arman/science-ation
1
1
Fork 0
forked from science-ation/science-ation
Code Pull Requests Activity

sql queries

Browse Source
This commit is contained in:
Armanveer Gill 2024-12-08 02:42:00 -05:00
parent cb7481c01e
commit f0977fb55d
43 changed files with 947 additions and 676 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
admin/export_checkin.php
View File

@ -27,8 +27,9 @@
user_auth_required('committee', 'admin');
require("../lpdf.php");
$catq=mysql_query("SELECT * FROM projectcategories WHERE year='".$config['FAIRYEAR']."' AND id='".$_GET['cat']."'");
if($catr=mysql_fetch_object($catq))
$catq=$pdo->prepare("SELECT * FROM projectcategories WHERE year='".$config['FAIRYEAR']."' AND id='".$_GET['cat']."'");
$catq->execute();
if($catr=$catq->fetch(PDO::FETCH_OBJ))
{
$pdf=new lpdf( i18n($config['fairname']),
@ -38,7 +39,7 @@ if($catr=mysql_fetch_object($catq))
$pdf->newPage();
$pdf->setFontSize(11);
$q=mysql_query("SELECT registrations.id AS reg_id,
$q=$pdo->prepare("SELECT registrations.id AS reg_id,
registrations.num AS reg_num,
registrations.status,
projects.title,
@ -54,7 +55,8 @@ if($catr=mysql_fetch_object($catq))
ORDER BY
projects.title
");
echo mysql_error();
$q->execute();
echo $pdo->errorInfo();
$table=array();
@ -72,22 +74,24 @@ if($catr=mysql_fetch_object($catq))
$table['dataalign']=array("left","left","left","center");
}
while($r=mysql_fetch_object($q))
while($r=$q->fetch(PDO::FETCH_OBJ))
{
$divq=mysql_query("SELECT division,division_shortform FROM projectdivisions WHERE year='".$config['FAIRYEAR']."' AND id='".$r->projectdivisions_id."'");
$divr=mysql_fetch_object($divq);
$divq=$pdo->prepare("SELECT division,division_shortform FROM projectdivisions WHERE year='".$config['FAIRYEAR']."' AND id='".$r->projectdivisions_id."'");
$divq->execute();
$divr=$divq->fetch(PDO::FETCH_OBJ);
$sq=mysql_query("SELECT students.firstname,
$sq=$pdo->prepare("SELECT students.firstname,
students.lastname
FROM
students
WHERE
students.registrations_id='$r->reg_id'
");
$sq->execute();
$students="";
$studnum=0;
while($studentinfo=mysql_fetch_object($sq))
while($studentinfo=$sq->fetch(PDO::FETCH_OBJ))
{
if($studnum>0) $students.=", ";
$students.="$studentinfo->firstname $studentinfo->lastname";

48
admin/fair_stats.php
View File

@ -31,8 +31,9 @@
/* Hack so we can jump right to YSC stats */
if($_GET['abbrv'] == 'YSC') {
$q = mysql_query("SELECT id FROM fairs WHERE abbrv='YSC'");
$r = mysql_fetch_assoc($q);
$q = $pdo->prepare("SELECT id FROM fairs WHERE abbrv='YSC'");
$q->execute();
$r = $q->fetch(PDO::FETCH_ASSOC);
$_GET['id'] = $r['id'];
}
@ -92,8 +93,9 @@
else $fairs_id = -1;
if($fairs_id != -1) {
$q = mysql_query("SELECT * FROM fairs WHERE id='$fairs_id'");
$fair = mysql_fetch_assoc($q);
$q = $pdo->prepare("SELECT * FROM fairs WHERE id='$fairs_id'");
$q->execute();
$fair = $q->fetch(PDO::FETCH_ASSOC);
}
$action = $_POST['action'];
@ -215,24 +217,26 @@
/* And now, overwrite all the stuff we pulled down with stats we can compute */
//number of schools
$q=mysql_query("SELECT COUNT(id) AS num FROM schools WHERE year='$year'");
$r=mysql_fetch_object($q);
$q=$pdo->prepare("SELECT COUNT(id) AS num FROM schools WHERE year='$year'");
$q->execute();
$r=$q->fetch(PDO::FETCH_OBJ);
$stats['schools_total']=$r->num;
//number of schools participating
$q=mysql_query("SELECT DISTINCT(students.schools_id) AS sid, schools.*
$q=$pdo->prepare("SELECT DISTINCT(students.schools_id) AS sid, schools.*
FROM students
LEFT JOIN registrations ON students.registrations_id=registrations.id
LEFT JOIN schools ON students.schools_id=schools.id
WHERE students.year='$year'
AND registrations.year='$year'
AND (registrations.status='complete' OR registrations.status='paymentpending')");
$stats['schools_active']=mysql_num_rows($q);
$q->execute();
$stats['schools_active']=$q->rowCount();
$stats['schools_public'] = 0;
$stats['schools_private'] = 0;
$stats['schools_atrisk'] = 0;
$districts = array();
while($si=mysql_fetch_assoc($q)) {
while($si=$q->fetch(PDO::FETCH_ASSOC)) {
if($si['designate'] == 'public')
$stats['schools_public']++;
if($si['designate'] == 'independent')
@ -245,15 +249,16 @@
$stats['schools_districts'] = count($districts);
//numbers of students:
$q=mysql_query("SELECT students.*,schools.*
$q=$pdo->error("SELECT students.*,schools.*
FROM students
LEFT JOIN registrations ON students.registrations_id=registrations.id
LEFT JOIN schools on students.schools_id=schools.id
WHERE students.year='$year'
AND registrations.year='$year'
AND (registrations.status='complete' OR registrations.status='paymentpending')");
echo mysql_error();
$stats['students_total'] = mysql_num_rows($q);
$q->execute();
echo $pdo->errorInfo();
$stats['students_total'] = $q->rowCount();
$stats['students_public'] = 0;
$stats['students_private'] = 0;
$stats['students_atrisk'] = 0;
@ -265,7 +270,7 @@
$stats["projects_$g"] = 0;
}
$unknown = array();
while($s=mysql_fetch_assoc($q)) {
while($s=$q->fetch(PDO::FETCH_ASSOC)) {
if(!in_array($s['sex'], array('male','female')))
$unknown[$grademap[$s['grade']]]++;
else
@ -287,7 +292,7 @@
}
//projects
$q=mysql_query("SELECT MAX(students.grade) AS grade FROM students
$q=$pdo->prepare("SELECT MAX(students.grade) AS grade FROM students
LEFT JOIN registrations ON students.registrations_id=registrations.id
LEFT JOIN projects ON projects.registrations_id=registrations.id
WHERE students.year='$year'
@ -295,28 +300,31 @@
AND projects.year='$year'
AND (registrations.status='complete' OR registrations.status='paymentpending')
GROUP BY projects.id");
echo mysql_error();
while($r=mysql_fetch_assoc($q)) {
$q->execute();
echo $pdo->errorInfo();
while($r=$q->fetch(PDO::FETCH_ASSOC)) {
$stats["projects_{$grademap[$r['grade']]}"]++;
}
$q=mysql_query("SELECT COUNT(id) AS num FROM users
$q=$pdo->prepare("SELECT COUNT(id) AS num FROM users
LEFT JOIN users_committee ON users_committee.users_id=users.id
WHERE types LIKE '%committee%'
AND year='$year'
AND users_committee.committee_active='yes'
AND deleted='no'");
$r = mysql_fetch_object($q);
$q->execute();
$r = $q->fetch(PDO::FETCH_OBJ);
$stats['committee_members'] = $r->num;
$q=mysql_query("SELECT COUNT(id) AS num FROM users LEFT JOIN users_judge ON users_judge.users_id=users.id
$q=$pdo->prepare("SELECT COUNT(id) AS num FROM users LEFT JOIN users_judge ON users_judge.users_id=users.id
WHERE users.year='$year'
AND users.types LIKE '%judge%'
AND users.deleted='no'
AND users_judge.judge_complete='yes'
AND users_judge.judge_active='yes'");
$r=mysql_fetch_object($q);
$q->execute();
$r=$q->fetch(PDO::FETCH_OBJ);
$stats['judges'] = $r->num;

10
admin/fair_stats_select.php
View File

@ -52,8 +52,9 @@
}
}
$s = join(',', $_POST['stats']);
$q = mysql_query("UPDATE fairs SET gather_stats='$s' WHERE id='$id'");
echo mysql_error();
$q = $pdo->prepare("UPDATE fairs SET gather_stats='$s' WHERE id='$id'");
$q->execute();
echo $pdo->errorInfo();
echo "UPDATE fairs SET gather_stats='$s' WHERE id='$id'";
happy_("Saved");
exit;
@ -62,8 +63,9 @@
/* Load the user we're editting */
$u = user_load($_SESSION['embed_edit_id']);
/* Load the fair attached to the user */
$q = mysql_query("SELECT * FROM fairs WHERE id={$u['fairs_id']}");
$f = mysql_fetch_assoc($q);
$q = $pdo->prepare("SELECT * FROM fairs WHERE id={$u['fairs_id']}");
$q->execute();
$f = $q->fetch(PDO::FETCH_ASSOC);
?>

20
admin/fix_judges_autocomplete.php
View File

@ -5,18 +5,22 @@ require_once("../user.inc.php");
user_auth_required('committee', 'admin');
$q = mysql_query("SELECT * FROM judges WHERE passwordexpiry IS NULL");
while($i = mysql_fetch_object($q)) {
$q = $pdo->prepare("SELECT * FROM judges WHERE passwordexpiry IS NULL");
$q->execute();
while($i = $q->fetch(PDO::FETCH_OBJ)) {
echo "Autocompleting Judge {$i->email}<br />";
$id = $i->id;
$p = generatePassword(12);
mysql_query("UPDATE judges SET password='$p',complete='yes'");
echo mysql_error();
mysql_query("DELETE FROM judges_years WHERE judges_id='$id'");
echo mysql_error();
mysql_query("INSERT INTO judges_years (`judges_id`,`year`) VALUES ('$id','{$config['FAIRYEAR']}')");
echo mysql_error();
$stmt = $pdo->prepare("UPDATE judges SET password='$p',complete='yes'");
$stmt->execute();
echo $pdo->errorInfo();
$stmt = $pdo->prepare("DELETE FROM judges_years WHERE judges_id='$id'");
$stmt->execute();
echo $pdo->errorInfo();
$stmt = $pdo->prepare("INSERT INTO judges_years (`judges_id`,`year`) VALUES ('$id','{$config['FAIRYEAR']}')");
$stmt->execute();
echo $pdo->errorInfo();
}
?>

66
admin/fundraising_campaigns.php
View File

@ -34,8 +34,9 @@ switch($_GET['action']){
case "modify":
echo "<div id=\"campaignaccordion\" style=\"width: 780px;\">\n";
$q=mysql_query("SELECT * FROM fundraising_campaigns WHERE fiscalyear='{$config['FISCALYEAR']}' ORDER BY name");
while($r=mysql_fetch_object($q)) {
$q=$pdo->prepare("SELECT * FROM fundraising_campaigns WHERE fiscalyear='{$config['FISCALYEAR']}' ORDER BY name");
$q->execute();
while($r=$q->fetch(PDO::FETCH_OBJ)) {
echo "<h3><a href=\"#\">".htmlspecialchars($r->name)."</a></h3>\n";
echo "<div id=\"campaign_{$r->id}\">\n";
echo "<form id=\"campaigninfo_{$r->id}\" method=\"post\" action=\"{$_SERVER['PHP_SELF']}\" onsubmit=\"return campaigninfo_save($r->id)\">\n";
@ -91,15 +92,17 @@ switch($_GET['action']){
</tr>
</thead>
<?
$q=mysql_query("SELECT * FROM fundraising_campaigns WHERE fiscalyear='{$config['FISCALYEAR']}'");
$q=$pdo->prepare("SELECT * FROM fundraising_campaigns WHERE fiscalyear='{$config['FISCALYEAR']}'");
$q->execute();
while($r=$q->fetch(PDO::FETCH_OBJ)) {
while($r=mysql_fetch_object($q)) {
$goalq=mysql_query("SELECT * FROM fundraising_goals WHERE goal='{$r->fundraising_goal}' AND fiscalyear='{$config['FISCALYEAR']}'");
$goalr=mysql_fetch_object($goalq);
$recq=mysql_query("SELECT SUM(value) AS received FROM fundraising_donations WHERE fundraising_campaigns_id='$r->id' AND fiscalyear='{$config['FISCALYEAR']}' AND status='received'");
echo mysql_error();
$recr=mysql_fetch_object($recq);
$goalq=$pdo->prepare("SELECT * FROM fundraising_goals WHERE goal='{$r->fundraising_goal}' AND fiscalyear='{$config['FISCALYEAR']}'");
$goalq->execute();
$goalr=$goalq->fetch(PDO::FETCH_OBJ);
$recq=$pdo->prepare("SELECT SUM(value) AS received FROM fundraising_donations WHERE fundraising_campaigns_id='$r->id' AND fiscalyear='{$config['FISCALYEAR']}' AND status='received'");
$recq->execute();
echo $pdo->errorInfo();
$recr=$recq->fetch(PDO::FETCH_OBJ);
$received=$recr->received;
if($r->target)
$percent=round($received/$r->target*100,1);
@ -133,8 +136,9 @@ switch($_GET['action']){
exit;
}
$id=intval($_GET['id']);
$q=mysql_query("SELECT * FROM fundraising_campaigns WHERE id='$id'");
$campaign=mysql_fetch_object($q);
$q=$pdo->prepare("SELECT * FROM fundraising_campaigns WHERE id='$id'");
$q->execute();
$campaign=$q->fetch(PDO::FETCH_OBJ);
echo "<h3>$campaign->name</h3>\n";
?>
<div id="campaign_tabs">
@ -164,14 +168,15 @@ switch($_GET['action']){
case "manage_tab_overview":
$campaign_id=intval($_GET['id']);
$q=mysql_query("SELECT * FROM fundraising_campaigns WHERE id='$campaign_id' AND fiscalyear='{$config['FISCALYEAR']}'");
if($r=mysql_fetch_object($q)) {
$q=$pdo->prepare("SELECT * FROM fundraising_campaigns WHERE id='$campaign_id' AND fiscalyear='{$config['FISCALYEAR']}'");
$q->execute();
if($r=$q->fetch(PDO::FETCH_OBJ)) {
$goalr=getGoal($r->fundraising_goal);
$recq=mysql_query("SELECT SUM(value) AS received FROM fundraising_donations WHERE fundraising_campaigns_id='$r->id' AND fiscalyear='{$config['FISCALYEAR']}' AND status='received'");
echo mysql_error();
$recr=mysql_fetch_object($recq);
$recq=$pdo->prepare("SELECT SUM(value) AS received FROM fundraising_donations WHERE fundraising_campaigns_id='$r->id' AND fiscalyear='{$config['FISCALYEAR']}' AND status='received'");
$recq->execute();
echo $pdo->errorInfo();
$recr=recq->fetch(PDO::FETCH_OBJ);
$received=$recr->received;
if($r->target)
$percent=round($received/$r->target*100,1);
@ -202,8 +207,9 @@ switch($_GET['action']){
case "manage_tab_donations":
$campaign_id=intval($_GET['id']);
$q=mysql_query("SELECT * FROM fundraising_campaigns WHERE id='$campaign_id' AND fiscalyear='{$config['FISCALYEAR']}'");
if($campaign=mysql_fetch_object($q)) {
$q=$pdo->prepare("SELECT * FROM fundraising_campaigns WHERE id='$campaign_id' AND fiscalyear='{$config['FISCALYEAR']}'");
$q->execute();
if($campaign=$q->fetch(PDO::FETCH_OBJ)) {
echo "<table class=\"tableview\">";
echo "<thead>";
echo "<tr>";
@ -215,9 +221,9 @@ switch($_GET['action']){
echo "</tr>";
echo "</thead>\n";
$q=mysql_query("SELECT * FROM fundraising_donations WHERE fundraising_campaigns_id='$campaign_id'
$q=$pdo->prepare("SELECT * FROM fundraising_donations WHERE fundraising_campaigns_id='$campaign_id'
AND status='received' ORDER BY datereceived DESC");
while($r=mysql_fetch_object($q)) {
while($r=$q->fetch(PDO::FETCH_OBJ)) {
$goal=getGoal($r->fundraising_goal);
$sq=mysql_query("SELECT * FROM sponsors WHERE id='{$r->sponsors_id}'");
$sponsor=mysql_fetch_object($sq);
@ -251,7 +257,7 @@ switch($_GET['action']){
);
$campaign_id=intval($_GET['id']);
$q=mysql_query("SELECT * FROM fundraising_campaigns WHERE id='$campaign_id' AND fiscalyear='{$config['FISCALYEAR']}'");
$campaign=mysql_fetch_object($q);
$campaign=$q->fetch(PDO::FETCH_OBJ);
if($campaign->filterparameters) {
echo "<h4>".i18n("User List")."</h4>\n";
$params=unserialize($campaign->filterparameters);
@ -299,7 +305,7 @@ switch($_GET['action']){
echo "<form id=\"prospectremoveform\" onsubmit=\"return removeselectedprospects()\">\n";
echo "<input type=\"hidden\" name=\"fundraising_campaigns_id\" value=\"$campaign_id\" />\n";
$q=mysql_query("SELECT * FROM fundraising_campaigns_users_link WHERE fundraising_campaigns_id='$campaign_id'");
while($r=mysql_fetch_object($q)) {
while($r=$q->fetch(PDO::FETCH_OBJ)) {
$u=user_load_by_uid($r->users_uid);
//hopefully this never returns false, but who knows..
if($u) {
@ -350,7 +356,7 @@ switch($_GET['action']){
<tr><td><?=i18n("Donation Level")?>:</td><td>
<?
$q=mysql_query("SELECT * FROM fundraising_donor_levels WHERE fiscalyear='{$config['FISCALYEAR']}' ORDER BY min");
while($r=mysql_fetch_object($q)) {
while($r=$q->fetch(PDO::FETCH_OBJ)) {
echo "<label><input onchange=\"return prospect_search()\" disabled=\"disabled\" type=\"checkbox\" name=\"donationlevel[]\" value=\"$r->level\" >".i18n($r->level)." (".format_money($r->min,false)." - ".format_money($r->max,false).")</label><br />\n";
}
echo "(disabled until the logic requirements can be established)";
@ -400,7 +406,7 @@ switch($_GET['action']){
$campaign_id=intval($_GET['id']);
$q=mysql_query("SELECT * FROM fundraising_campaigns WHERE id='$campaign_id' AND fiscalyear='{$config['FISCALYEAR']}'");
if($r=mysql_fetch_object($q)) {
if($r=$q->fetch(PDO::FETCH_OBJ)) {
}
$communications=array("initial"=>"Initial Communication",
@ -410,7 +416,7 @@ switch($_GET['action']){
echo "<h4>".i18n($name)."</h4>\n";
//check if they have one in the emails database
$q=mysql_query("SELECT * FROM emails WHERE fundraising_campaigns_id='$campaign_id' AND val='$key'");
if($email=mysql_fetch_object($q)) {
if($email=$q->fetch(PDO::FETCH_OBJ)) {
echo "<div style=\"float: right; margin-right: 15px;\">";
echo "<a title=\"Edit\" href=\"#\" onclick=\"return opencommunicationeditor(null,$email->id,$campaign_id)\"><img src=\"".$config['SFIABDIRECTORY']."/images/16/edit.".$config['icon_extension']."\" border=0></a>";
echo "&nbsp;&nbsp;";
@ -460,11 +466,11 @@ switch($_GET['action']){
$uidlist=implode(",",$_POST['prospectremovefromlist']);
$query="DELETE FROM fundraising_campaigns_users_link WHERE fundraising_campaigns_id='$campaignid' AND users_uid IN ($uidlist)";
mysql_query($query);
echo mysql_error();
echo $pdo->errorInfo();
}
//if theres nobody left in the list we need to reset the filter params as well
$q=mysql_query("SELECT COUNT(*) AS num FROM fundraising_campaigns_users_link WHERE fundraising_campaigns_id='$campaignid'");
$r=mysql_fetch_object($q);
$r=$q->fetch(PDO::FETCH_OBJ);
if($r->num==0) {
mysql_query("UPDATE fundraising_campaigns SET filterparameters=NULL WHERE id='$campaignid'");
}
@ -485,7 +491,7 @@ switch($_GET['action']){
$emails_id=$_POST['id'];
//check if its been sent, if so, it cannot be deleted, sorry!
$q=mysql_query("SELECT * FROM emails WHERE id='$emails_id'");
$e=mysql_fetch_object($q);
$e=$q->fetch(PDO::FETCH_OBJ);
if($e->lastsent) {
error_("Cannot remove an email that has already been sent");
}

