示例#1
0
function uploadFile($tmpLocation, $fileName)
{
    // upload images and put them in sensible places
    // check images are to be uploaded
    //get some details about the current user
    $userID = get_user_id($_SESSION['valid_user']);
    //the dir to upload the file to on the server
    //this dir must be writiable by php (chmod 757 ought to do it)
    //$dir = "./attachments/";
    if ($tmpLocation) {
        // check file name and make it unix friendly
        $pattern = '/[^a-zA-Z0-9_\\.]/';
        $replacement = "_";
        $fileName = preg_replace($pattern, $replacement, $fileName);
        //$dest = $dir . $fileName ;
        $dest = DIR_FS_ATTACHMENTS . $fileName;
        if (copy($tmpLocation, $dest)) {
            //it worked, now note this in the database
            $query = "INSERT INTO " . EMAILSHOT_ATTACHMENTS_TEMP . " ( attachment_id, user_id, filename ) VALUES ( '', '" . $userID . "', '" . mysql_real_escape_string($fileName) . "' );";
            //echo "<hr>$query" ;
            if ($result = wrap_db_query($query)) {
                //get the attachment_id (auto) for the entry just added to the temp attachments table
                //$thisAttachmentID = wrap_db_insert_id() ;
                //and finally, return the filesize to the item that called this function
                return FileSize($dest);
            }
            //if you get here then the db insert failed so
            echo "<!-- Insert to DB failed -->";
            return false;
        } else {
            echo "<!-- Copy to server failed -->";
            return false;
        }
    } else {
        echo "<!-- hmmm, somethings a bit dodgy... -->";
    }
}
示例#2
0
            }
            $page_info_message = 'Group deleted successfully.';
            break;
        default:
            break;
    }
}
//get all our current groups
$sql = 'SELECT group_id, group_name FROM ' . BOOKING_GROUPS_TABLE . ' ORDER BY group_name ASC';
//it would be neater to include a count of the number of members at the same time but it is impossible to get groups with 0 members to be returned this way, hence the extra query for each group done later in the loop.
//$sql = 'SELECT g.group_id, g.group_name, COUNT(m.user_group_id) AS num_members FROM ' . BOOKING_GROUPS_TABLE . ' AS g, ' . BOOKING_USER_GROUPS_TABLE . ' AS m WHERE m.group_id=g.group_id GROUP BY g.group_id ORDER BY g.group_name ASC' ;
$res = wrap_db_query($sql);
if ($res) {
    while ($row = wrap_db_fetch_array($res)) {
        $membershipSql = 'SELECT COUNT(user_group_id) AS numMembers FROM ' . BOOKING_USER_GROUPS_TABLE . ' WHERE group_id=' . $row['group_id'];
        if ($membershipRes = wrap_db_query($membershipSql)) {
            if ($membershipRow = wrap_db_fetch_array($membershipRes)) {
                $row['num_members'] = $membershipRow['numMembers'];
            }
        }
        $groups[] = $row;
    }
}
include_once "header.php";
?>
<br />
Use the controls below to add/edit or delete user groups (as used when sending mailshots).<br />
<br />
<form name="form1" method="post" action="<?php 
echo FILENAME_ADMIN_MODIFY_GROUPS;
?>
示例#3
0
?>
    <input type="hidden" name="submitted" value="submitted">
  </p>
</form>
<b>Current Products</b>
<table width="752" border="0" cellpadding="4" cellspacing="2">
  <tr>
    <th class="BgcolorDull2" width="258">Name</th>
    <th width="100" class="BgcolorDull2">Price</th>
    <th width="100" class="BgcolorDull2">Quantity</th>
    <th width="100" class="BgcolorDull2">Currency</th>
    <th width="142" class="BgcolorDull2">Control</th>
  </tr>
  <?php 
//get all our current products except for the default product
$result = wrap_db_query("SELECT * FROM " . BOOKING_PRODUCT_ITEM . " where id not in('1') ORDER BY product_name ASC");
