diff --git a/common.inc.php b/common.inc.php index d3ae75e..05f8a54 100644 --- a/common.inc.php +++ b/common.inc.php @@ -1,1430 +1,1447 @@ - - Copyright (C) 2005 James Grant - - This program is free software; you can redistribute it and/or - modify it under the terms of the GNU General Public - License as published by the Free Software Foundation, version 2. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; see the file COPYING. If not, write to - the Free Software Foundation, Inc., 59 Temple Place - Suite 330, - Boston, MA 02111-1307, USA. -*/ -?> -*'); - -//figure out the directory to prepend to directoroy names, depending on if we are in a subdirectory or not -if(substr(getcwd(),-6)=="/admin") - $prependdir="../"; -else if(substr(getcwd(),-7)=="/config") - $prependdir="../"; -else if(substr(getcwd(),-3)=="/db") - $prependdir="../"; -else if(substr(getcwd(),-8)=="/scripts") - $prependdir="../"; -else - $prependdir=""; - -$sfiabversion=@file($prependdir."version.txt"); -$config['version']=trim($sfiabversion[0]); - - -//make sure the data subdirectory is writable, if its not, then we're screwed, so make sure it is! -if(!is_writable($prependdir."data")) -{ - echo "SFIAB ERROR"; - echo "

Science Fair In A Box - ERROR

"; - echo "data/ subdirectory is not writable by the web server"; - echo "
"; - echo "

Details

"; - echo "The data/ subdirectory is used to store files uploaded through the SFIAB software. The web server must have write access to this directory in order to function properly. Please contact your system administrator (if you are the system administrator, chown/chmod the data directory appropriately)."; - echo "
"; - echo ""; - exit; -} - -if(file_exists($prependdir."data/config.inc.php")) -{ - require_once($prependdir."data/config.inc.php"); -} -else -{ - echo "SFIAB"; - echo "

Science Fair In A Box - Installation

"; - echo "It looks like this is a new installation of SFIAB, and the database has not yet been configured. Please choose from the following options:
"; - echo "
"; - echo "Proceed with Fresh SFIAB Installation"; - echo "
"; - echo ""; - exit; -} - -/* -difference between MySQL <5.1 and 5.1: -in <5.1 in must have internall truncated it at 16 before comparing with the hard-coded 16 character database limit -in 5.1 it doesnt truncate and compares the full string with the hardcoded 16 character limit, so all our very long usernames -are now failing -James - Dec 30 2010 -*/ -$DBUSER=substr($DBUSER,0,16); - -if(!mysql_connect($DBHOST,$DBUSER,$DBPASS)) -{ - echo "SFIAB ERROR"; - echo "

Science Fair In A Box - ERROR

"; - echo "Cannot connect to database!"; - echo ""; - exit; -} - -if(!mysql_select_db($DBNAME)) -{ - echo "SFIAB ERROR"; - echo "

Science Fair In A Box - ERROR

"; - echo "Cannot select database!"; - echo ""; - exit; -} - -//this will silently fail on mysql 4.x, but is needed on mysql5.x to ensure we're only using iso-8859-1 (/latin1) encodings -@mysql_query("SET NAMES latin1"); - -//find out the fair year and any other 'year=0' configuration parameters (things that dont change as the years go on) -$q=@mysql_query("SELECT * FROM config WHERE year='0'"); - -//we might get an error if installation step 2 is not done (ie, the config table doesnt even exist) -if(mysql_error()) -{ - echo "SFIAB ERROR"; - echo "

Science Fair In A Box - ERROR

"; - echo "SFIAB installation is not complete. Please go to Installer Step 2 to complete the installation process"; - echo "
"; - echo ""; - exit; -} -//if we have 0 (<1) then install2 is not done, which would get caught above, -//if we have 1 (<2) then insatll3 is not done (no entries for FAIRYEAR and SFIABDIRECTORY) -if(mysql_num_rows($q)<2) -{ - echo "SFIAB ERROR"; - echo "

Science Fair In A Box - ERROR

"; - echo "SFIAB installation is not complete. Please go to Installer Step 3 to complete the installation process"; - echo "
"; - echo ""; - exit; - -} -else -{ - while($r=mysql_fetch_object($q)) - { - $config[$r->var]=$r->val; - } -} - -$dbdbversion=$config['DBVERSION']; -$dbcodeversion=@file($prependdir."db/db.code.version.txt"); -$dbcodeversion=trim($dbcodeversion[0]); - -if(!$dbdbversion) -{ - echo "SFIAB ERROR"; - echo "

Science Fair In A Box - ERROR

"; - echo "SFIAB installation is not complete. Please go to Installer Step 2 to complete the installation process"; - echo "
"; - echo ""; - exit; -} - -if($dbcodeversion!=$dbdbversion) -{ - echo "SFIAB ERROR"; - echo "

Science Fair In A Box - ERROR

"; - echo "SFIAB database and code are mismatched"; - echo "
"; - echo "Please run the db_update.php script in order to update"; - echo "
"; - echo "your database to the same version as the code"; - echo "
"; - echo "
"; - echo "
"; - echo "

Details

"; - echo "Current SFIAB codebase requires DB version: ".$dbcodeversion; - echo "
"; - echo "Current SFIAB database is detected as version: ".$dbdbversion; - echo "
"; - echo ""; - exit; -} - -/* Check that magic_quotes is OFF */ -if(get_magic_quotes_gpc()) { -?> - SFIAB ERROR -

Science Fair In A Box - ERROR

-

Your PHP configuration has magic_quotes ENABLED. They should be - disabled, and are disabled in the .htaccess file, so your server is - ignoring the .htaccess file or overriding it. -

Magic quotes is DEPRECATED as of PHP 5.3.0, REMOVE as of 6.0, but ON - by default for any PHP < 5.3.0. -

It's a pain in the butt because PHP runs urldecode() on all inputs - from GET and POST, but if it sees the string has quotes, then it escapes - existing quotes before passing it to us. This is a problem for json_decode - where we do not want this behaviour, and thus need to pass through stripslashes() - first, but only if magicquotes is ON. If it's off, stripslashes will - break json_decode. -

Add 

php_flag magic_quotes_gpc off
to the .htacces, or add - 
php_flag magic_quotes_gpc=off
to php.ini - -
-var]=$r->val; -} - -//now pull the dates -$q=mysql_query("SELECT * FROM dates WHERE year='".$config['FAIRYEAR']."'"); -while($r=mysql_fetch_object($q)) -{ - $config['dates'][$r->name]=$r->date; -} - -//and now pull the theme -require_once("theme/{$config['theme']}/theme.php"); -require_once("theme/{$config['theme_icons']}/icons.php"); - -require_once("committee.inc.php"); - -if($config['SFIABDIRECTORY'] == '') { - session_name("SFIABSESSID"); - session_set_cookie_params(0,'/'); -} else { - session_name("SFIABSESSID".ereg_replace("[^A-Za-z]","_",$config['SFIABDIRECTORY'])); - session_set_cookie_params(0,$config['SFIABDIRECTORY']); -} -session_start(); - -//detect the browser first, so we know what icons to use - we store this in the config array as well -//even though its not configurable by the fair -if(stristr($_SERVER['HTTP_USER_AGENT'],"MSIE")) - $config['icon_extension']="gif"; -else - $config['icon_extension']="png"; - - - -//now get the languages, and make sure we have at least one active language -$q=mysql_query("SELECT * FROM languages WHERE active='Y' ORDER BY langname"); -if(mysql_num_rows($q)==0) -{ - echo "No active languages defined, defaulting to English"; - $config['languages']['en']="English"; -} -else -{ - while($r=mysql_fetch_object($q)) - { - $config['languages'][$r->lang]=$r->langname; - } -} -//now if no language has been set yet, lets set it to the default language -if(!$_SESSION['lang']) -{ - //first try the default language, if that doesnt work, use "en" - if($config['default_language']) - $_SESSION['lang']=$config['default_language']; - else - $_SESSION['lang']="en"; -} - -//only allow debug to get set if we're using a development version (odd numbered ending) -if(substr($config['version'], -1) % 2 != 0) - if($_GET['debug']) $_SESSION['debug']=$_GET['debug']; - -//if the user has switched languages, go ahead and switch the session variable -if($_GET['switchlanguage']) -{ - //first, make sure its a valid language: - if($config['languages'][$_GET['switchlanguage']]) - { - $_SESSION['lang']=$_GET['switchlanguage']; - - } - else - { - //invalid language, dont do anything - } -} - -function i18n($str,$args=array(),$argsdesc=array(),$forcelang="") -{ - if(!$str) - return ""; - - if($forcelang) - { - $savelang=$_SESSION['lang']; - $_SESSION['lang']=$forcelang; - } - - if($_SESSION['lang']) - { - if($_SESSION['lang']=="en") - { - for($x=1;$x<=count($args);$x++) - { - $str=str_replace("%$x",$args[$x-1],$str); - } - if($forcelang) $_SESSION['lang']=$savelang; - return $str; - } - else - { - $q=mysql_query("SELECT * FROM translations WHERE lang='".$_SESSION['lang']."' AND strmd5='".md5($str)."'"); - if($r=@mysql_fetch_object($q)) - { - if($r->val) - { - $ret=$r->val; - - for($x=1;$x<=count($args);$x++) - { - $ret=str_replace("%$x",$args[$x-1],$ret); - } - if($forcelang) $_SESSION['lang']=$savelang; - return $ret; - } - else - { - for($x=1;$x<=count($args);$x++) - { - $str=str_replace("%$x",$args[$x-1],$str); - } - if($forcelang) $_SESSION['lang']=$savelang; - return "{{".$str."}}"; - } - - } - else - { - if(count($argsdesc)) - { - $argsdescstring=""; - $n=1; - foreach($argsdesc AS $ad) - { - $argsdescstring.="%$n=$ad, "; - $n++; - } - $argsdescstring=substr($argsdescstring,0,-2); - $argsdescstring="'".mysql_escape_string($argsdescstring)."'"; - } - else - $argsdescstring="null"; - - mysql_query("INSERT INTO translations (lang,strmd5,str,argsdesc) VALUES ('".$_SESSION['lang']."','".md5($str)."','".mysql_escape_string($str)."',$argsdescstring)"); - for($x=1;$x<=count($args);$x++) - { - $str=str_replace("%$x",$args[$x-1],$str); - } - if($forcelang) $_SESSION['lang']=$savelang; - return "{{".$str."}}"; - } - } - } - else - { - //no language set, assume english - if($forcelang) $_SESSION['lang']=$savelang; - return $str; - } -} - -function error($str,$type="normal") -{ - if($type=="normal") - return "
$str

"; - else if($type=="inline") - return "$str
"; - -} - -function notice($str,$type="normal") -{ - if($type=="normal") - return "
$str

"; - else if($type=="inline") - return "$str
"; -} - -function happy($str,$type="normal") -{ - if($type=="normal") - return "
$str

"; - else if($type=="inline") - return "$str
"; -} - -function display_messages() -{ - /* Dump any messages in the queue */ - if(is_array($_SESSION['messages'])) { - foreach($_SESSION['messages'] as $m) echo $m; - } - $_SESSION['messages'] = array(); -} - -$HEADER_SENT=false; -function send_header($title="", $nav=null, $icon=null, $titletranslated=false) -{ - global $HEADER_SENT; - global $config; - global $prependdir; - - //do this so we can use send_header() a little more loosly and not worry about it being sent more than once. - if($HEADER_SENT) return; - else $HEADER_SENT=true; - - echo "\n"; -?> - - -<? if($title && !$titletranslated) echo i18n($title); else if($title) echo $title; else echo i18n($config['fairname']); ?> - - - - - - - - - - - - -
- - -"; - -if($icon && theme_icon($icon)) { - echo ""; -echo "
-'".$config['dates']['regclose']."') AS test"); - $r=mysql_fetch_object($q); - if($r->test==1) - { - $registrationconfirmationlink="
  • ".i18n("Confirmed Participants")."
    • "; - } - } -?> - -
    -\n"; - echo "

  • ".i18n("Fundraising")."

