This commit is contained in:
Armanveer Gill 2024-12-17 01:34:35 -05:00
parent 000826e093
commit 974eb738f3
41 changed files with 368 additions and 296 deletions

View File

@ -27,7 +27,7 @@
user_auth_required('committee', 'admin'); user_auth_required('committee', 'admin');
require_once('awards.inc.php'); require_once('awards.inc.php');
switch($_GET['action']) { switch(get_value_from_array($_GET, 'action')) {
case 'awardinfo_load': case 'awardinfo_load':
$id = intval($_GET['id']); $id = intval($_GET['id']);

View File

@ -28,7 +28,7 @@
user_auth_required('committee', 'admin'); user_auth_required('committee', 'admin');
if($_POST['users_uid']) if(get_value_from_array($_POST,'users_uid'))
$uid = intval($_POST['users_uid']); $uid = intval($_POST['users_uid']);
@ -124,8 +124,8 @@ function actionSubmit()
//--> //-->
</script> </script>
<? <?
global $uid;
if($_POST['addcommittee']) if(get_value_from_array($_POST,'addcommittee'))
{ {
//add a new committee //add a new committee
//re-order the committees //re-order the committees
@ -134,7 +134,7 @@ if($_POST['addcommittee'])
echo happy(i18n("Committee successfully added")); echo happy(i18n("Committee successfully added"));
} }
if($_POST['committees_id'] && $_POST['committees_ord']) { if(get_value_from_array($_POST,'committees_id') && get_value_from_array($_POST,'committees_ord')) {
//re-order the committees //re-order the committees
$x=0; $x=0;
$ids=$_POST['committees_id']; $ids=$_POST['committees_id'];
@ -172,9 +172,9 @@ if($_POST['committees_id'] && $_POST['committees_ord']) {
} }
if($_POST['action']=="assign") if(get_value_from_array($_POST, 'action', "assign"))
{ {
if($_POST['committees_id'] && $_POST['users_uid']) { if(get_value_from_array($_POST, 'committees_id') && get_vaue_from_array($_POST,'users_uid')) {
$cid = intval($_POST['committees_id']); $cid = intval($_POST['committees_id']);
$q = $pdo->prepare("SELECT * FROM committees_link WHERE committees_id='$cid' AND users_uid='$uid'"); $q = $pdo->prepare("SELECT * FROM committees_link WHERE committees_id='$cid' AND users_uid='$uid'");
$q->execute(); $q->execute();
@ -191,7 +191,7 @@ if($_POST['action']=="assign")
echo error(("You must choose both a member and a committee")); echo error(("You must choose both a member and a committee"));
} }
if($_GET['deletecommittee']) { if(get_value_from_array($_GET, 'deletecommittee')) {
$del = intval($_GET['deletecommittee']); $del = intval($_GET['deletecommittee']);
$q = $pdo->prepare("DELETE FROM committees WHERE id='$del'"); $q = $pdo->prepare("DELETE FROM committees WHERE id='$del'");
@ -199,13 +199,13 @@ if($_GET['deletecommittee']) {
echo happy(i18n("Committee removed")); echo happy(i18n("Committee removed"));
} }
if($_POST['action']=="remove") { if(get_value_from_array($_POST, 'action',"remove")) {
/* user_delete takes care of unlinking the user in other tables */ /* user_delete takes care of unlinking the user in other tables */
user_delete($uid, 'committee'); user_delete($uid, 'committee');
echo happy(i18n("Committee member deleted")); echo happy(i18n("Committee member deleted"));
} }
if($_GET['unlinkmember'] && $_GET['unlinkcommittee']) { if(get_value_from_array($_GET, 'unlinkmember') && get_value_from_array($_GET,'unlinkcommittee')) {
$mem = intval($_GET['unlinkmember']); $mem = intval($_GET['unlinkmember']);
$com = intval($_GET['unlinkcommittee']); $com = intval($_GET['unlinkcommittee']);
//unlink the member from the committee //unlink the member from the committee
@ -304,7 +304,7 @@ if($_GET['unlinkmember'] && $_GET['unlinkcommittee']) {
$q = $pdo->prepare("SELECT * FROM committees ORDER BY ord,name"); $q = $pdo->prepare("SELECT * FROM committees ORDER BY ord,name");
$q->execute(); $q->execute();
if($q->rowCout()) if($q->rowCount())
{ {
echo "<h4>".i18n("Committees")."</h4>"; echo "<h4>".i18n("Committees")."</h4>";
echo "<form method=\"post\" action=\"committees.php\">\n"; echo "<form method=\"post\" action=\"committees.php\">\n";
@ -359,14 +359,15 @@ if($_GET['unlinkmember'] && $_GET['unlinkcommittee']) {
echo "</td><td>"; echo "</td><td>";
if($u['email']) { if(get_value_from_array($u, 'email')) {
list($b,$a)=split("@",$u['email']); print_r($u["email"]);
list($b,$a)=explode("@",$u['email']);
echo "<script language=\"javascript\" type=\"text/javascript\">em('$b','$a')</script>"; echo "<script language=\"javascript\" type=\"text/javascript\">em('$b','$a')</script>";
} }
if($u['emailprivate']) { if(get_value_from_array($u, 'emailprivate')) {
if($u['email']) echo " <b>/</b> "; if($u['email']) echo " <b>/</b> ";
list($b,$a)=split("@",$u['emailprivate']); list($b,$a)=explode("@",$u['emailprivate']);
echo "<script language=\"javascript\" type=\"text/javascript\">em('$b','$a')</script>"; echo "<script language=\"javascript\" type=\"text/javascript\">em('$b','$a')</script>";
} }

View File

@ -28,7 +28,7 @@ user_auth_required('committee', 'admin');
require_once("fundraising_common.inc.php"); require_once("fundraising_common.inc.php");
switch($_GET['action']) { switch(get_value_from_array($_GET, 'action')) {
case 'organizationinfo_load': case 'organizationinfo_load':
$id=intval($_GET['id']); $id=intval($_GET['id']);
$q=$pdo->prepare("SELECT * FROM sponsors WHERE id='$id'"); $q=$pdo->prepare("SELECT * FROM sponsors WHERE id='$id'");
@ -1189,7 +1189,7 @@ function removedonation(donationid,sponsorid) {
<? <?
if($_GET['action']=="delete" && $_GET['delete']) if(get_value_from_array($_GET, 'action') == "delete" && get_value_from_array($_GET, 'delete'))
{ {
//dont allow any deleting until we figure out what we need to do, infact, i think we never should hard delete //dont allow any deleting until we figure out what we need to do, infact, i think we never should hard delete
//this should only soft-delete so things like awards from previous years are still all linked correctly. //this should only soft-delete so things like awards from previous years are still all linked correctly.
@ -1293,7 +1293,7 @@ echo "<hr />";
</div> </div>
<? <?
if($_GET['action']=="add") { if(get_value_from_array($_GET,'action',"add")) {
?> ?>
<script type="text/javascript"> <script type="text/javascript">
$(document).ready(function() { $(document).ready(function() {

View File

@ -30,8 +30,8 @@
//$q=mysql_query("SELECT * FROM award_sponsors WHERE year='".$config['FAIRYEAR']."' ORDER BY organization"); //$q=mysql_query("SELECT * FROM award_sponsors WHERE year='".$config['FAIRYEAR']."' ORDER BY organization");
//we want to show all years, infact that year field probably shouldnt even be there. //we want to show all years, infact that year field probably shouldnt even be there.
$sql=""; $sql="";
if($_POST['search']) $sql.=" AND organization LIKE '%".$_POST['search']."%' "; if(get_value_from_array($_POST, 'search')) $sql.=" AND organization LIKE '%".$_POST['search']."%' ";
if(count($_POST['donortype'])) { if(count(get_value_from_array($_POST, 'donortype'))) {
$sql.=" AND (0 "; $sql.=" AND (0 ";
foreach($_POST['donortype'] AS $d) { foreach($_POST['donortype'] AS $d) {
$sql.=" OR donortype='$d'"; $sql.=" OR donortype='$d'";

View File

@ -26,7 +26,7 @@
user_auth_required('committee', 'admin'); user_auth_required('committee', 'admin');
if($_GET['action']=="refresh") { if(get_value_from_array($_GET,'action',"refresh")) {
?> ?>
<h3><?=i18n("Fundraising Purposes and Progress Year to Date")?></h3> <h3><?=i18n("Fundraising Purposes and Progress Year to Date")?></h3>
@ -49,7 +49,7 @@ $q->execute();
//lookup all donations made towards this goal //lookup all donations made towards this goal
$recq=$pdo->prepare("SELECT SUM(value) AS received FROM fundraising_donations WHERE fundraising_goal='$r->goal' AND fiscalyear='{$config['FISCALYEAR']}' AND status='received'"); $recq=$pdo->prepare("SELECT SUM(value) AS received FROM fundraising_donations WHERE fundraising_goal='$r->goal' AND fiscalyear='{$config['FISCALYEAR']}' AND status='received'");
$recq->execute(); $recq->execute();
echo $pdo->errorInfo(); show_pdo_errors_if_any($pdo);
$recr=$recq->fetch(PDO::FETCH_OBJ); $recr=$recq->fetch(PDO::FETCH_OBJ);
$received=$recr->received; $received=$recr->received;
if($r->budget) if($r->budget)
@ -93,7 +93,7 @@ $q->execute();
$goalr=$goalq->fetch(PDO:FETCH_OBJ); $goalr=$goalq->fetch(PDO:FETCH_OBJ);
$recq=$pdo->prepare("SELECT SUM(value) AS received FROM fundraising_donations WHERE fundraising_campaigns_id='$r->id' AND fiscalyear='{$config['FISCALYEAR']}' AND status='received'"); $recq=$pdo->prepare("SELECT SUM(value) AS received FROM fundraising_donations WHERE fundraising_campaigns_id='$r->id' AND fiscalyear='{$config['FISCALYEAR']}' AND status='received'");
$recq->execute(); $recq->execute();
echo $pdo->errorInfo(); show_pdo_errors_if_any();
$recr=$recq->fetch(PDO::FETCH_OBJ); $recr=$recq->fetch(PDO::FETCH_OBJ);
$received=$recr->received; $received=$recr->received;
if($r->target) if($r->target)
@ -132,7 +132,7 @@ $q=$pdo->prepare("SELECT id,value, thanked, status, sponsors_id, datereceived,
ORDER BY datereceived ORDER BY datereceived
"); ");
$q->execute(); $q->execute();
echo $pdo->errorInfo(); show_pdo_errors_if_any($pdo);
if($q->rowCount()) { if($q->rowCount()) {
echo "<table class=\"tableview\">"; echo "<table class=\"tableview\">";
@ -186,7 +186,7 @@ $q=$pdo->prepare("SELECT value, receiptrequired, receiptsent, status, sponsors_i
ORDER BY datereceived ORDER BY datereceived
"); ");
$q->execute(); $q->execute();
echo $pdo->errorInfo(); show_pdo_errors_if_any($pdo);
if($q->rowCount()) { if($q->rowCount()) {
echo "<table class=\"tableview\">"; echo "<table class=\"tableview\">";
echo "<tr><th>".i18n("Name")."</th>\n"; echo "<tr><th>".i18n("Name")."</th>\n";
@ -223,7 +223,7 @@ if($q->rowCount()) {
<? <?
$q=$pdo->prepare("SELECT * FROM fundraising_campaigns WHERE followupdate>=NOW() ORDER BY followupdate LIMIT 5"); $q=$pdo->prepare("SELECT * FROM fundraising_campaigns WHERE followupdate>=NOW() ORDER BY followupdate LIMIT 5");
$q->execute(); $q->execute();
echo $pdo->errorInfo(); show_pdo_errors_if_any($pdo);
if($q->rowCount()) { if($q->rowCount()) {
echo "<table class=\"tableview\">"; echo "<table class=\"tableview\">";
echo "<thead><tr>"; echo "<thead><tr>";
@ -246,7 +246,8 @@ if($q->rowCount()) {
<? <?
$q=$pdo->prepare("SELECT * FROM sponsors WHERE fundingselectiondate>=NOW() OR proposalsubmissiondate>=NOW() ORDER BY fundingselectiondate LIMIT 5"); $q=$pdo->prepare("SELECT * FROM sponsors WHERE fundingselectiondate>=NOW() OR proposalsubmissiondate>=NOW() ORDER BY fundingselectiondate LIMIT 5");
$q->execute(); $q->execute();
echo $pdo->errorInfo(); show_pdo_errors_if_any($pdo);
if($q->rowCount()) { if($q->rowCount()) {
echo "<table class=\"tableview\">"; echo "<table class=\"tableview\">";
echo "<tr>"; echo "<tr>";
@ -267,7 +268,7 @@ if($q->rowCount()) {
exit; exit;
} }
else if (count($_POST['thanked'])) { else if (get_value_from_array($_POST, 'thanked')) {
foreach($_POST['thanked'] AS $t) { foreach($_POST['thanked'] AS $t) {
$stmt = $pdo->prepare("UPDATE fundraising_donations SET thanked='yes' WHERE id='$t'"); $stmt = $pdo->prepare("UPDATE fundraising_donations SET thanked='yes' WHERE id='$t'");
$stmt->execute(); $stmt->execute();

View File

@ -7,6 +7,6 @@ function getGoal($goal) {
$q=$pdo->prepare("SELECT * FROM fundraising_goals WHERE goal='$goal' AND fiscalyear='{$config['FISCALYEAR']}' LIMIT 1"); $q=$pdo->prepare("SELECT * FROM fundraising_goals WHERE goal='$goal' AND fiscalyear='{$config['FISCALYEAR']}' LIMIT 1");
$q->execute(); $q->execute();
return $q->rowCount(); return $q->rowCount();
}
?> ?>

View File

@ -183,7 +183,7 @@
echo $config['FISCALYEAR']; echo $config['FISCALYEAR'];
echo "</td></tr>\n"; echo "</td></tr>\n";
echo "<tr><td>".i18n("Fiscal Year End")."</td><td>"; echo "<tr><td>".i18n("Fiscal Year End")."</td><td>";
list($month,$day)=split("-",$config['fiscal_yearend']); list($month,$day)=explode("-",$config['fiscal_yearend']);
emit_month_selector("fiscalendmonth",$month); emit_month_selector("fiscalendmonth",$month);
emit_day_selector("fiscalendday",$day); emit_day_selector("fiscalendday",$day);
echo "</td></tr>\n"; echo "</td></tr>\n";

