Compare commits

..

No commits in common. "6af995ce3c5ab077f81865b38b8d3c97aa3fb6cc" and "01ea27a39f74f43181faf18ceefe06df22a2e233" have entirely different histories.

36 changed files with 650 additions and 549 deletions

View File

@ -25,7 +25,7 @@
require_once("../common.inc.php");
require_once("../user.inc.php");
require_once("../committee.inc.php");
require_once("../chat.inc.php");
user_auth_required('committee','admin');
@ -33,7 +33,7 @@
array('Committee Main' => 'committee_main.php'),
"administration");
draw_chatbox('general');
echo "<table class=\"adminconfigtable\">";
echo " <tr>";

View File

@ -36,16 +36,12 @@ $auth_type = user_auth_required(array('fair','committee'), 'admin');
if($_GET['year']) $year=$_GET['year'];
else $year=$config['FAIRYEAR'];
$q = $pdo->prepare("SELECT * FROM projectcategories WHERE year='$year' ORDER BY id");
$q->execute();
while($r=$q->fetch(PDO::FETCH_OBJ))
$q=mysql_query("SELECT * FROM projectcategories WHERE year='$year' ORDER BY id");
while($r=mysql_fetch_object($q))
$cats[$r->id]=$r->category;
$q = $pdo->prepare("SELECT * FROM projectdivisions WHERE year='$year' ORDER BY id");
$q->execute();
while($q->fetch(PDO::FETCH_OBJ))
$q=mysql_query("SELECT * FROM projectdivisions WHERE year='$year' ORDER BY id");
while($r=mysql_fetch_object($q))
$divs[$r->id]=$r->division;
$action=$_GET['action'];

View File

@ -39,13 +39,11 @@ $report_judges_cats = array();
function report_judges_load_divs($year)
{
global $report_judges_divs;
global $pdo;
/* Load divisions for this year, only once */
if(!array_key_exists($year, $report_judges_divs)) {
$report_judges_divs[$year] = array();
$q = $pdo->prepare("SELECT * FROM projectdivisions WHERE year='$year'");
$q->execute();
while(($d =$q->fetch(PDO::FETCH_ASSOC))) {
$q = mysql_query("SELECT * FROM projectdivisions WHERE year='$year'");
while(($d = mysql_fetch_assoc($q))) {
$report_judges_divs[$year][$d['id']] = $d;
}
}
@ -53,11 +51,9 @@ function report_judges_load_divs($year)
function report_judges_load_cats($year)
{
global $report_judges_cats;
global $pdo;
if(!array_key_exists($year, $report_judges_cats)) {
$q = $pdo->prepare("SELECT * FROM projectcategories WHERE year='$year'");
$q->execute();
while(($c = $q->fetch(PDO::FETCH_ASSOC))) {
$q = mysql_query("SELECT * FROM projectcategories WHERE year='$year'");
while(($c = mysql_fetch_assoc($q))) {
$report_judges_cats[$year][$c['id']] = $c;
}
}
@ -912,7 +908,6 @@ function report_judges_update_cats($year)
report_judges_load_cats($year);
////FIXME No check for empty projectcategories, please check the NULL case of count($report_judges_cats[$year])
if(count($report_judges_cats[$year]) > 10) {
echo "Not enough judge age category fields, please file a bug report at sfiab.ca and report that you have ".count($report_judges_cats[$year])." age categories, but the system can handle a maximum of 10.";
exit;

View File

@ -146,11 +146,11 @@ function report_student_regfee_item($report, $field, $text) {
}
}
$q = $pdo->prepare("SELECT * FROM regfee_items WHERE year='{$config['FAIRYEAR']}'");
$q->execute();
$q = mysql_query("SELECT * FROM regfee_items WHERE year='{$config['FAIRYEAR']}'");
$regfeeitems=array();
$first=true;
while($i = $q->fetch(PDO::FETCH_ASSOC)) {
while($i = mysql_fetch_assoc($q)) {
$regfeeitems["regfee_item_".$i['id']] = array (
'name' => "Registration Fee Items -- {$i['name']}",
'header' => $i['name'],
@ -1069,7 +1069,7 @@ $report_students_fields = array(
'name' => 'Fair -- Name',
'header' => 'Fair Name',
'width' => 3,
'table' => "'".$config['fairname']."'"),
'table' => "'".mysql_escape_string($config['fairname'])."'"),
'fair_logo' => array(
'name' => 'Fair -- Logo (for Labels only)',

26
chat.ajax.php Normal file
View File

@ -0,0 +1,26 @@
<?php
require_once('common.inc.php');
//authent_required();
if(array_key_exists('collapsed', $_POST)){
$_SESSION['chat_collapsed'] = $_POST['collapsed'];
}
if(!array_key_exists('subject', $_POST) || !array_key_exists('action', $_POST)){
exit;
}
$params = array();
$params[] = 'since=' . (array_key_exists('since', $_POST) ? intval($_POST['since']) : 0);
$params[] = 'subject=' . urlencode($_POST['subject']);
if(array_key_exists('message', $_POST)){
$message = htmlspecialchars($_POST['message']);
$params[] = 'message=' . urlencode($message);
}
$params[] = 'user=' . urlencode($_SESSION['name']);
$params[] = 'fairname=' . urlencode($config['fairname']);
$ch = curl_init();
curl_setopt ($ch, CURLOPT_URL, 'http://sfiab.ca/messageExchange.php');
curl_setopt ($ch, CURLOPT_POST, 1);
curl_setopt ($ch, CURLOPT_POSTFIELDS, implode('&', $params));
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
$result = curl_exec ($ch);
echo $result;

270
chat.inc.php Normal file
View File

@ -0,0 +1,270 @@
<?
/*
This file is part of the 'Science Fair In A Box' project
SFIAB Website: http://www.sfiab.ca
Copyright (C) 2005 Sci-Tech Ontario Inc <info@scitechontario.org>
Copyright (C) 2005-2008 James Grant <james@lightbox.org>
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public
License as published by the Free Software Foundation, version 2.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; see the file COPYING. If not, write to
the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
Boston, MA 02111-1307, USA.
*/
?>
<?php
function draw_chatbox($subject){
global $config;
$chatCollapsed = $_SESSION['chat_collapsed'] ? 1 : 0;
?>
<style type="text/css">
#chatbox_wrapper{
border: 3px solid;
border-color: #EEEEFF #5C6F90 #5C6F90 #EEEEFF;
border-radius: 8px;
display:inline-block;
width: <?=($chatCollapsed ? '0px' : '30em')?>;
height: 38em;
float:right;
margin: 1em;
padding: 1.25em;
background-color: #E0E0FF;
position:relative;
}
#chatbox_dialogue{
width:100%;
height: 30em;
top: 0.5em;
overflow:auto;
border: 3px solid;
border-color: #5C6F90 #EEEEFF #EEEEFF #5C6F90;
background-color: #FFF;
border-radius: 3px;
<?php
if($chatCollapsed) echo "display: none;\n";
?>
}
#chatbox_separator{
border-top:1px solid white;
height: 1.5em;
}
#chatbox_input{
width: 100%;
background-color: #FFF;
height: 3em;
border: 3px solid;
border-radius: 3px;
border-color: #5C6F90 #EEEEFF #EEEEFF #5C6F90;
display: none;
}
#chatbox_submit{
margin: 0;
margin-top: 0.5em;
width: 100%;
border-radius: 3px;
background-color: #CECEDF;
border-color: #E8E8EE #5C6F90 #5C6F90 #E8E8EE;
font-size: 18px;
height: 1.5em;
line-height: 1em;
font-weight: normal;
display: none;
}
div.chatbox_messageHeader{
margin-top: 1em;
border-top: 1px solid #668;
border-bottom: 1px solid #224;
background-color: #557;
color: #FFF;
}
#chatbox_collapsebutton{
position: absolute;
left: 0;/*32em;*/
top: 0;/*16em;*/
width: 1.2em;
height: 1.2em;
line-height: 1.2em;
text-align:center;
cursor:pointer;
/* border-radius: 0.5em;
background-color: #CECEDF;
border: 2px solid;
border-color: #EEEEFF #5C6F90 #5C6F90 #EEEEFF;
*/
}
</style>
<script type="text/javascript">
var lastMessageIndex = {};
var ajaxLock = false;
var refreshRate = 30000;
var viewCollapsed = <?=$chatCollapsed;?>;
$(document).ready(function(){
loadChat('<?=$subject;?>', function(){
setTimeout(function(){refreshChat('<?=$subject;?>');}, refreshRate);
if(!viewCollapsed){
$('#chatbox_input').css('display', 'block');
$('#chatbox_submit').css('display', 'block');
}
$('#chatbox_input').focus(function(event){
$('#chatbox_input').val('');
$('#chatbox_input').unbind(event)
});
});
});
function doSubmit(){
postMessage('<?=$subject;?>', $('#chatbox_input').val());
$('#chatbox_input').val('');
}
function loadChat(subject, callback){
ajaxLock = true;
if(callback == undefined) callback = function(){};
if(lastMessageIndex[subject] == undefined) lastMessageIndex[subject] = 0;
$.post(
'<?=$config['SFIABDIRECTORY']?>/chat.ajax.php',
{'action':'fetch', 'subject':subject, 'since':lastMessageIndex[subject]},
function(result){
ajaxLock = false;
handleReply(subject, result);
callback();
}
);
}
function refreshChat(subject){
if(ajaxLock == false){
ajaxLock = true;
$.post(
'<?=$config['SFIABDIRECTORY']?>/chat.ajax.php',
{'action':'fetch', 'subject':subject, 'since':lastMessageIndex[subject]},
function(result){
ajaxLock = false;
handleReply(subject, result);
}
);
setTimeout(function(){refreshChat(subject);}, refreshRate);
}else{
setTimeout(function(){refreshChat(subject);}, refreshRate);
}
}
function postMessage(subject, message){
if(ajaxLock == false){
ajaxLock = true;
message = $.trim(message);
if(message.length > 0){
$.post(
'<?=$config['SFIABDIRECTORY']?>/chat.ajax.php',
{'action':'fetch', 'subject':subject, 'message':message, 'since':lastMessageIndex[subject]},
function(result){
ajaxLock = false;
handleReply(subject, result);
}
);
}
}else{
setTimeout(function(){postMessage(subject, message);}, 200 + 400 * Math.random());
}
}
function textMessage(time, speaker, fairname, text){
var line = $('<div></div>');
var header = $('<div class="chatbox_messageHeader"></div>');
if(fairname != null) header.append(fairname + "<br/>");
header.append('<strong>' + speaker + '</strong>');
if(time) header.append('<span style="float:right">' + time + '</span>');
line.html(text);
$('#chatbox_dialogue').append(header);
$('#chatbox_dialogue').append(line);
$('#chatbox_dialogue').animate({ scrollTop: $('#chatbox_dialogue').attr("scrollHeight") - $('#chatbox_dialogue').height() }, 0);
}
function errorMessage(text){
var line = $('<div class="error"></div>');
line.html('<strong>' + text + '</strong>');
$('#chatbox_dialogue').append(line);
$('#chatbox_dialogue').animate({ scrollTop: $('#chatbox_dialogue').attr("scrollHeight") - $('#chatbox_dialogue').height() }, 0);
}
function systemMessage(text){
var line = $('<div></div>');
line.html('<strong>' + text + '</strong>');
$('#chatbox_dialogue').append(line);
$('#chatbox_dialogue').animate({ scrollTop: $('#chatbox_dialogue').attr("scrollHeight") - $('#chatbox_dialogue').height() }, 0);
}
function handleReply(subject, response){
var data;
eval('data = ' + response);
if(data.info.length > 0){
for(n in data.info){
systemMessage(data.info[n].text);
}
}
if(data.error.length > 0){
for(n in data.error){
errorMessage(data.error[n]);
}
}
if(data.message.length > 0){
for(n in data.message){
textMessage(
data.message[n].time,
data.message[n].speaker,
data.message[n].fairname,
data.message[n].text
);
lastMessageIndex[subject] = data.message[n].index;
}
}
}
function toggleView(){
var newWidth, callback;
if(viewCollapsed){
newWidth = '30em';
viewCollapsed = false;
$('#chatbox_input').css('display', 'block');
$('#chatbox_submit').css('display', 'block');
$('#chatbox_dialogue').css('display', 'block');
$('#chatbox_collapsebutton').html('&raquo;');
callback = function(){
$('#chatbox_dialogue').animate({ scrollTop: $('#chatbox_dialogue').attr("scrollHeight") - $('#chatbox_dialogue').height() }, 0);
}
}else{
newWidth = '0px';
viewCollapsed = true;
callback = function(){
$('#chatbox_input').css('display', 'none');
$('#chatbox_submit').css('display', 'none');
$('#chatbox_dialogue').css('display', 'none');
$('#chatbox_collapsebutton').html('&laquo;');
}
}
$.post('<?=$config['SFIABDIRECTORY']?>/chat.ajax.php',{'collapsed':viewCollapsed ? '1' : '0'});
$('#chatbox_wrapper').animate({'width':newWidth}, 500, callback);
}
</script>
<div id="chatbox_wrapper">
<div id="chatbox_dialogue"></div>
<div id="chatbox_separator"></div>
<textarea id="chatbox_input">Type your message here...</textarea>
<button id="chatbox_submit" type="submit" onclick="doSubmit(); return false;">send</button>
<div id="chatbox_collapsebutton" onclick="toggleView();"><?php
if($chatCollapsed) echo "&laquo;\n";
else echo "&raquo;";
?></div>
</div>
<pre>
</pre>
<?php
}