    • \n"; - echo "
  • ".i18n("Fundraising Dashboard").'
    • '; - echo "
  • ".i18n("Fundraising Setup").'
    • '; - echo "
  • ".i18n("Manage Appeals").'
    • '; - echo "
  • ".i18n("Manage Donors/Sponsors").'
    • '; - echo "
  • ".i18n("Fundraising Reports").'
    • '; - echo "
    \n"; - break; - default: - //no special menu - break; - } -} -?> -'; -?> -
    - -
    -1) { - echo "
    "; - echo "
    "; - echo ""; - echo "
    "; -} - -?> -
    -"; -?> - -
    -    		 -".i18n('You are here:').' '; - foreach($nav as $t=>$l) { - echo "".i18n($t).' » '; - } - if(!$titletranslated) - echo i18n($title); - else - echo $title; - echo ''; -} -?> - -
    -
    "; - echo theme_icon($icon); - echo ""; -} -else - echo ""; - -if($title && !$titletranslated) - echo "

    ".i18n($title)."

    "; -else if($title) - echo "

    ".$title."

    "; - -//if we're under /admin or /config then we want to show the ? help icon -if(substr(getcwd(),-6)=="/admin" || substr(getcwd(),-7)=="/config") -{ - if($_SERVER['REDIRECT_SCRIPT_URL']) - $fname=substr($_SERVER['REDIRECT_SCRIPT_URL'],strlen($config['SFIABDIRECTORY'])+1); - else - $fname=substr($_SERVER['PHP_SELF'],strlen($config['SFIABDIRECTORY'])+1); - echo "    		"; -} -"
    "; - - display_messages(); -} -/* END OF send_header */ - -function send_footer() -{ -global $config; -?> - - - -
    Debug...
    - - - - - -\n"; -?> - - -<?=i18n($title)?> - - - - - - - - -
    - -".i18n($title).""; - -} - -function send_popup_footer() -{ -?> -
    -
    - -
    Debug...
    - - - - -\n"; - $months=array("","Jan","Feb","Mar","Apr","May","Jun","Jul","Aug","Sep","Oct","Nov","Dec"); - echo "\n"; - for($x=1;$x<=12;$x++) - { - if($x==$selected) - $s="selected=\"selected\""; - else - $s=""; - echo "\n"; - } - - echo "\n"; - -} - - -function emit_day_selector($name,$selected="") -{ - echo "\n"; - -} - -function emit_year_selector($name,$selected="",$min=0,$max=0) -{ - $curyear=date("Y"); - echo "\n"; -} - -function emit_date_selector($name,$selected="") -{ - if($selected) - { - list($year,$month,$day)=split("-",$selected); - } - echo ""; - echo ""; - echo "
    "; - emit_year_selector($name."_year",$year); - echo ""; - emit_month_selector($name."_month",$month); - echo ""; - emit_day_selector($name."_day",$day); - echo "
    "; -} - -function emit_hour_selector($name,$selected="") -{ - if($selected!="") $selected=(int)$selected; - echo "\n"; - - -} -function emit_minute_selector($name,$selected="") -{ - $mins=array("00","05","10","15","20","25","30","35","40","45","50","55"); - echo "\n"; - - -} - -function emit_time_selector($name,$selected="") -{ - - if($selected) - { - list($hour,$minute,$second)=split(":",$selected); - } - echo ""; - echo ""; - echo "
    "; - emit_hour_selector($name."_hour",$hour); - echo ""; - emit_minute_selector($name."_minute",$minute); - echo "
    "; - -} - -function emit_province_selector($name,$selected="",$extra="") -{ - global $config; - $q=mysql_query("SELECT * FROM provinces WHERE countries_code='".mysql_escape_string($config['country'])."' ORDER BY province"); - if(mysql_num_rows($q)==1) - { - $r=mysql_fetch_object($q); - echo ""; - echo i18n($r->province); - } - else - { - echo "\n"; - } - -} - - -function outputStatus($status) -{ - $ret=""; - switch($status) - { - case 'incomplete': - $ret.="
    "; - $ret.= i18n("Incomplete"); - $ret.= "
    "; - break; - case 'complete': - $ret.= "
    "; - $ret.= i18n("Complete"); - $ret.= "
    "; - break; - case 'empty': - $ret.="
    "; - $ret.= i18n("Empty"); - $ret.= "
    "; - break; - - default: - $ret.=i18n("Unknown"); - break; - } - return $ret; -} - -//returns true if its a valid email address, false if its not -function isEmailAddress($str) { - if(eregi('^[+a-zA-Z0-9._-]+@[a-zA-Z0-9._-]+\.([a-zA-Z]{2,4})$', $str)) - return true; - else - return false; -} - -function communication_get_user_replacements(&$u) { - global $config; - $rep = array('FAIRNAME' => $config['fairname'], - 'NAME' => $u['name'], - 'EMAIL' => $u['email'], - 'PASSWORD' => $u['password'], - 'SALUTATION' => $u['salutation'], - 'FIRSTNAME' => $u['firstname'], - 'LASTNAME' => $u['lastname'], - 'ORGANIZATION' => $u['sponsor']['organization'], - ); - return $rep; -} - -function communication_replace_vars($text, &$u, $otherrep=array()) { - global $config; - if($u) { - $userrep=communication_get_user_replacements($u); - } - else { - $userrep=array(); - } - - $rep=array_merge($userrep,$otherrep); - foreach($rep AS $k=>$v) { - $text=ereg_replace("\[$k\]",$v,$text); - } - return $text; -} - -function email_send($val,$to,$sub_subject=array(),$sub_body=array()) -{ - global $config; - - /* Standard substitutions that are constant no matter who - * the $to is */ - $urlproto = $_SERVER['SERVER_PORT'] == 443 ? "https://" : "http://"; - $urlmain = "$urlproto{$_SERVER['HTTP_HOST']}{$config['SFIABDIRECTORY']}"; - $urllogin = "$urlmain/login.php"; - $stdsub = array("FAIRNAME"=>i18n($config['fairname']), - "URLMAIN"=>$urlmain, - "URLLOGIN"=>$urllogin, - ); - /* Add standard subs to existing sub arrays */ - $sub_subject = array_merge($sub_subject, $stdsub); - $sub_body = array_merge($sub_body, $stdsub); - - //if our "to" doesnt look like a valid email, then forget about sending it. - if(!isEmailAddress($to)) - return false; - - $q=mysql_query("SELECT * FROM emails WHERE val='$val'"); - if($r=mysql_fetch_object($q)) { - $subject=i18n($r->subject); - $body=i18n($r->body); - - /* Eventually we should just do this with communication_replace_vars() */ - if(count($sub_subject)) { - foreach($sub_subject AS $sub_k=>$sub_v) { - $subject=ereg_replace("\[$sub_k\]","$sub_v",$subject); - } - } - if(count($sub_body)) { - foreach($sub_body AS $sub_k=>$sub_v) { - $body=ereg_replace("\[$sub_k\]","$sub_v",$body); - } - } - - if($r->from) - $fr=$r->from; - else if ($config['fairmanageremail']) - $fr=$config['fairmanageremail']; - else - $fr=""; - - //only send the email if we have a from - if($fr) { - //send using RMail - email_send_new($to,$fr,$subject,$body); - } - else - echo error(i18n("CRITICAL ERROR: email '%1' does not have a 'From' and the Fair Manager Email is not configured",array($val),array("email key name"))); - } - else { - echo error(i18n("CRITICAL ERROR: email '%1' not found",array($val),array("email key name"))); - } -} - -require_once("Rmail/Rmail.php"); -require_once("Rmail/RFC822.php"); - -//this sends out an all-ready-to-go email, it does no substitution or changes or database lookups or anything -function email_send_new($to,$from,$subject,$body,$bodyhtml="") { - $mail=new RMail(); - $mail->setFrom($from); - $mail->setSubject($subject); - $mail->setText($body); - - $r=new Mail_RFC822($from); - $structure = $r->parseAddressList($from); - $s=$structure[0]; - $ret=sprintf("%s@%s",$s->mailbox,$s->host); - $mail->setReturnPath($ret); - $mail->setHeader("Bounce-To",$ret); - - //only add the html if we have it - if($bodyhtml) { - $mail->setHTML($bodyhtml); - } - - if(is_array($to)) { - return $mail->send($to); - } else { - return $mail->send(array($to)); - } -} - - -/* - returns an array of arrays - [ 0 ] = array ( to, firstname, lastname, email ) - [ 1 ] = array ( to, firstname, lastname, email ) - ...etc - -*/ -function getEmailRecipientsForRegistration($reg_id) -{ - global $config; - //okay first grab the registration record, to see if we should email the kids, the teacher, and/or the parents - $q=mysql_query("SELECT * FROM registrations WHERE id='$reg_id' AND year='{$config['FAIRYEAR']}'"); - $registration=mysql_fetch_object($q); - - if($registration->emailcontact && isEmailAddress($registration->emailcontact)) { - $ret[]=array("to"=>$registration->emailcontact, - "firstname"=>"", - "lastname"=>"", - "email"=>$registration->emailcontact, - ); - } - - $sq=mysql_query("SELECT * FROM students WHERE registrations_id='$reg_id' AND year='{$config['FAIRYEAR']}'"); - $ret=array(); - while($sr=mysql_fetch_object($sq)) { - if($sr->email && isEmailAddress($sr->email)) { - if($sr->firstname && $sr->lastname) - $to=$sr->firstname." ".$sr->lastname." <".$sr->email.">"; - else if($sr->firstname) - $to=$sr->firstname." <".$sr->email.">"; - else if($sr->lastname) - $to=$sr->lastname." <".$sr->email.">"; - else - $to=$sr->email; - - $ret[]=array("to"=>$to, - "firstname"=>$sr->firstname, - "lastname"=>$sr->lastname, - "email"=>$sr->email, - ); - } - } - return $ret; -} - -function output_page_text($textname) -{ - global $config; - $q=mysql_query("SELECT * FROM pagetext WHERE textname='$textname' AND year='".$config['FAIRYEAR']."' AND lang='".$_SESSION['lang']."'"); - if(mysql_num_rows($q)) - $r=mysql_fetch_object($q); - else - { - //not defined, lets grab the default text - $q=mysql_query("SELECT * FROM pagetext WHERE textname='$textname' AND year='-1' AND lang='".$config['default_language']."'"); - $r=mysql_fetch_object($q); - } - - //if it looks like we have HTML content, dont do a nl2br, if there's no html, then do the nl2br - if(strlen($r->text)==strlen(strip_tags($r->text))) - echo nl2br($r->text); - else - echo $r->text; -} - -function output_page_cms($filename) -{ - global $config; - $q=mysql_query("SELECT * FROM cms WHERE filename='".mysql_escape_string($filename)."' AND lang='".$_SESSION['lang']."' ORDER BY dt DESC LIMIT 1"); - if(mysql_num_rows($q)) - { - $r=mysql_fetch_object($q); - send_header($r->title,null,null,true); - - if(file_exists("data/logo-200.gif") && $r->showlogo==1) - echo ""; - - //if it looks like we have HTML content, dont do a nl2br, if there's no html, then do the nl2br - if(strlen($r->text)==strlen(strip_tags($r->text))) - echo nl2br($r->text); - else - echo $r->text; - } - else { - send_header("Error: File not found"); - echo error(i18n("The file you have requested (%1), does not exist on the server.",array($filename))); - return; - //not defined, lets grab the default text - } - - send_footer(); -} - -function generatePassword($pwlen=8) -{ - //these are good characters that are not easily confused with other characters :) - $available="ABCDEFGHJKLMNPQRSTUVWXYZabcdefghjkmnpqrstuvwxyz23456789"; - $len=strlen($available) - 1; - - $key=""; - for($x=0;$x<$pwlen;$x++) - $key.=$available{rand(0,$len)}; - return $key; -} - - -//config specific warning -function config_warnings() -{ - -} - -//admin specific warnings -function admin_warnings() -{ - -} - -//warnings to show to both config and/or admin people -function committee_warnings() -{ - global $config; - //it is vital that each year the system be rolled over before we start it again - //we should do this, say, 4 months after the FAIRDATE, so its soon enough that they should see - //the message as soon as they login to start preparing for hte new year, but not too late to do it - //properly :) - - $q=mysql_query("SELECT DATE_ADD('".$config['dates']['fairdate']."', INTERVAL 4 MONTH) < NOW() AS rollovercheck"); - $r=mysql_fetch_object($q); - if($r->rollovercheck) { - echo error(i18n("It has been more than 4 months since your fair. In order to prepare the system for the next year's fair, you should go to the SFIAB Configuration page, and click on 'Rollover Fair Year'. Do not start updating the system with new information until the year has been properly rolled over.")); - } - - $warn = false; - $q = mysql_query("SELECT * FROM award_prizes WHERE `external_identifier` IS NOT NULL - AND external_identifier=prize"); - if(mysql_num_rows($q) > 0) { - /* The bug was that the external_identifier was set to the prize name.. so only display the warning - * if we find that case for a non-sfiab external fair */ - while(($p = mysql_fetch_assoc($q) )) { - $qq = mysql_query("SELECT * FROM award_awards - LEFT JOIN fairs ON fairs.id=award_awards.award_source_fairs_id - WHERE award_awards.id='{$p['award_awards_id']}' - AND year='{$config['FAIRYEAR']}' - AND award_awards.award_source_fairs_id IS NOT NULL - AND fairs.type='ysc' "); - echo mysql_error(); - if(mysql_num_rows($qq) > 0) { - $warn = true; - break; - } - } - } - if($warn) { - //let everyone know about the need to re-download awards before being able to upload - echo notice(i18n("March 30, 2010 - There was a minor issue with uploading award results that has now been corrected, however, you will need to re-download your awards from all external sources, before you will be able to upload the award winners back to those external sources. Re-downloading the awards will not affect the awards in any visible way, it will just allow the winners to be uploaded properly. Click on Fair Administration -> Awards Management -> Download awards from external sources -> and click 'check' for each award source")); - } - -} - -$CWSFDivisions=array( - 1=>"Automotive", - 2=>"Biotechnology & Pharmaceutical Sciences", - 3=>"Computing & Information Technology", - 4=>"Earth & Environmental Sciences", - 5=>"Engineering", - 6=>"Environmental Innovation", - 7=>"Health Sciences", - 8=>"Life Sciences", - 9=>"Physical & Mathematical Sciences" -); - -function theme_icon($icon, $width=0) { - global $theme_icons, $config; - - $w = ($width == 0) ? '' : "width=\"$width\"" ; - if($theme_icons['icons'][$icon]) - return "\"".htmlspecialchars($icon)."\""; - - return ""; -} - -//$d can be a unix timestamp integer, OR a text string, eg 2008-01-22 -function format_date($d) { - global $config; - if(is_numeric($d)) - return date($config['dateformat'],$d); - else - return date($config['dateformat'],strtotime($d)); -} - -//$t can be a unix timestamp integer, or a text string, eg 10:23:48 -function format_time($t) { - global $config; - if(is_numeric($t)) - return date($config['timeformat'],$t); - else - return date($config['timeformat'],strtotime($t)); -} - -//$dt can be a unix timestamp integer, or a text string, eg 2008-01-22 10:23:48 -function format_datetime($dt) { - if(is_numeric($dt)) { - return format_date($dt)." ".i18n("at")." ".format_time($dt); - } - else { - list($d,$t)=split(" ",$dt); - return format_date($d)." ".i18n("at")." ".format_time($t); - } -} - -function format_money($n,$decimals=true) -{ - if($n<0){ - $neg=true; - $n=$n*-1; - } - //get the part before the decimal - $before=floor($n); - $out=""; - - //space it out in blocks of three - for($x=strlen($before);$x>3;$x-=3) { - $out=substr($before,$x-3,3)." ".$out; - } - if($x>0) - $out=substr($before,0,$x)." ".$out; - - //trim any leading/trailing space that was added - $out=trim($out); - - if($neg) $negdisp="-"; else $negdisp=""; - - if($decimals) { - //get everything after the decimal place, and %02f it. - $after=substr(strstr(sprintf("%.02f",$n),"."),1); - - //finally display it with the right language localization - if($_SESSION['lang']=="fr") - return sprintf("%s%s,%s \$",$negdisp,$out,$after); - else - return sprintf("%s\$%s.%s",$negdisp,$out,$after); - } - else { - if($_SESSION['lang']=="fr") - return sprintf("%s%s \$",$negdisp,$out); - else - return sprintf("%s\$%s",$negdisp,$out); - - } -} - -function message_push($m) -{ - if(!is_array($_SESSION['messages'])) $_SESSION['messages'] = array(); - $_SESSION['messages'][] = $m; -} - -function notice_($str, $i18n_array=array(), $timeout=-1, $type='notice') -{ - if($timeout == -1) $timeout = 5000; - echo ""; -} - -function happy_($str, $i18n_array=array(), $timeout=-1) -{ - notice_($str, $i18n_array, $timeout, 'happy'); -} -function error_($str, $i18n_array=array(), $timeout=-1) -{ - notice_($str, $i18n_array, $timeout, 'error'); -} - -function debug_($str) -{ - if($_SESSION['debug'] != true) return; - $s = str_replace("\n", "", nl2br(htmlspecialchars($str))).'
    '; - echo ""; -} - -//this function returns a HTML colour code ranging between red and green, with yellow in the middle based on the percent passed into it -function colour_to_percent($percent) -{ - //0 is red - //50 is yellow - //100 is green - - if($percent<=50) $red=255; - else $red=(100-$percent)*2/100*255;; - - if($percent>50) $green=255; - else $green=($percent)*2/100*255;; - -// echo "red=$red"; -// echo "green=$green"; - $str="#".sprintf("%02s",dechex($red)).sprintf("%02s",dechex($green))."00"; - return $str; -} - - -function format_duration($seconds, $granularity = 2) -{ - $units = array( - '1 year|:count years' => 31536000, - '1 week|:count weeks' => 604800, - '1 day|:count days' => 86400, - '1 hour|:count hours' => 3600, - '1 min|:count min' => 60, - '1 sec|:count sec' => 1); - $output = ''; - // $output.=time()." - ".$timestamp." = ".$seconds; - foreach ($units as $key => $value) { - $key = explode('|', $key); - if ($seconds >= $value) { - $count = floor($seconds / $value); - $output .= ($output ? ' ' : ''); - $output .= ($count == 1) ? $key[0] : str_replace(':count', $count, $key[1]); - $seconds %= $value; - $granularity--; - } - if ($granularity == 0) { - break; - } - } - return $output ? $output : '0 sec'; -} - -function getTextFromHtml($html) { - //first, replace an

