forked from science-ation/science-ation
converted mysql to pdo
This commit is contained in:
parent
bab11c9228
commit
bf8a23fc85
@ -39,7 +39,7 @@
|
|||||||
GROUP BY users.uid ORDER BY ord,users.lastname ");
|
GROUP BY users.uid ORDER BY ord,users.lastname ");
|
||||||
|
|
||||||
//if there's nobody in this committee, then just skip it and go on to the next one.
|
//if there's nobody in this committee, then just skip it and go on to the next one.
|
||||||
if(mysql_num_rows($q2)==0)
|
if($q2->rowCount()==0)
|
||||||
continue;
|
continue;
|
||||||
|
|
||||||
echo "<tr>";
|
echo "<tr>";
|
||||||
|
@ -842,8 +842,8 @@ function emit_time_selector($name,$selected="")
|
|||||||
function emit_province_selector($name,$selected="",$extra="")
|
function emit_province_selector($name,$selected="",$extra="")
|
||||||
{
|
{
|
||||||
global $config;
|
global $config;
|
||||||
$q=("SELECT * FROM provinces WHERE countries_code='".mysql_escape_string($config['country'])."' ORDER BY province");
|
$q=("SELECT * FROM provinces WHERE countries_code='".$config['country']."' ORDER BY province");
|
||||||
if(mysql_num_rows($q)==1)
|
if($q->rowCount()==1)
|
||||||
{
|
{
|
||||||
$r = $q->fetch();
|
$r = $q->fetch();
|
||||||
echo "<input type=\"hidden\" name=\"$name\" value=\"$r-code\">";
|
echo "<input type=\"hidden\" name=\"$name\" value=\"$r-code\">";
|
||||||
@ -1184,7 +1184,7 @@ function committee_warnings()
|
|||||||
AND award_awards.award_source_fairs_id IS NOT NULL
|
AND award_awards.award_source_fairs_id IS NOT NULL
|
||||||
AND fairs.type='ysc' ");
|
AND fairs.type='ysc' ");
|
||||||
echo pdo->errorInfo();
|
echo pdo->errorInfo();
|
||||||
if(mysql_num_rows($qq) > 0) {
|
if($qq->rowCount() > 0) {
|
||||||
$warn;
|
$warn;
|
||||||
|
|
||||||
break;
|
break;
|
||||||
|
@ -103,7 +103,7 @@ function tochange() {
|
|||||||
//if there's nobody in this committee, then just skip it and go on to the next one.
|
//if there's nobody in this committee, then just skip it and go on to the next one.
|
||||||
|
|
||||||
// FIX ME !!!!!
|
// FIX ME !!!!!
|
||||||
if(mysql_num_rows($q2)==0)
|
if($q2->rowCount()==0)
|
||||||
continue;
|
continue;
|
||||||
|
|
||||||
echo "<option value=\"\">{$r->name}</option>\n";
|
echo "<option value=\"\">{$r->name}</option>\n";
|
||||||
|
@ -37,10 +37,11 @@ function fair_additional_materials($fair, $award, $year)
|
|||||||
$_SERVER['DOCUMENT_ROOT'].$config['SFIABDIRECTORY']."/data/logo.gif");
|
$_SERVER['DOCUMENT_ROOT'].$config['SFIABDIRECTORY']."/data/logo.gif");
|
||||||
|
|
||||||
/* Grab a list of winners */
|
/* Grab a list of winners */
|
||||||
$q = mysql_query("SELECT * FROM award_prizes
|
$q = $pdo->prepare("SELECT * FROM award_prizes
|
||||||
LEFT JOIN winners ON winners.awards_prizes_id=award_prizes.id
|
LEFT JOIN winners ON winners.awards_prizes_id=award_prizes.id
|
||||||
WHERE winners.year='$year'
|
WHERE winners.year='$year'
|
||||||
AND winners.fairs_id='{$fair['id']}'");
|
AND winners.fairs_id='{$fair['id']}'");
|
||||||
|
$q2->execute();
|
||||||
while($r = $q->fetch()) {
|
while($r = $q->fetch()) {
|
||||||
$pid = $r['projects_id'];
|
$pid = $r['projects_id'];
|
||||||
$rep->newPage("","",1);
|
$rep->newPage("","",1);
|
||||||
|
@ -136,7 +136,7 @@ function fairinfo_save()
|
|||||||
$q = $pdo->query("SELECT * FROM fairs WHERE id={$u['fairs_id']}");
|
$q = $pdo->query("SELECT * FROM fairs WHERE id={$u['fairs_id']}");
|
||||||
|
|
||||||
######## FIX ME!!!!!
|
######## FIX ME!!!!!
|
||||||
if(mysql_num_rows($q)) {
|
if($q2->rowCount()) {
|
||||||
$f = $q->fetch;
|
$f = $q->fetch;
|
||||||
} else {
|
} else {
|
||||||
$f = array();
|
$f = array();
|
||||||
|
@ -49,7 +49,7 @@ case 'save':
|
|||||||
$year = intval($_POST['year']);
|
$year = intval($_POST['year']);
|
||||||
|
|
||||||
foreach($stats as $k=>$v) {
|
foreach($stats as $k=>$v) {
|
||||||
$stats[$k] = mysql_escape_string($stats[$k]);
|
$stats[$k] = $stats[$k];
|
||||||
}
|
}
|
||||||
|
|
||||||
// $str = join(',',$stats);
|
// $str = join(',',$stats);
|
||||||
@ -61,7 +61,8 @@ case 'save':
|
|||||||
':year' => $year
|
':year' => $year
|
||||||
]);
|
]);
|
||||||
echo pdo->errorInfo();
|
echo pdo->errorInfo();
|
||||||
mysql_query("INSERT INTO fairs_stats (`id`,$keys) VALUES ('',$vals)");
|
$stmt = $pdo->prepare("INSERT INTO fairs_stats (`id`,$keys) VALUES ('',$vals)");
|
||||||
|
$stmt->execute();
|
||||||
echo pdo->errorInfo();
|
echo pdo->errorInfo();
|
||||||
|
|
||||||
happy_("Fair Information Saved.");
|
happy_("Fair Information Saved.");
|
||||||
|
@ -46,9 +46,10 @@ $u = user_load($eid);
|
|||||||
$times = array();
|
$times = array();
|
||||||
|
|
||||||
/* Load the judging rounds */
|
/* Load the judging rounds */
|
||||||
$q = mysql_query("SELECT date,starttime,endtime,name FROM judges_timeslots WHERE round_id='0' AND year='{$config['FAIRYEAR']}' ORDER BY starttime,type");
|
$q = $pdo->prepare("SELECT date,starttime,endtime,name FROM judges_timeslots WHERE round_id='0' AND year='{$config['FAIRYEAR']}' ORDER BY starttime,type");
|
||||||
|
$q2->execute();
|
||||||
$x = 0;
|
$x = 0;
|
||||||
while($r = mysql_fetch_object($q)) {
|
while($r = $q->fetch(PDO::FETCH_OBJ)) {
|
||||||
$found = false;
|
$found = false;
|
||||||
foreach($times as $xx => $t) {
|
foreach($times as $xx => $t) {
|
||||||
if($t['date'] == $r->date && $t['starttime'] == $r->starttime && $t['endtime'] == $r->endtime) {
|
if($t['date'] == $r->date && $t['starttime'] == $r->starttime && $t['endtime'] == $r->endtime) {
|
||||||
@ -68,16 +69,18 @@ while($r = mysql_fetch_object($q)) {
|
|||||||
|
|
||||||
switch($_GET['action']) {
|
switch($_GET['action']) {
|
||||||
case 'save':
|
case 'save':
|
||||||
mysql_query("DELETE FROM judges_availability WHERE users_id='{$u['id']}'");
|
$stmt = $pdo->prepare("DELETE FROM judges_availability WHERE users_id='{$u['id']}'");
|
||||||
|
$stmt->execute();
|
||||||
|
|
||||||
if(is_array($_POST['time']) ) {
|
if(is_array($_POST['time']) ) {
|
||||||
foreach($_POST['time'] as $x) {
|
foreach($_POST['time'] as $x) {
|
||||||
if(trim($times[$x]['starttime']) == '') continue;
|
if(trim($times[$x]['starttime']) == '') continue;
|
||||||
|
|
||||||
mysql_query("INSERT INTO judges_availability (users_id, `date`,`start`,`end`)
|
$stmt = $pdo->prepare("INSERT INTO judges_availability (users_id, `date`,`start`,`end`)
|
||||||
VALUES ('{$u['id']}',
|
VALUES ('{$u['id']}',
|
||||||
'{$times[$x]['date']}',
|
'{$times[$x]['date']}',
|
||||||
'{$times[$x]['starttime']}','{$times[$x]['endtime']}')");
|
'{$times[$x]['starttime']}','{$times[$x]['endtime']}')");
|
||||||
|
$stmt->execute();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
happy_("Time Availability preferences successfully saved");
|
happy_("Time Availability preferences successfully saved");
|
||||||
@ -124,10 +127,10 @@ if($_SESSION['embed'] != true) {
|
|||||||
<table>
|
<table>
|
||||||
<?
|
<?
|
||||||
/* Get all their available times */
|
/* Get all their available times */
|
||||||
$q = mysql_query("SELECT * FROM judges_availability WHERE users_id=\"{$u['id']}\" ORDER BY `start`");
|
$q = $pdo->prepare("SELECT * FROM judges_availability WHERE users_id=\"{$u['id']}\" ORDER BY `start`");
|
||||||
|
$q->execute();
|
||||||
$sel = array();
|
$sel = array();
|
||||||
while($r=mysql_fetch_object($q)) {
|
while($r=$q->fetch(PDO::FETCH_OBJ)) {
|
||||||
foreach($times as $x=>$t) {
|
foreach($times as $x=>$t) {
|
||||||
if($r->start == $t['starttime'] && $r->end == $t['endtime'] && $r->date == $t['date']) {
|
if($r->start == $t['starttime'] && $r->end == $t['endtime'] && $r->date == $t['date']) {
|
||||||
$sel[$x] = true;
|
$sel[$x] = true;
|
||||||
|
@ -131,10 +131,11 @@ echo "<div id=\"expertise_info_status\"></div>\n";
|
|||||||
echo "<form name=\"expertiseform\" id=\"judgeexpertise_form\">\n";
|
echo "<form name=\"expertiseform\" id=\"judgeexpertise_form\">\n";
|
||||||
echo "<input type=\"hidden\" name=\"users_id\" value=\"{$u['id']}\">\n";
|
echo "<input type=\"hidden\" name=\"users_id\" value=\"{$u['id']}\">\n";
|
||||||
|
|
||||||
$q=mysql_query("SELECT * FROM projectcategories WHERE year='{$config['FAIRYEAR']}' ORDER BY mingrade");
|
$q=$pdo->prepare("SELECT * FROM projectcategories WHERE year='{$config['FAIRYEAR']}' ORDER BY mingrade");
|
||||||
|
$q->execute();
|
||||||
echo "<br /><h4>".i18n("Age Category Preferences")."</h4><br>";
|
echo "<br /><h4>".i18n("Age Category Preferences")."</h4><br>";
|
||||||
echo "<table class=\"editor\" style=\"width: 300px;\" >";
|
echo "<table class=\"editor\" style=\"width: 300px;\" >";
|
||||||
while($r=mysql_fetch_object($q))
|
while($r=$q->fetch(PDO::FETCH_OBJ))
|
||||||
{
|
{
|
||||||
echo "<tr><td class=\"label\" >";
|
echo "<tr><td class=\"label\" >";
|
||||||
echo i18n("%1 (Grades %2-%3)",array(i18n($r->category),$r->mingrade,$r->maxgrade));
|
echo i18n("%1 (Grades %2-%3)",array(i18n($r->category),$r->mingrade,$r->maxgrade));
|
||||||
@ -171,9 +172,10 @@ echo "<input type=\"hidden\" name=\"users_id\" value=\"{$u['id']}\">\n";
|
|||||||
echo "<table>\n";
|
echo "<table>\n";
|
||||||
|
|
||||||
//query all of the categories
|
//query all of the categories
|
||||||
$q=mysql_query("SELECT * FROM projectdivisions WHERE year='{$config['FAIRYEAR']}' ORDER BY division");
|
$q=$pdo->prepare("SELECT * FROM projectdivisions WHERE year='{$config['FAIRYEAR']}' ORDER BY division");
|
||||||
|
$q->execute();
|
||||||
$first = true;
|
$first = true;
|
||||||
while($r=mysql_fetch_object($q)) {
|
while($r=$q->fetch(PDO::FETCH_OBJ)) {
|
||||||
|
|
||||||
$trclass = ($trclass == 'odd') ? 'even' : 'odd';
|
$trclass = ($trclass == 'odd') ? 'even' : 'odd';
|
||||||
if($first == true) {
|
if($first == true) {
|
||||||
@ -198,8 +200,9 @@ echo "<input type=\"hidden\" name=\"users_id\" value=\"{$u['id']}\">\n";
|
|||||||
//only show the sub-divisions if the 'main' division is scored >=3
|
//only show the sub-divisions if the 'main' division is scored >=3
|
||||||
if($u['div_prefs'][$r->id]>=3) {
|
if($u['div_prefs'][$r->id]>=3) {
|
||||||
|
|
||||||
$subq=mysql_query("SELECT * FROM projectsubdivisions WHERE projectdivisions_id='$r->id' AND year='".$config['FAIRYEAR']."' ORDER BY subdivision");
|
$subq=$pdo->prepare("SELECT * FROM projectsubdivisions WHERE projectdivisions_id='$r->id' AND year='".$config['FAIRYEAR']."' ORDER BY subdivision");
|
||||||
while($subr=mysql_fetch_object($subq)) {
|
$subq->execute();
|
||||||
|
while($subr=$subq->fetch(PDO::FETCH_OBJ)) {
|
||||||
echo "<tr>";
|
echo "<tr>";
|
||||||
echo "<td> </td>";
|
echo "<td> </td>";
|
||||||
$ch = ($u['div_prefs_sub'][$subr->id]) ? "checked=\"checked\"" : '';
|
$ch = ($u['div_prefs_sub'][$subr->id]) ? "checked=\"checked\"" : '';
|
||||||
|
@ -49,8 +49,9 @@
|
|||||||
|
|
||||||
$scheduleok=false;
|
$scheduleok=false;
|
||||||
if($config['dates']['judgescheduleavailable'] && $config['dates']['judgescheduleavailable']!="0000-00-00 00:00:00") {
|
if($config['dates']['judgescheduleavailable'] && $config['dates']['judgescheduleavailable']!="0000-00-00 00:00:00") {
|
||||||
$q=mysql_query("SELECT (NOW()>'".$config['dates']['judgescheduleavailable']."') AS test");
|
$q=$pdo->prepare("SELECT (NOW()>'".$config['dates']['judgescheduleavailable']."') AS test");
|
||||||
$r=mysql_fetch_object($q);
|
$q->execute();
|
||||||
|
$r=$q->fetch(PDO::FETCH_OBJ);
|
||||||
$scheduleok=$r->test;
|
$scheduleok=$r->test;
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
@ -61,9 +62,10 @@
|
|||||||
/* Check for any judging team assignment this year for this judge,
|
/* Check for any judging team assignment this year for this judge,
|
||||||
* if there is one, print the judge scheule link in an obvious place,
|
* if there is one, print the judge scheule link in an obvious place,
|
||||||
* it's less obvious below */
|
* it's less obvious below */
|
||||||
$q = mysql_query("SELECT id FROM judges_teams_link WHERE
|
$q = $pdo->prepare("SELECT id FROM judges_teams_link WHERE
|
||||||
users_id='{$u['id']}' AND year='{$config['FAIRYEAR']}'");
|
users_id='{$u['id']}' AND year='{$config['FAIRYEAR']}'");
|
||||||
if(mysql_num_rows($q) > 0) {
|
$q2->execute();
|
||||||
|
if($q2->rowCount() > 0) {
|
||||||
echo '<span style="font-size: 1.2em; font-weight: bold;">';
|
echo '<span style="font-size: 1.2em; font-weight: bold;">';
|
||||||
echo i18n("You have been assigned to a judging team. %1Click here%2 to view the judging schedule",
|
echo i18n("You have been assigned to a judging team. %1Click here%2 to view the judging schedule",
|
||||||
array("<a href=\"judge_schedule.php\">","</a>"));
|
array("<a href=\"judge_schedule.php\">","</a>"));
|
||||||
|
@ -62,7 +62,7 @@ case 'save':
|
|||||||
$u['years_regional'] = intval($_POST['years_regional']);
|
$u['years_regional'] = intval($_POST['years_regional']);
|
||||||
$u['years_national'] = intval($_POST['years_national']);
|
$u['years_national'] = intval($_POST['years_national']);
|
||||||
$u['highest_psd'] = stripslashes($_POST['highest_psd']);
|
$u['highest_psd'] = stripslashes($_POST['highest_psd']);
|
||||||
$u['private_info'] = mysql_escape_string(iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['private_info'])));
|
$u['private_info'] = iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['private_info']));
|
||||||
|
|
||||||
//check if judge has been flagged then update them
|
//check if judge has been flagged then update them
|
||||||
|
|
||||||
@ -130,9 +130,10 @@ echo "<div id=\"other_info_status\"></div>\n";
|
|||||||
<td style="width:35%"><?=i18n("I can judge in the following languages")." ".REQUIREDFIELD?>: </td>
|
<td style="width:35%"><?=i18n("I can judge in the following languages")." ".REQUIREDFIELD?>: </td>
|
||||||
<td>
|
<td>
|
||||||
<?
|
<?
|
||||||
$q=mysql_query("SELECT * FROM languages WHERE active='Y' ORDER BY langname");
|
$q=$pdo->prepare("SELECT * FROM languages WHERE active='Y' ORDER BY langname");
|
||||||
echo mysql_error();
|
$q->execute();
|
||||||
while($r=mysql_fetch_object($q))
|
echo $pdo->errorInfo();
|
||||||
|
while($r=$q->fetch(PDO::FETCH_OBJ))
|
||||||
{
|
{
|
||||||
$ch = (in_array($r->lang,$u['languages'])) ? 'checked="checked"' : '';
|
$ch = (in_array($r->lang,$u['languages'])) ? 'checked="checked"' : '';
|
||||||
echo "<input onclick=\"fieldChanged()\" $ch type=\"checkbox\" name=\"languages[]\" value=\"$r->lang\" /> $r->langname <br />";
|
echo "<input onclick=\"fieldChanged()\" $ch type=\"checkbox\" name=\"languages[]\" value=\"$r->lang\" /> $r->langname <br />";
|
||||||
|
@ -27,29 +27,31 @@ require_once('user.inc.php');
|
|||||||
|
|
||||||
user_auth_required(array('judge', 'committee'));
|
user_auth_required(array('judge', 'committee'));
|
||||||
|
|
||||||
$pn = mysql_escape_string(stripslashes($_GET['pn']));
|
$pn = stripslashes($_GET['pn']);
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
$q=mysql_query("SELECT * FROM projects WHERE
|
$q=$pdo->prepare("SELECT * FROM projects WHERE
|
||||||
projectnumber='$pn'
|
projectnumber='$pn'
|
||||||
AND year='{$config['FAIRYEAR']}'");
|
AND year='{$config['FAIRYEAR']}'");
|
||||||
if(mysql_num_rows($q)==0) {
|
$q->execute();
|
||||||
|
if($q->rowCount()==0) {
|
||||||
echo "not found";
|
echo "not found";
|
||||||
exit;
|
exit;
|
||||||
}
|
}
|
||||||
$pi = mysql_fetch_object($q);
|
$pi = $q->fetch(PDO::FETCH_OBJ);
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
$sq = mysql_query("SELECT firstname,lastname,school FROM students
|
$sq = $pdo->prepare("SELECT firstname,lastname,school FROM students
|
||||||
LEFT JOIN schools ON schools.id = students.schools_id
|
LEFT JOIN schools ON schools.id = students.schools_id
|
||||||
WHERE
|
WHERE
|
||||||
registrations_id='{$pi->registrations_id}'
|
registrations_id='{$pi->registrations_id}'
|
||||||
AND students.year='{$config['FAIRYEAR']}'");
|
AND students.year='{$config['FAIRYEAR']}'");
|
||||||
|
$sq->execute();
|
||||||
|
|
||||||
$student = array();
|
$student = array();
|
||||||
while($si = mysql_fetch_object($sq)) {
|
while($si = $sq->fetch(PDO;;FETCH_OBJ)) {
|
||||||
$student[] = $si->firstname.' '.$si->lastname;
|
$student[] = $si->firstname.' '.$si->lastname;
|
||||||
$school = $si->school;
|
$school = $si->school;
|
||||||
}
|
}
|
||||||
|
@ -54,8 +54,9 @@ $u = user_load($eid);
|
|||||||
|
|
||||||
$scheduleok=false;
|
$scheduleok=false;
|
||||||
if($config['dates']['judgescheduleavailable'] && $config['dates']['judgescheduleavailable']!="0000-00-00 00:00:00") {
|
if($config['dates']['judgescheduleavailable'] && $config['dates']['judgescheduleavailable']!="0000-00-00 00:00:00") {
|
||||||
$q=mysql_query("SELECT (NOW()>'".$config['dates']['judgescheduleavailable']."') AS test");
|
$q=$pdo->prepare("SELECT (NOW()>'".$config['dates']['judgescheduleavailable']."') AS test");
|
||||||
$r=mysql_fetch_object($q);
|
$q->execute();
|
||||||
|
$r=$q->fetch(PDO::FETCH_OBJ);
|
||||||
$scheduleok=$r->test;
|
$scheduleok=$r->test;
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
@ -72,46 +73,51 @@ if(!$scheduleok) {
|
|||||||
|
|
||||||
|
|
||||||
/* Find all judging teams this judge is on */
|
/* Find all judging teams this judge is on */
|
||||||
$q = mysql_query("SELECT * FROM judges_teams_link
|
$q = $pdo->prepare("SELECT * FROM judges_teams_link
|
||||||
LEFT JOIN judges_teams ON judges_teams.id=judges_teams_link.judges_teams_id
|
LEFT JOIN judges_teams ON judges_teams.id=judges_teams_link.judges_teams_id
|
||||||
WHERE judges_teams_link.users_id='{$u['id']}'
|
WHERE judges_teams_link.users_id='{$u['id']}'
|
||||||
AND judges_teams_link.year='{$config['FAIRYEAR']}'");
|
AND judges_teams_link.year='{$config['FAIRYEAR']}'");
|
||||||
|
$q->execute();
|
||||||
$teams = array();
|
$teams = array();
|
||||||
while($t = mysql_fetch_assoc($q)) {
|
while($t = $q->fetch(PDO::FETCH_ASSOC)) {
|
||||||
/* Load timeslot data for this team (team -> judges_timeslots_link -> timeslot -> parent timeslot */
|
/* Load timeslot data for this team (team -> judges_timeslots_link -> timeslot -> parent timeslot */
|
||||||
$qq = mysql_query("SELECT T.* FROM judges_teams_timeslots_link
|
$qq = $pdo->prepare("SELECT T.* FROM judges_teams_timeslots_link
|
||||||
LEFT JOIN judges_timeslots ON judges_timeslots.id=judges_teams_timeslots_link.judges_timeslots_id
|
LEFT JOIN judges_timeslots ON judges_timeslots.id=judges_teams_timeslots_link.judges_timeslots_id
|
||||||
LEFT JOIN judges_timeslots AS T ON T.id=judges_timeslots.round_id
|
LEFT JOIN judges_timeslots AS T ON T.id=judges_timeslots.round_id
|
||||||
WHERE judges_teams_timeslots_link.judges_teams_id={$t['judges_teams_id']}");
|
WHERE judges_teams_timeslots_link.judges_teams_id={$t['judges_teams_id']}");
|
||||||
$tt = mysql_fetch_assoc($qq);
|
$qq->execute();
|
||||||
echo mysql_error();
|
$tt = $qq->fetch(PDO::FETCH_ASSOC);
|
||||||
|
echo $pdo->errorInfo();
|
||||||
$t['timeslot'] = $tt;
|
$t['timeslot'] = $tt;
|
||||||
|
|
||||||
/* Load award */
|
/* Load award */
|
||||||
$qq = mysql_query("SELECT award_awards.*,T.type FROM judges_teams_awards_link
|
$qq = $pdo->prepare("SELECT award_awards.*,T.type FROM judges_teams_awards_link
|
||||||
LEFT JOIN award_awards ON award_awards.id=judges_teams_awards_link.award_awards_id
|
LEFT JOIN award_awards ON award_awards.id=judges_teams_awards_link.award_awards_id
|
||||||
LEFT JOIN award_types as T ON T.id=award_awards.award_types_id
|
LEFT JOIN award_types as T ON T.id=award_awards.award_types_id
|
||||||
WHERE judges_teams_awards_link.judges_teams_id={$t['judges_teams_id']}");
|
WHERE judges_teams_awards_link.judges_teams_id={$t['judges_teams_id']}");
|
||||||
echo mysql_error();
|
$qq->execute();
|
||||||
$aa = mysql_fetch_assoc($qq);
|
echo $pdo->errorInfo();
|
||||||
|
$aa = $qq->fetch(PDO::FETCH_ASSOC);
|
||||||
$t['award'] = $aa;
|
$t['award'] = $aa;
|
||||||
|
|
||||||
/* Load team members */
|
/* Load team members */
|
||||||
$qq = mysql_query("SELECT * FROM judges_teams_link
|
$qq = $pdo->prepare("SELECT * FROM judges_teams_link
|
||||||
LEFT JOIN users ON users.id=judges_teams_link.users_id
|
LEFT JOIN users ON users.id=judges_teams_link.users_id
|
||||||
WHERE judges_teams_link.judges_teams_id={$t['judges_teams_id']}
|
WHERE judges_teams_link.judges_teams_id={$t['judges_teams_id']}
|
||||||
ORDER BY judges_teams_link.captain,users.lastname,users.firstname");
|
ORDER BY judges_teams_link.captain,users.lastname,users.firstname");
|
||||||
|
$qq->execute();
|
||||||
$t['members'] = array();
|
$t['members'] = array();
|
||||||
while(($mm = mysql_fetch_assoc($qq))) {
|
while(($mm = $qq->fetch(PDO::FETCH_ASSOC)) {
|
||||||
$t['members'][] = $mm;
|
$t['members'][] = $mm;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Load projects */
|
/* Load projects */
|
||||||
$qq = mysql_query("SELECT projects.id,projects.projectnumber,projects.title FROM judges_teams_timeslots_projects_link
|
$qq = $do->prepare("SELECT projects.id,projects.projectnumber,projects.title FROM judges_teams_timeslots_projects_link
|
||||||
LEFT JOIN projects ON projects.id=judges_teams_timeslots_projects_link.projects_id
|
LEFT JOIN projects ON projects.id=judges_teams_timeslots_projects_link.projects_id
|
||||||
WHERE judges_teams_id={$t['judges_teams_id']}");
|
WHERE judges_teams_id={$t['judges_teams_id']}");
|
||||||
|
$qq->execute();
|
||||||
$p = array();
|
$p = array();
|
||||||
while(($pp = mysql_fetch_assoc($qq)))
|
while(($pp = $qq->fetch(PDO::FETCH_ASSOC)))
|
||||||
$p[] = $pp;
|
$p[] = $pp;
|
||||||
/* If no project and it's a special award, get all nominated */
|
/* If no project and it's a special award, get all nominated */
|
||||||
if(count($p) == 0 && $aa['type'] == 'Special') {
|
if(count($p) == 0 && $aa['type'] == 'Special') {
|
||||||
|
@ -45,12 +45,14 @@ $u = user_load($eid);
|
|||||||
switch($_GET['action']) {
|
switch($_GET['action']) {
|
||||||
case 'save':
|
case 'save':
|
||||||
//first delete all their old associations for this year..
|
//first delete all their old associations for this year..
|
||||||
mysql_query("DELETE FROM judges_specialaward_sel WHERE users_id='{$u['id']}'");
|
$stmt = $pdo->prepare("DELETE FROM judges_specialaward_sel WHERE users_id='{$u['id']}'");
|
||||||
|
$stmt->execute();
|
||||||
|
|
||||||
if(array_key_exists('spaward', $_POST)) {
|
if(array_key_exists('spaward', $_POST)) {
|
||||||
foreach($_POST['spaward'] AS $aid) {
|
foreach($_POST['spaward'] AS $aid) {
|
||||||
mysql_query("INSERT INTO judges_specialaward_sel (users_id, award_awards_id)
|
$stmt = $pdo->prepare("INSERT INTO judges_specialaward_sel (users_id, award_awards_id)
|
||||||
VALUES ('{$u['id']}','$aid')");
|
VALUES ('{$u['id']}','$aid')");
|
||||||
|
$stmt->execute();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
happy_("Special Award preferences successfully saved");
|
happy_("Special Award preferences successfully saved");
|
||||||
@ -104,15 +106,16 @@ if($_SESSION['embed'] != true) {
|
|||||||
echo "<br />";
|
echo "<br />";
|
||||||
echo "<br />";
|
echo "<br />";
|
||||||
|
|
||||||
$q=mysql_query("SELECT * FROM judges_specialaward_sel WHERE users_id='{$u['id']}'");
|
$q=$pdo->prepare("SELECT * FROM judges_specialaward_sel WHERE users_id='{$u['id']}'");
|
||||||
|
$q->execute();
|
||||||
$spawards = array();
|
$spawards = array();
|
||||||
while($r=mysql_fetch_object($q)) $spawards[] = $r->award_awards_id;
|
while($r=$q->fetch(PDO::FETCH_OBJ)) $spawards[] = $r->award_awards_id;
|
||||||
|
|
||||||
echo "<table>\n";
|
echo "<table>\n";
|
||||||
|
|
||||||
|
|
||||||
//query all of the awards
|
//query all of the awards
|
||||||
$q=mysql_query("SELECT award_awards.id,
|
$q=$pdo->prepare("SELECT award_awards.id,
|
||||||
award_awards.name,
|
award_awards.name,
|
||||||
award_awards.criteria,
|
award_awards.criteria,
|
||||||
sponsors.organization
|
sponsors.organization
|
||||||
@ -128,8 +131,9 @@ if($_SESSION['embed'] != true) {
|
|||||||
AND award_types.year='{$config['FAIRYEAR']}'
|
AND award_types.year='{$config['FAIRYEAR']}'
|
||||||
ORDER BY
|
ORDER BY
|
||||||
name");
|
name");
|
||||||
echo mysql_error();
|
$q->execute();
|
||||||
while($r=mysql_fetch_object($q))
|
echo $pdo->errorInfo();
|
||||||
|
while($r=$q->fetch(PDO::FETCH_OBJ))
|
||||||
{
|
{
|
||||||
?>
|
?>
|
||||||
<tr><td rowspan="2">
|
<tr><td rowspan="2">
|
||||||
|
@ -26,7 +26,7 @@ function getProjectsEligibleForAward($award_id)
|
|||||||
{
|
{
|
||||||
global $config;
|
global $config;
|
||||||
|
|
||||||
$prjq=mysql_query("SELECT
|
$prjq=$pdo->prepare("SELECT
|
||||||
award_awards.id,
|
award_awards.id,
|
||||||
award_awards_projectcategories.projectcategories_id,
|
award_awards_projectcategories.projectcategories_id,
|
||||||
award_awards_projectdivisions.projectdivisions_id,
|
award_awards_projectdivisions.projectdivisions_id,
|
||||||
@ -50,8 +50,9 @@ function getProjectsEligibleForAward($award_id)
|
|||||||
ORDER BY
|
ORDER BY
|
||||||
projectsort
|
projectsort
|
||||||
");
|
");
|
||||||
|
$prjq->execute();
|
||||||
$projects=array();
|
$projects=array();
|
||||||
while($prjr=mysql_fetch_object($prjq))
|
while($prjr=$prjq->fetch(PDO::FETCH_OBJ))
|
||||||
{
|
{
|
||||||
$projects[$prjr->projectnumber]=array(
|
$projects[$prjr->projectnumber]=array(
|
||||||
"id"=>$prjr->projects_id,
|
"id"=>$prjr->projects_id,
|
||||||
@ -67,7 +68,7 @@ function getLanguagesOfProjectsEligibleForAward($award_id)
|
|||||||
{
|
{
|
||||||
global $config;
|
global $config;
|
||||||
|
|
||||||
$prjq=mysql_query("SELECT DISTINCT(projects.language) AS language
|
$prjq=$pdo->prepare("SELECT DISTINCT(projects.language) AS language
|
||||||
FROM
|
FROM
|
||||||
award_awards,
|
award_awards,
|
||||||
award_awards_projectcategories,
|
award_awards_projectcategories,
|
||||||
@ -84,8 +85,9 @@ function getLanguagesOfProjectsEligibleForAward($award_id)
|
|||||||
ORDER BY
|
ORDER BY
|
||||||
language
|
language
|
||||||
");
|
");
|
||||||
|
$prjq->execute();
|
||||||
$languages=array();
|
$languages=array();
|
||||||
while($r=mysql_fetch_object($prjq)) {
|
while($r=$prjq->fetch(PDO::FETCH_OBJ)) {
|
||||||
if($r->language)
|
if($r->language)
|
||||||
$languages[]=$r->language;
|
$languages[]=$r->language;
|
||||||
}
|
}
|
||||||
@ -97,8 +99,9 @@ function getProjectsEligibleOrNominatedForAwards($awards_ids_array)
|
|||||||
$projects=array();
|
$projects=array();
|
||||||
foreach($awards_ids_array AS $award_id)
|
foreach($awards_ids_array AS $award_id)
|
||||||
{
|
{
|
||||||
$q=mysql_query("SELECT award_types.type FROM award_awards, award_types WHERE award_awards.id='$award_id' AND award_awards.award_types_id=award_types.id");
|
$q=$pdo->prepare("SELECT award_types.type FROM award_awards, award_types WHERE award_awards.id='$award_id' AND award_awards.award_types_id=award_types.id");
|
||||||
$r=mysql_fetch_object($q);
|
$q->execute();
|
||||||
|
$r=$q->fetch(PDO::FETCH_OBJ);
|
||||||
|
|
||||||
$awardprojects=array();
|
$awardprojects=array();
|
||||||
|
|
||||||
@ -123,7 +126,7 @@ function getSpecialAwardsEligibleForProject($projectid)
|
|||||||
{
|
{
|
||||||
global $config;
|
global $config;
|
||||||
|
|
||||||
$awardsq=mysql_query("SELECT
|
$awardsq=$pdo->prepare("SELECT
|
||||||
award_awards.id,
|
award_awards.id,
|
||||||
award_awards.name,
|
award_awards.name,
|
||||||
award_awards.criteria,
|
award_awards.criteria,
|
||||||
@ -142,7 +145,7 @@ function getSpecialAwardsEligibleForProject($projectid)
|
|||||||
AND award_types.id=award_awards.award_types_id
|
AND award_types.id=award_awards.award_types_id
|
||||||
AND award_awards.id=award_awards_projectcategories.award_awards_id
|
AND award_awards.id=award_awards_projectcategories.award_awards_id
|
||||||
AND award_awards.id=award_awards_projectdivisions.award_awards_id
|
AND award_awards.id=award_awards_projectdivisions.award_awards_id
|
||||||
AND projects.projectcategories_id=award_awards_projectcategories.projectcategories_id
|
AND projects.projectcategories_ipreparequeryd=award_awards_projectcategories.projectcategories_id
|
||||||
AND projects.projectdivisions_id=award_awards_projectdivisions.projectdivisions_id
|
AND projects.projectdivisions_id=award_awards_projectdivisions.projectdivisions_id
|
||||||
AND award_awards.id is not null
|
AND award_awards.id is not null
|
||||||
AND projects.year='".$config['FAIRYEAR']."'
|
AND projects.year='".$config['FAIRYEAR']."'
|
||||||
@ -152,9 +155,10 @@ function getSpecialAwardsEligibleForProject($projectid)
|
|||||||
ORDER BY
|
ORDER BY
|
||||||
award_awards.name
|
award_awards.name
|
||||||
");
|
");
|
||||||
|
$awardsq->execute();
|
||||||
$awards=array();
|
$awards=array();
|
||||||
echo mysql_error();
|
echo $pdo->errorInfo();
|
||||||
while($r=mysql_fetch_object($awardsq))
|
while($r=$awardsq->fetch(PDO::FETCH_OBJ))
|
||||||
{
|
{
|
||||||
$awards[$r->id]=array(
|
$awards[$r->id]=array(
|
||||||
"id"=>$r->id,
|
"id"=>$r->id,
|
||||||
@ -170,7 +174,7 @@ function getSpecialAwardsNominatedForProject($projectid)
|
|||||||
{
|
{
|
||||||
global $config;
|
global $config;
|
||||||
|
|
||||||
$awardsq=mysql_query("SELECT
|
$awardsq=$pdo->prepare("SELECT
|
||||||
award_awards.id,
|
award_awards.id,
|
||||||
award_awards.name,
|
award_awards.name,
|
||||||
award_awards.criteria,
|
award_awards.criteria,
|
||||||
@ -188,9 +192,10 @@ function getSpecialAwardsNominatedForProject($projectid)
|
|||||||
ORDER BY
|
ORDER BY
|
||||||
award_awards.name
|
award_awards.name
|
||||||
");
|
");
|
||||||
|
$awardsq->execute();
|
||||||
$awards=array();
|
$awards=array();
|
||||||
echo mysql_error();
|
echo $pdo->errorInfo();
|
||||||
while($r=mysql_fetch_object($awardsq))
|
while($r=$awardsq->fetch(PDO::FETCH_OBJ))
|
||||||
{
|
{
|
||||||
$awards[$r->id]=array(
|
$awards[$r->id]=array(
|
||||||
"id"=>$r->id,
|
"id"=>$r->id,
|
||||||
@ -205,7 +210,7 @@ function getSpecialAwardsNominatedForProject($projectid)
|
|||||||
function getNominatedForNoSpecialAwardsForProject($projectid)
|
function getNominatedForNoSpecialAwardsForProject($projectid)
|
||||||
{
|
{
|
||||||
global $config;
|
global $config;
|
||||||
$awardsq=mysql_query("SELECT
|
$awardsq=$pdo->prepare("SELECT
|
||||||
projects.id AS projects_id
|
projects.id AS projects_id
|
||||||
FROM
|
FROM
|
||||||
project_specialawards_link,
|
project_specialawards_link,
|
||||||
@ -216,7 +221,8 @@ function getNominatedForNoSpecialAwardsForProject($projectid)
|
|||||||
AND projects.id='$projectid'
|
AND projects.id='$projectid'
|
||||||
AND project_specialawards_link.award_awards_id IS NULL
|
AND project_specialawards_link.award_awards_id IS NULL
|
||||||
");
|
");
|
||||||
if(mysql_num_rows($awardsq) == 1) return true;
|
$awardsq->execute();
|
||||||
|
if($awardsq->rowCount() == 1) return true;
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -228,7 +234,7 @@ function getProjectsNominatedForSpecialAward($award_id)
|
|||||||
//are eligible for the award, instead of nominated for it.