View File

@ -27,13 +27,10 @@
send_header("Committee List", null, "committee_management");
echo "<table>";
$q = $pdo->prepare("SELECT * FROM committees ORDER BY ord,name");
$q->execute();
while($r=$q->fetch())
{
/* Select all the u$q=("SELECT * FROM committees ORDER BY ord,name");sers in the committee, using MAX(year) for the most recent year */
$q2=("SELECT committees_link.*,users.uid,MAX(users.year),users.lastname
$q=mysql_query("SELECT * FROM committees ORDER BY ord,name");
while($r=mysql_fetch_object($q)) {
/* Select all the users in the committee, using MAX(year) for the most recent year */
$q2=mysql_query("SELECT committees_link.*,users.uid,MAX(users.year),users.lastname
FROM committees_link LEFT JOIN users ON users.uid = committees_link.users_uid
WHERE committees_id='{$r->id}'
GROUP BY users.uid ORDER BY ord,users.lastname ");
@ -46,8 +43,8 @@
echo "<td colspan=\"3\"><h3>".i18n($r->name)."</h3>";
echo "</td></tr>\n";
echo pdo->errorInfo();
while($r2 = $q2->fetch()){
echo mysql_error();
while($r2=mysql_fetch_object($q2)) {
$uid = $r2->users_uid;
$u = user_load_by_uid($uid);