View File

@ -84,7 +84,7 @@
echo " <td><a href=\"cwsfregister.php\">".theme_icon("one-click_cwsf_registration")."<br />".i18n("One-Click CWSF Registration")."</a></td>"; echo " <td><a href=\"cwsfregister.php\">".theme_icon("one-click_cwsf_registration")."<br />".i18n("One-Click CWSF Registration")."</a></td>";
echo " <td><a href=\"fair_stats.php\">".theme_icon("fair_stats")."<br />".i18n("Upload Fair Statistics")."</a></td>"; echo " <td><a href=\"fair_stats.php\">".theme_icon("fair_stats")."<br />".i18n("Upload Fair Statistics")."</a></td>";
echo " <td><a href=\"user_list.php?show_types[]=fair\">".theme_icon("sciencefair_management")."<br />".i18n("Feeder/Upstream Fair Management")."</a></td>"; echo " <td><a href=\"user_list.php?show_types[]=fair\">".theme_icon("sciencefair_management")."<br />".i18n("Feeder/Upstream Fair Management")."</a></td>";
if($config['score_entry_enable'] == 'yes') { if(get_value_from_array($config, 'score_entry_enable') == 'yes') {
echo "<td><a href=\"judging_score_entry.php\">".theme_icon("judging_score_entry")."<br />".i18n("Judging Score Entry")."</a></td>"; echo "<td><a href=\"judging_score_entry.php\">".theme_icon("judging_score_entry")."<br />".i18n("Judging Score Entry")."</a></td>";
} }
echo " </tr>\n"; echo " </tr>\n";
@ -96,7 +96,7 @@ if($config['score_entry_enable'] == 'yes') {
echo " <td><a href=\"documents.php\">".theme_icon("internal_document_management")."<br />".i18n("Internal Document Management")."</a></td>"; echo " <td><a href=\"documents.php\">".theme_icon("internal_document_management")."<br />".i18n("Internal Document Management")."</a></td>";
echo " <td><a href=\"cms.php\">".theme_icon("website_content_management")."<br />".i18n("Website Content Management")."</a></td>"; echo " <td><a href=\"cms.php\">".theme_icon("website_content_management")."<br />".i18n("Website Content Management")."</a></td>";
echo " <td><a href=\"fundraising.php\">".theme_icon("fundraising")."<br />".i18n("Fundraising")."</a></td>"; echo " <td><a href=\"fundraising.php\">".theme_icon("fundraising")."<br />".i18n("Fundraising")."</a></td>";
if($config['score_entry_enable'] == 'yes') { if(get_value_from_array($config, 'score_entry_enable') == 'yes') {
echo "<td><a href=\"../plugins/evaluations/index.php\">".theme_icon("judging_score_entry")."<br />".i18n("Evaluations Plugin")."</a></td>"; echo "<td><a href=\"../plugins/evaluations/index.php\">".theme_icon("judging_score_entry")."<br />".i18n("Evaluations Plugin")."</a></td>";
} }
//echo " <td><a href=\"../plugins/evaluations/index.php\">Go To Evaluations</a></td>"; //echo " <td><a href=\"../plugins/evaluations/index.php\">Go To Evaluations</a></td>";

View File

@ -2,7 +2,7 @@
function getJudgingTeams() function getJudgingTeams()
{ {
global $config; global $config;
global $pdo;
$q=$pdo->prepare("SELECT judges_teams.id, $q=$pdo->prepare("SELECT judges_teams.id,
judges_teams.num, judges_teams.num,
judges_teams.name judges_teams.name
@ -17,9 +17,9 @@ function getJudgingTeams()
$lastteamid=-1; $lastteamid=-1;
$lastteamnum=-1; $lastteamnum=-1;
echo $pdo->errorInfo(); show_pdo_errors_if_any($pdo);
$teams=array(); $teams=array();
while($r=$q->fetch(PDO::FETCH_OBJS)) while($r=$q->fetch(PDO::FETCH_OBJ))
{ {
$teams[$r->id]['id']=$r->id; $teams[$r->id]['id']=$r->id;
$teams[$r->id]['num']=$r->num; $teams[$r->id]['num']=$r->num;
@ -32,7 +32,7 @@ function getJudgingTeams()
$tq = $pdo->prepare("SELECT * FROM judges_teams_timeslots_link $tq = $pdo->prepare("SELECT * FROM judges_teams_timeslots_link
LEFT JOIN judges_timeslots ON judges_timeslots.id=judges_teams_timeslots_link.judges_timeslots_id LEFT JOIN judges_timeslots ON judges_timeslots.id=judges_teams_timeslots_link.judges_timeslots_id
WHERE judges_teams_timeslots_link.judges_teams_id='{$r->id}'"); WHERE judges_teams_timeslots_link.judges_teams_id='{$r->id}'");
tq->execute(); $tq->execute();
$teams[$r->id]['timeslots'] = array(); $teams[$r->id]['timeslots'] = array();
$teams[$r->id]['rounds'] = array(); $teams[$r->id]['rounds'] = array();
while($ts = $tq->fetch(PDO::FETCH_ASSOC)) { while($ts = $tq->fetch(PDO::FETCH_ASSOC)) {
@ -63,7 +63,7 @@ function getJudgingTeams()
lastname, lastname,
firstname"); firstname");
$mq->execute(); $mq->execute();
echo $pdo->errorInfo(); show_pdo_errors_if_any($pdo);
$teamlangs=array(); $teamlangs=array();
@ -94,7 +94,7 @@ function getJudgingTeams()
WHERE judges_teams_timeslots_projects_link.year='{$config['FAIRYEAR']}' AND WHERE judges_teams_timeslots_projects_link.year='{$config['FAIRYEAR']}' AND
judges_teams_id='$r->id' AND language!='' "); judges_teams_id='$r->id' AND language!='' ");
$lq->execute(); $lq->execute();
echo $pdo->errorInfo(); show_pdo_errors_if_any($pdo);
$projectlangs=array(); $projectlangs=array();
while($lr=$lq->fetch(PDO::FETCH_OBJ)) { while($lr=$lq->fetch(PDO::FETCH_OBJ)) {
if(!in_array($lr->language,$projectlangs)) if(!in_array($lr->language,$projectlangs))
@ -141,7 +141,7 @@ function getJudgingTeams()
function getJudgingTeam($teamid) function getJudgingTeam($teamid)
{ {
global $config; global $config;
global $pdo;
$q=$pdo->prepare("SELECT judges_teams.id, $q=$pdo->prepare("SELECT judges_teams.id,
judges_teams.num, judges_teams.num,
judges_teams.name judges_teams.name
@ -184,7 +184,7 @@ function getJudgingTeam($teamid)
lastname, lastname,
firstname"); firstname");
$mq->execute(); $mq->execute();
echo $pdo->errorInfo(); show_pdo_errors_if_any();
while($mr=$mq->fetch(PDO::FETCH_OBJ)) while($mr=$mq->fetch(PDO::FETCH_OBJ))

View File

@ -92,7 +92,7 @@
`type`='$type' WHERE id='$round_id'"); `type`='$type' WHERE id='$round_id'");
$stmt->execute(); $stmt->execute();
echo $pdo->errorInfo(); show_pdo_errors_if_any($pdo);
message_push(happy(i18n("Round successfully saved"))); message_push(happy(i18n("Round successfully saved")));
$action = ''; $action = '';
} }
@ -265,11 +265,11 @@
echo "</td></tr>"; echo "</td></tr>";
echo "<tr><td>".i18n("Start Time").":</td><td>"; echo "<tr><td>".i18n("Start Time").":</td><td>";
emit_time_selector("starttime",$r['starttime']); emit_time_selector("starttime",get_value_from_array($r, 'starttime'));
echo "</td></tr>"; echo "</td></tr>";
echo "<tr><td>".i18n("End Time").":</td><td>"; echo "<tr><td>".i18n("End Time").":</td><td>";
emit_time_selector("endtime",$r['endtime']); emit_time_selector("endtime",get_value_from_array($r, 'endtime'));
echo "</td></tr>"; echo "</td></tr>";
echo "</table>"; echo "</table>";

View File

@ -404,7 +404,7 @@ send_footer();
/* Now some helper functions we call more than once */ /* Now some helper functions we call more than once */
function list_query($year, $wherestatus, $reg_id) function list_query($year, $wherestatus, $reg_id)
{ {
global $auth_type; global $auth_type, $pdo;
$reg = ''; $reg = '';
if($reg_id != false) if($reg_id != false)
@ -415,7 +415,7 @@ function list_query($year, $wherestatus, $reg_id)
$fair = "AND projects.fairs_id='{$_SESSION['fairs_id']}'"; $fair = "AND projects.fairs_id='{$_SESSION['fairs_id']}'";
} }
$q = pdo->prepare("SELECT registrations.id AS reg_id, $q = $pdo->prepare("SELECT registrations.id AS reg_id,
registrations.num AS reg_num, registrations.num AS reg_num,
registrations.status, registrations.status,
registrations.email, registrations.email,
@ -439,7 +439,8 @@ function list_query($year, $wherestatus, $reg_id)
echo $pdo->erroInfo(); // FIXME
//echo $pdo->errorInfo();
return $q; return $q;
} }

View File

@ -40,7 +40,7 @@
echo "<br />"; echo "<br />";
$showformatbottom=true; $showformatbottom=true;
if($_POST['action']=="received" && $_POST['registration_number']) if(get_value_from_array($_POST, 'action') == "received" && get_value_from_array($_POST, 'registration_number'))
{ {
$q=$pdo->prepare("SELECT * FROM registrations WHERE num='".$_POST['registration_number']."' AND year='".$config['FAIRYEAR']."'"); $q=$pdo->prepare("SELECT * FROM registrations WHERE num='".$_POST['registration_number']."' AND year='".$config['FAIRYEAR']."'");
$q->execute(); $q->execute();
@ -209,7 +209,7 @@ echo $pdo->errorInfo();
} }
else if(($_POST['action']=="receivedyes" || $_POST['action']=="receivedyesnocash") && $_POST['registration_number']) { else if((get_value_from_array($_POST,'action',"receivedyes") || get_value_from_array($_POST,'action',"receivedyesnocash")) && get_value_from_array($_POST, 'registration_number')) {
$regnum = intval($_POST['registration_number']); $regnum = intval($_POST['registration_number']);
$checkNumQuery=$pdo->prepare("SELECT projectnumber $checkNumQuery=$pdo->prepare("SELECT projectnumber
@ -285,12 +285,12 @@ echo $pdo->errorInfo();
echo happy(i18n("Registration of form %1 marked as payment pending",array($regnum))); echo happy(i18n("Registration of form %1 marked as payment pending",array($regnum)));
} }
} }
else if($_POST['action']=="receivedno" && $_POST['registration_number']) else if(get_value_from_array($_POST, 'action',"receivedno") && get_value_from_array($_POST, 'registration_number'))
{ {
echo notice(i18n("Registration of form %1 cancelled",array($_POST['registration_number']))); echo notice(i18n("Registration of form %1 cancelled",array($_POST['registration_number'])));
} }
else if($_GET['action']=="unregister" && $_GET['registration_number']) { else if(get_value_from_array($_GET,'action',"unregister") && get_value_from_array($_GET, 'registration_number')) {
$reg_num=intval(trim($_GET['registration_number'])); $reg_num=intval(trim($_GET['registration_number']));
$q=$pdo-prepare("SELECT registrations.id AS reg_id, projects.id AS proj_id FROM projects,registrations WHERE projects.registrations_id=registrations.id AND registrations.year='{$config['FAIRYEAR']}' AND registrations.num='$reg_num'"); $q=$pdo-prepare("SELECT registrations.id AS reg_id, projects.id AS proj_id FROM projects,registrations WHERE projects.registrations_id=registrations.id AND registrations.year='{$config['FAIRYEAR']}' AND registrations.num='$reg_num'");
$q->execute(); $q->execute();

View File

@ -27,7 +27,7 @@
user_auth_required('committee', 'admin'); user_auth_required('committee', 'admin');
require("../register_participants.inc.php"); require("../register_participants.inc.php");
if($_GET['year']) $year=$_GET['year']; if(get_value_from_array($_GET, 'year')) $year=$_GET['year'];
else $year=$config['FAIRYEAR']; else $year=$config['FAIRYEAR'];
send_header("Registration Statistics", send_header("Registration Statistics",
@ -62,9 +62,8 @@
echo "</form>"; echo "</form>";
$q=$pdo->prepare("SELECT * FROM projectcategories WHERE year='$year' ORDER BY id"); $q=$pdo->prepare("SELECT * FROM projectcategories WHERE year='$year' ORDER BY id");
$q->execute();
while($r=$q->fetch(PDO::FETCH_OBJ))
while($r=$q->fetch(PDO::FETCH_OBJ)
$cats[$r->id]=$r->category; $cats[$r->id]=$r->category;
$q=$pdo->prepare("SELECT * FROM projectdivisions WHERE year='$year' ORDER BY id"); $q=$pdo->prepare("SELECT * FROM projectdivisions WHERE year='$year' ORDER BY id");
@ -83,7 +82,7 @@ if($showstatus) {
} }
} }
else $wherestatus=""; else $wherestatus="";
switch($_GET['sort']) { switch(get_value_from_array($_GET, 'sort')) {
case 'status': $ORDERBY="registrations.status DESC, projects.title"; break; case 'status': $ORDERBY="registrations.status DESC, projects.title"; break;
case 'num': $ORDERBY="registrations.num"; break; case 'num': $ORDERBY="registrations.num"; break;
case 'projnum': $ORDERBY="projects.projectsort, projects.projectnumber"; break; case 'projnum': $ORDERBY="projects.projectsort, projects.projectnumber"; break;
@ -113,7 +112,8 @@ else $wherestatus="";
$ORDERBY $ORDERBY
"); ");
$q->execute(); $q->execute();
echo $pdo->errorInfo(); // FIXME
//echo $pdo->errorInfo();
$stats_totalprojects=0; $stats_totalprojects=0;
$stats_totalstudents=0; $stats_totalstudents=0;

View File

@ -54,7 +54,7 @@ $stmt->execute();
{ {
$stmt = $pdo->prepare("INSERT INTO award_awards (award_sponsors_id,award_types_id,name,criteria,presenter,`order`,year,excludefromac,cwsfaward) VALUES ( $stmt = $pdo->prepare("INSERT INTO award_awards (award_sponsors_id,award_types_id,name,criteria,presenter,`order`,year,excludefromac,cwsfaward) VALUES (
'".$r->award_sponsors_id."', '".$r->award_sponsors_id."',
'".$r->award_types_i)."', '".$r->award_types_i."',
'".$r->name."', '".$r->name."',
'".$r->criteria."', '".$r->criteria."',
'".$r->presenter."', '".$r->presenter."',

View File

@ -37,12 +37,12 @@
$show_types = $_GET['show_types']; $show_types = $_GET['show_types'];
if(user_valid_type($show_types) == false) $show_types = array('judge'); if(user_valid_type($show_types) == false) $show_types = array('judge');
$show_complete = ($_GET['show_complete'] == 'yes') ? 'yes' : 'no'; $show_complete = (get_value_from_array($_GET,'show_complete','yes')) ? 'yes' : 'no';
$show_year = ($_GET['show_year'] == 'current') ? 'current' : 'all'; $show_year = get_value_from_array($_GET,'show_year','current') ? 'current' : 'all';
$uid = intval($_GET['uid']); $uid = intval(get_value_from_array($_GET,'uid'));
if($_GET['action']=='remove') { if(get_value_from_array($_GET,'action','remove')) {
if(!$uid) { if(!$uid) {
echo "Invalid uid for delete"; echo "Invalid uid for delete";
exit; exit;

View File

@ -419,7 +419,8 @@ $q = $pdo->prepare("SELECT
$fair_where $fair_where
ORDER BY awards_order"); ORDER BY awards_order");
echo $pdo->errorInfo(); // FIXME
//echo $pdo->errorInfo();
if($q->rowCount() == 0) { if($q->rowCount() == 0) {
echo i18n('No awards to display.'); echo i18n('No awards to display.');

