arman/science-ation
1
1
Fork 0
forked from science-ation/science-ation
Code Pull Requests Activity

Mysql conversion

Browse Source
This commit is contained in:
Armanveer Gill 2024-12-10 19:40:23 -05:00
parent bf8a23fc85
commit f7c6c506a1
41 changed files with 855 additions and 612 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
admin/judges_scheduler_status_output.php
View File

@ -2,12 +2,14 @@
include "../data/config.inc.php";
mysql_connect($DBHOST,substr($DBUSER,0,16),$DBPASS);
mysql_select_db($DBNAME);
$q=mysql_query("SELECT val FROM config WHERE year='0' AND var='judge_scheduler_percent'");
$r=mysql_fetch_object($q);
$q=$pdo->prepare("SELECT val FROM config WHERE year='0' AND var='judge_scheduler_percent'");
$q->execute();
$r=$q->fetch(PDO::FETCH_OBJ);
$percent=$r->val;
$q=mysql_query("SELECT val FROM config WHERE year='0' AND var='judge_scheduler_activity'");
$r=mysql_fetch_object($q);
$q=$pdo->prepare("SELECT val FROM config WHERE year='0' AND var='judge_scheduler_activity'");
$q->execute();
$r=$q->fetch(PDO::FETCH_OBJ);
$status=$r->val;
echo "$percent:$status\n";

2
admin/reports_students.inc.php
View File

@ -247,7 +247,7 @@ $report_students_fields = array(
'group_by' => array('students.registrations_id')),
'allnames_split' => array(
'name' => "Student -- All Student Names (REQUIRES MYSQL 5.0) (Split) ",
'name' => "Student -- All Student Names (REQUIRES 5.0) (Split) ",
'header' => 'Student(s)',
'width' => 3.0,
'scalable' => true,

10
admin/tours_sa_status.php
View File

@ -28,12 +28,14 @@ ogram; see the file COPYING. If not, write to
include "../data/config.inc.php";
mysql_connect($DBHOST,substr($DBUSER,0,16),$DBPASS);
mysql_select_db($DBNAME);
$q=mysql_query("SELECT val FROM config WHERE year='0' AND var='tours_assigner_percent'");
$r=mysql_fetch_object($q);
$q=$pdo->prepare("SELECT val FROM config WHERE year='0' AND var='tours_assigner_percent'");
$q->execute();
$r=$q->fetch(PDO::FETCH_OBJ);
$percent=$r->val;
$q=mysql_query("SELECT val FROM config WHERE year='0' AND var='tours_assigner_activity'");
$r=mysql_fetch_object($q);
$q=$pdo->prepare("SELECT val FROM config WHERE year='0' AND var='tours_assigner_activity'");
$q->execute();
$r=$q->fetch(PDO::FETCH_OBJ);
$status=$r->val;
echo "$percent:$status\n";

18
app/projectinfo.php
View File

@ -24,14 +24,15 @@
require("../common.inc.php");
//first, lets make sure someone isng tryint to see something that they arent allowed to!
$q=mysql_query("SELECT (NOW()>='".$config['dates']['postparticipants']."') AS test");
$r=mysql_fetch_object($q);
$q=$pdo->prepare("SELECT (NOW()>='".$config['dates']['postparticipants']."') AS test");
$q->execute();
$r=$q->fetch(PDO::FETCH_OBJ);
$pn=trim(mysql_real_escape_string($_GET['n']));
$pn=trim($_GET['n']);
if($r->test) {
$q=mysql_query("SELECT
$q=$pdo->prepare("SELECT
registrations.id AS reg_id,
registrations.status,
projects.title,
@ -55,14 +56,15 @@
AND projects.projectnumber='$pn'
LIMIT 1
");
echo mysql_error();
$r=mysql_fetch_assoc($q);
echo $pdo->errorInfo();
$r=$q->fetch(PDO::FETCH_ASSOC);
$regid=$r['reg_id'];
$q2=mysql_query("SELECT firstname,lastname,webfirst,weblast,schools.school FROM students JOIN schools ON students.schools_id=schools.id WHERE registrations_id='$regid' ORDER BY lastname");
$q2=$pdo->prepare("SELECT firstname,lastname,webfirst,weblast,schools.school FROM students JOIN schools ON students.schools_id=schools.id WHERE registrations_id='$regid' ORDER BY lastname");
$q2->execute();
$students="";
while($stud=mysql_fetch_object($q2)) {
while($stud=$q2->fetch(PDO::FETCH_OBJ)) {
if($stud->webfirst=="yes")
$students.="$stud->firstname ";

12
app/projectlist.php
View File

@ -24,12 +24,13 @@
require("../common.inc.php");
//first, lets make sure someone isnt trying to see something that they arent allowed to!
$q=mysql_query("SELECT (NOW()>='".$config['dates']['postparticipants']."') AS test");
$r=mysql_fetch_object($q);
$q=$pdo->prepare("SELECT (NOW()>='".$config['dates']['postparticipants']."') AS test");
$q->execute();
$r=$q->fetch(PDO::FETCH_OBJ);
if($r->test) {
$q=mysql_query("SELECT registrations.id AS reg_id,
$q=$pdo->prepare("SELECT registrations.id AS reg_id,
registrations.status,
projects.title,
projects.projectnumber,
@ -54,11 +55,12 @@
projectdivisions.id,
projects.projectnumber
");
echo mysql_error();
$q->execute();
echo $pdo->errorInfo();
$lastcat="something_that_does_not_exist";
$lastdiv="something_that_does_not_exist";
while($r=mysql_fetch_object($q)) {
while($r=$q->fetch(PDO::FETCH_OBJ)) {
if(!$r->title) $t="{no title}";
else $t=$r->title;

12
app/projects.php
View File

@ -24,14 +24,15 @@
require("../common.inc.php");
//first, lets make sure someone isnt trying to see something that they arent allowed to!
$q=mysql_query("SELECT (NOW()>='".$config['dates']['postparticipants']."') AS test");
$r=mysql_fetch_object($q);
$q=$pdo->prepare("SELECT (NOW()>='".$config['dates']['postparticipants']."') AS test");
$q->execute();
$r=$q->fetch(PDO::FETCH_OBJ);
$ret=array();
if($r->test) {
$ret['status']="ok";
$q=mysql_query("SELECT registrations.id AS reg_id,
$q=$pdo->prepare("SELECT registrations.id AS reg_id,
registrations.status,
projects.id AS projects_id,
projects.title,
@ -57,12 +58,13 @@
projectdivisions.id,
projects.projectnumber
");
echo mysql_error();
$q->execute();
echo $pdo->errorInfo();
$lastcat="something_that_does_not_exist";
$lastdiv="something_that_does_not_exist";
$projects=array();
while($r=mysql_fetch_object($q)) {
while($r=$q->fetch(PDO::fETCH_OBJ)) {
if(!$r->title) $t="{no title}";
else $t=$r->title;

65
config/backuprestore.php
View File

@ -40,23 +40,26 @@ $dump.="#SFIAB DB VERSION: ".$config['DBVERSION']."\n";
$dump.="#SFIAB FAIR NAME: ".$config['fairname']."\n";
$dump.="#-------------------------------------------------\n";
$tableq=mysql_query("SHOW TABLES FROM `$DBNAME`");
while($tr=mysql_fetch_row($tableq)) {
$tableq=$pdo->prepare("SHOW TABLES FROM `$DBNAME`");
$tableq->execute();
while($tr=$tableq->fetch(PDO::FETCH_NUM)) {
$table=$tr[0];
$dump.="#TABLE: $table\n";
$columnq=mysql_query("SHOW COLUMNS FROM `$table`");
$columnq=$pdo->prepare("SHOW COLUMNS FROM `$table`");
$columnq->execute();
$str="INSERT INTO `$table` (";
unset($fields);
$fields=array();
while($cr=mysql_fetch_object($columnq)) {
while($cr=$columnq->fetch(PDO:;FETCH_OBJ)) {
$str.="`".$cr->Field."`,";
$fields[]=$cr->Field;
}
$str=substr($str,0,-1);
$str.=") VALUES (";
$dataq=mysql_query("SELECT * FROM `$table` ORDER BY `{$fields[0]}`");
while($data=mysql_fetch_object($dataq)) {
$dataq=$pdo->prepare("SELECT * FROM `$table` ORDER BY `{$fields[0]}`");
$dataq->execute();
while($data=$dataq->fetch(PDO::FETCH_OBJ)) {
$insertstr=$str;
foreach($fields AS $field) {
if(is_null($data->$field))
@ -167,18 +170,22 @@ else if($_POST['action']=="restoreproceed") {
//empty out the table
$sql="TRUNCATE TABLE `".$args[1]."`";
// echo $sql."\n";
mysql_query($sql);
}
$stmt = $pdo->prepare($sql);
$stmt->execute();
}
else if(mb_ereg("^#",$line)) {
//just skip it
}
else
{
//insert the new data
mysql_query($line);
if(mysql_error()) {
$stmt = $pdo->prepare($line);
$stmt->execute();
if($pdo->errorInfo()) {
echo $line."\n";
echo mysql_error()."\n";
echo $pdo->errorInfo()."\n";
$err=true;
}
}
@ -203,11 +210,12 @@ else if($_POST['action']=="restoreproceed") {
else if ($_POST['action'] == 'clean_judges') {
//select all judges
$query = mysql_query('SELECT * FROM users WHERE types LIKE "judge"');
echo mysql_error();
$query = $pdo->prepare('SELECT * FROM users WHERE types LIKE "judge"');
$query->execute();
echo $pdo->errorInfo();
// Go through each judge and test:
while($judge = mysql_fetch_assoc($query)){
while($judge = $query->fetch(PDO::FETCH_ASSOC)){
//if they are deleted
if ($judge['deleted'] == 'yes') {
@ -222,16 +230,17 @@ else if ($_POST['action'] == 'clean_judges') {
else{
// Find max year of judge
$max_year_query = mysql_query('SELECT year FROM users WHERE uid = '. $judge['uid'] .' ORDER BY year DESC limit 1');
$judge_max_year = mysql_fetch_assoc($max_year_query);
$max_year_query = $pdo->prepare('SELECT year FROM users WHERE uid = '. $judge['uid'] .' ORDER BY year DESC limit 1');
$max_year_query->execute();
$judge_max_year = $max_year_query->fetch(PDO::FETCH_ASSOC);
// Grab old judge info.
// Old judge info consists of all entries in the database that are not the most recent for the specific judge
$deletable = mysql_query('SELECT * FROM users WHERE uid ='. $judge['uid'] .' AND year NOT LIKE '.$judge_max_year['year']);
$deletable = $pdo->prepare('SELECT * FROM users WHERE uid ='. $judge['uid'] .' AND year NOT LIKE '.$judge_max_year['year']);
$deletable->execute();
// and if they have old data from previous fair years
if (mysql_num_rows($deletable) > 0){
if ($deletable->rowCount() > 0){
// delete old data one by one
while ($old_judge_data = mysql_fetch_assoc($deletable)){
while ($old_judge_data = $deletable->fetch(PDO::FETCH_ASSOC)){
if (!is_array($old_judge_data['type'])){
$old_judge_data['types'] = array($old_judge_data['types']);
}
@ -250,9 +259,10 @@ else if ($_POST['action'] == 'clean_judges') {
,"backup_restore"
);
mysql_query("OPTIMIZE TABLE users, users_judge");
$stmt = $pdo->prepare("OPTIMIZE TABLE users, users_judge");
$stmt->execute();
$str = mysql_error();
$str = $pdo->errorInfo();
echo $str;
@ -265,9 +275,9 @@ else if ($_POST['action'] == 'clean_judges') {
}
else if ($_POST['action'] == 'clean_parents') {
$query_parents = mysql_query('SELECT * FROM users WHERE types LIKE "parent" AND year !='.$config['FAIRYEAR']);
while($parent = mysql_fetch_assoc($query_parents)){
$query_parents = $pdo->prepare('SELECT * FROM users WHERE types LIKE "parent" AND year !='.$config['FAIRYEAR']);
$query_parents->execute();
while($parent = $query_parents->fetch(PDO::FETCH_ASSOC)){
if (!is_array($parent['types'])){
$parent['types'] = array($parent['types']);
@ -283,9 +293,10 @@ else if ($_POST['action'] == 'clean_parents') {
,"backup_restore"
);
mysql_query("OPTIMIZE TABLE users, users_parent");
$stmt = $pdo->prepare("OPTIMIZE TABLE users, users_parent");
$stmt->execute();
$str = mysql_error();
$str = $pdo->errorInfo();
echo $str;

40
config/categories.php
View File

@ -31,7 +31,7 @@
array('Committee Main' => 'committee_main.php',
'SFIAB Configuration' => 'config/index.php',
'Age Categories' => 'config/categories.php'),"project_age_categories");
} else {
} else
send_header("Age Categories",
array('Committee Main' => 'committee_main.php',
'SFIAB Configuration' => 'config/index.php'),"project_age_categories");
@ -42,22 +42,24 @@
//ues isset($_POST['mingrade']) instead of just $_POST['mingrade'] to allow entering 0 for kindergarden
if($_POST['id'] && $_POST['category'] && isset($_POST['mingrade']) && $_POST['maxgrade'])
{
$q=mysql_query("SELECT id FROM projectcategories WHERE id='".$_POST['id']."' AND year='".$config['FAIRYEAR']."'");
echo mysql_error();
if(mysql_num_rows($q) && $_POST['saveid']!=$_POST['id'])
$q=$pdo->prepare("SELECT id FROM projectcategories WHERE id='".$_POST['id']."' AND year='".$config['FAIRYEAR']."'");
$q->execute();
echo $pdo->errorInfo();
if($q->rowCount() && $_POST['saveid']!=$_POST['id'])
{
echo error(i18n("Category ID %1 already exists",array($_POST['id']),array("category ID")));
}
else
{
mysql_query("UPDATE projectcategories SET ".
$stmt = $pdo->prepare("UPDATE projectcategories SET ".
"id='".$_POST['id']."', ".
"category='".mysql_escape_string(stripslashes($_POST['category']))."', ".
"category_shortform='".mysql_escape_string(stripslashes($_POST['category_shortform']))."', ".
"category='".stripslashes($_POST['category'])."', ".
"category_shortform='".stripslashes($_POST['category_shortform'])."', ".
"mingrade='".$_POST['mingrade']."', ".
"maxgrade='".$_POST['maxgrade']."' ".
"WHERE id='".$_POST['saveid']."'");
echo happy(i18n("Category successfully saved"));
$stmt->execute();
}
}
else
@ -71,21 +73,24 @@
//ues isset($_POST['mingrade']) instead of just $_POST['mingrade'] to allow entering 0 for kindergarden
if($_POST['id'] && $_POST['category'] && isset($_POST['mingrade']) && $_POST['maxgrade'])
{
$q=mysql_query("SELECT id FROM projectcategories WHERE id='".$_POST['id']."' AND year='".$config['FAIRYEAR']."'");
if(mysql_num_rows($q))
$q=$pdo->prepare("SELECT id FROM projectcategories WHERE id='".$_POST['id']."' AND year='".$config['FAIRYEAR']."'");
$q->execute();
if($q->rowCount())
{
echo error(i18n("Category ID %1 already exists",array($_POST['id']),array("category ID")));
}
else
{
mysql_query("INSERT INTO projectcategories (id,category,category_shortform,mingrade,maxgrade,year) VALUES ( ".
$pdo->prepare("INSERT INTO projectcategories (id,category,category_shortform,mingrade,maxgrade,year) VALUES ( ".
"'".$_POST['id']."', ".
"'".mysql_escape_string(stripslashes($_POST['category']))."', ".
"'".mysql_escape_string(stripslashes($_POST['category_shortform']))."', ".
"'".stripslashes($_POST['category'])."', ".
"'".stripslashes($_POST['category_shortform'])."', ".
"'".$_POST['mingrade']."', ".
"'".$_POST['maxgrade']."', ".
"'".$config['FAIRYEAR']."')");
$pdo->execute();
echo happy(i18n("Category successfully added"));
}
}
else
@ -98,9 +103,11 @@
{
//###### Feature Specific - filtering divisions by category - not conditional, cause even if they have the filtering turned off..if any links
//for this division exist they should be deleted
mysql_query("DELETE FROM projectcategoriesdivisions_link where projectcategories_id='".$_GET['remove']."' AND year='".$config['FAIRYEAR']."'");
$stmt = $pdo->prepare("DELETE FROM projectcategoriesdivisions_link where projectcategories_id='".$_GET['remove']."' AND year='".$config['FAIRYEAR']."'");
$stmt->execute();
//####
mysql_query("DELETE FROM projectcategories WHERE id='".$_GET['remove']."' AND year='".$config['FAIRYEAR']."'");
$stmt = $pdo->prepare("DELETE FROM projectcategories WHERE id='".$_GET['remove']."' AND year='".$config['FAIRYEAR']."'");
$stmt->execute();
echo happy(i18n("Category successfully removed"));
}
@ -125,8 +132,9 @@
if($_GET['action']=="edit")
{
echo "<input type=\"hidden\" name=\"saveid\" value=\"".$_GET['edit']."\">\n";
$q=mysql_query("SELECT * FROM projectcategories WHERE id='".$_GET['edit']."' AND year='".$config['FAIRYEAR']."'");
$categoryr=mysql_fetch_object($q);
$q=$pdo->prepare("SELECT * FROM projectcategories WHERE id='".$_GET['edit']."' AND year='".$config['FAIRYEAR']."'");
$q->execute();
$categoryr=$q->fetch(PDO::FETCH_OBJ);
$buttontext="Save";
}
else if($_GET['action']=="new")

