/** * Provides all members of this group. * * @return UserGroupMember[] */ public function getMembers() { // First get all userIDs that are members. $qAllMembers = db_query(sprintf("SELECT `userID`,`access` FROM `%s_group_members` WHERE `groupID`=%d", db_prefix(), $this->getGroupID())); $nAllMembers = db_num($qAllMembers); // Verify that we got any users. if ($qAllMembers === false || $nAllMembers < 1) { return array(); } $members = array(); $userIDs = array(); $rowsIndexedByUID = array(); // Fetch each as User while ($row = db_fetch_assoc($qAllMembers)) { $userIDs[] = $row["userID"]; $rowsIndexedByUID[$row["userID"]] = $row; } // Fetch the users. $users = UserManager::getInstance()->getUsersByID($userIDs); if (count($users) < 1) { return array(); } // Create as UserGroupMember foreach ($users as $user) { $memberRow = $rowsIndexedByUID[$user->getUserID()]; $member = new UserGroupMember($user->getUserID()); $member->fillInfo($user->getInfo()); // fill extra variables $member->setAccess($memberRow["access"]); $member->setGroup($this); $members[] = $member; unset($memberRow, $user, $member); } return $members; }
function print_comments_table($fileid){ global $phrases,$member_data,$id,$content,$op_comment,$sec_img,$sec_string,$settings,$admin_path; if($settings['files_comments_enable']){ //-------- send comment command --------- if($op_comment=="send_comment"){ if(check_member_login()){ if($sec_img->verify_string($sec_string)){ $content = htmlspecialchars($content); $memberid = $member_data['id'] ; db_query("insert into mobile_files_comments (memberid,content,fileid,date) values('$memberid','$content','$id',now())"); open_table(); print "<center>$phrases[your_comment_sent_successfully]</center>"; close_table(); $content=""; }else{ open_table(); print "<center>$phrases[err_sec_code_not_valid]</center>"; close_table(); } }else{ open_table(); print "<center> $phrases[please_login_first] </center>"; close_table(); } } $qr = db_query("select * from mobile_files_comments where fileid='$fileid'"); if(db_num($qr)){ open_table("$phrases[the_comments]"); print "<hr size=1 class=separate_line>"; while($data = db_fetch($qr)){ $dx = db_qr_fetch("select ".members_fields_replace('username').",".members_fields_replace('email')." from ".members_table_replace('mobile_members')." where ".members_fields_replace('id')."='$data[memberid]'",MEMBER_SQL); print "<table width=100% border=0><tr><td width=50%><b>$dx[username]</b></td><td align=left>$data[date]</td></tr>"; print "<tr><td colspan=2>$data[content] <a href=\"javascript:report($id,$data[id]);\"><font color='red'>ΚΘανΫ</font></a>"; if(check_login_cookies()){ print " [<a href='".iif($admin_path,$admin_path,"admin")."/index.php?action=comment_del&id=$data[id]&cat=$id'>$phrases[delete]</a>]"; } print "<br><hr size=1 class=separate_line></td></tr></table>"; } close_table(); } } }
/** * @param $productID * @return LanProduct|null */ public function getProductByID($productID) { if (!is_numeric($productID) || $productID < 1) { return null; } $query = db_query(sprintf("SELECT `ID`,`wareType`,`name`,`price` FROM `%s_kiosk_wares` WHERE `ID` = %d LIMIT 0,1", db_prefix(), $productID)); if (db_num($query) < 1) { return null; } $result = db_fetch_assoc($query); $product = new LanProduct($productID); $product->fillInfo($result); return $product; }
/** * Provides a single article instance. * * @param int $articleID * @return NewsArticle|null */ public function getArticle($articleID) { global $sql_prefix, $sessioninfo; if (intval($articleID) < 1) { return null; } $query = sprintf("SELECT ID,header,eventID,content,createTime,active,global FROM %s_news WHERE ID=%s AND ((global='yes' OR eventID=1) OR eventID=%s)", $sql_prefix, $articleID, $sessioninfo->eventID); $result = db_query($query); if ($result == false || db_num($result) < 1) { return null; } $row = db_fetch_assoc($result); $articleObject = new NewsArticle($articleID); $articleObject->fillInfo($row); unset($row, $result); return $articleObject; }
/** * Provides the ticket types * * @param int $eventID If null then active event is used. * @return TicketType */ public function getTicketTypes($eventID = null) { global $sessioninfo, $sql_prefix; if ($eventID == null) { $eventID = $sessioninfo->eventID; } $result = db_query(sprintf("SELECT * FROM `%s_ticketTypes` WHERE `eventID` = %d", $sql_prefix, $eventID)); $num = db_num($result); $ticketTypes = array(); if ($num > 0) { $i = 0; while ($row = db_fetch_assoc($result)) { $ticketTypes[$i] = new TicketType($row['ticketTypeID']); $ticketTypes[$i]->fillInfo($row); $i++; } } return $ticketTypes; }