|
//are eligible for the award, instead of nominated for it.
|
||||||
if($config['specialawardnomination']!="none")
|
if($config['specialawardnomination']!="none")
|
||||||
{
|
{
|
||||||
$prjq=mysql_query("SELECT
|
$prjq=$pdo->prepare("SELECT
|
||||||
projects.projectnumber,
|
projects.projectnumber,
|
||||||
projects.title,
|
projects.title,
|
||||||
projects.language,
|
projects.language,
|
||||||
@ -244,8 +250,9 @@ function getProjectsNominatedForSpecialAward($award_id)
|
|||||||
ORDER BY
|
ORDER BY
|
||||||
projectsort
|
projectsort
|
||||||
");
|
");
|
||||||
|
$prjq->execute();
|
||||||
$projects=array();
|
$projects=array();
|
||||||
while($prjr=mysql_fetch_object($prjq))
|
while($prjr=$prjq->fetch(PDO::FETCH_OBJ))
|
||||||
{
|
{
|
||||||
$projects[$prjr->projectnumber]=array(
|
$projects[$prjr->projectnumber]=array(
|
||||||
"id"=>$prjr->projects_id,
|
"id"=>$prjr->projects_id,
|
||||||
@ -271,7 +278,7 @@ function getLanguagesOfProjectsNominatedForSpecialAward($award_id)
|
|||||||
//if they dont use special award nominations, then we will instead get all of the projects that
|
//if they dont use special award nominations, then we will instead get all of the projects that
|
||||||
//are eligible for the award, instead of nominated for it.
|
//are eligible for the award, instead of nominated for it.
|
||||||
if($config['specialawardnomination']!="none") {
|
if($config['specialawardnomination']!="none") {
|
||||||
$prjq=mysql_query("SELECT DISTINCT(projects.language) AS language
|
$prjq=$pdo->prepare("SELECT DISTINCT(projects.language) AS language
|
||||||
FROM
|
FROM
|
||||||
project_specialawards_link,
|
project_specialawards_link,
|
||||||
projects
|
projects
|
||||||
@ -282,8 +289,9 @@ function getLanguagesOfProjectsNominatedForSpecialAward($award_id)
|
|||||||
AND projects.year='".$config['FAIRYEAR']."'
|
AND projects.year='".$config['FAIRYEAR']."'
|
||||||
ORDER BY language
|
ORDER BY language
|
||||||
");
|
");
|
||||||
|
$prjq->execute();
|
||||||
$languages=array();
|
$languages=array();
|
||||||
while($r=mysql_fetch_object($prjq)) {
|
while($r=$prjq->fetch(PDO::FETCH_OBJ)) {
|
||||||
//dont count "" as a language, if the project doesnt have a language specified too bad they're up shit creek without a paddle
|
//dont count "" as a language, if the project doesnt have a language specified too bad they're up shit creek without a paddle
|
||||||
if($r->langauge) {
|
if($r->langauge) {
|
||||||
$languages[]=$r->language;
|
$languages[]=$r->language;
|
||||||
@ -302,7 +310,7 @@ function getSpecialAwardsNominatedByRegistrationID($id)
|
|||||||
{
|
{
|
||||||
global $config;
|
global $config;
|
||||||
|
|
||||||
$awardq=mysql_query("SELECT
|
$awardq=$pdo->prepare("SELECT
|
||||||
award_awards.id,
|
award_awards.id,
|
||||||
award_awards.name,
|
award_awards.name,
|
||||||
award_awards_projectcategories.projectcategories_id,
|
award_awards_projectcategories.projectcategories_id,
|
||||||
@ -324,8 +332,9 @@ function getSpecialAwardsNominatedByRegistrationID($id)
|
|||||||
ORDER BY
|
ORDER BY
|
||||||
projectsort
|
projectsort
|
||||||
");
|
");
|
||||||
|
$awardq->execute();
|
||||||
$projects=array();
|
$projects=array();
|
||||||
while($prjr=mysql_fetch_object($prjq))
|
while($prjr=$prjq->fetch(PDO::FETCH_OBJ))
|
||||||
{
|
{
|
||||||
$projects[$prjr->projectnumber]=array(
|
$projects[$prjr->projectnumber]=array(
|
||||||
"id"=>$prjr->projects_id,
|
"id"=>$prjr->projects_id,
|
||||||
@ -340,15 +349,17 @@ function getSpecialAwardsNominatedByRegistrationID($id)
|
|||||||
function project_load($pid)
|
function project_load($pid)
|
||||||
{
|
{
|
||||||
/* Load this project */
|
/* Load this project */
|
||||||
$q = mysql_query("SELECT * FROM projects WHERE id='$pid'");
|
$q = $pdo->prepare("SELECT * FROM projects WHERE id='$pid'");
|
||||||
$proj = mysql_fetch_array($q);
|
$q->execute();
|
||||||
|
$proj = $q->fetch();
|
||||||
|
|
||||||
/* Load the students */
|
/* Load the students */
|
||||||
$q = mysql_query("SELECT students.*,schools.school FROM students
|
$q = $pdo->prepare("SELECT students.*,schools.school FROM students
|
||||||
LEFT JOIN schools ON schools.id=students.schools_id
|
LEFT JOIN schools ON schools.id=students.schools_id
|
||||||
WHERE registrations_id='{$proj['registrations_id']}' AND students.year='{$proj['year']}' ORDER BY students.id");
|
WHERE registrations_id='{$proj['registrations_id']}' AND students.year='{$proj['year']}' ORDER BY students.id");
|
||||||
|
$q->execute();
|
||||||
$proj['num_students'] = 0;
|
$proj['num_students'] = 0;
|
||||||
while($s = mysql_fetch_assoc($q)) {
|
while($s = $q->fetch(PDO::FETCH_OBJ)) {
|
||||||
$proj['num_students']++;
|
$proj['num_students']++;
|
||||||
$proj['student'][] = $s;
|
$proj['student'][] = $s;
|
||||||
}
|
}
|
||||||
|
@ -27,13 +27,15 @@
|
|||||||
function questions_load_answers($section, $users_id)
|
function questions_load_answers($section, $users_id)
|
||||||
{
|
{
|
||||||
global $config;
|
global $config;
|
||||||
$yearq=mysql_query("SELECT `year` FROM users WHERE id='$users_id'");
|
$yearq=$pdo->prepare("SELECT `year` FROM users WHERE id='$users_id'");
|
||||||
$yearr=mysql_fetch_object($yearq);
|
$yearq->execute();
|
||||||
|
$yearr=$yearq->fetch(PDO::FETCH_OBJ);
|
||||||
$ans=array();
|
$ans=array();
|
||||||
$qs=questions_load_questions($section,$yearr->year);
|
$qs=questions_load_questions($section,$yearr->year);
|
||||||
foreach($qs AS $id=>$question) {
|
foreach($qs AS $id=>$question) {
|
||||||
$q=mysql_query("SELECT * FROM question_answers WHERE users_id='$users_id' AND questions_id='$id'");
|
$q=$pdo->prepare("SELECT * FROM question_answers WHERE users_id='$users_id' AND questions_id='$id'");
|
||||||
$r=mysql_fetch_object($q);
|
$q->execute();
|
||||||
|
$r=$q->fetch(PDO::FETCH_OBJ);
|
||||||
$ans[$id]=$r->answer;
|
$ans[$id]=$r->answer;
|
||||||
}
|
}
|
||||||
return $ans;
|
return $ans;
|
||||||
@ -67,29 +69,33 @@ function questions_save_answers($section, $id, $answers)
|
|||||||
global $config;
|
global $config;
|
||||||
$qs = questions_load_questions($section,$config['FAIRYEAR']);
|
$qs = questions_load_questions($section,$config['FAIRYEAR']);
|
||||||
$keys = array_keys($answers);
|
$keys = array_keys($answers);
|
||||||
$q=mysql_query("SELECT * FROM questions WHERE year='{$config['FAIRYEAR']}'");
|
$q=$pdo->prepare("SELECT * FROM questions WHERE year='{$config['FAIRYEAR']}'");
|
||||||
while($r=mysql_fetch_object($q)) {
|
$q->execute();
|
||||||
mysql_query("DELETE FROM question_answers WHERE users_id='$id' AND questions_id='$r->id'");
|
while($r=$q->fetch(PDO::FETCH_OBJ)) {
|
||||||
echo mysql_error();
|
$stmt = $pdo->prepare("DELETE FROM question_answers WHERE users_id='$id' AND questions_id='$r->id'");
|
||||||
|
$stmt->execute();
|
||||||
|
echo $pdo->errorInfo();
|
||||||
}
|
}
|
||||||
|
|
||||||
$keys = array_keys($answers);
|
$keys = array_keys($answers);
|
||||||
foreach($keys as $qid) {
|
foreach($keys as $qid) {
|
||||||
/* Poll key */
|
/* Poll key */
|
||||||
mysql_query("INSERT INTO question_answers
|
$stmt = $pdo->prepare("INSERT INTO question_answers
|
||||||
(users_id,questions_id,answer) VALUES(
|
(users_id,questions_id,answer) VALUES(
|
||||||
'$id','$qid',
|
'$id','$qid',
|
||||||
'".mysql_escape_string($answers[$qid])."')" );
|
'".$answers[$qid]."')" );
|
||||||
|
$stmt->execute();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
function questions_find_question_id($section, $dbheading)
|
function questions_find_question_id($section, $dbheading)
|
||||||
{
|
{
|
||||||
$q = mysql_query("SELECT id FROM questions WHERE ".
|
$q = $pdo->prepare("SELECT id FROM questions WHERE ".
|
||||||
" section='$section' ".
|
" section='$section' ".
|
||||||
" AND db_heading='$dbheading' ");
|
" AND db_heading='$dbheading' ");
|
||||||
if(mysql_num_rows($q) == 1) {
|
$q->execute();
|
||||||
$r = mysql_fetch_object($q);
|
if($q->rowCount() == 1) {
|
||||||
|
$r = $q->fetch(PDO::FETCH_OBJ);
|
||||||
return $r->id;
|
return $r->id;
|
||||||
}
|
}
|
||||||
return 0;
|
return 0;
|
||||||
@ -162,28 +168,30 @@ function questions_parse_from_http_headers($array_name)
|
|||||||
|
|
||||||
function questions_update_question($qs)
|
function questions_update_question($qs)
|
||||||
{
|
{
|
||||||
mysql_query("UPDATE questions SET
|
$stmt = $pdo->prepare("UPDATE questions SET
|
||||||
`question`='".mysql_escape_string($qs['question'])."',
|
`question`='".$qs['question']."',
|
||||||
`type`='".mysql_escape_string($qs['type'])."',
|
`type`='".$qs['type']."',
|
||||||
`db_heading`='".mysql_escape_string($qs['db_heading'])."',
|
`db_heading`='".$qs['db_heading']."',
|
||||||
`required`='".mysql_escape_string($qs['required'])."',
|
`required`='".$qs['required']."',
|
||||||
`ord`=".intval($qs['ord'])."
|
`ord`=".intval($qs['ord']."
|
||||||
WHERE id='{$qs['id']}' ");
|
WHERE id='{$qs['id']}' ");
|
||||||
echo mysql_error();
|
$stmt->execute();
|
||||||
|
echo $pdo->errorInfo();
|
||||||
}
|
}
|
||||||
|
|
||||||
function questions_save_new_question($qs, $year)
|
function questions_save_new_question($qs, $year)
|
||||||
{
|
{
|
||||||
mysql_query("INSERT INTO questions ".
|
$stmt = $pdo->prepare("INSERT INTO questions ".
|
||||||
"(question,type,section,db_heading,required,ord,year) VALUES (".
|
"(question,type,section,db_heading,required,ord,year) VALUES (".
|
||||||
"'".mysql_escape_string($qs['question'])."',".
|
"'".$qs['question']."',".
|
||||||
"'".mysql_escape_string($qs['type'])."',".
|
"'".$qs['type']."',".
|
||||||
"'".mysql_escape_string($qs['section'])."',".
|
"'".$qs['section']."',".
|
||||||
"'".mysql_escape_string($qs['db_heading'])."',".
|
"'".$qs['db_heading']."',".
|
||||||
"'".mysql_escape_string($qs['required'])."',".
|
"'".$qs['required']."',".
|
||||||
"'".mysql_escape_string($qs['ord'])."',".
|
"'".$qs['ord']."',".
|
||||||
"'$year' )");
|
"'$year' )");
|
||||||
echo mysql_error();
|
$stmt->execute();
|
||||||
|
echo $pdo->errorInfo();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@ -231,7 +239,8 @@ function questions_editor($section, $year, $array_name, $self)
|
|||||||
$qs = questions_load_questions($section, $year);
|
$qs = questions_load_questions($section, $year);
|
||||||
|
|
||||||
/* Delete this question */
|
/* Delete this question */
|
||||||
mysql_query("DELETE FROM questions WHERE id='$qid'");
|
$stmt = $pdo->prepare("DELETE FROM questions WHERE id='$qid'");
|
||||||
|
$stmt->execute();
|
||||||
|
|
||||||
/* Update the order of all questions after this one */
|
/* Update the order of all questions after this one */
|
||||||
$keys = array_keys($qs);
|
$keys = array_keys($qs);
|
||||||
@ -239,7 +248,8 @@ function questions_editor($section, $year, $array_name, $self)
|
|||||||
if($q == $qid) continue;
|
if($q == $qid) continue;
|
||||||
if($qs[$q]['ord'] > $qs[$qid]['ord']) {
|
if($qs[$q]['ord'] > $qs[$qid]['ord']) {
|
||||||
$qs[$q]['ord']--;
|
$qs[$q]['ord']--;
|
||||||
mysql_query("UPDATE questions SET ord='{$qs[$q]['ord']}' WHERE id='$q'");
|
$stmt = $pdo->prepare("UPDATE questions SET ord='{$qs[$q]['ord']}' WHERE id='$q'");
|
||||||
|
$stmt->execute();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
echo happy(i18n("Question successfully removed"));
|
echo happy(i18n("Question successfully removed"));
|
||||||
@ -248,18 +258,20 @@ function questions_editor($section, $year, $array_name, $self)
|
|||||||
if($_GET['action']=="import" && $_GET['impyear'])
|
if($_GET['action']=="import" && $_GET['impyear'])
|
||||||
{
|
{
|
||||||
$x=0;
|
$x=0;
|
||||||
$q = mysql_query("SELECT * FROM questions WHERE year='{$_GET['impyear']}'");
|
$q = $pdo->prepare("SELECT * FROM questions WHERE year='{$_GET['impyear']}'");
|
||||||
while($r=mysql_fetch_object($q)) {
|
$q->execute();
|
||||||
|
while($r=$q->fetch(PDO::FETCH_OBJ)) {
|
||||||
$x++;
|
$x++;
|
||||||
mysql_query("INSERT INTO questions (id,year,section,db_heading,question,type,required,ord)
|
$stmt = $pdo->prepare("INSERT INTO questions (id,year,section,db_heading,question,type,required,ord)
|
||||||
VALUES (
|
VALUES (
|
||||||
'', '$year',
|
'', '$year',
|
||||||
'".mysql_escape_string($r->section)."',
|
'".$r->section."',
|
||||||
'".mysql_escape_string($r->db_heading)."',
|
'".$r->db_heading."',
|
||||||
'".mysql_escape_string($r->question)."',
|
'".$r->question."',
|
||||||
'".mysql_escape_string($r->type)."',
|
'".$r->type."',
|
||||||
'".mysql_escape_string($r->required)."',
|
'".$r->required."',
|
||||||
'".mysql_escape_string($r->ord)."')");
|
'".$r->ord)."')";
|
||||||
|
$stmt->execute();
|
||||||
}
|
}
|
||||||
|
|
||||||
echo happy(i18n("%1 question(s) successfully imported",
|
echo happy(i18n("%1 question(s) successfully imported",
|
||||||
@ -305,7 +317,8 @@ function questions_editor($section, $year, $array_name, $self)
|
|||||||
if($qdir != 0) {
|
if($qdir != 0) {
|
||||||
$qs[$qid]['ord'] += $qdir;
|
$qs[$qid]['ord'] += $qdir;
|
||||||
/* Update the db */
|
/* Update the db */
|
||||||
mysql_query("UPDATE questions SET ord='{$qs[$qid]['ord']}' WHERE id='$qid'");
|
$stmt = $pdo->prepare("UPDATE questions SET ord='{$qs[$qid]['ord']}' WHERE id='$qid'");
|
||||||
|
$stmt->execute();
|
||||||
$keys = array_keys($qs);
|
$keys = array_keys($qs);
|
||||||
$originalq = $qs[$qid];
|
$originalq = $qs[$qid];
|
||||||
|
|
||||||
@ -314,10 +327,12 @@ function questions_editor($section, $year, $array_name, $self)
|
|||||||
if($qs[$q]['ord'] != $qs[$qid]['ord']) continue;
|
if($qs[$q]['ord'] != $qs[$qid]['ord']) continue;
|
||||||
if($qdir == 1) {
|
if($qdir == 1) {
|
||||||
$qs[$q]['ord']--;
|
$qs[$q]['ord']--;
|
||||||
mysql_query("UPDATE questions SET ord='{$qs[$q]['ord']}' WHERE id='$q'");
|
$stmt = $pdo->prepare("UPDATE questions SET ord='{$qs[$q]['ord']}' WHERE id='$q'");
|
||||||
|
$stmt->execute();
|
||||||
} else {
|
} else {
|
||||||
$qs[$q]['ord']++;
|
$qs[$q]['ord']++;
|
||||||
mysql_query("UPDATE questions SET ord='{$qs[$q]['ord']}' WHERE id='$q'");
|
$stmt = $pdo->prepare("UPDATE questions SET ord='{$qs[$q]['ord']}' WHERE id='$q'");
|
||||||
|
$stmt->execute();
|
||||||
}
|
}
|
||||||
/* Swap them so we don' thave to reaload the questions
|
/* Swap them so we don' thave to reaload the questions
|
||||||
* */
|
* */
|
||||||
|
@ -26,8 +26,9 @@ function registrationFormsReceived($reg_id="")
|
|||||||
{
|
{
|
||||||
if($reg_id) $rid=$reg_id;
|
if($reg_id) $rid=$reg_id;
|
||||||
else $rid=$_SESSION['registration_id'];
|
else $rid=$_SESSION['registration_id'];
|
||||||
$q=mysql_query("SELECT status FROM registrations WHERE id='$rid'");
|
$q=$pdo->prepare("SELECT status FROM registrations WHERE id='$rid'");
|
||||||
$r=mysql_fetch_object($q);
|
$q->execute();
|
||||||
|
$r=$q->fetch(PDO::FETCH_OBJ);
|
||||||
if($r->status=="complete" || $r->status=="paymentpending")
|
if($r->status=="complete" || $r->status=="paymentpending")
|
||||||
return true;
|
return true;
|
||||||
else
|
else
|
||||||
@ -37,8 +38,9 @@ function registrationFormsReceived($reg_id="")
|
|||||||
function registrationDeadlinePassed()
|
function registrationDeadlinePassed()
|
||||||
{
|
{
|
||||||
global $config;
|
global $config;
|
||||||
$q=mysql_query("SELECT (NOW()<'".$config['dates']['regclose']."') AS datecheck");
|
$q=$pdo->prepare("SELECT (NOW()<'".$config['dates']['regclose']."') AS datecheck");
|
||||||
$datecheck=mysql_fetch_object($q);
|
$q->execute();
|
||||||
|
$datecheck=$q->fetch(PDO::FETCH_OBJ);
|
||||||
if($datecheck->datecheck==1)
|
if($datecheck->datecheck==1)
|
||||||
return false;
|
return false;
|
||||||
else
|
else
|
||||||
@ -60,13 +62,13 @@ function studentStatus($reg_id="")
|
|||||||
if($reg_id) $rid=$reg_id;
|
if($reg_id) $rid=$reg_id;
|
||||||
else $rid=$_SESSION['registration_id'];
|
else $rid=$_SESSION['registration_id'];
|
||||||
|
|
||||||
$q=mysql_query("SELECT * FROM students WHERE registrations_id='$rid' AND year='".$config['FAIRYEAR']."'");
|
$q=$pdo->prepare("SELECT * FROM students WHERE registrations_id='$rid' AND year='".$config['FAIRYEAR']."'");
|
||||||
|
$q->execute();
|
||||||
//if we dont have the minimum, return incomplete
|
//if we dont have the minimum, return incomplete
|
||||||
if(mysql_num_rows($q)<$config['minstudentsperproject'])
|
if($q->rowCount()<$config['minstudentsperproject'])
|
||||||
return "incomplete";
|
return "incomplete";
|
||||||
|
|
||||||
while($r=mysql_fetch_object($q))
|
while($r=$q->fetch(PDO::FETCH_OBJ))
|
||||||
{
|
{
|
||||||
foreach ($required_fields AS $req)
|
foreach ($required_fields AS $req)
|
||||||
{
|
{
|
||||||
@ -95,14 +97,15 @@ function emergencycontactStatus($reg_id="")
|
|||||||
if($reg_id) $rid=$reg_id;
|
if($reg_id) $rid=$reg_id;
|
||||||
else $rid=$_SESSION['registration_id'];
|
else $rid=$_SESSION['registration_id'];
|
||||||
|
|
||||||
$sq=mysql_query("SELECT id FROM students WHERE registrations_id='$rid' AND year='".$config['FAIRYEAR']."'");
|
$sq=$pdo->prepare("SELECT id FROM students WHERE registrations_id='$rid' AND year='".$config['FAIRYEAR']."'");
|
||||||
$numstudents=mysql_num_rows($sq);
|
$sq->execute();
|
||||||
|
$numstudents=$sq->rowCount();
|
||||||
|
|
||||||
while($sr=mysql_fetch_object($sq))
|
while($sr=$sq->fetch(PDO::FETCH_OBJ))
|
||||||
{
|
{
|
||||||
$q=mysql_query("SELECT * FROM emergencycontact WHERE registrations_id='$rid' AND year='".$config['FAIRYEAR']."' AND students_id='$sr->id'");
|
$q=$pdo->prepare("SELECT * FROM emergencycontact WHERE registrations_id='$rid' AND year='".$config['FAIRYEAR']."' AND students_id='$sr->id'");
|
||||||
|
$q->execute();
|
||||||
$r=mysql_fetch_object($q);
|
$r=$q->fetch(PDO::FETCH_OBJ);
|
||||||
|
|
||||||
foreach ($required_fields AS $req)
|
foreach ($required_fields AS $req)
|
||||||
{
|
{
|
||||||
@ -136,13 +139,13 @@ function projectStatus($reg_id="")
|
|||||||
if($reg_id) $rid=$reg_id;
|
if($reg_id) $rid=$reg_id;
|
||||||
else $rid=$_SESSION['registration_id'];
|
else $rid=$_SESSION['registration_id'];
|
||||||
|
|
||||||
$q=mysql_query("SELECT * FROM projects WHERE registrations_id='$rid' AND year='".$config['FAIRYEAR']."'");
|
$q=$pdo->prepare("SELECT * FROM projects WHERE registrations_id='$rid' AND year='".$config['FAIRYEAR']."'");
|
||||||
|
$q->execute();
|
||||||
//if we dont have a project entry yet, return empty
|
//if we dont have a project entry yet, return empty
|
||||||
if(!mysql_num_rows($q))
|
if(!$q->rowCount())
|
||||||
return "empty";
|
return "empty";
|
||||||
|
|
||||||
while($r=mysql_fetch_object($q))
|
while($r=$q->fetch(PDO::FETCH_OBJ))
|
||||||
{
|
{
|
||||||
foreach ($required_fields AS $req)
|
foreach ($required_fields AS $req)
|
||||||
{
|
{
|
||||||
@ -166,18 +169,20 @@ function mentorStatus($reg_id="")
|
|||||||
else $rid=$_SESSION['registration_id'];
|
else $rid=$_SESSION['registration_id'];
|
||||||
|
|
||||||
//first check the registrations table to see if 'nummentors' is set, or if its null
|
//first check the registrations table to see if 'nummentors' is set, or if its null
|
||||||
$q=mysql_query("SELECT nummentors FROM registrations WHERE id='$rid' AND year='".$config['FAIRYEAR']."'");
|
$q=$pdo->prepare("SELECT nummentors FROM registrations WHERE id='$rid' AND year='".$config['FAIRYEAR']."'");
|
||||||
$r=mysql_fetch_object($q);
|
$q->execute();
|
||||||
|
$r=$q->fetch(PDO::FETCH_OBJ);
|
||||||
if($r->nummentors==null)
|
if($r->nummentors==null)
|
||||||
return "incomplete";
|
return "incomplete";
|
||||||
|
|
||||||
$q=mysql_query("SELECT * FROM mentors WHERE registrations_id='$rid' AND year='".$config['FAIRYEAR']."'");
|
$q=$pdo->prepare("SELECT * FROM mentors WHERE registrations_id='$rid' AND year='".$config['FAIRYEAR']."'");
|
||||||
|
$q->execute();
|
||||||
|
|
||||||
//if we dont have the minimum, return incomplete
|
//if we dont have the minimum, return incomplete
|
||||||
if(mysql_num_rows($q)<$config['minmentorserproject'])
|
if($q->rowCount()<$config['minmentorserproject'])
|
||||||
return "incomplete";
|
return "incomplete";
|
||||||
|
|
||||||
while($r=mysql_fetch_object($q))
|
while($r=$q->fetch(PDO::FETCH_OBJ))
|
||||||
{
|
{
|
||||||
foreach ($required_fields AS $req)
|
foreach ($required_fields AS $req)
|
||||||
{
|
{
|
||||||
@ -201,15 +206,17 @@ function safetyStatus($reg_id="")
|
|||||||
else $rid=$_SESSION['registration_id'];
|
else $rid=$_SESSION['registration_id'];
|
||||||
|
|
||||||
//grab all of their answers
|
//grab all of their answers
|
||||||
$q=mysql_query("SELECT * FROM safety WHERE registrations_id='$rid'");
|
$q=$pdo->prepare("SELECT * FROM safety WHERE registrations_id='$rid'");
|
||||||
while($r=mysql_fetch_object($q))
|
$q->execute();
|
||||||
|
while($r=$q->fetch(PDO::FETCH_OBJ))
|
||||||
{
|
{
|
||||||
$safetyanswers[$r->safetyquestions_id]=$r->answer;
|
$safetyanswers[$r->safetyquestions_id]=$r->answer;
|
||||||
}
|
}
|
||||||
|
|
||||||
//now grab all the questions
|
//now grab all the questions
|
||||||
$q=mysql_query("SELECT * FROM safetyquestions WHERE year='".$config['FAIRYEAR']."' ORDER BY ord");
|
$q=$pdo->prepare("SELECT * FROM safetyquestions WHERE year='".$config['FAIRYEAR']."' ORDER BY ord");
|
||||||
while($r=mysql_fetch_object($q))
|
$q->execute();
|
||||||
|
while($r=$q->fetch(PDO::FETCH_OBJ))
|
||||||
{
|
{
|
||||||
if($r->required=="yes" && !$safetyanswers[$r->id])
|
if($r->required=="yes" && !$safetyanswers[$r->id])
|
||||||
{
|
{
|
||||||
@ -226,11 +233,12 @@ function spawardStatus($reg_id="")
|
|||||||
if($reg_id) $rid=$reg_id;
|
if($reg_id) $rid=$reg_id;
|
||||||
else $rid=$_SESSION['registration_id'];
|
else $rid=$_SESSION['registration_id'];
|
||||||
|
|
||||||
$q=mysql_query("SELECT * FROM projects WHERE registrations_id='$rid'");
|
$q=$pdo->prepare("SELECT * FROM projects WHERE registrations_id='$rid'");
|
||||||
$project=mysql_fetch_object($q);
|
$q->execute();
|
||||||
|
$project=$q->fetch(PDO::FETCH_OBJ);
|
||||||
|
|
||||||
/* We want this query to get any awards with a NULL award_awards_id */
|
/* We want this query to get any awards with a NULL award_awards_id */
|
||||||
$awardsq=mysql_query("SELECT
|
$awardsq=$pdo->prepare("SELECT
|
||||||
projects.id AS projects_id
|
projects.id AS projects_id
|
||||||
FROM
|
FROM
|
||||||
project_specialawards_link,
|
project_specialawards_link,
|
||||||
@ -239,8 +247,9 @@ function spawardStatus($reg_id="")
|
|||||||
project_specialawards_link.projects_id='".$project->id."'
|
project_specialawards_link.projects_id='".$project->id."'
|
||||||
AND projects.year='".$config['FAIRYEAR']."'
|
AND projects.year='".$config['FAIRYEAR']."'
|
||||||
");
|
");
|
||||||
|
$awardsq->execute();
|
||||||
|
|
||||||
if(mysql_num_rows($awardsq))
|
if($awardsq->rowCount())
|
||||||
return "complete";
|
return "complete";
|
||||||
else
|
else
|
||||||
return "incomplete";
|
return "incomplete";
|
||||||
@ -254,19 +263,20 @@ function tourStatus($reg_id="")
|
|||||||
else $rid=$_SESSION['registration_id'];
|
else $rid=$_SESSION['registration_id'];
|
||||||
|
|
||||||
/* Get the students for this project */
|
/* Get the students for this project */
|
||||||
$q=mysql_query("SELECT * FROM students WHERE registrations_id='$rid' AND year='".$config['FAIRYEAR']."'");
|
$q=$pdo->prepare("SELECT * FROM students WHERE registrations_id='$rid' AND year='".$config['FAIRYEAR']."'");
|
||||||
$num_found = mysql_num_rows($q);
|
$q->execute();
|
||||||
|
$num_found = $q->rowCount();
|
||||||
|
|
||||||
$ret = "complete";
|
$ret = "complete";
|
||||||
while($s=mysql_fetch_object($q)) {
|
while($s=$q->fetch(PDO::FETCH_OBJ)) {
|
||||||
//grab all of their tour prefs
|
//grab all of their tour prefs
|
||||||
$sid = $s->id;
|
$sid = $s->id;
|
||||||
$qq=mysql_query("SELECT * FROM tours_choice WHERE students_id='$sid' and year='{$config['FAIRYEAR']}' ORDER BY rank");
|
$qq=$pdo->prepare("SELECT * FROM tours_choice WHERE students_id='$sid' and year='{$config['FAIRYEAR']}' ORDER BY rank");
|
||||||
|
$qq->execute();
|
||||||
$n_tours = mysql_num_rows($qq);
|
$n_tours = $qq->rowCount();
|
||||||
if($n_tours > 0) {
|
if($n_tours > 0) {
|
||||||
/* See if there's a rank 0 tour (rank 0 == their tour assignment) */
|
/* See if there's a rank 0 tour (rank 0 == their tour assignment) */
|
||||||
$i = mysql_fetch_object($qq);
|
$i = $qq->fetch(PDO::FETCH_OBJ);
|
||||||
if($i->rank == 0) {
|
if($i->rank == 0) {
|
||||||
/* Yes, there is, no matter what, this student's tour
|
/* Yes, there is, no matter what, this student's tour
|
||||||
* selection is complete. */
|
* selection is complete. */
|
||||||
@ -289,16 +299,18 @@ function namecheckStatus($reg_id="")
|
|||||||
global $config;
|
global $config;
|
||||||
|
|
||||||
if($reg_id) {
|
if($reg_id) {
|
||||||
$q=mysql_query("SELECT * FROM students WHERE
|
$q=$pdo->prepare("SELECT * FROM students WHERE
|
||||||
registrations_id='$reg_id'
|
registrations_id='$reg_id'
|
||||||
|
$q->execute();
|
||||||
AND year='".$config['FAIRYEAR']."'");
|
AND year='".$config['FAIRYEAR']."'");
|
||||||
} else {
|
} else {
|
||||||
$q=mysql_query("SELECT * FROM students WHERE
|
$q=$pdo->prepare("SELECT * FROM students WHERE
|
||||||
id='{$_SESSION['students_id']}'");
|
id='{$_SESSION['students_id']}'");
|
||||||
}
|
$q->execute();
|
||||||
|
}
|
||||||
|
|
||||||
/* Get the students for this project */
|
/* Get the students for this project */
|
||||||
while($s=mysql_fetch_object($q)) {
|
while($s=$q->fetch(PDO::FETCH_OBJ)) {
|
||||||
if($s->namecheck_complete == 'no') {
|
if($s->namecheck_complete == 'no') {
|
||||||
return 'incomplete';
|
return 'incomplete';
|
||||||
}
|
}
|
||||||
@ -313,7 +325,7 @@ function generateProjectNumber($registration_id)
|
|||||||
|
|
||||||
$reg_id = $registration_id;
|
$reg_id = $registration_id;
|
||||||
|
|
||||||
$q=mysql_query("SELECT projects.projectcategories_id,
|
$q=$pdo->prepare("SELECT projects.projectcategories_id,
|
||||||
projects.projectdivisions_id,
|
projects.projectdivisions_id,
|
||||||
projectcategories.category_shortform,
|
projectcategories.category_shortform,
|
||||||
projectdivisions.division_shortform
|
projectdivisions.division_shortform
|
||||||
@ -328,8 +340,9 @@ function generateProjectNumber($registration_id)
|
|||||||
AND projectcategories.year='{$config['FAIRYEAR']}'
|
AND projectcategories.year='{$config['FAIRYEAR']}'
|
||||||
AND projectdivisions.year='{$config['FAIRYEAR']}'
|
AND projectdivisions.year='{$config['FAIRYEAR']}'
|
||||||
");
|
");
|
||||||
echo mysql_error();
|
$q->execute();
|
||||||
$r=mysql_fetch_object($q);
|
echo $pdo->errorInfo();
|
||||||
|
$r=$q->fetch(PDO::FETCH_OBJ);
|
||||||
|
|
||||||
$p=array('number'=>array(), 'sort'=>array() );
|
$p=array('number'=>array(), 'sort'=>array() );
|
||||||
$p['number']['str'] = $config['project_num_format'];
|
$p['number']['str'] = $config['project_num_format'];
|
||||||
@ -359,14 +372,15 @@ function generateProjectNumber($registration_id)
|
|||||||
/* Build a total list of projects for finding a global number, and
|
/* Build a total list of projects for finding a global number, and
|
||||||
* while constructing the list, build a list for the division/cat
|
* while constructing the list, build a list for the division/cat
|
||||||
* sequence number */
|
* sequence number */
|
||||||
$q = mysql_query("SELECT projectnumber_seq,projectsort_seq,
|
$q = $pdo->prepare("SELECT projectnumber_seq,projectsort_seq,
|
||||||
projectdivisions_id,projectcategories_id
|
projectdivisions_id,projectcategories_id
|
||||||
FROM projects
|
FROM projects
|
||||||
WHERE year='{$config['FAIRYEAR']}'
|
WHERE year='{$config['FAIRYEAR']}'
|
||||||
AND projectnumber_seq!='0'
|
AND projectnumber_seq!='0'
|
||||||
AND projectnumber IS NOT NULL");
|
AND projectnumber IS NOT NULL");
|
||||||
echo mysql_error();
|
$q->execute();
|
||||||
while($i = mysql_fetch_object($q)) {
|
echo $pdo->errorInfo();
|
||||||
|
while($i = $q->fetch(PDO::FETCH_OBJ)) {
|
||||||
if( ($r->projectdivisions_id == $i->projectdivisions_id)
|
if( ($r->projectdivisions_id == $i->projectdivisions_id)
|
||||||
&&($r->projectcategories_id == $i->projectcategories_id) ) {
|
&&($r->projectcategories_id == $i->projectcategories_id) ) {
|
||||||
$p['number']['n_used'][] = $i->projectnumber_seq;
|
$p['number']['n_used'][] = $i->projectnumber_seq;
|
||||||
@ -439,23 +453,26 @@ function computeRegistrationFee($regid)
|
|||||||
$ret = array();
|
$ret = array();
|
||||||
|
|
||||||
$regfee_items = array();
|
$regfee_items = array();
|
||||||
$q = mysql_query("SELECT * FROM regfee_items
|
$q = $pdo->prepare("SELECT * FROM regfee_items
|
||||||
WHERE year='{$config['FAIRYEAR']}'");
|
WHERE year='{$config['FAIRYEAR']}'");
|
||||||
while($i = mysql_fetch_assoc($q)) $regfee_items[] = $i;
|
$q->execute();
|
||||||
|
while($i = $q->fetch(PDO::FETCH_ASSOC)) $regfee_items[] = $i;
|
||||||
|
|
||||||
$q=mysql_query("SELECT * FROM students WHERE registrations_id='$regid' AND year='".$config['FAIRYEAR']."'");
|
$q=$pdo->prepare("SELECT * FROM students WHERE registrations_id='$regid' AND year='".$config['FAIRYEAR']."'");
|
||||||
$n_students = mysql_num_rows($q);
|
$q->execute();
|
||||||
|
$n_students = $q->rowCount();
|
||||||
$n_tshirts = 0;
|
$n_tshirts = 0;
|
||||||
$sel = array();
|
$sel = array();
|
||||||
while($s = mysql_fetch_object($q)) {
|
while($s = $q->fetch(PDO::FETCH_OBJ)) {
|
||||||
if($s->tshirt != 'none') $n_tshirts++;
|
if($s->tshirt != 'none') $n_tshirts++;
|
||||||
|
|
||||||
/* Check their regfee items too */
|
/* Check their regfee items too */
|
||||||
if($config['participant_regfee_items_enable'] != 'yes') continue;
|
if($config['participant_regfee_items_enable'] != 'yes') continue;
|
||||||
|
|
||||||
$sel_q = mysql_query("SELECT * FROM regfee_items_link
|
$sel_q = $pdo->prepare("SELECT * FROM regfee_items_link
|
||||||
WHERE students_id={$s->id}");
|
WHERE students_id={$s->id}");
|
||||||
while($info_q = mysql_fetch_assoc($sel_q)) {
|
$sel_q->execute();
|
||||||
|
while($info_q = $selq->fetch(PDO::FETCH_ASSOC)) {
|
||||||
$sel[] = $info_q['regfee_items_id'];
|
$sel[] = $info_q['regfee_items_id'];
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -31,14 +31,19 @@
|
|||||||
$datecheck = $q->fetch(PDO::FETCH_OBJ);
|
$datecheck = $q->fetch(PDO::FETCH_OBJ);
|
||||||
|
|
||||||
if($_POST['action']=="new") {
|
if($_POST['action']=="new") {
|
||||||
$q=mysql_query("SELECT email,num,id,schools_id FROM registrations WHERE email='".$_SESSION['email']."' AND num='".$_POST['regnum']."' AND year=".$config['FAIRYEAR']);
|
$q=$pdo->prepare("SELECT email,num,id,schools_id FROM registrations WHERE email='".$_SESSION['email']."' AND num='".$_POST['regnum']."' AND year=".$config['FAIRYEAR']);
|
||||||
if(mysql_num_rows($q)) {
|
$q->execute();
|
||||||
$r=mysql_fetch_object($q);
|
if($q->rowCount()) {
|
||||||
|
$r=$q->fetch(PDO::FETCH_OBJ);
|
||||||
$_SESSION['registration_number']=$r->num;
|
$_SESSION['registration_number']=$r->num;
|
||||||
$_SESSION['registration_id']=$r->id;
|
$_SESSION['registration_id']=$r->id;
|
||||||
mysql_query("INSERT INTO students (registrations_id,email,schools_id,year) VALUES ('$r->id','".mysql_escape_string($_SESSION['email'])."','".$r->schools_id."','".$config['FAIRYEAR']."')");
|
$stmt = $pdo->prepare("INSERT INTO students (registrations_id,email,schools_id,year) VALUES ('$r->id','".$_SESSION['email']."','".$r->schools_id."','".$config['FAIRYEAR']."')");
|
||||||
mysql_query("UPDATE registrations SET status='open' WHERE id='$r->id'");
|
|
||||||
|
|
||||||
|
$stmt = $pdo->prepare("UPDATE registrations SET status='open' WHERE id='$r->id'");
|
||||||
|
$stmt->execute();
|
||||||
|
|
||||||
|
|
||||||
|
$stmt->execute();
|
||||||
header("Location: register_participants_main.php");
|
header("Location: register_participants_main.php");
|
||||||
exit;
|
exit;
|
||||||
|
|
||||||
@ -52,17 +57,18 @@
|
|||||||
}
|
}
|
||||||
else if($_POST['action']=="continue") {
|
else if($_POST['action']=="continue") {
|
||||||
if($_POST['email'])
|
if($_POST['email'])
|
||||||
$_SESSION['email']=stripslashes(mysql_escape_string($_POST['email']));
|
$_SESSION['email']=stripslashes($_POST['email']);
|
||||||
|
|
||||||
$q=mysql_query("SELECT registrations.id AS regid, registrations.num AS regnum, students.id AS studentid, students.firstname FROM registrations,students ".
