From 2f0deca246c434a7d0a4610398631e9de5797b64 Mon Sep 17 00:00:00 2001
From: james <james>
Date: Wed, 9 Sep 2009 01:44:55 +0000
Subject: [PATCH] Update rollover script to roll sponsors & awards properly
 Switch all mysql_escape_string to mysql_real_escape_string

---
 config/rollover.php | 226 ++++++++++++++++++++++++--------------------
 1 file changed, 121 insertions(+), 105 deletions(-)

diff --git a/config/rollover.php b/config/rollover.php
index f4a5658..6519c19 100644
--- a/config/rollover.php
+++ b/config/rollover.php
@@ -4,7 +4,7 @@
    SFIAB Website: http://www.sfiab.ca
 
    Copyright (C) 2005 Sci-Tech Ontario Inc <info@scitechontario.org>
-   Copyright (C) 2005 James Grant <james@lightbox.org>
+   Copyright (C) 2005-2009 James Grant <james@lightbox.org>
 
    This program is free software; you can redistribute it and/or
    modify it under the terms of the GNU General Public
@@ -62,7 +62,7 @@
 	while($r=mysql_fetch_assoc($q)) {
 		$vals = '';
 		foreach($fields as $f) {
-			$vals .= ",'".mysql_escape_string($r[$f])."'";
+			$vals .= ",'".mysql_real_escape_string($r[$f])."'";
 		}
 
 		mysql_query("INSERT INTO $table(`year`,$names) VALUES ('$newfairyear'$vals)");
@@ -93,10 +93,10 @@
 		echo mysql_error();
 		while($r=mysql_fetch_object($q))
 			mysql_query("INSERT INTO dates (date,name,description,year) VALUES (
-				'".mysql_escape_string($r->newdate)."',
-				'".mysql_escape_string($r->name)."',
-				'".mysql_escape_string($r->description)."',
-				'".mysql_escape_string($newfairyear)."')");
+				'".mysql_real_escape_string($r->newdate)."',
+				'".mysql_real_escape_string($r->name)."',
+				'".mysql_real_escape_string($r->description)."',
+				'".mysql_real_escape_string($newfairyear)."')");
 		
 
 		//page text
@@ -105,12 +105,12 @@
 		echo mysql_error();
 		while($r=mysql_fetch_object($q))
 			mysql_query("INSERT INTO pagetext (textname,textdescription,text,lastupdate,year,lang) VALUES (
-				'".mysql_escape_string($r->textname)."',
-				'".mysql_escape_string($r->textdescription)."',
-				'".mysql_escape_string($r->text)."',
-				'".mysql_escape_string($r->lastupdate)."',
-				'".mysql_escape_string($newfairyear)."',
-                '".mysql_escape_string($r->lang)."')");
+				'".mysql_real_escape_string($r->textname)."',
+				'".mysql_real_escape_string($r->textdescription)."',
+				'".mysql_real_escape_string($r->text)."',
+				'".mysql_real_escape_string($r->lastupdate)."',
+				'".mysql_real_escape_string($newfairyear)."',
+                '".mysql_real_escape_string($r->lang)."')");
 
 		echo i18n("Rolling project categories")."<br />";
 		//project categories
@@ -118,12 +118,12 @@
 		echo mysql_error();
 		while($r=mysql_fetch_object($q))
 			mysql_query("INSERT INTO projectcategories (id,category,category_shortform,mingrade,maxgrade,year) VALUES (
-				'".mysql_escape_string($r->id)."',
-				'".mysql_escape_string($r->category)."',
-				'".mysql_escape_string($r->category_shortform)."',
-				'".mysql_escape_string($r->mingrade)."',
-				'".mysql_escape_string($r->maxgrade)."',
-				'".mysql_escape_string($newfairyear)."')");
+				'".mysql_real_escape_string($r->id)."',
+				'".mysql_real_escape_string($r->category)."',
+				'".mysql_real_escape_string($r->category_shortform)."',
+				'".mysql_real_escape_string($r->mingrade)."',
+				'".mysql_real_escape_string($r->maxgrade)."',
+				'".mysql_real_escape_string($newfairyear)."')");
 