/** * @param int $userID * @param array $crewIDs * @return AdminComment[] */ public function getApplicationComments($userID, $crewIDs) { global $sessioninfo; $query = "SELECT `ID`,`crewID`,`comment`,`approval`,`userID`,`adminID`,`createdTime`,`commentType` FROM `" . db_prefix() . "_wannabeComment`"; $query .= " WHERE `userID`=" . $userID . ""; $query .= " AND `crewID` IN(" . implode(",", $crewIDs) . ")"; $qComments = db_query($query); if (db_num($qComments) < 1) { return array(); } $comments = array(); while ($row = db_fetch_assoc($qComments)) { $commentObject = new AdminComment($row["ID"]); $commentObject->fillInfo($row); $comments[] = $commentObject; unset($commentObject, $row); } unset($qComments, $query); return $comments; }
/** * returns all results as array * * @param $query * @return array */ function db_fetch_all($query) { global $sql_type; /* Function to fetch results from db_query */ $return = array(); switch ($sql_type) { case "mysql": case "mysqli": if (db_num($query) > 0) { while ($row = db_fetch($query)) { $return[] = $row; } } break; default: die("Something seriously wrong with variable sql_type in function " . __FUNCTION__); } // End switch ($sql_type) return $return; }
$seatcontent .= ">{$value}</option>\n"; } // End foreach globalaccess $seatcontent .= "</select>\n"; } elseif ($type == "r" && isset($_POST['right'])) { $action = "doUpdateSeat"; } // End type == r and isset(right) } // End if action == "updateSeat" if (!isset($action) || $action == "updateSeat") { // No action set... Display the map // First, get amount of rows $qGetSeatY = db_query("SELECT DISTINCT seatY FROM " . $sql_prefix . "_seatReg\n\t\tWHERE eventID = '" . $sessioninfo->eventID . "'\n\t\tORDER BY seatY ASC"); $content .= "<form method=\"post\" action=\"?module=seatadmin&action=updateSeat\">\n"; if (db_num($qGetSeatY) != 0) { $content .= "<table style=\"border: 1px solid;\">\n"; while ($rGetSeatY = db_fetch($qGetSeatY)) { $seatY = $rGetSeatY->seatY; // Start a new row $content .= "<tr>\n"; // Get the contents of the row; the columns $qGetSeatX = db_query("SELECT * FROM " . $sql_prefix . "_seatReg\n\t\t\t\tWHERE eventID = '" . $sessioninfo->eventID . "'\n\t\t\t\tAND seatY = '" . $rGetSeatY->seatY . "'\n\t\t\t\tORDER BY seatX ASC"); while ($rGetSeatX = db_fetch($qGetSeatX)) { $seatX = $rGetSeatX->seatX; $content .= "<td style='height: 25px; width: 25px; background-color: " . $rGetSeatX->color; $content .= "'>\n"; $content .= "<input type=\"checkbox\" value=\"1\" name=\"x" . $seatX . "y" . $seatY . "\""; if ($_POST['x' . $seatX . 'y' . $seatY] == 1) { $content .= " CHECKED"; }
$result = array(); $resultCount = 0; // Verify there is a search query $searchString = db_escape($_POST['query']); if (strlen($_POST['query']) > 0 || $scope == "tickets") { $query = null; $str = db_escape(htmlspecialchars($_POST['query'])); if ($scope == 'all') { $query = sprintf("SELECT nick, firstName, lastName as lastName, ID FROM %s WHERE\n (nick LIKE '%%%s%%' OR\n firstName LIKE '%%%s%%' OR\n lastName LIKE '%%%s%%' OR\n CONCAT(firstName, ' ', lastName) LIKE '%%%s%%' OR\n EMail LIKE '%%%s%%'\n ) ORDER BY ID", $usertable, $str, $str, $str, $str, $str); } else { if ($scope == "tickets") { $query = sprintf("SELECT DISTINCT u.nick as nick, u.firstName as firstName, u.lastName as lastName,\n u.ID as ID FROM %s as u, %s as t WHERE t.eventID=%s AND t.user=u.ID AND\n (u.nick LIKE '%%%s%%' OR\n u.firstName LIKE '%%%s%%' OR\n u.lastName LIKE '%%%s%%' OR\n CONCAT(u.firstName, ' ', u.lastName) LIKE '%%%s%%' OR\n EMail LIKE '%%%s%%'\n ) ORDER BY u.ID", $usertable, $ticketstable, $sessioninfo->eventID, $str, $str, $str, $str, $str); } } $result = db_query($query); $num = db_num($result); $content .= "<table class=\"table ticket-table\"><thead><tr><th>" . _("Name") . "</th><th>" . _("Tickets") . "</th></tr></thead><tbody>"; if ($num > 0) { $i = 0; while ($row = db_fetch($result)) { $cssClass = $i++ % 2 == 0 ? 'odd' : 'even'; $tickets = $ticketManager->getTicketsOfUser($row->ID, null, array('')); $content .= "<tr class=\"{$cssClass}\"><td>" . $row->firstName . " " . $row->lastName . " (" . $row->nick . ")</td><td>"; // Output tickets if (count($tickets) > 0) { $content .= "<div class=\"tickets-list\">"; foreach ($tickets as $value) { $extraCss = ""; if ($value->getStatus() == Ticket::TICKET_STATUS_DELETED) { $extraCss = " deleted"; } else {
