arman/science-ation
1
1
Fork 0
forked from science-ation/science-ation
Code Pull Requests Activity

Compare commits

base: arman:bab11c92286a1e71db182f4bfbf8fb05c137ce92
Branches Tags
arman:master
arman:errors_warnings
arman:sqlerrors
arman:chat
arman:sfiab-2.3
arman:sfiab-users-makeover
arman:sfiab-2.2
arman:sfiab-2.1
arman:sfiab-1.0
science-ation:sfiab-2.3
science-ation:master
science-ation:sfiab-users-makeover
science-ation:sfiab-2.2
science-ation:sfiab-2.1
science-ation:sfiab-1.0
arman:sfiab-2.2.0
arman:sfiab-2.1.6
arman:sfiab-1.0.0
arman:sfiab-0.9.8
arman:sfiab-0.9.6
arman:sfiab-0.9.4
science-ation:sfiab-0.9.4
science-ation:sfiab-0.9.6
science-ation:sfiab-0.9.8
science-ation:sfiab-1.0.0
science-ation:sfiab-2.1.6
science-ation:sfiab-2.2.0
...
compare: arman:f7c6c506a12d9701a0166c3b2e62acd6262970ae
Branches Tags
arman:errors_warnings
arman:sqlerrors
arman:chat
arman:sfiab-2.3
arman:master
arman:sfiab-users-makeover
arman:sfiab-2.2
arman:sfiab-2.1
arman:sfiab-1.0
science-ation:sfiab-2.3
science-ation:master
science-ation:sfiab-users-makeover
science-ation:sfiab-2.2
science-ation:sfiab-2.1
science-ation:sfiab-1.0
arman:sfiab-2.2.0
arman:sfiab-2.1.6
arman:sfiab-1.0.0
arman:sfiab-0.9.8
arman:sfiab-0.9.6
arman:sfiab-0.9.4
science-ation:sfiab-0.9.4
science-ation:sfiab-0.9.6
science-ation:sfiab-0.9.8
science-ation:sfiab-1.0.0
science-ation:sfiab-2.1.6
science-ation:sfiab-2.2.0

2 Commits
bab11c9228 ... f7c6c506a1

Author SHA1 Message Date
Armanveer Gill
f7c6c506a1 Mysql conversion 2024-12-10 19:40:23 -05:00
Armanveer Gill
bf8a23fc85 converted mysql to pdo 2024-12-09 01:06:15 -05:00
82 changed files with 1860 additions and 1353 deletions
Show Stats Expand all files Collapse all files

10
admin/judges_scheduler_status_output.php
View File

@ -2,12 +2,14 @@
include "../data/config.inc.php";
mysql_connect($DBHOST,substr($DBUSER,0,16),$DBPASS);
mysql_select_db($DBNAME);
$q=mysql_query("SELECT val FROM config WHERE year='0' AND var='judge_scheduler_percent'");
$r=mysql_fetch_object($q);
$q=$pdo->prepare("SELECT val FROM config WHERE year='0' AND var='judge_scheduler_percent'");
$q->execute();
$r=$q->fetch(PDO::FETCH_OBJ);
$percent=$r->val;
$q=mysql_query("SELECT val FROM config WHERE year='0' AND var='judge_scheduler_activity'");
$r=mysql_fetch_object($q);
$q=$pdo->prepare("SELECT val FROM config WHERE year='0' AND var='judge_scheduler_activity'");
$q->execute();
$r=$q->fetch(PDO::FETCH_OBJ);
$status=$r->val;
echo "$percent:$status\n";

2
admin/reports_students.inc.php
View File

@ -247,7 +247,7 @@ $report_students_fields = array(
'group_by' => array('students.registrations_id')),
'allnames_split' => array(
'name' => "Student -- All Student Names (REQUIRES MYSQL 5.0) (Split) ",
'name' => "Student -- All Student Names (REQUIRES 5.0) (Split) ",
'header' => 'Student(s)',
'width' => 3.0,
'scalable' => true,

10
admin/tours_sa_status.php
View File

@ -28,12 +28,14 @@ ogram; see the file COPYING. If not, write to
include "../data/config.inc.php";
mysql_connect($DBHOST,substr($DBUSER,0,16),$DBPASS);
mysql_select_db($DBNAME);
$q=mysql_query("SELECT val FROM config WHERE year='0' AND var='tours_assigner_percent'");
$r=mysql_fetch_object($q);
$q=$pdo->prepare("SELECT val FROM config WHERE year='0' AND var='tours_assigner_percent'");
$q->execute();
$r=$q->fetch(PDO::FETCH_OBJ);
$percent=$r->val;
$q=mysql_query("SELECT val FROM config WHERE year='0' AND var='tours_assigner_activity'");
$r=mysql_fetch_object($q);
$q=$pdo->prepare("SELECT val FROM config WHERE year='0' AND var='tours_assigner_activity'");
$q->execute();
$r=$q->fetch(PDO::FETCH_OBJ);
$status=$r->val;
echo "$percent:$status\n";

18
app/projectinfo.php
View File

@ -24,14 +24,15 @@
require("../common.inc.php");
//first, lets make sure someone isng tryint to see something that they arent allowed to!
$q=mysql_query("SELECT (NOW()>='".$config['dates']['postparticipants']."') AS test");
$r=mysql_fetch_object($q);
$q=$pdo->prepare("SELECT (NOW()>='".$config['dates']['postparticipants']."') AS test");
$q->execute();
$r=$q->fetch(PDO::FETCH_OBJ);
$pn=trim(mysql_real_escape_string($_GET['n']));
$pn=trim($_GET['n']);
if($r->test) {
$q=mysql_query("SELECT
$q=$pdo->prepare("SELECT
registrations.id AS reg_id,
registrations.status,
projects.title,
@ -55,14 +56,15 @@
AND projects.projectnumber='$pn'
LIMIT 1
");
echo mysql_error();
$r=mysql_fetch_assoc($q);
echo $pdo->errorInfo();
$r=$q->fetch(PDO::FETCH_ASSOC);
$regid=$r['reg_id'];
$q2=mysql_query("SELECT firstname,lastname,webfirst,weblast,schools.school FROM students JOIN schools ON students.schools_id=schools.id WHERE registrations_id='$regid' ORDER BY lastname");
$q2=$pdo->prepare("SELECT firstname,lastname,webfirst,weblast,schools.school FROM students JOIN schools ON students.schools_id=schools.id WHERE registrations_id='$regid' ORDER BY lastname");
$q2->execute();
$students="";
while($stud=mysql_fetch_object($q2)) {
while($stud=$q2->fetch(PDO::FETCH_OBJ)) {
if($stud->webfirst=="yes")
$students.="$stud->firstname ";

12
app/projectlist.php
View File

@ -24,12 +24,13 @@
require("../common.inc.php");
//first, lets make sure someone isnt trying to see something that they arent allowed to!
$q=mysql_query("SELECT (NOW()>='".$config['dates']['postparticipants']."') AS test");
$r=mysql_fetch_object($q);
$q=$pdo->prepare("SELECT (NOW()>='".$config['dates']['postparticipants']."') AS test");
$q->execute();
$r=$q->fetch(PDO::FETCH_OBJ);
if($r->test) {
$q=mysql_query("SELECT registrations.id AS reg_id,
$q=$pdo->prepare("SELECT registrations.id AS reg_id,
registrations.status,
projects.title,
projects.projectnumber,
@ -54,11 +55,12 @@
projectdivisions.id,
projects.projectnumber
");
echo mysql_error();
$q->execute();
echo $pdo->errorInfo();
$lastcat="something_that_does_not_exist";
$lastdiv="something_that_does_not_exist";
while($r=mysql_fetch_object($q)) {
while($r=$q->fetch(PDO::FETCH_OBJ)) {
if(!$r->title) $t="{no title}";
else $t=$r->title;

12
app/projects.php
View File

@ -24,14 +24,15 @@
require("../common.inc.php");
//first, lets make sure someone isnt trying to see something that they arent allowed to!
$q=mysql_query("SELECT (NOW()>='".$config['dates']['postparticipants']."') AS test");
$r=mysql_fetch_object($q);
$q=$pdo->prepare("SELECT (NOW()>='".$config['dates']['postparticipants']."') AS test");
$q->execute();
$r=$q->fetch(PDO::FETCH_OBJ);
$ret=array();
if($r->test) {
$ret['status']="ok";
$q=mysql_query("SELECT registrations.id AS reg_id,
$q=$pdo->prepare("SELECT registrations.id AS reg_id,
registrations.status,
projects.id AS projects_id,
projects.title,
@ -57,12 +58,13 @@
projectdivisions.id,
projects.projectnumber
");
echo mysql_error();
$q->execute();
echo $pdo->errorInfo();
$lastcat="something_that_does_not_exist";
$lastdiv="something_that_does_not_exist";
$projects=array();
while($r=mysql_fetch_object($q)) {
while($r=$q->fetch(PDO::fETCH_OBJ)) {
if(!$r->title) $t="{no title}";
else $t=$r->title;

2
committees.php
View File

@ -39,7 +39,7 @@
GROUP BY users.uid ORDER BY ord,users.lastname ");
//if there's nobody in this committee, then just skip it and go on to the next one.
if(mysql_num_rows($q2)==0)
if($q2->rowCount()==0)
continue;
echo "<tr>";

6
common.inc.php
View File

@ -842,8 +842,8 @@ function emit_time_selector($name,$selected="")
function emit_province_selector($name,$selected="",$extra="")
{
global $config;
$q=("SELECT * FROM provinces WHERE countries_code='".mysql_escape_string($config['country'])."' ORDER BY province");
if(mysql_num_rows($q)==1)
$q=("SELECT * FROM provinces WHERE countries_code='".$config['country']."' ORDER BY province");
if($q->rowCount()==1)
{
$r = $q->fetch();
echo "<input type=\"hidden\" name=\"$name\" value=\"$r-code\">";
@ -1184,7 +1184,7 @@ function committee_warnings()
AND award_awards.award_source_fairs_id IS NOT NULL
AND fairs.type='ysc' ");
echo pdo->errorInfo();
if(mysql_num_rows($qq) > 0) {
if($qq->rowCount() > 0) {
$warn;
break;

63
config/backuprestore.php
View File

@ -40,23 +40,26 @@ $dump.="#SFIAB DB VERSION: ".$config['DBVERSION']."\n";
$dump.="#SFIAB FAIR NAME: ".$config['fairname']."\n";
$dump.="#-------------------------------------------------\n";
$tableq=mysql_query("SHOW TABLES FROM `$DBNAME`");
while($tr=mysql_fetch_row($tableq)) {
$tableq=$pdo->prepare("SHOW TABLES FROM `$DBNAME`");
$tableq->execute();
while($tr=$tableq->fetch(PDO::FETCH_NUM)) {
$table=$tr[0];
$dump.="#TABLE: $table\n";
$columnq=mysql_query("SHOW COLUMNS FROM `$table`");
$columnq=$pdo->prepare("SHOW COLUMNS FROM `$table`");
$columnq->execute();
$str="INSERT INTO `$table` (";
unset($fields);
$fields=array();
while($cr=mysql_fetch_object($columnq)) {
while($cr=$columnq->fetch(PDO:;FETCH_OBJ)) {
$str.="`".$cr->Field."`,";
$fields[]=$cr->Field;
}
$str=substr($str,0,-1);
$str.=") VALUES (";
$dataq=mysql_query("SELECT * FROM `$table` ORDER BY `{$fields[0]}`");
while($data=mysql_fetch_object($dataq)) {
$dataq=$pdo->prepare("SELECT * FROM `$table` ORDER BY `{$fields[0]}`");
$dataq->execute();
while($data=$dataq->fetch(PDO::FETCH_OBJ)) {
$insertstr=$str;
foreach($fields AS $field) {
if(is_null($data->$field))
@ -167,7 +170,9 @@ else if($_POST['action']=="restoreproceed") {
//empty out the table
$sql="TRUNCATE TABLE `".$args[1]."`";
// echo $sql."\n";
mysql_query($sql);
$stmt = $pdo->prepare($sql);
$stmt->execute();
}
else if(mb_ereg("^#",$line)) {
//just skip it
@ -175,10 +180,12 @@ else if($_POST['action']=="restoreproceed") {
else
{
//insert the new data
mysql_query($line);
if(mysql_error()) {
$stmt = $pdo->prepare($line);
$stmt->execute();
if($pdo->errorInfo()) {
echo $line."\n";
echo mysql_error()."\n";
echo $pdo->errorInfo()."\n";
$err=true;
}
}
@ -203,11 +210,12 @@ else if($_POST['action']=="restoreproceed") {
else if ($_POST['action'] == 'clean_judges') {
//select all judges
$query = mysql_query('SELECT * FROM users WHERE types LIKE "judge"');
echo mysql_error();
$query = $pdo->prepare('SELECT * FROM users WHERE types LIKE "judge"');
$query->execute();
echo $pdo->errorInfo();
// Go through each judge and test:
while($judge = mysql_fetch_assoc($query)){
while($judge = $query->fetch(PDO::FETCH_ASSOC)){
//if they are deleted
if ($judge['deleted'] == 'yes') {
@ -222,16 +230,17 @@ else if ($_POST['action'] == 'clean_judges') {
else{
// Find max year of judge
$max_year_query = mysql_query('SELECT year FROM users WHERE uid = '. $judge['uid'] .' ORDER BY year DESC limit 1');
$judge_max_year = mysql_fetch_assoc($max_year_query);
$max_year_query = $pdo->prepare('SELECT year FROM users WHERE uid = '. $judge['uid'] .' ORDER BY year DESC limit 1');
$max_year_query->execute();
$judge_max_year = $max_year_query->fetch(PDO::FETCH_ASSOC);
// Grab old judge info.
// Old judge info consists of all entries in the database that are not the most recent for the specific judge
$deletable = mysql_query('SELECT * FROM users WHERE uid ='. $judge['uid'] .' AND year NOT LIKE '.$judge_max_year['year']);
$deletable = $pdo->prepare('SELECT * FROM users WHERE uid ='. $judge['uid'] .' AND year NOT LIKE '.$judge_max_year['year']);
$deletable->execute();
// and if they have old data from previous fair years
if (mysql_num_rows($deletable) > 0){
if ($deletable->rowCount() > 0){
// delete old data one by one
while ($old_judge_data = mysql_fetch_assoc($deletable)){
while ($old_judge_data = $deletable->fetch(PDO::FETCH_ASSOC)){
if (!is_array($old_judge_data['type'])){
$old_judge_data['types'] = array($old_judge_data['types']);
}
@ -250,9 +259,10 @@ else if ($_POST['action'] == 'clean_judges') {
,"backup_restore"
);
mysql_query("OPTIMIZE TABLE users, users_judge");
$stmt = $pdo->prepare("OPTIMIZE TABLE users, users_judge");
$stmt->execute();
$str = mysql_error();
$str = $pdo->errorInfo();
echo $str;
@ -265,9 +275,9 @@ else if ($_POST['action'] == 'clean_judges') {
}
else if ($_POST['action'] == 'clean_parents') {
$query_parents = mysql_query('SELECT * FROM users WHERE types LIKE "parent" AND year !='.$config['FAIRYEAR']);
while($parent = mysql_fetch_assoc($query_parents)){
$query_parents = $pdo->prepare('SELECT * FROM users WHERE types LIKE "parent" AND year !='.$config['FAIRYEAR']);
$query_parents->execute();
while($parent = $query_parents->fetch(PDO::FETCH_ASSOC)){
if (!is_array($parent['types'])){
$parent['types'] = array($parent['types']);
@ -283,9 +293,10 @@ else if ($_POST['action'] == 'clean_parents') {
,"backup_restore"
);
mysql_query("OPTIMIZE TABLE users, users_parent");
$stmt = $pdo->prepare("OPTIMIZE TABLE users, users_parent");
$stmt->execute();
$str = mysql_error();
$str = $pdo->errorInfo();
echo $str;

40
config/categories.php
View File

@ -31,7 +31,7 @@
array('Committee Main' => 'committee_main.php',
'SFIAB Configuration' => 'config/index.php',
'Age Categories' => 'config/categories.php'),"project_age_categories");
} else {
} else
send_header("Age Categories",
array('Committee Main' => 'committee_main.php',
'SFIAB Configuration' => 'config/index.php'),"project_age_categories");
@ -42,22 +42,24 @@
//ues isset($_POST['mingrade']) instead of just $_POST['mingrade'] to allow entering 0 for kindergarden
if($_POST['id'] && $_POST['category'] && isset($_POST['mingrade']) && $_POST['maxgrade'])
{
$q=mysql_query("SELECT id FROM projectcategories WHERE id='".$_POST['id']."' AND year='".$config['FAIRYEAR']."'");
echo mysql_error();
if(mysql_num_rows($q) && $_POST['saveid']!=$_POST['id'])
$q=$pdo->prepare("SELECT id FROM projectcategories WHERE id='".$_POST['id']."' AND year='".$config['FAIRYEAR']."'");
$q->execute();
echo $pdo->errorInfo();
if($q->rowCount() && $_POST['saveid']!=$_POST['id'])
{
echo error(i18n("Category ID %1 already exists",array($_POST['id']),array("category ID")));
}
else
{
mysql_query("UPDATE projectcategories SET ".
$stmt = $pdo->prepare("UPDATE projectcategories SET ".
"id='".$_POST['id']."', ".
"category='".mysql_escape_string(stripslashes($_POST['category']))."', ".
"category_shortform='".mysql_escape_string(stripslashes($_POST['category_shortform']))."', ".
"category='".stripslashes($_POST['category'])."', ".
"category_shortform='".stripslashes($_POST['category_shortform'])."', ".
"mingrade='".$_POST['mingrade']."', ".
"maxgrade='".$_POST['maxgrade']."' ".
"WHERE id='".$_POST['saveid']."'");
echo happy(i18n("Category successfully saved"));
$stmt->execute();
}
}
else
@ -71,21 +73,24 @@
//ues isset($_POST['mingrade']) instead of just $_POST['mingrade'] to allow entering 0 for kindergarden
if($_POST['id'] && $_POST['category'] && isset($_POST['mingrade']) && $_POST['maxgrade'])
{
$q=mysql_query("SELECT id FROM projectcategories WHERE id='".$_POST['id']."' AND year='".$config['FAIRYEAR']."'");
if(mysql_num_rows($q))
$q=$pdo->prepare("SELECT id FROM projectcategories WHERE id='".$_POST['id']."' AND year='".$config['FAIRYEAR']."'");
$q->execute();
if($q->rowCount())
{
echo error(i18n("Category ID %1 already exists",array($_POST['id']),array("category ID")));
}
else
{
mysql_query("INSERT INTO projectcategories (id,category,category_shortform,mingrade,maxgrade,year) VALUES ( ".
$pdo->prepare("INSERT INTO projectcategories (id,category,category_shortform,mingrade,maxgrade,year) VALUES ( ".
"'".$_POST['id']."', ".
"'".mysql_escape_string(stripslashes($_POST['category']))."', ".
"'".mysql_escape_string(stripslashes($_POST['category_shortform']))."', ".
"'".stripslashes($_POST['category'])."', ".
"'".stripslashes($_POST['category_shortform'])."', ".
"'".$_POST['mingrade']."', ".
"'".$_POST['maxgrade']."', ".
"'".$config['FAIRYEAR']."')");
$pdo->execute();
echo happy(i18n("Category successfully added"));
}
}
else
@ -98,9 +103,11 @@
{
//###### Feature Specific - filtering divisions by category - not conditional, cause even if they have the filtering turned off..if any links
//for this division exist they should be deleted
mysql_query("DELETE FROM projectcategoriesdivisions_link where projectcategories_id='".$_GET['remove']."' AND year='".$config['FAIRYEAR']."'");
$stmt = $pdo->prepare("DELETE FROM projectcategoriesdivisions_link where projectcategories_id='".$_GET['remove']."' AND year='".$config['FAIRYEAR']."'");
$stmt->execute();
//####
mysql_query("DELETE FROM projectcategories WHERE id='".$_GET['remove']."' AND year='".$config['FAIRYEAR']."'");
$stmt = $pdo->prepare("DELETE FROM projectcategories WHERE id='".$_GET['remove']."' AND year='".$config['FAIRYEAR']."'");
$stmt->execute();
echo happy(i18n("Category successfully removed"));
}
@ -125,8 +132,9 @@
if($_GET['action']=="edit")
{
echo "<input type=\"hidden\" name=\"saveid\" value=\"".$_GET['edit']."\">\n";
$q=mysql_query("SELECT * FROM projectcategories WHERE id='".$_GET['edit']."' AND year='".$config['FAIRYEAR']."'");
$categoryr=mysql_fetch_object($q);
$q=$pdo->prepare("SELECT * FROM projectcategories WHERE id='".$_GET['edit']."' AND year='".$config['FAIRYEAR']."'");
$q->execute();
$categoryr=$q->fetch(PDO::FETCH_OBJ);
$buttontext="Save";
}
else if($_GET['action']=="new")

18
config/dates.php
View File

@ -53,10 +53,11 @@ $error_ids = array();
if($_POST['savedates']) {
foreach($_POST['savedates'] as $key=>$val) {
//put the date and time back together
$d = mysql_escape_string(stripslashes($val));
$t =mysql_escape_string(stripslashes($_POST['savetimes'][$key]));
$d = stripslashes($val);
$t =stripslashes($_POST['savetimes'][$key]);
$v="$d $t";
mysql_query("UPDATE dates SET date='$v' WHERE year='".$config['FAIRYEAR']."' AND id='$key'");
$stmt = $pdo->prepare("UPDATE dates SET date='$v' WHERE year='".$config['FAIRYEAR']."' AND id='$key'");
$stmt->execute();
}
}
echo happy(i18n("Dates successfully saved"));
@ -128,13 +129,14 @@ foreach($dates as $dn=>$d) {
if(!$d['id']) {
$def=$defaultdates[$dn];
//hmm if we dont have a record for this date this year, INSERT the sql from the default
mysql_query("INSERT INTO dates (date,name,description,year) VALUES (
'".mysql_real_escape_string($def->date)."',
'".mysql_real_escape_string($dn)."',
'".mysql_real_escape_string($def->description)."',
$stmt = $pdo->prepare("INSERT INTO dates (date,name,description,year) VALUES (
'".$def->date."',
'".$dn."',
'".$def->description."',
'".$config['FAIRYEAR']."'
)");
$d['id']=mysql_insert_id();
$stmt->execute();
$d['id']=$pdo->lastInsertId();
$d['description']=$def->description;
$d['date']=$def->date;
}

62
config/divisions.php
View File

@ -44,31 +44,34 @@ if($_GET['action']=="edit" || $_GET['action']=="new") {
{
if($_POST['id'] && $_POST['division'] )
{
$q=mysql_query("SELECT id FROM projectdivisions WHERE id='".$_POST['id']."' AND year='".$config['FAIRYEAR']."'");
if(mysql_num_rows($q) && $_POST['saveid']!=$_POST['id'])
$q=$pdo->prepare("SELECT id FROM projectdivisions WHERE id='".$_POST['id']."' AND year='".$config['FAIRYEAR']."'");
$q->execute();
if($q->rowCount() && $_POST['saveid']!=$_POST['id'])
{
echo error(i18n("Division ID %1 already exists",array($_POST['id']),array("division ID")));
}
else
{
mysql_query("UPDATE projectdivisions SET ".
$stmt = $pdo->prepare("UPDATE projectdivisions SET ".
"id='".$_POST['id']."', ".
"division='".mysql_escape_string(stripslashes($_POST['division']))."', ".
"division_shortform='".mysql_escape_string(stripslashes($_POST['division_shortform']))."' ".
"division='".stripslashes($_POST['division'])."', ".
"division_shortform='".stripslashes($_POST['division_shortform'])."' ".
"WHERE id='".$_POST['saveid']."' AND year='{$config['FAIRYEAR']}'");
$stmt->execute();
//###### Feature Specific - filtering divisions by category
if($config['filterdivisionbycategory']=="yes"){
mysql_query("DELETE FROM projectcategoriesdivisions_link WHERE projectdivisions_id='".$_POST['saveid']."' AND year='".$config['FAIRYEAR']."'");
$stmt = $pdo->prepare("DELETE FROM projectcategoriesdivisions_link WHERE projectdivisions_id='".$_POST['saveid']."' AND year='".$config['FAIRYEAR']."'");
$stmt->execute();
if(is_array($_POST['divcat']))
{
foreach($_POST['divcat'] as $tempcat)
{
mysql_query("INSERT INTO projectcategoriesdivisions_link (projectdivisions_id,projectcategories_id,year) VALUES ( ".
$stmt = $pdo->prepare("INSERT INTO projectcategoriesdivisions_link (projectdivisions_id,projectcategories_id,year) VALUES ( ".
"'".$_POST['id']."', ".
"'".$tempcat."', ".
"'".$config['FAIRYEAR']."') ");
$stmt->execute();
}
}
}
@ -87,26 +90,29 @@ if($_GET['action']=="edit" || $_GET['action']=="new") {
{
if($_POST['id'] && $_POST['division'])
{
$q=mysql_query("SELECT id FROM projectdivisions WHERE id='".$_POST['id']."' AND year='".$config['FAIRYEAR']."'");
if(mysql_num_rows($q))
$q=$pdo->prepare("SELECT id FROM projectdivisions WHERE id='".$_POST['id']."' AND year='".$config['FAIRYEAR']."'");
$q->execute();
if($q->rowCount())
{
echo error(i18n("Division ID %1 already exists",array($_POST['id']),array("division ID")));
}
else
{
mysql_query("INSERT INTO projectdivisions (id,division,division_shortform,year) VALUES ( ".
$stmt = $pdo->prepare("INSERT INTO projectdivisions (id,division,division_shortform,year) VALUES ( ".
"'".$_POST['id']."', ".
"'".mysql_escape_string(stripslashes($_POST['division']))."', ".
"'".mysql_escape_string(stripslashes($_POST['division_shortform']))."', ".
"'".stripslashes($_POST['division'])."', ".
"'".stripslashes($_POST['division_shortform'])."', ".
"'".$config['FAIRYEAR']."') ");
$stmt->execute();
//###### Feature Specific - filtering divisions by category
if($config['filterdivisionbycategory']=="yes"){
foreach($_POST['divcat'] as $tempcat){
mysql_query("INSERT INTO projectcategoriesdivisions_link (projectdivisions_id,projectcategories_id,year) VALUES ( ".
$stmt = $pdo->prepare("INSERT INTO projectcategoriesdivisions_link (projectdivisions_id,projectcategories_id,year) VALUES ( ".
"'".$tempcat."', ".
"'".$config['FAIRYEAR']."') ");
$stmt->execute();
}
}
//#######
@ -123,8 +129,10 @@ if($_GET['action']=="edit" || $_GET['action']=="new") {
{
//###### Feature Specific - filtering divisions by category - not conditional, cause even if they have the filtering turned off..if any links
//for this division exist they should be deleted
mysql_query("DELETE FROM projectcategoriesdivisions_link where projectdivisions_id='".$_GET['remove']."' AND year='".$config['FAIRYEAR']."'");
mysql_query("DELETE FROM projectdivisions WHERE id='".$_GET['remove']."' AND year='".$config['FAIRYEAR']."'");
$stmt = $pdo->prepare("DELETE FROM projectcategoriesdivisions_link where projectdivisions_id='".$_GET['remove']."' AND year='".$config['FAIRYEAR']."'");
$stmt->execute();
$stmt = $pdo->prepare("DELETE FROM projectdivisions WHERE id='".$_GET['remove']."' AND year='".$config['FAIRYEAR']."'");
$stmt->execute();
echo happy(i18n("Division successfully removed"));
}
@ -151,8 +159,9 @@ if($_GET['action']=="edit" || $_GET['action']=="new") {
if($_GET['action']=="edit")
{
echo "<input type=\"hidden\" name=\"saveid\" value=\"".$_GET['edit']."\">\n";
$q=mysql_query("SELECT * FROM projectdivisions WHERE id='".$_GET['edit']."' AND year='".$config['FAIRYEAR']."'");
$divisionr=mysql_fetch_object($q);
$q=$pdo->prepare("SELECT * FROM projectdivisions WHERE id='".$_GET['edit']."' AND year='".$config['FAIRYEAR']."'");
$q->execute();
$divisionr=$q->fetch(PDO::FETCH_OBJ);
$buttontext="Save";
}
else if($_GET['action']=="new")
@ -167,11 +176,13 @@ if($_GET['action']=="edit" || $_GET['action']=="new") {
//###### Feature Specific - filtering divisions by category
if($config['filterdivisionbycategory']=="yes"){
echo " <td>";
$q=mysql_query("SELECT * FROM projectcategories WHERE year='".$config['FAIRYEAR']."' ORDER BY mingrade");
while($categoryr=mysql_fetch_object($q)){
$q=$pdo->prepare("SELECT * FROM projectcategories WHERE year='".$config['FAIRYEAR']."' ORDER BY mingrade");
$q->execute();
while($categoryr=$q->fetch(PDO::FETCH_OBJ)){
$query="SELECT * FROM projectcategoriesdivisions_link WHERE projectdivisions_id=".$divisionr->id." AND projectcategories_id=".$categoryr->id." AND year='".$config['FAIRYEAR']."'";
$t=mysql_query($query);
if($t && mysql_num_rows($t)>0)
$t=$pdo->prepare($query);
$t->execute();
if($t && $t->rowCount()>0)
echo "<nobr><input type=\"checkbox\" name=\"divcat[]\" value=\"$categoryr->id\" checked=\"checked\" /> $categoryr->category</nobr><br/>";
else
echo "<nobr><input type=\"checkbox\" name=\"divcat[]\" value=\"$categoryr->id\" /> $categoryr->category</nobr><br/>";
@ -195,18 +206,19 @@ if($_GET['action']=="edit" || $_GET['action']=="new") {
//###### Feature Specific - filtering divisions by category
if($config['filterdivisionbycategory']=="yes"){
$c=mysql_query("SELECT category FROM projectcategoriesdivisions_link, projectcategories
$c=$pdo->prepare("SELECT category FROM projectcategoriesdivisions_link, projectcategories
WHERE projectcategoriesdivisions_link.projectcategories_id = projectcategories.id
AND projectdivisions_id='$r->id'
AND projectcategoriesdivisions_link.year='".$config['FAIRYEAR']."'
AND projectcategories.year='".$config['FAIRYEAR']."'
ORDER BY projectcategories.mingrade");
echo mysql_error();
$c->execute();
echo $pdo->errorInfo();
if(!$c){
$tempcat="&nbsp;";
}else{
$tempcat="";
while($categoryr=mysql_fetch_object($c)){
while($categoryr=$c->fetch(PDO::FETCH_OBJ){
$tempcat.=",".$categoryr->category;
}
$tempcat=substr($tempcat,1);

8
config/divisions_cwsf.php
View File

@ -36,7 +36,8 @@
{
foreach($_POST['cwsfdivision'] AS $k=>$v)
{
mysql_query("UPDATE projectdivisions SET cwsfdivisionid='$v' WHERE id='$k' AND year='".$config['FAIRYEAR']."'");
$stmt = $pdo->prepare("UPDATE projectdivisions SET cwsfdivisionid='$v' WHERE id='$k' AND year='".$config['FAIRYEAR']."'");
$stmt->execute();
}
echo happy(i18n("Corresponding CWSF divisions saved"));
}
@ -54,8 +55,9 @@ echo "<br />";
echo "<th>".i18n("Corresponding CWSF Division")."</th>\n";
echo "</tr>";
$q=mysql_query("SELECT * FROM projectdivisions WHERE year='".$config['FAIRYEAR']."' ORDER BY id");
while($r=mysql_fetch_object($q))
$q=$pdo->prepare("SELECT * FROM projectdivisions WHERE year='".$config['FAIRYEAR']."' ORDER BY id");
$q->execute();
while($r=$q->fetch(PDO::FETCH_OBJ))
{
echo "<tr>";
echo " <td>".i18n($r->division)."</td>";

5
config/languagepacks.php
View File

@ -109,8 +109,9 @@
if(substr($line,0,6)=="UPDATE" || substr($line,0,6)=="INSERT")
{
mysql_query($line);
$a=mysql_affected_rows();
$stmt = $pdo->prepare($line);
$stmt->execute();
$a=$pdo->rowwCount();
$loaded+=$a;
}
else

27
config/pagetexts.php
View File

@ -57,16 +57,17 @@ $q = $pdo->prepare("SELECT * FROM pagetext WHERE year='-1' ORDER BY textname");
{
foreach($config['languages'] AS $lang=>$langname) {
$textvar="text_$lang";
$text=mysql_escape_string(stripslashes($_POST[$textvar]));
$text=stripslashes($_POST[$textvar]);
mysql_query("UPDATE pagetext
$stmt = $pdo->prepare("UPDATE pagetext
SET
lastupdate=NOW(),
text='$text'
WHERE
textname='".mysql_escape_string($_POST['textname'])."'
textname='".$_POST['textname']."'
AND year='".$config['FAIRYEAR']."'
AND lang='$lang'");
$stmt->execute();
}
echo happy(i18n("Page texts successfully saved"));
@ -74,9 +75,10 @@ $q = $pdo->prepare("SELECT * FROM pagetext WHERE year='-1' ORDER BY textname");
if($_GET['textname'])
{
$q=mysql_query("SELECT * FROM pagetext WHERE textname='".mysql_escape_string($_GET['textname'])."' AND year='".$config['FAIRYEAR']."'");
$q=$pdo->prepare("SELECT * FROM pagetext WHERE textname='".$_GET['textname']."' AND year='".$config['FAIRYEAR']."'");
$q->execute();
//needs to be at least one entry in any languages
if($r=mysql_fetch_object($q))
if($r=$q->fetch(PDO::FETCH_OBJ))
{
echo "<form method=\"post\" action=\"pagetexts.php\">";
echo "<input type=\"hidden\" name=\"action\" value=\"save\">\n";
@ -84,13 +86,15 @@ $q = $pdo->prepare("SELECT * FROM pagetext WHERE year='-1' ORDER BY textname");
foreach($config['languages'] AS $lang=>$langname) {
$q=mysql_query("SELECT * FROM pagetext WHERE textname='".mysql_escape_string($_GET['textname'])."' AND year='".$config['FAIRYEAR']."' AND lang='$lang'");
$r=mysql_fetch_object($q);
$q=$pdo->prepare("SELECT * FROM pagetext WHERE textname='".$_GET['textname']."' AND year='".$config['FAIRYEAR']."' AND lang='$lang'");
$q->execute();
$r=$q->fetch(PDO::FETCH_OBJ);
if(!$r)
{
mysql_query("INSERT INTO pagetext (textname,year,lang) VALUES ('".mysql_escape_string($_GET['textname'])."','".$config['FAIRYEAR']."','$lang')");
echo mysql_error();
$stmt = $pdo->prepare("INSERT INTO pagetext (textname,year,lang) VALUES ('".$_GET['textname']."','".$config['FAIRYEAR']."','$lang')");
$stmt->execute();
echo $pdo->errorInfo();
}
if($r->lastupdate=="0000-00-00 00:00:00" || !$r->lastupdate) $lastupdate="Never";
@ -129,9 +133,10 @@ $q = $pdo->prepare("SELECT * FROM pagetext WHERE year='-1' ORDER BY textname");
echo i18n("Choose a page text to edit");
echo "<table class=\"summarytable\">";
$q=mysql_query("SELECT * FROM pagetext WHERE year='".$config['FAIRYEAR']."' AND lang='".$config['default_language']."' ORDER BY textname");
$q=$pdo->prepare("SELECT * FROM pagetext WHERE year='".$config['FAIRYEAR']."' AND lang='".$config['default_language']."' ORDER BY textname");
$q->execute();
echo "<tr><th>".i18n("Page Text Description")."</th><th>".i18n("Last Update")."</th></tr>";
while($r=mysql_fetch_object($q))
while($r=$q->fetch(PDO::FETCH_OBJ))
{
echo "<tr><td><a href=\"pagetexts.php?textname=$r->textname\">$r->textdescription</a></td>";
if($r->lastupdate=="0000-00-00 00:00:00") $lastupdate="Never";

