arman/science-ation
1
1
Fork 0
forked from science-ation/science-ation
Code Pull Requests Activity

Compare commits

base: arman:000826e093b77cfc6ec9c6160e711c3241b3cf51
Branches Tags
arman:master
arman:science-ation
arman:pdf-manager-setup
arman:science-ation_tours
arman:school-imports
arman:science-ation-pre-release
arman:sfiab_3
arman:science-ation-format-code
arman:science-ation_address-complete
arman:science-ation-misc
arman:database
arman:ui-2.0
arman:errors_warnings
arman:sqlerrors
arman:sfiab-2.3
arman:sfiab-users-makeover
arman:sfiab-2.2
arman:sfiab-2.1
arman:sfiab-1.0
science-ation:sfiab-2.3
science-ation:master
science-ation:sfiab-users-makeover
science-ation:sfiab-2.2
science-ation:sfiab-2.1
science-ation:sfiab-1.0
arman:sfiab-2.2.0
arman:sfiab-2.1.6
arman:sfiab-1.0.0
arman:sfiab-0.9.8
arman:sfiab-0.9.6
arman:sfiab-0.9.4
science-ation:sfiab-0.9.4
science-ation:sfiab-0.9.6
science-ation:sfiab-0.9.8
science-ation:sfiab-1.0.0
science-ation:sfiab-2.1.6
science-ation:sfiab-2.2.0
...
compare: arman:ea287cd7af04da55a0cc42d56607b7ffd45cc09a
Branches Tags
arman:science-ation
arman:pdf-manager-setup
arman:science-ation_tours
arman:school-imports
arman:science-ation-pre-release
arman:sfiab_3
arman:science-ation-format-code
arman:science-ation_address-complete
arman:science-ation-misc
arman:database
arman:ui-2.0
arman:errors_warnings
arman:sqlerrors
arman:sfiab-2.3
arman:master
arman:sfiab-users-makeover
arman:sfiab-2.2
arman:sfiab-2.1
arman:sfiab-1.0
science-ation:sfiab-2.3
science-ation:master
science-ation:sfiab-users-makeover
science-ation:sfiab-2.2
science-ation:sfiab-2.1
science-ation:sfiab-1.0
arman:sfiab-2.2.0
arman:sfiab-2.1.6
arman:sfiab-1.0.0
arman:sfiab-0.9.8
arman:sfiab-0.9.6
arman:sfiab-0.9.4
science-ation:sfiab-0.9.4
science-ation:sfiab-0.9.6
science-ation:sfiab-0.9.8
science-ation:sfiab-1.0.0
science-ation:sfiab-2.1.6
science-ation:sfiab-2.2.0

2 Commits
000826e093 ... ea287cd7af

Author SHA1 Message Date
Armanveer Gill
ea287cd7af WIP PDO and Warnings 2024-12-18 11:48:09 -05:00
Armanveer Gill
974eb738f3 errors 2024-12-17 01:34:35 -05:00
54 changed files with 532 additions and 443 deletions
Show Stats Expand all files Collapse all files

2
admin/award_awards.php
View File

@ -27,7 +27,7 @@
user_auth_required('committee', 'admin');
require_once('awards.inc.php');
switch($_GET['action']) {
switch(get_value_from_array($_GET, 'action')) {
case 'awardinfo_load':
$id = intval($_GET['id']);

12
admin/cms.php
View File

@ -36,11 +36,11 @@
"website_content_management"
);
if($_POST['action']=="save")
if(get_value_from_array($_POST, 'action',"save"))
{
$err=false;
foreach($config['languages'] AS $lang=>$langname) {
$filename=stripslashes($_POST['filename']);
$filename=stripslashes(get_value_from_array($_POST, 'filename', ''));
// $filename=ereg_replace("[^A-Za-z0-9\.\_\/]","_",$_POST['filename']);
if(substr($filename,-5)!=".html")
@ -51,7 +51,7 @@
$showlogoname="showlogo_$lang";
//get the dt here to insert with ALL the languages, we cant rely on the INSERT NOW() always inserting multiple records with the same timestamp!
$insertdt=date("Y-m-d H:i:s");
$text=stripslashes($_POST[$textname]);
$text=stripslashes(get_value_from_array($_POST,$textname, ''));
$q = $pdo->prepare("INSERT INTO cms (filename,dt,lang,text,title,showlogo) VALUES (
@ -59,8 +59,8 @@
'$insertdt',
'$lang',
'".$text."',
'".$_POST[$titlename]."',
'".$_POST[$showlogoname]."'
'".get_value_from_array($_POST, $titlename, '')."',
'".get_value_from_array($_POST, $showlogoname, '')."'
)");
$q->execute();
if($pdo->errorInfo()) {
@ -72,7 +72,7 @@
echo happy(i18n("%1 successfully saved",array($_POST['filename'])));
}
if($_GET['filename'] || $_GET['action']=="create")
if(get_value_from_array($_GET,'filename', '') || get_value_from_array($_GET,'action',"create"))
{
echo "<a href=\"cms.php\">&lt;&lt; Back to file list</a><br />\n";
echo "<form method=\"post\" action=\"cms.php\">";

31
admin/committees.php
View File

@ -28,7 +28,7 @@
user_auth_required('committee', 'admin');
if($_POST['users_uid'])
if(get_value_from_array($_POST,'users_uid'))
$uid = intval($_POST['users_uid']);
@ -95,7 +95,7 @@ function actionChanged()
}
function actionSubmit()
{
{
if(document.forms.memberaction.action.selectedIndex==0)
{
alert('You must choose an action');
@ -124,8 +124,8 @@ function actionSubmit()
//-->
</script>
<?
if($_POST['addcommittee'])
global $uid;
if(get_value_from_array($_POST,'addcommittee'))
{
//add a new committee
//re-order the committees
@ -134,7 +134,7 @@ if($_POST['addcommittee'])
echo happy(i18n("Committee successfully added"));
}
if($_POST['committees_id'] && $_POST['committees_ord']) {
if(get_value_from_array($_POST,'committees_id') && get_value_from_array($_POST,'committees_ord')) {
//re-order the committees
$x=0;
$ids=$_POST['committees_id'];
@ -172,9 +172,9 @@ if($_POST['committees_id'] && $_POST['committees_ord']) {
}
if($_POST['action']=="assign")
if(get_value_from_array($_POST, 'action', "assign"))
{
if($_POST['committees_id'] && $_POST['users_uid']) {
if(get_value_from_array($_POST, 'committees_id') && get_vaue_from_array($_POST,'users_uid')) {
$cid = intval($_POST['committees_id']);
$q = $pdo->prepare("SELECT * FROM committees_link WHERE committees_id='$cid' AND users_uid='$uid'");
$q->execute();
@ -191,7 +191,7 @@ if($_POST['action']=="assign")
echo error(("You must choose both a member and a committee"));
}
if($_GET['deletecommittee']) {
if(get_value_from_array($_GET, 'deletecommittee')) {
$del = intval($_GET['deletecommittee']);
$q = $pdo->prepare("DELETE FROM committees WHERE id='$del'");
@ -199,13 +199,13 @@ if($_GET['deletecommittee']) {
echo happy(i18n("Committee removed"));
}
if($_POST['action']=="remove") {
if(get_value_from_array($_POST, 'action',"remove")) {
/* user_delete takes care of unlinking the user in other tables */
user_delete($uid, 'committee');
echo happy(i18n("Committee member deleted"));
}
if($_GET['unlinkmember'] && $_GET['unlinkcommittee']) {
if(get_value_from_array($_GET, 'unlinkmember') && get_value_from_array($_GET,'unlinkcommittee')) {
$mem = intval($_GET['unlinkmember']);
$com = intval($_GET['unlinkcommittee']);
//unlink the member from the committee
@ -304,7 +304,7 @@ if($_GET['unlinkmember'] && $_GET['unlinkcommittee']) {
$q = $pdo->prepare("SELECT * FROM committees ORDER BY ord,name");
$q->execute();
if($q->rowCout())
if($q->rowCount())
{
echo "<h4>".i18n("Committees")."</h4>";
echo "<form method=\"post\" action=\"committees.php\">\n";
@ -359,14 +359,15 @@ if($_GET['unlinkmember'] && $_GET['unlinkcommittee']) {
echo "</td><td>";
if($u['email']) {
list($b,$a)=split("@",$u['email']);
if(get_value_from_array($u, 'email')) {
print_r($u["email"]);
list($b,$a)=explode("@",$u['email']);
echo "<script language=\"javascript\" type=\"text/javascript\">em('$b','$a')</script>";
}
if($u['emailprivate']) {
if(get_value_from_array($u, 'emailprivate')) {
if($u['email']) echo " <b>/</b> ";
list($b,$a)=split("@",$u['emailprivate']);
list($b,$a)=explode("@",$u['emailprivate']);
echo "<script language=\"javascript\" type=\"text/javascript\">em('$b','$a')</script>";
}

2
admin/cwsfregister.php
View File

@ -129,7 +129,7 @@ include "xml.inc.php";
);
echo "<br />";
if(count($_POST['cwsfdivision']))
if(count(get_value_from_array($_POST,'cwsfdivision', '')))
{
foreach($_POST['cwsfdivision'] AS $p=>$d)
{

6
admin/donors.php
View File

@ -28,7 +28,7 @@ user_auth_required('committee', 'admin');
require_once("fundraising_common.inc.php");
switch($_GET['action']) {
switch(get_value_from_array($_GET, 'action')) {
case 'organizationinfo_load':
$id=intval($_GET['id']);
$q=$pdo->prepare("SELECT * FROM sponsors WHERE id='$id'");
@ -1189,7 +1189,7 @@ function removedonation(donationid,sponsorid) {
<?
if($_GET['action']=="delete" && $_GET['delete'])
if(get_value_from_array($_GET, 'action') == "delete" && get_value_from_array($_GET, 'delete'))
{
//dont allow any deleting until we figure out what we need to do, infact, i think we never should hard delete
//this should only soft-delete so things like awards from previous years are still all linked correctly.
@ -1293,7 +1293,7 @@ echo "<hr />";
</div>
<?
if($_GET['action']=="add") {
if(get_value_from_array($_GET,'action',"add")) {
?>
<script type="text/javascript">
$(document).ready(function() {

8
admin/donors_search.php
View File

@ -30,8 +30,10 @@
//$q=mysql_query("SELECT * FROM award_sponsors WHERE year='".$config['FAIRYEAR']."' ORDER BY organization");
//we want to show all years, infact that year field probably shouldnt even be there.
$sql="";
if($_POST['search']) $sql.=" AND organization LIKE '%".$_POST['search']."%' ";
if(count($_POST['donortype'])) {
if(get_value_from_array($_POST, 'search')) $sql.=" AND organization LIKE '%".$_POST['search']."%' ";
//NEEDS AN ARRAY AS AN ARGUMENT INSTEAD OF A STRING
if(count(get_value_from_array($_POST, 'donortype', []))) {
$sql.=" AND (0 ";
foreach($_POST['donortype'] AS $d) {
$sql.=" OR donortype='$d'";
@ -42,7 +44,7 @@
// echo "query=$query";
$q=$pdo->prepare($query);
$q->execute();
$_POST['donortype'];
$thisyear=$config['FISCALYEAR'];
$lastyear=$config['FISCALYEAR']-1;
$rows=array();

16
admin/fair_stats.php
View File

@ -30,7 +30,7 @@
require_once('curl.inc.php');
/* Hack so we can jump right to YSC stats */
if($_GET['abbrv'] == 'YSC') {
if(get_value_from_array($_GET,'abbrv','YSC')) {
$q = $pdo->prepare("SELECT id FROM fairs WHERE abbrv='YSC'");
$q->execute();
$r = $q->fetch(PDO::FETCH_ASSOC);
@ -85,7 +85,7 @@
$server_config['scholarships'] = false;
$server_config['delegates'] = false;
if($_GET['year']) $year=intval($_GET['year']);
if(get_value_from_array($_GET,'year')) $year=intval(get_value_from_array($_GET, 'year'));
else $year=$config['FAIRYEAR'];
if($_GET['id']) $fairs_id=intval($_GET['id']);
@ -98,7 +98,7 @@
$fair = $q->fetch(PDO::FETCH_ASSOC);
}
$action = $_POST['action'];
$action = get_value_from_array($_POST, 'action');
if($action == 'sendstats') {
foreach(array_keys($stats_data) as $k) {
@ -134,7 +134,7 @@
}
}
global $PHPSELF;
echo "<form name=\"fairselect\" action=\"$PHPSELF\" method=\"get\">";
$q = $pdo->prepare("SELECT * FROM fairs WHERE `type`='sfiab' OR `type`='ysc' AND enable_stats='yes'");
$q->execute();
@ -207,7 +207,7 @@
$stats['year'] = $year;
/* Now, overwrite all the stats with what we pulled down from the server */
if(is_array($data['stats'])) {
if(is_array(get_value_from_array($data,'stats'))) {
foreach($data['stats'] as $k=>$v) {
$stats[$k] = $v;
}
@ -249,7 +249,7 @@
$stats['schools_districts'] = count($districts);
//numbers of students:
$q=$pdo->error("SELECT students.*,schools.*
$q=$pdo->prepare("SELECT students.*,schools.*
FROM students
LEFT JOIN registrations ON students.registrations_id=registrations.id
LEFT JOIN schools on students.schools_id=schools.id
@ -257,7 +257,7 @@
AND registrations.year='$year'
AND (registrations.status='complete' OR registrations.status='paymentpending')");
$q->execute();
echo $pdo->errorInfo();
show_pdo_errors_if_any($pdo);
$stats['students_total'] = $q->rowCount();
$stats['students_public'] = 0;
$stats['students_private'] = 0;
@ -301,7 +301,7 @@ $q->execute();
AND (registrations.status='complete' OR registrations.status='paymentpending')
GROUP BY projects.id");
$q->execute();
echo $pdo->errorInfo();
show_pdo_errors_if_any($pdo);
while($r=$q->fetch(PDO::FETCH_ASSOC)) {
$stats["projects_{$grademap[$r['grade']]}"]++;
}

17
admin/fundraising.php
View File

@ -26,7 +26,7 @@
user_auth_required('committee', 'admin');
if($_GET['action']=="refresh") {
if(get_value_from_array($_GET,'action',"refresh")) {
?>
<h3><?=i18n("Fundraising Purposes and Progress Year to Date")?></h3>
@ -49,7 +49,7 @@ $q->execute();
//lookup all donations made towards this goal
$recq=$pdo->prepare("SELECT SUM(value) AS received FROM fundraising_donations WHERE fundraising_goal='$r->goal' AND fiscalyear='{$config['FISCALYEAR']}' AND status='received'");
$recq->execute();
echo $pdo->errorInfo();
show_pdo_errors_if_any($pdo);
$recr=$recq->fetch(PDO::FETCH_OBJ);
$received=$recr->received;
if($r->budget)
@ -93,7 +93,7 @@ $q->execute();
$goalr=$goalq->fetch(PDO:FETCH_OBJ);
$recq=$pdo->prepare("SELECT SUM(value) AS received FROM fundraising_donations WHERE fundraising_campaigns_id='$r->id' AND fiscalyear='{$config['FISCALYEAR']}' AND status='received'");
$recq->execute();
echo $pdo->errorInfo();
show_pdo_errors_if_any();
$recr=$recq->fetch(PDO::FETCH_OBJ);
$received=$recr->received;
if($r->target)
@ -132,7 +132,7 @@ $q=$pdo->prepare("SELECT id,value, thanked, status, sponsors_id, datereceived,
ORDER BY datereceived
");
$q->execute();
echo $pdo->errorInfo();
show_pdo_errors_if_any($pdo);
if($q->rowCount()) {
echo "<table class=\"tableview\">";
@ -186,7 +186,7 @@ $q=$pdo->prepare("SELECT value, receiptrequired, receiptsent, status, sponsors_i
ORDER BY datereceived
");
$q->execute();
echo $pdo->errorInfo();
show_pdo_errors_if_any($pdo);
if($q->rowCount()) {
echo "<table class=\"tableview\">";
echo "<tr><th>".i18n("Name")."</th>\n";
@ -223,7 +223,7 @@ if($q->rowCount()) {
<?
$q=$pdo->prepare("SELECT * FROM fundraising_campaigns WHERE followupdate>=NOW() ORDER BY followupdate LIMIT 5");
$q->execute();
echo $pdo->errorInfo();
show_pdo_errors_if_any($pdo);
if($q->rowCount()) {
echo "<table class=\"tableview\">";
echo "<thead><tr>";
@ -246,7 +246,8 @@ if($q->rowCount()) {
<?
$q=$pdo->prepare("SELECT * FROM sponsors WHERE fundingselectiondate>=NOW() OR proposalsubmissiondate>=NOW() ORDER BY fundingselectiondate LIMIT 5");
$q->execute();
echo $pdo->errorInfo();
show_pdo_errors_if_any($pdo);
if($q->rowCount()) {
echo "<table class=\"tableview\">";
echo "<tr>";
@ -267,7 +268,7 @@ if($q->rowCount()) {
exit;
}
else if (count($_POST['thanked'])) {
else if (get_value_from_array($_POST, 'thanked')) {
foreach($_POST['thanked'] AS $t) {
$stmt = $pdo->prepare("UPDATE fundraising_donations SET thanked='yes' WHERE id='$t'");
$stmt->execute();