    with


    - $text=str_replace("

    ","


    ",$html); - //next, replace a with
    - $text=str_replace("","
    ",$html); - //now replace any
    with newlines - $text=eregi_replace('',chr(13).chr(10),$text); - //and strip the rest of the tags - $text=strip_tags($text); - - //a few common html entities - //replace & with & first, so multiply-encoded entities will decode (like "&#160;") - $text=str_replace("&","&",$text); - $text=str_replace(" "," ",$text); - $text=str_replace(" "," ",$text); - $text=str_replace("<","<",$text); - $text=str_replace(">",">",$text); - - //text version should always wrap at 75 chars, some mail severs wont accept - //mail with very long lines - $text=wordwrap($text,75,"\n",true); - - return $text; -} - -function getUserForSponsor($sponsor_id) { - // loop through each contact and draw a form with their data in it. - $q = mysql_query("SELECT *,MAX(year) FROM users LEFT JOIN users_sponsor ON users_sponsor.users_id=users.id - WHERE - sponsors_id='" . $sponsor_id . "' - AND types LIKE '%sponsor%' - GROUP BY uid - HAVING deleted='no' - ORDER BY users_sponsor.primary DESC,lastname,firstname - LIMIT 1 - "); - $r=mysql_fetch_object($q); - return user_load_by_uid($r->uid); -} - -function projectdivisions_load($year = false) -{ - global $config; - if($year == false) $year = $config['FAIRYEAR']; - $divs = array(); - $q = mysql_query("SELECT * FROM projectdivisions WHERE year='$year'"); - while(($d = mysql_fetch_assoc($q))) $divs[$d['id']] = $d; - return $divs; -} -function projectcategories_load($year = false) -{ - global $config; - if($year == false) $year = $config['FAIRYEAR']; - $cats = array(); - $q = mysql_query("SELECT * FROM projectcategories WHERE year='$year'"); - while(($c = mysql_fetch_assoc($q))) $cats[$c['id']] = $d; - return $cats; -} - - -?> + + Copyright (C) 2005 James Grant + + This program is free software; you can redistribute it and/or + modify it under the terms of the GNU General Public + License as published by the Free Software Foundation, version 2. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; see the file COPYING. If not, write to + the Free Software Foundation, Inc., 59 Temple Place - Suite 330, + Boston, MA 02111-1307, USA. +*/ +?> +*'); + +//figure out the directory to prepend to directoroy names, depending on if we are in a subdirectory or not +// dspanogle 2011-02-04 Windows based servers use '\' in directories. This code works for WIN servers and or *nix servers. +if (stristr(substr(getcwd(),-9), '\\')) { + // Win + if(substr(getcwd(),-6)=="\\admin") + $prependdir="..\\"; +else if(substr(getcwd(),-7)=="\\config") + $prependdir="..\\"; +else if(substr(getcwd(),-3)=="\\db") + $prependdir="..\\"; +else if(substr(getcwd(),-8)=="\\scripts") + $prependdir="..\\"; +else + $prependdir=""; +} else { + // Other + if(substr(getcwd(),-6)=="/admin") + $prependdir="../"; +else if(substr(getcwd(),-7)=="/config") + $prependdir="../"; +else if(substr(getcwd(),-3)=="/db") + $prependdir="../"; +else if(substr(getcwd(),-8)=="/scripts") + $prependdir="../"; +else + $prependdir=""; +} + + +$sfiabversion=@file($prependdir."version.txt"); +$config['version']=trim($sfiabversion[0]); + + +//make sure the data subdirectory is writable, if its not, then we're screwed, so make sure it is! +if(!is_writable($prependdir."data")) +{ + echo "SFIAB ERROR"; + echo "

    Science Fair In A Box - ERROR

    "; + echo "data/ subdirectory is not writable by the web server"; + echo "
    "; + echo "

    Details

    "; + echo "The data/ subdirectory is used to store files uploaded through the SFIAB software. The web server must have write access to this directory in order to function properly. Please contact your system administrator (if you are the system administrator, chown/chmod the data directory appropriately)."; + echo "
    "; + echo ""; + exit; +} + +if(file_exists($prependdir."data/config.inc.php")) +{ + require_once($prependdir."data/config.inc.php"); +} +else +{ + echo "SFIAB"; + echo "

    Science Fair In A Box - Installation

    "; + echo "It looks like this is a new installation of SFIAB, and the database has not yet been configured. Please choose from the following options:
    "; + echo "
    "; + echo "Proceed with Fresh SFIAB Installation"; + echo "
    "; + echo ""; + exit; +} + +/* +difference between MySQL <5.1 and 5.1: +in <5.1 in must have internall truncated it at 16 before comparing with the hard-coded 16 character database limit +in 5.1 it doesnt truncate and compares the full string with the hardcoded 16 character limit, so all our very long usernames +are now failing +James - Dec 30 2010 +*/ +$DBUSER=substr($DBUSER,0,16); + +if(!mysql_connect($DBHOST,$DBUSER,$DBPASS)) +{ + echo "SFIAB ERROR"; + echo "