View File

@ -22,14 +22,15 @@
*/
?>
<?
//////echo phpinfo();
header("Content-Type: text/html; charset=utf8");
//if we dont set the charset any page that doesnt call send_header() (where it used to be set) would defualt to the server's encoding,
//which in many cases (like ysf-fsj.ca/sfiab) is UTF-8. This was causing a lot of the newly AJAX'd editors to fail on french characters,
//becuase they were being encoded improperly. Ideally, all the databases will be switched to UTF-8, but thats not a near-term possibility,
//so this is kind of a band-aid solution until we can make everything UTF8. Hope it doesnt break anything anywhere else!
header("Content-Type: text/html; charset=iso-8859-1");
//set error reporting to not show notices, for some reason some people's installation dont set this by default
//so we will set it in the code instead just to make sure
#error_reporting(E_ALL);
error_reporting( E_ALL ^ E_WARNING );
#error_reporting( E_ALL ^ E_WARNING ^ E_NOTICE ^ E_DEPRECATED );
error_reporting( E_ALL ^ E_WARNING ^ E_NOTICE ^ E_DEPRECATED );
define('REQUIREDFIELD','<span class="requiredfield">*</span>');
@ -84,11 +85,16 @@ else
exit;
}
$dsn = "mysql:host=db;dbname=sfiab;charset=utf8mb4";
/*
difference between MySQL <5.1 and 5.1:
in <5.1 in must have internall truncated it at 16 before comparing with the hard-coded 16 character database limit
in 5.1 it doesnt truncate and compares the full string with the hardcoded 16 character limit, so all our very long usernames
are now failing
James - Dec 30 2010
*/
$DBUSER=substr($DBUSER,0,16);
$pdo = new PDO($dsn,$DBUSER,$DBPASS,$dsn_options);
if(!$pdo)
if(!mysql_connect($DBHOST,$DBUSER,$DBPASS))
{
echo "<html><head><title>SFIAB ERROR</title></head><body>";
echo "<h1>Science Fair In A Box - ERROR</h1>";
@ -96,18 +102,23 @@ if(!$pdo)
echo "</body></html>";
exit;
}
if(!mysql_select_db($DBNAME))
{
echo "<html><head><title>SFIAB ERROR</title></head><body>";
echo "<h1>Science Fair In A Box - ERROR</h1>";
echo "Cannot select database!";
echo "</body></html>";
exit;
}
//this will silently fail on mysql 4.x, but is needed on mysql5.x to ensure we're only using iso-8859-1 (/latin1) encodings
@mysql_query("SET NAMES latin1");
//find out the fair year and any other 'year=0' configuration parameters (things that dont change as the years go on)
$q=@mysql_query("SELECT * FROM config WHERE year='0'");
//we might get an error if installation step 2 is not done (ie, the config table doesnt even exist)
//if we have 0 (<1) then install2 is not done, which would get caught above,
//if we have 1 (<2) then insatll3 is not done (no entries for FAIRYEAR and SFIABDIRECTORY)
$q = $pdo->prepare("SELECT * FROM config WHERE year='0'");
$q->execute();
if($pdo->errorInfo()[0] != '00000')
if(mysql_error())
{
echo "<html><head><title>SFIAB ERROR</title></head><body>";
echo "<h1>Science Fair In A Box - ERROR</h1>";
@ -116,9 +127,9 @@ if($pdo->errorInfo()[0] != '00000')
echo "</body></html>";
exit;
}
if($q->rowCount()<2)
//if we have 0 (<1) then install2 is not done, which would get caught above,
//if we have 1 (<2) then insatll3 is not done (no entries for FAIRYEAR and SFIABDIRECTORY)
if(mysql_num_rows($q)<2)
{
echo "<html><head><title>SFIAB ERROR</title></head><body>";
echo "<h1>Science Fair In A Box - ERROR</h1>";
@ -129,11 +140,10 @@ if($q->rowCount()<2)
}
else
{
while($r=$q->fetch())
{
while($r=mysql_fetch_object($q))
{
$config[$r['var']]=$r['val'];
$config[$r->var]=$r->val;
}
}
@ -141,7 +151,6 @@ $dbdbversion=$config['DBVERSION'];
$dbcodeversion=@file($prependdir."db/db.code.version.txt");
$dbcodeversion=trim($dbcodeversion[0]);
if(!$dbdbversion)
{
echo "<html><head><title>SFIAB ERROR</title></head><body>";
@ -173,20 +182,42 @@ if($dbcodeversion!=$dbdbversion)
exit;
}
/* Check that magic_quotes is OFF */
if(get_magic_quotes_gpc()) {
?>
<html><head><title>SFIAB ERROR</title></head><body>
<h1>Science Fair In A Box - ERROR</h1>
<p>Your PHP configuration has magic_quotes ENABLED. They should be
disabled, and are disabled in the .htaccess file, so your server is
ignoring the .htaccess file or overriding it.
<p>Magic quotes is DEPRECATED as of PHP 5.3.0, REMOVE as of 6.0, but ON
by default for any PHP &lt; 5.3.0.
<p>It's a pain in the butt because PHP runs urldecode() on all inputs
from GET and POST, but if it sees the string has quotes, then it escapes
existing quotes before passing it to us. This is a problem for json_decode
where we do not want this behaviour, and thus need to pass through stripslashes()
first, but only if magicquotes is ON. If it's off, stripslashes will
break json_decode.
<p>Add <pre>php_flag magic_quotes_gpc off</pre> to the .htacces, or add
<pre>php_flag magic_quotes_gpc=off</pre> to php.ini
<br></body></html>
<?
exit;
}
//now pull the rest of the configuration
$q = $pdo->prepare("SELECT * FROM config WHERE year='".$config['FAIRYEAR']."'");
$q->execute();
while($r=$q->fetch())
$q=mysql_query("SELECT * FROM config WHERE year='".$config['FAIRYEAR']."'");
while($r=mysql_fetch_object($q))
{
$config[$r['var']]=$r['val'];
$config[$r->var]=$r->val;
}
//now pull the dates
$q = $pdo->prepare("SELECT * FROM dates WHERE year='".$config['FAIRYEAR']."'");
$q->execute();
while($r=$q->fetch())
$q=mysql_query("SELECT * FROM dates WHERE year='".$config['FAIRYEAR']."'");
while($r=mysql_fetch_object($q))
{
$config['dates'][$r['name']]=$r['date'];
$config['dates'][$r->name]=$r->date;
}
//and now pull the theme
@ -195,8 +226,6 @@ require_once("theme/{$config['theme_icons']}/icons.php");
require_once("committee.inc.php");
session_start();
if($config['SFIABDIRECTORY'] == '') {
session_name("SFIABSESSID");
session_set_cookie_params(0,'/');
@ -204,6 +233,7 @@ if($config['SFIABDIRECTORY'] == '') {
session_name("SFIABSESSID".preg_replace("/[^A-Za-z]/","_",$config['SFIABDIRECTORY']));
session_set_cookie_params(0,$config['SFIABDIRECTORY']);
}
session_start();
//detect the browser first, so we know what icons to use - we store this in the config array as well
//even though its not configurable by the fair
@ -215,18 +245,17 @@ else
//now get the languages, and make sure we have at least one active language
$q=$pdo->prepare("SELECT * FROM languages WHERE active='Y' ORDER BY langname");
$q->execute();
if($q->rowCount()==0)
$q=mysql_query("SELECT * FROM languages WHERE active='Y' ORDER BY langname");
if(mysql_num_rows($q)==0)
{
echo "No active languages defined, defaulting to English";
$config['languages']['en']="English";
}
else
{ while($r=$q->fetch())
{
while($r=mysql_fetch_object($q))
{
$config['languages'][$r['lang']]=$r['langname'];
$config['languages'][$r->lang]=$r->langname;
}
}
//now if no language has been set yet, lets set it to the default language
@ -250,7 +279,7 @@ if($_GET['switchlanguage'])
if($config['languages'][$_GET['switchlanguage']])
{
$_SESSION['lang']=$_GET['switchlanguage'];
}
else
{
@ -259,7 +288,7 @@ if($_GET['switchlanguage'])
}
function i18n($str,$args=array(),$argsdesc=array(),$forcelang="")
{ global $pdo;
{
if(!$str)
return "";
@ -282,15 +311,12 @@ function i18n($str,$args=array(),$argsdesc=array(),$forcelang="")
}
else
{
$q = $pdo->prepare("SELECT * FROM translations WHERE lang='".$_SESSION['lang']."' AND strmd5='".md5($str)."'");
$q->execute();
if($r = $q->fetch())
$q=mysql_query("SELECT * FROM translations WHERE lang='".$_SESSION['lang']."' AND strmd5='".md5($str)."'");
if($r=@mysql_fetch_object($q))
{
if($r["val"])
if($r->val)
{
$ret=$r["val"];
$ret=$r->val;
for($x=1;$x<=count($args);$x++)
{
@ -322,13 +348,12 @@ function i18n($str,$args=array(),$argsdesc=array(),$forcelang="")
$n++;
}
$argsdescstring=substr($argsdescstring,0,-2);
$argsdescstring=pdo->quote($argsdescstring)."'";
$argsdescstring="'".mysql_escape_string($argsdescstring)."'";
}
else
$argsdescstring="null";
$stmt = $pdo->prepare("INSERT INTO translations (lang,strmd5,str,argsdesc) VALUES (?,?,?,?)");
$stmt->execute([$_SESSION['lang'], md5($str), $pdo->quote($str), $argsdescstring]);
mysql_query("INSERT INTO translations (lang,strmd5,str,argsdesc) VALUES ('".$_SESSION['lang']."','".md5($str)."','".mysql_escape_string($str)."',$argsdescstring)");
for($x=1;$x<=count($args);$x++)
{
$str=str_replace("%$x",$args[$x-1],$str);
@ -395,13 +420,12 @@ function send_header($title="", $nav=null, $icon=null, $titletranslated=false)
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head><title><? //if($title && !$titletranslated) echo i18n($title); else if($title) echo $title; else echo i18n($config['fairname']); ?></title>
<head><title><? if($title && !$titletranslated) echo i18n($title); else if($title) echo $title; else echo i18n($config['fairname']); ?></title>
<link rel="stylesheet" href="<?=$config['SFIABDIRECTORY']?>/theme/<?=$config['theme']?>/jquery-ui-1.7.2.custom.css" type="text/css" media="all" />
<link rel="stylesheet" href="<?=$config['SFIABDIRECTORY']?>/theme/<?=$config['theme']?>/sfiab.css" type="text/css" media="all" />
<link rel="stylesheet" href="<?=$config['SFIABDIRECTORY']?>/tableeditor.css" type="text/css" media="all" />
</head>
<body>
<!-- <? if($title && !$titletranslated) echo i18n($title); else if($title) echo $title; else echo i18n($config['fairname']); ?> -->
<script type="text/javascript" src="<?=$config['SFIABDIRECTORY']?>/js/jquery/1.3.2/jquery.min.js"></script>
<script type="text/javascript" src="<?=$config['SFIABDIRECTORY']?>/js/jqueryui/1.7.2/jquery-ui.min.js"></script>
<script type="text/javascript" src="<?=$config['SFIABDIRECTORY']?>/js/sfiab.js"></script>
@ -465,8 +489,8 @@ echo "</div>";
//only display it if a date is set to begin with.
if($config['dates']['postparticipants'] && $config['dates']['postparticipants']!="0000-00-00 00:00:00")
{
$q=("SELECT (NOW()>'".$config['dates']['regclose']."') AS test");
$r=$q->fetch();
$q=mysql_query("SELECT (NOW()>'".$config['dates']['regclose']."') AS test");
$r=mysql_fetch_object($q);
if($r->test==1)
{
$registrationconfirmationlink="<li><a href=\"".$config['SFIABDIRECTORY']."/confirmed_participants.php\">".i18n("Confirmed Participants")."</a></li>";
@ -842,10 +866,10 @@ function emit_time_selector($name,$selected="")
function emit_province_selector($name,$selected="",$extra="")
{
global $config;
$q=("SELECT * FROM provinces WHERE countries_code='".mysql_escape_string($config['country'])."' ORDER BY province");
$q=mysql_query("SELECT * FROM provinces WHERE countries_code='".mysql_escape_string($config['country'])."' ORDER BY province");
if(mysql_num_rows($q)==1)
{
$r = $q->fetch();
$r=mysql_fetch_object($q);
echo "<input type=\"hidden\" name=\"$name\" value=\"$r-code\">";
echo i18n($r->province);
}
@ -853,7 +877,7 @@ function emit_province_selector($name,$selected="",$extra="")
{
echo "<select name=\"$name\" $extra>\n";
echo "<option value=\"\">".i18n("Select a {$config['provincestate']}")."</option>\n";
while($r = $q->fetch())
while($r=mysql_fetch_object($q))
{
if($r->code == $selected) $sel="selected=\"selected\""; else $sel="";
@ -956,8 +980,8 @@ function email_send($val,$to,$sub_subject=array(),$sub_body=array())
return false;
}
$q=("SELECT * FROM emails WHERE val='$val'");
if($r = $q->fetch()) {
$q=mysql_query("SELECT * FROM emails WHERE val='$val'");
if($r=mysql_fetch_object($q)) {
//we dont want to translate these, the messages themselves shoudl contain whatever languages they need
$subject=$r->subject;
$body=$r->body;
@ -1042,8 +1066,8 @@ function getEmailRecipientsForRegistration($reg_id)
{
global $config;
//okay first grab the registration record, to see if we should email the kids, the teacher, and/or the parents
$q=("SELECT * FROM registrations WHERE id='$reg_id' AND year='{$config['FAIRYEAR']}'");
$registration=$q->fetch();
$q=mysql_query("SELECT * FROM registrations WHERE id='$reg_id' AND year='{$config['FAIRYEAR']}'");
$registration=mysql_fetch_object($q);
if($registration->emailcontact && isEmailAddress($registration->emailcontact)) {
$ret[]=array("to"=>$registration->emailcontact,
@ -1053,9 +1077,9 @@ function getEmailRecipientsForRegistration($reg_id)
);
}
$sq=("SELECT * FROM students WHERE registrations_id='$reg_id' AND year='{$config['FAIRYEAR']}'");
$sq=mysql_query("SELECT * FROM students WHERE registrations_id='$reg_id' AND year='{$config['FAIRYEAR']}'");
$ret=array();
while($sr=$sq->fetch()) {
while($sr=mysql_fetch_object($sq)) {
if($sr->email && isEmailAddress($sr->email)) {
$to=$sr->email;
@ -1072,17 +1096,14 @@ function getEmailRecipientsForRegistration($reg_id)
function output_page_text($textname)
{
global $config;
global $pdo;
$q = $pdo->prepare("SELECT * FROM pagetext WHERE textname='$textname' AND year='".$config['FAIRYEAR']."' AND lang='".$_SESSION['lang']."'");
$q->execute();
if($q->rowCount())
$r = $q->fetch();
$q=mysql_query("SELECT * FROM pagetext WHERE textname='$textname' AND year='".$config['FAIRYEAR']."' AND lang='".$_SESSION['lang']."'");
if(mysql_num_rows($q))
$r=mysql_fetch_object($q);
else
{
//not defined, lets grab the default text
$q=("SELECT * FROM pagetext WHERE textname='$textname' AND year='-1' AND lang='".$config['default_language']."'");
$r = $q->fetch();
$q=mysql_query("SELECT * FROM pagetext WHERE textname='$textname' AND year='-1' AND lang='".$config['default_language']."'");
$r=mysql_fetch_object($q);
}
//if it looks like we have HTML content, dont do a nl2br, if there's no html, then do the nl2br
@ -1095,13 +1116,10 @@ function output_page_text($textname)
function output_page_cms($filename)
{
global $config;
global $pdo;
$q = $pdo->prepare("SELECT * FROM cms WHERE filename='".$filename."' AND lang='".$_SESSION['lang']."' ORDER BY dt DESC LIMIT 1");
$q->execute();
if($q->rowCount())
$q=mysql_query("SELECT * FROM cms WHERE filename='".mysql_escape_string($filename)."' AND lang='".$_SESSION['lang']."' ORDER BY dt DESC LIMIT 1");
if(mysql_num_rows($q))
{
$r = $q->fetch();
$r=mysql_fetch_object($q);
send_header($r->title,null,null,true);
if(file_exists("data/logo-200.gif") && $r->showlogo==1)
@ -1131,7 +1149,7 @@ function generatePassword($pwlen=8)
$key="";
for($x=0;$x<$pwlen;$x++)
$key.=$available[rand(0,$len)];
$key.=$available{rand(0,$len)};
return $key;
}
@ -1152,41 +1170,33 @@ function admin_warnings()
function committee_warnings()
{
global $config;
global $pdo;
//it is vital that each year the system be rolled over before we start it again
//we should do this, say, 4 months after the FAIRDATE, so its soon enough that they should see
//the message as soon as they login to start preparing for hte new year, but not too late to do it
//properly :)
$q = $pdo->prepare("SELECT DATE_ADD('".$config['dates']['fairdate']."', INTERVAL 4 MONTH) < NOW() AS rollovercheck");
$q->execute();
$r = $q->fetch();
$q=mysql_query("SELECT DATE_ADD('".$config['dates']['fairdate']."', INTERVAL 4 MONTH) < NOW() AS rollovercheck");
$r=mysql_fetch_object($q);
if($r->rollovercheck) {
echo error(i18n("It has been more than 4 months since your fair. In order to prepare the system for the next year's fair, you should go to the SFIAB Configuration page, and click on 'Rollover Fair Year'. Do not start updating the system with new information until the year has been properly rolled over."));
}
$warn = false;
$q = $pdo->prepare("SELECT * FROM award_prizes WHERE `external_identifier` IS NOT NULL
$q = mysql_query("SELECT * FROM award_prizes WHERE `external_identifier` IS NOT NULL
AND external_identifier=prize");
$q->execute();
if($q->rowCount() > 0) {
if(mysql_num_rows($q) > 0) {
/* The bug was that the external_identifier was set to the prize name.. so only display the warning
* if we find that case for a non-sfiab external fair */
while(($p = $q->fetch(PDO::FETCH_ASSOC) )) {
$qq = ("SELECT * FROM award_awards
while(($p = mysql_fetch_assoc($q) )) {
$qq = mysql_query("SELECT * FROM award_awards
LEFT JOIN fairs ON fairs.id=award_awards.award_source_fairs_id
WHERE award_awards.id='{$p['award_awards_id']}'
AND year='{$config['FAIRYEAR']}'
AND award_awards.award_source_fairs_id IS NOT NULL
AND fairs.type='ysc' ");
echo pdo->errorInfo();
echo mysql_error();
if(mysql_num_rows($qq) > 0) {
$warn;
$warn = true;
break;
}
}
@ -1396,7 +1406,7 @@ function getTextFromHtml($html) {
function getUserForSponsor($sponsor_id) {
// loop through each contact and draw a form with their data in it.
$q = ("SELECT *,MAX(year) FROM users LEFT JOIN users_sponsor ON users_sponsor.users_id=users.id
$q = mysql_query("SELECT *,MAX(year) FROM users LEFT JOIN users_sponsor ON users_sponsor.users_id=users.id
WHERE
sponsors_id='" . $sponsor_id . "'
AND types LIKE '%sponsor%'
@ -1405,7 +1415,7 @@ function getUserForSponsor($sponsor_id) {
ORDER BY users_sponsor.primary DESC,lastname,firstname
LIMIT 1
");
$r = $q->fetch();
$r=mysql_fetch_object($q);
return user_load_by_uid($r->uid);
}
@ -1414,8 +1424,8 @@ function projectdivisions_load($year = false)
global $config;
if($year == false) $year = $config['FAIRYEAR'];
$divs = array();
$q = ("SELECT * FROM projectdivisions WHERE year='$year'");
while(($d = $q->fetch(PDO::FETCH_ASSOC))) $divs[$d['id']] = $d;
$q = mysql_query("SELECT * FROM projectdivisions WHERE year='$year'");
while(($d = mysql_fetch_assoc($q))) $divs[$d['id']] = $d;
return $divs;
}
function projectcategories_load($year = false)
@ -1423,8 +1433,8 @@ function projectcategories_load($year = false)
global $config;
if($year == false) $year = $config['FAIRYEAR'];
$cats = array();
$q = ("SELECT * FROM projectcategories WHERE year='$year'");
while(($c = $q->fetch(PDO::FETCH_ASSOC))) $cats[$c['id']] = $d;
$q = mysql_query("SELECT * FROM projectcategories WHERE year='$year'");
while(($c = mysql_fetch_assoc($q))) $cats[$c['id']] = $d;
return $cats;
}