2
admin/fundraising_common.inc.php
View File

@ -7,6 +7,6 @@ function getGoal($goal) {
$q=$pdo->prepare("SELECT * FROM fundraising_goals WHERE goal='$goal' AND fiscalyear='{$config['FISCALYEAR']}' LIMIT 1");
$q->execute();
return $q->rowCount();
}
?>

2
admin/fundraising_setup.php
View File

@ -183,7 +183,7 @@
echo $config['FISCALYEAR'];
echo "</td></tr>\n";
echo "<tr><td>".i18n("Fiscal Year End")."</td><td>";
list($month,$day)=split("-",$config['fiscal_yearend']);
list($month,$day)=explode("-",$config['fiscal_yearend']);
emit_month_selector("fiscalendmonth",$month);
emit_day_selector("fiscalendday",$day);
echo "</td></tr>\n";

4
admin/index.php
View File

@ -84,7 +84,7 @@
echo " <td><a href=\"cwsfregister.php\">".theme_icon("one-click_cwsf_registration")."<br />".i18n("One-Click CWSF Registration")."</a></td>";
echo " <td><a href=\"fair_stats.php\">".theme_icon("fair_stats")."<br />".i18n("Upload Fair Statistics")."</a></td>";
echo " <td><a href=\"user_list.php?show_types[]=fair\">".theme_icon("sciencefair_management")."<br />".i18n("Feeder/Upstream Fair Management")."</a></td>";
if($config['score_entry_enable'] == 'yes') {
if(get_value_from_array($config, 'score_entry_enable') == 'yes') {
echo "<td><a href=\"judging_score_entry.php\">".theme_icon("judging_score_entry")."<br />".i18n("Judging Score Entry")."</a></td>";
}
echo " </tr>\n";
@ -96,7 +96,7 @@ if($config['score_entry_enable'] == 'yes') {
echo " <td><a href=\"documents.php\">".theme_icon("internal_document_management")."<br />".i18n("Internal Document Management")."</a></td>";
echo " <td><a href=\"cms.php\">".theme_icon("website_content_management")."<br />".i18n("Website Content Management")."</a></td>";
echo " <td><a href=\"fundraising.php\">".theme_icon("fundraising")."<br />".i18n("Fundraising")."</a></td>";
if($config['score_entry_enable'] == 'yes') {
if(get_value_from_array($config, 'score_entry_enable') == 'yes') {
echo "<td><a href=\"../plugins/evaluations/index.php\">".theme_icon("judging_score_entry")."<br />".i18n("Evaluations Plugin")."</a></td>";
}
//echo " <td><a href=\"../plugins/evaluations/index.php\">Go To Evaluations</a></td>";

20
admin/judges.inc.php
View File

@ -2,7 +2,7 @@
function getJudgingTeams()
{
global $config;
global $pdo;
$q=$pdo->prepare("SELECT judges_teams.id,
judges_teams.num,
judges_teams.name
@ -17,9 +17,9 @@ function getJudgingTeams()
$lastteamid=-1;
$lastteamnum=-1;
echo $pdo->errorInfo();
show_pdo_errors_if_any($pdo);
$teams=array();
while($r=$q->fetch(PDO::FETCH_OBJS))
while($r=$q->fetch(PDO::FETCH_OBJ))
{
$teams[$r->id]['id']=$r->id;
$teams[$r->id]['num']=$r->num;
@ -32,7 +32,7 @@ function getJudgingTeams()
$tq = $pdo->prepare("SELECT * FROM judges_teams_timeslots_link
LEFT JOIN judges_timeslots ON judges_timeslots.id=judges_teams_timeslots_link.judges_timeslots_id
WHERE judges_teams_timeslots_link.judges_teams_id='{$r->id}'");
tq->execute();
$tq->execute();
$teams[$r->id]['timeslots'] = array();
$teams[$r->id]['rounds'] = array();
while($ts = $tq->fetch(PDO::FETCH_ASSOC)) {
@ -63,7 +63,7 @@ function getJudgingTeams()
lastname,
firstname");
$mq->execute();
echo $pdo->errorInfo();
show_pdo_errors_if_any($pdo);
$teamlangs=array();
@ -94,7 +94,7 @@ function getJudgingTeams()
WHERE judges_teams_timeslots_projects_link.year='{$config['FAIRYEAR']}' AND
judges_teams_id='$r->id' AND language!='' ");
$lq->execute();
echo $pdo->errorInfo();
show_pdo_errors_if_any($pdo);
$projectlangs=array();
while($lr=$lq->fetch(PDO::FETCH_OBJ)) {
if(!in_array($lr->language,$projectlangs))
@ -141,7 +141,7 @@ function getJudgingTeams()
function getJudgingTeam($teamid)
{
global $config;
global $pdo;
$q=$pdo->prepare("SELECT judges_teams.id,
judges_teams.num,
judges_teams.name
@ -160,7 +160,7 @@ function getJudgingTeam($teamid)
$team=array();
$first=true;
while($r=$q->fetch(PDO::FETCH_OBJS))
while($r=$q->fetch(PDO::FETCH_OBJ))
{
$team['id']=$r->id;
$team['num']=$r->num;
@ -184,7 +184,7 @@ function getJudgingTeam($teamid)
lastname,
firstname");
$mq->execute();
echo $pdo->errorInfo();
show_pdo_errors_if_any($pdo);
while($mr=$mq->fetch(PDO::FETCH_OBJ))
@ -216,7 +216,7 @@ function getJudgingTeam($teamid)
name
");
$aq->execute();
while($ar=$aq->fetch(PDO::OBJ))
while($ar=$aq->fetch(PDO::FETCH_OBJ))
{
$team['awards'][]=array(
"id"=>$ar->id,

17
admin/judges_teams.php
View File

@ -27,10 +27,10 @@
user_auth_required('committee', 'admin');
include "judges.inc.php";
if($_GET['edit']) $edit=$_GET['edit'];
if($_POST['edit']) $edit=$_POST['edit'];
if($_GET['action']) $action=$_GET['action'];
if($_POST['action']) $action=$_POST['action'];
if(get_value_from_array($_GET,'edit')) $edit=get_value_from_array($_GET,'edit');
if(get_value_from_array($_POST,'edit')) $edit=get_value_from_array($_POST,'edit');
if(get_value_from_array($_GET,'action')) $action=get_value_from_array($_GET,'action');
if(get_value_from_array($_POST,'action')) $action=get_value_from_array($_POST,'action');
if($action=="delete" && $_GET['delete'])
{
@ -294,7 +294,7 @@ function addclicked()
if(!$_SESSION['viewstate']['judges_teams_awards_show'])
$_SESSION['viewstate']['judges_teams_awards_show']='unassigned';
//now update the judges_teams_awards_show viewstate
if($_GET['judges_teams_awards_show'])
if(get_value_from_array($_GET, 'judges_teams_awards_show'))
$_SESSION['viewstate']['judges_teams_awards_show']=$_GET['judges_teams_awards_show'];
echo "<form name=\"judges\" method=\"post\" action=\"judges_teams.php\">";
@ -306,7 +306,8 @@ function addclicked()
echo "<tr><td>".i18n("Team Name").":</td><td><input type=\"text\" size=\"40\" name=\"team_name\" value=\"".$team['name']."\"></td></tr>";
echo "<tr><td>".i18n("Awards").":</td><td>";
if(count($team['awards']))
if(count(get_value_from_array($team, 'awards')))
{
foreach($team['awards'] AS $award)
{
@ -374,8 +375,8 @@ function addclicked()
echo "<tr><td colspan=2>";
$q=$pdo->prepare($querystr);
$q->execute();
echo $pdo->errorInfo();
show_pdo_errors_if_any($pdo);
echo "<select name=\"award\">";
echo "<option value=\"\">".i18n("Choose award to assign to team")."</option>\n";

6
admin/judges_timeslots.php
View File

@ -92,7 +92,7 @@
`type`='$type' WHERE id='$round_id'");
$stmt->execute();
echo $pdo->errorInfo();
show_pdo_errors_if_any($pdo);
message_push(happy(i18n("Round successfully saved")));
$action = '';
}
@ -265,11 +265,11 @@
echo "</td></tr>";
echo "<tr><td>".i18n("Start Time").":</td><td>";
emit_time_selector("starttime",$r['starttime']);
emit_time_selector("starttime",get_value_from_array($r, 'starttime'));
echo "</td></tr>";
echo "<tr><td>".i18n("End Time").":</td><td>";
emit_time_selector("endtime",$r['endtime']);
emit_time_selector("endtime",get_value_from_array($r, 'endtime'));
echo "</td></tr>";
echo "</table>";

7
admin/registration_list.php
View File

@ -404,7 +404,7 @@ send_footer();
/* Now some helper functions we call more than once */
function list_query($year, $wherestatus, $reg_id)
{
global $auth_type;
global $auth_type, $pdo;
$reg = '';
if($reg_id != false)
@ -415,7 +415,7 @@ function list_query($year, $wherestatus, $reg_id)
$fair = "AND projects.fairs_id='{$_SESSION['fairs_id']}'";
}
$q = pdo->prepare("SELECT registrations.id AS reg_id,
$q = $pdo->prepare("SELECT registrations.id AS reg_id,
registrations.num AS reg_num,
registrations.status,
registrations.email,
@ -439,7 +439,8 @@ function list_query($year, $wherestatus, $reg_id)
echo $pdo->erroInfo();
// FIXME
//echo $pdo->errorInfo();
return $q;
}

10
admin/registration_receivedforms.php
View File

@ -40,7 +40,7 @@
echo "<br />";
$showformatbottom=true;
if($_POST['action']=="received" && $_POST['registration_number'])
if(get_value_from_array($_POST, 'action') == "received" && get_value_from_array($_POST, 'registration_number'))
{
$q=$pdo->prepare("SELECT * FROM registrations WHERE num='".$_POST['registration_number']."' AND year='".$config['FAIRYEAR']."'");
$q->execute();
@ -209,7 +209,7 @@ echo $pdo->errorInfo();
}
else if(($_POST['action']=="receivedyes" || $_POST['action']=="receivedyesnocash") && $_POST['registration_number']) {
else if((get_value_from_array($_POST,'action',"receivedyes") || get_value_from_array($_POST,'action',"receivedyesnocash")) && get_value_from_array($_POST, 'registration_number')) {
$regnum = intval($_POST['registration_number']);
$checkNumQuery=$pdo->prepare("SELECT projectnumber
@ -285,12 +285,12 @@ echo $pdo->errorInfo();
echo happy(i18n("Registration of form %1 marked as payment pending",array($regnum)));
}
}
else if($_POST['action']=="receivedno" && $_POST['registration_number'])
else if(get_value_from_array($_POST, 'action',"receivedno") && get_value_from_array($_POST, 'registration_number'))
{
echo notice(i18n("Registration of form %1 cancelled",array($_POST['registration_number'])));
}
else if($_GET['action']=="unregister" && $_GET['registration_number']) {
else if(get_value_from_array($_GET,'action',"unregister") && get_value_from_array($_GET, 'registration_number')) {
$reg_num=intval(trim($_GET['registration_number']));
$q=$pdo-prepare("SELECT registrations.id AS reg_id, projects.id AS proj_id FROM projects,registrations WHERE projects.registrations_id=registrations.id AND registrations.year='{$config['FAIRYEAR']}' AND registrations.num='$reg_num'");
$q->execute();
@ -341,7 +341,7 @@ if ($_POST['action'] == 'recieve_all')
// Grab all projects that don't have project numbers. Status should therefor be open or new but not complete
$query_noprojectnumber = $pdo->prepare("SELECT * FROM projects WHERE projectnumber IS NULL AND year =".$config['FAIRYEAR']."");
// Define arrays to append to later
$query_noprojectnumber.execute();
$query_noprojectnumber->execute();
$completed_students = array();
$incomplete_students = array();
$newstatus_students = array();

13
admin/registration_stats.php
View File

@ -27,7 +27,7 @@
user_auth_required('committee', 'admin');
require("../register_participants.inc.php");
if($_GET['year']) $year=$_GET['year'];
if(get_value_from_array($_GET, 'year')) $year=$_GET['year'];
else $year=$config['FAIRYEAR'];
send_header("Registration Statistics",
@ -62,9 +62,8 @@
echo "</form>";
$q=$pdo->prepare("SELECT * FROM projectcategories WHERE year='$year' ORDER BY id");
while($r=$q->fetch(PDO::FETCH_OBJ)
$q->execute();
while($r=$q->fetch(PDO::FETCH_OBJ))
$cats[$r->id]=$r->category;
$q=$pdo->prepare("SELECT * FROM projectdivisions WHERE year='$year' ORDER BY id");
@ -83,7 +82,7 @@ if($showstatus) {
}
}
else $wherestatus="";
switch($_GET['sort']) {
switch(get_value_from_array($_GET, 'sort')) {
case 'status': $ORDERBY="registrations.status DESC, projects.title"; break;
case 'num': $ORDERBY="registrations.num"; break;
case 'projnum': $ORDERBY="projects.projectsort, projects.projectnumber"; break;
@ -113,7 +112,7 @@ else $wherestatus="";
$ORDERBY
");
$q->execute();
echo $pdo->errorInfo();
show_pdo_errors_if_any($pdo);
$stats_totalprojects=0;
$stats_totalstudents=0;
@ -159,7 +158,7 @@ else $wherestatus="";
AND
students.schools_id=schools.id
");
echo $pdo->errorInfo();
show_pdo_errors_if_any($pdo);
$studnum=1;
$schools="";

6
admin/reports.inc.php
View File

@ -424,7 +424,7 @@ foreach($report_stock as $n=>$v) {
WHERE reports_id='{$report['id']}'
ORDER BY `ord`");
$q->execute();
print($pdo->erroInfo());
show_pdo_errors_if_any($pdo);
if($q->rowCount() == 0) return $report;
@ -521,7 +521,7 @@ foreach($report_stock as $n=>$v) {
}
function report_load_all()
{
{ global $pdo;
$ret = array();
$q = $pdo->prepare("SELECT * FROM reports ORDER BY `name`");
@ -822,7 +822,7 @@ foreach($report['col'] as $v)
echo "</pre>";
exit;
}
echo $pdo->erroInfo();
show_pdo_errors_if_any($pdo);
$ncols = count($report['col']);
$n_groups = count($report['group']);

4
admin/reports.php
View File

@ -86,7 +86,7 @@ case 'save':
$stmt = $pdo->prepare("INSERT INTO `reports_committee` (`users_id`,`reports_id`)
VALUES('{$_SESSION['users_uid']}','$reports_id');");
$stmt->execute();
echo $pdo->errorInfo();
show_pdo_errors_if_any($pdo);
$id = $pdo->lastInsertId();
}
@ -247,7 +247,7 @@ $(document).ready(function() {
WHERE users_id='{$_SESSION['users_uid']}'
ORDER BY category,id");
$q->execute();
echo $pdo->errorInfo();
show_pdo_errors_if_any($pdo);
if($q->rowCount()== 0) {
echo i18n('You have no reports saved');
} else {

2
admin/reports_judges_teams_projects.php
View File

@ -164,7 +164,7 @@
ORDER BY
projectnumber
");
$projq->execute(;)
$projq->execute();
while($proj=$projq->fetch(PDO::FETCH_OBJ))
{

2
admin/reports_mailinglabels_generator.php
View File

@ -147,7 +147,7 @@ if($report)
i18n($config['postalzip']));
}
while($r=$q-.fetch(PDO::FETCH_OBJ))
while($r=$q->fetch(PDO::FETCH_OBJ))
{
//handle C/O differently for schools, becuase, well, french schools are picky!
if($report=="schools") {

4
admin/reports_projects_judges_teams.php
View File

@ -83,7 +83,7 @@
projects.projectnumber
");
$projq->execute();
echo $pdo->errorInfo();
show_pdo_errors_if_any($pdo);
while($proj=$projq->fetch(PDO::FETCH_OBJ))
{
@ -101,7 +101,7 @@
$students="";
$studnum=0;
while($studentinfo=$sq->fetch(PDO::fETCH_OBJ)
while($studentinfo=$sq->fetch(PDO::FETCH_OBJ))
{
if($studnum>0) $students.=", ";
$students.="$studentinfo->firstname $studentinfo->lastname";

2
admin/rerollprizes.php
View File

@ -54,7 +54,7 @@ $stmt->execute();
{
$stmt = $pdo->prepare("INSERT INTO award_awards (award_sponsors_id,award_types_id,name,criteria,presenter,`order`,year,excludefromac,cwsfaward) VALUES (
'".$r->award_sponsors_id."',
'".$r->award_types_i)."',
'".$r->award_types_i."',
'".$r->name."',
'".$r->criteria."',
'".$r->presenter."',