    Science Fair In A Box - ERROR

    "; + echo "Cannot connect to database!"; + echo ""; + exit; +} + +if(!mysql_select_db($DBNAME)) +{ + echo "SFIAB ERROR"; + echo "

    Science Fair In A Box - ERROR

    "; + echo "Cannot select database!"; + echo ""; + exit; +} + +//this will silently fail on mysql 4.x, but is needed on mysql5.x to ensure we're only using iso-8859-1 (/latin1) encodings +@mysql_query("SET NAMES latin1"); + +//find out the fair year and any other 'year=0' configuration parameters (things that dont change as the years go on) +$q=@mysql_query("SELECT * FROM config WHERE year='0'"); + +//we might get an error if installation step 2 is not done (ie, the config table doesnt even exist) +if(mysql_error()) +{ + echo "SFIAB ERROR"; + echo "

    Science Fair In A Box - ERROR

    "; + echo "SFIAB installation is not complete. Please go to Installer Step 2 to complete the installation process"; + echo "
    "; + echo ""; + exit; +} +//if we have 0 (<1) then install2 is not done, which would get caught above, +//if we have 1 (<2) then insatll3 is not done (no entries for FAIRYEAR and SFIABDIRECTORY) +if(mysql_num_rows($q)<2) +{ + echo "SFIAB ERROR"; + echo "

    Science Fair In A Box - ERROR

    "; + echo "SFIAB installation is not complete. Please go to Installer Step 3 to complete the installation process"; + echo "
    "; + echo ""; + exit; + +} +else +{ + while($r=mysql_fetch_object($q)) + { + $config[$r->var]=$r->val; + } +} + +$dbdbversion=$config['DBVERSION']; +$dbcodeversion=@file($prependdir."db/db.code.version.txt"); +$dbcodeversion=trim($dbcodeversion[0]); + +if(!$dbdbversion) +{ + echo "SFIAB ERROR"; + echo "

    Science Fair In A Box - ERROR

    "; + echo "SFIAB installation is not complete. Please go to Installer Step 2 to complete the installation process"; + echo "
    "; + echo ""; + exit; +} + +if($dbcodeversion!=$dbdbversion) +{ + echo "SFIAB ERROR"; + echo "

    Science Fair In A Box - ERROR

    "; + echo "SFIAB database and code are mismatched"; + echo "
    "; + echo "Please run the db_update.php script in order to update"; + echo "
    "; + echo "your database to the same version as the code"; + echo "
    "; + echo "
    "; + echo "
    "; + echo "

    Details

    "; + echo "Current SFIAB codebase requires DB version: ".$dbcodeversion; + echo "
    "; + echo "Current SFIAB database is detected as version: ".$dbdbversion; + echo "
    "; + echo ""; + exit; +} + +/* Check that magic_quotes is OFF */ +if(get_magic_quotes_gpc()) { +?> + SFIAB ERROR +

    Science Fair In A Box - ERROR

    +

    Your PHP configuration has magic_quotes ENABLED. They should be + disabled, and are disabled in the .htaccess file, so your server is + ignoring the .htaccess file or overriding it. +

    Magic quotes is DEPRECATED as of PHP 5.3.0, REMOVE as of 6.0, but ON + by default for any PHP < 5.3.0. +

    It's a pain in the butt because PHP runs urldecode() on all inputs + from GET and POST, but if it sees the string has quotes, then it escapes + existing quotes before passing it to us. This is a problem for json_decode + where we do not want this behaviour, and thus need to pass through stripslashes() + first, but only if magicquotes is ON. If it's off, stripslashes will + break json_decode. +

    Add 

    php_flag magic_quotes_gpc off
    to the .htacces, or add + 
    php_flag magic_quotes_gpc=off
    to php.ini + +
    +var]=$r->val; +} + +//now pull the dates +$q=mysql_query("SELECT * FROM dates WHERE year='".$config['FAIRYEAR']."'"); +while($r=mysql_fetch_object($q)) +{ + $config['dates'][$r->name]=$r->date; +} + +//and now pull the theme +require_once("theme/{$config['theme']}/theme.php"); +require_once("theme/{$config['theme_icons']}/icons.php"); + +require_once("committee.inc.php"); + +if($config['SFIABDIRECTORY'] == '') { + session_name("SFIABSESSID"); + session_set_cookie_params(0,'/'); +} else { + session_name("SFIABSESSID".ereg_replace("[^A-Za-z]","_",$config['SFIABDIRECTORY'])); + session_set_cookie_params(0,$config['SFIABDIRECTORY']); +} +session_start(); + +//detect the browser first, so we know what icons to use - we store this in the config array as well +//even though its not configurable by the fair +if(stristr($_SERVER['HTTP_USER_AGENT'],"MSIE")) + $config['icon_extension']="gif"; +else + $config['icon_extension']="png"; + + + +//now get the languages, and make sure we have at least one active language +$q=mysql_query("SELECT * FROM languages WHERE active='Y' ORDER BY langname"); +if(mysql_num_rows($q)==0) +{ + echo "No active languages defined, defaulting to English"; + $config['languages']['en']="English"; +} +else +{ + while($r=mysql_fetch_object($q)) + { + $config['languages'][$r->lang]=$r->langname; + } +} +//now if no language has been set yet, lets set it to the default language +if(!$_SESSION['lang']) +{ + //first try the default language, if that doesnt work, use "en" + if($config['default_language']) + $_SESSION['lang']=$config['default_language']; + else + $_SESSION['lang']="en"; +} + +//only allow debug to get set if we're using a development version (odd numbered ending) +if(substr($config['version'], -1) % 2 != 0) + if($_GET['debug']) $_SESSION['debug']=$_GET['debug']; + +//if the user has switched languages, go ahead and switch the session variable +if($_GET['switchlanguage']) +{ + //first, make sure its a valid language: + if($config['languages'][$_GET['switchlanguage']]) + { + $_SESSION['lang']=$_GET['switchlanguage']; + + } + else + { + //invalid language, dont do anything + } +} + +function i18n($str,$args=array(),$argsdesc=array(),$forcelang="") +{ + if(!$str) + return ""; + + if($forcelang) + { + $savelang=$_SESSION['lang']; + $_SESSION['lang']=$forcelang; + } + + if($_SESSION['lang']) + { + if($_SESSION['lang']=="en") + { + for($x=1;$x<=count($args);$x++) + { + $str=str_replace("%$x",$args[$x-1],$str); + } + if($forcelang) $_SESSION['lang']=$savelang; + return $str; + } + else + { + $q=mysql_query("SELECT * FROM translations WHERE lang='".$_SESSION['lang']."' AND strmd5='".md5($str)."'"); + if($r=@mysql_fetch_object($q)) + { + if($r->val) + { + $ret=$r->val; + + for($x=1;$x<=count($args);$x++) + { + $ret=str_replace("%$x",$args[$x-1],$ret); + } + if($forcelang) $_SESSION['lang']=$savelang; + return $ret; + } + else + { + for($x=1;$x<=count($args);$x++) + { + $str=str_replace("%$x",$args[$x-1],$str); + } + if($forcelang) $_SESSION['lang']=$savelang; + return "{{".$str."}}"; + } + + } + else + { + if(count($argsdesc)) + { + $argsdescstring=""; + $n=1; + foreach($argsdesc AS $ad) + { + $argsdescstring.="%$n=$ad, "; + $n++; + } + $argsdescstring=substr($argsdescstring,0,-2); + $argsdescstring="'".mysql_escape_string($argsdescstring)."'"; + } + else + $argsdescstring="null"; + + mysql_query("INSERT INTO translations (lang,strmd5,str,argsdesc) VALUES ('".$_SESSION['lang']."','".md5($str)."','".mysql_escape_string($str)."',$argsdescstring)"); + for($x=1;$x<=count($args);$x++) + { + $str=str_replace("%$x",$args[$x-1],$str); + } + if($forcelang) $_SESSION['lang']=$savelang; + return "{{".$str."}}"; + } + } + } + else + { + //no language set, assume english + if($forcelang) $_SESSION['lang']=$savelang; + return $str; + } +} + +function error($str,$type="normal") +{ + if($type=="normal") + return "
    $str

    "; + else if($type=="inline") + return "$str
    "; + +} + +function notice($str,$type="normal") +{ + if($type=="normal") + return "
    $str

    "; + else if($type=="inline") + return "$str
    "; +} + +function happy($str,$type="normal") +{ + if($type=="normal") + return "
    $str

    "; + else if($type=="inline") + return "$str
    "; +} + +function display_messages() +{ + /* Dump any messages in the queue */ + if(is_array($_SESSION['messages'])) { + foreach($_SESSION['messages'] as $m) echo $m; + } + $_SESSION['messages'] = array(); +} + +$HEADER_SENT=false; +function send_header($title="", $nav=null, $icon=null, $titletranslated=false) +{ + global $HEADER_SENT; + global $config; + global $prependdir; + + //do this so we can use send_header() a little more loosly and not worry about it being sent more than once. + if($HEADER_SENT) return; + else $HEADER_SENT=true; + + echo "\n"; +?> + + +<? if($title && !$titletranslated) echo i18n($title); else if($title) echo $title; else echo i18n($config['fairname']); ?> + + + + + + + + + + + + +
    + + +"; + +if($icon && theme_icon($icon)) { + echo ""; +echo "
    +'".$config['dates']['regclose']."') AS test"); + $r=mysql_fetch_object($q); + if($r->test==1) + { + $registrationconfirmationlink="
  • ".i18n("Confirmed Participants")."
    • "; + } + } +?> + +
    +\n"; + echo "

  • ".i18n("Fundraising")."

    • \n"; + echo "
  • ".i18n("Fundraising Dashboard").'
    • '; + echo "
  • ".i18n("Fundraising Setup").'
    • '; + echo "
  • ".i18n("Manage Appeals").'
    • '; + echo "
  • ".i18n("Manage Donors/Sponsors").'
    • '; + echo "
  • ".i18n("Fundraising Reports").'
    • '; + echo "
    \n"; + break; + default: + //no special menu + break; + } +} +?> +'; +?> +
    + +
    +1) { + echo "
    "; + echo "
    "; + echo ""; + echo "
    "; +} + +?> +
    +"; +?> + +
    +    		 +".i18n('You are here:').' '; + foreach($nav as $t=>$l) { + echo "".i18n($t).' » '; + } + if(!$titletranslated) + echo i18n($title); + else + echo $title; + echo ''; +} +?> + +
    +
    "; + echo theme_icon($icon); + echo ""; +} +else + echo ""; + +if($title && !$titletranslated) + echo "

    ".i18n($title)."

    "; +else if($title) + echo "

    ".$title."