|
$q=$pdo->prepare("SELECT registrations.id AS regid, registrations.num AS regnum, students.id AS studentid, students.firstname FROM registrations,students ".
|
||||||
"WHERE students.email='".$_SESSION['email']."' ".
|
"WHERE students.email='".$_SESSION['email']."' ".
|
||||||
"AND registrations.num='".intval($_POST['regnum'])."' ".
|
"AND registrations.num='".intval($_POST['regnum'])."' ".
|
||||||
"AND students.registrations_id=registrations.id ".
|
"AND students.registrations_id=registrations.id ".
|
||||||
"AND registrations.year=".$config['FAIRYEAR']." ".
|
"AND registrations.year=".$config['FAIRYEAR']." ".
|
||||||
"AND students.year=".$config['FAIRYEAR']);
|
"AND students.year=".$config['FAIRYEAR']);
|
||||||
|
$q->execute();
|
||||||
|
|
||||||
if(mysql_num_rows($q)) {
|
if($q->rowCount()) {
|
||||||
$r=mysql_fetch_object($q);
|
$r=$q->fetch(PDO::FETCH_OBJ);
|
||||||
$_SESSION['registration_number']=$r->regnum;
|
$_SESSION['registration_number']=$r->regnum;
|
||||||
$_SESSION['registration_id']=$r->regid;
|
$_SESSION['registration_id']=$r->regid;
|
||||||
$_SESSION['students_id']=$r->studentid;
|
$_SESSION['students_id']=$r->studentid;
|
||||||
@ -78,24 +84,26 @@
|
|||||||
}
|
}
|
||||||
else if($_GET['action']=="resend" && $_SESSION['email']) {
|
else if($_GET['action']=="resend" && $_SESSION['email']) {
|
||||||
//first see if the email matches directly from the registrations table
|
//first see if the email matches directly from the registrations table
|
||||||
$q=mysql_query("SELECT registrations.num FROM
|
$q=$pdo->prepare("SELECT registrations.num FROM
|
||||||
registrations
|
registrations
|
||||||
WHERE
|
WHERE
|
||||||
registrations.email='".$_SESSION['email']."'
|
registrations.email='".$_SESSION['email']."'
|
||||||
AND registrations.year='".$config['FAIRYEAR']."'");
|
AND registrations.year='".$config['FAIRYEAR']."'");
|
||||||
if(mysql_num_rows($q))
|
$q->execute();
|
||||||
$r=mysql_fetch_object($q);
|
if($q->rowCount())
|
||||||
|
$r=$q->fetch(PDO::FETCH_OBJ);
|
||||||
else {
|
else {
|
||||||
|
|
||||||
//no match from registrations, so lets see if it matches from the students table
|
//no match from registrations, so lets see if it matches from the students table
|
||||||
$q=mysql_query("SELECT registrations.num FROM
|
$q=$pdo->prepare("SELECT registrations.num FROM
|
||||||
registrations,
|
registrations,
|
||||||
students
|
students
|
||||||
WHERE
|
WHERE
|
||||||
students.email='".$_SESSION['email']."'
|
students.email='".$_SESSION['email']."'
|
||||||
AND students.registrations_id=registrations.id
|
AND students.registrations_id=registrations.id
|
||||||
AND registrations.year='".$config['FAIRYEAR']."'");
|
AND registrations.year='".$config['FAIRYEAR']."'");
|
||||||
$r=mysql_fetch_object($q);
|
$q->execute();
|
||||||
|
$r=$q->fetch(PDO::FETCH_OBJ);
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -174,7 +182,7 @@ $q->execute();
|
|||||||
|
|
||||||
|
|
||||||
if($q->rowCount()>0) {
|
if($q->rowCount()>0) {
|
||||||
$r=mysql_fetch_object($q);
|
$r=$q->fetch(PDO::FETCH_OBJ);
|
||||||
// print_r($r);
|
// print_r($r);
|
||||||
echo i18n("Please enter your <b>registration number</b> in order to login");
|
echo i18n("Please enter your <b>registration number</b> in order to login");
|
||||||
echo "<input type=\"hidden\" name=\"action\" value=\"continue\">";
|
echo "<input type=\"hidden\" name=\"action\" value=\"continue\">";
|
||||||
@ -227,8 +235,9 @@ $q->execute();
|
|||||||
else if($config['participant_registration_type']=="schoolpassword") {
|
else if($config['participant_registration_type']=="schoolpassword") {
|
||||||
$showschoolpasswordform=true;
|
$showschoolpasswordform=true;
|
||||||
if($_POST['schoolpassword'] && $_POST['schoolid']) {
|
if($_POST['schoolpassword'] && $_POST['schoolid']) {
|
||||||
$q=mysql_query("SELECT registration_password FROM schools WHERE id='".$_POST['schoolid']."' AND year='".$config['FAIRYEAR']."'");
|
$q=$pdo->prepare("SELECT registration_password FROM schools WHERE id='".$_POST['schoolid']."' AND year='".$config['FAIRYEAR']."'");
|
||||||
$r=mysql_fetch_object($q);
|
$q->execute();
|
||||||
|
$r=$q->fetch(PDO::FETCH_OBJ);
|
||||||
|
|
||||||
if($_POST['schoolpassword']==$r->registration_password) {
|
if($_POST['schoolpassword']==$r->registration_password) {
|
||||||
$allownew=true;
|
$allownew=true;
|
||||||
@ -250,10 +259,11 @@ $q->execute();
|
|||||||
echo "<input type=\"hidden\" name=\"action\" value=\"login\">";
|
echo "<input type=\"hidden\" name=\"action\" value=\"login\">";
|
||||||
echo i18n("Email Address:")." ".$_SESSION['email']."<br />";
|
echo i18n("Email Address:")." ".$_SESSION['email']."<br />";
|
||||||
echo i18n("School: ");
|
echo i18n("School: ");
|
||||||
$q=mysql_query("SELECT id,school FROM schools WHERE year='".$config['FAIRYEAR']."' ORDER BY school");
|
$q=$pdo->prepare("SELECT id,school FROM schools WHERE year='".$config['FAIRYEAR']."' ORDER BY school");
|
||||||
|
$q->execute();
|
||||||
echo "<select name=\"schoolid\">";
|
echo "<select name=\"schoolid\">";
|
||||||
echo "<option value=\"\">".i18n("Choose your school")."</option>\n";
|
echo "<option value=\"\">".i18n("Choose your school")."</option>\n";
|
||||||
while($r=mysql_fetch_object($q))
|
while($r=$q->fetch(PDO::FETCH_OBJ))
|
||||||
echo "<option value=\"$r->id\">$r->school</option>\n";
|
echo "<option value=\"$r->id\">$r->school</option>\n";
|
||||||
echo "</select>";
|
echo "</select>";
|
||||||
echo "<br />";
|
echo "<br />";
|
||||||
@ -303,13 +313,14 @@ $q->execute();
|
|||||||
//random number between
|
//random number between
|
||||||
//100000 and 999999 (six digit integer)
|
//100000 and 999999 (six digit integer)
|
||||||
$regnum=rand(100000,999999);
|
$regnum=rand(100000,999999);
|
||||||
$q=mysql_query("SELECT * FROM registrations WHERE num='$regnum' AND year=".$config['FAIRYEAR']);
|
$q=$pdo->prepare("SELECT * FROM registrations WHERE num='$regnum' AND year=".$config['FAIRYEAR']);
|
||||||
}while(mysql_num_rows($q)>0);
|
$q->execute();
|
||||||
|
}while($q->rowCount()>0);
|
||||||
|
|
||||||
if(!$schoolidquery) $schoolidquery="null";
|
if(!$schoolidquery) $schoolidquery="null";
|
||||||
|
|
||||||
//actually insert it
|
//actually insert it
|
||||||
mysql_query("INSERT INTO registrations (num,email,start,status,schools_id,year) VALUES (".
|
$stmt = $pdo->prepare("INSERT INTO registrations (num,email,start,status,schools_id,year) VALUES (".
|
||||||
"'$regnum',".
|
"'$regnum',".
|
||||||
"'".$_SESSION['email']."',".
|
"'".$_SESSION['email']."',".
|
||||||
"NOW(),".
|
"NOW(),".
|
||||||
@ -317,6 +328,7 @@ $q->execute();
|
|||||||
$schoolidquery.",".
|
$schoolidquery.",".
|
||||||
$config['FAIRYEAR'].
|
$config['FAIRYEAR'].
|
||||||
")");
|
")");
|
||||||
|
$stmt->execute();
|
||||||
|
|
||||||
email_send("new_participant",$_SESSION['email'],array(),array("REGNUM"=>$regnum,"EMAIL"=>$_SESSION['email']));
|
email_send("new_participant",$_SESSION['email'],array(),array("REGNUM"=>$regnum,"EMAIL"=>$_SESSION['email']));
|
||||||
|
|
||||||
|
@ -38,22 +38,22 @@
|
|||||||
exit;
|
exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
$q=mysql_query("SELECT registrations.id AS regid, students.id AS studentid, students.firstname FROM registrations,students ".
|
$q=$pdo->prepare("SELECT registrations.id AS regid, students.id AS studentid, students.firstname FROM registrations,students ".
|
||||||
"WHERE students.email='".$_SESSION['email']."' ".
|
"WHERE students.email='".$_SESSION['email']."' ".
|
||||||
"AND registrations.num='".$_SESSION['registration_number']."' ".
|
"AND registrations.num='".$_SESSION['registration_number']."' ".
|
||||||
"AND registrations.id='".$_SESSION['registration_id']."' ".
|
"AND registrations.id='".$_SESSION['registration_id']."' ".
|
||||||
"AND students.registrations_id=registrations.id ".
|
"AND students.registrations_id=registrations.id ".
|
||||||
"AND registrations.year=".$config['FAIRYEAR']." ".
|
"AND registrations.year=".$config['FAIRYEAR']." ".
|
||||||
"AND students.year=".$config['FAIRYEAR']);
|
"AND students.year=".$config['FAIRYEAR']);
|
||||||
echo mysql_error();
|
echo $pdo->errorInfo();
|
||||||
|
|
||||||
if(mysql_num_rows($q)==0)
|
if($q->rowCount()==0)
|
||||||
{
|
{
|
||||||
header("Location: register_participants.php");
|
header("Location: register_participants.php");
|
||||||
exit;
|
exit;
|
||||||
|
|
||||||
}
|
}
|
||||||
$authinfo=mysql_fetch_object($q);
|
$authinfo=$q->fetch(PDO::FETCH_OBJ);
|
||||||
|
|
||||||
//send the header
|
//send the header
|
||||||
send_header("Participant Registration - Emergency Contact Information");
|
send_header("Participant Registration - Emergency Contact Information");
|
||||||
@ -82,8 +82,9 @@ echo mysql_error();
|
|||||||
//first, lets make sure this emergency contact really does belong to them
|
//first, lets make sure this emergency contact really does belong to them
|
||||||
foreach($_POST['ids'] AS $id)
|
foreach($_POST['ids'] AS $id)
|
||||||
{
|
{
|
||||||
$q=mysql_query("SELECT * FROM emergencycontact WHERE id='$id' AND registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'");
|
$q=$pdo->prepare("SELECT * FROM emergencycontact WHERE id='$id' AND registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'");
|
||||||
if(mysql_num_rows($q)==1) {
|
$q->execute();
|
||||||
|
if($q->rowCount()==1) {
|
||||||
$e=stripslashes($_POST['email'][$id]);
|
$e=stripslashes($_POST['email'][$id]);
|
||||||
if($_POST['relation'][$id]=="Parent" && $e && user_valid_email($e)) {
|
if($_POST['relation'][$id]=="Parent" && $e && user_valid_email($e)) {
|
||||||
if($u=user_load_by_email($e)) {
|
if($u=user_load_by_email($e)) {
|
||||||
@ -106,17 +107,18 @@ echo mysql_error();
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
mysql_query("UPDATE emergencycontact SET ".
|
$stmt = $pdo->prepare("UPDATE emergencycontact SET ".
|
||||||
"firstname='".mysql_escape_string(stripslashes($_POST['firstname'][$id]))."', ".
|
"firstname='".stripslashes($_POST['firstname'][$id])."', ".
|
||||||
"lastname='".mysql_escape_string(stripslashes($_POST['lastname'][$id]))."', ".
|
"lastname='".stripslashes($_POST['lastname'][$id])."', ".
|
||||||
"relation='".mysql_escape_string(stripslashes($_POST['relation'][$id]))."', ".
|
"relation='".stripslashes($_POST['relation'][$id])."', ".
|
||||||
"phone1='".mysql_escape_string(stripslashes($_POST['phone1'][$id]))."', ".
|
"phone1='".stripslashes($_POST['phone1'][$id])."', ".
|
||||||
"phone2='".mysql_escape_string(stripslashes($_POST['phone2'][$id]))."', ".
|
"phone2='".stripslashes($_POST['phone2'][$id])."', ".
|
||||||
"phone3='".mysql_escape_string(stripslashes($_POST['phone3'][$id]))."', ".
|
"phone3='".stripslashes($_POST['phone3'][$id])."', ".
|
||||||
"phone4='".mysql_escape_string(stripslashes($_POST['phone4'][$id]))."', ".
|
"phone4='".stripslashes($_POST['phone4'][$id])."', ".
|
||||||
"email='".mysql_escape_string(stripslashes($_POST['email'][$id]))."' ".
|
"email='".stripslashes($_POST['email'][$id])."' ".
|
||||||
"WHERE id='$id'");
|
"WHERE id='$id'");
|
||||||
echo mysql_error();
|
$stmt->execute();
|
||||||
|
echo $pdo->errorInfo();
|
||||||
echo notice(i18n("Emergency contact information successfully updated"));
|
echo notice(i18n("Emergency contact information successfully updated"));
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
@ -141,23 +143,25 @@ else if($newstatus=="complete")
|
|||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
$sq=mysql_query("SELECT id,firstname,lastname FROM students WHERE registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'");
|
$sq=$pdo->prepare("SELECT id,firstname,lastname FROM students WHERE registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'");
|
||||||
$numstudents=mysql_num_rows($sq);
|
$sq->execute();
|
||||||
|
$numstudents=$sq->rowCount();
|
||||||
|
|
||||||
echo "<form name=\"emergencycontactform\" method=\"post\" action=\"register_participants_emergencycontact.php\">\n";
|
echo "<form name=\"emergencycontactform\" method=\"post\" action=\"register_participants_emergencycontact.php\">\n";
|
||||||
echo "<input type=\"hidden\" name=\"action\" value=\"save\">\n";
|
echo "<input type=\"hidden\" name=\"action\" value=\"save\">\n";
|
||||||
|
|
||||||
while($sr=mysql_fetch_object($sq))
|
while($sr=$sq->fetch(PDO::FETCH_OBJ))
|
||||||
{
|
{
|
||||||
$q=mysql_query("SELECT * FROM emergencycontact WHERE registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."' AND students_id='$sr->id'");
|
$q=$pdo->prepare("SELECT * FROM emergencycontact WHERE registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."' AND students_id='$sr->id'");
|
||||||
|
$q->execute();
|
||||||
if(mysql_num_rows($q)==0) {
|
if($q->rowCount()==0) {
|
||||||
mysql_query("INSERT INTO emergencycontact (registrations_id,students_id,year) VALUES ('".$_SESSION['registration_id']."','".$sr->id."','".$config['FAIRYEAR']."')");
|
$stmt = $pdo->prepare("INSERT INTO emergencycontact (registrations_id,students_id,year) VALUES ('".$_SESSION['registration_id']."','".$sr->id."','".$config['FAIRYEAR']."')");
|
||||||
$id=mysql_insert_id();
|
$stmt->execute();
|
||||||
|
$id=$pdo->lastInsertId();
|
||||||
unset($r);
|
unset($r);
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
$r=mysql_fetch_object($q);
|
$r=$q->fetch(PDO::FETCH_OBJ);
|
||||||
$id=$r->id;
|
$id=$r->id;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -36,22 +36,23 @@
|
|||||||
exit;
|
exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
$q=mysql_query("SELECT registrations.id AS regid, students.id AS studentid, students.firstname FROM registrations,students ".
|
$q=$pdo->prepare("SELECT registrations.id AS regid, students.id AS studentid, students.firstname FROM registrations,students ".
|
||||||
"WHERE students.email='".$_SESSION['email']."' ".
|
"WHERE students.email='".$_SESSION['email']."' ".
|
||||||
"AND registrations.num='".$_SESSION['registration_number']."' ".
|
"AND registrations.num='".$_SESSION['registration_number']."' ".
|
||||||
"AND registrations.id='".$_SESSION['registration_id']."' ".
|
"AND registrations.id='".$_SESSION['registration_id']."' ".
|
||||||
"AND students.registrations_id=registrations.id ".
|
"AND students.registrations_id=registrations.id ".
|
||||||
"AND registrations.year=".$config['FAIRYEAR']." ".
|
"AND registrations.year=".$config['FAIRYEAR']." ".
|
||||||
"AND students.year=".$config['FAIRYEAR']);
|
"AND students.year=".$config['FAIRYEAR']);
|
||||||
echo mysql_error();
|
$q->execute();
|
||||||
|
echo $pdo->errorInfo();
|
||||||
|
|
||||||
if(mysql_num_rows($q)==0)
|
if($q->rowCount()==0)
|
||||||
{
|
{
|
||||||
header("Location: register_participants.php");
|
header("Location: register_participants.php");
|
||||||
exit;
|
exit;
|
||||||
|
|
||||||
}
|
}
|
||||||
$authinfo=mysql_fetch_object($q);
|
$authinfo=$q->fetch(PDO::FETCH_OBJ);
|
||||||
|
|
||||||
//send the header
|
//send the header
|
||||||
send_header("Participant Registration - ISEF Forms");
|
send_header("Participant Registration - ISEF Forms");
|
||||||
@ -70,12 +71,12 @@ echo mysql_error();
|
|||||||
//because it will be added below by the _FILES, and if its not added there then that means we just said yes and didnt upload anything
|
//because it will be added below by the _FILES, and if its not added there then that means we just said yes and didnt upload anything
|
||||||
//so removing it makes it go all red again so you are aware
|
//so removing it makes it go all red again so you are aware
|
||||||
|
|
||||||
mysql_query("DELETE FROM TC_ProjectForms WHERE ProjectID='$r->id' AND FormID='$k' AND `year`='$CURRENT_FAIRYEAR'");
|
$stmt = $po->prepare("DELETE FROM TC_ProjectForms WHERE ProjectID='$r->id' AND FormID='$k' AND `year`='$CURRENT_FAIRYEAR'");
|
||||||
|
$stmt->execute();
|
||||||
//just look at hte first letter, since its either "no:<id>" or "yes:<id>";
|
//just look at hte first letter, since its either "no:<id>" or "yes:<id>";
|
||||||
if($v[0]=="n")
|
if($v[0]=="n")
|
||||||
{
|
{
|
||||||
mysql_query("INSERT INTO TC_ProjectForms (`FormID`,`ProjectID`,`uploaded`,`dt`,`year`) VALUES (
|
$stmt = $pdo->prepare("INSERT INTO TC_ProjectForms (`FormID`,`ProjectID`,`uploaded`,`dt`,`year`) VALUES (
|
||||||
|
|
||||||
'$k',
|
'$k',
|
||||||
'$r->id',
|
'$r->id',
|
||||||
@ -83,6 +84,7 @@ echo mysql_error();
|
|||||||
NOW(),
|
NOW(),
|
||||||
'$CURRENT_FAIRYEAR'
|
'$CURRENT_FAIRYEAR'
|
||||||
)");
|
)");
|
||||||
|
$stmt->execute();
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -125,12 +127,14 @@ echo mysql_error();
|
|||||||
if($pgs) $p="'$pgs'";
|
if($pgs) $p="'$pgs'";
|
||||||
else $p="null";
|
else $p="null";
|
||||||
|
|
||||||
mysql_query("DELETE FROM TC_ProjectForms WHERE ProjectID='$r->id' AND FormID='$k' AND `year`='$CURRENT_FAIRYEAR'");
|
$stmt = $pdo->prepare("DELETE FROM TC_ProjectForms WHERE ProjectID='$r->id' AND FormID='$k' AND `year`='$CURRENT_FAIRYEAR'");
|
||||||
mysql_query("INSERT INTO TC_ProjectForms (`FormID`,`ProjectID`,`uploaded`,`filename`,`pages`,`dt`,`year`) VALUES (
|
$stmt->execute();
|
||||||
|
$stmt = $pdo->prepare("INSERT INTO TC_ProjectForms (`FormID`,`ProjectID`,`uploaded`,`filename`,`pages`,`dt`,`year`) VALUES (
|
||||||
|
$stmt->execute();
|
||||||
'$k',
|
'$k',
|
||||||
'$r->id',
|
'$r->id',
|
||||||
'1',
|
'1',
|
||||||
'".mysql_escape_string($_FILES['form']['name'][$k])."',
|
'".$_FILES['form']['name'][$k]."',
|
||||||
$p,
|
$p,
|
||||||
NOW(),
|
NOW(),
|
||||||
'$CURRENT_FAIRYEAR'
|
'$CURRENT_FAIRYEAR'
|
||||||
@ -176,11 +180,13 @@ echo mysql_error();
|
|||||||
if($_GET['action']=="delete" && $_GET['delete'])
|
if($_GET['action']=="delete" && $_GET['delete'])
|
||||||
{
|
{
|
||||||
//first we need to make sure that this is their own!
|
//first we need to make sure that this is their own!
|
||||||
$chq=mysql_query("SELECT * FROM TC_ProjectForms WHERE id='".$_GET['delete']."' AND ProjectID='$r->id' AND `year`='$CURRENT_FAIRYEAR'");
|
$chq=$pdo->prepare("SELECT * FROM TC_ProjectForms WHERE id='".$_GET['delete']."' AND ProjectID='$r->id' AND `year`='$CURRENT_FAIRYEAR'");
|
||||||
if($chr=mysql_fetch_object($chq))
|
$chq->execute();
|
||||||
|
if($chr=$chq->fetch(PDO::FETCH_OBJ))
|
||||||
{
|
{
|
||||||
@unlink($TCFORMSLOCATION."/".$CURRENT_FAIRYEAR."/$r->id/$chr->FormID.pdf");
|
@unlink($TCFORMSLOCATION."/".$CURRENT_FAIRYEAR."/$r->id/$chr->FormID.pdf");
|
||||||
mysql_query("DELETE FROM TC_ProjectForms WHERE id='".$_GET['delete']."' AND ProjectID='$r->id' AND `year`='$CURRENT_FAIRYEAR'");
|
$stmt = $pdo->prepare("DELETE FROM TC_ProjectForms WHERE id='".$_GET['delete']."' AND ProjectID='$r->id' AND `year`='$CURRENT_FAIRYEAR'");
|
||||||
|
$stmt->execute();
|
||||||
$display_happy=i18n("Form successfully deleted");
|
$display_happy=i18n("Form successfully deleted");
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
@ -245,7 +251,8 @@ function radiochange(o)
|
|||||||
}
|
}
|
||||||
*/
|
*/
|
||||||
|
|
||||||
$fq=mysql_query("SELECT * FROM isefforms ORDER BY name");
|
$fq=$pdo->prepare("SELECT * FROM isefforms ORDER BY name");
|
||||||
|
$fq->execute();
|
||||||
|
|
||||||
echo "<tr>";
|
echo "<tr>";
|
||||||
echo "<th>".i18n("Form")."</th>";
|
echo "<th>".i18n("Form")."</th>";
|
||||||
@ -254,7 +261,7 @@ function radiochange(o)
|
|||||||
echo "<th>".i18n("Upload / File")."</th>";
|
echo "<th>".i18n("Upload / File")."</th>";
|
||||||
echo "</tr>";
|
echo "</tr>";
|
||||||
|
|
||||||
while($fr=mysql_fetch_object($fq))
|
while($fr=$fq-fetch(PDO::FETCH_OBJ))
|
||||||
{
|
{
|
||||||
echo "<tr>";
|
echo "<tr>";
|
||||||
echo "<td valign=\"top\">";
|
echo "<td valign=\"top\">";
|
||||||
|
@ -39,22 +39,23 @@
|
|||||||
exit;
|
exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
$q=mysql_query("SELECT registrations.status AS status, registrations.id AS regid, students.id AS studentid, students.firstname FROM registrations,students ".
|
$q=$pdo->prepare("SELECT registrations.status AS status, registrations.id AS regid, students.id AS studentid, students.firstname FROM registrations,students ".
|
||||||
"WHERE students.email='".$_SESSION['email']."' ".
|
"WHERE students.email='".$_SESSION['email']."' ".
|
||||||
"AND registrations.num='".$_SESSION['registration_number']."' ".
|
"AND registrations.num='".$_SESSION['registration_number']."' ".
|
||||||
"AND registrations.id='".$_SESSION['registration_id']."' ".
|
"AND registrations.id='".$_SESSION['registration_id']."' ".
|
||||||
"AND students.registrations_id=registrations.id ".
|
"AND students.registrations_id=registrations.id ".
|
||||||
"AND registrations.year=".$config['FAIRYEAR']." ".
|
"AND registrations.year=".$config['FAIRYEAR']." ".
|
||||||
"AND students.year=".$config['FAIRYEAR']);
|
"AND students.year=".$config['FAIRYEAR']);
|
||||||
echo mysql_error();
|
$q->execute();
|
||||||
|
echo $pdo->errorInfo();
|
||||||
|
|
||||||
if(mysql_num_rows($q)==0)
|
if($q->rowCount()==0)
|
||||||
{
|
{
|
||||||
header("Location: register_participants.php?action=logout");
|
header("Location: register_participants.php?action=logout");
|
||||||
exit;
|
exit;
|
||||||
|
|
||||||
}
|
}
|
||||||
$r=mysql_fetch_object($q);
|
$r=$q->fetch(PDO::FETCH_OBJ);
|
||||||
send_header("Participant Registration - Summary");
|
send_header("Participant Registration - Summary");
|
||||||
|
|
||||||
//only display the named greeting if we have their name
|
//only display the named greeting if we have their name
|
||||||
@ -69,8 +70,9 @@ echo mysql_error();
|
|||||||
{
|
{
|
||||||
|
|
||||||
//now select their project number
|
//now select their project number
|
||||||
$q=mysql_query("SELECT projectnumber FROM projects WHERE registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'");
|
$q=$pdo->prepare("SELECT projectnumber FROM projects WHERE registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'");
|
||||||
$projectinfo=mysql_fetch_object($q);
|
$q->execute();
|
||||||
|
$projectinfo=$q->fetch(PDO::FETCH_OBJ);
|
||||||
|
|
||||||
if($r->status=="complete")
|
if($r->status=="complete")
|
||||||
{
|
{
|
||||||
@ -259,8 +261,9 @@ echo "<table><tr><td>";
|
|||||||
{
|
{
|
||||||
if($config['specialawardnomination']=="date")
|
if($config['specialawardnomination']=="date")
|
||||||
{
|
{
|
||||||
$q=mysql_query("SELECT (NOW()>'".$config['dates']['specawardregopen']."' AND NOW()<'".$config['dates']['specawardregclose']."') AS datecheck");
|
$q=$pdo->prepare("SELECT (NOW()>'".$config['dates']['specawardregopen']."' AND NOW()<'".$config['dates']['specawardregclose']."') AS datecheck");
|
||||||
$r=mysql_fetch_object($q);
|
$q->execute();
|
||||||
|
$r=$q->fetch(PDO::FETCH_OBJ);
|
||||||
//this will return 1 if its between the dates, 0 otherwise.
|
//this will return 1 if its between the dates, 0 otherwise.
|
||||||
if($r->datecheck==1)
|
if($r->datecheck==1)
|
||||||
{
|
{
|
||||||
@ -281,8 +284,9 @@ echo "<table><tr><td>";
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
$q=mysql_query("SELECT * FROM projects WHERE registrations_id='".$_SESSION['registration_id']."' AND year='{$config['FAIRYEAR']}'");
|
$q=$pdo->prepare("SELECT * FROM projects WHERE registrations_id='".$_SESSION['registration_id']."' AND year='{$config['FAIRYEAR']}'");
|
||||||
$project=mysql_fetch_object($q);
|
$q->execute();
|
||||||
|
$project=$q->fetch(PDO::FETCH_OBJ);
|
||||||
$nominatedawards=getSpecialAwardsNominatedForProject($project->id);
|
$nominatedawards=getSpecialAwardsNominatedForProject($project->id);
|
||||||
$num=count($nominatedawards);
|
$num=count($nominatedawards);
|
||||||
$noawards=getNominatedForNoSpecialAwardsForProject($project->id);
|
$noawards=getNominatedForNoSpecialAwardsForProject($project->id);
|
||||||
|
@ -37,22 +37,23 @@
|
|||||||
exit;
|
exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
$q=mysql_query("SELECT registrations.id AS regid, students.id AS studentid, students.firstname FROM registrations,students ".
|
$q=$pdo->prepare("SELECT registrations.id AS regid, students.id AS studentid, students.firstname FROM registrations,students ".
|
||||||
"WHERE students.email='".$_SESSION['email']."' ".
|
"WHERE students.email='".$_SESSION['email']."' ".
|
||||||
"AND registrations.num='".$_SESSION['registration_number']."' ".
|
"AND registrations.num='".$_SESSION['registration_number']."' ".
|
||||||
"AND registrations.id='".$_SESSION['registration_id']."' ".
|
"AND registrations.id='".$_SESSION['registration_id']."' ".
|
||||||
"AND students.registrations_id=registrations.id ".
|
"AND students.registrations_id=registrations.id ".
|
||||||
"AND registrations.year=".$config['FAIRYEAR']." ".
|
"AND registrations.year=".$config['FAIRYEAR']." ".
|
||||||
"AND students.year=".$config['FAIRYEAR']);
|
"AND students.year=".$config['FAIRYEAR']);
|
||||||
echo mysql_error();
|
$q->execute();
|
||||||
|
echo $pdo->errorInfo();
|
||||||
|
|
||||||
if(mysql_num_rows($q)==0)
|
if($q->rowCount()==0)
|
||||||
{
|
{
|
||||||
header("Location: register_participants.php");
|
header("Location: register_participants.php");
|
||||||
exit;
|
exit;
|
||||||
|
|
||||||
}
|
}
|
||||||
$r=mysql_fetch_object($q);
|
$r=$q->fetch(PDO::FETCH_OBJ);
|
||||||
|
|
||||||
send_header("Participant Registration - Mentor Information");
|
send_header("Participant Registration - Mentor Information");
|
||||||
echo "<a href=\"register_participants_main.php\"><< ".i18n("Back to Participant Registration Summary")."</a><br />";
|
echo "<a href=\"register_participants_main.php\"><< ".i18n("Back to Participant Registration Summary")."</a><br />";
|
||||||
@ -82,17 +83,18 @@ if($_POST['action']=="save")
|
|||||||
if($_POST['lastname'][$x])
|
if($_POST['lastname'][$x])
|
||||||
{
|
{
|
||||||
//INSERT new record
|
//INSERT new record
|
||||||
mysql_query("INSERT INTO mentors (registrations_id,firstname,lastname,email,phone,organization,position,description,year) VALUES (".
|
$stmt = $pdo->prepare("INSERT INTO mentors (registrations_id,firstname,lastname,email,phone,organization,position,description,year) VALUES (".
|
||||||
"'".$_SESSION['registration_id']."', ".
|
"'".$_SESSION['registration_id']."', ".
|
||||||
"'".mysql_escape_string(stripslashes($_POST['firstname'][$x]))."', ".
|
"'".stripslashes($_POST['firstname'][$x])."', ".
|
||||||
"'".mysql_escape_string(stripslashes($_POST['lastname'][$x]))."', ".
|
"'".stripslashes($_POST['lastname'][$x])."', ".
|
||||||
"'".mysql_escape_string(stripslashes($_POST['email'][$x]))."', ".
|
"'".stripslashes($_POST['email'][$x])."', ".
|
||||||
"'".mysql_escape_string(stripslashes($_POST['phone'][$x]))."', ".
|
"'".stripslashes($_POST['phone'][$x])."', ".
|
||||||
"'".mysql_escape_string(stripslashes($_POST['organization'][$x]))."', ".
|
"'".stripslashes($_POST['organization'][$x])."', ".
|
||||||
"'".mysql_escape_string(stripslashes($_POST['position'][$x]))."', ".
|
"'".stripslashes($_POST['position'][$x])."', ".
|
||||||
"'".mysql_escape_string(stripslashes($_POST['description'][$x]))."', ".
|
"'".stripslashes($_POST['description'][$x])."', ".