281
config/rollover.php
View File

@ -63,8 +63,9 @@
*/
/* Get field list for this table */
$q = mysql_query("SHOW COLUMNS IN `$table`");
while(($c = mysql_fetch_assoc($q))) {
$q = $pdo->prepare("SHOW COLUMNS IN `$table`");
$q->execute();
while(($c = $q->fech(PDDO::FETCH_ASSOC))) {
$col[$c['Field']] = $c;
}
@ -83,23 +84,25 @@
if($where == '') $where='1';
/* Get data */
$q=mysql_query("SELECT * FROM $table WHERE year='$currentfairyear' AND $where");
echo mysql_error();
$q=$pdo->prepare("SELECT * FROM $table WHERE year='$currentfairyear' AND $where");
$q->execute();
echo $pdo->errorInfo();
$names = '`'.join('`,`', $fields).'`';
/* Process data */
while($r=mysql_fetch_assoc($q)) {
while($r=$q->fech(PDDO::FETCH_ASSOC)) {
$vals = '';
foreach($fields as $f) {
if(array_key_exists($f, $replace))
$vals .= ",'".mysql_real_escape_string($replace[$f])."'";
$vals .= ",'".$replace[$f]."'";
else if($col[$f]['Null'] == 'YES' && $r[$f] == NULL)
$vals .= ',NULL';
else
$vals .= ",'".mysql_real_escape_string($r[$f])."'";
$vals .= ",'".$r[$f]."'";
}
mysql_query("INSERT INTO `$table`(`year`,$names) VALUES ('$newfairyear'$vals)");
echo mysql_error();
$stmt = $pdo->prepare("INSERT INTO `$table`(`year`,$names) VALUES ('$newfairyear'$vals)");
$stmt->execute();
echo $pdo->errorInfo();
}
}
@ -125,97 +128,112 @@
//now the dates
echo i18n("Rolling dates")."<br />";
$q=mysql_query("SELECT DATE_ADD(date,INTERVAL 365 DAY) AS newdate,name,description FROM dates WHERE year='$currentfairyear'");
echo mysql_error();
while($r=mysql_fetch_object($q))
mysql_query("INSERT INTO dates (date,name,description,year) VALUES (
'".mysql_real_escape_string($r->newdate)."',
'".mysql_real_escape_string($r->name)."',
'".mysql_real_escape_string($r->description)."',
'".mysql_real_escape_string($newfairyear)."')");
$q=$pdo->prepare("SELECT DATE_ADD(date,INTERVAL 365 DAY) AS newdate,name,description FROM dates WHERE year='$currentfairyear'");
$q->execute();
echo $pdo->errorInfo();
while($r=$q->fetch(PDO::FETCH_OBJ))
$stmt = $pdo->prepare("INSERT INTO dates (date,name,description,year) VALUES (
'".$r->newdate."',
'".$r->name."',
'".$r->description."',
'".$newfairyear."')");
$stmt->execute();
//page text
echo i18n("Rolling page texts")."<br />";
$q=mysql_query("SELECT * FROM pagetext WHERE year='$currentfairyear'");
echo mysql_error();
while($r=mysql_fetch_object($q))
mysql_query("INSERT INTO pagetext (textname,textdescription,text,lastupdate,year,lang) VALUES (
'".mysql_real_escape_string($r->textname)."',
'".mysql_real_escape_string($r->textdescription)."',
'".mysql_real_escape_string($r->text)."',
'".mysql_real_escape_string($r->lastupdate)."',
'".mysql_real_escape_string($newfairyear)."',
'".mysql_real_escape_string($r->lang)."')");
$q=$pdo->prepare("SELECT * FROM pagetext WHERE year='$currentfairyear'");
$q->execute();
echo $pdo->errorInfo();
while($r=$q->fetch(PDO::FETCH_OBJ))
$stmt = $pdo->prepare("INSERT INTO pagetext (textname,textdescription,text,lastupdate,year,lang) VALUES (
'".$r->textname."',
'".$r->textdescription."',
'".$r->text."',
'".$r->lastupdate."',
'".$newfairyear)."',
'".$r->lang."')";
$stmt->execute();
echo i18n("Rolling project categories")."<br />";
//project categories
$q=mysql_query("SELECT * FROM projectcategories WHERE year='$currentfairyear'");
echo mysql_error();
while($r=mysql_fetch_object($q))
mysql_query("INSERT INTO projectcategories (id,category,category_shortform,mingrade,maxgrade,year) VALUES (
'".mysql_real_escape_string($r->id)."',
'".mysql_real_escape_string($r->category)."',
'".mysql_real_escape_string($r->category_shortform)."',
'".mysql_real_escape_string($r->mingrade)."',
'".mysql_real_escape_string($r->maxgrade)."',
'".mysql_real_escape_string($newfairyear)."')");
$q=$pdo->prepare("SELECT * FROM projectcategories WHERE year='$currentfairyear'");
$q->execute();
echo $pdo->errorInfo();
while($r=$q->fetch(PDO::FETCH_OBJ))
$stmt = $pdo->prepare("INSERT INTO projectcategories (id,category,category_shortform,mingrade,maxgrade,year) VALUES (
'".$r->id."',
'".$r->category."',
'".$r->category_shortform."',
'".$r->mingrade."',
'".$r->maxgrade."',
'".$newfairyear."')");
$stmt->execute();
echo i18n("Rolling project divisions")."<br />";
//project divisions
$q=mysql_query("SELECT * FROM projectdivisions WHERE year='$currentfairyear'");
echo mysql_error();
while($r=mysql_fetch_object($q))
mysql_query("INSERT INTO projectdivisions (id,division,division_shortform,cwsfdivisionid,year) VALUES (
'".mysql_real_escape_string($r->id)."',
'".mysql_real_escape_string($r->division)."',
'".mysql_real_escape_string($r->division_shortform)."',
'".mysql_real_escape_string($r->cwsfdivisionid)."',
'".mysql_real_escape_string($newfairyear)."')");
$q=$pdo->prepare("SELECT * FROM projectdivisions WHERE year='$currentfairyear'");
$q->execute();
echo $pdo->errorInfo();
while($r=$q->fetch(PDO::FETCH_OBJ))
$stmt = $pdo->prepare("INSERT INTO projectdivisions (id,division,division_shortform,cwsfdivisionid,year) VALUES (
'".$r->id."',
'".$r->division."',
'".$r->division_shortform."',
'".$r->cwsfdivisionid."',
'".$newfairyear."')");
$stmt->execute();
echo i18n("Rolling project category-division links")."<br />";
//project categories divisions links
$q=mysql_query("SELECT * FROM projectcategoriesdivisions_link WHERE year='$currentfairyear'");
echo mysql_error();
while($r=mysql_fetch_object($q))
mysql_query("INSERT INTO projectcategoriesdivisions_link (projectdivisions_id,projectcategories_id,year) VALUES (
'".mysql_real_escape_string($r->projectdivisions_id)."',
'".mysql_real_escape_string($r->projectcategories_id)."',
'".mysql_real_escape_string($newfairyear)."')");
$q=$pdo->prepare("SELECT * FROM projectcategoriesdivisions_link WHERE year='$currentfairyear'");
$q->execute();
echo $pdo->errorInfo();
while($r=$q->fetch(PDO::FETCH_OBJ))
$stmt = $pdo->prepare("INSERT INTO projectcategoriesdivisions_link (projectdivisions_id,projectcategories_id,year) VALUES (
'".$r->projectdivisions_id."',
'".$r->projectcategories_id."',
'".$newfairyear."')");
$stmt->execute();
echo i18n("Rolling project sub-divisions")."<br />";
//project subdivisions
$q=mysql_query("SELECT * FROM projectsubdivisions WHERE year='$currentfairyear'");
echo mysql_error();
while($r=mysql_fetch_object($q))
mysql_query("INSERT INTO projectsubdivisions (id,projectdivisions_id,subdivision,year) VALUES (
'".mysql_real_escape_string($r->id)."',
'".mysql_real_escape_string($r->projectsubdivisions_id)."',
'".mysql_real_escape_string($r->subdivision)."',
'".mysql_real_escape_string($newfairyear)."')");
$q=$pdo->prepare("SELECT * FROM projectsubdivisions WHERE year='$currentfairyear'");
$q->execute();
echo $pdo->errorInfo();
while($r=$q->fetch(PDO::FETCH_OBJ))
$stmt = $pdo->prepare("INSERT INTO projectsubdivisions (id,projectdivisions_id,subdivision,year) VALUES (
'".$r->id."',
'".$r->projectsubdivisions_id."',
'".$r->subdivision."',
'".$newfairyear."')");
$stmt->execute();
echo i18n("Rolling safety questions")."<br />";
//safety questions
$q=mysql_query("SELECT * FROM safetyquestions WHERE year='$currentfairyear'");
echo mysql_error();
while($r=mysql_fetch_object($q))
mysql_query("INSERT INTO safetyquestions (question,type,required,ord,year) VALUES (
'".mysql_real_escape_string($r->question)."',
'".mysql_real_escape_string($r->type)."',
'".mysql_real_escape_string($r->required)."',
'".mysql_real_escape_string($r->ord)."',
'".mysql_real_escape_string($newfairyear)."')");
$q=$pdo->prepare("SELECT * FROM safetyquestions WHERE year='$currentfairyear'");
$q->execute();
echo $pdo->errorInfo();
while($r=$q->fetch(PDO::FETCH_OBJ))
$stmt = $pdo->prepare("INSERT INTO safetyquestions (question,type,required,ord,year) VALUES (
'".$r->question."',
'".$r->type."',
'".$r->required."',
'".$r->ord."',
'".$newfairyear."')");
$stmt->execute();
echo i18n("Rolling awards")."<br />";
//awards
$q=mysql_query("SELECT * FROM award_awards WHERE year='$currentfairyear'");
echo mysql_error();
while($r=mysql_fetch_object($q)) {
$q=$pdo->prepare("SELECT * FROM award_awards WHERE year='$currentfairyear'");
$q->execute();
echo $pdo->errorInfo();
while($r=$q->fetch(PDO::FETCH_OBJ)) {
/* Roll the one award */
roll($cy, $ny, 'award_awards', "id='{$r->id}'");
$award_awards_id=mysql_insert_id();
$award_awards_id=$pdo->lastInsertId();
roll($cy, $ny, 'award_awards_projectcategories', "award_awards_id='{$r->id}'",
array('award_awards_id' => $award_awards_id));
@ -229,60 +247,66 @@
echo i18n("Rolling award types")."<br />";
//award types
$q=mysql_query("SELECT * FROM award_types WHERE year='$currentfairyear'");
echo mysql_error();
while($r=mysql_fetch_object($q))
mysql_query("INSERT INTO award_types (id,type,`order`,year) VALUES (
'".mysql_real_escape_string($r->id)."',
'".mysql_real_escape_string($r->type)."',
'".mysql_real_escape_string($r->order)."',
'".mysql_real_escape_string($newfairyear)."')");
$q=$pdo->prepare("SELECT * FROM award_types WHERE year='$currentfairyear'");
$q->execute();
echo $pdo->errorInfo();
while($r=$q->fetch(PDO::FETCH_OBJ))
$stmt = $pdo->prepare("INSERT INTO award_types (id,type,`order`,year) VALUES (
'".$r->id."',
'".$r->type."',
'".$r->order."',
'".$newfairyear."')");
$stmt->execute();
echo i18n("Rolling schools")."<br />";
//award types
$q=mysql_query("SELECT * FROM schools WHERE year='$currentfairyear'");
echo mysql_error();
while($r=mysql_fetch_object($q)) {
$q=$pdo->prepare("SELECT * FROM schools WHERE year='$currentfairyear'");
$q->execute();
echo $pdo->errorInfo();
while($r=$q->fetch(PDO::FETCH_OBJ)) {
$puid = ($r->principal_uid == null) ? 'NULL' : ("'".intval($r->principal_uid)."'");
$shuid = ($r->sciencehead_uid == null) ? 'NULL' : ("'".intval($r->sciencehead_uid)."'");
mysql_query("INSERT INTO schools (school,schoollang,schoollevel,board,district,phone,fax,address,city,province_code,postalcode,principal_uid,schoolemail,sciencehead_uid,accesscode,lastlogin,junior,intermediate,senior,registration_password,projectlimit,projectlimitper,year) VALUES (
'".mysql_real_escape_string($r->school)."',
'".mysql_real_escape_string($r->schoollang)."',
'".mysql_real_escape_string($r->schoollevel)."',
'".mysql_real_escape_string($r->board)."',
'".mysql_real_escape_string($r->district)."',
'".mysql_real_escape_string($r->phone)."',
'".mysql_real_escape_string($r->fax)."',
'".mysql_real_escape_string($r->address)."',
'".mysql_real_escape_string($r->city)."',
'".mysql_real_escape_string($r->province_code)."',
'".mysql_real_escape_string($r->postalcode)."',$puid,
'".mysql_real_escape_string($r->schoolemail)."',$shuid,
'".mysql_real_escape_string($r->accesscode)."',
$stmt = $pdo->prepare("INSERT INTO schools (school,schoollang,schoollevel,board,district,phone,fax,address,city,province_code,postalcode,principal_uid,schoolemail,sciencehead_uid,accesscode,lastlogin,junior,intermediate,senior,registration_password,projectlimit,projectlimitper,year) VALUES (
'".$r->school."',
'".$r->schoollang."',
'".$r->schoollevel."',
'".$r->board."',
'".$r->district."',
'".$r->phone."',
'".$r->fax."',
'".$r->address."',
'".$r->city."',
'".$r->province_code."',
'".$r->postalcode."',$puid,
'".$r->schoolemail."',$shuid,
'".$r->accesscode."',
NULL,
'".mysql_real_escape_string($r->junior)."',
'".mysql_real_escape_string($r->intermediate)."',
'".mysql_real_escape_string($r->senior)."',
'".mysql_real_escape_string($r->registration_password)."',
'".mysql_real_escape_string($r->projectlimit)."',
'".mysql_real_escape_string($r->projectlimitper)."',
'".mysql_real_escape_string($newfairyear)."')");
'".$r->junior."',
'".$r->intermediate."',
'".$r->senior."',
'".$r->registration_password."',
'".$r->projectlimit."',
'".$r->projectlimitper."',
'".$newfairyear."')");
$stmt->execute();
}
echo i18n("Rolling questions")."<br />";
$q = mysql_query("SELECT * FROM questions WHERE year='$currentfairyear'");
while($r=mysql_fetch_object($q))
mysql_query("INSERT INTO questions (id,year,section,db_heading,question,type,required,ord) VALUES (
$q = $pdo->prepare("SELECT * FROM questions WHERE year='$currentfairyear'");
$q->execute();
while($r=$q->fetch(PDO::FETCH_OBJ))
$stmt = $pdo->prepare("INSERT INTO questions (id,year,section,db_heading,question,type,required,ord) VALUES (
'',
'$newfairyear',
'".mysql_real_escape_string($r->section)."',
'".mysql_real_escape_string($r->db_heading)."',
'".mysql_real_escape_string($r->question)."',
'".mysql_real_escape_string($r->type)."',
'".mysql_real_escape_string($r->required)."',
'".mysql_real_escape_string($r->ord)."')");
'".$r->section."',
'".$r->db_heading."',
'".$r->question."',
'".$r->type."',
'".$r->required."',
'".$r->ord."')");
$stmt->execute();
//regfee items
echo i18n("Rolling registration fee items")."<br />";
@ -294,26 +318,31 @@
//timeslots and rounds
echo i18n('Rolling judging timeslots and rounds')."<br />";
$q=mysql_query("SELECT * FROM judges_timeslots WHERE year='$currentfairyear' AND round_id='0'");
echo mysql_error();
while($r=mysql_fetch_assoc($q)) {
$q=$pdo->prepare("SELECT * FROM judges_timeslots WHERE year='$currentfairyear' AND round_id='0'");
$q->execute();
echo $pdo->errorInfo();
while($r=$q->fech(PDDO::FETCH_ASSOC)) {
$d = $newfairyear - $currentfairyear;
mysql_query("INSERT INTO judges_timeslots (`year`,`round_id`,`type`,`date`,`starttime`,`endtime`,`name`)
$stmt = $pdo->prepare("INSERT INTO judges_timeslots (`year`,`round_id`,`type`,`date`,`starttime`,`endtime`,`name`)
VALUES ('$newfairyear','0','{$r['type']}',DATE_ADD('{$r['date']}', INTERVAL $d YEAR),
'{$r['starttime']}','{$r['endtime']}','{$r['name']}')");
echo mysql_error();
$round_id = mysql_insert_id();
$qq = mysql_query("SELECT * FROM judges_timeslots WHERE round_id='{$r['id']}'");
echo mysql_error();
while($rr=mysql_fetch_assoc($qq)) {
mysql_query("INSERT INTO judges_timeslots (`year`,`round_id`,`type`,`date`,`starttime`,`endtime`)
$stmt->execute();
echo $pdo->errorInfo();
$round_id = $pdo->lastInsertId();
$qq = $pdo->prepare("SELECT * FROM judges_timeslots WHERE round_id='{$r['id']}'");
$qq->execute();
echo $pdo->errorInfo();
while($rr=$qq->fetch(PDO::FETCH_ASSOC)) {
$stmt = $pdo->prepare("INSERT INTO judges_timeslots (`year`,`round_id`,`type`,`date`,`starttime`,`endtime`)
VALUES ('$newfairyear','$round_id','timeslot',DATE_ADD('{$rr['date']}', INTERVAL $d YEAR),
'{$rr['starttime']}','{$rr['endtime']}')");
$stmt->execute();
}
}
echo "<br /><br />";
mysql_query("UPDATE config SET val='$newfairyear' WHERE var='FAIRYEAR' AND year=0");
$stmt = $pdo->prepare("UPDATE config SET val='$newfairyear' WHERE var='FAIRYEAR' AND year=0");
$stmt->execute();
echo happy(i18n("Fair year has been rolled over from %1 to %2",array($currentfairyear,$newfairyear)));
send_footer();
exit;

43
config/rolloverfiscal.php
View File

@ -81,8 +81,9 @@ function rolloverfiscalyear($newYear){
// first we'll roll over fundraising_campaigns:
$fields = "`name`,`type`,`startdate`,`enddate`,`followupdate`,`active`,`target`,`fundraising_goal`,`filterparameters`";
$q = mysql_query("SELECT $fields FROM fundraising_campaigns WHERE fiscalyear = $oldYear");
while(mysql_error() == null && $r = mysql_fetch_assoc($q)){
$q = $pdo->prepare("SELECT $fields FROM fundraising_campaigns WHERE fiscalyear = $oldYear");
$q->execute();
while($pdo->errorInfo() == null && $r = $q->fetch(PDO::FETCH_ASSOC)){
foreach(array('startdate','enddate','followupdate') as $dateField){
$dateval = $r[$dateField];
$parts = explode('-', $dateval);
@ -95,33 +96,37 @@ function rolloverfiscalyear($newYear){
$fields = array_keys($r);
$values = array_values($r);
foreach($values as $idx => $val){
$values[$idx] = mysql_real_escape_string($val);
$values[$idx] = $val;
}
$query = "INSERT INTO fundraising_campaigns (`" . implode("`,`", $fields) . "`) VALUES('" . implode("','", $values) . "')";
mysql_query($query);
$stmt = $pdo->prepare($query);
$stmt->execute();
}
// next we'll hit findraising_donor_levels
$fields = "`level`,`min`,`max`,`description`";
if(mysql_error() == null)
$q = mysql_query("SELECT $fields FROM fundraising_donor_levels WHERE fiscalyear = $oldYear");
while(mysql_error() == null && $r = mysql_fetch_assoc($q)){
if($pdo->errorInfo() == null)
$q = $pdo->prepare("SELECT $fields FROM fundraising_donor_levels WHERE fiscalyear = $oldYear");
$q->execute();
while($pdo->errorInfo() == null && $r = $q->fetch(PDO::FETCH_ASSOC)){
$r['fiscalyear'] = $newYear;
$fields = array_keys($r);
$values = array_values($r);
foreach($values as $idx => $val){
$values[$idx] = mysql_real_escape_string($val);
$values[$idx] = $val;
}
$query = "INSERT INTO fundraising_donor_levels (`" . implode("`,`", $fields) . "`) VALUES('" . implode("','", $values) . "')";
mysql_query($query);
$stmt = $pdo->prepare($query);
$stmt->execute();
}
// and now we'll do findraising_goals
$fields = "`goal`,`name`,`description`,`system`,`budget`,`deadline`";
if(mysql_error() == null){
$q = mysql_query("SELECT $fields FROM fundraising_goals WHERE fiscalyear = $oldYear");
if($pdo->errorInfo() == null){
$q = $pdo->prepare("SELECT $fields FROM fundraising_goals WHERE fiscalyear = $oldYear");
$q->execute();
}
while(mysql_error() == null && $r = mysql_fetch_assoc($q)){
while($pdo->errorInfo() == null && $r = $q->fetch(PDO::FETCH_ASSOC)){
$dateval = $r['deadline'];
$parts = explode('-', $dateval);
if($parts[0] != '0000')
@ -133,22 +138,24 @@ function rolloverfiscalyear($newYear){
$fields = array_keys($r);
$values = array_values($r);
foreach($values as $idx => $val){
$values[$idx] = mysql_real_escape_string($val);
$values[$idx] = $val;
}
$query = "INSERT INTO fundraising_goals (`" . implode("`,`", $fields) . "`) VALUES('" . implode("','", $values) . "')";
mysql_query($query);
$stmt = $pdo->prepare($query);
$stmt->execute();
}
// finally, let's update the fiscal year itself:
if(mysql_error() == null){
mysql_query("UPDATE config SET val='$newYear' WHERE var='FISCALYEAR'");
if($pdo->errorInfo() == null){
$stmt = $pdo->prepare("UPDATE config SET val='$newYear' WHERE var='FISCALYEAR'");
$stmt->execute();
}
if(mysql_error() == null){
if($pdo->errorInfo() == null){
$config['FISCALYEAR'] = $newYear;
echo happy(i18n("Fiscal year has been rolled over from %1 to %2", array($oldYear, $newYear)));
}else{
echo error(mysql_error());
echo error($pdo->errorInfo());
}
}

34
config/safetyquestions.php
View File

@ -37,13 +37,14 @@
if(!ereg("^[0-9]*$",$_POST['ord']))
echo notice(i18n("Defaulting non-numeric order value %1 to 0",array($_POST['ord'])));
mysql_query("UPDATE safetyquestions SET
question='".mysql_escape_string(stripslashes($_POST['question']))."',
`type`='".mysql_escape_string(stripslashes($_POST['type']))."',
`required`='".mysql_escape_string(stripslashes($_POST['required']))."',
ord='".mysql_escape_string(stripslashes($_POST['ord']))."'
$stmt = $pdo->prepare("UPDATE safetyquestions SET
question='".stripslashes($_POST['question'])."',
`type`='".stripslashes($_POST['type'])."',
`required`='".stripslashes($_POST['required'])."',
ord='".stripslashes($_POST['ord'])."'
WHERE id='".$_POST['save']."' AND year='".$config['FAIRYEAR']."'");
echo mysql_error();
$stmt->execute();
echo $pdo->errorInfo();
echo happy(i18n("Safety question successfully saved"));
}
@ -55,14 +56,15 @@
{
if($_POST['question'])
{
mysql_query("INSERT INTO safetyquestions (question,type,required,ord,year) VALUES (
'".mysql_escape_string(stripslashes($_POST['question']))."',
'".mysql_escape_string(stripslashes($_POST['type']))."',
'".mysql_escape_string(stripslashes($_POST['required']))."',
'".mysql_escape_string(stripslashes($_POST['ord']))."',
$stmt = $pdo->prepare("INSERT INTO safetyquestions (question,type,required,ord,year) VALUES (
'".stripslashes($_POST['question'])."',
'".stripslashes($_POST['type'])."',
'".stripslashes($_POST['required'])."',
'".stripslashes($_POST['ord'])."',
'".$config['FAIRYEAR']."'
)");
echo mysql_error();
$stmt->execute();
echo $pdo->errorInfo();
echo happy(i18n("Safety question successfully added"));
}
@ -72,7 +74,8 @@
if($_GET['action']=="remove" && $_GET['remove'])
{
mysql_query("DELETE FROM safetyquestions WHERE id='".$_GET['remove']."' AND year='".$config['FAIRYEAR']."'");
$stmt = $pdo->prepare("DELETE FROM safetyquestions WHERE id='".$_GET['remove']."' AND year='".$config['FAIRYEAR']."'");
$stmt->execute();
echo happy(i18n("Safety question successfully removed"));
}
@ -91,9 +94,10 @@
{
$buttontext="Save safety question";
echo "<input type=\"hidden\" name=\"action\" value=\"save\">\n";
$q=mysql_query("SELECT * FROM safetyquestions WHERE id='".$_GET['edit']."' AND year='".$config['FAIRYEAR']."'");
$q=$pdo->prepare("SELECT * FROM safetyquestions WHERE id='".$_GET['edit']."' AND year='".$config['FAIRYEAR']."'");
$q->execute();
echo "<input type=\"hidden\" name=\"save\" value=\"".$_GET['edit']."\">\n";
if(!$r=mysql_fetch_object($q))
if(!$r=$q->fetch(PDO::FETCH_OBJ))
{
$showform=false;
echo error(i18n("Invalid safety question"));

15
config/signaturepage.php
View File

@ -40,11 +40,16 @@
if($_POST['usepostamble']) $usepa="1"; else $usepa="0";
if($_POST['useregfee']) $userf="1"; else $userf="0";
mysql_query("UPDATE signaturepage SET `use`='$useex', `text`='".mysql_escape_string(stripslashes($_POST['exhibitordeclaration']))."' WHERE name='exhibitordeclaration'");
mysql_query("UPDATE signaturepage SET `use`='$usepg', `text`='".mysql_escape_string(stripslashes($_POST['parentdeclaration']))."' WHERE name='parentdeclaration'");
mysql_query("UPDATE signaturepage SET `use`='$usete', `text`='".mysql_escape_string(stripslashes($_POST['teacherdeclaration']))."' WHERE name='teacherdeclaration'");
mysql_query("UPDATE signaturepage SET `use`='$usepa', `text`='".mysql_escape_string(stripslashes($_POST['postamble']))."' WHERE name='postamble'");
mysql_query("UPDATE signaturepage SET `use`='$userf', `text`='' WHERE name='regfee'");
$stmt = $pdo->prepare("UPDATE signaturepage SET `use`='$useex', `text`='".stripslashes($_POST['exhibitordeclaration'])."' WHERE name='exhibitordeclaration'");
$stmt->execute();
$stmt = $pdo->prepare("UPDATE signaturepage SET `use`='$usepg', `text`='".stripslashes($_POST['parentdeclaration'])."' WHERE name='parentdeclaration'");
$stmt->execute();
$stmt = $pdo->prepare("UPDATE signaturepage SET `use`='$usete', `text`='".stripslashes($_POST['teacherdeclaration'])."' WHERE name='teacherdeclaration'");
$stmt->execute();
$stmt = $pdo->prepare("UPDATE signaturepage SET `use`='$usepa', `text`='".stripslashes($_POST['postamble'])."' WHERE name='postamble'");
$stmt->execute();
$stmt = $pdo->prepare("UPDATE signaturepage SET `use`='$userf', `text`='' WHERE name='regfee'");
$stmt->execute();
echo happy(i18n("$sentence_begin_participationform text successfully saved"));
}

38
config/subdivisions.php
View File

@ -42,18 +42,20 @@
{
if($_POST['id'] && $_POST['projectdivisions_id'] && $_POST['subdivision'] )
{
$q=mysql_query("SELECT id FROM projectsubdivisions WHERE id='".$_POST['id']."' AND year='".$config['FAIRYEAR']."'");
if(mysql_num_rows($q) && $_POST['saveid']!=$_POST['id'])
$q=$pdo->prepare("SELECT id FROM projectsubdivisions WHERE id='".$_POST['id']."' AND year='".$config['FAIRYEAR']."'");
$q->execute();
if($q->rowCount() && $_POST['saveid']!=$_POST['id'])
{
echo error(i18n("Sub-Division ID %1 already exists",array($_POST['id'])));
}
else
{
mysql_query("UPDATE projectsubdivisions SET ".
$stmt = $pdo->prepare("UPDATE projectsubdivisions SET ".
"id='".$_POST['id']."', ".
"projectdivisions_id='".$_POST['projectdivisions_id']."', ".
"subdivision='".mysql_escape_string(stripslashes($_POST['subdivision']))."' ".
"subdivision='".stripslashes($_POST['subdivision'])."' ".
"WHERE id='".$_POST['saveid']."'");
$stmt->execute();
echo happy(i18n("Sub-Division successfully saved"));
}
}
@ -69,26 +71,29 @@
{
if(!$_POST['id'])
{
$idq=mysql_query("SELECT MAX(id) AS id FROM projectsubdivisions");
$idr=mysql_fetch_object($idq);
$idq=$pdo->prepare("SELECT MAX(id) AS id FROM projectsubdivisions");
$idq->execute();
$idr=$idq->fetch(PDO::fETCH_OBJ);
$newid=$idr->id+1;
}
else
$newid=$_POST['id'];
$q=mysql_query("SELECT id FROM projectsubdivisions WHERE id='$newid' AND year='".$config['FAIRYEAR']."'");
if(mysql_num_rows($q))
$q=$pdo->prepare("SELECT id FROM projectsubdivisions WHERE id='$newid' AND year='".$config['FAIRYEAR']."'");
$q->execute();
if($q->rowCount())
{
echo error(i18n("Sub-Division ID %1 already exists",array($newid)));
}
else
{
mysql_query("INSERT INTO projectsubdivisions (id,projectdivisions_id,subdivision,year) VALUES ( ".
$stmt = $pdo->prepare("INSERT INTO projectsubdivisions (id,projectdivisions_id,subdivision,year) VALUES ( ".
"'$newid', ".
"'".$_POST['projectdivisions_id']."', ".
"'".mysql_escape_string(stripslashes($_POST['subdivision']))."', ".
"'".stripslashes($_POST['subdivision'])."', ".
"'".$config['FAIRYEAR']."') ");
$stmt->execute();
echo happy(i18n("Sub-Division successfully added"));
}
}
@ -100,7 +105,8 @@
if($_GET['action']=="remove" && $_GET['remove'])
{
mysql_query("DELETE FROM projectsubdivisions WHERE id='".$_GET['remove']."'");
$stmt = $pdo->prepare("DELETE FROM projectsubdivisions WHERE id='".$_GET['remove']."'");
$stmt->execute();
echo happy(i18n("Sub-Division successfully removed"));
}
@ -123,8 +129,9 @@
if($_GET['action']=="edit")
{
echo "<input type=\"hidden\" name=\"saveid\" value=\"".$_GET['edit']."\">\n";
$q=mysql_query("SELECT * FROM projectsubdivisions WHERE id='".$_GET['edit']."' AND year='".$config['FAIRYEAR']."'");
$divisionr=mysql_fetch_object($q);
$q=$pdo->prepare("SELECT * FROM projectsubdivisions WHERE id='".$_GET['edit']."' AND year='".$config['FAIRYEAR']."'");
$q->execute();
$divisionr=$q->fetch(PDO::FETCH_OBJ);
$buttontext="Save";
}
else if($_GET['action']=="new")
@ -134,8 +141,9 @@
echo "<tr>";
echo " <td>";
echo "<select name=\"projectdivisions_id\">";
$dq=mysql_query("SELECT * FROM projectdivisions WHERE year='".$config['FAIRYEAR']."' ORDER BY division");
while($dr=mysql_fetch_object($dq))
$dq=$pdo->prepare("SELECT * FROM projectdivisions WHERE year='".$config['FAIRYEAR']."' ORDER BY division");
$dq->execute();
while($dr=$dq->fetch(PDO::FETCH_OBJ))
{
if($dr->id==$divisionr->projectdivisions_id) $sel="selected=\"selected\""; else $sel="";
echo "<option $sel value=\"$dr->id\">$dr->division</option>\n";

8
config/variables.php
View File

@ -46,7 +46,8 @@
if($_POST['action']=="save") {
if($_POST['specialconfig']) {
foreach($_POST['specialconfig'] as $key=>$val) {
mysql_query("UPDATE config SET val='".mysql_escape_string(stripslashes($val))."' WHERE year='0' AND var='$key'");
$stmt = $pdo->prepare("UPDATE config SET val='".stripslashes($val)."' WHERE year='0' AND var='$key'");
$stmt->execute();
}
}
message_push(happy(i18n("Configuration successfully saved")));
@ -98,11 +99,12 @@ $q->execute();
echo "<input type=\"hidden\" name=\"action\" value=\"save\">\n";
echo "<input type=\"hidden\" name=\"category\" value=\"Special\">\n";
echo "<table cellpadding=\"3\">";
$q=mysql_query("SELECT * FROM config WHERE year=0 ORDER BY var");
$q=$pdo->prepare("SELECT * FROM config WHERE year=0 ORDER BY var");
$q->execute();
echo "<tr><td colspan=\"2\">";
echo i18n("Warning, modifying values on this configuration variables page could cause your SFIAB to stop working. Only change anything on this page if you really know what you are doing");
echo "</td></tr>";
while($r=mysql_fetch_object($q)) {
while($r=$q->fetch(PDO::FETCH_OBJ)) {
if($r->var=="FAIRYEAR" || $r->var=="DBVERSION" || $r->var=="FISCALYEAR") {
echo "<tr><td><b>$r->var</b> - ".i18n($r->description)."</td><td>$r->val</td></tr>";
}

18
config_editor.inc.php
View File

@ -95,7 +95,7 @@ function config_update_variables($fairyear=NULL, $lastfairyear=NULL)
OR config.year='-1')
ORDER BY config.year DESC";
$r2 = ($q);
if(mysql_num_rows($r2) < 1) {
if($r2->rowCount() < 1) {
/* Uhoh, this shouldn't happen */
echo "ERROR, Variable '$var' doesn't exist";
exit;
@ -103,13 +103,13 @@ function config_update_variables($fairyear=NULL, $lastfairyear=NULL)
$v = $r2->fetch();
("INSERT INTO config (var,val,category,type,type_values,ord,description,year) VALUES (
'".pdo->quote($v->var)."',
'".pdo->quote($v->val)."',
'".pdo->quote($v->category)."',
'".pdo->quote($v->type)."',
'".pdo->quote($v->type_values)."',
'".pdo->quote($v->ord)."',
'".pdo->quote($v->description)."',
'".$v->var."',
'".$v->val."',
'".$v->category."',
'".$v->type."',
'".$v->type_values."',
'".$v->ord."',
'".$v->description."',
'$fairyear')");
}
}
@ -213,7 +213,7 @@ function config_editor($category, $year, $array_name, $self)
print("<td>");
$val = htmlspecialchars($var[$k]['val']);
$name = "${array_name}[$k]";
$name = "{$array_name}[$k]";
switch($var[$k]['type']) {
case "yesno":

2
contact.php
View File

@ -103,7 +103,7 @@ function tochange() {
//if there's nobody in this committee, then just skip it and go on to the next one.
// FIX ME !!!!!
if(mysql_num_rows($q2)==0)
if($q2->rowCount()==0)
continue;
echo "<option value=\"\">{$r->name}</option>\n";