} //---------------------- Events types add ---------------------- if($action=="events_types_add"){ if_admin("events"); print "<center> <form action='index.php' method=post> <input name=action value='events_types_add_ok' type=hidden> <table width=50% class=grid> <tr><td> $phrases[the_name] </td><td><input type=text size=20 name=name></td></tr> <tr><td> $phrases[the_color] </td><td><input type=text size=20 name=color dir=ltr></td></tr> <tr><td colspan=2 align=center><input type=submit value=' $phrases[add_button] '></td></tr> </table></form></center>"; } //---------------------- Events types edit ---------------------- if($action=="events_types_edit"){ if_admin("events"); $id = intval($id); $qr = db_query("select * from events_types where id='$id'"); if(db_num($qr)){ $data = db_fetch($qr); print "<center> <form action='index.php' method=post>
$log_old[$prefname] = $rFindPref->value; $log_new[$prefname] = $POST; } } // End for log_add("edituser", "doEditPreferences", serialize($log_new), serialize($log_old)); header("Location: ?module=edituserinfo&action=editPreferences&user={$userID}&change=success"); } elseif ($action == "profilePicture" && isset($_GET['user'])) { $user = $_GET['user']; $userAdmin_acl = acl_access("userAdmin", "", 1); if ($user == $sessioninfo->userID) { } elseif ($userAdmin_acl == 'Admin' || $userAdmin_acl == 'Write') { } else { die(lang("Not access to edit profile picture", "edituserinfo")); } $qFindProfile = db_query("SELECT * FROM " . $sql_prefix . "_files WHERE extra = '" . db_escape($user) . "' AND file_type = 'profilepic'"); if (db_num($qFindProfile) > 0) { $rFindProfile = db_fetch($qFindProfile); $content .= "<img src='{$rFindProfile->file_path}'>"; } $content .= '<form enctype="multipart/form-data" action="upload.php" method="POST">'; $content .= '<input type="hidden" name="file_type" value="profilepic" />'; $content .= _("Choose file to upload: "); $content .= "<input name=uploadfile type=file />"; $content .= "<input type=submit value='" . _("Upload picture") . "' />"; $content .= "</form>"; } else { // no action defined? ship user back to start. header('Location: index.php'); die; }
/** * Adds a tickettype to this user i.e. creates a ticket in the _tickets table. * * <p>See validateAddTicketType to handle max amount of tickets an user can order, ment for "ticketorder" module.</p> * * @see validateAddTicketType() * @param TicketType $ticketType The ticket type to add. * @param int $amount Amount to add. * @param User|null $creator If an moderator has added this ticket, send the mods User object. * @return array Array of the new tickets md5 ID. */ public function addTicketType(TicketType $ticketType, $amount = 1, $creator = null) { global $sessioninfo, $sql_prefix, $maxTicketsPrUser; if ($creator instanceof User == false) { $creator = $this; } $insertIDs = array(); for ($i = 0; $i < $amount; $i++) { db_query(sprintf("INSERT INTO %s_tickets(`md5_ID`, `ticketType`, `eventID`, `owner`, `createTime`, `creator`, `user`)\n VALUES('%s', %d, %d, %d, %d, %d, %d)", $sql_prefix, md5(rand() . time() . $this->getUserID()), $ticketType->getTicketTypeID(), $sessioninfo->eventID, $this->getUserID(), time(), $creator->getUserID(), $this->getUserID())); // Find md5 ID from ticket ID $qTicketMd5ID = db_query(sprintf("SELECT `md5_ID` FROM %s_tickets WHERE `ticketID`=%s", $sql_prefix, db_insert_id())); if (db_num($qTicketMd5ID) < 0) { continue; } $rows = db_fetch_assoc($qTicketMd5ID); $insertIDs[] = $rows["md5_ID"]; } return $insertIDs; }
} else { header("Location: ?module=eventadmin&action=groupRights&groupID={$groupID}"); } } elseif ($action == "eventaccess") { // if event is private, admin who can attend // FIXME: Only works for accessgroups for now... // Should be possible for specially invited people in clans, and all accessgroups $qListGroups = db_query("SELECT * FROM " . $sql_prefix . "_groups WHERE groupType = 'access' AND ID != 1 ORDER BY eventID DESC"); $row = 1; $content .= "<table>"; while ($rListGroups = db_fetch($qListGroups)) { $content .= "<tr class='listRow{$row}'><td>"; $content .= $rListGroups->groupname; $content .= "</td><td>"; $qCheckAccess = db_query("SELECT * FROM " . $sql_prefix . "_ACLs \n\t\t\tWHERE access != 'No' \n\t\t\tAND accessmodule = 'eventAttendee' \n\t\t\tAND eventID = '{$sessioninfo->eventID}' \n\t\t\tAND groupID = '{$rListGroups->ID}'"); if (db_num($qCheckAccess) == 0) { $content .= "<a href=?module=eventadmin&action=doChangeRights&groupID={$rListGroups->ID}&accessmodule=eventAttendee&groupRight=Read>"; $content .= "<img src=images/icons/no.png width=\"50%\"></a>"; // $content .= lang("Allow attendee", "eventadmin")."</a>"; } else { $content .= "<a href=?module=eventadmin&action=doChangeRights&groupID={$rListGroups->ID}&accessmodule=eventAttendee&groupRight=No>"; $content .= "<img src=images/icons/yes.png width=\"50%\"></a>"; // $content .= lang("Disallow attendee", "eventadmin")."</a>"; } $row++; if ($row == 3) { $row = 1; } } // End while $content .= "</table>";