|
||||||
"'".$config['FAIRYEAR']."')");
|
"'".$config['FAIRYEAR']."')");
|
||||||
echo mysql_error();
|
$stmt->execute();
|
||||||
|
echo $pdo->errorInfo();
|
||||||
|
|
||||||
echo notice(i18n("%1 %2 successfully added",array($_POST['firstname'][$x],$_POST['lastname'][$x])));
|
echo notice(i18n("%1 %2 successfully added",array($_POST['firstname'][$x],$_POST['lastname'][$x])));
|
||||||
}
|
}
|
||||||
@ -101,15 +103,16 @@ if($_POST['action']=="save")
|
|||||||
else
|
else
|
||||||
{
|
{
|
||||||
//UPDATE existing record
|
//UPDATE existing record
|
||||||
mysql_query("UPDATE mentors SET ".
|
$stmt = $pdo->prepare("UPDATE mentors SET ".
|
||||||
"firstname='".mysql_escape_string(stripslashes($_POST['firstname'][$x]))."', ".
|
"firstname='".stripslashes($_POST['firstname'][$x])."', ".
|
||||||
"lastname='".mysql_escape_string(stripslashes($_POST['lastname'][$x]))."', ".
|
"lastname='".stripslashes($_POST['lastname'][$x])."', ".
|
||||||
"email='".mysql_escape_string(stripslashes($_POST['email'][$x]))."', ".
|
"email='".stripslashes($_POST['email'][$x])."', ".
|
||||||
"phone='".mysql_escape_string(stripslashes($_POST['phone'][$x]))."', ".
|
"phone='".stripslashes($_POST['phone'][$x])."', ".
|
||||||
"organization='".mysql_escape_string(stripslashes($_POST['organization'][$x]))."', ".
|
"organization='".stripslashes($_POST['organization'][$x])."', ".
|
||||||
"position='".mysql_escape_string(stripslashes($_POST['position'][$x]))."', ".
|
"position='".stripslashes($_POST['position'][$x])."', ".
|
||||||
"description='".mysql_escape_string(stripslashes($_POST['description'][$x]))."' ".
|
"description='".stripslashes($_POST['description'][$x])."' ".
|
||||||
"WHERE id='".$_POST['id'][$x]."'");
|
"WHERE id='".$_POST['id'][$x]."'");
|
||||||
|
$stmt->execute();
|
||||||
echo notice(i18n("%1 %2 successfully updated",array($_POST['firstname'][$x],$_POST['lastname'][$x])));
|
echo notice(i18n("%1 %2 successfully updated",array($_POST['firstname'][$x],$_POST['lastname'][$x])));
|
||||||
|
|
||||||
}
|
}
|
||||||
@ -128,10 +131,13 @@ if($_GET['action']=="removementor")
|
|||||||
else
|
else
|
||||||
{
|
{
|
||||||
//first make sure this is one belonging to this registration id
|
//first make sure this is one belonging to this registration id
|
||||||
$q=mysql_query("SELECT id FROM mentors WHERE id='".$_GET['removementor']."' AND registrations_id='".$_SESSION['registration_id']."'");
|
$q=$pdo->prepare("SELECT id FROM mentors WHERE id='".$_GET['removementor']."' AND registrations_id='".$_SESSION['registration_id']."'");
|
||||||
if(mysql_num_rows($q)==1)
|
$q->execute();
|
||||||
|
if($q->rowCount()==1)
|
||||||
{
|
{
|
||||||
mysql_query("DELETE FROM mentors WHERE id='".$_GET['removementor']."' AND registrations_id='".$_SESSION['registration_id']."'");
|
|
||||||
|
$stmt = $pdo->prepare("DELETE FROM mentors WHERE id='".$_GET['removementor']."' AND registrations_id='".$_SESSION['registration_id']."'");
|
||||||
|
$stmt->execute();
|
||||||
echo notice(i18n("Mentor successfully removed"));
|
echo notice(i18n("Mentor successfully removed"));
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
@ -145,17 +151,19 @@ if($_GET['action']=="removementor")
|
|||||||
|
|
||||||
//now query and display
|
//now query and display
|
||||||
|
|
||||||
$q=mysql_query("SELECT nummentors FROM registrations WHERE id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'");
|
$q=$pdo->prepare("SELECT nummentors FROM registrations WHERE id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'");
|
||||||
$r=mysql_fetch_object($q);
|
$q->execute();
|
||||||
|
$r=$q->fetch(PDO::FETCH_OBJ);
|
||||||
$registrations_nummentors=$r->nummentors;
|
$registrations_nummentors=$r->nummentors;
|
||||||
|
|
||||||
$q=mysql_query("SELECT * FROM mentors WHERE registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'");
|
$q=$pdo->prepare("SELECT * FROM mentors WHERE registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'");
|
||||||
|
$q->execute();
|
||||||
$numfound=mysql_num_rows($q);
|
$numfound=$q->rowCount();
|
||||||
|
|
||||||
if(isset($_GET['nummentors']))
|
if(isset($_GET['nummentors']))
|
||||||
{
|
{
|
||||||
mysql_query("UPDATE registrations SET nummentors='".$_GET['nummentors']."' WHERE id='".$_SESSION['registration_id']."'");
|
$stmt = $pdo->prepare("UPDATE registrations SET nummentors='".$_GET['nummentors']."' WHERE id='".$_SESSION['registration_id']."'");
|
||||||
|
$stmt->execute();
|
||||||
$registrations_nummentors=$_GET['nummentors'];
|
$registrations_nummentors=$_GET['nummentors'];
|
||||||
$numtoshow=$_GET['nummentors'];
|
$numtoshow=$_GET['nummentors'];
|
||||||
}
|
}
|
||||||
@ -198,7 +206,7 @@ else if($newstatus=="complete")
|
|||||||
echo "<input type=\"hidden\" name=\"action\" value=\"save\" />";
|
echo "<input type=\"hidden\" name=\"action\" value=\"save\" />";
|
||||||
for($x=1;$x<=$numtoshow;$x++)
|
for($x=1;$x<=$numtoshow;$x++)
|
||||||
{
|
{
|
||||||
$mentorinfo=mysql_fetch_object($q);
|
$mentorinfo=$q->fetch(PDO::FETCH_OBJ);
|
||||||
echo "<h3>".i18n("Mentor %1 Details",array($x))."</h3>";
|
echo "<h3>".i18n("Mentor %1 Details",array($x))."</h3>";
|
||||||
//if we have a valid mentor, set their ID, so we can UPDATE when we submit
|
//if we have a valid mentor, set their ID, so we can UPDATE when we submit
|
||||||
//if there is no record for this mentor, then set the ID to 0, so we will INSERT when we submit
|
//if there is no record for this mentor, then set the ID to 0, so we will INSERT when we submit
|
||||||
|
@ -38,15 +38,15 @@
|
|||||||
exit;
|
exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
$q=mysql_query("SELECT * FROM students WHERE registrations_id='{$_SESSION['registration_id']}'");
|
$q=$pdo->prepare("SELECT * FROM students WHERE registrations_id='{$_SESSION['registration_id']}'");
|
||||||
echo mysql_error();
|
echo $pdo->errorInfo();
|
||||||
|
|
||||||
if(mysql_num_rows($q)==0) {
|
if($q->rowCount()==0) {
|
||||||
header("Location: register_participants.php");
|
header("Location: register_participants.php");
|
||||||
exit;
|
exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
while($s=mysql_fetch_object($q)) {
|
while($s=$q->fetch(PDO::FETCH_OBJ)) {
|
||||||
$student_display_name[]="{$s->firstname} {$s->lastname}";
|
$student_display_name[]="{$s->firstname} {$s->lastname}";
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -66,9 +66,13 @@
|
|||||||
$pu = ($_POST['punc'] == 'yes') ? true : false;
|
$pu = ($_POST['punc'] == 'yes') ? true : false;
|
||||||
|
|
||||||
if($sp && $ca && $pu) {
|
if($sp && $ca && $pu) {
|
||||||
$q=mysql_query("UPDATE students SET namecheck_complete='yes' WHERE registrations_id='{$_SESSION['registration_id']}'");
|
$q=$pdo->prepare("UPDATE students SET namecheck_complete='yes' WHERE registrations_id='{$_SESSION['registration_id']}'");
|
||||||
|
|
||||||
|
$q->execute();
|
||||||
} else if($s->namecheck_complete!='no') {
|
} else if($s->namecheck_complete!='no') {
|
||||||
$q=mysql_query("UPDATE students SET namecheck_complete='no' WHERE registrations_id='{$_SESSION['registration_id']}'");
|
$q=$pdo->prepare("UPDATE students SET namecheck_complete='no' WHERE registrations_id='{$_SESSION['registration_id']}'");
|
||||||
|
$q->execute();
|
||||||
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -41,22 +41,23 @@
|
|||||||
exit;
|
exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
$q=mysql_query("SELECT registrations.id AS regid, students.id AS studentid, students.firstname FROM registrations,students ".
|
$q=$pdo->prepare("SELECT registrations.id AS regid, students.id AS studentid, students.firstname FROM registrations,students ".
|
||||||
"WHERE students.email='".$_SESSION['email']."' ".
|
"WHERE students.email='".$_SESSION['email']."' ".
|
||||||
"AND registrations.num='".$_SESSION['registration_number']."' ".
|
"AND registrations.num='".$_SESSION['registration_number']."' ".
|
||||||
"AND registrations.id='".$_SESSION['registration_id']."' ".
|
"AND registrations.id='".$_SESSION['registration_id']."' ".
|
||||||
"AND students.registrations_id=registrations.id ".
|
"AND students.registrations_id=registrations.id ".
|
||||||
"AND registrations.year=".$config['FAIRYEAR']." ".
|
"AND registrations.year=".$config['FAIRYEAR']." ".
|
||||||
"AND students.year=".$config['FAIRYEAR']);
|
"AND students.year=".$config['FAIRYEAR']);
|
||||||
echo mysql_error();
|
$q->execute();
|
||||||
|
echo $pdo->errorInfo();
|
||||||
|
|
||||||
if(mysql_num_rows($q)==0)
|
if($q->rowCount()==0)
|
||||||
{
|
{
|
||||||
header("Location: register_participants.php");
|
header("Location: register_participants.php");
|
||||||
exit;
|
exit;
|
||||||
|
|
||||||
}
|
}
|
||||||
$authinfo=mysql_fetch_object($q);
|
$authinfo=$q->fetch(PDO::FETCH_OBJ);
|
||||||
|
|
||||||
//send the header
|
//send the header
|
||||||
send_header("Participant Registration - Project Information");
|
send_header("Participant Registration - Project Information");
|
||||||
@ -86,8 +87,9 @@ echo mysql_error();
|
|||||||
else
|
else
|
||||||
{
|
{
|
||||||
//first, lets make sure this project really does belong to them
|
//first, lets make sure this project really does belong to them
|
||||||
$q=mysql_query("SELECT * FROM projects WHERE id='".$_POST['id']."' AND registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'");
|
$q=$pdo->prepare("SELECT * FROM projects WHERE id='".$_POST['id']."' AND registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'");
|
||||||
if(mysql_num_rows($q)==1)
|
$q->execute();
|
||||||
|
if($q->rowCount()==1)
|
||||||
{
|
{
|
||||||
$summarywords=preg_split("/[\s,]+/",$_POST['summary']);
|
$summarywords=preg_split("/[\s,]+/",$_POST['summary']);
|
||||||
$summarywordcount=count($summarywords);
|
$summarywordcount=count($summarywords);
|
||||||
@ -114,21 +116,22 @@ echo mysql_error();
|
|||||||
else
|
else
|
||||||
$shorttitle=stripslashes($_POST['shorttitle']);
|
$shorttitle=stripslashes($_POST['shorttitle']);
|
||||||
|
|
||||||
mysql_query("UPDATE projects SET ".
|
$stmt = $pdo->prepare("UPDATE projects SET ".
|
||||||
"title='".mysql_escape_string($title)."', ".
|
"title='".$title."', ".
|
||||||
"shorttitle='".mysql_escape_string($shorttitle)."', ".
|
"shorttitle='".$shorttitle."', ".
|
||||||
"projectdivisions_id='".intval($_POST['projectdivisions_id'])."', ".
|
"projectdivisions_id='".intval($_POST['projectdivisions_id']."', ".
|
||||||
"projecttype='".mysql_escape_string(stripslashes($_POST['projecttype']))."', ".
|
"projecttype='".stripslashes($_POST['projecttype'])."', ".
|
||||||
"language='".mysql_escape_string(stripslashes($_POST['language']))."', ".
|
"language='".stripslashes($_POST['language'])."', ".
|
||||||
"req_table='".mysql_escape_string(stripslashes($_POST['req_table']))."', ".
|
"req_table='".stripslashes($_POST['req_table'])."', ".
|
||||||
"req_electricity='".mysql_escape_string(stripslashes($_POST['req_electricity']))."', ".
|
"req_electricity='".stripslashes($_POST['req_electricity'])."', ".
|
||||||
"req_special='".mysql_escape_string(stripslashes($_POST['req_special']))."', ".
|
"req_special='".stripslashes($_POST['req_special'])."', ".
|
||||||
"human_participants='".mysql_escape_string(stripslashes($_POST['human_participants']))."', ".
|
"human_participants='".stripslashes($_POST['human_participants'])."', ".
|
||||||
"animal_participants='".mysql_escape_string(stripslashes($_POST['animal_participants']))."', ".
|
"animal_participants='".stripslashes($_POST['animal_participants'])."', ".
|
||||||
"summary='".mysql_escape_string(stripslashes($_POST['summary']))."', ".
|
"summary='".stripslashes($_POST['summary'])."', ".
|
||||||
"summarycountok='$summarycountok'".
|
"summarycountok='$summarycountok'".
|
||||||
"WHERE id='".$_POST['id']."'");
|
"WHERE id='".$_POST['id']."'");
|
||||||
echo mysql_error();
|
$stmt->execute();
|
||||||
|
echo $pdo->errorInfo();
|
||||||
echo notice(i18n("Project information successfully updated"));
|
echo notice(i18n("Project information successfully updated"));
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
@ -140,12 +143,14 @@ echo mysql_error();
|
|||||||
|
|
||||||
|
|
||||||
//now lets find out their MAX grade, so we can pre-set the Age Category
|
//now lets find out their MAX grade, so we can pre-set the Age Category
|
||||||
$q=mysql_query("SELECT MAX(grade) AS maxgrade FROM students WHERE registrations_id='".$_SESSION['registration_id']."'");
|
$q=$pdo->prepare("SELECT MAX(grade) AS maxgrade FROM students WHERE registrations_id='".$_SESSION['registration_id']."'");
|
||||||
$gradeinfo=mysql_fetch_object($q);
|
$q->execute();
|
||||||
|
$gradeinfo=$q->fetch(PDO::FETCH_OBJ);
|
||||||
|
|
||||||
//now lets grab all the age categories, so we can choose one based on the max grade
|
//now lets grab all the age categories, so we can choose one based on the max grade
|
||||||
$q=mysql_query("SELECT * FROM projectcategories WHERE year='".$config['FAIRYEAR']."' ORDER BY id");
|
$q=$pdo->prepare("SELECT * FROM projectcategories WHERE year='".$config['FAIRYEAR']."' ORDER BY id");
|
||||||
while($r=mysql_fetch_object($q))
|
$q->execute();
|
||||||
|
while($r=$q->fetch(PDO::FETCH_OBJ))
|
||||||
{
|
{
|
||||||
//save these in an array, just incase we need them later (FIXME: remove this array if we dont need it)
|
//save these in an array, just incase we need them later (FIXME: remove this array if we dont need it)
|
||||||
$agecategories[$r->id]['category']=$r->category;
|
$agecategories[$r->id]['category']=$r->category;
|
||||||
@ -158,22 +163,27 @@ echo mysql_error();
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
//now select their project info
|
//now select their project info
|
||||||
$q=mysql_query("SELECT * FROM projects WHERE registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'");
|
$q=$pdo->prepare("SELECT * FROM projects WHERE registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'");
|
||||||
//check if it exists, if we didnt find any record, lets insert one
|
$q->execute();
|
||||||
if(mysql_num_rows($q)==0)
|
/check if it exists, if we didnt find any record, lets insert one
|
||||||
|
if($q->rowCount()==0)
|
||||||
{
|
{
|
||||||
mysql_query("INSERT INTO projects (registrations_id,projectcategories_id,year) VALUES ('".$_SESSION['registration_id']."','$projectcategories_id','".$config['FAIRYEAR']."')");
|
$stmt = $pdo->prepare("INSERT INTO projects (registrations_id,projectcategories_id,year) VALUES ('".$_SESSION['registration_id']."','$projectcategories_id','".$config['FAIRYEAR']."')");
|
||||||
|
$stmt->execute();
|
||||||
//now query the one we just inserted
|
//now query the one we just inserted
|
||||||
$q=mysql_query("SELECT * FROM projects WHERE registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'");
|
|
||||||
}
|
$q=$pdo->prepare("SELECT * FROM projects WHERE registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'");
|
||||||
$projectinfo=mysql_fetch_object($q);
|
$q->execute();
|
||||||
|
}
|
||||||
|
$projectinfo=$q->fetch(PDO::FETCH_OBJ);
|
||||||
|
|
||||||
//make sure that if they changed their grade on the student page, we update their projectcategories_id accordingly
|
//make sure that if they changed their grade on the student page, we update their projectcategories_id accordingly
|
||||||
if($projectcategories_id && $projectinfo->projectcategories_id!=$projectcategories_id)
|
if($projectcategories_id && $projectinfo->projectcategories_id!=$projectcategories_id)
|
||||||
{
|
{
|
||||||
echo notice(i18n("Age category changed, updating to %1",array($agecategories[$projectcategories_id]['category'])));
|
echo notice(i18n("Age category changed, updating to %1",array($agecategories[$projectcategories_id]['category'])));
|
||||||
mysql_query("UPDATE projects SET projectcategories_id='$projectcategories_id' WHERE id='$projectinfo->id'");
|
$stmt = $pdo->prepare("UPDATE projects SET projectcategories_id='$projectcategories_id' WHERE id='$projectinfo->id'");
|
||||||
}
|
$stmt->execute();
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
@ -235,14 +245,16 @@ function countwords()
|
|||||||
|
|
||||||
//###### Feature Specific - filtering divisions by category
|
//###### Feature Specific - filtering divisions by category
|
||||||
if($config['filterdivisionbycategory']=="yes"){
|
if($config['filterdivisionbycategory']=="yes"){
|
||||||
$q=mysql_query("SELECT projectdivisions.* FROM projectdivisions,projectcategoriesdivisions_link WHERE projectdivisions.id=projectdivisions_id AND projectcategories_id=".$projectcategories_id." AND projectdivisions.year='".$config['FAIRYEAR']."' AND projectcategoriesdivisions_link.year='".$config['FAIRYEAR']."' ORDER BY division");
|
$q=$pdo->prepare("SELECT projectdivisions.* FROM projectdivisions,projectcategoriesdivisions_link WHERE projectdivisions.id=projectdivisions_id AND projectcategories_id=".$projectcategories_id." AND projectdivisions.year='".$config['FAIRYEAR']."' AND projectcategoriesdivisions_link.year='".$config['FAIRYEAR']."' ORDER BY division");
|
||||||
echo mysql_error();
|
$q->execute();
|
||||||
|
echo $pdo->errorInfo();
|
||||||
|
|
||||||
}else
|
}else
|
||||||
$q=mysql_query("SELECT * FROM projectdivisions WHERE year='".$config['FAIRYEAR']."' ORDER BY division");
|
$q=$pdo->prepare("SELECT * FROM projectdivisions WHERE year='".$config['FAIRYEAR']."' ORDER BY division");
|
||||||
echo "<select name=\"projectdivisions_id\">";
|
$q->execute();
|
||||||
|
echo "<select name=\"projectdivisions_id\">";
|
||||||
echo "<option value=\"\">".i18n("Select a division")."</option>\n";
|
echo "<option value=\"\">".i18n("Select a division")."</option>\n";
|
||||||
while($r=mysql_fetch_object($q))
|
while($r=$q->fetch(PDO::FETCH_OBJ))
|
||||||
{
|
{
|
||||||
if($r->id == $projectinfo->projectdivisions_id) $sel="selected=\"selected\""; else $sel="";
|
if($r->id == $projectinfo->projectdivisions_id) $sel="selected=\"selected\""; else $sel="";
|
||||||
echo "<option $sel value=\"$r->id\">".htmlspecialchars(i18n($r->division))."</option>\n";
|
echo "<option $sel value=\"$r->id\">".htmlspecialchars(i18n($r->division))."</option>\n";
|
||||||
@ -268,12 +280,13 @@ function countwords()
|
|||||||
echo "</td></tr>";
|
echo "</td></tr>";
|
||||||
|
|
||||||
if($config['project_type'] == 'yes'){
|
if($config['project_type'] == 'yes'){
|
||||||
$q=mysql_query("SELECT * FROM projecttypes ORDER BY type");
|
$q=$pdo->prepare("SELECT * FROM projecttypes ORDER BY type");
|
||||||
|
$q->execute();
|
||||||
echo "<tr><td>".i18n("Project Type").": </td><td>";
|
echo "<tr><td>".i18n("Project Type").": </td><td>";
|
||||||
echo "<select name=\"projecttype\">\n";
|
echo "<select name=\"projecttype\">\n";
|
||||||
echo "<option value=\"\">".i18n("Select a project")."</option>\n";
|
echo "<option value=\"\">".i18n("Select a project")."</option>\n";
|
||||||
|
|
||||||
while($r=mysql_fetch_object($q))
|
while($r=$q->fetch(PDO::FETCH_OBJ))
|
||||||
{
|
{
|
||||||
if($r->type == $projectinfo->projecttype)
|
if($r->type == $projectinfo->projecttype)
|
||||||
{
|
{
|
||||||
|
@ -37,32 +37,33 @@
|
|||||||
exit;
|
exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
$q=mysql_query("SELECT registrations.id AS regid, students.id AS studentid, students.firstname FROM registrations,students ".
|
$q=$pdo->prepare("SELECT registrations.id AS regid, students.id AS studentid, students.firstname FROM registrations,students ".
|
||||||
"WHERE students.email='".$_SESSION['email']."' ".
|
"WHERE students.email='".$_SESSION['email']."' ".
|
||||||
"AND registrations.num='".$_SESSION['registration_number']."' ".
|
"AND registrations.num='".$_SESSION['registration_number']."' ".
|
||||||
"AND registrations.id='".$_SESSION['registration_id']."' ".
|
"AND registrations.id='".$_SESSION['registration_id']."' ".
|
||||||
"AND students.registrations_id=registrations.id ".
|
"AND students.registrations_id=registrations.id ".
|
||||||
"AND registrations.year=".$config['FAIRYEAR']." ".
|
"AND registrations.year=".$config['FAIRYEAR']." ".
|
||||||
"AND students.year=".$config['FAIRYEAR']);
|
"AND students.year=".$config['FAIRYEAR']);
|
||||||
echo mysql_error();
|
$q->execute();
|
||||||
|
echo $pdo->errorInfo();
|
||||||
|
|
||||||
if(mysql_num_rows($q)==0)
|
if($q->rowCount()==0)
|
||||||
{
|
{
|
||||||
header("Location: register_participants.php");
|
header("Location: register_participants.php");
|
||||||
exit;
|
exit;
|
||||||
|
|
||||||
}
|
}
|
||||||
$authinfo=mysql_fetch_object($q);
|
$authinfo=$q->fetch(PDO::FETCH_OBJ);
|
||||||
|
|
||||||
?>
|
?>
|
||||||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||||||
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
|
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
|
||||||
<head><title><?=i18n("Division Selector")?></title>
|
<head><title><?=i18n("Division Selector")?></title>
|
||||||
<link rel="stylesheet" href="<?=$config['SFIABDIRECTORY']?>/sfiab.css" type="text/css" />
|
<link rel="stylesheet" href="<?=$config['SFIABDIRECTORY']?>/sfiab.css" type="text/css" />
|
||||||
</head>
|
</head>testi-bg.jpg
|
||||||
<body>
|
<body>
|
||||||
<?
|
<?
|
||||||
echo "<div id=\"emptypopup\">";
|
echo "<div id=\"emptypopup\">";testi-bg.jpg
|
||||||
|
|
||||||
if($_GET['division'])
|
if($_GET['division'])
|
||||||
{
|
{
|
||||||
@ -72,8 +73,9 @@ echo mysql_error();
|
|||||||
opener.document.forms.projectform.projectdivisions_id.selectedIndex=<?=$_GET['division']?>
|
opener.document.forms.projectform.projectdivisions_id.selectedIndex=<?=$_GET['division']?>
|
||||||
</script>
|
</script>
|
||||||
<?
|
<?
|
||||||
$q=mysql_query("SELECT * FROM projectdivisions WHERE id='".$_GET['division']."'");
|
$q=$pdo->prepare("SELECT * FROM projectdivisions WHERE id='".$_GET['division']."'");
|
||||||
$r=mysql_fetch_object($q);
|
$q->execute();
|
||||||
|
$r=$q->fetch(PDO::FETCH_OBJ);
|
||||||
echo "<h2>".i18n($r->division)."</h2>\n";
|
echo "<h2>".i18n($r->division)."</h2>\n";
|
||||||
echo "<a href=\"".$_SERVER['PHP_SELF']."\">".i18n("Restart division selector")."</a>";
|
echo "<a href=\"".$_SERVER['PHP_SELF']."\">".i18n("Restart division selector")."</a>";
|
||||||
echo "<br />";
|
echo "<br />";
|
||||||
@ -87,8 +89,9 @@ echo mysql_error();
|
|||||||
$id=1;
|
$id=1;
|
||||||
else
|
else
|
||||||
$id=$_GET['id'];
|
$id=$_GET['id'];
|
||||||
$q=mysql_query("SELECT * FROM projectdivisionsselector WHERE id='$id'");
|
$q=$pdo->prepare("SELECT * FROM projectdivisionsselector WHERE id='$id'");
|
||||||
$r=mysql_fetch_object($q);
|
$q->execute();
|
||||||
|
$r=$q->fetch(PDO::FETCH_OBJ);
|
||||||
echo i18n($r->question);
|
echo i18n($r->question);
|
||||||
echo "<br />";
|
echo "<br />";
|
||||||
echo "<br />";
|
echo "<br />";
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
<?
|
<?
|
||||||
/*
|
/* mysql_query
|
||||||
This file is part of the 'Science Fair In A Box' project
|
This file is part of the 'Science Fair In A Box' project
|
||||||
SFIAB Website: http://www.sfiab.ca
|
SFIAB Website: http://www.sfiab.ca
|
||||||
|
|
||||||
@ -35,20 +35,21 @@
|
|||||||
exit;
|
exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
$q=mysql_query("SELECT registrations.id AS regid, students.id AS studentid, students.firstname FROM registrations,students ".
|
$q=$pdo->prepare("SELECT registrations.id AS regid, students.id AS studentid, students.firstname FROM registrations,students ".
|
||||||
"WHERE students.email='".$_SESSION['email']."' ".
|
"WHERE students.email='".$_SESSION['email']."' ".
|
||||||
"AND registrations.num='".$_SESSION['registration_number']."' ".
|
"AND registrations.num='".$_SESSION['registration_number']."' ".
|
||||||
"AND registrations.id='".$_SESSION['registration_id']."' ".
|
"AND registrations.id='".$_SESSION['registration_id']."' ".
|
||||||
"AND students.registrations_id=registrations.id ".
|
"AND students.registrations_id=registrations.id ".
|
||||||
"AND registrations.year=".$config['FAIRYEAR']." ".
|
"AND registrations.year=".$config['FAIRYEAR']." ".
|
||||||
"AND students.year=".$config['FAIRYEAR']);
|
"AND students.year=".$config['FAIRYEAR']);
|
||||||
echo mysql_error();
|
$q->execute();
|
||||||
|
echo $pdo->errorInfo();
|
||||||
|
|
||||||
if(mysql_num_rows($q)==0) {
|
if($q->rowCount()==0) {
|
||||||
header("Location: register_participants.php");
|
header("Location: register_participants.php");
|
||||||
exit;
|
exit;
|
||||||
}
|
}
|
||||||
$authinfo=mysql_fetch_object($q);
|
$authinfo=$q->fetch(PDO::FETCH_OBJ);
|
||||||
|
|
||||||
//send the header
|
//send the header
|
||||||
send_header("Participant Registration - Safety Information");
|
send_header("Participant Registration - Safety Information");
|
||||||
@ -65,16 +66,18 @@ echo mysql_error();
|
|||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
//first we will delete all their old answer, its easier to delete and re-insert in this case then it would be to find the corresponding answers and update them
|
//first we will delete all their old answer, its easier to delete and re-insert in this case then it would be to find the corresponding answers and update them
|
||||||
mysql_query("DELETE FROM safety WHERE registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'");
|
$stmt = $pdo->prepare("DELETE FROM safety WHERE registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'");
|
||||||
|
$stmt->execute();
|
||||||
if(is_array($_POST['safety'])) {
|
if(is_array($_POST['safety'])) {
|
||||||
$safetyids=array_keys($_POST['safety']);
|
$safetyids=array_keys($_POST['safety']);
|
||||||
foreach($safetyids AS $key=>$val) {
|
foreach($safetyids AS $key=>$val) {
|
||||||
mysql_query("INSERT INTO safety (registrations_id,safetyquestions_id,year,answer) VALUES (".
|
$stmt = $pdo->prepare("INSERT INTO safety (registrations_id,safetyquestions_id,year,answer) VALUES (".
|
||||||
"'".$_SESSION['registration_id']."', ".
|
"'".$_SESSION['registration_id']."', ".
|
||||||
"'$val', ".
|
"'$val', ".
|
||||||
"'".$config['FAIRYEAR']."', ".
|
"'".$config['FAIRYEAR']."', ".
|
||||||
"'".mysql_escape_string(stripslashes($_POST['safety'][$val]))."')");
|
"'".stripslashes($_POST['safety'][$val]))."')";
|
||||||
echo mysql_error();
|
$stmt->execute();
|
||||||
|
echo $pdo->errorInfo();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -89,13 +92,15 @@ else if($newstatus=="complete") {
|
|||||||
echo happy(i18n("Safety Information Complete"));
|
echo happy(i18n("Safety Information Complete"));
|
||||||
}
|
}
|
||||||
|
|
||||||
$q=mysql_query("SELECT * FROM safety WHERE registrations_id='".$_SESSION['registration_id']."'");
|
$q=$pdo->prepare("SELECT * FROM safety WHERE registrations_id='".$_SESSION['registration_id']."'");
|
||||||
while($r=mysql_fetch_object($q)) {
|
$q->execute();
|
||||||
|
while($r=$q->fetch(PDO::FETCH_OBJ)) {
|
||||||
$safetyanswers[$r->safetyquestions_id]=$r->answer;
|
$safetyanswers[$r->safetyquestions_id]=$r->answer;
|
||||||
}
|
}
|
||||||
|
|
||||||
$q=mysql_query("SELECT * FROM safetyquestions WHERE year='".$config['FAIRYEAR']."' ORDER BY ord");
|
$q=$pdo->prepare("SELECT * FROM safetyquestions WHERE year='".$config['FAIRYEAR']."' ORDER BY ord");
|
||||||
if(mysql_num_rows($q)) {
|
$q->execute();
|
||||||
|
if($q->rowCount()) {
|
||||||
echo i18n("Please agree to / answer the following safety questions by checking the box next to the question, or choosing the appropriate answer");
|
echo i18n("Please agree to / answer the following safety questions by checking the box next to the question, or choosing the appropriate answer");
|
||||||
echo "<br />";
|
echo "<br />";
|
||||||
echo "<br />";
|
echo "<br />";
|
||||||
@ -103,7 +108,7 @@ else if($newstatus=="complete") {
|
|||||||
echo "<input type=\"hidden\" name=\"action\" value=\"save\">\n";
|
echo "<input type=\"hidden\" name=\"action\" value=\"save\">\n";
|
||||||
echo "<table class=\"tableedit\">\n";
|
echo "<table class=\"tableedit\">\n";
|
||||||
$num=1;
|
$num=1;
|
||||||
while($r=mysql_fetch_object($q)) {
|
while($r=$q->fetch(PDO::FETCH_OBJ)) {
|
||||||
$trclass=($num%2==0?"odd":"even");
|
$trclass=($num%2==0?"odd":"even");
|
||||||
echo "<tr class=\"$trclass\"><td><b>$num</b>. </td><td>";
|
echo "<tr class=\"$trclass\"><td><b>$num</b>. </td><td>";
|
||||||
if($r->required=="yes") echo REQUIREDFIELD;
|
if($r->required=="yes") echo REQUIREDFIELD;
|
||||||
|
@ -45,7 +45,7 @@
|
|||||||
exit;
|
exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
$q=mysql_query("SELECT registrations.id AS regid, students.id AS studentid, students.firstname FROM registrations,students ".
|
$q=$pdo->prepare("SELECT registrations.id AS regid, students.id AS studentid, students.firstname FROM registrations,students ".
|
||||||
"WHERE students.email='".$_SESSION['email']."' ".
|
"WHERE students.email='".$_SESSION['email']."' ".
|
||||||
"AND registrations.num='".$_SESSION['registration_number']."' ".
|
"AND registrations.num='".$_SESSION['registration_number']."' ".
|
||||||
"AND registrations.id='".$_SESSION['registration_id']."' ".
|
"AND registrations.id='".$_SESSION['registration_id']."' ".
|
||||||
@ -55,16 +55,17 @@
|
|||||||
|
|
||||||
$registration_number=$_SESSION['registration_number'];
|
$registration_number=$_SESSION['registration_number'];
|
||||||
$registration_id=$_SESSION['registration_id'];
|
$registration_id=$_SESSION['registration_id'];
|
||||||
|
$q->execute();
|
||||||
|
|
||||||
echo mysql_error();
|
echo $pdo->errorInfo();
|
||||||
|
|
||||||
if(mysql_num_rows($q)==0)
|
if($q->rowCount()==0)
|
||||||
{
|
{
|
||||||
header("Location: register_participants.php");
|
header("Location: register_participants.php");
|
||||||
exit;
|
exit;
|
||||||
|
|
||||||
}
|
}
|
||||||
$authinfo=mysql_fetch_object($q);
|
$authinfo=$q->fetch(PDO::FETCH_OBJ);
|
||||||
|
|
||||||
}
|
}
|
||||||
//END OF AUTH, now lets try to generate a PDF using only PHP :) this should be fun!
|
//END OF AUTH, now lets try to generate a PDF using only PHP :) this should be fun!
|
||||||
@ -106,7 +107,7 @@ $pdf->newPage();
|
|||||||
else
|
else
|
||||||
{
|
{
|
||||||
//grab the project info
|
//grab the project info
|
||||||
$q=mysql_query("SELECT projects.*,
|
$q=$pdo->prepare("SELECT projects.*,
|
||||||
projectcategories.category,
|
projectcategories.category,
|
||||||
projectdivisions.division
|
projectdivisions.division
|
||||||
FROM projects
|
FROM projects
|
||||||
@ -117,10 +118,12 @@ $pdf->newPage();
|
|||||||
AND projectdivisions.year='".$config['FAIRYEAR']."'
|
AND projectdivisions.year='".$config['FAIRYEAR']."'
|
||||||
AND projectcategories.year='".$config['FAIRYEAR']."'
|
AND projectcategories.year='".$config['FAIRYEAR']."'