79
admin/schools.php
View File

@ -27,18 +27,18 @@
user_auth_required('committee', 'admin');
if($_POST['save']=="edit" || $_POST['save']=="add")
if(get_value_from_array($_POST,'save',"edit") || get_value_from_array($_POST,'save',"add"))
{
if($_POST['save']=="add")
if(get_value_from_array($_POST,'save',"add"))
{
$q=$pdo->prepare("INSERT INTO schools (year) VALUES ('".$config['FAIRYEAR']."')");
$q->execute();
$id=$pdo->lastInsertId();
}
else
$id=intval($_POST['id']);
$id=intval(get_value_from_array($_POST, 'id'));
$atrisk = $_POST['atrisk'] == 'yes' ? 'yes' : 'no';
$atrisk = get_value_from_array($_POST, 'atrisk') == 'yes' ? 'yes' : 'no';
/*
"sciencehead='".mysql_escape_string(stripslashes($_POST['sciencehead']))."', ".
@ -54,7 +54,7 @@
$principal_update = '';
$sciencehead_update = '';
list($first, $last) = split(' ', $_POST['principal'], 2);
list($first, $last) = explode(' ', get_value_from_array($_POST,'principal') ?? '', 2);
/* Load existing entry if it exists, else make an entry if
* there is data, else, do nothing */
if($i['principal_uid'] > 0)
@ -65,7 +65,7 @@
} else
$pl = false;
$em = $_POST['principalemail'];
$em = get_value_from_array($_POST,'principalemail');
/* If we loaded or created an entry, either
* update and save, or purge it */
@ -83,8 +83,9 @@
/* Get info about science head */
list($first, $last) = split(' ', $_POST['sciencehead'], 2);
$em = $_POST['scienceheademail'];
// FIX ME
list($first, $last) = explode(' ', get_value_from_array($_POST, 'sciencehead', ''), 2);
$em = get_value_from_array($_POST,'scienceheademail');
if($em == '' && ($first != '' || $last != '')) $em = "*$first$last".user_generate_password();
/* Load existing record, or create new if there's something
* to insert */
@ -122,52 +123,52 @@
}
$exec="UPDATE schools SET ".
"school='".stripslashes($_POST['school'])."', ".
"schoollang='".stripslashes($_POST['schoollang'])."', ".
"designate='".stripslashes($_POST['schooldesignate'])."', ".
"schoollevel='".stripslashes($_POST['schoollevel'])."', ".
"school='".stripslashes($_POST['school'])."', ".
"board='".stripslashes($_POST['board'])."', ".
"district='".stripslashes($_POST['district'])."', ".
"address='".stripslashes($_POST['address'])."', ".
"city='".stripslashes($_POST['city'])."', ".
"province_code='".stripslashes($_POST['province_code'])."', ".
"postalcode='".stripslashes($_POST['postalcode'])."', ".
"schoolemail='".stripslashes($_POST['schoolemail'])."', ".
"phone='".stripslashes($_POST['phone'])."', ".
"fax='".stripslashes($_POST['fax'])."', ".
"registration_password='".stripslashes($_POST['registration_password'])."', ".
"projectlimit='".stripslashes($_POST['projectlimit'])."', ".
"projectlimitper='".stripslashes($_POST['projectlimitper'])."', ".
"accesscode='".stripslashes($_POST['accesscode'])."', ".
"school='".get_value_from_array($_POST,'school')."', ".
"schoollang='".get_value_from_array($_POST,'schoollang')."', ".
"designate='".get_value_from_array($_POST,'schooldesignate')."', ".
"schoollevel='".get_value_from_array($_POST,'schoollevel')."', ".
"school='".get_value_from_array($_POST,'school')."', ".
"board='".get_value_from_array($_POST,'board')."', ".
"district='".get_value_from_array($_POST,'district')."', ".
"address='".get_value_from_array($_POST,'address')."', ".
"city='".get_value_from_array($_POST,'city')."', ".
"province_code='".get_value_from_array($_POST,'province_code')."', ".
"postalcode='".get_value_from_array($_POST,'postalcode')."', ".
"schoolemail='".get_value_from_array($_POST,'schoolemail')."', ".
"phone='".get_value_from_array($_POST,'phone')."', ".
"fax='".get_value_from_array($_POST,'fax')."', ".
"registration_password='".get_value_from_array($_POST, 'registration_password')."', ".
"projectlimit='".get_value_from_array($_POST,'projectlimit')."', ".
"projectlimitper='".get_value_from_array($_POST,'projectlimitper')."', ".
"accesscode='".get_value_from_array($_POST,'accesscode')."', ".
$sciencehead_update.$principal_update.
"atrisk='$atrisk' ".
"WHERE id='$id'";
$stmt = $pdo->prepare($exec);
$stmt->execute();
echo $pdo->errorInfo();
show_pdo_errors_if_any($pdo);
if($_POST['save']=="add")
if(get_value_from_array($_POST,'save',"add"))
$notice = 'added';
else
$notice = 'saved';
}
if($_GET['action']=="delete" && $_GET['delete'])
if(get_value_from_array($_GET,'action',"delete") && get_value_from_array($_GET, 'delete', ''))
{
$stmt = $pdo->prepare("DELETE FROM schools WHERE id='".$_GET['delete']."'");
$stmt->execute();
$notice = 'deleted';
}
if($_GET['action']=="clearaccesscodes")
if(get_value_from_array($_GET,'action',"clearaccesscodes"))
{
$stmt = $pdo->prepare("UPDATE schools SET accesscode=NULL WHERE year='{$config['FAIRYEAR']}'");
$stmt->execute();
$notice = 'clearaccess';
}
if($_GET['action']=="makeaccesscodes")
if(get_value_from_array($_GET,'action',"makeaccesscodes"))
{
$q=$pdo->prepare("SELECT id FROM schools WHERE year='{$config['FAIRYEAR']}' AND (accesscode IS NULL OR accesscode='')");
$q->execute();
@ -181,33 +182,33 @@
$notice = 'makeaccess';
}
if($_GET['action']=="edit" || $_GET['action']=="add")
if(get_value_from_array($_GET,'action',"edit") || get_value_from_array($_GET,'action',"add"))
{
send_header(($_GET['action']=='edit') ? "Edit School" : "Add New School",
send_header(get_value_from_array($_GET, 'action', 'edit') ? "Edit School" : "Add New School",
array('Committee Main' => 'committee_main.php',
'Administration' => 'admin/index.php',
'School Management' => 'admin/schools.php'),
"schools_management"
);
if($_GET['action']=="edit")
if(get_value_from_array($_GET,'action',"edit"))
{
$buttontext="Save School";
$q=$pdo->prepare("SELECT * FROM schools WHERE id='".$_GET['edit']."'");
$q=$pdo->prepare("SELECT * FROM schools WHERE id='".get_value_from_array($_GET, 'edit', '')."'");
$q->execute();
$r=$q->fetch(PDO::FETCH_OBJ);
}
else if($_GET['action']=="add")
else if(get_value_from_array($_GET, 'action',"add"))
{
$buttontext="Add School";
}
$buttontext=i18n($buttontext);
echo "<form method=\"post\" action=\"schools.php\">\n";
echo "<input type=\"hidden\" name=\"save\" value=\"".$_GET['action']."\">\n";
echo "<input type=\"hidden\" name=\"save\" value=\"".get_value_from_array($_GET, 'action')."\">\n";
if($_GET['action']=="edit")
echo "<input type=\"hidden\" name=\"id\" value=\"".$_GET['edit']."\">\n";
if(get_value_from_array($_GET,'action',"edit"))
echo "<input type=\"hidden\" name=\"id\" value=\"".get_value_from_array($_GET,'edit', '')."\">\n";
echo "<table>\n";
echo "<tr><td>".i18n("School Name")."</td><td><input type=\"text\" name=\"school\" value=\"".htmlspecialchars($r->school)."\" size=\"60\" maxlength=\"64\" /></td></tr>\n";

8
admin/user_list.php
View File

@ -37,12 +37,12 @@
$show_types = $_GET['show_types'];
if(user_valid_type($show_types) == false) $show_types = array('judge');
$show_complete = ($_GET['show_complete'] == 'yes') ? 'yes' : 'no';
$show_year = ($_GET['show_year'] == 'current') ? 'current' : 'all';
$show_complete = (get_value_from_array($_GET,'show_complete','yes')) ? 'yes' : 'no';
$show_year = get_value_from_array($_GET,'show_year','current') ? 'current' : 'all';
$uid = intval($_GET['uid']);
$uid = intval(get_value_from_array($_GET,'uid'));
if($_GET['action']=='remove') {
if(get_value_from_array($_GET,'action','remove')) {
if(!$uid) {
echo "Invalid uid for delete";
exit;

7
admin/winners.php
View File

@ -29,8 +29,8 @@ require_once('../fair_additional_materials.inc.php');
$auth_type = user_auth_required(array('fair','committee'), 'admin');
$award_awards_id = intval($_GET['award_awards_id']);
$action = $_GET['action'];
$award_awards_id = intval(get_value_from_array($_GET,'award_awards_id'));
$action = get_value_from_array($_GET,'action');
/* Load fairs */
$fairs = array();
@ -419,7 +419,8 @@ $q = $pdo->prepare("SELECT
$fair_where
ORDER BY awards_order");
echo $pdo->errorInfo();
// FIXME
//echo $pdo->errorInfo();
if($q->rowCount() == 0) {
echo i18n('No awards to display.');

16
committees.php
View File

@ -24,20 +24,21 @@
<?
require_once('common.inc.php');
require_once('user.inc.php');
require_once('helper.inc.php');
send_header("Committee List", null, "committee_management");
echo "<table>";
$q = $pdo->prepare("SELECT * FROM committees ORDER BY ord,name");
$q->execute();
while($r=$q->fetch())
while($r=$q->fetch(PDO::FETCH_OBJ))
{
/* Select all the u$q=("SELECT * FROM committees ORDER BY ord,name");sers in the committee, using MAX(year) for the most recent year */
$q2=("SELECT committees_link.*,users.uid,MAX(users.year),users.lastname
$q2=$pdo->prepare("SELECT committees_link.*,users.uid,MAX(users.year),users.lastname
FROM committees_link LEFT JOIN users ON users.uid = committees_link.users_uid
WHERE committees_id='{$r->id}'
GROUP BY users.uid ORDER BY ord,users.lastname ");
$q2->execute();
//if there's nobody in this committee, then just skip it and go on to the next one.
if($q2->rowCount()==0)
continue;
@ -46,9 +47,10 @@
echo "<td colspan=\"3\"><h3>".i18n($r->name)."</h3>";
echo "</td></tr>\n";
echo pdo->errorInfo();
while($r2 = $q2->fetch()){
show_pdo_errors_if_any($pdo);
while($r2 = $q2->fetch(PDO::FETCH_OBJ)){
$uid = $r2->users_uid;
$u = user_load_by_uid($uid);
@ -72,8 +74,8 @@
$output=str_replace("email","",$output);
$output=str_replace("phonehome",$u['phonehome'],$output);
$output=str_replace("phonework",$u['->phonework'],$output);
$output=str_replace("phonecell",$u['->phonecell'],$output);
$output=str_replace("phonework",$u['phonework'],$output);
$output=str_replace("phonecell",$u['phonecell'],$output);
$output=str_replace("fax",$u['fax'],$output);
echo $output;

53
common.inc.php
View File

@ -22,10 +22,10 @@
*/
?>
<?
include_once("helper.inc.php");
//////echo phpinfo();
header("Content-Type: text/html; charset=utf8");
include_once("helper.inc.php");
//set error reporting to not show notices, for some reason some people's installation dont set this by default
//so we will set it in the code instead just to make sure
error_reporting(E_ALL);
@ -460,6 +460,7 @@ echo "</div>";
<table cellpadding="5" width="100%">
<tr><td width="175">
<?
global $pdo;
//if the date is greater than the date/time that the confirmed participants gets posted,
//then we will show the registration confirmation page as a link in the menu,
$registrationconfirmationlink="";
@ -467,8 +468,9 @@ echo "</div>";
//only display it if a date is set to begin with.
if($config['dates']['postparticipants'] && $config['dates']['postparticipants']!="0000-00-00 00:00:00")
{
$q=("SELECT (NOW()>'".$config['dates']['regclose']."') AS test");
$r=$q->fetch();
$q= $pdo->prepare("SELECT (NOW()>'".$config['dates']['regclose']."') AS test");
$q->execute();
$r=$q->fetch(PDO::FETCH_OBJ);
if($r->test==1)
{
$registrationconfirmationlink="<li><a href=\"".$config['SFIABDIRECTORY']."/confirmed_participants.php\">".i18n("Confirmed Participants")."</a></li>";
@ -480,21 +482,16 @@ echo "</div>";
<?
if(is_array($nav)) {
$navkeys=array_keys($nav);
switch($navkeys[2]) {
case "Fundraising":
echo "<ul class=\"mainnav\">\n";
echo "<li><h4 style=\"text-align: center;\">".i18n("Fundraising")."</h4></li>\n";
echo "<li><a href=\"{$config['SFIABDIRECTORY']}/admin/fundraising.php\">".i18n("Fundraising Dashboard").'</a></li>';
echo "<li><a href=\"{$config['SFIABDIRECTORY']}/admin/fundraising_setup.php\">".i18n("Fundraising Setup").'</a></li>';
echo "<li><a href=\"{$config['SFIABDIRECTORY']}/admin/fundraising_campaigns.php\">".i18n("Manage Appeals").'</a></li>';
echo "<li><a href=\"{$config['SFIABDIRECTORY']}/admin/donors.php\">".i18n("Manage Donors/Sponsors").'</a></li>';
echo "<li><a href=\"{$config['SFIABDIRECTORY']}/admin/fundraising_reports.php\">".i18n("Fundraising Reports").'</a></li>';
echo "</ul><br />\n";
break;
default:
//no special menu
break;
}
if (isset($navkeys[2]) && $navkeys[2] == "Fundraising") {
echo "<ul class=\"mainnav\">\n";
echo "<li><h4 style=\"text-align: center;\">".i18n("Fundraising")."</h4></li>\n";
echo "<li><a href=\"{$config['SFIABDIRECTORY']}/admin/fundraising.php\">".i18n("Fundraising Dashboard").'</a></li>';
echo "<li><a href=\"{$config['SFIABDIRECTORY']}/admin/fundraising_setup.php\">".i18n("Fundraising Setup").'</a></li>';
echo "<li><a href=\"{$config['SFIABDIRECTORY']}/admin/fundraising_campaigns.php\">".i18n("Manage Appeals").'</a></li>';
echo "<li><a href=\"{$config['SFIABDIRECTORY']}/admin/donors.php\">".i18n("Manage Donors/Sponsors").'</a></li>';
echo "<li><a href=\"{$config['SFIABDIRECTORY']}/admin/fundraising_reports.php\">".i18n("Fundraising Reports").'</a></li>';
echo "</ul><br />\n";
}
}
?>
<ul class="mainnav">
@ -618,7 +615,7 @@ else if($title)
//if we're under /admin or /config then we want to show the ? help icon
if(substr(getcwd(),-6)=="/admin" || substr(getcwd(),-7)=="/config" || substr(getcwd(),-6)=="\\admin" || substr(getcwd(),-7)=="\\config" )
{
if($_SERVER['REDIRECT_SCRIPT_URL'])
if(get_value_from_array($_SERVER, 'REDIRECT_SCRIPT_URL'))
$fname=substr($_SERVER['REDIRECT_SCRIPT_URL'],strlen($config['SFIABDIRECTORY'])+1);
else
$fname=substr($_SERVER['PHP_SELF'],strlen($config['SFIABDIRECTORY'])+1);
@ -830,7 +827,8 @@ function emit_minute_selector($name,$selected="")
function emit_time_selector($name,$selected="")
{
global $hour;
global $minute;
if($selected)
{
list($hour,$minute,$second)=explode(":",$selected);
@ -848,7 +846,9 @@ function emit_time_selector($name,$selected="")
function emit_province_selector($name,$selected="",$extra="")
{
global $config;
$q=("SELECT * FROM provinces WHERE countries_code='".$config['country']."' ORDER BY province");
global $pdo;
$q=$pdo->prepare("SELECT * FROM provinces WHERE countries_code='".$config['country']."' ORDER BY province");
$q->execute();
if($q->rowCount()==1)
{
$r = $q->fetch();
@ -1165,11 +1165,12 @@ function committee_warnings()
//properly :)
$q = $pdo->prepare("SELECT DATE_ADD('".$config['dates']['fairdate']."', INTERVAL 4 MONTH) < NOW() AS rollovercheck");
$q->execute();
$r = $q->fetch();
$r = $q->fetch(PDO::FETCH_OBJ);
// FIXME Clear out Important Dates as part of rollover
if($r->rollovercheck) {
echo error(i18n("It has been more than 4 months since your fair. In order to prepare the system for the next year's fair, you should go to the SFIAB Configuration page, and click on 'Rollover Fair Year'. Do not start updating the system with new information until the year has been properly rolled over."));
}
@ -1183,7 +1184,7 @@ function committee_warnings()
/* The bug was that the external_identifier was set to the prize name.. so only display the warning
* if we find that case for a non-sfiab external fair */
while(($p = $q->fetch(PDO::FETCH_ASSOC) )) {
$qq = ("SELECT * FROM award_awards
$qq = ("SELECT * FROM award_awards $r->rollovercheck
LEFT JOIN fairs ON fairs.id=award_awards.award_source_fairs_id
WHERE award_awards.id='{$p['award_awards_id']}'
AND year='{$config['FAIRYEAR']}'
@ -1254,7 +1255,7 @@ function format_datetime($dt) {
}
function format_money($n,$decimals=true)
{
{ global $neg;
if($n<0){
$neg=true;
$n=$n*-1;

