/**
* Provides all members of this group.
*
* @return UserGroupMember[]
*/
public function getMembers()
{
// First get all userIDs that are members.
$qAllMembers = db_query(sprintf("SELECT `userID`,`access` FROM `%s_group_members` WHERE `groupID`=%d", db_prefix(), $this->getGroupID()));
$nAllMembers = db_num($qAllMembers);
// Verify that we got any users.
if ($qAllMembers === false || $nAllMembers < 1) {
return array();
}
$members = array();
$userIDs = array();
$rowsIndexedByUID = array();
// Fetch each as User
while ($row = db_fetch_assoc($qAllMembers)) {
$userIDs[] = $row["userID"];
$rowsIndexedByUID[$row["userID"]] = $row;
}
// Fetch the users.
$users = UserManager::getInstance()->getUsersByID($userIDs);
if (count($users) < 1) {
return array();
}
// Create as UserGroupMember
foreach ($users as $user) {
$memberRow = $rowsIndexedByUID[$user->getUserID()];
$member = new UserGroupMember($user->getUserID());
$member->fillInfo($user->getInfo());
// fill extra variables
$member->setAccess($memberRow["access"]);
$member->setGroup($this);
$members[] = $member;
unset($memberRow, $user, $member);
}
return $members;
}
function print_comments_table($fileid){
global $phrases,$member_data,$id,$content,$op_comment,$sec_img,$sec_string,$settings,$admin_path;
if($settings['files_comments_enable']){
//-------- send comment command ---------
if($op_comment=="send_comment"){
if(check_member_login()){
if($sec_img->verify_string($sec_string)){
$content = htmlspecialchars($content);
$memberid = $member_data['id'] ;
db_query("insert into mobile_files_comments (memberid,content,fileid,date) values('$memberid','$content','$id',now())");
open_table();
print "<center>$phrases[your_comment_sent_successfully]</center>";
close_table();
$content="";
}else{
open_table();
print "<center>$phrases[err_sec_code_not_valid]</center>";
close_table();
}
}else{
open_table();
print "<center> $phrases[please_login_first] </center>";
close_table();
}
}
$qr = db_query("select * from mobile_files_comments where fileid='$fileid'");
if(db_num($qr)){
open_table("$phrases[the_comments]");
print "<hr size=1 class=separate_line>";
while($data = db_fetch($qr)){
$dx = db_qr_fetch("select ".members_fields_replace('username').",".members_fields_replace('email')." from ".members_table_replace('mobile_members')." where ".members_fields_replace('id')."='$data[memberid]'",MEMBER_SQL);
print "<table width=100% border=0><tr><td width=50%><b>$dx[username]</b></td><td align=left>$data[date]</td></tr>";
print "<tr><td colspan=2>$data[content] <a href=\"javascript:report($id,$data[id]);\"><font color='red'>ΚΘανΫ</font></a>";
if(check_login_cookies()){
print " [<a href='".iif($admin_path,$admin_path,"admin")."/index.php?action=comment_del&id=$data[id]&cat=$id'>$phrases[delete]</a>]";
}
print "<br><hr size=1 class=separate_line></td></tr></table>";
}
close_table();
}
}
}
/**
* @param $productID
* @return LanProduct|null
*/
public function getProductByID($productID)
{
if (!is_numeric($productID) || $productID < 1) {
return null;
}
$query = db_query(sprintf("SELECT `ID`,`wareType`,`name`,`price` FROM `%s_kiosk_wares` WHERE `ID` = %d LIMIT 0,1", db_prefix(), $productID));
if (db_num($query) < 1) {
return null;
}
$result = db_fetch_assoc($query);
$product = new LanProduct($productID);
$product->fillInfo($result);
return $product;
}
/**
* Provides a single article instance.
*
* @param int $articleID
* @return NewsArticle|null
*/
public function getArticle($articleID)
{
global $sql_prefix, $sessioninfo;
if (intval($articleID) < 1) {
return null;
}
$query = sprintf("SELECT ID,header,eventID,content,createTime,active,global FROM %s_news WHERE ID=%s AND ((global='yes' OR eventID=1) OR eventID=%s)", $sql_prefix, $articleID, $sessioninfo->eventID);
$result = db_query($query);
if ($result == false || db_num($result) < 1) {
return null;
}
$row = db_fetch_assoc($result);
$articleObject = new NewsArticle($articleID);
$articleObject->fillInfo($row);
unset($row, $result);
return $articleObject;
}
/**
* Provides the ticket types
*
* @param int $eventID If null then active event is used.