18
config/dates.php
View File

@ -53,10 +53,11 @@ $error_ids = array();
if($_POST['savedates']) {
foreach($_POST['savedates'] as $key=>$val) {
//put the date and time back together
$d = mysql_escape_string(stripslashes($val));
$t =mysql_escape_string(stripslashes($_POST['savetimes'][$key]));
$d = stripslashes($val);
$t =stripslashes($_POST['savetimes'][$key]);
$v="$d $t";
mysql_query("UPDATE dates SET date='$v' WHERE year='".$config['FAIRYEAR']."' AND id='$key'");
$stmt = $pdo->prepare("UPDATE dates SET date='$v' WHERE year='".$config['FAIRYEAR']."' AND id='$key'");
$stmt->execute();
}
}
echo happy(i18n("Dates successfully saved"));
@ -128,13 +129,14 @@ foreach($dates as $dn=>$d) {
if(!$d['id']) {
$def=$defaultdates[$dn];
//hmm if we dont have a record for this date this year, INSERT the sql from the default
mysql_query("INSERT INTO dates (date,name,description,year) VALUES (
'".mysql_real_escape_string($def->date)."',
'".mysql_real_escape_string($dn)."',
'".mysql_real_escape_string($def->description)."',
$stmt = $pdo->prepare("INSERT INTO dates (date,name,description,year) VALUES (
'".$def->date."',
'".$dn."',
'".$def->description."',
'".$config['FAIRYEAR']."'
)");
$d['id']=mysql_insert_id();
$stmt->execute();
$d['id']=$pdo->lastInsertId();
$d['description']=$def->description;
$d['date']=$def->date;
}

62
config/divisions.php
View File

@ -44,31 +44,34 @@ if($_GET['action']=="edit" || $_GET['action']=="new") {
{
if($_POST['id'] && $_POST['division'] )
{
$q=mysql_query("SELECT id FROM projectdivisions WHERE id='".$_POST['id']."' AND year='".$config['FAIRYEAR']."'");
if(mysql_num_rows($q) && $_POST['saveid']!=$_POST['id'])
$q=$pdo->prepare("SELECT id FROM projectdivisions WHERE id='".$_POST['id']."' AND year='".$config['FAIRYEAR']."'");
$q->execute();
if($q->rowCount() && $_POST['saveid']!=$_POST['id'])
{
echo error(i18n("Division ID %1 already exists",array($_POST['id']),array("division ID")));
}
else
{
mysql_query("UPDATE projectdivisions SET ".
$stmt = $pdo->prepare("UPDATE projectdivisions SET ".
"id='".$_POST['id']."', ".
"division='".mysql_escape_string(stripslashes($_POST['division']))."', ".
"division_shortform='".mysql_escape_string(stripslashes($_POST['division_shortform']))."' ".
"division='".stripslashes($_POST['division'])."', ".
"division_shortform='".stripslashes($_POST['division_shortform'])."' ".
"WHERE id='".$_POST['saveid']."' AND year='{$config['FAIRYEAR']}'");
$stmt->execute();
//###### Feature Specific - filtering divisions by category
if($config['filterdivisionbycategory']=="yes"){
mysql_query("DELETE FROM projectcategoriesdivisions_link WHERE projectdivisions_id='".$_POST['saveid']."' AND year='".$config['FAIRYEAR']."'");
$stmt = $pdo->prepare("DELETE FROM projectcategoriesdivisions_link WHERE projectdivisions_id='".$_POST['saveid']."' AND year='".$config['FAIRYEAR']."'");
$stmt->execute();
if(is_array($_POST['divcat']))
{
foreach($_POST['divcat'] as $tempcat)
{
mysql_query("INSERT INTO projectcategoriesdivisions_link (projectdivisions_id,projectcategories_id,year) VALUES ( ".
$stmt = $pdo->prepare("INSERT INTO projectcategoriesdivisions_link (projectdivisions_id,projectcategories_id,year) VALUES ( ".
"'".$_POST['id']."', ".
"'".$tempcat."', ".
"'".$config['FAIRYEAR']."') ");
$stmt->execute();
}
}
}
@ -87,26 +90,29 @@ if($_GET['action']=="edit" || $_GET['action']=="new") {
{
if($_POST['id'] && $_POST['division'])
{
$q=mysql_query("SELECT id FROM projectdivisions WHERE id='".$_POST['id']."' AND year='".$config['FAIRYEAR']."'");
if(mysql_num_rows($q))
$q=$pdo->prepare("SELECT id FROM projectdivisions WHERE id='".$_POST['id']."' AND year='".$config['FAIRYEAR']."'");
$q->execute();
if($q->rowCount())
{
echo error(i18n("Division ID %1 already exists",array($_POST['id']),array("division ID")));
}
else
{
mysql_query("INSERT INTO projectdivisions (id,division,division_shortform,year) VALUES ( ".
$stmt = $pdo->prepare("INSERT INTO projectdivisions (id,division,division_shortform,year) VALUES ( ".
"'".$_POST['id']."', ".
"'".mysql_escape_string(stripslashes($_POST['division']))."', ".
"'".mysql_escape_string(stripslashes($_POST['division_shortform']))."', ".
"'".stripslashes($_POST['division'])."', ".
"'".stripslashes($_POST['division_shortform'])."', ".
"'".$config['FAIRYEAR']."') ");
$stmt->execute();
//###### Feature Specific - filtering divisions by category
if($config['filterdivisionbycategory']=="yes"){
foreach($_POST['divcat'] as $tempcat){
mysql_query("INSERT INTO projectcategoriesdivisions_link (projectdivisions_id,projectcategories_id,year) VALUES ( ".
$stmt = $pdo->prepare("INSERT INTO projectcategoriesdivisions_link (projectdivisions_id,projectcategories_id,year) VALUES ( ".
"'".$tempcat."', ".
"'".$config['FAIRYEAR']."') ");
$stmt->execute();
}
}
//#######
@ -123,8 +129,10 @@ if($_GET['action']=="edit" || $_GET['action']=="new") {
{
//###### Feature Specific - filtering divisions by category - not conditional, cause even if they have the filtering turned off..if any links
//for this division exist they should be deleted
mysql_query("DELETE FROM projectcategoriesdivisions_link where projectdivisions_id='".$_GET['remove']."' AND year='".$config['FAIRYEAR']."'");
mysql_query("DELETE FROM projectdivisions WHERE id='".$_GET['remove']."' AND year='".$config['FAIRYEAR']."'");
$stmt = $pdo->prepare("DELETE FROM projectcategoriesdivisions_link where projectdivisions_id='".$_GET['remove']."' AND year='".$config['FAIRYEAR']."'");
$stmt->execute();
$stmt = $pdo->prepare("DELETE FROM projectdivisions WHERE id='".$_GET['remove']."' AND year='".$config['FAIRYEAR']."'");
$stmt->execute();
echo happy(i18n("Division successfully removed"));
}
@ -151,8 +159,9 @@ if($_GET['action']=="edit" || $_GET['action']=="new") {
if($_GET['action']=="edit")
{
echo "<input type=\"hidden\" name=\"saveid\" value=\"".$_GET['edit']."\">\n";
$q=mysql_query("SELECT * FROM projectdivisions WHERE id='".$_GET['edit']."' AND year='".$config['FAIRYEAR']."'");
$divisionr=mysql_fetch_object($q);
$q=$pdo->prepare("SELECT * FROM projectdivisions WHERE id='".$_GET['edit']."' AND year='".$config['FAIRYEAR']."'");
$q->execute();
$divisionr=$q->fetch(PDO::FETCH_OBJ);
$buttontext="Save";
}
else if($_GET['action']=="new")
@ -167,11 +176,13 @@ if($_GET['action']=="edit" || $_GET['action']=="new") {
//###### Feature Specific - filtering divisions by category
if($config['filterdivisionbycategory']=="yes"){
echo " <td>";
$q=mysql_query("SELECT * FROM projectcategories WHERE year='".$config['FAIRYEAR']."' ORDER BY mingrade");
while($categoryr=mysql_fetch_object($q)){
$q=$pdo->prepare("SELECT * FROM projectcategories WHERE year='".$config['FAIRYEAR']."' ORDER BY mingrade");
$q->execute();
while($categoryr=$q->fetch(PDO::FETCH_OBJ)){
$query="SELECT * FROM projectcategoriesdivisions_link WHERE projectdivisions_id=".$divisionr->id." AND projectcategories_id=".$categoryr->id." AND year='".$config['FAIRYEAR']."'";
$t=mysql_query($query);
if($t && mysql_num_rows($t)>0)
$t=$pdo->prepare($query);
$t->execute();
if($t && $t->rowCount()>0)
echo "<nobr><input type=\"checkbox\" name=\"divcat[]\" value=\"$categoryr->id\" checked=\"checked\" /> $categoryr->category</nobr><br/>";
else
echo "<nobr><input type=\"checkbox\" name=\"divcat[]\" value=\"$categoryr->id\" /> $categoryr->category</nobr><br/>";
@ -195,18 +206,19 @@ if($_GET['action']=="edit" || $_GET['action']=="new") {
//###### Feature Specific - filtering divisions by category
if($config['filterdivisionbycategory']=="yes"){
$c=mysql_query("SELECT category FROM projectcategoriesdivisions_link, projectcategories
$c=$pdo->prepare("SELECT category FROM projectcategoriesdivisions_link, projectcategories
WHERE projectcategoriesdivisions_link.projectcategories_id = projectcategories.id
AND projectdivisions_id='$r->id'
AND projectcategoriesdivisions_link.year='".$config['FAIRYEAR']."'
AND projectcategories.year='".$config['FAIRYEAR']."'
ORDER BY projectcategories.mingrade");
echo mysql_error();
$c->execute();
echo $pdo->errorInfo();
if(!$c){
$tempcat="&nbsp;";
}else{
$tempcat="";
while($categoryr=mysql_fetch_object($c)){
while($categoryr=$c->fetch(PDO::FETCH_OBJ){
$tempcat.=",".$categoryr->category;
}
$tempcat=substr($tempcat,1);

8
config/divisions_cwsf.php
View File

@ -36,7 +36,8 @@
{
foreach($_POST['cwsfdivision'] AS $k=>$v)
{
mysql_query("UPDATE projectdivisions SET cwsfdivisionid='$v' WHERE id='$k' AND year='".$config['FAIRYEAR']."'");
$stmt = $pdo->prepare("UPDATE projectdivisions SET cwsfdivisionid='$v' WHERE id='$k' AND year='".$config['FAIRYEAR']."'");
$stmt->execute();
}
echo happy(i18n("Corresponding CWSF divisions saved"));
}
@ -54,8 +55,9 @@ echo "<br />";
echo "<th>".i18n("Corresponding CWSF Division")."</th>\n";
echo "</tr>";
$q=mysql_query("SELECT * FROM projectdivisions WHERE year='".$config['FAIRYEAR']."' ORDER BY id");
while($r=mysql_fetch_object($q))
$q=$pdo->prepare("SELECT * FROM projectdivisions WHERE year='".$config['FAIRYEAR']."' ORDER BY id");
$q->execute();
while($r=$q->fetch(PDO::FETCH_OBJ))
{
echo "<tr>";
echo " <td>".i18n($r->division)."</td>";

5
config/languagepacks.php
View File

@ -109,8 +109,9 @@
if(substr($line,0,6)=="UPDATE" || substr($line,0,6)=="INSERT")
{
mysql_query($line);
$a=mysql_affected_rows();
$stmt = $pdo->prepare($line);
$stmt->execute();
$a=$pdo->rowwCount();
$loaded+=$a;
}
else

27
config/pagetexts.php
View File

@ -57,16 +57,17 @@ $q = $pdo->prepare("SELECT * FROM pagetext WHERE year='-1' ORDER BY textname");
{
foreach($config['languages'] AS $lang=>$langname) {
$textvar="text_$lang";
$text=mysql_escape_string(stripslashes($_POST[$textvar]));
$text=stripslashes($_POST[$textvar]);
mysql_query("UPDATE pagetext
$stmt = $pdo->prepare("UPDATE pagetext
SET
lastupdate=NOW(),
text='$text'
WHERE
textname='".mysql_escape_string($_POST['textname'])."'
textname='".$_POST['textname']."'
AND year='".$config['FAIRYEAR']."'
AND lang='$lang'");
$stmt->execute();
}
echo happy(i18n("Page texts successfully saved"));
@ -74,9 +75,10 @@ $q = $pdo->prepare("SELECT * FROM pagetext WHERE year='-1' ORDER BY textname");
if($_GET['textname'])
{
$q=mysql_query("SELECT * FROM pagetext WHERE textname='".mysql_escape_string($_GET['textname'])."' AND year='".$config['FAIRYEAR']."'");
$q=$pdo->prepare("SELECT * FROM pagetext WHERE textname='".$_GET['textname']."' AND year='".$config['FAIRYEAR']."'");
$q->execute();
//needs to be at least one entry in any languages
if($r=mysql_fetch_object($q))
if($r=$q->fetch(PDO::FETCH_OBJ))
{
echo "<form method=\"post\" action=\"pagetexts.php\">";
echo "<input type=\"hidden\" name=\"action\" value=\"save\">\n";
@ -84,13 +86,15 @@ $q = $pdo->prepare("SELECT * FROM pagetext WHERE year='-1' ORDER BY textname");
foreach($config['languages'] AS $lang=>$langname) {
$q=mysql_query("SELECT * FROM pagetext WHERE textname='".mysql_escape_string($_GET['textname'])."' AND year='".$config['FAIRYEAR']."' AND lang='$lang'");
$r=mysql_fetch_object($q);
$q=$pdo->prepare("SELECT * FROM pagetext WHERE textname='".$_GET['textname']."' AND year='".$config['FAIRYEAR']."' AND lang='$lang'");
$q->execute();
$r=$q->fetch(PDO::FETCH_OBJ);
if(!$r)
{
mysql_query("INSERT INTO pagetext (textname,year,lang) VALUES ('".mysql_escape_string($_GET['textname'])."','".$config['FAIRYEAR']."','$lang')");
echo mysql_error();
$stmt = $pdo->prepare("INSERT INTO pagetext (textname,year,lang) VALUES ('".$_GET['textname']."','".$config['FAIRYEAR']."','$lang')");
$stmt->execute();
echo $pdo->errorInfo();
}
if($r->lastupdate=="0000-00-00 00:00:00" || !$r->lastupdate) $lastupdate="Never";
@ -129,9 +133,10 @@ $q = $pdo->prepare("SELECT * FROM pagetext WHERE year='-1' ORDER BY textname");
echo i18n("Choose a page text to edit");
echo "<table class=\"summarytable\">";
$q=mysql_query("SELECT * FROM pagetext WHERE year='".$config['FAIRYEAR']."' AND lang='".$config['default_language']."' ORDER BY textname");
$q=$pdo->prepare("SELECT * FROM pagetext WHERE year='".$config['FAIRYEAR']."' AND lang='".$config['default_language']."' ORDER BY textname");
$q->execute();
echo "<tr><th>".i18n("Page Text Description")."</th><th>".i18n("Last Update")."</th></tr>";
while($r=mysql_fetch_object($q))
while($r=$q->fetch(PDO::FETCH_OBJ))
{
echo "<tr><td><a href=\"pagetexts.php?textname=$r->textname\">$r->textdescription</a></td>";
if($r->lastupdate=="0000-00-00 00:00:00") $lastupdate="Never";