209
db/db.update.116.php
View File

@ -4,38 +4,44 @@ function db_update_116_post()
global $config;
/* Fix the users that have a 0 year */
$q = mysql_query("UPDATE `users` SET year={$config['FAIRYEAR']} WHERE year=0");
echo mysql_error();
$q = $pdo->prepare("UPDATE `users` SET year={$config['FAIRYEAR']} WHERE year=0");
$q->execute();
echo $pdo->errorInfo();
/* Fix users without a username */
mysql_query("UPDATE `users` SET `username`=`email` WHERE `username`=''");
$stmt = $pdo->prepare("UPDATE `users` SET `username`=`email` WHERE `username`=''");
$stmt->execute();
/*randomize usernames for any user that doesnt have a username at this point */
$q=mysql_query("SELECT id FROM `users` WHERE username=''");
$q=$pdo->prepare("SELECT id FROM `users` WHERE username=''");
$q->execute();
//this is ripped from user.inc.php's generate passsword function.
//yes there's a chance of collisions, but i think highly unlikely enough that we
//dont need to worry about it.
$available="ABCDEFGHJKLMNPQRSTUVWXYZabcdefghjkmnpqrstuvwxyz23456789";
$len=strlen($available) - 1;
while($r=mysql_fetch_object($q)) {
while($r=$q->fetch(PDO::FETCH_OBJ)) {
$username="";
for($x=0;$x<16;$x++)
$username.=$available{rand(0,$len)};
mysql_query("UPDATE users SET username='$username' WHERE id='$r->id'");
$stmt = $pdo->prepare("UPDATE users SET username='$username' WHERE id='$r->id'");
$stmt->execute();
}
//okay now finally, there's a chance of duplicates from
//committee/volunteer that were in here before, so we need to merge
//them
$q = mysql_query("SELECT * FROM `users` WHERE types LIKE '%committee%'");
while($r = mysql_fetch_assoc($q)) {
$q = $pdo->prepare("SELECT * FROM `users` WHERE types LIKE '%committee%'");
$q->execute();
while($r = $q->fetch(PDO::FETCH_ASSOC)) {
$orig_r = $r;
$qq = mysql_query("SELECT * FROM `users` WHERE
$qq = $pdo->prepare("SELECT * FROM `users` WHERE
(`username`='{$r['username']}' OR `email`='{$r['email']}')
AND `id`!={$r['id']}");
if(mysql_num_rows($qq) == 0) continue;
$qq->execute();
if($qq->rowCount() == 0) continue;
echo "User id {$r['id']} ({$r['username']} {$r['email']}) has multiple users, merging...\n";
@ -48,7 +54,7 @@ function db_update_116_post()
* */
$delete_ids = array();
$delete_userids = array();
while($rr = mysql_fetch_assoc($qq)) {
while($rr = $qq->fetch(PDO::FETCH_ASSOC)) {
$delete_ids[] = "`id`={$rr['id']}";
$delete_userids[] = "`users_id`={$rr['id']}";
$keys = array_keys($rr);
@ -86,7 +92,8 @@ function db_update_116_post()
}
if(count($set)) {
$query = join(',',$set);
mysql_query("UPDATE `users` SET $query WHERE id={$r['id']}");
$stmt = $pdo->prepare("UPDATE `users` SET $query WHERE id={$r['id']}");
$stmt->execute();
echo "Update query: UPDATE `users` SET $query WHERE id={$r['id']}\n";
}
@ -96,38 +103,47 @@ function db_update_116_post()
echo "Merged... Deleting duplicate and adjusting volunteer tables...\n";
/* Delete the dupe */
mysql_query("DELETE FROM `users` $where_id");
$stmt = $pdo->prepare("DELETE FROM `users` $where_id");
$stmt->execute();
/* Update volunteer linkage */
mysql_query("UPDATE `users_volunteer` SET `users_id`={$r['id']} $where_users_id");
mysql_query("UPDATE `volunteer_positions_signup` SET `users_id`={$r['id']} $where_users_id");
$stmt = $pdo->prepare("UPDATE `users_volunteer` SET `users_id`={$r['id']} $where_users_id");
$stmt->execute();
$stmt = $pdo->prepare("UPDATE `volunteer_positions_signup` SET `users_id`={$r['id']} $where_users_id");
$stmt->execute();
echo "done with this user.\n";
}
/* Create volunteer database entries for any that don't exist */
$q = mysql_query("SELECT * FROM users WHERE types LIKE '%volunteer%'");
while($i = mysql_fetch_object($q)) {
mysql_query("INSERT INTO users_volunteer(`users_id`,`volunteer_active`,`volunteer_complete`)
$q = $pdo->prepare("SELECT * FROM users WHERE types LIKE '%volunteer%'");
$q->execute();
while($i = $q->fetch(PDO::FETCH_OBJ)) {
$stmt = $pdo->prepare("INSERT INTO users_volunteer(`users_id`,`volunteer_active`,`volunteer_complete`)
VALUES ('{$i->id}','yes','{$i->complete}')");
}
$stmt->execute();}
/* Update any remaining volunteer entries */
$q = mysql_query("SELECT * FROM users WHERE types LIKE '%volunteer%'");
while($i = mysql_fetch_object($q)) {
mysql_query("UPDATE users_volunteer
$q = $pdo->prepare("SELECT * FROM users WHERE types LIKE '%volunteer%'");
$q->execute();
while($i = $q->fetch(PDO::FETCH_OBJ)) {
$stmt = $pdo->prepare("UPDATE users_volunteer
SET volunteer_complete='{$i->complete}'
WHERE users_id='{$i->id}'");
echo mysql_error();
$stmt->execute();
echo $pdo->errorInfo();
}
/* Every committee member role should be activated */
$q = mysql_query("SELECT * FROM users WHERE types LIKE '%committee%'");
while($i = mysql_fetch_object($q)) {
mysql_query("UPDATE users_committee
$q = $pdo->prepare("SELECT * FROM users WHERE types LIKE '%committee%'");
$q->execute();
while($i = $q->fetch(PDO::FETCH_OBJ)) {
$stmt = $pdo->prepare("UPDATE users_committee
SET committee_active='yes'
WHERE users_id='{$i->id}'");
echo mysql_error();
$stmt->execute();
echo $pdo->errorInfo();
}
/* Convert Judges */
@ -136,11 +152,12 @@ function db_update_116_post()
$jsal = array();
/* Select all judges, duplicate rows for each year */
$jq = mysql_query("SELECT * FROM judges
$jq = $pdo->prepare("SELECT * FROM judges
LEFT JOIN judges_years ON judges_years.judges_id=judges.id
ORDER BY year");
$jq->execute();
while($j = mysql_fetch_object($jq)) {
while($j = $jq->fetch(PDO::FETCH_OBJ)) {
if(!is_array($map[$j->id])) {
$map[$j->id] = array('uid' => '');
@ -149,28 +166,28 @@ function db_update_116_post()
$u = array( 'id' => '',
'uid' => $map[$j->id]['uid'],
'types' => 'judge',
'firstname' => mysql_escape_string($j->firstname),
'lastname' => mysql_escape_string($j->lastname),
'username' => mysql_escape_string($j->email),
'email' => mysql_escape_string($j->email),
'firstname' => $j->firstname,
'lastname' => $j->lastname,
'username' => $j->email,
'email' => $j->email,
'sex' => '',
'password' => mysql_escape_string($j->password),
'password' => $j->password,
'passwordset' => $j->lastlogin,
'oldpassword' => '',
'year' => $j->year,
'phonehome' => mysql_escape_string($j->phonehome),
'phonework' => mysql_escape_string($j->phonework.(($j->phoneworkext=='') ? '' : " x{$j->phoneworkext}")),
'phonecell' => mysql_escape_string($j->phonecell),
'phonehome' => $j->phonehome,
'phonework' => $j->phonework.($j->phoneworkext=='') ? '' : " x{$j->phoneworkext}",
'phonecell' => $j->phonecell,
'fax' => '',
'organization' => mysql_escape_string($j->organization),
'organization' => $j->organization,
'lang' => '', /* FIXME, or unused for judges?, this is preferred communication language, not judging languages */
'created' => $j->created,
'lastlogin' => $j->lastlogin,
'address' => mysql_escape_string($j->address),
'address2' => mysql_escape_string($j->address2),
'city' => mysql_escape_string($j->city),
'province' => mysql_escape_string($j->province),
'postalcode' => mysql_escape_string($j->postalcode),
'address' => $j->address,
'address2' => $j->address2,
'city' => $j->city,
'province' => $j->province,
'postalcode' => $j->postalcode,
'firstaid' => 'no',
'cpr' => 'no',
'deleted' => $j->deleted,
@ -179,20 +196,22 @@ function db_update_116_post()
$updateexclude=array("id","uid","types","username","password","passwordset","oldpassword","year","created","lastlogin","firstaid","cpr","deleted","deleteddatetime");
//check if a user already exists with this username
$uq=mysql_query("SELECT * FROM users WHERE (username='".mysql_real_escape_string($j->email)."' OR email='".mysql_real_escape_string($j->email)."') AND year='$j->year'");
if($j->email && $ur=mysql_fetch_object($uq)) {
$uq=$pdo->prepare("SELECT * FROM users WHERE (username='".$j->email."' OR email='".$j->email."') AND year='$j->year'");
$uq->execute();
if($j->email && $ur=$uq->fetch(PDO::FETCH_OBJ) {
$id=$ur->id;
echo "Using existing users.id=$id for judges.id=$j->id because email address/year ($j->email/$j->year) matches\n";
$sqlset="";
foreach($u AS $f=>$v) {
if(!$ur->$f && $j->$f && !in_array($f,$updateexclude)) {
$sqlset.="`$f`='".mysql_real_escape_string($j->$f)."', ";
$sqlset.="`$f`='".$j->$f."', ";
}
}
$sql="UPDATE users SET $sqlset `types`='{$ur->types},judge',`username`='".mysql_real_escape_string($j->email)."' WHERE id='$id'";
mysql_query($sql);
echo mysql_error();
$sql="UPDATE users SET $sqlset `types`='{$ur->types},judge',`username`='".$j->email."' WHERE id='$id'";
$stmt = $pdo->prepare($sql);
$stmt->execute();
echo $pdo->errorInfo();
echo " Updated user record with judge info, but only merged:\n";
echo " ($sqlset)\n";
@ -202,21 +221,23 @@ function db_update_116_post()
/* Insert the judge */
$fields = '`'.join('`,`', array_keys($u)).'`';
$vals = "'".join("','", array_values($u))."'";
$q = mysql_query("INSERT INTO users ($fields) VALUES ($vals)");
$id = mysql_insert_id();
$q = $pdo->prepare("INSERT INTO users ($fields) VALUES ($vals)");
$q->execute();
$id = $pdo->lastInsertId();
if($map[$j->id]['uid'] == '') {
$map[$j->id]['uid'] = $id;
$q = mysql_query("UPDATE users SET `uid`='$id' WHERE id='$id'");
$q = $pdo->prepare("UPDATE users SET `uid`='$id' WHERE id='$id'");
$q->execute();
}
}
$uj = array( 'users_id' => "$id",
'judge_active' => 'yes',
'highest_psd' => mysql_escape_string($j->highest_psd),
'highest_psd' => $j->highest_psd,
'special_award_only' => ($j->typepref == 'speconly') ? 'yes' : 'no',
'expertise_other' => mysql_escape_string((($j->professional_quals != '')?($j->professional_quals."\n"):'').
$j->expertise_other),
'expertise_other' => (($j->professional_quals != '')?($j->professional_quals."\n"):'').
$j->expertise_other,
/* These need to get pulled from the questions */
'years_school' => $j->years_school,
'years_regional' => $j->years_regional,
@ -227,33 +248,36 @@ function db_update_116_post()
// $j->attending_lunch,
/* catprefs */
$q = mysql_query("SELECT * FROM judges_catpref WHERE judges_id='{$j->id}' AND year='{$j->year}'");
$q = $pdo->prepare("SELECT * FROM judges_catpref WHERE judges_id='{$j->id}' AND year='{$j->year}'");
$q->execute();
$catpref = array();
while($i = mysql_fetch_object($q)) {
while($i = $q->fetch(PDO::FETCH_OBJ)) {
$catpref[$i->projectcategories_id] = $i->rank;
}
$uj['cat_prefs'] = mysql_escape_string(serialize($catpref));
$uj['cat_prefs'] = serialize($catpref);
/* divprefs and subdivision prefs */
$q = mysql_query("SELECT * FROM judges_expertise WHERE judges_id='{$j->id}' AND year='{$j->year}'");
$q = $pdo->prepare("SELECT * FROM judges_expertise WHERE judges_id='{$j->id}' AND year='{$j->year}'");
$q->execute();
$divpref = array();
$divsubpref = array();
while($i = mysql_fetch_object($q)) {
while($i = $q->fetch(PDO::FETCH_OBJ)) {
if($i->projectdivisions_id)
$divpref[$i->projectdivisions_id] = $i->val;
else if ($i->projectsubdivisions_id)
$divsubpref[$i->projectsubdivisions_id] = $i->val;
}
$uj['div_prefs'] = mysql_escape_string(serialize($divpref));
$uj['divsub_prefs'] = mysql_escape_string(serialize($divsubpref));
$uj['div_prefs'] = serialize($divpref);
$uj['divsub_prefs'] = serialize($divsubpref);
/* languages */
$q = mysql_query("SELECT * FROM judges_languages WHERE judges_id='{$j->id}'");
$q = $pdo->prepare("SELECT * FROM judges_languages WHERE judges_id='{$j->id}'");
$q->execute();
$langs = array();
while($i = mysql_fetch_object($q)) {
while($i = $q->fetch(PDO::FETCH_OBJ)) {
$langs[] = $i->languages_lang;
}
$uj['languages'] = mysql_escape_string(serialize($langs));
$uj['languages'] = serialize($langs);
/* Map judges questions back to the profile. We're going to keep questions we need for
* judge scheduling as hard-coded questions so users can't erase them.
@ -264,25 +288,27 @@ function db_update_116_post()
'willing_chair' => 'Willing Chair');
foreach($qmap as $field=>$head) {
/* Find the question ID */
$q = mysql_query("SELECT id FROM questions WHERE year='{$j->year}' AND db_heading='{$head}'");
if(mysql_num_rows($q) == 0) {
$q = $pdo->prepare("SELECT id FROM questions WHERE year='{$j->year}' AND db_heading='{$head}'");
$q->execute();
if($q->rowCount() == 0) {
echo "Warning: Question '$head' for judge {$j->id} doesn't exist in year '{$j->year}', cannot copy answer.\n";
continue;
}
$i = mysql_fetch_object($q);
$i = $q->fetch(PDO::FETCH_OBJ);
/* Now find the answer */
$q = mysql_query("SELECT * FROM question_answers WHERE
$q = $pdo->prepare("SELECT * FROM question_answers WHERE
year='{$j->year}' AND
registrations_id='{$j->id}' AND
questions_id='{$i->id}'");
echo mysql_error();
if(mysql_num_rows($q) == 0) {
$q->execute();
echo $pdo->errorInfo();
if($q->rowCount() == 0) {
echo "Warning: Judge {$j->id} did not answer question '$head' in year '{$j->year}', cannot copy answer.\n";
continue;
}
$i = mysql_fetch_assoc($q);
$i = $q->fetch(PDO::FETCH_ASSOC)
$uj[$field] = $i['answer'];
}
@ -290,42 +316,55 @@ function db_update_116_post()
$fields = '`'.join('`,`', array_keys($uj)).'`';
$vals = "'".join("','", array_values($uj))."'";
$q = mysql_query("INSERT INTO users_judge ($fields) VALUES ($vals)");
echo mysql_error();
$q = $pdo->prepare("INSERT INTO users_judge ($fields) VALUES ($vals)");
$q->execute();
echo $pdo->errorInfo();
/* FIXUP all the judging tables (but don't write back yet, we don't want to
* accidentally create a duplicate judges_id and overwrite it later) */
/* judges_teams_link */
$q = mysql_query("SELECT * FROM judges_teams_link WHERE judges_id='{$j->id}' AND year='{$j->year}'");
while($i = mysql_fetch_object($q))
$q = $pdo->prepare("SELECT * FROM judges_teams_link WHERE judges_id='{$j->id}' AND year='{$j->year}'");
$q->execute();
while($i = $q->fetch(PDO::FETCH_OBJ))
$jtl[$i->id] = $id;
/* judges_specialawards_sel */
$q = mysql_query("SELECT * FROM judges_specialaward_sel WHERE judges_id='{$j->id}' AND year='{$j->year}'");
echo mysql_error();
while($i = mysql_fetch_object($q))
$q = $pdo->prepare("SELECT * FROM judges_specialaward_sel WHERE judges_id='{$j->id}' AND year='{$j->year}'");
$q->execute();
echo $pdo->errorInfo();
while($i = $q->fetch(PDO::FETCH_OBJ))
$jsal[$i->id] = $id;
/* question_answers */
$q = mysql_query("SELECT * FROM question_answers WHERE registrations_id='{$j->id}' AND year='{$j->year}'");
echo mysql_error();
while($i = mysql_fetch_object($q))
$q = $pdo->prepare("SELECT * FROM question_answers WHERE registrations_id='{$j->id}' AND year='{$j->year}'");
$q->execute();
echo $pdo->errorInfo();
while($i = $q->fetch(PDO::FETCH_OBJ))
$qa[$i->id] = $id;
}
/* Now write back the judge ids */
if(count($jtl)) {
foreach($jtl as $id=>$new_id)
$q = mysql_query("UPDATE judges_teams_link SET judges_id='$new_id' WHERE id='$id' ");
$q = $pdo->prepare("UPDATE judges_teams_link SET judges_id='$new_id' WHERE id='$id' ");
$q->execute();
}
if(count($jsal)) {
foreach($jsal as $id=>$new_id)
$q = mysql_query("UPDATE judges_specialaward_sel SET judges_id='$new_id' WHERE id='$id' ");
$q = $pdo->prepare("UPDATE judges_specialaward_sel SET judges_id='$new_id' WHERE id='$id' ");
$q->execute();
}
if(count($qa)) {
foreach($qa as $id=>$new_id)
$q = mysql_query("UPDATE question_answers SET registrations_id='$new_id' WHERE id='$id' ");
$q = $pdo->prepare("UPDATE question_answers SET registrations_id='$new_id' WHERE id='$id' ");
$q->execute();
}
}
?>

21
db/db.update.122.php
View File

@ -4,9 +4,10 @@ function db_update_122_post()
{
global $config;
$year = $config['FAIRYEAR'];
$q = mysql_query("SELECT * FROM judges_timeslots WHERE year='$year'");
$q = $pdo->prepare("SELECT * FROM judges_timeslots WHERE year='$year'");
$q->execute();
$round = array();
while($r = mysql_fetch_assoc($q)) {
while($r = $q->fetch(PDO::FETCH_ASSOC)) {
$type = $r['type'];
if(!array_key_exists($type, $round)) {
@ -25,19 +26,23 @@ function db_update_122_post()
}
foreach($round as $type=>$d) {
mysql_query("INSERT INTO judges_timeslots (round_id,type,date,starttime,endtime,year)
$stmt = $pdo->prepare("INSERT INTO judges_timeslots (round_id,type,date,starttime,endtime,year)
VALUES ('0','$type','{$d['date']}','{$d['starttime']}','{$d['endtime']}','$year')");
$round_id = mysql_insert_id();
$stmt->execute();
$round_id = $pdo->lastInsertId();
mysql_query("UPDATE judges_timeslots SET
$stmt = $pdo->prepare("UPDATE judges_timeslots SET
round_id='$round_id', type='timeslot'
WHERE type='$type' AND year='$year'");
WHERE type='$type' AND year='$year'");
$stmt->execute();
/* Undo the set we just did to the round we just inserted */
mysql_query("UPDATE judges_timeslots SET
$stmt = $pdo->prepare("UPDATE judges_timeslots SET
round_id='0',type='$type'
WHERE id='$round_id'");
}
$stmt->execute();
}
}
?>

28
db/db.update.129.php
View File

@ -5,29 +5,31 @@ function db_update_129_pre()
{
/* Load all external award sources */
$source_map = array();
$q = mysql_query("SELECT * FROM award_sources");
while($r = mysql_fetch_assoc($q)) {
$q = $pdo->prepare("SELECT * FROM award_sources");
$q->execute();
while($r = m$q->fetch(PDO::FETCH_ASSOC) {
/* Make a user, use the password generator to get
* a random username */
$u = db129_user_create('fair', db129_user_generate_password());
/* Add a Fair Entry */
$name = mysql_escape_string($r['name']);
$url = mysql_escape_string($r['url']);
$website = mysql_escape_string($r['website']);
$username = mysql_escape_string($r['username']);
$password = mysql_escape_string($r['password']);
$name = $r['name'];
$url = $r['url'];
$website = $r['website'];
$username = $r['username'];
$password = $r['password'];
$en = ($r['enabled'] == 'no') ? 'no' : 'yes';
mysql_query("INSERT INTO fairs (`id`,`name`,`abbrv`,`type`,
$stmt = $pdo->prepare("INSERT INTO fairs (`id`,`name`,`abbrv`,`type`,
`url`,`website`,`username`,`password`,`enable_stats`,
`enable_awards`,`enable_winners`) VALUES (
'', '$name', '', 'ysf', '$url', '$web',
'$username','$password','no','$en','$en')");
$stmt->execute();
/* Link the fair to the user */
$u['fairs_id'] = mysql_insert_id();
$u['fairs_id'] = $pdo->lastInsertId();
/* Record the old sources_id to new sources_id mapping */
$source_map[$r['id']] = $u['fairs_id'];
@ -36,14 +38,16 @@ function db_update_129_pre()
}
/* Map all awards to their new source IDs */
$q = mysql_query("SELECT * FROM award_awards");
$q = $pdo->prepare("SELECT * FROM award_awards");
$q->execute();
$keys = array_keys($source_map);
while($r = mysql_fetch_assoc($q)) {
while($r = m$q->fetch(PDO::FETCH_ASSOC)) {
$old_id = $r['award_sources_id'];
if(!in_array($old_id, $keys)) continue;
$qq = mysql_query("UPDATE award_awards SET award_sources_id='{$source_map[$old_id]}'
$qq = $pdo->prepare("UPDATE award_awards SET award_sources_id='{$source_map[$old_id]}'
WHERE id='{$r['id']}'");
$qq->execute();
}

125
db/db.update.129.user.inc.php
View File

@ -147,16 +147,17 @@ function db129_user_load($user, $uid = false)
$id = intval($user);
$query .= " `users`.`id`='$id'";
}
$q=mysql_query($query);
$q=$pdo->prepare($query);
$q->execute();
if(mysql_num_rows($q)!=1) {
echo "Query [$query] returned ".mysql_num_rows($q)." rows\n";
if($q->rowCount()!=1) {
echo "Query [$query] returned ".$q->rowCount()." rows\n";
// echo "<pre>";
// print_r(debug_backtrace());
return false;
}
$ret = mysql_fetch_assoc($q);
$ret = $q->fetch(PDO::FETCH_ASSOC);
/* Make sure they're not deleted, we don't want to do this in the query, because loading by $uid would
* simply return the previous year (where deleted=no) */
@ -220,8 +221,9 @@ function db129_user_set_password($id, $password = NULL)
/* pass $u by reference so we can update it */
$save_old = false;
if($password == NULL) {
$q = mysql_query("SELECT passwordset FROM users WHERE id='$id'");
$u = mysql_fetch_assoc($q);
$q = $pdo->prepare("SELECT passwordset FROM users WHERE id='$id'");
$q->execute();
$u = $q->fetch(PDO::FETCH_ASSOC);
/* Generate a new password */
$password = db129_user_generate_password(12);
/* save the old password only if it's not an auto-generated one */
@ -234,13 +236,14 @@ function db129_user_set_password($id, $password = NULL)
$save_set = 'NOW()';
}
$p = mysql_escape_string($password);
$p = $password;
$set = ($save_old == true) ? 'oldpassword=password, ' : '';
$set .= "password='$p', passwordset=$save_set ";
$query = "UPDATE users SET $set WHERE id='$id'";
mysql_query($query);
echo mysql_error();
$stmt = $pdo->prepare($query);
$stmt->execute();
echo $pdo->errorInfo();
return $password;
}
@ -264,17 +267,18 @@ function db129_user_save_type_list($u, $db, $fields)
}
if(is_array($u[$f]))
$data = mysql_escape_string(serialize($u[$f]));
$data = serialize($u[$f]);
else
$data = mysql_escape_string(stripslashes($u[$f]));
$data = stripslashes($u[$f]);
$set .= "`$f`='$data'";
}
if($set != "") {
$query = "UPDATE $db SET $set WHERE users_id='{$u['id']}'";
mysql_query($query);
if(mysql_error()) {
echo mysql_error();
$stmt = $pdo->prepare($query);
$stmt->execute();
if($pdo->errorInfo()) {
echo $pdo->errorInfo();
echo error("Full query: $query");
}
}
@ -337,7 +341,7 @@ function db129_user_save($u)
// if($f == 'types')
// $set .= "$f='".implode(',', $u[$f])."'";
$data = mysql_escape_string(stripslashes($u[$f]));
$data = stripslashes($u[$f]);
$set .= "$f='$data'";
}
//echo "<pre>";
@ -345,9 +349,10 @@ function db129_user_save($u)
//echo "</pre>";
if($set != "") {
$query = "UPDATE users SET $set WHERE id='{$u['id']}'";
mysql_query($query);
$stmt = $pdo->prepare($query);
$stmt->execute();
// echo "query=[$query]";
echo mysql_error();
echo $pdo->errorInfo();
}
/* Save the password if it changed */
@ -364,7 +369,8 @@ function db129_user_save($u)
function db129_user_delete_committee($u)
{
mysql_query("DELETE FROM committees_link WHERE users_uid='{$u['uid']}'");
$stmt = $pdo->prepare("DELETE FROM committees_link WHERE users_uid='{$u['uid']}'");
$stmt->execute();
}
function db129_user_delete_volunteer($u)
@ -375,9 +381,11 @@ function db129_user_delete_judge($u)
{
global $config;
$id = $u['id'];
mysql_query("DELETE FROM judges_teams_link WHERE users_id='$id'");
mysql_query("DELETE FROM judges_specialawards_sel WHERE users_id='$id'");
}
$stmt = $pdo->prepare("DELETE FROM judges_teams_link WHERE users_id='$id'");
$stmt->execute();
$stmt = $pdo->prepare("DELETE FROM judges_specialawards_sel WHERE users_id='$id'");
$stmt->execute();}
function db129_user_delete_fair($u)
{
@ -412,7 +420,8 @@ function db129_user_delete($u, $type=false)
if($types != '') $types .= ',';
$types .= $t;
}
mysql_query("UPDATE users SET types='$types' WHERE id='{$u['id']}'");
$stmt = $pdo->prepare("UPDATE users SET types='$types' WHERE id='{$u['id']}'");
$stmt->execute();
} else {
$finish_delete = true;
}
@ -423,7 +432,8 @@ function db129_user_delete($u, $type=false)
$finish_delete = true;
}
if($finish_delete == true) {
mysql_query("UPDATE users SET deleted='yes', deleteddatetime=NOW() WHERE id='{$u['id']}'");
$stmt = $pdo->prepare("UPDATE users SET deleted='yes', deleteddatetime=NOW() WHERE id='{$u['id']}'");
$stmt->execute();
}
}
@ -453,7 +463,8 @@ function db129_user_purge($u, $type=false)
if($types != '') $types .= ',';
$types .= $t;
}
mysql_query("UPDATE users SET types='$types' WHERE id='{$u['id']}'");
$stmt = $pdo->prepare("UPDATE users SET types='$types' WHERE id='{$u['id']}'");
$stmt->execute();
} else {
$finish_purge = true;
}
@ -461,18 +472,21 @@ function db129_user_purge($u, $type=false)
* out the entry */
call_user_func("db129_user_delete_$type", $u);
// call_user_func("user_purge_$type", $u);
mysql_query("DELETE FROM users_$type WHERE users_id='{$u['id']}'");
$stmt = $pdo->prepare("DELETE FROM users_$type WHERE users_id='{$u['id']}'");
$stmt->execute();
} else {
/* Delete the whole user */
foreach($u['types'] as $t) {
call_user_func("db129_user_delete_$t", $u);
// call_user_func("user_purge_$t", $u);
mysql_query("DELETE FROM users_$t WHERE users_id='{$u['id']}'");
$stmt = $pdo->prepare("DELETE FROM users_$t WHERE users_id='{$u['id']}'");
$stmt->execute();
}
$finish_purge = true;
}
if($finish_purge == true) {
mysql_query("DELETE FROM users WHERE id='{$u['id']}'");
$stmt = $pdo->prepare("DELETE FROM users WHERE id='{$u['id']}'");
$stmt->execute();
}
}
@ -482,12 +496,13 @@ function db129_user_dupe_row($db, $key, $val, $newval)
{
global $config;
$nullfields = array('deleteddatetime'); /* Fields that can be null */
$q = mysql_query("SELECT * FROM $db WHERE $key='$val'");
if(mysql_num_rows($q) != 1) {
$q = $pdo->prepare("SELECT * FROM $db WHERE $key='$val'");
$q->execute();
if($q->rowCount() != 1) {
echo "ERROR duplicating row in $db: $key=$val NOT FOUND.\n";
exit;
}
$i = mysql_fetch_assoc($q);
$i = $q->fetch(PDO::FETCH_ASSOC);
$i[$key] = $newval;
foreach($i as $k=>$v) {
@ -496,7 +511,7 @@ function db129_user_dupe_row($db, $key, $val, $newval)
else if($k == 'year')
$i[$k] = $config['FAIRYEAR'];
else
$i[$k] = '\''.mysql_escape_string($v).'\'';
$i[$k] = '\''.$v.'\'';
}
$keys = '`'.join('`,`', array_keys($i)).'`';
@ -504,10 +519,11 @@ function db129_user_dupe_row($db, $key, $val, $newval)
$q = "INSERT INTO $db ($keys) VALUES ($vals)";
// echo "Dupe Query: [$q]";
$r = mysql_query($q);
echo mysql_error();
$r = $pdo->prepare($q);
$r->execute();
echo $pdo->errorInfo();
$id = mysql_insert_id();
$id = $pdo->lastInsertId();
return $id;
}
/* Used by the login scripts to copy one user from one year to another */
@ -521,9 +537,10 @@ function db129_user_dupe($u, $new_year)
* - That previous entry has deleted=no */
/* Find the last entry */
$q = mysql_query("SELECT id,uid,year,deleted FROM users WHERE uid='{$u['uid']}'
$q = $pdo->prepare("SELECT id,uid,year,deleted FROM users WHERE uid='{$u['uid']}'
ORDER BY year DESC LIMIT 1");
$r = mysql_fetch_object($q);
$q->execute();
$r = $q->fetch(PDO::FETCH_OBJ);
if($r->deleted == 'yes') {
echo "Cannot duplicate user ID {$u['id']}, they are deleted. Undelete them first.\n";
exit;
@ -534,7 +551,8 @@ function db129_user_dupe($u, $new_year)
}
$id = db129_user_dupe_row('users', 'id', $u['id'], NULL);
$q = mysql_query("UPDATE users SET year='$new_year' WHERE id='$id'");
$q = $pdo->prepare("UPDATE users SET year='$new_year' WHERE id='$id'");
$q->execute();
/* Load the new user */
$u2 = db129_user_load($id);
@ -572,11 +590,13 @@ function db129_user_create($type, $username, $u = NULL)
{
global $config;
if(!is_array($u)) {
mysql_query("INSERT INTO users (`types`,`username`,`passwordset`,`created`,`year`)
$stmt = $pdo->prepare("INSERT INTO users (`types`,`username`,`passwordset`,`created`,`year`)
VALUES ('$type', '$username','0000-00-00', NOW(), '{$config['FAIRYEAR']}')");
echo mysql_error();
$uid = mysql_insert_id();
mysql_query("UPDATE users SET uid='$uid' WHERE id='$uid'");
$stmt->execute();
echo $pdo->errorInfo();
$uid = $pdo->lastInsertId();
$stmt = $pdo->prepare("UPDATE users SET uid='$uid' WHERE id='$uid'");
$stmt->execute();
db129_user_set_password($uid, NULL);
} else {
/* The user has been specified and already exists,
@ -588,27 +608,34 @@ function db129_user_create($type, $username, $u = NULL)
exit;
}
$new_types = implode(',', $u['types']).','.$type;
mysql_query("UPDATE users SET types='$new_types' WHERE id='$uid'");
$stmt = \4pdo->prepare("UPDATE users SET types='$new_types' WHERE id='$uid'");
$stmt->execute();
}
switch($type) {
case 'volunteer':
mysql_query("INSERT INTO users_volunteer(`users_id`, `volunteer_active`) VALUES ('$uid', 'yes')");
$stmt = $pdo->prepare("INSERT INTO users_volunteer(`users_id`, `volunteer_active`) VALUES ('$uid', 'yes')");
$stmt->execute();
break;
case 'student':
// mysql_query("INSERT INTO users_student(`users_id`, `student_active`) VALUES ('$uid', 'yes')");
break;
// $stmt = $pdo->prepare("INSERT INTO users_student(`users_id`, `student_active`) VALUES ('$uid', 'yes')");
$stmt->execute();
break;
case 'judge':
mysql_query("INSERT INTO users_judge(`users_id`, `judge_active`) VALUES ('$uid', 'yes')");
$stmt = $pdo->prepare("INSERT INTO users_judge(`users_id`, `judge_active`) VALUES ('$uid', 'yes')");
$stmt->execute();
break;
case 'fair':
mysql_query("INSERT INTO users_fair(`users_id`, `fair_active`) VALUES ('$uid', 'yes')");
$stmt = $pdo->prepare("INSERT INTO users_fair(`users_id`, `fair_active`) VALUES ('$uid', 'yes')");
$stmt->execute();
break;
case 'committee':
mysql_query("INSERT INTO users_committee(`users_id`, `committee_active`) VALUES ('$uid', 'yes')");
$stmt = $pdo->prepare("INSERT INTO users_committee(`users_id`, `committee_active`) VALUES ('$uid', 'yes')");
$stmt->execute();
break;
case 'sponsor':
mysql_query("INSERT INTO users_sponsor(`users_id`) VALUES ('$uid')");
$stmt = $pdo->prepare("INSERT INTO users_sponsor(`users_id`) VALUES ('$uid')");
$stmt->execute();
break;
}
return db129_user_load($uid);

6
db/db.update.136.php
View File

@ -4,7 +4,7 @@
function db_update_136_pre()
{
global $config;
mysql_query("UPDATE fairs SET `name` = 'Youth Science Canada',
$stmt = $pdo->prepare("UPDATE fairs SET `name` = 'Youth Science Canada',
`abbrv` = 'YSC',
`website` = 'http://apps.ysf-fsj.ca/awarddownloader/help.php',
`enable_stats` = 'yes',
@ -15,14 +15,16 @@ function db_update_136_pre()
WHERE
`url`='https://secure.ysf-fsj.ca/awarddownloader/index.php'");
$stmt->execute();
mysql_query("UPDATE fairs SET `abbrv` = 'STO',
$stmt = $pdo->prepare("UPDATE fairs SET `abbrv` = 'STO',
`website` = 'http://www.scitechontario.org/awarddownloader/help.php',
`enable_stats` = 'yes',
`enable_awards` = 'yes',
`enable_winners` = 'yes'
WHERE
`url`='http://www.scitechontario.org/awarddownloader/index.php'");
$stmt->execute();
}

8
db/db.update.142.php
View File

@ -1,8 +1,9 @@
<?
function db_update_142_post() {
$q=mysql_query("SELECT * FROM config WHERE var='FISCALYEAR'");
if(mysql_num_rows($q)) {
$q=$pdo->prepare("SELECT * FROM config WHERE var='FISCALYEAR'");
$q->execute();
if($q->rowCount()) {
//great its there, do nothing, it must have been inserted by the installer when doing a fresh install
}
else {
@ -11,7 +12,8 @@ function db_update_142_post() {
$month=date("m");
if($month>6) $fiscalyearsuggest=date("Y")+1;
else $fiscalyearsuggest=date("Y");
mysql_query("INSERT INTO `config` ( `var` , `val` , `category` , `type` , `type_values` , `ord` , `description` , `year`) VALUES ( 'FISCALYEAR', '$fiscalyearsuggest', 'Special', '', '', '0', 'The current fiscal year that the fundraising module is using', '0')");
$stmt = $pdo->prepare("INSERT INTO `config` ( `var` , `val` , `category` , `type` , `type_values` , `ord` , `description` , `year`) VALUES ( 'FISCALYEAR', '$fiscalyearsuggest', 'Special', '', '', '0', 'The current fiscal year that the fundraising module is using', '0')");
$stmt->execute();
}
}

25
db/db.update.62.php
View File

@ -17,8 +17,9 @@ $update_62_committee = array();
function db_update_62_pre()
{
global $update_62_committee;
$q = mysql_query("SELECT * FROM committees_members");
while($r = mysql_fetch_assoc($q)) {
$q = $pdo->prepare("SELECT * FROM committees_members");
$q->execute();
while($r = $q->fetch(PDO::FETCH_ASSOC)) {
$update_62_committee[] = $r;
}
}
@ -31,8 +32,7 @@ function db_update_62_post()
foreach($update_62_committee as $c) {
list($fn, $ln) = split(' ', $c['name'], 2);
$username = $c['email'];
$fn = mysql_escape_string($fn);
$ln = mysql_escape_string($ln);
if($config['committee_password_expiry_days'] > 0) {
$passwordexpiry = "DATE_ADD(CURDATE(),
INTERVAL {$config['committee_password_expiry_days']} DAY)";
@ -46,19 +46,20 @@ function db_update_62_post()
`email`,`phonehome`,`phonework`,`phonecell`,`fax`,`organization`,
`created`,`deleted`)
VALUES ('committee','$fn', '$ln', '$username',
'".mysql_escape_string($c['password'])."',
'".$c['password']."',
$passwordexpiry,
'{$c['email']}',
'{$c['phonehome']}',
'{$c['phonework']}',
'{$c['phonecell']}',
'{$c['fax']}',
'".mysql_escape_string($c['organization'])."',
'".$c['organization']."',
NOW(),
'$deleted')";
mysql_query($q);
$stmt = $pdo->prepare($q);
$stmt->execute();
echo "$q\n";
$id = mysql_insert_id();
$id = $pdo->lastInsertId();
$access_admin = ($c['access_admin'] == 'Y') ? 'yes' : 'no';
$access_config = ($c['access_config'] == 'Y') ? 'yes' : 'no';
@ -73,14 +74,16 @@ function db_update_62_post()
'$access_admin',
'$access_config',
'$access_super')";
mysql_query($q);
$stmt = $pdo->prepare($q);
$stmt->execute();
echo "$q\n";
echo mysql_error();
echo $pdo->errorInfo();
/* Update committee links */
$q = "UPDATE committees_link SET users_id='$id'
WHERE committees_members_id='{$c['id']}'";
mysql_query($q);
$stmt = $pdo->prepare($q);
$stmt->execute();
echo "$q\n";
}

8
db/db.update.81.php
View File

@ -1,10 +1,12 @@
<?
function db_update_81_post()
{
$q = mysql_query("SELECT DISTINCT award_sponsors_id FROM award_contacts");
while($i = mysql_fetch_object($q)) {
$q = $pdo->prepare("SELECT DISTINCT award_sponsors_id FROM award_contacts");
$q->execute();
while($i = m$q->fetch(PDO::FETCH_OBJ)) {
$asid = $i->award_sponsors_id;
mysql_query("UPDATE award_contacts SET `primary`='yes' WHERE award_sponsors_id='$asid' LIMIT 1");
$stmt = $pdo->prepare("UPDATE award_contacts SET `primary`='yes' WHERE award_sponsors_id='$asid' LIMIT 1");
$stmt->execute();
}
}
?>

3
fair_additional_materials.inc.php
View File

@ -37,10 +37,11 @@ function fair_additional_materials($fair, $award, $year)
$_SERVER['DOCUMENT_ROOT'].$config['SFIABDIRECTORY']."/data/logo.gif");
/* Grab a list of winners */
$q = mysql_query("SELECT * FROM award_prizes
$q = $pdo->prepare("SELECT * FROM award_prizes
LEFT JOIN winners ON winners.awards_prizes_id=award_prizes.id
WHERE winners.year='$year'
AND winners.fairs_id='{$fair['id']}'");
$q2->execute();
while($r = $q->fetch()) {
$pid = $r['projects_id'];
$rep->newPage("","",1);

2
fair_info.php
View File

@ -136,7 +136,7 @@ function fairinfo_save()
$q = $pdo->query("SELECT * FROM fairs WHERE id={$u['fairs_id']}");
######## FIX ME!!!!!
if(mysql_num_rows($q)) {
if($q2->rowCount()) {
$f = $q->fetch;
} else {
$f = array();

5
fair_stats.php
View File

@ -49,7 +49,7 @@ case 'save':
$year = intval($_POST['year']);
foreach($stats as $k=>$v) {
$stats[$k] = mysql_escape_string($stats[$k]);
$stats[$k] = $stats[$k];
}
// $str = join(',',$stats);
@ -61,7 +61,8 @@ case 'save':
':year' => $year
]);
echo pdo->errorInfo();
mysql_query("INSERT INTO fairs_stats (`id`,$keys) VALUES ('',$vals)");
$stmt = $pdo->prepare("INSERT INTO fairs_stats (`id`,$keys) VALUES ('',$vals)");
$stmt->execute();
echo pdo->errorInfo();
happy_("Fair Information Saved.");

29
judge.inc.php
View File

@ -45,13 +45,15 @@ function judge_status_expertise(&$u)
}
/* Check to see if they have ranked all project age categories, and all divisions */
$q=mysql_query("SELECT COUNT(id) AS num FROM projectcategories WHERE year='".$config['FAIRYEAR']."'");
$r=mysql_fetch_object($q);
$q=$pdo->prepare("SELECT COUNT(id) AS num FROM projectcategories WHERE year='".$config['FAIRYEAR']."'");
$q->execute();
$r=$q->fetch(PDO::FETCH_OBJ);
$numcats=$r->num;
if($numcats != count($u['cat_prefs'])) return 'incomplete';
$q=mysql_query("SELECT COUNT(id) AS num FROM projectdivisions WHERE year='".$config['FAIRYEAR']."'");
$r=mysql_fetch_object($q);
$q=$pdo->prepare("SELECT COUNT(id) AS num FROM projectdivisions WHERE year='".$config['FAIRYEAR']."'");
$q->execute();
$r=$q->fetch(PDO::FETCH_OBJ);
$numdivisions=$r->num;
if($numdivisions != count($u['div_prefs'])) return 'incomplete';
@ -75,14 +77,16 @@ function judge_status_questions($u){
*/
global $config;
// get the questions we're looking for
$q = mysql_query("SELECT id FROM questions WHERE year=" . $config['FAIRYEAR'] . " AND required='yes'");
$q = $pdo->prepare("SELECT id FROM questions WHERE year=" . $config['FAIRYEAR'] . " AND required='yes'");
$q->execute();
$idList = array();
while($row = mysql_fetch_assoc($q)) $idList[] = $row['id'];
while($row = $q->fetch(PDO::FETCH_ASSOC)) $idList[] = $row['id'];
$rval = 'complete';
if(count($idList)){
$q = mysql_query("SELECT COUNT(*) AS tally FROM question_answers WHERE questions_id IN(" . implode(',', $idList) . ") AND users_id=" . $u['id'] . " AND answer IS NOT NULL");
$row = mysql_fetch_assoc($q);
$q = $pdo->prepare("SELECT COUNT(*) AS tally FROM question_answers WHERE questions_id IN(" . implode(',', $idList) . ") AND users_id=" . $u['id'] . " AND answer IS NOT NULL");
$q->execute();
$row = $q->fetch(PDO::FETCH_ASSOC);
if(intval($row['tally']) != count($idList)) $rval = 'incomplete';
}
return $rval;
@ -100,9 +104,10 @@ function judge_status_special_awards(&$u)
* - judge has selected between min and max preferences
*/
$qq = mysql_query("SELECT COUNT(id) AS num FROM judges_specialaward_sel
$qq = $pdo->prepare("SELECT COUNT(id) AS num FROM judges_specialaward_sel
WHERE users_id='{$u['id']}'");
$rr = mysql_fetch_object($qq);
$qq->execute();
$rr = $qq->fetch(PDO::FETCH_OBJ);
$awards_selected = $rr->num;
// echo "$awards_selected awards selected, ({$config['judges_specialaward_min']} - {$config['judges_specialaward_max']})";
@ -127,9 +132,9 @@ function judge_status_availability(&$u)
global $config;
if($config['judges_availability_enable'] == 'no') return 'complete';
$q = mysql_query("SELECT id FROM judges_availability
$q = $pdo->prepare("SELECT id FROM judges_availability
WHERE users_id=\"{$u['id']}\"");
if(mysql_num_rows($q) > 0) return 'complete';
if($q->rowCount() > 0) return 'complete';
return 'incomplete';
}

17
judge_availability.php
View File

@ -46,9 +46,10 @@ $u = user_load($eid);
$times = array();
/* Load the judging rounds */
$q = mysql_query("SELECT date,starttime,endtime,name FROM judges_timeslots WHERE round_id='0' AND year='{$config['FAIRYEAR']}' ORDER BY starttime,type");
$q = $pdo->prepare("SELECT date,starttime,endtime,name FROM judges_timeslots WHERE round_id='0' AND year='{$config['FAIRYEAR']}' ORDER BY starttime,type");
$q2->execute();
$x = 0;
while($r = mysql_fetch_object($q)) {
while($r = $q->fetch(PDO::FETCH_OBJ)) {
$found = false;
foreach($times as $xx => $t) {
if($t['date'] == $r->date && $t['starttime'] == $r->starttime && $t['endtime'] == $r->endtime) {
@ -68,16 +69,18 @@ while($r = mysql_fetch_object($q)) {
switch($_GET['action']) {
case 'save':
mysql_query("DELETE FROM judges_availability WHERE users_id='{$u['id']}'");
$stmt = $pdo->prepare("DELETE FROM judges_availability WHERE users_id='{$u['id']}'");
$stmt->execute();
if(is_array($_POST['time']) ) {
foreach($_POST['time'] as $x) {
if(trim($times[$x]['starttime']) == '') continue;
mysql_query("INSERT INTO judges_availability (users_id, `date`,`start`,`end`)
$stmt = $pdo->prepare("INSERT INTO judges_availability (users_id, `date`,`start`,`end`)
VALUES ('{$u['id']}',
'{$times[$x]['date']}',
'{$times[$x]['starttime']}','{$times[$x]['endtime']}')");
$stmt->execute();
}
}
happy_("Time Availability preferences successfully saved");
@ -124,10 +127,10 @@ if($_SESSION['embed'] != true) {
<table>
<?
/* Get all their available times */
$q = mysql_query("SELECT * FROM judges_availability WHERE users_id=\"{$u['id']}\" ORDER BY `start`");
$q = $pdo->prepare("SELECT * FROM judges_availability WHERE users_id=\"{$u['id']}\" ORDER BY `start`");
$q->execute();
$sel = array();
while($r=mysql_fetch_object($q)) {
while($r=$q->fetch(PDO::FETCH_OBJ)) {
foreach($times as $x=>$t) {
if($r->start == $t['starttime'] && $r->end == $t['endtime'] && $r->date == $t['date']) {
$sel[$x] = true;