print "<table width=98% style=\"padding: 0\"><tr><td>"; $qr = db_query("select * from songs_dedications where active=1 order by id desc limit 20"); if(db_num($qr)){ print " <marquee align=\"right\" direction=\"right\" scrollamount=\"4\" style=\"font-family: Tahoma; font-size: 12px; COLOR: #000000; LINE-HEIGHT: 30px; text-decoration: none dir: rtl; text-align: right;\" onmouseover=\"this.scrollAmount=0\" onmouseout=\"this.scrollAmount='5'\"> \n"; print " *Ü* "; while($data = db_fetch($qr)){ $data['msg'] = addslashes($data['msg']); $emo_qr = db_query("select * from songs_emotions"); while($emo_data = db_fetch($emo_qr)){ $data['msg'] = str_replace($emo_data['value'],"<img src=\"$emo_data[img]\">",$data['msg']); } $qr_user = db_query("select id from mobile_members where username like '$data[user]'"); if(db_num($qr_user)){ $data_user = db_fetch($qr_user); print "<b><a href='index.php?action=profile&id=$data_user[id]' target=_blank>$data[user]</a>:</b>"; }else{ print "<b>$data[user]:</b>"; } print " $data[msg] *Ü* " ; } print "</marquee>"; }else{ print "<center> áÇ ÊæÌÏ ÅåÏÇÆÇÊ </center>"; } print "</td><td width=10%> <a href='#' onclick=\"window.open('send_dedication.php','displaywindow','toolbar=no,scrollbars=no,width=350,height=380,top=200,left=200');return false;\"> ÇÑÓá ÅåÏÇÁ </a> <br> <a href=\"javascript:get_dedications();\">ÊÍÏíË</a>
} else { die(_("User not found!")); } } else { // Assume we've used AJAX search, and that $ware is an ID $qFindWareID = db_query("SELECT * FROM " . $sql_prefix . "_kiosk_wares WHERE ID = '" . db_escape($ware) . "'"); if (db_num($qFindWareID) == 1) { $rFindWareID = db_fetch($qFindWareID); $wareID = $rFindWareID->ID; } // End if db_num == 1 } // End else if (!$checkingUser) { $qFindBasket = db_query("SELECT * FROM " . $sql_prefix . "_kiosk_shopbasket \n\t\t\tWHERE sID = '{$sessioninfo->sID}'\n\t\t\tAND wareID = '{$wareID}'"); if (db_num($qFindBasket) == 0) { db_query("INSERT INTO " . $sql_prefix . "_kiosk_shopbasket\n\t\t\t\tSET sID = '{$sessioninfo->sID}',\n\t\t\t\twareID = {$wareID}"); } else { db_query("UPDATE " . $sql_prefix . "_kiosk_shopbasket\n\t\t\t\tSET amount = amount + 1\n\t\t\t\tWHERE sID = '{$sessioninfo->sID}'\n\t\t\t\tAND wareID = {$wareID}"); } // End else } // End if checkingUser == FALSE header("Location: ?module=kiosk"); } elseif ($action == "removeWare") { $ware = $_REQUEST['ware']; $qFindAmount = db_query("SELECT * FROM " . $sql_prefix . "_kiosk_shopbasket WHERE \n\t\tsID = '{$sessioninfo->sID}'\n\t\tAND wareID = '" . db_escape($ware) . "'\n\t\t"); $rFindAmount = db_fetch($qFindAmount); if ($rFindAmount->amount == 1) { db_query("DELETE FROM " . $sql_prefix . "_kiosk_shopbasket WHERE sID = '{$sessioninfo->sID}' AND wareID = '" . db_escape($ware) . "'"); } else {
db_query("INSERT INTO " . $sql_prefix . "_tickets SET\n\t owner = '{$sessioninfo->userID}',\n\t creator = '{$sessioninfo->userID}',\n\t user = '******',\n\t eventID = '{$eventID}',\n\t ticketType = '" . db_escape($tickettype) . "',\n\t status = '{$status}',\n\t createTime = " . time()); } // End else (maxTicketsPrUser) $numTickets--; // Decrease numTickets } // End while(numtickets $logmsg['tickettype'] = $tickettype; $logmsg['numTickets'] = $_POST['numTickets']; log_add("ticketorder", "buyticket", serialize($logmsg)); header("Location: ?module=ticketorder"); } elseif ($action == "buyticket" && !empty($_POST['resellercode'])) { $code = $_POST['resellercode']; $qFindTicket = db_query("SELECT * FROM " . $sql_prefix . "_ticketReseller WHERE resellerTicketID = '" . db_escape($code) . "'"); $rFindTicket = db_fetch($qFindTicket); if (db_num($qFindTicket) == 0) { $content .= lang("Could not find that code. Are you sure you typed it correctly?", "ticketorder"); $content .= "<a href='javascript:history.back()'>" . lang("Back", "ticketorder") . "</a>\n"; } elseif ($rFindTicket->eventID != $sessioninfo->eventID) { $content .= lang("Code found, but it's not for this event. Try finding a newer piece for paper with a newer code", "ticketorder"); $content .= "<a href='javascript:history.back()'>" . lang("Back", "ticketorder") . "</a>\n"; } elseif ($rFindTicket->used == 'yes') { $content .