281
config/rollover.php
View File

@ -63,8 +63,9 @@
*/
/* Get field list for this table */
$q = mysql_query("SHOW COLUMNS IN `$table`");
while(($c = mysql_fetch_assoc($q))) {
$q = $pdo->prepare("SHOW COLUMNS IN `$table`");
$q->execute();
while(($c = $q->fech(PDDO::FETCH_ASSOC))) {
$col[$c['Field']] = $c;
}
@ -83,23 +84,25 @@
if($where == '') $where='1';
/* Get data */
$q=mysql_query("SELECT * FROM $table WHERE year='$currentfairyear' AND $where");
echo mysql_error();
$q=$pdo->prepare("SELECT * FROM $table WHERE year='$currentfairyear' AND $where");
$q->execute();
echo $pdo->errorInfo();
$names = '`'.join('`,`', $fields).'`';
/* Process data */
while($r=mysql_fetch_assoc($q)) {
while($r=$q->fech(PDDO::FETCH_ASSOC)) {
$vals = '';
foreach($fields as $f) {
if(array_key_exists($f, $replace))
$vals .= ",'".mysql_real_escape_string($replace[$f])."'";
$vals .= ",'".$replace[$f]."'";
else if($col[$f]['Null'] == 'YES' && $r[$f] == NULL)
$vals .= ',NULL';
else
$vals .= ",'".mysql_real_escape_string($r[$f])."'";
$vals .= ",'".$r[$f]."'";
}
mysql_query("INSERT INTO `$table`(`year`,$names) VALUES ('$newfairyear'$vals)");
echo mysql_error();
$stmt = $pdo->prepare("INSERT INTO `$table`(`year`,$names) VALUES ('$newfairyear'$vals)");
$stmt->execute();
echo $pdo->errorInfo();
}
}
@ -125,97 +128,112 @@
//now the dates
echo i18n("Rolling dates")."<br />";
$q=mysql_query("SELECT DATE_ADD(date,INTERVAL 365 DAY) AS newdate,name,description FROM dates WHERE year='$currentfairyear'");
echo mysql_error();
while($r=mysql_fetch_object($q))
mysql_query("INSERT INTO dates (date,name,description,year) VALUES (
'".mysql_real_escape_string($r->newdate)."',
'".mysql_real_escape_string($r->name)."',
'".mysql_real_escape_string($r->description)."',
'".mysql_real_escape_string($newfairyear)."')");
$q=$pdo->prepare("SELECT DATE_ADD(date,INTERVAL 365 DAY) AS newdate,name,description FROM dates WHERE year='$currentfairyear'");
$q->execute();
echo $pdo->errorInfo();
while($r=$q->fetch(PDO::FETCH_OBJ))
$stmt = $pdo->prepare("INSERT INTO dates (date,name,description,year) VALUES (
'".$r->newdate."',
'".$r->name."',
'".$r->description."',
'".$newfairyear."')");
$stmt->execute();
//page text
echo i18n("Rolling page texts")."<br />";
$q=mysql_query("SELECT * FROM pagetext WHERE year='$currentfairyear'");
echo mysql_error();
while($r=mysql_fetch_object($q))
mysql_query("INSERT INTO pagetext (textname,textdescription,text,lastupdate,year,lang) VALUES (
'".mysql_real_escape_string($r->textname)."',
'".mysql_real_escape_string($r->textdescription)."',
'".mysql_real_escape_string($r->text)."',
'".mysql_real_escape_string($r->lastupdate)."',
'".mysql_real_escape_string($newfairyear)."',
'".mysql_real_escape_string($r->lang)."')");
$q=$pdo->prepare("SELECT * FROM pagetext WHERE year='$currentfairyear'");
$q->execute();
echo $pdo->errorInfo();
while($r=$q->fetch(PDO::FETCH_OBJ))
$stmt = $pdo->prepare("INSERT INTO pagetext (textname,textdescription,text,lastupdate,year,lang) VALUES (
'".$r->textname."',
'".$r->textdescription."',
'".$r->text."',
'".$r->lastupdate."',
'".$newfairyear)."',
'".$r->lang."')";
$stmt->execute();
echo i18n("Rolling project categories")."<br />";
//project categories
$q=mysql_query("SELECT * FROM projectcategories WHERE year='$currentfairyear'");
echo mysql_error();
while($r=mysql_fetch_object($q))
mysql_query("INSERT INTO projectcategories (id,category,category_shortform,mingrade,maxgrade,year) VALUES (
'".mysql_real_escape_string($r->id)."',
'".mysql_real_escape_string($r->category)."',
'".mysql_real_escape_string($r->category_shortform)."',
'".mysql_real_escape_string($r->mingrade)."',
'".mysql_real_escape_string($r->maxgrade)."',
'".mysql_real_escape_string($newfairyear)."')");
$q=$pdo->prepare("SELECT * FROM projectcategories WHERE year='$currentfairyear'");
$q->execute();
echo $pdo->errorInfo();
while($r=$q->fetch(PDO::FETCH_OBJ))
$stmt = $pdo->prepare("INSERT INTO projectcategories (id,category,category_shortform,mingrade,maxgrade,year) VALUES (
'".$r->id."',
'".$r->category."',
'".$r->category_shortform."',
'".$r->mingrade."',
'".$r->maxgrade."',
'".$newfairyear."')");
$stmt->execute();
echo i18n("Rolling project divisions")."<br />";
//project divisions
$q=mysql_query("SELECT * FROM projectdivisions WHERE year='$currentfairyear'");
echo mysql_error();
while($r=mysql_fetch_object($q))
mysql_query("INSERT INTO projectdivisions (id,division,division_shortform,cwsfdivisionid,year) VALUES (
'".mysql_real_escape_string($r->id)."',
'".mysql_real_escape_string($r->division)."',
'".mysql_real_escape_string($r->division_shortform)."',
'".mysql_real_escape_string($r->cwsfdivisionid)."',
'".mysql_real_escape_string($newfairyear)."')");
$q=$pdo->prepare("SELECT * FROM projectdivisions WHERE year='$currentfairyear'");
$q->execute();
echo $pdo->errorInfo();
while($r=$q->fetch(PDO::FETCH_OBJ))
$stmt = $pdo->prepare("INSERT INTO projectdivisions (id,division,division_shortform,cwsfdivisionid,year) VALUES (
'".$r->id."',
'".$r->division."',
'".$r->division_shortform."',
'".$r->cwsfdivisionid."',
'".$newfairyear."')");
$stmt->execute();
echo i18n("Rolling project category-division links")."<br />";
//project categories divisions links
$q=mysql_query("SELECT * FROM projectcategoriesdivisions_link WHERE year='$currentfairyear'");
echo mysql_error();
while($r=mysql_fetch_object($q))
mysql_query("INSERT INTO projectcategoriesdivisions_link (projectdivisions_id,projectcategories_id,year) VALUES (
'".mysql_real_escape_string($r->projectdivisions_id)."',
'".mysql_real_escape_string($r->projectcategories_id)."',
'".mysql_real_escape_string($newfairyear)."')");
$q=$pdo->prepare("SELECT * FROM projectcategoriesdivisions_link WHERE year='$currentfairyear'");
$q->execute();
echo $pdo->errorInfo();
while($r=$q->fetch(PDO::FETCH_OBJ))
$stmt = $pdo->prepare("INSERT INTO projectcategoriesdivisions_link (projectdivisions_id,projectcategories_id,year) VALUES (
'".$r->projectdivisions_id."',
'".$r->projectcategories_id."',
'".$newfairyear."')");
$stmt->execute();
echo i18n("Rolling project sub-divisions")."<br />";
//project subdivisions
$q=mysql_query("SELECT * FROM projectsubdivisions WHERE year='$currentfairyear'");
echo mysql_error();
while($r=mysql_fetch_object($q))
mysql_query("INSERT INTO projectsubdivisions (id,projectdivisions_id,subdivision,year) VALUES (
'".mysql_real_escape_string($r->id)."',
'".mysql_real_escape_string($r->projectsubdivisions_id)."',
'".mysql_real_escape_string($r->subdivision)."',
'".mysql_real_escape_string($newfairyear)."')");
$q=$pdo->prepare("SELECT * FROM projectsubdivisions WHERE year='$currentfairyear'");
$q->execute();
echo $pdo->errorInfo();
while($r=$q->fetch(PDO::FETCH_OBJ))
$stmt = $pdo->prepare("INSERT INTO projectsubdivisions (id,projectdivisions_id,subdivision,year) VALUES (
'".$r->id."',
'".$r->projectsubdivisions_id."',
'".$r->subdivision."',
'".$newfairyear."')");
$stmt->execute();
echo i18n("Rolling safety questions")."<br />";
//safety questions
$q=mysql_query("SELECT * FROM safetyquestions WHERE year='$currentfairyear'");
echo mysql_error();
while($r=mysql_fetch_object($q))
mysql_query("INSERT INTO safetyquestions (question,type,required,ord,year) VALUES (
'".mysql_real_escape_string($r->question)."',
'".mysql_real_escape_string($r->type)."',
'".mysql_real_escape_string($r->required)."',
'".mysql_real_escape_string($r->ord)."',
'".mysql_real_escape_string($newfairyear)."')");
$q=$pdo->prepare("SELECT * FROM safetyquestions WHERE year='$currentfairyear'");
$q->execute();
echo $pdo->errorInfo();
while($r=$q->fetch(PDO::FETCH_OBJ))
$stmt = $pdo->prepare("INSERT INTO safetyquestions (question,type,required,ord,year) VALUES (
'".$r->question."',
'".$r->type."',
'".$r->required."',
'".$r->ord."',
'".$newfairyear."')");
$stmt->execute();
echo i18n("Rolling awards")."<br />";
//awards
$q=mysql_query("SELECT * FROM award_awards WHERE year='$currentfairyear'");
echo mysql_error();
while($r=mysql_fetch_object($q)) {
$q=$pdo->prepare("SELECT * FROM award_awards WHERE year='$currentfairyear'");
$q->execute();
echo $pdo->errorInfo();
while($r=$q->fetch(PDO::FETCH_OBJ)) {
/* Roll the one award */
roll($cy, $ny, 'award_awards', "id='{$r->id}'");
$award_awards_id=mysql_insert_id();
$award_awards_id=$pdo->lastInsertId();
roll($cy, $ny, 'award_awards_projectcategories', "award_awards_id='{$r->id}'",
array('award_awards_id' => $award_awards_id));
@ -229,60 +247,66 @@
echo i18n("Rolling award types")."<br />";
//award types
$q=mysql_query("SELECT * FROM award_types WHERE year='$currentfairyear'");
echo mysql_error();
while($r=mysql_fetch_object($q))
mysql_query("INSERT INTO award_types (id,type,`order`,year) VALUES (
'".mysql_real_escape_string($r->id)."',
'".mysql_real_escape_string($r->type)."',
'".mysql_real_escape_string($r->order)."',
'".mysql_real_escape_string($newfairyear)."')");
$q=$pdo->prepare("SELECT * FROM award_types WHERE year='$currentfairyear'");
$q->execute();
echo $pdo->errorInfo();
while($r=$q->fetch(PDO::FETCH_OBJ))
$stmt = $pdo->prepare("INSERT INTO award_types (id,type,`order`,year) VALUES (
'".$r->id."',
'".$r->type."',
'".$r->order."',
'".$newfairyear."')");
$stmt->execute();
echo i18n("Rolling schools")."<br />";
//award types
$q=mysql_query("SELECT * FROM schools WHERE year='$currentfairyear'");
echo mysql_error();
while($r=mysql_fetch_object($q)) {
$q=$pdo->prepare("SELECT * FROM schools WHERE year='$currentfairyear'");
$q->execute();
echo $pdo->errorInfo();
while($r=$q->fetch(PDO::FETCH_OBJ)) {
$puid = ($r->principal_uid == null) ? 'NULL' : ("'".intval($r->principal_uid)."'");
$shuid = ($r->sciencehead_uid == null) ? 'NULL' : ("'".intval($r->sciencehead_uid)."'");
mysql_query("INSERT INTO schools (school,schoollang,schoollevel,board,district,phone,fax,address,city,province_code,postalcode,principal_uid,schoolemail,sciencehead_uid,accesscode,lastlogin,junior,intermediate,senior,registration_password,projectlimit,projectlimitper,year) VALUES (
'".mysql_real_escape_string($r->school)."',
'".mysql_real_escape_string($r->schoollang)."',
'".mysql_real_escape_string($r->schoollevel)."',
'".mysql_real_escape_string($r->board)."',
'".mysql_real_escape_string($r->district)."',
'".mysql_real_escape_string($r->phone)."',
'".mysql_real_escape_string($r->fax)."',
'".mysql_real_escape_string($r->address)."',
'".mysql_real_escape_string($r->city)."',
'".mysql_real_escape_string($r->province_code)."',
'".mysql_real_escape_string($r->postalcode)."',$puid,
'".mysql_real_escape_string($r->schoolemail)."',$shuid,
'".mysql_real_escape_string($r->accesscode)."',
$stmt = $pdo->prepare("INSERT INTO schools (school,schoollang,schoollevel,board,district,phone,fax,address,city,province_code,postalcode,principal_uid,schoolemail,sciencehead_uid,accesscode,lastlogin,junior,intermediate,senior,registration_password,projectlimit,projectlimitper,year) VALUES (
'".$r->school."',
'".$r->schoollang."',
'".$r->schoollevel."',
'".$r->board."',
'".$r->district."',
'".$r->phone."',
'".$r->fax."',
'".$r->address."',
'".$r->city."',
'".$r->province_code."',
'".$r->postalcode."',$puid,
'".$r->schoolemail."',$shuid,
'".$r->accesscode."',
NULL,
'".mysql_real_escape_string($r->junior)."',
'".mysql_real_escape_string($r->intermediate)."',
'".mysql_real_escape_string($r->senior)."',
'".mysql_real_escape_string($r->registration_password)."',
'".mysql_real_escape_string($r->projectlimit)."',
'".mysql_real_escape_string($r->projectlimitper)."',
'".mysql_real_escape_string($newfairyear)."')");
'".$r->junior."',
'".$r->intermediate."',
'".$r->senior."',
'".$r->registration_password."',
'".$r->projectlimit."',
'".$r->projectlimitper."',
'".$newfairyear."')");
$stmt->execute();
}
echo i18n("Rolling questions")."<br />";
$q = mysql_query("SELECT * FROM questions WHERE year='$currentfairyear'");
while($r=mysql_fetch_object($q))
mysql_query("INSERT INTO questions (id,year,section,db_heading,question,type,required,ord) VALUES (
$q = $pdo->prepare("SELECT * FROM questions WHERE year='$currentfairyear'");
$q->execute();
while($r=$q->fetch(PDO::FETCH_OBJ))
$stmt = $pdo->prepare("INSERT INTO questions (id,year,section,db_heading,question,type,required,ord) VALUES (
'',
'$newfairyear',
'".mysql_real_escape_string($r->section)."',
'".mysql_real_escape_string($r->db_heading)."',
'".mysql_real_escape_string($r->question)."',
'".mysql_real_escape_string($r->type)."',
'".mysql_real_escape_string($r->required)."',
'".mysql_real_escape_string($r->ord)."')");
'".$r->section."',
'".$r->db_heading."',
'".$r->question."',
'".$r->type."',
'".$r->required."',
'".$r->ord."')");
$stmt->execute();
//regfee items
echo i18n("Rolling registration fee items")."<br />";
@ -294,26 +318,31 @@
//timeslots and rounds
echo i18n('Rolling judging timeslots and rounds')."<br />";
$q=mysql_query("SELECT * FROM judges_timeslots WHERE year='$currentfairyear' AND round_id='0'");
echo mysql_error();
while($r=mysql_fetch_assoc($q)) {
$q=$pdo->prepare("SELECT * FROM judges_timeslots WHERE year='$currentfairyear' AND round_id='0'");
$q->execute();
echo $pdo->errorInfo();
while($r=$q->fech(PDDO::FETCH_ASSOC)) {
$d = $newfairyear - $currentfairyear;
mysql_query("INSERT INTO judges_timeslots (`year`,`round_id`,`type`,`date`,`starttime`,`endtime`,`name`)
$stmt = $pdo->prepare("INSERT INTO judges_timeslots (`year`,`round_id`,`type`,`date`,`starttime`,`endtime`,`name`)
VALUES ('$newfairyear','0','{$r['type']}',DATE_ADD('{$r['date']}', INTERVAL $d YEAR),
'{$r['starttime']}','{$r['endtime']}','{$r['name']}')");
echo mysql_error();
$round_id = mysql_insert_id();
$qq = mysql_query("SELECT * FROM judges_timeslots WHERE round_id='{$r['id']}'");
echo mysql_error();
while($rr=mysql_fetch_assoc($qq)) {
mysql_query("INSERT INTO judges_timeslots (`year`,`round_id`,`type`,`date`,`starttime`,`endtime`)
$stmt->execute();
echo $pdo->errorInfo();
$round_id = $pdo->lastInsertId();
$qq = $pdo->prepare("SELECT * FROM judges_timeslots WHERE round_id='{$r['id']}'");
$qq->execute();
echo $pdo->errorInfo();
while($rr=$qq->fetch(PDO::FETCH_ASSOC)) {
$stmt = $pdo->prepare("INSERT INTO judges_timeslots (`year`,`round_id`,`type`,`date`,`starttime`,`endtime`)
VALUES ('$newfairyear','$round_id','timeslot',DATE_ADD('{$rr['date']}', INTERVAL $d YEAR),
'{$rr['starttime']}','{$rr['endtime']}')");
$stmt->execute();
}
}
echo "<br /><br />";
mysql_query("UPDATE config SET val='$newfairyear' WHERE var='FAIRYEAR' AND year=0");
$stmt = $pdo->prepare("UPDATE config SET val='$newfairyear' WHERE var='FAIRYEAR' AND year=0");
$stmt->execute();
echo happy(i18n("Fair year has been rolled over from %1 to %2",array($currentfairyear,$newfairyear)));
send_footer();
exit;