|
||||||
");
|
");
|
||||||
$projectinfo=mysql_fetch_object($q);
|
$q->execute();
|
||||||
|
$projectinfo=$q->fetch(PDO::FETCH_OBJ);
|
||||||
|
|
||||||
$q=mysql_query("SELECT * FROM students WHERE registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'");
|
$q=$pdo->prepare("SELECT * FROM students WHERE registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'");
|
||||||
while($si=mysql_fetch_object($q))
|
$q->execute();
|
||||||
|
while($si=$q->fetch(PDO::FETCH_OBJ))
|
||||||
$studentinfoarray[]=$si;
|
$studentinfoarray[]=$si;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -141,8 +144,9 @@ $pdf->newPage();
|
|||||||
foreach($studentinfoarray AS $studentinfo)
|
foreach($studentinfoarray AS $studentinfo)
|
||||||
{
|
{
|
||||||
if(!$_GET['sample']) {
|
if(!$_GET['sample']) {
|
||||||
$qq = mysql_query("SELECT school FROM schools WHERE id={$studentinfo->schools_id}");
|
$qq = $pdo->prepare("SELECT school FROM schools WHERE id={$studentinfo->schools_id}");
|
||||||
$rr = mysql_fetch_object($qq);
|
$qq->execute();
|
||||||
|
$rr = $qq->fetch(PDO::FETCH_OBJ);
|
||||||
}
|
}
|
||||||
|
|
||||||
$pdf->addTextX("$studentinfo->firstname $studentinfo->lastname, Grade {$studentinfo->grade}, {$rr->school}", 1.5);
|
$pdf->addTextX("$studentinfo->firstname $studentinfo->lastname, Grade {$studentinfo->grade}, {$rr->school}", 1.5);
|
||||||
@ -154,8 +158,9 @@ $pdf->newPage();
|
|||||||
|
|
||||||
$pdf->hr();
|
$pdf->hr();
|
||||||
|
|
||||||
$q=mysql_query("SELECT * FROM signaturepage WHERE name='exhibitordeclaration'");
|
$q=$pdo->prepare("SELECT * FROM signaturepage WHERE name='exhibitordeclaration'");
|
||||||
$r=mysql_fetch_object($q);
|
$q->execute();
|
||||||
|
$r=$q->fetch(PDO::FETCH_OBJ);
|
||||||
if($r->use)
|
if($r->use)
|
||||||
{
|
{
|
||||||
$pdf->heading(i18n("Exhibitor Declaration"));
|
$pdf->heading(i18n("Exhibitor Declaration"));
|
||||||
@ -201,8 +206,9 @@ $pdf->newPage();
|
|||||||
$pdf->hr();
|
$pdf->hr();
|
||||||
}
|
}
|
||||||
|
|
||||||
$q=mysql_query("SELECT * FROM signaturepage WHERE name='parentdeclaration'");
|
$q=$pdo->prepare("SELECT * FROM signaturepage WHERE name='parentdeclaration'");
|
||||||
$r=mysql_fetch_object($q);
|
$q->execute();
|
||||||
|
$r=$q->fetch(PDO::FETCH_OBJ);
|
||||||
if($r->use)
|
if($r->use)
|
||||||
{
|
{
|
||||||
//now for the parent/guardian signatures
|
//now for the parent/guardian signatures
|
||||||
@ -240,8 +246,9 @@ $pdf->newPage();
|
|||||||
$pdf->hr();
|
$pdf->hr();
|
||||||
}
|
}
|
||||||
|
|
||||||
$q=mysql_query("SELECT * FROM signaturepage WHERE name='teacherdeclaration'");
|
$q=$pdo->prepare("SELECT * FROM signaturepage WHERE name='teacherdeclaration'");
|
||||||
$r=mysql_fetch_object($q);
|
$q->execute();
|
||||||
|
$r=$q->fetch(PDO::FETCH_OBJ);
|
||||||
if($r->use)
|
if($r->use)
|
||||||
{
|
{
|
||||||
//now for the teacher signature
|
//now for the teacher signature
|
||||||
@ -280,8 +287,9 @@ $pdf->newPage();
|
|||||||
$pdf->hr();
|
$pdf->hr();
|
||||||
}
|
}
|
||||||
|
|
||||||
$q=mysql_query("SELECT * FROM signaturepage WHERE name='regfee'");
|
$q=$pdo->prepare("SELECT * FROM signaturepage WHERE name='regfee'");
|
||||||
$r=mysql_fetch_object($q);
|
$q->execute();
|
||||||
|
$r=$q->fetch(PDO::FETCH_OBJ);
|
||||||
if($r->use)
|
if($r->use)
|
||||||
{
|
{
|
||||||
//now for the teacher signature
|
//now for the teacher signature
|
||||||
@ -318,8 +326,9 @@ $pdf->newPage();
|
|||||||
$pdf->hr();
|
$pdf->hr();
|
||||||
}
|
}
|
||||||
|
|
||||||
$q=mysql_query("SELECT * FROM signaturepage WHERE name='postamble'");
|
$q=$pdo->prepare("SELECT * FROM signaturepage WHERE name='postamble'");
|
||||||
$r=mysql_fetch_object($q);
|
$q->execute();
|
||||||
|
$r=$q->fetch(PDO::FETCH_OBJ);
|
||||||
if($r->use)
|
if($r->use)
|
||||||
{
|
{
|
||||||
//now for the teacher signature
|
//now for the teacher signature
|
||||||
|
@ -41,7 +41,7 @@
|
|||||||
exit;
|
exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
$q=mysql_query("SELECT registrations.id AS regid, students.id AS studentid, students.firstname
|
$q=$pdo->prepare("SELECT registrations.id AS regid, students.id AS studentid, students.firstname
|
||||||
FROM registrations,students
|
FROM registrations,students
|
||||||
WHERE students.email='{$_SESSION['email']}'
|
WHERE students.email='{$_SESSION['email']}'
|
||||||
AND registrations.num='{$_SESSION['registration_number']}'
|
AND registrations.num='{$_SESSION['registration_number']}'
|
||||||
@ -51,15 +51,16 @@
|
|||||||
AND students.year={$config['FAIRYEAR']}");
|
AND students.year={$config['FAIRYEAR']}");
|
||||||
$registration_number=$_SESSION['registration_number'];
|
$registration_number=$_SESSION['registration_number'];
|
||||||
$registration_id=$_SESSION['registration_id'];
|
$registration_id=$_SESSION['registration_id'];
|
||||||
|
$q->execute();
|
||||||
|
|
||||||
echo mysql_error();
|
echo $pdo->errorInfo();
|
||||||
|
|
||||||
if(mysql_num_rows($q)==0) {
|
if($q->rowCount()==0) {
|
||||||
header("Location: register_participants.php");
|
header("Location: register_participants.php");
|
||||||
exit;
|
exit;
|
||||||
|
|
||||||
}
|
}
|
||||||
$authinfo=mysql_fetch_object($q);
|
$authinfo=$q->fetch(PDO::FETCH_OBJ);
|
||||||
|
|
||||||
}
|
}
|
||||||
//END OF AUTH, now lets try to generate a PDF using only PHP :) this should be fun!
|
//END OF AUTH, now lets try to generate a PDF using only PHP :) this should be fun!
|
||||||
@ -86,7 +87,7 @@ $pdf->AddPage();
|
|||||||
$rr->school="SampleSchool";
|
$rr->school="SampleSchool";
|
||||||
} else {
|
} else {
|
||||||
//grab the project info
|
//grab the project info
|
||||||
$q=mysql_query("SELECT projects.*,
|
$q=$pdo->prepare("SELECT projects.*,
|
||||||
projectcategories.category,
|
projectcategories.category,
|
||||||
projectdivisions.division
|
projectdivisions.division
|
||||||
FROM projects
|
FROM projects
|
||||||
@ -97,10 +98,12 @@ $pdf->AddPage();
|
|||||||
AND projectdivisions.year='".$config['FAIRYEAR']."'
|
AND projectdivisions.year='".$config['FAIRYEAR']."'
|
||||||
AND projectcategories.year='".$config['FAIRYEAR']."'
|
AND projectcategories.year='".$config['FAIRYEAR']."'
|
||||||
");
|
");
|
||||||
$projectinfo=mysql_fetch_object($q);
|
$q->execute();
|
||||||
|
$projectinfo=$q->fetch(PDO::FETCH_OBJ);
|
||||||
|
|
||||||
$q=mysql_query("SELECT * FROM students WHERE registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'");
|
$q=$pdo->prepare("SELECT * FROM students WHERE registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'");
|
||||||
while($si=mysql_fetch_object($q))
|
$q->execute();
|
||||||
|
while($si=$q->fetch(PDO::FETCH_OBJ))
|
||||||
$studentinfoarray[]=$si;
|
$studentinfoarray[]=$si;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -115,8 +118,9 @@ $pdf->AddPage();
|
|||||||
$students = "";
|
$students = "";
|
||||||
foreach($studentinfoarray AS $studentinfo) {
|
foreach($studentinfoarray AS $studentinfo) {
|
||||||
if(!$_GET['sample']) {
|
if(!$_GET['sample']) {
|
||||||
$qq = mysql_query("SELECT school FROM schools WHERE id={$studentinfo->schools_id}");
|
$qq = $pdo->prepare("SELECT school FROM schools WHERE id={$studentinfo->schools_id}");
|
||||||
$rr = mysql_fetch_object($qq);
|
$qq->execute();
|
||||||
|
$rr = $qq->fetch(PDO::FETCH_OBJ);
|
||||||
}
|
}
|
||||||
if($students != '') $students .= '<br/>';
|
if($students != '') $students .= '<br/>';
|
||||||
$students .= "{$studentinfo->firstname} {$studentinfo->lastname}, Grade {$studentinfo->grade}, {$rr->school}";
|
$students .= "{$studentinfo->firstname} {$studentinfo->lastname}, Grade {$studentinfo->grade}, {$rr->school}";
|
||||||
@ -144,8 +148,9 @@ function sig($pdf, $text)
|
|||||||
$pdf->Cell(60, $height_font, i18n('Date'), 'T', 1, 'C');
|
$pdf->Cell(60, $height_font, i18n('Date'), 'T', 1, 'C');
|
||||||
}
|
}
|
||||||
|
|
||||||
$q=mysql_query("SELECT * FROM signaturepage WHERE name='exhibitordeclaration'");
|
$q=$pdo->prepare("SELECT * FROM signaturepage WHERE name='exhibitordeclaration'");
|
||||||
$r=mysql_fetch_assoc($q);
|
$q->execute();
|
||||||
|
$r=$q->fetch(PDO::FETCH_ASSOC);
|
||||||
if($r['use']) {
|
if($r['use']) {
|
||||||
$t = nl2br($r['text']);
|
$t = nl2br($r['text']);
|
||||||
$pdf->WriteHTML("<h3>".i18n('Exhibitor Declaration')."</h3>$t");
|
$pdf->WriteHTML("<h3>".i18n('Exhibitor Declaration')."</h3>$t");
|
||||||
@ -156,8 +161,9 @@ function sig($pdf, $text)
|
|||||||
$pdf->WriteHTML("<br><hr>");
|
$pdf->WriteHTML("<br><hr>");
|
||||||
}
|
}
|
||||||
|
|
||||||
$q=mysql_query("SELECT * FROM signaturepage WHERE name='parentdeclaration'");
|
$q=$pdo->prepare("SELECT * FROM signaturepage WHERE name='parentdeclaration'");
|
||||||
$r=mysql_fetch_assoc($q);
|
$q->execute();
|
||||||
|
$r=$q->fetch(PDO::FETCH_ASSOC);
|
||||||
if($r['use']) {
|
if($r['use']) {
|
||||||
$t = nl2br($r['text']);
|
$t = nl2br($r['text']);
|
||||||
$pdf->WriteHTML("<h3>".i18n('Parent/Guardian Declaration')."</h3>$t");
|
$pdf->WriteHTML("<h3>".i18n('Parent/Guardian Declaration')."</h3>$t");
|
||||||
@ -168,8 +174,9 @@ function sig($pdf, $text)
|
|||||||
$pdf->WriteHTML("<br><hr>");
|
$pdf->WriteHTML("<br><hr>");
|
||||||
}
|
}
|
||||||
|
|
||||||
$q=mysql_query("SELECT * FROM signaturepage WHERE name='teacherdeclaration'");
|
$q=$pdo->prepare("SELECT * FROM signaturepage WHERE name='teacherdeclaration'");
|
||||||
$r=mysql_fetch_assoc($q);
|
$q->execute();
|
||||||
|
$r=$q->fetch(PDO::FETCH_ASSOC);
|
||||||
if($r['use']) {
|
if($r['use']) {
|
||||||
$t = nl2br($r['text']);
|
$t = nl2br($r['text']);
|
||||||
$pdf->WriteHTML("<h3>".i18n('Teacher Declaration')."</h3>$t");
|
$pdf->WriteHTML("<h3>".i18n('Teacher Declaration')."</h3>$t");
|
||||||
@ -177,8 +184,9 @@ function sig($pdf, $text)
|
|||||||
$pdf->WriteHTML("<br><hr>");
|
$pdf->WriteHTML("<br><hr>");
|
||||||
}
|
}
|
||||||
|
|
||||||
$q=mysql_query("SELECT * FROM signaturepage WHERE name='regfee'");
|
$q=$pdo->prepare("SELECT * FROM signaturepage WHERE name='regfee'");
|
||||||
$r=mysql_fetch_assoc($q);
|
$q->execute();
|
||||||
|
$r=$q->fetch(PDO::FETCH_ASSOC);
|
||||||
if($r['use']) {
|
if($r['use']) {
|
||||||
$pdf->WriteHTML("<h3>".i18n('Registration Fee Summary')."</h3><br>");
|
$pdf->WriteHTML("<h3>".i18n('Registration Fee Summary')."</h3><br>");
|
||||||
|
|
||||||
@ -207,8 +215,9 @@ function sig($pdf, $text)
|
|||||||
$pdf->WriteHTML("<br><hr>");
|
$pdf->WriteHTML("<br><hr>");
|
||||||
}
|
}
|
||||||
|
|
||||||
$q=mysql_query("SELECT * FROM signaturepage WHERE name='postamble'");
|
$q=$pdo->prepare("SELECT * FROM signaturepage WHERE name='postamble'");
|
||||||
$r=mysql_fetch_assoc($q);
|
$q->execute();
|
||||||
|
$r=$q->fetch(PDO::FETCH_ASSOC);
|
||||||
if($r['use']) {
|
if($r['use']) {
|
||||||
$t = nl2br($r['text']);
|
$t = nl2br($r['text']);
|
||||||
$pdf->WriteHTML("<h3>".i18n('Additional Information')."</h3>$t");
|
$pdf->WriteHTML("<h3>".i18n('Additional Information')."</h3>$t");
|
||||||
|
@ -36,24 +36,26 @@
|
|||||||
exit;
|
exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
$q=mysql_query("SELECT registrations.id AS regid, students.id AS studentid, students.firstname FROM registrations,students ".
|
$q=$pdo->prepare("SELECT registrations.id AS regid, students.id AS studentid, students.firstname FROM registrations,students ".
|
||||||
"WHERE students.email='".$_SESSION['email']."' ".
|
"WHERE students.email='".$_SESSION['email']."' ".
|
||||||
"AND registrations.num='".$_SESSION['registration_number']."' ".
|
"AND registrations.num='".$_SESSION['registration_number']."' ".
|
||||||
"AND registrations.id='".$_SESSION['registration_id']."' ".
|
"AND registrations.id='".$_SESSION['registration_id']."' ".
|
||||||
"AND students.registrations_id=registrations.id ".
|
"AND students.registrations_id=registrations.id ".
|
||||||
"AND registrations.year=".$config['FAIRYEAR']." ".
|
"AND registrations.year=".$config['FAIRYEAR']." ".
|
||||||
"AND students.year=".$config['FAIRYEAR']);
|
"AND students.year=".$config['FAIRYEAR']);
|
||||||
echo mysql_error();
|
$q->execute();
|
||||||
|
echo $pdo->errorInfo();
|
||||||
|
|
||||||
if(mysql_num_rows($q)==0) {
|
if($q->rowCount()==0) {
|
||||||
header("Location: register_participants.php");
|
header("Location: register_participants.php");
|
||||||
exit;
|
exit;
|
||||||
|
|
||||||
}
|
}
|
||||||
$authinfo=mysql_fetch_object($q);
|
$authinfo=$q->fetch(PDO::FETCH_OBJ);
|
||||||
|
|
||||||
$q=mysql_query("SELECT * FROM projects WHERE registrations_id='".$_SESSION['registration_id']."'");
|
$q=$pdo->prepare("SELECT * FROM projects WHERE registrations_id='".$_SESSION['registration_id']."'");
|
||||||
$project=mysql_fetch_object($q);
|
$q->execute();
|
||||||
|
$project=$q->fetch(PDO::FETCH_OBJ);
|
||||||
|
|
||||||
//send the header
|
//send the header
|
||||||
send_header("Participant Registration - Self-Nomination for Special Awards");
|
send_header("Participant Registration - Self-Nomination for Special Awards");
|
||||||
@ -87,8 +89,9 @@ function checkboxclicked(b)
|
|||||||
|
|
||||||
if($config['specialawardnomination']=="date") {
|
if($config['specialawardnomination']=="date") {
|
||||||
echo notice(i18n("Special award self-nomination is only available from %1 to %2. Please make sure you complete your nominations between these dates.", array($config['dates']['specawardregopen'],$config['dates']['specawardregclose'])));
|
echo notice(i18n("Special award self-nomination is only available from %1 to %2. Please make sure you complete your nominations between these dates.", array($config['dates']['specawardregopen'],$config['dates']['specawardregclose'])));
|
||||||
$q=mysql_query("SELECT (NOW()>'".$config['dates']['specawardregopen']."' AND NOW()<'".$config['dates']['specawardregclose']."') AS datecheck");
|
$q=$pdo->prepare("SELECT (NOW()>'".$config['dates']['specawardregopen']."' AND NOW()<'".$config['dates']['specawardregclose']."') AS datecheck");
|
||||||
$r=mysql_fetch_object($q);
|
$q->execute();
|
||||||
|
$r=$q->fetch(PDO::FETCH_OBJ);
|
||||||
//this will return 1 if its between the dates, 0 otherwise.
|
//this will return 1 if its between the dates, 0 otherwise.
|
||||||
if($r->datecheck==1)
|
if($r->datecheck==1)
|
||||||
$readonly=false;
|
$readonly=false;
|
||||||
@ -123,16 +126,18 @@ function checkboxclicked(b)
|
|||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
mysql_query("DELETE FROM project_specialawards_link WHERE projects_id='$project->id' AND year='".$config['FAIRYEAR']."'");
|
$stmt =$pdo->prepare("DELETE FROM project_specialawards_link WHERE projects_id='$project->id' AND year='".$config['FAIRYEAR']."'");
|
||||||
|
$stmt-execute();
|
||||||
foreach($splist AS $spaward)
|
foreach($splist AS $spaward)
|
||||||
{
|
{
|
||||||
$s = ($spaward == -1) ? "NULL" : "'$spaward'";
|
$s = ($spaward == -1) ? "NULL" : "'$spaward'";
|
||||||
mysql_query("INSERT INTO project_specialawards_link (award_awards_id,projects_id,year) VALUES (".
|
$stmt = $pdo->prepare("INSERT INTO project_specialawards_link (award_awards_id,projects_id,year) VALUES (".
|
||||||
"$s, ".
|
"$s, ".
|
||||||
"'$project->id', ".
|
"'$project->id', ".
|
||||||
"'".$config['FAIRYEAR']."')");
|
"'".$config['FAIRYEAR']."')");
|
||||||
echo mysql_error();
|
$stmt->execute();
|
||||||
|
echo $pdo->errorInfo();
|
||||||
|
|
||||||
}
|
}
|
||||||
if($num) {
|
if($num) {
|
||||||
if($noawards == true)
|
if($noawards == true)
|
||||||
|
@ -37,32 +37,33 @@
|
|||||||
exit;
|
exit;
|
||||||
}
|
}
|
||||||
$fairyear = intval($config['FAIRYEAR']);
|
$fairyear = intval($config['FAIRYEAR']);
|
||||||
$q=mysql_query("SELECT registrations.id AS regid, students.id AS studentid, students.firstname FROM registrations,students ".
|
$q=yahoo_image.png.pnguery("SELECT registrations.id AS regid, students.id AS studentid, students.firstname FROM registrations,students ".
|
||||||
"WHERE students.email='" . mysql_real_escape_string($_SESSION['email']) . "' ".
|
"WHERE students.email='" . $_SESSION['email'] . "' ".
|
||||||
"AND registrations.num='" . mysql_real_escape_string($_SESSION['registration_number']) . "' ".
|
"AND registrations.num='" . $_SESSION['registration_number'] . "' ".
|
||||||
"AND registrations.id='" . mysql_real_escape_string($_SESSION['registration_id']) . "' ".
|
"AND registrations.id='" . $_SESSION['registration_id'] . "' ".
|
||||||
"AND students.registrations_id=registrations.id ".
|
"AND students.registrations_id=registrations.id ".
|
||||||
"AND registrations.year=" . $fairyear . " ".
|
"AND registrations.year=" . $fairyear . " ".
|
||||||
"AND students.year=" . $fairyear);
|
"AND students.year=" . $fairyear);
|
||||||
echo mysql_error();
|
echo $pdo->errorInfo();
|
||||||
|
|
||||||
|
|
||||||
if(mysql_num_rows($q)==0)
|
if($q->rowCount()==0)
|
||||||
{
|
{
|
||||||
header("Location: register_participants.php");
|
header("Location: register_participants.php");
|
||||||
exit;
|
exit;
|
||||||
|
|
||||||
}
|
}
|
||||||
$r=mysql_fetch_object($q);
|
$r=$q->fetch(PDO::FETCH_OBJ);
|
||||||
|
|
||||||
send_header("Participant Registration - Student Information");
|
send_header("Participant Registration - Student Information");
|
||||||
echo "<a href=\"register_participants_main.php\"><< ".i18n("Back to Participant Registration Summary")."</a><br />";
|
echo "<a href=\"register_participants_main.php\"><< ".i18n("Back to Participant Registration Summary")."</a><br />";
|
||||||
echo "<br />";
|
echo "<br />";
|
||||||
|
|
||||||
$regfee_items = array();
|
$regfee_items = array();
|
||||||
$items_q = mysql_query("SELECT * FROM regfee_items
|
$items_q = $pdo->prepare("SELECT * FROM regfee_items
|
||||||
WHERE year='{$config['FAIRYEAR']}'");
|
WHERE year='{$config['FAIRYEAR']}'");
|
||||||
while($items_i = mysql_fetch_assoc($items_q)) {
|
$items_q->execute();
|
||||||
|
while($items_i = $items_q->fetch(PDO::FETCH_ASSOC)) {
|
||||||
$regfee_items[] = $items_i;
|
$regfee_items[] = $items_i;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -90,41 +91,42 @@ if($_POST['action']=="save")
|
|||||||
//if they use schoolpassword or singlepassword, then we need to set the school based on the school stored in the registration record. for anything else they can school the school on their own.
|
//if they use schoolpassword or singlepassword, then we need to set the school based on the school stored in the registration record. for anything else they can school the school on their own.
|
||||||
if($config['participant_registration_type']=="schoolpassword" || $config['participant_registration_type']=="invite")
|
if($config['participant_registration_type']=="schoolpassword" || $config['participant_registration_type']=="invite")
|
||||||
{
|
{
|
||||||
$q=mysql_query("SELECT schools_id FROM registrations WHERE id='".$_SESSION['registration_id']."' AND YEAR='".$config['FAIRYEAR']."'");
|
$q=$pdo->prepare("SELECT schools_id FROM registrations WHERE id='".$_SESSION['registration_id']."' AND YEAR='".$config['FAIRYEAR']."'");
|
||||||
$r=mysql_fetch_object($q);
|
$q->execute();
|
||||||
|
$r=$q->fetch(PDO::FETCH_OBJ);
|
||||||
$schools_id=$r->schools_id;
|
$schools_id=$r->schools_id;
|
||||||
|
|
||||||
$schoolvalue="'$schools_id', ";
|
$schoolvalue="'$schools_id', ";
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
$schoolvalue="'".mysql_real_escape_string(stripslashes($_POST['schools_id'][$x]))."', ";
|
$schoolvalue="'".stripslashes($_POST['schools_id'][$x])."', ";
|
||||||
}
|
}
|
||||||
//INSERT new record
|
//INSERT new record
|
||||||
$dob=$_POST['year'][$x]."-".$_POST['month'][$x]."-".$_POST['day'][$x];
|
$dob=$_POST['year'][$x]."-".$_POST['month'][$x]."-".$_POST['day'][$x];
|
||||||
mysql_query("INSERT INTO students (registrations_id,firstname,lastname,pronunciation,sex,email,address,city,county,province,postalcode,phone,dateofbirth,grade,schools_id,tshirt,medicalalert,foodreq,teachername,teacheremail,year) VALUES (".
|
$stmt = $pdo->prepare("INSERT INTO students (registrations_id,firstname,lastname,pronunciation,sex,email,address,city,county,province,postalcode,phone,dateofbirth,grade,schools_id,tshirt,medicalalert,foodreq,teachername,teacheremail,year) VALUES (".
|
||||||
"'".$_SESSION['registration_id']."', ".
|
"'".$_SESSION['registration_id']."', ".
|
||||||
"'".mysql_real_escape_string(stripslashes($_POST['firstname'][$x]))."', ".
|
"'".stripslashes($_POST['firstname'][$x])."', ".
|
||||||
"'".mysql_real_escape_string(stripslashes($_POST['lastname'][$x]))."', ".
|
"'".stripslashes($_POST['lastname'][$x])."', ".
|
||||||
"'".mysql_real_escape_string(stripslashes($_POST['pronunciation'][$x]))."', ".
|
"'".stripslashes($_POST['pronunciation'][$x])."', ".
|
||||||
"'".mysql_real_escape_string(stripslashes($_POST['sex'][$x]))."', ".
|
"'".stripslashes($_POST['sex'][$x])."', ".
|
||||||
"'".mysql_real_escape_string(stripslashes($_POST['email'][$x]))."', ".
|
"'".stripslashes($_POST['email'][$x])."', ".
|
||||||
"'".mysql_real_escape_string(stripslashes($_POST['address'][$x]))."', ".
|
"'".stripslashes($_POST['address'][$x])."', ".
|
||||||
"'".mysql_real_escape_string(stripslashes($_POST['city'][$x]))."', ".
|
"'".stripslashes($_POST['city'][$x])."', ".
|
||||||
"'".mysql_real_escape_string(stripslashes($_POST['county'][$x]))."', ".
|
"'".stripslashes($_POST['county'][$x])."', ".
|
||||||
"'".mysql_real_escape_string(stripslashes($_POST['province'][$x]))."', ".
|
"'".stripslashes($_POST['province'][$x])."', ".
|
||||||
"'".mysql_real_escape_string(stripslashes($_POST['postalcode'][$x]))."', ".
|
"'".stripslashes($_POST['postalcode'][$x])."', ".
|
||||||
"'".mysql_real_escape_string(stripslashes($_POST['phone'][$x]))."', ".
|
"'".stripslashes($_POST['phone'][$x])."', ".
|
||||||
"'$dob', ".
|
"'$dob', ".
|
||||||
"'".mysql_real_escape_string(stripslashes($_POST['grade'][$x]))."', ".
|
"'".stripslashes($_POST['grade'][$x])."', ".
|
||||||
$schoolvalue.
|
$schoolvalue.
|
||||||
"'".mysql_real_escape_string(stripslashes($_POST['tshirt'][$x]))."', ".
|
"'".stripslashes($_POST['tshirt'][$x])."', ".
|
||||||
"'".mysql_real_escape_string(stripslashes($_POST['medicalalert'][$x]))."', ".
|
"'".stripslashes($_POST['medicalalert'][$x])."', ".
|
||||||
"'".mysql_real_escape_string(stripslashes($_POST['foodreq'][$x]))."', ".
|
"'".stripslashes($_POST['foodreq'][$x])."', ".
|
||||||
"'".mysql_real_escape_string(stripslashes($_POST['teachername'][$x]))."', ".
|
"'".stripslashes($_POST['teachername'][$x])."', ".
|
||||||
"'".mysql_real_escape_string(stripslashes($_POST['teacheremail'][$x]))."', ".
|
"'".stripslashes($_POST['teacheremail'][$x])."', ".
|
||||||
"'".$config['FAIRYEAR']."')");
|
"'".$config['FAIRYEAR']."')");
|
||||||
$students_id = mysql_insert_id();
|
$students_id = $pdo->lastInsertId();
|
||||||
|
|
||||||
echo notice(i18n("%1 %2 successfully added",array($_POST['firstname'][$x],$_POST['lastname'][$x])));
|
echo notice(i18n("%1 %2 successfully added",array($_POST['firstname'][$x],$_POST['lastname'][$x])));
|
||||||
|
|
||||||
@ -139,44 +141,46 @@ if($_POST['action']=="save")
|
|||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
$schoolquery="schools_id='".mysql_real_escape_string(stripslashes($_POST['schools_id'][$x]))."', ";
|
$schoolquery="schools_id='".stripslashes($_POST['schools_id'][$x])."', ";
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
//UPDATE existing record
|
//UPDATE existing record
|
||||||
$dob=$_POST['year'][$x]."-".$_POST['month'][$x]."-".$_POST['day'][$x];
|
$dob=$_POST['year'][$x]."-".$_POST['month'][$x]."-".$_POST['day'][$x];
|
||||||
mysql_query("UPDATE students SET ".
|
$stmt = $pdo->prepare("UPDATE students SET ".
|
||||||
"firstname='".mysql_real_escape_string(stripslashes($_POST['firstname'][$x]))."', ".
|
"firstname='".stripslashes($_POST['firstname'][$x])."', ".
|
||||||
"lastname='".mysql_real_escape_string(stripslashes($_POST['lastname'][$x]))."', ".
|
"lastname='".stripslashes($_POST['lastname'][$x])."', ".
|
||||||
"pronunciation='".mysql_real_escape_string(stripslashes($_POST['pronunciation'][$x]))."', ".
|
"pronunciation='".stripslashes($_POST['pronunciation'][$x])."', ".
|
||||||
"sex='".mysql_real_escape_string(stripslashes($_POST['sex'][$x]))."', ".
|
"sex='".stripslashes($_POST['sex'][$x])."', ".
|
||||||
"email='".mysql_real_escape_string(stripslashes($_POST['email'][$x]))."', ".
|
"email='".stripslashes($_POST['email'][$x])."', ".
|
||||||
"address='".mysql_real_escape_string(stripslashes($_POST['address'][$x]))."', ".
|
"address='".stripslashes($_POST['address'][$x])."', ".
|
||||||
"city='".mysql_real_escape_string(stripslashes($_POST['city'][$x]))."', ".
|
"city='".stripslashes($_POST['city'][$x])."', ".
|
||||||
"county='".mysql_real_escape_string(stripslashes($_POST['county'][$x]))."', ".
|
"county='".stripslashes($_POST['county'][$x])."', ".
|
||||||
"province='".mysql_real_escape_string(stripslashes($_POST['province'][$x]))."', ".
|
"province='".stripslashes($_POST['province'][$x])."', ".
|
||||||
"postalcode='".mysql_real_escape_string(stripslashes($_POST['postalcode'][$x]))."', ".
|
"postalcode='".stripslashes($_POST['postalcode'][$x])."', ".
|
||||||
"phone='".mysql_real_escape_string(stripslashes($_POST['phone'][$x]))."', ".
|
"phone='".stripslashes($_POST['phone'][$x])."', ".
|
||||||
"dateofbirth='$dob', ".
|
"dateofbirth='$dob', ".
|
||||||
"grade='".mysql_real_escape_string(stripslashes($_POST['grade'][$x]))."', ".
|
"grade='".stripslashes($_POST['grade'][$x])."', ".
|
||||||
$schoolquery.
|
$schoolquery.
|
||||||
"medicalalert='".mysql_real_escape_string(stripslashes($_POST['medicalalert'][$x]))."', ".
|
"medicalalert='".stripslashes($_POST['medicalalert'][$x])."', ".
|
||||||
"foodreq='".mysql_real_escape_string(stripslashes($_POST['foodreq'][$x]))."', ".
|
"foodreq='".stripslashes($_POST['foodreq'][$x])."', ".
|
||||||
"teachername='".mysql_real_escape_string(stripslashes($_POST['teachername'][$x]))."', ".
|
"teachername='".stripslashes($_POST['teachername'][$x])."', ".
|
||||||
"teacheremail='".mysql_real_escape_string(stripslashes($_POST['teacheremail'][$x]))."', ".
|
"teacheremail='".stripslashes($_POST['teacheremail'][$x])."', ".
|
||||||
"tshirt='".mysql_real_escape_string(stripslashes($_POST['tshirt'][$x]))."' ".
|
"tshirt='".stripslashes($_POST['tshirt'][$x])."' ".
|
||||||
"WHERE id='$students_id'");
|
"WHERE id='$students_id'");
|
||||||
echo notice(i18n("%1 %2 successfully updated",array($_POST['firstname'][$x],$_POST['lastname'][$x])));
|
echo notice(i18n("%1 %2 successfully updated",array($_POST['firstname'][$x],$_POST['lastname'][$x])));
|
||||||
|
|
||||||
}
|
}
|
||||||
/* Update the regfee items link */
|
/* Update the regfee items link */
|
||||||
if($config['participant_regfee_items_enable'] == 'yes') {
|
if($config['participant_regfee_items_enable'] == 'yes') {
|
||||||
mysql_query("DELETE FROM regfee_items_link WHERE students_id='$students_id'");
|
$stmt = $pdo->prepare("DELETE FROM regfee_items_link WHERE students_id='$students_id'");
|
||||||
|
$stmt->execute();
|
||||||
|
|
||||||
if(is_array($_POST['regfee_item'][$x])) {
|
if(is_array($_POST['regfee_item'][$x])) {
|
||||||
foreach($_POST['regfee_item'][$x] as $id=>$enabled) {
|
foreach($_POST['regfee_item'][$x] as $id=>$enabled) {
|
||||||
mysql_query("INSERT INTO regfee_items_link(`students_id`,`regfee_items_id`)
|
$stmt = $pdo->prepare("INSERT INTO regfee_items_link(`students_id`,`regfee_items_id`)
|
||||||
VALUES ('$students_id','$id') ");
|
VALUES ('$students_id','$id') ");
|
||||||
|
$stmt->execute();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -195,20 +199,22 @@ if($_GET['action']=="removestudent")
|
|||||||
{
|
{
|
||||||
$students_id = intval($_GET['removestudent']);
|
$students_id = intval($_GET['removestudent']);
|
||||||
//first make sure this is one belonging to this registration id
|
//first make sure this is one belonging to this registration id
|
||||||
$q=mysql_query("SELECT id FROM students WHERE id='$students_id' AND registrations_id='".$_SESSION['registration_id']."'");
|
$q=$pdo->prepare("SELECT id FROM students WHERE id='$students_id' AND registrations_id='".$_SESSION['registration_id']."'");
|
||||||
if(mysql_num_rows($q)==1)
|
$q->execute();
|
||||||
|
if($q->rowCount()==1)
|
||||||
{
|
{
|
||||||
mysql_query("DELETE FROM students WHERE id='$students_id' AND registrations_id='".$_SESSION['registration_id']."'");
|
$stmt = $pdo->prepare("DELETE FROM students WHERE id='$students_id' AND registrations_id='".$_SESSION['registration_id']."'");
|
||||||
|
$stmt->execute();
|
||||||
//now see if they have an emergency contact that also needs to be removed
|
//now see if they have an emergency contact that also needs to be removed
|
||||||
|
|
||||||
$q=mysql_query("SELECT id FROM emergencycontact WHERE students_id='$students_id' AND registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'");
|
$q=$pdo->prepare("SELECT id FROM emergencycontact WHERE students_id='$students_id' AND registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'");
|
||||||
|
$q->execute();
|
||||||
//no need to error message if this doesnt exist
|
//no need to error message if this doesnt exist
|
||||||
if(mysql_num_rows($q)==1)
|
if($q->rowCount()==1)
|
||||||
mysql_query("DELETE FROM emergencycontact WHERE students_id='$students_id' AND registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'");
|
$stmt = $pdo->prepare("DELETE FROM emergencycontact WHERE students_id='$students_id' AND registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'");
|
||||||
|
$stmt->execute();
|
||||||
mysql_query("DELETE FROM regfee_items_link WHERE students_id='$students_id'");
|
$stmt = $pdo->prepare("DELETE FROM regfee_items_link WHERE students_id='$students_id'");
|
||||||
|
$stmt->execute();
|
||||||
echo notice(i18n("Student successfully removed"));
|
echo notice(i18n("Student successfully removed"));
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
@ -234,20 +240,21 @@ else if($newstatus=="complete")
|
|||||||
|
|
||||||
//now query and display
|
//now query and display
|
||||||
|
|
||||||
$q=mysql_query("SELECT * FROM students WHERE registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'");
|
$q=$pdo->prepare("SELECT * FROM students WHERE registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'");
|
||||||
|
$q->execute();
|
||||||
if(mysql_num_rows($q)==0)
|
if($q->rowCount()==0)
|
||||||
{
|
{
|
||||||
//uhh oh, we didnt find any, this isnt possible! lets insert one using the logged in persons email address
|
//uhh oh, we didnt find any, this isnt possible! lets insert one using the logged in persons email address
|
||||||
//although... this can never really happen, since the above queries only allow the page to view if the student
|
//although... this can never really happen, since the above queries only allow the page to view if the student
|
||||||
//is found in the students table... soo... well, lets leave it here as a fallback anyways, just incase
|
//is found in the students table... soo... well, lets leave it here as a fallback anyways, just incase
|
||||||
mysql_query("INSERT INTO students (registrations_id,email,year) VALUES ('".$_SESSION['registration_id']."','".mysql_real_escape_string($_SESSION['email'])."','".$config['FAIRYEAR']."')");
|
$stmt = $pdo->prepare("INSERT INTO students (registrations_id,email,year) VALUES ('".$_SESSION['registration_id']."','".$_SESSION['email']."','".$config['FAIRYEAR']."')");
|
||||||
|
$stmt->execute();
|
||||||
//if we just inserted it, then we will obviously find 1
|
//if we just inserted it, then we will obviously find 1
|
||||||
$numfound=1;
|
$numfound=1;
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
$numfound=mysql_num_rows($q);
|
$numfound=$q->rowCount();
|
||||||
}
|
}
|
||||||
|
|
||||||
if($_GET['numstudents'])
|
if($_GET['numstudents'])
|
||||||
@ -277,7 +284,7 @@ else if($newstatus=="complete")
|
|||||||
echo "<input type=\"hidden\" name=\"action\" value=\"save\" />";
|
echo "<input type=\"hidden\" name=\"action\" value=\"save\" />";
|
||||||
for($x=1;$x<=$numtoshow;$x++)
|
for($x=1;$x<=$numtoshow;$x++)
|
||||||
{
|
{
|
||||||
$studentinfo=mysql_fetch_object($q);
|
$studentinfo=$q->fetch(PDO::FETCH_OBJ);
|
||||||
echo "<h3>".i18n("Student %1 Details",array($x))."</h3>";
|
echo "<h3>".i18n("Student %1 Details",array($x))."</h3>";
|
||||||
//if we have a valid student, set their ID, so we can UPDATE when we submit
|
//if we have a valid student, set their ID, so we can UPDATE when we submit
|
||||||
//if there is no record for this student, then set the ID to 0, so we will INSERT when we submit
|
//if there is no record for this student, then set the ID to 0, so we will INSERT when we submit
|
||||||
@ -447,10 +454,11 @@ if($config['participant_student_personal']=="yes")
|
|||||||
echo " <td>".i18n("School")."</td><td colspan=\"3\">";
|
echo " <td>".i18n("School")."</td><td colspan=\"3\">";
|
||||||
if( $config['participant_registration_type']=="open" || $config['participant_registration_type']=="singlepassword" || $config['participant_registration_type']=="openorinvite" || ($studentinfo && !$studentinfo->schools_id) )
|
if( $config['participant_registration_type']=="open" || $config['participant_registration_type']=="singlepassword" || $config['participant_registration_type']=="openorinvite" || ($studentinfo && !$studentinfo->schools_id) )
|
||||||
{
|
{
|
||||||
$schoolq=mysql_query("SELECT id,school,city FROM schools WHERE year='".$config['FAIRYEAR']."' ORDER by city,school");
|
$schoolq=$pdo->prepare("SELECT id,school,city FROM schools WHERE year='".$config['FAIRYEAR']."' ORDER by city,school");
|
||||||
|
$schoolq->execute();
|
||||||
echo "<select name=\"schools_id[$x]\">\n";
|
echo "<select name=\"schools_id[$x]\">\n";
|
||||||
echo "<option value=\"\">".i18n("Choose School")."</option>\n";
|
echo "<option value=\"\">".i18n("Choose School")."</option>\n";
|
||||||
while($r=mysql_fetch_object($schoolq))
|
while($r=$schoolq->fetch(PDO::FETCH_OBJ))
|
||||||
{
|
{
|
||||||
if($studentinfo->schools_id==$r->id) $sel="selected=\"selected\""; else $sel="";
|
if($studentinfo->schools_id==$r->id) $sel="selected=\"selected\""; else $sel="";
|
||||||
echo "<option $sel value=\"$r->id\">".htmlspecialchars($r->city).' - '.htmlspecialchars($r->school)."</option>\n";
|
echo "<option $sel value=\"$r->id\">".htmlspecialchars($r->city).' - '.htmlspecialchars($r->school)."</option>\n";
|
||||||
@ -460,8 +468,9 @@ if($config['participant_student_personal']=="yes")
|
|||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
$schoolq=mysql_query("SELECT id,school FROM schools WHERE year='".$config['FAIRYEAR']."' AND id='$studentinfo->schools_id'");
|
$schoolq=$pdo->prepare("SELECT id,school FROM schools WHERE year='".$config['FAIRYEAR']."' AND id='$studentinfo->schools_id'");
|
||||||
$r=mysql_fetch_object($schoolq);
|
$schoolq->execute();
|
||||||
|
$r=$schoolq->fetch(PDO::FETCH_OBJ);
|
||||||
echo $r->school;
|
echo $r->school;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -474,10 +483,11 @@ if($config['participant_student_personal']=="yes")
|
|||||||
echo "</tr>\n";
|
echo "</tr>\n";
|
||||||
|
|
||||||
if($config['participant_regfee_items_enable'] == 'yes' ) {
|
if($config['participant_regfee_items_enable'] == 'yes' ) {
|
||||||
$sel_q = mysql_query("SELECT * FROM regfee_items_link
|
$sel_q = $pdo->prepare("SELECT * FROM regfee_items_link
|
||||||
WHERE students_id=$id");
|
WHERE students_id=$id");
|
||||||
|
$sel_q->execute();
|
||||||
$sel = array();
|
$sel = array();
|
||||||
while($info_q = mysql_fetch_assoc($sel_q)) {
|
while($info_q = $sel_q->fetch(PDO::FETCH_ASSOC)) {
|
||||||
$sel[$info_q['regfee_items_id']] = $info_q['id'];
|
$sel[$info_q['regfee_items_id']] = $info_q['id'];
|
||||||
}
|
}
|
||||||
foreach($regfee_items as $rfi) {
|
foreach($regfee_items as $rfi) {
|
||||||
|
@ -37,22 +37,23 @@
|
|||||||
exit;
|
exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
$q=mysql_query("SELECT registrations.id AS regid, students.id AS studentid, students.firstname FROM registrations,students ".