4
config/backuprestore.php
View File

@ -32,7 +32,7 @@ if(!file_exists("../data/backuprestore"))
file_put_contents("../data/backuprestore/.htaccess","Order Deny,Allow\r\nDeny From All\r\n");
if($_GET['action']=="backup") {
if(get_value_from_array($_GET,'action',"backup")) {
$ts=time();
$dump="#SFIAB SQL BACKUP: ".date("r",$ts)."\n";
$dump.="#SFIAB VERSION: ".$config['version']."\n";
@ -50,7 +50,7 @@ while($tr=$tableq->fetch(PDO::FETCH_NUM)) {
$str="INSERT INTO `$table` (";
unset($fields);
$fields=array();
while($cr=$columnq->fetch(PDO:FETCH_OBJ)) {
while($cr=$columnq->fetch(PDO::FETCH_OBJ)) {
$str.="`".$cr->Field."`,";
$fields[]=$cr->Field;
}

29
config/categories.php
View File

@ -24,10 +24,11 @@
<?
require("../common.inc.php");
require_once("../user.inc.php");
require_once('../helper.inc.php');
user_auth_required('committee', 'config');
if($_GET['action']=="edit" || $_GET['action']=="new") {
send_header(($_GET['action']=="edit") ? 'Edit Category' : 'New Category',
if(get_value_from_array($_GET, 'action',"edit") || get_value_from_array($_GET,'action',"new")) {
send_header((get_value_from_array($_GET, 'action',"edit")) ? 'Edit Category' : 'New Category',
array('Committee Main' => 'committee_main.php',
'SFIAB Configuration' => 'config/index.php',
'Age Categories' => 'config/categories.php'),"project_age_categories");
@ -37,10 +38,10 @@
'SFIAB Configuration' => 'config/index.php'),"project_age_categories");
}
if($_POST['action']=="edit")
if(get_value_from_array($_POST, 'action', "edit"))
{
//ues isset($_POST['mingrade']) instead of just $_POST['mingrade'] to allow entering 0 for kindergarden
if($_POST['id'] && $_POST['category'] && isset($_POST['mingrade']) && $_POST['maxgrade'])
if(get_value_from_array($_POST, 'id') && get_value_from_array($_POST, 'category') && isset($_POST['mingrade']) && $_POST['maxgrade'])
{
$q=$pdo->prepare("SELECT id FROM projectcategories WHERE id='".$_POST['id']."' AND year='".$config['FAIRYEAR']."'");
$q->execute();
@ -68,10 +69,10 @@
}
}
if($_POST['action']=="new")
if(get_value_from_array($_POST, 'action', "new"))
{
//ues isset($_POST['mingrade']) instead of just $_POST['mingrade'] to allow entering 0 for kindergarden
if($_POST['id'] && $_POST['category'] && isset($_POST['mingrade']) && $_POST['maxgrade'])
if(get_value_from_array($_POST, 'id') && $_POST['category'] && isset($_POST['mingrade']) && $_POST['maxgrade'])
{
$q=$pdo->prepare("SELECT id FROM projectcategories WHERE id='".$_POST['id']."' AND year='".$config['FAIRYEAR']."'");
$q->execute();
@ -99,7 +100,7 @@
}
}
if($_GET['action']=="remove" && $_GET['remove'])
if(get_value_from_array($_GET, 'action',"remove") && get_value_from_array($_GET, 'remove'))
{
//###### Feature Specific - filtering divisions by category - not conditional, cause even if they have the filtering turned off..if any links
//for this division exist they should be deleted
@ -113,7 +114,7 @@
echo "<form method=\"post\" action=\"".$_SERVER['PHP_SELF']."\">";
if(! ($_GET['action']=="edit" || $_GET['action']=="new") )
if(! get_value_from_array($_GET, 'action', "edit" ) || get_value_from_array($_GET, 'action',"new") )
echo "<a href=\"".$_SERVER['PHP_SELF']."?action=new\">".i18n("Add new age category")."</a>\n";
echo "<table class=\"summarytable\">";
@ -126,18 +127,18 @@
echo "<th>".i18n("Actions")."</th>\n";
echo "</tr>";
if($_GET['action']=="edit" || $_GET['action']=="new")
if(get_value_from_array($_GET, 'action', "edit") || get_value_from_array($_GET, 'action', "new"))
{
echo "<input type=\"hidden\" name=\"action\" value=\"".$_GET['action']."\">\n";
if($_GET['action']=="edit")
echo "<input type=\"hidden\" name=\"action\" value=\"".get_value_from_array($_GET,'action')."\">\n";
if(get_value_from_array($_GET,'action',"edit"))
{
echo "<input type=\"hidden\" name=\"saveid\" value=\"".$_GET['edit']."\">\n";
$q=$pdo->prepare("SELECT * FROM projectcategories WHERE id='".$_GET['edit']."' AND year='".$config['FAIRYEAR']."'");
echo "<input type=\"hidden\" name=\"saveid\" value=\"".get_value_from_array($_GET, 'edit')."\">\n";
$q=$pdo->prepare("SELECT * FROM projectcategories WHERE id='".get_value_from_array($_GET, 'edit')."' AND year='".$config['FAIRYEAR']."'");
$q->execute();
$categoryr=$q->fetch(PDO::FETCH_OBJ);
$buttontext="Save";
}
else if($_GET['action']=="new")
else if(get_value_from_array($_GET,'action',"new"))
{
$buttontext="Add";
}

7
config/dates.php
View File

@ -24,6 +24,7 @@
<?
require("../common.inc.php");
require_once("../user.inc.php");
require_once('../helper.inc.php');
user_auth_required('committee', 'config');
send_header("Dates",
array('Committee Main' => 'committee_main.php',
@ -49,7 +50,7 @@ $(document).ready(function() {
$error_ids = array();
if($_POST['action']=="save") {
if(get_value_from_array($_POST, 'action', "save")) {
if($_POST['savedates']) {
foreach($_POST['savedates'] as $key=>$val) {
//put the date and time back together
@ -74,7 +75,7 @@ $dates = array('fairdate' => array() ,
'regclose' => array(),
'postparticipants' => array(),
'postwinners' => array(),
'judgeregopen' => datesarray(),
'judgeregopen' => array(),
'judgeregclose' => array(),
'judgescheduleavailable' => array(),
'specawardregopen' => array(),
@ -141,7 +142,7 @@ foreach($dates as $dn=>$d) {
$d['date']=$def->date;
}
$e = '';
if($error_ids[$d['id']]) {
if(get_value_from_array($error_ids, $d['id'])) {
$e = "<span style=\"color: red;\">*</span> ".$error_ids[$d['id']]."</font>";
}
list($_d,$_t)=explode(" ",$d['date']);

30
config/divisions.php
View File

@ -24,10 +24,11 @@
<?
require("../common.inc.php");
require_once("../user.inc.php");
require_once('../helper.inc.php');
user_auth_required('committee', 'config');
if($_GET['action']=="edit" || $_GET['action']=="new") {
send_header(($_GET['action']=="edit") ? "Edit Division" : "New Division",
if(get_value_from_array($_GET, 'action',"edit") || get_value_from_array($_GET,'action',"new")) {
send_header(get_value_from_array($_GET,'action',"edit") ? "Edit Division" : "New Division",
array('Committee Main' => 'committee_main.php',
'SFIAB Configuration' => 'config/index.php',
'Project Divisions' => 'config/divisions.php'),
@ -40,9 +41,9 @@ if($_GET['action']=="edit" || $_GET['action']=="new") {
}
if($_POST['action']=="edit")
if(get_value_from_array($_POST,'action',"edit"))
{
if($_POST['id'] && $_POST['division'] )
if(get_value_from_array($_POST, 'id') && get_value_from_array($_POST, 'division' ))
{
$q=$pdo->prepare("SELECT id FROM projectdivisions WHERE id='".$_POST['id']."' AND year='".$config['FAIRYEAR']."'");
$q->execute();
@ -86,9 +87,9 @@ if($_GET['action']=="edit" || $_GET['action']=="new") {
}
}
if($_POST['action']=="new")
if(get_value_from_array($_POST, 'action',"new"))
{
if($_POST['id'] && $_POST['division'])
if(get_value_from_array($_POST, 'id') && get_value_from_array($_POST, 'division'))
{
$q=$pdo->prepare("SELECT id FROM projectdivisions WHERE id='".$_POST['id']."' AND year='".$config['FAIRYEAR']."'");
$q->execute();
@ -125,7 +126,7 @@ if($_GET['action']=="edit" || $_GET['action']=="new") {
}
}
if($_GET['action']=="remove" && $_GET['remove'])
if(get_value_from_array($_GET,'action',"remove") && get_value_from_array($_GET, 'remove'))
{
//###### Feature Specific - filtering divisions by category - not conditional, cause even if they have the filtering turned off..if any links
//for this division exist they should be deleted
@ -138,7 +139,7 @@ if($_GET['action']=="edit" || $_GET['action']=="new") {
echo "<form method=\"post\" action=\"".$_SERVER['PHP_SELF']."\">";
if(! ($_GET['action']=="edit" || $_GET['action']=="new") )
if(! get_value_from_array($_GET, 'action',"edit") || get_value_from_array($_GET,'action',"new") )
echo "<a href=\"".$_SERVER['PHP_SELF']."?action=new\">".i18n("Add new division")."</a>\n";
echo "<table class=\"summarytable\">";
@ -153,18 +154,19 @@ if($_GET['action']=="edit" || $_GET['action']=="new") {
echo "<th>".i18n("Actions")."</th>\n";
echo "</tr>";
if($_GET['action']=="edit" || $_GET['action']=="new")
if(get_value_from_array($_GET, 'action', "edit") ||get_value_from_array( $_GET,'action',"new"))
{
echo "<input type=\"hidden\" name=\"action\" value=\"".$_GET['action']."\">\n";
if($_GET['action']=="edit")
echo "<input type=\"hidden\" name=\"action\" value=\"".get_value_from_array($_GET, 'action')."\">\n";
if(get_value_from_array($_GET,'action',"edit"))
{
echo "<input type=\"hidden\" name=\"saveid\" value=\"".$_GET['edit']."\">\n";
$q=$pdo->prepare("SELECT * FROM projectdivisions WHERE id='".$_GET['edit']."' AND year='".$config['FAIRYEAR']."'");
echo "<input type=\"hidden\" name=\"saveid\" value=\"".get_value_from_array($_GET,'edit')."\">\n";
$q=$pdo->prepare("SELECT * FROM projectdivisions WHERE id='".get_value_from_array($_GET,'edit')."' AND year='".$config['FAIRYEAR']."'");
$q->execute();
$divisionr=$q->fetch(PDO::FETCH_OBJ);
$buttontext="Save";
}
else if($_GET['action']=="new")
else if(get_vaue_from_array($_GET,'action',"new"))
{
$buttontext="Add";
}

3
config/divisions_cwsf.php
View File

@ -24,6 +24,7 @@
<?
require("../common.inc.php");
require_once("../user.inc.php");
require_once('../helper.inc.php');
user_auth_required('committee', 'config');
send_header("CWSF Project Divisions",
array('Committee Main' => 'committee_main.php',
@ -32,7 +33,7 @@
);
////// FIX ME!!!!!
if(count($_POST['cwsfdivision']))
if(count(get_value_from_array($_POST, 'cwsfdivision', '')))
{
foreach($_POST['cwsfdivision'] AS $k=>$v)
{

4
config/images.php
View File

@ -30,7 +30,7 @@ send_header("Fair Logo Image",
'SFIAB Configuration' => 'config/index.php'),
"images");
if($_POST['action']=="addimage") {
if(get_value_from_array($_POST,'action',"addimage")) {
if($_FILES['image']['error']==UPLOAD_ERR_OK) {
//make sure its a JPEG
$imagesize=getimagesize($_FILES['image']['tmp_name']);
@ -96,7 +96,7 @@ if($_POST['action']=="addimage") {
echo error(i18n("Error uploading Logo Image").": ".$_FILES['image']['error']);
}
if($_POST['action']=="delimage") {
if(get_value_from_array($_POST,'action',"delimage")) {
@unlink("../data/logo.gif");
@unlink("../data/logo-100.gif");
@unlink("../data/logo-200.gif");

6
config/languagepacks.php
View File

@ -49,7 +49,7 @@
{
foreach($packs AS $p)
{
list($langpack,$filename,$lastupdate)=split("\t",trim($p));
list($langpack,$filename,$lastupdate)=explode("\t",trim($p));
$ret[$langpack]=array("lang"=>$langpack,"filename"=>$filename,"lastupdate"=>$lastupdate);
}
}
@ -62,7 +62,7 @@
}
if($_GET['action']=="check")
if(get_value_from_array($_GET,'action',"check"))
{
$packs=loadLanguagePacks();
@ -92,7 +92,7 @@
}
}
if($_GET['action']=="install" && $_GET['install'])
if(get_value_from_array($_GET,'action',"install") && get_value_from_array($_GET,'install'))
{
$packs=loadLanguagePacks();
$loaded=0;