* @return TicketType
*/
public function getTicketTypes($eventID = null)
{
global $sessioninfo, $sql_prefix;
if ($eventID == null) {
$eventID = $sessioninfo->eventID;
}
$result = db_query(sprintf("SELECT * FROM `%s_ticketTypes` WHERE `eventID` = %d", $sql_prefix, $eventID));
$num = db_num($result);
$ticketTypes = array();
if ($num > 0) {
$i = 0;
while ($row = db_fetch_assoc($result)) {
$ticketTypes[$i] = new TicketType($row['ticketTypeID']);
$ticketTypes[$i]->fillInfo($row);
$i++;
}
}
return $ticketTypes;
}
/**
* @param int $userID
* @param array $crewIDs
* @return AdminComment[]
*/
public function getApplicationComments($userID, $crewIDs)
{
global $sessioninfo;
$query = "SELECT `ID`,`crewID`,`comment`,`approval`,`userID`,`adminID`,`createdTime`,`commentType` FROM `" . db_prefix() . "_wannabeComment`";
$query .= " WHERE `userID`=" . $userID . "";
$query .= " AND `crewID` IN(" . implode(",", $crewIDs) . ")";
$qComments = db_query($query);
if (db_num($qComments) < 1) {
return array();
}
$comments = array();
while ($row = db_fetch_assoc($qComments)) {
$commentObject = new AdminComment($row["ID"]);
$commentObject->fillInfo($row);
$comments[] = $commentObject;
unset($commentObject, $row);
}
unset($qComments, $query);
return $comments;
}
/**
* returns all results as array
*
* @param $query
* @return array
*/
function db_fetch_all($query)
{
global $sql_type;
/* Function to fetch results from db_query */
$return = array();
switch ($sql_type) {
case "mysql":
case "mysqli":
if (db_num($query) > 0) {
while ($row = db_fetch($query)) {
$return[] = $row;
}
}
break;
default:
die("Something seriously wrong with variable sql_type in function " . __FUNCTION__);
}
// End switch ($sql_type)
return $return;
}
$seatcontent .= ">{$value}</option>\n";
}
// End foreach globalaccess
$seatcontent .= "</select>\n";
} elseif ($type == "r" && isset($_POST['right'])) {
$action = "doUpdateSeat";
}
// End type == r and isset(right)
}
// End if action == "updateSeat"
if (!isset($action) || $action == "updateSeat") {
// No action set... Display the map
// First, get amount of rows
$qGetSeatY = db_query("SELECT DISTINCT seatY FROM " . $sql_prefix . "_seatReg\n\t\tWHERE eventID = '" . $sessioninfo->eventID . "'\n\t\tORDER BY seatY ASC");
$content .= "<form method=\"post\" action=\"?module=seatadmin&action=updateSeat\">\n";
if (db_num($qGetSeatY) != 0) {
$content .= "<table style=\"border: 1px solid;\">\n";
while ($rGetSeatY = db_fetch($qGetSeatY)) {
$seatY = $rGetSeatY->seatY;
// Start a new row
$content .= "<tr>\n";
// Get the contents of the row; the columns
$qGetSeatX = db_query("SELECT * FROM " . $sql_prefix . "_seatReg\n\t\t\t\tWHERE eventID = '" . $sessioninfo->eventID . "'\n\t\t\t\tAND seatY = '" . $rGetSeatY->seatY . "'\n\t\t\t\tORDER BY seatX ASC");
while ($rGetSeatX = db_fetch($qGetSeatX)) {
$seatX = $rGetSeatX->seatX;
$content .= "<td style='height: 25px; width: 25px; background-color: " . $rGetSeatX->color;
$content .= "'>\n";
$content .= "<input type=\"checkbox\" value=\"1\" name=\"x" . $seatX . "y" . $seatY . "\"";
if ($_POST['x' . $seatX . 'y' . $seatY] == 1) {
$content .= " CHECKED";
}
$result = array();
$resultCount = 0;
// Verify there is a search query
$searchString = db_escape($_POST['query']);
if (strlen($_POST['query']) > 0 || $scope == "tickets") {
$query = null;
$str = db_escape(htmlspecialchars($_POST['query']));
if ($scope == 'all') {
$query = sprintf("SELECT nick, firstName, lastName as lastName, ID FROM %s WHERE\n (nick LIKE '%%%s%%' OR\n firstName LIKE '%%%s%%' OR\n lastName LIKE '%%%s%%' OR\n CONCAT(firstName, ' ', lastName) LIKE '%%%s%%' OR\n EMail LIKE '%%%s%%'\n ) ORDER BY ID", $usertable, $str, $str, $str, $str, $str);
} else {
if ($scope == "tickets") {
$query = sprintf("SELECT DISTINCT u.nick as nick, u.firstName as firstName, u.lastName as lastName,\n u.ID as ID FROM %s as u, %s as t WHERE t.eventID=%s AND t.user=u.ID AND\n (u.nick LIKE '%%%s%%' OR\n u.firstName LIKE '%%%s%%' OR\n u.lastName LIKE '%%%s%%' OR\n CONCAT(u.firstName, ' ', u.lastName) LIKE '%%%s%%' OR\n EMail LIKE '%%%s%%'\n ) ORDER BY u.ID", $usertable, $ticketstable, $sessioninfo->eventID, $str, $str, $str, $str, $str);
}
}
$result = db_query($query);
$num = db_num($result);
$content .= "<table class=\"table ticket-table\"><thead><tr><th>" . _("Name") . "</th><th>" . _("Tickets") . "</th></tr></thead><tbody>";
