diff --git a/admin/cms.php b/admin/cms.php index 06103f4..badbac0 100644 --- a/admin/cms.php +++ b/admin/cms.php @@ -177,14 +177,15 @@ echo "".i18n("or click here to create a new file")."
\n"; echo ""; - - $q=mysql_query("SELECT DISTINCT(filename) AS filename FROM cms ORDER BY filename"); + $q = $pdo->prepare("SELECT DISTINCT(filename) AS filename FROM cms ORDER BY filename"); + echo ""; - while($r=mysql_fetch_object($q)) + while($r=$q->fetch(PDO::FETCH_ASSOC)) { echo ""; - $q2=mysql_query("SELECT dt FROM cms WHERE filename='".mysql_escape_string($r->filename)."' ORDER BY dt DESC LIMIT 1"); - $r2=mysql_fetch_object($q2); + $q2 = $pdo->prepare("SELECT dt FROM cms WHERE filename='".mysql_escape_string($r->filename)."' ORDER BY dt DESC LIMIT 1"); + + $r2=$q2->fetch(PDO::FETCH_OBJ); if($r2->dt=="0000-00-00 00:00:00") $dt="Never"; else $dt=$r2->dt; echo ""; diff --git a/admin/committees.php b/admin/committees.php index 7e1d5db..37d60fc 100644 --- a/admin/committees.php +++ b/admin/committees.php @@ -247,10 +247,13 @@ if($_GET['unlinkmember'] && $_GET['unlinkcommittee']) { echo ""; echo "
".i18n("Filename")."".i18n("Last Update")."
filename)."\">/web/$r->filename$dt"; - $q=mysql_query("SELECT uid,MAX(year),firstname,lastname,email,deleted FROM users WHERE types LIKE '%committee%' GROUP BY uid ORDER BY firstname"); + $q = $pdo->prepare("SELECT uid,MAX(year),firstname,lastname,email,deleted FROM users WHERE types LIKE '%committee%' GROUP BY uid ORDER BY firstname"); + $q->execute(); + + echo ""; echo "\n"; while($r=mysql_fetch_object($q)) diff --git a/admin/communication.php b/admin/communication.php index 21c7fc3..c531a4c 100644 --- a/admin/communication.php +++ b/admin/communication.php @@ -609,14 +609,15 @@ case "email_send": case "email_get_list": - $q=mysql_query("SELECT * FROM emails ORDER BY type,name"); + $q = $pdo->prepare("SELECT * FROM emails ORDER BY type,name"); + echo ""; echo ""; echo " "; echo " "; echo " "; echo ""; - while($r=mysql_fetch_object($q)) { + while($r=$q->fetch(PDO::FETCH_OBJ)) { if($r->fundraising_campaigns_id) $fcid=$r->fundraising_campaigns_id; else $fcid='null'; if($r->name) $name=$r->name; diff --git a/admin/fair_stats.php b/admin/fair_stats.php index c55f62f..de5c0da 100644 --- a/admin/fair_stats.php +++ b/admin/fair_stats.php @@ -134,19 +134,21 @@ echo ""; - $q=mysql_query("SELECT * FROM fairs WHERE `type`='sfiab' OR `type`='ysc' AND enable_stats='yes'"); + $q = $pdo->prepare("SELECT * FROM fairs WHERE `type`='sfiab' OR `type`='ysc' AND enable_stats='yes'"); + $q->execute(); echo "\n"; - $q=mysql_query("SELECT DISTINCT(year) AS year FROM config WHERE year>0 ORDER BY year"); + $q = $pdo->prepare("SELECT DISTINCT(year) AS year FROM config WHERE year>0 ORDER BY year"); + $q->execute(); echo ""; echo "\n"; - $q=mysql_query("SELECT * FROM schools WHERE year='".$config['FAIRYEAR']."' ORDER BY school"); - while($r=mysql_fetch_object($q)) + $q = $pdo->prepare("SELECT * FROM schools WHERE year='".$config['FAIRYEAR']."' ORDER BY school"); + $q->execute(); + while($r=$q->fetch(PDO::FETCH_OBJ)) { echo "\n"; echo " \n"; diff --git a/admin/user_list.php b/admin/user_list.php index a2ad87f..23a399d 100644 --- a/admin/user_list.php +++ b/admin/user_list.php @@ -298,11 +298,14 @@ function update (id) lastname ASC, firstname ASC, year DESC"; - $q=mysql_query($querystr); - echo mysql_error(); + + $q = $pdo->prepare($querystr); + $q->execute(); + + echo $pdo->errorInfo(); // echo $querystr; - $num=mysql_num_rows($q); - echo mysql_error(); + $num=$q->rowCount(); + echo $pdo->errorInfo(); echo i18n("Listing %1 people total. See the table at the bottom for the totals by status


",array($num)); echo i18n(" Notes:
  • Deleting users from this list is a permanent operation and cannot be undone. Consider editing the user and deactivating or deleting roles in their account instead.