    "; + +//if we're under /admin or /config then we want to show the ? help icon +if(substr(getcwd(),-6)=="/admin" || substr(getcwd(),-7)=="/config") +{ + if($_SERVER['REDIRECT_SCRIPT_URL']) + $fname=substr($_SERVER['REDIRECT_SCRIPT_URL'],strlen($config['SFIABDIRECTORY'])+1); + else + $fname=substr($_SERVER['PHP_SELF'],strlen($config['SFIABDIRECTORY'])+1); + echo "    		"; +} +"
    "; + + display_messages(); +} +/* END OF send_header */ + +function send_footer() +{ +global $config; +?> + + + +
    Debug...
    + + + + + +\n"; +?> + + +<?=i18n($title)?> + + + + + + + + +
    + +".i18n($title).""; + +} + +function send_popup_footer() +{ +?> +
    +
    + +
    Debug...
    + + + + +\n"; + $months=array("","Jan","Feb","Mar","Apr","May","Jun","Jul","Aug","Sep","Oct","Nov","Dec"); + echo "\n"; + for($x=1;$x<=12;$x++) + { + if($x==$selected) + $s="selected=\"selected\""; + else + $s=""; + echo "\n"; + } + + echo "\n"; + +} + + +function emit_day_selector($name,$selected="") +{ + echo "\n"; + +} + +function emit_year_selector($name,$selected="",$min=0,$max=0) +{ + $curyear=date("Y"); + echo "\n"; +} + +function emit_date_selector($name,$selected="") +{ + if($selected) + { + list($year,$month,$day)=split("-",$selected); + } + echo ""; + echo ""; + echo "
    "; + emit_year_selector($name."_year",$year); + echo ""; + emit_month_selector($name."_month",$month); + echo ""; + emit_day_selector($name."_day",$day); + echo "
    "; +} + +function emit_hour_selector($name,$selected="") +{ + if($selected!="") $selected=(int)$selected; + echo "\n"; + + +} +function emit_minute_selector($name,$selected="") +{ + $mins=array("00","05","10","15","20","25","30","35","40","45","50","55"); + echo "\n"; + + +} + +function emit_time_selector($name,$selected="") +{ + + if($selected) + { + list($hour,$minute,$second)=split(":",$selected); + } + echo ""; + echo ""; + echo "
    "; + emit_hour_selector($name."_hour",$hour); + echo ""; + emit_minute_selector($name."_minute",$minute); + echo "
    "; + +} + +function emit_province_selector($name,$selected="",$extra="") +{ + global $config; + $q=mysql_query("SELECT * FROM provinces WHERE countries_code='".mysql_escape_string($config['country'])."' ORDER BY province"); + if(mysql_num_rows($q)==1) + { + $r=mysql_fetch_object($q); + echo ""; + echo i18n($r->province); + } + else + { + echo "\n"; + } + +} + + +function outputStatus($status) +{ + $ret=""; + switch($status) + { + case 'incomplete': + $ret.="
    "; + $ret.= i18n("Incomplete"); + $ret.= "
    "; + break; + case 'complete': + $ret.= "
    "; + $ret.= i18n("Complete"); + $ret.= "
    "; + break; + case 'empty': + $ret.="
    "; + $ret.= i18n("Empty"); + $ret.= "
    "; + break; + + default: + $ret.=i18n("Unknown"); + break; + } + return $ret; +} + +//returns true if its a valid email address, false if its not +function isEmailAddress($str) { + if(eregi('^[+a-zA-Z0-9._-]+@[a-zA-Z0-9._-]+\.([a-zA-Z]{2,4})$', $str)) + return true; + else + return false; +} + +function communication_get_user_replacements(&$u) { + global $config; + $rep = array('FAIRNAME' => $config['fairname'], + 'NAME' => $u['name'], + 'EMAIL' => $u['email'], + 'PASSWORD' => $u['password'], + 'SALUTATION' => $u['salutation'], + 'FIRSTNAME' => $u['firstname'], + 'LASTNAME' => $u['lastname'], + 'ORGANIZATION' => $u['sponsor']['organization'], + ); + return $rep; +} + +function communication_replace_vars($text, &$u, $otherrep=array()) { + global $config; + if($u) { + $userrep=communication_get_user_replacements($u); + } + else { + $userrep=array(); + } + + $rep=array_merge($userrep,$otherrep); + foreach($rep AS $k=>$v) { + $text=ereg_replace("\[$k\]",$v,$text); + } + return $text; +} + +function email_send($val,$to,$sub_subject=array(),$sub_body=array()) +{ + global $config; + + /* Standard substitutions that are constant no matter who + * the $to is */ + $urlproto = $_SERVER['SERVER_PORT'] == 443 ? "https://" : "http://"; + $urlmain = "$urlproto{$_SERVER['HTTP_HOST']}{$config['SFIABDIRECTORY']}"; + $urllogin = "$urlmain/login.php"; + $stdsub = array("FAIRNAME"=>i18n($config['fairname']), + "URLMAIN"=>$urlmain, + "URLLOGIN"=>$urllogin, + ); + /* Add standard subs to existing sub arrays */ + $sub_subject = array_merge($sub_subject, $stdsub); + $sub_body = array_merge($sub_body, $stdsub); + + //if our "to" doesnt look like a valid email, then forget about sending it. + if(!isEmailAddress($to)) + return false; + + $q=mysql_query("SELECT * FROM emails WHERE val='$val'"); + if($r=mysql_fetch_object($q)) { + $subject=i18n($r->subject); + $body=i18n($r->body); + + /* Eventually we should just do this with communication_replace_vars() */ + if(count($sub_subject)) { + foreach($sub_subject AS $sub_k=>$sub_v) { + $subject=ereg_replace("\[$sub_k\]","$sub_v",$subject); + } + } + if(count($sub_body)) { + foreach($sub_body AS $sub_k=>$sub_v) { + $body=ereg_replace("\[$sub_k\]","$sub_v",$body); + } + } + + if($r->from) + $fr=$r->from; + else if ($config['fairmanageremail']) + $fr=$config['fairmanageremail']; + else + $fr=""; + + //only send the email if we have a from + if($fr) { + //send using RMail + email_send_new($to,$fr,$subject,$body); + } + else + echo error(i18n("CRITICAL ERROR: email '%1' does not have a 'From' and the Fair Manager Email is not configured",array($val),array("email key name"))); + } + else { + echo error(i18n("CRITICAL ERROR: email '%1' not found",array($val),array("email key name"))); + } +} + +require_once("Rmail/Rmail.php"); +require_once("Rmail/RFC822.php"); + +//this sends out an all-ready-to-go email, it does no substitution or changes or database lookups or anything +function email_send_new($to,$from,$subject,$body,$bodyhtml="") { + $mail=new RMail(); + $mail->setFrom($from); + $mail->setSubject($subject); + $mail->setText($body); + + $r=new Mail_RFC822($from); + $structure = $r->parseAddressList($from); + $s=$structure[0]; + $ret=sprintf("%s@%s",$s->mailbox,$s->host); + $mail->setReturnPath($ret); + $mail->setHeader("Bounce-To",$ret); + + //only add the html if we have it + if($bodyhtml) { + $mail->setHTML($bodyhtml); + } + + if(is_array($to)) { + return $mail->send($to); + } else { + return $mail->send(array($to)); + } +} + + +/* + returns an array of arrays + [ 0 ] = array ( to, firstname, lastname, email ) + [ 1 ] = array ( to, firstname, lastname, email ) + ...etc + +*/ +function getEmailRecipientsForRegistration($reg_id) +{ + global $config; + //okay first grab the registration record, to see if we should email the kids, the teacher, and/or the parents + $q=mysql_query("SELECT * FROM registrations WHERE id='$reg_id' AND year='{$config['FAIRYEAR']}'"); + $registration=mysql_fetch_object($q); + + if($registration->emailcontact && isEmailAddress($registration->emailcontact)) { + $ret[]=array("to"=>$registration->emailcontact, + "firstname"=>"", + "lastname"=>"", + "email"=>$registration->emailcontact, + ); + } + + $sq=mysql_query("SELECT * FROM students WHERE registrations_id='$reg_id' AND year='{$config['FAIRYEAR']}'"); + $ret=array(); + while($sr=mysql_fetch_object($sq)) { + if($sr->email && isEmailAddress($sr->email)) { + if($sr->firstname && $sr->lastname) + $to=$sr->firstname." ".$sr->lastname." <".$sr->email.">"; + else if($sr->firstname) + $to=$sr->firstname." <".$sr->email.">"; + else if($sr->lastname) + $to=$sr->lastname." <".$sr->email.">"; + else + $to=$sr->email; + + $ret[]=array("to"=>$to, + "firstname"=>$sr->firstname, + "lastname"=>$sr->lastname, + "email"=>$sr->email, + ); + } + } + return $ret; +} + +function output_page_text($textname) +{ + global $config; + $q=mysql_query("SELECT * FROM pagetext WHERE textname='$textname' AND year='".$config['FAIRYEAR']."' AND lang='".$_SESSION['lang']."'"); + if(mysql_num_rows($q)) + $r=mysql_fetch_object($q); + else + { + //not defined, lets grab the default text + $q=mysql_query("SELECT * FROM pagetext WHERE textname='$textname' AND year='-1' AND lang='".$config['default_language']."'"); + $r=mysql_fetch_object($q); + } + + //if it looks like we have HTML content, dont do a nl2br, if there's no html, then do the nl2br + if(strlen($r->text)==strlen(strip_tags($r->text))) + echo nl2br($r->text); + else + echo $r->text; +} + +function output_page_cms($filename) +{ + global $config; + $q=mysql_query("SELECT * FROM cms WHERE filename='".mysql_escape_string($filename)."' AND lang='".$_SESSION['lang']."' ORDER BY dt DESC LIMIT 1"); + if(mysql_num_rows($q)) + { + $r=mysql_fetch_object($q); + send_header($r->title,null,null,true); + + if(file_exists("data/logo-200.gif") && $r->showlogo==1) + echo ""; + + //if it looks like we have HTML content, dont do a nl2br, if there's no html, then do the nl2br + if(strlen($r->text)==strlen(strip_tags($r->text))) + echo nl2br($r->text); + else + echo $r->text; + } + else { + send_header("Error: File not found"); + echo error(i18n("The file you have requested (%1), does not exist on the server.",array($filename))); + return; + //not defined, lets grab the default text + } + + send_footer(); +} + +function generatePassword($pwlen=8) +{ + //these are good characters that are not easily confused with other characters :) + $available="ABCDEFGHJKLMNPQRSTUVWXYZabcdefghjkmnpqrstuvwxyz23456789"; + $len=strlen($available) - 1; + + $key=""; + for($x=0;$x<$pwlen;$x++) + $key.=$available{rand(0,$len)}; + return $key; +} + + +//config specific warning +function config_warnings() +{ + +} + +//admin specific warnings +function admin_warnings() +{ + +} + +//warnings to show to both config and/or admin people +function committee_warnings() +{ + global $config; + //it is vital that each year the system be rolled over before we start it again + //we should do this, say, 4 months after the FAIRDATE, so its soon enough that they should see + //the message as soon as they login to start preparing for hte new year, but not too late to do it + //properly :) + + $q=mysql_query("SELECT DATE_ADD('".$config['dates']['fairdate']."', INTERVAL 4 MONTH) < NOW() AS rollovercheck"); + $r=mysql_fetch_object($q); + if($r->rollovercheck) { + echo error(i18n("It has been more than 4 months since your fair. In order to prepare the system for the next year's fair, you should go to the SFIAB Configuration page, and click on 'Rollover Fair Year'. Do not start updating the system with new information until the year has been properly rolled over.")); + } + + $warn = false; + $q = mysql_query("SELECT * FROM award_prizes WHERE `external_identifier` IS NOT NULL + AND external_identifier=prize"); + if(mysql_num_rows($q) > 0) { + /* The bug was that the external_identifier was set to the prize name.. so only display the warning + * if we find that case for a non-sfiab external fair */ + while(($p = mysql_fetch_assoc($q) )) { + $qq = mysql_query("SELECT * FROM award_awards + LEFT JOIN fairs ON fairs.id=award_awards.award_source_fairs_id + WHERE award_awards.id='{$p['award_awards_id']}' + AND year='{$config['FAIRYEAR']}' + AND award_awards.award_source_fairs_id IS NOT NULL + AND fairs.type='ysc' "); + echo mysql_error(); + if(mysql_num_rows($qq) > 0) { + $warn = true; + break; + } + } + } + if($warn) { + //let everyone know about the need to re-download awards before being able to upload + echo notice(i18n("March 30, 2010 - There was a minor issue with uploading award results that has now been corrected, however, you will need to re-download your awards from all external sources, before you will be able to upload the award winners back to those external sources. Re-downloading the awards will not affect the awards in any visible way, it will just allow the winners to be uploaded properly. Click on Fair Administration -> Awards Management -> Download awards from external sources -> and click 'check' for each award source")); + } + +} + +$CWSFDivisions=array( + 1=>"Automotive", + 2=>"Biotechnology & Pharmaceutical Sciences", + 3=>"Computing & Information Technology", + 4=>"Earth & Environmental Sciences", + 5=>"Engineering", + 6=>"Environmental Innovation", + 7=>"Health Sciences", + 8=>"Life Sciences", + 9=>"Physical & Mathematical Sciences" +); + +function theme_icon($icon, $width=0) { + global $theme_icons, $config; + + $w = ($width == 0) ? '' : "width=\"$width\"" ; + if($theme_icons['icons'][$icon]) + return "\"".htmlspecialchars($icon)."\""; + + return ""; +} + +//$d can be a unix timestamp integer, OR a text string, eg 2008-01-22 +function format_date($d) { + global $config; + if(is_numeric($d)) + return date($config['dateformat'],$d); + else + return date($config['dateformat'],strtotime($d)); +} + +//$t can be a unix timestamp integer, or a text string, eg 10:23:48 +function format_time($t) { + global $config; + if(is_numeric($t)) + return date($config['timeformat'],$t); + else + return date($config['timeformat'],strtotime($t)); +} + +//$dt can be a unix timestamp integer, or a text string, eg 2008-01-22 10:23:48 +function format_datetime($dt) { + if(is_numeric($dt)) { + return format_date($dt)." ".i18n("at")." ".format_time($dt); + } + else { + list($d,$t)=split(" ",$dt); + return format_date($d)." ".i18n("at")." ".format_time($t); + } +} + +function format_money($n,$decimals=true) +{ + if($n<0){ + $neg=true; + $n=$n*-1; + } + //get the part before the decimal + $before=floor($n); + $out=""; + + //space it out in blocks of three + for($x=strlen($before);$x>3;$x-=3) { + $out=substr($before,$x-3,3)." ".$out; + } + if($x>0) + $out=substr($before,0,$x)." ".$out; + + //trim any leading/trailing space that was added + $out=trim($out); + + if($neg) $negdisp="-"; else $negdisp=""; + + if($decimals) { + //get everything after the decimal place, and %02f it. + $after=substr(strstr(sprintf("%.02f",$n),"."),1); + + //finally display it with the right language localization + if($_SESSION['lang']=="fr") + return sprintf("%s%s,%s \$",$negdisp,$out,$after); + else + return sprintf("%s\$%s.%s",$negdisp,$out,$after); + } + else { + if($_SESSION['lang']=="fr") + return sprintf("%s%s \$",$negdisp,$out); + else + return sprintf("%s\$%s",$negdisp,$out); + + } +} + +function message_push($m) +{ + if(!is_array($_SESSION['messages'])) $_SESSION['messages'] = array(); + $_SESSION['messages'][] = $m; +} + +function notice_($str, $i18n_array=array(), $timeout=-1, $type='notice') +{ + if($timeout == -1) $timeout = 5000; + echo ""; +} + +function happy_($str, $i18n_array=array(), $timeout=-1) +{ + notice_($str, $i18n_array, $timeout, 'happy'); +} +function error_($str, $i18n_array=array(), $timeout=-1) +{ + notice_($str, $i18n_array, $timeout, 'error'); +} + +function debug_($str) +{ + if($_SESSION['debug'] != true) return; + $s = str_replace("\n", "", nl2br(htmlspecialchars($str))).'
    '; + echo ""; +} + +//this function returns a HTML colour code ranging between red and green, with yellow in the middle based on the percent passed into it +function colour_to_percent($percent) +{ + //0 is red + //50 is yellow + //100 is green + + if($percent<=50) $red=255; + else $red=(100-$percent)*2/100*255;; + + if($percent>50) $green=255; + else $green=($percent)*2/100*255;; + +// echo "red=$red"; +// echo "green=$green"; + $str="#".sprintf("%02s",dechex($red)).sprintf("%02s",dechex($green))."00"; + return $str; +} + + +function format_duration($seconds, $granularity = 2) +{ + $units = array( + '1 year|:count years' => 31536000, + '1 week|:count weeks' => 604800, + '1 day|:count days' => 86400, + '1 hour|:count hours' => 3600, + '1 min|:count min' => 60, + '1 sec|:count sec' => 1); + $output = ''; + // $output.=time()." - ".$timestamp." = ".$seconds; + foreach ($units as $key => $value) { + $key = explode('|', $key); + if ($seconds >= $value) { + $count = floor($seconds / $value); + $output .= ($output ? ' ' : ''); + $output .= ($count == 1) ? $key[0] : str_replace(':count', $count, $key[1]); + $seconds %= $value; + $granularity--; + } + if ($granularity == 0) { + break; + } + } + return $output ? $output : '0 sec'; +} + +function getTextFromHtml($html) { + //first, replace an