if ($num > 0) {
$i = 0;
while ($row = db_fetch($result)) {
$cssClass = $i++ % 2 == 0 ? 'odd' : 'even';
$tickets = $ticketManager->getTicketsOfUser($row->ID, null, array(''));
$content .= "<tr class=\"{$cssClass}\"><td>" . $row->firstName . " " . $row->lastName . " (" . $row->nick . ")</td><td>";
// Output tickets
if (count($tickets) > 0) {
$content .= "<div class=\"tickets-list\">";
foreach ($tickets as $value) {
$extraCss = "";
if ($value->getStatus() == Ticket::TICKET_STATUS_DELETED) {
$extraCss = " deleted";
} else {
}
//---------------------- Events types add ----------------------
if($action=="events_types_add"){
if_admin("events");
print "<center>
<form action='index.php' method=post>
<input name=action value='events_types_add_ok' type=hidden>
<table width=50% class=grid>
<tr><td> $phrases[the_name] </td><td><input type=text size=20 name=name></td></tr>
<tr><td> $phrases[the_color] </td><td><input type=text size=20 name=color dir=ltr></td></tr>
<tr><td colspan=2 align=center><input type=submit value=' $phrases[add_button] '></td></tr>
</table></form></center>";
}
//---------------------- Events types edit ----------------------
if($action=="events_types_edit"){
if_admin("events");
$id = intval($id);
$qr = db_query("select * from events_types where id='$id'");
if(db_num($qr)){
$data = db_fetch($qr);
print "<center>
<form action='index.php' method=post>
$log_old[$prefname] = $rFindPref->value;
$log_new[$prefname] = $POST;
}
}
// End for
log_add("edituser", "doEditPreferences", serialize($log_new), serialize($log_old));
header("Location: ?module=edituserinfo&action=editPreferences&user={$userID}&change=success");
} elseif ($action == "profilePicture" && isset($_GET['user'])) {
$user = $_GET['user'];
$userAdmin_acl = acl_access("userAdmin", "", 1);
if ($user == $sessioninfo->userID) {
} elseif ($userAdmin_acl == 'Admin' || $userAdmin_acl == 'Write') {
} else {
die(lang("Not access to edit profile picture", "edituserinfo"));
}
$qFindProfile = db_query("SELECT * FROM " . $sql_prefix . "_files WHERE extra = '" . db_escape($user) . "' AND file_type = 'profilepic'");
if (db_num($qFindProfile) > 0) {
$rFindProfile = db_fetch($qFindProfile);
$content .= "<img src='{$rFindProfile->file_path}'>";
}
$content .= '<form enctype="multipart/form-data" action="upload.php" method="POST">';
$content .= '<input type="hidden" name="file_type" value="profilepic" />';
$content .= _("Choose file to upload: ");
$content .= "<input name=uploadfile type=file />";
$content .= "<input type=submit value='" . _("Upload picture") . "' />";
$content .= "</form>";
} else {
// no action defined? ship user back to start.
header('Location: index.php');
die;
}
/**
* Adds a tickettype to this user i.e. creates a ticket in the _tickets table.
*
* <p>See validateAddTicketType to handle max amount of tickets an user can order, ment for "ticketorder" module.</p>
*
* @see validateAddTicketType()
* @param TicketType $ticketType The ticket type to add.
* @param int $amount Amount to add.
* @param User|null $creator If an moderator has added this ticket, send the mods User object.
* @return array Array of the new tickets md5 ID.
*/
public function addTicketType(TicketType $ticketType, $amount = 1, $creator = null)
{
global $sessioninfo, $sql_prefix, $maxTicketsPrUser;
if ($creator instanceof User == false) {
$creator = $this;
}
$insertIDs = array();
for ($i = 0; $i < $amount; $i++) {
db_query(sprintf("INSERT INTO %s_tickets(`md5_ID`, `ticketType`, `eventID`, `owner`, `createTime`, `creator`, `user`)\n VALUES('%s', %d, %d, %d, %d, %d, %d)", $sql_prefix, md5(rand() . time() . $this->getUserID()), $ticketType->getTicketTypeID(), $sessioninfo->eventID, $this->getUserID(), time(), $creator->getUserID(), $this->getUserID()));
// Find md5 ID from ticket ID
$qTicketMd5ID = db_query(sprintf("SELECT `md5_ID` FROM %s_tickets WHERE `ticketID`=%s", $sql_prefix, db_insert_id()));
if (db_num($qTicketMd5ID) < 0) {
continue;
}
$rows = db_fetch_assoc($qTicketMd5ID);
$insertIDs[] = $rows["md5_ID"];
}
return $insertIDs;
}
} else {
header("Location: ?module=eventadmin&action=groupRights&groupID={$groupID}");
}
} elseif ($action == "eventaccess") {
// if event is private, admin who can attend
// FIXME: Only works for accessgroups for now...
