Add the winners viewer and make sure its robust so it doesnt allow people to see things they shouldnt!

This commit is contained in:
james 2005-05-12 21:05:21 +00:00
parent 192d98f7b7
commit 6d5f794e05
2 changed files with 212 additions and 0 deletions

View File

@ -285,6 +285,7 @@ echo "<h1>".i18n($config['fairname'])."</h1>";
<li><a href="<?=$config['SFIABDIRECTORY']?>/register_participants.php"><?=i18n("Participant Registration")?></a></li>
<li><a href="<?=$config['SFIABDIRECTORY']?>/register_judges.php"><?=i18n("Judges Registration")?></a></li>
<li><a href="<?=$config['SFIABDIRECTORY']?>/committees.php"><?=i18n("Committee")?></a></li>
<li><a href="<?=$config['SFIABDIRECTORY']?>/winners.php"><?=i18n("Winners")?></a></li>
</ul>
<br />
<ul class="mainnav">

211
winners.php Normal file
View File

@ -0,0 +1,211 @@
<?
/*
This file is part of the 'Science Fair In A Box' project
SFIAB Website: http://www.sfiab.ca
Copyright (C) 2005 Sci-Tech Ontario Inc <info@scitechontario.org>
Copyright (C) 2005 James Grant <james@lightbox.org>
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public
License as published by the Free Software Foundation, version 2.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; see the file COPYING. If not, write to
the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
Boston, MA 02111-1307, USA.
*/
?>
<?
require("common.inc.php");
require("projects.inc.php");
send_header("Winners");
if($_GET['edit']) $edit=$_GET['edit'];
if($_POST['edit']) $edit=$_POST['edit'];
if($_GET['action']) $action=$_GET['action'];
if($_POST['action']) $action=$_POST['action'];
if($_GET['year'] && $_GET['type'])
{
echo "<h2>".i18n("%1 %2 Award Winners",array($_GET['year'],$_GET['type']))."</h2>";
//first, lets make sure someone isnt tryint to see something that they arent allowed to!
$q=mysql_query("SELECT (NOW()>'".$config['dates']['postwinners']."') AS test");
$r=mysql_fetch_object($q);
if($r->test!=1)
{
echo error(i18n("Crystal ball says future is very hard to see!"));
}
else
{
$q=mysql_query("SELECT
award_awards.id,
award_awards.name,
award_awards.order AS awards_order,
award_types.type
FROM
award_awards,
award_types
WHERE
award_awards.year='".$config['FAIRYEAR']."'
AND award_awards.award_types_id=award_types.id
AND award_types.type='".$_GET['type']."'
ORDER BY
awards_order");
echo mysql_error();
if(mysql_num_rows($q))
{
echo "<a href=\"winners.php\">".i18n("Back to Winners main page")."</a>";
echo "<br />";
while($r=mysql_fetch_object($q))
{
echo "<h3>$r->name</h3> \n";
$pq=mysql_query("SELECT
award_prizes.prize,
award_prizes.number,
award_prizes.id,
award_prizes.cash,
award_prizes.scholarship,
winners.projects_id,
projects.projectnumber,
projects.title
FROM
award_prizes
LEFT JOIN winners ON winners.awards_prizes_id=award_prizes.id
LEFT JOIN projects ON projects.id=winners.projects_id
WHERE
award_awards_id='$r->id'
AND award_prizes.year='".$config['FAIRYEAR']."'
ORDER BY
`order`");
echo mysql_error();
$prevprizeid=-1;
while($pr=mysql_fetch_object($pq))
{
if($prevprizeid!=$pr->id)
{
echo "&nbsp;";
echo "&nbsp;";
echo "<b>";
echo "$pr->prize";
if($pr->cash || $pr->scholarship)
{
echo " (";
if($pr->cash && $pr->scholarship)
echo "\$$pr->cash cash / \$$pr->scholarship scholarship";
else if($pr->cash)
echo "\$$pr->cash cash";
else if($pr->scholarship)
echo "\$$pr->scholarship scholarship";
echo ")";
}
echo "</b>";
echo "<br />";
$prevprizeid=$pr->id;
}
if($pr->projectnumber)
{
echo "&nbsp;";
echo "&nbsp;";
echo "&nbsp;";
echo "&nbsp;";
echo "($pr->projectnumber) $pr->title";
echo "<br />";
}
else
{
/*
echo "&nbsp;";
echo "&nbsp;";
echo "&nbsp;";
echo "&nbsp;";
echo "<font color=\"red\">No winner(s) specified</font>";
*/
}
}
echo "<br />";
}
}
}
}
else
{
$q=mysql_query("SELECT
DISTINCT(winners.year) AS year,
dates.date
FROM
winners,
dates
WHERE
winners.year=dates.year
AND dates.name='postwinners'
AND dates.date<=NOW()
ORDER BY
year DESC");
$first=true;
if(mysql_num_rows($q))
{
while($r=mysql_fetch_object($q))
{
if($first && $r->year != $config['FAIRYEAR'])
{
list($d,$t)=split(" ",$config['dates']['postwinners']);
echo "<h2>".i18n("%1 Winners",array($config['FAIRYEAR']))."</h2>";
echo i18n("Winners of the %1 %2 will be posted here on %3 at %4",array($config['FAIRYEAR'],$config['fairname'],$d,$t));
$first=false;
}
//get the "winnersposted" date for the year, and make
echo "<h2>".i18n("%1 Winners",array($r->year))."</h2>";
//do this each time, because each year the names of the award types could change, along with what is actually given out.
//
$tq=mysql_query("SELECT
DISTINCT(award_types.type) AS type
FROM
winners,
award_types,
award_awards,
award_prizes
WHERE
award_awards.award_types_id=award_types.id
AND winners.awards_prizes_id=award_prizes.id
AND award_prizes.award_awards_id=award_awards.id
AND winners.year='$r->year'
ORDER BY
award_types.order
");
echo mysql_error();
while($tr=mysql_fetch_object($tq))
{
echo "&nbsp;&nbsp;<a href=\"winners.php?year=$r->year&type=$tr->type\">".i18n("%1 %2 award winners",array($r->year,$tr->type))."</a><br />";
}
}
}
else
{
list($d,$t)=split(" ",$config['dates']['postwinners']);
echo "<h2>".i18n("%1 Winners",array($config['FAIRYEAR']))."</h2>";
echo i18n("Winners of the %1 %2 will be posted here on %3 at %4",array($config['FAIRYEAR'],$config['fairname'],$d,$t));
}
}
send_footer();
?>