if ($result) {
    $i = 0;
    while ($fields = wrap_db_fetch_array($result)) {
        $i++;
        $class = 'BgcolorNormal';
        if ($i % 2 == 1) {
            $class = 'BgcolorBody';
        }
        ?>
  <tr>
    <td width="258" align="left" class="<?php 
        echo $class;
        ?>
"><?php 
        echo stripslashes($fields['product_name']);
示例#4
0
        while ($myBuddies = wrap_db_fetch_array($Buddies)) {
            $myBuddyBuddyIDs[] = $myBuddies['buddy_id'];
        }
        // get pending buddies for our user
        $pendingBuddies = wrap_db_query("SELECT user_id, buddy_id FROM " . BOOKING_BUDDIES_PENDING . " where buddy_id = '" . $user_info['user_id'] . "' OR user_id='" . $user_info['user_id'] . "'");
        while ($myPendingBuddies = wrap_db_fetch_array($pendingBuddies)) {
            $myPendingUserBuddyIDs[] = $myPendingBuddies['user_id'];
            $myPendingBuddyBuddyIDs[] = $myPendingBuddies['buddy_id'];
        }
        // if the user does not have any pending buddies, set the pending session variable to false
        // so that the indicator flag in the control panel does not show
        if (!is_array($myPendingBuddyBuddyIDs)) {
            $_SESSION['number_pending_buddies'] = false;
        }
        // get our current buddies
        $allUsers = wrap_db_query("SELECT user_id, username, firstname, lastname, email FROM " . BOOKING_USER_TABLE . " where user_id <> '" . $user_info['user_id'] . "' AND is_admin = '0' ORDER BY lastname, firstname, username");
        while ($myUsers = wrap_db_fetch_array($allUsers)) {
            foreach ($myUsers as $item) {
                $my_users[$myUsers['user_id']]['user_id'] = $myUsers['user_id'];
                $my_users[$myUsers['user_id']]['username'] = $myUsers['username'];
                $my_users[$myUsers['user_id']]['firstname'] = $myUsers['firstname'];
                $my_users[$myUsers['user_id']]['lastname'] = $myUsers['lastname'];
                $my_users[$myUsers['user_id']]['email'] = $myUsers['email'];
            }
        }
        // java script for allow or deny links
        ?>
<script language="JavaScript" type="text/javascript">
<!--
function allow ( selectedtype )
{
示例#5
0
            <?php 
//get a list of non-admin users
$result = wrap_db_query("SELECT user_id, username, firstname, lastname, email FROM " . BOOKING_USER_TABLE . " WHERE is_admin = '0' ORDER BY lastname, firstname, username");
if ($result) {
    while ($fields = wrap_db_fetch_array($result)) {
        echo '<option value="' . $fields['user_id'] . '" title="' . $fields['email'] . '">' . $fields['lastname'] . ', ' . $fields['firstname'] . ' (' . $fields['username'] . ')</option>' . "\n\t\t";
    }
}
?>
            </select>
        </td>
        <td><input type="submit" name="Submit" value="-&gt;" class="ButtonStyle"><br><br><input type="submit" name="Submit" value="&lt;-" class="ButtonStyle"></td>
        <td><select name="admin_select" size="15">
            <?php 
//get a list of non-admin users
$result = wrap_db_query("SELECT user_id, username, firstname, lastname, email FROM " . BOOKING_USER_TABLE . " WHERE is_admin = '1' ORDER BY lastname, firstname, username");
if ($result) {
    while ($fields = wrap_db_fetch_array($result)) {
        echo '<option value="' . $fields['user_id'] . '" title="' . $fields['email'] . '">' . $fields['lastname'] . ', ' . $fields['firstname'] . ' (' . $fields['username'] . ')</option>' . "\n\t\t";
        //check if this is the main admin account
        if ($fields['username'] == 'admin') {
            $admin_account_id = $fields['user_id'];
        }
    }
}
?>
            </select></td>
    </tr>
</table>
<?php 
//output a hidden field containing the id of the admin account
示例#6
0
<br>