15
judge_expertise.php
View File

@ -131,10 +131,11 @@ echo "<div id=\"expertise_info_status\"></div>\n";
echo "<form name=\"expertiseform\" id=\"judgeexpertise_form\">\n";
echo "<input type=\"hidden\" name=\"users_id\" value=\"{$u['id']}\">\n";
$q=mysql_query("SELECT * FROM projectcategories WHERE year='{$config['FAIRYEAR']}' ORDER BY mingrade");
$q=$pdo->prepare("SELECT * FROM projectcategories WHERE year='{$config['FAIRYEAR']}' ORDER BY mingrade");
$q->execute();
echo "<br /><h4>".i18n("Age Category Preferences")."</h4><br>";
echo "<table class=\"editor\" style=\"width: 300px;\" >";
while($r=mysql_fetch_object($q))
while($r=$q->fetch(PDO::FETCH_OBJ))
{
echo "<tr><td class=\"label\" >";
echo i18n("%1 (Grades %2-%3)",array(i18n($r->category),$r->mingrade,$r->maxgrade));
@ -171,9 +172,10 @@ echo "<input type=\"hidden\" name=\"users_id\" value=\"{$u['id']}\">\n";
echo "<table>\n";
//query all of the categories
$q=mysql_query("SELECT * FROM projectdivisions WHERE year='{$config['FAIRYEAR']}' ORDER BY division");
$q=$pdo->prepare("SELECT * FROM projectdivisions WHERE year='{$config['FAIRYEAR']}' ORDER BY division");
$q->execute();
$first = true;
while($r=mysql_fetch_object($q)) {
while($r=$q->fetch(PDO::FETCH_OBJ)) {
$trclass = ($trclass == 'odd') ? 'even' : 'odd';
if($first == true) {
@ -198,8 +200,9 @@ echo "<input type=\"hidden\" name=\"users_id\" value=\"{$u['id']}\">\n";
//only show the sub-divisions if the 'main' division is scored >=3
if($u['div_prefs'][$r->id]>=3) {
$subq=mysql_query("SELECT * FROM projectsubdivisions WHERE projectdivisions_id='$r->id' AND year='".$config['FAIRYEAR']."' ORDER BY subdivision");
while($subr=mysql_fetch_object($subq)) {
$subq=$pdo->prepare("SELECT * FROM projectsubdivisions WHERE projectdivisions_id='$r->id' AND year='".$config['FAIRYEAR']."' ORDER BY subdivision");
$subq->execute();
while($subr=$subq->fetch(PDO::FETCH_OBJ)) {
echo "<tr>";
echo "<td>&nbsp;</td>";
$ch = ($u['div_prefs_sub'][$subr->id]) ? "checked=\"checked\"" : '';

10
judge_main.php
View File

@ -49,8 +49,9 @@
$scheduleok=false;
if($config['dates']['judgescheduleavailable'] && $config['dates']['judgescheduleavailable']!="0000-00-00 00:00:00") {
$q=mysql_query("SELECT (NOW()>'".$config['dates']['judgescheduleavailable']."') AS test");
$r=mysql_fetch_object($q);
$q=$pdo->prepare("SELECT (NOW()>'".$config['dates']['judgescheduleavailable']."') AS test");
$q->execute();
$r=$q->fetch(PDO::FETCH_OBJ);
$scheduleok=$r->test;
}
else {
@ -61,9 +62,10 @@
/* Check for any judging team assignment this year for this judge,
* if there is one, print the judge scheule link in an obvious place,
* it's less obvious below */
$q = mysql_query("SELECT id FROM judges_teams_link WHERE
$q = $pdo->prepare("SELECT id FROM judges_teams_link WHERE
users_id='{$u['id']}' AND year='{$config['FAIRYEAR']}'");
if(mysql_num_rows($q) > 0) {
$q2->execute();
if($q2->rowCount() > 0) {
echo '<span style="font-size: 1.2em; font-weight: bold;">';
echo i18n("You have been assigned to a judging team. %1Click here%2 to view the judging schedule",
array("<a href=\"judge_schedule.php\">","</a>"));

9
judge_other.php
View File

@ -62,7 +62,7 @@ case 'save':
$u['years_regional'] = intval($_POST['years_regional']);
$u['years_national'] = intval($_POST['years_national']);
$u['highest_psd'] = stripslashes($_POST['highest_psd']);
$u['private_info'] = mysql_escape_string(iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['private_info'])));
$u['private_info'] = iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['private_info']));
//check if judge has been flagged then update them
@ -130,9 +130,10 @@ echo "<div id=\"other_info_status\"></div>\n";
<td style="width:35%"><?=i18n("I can judge in the following languages")." ".REQUIREDFIELD?>: </td>
<td>
<?
$q=mysql_query("SELECT * FROM languages WHERE active='Y' ORDER BY langname");
echo mysql_error();
while($r=mysql_fetch_object($q))
$q=$pdo->prepare("SELECT * FROM languages WHERE active='Y' ORDER BY langname");
$q->execute();
echo $pdo->errorInfo();
while($r=$q->fetch(PDO::FETCH_OBJ))
{
$ch = (in_array($r->lang,$u['languages'])) ? 'checked="checked"' : '';
echo "<input onclick=\"fieldChanged()\" $ch type=\"checkbox\" name=\"languages[]\" value=\"$r->lang\" /> $r->langname <br />";

14
judge_project_summary.php
View File

@ -27,29 +27,31 @@ require_once('user.inc.php');
user_auth_required(array('judge', 'committee'));
$pn = mysql_escape_string(stripslashes($_GET['pn']));
$pn = stripslashes($_GET['pn']);
$q=mysql_query("SELECT * FROM projects WHERE
$q=$pdo->prepare("SELECT * FROM projects WHERE
projectnumber='$pn'
AND year='{$config['FAIRYEAR']}'");
if(mysql_num_rows($q)==0) {
$q->execute();
if($q->rowCount()==0) {
echo "not found";
exit;
}
$pi = mysql_fetch_object($q);
$pi = $q->fetch(PDO::FETCH_OBJ);
$sq = mysql_query("SELECT firstname,lastname,school FROM students
$sq = $pdo->prepare("SELECT firstname,lastname,school FROM students
LEFT JOIN schools ON schools.id = students.schools_id
WHERE
registrations_id='{$pi->registrations_id}'
AND students.year='{$config['FAIRYEAR']}'");
$sq->execute();
$student = array();
while($si = mysql_fetch_object($sq)) {
while($si = $sq->fetch(PDO;;FETCH_OBJ)) {
$student[] = $si->firstname.' '.$si->lastname;
$school = $si->school;
}

34
judge_schedule.php
View File

@ -54,8 +54,9 @@ $u = user_load($eid);
$scheduleok=false;
if($config['dates']['judgescheduleavailable'] && $config['dates']['judgescheduleavailable']!="0000-00-00 00:00:00") {
$q=mysql_query("SELECT (NOW()>'".$config['dates']['judgescheduleavailable']."') AS test");
$r=mysql_fetch_object($q);
$q=$pdo->prepare("SELECT (NOW()>'".$config['dates']['judgescheduleavailable']."') AS test");
$q->execute();
$r=$q->fetch(PDO::FETCH_OBJ);
$scheduleok=$r->test;
}
else {
@ -72,46 +73,51 @@ if(!$scheduleok) {
/* Find all judging teams this judge is on */
$q = mysql_query("SELECT * FROM judges_teams_link
$q = $pdo->prepare("SELECT * FROM judges_teams_link
LEFT JOIN judges_teams ON judges_teams.id=judges_teams_link.judges_teams_id
WHERE judges_teams_link.users_id='{$u['id']}'
AND judges_teams_link.year='{$config['FAIRYEAR']}'");
$q->execute();
$teams = array();
while($t = mysql_fetch_assoc($q)) {
while($t = $q->fetch(PDO::FETCH_ASSOC)) {
/* Load timeslot data for this team (team -> judges_timeslots_link -> timeslot -> parent timeslot */
$qq = mysql_query("SELECT T.* FROM judges_teams_timeslots_link
$qq = $pdo->prepare("SELECT T.* FROM judges_teams_timeslots_link
LEFT JOIN judges_timeslots ON judges_timeslots.id=judges_teams_timeslots_link.judges_timeslots_id
LEFT JOIN judges_timeslots AS T ON T.id=judges_timeslots.round_id
WHERE judges_teams_timeslots_link.judges_teams_id={$t['judges_teams_id']}");
$tt = mysql_fetch_assoc($qq);
echo mysql_error();
$qq->execute();
$tt = $qq->fetch(PDO::FETCH_ASSOC);
echo $pdo->errorInfo();
$t['timeslot'] = $tt;
/* Load award */
$qq = mysql_query("SELECT award_awards.*,T.type FROM judges_teams_awards_link
$qq = $pdo->prepare("SELECT award_awards.*,T.type FROM judges_teams_awards_link
LEFT JOIN award_awards ON award_awards.id=judges_teams_awards_link.award_awards_id
LEFT JOIN award_types as T ON T.id=award_awards.award_types_id
WHERE judges_teams_awards_link.judges_teams_id={$t['judges_teams_id']}");
echo mysql_error();
$aa = mysql_fetch_assoc($qq);
$qq->execute();
echo $pdo->errorInfo();
$aa = $qq->fetch(PDO::FETCH_ASSOC);
$t['award'] = $aa;
/* Load team members */
$qq = mysql_query("SELECT * FROM judges_teams_link
$qq = $pdo->prepare("SELECT * FROM judges_teams_link
LEFT JOIN users ON users.id=judges_teams_link.users_id
WHERE judges_teams_link.judges_teams_id={$t['judges_teams_id']}
ORDER BY judges_teams_link.captain,users.lastname,users.firstname");
$qq->execute();
$t['members'] = array();
while(($mm = mysql_fetch_assoc($qq))) {
while(($mm = $qq->fetch(PDO::FETCH_ASSOC)) {
$t['members'][] = $mm;
}
/* Load projects */
$qq = mysql_query("SELECT projects.id,projects.projectnumber,projects.title FROM judges_teams_timeslots_projects_link
$qq = $do->prepare("SELECT projects.id,projects.projectnumber,projects.title FROM judges_teams_timeslots_projects_link
LEFT JOIN projects ON projects.id=judges_teams_timeslots_projects_link.projects_id
WHERE judges_teams_id={$t['judges_teams_id']}");
$qq->execute();
$p = array();
while(($pp = mysql_fetch_assoc($qq)))
while(($pp = $qq->fetch(PDO::FETCH_ASSOC)))
$p[] = $pp;
/* If no project and it's a special award, get all nominated */
if(count($p) == 0 && $aa['type'] == 'Special') {

18
judge_special_awards.php
View File

@ -45,12 +45,14 @@ $u = user_load($eid);
switch($_GET['action']) {
case 'save':
//first delete all their old associations for this year..
mysql_query("DELETE FROM judges_specialaward_sel WHERE users_id='{$u['id']}'");
$stmt = $pdo->prepare("DELETE FROM judges_specialaward_sel WHERE users_id='{$u['id']}'");
$stmt->execute();
if(array_key_exists('spaward', $_POST)) {
foreach($_POST['spaward'] AS $aid) {
mysql_query("INSERT INTO judges_specialaward_sel (users_id, award_awards_id)
$stmt = $pdo->prepare("INSERT INTO judges_specialaward_sel (users_id, award_awards_id)
VALUES ('{$u['id']}','$aid')");
$stmt->execute();
}
}
happy_("Special Award preferences successfully saved");
@ -104,15 +106,16 @@ if($_SESSION['embed'] != true) {
echo "<br />";
echo "<br />";
$q=mysql_query("SELECT * FROM judges_specialaward_sel WHERE users_id='{$u['id']}'");
$q=$pdo->prepare("SELECT * FROM judges_specialaward_sel WHERE users_id='{$u['id']}'");
$q->execute();
$spawards = array();
while($r=mysql_fetch_object($q)) $spawards[] = $r->award_awards_id;
while($r=$q->fetch(PDO::FETCH_OBJ)) $spawards[] = $r->award_awards_id;
echo "<table>\n";
//query all of the awards
$q=mysql_query("SELECT award_awards.id,
$q=$pdo->prepare("SELECT award_awards.id,
award_awards.name,
award_awards.criteria,
sponsors.organization
@ -128,8 +131,9 @@ if($_SESSION['embed'] != true) {
AND award_types.year='{$config['FAIRYEAR']}'
ORDER BY
name");
echo mysql_error();
while($r=mysql_fetch_object($q))
$q->execute();
echo $pdo->errorInfo();
while($r=$q->fetch(PDO::FETCH_OBJ))
{
?>
<tr><td rowspan="2">

5
lpdf.php
View File

@ -220,8 +220,9 @@ class lpdf
// echo "breaking because nr==prevnr ($nr==$prevnr) trying to output [$textstr] (debug: fontsize=$fontsize, lineheight=$lineheight, stringwidth=$stringwidth, left=".$this->loc(0.75).", top=".$this->loc($this->yloc).", width=".$this->loc(7).", height=$lineheight)\n";
break;
}
$q=mysql_query("SELECT * FROM translations WHERE lang='".$_SESSION['lang']."' AND strmd5='".md5($str)."'");
if($r=@mysql_fetch_object($q))
$q=$pdo->prepare("SELECT * FROM translations WHERE lang='".$_SESSION['lang']."' AND strmd5='".md5($str)."'");
$q->execute();
if($r=$q->fetch(PDO::FETCH_OBJ))
$prevnr=$nr;
// printf("x=%f y=%f w=%f h=%f",$this->loc(0.75),$this->loc($this->yloc),$this->loc(7),$lineheight);

61
projects.inc.php
View File

@ -26,7 +26,7 @@ function getProjectsEligibleForAward($award_id)
{
global $config;
$prjq=mysql_query("SELECT
$prjq=$pdo->prepare("SELECT
award_awards.id,
award_awards_projectcategories.projectcategories_id,
award_awards_projectdivisions.projectdivisions_id,
@ -50,8 +50,9 @@ function getProjectsEligibleForAward($award_id)
ORDER BY
projectsort
");
$prjq->execute();
$projects=array();
while($prjr=mysql_fetch_object($prjq))
while($prjr=$prjq->fetch(PDO::FETCH_OBJ))
{
$projects[$prjr->projectnumber]=array(
"id"=>$prjr->projects_id,
@ -67,7 +68,7 @@ function getLanguagesOfProjectsEligibleForAward($award_id)
{
global $config;
$prjq=mysql_query("SELECT DISTINCT(projects.language) AS language
$prjq=$pdo->prepare("SELECT DISTINCT(projects.language) AS language
FROM
award_awards,
award_awards_projectcategories,
@ -84,8 +85,9 @@ function getLanguagesOfProjectsEligibleForAward($award_id)
ORDER BY
language
");
$prjq->execute();
$languages=array();
while($r=mysql_fetch_object($prjq)) {
while($r=$prjq->fetch(PDO::FETCH_OBJ)) {
if($r->language)
$languages[]=$r->language;
}
@ -97,8 +99,9 @@ function getProjectsEligibleOrNominatedForAwards($awards_ids_array)
$projects=array();
foreach($awards_ids_array AS $award_id)
{
$q=mysql_query("SELECT award_types.type FROM award_awards, award_types WHERE award_awards.id='$award_id' AND award_awards.award_types_id=award_types.id");
$r=mysql_fetch_object($q);
$q=$pdo->prepare("SELECT award_types.type FROM award_awards, award_types WHERE award_awards.id='$award_id' AND award_awards.award_types_id=award_types.id");
$q->execute();
$r=$q->fetch(PDO::FETCH_OBJ);
$awardprojects=array();
@ -123,7 +126,7 @@ function getSpecialAwardsEligibleForProject($projectid)
{
global $config;
$awardsq=mysql_query("SELECT
$awardsq=$pdo->prepare("SELECT
award_awards.id,
award_awards.name,
award_awards.criteria,
@ -142,7 +145,7 @@ function getSpecialAwardsEligibleForProject($projectid)
AND award_types.id=award_awards.award_types_id
AND award_awards.id=award_awards_projectcategories.award_awards_id
AND award_awards.id=award_awards_projectdivisions.award_awards_id
AND projects.projectcategories_id=award_awards_projectcategories.projectcategories_id
AND projects.projectcategories_ipreparequeryd=award_awards_projectcategories.projectcategories_id
AND projects.projectdivisions_id=award_awards_projectdivisions.projectdivisions_id
AND award_awards.id is not null
AND projects.year='".$config['FAIRYEAR']."'
@ -152,9 +155,10 @@ function getSpecialAwardsEligibleForProject($projectid)
ORDER BY
award_awards.name
");
$awardsq->execute();
$awards=array();
echo mysql_error();
while($r=mysql_fetch_object($awardsq))
echo $pdo->errorInfo();
while($r=$awardsq->fetch(PDO::FETCH_OBJ))
{
$awards[$r->id]=array(
"id"=>$r->id,
@ -170,7 +174,7 @@ function getSpecialAwardsNominatedForProject($projectid)
{
global $config;
$awardsq=mysql_query("SELECT
$awardsq=$pdo->prepare("SELECT
award_awards.id,
award_awards.name,
award_awards.criteria,
@ -188,9 +192,10 @@ function getSpecialAwardsNominatedForProject($projectid)
ORDER BY
award_awards.name
");
$awardsq->execute();
$awards=array();
echo mysql_error();
while($r=mysql_fetch_object($awardsq))
echo $pdo->errorInfo();
while($r=$awardsq->fetch(PDO::FETCH_OBJ))
{
$awards[$r->id]=array(
"id"=>$r->id,
@ -205,7 +210,7 @@ function getSpecialAwardsNominatedForProject($projectid)
function getNominatedForNoSpecialAwardsForProject($projectid)
{
global $config;
$awardsq=mysql_query("SELECT
$awardsq=$pdo->prepare("SELECT
projects.id AS projects_id
FROM
project_specialawards_link,
@ -216,7 +221,8 @@ function getNominatedForNoSpecialAwardsForProject($projectid)
AND projects.id='$projectid'
AND project_specialawards_link.award_awards_id IS NULL
");
if(mysql_num_rows($awardsq) == 1) return true;
$awardsq->execute();
if($awardsq->rowCount() == 1) return true;
return false;
}
@ -228,7 +234,7 @@ function getProjectsNominatedForSpecialAward($award_id)
//are eligible for the award, instead of nominated for it.
if($config['specialawardnomination']!="none")
{
$prjq=mysql_query("SELECT
$prjq=$pdo->prepare("SELECT
projects.projectnumber,
projects.title,
projects.language,
@ -244,8 +250,9 @@ function getProjectsNominatedForSpecialAward($award_id)
ORDER BY
projectsort
");
$prjq->execute();
$projects=array();
while($prjr=mysql_fetch_object($prjq))
while($prjr=$prjq->fetch(PDO::FETCH_OBJ))
{
$projects[$prjr->projectnumber]=array(
"id"=>$prjr->projects_id,
@ -271,7 +278,7 @@ function getLanguagesOfProjectsNominatedForSpecialAward($award_id)
//if they dont use special award nominations, then we will instead get all of the projects that
//are eligible for the award, instead of nominated for it.
if($config['specialawardnomination']!="none") {
$prjq=mysql_query("SELECT DISTINCT(projects.language) AS language
$prjq=$pdo->prepare("SELECT DISTINCT(projects.language) AS language
FROM
project_specialawards_link,
projects
@ -282,8 +289,9 @@ function getLanguagesOfProjectsNominatedForSpecialAward($award_id)
AND projects.year='".$config['FAIRYEAR']."'
ORDER BY language
");
$prjq->execute();
$languages=array();
while($r=mysql_fetch_object($prjq)) {
while($r=$prjq->fetch(PDO::FETCH_OBJ)) {
//dont count "" as a language, if the project doesnt have a language specified too bad they're up shit creek without a paddle
if($r->langauge) {
$languages[]=$r->language;
@ -302,7 +310,7 @@ function getSpecialAwardsNominatedByRegistrationID($id)
{
global $config;
$awardq=mysql_query("SELECT
$awardq=$pdo->prepare("SELECT
award_awards.id,
award_awards.name,
award_awards_projectcategories.projectcategories_id,
@ -324,8 +332,9 @@ function getSpecialAwardsNominatedByRegistrationID($id)
ORDER BY
projectsort
");
$awardq->execute();
$projects=array();
while($prjr=mysql_fetch_object($prjq))
while($prjr=$prjq->fetch(PDO::FETCH_OBJ))
{
$projects[$prjr->projectnumber]=array(
"id"=>$prjr->projects_id,
@ -340,15 +349,17 @@ function getSpecialAwardsNominatedByRegistrationID($id)
function project_load($pid)
{
/* Load this project */
$q = mysql_query("SELECT * FROM projects WHERE id='$pid'");
$proj = mysql_fetch_array($q);
$q = $pdo->prepare("SELECT * FROM projects WHERE id='$pid'");
$q->execute();
$proj = $q->fetch();
/* Load the students */
$q = mysql_query("SELECT students.*,schools.school FROM students
$q = $pdo->prepare("SELECT students.*,schools.school FROM students
LEFT JOIN schools ON schools.id=students.schools_id
WHERE registrations_id='{$proj['registrations_id']}' AND students.year='{$proj['year']}' ORDER BY students.id");
$q->execute();
$proj['num_students'] = 0;
while($s = mysql_fetch_assoc($q)) {
while($s = $q->fetch(PDO::FETCH_OBJ)) {
$proj['num_students']++;
$proj['student'][] = $s;
}

99
questions.inc.php
View File

@ -27,13 +27,15 @@
function questions_load_answers($section, $users_id)
{
global $config;
$yearq=mysql_query("SELECT `year` FROM users WHERE id='$users_id'");
$yearr=mysql_fetch_object($yearq);
$yearq=$pdo->prepare("SELECT `year` FROM users WHERE id='$users_id'");
$yearq->execute();
$yearr=$yearq->fetch(PDO::FETCH_OBJ);
$ans=array();
$qs=questions_load_questions($section,$yearr->year);
foreach($qs AS $id=>$question) {
$q=mysql_query("SELECT * FROM question_answers WHERE users_id='$users_id' AND questions_id='$id'");
$r=mysql_fetch_object($q);
$q=$pdo->prepare("SELECT * FROM question_answers WHERE users_id='$users_id' AND questions_id='$id'");
$q->execute();
$r=$q->fetch(PDO::FETCH_OBJ);
$ans[$id]=$r->answer;
}
return $ans;
@ -67,29 +69,33 @@ function questions_save_answers($section, $id, $answers)
global $config;
$qs = questions_load_questions($section,$config['FAIRYEAR']);
$keys = array_keys($answers);
$q=mysql_query("SELECT * FROM questions WHERE year='{$config['FAIRYEAR']}'");
while($r=mysql_fetch_object($q)) {
mysql_query("DELETE FROM question_answers WHERE users_id='$id' AND questions_id='$r->id'");
echo mysql_error();
$q=$pdo->prepare("SELECT * FROM questions WHERE year='{$config['FAIRYEAR']}'");
$q->execute();
while($r=$q->fetch(PDO::FETCH_OBJ)) {
$stmt = $pdo->prepare("DELETE FROM question_answers WHERE users_id='$id' AND questions_id='$r->id'");
$stmt->execute();
echo $pdo->errorInfo();
}
$keys = array_keys($answers);
foreach($keys as $qid) {
/* Poll key */
mysql_query("INSERT INTO question_answers
$stmt = $pdo->prepare("INSERT INTO question_answers
(users_id,questions_id,answer) VALUES(
'$id','$qid',
'".mysql_escape_string($answers[$qid])."')" );
'".$answers[$qid]."')" );
$stmt->execute();
}
}
function questions_find_question_id($section, $dbheading)
{
$q = mysql_query("SELECT id FROM questions WHERE ".
$q = $pdo->prepare("SELECT id FROM questions WHERE ".
" section='$section' ".
" AND db_heading='$dbheading' ");
if(mysql_num_rows($q) == 1) {
$r = mysql_fetch_object($q);
$q->execute();
if($q->rowCount() == 1) {
$r = $q->fetch(PDO::FETCH_OBJ);
return $r->id;
}
return 0;
@ -162,28 +168,30 @@ function questions_parse_from_http_headers($array_name)
function questions_update_question($qs)
{
mysql_query("UPDATE questions SET
`question`='".mysql_escape_string($qs['question'])."',
`type`='".mysql_escape_string($qs['type'])."',
`db_heading`='".mysql_escape_string($qs['db_heading'])."',
`required`='".mysql_escape_string($qs['required'])."',
`ord`=".intval($qs['ord'])."
$stmt = $pdo->prepare("UPDATE questions SET
`question`='".$qs['question']."',
`type`='".$qs['type']."',
`db_heading`='".$qs['db_heading']."',
`required`='".$qs['required']."',
`ord`=".intval($qs['ord']."
WHERE id='{$qs['id']}' ");
echo mysql_error();
$stmt->execute();
echo $pdo->errorInfo();
}
function questions_save_new_question($qs, $year)
{
mysql_query("INSERT INTO questions ".
$stmt = $pdo->prepare("INSERT INTO questions ".
"(question,type,section,db_heading,required,ord,year) VALUES (".
"'".mysql_escape_string($qs['question'])."',".
"'".mysql_escape_string($qs['type'])."',".
"'".mysql_escape_string($qs['section'])."',".
"'".mysql_escape_string($qs['db_heading'])."',".
"'".mysql_escape_string($qs['required'])."',".
"'".mysql_escape_string($qs['ord'])."',".
"'".$qs['question']."',".
"'".$qs['type']."',".
"'".$qs['section']."',".
"'".$qs['db_heading']."',".
"'".$qs['required']."',".
"'".$qs['ord']."',".
"'$year' )");
echo mysql_error();
$stmt->execute();
echo $pdo->errorInfo();
}
@ -231,7 +239,8 @@ function questions_editor($section, $year, $array_name, $self)
$qs = questions_load_questions($section, $year);
/* Delete this question */
mysql_query("DELETE FROM questions WHERE id='$qid'");
$stmt = $pdo->prepare("DELETE FROM questions WHERE id='$qid'");
$stmt->execute();
/* Update the order of all questions after this one */
$keys = array_keys($qs);
@ -239,7 +248,8 @@ function questions_editor($section, $year, $array_name, $self)
if($q == $qid) continue;
if($qs[$q]['ord'] > $qs[$qid]['ord']) {
$qs[$q]['ord']--;
mysql_query("UPDATE questions SET ord='{$qs[$q]['ord']}' WHERE id='$q'");
$stmt = $pdo->prepare("UPDATE questions SET ord='{$qs[$q]['ord']}' WHERE id='$q'");
$stmt->execute();
}
}
echo happy(i18n("Question successfully removed"));
@ -248,18 +258,20 @@ function questions_editor($section, $year, $array_name, $self)
if($_GET['action']=="import" && $_GET['impyear'])
{
$x=0;
$q = mysql_query("SELECT * FROM questions WHERE year='{$_GET['impyear']}'");
while($r=mysql_fetch_object($q)) {
$q = $pdo->prepare("SELECT * FROM questions WHERE year='{$_GET['impyear']}'");
$q->execute();
while($r=$q->fetch(PDO::FETCH_OBJ)) {
$x++;
mysql_query("INSERT INTO questions (id,year,section,db_heading,question,type,required,ord)
$stmt = $pdo->prepare("INSERT INTO questions (id,year,section,db_heading,question,type,required,ord)
VALUES (
'', '$year',
'".mysql_escape_string($r->section)."',
'".mysql_escape_string($r->db_heading)."',
'".mysql_escape_string($r->question)."',
'".mysql_escape_string($r->type)."',
'".mysql_escape_string($r->required)."',
'".mysql_escape_string($r->ord)."')");
'".$r->section."',
'".$r->db_heading."',
'".$r->question."',
'".$r->type."',
'".$r->required."',
'".$r->ord)."')";
$stmt->execute();
}
echo happy(i18n("%1 question(s) successfully imported",
@ -305,7 +317,8 @@ function questions_editor($section, $year, $array_name, $self)
if($qdir != 0) {
$qs[$qid]['ord'] += $qdir;
/* Update the db */
mysql_query("UPDATE questions SET ord='{$qs[$qid]['ord']}' WHERE id='$qid'");
$stmt = $pdo->prepare("UPDATE questions SET ord='{$qs[$qid]['ord']}' WHERE id='$qid'");
$stmt->execute();
$keys = array_keys($qs);
$originalq = $qs[$qid];
@ -314,10 +327,12 @@ function questions_editor($section, $year, $array_name, $self)
if($qs[$q]['ord'] != $qs[$qid]['ord']) continue;
if($qdir == 1) {
$qs[$q]['ord']--;
mysql_query("UPDATE questions SET ord='{$qs[$q]['ord']}' WHERE id='$q'");
$stmt = $pdo->prepare("UPDATE questions SET ord='{$qs[$q]['ord']}' WHERE id='$q'");
$stmt->execute();
} else {
$qs[$q]['ord']++;
mysql_query("UPDATE questions SET ord='{$qs[$q]['ord']}' WHERE id='$q'");
$stmt = $pdo->prepare("UPDATE questions SET ord='{$qs[$q]['ord']}' WHERE id='$q'");
$stmt->execute();
}
/* Swap them so we don' thave to reaload the questions
* */

127
register_participants.inc.php
View File

@ -26,8 +26,9 @@ function registrationFormsReceived($reg_id="")
{
if($reg_id) $rid=$reg_id;
else $rid=$_SESSION['registration_id'];
$q=mysql_query("SELECT status FROM registrations WHERE id='$rid'");
$r=mysql_fetch_object($q);
$q=$pdo->prepare("SELECT status FROM registrations WHERE id='$rid'");
$q->execute();
$r=$q->fetch(PDO::FETCH_OBJ);
if($r->status=="complete" || $r->status=="paymentpending")
return true;
else
@ -37,8 +38,9 @@ function registrationFormsReceived($reg_id="")
function registrationDeadlinePassed()
{
global $config;
$q=mysql_query("SELECT (NOW()<'".$config['dates']['regclose']."') AS datecheck");
$datecheck=mysql_fetch_object($q);
$q=$pdo->prepare("SELECT (NOW()<'".$config['dates']['regclose']."') AS datecheck");
$q->execute();
$datecheck=$q->fetch(PDO::FETCH_OBJ);
if($datecheck->datecheck==1)
return false;
else
@ -60,13 +62,13 @@ function studentStatus($reg_id="")
if($reg_id) $rid=$reg_id;
else $rid=$_SESSION['registration_id'];
$q=mysql_query("SELECT * FROM students WHERE registrations_id='$rid' AND year='".$config['FAIRYEAR']."'");
$q=$pdo->prepare("SELECT * FROM students WHERE registrations_id='$rid' AND year='".$config['FAIRYEAR']."'");
$q->execute();
//if we dont have the minimum, return incomplete
if(mysql_num_rows($q)<$config['minstudentsperproject'])
if($q->rowCount()<$config['minstudentsperproject'])
return "incomplete";
while($r=mysql_fetch_object($q))
while($r=$q->fetch(PDO::FETCH_OBJ))
{
foreach ($required_fields AS $req)
{
@ -95,14 +97,15 @@ function emergencycontactStatus($reg_id="")
if($reg_id) $rid=$reg_id;
else $rid=$_SESSION['registration_id'];
$sq=mysql_query("SELECT id FROM students WHERE registrations_id='$rid' AND year='".$config['FAIRYEAR']."'");
$numstudents=mysql_num_rows($sq);
$sq=$pdo->prepare("SELECT id FROM students WHERE registrations_id='$rid' AND year='".$config['FAIRYEAR']."'");
$sq->execute();
$numstudents=$sq->rowCount();
while($sr=mysql_fetch_object($sq))
while($sr=$sq->fetch(PDO::FETCH_OBJ))
{
$q=mysql_query("SELECT * FROM emergencycontact WHERE registrations_id='$rid' AND year='".$config['FAIRYEAR']."' AND students_id='$sr->id'");
$r=mysql_fetch_object($q);
$q=$pdo->prepare("SELECT * FROM emergencycontact WHERE registrations_id='$rid' AND year='".$config['FAIRYEAR']."' AND students_id='$sr->id'");
$q->execute();
$r=$q->fetch(PDO::FETCH_OBJ);
foreach ($required_fields AS $req)
{
@ -136,13 +139,13 @@ function projectStatus($reg_id="")
if($reg_id) $rid=$reg_id;
else $rid=$_SESSION['registration_id'];
$q=mysql_query("SELECT * FROM projects WHERE registrations_id='$rid' AND year='".$config['FAIRYEAR']."'");
$q=$pdo->prepare("SELECT * FROM projects WHERE registrations_id='$rid' AND year='".$config['FAIRYEAR']."'");
$q->execute();
//if we dont have a project entry yet, return empty
if(!mysql_num_rows($q))
if(!$q->rowCount())
return "empty";
while($r=mysql_fetch_object($q))
while($r=$q->fetch(PDO::FETCH_OBJ))
{
foreach ($required_fields AS $req)
{
@ -166,18 +169,20 @@ function mentorStatus($reg_id="")
else $rid=$_SESSION['registration_id'];
//first check the registrations table to see if 'nummentors' is set, or if its null
$q=mysql_query("SELECT nummentors FROM registrations WHERE id='$rid' AND year='".$config['FAIRYEAR']."'");
$r=mysql_fetch_object($q);
$q=$pdo->prepare("SELECT nummentors FROM registrations WHERE id='$rid' AND year='".$config['FAIRYEAR']."'");
$q->execute();
$r=$q->fetch(PDO::FETCH_OBJ);
if($r->nummentors==null)
return "incomplete";
$q=mysql_query("SELECT * FROM mentors WHERE registrations_id='$rid' AND year='".$config['FAIRYEAR']."'");
$q=$pdo->prepare("SELECT * FROM mentors WHERE registrations_id='$rid' AND year='".$config['FAIRYEAR']."'");
$q->execute();
//if we dont have the minimum, return incomplete
if(mysql_num_rows($q)<$config['minmentorserproject'])
if($q->rowCount()<$config['minmentorserproject'])
return "incomplete";
while($r=mysql_fetch_object($q))
while($r=$q->fetch(PDO::FETCH_OBJ))
{
foreach ($required_fields AS $req)
{
@ -201,15 +206,17 @@ function safetyStatus($reg_id="")
else $rid=$_SESSION['registration_id'];
//grab all of their answers
$q=mysql_query("SELECT * FROM safety WHERE registrations_id='$rid'");
while($r=mysql_fetch_object($q))
$q=$pdo->prepare("SELECT * FROM safety WHERE registrations_id='$rid'");
$q->execute();
while($r=$q->fetch(PDO::FETCH_OBJ))
{
$safetyanswers[$r->safetyquestions_id]=$r->answer;
}
//now grab all the questions
$q=mysql_query("SELECT * FROM safetyquestions WHERE year='".$config['FAIRYEAR']."' ORDER BY ord");
while($r=mysql_fetch_object($q))
$q=$pdo->prepare("SELECT * FROM safetyquestions WHERE year='".$config['FAIRYEAR']."' ORDER BY ord");
$q->execute();
while($r=$q->fetch(PDO::FETCH_OBJ))
{
if($r->required=="yes" && !$safetyanswers[$r->id])
{
@ -226,11 +233,12 @@ function spawardStatus($reg_id="")
if($reg_id) $rid=$reg_id;
else $rid=$_SESSION['registration_id'];
$q=mysql_query("SELECT * FROM projects WHERE registrations_id='$rid'");
$project=mysql_fetch_object($q);
$q=$pdo->prepare("SELECT * FROM projects WHERE registrations_id='$rid'");
$q->execute();
$project=$q->fetch(PDO::FETCH_OBJ);
/* We want this query to get any awards with a NULL award_awards_id */
$awardsq=mysql_query("SELECT
$awardsq=$pdo->prepare("SELECT
projects.id AS projects_id
FROM
project_specialawards_link,
@ -239,8 +247,9 @@ function spawardStatus($reg_id="")
project_specialawards_link.projects_id='".$project->id."'
AND projects.year='".$config['FAIRYEAR']."'
");
$awardsq->execute();
if(mysql_num_rows($awardsq))
if($awardsq->rowCount())
return "complete";
else
return "incomplete";
@ -254,19 +263,20 @@ function tourStatus($reg_id="")
else $rid=$_SESSION['registration_id'];
/* Get the students for this project */
$q=mysql_query("SELECT * FROM students WHERE registrations_id='$rid' AND year='".$config['FAIRYEAR']."'");
$num_found = mysql_num_rows($q);
$q=$pdo->prepare("SELECT * FROM students WHERE registrations_id='$rid' AND year='".$config['FAIRYEAR']."'");
$q->execute();
$num_found = $q->rowCount();
$ret = "complete";
while($s=mysql_fetch_object($q)) {
while($s=$q->fetch(PDO::FETCH_OBJ)) {
//grab all of their tour prefs
$sid = $s->id;
$qq=mysql_query("SELECT * FROM tours_choice WHERE students_id='$sid' and year='{$config['FAIRYEAR']}' ORDER BY rank");
$n_tours = mysql_num_rows($qq);
$qq=$pdo->prepare("SELECT * FROM tours_choice WHERE students_id='$sid' and year='{$config['FAIRYEAR']}' ORDER BY rank");
$qq->execute();
$n_tours = $qq->rowCount();
if($n_tours > 0) {
/* See if there's a rank 0 tour (rank 0 == their tour assignment) */
$i = mysql_fetch_object($qq);
$i = $qq->fetch(PDO::FETCH_OBJ);
if($i->rank == 0) {
/* Yes, there is, no matter what, this student's tour
* selection is complete. */
@ -289,16 +299,18 @@ function namecheckStatus($reg_id="")
global $config;
if($reg_id) {
$q=mysql_query("SELECT * FROM students WHERE
$q=$pdo->prepare("SELECT * FROM students WHERE
registrations_id='$reg_id'
$q->execute();
AND year='".$config['FAIRYEAR']."'");
} else {
$q=mysql_query("SELECT * FROM students WHERE
$q=$pdo->prepare("SELECT * FROM students WHERE
id='{$_SESSION['students_id']}'");
}
$q->execute();
}
/* Get the students for this project */
while($s=mysql_fetch_object($q)) {
while($s=$q->fetch(PDO::FETCH_OBJ)) {
if($s->namecheck_complete == 'no') {
return 'incomplete';
}
@ -313,7 +325,7 @@ function generateProjectNumber($registration_id)
$reg_id = $registration_id;
$q=mysql_query("SELECT projects.projectcategories_id,
$q=$pdo->prepare("SELECT projects.projectcategories_id,
projects.projectdivisions_id,
projectcategories.category_shortform,
projectdivisions.division_shortform
@ -328,8 +340,9 @@ function generateProjectNumber($registration_id)
AND projectcategories.year='{$config['FAIRYEAR']}'
AND projectdivisions.year='{$config['FAIRYEAR']}'
");
echo mysql_error();
$r=mysql_fetch_object($q);
$q->execute();
echo $pdo->errorInfo();
$r=$q->fetch(PDO::FETCH_OBJ);
$p=array('number'=>array(), 'sort'=>array() );
$p['number']['str'] = $config['project_num_format'];
@ -359,14 +372,15 @@ function generateProjectNumber($registration_id)
/* Build a total list of projects for finding a global number, and
* while constructing the list, build a list for the division/cat
* sequence number */
$q = mysql_query("SELECT projectnumber_seq,projectsort_seq,
$q = $pdo->prepare("SELECT projectnumber_seq,projectsort_seq,
projectdivisions_id,projectcategories_id
FROM projects
WHERE year='{$config['FAIRYEAR']}'
AND projectnumber_seq!='0'
AND projectnumber IS NOT NULL");
echo mysql_error();
while($i = mysql_fetch_object($q)) {
$q->execute();
echo $pdo->errorInfo();
while($i = $q->fetch(PDO::FETCH_OBJ)) {
if( ($r->projectdivisions_id == $i->projectdivisions_id)
&&($r->projectcategories_id == $i->projectcategories_id) ) {
$p['number']['n_used'][] = $i->projectnumber_seq;
@ -439,23 +453,26 @@ function computeRegistrationFee($regid)
$ret = array();
$regfee_items = array();
$q = mysql_query("SELECT * FROM regfee_items
$q = $pdo->prepare("SELECT * FROM regfee_items
WHERE year='{$config['FAIRYEAR']}'");
while($i = mysql_fetch_assoc($q)) $regfee_items[] = $i;
$q->execute();
while($i = $q->fetch(PDO::FETCH_ASSOC)) $regfee_items[] = $i;
$q=mysql_query("SELECT * FROM students WHERE registrations_id='$regid' AND year='".$config['FAIRYEAR']."'");
$n_students = mysql_num_rows($q);
$q=$pdo->prepare("SELECT * FROM students WHERE registrations_id='$regid' AND year='".$config['FAIRYEAR']."'");
$q->execute();
$n_students = $q->rowCount();
$n_tshirts = 0;
$sel = array();
while($s = mysql_fetch_object($q)) {
while($s = $q->fetch(PDO::FETCH_OBJ)) {
if($s->tshirt != 'none') $n_tshirts++;
/* Check their regfee items too */
if($config['participant_regfee_items_enable'] != 'yes') continue;
$sel_q = mysql_query("SELECT * FROM regfee_items_link
$sel_q = $pdo->prepare("SELECT * FROM regfee_items_link
WHERE students_id={$s->id}");
while($info_q = mysql_fetch_assoc($sel_q)) {
$sel_q->execute();
while($info_q = $selq->fetch(PDO::FETCH_ASSOC)) {
$sel[] = $info_q['regfee_items_id'];
}
}

