWarn); //Check for too many failed logins if ($iLoginCounter > LOGIN_TRIES && $row['plPassword'] != 'ACCOUNT DISABLED') { //Change SQL query so that plPassword and plLoginCounter are both updated $sql = "UPDATE {$db_prefix}players SET plPassword = '******', plLoginCounter = " . $iLoginCounter . " WHERE plEmail LIKE '" . ba_db_real_escape_string($link, $sEmail) . "'"; $sMessage = "You have entered an incorrect password too many times. Your account has been disabled.<br>" . "An e-mail has been sent to your e-mail address with instructions on how to re-enable your account."; //E-mail user $sBody = "This is an automated message from " . SYSTEM_NAME . ". Your account has been disabled, because " . "an incorrect password was entered too many times. You can re-enable your account by resetting your " . "password (Follow the 'Get a new password' link from the front page). If you have any problems, " . "please contact " . TECH_CONTACT_NAME . " at " . TECH_CONTACT_MAIL . " to have your account re-enabled.\n\n" . fnSystemURL(); mail($sEmail, SYSTEM_NAME . ' - account disabled', $sBody, "From:" . SYSTEM_NAME . " <" . TECH_CONTACT_MAIL . ">"); //E-mail admin and log a warning $sBody = "Account with e-mail address {$sEmail} has been disabled, after too many failed login attempts.\n" . "Latest attempt was from IP address {$_SERVER['REMOTE_ADDR']}\n" . "An e-mail has been sent to the user.\n\n" . fnSystemURL(); mail(TECH_CONTACT_MAIL, SYSTEM_NAME . ' - account disabled', $sBody, "From:" . SYSTEM_NAME . " <" . TECH_CONTACT_MAIL . ">"); LogWarning($sBody); } elseif ($row['plPassword'] == 'ACCOUNT DISABLED') { //Account has been previously disabled. Just display message - do not send e-mail $sMessage = "Your account has been disabled. To re-enable it, either <a href = 'retrieve.php'>request a new password</a>" . " or e-mail " . TECH_CONTACT_NAME . ", using the link below"; } //Run query to update plLoginCounter (and plPassword, if account is being disabled) ba_db_query($link, $sql) . $sql; } } else { //User is not logging in, so reset login cookies //Cookies are reset here, but values will not be available until next page load. Note that Lynx (and others?) //do not seem to reset cookies when they are set null value, so we set them to zero, then set them to null setcookie('BA_PlayerID', 0); setcookie('BA_PlayerID', '');
$sURL = fnSystemURL() . 'booking.php?BookingID=' . $bookingid; header("Location: {$sURL}"); } else { if ($_POST['delete'] != null || $_POST['rebook'] != null) { $sql = "DELETE FROM {$db_prefix}bookingitems WHERE biBookingID = " . $bookingid; ba_db_query($link, $sql); $sql = "DELETE FROM {$db_prefix}paymentrequests WHERE prBookingID = " . $bookingid; ba_db_query($link, $sql); $sql = "DELETE FROM {$db_prefix}bookings WHERE bkID = " . $bookingid; ba_db_query($link, $sql); if ($_POST['delete'] != null) { $sMsg = "Your booking has been cancelled for " . htmlentities(stripslashes($bookinginfo['evEventName'])); $sURL = fnSystemURL() . 'start.php?warn=' . urlencode($sMsg); header("Location: {$sURL}"); } else { $sURL = fnSystemURL() . 'eventbooking.php?EventID=' . $bookinginfo['evEventID']; header("Location: {$sURL}"); } } } echo "<h2>Delete booking for event - " . htmlentities(stripslashes($bookinginfo['evEventName'])) . "</h2>"; ?> <p>Please confirm that you wish to delete your current booking for this event.</p> <?php if ($bookinginfo['bkInQueue'] == 1) { echo "<p>You will lose your place in the queue, and may miss out on a place at the event if you continue.</p>"; } if ($bookinginfo['bkAmountPaid'] > 0) { echo "<p>You will need to request a refund of any payment made, please contact <a href = 'mailto:" . Obfuscate(EVENT_CONTACT_MAIL) . "'>" . EVENT_CONTACT_NAME . "</a>.</p>";