50
admin/fundraising_campaigns_prospecting.php
View File

@ -30,8 +30,10 @@
$otherlist=array();
if($_POST['donortype']=="organization") {
$q=mysql_query("SELECT id, organization AS name, address, address2, city, province_code, postalcode FROM sponsors ORDER BY name");
echo mysql_error();
$q=$pdo->prepare("SELECT id, organization AS name, address, address2, city, province_code, postalcode FROM sponsors ORDER BY name");
$q->execute();
echo $pdo->errorInfo();
if(!$_POST['contacttype'])
$contacttype=array("primary","secondary");
@ -39,7 +41,7 @@ if($_POST['donortype']=="organization") {
$contacttype=$_POST['contacttype'];
$primary="";
while($r=mysql_fetch_object($q)) {
while($r=$q->fetch(PDO::FETCH_OBJ)) {
foreach($contacttype AS $ct) {
switch($ct) {
case "primary":
@ -49,7 +51,7 @@ if($_POST['donortype']=="organization") {
$primary="no";
break;
}
$cq = mysql_query("SELECT *,MAX(year) FROM users LEFT JOIN users_sponsor ON users_sponsor.users_id=users.id
$cq = $pdo->prepare("SELECT *,MAX(year) FROM users LEFT JOIN users_sponsor ON users_sponsor.users_id=users.id
WHERE
sponsors_id='" . $r->id . "'
AND `primary`='$primary'
@ -58,9 +60,10 @@ if($_POST['donortype']=="organization") {
HAVING deleted='no'
ORDER BY users_sponsor.primary DESC,lastname,firstname
");
$cq->execute();
echo mysql_error();
while($cr=mysql_fetch_object($cq)) {
echo $pdo->errorInfo();
while($cr=m$cq->fetch(PDO::FETCH_OBJ)) {
if(!$userslist[$cr->uid])
$userslist[$cr->uid]=user_load($cr->users_id);
}
@ -76,9 +79,10 @@ else if($_POST['donortype']=="individual") {
foreach($individual_type AS $t) {
$query="SELECT *,MAX(year) FROM users WHERE types LIKE '%$t%' GROUP BY uid HAVING deleted='no' ORDER BY lastname,firstname";
$q=mysql_query($query);
echo mysql_error();
while($r=mysql_fetch_object($q)) {
$q=$pdo->prepare($query);
$q->execute();
echo $pdo->errorInfo();
while($r=$q->fetch(PDO::FETCH_OBJ)) {
if(!$userslist[$r->uid])
$userslist[$r->uid]=user_load_by_uid($r->uid);
}
@ -140,8 +144,9 @@ $thisyearlist=$userslist;
foreach($neverlist AS $uid=>$u) {
if($u['sponsors_id']) {
$q=mysql_query("SELECT * FROM fundraising_donations WHERE status='received' AND sponsors_id='{$u['sponsors_id']}'");
if(mysql_num_rows($q)) {
$q=$pdo->prepare("SELECT * FROM fundraising_donations WHERE status='received' AND sponsors_id='{$u['sponsors_id']}'");
$q->execute();
if($q->rowCount()) {
// echo "removing $uid because they have donated in the past <br />";
unset($neverlist[$uid]);
}
@ -154,8 +159,9 @@ $thisyearlist=$userslist;
foreach($pastlist AS $uid=>$u) {
if($u['sponsors_id']) {
$q=mysql_query("SELECT * FROM fundraising_donations WHERE status='received' AND sponsors_id='{$u['sponsors_id']}'");
if(!mysql_num_rows($q)) {
$q=$pdo->prepare("SELECT * FROM fundraising_donations WHERE status='received' AND sponsors_id='{$u['sponsors_id']}'");
$q->execute();
if(!$q->rowCount()) {
// echo "removing $uid because they have NOT donated in the past <br />";
unset($pastlist[$uid]);
}
@ -171,8 +177,9 @@ $thisyearlist=$userslist;
foreach($lastyearlist AS $uid=>$u) {
if($u['sponsors_id']) {
$q=mysql_query("SELECT * FROM fundraising_donations WHERE status='received' AND sponsors_id='{$u['sponsors_id']}' AND fiscalyear='$lastyear'");
if(!mysql_num_rows($q)) {
$q=$pdo->prepare("SELECT * FROM fundraising_donations WHERE status='received' AND sponsors_id='{$u['sponsors_id']}' AND fiscalyear='$lastyear'");
$q->execute();
if(!$q->rowCount()) {
// echo "removing $uid because they have NOT donated last year <br />";
unset($lastyearlist[$uid]);
}
@ -186,8 +193,9 @@ $thisyearlist=$userslist;
foreach($thisyearlist AS $uid=>$u) {
if($u['sponsors_id']) {
$q=mysql_query("SELECT * FROM fundraising_donations WHERE status='received' AND sponsors_id='{$u['sponsors_id']}' AND fiscalyear='{$config['FISCALYEAR']}'");
if(!mysql_num_rows($q)) {
$q=$pdo->prepare("SELECT * FROM fundraising_donations WHERE status='received' AND sponsors_id='{$u['sponsors_id']}' AND fiscalyear='{$config['FISCALYEAR']}'");
$q->execcute();
if(!$q->rowCount()) {
// echo "removing $uid because they have NOT donated this year <br />";
unset($thisyearlist[$uid]);
}
@ -218,11 +226,13 @@ if($_GET['generatelist']) {
$campaignid=$_POST['fundraising_campaigns_id'];
$params=serialize($_POST);
echo "params=$params";
mysql_query("UPDATE fundraising_campaigns SET filterparameters='{$params}' WHERE id='$campaignid'");
$stmt = $pdo->prepare("UPDATE fundraising_campaigns SET filterparameters='{$params}' WHERE id='$campaignid'");
$stmt->execute();
$uids=array_keys($userslist);
foreach($uids AS $u) {
mysql_query("INSERT INTO fundraising_campaigns_users_link (fundraising_campaigns_id, users_uid) VALUES ('$campaignid','$u')");
}
$stmt = $pdo->prepare("INSERT INTO fundraising_campaigns_users_link (fundraising_campaigns_id, users_uid) VALUES ('$campaignid','$u')");
$stmt->execute();}
echo "List created";
}
else {

7
admin/fundraising_common.inc.php
View File

@ -4,8 +4,9 @@ $salutations=array("Mr.","Mrs.","Ms","Dr.","Professor");
function getGoal($goal) {
global $config;
$q=mysql_query("SELECT * FROM fundraising_goals WHERE goal='$goal' AND fiscalyear='{$config['FISCALYEAR']}' LIMIT 1");
return mysql_fetch_object($q);
}
$q=$pdo->prepare("SELECT * FROM fundraising_goals WHERE goal='$goal' AND fiscalyear='{$config['FISCALYEAR']}' LIMIT 1");
$q->execute();
return $q->rowCount();
?>

43
admin/fundraising_goals_handler.inc.php
View File

@ -2,14 +2,17 @@
if($_POST['action']=="funddelete" && $_POST['delete']) {
//first lookup all the sponsorships inside the fund
$id=intval($_POST['delete']);
$q=mysql_query("SELECT * FROM fundraising_goals WHERE id='$id' AND year='".$config['FISCALYEAR']."'");
$f=mysql_fetch_object($q);
$q=$pdo->prepare("SELECT * FROM fundraising_goals WHERE id='$id' AND year='".$config['FISCALYEAR']."'");
$q->execute();
$f=$q->fetch(PDO::FETCH_OBJ);
//hold yer horses, no deleting system funds!
if($f) {
if($f->system=="no") {
mysql_query("DELETE FROM fundraising_donations WHERE fundraising_goal='".mysql_real_escape_string($f->type)."' AND fiscalyear='".$config['FISCALYEAR']."'");
mysql_query("DELETE FROM fundraising_goals WHERE id='$id'");
if(mysql_affected_rows())
$stmt = $pdo->prepare("DELETE FROM fundraising_donations WHERE fundraising_goal='".$f->type."' AND fiscalyear='".$config['FISCALYEAR']."'");
$stmt->execute();
$stmt = $pdo->prepare("DELETE FROM fundraising_goals WHERE id='$id'");
$stmt->execute();
if($pdo->rowCount())
happy_("Successfully removed fund %1",array($f->name));
}
else {
@ -21,26 +24,31 @@ if($_POST['action']=="funddelete" && $_POST['delete']) {
if($_POST['action']=="fundedit" || $_POST['action']=="fundadd") {
$fundraising_id=intval($_POST['fundraising_id']);
if($fundraising_id) {
$q=mysql_query("SELECT * FROM fundraising_goals WHERE id='$fundraising_id'");
$f=mysql_fetch_object($q);
$q=$pdo->prepare("SELECT * FROM fundraising_goals WHERE id='$fundraising_id'");
$q->execute();
$f=$q->fetch(PDO::FETCH_OBJ);
$system=$f->system;
}
$name=mysql_real_escape_string($_POST['name']);
$goal=mysql_real_escape_string($_POST['goal']);
$description=mysql_real_escape_string($_POST['description']);
$name=$_POST['name'];
$goal=$_POST['goal'];
$description=$_POST['description'];
$budget=intval($_POST['budget']);
}
if($_POST['action']=="fundedit") {
if( ($system=="yes" && $budget) || ($system=="no" && $budget && $goal && $name) ) {
if($system=="yes") {
mysql_query("UPDATE fundraising SET budget='$budget', description='$description' WHERE id='$fundraising_id'");
$stmt = $pdo->prepare("UPDATE fundraising SET budget='$budget', description='$description' WHERE id='$fundraising_id'");
$stmt->execute();
}
else {
mysql_query("UPDATE fundraising SET budget='$budget', description='$description', goal='$goal', name='$name' WHERE id='$fundraising_id'");
$stmt = $pdo->prepare("UPDATE fundraising SET budget='$budget', description='$description', goal='$goal', name='$name' WHERE id='$fundraising_id'");
$stmt->execute();
}
if(mysql_error())
error_("MySQL Error: %1",array(mysql_error()));
if($pdo->errorInfo())
error_("MySQL Error: %1",array($pdo->errorInfo()));
else
happy_("Saved fund changes");
}
@ -52,13 +60,14 @@ if($_POST['action']=="fundedit") {
}
if($_POST['action']=="fundadd") {
if( $goal && $type && $name) {
mysql_query("INSERT INTO fundraising_goals (goal,name,description,system,budget,fiscalyear) VALUES ('$goal','$name','$description','no','$budget','{$config['FISCALYEAR']}')");
$stmt = $pdo->prepare("INSERT INTO fundraising_goals (goal,name,description,system,budget,fiscalyear) VALUES ('$goal','$name','$description','no','$budget','{$config['FISCALYEAR']}')");
$stmt->execute();
happy_("Added new fund");
}
else
error_("Required fields were missing, please try again");
if(mysql_error())
error_("MySQL Error: %1",array(mysql_error()));
if($pdo->errorInfo())
error_("MySQL Error: %1",array($pdo->errorInfo()));
exit;
}

112
admin/project_editor.php
View File

@ -46,11 +46,14 @@ if($auth_type == 'fair') {
} else {
/* Make sure they have permission to laod this student, check
the master copy of the fairs_id in the project */
$q=mysql_query("SELECT * FROM projects WHERE
$q=$pdo>prepare("SELECT * FROM projects WHERE
registrations_id='$registrations_id'
AND year='{$config['FAIRYEAR']}'
AND fairs_id=$fairs_id");
if(mysql_num_rows($q) != 1) {
$q->execute();
if($q->rowCount()!= 1) {
echo "permission denied.";
exit;
}
@ -68,19 +71,22 @@ case 'project_regenerate_number':
project_save();
/* Now generate */
$q=mysql_query("SELECT id FROM projects WHERE registrations_id='{$registrations_id}' AND year='{$config['FAIRYEAR']}'");
$i=mysql_fetch_assoc($q);
$q=$pdo->prepare("SELECT id FROM projects WHERE registrations_id='{$registrations_id}' AND year='{$config['FAIRYEAR']}'");
$q->execute();
$i=$q->fetch(PDO::FETCH_ASSOC);;
$id = $i['id'];
mysql_query("UPDATE projects SET projectnumber=NULL,projectsort=NULL,
$pdo->prepare("UPDATE projects SET projectnumber=NULL,projectsort=NULL,
projectnumber_seq='0',projectsort_seq='0'
WHERE id='$id'");
echo mysql_error();
$pdo->execute();
echo $pdo->errorInfo();
list($pn,$ps,$pns,$pss) = generateProjectNumber($registrations_id);
// print("Generated Project Number [$pn]");
mysql_query("UPDATE projects SET projectnumber='$pn',projectsort='$ps',
$pdo->prepare("UPDATE projects SET projectnumber='$pn',projectsort='$ps',
projectnumber_seq='$pns',projectsort_seq='$pss'
WHERE id='$id'");
$pdo->execute();
happy_("Generated and Saved Project Number: $pn");
break;
@ -98,8 +104,9 @@ function project_save()
global $registrations_id, $config;
//first, lets make sure this project really does belong to them
$q=mysql_query("SELECT * FROM projects WHERE registrations_id='{$registrations_id}' AND year='{$config['FAIRYEAR']}'");
$projectinfo=mysql_fetch_object($q);
$q=$pdo->prepare("SELECT * FROM projects WHERE registrations_id='{$registrations_id}' AND year='{$config['FAIRYEAR']}'");
$q->execute();
$projectinfo = $q->fetch(PDO::FETCH_OBJ);
if(!projectinfo) {
echo error(i18n("Invalid project to update"));
}
@ -114,15 +121,17 @@ function project_save()
//check if it is flagged then update it
if(empty($_POST['feedback'])) {
mysql_query("UPDATE projects SET ".
$stmt = $pdo->prepare("UPDATE projects SET ".
"flagged='0'".
"WHERE id='".intval($_POST['id'])."'");
$stmt->execute();
} else {
mysql_query("UPDATE projects SET ".
$stmt = $pdo->prepare("UPDATE projects SET ".
"flagged='1'".
"WHERE id='".intval($_POST['id'])."'");
$stmt->execute();
}
echo mysql_error();
echo $pdo->errorInfo();
happy_("Flagging process successfully updated");
if($config['participant_project_title_charmax'] && strlen(stripslashes($_POST['title']))>$config['participant_project_title_charmax']) { //0 for no limit, eg 255 database field limit
@ -131,34 +140,36 @@ function project_save()
} else
$title=stripslashes($_POST['title']);
mysql_query("UPDATE projects SET ".
"title='".mysql_escape_string(iconv("UTF-8","ISO-8859-1//TRANSLIT",$title))."', ".
"projectdivisions_id='".intval($_POST['projectdivisions_id'])."', ".
"projecttype='".mysql_escape_string(stripslashes($_POST['projecttype']))."', ".
"language='".mysql_escape_string(stripslashes($_POST['language']))."', ".
"req_table='".mysql_escape_string(stripslashes($_POST['req_table']))."', ".
"req_electricity='".mysql_escape_string(stripslashes($_POST['req_electricity']))."', ".
"req_special='".mysql_escape_string(iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['req_special'])))."', ".
"human_participants='".mysql_escape_string(stripslashes($_POST['human_participants']))."', ".
"animal_participants='".mysql_escape_string(stripslashes($_POST['animal_participants']))."', ".
"summary='".mysql_escape_string(iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['summary'])))."', ".
$stmt = $pdo->prepare("UPDATE projects SET ".
"title='".iconv("UTF-8","ISO-8859-1//TRANSLIT",$title)."', ".
"projectdivisions_id='".intval($_POST['projectdivisions_id']."', ".
"projecttype='".stripslashes($_POST['projecttype'])."', ".
"language='".stripslashes($_POST['language'])."', ".
"req_table='".stripslashes($_POST['req_table'])."', ".
"req_electricity='".stripslashes($_POST['req_electricity'])."', ".
"req_special='".iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['req_special']))."', ".
"human_participants='".stripslashes($_POST['human_participants'])."', ".
"animal_participants='".stripslashes($_POST['animal_participants'])."', ".
"summary='".iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['summary']))."', ".
"summarycountok='$summarycountok',".
"feedback='".mysql_escape_string(iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['feedback'])))."', ".
"projectsort='".mysql_escape_string(stripslashes($_POST['projectsort']))."'".
"WHERE id='".intval($_POST['id'])."'");
echo mysql_error();
"feedback='".iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['feedback']))."', ".
"projectsort='".stripslashes($_POST['projectsort'])."'".
"WHERE id='".intval($_POST['id']))."'");
echo $pdo->errorInfo();
happy_("Project information successfully updated");
//check if they changed the project number
if($_POST['projectnumber']!=$projectinfo->projectnumber) {
//check if hte new one is available
$q=mysql_query("SELECT * FROM projects WHERE year='".$config['FAIRYEAR']."' AND projectnumber='".$_POST['projectnumber']."'");
if(mysql_num_rows($q)) {
$q=$pdo->prepare("SELECT * FROM projects WHERE year='".$config['FAIRYEAR']."' AND projectnumber='".$_POST['projectnumber']."'");
$q->execute();
if($q->rowCount()) {
error_("Could not change project number. %1 is already in use",array($_POST['projectnumber']));
} else {
mysql_query("UPDATE projects SET
$stmt = $pdo->prepare("UPDATE projects SET
projectnumber='".$_POST['projectnumber']."'
WHERE id='".$_POST['id']."'");
$stmt->execute();
happy_("Project number successfully changed to %1",array($_POST['projectnumber']));
}
}
@ -169,12 +180,14 @@ function project_load()
{
global $registrations_id, $config;
//now lets find out their MAX grade, so we can pre-set the Age Category
$q=mysql_query("SELECT MAX(grade) AS maxgrade FROM students WHERE registrations_id='".$registrations_id."'");
$gradeinfo=mysql_fetch_object($q);
$q=$pdo->prepare("SELECT MAX(grade) AS maxgrade FROM students WHERE registrations_id='".$registrations_id."'");
$q->execute();
$gradeinfo=$q->fetch(PDO::FETCH_OBJ);
//now lets grab all the age categories, so we can choose one based on the max grade
$q=mysql_query("SELECT * FROM projectcategories WHERE year='".$config['FAIRYEAR']."' ORDER BY id");
while($r=mysql_fetch_object($q)) {
$q=$pdo->prepare("SELECT * FROM projectcategories WHERE year='".$config['FAIRYEAR']."' ORDER BY id");
$q->execute();
while($r=$q->fetch(PDO::FETCH_OBJ)) {
//save these in an array, just incase we need them later (FIXME: remove this array if we dont need it)
$agecategories[$r->id]['category']=$r->category;
$agecategories[$r->id]['mingrade']=$r->mingrade;
@ -185,20 +198,24 @@ function project_load()
}
//now select their project info
$q=mysql_query("SELECT * FROM projects WHERE registrations_id='".$registrations_id."' AND year='".$config['FAIRYEAR']."'");
$q=$pdo->prepare("SELECT * FROM projects WHERE registrations_id='".$registrations_id."' AND year='".$config['FAIRYEAR']."'");
//check if it exists, if we didnt find any record, lets insert one
$projectinfo=mysql_fetch_object($q);
$q->execute();
$projectinfo=$q->fetch(PDO::FETCH_OBJ);
if(!$projectinfo) {
mysql_query("INSERT INTO projects (registrations_id,projectcategories_id,year) VALUES ('".$registrations_id."','$projectcategories_id','".$config['FAIRYEAR']."')");
$stmt = $pdo->prepare("INSERT INTO projects (registrations_id,projectcategories_id,year) VALUES ('".$registrations_id."','$projectcategories_id','".$config['FAIRYEAR']."')");
//and then pull it back out
$q=mysql_query("SELECT * FROM projects WHERE registrations_id='".$registrations_id."' AND year='".$config['FAIRYEAR']."'");
$projectinfo=mysql_fetch_object($q);
$stmt->execute();
$q=$pdo->prepare("SELECT * FROM projects WHERE registrations_id='".$registrations_id."' AND year='".$config['FAIRYEAR']."'");
$q->execute();
$projectinfo=$q->fetch(PDO::FETCH_OBJ);
}
//make sure that if they changed their grade on the student page, we update their projectcategories_id accordingly
if($projectcategories_id && $projectinfo->projectcategories_id!=$projectcategories_id) {
echo notice(i18n("Age category changed, updating to %1",array($agecategories[$projectcategories_id]['category'])));
mysql_query("UPDATE projects SET projectcategories_id='$projectcategories_id' WHERE id='$projectinfo->id'");
$stmt = $pdo->prepare("UPDATE projects SET projectcategories_id='$projectcategories_id' WHERE id='$projectinfo->id'");
$stmt->execute();
}
//output the current status
@ -252,12 +269,13 @@ function countwords()
<?
if($config['project_type'] == 'yes'){
$q=mysql_query("SELECT * FROM projecttypes ORDER BY type");
$q=$pdo->prepare("SELECT * FROM projecttypes ORDER BY type");
$q->execute();
echo "<tr><td>".i18n("Project Type").": </td><td>";
echo "<select name=\"projecttype\">\n";
echo "<option value=\"\">".i18n("Select a project type")."</option>\n";
//FIXME: need to fix the loading glitch
while($r=mysql_fetch_object($q))
while($r=$q->fetch(PDO::FETCH_OBJ))
{
if($r->type == $projectinfo->projecttype)
{
@ -282,15 +300,17 @@ if($config['project_type'] == 'yes'){
<?
//###### Feature Specific - filtering divisions by category
if($config['filterdivisionbycategory']=="yes"){
$q=mysql_query("SELECT projectdivisions.* FROM projectdivisions,projectcategoriesdivisions_link WHERE projectdivisions.id=projectdivisions_id AND projectcategories_id=".$projectcategories_id." AND projectdivisions.year='".$config['FAIRYEAR']."' AND projectcategoriesdivisions_link.year='".$config['FAIRYEAR']."' ORDER BY division");
echo mysql_error();
$q=$pdo->prepare("SELECT projectdivisions.* FROM projectdivisions,projectcategoriesdivisions_link WHERE projectdivisions.id=projectdivisions_id AND projectcategories_id=".$projectcategories_id." AND projectdivisions.year='".$config['FAIRYEAR']."' AND projectcategoriesdivisions_link.year='".$config['FAIRYEAR']."' ORDER BY division");
$q->execute();
echo $pdo->errorInfo();
//###
} else
$q=mysql_query("SELECT * FROM projectdivisions WHERE year='".$config['FAIRYEAR']."' ORDER BY division");
$q=$pdo->prepare("SELECT * FROM projectdivisions WHERE year='".$config['FAIRYEAR']."' ORDER BY division");
$q->execute();
echo "<select name=\"projectdivisions_id\">";
echo "<option value=\"\">".i18n("Select a division")."</option>\n";
while($r=mysql_fetch_object($q)) {
while($r=$q->fetch(PDO::FETCH_OBJ)) {
if($r->id == $projectinfo->projectdivisions_id) $sel="selected=\"selected\""; else $sel="";
echo "<option $sel value=\"$r->id\">".htmlspecialchars(i18n($r->division),null,"ISO8859-1")."</option>\n";
}