 		echo i18n("Rolling project divisions")."<br />";
 		//project divisions
@@ -131,11 +131,11 @@
 		echo mysql_error();
 		while($r=mysql_fetch_object($q))
 			mysql_query("INSERT INTO projectdivisions (id,division,division_shortform,cwsfdivisionid,year) VALUES (
-				'".mysql_escape_string($r->id)."',
-				'".mysql_escape_string($r->division)."',
-				'".mysql_escape_string($r->division_shortform)."',
-				'".mysql_escape_string($r->cwsfdivisionid)."',
-				'".mysql_escape_string($newfairyear)."')");
+				'".mysql_real_escape_string($r->id)."',
+				'".mysql_real_escape_string($r->division)."',
+				'".mysql_real_escape_string($r->division_shortform)."',
+				'".mysql_real_escape_string($r->cwsfdivisionid)."',
+				'".mysql_real_escape_string($newfairyear)."')");
 
 		echo i18n("Rolling project category-division links")."<br />";
 		//project categories divisions links
@@ -143,9 +143,9 @@
 		echo mysql_error();
 		while($r=mysql_fetch_object($q))
 			mysql_query("INSERT INTO projectcategoriesdivisions_link (projectdivisions_id,projectcategories_id,year) VALUES (
-				'".mysql_escape_string($r->projectdivisions_id)."',
-				'".mysql_escape_string($r->projectcategories_id)."',
-				'".mysql_escape_string($newfairyear)."')");
+				'".mysql_real_escape_string($r->projectdivisions_id)."',
+				'".mysql_real_escape_string($r->projectcategories_id)."',
+				'".mysql_real_escape_string($newfairyear)."')");
 
 		echo i18n("Rolling project sub-divisions")."<br />";
 		//project subdivisions
@@ -153,10 +153,10 @@
 		echo mysql_error();
 		while($r=mysql_fetch_object($q))
 			mysql_query("INSERT INTO projectsubdivisions (id,projectdivisions_id,subdivision,year) VALUES (
-				'".mysql_escape_string($r->id)."',
-				'".mysql_escape_string($r->projectsubdivisions_id)."',
-				'".mysql_escape_string($r->subdivision)."',
-				'".mysql_escape_string($newfairyear)."')");
+				'".mysql_real_escape_string($r->id)."',
+				'".mysql_real_escape_string($r->projectsubdivisions_id)."',
+				'".mysql_real_escape_string($r->subdivision)."',
+				'".mysql_real_escape_string($newfairyear)."')");
 
 		echo i18n("Rolling safety questions")."<br />";
 		//safety questions 
@@ -164,14 +164,28 @@
 		echo mysql_error();
 		while($r=mysql_fetch_object($q))
 			mysql_query("INSERT INTO safetyquestions (question,type,required,ord,year) VALUES (
-				'".mysql_escape_string($r->question)."',
-				'".mysql_escape_string($r->type)."',
-				'".mysql_escape_string($r->required)."',
-				'".mysql_escape_string($r->ord)."',
-				'".mysql_escape_string($newfairyear)."')");
+				'".mysql_real_escape_string($r->question)."',
+				'".mysql_real_escape_string($r->type)."',
+				'".mysql_real_escape_string($r->required)."',
+				'".mysql_real_escape_string($r->ord)."',
+				'".mysql_real_escape_string($newfairyear)."')");
 