View File

@ -155,7 +155,7 @@ else if($_POST['action']=="restoreproceed") {
);
//make sure the filename's good before we used it
if(mb_ereg("^[a-z0-9]{32}$",$_POST['realfilename']) && file_exists("../data/backuprestore/".$_POST['realfilename'])) {
if(ereg("^[a-z0-9]{32}$",$_POST['realfilename']) && file_exists("../data/backuprestore/".$_POST['realfilename'])) {
$filename=$_POST['realfilename'];
echo i18n("Proceeding with database restore from %1",array($_POST['filename']))."...";
$lines=file("../data/backuprestore/$filename");
@ -163,13 +163,13 @@ else if($_POST['action']=="restoreproceed") {
echo "<pre>";
foreach($lines AS $line) {
$line=trim($line);
if(mb_ereg("^#TABLE: (.*)",$line,$args)) {
if(ereg("^#TABLE: (.*)",$line,$args)) {
//empty out the table
$sql="TRUNCATE TABLE `".$args[1]."`";
// echo $sql."\n";
mysql_query($sql);
}
else if(mb_ereg("^#",$line)) {
else if(ereg("^#",$line)) {
//just skip it
}
else
@ -312,7 +312,7 @@ else
$dh=opendir("../data/backuprestore");
$removed=false;
while($fn=readdir($dh)) {
if(mb_ereg("[a-z0-9]{32}",$fn)) {
if(ereg("[a-z0-9]{32}",$fn)) {
unlink("../data/backuprestore/$fn");
$removed=true;
}

View File

@ -143,9 +143,9 @@
echo "</tr>";
}
else
{ $q = $pdo->prepare("SELECT * FROM projectcategories WHERE year='".$config['FAIRYEAR']."' ORDER BY mingrade");
$q->execute();
while($r=$q->fetch(PDO::FETCH_OBJ))
{
$q=mysql_query("SELECT * FROM projectcategories WHERE year='".$config['FAIRYEAR']."' ORDER BY mingrade");
while($r=mysql_fetch_object($q))
{
echo "<tr>";
echo " <td align=\"center\">$r->id</td>";

View File

@ -31,10 +31,8 @@
,"important_dates"
);
$q = $pdo->prepare("SELECT * FROM dates WHERE year='-1'");
$q->execute();
while($r=$q->fetch(PDO::FETCH_OBJ)) {
$q=mysql_query("SELECT * FROM dates WHERE year='-1'");
while($r=mysql_fetch_object($q)) {
$defaultdates[$r->name]=$r;
}
@ -80,10 +78,8 @@ $dates = array('fairdate' => array() ,
'specawardregclose' => array());
/* Now copy the SQL data into the above array */
$q = $pdo->prepare("SELECT * FROM dates WHERE year='".$config['FAIRYEAR']."' ORDER BY date");
$q->execute();
while($r=$q->fetch(PDO::FETCH_OBJ)) {
$q=mysql_query("SELECT * FROM dates WHERE year='".$config['FAIRYEAR']."' ORDER BY date");
while($r=mysql_fetch_object($q)) {
$dates[$r->name]['description'] = $r->description;
$dates[$r->name]['id'] = $r->id;
$dates[$r->name]['date'] = $r->date;

View File

@ -184,9 +184,9 @@ if($_GET['action']=="edit" || $_GET['action']=="new") {
echo "</tr>";
}
else
{ $q = $pdo->prepare("SELECT * FROM projectdivisions WHERE year='".$config['FAIRYEAR']."' ORDER BY id");
$q->execute();
while($r=$q->fetch(PDO::FETCH_OBJ))
{
$q=mysql_query("SELECT * FROM projectdivisions WHERE year='".$config['FAIRYEAR']."' ORDER BY id");
while($r=mysql_fetch_object($q))
{
echo "<tr>";
echo " <td>$r->id</td>";

View File

@ -31,7 +31,6 @@
,"cwsf_project_divisions"
);
////// FIX ME!!!!!
if(count($_POST['cwsfdivision']))
{
foreach($_POST['cwsfdivision'] AS $k=>$v)

View File

@ -37,18 +37,16 @@
,"page_texts"
);
$q = $pdo->prepare("SELECT * FROM pagetext WHERE year='-1' ORDER BY textname");
$q->execute();
while($r=$q->fetch(PDO::FETCH_OBJ))
$q=mysql_query("SELECT * FROM pagetext WHERE year='-1' ORDER BY textname");
while($r=mysql_fetch_object($q))
{
foreach($config['languages'] AS $lang=>$langname) {
$q = $pdo->prepare("INSERT INTO pagetext (textname,textdescription,text,year,lang) VALUES (
'".$r->textname."',
'".$r->textdescription."',
'".$r->text."',
mysql_query("INSERT INTO pagetext (textname,textdescription,text,year,lang) VALUES (
'".mysql_escape_string($r->textname)."',
'".mysql_escape_string($r->textdescription)."',
'".mysql_escape_string($r->text)."',
'".$config['FAIRYEAR']."',
'".$lang."')");
$q->execute();
'".mysql_escape_string($lang)."')");
}
}

View File

@ -142,10 +142,9 @@
echo "<a href=\"safetyquestions.php?action=new\">".i18n("Add new safety question")."</a>";
echo "<table class=\"summarytable\">";
$q = $pdo->prepare("SELECT * FROM safetyquestions WHERE year='".$config['FAIRYEAR']."' ORDER BY ord");
$q->execute();
$q=mysql_query("SELECT * FROM safetyquestions WHERE year='".$config['FAIRYEAR']."' ORDER BY ord");
echo "<tr><th>".i18n("Ord")."</th><th>".i18n("Question")."</th><th>".i18n("Type")."</th><th>".i18n("Required")."</th><th>".i18n("Actions")."</th></tr>";
while($r=$q->fetch(PDO::FETCH_OBJ))
while($r=mysql_fetch_object($q))
{
echo "<tr>";
echo "<td>$r->ord</td>";