43
config/rolloverfiscal.php
View File

@ -81,8 +81,9 @@ function rolloverfiscalyear($newYear){
// first we'll roll over fundraising_campaigns:
$fields = "`name`,`type`,`startdate`,`enddate`,`followupdate`,`active`,`target`,`fundraising_goal`,`filterparameters`";
$q = mysql_query("SELECT $fields FROM fundraising_campaigns WHERE fiscalyear = $oldYear");
while(mysql_error() == null && $r = mysql_fetch_assoc($q)){
$q = $pdo->prepare("SELECT $fields FROM fundraising_campaigns WHERE fiscalyear = $oldYear");
$q->execute();
while($pdo->errorInfo() == null && $r = $q->fetch(PDO::FETCH_ASSOC)){
foreach(array('startdate','enddate','followupdate') as $dateField){
$dateval = $r[$dateField];
$parts = explode('-', $dateval);
@ -95,33 +96,37 @@ function rolloverfiscalyear($newYear){
$fields = array_keys($r);
$values = array_values($r);
foreach($values as $idx => $val){
$values[$idx] = mysql_real_escape_string($val);
$values[$idx] = $val;
}
$query = "INSERT INTO fundraising_campaigns (`" . implode("`,`", $fields) . "`) VALUES('" . implode("','", $values) . "')";
mysql_query($query);
$stmt = $pdo->prepare($query);
$stmt->execute();
}
// next we'll hit findraising_donor_levels
$fields = "`level`,`min`,`max`,`description`";
if(mysql_error() == null)
$q = mysql_query("SELECT $fields FROM fundraising_donor_levels WHERE fiscalyear = $oldYear");
while(mysql_error() == null && $r = mysql_fetch_assoc($q)){
if($pdo->errorInfo() == null)
$q = $pdo->prepare("SELECT $fields FROM fundraising_donor_levels WHERE fiscalyear = $oldYear");
$q->execute();
while($pdo->errorInfo() == null && $r = $q->fetch(PDO::FETCH_ASSOC)){
$r['fiscalyear'] = $newYear;
$fields = array_keys($r);
$values = array_values($r);
foreach($values as $idx => $val){
$values[$idx] = mysql_real_escape_string($val);
$values[$idx] = $val;
}
$query = "INSERT INTO fundraising_donor_levels (`" . implode("`,`", $fields) . "`) VALUES('" . implode("','", $values) . "')";
mysql_query($query);
$stmt = $pdo->prepare($query);
$stmt->execute();
}
// and now we'll do findraising_goals
$fields = "`goal`,`name`,`description`,`system`,`budget`,`deadline`";
if(mysql_error() == null){
$q = mysql_query("SELECT $fields FROM fundraising_goals WHERE fiscalyear = $oldYear");
if($pdo->errorInfo() == null){
$q = $pdo->prepare("SELECT $fields FROM fundraising_goals WHERE fiscalyear = $oldYear");
$q->execute();
}
while(mysql_error() == null && $r = mysql_fetch_assoc($q)){
while($pdo->errorInfo() == null && $r = $q->fetch(PDO::FETCH_ASSOC)){
$dateval = $r['deadline'];
$parts = explode('-', $dateval);
if($parts[0] != '0000')
@ -133,22 +138,24 @@ function rolloverfiscalyear($newYear){
$fields = array_keys($r);
$values = array_values($r);
foreach($values as $idx => $val){
$values[$idx] = mysql_real_escape_string($val);
$values[$idx] = $val;
}
$query = "INSERT INTO fundraising_goals (`" . implode("`,`", $fields) . "`) VALUES('" . implode("','", $values) . "')";
mysql_query($query);
$stmt = $pdo->prepare($query);
$stmt->execute();
}
// finally, let's update the fiscal year itself:
if(mysql_error() == null){
mysql_query("UPDATE config SET val='$newYear' WHERE var='FISCALYEAR'");
if($pdo->errorInfo() == null){
$stmt = $pdo->prepare("UPDATE config SET val='$newYear' WHERE var='FISCALYEAR'");
$stmt->execute();
}
if(mysql_error() == null){
if($pdo->errorInfo() == null){
$config['FISCALYEAR'] = $newYear;
echo happy(i18n("Fiscal year has been rolled over from %1 to %2", array($oldYear, $newYear)));
}else{
echo error(mysql_error());
echo error($pdo->errorInfo());
}
}

34
config/safetyquestions.php
View File

@ -37,13 +37,14 @@
if(!ereg("^[0-9]*$",$_POST['ord']))
echo notice(i18n("Defaulting non-numeric order value %1 to 0",array($_POST['ord'])));
mysql_query("UPDATE safetyquestions SET
question='".mysql_escape_string(stripslashes($_POST['question']))."',
`type`='".mysql_escape_string(stripslashes($_POST['type']))."',
`required`='".mysql_escape_string(stripslashes($_POST['required']))."',
ord='".mysql_escape_string(stripslashes($_POST['ord']))."'
$stmt = $pdo->prepare("UPDATE safetyquestions SET
question='".stripslashes($_POST['question'])."',
`type`='".stripslashes($_POST['type'])."',
`required`='".stripslashes($_POST['required'])."',
ord='".stripslashes($_POST['ord'])."'
WHERE id='".$_POST['save']."' AND year='".$config['FAIRYEAR']."'");
echo mysql_error();
$stmt->execute();
echo $pdo->errorInfo();
echo happy(i18n("Safety question successfully saved"));
}
@ -55,14 +56,15 @@
{
if($_POST['question'])
{
mysql_query("INSERT INTO safetyquestions (question,type,required,ord,year) VALUES (
'".mysql_escape_string(stripslashes($_POST['question']))."',
'".mysql_escape_string(stripslashes($_POST['type']))."',
'".mysql_escape_string(stripslashes($_POST['required']))."',
'".mysql_escape_string(stripslashes($_POST['ord']))."',
$stmt = $pdo->prepare("INSERT INTO safetyquestions (question,type,required,ord,year) VALUES (
'".stripslashes($_POST['question'])."',
'".stripslashes($_POST['type'])."',
'".stripslashes($_POST['required'])."',
'".stripslashes($_POST['ord'])."',
'".$config['FAIRYEAR']."'
)");
echo mysql_error();
$stmt->execute();
echo $pdo->errorInfo();
echo happy(i18n("Safety question successfully added"));
}
@ -72,7 +74,8 @@
if($_GET['action']=="remove" && $_GET['remove'])
{
mysql_query("DELETE FROM safetyquestions WHERE id='".$_GET['remove']."' AND year='".$config['FAIRYEAR']."'");
$stmt = $pdo->prepare("DELETE FROM safetyquestions WHERE id='".$_GET['remove']."' AND year='".$config['FAIRYEAR']."'");
$stmt->execute();
echo happy(i18n("Safety question successfully removed"));
}
@ -91,9 +94,10 @@
{
$buttontext="Save safety question";
echo "<input type=\"hidden\" name=\"action\" value=\"save\">\n";
$q=mysql_query("SELECT * FROM safetyquestions WHERE id='".$_GET['edit']."' AND year='".$config['FAIRYEAR']."'");
$q=$pdo->prepare("SELECT * FROM safetyquestions WHERE id='".$_GET['edit']."' AND year='".$config['FAIRYEAR']."'");
$q->execute();
echo "<input type=\"hidden\" name=\"save\" value=\"".$_GET['edit']."\">\n";
if(!$r=mysql_fetch_object($q))
if(!$r=$q->fetch(PDO::FETCH_OBJ))
{
$showform=false;
echo error(i18n("Invalid safety question"));

17
config/signaturepage.php
View File

@ -40,12 +40,17 @@
if($_POST['usepostamble']) $usepa="1"; else $usepa="0";
if($_POST['useregfee']) $userf="1"; else $userf="0";
mysql_query("UPDATE signaturepage SET `use`='$useex', `text`='".mysql_escape_string(stripslashes($_POST['exhibitordeclaration']))."' WHERE name='exhibitordeclaration'");
mysql_query("UPDATE signaturepage SET `use`='$usepg', `text`='".mysql_escape_string(stripslashes($_POST['parentdeclaration']))."' WHERE name='parentdeclaration'");
mysql_query("UPDATE signaturepage SET `use`='$usete', `text`='".mysql_escape_string(stripslashes($_POST['teacherdeclaration']))."' WHERE name='teacherdeclaration'");
mysql_query("UPDATE signaturepage SET `use`='$usepa', `text`='".mysql_escape_string(stripslashes($_POST['postamble']))."' WHERE name='postamble'");
mysql_query("UPDATE signaturepage SET `use`='$userf', `text`='' WHERE name='regfee'");
echo happy(i18n("$sentence_begin_participationform text successfully saved"));
$stmt = $pdo->prepare("UPDATE signaturepage SET `use`='$useex', `text`='".stripslashes($_POST['exhibitordeclaration'])."' WHERE name='exhibitordeclaration'");
$stmt->execute();
$stmt = $pdo->prepare("UPDATE signaturepage SET `use`='$usepg', `text`='".stripslashes($_POST['parentdeclaration'])."' WHERE name='parentdeclaration'");
$stmt->execute();
$stmt = $pdo->prepare("UPDATE signaturepage SET `use`='$usete', `text`='".stripslashes($_POST['teacherdeclaration'])."' WHERE name='teacherdeclaration'");
$stmt->execute();
$stmt = $pdo->prepare("UPDATE signaturepage SET `use`='$usepa', `text`='".stripslashes($_POST['postamble'])."' WHERE name='postamble'");
$stmt->execute();
$stmt = $pdo->prepare("UPDATE signaturepage SET `use`='$userf', `text`='' WHERE name='regfee'");
$stmt->execute();
echo happy(i18n("$sentence_begin_participationform text successfully saved"));
}
echo "<a href=\"../register_participants_signature.php?sample=true\">Preview your signature form as a PDF (as a student would see it)</a><br />";

38
config/subdivisions.php
View File

@ -42,18 +42,20 @@
{
if($_POST['id'] && $_POST['projectdivisions_id'] && $_POST['subdivision'] )
{
$q=mysql_query("SELECT id FROM projectsubdivisions WHERE id='".$_POST['id']."' AND year='".$config['FAIRYEAR']."'");
if(mysql_num_rows($q) && $_POST['saveid']!=$_POST['id'])
$q=$pdo->prepare("SELECT id FROM projectsubdivisions WHERE id='".$_POST['id']."' AND year='".$config['FAIRYEAR']."'");
$q->execute();
if($q->rowCount() && $_POST['saveid']!=$_POST['id'])
{
echo error(i18n("Sub-Division ID %1 already exists",array($_POST['id'])));
}
else
{
mysql_query("UPDATE projectsubdivisions SET ".
$stmt = $pdo->prepare("UPDATE projectsubdivisions SET ".
"id='".$_POST['id']."', ".
"projectdivisions_id='".$_POST['projectdivisions_id']."', ".
"subdivision='".mysql_escape_string(stripslashes($_POST['subdivision']))."' ".
"subdivision='".stripslashes($_POST['subdivision'])."' ".
"WHERE id='".$_POST['saveid']."'");
$stmt->execute();
echo happy(i18n("Sub-Division successfully saved"));
}
}
@ -69,26 +71,29 @@
{
if(!$_POST['id'])
{
$idq=mysql_query("SELECT MAX(id) AS id FROM projectsubdivisions");
$idr=mysql_fetch_object($idq);
$idq=$pdo->prepare("SELECT MAX(id) AS id FROM projectsubdivisions");
$idq->execute();
$idr=$idq->fetch(PDO::fETCH_OBJ);
$newid=$idr->id+1;
}
else
$newid=$_POST['id'];
$q=mysql_query("SELECT id FROM projectsubdivisions WHERE id='$newid' AND year='".$config['FAIRYEAR']."'");
if(mysql_num_rows($q))
$q=$pdo->prepare("SELECT id FROM projectsubdivisions WHERE id='$newid' AND year='".$config['FAIRYEAR']."'");
$q->execute();
if($q->rowCount())
{
echo error(i18n("Sub-Division ID %1 already exists",array($newid)));
}
else
{
mysql_query("INSERT INTO projectsubdivisions (id,projectdivisions_id,subdivision,year) VALUES ( ".
$stmt = $pdo->prepare("INSERT INTO projectsubdivisions (id,projectdivisions_id,subdivision,year) VALUES ( ".
"'$newid', ".
"'".$_POST['projectdivisions_id']."', ".
"'".mysql_escape_string(stripslashes($_POST['subdivision']))."', ".
"'".stripslashes($_POST['subdivision'])."', ".
"'".$config['FAIRYEAR']."') ");
$stmt->execute();
echo happy(i18n("Sub-Division successfully added"));
}
}
@ -100,7 +105,8 @@
if($_GET['action']=="remove" && $_GET['remove'])
{
mysql_query("DELETE FROM projectsubdivisions WHERE id='".$_GET['remove']."'");
$stmt = $pdo->prepare("DELETE FROM projectsubdivisions WHERE id='".$_GET['remove']."'");
$stmt->execute();
echo happy(i18n("Sub-Division successfully removed"));
}
@ -123,8 +129,9 @@
if($_GET['action']=="edit")
{
echo "<input type=\"hidden\" name=\"saveid\" value=\"".$_GET['edit']."\">\n";
$q=mysql_query("SELECT * FROM projectsubdivisions WHERE id='".$_GET['edit']."' AND year='".$config['FAIRYEAR']."'");
$divisionr=mysql_fetch_object($q);
$q=$pdo->prepare("SELECT * FROM projectsubdivisions WHERE id='".$_GET['edit']."' AND year='".$config['FAIRYEAR']."'");
$q->execute();
$divisionr=$q->fetch(PDO::FETCH_OBJ);
$buttontext="Save";
}
else if($_GET['action']=="new")
@ -134,8 +141,9 @@
echo "<tr>";
echo " <td>";
echo "<select name=\"projectdivisions_id\">";
$dq=mysql_query("SELECT * FROM projectdivisions WHERE year='".$config['FAIRYEAR']."' ORDER BY division");
while($dr=mysql_fetch_object($dq))
$dq=$pdo->prepare("SELECT * FROM projectdivisions WHERE year='".$config['FAIRYEAR']."' ORDER BY division");
$dq->execute();
while($dr=$dq->fetch(PDO::FETCH_OBJ))
{
if($dr->id==$divisionr->projectdivisions_id) $sel="selected=\"selected\""; else $sel="";
echo "<option $sel value=\"$dr->id\">$dr->division</option>\n";

8
config/variables.php
View File

@ -46,7 +46,8 @@
if($_POST['action']=="save") {
if($_POST['specialconfig']) {
foreach($_POST['specialconfig'] as $key=>$val) {
mysql_query("UPDATE config SET val='".mysql_escape_string(stripslashes($val))."' WHERE year='0' AND var='$key'");
$stmt = $pdo->prepare("UPDATE config SET val='".stripslashes($val)."' WHERE year='0' AND var='$key'");
$stmt->execute();
}
}
message_push(happy(i18n("Configuration successfully saved")));
@ -98,11 +99,12 @@ $q->execute();
echo "<input type=\"hidden\" name=\"action\" value=\"save\">\n";
echo "<input type=\"hidden\" name=\"category\" value=\"Special\">\n";
echo "<table cellpadding=\"3\">";
$q=mysql_query("SELECT * FROM config WHERE year=0 ORDER BY var");
$q=$pdo->prepare("SELECT * FROM config WHERE year=0 ORDER BY var");
$q->execute();
echo "<tr><td colspan=\"2\">";
echo i18n("Warning, modifying values on this configuration variables page could cause your SFIAB to stop working. Only change anything on this page if you really know what you are doing");
echo "</td></tr>";
while($r=mysql_fetch_object($q)) {
while($r=$q->fetch(PDO::FETCH_OBJ)) {
if($r->var=="FAIRYEAR" || $r->var=="DBVERSION" || $r->var=="FISCALYEAR") {
echo "<tr><td><b>$r->var</b> - ".i18n($r->description)."</td><td>$r->val</td></tr>";
}

18
config_editor.inc.php
View File

@ -95,7 +95,7 @@ function config_update_variables($fairyear=NULL, $lastfairyear=NULL)
OR config.year='-1')
ORDER BY config.year DESC";
$r2 = ($q);
if(mysql_num_rows($r2) < 1) {
if($r2->rowCount() < 1) {
/* Uhoh, this shouldn't happen */
echo "ERROR, Variable '$var' doesn't exist";
exit;
@ -103,13 +103,13 @@ function config_update_variables($fairyear=NULL, $lastfairyear=NULL)
$v = $r2->fetch();
("INSERT INTO config (var,val,category,type,type_values,ord,description,year) VALUES (
'".pdo->quote($v->var)."',
'".pdo->quote($v->val)."',
'".pdo->quote($v->category)."',
'".pdo->quote($v->type)."',
'".pdo->quote($v->type_values)."',
'".pdo->quote($v->ord)."',
'".pdo->quote($v->description)."',
'".$v->var."',
'".$v->val."',
'".$v->category."',
'".$v->type."',
'".$v->type_values."',
'".$v->ord."',
'".$v->description."',
'$fairyear')");
}
}
@ -213,7 +213,7 @@ function config_editor($category, $year, $array_name, $self)
print("<td>");
$val = htmlspecialchars($var[$k]['val']);
$name = "${array_name}[$k]";
$name = "{$array_name}[$k]";
switch($var[$k]['type']) {
case "yesno":