56
register_participants.php
View File

@ -31,14 +31,19 @@
$datecheck = $q->fetch(PDO::FETCH_OBJ);
if($_POST['action']=="new") {
$q=mysql_query("SELECT email,num,id,schools_id FROM registrations WHERE email='".$_SESSION['email']."' AND num='".$_POST['regnum']."' AND year=".$config['FAIRYEAR']);
if(mysql_num_rows($q)) {
$r=mysql_fetch_object($q);
$q=$pdo->prepare("SELECT email,num,id,schools_id FROM registrations WHERE email='".$_SESSION['email']."' AND num='".$_POST['regnum']."' AND year=".$config['FAIRYEAR']);
$q->execute();
if($q->rowCount()) {
$r=$q->fetch(PDO::FETCH_OBJ);
$_SESSION['registration_number']=$r->num;
$_SESSION['registration_id']=$r->id;
mysql_query("INSERT INTO students (registrations_id,email,schools_id,year) VALUES ('$r->id','".mysql_escape_string($_SESSION['email'])."','".$r->schools_id."','".$config['FAIRYEAR']."')");
mysql_query("UPDATE registrations SET status='open' WHERE id='$r->id'");
$stmt = $pdo->prepare("INSERT INTO students (registrations_id,email,schools_id,year) VALUES ('$r->id','".$_SESSION['email']."','".$r->schools_id."','".$config['FAIRYEAR']."')");
$stmt = $pdo->prepare("UPDATE registrations SET status='open' WHERE id='$r->id'");
$stmt->execute();
$stmt->execute();
header("Location: register_participants_main.php");
exit;
@ -52,17 +57,18 @@
}
else if($_POST['action']=="continue") {
if($_POST['email'])
$_SESSION['email']=stripslashes(mysql_escape_string($_POST['email']));
$_SESSION['email']=stripslashes($_POST['email']);
$q=mysql_query("SELECT registrations.id AS regid, registrations.num AS regnum, students.id AS studentid, students.firstname FROM registrations,students ".
$q=$pdo->prepare("SELECT registrations.id AS regid, registrations.num AS regnum, students.id AS studentid, students.firstname FROM registrations,students ".
"WHERE students.email='".$_SESSION['email']."' ".
"AND registrations.num='".intval($_POST['regnum'])."' ".
"AND students.registrations_id=registrations.id ".
"AND registrations.year=".$config['FAIRYEAR']." ".
"AND students.year=".$config['FAIRYEAR']);
$q->execute();
if(mysql_num_rows($q)) {
$r=mysql_fetch_object($q);
if($q->rowCount()) {
$r=$q->fetch(PDO::FETCH_OBJ);
$_SESSION['registration_number']=$r->regnum;
$_SESSION['registration_id']=$r->regid;
$_SESSION['students_id']=$r->studentid;
@ -78,24 +84,26 @@
}
else if($_GET['action']=="resend" && $_SESSION['email']) {
//first see if the email matches directly from the registrations table
$q=mysql_query("SELECT registrations.num FROM
$q=$pdo->prepare("SELECT registrations.num FROM
registrations
WHERE
registrations.email='".$_SESSION['email']."'
AND registrations.year='".$config['FAIRYEAR']."'");
if(mysql_num_rows($q))
$r=mysql_fetch_object($q);
$q->execute();
if($q->rowCount())
$r=$q->fetch(PDO::FETCH_OBJ);
else {
//no match from registrations, so lets see if it matches from the students table
$q=mysql_query("SELECT registrations.num FROM
$q=$pdo->prepare("SELECT registrations.num FROM
registrations,
students
WHERE
students.email='".$_SESSION['email']."'
AND students.registrations_id=registrations.id
AND registrations.year='".$config['FAIRYEAR']."'");
$r=mysql_fetch_object($q);
$q->execute();
$r=$q->fetch(PDO::FETCH_OBJ);
}
@ -174,7 +182,7 @@ $q->execute();
if($q->rowCount()>0) {
$r=mysql_fetch_object($q);
$r=$q->fetch(PDO::FETCH_OBJ);
// print_r($r);
echo i18n("Please enter your <b>registration number</b> in order to login");
echo "<input type=\"hidden\" name=\"action\" value=\"continue\">";
@ -227,8 +235,9 @@ $q->execute();
else if($config['participant_registration_type']=="schoolpassword") {
$showschoolpasswordform=true;
if($_POST['schoolpassword'] && $_POST['schoolid']) {
$q=mysql_query("SELECT registration_password FROM schools WHERE id='".$_POST['schoolid']."' AND year='".$config['FAIRYEAR']."'");
$r=mysql_fetch_object($q);
$q=$pdo->prepare("SELECT registration_password FROM schools WHERE id='".$_POST['schoolid']."' AND year='".$config['FAIRYEAR']."'");
$q->execute();
$r=$q->fetch(PDO::FETCH_OBJ);
if($_POST['schoolpassword']==$r->registration_password) {
$allownew=true;
@ -250,10 +259,11 @@ $q->execute();
echo "<input type=\"hidden\" name=\"action\" value=\"login\">";
echo i18n("Email Address:")." ".$_SESSION['email']."<br />";
echo i18n("School: ");
$q=mysql_query("SELECT id,school FROM schools WHERE year='".$config['FAIRYEAR']."' ORDER BY school");
$q=$pdo->prepare("SELECT id,school FROM schools WHERE year='".$config['FAIRYEAR']."' ORDER BY school");
$q->execute();
echo "<select name=\"schoolid\">";
echo "<option value=\"\">".i18n("Choose your school")."</option>\n";
while($r=mysql_fetch_object($q))
while($r=$q->fetch(PDO::FETCH_OBJ))
echo "<option value=\"$r->id\">$r->school</option>\n";
echo "</select>";
echo "<br />";
@ -303,13 +313,14 @@ $q->execute();
//random number between
//100000 and 999999 (six digit integer)
$regnum=rand(100000,999999);
$q=mysql_query("SELECT * FROM registrations WHERE num='$regnum' AND year=".$config['FAIRYEAR']);
}while(mysql_num_rows($q)>0);
$q=$pdo->prepare("SELECT * FROM registrations WHERE num='$regnum' AND year=".$config['FAIRYEAR']);
$q->execute();
}while($q->rowCount()>0);
if(!$schoolidquery) $schoolidquery="null";
//actually insert it
mysql_query("INSERT INTO registrations (num,email,start,status,schools_id,year) VALUES (".
$stmt = $pdo->prepare("INSERT INTO registrations (num,email,start,status,schools_id,year) VALUES (".
"'$regnum',".
"'".$_SESSION['email']."',".
"NOW(),".
@ -317,6 +328,7 @@ $q->execute();
$schoolidquery.",".
$config['FAIRYEAR'].
")");
$stmt->execute();
email_send("new_participant",$_SESSION['email'],array(),array("REGNUM"=>$regnum,"EMAIL"=>$_SESSION['email']));

54
register_participants_emergencycontact.php
View File

@ -38,22 +38,22 @@
exit;
}
$q=mysql_query("SELECT registrations.id AS regid, students.id AS studentid, students.firstname FROM registrations,students ".
$q=$pdo->prepare("SELECT registrations.id AS regid, students.id AS studentid, students.firstname FROM registrations,students ".
"WHERE students.email='".$_SESSION['email']."' ".
"AND registrations.num='".$_SESSION['registration_number']."' ".
"AND registrations.id='".$_SESSION['registration_id']."' ".
"AND students.registrations_id=registrations.id ".
"AND registrations.year=".$config['FAIRYEAR']." ".
"AND students.year=".$config['FAIRYEAR']);
echo mysql_error();
echo $pdo->errorInfo();
if(mysql_num_rows($q)==0)
if($q->rowCount()==0)
{
header("Location: register_participants.php");
exit;
}
$authinfo=mysql_fetch_object($q);
$authinfo=$q->fetch(PDO::FETCH_OBJ);
//send the header
send_header("Participant Registration - Emergency Contact Information");
@ -82,8 +82,9 @@ echo mysql_error();
//first, lets make sure this emergency contact really does belong to them
foreach($_POST['ids'] AS $id)
{
$q=mysql_query("SELECT * FROM emergencycontact WHERE id='$id' AND registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'");
if(mysql_num_rows($q)==1) {
$q=$pdo->prepare("SELECT * FROM emergencycontact WHERE id='$id' AND registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'");
$q->execute();
if($q->rowCount()==1) {
$e=stripslashes($_POST['email'][$id]);
if($_POST['relation'][$id]=="Parent" && $e && user_valid_email($e)) {
if($u=user_load_by_email($e)) {
@ -106,17 +107,18 @@ echo mysql_error();
}
}
mysql_query("UPDATE emergencycontact SET ".
"firstname='".mysql_escape_string(stripslashes($_POST['firstname'][$id]))."', ".
"lastname='".mysql_escape_string(stripslashes($_POST['lastname'][$id]))."', ".
"relation='".mysql_escape_string(stripslashes($_POST['relation'][$id]))."', ".
"phone1='".mysql_escape_string(stripslashes($_POST['phone1'][$id]))."', ".
"phone2='".mysql_escape_string(stripslashes($_POST['phone2'][$id]))."', ".
"phone3='".mysql_escape_string(stripslashes($_POST['phone3'][$id]))."', ".
"phone4='".mysql_escape_string(stripslashes($_POST['phone4'][$id]))."', ".
"email='".mysql_escape_string(stripslashes($_POST['email'][$id]))."' ".
$stmt = $pdo->prepare("UPDATE emergencycontact SET ".
"firstname='".stripslashes($_POST['firstname'][$id])."', ".
"lastname='".stripslashes($_POST['lastname'][$id])."', ".
"relation='".stripslashes($_POST['relation'][$id])."', ".
"phone1='".stripslashes($_POST['phone1'][$id])."', ".
"phone2='".stripslashes($_POST['phone2'][$id])."', ".
"phone3='".stripslashes($_POST['phone3'][$id])."', ".
"phone4='".stripslashes($_POST['phone4'][$id])."', ".
"email='".stripslashes($_POST['email'][$id])."' ".
"WHERE id='$id'");
echo mysql_error();
$stmt->execute();
echo $pdo->errorInfo();
echo notice(i18n("Emergency contact information successfully updated"));
}
else
@ -141,23 +143,25 @@ else if($newstatus=="complete")
}
$sq=mysql_query("SELECT id,firstname,lastname FROM students WHERE registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'");
$numstudents=mysql_num_rows($sq);
$sq=$pdo->prepare("SELECT id,firstname,lastname FROM students WHERE registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'");
$sq->execute();
$numstudents=$sq->rowCount();
echo "<form name=\"emergencycontactform\" method=\"post\" action=\"register_participants_emergencycontact.php\">\n";
echo "<input type=\"hidden\" name=\"action\" value=\"save\">\n";
while($sr=mysql_fetch_object($sq))
while($sr=$sq->fetch(PDO::FETCH_OBJ))
{
$q=mysql_query("SELECT * FROM emergencycontact WHERE registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."' AND students_id='$sr->id'");
if(mysql_num_rows($q)==0) {
mysql_query("INSERT INTO emergencycontact (registrations_id,students_id,year) VALUES ('".$_SESSION['registration_id']."','".$sr->id."','".$config['FAIRYEAR']."')");
$id=mysql_insert_id();
$q=$pdo->prepare("SELECT * FROM emergencycontact WHERE registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."' AND students_id='$sr->id'");
$q->execute();
if($q->rowCount()==0) {
$stmt = $pdo->prepare("INSERT INTO emergencycontact (registrations_id,students_id,year) VALUES ('".$_SESSION['registration_id']."','".$sr->id."','".$config['FAIRYEAR']."')");
$stmt->execute();
$id=$pdo->lastInsertId();
unset($r);
}
else {
$r=mysql_fetch_object($q);
$r=$q->fetch(PDO::FETCH_OBJ);
$id=$r->id;
}

37
register_participants_isefforms.php
View File

@ -36,22 +36,23 @@
exit;
}
$q=mysql_query("SELECT registrations.id AS regid, students.id AS studentid, students.firstname FROM registrations,students ".
$q=$pdo->prepare("SELECT registrations.id AS regid, students.id AS studentid, students.firstname FROM registrations,students ".
"WHERE students.email='".$_SESSION['email']."' ".
"AND registrations.num='".$_SESSION['registration_number']."' ".
"AND registrations.id='".$_SESSION['registration_id']."' ".
"AND students.registrations_id=registrations.id ".
"AND registrations.year=".$config['FAIRYEAR']." ".
"AND students.year=".$config['FAIRYEAR']);
echo mysql_error();
$q->execute();
echo $pdo->errorInfo();
if(mysql_num_rows($q)==0)
if($q->rowCount()==0)
{
header("Location: register_participants.php");
exit;
}
$authinfo=mysql_fetch_object($q);
$authinfo=$q->fetch(PDO::FETCH_OBJ);
//send the header
send_header("Participant Registration - ISEF Forms");
@ -70,12 +71,12 @@ echo mysql_error();
//because it will be added below by the _FILES, and if its not added there then that means we just said yes and didnt upload anything
//so removing it makes it go all red again so you are aware
mysql_query("DELETE FROM TC_ProjectForms WHERE ProjectID='$r->id' AND FormID='$k' AND `year`='$CURRENT_FAIRYEAR'");
$stmt = $po->prepare("DELETE FROM TC_ProjectForms WHERE ProjectID='$r->id' AND FormID='$k' AND `year`='$CURRENT_FAIRYEAR'");
$stmt->execute();
//just look at hte first letter, since its either "no:<id>" or "yes:<id>";
if($v[0]=="n")
{
mysql_query("INSERT INTO TC_ProjectForms (`FormID`,`ProjectID`,`uploaded`,`dt`,`year`) VALUES (
$stmt = $pdo->prepare("INSERT INTO TC_ProjectForms (`FormID`,`ProjectID`,`uploaded`,`dt`,`year`) VALUES (
'$k',
'$r->id',
@ -83,6 +84,7 @@ echo mysql_error();
NOW(),
'$CURRENT_FAIRYEAR'
)");
$stmt->execute();
}
@ -125,12 +127,14 @@ echo mysql_error();
if($pgs) $p="'$pgs'";
else $p="null";
mysql_query("DELETE FROM TC_ProjectForms WHERE ProjectID='$r->id' AND FormID='$k' AND `year`='$CURRENT_FAIRYEAR'");
mysql_query("INSERT INTO TC_ProjectForms (`FormID`,`ProjectID`,`uploaded`,`filename`,`pages`,`dt`,`year`) VALUES (
$stmt = $pdo->prepare("DELETE FROM TC_ProjectForms WHERE ProjectID='$r->id' AND FormID='$k' AND `year`='$CURRENT_FAIRYEAR'");
$stmt->execute();
$stmt = $pdo->prepare("INSERT INTO TC_ProjectForms (`FormID`,`ProjectID`,`uploaded`,`filename`,`pages`,`dt`,`year`) VALUES (
$stmt->execute();
'$k',
'$r->id',
'1',
'".mysql_escape_string($_FILES['form']['name'][$k])."',
'".$_FILES['form']['name'][$k]."',
$p,
NOW(),
'$CURRENT_FAIRYEAR'
@ -176,11 +180,13 @@ echo mysql_error();
if($_GET['action']=="delete" && $_GET['delete'])
{
//first we need to make sure that this is their own!
$chq=mysql_query("SELECT * FROM TC_ProjectForms WHERE id='".$_GET['delete']."' AND ProjectID='$r->id' AND `year`='$CURRENT_FAIRYEAR'");
if($chr=mysql_fetch_object($chq))
$chq=$pdo->prepare("SELECT * FROM TC_ProjectForms WHERE id='".$_GET['delete']."' AND ProjectID='$r->id' AND `year`='$CURRENT_FAIRYEAR'");
$chq->execute();
if($chr=$chq->fetch(PDO::FETCH_OBJ))
{
@unlink($TCFORMSLOCATION."/".$CURRENT_FAIRYEAR."/$r->id/$chr->FormID.pdf");
mysql_query("DELETE FROM TC_ProjectForms WHERE id='".$_GET['delete']."' AND ProjectID='$r->id' AND `year`='$CURRENT_FAIRYEAR'");
$stmt = $pdo->prepare("DELETE FROM TC_ProjectForms WHERE id='".$_GET['delete']."' AND ProjectID='$r->id' AND `year`='$CURRENT_FAIRYEAR'");
$stmt->execute();
$display_happy=i18n("Form successfully deleted");
}
else
@ -245,7 +251,8 @@ function radiochange(o)
}
*/
$fq=mysql_query("SELECT * FROM isefforms ORDER BY name");
$fq=$pdo->prepare("SELECT * FROM isefforms ORDER BY name");
$fq->execute();
echo "<tr>";
echo "<th>".i18n("Form")."</th>";
@ -254,7 +261,7 @@ function radiochange(o)
echo "<th>".i18n("Upload / File")."</th>";
echo "</tr>";
while($fr=mysql_fetch_object($fq))
while($fr=$fq-fetch(PDO::FETCH_OBJ))
{
echo "<tr>";
echo "<td valign=\"top\">";

24
register_participants_main.php
View File

@ -39,22 +39,23 @@
exit;
}
$q=mysql_query("SELECT registrations.status AS status, registrations.id AS regid, students.id AS studentid, students.firstname FROM registrations,students ".
$q=$pdo->prepare("SELECT registrations.status AS status, registrations.id AS regid, students.id AS studentid, students.firstname FROM registrations,students ".
"WHERE students.email='".$_SESSION['email']."' ".
"AND registrations.num='".$_SESSION['registration_number']."' ".
"AND registrations.id='".$_SESSION['registration_id']."' ".
"AND students.registrations_id=registrations.id ".
"AND registrations.year=".$config['FAIRYEAR']." ".
"AND students.year=".$config['FAIRYEAR']);
echo mysql_error();
$q->execute();
echo $pdo->errorInfo();
if(mysql_num_rows($q)==0)
if($q->rowCount()==0)
{
header("Location: register_participants.php?action=logout");
exit;
}
$r=mysql_fetch_object($q);
$r=$q->fetch(PDO::FETCH_OBJ);
send_header("Participant Registration - Summary");
//only display the named greeting if we have their name
@ -69,8 +70,9 @@ echo mysql_error();
{
//now select their project number
$q=mysql_query("SELECT projectnumber FROM projects WHERE registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'");
$projectinfo=mysql_fetch_object($q);
$q=$pdo->prepare("SELECT projectnumber FROM projects WHERE registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'");
$q->execute();
$projectinfo=$q->fetch(PDO::FETCH_OBJ);
if($r->status=="complete")
{
@ -259,8 +261,9 @@ echo "<table><tr><td>";
{
if($config['specialawardnomination']=="date")
{
$q=mysql_query("SELECT (NOW()>'".$config['dates']['specawardregopen']."' AND NOW()<'".$config['dates']['specawardregclose']."') AS datecheck");
$r=mysql_fetch_object($q);
$q=$pdo->prepare("SELECT (NOW()>'".$config['dates']['specawardregopen']."' AND NOW()<'".$config['dates']['specawardregclose']."') AS datecheck");
$q->execute();
$r=$q->fetch(PDO::FETCH_OBJ);
//this will return 1 if its between the dates, 0 otherwise.
if($r->datecheck==1)
{
@ -281,8 +284,9 @@ echo "<table><tr><td>";
}
}
$q=mysql_query("SELECT * FROM projects WHERE registrations_id='".$_SESSION['registration_id']."' AND year='{$config['FAIRYEAR']}'");
$project=mysql_fetch_object($q);
$q=$pdo->prepare("SELECT * FROM projects WHERE registrations_id='".$_SESSION['registration_id']."' AND year='{$config['FAIRYEAR']}'");
$q->execute();
$project=$q->fetch(PDO::FETCH_OBJ);
$nominatedawards=getSpecialAwardsNominatedForProject($project->id);
$num=count($nominatedawards);
$noawards=getNominatedForNoSpecialAwardsForProject($project->id);

70
register_participants_mentor.php
View File

@ -37,22 +37,23 @@
exit;
}
$q=mysql_query("SELECT registrations.id AS regid, students.id AS studentid, students.firstname FROM registrations,students ".
$q=$pdo->prepare("SELECT registrations.id AS regid, students.id AS studentid, students.firstname FROM registrations,students ".
"WHERE students.email='".$_SESSION['email']."' ".
"AND registrations.num='".$_SESSION['registration_number']."' ".
"AND registrations.id='".$_SESSION['registration_id']."' ".
"AND students.registrations_id=registrations.id ".
"AND registrations.year=".$config['FAIRYEAR']." ".
"AND students.year=".$config['FAIRYEAR']);
echo mysql_error();
$q->execute();
echo $pdo->errorInfo();
if(mysql_num_rows($q)==0)
if($q->rowCount()==0)
{
header("Location: register_participants.php");
exit;
}
$r=mysql_fetch_object($q);
$r=$q->fetch(PDO::FETCH_OBJ);
send_header("Participant Registration - Mentor Information");
echo "<a href=\"register_participants_main.php\">&lt;&lt; ".i18n("Back to Participant Registration Summary")."</a><br />";
@ -82,17 +83,18 @@ if($_POST['action']=="save")
if($_POST['lastname'][$x])
{
//INSERT new record
mysql_query("INSERT INTO mentors (registrations_id,firstname,lastname,email,phone,organization,position,description,year) VALUES (".
$stmt = $pdo->prepare("INSERT INTO mentors (registrations_id,firstname,lastname,email,phone,organization,position,description,year) VALUES (".
"'".$_SESSION['registration_id']."', ".
"'".mysql_escape_string(stripslashes($_POST['firstname'][$x]))."', ".
"'".mysql_escape_string(stripslashes($_POST['lastname'][$x]))."', ".
"'".mysql_escape_string(stripslashes($_POST['email'][$x]))."', ".
"'".mysql_escape_string(stripslashes($_POST['phone'][$x]))."', ".
"'".mysql_escape_string(stripslashes($_POST['organization'][$x]))."', ".
"'".mysql_escape_string(stripslashes($_POST['position'][$x]))."', ".
"'".mysql_escape_string(stripslashes($_POST['description'][$x]))."', ".
"'".stripslashes($_POST['firstname'][$x])."', ".
"'".stripslashes($_POST['lastname'][$x])."', ".
"'".stripslashes($_POST['email'][$x])."', ".
"'".stripslashes($_POST['phone'][$x])."', ".
"'".stripslashes($_POST['organization'][$x])."', ".
"'".stripslashes($_POST['position'][$x])."', ".
"'".stripslashes($_POST['description'][$x])."', ".
"'".$config['FAIRYEAR']."')");
echo mysql_error();
$stmt->execute();
echo $pdo->errorInfo();
echo notice(i18n("%1 %2 successfully added",array($_POST['firstname'][$x],$_POST['lastname'][$x])));
}
@ -101,15 +103,16 @@ if($_POST['action']=="save")
else
{
//UPDATE existing record
mysql_query("UPDATE mentors SET ".
"firstname='".mysql_escape_string(stripslashes($_POST['firstname'][$x]))."', ".
"lastname='".mysql_escape_string(stripslashes($_POST['lastname'][$x]))."', ".
"email='".mysql_escape_string(stripslashes($_POST['email'][$x]))."', ".
"phone='".mysql_escape_string(stripslashes($_POST['phone'][$x]))."', ".
"organization='".mysql_escape_string(stripslashes($_POST['organization'][$x]))."', ".
"position='".mysql_escape_string(stripslashes($_POST['position'][$x]))."', ".
"description='".mysql_escape_string(stripslashes($_POST['description'][$x]))."' ".
$stmt = $pdo->prepare("UPDATE mentors SET ".
"firstname='".stripslashes($_POST['firstname'][$x])."', ".
"lastname='".stripslashes($_POST['lastname'][$x])."', ".
"email='".stripslashes($_POST['email'][$x])."', ".
"phone='".stripslashes($_POST['phone'][$x])."', ".
"organization='".stripslashes($_POST['organization'][$x])."', ".
"position='".stripslashes($_POST['position'][$x])."', ".
"description='".stripslashes($_POST['description'][$x])."' ".
"WHERE id='".$_POST['id'][$x]."'");
$stmt->execute();
echo notice(i18n("%1 %2 successfully updated",array($_POST['firstname'][$x],$_POST['lastname'][$x])));
}
@ -128,10 +131,13 @@ if($_GET['action']=="removementor")
else
{
//first make sure this is one belonging to this registration id
$q=mysql_query("SELECT id FROM mentors WHERE id='".$_GET['removementor']."' AND registrations_id='".$_SESSION['registration_id']."'");
if(mysql_num_rows($q)==1)
$q=$pdo->prepare("SELECT id FROM mentors WHERE id='".$_GET['removementor']."' AND registrations_id='".$_SESSION['registration_id']."'");
$q->execute();
if($q->rowCount()==1)
{
mysql_query("DELETE FROM mentors WHERE id='".$_GET['removementor']."' AND registrations_id='".$_SESSION['registration_id']."'");
$stmt = $pdo->prepare("DELETE FROM mentors WHERE id='".$_GET['removementor']."' AND registrations_id='".$_SESSION['registration_id']."'");
$stmt->execute();
echo notice(i18n("Mentor successfully removed"));
}
else
@ -145,17 +151,19 @@ if($_GET['action']=="removementor")
//now query and display
$q=mysql_query("SELECT nummentors FROM registrations WHERE id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'");
$r=mysql_fetch_object($q);
$q=$pdo->prepare("SELECT nummentors FROM registrations WHERE id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'");
$q->execute();
$r=$q->fetch(PDO::FETCH_OBJ);
$registrations_nummentors=$r->nummentors;
$q=mysql_query("SELECT * FROM mentors WHERE registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'");
$numfound=mysql_num_rows($q);
$q=$pdo->prepare("SELECT * FROM mentors WHERE registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'");
$q->execute();
$numfound=$q->rowCount();
if(isset($_GET['nummentors']))
{
mysql_query("UPDATE registrations SET nummentors='".$_GET['nummentors']."' WHERE id='".$_SESSION['registration_id']."'");
$stmt = $pdo->prepare("UPDATE registrations SET nummentors='".$_GET['nummentors']."' WHERE id='".$_SESSION['registration_id']."'");
$stmt->execute();
$registrations_nummentors=$_GET['nummentors'];
$numtoshow=$_GET['nummentors'];
}
@ -198,7 +206,7 @@ else if($newstatus=="complete")
echo "<input type=\"hidden\" name=\"action\" value=\"save\" />";
for($x=1;$x<=$numtoshow;$x++)
{
$mentorinfo=mysql_fetch_object($q);
$mentorinfo=$q->fetch(PDO::FETCH_OBJ);
echo "<h3>".i18n("Mentor %1 Details",array($x))."</h3>";
//if we have a valid mentor, set their ID, so we can UPDATE when we submit
//if there is no record for this mentor, then set the ID to 0, so we will INSERT when we submit

16
register_participants_namecheck.php
View File

@ -38,15 +38,15 @@
exit;
}
$q=mysql_query("SELECT * FROM students WHERE registrations_id='{$_SESSION['registration_id']}'");
echo mysql_error();
$q=$pdo->prepare("SELECT * FROM students WHERE registrations_id='{$_SESSION['registration_id']}'");
echo $pdo->errorInfo();
if(mysql_num_rows($q)==0) {
if($q->rowCount()==0) {
header("Location: register_participants.php");
exit;
}
while($s=mysql_fetch_object($q)) {
while($s=$q->fetch(PDO::FETCH_OBJ)) {
$student_display_name[]="{$s->firstname} {$s->lastname}";
}
@ -66,9 +66,13 @@
$pu = ($_POST['punc'] == 'yes') ? true : false;
if($sp && $ca && $pu) {
$q=mysql_query("UPDATE students SET namecheck_complete='yes' WHERE registrations_id='{$_SESSION['registration_id']}'");
$q=$pdo->prepare("UPDATE students SET namecheck_complete='yes' WHERE registrations_id='{$_SESSION['registration_id']}'");
$q->execute();
} else if($s->namecheck_complete!='no') {
$q=mysql_query("UPDATE students SET namecheck_complete='no' WHERE registrations_id='{$_SESSION['registration_id']}'");
$q=$pdo->prepare("UPDATE students SET namecheck_complete='no' WHERE registrations_id='{$_SESSION['registration_id']}'");
$q->execute();
}
}
}

89
register_participants_project.php
View File

@ -41,22 +41,23 @@
exit;
}
$q=mysql_query("SELECT registrations.id AS regid, students.id AS studentid, students.firstname FROM registrations,students ".
$q=$pdo->prepare("SELECT registrations.id AS regid, students.id AS studentid, students.firstname FROM registrations,students ".
"WHERE students.email='".$_SESSION['email']."' ".
"AND registrations.num='".$_SESSION['registration_number']."' ".
"AND registrations.id='".$_SESSION['registration_id']."' ".
"AND students.registrations_id=registrations.id ".
"AND registrations.year=".$config['FAIRYEAR']." ".
"AND students.year=".$config['FAIRYEAR']);
echo mysql_error();
$q->execute();
echo $pdo->errorInfo();
if(mysql_num_rows($q)==0)
if($q->rowCount()==0)
{
header("Location: register_participants.php");
exit;
}
$authinfo=mysql_fetch_object($q);
$authinfo=$q->fetch(PDO::FETCH_OBJ);
//send the header
send_header("Participant Registration - Project Information");
@ -86,8 +87,9 @@ echo mysql_error();
else
{
//first, lets make sure this project really does belong to them
$q=mysql_query("SELECT * FROM projects WHERE id='".$_POST['id']."' AND registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'");
if(mysql_num_rows($q)==1)
$q=$pdo->prepare("SELECT * FROM projects WHERE id='".$_POST['id']."' AND registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'");
$q->execute();
if($q->rowCount()==1)
{
$summarywords=preg_split("/[\s,]+/",$_POST['summary']);
$summarywordcount=count($summarywords);
@ -114,21 +116,22 @@ echo mysql_error();
else
$shorttitle=stripslashes($_POST['shorttitle']);
mysql_query("UPDATE projects SET ".
"title='".mysql_escape_string($title)."', ".
"shorttitle='".mysql_escape_string($shorttitle)."', ".
"projectdivisions_id='".intval($_POST['projectdivisions_id'])."', ".
"projecttype='".mysql_escape_string(stripslashes($_POST['projecttype']))."', ".
"language='".mysql_escape_string(stripslashes($_POST['language']))."', ".
"req_table='".mysql_escape_string(stripslashes($_POST['req_table']))."', ".
"req_electricity='".mysql_escape_string(stripslashes($_POST['req_electricity']))."', ".
"req_special='".mysql_escape_string(stripslashes($_POST['req_special']))."', ".
"human_participants='".mysql_escape_string(stripslashes($_POST['human_participants']))."', ".
"animal_participants='".mysql_escape_string(stripslashes($_POST['animal_participants']))."', ".
"summary='".mysql_escape_string(stripslashes($_POST['summary']))."', ".
$stmt = $pdo->prepare("UPDATE projects SET ".
"title='".$title."', ".
"shorttitle='".$shorttitle."', ".
"projectdivisions_id='".intval($_POST['projectdivisions_id']."', ".
"projecttype='".stripslashes($_POST['projecttype'])."', ".
"language='".stripslashes($_POST['language'])."', ".
"req_table='".stripslashes($_POST['req_table'])."', ".
"req_electricity='".stripslashes($_POST['req_electricity'])."', ".
"req_special='".stripslashes($_POST['req_special'])."', ".
"human_participants='".stripslashes($_POST['human_participants'])."', ".
"animal_participants='".stripslashes($_POST['animal_participants'])."', ".
"summary='".stripslashes($_POST['summary'])."', ".
"summarycountok='$summarycountok'".
"WHERE id='".$_POST['id']."'");
echo mysql_error();
$stmt->execute();
echo $pdo->errorInfo();
echo notice(i18n("Project information successfully updated"));
}
else
@ -140,12 +143,14 @@ echo mysql_error();
//now lets find out their MAX grade, so we can pre-set the Age Category
$q=mysql_query("SELECT MAX(grade) AS maxgrade FROM students WHERE registrations_id='".$_SESSION['registration_id']."'");
$gradeinfo=mysql_fetch_object($q);
$q=$pdo->prepare("SELECT MAX(grade) AS maxgrade FROM students WHERE registrations_id='".$_SESSION['registration_id']."'");
$q->execute();
$gradeinfo=$q->fetch(PDO::FETCH_OBJ);
//now lets grab all the age categories, so we can choose one based on the max grade
$q=mysql_query("SELECT * FROM projectcategories WHERE year='".$config['FAIRYEAR']."' ORDER BY id");
while($r=mysql_fetch_object($q))
$q=$pdo->prepare("SELECT * FROM projectcategories WHERE year='".$config['FAIRYEAR']."' ORDER BY id");
$q->execute();
while($r=$q->fetch(PDO::FETCH_OBJ))
{
//save these in an array, just incase we need them later (FIXME: remove this array if we dont need it)
$agecategories[$r->id]['category']=$r->category;
@ -158,22 +163,27 @@ echo mysql_error();
}
}
//now select their project info
$q=mysql_query("SELECT * FROM projects WHERE registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'");
//check if it exists, if we didnt find any record, lets insert one
if(mysql_num_rows($q)==0)
$q=$pdo->prepare("SELECT * FROM projects WHERE registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'");
$q->execute();
/check if it exists, if we didnt find any record, lets insert one
if($q->rowCount()==0)
{
mysql_query("INSERT INTO projects (registrations_id,projectcategories_id,year) VALUES ('".$_SESSION['registration_id']."','$projectcategories_id','".$config['FAIRYEAR']."')");
$stmt = $pdo->prepare("INSERT INTO projects (registrations_id,projectcategories_id,year) VALUES ('".$_SESSION['registration_id']."','$projectcategories_id','".$config['FAIRYEAR']."')");
$stmt->execute();
//now query the one we just inserted
$q=mysql_query("SELECT * FROM projects WHERE registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'");
}
$projectinfo=mysql_fetch_object($q);
$q=$pdo->prepare("SELECT * FROM projects WHERE registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'");
$q->execute();
}
$projectinfo=$q->fetch(PDO::FETCH_OBJ);
//make sure that if they changed their grade on the student page, we update their projectcategories_id accordingly
if($projectcategories_id && $projectinfo->projectcategories_id!=$projectcategories_id)
{
echo notice(i18n("Age category changed, updating to %1",array($agecategories[$projectcategories_id]['category'])));
mysql_query("UPDATE projects SET projectcategories_id='$projectcategories_id' WHERE id='$projectinfo->id'");
}
$stmt = $pdo->prepare("UPDATE projects SET projectcategories_id='$projectcategories_id' WHERE id='$projectinfo->id'");
$stmt->execute();
}
@ -235,14 +245,16 @@ function countwords()
//###### Feature Specific - filtering divisions by category
if($config['filterdivisionbycategory']=="yes"){
$q=mysql_query("SELECT projectdivisions.* FROM projectdivisions,projectcategoriesdivisions_link WHERE projectdivisions.id=projectdivisions_id AND projectcategories_id=".$projectcategories_id." AND projectdivisions.year='".$config['FAIRYEAR']."' AND projectcategoriesdivisions_link.year='".$config['FAIRYEAR']."' ORDER BY division");
echo mysql_error();
$q=$pdo->prepare("SELECT projectdivisions.* FROM projectdivisions,projectcategoriesdivisions_link WHERE projectdivisions.id=projectdivisions_id AND projectcategories_id=".$projectcategories_id." AND projectdivisions.year='".$config['FAIRYEAR']."' AND projectcategoriesdivisions_link.year='".$config['FAIRYEAR']."' ORDER BY division");
$q->execute();
echo $pdo->errorInfo();
}else
$q=mysql_query("SELECT * FROM projectdivisions WHERE year='".$config['FAIRYEAR']."' ORDER BY division");
$q=$pdo->prepare("SELECT * FROM projectdivisions WHERE year='".$config['FAIRYEAR']."' ORDER BY division");
$q->execute();
echo "<select name=\"projectdivisions_id\">";
echo "<option value=\"\">".i18n("Select a division")."</option>\n";
while($r=mysql_fetch_object($q))
while($r=$q->fetch(PDO::FETCH_OBJ))
{
if($r->id == $projectinfo->projectdivisions_id) $sel="selected=\"selected\""; else $sel="";
echo "<option $sel value=\"$r->id\">".htmlspecialchars(i18n($r->division))."</option>\n";
@ -268,12 +280,13 @@ function countwords()
echo "</td></tr>";
if($config['project_type'] == 'yes'){
$q=mysql_query("SELECT * FROM projecttypes ORDER BY type");
$q=$pdo->prepare("SELECT * FROM projecttypes ORDER BY type");
$q->execute();
echo "<tr><td>".i18n("Project Type").": </td><td>";
echo "<select name=\"projecttype\">\n";
echo "<option value=\"\">".i18n("Select a project")."</option>\n";
while($r=mysql_fetch_object($q))
while($r=$q->fetch(PDO::FETCH_OBJ))
{
if($r->type == $projectinfo->projecttype)
{

23
register_participants_project_divisionselector.php
View File

@ -37,32 +37,33 @@
exit;
}
$q=mysql_query("SELECT registrations.id AS regid, students.id AS studentid, students.firstname FROM registrations,students ".
$q=$pdo->prepare("SELECT registrations.id AS regid, students.id AS studentid, students.firstname FROM registrations,students ".
"WHERE students.email='".$_SESSION['email']."' ".
"AND registrations.num='".$_SESSION['registration_number']."' ".
"AND registrations.id='".$_SESSION['registration_id']."' ".
"AND students.registrations_id=registrations.id ".
"AND registrations.year=".$config['FAIRYEAR']." ".
"AND students.year=".$config['FAIRYEAR']);
echo mysql_error();
$q->execute();
echo $pdo->errorInfo();
if(mysql_num_rows($q)==0)
if($q->rowCount()==0)
{
header("Location: register_participants.php");
exit;
}
$authinfo=mysql_fetch_object($q);
$authinfo=$q->fetch(PDO::FETCH_OBJ);
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head><title><?=i18n("Division Selector")?></title>
<link rel="stylesheet" href="<?=$config['SFIABDIRECTORY']?>/sfiab.css" type="text/css" />
</head>
</head>testi-bg.jpg
<body>
<?
echo "<div id=\"emptypopup\">";
echo "<div id=\"emptypopup\">";testi-bg.jpg
if($_GET['division'])
{
@ -72,8 +73,9 @@ echo mysql_error();
opener.document.forms.projectform.projectdivisions_id.selectedIndex=<?=$_GET['division']?>
</script>
<?
$q=mysql_query("SELECT * FROM projectdivisions WHERE id='".$_GET['division']."'");
$r=mysql_fetch_object($q);
$q=$pdo->prepare("SELECT * FROM projectdivisions WHERE id='".$_GET['division']."'");
$q->execute();
$r=$q->fetch(PDO::FETCH_OBJ);
echo "<h2>".i18n($r->division)."</h2>\n";
echo "<a href=\"".$_SERVER['PHP_SELF']."\">".i18n("Restart division selector")."</a>";
echo "<br />";
@ -87,8 +89,9 @@ echo mysql_error();
$id=1;
else
$id=$_GET['id'];
$q=mysql_query("SELECT * FROM projectdivisionsselector WHERE id='$id'");
$r=mysql_fetch_object($q);
$q=$pdo->prepare("SELECT * FROM projectdivisionsselector WHERE id='$id'");
$q->execute();
$r=$q->fetch(PDO::FETCH_OBJ);
echo i18n($r->question);
echo "<br />";
echo "<br />";