// Should be possible for specially invited people in clans, and all accessgroups
$qListGroups = db_query("SELECT * FROM " . $sql_prefix . "_groups WHERE groupType = 'access' AND ID != 1 ORDER BY eventID DESC");
$row = 1;
$content .= "<table>";
while ($rListGroups = db_fetch($qListGroups)) {
$content .= "<tr class='listRow{$row}'><td>";
$content .= $rListGroups->groupname;
$content .= "</td><td>";
$qCheckAccess = db_query("SELECT * FROM " . $sql_prefix . "_ACLs \n\t\t\tWHERE access != 'No' \n\t\t\tAND accessmodule = 'eventAttendee' \n\t\t\tAND eventID = '{$sessioninfo->eventID}' \n\t\t\tAND groupID = '{$rListGroups->ID}'");
if (db_num($qCheckAccess) == 0) {
$content .= "<a href=?module=eventadmin&action=doChangeRights&groupID={$rListGroups->ID}&accessmodule=eventAttendee&groupRight=Read>";
$content .= "<img src=images/icons/no.png width=\"50%\"></a>";
// $content .= lang("Allow attendee", "eventadmin")."</a>";
} else {
$content .= "<a href=?module=eventadmin&action=doChangeRights&groupID={$rListGroups->ID}&accessmodule=eventAttendee&groupRight=No>";
$content .= "<img src=images/icons/yes.png width=\"50%\"></a>";
// $content .= lang("Disallow attendee", "eventadmin")."</a>";
}
$row++;
if ($row == 3) {
$row = 1;
}
}
// End while
$content .= "</table>";
print "<table width=98% style=\"padding: 0\"><tr><td>";
$qr = db_query("select * from songs_dedications where active=1 order by id desc limit 20");
if(db_num($qr)){
print " <marquee align=\"right\" direction=\"right\" scrollamount=\"4\" style=\"font-family: Tahoma; font-size: 12px; COLOR: #000000; LINE-HEIGHT: 30px; text-decoration: none dir: rtl; text-align: right;\" onmouseover=\"this.scrollAmount=0\" onmouseout=\"this.scrollAmount='5'\"> \n";
print " *Ü* ";
while($data = db_fetch($qr)){
$data['msg'] = addslashes($data['msg']);
$emo_qr = db_query("select * from songs_emotions");
while($emo_data = db_fetch($emo_qr)){
$data['msg'] = str_replace($emo_data['value'],"<img src=\"$emo_data[img]\">",$data['msg']);
}
$qr_user = db_query("select id from mobile_members where username like '$data[user]'");
if(db_num($qr_user)){
$data_user = db_fetch($qr_user);
print "<b><a href='index.php?action=profile&id=$data_user[id]' target=_blank>$data[user]</a>:</b>";
}else{
print "<b>$data[user]:</b>";
}
print " $data[msg] *Ü* " ;
}
print "</marquee>";
}else{
print "<center> áÇ ÊæÌÏ ÅåÏÇÆÇÊ </center>";
}
print "</td><td width=10%>
<a href='#' onclick=\"window.open('send_dedication.php','displaywindow','toolbar=no,scrollbars=no,width=350,height=380,top=200,left=200');return false;\"> ÇÑÓá ÅåÏÇÁ </a>
<br>
<a href=\"javascript:get_dedications();\">ÊÍÏíË</a>
} else {
die(_("User not found!"));
}
} else {
// Assume we've used AJAX search, and that $ware is an ID
$qFindWareID = db_query("SELECT * FROM " . $sql_prefix . "_kiosk_wares WHERE ID = '" . db_escape($ware) . "'");
if (db_num($qFindWareID) == 1) {
$rFindWareID = db_fetch($qFindWareID);
$wareID = $rFindWareID->ID;
}
// End if db_num == 1
}
// End else
if (!$checkingUser) {
$qFindBasket = db_query("SELECT * FROM " . $sql_prefix . "_kiosk_shopbasket \n\t\t\tWHERE sID = '{$sessioninfo->sID}'\n\t\t\tAND wareID = '{$wareID}'");
if (db_num($qFindBasket) == 0) {
db_query("INSERT INTO " . $sql_prefix . "_kiosk_shopbasket\n\t\t\t\tSET sID = '{$sessioninfo->sID}',\n\t\t\t\twareID = {$wareID}");
} else {
db_query("UPDATE " . $sql_prefix . "_kiosk_shopbasket\n\t\t\t\tSET amount = amount + 1\n\t\t\t\tWHERE sID = '{$sessioninfo->sID}'\n\t\t\t\tAND wareID = {$wareID}");
}
// End else
}
// End if checkingUser == FALSE
header("Location: ?module=kiosk");
} elseif ($action == "removeWare") {
$ware = $_REQUEST['ware'];
$qFindAmount = db_query("SELECT * FROM " . $sql_prefix . "_kiosk_shopbasket WHERE \n\t\tsID = '{$sessioninfo->sID}'\n\t\tAND wareID = '" . db_escape($ware) . "'\n\t\t");
$rFindAmount = db_fetch($qFindAmount);
if ($rFindAmount->amount == 1) {
db_query("DELETE FROM " . $sql_prefix . "_kiosk_shopbasket WHERE sID = '{$sessioninfo->sID}' AND wareID = '" . db_escape($ware) . "'");
} else {
db_query("INSERT INTO " . $sql_prefix . "_tickets SET\n\t owner = '{$sessioninfo->userID}',\n\t creator = '{$sessioninfo->userID}',\n\t user = '******',\n\t eventID = '{$eventID}',\n\t ticketType = '" . db_escape($tickettype) . "',\n\t status = '{$status}',\n\t createTime = " . time());
}
// End else (maxTicketsPrUser)
$numTickets--;
// Decrease numTickets
}
// End while(numtickets
$logmsg['tickettype'] = $tickettype;
$logmsg['numTickets'] = $_POST['numTickets'];
log_add("ticketorder", "buyticket", serialize($logmsg));
header("Location: ?module=ticketorder");
} elseif ($action == "buyticket" && !empty($_POST['resellercode'])) {
$code = $_POST['resellercode'];
$qFindTicket = db_query("SELECT * FROM " . $sql_prefix . "_ticketReseller WHERE resellerTicketID = '" . db_escape($code) . "'");
$rFindTicket = db_fetch($qFindTicket);
if (db_num($qFindTicket) == 0) {
$content .= lang("Could not find that code. Are you sure you typed it correctly?", "ticketorder");
$content .= "<a href='javascript:history.back()'>" . lang("Back", "ticketorder") . "</a>\n";
} elseif ($rFindTicket->eventID != $sessioninfo->eventID) {
$content .= lang("Code found, but it's not for this event. Try finding a newer piece for paper with a newer code", "ticketorder");
$content .= "<a href='javascript:history.back()'>" . lang("Back", "ticketorder") . "</a>\n";
} elseif ($rFindTicket->used == 'yes') {
$content .= lang("Code found, but it has already been used", "ticketorder");