-		echo i18n("Unconfirming award sponsors")." <br />";
-		mysql_query("UPDATE award_sponsors SET confirmed='no'");
+		echo i18n("Rolling fundraising goals")." <br />";
+        roll($currentfairyear, $newfairyear, "fundraising",
+            array("type","name","description","system","goal"));
+
+		echo i18n("Rolling sponsorship levels")." <br />";
+        roll($currentfairyear, $newfairyear, "sponsorship_levels",
+            array("level","min","max","description"));
+
+		echo i18n("Rolling sponsorships")." <br />";
+        roll($currentfairyear, $newfairyear, "sponsorships",
+            array("sponsors_id","fundraising_type","value")); //no need to roll status or probability, because we're about to reset them..
+        mysql_query("UPDATE sponsorships SET status='pending', probability=25 WHERE year='$newfairyear'");
+        $q=mysql_query("SELECT * FROM sponsorships WHERE year='$newfairyear'");
+        while($r=mysql_fetch_object($q)) {
+            mysql_query("INSERT INTO sponsors_logs (sponsors_id,dt,users_id,log) VALUES ('$r->sponsors_id',NOW(),'{$_SESSION['auth_user_id']}','Fair year rollover - reset status=pending, probability=25\%')");
+        }
 
 		echo i18n("Rolling awards")."<br />";
 		//awards
@@ -179,20 +193,22 @@
 		echo mysql_error();
 		while($r=mysql_fetch_object($q))
 		{
-			mysql_query("INSERT INTO award_awards (award_sponsors_id,award_types_id,name,criteria,description,presenter,`order`,year,excludefromac,cwsfaward,external_identifier,external_postback,award_sources_id) VALUES (
-				'".mysql_escape_string($r->award_sponsors_id)."',
-				'".mysql_escape_string($r->award_types_id)."',
-				'".mysql_escape_string($r->name)."',
-				'".mysql_escape_string($r->criteria)."',
-				'".mysql_escape_string($r->description)."',
-				'".mysql_escape_string($r->presenter)."',
-				'".mysql_escape_string($r->order)."',
-				'".mysql_escape_string($newfairyear)."',
-				'".mysql_escape_string($r->excludefromac)."',
-				'".mysql_escape_string($r->cwsfaward)."',
-				'".mysql_escape_string($r->external_identifier)."',
-				'".mysql_escape_string($r->external_postaback)."',
-				'".mysql_escape_string($r->award_sources_id)."'
+			mysql_query("INSERT INTO award_awards (sponsors_id,award_types_id,name,criteria,description,presenter,`order`,year,excludefromac,cwsfaward,self_nominate,schedule_judges,external_identifier,external_postback,award_source_fairs_id) VALUES (
+				'".mysql_real_escape_string($r->sponsors_id)."',
+				'".mysql_real_escape_string($r->award_types_id)."',
+				'".mysql_real_escape_string($r->name)."',
+				'".mysql_real_escape_string($r->criteria)."',
+				'".mysql_real_escape_string($r->description)."',
+				'".mysql_real_escape_string($r->presenter)."',
+				'".mysql_real_escape_string($r->order)."',
+				'".mysql_real_escape_string($newfairyear)."',
+				'".mysql_real_escape_string($r->excludefromac)."',
+				'".mysql_real_escape_string($r->cwsfaward)."',
+				'".mysql_real_escape_string($r->self_nominate)."',
+				'".mysql_real_escape_string($r->schedule_judges)."',
+				'".mysql_real_escape_string($r->external_identifier)."',
+				'".mysql_real_escape_string($r->external_postaback)."',
+				'".mysql_real_escape_string($r->award_source_fairs_id)."'
 				)");
 			$award_awards_id=mysql_insert_id();
 			
@@ -201,9 +217,9 @@
 			while($r2=mysql_fetch_object($q2))
 			{
 				mysql_query("INSERT INTO award_awards_projectcategories (award_awards_id,projectcategories_id,year) VALUES (
-				'".mysql_escape_string($award_awards_id)."',
-				'".mysql_escape_string($r2->projectcategories_id)."',
-				'".mysql_escape_string($newfairyear)."')");
+				'".mysql_real_escape_string($award_awards_id)."',
+				'".mysql_real_escape_string($r2->projectcategories_id)."',
+				'".mysql_real_escape_string($newfairyear)."')");
 