View File

@ -49,9 +49,9 @@
}
echo "<a href=\"../register_participants_signature.php?sample=true\">Preview your signature form as a PDF (as a student would see it)</a><br />";
$q = $pdo->prepare("SELECT * FROM signaturepage WHERE name='exhibitordeclaration'");
$q->execute();
$r=$q->fetch(PDO::FETCH_OBJ);
$q=mysql_query("SELECT * FROM signaturepage WHERE name='exhibitordeclaration'");
$r=mysql_fetch_object($q);
echo "<form method=\"post\" action=\"signaturepage.php\">";
echo "<input type=\"hidden\" name=\"action\" value=\"save\">\n";
if($r->use) $ch="checked=\"checked\""; else $ch="";
@ -61,9 +61,8 @@ echo "<textarea name=\"exhibitordeclaration\" rows=\"8\" cols=\"80\">".$r->text.
echo "<br />";
echo "<br />";
$q = $pdo->prepare("SELECT * FROM signaturepage WHERE name='parentdeclaration'");
$q->execute();
$r=$q->fetch(PDO::FETCH_OBJ);
$q=mysql_query("SELECT * FROM signaturepage WHERE name='parentdeclaration'");
$r=mysql_fetch_object($q);
if($r->use) $ch="checked=\"checked\""; else $ch="";
echo "<input $ch type=\"checkbox\" name=\"useparentdeclaration\" value=\"1\">".i18n("Use the parent/guardian declaration and obtain parent/guardian signatures");
echo "<br />";
@ -71,10 +70,8 @@ echo "<textarea name=\"parentdeclaration\" rows=\"8\" cols=\"80\">".$r->text."</
echo "<br />";
echo "<br />";
$q = $pdo->prepare("SELECT * FROM signaturepage WHERE name='teacherdeclaration'");
$q->execute();
$r=$q->fetch(PDO::FETCH_OBJ);
$q=mysql_query("SELECT * FROM signaturepage WHERE name='teacherdeclaration'");
$r=mysql_fetch_object($q);
if($r->use) $ch="checked=\"checked\""; else $ch="";
echo "<input $ch type=\"checkbox\" name=\"useteacherdeclaration\" value=\"1\">".i18n("Use the teacher declaration and obtain teacher's signature");
echo "<br />";
@ -82,20 +79,15 @@ echo "<textarea name=\"teacherdeclaration\" rows=\"8\" cols=\"80\">".$r->text."<
echo "<br />";
echo "<br />";
$q = $pdo->prepare("SELECT * FROM signaturepage WHERE name='regfee'");
$q->execute();
$r=$q->fetch(PDO::FETCH_OBJ);
$q=mysql_query("SELECT * FROM signaturepage WHERE name='regfee'");
$r=mysql_fetch_object($q);
if($r->use) $ch="checked=\"checked\""; else $ch="";
echo "<input $ch type=\"checkbox\" name=\"useregfee\" value=\"1\">".i18n("Include registration fee information on the $non_capital_participationform");
echo "<br />";
echo "<br />";
$q = $pdo->prepare("SELECT * FROM signaturepage WHERE name='postamble'");
$q->execute();
$r=$q->fetch(PDO::FETCH_OBJ);
$q=mysql_query("SELECT * FROM signaturepage WHERE name='postamble'");
$r=mysql_fetch_object($q);
if($r->use) $ch="checked=\"checked\""; else $ch="";
echo "<input $ch type=\"checkbox\" name=\"usepostamble\" value=\"1\">".i18n("Place Additional Information after all the required signatures");
echo "<br />";

View File

@ -148,7 +148,8 @@
echo "</tr>";
}
else
{ $q = $pdo->prepare("SELECT projectsubdivisions.id,
{
$q=mysql_query("SELECT projectsubdivisions.id,
projectsubdivisions.projectdivisions_id,
projectsubdivisions.subdivision,
projectdivisions.division
@ -161,9 +162,8 @@
AND projectsubdivisions.projectdivisions_id=projectdivisions.id
ORDER BY
division,subdivision");
$q->execute();
echo $pdo->errorInfo();
while($r=$q->fetch(PDO::FETCH_OBJ))
echo mysql_error();
while($r=mysql_fetch_object($q))
{
echo "<tr>";
echo " <td>$r->division</td>";

View File

@ -27,18 +27,16 @@
require_once("../config_editor.inc.php");
user_auth_required('committee', 'config');
$q = $pdo->prepare("SELECT * FROM config WHERE year='-1'");
$q->execute();
while($r=$q->fetch(PDO::FETCH_OBJ)) {
$q = $pdo->prepare("INSERT INTO config (var,val,category,type,type_values,ord,description,year) VALUES (
'".$r->var."',
'".$r->val."',
'".$r->category."',
'".$r->type."',
'".$r->type_values."',
'".$r->ord."',
'".$r->description."',
$q=mysql_query("SELECT * FROM config WHERE year='-1'");
while($r=mysql_fetch_object($q)) {
mysql_query("INSERT INTO config (var,val,category,type,type_values,ord,description,year) VALUES (
'".mysql_escape_string($r->var)."',
'".mysql_escape_string($r->val)."',
'".mysql_escape_string($r->category)."',
'".mysql_escape_string($r->type)."',
'".mysql_escape_string($r->type_values)."',
'".mysql_escape_string($r->ord)."',
'".mysql_escape_string($r->description)."',
'".$config['FAIRYEAR']."')");
}
@ -69,14 +67,14 @@
,"configuration_variables"
);
$q = $pdo->prepare("SELECT DISTINCT(category) AS cat FROM config ORDER BY cat");
$q->execute();
$q=mysql_query("SELECT DISTINCT(category) AS cat FROM config ORDER BY cat");
echo "\n<table valign=\"top\" cellspacing=0 cellpadding=5 border=0>";
echo "<tr><td width=\"120\" style=\"border-right: 1px solid black;\">";
echo "<table cellspacing=0 cellpadding=3 border=0>";
$trclass = 'odd';
while($r=$q->fetch(PDO::FETCH_ASSOC)) {
while($r=mysql_fetch_object($q)) {
$trclass = ($trclass == 'odd') ? 'even' : 'odd';
echo "<tr class=\"$trclass\">";
echo "<td align=\"right\">";

View File

@ -24,13 +24,13 @@
<?
function config_editor_load($category, $year)
{ global $pdo;
{
$query = "SELECT * FROM config WHERE year='$year' AND category='$category' ORDER BY ord";
$q = $pdo->prepare($query);
print($pdo->errorInfo());
$q = mysql_query($query);
print(mysql_error());
$var = array();
while($r=$q->fetch()) {
while($r=mysql_fetch_object($q)) {
$var[$r->var]['val'] = $r->val;
$var[$r->var]['desc'] = $r->description;
$var[$r->var]['category'] = $r->category;
@ -84,8 +84,8 @@ function config_update_variables($fairyear=NULL, $lastfairyear=NULL)
LEFT JOIN `config` AS C2 ON(config.var=C2.var
AND C2.year='$fairyear')
WHERE config.year=-1 AND C2.year IS NULL";
$r = ($q);
while($i = $r->fetch(PDO::FETCH_ASSOC)) {
$r = mysql_query($q);
while($i = mysql_fetch_assoc($r)) {
$var = $i['var'];
/* See if this var exists for last year or
* the -1 year, prefer last year's value */
@ -94,22 +94,22 @@ function config_update_variables($fairyear=NULL, $lastfairyear=NULL)
AND (config.year='$lastfairyear'
OR config.year='-1')
ORDER BY config.year DESC";
$r2 = ($q);
$r2 = mysql_query($q);
if(mysql_num_rows($r2) < 1) {
/* Uhoh, this shouldn't happen */
echo "ERROR, Variable '$var' doesn't exist";
exit;
}
$v = $r2->fetch();
$v = mysql_fetch_object($r2);
("INSERT INTO config (var,val,category,type,type_values,ord,description,year) VALUES (
'".pdo->quote($v->var)."',
'".pdo->quote($v->val)."',
'".pdo->quote($v->category)."',
'".pdo->quote($v->type)."',
'".pdo->quote($v->type_values)."',
'".pdo->quote($v->ord)."',
'".pdo->quote($v->description)."',
mysql_query("INSERT INTO config (var,val,category,type,type_values,ord,description,year) VALUES (
'".mysql_escape_string($v->var)."',
'".mysql_escape_string($v->val)."',
'".mysql_escape_string($v->category)."',
'".mysql_escape_string($v->type)."',
'".mysql_escape_string($v->type_values)."',
'".mysql_escape_string($v->ord)."',
'".mysql_escape_string($v->description)."',
'$fairyear')");
}
}
@ -151,9 +151,12 @@ function config_editor_handle_actions($category, $year, $array_name)
}
/* Prep for MySQL update */
$stmt = $pdo->prepare("UPDATE config SET val = ? WHERE var = ? AND year = ?");
$stmt->execute([$val, $k, $year]);
print pdo->errorInfo();
$val = mysql_escape_string($val);
$v = mysql_escape_string(stripslashes($k));
mysql_query("UPDATE config SET val=\"$val\"
WHERE var=\"$v\"
AND `year`='$year'");
print mysql_error();
// echo "Saving {$v} = $val<br>";
$config_editor_updated = true;
$updated = true;

View File

@ -28,20 +28,16 @@
send_header("Confirmed Participants");
//first, lets make sure someone isnt tryint to see something that they arent allowed to!
$q=$pdo->prepare("SELECT (NOW()>'".$config['dates']['postparticipants']."') AS test");
$q->execute();
$r=$q->fetch();
$q=mysql_query("SELECT (NOW()>'".$config['dates']['postparticipants']."') AS test");
$r=mysql_fetch_object($q);
if($r->test!=1)
{
list($d,$t)=explode(" ",$config['dates']['postparticipants']);
echo i18n("Confirmed participants (that $signatureformpermissionform have been received for) will be posted here on %1 at %2. Please do not contact the fair to inquire about receipt of your $signatureformpermissionform until after this date (and only if you are not listed here after this date).",array($d,$t));
}
else https://marketplace.visualstudio.com/items?itemName=oscarotero.vento-syntax
else
{
$q=$pdo->prepare("SELECT registrations.id AS reg_id,
$q=mysql_query("SELECT registrations.id AS reg_id,
registrations.status,
registrations.email,
projects.title,
@ -67,8 +63,7 @@
projectdivisions.id,
projects.projectnumber
");
$q->execute();
echo $pdo->errorInfo();
echo mysql_error();
$lastcat="something_that_does_not_exist";
$lastdiv="something_that_does_not_exist";
@ -81,7 +76,7 @@
echo "<br />";
}
echo "<table style=\"font-size: 0.9em;\">";
while($r=$q->fetch())
while($r=mysql_fetch_object($q))
{
if($r->category != $lastcat)
{
@ -122,7 +117,7 @@
echo "<td>$r->projectnumber</td>";
echo "<td>$r->title</td>";
$sq=("SELECT students.firstname,
$sq=mysql_query("SELECT students.firstname,
students.lastname,
students.id,
students.webfirst,
@ -135,14 +130,14 @@
AND
students.schools_id=schools.id
");
echo pdo->errorInfo();
echo mysql_error();
$studnum=1;
$schools="";
$students="";
$sameschools=true;
$lastschool="";
while($studentinfo=$sq->fetch())
while($studentinfo=mysql_fetch_object($sq))
{
if($studentinfo->webfirst=="yes")
$students.="$studentinfo->firstname ";