    with


    + $text=str_replace("

    ","


    ",$html); + //next, replace a with
    + $text=str_replace("","
    ",$html); + //now replace any
    with newlines + $text=eregi_replace('',chr(13).chr(10),$text); + //and strip the rest of the tags + $text=strip_tags($text); + + //a few common html entities + //replace & with & first, so multiply-encoded entities will decode (like "&#160;") + $text=str_replace("&","&",$text); + $text=str_replace(" "," ",$text); + $text=str_replace(" "," ",$text); + $text=str_replace("<","<",$text); + $text=str_replace(">",">",$text); + + //text version should always wrap at 75 chars, some mail severs wont accept + //mail with very long lines + $text=wordwrap($text,75,"\n",true); + + return $text; +} + +function getUserForSponsor($sponsor_id) { + // loop through each contact and draw a form with their data in it. + $q = mysql_query("SELECT *,MAX(year) FROM users LEFT JOIN users_sponsor ON users_sponsor.users_id=users.id + WHERE + sponsors_id='" . $sponsor_id . "' + AND types LIKE '%sponsor%' + GROUP BY uid + HAVING deleted='no' + ORDER BY users_sponsor.primary DESC,lastname,firstname + LIMIT 1 + "); + $r=mysql_fetch_object($q); + return user_load_by_uid($r->uid); +} + +function projectdivisions_load($year = false) +{ + global $config; + if($year == false) $year = $config['FAIRYEAR']; + $divs = array(); + $q = mysql_query("SELECT * FROM projectdivisions WHERE year='$year'"); + while(($d = mysql_fetch_assoc($q))) $divs[$d['id']] = $d; + return $divs; +} +function projectcategories_load($year = false) +{ + global $config; + if($year == false) $year = $config['FAIRYEAR']; + $cats = array(); + $q = mysql_query("SELECT * FROM projectcategories WHERE year='$year'"); + while(($c = mysql_fetch_assoc($q))) $cats[$c['id']] = $d; + return $cats; +} + + +?> diff --git a/db/db_update.php b/db/db_update.php index 64b3f6e..749680b 100644 --- a/db/db_update.php +++ b/db/db_update.php @@ -1,117 +1,144 @@ -\n"; -if(file_exists("db.code.version.txt")) -{ - $dbcodeversion_file=file("db.code.version.txt"); - $dbcodeversion=trim($dbcodeversion_file[0]); -} -else -{ - echo "Couldnt load current db.code.version.txt\n"; - exit; -} - -//same fix here for mysql 5.1 not truncating the 16 char usernames -$DBUSER=substr($DBUSER,0,16); - -mysql_connect($DBHOST,$DBUSER,$DBPASS); -mysql_select_db($DBNAME); -@mysql_query("SET NAMES latin1"); -$q=mysql_query("SELECT val FROM config WHERE var='DBVERSION' AND year='0'"); -$r=mysql_fetch_object($q); -$dbdbversion=$r->val; -if(!$dbdbversion) -{ - echo "Couldnt get current db version. Is SFIAB properly installed?\n"; - exit; -} - -/* Get the fair year */ -$q=mysql_query("SELECT val FROM config WHERE var='FAIRYEAR' AND year='0'"); -$r=mysql_fetch_object($q); -$config = array('FAIRYEAR' => $r->val); - -/* Load config just in case there's a PHP script that wants it */ -$q=mysql_query("SELECT * FROM config WHERE year='{$config['FAIRYEAR']}'"); -while($r=mysql_fetch_object($q)) $config[$r->var]=$r->val; - - -require_once("../config_editor.inc.php"); // For config_update_variables() - -if($dbcodeversion && $dbdbversion) -{ - //lets see if they match - if($dbcodeversion == $dbdbversion) - { - echo "DB and CODE are all up-to-date. Version: $dbdbversion\n"; - exit; - } - else if($dbcodeversion<$dbdbversion) - { - echo "ERROR: dbcodeversion$dbdbversion) - { - echo "DB update requirements detected\n"; - echo "Current DB Version: $dbdbversion\n"; - echo "Current CODE Version: $dbcodeversion\n"; - - echo "Updating database from $dbdbversion to $dbcodeversion\n"; - - for($ver=$dbdbversion+1;$ver<=$dbcodeversion;$ver++) - { - if(file_exists("db.update.$ver.php")) - { - include("db.update.$ver.php"); - } - if(is_callable("db_update_{$ver}_pre")) { - echo "db.update.$ver.php::db_update_{$ver}_pre() exists - running...\n"; - call_user_func("db_update_{$ver}_pre"); - echo "db.update.$ver.php::db_update_{$ver}_pre() done.\n"; - } - if(file_exists("db.update.$ver.sql")) - { - echo "db.update.$ver.sql detected - running...\n"; - readfile("db.update.$ver.sql"); - echo "\n"; - system("mysql --default-character-set=latin1 -h$DBHOST -u$DBUSER -p$DBPASS $DBNAME \n"; - -?> +\n"; +if(file_exists("db.code.version.txt")) +{ + $dbcodeversion_file=file("db.code.version.txt"); + $dbcodeversion=trim($dbcodeversion_file[0]); +} +else +{ + echo "Couldnt load current db.code.version.txt\n"; + exit; +} + +//same fix here for mysql 5.1 not truncating the 16 char usernames +$DBUSER=substr($DBUSER,0,16); + +mysql_connect($DBHOST,$DBUSER,$DBPASS); +mysql_select_db($DBNAME); +@mysql_query("SET NAMES latin1"); +$q=mysql_query("SELECT val FROM config WHERE var='DBVERSION' AND year='0'"); +$r=mysql_fetch_object($q); +$dbdbversion=$r->val; +if(!$dbdbversion) +{ + echo "Couldnt get current db version. Is SFIAB properly installed?\n"; + exit; +} + +/* Get the fair year */ +$q=mysql_query("SELECT val FROM config WHERE var='FAIRYEAR' AND year='0'"); +$r=mysql_fetch_object($q); +$config = array('FAIRYEAR' => $r->val); + +/* Load config just in case there's a PHP script that wants it */ +$q=mysql_query("SELECT * FROM config WHERE year='{$config['FAIRYEAR']}'"); +while($r=mysql_fetch_object($q)) $config[$r->var]=$r->val; + + +require_once("../config_editor.inc.php"); // For config_update_variables() + +if($dbcodeversion && $dbdbversion) +{ + //lets see if they match + if($dbcodeversion == $dbdbversion) + { + echo "DB and CODE are all up-to-date. Version: $dbdbversion\n"; + exit; + } + else if($dbcodeversion<$dbdbversion) + { + echo "ERROR: dbcodeversion$dbdbversion) + { + echo "DB update requirements detected\n"; + echo "Current DB Version: $dbdbversion\n"; + echo "Current CODE Version: $dbcodeversion\n"; + + echo "Updating database from $dbdbversion to $dbcodeversion\n"; + + for($ver=$dbdbversion+1;$ver<=$dbcodeversion;$ver++) + { + if(file_exists("db.update.$ver.php")) + { + include("db.update.$ver.php"); + } + if(is_callable("db_update_{$ver}_pre")) { + echo "db.update.$ver.php::db_update_{$ver}_pre() exists - running...\n"; + call_user_func("db_update_{$ver}_pre"); + echo "db.update.$ver.php::db_update_{$ver}_pre() done.\n"; + } + if(file_exists("db.update.$ver.sql")) + { + echo "db.update.$ver.sql detected - running...\n"; + readfile("db.update.$ver.sql"); + echo "\n"; + // dspanogle 2011-02-04 Use each section of the sql file instead of using system("sql" ... + // For windows ISP servers that do not provide "sql: executable - replace system call. + // system("mysql --default-character-set=latin1 -h$DBHOST -u$DBUSER -p$DBPASS $DBNAME ' . $templine . '\': ' . mysql_error() . '