View File

@ -24,20 +24,21 @@
<? <?
require_once('common.inc.php'); require_once('common.inc.php');
require_once('user.inc.php'); require_once('user.inc.php');
require_once('helper.inc.php');
send_header("Committee List", null, "committee_management"); send_header("Committee List", null, "committee_management");
echo "<table>"; echo "<table>";
$q = $pdo->prepare("SELECT * FROM committees ORDER BY ord,name"); $q = $pdo->prepare("SELECT * FROM committees ORDER BY ord,name");
$q->execute(); $q->execute();
while($r=$q->fetch()) while($r=$q->fetch(PDO::FETCH_OBJ))
{ {
/* Select all the u$q=("SELECT * FROM committees ORDER BY ord,name");sers in the committee, using MAX(year) for the most recent year */ /* Select all the u$q=("SELECT * FROM committees ORDER BY ord,name");sers in the committee, using MAX(year) for the most recent year */
$q2=("SELECT committees_link.*,users.uid,MAX(users.year),users.lastname $q2=$pdo->prepare("SELECT committees_link.*,users.uid,MAX(users.year),users.lastname
FROM committees_link LEFT JOIN users ON users.uid = committees_link.users_uid FROM committees_link LEFT JOIN users ON users.uid = committees_link.users_uid
WHERE committees_id='{$r->id}' WHERE committees_id='{$r->id}'
GROUP BY users.uid ORDER BY ord,users.lastname "); GROUP BY users.uid ORDER BY ord,users.lastname ");
$q2->execute();
//if there's nobody in this committee, then just skip it and go on to the next one. //if there's nobody in this committee, then just skip it and go on to the next one.
if($q2->rowCount()==0) if($q2->rowCount()==0)
continue; continue;
@ -46,8 +47,9 @@
echo "<td colspan=\"3\"><h3>".i18n($r->name)."</h3>"; echo "<td colspan=\"3\"><h3>".i18n($r->name)."</h3>";
echo "</td></tr>\n"; echo "</td></tr>\n";
echo pdo->errorInfo(); show_pdo_errors_if_any($pdo);
while($r2 = $q2->fetch()){
while($r2 = $q2->fetch(PDO::FETCH_OBJ)){
$uid = $r2->users_uid; $uid = $r2->users_uid;
$u = user_load_by_uid($uid); $u = user_load_by_uid($uid);
@ -72,8 +74,8 @@
$output=str_replace("email","",$output); $output=str_replace("email","",$output);
$output=str_replace("phonehome",$u['phonehome'],$output); $output=str_replace("phonehome",$u['phonehome'],$output);
$output=str_replace("phonework",$u['->phonework'],$output); $output=str_replace("phonework",$u['phonework'],$output);
$output=str_replace("phonecell",$u['->phonecell'],$output); $output=str_replace("phonecell",$u['phonecell'],$output);
$output=str_replace("fax",$u['fax'],$output); $output=str_replace("fax",$u['fax'],$output);
echo $output; echo $output;

View File

@ -22,10 +22,10 @@
*/ */
?> ?>
<? <?
include_once("helper.inc.php");
//////echo phpinfo(); //////echo phpinfo();
header("Content-Type: text/html; charset=utf8"); header("Content-Type: text/html; charset=utf8");
include_once("helper.inc.php");
//set error reporting to not show notices, for some reason some people's installation dont set this by default //set error reporting to not show notices, for some reason some people's installation dont set this by default
//so we will set it in the code instead just to make sure //so we will set it in the code instead just to make sure
error_reporting(E_ALL); error_reporting(E_ALL);
@ -460,6 +460,7 @@ echo "</div>";
<table cellpadding="5" width="100%"> <table cellpadding="5" width="100%">
<tr><td width="175"> <tr><td width="175">
<? <?
global $pdo;
//if the date is greater than the date/time that the confirmed participants gets posted, //if the date is greater than the date/time that the confirmed participants gets posted,
//then we will show the registration confirmation page as a link in the menu, //then we will show the registration confirmation page as a link in the menu,
$registrationconfirmationlink=""; $registrationconfirmationlink="";
@ -467,8 +468,9 @@ echo "</div>";
//only display it if a date is set to begin with. //only display it if a date is set to begin with.
if($config['dates']['postparticipants'] && $config['dates']['postparticipants']!="0000-00-00 00:00:00") if($config['dates']['postparticipants'] && $config['dates']['postparticipants']!="0000-00-00 00:00:00")
{ {
$q=("SELECT (NOW()>'".$config['dates']['regclose']."') AS test"); $q= $pdo->prepare("SELECT (NOW()>'".$config['dates']['regclose']."') AS test");
$r=$q->fetch(); $q->execute();
$r=$q->fetch(PDO::FETCH_OBJ);
if($r->test==1) if($r->test==1)
{ {
$registrationconfirmationlink="<li><a href=\"".$config['SFIABDIRECTORY']."/confirmed_participants.php\">".i18n("Confirmed Participants")."</a></li>"; $registrationconfirmationlink="<li><a href=\"".$config['SFIABDIRECTORY']."/confirmed_participants.php\">".i18n("Confirmed Participants")."</a></li>";
@ -480,20 +482,15 @@ echo "</div>";
<? <?
if(is_array($nav)) { if(is_array($nav)) {
$navkeys=array_keys($nav); $navkeys=array_keys($nav);
switch($navkeys[2]) { if (isset($navkeys[2]) && $navkeys[2] == "Fundraising") {
case "Fundraising": echo "<ul class=\"mainnav\">\n";
echo "<ul class=\"mainnav\">\n"; echo "<li><h4 style=\"text-align: center;\">".i18n("Fundraising")."</h4></li>\n";
echo "<li><h4 style=\"text-align: center;\">".i18n("Fundraising")."</h4></li>\n"; echo "<li><a href=\"{$config['SFIABDIRECTORY']}/admin/fundraising.php\">".i18n("Fundraising Dashboard").'</a></li>';
echo "<li><a href=\"{$config['SFIABDIRECTORY']}/admin/fundraising.php\">".i18n("Fundraising Dashboard").'</a></li>'; echo "<li><a href=\"{$config['SFIABDIRECTORY']}/admin/fundraising_setup.php\">".i18n("Fundraising Setup").'</a></li>';
echo "<li><a href=\"{$config['SFIABDIRECTORY']}/admin/fundraising_setup.php\">".i18n("Fundraising Setup").'</a></li>'; echo "<li><a href=\"{$config['SFIABDIRECTORY']}/admin/fundraising_campaigns.php\">".i18n("Manage Appeals").'</a></li>';
echo "<li><a href=\"{$config['SFIABDIRECTORY']}/admin/fundraising_campaigns.php\">".i18n("Manage Appeals").'</a></li>'; echo "<li><a href=\"{$config['SFIABDIRECTORY']}/admin/donors.php\">".i18n("Manage Donors/Sponsors").'</a></li>';
echo "<li><a href=\"{$config['SFIABDIRECTORY']}/admin/donors.php\">".i18n("Manage Donors/Sponsors").'</a></li>'; echo "<li><a href=\"{$config['SFIABDIRECTORY']}/admin/fundraising_reports.php\">".i18n("Fundraising Reports").'</a></li>';
echo "<li><a href=\"{$config['SFIABDIRECTORY']}/admin/fundraising_reports.php\">".i18n("Fundraising Reports").'</a></li>'; echo "</ul><br />\n";
echo "</ul><br />\n";
break;
default:
//no special menu
break;
} }
} }
?> ?>
@ -618,7 +615,7 @@ else if($title)
//if we're under /admin or /config then we want to show the ? help icon //if we're under /admin or /config then we want to show the ? help icon
if(substr(getcwd(),-6)=="/admin" || substr(getcwd(),-7)=="/config" || substr(getcwd(),-6)=="\\admin" || substr(getcwd(),-7)=="\\config" ) if(substr(getcwd(),-6)=="/admin" || substr(getcwd(),-7)=="/config" || substr(getcwd(),-6)=="\\admin" || substr(getcwd(),-7)=="\\config" )
{ {
if($_SERVER['REDIRECT_SCRIPT_URL']) if(get_value_from_array($_SERVER, 'REDIRECT_SCRIPT_URL'))
$fname=substr($_SERVER['REDIRECT_SCRIPT_URL'],strlen($config['SFIABDIRECTORY'])+1); $fname=substr($_SERVER['REDIRECT_SCRIPT_URL'],strlen($config['SFIABDIRECTORY'])+1);
else else
$fname=substr($_SERVER['PHP_SELF'],strlen($config['SFIABDIRECTORY'])+1); $fname=substr($_SERVER['PHP_SELF'],strlen($config['SFIABDIRECTORY'])+1);
@ -830,7 +827,8 @@ function emit_minute_selector($name,$selected="")
function emit_time_selector($name,$selected="") function emit_time_selector($name,$selected="")
{ {
global $hour;
global $minute;
if($selected) if($selected)
{ {
list($hour,$minute,$second)=explode(":",$selected); list($hour,$minute,$second)=explode(":",$selected);
@ -848,7 +846,9 @@ function emit_time_selector($name,$selected="")
function emit_province_selector($name,$selected="",$extra="") function emit_province_selector($name,$selected="",$extra="")
{ {
global $config; global $config;
$q=("SELECT * FROM provinces WHERE countries_code='".$config['country']."' ORDER BY province"); global $pdo;
$q=$pdo->prepare("SELECT * FROM provinces WHERE countries_code='".$config['country']."' ORDER BY province");
$q->execute();
if($q->rowCount()==1) if($q->rowCount()==1)
{ {
$r = $q->fetch(); $r = $q->fetch();
@ -1169,7 +1169,8 @@ function committee_warnings()
$q = $pdo->prepare("SELECT DATE_ADD('".$config['dates']['fairdate']."', INTERVAL 4 MONTH) < NOW() AS rollovercheck"); $q = $pdo->prepare("SELECT DATE_ADD('".$config['dates']['fairdate']."', INTERVAL 4 MONTH) < NOW() AS rollovercheck");
$q->execute(); $q->execute();
$r = $q->fetch(); $r = $q->fetch(PDO::FETCH_OBJ);
if($r->rollovercheck) { if($r->rollovercheck) {
echo error(i18n("It has been more than 4 months since your fair. In order to prepare the system for the next year's fair, you should go to the SFIAB Configuration page, and click on 'Rollover Fair Year'. Do not start updating the system with new information until the year has been properly rolled over.")); echo error(i18n("It has been more than 4 months since your fair. In order to prepare the system for the next year's fair, you should go to the SFIAB Configuration page, and click on 'Rollover Fair Year'. Do not start updating the system with new information until the year has been properly rolled over."));
} }
@ -1183,7 +1184,7 @@ function committee_warnings()
/* The bug was that the external_identifier was set to the prize name.. so only display the warning /* The bug was that the external_identifier was set to the prize name.. so only display the warning
* if we find that case for a non-sfiab external fair */ * if we find that case for a non-sfiab external fair */
while(($p = $q->fetch(PDO::FETCH_ASSOC) )) { while(($p = $q->fetch(PDO::FETCH_ASSOC) )) {
$qq = ("SELECT * FROM award_awards $qq = ("SELECT * FROM award_awards $r->rollovercheck
LEFT JOIN fairs ON fairs.id=award_awards.award_source_fairs_id LEFT JOIN fairs ON fairs.id=award_awards.award_source_fairs_id
WHERE award_awards.id='{$p['award_awards_id']}' WHERE award_awards.id='{$p['award_awards_id']}'
AND year='{$config['FAIRYEAR']}' AND year='{$config['FAIRYEAR']}'
@ -1254,7 +1255,7 @@ function format_datetime($dt) {
} }
function format_money($n,$decimals=true) function format_money($n,$decimals=true)
{ { global $neg;
if($n<0){ if($n<0){
$neg=true; $neg=true;
$n=$n*-1; $n=$n*-1;

View File

@ -32,7 +32,7 @@ if(!file_exists("../data/backuprestore"))
file_put_contents("../data/backuprestore/.htaccess","Order Deny,Allow\r\nDeny From All\r\n"); file_put_contents("../data/backuprestore/.htaccess","Order Deny,Allow\r\nDeny From All\r\n");
if($_GET['action']=="backup") { if(get_value_from_array($_GET,'action',"backup")) {
$ts=time(); $ts=time();
$dump="#SFIAB SQL BACKUP: ".date("r",$ts)."\n"; $dump="#SFIAB SQL BACKUP: ".date("r",$ts)."\n";
$dump.="#SFIAB VERSION: ".$config['version']."\n"; $dump.="#SFIAB VERSION: ".$config['version']."\n";
@ -50,7 +50,7 @@ while($tr=$tableq->fetch(PDO::FETCH_NUM)) {
$str="INSERT INTO `$table` ("; $str="INSERT INTO `$table` (";
unset($fields); unset($fields);
$fields=array(); $fields=array();
while($cr=$columnq->fetch(PDO:FETCH_OBJ)) { while($cr=$columnq->fetch(PDO::FETCH_OBJ)) {
$str.="`".$cr->Field."`,"; $str.="`".$cr->Field."`,";
$fields[]=$cr->Field; $fields[]=$cr->Field;
} }