24
admin/registration_stats.php
View File

@ -61,12 +61,15 @@
echo "</select>";
echo "</form>";
$q=mysql_query("SELECT * FROM projectcategories WHERE year='$year' ORDER BY id");
while($r=mysql_fetch_object($q))
$q=$pdo->prepare("SELECT * FROM projectcategories WHERE year='$year' ORDER BY id");
while($r=$q->fetch(PDO::FETCH_OBJ)
$cats[$r->id]=$r->category;
$q=mysql_query("SELECT * FROM projectdivisions WHERE year='$year' ORDER BY id");
while($r=mysql_fetch_object($q))
$q=$pdo->prepare("SELECT * FROM projectdivisions WHERE year='$year' ORDER BY id");
$q->execute();
while($r=$q->fetch(PDO::FETCH_OBJ))
$divs[$r->id]=$r->division;
if($showstatus) {
@ -90,7 +93,7 @@ else $wherestatus="";
default: $ORDERBY="registrations.status DESC, projects.title"; break;
}
$q=mysql_query("SELECT registrations.id AS reg_id,
$q=$pdo->prepare("SELECT registrations.id AS reg_id,
registrations.num AS reg_num,
registrations.status,
registrations.email,
@ -109,7 +112,8 @@ else $wherestatus="";
ORDER BY
$ORDERBY
");
echo mysql_error();
$q->execute();
echo $pdo->errorInfo();
$stats_totalprojects=0;
$stats_totalstudents=0;
@ -123,7 +127,7 @@ else $wherestatus="";
$schools_names=array();
$languages=array();
while($r=mysql_fetch_object($q))
while($r=$q->fetch(PDO::FETCH_OBJ))
{
$stats_totalprojects++;
$stats_divisions[$r->projectdivisions_id]++;
@ -142,7 +146,7 @@ else $wherestatus="";
$status_text=i18n($status_text);
$sq=mysql_query("SELECT students.firstname,
$sq=$pdo->prepare("SELECT students.firstname,
students.lastname,
students.id,
schools.school,
@ -155,12 +159,12 @@ else $wherestatus="";
AND
students.schools_id=schools.id
");
echo mysql_error();
echo $pdo->errorInfo();
$studnum=1;
$schools="";
$students="";
while($studentinfo=mysql_fetch_object($sq))
while($studentinfo=$sq->fetch(PDO::FETCH_OBJ))
{
$stats_totalstudents++;
$stats_students_catdiv[$r->projectcategories_id][$r->projectdivisions_id]++;

9
admin/registration_webconsent.php
View File

@ -45,7 +45,7 @@
$webfirst=$_POST['webfirst'][$id]=="yes"?"yes":"no";
$weblast=$_POST['weblast'][$id]=="yes"?"yes":"no";
$webphoto=$_POST['webphoto'][$id]=="yes"?"yes":"no";
mysql_query("UPDATE students SET
$stmt = $pdo->prepare("UPDATE students SET
webfirst='$webfirst',
weblast='$weblast',
webphoto='$webphoto'
@ -71,7 +71,7 @@
<?
$sq=mysql_query("SELECT students.firstname,
$sq=$pdo->prepare("SELECT students.firstname,
students.lastname,
students.id,
projects.projectnumber,
@ -91,7 +91,8 @@
AND students.year='".$config['FAIRYEAR']."'
ORDER BY projectnumber
");
echo mysql_error();
$sq->execute();
echo $pdo->errorInfo();
echo "<form method=\"post\" action=\"registration_webconsent.php\">";
echo "<table class=\"tableview\">";
@ -102,7 +103,7 @@
echo " <th>".i18n("Last")."</th>";
echo " <th>".i18n("Photo")."</th>";
echo "</tr></thead>";
while($r=mysql_fetch_object($sq))
while($r=$sq->fetch(PDO::FETCH_OBJ))
{
echo "<tr>";
echo "<td>$r->projectnumber<input id=\"changed_$r->id\" type=\"hidden\" name=\"changed[$r->id]\" value=\"0\"></td>";

73
admin/reports.inc.php
View File

@ -345,9 +345,10 @@ foreach($report_stock as $n=>$v) {
$allow_fields = array_keys($$fieldvar);
/* First delete all existing fields */
mysql_query("DELETE FROM reports_items
$stmt = $pdo->prepare("DELETE FROM reports_items
WHERE `reports_id`='{$report['id']}'
AND `type`='$type'");
$stmt->execute();
/* Now add new ones */
if(count($report[$type]) == 0) return;
@ -357,12 +358,12 @@ foreach($report_stock as $n=>$v) {
foreach($report[$type] as $k=>$v) {
if($type == 'option') {
/* field, value, x, y, w, h, lines, face, align, valign, fn, fs, fsize, overflow */
$vals = "'".mysql_real_escape_string($k)."','".mysql_real_escape_string($v)."','0','0','0','0','0','','','','','','0','truncate'";
$vals = "'".$k."','".$v."','0','0','0','0','0','','','','','','0','truncate'";
} else {
if($v['lines'] == 0) $v['lines'] =1;
$fs = is_array($v['fontstyle']) ? implode(',',$v['fontstyle']) : '';
$opts = "{$v['align']} {$v['valign']}";
$vals = "'{$v['field']}','".mysql_real_escape_string($v['value'])."',
$vals = "'{$v['field']}','".$v['value']."',
'{$v['x']}','{$v['y']}','{$v['w']}',
'{$v['h']}','{$v['lines']}','{$v['face']}',
'$opts','{$v['valign']}',
@ -374,13 +375,14 @@ foreach($report_stock as $n=>$v) {
$x++;
}
mysql_query("INSERT INTO reports_items(`reports_id`,`type`,`ord`,
$stmt = $pdo->prepare("INSERT INTO reports_items(`reports_id`,`type`,`ord`,
`field`,`value`,`x`, `y`, `w`, `h`,
`lines`, `face`, `align`,`valign`,
`fontname`,`fontstyle`,`fontsize`,`on_overflow`)
VALUES $q;");
echo mysql_error();
$stmt->execute();
echo $pdo->erroInfo();
}
@ -394,8 +396,9 @@ foreach($report_stock as $n=>$v) {
$report = array();
$q = mysql_query("SELECT * FROM reports WHERE id='$report_id'");
$r = mysql_fetch_assoc($q);
$q = $pdo->prepare("SELECT * FROM reports WHERE id='$report_id'");
$q->execute();
$r = $q->fetch(PDO::FETCH_ASSOC);
$report['name'] = $r['name'];
$report['id'] = $r['id'];
$report['system_report_id'] = $r['system_report_id'];
@ -417,14 +420,15 @@ foreach($report_stock as $n=>$v) {
else
$allow_fields=array();
$q = mysql_query("SELECT * FROM reports_items
$q = $pdo->prepare("SELECT * FROM reports_items
WHERE reports_id='{$report['id']}'
ORDER BY `ord`");
print(mysql_error());
$q->execute();
print($pdo->erroInfo());
if(mysql_num_rows($q) == 0) return $report;
if($q->rowCount() == 0) return $report;
while($a = mysql_fetch_assoc($q)) {
while($a = $q->fetch(PDO::FETCH_ASSOC)) {
$f = $a['field'];
$t = $a['type'];
switch($t) {
@ -472,13 +476,15 @@ foreach($report_stock as $n=>$v) {
{
if($report['id'] == 0) {
/* New report */
mysql_query("INSERT INTO reports (`id`) VALUES ('')");
$report['id'] = mysql_insert_id();
$stmt = $pdo->prepare("INSERT INTO reports (`id`) VALUES ('')");
$stmt->execute();
$report['id'] = $pdo->lastInsertId();
} else {
/* if the report['id'] is not zero, see if this is a
* systeim report before doing anything. */
$q = mysql_query("SELECT system_report_id FROM reports WHERE id='{$report['id']}'");
$i = mysql_fetch_assoc($q);
$q = $pdo->prepare("SELECT system_report_id FROM reports WHERE id='{$report['id']}'");
$q->execute();
$i = $q->fetch(PDO::FETCH_ASSOC);
if(intval($i['system_report_id']) != 0) {
/* This is a system report, the editor (should)
* properly setup the editor pages so that the user
@ -497,12 +503,13 @@ foreach($report_stock as $n=>$v) {
print("</pre>");
*/
mysql_query("UPDATE reports SET
`name`='".mysql_escape_string($report['name'])."',
`desc`='".mysql_escape_string($report['desc'])."',
`creator`='".mysql_escape_string($report['creator'])."',
`type`='".mysql_escape_string($report['type'])."'
$stmt = $pdo->prepare("UPDATE reports SET
`name`='".$report['name']."',
`desc`='".$report['desc']."',
`creator`='".$report['creator']."',
`type`='".$report['type']."'
WHERE `id`={$report['id']}");
$stmt->execute();
report_save_field($report, 'col', $report['loc']);
report_save_field($report, 'group', array());
@ -516,9 +523,9 @@ foreach($report_stock as $n=>$v) {
function report_load_all()
{
$ret = array();
$q = mysql_query("SELECT * FROM reports ORDER BY `name`");
$q = $pdo->prepare("SELECT * FROM reports ORDER BY `name`");
while($r = mysql_fetch_assoc($q)) {
while($r = $q->fetch(PDO::FETCH_ASSOC)) {
$report = array();
$report['name'] = $r['name'];
$report['id'] = $r['id'];
@ -535,8 +542,9 @@ foreach($report_stock as $n=>$v) {
$r = intval($report_id);
/* if the report['id'] is not zero, see if this is a
* systeim report before doing anything. */
$q = mysql_query("SELECT system_report_id FROM reports WHERE id='$r'");
$i = mysql_fetch_assoc($q);
$q = $pdo->prepare("SELECT system_report_id FROM reports WHERE id='$r'");
$q->execute();
$i = $q->fetch(PDO::FETCH_ASSOC);
if(intval($i['system_report_id']) != 0) {
/* This is a system report, the editor (should)
* properly setup the editor pages so that the user
@ -546,9 +554,11 @@ foreach($report_stock as $n=>$v) {
echo "ERROR: attempt to delete a system report (reports.id=$r)";
exit;
}
mysql_query("DELETE FROM reports WHERE `id`=$r");
mysql_query("DELETE FROM reports_items WHERE `reports_id`=$r");
}
$stmt = $pdo->prepare("DELETE FROM reports WHERE `id`=$r");
$stmt->execute();
$stmt = $pdo->prepare("DELETE FROM reports_items WHERE `reports_id`=$r");
$stmt->execute();}
function report_gen($report)
{
@ -792,7 +802,8 @@ foreach($report['col'] as $v)
$q = call_user_func_array($func, array($report, $components));
$q = "SELECT $sel $q $filter_query $group_query ORDER BY $order";
$r = mysql_query($q);
$r = $pdo->prepare($q);
$r->execute();
// print_r($report);
// print_r($report['filter']);
@ -807,18 +818,18 @@ foreach($report['col'] as $v)
a bug report so we can get this fixed.<br />";
echo "<pre>";
echo "Query: [$q]<br />";
echo "Error: [".mysql_error()."]<br />";
echo "Error: [".$pdo->erroInfo()."]<br />";
echo "</pre>";
exit;
}
echo mysql_error();
echo $pdo->erroInfo();
$ncols = count($report['col']);
$n_groups = count($report['group']);
$last_group_data = array();
// echo "<pre>";print_r($rep);
while($i = mysql_fetch_assoc($r)) {
while($i = $r->fetch(PDO::FETCH_ASSOC)) {
if($n_groups > 0) {
$group_change = false;

35
admin/reports.php
View File

@ -35,8 +35,9 @@ $option_keys = array('type','stock');
switch($_GET['action']) {
case 'remove_report':
$id = intval($_GET['id']);
mysql_query("DELETE FROM reports_committee WHERE
$stmt = $pdo->prepare("DELETE FROM reports_committee WHERE
users_id='{$_SESSION['users_uid']}' AND id='$id'");
$stmt->execute();
happy_('Report successfully removed');
exit;
case 'reload':
@ -60,16 +61,17 @@ case 'load_report':
$ret['name'] = $report['name'];
$ret['category'] = '';
} else {
$q = mysql_query("SELECT * FROM reports_committee WHERE id='$id'");
$ret = mysql_fetch_assoc($q);
$q = $pdo->prepare("SELECT * FROM reports_committee WHERE id='$id'");
$ret = $q->fetch(PDO::FETCH_ASSOC);
$ret['type'] = $ret['format'];
}
/* Load available categories */
$q = mysql_query("SELECT DISTINCT category FROM reports_committee
$q = $pdo->prepare("SELECT DISTINCT category FROM reports_committee
WHERE users_id='{$_SESSION['users_uid']}'
ORDER BY category");
while($i = mysql_fetch_object($q))
$q->execute();
while($i = $q->fetch(PDO::FETCH_OBJ))
$ret['cat'][] = $i->category;
echo json_encode($ret);
exit;
@ -81,19 +83,20 @@ case 'save':
$reports_id = intval($_POST['reports_id']);
if($id == -1) {
/* New entry */
mysql_query("INSERT INTO `reports_committee` (`users_id`,`reports_id`)
$stmt = $pdo->prepare("INSERT INTO `reports_committee` (`users_id`,`reports_id`)
VALUES('{$_SESSION['users_uid']}','$reports_id');");
echo mysql_error();
$id = mysql_insert_id();
$stmt->execute();
echo $pdo->errorInfo();
$id = $pdo->lastInsertId();
}
/* Update entry */
$category = $_POST['category'];
$category_exist = $_POST['category_exist'];
$comment = mysql_real_escape_string(stripslashes($_POST['comment']));
$comment = stripslashes($_POST['comment']);
if($category_exist != '') $category = $category_exist;
$category = mysql_real_escape_string(stripslashes(trim($category)));
$category = stripslashes(trim($category));
if($category == '') $category = 'default';
@ -115,12 +118,13 @@ case 'save':
$stock = '';
}
mysql_query("UPDATE `reports_committee` SET
$stmt = $pdo->prepare("UPDATE `reports_committee` SET
`category`='$category',
`comment`='$comment',
`format`='$type',
`stock`='$stock'
WHERE id='$id'");
$stmt->execute();
happy_("Saved");
exit;
}
@ -237,20 +241,21 @@ $(document).ready(function() {
<?
/* Load all the users reports */
$q = mysql_query("SELECT reports_committee.*,reports.name
$q = $pdo->prepare("SELECT reports_committee.*,reports.name
FROM reports_committee
LEFT JOIN reports ON reports.id=reports_committee.reports_id
WHERE users_id='{$_SESSION['users_uid']}'
ORDER BY category,id");
echo mysql_error();
if(mysql_num_rows($q) == 0) {
$q->execute();
echo $pdo->errorInfo();
if($q->rowCount()== 0) {
echo i18n('You have no reports saved');
} else {
$last_category = '';
$x=0;
echo "<table class=\"tableview\" style=\"border:0px;\">";
while($i = mysql_fetch_object($q)) {
while($i = $q->fetch(PDO::FETCH_OBJ)) {
$x++;
if($last_category != $i->category) {
/* New category */

23
admin/reports_acscript.php
View File

@ -9,7 +9,7 @@
else $foryear=$config['FAIRYEAR'];
if($_GET['awardtype']=="All") $awardtype="";
else if($_GET['awardtype']) $awardtype=" AND award_types.type='".mysql_escape_string($_GET['awardtype'])."'";
else if($_GET['awardtype']) $awardtype=" AND award_types.type='".$_GET['awardtype']."'";
else $awardtype="";
if($_GET['show_unawarded_awards']=="on") $show_unawarded_awards="yes";
@ -56,7 +56,7 @@ if(!$scriptformat) $scriptformat="default";
else if($type=="csv") {
$rep=new lcsv(i18n("Awards Ceremony Script"));
}
$q=mysql_query("SELECT
$q=$pdo->prepare("SELECT
award_awards.id,
award_awards.name,
award_awards.presenter,
@ -77,18 +77,19 @@ if(!$scriptformat) $scriptformat="default";
AND award_awards.excludefromac='0'
$awardtype
ORDER BY awards_order");
$q->execute();
echo mysql_error();
echo $pdo->errorInfo();
// echo "<pre>";
if(!mysql_num_rows($q)) {
if(!$q->rowCount()) {
$rep->output();
exit;
}
$awards = array();
while($r=mysql_fetch_object($q)) {
while($r=$q->fetch(PDO::FETCH_OBJ)) {
$pq=mysql_query("SELECT
$pq=$pdo->prepare("SELECT
award_prizes.prize,
award_prizes.number,
award_prizes.id,
@ -111,11 +112,12 @@ if(!$scriptformat) $scriptformat="default";
ORDER BY
`order`,
projects.projectnumber");
echo mysql_error();
$pq->execute();
echo $pdo->errorInfo();
$r->winners = array();
$r->awarded_count = 0;
while($w = mysql_fetch_object($pq)) {
while($w = $pq->fetch(PDO::FETCH_OBJ)) {
if($w->projects_id)
{
$r->awarded_count++;
@ -229,7 +231,7 @@ if(!$scriptformat) $scriptformat="default";
if($scriptformat=="default")
$rep->addText( " ($pr->projectnumber) $pr->title");
$sq=mysql_query("SELECT students.firstname,
$sq=$pdo->prepare("SELECT students.firstname,
students.lastname,
students.pronunciation,
students.schools_id,
@ -241,12 +243,13 @@ if(!$scriptformat) $scriptformat="default";
students.registrations_id='$pr->reg_id'
AND students.schools_id=schools.id
");
$sq->execute();
$students=" Students: ";
$studnum=0;
$pronounce = "";
$rawpronounce = "";
while($studentinfo=mysql_fetch_object($sq)) {
while($studentinfo=$sq->fetch(PDO::FETCH_OBJ)) {
if($studnum>0) $students.=", ";
$students.="$studentinfo->firstname $studentinfo->lastname";

11
admin/reports_appeal_letters.php
View File

@ -30,7 +30,7 @@ require_once('../tcpdf/tcpdf_sfiab_config.php');
require_once('../tcpdf/tcpdf.php');
$fcid = intval($_GET['fundraising_campaigns_id']);
$key = mysql_real_escape_string($_GET['key']);
$key = $_GET['key'];
/* Start an output PDF */
$pdf = new TCPDF(PDF_PAGE_ORIENTATION, PDF_UNIT, PDF_PAGE_FORMAT, true, 'UTF-8', false);
@ -69,16 +69,17 @@ $pdf->setImageScale(PDF_IMAGE_SCALE_RATIO);
/* Load the users */
$users = array();
$q = mysql_query("SELECT * FROM fundraising_campaigns_users_link WHERE fundraising_campaigns_id='$fcid'");
while($l = mysql_fetch_assoc($q)) {
$q = $pdo->prepare("SELECT * FROM fundraising_campaigns_users_link WHERE fundraising_campaigns_id='$fcid'");
while($l = $q->fetch(PDO::FETCH_ASSOC))) {
$uid = $l['users_uid'];
$users[$uid] = user_load_by_uid($uid);
}
/* Grab all the emails */
$q = mysql_query("SELECT * FROM emails WHERE fundraising_campaigns_id='$fcid' AND val='$key'");
$q = $pdo->prepare("SELECT * FROM emails WHERE fundraising_campaigns_id='$fcid' AND val='$key'");
$q->execute();
while($e = mysql_fetch_assoc($q)) {
while($e = $q->fetch(PDO::FETCH_ASSOC))) {
foreach($users as $uid=>&$u) {
$subject = communication_replace_vars($e['subject'], $u);