$content .= "<a href='javascript:history.back()'>" . lang("Back", "ticketorder") . "</a>\n";
} else {
// Code can be used
db_query("UPDATE " . $sql_prefix . "_ticketReseller SET used = 'yes' WHERE resellerTicketID = '" . db_escape($code) . "'");
db_query("INSERT INTO " . $sql_prefix . "_tickets SET\n\t\t\tpaid= 'yes',\n\t\t\tticketType = '{$rFindTicket->ticketType}',\n\t\t\tuser = '******',\n\t\t\towner = '{$sessioninfo->userID}',\n\t\t\tcreator = '{$sessioninfo->userID}',\n\t\t\teventID = '{$sessioninfo->eventID}',\n\t\t\tstatus = 'notused',\n\t\t\tcreateTime = '" . time() . "'");
header("Location: ?module=ticketorder");
}
} elseif ($action == "doChangeOwner") {
while ($rMembers = db_fetch($qMembers)) {
# print "* ".$rMembers->email."\n"; #debug
$members .= $rMembers->email . "\n";
}
system('echo "' . $members . '" | sync_members -w=no -g=yes -a=no -f - ' . $listname);
print "\nFinished syncing group " . $rGroups->name . " (mailinglist: " . $listname . "\n\n\n";
}
foreach ($eventcrewlist as $event => $listname) {
$qEventname = db_query("SELECT eventname FROM " . $spref . "_events WHERE ID='" . $event . "'");
if (!db_num($qEventname)) {
print "# Event " . $event . " doesn't exist\n\n";
continue;
}
$rEventname = db_fetch($qEventname);
print "Syncing event crew list for event " . $rEventname->eventname . " (#" . $event . ") (mailinglist: " . $listname . ")\n";
$qMembers = db_query("SELECT DISTINCT u.EMail as email FROM " . $spref . "_users AS u, " . $spref . "_group_members AS gm, " . $spref . "_ACLs as acl WHERE u.ID=gm.userID AND acl.groupID=gm.groupID AND acl.accessmodule='crewlist' AND acl.access!='No' AND acl.eventID='" . $event . "'") or print "# SQL error: " . mysql_error() . "\n";
if (!db_num($qMembers)) {
print "# No members for this list\n\n";
continue;
}
while ($rMembers = db_fetch($qMembers)) {
# print "* ".$rMembers->email."\n"; #debug
$members .= $rMembers->email . "\n";
}
system('echo "' . $members . '" | sync_members -w=no -g=yes -a=no -f - ' . $listname);
# $qMembers = mysql_query("SELECT DISTINCT u.EMail as email FROM ".$spref."_users AS u,".$spref."_group_members gm WHERE gm.userID=u.ID
# JOIN ".$spref."_ACLs acl ON acl.groupID=gm.groupID
# WHERE acl.accessmodule = 'crewlist' AND acl.access != 'No' AND acl.eventID = '".$event."'") or die ("# SQL error: ".mysql_error());
print "\nFinished syncing event crew list for event " . $rEventname->eventname . " (#" . $event . ") (mailinglist: " . $listname . ")\n\n\n";
}
db_close();
/**
* Provides all groups of an user where access is admin.
*
* @param int $userID
* @param int|null $eventID
* @return UserGroup[]
*/
public function getUserIsAdminGroups($userID)
{
global $sessioninfo;
$eventID = $sessioninfo->eventID;
$query = "SELECT `groupID` FROM `" . db_prefix() . "_group_members` WHERE `userID` = " . intval($userID) . " AND `access` = 'Admin'";
$result = db_query($query);
if (db_num($result) < 1) {
return array();
}
// The groups into an array of ids
$groupIDs = array();
while ($row = db_fetch_assoc($result)) {
$groupIDs[] = $row["groupID"];
}
// Fetch groups
$groups = $this->getGroupsByID($groupIDs);
if (count($groups) < 1) {
return array();
}
// Filter out eventIDs?
if (intval($eventID) > 0) {
foreach ($groups as $key => $group) {
if ($group->getEventID() != $eventID) {
unset($groups[$key]);
}
}
}
return $groups;
}
$birthYear = $_POST['birthYear'];
$address = $_POST['address'];
$postnumber = $_POST['postnumber'];
$cellphone = $_POST['cellphone'];
if (empty($username)) {
$register_invalid = lang("Please provide a username", "register");
}
if (strlen($username) <= 1) {
$register_invalid = lang("Please provide a username", "register");
}
if (!strchr($email, "@") && strchr($email, ".")) {
$register_invalud = lang("Please provide a valid email-address", "register");
}
/* Check if the username is free */
$qCheckUsername = db_query("SELECT nick FROM " . $sql_prefix . "_users\n\t\tWHERE nick LIKE '" . db_escape($username) . "'");
if (db_num($qCheckUsername) != 0) {
$register_invalid = lang("Username already in use", "register");
$username = FALSE;
}
// end check if username is free
/* Check if the passwords match */
if ($pass1 != $pass2) {
$register_invalid = lang("Passwords does not match", "register");
$pass1 = FALSE;
$pass2 = FALSE;
}
// End check if passwords match
/* Check if firstName is valid */
if (config("register_firstname_required")) {
if (strlen($firstName) <= 2) {
$firstName = FALSE;
if ($ae) {
$slideID = $_REQUEST['slideID'];
if (!is_numeric($slideID) or empty($slideID)) {
header('Location: ?module=infoscreens');
die;
}
}
if ($an) {
$content .= "<h3>" . _('Create a new slide') . "</h3>\n";
} elseif ($ae) {
$content .= "<h3>" . _('Edit slide') . "</h3>\n";
}
if ($ae) {
$slideQ = sprintf('SELECT * FROM %s WHERE ID=%s', $slidetable, $slideID);
$slideR = db_query($slideQ);
$slideC = db_num($slideR);
if ($slideC) {
$slide = db_fetch($slideR);
} else {
header('Location: ?module=infoscreens');
die;
}
}
$content .= "<form method='POST' action='?module=infoscreens&action=saveSlide'>\n";
if ($ae) {
$content .= "<input type='hidden' name='slideID' value='" . $slideID . "' />\n";
}
$content .= _('Name:') . " <input type='text' name='name' value='" . stripslashes($slide->name) . "' />\n";
$content .= "<br /><textarea class='mceEditor' rows=25 cols=60 name='content'>" . stripslashes($slide->content) . "</textarea>\n";
$content .= "<br /><input type=submit value='" . _('Save') . "'>\n";
$content .= "</form>\n";
/**
* Indicates if a user is crew, user is considered a crew-member when in a group with type "access".