View File

@ -24,10 +24,11 @@
<? <?
require("../common.inc.php"); require("../common.inc.php");
require_once("../user.inc.php"); require_once("../user.inc.php");
require_once('../helper.inc.php');
user_auth_required('committee', 'config'); user_auth_required('committee', 'config');
if($_GET['action']=="edit" || $_GET['action']=="new") { if(get_value_from_array($_GET, 'action',"edit") || get_value_from_array($_GET,'action',"new")) {
send_header(($_GET['action']=="edit") ? 'Edit Category' : 'New Category', send_header((get_value_from_array($_GET, 'action',"edit")) ? 'Edit Category' : 'New Category',
array('Committee Main' => 'committee_main.php', array('Committee Main' => 'committee_main.php',
'SFIAB Configuration' => 'config/index.php', 'SFIAB Configuration' => 'config/index.php',
'Age Categories' => 'config/categories.php'),"project_age_categories"); 'Age Categories' => 'config/categories.php'),"project_age_categories");
@ -37,10 +38,10 @@
'SFIAB Configuration' => 'config/index.php'),"project_age_categories"); 'SFIAB Configuration' => 'config/index.php'),"project_age_categories");
} }
if($_POST['action']=="edit") if(get_value_from_array($_POST, 'action', "edit"))
{ {
//ues isset($_POST['mingrade']) instead of just $_POST['mingrade'] to allow entering 0 for kindergarden //ues isset($_POST['mingrade']) instead of just $_POST['mingrade'] to allow entering 0 for kindergarden
if($_POST['id'] && $_POST['category'] && isset($_POST['mingrade']) && $_POST['maxgrade']) if(get_value_from_array($_POST, 'id') && get_value_from_array($_POST, 'category') && isset($_POST['mingrade']) && $_POST['maxgrade'])
{ {
$q=$pdo->prepare("SELECT id FROM projectcategories WHERE id='".$_POST['id']."' AND year='".$config['FAIRYEAR']."'"); $q=$pdo->prepare("SELECT id FROM projectcategories WHERE id='".$_POST['id']."' AND year='".$config['FAIRYEAR']."'");
$q->execute(); $q->execute();
@ -68,10 +69,10 @@
} }
} }
if($_POST['action']=="new") if(get_value_from_array($_POST, 'action', "new"))
{ {
//ues isset($_POST['mingrade']) instead of just $_POST['mingrade'] to allow entering 0 for kindergarden //ues isset($_POST['mingrade']) instead of just $_POST['mingrade'] to allow entering 0 for kindergarden
if($_POST['id'] && $_POST['category'] && isset($_POST['mingrade']) && $_POST['maxgrade']) if(get_value_from_array($_POST, 'id') && $_POST['category'] && isset($_POST['mingrade']) && $_POST['maxgrade'])
{ {
$q=$pdo->prepare("SELECT id FROM projectcategories WHERE id='".$_POST['id']."' AND year='".$config['FAIRYEAR']."'"); $q=$pdo->prepare("SELECT id FROM projectcategories WHERE id='".$_POST['id']."' AND year='".$config['FAIRYEAR']."'");
$q->execute(); $q->execute();
@ -99,7 +100,7 @@
} }
} }
if($_GET['action']=="remove" && $_GET['remove']) if(get_value_from_array($_GET, 'action',"remove") && get_value_from_array($_GET, 'remove'))
{ {
//###### Feature Specific - filtering divisions by category - not conditional, cause even if they have the filtering turned off..if any links //###### Feature Specific - filtering divisions by category - not conditional, cause even if they have the filtering turned off..if any links
//for this division exist they should be deleted //for this division exist they should be deleted
@ -113,7 +114,7 @@
echo "<form method=\"post\" action=\"".$_SERVER['PHP_SELF']."\">"; echo "<form method=\"post\" action=\"".$_SERVER['PHP_SELF']."\">";
if(! ($_GET['action']=="edit" || $_GET['action']=="new") ) if(! get_value_from_array($_GET, 'action', "edit" ) || get_value_from_array($_GET, 'action',"new") )
echo "<a href=\"".$_SERVER['PHP_SELF']."?action=new\">".i18n("Add new age category")."</a>\n"; echo "<a href=\"".$_SERVER['PHP_SELF']."?action=new\">".i18n("Add new age category")."</a>\n";
echo "<table class=\"summarytable\">"; echo "<table class=\"summarytable\">";
@ -126,18 +127,18 @@
echo "<th>".i18n("Actions")."</th>\n"; echo "<th>".i18n("Actions")."</th>\n";
echo "</tr>"; echo "</tr>";
if($_GET['action']=="edit" || $_GET['action']=="new") if(get_value_from_array($_GET, 'action', "edit") || get_value_from_array($_GET, 'action', "new"))
{ {
echo "<input type=\"hidden\" name=\"action\" value=\"".$_GET['action']."\">\n"; echo "<input type=\"hidden\" name=\"action\" value=\"".get_value_from_array($_GET,'action')."\">\n";
if($_GET['action']=="edit") if(get_value_from_array($_GET,'action',"edit"))
{ {
echo "<input type=\"hidden\" name=\"saveid\" value=\"".$_GET['edit']."\">\n"; echo "<input type=\"hidden\" name=\"saveid\" value=\"".get_value_from_array($_GET, 'edit')."\">\n";
$q=$pdo->prepare("SELECT * FROM projectcategories WHERE id='".$_GET['edit']."' AND year='".$config['FAIRYEAR']."'"); $q=$pdo->prepare("SELECT * FROM projectcategories WHERE id='".get_value_from_array($_GET, 'edit')."' AND year='".$config['FAIRYEAR']."'");
$q->execute(); $q->execute();
$categoryr=$q->fetch(PDO::FETCH_OBJ); $categoryr=$q->fetch(PDO::FETCH_OBJ);
$buttontext="Save"; $buttontext="Save";
} }
else if($_GET['action']=="new") else if(get_value_from_array($_GET,'action',"new"))
{ {
$buttontext="Add"; $buttontext="Add";
} }

View File

@ -24,6 +24,7 @@
<? <?
require("../common.inc.php"); require("../common.inc.php");
require_once("../user.inc.php"); require_once("../user.inc.php");
require_once('../helper.inc.php');
user_auth_required('committee', 'config'); user_auth_required('committee', 'config');
send_header("Dates", send_header("Dates",
array('Committee Main' => 'committee_main.php', array('Committee Main' => 'committee_main.php',
@ -49,7 +50,7 @@ $(document).ready(function() {
$error_ids = array(); $error_ids = array();
if($_POST['action']=="save") { if(get_value_from_array($_POST, 'action', "save")) {
if($_POST['savedates']) { if($_POST['savedates']) {
foreach($_POST['savedates'] as $key=>$val) { foreach($_POST['savedates'] as $key=>$val) {
//put the date and time back together //put the date and time back together
@ -74,7 +75,7 @@ $dates = array('fairdate' => array() ,
'regclose' => array(), 'regclose' => array(),
'postparticipants' => array(), 'postparticipants' => array(),
'postwinners' => array(), 'postwinners' => array(),
'judgeregopen' => datesarray(), 'judgeregopen' => array(),
'judgeregclose' => array(), 'judgeregclose' => array(),
'judgescheduleavailable' => array(), 'judgescheduleavailable' => array(),
'specawardregopen' => array(), 'specawardregopen' => array(),
@ -141,7 +142,7 @@ foreach($dates as $dn=>$d) {
$d['date']=$def->date; $d['date']=$def->date;
} }
$e = ''; $e = '';
if($error_ids[$d['id']]) { if(get_value_from_array($error_ids, $d['id'])) {
$e = "<span style=\"color: red;\">*</span> ".$error_ids[$d['id']]."</font>"; $e = "<span style=\"color: red;\">*</span> ".$error_ids[$d['id']]."</font>";
} }
list($_d,$_t)=explode(" ",$d['date']); list($_d,$_t)=explode(" ",$d['date']);

View File

@ -24,10 +24,11 @@
<? <?
require("../common.inc.php"); require("../common.inc.php");
require_once("../user.inc.php"); require_once("../user.inc.php");
require_once('../helper.inc.php');
user_auth_required('committee', 'config'); user_auth_required('committee', 'config');
if($_GET['action']=="edit" || $_GET['action']=="new") { if(get_value_from_array($_GET, 'action',"edit") || get_value_from_array($_GET,'action',"new")) {
send_header(($_GET['action']=="edit") ? "Edit Division" : "New Division", send_header(get_value_from_array($_GET,'action',"edit") ? "Edit Division" : "New Division",
array('Committee Main' => 'committee_main.php', array('Committee Main' => 'committee_main.php',
'SFIAB Configuration' => 'config/index.php', 'SFIAB Configuration' => 'config/index.php',
'Project Divisions' => 'config/divisions.php'), 'Project Divisions' => 'config/divisions.php'),
@ -40,9 +41,9 @@ if($_GET['action']=="edit" || $_GET['action']=="new") {
} }
if($_POST['action']=="edit") if(get_value_from_array($_POST,'action',"edit"))
{ {
if($_POST['id'] && $_POST['division'] ) if(get_value_from_array($_POST, 'id') && get_value_from_array($_POST, 'division' ))
{ {
$q=$pdo->prepare("SELECT id FROM projectdivisions WHERE id='".$_POST['id']."' AND year='".$config['FAIRYEAR']."'"); $q=$pdo->prepare("SELECT id FROM projectdivisions WHERE id='".$_POST['id']."' AND year='".$config['FAIRYEAR']."'");
$q->execute(); $q->execute();
@ -86,9 +87,9 @@ if($_GET['action']=="edit" || $_GET['action']=="new") {
} }
} }
if($_POST['action']=="new") if(get_value_from_array($_POST, 'action',"new"))
{ {
if($_POST['id'] && $_POST['division']) if(get_value_from_array($_POST, 'id') && get_value_from_array($_POST, 'division'))
{ {
$q=$pdo->prepare("SELECT id FROM projectdivisions WHERE id='".$_POST['id']."' AND year='".$config['FAIRYEAR']."'"); $q=$pdo->prepare("SELECT id FROM projectdivisions WHERE id='".$_POST['id']."' AND year='".$config['FAIRYEAR']."'");
$q->execute(); $q->execute();
@ -125,7 +126,7 @@ if($_GET['action']=="edit" || $_GET['action']=="new") {
} }
} }
if($_GET['action']=="remove" && $_GET['remove']) if(get_value_from_array($_GET,'action',"remove") && get_value_from_array($_GET, 'remove'))
{ {
//###### Feature Specific - filtering divisions by category - not conditional, cause even if they have the filtering turned off..if any links //###### Feature Specific - filtering divisions by category - not conditional, cause even if they have the filtering turned off..if any links
//for this division exist they should be deleted //for this division exist they should be deleted
@ -138,7 +139,7 @@ if($_GET['action']=="edit" || $_GET['action']=="new") {
echo "<form method=\"post\" action=\"".$_SERVER['PHP_SELF']."\">"; echo "<form method=\"post\" action=\"".$_SERVER['PHP_SELF']."\">";
if(! ($_GET['action']=="edit" || $_GET['action']=="new") ) if(! get_value_from_array($_GET, 'action',"edit") || get_value_from_array($_GET,'action',"new") )
echo "<a href=\"".$_SERVER['PHP_SELF']."?action=new\">".i18n("Add new division")."</a>\n"; echo "<a href=\"".$_SERVER['PHP_SELF']."?action=new\">".i18n("Add new division")."</a>\n";
echo "<table class=\"summarytable\">"; echo "<table class=\"summarytable\">";
@ -153,18 +154,19 @@ if($_GET['action']=="edit" || $_GET['action']=="new") {
echo "<th>".i18n("Actions")."</th>\n"; echo "<th>".i18n("Actions")."</th>\n";
echo "</tr>"; echo "</tr>";
if($_GET['action']=="edit" || $_GET['action']=="new") if(get_value_from_array($_GET, 'action', "edit") ||get_value_from_array( $_GET,'action',"new"))
{ {
echo "<input type=\"hidden\" name=\"action\" value=\"".$_GET['action']."\">\n"; echo "<input type=\"hidden\" name=\"action\" value=\"".get_value_from_array($_GET, 'action')."\">\n";
if($_GET['action']=="edit") if(get_value_from_array($_GET,'action',"edit"))
{ {
echo "<input type=\"hidden\" name=\"saveid\" value=\"".$_GET['edit']."\">\n"; echo "<input type=\"hidden\" name=\"saveid\" value=\"".get_value_from_array($_GET,'edit')."\">\n";
$q=$pdo->prepare("SELECT * FROM projectdivisions WHERE id='".$_GET['edit']."' AND year='".$config['FAIRYEAR']."'"); $q=$pdo->prepare("SELECT * FROM projectdivisions WHERE id='".get_value_from_array($_GET,'edit')."' AND year='".$config['FAIRYEAR']."'");
$q->execute(); $q->execute();
$divisionr=$q->fetch(PDO::FETCH_OBJ); $divisionr=$q->fetch(PDO::FETCH_OBJ);
$buttontext="Save"; $buttontext="Save";
} }
else if($_GET['action']=="new") else if(get_vaue_from_array($_GET,'action',"new"))
{ {
$buttontext="Add"; $buttontext="Add";
} }

View File

@ -24,6 +24,7 @@
<? <?
require("../common.inc.php"); require("../common.inc.php");
require_once("../user.inc.php"); require_once("../user.inc.php");
require_once('../helper.inc.php');
user_auth_required('committee', 'config'); user_auth_required('committee', 'config');
send_header("CWSF Project Divisions", send_header("CWSF Project Divisions",
array('Committee Main' => 'committee_main.php', array('Committee Main' => 'committee_main.php',
@ -32,7 +33,7 @@
); );
////// FIX ME!!!!! ////// FIX ME!!!!!
if(count($_POST['cwsfdivision'])) if(count(get_value_from_array($_POST, 'cwsfdivision')))
{ {
foreach($_POST['cwsfdivision'] AS $k=>$v) foreach($_POST['cwsfdivision'] AS $k=>$v)
{ {

View File

@ -30,7 +30,7 @@ send_header("Fair Logo Image",
'SFIAB Configuration' => 'config/index.php'), 'SFIAB Configuration' => 'config/index.php'),
"images"); "images");
if($_POST['action']=="addimage") { if(get_value_from_array($_POST,'action',"addimage")) {
if($_FILES['image']['error']==UPLOAD_ERR_OK) { if($_FILES['image']['error']==UPLOAD_ERR_OK) {
//make sure its a JPEG //make sure its a JPEG
$imagesize=getimagesize($_FILES['image']['tmp_name']); $imagesize=getimagesize($_FILES['image']['tmp_name']);
@ -96,7 +96,7 @@ if($_POST['action']=="addimage") {
echo error(i18n("Error uploading Logo Image").": ".$_FILES['image']['error']); echo error(i18n("Error uploading Logo Image").": ".$_FILES['image']['error']);
} }
if($_POST['action']=="delimage") { if(get_value_from_array($_POST,'action',"delimage")) {
@unlink("../data/logo.gif"); @unlink("../data/logo.gif");
@unlink("../data/logo-100.gif"); @unlink("../data/logo-100.gif");
@unlink("../data/logo-200.gif"); @unlink("../data/logo-200.gif");

View File

@ -49,7 +49,7 @@
{ {
foreach($packs AS $p) foreach($packs AS $p)
{ {
list($langpack,$filename,$lastupdate)=split("\t",trim($p)); list($langpack,$filename,$lastupdate)=explode("\t",trim($p));
$ret[$langpack]=array("lang"=>$langpack,"filename"=>$filename,"lastupdate"=>$lastupdate); $ret[$langpack]=array("lang"=>$langpack,"filename"=>$filename,"lastupdate"=>$lastupdate);
} }
} }
@ -62,7 +62,7 @@
} }
if($_GET['action']=="check") if(get_value_from_array($_GET,'action',"check"))
{ {
$packs=loadLanguagePacks(); $packs=loadLanguagePacks();
@ -92,7 +92,7 @@
} }
} }
if($_GET['action']=="install" && $_GET['install']) if(get_value_from_array($_GET,'action',"install") && get_value_from_array($_GET,'install'))
{ {
$packs=loadLanguagePacks(); $packs=loadLanguagePacks();
$loaded=0; $loaded=0;