15
admin/reports_ceremony.php
View File

@ -38,10 +38,11 @@
echo "<tr><td><b>".i18n("Year").":</b></td><td>";
//get the year information, use fairname since it should be there for all years[right?]
$results = mysql_query("SELECT year FROM config WHERE var='fairname' AND year > 0 ORDER BY year DESC");
$results = $pdo->prepare("SELECT year FROM config WHERE var='fairname' AND year > 0 ORDER BY year DESC");
$results->execute();
echo "<select name=\"year\" size=1>";
while($r=mysql_fetch_object($results)) {
while($r=$results->fetch(PDO::FETCH_OBJ)) {
echo "<option>$r->year</option>";
}
echo "</select></td></tr>";
@ -60,9 +61,10 @@
echo "<tr>";
//list award subsets to output
echo "<td><b>".i18n("Award Type").":</b></td> <td> <select name=\"awardtype\" size=1>";
$results = mysql_query("SELECT type FROM award_types WHERE year=".$config['FAIRYEAR']." ORDER BY type");
$results = $pdo->prepare("SELECT type FROM award_types WHERE year=".$config['FAIRYEAR']." ORDER BY type");
$results->execute();
echo "<option value=\"All\">".i18n("All")."</option>";
while($r=mysql_fetch_object($results)) {
while($r=$results->fetch(PDO::FETCH_OBJ)) {
echo "<option value=\"$r->type\">".i18n("$r->type")."</option>";
}
echo "</select></td>";
@ -92,8 +94,9 @@
echo "<tr><td><b>".i18n("Include the following age categories").":</b></td>";
echo "<td>";
$q=mysql_query("SELECT * FROM projectcategories WHERE year='{$config['FAIRYEAR']}' ORDER BY id");
while($r=mysql_fetch_object($q)) {
$q=$pdo->prepare("SELECT * FROM projectcategories WHERE year='{$config['FAIRYEAR']}' ORDER BY id");
$q->execute();
while($r=$q->fetch(PDO::FETCH_OBJ)) {
echo "<input name=\"show_category[{$r->id}]\" type=\"checkbox\" checked=\"checked\" />";
echo "".i18n($r->category)."<br />";
}

17
admin/reports_editor.php
View File

@ -323,13 +323,14 @@ function createDataTCPDF(x,y,w,h,align,valign,fontname,fontstyle,fontsize,value)
if($repaction == 'export') {
echo "<pre>";
$q = mysql_query("SELECT system_report_id FROM reports WHERE 1 ORDER BY system_report_id DESC");
$r = mysql_fetch_assoc($q);
$q = $pdo->prepare("SELECT system_report_id FROM reports WHERE 1 ORDER BY system_report_id DESC");
$q->execute();
$r = $q->fetch(PDO::FETCH_ASSOC);
$sid = $r['system_report_id'] + 1;
$n = mysql_escape_string($report['name']);
$c = mysql_escape_string($report['creator']);
$d = mysql_escape_string($report['desc']);
$t = mysql_escape_string($report['type']);
$n = $report['name'];
$c = $report['creator'];
$d = $report['desc'];
$t = $report['type'];
echo "INSERT INTO `reports` (`id`, `system_report_id`, `name`, `desc`, `creator`, `type`) VALUES\n";
echo "\t('', '$sid', '$n', '$d', '$c', '$t');\n";
@ -339,7 +340,7 @@ function createDataTCPDF(x,y,w,h,align,valign,fontname,fontstyle,fontsize,value)
/* Do the options */
$x = 0;
foreach($report['option'] as $k=>$v) {
echo "\n\t('', LAST_INSERT_ID(), 'option', $x, '$k', '".mysql_real_escape_string($v)."', 0, 0, 0, 0, 0, '', ''),";
echo "\n\t('', LAST_INSERT_ID(), 'option', $x, '$k', '".$v."', 0, 0, 0, 0, 0, '', ''),";
$x++;
}
/* Do the fields */
@ -356,7 +357,7 @@ function createDataTCPDF(x,y,w,h,align,valign,fontname,fontstyle,fontsize,value)
if($vlines == 0) $vlines = 1;
$face = $v['face'];
$align = $v['align']. ' ' . $v['valign'];
$value=mysql_escape_string(stripslashes($v['value']));
$value= stripslashes($v['value']);
if(!$first) echo ',';
$first = false;
echo "\n\t('', LAST_INSERT_ID(), '$f', $x, '$k', '$value', $vx, $vy, $vw, $vh, $vlines, '$face', '$align')";

29
admin/reports_gen.php
View File

@ -39,8 +39,9 @@
/* If it's a system report, turn that into the actual report id */
if(array_key_exists('sid', $_GET)) {
$sid = intval($_GET['sid']);
$q = mysql_query("SELECT id FROM reports WHERE system_report_id='$sid'");
$r = mysql_fetch_assoc($q);
$q = $pdo->prepare("SELECT id FROM reports WHERE system_report_id='$sid'");
$q->execute();
$r = $q->fetch(PDO::FETCH_OBJ);
$id = $r['id'];
}
@ -88,11 +89,12 @@ case 'dialog_gen':
</tr><tr>
<?
/* See if the report is in this committee member's list */
$q = mysql_query("SELECT * FROM reports_committee
$q = $pd->prepare("SELECT * FROM reports_committee
WHERE users_id='{$_SESSION['users_uid']}'
AND reports_id='{$report['id']}'");
if(mysql_num_rows($q) > 0) {
$i = mysql_fetch_assoc($q);
$q->execute();
if($q->rowCount() > 0) {
$i = $q->fetch(PDO::FETCH_ASSOC);
?>
<td colspan="2"><hr /><h3><?=i18n('My Reports Info')?></h3></td>
</tr><tr>
@ -125,10 +127,11 @@ case 'dialog_gen':
echo "</select></td></tr>\n";
}
/* Find all the years */
$q = mysql_query("SELECT DISTINCT year FROM config WHERE year>1000 ORDER BY year DESC");
$q = $pdo->prepare("SELECT DISTINCT year FROM config WHERE year>1000 ORDER BY year DESC");
$q->execute();
echo "<tr><td class=\"label\"><b>".i18n('Year')."</b>:</td>";
echo "<td class=\"input\"><select name=\"year\" id=\"year\">";
while($i = mysql_fetch_assoc($q)) {
while($i =$q->fetch(PDO::FETCH_ASSOC)) {
$y = $i['year'];
$sel = ($config['FAIRYEAR'] == $y) ? 'selected="selected"' : '';
echo "<option value=\"$y\" $sel>$y</option>";
@ -215,13 +218,14 @@ case 'dialog_gen':
echo '<tr><td colspan="2"><hr /></td></tr>';
/* See if the report is in this committee member's list */
$q = mysql_query("SELECT * FROM reports_committee
$q = $pdo->prepare("SELECT * FROM reports_committee
WHERE users_id='{$_SESSION['users_uid']}'
AND reports_id='{$report['id']}'");
$q->execute();
echo "<tr><td colspan=\"2\"><h3>".i18n('My Reports Info')."</h3></td></tr>";
if(mysql_num_rows($q) > 0) {
if($q->rowCount() > 0) {
/* Yes, it is */
$i = mysql_fetch_object($q);
$i = $q->fetch(PDO::FETCH_OBJ);
echo "<tr><td><b>".i18n('Category')."</b>:</td>";
echo "<td>{$i->category}</td></tr>";
echo "<tr><td><b>".i18n('Comment')."</b>:</td>";
@ -249,10 +253,11 @@ case 'dialog_gen':
echo "</select></td></tr>";
}
/* Find all the years */
$q = mysql_query("SELECT DISTINCT year FROM config WHERE year>1000 ORDER BY year DESC");
$q = $pdo->prepare("SELECT DISTINCT year FROM config WHERE year>1000 ORDER BY year DESC");
$q->execute();
echo "<tr><td><b>".i18n('Year')."</b>:</td>";
echo "<td><select name=\"year\" id=\"year\">";
while($i = mysql_fetch_assoc($q)) {
while($i =$q->fetch(PDO::FETCH_ASSOC)) {
$y = $i['year'];
$sel = ($config['FAIRYEAR'] == $y) ? 'selected="selected"' : '';
echo "<option value=\"$y\" $sel>$y</option>";

34
admin/reports_judges.inc.php
View File

@ -130,15 +130,17 @@ function report_judges_custom_question($report, $field, $text)
$users_id = $text;
/* Find the actual question ID */
$q = mysql_query("SELECT * FROM questions WHERE year='$year' AND ord='$q_ord'");
if(mysql_num_rows($q) != 1)
$q = $pdo->prepare("SELECT * FROM questions WHERE year='$year' AND ord='$q_ord'");
$q->execute();
if($q->rowCount() != 1)
return 'Question not specified';
$question = mysql_fetch_assoc($q);
$question = $q->fetch(PDO::FETCH_ASSOC);
$q = mysql_query("SELECT * FROM question_answers WHERE users_id='$users_id' AND questions_id='{$question['id']}'");
if(mysql_num_rows($q) != 1)
$q = $pdo->prepare("SELECT * FROM question_answers WHERE users_id='$users_id' AND questions_id='{$question['id']}'");
$q->execute();
if($q->rowCount() != 1)
return '';
$answer = mysql_fetch_assoc($q);
$answer = $q->fetch(PDO::FETCH_ASSOC);
return $answer['answer'];
}
@ -174,12 +176,13 @@ function report_judges_team_members($report, $field, $text)
{
$year = $report['year'];
$judges_teams_id = $text;
$q = mysql_query("SELECT * FROM judges_teams_link
$q = $pdo->prepare("SELECT * FROM judges_teams_link
LEFT JOIN users ON judges_teams_link.users_id=users.id
WHERE judges_teams_link.year='$year'
AND judges_teams_link.judges_teams_id='$judges_teams_id'");
$q->execute();
$ret = '';
while( ($m = mysql_fetch_assoc($q))) {
while( ($m = $q->fetch(PDO::FETCH_ASSOC))) {
$add = false;
switch($field) {
case 'team_captain':
@ -216,9 +219,10 @@ function report_judges_load_rounds($year)
global $config, $report_judges_rounds;
if(count($report_judges_rounds)) return ;
$q = mysql_query("SELECT * FROM judges_timeslots WHERE round_id='0' AND `year`='$year'");
$q = $pdo->prepare("SELECT * FROM judges_timeslots WHERE round_id='0' AND `year`='$year'");
$q->execute();
/* Loads judges_timeslots.id, .starttime, .endtime, .date, .name */
while($r = mysql_fetch_assoc($q)) {
while($r = $q->fetch(PDO::FETCH_ASSOC)) {
$report_judges_rounds[] = $r;
if($r['type'] == 'divisional1') $report_judges_rounds['divisional1'] = $r;
@ -232,8 +236,9 @@ function report_judges_specialaward($report, $field, $text)
global $config, $report_judges_rounds;
$year = $report['year'];
$award_id = $text;
$q=mysql_query("SELECT * FROM award_awards WHERE id='".intval($award_id)."'");
$r=mysql_fetch_object($q);
$q=$pdo->prepare("SELECT * FROM award_awards WHERE id='".intval($award_id)."'");
$q->execute();
$r=$q->fetch(PDO::FETCH_OBJ);
return $r->name;
}
@ -258,9 +263,10 @@ function report_judges_time_availability($report, $field, $text)
exit;
}
$q = mysql_query("SELECT * FROM judges_availability WHERE users_id='$users_id'");
$q = $pdo->prepare("SELECT * FROM judges_availability WHERE users_id='$users_id'");
$q->execute();
// echo mysql_error();
while(($r = mysql_fetch_assoc($q))) {
while(($r = $q->fetch(PDO::FETCH_ASSOC))) {
if($r['start'] <= $round['starttime']
&& $r['end'] >= $round['endtime']
&& $r['date'] == $round['date'] ) {

29
admin/reports_judges.php
View File

@ -78,18 +78,20 @@ foreach($keys as $qid) {
//grab the list of divisions, because the last fields of the table will be the sub-divisions
$q=mysql_query("SELECT * FROM projectcategories WHERE year='".$config['FAIRYEAR']."' ORDER BY id");
$numcats=mysql_num_rows($q);
$q=$pdo->prepare("SELECT * FROM projectcategories WHERE year='".$config['FAIRYEAR']."' ORDER BY id");
$q->execute();
$numcats=$q->rowCount();
$catheadings=array();
while($r=mysql_fetch_object($q))
while($r=$q->fetch(PDO::FETCH_OBJ))
{
$cats[]=$r->id;
$catheadings[]="$r->category (out of 5)";
}
//grab the list of divisions, because the last fields of the table will be the sub-divisions
$q=mysql_query("SELECT * FROM projectdivisions WHERE year='".$config['FAIRYEAR']."' ORDER BY id");
$q=$pdo->prepare("SELECT * FROM projectdivisions WHERE year='".$config['FAIRYEAR']."' ORDER BY id");
$q->execute();
$divheadings=array();
while($r=mysql_fetch_object($q))
while($r=$q->fetch(PDO::FETCH_OBJ))
{
$divs[]=$r->id;
$divheadings[]="$r->division (out of 5)";
@ -103,9 +105,10 @@ $table['header']=array_merge($table['header'],array_merge($catheadings,$divheadi
$datetimeheadings=array();
/* Load the judging rounds */
$q = mysql_query("SELECT date,starttime,endtime,name FROM judges_timeslots WHERE round_id='0' AND year='{$config['FAIRYEAR']}' ORDER BY starttime,type");
$q = $pdo->prepare("SELECT date,starttime,endtime,name FROM judges_timeslots WHERE round_id='0' AND year='{$config['FAIRYEAR']}' ORDER BY starttime,type");
$q->execute();
$x = 0;
while($r = mysql_fetch_object($q)) {
while($r = $q->fetch(PDO::FETCH_OBJ)) {
$found = false;
foreach($times as $xx => $t) {
if($t['date'] == $r->date && $t['starttime'] == $r->starttime && $t['endtime'] == $r->endtime) {
@ -132,7 +135,7 @@ $table['header']=array_merge($table['header'],$datetimeheadings);
$table['widths']=array();
$table['dataalign']=array();
$q=mysql_query("SELECT
$q=$pdo->prepare("SELECT
users.*,
users_judge.*
FROM
@ -146,8 +149,9 @@ $q=mysql_query("SELECT
ORDER BY
lastname,
firstname");
echo mysql_error();
while($r=mysql_fetch_object($q)) {
$q->execute();
echo $pdo->errorInfo();
while($r=$q->fetch(PDO::FETCH_OBJ)) {
$u=user_load($r->id);
$expertise_other=str_replace("\n"," ",$r->expertise_other);
@ -180,11 +184,12 @@ while($r=mysql_fetch_object($q)) {
}
$tq = mysql_query("SELECT * FROM judges_availability WHERE users_id=\"".$r->id."\" ORDER BY `start`");
$tq = $pdo->prepare("SELECT * FROM judges_availability WHERE users_id=\"".$r->id."\" ORDER BY `start`");
$tq->execute();
$sel = array();
$timedata=array();
while($tr=mysql_fetch_object($tq)) {
while($tr=$tq->fetch(PDO::FETCH_OBJ)) {
foreach($times as $x=>$t) {
if($tr->start == $t['starttime'] && $tr->end == $t['endtime'] && $tr->date == $t['date']) {
$sel[$x] = true;

19
admin/reports_judges_allyears.php
View File

@ -79,18 +79,20 @@ foreach($keys as $qid) {
//grab the list of divisions, because the last fields of the table will be the sub-divisions
$q=mysql_query("SELECT * FROM projectcategories WHERE year='".$config['FAIRYEAR']."' ORDER BY id");
$numcats=mysql_num_rows($q);
$q=$pdo->prepare("SELECT * FROM projectcategories WHERE year='".$config['FAIRYEAR']."' ORDER BY id");
$q->execute();
$numcats=$q->rowCount();
$catheadings=array();
while($r=mysql_fetch_object($q))
while($r=$q->fetch(PDO::FETCH_OBJ))
{
$cats[]=$r->id;
$catheadings[]="$r->category (out of 5)";
}
//grab the list of divisions, because the last fields of the table will be the sub-divisions
$q=mysql_query("SELECT * FROM projectdivisions WHERE year='".$config['FAIRYEAR']."' ORDER BY id");
$q=$pdo->prepare("SELECT * FROM projectdivisions WHERE year='".$config['FAIRYEAR']."' ORDER BY id");
$q->execute();
$divheadings=array();
while($r=mysql_fetch_object($q))
while($r=$q->fetch(PDO::FETCH_OBJ))
{
$divs[]=$r->id;
$divheadings[]="$r->division (out of 5)";
@ -105,7 +107,7 @@ $table['header']=array_merge($table['header'],array_merge($catheadings,$divheadi
$table['widths']=array();
$table['dataalign']=array();
$q=mysql_query("SELECT
$q=$pdo->prepare("SELECT
users.*,
users_judge.*
FROM
@ -118,8 +120,9 @@ $q=mysql_query("SELECT
lastname,
firstname,
year");
echo mysql_error();
while($r=mysql_fetch_object($q)) {
$q->execute();
echo $pdo->errorInfo();
while($r=$q->fetch(PDO::FETCH_OBJ)) {
$u=user_load($r->id);
$expertise_other=str_replace("\n"," ",$r->expertise_other);

31
admin/reports_judges_teams_projects.php
View File

@ -49,8 +49,9 @@
$teams=getJudgingTeams();
$q=mysql_query("SELECT DISTINCT(date) AS d FROM judges_timeslots WHERE year='".$config['FAIRYEAR']."'");
if(mysql_num_rows($q)>1)
$q=$pdo->prepare("SELECT DISTINCT(date) AS d FROM judges_timeslots WHERE year='".$config['FAIRYEAR']."'");
$q->execute();
if($q->rowCount()>1)
$show_date=true;
else
$show_date=false;
@ -91,10 +92,11 @@
$rep->addText(i18n("Criteria").": ".$award['criteria']);
//get category eligibility
$q=mysql_query("SELECT projectcategories.category FROM projectcategories, award_awards_projectcategories WHERE award_awards_projectcategories.projectcategories_id=projectcategories.id AND award_awards_projectcategories.award_awards_id='{$award['id']}' AND award_awards_projectcategories.year='{$config['FAIRYEAR']}' AND projectcategories.year='{$config['FAIRYEAR']}' ORDER BY category");
echo mysql_error();
$q=$pdo->prepare("SELECT projectcategories.category FROM projectcategories, award_awards_projectcategories WHERE award_awards_projectcategories.projectcategories_id=projectcategories.id AND award_awards_projectcategories.award_awards_id='{$award['id']}' AND award_awards_projectcategories.year='{$config['FAIRYEAR']}' AND projectcategories.year='{$config['FAIRYEAR']}' ORDER BY category");
$q->execute();
echo $pdo->erroInfo();
$cats="";
while($r=mysql_fetch_object($q))
while($r=$q->fetch(PDO::FETCH_OBJ))
{
if($cats) $cats.=", ".i18n($r->category);
else $cats=i18n($r->category);
@ -103,10 +105,11 @@
//get division eligibility
$q=mysql_query("SELECT projectdivisions.division_shortform FROM projectdivisions, award_awards_projectdivisions WHERE award_awards_projectdivisions.projectdivisions_id=projectdivisions.id AND award_awards_projectdivisions.award_awards_id='{$award['id']}' AND award_awards_projectdivisions.year='{$config['FAIRYEAR']}' AND projectdivisions.year='{$config['FAIRYEAR']}' ORDER BY division_shortform");
echo mysql_error();
$q=$pdo->prepare("SELECT projectdivisions.division_shortform FROM projectdivisions, award_awards_projectdivisions WHERE award_awards_projectdivisions.projectdivisions_id=projectdivisions.id AND award_awards_projectdivisions.award_awards_id='{$award['id']}' AND award_awards_projectdivisions.year='{$config['FAIRYEAR']}' AND projectdivisions.year='{$config['FAIRYEAR']}' ORDER BY division_shortform");
$q->execute();
echo $pdo->erroInfo();
$divs="";
while($r=mysql_fetch_object($q))
while($r=$q->fetch(PDO::FETCH_OBJ))
{
if($divs) $divs.=", ".i18n($r->division_shortform);
else $divs=i18n($r->division_shortform);
@ -119,7 +122,7 @@
$rep->nextLine();
//get the timeslots that this team has.
$q=mysql_query("SELECT
$q=$pdo->prepare("SELECT
judges_timeslots.id,
judges_timeslots.date,
judges_timeslots.starttime,
@ -135,9 +138,10 @@
ORDER BY
date,starttime
");
$numslots=mysql_num_rows($q);
$q->execute();
$numslots=$q->rowCount();
while($r=mysql_fetch_object($q))
while($r=$q->fetch(PDO::FETCH_OBJ))
{
if($show_date)
$timeslot=format_date($r->date)." ";
@ -145,7 +149,7 @@
$timeslot="";
$timeslot.=format_time($r->starttime)." - ".format_time($r->endtime);
$projq=mysql_query("SELECT
$projq=$pdo->prepare("SELECT
projects.projectnumber,
projects.id,
projects.title
@ -160,8 +164,9 @@
ORDER BY
projectnumber
");
$projq->execute(;)
while($proj=mysql_fetch_object($projq))
while($proj=$projq->fetch(PDO::FETCH_OBJ))
{
$table['data'][]=array($timeslot, $proj->projectnumber,$proj->title);
//make the timeslot empty so we dont list it each time if there's more than one project in the timeslot