144
config/rollover.php
View File

@ -56,6 +56,7 @@
function roll($currentfairyear, $newfairyear, $table, $where='', $replace=array())
{
global $pdo;
/* Field Type Null Key Default Extra
* id int(10) unsigned NO PRI NULL auto_increment
* sponsors_id int(10) unsigned NO MUL 0
@ -65,7 +66,8 @@
/* Get field list for this table */
$q = $pdo->prepare("SHOW COLUMNS IN `$table`");
$q->execute();
while(($c = $q->fech(PDDO::FETCH_ASSOC))) {
show_pdo_errors_if_any($pdo);
while(($c = $q->fetch(PDO::FETCH_ASSOC))) {
$col[$c['Field']] = $c;
}
@ -86,29 +88,30 @@
/* Get data */
$q=$pdo->prepare("SELECT * FROM $table WHERE year='$currentfairyear' AND $where");
$q->execute();
echo $pdo->errorInfo();
show_pdo_errors_if_any($pdo);
$names = '`'.join('`,`', $fields).'`';
/* Process data */
while($r=$q->fech(PDDO::FETCH_ASSOC)) {
while($r=$q->fetch(PDO::FETCH_ASSOC)) {
$vals = '';
foreach($fields as $f) {
if(array_key_exists($f, $replace))
$vals .= ",'".$replace[$f]."'";
$vals .= ",".$pdo->quote($replace[$f]);
else if($col[$f]['Null'] == 'YES' && $r[$f] == NULL)
$vals .= ',NULL';
else
$vals .= ",'".$r[$f]."'";
$vals .= ",".$pdo->quote($r[$f]);
}
$stmt = $pdo->prepare("INSERT INTO `$table`(`year`,$names) VALUES ('$newfairyear'$vals)");
$stmt->execute();
echo $pdo->errorInfo();
show_pdo_errors_if_any($pdo);
}
}
if($_POST['action']=="rollover" && $_POST['nextfairyear'])
if(get_value_from_array($_POST, 'action') == "rollover" && get_value_from_array($_POST, 'nextfairyear'))
{
$newfairyear=intval($_POST['nextfairyear']);
$newfairyear=intval(get_value_from_array($_POST, 'nextfairyear'));
$currentfairyear=intval($config['FAIRYEAR']);
$cy = $currentfairyear;
@ -130,37 +133,41 @@
echo i18n("Rolling dates")."<br />";
$q=$pdo->prepare("SELECT DATE_ADD(date,INTERVAL 365 DAY) AS newdate,name,description FROM dates WHERE year='$currentfairyear'");
$q->execute();
echo $pdo->errorInfo();
while($r=$q->fetch(PDO::FETCH_OBJ))
show_pdo_errors_if_any($pdo);
while($r=$q->fetch(PDO::FETCH_OBJ)) {
$stmt = $pdo->prepare("INSERT INTO dates (date,name,description,year) VALUES (
'".$r->newdate."',
'".$r->name."',
'".$r->description."',
'".$newfairyear."')");
$stmt->execute();
show_pdo_errors_if_any($pdo);
}
//page text
echo i18n("Rolling page texts")."<br />";
$q=$pdo->prepare("SELECT * FROM pagetext WHERE year='$currentfairyear'");
$q->execute();
echo $pdo->errorInfo();
while($r=$q->fetch(PDO::FETCH_OBJ))
show_pdo_errors_if_any($pdo);
while($r=$q->fetch(PDO::FETCH_OBJ)) {
$stmt = $pdo->prepare("INSERT INTO pagetext (textname,textdescription,text,lastupdate,year,lang) VALUES (
'".$r->textname."',
'".$r->textdescription."',
'".$r->text."',
'".$r->lastupdate."',
'".$newfairyear)."',
'".$r->lang."')";
'".$newfairyear."',
'".$r->lang."')");
$stmt->execute();
show_pdo_errors_if_any($pdo);
}
echo i18n("Rolling project categories")."<br />";
//project categories
$q=$pdo->prepare("SELECT * FROM projectcategories WHERE year='$currentfairyear'");
$q->execute();
echo $pdo->errorInfo();
while($r=$q->fetch(PDO::FETCH_OBJ))
show_pdo_errors_if_any($pdo);
while($r=$q->fetch(PDO::FETCH_OBJ)) {
$stmt = $pdo->prepare("INSERT INTO projectcategories (id,category,category_shortform,mingrade,maxgrade,year) VALUES (
'".$r->id."',
'".$r->category."',
@ -169,13 +176,15 @@
'".$r->maxgrade."',
'".$newfairyear."')");
$stmt->execute();
show_pdo_errors_if_any($pdo);
}
echo i18n("Rolling project divisions")."<br />";
//project divisions
$q=$pdo->prepare("SELECT * FROM projectdivisions WHERE year='$currentfairyear'");
$q->execute();
echo $pdo->errorInfo();
while($r=$q->fetch(PDO::FETCH_OBJ))
show_pdo_errors_if_any($pdo);
while($r=$q->fetch(PDO::FETCH_OBJ)) {
$stmt = $pdo->prepare("INSERT INTO projectdivisions (id,division,division_shortform,cwsfdivisionid,year) VALUES (
'".$r->id."',
'".$r->division."',
@ -183,38 +192,44 @@
'".$r->cwsfdivisionid."',
'".$newfairyear."')");
$stmt->execute();
show_pdo_errors_if_any($pdo);
}
echo i18n("Rolling project category-division links")."<br />";
//project categories divisions links
$q=$pdo->prepare("SELECT * FROM projectcategoriesdivisions_link WHERE year='$currentfairyear'");
$q->execute();
echo $pdo->errorInfo();
while($r=$q->fetch(PDO::FETCH_OBJ))
show_pdo_errors_if_any($pdo);
while($r=$q->fetch(PDO::FETCH_OBJ)) {
$stmt = $pdo->prepare("INSERT INTO projectcategoriesdivisions_link (projectdivisions_id,projectcategories_id,year) VALUES (
'".$r->projectdivisions_id."',
'".$r->projectcategories_id."',
'".$newfairyear."')");
$stmt->execute();
show_pdo_errors_if_any($pdo);
}
echo i18n("Rolling project sub-divisions")."<br />";
//project subdivisions
$q=$pdo->prepare("SELECT * FROM projectsubdivisions WHERE year='$currentfairyear'");
$q->execute();
echo $pdo->errorInfo();
while($r=$q->fetch(PDO::FETCH_OBJ))
show_pdo_errors_if_any($pdo);
while($r=$q->fetch(PDO::FETCH_OBJ)) {
$stmt = $pdo->prepare("INSERT INTO projectsubdivisions (id,projectdivisions_id,subdivision,year) VALUES (
'".$r->id."',
'".$r->projectsubdivisions_id."',
'".$r->subdivision."',
'".$newfairyear."')");
$stmt->execute();
show_pdo_errors_if_any($pdo);
}
echo i18n("Rolling safety questions")."<br />";
//safety questions
$q=$pdo->prepare("SELECT * FROM safetyquestions WHERE year='$currentfairyear'");
$q->execute();
echo $pdo->errorInfo();
while($r=$q->fetch(PDO::FETCH_OBJ))
show_pdo_errors_if_any($pdo);
while($r=$q->fetch(PDO::FETCH_OBJ)) {
$stmt = $pdo->prepare("INSERT INTO safetyquestions (question,type,required,ord,year) VALUES (
'".$r->question."',
'".$r->type."',
@ -222,6 +237,8 @@
'".$r->ord."',
'".$newfairyear."')");
$stmt->execute();
show_pdo_errors_if_any($pdo);
}
echo i18n("Rolling awards")."<br />";
//awards
@ -229,7 +246,7 @@
$q=$pdo->prepare("SELECT * FROM award_awards WHERE year='$currentfairyear'");
$q->execute();
echo $pdo->errorInfo();
show_pdo_errors_if_any($pdo);
while($r=$q->fetch(PDO::FETCH_OBJ)) {
/* Roll the one award */
roll($cy, $ny, 'award_awards', "id='{$r->id}'");
@ -249,64 +266,69 @@
//award types
$q=$pdo->prepare("SELECT * FROM award_types WHERE year='$currentfairyear'");
$q->execute();
echo $pdo->errorInfo();
while($r=$q->fetch(PDO::FETCH_OBJ))
show_pdo_errors_if_any($pdo);
while($r=$q->fetch(PDO::FETCH_OBJ)) {
$stmt = $pdo->prepare("INSERT INTO award_types (id,type,`order`,year) VALUES (
'".$r->id."',
'".$r->type."',
'".$r->order."',
'".$newfairyear."')");
$stmt->execute();
show_pdo_errors_if_any($pdo);
}
echo i18n("Rolling schools")."<br />";
//award types
$q=$pdo->prepare("SELECT * FROM schools WHERE year='$currentfairyear'");
$q->execute();
echo $pdo->errorInfo();
show_pdo_errors_if_any($pdo);
while($r=$q->fetch(PDO::FETCH_OBJ)) {
$puid = ($r->principal_uid == null) ? 'NULL' : ("'".intval($r->principal_uid)."'");
$shuid = ($r->sciencehead_uid == null) ? 'NULL' : ("'".intval($r->sciencehead_uid)."'");
$stmt = $pdo->prepare("INSERT INTO schools (school,schoollang,schoollevel,board,district,phone,fax,address,city,province_code,postalcode,principal_uid,schoolemail,sciencehead_uid,accesscode,lastlogin,junior,intermediate,senior,registration_password,projectlimit,projectlimitper,year) VALUES (
'".$r->school."',
'".$r->schoollang."',
'".$r->schoollevel."',
'".$r->board."',
'".$r->district."',
'".$r->phone."',
'".$r->fax."',
'".$r->address."',
'".$r->city."',
'".$r->province_code."',
'".$r->postalcode."',$puid,
'".$r->schoolemail."',$shuid,
'".$r->accesscode."',
".$pdo->quote($r->school).",
".$pdo->quote($r->schoollang).",
".$pdo->quote($r->schoollevel).",
".$pdo->quote($r->board).",
".$pdo->quote($r->district).",
".$pdo->quote($r->phone).",
".$pdo->quote($r->fax).",
".$pdo->quote($r->address).",
".$pdo->quote($r->city).",
".$pdo->quote($r->province_code).",
".$pdo->quote($r->postalcode).",$puid,
".$pdo->quote($r->schoolemail).",$shuid,
".$pdo->quote($r->accesscode).",
NULL,
'".$r->junior."',
'".$r->intermediate."',
'".$r->senior."',
'".$r->registration_password."',
'".$r->projectlimit."',
'".$r->projectlimitper."',
'".$newfairyear."')");
".$pdo->quote($r->junior).",
".$pdo->quote($r->intermediate).",
".$pdo->quote($r->senior).",
".$pdo->quote($r->registration_password).",
".$pdo->quote($r->projectlimit).",
".$pdo->quote($r->projectlimitper).",
".$newfairyear.")");
$stmt->execute();
show_pdo_errors_if_any($pdo);
}
echo i18n("Rolling questions")."<br />";
$q = $pdo->prepare("SELECT * FROM questions WHERE year='$currentfairyear'");
$q->execute();
while($r=$q->fetch(PDO::FETCH_OBJ))
show_pdo_errors_if_any($pdo);
while($r=$q->fetch(PDO::FETCH_OBJ)) {
$stmt = $pdo->prepare("INSERT INTO questions (id,year,section,db_heading,question,type,required,ord) VALUES (
'',
'$newfairyear',
'".$r->section."',
'".$r->db_heading."',
'".$r->question."',
'".$r->type."',
'".$r->required."',
'".$r->ord."')");
".$pdo->quote($r->section).",
".$pdo->quote($r->db_heading).",
".$pdo->quote($r->question).",
".$pdo->quote($r->type).",
".$pdo->quote($r->required).",
".$pdo->quote($r->ord).")");
$stmt->execute();
show_pdo_errors_if_any($pdo);
}
//regfee items
echo i18n("Rolling registration fee items")."<br />";
@ -320,29 +342,31 @@
echo i18n('Rolling judging timeslots and rounds')."<br />";
$q=$pdo->prepare("SELECT * FROM judges_timeslots WHERE year='$currentfairyear' AND round_id='0'");
$q->execute();
echo $pdo->errorInfo();
while($r=$q->fech(PDDO::FETCH_ASSOC)) {
show_pdo_errors_if_any($pdo);
while($r=$q->fetch(PDO::FETCH_ASSOC)) {
$d = $newfairyear - $currentfairyear;
$stmt = $pdo->prepare("INSERT INTO judges_timeslots (`year`,`round_id`,`type`,`date`,`starttime`,`endtime`,`name`)
VALUES ('$newfairyear','0','{$r['type']}',DATE_ADD('{$r['date']}', INTERVAL $d YEAR),
'{$r['starttime']}','{$r['endtime']}','{$r['name']}')");
$stmt->execute();
echo $pdo->errorInfo();
show_pdo_errors_if_any($pdo);
$round_id = $pdo->lastInsertId();
$qq = $pdo->prepare("SELECT * FROM judges_timeslots WHERE round_id='{$r['id']}'");
$qq->execute();
echo $pdo->errorInfo();
show_pdo_errors_if_any($pdo);
while($rr=$qq->fetch(PDO::FETCH_ASSOC)) {
$stmt = $pdo->prepare("INSERT INTO judges_timeslots (`year`,`round_id`,`type`,`date`,`starttime`,`endtime`)
VALUES ('$newfairyear','$round_id','timeslot',DATE_ADD('{$rr['date']}', INTERVAL $d YEAR),
'{$rr['starttime']}','{$rr['endtime']}')");
$stmt->execute();
show_pdo_errors_if_any($pdo);
}
}
echo "<br /><br />";
$stmt = $pdo->prepare("UPDATE config SET val='$newfairyear' WHERE var='FAIRYEAR' AND year=0");
$stmt->execute();
show_pdo_errors_if_any($pdo);
echo happy(i18n("Fair year has been rolled over from %1 to %2",array($currentfairyear,$newfairyear)));
send_footer();
exit;

16
config/safetyquestions.php
View File

@ -30,11 +30,11 @@
'SFIAB Configuration' => 'config/index.php')
,"project_safety_questions"
);
if($_POST['action']=="save" && $_POST['save'])
if(get_value_from_array($_POST, 'action') == "save" && get_value_from_array($_POST, 'save'))
{
if($_POST['question'])
{
if(!ereg("^[0-9]*$",$_POST['ord']))
if(!preg_match("/^[0-9]*$/",$_POST['ord']))
echo notice(i18n("Defaulting non-numeric order value %1 to 0",array($_POST['ord'])));
$stmt = $pdo->prepare("UPDATE safetyquestions SET
@ -44,7 +44,7 @@
ord='".stripslashes($_POST['ord'])."'
WHERE id='".$_POST['save']."' AND year='".$config['FAIRYEAR']."'");
$stmt->execute();
echo $pdo->errorInfo();
show_pdo_errors_if_any($pdo);
echo happy(i18n("Safety question successfully saved"));
}
@ -52,7 +52,7 @@
echo error(i18n("Question is required"));
}
if($_POST['action']=="new")
if(get_value_from_array($_POST, 'action') == "new")
{
if($_POST['question'])
{
@ -72,7 +72,7 @@
echo error(i18n("Question is required"));
}
if($_GET['action']=="remove" && $_GET['remove'])
if(get_value_from_array($_GET, 'action') == "remove" && get_value_from_array($_GET, 'remove'))
{
$stmt = $pdo->prepare("DELETE FROM safetyquestions WHERE id='".$_GET['remove']."' AND year='".$config['FAIRYEAR']."'");
$stmt->execute();
@ -80,7 +80,7 @@
}
if(($_GET['action']=="edit" && $_GET['edit']) || $_GET['action']=="new")
if((get_value_from_array($_GET, 'action') == "edit" && get_value_from_array($_GET, 'edit')) || get_value_from_array($_GET, 'action') == "new")
{
$showform=true;
echo "<form method=\"post\" action=\"safetyquestions.php\">";
@ -109,7 +109,7 @@
{
echo "<table class=\"summarytable\">";
echo "<tr><td>".i18n("Question")."</td><td>";
echo "<input size=\"60\" type=\"text\" name=\"question\" value=\"".htmlspecialchars($r->question)."\">\n";
echo "<input size=\"60\" type=\"text\" name=\"question\" value=\"".htmlspecialchars(get_value_or_default($r->question, ""))."\">\n";
echo "</td></tr>";
echo "<tr><td>".i18n("Type")."</td><td>";
echo "<select name=\"type\">";
@ -128,7 +128,7 @@
echo "</select>";
echo "</td>";
echo "<tr><td>".i18n("Display Order")."</td><td>";
echo "<input size=\"5\" type=\"text\" name=\"ord\" value=\"".htmlspecialchars($r->ord)."\">\n";
echo "<input size=\"5\" type=\"text\" name=\"ord\" value=\"".htmlspecialchars(get_value_or_default($r->ord, ""))."\">\n";
echo "</td></tr>";
echo "<tr><td colspan=\"2\" align=\"center\">";
echo "<input type=\"submit\" value=\"".i18n($buttontext)."\" />\n";

20
config/signaturepage.php
View File

@ -32,21 +32,21 @@
,"exhibitor_signature_page"
);
if($_POST['action']=="save")
if(get_value_from_array($_POST,'action',"save"))
{
if($_POST['useexhibitordeclaration']) $useex="1"; else $useex="0";
if($_POST['useparentdeclaration']) $usepg="1"; else $usepg="0";
if($_POST['useteacherdeclaration']) $usete="1"; else $usete="0";
if($_POST['usepostamble']) $usepa="1"; else $usepa="0";
if($_POST['useregfee']) $userf="1"; else $userf="0";
if(get_value_from_array($_POST, 'useexhibitordeclaration')) $useex="1"; else $useex="0";
if(get_value_from_array($_POST, 'useparentdeclaration')) $usepg="1"; else $usepg="0";
if(get_value_from_array($_POST,'useteacherdeclaration')) $usete="1"; else $usete="0";
if(get_value_from_array($_POST,'usepostamble')) $usepa="1"; else $usepa="0";
if(get_value_from_array($_POST, 'useregfee')) $userf="1"; else $userf="0";
$stmt = $pdo->prepare("UPDATE signaturepage SET `use`='$useex', `text`='".stripslashes($_POST['exhibitordeclaration'])."' WHERE name='exhibitordeclaration'");
$stmt = $pdo->prepare("UPDATE signaturepage SET `use`='$useex', `text`='".get_value_from_array($_POST,'exhibitordeclaration')."' WHERE name='exhibitordeclaration'");
$stmt->execute();
$stmt = $pdo->prepare("UPDATE signaturepage SET `use`='$usepg', `text`='".stripslashes($_POST['parentdeclaration'])."' WHERE name='parentdeclaration'");
$stmt = $pdo->prepare("UPDATE signaturepage SET `use`='$usepg', `text`='".get_value_from_array($_POST, 'parentdeclaration')."' WHERE name='parentdeclaration'");
$stmt->execute();
$stmt = $pdo->prepare("UPDATE signaturepage SET `use`='$usete', `text`='".stripslashes($_POST['teacherdeclaration'])."' WHERE name='teacherdeclaration'");
$stmt = $pdo->prepare("UPDATE signaturepage SET `use`='$usete', `text`='".get_value_from_array($_POST, 'teacherdeclaration')."' WHERE name='teacherdeclaration'");
$stmt->execute();
$stmt = $pdo->prepare("UPDATE signaturepage SET `use`='$usepa', `text`='".stripslashes($_POST['postamble'])."' WHERE name='postamble'");
$stmt = $pdo->prepare("UPDATE signaturepage SET `use`='$usepa', `text`='".get_value_from_array($_POST,'postamble')."' WHERE name='postamble'");
$stmt->execute();
$stmt = $pdo->prepare("UPDATE signaturepage SET `use`='$userf', `text`='' WHERE name='regfee'");
$stmt->execute();