View File

@ -56,6 +56,7 @@
function roll($currentfairyear, $newfairyear, $table, $where='', $replace=array()) function roll($currentfairyear, $newfairyear, $table, $where='', $replace=array())
{ {
global $pdo;
/* Field Type Null Key Default Extra /* Field Type Null Key Default Extra
* id int(10) unsigned NO PRI NULL auto_increment * id int(10) unsigned NO PRI NULL auto_increment
* sponsors_id int(10) unsigned NO MUL 0 * sponsors_id int(10) unsigned NO MUL 0
@ -65,7 +66,7 @@
/* Get field list for this table */ /* Get field list for this table */
$q = $pdo->prepare("SHOW COLUMNS IN `$table`"); $q = $pdo->prepare("SHOW COLUMNS IN `$table`");
$q->execute(); $q->execute();
while(($c = $q->fech(PDDO::FETCH_ASSOC))) { while(($c = $q->fetch(PDO::FETCH_ASSOC))) {
$col[$c['Field']] = $c; $col[$c['Field']] = $c;
} }
@ -86,29 +87,32 @@
/* Get data */ /* Get data */
$q=$pdo->prepare("SELECT * FROM $table WHERE year='$currentfairyear' AND $where"); $q=$pdo->prepare("SELECT * FROM $table WHERE year='$currentfairyear' AND $where");
$q->execute(); $q->execute();
echo $pdo->errorInfo(); // FIXME
//echo $pdo->errorInfo();
$names = '`'.join('`,`', $fields).'`'; $names = '`'.join('`,`', $fields).'`';
/* Process data */ /* Process data */
while($r=$q->fech(PDDO::FETCH_ASSOC)) { while($r=$q->fetch(PDO::FETCH_ASSOC)) {
$vals = ''; $vals = '';
foreach($fields as $f) { foreach($fields as $f) {
if(array_key_exists($f, $replace)) if(array_key_exists($f, $replace))
$vals .= ",'".$replace[$f]."'"; $vals .= ",".$pdo->quote($replace[$f]);
else if($col[$f]['Null'] == 'YES' && $r[$f] == NULL) else if($col[$f]['Null'] == 'YES' && $r[$f] == NULL)
$vals .= ',NULL'; $vals .= ',NULL';
else else
$vals .= ",'".$r[$f]."'"; $vals .= ",".$pdo->quote($r[$f]);
} }
$stmt = $pdo->prepare("INSERT INTO `$table`(`year`,$names) VALUES ('$newfairyear'$vals)"); $stmt = $pdo->prepare("INSERT INTO `$table`(`year`,$names) VALUES ('$newfairyear'$vals)");
$stmt->execute(); $stmt->execute();
echo $pdo->errorInfo(); // FIXME
//echo $pdo->errorInfo();
} }
} }
if($_POST['action']=="rollover" && $_POST['nextfairyear']) if(get_value_from_array($_POST, 'action', "rollover") && get_value_from_array($_POST, 'nextfairyear'))
{ {
$newfairyear=intval($_POST['nextfairyear']); $newfairyear=intval(get_value_from_array($_POST, 'nextfairyear'));
$currentfairyear=intval($config['FAIRYEAR']); $currentfairyear=intval($config['FAIRYEAR']);
$cy = $currentfairyear; $cy = $currentfairyear;
@ -130,37 +134,42 @@
echo i18n("Rolling dates")."<br />"; echo i18n("Rolling dates")."<br />";
$q=$pdo->prepare("SELECT DATE_ADD(date,INTERVAL 365 DAY) AS newdate,name,description FROM dates WHERE year='$currentfairyear'"); $q=$pdo->prepare("SELECT DATE_ADD(date,INTERVAL 365 DAY) AS newdate,name,description FROM dates WHERE year='$currentfairyear'");
$q->execute(); $q->execute();
echo $pdo->errorInfo(); // FIXME Error handling
while($r=$q->fetch(PDO::FETCH_OBJ)) //print_r($pdo->errorInfo());
while($r=$q->fetch(PDO::FETCH_OBJ)) {
$stmt = $pdo->prepare("INSERT INTO dates (date,name,description,year) VALUES ( $stmt = $pdo->prepare("INSERT INTO dates (date,name,description,year) VALUES (
'".$r->newdate."', '".$r->newdate."',
'".$r->name."', '".$r->name."',
'".$r->description."', '".$r->description."',
'".$newfairyear."')"); '".$newfairyear."')");
$stmt->execute(); $stmt->execute();
}
//page text //page text
echo i18n("Rolling page texts")."<br />"; echo i18n("Rolling page texts")."<br />";
$q=$pdo->prepare("SELECT * FROM pagetext WHERE year='$currentfairyear'"); $q=$pdo->prepare("SELECT * FROM pagetext WHERE year='$currentfairyear'");
$q->execute(); $q->execute();
echo $pdo->errorInfo(); // FIXME
while($r=$q->fetch(PDO::FETCH_OBJ)) //echo $pdo->errorInfo();
while($r=$q->fetch(PDO::FETCH_OBJ)) {
$stmt = $pdo->prepare("INSERT INTO pagetext (textname,textdescription,text,lastupdate,year,lang) VALUES ( $stmt = $pdo->prepare("INSERT INTO pagetext (textname,textdescription,text,lastupdate,year,lang) VALUES (
'".$r->textname."', '".$r->textname."',
'".$r->textdescription."', '".$r->textdescription."',
'".$r->text."', '".$r->text."',
'".$r->lastupdate."', '".$r->lastupdate."',
'".$newfairyear)."', '".$newfairyear."',
'".$r->lang."')"; '".$r->lang."')");
$stmt->execute(); $stmt->execute();
}
echo i18n("Rolling project categories")."<br />"; echo i18n("Rolling project categories")."<br />";
//project categories //project categories
$q=$pdo->prepare("SELECT * FROM projectcategories WHERE year='$currentfairyear'"); $q=$pdo->prepare("SELECT * FROM projectcategories WHERE year='$currentfairyear'");
$q->execute(); $q->execute();
echo $pdo->errorInfo(); // FIXME
while($r=$q->fetch(PDO::FETCH_OBJ)) //echo $pdo->errorInfo();
while($r=$q->fetch(PDO::FETCH_OBJ)) {
$stmt = $pdo->prepare("INSERT INTO projectcategories (id,category,category_shortform,mingrade,maxgrade,year) VALUES ( $stmt = $pdo->prepare("INSERT INTO projectcategories (id,category,category_shortform,mingrade,maxgrade,year) VALUES (
'".$r->id."', '".$r->id."',
'".$r->category."', '".$r->category."',
@ -169,13 +178,15 @@
'".$r->maxgrade."', '".$r->maxgrade."',
'".$newfairyear."')"); '".$newfairyear."')");
$stmt->execute(); $stmt->execute();
}
echo i18n("Rolling project divisions")."<br />"; echo i18n("Rolling project divisions")."<br />";
//project divisions //project divisions
$q=$pdo->prepare("SELECT * FROM projectdivisions WHERE year='$currentfairyear'"); $q=$pdo->prepare("SELECT * FROM projectdivisions WHERE year='$currentfairyear'");
$q->execute(); $q->execute();
echo $pdo->errorInfo(); // FIXME
while($r=$q->fetch(PDO::FETCH_OBJ)) //echo $pdo->errorInfo();
while($r=$q->fetch(PDO::FETCH_OBJ)) {
$stmt = $pdo->prepare("INSERT INTO projectdivisions (id,division,division_shortform,cwsfdivisionid,year) VALUES ( $stmt = $pdo->prepare("INSERT INTO projectdivisions (id,division,division_shortform,cwsfdivisionid,year) VALUES (
'".$r->id."', '".$r->id."',
'".$r->division."', '".$r->division."',
@ -183,38 +194,44 @@
'".$r->cwsfdivisionid."', '".$r->cwsfdivisionid."',
'".$newfairyear."')"); '".$newfairyear."')");
$stmt->execute(); $stmt->execute();
}
echo i18n("Rolling project category-division links")."<br />"; echo i18n("Rolling project category-division links")."<br />";
//project categories divisions links //project categories divisions links
$q=$pdo->prepare("SELECT * FROM projectcategoriesdivisions_link WHERE year='$currentfairyear'"); $q=$pdo->prepare("SELECT * FROM projectcategoriesdivisions_link WHERE year='$currentfairyear'");
$q->execute(); $q->execute();
echo $pdo->errorInfo(); // FIXME
while($r=$q->fetch(PDO::FETCH_OBJ)) //echo $pdo->errorInfo();
while($r=$q->fetch(PDO::FETCH_OBJ)) {
$stmt = $pdo->prepare("INSERT INTO projectcategoriesdivisions_link (projectdivisions_id,projectcategories_id,year) VALUES ( $stmt = $pdo->prepare("INSERT INTO projectcategoriesdivisions_link (projectdivisions_id,projectcategories_id,year) VALUES (
'".$r->projectdivisions_id."', '".$r->projectdivisions_id."',
'".$r->projectcategories_id."', '".$r->projectcategories_id."',
'".$newfairyear."')"); '".$newfairyear."')");
$stmt->execute(); $stmt->execute();
}
echo i18n("Rolling project sub-divisions")."<br />"; echo i18n("Rolling project sub-divisions")."<br />";
//project subdivisions //project subdivisions
$q=$pdo->prepare("SELECT * FROM projectsubdivisions WHERE year='$currentfairyear'"); $q=$pdo->prepare("SELECT * FROM projectsubdivisions WHERE year='$currentfairyear'");
$q->execute(); $q->execute();
echo $pdo->errorInfo(); // FIXME
while($r=$q->fetch(PDO::FETCH_OBJ)) //echo $pdo->errorInfo();
while($r=$q->fetch(PDO::FETCH_OBJ)) {
$stmt = $pdo->prepare("INSERT INTO projectsubdivisions (id,projectdivisions_id,subdivision,year) VALUES ( $stmt = $pdo->prepare("INSERT INTO projectsubdivisions (id,projectdivisions_id,subdivision,year) VALUES (
'".$r->id."', '".$r->id."',
'".$r->projectsubdivisions_id."', '".$r->projectsubdivisions_id."',
'".$r->subdivision."', '".$r->subdivision."',
'".$newfairyear."')"); '".$newfairyear."')");
$stmt->execute(); $stmt->execute();
}
echo i18n("Rolling safety questions")."<br />"; echo i18n("Rolling safety questions")."<br />";
//safety questions //safety questions
$q=$pdo->prepare("SELECT * FROM safetyquestions WHERE year='$currentfairyear'"); $q=$pdo->prepare("SELECT * FROM safetyquestions WHERE year='$currentfairyear'");
$q->execute(); $q->execute();
echo $pdo->errorInfo(); //FIXME
while($r=$q->fetch(PDO::FETCH_OBJ)) //echo $pdo->errorInfo();
while($r=$q->fetch(PDO::FETCH_OBJ)) {
$stmt = $pdo->prepare("INSERT INTO safetyquestions (question,type,required,ord,year) VALUES ( $stmt = $pdo->prepare("INSERT INTO safetyquestions (question,type,required,ord,year) VALUES (
'".$r->question."', '".$r->question."',
'".$r->type."', '".$r->type."',
@ -222,6 +239,7 @@
'".$r->ord."', '".$r->ord."',
'".$newfairyear."')"); '".$newfairyear."')");
$stmt->execute(); $stmt->execute();
}
echo i18n("Rolling awards")."<br />"; echo i18n("Rolling awards")."<br />";
//awards //awards
@ -229,7 +247,8 @@
$q=$pdo->prepare("SELECT * FROM award_awards WHERE year='$currentfairyear'"); $q=$pdo->prepare("SELECT * FROM award_awards WHERE year='$currentfairyear'");
$q->execute(); $q->execute();
echo $pdo->errorInfo(); //FIXME
//echo $pdo->errorInfo();
while($r=$q->fetch(PDO::FETCH_OBJ)) { while($r=$q->fetch(PDO::FETCH_OBJ)) {
/* Roll the one award */ /* Roll the one award */
roll($cy, $ny, 'award_awards', "id='{$r->id}'"); roll($cy, $ny, 'award_awards', "id='{$r->id}'");
@ -249,64 +268,65 @@
//award types //award types
$q=$pdo->prepare("SELECT * FROM award_types WHERE year='$currentfairyear'"); $q=$pdo->prepare("SELECT * FROM award_types WHERE year='$currentfairyear'");
$q->execute(); $q->execute();
echo $pdo->errorInfo(); //echo $pdo->errorInfo();
while($r=$q->fetch(PDO::FETCH_OBJ)) while($r=$q->fetch(PDO::FETCH_OBJ)) {
$stmt = $pdo->prepare("INSERT INTO award_types (id,type,`order`,year) VALUES ( $stmt = $pdo->prepare("INSERT INTO award_types (id,type,`order`,year) VALUES (
'".$r->id."', '".$r->id."',
'".$r->type."', '".$r->type."',
'".$r->order."', '".$r->order."',
'".$newfairyear."')"); '".$newfairyear."')");
$stmt->execute(); $stmt->execute();
}
echo i18n("Rolling schools")."<br />"; echo i18n("Rolling schools")."<br />";
//award types //award types
$q=$pdo->prepare("SELECT * FROM schools WHERE year='$currentfairyear'"); $q=$pdo->prepare("SELECT * FROM schools WHERE year='$currentfairyear'");
$q->execute(); $q->execute();
echo $pdo->errorInfo(); //echo $pdo->errorInfo();
while($r=$q->fetch(PDO::FETCH_OBJ)) { while($r=$q->fetch(PDO::FETCH_OBJ)) {
$puid = ($r->principal_uid == null) ? 'NULL' : ("'".intval($r->principal_uid)."'"); $puid = ($r->principal_uid == null) ? 'NULL' : ("'".intval($r->principal_uid)."'");
$shuid = ($r->sciencehead_uid == null) ? 'NULL' : ("'".intval($r->sciencehead_uid)."'"); $shuid = ($r->sciencehead_uid == null) ? 'NULL' : ("'".intval($r->sciencehead_uid)."'");
$stmt = $pdo->prepare("INSERT INTO schools (school,schoollang,schoollevel,board,district,phone,fax,address,city,province_code,postalcode,principal_uid,schoolemail,sciencehead_uid,accesscode,lastlogin,junior,intermediate,senior,registration_password,projectlimit,projectlimitper,year) VALUES ( $stmt = $pdo->prepare("INSERT INTO schools (school,schoollang,schoollevel,board,district,phone,fax,address,city,province_code,postalcode,principal_uid,schoolemail,sciencehead_uid,accesscode,lastlogin,junior,intermediate,senior,registration_password,projectlimit,projectlimitper,year) VALUES (
'".$r->school."', ".$pdo->quote($r->school).",
'".$r->schoollang."', ".$pdo->quote($r->schoollang).",
'".$r->schoollevel."', ".$pdo->quote($r->schoollevel).",
'".$r->board."', ".$pdo->quote($r->board).",
'".$r->district."', ".$pdo->quote($r->district).",
'".$r->phone."', ".$pdo->quote($r->phone).",
'".$r->fax."', ".$pdo->quote($r->fax).",
'".$r->address."', ".$pdo->quote($r->address).",
'".$r->city."', ".$pdo->quote($r->city).",
'".$r->province_code."', ".$pdo->quote($r->province_code).",
'".$r->postalcode."',$puid, ".$pdo->quote($r->postalcode).",$puid,
'".$r->schoolemail."',$shuid, ".$pdo->quote($r->schoolemail).",$shuid,
'".$r->accesscode."', ".$pdo->quote($r->accesscode).",
NULL, NULL,
'".$r->junior."', ".$pdo->quote($r->junior).",
'".$r->intermediate."', ".$pdo->quote($r->intermediate).",
'".$r->senior."', ".$pdo->quote($r->senior).",
'".$r->registration_password."', ".$pdo->quote($r->registration_password).",
'".$r->projectlimit."', ".$pdo->quote($r->projectlimit).",
'".$r->projectlimitper."', ".$pdo->quote($r->projectlimitper).",
'".$newfairyear."')"); ".$newfairyear.")");
$stmt->execute(); $stmt->execute();
} }
echo i18n("Rolling questions")."<br />"; echo i18n("Rolling questions")."<br />";
$q = $pdo->prepare("SELECT * FROM questions WHERE year='$currentfairyear'"); $q = $pdo->prepare("SELECT * FROM questions WHERE year='$currentfairyear'");
$q->execute(); $q->execute();
while($r=$q->fetch(PDO::FETCH_OBJ)) while($r=$q->fetch(PDO::FETCH_OBJ)) {
$stmt = $pdo->prepare("INSERT INTO questions (id,year,section,db_heading,question,type,required,ord) VALUES ( $stmt = $pdo->prepare("INSERT INTO questions (id,year,section,db_heading,question,type,required,ord) VALUES (
'', '',
'$newfairyear', '$newfairyear',
'".$r->section."', ".$pdo->quote($r->section).",
'".$r->db_heading."', ".$pdo->quote($r->db_heading).",
'".$r->question."', ".$pdo->quote($r->question).",
'".$r->type."', ".$pdo->quote($r->type).",
'".$r->required."', ".$pdo->quote($r->required).",
'".$r->ord."')"); ".$pdo->quote($r->ord).")");
$stmt->execute(); $stmt->execute();
}
//regfee items //regfee items
echo i18n("Rolling registration fee items")."<br />"; echo i18n("Rolling registration fee items")."<br />";
@ -320,18 +340,18 @@
echo i18n('Rolling judging timeslots and rounds')."<br />"; echo i18n('Rolling judging timeslots and rounds')."<br />";
$q=$pdo->prepare("SELECT * FROM judges_timeslots WHERE year='$currentfairyear' AND round_id='0'"); $q=$pdo->prepare("SELECT * FROM judges_timeslots WHERE year='$currentfairyear' AND round_id='0'");
$q->execute(); $q->execute();
echo $pdo->errorInfo(); //echo $pdo->errorInfo();
while($r=$q->fech(PDDO::FETCH_ASSOC)) { while($r=$q->fetch(PDO::FETCH_ASSOC)) {
$d = $newfairyear - $currentfairyear; $d = $newfairyear - $currentfairyear;
$stmt = $pdo->prepare("INSERT INTO judges_timeslots (`year`,`round_id`,`type`,`date`,`starttime`,`endtime`,`name`) $stmt = $pdo->prepare("INSERT INTO judges_timeslots (`year`,`round_id`,`type`,`date`,`starttime`,`endtime`,`name`)
VALUES ('$newfairyear','0','{$r['type']}',DATE_ADD('{$r['date']}', INTERVAL $d YEAR), VALUES ('$newfairyear','0','{$r['type']}',DATE_ADD('{$r['date']}', INTERVAL $d YEAR),
'{$r['starttime']}','{$r['endtime']}','{$r['name']}')"); '{$r['starttime']}','{$r['endtime']}','{$r['name']}')");
$stmt->execute(); $stmt->execute();
echo $pdo->errorInfo(); //echo $pdo->errorInfo();
$round_id = $pdo->lastInsertId(); $round_id = $pdo->lastInsertId();
$qq = $pdo->prepare("SELECT * FROM judges_timeslots WHERE round_id='{$r['id']}'"); $qq = $pdo->prepare("SELECT * FROM judges_timeslots WHERE round_id='{$r['id']}'");
$qq->execute(); $qq->execute();
echo $pdo->errorInfo(); //echo $pdo->errorInfo();
while($rr=$qq->fetch(PDO::FETCH_ASSOC)) { while($rr=$qq->fetch(PDO::FETCH_ASSOC)) {
$stmt = $pdo->prepare("INSERT INTO judges_timeslots (`year`,`round_id`,`type`,`date`,`starttime`,`endtime`) $stmt = $pdo->prepare("INSERT INTO judges_timeslots (`year`,`round_id`,`type`,`date`,`starttime`,`endtime`)
VALUES ('$newfairyear','$round_id','timeslot',DATE_ADD('{$rr['date']}', INTERVAL $d YEAR), VALUES ('$newfairyear','$round_id','timeslot',DATE_ADD('{$rr['date']}', INTERVAL $d YEAR),