33
register_participants_safety.php
View File

@ -1,5 +1,5 @@
<?
/*
/* mysql_query
This file is part of the 'Science Fair In A Box' project
SFIAB Website: http://www.sfiab.ca
@ -35,20 +35,21 @@
exit;
}
$q=mysql_query("SELECT registrations.id AS regid, students.id AS studentid, students.firstname FROM registrations,students ".
$q=$pdo->prepare("SELECT registrations.id AS regid, students.id AS studentid, students.firstname FROM registrations,students ".
"WHERE students.email='".$_SESSION['email']."' ".
"AND registrations.num='".$_SESSION['registration_number']."' ".
"AND registrations.id='".$_SESSION['registration_id']."' ".
"AND students.registrations_id=registrations.id ".
"AND registrations.year=".$config['FAIRYEAR']." ".
"AND students.year=".$config['FAIRYEAR']);
echo mysql_error();
$q->execute();
echo $pdo->errorInfo();
if(mysql_num_rows($q)==0) {
if($q->rowCount()==0) {
header("Location: register_participants.php");
exit;
}
$authinfo=mysql_fetch_object($q);
$authinfo=$q->fetch(PDO::FETCH_OBJ);
//send the header
send_header("Participant Registration - Safety Information");
@ -65,16 +66,18 @@ echo mysql_error();
}
else {
//first we will delete all their old answer, its easier to delete and re-insert in this case then it would be to find the corresponding answers and update them
mysql_query("DELETE FROM safety WHERE registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'");
$stmt = $pdo->prepare("DELETE FROM safety WHERE registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'");
$stmt->execute();
if(is_array($_POST['safety'])) {
$safetyids=array_keys($_POST['safety']);
foreach($safetyids AS $key=>$val) {
mysql_query("INSERT INTO safety (registrations_id,safetyquestions_id,year,answer) VALUES (".
$stmt = $pdo->prepare("INSERT INTO safety (registrations_id,safetyquestions_id,year,answer) VALUES (".
"'".$_SESSION['registration_id']."', ".
"'$val', ".
"'".$config['FAIRYEAR']."', ".
"'".mysql_escape_string(stripslashes($_POST['safety'][$val]))."')");
echo mysql_error();
"'".stripslashes($_POST['safety'][$val]))."')";
$stmt->execute();
echo $pdo->errorInfo();
}
}
}
@ -89,13 +92,15 @@ else if($newstatus=="complete") {
echo happy(i18n("Safety Information Complete"));
}
$q=mysql_query("SELECT * FROM safety WHERE registrations_id='".$_SESSION['registration_id']."'");
while($r=mysql_fetch_object($q)) {
$q=$pdo->prepare("SELECT * FROM safety WHERE registrations_id='".$_SESSION['registration_id']."'");
$q->execute();
while($r=$q->fetch(PDO::FETCH_OBJ)) {
$safetyanswers[$r->safetyquestions_id]=$r->answer;
}
$q=mysql_query("SELECT * FROM safetyquestions WHERE year='".$config['FAIRYEAR']."' ORDER BY ord");
if(mysql_num_rows($q)) {
$q=$pdo->prepare("SELECT * FROM safetyquestions WHERE year='".$config['FAIRYEAR']."' ORDER BY ord");
$q->execute();
if($q->rowCount()) {
echo i18n("Please agree to / answer the following safety questions by checking the box next to the question, or choosing the appropriate answer");
echo "<br />";
echo "<br />";
@ -103,7 +108,7 @@ else if($newstatus=="complete") {
echo "<input type=\"hidden\" name=\"action\" value=\"save\">\n";
echo "<table class=\"tableedit\">\n";
$num=1;
while($r=mysql_fetch_object($q)) {
while($r=$q->fetch(PDO::FETCH_OBJ)) {
$trclass=($num%2==0?"odd":"even");
echo "<tr class=\"$trclass\"><td><b>$num</b>. </td><td>";
if($r->required=="yes") echo REQUIREDFIELD;

49
register_participants_signature.php
View File

@ -45,7 +45,7 @@
exit;
}
$q=mysql_query("SELECT registrations.id AS regid, students.id AS studentid, students.firstname FROM registrations,students ".
$q=$pdo->prepare("SELECT registrations.id AS regid, students.id AS studentid, students.firstname FROM registrations,students ".
"WHERE students.email='".$_SESSION['email']."' ".
"AND registrations.num='".$_SESSION['registration_number']."' ".
"AND registrations.id='".$_SESSION['registration_id']."' ".
@ -55,16 +55,17 @@
$registration_number=$_SESSION['registration_number'];
$registration_id=$_SESSION['registration_id'];
$q->execute();
echo mysql_error();
echo $pdo->errorInfo();
if(mysql_num_rows($q)==0)
if($q->rowCount()==0)
{
header("Location: register_participants.php");
exit;
}
$authinfo=mysql_fetch_object($q);
$authinfo=$q->fetch(PDO::FETCH_OBJ);
}
//END OF AUTH, now lets try to generate a PDF using only PHP :) this should be fun!
@ -106,7 +107,7 @@ $pdf->newPage();
else
{
//grab the project info
$q=mysql_query("SELECT projects.*,
$q=$pdo->prepare("SELECT projects.*,
projectcategories.category,
projectdivisions.division
FROM projects
@ -117,10 +118,12 @@ $pdf->newPage();
AND projectdivisions.year='".$config['FAIRYEAR']."'
AND projectcategories.year='".$config['FAIRYEAR']."'
");
$projectinfo=mysql_fetch_object($q);
$q->execute();
$projectinfo=$q->fetch(PDO::FETCH_OBJ);
$q=mysql_query("SELECT * FROM students WHERE registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'");
while($si=mysql_fetch_object($q))
$q=$pdo->prepare("SELECT * FROM students WHERE registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'");
$q->execute();
while($si=$q->fetch(PDO::FETCH_OBJ))
$studentinfoarray[]=$si;
}
@ -141,8 +144,9 @@ $pdf->newPage();
foreach($studentinfoarray AS $studentinfo)
{
if(!$_GET['sample']) {
$qq = mysql_query("SELECT school FROM schools WHERE id={$studentinfo->schools_id}");
$rr = mysql_fetch_object($qq);
$qq = $pdo->prepare("SELECT school FROM schools WHERE id={$studentinfo->schools_id}");
$qq->execute();
$rr = $qq->fetch(PDO::FETCH_OBJ);
}
$pdf->addTextX("$studentinfo->firstname $studentinfo->lastname, Grade {$studentinfo->grade}, {$rr->school}", 1.5);
@ -154,8 +158,9 @@ $pdf->newPage();
$pdf->hr();
$q=mysql_query("SELECT * FROM signaturepage WHERE name='exhibitordeclaration'");
$r=mysql_fetch_object($q);
$q=$pdo->prepare("SELECT * FROM signaturepage WHERE name='exhibitordeclaration'");
$q->execute();
$r=$q->fetch(PDO::FETCH_OBJ);
if($r->use)
{
$pdf->heading(i18n("Exhibitor Declaration"));
@ -201,8 +206,9 @@ $pdf->newPage();
$pdf->hr();
}
$q=mysql_query("SELECT * FROM signaturepage WHERE name='parentdeclaration'");
$r=mysql_fetch_object($q);
$q=$pdo->prepare("SELECT * FROM signaturepage WHERE name='parentdeclaration'");
$q->execute();
$r=$q->fetch(PDO::FETCH_OBJ);
if($r->use)
{
//now for the parent/guardian signatures
@ -240,8 +246,9 @@ $pdf->newPage();
$pdf->hr();
}
$q=mysql_query("SELECT * FROM signaturepage WHERE name='teacherdeclaration'");
$r=mysql_fetch_object($q);
$q=$pdo->prepare("SELECT * FROM signaturepage WHERE name='teacherdeclaration'");
$q->execute();
$r=$q->fetch(PDO::FETCH_OBJ);
if($r->use)
{
//now for the teacher signature
@ -280,8 +287,9 @@ $pdf->newPage();
$pdf->hr();
}
$q=mysql_query("SELECT * FROM signaturepage WHERE name='regfee'");
$r=mysql_fetch_object($q);
$q=$pdo->prepare("SELECT * FROM signaturepage WHERE name='regfee'");
$q->execute();
$r=$q->fetch(PDO::FETCH_OBJ);
if($r->use)
{
//now for the teacher signature
@ -318,8 +326,9 @@ $pdf->newPage();
$pdf->hr();
}
$q=mysql_query("SELECT * FROM signaturepage WHERE name='postamble'");
$r=mysql_fetch_object($q);
$q=$pdo->prepare("SELECT * FROM signaturepage WHERE name='postamble'");
$q->execute();
$r=$q->fetch(PDO::FETCH_OBJ);
if($r->use)
{
//now for the teacher signature

49
register_participants_signature_tcpdf.php
View File

@ -41,7 +41,7 @@
exit;
}
$q=mysql_query("SELECT registrations.id AS regid, students.id AS studentid, students.firstname
$q=$pdo->prepare("SELECT registrations.id AS regid, students.id AS studentid, students.firstname
FROM registrations,students
WHERE students.email='{$_SESSION['email']}'
AND registrations.num='{$_SESSION['registration_number']}'
@ -51,15 +51,16 @@
AND students.year={$config['FAIRYEAR']}");
$registration_number=$_SESSION['registration_number'];
$registration_id=$_SESSION['registration_id'];
$q->execute();
echo mysql_error();
echo $pdo->errorInfo();
if(mysql_num_rows($q)==0) {
if($q->rowCount()==0) {
header("Location: register_participants.php");
exit;
}
$authinfo=mysql_fetch_object($q);
$authinfo=$q->fetch(PDO::FETCH_OBJ);
}
//END OF AUTH, now lets try to generate a PDF using only PHP :) this should be fun!
@ -86,7 +87,7 @@ $pdf->AddPage();
$rr->school="SampleSchool";
} else {
//grab the project info
$q=mysql_query("SELECT projects.*,
$q=$pdo->prepare("SELECT projects.*,
projectcategories.category,
projectdivisions.division
FROM projects
@ -97,10 +98,12 @@ $pdf->AddPage();
AND projectdivisions.year='".$config['FAIRYEAR']."'
AND projectcategories.year='".$config['FAIRYEAR']."'
");
$projectinfo=mysql_fetch_object($q);
$q->execute();
$projectinfo=$q->fetch(PDO::FETCH_OBJ);
$q=mysql_query("SELECT * FROM students WHERE registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'");
while($si=mysql_fetch_object($q))
$q=$pdo->prepare("SELECT * FROM students WHERE registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'");
$q->execute();
while($si=$q->fetch(PDO::FETCH_OBJ))
$studentinfoarray[]=$si;
}
@ -115,8 +118,9 @@ $pdf->AddPage();
$students = "";
foreach($studentinfoarray AS $studentinfo) {
if(!$_GET['sample']) {
$qq = mysql_query("SELECT school FROM schools WHERE id={$studentinfo->schools_id}");
$rr = mysql_fetch_object($qq);
$qq = $pdo->prepare("SELECT school FROM schools WHERE id={$studentinfo->schools_id}");
$qq->execute();
$rr = $qq->fetch(PDO::FETCH_OBJ);
}
if($students != '') $students .= '<br/>';
$students .= "{$studentinfo->firstname} {$studentinfo->lastname}, Grade {$studentinfo->grade}, {$rr->school}";
@ -144,8 +148,9 @@ function sig($pdf, $text)
$pdf->Cell(60, $height_font, i18n('Date'), 'T', 1, 'C');
}
$q=mysql_query("SELECT * FROM signaturepage WHERE name='exhibitordeclaration'");
$r=mysql_fetch_assoc($q);
$q=$pdo->prepare("SELECT * FROM signaturepage WHERE name='exhibitordeclaration'");
$q->execute();
$r=$q->fetch(PDO::FETCH_ASSOC);
if($r['use']) {
$t = nl2br($r['text']);
$pdf->WriteHTML("<h3>".i18n('Exhibitor Declaration')."</h3>$t");
@ -156,8 +161,9 @@ function sig($pdf, $text)
$pdf->WriteHTML("<br><hr>");
}
$q=mysql_query("SELECT * FROM signaturepage WHERE name='parentdeclaration'");
$r=mysql_fetch_assoc($q);
$q=$pdo->prepare("SELECT * FROM signaturepage WHERE name='parentdeclaration'");
$q->execute();
$r=$q->fetch(PDO::FETCH_ASSOC);
if($r['use']) {
$t = nl2br($r['text']);
$pdf->WriteHTML("<h3>".i18n('Parent/Guardian Declaration')."</h3>$t");
@ -168,8 +174,9 @@ function sig($pdf, $text)
$pdf->WriteHTML("<br><hr>");
}
$q=mysql_query("SELECT * FROM signaturepage WHERE name='teacherdeclaration'");
$r=mysql_fetch_assoc($q);
$q=$pdo->prepare("SELECT * FROM signaturepage WHERE name='teacherdeclaration'");
$q->execute();
$r=$q->fetch(PDO::FETCH_ASSOC);
if($r['use']) {
$t = nl2br($r['text']);
$pdf->WriteHTML("<h3>".i18n('Teacher Declaration')."</h3>$t");
@ -177,8 +184,9 @@ function sig($pdf, $text)
$pdf->WriteHTML("<br><hr>");
}
$q=mysql_query("SELECT * FROM signaturepage WHERE name='regfee'");
$r=mysql_fetch_assoc($q);
$q=$pdo->prepare("SELECT * FROM signaturepage WHERE name='regfee'");
$q->execute();
$r=$q->fetch(PDO::FETCH_ASSOC);
if($r['use']) {
$pdf->WriteHTML("<h3>".i18n('Registration Fee Summary')."</h3><br>");
@ -207,8 +215,9 @@ function sig($pdf, $text)
$pdf->WriteHTML("<br><hr>");
}
$q=mysql_query("SELECT * FROM signaturepage WHERE name='postamble'");
$r=mysql_fetch_assoc($q);
$q=$pdo->prepare("SELECT * FROM signaturepage WHERE name='postamble'");
$q->execute();
$r=$q->fetch(PDO::FETCH_ASSOC);
if($r['use']) {
$t = nl2br($r['text']);
$pdf->WriteHTML("<h3>".i18n('Additional Information')."</h3>$t");

29
register_participants_spawards.php
View File

@ -36,24 +36,26 @@
exit;
}
$q=mysql_query("SELECT registrations.id AS regid, students.id AS studentid, students.firstname FROM registrations,students ".
$q=$pdo->prepare("SELECT registrations.id AS regid, students.id AS studentid, students.firstname FROM registrations,students ".
"WHERE students.email='".$_SESSION['email']."' ".
"AND registrations.num='".$_SESSION['registration_number']."' ".
"AND registrations.id='".$_SESSION['registration_id']."' ".
"AND students.registrations_id=registrations.id ".
"AND registrations.year=".$config['FAIRYEAR']." ".
"AND students.year=".$config['FAIRYEAR']);
echo mysql_error();
$q->execute();
echo $pdo->errorInfo();
if(mysql_num_rows($q)==0) {
if($q->rowCount()==0) {
header("Location: register_participants.php");
exit;
}
$authinfo=mysql_fetch_object($q);
$authinfo=$q->fetch(PDO::FETCH_OBJ);
$q=mysql_query("SELECT * FROM projects WHERE registrations_id='".$_SESSION['registration_id']."'");
$project=mysql_fetch_object($q);
$q=$pdo->prepare("SELECT * FROM projects WHERE registrations_id='".$_SESSION['registration_id']."'");
$q->execute();
$project=$q->fetch(PDO::FETCH_OBJ);
//send the header
send_header("Participant Registration - Self-Nomination for Special Awards");
@ -87,8 +89,9 @@ function checkboxclicked(b)
if($config['specialawardnomination']=="date") {
echo notice(i18n("Special award self-nomination is only available from %1 to %2. Please make sure you complete your nominations between these dates.", array($config['dates']['specawardregopen'],$config['dates']['specawardregclose'])));
$q=mysql_query("SELECT (NOW()>'".$config['dates']['specawardregopen']."' AND NOW()<'".$config['dates']['specawardregclose']."') AS datecheck");
$r=mysql_fetch_object($q);
$q=$pdo->prepare("SELECT (NOW()>'".$config['dates']['specawardregopen']."' AND NOW()<'".$config['dates']['specawardregclose']."') AS datecheck");
$q->execute();
$r=$q->fetch(PDO::FETCH_OBJ);
//this will return 1 if its between the dates, 0 otherwise.
if($r->datecheck==1)
$readonly=false;
@ -123,16 +126,18 @@ function checkboxclicked(b)
}
else
{
mysql_query("DELETE FROM project_specialawards_link WHERE projects_id='$project->id' AND year='".$config['FAIRYEAR']."'");
$stmt =$pdo->prepare("DELETE FROM project_specialawards_link WHERE projects_id='$project->id' AND year='".$config['FAIRYEAR']."'");
$stmt-execute();
foreach($splist AS $spaward)
{
$s = ($spaward == -1) ? "NULL" : "'$spaward'";
mysql_query("INSERT INTO project_specialawards_link (award_awards_id,projects_id,year) VALUES (".
$stmt = $pdo->prepare("INSERT INTO project_specialawards_link (award_awards_id,projects_id,year) VALUES (".
"$s, ".
"'$project->id', ".
"'".$config['FAIRYEAR']."')");
echo mysql_error();
$stmt->execute();
echo $pdo->errorInfo();
}
if($num) {
if($noawards == true)

158
register_participants_students.php
View File

@ -37,32 +37,33 @@
exit;
}
$fairyear = intval($config['FAIRYEAR']);
$q=mysql_query("SELECT registrations.id AS regid, students.id AS studentid, students.firstname FROM registrations,students ".
"WHERE students.email='" . mysql_real_escape_string($_SESSION['email']) . "' ".
"AND registrations.num='" . mysql_real_escape_string($_SESSION['registration_number']) . "' ".
"AND registrations.id='" . mysql_real_escape_string($_SESSION['registration_id']) . "' ".
$q=yahoo_image.png.pnguery("SELECT registrations.id AS regid, students.id AS studentid, students.firstname FROM registrations,students ".
"WHERE students.email='" . $_SESSION['email'] . "' ".
"AND registrations.num='" . $_SESSION['registration_number'] . "' ".
"AND registrations.id='" . $_SESSION['registration_id'] . "' ".
"AND students.registrations_id=registrations.id ".
"AND registrations.year=" . $fairyear . " ".
"AND students.year=" . $fairyear);
echo mysql_error();
echo $pdo->errorInfo();
if(mysql_num_rows($q)==0)
if($q->rowCount()==0)
{
header("Location: register_participants.php");
exit;
}
$r=mysql_fetch_object($q);
$r=$q->fetch(PDO::FETCH_OBJ);
send_header("Participant Registration - Student Information");
echo "<a href=\"register_participants_main.php\">&lt;&lt; ".i18n("Back to Participant Registration Summary")."</a><br />";
echo "<br />";
$regfee_items = array();
$items_q = mysql_query("SELECT * FROM regfee_items
$items_q = $pdo->prepare("SELECT * FROM regfee_items
WHERE year='{$config['FAIRYEAR']}'");
while($items_i = mysql_fetch_assoc($items_q)) {
$items_q->execute();
while($items_i = $items_q->fetch(PDO::FETCH_ASSOC)) {
$regfee_items[] = $items_i;
}
@ -90,41 +91,42 @@ if($_POST['action']=="save")
//if they use schoolpassword or singlepassword, then we need to set the school based on the school stored in the registration record. for anything else they can school the school on their own.
if($config['participant_registration_type']=="schoolpassword" || $config['participant_registration_type']=="invite")
{
$q=mysql_query("SELECT schools_id FROM registrations WHERE id='".$_SESSION['registration_id']."' AND YEAR='".$config['FAIRYEAR']."'");
$r=mysql_fetch_object($q);
$q=$pdo->prepare("SELECT schools_id FROM registrations WHERE id='".$_SESSION['registration_id']."' AND YEAR='".$config['FAIRYEAR']."'");
$q->execute();
$r=$q->fetch(PDO::FETCH_OBJ);
$schools_id=$r->schools_id;
$schoolvalue="'$schools_id', ";
}
else
{
$schoolvalue="'".mysql_real_escape_string(stripslashes($_POST['schools_id'][$x]))."', ";
$schoolvalue="'".stripslashes($_POST['schools_id'][$x])."', ";
}
//INSERT new record
$dob=$_POST['year'][$x]."-".$_POST['month'][$x]."-".$_POST['day'][$x];
mysql_query("INSERT INTO students (registrations_id,firstname,lastname,pronunciation,sex,email,address,city,county,province,postalcode,phone,dateofbirth,grade,schools_id,tshirt,medicalalert,foodreq,teachername,teacheremail,year) VALUES (".
$stmt = $pdo->prepare("INSERT INTO students (registrations_id,firstname,lastname,pronunciation,sex,email,address,city,county,province,postalcode,phone,dateofbirth,grade,schools_id,tshirt,medicalalert,foodreq,teachername,teacheremail,year) VALUES (".
"'".$_SESSION['registration_id']."', ".
"'".mysql_real_escape_string(stripslashes($_POST['firstname'][$x]))."', ".
"'".mysql_real_escape_string(stripslashes($_POST['lastname'][$x]))."', ".
"'".mysql_real_escape_string(stripslashes($_POST['pronunciation'][$x]))."', ".
"'".mysql_real_escape_string(stripslashes($_POST['sex'][$x]))."', ".
"'".mysql_real_escape_string(stripslashes($_POST['email'][$x]))."', ".
"'".mysql_real_escape_string(stripslashes($_POST['address'][$x]))."', ".
"'".mysql_real_escape_string(stripslashes($_POST['city'][$x]))."', ".
"'".mysql_real_escape_string(stripslashes($_POST['county'][$x]))."', ".
"'".mysql_real_escape_string(stripslashes($_POST['province'][$x]))."', ".
"'".mysql_real_escape_string(stripslashes($_POST['postalcode'][$x]))."', ".
"'".mysql_real_escape_string(stripslashes($_POST['phone'][$x]))."', ".
"'".stripslashes($_POST['firstname'][$x])."', ".
"'".stripslashes($_POST['lastname'][$x])."', ".
"'".stripslashes($_POST['pronunciation'][$x])."', ".
"'".stripslashes($_POST['sex'][$x])."', ".
"'".stripslashes($_POST['email'][$x])."', ".
"'".stripslashes($_POST['address'][$x])."', ".
"'".stripslashes($_POST['city'][$x])."', ".
"'".stripslashes($_POST['county'][$x])."', ".
"'".stripslashes($_POST['province'][$x])."', ".
"'".stripslashes($_POST['postalcode'][$x])."', ".
"'".stripslashes($_POST['phone'][$x])."', ".
"'$dob', ".
"'".mysql_real_escape_string(stripslashes($_POST['grade'][$x]))."', ".
"'".stripslashes($_POST['grade'][$x])."', ".
$schoolvalue.
"'".mysql_real_escape_string(stripslashes($_POST['tshirt'][$x]))."', ".
"'".mysql_real_escape_string(stripslashes($_POST['medicalalert'][$x]))."', ".
"'".mysql_real_escape_string(stripslashes($_POST['foodreq'][$x]))."', ".
"'".mysql_real_escape_string(stripslashes($_POST['teachername'][$x]))."', ".
"'".mysql_real_escape_string(stripslashes($_POST['teacheremail'][$x]))."', ".
"'".stripslashes($_POST['tshirt'][$x])."', ".
"'".stripslashes($_POST['medicalalert'][$x])."', ".
"'".stripslashes($_POST['foodreq'][$x])."', ".
"'".stripslashes($_POST['teachername'][$x])."', ".
"'".stripslashes($_POST['teacheremail'][$x])."', ".
"'".$config['FAIRYEAR']."')");
$students_id = mysql_insert_id();
$students_id = $pdo->lastInsertId();
echo notice(i18n("%1 %2 successfully added",array($_POST['firstname'][$x],$_POST['lastname'][$x])));
@ -139,44 +141,46 @@ if($_POST['action']=="save")
}
else
{
$schoolquery="schools_id='".mysql_real_escape_string(stripslashes($_POST['schools_id'][$x]))."', ";
$schoolquery="schools_id='".stripslashes($_POST['schools_id'][$x])."', ";
}
//UPDATE existing record
$dob=$_POST['year'][$x]."-".$_POST['month'][$x]."-".$_POST['day'][$x];
mysql_query("UPDATE students SET ".
"firstname='".mysql_real_escape_string(stripslashes($_POST['firstname'][$x]))."', ".
"lastname='".mysql_real_escape_string(stripslashes($_POST['lastname'][$x]))."', ".
"pronunciation='".mysql_real_escape_string(stripslashes($_POST['pronunciation'][$x]))."', ".
"sex='".mysql_real_escape_string(stripslashes($_POST['sex'][$x]))."', ".
"email='".mysql_real_escape_string(stripslashes($_POST['email'][$x]))."', ".
"address='".mysql_real_escape_string(stripslashes($_POST['address'][$x]))."', ".
"city='".mysql_real_escape_string(stripslashes($_POST['city'][$x]))."', ".
"county='".mysql_real_escape_string(stripslashes($_POST['county'][$x]))."', ".
"province='".mysql_real_escape_string(stripslashes($_POST['province'][$x]))."', ".
"postalcode='".mysql_real_escape_string(stripslashes($_POST['postalcode'][$x]))."', ".
"phone='".mysql_real_escape_string(stripslashes($_POST['phone'][$x]))."', ".
$stmt = $pdo->prepare("UPDATE students SET ".
"firstname='".stripslashes($_POST['firstname'][$x])."', ".
"lastname='".stripslashes($_POST['lastname'][$x])."', ".
"pronunciation='".stripslashes($_POST['pronunciation'][$x])."', ".
"sex='".stripslashes($_POST['sex'][$x])."', ".
"email='".stripslashes($_POST['email'][$x])."', ".
"address='".stripslashes($_POST['address'][$x])."', ".
"city='".stripslashes($_POST['city'][$x])."', ".
"county='".stripslashes($_POST['county'][$x])."', ".
"province='".stripslashes($_POST['province'][$x])."', ".
"postalcode='".stripslashes($_POST['postalcode'][$x])."', ".
"phone='".stripslashes($_POST['phone'][$x])."', ".
"dateofbirth='$dob', ".
"grade='".mysql_real_escape_string(stripslashes($_POST['grade'][$x]))."', ".
"grade='".stripslashes($_POST['grade'][$x])."', ".
$schoolquery.
"medicalalert='".mysql_real_escape_string(stripslashes($_POST['medicalalert'][$x]))."', ".
"foodreq='".mysql_real_escape_string(stripslashes($_POST['foodreq'][$x]))."', ".
"teachername='".mysql_real_escape_string(stripslashes($_POST['teachername'][$x]))."', ".
"teacheremail='".mysql_real_escape_string(stripslashes($_POST['teacheremail'][$x]))."', ".
"tshirt='".mysql_real_escape_string(stripslashes($_POST['tshirt'][$x]))."' ".
"medicalalert='".stripslashes($_POST['medicalalert'][$x])."', ".
"foodreq='".stripslashes($_POST['foodreq'][$x])."', ".
"teachername='".stripslashes($_POST['teachername'][$x])."', ".
"teacheremail='".stripslashes($_POST['teacheremail'][$x])."', ".
"tshirt='".stripslashes($_POST['tshirt'][$x])."' ".
"WHERE id='$students_id'");
echo notice(i18n("%1 %2 successfully updated",array($_POST['firstname'][$x],$_POST['lastname'][$x])));
}
/* Update the regfee items link */
if($config['participant_regfee_items_enable'] == 'yes') {
mysql_query("DELETE FROM regfee_items_link WHERE students_id='$students_id'");
$stmt = $pdo->prepare("DELETE FROM regfee_items_link WHERE students_id='$students_id'");
$stmt->execute();
if(is_array($_POST['regfee_item'][$x])) {
foreach($_POST['regfee_item'][$x] as $id=>$enabled) {
mysql_query("INSERT INTO regfee_items_link(`students_id`,`regfee_items_id`)
$stmt = $pdo->prepare("INSERT INTO regfee_items_link(`students_id`,`regfee_items_id`)
VALUES ('$students_id','$id') ");
$stmt->execute();
}
}
}
@ -195,20 +199,22 @@ if($_GET['action']=="removestudent")
{
$students_id = intval($_GET['removestudent']);
//first make sure this is one belonging to this registration id
$q=mysql_query("SELECT id FROM students WHERE id='$students_id' AND registrations_id='".$_SESSION['registration_id']."'");
if(mysql_num_rows($q)==1)
$q=$pdo->prepare("SELECT id FROM students WHERE id='$students_id' AND registrations_id='".$_SESSION['registration_id']."'");
$q->execute();
if($q->rowCount()==1)
{
mysql_query("DELETE FROM students WHERE id='$students_id' AND registrations_id='".$_SESSION['registration_id']."'");
$stmt = $pdo->prepare("DELETE FROM students WHERE id='$students_id' AND registrations_id='".$_SESSION['registration_id']."'");
$stmt->execute();
//now see if they have an emergency contact that also needs to be removed
$q=mysql_query("SELECT id FROM emergencycontact WHERE students_id='$students_id' AND registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'");
$q=$pdo->prepare("SELECT id FROM emergencycontact WHERE students_id='$students_id' AND registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'");
$q->execute();
//no need to error message if this doesnt exist
if(mysql_num_rows($q)==1)
mysql_query("DELETE FROM emergencycontact WHERE students_id='$students_id' AND registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'");
mysql_query("DELETE FROM regfee_items_link WHERE students_id='$students_id'");
if($q->rowCount()==1)
$stmt = $pdo->prepare("DELETE FROM emergencycontact WHERE students_id='$students_id' AND registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'");
$stmt->execute();
$stmt = $pdo->prepare("DELETE FROM regfee_items_link WHERE students_id='$students_id'");
$stmt->execute();
echo notice(i18n("Student successfully removed"));
}
else
@ -234,20 +240,21 @@ else if($newstatus=="complete")
//now query and display
$q=mysql_query("SELECT * FROM students WHERE registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'");
if(mysql_num_rows($q)==0)
$q=$pdo->prepare("SELECT * FROM students WHERE registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'");
$q->execute();
if($q->rowCount()==0)
{
//uhh oh, we didnt find any, this isnt possible! lets insert one using the logged in persons email address
//although... this can never really happen, since the above queries only allow the page to view if the student
//is found in the students table... soo... well, lets leave it here as a fallback anyways, just incase
mysql_query("INSERT INTO students (registrations_id,email,year) VALUES ('".$_SESSION['registration_id']."','".mysql_real_escape_string($_SESSION['email'])."','".$config['FAIRYEAR']."')");
$stmt = $pdo->prepare("INSERT INTO students (registrations_id,email,year) VALUES ('".$_SESSION['registration_id']."','".$_SESSION['email']."','".$config['FAIRYEAR']."')");
$stmt->execute();
//if we just inserted it, then we will obviously find 1
$numfound=1;
}
else
{
$numfound=mysql_num_rows($q);
$numfound=$q->rowCount();
}
if($_GET['numstudents'])
@ -277,7 +284,7 @@ else if($newstatus=="complete")
echo "<input type=\"hidden\" name=\"action\" value=\"save\" />";
for($x=1;$x<=$numtoshow;$x++)
{
$studentinfo=mysql_fetch_object($q);
$studentinfo=$q->fetch(PDO::FETCH_OBJ);
echo "<h3>".i18n("Student %1 Details",array($x))."</h3>";
//if we have a valid student, set their ID, so we can UPDATE when we submit
//if there is no record for this student, then set the ID to 0, so we will INSERT when we submit
@ -447,10 +454,11 @@ if($config['participant_student_personal']=="yes")
echo " <td>".i18n("School")."</td><td colspan=\"3\">";
if( $config['participant_registration_type']=="open" || $config['participant_registration_type']=="singlepassword" || $config['participant_registration_type']=="openorinvite" || ($studentinfo && !$studentinfo->schools_id) )
{
$schoolq=mysql_query("SELECT id,school,city FROM schools WHERE year='".$config['FAIRYEAR']."' ORDER by city,school");
$schoolq=$pdo->prepare("SELECT id,school,city FROM schools WHERE year='".$config['FAIRYEAR']."' ORDER by city,school");
$schoolq->execute();
echo "<select name=\"schools_id[$x]\">\n";
echo "<option value=\"\">".i18n("Choose School")."</option>\n";
while($r=mysql_fetch_object($schoolq))
while($r=$schoolq->fetch(PDO::FETCH_OBJ))
{
if($studentinfo->schools_id==$r->id) $sel="selected=\"selected\""; else $sel="";
echo "<option $sel value=\"$r->id\">".htmlspecialchars($r->city).' - '.htmlspecialchars($r->school)."</option>\n";
@ -460,8 +468,9 @@ if($config['participant_student_personal']=="yes")
}
else
{
$schoolq=mysql_query("SELECT id,school FROM schools WHERE year='".$config['FAIRYEAR']."' AND id='$studentinfo->schools_id'");
$r=mysql_fetch_object($schoolq);
$schoolq=$pdo->prepare("SELECT id,school FROM schools WHERE year='".$config['FAIRYEAR']."' AND id='$studentinfo->schools_id'");
$schoolq->execute();
$r=$schoolq->fetch(PDO::FETCH_OBJ);
echo $r->school;
}
@ -474,10 +483,11 @@ if($config['participant_student_personal']=="yes")
echo "</tr>\n";
if($config['participant_regfee_items_enable'] == 'yes' ) {
$sel_q = mysql_query("SELECT * FROM regfee_items_link
$sel_q = $pdo->prepare("SELECT * FROM regfee_items_link
WHERE students_id=$id");
$sel_q->execute();
$sel = array();
while($info_q = mysql_fetch_assoc($sel_q)) {
while($info_q = $sel_q->fetch(PDO::FETCH_ASSOC)) {
$sel[$info_q['regfee_items_id']] = $info_q['id'];
}
foreach($regfee_items as $rfi) {

36
register_participants_tours.php
View File

@ -37,22 +37,23 @@
exit;
}
$q=mysql_query("SELECT registrations.id AS regid, students.id AS studentid, students.firstname FROM registrations,students ".
$q=$pdo->prepare("SELECT registrations.id AS regid, students.id AS studentid, students.firstname FROM registrations,students ".
"WHERE students.email='".$_SESSION['email']."' ".
"AND registrations.num='".$_SESSION['registration_number']."' ".
"AND registrations.id='".$_SESSION['registration_id']."' ".
"AND students.registrations_id=registrations.id ".
"AND registrations.year=".$config['FAIRYEAR']." ".
"AND students.year=".$config['FAIRYEAR']);
echo mysql_error();
$q->execute();
echo $pdo->errorInfo();
if(mysql_num_rows($q)==0)
if($q->rowCount()==0)
{
header("Location: register_participants.php");
exit;
}
$authinfo=mysql_fetch_object($q);
$authinfo=$q->fetch(PDO::FETCH_OBJ);
//send the header
@ -75,10 +76,11 @@ echo mysql_error();
else
{
//first we will delete all their old answer, its easier to delete and re-insert in this case then it would be to find the corresponding answers and update them
mysql_query("DELETE FROM tours_choice
$stmt = $pdo->prepare("DELETE FROM tours_choice
WHERE registrations_id='{$_SESSION['registration_id']}'
AND year='{$config['FAIRYEAR']}'
AND rank!='0'");
$stmt->execute();
if(is_array($_POST['toursel']))
{
foreach($_POST['toursel'] AS $students_id=>$ts)
@ -98,13 +100,14 @@ echo mysql_error();
/* Remember this choice in a format that is easily searchable */
$selarray[] = $x;
mysql_query("INSERT INTO tours_choice (registrations_id,students_id,tour_id,year,rank) VALUES (".
$stmt = $pdo->prepare("INSERT INTO tours_choice (registrations_id,students_id,tour_id,year,rank) VALUES (".
"'".$_SESSION['registration_id']."', ".
"'".intval($students_id)."', ".
"'".intval($tid)."', ".
"'".$config['FAIRYEAR']."', ".
"'$rank')");
echo mysql_error();
$stmt->execute();
echo $pdo->errorInfo();
}
}
@ -140,23 +143,25 @@ else if($newstatus=="complete")
$assigned_tour = array();
$q=mysql_query("SELECT * FROM tours_choice WHERE registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'");
while($r=mysql_fetch_object($q))
$q=$pdo->prepare("SELECT * FROM tours_choice WHERE registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'");
$q->execute();
while($r=$q->fetch(PDO::FETCH_OBJ))
{
if($r->rank == 0) $assigned_tour[$r->students_id] = $r->tour_id;
$tour_choice[$r->students_id][$r->rank] = $r->tour_id;
}
$tours = array();
$q=mysql_query("SELECT * FROM tours WHERE year='".$config['FAIRYEAR']."' ORDER BY id");
if(mysql_num_rows($q) == 0)
$q=$pdo->prepare("SELECT * FROM tours WHERE year='".$config['FAIRYEAR']."' ORDER BY id");
$q->execute();
if($q->rowCount() == 0)
{
echo notice(i18n("There is not tour information"));
send_footer();
exit;
}
while($r=mysql_fetch_object($q))
while($r=$q->fetch(PDO::FETCH_OBJ))
{
$tours[$r->id]['name'] = $r->name;
$tours[$r->id]['num'] = $r->num;
@ -173,11 +178,12 @@ else if($newstatus=="complete")
echo "<form method=\"post\" action=\"register_participants_tours.php\">\n";
echo "<input type=\"hidden\" name=\"action\" value=\"save\">\n";
$q=mysql_query("SELECT * FROM students WHERE registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'");
$num_found = mysql_num_rows($q);
$q=$pdo->prepare("SELECT * FROM students WHERE registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'");
$q->execute();
$num_found = $q->rowCount();
$print_submit = false;
while($r=mysql_fetch_object($q)) {
while($r=$q->fetch(PDO::FETCH_OBJ)) {
echo i18n("Tour Selection for")." <b>{$r->firstname} {$r->lastname}</b>:<br /><br />";
if($r->grade <= 0) {