= lang("Code found, but it has already been used", "ticketorder"); $content .= "<a href='javascript:history.back()'>" . lang("Back", "ticketorder") . "</a>\n"; } else { // Code can be used db_query("UPDATE " . $sql_prefix . "_ticketReseller SET used = 'yes' WHERE resellerTicketID = '" . db_escape($code) . "'"); db_query("INSERT INTO " . $sql_prefix . "_tickets SET\n\t\t\tpaid= 'yes',\n\t\t\tticketType = '{$rFindTicket->ticketType}',\n\t\t\tuser = '******',\n\t\t\towner = '{$sessioninfo->userID}',\n\t\t\tcreator = '{$sessioninfo->userID}',\n\t\t\teventID = '{$sessioninfo->eventID}',\n\t\t\tstatus = 'notused',\n\t\t\tcreateTime = '" . time() . "'"); header("Location: ?module=ticketorder"); } } elseif ($action == "doChangeOwner") {
while ($rMembers = db_fetch($qMembers)) { # print "* ".$rMembers->email."\n"; #debug $members .= $rMembers->email . "\n"; } system('echo "' . $members . '" | sync_members -w=no -g=yes -a=no -f - ' . $listname); print "\nFinished syncing group " . $rGroups->name . " (mailinglist: " . $listname . "\n\n\n"; } foreach ($eventcrewlist as $event => $listname) { $qEventname = db_query("SELECT eventname FROM " . $spref . "_events WHERE ID='" . $event . "'"); if (!db_num($qEventname)) { print "# Event " . $event . " doesn't exist\n\n"; continue; } $rEventname = db_fetch($qEventname); print "Syncing event crew list for event " . $rEventname->eventname . " (#" . $event . ") (mailinglist: " . $listname . ")\n"; $qMembers = db_query("SELECT DISTINCT u.EMail as email FROM " . $spref . "_users AS u, " . $spref . "_group_members AS gm, " . $spref . "_ACLs as acl WHERE u.ID=gm.userID AND acl.groupID=gm.groupID AND acl.accessmodule='crewlist' AND acl.access!='No' AND acl.eventID='" . $event . "'") or print "# SQL error: " . mysql_error() . "\n"; if (!db_num($qMembers)) { print "# No members for this list\n\n"; continue; } while ($rMembers = db_fetch($qMembers)) { # print "* ".$rMembers->email."\n"; #debug $members .= $rMembers->email . "\n"; } system('echo "' . $members . '" | sync_members -w=no -g=yes -a=no -f - ' . $listname); # $qMembers = mysql_query("SELECT DISTINCT u.EMail as email FROM ".$spref."_users AS u,".$spref."_group_members gm WHERE gm.userID=u.ID # JOIN ".$spref."_ACLs acl ON acl.groupID=gm.groupID # WHERE acl.accessmodule = 'crewlist' AND acl.access != 'No' AND acl.eventID = '".$event."'") or die ("# SQL error: ".mysql_error()); print "\nFinished syncing event crew list for event " . $rEventname->eventname . " (#" . $event . ") (mailinglist: " . $listname . ")\n\n\n"; } db_close();
/** * Provides all groups of an user where access is admin. * * @param int $userID * @param int|null $eventID * @return UserGroup[] */ public function getUserIsAdminGroups($userID) { global $sessioninfo; $eventID = $sessioninfo->eventID; $query = "SELECT `groupID` FROM `" . db_prefix() . "_group_members` WHERE `userID` = " . intval($userID) . " AND `access` = 'Admin'"; $result = db_query($query); if (db_num($result) < 1) { return array(); } // The groups into an array of ids $groupIDs = array(); while ($row = db_fetch_assoc($result)) { $groupIDs[] = $row["groupID"]; } // Fetch groups $groups = $this->getGroupsByID($groupIDs); if (count($groups) < 1) { return array(); } // Filter out eventIDs? if (intval($eventID) > 0) { foreach ($groups as $key => $group) { if ($group->getEventID() != $eventID) { unset($groups[$key]); } } } return $groups; }
$birthYear = $_POST['birthYear']; $address = $_POST['address']; $postnumber = $_POST['postnumber']; $cellphone = $_POST['cellphone']; if (empty($username)) { $register_invalid = lang("Please provide a username", "register"); } if (strlen($username) <= 1) { $register_invalid = lang("Please provide a username", "register"); } if (!strchr($email, "@") && strchr($email, ".")) { $register_invalud = lang("Please provide a valid email-address", "register"); } /* Check if the username is free */ $qCheckUsername = db_query("SELECT nick FROM " . $sql_prefix . "_users\n\t\tWHERE nick LIKE '" . db_escape($username) . "'"); if (db_num($qCheckUsername) != 0) { $register_invalid = lang("Username already in use", "register"); $username = FALSE; } // end check if username is free /* Check if the passwords match */ if ($pass1 != $pass2) { $register_invalid = lang("Passwords does not match", "register"); $pass1 = FALSE; $pass2 = FALSE; } // End check if passwords match /* Check if firstName is valid */ if (config("register_firstname_required")) { if (strlen($firstName) <= 2) { $firstName = FALSE;