*
* @param int $userID
* @param int $eventID If null then current event ID is used.
* @return bool
*/
function is_user_crew($userID, $eventID = null)
{
global $sql_prefix, $sessioninfo;
if ($eventID == null) {
$eventID = $sessioninfo->eventID;
}
$query = db_query(sprintf("SELECT g.ID FROM %s as g, %s as gm\n\t\t\t\t\t\t\t\tWHERE g.ID = gm.groupID AND g.groupType='access' AND (gm.userID=%s AND g.eventID=%s)", $sql_prefix . "_groups", $sql_prefix . "_group_members", $userID, $eventID));
return db_num($query) > 0 ? true : false;
}
$content .= $rFAQs->question;
$content .= "</a>\n\n";
if ($faqID == $rFAQs->ID) {
// The user has requested to view the current FAQ-ID
$content .= "<br /><br />{$rFAQs->answer}";
}
// End if $faqID == $rFAQs->ID
}
// End while $rFAQs = db_fetch()
} elseif ($action == "adminFAQs") {
// Do ACL-check if you have rights to do this
if ($acl_access != 'Admin') {
die("You have to have admin-rights to administer FAQs");
}
$qFAQs = db_query("SELECT * FROM " . $sql_prefix . "_FAQ\n\t\tWHERE eventID = '" . db_escape($eventID) . "'");
if (db_num($qFAQs) != 0) {
$content .= '<table>';
while ($rFAQs = db_fetch($qFAQs)) {
// List FAQs
$content .= "<tr><td><a name=#" . $rFAQs->ID . "></a>{$rFAQs->question}</td>\n";
$content .= "<td><a href=\"?module=FAQ&action=editFAQ&faqID={$rFAQs->ID}\">\n";
$content .= lang("Edit FAQ", "FAQ");
$content .= "</td><td>\n";
$content .= "<a href=\"?module=FAQ&action=deleteFAQ&faqID={$rFAQs->ID}\">\n";
$content .= lang("Delete FAQ", "FAQ");
$content .= "</td></tr>\n";
}
// End while
$content .= '</table>';
}
$content .= "<form method=\"post\" action=\"?module=FAQ&action=addFAQ\">\n";
} else {
$content .= "<p><b>" . _('Found no matching users') . "</b></p>";
}
}
} else {
$content .= "<script type=\"text/javascript\" src=\"templates/Alfa1/js/wakeup.js\"></script>\n";
$content .= "<form action='?module=sleepers&action=searchsleeper' method='POST'>\n";
$content .= _('Search for user:'******'text' name='searchstring' />\n";
$content .= "<input type='submit' value='" . _('Search') . "' />\n";
$content .= "<br />\n";
$content .= _("Search users with tickets for this event only:") . " <input type='checkbox' CHECKED name='scope' value='tickets' />\n";
$content .= "</form>\n";
$sleeperQ = sprintf('SELECT s.wakeupTimestamp, s.sleepTimestamp, u.ID, u.nick, CONCAT(u.firstName, " ",u.lastName) AS name FROM %s AS s, %s AS u WHERE s.eventID=%s AND s.userID=u.ID ORDER BY s.sleepTimestamp', $sql_prefix . "_sleepers", $sql_prefix . "_users", $sessioninfo->eventID);
$sleeperR = db_query($sleeperQ);
$sleeperC = db_num($sleeperR);
$sleepersArrayJs = array();
if ($sleeperC) {
$border = 'style="border: solid 1px black; border-collapse: collapse;"';
$content .= "<br /><p>" . _('Number of sleeping users:') . " " . $sleeperC . "</p>\n";
$content .= "<table {$border}>\n";
$content .= sprintf("<tr><th>%s</th><th>%s</th><th>%s</th><th>%s</th><th></th></tr>\n", _("Nick"), _("Name"), _("Went to bed"), _("Wakeup"));
while ($sleeper = db_fetch($sleeperR)) {
$wakeupManager->filterSleeper($sleeper);
$userID = $sleeper->ID;
$username = $sleeper->nick;
$name = $sleeper->name;
$wakeupTime = $wakeupManager->getWakeupTime($userID);
$wakeupText = _("No wakeup") . ", <a href=\"?module=sleepers&action=setwakegui&userID={$userID}\">" . mb_strtolower(_("Set wakeup")) . "</a>";
if ($wakeupTime > 0) {
$wakeupText = _("Loading");
public function removeWare()
{
global $kiosk, $kioskSession;
$request = Request::createFromGlobals();
if (!$request->query->has("ware")) {
header("Location: ?module=kiosk&error=productnotfound1");
return;
}
$ware = $request->query->getInt("ware");
$wareID = -1;
$qFindBarcode = db_query("SELECT * FROM " . db_prefix() . "_kiosk_barcodes WHERE barcode = '" . db_escape($ware) . "'");
if (db_num($qFindBarcode) > 0) {
$rFindBarcode = db_fetch($qFindBarcode);
$wareID = $rFindBarcode->wareID;
} else {
$wareID = $ware;
}
$product = $kiosk->getProductByID($wareID);
if (!$product instanceof Product) {
header("Location: ?module=kiosk&error=productnotfound2");
return;
}
$kioskSession->removeProduct($product);
$kioskSession->save();