- Create a new e-mail mailshot: <input type="button" class="ButtonStyle" value="GO" name="newMailButton" onclick="document.location.href='<?php 
echo FILENAME_ADMIN_EMAIL_MAILSHOT;
?>
'" style="margin-left: 20px;"><br>

<br>
<br>

<?php 
//output all previously sent emails with links to edit / delete
$currentUserID = get_user_id($_SESSION['valid_user']);
$sql = 'SELECT email_id, subject, DATE_FORMAT( sent, \'%d/%m/%Y %H:%i\' ) AS sent_time FROM ' . EMAILSHOT_SENT_EMAILS . ' WHERE sent_by_user_id=' . $currentUserID . ' ORDER BY sent DESC';
//echo "<hr>$sql" ;
$res = wrap_db_query($sql);
$numMails = wrap_db_num_rows($res);
if ($numMails > 0) {
    ?>
  - Edit or delete a previous e-mail mailshot:<br>
  <br>

  <table border="0" cellpadding="4" cellspacing="2" style="margin-left: 10px;">
    <tr>
      <th class="BgcolorDull2" width="150">Subject</th>
      <th class="BgcolorDull2">Sent</th>
      <th class="BgcolorDull2">Control</th>
    </tr>
    <?php 
    $i = 0;
    while ($row = wrap_db_fetch_array($res)) {
示例#7
0
}
?>
<tr>
    <td>Force users to select booking options:</td>
    <td width="20">&nbsp;</td>
    <td><INPUT TYPE="radio" name="minUserBookingOptions" value="0"<?php 
echo $minUserBookingOptionsFlag != true ? ' checked="true"' : '';
?>
> No &nbsp;&nbsp;&nbsp;&nbsp; <INPUT TYPE="radio" name="minUserBookingOptions" value="1"<?php 
echo $minUserBookingOptionsFlag == true ? ' checked="true"' : '';
?>
> Yes</td>
</tr>

<?php 
$result = wrap_db_query("SELECT function_value FROM " . SETTINGS_TABLE . " WHERE name = 'admin_minimum_booking_options' LIMIT 0,1 ;");
if ($result) {
    if ($fields = wrap_db_fetch_array($result)) {
        //change 1's and 0's to true and false
        if ($fields['function_value'] > 0) {
            $minAdminBookingOptionsFlag = true;
        } else {
            $minAdminBookingOptionsFlag = false;
        }
    }
}
?>
<tr>
    <td>Force admins to select booking options:</td>
    <td width="20">&nbsp;</td>
    <td><INPUT TYPE="radio" name="minAdminBookingOptions" value="0"<?php
示例#8
0
  </table>
<?php 
//Load the user info
$user_info = get_user(get_user_id($_SESSION['valid_user']));
// Check we have permissions to buy credits
if (wrap_session_is_registered("admin_user") || $user_info['booking_credits'] == 'Not used' || $_SESSION['PAYMENT_GATEWAY'] != '1' || !is_numeric($user_info['user_id'])) {
    echo "<p>You do not have permission to purchase booking credits.  Please contact an Administrator.</p>";
    include_once "footer.php";
    include_once "application_bottom.php";
    die;
}
//  Load the products based on the users group membership
$result = wrap_db_query("SELECT DISTINCT bpi.id, bpi.product_name, bpi.quantity, bpi.mc_gross, bpi.mc_currency \n\t\t\t\t\t\t\tFROM (" . BOOKING_PRODUCT_ITEM . " bpi LEFT JOIN " . BOOKING_PRODUCT_GROUPS . " bpg ON bpg.product_id = bpi.id ) \n\t\t\t\t\t\t\tWHERE group_id IN (SELECT DISTINCT group_id FROM " . BOOKING_USER_GROUPS_TABLE . " WHERE user_id = " . $user_info['user_id'] . ") ORDER BY bpi.product_name, bpi.quantity");
// If there are no products assigned, load the default
if (!(wrap_db_num_rows($result) >= 1) || !$result) {
    $result = wrap_db_query("SELECT DISTINCT id, product_name, quantity, mc_gross, mc_currency FROM " . BOOKING_PRODUCT_ITEM . " WHERE id = '1' LIMIT 1");
}
if ($result) {
    while ($products = wrap_db_fetch_array($result)) {
        // LIVE
        //  https://www.sandbox.paypal.com/cgi-bin/webscr
        ?>
			<p>
		   <form action="https://www.paypal.com/cgi-bin/webscr" method="post"> 
            <input type="hidden" name="notify_url" value="<?php 
        echo DOMAIN_NAME . substr(DIR_WS_SCRIPTS, 1) . "paypal_ipn_res.php";
        ?>
">
            <input type="hidden" name="cmd" value="_xclick">
            <input type="hidden" name="business" value="<?php 
        echo $_SESSION['PAYPAL_BUSINESS_EMAIL'];
示例#9
0
function get_user($user_id)
{
    // get user_id based on $id
    $result = wrap_db_query("SELECT * FROM " . BOOKING_USER_TABLE . " \r\n\t\t\t\t\t\tWHERE user_id = '" . wrap_db_escape_string($user_id) . "' LIMIT 1");
    return wrap_db_fetch_array($result);
}
示例#10
0
<?php