|
$q=$pdo->prepare("SELECT registrations.id AS regid, students.id AS studentid, students.firstname FROM registrations,students ".
|
||||||
"WHERE students.email='".$_SESSION['email']."' ".
|
"WHERE students.email='".$_SESSION['email']."' ".
|
||||||
"AND registrations.num='".$_SESSION['registration_number']."' ".
|
"AND registrations.num='".$_SESSION['registration_number']."' ".
|
||||||
"AND registrations.id='".$_SESSION['registration_id']."' ".
|
"AND registrations.id='".$_SESSION['registration_id']."' ".
|
||||||
"AND students.registrations_id=registrations.id ".
|
"AND students.registrations_id=registrations.id ".
|
||||||
"AND registrations.year=".$config['FAIRYEAR']." ".
|
"AND registrations.year=".$config['FAIRYEAR']." ".
|
||||||
"AND students.year=".$config['FAIRYEAR']);
|
"AND students.year=".$config['FAIRYEAR']);
|
||||||
echo mysql_error();
|
$q->execute();
|
||||||
|
echo $pdo->errorInfo();
|
||||||
|
|
||||||
if(mysql_num_rows($q)==0)
|
if($q->rowCount()==0)
|
||||||
{
|
{
|
||||||
header("Location: register_participants.php");
|
header("Location: register_participants.php");
|
||||||
exit;
|
exit;
|
||||||
|
|
||||||
}
|
}
|
||||||
$authinfo=mysql_fetch_object($q);
|
$authinfo=$q->fetch(PDO::FETCH_OBJ);
|
||||||
|
|
||||||
|
|
||||||
//send the header
|
//send the header
|
||||||
@ -75,10 +76,11 @@ echo mysql_error();
|
|||||||
else
|
else
|
||||||
{
|
{
|
||||||
//first we will delete all their old answer, its easier to delete and re-insert in this case then it would be to find the corresponding answers and update them
|
//first we will delete all their old answer, its easier to delete and re-insert in this case then it would be to find the corresponding answers and update them
|
||||||
mysql_query("DELETE FROM tours_choice
|
$stmt = $pdo->prepare("DELETE FROM tours_choice
|
||||||
WHERE registrations_id='{$_SESSION['registration_id']}'
|
WHERE registrations_id='{$_SESSION['registration_id']}'
|
||||||
AND year='{$config['FAIRYEAR']}'
|
AND year='{$config['FAIRYEAR']}'
|
||||||
AND rank!='0'");
|
AND rank!='0'");
|
||||||
|
$stmt->execute();
|
||||||
if(is_array($_POST['toursel']))
|
if(is_array($_POST['toursel']))
|
||||||
{
|
{
|
||||||
foreach($_POST['toursel'] AS $students_id=>$ts)
|
foreach($_POST['toursel'] AS $students_id=>$ts)
|
||||||
@ -98,13 +100,14 @@ echo mysql_error();
|
|||||||
/* Remember this choice in a format that is easily searchable */
|
/* Remember this choice in a format that is easily searchable */
|
||||||
$selarray[] = $x;
|
$selarray[] = $x;
|
||||||
|
|
||||||
mysql_query("INSERT INTO tours_choice (registrations_id,students_id,tour_id,year,rank) VALUES (".
|
$stmt = $pdo->prepare("INSERT INTO tours_choice (registrations_id,students_id,tour_id,year,rank) VALUES (".
|
||||||
"'".$_SESSION['registration_id']."', ".
|
"'".$_SESSION['registration_id']."', ".
|
||||||
"'".intval($students_id)."', ".
|
"'".intval($students_id)."', ".
|
||||||
"'".intval($tid)."', ".
|
"'".intval($tid)."', ".
|
||||||
"'".$config['FAIRYEAR']."', ".
|
"'".$config['FAIRYEAR']."', ".
|
||||||
"'$rank')");
|
"'$rank')");
|
||||||
echo mysql_error();
|
$stmt->execute();
|
||||||
|
echo $pdo->errorInfo();
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
@ -140,23 +143,25 @@ else if($newstatus=="complete")
|
|||||||
|
|
||||||
|
|
||||||
$assigned_tour = array();
|
$assigned_tour = array();
|
||||||
$q=mysql_query("SELECT * FROM tours_choice WHERE registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'");
|
$q=$pdo->prepare("SELECT * FROM tours_choice WHERE registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'");
|
||||||
while($r=mysql_fetch_object($q))
|
$q->execute();
|
||||||
|
while($r=$q->fetch(PDO::FETCH_OBJ))
|
||||||
{
|
{
|
||||||
if($r->rank == 0) $assigned_tour[$r->students_id] = $r->tour_id;
|
if($r->rank == 0) $assigned_tour[$r->students_id] = $r->tour_id;
|
||||||
$tour_choice[$r->students_id][$r->rank] = $r->tour_id;
|
$tour_choice[$r->students_id][$r->rank] = $r->tour_id;
|
||||||
}
|
}
|
||||||
|
|
||||||
$tours = array();
|
$tours = array();
|
||||||
$q=mysql_query("SELECT * FROM tours WHERE year='".$config['FAIRYEAR']."' ORDER BY id");
|
$q=$pdo->prepare("SELECT * FROM tours WHERE year='".$config['FAIRYEAR']."' ORDER BY id");
|
||||||
if(mysql_num_rows($q) == 0)
|
$q->execute();
|
||||||
|
if($q->rowCount() == 0)
|
||||||
{
|
{
|
||||||
echo notice(i18n("There is not tour information"));
|
echo notice(i18n("There is not tour information"));
|
||||||
send_footer();
|
send_footer();
|
||||||
exit;
|
exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
while($r=mysql_fetch_object($q))
|
while($r=$q->fetch(PDO::FETCH_OBJ))
|
||||||
{
|
{
|
||||||
$tours[$r->id]['name'] = $r->name;
|
$tours[$r->id]['name'] = $r->name;
|
||||||
$tours[$r->id]['num'] = $r->num;
|
$tours[$r->id]['num'] = $r->num;
|
||||||
@ -173,11 +178,12 @@ else if($newstatus=="complete")
|
|||||||
echo "<form method=\"post\" action=\"register_participants_tours.php\">\n";
|
echo "<form method=\"post\" action=\"register_participants_tours.php\">\n";
|
||||||
echo "<input type=\"hidden\" name=\"action\" value=\"save\">\n";
|
echo "<input type=\"hidden\" name=\"action\" value=\"save\">\n";
|
||||||
|
|
||||||
$q=mysql_query("SELECT * FROM students WHERE registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'");
|
$q=$pdo->prepare("SELECT * FROM students WHERE registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'");
|
||||||
$num_found = mysql_num_rows($q);
|
$q->execute();
|
||||||
|
$num_found = $q->rowCount();
|
||||||
|
|
||||||
$print_submit = false;
|
$print_submit = false;
|
||||||
while($r=mysql_fetch_object($q)) {
|
while($r=$q->fetch(PDO::FETCH_OBJ)) {
|
||||||
|
|
||||||
echo i18n("Tour Selection for")." <b>{$r->firstname} {$r->lastname}</b>:<br /><br />";
|
echo i18n("Tour Selection for")." <b>{$r->firstname} {$r->lastname}</b>:<br /><br />";
|
||||||
if($r->grade <= 0) {
|
if($r->grade <= 0) {
|
||||||
|
178
remote.php
178
remote.php
@ -37,9 +37,10 @@ function handle_getstats(&$u, $fair,&$data, &$response)
|
|||||||
$response['statconfig'] = explode(',', $fair['gather_stats']);
|
$response['statconfig'] = explode(',', $fair['gather_stats']);
|
||||||
|
|
||||||
/* Send back the stats we currently have */
|
/* Send back the stats we currently have */
|
||||||
$q = mysql_query("SELECT * FROM fairs_stats WHERE fairs_id='{$u['fairs_id']}'
|
$q = $pdo->prepare("SELECT * FROM fairs_stats WHERE fairs_id='{$u['fairs_id']}'
|
||||||
AND year='$year'");
|
AND year='$year'");
|
||||||
$response['stats'] = mysql_fetch_assoc($q);
|
$q->execute();
|
||||||
|
$response['stats'] = $q->fetch(PDO::FETCH_ASSOC);
|
||||||
unset($response['stats']['id']);
|
unset($response['stats']['id']);
|
||||||
$response['error'] = 0;
|
$response['error'] = 0;
|
||||||
}
|
}
|
||||||
@ -48,17 +49,19 @@ function handle_stats(&$u,$fair, &$data, &$response)
|
|||||||
{
|
{
|
||||||
$stats = $data['stats'];
|
$stats = $data['stats'];
|
||||||
foreach($stats as $k=>$v) {
|
foreach($stats as $k=>$v) {
|
||||||
$stats[$k] = mysql_escape_string($stats[$k]);
|
$stats[$k] = $stats[$k];
|
||||||
}
|
}
|
||||||
|
|
||||||
// $str = join(',',$stats);
|
// $str = join(',',$stats);
|
||||||
$keys = '`fairs_id`,`'.join('`,`', array_keys($stats)).'`';
|
$keys = '`fairs_id`,`'.join('`,`', array_keys($stats)).'`';
|
||||||
$vals = "'{$u['fairs_id']}','".join("','", array_values($stats))."'";
|
$vals = "'{$u['fairs_id']}','".join("','", array_values($stats))."'";
|
||||||
mysql_query("DELETE FROM fairs_stats WHERE fairs_id='{$u['fairs_id']}'
|
$stmt = $pdo->prepare("DELETE FROM fairs_stats WHERE fairs_id='{$u['fairs_id']}'
|
||||||
AND year='{$stats['year']}'");
|
AND year='{$stats['year']}'");
|
||||||
echo mysql_error();
|
$stmt->execute();
|
||||||
mysql_query("INSERT INTO fairs_stats (`id`,$keys) VALUES ('',$vals)");
|
echo $pdo->errorInfo();
|
||||||
echo mysql_error();
|
$stmt = $pdo->prepare("INSERT INTO fairs_stats (`id`,$keys) VALUES ('',$vals)");
|
||||||
|
$stmt->execute();
|
||||||
|
echo $pdo->errorInfo();
|
||||||
|
|
||||||
$response['message'] = 'Stats saved';
|
$response['message'] = 'Stats saved';
|
||||||
$response['error'] = 0;
|
$response['error'] = 0;
|
||||||
@ -71,8 +74,9 @@ function handle_getawards(&$u, $fair, &$data, &$response)
|
|||||||
|
|
||||||
$ids = array();
|
$ids = array();
|
||||||
/* Load a list of awards linked to the fair id */
|
/* Load a list of awards linked to the fair id */
|
||||||
$q = mysql_query("SELECT * FROM fairs_awards_link WHERE fairs_id='{$fair['id']}'");
|
$q = $pdo->prepare("SELECT * FROM fairs_awards_link WHERE fairs_id='{$fair['id']}'");
|
||||||
while($r = mysql_fetch_assoc($q)) {
|
$q->execute();
|
||||||
|
while($r = $q->fetch(PDO::FETCH_ASSOC)) {
|
||||||
$aaid = $r['award_awards_id'];
|
$aaid = $r['award_awards_id'];
|
||||||
if($r['download_award'] == 'yes') $ids[] = $aaid;
|
if($r['download_award'] == 'yes') $ids[] = $aaid;
|
||||||
$ul[$aaid] = $r['upload_winners'];
|
$ul[$aaid] = $r['upload_winners'];
|
||||||
@ -80,9 +84,10 @@ function handle_getawards(&$u, $fair, &$data, &$response)
|
|||||||
|
|
||||||
/* Load the awards this fair is allowed to download */
|
/* Load the awards this fair is allowed to download */
|
||||||
$where = "(id='".join("' OR id='", $ids)."')";
|
$where = "(id='".join("' OR id='", $ids)."')";
|
||||||
$q = mysql_query("SELECT * FROM award_awards WHERE $where AND year='$year'" );
|
$q = $pdo->prepare("SELECT * FROM award_awards WHERE $where AND year='$year'" );
|
||||||
|
$q->execute();
|
||||||
|
|
||||||
while($a = mysql_fetch_assoc($q)) {
|
while($a = $q->fetch(PDO::FETCH_ASSOC)) {
|
||||||
$award = array();
|
$award = array();
|
||||||
$award['identifier'] = $a['external_identifier'];
|
$award['identifier'] = $a['external_identifier'];
|
||||||
$award['external_additional_materials'] = $a['external_additional_materials'];
|
$award['external_additional_materials'] = $a['external_additional_materials'];
|
||||||
@ -95,16 +100,18 @@ function handle_getawards(&$u, $fair, &$data, &$response)
|
|||||||
$award['schedule_judges'] = $a['schedule_judges'];
|
$award['schedule_judges'] = $a['schedule_judges'];
|
||||||
|
|
||||||
if($a['sponsors_id']) {
|
if($a['sponsors_id']) {
|
||||||
$sq = mysql_query("SELECT * FROM sponsors WHERE id='{$a['sponsors_id']}'");
|
$sq = $pdo->prepare("SELECT * FROM sponsors WHERE id='{$a['sponsors_id']}'");
|
||||||
if(mysql_num_rows($sq)) {
|
$sq->execute();
|
||||||
$s = mysql_fetch_assoc($sq);
|
if($sq->rowCount()) {
|
||||||
|
$s = $sq->fetch(PDO::FETCH_ASSOC);
|
||||||
$award['sponsor'] = $s['organization'];
|
$award['sponsor'] = $s['organization'];
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
$award['prizes'] = array();
|
$award['prizes'] = array();
|
||||||
$pq = mysql_query("SELECT * FROM award_prizes WHERE award_awards_id='{$a['id']}'");
|
$pq = $pdo->prepare("SELECT * FROM award_prizes WHERE award_awards_id='{$a['id']}'");
|
||||||
while($p = mysql_fetch_assoc($pq)) {
|
$pq->execute();
|
||||||
|
while($p = $pq->fetch(PDO::FETCH_ASSOC)) {
|
||||||
/* Map array keys -> local database field */
|
/* Map array keys -> local database field */
|
||||||
$map = array( 'cash' => 'cash', 'scholarship' => 'scholarship',
|
$map = array( 'cash' => 'cash', 'scholarship' => 'scholarship',
|
||||||
'value' => 'value', 'prize_en' => 'prize', 'number'=>'number',
|
'value' => 'value', 'prize_en' => 'prize', 'number'=>'number',
|
||||||
@ -146,7 +153,7 @@ function award_upload_update_school(&$mysql_query, &$school, $school_id = -1)
|
|||||||
'scienceheadphone'=>'scienceheadphone');*/
|
'scienceheadphone'=>'scienceheadphone');*/
|
||||||
|
|
||||||
if($school_id == -1) {
|
if($school_id == -1) {
|
||||||
$our_school = mysql_fetch_assoc($mysql_query);
|
$our_school = $mysql_query->fetch(PDO::FETCH_ASSOC);
|
||||||
$sid = $our_school['id'];
|
$sid = $our_school['id'];
|
||||||
} else {
|
} else {
|
||||||
$sid = $school_id;
|
$sid = $school_id;
|
||||||
@ -156,41 +163,47 @@ function award_upload_update_school(&$mysql_query, &$school, $school_id = -1)
|
|||||||
foreach($school_fields as $t=>$m) {
|
foreach($school_fields as $t=>$m) {
|
||||||
if($our_school[$m] == $school[$t]) continue;
|
if($our_school[$m] == $school[$t]) continue;
|
||||||
if($set != '') $set.=',';
|
if($set != '') $set.=',';
|
||||||
$set .= "`$m`='".mysql_real_escape_string($school[$t])."'";
|
$set .= "`$m`='".$school[$t]."'";
|
||||||
}
|
}
|
||||||
mysql_query("UPDATE schools SET $set WHERE id='$sid'");
|
$stmt = $pdo->prepare("UPDATE schools SET $set WHERE id='$sid'");
|
||||||
|
$stmt->execute();
|
||||||
return $sid;
|
return $sid;
|
||||||
}
|
}
|
||||||
|
|
||||||
function award_upload_school(&$student, &$school, $year, &$response)
|
function award_upload_school(&$student, &$school, $year, &$response)
|
||||||
{
|
{
|
||||||
|
|
||||||
$school_name = mysql_real_escape_string($school['schoolname']);
|
$school_name = $school['schoolname'];
|
||||||
$school_city = mysql_real_escape_string($school['city']);
|
$school_city = $school['city'];
|
||||||
$school_phone = mysql_real_escape_string($school['phone']);
|
$school_phone = $school['phone'];
|
||||||
$school_addr = mysql_real_escape_string($school['address']);
|
$school_addr = $school['address'];
|
||||||
$student_city = $student['city'];
|
$student_city = $student['city'];
|
||||||
|
|
||||||
/* Find school by matching name, city, phone, year */
|
/* Find school by matching name, city, phone, year */
|
||||||
$q = mysql_query("SELECT * FROM schools WHERE school='$school_name' AND city='$school_city' AND phone='$school_phone' AND year='$year'");
|
$q = $pdo->prepare("SELECT * FROM schools WHERE school='$school_name' AND city='$school_city' AND phone='$school_phone' AND year='$year'");
|
||||||
if(mysql_num_rows($q) == 1) return award_upload_update_school($q, $school);
|
$q->execute();
|
||||||
|
if($q->rowCount() == 1) return award_upload_update_school($q, $school);
|
||||||
|
|
||||||
/* Find school by matching name, city, address, year */
|
/* Find school by matching name, city, address, year */
|
||||||
$q = mysql_query("SELECT * FROM schools WHERE school='$school_name' AND city='$school_city' AND address='$school_addr' AND year='$year'");
|
$q = $pdo->prepare("SELECT * FROM schools WHERE school='$school_name' AND city='$school_city' AND address='$school_addr' AND year='$year'");
|
||||||
if(mysql_num_rows($q) == 1) return award_upload_update_school($q, $school);
|
$q->execute();
|
||||||
|
if($q->rowCount() == 1) return award_upload_update_school($q, $school);
|
||||||
|
|
||||||
/* Find school by matching name, city, year */
|
/* Find school by matching name, city, year */
|
||||||
$q = mysql_query("SELECT * FROM schools WHERE school='$school_name' AND city='$school_city' AND year='$year'");
|
$q = $pdo->prepare("SELECT * FROM schools WHERE school='$school_name' AND city='$school_city' AND year='$year'");
|
||||||
if(mysql_num_rows($q) == 1) return award_upload_update_school($q, $school);
|
$q->execute();
|
||||||
|
if($q->rowCount() == 1) return award_upload_update_school($q, $school);
|
||||||
|
|
||||||
/* Find school by matching name, student city, year */
|
/* Find school by matching name, student city, year */
|
||||||
$q = mysql_query("SELECT * FROM schools WHERE school='$school_name' AND city='$student_city' AND year='$year'");
|
$q = $pdo->prepare("SELECT * FROM schools WHERE school='$school_name' AND city='$student_city' AND year='$year'");
|
||||||
if(mysql_num_rows($q) == 1) return award_upload_update_school($q, $school);
|
$q->execute();
|
||||||
|
if($q->rowCount() == 1) return award_upload_update_school($q, $school);
|
||||||
|
|
||||||
$response['notice'][] = " - Creating new school: $school_name";
|
$response['notice'][] = " - Creating new school: $school_name";
|
||||||
/* No? ok, make a new school */
|
/* No? ok, make a new school */
|
||||||
mysql_query("INSERT INTO schools(`school`,`year`) VALUES ('".mysql_real_escape_string($school['schoolname'])."','$year')");
|
$stmt = $pdo->prepare("INSERT INTO schools(`school`,`year`) VALUES ('".$school['schoolname']."','$year')");
|
||||||
$school_id = mysql_insert_id();
|
$stmt->execute();
|
||||||
|
$school_id = $pdo->lastInsertId();
|
||||||
return award_upload_update_school($q, $school, $school_id);
|
return award_upload_update_school($q, $school, $school_id);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -216,11 +229,12 @@ function award_upload_assign(&$fair, &$award, &$prize, &$project, $year, &$respo
|
|||||||
'teacheremail'=>'teacheremail');
|
'teacheremail'=>'teacheremail');
|
||||||
|
|
||||||
/* See if this project already exists */
|
/* See if this project already exists */
|
||||||
$pn = mysql_real_escape_string($project['projectnumber']);
|
$pn = $project['projectnumber'];
|
||||||
$q = mysql_query("SELECT * FROM projects WHERE projectnumber='$pn' AND fairs_id='{$fair['id']}' AND year='$year'");
|
$q = $pdo->prepare("SELECT * FROM projects WHERE projectnumber='$pn' AND fairs_id='{$fair['id']}' AND year='$year'");
|
||||||
echo mysql_error();
|
$q->execute();
|
||||||
if(mysql_num_rows($q) == 1) {
|
echo $pdo->errorInfo();
|
||||||
$our_project = mysql_fetch_assoc($q);
|
if($q->rowCount() == 1) {
|
||||||
|
$our_project = $q->fetch(PDO::FETCH_ASSOC);
|
||||||
$registrations_id = $our_project['registrations_id'];
|
$registrations_id = $our_project['registrations_id'];
|
||||||
$pid = $our_project['id'];
|
$pid = $our_project['id'];
|
||||||
$response['notice'][] = " - Found existing project: {$project['title']}";
|
$response['notice'][] = " - Found existing project: {$project['title']}";
|
||||||
@ -233,41 +247,47 @@ function award_upload_assign(&$fair, &$award, &$prize, &$project, $year, &$respo
|
|||||||
//random number between
|
//random number between
|
||||||
//100000 and 999999 (six digit integer)
|
//100000 and 999999 (six digit integer)
|
||||||
$regnum=rand(100000,999999);
|
$regnum=rand(100000,999999);
|
||||||
$q=mysql_query("SELECT * FROM registrations WHERE num='$regnum' AND year=$year");
|
$q=$pdo->prepare("SELECT * FROM registrations WHERE num='$regnum' AND year=$year");
|
||||||
echo mysql_error();
|
$q->execute();
|
||||||
}while(mysql_num_rows($q)>0);
|
echo $pdo->errorInfo();
|
||||||
|
}while($q->rowCount()>0);
|
||||||
|
|
||||||
//actually insert it
|
//actually insert it
|
||||||
mysql_query("INSERT INTO registrations (num,email,start,status,schools_id,year) VALUES (".
|
$stmt= $pdo->prepare("INSERT INTO registrations (num,email,start,status,schools_id,year) VALUES (".
|
||||||
"'$regnum','$regnum',NOW(),'open',NULL,'$year')");
|
"'$regnum','$regnum',NOW(),'open',NULL,'$year')");
|
||||||
$registrations_id = mysql_insert_id();
|
$stmt->execute();
|
||||||
|
$registrations_id = $pdo->lastInsertId();
|
||||||
/* We'll fill in the email address later */
|
/* We'll fill in the email address later */
|
||||||
|
|
||||||
/* Add the project */
|
/* Add the project */
|
||||||
mysql_query("INSERT INTO projects (`registrations_id`,`projectnumber`,`year`,`fairs_id`)
|
$stmt = $pdo->prepare("INSERT INTO projects (`registrations_id`,`projectnumber`,`year`,`fairs_id`)
|
||||||
VALUES('$registrations_id',
|
VALUES('$registrations_id',
|
||||||
'".mysql_real_escape_string($project['projectnumber'])."',
|
'".$project['projectnumber']."',
|
||||||
'$year', '{$fair['id']}');");
|
'$year', '{$fair['id']}');");
|
||||||
$pid = mysql_insert_id();
|
$stmt->execute();
|
||||||
|
$pid = $pdo->lastInsertId();
|
||||||
$reg_email_needs_update = true;
|
$reg_email_needs_update = true;
|
||||||
$new_reg = true;
|
$new_reg = true;
|
||||||
}
|
}
|
||||||
$q = mysql_query("SELECT * FROM registrations WHERE id='$registrations_id'");
|
$q = $pdo->prepare("SELECT * FROM registrations WHERE id='$registrations_id'");
|
||||||
$registration = mysql_fetch_assoc($q);
|
$q->execute();
|
||||||
|
$registration = $q->fetch(PDO::FETCH_ASSOC);
|
||||||
|
|
||||||
/* Update the project in case anythign changed */
|
/* Update the project in case anythign changed */
|
||||||
mysql_query("UPDATE projects SET title='".mysql_real_escape_string($project['title'])."',
|
$stmt = $pdo->prepare("UPDATE projects SET title='".$project['title']."',
|
||||||
summary='".mysql_real_escape_string($project['abstract'])."',
|
summary='".$project['abstract']."',
|
||||||
projectcategories_id='".intval($project['projectcategories_id'])."',
|
projectcategories_id='".intval($project['projectcategories_id'])."',
|
||||||
projectdivisions_id='".intval($project['projectdivisions_id'])."'
|
projectdivisions_id='".intval($project['projectdivisions_id'])."'
|
||||||
WHERE id='$pid'");
|
WHERE id='$pid'");
|
||||||
|
$stmt->execute();
|
||||||
|
|
||||||
/* Record the winner */
|
/* Record the winner */
|
||||||
mysql_query("INSERT INTO winners(`awards_prizes_id`,`projects_id`,`year`,`fairs_id`)
|
$stmt = $pdo->prepare("INSERT INTO winners(`awards_prizes_id`,`projects_id`,`year`,`fairs_id`)
|
||||||
VALUES('{$prize['id']}','$pid','$year','{$fair['id']}')");
|
VALUES('{$prize['id']}','$pid','$year','{$fair['id']}')");
|
||||||
|
$stmt->execute();
|
||||||
/* Delete the students attached to this project */
|
/* Delete the students attached to this project */
|
||||||
mysql_query("DELETE FROM students WHERE registrations_id='$registrations_id'");
|
$stmt = $pdo->prepare("DELETE FROM students WHERE registrations_id='$registrations_id'");
|
||||||
|
$stmt->execute();
|
||||||
|
|
||||||
/* Add new */
|
/* Add new */
|
||||||
foreach($project['students'] as &$student) {
|
foreach($project['students'] as &$student) {
|
||||||
@ -279,15 +299,17 @@ function award_upload_assign(&$fair, &$award, &$prize, &$project, $year, &$respo
|
|||||||
$keys = ",`".join("`,`", array_values($student_fields))."`";
|
$keys = ",`".join("`,`", array_values($student_fields))."`";
|
||||||
$values = "";
|
$values = "";
|
||||||
foreach($student_fields as $k=>$v)
|
foreach($student_fields as $k=>$v)
|
||||||
$values .= ",'".mysql_real_escape_string($student[$k])."'";
|
$values .= ",'".$student[$k]."'";
|
||||||
/* Note lack of comma before $keys, we added it above for both keys and values */
|
/* Note lack of comma before $keys, we added it above for both keys and values */
|
||||||
mysql_query("INSERT INTO students (`registrations_id`,`fairs_id`, `schools_id`,`year` $keys)
|
$stmt = $pdo->prepare("INSERT INTO students (`registrations_id`,`fairs_id`, `schools_id`,`year` $keys)
|
||||||
VALUES('$registrations_id','{$fair['id']}','$schools_id','$year' $values )");
|
VALUES('$registrations_id','{$fair['id']}','$schools_id','$year' $values )");
|
||||||
|
$stmt->execute();
|
||||||
|
|
||||||
/* Update the registration email */
|
/* Update the registration email */
|
||||||
if($reg_email_needs_update) {
|
if($reg_email_needs_update) {
|
||||||
mysql_query("UPDATE registrations SET email='".mysql_real_escape_string($student['email'])."'
|
$stmt = $pdo->prepare("UPDATE registrations SET email='".$student['email']."'
|
||||||
WHERE id='$registrations_id'");
|
WHERE id='$registrations_id'");
|
||||||
|
$stmt->execute();
|
||||||
$reg_email_needs_update = false;
|
$reg_email_needs_update = false;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -305,7 +327,8 @@ function award_upload_assign(&$fair, &$award, &$prize, &$project, $year, &$respo
|
|||||||
/* It's not an external, so we don't need the student to login
|
/* It's not an external, so we don't need the student to login
|
||||||
* or antyhing, we probably want to include it in reports, so set
|
* or antyhing, we probably want to include it in reports, so set
|
||||||
* it to complete */
|
* it to complete */
|
||||||
mysql_query("UPDATE registrations SET status='complete' WHERE id='$registrations_id'");
|
$stmt = $pdo->prepare("UPDATE registrations SET status='complete' WHERE id='$registrations_id'");
|
||||||
|
$stmt->execute();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -326,15 +349,16 @@ function handle_awards_upload(&$u, &$fair, &$data, &$response)
|
|||||||
$year = intval($award_data['year']);
|
$year = intval($award_data['year']);
|
||||||
|
|
||||||
/* Find the award */
|
/* Find the award */
|
||||||
$eid = mysql_real_escape_string($external_identifier);
|
$eid = $external_identifier;
|
||||||
|
|
||||||
$q = mysql_query("SELECT * FROM award_awards WHERE external_identifier='$eid' AND year='$year'");
|
$q = $pdo->prepare("SELECT * FROM award_awards WHERE external_identifier='$eid' AND year='$year'");
|
||||||
if(mysql_num_rows($q) != 1) {
|
$q->execute();
|
||||||
|
if($q->rowCount() != 1) {
|
||||||
$response['message'] = "Unknown award identifier '$eid' for year $year";
|
$response['message'] = "Unknown award identifier '$eid' for year $year";
|
||||||
$response['error'] = 1;
|
$response['error'] = 1;
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
$award = mysql_fetch_assoc($q);
|
$award = $q->fetch(PDO::FETCH_ASSOC);
|
||||||
$aaid = $award['id'];
|
$aaid = $award['id'];
|
||||||
|
|
||||||
$response['notice'][] = "Found award: {$award['name']}";
|
$response['notice'][] = "Found award: {$award['name']}";
|
||||||
@ -342,14 +366,16 @@ function handle_awards_upload(&$u, &$fair, &$data, &$response)
|
|||||||
/* Load prizes, we fetched the right award by year, so we don't need to
|
/* Load prizes, we fetched the right award by year, so we don't need to
|
||||||
* check the year as long as we query by aaid */
|
* check the year as long as we query by aaid */
|
||||||
$prizes = array();
|
$prizes = array();
|
||||||
$q = mysql_query("SELECT * FROM award_prizes WHERE award_awards_id='$aaid'");
|
$q = $pdo->prepare("SELECT * FROM award_prizes WHERE award_awards_id='$aaid'");
|
||||||
while($prize = mysql_fetch_assoc($q)) {
|
$q->execute();
|
||||||
|
while($prize = $q->fetch(PDO::FETCH_ASSOC)) {
|
||||||
$response['notice'][] = " - Prize: {$prize['prize']}";
|
$response['notice'][] = " - Prize: {$prize['prize']}";
|
||||||
|
|
||||||
/* Clean out existing winners for this prize */
|
/* Clean out existing winners for this prize */
|
||||||
mysql_query("DELETE FROM winners WHERE
|
$stmt = $pdo->prepare("DELETE FROM winners WHERE
|
||||||
award_prize_id='{$prize['id']}'
|
award_prize_id='{$prize['id']}'
|
||||||
AND fairs_id='{$fair['id']}'");
|
AND fairs_id='{$fair['id']}'");
|
||||||
|
$stmt->execute();
|
||||||
|
|
||||||
/* Assign projects to this prize */
|
/* Assign projects to this prize */
|
||||||
$ul_p =& $award_data['prizes'][$prize['prize']];
|
$ul_p =& $award_data['prizes'][$prize['prize']];
|
||||||
@ -368,8 +394,9 @@ function handle_get_categories(&$u, &$fair, &$data, &$response)
|
|||||||
{
|
{
|
||||||
$year = intval($data['get_categories']['year']);
|
$year = intval($data['get_categories']['year']);
|
||||||
$cat = array();
|
$cat = array();
|
||||||
$q=mysql_query("SELECT * FROM projectcategories WHERE year='$year' ORDER BY id");
|
$q=$pdo->prepare("SELECT * FROM projectcategories WHERE year='$year' ORDER BY id");
|
||||||
while($r=mysql_fetch_object($q)) {
|
$q->execute();
|
||||||
|
while($r=$q->fetch(PDO::FETCH_OBJ)) {
|
||||||
$cat[$r->id]=array('id' => $r->id,
|
$cat[$r->id]=array('id' => $r->id,
|
||||||
'category' => $r->category,
|
'category' => $r->category,
|
||||||
'mingrade' => $r->mingrade,
|
'mingrade' => $r->mingrade,
|
||||||
@ -383,8 +410,9 @@ function handle_get_divisions(&$u, &$fair, &$data, &$response)
|
|||||||
{
|
{
|
||||||
$year = intval($data['get_divisions']['year']);
|
$year = intval($data['get_divisions']['year']);
|
||||||
$div = array();
|
$div = array();
|
||||||
$q=mysql_query("SELECT * FROM projectdivisions WHERE year='$year' ORDER BY id");
|
$q=$pdo->prepare("SELECT * FROM projectdivisions WHERE year='$year' ORDER BY id");
|
||||||
while($r=mysql_fetch_object($q)) {
|
$q->execute();
|
||||||
|
while($r=$q->fetch(PDO::FETCH_OBJ)) {
|
||||||
$div[$r->id] = array('id' => $r->id,
|
$div[$r->id] = array('id' => $r->id,
|
||||||
'division' => $r->division);
|
'division' => $r->division);
|
||||||
}
|
}
|
||||||
@ -397,14 +425,15 @@ function handle_award_additional_materials(&$u, &$fair, &$data, &$response)
|
|||||||
$year = intval($data['award_additional_materials']['year']);
|
$year = intval($data['award_additional_materials']['year']);
|
||||||
$external_identifier = $data['award_additional_materials']['identifier'];
|
$external_identifier = $data['award_additional_materials']['identifier'];
|
||||||
|
|
||||||
$eid = mysql_real_escape_string($external_identifier);
|
$eid = $external_identifier;
|
||||||
$q = mysql_query("SELECT * FROM award_awards WHERE external_identifier='$eid' AND year='$year'");
|
$q = $pdo->prepare("SELECT * FROM award_awards WHERE external_identifier='$eid' AND year='$year'");
|
||||||
if(mysql_num_rows($q) != 1) {
|
$q->execute();
|
||||||
|
if($q->rowCount() != 1) {
|
||||||
$response['message'] = "Unknown award identifier '$eid'";
|
$response['message'] = "Unknown award identifier '$eid'";
|
||||||
$response['error'] = 1;
|
$response['error'] = 1;
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
$award = mysql_fetch_assoc($q);
|
$award = $q->fetch(PDO::FETCH_ASSOC);
|
||||||
|
|
||||||
$pdf = fair_additional_materials($fair, $award, $year);
|
$pdf = fair_additional_materials($fair, $award, $year);
|
||||||
$response['award_additional_materials']['pdf']['header'] = $pdf['header'];
|
$response['award_additional_materials']['pdf']['header'] = $pdf['header'];
|
||||||
@ -456,8 +485,9 @@ function handle_award_additional_materials(&$u, &$fair, &$data, &$response)
|
|||||||
exit;
|
exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
$q = mysql_query("SELECT * FROM fairs WHERE id='{$u['fairs_id']}'");
|
$q = $pdo->prepare("SELECT * FROM fairs WHERE id='{$u['fairs_id']}'");
|
||||||
$fair = mysql_fetch_assoc($q);
|
$q->execute();
|
||||||
|
$fair = $q->fetch(PDO::FETCH_ASSOC);
|
||||||
|
|
||||||
$response = array();
|
$response = array();
|
||||||
if(array_key_exists('getstats', $data)) handle_getstats($u,$fair, $data, $response);
|
if(array_key_exists('getstats', $data)) handle_getstats($u,$fair, $data, $response);
|
||||||
|
@ -4,12 +4,14 @@ require_once('user.inc.php');
|
|||||||
|
|
||||||
if($_POST['schoolid'] && $_POST['accesscode'])
|
if($_POST['schoolid'] && $_POST['accesscode'])
|
||||||
{
|
{
|
||||||
$q=mysql_query("SELECT * FROM schools WHERE id='".$_POST['schoolid']."' AND accesscode='".$_POST['accesscode']."' AND year='".$config['FAIRYEAR']."'");
|
$q=$pdo->prepare("SELECT * FROM schools WHERE id='".$_POST['schoolid']."' AND accesscode='".$_POST['accesscode']."' AND year='".$config['FAIRYEAR']."'");
|
||||||
if(mysql_num_rows($q)==1)
|
$q->execute();
|
||||||
|
if($q->rowCount()==1)
|
||||||
{
|
{
|
||||||
$_SESSION['schoolid']=$_POST['schoolid'];
|
$_SESSION['schoolid']=$_POST['schoolid'];
|
||||||
$_SESSION['schoolaccesscode']=$_POST['accesscode'];
|
$_SESSION['schoolaccesscode']=$_POST['accesscode'];
|
||||||
mysql_query("UPDATE schools SET lastlogin=NOW() WHERE id='".$_POST['schoolid']."'");
|
$stmt = $pdo->prepare("UPDATE schools SET lastlogin=NOW() WHERE id='".$_POST['schoolid']."'");
|
||||||
|
$stmt->execute();
|
||||||
|
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
@ -28,9 +30,10 @@ send_header("School Access");
|
|||||||
|
|
||||||
if($_SESSION['schoolid'] && $_SESSION['schoolaccesscode'])
|
if($_SESSION['schoolid'] && $_SESSION['schoolaccesscode'])
|
||||||
{
|
{
|
||||||
$q=mysql_query("SELECT * FROM schools WHERE id='".$_SESSION['schoolid']."' AND accesscode='".$_SESSION['schoolaccesscode']."' AND year='".$config['FAIRYEAR']."'");
|
$q=$pdo->prepare("SELECT * FROM schools WHERE id='".$_SESSION['schoolid']."' AND accesscode='".$_SESSION['schoolaccesscode']."' AND year='".$config['FAIRYEAR']."'");
|
||||||
echo mysql_error();
|
$q->execute();
|
||||||
$school=mysql_fetch_object($q);
|
echo $pdo->errorInfo();
|
||||||
|
$school=$q->fetch(PDO::FETCH_OBJ);
|
||||||
if($school) {
|
if($school) {
|
||||||
if($_POST['action']=="save") {
|
if($_POST['action']=="save") {
|
||||||
|
|
||||||
@ -65,27 +68,29 @@ if($_SESSION['schoolid'] && $_SESSION['schoolaccesscode'])
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
mysql_query("UPDATE schools SET
|
$stmt = $pdo->prepare("UPDATE schools SET
|
||||||
school='".mysql_escape_string(stripslashes($_POST['school']))."',
|
school='".stripslashes($_POST['school'])."',
|
||||||
address='".mysql_escape_string(stripslashes($_POST['address']))."',
|
address='".stripslashes($_POST['address'])."',
|
||||||
city='".mysql_escape_string(stripslashes($_POST['city']))."',
|
city='".stripslashes($_POST['city'])."',
|
||||||
province_code='".mysql_escape_string(stripslashes($_POST['province_code']))."',
|
province_code='".stripslashes($_POST['province_code'])."',
|
||||||
postalcode='".mysql_escape_string(stripslashes($_POST['postalcode']))."',
|
postalcode='".stripslashes($_POST['postalcode'])."',
|
||||||
phone='".mysql_escape_string(stripslashes($_POST['phone']))."',
|
phone='".stripslashes($_POST['phone'])."',
|
||||||
$sciencehead_update
|
$sciencehead_update
|
||||||
fax='".mysql_escape_string(stripslashes($_POST['fax']))."'