11
admin/reports_mailinglabels_generator.php
View File

@ -66,7 +66,7 @@ if($report)
{
//IF(schools.sciencehead=\"\",\"Science Department Head\",schools.sciencehead) AS co,
case "schools":
$q=mysql_query("SELECT
$q=$pdo->prepare("SELECT
schools.school AS name,
schools.board AS board,
schools.schoollang,
@ -82,11 +82,12 @@ if($report)
ORDER BY
school
");
$q->execute();
break;
case "sponsors":
$q=mysql_query("SELECT
$q=$pdo->prepare("SELECT
award_sponsors.organization AS name,
award_sponsors.address AS address,
award_sponsors.city AS city,
@ -105,10 +106,11 @@ if($report)
ORDER BY
organization
");
$q->execute();
break;
case "judges":
$q=mysql_query("SELECT
$q=$pdo->prepare("SELECT
CONCAT(judges.firstname,' ',judges.lastname) AS name,
IF(judges.address2=\"\",
judges.address,
@ -127,6 +129,7 @@ if($report)
ORDER BY
lastname,firstname
");
$q->execute();
break;
}
@ -144,7 +147,7 @@ if($report)
i18n($config['postalzip']));
}
while($r=mysql_fetch_object($q))
while($r=$q-.fetch(PDO::FETCH_OBJ))
{
//handle C/O differently for schools, becuase, well, french schools are picky!
if($report=="schools") {

23
admin/reports_program_awards.php
View File

@ -23,7 +23,7 @@
{
$rep=new lcsv(i18n("Program Awards"));
}
$q=mysql_query("SELECT
$q=$pdo->prepare("SELECT
award_awards.id,
award_awards.name,
award_awards.criteria,
@ -40,27 +40,29 @@
AND award_awards.excludefromac='0'
AND (award_types.type='special' OR award_types.type='grand')
ORDER BY awards_order");
$q->execute();
echo mysql_error();
echo $pdo->errorInfo();
if(mysql_num_rows($q))
if($q->rowCCount())
{
while($r=mysql_fetch_object($q))
while($r=$q->fetch(PDO::FETCH_OBJ))
{
$rep->heading(i18n($r->name));
//get teh age categories
$acq=mysql_query("SELECT projectcategories.category FROM projectcategories, award_awards_projectcategories WHERE projectcategories.year='".$config['FAIRYEAR']."' AND award_awards_projectcategories.year='".$config['FAIRYEAR']."' AND award_awards_projectcategories.award_awards_id='$r->id' AND award_awards_projectcategories.projectcategories_id=projectcategories.id ORDER BY projectcategories.id");
echo mysql_error();
$acq=$pdo->prepare("SELECT projectcategories.category FROM projectcategories, award_awards_projectcategories WHERE projectcategories.year='".$config['FAIRYEAR']."' AND award_awards_projectcategories.year='".$config['FAIRYEAR']."' AND award_awards_projectcategories.award_awards_id='$r->id' AND award_awards_projectcategories.projectcategories_id=projectcategories.id ORDER BY projectcategories.id");
$acq->execute();
echo $pdo->errorInfo();
$cats="";
while($acr=mysql_fetch_object($acq))
while($acr=$acq->fetch(PDO::FETCH_OBJ))
{
$cats.=i18n($acr->category).", ";
}
$cats=substr($cats,0,-2);
$rep->addText("$cats: ".i18n($r->criteria));
$pq=mysql_query("SELECT
$pq=$pdo->prepare("SELECT
award_prizes.prize,
award_prizes.number,
award_prizes.id,
@ -74,9 +76,10 @@
AND award_prizes.excludefromac='0'
ORDER BY
`order`");
echo mysql_error();
$pq->execute();
echo $pdo->errorInfo();
$prevprizeid=-1;
while($pr=mysql_fetch_object($pq))
while($pr=$pq->fetch(PDO::FETCH_OBJ))
{
if($prevprizeid!=$pr->id)
{

21
admin/reports_projects_details.php
View File

@ -47,7 +47,7 @@
$rep=new lcsv(i18n("Project Details"));
}
$projq=mysql_query("SELECT
$projq=$pdo->prepare("SELECT
registrations.id AS reg_id,
registrations.num AS reg_num,
projects.id,
@ -77,25 +77,25 @@
ORDER BY
projects.projectnumber
");
echo mysql_error();
echo $pdo->errorInfo();
$totalprojects=mysql_num_rows($projq);
$totalprojects=$projq->rowCount();
$projectcount=0;
while($proj=mysql_fetch_object($projq))
while($proj=$projq->fetch(PDO::FETCH_OBJ))
{
$projectcount++;
$sq=mysql_query("SELECT students.firstname,
$sq=$pdo->prepare("SELECT students.firstname,
students.lastname
FROM
students
WHERE
students.registrations_id='$proj->reg_id'
");
$sq->execute();
$students="";
$studnum=0;
while($studentinfo=mysql_fetch_object($sq))
while($studentinfo=$sq->fetch(PDO::FETCH_OBJ))
{
if($studnum>0) $students.=", ";
$students.="$studentinfo->firstname $studentinfo->lastname";
@ -120,14 +120,15 @@
$rep->addTable($table);
unset($table);
$q=mysql_query("SELECT * FROM mentors WHERE registrations_id='".$proj->reg_id."'");
$q=$pdo->prepare("SELECT * FROM mentors WHERE registrations_id='".$proj->reg_id."'");
$q->execute();
$rep->nextline();
$rep->heading(i18n("Mentor Information"));
$rep->nextline();
if(mysql_num_rows($q))
if($q->rowCount())
{
while($r=mysql_fetch_object($q))
while($r=$q->fetch(PDO::FETCH_OBJ))
{
$rep->addText(i18n("%1 %2 from %3",array($r->firstname,$r->lastname,$r->organization)));
$rep->addText(i18n("Phone: %1 Email: %2",array($r->phone,$r->email)));

24
admin/reports_projects_judges_teams.php
View File

@ -49,14 +49,15 @@
$teams=getJudgingTeams();
$q=mysql_query("SELECT DISTINCT(date) AS d FROM judges_timeslots WHERE year='".$config['FAIRYEAR']."'");
if(mysql_num_rows($q)>1)
$q=$pdo->prepare("SELECT DISTINCT(date) AS d FROM judges_timeslots WHERE year='".$config['FAIRYEAR']."'");
$q->execute();
if($q->rowCount()>1)
$show_date=true;
else
$show_date=false;
$projq=mysql_query("SELECT
$projq=$pdo->prepare("SELECT
registrations.id AS reg_id,
registrations.num AS reg_num,
projects.id,
@ -81,24 +82,26 @@
ORDER BY
projects.projectnumber
");
echo mysql_error();
$projq->execute();
echo $pdo->errorInfo();
while($proj=mysql_fetch_object($projq))
while($proj=$projq->fetch(PDO::FETCH_OBJ))
{
$rep->heading("(".$proj->projectnumber.") ".$proj->title);
$sq=mysql_query("SELECT students.firstname,
$sq=$pdo->prepare("SELECT students.firstname,
students.lastname
FROM
students
WHERE
students.registrations_id='$proj->reg_id'
");
$sq->execute();
$students="";
$studnum=0;
while($studentinfo=mysql_fetch_object($sq))
while($studentinfo=$sq->fetch(PDO::fETCH_OBJ)
{
if($studnum>0) $students.=", ";
$students.="$studentinfo->firstname $studentinfo->lastname";
@ -117,7 +120,7 @@
$table['dataalign']=array("center","left");
//get the timeslots that this project has assigned to been judged.
$q=mysql_query("SELECT
$q=$pdo->prepare("SELECT
judges_timeslots.date,
judges_timeslots.starttime,
judges_timeslots.endtime,
@ -132,9 +135,10 @@
ORDER BY
date,starttime
");
$numslots=mysql_num_rows($q);
$q->execute();
$numslots=$q->rowCount();
while($r=mysql_fetch_object($q))
while($r=$q->fetch(PDO::FETCH_OBJ))
{
if($show_date)
$timeslot=format_date($r->date)." ";

24
admin/reports_students.inc.php
View File

@ -67,14 +67,15 @@ function report_student_safety_question($report, $field, $text) {
//safetyquestions start counting 1-10, but when we LIMIT, we need to index on 0-9
$q_ord--;
$q=mysql_query("SELECT safetyquestions.question,
$q=$pdo->prepare("SELECT safetyquestions.question,
safety.answer
FROM safetyquestions
JOIN safety ON safetyquestions.id=safety.safetyquestions_id
WHERE safety.registrations_id='".$regid."'
ORDER BY safetyquestions.ord LIMIT $q_ord,1");
$q->execute();
$r=mysql_fetch_object($q);
$r=$q->fetch(PDO::FETCH_OBJ);
return $r->answer;
}
@ -82,16 +83,17 @@ function report_student_safety_question($report, $field, $text) {
function reports_students_numstudents($report, $field, $text)
{
$year = $report['year'];
$q = mysql_query("SELECT students.id FROM students
$q = $pdo->prepare("SELECT students.id FROM students
WHERE students.registrations_id='$text'
AND students.year='$year'");
return mysql_num_rows($q);
$q->execute();
return $q->rowCount();
}
function reports_students_award_selfnom_num($report, $field, $text, $n)
{
$year = $report['year'];
$q = mysql_query("SELECT award_awards.name FROM
$q = $pdo->prepare("SELECT award_awards.name FROM
projects
LEFT JOIN project_specialawards_link ON project_specialawards_link.projects_id=projects.id
LEFT JOIN award_awards ON award_awards.id=project_specialawards_link.award_awards_id
@ -99,8 +101,9 @@ function reports_students_award_selfnom_num($report, $field, $text, $n)
AND projects.year='$year'
AND project_specialawards_link.year='$year'
LIMIT $n,1");
echo mysql_error();
$i = mysql_fetch_assoc($q);
$q->execute();
echo $pdo->errorInfo();
$i = $q->fetch(PDO::FETCH_OBJ);
return $i['name'];
}
function reports_students_award_selfnom_1($report, $field, $text)
@ -136,9 +139,10 @@ function reports_students_school_principal($report, $field, $text)
function report_student_regfee_item($report, $field, $text) {
$year = $report['year'];
$id=intval(substr($field,12));
$q=mysql_query("SELECT regfee_items_id FROM regfee_items_link WHERE students_id='$text' AND regfee_items_id='$id'");
echo mysql_error();
if($r=mysql_fetch_object($q)) {
$q=$pdo->prepare("SELECT regfee_items_id FROM regfee_items_link WHERE students_id='$text' AND regfee_items_id='$id'");
$q->execute();
echo $pdo->errorInfo();
if($r=$q->fetch(PDO::FETCH_OBJ)) {
return i18n("Yes");
}
else {

2
admin/reports_volunteers.inc.php
View File

@ -112,7 +112,7 @@ $report_volunteers_fields = array(
'name' => 'Fair -- Name',
'header' => 'Fair Name',
'width' => 3,
'table' => "'".mysql_escape_string($config['fairname'])."'"),
'table' => "'".$config['fairname'])."'",
'static_text' => array (
'name' => 'Static Text (useful for labels)',

173
admin/rerollprizes.php
View File

@ -15,113 +15,132 @@
{
//make sure the number of awards are identical (aka they havent added any new ones)
$nq1=mysql_query("SELECT * FROM award_awards WHERE year='$newfairyear'");
$nq2=mysql_query("SELECT * FROM award_awards WHERE year='$currentfairyear'");
if(mysql_num_rows($nq1)==mysql_num_rows($nq2))
$nq1=$pdo->prepare("SELECT * FROM award_awards WHERE year='$newfairyear'");
$nq1->execute();
$nq2=$pdo->prepare("SELECT * FROM award_awards WHERE year='$currentfairyear'");
$nq2->execute();
if($nq1->rowCount()==$nq2->rowcount())
{
$npq1=mysql_query("SELECT * FROM award_prizes WHERE year='$newfairyear'");
$npq2=mysql_query("SELECT * FROM award_prizes WHERE year='$currentfairyear'");
$npq1=$pdo->prepare("SELECT * FROM award_prizes WHERE year='$newfairyear'");
$npq1->execute();
$npq2=$pdo->prepare("SELECT * FROM award_prizes WHERE year='$currentfairyear'");
$npq2->execute();
if(mysql_num_rows($npq2)>0 && mysql_num_rows($npq1)==0)
if($npq2->rowCount()>0 && $npq1->rowCount()==0)
{
echo "<br />";
echo notice(i18n("A BUG WAS IDENTIFIED IN YOUR PREVIOUS YEAR ROLLOVER WHICH CAUSED AWARD PRIZES TO NOT BE ROLLED OVER PROPERLY. THEY ARE NOW BEING RE-ROLLED OVER WITH THE PROPER PRIZE INFORMATION. THIS WILL ONLY HAPPEN ONCE."))."<br />";
mysql_query("DELETE FROM award_awards WHERE year='$newfairyear'");
mysql_query("DELETE FROM award_prizes WHERE year='$newfairyear'");
mysql_query("DELETE FROM award_contacts WHERE year='$newfairyear'");
mysql_query("DELETE FROM award_types WHERE year='$newfairyear'");
mysql_query("DELETE FROM award_awards_projectcategories WHERE year='$newfairyear'");
mysql_query("DELETE FROM award_awards_projectdivisions WHERE year='$newfairyear'");
$stmt = $pdo->prepare("DELETE FROM award_awards WHERE year='$newfairyear'");
$stmt->execute();
$stmt = $pdo->prepare("DELETE FROM award_prizes WHERE year='$newfairyear'");
$stmt->execute();
$stmt = $pdo->prepare("DELETE FROM award_contacts WHERE year='$newfairyear'");
$stmt->execute();
$stmt = $pdo->prepare("DELETE FROM award_types WHERE year='$newfairyear'");
$stmt->execute();
$stmt = $pdo->prepare("DELETE FROM award_awards_projectcategories WHERE year='$newfairyear'");
$stmt->execute();
$stmt = $pdo->prepare("DELETE FROM award_awards_projectdivisions WHERE year='$newfairyear'");
$stmt->execute();
echo i18n("Rolling awards")."<br />";
//awards
$q=mysql_query("SELECT * FROM award_awards WHERE year='$currentfairyear'");
echo mysql_error();
while($r=mysql_fetch_object($q))
$q=$pdo->prepare("SELECT * FROM award_awards WHERE year='$currentfairyear'");
$q->execute();
echo $pdo->errorInfo();
while($r=$q->fetch(PDO::FETCH_OBJ))
{
mysql_query("INSERT INTO award_awards (award_sponsors_id,award_types_id,name,criteria,presenter,`order`,year,excludefromac,cwsfaward) VALUES (
'".mysql_escape_string($r->award_sponsors_id)."',
'".mysql_escape_string($r->award_types_id)."',
'".mysql_escape_string($r->name)."',
'".mysql_escape_string($r->criteria)."',
'".mysql_escape_string($r->presenter)."',
'".mysql_escape_string($r->order)."',
'".mysql_escape_string($newfairyear)."',
'".mysql_escape_string($r->excludefromac)."',
'".mysql_escape_string($r->cwsfaward)."')");
$award_awards_id=mysql_insert_id();
$stmt = $pdo->prepare("INSERT INTO award_awards (award_sponsors_id,award_types_id,name,criteria,presenter,`order`,year,excludefromac,cwsfaward) VALUES (
'".$r->award_sponsors_id."',
'".$r->award_types_i)."',
'".$r->name."',
'".$r->criteria."',
'".$r->presenter."',
'".$r->order."',
'".$newfairyear."',
'".$r->excludefromac."',
'".$r->cwsfaward."')");
$award_awards_id=$pdo->lastInsertId();
$q2=mysql_query("SELECT * FROM award_awards_projectcategories WHERE year='$currentfairyear' AND award_awards_id='$r->id'");
echo mysql_error();
while($r2=mysql_fetch_object($q2))
$q2=$pdo->prepare("SELECT * FROM award_awards_projectcategories WHERE year='$currentfairyear' AND award_awards_id='$r->id'");
$q2->execute();
echo $pdo->errorInfo();
while($r2=$q2->fetch(PDO::FETCH_OBJ))
{
mysql_query("INSERT INTO award_awards_projectcategories (award_awards_id,projectcategories_id,year) VALUES (
'".mysql_escape_string($award_awards_id)."',
'".mysql_escape_string($r2->projectcategories_id)."',
'".mysql_escape_string($newfairyear)."')");
$stmt = $pdo->prepare("INSERT INTO award_awards_projectcategories (award_awards_id,projectcategories_id,year) VALUES (
'".$award_awards_id."',
'".$r2->projectcategories_id."',
'".$newfairyear."')");
$stmt->execute();
}
$q2=mysql_query("SELECT * FROM award_awards_projectdivisions WHERE year='$currentfairyear' AND award_awards_id='$r->id'");
echo mysql_error();
while($r2=mysql_fetch_object($q2))
$q2=$pdo->prepare("SELECT * FROM award_awards_projectdivisions WHERE year='$currentfairyear' AND award_awards_id='$r->id'");
$q2->execute();
echo $pdo->errorInfo();
while($r2=$q2->fetch(PDO::FETCH_OBJ))
{
mysql_query("INSERT INTO award_awards_projectdivisions (award_awards_id,projectdivisions_id,year) VALUES (
'".mysql_escape_string($award_awards_id)."',
'".mysql_escape_string($r2->projectdivisions_id)."',
'".mysql_escape_string($newfairyear)."')");
$stmt = $pdo->prepare("INSERT INTO award_awards_projectdivisions (award_awards_id,projectdivisions_id,year) VALUES (
'".$award_awards_id."',
'".$r2->projectdivisions_id."',
'".$newfairyear."')");
$stmt->execute();
}
echo i18n("&nbsp; Rolling award prizes")."<br />";
$q2=mysql_query("SELECT * FROM award_prizes WHERE year='$currentfairyear' AND award_awards_id='$r->id'");
echo mysql_error();
while($r2=mysql_fetch_object($q2))
$q2=$pdo->prepare("SELECT * FROM award_prizes WHERE year='$currentfairyear' AND award_awards_id='$r->id'");
$q2->execute();
echo $pdo->errorInfo();
while($r2=$q2->fetch(PDO::FETCH_OBJ))
{
mysql_query("INSERT INTO award_prizes (award_awards_id,cash,scholarship,`value`,prize,number,`order`,year,excludefromac) VALUES (
'".mysql_escape_string($award_awards_id)."',
'".mysql_escape_string($r2->cash)."',
'".mysql_escape_string($r2->scholarship)."',
'".mysql_escape_string($r2->value)."',
'".mysql_escape_string($r2->prize)."',
'".mysql_escape_string($r2->number)."',
'".mysql_escape_string($r2->order)."',
'".mysql_escape_string($newfairyear)."',
'".mysql_escape_string($r2->excludefromac)."')");
$stmt = $pdo->prepare("INSERT INTO award_prizes (award_awards_id,cash,scholarship,`value`,prize,number,`order`,year,excludefromac) VALUES (
'".$award_awards_id."',
'".$r2->cash."',
'".$r2->scholarship."',
'".$r2->value."',
'".$r2->prize."',
'".$r2->number."',
'".$r2->order."',
'".$newfairyear."',
'".$r2->excludefromac."')");
}
}
echo i18n("Rolling award contacts")."<br />";
//award contacts
$q=mysql_query("SELECT * FROM award_contacts WHERE year='$currentfairyear'");
echo mysql_error();
while($r=mysql_fetch_object($q))
mysql_query("INSERT INTO award_contacts (award_sponsors_id,salutation,firstname,lastname,position,email,phonehome,phonework,phonecell,fax,notes,year) VALUES (
'".mysql_escape_string($r->award_sponsors_id)."',
'".mysql_escape_string($r->salutation)."',
'".mysql_escape_string($r->firstname)."',
'".mysql_escape_string($r->lastname)."',
'".mysql_escape_string($r->position)."',
'".mysql_escape_string($r->email)."',
'".mysql_escape_string($r->phonehome)."',
'".mysql_escape_string($r->phonework)."',
'".mysql_escape_string($r->phonecell)."',
'".mysql_escape_string($r->fax)."',
'".mysql_escape_string($r->notes)."',
'".mysql_escape_string($newfairyear)."')");
$q=$pdo->prepare("SELECT * FROM award_contacts WHERE year='$currentfairyear'");
$q->execute();
echo $pdo->errorInfo();
while($r=$q->fetch(PDO::FETCH_OBJ))
$stmt = $pdo->prepare("INSERT INTO award_contacts (award_sponsors_id,salutation,firstname,lastname,position,email,phonehome,phonework,phonecell,fax,notes,year) VALUES (
'".$r->award_sponsors_id."',
'".$r->salutation."',
'".$r->firstname."',
'".$r->lastname."',
'".$r->position."',
'".$r->email."',
'".$r->phonehome."',
'".$r->phonework."',
'".$r->phonecell."',
'".$r->fax."',
'".$r->notes."',
'".$newfairyear."')");
echo i18n("Rolling award types")."<br />";
//award types
$q=mysql_query("SELECT * FROM award_types WHERE year='$currentfairyear'");
echo mysql_error();
while($r=mysql_fetch_object($q))
mysql_query("INSERT INTO award_types (id,type,`order`,year) VALUES (
'".mysql_escape_string($r->id)."',
'".mysql_escape_string($r->type)."',
'".mysql_escape_string($r->order)."',
'".mysql_escape_string($newfairyear)."')");
$q=$pdo->prepare("SELECT * FROM award_types WHERE year='$currentfairyear'");
$q->execute();
echo $pdo->errorInfo();
while($r=$q->fetch(PDO::FETCH_OBJ))
$stmt = $pdo->prepare("INSERT INTO award_types (id,type,`order`,year) VALUES (
'".$r->id."',
'".$r->type."',
'".$r->order."',
'".$newfairyear."')");
$stmt->execute();
}
}