//set some additional one-time session variables if they do not already exist
//this saves repeating db queries for what are basically static values
//
//rahter than doing a separate query for each value, we now pull all of the
//values in one go and use a switch statement to follow the correct behaviour
//for the various options
if (!isset($_SESSION['PUBLIC_REGISTER_FLAG']) || !isset($_SESSION['ADVANCE_BOOKING_LIMIT']) || !isset($_SESSION['MINIMUM_ADVANCE_BOOKING_LIMIT']) || !isset($_SESSION['ADVANCE_CANCEL_LIMIT']) || !isset($_SESSION['SHOW_USER_DETAILS']) || !isset($_SESSION['MINIMUM_USER_BOOKING_OPIONS']) || !isset($_SESSION['MINIMUM_ADMIN_BOOKING_OPIONS']) || !isset($_SESSION['BOOKING_CONF_EMAILS_SEND']) || !isset($_SESSION['BOOKING_CONF_EMAILS_FROM_NAME']) || !isset($_SESSION['BOOKING_CONF_EMAILS_FROM']) || !isset($_SESSION['BOOKING_CONF_EMAILS_SUBJECT']) || !isset($_SESSION['BOOKING_CONF_EMAILS_BODY']) || !isset($_SESSION['BOOKING_CONF_EMAILS_CC']) || !isset($_SESSION['BUDDY_LIST_EMAILS_SEND']) || !isset($_SESSION['BUDDY_LIST_EMAILS_FROM_NAME']) || !isset($_SESSION['BUDDY_LIST_EMAILS_FROM']) || !isset($_SESSION['BUDDY_LIST_EMAILS_SUBJECT']) || !isset($_SESSION['BUDDY_LIST_EMAILS_BODY']) || !isset($_SESSION['PAYMENT_GATEWAY']) || !isset($_SESSION['PAYPAL_BUSINESS_EMAIL']) || !isset($_SESSION['PAYPAL_NOTIFICATION_EMAIL']) || !isset($_SESSION['USER_REGISTER_EMAIL_TO'])) {
    $result = wrap_db_query("SELECT name, function_value FROM " . SETTINGS_TABLE . " ;");
    if ($result) {
        while ($fields = wrap_db_fetch_array($result)) {
            //see which parameter we are dealing with
            switch ($fields['name']) {
                case 'public_register':
                    $set_val_to = false;
                    if ($fields['function_value'] == '1') {
                        //allow new user registrations
                        $set_val_to = true;
                    }
                    $_SESSION['PUBLIC_REGISTER_FLAG'] = $set_val_to;
                    break;
                case 'booking_hours_limit':
                    //a safe default. Also used in case the db query fails for some reason
                    //$set_val_to = 336 ; // 336 = 14 days x 24 hours in a day
                    $_SESSION['ADVANCE_BOOKING_LIMIT'] = $fields['function_value'];
                    break;
                case 'cancellation_hours_limit':
                    //a safe default. Also used in case the db query fails for some reason
                    //$set_val_to = 6 ; // hours
                    $_SESSION['ADVANCE_CANCEL_LIMIT'] = $fields['function_value'];
示例#11
0
            $users_full_name = $fields['firstname'] . ' ' . $fields['lastname'];
        }
        echo '>' . $fields['lastname'] . ', ' . $fields['firstname'] . ' (' . $fields['username'] . ')</option>' . "\n\t\t";
    }
}
?>
            </select>
        </td>
        </form>
        <td width="10">&nbsp;</td>
        <td valign="top">
            <?php 
if ($_POST['user_select'] != '') {
    //check that we have not just made a successful update
    if ($page_success_message == '') {
        $result = wrap_db_query("SELECT * FROM " . BOOKING_USER_TABLE . " WHERE user_id = '" . $_POST['user_select'] . "' LIMIT 0,1");
        if ($result) {
            if ($fields = wrap_db_fetch_array($result)) {
                ?>
                            <form method="post" action="<?php 
                echo FILENAME_ADMIN_UPDATE;
                ?>
">

                            <table cellpadding="2" cellspacing="0" border="0">
                            <tr><td colspan="2" align="center" class="BgcolorDull2"><b>Required Details</b></td></tr>
                            <tr><td align="right" class="BgcolorDull2" width="32%">Username:<br /><span class="FontBlackSmall"><em>(max 16 chars)</em></span></td>
                            <td class="BgcolorDull2"><INPUT TYPE="text" name="username" value="<?php 
                echo $_POST['username'] ? stripslashes($_POST['username']) : $fields['username'];
                ?>
" size="16" maxlength="16"></td></tr>
示例#12
0
              <td class="<?php 
        echo $row_color;
        ?>
"><?php 
        if ($fields['credit_type_booking_days'] == '0') {
            echo "Use Site Default";
        } else {
            echo $fields['credit_type_booking_days'];
        }
        ?>
              