29
config/subdivisions.php
View File

@ -25,8 +25,8 @@
require("../common.inc.php");
require_once("../user.inc.php");
user_auth_required('committee', 'config');
if($_GET['action']=="edit" || $_GET['action']=="new") {
send_header(($_GET['action']=="edit") ? "Edit Sub-Division" : "New Sub-Division",
if(get_value_from_array($_GET,'action',"edit") || get_value_from_array($_GET,'action',"new")) {
send_header(get_value_from_array($_GET,'action',"edit") ? "Edit Sub-Division" : "New Sub-Division",
array('Committee Main' => 'committee_main.php',
'SFIAB Configuration' => 'config/index.php',
'Project Sub-Divisions' => 'config/subdivisions.php'),
@ -38,9 +38,9 @@
"project_sub_divisions");
}
if($_POST['action']=="edit")
if(get_value_from_array($_POST,'action',"edit"))
{
if($_POST['id'] && $_POST['projectdivisions_id'] && $_POST['subdivision'] )
if(get_value_from_array($_POST,'id' )&& get_value_from_array($_POST,'projectdivisions_id') && get_value_from_array($_POST,'subdivision') )
{
$q=$pdo->prepare("SELECT id FROM projectsubdivisions WHERE id='".$_POST['id']."' AND year='".$config['FAIRYEAR']."'");
$q->execute();
@ -65,9 +65,9 @@
}
}
if($_POST['action']=="new")
if(get_value_from_array($_POST,'action',"new"))
{
if($_POST['projectdivisions_id'] && $_POST['subdivision'])
if(get_value_from_array($_POST, 'projectdivisions_id') && get_value_from_array($_POST,'subdivision'))
{
if(!$_POST['id'])
{
@ -103,7 +103,7 @@
}
}
if($_GET['action']=="remove" && $_GET['remove'])
if(get_value_from_array($_GET,'action',"remove") && get_value_from_array($_GET,'remove'))
{
$stmt = $pdo->prepare("DELETE FROM projectsubdivisions WHERE id='".$_GET['remove']."'");
$stmt->execute();
@ -112,7 +112,7 @@
echo "<form method=\"post\" action=\"".$_SERVER['PHP_SELF']."\">";
if(! ($_GET['action']=="edit" || $_GET['action']=="new") )
if(! (get_value_from_array($_GET,'action',"edit") || get_value_from_array($_GET,'action',"new")) )
echo "<a href=\"".$_SERVER['PHP_SELF']."?action=new\">".i18n("Add new sub-division")."</a>\n";
echo "<table class=\"summarytable\">";
@ -123,13 +123,13 @@
echo "<th>".i18n("Actions")."</th>\n";
echo "</tr>";
if($_GET['action']=="edit" || $_GET['action']=="new")
if(get_value_from_array($_GET,'action',"edit") || get_value_from_array($_GET, 'action',"new"))
{
echo "<input type=\"hidden\" name=\"action\" value=\"".$_GET['action']."\">\n";
if($_GET['action']=="edit")
echo "<input type=\"hidden\" name=\"action\" value=\"".get_value_from_array($_GET,'action')."\">\n";
if(get_value_from_array($_GET,'action',"edit"))
{
echo "<input type=\"hidden\" name=\"saveid\" value=\"".$_GET['edit']."\">\n";
$q=$pdo->prepare("SELECT * FROM projectsubdivisions WHERE id='".$_GET['edit']."' AND year='".$config['FAIRYEAR']."'");
echo "<input type=\"hidden\" name=\"saveid\" value=\"".get_value_from_array($_GET, 'edit')."\">\n";
$q=$pdo->prepare("SELECT * FROM projectsubdivisions WHERE id='".get_value_from_array($_GET,'edit')."' AND year='".$config['FAIRYEAR']."'");
$q->execute();
$divisionr=$q->fetch(PDO::FETCH_OBJ);
$buttontext="Save";
@ -153,6 +153,7 @@
echo " <td><input type=\"text\" size=\"3\" name=\"id\" value=\"$divisionr->id\"></td>";
echo " <td><input type=\"text\" size=\"30\" name=\"subdivision\" value=\"$divisionr->subdivision\"></td>";
echo " <td><input type=\"submit\" value=\"".i18n($buttontext)."\"></td>";
$dq->execute();
echo "</tr>";
}
else
@ -186,7 +187,7 @@ echo $pdo->errorInfo();
}
}
echo "</table>";
if($_GET['action']=="new")
if(get_value_from_array($_GET,'action',"new"))
echo "&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;".i18n("Leave ID field blank to auto-assign next available ID");
echo "</form>";

10
config/variables.php
View File

@ -43,8 +43,8 @@
}
//for the Special category
if($_POST['action']=="save") {
if($_POST['specialconfig']) {
if(get_value_from_array($_POST, 'action') == 'save') {
if(get_value_from_array($_POST, 'specialconfig')) {
foreach($_POST['specialconfig'] as $key=>$val) {
$stmt = $pdo->prepare("UPDATE config SET val='".stripslashes($val)."' WHERE year='0' AND var='$key'");
$stmt->execute();
@ -54,8 +54,8 @@
}
//get the category, and if nothing is chosen, default to Global
if($_GET['category']) $category=$_GET['category'];
else if($_POST['category']) $category=$_POST['category'];
if(get_value_from_array($_GET, 'category')) $category=$_GET['category'];
else if(get_value_from_array($_POST, 'category')) $category=$_POST['category'];
else $category="Global";
$action = config_editor_handle_actions($category, $config['FAIRYEAR'], "var");
@ -117,7 +117,7 @@ $q->execute();
echo "</form>";
}
else {
// echo "<h3>".i18n("Configuration settings for fair year %1",array($config['FAIRYEAR']),array("fair year"))."</h3>";
// echo "<h3>".i18n("Configuration settings ftegory']or fair year %1",array($config['FAIRYEAR']),array("fair year"))."</h3>";
echo "<h3>".i18n($category)." ({$config['FAIRYEAR']})</h3>";
config_editor($category, $config['FAIRYEAR'], "var", $_SERVER['PHP_SELF']);

4
config/versionchecker.php
View File

@ -44,7 +44,7 @@
// FIXME Replace
if($v=file("http://www.sfiab.ca/version.txt"))
{
list($version,$date)=split("\t",trim($v[0]));
list($version,$date)=explode("\t",trim($v[0]));
$ret['version']=$version;
$ret['date']=$date;
}
@ -53,7 +53,7 @@
return $ret;
}
if($_GET['action']=="check")
if(get_value_from_array($_GET, 'action',"check"))
{
$v=loadVersions();
echo i18n("Newest version available: <b>%1</b> (%2)",array($v['version'],$v['date']));

48
config_editor.inc.php
View File

@ -23,6 +23,8 @@
?>
<?
include_once('helper.inc.php');
function config_editor_load($category, $year)
{
global $pdo;
@ -47,7 +49,7 @@ function config_editor_load($category, $year)
function config_editor_parse_from_http_headers($array_name)
{
$ans = array();
if(!is_array($_POST[$array_name])) return $ans;
if(!is_array(get_value_from_array($_POST, $array_name))) return $ans;
$keys = array_keys($_POST[$array_name]);
foreach($keys as $id) {
@ -75,6 +77,7 @@ function config_editor_parse_from_http_headers($array_name)
function config_update_variables($fairyear=NULL, $lastfairyear=NULL)
{
global $config;
global $pdo;
/* if fairyear isn't specified... */
if($fairyear == NULL) $fairyear = $config['FAIRYEAR'];
@ -83,37 +86,46 @@ function config_update_variables($fairyear=NULL, $lastfairyear=NULL)
/* The master list of variables is the year=-1, grab
* ALL config variables that exist for -1 but
* do NOT exist for $fairyear */
$q = "SELECT config.var FROM `config`
$q = $pdo->prepare("SELECT config.var FROM `config`
LEFT JOIN `config` AS C2 ON(config.var=C2.var
AND C2.year='$fairyear')
WHERE config.year=-1 AND C2.year IS NULL";
$r = ($q);
while($i = $r->fetch(PDO::FETCH_ASSOC)) {
WHERE config.year=-1 AND C2.year IS NULL");
$q->execute();
show_pdo_errors_if_any($pdo);
while($i = $q->fetch(PDO::FETCH_ASSOC)) {
$var = $i['var'];
/* See if this var exists for last year or
* the -1 year, prefer last year's value */
$q = "SELECT * FROM `config`
$r2 = $pdo->prepare("SELECT * FROM `config`
WHERE config.var='$var'
AND (config.year='$lastfairyear'
OR config.year='-1')
ORDER BY config.year DESC";
$r2 = ($q);
ORDER BY config.year DESC");
$r2->execute();
show_pdo_errors_if_any($pdo);
if($r2->rowCount() < 1) {
/* Uhoh, this shouldn't happen */
echo "ERROR, Variable '$var' doesn't exist";
exit;
}
$v = $r2->fetch();
("INSERT INTO config (var,val,category,type,type_values,ord,description,year) VALUES (
'".$v->var."',
'".$v->val."',
'".$v->category."',
'".$v->type."',
'".$v->type_values."',
'".$v->ord."',
'".$v->description."',
$v = $r2->fetch(PDO::FETCH_ASSOC);
$r3 = $pdo->prepare("INSERT INTO config (var,val,category,type,type_values,ord,description,year) VALUES (
".$pdo->quote($v['var']).",
".$pdo->quote($v['val']).",
".$pdo->quote($v['category']).",
".$pdo->quote($v['type']).",
".$pdo->quote($v['type_values']).",
".$pdo->quote($v['ord']).",
".$pdo->quote($v['description']).",
'$fairyear')");
$r3->execute();
show_pdo_errors_if_any($pdo);
}
}
@ -129,7 +141,7 @@ function config_editor_handle_actions($category, $year, $array_name)
$config_editor_actions_done = true;
$updated = false;
if($_POST['action']=="update") {
if(get_value_from_array($_POST, 'action', "update")) {
$var = config_editor_parse_from_http_headers($array_name);
$varkeys = array_keys($var);
foreach($varkeys as $k) {

33
confirmed_participants.php
View File

@ -23,15 +23,19 @@
?>
<?
require("common.inc.php");
require("./config/signaturepage_or_permissionform.php");
send_header("Confirmed Participants");
global $stats_totalstudents;
//first, lets make sure someone isnt tryint to see something that they arent allowed to!
$q=$pdo->prepare("SELECT (NOW()>'".$config['dates']['postparticipants']."') AS test");
$q->execute();
$r=$q->fetch();
$r=$q->fetch(PDO::FETCH_OBJ);
if($r->test!=1)
{
list($d,$t)=explode(" ",$config['dates']['postparticipants']);
@ -68,7 +72,13 @@
projects.projectnumber
");
$q->execute();
echo $pdo->errorInfo();
// Check for errors after the query execution
$errorInfo = $pdo->errorInfo();
if ($errorInfo[0] != '00000') {
// If there's an error (the SQLSTATE isn't '00000', which means no error)
echo "Error: " . $errorInfo[2]; // The third element contains the error message
}
$lastcat="something_that_does_not_exist";
$lastdiv="something_that_does_not_exist";
@ -81,7 +91,7 @@
echo "<br />";
}
echo "<table style=\"font-size: 0.9em;\">";
while($r=$q->fetch())
while($r=$q->fetch(PDO::FETCH_OBJ))
{
if($r->category != $lastcat)
{
@ -122,7 +132,7 @@
echo "<td>$r->projectnumber</td>";
echo "<td>$r->title</td>";
$sq=("SELECT students.firstname,
$sq=$pdo->prepare("SELECT students.firstname,
students.lastname,
students.id,
students.webfirst,
@ -135,20 +145,27 @@
AND
students.schools_id=schools.id
");
echo pdo->errorInfo();
$sq->execute();
// Check for errors after the query execution
$errorInfo = $pdo->errorInfo();
if ($errorInfo[0] != '00000') {
// If there's an error (the SQLSTATE isn't '00000', which means no error)
echo "Error: " . $errorInfo[2]; // The third element contains the error message
}
$studnum=1;
$schools="";
$students="";
$sameschools=true;
$lastschool="";
while($studentinfo=$sq->fetch())
while($studentinfo=$sq->fetch(PDO::FETCH_OBJ))
{
if($studentinfo->webfirst=="yes")
$students.="$studentinfo->firstname ";
if($studentinfo->weblast=="yes")
$students.="$studentinfo->lastname ";
if($r->studentinfo->webfirst=="yes" || $studentinfo->weblast=="yes") $students.="<br />";
if($studentinfo->webfirst=="yes" || $studentinfo->weblast=="yes") $students.="<br />";
$schools.="$studentinfo->school <br />";
if($lastschool)

12
helper.inc.php
View File

@ -15,4 +15,16 @@ function get_value(mixed $var) : mixed
return isset($var) ? $var : null;
}
function get_value_or_default(mixed $var, mixed $default = null) : mixed {
return isset($var) ? $var : $default;
}
function show_pdo_errors_if_any($pdo) {// Check for errors after the query execution
$errorInfo = $pdo->errorInfo();
if ($errorInfo[0] != '00000') {
// If there's an error (the SQLSTATE isn't '00000', which means no error)
echo "Error: " . $errorInfo[2]; // The third element contains the error message
}
}
?>

2
lcsv.php
View File

@ -144,7 +144,7 @@ class lcsv
if($this->csvdata)
{
$filename=strtolower($this->page_subheader);
$filename=ereg_replace("[^a-z0-9]","_",$filename);
$filename=preg_replace("[^a-z0-9]","_",$filename);
//header("Content-type: application/csv");
header("Content-type: text/x-csv");
header("Content-disposition: inline; filename=sfiab_".$filename.".csv");

8
questions.inc.php
View File

@ -25,7 +25,7 @@
function questions_load_answers($section, $users_id)
{
{ global $pdo;
global $config;
$yearq=$pdo->prepare("SELECT `year` FROM users WHERE id='$users_id'");
$yearq->execute();
@ -49,7 +49,7 @@ function questions_load_questions($section, $year)
'ORDER BY ord ASC');
$q->execute();
print($pdo->errorInfo());
show_pdo_errors_if_any($pdo);
$qs = array();
while($r=$q->fetch(PDO::FETCH_OBJ)) {
@ -191,7 +191,7 @@ function questions_save_new_question($qs, $year)
"'".$qs['ord']."',".
"'$year' )");
$stmt->execute();
echo $pdo->errorInfo();
show_pdo_errors_if_any($pdo);
}
@ -206,7 +206,7 @@ function questions_save_new_question($qs, $year)
function questions_editor($section, $year, $array_name, $self)
{
global $config;
global $pdo;
if($_POST['action']=="save") {
$qs = questions_parse_from_http_headers('question');

16
register_participants.php
View File

@ -30,7 +30,7 @@
$datecheck = $q->fetch(PDO::FETCH_OBJ);
if($_POST['action']=="new") {
if(get_value_from_array($_POST, 'action') == "new") {
$q=$pdo->prepare("SELECT email,num,id,schools_id FROM registrations WHERE email='".$_SESSION['email']."' AND num='".$_POST['regnum']."' AND year=".$config['FAIRYEAR']);
$q->execute();
if($q->rowCount()) {
@ -55,8 +55,8 @@ $stmt->execute();
}
}
else if($_POST['action']=="continue") {
if($_POST['email'])
else if(get_value_from_array($_POST, 'action') == "continue") {
if(get_value_from_array($_POST, 'email'))
$_SESSION['email']=stripslashes($_POST['email']);
$q=$pdo->prepare("SELECT registrations.id AS regid, registrations.num AS regnum, students.id AS studentid, students.firstname FROM registrations,students ".
@ -82,7 +82,7 @@ $stmt->execute();
}
}
else if($_GET['action']=="resend" && $_SESSION['email']) {
else if(get_value_from_array($_GET, 'action') == "resend" && get_value_from_array($_SESSION, 'email')) {
//first see if the email matches directly from the registrations table
$q=$pdo->prepare("SELECT registrations.num FROM
registrations
@ -117,7 +117,7 @@ $stmt->execute();
echo error(i18n("Could not find a registration for your email address"));
}
}
else if($_GET['action']=="logout") {
else if(get_value_from_array($_GET, 'action') == "logout") {
unset($_SESSION['email']);
unset($_SESSION['registration_number']);
unset($_SESSION['registration_id']);
@ -127,7 +127,7 @@ $stmt->execute();
//if they've alreayd logged in, and somehow wound back up here, take them back to where they should be
if($_SESSION['registration_number'] && $_SESSION['registration_id'] && $_SESSION['email']) {
if(get_value_from_array($_SESSION, 'registration_number') && get_value_from_array($_SESSION, 'registration_id') && get_value_from_array($_SESSION, 'email')) {
header("Location: register_participants_main.php");
exit;
@ -135,8 +135,8 @@ $stmt->execute();
send_header("Participant Registration");
if($_POST['action']=="login" && ( $_POST['email'] || $_SESSION['email']) ) {
if($_POST['email'])
if(get_value_from_array($_POST, 'action') == "login" && ( get_value_from_array($_POST, 'email') || get_value_from_array($_SESSION, 'email')) ) {
if(get_value_from_array($_POST, 'email'))
$_SESSION['email']=stripslashes($pdo->quote($_POST['email']));
echo "<form method=\"post\" action=\"register_participants.php\">";