    '); + // Reset temp variable to empty + $templine = ''; + } + } + echo "
    "; + } + else + { + echo "Version $ver SQL update file not found - skipping over\n"; + } + if(is_callable("db_update_{$ver}_post")) { + echo "db.update.$ver.php::db_update_{$ver}_post() exists - running...\n"; + call_user_func("db_update_{$ver}_post"); + echo "db.update.$ver.php::db_update_{$ver}_post() done.\n"; + } + } + if($db_update_skip_variables != true) { + echo "\nUpdating Configuration Variables...\n"; + config_update_variables($config['FAIRYEAR']); + } + + echo "\nAll done - updating new DB version to $dbcodeversion\n"; + mysql_query("UPDATE config SET val='$dbcodeversion' WHERE var='DBVERSION' AND year='0'"); + + } + +} +else +{ + echo "ERROR: dbcodeversion and dbdbversion are not defined\n"; +} + +echo "\n"; + +?> diff --git a/install2.php b/install2.php index d6eaa00..69f4a1f 100644 --- a/install2.php +++ b/install2.php @@ -1,150 +1,199 @@ - - Copyright (C) 2005 James Grant - - This program is free software; you can redistribute it and/or - modify it under the terms of the GNU General Public - License as published by the Free Software Foundation, version 2. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; see the file COPYING. If not, write to - the Free Software Foundation, Inc., 59 Temple Place - Suite 330, - Boston, MA 02111-1307, USA. -*/ -echo "\n"; -?> - - -SFIAB Installation - - - -

    SFIAB Installation - Step 2

    -Installation requires php's system() function to be available\n"; - echo ""; - exit; -} - -if(!file_exists("data/config.inc.php")) -{ - echo "
    SFIAB Installation Step 1 is not yet complete.
    "; - echo "Go back to installation step 1
    "; - echo ""; - exit; -} - -require_once("data/config.inc.php"); -$DBUSER=substr($DBUSER,0,16); -mysql_connect($DBHOST,$DBUSER,$DBPASS); -mysql_select_db($DBNAME); - - echo "Getting database version requirements for code... "; - - if(file_exists("db/db.code.version.txt")) - { - $dbcodeversion_file=file("db/db.code.version.txt"); - $dbcodeversion=trim($dbcodeversion_file[0]); - } - else - { - echo "ERROR: Couldnt load current db/db.code.version.txt
    "; - exit; - } - echo "version $dbcodeversion
    "; - - echo "Checking for existing SFIAB database... "; - - $q=@mysql_query("SELECT val FROM config WHERE var='DBVERSION' AND year='0'"); - $r=@mysql_fetch_object($q); - $dbdbversion=$r->val; - - if($dbdbversion) - { - echo "ERROR: found version $dbdbversion
    "; - - //lets see if they match - if($dbcodeversion == $dbdbversion) - echo "Your SFIAB database is already setup with the required version\n"; - else if($dbcodeversion<$dbdbversion) - echo "ERROR: dbcodeversion$dbdbversion) - echo "Your SFIAB database needs to be updated. You should run the update script instead of this installer!\n"; - exit; - } - else - { - echo "Not found (good!)
    "; - } - - echo "Checking for database installer for version $dbcodeversion... "; - if(file_exists("db/db.full.$dbcodeversion.sql")) - { - echo "db/db.full.$dbcodeversion.sql found
    "; - - echo "Setting up database tables... "; - - system("mysql --default-character-set=latin1 -h$DBHOST -u$DBUSER -p$DBPASS $DBNAME Done! installed database version $dbcodeversion
    \n"; - - //now update the db version in the database - mysql_query("UPDATE config SET val='$dbcodeversion' WHERE var='DBVERSION' AND year='0'"); - - echo "
    "; - echo "Done!
    "; - echo "Proceed to installation step 3
    "; - } - else - { - echo "WARNING: Couldnt find db/db.full.$dbcodeversion.sql
    "; - echo "Trying to find an older version...
    "; - - for($x=$dbcodeversion;$x>0;$x--) - { - if(file_exists("db/db.full.$x.sql")) - { - echo "db/db.full.$x.sql found
    "; - echo "Setting up database tables... "; - - system("mysql --default-character-set=latin1 -h$DBHOST -u$DBUSER -p$DBPASS $DBNAME Done! installed database version $x
    \n"; - - //now update the db version in the database - mysql_query("UPDATE config SET val='$x' WHERE var='DBVERSION' AND year='0'"); - - echo "Attempting to update database using standard update script to update from $x to $dbcodeversion
    "; - echo "
    Please scroll to the bottom of this page for the link to the next step of the installation process.
    "; - chdir ("db"); - /* Update the database, but don't update the config variables yet, because - * We haven't set the FAIRYEAR */ - $db_update_skip_variables = true; - include "db_update.php"; - chdir ("../"); - - echo "
    "; - echo "Done!
    "; - echo "Proceed to installation step 3
    "; - break; - } - } - } - - //only if this file was created will we go ahead with the rest - //creating all the tables and such.. - -?> - - + + Copyright (C) 2005 James Grant + + This program is free software; you can redistribute it and/or + modify it under the terms of the GNU General Public + License as published by the Free Software Foundation, version 2. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; see the file COPYING. If not, write to + the Free Software Foundation, Inc., 59 Temple Place - Suite 330, + Boston, MA 02111-1307, USA. +*/ +echo "\n"; +?> + + +SFIAB Installation + + + +

    SFIAB Installation - Step 2

    +Installation requires php's system() function to be available\n"; + echo ""; + exit; +} +*/ +if(!file_exists("data/config.inc.php")) +{ + echo "
    SFIAB Installation Step 1 is not yet complete.
    "; + echo "Go back to installation step 1
    "; + echo ""; + exit; +} + +require_once("data/config.inc.php"); +$DBUSER=substr($DBUSER,0,16); +mysql_connect($DBHOST,$DBUSER,$DBPASS); +mysql_select_db($DBNAME); + + echo "Getting database version requirements for code... "; + + if(file_exists("db/db.code.version.txt")) + { + $dbcodeversion_file=file("db/db.code.version.txt"); + $dbcodeversion=trim($dbcodeversion_file[0]); + } + else + { + echo "ERROR: Couldnt load current db/db.code.version.txt
    "; + exit; + } + echo "version $dbcodeversion
    "; + + echo "Checking for existing SFIAB database... "; + + $q=@mysql_query("SELECT val FROM config WHERE var='DBVERSION' AND year='0'"); + $r=@mysql_fetch_object($q); + $dbdbversion=$r->val; + + if($dbdbversion) + { + echo "ERROR: found version $dbdbversion
    "; + + //lets see if they match + if($dbcodeversion == $dbdbversion) + echo "Your SFIAB database is already setup with the required version\n"; + else if($dbcodeversion<$dbdbversion) + echo "ERROR: dbcodeversion$dbdbversion) + echo "Your SFIAB database needs to be updated. You should run the update script instead of this installer!\n"; + exit; + } + else + { + echo "Not found (good!)
    "; + } + + echo "Checking for database installer for version $dbcodeversion... "; + if(file_exists("db/db.full.$dbcodeversion.sql")) + { + echo "db/db.full.$dbcodeversion.sql found
    "; + + echo "Setting up database tables... "; + // dspanogle 2011-02-04 Use each section of the sql file instead of using system("sql" ... + // For windows ISP servers that do not provide "sql: executable - replace system call. + // system("mysql --default-character-set=latin1 -h$DBHOST -u$DBUSER -p$DBPASS $DBNAME ' . $templine . '\': ' . mysql_error() . '

    '); + // Reset temp variable to empty + $templine = ''; + } + } + echo "
    "; + echo "Done! installed database version $dbcodeversion
    \n"; + + //now update the db version in the database + mysql_query("UPDATE config SET val='$dbcodeversion' WHERE var='DBVERSION' AND year='0'"); + + echo "
    "; + echo "Done!
    "; + echo "Proceed to installation step 3
    "; + } + else + { + echo "WARNING: Couldnt find db/db.full.$dbcodeversion.sql
    "; + echo "Trying to find an older version...
    "; + + for($x=$dbcodeversion;$x>0;$x--) + { + if(file_exists("db/db.full.$x.sql")) + { + echo "db/db.full.$x.sql found
    "; + echo "Setting up database tables... "; + // dspanogle 2011-02-04 Use each section of the sql file instead of using system("sql" ... + // For windows ISP servers that do not provide "sql: executable - replace system call. + // system("mysql --default-character-set=latin1 -h$DBHOST -u$DBUSER -p$DBPASS $DBNAME ' . $templine . '\': ' . mysql_error() . '

    '); + // Reset temp variable to empty + $templine = ''; + } + } + echo "
    "; + + echo "Done! installed database version $x
    \n"; + + //now update the db version in the database + mysql_query("UPDATE config SET val='$x' WHERE var='DBVERSION' AND year='0'"); + + echo "Attempting to update database using standard update script to update from $x to $dbcodeversion
    "; + echo "
    Please scroll to the bottom of this page for the link to the next step of the installation process.
    "; + chdir ("db"); + /* Update the database, but don't update the config variables yet, because + * We haven't set the FAIRYEAR */ + $db_update_skip_variables = true; + include "db_update.php"; + chdir ("../"); + + echo "
    "; + echo "Done!
    "; + echo "Proceed to installation step 3
    "; + break; + } + } + } + + //only if this file was created will we go ahead with the rest + //creating all the tables and such.. + +?> + + diff --git a/install3.php b/install3.php index d86b8c5..7182272 100644 --- a/install3.php +++ b/install3.php @@ -1,211 +1,212 @@ - - Copyright (C) 2005 James Grant - - This program is free software; you can redistribute it and/or - modify it under the terms of the GNU General Public - License as published by the Free Software Foundation, version 2. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; see the file COPYING. If not, write to - the Free Software Foundation, Inc., 59 Temple Place - Suite 330, - Boston, MA 02111-1307, USA. -*/ -echo "\n"; -?> - - -SFIAB Installation - - - -