 			}
 
@@ -212,9 +228,9 @@
 			while($r2=mysql_fetch_object($q2))
 			{
 				mysql_query("INSERT INTO award_awards_projectdivisions (award_awards_id,projectdivisions_id,year) VALUES (
-				'".mysql_escape_string($award_awards_id)."',
-				'".mysql_escape_string($r2->projectdivisions_id)."',
-				'".mysql_escape_string($newfairyear)."')");
+				'".mysql_real_escape_string($award_awards_id)."',
+				'".mysql_real_escape_string($r2->projectdivisions_id)."',
+				'".mysql_real_escape_string($newfairyear)."')");
 
 			}
 
@@ -224,20 +240,20 @@
 			while($r2=mysql_fetch_object($q2))
 			{
 				mysql_query("INSERT INTO award_prizes (award_awards_id,cash,scholarship,`value`,prize,number,`order`,year,excludefromac,trophystudentkeeper,trophystudentreturn,trophyschoolkeeper,trophyschoolreturn,external_identifier) VALUES (
-				'".mysql_escape_string($award_awards_id)."',
-				'".mysql_escape_string($r2->cash)."',
-				'".mysql_escape_string($r2->scholarship)."',
-				'".mysql_escape_string($r2->value)."',
-				'".mysql_escape_string($r2->prize)."',
-				'".mysql_escape_string($r2->number)."',
-				'".mysql_escape_string($r2->order)."',
-				'".mysql_escape_string($newfairyear)."',
-				'".mysql_escape_string($r2->excludefromac)."',
-				'".mysql_escape_string($r2->trophystudentkeeper)."',
-				'".mysql_escape_string($r2->trophystudentreturn)."',
-				'".mysql_escape_string($r2->trophyschoolkeeper)."',
-				'".mysql_escape_string($r2->trophyschoolreturn)."',
-				'".mysql_escape_string($r2->external_identifier)."'
+				'".mysql_real_escape_string($award_awards_id)."',
+				'".mysql_real_escape_string($r2->cash)."',
+				'".mysql_real_escape_string($r2->scholarship)."',
+				'".mysql_real_escape_string($r2->value)."',
+				'".mysql_real_escape_string($r2->prize)."',
+				'".mysql_real_escape_string($r2->number)."',
+				'".mysql_real_escape_string($r2->order)."',
+				'".mysql_real_escape_string($newfairyear)."',
+				'".mysql_real_escape_string($r2->excludefromac)."',
+				'".mysql_real_escape_string($r2->trophystudentkeeper)."',
+				'".mysql_real_escape_string($r2->trophystudentreturn)."',
+				'".mysql_real_escape_string($r2->trophyschoolkeeper)."',
+				'".mysql_real_escape_string($r2->trophyschoolreturn)."',
+				'".mysql_real_escape_string($r2->external_identifier)."'
 				)");
 			}
 		}
@@ -248,10 +264,10 @@
 		echo mysql_error();
 		while($r=mysql_fetch_object($q))
 			mysql_query("INSERT INTO award_types (id,type,`order`,year) VALUES (
-				'".mysql_escape_string($r->id)."',
-				'".mysql_escape_string($r->type)."',
-				'".mysql_escape_string($r->order)."',
-				'".mysql_escape_string($newfairyear)."')");
+				'".mysql_real_escape_string($r->id)."',
+				'".mysql_real_escape_string($r->type)."',
+				'".mysql_real_escape_string($r->order)."',
+				'".mysql_real_escape_string($newfairyear)."')");
 