178
remote.php
View File

@ -37,9 +37,10 @@ function handle_getstats(&$u, $fair,&$data, &$response)
$response['statconfig'] = explode(',', $fair['gather_stats']);
/* Send back the stats we currently have */
$q = mysql_query("SELECT * FROM fairs_stats WHERE fairs_id='{$u['fairs_id']}'
$q = $pdo->prepare("SELECT * FROM fairs_stats WHERE fairs_id='{$u['fairs_id']}'
AND year='$year'");
$response['stats'] = mysql_fetch_assoc($q);
$q->execute();
$response['stats'] = $q->fetch(PDO::FETCH_ASSOC);
unset($response['stats']['id']);
$response['error'] = 0;
}
@ -48,17 +49,19 @@ function handle_stats(&$u,$fair, &$data, &$response)
{
$stats = $data['stats'];
foreach($stats as $k=>$v) {
$stats[$k] = mysql_escape_string($stats[$k]);
$stats[$k] = $stats[$k];
}
// $str = join(',',$stats);
$keys = '`fairs_id`,`'.join('`,`', array_keys($stats)).'`';
$vals = "'{$u['fairs_id']}','".join("','", array_values($stats))."'";
mysql_query("DELETE FROM fairs_stats WHERE fairs_id='{$u['fairs_id']}'
$stmt = $pdo->prepare("DELETE FROM fairs_stats WHERE fairs_id='{$u['fairs_id']}'
AND year='{$stats['year']}'");
echo mysql_error();
mysql_query("INSERT INTO fairs_stats (`id`,$keys) VALUES ('',$vals)");
echo mysql_error();
$stmt->execute();
echo $pdo->errorInfo();
$stmt = $pdo->prepare("INSERT INTO fairs_stats (`id`,$keys) VALUES ('',$vals)");
$stmt->execute();
echo $pdo->errorInfo();
$response['message'] = 'Stats saved';
$response['error'] = 0;
@ -71,8 +74,9 @@ function handle_getawards(&$u, $fair, &$data, &$response)
$ids = array();
/* Load a list of awards linked to the fair id */
$q = mysql_query("SELECT * FROM fairs_awards_link WHERE fairs_id='{$fair['id']}'");
while($r = mysql_fetch_assoc($q)) {
$q = $pdo->prepare("SELECT * FROM fairs_awards_link WHERE fairs_id='{$fair['id']}'");
$q->execute();
while($r = $q->fetch(PDO::FETCH_ASSOC)) {
$aaid = $r['award_awards_id'];
if($r['download_award'] == 'yes') $ids[] = $aaid;
$ul[$aaid] = $r['upload_winners'];
@ -80,9 +84,10 @@ function handle_getawards(&$u, $fair, &$data, &$response)
/* Load the awards this fair is allowed to download */
$where = "(id='".join("' OR id='", $ids)."')";
$q = mysql_query("SELECT * FROM award_awards WHERE $where AND year='$year'" );
$q = $pdo->prepare("SELECT * FROM award_awards WHERE $where AND year='$year'" );
$q->execute();
while($a = mysql_fetch_assoc($q)) {
while($a = $q->fetch(PDO::FETCH_ASSOC)) {
$award = array();
$award['identifier'] = $a['external_identifier'];
$award['external_additional_materials'] = $a['external_additional_materials'];
@ -95,16 +100,18 @@ function handle_getawards(&$u, $fair, &$data, &$response)
$award['schedule_judges'] = $a['schedule_judges'];
if($a['sponsors_id']) {
$sq = mysql_query("SELECT * FROM sponsors WHERE id='{$a['sponsors_id']}'");
if(mysql_num_rows($sq)) {
$s = mysql_fetch_assoc($sq);
$sq = $pdo->prepare("SELECT * FROM sponsors WHERE id='{$a['sponsors_id']}'");
$sq->execute();
if($sq->rowCount()) {
$s = $sq->fetch(PDO::FETCH_ASSOC);
$award['sponsor'] = $s['organization'];
}
}
$award['prizes'] = array();
$pq = mysql_query("SELECT * FROM award_prizes WHERE award_awards_id='{$a['id']}'");
while($p = mysql_fetch_assoc($pq)) {
$pq = $pdo->prepare("SELECT * FROM award_prizes WHERE award_awards_id='{$a['id']}'");
$pq->execute();
while($p = $pq->fetch(PDO::FETCH_ASSOC)) {
/* Map array keys -> local database field */
$map = array( 'cash' => 'cash', 'scholarship' => 'scholarship',
'value' => 'value', 'prize_en' => 'prize', 'number'=>'number',
@ -146,7 +153,7 @@ function award_upload_update_school(&$mysql_query, &$school, $school_id = -1)
'scienceheadphone'=>'scienceheadphone');*/
if($school_id == -1) {
$our_school = mysql_fetch_assoc($mysql_query);
$our_school = $mysql_query->fetch(PDO::FETCH_ASSOC);
$sid = $our_school['id'];
} else {
$sid = $school_id;
@ -156,41 +163,47 @@ function award_upload_update_school(&$mysql_query, &$school, $school_id = -1)
foreach($school_fields as $t=>$m) {
if($our_school[$m] == $school[$t]) continue;
if($set != '') $set.=',';
$set .= "`$m`='".mysql_real_escape_string($school[$t])."'";
$set .= "`$m`='".$school[$t]."'";
}
mysql_query("UPDATE schools SET $set WHERE id='$sid'");
$stmt = $pdo->prepare("UPDATE schools SET $set WHERE id='$sid'");
$stmt->execute();
return $sid;
}
function award_upload_school(&$student, &$school, $year, &$response)
{
$school_name = mysql_real_escape_string($school['schoolname']);
$school_city = mysql_real_escape_string($school['city']);
$school_phone = mysql_real_escape_string($school['phone']);
$school_addr = mysql_real_escape_string($school['address']);
$school_name = $school['schoolname'];
$school_city = $school['city'];
$school_phone = $school['phone'];
$school_addr = $school['address'];
$student_city = $student['city'];
/* Find school by matching name, city, phone, year */
$q = mysql_query("SELECT * FROM schools WHERE school='$school_name' AND city='$school_city' AND phone='$school_phone' AND year='$year'");
if(mysql_num_rows($q) == 1) return award_upload_update_school($q, $school);
$q = $pdo->prepare("SELECT * FROM schools WHERE school='$school_name' AND city='$school_city' AND phone='$school_phone' AND year='$year'");
$q->execute();
if($q->rowCount() == 1) return award_upload_update_school($q, $school);
/* Find school by matching name, city, address, year */
$q = mysql_query("SELECT * FROM schools WHERE school='$school_name' AND city='$school_city' AND address='$school_addr' AND year='$year'");
if(mysql_num_rows($q) == 1) return award_upload_update_school($q, $school);
$q = $pdo->prepare("SELECT * FROM schools WHERE school='$school_name' AND city='$school_city' AND address='$school_addr' AND year='$year'");
$q->execute();
if($q->rowCount() == 1) return award_upload_update_school($q, $school);
/* Find school by matching name, city, year */
$q = mysql_query("SELECT * FROM schools WHERE school='$school_name' AND city='$school_city' AND year='$year'");
if(mysql_num_rows($q) == 1) return award_upload_update_school($q, $school);
$q = $pdo->prepare("SELECT * FROM schools WHERE school='$school_name' AND city='$school_city' AND year='$year'");
$q->execute();
if($q->rowCount() == 1) return award_upload_update_school($q, $school);
/* Find school by matching name, student city, year */
$q = mysql_query("SELECT * FROM schools WHERE school='$school_name' AND city='$student_city' AND year='$year'");
if(mysql_num_rows($q) == 1) return award_upload_update_school($q, $school);
$q = $pdo->prepare("SELECT * FROM schools WHERE school='$school_name' AND city='$student_city' AND year='$year'");
$q->execute();
if($q->rowCount() == 1) return award_upload_update_school($q, $school);
$response['notice'][] = " - Creating new school: $school_name";
/* No? ok, make a new school */
mysql_query("INSERT INTO schools(`school`,`year`) VALUES ('".mysql_real_escape_string($school['schoolname'])."','$year')");
$school_id = mysql_insert_id();
$stmt = $pdo->prepare("INSERT INTO schools(`school`,`year`) VALUES ('".$school['schoolname']."','$year')");
$stmt->execute();
$school_id = $pdo->lastInsertId();
return award_upload_update_school($q, $school, $school_id);
}
@ -216,11 +229,12 @@ function award_upload_assign(&$fair, &$award, &$prize, &$project, $year, &$respo
'teacheremail'=>'teacheremail');
/* See if this project already exists */
$pn = mysql_real_escape_string($project['projectnumber']);
$q = mysql_query("SELECT * FROM projects WHERE projectnumber='$pn' AND fairs_id='{$fair['id']}' AND year='$year'");
echo mysql_error();
if(mysql_num_rows($q) == 1) {
$our_project = mysql_fetch_assoc($q);
$pn = $project['projectnumber'];
$q = $pdo->prepare("SELECT * FROM projects WHERE projectnumber='$pn' AND fairs_id='{$fair['id']}' AND year='$year'");
$q->execute();
echo $pdo->errorInfo();
if($q->rowCount() == 1) {
$our_project = $q->fetch(PDO::FETCH_ASSOC);
$registrations_id = $our_project['registrations_id'];
$pid = $our_project['id'];
$response['notice'][] = " - Found existing project: {$project['title']}";
@ -233,41 +247,47 @@ function award_upload_assign(&$fair, &$award, &$prize, &$project, $year, &$respo
//random number between
//100000 and 999999 (six digit integer)
$regnum=rand(100000,999999);
$q=mysql_query("SELECT * FROM registrations WHERE num='$regnum' AND year=$year");
echo mysql_error();
}while(mysql_num_rows($q)>0);
$q=$pdo->prepare("SELECT * FROM registrations WHERE num='$regnum' AND year=$year");
$q->execute();
echo $pdo->errorInfo();
}while($q->rowCount()>0);
//actually insert it
mysql_query("INSERT INTO registrations (num,email,start,status,schools_id,year) VALUES (".
$stmt= $pdo->prepare("INSERT INTO registrations (num,email,start,status,schools_id,year) VALUES (".
"'$regnum','$regnum',NOW(),'open',NULL,'$year')");
$registrations_id = mysql_insert_id();
$stmt->execute();
$registrations_id = $pdo->lastInsertId();
/* We'll fill in the email address later */
/* Add the project */
mysql_query("INSERT INTO projects (`registrations_id`,`projectnumber`,`year`,`fairs_id`)
$stmt = $pdo->prepare("INSERT INTO projects (`registrations_id`,`projectnumber`,`year`,`fairs_id`)
VALUES('$registrations_id',
'".mysql_real_escape_string($project['projectnumber'])."',
'".$project['projectnumber']."',
'$year', '{$fair['id']}');");
$pid = mysql_insert_id();
$stmt->execute();
$pid = $pdo->lastInsertId();
$reg_email_needs_update = true;
$new_reg = true;
}
$q = mysql_query("SELECT * FROM registrations WHERE id='$registrations_id'");
$registration = mysql_fetch_assoc($q);
$q = $pdo->prepare("SELECT * FROM registrations WHERE id='$registrations_id'");
$q->execute();
$registration = $q->fetch(PDO::FETCH_ASSOC);
/* Update the project in case anythign changed */
mysql_query("UPDATE projects SET title='".mysql_real_escape_string($project['title'])."',
summary='".mysql_real_escape_string($project['abstract'])."',
$stmt = $pdo->prepare("UPDATE projects SET title='".$project['title']."',
summary='".$project['abstract']."',
projectcategories_id='".intval($project['projectcategories_id'])."',
projectdivisions_id='".intval($project['projectdivisions_id'])."'
WHERE id='$pid'");
$stmt->execute();
/* Record the winner */
mysql_query("INSERT INTO winners(`awards_prizes_id`,`projects_id`,`year`,`fairs_id`)
$stmt = $pdo->prepare("INSERT INTO winners(`awards_prizes_id`,`projects_id`,`year`,`fairs_id`)
VALUES('{$prize['id']}','$pid','$year','{$fair['id']}')");
$stmt->execute();
/* Delete the students attached to this project */
mysql_query("DELETE FROM students WHERE registrations_id='$registrations_id'");
$stmt = $pdo->prepare("DELETE FROM students WHERE registrations_id='$registrations_id'");
$stmt->execute();
/* Add new */
foreach($project['students'] as &$student) {
@ -279,15 +299,17 @@ function award_upload_assign(&$fair, &$award, &$prize, &$project, $year, &$respo
$keys = ",`".join("`,`", array_values($student_fields))."`";
$values = "";
foreach($student_fields as $k=>$v)
$values .= ",'".mysql_real_escape_string($student[$k])."'";
$values .= ",'".$student[$k]."'";
/* Note lack of comma before $keys, we added it above for both keys and values */
mysql_query("INSERT INTO students (`registrations_id`,`fairs_id`, `schools_id`,`year` $keys)
$stmt = $pdo->prepare("INSERT INTO students (`registrations_id`,`fairs_id`, `schools_id`,`year` $keys)
VALUES('$registrations_id','{$fair['id']}','$schools_id','$year' $values )");
$stmt->execute();
/* Update the registration email */
if($reg_email_needs_update) {
mysql_query("UPDATE registrations SET email='".mysql_real_escape_string($student['email'])."'
$stmt = $pdo->prepare("UPDATE registrations SET email='".$student['email']."'
WHERE id='$registrations_id'");
$stmt->execute();
$reg_email_needs_update = false;
}
@ -305,7 +327,8 @@ function award_upload_assign(&$fair, &$award, &$prize, &$project, $year, &$respo
/* It's not an external, so we don't need the student to login
* or antyhing, we probably want to include it in reports, so set
* it to complete */
mysql_query("UPDATE registrations SET status='complete' WHERE id='$registrations_id'");
$stmt = $pdo->prepare("UPDATE registrations SET status='complete' WHERE id='$registrations_id'");
$stmt->execute();
}
}
@ -326,15 +349,16 @@ function handle_awards_upload(&$u, &$fair, &$data, &$response)
$year = intval($award_data['year']);
/* Find the award */
$eid = mysql_real_escape_string($external_identifier);
$eid = $external_identifier;
$q = mysql_query("SELECT * FROM award_awards WHERE external_identifier='$eid' AND year='$year'");
if(mysql_num_rows($q) != 1) {
$q = $pdo->prepare("SELECT * FROM award_awards WHERE external_identifier='$eid' AND year='$year'");
$q->execute();
if($q->rowCount() != 1) {
$response['message'] = "Unknown award identifier '$eid' for year $year";
$response['error'] = 1;
return;
}
$award = mysql_fetch_assoc($q);
$award = $q->fetch(PDO::FETCH_ASSOC);
$aaid = $award['id'];
$response['notice'][] = "Found award: {$award['name']}";
@ -342,14 +366,16 @@ function handle_awards_upload(&$u, &$fair, &$data, &$response)
/* Load prizes, we fetched the right award by year, so we don't need to
* check the year as long as we query by aaid */
$prizes = array();
$q = mysql_query("SELECT * FROM award_prizes WHERE award_awards_id='$aaid'");
while($prize = mysql_fetch_assoc($q)) {
$q = $pdo->prepare("SELECT * FROM award_prizes WHERE award_awards_id='$aaid'");
$q->execute();
while($prize = $q->fetch(PDO::FETCH_ASSOC)) {
$response['notice'][] = " - Prize: {$prize['prize']}";
/* Clean out existing winners for this prize */
mysql_query("DELETE FROM winners WHERE
$stmt = $pdo->prepare("DELETE FROM winners WHERE
award_prize_id='{$prize['id']}'
AND fairs_id='{$fair['id']}'");
$stmt->execute();
/* Assign projects to this prize */
$ul_p =& $award_data['prizes'][$prize['prize']];
@ -368,8 +394,9 @@ function handle_get_categories(&$u, &$fair, &$data, &$response)
{
$year = intval($data['get_categories']['year']);
$cat = array();
$q=mysql_query("SELECT * FROM projectcategories WHERE year='$year' ORDER BY id");
while($r=mysql_fetch_object($q)) {
$q=$pdo->prepare("SELECT * FROM projectcategories WHERE year='$year' ORDER BY id");
$q->execute();
while($r=$q->fetch(PDO::FETCH_OBJ)) {
$cat[$r->id]=array('id' => $r->id,
'category' => $r->category,
'mingrade' => $r->mingrade,
@ -383,8 +410,9 @@ function handle_get_divisions(&$u, &$fair, &$data, &$response)
{
$year = intval($data['get_divisions']['year']);
$div = array();
$q=mysql_query("SELECT * FROM projectdivisions WHERE year='$year' ORDER BY id");
while($r=mysql_fetch_object($q)) {
$q=$pdo->prepare("SELECT * FROM projectdivisions WHERE year='$year' ORDER BY id");
$q->execute();
while($r=$q->fetch(PDO::FETCH_OBJ)) {
$div[$r->id] = array('id' => $r->id,
'division' => $r->division);
}
@ -397,14 +425,15 @@ function handle_award_additional_materials(&$u, &$fair, &$data, &$response)
$year = intval($data['award_additional_materials']['year']);
$external_identifier = $data['award_additional_materials']['identifier'];
$eid = mysql_real_escape_string($external_identifier);
$q = mysql_query("SELECT * FROM award_awards WHERE external_identifier='$eid' AND year='$year'");
if(mysql_num_rows($q) != 1) {
$eid = $external_identifier;
$q = $pdo->prepare("SELECT * FROM award_awards WHERE external_identifier='$eid' AND year='$year'");
$q->execute();
if($q->rowCount() != 1) {
$response['message'] = "Unknown award identifier '$eid'";
$response['error'] = 1;
return;
}
$award = mysql_fetch_assoc($q);
$award = $q->fetch(PDO::FETCH_ASSOC);
$pdf = fair_additional_materials($fair, $award, $year);
$response['award_additional_materials']['pdf']['header'] = $pdf['header'];
@ -456,8 +485,9 @@ function handle_award_additional_materials(&$u, &$fair, &$data, &$response)
exit;
}
$q = mysql_query("SELECT * FROM fairs WHERE id='{$u['fairs_id']}'");
$fair = mysql_fetch_assoc($q);
$q = $pdo->prepare("SELECT * FROM fairs WHERE id='{$u['fairs_id']}'");
$q->execute();
$fair = $q->fetch(PDO::FETCH_ASSOC);
$response = array();
if(array_key_exists('getstats', $data)) handle_getstats($u,$fair, $data, $response);

52
schoolaccess.php
View File

@ -4,12 +4,14 @@ require_once('user.inc.php');
if($_POST['schoolid'] && $_POST['accesscode'])
{
$q=mysql_query("SELECT * FROM schools WHERE id='".$_POST['schoolid']."' AND accesscode='".$_POST['accesscode']."' AND year='".$config['FAIRYEAR']."'");
if(mysql_num_rows($q)==1)
$q=$pdo->prepare("SELECT * FROM schools WHERE id='".$_POST['schoolid']."' AND accesscode='".$_POST['accesscode']."' AND year='".$config['FAIRYEAR']."'");
$q->execute();
if($q->rowCount()==1)
{
$_SESSION['schoolid']=$_POST['schoolid'];
$_SESSION['schoolaccesscode']=$_POST['accesscode'];
mysql_query("UPDATE schools SET lastlogin=NOW() WHERE id='".$_POST['schoolid']."'");
$stmt = $pdo->prepare("UPDATE schools SET lastlogin=NOW() WHERE id='".$_POST['schoolid']."'");
$stmt->execute();
}
else
@ -28,9 +30,10 @@ send_header("School Access");
if($_SESSION['schoolid'] && $_SESSION['schoolaccesscode'])
{
$q=mysql_query("SELECT * FROM schools WHERE id='".$_SESSION['schoolid']."' AND accesscode='".$_SESSION['schoolaccesscode']."' AND year='".$config['FAIRYEAR']."'");
echo mysql_error();
$school=mysql_fetch_object($q);
$q=$pdo->prepare("SELECT * FROM schools WHERE id='".$_SESSION['schoolid']."' AND accesscode='".$_SESSION['schoolaccesscode']."' AND year='".$config['FAIRYEAR']."'");
$q->execute();
echo $pdo->errorInfo();
$school=$q->fetch(PDO::FETCH_OBJ);
if($school) {
if($_POST['action']=="save") {
@ -65,27 +68,29 @@ if($_SESSION['schoolid'] && $_SESSION['schoolaccesscode'])
}
mysql_query("UPDATE schools SET
school='".mysql_escape_string(stripslashes($_POST['school']))."',
address='".mysql_escape_string(stripslashes($_POST['address']))."',
city='".mysql_escape_string(stripslashes($_POST['city']))."',
province_code='".mysql_escape_string(stripslashes($_POST['province_code']))."',
postalcode='".mysql_escape_string(stripslashes($_POST['postalcode']))."',
phone='".mysql_escape_string(stripslashes($_POST['phone']))."',
$stmt = $pdo->prepare("UPDATE schools SET
school='".stripslashes($_POST['school'])."',
address='".stripslashes($_POST['address'])."',
city='".stripslashes($_POST['city'])."',
province_code='".stripslashes($_POST['province_code'])."',
postalcode='".stripslashes($_POST['postalcode'])."',
phone='".stripslashes($_POST['phone'])."',
$sciencehead_update
fax='".mysql_escape_string(stripslashes($_POST['fax']))."'
fax='".stripslashes($_POST['fax'])."'
WHERE id='$school->id'");
$stmt->execute();
echo mysql_error();
if(mysql_error())
echo $pdo->errorInfo();
if($pdo->errorInfo())
echo error(i18n("An Error occured trying to save the school information"));
else
echo happy(i18n("School information successfully updated"));
//and reselect it
$q=mysql_query("SELECT * FROM schools WHERE id='".$_SESSION['schoolid']."' AND accesscode='".$_SESSION['schoolaccesscode']."' AND year='".$config['FAIRYEAR']."'");
echo mysql_error();
$school=mysql_fetch_object($q);
$q=$pdo->prepare("SELECT * FROM schools WHERE id='".$_SESSION['schoolid']."' AND accesscode='".$_SESSION['schoolaccesscode']."' AND year='".$config['FAIRYEAR']."'");
$q->execute();
echo $pdo->errorInfo();
$school=$q->fetch(PDO::FETCH_OBJ);
}
/*
@ -97,11 +102,11 @@ if($_SESSION['schoolid'] && $_SESSION['schoolaccesscode'])
senior='".$_POST['senior']."'
WHERE id='$school->id'");
echo mysql_error();
echo $pdo->errorInfo();
$q=mysql_query("SELECT * FROM schools WHERE id='".$_SESSION['schoolid']."' AND accesscode='".$_SESSION['schoolaccesscode']."'");
echo "<font color=blue><b>Participation Information Successfully Updated</b></font><br>\n";
$school=mysql_fetch_object($q);
$school=$q->fetch(PDO::FETCH_OBJ);
}
*/
@ -221,9 +226,10 @@ else {
<select name="schoolid">
<option value=""><?=i18n("Choose your school")?></option>
<?
$q=mysql_query("SELECT id,school,city FROM schools WHERE year='".$config['FAIRYEAR']."' ORDER BY school");
$q=$pdo->prepare("SELECT id,school,city FROM schools WHERE year='".$config['FAIRYEAR']."' ORDER BY school");
$q->execute();
$prev="somethingthatdoesnotexist";
while($r=mysql_fetch_object($q))
while($r=$q->fetch(PDO::FETCH_OBJ))
{
if($r->school==$prev)
echo "<option value=\"$r->id\">$r->school ($r->city)</option>\n";

86
schoolinvite.php
View File

@ -7,9 +7,10 @@ if($_SESSION['schoolid'] && $_SESSION['schoolaccesscode'])
echo "<a href=\"schoolaccess.php\">&lt;&lt; ".i18n("Return to school access main page")."</a><br />";
echo "<br />";
$q=mysql_query("SELECT * FROM schools WHERE id='".$_SESSION['schoolid']."' AND accesscode='".$_SESSION['schoolaccesscode']."' AND year='".$config['FAIRYEAR']."'");
echo mysql_error();
$school=mysql_fetch_object($q);
$q=$pdo->prepare("SELECT * FROM schools WHERE id='".$_SESSION['schoolid']."' AND accesscode='".$_SESSION['schoolaccesscode']."' AND year='".$config['FAIRYEAR']."'");
$q->execute();
echo $pdo->errorInfo();
$school=$q->fetch(PDO::FETCH_OBJ);
if($school)
{
if($config['participant_registration_type']=="invite" || $config['participant_registration_type']=="openorinvite" )
@ -19,8 +20,9 @@ if($_SESSION['schoolid'] && $_SESSION['schoolaccesscode'])
if($_POST['firstname'] && $_POST['lastname'] && $_POST['email'] && $_POST['grade'])
{
//make sure they arent already invited!
$q=mysql_query("SELECT firstname, lastname FROM students WHERE year='".$config['FAIRYEAR']."' AND email='".$_POST['email']."'");
if(mysql_num_rows($q))
$q=$pdo->prepare("SELECT firstname, lastname FROM students WHERE year='".$config['FAIRYEAR']."' AND email='".$_POST['email']."'");
$q->execute();
if($q->rowCount())
{
echo error(i18n("That students email address has already been invited"));
}
@ -34,11 +36,12 @@ if($_SESSION['schoolid'] && $_SESSION['schoolaccesscode'])
//random number between
//100000 and 999999 (six digit integer)
$regnum=rand(100000,999999);
$q=mysql_query("SELECT * FROM registrations WHERE num='$regnum' AND year=".$config['FAIRYEAR']);
}while(mysql_num_rows($q)>0);
$q=$pdo->prepare("SELECT * FROM registrations WHERE num='$regnum' AND year=".$config['FAIRYEAR']);
$q->execute();
}while($q->rowCount()>0);
//actually insert it
mysql_query("INSERT INTO registrations (num,email,emailcontact,start,status,year) VALUES (".
$stmt = $pdo->prepare("INSERT INTO registrations (num,email,emailcontact,start,status,year) VALUES (".
"'$regnum',".
"'".$_POST['email']."',".
"'".$_POST['emailcontact']."',".
@ -46,16 +49,18 @@ if($_SESSION['schoolid'] && $_SESSION['schoolaccesscode'])
"'open',".
$config['FAIRYEAR'].
")");
$regid=mysql_insert_id();
$stmt->execute();
$regid=$pdo->lastInsertId();
mysql_query("INSERT INTO students (registrations_id,email,firstname,lastname,schools_id,grade,year) VALUES (
$stmt = $pdo->prepare("INSERT INTO students (registrations_id,email,firstname,lastname,schools_id,grade,year) VALUES (
'$regid',
'".mysql_escape_string($_POST['email'])."',
'".mysql_escape_string($_POST['firstname'])."',
'".mysql_escape_string($_POST['lastname'])."',
'".mysql_escape_string($_SESSION['schoolid'])."',
'".mysql_escape_string($_POST['grade'])."',
'".$_POST['email']."',
'".$_POST['firstname']."',
'".$_POST['lastname']."',
'".$_SESSION['schoolid']."',
'".$_POST['grade']."',
'".$config['FAIRYEAR']."')");
$stmt->execute();
email_send("new_participant",$_POST['email'],array(),array("REGNUM"=>$regnum, "EMAIL"=>$_POST['email']));
if($_POST['emailcontact'])
@ -70,19 +75,26 @@ if($_SESSION['schoolid'] && $_SESSION['schoolaccesscode'])
if($_GET['action']=="uninvite")
{
//first, make sure that this is really their student, and it sfor this year.
$q=mysql_query("SELECT * FROM students WHERE id='".$_GET['uninvite']."' AND year='".$config['FAIRYEAR']."' AND schools_id='".$_SESSION['schoolid']."'");
if(mysql_num_rows($q))
$q=$pdo->prepare("SELECT * FROM students WHERE id='".$_GET['uninvite']."' AND year='".$config['FAIRYEAR']."' AND schools_id='".$_SESSION['schoolid']."'");
$q->execute();
if($q->rowCount())
{
$r=mysql_fetch_object($q);
$r=$q->fetch(PDO::FETCH_OBJ);
$registrations_id=$r->registrations_id;
if($registrations_id) //just to be safe!
{
mysql_query("DELETE FROM students WHERE registrations_id='$registrations_id'");
mysql_query("DELETE FROM projects WHERE registrations_id='$registrations_id'");
mysql_query("DELETE FROM mentors WHERE registrations_id='$registrations_id'");
mysql_query("DELETE FROM safety WHERE registrations_id='$registrations_id'");
mysql_query("DELETE FROM emergencycontact WHERE registrations_id='$registrations_id'");
mysql_query("DELETE FROM registrations WHERE id='$registrations_id'");
$stmt = $pdo->prepare("DELETE FROM students WHERE registrations_id='$registrations_id'");
$stmt->execute();
$stmt = $pdo->prepare("DELETE FROM projects WHERE registrations_id='$registrations_id'");
$stmt->execute();
$stmt = $pdo->prepare("DELETE FROM mentors WHERE registrations_id='$registrations_id'");
$stmt->execute();
$stmt = $pdo->prepare("DELETE FROM safety WHERE registrations_id='$registrations_id'");
$stmt->execute();
$stmt = $pdo->prepare("DELETE FROM emergencycontact WHERE registrations_id='$registrations_id'");
$stmt->execute();
$stmt = $pdo->prepare("DELETE FROM registrations WHERE id='$registrations_id'");
$stmt->execute();
echo happy(i18n("Student successfully uninvited"));
}
@ -92,11 +104,12 @@ if($_SESSION['schoolid'] && $_SESSION['schoolaccesscode'])
}
$q=mysql_query("SELECT (NOW()>'".$config['dates']['regopen']."' AND NOW()<'".$config['dates']['regclose']."') AS datecheck");
$datecheck=mysql_fetch_object($q);
$q=$pdo->prepare("SELECT (NOW()>'".$config['dates']['regopen']."' AND NOW()<'".$config['dates']['regclose']."') AS datecheck");
$q->execute();
$datecheck=$q->fetch(PDO::FETCH_OBJ);
$q=mysql_query("SELECT
$q=$pdo->prepare("SELECT
students.*,
registrations.num,
registrations.emailcontact
@ -111,7 +124,8 @@ if($_SESSION['schoolid'] && $_SESSION['schoolaccesscode'])
ORDER BY
lastname,
firstname");
$currentinvited=mysql_num_rows($q);
$q->execute();
$currentinvited=$q->rowCount();
if($datecheck!=0) {
echo i18n("In order for your school's students to register for the fair, you will need to invite them to register. Simply enter their email address below to invite them to register. <b>Important</b>: for group projects, only add one of the participants, that participant will then add the other group member(s) to the project");
@ -138,10 +152,11 @@ if($_SESSION['schoolid'] && $_SESSION['schoolaccesscode'])
}
else if($school->projectlimitper=="agecategory") {
echo "<br />";
$catq=mysql_query("SELECT * FROM projectcategories WHERE year='".$config['FAIRYEAR']."' ORDER BY id");
while($catr=mysql_fetch_object($catq)) {
$catq=$pdo->prepare("SELECT * FROM projectcategories WHERE year='".$config['FAIRYEAR']."' ORDER BY id");
$catq->execute();
while($catr=$catq->fetch(PDO::FETCH_OBJ)) {
$q2=mysql_query("SELECT COUNT(students.id) AS num
$q2=$pdo->prepare("SELECT COUNT(students.id) AS num
FROM
students,
registrations
@ -153,8 +168,9 @@ if($_SESSION['schoolid'] && $_SESSION['schoolaccesscode'])
AND students.registrations_id=registrations.id
GROUP BY registrations.num
");
echo mysql_error();
$r2=mysql_fetch_object($q2);
$q2->execute();
echo $pdo->errorInfo();
$r2=$q2->fetch(PDO::FETCH_OBJ);
$currentinvited=$r2->num;
if($currentinvited<$school->projectlimit || $school->projectlimit==0) {
@ -221,7 +237,7 @@ if($_SESSION['schoolid'] && $_SESSION['schoolaccesscode'])
echo "<br />";
echo "<h4>".i18n("Invited participants from your school")."</h4>";
if(mysql_num_rows($q)) {
if($q->rowCount()) {
echo "<table class=\"summarytable\">";
echo "<tr><th>".i18n("Last Name")."</th><th>".i18n("First Name")."</th>";
echo "<th>".i18n("Email Address")."</th>";
@ -229,7 +245,7 @@ if($_SESSION['schoolid'] && $_SESSION['schoolaccesscode'])
echo "<th>".i18n("Registration Number")."</th>";
echo "<th colspan=\"2\">".i18n("Actions")."</th></tr>";
while($r=mysql_fetch_object($q)) {
while($r=$q->fetch(PDO::FETCH_OBJ)) {
echo "<tr><td>$r->lastname</td><td>$r->firstname</td>";
echo "<td>$r->email";
if($r->emailcontact)

22
scripts/assignprojectnumbers.php
View File

@ -27,12 +27,14 @@ exit;
include "../common.inc.php";
$projq=mysql_query("SELECT id FROM registrations WHERE status='complete' OR status='paymentpending' AND year='2008'");
while($projr=mysql_fetch_object($projq))
$projq=$pdo->prepare("SELECT id FROM registrations WHERE status='complete' OR status='paymentpending' AND year='2008'");
$projq->execute();
while($projr=$projq->fetch(PDO::FETCH_OBJ))
{
$reg_id=$projr->id;
$q=mysql_query("SELECT projects.projectcategories_id, projects.projectdivisions_id FROM projects WHERE registrations_id='$reg_id'");
$r=mysql_fetch_object($q);
$q=$pdo->prepare("SELECT projects.projectcategories_id, projects.projectdivisions_id FROM projects WHERE registrations_id='$reg_id'");
$q->execute();
$r=$q->fetch(PDO::FETCH_OBJ);
$projectnumber=$config['project_num_format'];
//first replace the division and category
@ -41,15 +43,16 @@ include "../common.inc.php";
//now change the N to a % so we can use it as a wildcard
$querynum=str_replace('N','%',$projectnumber);
$searchq=mysql_query("SELECT projectnumber FROM projects WHERE year='".$config['FAIRYEAR']."' AND projectnumber LIKE '$querynum'");
$searchq=$pdo->prepare("SELECT projectnumber FROM projects WHERE year='".$config['FAIRYEAR']."' AND projectnumber LIKE '$querynum'");
$searchq->execute();
print("SELECT projectnumber FROM projects WHERE year='".$config['FAIRYEAR']."' AND projectnumber LIKE '$querynum'\n");
$searchnum=mysql_num_rows($searchq);
$searchnum=$searchq->rowCount();
echo "searchnum=$searchnum \n";
if(mysql_num_rows($searchq))
if($searchq->rowCount())
{
//first, put them all in an array
$proj_nums=array();
while($searchr=mysql_fetch_object($searchq))
while($searchr=$searchq->fetch(PDO::FETCH_OBJ))
{
$proj_nums[]=$searchr->projectnumber;
}
@ -77,7 +80,8 @@ include "../common.inc.php";
}
$projectnumber=str_replace('N',$Nnum,$projectnumber);
mysql_query("UPDATE projects SET projectnumber='$projectnumber' WHERE registrations_id='$reg_id' AND year='".$config['FAIRYEAR']."'");
$stmt = $pdo->prepare("UPDATE projects SET projectnumber='$projectnumber' WHERE registrations_id='$reg_id' AND year='".$config['FAIRYEAR']."'");
$stmt->execute();
if($projectnumber)
{
echo "Assigned new project number $projectnumber\n";

16
scripts/assigntourrankings.php
View File

@ -25,9 +25,10 @@ echo "To run this script, edit it and comment out the 'exit' (and this message)
exit;
include "../common.inc.php";
mysql_query("DELETE FROM tours_choice WHERE year='2008'");
$stmt = $po->prepare("DELETE FROM tours_choice WHERE year='2008'");
$stmt->execute();
$q=mysql_query("SELECT students.id AS students_id,
$q=$pdo->prepare("SELECT students.id AS students_id,
registrations.id AS registrations_id
FROM registrations,
students
@ -36,14 +37,17 @@ $q=mysql_query("SELECT students.id AS students_id,
AND registrations.year='2008'
AND students.registrations_id=registrations.id
AND students.year='2008'");
while($r=mysql_fetch_object($q))
$q->execute();
while($r=$q->fetch(PDO::FETCH_OBJ))
{
$tq=mysql_query("SELECT tours.id, RAND() AS r FROM tours WHERE year='2008' ORDER BY r");
$tq=$pdo->prepare("SELECT tours.id, RAND() AS r FROM tours WHERE year='2008' ORDER BY r");
$tq->execute();
$rank=1;
while($tr=mysql_fetch_object($tq)) {
mysql_query("INSERT INTO tours_choice (students_id,registrations_id,tour_id,year,rank) VALUES (
while($tr=$tq->fetch(PDO::FETCH_OBJ)) {
$stmt = $pdo->prepare("INSERT INTO tours_choice (students_id,registrations_id,tour_id,year,rank) VALUES (
'$r->students_id','$r->registrations_id','$tr->id','2008','$rank'
)");
$stmt->execute();
$rank++;
}
echo "Assigned student $r->students_id\n";

9
scripts/emptyregistrations.php
View File

@ -32,9 +32,12 @@ echo "IF YOU ARE SURE YOU WANT TO RUN THIS, SET AN ARGUMENT TO THE SCRIPT, EG 'p
if(count($argv)>1)
{
echo "TRUNCATING TABLE DATA....\n";
mysql_query("TRUNCATE TABLE registrations");
mysql_query("TRUNCATE TABLE students");
mysql_query("TRUNCATE TABLE projects");
$stmt = $pdo->prepare("TRUNCATE TABLE registrations");
$stmt->execute();
$stmt = $pdo->prepare("TRUNCATE TABLE students");
$stmt->execute();
$stmt = $pdo->prepare("TRUNCATE TABLE projects");
$stmt->execute();
echo "DONE.\n\n";
}
?>

15
scripts/emptyscheduledata.php
View File

@ -32,11 +32,16 @@ echo "IF YOU ARE SURE YOU WANT TO RUN THIS, SET AN ARGUMENT TO THE SCRIPT, EG 'p
if(count($argv)>1)
{
echo "TRUNCATING TABLE DATA....\n";
mysql_query("TRUNCATE TABLE judges_teams");
mysql_query("TRUNCATE TABLE judges_teams_awards_link");
mysql_query("TRUNCATE TABLE judges_teams_link");
mysql_query("TRUNCATE TABLE judges_teams_timeslots_link");
mysql_query("TRUNCATE TABLE judges_teams_timeslots_projects_link");
$stmt = $pdo->prepare("TRUNCATE TABLE judges_teams");
$stmt->execute();
$stmt = $pdo->prepare("TRUNCATE TABLE judges_teams_awards_link");
$stmt->execute();
$stmt = $pdo->prepare("TRUNCATE TABLE judges_teams_link");
$stmt->execute();
$stmt = $pdo->prepare("TRUNCATE TABLE judges_teams_timeslots_link");
$stmt->execute();
$stmt = $pdo->prepare("TRUNCATE TABLE judges_teams_timeslots_projects_link");
$stmt->execute();
echo "DONE.\n\n";
}
?>