if ($ae) { $slideID = $_REQUEST['slideID']; if (!is_numeric($slideID) or empty($slideID)) { header('Location: ?module=infoscreens'); die; } } if ($an) { $content .= "<h3>" . _('Create a new slide') . "</h3>\n"; } elseif ($ae) { $content .= "<h3>" . _('Edit slide') . "</h3>\n"; } if ($ae) { $slideQ = sprintf('SELECT * FROM %s WHERE ID=%s', $slidetable, $slideID); $slideR = db_query($slideQ); $slideC = db_num($slideR); if ($slideC) { $slide = db_fetch($slideR); } else { header('Location: ?module=infoscreens'); die; } } $content .= "<form method='POST' action='?module=infoscreens&action=saveSlide'>\n"; if ($ae) { $content .= "<input type='hidden' name='slideID' value='" . $slideID . "' />\n"; } $content .= _('Name:') . " <input type='text' name='name' value='" . stripslashes($slide->name) . "' />\n"; $content .= "<br /><textarea class='mceEditor' rows=25 cols=60 name='content'>" . stripslashes($slide->content) . "</textarea>\n"; $content .= "<br /><input type=submit value='" . _('Save') . "'>\n"; $content .= "</form>\n";
/** * Indicates if a user is crew, user is considered a crew-member when in a group with type "access". * * @param int $userID * @param int $eventID If null then current event ID is used. * @return bool */ function is_user_crew($userID, $eventID = null) { global $sql_prefix, $sessioninfo; if ($eventID == null) { $eventID = $sessioninfo->eventID; } $query = db_query(sprintf("SELECT g.ID FROM %s as g, %s as gm\n\t\t\t\t\t\t\t\tWHERE g.ID = gm.groupID AND g.groupType='access' AND (gm.userID=%s AND g.eventID=%s)", $sql_prefix . "_groups", $sql_prefix . "_group_members", $userID, $eventID)); return db_num($query) > 0 ? true : false; }
$content .= $rFAQs->question; $content .= "</a>\n\n"; if ($faqID == $rFAQs->ID) { // The user has requested to view the current FAQ-ID $content .= "<br /><br />{$rFAQs->answer}"; } // End if $faqID == $rFAQs->ID } // End while $rFAQs = db_fetch() } elseif ($action == "adminFAQs") { // Do ACL-check if you have rights to do this if ($acl_access != 'Admin') { die("You have to have admin-rights to administer FAQs"); } $qFAQs = db_query("SELECT * FROM " . $sql_prefix . "_FAQ\n\t\tWHERE eventID = '" . db_escape($eventID) . "'"); if (db_num($qFAQs) != 0) { $content .= '<table>'; while ($rFAQs = db_fetch($qFAQs)) { // List FAQs $content .= "<tr><td><a name=#" . $rFAQs->ID . "></a>{$rFAQs->question}</td>\n"; $content .= "<td><a href=\"?module=FAQ&action=editFAQ&faqID={$rFAQs->ID}\">\n"; $content .= lang("Edit FAQ", "FAQ"); $content .= "</td><td>\n"; $content .= "<a href=\"?module=FAQ&action=deleteFAQ&faqID={$rFAQs->ID}\">\n"; $content .= lang("Delete FAQ", "FAQ"); $content .= "</td></tr>\n"; } // End while $content .= '</table>'; } $content .= "<form method=\"post\" action=\"?module=FAQ&action=addFAQ\">\n";
} else { $content .= "<p><b>" . _('Found no matching users') . "</b></p>"; } } } else { $content .= "<script type=\"text/javascript\" src=\"templates/Alfa1/js/wakeup.js\"></script>\n"; $content .= "<form action='?module=sleepers&action=searchsleeper' method='POST'>\n"; $content .= _('Search for user:'******'text' name='searchstring' />\n"; $content .= "<input type='submit' value='" . _('Search') . "' />\n"; $content .= "<br />\n"; $content .= _("Search users with tickets for this event only:") . " <input type='checkbox' CHECKED name='scope' value='tickets' />\n"; $content .= "</form>\n"; $sleeperQ = sprintf('SELECT s.wakeupTimestamp, s.sleepTimestamp, u.ID, u.nick, CONCAT(u.firstName, " ",u.lastName) AS name FROM %s AS s, %s AS u WHERE s.eventID=%s AND s.userID=u.ID ORDER BY s.sleepTimestamp', $sql_prefix . "_sleepers", $sql_prefix . "_users", $sessioninfo->eventID); $sleeperR = db_query($sleeperQ); $sleeperC = db_num($sleeperR); $sleepersArrayJs = array(); if ($sleeperC) { $border = 'style="border: solid 1px black; border-collapse: collapse;"'; $content .= "<br /><p>" . _('Number of sleeping users:') . " " . $sleeperC . "</p>\n"; $content .= "<table {$border}>\n"; $content .= sprintf("<tr><th>%s</th><th>%s</th><th>%s</th><th>%s</th><th></th></tr>\n", _("Nick"), _("Name"), _("Went to bed"), _("Wakeup")); while ($sleeper = db_fetch($sleeperR)) { $wakeupManager->filterSleeper($sleeper); $userID = $sleeper->ID; $username = $sleeper->nick; $name = $sleeper->name; $wakeupTime = $wakeupManager->getWakeupTime($userID); $wakeupText = _("No wakeup") . ", <a href=\"?module=sleepers&action=setwakegui&userID={$userID}\">" . mb_strtolower(_("Set wakeup")) . "</a>"; if ($wakeupTime > 0) { $wakeupText = _("Loading");