View File

@ -34,10 +34,8 @@
if($_POST['to'] && $_POST['subject'] && $_POST['message'] && $_POST['from'] && $_POST['fromemail']) {
if(isEmailAddress($_POST['fromemail'])) {
list($id,$md5email)=explode(":",$_POST['to']);
$q=pdo->prepare("SELECT * FROM users WHERE uid=.?. ORDER BY year DESC LIMIT 1");
$q->bindParam(1, $id);
$q->execute();
$q=mysql_query("SELECT * FROM users WHERE uid='".mysql_real_escape_string($id)."' ORDER BY year DESC LIMIT 1");
$r=mysql_fetch_object($q);
//if a valid selection is made from the list, then this will always match.
if($md5email == md5($r->email)) {
$from=cleanify($_POST['from'])." <".cleanify($_POST['fromemail']).">";
@ -82,12 +80,12 @@ function tochange() {
echo "<tr><td>".i18n("To").":</td>";
echo "<td><select name=\"to\" onchange=\"tochange()\">";
echo "<option value=\"\">".i18n("Choose a person to contact")."</option>\n";
$q=pdo->query("SELECT * FROM committees ORDER BY ord,name");
while($r->fetch()) {
$q=mysql_query("SELECT * FROM committees ORDER BY ord,name");
while($r=mysql_fetch_object($q)) {
/* Select everyone in this committee, attach the user data using MAX(year) so we only get the most recent
* user data */
$q2=pdo->query("SELECT committees_link.*,
$q2=mysql_query("SELECT committees_link.*,
users.uid,
MAX(users.year) AS my,
users.firstname,
@ -101,18 +99,15 @@ function tochange() {
ORDER BY ord,users.lastname ");
//if there's nobody in this committee, then just skip it and go on to the next one.
// FIX ME !!!!!
if(mysql_num_rows($q2)==0)
continue;
echo "<option value=\"\">{$r->name}</option>\n";
echo pdo->errorInfo();
while($r2=$q2->fetch()) {
$q3=pdo->query("SELECT firstname,lastname,email,deleted FROM users WHERE uid='$r2->uid' AND year='$r2->my'");
$r3 = $q3->fetch();
echo mysql_error();
while($r2=mysql_fetch_object($q2)) {
$q3=mysql_query("SELECT firstname,lastname,email,deleted FROM users WHERE uid='$r2->uid' AND year='$r2->my'");
$r3=mysql_fetch_object($q3);
if($r3->deleted != 'no') continue;
if($r3->email) {

View File

@ -1,2 +0,0 @@
Order Deny,Allow
Deny From All

View File

@ -1,29 +0,0 @@
<?
/*
This file is part of the 'Science Fair In A Box' project
SFIAB Website: http://www.sfiab.ca
Copyright (C) 2005 Sci-Tech Ontario Inc <info@scitechontario.org>
Copyright (C) 2005 James Grant <james@lightbox.org>
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public
License as published by the Free Software Foundation, version 2.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; see the file COPYING. If not, write to
the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
Boston, MA 02111-1307, USA.
*/
?>
<?
$DBHOST= "db";
$DBNAME= "sfiab";
$DBUSER= "sfiab";
$DBPASS= "ScienceFair123!";
?>

View File

@ -41,7 +41,7 @@ function fair_additional_materials($fair, $award, $year)
LEFT JOIN winners ON winners.awards_prizes_id=award_prizes.id
WHERE winners.year='$year'
AND winners.fairs_id='{$fair['id']}'");
while($r = $q->fetch()) {
while($r = mysql_fetch_assoc($q)) {
$pid = $r['projects_id'];
$rep->newPage("","",1);
$rep->setFontSize(12);

View File

@ -49,37 +49,33 @@ switch($_GET['action']) {
case 'save':
$fairs_id = intval($u['fairs_id']);
if($fairs_id == 0) {
$stmt = $pdo->prepare("INSERT INTO fairs ('id', 'name') VALUES('', 'new entry')");
$stmt->execute([$id, $name]);
$id = $pdo->lastInsertId();
$q = mysql_query("INSERT INTO fairs(`id`,`name`) VALUES('','new entry')");
$id = mysql_insert_id();
} else {
$id = intval($fairs_id);
}
$name = pdo->quote(stripslashes($_POST['name']));
$abbrv = pdo->quote(striplashes($_POST['abbrv']));
$url = pdo->quote($_POST['url']);
$website = pdo->quote($_POST['website']);
$name = mysql_real_escape_string(stripslashes($_POST['name']));
$abbrv = mysql_real_escape_string(stripslashes($_POST['abbrv']));
$url = mysql_real_escape_string($_POST['url']);
$website = mysql_real_escape_string($_POST['website']);
$type = array_key_exists($_POST['type'], $fair_type) ? $_POST['type'] : '';
$username = pdo->prepare(striplashes($_POST['username']));
$password = pdo->prepare(striplashes($_POST['password']));
$username = mysql_real_escape_string(stripslashes($_POST['username']));
$password = mysql_real_escape_string(stripslashes($_POST['password']));
$enable_stats = ($_POST['enable_stats'] == 'yes') ? 'yes' : 'no';
$enable_awards = ($_POST['enable_awards'] == 'yes') ? 'yes' : 'no';
$enable_winners = ($_POST['enable_winners'] == 'yes') ? 'yes' : 'no';
$q = $pdo->prepare("UPDATE contacts SET name = $name, abbrv = '$abbrv', url = '$url', website='$website',
type='$type' , username='$username',
password='$password',
enable_stats='$enable_stats',
enable_awards='$enable_awards',
enable_winners='$enable_winners' WHERE id = $id");
$q->execute([$name, $age, $email, $id]);
echo pdo->errorInfo();
$q = mysql_query("UPDATE fairs SET `name`='$name',
`abbrv`='$abbrv', `url`='$url',
`website`='$website',
`type`='$type' , `username`='$username',
`password`='$password',
`enable_stats`='$enable_stats',
`enable_awards`='$enable_awards',
`enable_winners`='$enable_winners'
WHERE id=$id");
echo mysql_error();
$u['fairs_id'] = $id;
user_save($u);
happy_("Fair Informaiton successfully updated");
@ -132,12 +128,9 @@ function fairinfo_save()
<?
/* Load the fair info */
$q = $pdo->query;
$q = $pdo->query("SELECT * FROM fairs WHERE id={$u['fairs_id']}");
######## FIX ME!!!!!
$q = mysql_query("SELECT * FROM fairs WHERE id={$u['fairs_id']}");
if(mysql_num_rows($q)) {
$f = $q->fetch;
$f = mysql_fetch_assoc($q);
} else {
$f = array();
}

View File

@ -55,14 +55,10 @@ case 'save':
// $str = join(',',$stats);
$keys = '`fairs_id`,`year`,`'.join('`,`', array_keys($stats)).'`';
$vals = "'{$u['fairs_id']}','$year','".join("','", array_values($stats))."'";
$stmt = $pdo->prepare("DELETE FROM fairs_stats WHERE fairs_id = :fairs_id AND year = :year");
$stmt->execute([
':fairs_id' => $u['fairs_id'],
':year' => $year
]);
echo pdo->errorInfo();
mysql_query("DELETE FROM fairs_stats WHERE fairs_id='{$u['fairs_id']}' AND year='$year'");
echo mysql_error();
mysql_query("INSERT INTO fairs_stats (`id`,$keys) VALUES ('',$vals)");
echo pdo->errorInfo();
echo mysql_error();
happy_("Fair Information Saved.");
exit;
@ -112,13 +108,9 @@ $year = intval($_POST['year']);
if($year < 1900) $year = $config['FAIRYEAR'];
/* Get the stats we want from this fair */
$q = $pdo->prepare("SELECT * FROM fairs WHERE id = :fairs_id");
$q->execute([
':fairs_id' => $u['fairs_id']
]);
echo pdo->errorInfo();
$fair = $q->fetch(PDO::FETCH_ASSOC);
$q = mysql_query("SELECT * FROM fairs WHERE id='{$u['fairs_id']}'");
echo mysql_error();
$fair = mysql_fetch_assoc($q);
$s = explode(',', $fair['gather_stats']);
foreach($s as $k) {
@ -145,14 +137,9 @@ echo "</form>";
echo "<br />";
/* Load stats */
$q = $pdo->prepare("SELECT * FROM fairs_stats WHERE fairs_id = :fairs_id AND year = :year");
$q->execute([
':fairs_id' => $u['fairs_id'],
':year' => $year
]);
$stats = $q->fetch(PDO::FETCH_ASSOC);
$q = mysql_query("SELECT * FROM fairs_stats WHERE fairs_id='{$u['fairs_id']}'
AND year='$year'");
$stats = mysql_fetch_assoc($q);
/* Print stats */

View File

@ -26,12 +26,9 @@
send_header("Important Dates",null,"important_dates");
echo "<table>";
$q = $pdo->prepare("SELECT *, UNIX_TIMESTAMP(date) AS udate FROM dates WHERE year = :year ORDER BY date");
$q->execute([
':year' => $config['FAIRYEAR']
]);
while($r = $q->fetch(PDO::FETCH_OBJ))
$q=mysql_query("SELECT *,UNIX_TIMESTAMP(date) AS udate FROM dates WHERE year='{$config['FAIRYEAR']}' ORDER BY date");
while($r=mysql_fetch_object($q))
{
$trclass = ($trclass == 'odd') ? 'even' : 'odd';
if($r->date != '0000-00-00 00:00:00') {