|
fax='".stripslashes($_POST['fax'])."'
|
||||||
WHERE id='$school->id'");
|
WHERE id='$school->id'");
|
||||||
|
$stmt->execute();
|
||||||
|
|
||||||
echo mysql_error();
|
echo $pdo->errorInfo();
|
||||||
if(mysql_error())
|
if($pdo->errorInfo())
|
||||||
echo error(i18n("An Error occured trying to save the school information"));
|
echo error(i18n("An Error occured trying to save the school information"));
|
||||||
else
|
else
|
||||||
echo happy(i18n("School information successfully updated"));
|
echo happy(i18n("School information successfully updated"));
|
||||||
|
|
||||||
//and reselect it
|
//and reselect it
|
||||||
$q=mysql_query("SELECT * FROM schools WHERE id='".$_SESSION['schoolid']."' AND accesscode='".$_SESSION['schoolaccesscode']."' AND year='".$config['FAIRYEAR']."'");
|
$q=$pdo->prepare("SELECT * FROM schools WHERE id='".$_SESSION['schoolid']."' AND accesscode='".$_SESSION['schoolaccesscode']."' AND year='".$config['FAIRYEAR']."'");
|
||||||
echo mysql_error();
|
$q->execute();
|
||||||
$school=mysql_fetch_object($q);
|
echo $pdo->errorInfo();
|
||||||
|
$school=$q->fetch(PDO::FETCH_OBJ);
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@ -97,11 +102,11 @@ if($_SESSION['schoolid'] && $_SESSION['schoolaccesscode'])
|
|||||||
senior='".$_POST['senior']."'
|
senior='".$_POST['senior']."'
|
||||||
WHERE id='$school->id'");
|
WHERE id='$school->id'");
|
||||||
|
|
||||||
echo mysql_error();
|
echo $pdo->errorInfo();
|
||||||
|
|
||||||
$q=mysql_query("SELECT * FROM schools WHERE id='".$_SESSION['schoolid']."' AND accesscode='".$_SESSION['schoolaccesscode']."'");
|
$q=mysql_query("SELECT * FROM schools WHERE id='".$_SESSION['schoolid']."' AND accesscode='".$_SESSION['schoolaccesscode']."'");
|
||||||
echo "<font color=blue><b>Participation Information Successfully Updated</b></font><br>\n";
|
echo "<font color=blue><b>Participation Information Successfully Updated</b></font><br>\n";
|
||||||
$school=mysql_fetch_object($q);
|
$school=$q->fetch(PDO::FETCH_OBJ);
|
||||||
|
|
||||||
}
|
}
|
||||||
*/
|
*/
|
||||||
@ -221,9 +226,10 @@ else {
|
|||||||
<select name="schoolid">
|
<select name="schoolid">
|
||||||
<option value=""><?=i18n("Choose your school")?></option>
|
<option value=""><?=i18n("Choose your school")?></option>
|
||||||
<?
|
<?
|
||||||
$q=mysql_query("SELECT id,school,city FROM schools WHERE year='".$config['FAIRYEAR']."' ORDER BY school");
|
$q=$pdo->prepare("SELECT id,school,city FROM schools WHERE year='".$config['FAIRYEAR']."' ORDER BY school");
|
||||||
|
$q->execute();
|
||||||
$prev="somethingthatdoesnotexist";
|
$prev="somethingthatdoesnotexist";
|
||||||
while($r=mysql_fetch_object($q))
|
while($r=$q->fetch(PDO::FETCH_OBJ))
|
||||||
{
|
{
|
||||||
if($r->school==$prev)
|
if($r->school==$prev)
|
||||||
echo "<option value=\"$r->id\">$r->school ($r->city)</option>\n";
|
echo "<option value=\"$r->id\">$r->school ($r->city)</option>\n";
|
||||||
|
@ -7,9 +7,10 @@ if($_SESSION['schoolid'] && $_SESSION['schoolaccesscode'])
|
|||||||
|
|
||||||
echo "<a href=\"schoolaccess.php\"><< ".i18n("Return to school access main page")."</a><br />";
|
echo "<a href=\"schoolaccess.php\"><< ".i18n("Return to school access main page")."</a><br />";
|
||||||
echo "<br />";
|
echo "<br />";
|
||||||
$q=mysql_query("SELECT * FROM schools WHERE id='".$_SESSION['schoolid']."' AND accesscode='".$_SESSION['schoolaccesscode']."' AND year='".$config['FAIRYEAR']."'");
|
$q=$pdo->prepare("SELECT * FROM schools WHERE id='".$_SESSION['schoolid']."' AND accesscode='".$_SESSION['schoolaccesscode']."' AND year='".$config['FAIRYEAR']."'");
|
||||||
echo mysql_error();
|
$q->execute();
|
||||||
$school=mysql_fetch_object($q);
|
echo $pdo->errorInfo();
|
||||||
|
$school=$q->fetch(PDO::FETCH_OBJ);
|
||||||
if($school)
|
if($school)
|
||||||
{
|
{
|
||||||
if($config['participant_registration_type']=="invite" || $config['participant_registration_type']=="openorinvite" )
|
if($config['participant_registration_type']=="invite" || $config['participant_registration_type']=="openorinvite" )
|
||||||
@ -19,8 +20,9 @@ if($_SESSION['schoolid'] && $_SESSION['schoolaccesscode'])
|
|||||||
if($_POST['firstname'] && $_POST['lastname'] && $_POST['email'] && $_POST['grade'])
|
if($_POST['firstname'] && $_POST['lastname'] && $_POST['email'] && $_POST['grade'])
|
||||||
{
|
{
|
||||||
//make sure they arent already invited!
|
//make sure they arent already invited!
|
||||||
$q=mysql_query("SELECT firstname, lastname FROM students WHERE year='".$config['FAIRYEAR']."' AND email='".$_POST['email']."'");
|
$q=$pdo->prepare("SELECT firstname, lastname FROM students WHERE year='".$config['FAIRYEAR']."' AND email='".$_POST['email']."'");
|
||||||
if(mysql_num_rows($q))
|
$q->execute();
|
||||||
|
if($q->rowCount())
|
||||||
{
|
{
|
||||||
echo error(i18n("That students email address has already been invited"));
|
echo error(i18n("That students email address has already been invited"));
|
||||||
}
|
}
|
||||||
@ -34,11 +36,12 @@ if($_SESSION['schoolid'] && $_SESSION['schoolaccesscode'])
|
|||||||
//random number between
|
//random number between
|
||||||
//100000 and 999999 (six digit integer)
|
//100000 and 999999 (six digit integer)
|
||||||
$regnum=rand(100000,999999);
|
$regnum=rand(100000,999999);
|
||||||
$q=mysql_query("SELECT * FROM registrations WHERE num='$regnum' AND year=".$config['FAIRYEAR']);
|
$q=$pdo->prepare("SELECT * FROM registrations WHERE num='$regnum' AND year=".$config['FAIRYEAR']);
|
||||||
}while(mysql_num_rows($q)>0);
|
$q->execute();
|
||||||
|
}while($q->rowCount()>0);
|
||||||
|
|
||||||
//actually insert it
|
//actually insert it
|
||||||
mysql_query("INSERT INTO registrations (num,email,emailcontact,start,status,year) VALUES (".
|
$stmt = $pdo->prepare("INSERT INTO registrations (num,email,emailcontact,start,status,year) VALUES (".
|
||||||
"'$regnum',".
|
"'$regnum',".
|
||||||
"'".$_POST['email']."',".
|
"'".$_POST['email']."',".
|
||||||
"'".$_POST['emailcontact']."',".
|
"'".$_POST['emailcontact']."',".
|
||||||
@ -46,16 +49,18 @@ if($_SESSION['schoolid'] && $_SESSION['schoolaccesscode'])
|
|||||||
"'open',".
|
"'open',".
|
||||||
$config['FAIRYEAR'].
|
$config['FAIRYEAR'].
|
||||||
")");
|
")");
|
||||||
$regid=mysql_insert_id();
|
$stmt->execute();
|
||||||
|
$regid=$pdo->lastInsertId();
|
||||||
|
|
||||||
mysql_query("INSERT INTO students (registrations_id,email,firstname,lastname,schools_id,grade,year) VALUES (
|
$stmt = $pdo->prepare("INSERT INTO students (registrations_id,email,firstname,lastname,schools_id,grade,year) VALUES (
|
||||||
'$regid',
|
'$regid',
|
||||||
'".mysql_escape_string($_POST['email'])."',
|
'".$_POST['email']."',
|
||||||
'".mysql_escape_string($_POST['firstname'])."',
|
'".$_POST['firstname']."',
|
||||||
'".mysql_escape_string($_POST['lastname'])."',
|
'".$_POST['lastname']."',
|
||||||
'".mysql_escape_string($_SESSION['schoolid'])."',
|
'".$_SESSION['schoolid']."',
|
||||||
'".mysql_escape_string($_POST['grade'])."',
|
'".$_POST['grade']."',
|
||||||
'".$config['FAIRYEAR']."')");
|
'".$config['FAIRYEAR']."')");
|
||||||
|
$stmt->execute();
|
||||||
|
|
||||||
email_send("new_participant",$_POST['email'],array(),array("REGNUM"=>$regnum, "EMAIL"=>$_POST['email']));
|
email_send("new_participant",$_POST['email'],array(),array("REGNUM"=>$regnum, "EMAIL"=>$_POST['email']));
|
||||||
if($_POST['emailcontact'])
|
if($_POST['emailcontact'])
|
||||||
@ -70,19 +75,26 @@ if($_SESSION['schoolid'] && $_SESSION['schoolaccesscode'])
|
|||||||
if($_GET['action']=="uninvite")
|
if($_GET['action']=="uninvite")
|
||||||
{
|
{
|
||||||
//first, make sure that this is really their student, and it sfor this year.
|
//first, make sure that this is really their student, and it sfor this year.
|
||||||
$q=mysql_query("SELECT * FROM students WHERE id='".$_GET['uninvite']."' AND year='".$config['FAIRYEAR']."' AND schools_id='".$_SESSION['schoolid']."'");
|
$q=$pdo->prepare("SELECT * FROM students WHERE id='".$_GET['uninvite']."' AND year='".$config['FAIRYEAR']."' AND schools_id='".$_SESSION['schoolid']."'");
|
||||||
if(mysql_num_rows($q))
|
$q->execute();
|
||||||
|
if($q->rowCount())
|
||||||
{
|
{
|
||||||
$r=mysql_fetch_object($q);
|
$r=$q->fetch(PDO::FETCH_OBJ);
|
||||||
$registrations_id=$r->registrations_id;
|
$registrations_id=$r->registrations_id;
|
||||||
if($registrations_id) //just to be safe!
|
if($registrations_id) //just to be safe!
|
||||||
{
|
{
|
||||||
mysql_query("DELETE FROM students WHERE registrations_id='$registrations_id'");
|
$stmt = $pdo->prepare("DELETE FROM students WHERE registrations_id='$registrations_id'");
|
||||||
mysql_query("DELETE FROM projects WHERE registrations_id='$registrations_id'");
|
$stmt->execute();
|
||||||
mysql_query("DELETE FROM mentors WHERE registrations_id='$registrations_id'");
|
$stmt = $pdo->prepare("DELETE FROM projects WHERE registrations_id='$registrations_id'");
|
||||||
mysql_query("DELETE FROM safety WHERE registrations_id='$registrations_id'");
|
$stmt->execute();
|
||||||
mysql_query("DELETE FROM emergencycontact WHERE registrations_id='$registrations_id'");
|
$stmt = $pdo->prepare("DELETE FROM mentors WHERE registrations_id='$registrations_id'");
|
||||||
mysql_query("DELETE FROM registrations WHERE id='$registrations_id'");
|
$stmt->execute();
|
||||||
|
$stmt = $pdo->prepare("DELETE FROM safety WHERE registrations_id='$registrations_id'");
|
||||||
|
$stmt->execute();
|
||||||
|
$stmt = $pdo->prepare("DELETE FROM emergencycontact WHERE registrations_id='$registrations_id'");
|
||||||
|
$stmt->execute();
|
||||||
|
$stmt = $pdo->prepare("DELETE FROM registrations WHERE id='$registrations_id'");
|
||||||
|
$stmt->execute();
|
||||||
|
|
||||||
echo happy(i18n("Student successfully uninvited"));
|
echo happy(i18n("Student successfully uninvited"));
|
||||||
}
|
}
|
||||||
@ -92,11 +104,12 @@ if($_SESSION['schoolid'] && $_SESSION['schoolaccesscode'])
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
$q=mysql_query("SELECT (NOW()>'".$config['dates']['regopen']."' AND NOW()<'".$config['dates']['regclose']."') AS datecheck");
|
$q=$pdo->prepare("SELECT (NOW()>'".$config['dates']['regopen']."' AND NOW()<'".$config['dates']['regclose']."') AS datecheck");
|
||||||
$datecheck=mysql_fetch_object($q);
|
$q->execute();
|
||||||
|
$datecheck=$q->fetch(PDO::FETCH_OBJ);
|
||||||
|
|
||||||
|
|
||||||
$q=mysql_query("SELECT
|
$q=$pdo->prepare("SELECT
|
||||||
students.*,
|
students.*,
|
||||||
registrations.num,
|
registrations.num,
|
||||||
registrations.emailcontact
|
registrations.emailcontact
|
||||||
@ -111,7 +124,8 @@ if($_SESSION['schoolid'] && $_SESSION['schoolaccesscode'])
|
|||||||
ORDER BY
|
ORDER BY
|
||||||
lastname,
|
lastname,
|
||||||
firstname");
|
firstname");
|
||||||
$currentinvited=mysql_num_rows($q);
|
$q->execute();
|
||||||
|
$currentinvited=$q->rowCount();
|
||||||
|
|
||||||
if($datecheck!=0) {
|
if($datecheck!=0) {
|
||||||
echo i18n("In order for your school's students to register for the fair, you will need to invite them to register. Simply enter their email address below to invite them to register. <b>Important</b>: for group projects, only add one of the participants, that participant will then add the other group member(s) to the project");
|
echo i18n("In order for your school's students to register for the fair, you will need to invite them to register. Simply enter their email address below to invite them to register. <b>Important</b>: for group projects, only add one of the participants, that participant will then add the other group member(s) to the project");
|
||||||
@ -138,10 +152,11 @@ if($_SESSION['schoolid'] && $_SESSION['schoolaccesscode'])
|
|||||||
}
|
}
|
||||||
else if($school->projectlimitper=="agecategory") {
|
else if($school->projectlimitper=="agecategory") {
|
||||||
echo "<br />";
|
echo "<br />";
|
||||||
$catq=mysql_query("SELECT * FROM projectcategories WHERE year='".$config['FAIRYEAR']."' ORDER BY id");
|
$catq=$pdo->prepare("SELECT * FROM projectcategories WHERE year='".$config['FAIRYEAR']."' ORDER BY id");
|
||||||
while($catr=mysql_fetch_object($catq)) {
|
$catq->execute();
|
||||||
|
while($catr=$catq->fetch(PDO::FETCH_OBJ)) {
|
||||||
|
|
||||||
$q2=mysql_query("SELECT COUNT(students.id) AS num
|
$q2=$pdo->prepare("SELECT COUNT(students.id) AS num
|
||||||
FROM
|
FROM
|
||||||
students,
|
students,
|
||||||
registrations
|
registrations
|
||||||
@ -153,8 +168,9 @@ if($_SESSION['schoolid'] && $_SESSION['schoolaccesscode'])
|
|||||||
AND students.registrations_id=registrations.id
|
AND students.registrations_id=registrations.id
|
||||||
GROUP BY registrations.num
|
GROUP BY registrations.num
|
||||||
");
|
");
|
||||||
echo mysql_error();
|
$q2->execute();
|
||||||
$r2=mysql_fetch_object($q2);
|
echo $pdo->errorInfo();
|
||||||
|
$r2=$q2->fetch(PDO::FETCH_OBJ);
|
||||||
$currentinvited=$r2->num;
|
$currentinvited=$r2->num;
|
||||||
|
|
||||||
if($currentinvited<$school->projectlimit || $school->projectlimit==0) {
|
if($currentinvited<$school->projectlimit || $school->projectlimit==0) {
|
||||||
@ -221,7 +237,7 @@ if($_SESSION['schoolid'] && $_SESSION['schoolaccesscode'])
|
|||||||
echo "<br />";
|
echo "<br />";
|
||||||
|
|
||||||
echo "<h4>".i18n("Invited participants from your school")."</h4>";
|
echo "<h4>".i18n("Invited participants from your school")."</h4>";
|
||||||
if(mysql_num_rows($q)) {
|
if($q->rowCount()) {
|
||||||
echo "<table class=\"summarytable\">";
|
echo "<table class=\"summarytable\">";
|
||||||
echo "<tr><th>".i18n("Last Name")."</th><th>".i18n("First Name")."</th>";
|
echo "<tr><th>".i18n("Last Name")."</th><th>".i18n("First Name")."</th>";
|
||||||
echo "<th>".i18n("Email Address")."</th>";
|
echo "<th>".i18n("Email Address")."</th>";
|
||||||
@ -229,7 +245,7 @@ if($_SESSION['schoolid'] && $_SESSION['schoolaccesscode'])
|
|||||||
echo "<th>".i18n("Registration Number")."</th>";
|
echo "<th>".i18n("Registration Number")."</th>";
|
||||||
echo "<th colspan=\"2\">".i18n("Actions")."</th></tr>";
|
echo "<th colspan=\"2\">".i18n("Actions")."</th></tr>";
|
||||||
|
|
||||||
while($r=mysql_fetch_object($q)) {
|
while($r=$q->fetch(PDO::FETCH_OBJ)) {
|
||||||
echo "<tr><td>$r->lastname</td><td>$r->firstname</td>";
|
echo "<tr><td>$r->lastname</td><td>$r->firstname</td>";
|
||||||
echo "<td>$r->email";
|
echo "<td>$r->email";
|
||||||
if($r->emailcontact)
|
if($r->emailcontact)
|
||||||
|
@ -31,8 +31,9 @@
|
|||||||
send_header("Sponsor Main", array());
|
send_header("Sponsor Main", array());
|
||||||
$u=user_load($_SESSION['users_id']);
|
$u=user_load($_SESSION['users_id']);
|
||||||
//print_r($u);
|
//print_r($u);
|
||||||
$q=mysql_query("SELECT * FROM sponsors WHERE id='".$u['sponsors_id']."'");
|
$q=$pdo->prepare("SELECT * FROM sponsors WHERE id='".$u['sponsors_id']."'");
|
||||||
$sponsor=mysql_fetch_object($q);
|
$q->execute();
|
||||||
|
$sponsor=$q->fetch(PDO::FETCH_OBJ);
|
||||||
|
|
||||||
//only display the named greeting if we have their name
|
//only display the named greeting if we have their name
|
||||||
echo i18n("Hello <b>%1</b>",array($_SESSION['name']));
|
echo i18n("Hello <b>%1</b>",array($_SESSION['name']));
|
||||||
@ -49,7 +50,7 @@
|
|||||||
echo "</table>\n";
|
echo "</table>\n";
|
||||||
echo "<h2>Your Sponsorships</h2>\n";
|
echo "<h2>Your Sponsorships</h2>\n";
|
||||||
|
|
||||||
$sq=mysql_query("SELECT fundraising_donations.id,
|
$sq=$pdo->prepare("SELECT fundraising_donations.id,
|
||||||
sponsors.organization,
|
sponsors.organization,
|
||||||
fundraising_donations.value,
|
fundraising_donations.value,
|
||||||
fundraising_donations.status,
|
fundraising_donations.status,
|
||||||
@ -62,7 +63,8 @@
|
|||||||
AND fundraising_goals.fiscalyear='{$config['FISCALYEAR']}'
|
AND fundraising_goals.fiscalyear='{$config['FISCALYEAR']}'
|
||||||
AND sponsors.id='".$u['sponsors_id']."'
|
AND sponsors.id='".$u['sponsors_id']."'
|
||||||
ORDER BY status DESC, probability DESC, organization");
|
ORDER BY status DESC, probability DESC, organization");
|
||||||
echo mysql_error();
|
$sq->execute();
|
||||||
|
echo $pdo->errorInfo();
|
||||||
|
|
||||||
echo "<table class=\"tableview\">";
|
echo "<table class=\"tableview\">";
|
||||||
echo "<tr>";
|
echo "<tr>";
|
||||||
@ -72,7 +74,7 @@
|
|||||||
echo " <th>".i18n("Action")."</th>";
|
echo " <th>".i18n("Action")."</th>";
|
||||||
echo "</tr>\n";
|
echo "</tr>\n";
|
||||||
$total=0;
|
$total=0;
|
||||||
while($sr=mysql_fetch_object($sq)) {
|
while($sr=$sq->fetch(PDO::FETCH-OBJ)) {
|
||||||
echo "<tr id=\"donations_$sr->id\" class=\"fundraising{$sr->status}\">";
|
echo "<tr id=\"donations_$sr->id\" class=\"fundraising{$sr->status}\">";
|
||||||
echo "<td>$sr->name</td>\n";
|
echo "<td>$sr->name</td>\n";
|
||||||
echo "<td>$sr->status</td>";
|
echo "<td>$sr->status</td>";
|
||||||
@ -94,14 +96,15 @@
|
|||||||
echo "<br />\n";
|
echo "<br />\n";
|
||||||
|
|
||||||
echo "<h2>Donor Levels</h2>\n";
|
echo "<h2>Donor Levels</h2>\n";
|
||||||
$q=mysql_query("SELECT * FROM fundraising_donor_levels WHERE year='".$config['FISCALYEAR']."' ORDER BY max DESC");
|
$q=$pdo->prepare("SELECT * FROM fundraising_donor_levels WHERE year='".$config['FISCALYEAR']."' ORDER BY max DESC");
|
||||||
|
$q->execute();
|
||||||
echo "<table class=\"tableview\">";
|
echo "<table class=\"tableview\">";
|
||||||
echo "<th></th><th>".i18n("Level")."</th>";
|
echo "<th></th><th>".i18n("Level")."</th>";
|
||||||
echo "<th>".i18n("Description / Benefits")."</th>\n";
|
echo "<th>".i18n("Description / Benefits")."</th>\n";
|
||||||
echo "<th>".i18n("Range")."</th>\n";
|
echo "<th>".i18n("Range")."</th>\n";
|
||||||
echo "</tr>\n";
|
echo "</tr>\n";
|
||||||
$first=true;
|
$first=true;
|
||||||
while($r=mysql_fetch_object($q)) {
|
while($r=$q->fetch(PDO::FETCH_OBJ)) {
|
||||||
echo "<tr>";
|
echo "<tr>";
|
||||||
echo "<td>";
|
echo "<td>";
|
||||||
if($total>=$r->min && $total<=$r->max) {
|
if($total>=$r->min && $total<=$r->max) {
|
||||||
|
@ -365,8 +365,9 @@ class TableEditor
|
|||||||
$inputsize = 0;
|
$inputsize = 0;
|
||||||
|
|
||||||
//figure out what kind of input this should be
|
//figure out what kind of input this should be
|
||||||
$q=mysql_query("SHOW COLUMNS FROM `{$this->table}` LIKE '$f'");
|
$q=$pdo->prepare("SHOW COLUMNS FROM `{$this->table}` LIKE '$f'");
|
||||||
$r=mysql_fetch_object($q);
|
$q->execute();
|
||||||
|
$r=$q->fetch(PDO::FETCH_OBJ);
|
||||||
|
|
||||||
if(ereg("([a-z]*)\(([0-9,]*)\)",$r->Type,$regs))
|
if(ereg("([a-z]*)\(([0-9,]*)\)",$r->Type,$regs))
|
||||||
{
|
{
|
||||||
@ -466,8 +467,9 @@ class TableEditor
|
|||||||
$query.=" FROM `{$this->table}`";
|
$query.=" FROM `{$this->table}`";
|
||||||
$query.=" WHERE {$this->primaryKey}='{$_GET['edit']}'";
|
$query.=" WHERE {$this->primaryKey}='{$_GET['edit']}'";
|
||||||
if($this->DEBUG) echo $query;
|
if($this->DEBUG) echo $query;
|
||||||
$editquery=mysql_query($query);
|
$editquery=$pdo->prepare($query);
|
||||||
$editdata=mysql_fetch_assoc($editquery);
|
$editquery->execute();
|
||||||
|
$editdata=$editquery->fetch(PDO::FETCH_ASSOC);
|
||||||
return $editdata;
|
return $editdata;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -503,12 +505,14 @@ class TableEditor
|
|||||||
}
|
}
|
||||||
|
|
||||||
if($this->DEBUG) echo $query;
|
if($this->DEBUG) echo $query;
|
||||||
mysql_query($query);
|
$stmt = $pdo->prepare($query);
|
||||||
|
$stmt->execute();
|
||||||
}
|
}
|
||||||
|
|
||||||
function defaultDelete($keyval)
|
function defaultDelete($keyval)
|
||||||
{
|
{
|
||||||
mysql_query("DELETE FROM {$this->table} WHERE {$this->primaryKey}='{$keyval}'");
|
$stmt = $pdo->prepare("DELETE FROM {$this->table} WHERE {$this->primaryKey}='{$keyval}'");
|
||||||
|
$stmt->execute();
|
||||||
echo happy(i18n("Successfully deleted %1",array($this->recordType)));
|
echo happy(i18n("Successfully deleted %1",array($this->recordType)));
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -586,8 +590,8 @@ class TableEditor
|
|||||||
else if($inputtype == 'time') //r->Type=="time")
|
else if($inputtype == 'time') //r->Type=="time")
|
||||||
{
|
{
|
||||||
if($_POST[$f."_hour"]!="" && $_POST[$f."_minute"]!="") {
|
if($_POST[$f."_hour"]!="" && $_POST[$f."_minute"]!="") {
|
||||||
$editdata[$f] = "'".mysql_escape_string(stripslashes($_POST[$f."_hour"])).":".
|
$editdata[$f] = "'".stripslashes($_POST[$f."_hour"]).":".
|
||||||
mysql_escape_string(stripslashes($_POST[$f."_minute"])).":00'";
|
stripslashes($_POST[$f."_minute"]).":00'";
|
||||||
} else {
|
} else {
|
||||||
$editdata[$f] = 'NULL';
|
$editdata[$f] = 'NULL';
|
||||||
}
|
}
|
||||||
@ -608,13 +612,13 @@ class TableEditor
|
|||||||
{
|
{
|
||||||
//chose the text field first, if its been filled in, otherwise, go with the select box
|
//chose the text field first, if its been filled in, otherwise, go with the select box
|
||||||
if($_POST[$f."_text"])
|
if($_POST[$f."_text"])
|
||||||
$editdata[$f] = "'".mysql_escape_string(stripslashes($_POST[$f."_text"]))."'";
|
$editdata[$f] = "'".stripslashes($_POST[$f."_text"])."'";
|
||||||
else if($_POST[$f."_select"])
|
else if($_POST[$f."_select"])
|
||||||
$editdata[$f] = "'".mysql_escape_string(stripslashes($_POST[$f."_select"]))."'";
|
$editdata[$f] = "'".stripslashes($_POST[$f."_select"])."'";
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
//maybe the options were over-wridden, if so, just check the field name
|
//maybe the options were over-wridden, if so, just check the field name
|
||||||
$editdata[$f] = "'".mysql_escape_string(stripslashes($_POST[$f]))."'";
|
$editdata[$f] = "'".stripslashes($_POST[$f])."'";
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
@ -624,9 +628,9 @@ class TableEditor
|
|||||||
//but allow them to enter http:// or https:// themselves.
|
//but allow them to enter http:// or https:// themselves.
|
||||||
//if no protocol is given, assume http://
|
//if no protocol is given, assume http://
|
||||||
if(substr(strtolower($_POST[$f]),0,4)=="http")
|
if(substr(strtolower($_POST[$f]),0,4)=="http")
|
||||||
$editdata[$f] = "'".mysql_escape_string(stripslashes($_POST[$f]))."'";
|
$editdata[$f] = "'".stripslashes($_POST[$f])."'";
|
||||||
else
|
else
|
||||||
$editdata[$f] = "'http://".mysql_escape_string(stripslashes($_POST[$f]))."'";
|
$editdata[$f] = "'http://".stripslashes($_POST[$f])."'";
|
||||||
|
|
||||||
}
|
}
|
||||||
else if(substr($f,0,8)=="filename" && $this->uploadPath)
|
else if(substr($f,0,8)=="filename" && $this->uploadPath)
|
||||||
@ -637,7 +641,7 @@ class TableEditor
|
|||||||
if(file_exists($this->uploadPath."/".$_FILES[$f]['name']))
|
if(file_exists($this->uploadPath."/".$_FILES[$f]['name']))
|
||||||
echo error(i18n("A file with that filename already exists, it will be overwritten"));
|
echo error(i18n("A file with that filename already exists, it will be overwritten"));
|
||||||
move_uploaded_file($_FILES[$f]['tmp_name'],$this->uploadPath."/".$_FILES[$f]['name']);
|
move_uploaded_file($_FILES[$f]['tmp_name'],$this->uploadPath."/".$_FILES[$f]['name']);
|
||||||
$editdata[$f] = "'".mysql_escape_string(stripslashes($_FILES[$f]['name']))."'";
|
$editdata[$f] = "'".stripslashes($_FILES[$f]['name'])."'";
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
@ -653,9 +657,9 @@ class TableEditor
|
|||||||
else
|
else
|
||||||
{
|
{
|
||||||
if($this->fieldValidation[$f])
|
if($this->fieldValidation[$f])
|
||||||
$editdata[$f] = "'".mysql_escape_string(stripslashes(ereg_replace($this->fieldValidation[$f],"",$_POST[$f])))."'";
|
$editdata[$f] = "'".stripslashes(ereg_replace($this->fieldValidation[$f],"",$_POST[$f]))."'";
|
||||||
else
|
else
|
||||||
$editdata[$f] = "'".mysql_escape_string(stripslashes($_POST[$f]))."'";
|
$editdata[$f] = "'".stripslashes($_POST[$f])."'";
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -691,9 +695,9 @@ class TableEditor
|
|||||||
// if($this->DEBUG) echo $query;
|
// if($this->DEBUG) echo $query;
|
||||||
|
|
||||||
// mysql_query($query);
|
// mysql_query($query);
|
||||||
if(mysql_error())
|
if($pdo->errorInfo())
|
||||||
{
|
{
|
||||||
echo error(i18n("Error $text_error %1: %2",array($this->recordType,mysql_error())));
|
echo error(i18n("Error $text_error %1: %2",array($this->recordType,$pdo->errorInfo())));
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
@ -811,7 +815,8 @@ class TableEditor
|
|||||||
case "enum":
|
case "enum":
|
||||||
break;
|
break;
|
||||||
case "select_or_text":
|
case "select_or_text":
|
||||||
$optq=mysql_query("SELECT DISTINCT($f) AS $f FROM `{$this->table}` ORDER BY $f");
|
$optq=$pdo->prepare("SELECT DISTINCT($f) AS $f FROM `{$this->table}` ORDER BY $f");
|
||||||
|
$optq->execute();
|
||||||
if($this->fieldInputOptions[$f])
|
if($this->fieldInputOptions[$f])
|
||||||
echo "<select ".$this->fieldInputOptions[$f]." id=\"".$f."_select\" name=\"".$f."_select\">";
|
echo "<select ".$this->fieldInputOptions[$f]." id=\"".$f."_select\" name=\"".$f."_select\">";
|
||||||
else
|
else
|
||||||
@ -829,7 +834,7 @@ class TableEditor
|
|||||||
}
|
}
|
||||||
// print_r($this->fieldOptions[$f]);
|
// print_r($this->fieldOptions[$f]);
|
||||||
|
|
||||||
while($opt=mysql_fetch_object($optq))
|
while($opt=$optq->fetch(PDO::FETCH_OBJ))
|
||||||
{
|
{
|
||||||
if(is_array($this->fieldOptions[$f]) && in_array($opt->$f,$this->fieldOptions[$f]))
|
if(is_array($this->fieldOptions[$f]) && in_array($opt->$f,$this->fieldOptions[$f]))
|
||||||
continue;
|
continue;
|
||||||
@ -1041,8 +1046,9 @@ class TableEditor
|
|||||||
}
|
}
|
||||||
|
|
||||||
//put in some paganation stuff here.