public function removeWare() { global $kiosk, $kioskSession; $request = Request::createFromGlobals(); if (!$request->query->has("ware")) { header("Location: ?module=kiosk&error=productnotfound1"); return; } $ware = $request->query->getInt("ware"); $wareID = -1; $qFindBarcode = db_query("SELECT * FROM " . db_prefix() . "_kiosk_barcodes WHERE barcode = '" . db_escape($ware) . "'"); if (db_num($qFindBarcode) > 0) { $rFindBarcode = db_fetch($qFindBarcode); $wareID = $rFindBarcode->wareID; } else { $wareID = $ware; } $product = $kiosk->getProductByID($wareID); if (!$product instanceof Product) { header("Location: ?module=kiosk&error=productnotfound2"); return; } $kioskSession->removeProduct($product); $kioskSession->save(); header("Location: ?module=kiosk"); }
<td><a href='index.php?action=member_edit&id=$data_user[id]'>$data_user[username]</a></td> <td>$data[name]</td> <td>$data_cat[name] [$data_cat[type]] </td> <td>$data[date]</td> <td><a href='index.php?action=members_files_details&id=$data[id]'> ЪнЧеэс \ уцЧноЩ</a></td><td><a href='index.php?action=members_files_del&id=$data[id]' onClick=\"return confirm('are you sure ?');\">Эан</td></tr>"; } print "</table></center>"; }else{ print_admin_table("<center> сЧ ЪцЬЯ уснЧЪ </center>"); } } //------------------------------- if($action=="members_files_details"){ $qr=db_query("select * from members_files where id='$id'"); if(db_num($qr)){ $data=db_fetch($qr); print " <form action=index.php method=post> <input type=hidden name=id value='$id'> <input type=hidden name=action value='members_files_accept'> <input type=hidden name=userid value='$userid'> <table width=100% class=grid> <tr><td colspan=2 align=center><img src=\"../".get_image($data['img'])."\"></td></tr> <tr> <td><b> Чгу Чсусн : </b> </td><td><input type=text name='name' value=\"$data[name]\" size=30></td></tr> <td><b> бЧШи Чсусн : </b> </td><td><input type=text name=url value=\"$data[url]\" size=40 dir=ltr></td></tr> <td><b> ецбЩ Чсусн : </b> </td><td><input type=text name=img value=\"$data[img]\" size=40 dir=ltr></td></tr> <td><b> цен Чсусн : </b> </td><td><textarea cols=40 rows=5 name=details>$data[details]</textarea></td></tr>
$content .= "</a>"; $content .= "</td>"; break; default: // Unknown type. Just create something $content .= "<td class=seatUnknownCell>{$type}</td>\n"; } // End switch } // End else } // End while rGetSeats $content .= "</table>"; if (!empty($place_seatY) && !empty($seatX) && config("seating_enabled", $sessioninfo->eventID) == 1 && !empty($ticketID)) { $qSeatInfo = db_query("SELECT * FROM " . $sql_prefix . "_seatReg_seatings WHERE\n eventID = '{$sessioninfo->eventID}' AND\n seatX = '{$place_seatX}' AND\n seatY = '{$place_seatY}'"); if (db_num($qSeatInfo) == 0) { // Noone has taken this seat; take it? $qGetSeatInfo = db_query("SELECT * FROM " . $sql_prefix . "_seatReg\n\tWHERE eventID = '{$sessioninfo->eventID}' AND\n\tseatX = '{$place_seatX}' AND\n\tseatY = '{$place_seatY}'"); $rGetSeatInfo = db_fetch($qGetSeatInfo); switch ($rGetSeatInfo->type) { case "d": $content .= lang("This seat is available", "seatmap_table"); $content .= "<a href=\"?module=seating&action=takeseat&ticketID={$ticketID}&seatX={$place_seatX}&seatY={$place_seatY}{$suffixSeatingUrl}\">"; $content .= lang("Take seat", "seatmap_table"); $content .= "</a>"; break; case "p": $content .= lang("This seat is password-protected. If you know the password, you can take it", "seatmap_table"); $content .= "<form method=POST action=?module=seating&action=takeseat&&ticketID={$ticketID}&seatX={$place_seatX}&seatY={$place_seatY}{$suffixSeatingUrl}>"; $content .= "<input type=text name=password><input type=submit value='" . lang("Take seat", "seatmap_table") . "'>\n"; $content .= "</form>";
$content .= $rFindSoldTickets->resellerID; $content .= "</td><td>"; $content .= date("Y/m/d H:i", $rFindSoldTickets->saleTime); $content .= "</td></tr>"; } // End while $content .= "</table>"; } elseif ($action == "addTicket" && !empty($_GET['type'])) { $amount = $_POST['amount']; $type = $_GET['type']; if (acl_access("reseller", $type, $sessioninfo->eventID) == 'No') { die("No access to this ticketType"); } while ($amount) { $md5 = md5(rand(0, 10000)); $string = strtoupper(substr($md5, 0, 10)); $qCheckAlreadyUsed = db_query("SELECT * FROM " . $sql_prefix . "_ticketReseller WHERE resellerTicketID = '{$string}'"); if (db_num($qCheckAlreadyUsed) == 0) { // Key is not already used, use it db_query("INSERT INTO " . $sql_prefix . "_ticketReseller \n\t\t\t\tSET resellerTicketID = '{$string}',\n\t\t\t\tticketType = '" . db_escape($type) . "',\n\t\t\t\teventID = '{$sessioninfo->eventID}',\n\t\t\t\tresellerID = '{$sessioninfo->userID}',\n\t\t\t\tsaleTime = '" . time() . "'\n\t\t\t"); $content .= "<h1>" . $string . "</h1><br />"; $amount--; } // End if } // End while $log_new['type'] = $type; $log_new['amount'] = $amount; log_add("reseller", "addTicket", serialize($log_new)); } // End addTicket