View File

@ -30,11 +30,11 @@
'SFIAB Configuration' => 'config/index.php') 'SFIAB Configuration' => 'config/index.php')
,"project_safety_questions" ,"project_safety_questions"
); );
if($_POST['action']=="save" && $_POST['save']) if(get_value_from_array($_POST, 'action') == "save" && get_value_from_array($_POST, 'save'))
{ {
if($_POST['question']) if($_POST['question'])
{ {
if(!ereg("^[0-9]*$",$_POST['ord'])) if(!preg_match("/^[0-9]*$/",$_POST['ord']))
echo notice(i18n("Defaulting non-numeric order value %1 to 0",array($_POST['ord']))); echo notice(i18n("Defaulting non-numeric order value %1 to 0",array($_POST['ord'])));
$stmt = $pdo->prepare("UPDATE safetyquestions SET $stmt = $pdo->prepare("UPDATE safetyquestions SET
@ -44,7 +44,7 @@
ord='".stripslashes($_POST['ord'])."' ord='".stripslashes($_POST['ord'])."'
WHERE id='".$_POST['save']."' AND year='".$config['FAIRYEAR']."'"); WHERE id='".$_POST['save']."' AND year='".$config['FAIRYEAR']."'");
$stmt->execute(); $stmt->execute();
echo $pdo->errorInfo(); show_pdo_errors_if_any($pdo);
echo happy(i18n("Safety question successfully saved")); echo happy(i18n("Safety question successfully saved"));
} }
@ -52,7 +52,7 @@
echo error(i18n("Question is required")); echo error(i18n("Question is required"));
} }
if($_POST['action']=="new") if(get_value_from_array($_POST, 'action') == "new")
{ {
if($_POST['question']) if($_POST['question'])
{ {
@ -72,7 +72,7 @@
echo error(i18n("Question is required")); echo error(i18n("Question is required"));
} }
if($_GET['action']=="remove" && $_GET['remove']) if(get_value_from_array($_GET, 'action') == "remove" && get_value_from_array($_GET, 'remove'))
{ {
$stmt = $pdo->prepare("DELETE FROM safetyquestions WHERE id='".$_GET['remove']."' AND year='".$config['FAIRYEAR']."'"); $stmt = $pdo->prepare("DELETE FROM safetyquestions WHERE id='".$_GET['remove']."' AND year='".$config['FAIRYEAR']."'");
$stmt->execute(); $stmt->execute();
@ -80,7 +80,7 @@
} }
if(($_GET['action']=="edit" && $_GET['edit']) || $_GET['action']=="new") if((get_value_from_array($_GET, 'action') == "edit" && get_value_from_array($_GET, 'edit')) || get_value_from_array($_GET, 'action') == "new")
{ {
$showform=true; $showform=true;
echo "<form method=\"post\" action=\"safetyquestions.php\">"; echo "<form method=\"post\" action=\"safetyquestions.php\">";
@ -109,7 +109,7 @@
{ {
echo "<table class=\"summarytable\">"; echo "<table class=\"summarytable\">";
echo "<tr><td>".i18n("Question")."</td><td>"; echo "<tr><td>".i18n("Question")."</td><td>";
echo "<input size=\"60\" type=\"text\" name=\"question\" value=\"".htmlspecialchars($r->question)."\">\n"; echo "<input size=\"60\" type=\"text\" name=\"question\" value=\"".htmlspecialchars(get_value_or_default($r->question, ""))."\">\n";
echo "</td></tr>"; echo "</td></tr>";
echo "<tr><td>".i18n("Type")."</td><td>"; echo "<tr><td>".i18n("Type")."</td><td>";
echo "<select name=\"type\">"; echo "<select name=\"type\">";
@ -128,7 +128,7 @@
echo "</select>"; echo "</select>";
echo "</td>"; echo "</td>";
echo "<tr><td>".i18n("Display Order")."</td><td>"; echo "<tr><td>".i18n("Display Order")."</td><td>";
echo "<input size=\"5\" type=\"text\" name=\"ord\" value=\"".htmlspecialchars($r->ord)."\">\n"; echo "<input size=\"5\" type=\"text\" name=\"ord\" value=\"".htmlspecialchars(get_value_or_default($r->ord, ""))."\">\n";
echo "</td></tr>"; echo "</td></tr>";
echo "<tr><td colspan=\"2\" align=\"center\">"; echo "<tr><td colspan=\"2\" align=\"center\">";
echo "<input type=\"submit\" value=\"".i18n($buttontext)."\" />\n"; echo "<input type=\"submit\" value=\"".i18n($buttontext)."\" />\n";

View File

@ -32,21 +32,21 @@
,"exhibitor_signature_page" ,"exhibitor_signature_page"
); );
if($_POST['action']=="save") if(get_value_from_array($_POST,'action',"save"))
{ {
if($_POST['useexhibitordeclaration']) $useex="1"; else $useex="0"; if(get_value_from_array($_POST, 'useexhibitordeclaration')) $useex="1"; else $useex="0";
if($_POST['useparentdeclaration']) $usepg="1"; else $usepg="0"; if(get_value_from_array($_POST, 'useparentdeclaration')) $usepg="1"; else $usepg="0";
if($_POST['useteacherdeclaration']) $usete="1"; else $usete="0"; if(get_value_from_array($_POST,'useteacherdeclaration')) $usete="1"; else $usete="0";
if($_POST['usepostamble']) $usepa="1"; else $usepa="0"; if(get_value_from_array($_POST,'usepostamble')) $usepa="1"; else $usepa="0";
if($_POST['useregfee']) $userf="1"; else $userf="0"; if(get_value_from_array($_POST, 'useregfee')) $userf="1"; else $userf="0";
$stmt = $pdo->prepare("UPDATE signaturepage SET `use`='$useex', `text`='".stripslashes($_POST['exhibitordeclaration'])."' WHERE name='exhibitordeclaration'"); $stmt = $pdo->prepare("UPDATE signaturepage SET `use`='$useex', `text`='".get_value_from_array($_POST,'exhibitordeclaration')."' WHERE name='exhibitordeclaration'");
$stmt->execute(); $stmt->execute();
$stmt = $pdo->prepare("UPDATE signaturepage SET `use`='$usepg', `text`='".stripslashes($_POST['parentdeclaration'])."' WHERE name='parentdeclaration'"); $stmt = $pdo->prepare("UPDATE signaturepage SET `use`='$usepg', `text`='".get_value_from_array($_POST, 'parentdeclaration')."' WHERE name='parentdeclaration'");
$stmt->execute(); $stmt->execute();
$stmt = $pdo->prepare("UPDATE signaturepage SET `use`='$usete', `text`='".stripslashes($_POST['teacherdeclaration'])."' WHERE name='teacherdeclaration'"); $stmt = $pdo->prepare("UPDATE signaturepage SET `use`='$usete', `text`='".get_value_from_array($_POST, 'teacherdeclaration')."' WHERE name='teacherdeclaration'");
$stmt->execute(); $stmt->execute();
$stmt = $pdo->prepare("UPDATE signaturepage SET `use`='$usepa', `text`='".stripslashes($_POST['postamble'])."' WHERE name='postamble'"); $stmt = $pdo->prepare("UPDATE signaturepage SET `use`='$usepa', `text`='".get_value_from_array($_POST,'postamble')."' WHERE name='postamble'");
$stmt->execute(); $stmt->execute();
$stmt = $pdo->prepare("UPDATE signaturepage SET `use`='$userf', `text`='' WHERE name='regfee'"); $stmt = $pdo->prepare("UPDATE signaturepage SET `use`='$userf', `text`='' WHERE name='regfee'");
$stmt->execute(); $stmt->execute();

View File

@ -25,8 +25,8 @@
require("../common.inc.php"); require("../common.inc.php");
require_once("../user.inc.php"); require_once("../user.inc.php");
user_auth_required('committee', 'config'); user_auth_required('committee', 'config');
if($_GET['action']=="edit" || $_GET['action']=="new") { if(get_value_from_array($_GET,'action',"edit") || get_value_from_array($_GET,'action',"new")) {
send_header(($_GET['action']=="edit") ? "Edit Sub-Division" : "New Sub-Division", send_header(get_value_from_array($_GET,'action',"edit") ? "Edit Sub-Division" : "New Sub-Division",
array('Committee Main' => 'committee_main.php', array('Committee Main' => 'committee_main.php',
'SFIAB Configuration' => 'config/index.php', 'SFIAB Configuration' => 'config/index.php',
'Project Sub-Divisions' => 'config/subdivisions.php'), 'Project Sub-Divisions' => 'config/subdivisions.php'),
@ -38,9 +38,9 @@
"project_sub_divisions"); "project_sub_divisions");
} }
if($_POST['action']=="edit") if(get_value_from_array($_POST,'action',"edit"))
{ {
if($_POST['id'] && $_POST['projectdivisions_id'] && $_POST['subdivision'] ) if(get_value_from_array($_POST,'id' )&& get_value_from_array($_POST,'projectdivisions_id') && get_value_from_array($_POST,'subdivision') )
{ {
$q=$pdo->prepare("SELECT id FROM projectsubdivisions WHERE id='".$_POST['id']."' AND year='".$config['FAIRYEAR']."'"); $q=$pdo->prepare("SELECT id FROM projectsubdivisions WHERE id='".$_POST['id']."' AND year='".$config['FAIRYEAR']."'");
$q->execute(); $q->execute();
@ -65,9 +65,9 @@
} }
} }
if($_POST['action']=="new") if(get_value_from_array($_POST,'action',"new"))
{ {
if($_POST['projectdivisions_id'] && $_POST['subdivision']) if(get_value_from_array($_POST, 'projectdivisions_id') && get_value_from_array($_POST,'subdivision'))
{ {
if(!$_POST['id']) if(!$_POST['id'])
{ {
@ -103,7 +103,7 @@
} }
} }
if($_GET['action']=="remove" && $_GET['remove']) if(get_value_from_array($_GET,'action',"remove") && get_value_from_array($_GET,'remove'))
{ {
$stmt = $pdo->prepare("DELETE FROM projectsubdivisions WHERE id='".$_GET['remove']."'"); $stmt = $pdo->prepare("DELETE FROM projectsubdivisions WHERE id='".$_GET['remove']."'");
$stmt->execute(); $stmt->execute();
@ -112,7 +112,7 @@
echo "<form method=\"post\" action=\"".$_SERVER['PHP_SELF']."\">"; echo "<form method=\"post\" action=\"".$_SERVER['PHP_SELF']."\">";
if(! ($_GET['action']=="edit" || $_GET['action']=="new") ) if(! (get_value_from_array($_GET,'action',"edit") || get_value_from_array($_GET,'action',"new")) )
echo "<a href=\"".$_SERVER['PHP_SELF']."?action=new\">".i18n("Add new sub-division")."</a>\n"; echo "<a href=\"".$_SERVER['PHP_SELF']."?action=new\">".i18n("Add new sub-division")."</a>\n";
echo "<table class=\"summarytable\">"; echo "<table class=\"summarytable\">";
@ -123,13 +123,13 @@
echo "<th>".i18n("Actions")."</th>\n"; echo "<th>".i18n("Actions")."</th>\n";
echo "</tr>"; echo "</tr>";
if($_GET['action']=="edit" || $_GET['action']=="new") if(get_value_from_array($_GET,'action',"edit") || get_value_from_array($_GET, 'action',"new"))
{ {
echo "<input type=\"hidden\" name=\"action\" value=\"".$_GET['action']."\">\n"; echo "<input type=\"hidden\" name=\"action\" value=\"".get_value_from_array($_GET,'action')."\">\n";
if($_GET['action']=="edit") if(get_value_from_array($_GET,'action',"edit"))
{ {
echo "<input type=\"hidden\" name=\"saveid\" value=\"".$_GET['edit']."\">\n"; echo "<input type=\"hidden\" name=\"saveid\" value=\"".get_value_from_array($_GET, 'edit')."\">\n";
$q=$pdo->prepare("SELECT * FROM projectsubdivisions WHERE id='".$_GET['edit']."' AND year='".$config['FAIRYEAR']."'"); $q=$pdo->prepare("SELECT * FROM projectsubdivisions WHERE id='".get_value_from_array($_GET,'edit')."' AND year='".$config['FAIRYEAR']."'");
$q->execute(); $q->execute();
$divisionr=$q->fetch(PDO::FETCH_OBJ); $divisionr=$q->fetch(PDO::FETCH_OBJ);
$buttontext="Save"; $buttontext="Save";
@ -186,7 +186,7 @@ echo $pdo->errorInfo();
} }
} }
echo "</table>"; echo "</table>";
if($_GET['action']=="new") if(get_value_from_array($_GET,'action',"new"))
echo "&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;".i18n("Leave ID field blank to auto-assign next available ID"); echo "&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;".i18n("Leave ID field blank to auto-assign next available ID");
echo "</form>"; echo "</form>";