              </td>
              <?php 
        if ($_SESSION['PAYMENT_GATEWAY'] === true) {
            // For each user, load their products and groups
            $result2 = wrap_db_query("SELECT DISTINCT bpi.id, bpi.product_name, bpi.quantity, bpi.mc_gross, bpi.mc_currency \n\t\t\t\t\t\t\tFROM (" . BOOKING_PRODUCT_ITEM . " bpi LEFT JOIN " . BOOKING_PRODUCT_GROUPS . " bpg ON bpg.product_id = bpi.id ) \n\t\t\t\t\t\t\tWHERE group_id IN (SELECT DISTINCT group_id FROM " . BOOKING_USER_GROUPS_TABLE . " WHERE user_id = " . $fields['user_id'] . ") ORDER BY bpi.quantity");
            ?>
                  <td class="<?php 
            echo $row_color;
            ?>
">
                  <?php 
            while ($products = wrap_db_fetch_array($result2)) {
                echo $products['product_name'] . " (" . $products['mc_gross'] . " " . $products['mc_currency'] . ", " . $products['quantity'] . " credits)<br />";
            }
            ?>
                  </td>
              <?php 
        }
        ?>
            </tr>
示例#13
0
<form name="form1" method="post" action="<?php 
echo FILENAME_ADMIN_MAX_BOOKINGS;
?>
">

<table border="0" cellspacing="10" cellpadding="0">
    <tr>
        <td><b>Users</b></td>
        <td>&nbsp;</td>
        <td>&nbsp;</td>
    </tr>
    <tr>
        <td><select name="user_select" size="15" onchange="document.form1.submit()">
            <?php 
//get a list of users
$result = wrap_db_query("SELECT user_id, username, firstname, lastname, email, max_bookings FROM " . BOOKING_USER_TABLE . " ORDER BY lastname, firstname, username");
if ($result) {
    while ($fields = wrap_db_fetch_array($result)) {
        $max_bookings = $fields['max_bookings'] . ' booking';
        if ($fields['max_bookings'] > 1) {
            $max_bookings .= 's';
        }
        if ($fields['max_bookings'] == 0) {
            $max_bookings = 'Unlimited bookings';
        }
        echo '<option value="' . $fields['user_id'] . '" title="' . $fields['email'] . '"';
        if ($_POST['user_select'] == $fields['user_id']) {
            echo ' selected="true"';
            //store the users name and current limit for use in a later part of the form
            $users_full_name = $fields['firstname'] . ' ' . $fields['lastname'];
            $users_current_booking_limit = $fields['max_bookings'];
示例#14
0
                }
            }
            //the CC field may or may not have been submitted. If not, assume no CC to be sent
            if (isset($_POST['booking_email_cc_me']) && isset($_POST['booking_email_cc'])) {
                if (validate_email($_POST['booking_email_cc'])) {
                    $query = "UPDATE " . SETTINGS_TABLE . " SET function_value ='" . mysql_real_escape_string($_POST['booking_email_cc']) . "' WHERE name = 'send_booking_conf_email_cc' LIMIT 1 ;";
                    wrap_db_query($query);
                    //no need to check if it got added, the user will see this for themselves soon enough :)
                    $_SESSION['BOOKING_CONF_EMAILS_CC'] = $_POST['booking_email_cc'];
                } else {
                    $page_error_message .= "- The e-mail address for the 'CC' (copy of the e-mail to be sent to you) is not a valid e-mail address<br>";
                }
            } else {
                //disable the cc sending option
                $query = "UPDATE " . SETTINGS_TABLE . " SET function_value = '' WHERE name = 'send_booking_conf_email_cc' LIMIT 1 ;";
                wrap_db_query($query);
                //no need to check if it got added, the user will see this for themselves soon enough :)
                $_SESSION['BOOKING_CONF_EMAILS_CC'] = false;
            }
        }
    }
}
$show_admin_site_admin_menu = true;
include_once "header.php";
?>
<br>
<form method="POST" action="<?php 
echo FILENAME_ADMIN_EMAIL_OPTIONS;
?>
" name="email_conf_form" onSubmit="return checkRequiredFields(this);">
<b>Booking Confirmation E-mail Settings:</b><br>
示例#15
0
</textarea><br>
<?php 
        } else {
            echo stripslashes($event['description']);
        }
        ?>
    </td></tr>

<?php 
        //does this site use booking options?
        $result = wrap_db_query("SELECT option_id, description FROM " . BOOKING_OPTIONS_TABLE . " ORDER BY description ASC");
        if ($result && wrap_db_num_rows($result) > 0) {
            //get the id's and descriptions for options chosen by the user
            $savedUserBookingOptionIDs = null;
            $savedUserBookingOptionDescriptions = null;
            $userBookingResult = wrap_db_query("SELECT e.option_id, o.description FROM " . BOOKING_EVENT_OPTIONS_TABLE . " AS e, " . BOOKING_OPTIONS_TABLE . " AS o WHERE e.event_id='" . $_REQUEST['event_id'] . "' AND e.option_id=o.option_id");
            if ($userBookingResult && wrap_db_num_rows($userBookingResult) > 0) {
                while ($userBookingFields = wrap_db_fetch_array($userBookingResult)) {
                    $savedUserBookingOptionsIDs[] = $userBookingFields['option_id'];
                    $savedUserBookingOptionDescriptions[] = $userBookingFields['description'];
                }
            }
            $numBookingOptions = count($savedUserBookingOptionDescriptions);
            ?>
        <tr><td colspan="2" align="left" valign="top"><strong>Booking Options:</strong></td></tr>