$content .= "</td></tr>"; $content .= "<tr><th>"; $content .= _("Number of characters entered:") . " "; $content .= "<span id='count'>0</span>"; $content .= "</th></tr>"; $content .= "</form></table>"; } elseif ($action == "previewSMS" && isset($_POST['toSmsList'])) { $toSmsList = $_POST['toSmsList']; $SQL = $smsList[$toSmsList]['SQL']; $msgcontent = $_POST['message']; if (empty($SQL)) { # FIXME: die () die("No such group?"); } $qCellphone = db_query($SQL); if (!db_num($qCellphone)) { # FIXME: die () die("No users in group..?"); } $content .= "<h2>" . _("Preview SMS") . "</h2>\n"; $content .= "<h3>" . _("Recipients") . "</h3>\n"; $content .= "<p>" . _("Sends to group:") . " <strong>" . $smsList[$toSmsList]['name'] . "</strong></p>\n"; $content .= "<table>\n"; $content .= "<tr>\n"; $content .= "<th>" . _("Username") . "</th>"; $content .= "<th>" . _("Name") . "</th>"; $content .= "<th>" . _("Number") . "</th>"; $content .= "</tr>\n"; $rownum = 1; while ($rCellphone = db_fetch($qCellphone)) { if ($rownum == 3) {
<?php // First, delete all old sessions $now = time(); $day_ago = $now - 86400; db_query("DELETE FROM " . $sql_prefix . "_session WHERE lastVisit < " . $day_ago . " OR userIP = ''"); $do = null; if (empty($_SESSION[$lancms_session_cookie])) { $do = "create_session"; } else { $test_exists = db_query("SELECT * FROM " . $sql_prefix . "_session WHERE sID = '" . $_SESSION[$lancms_session_cookie] . "'"); if (db_num($test_exists) == 0) { // Cookie is set, but it is no longer valid // Delete cookie/set timeout in past setcookie($lancms_session_cookie, "", time() - 10800); // Create a new session $do = "create_session"; } else { // hopefully, since sID == PRIMARY KEY, this should be the same as db_num($test_exists) == 1. Update session db_query("UPDATE " . $sql_prefix . "_session SET lastVisit = " . time() . " WHERE sID = '" . db_escape($_SESSION[$lancms_session_cookie]) . "'"); } // End else (if cookie is valid) } // End if cookie is set if ($do == "create_session") { // User is not logged in; generate a new seed $generate = md5(rand(0, 9999999) . microtime()); $host = str_replace(".", "_", $_SERVER['SERVER_NAME']); // Find if servername matches any urls defined in eventAutoURL in events. // If it matches, use this event when creating session # $qFindAutoEventURL = db_query("SELECT ID FROM ".$sql_prefix."_events WHERE eventAutoURL LIKE '%$host%'
$seatX = $_GET['seatX']; $seatY = $_GET['seatY']; $ticketID = $_GET['ticketID']; $eventID = $sessioninfo->eventID; $password = $_POST['password']; $newlog['ticketID'] = $ticketID; $newlog['seatX'] = $seatX; $newlog['seatY'] = $seatY; $newlog['password'] = $password; if (seating_rights($seatX, $seatY, $ticketID, $eventID, $password)) { // We have rights to seat that ticket. Update DB $qTicketInfo = db_query("SELECT * FROM " . $sql_prefix . "_tickets WHERE ticketID = '" . db_escape($ticketID) . "'"); $rTicketInfo = db_fetch($qTicketInfo); // Check if that ticket is already used $qCheckUsedTicket = db_query("SELECT * FROM " . $sql_prefix . "_seatReg_seatings WHERE ticketID = '" . db_escape($ticketID) . "'"); if (db_num($qCheckUsedTicket) == 0) { // Ticket has never been used. Insert it db_query("INSERT INTO " . $sql_prefix . "_seatReg_seatings SET\n\t\t\t eventID = '" . db_escape($eventID) . "',\n\t\t\t ticketID = '" . db_escape($ticketID) . "',\n\t\t seatX = '" . db_escape($seatX) . "',\n\t\t seatY = '" . db_escape($seatY) . "'"); db_query("UPDATE " . $sql_prefix . "_tickets SET status = 'used'\n\t\t WHERE ticketID = '" . db_escape($ticketID) . "'"); } else { db_query("UPDATE " . $sql_prefix . "_seatReg_seatings SET\n\t\t seatX = '" . db_escape($seatX) . "',\n\t\t seatY = '" . db_escape($seatY) . "'\n\t\t WHERE ticketID = '" . db_escape($ticketID) . "'"); } // End else log_add("seating", "takeseat", serialize($newlog)); } else { // Failed seating_rights() log_add("seating", "failedTakeseat", serialize($newlog)); } // End else header("Location: ?module=seating&seatX={$seatX}&seatY={$seatY}&ticketID={$ticketID}"); }