 		echo i18n("Rolling schools")."<br />";
 		//award types
@@ -259,31 +275,31 @@
 		echo mysql_error();
 		while($r=mysql_fetch_object($q))
 			mysql_query("INSERT INTO schools (school,schoollang,schoollevel,board,district,phone,fax,address,city,province_code,postalcode,principal,schoolemail,sciencehead,scienceheademail,scienceheadphone,accesscode,lastlogin,junior,intermediate,senior,registration_password,projectlimit,projectlimitper,year) VALUES (
-				'".mysql_escape_string($r->school)."',
-				'".mysql_escape_string($r->schoollang)."',
-				'".mysql_escape_string($r->schoollevel)."',
-				'".mysql_escape_string($r->board)."',
-				'".mysql_escape_string($r->district)."',
-				'".mysql_escape_string($r->phone)."',
-				'".mysql_escape_string($r->fax)."',
-				'".mysql_escape_string($r->address)."',
-				'".mysql_escape_string($r->city)."',
-				'".mysql_escape_string($r->province_code)."',
-				'".mysql_escape_string($r->postalcode)."',
-				'".mysql_escape_string($r->principal)."',
-				'".mysql_escape_string($r->schoolemail)."',
-				'".mysql_escape_string($r->sciencehead)."',
-				'".mysql_escape_string($r->scienceheademail)."',
-				'".mysql_escape_string($r->scienceheadphone)."',
-				'".mysql_escape_string($r->accesscode)."',
+				'".mysql_real_escape_string($r->school)."',
+				'".mysql_real_escape_string($r->schoollang)."',
+				'".mysql_real_escape_string($r->schoollevel)."',
+				'".mysql_real_escape_string($r->board)."',
+				'".mysql_real_escape_string($r->district)."',
+				'".mysql_real_escape_string($r->phone)."',
+				'".mysql_real_escape_string($r->fax)."',
+				'".mysql_real_escape_string($r->address)."',
+				'".mysql_real_escape_string($r->city)."',
+				'".mysql_real_escape_string($r->province_code)."',
+				'".mysql_real_escape_string($r->postalcode)."',
+				'".mysql_real_escape_string($r->principal)."',
+				'".mysql_real_escape_string($r->schoolemail)."',
+				'".mysql_real_escape_string($r->sciencehead)."',
+				'".mysql_real_escape_string($r->scienceheademail)."',
+				'".mysql_real_escape_string($r->scienceheadphone)."',
+				'".mysql_real_escape_string($r->accesscode)."',
 				NULL,
-				'".mysql_escape_string($r->junior)."',
-				'".mysql_escape_string($r->intermediate)."',
-				'".mysql_escape_string($r->senior)."',
-				'".mysql_escape_string($r->registration_password)."',
-				'".mysql_escape_string($r->projectlimit)."',
-				'".mysql_escape_string($r->projectlimitper)."',
-				'".mysql_escape_string($newfairyear)."')");
+				'".mysql_real_escape_string($r->junior)."',
+				'".mysql_real_escape_string($r->intermediate)."',
+				'".mysql_real_escape_string($r->senior)."',
+				'".mysql_real_escape_string($r->registration_password)."',
+				'".mysql_real_escape_string($r->projectlimit)."',
+				'".mysql_real_escape_string($r->projectlimitper)."',
+				'".mysql_real_escape_string($newfairyear)."')");
 
 		echo i18n("Rolling questions")."<br />";
 		$q = mysql_query("SELECT * FROM questions WHERE year='$currentfairyear'");
@@ -291,12 +307,12 @@
 			mysql_query("INSERT INTO questions (id,year,section,db_heading,question,type,required,ord) VALUES (
 				'',
 				'$newfairyear',
-				'".mysql_escape_string($r->section)."',
-				'".mysql_escape_string($r->db_heading)."',
-				'".mysql_escape_string($r->question)."',
-				'".mysql_escape_string($r->type)."',
-				'".mysql_escape_string($r->required)."',
-				'".mysql_escape_string($r->ord)."')");
+				'".mysql_real_escape_string($r->section)."',
+				'".mysql_real_escape_string($r->db_heading)."',
+				'".mysql_real_escape_string($r->question)."',
+				'".mysql_real_escape_string($r->type)."',
+				'".mysql_real_escape_string($r->required)."',
+				'".mysql_real_escape_string($r->ord)."')");
 
 		echo i18n("Rolling registration fee items")."<br />";
 		//regfee items