        <tr><td colspan="2" align="left">
        <?php 
            if ($_REQUEST['action'] == 'modify') {
                //show tickable checkboxes
                ?>
示例#16
0
function update_user_information($username, $firstname, $lastname, $email)
{
    // check if username is unique
    $result = wrap_db_query("SELECT user_id FROM " . BOOKING_USER_TABLE . " WHERE username='******'");
    if (!$result) {
        return false;
        // no result
    } else {
        if (wrap_db_num_rows($result) == 1) {
            // one result row
            $fields = wrap_db_fetch_array($result);
            $user_id = $fields['user_id'];
        } else {
            return false;
        }
    }
    if (empty($user_id)) {
        return false;
    }
    // if ok, put in db and return result
    $result = wrap_db_query("UPDATE " . BOOKING_USER_TABLE . " SET \r\n\t\t\t\t\t\tfirstname = '" . wrap_db_escape_string($firstname) . "',\r\n\t\t\t\t\t\tlastname = '" . wrap_db_escape_string($lastname) . "',\r\n\t\t\t\t\t\temail = '" . wrap_db_escape_string($email) . "' \r\n\t\t\t\t\t\tWHERE username = '******' " . " AND user_id = '" . wrap_db_escape_string($user_id) . "'");
    if (!$result) {
        return false;
    } else {
        return true;
    }
}
示例#17
0
   $buddyCountSql = "SELECT COUNT(user_id) FROM " . BOOKING_BUDDIES . " ";
   $BuddyRes = wrap_db_query($buddyCountSql);
   if ($BuddyRes) {
       while ($row = wrap_db_fetch_array($BuddyRes)) {
           $buddyCount = $row[0];
       }
   }
   $pendingBuddyCountSql = "SELECT COUNT(user_id) FROM " . BOOKING_BUDDIES_PENDING . " ";
   $pendingBuddyRes = wrap_db_query($pendingBuddyCountSql);
   if ($pendingBuddyRes) {
       while ($row1 = wrap_db_fetch_array($pendingBuddyRes)) {
           $pendingBuddyCount = $row1[0];
       }
   }
   $userCountSql = "SELECT COUNT(user_id) FROM " . BOOKING_USER_TABLE . " WHERE is_admin = '0'";
   $UserRes = wrap_db_query($userCountSql);
   if ($UserRes) {
       while ($row2 = wrap_db_fetch_array($UserRes)) {
           $userCount = $row2[0];
       }
   }
   // calculate percentage of users using BLN
   $decimal = $buddyCount / $userCount;
   $percentage = $decimal * 100;
   ?>
 <br>
 Usage Statistics:
 </p>
 <table border="0" cellpadding="4" cellspacing="2" id="booking_email_table" style="filter: progid:DXImageTransform.Microsoft.Alpha(opacity=<?php 
   echo $_SESSION['BUDDY_LIST_EMAILS_SEND'] ? '100' : '50';
   ?>
示例#18
0
         echo '>' . $fields['lastname'] . ', ' . $fields['firstname'] . ' (' . $fields['username'] . ')</option>' . "\n\t\t";
     }
 }
 ?>
     </select>
   </td>
 </form>
 <td width="99%" valign="top"><?php 
 if ($_POST['user_select'] != '' || $all == true) {
     //check that we have not just made a successful update
     if ($all == true) {
         $query = "SELECT * FROM " . PAYPAL_TRANSACTIONS . " order by payment_date LIMIT 100";
     } else {
         $query = "SELECT * FROM " . PAYPAL_TRANSACTIONS . " WHERE n27_user_id = '" . $_POST['user_select'] . "' order by payment_date LIMIT 30";
     }
     $result = wrap_db_query($query);
     if ($result && wrap_db_num_rows($result) > 0) {
         if ($all == true) {
             echo "Last 100 transactions for all users:<br /><br />";
         } else {
             echo "Last 30 transactions:<br /><br />";
         }
         ?>
   <table width="98%" border="0" cellpadding="2" cellspacing="0">
     <tr>
       <td width="22%" class="BgcolorDull2">Date</td>
       <td width="19%" class="BgcolorDull2">Payer Name</td>
       <td width="27%" class="BgcolorDull2">Payer Email</td>
       <td width="8%" class="BgcolorDull2" align="center">Quantity</td>
       <td width="8%" class="BgcolorDull2">Value</td>
       <td width="8%" class="BgcolorDull2" align="center">Currency</td>
示例#19
0
function get_credit_types()
{
    $result = wrap_db_query("SELECT * FROM " . BOOKING_CREDIT_TYPES);
    $returnArray = null;
    if (!$result) {
        return false;
        // general connection or query error
    } else {
        if (wrap_db_num_rows($result) == 0) {
            return false;
            // no results - odd!
        } else {
            while ($fields = wrap_db_fetch_array($result)) {
                $returnArray[] = array('credit_type_id' => $fields['credit_type_id'], 'credit_type_name' => $fields['credit_type_name'], 'credit_type_booking_days' => $fields['credit_type_booking_days']);
            }
        }
    }
    return $returnArray;
}
示例#20
0
    // -->
    </script>
    <textarea name="bookingOptionsDesc" rows="5" cols="60" readonly="true"><?php 
    if (isset($_REQUEST['bookingOptionsDesc'])) {
        echo stripslashes($_REQUEST['bookingOptionsDesc']);
    }
    ?>
</textarea><br>