View File

@ -71,14 +71,12 @@ echo "Warning: pdflib is not installed on this server! Most pdf reports will fai
$showform=true;
if($_POST['dbhost'] && $_POST['dbname'] && $_POST['dbuser'] && $_POST['dbpass'])
{
try {
$pdo = new PDO('mysql:host=' . $_POST['dbhost'] . ';dbname=' . $_POST['dbname'], $_POST['dbuser'], $_POST['dbpass']);
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$showform=false;
if(@mysql_connect($_POST['dbhost'],$_POST['dbuser'],$_POST['dbpass']))
{
if(mysql_select_db($_POST['dbname']))
{
$showform=false;
echo "<div class=\"happy\">Database connection successful!</div>";
echo "<br />";
echo "Storing database connection information... ";
@ -101,31 +99,20 @@ if($_POST['dbhost'] && $_POST['dbname'] && $_POST['dbuser'] && $_POST['dbpass'])
echo "<div class=\"error\">Cannot write to data/config.inc.php. Make sure the web server has write access to the data/ subdirectory</div>";
}
} catch (PDOException $e) {
// Handle error
echo 'Connection failed: ' . $e->getMessage();
}
else
{
echo "<div class=\"error\">Connected, but cannot select database. Make sure Database Name is correct, and that the user '".$_POST['dbuser']."' has access to it</div>";
}
}
echo "<a href=\"install2.php\">Proceed to installation step 2</a><br />";
}
else
{
echo "<div class=\"error\">Cannot write to data/config.inc.php. Make sure the web server has write access to the data/ subdirectory</div>";
}
}
else
{
echo "<div class=\"error\">Connected, but cannot select database. Make sure Database Name is correct, and that the user '".$_POST['dbuser']."' has access to it</div>";
}
}
else
{
echo "<div class=\"error\">Cannot connect to database. Make sure Host, User and Pass are correct</div>";
}
echo "<br />";
else
{
echo "<div class=\"error\">Cannot connect to database. Make sure Host, User and Pass are correct</div>";
}
echo "<br />";
}

View File

@ -50,7 +50,8 @@ if(!file_exists("data/config.inc.php"))
require_once("data/config.inc.php");
$DBUSER=substr($DBUSER,0,16);
pdo = new PDO($DBHOST,$DBUSER,$DBPASS);
mysql_connect($DBHOST,$DBUSER,$DBPASS);
mysql_select_db($DBNAME);
echo "Getting database version requirements for code... ";
@ -68,10 +69,8 @@ pdo = new PDO($DBHOST,$DBUSER,$DBPASS);
echo "Checking for existing SFIAB database... ";
$q = $pdo->prepare("SELECT val FROM config WHERE var = 'DBVERSION' AND year = '0'");
$q->execute();
$r = $q->fetch(PDO::FETCH_OBJ);
$q=@mysql_query("SELECT val FROM config WHERE var='DBVERSION' AND year='0'");
$r=@mysql_fetch_object($q);
$dbdbversion=$r->val;
if($dbdbversion)
@ -125,8 +124,8 @@ $r = $q->fetch(PDO::FETCH_OBJ);
if (substr(trim($line), -1, 1) == ';')
{
// Perform the query
if(!pdo->exec($templine)){
echo('<br/>Error performing query!<br/>'.$templine.'<br/> mysqlerror: '.pdo->errorInfo().'<br /><br />');
if(!mysql_query($templine)){
echo('<br/>Error performing query!<br/>'.$templine.'<br/> mysqlerror: '.mysql_error().'<br /><br />');
$exit_code = -1; // do we bail out here or keep going? keep going for now, get all errors
}
// Reset temp variable to empty
@ -143,11 +142,7 @@ $r = $q->fetch(PDO::FETCH_OBJ);
echo "<b>Done! installed database version $dbcodeversion</b><br />\n";
//now update the db version in the database
$stmt = $pdo->prepare("UPDATE config SET val = :dbcodeversion WHERE var = 'DBVERSION' AND year = '0'");
$stmt->execute([
':dbcodeversion' => $dbcodeversion
]);
mysql_query("UPDATE config SET val='$dbcodeversion' WHERE var='DBVERSION' AND year='0'");
echo "<br />";
echo "<b>Done!</b><br />";
@ -166,8 +161,7 @@ $stmt->execute([
echo "Trying to find an older version... <br />";
for($x=$dbcodeversion;$x>0;$x--)
{ALTER TABLE `reports_items` ADD `on_overflow` ENUM( 'truncate', '...', 'scale' ) NOT NULL;
{
if(file_exists("db/db.full.$x.sql"))
{
echo "<b>db/db.full.$x.sql found</b><br />";
@ -198,8 +192,8 @@ $stmt->execute([
if (substr(trim($line), -1, 1) == ';')
{
// Perform the query
if(!pdo->exec($templine)){
echo('<br/>Error performing query!<br/>'.$templine.'<br/> mysqlerror: '.pdo->errorInfo().'<br /><br />');
if(!mysql_query($templine)){
echo('<br/>Error performing query!<br/>'.$templine.'<br/> mysqlerror: '.mysql_error().'<br /><br />');
$exit_code = -1; // do we bail out here or keep going? keep going for now, get all errors
}
// Reset temp variable to empty
@ -216,9 +210,7 @@ $stmt->execute([
echo "<b>Done! installed database version $x</b><br />\n";
//now update the db version in the database
$stmt = $pdo->prepare("UPDATE config SET val = :x WHERE var = 'DBVERSION' AND year = '0'");$stmt->execute([
':x' => $x
]);
mysql_query("UPDATE config SET val='$x' WHERE var='DBVERSION' AND year='0'");
echo "<b>Attempting to update database using standard update script to update from $x to $dbcodeversion<br />";
echo "<br />Please scroll to the bottom of this page for the link to the next step of the installation process.<br /></b>";

View File

@ -43,21 +43,13 @@ require_once("config_editor.inc.php");
require_once("user.inc.php");
require_once("committee.inc.php");
$DBUSER=substr($DBUSER,0,16);
pdo = new PDO($DBHOST,$DBUSER,$DBPASS)
mysql_connect($DBHOST,$DBUSER,$DBPASS);
mysql_select_db($DBNAME);
echo "Checking for SFIAB database... ";
$stmt = $pdo->prepare("SELECT val FROM config WHERE var = :var AND year = :year");
$stmt->execute([':var' => 'DBVERSION', ':year' => 0]);
$r = $stmt->fetch(PDO::FETCH_OBJ);
$q=@mysql_query("SELECT val FROM config WHERE var='DBVERSION' AND year='0'");
$r=@mysql_fetch_object($q);
$dbdbversion=$r->val;
if(!$dbdbversion)
@ -69,9 +61,9 @@ pdo = new PDO($DBHOST,$DBUSER,$DBPASS)
}
//a fresh install should ONLY have DBVERSION defined in the config table. If there are others (FAIRYEAR, SFIABDIRECTORY) then this is NOT fresh
$q=pdo->query("SELECT * FROM config WHERE year='0' AND ( var='DBVERSION' OR var='FAIRYEAR' OR var='SFIABDIRECTORY') ");
$q=mysql_query("SELECT * FROM config WHERE year='0' AND ( var='DBVERSION' OR var='FAIRYEAR' OR var='SFIABDIRECTORY') ");
//we might get an error if the config table does not exist (ie, installer step 2 failed)
if(pdo->errorInfo)
if(mysql_error())
{
//we say all tables, but really only we check for config where year=0;
echo "<div class=\"error\">ERROR: No SFIAB tables detected, It seems like step 2 failed. Please go <a href=\"install2.php\">Back to Installation Step 2</a> and try again.</div>";
@ -118,37 +110,9 @@ if($_POST['action']=="save")
if(!$err)
{
echo "Creating configuration settings...";
$stmt = $pdo->prepare("INSERT INTO config (var, val, category, ord, year) VALUES (:var, :val, :category, :ord, :year)");
$stmt->execute([
':var' => 'FAIRYEAR',
':val' => $_POST['fairyear'],
':category' => 'Special',
':ord' => '0',
':year' => '0'
]);
$stmt->execute([
':var' => 'FISCALYEAR',
':val' => $_POST['fiscalyear'],
':category' => 'Special',
':ord' => '0',
':year' => '0'
]);
$stmt->execute([
':var' => 'SFIABDIRECTORY',
':val' => $_POST['sfiabdirectory'],
':category' => 'Special',
':ord' => '',
':year' => '0'
]);
mysql_query("INSERT INTO config (var,val,category,ord,year) VALUES ('FAIRYEAR','".$_POST['fairyear']."','Special','0','0')");
mysql_query("INSERT INTO config (var,val,category,ord,year) VALUES ('FISCALYEAR','".$_POST['fiscalyear']."','Special','0','0')");
mysql_query("INSERT INTO config (var,val,category,ord,year) VALUES ('SFIABDIRECTORY','".$_POST['sfiabdirectory']."','Special','','0')");
$year = intval($_POST['fairyear']);
@ -156,52 +120,25 @@ $stmt->execute([
config_update_variables($year);
// Update some variables
mysql_query("UPDATE config SET
val='".mysql_escape_string(stripslashes($_POST['fairname']))."'
WHERE var='fairname' AND year='$year'");
$stmt = pdo->prepare("UPDATE config SET val = :fairname WHERE var = 'fairname' AND year = :year")
$stmt.execute(':fairname' => stripslashes($_POST['fairname']),
':year' => $year)
$stmt = pdo->prepare("UPDATE config SET val = :email WHERE var = 'fairmanageremail' AND year = :year")
$stmt->execute([':email' => $_POST['email'],':year' => $year
]);
mysql_query("UPDATE config SET
val='".mysql_escape_string(stripslashes($_POST['email']))."'
WHERE var='fairmanageremail' AND year='$year'");
$stmt = $pdo->prepare("SELECT * FROM dates WHERE year = :year");
$stmt->execute([':year' => '-1']);
$results = $stmt->fetchAll(PDO::FETCH_OBJ);
$stmt = pdo->prepare("INSERT INTO dates (date, name, description, year) VALUES (:date, :name, :description, :fairyear)")
foreach($results as $r){
$stmt->execute([
':date' => $r->date,
':name' => $r->name,
':description' => $r->description,
':fairyear' => $_POST['fairyear']
]);
$q=mysql_query("SELECT * FROM dates WHERE year='-1'");
while($r=mysql_fetch_object($q))
{
mysql_query("INSERT INTO dates (date,name,description,year) VALUES ('$r->date','$r->name','$r->description','".$_POST['fairyear']."')");
}
$stmt = pdo->prepare('SELECT * FROM award_types WHERE year=:year')
$stmt->execute(['year' => -1])
$results = $stmt->fetchAll(PDO::FETCH_OBJ);
$insertStmt = $pdo->prepare("INSERT INTO award_types (id, type, `order`, year) VALUES (:id, :type, :order, :year)");
//copy over the award_types defautls
foreach($results as $r){
$insertStmt->execute([
'id' => $r->id,
'type' => $r->type,
'order' => $r->order,
'year' => $fairYear
]);
$q=mysql_query("SELECT * FROM award_types WHERE year='-1'");
while($r=mysql_fetch_object($q))
{
mysql_query("INSERT INTO award_types (id,type,`order`,year) VALUES ('$r->id','$r->type','$r->order','".$_POST['fairyear']."')");
}
echo "<b>Done!</b><br />";
@ -222,7 +159,7 @@ $stmt->execute([
$u['password'] = mysql_escape_string(stripslashes($_POST['pass1']));
$u['access_admin'] = 'yes';
$u['access_config'] = 'yes';
$u['access_super'] = 'yes';
$u['access_super'] = 'yes';
user_save($u);
echo "<b>Done!</b><br />";
@ -235,10 +172,7 @@ $stmt->execute([
}
echo "<br />";
echo "Please enter the following options <br />";
}
echo "<br />";
$month=date("m");
@ -266,8 +200,7 @@ echo "<h3>Superuser Account</h3>";
echo "Please choose your superuser account which is required to login to SFIAB and configure the system, as well as to add other users. <br />";
echo "<table>";
echo "<tr><td>Superuser Email Address</td><td><input size=\"40\" type=\"text\" name=\"email\"></td></tr>";
echo "<tr><td>Superuser Password</td><td><input size=\"15\" type=\"password\" name=
}\"pass1\"></td></tr>";
echo "<tr><td>Superuser Password</td><td><input size=\"15\" type=\"password\" name=\"pass1\"></td></tr>";
echo "<tr><td>Superuser Password (Confirm)</td><td><input size=\"15\" type=\"password\" name=\"pass2\"></td></tr>";
echo "</table>";
echo "<br />";

