$amountArr = json_decode($_POST['amounts']); $descriptionArr = json_decode($_POST['descriptions']); $sendArr = json_decode($_POST['sendEmails']); $typeArr = json_decode($_POST['types']); $semArr = json_decode($_POST['semesters']); $count = 0; foreach ($emailArr as $email) { if ($email == '') { continue; } // Ignore transactions with nobody if (!mysql_query("insert into transaction (memberID, choir, amount, description, semester, type) values ('" . mysql_escape_string($email) . "', '{$CHOIR}', '" . mysql_escape_string($amountArr[$count]) . "','" . mysql_escape_string($descriptionArr[$count]) . "', '" . mysql_escape_string($semArr[$count]) . "', '" . mysql_escape_string($typeArr[$count]) . "')")) { die(mysql_error()); } if ($sendArr[$count]) { $name = fullNameFromEmail(mysql_real_escape_string($email)); $msg = "Keep this receipt for your records."; $msg .= "<br />Name: " . $name; $msg .= "<br />Semester: " . $semArr[$count]; $result = mysql_fetch_array(mysql_query("select `name` from `transacType` where `id` = '" . $typeArr[$count] . "'")); $msg .= "<br />Category: " . $result['name']; $msg .= "<br />Amount: " . $amountArr[$count]; $msg .= "<br />Description: " . $descriptionArr[$count]; $msg .= "<br />Date: " . date('l jS \\of F Y'); //$msg .= "<br />Hash (for Treasurer's use): " . encrypt($d); $title = choirname($CHOIR) . " Receipt"; $headers = 'MIME-Version: 1.0' . "\n"; $headers .= 'Content-type: text/html; charset=iso-8859-1' . "\n"; mail($treasurerEmail . ', ' . $email, $title, $msg, $headers); } $count++;
<?php require_once './functions.php'; if (!isset($_POST['eventNo'])) { die("No event number provided"); } $eventNo = mysql_real_escape_string($_POST['eventNo']); $replacement = mysql_real_escape_string($_POST['replacement']); $reason = mysql_real_escape_string($_POST['reason']); //if they didn't specify a reason, don't let them off the hook if ($reason == "") { die("You need a reason. Try again.<br><div class='btn' id='retryAbsenceButton' value='{$eventNo}'>try again</div>"); } $attendanceOfficers = implode(", ", getPosition("Vice President")) . ", " . implode(", ", getPosition("President")); # TODO Check for duplicate queries and display an error message if a request has already been submitted for this event if (!mysql_query("insert into `absencerequest` (reason,memberID,eventNo) values ('{$reason}','{$USER}','{$eventNo}')")) { die("Query failed: " . mysql_error()); } $mail = sendMessageEmail($attendanceOfficers, $USER, 'Name: ' . fullNameFromEmail($USER) . '<br>Event: ' . getEventName($eventNo) . '<br>Reason: ' . $reason, 'Absence Request on Gree-C-Web'); echo "<p>Your request has been submitted. You lazy bum!</p>";
function tie_form($memberID) { global $SEMESTER; $tie = 0; $query = mysql_query("select `tie` from `tieBorrow` where `member` = '{$memberID}' and `dateIn` is null"); $result = mysql_fetch_array($query); if (mysql_num_rows($query) != 0) { $tie = $result['tie']; } $head = fullNameFromEmail($memberID) . ' '; $form = ''; if ($tie == 0) { $head .= "does not have a tie checked out."; $form = "Check out tie number <input type='text' class='tienum' style='width: 40px; margin-bottom: 1px'><span class='spacer'></span><button type='button' class='btn tie_checkout' data-member='{$memberID}'>Submit</button>"; } elseif ($tie > 0) { $head .= "has tie <span style='font-weight: bold'>{$tie}</span> checked out."; $form = "<button type='button' class='btn tie_return' data-member='{$memberID}'>Return</button>"; } elseif ($tie < 0) { $head .= "is a tie thief."; $form = "<button type='button' class='btn tie_return' data-member='{$memberID}'>Resolve</button>"; } $sql = "select sum(`amount`) as `balance` from `transaction` where `memberID` = '{$memberID}' and `type` = 'deposit'"; $result = mysql_fetch_array(mysql_query($sql)); $balance = $result['balance']; if ($balance == '') { $balance = 0; } $deposit = "<span style='color: red'>unpaid</span>"; if ($balance >= fee("tie")) { $deposit = "<span style='color: green'>paid</span>"; } return "{$head}<br>Tie deposit: {$deposit}<br><br>{$form}"; }
if (!mysql_query("delete from `tieBorrow` where `id` = '{$id}'")) { die(mysql_error()); } echo "OK"; } else { if ($action == 'history') { if (!isset($_POST['tie'])) { die('MISSING_ARG'); } $results = mysql_query("select `id`, `member`, `dateOut`, `dateIn` from `tieBorrow` where `tie` = '{$tie}' order by `dateOut` asc"); if (!$results) { die(mysql_error()); } echo "<table><tr><th></th><th>Member</th><th>Date Borrowed</th><th>Date Returned</th></tr>"; while ($row = mysql_fetch_array($results)) { echo "<tr><td><button type='button' class='btn btn-link hist_del' data-id='{$row['id']}'><i class='icon-remove'></i></button></td><td>" . fullNameFromEmail($row['member']) . "</td><td>{$row['dateOut']}</td><td>" . ($row['dateIn'] == '' ? '--' : $row['dateIn']) . "</td></tr>"; } echo "</table>"; } else { if ($action == 'editform') { if (!isset($_POST['tie'])) { die('MISSING_ARG'); } $tiearr = mysql_fetch_array(mysql_query("select * from `tie` where `id` = '{$tie}'")); echo "<form class='form-horizontal' id='tie_form'>"; echo "<div class='control-group'><label class='control-label'>Number</label><div class='controls'><input type='number' id='tie_num' value='{$tiearr['id']}'></div></div>"; echo "<div class='control-group'><label class='control-label'>Status</label><div class='controls'>"; echo "<select id='tie_status'>"; $result = mysql_query("select `name` from `tieStatus`"); while ($row = mysql_fetch_array($result)) { echo "<option value='{$row['name']}'" . ($tiearr['status'] == $row['name'] ? " selected" : "") . ">{$row['name']}</option>";