diff --git a/winners.php b/winners.php index a3f34a6..f938845 100644 --- a/winners.php +++ b/winners.php @@ -4,7 +4,7 @@ SFIAB Website: http://www.sfiab.ca Copyright (C) 2005 Sci-Tech Ontario Inc - Copyright (C) 2005 James Grant + Copyright (C) 2005-2010 James Grant This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public @@ -33,18 +33,26 @@ if($_POST['edit']) $edit=$_POST['edit']; if($_GET['action']) $action=$_GET['action']; if($_POST['action']) $action=$_POST['action']; -if($_GET['year'] && $_GET['type']) -{ +if($_GET['year'] && $_GET['type']) { + $year=intval($_GET['year']); + $type=$_GET['type']; $show_unawarded_awards="no"; $show_unawarded_prizes="no"; - echo "

".i18n("%1 %2 Award Winners",array($_GET['year'],$_GET['type']))."

"; - $year=$_GET['year']; + $typeq=mysql_query("SELECT * FROM award_types WHERE type='".mysql_real_escape_string($type)."' AND year=$year"); + if(!mysql_num_rows($typeq)) { + echo error(i18n("Invalid award type")); + send_footer(); + exit; + } + + + echo "

".i18n("%1 %2 Award Winners",array($year,$type))."

"; $ok=true; //first, lets make sure someone isnt tryint to see something that they arent allowed to! //but only if the year they want is the FAIRYEAR. If they want a past year, thats cool - if($_GET['year']>=$config['FAIRYEAR']) { + if($year>=$config['FAIRYEAR']) { $q=mysql_query("SELECT (NOW()>'".$config['dates']['postwinners']."') AS test"); $r=mysql_fetch_object($q); if($r->test!=1) @@ -54,8 +62,7 @@ if($_GET['year'] && $_GET['type']) } } - if($ok) - { + if($ok) { $q=mysql_query("SELECT award_awards.id, @@ -68,19 +75,17 @@ if($_GET['year'] && $_GET['type']) WHERE award_awards.year='$year' AND award_awards.award_types_id=award_types.id - AND award_types.type='".$_GET['type']."' + AND award_types.type='".$type."' AND award_types.year='$year' ORDER BY awards_order"); echo mysql_error(); - if(mysql_num_rows($q)) - { + if(mysql_num_rows($q)) { echo "".i18n("Back to Winners main page").""; echo "
"; - while($r=mysql_fetch_object($q)) - { + while($r=mysql_fetch_object($q)) { $pq=mysql_query("SELECT award_prizes.prize, award_prizes.number, @@ -102,37 +107,31 @@ if($_GET['year'] && $_GET['type']) `order`"); echo mysql_error(); $awarded_count = 0; - if($show_unawarded_awards=="no") - { - while($pr=mysql_fetch_object($pq)) - { - if($pr->projectnumber) - { - $awarded_count++; + if($show_unawarded_awards=="no") { + if(mysql_num_rows($pq)) { + while($pr=mysql_fetch_object($pq)) { + if($pr->projectnumber) { + $awarded_count++; + } } + mysql_data_seek($pq, 0); } - mysql_data_seek($pq, 0); } - if($show_unawarded_awards=="yes" || $awarded_count > 0) - { + if($show_unawarded_awards=="yes" || $awarded_count > 0) { echo "

".i18n($r->name)."

\n"; } $prevprizeid=-1; - while($pr=mysql_fetch_object($pq)) - { - if(!($pr->projectnumber) && $show_unawarded_prizes=="no") - { + while($pr=mysql_fetch_object($pq)) { + if(!($pr->projectnumber) && $show_unawarded_prizes=="no") { continue; } - if($prevprizeid!=$pr->id) - { + if($prevprizeid!=$pr->id) { echo " "; echo " "; echo ""; echo i18n($pr->prize); - if(($pr->cash || $pr->scholarship) && $config['winners_show_prize_amounts'] == 'yes') - { + if(($pr->cash || $pr->scholarship) && $config['winners_show_prize_amounts'] == 'yes') { echo " ("; if($pr->cash && $pr->scholarship) echo i18n("\$%1 cash / \$%2 scholarship",array($pr->cash,$pr->scholarship),array("Cash dollar value","Scholarship dollar value")); @@ -148,8 +147,7 @@ if($_GET['year'] && $_GET['type']) $prevprizeid=$pr->id; } - if($pr->projectnumber) - { + if($pr->projectnumber) { echo "    "; echo "($pr->projectnumber) $pr->title"; @@ -171,8 +169,7 @@ if($_GET['year'] && $_GET['type']) $studnum=0; $students=""; $schools=array(); - while($studentinfo=mysql_fetch_object($sq)) - { + while($studentinfo=mysql_fetch_object($sq)) { if($studnum>0 && $prev) $students.=", "; if($studentinfo->webfirst=="yes") @@ -212,8 +209,7 @@ if($_GET['year'] && $_GET['type']) echo $schoollist; echo "
"; } - else - { + else { echo "    "; echo i18n("Prize not awarded"); echo "
"; @@ -240,12 +236,9 @@ else ORDER BY year DESC"); $first=true; - if(mysql_num_rows($q)) - { - while($r=mysql_fetch_object($q)) - { - if($first && $r->year != $config['FAIRYEAR']) - { + if(mysql_num_rows($q)) { + while($r=mysql_fetch_object($q)) { + if($first && $r->year != $config['FAIRYEAR']) { list($d,$t)=split(" ",$config['dates']['postwinners']); echo "

".i18n("%1 Winners",array($config['FAIRYEAR']))."

"; echo i18n("Winners of the %1 %2 will be posted here on %3 at %4",array($config['FAIRYEAR'],$config['fairname'],format_date($d),format_time($t))); @@ -274,16 +267,14 @@ else award_types.order "); echo mysql_error(); - while($tr=mysql_fetch_object($tq)) - { + while($tr=mysql_fetch_object($tq)) { echo "  year&type=$tr->type\">".i18n("%1 %2 award winners",array($r->year,$tr->type))."
"; } echo "
"; $first=false; } } - else - { + else { list($d,$t)=split(" ",$config['dates']['postwinners']); echo "

".i18n("%1 Winners",array($config['FAIRYEAR']))."

"; echo i18n("Winners of the %1 %2 will be posted here on %3 at %4",array($config['FAIRYEAR'],$config['fairname'],format_date($d),format_time($t))); @@ -291,6 +282,6 @@ else } - send_footer(); +send_footer(); ?>