70
admin/schools.php
View File

@ -31,8 +31,9 @@
{
if($_POST['save']=="add")
{
$q=mysql_query("INSERT INTO schools (year) VALUES ('".$config['FAIRYEAR']."')");
$id=mysql_insert_id();
$q=$pdo->prepare("INSERT INTO schools (year) VALUES ('".$config['FAIRYEAR']."')");
$q->execute();
$id=$pdo->lastInsertId();
}
else
$id=intval($_POST['id']);
@ -47,8 +48,9 @@
*/
/* Get the uids for principal/science head */
$q = mysql_query("SELECT principal_uid,sciencehead_uid FROM schools WHERE id='$id'");
$i = mysql_fetch_assoc($q);
$q = $pdo->prepare("SELECT principal_uid,sciencehead_uid FROM schools WHERE id='$id'");
$q->execute();
$i = $q->fetch(PDO::FETCH_ASSOC);
$principal_update = '';
$sciencehead_update = '';
@ -120,29 +122,30 @@
}
$exec="UPDATE schools SET ".
"school='".mysql_escape_string(stripslashes($_POST['school']))."', ".
"schoollang='".mysql_escape_string(stripslashes($_POST['schoollang']))."', ".
"designate='".mysql_escape_string(stripslashes($_POST['schooldesignate']))."', ".
"schoollevel='".mysql_escape_string(stripslashes($_POST['schoollevel']))."', ".
"school='".mysql_escape_string(stripslashes($_POST['school']))."', ".
"board='".mysql_escape_string(stripslashes($_POST['board']))."', ".
"district='".mysql_escape_string(stripslashes($_POST['district']))."', ".
"address='".mysql_escape_string(stripslashes($_POST['address']))."', ".
"city='".mysql_escape_string(stripslashes($_POST['city']))."', ".
"province_code='".mysql_escape_string(stripslashes($_POST['province_code']))."', ".
"postalcode='".mysql_escape_string(stripslashes($_POST['postalcode']))."', ".
"schoolemail='".mysql_escape_string(stripslashes($_POST['schoolemail']))."', ".
"phone='".mysql_escape_string(stripslashes($_POST['phone']))."', ".
"fax='".mysql_escape_string(stripslashes($_POST['fax']))."', ".
"registration_password='".mysql_escape_string(stripslashes($_POST['registration_password']))."', ".
"projectlimit='".mysql_escape_string(stripslashes($_POST['projectlimit']))."', ".
"projectlimitper='".mysql_escape_string(stripslashes($_POST['projectlimitper']))."', ".
"accesscode='".mysql_escape_string(stripslashes($_POST['accesscode']))."', ".
"school='".stripslashes($_POST['school'])."', ".
"schoollang='".stripslashes($_POST['schoollang'])."', ".
"designate='".stripslashes($_POST['schooldesignate'])."', ".
"schoollevel='".stripslashes($_POST['schoollevel'])."', ".
"school='".stripslashes($_POST['school'])."', ".
"board='".stripslashes($_POST['board'])."', ".
"district='".stripslashes($_POST['district'])."', ".
"address='".stripslashes($_POST['address'])."', ".
"city='".stripslashes($_POST['city'])."', ".
"province_code='".stripslashes($_POST['province_code'])."', ".
"postalcode='".stripslashes($_POST['postalcode'])."', ".
"schoolemail='".stripslashes($_POST['schoolemail'])."', ".
"phone='".stripslashes($_POST['phone'])."', ".
"fax='".stripslashes($_POST['fax'])."', ".
"registration_password='".stripslashes($_POST['registration_password'])."', ".
"projectlimit='".stripslashes($_POST['projectlimit'])."', ".
"projectlimitper='".stripslashes($_POST['projectlimitper'])."', ".
"accesscode='".stripslashes($_POST['accesscode'])."', ".
$sciencehead_update.$principal_update.
"atrisk='$atrisk' ".
"WHERE id='$id'";
mysql_query($exec);
echo mysql_error();
$stmt = $pdo->prepare($exec);
$stmt->execute();
echo $pdo->errorInfo();
if($_POST['save']=="add")
$notice = 'added';
@ -152,23 +155,27 @@
if($_GET['action']=="delete" && $_GET['delete'])
{
mysql_query("DELETE FROM schools WHERE id='".$_GET['delete']."'");
$stmt = $pdo->prepare("DELETE FROM schools WHERE id='".$_GET['delete']."'");
$stmt->execute();
$notice = 'deleted';
}
if($_GET['action']=="clearaccesscodes")
{
mysql_query("UPDATE schools SET accesscode=NULL WHERE year='{$config['FAIRYEAR']}'");
$stmt = $pdo->prepare("UPDATE schools SET accesscode=NULL WHERE year='{$config['FAIRYEAR']}'");
$stmt->execute();
$notice = 'clearaccess';
}
if($_GET['action']=="makeaccesscodes")
{
$q=mysql_query("SELECT id FROM schools WHERE year='{$config['FAIRYEAR']}' AND (accesscode IS NULL OR accesscode='')");
while($r=mysql_fetch_object($q))
$q=$pdo->prepare("SELECT id FROM schools WHERE year='{$config['FAIRYEAR']}' AND (accesscode IS NULL OR accesscode='')");
$q->execute();
while($r=$q->fetch(PDO::FETCH_OBJ))
{
$ac=generatePassword(5);
mysql_query("UPDATE schools SET accesscode='$ac' WHERE id='$r->id' AND year='{$config['FAIRYEAR']}'");
$stmt = $pdo->prepare("UPDATE schools SET accesscode='$ac' WHERE id='$r->id' AND year='{$config['FAIRYEAR']}'");
$stmt->execute();
}
$notice = 'makeaccess';
@ -186,8 +193,9 @@
if($_GET['action']=="edit")
{
$buttontext="Save School";
$q=mysql_query("SELECT * FROM schools WHERE id='".$_GET['edit']."'");
$r=mysql_fetch_object($q);
$q=$pdo->prepare("SELECT * FROM schools WHERE id='".$_GET['edit']."'");
$q->execute();
$r=$q->fetch(PDO::FETCH_OBJ);
}
else if($_GET['action']=="add")
{

42
admin/schoolsimport.php
View File

@ -49,7 +49,8 @@
if($_POST['emptycurrent']==1)
{
echo happy(i18n("Old school data erased"));
mysql_query("DELETE FROM schools WHERE year='".$config['FAIRYEAR']."'");
$stmt = $pdo->prepare("DELETE FROM schools WHERE year='".$config['FAIRYEAR']."'");
$stmt->execute();
}
$loaded=0;
@ -86,30 +87,31 @@
$principal['phonework'] = $row[13];
user_save($principal);
}
mysql_query("INSERT INTO schools (school,schoollang,schoollevel,board,district,phone,fax,address,city,province_code,postalcode,schoolemail,accesscode,registration_password,projectlimit,projectlimitper,year,principal_uid,sciencehead_uid) VALUES (
'".mysql_escape_string(stripslashes($row[0]))."',
'".mysql_escape_string(stripslashes($row[1]))."',
'".mysql_escape_string(stripslashes($row[2]))."',
'".mysql_escape_string(stripslashes($row[3]))."',
'".mysql_escape_string(stripslashes($row[4]))."',
'".mysql_escape_string(stripslashes($row[5]))."',
'".mysql_escape_string(stripslashes($row[6]))."',
'".mysql_escape_string(stripslashes($row[7]))."',
'".mysql_escape_string(stripslashes($row[8]))."',
'".mysql_escape_string(stripslashes($row[9]))."',
'".mysql_escape_string(stripslashes($row[10]))."',
'".mysql_escape_string(stripslashes($row[14]))."',
'".mysql_escape_string(stripslashes($row[18]))."',
'".mysql_escape_string(stripslashes($row[19]))."',
'".mysql_escape_string(stripslashes($row[20]))."',
'".mysql_escape_string(stripslashes($row[21]))."',
$stmt = $pdo->prepare("INSERT INTO schools (school,schoollang,schoollevel,board,district,phone,fax,address,city,province_code,postalcode,schoolemail,accesscode,registration_password,projectlimit,projectlimitper,year,principal_uid,sciencehead_uid) VALUES (
'".stripslashes($row[0])."',
'".stripslashes($row[1])."',
'".stripslashes($row[2])."',
'".stripslashes($row[3])."',
'".stripslashes($row[4])."',
'".stripslashes($row[5])."',
'".stripslashes($row[6])."',
'".stripslashes($row[7])."',
'".stripslashes($row[8])."',
'".stripslashes($row[9])."',
'".stripslashes($row[10])."',
'".stripslashes($row[14])."',
'".stripslashes($row[18])."',
'".stripslashes($row[19])."',
'".stripslashes($row[20])."',
'".stripslashes($row[21])."',
'".$config['FAIRYEAR']."',
'".$principal['uid']."',
'".$scienceHead['uid']."')");
if(!mysql_Error())
$stmt->execute();
if(!$pdo->errorInfo())
$loaded++;
else
echo mysql_error();
echo $pdo->errorInfo();
}
echo happy(i18n("Successfully loaded %1 schools",array($loaded)));
echo "<a href=\"schools.php\">".i18n("School Management")."</a> <br />";

46
admin/send_emailqueue.php
View File

@ -28,15 +28,18 @@ $sleepmax=2000000; // 2.0 second
echo date("r")."\n";
if(!$config['emailqueue_lock']) {
mysql_query("UPDATE config SET val='".date("r")."' WHERE var='emailqueue_lock'");
$stmt = $pdo->prepare("UPDATE config SET val='".date("r")."' WHERE var='emailqueue_lock'");
$stmt->execute();
//loop forever, but not really, it'll get break'd as soon as there's nothing left to send
while(true) {
$q=mysql_query("SELECT * FROM emailqueue_recipients WHERE sent IS NULL AND result IS NULL LIMIT 1");
if(mysql_num_rows($q)) {
$r=mysql_fetch_object($q);
$eq=mysql_query("SELECT * FROM emailqueue WHERE id='$r->emailqueue_id'");
$email=mysql_fetch_object($eq);
$q=$pdo->prepare("SELECT * FROM emailqueue_recipients WHERE sent IS NULL AND result IS NULL LIMIT 1");
$q->execute();
if($q->rowCount()) {
$r=$q->fetch(PDO::FETCH_OBJ);
$eq=$pdo->prepare("SELECT * FROM emailqueue WHERE id='$r->emailqueue_id'");
$eq->execute();
$email=$eq->fetch(PDO::FETCH_OBJ);
$blank=array();
$replacements=(array)json_decode($r->replacements);
@ -66,33 +69,40 @@ if(!$config['emailqueue_lock']) {
$result=email_send_new($to,$email->from,$email->subject,$body,$bodyhtml);
if($result) {
mysql_query("UPDATE emailqueue_recipients SET sent=NOW(), `result`='ok' WHERE id='$r->id'");
echo mysql_error();
$stmt = $pdo->prepare("UPDATE emailqueue_recipients SET sent=NOW(), `result`='ok' WHERE id='$r->id'");
$stmt->execute()
echo $pdo->errorInfo();
$newnumsent=$email->numsent+1;
mysql_query("UPDATE emailqueue SET numsent=$newnumsent WHERE id='$email->id'");
echo mysql_error();
$stmt = $pdo->prepare("UPDATE emailqueue SET numsent=$newnumsent WHERE id='$email->id'");
$stmt->execute();
echo $pdo->errorInfo();
echo "ok\n";
}
else {
mysql_query("UPDATE emailqueue_recipients SET `sent`=NOW(), `result`='failed' WHERE id='$r->id'");
echo mysql_error();
$stmt = Spdo->prepare("UPDATE emailqueue_recipients SET `sent`=NOW(), `result`='failed' WHERE id='$r->id'");
$stmt->execute();
echo $pdo->errorInfo();
$newnumfailed=$email->numfailed+1;
mysql_query("UPDATE emailqueue SET numfailed=$newnumfailed WHERE id='$email->id'");
echo mysql_error();
$stmt = $pdo->prepare("UPDATE emailqueue SET numfailed=$newnumfailed WHERE id='$email->id'");
$stmt->execute();
echo $pdo->errorInfo();
echo "failed\n";
}
//now check if we're done yet
$rq=mysql_query("SELECT COUNT(*) AS num FROM emailqueue_recipients WHERE sent IS NULL AND emailqueue_id='$email->id'");
$rr=mysql_fetch_object($rq);
$rq=$pdo->prepare("SELECT COUNT(*) AS num FROM emailqueue_recipients WHERE sent IS NULL AND emailqueue_id='$email->id'");
$rq->execute();
$rr=$rq;->fetch(PDO::FETCH_OBJ)
if($rr->num==0) {
mysql_query("UPDATE emailqueue SET finished=NOW() WHERE id='$email->id'");
$stmt = $pdo->prepare("UPDATE emailqueue SET finished=NOW() WHERE id='$email->id'");
$stmt->execute();
}
usleep(rand($sleepmin,$sleepmax));
}
else
break;
}
mysql_query("UPDATE config SET val='' WHERE var='emailqueue_lock'");
$stmt = $pdo->prepare("UPDATE config SET val='' WHERE var='emailqueue_lock'");
$stmt->execute();
}
else {
echo "Already locked\n";

20
admin/settranslation.php
View File

@ -32,15 +32,19 @@ foreach($config['languages'] AS $l=>$ln) {
$m=md5($_POST['translate_str_hidden']);
if($_POST['translate_'.$l]) {
$q=mysql_query("SELECT * FROM translations WHERE lang='$l' AND strmd5='$m'");
if(mysql_num_rows($q))
mysql_query("UPDATE translations SET val='".mysql_real_escape_string(iconv("UTF-8","ISO-8859-1",stripslashes($_POST['translate_'.$l])))."' WHERE lang='$l' AND strmd5='$m'");
else
mysql_query("INSERT INTO translations (lang,strmd5,str,val) VALUES ('$l','$m','".mysql_real_escape_string(iconv("UTF-8","ISO-8859-1",stripslashes($_POST['translate_str_hidden'])))."','".mysql_escape_string(iconv("UTF-8","ISO-8859-1",stripslashes($_POST['translate_'.$l])))."')");
}
$q=$pdo->prepare("SELECT * FROM translations WHERE lang='$l' AND strmd5='$m'");
$q->execute();
if($q->rowCount())
$stmt = $pdo->prepare("UPDATE translations SET val='".iconv("UTF-8","ISO-8859-1",stripslashes($_POST['translate_'.$l]))."' WHERE lang='$l' AND strmd5='$m'");
$stmt->execute();else
$stmt = $pdo->prepare("INSERT INTO translations (lang,strmd5,str,val) VALUES ('$l','$m','".iconv("UTF-8","ISO-8859-1",stripslashes($_POST['translate_str_hidden']))."','".iconv("UTF-8","ISO-8859-1",stripslashes($_POST['translate_'.$l]))."')");
$stmt->execute();}
else {
mysql_query("DELETE FROM translations WHERE lang='$l' AND strmd5='$m'");
}
$stmt = $pdo->prepare("DELETE FROM translations WHERE lang='$l' AND strmd5='$m'");
$stmt->execute();}
}
echo "ok";

24
admin/sponsor_contacts.php
View File

@ -38,11 +38,12 @@
?>
<?
$q=mysql_query("SELECT id,organization FROM sponsors ORDER BY organization");
$q=$pdo->prepare("SELECT id,organization FROM sponsors ORDER BY organization");
$q->execute();
echo "<form method=\"get\" action=\"sponsor_contacts.php\" name=\"sponsorchange\">";
echo "<select name=\"sponsors_id\" onchange=\"document.forms.sponsorchange.submit()\">";
echo "<option value=\"\">".i18n("Choose a sponsor to view contacts")."</option>";
while($r=mysql_fetch_object($q))
while($r=$q->fetch(PDO::fETCH_OBJ))
{
if($r->id == $sponsors_id)
{
@ -73,7 +74,7 @@
if($p == 'no') {
/* Make sure this sponsor ($sponsors_id) has a primary */
$q = mysql_query("SELECT users_id
$q = $pdo->prepare("SELECT users_id
FROM users_sponsor, users
WHERE
users_sponsor.users_id=users.id
@ -81,14 +82,16 @@
AND `primary`='yes'
AND year='".$config['FAIRYEAR']."'
AND users_id!='$id'");
if(mysql_num_rows($q) == 0) {
$q->execute();
if($q->rowCount() == 0) {
/* This must be the primary */
$p = 'yes';
}
} else {
/* Unset all other primaries */
mysql_query("UPDATE users_sponsor SET `primary`='no'
$stmt = $pdo->prepare("UPDATE users_sponsor SET `primary`='no'
WHERE sponsors_id='$sponsors_id'");
$stmt->execute();
}
$u['primary']=$p;
@ -125,7 +128,7 @@
echo "<h3>".i18n("Edit %1 Contact",array($sponsors_organization))."</h3>\n";
$buttontext="Save Contact";
// $q=mysql_query("SELECT * FROM sponsor_contacts WHERE id='".$_GET['edit']."'");
// $r=mysql_fetch_object($q);
// $r=$q->fetch(PDO::fETCH_OBJ);
$u=user_load(intval($_GET['edit']));
}
else if($_GET['action']=="add")
@ -171,14 +174,15 @@
echo "<a href=\"sponsor_contacts.php?sponsors_id=$sponsors_id&action=add\">".i18n("Add New Contact to %1",array($sponsors_organization))."</a>\n";
echo "<br />";
$q=mysql_query("SELECT * FROM users LEFT JOIN users_sponsor ON users_sponsor.users_id=users.id
$q=$pdo->prepare("SELECT * FROM users LEFT JOIN users_sponsor ON users_sponsor.users_id=users.id
WHERE year='".$config['FAIRYEAR']."'
AND sponsors_id='$sponsors_id'
AND deleted='no'
ORDER BY lastname,firstname");
echo mysql_Error();
$q->execute();
echo $pdo->errorInfo();
if(mysql_num_rows($q))
if($q->rowCount())
{
echo "<table class=\"tableview\">";
echo "<thead><tr>";
@ -191,7 +195,7 @@
echo "</tr></thead>\n";
while($r=mysql_fetch_object($q))
while($r=$q->fetch(PDO::fETCH_OBJ))
{
echo "<tr>\n";
echo " <td>";