209
db/db.update.116.php
View File

@ -4,38 +4,44 @@ function db_update_116_post()
global $config;
/* Fix the users that have a 0 year */
$q = mysql_query("UPDATE `users` SET year={$config['FAIRYEAR']} WHERE year=0");
echo mysql_error();
$q = $pdo->prepare("UPDATE `users` SET year={$config['FAIRYEAR']} WHERE year=0");
$q->execute();
echo $pdo->errorInfo();
/* Fix users without a username */
mysql_query("UPDATE `users` SET `username`=`email` WHERE `username`=''");
$stmt = $pdo->prepare("UPDATE `users` SET `username`=`email` WHERE `username`=''");
$stmt->execute();
/*randomize usernames for any user that doesnt have a username at this point */
$q=mysql_query("SELECT id FROM `users` WHERE username=''");
$q=$pdo->prepare("SELECT id FROM `users` WHERE username=''");
$q->execute();
//this is ripped from user.inc.php's generate passsword function.
//yes there's a chance of collisions, but i think highly unlikely enough that we
//dont need to worry about it.
$available="ABCDEFGHJKLMNPQRSTUVWXYZabcdefghjkmnpqrstuvwxyz23456789";
$len=strlen($available) - 1;
while($r=mysql_fetch_object($q)) {
while($r=$q->fetch(PDO::FETCH_OBJ)) {
$username="";
for($x=0;$x<16;$x++)
$username.=$available{rand(0,$len)};
mysql_query("UPDATE users SET username='$username' WHERE id='$r->id'");
$stmt = $pdo->prepare("UPDATE users SET username='$username' WHERE id='$r->id'");
$stmt->execute();
}
//okay now finally, there's a chance of duplicates from
//committee/volunteer that were in here before, so we need to merge
//them
$q = mysql_query("SELECT * FROM `users` WHERE types LIKE '%committee%'");
while($r = mysql_fetch_assoc($q)) {
$q = $pdo->prepare("SELECT * FROM `users` WHERE types LIKE '%committee%'");
$q->execute();
while($r = $q->fetch(PDO::FETCH_ASSOC)) {
$orig_r = $r;
$qq = mysql_query("SELECT * FROM `users` WHERE
$qq = $pdo->prepare("SELECT * FROM `users` WHERE
(`username`='{$r['username']}' OR `email`='{$r['email']}')
AND `id`!={$r['id']}");
if(mysql_num_rows($qq) == 0) continue;
$qq->execute();
if($qq->rowCount() == 0) continue;
echo "User id {$r['id']} ({$r['username']} {$r['email']}) has multiple users, merging...\n";
@ -48,7 +54,7 @@ function db_update_116_post()
* */
$delete_ids = array();
$delete_userids = array();
while($rr = mysql_fetch_assoc($qq)) {
while($rr = $qq->fetch(PDO::FETCH_ASSOC)) {
$delete_ids[] = "`id`={$rr['id']}";
$delete_userids[] = "`users_id`={$rr['id']}";
$keys = array_keys($rr);
@ -86,7 +92,8 @@ function db_update_116_post()
}
if(count($set)) {
$query = join(',',$set);
mysql_query("UPDATE `users` SET $query WHERE id={$r['id']}");
$stmt = $pdo->prepare("UPDATE `users` SET $query WHERE id={$r['id']}");
$stmt->execute();
echo "Update query: UPDATE `users` SET $query WHERE id={$r['id']}\n";
}
@ -96,38 +103,47 @@ function db_update_116_post()
echo "Merged... Deleting duplicate and adjusting volunteer tables...\n";
/* Delete the dupe */
mysql_query("DELETE FROM `users` $where_id");
$stmt = $pdo->prepare("DELETE FROM `users` $where_id");
$stmt->execute();
/* Update volunteer linkage */
mysql_query("UPDATE `users_volunteer` SET `users_id`={$r['id']} $where_users_id");
mysql_query("UPDATE `volunteer_positions_signup` SET `users_id`={$r['id']} $where_users_id");
$stmt = $pdo->prepare("UPDATE `users_volunteer` SET `users_id`={$r['id']} $where_users_id");
$stmt->execute();
$stmt = $pdo->prepare("UPDATE `volunteer_positions_signup` SET `users_id`={$r['id']} $where_users_id");
$stmt->execute();
echo "done with this user.\n";
}
/* Create volunteer database entries for any that don't exist */
$q = mysql_query("SELECT * FROM users WHERE types LIKE '%volunteer%'");
while($i = mysql_fetch_object($q)) {
mysql_query("INSERT INTO users_volunteer(`users_id`,`volunteer_active`,`volunteer_complete`)
$q = $pdo->prepare("SELECT * FROM users WHERE types LIKE '%volunteer%'");
$q->execute();
while($i = $q->fetch(PDO::FETCH_OBJ)) {
$stmt = $pdo->prepare("INSERT INTO users_volunteer(`users_id`,`volunteer_active`,`volunteer_complete`)
VALUES ('{$i->id}','yes','{$i->complete}')");
}
$stmt->execute();}
/* Update any remaining volunteer entries */
$q = mysql_query("SELECT * FROM users WHERE types LIKE '%volunteer%'");
while($i = mysql_fetch_object($q)) {
mysql_query("UPDATE users_volunteer
$q = $pdo->prepare("SELECT * FROM users WHERE types LIKE '%volunteer%'");
$q->execute();
while($i = $q->fetch(PDO::FETCH_OBJ)) {
$stmt = $pdo->prepare("UPDATE users_volunteer
SET volunteer_complete='{$i->complete}'
WHERE users_id='{$i->id}'");
echo mysql_error();
$stmt->execute();
echo $pdo->errorInfo();
}
/* Every committee member role should be activated */
$q = mysql_query("SELECT * FROM users WHERE types LIKE '%committee%'");
while($i = mysql_fetch_object($q)) {
mysql_query("UPDATE users_committee
$q = $pdo->prepare("SELECT * FROM users WHERE types LIKE '%committee%'");
$q->execute();
while($i = $q->fetch(PDO::FETCH_OBJ)) {
$stmt = $pdo->prepare("UPDATE users_committee
SET committee_active='yes'
WHERE users_id='{$i->id}'");
echo mysql_error();
$stmt->execute();
echo $pdo->errorInfo();
}
/* Convert Judges */
@ -136,11 +152,12 @@ function db_update_116_post()
$jsal = array();
/* Select all judges, duplicate rows for each year */
$jq = mysql_query("SELECT * FROM judges
$jq = $pdo->prepare("SELECT * FROM judges
LEFT JOIN judges_years ON judges_years.judges_id=judges.id
ORDER BY year");
$jq->execute();
while($j = mysql_fetch_object($jq)) {
while($j = $jq->fetch(PDO::FETCH_OBJ)) {
if(!is_array($map[$j->id])) {
$map[$j->id] = array('uid' => '');
@ -149,28 +166,28 @@ function db_update_116_post()
$u = array( 'id' => '',
'uid' => $map[$j->id]['uid'],
'types' => 'judge',
'firstname' => mysql_escape_string($j->firstname),
'lastname' => mysql_escape_string($j->lastname),
'username' => mysql_escape_string($j->email),
'email' => mysql_escape_string($j->email),
'firstname' => $j->firstname,
'lastname' => $j->lastname,
'username' => $j->email,
'email' => $j->email,
'sex' => '',
'password' => mysql_escape_string($j->password),
'password' => $j->password,
'passwordset' => $j->lastlogin,
'oldpassword' => '',
'year' => $j->year,
'phonehome' => mysql_escape_string($j->phonehome),
'phonework' => mysql_escape_string($j->phonework.(($j->phoneworkext=='') ? '' : " x{$j->phoneworkext}")),
'phonecell' => mysql_escape_string($j->phonecell),
'phonehome' => $j->phonehome,
'phonework' => $j->phonework.($j->phoneworkext=='') ? '' : " x{$j->phoneworkext}",
'phonecell' => $j->phonecell,
'fax' => '',
'organization' => mysql_escape_string($j->organization),
'organization' => $j->organization,
'lang' => '', /* FIXME, or unused for judges?, this is preferred communication language, not judging languages */
'created' => $j->created,
'lastlogin' => $j->lastlogin,
'address' => mysql_escape_string($j->address),
'address2' => mysql_escape_string($j->address2),
'city' => mysql_escape_string($j->city),
'province' => mysql_escape_string($j->province),
'postalcode' => mysql_escape_string($j->postalcode),
'address' => $j->address,
'address2' => $j->address2,
'city' => $j->city,
'province' => $j->province,
'postalcode' => $j->postalcode,
'firstaid' => 'no',
'cpr' => 'no',
'deleted' => $j->deleted,
@ -179,20 +196,22 @@ function db_update_116_post()
$updateexclude=array("id","uid","types","username","password","passwordset","oldpassword","year","created","lastlogin","firstaid","cpr","deleted","deleteddatetime");
//check if a user already exists with this username
$uq=mysql_query("SELECT * FROM users WHERE (username='".mysql_real_escape_string($j->email)."' OR email='".mysql_real_escape_string($j->email)."') AND year='$j->year'");
if($j->email && $ur=mysql_fetch_object($uq)) {
$uq=$pdo->prepare("SELECT * FROM users WHERE (username='".$j->email."' OR email='".$j->email."') AND year='$j->year'");
$uq->execute();
if($j->email && $ur=$uq->fetch(PDO::FETCH_OBJ) {
$id=$ur->id;
echo "Using existing users.id=$id for judges.id=$j->id because email address/year ($j->email/$j->year) matches\n";
$sqlset="";
foreach($u AS $f=>$v) {
if(!$ur->$f && $j->$f && !in_array($f,$updateexclude)) {
$sqlset.="`$f`='".mysql_real_escape_string($j->$f)."', ";
$sqlset.="`$f`='".$j->$f."', ";
}
}
$sql="UPDATE users SET $sqlset `types`='{$ur->types},judge',`username`='".mysql_real_escape_string($j->email)."' WHERE id='$id'";
mysql_query($sql);
echo mysql_error();
$sql="UPDATE users SET $sqlset `types`='{$ur->types},judge',`username`='".$j->email."' WHERE id='$id'";
$stmt = $pdo->prepare($sql);
$stmt->execute();
echo $pdo->errorInfo();
echo " Updated user record with judge info, but only merged:\n";
echo " ($sqlset)\n";
@ -202,21 +221,23 @@ function db_update_116_post()
/* Insert the judge */
$fields = '`'.join('`,`', array_keys($u)).'`';
$vals = "'".join("','", array_values($u))."'";
$q = mysql_query("INSERT INTO users ($fields) VALUES ($vals)");
$id = mysql_insert_id();
$q = $pdo->prepare("INSERT INTO users ($fields) VALUES ($vals)");
$q->execute();
$id = $pdo->lastInsertId();
if($map[$j->id]['uid'] == '') {
$map[$j->id]['uid'] = $id;
$q = mysql_query("UPDATE users SET `uid`='$id' WHERE id='$id'");
$q = $pdo->prepare("UPDATE users SET `uid`='$id' WHERE id='$id'");
$q->execute();
}
}
$uj = array( 'users_id' => "$id",
'judge_active' => 'yes',
'highest_psd' => mysql_escape_string($j->highest_psd),
'highest_psd' => $j->highest_psd,
'special_award_only' => ($j->typepref == 'speconly') ? 'yes' : 'no',
'expertise_other' => mysql_escape_string((($j->professional_quals != '')?($j->professional_quals."\n"):'').
$j->expertise_other),
'expertise_other' => (($j->professional_quals != '')?($j->professional_quals."\n"):'').
$j->expertise_other,
/* These need to get pulled from the questions */
'years_school' => $j->years_school,
'years_regional' => $j->years_regional,
@ -227,33 +248,36 @@ function db_update_116_post()
// $j->attending_lunch,
/* catprefs */
$q = mysql_query("SELECT * FROM judges_catpref WHERE judges_id='{$j->id}' AND year='{$j->year}'");
$q = $pdo->prepare("SELECT * FROM judges_catpref WHERE judges_id='{$j->id}' AND year='{$j->year}'");
$q->execute();
$catpref = array();
while($i = mysql_fetch_object($q)) {
while($i = $q->fetch(PDO::FETCH_OBJ)) {
$catpref[$i->projectcategories_id] = $i->rank;
}
$uj['cat_prefs'] = mysql_escape_string(serialize($catpref));
$uj['cat_prefs'] = serialize($catpref);
/* divprefs and subdivision prefs */
$q = mysql_query("SELECT * FROM judges_expertise WHERE judges_id='{$j->id}' AND year='{$j->year}'");
$q = $pdo->prepare("SELECT * FROM judges_expertise WHERE judges_id='{$j->id}' AND year='{$j->year}'");
$q->execute();
$divpref = array();
$divsubpref = array();
while($i = mysql_fetch_object($q)) {
while($i = $q->fetch(PDO::FETCH_OBJ)) {
if($i->projectdivisions_id)
$divpref[$i->projectdivisions_id] = $i->val;
else if ($i->projectsubdivisions_id)
$divsubpref[$i->projectsubdivisions_id] = $i->val;
}
$uj['div_prefs'] = mysql_escape_string(serialize($divpref));
$uj['divsub_prefs'] = mysql_escape_string(serialize($divsubpref));
$uj['div_prefs'] = serialize($divpref);
$uj['divsub_prefs'] = serialize($divsubpref);
/* languages */
$q = mysql_query("SELECT * FROM judges_languages WHERE judges_id='{$j->id}'");
$q = $pdo->prepare("SELECT * FROM judges_languages WHERE judges_id='{$j->id}'");
$q->execute();
$langs = array();
while($i = mysql_fetch_object($q)) {
while($i = $q->fetch(PDO::FETCH_OBJ)) {
$langs[] = $i->languages_lang;
}
$uj['languages'] = mysql_escape_string(serialize($langs));
$uj['languages'] = serialize($langs);
/* Map judges questions back to the profile. We're going to keep questions we need for
* judge scheduling as hard-coded questions so users can't erase them.
@ -264,25 +288,27 @@ function db_update_116_post()
'willing_chair' => 'Willing Chair');
foreach($qmap as $field=>$head) {
/* Find the question ID */
$q = mysql_query("SELECT id FROM questions WHERE year='{$j->year}' AND db_heading='{$head}'");
if(mysql_num_rows($q) == 0) {
$q = $pdo->prepare("SELECT id FROM questions WHERE year='{$j->year}' AND db_heading='{$head}'");
$q->execute();
if($q->rowCount() == 0) {
echo "Warning: Question '$head' for judge {$j->id} doesn't exist in year '{$j->year}', cannot copy answer.\n";
continue;
}
$i = mysql_fetch_object($q);
$i = $q->fetch(PDO::FETCH_OBJ);
/* Now find the answer */
$q = mysql_query("SELECT * FROM question_answers WHERE
$q = $pdo->prepare("SELECT * FROM question_answers WHERE
year='{$j->year}' AND
registrations_id='{$j->id}' AND
questions_id='{$i->id}'");
echo mysql_error();
if(mysql_num_rows($q) == 0) {
$q->execute();
echo $pdo->errorInfo();
if($q->rowCount() == 0) {
echo "Warning: Judge {$j->id} did not answer question '$head' in year '{$j->year}', cannot copy answer.\n";
continue;
}
$i = mysql_fetch_assoc($q);
$i = $q->fetch(PDO::FETCH_ASSOC)
$uj[$field] = $i['answer'];
}
@ -290,42 +316,55 @@ function db_update_116_post()
$fields = '`'.join('`,`', array_keys($uj)).'`';
$vals = "'".join("','", array_values($uj))."'";
$q = mysql_query("INSERT INTO users_judge ($fields) VALUES ($vals)");
echo mysql_error();
$q = $pdo->prepare("INSERT INTO users_judge ($fields) VALUES ($vals)");
$q->execute();
echo $pdo->errorInfo();
/* FIXUP all the judging tables (but don't write back yet, we don't want to
* accidentally create a duplicate judges_id and overwrite it later) */
/* judges_teams_link */
$q = mysql_query("SELECT * FROM judges_teams_link WHERE judges_id='{$j->id}' AND year='{$j->year}'");
while($i = mysql_fetch_object($q))
$q = $pdo->prepare("SELECT * FROM judges_teams_link WHERE judges_id='{$j->id}' AND year='{$j->year}'");
$q->execute();
while($i = $q->fetch(PDO::FETCH_OBJ))
$jtl[$i->id] = $id;
/* judges_specialawards_sel */
$q = mysql_query("SELECT * FROM judges_specialaward_sel WHERE judges_id='{$j->id}' AND year='{$j->year}'");
echo mysql_error();
while($i = mysql_fetch_object($q))
$q = $pdo->prepare("SELECT * FROM judges_specialaward_sel WHERE judges_id='{$j->id}' AND year='{$j->year}'");
$q->execute();
echo $pdo->errorInfo();
while($i = $q->fetch(PDO::FETCH_OBJ))
$jsal[$i->id] = $id;
/* question_answers */
$q = mysql_query("SELECT * FROM question_answers WHERE registrations_id='{$j->id}' AND year='{$j->year}'");
echo mysql_error();
while($i = mysql_fetch_object($q))
$q = $pdo->prepare("SELECT * FROM question_answers WHERE registrations_id='{$j->id}' AND year='{$j->year}'");
$q->execute();
echo $pdo->errorInfo();
while($i = $q->fetch(PDO::FETCH_OBJ))
$qa[$i->id] = $id;
}
/* Now write back the judge ids */
if(count($jtl)) {
foreach($jtl as $id=>$new_id)
$q = mysql_query("UPDATE judges_teams_link SET judges_id='$new_id' WHERE id='$id' ");
$q = $pdo->prepare("UPDATE judges_teams_link SET judges_id='$new_id' WHERE id='$id' ");
$q->execute();
}
if(count($jsal)) {
foreach($jsal as $id=>$new_id)
$q = mysql_query("UPDATE judges_specialaward_sel SET judges_id='$new_id' WHERE id='$id' ");
$q = $pdo->prepare("UPDATE judges_specialaward_sel SET judges_id='$new_id' WHERE id='$id' ");
$q->execute();
}
if(count($qa)) {
foreach($qa as $id=>$new_id)
$q = mysql_query("UPDATE question_answers SET registrations_id='$new_id' WHERE id='$id' ");
$q = $pdo->prepare("UPDATE question_answers SET registrations_id='$new_id' WHERE id='$id' ");
$q->execute();
}
}
?>