  • Updating a user to the current fair year allows you to then complete the user from this list. @@ -330,7 +333,7 @@ function update (id) $tally['active']['incomplete'] = 0; $tally['inactive']['complete'] = 0; $tally['inactive']['incomplete'] = 0; - while($r=mysql_fetch_assoc($q)) + while($r=$q->fetch(PDO::FETCH_ASSOC)) { //JAMES - TEMP - due to the previous error with improperly setting judge status to NOT complete when special awards was turned off //we now need to make sure we re-calculate all the judge statuses somehow, so might as well do it here. @@ -353,10 +356,11 @@ function update (id) $name = "{$r['firstname']} {$r['lastname']}"; if(in_array('fair', $types)) { - $qq = mysql_query("SELECT * FROM users_fair + $qq = $pdo->prepare("SELECT * FROM users_fair LEFT JOIN fairs ON fairs.id=users_fair.fairs_id WHERE users_id='{$r['id']}'"); - $rr = mysql_fetch_assoc($qq); + + $rr = $qq->fetch(PDO::FETCH_ASSOC); $name = "{$rr['name']}".((trim($name)=='') ? '' : "
    ($name)"); } echo "$name"; diff --git a/admin/winners.php b/admin/winners.php index c40d457..d62fbae 100644 --- a/admin/winners.php +++ b/admin/winners.php @@ -34,8 +34,9 @@ $action = $_GET['action']; /* Load fairs */ $fairs = array(); -$q = mysql_query("SELECT * FROM fairs WHERE type='feeder' ORDER BY name"); -while(($f = mysql_fetch_assoc($q))) { +$q=$pdo->prepare("SELECT * FROM fairs WHERE type='feeder' ORDER BY name"); +$q->execute(); +while(($f = $q->fetch(PDO::FETCH_ASSOC))) { $fairs[$f['id']] = $f; } @@ -386,7 +387,7 @@ if($auth_type == 'fair') { $fair_where = "AND fairs_awards_link.upload_winners='yes' AND fairs_awards_link.fairs_id='{$_SESSION['fairs_id']}'"; } -$q=mysql_query("SELECT +$q = $pdo->prepare("SELECT award_awards.id, award_awards.name, award_awards.order AS awards_order, @@ -407,9 +408,9 @@ $q=mysql_query("SELECT $fair_where ORDER BY awards_order"); -echo mysql_error(); +echo $pdo->errorInfo(); -if(mysql_num_rows($q) == 0) { +if($q->rowCount() == 0) { echo i18n('No awards to display.'); send_footer(); exit; diff --git a/committee_main.php b/committee_main.php index d1facec..4fa38ee 100644 --- a/committee_main.php +++ b/committee_main.php @@ -26,12 +26,12 @@ require_once("common.inc.php"); require_once("user.inc.php"); require_once("user_page.inc.php"); - require_once("chat.inc.php"); + user_auth_required('committee'); send_header("Committee Main", array()); - draw_chatbox('general'); + //only display the named greeting if we have their name echo i18n("Hello %1",array($_SESSION['name'])); echo "
    "; diff --git a/config/index.php b/config/index.php index 6c28888..7b1e93c 100644 --- a/config/index.php +++ b/config/index.php @@ -25,7 +25,7 @@ require("../common.inc.php"); require("signaturepage_or_permissionform.php"); require_once("../user.inc.php"); - require_once("../chat.inc.php"); + user_auth_required('committee', 'config'); send_header("SFIAB Configuration", @@ -34,7 +34,6 @@ ); -draw_chatbox('general'); echo "
".i18n("Name")."".i18n("Type")."".i18n("Actions")."
".i18n("Action")."
$r->school
"; echo " "; diff --git a/data/documents/.htaccess b/data/documents/.htaccess new file mode 100644 index 0000000..773fbb5 --- /dev/null +++ b/data/documents/.htaccess @@ -0,0 +1,2 @@ +Order Deny,Allow +Deny From All diff --git a/tableeditor.class.php b/tableeditor.class.php index 3e47dc2..20a6b09 100644 --- a/tableeditor.class.php +++ b/tableeditor.class.php @@ -993,6 +993,7 @@ class TableEditor { global $icon_path; global $icon_extension; + global $pdo; $query="SELECT SQL_CALC_FOUND_ROWS {$this->primaryKey}"; @@ -1030,11 +1031,12 @@ class TableEditor } if($this->DEBUG) echo $query; -// print("query[$query]"); - $q=mysql_query($query); + print("query[$query]"); + $q = $pdo->prepare($query); + $q->execute(); if($q == false) { echo "Sorry, MYSQL query failed: 
$query

"; - echo "Error: ".mysql_error(); + echo "Error: ".$pdo->errorInfo(); exit; }