header("Location: ?module=kiosk");
}
<td><a href='index.php?action=member_edit&id=$data_user[id]'>$data_user[username]</a></td>
<td>$data[name]</td>
<td>$data_cat[name] [$data_cat[type]] </td>
<td>$data[date]</td>
<td><a href='index.php?action=members_files_details&id=$data[id]'> ЪнЧеэс \ уцЧноЩ</a></td><td><a href='index.php?action=members_files_del&id=$data[id]' onClick=\"return confirm('are you sure ?');\">Эан</td></tr>";
}
print "</table></center>";
}else{
print_admin_table("<center> сЧ ЪцЬЯ уснЧЪ </center>");
}
}
//-------------------------------
if($action=="members_files_details"){
$qr=db_query("select * from members_files where id='$id'");
if(db_num($qr)){
$data=db_fetch($qr);
print "
<form action=index.php method=post>
<input type=hidden name=id value='$id'>
<input type=hidden name=action value='members_files_accept'>
<input type=hidden name=userid value='$userid'>
<table width=100% class=grid>
<tr><td colspan=2 align=center><img src=\"../".get_image($data['img'])."\"></td></tr>
<tr>
<td><b> Чгу Чсусн : </b> </td><td><input type=text name='name' value=\"$data[name]\" size=30></td></tr>
<td><b> бЧШи Чсусн : </b> </td><td><input type=text name=url value=\"$data[url]\" size=40 dir=ltr></td></tr>
<td><b> ецбЩ Чсусн : </b> </td><td><input type=text name=img value=\"$data[img]\" size=40 dir=ltr></td></tr>
<td><b> цен Чсусн : </b> </td><td><textarea cols=40 rows=5 name=details>$data[details]</textarea></td></tr>
$content .= "</a>";
$content .= "</td>";
break;
default:
// Unknown type. Just create something
$content .= "<td class=seatUnknownCell>{$type}</td>\n";
}
// End switch
}
// End else
}
// End while rGetSeats
$content .= "</table>";
if (!empty($place_seatY) && !empty($seatX) && config("seating_enabled", $sessioninfo->eventID) == 1 && !empty($ticketID)) {
$qSeatInfo = db_query("SELECT * FROM " . $sql_prefix . "_seatReg_seatings WHERE\n eventID = '{$sessioninfo->eventID}' AND\n seatX = '{$place_seatX}' AND\n seatY = '{$place_seatY}'");
if (db_num($qSeatInfo) == 0) {
// Noone has taken this seat; take it?
$qGetSeatInfo = db_query("SELECT * FROM " . $sql_prefix . "_seatReg\n\tWHERE eventID = '{$sessioninfo->eventID}' AND\n\tseatX = '{$place_seatX}' AND\n\tseatY = '{$place_seatY}'");
$rGetSeatInfo = db_fetch($qGetSeatInfo);
switch ($rGetSeatInfo->type) {
case "d":
$content .= lang("This seat is available", "seatmap_table");
$content .= "<a href=\"?module=seating&action=takeseat&ticketID={$ticketID}&seatX={$place_seatX}&seatY={$place_seatY}{$suffixSeatingUrl}\">";
$content .= lang("Take seat", "seatmap_table");
$content .= "</a>";
break;
case "p":
$content .= lang("This seat is password-protected. If you know the password, you can take it", "seatmap_table");
$content .= "<form method=POST action=?module=seating&action=takeseat&&ticketID={$ticketID}&seatX={$place_seatX}&seatY={$place_seatY}{$suffixSeatingUrl}>";
$content .= "<input type=text name=password><input type=submit value='" . lang("Take seat", "seatmap_table") . "'>\n";
$content .= "</form>";
$content .= $rFindSoldTickets->resellerID;
$content .= "</td><td>";
$content .= date("Y/m/d H:i", $rFindSoldTickets->saleTime);
$content .= "</td></tr>";
}
// End while
$content .= "</table>";
} elseif ($action == "addTicket" && !empty($_GET['type'])) {
$amount = $_POST['amount'];
$type = $_GET['type'];
if (acl_access("reseller", $type, $sessioninfo->eventID) == 'No') {
die("No access to this ticketType");
}
while ($amount) {
$md5 = md5(rand(0, 10000));
$string = strtoupper(substr($md5, 0, 10));
$qCheckAlreadyUsed = db_query("SELECT * FROM " . $sql_prefix . "_ticketReseller WHERE resellerTicketID = '{$string}'");
if (db_num($qCheckAlreadyUsed) == 0) {
// Key is not already used, use it
db_query("INSERT INTO " . $sql_prefix . "_ticketReseller \n\t\t\t\tSET resellerTicketID = '{$string}',\n\t\t\t\tticketType = '" . db_escape($type) . "',\n\t\t\t\teventID = '{$sessioninfo->eventID}',\n\t\t\t\tresellerID = '{$sessioninfo->userID}',\n\t\t\t\tsaleTime = '" . time() . "'\n\t\t\t");
$content .= "<h1>" . $string . "</h1><br />";
$amount--;
}
// End if
}
// End while
$log_new['type'] = $type;