21
db/db.update.122.php
View File

@ -4,9 +4,10 @@ function db_update_122_post()
{
global $config;
$year = $config['FAIRYEAR'];
$q = mysql_query("SELECT * FROM judges_timeslots WHERE year='$year'");
$q = $pdo->prepare("SELECT * FROM judges_timeslots WHERE year='$year'");
$q->execute();
$round = array();
while($r = mysql_fetch_assoc($q)) {
while($r = $q->fetch(PDO::FETCH_ASSOC)) {
$type = $r['type'];
if(!array_key_exists($type, $round)) {
@ -25,19 +26,23 @@ function db_update_122_post()
}
foreach($round as $type=>$d) {
mysql_query("INSERT INTO judges_timeslots (round_id,type,date,starttime,endtime,year)
$stmt = $pdo->prepare("INSERT INTO judges_timeslots (round_id,type,date,starttime,endtime,year)
VALUES ('0','$type','{$d['date']}','{$d['starttime']}','{$d['endtime']}','$year')");
$round_id = mysql_insert_id();
$stmt->execute();
$round_id = $pdo->lastInsertId();
mysql_query("UPDATE judges_timeslots SET
$stmt = $pdo->prepare("UPDATE judges_timeslots SET
round_id='$round_id', type='timeslot'
WHERE type='$type' AND year='$year'");
$stmt->execute();
/* Undo the set we just did to the round we just inserted */
mysql_query("UPDATE judges_timeslots SET
$stmt = $pdo->prepare("UPDATE judges_timeslots SET
round_id='0',type='$type'
WHERE id='$round_id'");
}
$stmt->execute();
}
}
?>

28
db/db.update.129.php
View File

@ -5,29 +5,31 @@ function db_update_129_pre()
{
/* Load all external award sources */
$source_map = array();
$q = mysql_query("SELECT * FROM award_sources");
while($r = mysql_fetch_assoc($q)) {
$q = $pdo->prepare("SELECT * FROM award_sources");
$q->execute();
while($r = m$q->fetch(PDO::FETCH_ASSOC) {
/* Make a user, use the password generator to get
* a random username */
$u = db129_user_create('fair', db129_user_generate_password());
/* Add a Fair Entry */
$name = mysql_escape_string($r['name']);
$url = mysql_escape_string($r['url']);
$website = mysql_escape_string($r['website']);
$username = mysql_escape_string($r['username']);
$password = mysql_escape_string($r['password']);
$name = $r['name'];
$url = $r['url'];
$website = $r['website'];
$username = $r['username'];
$password = $r['password'];
$en = ($r['enabled'] == 'no') ? 'no' : 'yes';
mysql_query("INSERT INTO fairs (`id`,`name`,`abbrv`,`type`,
$stmt = $pdo->prepare("INSERT INTO fairs (`id`,`name`,`abbrv`,`type`,
`url`,`website`,`username`,`password`,`enable_stats`,
`enable_awards`,`enable_winners`) VALUES (
'', '$name', '', 'ysf', '$url', '$web',
'$username','$password','no','$en','$en')");
$stmt->execute();
/* Link the fair to the user */
$u['fairs_id'] = mysql_insert_id();
$u['fairs_id'] = $pdo->lastInsertId();
/* Record the old sources_id to new sources_id mapping */
$source_map[$r['id']] = $u['fairs_id'];
@ -36,14 +38,16 @@ function db_update_129_pre()
}
/* Map all awards to their new source IDs */
$q = mysql_query("SELECT * FROM award_awards");
$q = $pdo->prepare("SELECT * FROM award_awards");
$q->execute();
$keys = array_keys($source_map);
while($r = mysql_fetch_assoc($q)) {
while($r = m$q->fetch(PDO::FETCH_ASSOC)) {
$old_id = $r['award_sources_id'];
if(!in_array($old_id, $keys)) continue;
$qq = mysql_query("UPDATE award_awards SET award_sources_id='{$source_map[$old_id]}'
$qq = $pdo->prepare("UPDATE award_awards SET award_sources_id='{$source_map[$old_id]}'
WHERE id='{$r['id']}'");
$qq->execute();
}

125
db/db.update.129.user.inc.php
View File

@ -147,16 +147,17 @@ function db129_user_load($user, $uid = false)
$id = intval($user);
$query .= " `users`.`id`='$id'";
}
$q=mysql_query($query);
$q=$pdo->prepare($query);
$q->execute();
if(mysql_num_rows($q)!=1) {
echo "Query [$query] returned ".mysql_num_rows($q)." rows\n";
if($q->rowCount()!=1) {
echo "Query [$query] returned ".$q->rowCount()." rows\n";
// echo "<pre>";
// print_r(debug_backtrace());
return false;
}
$ret = mysql_fetch_assoc($q);
$ret = $q->fetch(PDO::FETCH_ASSOC);
/* Make sure they're not deleted, we don't want to do this in the query, because loading by $uid would
* simply return the previous year (where deleted=no) */
@ -220,8 +221,9 @@ function db129_user_set_password($id, $password = NULL)
/* pass $u by reference so we can update it */
$save_old = false;
if($password == NULL) {
$q = mysql_query("SELECT passwordset FROM users WHERE id='$id'");
$u = mysql_fetch_assoc($q);
$q = $pdo->prepare("SELECT passwordset FROM users WHERE id='$id'");
$q->execute();
$u = $q->fetch(PDO::FETCH_ASSOC);
/* Generate a new password */
$password = db129_user_generate_password(12);
/* save the old password only if it's not an auto-generated one */
@ -234,13 +236,14 @@ function db129_user_set_password($id, $password = NULL)
$save_set = 'NOW()';
}
$p = mysql_escape_string($password);
$p = $password;
$set = ($save_old == true) ? 'oldpassword=password, ' : '';
$set .= "password='$p', passwordset=$save_set ";
$query = "UPDATE users SET $set WHERE id='$id'";
mysql_query($query);
echo mysql_error();
$stmt = $pdo->prepare($query);
$stmt->execute();
echo $pdo->errorInfo();
return $password;
}
@ -264,17 +267,18 @@ function db129_user_save_type_list($u, $db, $fields)
}
if(is_array($u[$f]))
$data = mysql_escape_string(serialize($u[$f]));
$data = serialize($u[$f]);
else
$data = mysql_escape_string(stripslashes($u[$f]));
$data = stripslashes($u[$f]);
$set .= "`$f`='$data'";
}
if($set != "") {
$query = "UPDATE $db SET $set WHERE users_id='{$u['id']}'";
mysql_query($query);
if(mysql_error()) {
echo mysql_error();
$stmt = $pdo->prepare($query);
$stmt->execute();
if($pdo->errorInfo()) {
echo $pdo->errorInfo();
echo error("Full query: $query");
}
}
@ -337,7 +341,7 @@ function db129_user_save($u)
// if($f == 'types')
// $set .= "$f='".implode(',', $u[$f])."'";
$data = mysql_escape_string(stripslashes($u[$f]));
$data = stripslashes($u[$f]);
$set .= "$f='$data'";
}
//echo "<pre>";
@ -345,9 +349,10 @@ function db129_user_save($u)
//echo "</pre>";
if($set != "") {
$query = "UPDATE users SET $set WHERE id='{$u['id']}'";
mysql_query($query);
$stmt = $pdo->prepare($query);
$stmt->execute();
// echo "query=[$query]";
echo mysql_error();
echo $pdo->errorInfo();
}
/* Save the password if it changed */
@ -364,7 +369,8 @@ function db129_user_save($u)
function db129_user_delete_committee($u)
{
mysql_query("DELETE FROM committees_link WHERE users_uid='{$u['uid']}'");
$stmt = $pdo->prepare("DELETE FROM committees_link WHERE users_uid='{$u['uid']}'");
$stmt->execute();
}
function db129_user_delete_volunteer($u)
@ -375,9 +381,11 @@ function db129_user_delete_judge($u)
{
global $config;
$id = $u['id'];
mysql_query("DELETE FROM judges_teams_link WHERE users_id='$id'");
mysql_query("DELETE FROM judges_specialawards_sel WHERE users_id='$id'");
}
$stmt = $pdo->prepare("DELETE FROM judges_teams_link WHERE users_id='$id'");
$stmt->execute();
$stmt = $pdo->prepare("DELETE FROM judges_specialawards_sel WHERE users_id='$id'");
$stmt->execute();}
function db129_user_delete_fair($u)
{
@ -412,7 +420,8 @@ function db129_user_delete($u, $type=false)
if($types != '') $types .= ',';
$types .= $t;
}
mysql_query("UPDATE users SET types='$types' WHERE id='{$u['id']}'");
$stmt = $pdo->prepare("UPDATE users SET types='$types' WHERE id='{$u['id']}'");
$stmt->execute();
} else {
$finish_delete = true;
}
@ -423,7 +432,8 @@ function db129_user_delete($u, $type=false)
$finish_delete = true;
}
if($finish_delete == true) {
mysql_query("UPDATE users SET deleted='yes', deleteddatetime=NOW() WHERE id='{$u['id']}'");
$stmt = $pdo->prepare("UPDATE users SET deleted='yes', deleteddatetime=NOW() WHERE id='{$u['id']}'");
$stmt->execute();
}
}
@ -453,7 +463,8 @@ function db129_user_purge($u, $type=false)
if($types != '') $types .= ',';
$types .= $t;
}
mysql_query("UPDATE users SET types='$types' WHERE id='{$u['id']}'");
$stmt = $pdo->prepare("UPDATE users SET types='$types' WHERE id='{$u['id']}'");
$stmt->execute();
} else {
$finish_purge = true;
}
@ -461,18 +472,21 @@ function db129_user_purge($u, $type=false)
* out the entry */
call_user_func("db129_user_delete_$type", $u);
// call_user_func("user_purge_$type", $u);
mysql_query("DELETE FROM users_$type WHERE users_id='{$u['id']}'");
$stmt = $pdo->prepare("DELETE FROM users_$type WHERE users_id='{$u['id']}'");
$stmt->execute();
} else {
/* Delete the whole user */
foreach($u['types'] as $t) {
call_user_func("db129_user_delete_$t", $u);
// call_user_func("user_purge_$t", $u);
mysql_query("DELETE FROM users_$t WHERE users_id='{$u['id']}'");
$stmt = $pdo->prepare("DELETE FROM users_$t WHERE users_id='{$u['id']}'");
$stmt->execute();
}
$finish_purge = true;
}
if($finish_purge == true) {
mysql_query("DELETE FROM users WHERE id='{$u['id']}'");
$stmt = $pdo->prepare("DELETE FROM users WHERE id='{$u['id']}'");
$stmt->execute();
}
}
@ -482,12 +496,13 @@ function db129_user_dupe_row($db, $key, $val, $newval)
{
global $config;
$nullfields = array('deleteddatetime'); /* Fields that can be null */
$q = mysql_query("SELECT * FROM $db WHERE $key='$val'");
if(mysql_num_rows($q) != 1) {
$q = $pdo->prepare("SELECT * FROM $db WHERE $key='$val'");
$q->execute();
if($q->rowCount() != 1) {
echo "ERROR duplicating row in $db: $key=$val NOT FOUND.\n";
exit;
}
$i = mysql_fetch_assoc($q);
$i = $q->fetch(PDO::FETCH_ASSOC);
$i[$key] = $newval;
foreach($i as $k=>$v) {
@ -496,7 +511,7 @@ function db129_user_dupe_row($db, $key, $val, $newval)
else if($k == 'year')
$i[$k] = $config['FAIRYEAR'];
else
$i[$k] = '\''.mysql_escape_string($v).'\'';
$i[$k] = '\''.$v.'\'';
}
$keys = '`'.join('`,`', array_keys($i)).'`';
@ -504,10 +519,11 @@ function db129_user_dupe_row($db, $key, $val, $newval)
$q = "INSERT INTO $db ($keys) VALUES ($vals)";
// echo "Dupe Query: [$q]";
$r = mysql_query($q);
echo mysql_error();
$r = $pdo->prepare($q);
$r->execute();
echo $pdo->errorInfo();
$id = mysql_insert_id();
$id = $pdo->lastInsertId();
return $id;
}
/* Used by the login scripts to copy one user from one year to another */
@ -521,9 +537,10 @@ function db129_user_dupe($u, $new_year)
* - That previous entry has deleted=no */
/* Find the last entry */
$q = mysql_query("SELECT id,uid,year,deleted FROM users WHERE uid='{$u['uid']}'
$q = $pdo->prepare("SELECT id,uid,year,deleted FROM users WHERE uid='{$u['uid']}'
ORDER BY year DESC LIMIT 1");
$r = mysql_fetch_object($q);
$q->execute();
$r = $q->fetch(PDO::FETCH_OBJ);
if($r->deleted == 'yes') {
echo "Cannot duplicate user ID {$u['id']}, they are deleted. Undelete them first.\n";
exit;
@ -534,7 +551,8 @@ function db129_user_dupe($u, $new_year)
}
$id = db129_user_dupe_row('users', 'id', $u['id'], NULL);
$q = mysql_query("UPDATE users SET year='$new_year' WHERE id='$id'");
$q = $pdo->prepare("UPDATE users SET year='$new_year' WHERE id='$id'");
$q->execute();
/* Load the new user */
$u2 = db129_user_load($id);
@ -572,11 +590,13 @@ function db129_user_create($type, $username, $u = NULL)
{
global $config;
if(!is_array($u)) {
mysql_query("INSERT INTO users (`types`,`username`,`passwordset`,`created`,`year`)
$stmt = $pdo->prepare("INSERT INTO users (`types`,`username`,`passwordset`,`created`,`year`)
VALUES ('$type', '$username','0000-00-00', NOW(), '{$config['FAIRYEAR']}')");
echo mysql_error();
$uid = mysql_insert_id();
mysql_query("UPDATE users SET uid='$uid' WHERE id='$uid'");
$stmt->execute();
echo $pdo->errorInfo();
$uid = $pdo->lastInsertId();
$stmt = $pdo->prepare("UPDATE users SET uid='$uid' WHERE id='$uid'");
$stmt->execute();
db129_user_set_password($uid, NULL);
} else {
/* The user has been specified and already exists,
@ -588,27 +608,34 @@ function db129_user_create($type, $username, $u = NULL)
exit;
}
$new_types = implode(',', $u['types']).','.$type;
mysql_query("UPDATE users SET types='$new_types' WHERE id='$uid'");
$stmt = \4pdo->prepare("UPDATE users SET types='$new_types' WHERE id='$uid'");
$stmt->execute();
}
switch($type) {
case 'volunteer':
mysql_query("INSERT INTO users_volunteer(`users_id`, `volunteer_active`) VALUES ('$uid', 'yes')");
$stmt = $pdo->prepare("INSERT INTO users_volunteer(`users_id`, `volunteer_active`) VALUES ('$uid', 'yes')");
$stmt->execute();
break;
case 'student':
// mysql_query("INSERT INTO users_student(`users_id`, `student_active`) VALUES ('$uid', 'yes')");
break;
// $stmt = $pdo->prepare("INSERT INTO users_student(`users_id`, `student_active`) VALUES ('$uid', 'yes')");
$stmt->execute();
break;
case 'judge':
mysql_query("INSERT INTO users_judge(`users_id`, `judge_active`) VALUES ('$uid', 'yes')");
$stmt = $pdo->prepare("INSERT INTO users_judge(`users_id`, `judge_active`) VALUES ('$uid', 'yes')");
$stmt->execute();
break;
case 'fair':
mysql_query("INSERT INTO users_fair(`users_id`, `fair_active`) VALUES ('$uid', 'yes')");
$stmt = $pdo->prepare("INSERT INTO users_fair(`users_id`, `fair_active`) VALUES ('$uid', 'yes')");
$stmt->execute();
break;
case 'committee':
mysql_query("INSERT INTO users_committee(`users_id`, `committee_active`) VALUES ('$uid', 'yes')");
$stmt = $pdo->prepare("INSERT INTO users_committee(`users_id`, `committee_active`) VALUES ('$uid', 'yes')");
$stmt->execute();
break;
case 'sponsor':
mysql_query("INSERT INTO users_sponsor(`users_id`) VALUES ('$uid')");
$stmt = $pdo->prepare("INSERT INTO users_sponsor(`users_id`) VALUES ('$uid')");
$stmt->execute();
break;
}
return db129_user_load($uid);

6
db/db.update.136.php
View File

@ -4,7 +4,7 @@
function db_update_136_pre()
{
global $config;
mysql_query("UPDATE fairs SET `name` = 'Youth Science Canada',
$stmt = $pdo->prepare("UPDATE fairs SET `name` = 'Youth Science Canada',
`abbrv` = 'YSC',
`website` = 'http://apps.ysf-fsj.ca/awarddownloader/help.php',
`enable_stats` = 'yes',
@ -15,14 +15,16 @@ function db_update_136_pre()
WHERE
`url`='https://secure.ysf-fsj.ca/awarddownloader/index.php'");
$stmt->execute();
mysql_query("UPDATE fairs SET `abbrv` = 'STO',
$stmt = $pdo->prepare("UPDATE fairs SET `abbrv` = 'STO',
`website` = 'http://www.scitechontario.org/awarddownloader/help.php',
`enable_stats` = 'yes',
`enable_awards` = 'yes',
`enable_winners` = 'yes'
WHERE
`url`='http://www.scitechontario.org/awarddownloader/index.php'");
$stmt->execute();
}