126
tcpdf/tcpdf.php
View File

@ -76,7 +76,7 @@
// dullus for text Justification.
// Bob Vincent (pillarsdotnet@users.sourceforge.net) for <li> value attribute.
// Patrick Benny for text stretch suggestion on Cell().
// Johannes Güntert for JavaScript support.
// Johannes G<EFBFBD>ntert for JavaScript support.
// Denis Van Nuffelen for Dynamic Form.
// Jacek Czekaj for multibyte justification
// Anthony Ferrara for the reintroduction of legacy image methods.
@ -87,7 +87,7 @@
// Mohamad Ali Golkar, Saleh AlMatrafe, Charles Abbott for Arabic and Persian support.
// Moritz Wagner and Andreas Wurmser for graphic functions.
// Andrew Whitehead for core fonts support.
// Esteban Joël Marín for OpenType font conversion.
// Esteban Jo<EFBFBD>l Mar<61>n for OpenType font conversion.
// Teus Hagen for several suggestions and fixes.
// Yukihiro Nakadaira for CID-0 CJK fonts fixes.
// Kosmas Papachristos for some CSS improvements.
@ -2911,7 +2911,7 @@ class TCPDF {
if (empty($orientation)) {
$orientation = $default_orientation;
} else {
$orientation = strtoupper($orientation{0});
$orientation = strtoupper($orientation[0]);
}
if (in_array($orientation, $valid_orientations) AND ($orientation != $default_orientation)) {
$this->CurOrientation = $orientation;
@ -3363,7 +3363,7 @@ class TCPDF {
$slen = strlen($brd);
$newbrd = array();
for ($i = 0; $i < $slen; ++$i) {
$newbrd[$brd{$i}] = true;
$newbrd[$brd[$i]] = true;
}
$brd = $newbrd;
} elseif (($brd === 1) OR ($brd === true) OR (is_numeric($brd) AND (intval($brd) > 0))) {
@ -5869,7 +5869,7 @@ class TCPDF {
$slen = strlen($brd);
$newbrd = array();
for ($i = 0; $i < $slen; ++$i) {
$newbrd[$brd{$i}] = array('cap' => 'square', 'join' => 'miter');
$newbrd[$brd[$i]] = array('cap' => 'square', 'join' => 'miter');
}
$brd = $newbrd;
}
@ -6372,7 +6372,7 @@ class TCPDF {
$slen = strlen($brd);
$newbrd = array();
for ($i = 0; $i < $slen; ++$i) {
$newbrd[$brd{$i}] = array('cap' => 'square', 'join' => 'miter');
$newbrd[$brd[$i]] = array('cap' => 'square', 'join' => 'miter');
}
$brd = $newbrd;
}
@ -6434,7 +6434,7 @@ class TCPDF {
* @param $cellpadding (float) Internal cell padding, if empty uses default cell padding.
* @param $border (mixed) Indicates if borders must be drawn around the cell. The value can be a number:<ul><li>0: no border (default)</li><li>1: frame</li></ul> or a string containing some or all of the following characters (in any order):<ul><li>L: left</li><li>T: top</li><li>R: right</li><li>B: bottom</li></ul> or an array of line styles for each border group - for example: array('LTRB' => array('width' => 2, 'cap' => 'butt', 'join' => 'miter', 'dash' => 0, 'color' => array(0, 0, 0)))
* @return float Return the minimal height needed for multicell method for printing the $txt param.
* @author Alexander Escalona Fernández, Nicola Asuni
* @author Alexander Escalona Fern<EFBFBD>ndez, Nicola Asuni
* @public
* @since 4.5.011
*/
@ -6538,7 +6538,7 @@ class TCPDF {
* @param $cellpadding (float) Internal cell padding, if empty uses default cell padding.
* @param $border (mixed) Indicates if borders must be drawn around the cell. The value can be a number:<ul><li>0: no border (default)</li><li>1: frame</li></ul> or a string containing some or all of the following characters (in any order):<ul><li>L: left</li><li>T: top</li><li>R: right</li><li>B: bottom</li></ul> or an array of line styles for each border group - for example: array('LTRB' => array('width' => 2, 'cap' => 'butt', 'join' => 'miter', 'dash' => 0, 'color' => array(0, 0, 0)))
* @return float Return the minimal height needed for multicell method for printing the $txt param.
* @author Nicola Asuni, Alexander Escalona Fernández
* @author Nicola Asuni, Alexander Escalona Fern<EFBFBD>ndez
* @public
*/
public function getStringHeight($w, $txt, $reseth=false, $autopadding=true, $cellpadding='', $border=0) {
@ -7210,7 +7210,7 @@ class TCPDF {
$this->checkPageRegions($h, $x, $y);
$cached_file = false; // true when the file is cached
// check if we are passing an image as file or string
if ($file{0} === '@') { // image from string
if ($file[0] === '@') { // image from string
$imgdata = substr($file, 1);
$file = K_PATH_CACHE.'img_'.md5($imgdata);
$fp = fopen($file, 'w');
@ -7300,7 +7300,7 @@ class TCPDF {
// height difference
$hdiff = ($oldh - $h);
// vertical alignment
switch (strtoupper($fitbox{1})) {
switch (strtoupper($fitbox[1])) {
case 'T': {
break;
}
@ -7321,7 +7321,7 @@ class TCPDF {
// width difference
$wdiff = ($oldw - $w);
// horizontal alignment
switch (strtoupper($fitbox{0})) {
switch (strtoupper($fitbox[0])) {
case 'L': {
if ($this->rtl) {
$x -= $wdiff;
@ -7600,7 +7600,7 @@ class TCPDF {
public function set_mqr($mqr) {
if (!defined('PHP_VERSION_ID')) {
$version = PHP_VERSION;
define('PHP_VERSION_ID', (($version{0} * 10000) + ($version{2} * 100) + $version{4}));
define('PHP_VERSION_ID', (($version[0] * 10000) + ($version[2] * 100) + $version[4]));
}
if (PHP_VERSION_ID < 50300) {
@set_magic_quotes_runtime($mqr);
@ -7615,7 +7615,7 @@ class TCPDF {
public function get_mqr() {
if (!defined('PHP_VERSION_ID')) {
$version = PHP_VERSION;
define('PHP_VERSION_ID', (($version{0} * 10000) + ($version{2} * 100) + $version{4}));
define('PHP_VERSION_ID', (($version[0] * 10000) + ($version[2] * 100) + $version[4]));
}
if (PHP_VERSION_ID < 50300) {
return @get_magic_quotes_runtime();
@ -8099,7 +8099,7 @@ class TCPDF {
$dest = $dest ? 'D' : 'F';
}
$dest = strtoupper($dest);
if ($dest{0} != 'F') {
if ($dest[0] != 'F') {
$name = preg_replace('/[\s]+/', '_', $name);
$name = preg_replace('/[^a-zA-Z0-9_\.-]/', '', $name);
}
@ -9803,12 +9803,12 @@ class TCPDF {
$font = file_get_contents($fontfile);
$compressed = (substr($file, -2) == '.z');
if ((!$compressed) AND (isset($info['length2']))) {
$header = (ord($font{0}) == 128);
$header = (ord($font[0]) == 128);
if ($header) {
//Strip first binary header
$font = substr($font, 6);
}
if ($header AND (ord($font{$info['length1']}) == 128)) {
if ($header AND (ord($font[$info['length1']]) == 128)) {
//Strip second binary header
$font = substr($font, 0, $info['length1']).substr($font, ($info['length1'] + 6));
}
@ -11282,7 +11282,7 @@ class TCPDF {
$strarr = array();
$strlen = strlen($str);
for ($i=0; $i < $strlen; ++$i) {
$strarr[] = ord($str{$i});
$strarr[] = ord($str[$i]);
}
// insert new value on cache
$this->cache_UTF8StringToArray[$strkey]['s'] = $strarr;
@ -11296,7 +11296,7 @@ class TCPDF {
$str .= ''; // force $str to be a string
$length = strlen($str);
for ($i = 0; $i < $length; ++$i) {
$char = ord($str{$i}); // get one string character at time
$char = ord($str[$i]); // get one string character at time
if (count($bytes) == 0) { // get starting octect
if ($char <= 0x7F) {
$unichar = $char; // use the character "as is" because is ASCII
@ -11578,7 +11578,7 @@ class TCPDF {
* @public
*/
public function addHtmlLink($url, $name, $fill=false, $firstline=false, $color='', $style=-1, $firstblock=false) {
if (!$this->empty_string($url) AND ($url{0} == '#')) {
if (!$this->empty_string($url) AND ($url[0] == '#')) {
// convert url to internal link
$lnkdata = explode(',', $url);
if (isset($lnkdata[0])) {
@ -11971,7 +11971,7 @@ class TCPDF {
$j = 0;
for ($i = 0; $i < 256; ++$i) {
$t = $rc4[$i];
$j = ($j + $t + ord($k{$i})) % 256;
$j = ($j + $t + ord($k[$i])) % 256;
$rc4[$i] = $rc4[$j];
$rc4[$j] = $t;
}
@ -11991,7 +11991,7 @@ class TCPDF {
$rc4[$a] = $rc4[$b];
$rc4[$b] = $t;
$k = $rc4[($rc4[$a] + $rc4[$b]) % 256];
$out .= chr(ord($text{$i}) ^ $k);
$out .= chr(ord($text[$i]) ^ $k);
}
return $out;
}
@ -12045,7 +12045,7 @@ class TCPDF {
for ($i = 1; $i <= 19; ++$i) {
$ek = '';
for ($j = 0; $j < $len; ++$j) {
$ek .= chr(ord($this->encryptdata['key']{$j}) ^ $i);
$ek .= chr(ord($this->encryptdata['key'][$j]) ^ $i);
}
$enc = $this->_RC4($ek, $enc);
}
@ -12096,7 +12096,7 @@ class TCPDF {
for ($i = 1; $i <= 19; ++$i) {
$ek = '';
for ($j = 0; $j < $len; ++$j) {
$ek .= chr(ord($owner_key{$j}) ^ $i);
$ek .= chr(ord($owner_key[$j]) ^ $i);
}
$enc = $this->_RC4($ek, $enc);
}
@ -12411,7 +12411,7 @@ class TCPDF {
++$bslenght;
}
for ($i = 0; $i < $bslenght; $i += 2) {
$string .= chr(hexdec($bs{$i}.$bs{($i + 1)}));
$string .= chr(hexdec($bs[$i].$bs[($i + 1)]));
}
return $string;
}
@ -12924,7 +12924,7 @@ class TCPDF {
}
/**
* Append a cubic Bézier curve to the current path. The curve shall extend from the current point to the point (x3, y3), using (x1, y1) and (x2, y2) as the Bézier control points.
* Append a cubic B<EFBFBD>zier curve to the current path. The curve shall extend from the current point to the point (x3, y3), using (x1, y1) and (x2, y2) as the B<EFBFBD>zier control points.
* The new current point shall be (x3, y3).
* @param $x1 (float) Abscissa of control point 1.
* @param $y1 (float) Ordinate of control point 1.
@ -12940,7 +12940,7 @@ class TCPDF {
}
/**
* Append a cubic Bézier curve to the current path. The curve shall extend from the current point to the point (x3, y3), using the current point and (x2, y2) as the Bézier control points.
* Append a cubic B<EFBFBD>zier curve to the current path. The curve shall extend from the current point to the point (x3, y3), using the current point and (x2, y2) as the B<EFBFBD>zier control points.
* The new current point shall be (x3, y3).
* @param $x2 (float) Abscissa of control point 2.
* @param $y2 (float) Ordinate of control point 2.
@ -12954,7 +12954,7 @@ class TCPDF {
}
/**
* Append a cubic Bézier curve to the current path. The curve shall extend from the current point to the point (x3, y3), using (x1, y1) and (x3, y3) as the Bézier control points.
* Append a cubic B<EFBFBD>zier curve to the current path. The curve shall extend from the current point to the point (x3, y3), using (x1, y1) and (x3, y3) as the B<EFBFBD>zier control points.
* The new current point shall be (x3, y3).
* @param $x1 (float) Abscissa of control point 1.
* @param $y1 (float) Ordinate of control point 1.
@ -14381,7 +14381,7 @@ class TCPDF {
* Adds a javascript
* @param $script (string) Javascript code
* @public
* @author Johannes Güntert, Nicola Asuni
* @author Johannes G<EFBFBD>ntert, Nicola Asuni
* @since 2.1.002 (2008-02-12)
*/
public function IncludeJS($script) {
@ -14406,7 +14406,7 @@ class TCPDF {
/**
* Create a javascript PDF string.
* @protected
* @author Johannes Güntert, Nicola Asuni
* @author Johannes G<EFBFBD>ntert, Nicola Asuni
* @since 2.1.002 (2008-02-12)
*/
protected function _putjavascript() {
@ -16144,7 +16144,7 @@ class TCPDF {
* @param $col1 (array) first color (Grayscale, RGB or CMYK components).
* @param $col2 (array) second color (Grayscale, RGB or CMYK components).
* @param $coords (array) array of the form (x1, y1, x2, y2) which defines the gradient vector (see linear_gradient_coords.jpg). The default value is from left to right (x1=0, y1=0, x2=1, y2=0).
* @author Andreas Würmser, Nicola Asuni
* @author Andreas W<EFBFBD>rmser, Nicola Asuni
* @since 3.1.000 (2008-06-09)
* @public
*/
@ -16162,7 +16162,7 @@ class TCPDF {
* @param $col1 (array) first color (Grayscale, RGB or CMYK components).
* @param $col2 (array) second color (Grayscale, RGB or CMYK components).
* @param $coords (array) array of the form (fx, fy, cx, cy, r) where (fx, fy) is the starting point of the gradient with color1, (cx, cy) is the center of the circle with color2, and r is the radius of the circle (see radial_gradient_coords.jpg). (fx, fy) should be inside the circle, otherwise some areas will not be defined.
* @author Andreas Würmser, Nicola Asuni
* @author Andreas W<EFBFBD>rmser, Nicola Asuni
* @since 3.1.000 (2008-06-09)
* @public
*/
@ -16185,7 +16185,7 @@ class TCPDF {
* @param $coords_min (array) minimum value used by the coordinates. If a coordinate's value is smaller than this it will be cut to coords_min. default: 0
* @param $coords_max (array) maximum value used by the coordinates. If a coordinate's value is greater than this it will be cut to coords_max. default: 1
* @param $antialias (boolean) A flag indicating whether to filter the shading function to prevent aliasing artifacts.
* @author Andreas Würmser, Nicola Asuni
* @author Andreas W<EFBFBD>rmser, Nicola Asuni
* @since 3.1.000 (2008-06-09)
* @public
*/
@ -16270,7 +16270,7 @@ class TCPDF {
* @param $y (float) ordinate of the top left corner of the rectangle.
* @param $w (float) width of the rectangle.
* @param $h (float) height of the rectangle.
* @author Andreas Würmser, Nicola Asuni
* @author Andreas W<EFBFBD>rmser, Nicola Asuni
* @since 3.1.000 (2008-06-09)
* @protected
*/
@ -16661,7 +16661,7 @@ class TCPDF {
// check page for no-write regions and adapt page margins if necessary
$this->checkPageRegions($h, $x, $y);
$k = $this->k;
if ($file{0} === '@') { // image from string
if ($file[0] === '@') { // image from string
$data = substr($file, 1);
} else { // EPS/AI file
$data = file_get_contents($file);
@ -16774,7 +16774,7 @@ class TCPDF {
$cnt = count($lines);
for ($i=0; $i < $cnt; ++$i) {
$line = $lines[$i];
if (($line == '') OR ($line{0} == '%')) {
if (($line == '') OR ($line[0] == '%')) {
continue;
}
$len = strlen($line);
@ -16878,7 +16878,7 @@ class TCPDF {
if ($skip) {
break;
}
$line{$len-1} = strtolower($cmd);
$line[$len-1] = strtolower($cmd);
$this->_out($line);
break;
}
@ -17766,19 +17766,19 @@ class TCPDF {
// remove empty blocks
$cssdata = preg_replace('/([^\}\{]+)\{\}/', '', $cssdata);
// replace media type parenthesis
$cssdata = preg_replace('/@media[\s]+([^\{]*)\{/i', '@media \\1§', $cssdata);
$cssdata = preg_replace('/\}\}/si', '}§', $cssdata);
$cssdata = preg_replace('/@media[\s]+([^\{]*)\{/i', '@media \\1<EFBFBD>', $cssdata);
$cssdata = preg_replace('/\}\}/si', '}<EFBFBD>', $cssdata);
// trim string
$cssdata = trim($cssdata);
// find media blocks (all, braille, embossed, handheld, print, projection, screen, speech, tty, tv)
$cssblocks = array();
$matches = array();
if (preg_match_all('/@media[\s]+([^\§]*)§([^§]*)§/i', $cssdata, $matches) > 0) {
if (preg_match_all('/@media[\s]+([^\<EFBFBD>]*)<29>([^<5E>]*)<29>/i', $cssdata, $matches) > 0) {
foreach ($matches[1] as $key => $type) {
$cssblocks[$type] = $matches[2][$key];
}
// remove media blocks
$cssdata = preg_replace('/@media[\s]+([^\§]*)§([^§]*)§/i', '', $cssdata);
$cssdata = preg_replace('/@media[\s]+([^\<EFBFBD>]*)<29>([^<5E>]*)<29>/i', '', $cssdata);
}
// keep 'all' and 'print' media, other media types are discarded
if (isset($cssblocks['all']) AND !empty($cssblocks['all'])) {
@ -17870,7 +17870,7 @@ class TCPDF {
$attrib = strtolower(trim($attrib[0]));
if (!empty($attrib)) {
// check if matches class, id, attribute, pseudo-class or pseudo-element
switch ($attrib{0}) {
switch ($attrib[0]) {
case '.': { // class
if (in_array(substr($attrib, 1), $class)) {
$valid = true;
@ -17937,7 +17937,7 @@ class TCPDF {
break;
}
case ':': { // pseudo-class or pseudo-element
if ($attrib{1} == ':') { // pseudo-element
if ($attrib[1] == ':') { // pseudo-element
// pseudo-elements are not supported!
// (::first-line, ::first-letter, ::before, ::after)
} else { // pseudo-class
@ -18566,7 +18566,7 @@ class TCPDF {
$tagname = strtolower($tag[1]);
// check if we are inside a table header
if ($tagname == 'thead') {
if ($element{0} == '/') {
if ($element[0] == '/') {
$thead = false;
} else {
$thead = true;
@ -18581,7 +18581,7 @@ class TCPDF {
} else {
$dom[$key]['block'] = false;
}
if ($element{0} == '/') {
if ($element[0] == '/') {
// *** closing html tag
$dom[$key]['opening'] = false;
$dom[$key]['parent'] = end($level);
@ -18794,13 +18794,13 @@ class TCPDF {
}
// font style
if (isset($dom[$key]['style']['font-weight'])) {
if (strtolower($dom[$key]['style']['font-weight']{0}) == 'n') {
if (strtolower($dom[$key]['style']['font-weight'][0]) == 'n') {
$dom[$key]['fontstyle'] = '';
} elseif (strtolower($dom[$key]['style']['font-weight']{0}) == 'b') {
} elseif (strtolower($dom[$key]['style']['font-weight'][0]) == 'b') {
$dom[$key]['fontstyle'] .= 'B';
}
}
if (isset($dom[$key]['style']['font-style']) AND (strtolower($dom[$key]['style']['font-style']{0}) == 'i')) {
if (isset($dom[$key]['style']['font-style']) AND (strtolower($dom[$key]['style']['font-style'][0]) == 'i')) {
$dom[$key]['fontstyle'] .= 'I';
}
// font color
@ -18819,13 +18819,13 @@ class TCPDF {
foreach ($decors as $dec) {
$dec = trim($dec);
if (!$this->empty_string($dec)) {
if ($dec{0} == 'u') {
if ($dec[0] == 'u') {
// underline
$dom[$key]['fontstyle'] .= 'U';
} elseif ($dec{0} == 'l') {
} elseif ($dec[0] == 'l') {
// line-trough
$dom[$key]['fontstyle'] .= 'D';
} elseif ($dec{0} == 'o') {
} elseif ($dec[0] == 'o') {
// overline
$dom[$key]['fontstyle'] .= 'O';
}
@ -18844,7 +18844,7 @@ class TCPDF {
}
// check for text alignment
if (isset($dom[$key]['style']['text-align'])) {
$dom[$key]['align'] = strtoupper($dom[$key]['style']['text-align']{0});
$dom[$key]['align'] = strtoupper($dom[$key]['style']['text-align'][0]);
}
// check for CSS border properties
if (isset($dom[$key]['style']['border'])) {
@ -19008,9 +19008,9 @@ class TCPDF {
// font size
if (isset($dom[$key]['attribute']['size'])) {
if ($key > 0) {
if ($dom[$key]['attribute']['size']{0} == '+') {
if ($dom[$key]['attribute']['size'][0] == '+') {
$dom[$key]['fontsize'] = $dom[($dom[$key]['parent'])]['fontsize'] + intval(substr($dom[$key]['attribute']['size'], 1));
} elseif ($dom[$key]['attribute']['size']{0} == '-') {
} elseif ($dom[$key]['attribute']['size'][0] == '-') {
$dom[$key]['fontsize'] = $dom[($dom[$key]['parent'])]['fontsize'] - intval(substr($dom[$key]['attribute']['size'], 1));
} else {
$dom[$key]['fontsize'] = intval($dom[$key]['attribute']['size']);
@ -19052,10 +19052,10 @@ class TCPDF {
if (($dom[$key]['value'] == 'pre') OR ($dom[$key]['value'] == 'tt')) {
$dom[$key]['fontname'] = $this->default_monospaced_font;
}
if (($dom[$key]['value']{0} == 'h') AND (intval($dom[$key]['value']{1}) > 0) AND (intval($dom[$key]['value']{1}) < 7)) {
if (($dom[$key]['value'][0] == 'h') AND (intval($dom[$key]['value'][1]) > 0) AND (intval($dom[$key]['value'][1]) < 7)) {
// headings h1, h2, h3, h4, h5, h6
if (!isset($dom[$key]['attribute']['size']) AND !isset($dom[$key]['style']['font-size'])) {
$headsize = (4 - intval($dom[$key]['value']{1})) * 2;
$headsize = (4 - intval($dom[$key]['value'][1])) * 2;
$dom[$key]['fontsize'] = $dom[0]['fontsize'] + $headsize;
}
if (!isset($dom[$key]['style']['font-weight'])) {
@ -19117,7 +19117,7 @@ class TCPDF {
}
// check for text alignment
if (isset($dom[$key]['attribute']['align']) AND (!$this->empty_string($dom[$key]['attribute']['align'])) AND ($dom[$key]['value'] !== 'img')) {
$dom[$key]['align'] = strtoupper($dom[$key]['attribute']['align']{0});
$dom[$key]['align'] = strtoupper($dom[$key]['attribute']['align'][0]);
}
// check for text rendering mode (the following attributes do not exist in HTML)
if (isset($dom[$key]['attribute']['stroke'])) {
@ -19798,7 +19798,7 @@ Putting 1 is equivalent to putting 0 and calling Ln() just after. Default value:
if (($stroffset !== false) AND ($stroffset <= $strpiece[2][1])) {
// set offset to the end of string section
$offset = strpos($pmid, ')]', $stroffset);
while (($offset !== false) AND ($pmid{($offset - 1)} == '\\')) {
while (($offset !== false) AND ($pmid[($offset - 1)] == '\\')) {
$offset = strpos($pmid, ')]', ($offset + 1));
}
if ($offset === false) {
@ -20871,7 +20871,7 @@ Putting 1 is equivalent to putting 0 and calling Ln() just after. Default value:
$imglink = '';
if (isset($this->HREF['url']) AND !$this->empty_string($this->HREF['url'])) {
$imglink = $this->HREF['url'];
if ($imglink{0} == '#') {
if ($imglink[0] == '#') {
// convert url to internal link
$lnkdata = explode(',', $imglink);
if (isset($lnkdata[0])) {
@ -24705,7 +24705,7 @@ Putting 1 is equivalent to putting 0 and calling Ln() just after. Default value:
// convert SVG to raster image using GD or ImageMagick libraries
return $this->Image($file, $x, $y, $w, $h, 'SVG', $link, $align, true, 300, $palign, false, false, $border, false, false, false);
}
if ($file{0} === '@') { // image from string
if ($file[0] === '@') { // image from string
$this->svgdir = '';
$svgdata = substr($file, 1);
} else { // SVG file
@ -25613,7 +25613,7 @@ Putting 1 is equivalent to putting 0 and calling Ln() just after. Default value:
}
break;
}
case 'Q': { // quadratic Bézier curveto
case 'Q': { // quadratic B<EFBFBD>zier curveto
foreach ($params as $ck => $cp) {
$params[$ck] = $cp;
if ((($ck + 1) % 4) == 0) {
@ -25639,7 +25639,7 @@ Putting 1 is equivalent to putting 0 and calling Ln() just after. Default value:
}
break;
}
case 'T': { // shorthand/smooth quadratic Bézier curveto
case 'T': { // shorthand/smooth quadratic B<EFBFBD>zier curveto
foreach ($params as $ck => $cp) {
$params[$ck] = $cp;
if (($ck % 2) != 0) {
@ -26179,11 +26179,11 @@ Putting 1 is equivalent to putting 0 and calling Ln() just after. Default value:
$this->SVGTransform($tm);
$obstyle = $this->setSVGStyles($svgstyle, $prev_svgstyle, $x, $y, $w, $h);
// fix image path
if (!$this->empty_string($this->svgdir) AND (($img{0} == '.') OR (basename($img) == $img))) {
if (!$this->empty_string($this->svgdir) AND (($img[0] == '.') OR (basename($img) == $img))) {
// replace relative path with full server path
$img = $this->svgdir.'/'.$img;
}
if (($img{0} == '/') AND ($_SERVER['DOCUMENT_ROOT'] != '/')) {
if (($img[0] == '/') AND ($_SERVER['DOCUMENT_ROOT'] != '/')) {
$findroot = strpos($img, $_SERVER['DOCUMENT_ROOT']);
if (($findroot === false) OR ($findroot > 1)) {
// replace relative path with full server path