    SFIAB Installation - Step 3

    -SFIAB Installation Step 1 is not yet complete."; - echo "Go back to installation step 1
    "; - echo ""; - exit; -} - -require_once("data/config.inc.php"); -require_once("config_editor.inc.php"); -require_once("user.inc.php"); -require_once("committee.inc.php"); -$DBUSER=substr($DBUSER,0,16); -mysql_connect($DBHOST,$DBUSER,$DBPASS); -mysql_select_db($DBNAME); - - echo "Checking for SFIAB database... "; - - $q=@mysql_query("SELECT val FROM config WHERE var='DBVERSION' AND year='0'"); - $r=@mysql_fetch_object($q); - $dbdbversion=$r->val; - - if(!$dbdbversion) - { - echo "
    SFIAB Installation Step 2 is not yet complete.
    "; - echo "Go back to installation step 2
    "; - echo ""; - exit; - } - -//a fresh install should ONLY have DBVERSION defined in the config table. If there are others (FAIRYEAR, SFIABDIRECTORY) then this is NOT fresh -$q=mysql_query("SELECT * FROM config WHERE year='0' AND ( var='DBVERSION' OR var='FAIRYEAR' OR var='SFIABDIRECTORY') "); -//we might get an error if the config table does not exist (ie, installer step 2 failed) -if(mysql_error()) -{ - //we say all tables, but really only we check for config where year=0; - echo "
    ERROR: No SFIAB tables detected, It seems like step 2 failed. Please go Back to Installation Step 2 and try again.
    "; - echo ""; - exit; - -} -//1 is okay (DBVERSION). More than 1 is bad (already isntalled) -if(mysql_num_rows($q)>1) -{ - //we say all tables, but really only we check for config where year=0; - echo "
    ERROR: Detected existing table data, SFIAB Installation Step 3 requires a clean SFIAB database installation.
    "; - echo ""; - exit; -} -echo "Found!
    "; - -if($_POST['action']=="save") -{ - $err=false; - if(!$_POST['fairyear']) - { - echo "Fair Year is required"; - $err=true; - } - - if(!$_POST['email']) - { - echo "Superuser email address is required"; - $err=true; - } - - if(!( $_POST['pass1'] && $_POST['pass2'])) - { - echo "Superuser password and password confirmation are required"; - $err=true; - } - if($_POST['pass1'] != $_POST['pass2']) - { - echo "Password and Password confirmation do not match"; - $err=true; - } - - if(!$err) - { - echo "Creating configuration settings..."; - mysql_query("INSERT INTO config (var,val,category,ord,year) VALUES ('FAIRYEAR','".$_POST['fairyear']."','Special','0','0')"); - mysql_query("INSERT INTO config (var,val,category,ord,year) VALUES ('FISCALYEAR','".$_POST['fiscalyear']."','Special','0','0')"); - mysql_query("INSERT INTO config (var,val,category,ord,year) VALUES ('SFIABDIRECTORY','".$_POST['sfiabdirectory']."','Special','','0')"); - - $year = intval($_POST['fairyear']); - - //copy over the config defautls - config_update_variables($year); - - // Update some variables - mysql_query("UPDATE config SET - val='".mysql_escape_string(stripslashes($_POST['fairname']))."' - WHERE var='fairname' AND year='$year'"); - - mysql_query("UPDATE config SET - val='".mysql_escape_string(stripslashes($_POST['email']))."' - WHERE var='fairmanageremail' AND year='$year'"); - - $q=mysql_query("SELECT * FROM dates WHERE year='-1'"); - while($r=mysql_fetch_object($q)) - { - mysql_query("INSERT INTO dates (date,name,description,year) VALUES ('$r->date','$r->name','$r->description','".$_POST['fairyear']."')"); - } - - //copy over the award_types defautls - $q=mysql_query("SELECT * FROM award_types WHERE year='-1'"); - while($r=mysql_fetch_object($q)) - { - mysql_query("INSERT INTO award_types (id,type,`order`,year) VALUES ('$r->id','$r->type','$r->order','".$_POST['fairyear']."')"); - } - - echo "Done!
    "; - echo "Creating superuser account..."; - - $u = user_create('committee',$_POST['email']); - if($_POST['firstname'] && $_POST['lastname']) { - $u['firstname']=mysql_escape_string(stripslashes($_POST['firstname'])); - $u['lastname']=mysql_escape_string(stripslashes($_POST['lastname'])); - } - else { - $u['firstname'] = 'Superuser'; - $u['lastname'] = 'Account'; - } - $u['emailprivate'] = mysql_escape_string(stripslashes($_POST['email'])); - $u['email'] = mysql_escape_string(stripslashes($_POST['email'])); - $u['username'] = mysql_escape_string(stripslashes($_POST['email'])); - $u['password'] = mysql_escape_string(stripslashes($_POST['pass1'])); - $u['access_admin'] = 'yes'; - $u['access_config'] = 'yes'; - $u['access_super'] = 'yes'; - user_save($u); - - echo "Done!
    "; - echo "Installation is now complete! You can now proceed to the following location:
    "; - echo "    Your SFIAB main page
    "; - echo ""; - exit; - } - -} - -echo "
    "; -echo "Please enter the following options
    "; -echo "
    "; - -$month=date("m"); -if($month>4) $fairyearsuggest=date("Y")+1; -else $fairyearsuggest=date("Y"); - -if($month>6) $fiscalyearsuggest=date("Y")+1; -else $fiscalyearsuggest=date("Y"); - -$directorysuggest=substr($_SERVER['REQUEST_URI'],0,-13); -echo "

    Options

    "; -echo "
    "; -echo ""; - -echo ""; -echo ""; -echo ""; -echo ""; -echo ""; - -echo "
    Fair NameThe name of the fair you are installing SFIAB to run
    Fair YearThe year of the fair you are installing SFIAB to run
    Fiscal YearThe current fiscal year (for fundraising/accounting purposes)
    DirectoryThe directory of this SFIAB installation as seen by the web browser
    "; -echo "
    "; -echo "

    Superuser Account

    "; -echo "Please choose your superuser account which is required to login to SFIAB and configure the system, as well as to add other users.
    "; -echo ""; -echo ""; -echo ""; -echo ""; -echo "
    Superuser Email Address
    Superuser Password
    Superuser Password (Confirm)
    "; -echo "
    "; -echo ""; -echo "
    "; - -?> - - + + Copyright (C) 2005 James Grant + + This program is free software; you can redistribute it and/or + modify it under the terms of the GNU General Public + License as published by the Free Software Foundation, version 2. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; see the file COPYING. If not, write to + the Free Software Foundation, Inc., 59 Temple Place - Suite 330, + Boston, MA 02111-1307, USA. +*/ +echo "\n"; +?> + + +SFIAB Installation + + + +

    SFIAB Installation - Step 3

    +SFIAB Installation Step 1 is not yet complete."; + echo "Go back to installation step 1
    "; + echo ""; + exit; +} + +require_once("data/config.inc.php"); +require_once("config_editor.inc.php"); +require_once("user.inc.php"); +require_once("committee.inc.php"); +$DBUSER=substr($DBUSER,0,16); +mysql_connect($DBHOST,$DBUSER,$DBPASS); +mysql_select_db($DBNAME); + + echo "Checking for SFIAB database... "; + + $q=@mysql_query("SELECT val FROM config WHERE var='DBVERSION' AND year='0'"); + $r=@mysql_fetch_object($q); + $dbdbversion=$r->val; + + if(!$dbdbversion) + { + echo "
    SFIAB Installation Step 2 is not yet complete.
    "; + echo "Go back to installation step 2
    "; + echo ""; + exit; + } + +//a fresh install should ONLY have DBVERSION defined in the config table. If there are others (FAIRYEAR, SFIABDIRECTORY) then this is NOT fresh +$q=mysql_query("SELECT * FROM config WHERE year='0' AND ( var='DBVERSION' OR var='FAIRYEAR' OR var='SFIABDIRECTORY') "); +//we might get an error if the config table does not exist (ie, installer step 2 failed) +if(mysql_error()) +{ + //we say all tables, but really only we check for config where year=0; + echo "
    ERROR: No SFIAB tables detected, It seems like step 2 failed. Please go Back to Installation Step 2 and try again.
    "; + echo ""; + exit; + +} +//1 is okay (DBVERSION). More than 1 is bad (already isntalled) +if(mysql_num_rows($q)>1) +{ + //we say all tables, but really only we check for config where year=0; + echo "
    ERROR: Detected existing table data, SFIAB Installation Step 3 requires a clean SFIAB database installation.
    "; + echo ""; + exit; +} +echo "Found!
    "; + +if($_POST['action']=="save") +{ + $err=false; + if(!$_POST['fairyear']) + { + echo "Fair Year is required"; + $err=true; + } + + if(!$_POST['email']) + { + echo "Superuser email address is required"; + $err=true; + } + + if(!( $_POST['pass1'] && $_POST['pass2'])) + { + echo "Superuser password and password confirmation are required"; + $err=true; + } + if($_POST['pass1'] != $_POST['pass2']) + { + echo "Password and Password confirmation do not match"; + $err=true; + } + + if(!$err) + { + echo "Creating configuration settings..."; + mysql_query("INSERT INTO config (var,val,category,ord,year) VALUES ('FAIRYEAR','".$_POST['fairyear']."','Special','0','0')"); + mysql_query("INSERT INTO config (var,val,category,ord,year) VALUES ('FISCALYEAR','".$_POST['fiscalyear']."','Special','0','0')"); + mysql_query("INSERT INTO config (var,val,category,ord,year) VALUES ('SFIABDIRECTORY','".$_POST['sfiabdirectory']."','Special','','0')"); + + $year = intval($_POST['fairyear']); + + //copy over the config defautls + config_update_variables($year); + + // Update some variables + mysql_query("UPDATE config SET + val='".mysql_escape_string(stripslashes($_POST['fairname']))."' + WHERE var='fairname' AND year='$year'"); + + mysql_query("UPDATE config SET + val='".mysql_escape_string(stripslashes($_POST['email']))."' + WHERE var='fairmanageremail' AND year='$year'"); + + $q=mysql_query("SELECT * FROM dates WHERE year='-1'"); + while($r=mysql_fetch_object($q)) + { + mysql_query("INSERT INTO dates (date,name,description,year) VALUES ('$r->date','$r->name','$r->description','".$_POST['fairyear']."')"); + } + + //copy over the award_types defautls + $q=mysql_query("SELECT * FROM award_types WHERE year='-1'"); + while($r=mysql_fetch_object($q)) + { + mysql_query("INSERT INTO award_types (id,type,`order`,year) VALUES ('$r->id','$r->type','$r->order','".$_POST['fairyear']."')"); + } + + echo "Done!
    "; + echo "Creating superuser account..."; + + $u = user_create('committee',$_POST['email']); + if($_POST['firstname'] && $_POST['lastname']) { + $u['firstname']=mysql_escape_string(stripslashes($_POST['firstname'])); + $u['lastname']=mysql_escape_string(stripslashes($_POST['lastname'])); + } + else { + $u['firstname'] = 'Superuser'; + $u['lastname'] = 'Account'; + } + $u['emailprivate'] = mysql_escape_string(stripslashes($_POST['email'])); + $u['email'] = mysql_escape_string(stripslashes($_POST['email'])); + $u['username'] = mysql_escape_string(stripslashes($_POST['email'])); + $u['password'] = mysql_escape_string(stripslashes($_POST['pass1'])); + $u['access_admin'] = 'yes'; + $u['access_config'] = 'yes'; + $u['access_super'] = 'yes'; + user_save($u); + + echo "Done!
    "; + echo "Installation is now complete! You can now proceed to the following location:
    "; + echo "    Your SFIAB main page
    "; + echo ""; + exit; + } + +} + +echo "
    "; +echo "Please enter the following options
    "; +echo "
    "; + +$month=date("m"); +if($month>4) $fairyearsuggest=date("Y")+1; +else $fairyearsuggest=date("Y"); + +if($month>6) $fiscalyearsuggest=date("Y")+1; +else $fiscalyearsuggest=date("Y"); +// DES dspanogle 2011-02-05 $_SERVER['REQUEST_URI'] is not available on many Windows servers +//$directorysuggest = substr($_SERVER['REQUEST_URI'],0,-13); +$directorysuggest = substr(getenv("SCRIPT_NAME"),0,-13); +echo "

    Options

    "; +echo "
    "; +echo ""; + +echo ""; +echo ""; +echo ""; +echo ""; +echo ""; + +echo "
    Fair NameThe name of the fair you are installing SFIAB to run
    Fair YearThe year of the fair you are installing SFIAB to run
    Fiscal YearThe current fiscal year (for fundraising/accounting purposes)
    DirectoryThe directory of this SFIAB installation as seen by the web browser
    "; +echo "
    "; +echo "

    Superuser Account

    "; +echo "Please choose your superuser account which is required to login to SFIAB and configure the system, as well as to add other users.
    "; +echo ""; +echo ""; +echo ""; +echo ""; +echo "
    Superuser Email Address
    Superuser Password
    Superuser Password (Confirm)
    "; +echo "
    "; +echo ""; +echo "
    "; + +?> + +