8
db/db.update.142.php
View File

@ -1,8 +1,9 @@
<?
function db_update_142_post() {
$q=mysql_query("SELECT * FROM config WHERE var='FISCALYEAR'");
if(mysql_num_rows($q)) {
$q=$pdo->prepare("SELECT * FROM config WHERE var='FISCALYEAR'");
$q->execute();
if($q->rowCount()) {
//great its there, do nothing, it must have been inserted by the installer when doing a fresh install
}
else {
@ -11,7 +12,8 @@ function db_update_142_post() {
$month=date("m");
if($month>6) $fiscalyearsuggest=date("Y")+1;
else $fiscalyearsuggest=date("Y");
mysql_query("INSERT INTO `config` ( `var` , `val` , `category` , `type` , `type_values` , `ord` , `description` , `year`) VALUES ( 'FISCALYEAR', '$fiscalyearsuggest', 'Special', '', '', '0', 'The current fiscal year that the fundraising module is using', '0')");
$stmt = $pdo->prepare("INSERT INTO `config` ( `var` , `val` , `category` , `type` , `type_values` , `ord` , `description` , `year`) VALUES ( 'FISCALYEAR', '$fiscalyearsuggest', 'Special', '', '', '0', 'The current fiscal year that the fundraising module is using', '0')");
$stmt->execute();
}
}

25
db/db.update.62.php
View File

@ -17,8 +17,9 @@ $update_62_committee = array();
function db_update_62_pre()
{
global $update_62_committee;
$q = mysql_query("SELECT * FROM committees_members");
while($r = mysql_fetch_assoc($q)) {
$q = $pdo->prepare("SELECT * FROM committees_members");
$q->execute();
while($r = $q->fetch(PDO::FETCH_ASSOC)) {
$update_62_committee[] = $r;
}
}
@ -31,8 +32,7 @@ function db_update_62_post()
foreach($update_62_committee as $c) {
list($fn, $ln) = split(' ', $c['name'], 2);
$username = $c['email'];
$fn = mysql_escape_string($fn);
$ln = mysql_escape_string($ln);
if($config['committee_password_expiry_days'] > 0) {
$passwordexpiry = "DATE_ADD(CURDATE(),
INTERVAL {$config['committee_password_expiry_days']} DAY)";
@ -46,19 +46,20 @@ function db_update_62_post()
`email`,`phonehome`,`phonework`,`phonecell`,`fax`,`organization`,
`created`,`deleted`)
VALUES ('committee','$fn', '$ln', '$username',
'".mysql_escape_string($c['password'])."',
'".$c['password']."',
$passwordexpiry,
'{$c['email']}',
'{$c['phonehome']}',
'{$c['phonework']}',
'{$c['phonecell']}',
'{$c['fax']}',
'".mysql_escape_string($c['organization'])."',
'".$c['organization']."',
NOW(),
'$deleted')";
mysql_query($q);
$stmt = $pdo->prepare($q);
$stmt->execute();
echo "$q\n";
$id = mysql_insert_id();
$id = $pdo->lastInsertId();
$access_admin = ($c['access_admin'] == 'Y') ? 'yes' : 'no';
$access_config = ($c['access_config'] == 'Y') ? 'yes' : 'no';
@ -73,14 +74,16 @@ function db_update_62_post()
'$access_admin',
'$access_config',
'$access_super')";
mysql_query($q);
$stmt = $pdo->prepare($q);
$stmt->execute();
echo "$q\n";
echo mysql_error();
echo $pdo->errorInfo();
/* Update committee links */
$q = "UPDATE committees_link SET users_id='$id'
WHERE committees_members_id='{$c['id']}'";
mysql_query($q);
$stmt = $pdo->prepare($q);
$stmt->execute();
echo "$q\n";
}

8
db/db.update.81.php
View File

@ -1,10 +1,12 @@
<?
function db_update_81_post()
{
$q = mysql_query("SELECT DISTINCT award_sponsors_id FROM award_contacts");
while($i = mysql_fetch_object($q)) {
$q = $pdo->prepare("SELECT DISTINCT award_sponsors_id FROM award_contacts");
$q->execute();
while($i = m$q->fetch(PDO::FETCH_OBJ)) {
$asid = $i->award_sponsors_id;
mysql_query("UPDATE award_contacts SET `primary`='yes' WHERE award_sponsors_id='$asid' LIMIT 1");
$stmt = $pdo->prepare("UPDATE award_contacts SET `primary`='yes' WHERE award_sponsors_id='$asid' LIMIT 1");
$stmt->execute();
}
}
?>

29
judge.inc.php
View File

@ -45,13 +45,15 @@ function judge_status_expertise(&$u)
}
/* Check to see if they have ranked all project age categories, and all divisions */
$q=mysql_query("SELECT COUNT(id) AS num FROM projectcategories WHERE year='".$config['FAIRYEAR']."'");
$r=mysql_fetch_object($q);
$q=$pdo->prepare("SELECT COUNT(id) AS num FROM projectcategories WHERE year='".$config['FAIRYEAR']."'");
$q->execute();
$r=$q->fetch(PDO::FETCH_OBJ);
$numcats=$r->num;
if($numcats != count($u['cat_prefs'])) return 'incomplete';
$q=mysql_query("SELECT COUNT(id) AS num FROM projectdivisions WHERE year='".$config['FAIRYEAR']."'");
$r=mysql_fetch_object($q);
$q=$pdo->prepare("SELECT COUNT(id) AS num FROM projectdivisions WHERE year='".$config['FAIRYEAR']."'");
$q->execute();
$r=$q->fetch(PDO::FETCH_OBJ);
$numdivisions=$r->num;
if($numdivisions != count($u['div_prefs'])) return 'incomplete';
@ -75,14 +77,16 @@ function judge_status_questions($u){
*/
global $config;
// get the questions we're looking for
$q = mysql_query("SELECT id FROM questions WHERE year=" . $config['FAIRYEAR'] . " AND required='yes'");
$q = $pdo->prepare("SELECT id FROM questions WHERE year=" . $config['FAIRYEAR'] . " AND required='yes'");
$q->execute();
$idList = array();
while($row = mysql_fetch_assoc($q)) $idList[] = $row['id'];
while($row = $q->fetch(PDO::FETCH_ASSOC)) $idList[] = $row['id'];
$rval = 'complete';
if(count($idList)){
$q = mysql_query("SELECT COUNT(*) AS tally FROM question_answers WHERE questions_id IN(" . implode(',', $idList) . ") AND users_id=" . $u['id'] . " AND answer IS NOT NULL");
$row = mysql_fetch_assoc($q);
$q = $pdo->prepare("SELECT COUNT(*) AS tally FROM question_answers WHERE questions_id IN(" . implode(',', $idList) . ") AND users_id=" . $u['id'] . " AND answer IS NOT NULL");
$q->execute();
$row = $q->fetch(PDO::FETCH_ASSOC);
if(intval($row['tally']) != count($idList)) $rval = 'incomplete';
}
return $rval;
@ -100,9 +104,10 @@ function judge_status_special_awards(&$u)
* - judge has selected between min and max preferences
*/
$qq = mysql_query("SELECT COUNT(id) AS num FROM judges_specialaward_sel
$qq = $pdo->prepare("SELECT COUNT(id) AS num FROM judges_specialaward_sel
WHERE users_id='{$u['id']}'");
$rr = mysql_fetch_object($qq);
$qq->execute();
$rr = $qq->fetch(PDO::FETCH_OBJ);
$awards_selected = $rr->num;
// echo "$awards_selected awards selected, ({$config['judges_specialaward_min']} - {$config['judges_specialaward_max']})";
@ -127,9 +132,9 @@ function judge_status_availability(&$u)
global $config;
if($config['judges_availability_enable'] == 'no') return 'complete';
$q = mysql_query("SELECT id FROM judges_availability
$q = $pdo->prepare("SELECT id FROM judges_availability
WHERE users_id=\"{$u['id']}\"");
if(mysql_num_rows($q) > 0) return 'complete';
if($q->rowCount() > 0) return 'complete';
return 'incomplete';
}

5
lpdf.php
View File

@ -220,8 +220,9 @@ class lpdf
// echo "breaking because nr==prevnr ($nr==$prevnr) trying to output [$textstr] (debug: fontsize=$fontsize, lineheight=$lineheight, stringwidth=$stringwidth, left=".$this->loc(0.75).", top=".$this->loc($this->yloc).", width=".$this->loc(7).", height=$lineheight)\n";
break;
}
$q=mysql_query("SELECT * FROM translations WHERE lang='".$_SESSION['lang']."' AND strmd5='".md5($str)."'");
if($r=@mysql_fetch_object($q))
$q=$pdo->prepare("SELECT * FROM translations WHERE lang='".$_SESSION['lang']."' AND strmd5='".md5($str)."'");
$q->execute();
if($r=$q->fetch(PDO::FETCH_OBJ))
$prevnr=$nr;
// printf("x=%f y=%f w=%f h=%f",$this->loc(0.75),$this->loc($this->yloc),$this->loc(7),$lineheight);

22
scripts/assignprojectnumbers.php
View File

@ -27,12 +27,14 @@ exit;
include "../common.inc.php";
$projq=mysql_query("SELECT id FROM registrations WHERE status='complete' OR status='paymentpending' AND year='2008'");
while($projr=mysql_fetch_object($projq))
$projq=$pdo->prepare("SELECT id FROM registrations WHERE status='complete' OR status='paymentpending' AND year='2008'");
$projq->execute();
while($projr=$projq->fetch(PDO::FETCH_OBJ))
{
$reg_id=$projr->id;
$q=mysql_query("SELECT projects.projectcategories_id, projects.projectdivisions_id FROM projects WHERE registrations_id='$reg_id'");
$r=mysql_fetch_object($q);
$q=$pdo->prepare("SELECT projects.projectcategories_id, projects.projectdivisions_id FROM projects WHERE registrations_id='$reg_id'");
$q->execute();
$r=$q->fetch(PDO::FETCH_OBJ);
$projectnumber=$config['project_num_format'];
//first replace the division and category
@ -41,15 +43,16 @@ include "../common.inc.php";
//now change the N to a % so we can use it as a wildcard
$querynum=str_replace('N','%',$projectnumber);
$searchq=mysql_query("SELECT projectnumber FROM projects WHERE year='".$config['FAIRYEAR']."' AND projectnumber LIKE '$querynum'");
$searchq=$pdo->prepare("SELECT projectnumber FROM projects WHERE year='".$config['FAIRYEAR']."' AND projectnumber LIKE '$querynum'");
$searchq->execute();
print("SELECT projectnumber FROM projects WHERE year='".$config['FAIRYEAR']."' AND projectnumber LIKE '$querynum'\n");
$searchnum=mysql_num_rows($searchq);
$searchnum=$searchq->rowCount();
echo "searchnum=$searchnum \n";
if(mysql_num_rows($searchq))
if($searchq->rowCount())
{
//first, put them all in an array
$proj_nums=array();
while($searchr=mysql_fetch_object($searchq))
while($searchr=$searchq->fetch(PDO::FETCH_OBJ))
{
$proj_nums[]=$searchr->projectnumber;
}
@ -77,7 +80,8 @@ include "../common.inc.php";
}
$projectnumber=str_replace('N',$Nnum,$projectnumber);
mysql_query("UPDATE projects SET projectnumber='$projectnumber' WHERE registrations_id='$reg_id' AND year='".$config['FAIRYEAR']."'");
$stmt = $pdo->prepare("UPDATE projects SET projectnumber='$projectnumber' WHERE registrations_id='$reg_id' AND year='".$config['FAIRYEAR']."'");
$stmt->execute();
if($projectnumber)
{
echo "Assigned new project number $projectnumber\n";

16
scripts/assigntourrankings.php
View File

@ -25,9 +25,10 @@ echo "To run this script, edit it and comment out the 'exit' (and this message)
exit;
include "../common.inc.php";
mysql_query("DELETE FROM tours_choice WHERE year='2008'");
$stmt = $po->prepare("DELETE FROM tours_choice WHERE year='2008'");
$stmt->execute();
$q=mysql_query("SELECT students.id AS students_id,
$q=$pdo->prepare("SELECT students.id AS students_id,
registrations.id AS registrations_id
FROM registrations,
students
@ -36,14 +37,17 @@ $q=mysql_query("SELECT students.id AS students_id,
AND registrations.year='2008'
AND students.registrations_id=registrations.id
AND students.year='2008'");
while($r=mysql_fetch_object($q))
$q->execute();
while($r=$q->fetch(PDO::FETCH_OBJ))
{
$tq=mysql_query("SELECT tours.id, RAND() AS r FROM tours WHERE year='2008' ORDER BY r");
$tq=$pdo->prepare("SELECT tours.id, RAND() AS r FROM tours WHERE year='2008' ORDER BY r");
$tq->execute();
$rank=1;
while($tr=mysql_fetch_object($tq)) {
mysql_query("INSERT INTO tours_choice (students_id,registrations_id,tour_id,year,rank) VALUES (
while($tr=$tq->fetch(PDO::FETCH_OBJ)) {
$stmt = $pdo->prepare("INSERT INTO tours_choice (students_id,registrations_id,tour_id,year,rank) VALUES (
'$r->students_id','$r->registrations_id','$tr->id','2008','$rank'
)");
$stmt->execute();
$rank++;
}
echo "Assigned student $r->students_id\n";

11
scripts/emptyregistrations.php
View File

@ -32,9 +32,12 @@ echo "IF YOU ARE SURE YOU WANT TO RUN THIS, SET AN ARGUMENT TO THE SCRIPT, EG 'p
if(count($argv)>1)
{
echo "TRUNCATING TABLE DATA....\n";
mysql_query("TRUNCATE TABLE registrations");
mysql_query("TRUNCATE TABLE students");
mysql_query("TRUNCATE TABLE projects");
echo "DONE.\n\n";
$stmt = $pdo->prepare("TRUNCATE TABLE registrations");
$stmt->execute();
$stmt = $pdo->prepare("TRUNCATE TABLE students");
$stmt->execute();
$stmt = $pdo->prepare("TRUNCATE TABLE projects");
$stmt->execute();
echo "DONE.\n\n";
}
?>

17
scripts/emptyscheduledata.php
View File

@ -32,11 +32,16 @@ echo "IF YOU ARE SURE YOU WANT TO RUN THIS, SET AN ARGUMENT TO THE SCRIPT, EG 'p
if(count($argv)>1)
{
echo "TRUNCATING TABLE DATA....\n";
mysql_query("TRUNCATE TABLE judges_teams");
mysql_query("TRUNCATE TABLE judges_teams_awards_link");
mysql_query("TRUNCATE TABLE judges_teams_link");
mysql_query("TRUNCATE TABLE judges_teams_timeslots_link");
mysql_query("TRUNCATE TABLE judges_teams_timeslots_projects_link");
echo "DONE.\n\n";
$stmt = $pdo->prepare("TRUNCATE TABLE judges_teams");
$stmt->execute();
$stmt = $pdo->prepare("TRUNCATE TABLE judges_teams_awards_link");
$stmt->execute();
$stmt = $pdo->prepare("TRUNCATE TABLE judges_teams_link");
$stmt->execute();
$stmt = $pdo->prepare("TRUNCATE TABLE judges_teams_timeslots_link");
$stmt->execute();
$stmt = $pdo->prepare("TRUNCATE TABLE judges_teams_timeslots_projects_link");
$stmt->execute();
echo "DONE.\n\n";
}
?>