194
admin/student_editor.php
View File

@ -38,11 +38,12 @@ if($auth_type == 'fair') {
} else {
/* Make sure they have permission to laod this student, check
the master copy of the fairs_id in the project */
$q=mysql_query("SELECT * FROM projects WHERE
$q=$pdo->prepare("SELECT * FROM projects WHERE
registrations_id='$registrations_id'
AND year='{$config['FAIRYEAR']}'
AND fairs_id=$fairs_id");
if(mysql_num_rows($q) != 1) {
$q->execute();
if($q->rowCount() != 1) {
echo "permission denied.";
exit;
}
@ -70,20 +71,53 @@ case 'students_save':
case 'student_remove':
$remove_id = intval($_GET['students_id']);
$q=mysql_query("SELECT id FROM students WHERE id='$remove_id' AND registrations_id='$registrations_id'");
if(mysql_num_rows($q)!=1) {
$q=$pdo->prepare("SELECT id FROM students WHERE id='$remove_id' AND registrations_id='$registrations_id'");
$q->execute();
if($q->rowCount()!=1) {
error_("Invalid student to remove");
exit;
}
if($q->rowCount()!=1) {
error_("Invalid student to remove");
exit;
}
mysql_query("DELETE FROM students WHERE id='$remove_id' AND registrations_id='$registrations_id'");
$stmt = $pdo->prepare("DELETE FROM students WHERE id='$remove_id' AND registrations_id='$registrations_id'");
$stmt->execute();
//now see if they have an emergency contact that also needs to be removed
$q=mysql_query("SELECT id FROM emergencycontact WHERE students_id='$remove_id' AND registrations_id='$registrations_id' AND year='{$config['FAIRYEAR']}'");
$q=$pdo->prepare("SELECT id FROM emergencycontact WHERE students_id='$remove_id' AND registrations_id='$registrations_id' AND year='{$config['FAIRYEAR']}'");
$q->execute();
//no need to error message if this doesnt exist
if(mysql_num_rows($q)==1)
mysql_query("DELETE FROM emergencycontact WHERE students_id='$remove_id' AND registrations_id='$registrations_id' AND year='{$config['FAIRYEAR']}'");
if($q->rowCount()==1)
$stmt = $do->prepare("DELETE FROM emergencycontact WHERE students_id='$remove_id' AND registrations_id='$registrations_id' AND year='{$config['FAIRYEAR']}'");
$stmt->execute();
if($q->rowCount()!=1) {
error_("Invalid student to remove");
exit;
}
$stmt = $pdo->prepare("DELETE FROM students WHERE id='$remove_id' AND registrations_id='$registrations_id'");
$stmt->execute();
//now see if they have an emergency contact that also needs to be removed
$q=$pdo->prepare("SELECT id FROM emergencycontact WHERE students_id='$remove_id' AND registrations_id='$registrations_id' AND year='{$config['FAIRYEAR']}'");
$q->execute();
//no need to error message if this doesnt exist
if($q->rowCount()==1)
$stmt = $do->prepare("DELETE FROM emergencycontact WHERE students_id='$remove_id' AND registrations_id='$registrations_id' AND year='{$config['FAIRYEAR']}'");
$stmt->execute();
$stmt = $pdo->prepare("DELETE FROM students WHERE id='$remove_id' AND registrations_id='$registrations_id'");
$stmt->execute();
//now see if they have an emergency contact that also needs to be removed
$q=$pdo->prepare("SELECT id FROM emergencycontact WHERE students_id='$remove_id' AND registrations_id='$registrations_id' AND year='{$config['FAIRYEAR']}'");
$q->execute();
//no need to error message if this doesnt exist
if($q->rowCount()==1)
$stmt = $do->prepare("DELETE FROM emergencycontact WHERE students_id='$remove_id' AND registrations_id='$registrations_id' AND year='{$config['FAIRYEAR']}'");
$stmt->execute();
happy_("Student successfully removed");
exit;
@ -105,34 +139,35 @@ function students_save()
if($_POST['id'][$x]==0) {
//if they use schoolpassword or singlepassword, then we need to set the school based on the school stored in the registration record. for anything else they can school the school on their own.
if($config['participant_registration_type']=="schoolpassword" || $config['participant_registration_type']=="invite") {
$q=mysql_query("SELECT schools_id FROM registrations WHERE id='$registrations_id' AND YEAR='{$config['FAIRYEAR']}'");
$r=mysql_fetch_object($q);
$q=$pdo->prepare("SELECT schools_id FROM registrations WHERE id='$registrations_id' AND YEAR='{$config['FAIRYEAR']}'");
$q->execute();
$r=$q->fetch(PDO::FETCH_OBJ);
$schools_id=$r->schools_id;
$schoolvalue="'$schools_id', ";
} else {
$schoolvalue="'".mysql_escape_string(stripslashes($_POST['schools_id'][$x]))."', ";
$schoolvalue="'".stripslashes($_POST['schools_id'][$x])."', ";
}
//INSERT new record
$dob=$_POST['year'][$x]."-".$_POST['month'][$x]."-".$_POST['day'][$x];
mysql_query("INSERT INTO students (registrations_id,firstname,lastname,sex,email,address,city,province,postalcode,phone,dateofbirth,grade,schools_id,tshirt,medicalalert,foodreq,teachername,teacheremail,year) VALUES (".
$stmt -> prepare("INSERT INTO students (registrations_id,firstname,lastname,sex,email,address,city,province,postalcode,phone,dateofbirth,grade,schools_id,tshirt,medicalalert,foodreq,teachername,teacheremail,year) VALUES (".
"'".$registrations_id."', ".
"'".mysql_escape_string(iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['firstname'][$x])))."', ".
"'".mysql_escape_string(iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['lastname'][$x])))."', ".
"'".mysql_escape_string(stripslashes($_POST['sex'][$x]))."', ".
"'".mysql_escape_string(iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['email'][$x])))."', ".
"'".mysql_escape_string(iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['address'][$x])))."', ".
"'".mysql_escape_string(iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['city'][$x])))."', ".
"'".mysql_escape_string(iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['province'][$x])))."', ".
"'".mysql_escape_string(stripslashes($_POST['postalcode'][$x]))."', ".
"'".mysql_escape_string(stripslashes($_POST['phone'][$x]))."', ".
"'".iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['firstname'][$x]))."', ".
"'".iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['lastname'][$x]))."', ".
"'".stripslashes($_POST['sex'][$x])."', ".
"'".iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['email'][$x]))."', ".
"'".iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['address'][$x]))."', ".
"'".iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['city'][$x]))."', ".
"'".iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['province'][$x]))."', ".
"'".stripslashes($_POST['postalcode'][$x])."', ".
"'".stripslashes($_POST['phone'][$x])."', ".
"'$dob', ".
"'".mysql_escape_string(stripslashes($_POST['grade'][$x]))."', ".
"'".stripslashes($_POST['grade'][$x])."', ".
$schoolvalue.
"'".mysql_escape_string(stripslashes($_POST['tshirt'][$x]))."', ".
"'".mysql_escape_string(stripslashes($_POST['medicalalert'][$x]))."', ".
"'".mysql_escape_string(stripslashes($_POST['foodreq'][$x]))."', ".
"'".mysql_escape_string(iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['teachername'][$x])))."', ".
"'".mysql_escape_string(iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['teacheremail'][$x])))."', ".
"'".stripslashes($_POST['tshirt'][$x])."', ".
"'".stripslashes($_POST['medicalalert'][$x])."', ".
"'".stripslashes($_POST['foodreq'][$x])."', ".
"'".iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['teachername'][$x]))."', ".
"'".iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['teacheremail'][$x]))."', ".
"'".$config['FAIRYEAR']."')");
happy_("%1 %2 successfully added",array($_POST['firstname'][$x],$_POST['lastname'][$x]));
@ -143,32 +178,33 @@ function students_save()
if(( $config['participant_registration_type']=="schoolpassword" || $config['participant_registration_type']=="invite") && !$_POST['schools_id'][$x]) {
$schoolquery="";
} else if($_POST['schools_id'][$x]) {
$schoolquery="schools_id='".mysql_escape_string(stripslashes($_POST['schools_id'][$x]))."', ";
$schoolquery="schools_id='".stripslashes($_POST['schools_id'][$x])."', ";
} else
$schoolquery="";
//UPDATE existing record
$dob=$_POST['year'][$x]."-".$_POST['month'][$x]."-".$_POST['day'][$x];
mysql_query("UPDATE students SET ".
"firstname='".mysql_escape_string(iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['firstname'][$x])))."', ".
"lastname='".mysql_escape_string(iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['lastname'][$x])))."', ".
"sex='".mysql_escape_string(stripslashes($_POST['sex'][$x]))."', ".
"email='".mysql_escape_string(iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['email'][$x])))."', ".
"address='".mysql_escape_string(iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['address'][$x])))."', ".
"city='".mysql_escape_string(iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['city'][$x])))."', ".
"province='".mysql_escape_string(iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['province'][$x])))."', ".
"postalcode='".mysql_escape_string(stripslashes($_POST['postalcode'][$x]))."', ".
"phone='".mysql_escape_string(stripslashes($_POST['phone'][$x]))."', ".
$stmt = $pdo->prepare("UPDATE students SET ".
"firstname='".iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['firstname'][$x]))."', ".
"lastname='".iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['lastname'][$x]))."', ".
"sex='".stripslashes($_POST['sex'][$x])."', ".
"email='".iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['email'][$x]))."', ".
"address='".iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['address'][$x]))."', ".
"city='".iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['city'][$x]))."', ".
"province='".iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['province'][$x]))."', ".
"postalcode='".stripslashes($_POST['postalcode'][$x])."', ".
"phone='".stripslashes($_POST['phone'][$x])."', ".
"dateofbirth='$dob', ".
"grade='".mysql_escape_string(stripslashes($_POST['grade'][$x]))."', ".
"grade='".stripslashes($_POST['grade'][$x])."', ".
$schoolquery.
"medicalalert='".mysql_escape_string(iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['medicalalert'][$x])))."', ".
"foodreq='".mysql_escape_string(iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['foodreq'][$x])))."', ".
"teachername='".mysql_escape_string(iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['teachername'][$x])))."', ".
"teacheremail='".mysql_escape_string(iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['teacheremail'][$x])))."', ".
"tshirt='".mysql_escape_string(stripslashes($_POST['tshirt'][$x]))."' ".
"medicalalert='".iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['medicalalert'][$x]))."', ".
"foodreq='".iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['foodreq'][$x]))."', ".
"teachername='".iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['teachername'][$x]))."', ".
"teacheremail='".iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['teacheremail'][$x]))."', ".
"tshirt='".stripslashes($_POST['tshirt'][$x])."' ".
"WHERE id='".$_POST['id'][$x]."'");
$stmt->execute();
happy_("%1 %2 successfully updated",array(iconv("UTF-8","ISO-8859-1//TRANSLIT",$_POST['firstname'][$x]),iconv("UTF-8","ISO-8859-1//TRANSLIT",$_POST['lastname'][$x])));
}
$x++;
@ -181,12 +217,13 @@ function students_load()
global $registrations_id, $config;
//now query and display
$q=mysql_query("SELECT * FROM students WHERE
$q=$pdo->prepare("SELECT * FROM students WHERE
registrations_id='$registrations_id'
AND year='{$config['FAIRYEAR']}'");
echo mysql_error();
$q->execute();
echo $pdo->errorInfo();
$numfound=mysql_num_rows($q);
$numfound=$q->rowCount();
$numtoshow = intval($_GET['numstudents']);
if($numtoshow == 0) $numtoshow=$numfound;
@ -208,7 +245,7 @@ function students_load()
echo "<form id=\"students_form\" >";
for($x=1;$x<=$numtoshow;$x++) {
$studentinfo=mysql_fetch_object($q);
$studentinfo=$q->fetch(PDO::FETCH_OBJ);
echo "<h3>".i18n("Student %1 Details",array($x))."</h3>";
//if we have a valid student, set their ID, so we can UPDATE when we submit
//if there is no record for this student, then set the ID to 0, so we will INSERT when we submit
@ -346,10 +383,11 @@ function students_load()
echo " <td>".i18n("School")."</td><td colspan=\"3\">";
if( $config['participant_registration_type']=="open" || $config['participant_registration_type']=="singlepassword" || $config['participant_registration_type']=="openorinvite" || ($studentinfo && !$studentinfo->schools_id) )
{
$schoolq=mysql_query("SELECT id,school,city FROM schools WHERE year='".$config['FAIRYEAR']."' ORDER by city,school");
$schoolq=$pdo->prepare("SELECT id,school,city FROM schools WHERE year='".$config['FAIRYEAR']."' ORDER by city,school");
$schoolq->execute();
echo "<select name=\"schools_id[$x]\">\n";
echo "<option value=\"\">".i18n("Choose School")."</option>\n";
while($r=mysql_fetch_object($schoolq))
while($r=$schoolq->fetch(PDO::FETCH_OBJ))
{
if($studentinfo->schools_id==$r->id) $sel="selected=\"selected\""; else $sel="";
echo "<option $sel value=\"$r->id\">".htmlspecialchars($r->city).' - '.htmlspecialchars($r->school)."</option>\n";
@ -359,8 +397,9 @@ function students_load()
}
else
{
$schoolq=mysql_query("SELECT id,school FROM schools WHERE year='".$config['FAIRYEAR']."' AND id='$studentinfo->schools_id'");
$r=mysql_fetch_object($schoolq);
$schoolq=$pdo->prepare("SELECT id,school FROM schools WHERE year='".$config['FAIRYEAR']."' AND id='$studentinfo->schools_id'");
$schoolq->execute();
$r=$schoolq->fetch(PDO::FETCH_OBJ);
echo $r->school;
}
@ -414,22 +453,25 @@ function registration_load()
/* Find a reg num */
do {
$regnum=rand(100000,999999);
$q=mysql_query("SELECT * FROM registrations WHERE num='$regnum' AND year={$config['FAIRYEAR']}");
} while(mysql_num_rows($q)>0);
$q=$pdo->prepare("SELECT * FROM registrations WHERE num='$regnum' AND year={$config['FAIRYEAR']}");
$q->execute();
} while($q->rowCount()>0);
$r['num'] = $regnum;
echo notice(i18n('New registration number generated.'));
echo notice(i18n('This new registration will added when the "Save Registration Information" button is pressed below. At that time the other tabs will become available.'));
} else {
$q = mysql_query("SELECT * FROM registrations WHERE id='$registrations_id'");
if(mysql_num_rows($q) != 1)
$q = $pdo->prepare("SELECT * FROM registrations WHERE id='$registrations_id'");
$q->execute();
if($q->rowCount() != 1)
$r = array();
else {
$r = mysql_fetch_assoc($q);
$r = $q->fetch(PDO::FETCH_ASSOC);
/* Get the fair from the project */
$q = mysql_query("SELECT fairs_id FROM projects WHERE registrations_id='$registrations_id'");
if(mysql_num_rows($q) == 1) {
$p = mysql_fetch_assoc($q);
$q = $pdo->prepare("SELECT fairs_id FROM projects WHERE registrations_id='$registrations_id'");
$q->execute();
if($q->rowCount() == 1) {
$p = $q->fetch(PDO::FETCH_ASSOC);
$r['fairs_id'] = $p['fairs_id'];
}
}
@ -438,8 +480,9 @@ function registration_load()
/* Load fairs */
$fairs = array();
$q = mysql_query("SELECT * FROM fairs WHERE type='feeder'");
while(($f = mysql_fetch_assoc($q))) {
$q = $pdo->prepare("SELECT * FROM fairs WHERE type='feeder'");
$q->execute();
while(($f = $q->fetch(PDO::FETCH_ASSOC))) {
$fairs[$f['id']] = $f;
}
@ -500,40 +543,47 @@ function registration_save()
{
global $registrations_id, $config, $auth_type;
$registration_num = intval($_POST['registration_num']);
$registration_status = mysql_real_escape_string(stripslashes($_POST['registration_status']));
$registration_email = mysql_real_escape_string(stripslashes($_POST['registration_email']));
$registration_status = stripslashes($_POST['registration_status']);
$registration_email = stripslashes($_POST['registration_email']);
$fairs_id = intval($_POST['registration_fair']);
if($registrations_id == -1) {
mysql_query("INSERT INTO registrations (start,schools_id,year) VALUES (
$stmt=$pdo->prepare("INSERT INTO registrations (start,schools_id,year) VALUES (
NOW(), NULL, '{$config['FAIRYEAR']}')");
$registrations_id = mysql_insert_id();
$stmt->execute();
$registrations_id = $pdo->lastInsertId();
/* Create one student and a project */
mysql_query("INSERT INTO students (registrations_id,email,year) VALUES (
$stmt=$pdo->prepare("INSERT INTO students (registrations_id,email,year) VALUES (
$registrations_id, '$registration_email', '{$config['FAIRYEAR']}')");
mysql_query("INSERT INTO projects (registrations_id,year) VALUES (
$stmt->execute();
$stmt=$pdo->prepare("INSERT INTO projects (registrations_id,year) VALUES (
$registrations_id, '{$config['FAIRYEAR']}')");
$stmt->execute();
happy_('Created student and project record');
}
/* Update registration */
mysql_query("UPDATE registrations SET
$stmt = $pdo->prepare("UPDATE registrations SET
num='$registration_num',
status='$registration_status',
email='$registration_email'
WHERE
id='$registrations_id'");
echo mysql_error();
$stmt->execute();
echo $pdo->errorInfo();
/* And the fairs_id, override anythign specified
* if the user is a fair, force their own fairs_id */
if($auth_type == 'fair') $fairs_id = $_SESSION['fairs_id'];
mysql_query("UPDATE projects SET
$stmt = $pdo->prepare("UPDATE projects SET
fairs_id='$fairs_id'
WHERE
registrations_id='$registrations_id'");
echo mysql_error();
$stmt->execute();
echo $pdo->errorInfo();
happy_('Information Saved');
echo "<script language=\"javascript\" type=\"text/javascript\">";
echo "registrations_id=$registrations_id;";

41
admin/tours_assignments.php
View File

@ -30,9 +30,10 @@
/* Load Tours */
$query = "SELECT * FROM tours WHERE
year='{$config['FAIRYEAR']}'";
$r = mysql_query($query);
$r = $pdo->prepare($query);
$r->execute();
$tours = array();
while($i = mysql_fetch_object($r)) {
while($i = $r->fetch(PDO::FETCH_OBJ)) {
$tours[$i->id]['name'] = $i->name;
$tours[$i->id]['num'] = $i->num;
}
@ -42,8 +43,9 @@
$query="SELECT * FROM students WHERE id='$sid'
AND year='{$config['FAIRYEAR']}'";
$r = mysql_query($query);
$i = mysql_fetch_object($r);
$r = $pdo->prepare($query);
$r->execute();
$i = $r->fetch(PDO::FETCH_OBJ);
send_popup_header(i18n('Student Tour Rank Information - %1 %2',
array($i->firstname, $i->lastname)));
@ -51,10 +53,11 @@
WHERE students_id='$sid'
AND year='{$config['FAIRYEAR']}'
ORDER BY rank";
$r = mysql_query($query);
$r = $pdo->prepare($query);
$r->execute();
echo '<table>';
$count = mysql_num_rows($r);
while($i = mysql_fetch_object($r)) {
$count = $r->rowwCount();
while($i = $r->fetch(PDO::FETCH_OBJ)) {
echo '<tr><td align="right">';
if($i->rank == 0) {
echo '<b><nobr>'.i18n('Current Assigned Tour').':</nobr></b>';
@ -152,23 +155,26 @@ function switchinfo()
/* Make sure the student exists */
$sid = intval($sid);
$q = mysql_query("SELECT registrations_id FROM students
$q = $pdo->prepare("SELECT registrations_id FROM students
WHERE id='$sid'");
$i = mysql_fetch_object($q);
$q->execute();
$i = $q->fetch(PDO::FETCH_OBJ);
$rid = $i->registrations_id;
/* Delete any old linking */
mysql_query("DELETE FROM tours_choice WHERE
$stmt = $pdo->prepare("DELETE FROM tours_choice WHERE
students_id='$sid' AND
year='{$config['FAIRYEAR']}' AND
rank='0'");
$stmt->execute();
/* Connect this student to this tour */
mysql_query("INSERT INTO tours_choice
$stmt = $pdo->prepare("INSERT INTO tours_choice
(`students_id`,`registrations_id`,
`tour_id`,`year`,`rank`)
VALUES (
'$sid', '$rid', '$tours_id',
'{$config['FAIRYEAR']}','0')");
$stmt->execute();
$added++;
}
if($added==1) $j=i18n("student");
@ -182,10 +188,11 @@ function switchinfo()
$students_id = intval($_GET['students_id']);
if($_GET['action']=='del' && $tours_id>0 && $students_id>0) {
mysql_query("DELETE FROM tours_choice
$stmt = $pdo->prepare("DELETE FROM tours_choice
WHERE students_id='$students_id'
AND year='{$config['FAIRYEAR']}'
AND rank='0'");
$stmt->execute();
echo happy(i18n("Removed student from tour #%1 (%2)",array($tours[$tours_id]['num'],$tours[$tours_id]['name'])));
@ -193,10 +200,11 @@ function switchinfo()
if($_GET['action']=="empty" && $tours_id>0)
{
mysql_query("DELETE FROM tours_choice WHERE
$stmt=$po->prepare("DELETE FROM tours_choice WHERE
tour_id='$tours_id'
AND year='{$config['FAIRYEAR']}'
AND rank='0'");
$stmt->execute();
echo happy(i18n("Emptied all students from tour #%1 (%2)",array($tours[$tours_id]['num'],$tours[$tours_id]['name'])));
}
@ -241,13 +249,14 @@ function switchinfo()
students.firstname,
tours_choice.rank";
$q=mysql_query($querystr);
$q=$pdo->prepare($querystr);
$q->execute();
echo mysql_error();
echo $pdo->errorInfo();
$student = array();
$last_student_id = -1;
while($r=mysql_fetch_object($q))
while($r=$q->fetch(PDO::FETCH_OBJ))
{
$id = $r->id;
$tours_id = $r->tour_id;