    <table border="0" cellpadding="0" cellspacing="2">
    <?php 
    //load any saved booking option preferences this user may have
    $savedUserPrefOptions = null;
    //only non-admins can save their preferences, admins should have to tick them each time
    if (!$is_admin) {
        $userPrefResult = wrap_db_query("SELECT option_id FROM " . BOOKING_USER_OPTIONS_TABLE . " WHERE user_id='" . $bookingByUserID . "'");
        if ($userPrefResult && wrap_db_num_rows($userPrefResult) > 0) {
            while ($userPrefFields = wrap_db_fetch_array($userPrefResult)) {
                $savedUserPrefOptions[] = $userPrefFields['option_id'];
            }
        }
    }
    $rightCol = false;
    for ($r = 0; $fields = wrap_db_fetch_array($result); $r++) {
        //is this a left or right column?
        if ($r % 2 == 0) {
            //left column
            echo '<tr align="left"><td>';
            $rightCol = false;
        } else {
            //right column
示例#21
0
<form name="form1" method="post" action="<?php 
echo FILENAME_ADMIN_BOOKING_CREDITS;
?>
">

<table border="0" cellspacing="10" cellpadding="0">
    <tr>
        <td><b>Users</b></td>
        <td>&nbsp;</td>
        <td>&nbsp;</td>
    </tr>
    <tr>
        <td valign="top"><select name="user_select" size="15" onchange="document.form1.submit()">
            <?php 
//get a list of users
$result = wrap_db_query("SELECT user_id, username, firstname, lastname, email, max_bookings, booking_credits FROM " . BOOKING_USER_TABLE . " WHERE is_admin='0' ORDER BY lastname, firstname, username");
if ($result) {
    while ($fields = wrap_db_fetch_array($result)) {
        $user_booking_credits = $fields['booking_credits'];
        if ($fields['booking_credits'] != 'Not used') {
            $user_booking_credits .= ' credit';
            if ($fields['booking_credits'] != 1) {
                $user_booking_credits .= 's';
            }
        }
        echo '<option value="' . $fields['user_id'] . '" title="' . $fields['email'] . '"';
        if ($_POST['user_select'] == $fields['user_id']) {
            echo ' selected="true"';
            //store the users name and current limit for use in a later part of the form
            $users_full_name = $fields['firstname'] . ' ' . $fields['lastname'];
            $users_current_booking_limit = $fields['max_bookings'];
示例#22
0
function get_booking_options($event_id)
{
    //get the id's and descriptions for options chosen by the user
    $savedUserBookingOptions = null;
    $userBookingResult = wrap_db_query("SELECT e.option_id, o.description FROM " . BOOKING_EVENT_OPTIONS_TABLE . " AS e, " . BOOKING_OPTIONS_TABLE . " AS o WHERE e.event_id='" . $event_id . "' AND e.option_id=o.option_id");
    if ($userBookingResult && wrap_db_num_rows($userBookingResult) > 0) {
        while ($userBookingFields = wrap_db_fetch_array($userBookingResult)) {
            $savedUserBookingOptions[] = array('id' => $userBookingFields['option_id'], 'desc' => $userBookingFields['description']);
        }
    }
    return $savedUserBookingOptions;
}
示例#23
0
 } elseif (strlen($_POST['passwd']) < 6 || strlen($_POST['passwd']) > 16) {
     // check password length
     $page_title = "User Registration Problem";
     $page_error_message = "Your password must be between 6 and 16 characters. Please try again.";
 } elseif ($_SESSION['security_code'] != $_POST['security_code'] || empty($_SESSION['security_code'])) {
     $page_title = "User Registration Problem";
     $page_error_message = "Invalid security code.  Please enter the letters shown within the image.";
 }
 // Check if the username is already in use
 $result = wrap_db_query("SELECT username FROM " . BOOKING_USER_TABLE . " WHERE username ='******'username'])) . "' LIMIT 1");
 if ($result && wrap_db_num_rows($result) > 0) {