View File

@ -43,8 +43,8 @@
} }
//for the Special category //for the Special category
if($_POST['action']=="save") { if(get_value_from_array($_POST, 'action', 'save')) {
if($_POST['specialconfig']) { if(get_value_from_array($_POST, 'specialconfig')) {
foreach($_POST['specialconfig'] as $key=>$val) { foreach($_POST['specialconfig'] as $key=>$val) {
$stmt = $pdo->prepare("UPDATE config SET val='".stripslashes($val)."' WHERE year='0' AND var='$key'"); $stmt = $pdo->prepare("UPDATE config SET val='".stripslashes($val)."' WHERE year='0' AND var='$key'");
$stmt->execute(); $stmt->execute();
@ -54,8 +54,8 @@
} }
//get the category, and if nothing is chosen, default to Global //get the category, and if nothing is chosen, default to Global
if($_GET['category']) $category=$_GET['category']; if(get_value_from_array($_GET, 'category')) $category=$_GET['category'];
else if($_POST['category']) $category=$_POST['category']; else if(get_value_from_array($_POST, 'category')) $category=$_POST['category'];
else $category="Global"; else $category="Global";
$action = config_editor_handle_actions($category, $config['FAIRYEAR'], "var"); $action = config_editor_handle_actions($category, $config['FAIRYEAR'], "var");

View File

@ -44,7 +44,7 @@
// FIXME Replace // FIXME Replace
if($v=file("http://www.sfiab.ca/version.txt")) if($v=file("http://www.sfiab.ca/version.txt"))
{ {
list($version,$date)=split("\t",trim($v[0])); list($version,$date)=explode("\t",trim($v[0]));
$ret['version']=$version; $ret['version']=$version;
$ret['date']=$date; $ret['date']=$date;
} }
@ -53,7 +53,7 @@
return $ret; return $ret;
} }
if($_GET['action']=="check") if(get_value_from_array($_GET, 'action',"check"))
{ {
$v=loadVersions(); $v=loadVersions();
echo i18n("Newest version available: <b>%1</b> (%2)",array($v['version'],$v['date'])); echo i18n("Newest version available: <b>%1</b> (%2)",array($v['version'],$v['date']));

View File

@ -23,6 +23,8 @@
?> ?>
<? <?
include_once('helper.inc.php');
function config_editor_load($category, $year) function config_editor_load($category, $year)
{ {
global $pdo; global $pdo;
@ -47,7 +49,7 @@ function config_editor_load($category, $year)
function config_editor_parse_from_http_headers($array_name) function config_editor_parse_from_http_headers($array_name)
{ {
$ans = array(); $ans = array();
if(!is_array($_POST[$array_name])) return $ans; if(!is_array(get_value_from_array($_POST, $array_name))) return $ans;
$keys = array_keys($_POST[$array_name]); $keys = array_keys($_POST[$array_name]);
foreach($keys as $id) { foreach($keys as $id) {
@ -75,6 +77,7 @@ function config_editor_parse_from_http_headers($array_name)
function config_update_variables($fairyear=NULL, $lastfairyear=NULL) function config_update_variables($fairyear=NULL, $lastfairyear=NULL)
{ {
global $config; global $config;
global $pdo;
/* if fairyear isn't specified... */ /* if fairyear isn't specified... */
if($fairyear == NULL) $fairyear = $config['FAIRYEAR']; if($fairyear == NULL) $fairyear = $config['FAIRYEAR'];
@ -83,21 +86,23 @@ function config_update_variables($fairyear=NULL, $lastfairyear=NULL)
/* The master list of variables is the year=-1, grab /* The master list of variables is the year=-1, grab
* ALL config variables that exist for -1 but * ALL config variables that exist for -1 but
* do NOT exist for $fairyear */ * do NOT exist for $fairyear */
$q = "SELECT config.var FROM `config` $q = $pdo->prepare("SELECT config.var FROM `config`
LEFT JOIN `config` AS C2 ON(config.var=C2.var LEFT JOIN `config` AS C2 ON(config.var=C2.var
AND C2.year='$fairyear') AND C2.year='$fairyear')
WHERE config.year=-1 AND C2.year IS NULL"; WHERE config.year=-1 AND C2.year IS NULL");
$r = ($q);
while($i = $r->fetch(PDO::FETCH_ASSOC)) {
$q->execute();
while($i = $q->fetch(PDO::FETCH_ASSOC)) {
$var = $i['var']; $var = $i['var'];
/* See if this var exists for last year or /* See if this var exists for last year or
* the -1 year, prefer last year's value */ * the -1 year, prefer last year's value */
$q = "SELECT * FROM `config` $r2 = $pdo->prepare("SELECT * FROM `config`
WHERE config.var='$var' WHERE config.var='$var'
AND (config.year='$lastfairyear' AND (config.year='$lastfairyear'
OR config.year='-1') OR config.year='-1')
ORDER BY config.year DESC"; ORDER BY config.year DESC");
$r2 = ($q); $r2->execute();
if($r2->rowCount() < 1) { if($r2->rowCount() < 1) {
/* Uhoh, this shouldn't happen */ /* Uhoh, this shouldn't happen */
echo "ERROR, Variable '$var' doesn't exist"; echo "ERROR, Variable '$var' doesn't exist";
@ -106,13 +111,13 @@ function config_update_variables($fairyear=NULL, $lastfairyear=NULL)
$v = $r2->fetch(); $v = $r2->fetch();
("INSERT INTO config (var,val,category,type,type_values,ord,description,year) VALUES ( ("INSERT INTO config (var,val,category,type,type_values,ord,description,year) VALUES (
'".$v->var."', '".$v['var']."',
'".$v->val."', '".$v['val']."',
'".$v->category."', '".$v['category']."',
'".$v->type."', '".$v['type']."',
'".$v->type_values."', '".$v['type_values']."',
'".$v->ord."', '".$v['ord']."',
'".$v->description."', '".$v['description']."',
'$fairyear')"); '$fairyear')");
} }
} }
@ -129,7 +134,7 @@ function config_editor_handle_actions($category, $year, $array_name)
$config_editor_actions_done = true; $config_editor_actions_done = true;
$updated = false; $updated = false;
if($_POST['action']=="update") { if(get_value_from_array($_POST, 'action', "update")) {
$var = config_editor_parse_from_http_headers($array_name); $var = config_editor_parse_from_http_headers($array_name);
$varkeys = array_keys($var); $varkeys = array_keys($var);
foreach($varkeys as $k) { foreach($varkeys as $k) {

View File

@ -23,15 +23,19 @@
?> ?>
<? <?
require("common.inc.php"); require("common.inc.php");
require("./config/signaturepage_or_permissionform.php"); require("./config/signaturepage_or_permissionform.php");
send_header("Confirmed Participants"); send_header("Confirmed Participants");
global $stats_totalstudents;
//first, lets make sure someone isnt tryint to see something that they arent allowed to! //first, lets make sure someone isnt tryint to see something that they arent allowed to!
$q=$pdo->prepare("SELECT (NOW()>'".$config['dates']['postparticipants']."') AS test"); $q=$pdo->prepare("SELECT (NOW()>'".$config['dates']['postparticipants']."') AS test");
$q->execute(); $q->execute();
$r=$q->fetch(); $r=$q->fetch(PDO::FETCH_OBJ);
if($r->test!=1) if($r->test!=1)
{ {
list($d,$t)=explode(" ",$config['dates']['postparticipants']); list($d,$t)=explode(" ",$config['dates']['postparticipants']);
@ -68,7 +72,13 @@
projects.projectnumber projects.projectnumber
"); ");
$q->execute(); $q->execute();
echo $pdo->errorInfo();
// Check for errors after the query execution
$errorInfo = $pdo->errorInfo();
if ($errorInfo[0] != '00000') {
// If there's an error (the SQLSTATE isn't '00000', which means no error)
echo "Error: " . $errorInfo[2]; // The third element contains the error message
}
$lastcat="something_that_does_not_exist"; $lastcat="something_that_does_not_exist";
$lastdiv="something_that_does_not_exist"; $lastdiv="something_that_does_not_exist";
@ -81,7 +91,7 @@
echo "<br />"; echo "<br />";
} }
echo "<table style=\"font-size: 0.9em;\">"; echo "<table style=\"font-size: 0.9em;\">";
while($r=$q->fetch()) while($r=$q->fetch(PDO::FETCH_OBJ))
{ {
if($r->category != $lastcat) if($r->category != $lastcat)
{ {
@ -122,7 +132,7 @@
echo "<td>$r->projectnumber</td>"; echo "<td>$r->projectnumber</td>";
echo "<td>$r->title</td>"; echo "<td>$r->title</td>";
$sq=("SELECT students.firstname, $sq=$pdo->prepare("SELECT students.firstname,
students.lastname, students.lastname,
students.id, students.id,
students.webfirst, students.webfirst,
@ -135,20 +145,27 @@
AND AND
students.schools_id=schools.id students.schools_id=schools.id
"); ");
echo pdo->errorInfo(); $sq->execute();
// Check for errors after the query execution
$errorInfo = $pdo->errorInfo();
if ($errorInfo[0] != '00000') {
// If there's an error (the SQLSTATE isn't '00000', which means no error)
echo "Error: " . $errorInfo[2]; // The third element contains the error message
}
$studnum=1; $studnum=1;
$schools=""; $schools="";
$students=""; $students="";
$sameschools=true; $sameschools=true;
$lastschool=""; $lastschool="";
while($studentinfo=$sq->fetch()) while($studentinfo=$sq->fetch(PDO::FETCH_OBJ))
{ {
if($studentinfo->webfirst=="yes") if($studentinfo->webfirst=="yes")
$students.="$studentinfo->firstname "; $students.="$studentinfo->firstname ";
if($studentinfo->weblast=="yes") if($studentinfo->weblast=="yes")
$students.="$studentinfo->lastname "; $students.="$studentinfo->lastname ";
if($r->studentinfo->webfirst=="yes" || $studentinfo->weblast=="yes") $students.="<br />"; if($studentinfo->webfirst=="yes" || $studentinfo->weblast=="yes") $students.="<br />";
$schools.="$studentinfo->school <br />"; $schools.="$studentinfo->school <br />";
if($lastschool) if($lastschool)

View File

@ -15,4 +15,16 @@ function get_value(mixed $var) : mixed
return isset($var) ? $var : null; return isset($var) ? $var : null;
} }
function get_value_or_default(mixed $var, mixed $default = null) : mixed {
return isset($var) ? $var : $default;
}
function show_pdo_errors_if_any($pdo) {// Check for errors after the query execution
$errorInfo = $pdo->errorInfo();
if ($errorInfo[0] != '00000') {
// If there's an error (the SQLSTATE isn't '00000', which means no error)
echo "Error: " . $errorInfo[2]; // The third element contains the error message
}
}
?> ?>

View File

@ -30,7 +30,7 @@
$datecheck = $q->fetch(PDO::FETCH_OBJ); $datecheck = $q->fetch(PDO::FETCH_OBJ);
if($_POST['action']=="new") { if(get_value_from_array($_POST, 'action') == "new") {
$q=$pdo->prepare("SELECT email,num,id,schools_id FROM registrations WHERE email='".$_SESSION['email']."' AND num='".$_POST['regnum']."' AND year=".$config['FAIRYEAR']); $q=$pdo->prepare("SELECT email,num,id,schools_id FROM registrations WHERE email='".$_SESSION['email']."' AND num='".$_POST['regnum']."' AND year=".$config['FAIRYEAR']);
$q->execute(); $q->execute();
if($q->rowCount()) { if($q->rowCount()) {
@ -55,8 +55,8 @@ $stmt->execute();
} }
} }
else if($_POST['action']=="continue") { else if(get_value_from_array($_POST, 'action') == "continue") {
if($_POST['email']) if(get_value_from_array($_POST, 'email'))
$_SESSION['email']=stripslashes($_POST['email']); $_SESSION['email']=stripslashes($_POST['email']);
$q=$pdo->prepare("SELECT registrations.id AS regid, registrations.num AS regnum, students.id AS studentid, students.firstname FROM registrations,students ". $q=$pdo->prepare("SELECT registrations.id AS regid, registrations.num AS regnum, students.id AS studentid, students.firstname FROM registrations,students ".
@ -82,7 +82,7 @@ $stmt->execute();
} }
} }
else if($_GET['action']=="resend" && $_SESSION['email']) { else if(get_value_from_array($_GET, 'action') == "resend" && get_value_from_array($_SESSION, 'email')) {
//first see if the email matches directly from the registrations table //first see if the email matches directly from the registrations table
$q=$pdo->prepare("SELECT registrations.num FROM $q=$pdo->prepare("SELECT registrations.num FROM
registrations registrations
@ -117,7 +117,7 @@ $stmt->execute();
echo error(i18n("Could not find a registration for your email address")); echo error(i18n("Could not find a registration for your email address"));
} }
} }
else if($_GET['action']=="logout") { else if(get_value_from_array($_GET, 'action') == "logout") {
unset($_SESSION['email']); unset($_SESSION['email']);
unset($_SESSION['registration_number']); unset($_SESSION['registration_number']);
unset($_SESSION['registration_id']); unset($_SESSION['registration_id']);
@ -127,7 +127,7 @@ $stmt->execute();
//if they've alreayd logged in, and somehow wound back up here, take them back to where they should be //if they've alreayd logged in, and somehow wound back up here, take them back to where they should be
if($_SESSION['registration_number'] && $_SESSION['registration_id'] && $_SESSION['email']) { if(get_value_from_array($_SESSION, 'registration_number') && get_value_from_array($_SESSION, 'registration_id') && get_value_from_array($_SESSION, 'email')) {
header("Location: register_participants_main.php"); header("Location: register_participants_main.php");
exit; exit;
@ -135,8 +135,8 @@ $stmt->execute();
send_header("Participant Registration"); send_header("Participant Registration");
if($_POST['action']=="login" && ( $_POST['email'] || $_SESSION['email']) ) { if(get_value_from_array($_POST, 'action') == "login" && ( get_value_from_array($_POST, 'email') || get_value_from_array($_SESSION, 'email')) ) {
if($_POST['email']) if(get_value_from_array($_POST, 'email'))
$_SESSION['email']=stripslashes($pdo->quote($_POST['email'])); $_SESSION['email']=stripslashes($pdo->quote($_POST['email']));
echo "<form method=\"post\" action=\"register_participants.php\">"; echo "<form method=\"post\" action=\"register_participants.php\">";

