function removeSeat($eventId, $userId, $checkCancelled = true) { if ($checkCancelled) { $signupStatus = getSignupStatus($userId, $eventId); if ($signupStatus != 'CANCELLED') { throw new Exception('Cannot remove seat from a user, as they have not cancelled.'); } } $sql = 'DELETE FROM seatingplan_seat_selections WHERE event = :event AND user = :user'; $stmt = DatabaseFactory::getInstance()->prepare($sql); $stmt->bindValue(':event', $eventId); $stmt->bindValue(':user', $userId); $stmt->execute(); logActivity('Removed seat for _u_ at _e_', null, array('user' => $userId, 'event' => $eventId)); }
function signupLinks($eventId, $eventSignupStatus, $signupId, $userSignupStatus = null, $userId = null) { if (!Session::isLoggedIn()) { return 'You must be <a href = "login.php">logged in</a> to signup.'; } if ($userId == null) { $userId = Session::getUser()->getId(); $userSignupStatus = getSignupStatus($userId, $eventId); } if ($userId != Session::getUser()->getId() && !Session::hasPriv('EDIT_SIGNUPS')) { return; } $signupLinks = array(); switch ($userSignupStatus) { case '': if (!isSignupPossibleFromSignupStatus($eventSignupStatus)) { return 'Signups are off!'; } $signupLinks[] = '<a href = "signup.php?event=' . $eventId . '">Signup!</a>'; break; case 'SIGNEDUP': if ($userId == Session::getUser()->getId()) { $signupLinks[] = '<a href = "basket.php?&user='******'&event=' . $eventId . '&action=add">Go to basket</a>'; if (Session::getUser()->hasPriv('CANCEL_OTHERS_SIGNUP')) { $signupLinks[] = '<a href = "signup.php?&user='******'&event=' . $eventId . '&status=cancelled">Cancel</a>'; } } break; case 'PAYPAL_WAITING': $signupLinks[] = 'Processing payment'; case 'CONFIRMED': case 'PAID': $signupLinks[] = '<a href = "signup.php?&user='******'&event=' . $eventId . '&status=cancelled">Cancel</a>'; $signupLinks[] = '<a href = "seatingplan.php?event=' . $eventId . '">Seating plan</a>'; break; case 'CASH_IN_POST': case 'CHEQUE_IN_POST': case 'BACS_WAITING': $signupLinks[] = 'Processing payment'; break; case 'WAITINGLIST': // old style // old style case 'WAITING_LIST': case 'PAID_CANTATTEND': case 'PAID_NOSHOW': case 'CANCELLED': case 'STAFF': case 'ATTENDED': case 'NOSHOW': break; default: throw new Exception('Unhandled singup status while working out signup links: ' . $userSignupStatus); } if (Session::hasPriv('SIGNUPS_MODIFY') && !empty($signupId)) { $signupLinks[] .= ' <a href = "updateSignup.php?id=' . $signupId . '">Update</a>'; } return implode(', ', $signupLinks); }
return $authenticatedMachines; } $sanitizer = Sanitizer::getInstance(); $username = $sanitizer->filterString('username'); $password = $sanitizer->filterString('password'); $isStaff = $sanitizer->filterString('fullrequest'); try { Session::checkCredentials($username, $password); $user = User::getUser($username); } catch (\libAllure\UserNotFoundException $e) { apiReturn('reject-authentication', 'User not found'); } catch (\libAllure\IncorrectPasswordException $e) { apiReturn('reject-authentication', 'Password is incorrect'); } $event = getEvent(); $signupStatus = getSignupStatus($user->getId(), $event['id']); switch ($signupStatus) { case 'PAID': $authenticatedMachines = getAuthenticatedMachines($user->getId(), $event['id']); $sql = 'SELECT s.numberMachinesAllowed FROM signups s WHERE s.user = :user AND s.event = :event'; $stmt = DatabaseFactory::getInstance()->prepare($sql); $stmt->bindValue(':user', $user->getId()); $stmt->bindValue(':event', $event['id']); $stmt->execute(); $signup = $stmt->fetchRowNotNull(); if (count($authenticatedMachines) >= $signup['numberMachinesAllowed']) { apiReturn('reject-overuse'); } else { $sql = 'INSERT INTO authenticated_machines (user, event, seat, ip, hostname, mac) VALUES (:user, :event, :seat, :ip, :hostname, :mac)'; $stmt = DatabaseFactory::getInstance()->prepare($sql); $stmt->bindValue(':user', $user->getId());
$stmt->execute(); } function jsonError($errorMessage) { echo json_encode(array('type' => 'error', 'message' => $errorMessage)); exit; } function jsonSuccess($message, array $seatChanges) { echo json_encode(array('type' => 'success', 'message' => $message, 'seatChanges' => $seatChanges)); exit; } if (!Session::isLoggedIn()) { jsonError('You are not logged in!'); } $status = getSignupStatus(Session::getUser()->getId(), $event['id']); if ($status != 'PAID' && $status != 'CONFIRMED' && $status != 'PAYPAL_WAITING' && $status != 'STAFF') { jsonError("You haven't paid for a ticket!"); } if (getUserInSeat($event['id'], $seat)) { jsonError("That seat is already occupied!"); } $seatChanges = array(); $currentSeats = getSeatForUser($event['id']); foreach ($currentSeats as $itemCurrentSeat) { $seatChanges[] = getJsonSeatChange('delete', $itemCurrentSeat['seat'], Session::getUser()->getUsername()); } deleteSeatsForUser($event['id']); setUserInSeat($event['id'], $seat); $seatChanges[] = getJsonSeatChange('set', $seat, Session::getUser()->getUsername()); jsonSuccess('Seat selected!', $seatChanges);