     $page_title = "User Registration Problem";
     $page_error_message = "Username already taken.  Please choose another.";
 }
 // Check if the email is already in use
 $result = wrap_db_query("SELECT email FROM " . BOOKING_USER_TABLE . " WHERE email ='" . strtolower(trim($_POST['email'])) . "' LIMIT 1");
 if ($result && wrap_db_num_rows($result) > 0) {
     $page_title = "User Registration Problem";
     $page_error_message = "Email address already in use.  Please choose another.";
 }
 if ($page_error_message == '') {
     // attempt to register if no error message
     $reg_result = register($_POST['username'], $_POST['passwd'], $_POST['firstname'], $_POST['lastname'], $_POST['groups'], $_POST['email']);
     if ($reg_result) {
         // register session variable
         unset($_SESSION['security_code']);
         $_SESSION['valid_user'] = $_POST['username'];
         wrap_session_register("valid_user");
         $page_title = "Registration Successful!";
     } else {
         // register problem: username taken, database error
示例#24
0
         wrap_session_register("block_book");
     }
     //booking credits remaining
     $_SESSION['booking_credits'] = remaining_booking_credits($_REQUEST['username']);
     // Member check
     // check if the user is a member or not - but only if they are not an admin as this flag is not used for admins
     if (!wrap_session_is_registered("admin_user")) {
         $_SESSION['is_member'] = is_member($_REQUEST['username']);
     }
     //can they view other users bookings?
     if (is_admin($_REQUEST['username'])) {
         //admins can always see everyone elses bookings
         $_SESSION['SHOW_USER_DETAILS'] = true;
     } else {
         //how about regular users? This will depend on the site wide value set by an admin
         $result = wrap_db_query("SELECT function_value FROM " . SETTINGS_TABLE . " WHERE name = 'user_details_viewing' LIMIT 0,1 ;");
         if ($result) {
             if ($fields = wrap_db_fetch_array($result)) {
                 //change 1's and 0's to true and false
                 if ($fields['function_value'] == "1") {
                     $_SESSION['SHOW_USER_DETAILS'] = true;
                 } else {
                     $_SESSION['SHOW_USER_DETAILS'] = false;
                 }
             }
         }
     }
 } else {
     // login failed, show error page
     $display_login_form = true;
     $page_error_message = "You could not be logged in. Please try again.";
示例#25
0
<?php

// user_nav_widget.php
// Display the User Navigation/Functions Bar
// If booking_credits session var is not present, refresh the users credit value
// Ths way we can force a refresh by unsetting this var e.g. after a paypal transaction
$user_info = get_user(get_user_id($_SESSION['valid_user']));
if (!wrap_session_is_registered("admin_user") && $user_info['booking_credits'] !== 'Not used' && $_SESSION['PAYMENT_GATEWAY'] == '1' && is_numeric($user_info['user_id'])) {
    $result = wrap_db_query("SELECT booking_credits FROM " . BOOKING_USER_TABLE . " where user_id = '" . $user_info['user_id'] . "'");
    if ($result) {
        while ($fields = wrap_db_fetch_array($result)) {
            $_SESSION['booking_credits'] = $fields['booking_credits'];
        }
    }
}
?>

<table cellspacing="1" cellpadding="1" width="100%" border="0">
  <tr>
	<td nowrap="nowrap" align="center" valign="middle" class="BgcolorDull2">
	<img src="<?php 
echo DIR_WS_IMAGES;
?>
/spacer.gif" width="15" height="15" />
	User Functions:
	<?php 
if (isset($_SESSION['valid_user']) && $_SESSION['valid_user'] != '') {
    echo '<a href="' . FILENAME_MY_BOOKWAKE_VIEW . '"><b>' . $_SESSION['valid_user'] . '</b>';
    if ($_SESSION['booking_credits'] != 'Not used') {
        echo ' (<b>' . $_SESSION['booking_credits'] . '</b> credit';
        if ($_SESSION['booking_credits'] != 1) {