45
scripts/judges_fake.php
View File

@ -28,11 +28,16 @@ include "../common.inc.php";
$numjudges=200;
mysql_query("TRUNCATE TABLE judges");
mysql_query("TRUNCATE TABLE judges_catpref");
mysql_query("TRUNCATE TABLE judges_expertise");
mysql_query("TRUNCATE TABLE judges_years");
mysql_query("TRUNCATE TABLE judges_languages");
$stmt = $pdo->prepare("TRUNCATE TABLE judges");
$stmt->execute();
$stmt = $pdo->prepare("TRUNCATE TABLE judges_catpref");
$stmt->execute();
$stmt = $pdo->prepare("TRUNCATE TABLE judges_expertise");
$stmt->execute();
$stmt = $pdo->prepare("TRUNCATE TABLE judges_years");
$stmt->execute();
$stmt = $pdo->prepare("TRUNCATE TABLE judges_languages");
$stmt->execute();
function getrand($ar)
@ -109,8 +114,9 @@ for($x=0;$x<$numjudges;$x++)
$compnum=rand(0,20);
if($compnum==1) $complete="no"; else $complete="yes";
$q=mysql_query("INSERT INTO judges (firstname,lastname,email,years_school,years_regional,years_national,willing_chair,complete) VALUES ('$firstname','$lastname','$email','$years_school','$years_regional','$years_national','$willing_chair','$complete')");
$id=mysql_insert_id();
$q=$pdo->prepare("INSERT INTO judges (firstname,lastname,email,years_school,years_regional,years_national,willing_chair,complete) VALUES ('$firstname','$lastname','$email','$years_school','$years_regional','$years_national','$willing_chair','$complete')");
$q->execute();
$id=$pdo->lastInsertId();
//for both these, the annealer expects -2 to 2 , but since expertise was done waaaaaay before as 1-5 we'll add it as 1-5 and the annealer will subtract 3
//to compensate
@ -119,30 +125,37 @@ for($x=0;$x<$numjudges;$x++)
for($a=1;$a<=3;$a++)
{
$catrank=rand(-2,2);
mysql_query("INSERT INTO judges_catpref (judges_id,projectcategories_id,rank,year) VALUES ('$id','$a','$catrank','2007')");
$stmt = $pdo->prepare("INSERT INTO judges_catpref (judges_id,projectcategories_id,rank,year) VALUES ('$id','$a','$catrank','2007')");
$stmt->execute();
}
//expertise is ranked 1-5
for($a=1;$a<=6;$a++)
{
$divrank=rand(1,5);
mysql_query("INSERT INTO judges_expertise (judges_id,projectdivisions_id,val,year) VALUES ('$id','$a','$divrank','2007')");
$stmt = $pdo->prepare("INSERT INTO judges_expertise (judges_id,projectdivisions_id,val,year) VALUES ('$id','$a','$divrank','2007')");
$stmt->execute();
}
//and add the record to the judges_years table so they will be 'active' for this year
mysql_query("INSERT INTO judges_years (judges_id,year) VALUES ('$id','2007')");
$stmt = $pdo->prepare("INSERT INTO judges_years (judges_id,year) VALUES ('$id','2007')");
$stmt->execute();
//60% chance they only speak english
//20% chance they only speak french
//20% chance they are bilingual
$num=rand(0,100);
if($num<60)
mysql_query("INSERT INTO judges_languages (judges_id,languages_lang) VALUES ('$id','en')");
else if($num<80)
mysql_query("INSERT INTO judges_languages (judges_id,languages_lang) VALUES ('$id','fr')");
else {
mysql_query("INSERT INTO judges_languages (judges_id,languages_lang) VALUES ('$id','en')");
mysql_query("INSERT INTO judges_languages (judges_id,languages_lang) VALUES ('$id','fr')");
{$stmt = $pdo->prepare("INSERT INTO judges_languages (judges_id,languages_lang) VALUES ('$id','en')");
$stmt->execute();}
else if($num<80)
{$stmt = $pdo->prepare("INSERT INTO judges_languages (judges_id,languages_lang) VALUES ('$id','fr')");
$stmt->execute();}
else {
$stmt = $pdo->prepare("INSERT INTO judges_languages (judges_id,languages_lang) VALUES ('$id','en')");
$stmt->execute();
$stmt = $pdo->prepare("INSERT INTO judges_languages (judges_id,languages_lang) VALUES ('$id','fr')");
$stmt->execute();
}

18
scripts/populate_fake.php
View File

@ -49,8 +49,9 @@ $nouns=array("age","animal","arm","baby","ball","bat","bear","boat","camp","car"
$starters=array("effects of","study of","analysis of");
$joiners=array("on","combined with","broken apart by","burned with","attacked by","left alone with");
$numschools=mysql_query("SELECT id FROM schools WHERE year='2011'");
while($s=mysql_fetch_object($numschools))
$numschools=$pdo->prepare("SELECT id FROM schools WHERE year='2011'");
$numschools->execute();
while($s=$numschools->fetch(PDO::FETCH_OBJ))
{
//1 in 4 chance of actually using this school
$o=rand(1,4);
@ -67,8 +68,9 @@ for($x=0;$x<$numprojects;$x++)
$pd=rand(1,$prob_unpaid);
if($pd==1) $status='paymentpending'; else $status='complete';
$q=mysql_query("INSERT INTO registrations (num,email,start,status,year) VALUES ('$regnum','$email',NOW(),'$status',2011)");
if($id=mysql_insert_id())
$q=$pdo->prepare("INSERT INTO registrations (num,email,start,status,year) VALUES ('$regnum','$email',NOW(),'$status',2011)");
$q->execute();
if($id=$pdo->lastInsertId())
{
$peeps=rand(1,$prob_dual);
@ -88,8 +90,8 @@ for($x=0;$x<$numprojects;$x++)
$firstname=getrand($firstnames);
$email=strtolower($firstname)."@".getrand($domains);
mysql_query("INSERT INTO students (registrations_id,firstname,lastname,email,sex,grade,year,schools_id) VALUES ('$id','$firstname','".getrand($lastnames)."','$email','$sex','$grade','2011','$schools_id')");
$stmt = $pdo->prepare("INSERT INTO students (registrations_id,firstname,lastname,email,sex,grade,year,schools_id) VALUES ('$id','$firstname','".getrand($lastnames)."','$email','$sex','$grade','2011','$schools_id')");
$stmt->execute();
}
$div=rand(1,6);
@ -105,8 +107,8 @@ for($x=0;$x<$numprojects;$x++)
if($langnum<4) $lang="fr"; else $lang="en";
mysql_query("INSERT INTO projects (registrations_id,projectcategories_id,projectdivisions_id,title,year,req_electricity,req_table,language) VALUES ('$id','$cat','$div','$title $lang',2011,'$req_e','$req_t','$lang')");
$stmt = $pdo->prepare("INSERT INTO projects (registrations_id,projectcategories_id,projectdivisions_id,title,year,req_electricity,req_table,language) VALUES ('$id','$cat','$div','$title $lang',2011,'$req_e','$req_t','$lang')");
$stmt->execute();
}
}

67
scripts/rolloverschools.php
View File

@ -28,17 +28,19 @@
function roll($currentfairyear, $newfairyear, $table, $fields)
{
$q=mysql_query("SELECT * FROM $table WHERE year='$currentfairyear'");
echo mysql_error();
$q=$pdo->prepare("SELECT * FROM $table WHERE year='$currentfairyear'");
$q->execute();
echo $pdo->errorInfo();
$names = '`'.join('`,`', $fields).'`';
while($r=mysql_fetch_assoc($q)) {
while($r=$q->fetch(PDO::FETCH_ASSOC)) {
$vals = '';
foreach($fields as $f) {
$vals .= ",'".mysql_real_escape_string($r[$f])."'";
$vals .= ",'".$r[$f]."'";
}
mysql_query("INSERT INTO $table(`year`,$names) VALUES ('$newfairyear'$vals)");
echo mysql_error();
$stmt = $pdo->prepare("INSERT INTO $table(`year`,$names) VALUES ('$newfairyear'$vals)");
$stmt->execute();
echo $pdo->errorInfo();
}
}
@ -47,35 +49,36 @@ $newfairyear=2010;
echo i18n("Rolling schools")."<br />";
//award types
$q=mysql_query("SELECT * FROM schools WHERE year='$currentfairyear'");
echo mysql_error();
while($r=mysql_fetch_object($q)) {
$q=$pdo->prepare("SELECT * FROM schools WHERE year='$currentfairyear'");
$q->execute();
echo $pdo->errorInfo();
while($r=$q->fetch(PDO::FETCH_OBJ)) {
$puid = ($r->principal_uid == null) ? 'NULL' : ("'".intval($r->principal_uid)."'");
$shuid = ($r->sciencehead_uid == null) ? 'NULL' : ("'".intval($r->sciencehead_uid)."'");
mysql_query("INSERT INTO schools (school,schoollang,schoollevel,board,district,phone,fax,address,city,province_code,postalcode,principal_uid,schoolemail,sciencehead_uid,accesscode,lastlogin,junior,intermediate,senior,registration_password,projectlimit,projectlimitper,year) VALUES (
'".mysql_real_escape_string($r->school)."',
'".mysql_real_escape_string($r->schoollang)."',
'".mysql_real_escape_string($r->schoollevel)."',
'".mysql_real_escape_string($r->board)."',
'".mysql_real_escape_string($r->district)."',
'".mysql_real_escape_string($r->phone)."',
'".mysql_real_escape_string($r->fax)."',
'".mysql_real_escape_string($r->address)."',
'".mysql_real_escape_string($r->city)."',
'".mysql_real_escape_string($r->province_code)."',
'".mysql_real_escape_string($r->postalcode)."',$puid,
'".mysql_real_escape_string($r->schoolemail)."',$shuid,
'".mysql_real_escape_string($r->accesscode)."',
$stmt = $pdo->prepare("INSERT INTO schools (school,schoollang,schoollevel,board,district,phone,fax,address,city,province_code,postalcode,principal_uid,schoolemail,sciencehead_uid,accesscode,lastlogin,junior,intermediate,senior,registration_password,projectlimit,projectlimitper,year) VALUES (
'".$r->school."',
'".$r->schoollang."',
'".$r->schoollevel."',
'".$r->board."',
'".$r->district."',
'".$r->phone."',
'".$r->fax."',
'".$r->address."',
'".$r->city."',
'".$r->province_code."',
'".$r->postalcode."',$puid,
'".$r->schoolemail."',$shuid,
'".$r->accesscode."',
NULL,
'".mysql_real_escape_string($r->junior)."',
'".mysql_real_escape_string($r->intermediate)."',
'".mysql_real_escape_string($r->senior)."',
'".mysql_real_escape_string($r->registration_password)."',
'".mysql_real_escape_string($r->projectlimit)."',
'".mysql_real_escape_string($r->projectlimitper)."',
'".mysql_real_escape_string($newfairyear)."')");
}
'".$r->junior."',
'".$r->intermediate."',
'".$r->senior."',
'".$r->registration_password."',
'".$r->projectlimit."',
'".$r->projectlimitper."',
'".$newfairyear."')");
$stmt->execute();
}
?>

10
user.inc.php
View File

@ -781,13 +781,15 @@ function user_create($type, $username, $u = NULL)
if(!is_array($u)) {
$stmt = $pdo->prepare("INSERT INTO users (`types`,`username`,`passwordset`,`created`,`year`,`deleted`)
VALUES ('$type','$username','0000-00-00', NOW(), '{$config['FAIRYEAR']}','no')");
$stmt->execute()';
$stmt->execute();
echo $pdo->errorInfo();
$uid = mysql_insert_id();
$uid = $pdo->lastInsertId();
if(user_valid_email($username)) {
mysql_query("UPDATE users SET email='$username' WHERE id='$uid'");
$stmt = $pdo->prepare("UPDATE users SET email='$username' WHERE id='$uid'");
$stmt->execute();
}
mysql_query("UPDATE users SET uid='$uid' WHERE id='$uid'");
$stmt = $pdo->prepare("UPDATE users SET uid='$uid' WHERE id='$uid'");
$stmt->execute();
echo $pdo->errorInfo();
user_set_password($uid, NULL);
/* Since the user already has a type, user_save won't create this

5
volunteer.inc.php
View File

@ -31,8 +31,9 @@ function volunteer_status_position($u)
/* See if they have selected something */
$q = "SELECT * FROM volunteer_positions_signup WHERE users_id='{$u['id']}'
AND year='{$config['FAIRYEAR']}'";
$r = mysql_query($q);
if(mysql_num_rows($r) >= 1) {
$r = $pdo->prepare($q);
$r->execute();
if($r->rowCount() >= 1) {
return "complete";
}
return "incomplete";

25
volunteer_position.php
View File

@ -44,8 +44,9 @@
/* Load available IDs */
$posns = array();
$q = "SELECT * FROM volunteer_positions WHERE year='{$config['FAIRYEAR']}'";
$r = mysql_query($q);
while($p = mysql_fetch_object($r)) {
$r = $pdo->prepare($q);
$r->execute();
while($p = $r->fetch(PDO::FETCH_OBJ)) {
$posns[] = $p->id;
}
@ -59,18 +60,20 @@
}
/* Delete existing selections */
mysql_query("DELETE FROM volunteer_positions_signup
$stmt = $pdo->prepare("DELETE FROM volunteer_positions_signup
WHERE
users_id='{$u['id']}'
AND year='{$config['FAIRYEAR']}' ");
echo mysql_error();
$stmt->execute();
echo $pdo->errorInfo();
/* Add new selections if there are any */
if($vals != '') {
$q = "INSERT INTO volunteer_positions_signup (users_id, volunteer_positions_id,year)
VALUES $vals";
$r=mysql_query($q);
echo mysql_error();
$r=$po->prepare($q);
$r->execute();
echo $pdo->errorInfo();
}
@ -110,17 +113,19 @@ if($_SESSION['embed'] == true) {
$q = "SELECT * FROM volunteer_positions_signup WHERE
users_id = '{$u['id']}'
AND year='{$config['FAIRYEAR']}'";
$r = mysql_query($q);
$r = $pdo->prepare($q);
$r->execute();
$checked_positions = array();
while($p = mysql_fetch_object($r)) {
while($p = $r->fetch(PDO::FETCH_OBJ)) {
$checked_positions[] = $p->volunteer_positions_id;
}
/* Load available volunteer positions */
$q = "SELECT *,UNIX_TIMESTAMP(start) as ustart, UNIX_TIMESTAMP(end) as uend
FROM volunteer_positions WHERE year='{$config['FAIRYEAR']}'";
$r = mysql_query($q);
while($p = mysql_fetch_object($r)) {
$r = $pdo->prepare($q);
$r->execute();
while($p = $r->fetch(PDO::FETCH_OBJ)) {
echo '<tr><td>';

39
winners.php
View File

@ -37,7 +37,7 @@ if($_GET['year'] && $_GET['type']) {
$show_unawarded_awards="no";
$show_unawarded_prizes="no";
$year=intval($_GET['year']);
$type=mysql_real_escape_string($_GET['type']);
$type=$_GET['type'];
echo "<h2>".i18n("%1 ".$type." Award Winners",array($_GET['year']))."</h2>";
@ -45,8 +45,9 @@ if($_GET['year'] && $_GET['type']) {
//first, lets make sure someone isnt tryint to see something that they arent allowed to!
//but only if the year they want is the FAIRYEAR. If they want a past year, thats cool
if($_GET['year']>=$config['FAIRYEAR']) {
$q=mysql_query("SELECT (NOW()>'".$config['dates']['postwinners']."') AS test");
$r=mysql_fetch_object($q);
$q=$pdo->prepare("SELECT (NOW()>'".$config['dates']['postwinners']."') AS test");
$q->execute();
$r=$q->fetch(PDO::FETCH_OBJ);
if($r->test!=1)
{
echo error(i18n("Crystal ball says future is very hard to see!"));
@ -57,7 +58,7 @@ if($_GET['year'] && $_GET['type']) {
if($ok)
{
$q=mysql_query("SELECT
$q=$pdo->prepare("SELECT
award_awards.id,
award_awards.name,
award_awards.order AS awards_order,
@ -73,15 +74,15 @@ if($_GET['year'] && $_GET['type']) {
ORDER BY
awards_order");
echo mysql_error();
echo $pdo->errorInfo();
if(mysql_num_rows($q))
if($q->rowCount())
{
echo "<a href=\"winners.php\">".i18n("Back to Winners main page")."</a>";
echo "<br />";
while($r=mysql_fetch_object($q))
while($r=$q->fetch(PDO::FETCH_OBJ))
{
$pq=mysql_query("SELECT
$pq=$pdo->prepare("SELECT
award_prizes.prize,
award_prizes.number,
award_prizes.id,
@ -100,17 +101,19 @@ if($_GET['year'] && $_GET['type']) {
AND award_prizes.year='$year'
ORDER BY
`order`");
echo mysql_error();
$pq->execute();
echo $pdo->errorInfo();
$awarded_count = 0;
if($show_unawarded_awards=="no")
{
while($pr=mysql_fetch_object($pq))
while($pr=$pq->fetch(PDO::FETCH_OBJ))
{
if($pr->projectnumber)
{
$awarded_count++;
}
}
// Still have to find the PDO equivalent
mysql_data_seek($pq, 0);
}
if($show_unawarded_awards=="yes" || $awarded_count > 0)
@ -119,7 +122,7 @@ if($_GET['year'] && $_GET['type']) {
}
$prevprizeid=-1;
while($pr=mysql_fetch_object($pq))
while($pr=$pq->fetch(PDO::FETCH_OBJ))
{
if(!($pr->projectnumber) && $show_unawarded_prizes=="no")
{
@ -153,7 +156,7 @@ if($_GET['year'] && $_GET['type']) {
echo "&nbsp&nbsp;&nbsp;&nbsp;";
echo "($pr->projectnumber) ".htmlspecialchars($pr->title);
$sq=mysql_query("SELECT students.firstname,
$sq=$pdo->prepare("SELECT students.firstname,
students.lastname,
students.schools_id,
students.webfirst,
@ -167,11 +170,12 @@ if($_GET['year'] && $_GET['type']) {
students.registrations_id='$pr->reg_id'
AND students.schools_id=schools.id
");
$sq->execute();
$studnum=0;
$students="";
$schools=array();
while($studentinfo=mysql_fetch_object($sq))
while($studentinfo=$sq->fetch([PDO::FETCH_OBJ]))
{
if($studnum>0 && $prev) $students.=", ";
@ -242,7 +246,7 @@ else
$first=true;
if($q->rowCount())
{
while($r=mysql_fetch_object($q))
while($r=$q->fetch(PDO::FETCH_OBJ))
{
if($first && $r->year != $config['FAIRYEAR'])
{
@ -258,7 +262,7 @@ else
//do this each time, because each year the names of the award types could change, along with what is actually given out.
//
$tq=mysql_query("SELECT
$tq=$pdo->prepare("SELECT
DISTINCT(award_types.type) AS type
FROM
winners,
@ -273,8 +277,9 @@ else
ORDER BY
award_types.order
");
echo mysql_error();
while($tr=mysql_fetch_object($tq)) {
$tq->execute();
echo $pdo->errorInfo();
while($tr=$tq->fetch(PDO::FETCH_OBJ)) {
echo "&nbsp;&nbsp;<a href=\"winners.php?year=$r->year&type=$tr->type\">".i18n("%1 $tr->type award winners",array($r->year))."</a><br />";
}
echo "<br />";