|
//put in some paganation stuff here.
|
||||||
$foundrowsq=mysql_query("SELECT FOUND_ROWS() AS f");
|
$foundrowsq=$pdo->prepare("SELECT FOUND_ROWS() AS f");
|
||||||
$foundrowsr=mysql_fetch_object($foundrowsq);
|
$foundrowsq->execute();
|
||||||
|
$foundrowsr=$foundrowsq->fetch(PDO::FETCH_OBJ);
|
||||||
$foundrows=$foundrowsr->f;
|
$foundrows=$foundrowsr->f;
|
||||||
|
|
||||||
if($foundrows>$this->rowsPerPage)
|
if($foundrows>$this->rowsPerPage)
|
||||||
@ -1138,7 +1144,7 @@ class TableEditor
|
|||||||
|
|
||||||
echo " (Total: $foundrows)\n";
|
echo " (Total: $foundrows)\n";
|
||||||
|
|
||||||
if(mysql_num_rows($q))
|
if($q->rowCount())
|
||||||
{
|
{
|
||||||
echo "<table cellspacing=\"0\" class=\"tableview\">";
|
echo "<table cellspacing=\"0\" class=\"tableview\">";
|
||||||
echo "<tr>";
|
echo "<tr>";
|
||||||
@ -1151,14 +1157,15 @@ class TableEditor
|
|||||||
}
|
}
|
||||||
echo "<th>".i18n("Actions")."</th>";
|
echo "<th>".i18n("Actions")."</th>";
|
||||||
echo "</tr>";
|
echo "</tr>";
|
||||||
while($r=mysql_fetch_object($q))
|
while($r=$q->fetch(PDO::FETCH_OBJ))
|
||||||
{
|
{
|
||||||
echo "<tr>";
|
echo "<tr>";
|
||||||
foreach($this->listfields AS $f=>$n)
|
foreach($this->listfields AS $f=>$n)
|
||||||
{
|
{
|
||||||
//figure out what kind of input this should be
|
//figure out what kind of input this should be
|
||||||
$typeq=mysql_query("SHOW COLUMNS FROM `{$this->table}` LIKE '$f'");
|
$typeq=$pdo->prepare("SHOW COLUMNS FROM `{$this->table}` LIKE '$f'");
|
||||||
$typer=mysql_fetch_object($typeq);
|
$typeq->execute();
|
||||||
|
$typer=$typeq->fetCh(PDO::fETCH_OBJ);
|
||||||
if($typer->Type=="time")
|
if($typer->Type=="time")
|
||||||
echo "<td valign=\"top\">".$this->format_time($r->$f)."</td>";
|
echo "<td valign=\"top\">".$this->format_time($r->$f)."</td>";
|
||||||
else if($typer->Type=="date")
|
else if($typer->Type=="date")
|
||||||
|
@ -78,16 +78,17 @@ function tableEditorLoad()
|
|||||||
|
|
||||||
// print("Loading Judge ID $id\n");
|
// print("Loading Judge ID $id\n");
|
||||||
|
|
||||||
$q=mysql_query("SELECT tours.*
|
$q=$pdo->prepare("SELECT tours.*
|
||||||
FROM tours
|
FROM tours
|
||||||
WHERE tours.id='$id'");
|
WHERE tours.id='$id'");
|
||||||
echo mysql_error();
|
$q->execute();
|
||||||
|
echo $pdo->errorInfo();
|
||||||
|
|
||||||
|
|
||||||
/* We assume that the field names in the array we want to return
|
/* We assume that the field names in the array we want to return
|
||||||
* are the same as those in the database, so we'll turn the entire
|
* are the same as those in the database, so we'll turn the entire
|
||||||
* query into a single associative array */
|
* query into a single associative array */
|
||||||
$j = mysql_fetch_assoc($q);
|
$j = $q->fetch(PDO::FETCH_ASSOC);
|
||||||
|
|
||||||
return $j;
|
return $j;
|
||||||
}
|
}
|
||||||
@ -104,8 +105,9 @@ function tableEditorSave($data)
|
|||||||
/* Construct an insert query if we have to */
|
/* Construct an insert query if we have to */
|
||||||
if($this->id == false) {
|
if($this->id == false) {
|
||||||
$query = "INSERT INTO tours (id) VALUES ('')";
|
$query = "INSERT INTO tours (id) VALUES ('')";
|
||||||
mysql_query($query);
|
$stmt = $pdo->prepare($query);
|
||||||
$this->id = mysql_insert_id();
|
$stmt->execute();
|
||||||
|
$this->id = $pdo->lastInsertId();
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Give it a proper year when saving */
|
/* Give it a proper year when saving */
|
||||||
@ -123,7 +125,8 @@ function tableEditorSave($data)
|
|||||||
$query .= " WHERE id='{$this->id}'";
|
$query .= " WHERE id='{$this->id}'";
|
||||||
|
|
||||||
// echo $query;
|
// echo $query;
|
||||||
mysql_query($query);
|
$stmt = $pdo->prepare($query);
|
||||||
|
$stmt->execute();
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -133,8 +136,10 @@ function tableEditorDelete()
|
|||||||
|
|
||||||
$id = $this->id;
|
$id = $this->id;
|
||||||
|
|
||||||
mysql_query("DELETE FROM tours_choice WHERE tour_id='$id' AND year=".$config['FAIRYEAR']."'");
|
$stmt=$pdo->prepare("DELETE FROM tours_choice WHERE tour_id='$id' AND year=".$config['FAIRYEAR']."'");
|
||||||
mysql_query("DELETE FROM tours WHERE id='$id' AND year='".$config['FAIRYEAR']."'");
|
$stmt->execute();
|
||||||
|
$stmt=$pdo->prepare("DELETE FROM tours WHERE id='$id' AND year='".$config['FAIRYEAR']."'");
|
||||||
|
$stmt->execute();
|
||||||
|
|
||||||
echo happy(i18n("Successfully removed tour from this year's fair"));
|
echo happy(i18n("Successfully removed tour from this year's fair"));
|
||||||
}
|
}
|
||||||
|
128
user.inc.php
128
user.inc.php
@ -107,8 +107,9 @@ function user_load_judge(&$u)
|
|||||||
}
|
}
|
||||||
$specialawards=array();
|
$specialawards=array();
|
||||||
if($u['special_award_only']=='yes') {
|
if($u['special_award_only']=='yes') {
|
||||||
$q=mysql_query("SELECT * FROM judges_specialaward_sel WHERE users_id='{$u['id']}'");
|
$q=$pdo->prepare("SELECT * FROM judges_specialaward_sel WHERE users_id='{$u['id']}'");
|
||||||
while($r=mysql_fetch_object($q)) {
|
$q->execute();
|
||||||
|
while($r=$q->fetch(PDO::FETCH_OBJ)) {
|
||||||
$specialawards[]=$r->award_awards_id;
|
$specialawards[]=$r->award_awards_id;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -143,8 +144,9 @@ function user_load_sponsor(&$u)
|
|||||||
$u['sponsor_complete'] = ($u['sponsor_complete'] == 'yes') ? 'yes' : 'no';
|
$u['sponsor_complete'] = ($u['sponsor_complete'] == 'yes') ? 'yes' : 'no';
|
||||||
$u['sponsor_active'] = ($u['sponsor_active'] == 'yes') ? 'yes' : 'no';
|
$u['sponsor_active'] = ($u['sponsor_active'] == 'yes') ? 'yes' : 'no';
|
||||||
if($u['sponsors_id']) {
|
if($u['sponsors_id']) {
|
||||||
$q=mysql_query("SELECT * FROM sponsors WHERE id='{$u['sponsors_id']}'");
|
$q=$pdo->prepare("SELECT * FROM sponsors WHERE id='{$u['sponsors_id']}'");
|
||||||
$u['sponsor']=mysql_fetch_assoc($q);
|
$q->execute();
|
||||||
|
$u['sponsor']=$q->fetch(PDO::FETCH_ASSOC);
|
||||||
}
|
}
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
@ -200,7 +202,7 @@ function user_load($user, $uid = false)
|
|||||||
$q=$pdo->query($query);
|
$q=$pdo->query($query);
|
||||||
|
|
||||||
if($q->rowCount()!=1) {
|
if($q->rowCount()!=1) {
|
||||||
// echo "Query [$query] returned ".mysql_num_rows($q)." rows\n";
|
// echo "Query [$query] returned ".$q->rowCount()." rows\n";
|
||||||
// echo "<pre>";
|
// echo "<pre>";
|
||||||
// print_r(debug_backtrace());
|
// print_r(debug_backtrace());
|
||||||
return false;
|
return false;
|
||||||
@ -297,11 +299,11 @@ function user_load_by_uid($uid)
|
|||||||
function user_load_by_email($email)
|
function user_load_by_email($email)
|
||||||
{
|
{
|
||||||
/* Find the most recent uid for the email, regardless of deleted status */
|
/* Find the most recent uid for the email, regardless of deleted status */
|
||||||
$e = mysql_real_escape_string($email);
|
$e = $email;
|
||||||
$q = mysql_query("SELECT uid FROM users WHERE email='$e' OR username='$e' ORDER BY year DESC LIMIT 1");
|
$q = $pdo->prepare("SELECT uid FROM users WHERE email='$e' OR username='$e' ORDER BY year DESC LIMIT 1");
|
||||||
|
$q->execute();
|
||||||
if(mysql_num_rows($q) == 1) {
|
if($q->rowCount() == 1) {
|
||||||
$i = mysql_fetch_assoc($q);
|
$i = $q->fetch(PDO::FETCH_ASSOC);
|
||||||
return user_load_by_uid($i['uid']);
|
return user_load_by_uid($i['uid']);
|
||||||
}
|
}
|
||||||
return false;
|
return false;
|
||||||
@ -309,9 +311,10 @@ function user_load_by_email($email)
|
|||||||
|
|
||||||
function user_load_by_uid_year($uid, $year)
|
function user_load_by_uid_year($uid, $year)
|
||||||
{
|
{
|
||||||
$q = mysql_query("SELECT id FROM users WHERE uid='$uid' AND year <= '$year'");
|
$q = $pdo->prepare("SELECT id FROM users WHERE uid='$uid' AND year <= '$year'");
|
||||||
if(!mysql_num_rows($q)) return false;
|
$q->execute();
|
||||||
$i = mysql_fetch_assoc($q);
|
if(!$q->rowCount()) return false;
|
||||||
|
$i = $q->fetch(PDO::FETCH_ASSOC);
|
||||||
return user_load($i['id']);
|
return user_load($i['id']);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -320,8 +323,9 @@ function user_set_password($id, $password = NULL)
|
|||||||
/* pass $u by reference so we can update it */
|
/* pass $u by reference so we can update it */
|
||||||
$save_old = false;
|
$save_old = false;
|
||||||
if($password == NULL) {
|
if($password == NULL) {
|
||||||
$q = mysql_query("SELECT passwordset FROM users WHERE id='$id'");
|
$q = $pdo->prepare("SELECT passwordset FROM users WHERE id='$id'");
|
||||||
$u = mysql_fetch_assoc($q);
|
$q->execute();
|
||||||
|
$u = $q->fetch(PDO::FETCH_ASSOC);
|
||||||
/* Generate a new password */
|
/* Generate a new password */
|
||||||
$password = user_generate_password(12);
|
$password = user_generate_password(12);
|
||||||
/* save the old password only if it's not an auto-generated one */
|
/* save the old password only if it's not an auto-generated one */
|
||||||
@ -334,13 +338,13 @@ function user_set_password($id, $password = NULL)
|
|||||||
$save_set = 'NOW()';
|
$save_set = 'NOW()';
|
||||||
}
|
}
|
||||||
|
|
||||||
$p = mysql_escape_string($password);
|
$p = $password;
|
||||||
$set = ($save_old == true) ? 'oldpassword=password, ' : '';
|
$set = ($save_old == true) ? 'oldpassword=password, ' : '';
|
||||||
$set .= "password='$p', passwordset=$save_set ";
|
$set .= "password='$p', passwordset=$save_set ";
|
||||||
|
|
||||||
$query = "UPDATE users SET $set WHERE id='$id'";
|
$query = "UPDATE users SET $set WHERE id='$id'";
|
||||||
mysql_query($query);
|
$stmt = $pdo->prepare($query);
|
||||||
echo mysql_error();
|
echo $pdo->errorInfo();
|
||||||
|
|
||||||
return $password;
|
return $password;
|
||||||
}
|
}
|
||||||
@ -364,17 +368,18 @@ function user_save_type_list($u, $db, $fields)
|
|||||||
}
|
}
|
||||||
|
|
||||||
if(is_array($u[$f]))
|
if(is_array($u[$f]))
|
||||||
$data = mysql_escape_string(serialize($u[$f]));
|
$data = serialize($u[$f]);
|
||||||
else
|
else
|
||||||
$data = mysql_escape_string(stripslashes($u[$f]));
|
$data = stripslashes($u[$f]);
|
||||||
|
|
||||||
$set .= "`$f`='$data'";
|
$set .= "`$f`='$data'";
|
||||||
}
|
}
|
||||||
if($set != "") {
|
if($set != "") {
|
||||||
$query = "UPDATE $db SET $set WHERE users_id='{$u['id']}'";
|
$query = "UPDATE $db SET $set WHERE users_id='{$u['id']}'";
|
||||||
mysql_query($query);
|
$stmt = $pdo->prepare($query);
|
||||||
if(mysql_error()) {
|
$stmt->execute();
|
||||||
echo mysql_error();
|
if($pdo->errorInfo()) {
|
||||||
|
echo $pdo->errorInfo();
|
||||||
echo error("Full query: $query");
|
echo error("Full query: $query");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -452,7 +457,8 @@ function user_save(&$u)
|
|||||||
exit;
|
exit;
|
||||||
}
|
}
|
||||||
//give em a record, the primary key on the table takes care of uniqueness
|
//give em a record, the primary key on the table takes care of uniqueness
|
||||||
$q=mysql_query("INSERT INTO users_$t (users_id) VALUES ('{$u['id']}')");
|
$q=$pdo->prepare("INSERT INTO users_$t (users_id) VALUES ('{$u['id']}')");
|
||||||
|
$q->execute();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@ -472,7 +478,7 @@ function user_save(&$u)
|
|||||||
if($f == 'types')
|
if($f == 'types')
|
||||||
$set .= "$f='".implode(',', $u[$f])."'";
|
$set .= "$f='".implode(',', $u[$f])."'";
|
||||||
else {
|
else {
|
||||||
$data = mysql_escape_string(stripslashes($u[$f]));
|
$data = stripslashes($u[$f]);
|
||||||
$set .= "$f='$data'";
|
$set .= "$f='$data'";
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -481,9 +487,10 @@ function user_save(&$u)
|
|||||||
// echo "</pre>";
|
// echo "</pre>";
|
||||||
if($set != "") {
|
if($set != "") {
|
||||||
$query = "UPDATE users SET $set WHERE id='{$u['id']}'";
|
$query = "UPDATE users SET $set WHERE id='{$u['id']}'";
|
||||||
mysql_query($query);
|
$stmt = $pdo->prepare($query);
|
||||||
|
$stmt->execute();
|
||||||
// echo "query=[$query]";
|
// echo "query=[$query]";
|
||||||
echo mysql_error();
|
echo $pdo->errorInfo();
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Save the password if it changed */
|
/* Save the password if it changed */
|
||||||
@ -511,7 +518,8 @@ function user_save(&$u)
|
|||||||
|
|
||||||
function user_delete_committee($u)
|
function user_delete_committee($u)
|
||||||
{
|
{
|
||||||
mysql_query("DELETE FROM committees_link WHERE users_uid='{$u['uid']}'");
|
$stmt = $pdo->prepare("DELETE FROM committees_link WHERE users_uid='{$u['uid']}'");
|
||||||
|
$stmt->execute();
|
||||||
}
|
}
|
||||||
|
|
||||||
function user_delete_volunteer($u)
|
function user_delete_volunteer($u)
|
||||||
@ -522,13 +530,18 @@ function user_delete_judge($u)
|
|||||||
{
|
{
|
||||||
global $config;
|
global $config;
|
||||||
$ids = array();
|
$ids = array();
|
||||||
$q = mysql_query("SELECT id FROM users WHERE uid = '{$u['uid']}'");
|
$q = $pdo->prepare("SELECT id FROM users WHERE uid = '{$u['uid']}'");
|
||||||
while($row = mysql_fetch_assoc($q)) $ids[] = $row['id'];
|
$q->execute();
|
||||||
|
while($row = $q->fetch(PDO::FETCH_ASSOC)) $ids[] = $row['id'];
|
||||||
if(count($ids) > 0){
|
if(count($ids) > 0){
|
||||||
$idlist = implode(',', $ids);
|
$idlist = implode(',', $ids);
|
||||||
mysql_query("DELETE FROM judges_teams_link WHERE users_id IN ($idlist)");
|
$stmt = $pdo->prepare("DELETE FROM judges_teams_link WHERE users_id IN ($idlist)");
|
||||||
mysql_query("DELETE FROM judges_specialawards_sel WHERE users_id IN($idlist)");
|
$stmt->execute();
|
||||||
|
|
||||||
|
$stmt = $pdo->prepare("DELETE FROM judges_specialawards_sel WHERE users_id IN($idlist)");
|
||||||
|
$stmt->execute();
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
function user_delete_fair($u)
|
function user_delete_fair($u)
|
||||||
@ -585,7 +598,9 @@ function user_delete($u, $type=false)
|
|||||||
if($types != '') $types .= ',';
|
if($types != '') $types .= ',';
|
||||||
$types .= $t;
|
$types .= $t;
|
||||||
}
|
}
|
||||||
mysql_query("UPDATE users SET types='$types' WHERE uid='{$u['uid']}'");
|
|
||||||
|
$stmt = $pdo->prepare("UPDATE users SET types='$types' WHERE uid='{$u['uid']}'");
|
||||||
|
$stmt->execute();
|
||||||
} else {
|
} else {
|
||||||
$finish_delete = true;
|
$finish_delete = true;
|
||||||
}
|
}
|
||||||
@ -598,7 +613,9 @@ function user_delete($u, $type=false)
|
|||||||
$finish_delete = true;
|
$finish_delete = true;
|
||||||
}
|
}
|
||||||
if($finish_delete == true) {
|
if($finish_delete == true) {
|
||||||
mysql_query("UPDATE users SET deleted='yes', deleteddatetime=NOW() WHERE uid='{$u['uid']}'");
|
|
||||||
|
$stmt = $pdo->prepare("UPDATE users SET deleted='yes', deleteddatetime=NOW() WHERE uid='{$u['uid']}'");
|
||||||
|
$stmt->execute();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -628,7 +645,8 @@ function user_purge($u, $type=false)
|
|||||||
if($types != '') $types .= ',';
|
if($types != '') $types .= ',';
|
||||||
$types .= $t;
|
$types .= $t;
|
||||||
}
|
}
|
||||||
mysql_query("UPDATE users SET types='$types' WHERE id='{$u['id']}'");
|
$stmt = $pdo->prepare("UPDATE users SET types='$types' WHERE id='{$u['id']}'");
|
||||||
|
$stmt->execute();
|
||||||
} else {
|
} else {
|
||||||
$finish_purge = true;
|
$finish_purge = true;
|
||||||
}
|
}
|
||||||
@ -636,18 +654,21 @@ function user_purge($u, $type=false)
|
|||||||
* out the entry */
|
* out the entry */
|
||||||
call_user_func("user_delete_$type", $u);
|
call_user_func("user_delete_$type", $u);
|
||||||
// call_user_func("user_purge_$type", $u);
|
// call_user_func("user_purge_$type", $u);
|
||||||
mysql_query("DELETE FROM users_$type WHERE users_id='{$u['id']}'");
|
$stmt = $pdo->prepare("DELETE FROM users_$type WHERE users_id='{$u['id']}'");
|
||||||
|
$stmt->execute();
|
||||||
} else {
|
} else {
|
||||||
/* Delete the whole user */
|
/* Delete the whole user */
|
||||||
foreach($u['types'] as $t) {
|
foreach($u['types'] as $t) {
|
||||||
call_user_func("user_delete_$t", $u);
|
call_user_func("user_delete_$t", $u);
|
||||||
// call_user_func("user_purge_$t", $u);
|
// call_user_func("user_purge_$t", $u);
|
||||||
mysql_query("DELETE FROM users_$t WHERE users_id='{$u['id']}'");
|
$stmt = $pdo->prepare("DELETE FROM users_$t WHERE users_id='{$u['id']}'");
|
||||||
|
$stmt->execute();
|
||||||
}
|
}
|
||||||
$finish_purge = true;
|
$finish_purge = true;
|
||||||
}
|
}
|
||||||
if($finish_purge == true) {
|
if($finish_purge == true) {
|
||||||
mysql_query("DELETE FROM users WHERE id='{$u['id']}'");
|
$stmt = $pdo->prepare("DELETE FROM users WHERE id='{$u['id']}'");
|
||||||
|
$stmt->execute();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -657,12 +678,13 @@ function user_dupe_row($db, $key, $val, $newval)
|
|||||||
{
|
{
|
||||||
global $config;
|
global $config;
|
||||||
$nullfields = array('deleteddatetime'); /* Fields that can be null */
|
$nullfields = array('deleteddatetime'); /* Fields that can be null */
|
||||||
$q = mysql_query("SELECT * FROM $db WHERE $key='$val'");
|
$q = $pdo->prepare("SELECT * FROM $db WHERE $key='$val'");
|
||||||
if(mysql_num_rows($q) != 1) {
|
$q->execute();
|
||||||
|
if($q->rowCount() != 1) {
|
||||||
echo "ERROR duplicating row in $db: $key=$val NOT FOUND.\n";
|
echo "ERROR duplicating row in $db: $key=$val NOT FOUND.\n";
|
||||||
exit;
|
exit;
|
||||||
}
|
}
|
||||||
$i = mysql_fetch_assoc($q);
|
$i = $q->fetch(PDO::FETCH_ASSOC);
|
||||||
$i[$key] = $newval;
|
$i[$key] = $newval;
|
||||||
|
|
||||||
foreach($i as $k=>$v) {
|
foreach($i as $k=>$v) {
|
||||||
@ -671,7 +693,7 @@ function user_dupe_row($db, $key, $val, $newval)
|
|||||||
else if($k == 'year')
|
else if($k == 'year')
|
||||||
$i[$k] = $config['FAIRYEAR'];
|
$i[$k] = $config['FAIRYEAR'];
|
||||||
else
|
else
|
||||||
$i[$k] = '\''.mysql_escape_string($v).'\'';
|
$i[$k] = '\''.$v.'\'';
|
||||||
}
|
}
|
||||||
|
|
||||||
$keys = '`'.join('`,`', array_keys($i)).'`';
|
$keys = '`'.join('`,`', array_keys($i)).'`';
|
||||||
@ -679,10 +701,11 @@ function user_dupe_row($db, $key, $val, $newval)
|
|||||||
|
|
||||||
$q = "INSERT INTO $db ($keys) VALUES ($vals)";
|
$q = "INSERT INTO $db ($keys) VALUES ($vals)";
|
||||||
// echo "Dupe Query: [$q]";
|
// echo "Dupe Query: [$q]";
|
||||||
$r = mysql_query($q);
|
$r = $pdo->prepare($q);
|
||||||
echo mysql_error();
|
$r->execute();
|
||||||
|
echo $pdo->errorInfo();
|
||||||
|
|
||||||
$id = mysql_insert_id();
|
$id = $pdo->errorInfo();
|
||||||
return $id;
|
return $id;
|
||||||
}
|
}
|
||||||
/* Used by the login scripts to copy one user from one year to another */
|
/* Used by the login scripts to copy one user from one year to another */
|
||||||
@ -711,7 +734,8 @@ function user_dupe($u, $new_year)
|
|||||||
}
|
}
|
||||||
|
|
||||||
$id = user_dupe_row('users', 'id', $u['id'], NULL);
|
$id = user_dupe_row('users', 'id', $u['id'], NULL);
|
||||||
$q = mysql_query("UPDATE users SET year='$new_year' WHERE id='$id'");
|
$q = $pdo->prepare("UPDATE users SET year='$new_year' WHERE id='$id'");
|
||||||
|
$q->execute();
|
||||||
|
|
||||||
/* Load the new user */
|
/* Load the new user */
|
||||||
$u2 = user_load($id);
|
$u2 = user_load($id);
|
||||||
@ -755,20 +779,22 @@ function user_create($type, $username, $u = NULL)
|
|||||||
{
|
{
|
||||||
global $config;
|
global $config;
|
||||||
if(!is_array($u)) {
|
if(!is_array($u)) {
|
||||||
mysql_query("INSERT INTO users (`types`,`username`,`passwordset`,`created`,`year`,`deleted`)
|
$stmt = $pdo->prepare("INSERT INTO users (`types`,`username`,`passwordset`,`created`,`year`,`deleted`)
|
||||||
VALUES ('$type','$username','0000-00-00', NOW(), '{$config['FAIRYEAR']}','no')");
|
VALUES ('$type','$username','0000-00-00', NOW(), '{$config['FAIRYEAR']}','no')");
|
||||||
echo mysql_error();
|
$stmt->execute()';
|
||||||
|
echo $pdo->errorInfo();
|
||||||
$uid = mysql_insert_id();
|
$uid = mysql_insert_id();
|
||||||
if(user_valid_email($username)) {
|
if(user_valid_email($username)) {
|
||||||
mysql_query("UPDATE users SET email='$username' WHERE id='$uid'");
|
mysql_query("UPDATE users SET email='$username' WHERE id='$uid'");
|
||||||
}
|
}
|
||||||
mysql_query("UPDATE users SET uid='$uid' WHERE id='$uid'");
|
mysql_query("UPDATE users SET uid='$uid' WHERE id='$uid'");
|
||||||
echo mysql_error();
|
echo $pdo->errorInfo();
|
||||||
user_set_password($uid, NULL);
|
user_set_password($uid, NULL);
|
||||||
/* Since the user already has a type, user_save won't create this
|
/* Since the user already has a type, user_save won't create this
|
||||||
* entry for us, so do it here */
|
* entry for us, so do it here */
|
||||||
mysql_query("INSERT INTO users_$type (users_id) VALUES('$uid')");
|
$stmt = $pdo->prepare("INSERT INTO users_$type (users_id) VALUES('$uid')");
|
||||||
echo mysql_error();
|
$stmt->execute();
|
||||||
|
echo $pdo->errorInfo();
|
||||||
/* Load the complete user */
|
/* Load the complete user */
|
||||||
$u = user_load($uid);
|
$u = user_load($uid);
|
||||||
// echo "user_create / user_load($uid) returned <pre>";
|
// echo "user_create / user_load($uid) returned <pre>";
|
||||||
|
@ -31,7 +31,7 @@
|
|||||||
/* AJAX query */
|
/* AJAX query */
|
||||||
if(intval($_GET['ajax']) == 1) {
|
if(intval($_GET['ajax']) == 1) {
|
||||||
/* Do ajax processing for this file */
|
/* Do ajax processing for this file */
|
||||||
$email = mysql_escape_string(stripslashes($_GET['email']));
|
$email = stripslashes($_GET['email']);
|
||||||
$type = $_GET['type'];
|
$type = $_GET['type'];
|
||||||
|
|
||||||
/* Sanity check type */
|
/* Sanity check type */
|
||||||
@ -40,13 +40,14 @@
|
|||||||
exit;
|
exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
$q = mysql_query("SELECT id FROM users WHERE email='$email' ORDER BY year DESC");
|
$q = $pdo->prepare("SELECT id FROM users WHERE email='$email' ORDER BY year DESC");
|
||||||
if(mysql_num_rows($q) == 0) {
|
$q->execute();
|
||||||
|
if($q->rowCount() == 0) {
|
||||||
/* User doesn't exist */
|
/* User doesn't exist */
|
||||||
echo "notexist\n";
|
echo "notexist\n";
|
||||||
exit;
|
exit;
|
||||||
}
|
}
|
||||||
$u = mysql_fetch_assoc($q);
|
$u = $q->fetch(PDO::FETCH_ASSOC);
|
||||||
$u = user_load($u['id']);
|
$u = user_load($u['id']);
|
||||||
|
|
||||||
if($u['deleted'] == 'yes') {
|
if($u['deleted'] == 'yes') {
|
||||||
@ -174,9 +175,10 @@
|
|||||||
if(!in_array($action, $allowed_actions))
|
if(!in_array($action, $allowed_actions))
|
||||||
exit;
|
exit;
|
||||||
|
|
||||||
$q = mysql_query("SELECT id FROM users WHERE email='$email' ORDER BY year DESC");
|
$q = $pdo->prepare("SELECT id FROM users WHERE email='$email' ORDER BY year DESC");
|
||||||
if(mysql_num_rows($q) > 0) {
|
$q->execute();
|
||||||
$u = mysql_fetch_assoc($q);
|
if($q->rowCount() > 0) {
|
||||||
|
$u = $q->fetch(PDO::FETCH_ASSOC);
|
||||||
$u = user_load($u['id']);
|
$u = user_load($u['id']);
|
||||||
} else {
|
} else {
|
||||||
$u = NULL;
|
$u = NULL;
|
||||||
|
@ -56,7 +56,7 @@
|
|||||||
$q->execute();
|
$q->execute();
|
||||||
if($q->rowCount() < 1) return false;
|
if($q->rowCount() < 1) return false;
|
||||||
|
|
||||||
#$r = mysql_fetch_object($q);
|
#$r = $q->fetch(PDO::FETCH_OBJ);
|
||||||
$r = $q->fetch(PDO::FETCH_OBJ);
|
$r = $q->fetch(PDO::FETCH_OBJ);
|
||||||
|
|
||||||
/* See if the user account has been deleted */
|
/* See if the user account has been deleted */
|
||||||
@ -321,9 +321,10 @@
|
|||||||
$email = $_POST['email'];
|
$email = $_POST['email'];
|
||||||
if(user_valid_email($email)) {
|
if(user_valid_email($email)) {
|
||||||
/* valid email address */
|
/* valid email address */
|
||||||
$e = mysql_escape_string($email);
|
$e = $email;
|
||||||
$q=mysql_query("SELECT * FROM users WHERE (username='$e' OR email='$e') ORDER BY year DESC LIMIT 1");
|
$q=$pdo->prepare("SELECT * FROM users WHERE (username='$e' OR email='$e') ORDER BY year DESC LIMIT 1");
|
||||||
$r=mysql_fetch_object($q);
|
$q->execute();
|
||||||
|
$r=$q->fetch(PDO::FETCH_OBJ);
|
||||||
if($r) {
|
if($r) {
|
||||||
$fn = trim($_POST['fn']);
|
$fn = trim($_POST['fn']);
|
||||||
$ln = trim($_POST['ln']);
|
$ln = trim($_POST['ln']);
|
||||||
|
16
user_new.php
16
user_new.php
@ -100,10 +100,10 @@
|
|||||||
* this is the one time I wish php had a goto statement. */
|
* this is the one time I wish php had a goto statement. */
|
||||||
switch($action) {
|
switch($action) {
|
||||||
case 'new':
|
case 'new':
|
||||||
$data_fn = mysql_escape_string(stripslashes($_POST['fn']));
|
$data_fn = stripslashes($_POST['fn']);
|
||||||
$data_ln = mysql_escape_string(stripslashes($_POST['ln']));
|
$data_ln = stripslashes($_POST['ln']);
|
||||||
$data_email = stripslashes($_POST['email']);
|
$data_email = stripslashes($_POST['email']);
|
||||||
$sql_email = mysql_escape_string($data_email);
|
$sql_email = $data_email;
|
||||||
$registrationpassword = $_POST['registrationpassword'];
|
$registrationpassword = $_POST['registrationpassword'];
|
||||||
|
|
||||||
/* Check the registration singlepassword */
|
/* Check the registration singlepassword */
|
||||||
@ -115,19 +115,21 @@
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* See if this email already exists */
|
/* See if this email already exists */
|
||||||
$q = mysql_query("SELECT id,types,MAX(year) AS year,deleted FROM users WHERE (email='$sql_email' OR username='$sql_email' )");
|
$q = $pdo->prepare("SELECT id,types,MAX(year) AS year,deleted FROM users WHERE (email='$sql_email' OR username='$sql_email' )");
|
||||||
|
$q->execute();
|
||||||
//select *, max(year) from users where username=sql_email
|
//select *, max(year) from users where username=sql_email
|
||||||
//if deleted and year = current yera - just undelete
|
//if deleted and year = current yera - just undelete
|
||||||
//if deleted and year != current yera - proceed normally and recreate the user
|
//if deleted and year != current yera - proceed normally and recreate the user
|
||||||
|
|
||||||
|
|
||||||
if(mysql_num_rows($q) > 0) {
|
if($q->rowCount() > 0) {
|
||||||
/* It already exists, make sure they're not already in this role */
|
/* It already exists, make sure they're not already in this role */
|
||||||
$r = mysql_fetch_object($q);
|
$r = $q->fetch(PDO::FETCH_OBJ);
|
||||||
$types = explode(',', $r->types);
|
$types = explode(',', $r->types);
|
||||||
|
|
||||||
if($r->year==$config['FAIRYEAR'] && $r->deleted=='yes') {
|
if($r->year==$config['FAIRYEAR'] && $r->deleted=='yes') {
|
||||||
mysql_query("UPDATE users SET deleted='no' WHERE id='$r->id'");
|
$stmt = $pdo->prepare("UPDATE users SET deleted='no' WHERE id='$r->id'");
|
||||||
|
$stmt->execute();
|
||||||
message_push(happy(i18n("Your account has been undeleted")));
|
message_push(happy(i18n("Your account has been undeleted")));
|
||||||
message_push(notice(i18n("Use the 'recover password' option on the %1 {$user_what[$type]} login page %2 if you have forgotten your password",
|
message_push(notice(i18n("Use the 'recover password' option on the %1 {$user_what[$type]} login page %2 if you have forgotten your password",
|
||||||
array("<a href=\"user_login.php?type=$type\">", "</a>"))));
|
array("<a href=\"user_login.php?type=$type\">", "</a>"))));
|
||||||
|
@ -61,13 +61,13 @@
|
|||||||
|
|
||||||
if($_POST['action']=="save")
|
if($_POST['action']=="save")
|
||||||
{
|
{
|
||||||
$pass = mysql_escape_string($_POST['pass1']);
|
$pass = $_POST['pass1'];
|
||||||
//first, lets see if they choosed the same password again (bad bad bad)
|
//first, lets see if they choosed the same password again (bad bad bad)
|
||||||
$q=mysql_query("SELECT password FROM users WHERE
|
$q=$pdo->prepare("SELECT password FROM users WHERE
|
||||||
id='{$_SESSION['users_id']}'
|
id='{$_SESSION['users_id']}'
|
||||||
AND password='$pass'");
|
AND password='$pass'");
|
||||||
|
$q->execute();
|
||||||
if(mysql_num_rows($q))
|
if($q->rowCount())
|
||||||
message_push(error(i18n("You cannot choose the same password again. Please choose a different password")));
|
message_push(error(i18n("You cannot choose the same password again. Please choose a different password")));
|
||||||
else if(!$_POST['pass1'])
|
else if(!$_POST['pass1'])
|
||||||
message_push(error(i18n("New Password is required")));
|
message_push(error(i18n("New Password is required")));
|
||||||
|
@ -137,7 +137,7 @@ case 'save':
|
|||||||
/* Trying to save a committee member eh? Well, we established above
|
/* Trying to save a committee member eh? Well, we established above
|
||||||
* that we're allowed to be here, so go ahead and save it */
|
* that we're allowed to be here, so go ahead and save it */
|
||||||
$u['displayemail'] = ($_POST['displayemail'] == 'yes') ? 'yes' : 'no';
|
$u['displayemail'] = ($_POST['displayemail'] == 'yes') ? 'yes' : 'no';
|
||||||
$u['emailprivate'] = mysql_real_escape_string(stripslashes($_POST['emailprivate']));
|
$u['emailprivate'] = stripslashes($_POST['emailprivate']);
|
||||||
|
|
||||||
if(committee_auth_has_access('super')) {
|
if(committee_auth_has_access('super')) {
|
||||||
/* But only superusers can save these ones */
|
/* But only superusers can save these ones */
|
||||||
@ -149,9 +149,10 @@ case 'save':
|
|||||||
|
|
||||||
|
|
||||||
/* Check for an email collision */
|
/* Check for an email collision */
|
||||||
$em = mysql_escape_string(stripslashes($_POST['email']));
|
$em = stripslashes($_POST['email']);
|
||||||
$q=mysql_query("SELECT *,max(year) FROM users WHERE email='$em' HAVING uid!='{$u['uid']}' AND deleted='no' ");
|
$q=$pdo->prepare("SELECT *,max(year) FROM users WHERE email='$em' HAVING uid!='{$u['uid']}' AND deleted='no' ");
|
||||||
if(mysql_num_rows($q) > 0) {
|
$q->execute();
|
||||||
|
if($q->rowCount()> 0) {
|
||||||
error_("That email address is in use by another user");
|
error_("That email address is in use by another user");
|
||||||
echo "email error";
|
echo "email error";
|
||||||
$save = false;
|
$save = false;
|
||||||
|
Loading…
Reference in New Issue
Block a user