8
admin/tours_manager.php
View File

@ -38,10 +38,12 @@
if($_GET['action'] == 'renumber') {
$q = mysql_query("SELECT id FROM tours WHERE year='{$config['FAIRYEAR']}'");
$q = $pdo->prepare("SELECT id FROM tours WHERE year='{$config['FAIRYEAR']}'");
$q->execute();
$x = 1;
while($i = mysql_fetch_object($q)) {
mysql_query("UPDATE tours SET num='$x' WHERE id='{$i->id}'");
while($i = $q->fetch(PDP::FETCH_OBJ)) {
$stmt = $pdo->prepare("UPDATE tours SET num='$x' WHERE id='{$i->id}'");
$stmt->execute();
$x++;
}
echo happy(i18n('Tours successfully renumbered'));

31
admin/tours_sa.php
View File

@ -44,8 +44,9 @@ TRACE("<pre>");
function set_status($txt)
{
TRACE("Status: $txt\n");
mysql_query("UPDATE config SET val='$txt' WHERE
$stmt = $pdo->prepare("UPDATE config SET val='$txt' WHERE
var='tours_assigner_activity' AND year=0");
$stmt->execute();
}
$set_percent_last_percent = -1;
@ -56,8 +57,9 @@ function set_percent($n)
if($p == $set_percent_last_percent) return;
TRACE("Progress: $p\%\n");
$set_percent_last_percent = $p;
mysql_query("UPDATE config SET val='$p' WHERE
$stmt=$pdo->prepare("UPDATE config SET val='$p' WHERE
var='tours_assigner_percent' AND year=0");
$stmt->execute();
}
set_status("Initializing...");
@ -180,19 +182,21 @@ function tour_cost_function($annealer, $bucket_id, $ids)
set_status("Cleaning existing tour assignments...");
TRACE("\n\n");
$q=mysql_query("DELETE FROM tours_choice
$q=$pdo->prepare("DELETE FROM tours_choice
WHERE year='{$config['FAIRYEAR']}'
AND rank='0'");
$q->execute();
set_status("Loading Data From Database...");
TRACE("\n\n");
TRACE("Tours...\n");
$tours = array();
$q=mysql_query("SELECT * FROM tours WHERE year='{$config['FAIRYEAR']}'");
$q=$pdo->prepare("SELECT * FROM tours WHERE year='{$config['FAIRYEAR']}'");
$q-->execute();
$x=0;
/* Index with $x here, because these need to match up with the bucket ids of
* the annealer */
while($r=mysql_fetch_object($q)) {
while($r=$q->fetch(PDO::FETCH_OBJ)) {
$tours[$x]['capacity'] = $r->capacity;
$tours[$x]['grade_min'] = $r->grade_min;
$tours[$x]['grade_max'] = $r->grade_max;
@ -204,7 +208,7 @@ while($r=mysql_fetch_object($q)) {
$students = array();
TRACE("Loading Students...\n");
$q=mysql_query("SELECT students.id,students.grade,
$q=$pdo->prepare("SELECT students.id,students.grade,
students.registrations_id,
students.schools_id,
students.firstname, students.lastname
@ -217,9 +221,10 @@ $q=mysql_query("SELECT students.id,students.grade,
ORDER BY
students.id
");
$q->execute();
$last_sid = -1;
TRACE(mysql_error());
while($r=mysql_fetch_object($q)) {
TRACE($pdo->errorInfo());
while($r=$q->fetch(PDO::FETCH_OBJ)) {
$sid = $r->id;
$students[$sid]['name'] = $r->firstname.' '.$r->lastname;
$students[$sid]['grade'] = $r->grade;
@ -231,12 +236,13 @@ $student_ids = array_keys($students);
TRACE(" ".(count($student_ids))." students loaded\n");
TRACE("Loading Tour Selection Preferences...\n");
$q=mysql_query("SELECT * FROM tours_choice WHERE
$q=$pdo->prepare("SELECT * FROM tours_choice WHERE
tours_choice.year='{$config['FAIRYEAR']}'
ORDER BY rank ");
TRACE(mysql_error());
$q->execute();
TRACE($pdo->errorInfo());
$x=0;
while($r=mysql_fetch_object($q)) {
while($r=$q->fetch(PDO::FETCH_OBJ)) {
$sid = $r->students_id;
if(!array_key_exists($sid, $students)) continue;
$students[$sid]['rank'][$r->rank] = $r->tour_id;
@ -269,13 +275,14 @@ foreach($tours as $x=>$t) {
$s = $students[$sid];
$tids = implode(' ', $s['rank']);
TRACE(" - {$s['name']} ($tids) (g:{$s['grade']} sid:{$sid} sch:{$s['schools_id']})\n");
mysql_query("INSERT INTO tours_choice
$stmt = $pdo->prepare("INSERT INTO tours_choice
(`students_id`,`registrations_id`,
`tour_id`,`year`,`rank`)
VALUES (
'$sid', '{$s['registrations_id']}',
'{$t['id']}', '{$config['FAIRYEAR']}',
'0')");
$stmt->execute();
}
}

13
admin/tours_sa_config.php
View File

@ -54,14 +54,15 @@ ogram; see the file COPYING. If not, write to
function tours_check_tours()
{
global $config;
$q = mysql_query("SELECT * FROM tours WHERE year='{$config['FAIRYEAR']}'");
return mysql_num_rows($q);
$q = $pdo->prepare("SELECT * FROM tours WHERE year='{$config['FAIRYEAR']}'");
$q->execute();
return $q->rowCount();
}
function tours_check_students()
{
global $config;
$q=mysql_query("SELECT students.id
$q=$pdo->prepare("SELECT students.id
FROM students
LEFT JOIN tours_choice ON (tours_choice.students_id=students.id)
LEFT JOIN registrations ON (registrations.id=students.registrations_id)
@ -72,11 +73,13 @@ ogram; see the file COPYING. If not, write to
ORDER BY
students.id, tours_choice.rank
");
return mysql_num_rows($q);
$q->execute();
return $q->rowCount();
}
if($_GET['action']=="reset") {
mysql_query("UPDATE config SET `val`='-1' WHERE `var`='tours_assigner_percent' AND `year`=0");
$stmt = $pdo->prepare("UPDATE config SET `val`='-1' WHERE `var`='tours_assigner_percent' AND `year`=0");
$stmt->execute();
$config['tours_assigner_percent']=="-1";
echo happy(i18n("Judge assigner status forcibly reset"));
}

18
admin/translations.php
View File

@ -48,14 +48,16 @@ if($_POST['action']=="save") {
//first, delete anything thats supposed to eb deleted
if(count($_POST['delete'])) {
foreach($_POST['delete'] AS $del) {
mysql_query("DELETE FROM translations WHERE lang='".mysql_real_escape_string($_SESSION['translang'])."' AND strmd5='".mysql_real_escape_string($del)."'");
$stmt = $pdo->prepare("DELETE FROM translations WHERE lang='".$_SESSION['translang']."' AND strmd5='".$del."'");
$stmt->execute();
}
echo happy(i18n("Translation(s) deleted"));
}
if($_POST['changedFields']) {
$changed=split(",",$_POST['changedFields']);
foreach($changed AS $ch) {
mysql_query("UPDATE translations SET val='".mysql_escape_string(stripslashes($_POST['val'][$ch]))."' WHERE strmd5='".mysql_real_escape_string($ch)."' AND lang='".mysql_real_escape_string($_SESSION['translang'])."'");
$stmt = $pdo->prepare("UPDATE translations SET val='".stripslashes($_POST['val'][$ch])."' WHERE strmd5='".$ch."' AND lang='".$_SESSION['translang']."'");
}
echo happy(i18n("Translation(s) saved"));
}
@ -67,8 +69,9 @@ echo i18n("Choose a language to manage translations for");
echo "</td><td>";
echo "<form name=\"langswitch\" method=\"get\" action=\"translations.php\">";
echo "<select name=\"translang\" onchange=\"document.forms.langswitch.submit()\">";
$q=mysql_query("SELECT * FROM languages WHERE lang!='en'");
while($r=mysql_fetch_object($q))
$q=$pdo->prepare("SELECT * FROM languages WHERE lang!='en'");
$q->execute();
while($r=$q->fetch(PDO::FETCH_OBJ))
{
if($_SESSION['translang']==$r->lang){ $sel="selected=\"selected\""; $translangname=$r->langname;} else $sel="";
echo "<option $sel value=\"$r->lang\">$r->langname</option>";
@ -98,8 +101,9 @@ echo "<br />";
if($show=="missing") $showquery="AND ( val is null OR val='' )";
else $showquery="";
$q=mysql_query("SELECT * FROM translations WHERE lang='".$_SESSION['translang']."' $showquery ORDER BY str");
$num=mysql_num_rows($q);
$q=$pdo->prepare("SELECT * FROM translations WHERE lang='".$_SESSION['translang']."' $showquery ORDER BY str");
$q->execute();
$num=$q->rowCount();
echo i18n("Showing %1 translation strings",array($num),array("number of strings"));
echo "<form method=\"post\" action=\"translations.php\">";
@ -126,7 +130,7 @@ echo "<tr><th>";
echo "<img border=\"0\" src=\"".$config['SFIABDIRECTORY']."/images/16/button_cancel.".$config['icon_extension']."\">\n";
echo "</th>";
echo "<th>".i18n("English")." / ".$translangname."</th></tr>\n";
while($r=mysql_fetch_object($q))
while($r=$q->fetch(PDO::FETCH_OBJ))
{
echo "<tr>";
echo "<td valign=\"top\" rowspan=\"2\">";

14
admin/user_editor_window.php
View File

@ -85,12 +85,13 @@ $tabs = array( 'fairinfo' => array(
if(array_key_exists('username',$_GET)) {
$username = $_GET['username'];
$type = $_GET['type'];
$un = mysql_escape_string($username);
$q = mysql_query("SELECT id,MAX(year),deleted FROM users WHERE username='$un' GROUP BY uid");
echo mysql_error();
$un = $username;
$q = $pdo->prepare("SELECT id,MAX(year),deleted FROM users WHERE username='$un' GROUP BY uid");
$q->execute();
echo $pdo->errorInfo();
if(mysql_num_rows($q)) {
$r = mysql_fetch_object($q);
if($q->rowCount()) {
$r = $q->fetch(PDO::FETCH_OBJ);
if($r->deleted == 'no') {
/* Load the user */
$u = user_load_by_email($username);
@ -104,7 +105,8 @@ echo mysql_error();
}
} else {
//undelete them?
mysql_query("UPDATE users SET deleted='no' WHERE id='$r->id'");
$stmt = $pdo->prepare("UPDATE users SET deleted='no' WHERE id='$r->id'");
$stmt->execute();
//then load them?
$u = user_load($r->id);
}

10
admin/user_list.php
View File

@ -161,10 +161,11 @@ function update (id)
$user = user_load($id);
// Determine if there is a more recent uid that may possibly be in the current FAIRYEAR (allows refresh page to work)
$query = mysql_query("SELECT id,uid,year FROM users WHERE uid='{$user['uid']}'
$query = $pdo->prepare("SELECT id,uid,year FROM users WHERE uid='{$user['uid']}'
ORDER BY year DESC LIMIT 1");
$query->execute();
$user_new = mysql_fetch_assoc($query);
$user_new = $query->fetch(PDO::FETCH_ASSOC);
// Make sure our user is NOT in the current FAIRYEAR (again, this helps with page refresh to work )
if ($user_new['year'] != $config['FAIRYEAR']) {
@ -174,10 +175,11 @@ function update (id)
message_push(happy(i18n('User Updated')));
//find the newly updated user
$q_reload = mysql_query("SELECT id FROM users WHERE uid='{$user['uid']}'
$q_reload = $pdo->prepare("SELECT id FROM users WHERE uid='{$user['uid']}'
ORDER BY year DESC LIMIT 1");
$q_reload->execute();
$reload_user = mysql_fetch_assoc($q_reload);
$reload_user = $q_reload->fetch(PDO::FETCH_ASSOC);
?>
<script language="javascript" type="text/javascript">

87
admin/winners.php
View File

@ -52,20 +52,23 @@ case 'addwinner':
}
//first check how many we are allowed to have
$q=mysql_query("SELECT number FROM award_prizes WHERE id='$prize_id'");
echo mysql_error();
$r=mysql_fetch_assoc($q);
$q=pdo->prepare("SELECT number FROM award_prizes WHERE id='$prize_id'");
$q->execute();
echo $pdo->errorInfo();
$r=$q->fetch(PDO::FETCH_ASSOC);
$number=$r['number'];
/* Get the award info */
$q = mysql_query("SELECT * FROM award_awards WHERE id='$award_awards_id'");
echo mysql_error();
$a=mysql_fetch_assoc($q);
$q = $pdo->prepare("SELECT * FROM award_awards WHERE id='$award_awards_id'");
$q->execute();
echo $pdo->errorInfo();
$a=$q->fetch(PDO::FETCH_ASSOC);
/* Get the project */
$q = mysql_query("SELECT fairs_id FROM projects WHERE id='$projects_id'");
echo mysql_error();
$p=mysql_fetch_assoc($q);
$q = $pdo->prepare("SELECT fairs_id FROM projects WHERE id='$projects_id'");
$q->execute();
echo $pdo->errorInfo();
$p=$q->fetch(PDO::FETCH_ASSOC);
$fairs_id = $p['fairs_id'];
/* Quick sanity check don't let a fair user do an assignment for someone not
@ -77,24 +80,27 @@ case 'addwinner':
if($a['per_fair'] == 'yes') {
/* Count is the number of this fair already assigned */
$q=mysql_query("SELECT COUNT(*) AS count FROM winners
$q=$pdo->prepare("SELECT COUNT(*) AS count FROM winners
LEFT JOIN projects ON winners.projects_id=projects.id
WHERE
projects.fairs_id='$fairs_id'
awards_prizes_id='$prize_id'");
echo mysql_error();
$r=mysql_fetch_assoc($q);
$q->execute();
echo $pdo->errorInfo();
$r=$q->fetch(PDO::FETCH_ASSOC);
$count=$r['count'];
} else {
/* Count is the total number assigned */
$q=mysql_query("SELECT COUNT(*) AS count FROM winners WHERE awards_prizes_id='$prize_id'");
echo mysql_error();
$r=mysql_fetch_assoc($q);
$q=$pdo->prepare("SELECT COUNT(*) AS count FROM winners WHERE awards_prizes_id='$prize_id'");
$q->execute();
echo $pdo->errorInfo();
$r=$q->fetch(PDO::FETCH_ASSOC);
$count=$r['count'];
}
if($count<$number) {
mysql_query("INSERT INTO winners (awards_prizes_id,projects_id,year) VALUES ('$prize_id','$projects_id','{$config['FAIRYEAR']}')");
$stmt = $pdo->prepare("INSERT INTO winners (awards_prizes_id,projects_id,year) VALUES ('$prize_id','$projects_id','{$config['FAIRYEAR']}')");
$stmt->execute();
happy_("Winning project added");
} else {
error_("This prize cannot accept any more winners. Maximum: %1",$number);
@ -107,14 +113,15 @@ case 'deletewinner':
$projects_id = intval($_GET['projects_id']);
if($prize_id && $projects_id) {
mysql_query("DELETE FROM winners WHERE awards_prizes_id='$prize_id' AND projects_id='$projects_id'");
$stmt = $pdo->prepare("DELETE FROM winners WHERE awards_prizes_id='$prize_id' AND projects_id='$projects_id'");
$stmt->execute();
happy_("Winning project removed");
}
exit;
case 'award_load':
$fairs_id = intval($_GET['fairs_id']);
/* Load the award */
$q=mysql_query("SELECT
$q=$pdo->prepare("SELECT
award_awards.id,
award_awards.name,
award_awards.criteria,
@ -132,14 +139,15 @@ case 'award_load':
AND award_types.year=award_awards.year
AND award_awards.id='$award_awards_id'
");
$q->execute();
echo mysql_error();
echo $pdo->errorInfo();
if(mysql_num_rows($q) != 1) {
if($q->rowCount() != 1) {
echo i18n("Invalid award to load $award_awards_id");
exit;
}
$r=mysql_fetch_assoc($q);
$r=$q->fetch(PDO::FETCH_ASSOC);
print_award($r, $fairs_id);
exit;
@ -150,7 +158,7 @@ case 'edit_load':
// if($auth_type == 'fair') $fairs_id = $_SESSION['fairs_id'];
/* Load the award */
$q=mysql_query("SELECT
$q=$pdo->prepare("SELECT
award_awards.id,
award_awards.name,
award_awards.criteria,
@ -168,15 +176,16 @@ case 'edit_load':
AND award_types.year=award_awards.year
AND award_awards.id='$award_awards_id'
");
$q->execute();
echo mysql_error();
echo $pdo->errorInfo();
if(mysql_num_rows($q) != 1) {
if($q->rowCount() != 1) {
echo i18n("Invalid award to edit $award_awards_id");
exit;
}
$r=mysql_fetch_assoc($q);
$r=$q->fetch(PDO::FETCH_ASSOC);
$editor_data = array();
@ -203,14 +212,16 @@ case 'edit_load':
case 'additional_materials':
$fairs_id = intval($_GET['fairs_id']);
$q = mysql_query("SELECT * FROM award_awards WHERE id='$award_awards_id'");
$q = $pdo->prepare("SELECT * FROM award_awards WHERE id='$award_awards_id'");
$q->execute();
if($fairs_id == 0) {
echo "Unsupported Action: Can't get additional materials for fairs_id=0. Edit the project and set it's fair to anything except 'Local/Unspecified'.";
exit;
}
$a = mysql_fetch_assoc($q);
$q = mysql_query("SELECT * FROM fairs WHERE id='$fairs_id'");
$fair = mysql_fetch_assoc($q);
$a = $q->fetch(PDO::FETCH_ASSOC);
$q = $pdo->prepare("SELECT * FROM fairs WHERE id='$fairs_id'");
$q->execute();
$fair = $q->fetch(PDO::FETCH_ASSOC);
$pdf = fair_additional_materials($fair, $a, $config['FAIRYEAR']);
foreach($pdf['header'] as $h) header($h);
echo $pdf['data'];
@ -423,7 +434,7 @@ echo "<br />";
$fairs_id = ($auth_type == 'fair') ? $_SESSION['fairs_id'] : 0;
while($r=mysql_fetch_assoc($q)) {
while($r=$q->fetch(PDO::FETCH_ASSOC)) {
if($r['per_fair'] == 'yes' && $auth_type != 'fair') {
?> <?=$r['type']?> - <?=$r['name']?>
<span style="font-size: 0.8em; font-style: italic;">(<?=$r['organization']?>)</span><br />
@ -472,7 +483,7 @@ function print_award(&$r, $fairs_id, $editor=false, $editor_data=array())
/* Load prizes for this award */
$q=mysql_query("SELECT
$q=$pdo->prepare("SELECT
award_prizes.prize,
award_prizes.number,
award_prizes.id,
@ -485,11 +496,12 @@ function print_award(&$r, $fairs_id, $editor=false, $editor_data=array())
AND award_prizes.year='{$config['FAIRYEAR']}'
ORDER BY
`order`");
echo mysql_error();
$q->execute();
echo $pdo->errorInfo();
echo "<table width=\"100%\"><tr><td>";
$has_winners = false;
while($pr=mysql_fetch_object($q)) {
while($pr=$q->fetch(PDO::FETCH_OBJ)) {
if($editor == true) {
echo '<br /><hr />';
@ -508,7 +520,7 @@ function print_award(&$r, $fairs_id, $editor=false, $editor_data=array())
}
/* Load winners for this prize */
$cq=mysql_query("SELECT winners.projects_id,
$cq=$pdo->prepare("SELECT winners.projects_id,
projects.projectnumber,
projects.title,
projects.fairs_id
@ -518,8 +530,9 @@ function print_award(&$r, $fairs_id, $editor=false, $editor_data=array())
WHERE
winners.awards_prizes_id='{$pr->id}'
$fairs_where ");
echo mysql_error();
$count = mysql_num_rows($cq);
$cq->execute();
echo $pdo->errorInfo();
$count = $cq->rowCount();
// echo "winners=$count";
/* Print count */
@ -531,7 +544,7 @@ function print_award(&$r, $fairs_id, $editor=false, $editor_data=array())
/* List current winners for this prize */
$winners = array();
while($w = mysql_fetch_assoc($cq)) {
while($w = $cq->fetch(PDO::FETCH_ASSOC)) {
if($w['projectnumber']) {
echo "&nbsp;&nbsp;&nbsp;&nbsp;";
if($editor == true) {