View File

@ -23,6 +23,7 @@
*/ */
?> ?>
<? <?
require_once('helper.inc.php');
$user_what = array('student'=>'Participant', $user_what = array('student'=>'Participant',
'judge' => 'Judge', 'judge' => 'Judge',
@ -319,7 +320,7 @@ function user_load_by_uid_year($uid, $year)
} }
function user_set_password($id, $password = NULL) function user_set_password($id, $password = NULL)
{ { global $pdo;
/* pass $u by reference so we can update it */ /* pass $u by reference so we can update it */
$save_old = false; $save_old = false;
if($password == NULL) { if($password == NULL) {
@ -344,13 +345,13 @@ function user_set_password($id, $password = NULL)
$query = "UPDATE users SET $set WHERE id='$id'"; $query = "UPDATE users SET $set WHERE id='$id'";
$stmt = $pdo->prepare($query); $stmt = $pdo->prepare($query);
echo $pdo->errorInfo(); show_pdo_errors_if_any($pdo);
return $password; return $password;
} }
function user_save_type_list($u, $db, $fields) function user_save_type_list($u, $db, $fields)
{ { global $pdo;
/* echo "<pre> save type list $db"; /* echo "<pre> save type list $db";
print_r($u); print_r($u);
echo "</pre>";*/ echo "</pre>";*/
@ -379,7 +380,7 @@ function user_save_type_list($u, $db, $fields)
$stmt = $pdo->prepare($query); $stmt = $pdo->prepare($query);
$stmt->execute(); $stmt->execute();
if($pdo->errorInfo()) { if($pdo->errorInfo()) {
echo $pdo->errorInfo(); show_pdo_errors_if_any($pdo);
echo error("Full query: $query"); echo error("Full query: $query");
} }
} }
@ -448,7 +449,7 @@ function user_save_parent($u)
} }
function user_save(&$u) function user_save(&$u)
{ { global $pdo;
/* Add any new types */ /* Add any new types */
$added = array_diff($u['types'], $u['orig']['types']); $added = array_diff($u['types'], $u['orig']['types']);
foreach($added as $t) { foreach($added as $t) {
@ -490,7 +491,7 @@ function user_save(&$u)
$stmt = $pdo->prepare($query); $stmt = $pdo->prepare($query);
$stmt->execute(); $stmt->execute();
// echo "query=[$query]"; // echo "query=[$query]";
echo $pdo->errorInfo(); show_pdo_errors_if_any($pdo);
} }
/* Save the password if it changed */ /* Save the password if it changed */
@ -560,9 +561,7 @@ function user_delete_principal($u)
{ {
} }
function user_delete_teacher($u) function user_delete_teacher($u){} $pdo->errorInfo();
{
}
function user_delete_parent($u) function user_delete_parent($u)
{ {
@ -703,7 +702,7 @@ function user_dupe_row($db, $key, $val, $newval)
// echo "Dupe Query: [$q]"; // echo "Dupe Query: [$q]";
$r = $pdo->prepare($q); $r = $pdo->prepare($q);
$r->execute(); $r->execute();
echo $pdo->errorInfo(); show_pdo_errors_if_any($pdo);
$id = $pdo->errorInfo(); $id = $pdo->errorInfo();
return $id; return $id;
@ -778,11 +777,12 @@ function user_add_role_allowed($type, $u)
function user_create($type, $username, $u = NULL) function user_create($type, $username, $u = NULL)
{ {
global $config; global $config;
global $pdo;
if(!is_array($u)) { if(!is_array($u)) {
$stmt = $pdo->prepare("INSERT INTO users (`types`,`username`,`passwordset`,`created`,`year`,`deleted`) $stmt = $pdo->prepare("INSERT INTO users (`types`,`username`,`passwordset`,`created`,`year`,`deleted`)
VALUES ('$type','$username','0000-00-00', NOW(), '{$config['FAIRYEAR']}','no')"); VALUES ('$type','$username','0000-00-00', NOW(), '{$config['FAIRYEAR']}','no')");
$stmt->execute(); $stmt->execute();
echo $pdo->errorInfo(); show_pdo_errors_if_any($pdo);
$uid = $pdo->lastInsertId(); $uid = $pdo->lastInsertId();
if(user_valid_email($username)) { if(user_valid_email($username)) {
$stmt = $pdo->prepare("UPDATE users SET email='$username' WHERE id='$uid'"); $stmt = $pdo->prepare("UPDATE users SET email='$username' WHERE id='$uid'");
@ -790,13 +790,13 @@ function user_create($type, $username, $u = NULL)
} }
$stmt = $pdo->prepare("UPDATE users SET uid='$uid' WHERE id='$uid'"); $stmt = $pdo->prepare("UPDATE users SET uid='$uid' WHERE id='$uid'");
$stmt->execute(); $stmt->execute();
echo $pdo->errorInfo(); show_pdo_errors_if_any($pdo);
user_set_password($uid, NULL); user_set_password($uid, NULL);
/* Since the user already has a type, user_save won't create this /* Since the user already has a type, user_save won't create this
* entry for us, so do it here */ * entry for us, so do it here */
$stmt = $pdo->prepare("INSERT INTO users_$type (users_id) VALUES('$uid')"); $stmt = $pdo->prepare("INSERT INTO users_$type (users_id) VALUES('$uid')");
$stmt->execute(); $stmt->execute();
echo $pdo->errorInfo(); show_pdo_errors_if_any($pdo);
/* Load the complete user */ /* Load the complete user */
$u = user_load($uid); $u = user_load($uid);
// echo "user_create / user_load($uid) returned <pre>"; // echo "user_create / user_load($uid) returned <pre>";
@ -889,7 +889,7 @@ function user_auth_required($type, $access='')
} }
/* Forward to password expired, remember the target URI */ /* Forward to password expired, remember the target URI */
if($_SESSION['password_expired'] == true) { if(get_value_from_array($_SESSION, 'password_expired') == true) {
$_SESSION['request_uri'] = $_SERVER['REQUEST_URI']; $_SESSION['request_uri'] = $_SERVER['REQUEST_URI'];
header("location: {$config['SFIABDIRECTORY']}/user_password.php"); header("location: {$config['SFIABDIRECTORY']}/user_password.php");
exit; exit;

View File

@ -33,7 +33,7 @@
} }
/* Sort out who we're editting */ /* Sort out who we're editting */
if($_POST['users_id']) if(get_value_from_array($_POST, 'users_id'))
$eid = intval($_POST['users_id']); /* From a save form */ $eid = intval($_POST['users_id']); /* From a save form */
else if(array_key_exists('embed_edit_id', $_SESSION)) else if(array_key_exists('embed_edit_id', $_SESSION))
$eid = $_SESSION['embed_edit_id']; /* From the embedded editor */ $eid = $_SESSION['embed_edit_id']; /* From the embedded editor */
@ -48,7 +48,7 @@ if($eid != $_SESSION['users_id']) {
$u = user_load($eid); $u = user_load($eid);
/* Validate the type */ /* Validate the type */
if($_GET['action'] != '' && $_GET['action'] != 'delete') { if(get_value_from_array($_GET, 'action') != '' && $_GET['action'] != 'delete') {
$action_type = $_GET['type']; $action_type = $_GET['type'];
if(!in_array($action_type, $user_types)) { if(!in_array($action_type, $user_types)) {
echo "ERROR: not an allowed type."; echo "ERROR: not an allowed type.";
@ -57,7 +57,7 @@ if($eid != $_SESSION['users_id']) {
$action_what = $user_what[$action_type]; $action_what = $user_what[$action_type];
} }
switch($_GET['action']) { switch(get_value_from_array($_GET, 'action')) {
case 'delete': case 'delete':
//okay here we go, lets get rid of them completely, since this is what theyve asked for //okay here we go, lets get rid of them completely, since this is what theyve asked for
message_push(happy(i18n("Account successfully deleted. Goodbye"))); message_push(happy(i18n("Account successfully deleted. Goodbye")));
@ -92,7 +92,7 @@ case 'remove':
$u = user_load($u['id']); $u = user_load($u['id']);
if($_SESSION['embed'] == true) { if(get_value_from_array($_SESSION, 'embed') == true) {
echo "<br/>"; echo "<br/>";
display_messages(); display_messages();
echo "<h3>".i18n("Role and Account Management")."</h3>"; echo "<h3>".i18n("Role and Account Management")."</h3>";
@ -182,5 +182,5 @@ function remove(type)
echo "<input style=\"width: 300px;\" onclick=\"return confirmClick('".i18n("Are you sure you want to completely delete your account?\\nDoing so will remove you from our mailing list for future years and you will never hear from us again.\\nThis action cannot be undone.")."')\" type=\"submit\" value=\"".i18n("Delete Entire Account")."\">"; echo "<input style=\"width: 300px;\" onclick=\"return confirmClick('".i18n("Are you sure you want to completely delete your account?\\nDoing so will remove you from our mailing list for future years and you will never hear from us again.\\nThis action cannot be undone.")."')\" type=\"submit\" value=\"".i18n("Delete Entire Account")."\">";
echo "</form>"; echo "</form>";
if($_SESSION['embed'] != true) send_footer(); if(get_value_from_array($_SESSION, 'embed') != true) send_footer();
?> ?>

View File

@ -29,7 +29,7 @@
//include "judges.inc.php"; //include "judges.inc.php";
/* AJAX query */ /* AJAX query */
if(intval($_GET['ajax']) == 1) { if(intval(get_value_from_array($_GET,'ajax')) == 1) {
/* Do ajax processing for this file */ /* Do ajax processing for this file */
$email = stripslashes($_GET['email']); $email = stripslashes($_GET['email']);
$type = $_GET['type']; $type = $_GET['type'];
@ -158,7 +158,7 @@
echo "<br />"; echo "<br />";
$allowed_types = array('judge', 'volunteer'); $allowed_types = array('judge', 'volunteer');
$type = $_POST['type']; $type = get_value_from_array($_POST,'type');
if($type == '') $type = $_GET['type']; if($type == '') $type = $_GET['type'];
if($type != '') { if($type != '') {
if(!in_array($type, $allowed_types)) { if(!in_array($type, $allowed_types)) {
@ -167,7 +167,7 @@
} }
} }
if($_POST['action']!="" && $_POST['email'] && $type != '') { if(get_value_from_array($_POST, 'action',"") && get_value_from_array($_POST,'email') && ($type != '')) {
$allowed_actions = array('notexist','norole','noyear'); $allowed_actions = array('notexist','norole','noyear');
$email = stripslashes($_POST['email']); $email = stripslashes($_POST['email']);

View File

@ -56,10 +56,10 @@
$back_link = "{$type}_main.php"; $back_link = "{$type}_main.php";
unset($_SESSION['request_uri']); unset($_SESSION['request_uri']);
$password_expiry_days = $config["{$type}_password_expiry_days"]; $password_expiry_days = get_value_from_array($config, "{$type}_password_expiry_days");
if($_POST['action']=="save") if(get_value_from_array($_POST, 'action') == "save")
{ {
$pass = $_POST['pass1']; $pass = $_POST['pass1'];
//first, lets see if they choosed the same password again (bad bad bad) //first, lets see if they choosed the same password again (bad bad bad)
@ -90,7 +90,7 @@
,"change_password" ,"change_password"
); );
if($_SESSION['password_expired'] == true) if(get_value_from_array($_SESSION, 'password_expired') == true)
{ {
echo i18n('Your password has expired. You must choose a new password now.'); echo i18n('Your password has expired. You must choose a new password now.');
} }

View File

@ -70,7 +70,7 @@
); );
/* Sort out who we're editting */ /* Sort out who we're editting */
if($_POST['users_id']) if(get_value_from_array($_POST, 'users_id'))
$eid = intval($_POST['users_id']); /* From a save form */ $eid = intval($_POST['users_id']); /* From a save form */
else if(array_key_exists('embed_edit_id', $_SESSION)) else if(array_key_exists('embed_edit_id', $_SESSION))
$eid = $_SESSION['embed_edit_id']; /* From the embedded editor */ $eid = $_SESSION['embed_edit_id']; /* From the embedded editor */
@ -102,7 +102,7 @@ if($eid != $_SESSION['users_id']) {
$fields[] = 'password'; $fields[] = 'password';
} }
switch($_GET['action']) { switch(get_value_from_array($_GET, 'action')) {
case 'save': case 'save':
$users_id = intval($_POST['users_id']); $users_id = intval($_POST['users_id']);
if($users_id != $_SESSION['users_id']) { if($users_id != $_SESSION['users_id']) {
@ -176,7 +176,7 @@ case 'save':
//send the header //send the header
if($_SESSION['embed'] == true) { if(get_value_from_array($_SESSION, 'embed') == true) {
echo "<br/>"; echo "<br/>";
display_messages(); display_messages();
echo "<h3>".i18n("Personal Information")."</h3>"; echo "<h3>".i18n("Personal Information")."</h3>";
@ -225,6 +225,7 @@ function item($user, $fname, $subtext='')
global $fields, $required; global $fields, $required;
global $errorfields; global $errorfields;
global $user_personal_fields; global $user_personal_fields;
global $style;
if(in_array($fname, $fields)) { if(in_array($fname, $fields)) {
$text = i18n($user_personal_fields[$fname]['name']); $text = i18n($user_personal_fields[$fname]['name']);
@ -235,7 +236,7 @@ function item($user, $fname, $subtext='')
$req = in_array($fname, $required) ? REQUIREDFIELD : ''; $req = in_array($fname, $required) ? REQUIREDFIELD : '';
switch($user_personal_fields[$fname]['type']) { switch($user_personal_fields[$fname]['name']) {
case 'yesno': case 'yesno':
echo "<select name=\"$fname\">"; echo "<select name=\"$fname\">";
$sel = ($user[$fname]=='yes') ? 'selected="selected"' : ''; $sel = ($user[$fname]=='yes') ? 'selected="selected"' : '';
@ -383,7 +384,7 @@ echo "</form>";
echo "<br />"; echo "<br />";
if($_SESSION['embed'] != true) { if(get_value_from_array($_SESSION, 'embed') != true) {
send_footer(); send_footer();
} }

View File

@ -24,6 +24,7 @@
<? <?
require("common.inc.php"); require("common.inc.php");
require("projects.inc.php"); require("projects.inc.php");
require_once('helper.inc.php');
send_header("Winners"); send_header("Winners");
@ -74,7 +75,7 @@ if(get_value_from_array($_GET, 'year') && get_value_from_array($_GET, 'type')) {
ORDER BY ORDER BY
awards_order"); awards_order");
echo $pdo->errorInfo(); show_pdo_errors_if_any($pdo);
if($q->rowCount()) if($q->rowCount())
{ {
@ -279,7 +280,11 @@ else
award_types.order award_types.order
"); ");
$tq->execute(); $tq->execute();
echo $pdo->errorInfo(); $errorInfo = $pdo->errorInfo();
if ($errorInfo[0] != '00000') {
// If there's an error (the SQLSTATE isn't '00000', which means no error)
echo "Error: " . $errorInfo[2]; // The third element contains the error message
}
while($tr=$tq->fetch(PDO::FETCH_OBJ)) { while($tr=$tq->fetch(PDO::FETCH_OBJ)) {
echo "&nbsp;&nbsp;<a href=\"winners.php?year=$r->year&type=$tr->type\">".i18n("%1 $tr->type award winners",array($r->year))."</a><br />"; echo "&nbsp;&nbsp;<a href=\"winners.php?year=$r->year&type=$tr->type\">".i18n("%1 $tr->type award winners",array($r->year))."</a><br />";
} }