24
user.inc.php
View File

@ -23,6 +23,7 @@
*/
?>
<?
require_once('helper.inc.php');
$user_what = array('student'=>'Participant',
'judge' => 'Judge',
@ -319,7 +320,7 @@ function user_load_by_uid_year($uid, $year)
}
function user_set_password($id, $password = NULL)
{
{ global $pdo;
/* pass $u by reference so we can update it */
$save_old = false;
if($password == NULL) {
@ -344,13 +345,13 @@ function user_set_password($id, $password = NULL)
$query = "UPDATE users SET $set WHERE id='$id'";
$stmt = $pdo->prepare($query);
echo $pdo->errorInfo();
show_pdo_errors_if_any($pdo);
return $password;
}
function user_save_type_list($u, $db, $fields)
{
{ global $pdo;
/* echo "<pre> save type list $db";
print_r($u);
echo "</pre>";*/
@ -379,7 +380,7 @@ function user_save_type_list($u, $db, $fields)
$stmt = $pdo->prepare($query);
$stmt->execute();
if($pdo->errorInfo()) {
echo $pdo->errorInfo();
show_pdo_errors_if_any($pdo);
echo error("Full query: $query");
}
}
@ -448,7 +449,7 @@ function user_save_parent($u)
}
function user_save(&$u)
{
{ global $pdo;
/* Add any new types */
$added = array_diff($u['types'], $u['orig']['types']);
foreach($added as $t) {
@ -490,7 +491,7 @@ function user_save(&$u)
$stmt = $pdo->prepare($query);
$stmt->execute();
// echo "query=[$query]";
echo $pdo->errorInfo();
show_pdo_errors_if_any($pdo);
}
/* Save the password if it changed */
@ -703,7 +704,7 @@ function user_dupe_row($db, $key, $val, $newval)
// echo "Dupe Query: [$q]";
$r = $pdo->prepare($q);
$r->execute();
echo $pdo->errorInfo();
show_pdo_errors_if_any($pdo);
$id = $pdo->errorInfo();
return $id;
@ -778,11 +779,12 @@ function user_add_role_allowed($type, $u)
function user_create($type, $username, $u = NULL)
{
global $config;
global $pdo;
if(!is_array($u)) {
$stmt = $pdo->prepare("INSERT INTO users (`types`,`username`,`passwordset`,`created`,`year`,`deleted`)
VALUES ('$type','$username','0000-00-00', NOW(), '{$config['FAIRYEAR']}','no')");
$stmt->execute();
echo $pdo->errorInfo();
show_pdo_errors_if_any($pdo);
$uid = $pdo->lastInsertId();
if(user_valid_email($username)) {
$stmt = $pdo->prepare("UPDATE users SET email='$username' WHERE id='$uid'");
@ -790,13 +792,13 @@ function user_create($type, $username, $u = NULL)
}
$stmt = $pdo->prepare("UPDATE users SET uid='$uid' WHERE id='$uid'");
$stmt->execute();
echo $pdo->errorInfo();
show_pdo_errors_if_any($pdo);
user_set_password($uid, NULL);
/* Since the user already has a type, user_save won't create this
* entry for us, so do it here */
$stmt = $pdo->prepare("INSERT INTO users_$type (users_id) VALUES('$uid')");
$stmt->execute();
echo $pdo->errorInfo();
show_pdo_errors_if_any($pdo);
/* Load the complete user */
$u = user_load($uid);
// echo "user_create / user_load($uid) returned <pre>";
@ -889,7 +891,7 @@ function user_auth_required($type, $access='')
}
/* Forward to password expired, remember the target URI */
if($_SESSION['password_expired'] == true) {
if(get_value_from_array($_SESSION, 'password_expired') == true) {
$_SESSION['request_uri'] = $_SERVER['REQUEST_URI'];
header("location: {$config['SFIABDIRECTORY']}/user_password.php");
exit;

10
user_activate.php
View File

@ -33,7 +33,7 @@
}
/* Sort out who we're editting */
if($_POST['users_id'])
if(get_value_from_array($_POST, 'users_id'))
$eid = intval($_POST['users_id']); /* From a save form */
else if(array_key_exists('embed_edit_id', $_SESSION))
$eid = $_SESSION['embed_edit_id']; /* From the embedded editor */
@ -48,7 +48,7 @@ if($eid != $_SESSION['users_id']) {
$u = user_load($eid);
/* Validate the type */
if($_GET['action'] != '' && $_GET['action'] != 'delete') {
if(get_value_from_array($_GET, 'action') != '' && $_GET['action'] != 'delete') {
$action_type = $_GET['type'];
if(!in_array($action_type, $user_types)) {
echo "ERROR: not an allowed type.";
@ -57,7 +57,7 @@ if($eid != $_SESSION['users_id']) {
$action_what = $user_what[$action_type];
}
switch($_GET['action']) {
switch(get_value_from_array($_GET, 'action')) {
case 'delete':
//okay here we go, lets get rid of them completely, since this is what theyve asked for
message_push(happy(i18n("Account successfully deleted. Goodbye")));
@ -92,7 +92,7 @@ case 'remove':
$u = user_load($u['id']);
if($_SESSION['embed'] == true) {
if(get_value_from_array($_SESSION, 'embed') == true) {
echo "<br/>";
display_messages();
echo "<h3>".i18n("Role and Account Management")."</h3>";
@ -182,5 +182,5 @@ function remove(type)
echo "<input style=\"width: 300px;\" onclick=\"return confirmClick('".i18n("Are you sure you want to completely delete your account?\\nDoing so will remove you from our mailing list for future years and you will never hear from us again.\\nThis action cannot be undone.")."')\" type=\"submit\" value=\"".i18n("Delete Entire Account")."\">";
echo "</form>";
if($_SESSION['embed'] != true) send_footer();
if(get_value_from_array($_SESSION, 'embed') != true) send_footer();
?>

6
user_invite.php
View File

@ -29,7 +29,7 @@
//include "judges.inc.php";
/* AJAX query */
if(intval($_GET['ajax']) == 1) {
if(intval(get_value_from_array($_GET,'ajax')) == 1) {
/* Do ajax processing for this file */
$email = stripslashes($_GET['email']);
$type = $_GET['type'];
@ -158,7 +158,7 @@
echo "<br />";
$allowed_types = array('judge', 'volunteer');
$type = $_POST['type'];
$type = get_value_from_array($_POST,'type');
if($type == '') $type = $_GET['type'];
if($type != '') {
if(!in_array($type, $allowed_types)) {
@ -167,7 +167,7 @@
}
}
if($_POST['action']!="" && $_POST['email'] && $type != '') {
if(get_value_from_array($_POST, 'action',"") && get_value_from_array($_POST,'email') && ($type != '')) {
$allowed_actions = array('notexist','norole','noyear');
$email = stripslashes($_POST['email']);

6
user_password.php
View File

@ -56,10 +56,10 @@
$back_link = "{$type}_main.php";
unset($_SESSION['request_uri']);
$password_expiry_days = $config["{$type}_password_expiry_days"];
$password_expiry_days = get_value_from_array($config, "{$type}_password_expiry_days");
if($_POST['action']=="save")
if(get_value_from_array($_POST, 'action') == "save")
{
$pass = $_POST['pass1'];
//first, lets see if they choosed the same password again (bad bad bad)
@ -90,7 +90,7 @@
,"change_password"
);
if($_SESSION['password_expired'] == true)
if(get_value_from_array($_SESSION, 'password_expired') == true)
{
echo i18n('Your password has expired. You must choose a new password now.');
}

11
user_personal.php
View File

@ -70,7 +70,7 @@
);
/* Sort out who we're editting */
if($_POST['users_id'])
if(get_value_from_array($_POST, 'users_id'))
$eid = intval($_POST['users_id']); /* From a save form */
else if(array_key_exists('embed_edit_id', $_SESSION))
$eid = $_SESSION['embed_edit_id']; /* From the embedded editor */
@ -102,7 +102,7 @@ if($eid != $_SESSION['users_id']) {
$fields[] = 'password';
}
switch($_GET['action']) {
switch(get_value_from_array($_GET, 'action')) {
case 'save':
$users_id = intval($_POST['users_id']);
if($users_id != $_SESSION['users_id']) {
@ -176,7 +176,7 @@ case 'save':
//send the header
if($_SESSION['embed'] == true) {
if(get_value_from_array($_SESSION, 'embed') == true) {
echo "<br/>";
display_messages();
echo "<h3>".i18n("Personal Information")."</h3>";
@ -225,6 +225,7 @@ function item($user, $fname, $subtext='')
global $fields, $required;
global $errorfields;
global $user_personal_fields;
global $style;
if(in_array($fname, $fields)) {
$text = i18n($user_personal_fields[$fname]['name']);
@ -235,7 +236,7 @@ function item($user, $fname, $subtext='')
$req = in_array($fname, $required) ? REQUIREDFIELD : '';
switch($user_personal_fields[$fname]['type']) {
switch($user_personal_fields[$fname]['name']) {
case 'yesno':
echo "<select name=\"$fname\">";
$sel = ($user[$fname]=='yes') ? 'selected="selected"' : '';
@ -383,7 +384,7 @@ echo "</form>";
echo "<br />";
if($_SESSION['embed'] != true) {
if(get_value_from_array($_SESSION, 'embed') != true) {
send_footer();
}

9
winners.php
View File

@ -24,6 +24,7 @@
<?
require("common.inc.php");
require("projects.inc.php");
require_once('helper.inc.php');
send_header("Winners");
@ -74,7 +75,7 @@ if(get_value_from_array($_GET, 'year') && get_value_from_array($_GET, 'type')) {
ORDER BY
awards_order");
echo $pdo->errorInfo();
show_pdo_errors_if_any($pdo);
if($q->rowCount())
{
@ -279,7 +280,11 @@ else
award_types.order
");
$tq->execute();
echo $pdo->errorInfo();
$errorInfo = $pdo->errorInfo();
if ($errorInfo[0] != '00000') {
// If there's an error (the SQLSTATE isn't '00000', which means no error)
echo "Error: " . $errorInfo[2]; // The third element contains the error message
}
while($tr=$tq->fetch(PDO::FETCH_OBJ)) {
echo "&nbsp;&nbsp;<a href=\"winners.php?year=$r->year&type=$tr->type\">".i18n("%1 $tr->type award winners",array($r->year))."</a><br />";
}