View File

@ -220,8 +220,6 @@ class lpdf
// echo "breaking because nr==prevnr ($nr==$prevnr) trying to output [$textstr] (debug: fontsize=$fontsize, lineheight=$lineheight, stringwidth=$stringwidth, left=".$this->loc(0.75).", top=".$this->loc($this->yloc).", width=".$this->loc(7).", height=$lineheight)\n";
break;
}
$q=mysql_query("SELECT * FROM translations WHERE lang='".$_SESSION['lang']."' AND strmd5='".md5($str)."'");
if($r=@mysql_fetch_object($q))
$prevnr=$nr;
// printf("x=%f y=%f w=%f h=%f",$this->loc(0.75),$this->loc($this->yloc),$this->loc(7),$lineheight);

View File

@ -40,17 +40,15 @@ function questions_load_answers($section, $users_id)
}
function questions_load_questions($section, $year)
{ global $pdo;
$q = $pdo->prepare('SELECT * FROM questions '.
{
$q = mysql_query('SELECT * FROM questions '.
"WHERE year='$year' ".
" AND section='$section' ".
'ORDER BY ord ASC');
$q->execute();
print($pdo->errorInfo());
print(mysql_error());
$qs = array();
while($r=$q->fetch(PDO::FETCH_OBJ)) {
while($r=mysql_fetch_object($q)) {
$qs[$r->id]['id'] = $r->id;
$qs[$r->id]['ord'] = $r->ord;
$qs[$r->id]['section'] = $r->section;

View File

@ -24,11 +24,10 @@
<?
require("common.inc.php");
$q = $pdo->query("SELECT (NOW()>'".$config['dates']['regopen']."' AND NOW()<'".$config['dates']['regclose']."') AS datecheck,
$q=mysql_query("SELECT (NOW()>'".$config['dates']['regopen']."' AND NOW()<'".$config['dates']['regclose']."') AS datecheck,
NOW()<'".$config['dates']['regopen']."' AS datecheckbefore,
NOW()>'".$config['dates']['regclose']."' AS datecheckafter");
$datecheck = $q->fetch(PDO::FETCH_OBJ);
$datecheck=mysql_fetch_object($q);
if($_POST['action']=="new") {
$q=mysql_query("SELECT email,num,id,schools_id FROM registrations WHERE email='".$_SESSION['email']."' AND num='".$_POST['regnum']."' AND year=".$config['FAIRYEAR']);
@ -129,7 +128,7 @@
if($_POST['action']=="login" && ( $_POST['email'] || $_SESSION['email']) ) {
if($_POST['email'])
$_SESSION['email']=stripslashes($pdo->quote($_POST['email']));
$_SESSION['email']=stripslashes(mysql_escape_string($_POST['email']));
echo "<form method=\"post\" action=\"register_participants.php\">";
@ -138,42 +137,32 @@
//first, check if they have any registrations waiting to be opened
$q = $pdo->prepare("SELECT * FROM `registrations` WHERE `email` = :email AND `status` = 'new' AND `year` = :year");
$q->bindParam(':email', $_SESSION['email'], PDO::PARAM_STR);
$q->bindParam(':year', $config['FAIRYEAR'], PDO::PARAM_INT);
$q->execute();
if($q->rowCount()>0) {
$q=mysql_query("SELECT * FROM registrations WHERE email='".$_SESSION['email']."' AND status='new' AND year='".$config['FAIRYEAR']."'");
if(mysql_num_rows($q)>0) {
echo i18n("Please enter your <b>registration number</b> that you received in your email, in order to begin your new registration");
echo "<input type=\"hidden\" name=\"action\" value=\"new\">";
$allownew=false;
}
else {
//check if they have an already open registration
$q = $pdo->prepare("SELECT
$q=mysql_query("SELECT
students.email,
registrations.status,
registrations.id
FROM
students, registrations
students,
registrations
WHERE
students.email = :email
AND students.year = :year
AND registrations.year = :year
AND registrations.status IN ('open', 'paymentpending', 'complete')
AND students.registrations_id = registrations.id");
$q->bindParam(':email', $_SESSION['email'], PDO::PARAM_STR);
$q->bindParam(':year', $config['FAIRYEAR'], PDO::PARAM_INT);
$q->execute();
if($q->rowCount()>0) {
students.email='".$_SESSION['email']."'
AND students.year=".$config['FAIRYEAR']."
AND registrations.year=".$config['FAIRYEAR']."
AND
( registrations.status='open'
OR registrations.status='paymentpending'
OR registrations.status='complete'
)
AND students.registrations_id=registrations.id");
if(mysql_num_rows($q)>0) {
$r=mysql_fetch_object($q);
// print_r($r);
echo i18n("Please enter your <b>registration number</b> in order to login");

View File

@ -60,7 +60,7 @@ function user_generate_password($pwlen=8)
$key="";
for($x=0;$x<$pwlen;$x++)
$key.=$available[rand(0,$len)];
$key.=$available{rand(0,$len)};
return $key;
}
@ -174,7 +174,7 @@ function user_load_alumni(&$u)
}
function user_load($user, $uid = false)
{ global $pdo;
{
/* So, it turns out that doing one big load is faster than loading just
* from the users table then loading only the specific types the user
* has.. go figure. */
@ -197,17 +197,16 @@ function user_load($user, $uid = false)
$id = intval($user);
$query .= " `users`.`id`='$id'";
}
$q=$pdo->query($query);
$q=mysql_query($query);
if($q->rowCount()!=1) {
if(mysql_num_rows($q)!=1) {
// echo "Query [$query] returned ".mysql_num_rows($q)." rows\n";
// echo "<pre>";
// print_r(debug_backtrace());
return false;
}
$ret = $q->fetch(PDO::FETCH_ASSOC);
$ret = mysql_fetch_assoc($q);
/*
echo "ret looks like: ";
echo "<pre>";
@ -687,7 +686,7 @@ function user_dupe_row($db, $key, $val, $newval)
}
/* Used by the login scripts to copy one user from one year to another */
function user_dupe($u, $new_year)
{ global $pdo;
{
/* Dupe a user if:
* - They don't exist in the current year
* (users->year != the target year (passed in so we can use it in the rollover script) )
@ -696,11 +695,9 @@ function user_dupe($u, $new_year)
* - That previous entry has deleted=no */
/* Find the last entry */
$q = $pdo->prepare("SELECT id,uid,year,deleted FROM users WHERE uid='{$u['uid']}'
$q = mysql_query("SELECT id,uid,year,deleted FROM users WHERE uid='{$u['uid']}'
ORDER BY year DESC LIMIT 1");
$q->execute();
$r = $q->fetch(PDO::FETCH_OBJ);
$r = mysql_fetch_object($q);
if($r->deleted == 'yes') {
echo "Cannot duplicate user ID {$u['id']}, they are deleted. Undelete them first.\n";
exit;

View File

@ -27,7 +27,7 @@
require_once("user.inc.php");
function try_login($user, $pass)
{ global $pdo;
{
/* Ensure sanity of inputs, user should be an email address, but it's stored
* in the username field */
/* FIXME: this should be user_valid_email, but can't be yet, because
@ -43,27 +43,21 @@
//$x = user_valid_password($pass);
if(!strlen($pass))
return false;
$q = $pdo->prepare("SELECT id, username, password, year, deleted
$user = mysql_escape_string($user);
$q = mysql_query("SELECT id,username,password,year,deleted
FROM users
WHERE username = :username
AND deleted = 'no'
WHERE username='$user'
AND deleted='no'
ORDER BY year DESC LIMIT 1");
if(mysql_num_rows($q) < 1) return false;
$q->bindParam(':username', $user, PDO::PARAM_STR);
$q->execute();
if($q->rowCount() < 1) return false;
#$r = mysql_fetch_object($q);
$r = $q->fetch(PDO::FETCH_OBJ);
$r = mysql_fetch_object($q);
/* See if the user account has been deleted */
if($r->deleted == 'yes') return false;
/* See if the password matches */
/////// FIXME Use hash passwords
if($r->password != $pass) return false;
/* Login successful */
@ -135,7 +129,7 @@
$reg_open = 'closed';
break;
}
if($_POST['action'] == "login")
if($_POST['action']=="login" )
{
if($_POST['pass'] && $_POST['user'])
{
@ -145,7 +139,6 @@
header("location: user_login.php?type=$type$redirect_url");
exit;
}
$u = user_load($id);
@ -214,10 +207,8 @@
}
}
$q = $pdo->prepare("UPDATE users SET lastlogin=NOW()
mysql_query("UPDATE users SET lastlogin=NOW()
WHERE id={$u['id']}");
$q->execute();
/* Setup multirole so a multirole user can switch if they want to
* without logging in/out */
@ -256,6 +247,7 @@
header("location: {$type}_main.php");
exit;
}
message_push(error(i18n("Invalid Email/Password")));
header("location: user_login.php?type=$type");
exit;

View File

@ -226,7 +226,8 @@ if($_GET['year'] && $_GET['type']) {
}
}
else
{ $q = $pdo->query("SELECT
{
$q=mysql_query("SELECT
DISTINCT(winners.year) AS year,
dates.date
FROM
@ -238,9 +239,8 @@ else
AND dates.date<=NOW()
ORDER BY
year DESC");
$first=true;
if($q->rowCount())
if(mysql_num_rows($q))
{
while($r=mysql_fetch_object($q))
{