$log_new['amount'] = $amount;
log_add("reseller", "addTicket", serialize($log_new));
}
// End addTicket
$content .= "</td></tr>";
$content .= "<tr><th>";
$content .= _("Number of characters entered:") . " ";
$content .= "<span id='count'>0</span>";
$content .= "</th></tr>";
$content .= "</form></table>";
} elseif ($action == "previewSMS" && isset($_POST['toSmsList'])) {
$toSmsList = $_POST['toSmsList'];
$SQL = $smsList[$toSmsList]['SQL'];
$msgcontent = $_POST['message'];
if (empty($SQL)) {
# FIXME: die ()
die("No such group?");
}
$qCellphone = db_query($SQL);
if (!db_num($qCellphone)) {
# FIXME: die ()
die("No users in group..?");
}
$content .= "<h2>" . _("Preview SMS") . "</h2>\n";
$content .= "<h3>" . _("Recipients") . "</h3>\n";
$content .= "<p>" . _("Sends to group:") . " <strong>" . $smsList[$toSmsList]['name'] . "</strong></p>\n";
$content .= "<table>\n";
$content .= "<tr>\n";
$content .= "<th>" . _("Username") . "</th>";
$content .= "<th>" . _("Name") . "</th>";
$content .= "<th>" . _("Number") . "</th>";
$content .= "</tr>\n";
$rownum = 1;
while ($rCellphone = db_fetch($qCellphone)) {
if ($rownum == 3) {
<?php
// First, delete all old sessions
$now = time();
$day_ago = $now - 86400;
db_query("DELETE FROM " . $sql_prefix . "_session WHERE lastVisit < " . $day_ago . " OR userIP = ''");
$do = null;
if (empty($_SESSION[$lancms_session_cookie])) {
$do = "create_session";
} else {
$test_exists = db_query("SELECT * FROM " . $sql_prefix . "_session WHERE sID = '" . $_SESSION[$lancms_session_cookie] . "'");
if (db_num($test_exists) == 0) {
// Cookie is set, but it is no longer valid
// Delete cookie/set timeout in past
setcookie($lancms_session_cookie, "", time() - 10800);
// Create a new session
$do = "create_session";
} else {
// hopefully, since sID == PRIMARY KEY, this should be the same as db_num($test_exists) == 1. Update session
db_query("UPDATE " . $sql_prefix . "_session SET lastVisit = " . time() . " WHERE sID = '" . db_escape($_SESSION[$lancms_session_cookie]) . "'");
}
// End else (if cookie is valid)
}
// End if cookie is set
if ($do == "create_session") {
// User is not logged in; generate a new seed
$generate = md5(rand(0, 9999999) . microtime());
$host = str_replace(".", "_", $_SERVER['SERVER_NAME']);
// Find if servername matches any urls defined in eventAutoURL in events.
// If it matches, use this event when creating session
# $qFindAutoEventURL = db_query("SELECT ID FROM ".$sql_prefix."_events WHERE eventAutoURL LIKE '%$host%'
$seatX = $_GET['seatX'];
$seatY = $_GET['seatY'];
$ticketID = $_GET['ticketID'];
$eventID = $sessioninfo->eventID;
$password = $_POST['password'];
$newlog['ticketID'] = $ticketID;
$newlog['seatX'] = $seatX;
$newlog['seatY'] = $seatY;
$newlog['password'] = $password;
if (seating_rights($seatX, $seatY, $ticketID, $eventID, $password)) {
// We have rights to seat that ticket. Update DB
$qTicketInfo = db_query("SELECT * FROM " . $sql_prefix . "_tickets WHERE ticketID = '" . db_escape($ticketID) . "'");
$rTicketInfo = db_fetch($qTicketInfo);
// Check if that ticket is already used
$qCheckUsedTicket = db_query("SELECT * FROM " . $sql_prefix . "_seatReg_seatings WHERE ticketID = '" . db_escape($ticketID) . "'");
if (db_num($qCheckUsedTicket) == 0) {
// Ticket has never been used. Insert it
db_query("INSERT INTO " . $sql_prefix . "_seatReg_seatings SET\n\t\t\t eventID = '" . db_escape($eventID) . "',\n\t\t\t ticketID = '" . db_escape($ticketID) . "',\n\t\t seatX = '" . db_escape($seatX) . "',\n\t\t seatY = '" . db_escape($seatY) . "'");
db_query("UPDATE " . $sql_prefix . "_tickets SET status = 'used'\n\t\t WHERE ticketID = '" . db_escape($ticketID) . "'");
} else {
db_query("UPDATE " . $sql_prefix . "_seatReg_seatings SET\n\t\t seatX = '" . db_escape($seatX) . "',\n\t\t seatY = '" . db_escape($seatY) . "'\n\t\t WHERE ticketID = '" . db_escape($ticketID) . "'");
}
// End else
log_add("seating", "takeseat", serialize($newlog));
} else {
// Failed seating_rights()
log_add("seating", "failedTakeseat", serialize($newlog));
}
// End else
header("Location: ?module=seating&seatX={$seatX}&seatY={$seatY}&ticketID={$ticketID}");
}