41
scripts/judges_fake.php
View File

@ -28,11 +28,16 @@ include "../common.inc.php";
$numjudges=200;
mysql_query("TRUNCATE TABLE judges");
mysql_query("TRUNCATE TABLE judges_catpref");
mysql_query("TRUNCATE TABLE judges_expertise");
mysql_query("TRUNCATE TABLE judges_years");
mysql_query("TRUNCATE TABLE judges_languages");
$stmt = $pdo->prepare("TRUNCATE TABLE judges");
$stmt->execute();
$stmt = $pdo->prepare("TRUNCATE TABLE judges_catpref");
$stmt->execute();
$stmt = $pdo->prepare("TRUNCATE TABLE judges_expertise");
$stmt->execute();
$stmt = $pdo->prepare("TRUNCATE TABLE judges_years");
$stmt->execute();
$stmt = $pdo->prepare("TRUNCATE TABLE judges_languages");
$stmt->execute();
function getrand($ar)
@ -109,8 +114,9 @@ for($x=0;$x<$numjudges;$x++)
$compnum=rand(0,20);
if($compnum==1) $complete="no"; else $complete="yes";
$q=mysql_query("INSERT INTO judges (firstname,lastname,email,years_school,years_regional,years_national,willing_chair,complete) VALUES ('$firstname','$lastname','$email','$years_school','$years_regional','$years_national','$willing_chair','$complete')");
$id=mysql_insert_id();
$q=$pdo->prepare("INSERT INTO judges (firstname,lastname,email,years_school,years_regional,years_national,willing_chair,complete) VALUES ('$firstname','$lastname','$email','$years_school','$years_regional','$years_national','$willing_chair','$complete')");
$q->execute();
$id=$pdo->lastInsertId();
//for both these, the annealer expects -2 to 2 , but since expertise was done waaaaaay before as 1-5 we'll add it as 1-5 and the annealer will subtract 3
//to compensate
@ -119,30 +125,37 @@ for($x=0;$x<$numjudges;$x++)
for($a=1;$a<=3;$a++)
{
$catrank=rand(-2,2);
mysql_query("INSERT INTO judges_catpref (judges_id,projectcategories_id,rank,year) VALUES ('$id','$a','$catrank','2007')");
$stmt = $pdo->prepare("INSERT INTO judges_catpref (judges_id,projectcategories_id,rank,year) VALUES ('$id','$a','$catrank','2007')");
$stmt->execute();
}
//expertise is ranked 1-5
for($a=1;$a<=6;$a++)
{
$divrank=rand(1,5);
mysql_query("INSERT INTO judges_expertise (judges_id,projectdivisions_id,val,year) VALUES ('$id','$a','$divrank','2007')");
$stmt = $pdo->prepare("INSERT INTO judges_expertise (judges_id,projectdivisions_id,val,year) VALUES ('$id','$a','$divrank','2007')");
$stmt->execute();
}
//and add the record to the judges_years table so they will be 'active' for this year
mysql_query("INSERT INTO judges_years (judges_id,year) VALUES ('$id','2007')");
$stmt = $pdo->prepare("INSERT INTO judges_years (judges_id,year) VALUES ('$id','2007')");
$stmt->execute();
//60% chance they only speak english
//20% chance they only speak french
//20% chance they are bilingual
$num=rand(0,100);
if($num<60)
mysql_query("INSERT INTO judges_languages (judges_id,languages_lang) VALUES ('$id','en')");
{$stmt = $pdo->prepare("INSERT INTO judges_languages (judges_id,languages_lang) VALUES ('$id','en')");
$stmt->execute();}
else if($num<80)
mysql_query("INSERT INTO judges_languages (judges_id,languages_lang) VALUES ('$id','fr')");
{$stmt = $pdo->prepare("INSERT INTO judges_languages (judges_id,languages_lang) VALUES ('$id','fr')");
$stmt->execute();}
else {
mysql_query("INSERT INTO judges_languages (judges_id,languages_lang) VALUES ('$id','en')");
mysql_query("INSERT INTO judges_languages (judges_id,languages_lang) VALUES ('$id','fr')");
$stmt = $pdo->prepare("INSERT INTO judges_languages (judges_id,languages_lang) VALUES ('$id','en')");
$stmt->execute();
$stmt = $pdo->prepare("INSERT INTO judges_languages (judges_id,languages_lang) VALUES ('$id','fr')");
$stmt->execute();
}

18
scripts/populate_fake.php
View File

@ -49,8 +49,9 @@ $nouns=array("age","animal","arm","baby","ball","bat","bear","boat","camp","car"
$starters=array("effects of","study of","analysis of");
$joiners=array("on","combined with","broken apart by","burned with","attacked by","left alone with");
$numschools=mysql_query("SELECT id FROM schools WHERE year='2011'");
while($s=mysql_fetch_object($numschools))
$numschools=$pdo->prepare("SELECT id FROM schools WHERE year='2011'");
$numschools->execute();
while($s=$numschools->fetch(PDO::FETCH_OBJ))
{
//1 in 4 chance of actually using this school
$o=rand(1,4);
@ -67,8 +68,9 @@ for($x=0;$x<$numprojects;$x++)
$pd=rand(1,$prob_unpaid);
if($pd==1) $status='paymentpending'; else $status='complete';
$q=mysql_query("INSERT INTO registrations (num,email,start,status,year) VALUES ('$regnum','$email',NOW(),'$status',2011)");
if($id=mysql_insert_id())
$q=$pdo->prepare("INSERT INTO registrations (num,email,start,status,year) VALUES ('$regnum','$email',NOW(),'$status',2011)");
$q->execute();
if($id=$pdo->lastInsertId())
{
$peeps=rand(1,$prob_dual);
@ -88,8 +90,8 @@ for($x=0;$x<$numprojects;$x++)
$firstname=getrand($firstnames);
$email=strtolower($firstname)."@".getrand($domains);
mysql_query("INSERT INTO students (registrations_id,firstname,lastname,email,sex,grade,year,schools_id) VALUES ('$id','$firstname','".getrand($lastnames)."','$email','$sex','$grade','2011','$schools_id')");
$stmt = $pdo->prepare("INSERT INTO students (registrations_id,firstname,lastname,email,sex,grade,year,schools_id) VALUES ('$id','$firstname','".getrand($lastnames)."','$email','$sex','$grade','2011','$schools_id')");
$stmt->execute();
}
$div=rand(1,6);
@ -105,8 +107,8 @@ for($x=0;$x<$numprojects;$x++)
if($langnum<4) $lang="fr"; else $lang="en";
mysql_query("INSERT INTO projects (registrations_id,projectcategories_id,projectdivisions_id,title,year,req_electricity,req_table,language) VALUES ('$id','$cat','$div','$title $lang',2011,'$req_e','$req_t','$lang')");
$stmt = $pdo->prepare("INSERT INTO projects (registrations_id,projectcategories_id,projectdivisions_id,title,year,req_electricity,req_table,language) VALUES ('$id','$cat','$div','$title $lang',2011,'$req_e','$req_t','$lang')");
$stmt->execute();
}
}

65
scripts/rolloverschools.php
View File

@ -28,17 +28,19 @@
function roll($currentfairyear, $newfairyear, $table, $fields)
{
$q=mysql_query("SELECT * FROM $table WHERE year='$currentfairyear'");
echo mysql_error();
$q=$pdo->prepare("SELECT * FROM $table WHERE year='$currentfairyear'");
$q->execute();
echo $pdo->errorInfo();
$names = '`'.join('`,`', $fields).'`';
while($r=mysql_fetch_assoc($q)) {
while($r=$q->fetch(PDO::FETCH_ASSOC)) {
$vals = '';
foreach($fields as $f) {
$vals .= ",'".mysql_real_escape_string($r[$f])."'";
$vals .= ",'".$r[$f]."'";
}
mysql_query("INSERT INTO $table(`year`,$names) VALUES ('$newfairyear'$vals)");
echo mysql_error();
$stmt = $pdo->prepare("INSERT INTO $table(`year`,$names) VALUES ('$newfairyear'$vals)");
$stmt->execute();
echo $pdo->errorInfo();
}
}
@ -47,35 +49,36 @@ $newfairyear=2010;
echo i18n("Rolling schools")."<br />";
//award types
$q=mysql_query("SELECT * FROM schools WHERE year='$currentfairyear'");
echo mysql_error();
while($r=mysql_fetch_object($q)) {
$q=$pdo->prepare("SELECT * FROM schools WHERE year='$currentfairyear'");
$q->execute();
echo $pdo->errorInfo();
while($r=$q->fetch(PDO::FETCH_OBJ)) {
$puid = ($r->principal_uid == null) ? 'NULL' : ("'".intval($r->principal_uid)."'");
$shuid = ($r->sciencehead_uid == null) ? 'NULL' : ("'".intval($r->sciencehead_uid)."'");
mysql_query("INSERT INTO schools (school,schoollang,schoollevel,board,district,phone,fax,address,city,province_code,postalcode,principal_uid,schoolemail,sciencehead_uid,accesscode,lastlogin,junior,intermediate,senior,registration_password,projectlimit,projectlimitper,year) VALUES (
'".mysql_real_escape_string($r->school)."',
'".mysql_real_escape_string($r->schoollang)."',
'".mysql_real_escape_string($r->schoollevel)."',
'".mysql_real_escape_string($r->board)."',
'".mysql_real_escape_string($r->district)."',
'".mysql_real_escape_string($r->phone)."',
'".mysql_real_escape_string($r->fax)."',
'".mysql_real_escape_string($r->address)."',
'".mysql_real_escape_string($r->city)."',
'".mysql_real_escape_string($r->province_code)."',
'".mysql_real_escape_string($r->postalcode)."',$puid,
'".mysql_real_escape_string($r->schoolemail)."',$shuid,
'".mysql_real_escape_string($r->accesscode)."',
$stmt = $pdo->prepare("INSERT INTO schools (school,schoollang,schoollevel,board,district,phone,fax,address,city,province_code,postalcode,principal_uid,schoolemail,sciencehead_uid,accesscode,lastlogin,junior,intermediate,senior,registration_password,projectlimit,projectlimitper,year) VALUES (
'".$r->school."',
'".$r->schoollang."',
'".$r->schoollevel."',
'".$r->board."',
'".$r->district."',
'".$r->phone."',
'".$r->fax."',
'".$r->address."',
'".$r->city."',
'".$r->province_code."',
'".$r->postalcode."',$puid,
'".$r->schoolemail."',$shuid,
'".$r->accesscode."',
NULL,
'".mysql_real_escape_string($r->junior)."',
'".mysql_real_escape_string($r->intermediate)."',
'".mysql_real_escape_string($r->senior)."',
'".mysql_real_escape_string($r->registration_password)."',
'".mysql_real_escape_string($r->projectlimit)."',
'".mysql_real_escape_string($r->projectlimitper)."',
'".mysql_real_escape_string($newfairyear)."')");
'".$r->junior."',
'".$r->intermediate."',
'".$r->senior."',
'".$r->registration_password."',
'".$r->projectlimit."',
'".$r->projectlimitper."',
'".$newfairyear."')");
$stmt->execute();
}
?>

17
sponsor_main.php
View File

@ -31,8 +31,9 @@
send_header("Sponsor Main", array());
$u=user_load($_SESSION['users_id']);
//print_r($u);
$q=mysql_query("SELECT * FROM sponsors WHERE id='".$u['sponsors_id']."'");
$sponsor=mysql_fetch_object($q);
$q=$pdo->prepare("SELECT * FROM sponsors WHERE id='".$u['sponsors_id']."'");
$q->execute();
$sponsor=$q->fetch(PDO::FETCH_OBJ);
//only display the named greeting if we have their name
echo i18n("Hello <b>%1</b>",array($_SESSION['name']));
@ -49,7 +50,7 @@
echo "</table>\n";
echo "<h2>Your Sponsorships</h2>\n";
$sq=mysql_query("SELECT fundraising_donations.id,
$sq=$pdo->prepare("SELECT fundraising_donations.id,
sponsors.organization,
fundraising_donations.value,
fundraising_donations.status,
@ -62,7 +63,8 @@
AND fundraising_goals.fiscalyear='{$config['FISCALYEAR']}'
AND sponsors.id='".$u['sponsors_id']."'
ORDER BY status DESC, probability DESC, organization");
echo mysql_error();
$sq->execute();
echo $pdo->errorInfo();
echo "<table class=\"tableview\">";
echo "<tr>";
@ -72,7 +74,7 @@
echo " <th>".i18n("Action")."</th>";
echo "</tr>\n";
$total=0;
while($sr=mysql_fetch_object($sq)) {
while($sr=$sq->fetch(PDO::FETCH-OBJ)) {
echo "<tr id=\"donations_$sr->id\" class=\"fundraising{$sr->status}\">";
echo "<td>$sr->name</td>\n";
echo "<td>$sr->status</td>";
@ -94,14 +96,15 @@
echo "<br />\n";
echo "<h2>Donor Levels</h2>\n";
$q=mysql_query("SELECT * FROM fundraising_donor_levels WHERE year='".$config['FISCALYEAR']."' ORDER BY max DESC");
$q=$pdo->prepare("SELECT * FROM fundraising_donor_levels WHERE year='".$config['FISCALYEAR']."' ORDER BY max DESC");
$q->execute();
echo "<table class=\"tableview\">";
echo "<th></th><th>".i18n("Level")."</th>";
echo "<th>".i18n("Description / Benefits")."</th>\n";
echo "<th>".i18n("Range")."</th>\n";
echo "</tr>\n";
$first=true;
while($r=mysql_fetch_object($q)) {
while($r=$q->fetch(PDO::FETCH_OBJ)) {
echo "<tr>";
echo "<td>";
if($total>=$r->min && $total<=$r->max) {

59
tableeditor.class.php
View File

@ -365,8 +365,9 @@ class TableEditor
$inputsize = 0;
//figure out what kind of input this should be
$q=mysql_query("SHOW COLUMNS FROM `{$this->table}` LIKE '$f'");
$r=mysql_fetch_object($q);
$q=$pdo->prepare("SHOW COLUMNS FROM `{$this->table}` LIKE '$f'");
$q->execute();
$r=$q->fetch(PDO::FETCH_OBJ);
if(ereg("([a-z]*)\(([0-9,]*)\)",$r->Type,$regs))
{
@ -466,8 +467,9 @@ class TableEditor
$query.=" FROM `{$this->table}`";
$query.=" WHERE {$this->primaryKey}='{$_GET['edit']}'";
if($this->DEBUG) echo $query;
$editquery=mysql_query($query);
$editdata=mysql_fetch_assoc($editquery);
$editquery=$pdo->prepare($query);
$editquery->execute();
$editdata=$editquery->fetch(PDO::FETCH_ASSOC);
return $editdata;
}
@ -503,12 +505,14 @@ class TableEditor
}
if($this->DEBUG) echo $query;
mysql_query($query);
$stmt = $pdo->prepare($query);
$stmt->execute();
}
function defaultDelete($keyval)
{
mysql_query("DELETE FROM {$this->table} WHERE {$this->primaryKey}='{$keyval}'");
$stmt = $pdo->prepare("DELETE FROM {$this->table} WHERE {$this->primaryKey}='{$keyval}'");
$stmt->execute();
echo happy(i18n("Successfully deleted %1",array($this->recordType)));
}
@ -586,8 +590,8 @@ class TableEditor
else if($inputtype == 'time') //r->Type=="time")
{
if($_POST[$f."_hour"]!="" && $_POST[$f."_minute"]!="") {
$editdata[$f] = "'".mysql_escape_string(stripslashes($_POST[$f."_hour"])).":".
mysql_escape_string(stripslashes($_POST[$f."_minute"])).":00'";
$editdata[$f] = "'".stripslashes($_POST[$f."_hour"]).":".
stripslashes($_POST[$f."_minute"]).":00'";
} else {
$editdata[$f] = 'NULL';
}
@ -608,13 +612,13 @@ class TableEditor
{
//chose the text field first, if its been filled in, otherwise, go with the select box
if($_POST[$f."_text"])
$editdata[$f] = "'".mysql_escape_string(stripslashes($_POST[$f."_text"]))."'";
$editdata[$f] = "'".stripslashes($_POST[$f."_text"])."'";
else if($_POST[$f."_select"])
$editdata[$f] = "'".mysql_escape_string(stripslashes($_POST[$f."_select"]))."'";
$editdata[$f] = "'".stripslashes($_POST[$f."_select"])."'";
else
{
//maybe the options were over-wridden, if so, just check the field name
$editdata[$f] = "'".mysql_escape_string(stripslashes($_POST[$f]))."'";
$editdata[$f] = "'".stripslashes($_POST[$f])."'";
}
}
@ -624,9 +628,9 @@ class TableEditor
//but allow them to enter http:// or https:// themselves.
//if no protocol is given, assume http://
if(substr(strtolower($_POST[$f]),0,4)=="http")
$editdata[$f] = "'".mysql_escape_string(stripslashes($_POST[$f]))."'";
$editdata[$f] = "'".stripslashes($_POST[$f])."'";
else
$editdata[$f] = "'http://".mysql_escape_string(stripslashes($_POST[$f]))."'";
$editdata[$f] = "'http://".stripslashes($_POST[$f])."'";
}
else if(substr($f,0,8)=="filename" && $this->uploadPath)
@ -637,7 +641,7 @@ class TableEditor
if(file_exists($this->uploadPath."/".$_FILES[$f]['name']))
echo error(i18n("A file with that filename already exists, it will be overwritten"));
move_uploaded_file($_FILES[$f]['tmp_name'],$this->uploadPath."/".$_FILES[$f]['name']);
$editdata[$f] = "'".mysql_escape_string(stripslashes($_FILES[$f]['name']))."'";
$editdata[$f] = "'".stripslashes($_FILES[$f]['name'])."'";
}
else
{
@ -653,9 +657,9 @@ class TableEditor
else
{
if($this->fieldValidation[$f])
$editdata[$f] = "'".mysql_escape_string(stripslashes(ereg_replace($this->fieldValidation[$f],"",$_POST[$f])))."'";
$editdata[$f] = "'".stripslashes(ereg_replace($this->fieldValidation[$f],"",$_POST[$f]))."'";
else
$editdata[$f] = "'".mysql_escape_string(stripslashes($_POST[$f]))."'";
$editdata[$f] = "'".stripslashes($_POST[$f])."'";
}
}
@ -691,9 +695,9 @@ class TableEditor
// if($this->DEBUG) echo $query;
// mysql_query($query);
if(mysql_error())
if($pdo->errorInfo())
{
echo error(i18n("Error $text_error %1: %2",array($this->recordType,mysql_error())));
echo error(i18n("Error $text_error %1: %2",array($this->recordType,$pdo->errorInfo())));
}
else
{
@ -811,7 +815,8 @@ class TableEditor
case "enum":
break;
case "select_or_text":
$optq=mysql_query("SELECT DISTINCT($f) AS $f FROM `{$this->table}` ORDER BY $f");
$optq=$pdo->prepare("SELECT DISTINCT($f) AS $f FROM `{$this->table}` ORDER BY $f");
$optq->execute();
if($this->fieldInputOptions[$f])
echo "<select ".$this->fieldInputOptions[$f]." id=\"".$f."_select\" name=\"".$f."_select\">";
else
@ -829,7 +834,7 @@ class TableEditor
}
// print_r($this->fieldOptions[$f]);
while($opt=mysql_fetch_object($optq))
while($opt=$optq->fetch(PDO::FETCH_OBJ))
{
if(is_array($this->fieldOptions[$f]) && in_array($opt->$f,$this->fieldOptions[$f]))
continue;
@ -1041,8 +1046,9 @@ class TableEditor
}
//put in some paganation stuff here.
$foundrowsq=mysql_query("SELECT FOUND_ROWS() AS f");
$foundrowsr=mysql_fetch_object($foundrowsq);
$foundrowsq=$pdo->prepare("SELECT FOUND_ROWS() AS f");
$foundrowsq->execute();
$foundrowsr=$foundrowsq->fetch(PDO::FETCH_OBJ);
$foundrows=$foundrowsr->f;
if($foundrows>$this->rowsPerPage)
@ -1138,7 +1144,7 @@ class TableEditor
echo " (Total: $foundrows)\n";
if(mysql_num_rows($q))
if($q->rowCount())
{
echo "<table cellspacing=\"0\" class=\"tableview\">";
echo "<tr>";
@ -1151,14 +1157,15 @@ class TableEditor
}
echo "<th>".i18n("Actions")."</th>";
echo "</tr>";
while($r=mysql_fetch_object($q))
while($r=$q->fetch(PDO::FETCH_OBJ))
{
echo "<tr>";
foreach($this->listfields AS $f=>$n)
{
//figure out what kind of input this should be
$typeq=mysql_query("SHOW COLUMNS FROM `{$this->table}` LIKE '$f'");
$typer=mysql_fetch_object($typeq);
$typeq=$pdo->prepare("SHOW COLUMNS FROM `{$this->table}` LIKE '$f'");
$typeq->execute();
$typer=$typeq->fetCh(PDO::fETCH_OBJ);
if($typer->Type=="time")
echo "<td valign=\"top\">".$this->format_time($r->$f)."</td>";
else if($typer->Type=="date")

21
tours.class.php
View File

@ -78,16 +78,17 @@ function tableEditorLoad()
// print("Loading Judge ID $id\n");
$q=mysql_query("SELECT tours.*
$q=$pdo->prepare("SELECT tours.*
FROM tours
WHERE tours.id='$id'");
echo mysql_error();
$q->execute();
echo $pdo->errorInfo();
/* We assume that the field names in the array we want to return
* are the same as those in the database, so we'll turn the entire
* query into a single associative array */
$j = mysql_fetch_assoc($q);
$j = $q->fetch(PDO::FETCH_ASSOC);
return $j;
}
@ -104,8 +105,9 @@ function tableEditorSave($data)
/* Construct an insert query if we have to */
if($this->id == false) {
$query = "INSERT INTO tours (id) VALUES ('')";
mysql_query($query);
$this->id = mysql_insert_id();
$stmt = $pdo->prepare($query);
$stmt->execute();
$this->id = $pdo->lastInsertId();
}
/* Give it a proper year when saving */
@ -123,7 +125,8 @@ function tableEditorSave($data)
$query .= " WHERE id='{$this->id}'";
// echo $query;
mysql_query($query);
$stmt = $pdo->prepare($query);
$stmt->execute();
}
@ -133,8 +136,10 @@ function tableEditorDelete()
$id = $this->id;
mysql_query("DELETE FROM tours_choice WHERE tour_id='$id' AND year=".$config['FAIRYEAR']."'");
mysql_query("DELETE FROM tours WHERE id='$id' AND year='".$config['FAIRYEAR']."'");
$stmt=$pdo->prepare("DELETE FROM tours_choice WHERE tour_id='$id' AND year=".$config['FAIRYEAR']."'");
$stmt->execute();
$stmt=$pdo->prepare("DELETE FROM tours WHERE id='$id' AND year='".$config['FAIRYEAR']."'");
$stmt->execute();
echo happy(i18n("Successfully removed tour from this year's fair"));
}

136
user.inc.php
View File

@ -107,8 +107,9 @@ function user_load_judge(&$u)
}
$specialawards=array();
if($u['special_award_only']=='yes') {
$q=mysql_query("SELECT * FROM judges_specialaward_sel WHERE users_id='{$u['id']}'");
while($r=mysql_fetch_object($q)) {
$q=$pdo->prepare("SELECT * FROM judges_specialaward_sel WHERE users_id='{$u['id']}'");
$q->execute();
while($r=$q->fetch(PDO::FETCH_OBJ)) {
$specialawards[]=$r->award_awards_id;
}
}
@ -143,8 +144,9 @@ function user_load_sponsor(&$u)
$u['sponsor_complete'] = ($u['sponsor_complete'] == 'yes') ? 'yes' : 'no';
$u['sponsor_active'] = ($u['sponsor_active'] == 'yes') ? 'yes' : 'no';
if($u['sponsors_id']) {
$q=mysql_query("SELECT * FROM sponsors WHERE id='{$u['sponsors_id']}'");
$u['sponsor']=mysql_fetch_assoc($q);
$q=$pdo->prepare("SELECT * FROM sponsors WHERE id='{$u['sponsors_id']}'");
$q->execute();
$u['sponsor']=$q->fetch(PDO::FETCH_ASSOC);
}
return true;
}
@ -200,7 +202,7 @@ function user_load($user, $uid = false)
$q=$pdo->query($query);
if($q->rowCount()!=1) {
// echo "Query [$query] returned ".mysql_num_rows($q)." rows\n";
// echo "Query [$query] returned ".$q->rowCount()." rows\n";
// echo "<pre>";
// print_r(debug_backtrace());
return false;
@ -297,11 +299,11 @@ function user_load_by_uid($uid)
function user_load_by_email($email)
{
/* Find the most recent uid for the email, regardless of deleted status */
$e = mysql_real_escape_string($email);
$q = mysql_query("SELECT uid FROM users WHERE email='$e' OR username='$e' ORDER BY year DESC LIMIT 1");
if(mysql_num_rows($q) == 1) {
$i = mysql_fetch_assoc($q);
$e = $email;
$q = $pdo->prepare("SELECT uid FROM users WHERE email='$e' OR username='$e' ORDER BY year DESC LIMIT 1");
$q->execute();
if($q->rowCount() == 1) {
$i = $q->fetch(PDO::FETCH_ASSOC);
return user_load_by_uid($i['uid']);
}
return false;
@ -309,9 +311,10 @@ function user_load_by_email($email)
function user_load_by_uid_year($uid, $year)
{
$q = mysql_query("SELECT id FROM users WHERE uid='$uid' AND year <= '$year'");
if(!mysql_num_rows($q)) return false;
$i = mysql_fetch_assoc($q);
$q = $pdo->prepare("SELECT id FROM users WHERE uid='$uid' AND year <= '$year'");
$q->execute();
if(!$q->rowCount()) return false;
$i = $q->fetch(PDO::FETCH_ASSOC);
return user_load($i['id']);
}
@ -320,8 +323,9 @@ function user_set_password($id, $password = NULL)
/* pass $u by reference so we can update it */
$save_old = false;
if($password == NULL) {
$q = mysql_query("SELECT passwordset FROM users WHERE id='$id'");
$u = mysql_fetch_assoc($q);
$q = $pdo->prepare("SELECT passwordset FROM users WHERE id='$id'");
$q->execute();
$u = $q->fetch(PDO::FETCH_ASSOC);
/* Generate a new password */
$password = user_generate_password(12);
/* save the old password only if it's not an auto-generated one */
@ -334,13 +338,13 @@ function user_set_password($id, $password = NULL)
$save_set = 'NOW()';
}
$p = mysql_escape_string($password);
$p = $password;
$set = ($save_old == true) ? 'oldpassword=password, ' : '';
$set .= "password='$p', passwordset=$save_set ";
$query = "UPDATE users SET $set WHERE id='$id'";
mysql_query($query);
echo mysql_error();
$stmt = $pdo->prepare($query);
echo $pdo->errorInfo();
return $password;
}
@ -364,17 +368,18 @@ function user_save_type_list($u, $db, $fields)
}
if(is_array($u[$f]))
$data = mysql_escape_string(serialize($u[$f]));
$data = serialize($u[$f]);
else
$data = mysql_escape_string(stripslashes($u[$f]));
$data = stripslashes($u[$f]);
$set .= "`$f`='$data'";
}
if($set != "") {
$query = "UPDATE $db SET $set WHERE users_id='{$u['id']}'";
mysql_query($query);
if(mysql_error()) {
echo mysql_error();
$stmt = $pdo->prepare($query);
$stmt->execute();
if($pdo->errorInfo()) {
echo $pdo->errorInfo();
echo error("Full query: $query");
}
}
@ -452,7 +457,8 @@ function user_save(&$u)
exit;
}
//give em a record, the primary key on the table takes care of uniqueness
$q=mysql_query("INSERT INTO users_$t (users_id) VALUES ('{$u['id']}')");
$q=$pdo->prepare("INSERT INTO users_$t (users_id) VALUES ('{$u['id']}')");
$q->execute();
}
@ -472,7 +478,7 @@ function user_save(&$u)
if($f == 'types')
$set .= "$f='".implode(',', $u[$f])."'";
else {
$data = mysql_escape_string(stripslashes($u[$f]));
$data = stripslashes($u[$f]);
$set .= "$f='$data'";
}
}
@ -481,9 +487,10 @@ function user_save(&$u)
// echo "</pre>";
if($set != "") {
$query = "UPDATE users SET $set WHERE id='{$u['id']}'";
mysql_query($query);
$stmt = $pdo->prepare($query);
$stmt->execute();
// echo "query=[$query]";
echo mysql_error();
echo $pdo->errorInfo();
}
/* Save the password if it changed */
@ -511,7 +518,8 @@ function user_save(&$u)
function user_delete_committee($u)
{
mysql_query("DELETE FROM committees_link WHERE users_uid='{$u['uid']}'");
$stmt = $pdo->prepare("DELETE FROM committees_link WHERE users_uid='{$u['uid']}'");
$stmt->execute();
}
function user_delete_volunteer($u)
@ -522,13 +530,18 @@ function user_delete_judge($u)
{
global $config;
$ids = array();
$q = mysql_query("SELECT id FROM users WHERE uid = '{$u['uid']}'");
while($row = mysql_fetch_assoc($q)) $ids[] = $row['id'];
$q = $pdo->prepare("SELECT id FROM users WHERE uid = '{$u['uid']}'");
$q->execute();
while($row = $q->fetch(PDO::FETCH_ASSOC)) $ids[] = $row['id'];
if(count($ids) > 0){
$idlist = implode(',', $ids);
mysql_query("DELETE FROM judges_teams_link WHERE users_id IN ($idlist)");
mysql_query("DELETE FROM judges_specialawards_sel WHERE users_id IN($idlist)");
$stmt = $pdo->prepare("DELETE FROM judges_teams_link WHERE users_id IN ($idlist)");
$stmt->execute();
$stmt = $pdo->prepare("DELETE FROM judges_specialawards_sel WHERE users_id IN($idlist)");
$stmt->execute();
}
}
function user_delete_fair($u)
@ -585,7 +598,9 @@ function user_delete($u, $type=false)
if($types != '') $types .= ',';
$types .= $t;
}
mysql_query("UPDATE users SET types='$types' WHERE uid='{$u['uid']}'");
$stmt = $pdo->prepare("UPDATE users SET types='$types' WHERE uid='{$u['uid']}'");
$stmt->execute();
} else {
$finish_delete = true;
}
@ -598,7 +613,9 @@ function user_delete($u, $type=false)
$finish_delete = true;
}
if($finish_delete == true) {
mysql_query("UPDATE users SET deleted='yes', deleteddatetime=NOW() WHERE uid='{$u['uid']}'");
$stmt = $pdo->prepare("UPDATE users SET deleted='yes', deleteddatetime=NOW() WHERE uid='{$u['uid']}'");
$stmt->execute();
}
}
@ -628,7 +645,8 @@ function user_purge($u, $type=false)
if($types != '') $types .= ',';
$types .= $t;
}
mysql_query("UPDATE users SET types='$types' WHERE id='{$u['id']}'");
$stmt = $pdo->prepare("UPDATE users SET types='$types' WHERE id='{$u['id']}'");
$stmt->execute();
} else {
$finish_purge = true;
}
@ -636,18 +654,21 @@ function user_purge($u, $type=false)
* out the entry */
call_user_func("user_delete_$type", $u);
// call_user_func("user_purge_$type", $u);
mysql_query("DELETE FROM users_$type WHERE users_id='{$u['id']}'");
$stmt = $pdo->prepare("DELETE FROM users_$type WHERE users_id='{$u['id']}'");
$stmt->execute();
} else {
/* Delete the whole user */
foreach($u['types'] as $t) {
call_user_func("user_delete_$t", $u);
// call_user_func("user_purge_$t", $u);
mysql_query("DELETE FROM users_$t WHERE users_id='{$u['id']}'");
$stmt = $pdo->prepare("DELETE FROM users_$t WHERE users_id='{$u['id']}'");
$stmt->execute();
}
$finish_purge = true;
}
if($finish_purge == true) {
mysql_query("DELETE FROM users WHERE id='{$u['id']}'");
$stmt = $pdo->prepare("DELETE FROM users WHERE id='{$u['id']}'");
$stmt->execute();
}
}
@ -657,12 +678,13 @@ function user_dupe_row($db, $key, $val, $newval)
{
global $config;
$nullfields = array('deleteddatetime'); /* Fields that can be null */
$q = mysql_query("SELECT * FROM $db WHERE $key='$val'");
if(mysql_num_rows($q) != 1) {
$q = $pdo->prepare("SELECT * FROM $db WHERE $key='$val'");
$q->execute();
if($q->rowCount() != 1) {
echo "ERROR duplicating row in $db: $key=$val NOT FOUND.\n";
exit;
}
$i = mysql_fetch_assoc($q);
$i = $q->fetch(PDO::FETCH_ASSOC);
$i[$key] = $newval;
foreach($i as $k=>$v) {
@ -671,7 +693,7 @@ function user_dupe_row($db, $key, $val, $newval)
else if($k == 'year')
$i[$k] = $config['FAIRYEAR'];
else
$i[$k] = '\''.mysql_escape_string($v).'\'';
$i[$k] = '\''.$v.'\'';
}
$keys = '`'.join('`,`', array_keys($i)).'`';
@ -679,10 +701,11 @@ function user_dupe_row($db, $key, $val, $newval)
$q = "INSERT INTO $db ($keys) VALUES ($vals)";
// echo "Dupe Query: [$q]";
$r = mysql_query($q);
echo mysql_error();
$r = $pdo->prepare($q);
$r->execute();
echo $pdo->errorInfo();
$id = mysql_insert_id();
$id = $pdo->errorInfo();
return $id;
}
/* Used by the login scripts to copy one user from one year to another */
@ -711,7 +734,8 @@ function user_dupe($u, $new_year)
}
$id = user_dupe_row('users', 'id', $u['id'], NULL);
$q = mysql_query("UPDATE users SET year='$new_year' WHERE id='$id'");
$q = $pdo->prepare("UPDATE users SET year='$new_year' WHERE id='$id'");
$q->execute();
/* Load the new user */
$u2 = user_load($id);
@ -755,20 +779,24 @@ function user_create($type, $username, $u = NULL)
{
global $config;
if(!is_array($u)) {
mysql_query("INSERT INTO users (`types`,`username`,`passwordset`,`created`,`year`,`deleted`)
$stmt = $pdo->prepare("INSERT INTO users (`types`,`username`,`passwordset`,`created`,`year`,`deleted`)
VALUES ('$type','$username','0000-00-00', NOW(), '{$config['FAIRYEAR']}','no')");
echo mysql_error();
$uid = mysql_insert_id();
$stmt->execute();
echo $pdo->errorInfo();
$uid = $pdo->lastInsertId();
if(user_valid_email($username)) {
mysql_query("UPDATE users SET email='$username' WHERE id='$uid'");
$stmt = $pdo->prepare("UPDATE users SET email='$username' WHERE id='$uid'");
$stmt->execute();
}
mysql_query("UPDATE users SET uid='$uid' WHERE id='$uid'");
echo mysql_error();
$stmt = $pdo->prepare("UPDATE users SET uid='$uid' WHERE id='$uid'");
$stmt->execute();
echo $pdo->errorInfo();
user_set_password($uid, NULL);
/* Since the user already has a type, user_save won't create this
* entry for us, so do it here */
mysql_query("INSERT INTO users_$type (users_id) VALUES('$uid')");
echo mysql_error();
$stmt = $pdo->prepare("INSERT INTO users_$type (users_id) VALUES('$uid')");
$stmt->execute();
echo $pdo->errorInfo();
/* Load the complete user */
$u = user_load($uid);
// echo "user_create / user_load($uid) returned <pre>";

16
user_invite.php
View File

@ -31,7 +31,7 @@
/* AJAX query */
if(intval($_GET['ajax']) == 1) {
/* Do ajax processing for this file */
$email = mysql_escape_string(stripslashes($_GET['email']));
$email = stripslashes($_GET['email']);
$type = $_GET['type'];
/* Sanity check type */
@ -40,13 +40,14 @@
exit;
}
$q = mysql_query("SELECT id FROM users WHERE email='$email' ORDER BY year DESC");
if(mysql_num_rows($q) == 0) {
$q = $pdo->prepare("SELECT id FROM users WHERE email='$email' ORDER BY year DESC");
$q->execute();
if($q->rowCount() == 0) {
/* User doesn't exist */
echo "notexist\n";
exit;
}
$u = mysql_fetch_assoc($q);
$u = $q->fetch(PDO::FETCH_ASSOC);
$u = user_load($u['id']);
if($u['deleted'] == 'yes') {
@ -174,9 +175,10 @@
if(!in_array($action, $allowed_actions))
exit;
$q = mysql_query("SELECT id FROM users WHERE email='$email' ORDER BY year DESC");
if(mysql_num_rows($q) > 0) {
$u = mysql_fetch_assoc($q);
$q = $pdo->prepare("SELECT id FROM users WHERE email='$email' ORDER BY year DESC");
$q->execute();
if($q->rowCount() > 0) {
$u = $q->fetch(PDO::FETCH_ASSOC);
$u = user_load($u['id']);
} else {
$u = NULL;

9
user_login.php
View File

@ -56,7 +56,7 @@
$q->execute();
if($q->rowCount() < 1) return false;
#$r = mysql_fetch_object($q);
#$r = $q->fetch(PDO::FETCH_OBJ);
$r = $q->fetch(PDO::FETCH_OBJ);
/* See if the user account has been deleted */
@ -321,9 +321,10 @@
$email = $_POST['email'];
if(user_valid_email($email)) {
/* valid email address */
$e = mysql_escape_string($email);
$q=mysql_query("SELECT * FROM users WHERE (username='$e' OR email='$e') ORDER BY year DESC LIMIT 1");
$r=mysql_fetch_object($q);
$e = $email;
$q=$pdo->prepare("SELECT * FROM users WHERE (username='$e' OR email='$e') ORDER BY year DESC LIMIT 1");
$q->execute();
$r=$q->fetch(PDO::FETCH_OBJ);
if($r) {
$fn = trim($_POST['fn']);
$ln = trim($_POST['ln']);

16
user_new.php
View File

@ -100,10 +100,10 @@
* this is the one time I wish php had a goto statement. */
switch($action) {
case 'new':
$data_fn = mysql_escape_string(stripslashes($_POST['fn']));
$data_ln = mysql_escape_string(stripslashes($_POST['ln']));
$data_fn = stripslashes($_POST['fn']);
$data_ln = stripslashes($_POST['ln']);
$data_email = stripslashes($_POST['email']);
$sql_email = mysql_escape_string($data_email);
$sql_email = $data_email;
$registrationpassword = $_POST['registrationpassword'];
/* Check the registration singlepassword */
@ -115,19 +115,21 @@
}
/* See if this email already exists */
$q = mysql_query("SELECT id,types,MAX(year) AS year,deleted FROM users WHERE (email='$sql_email' OR username='$sql_email' )");
$q = $pdo->prepare("SELECT id,types,MAX(year) AS year,deleted FROM users WHERE (email='$sql_email' OR username='$sql_email' )");
$q->execute();
//select *, max(year) from users where username=sql_email
//if deleted and year = current yera - just undelete
//if deleted and year != current yera - proceed normally and recreate the user
if(mysql_num_rows($q) > 0) {
if($q->rowCount() > 0) {
/* It already exists, make sure they're not already in this role */
$r = mysql_fetch_object($q);
$r = $q->fetch(PDO::FETCH_OBJ);
$types = explode(',', $r->types);
if($r->year==$config['FAIRYEAR'] && $r->deleted=='yes') {
mysql_query("UPDATE users SET deleted='no' WHERE id='$r->id'");
$stmt = $pdo->prepare("UPDATE users SET deleted='no' WHERE id='$r->id'");
$stmt->execute();
message_push(happy(i18n("Your account has been undeleted")));
message_push(notice(i18n("Use the 'recover password' option on the %1 {$user_what[$type]} login page %2 if you have forgotten your password",
array("<a href=\"user_login.php?type=$type\">", "</a>"))));

8
user_password.php
View File

@ -61,13 +61,13 @@
if($_POST['action']=="save")
{
$pass = mysql_escape_string($_POST['pass1']);
$pass = $_POST['pass1'];
//first, lets see if they choosed the same password again (bad bad bad)
$q=mysql_query("SELECT password FROM users WHERE
$q=$pdo->prepare("SELECT password FROM users WHERE
id='{$_SESSION['users_id']}'
AND password='$pass'");
if(mysql_num_rows($q))
$q->execute();
if($q->rowCount())
message_push(error(i18n("You cannot choose the same password again. Please choose a different password")));
else if(!$_POST['pass1'])
message_push(error(i18n("New Password is required")));

9
user_personal.php
View File

@ -137,7 +137,7 @@ case 'save':
/* Trying to save a committee member eh? Well, we established above
* that we're allowed to be here, so go ahead and save it */
$u['displayemail'] = ($_POST['displayemail'] == 'yes') ? 'yes' : 'no';
$u['emailprivate'] = mysql_real_escape_string(stripslashes($_POST['emailprivate']));
$u['emailprivate'] = stripslashes($_POST['emailprivate']);
if(committee_auth_has_access('super')) {
/* But only superusers can save these ones */
@ -149,9 +149,10 @@ case 'save':
/* Check for an email collision */
$em = mysql_escape_string(stripslashes($_POST['email']));
$q=mysql_query("SELECT *,max(year) FROM users WHERE email='$em' HAVING uid!='{$u['uid']}' AND deleted='no' ");
if(mysql_num_rows($q) > 0) {
$em = stripslashes($_POST['email']);
$q=$pdo->prepare("SELECT *,max(year) FROM users WHERE email='$em' HAVING uid!='{$u['uid']}' AND deleted='no' ");
$q->execute();
if($q->rowCount()> 0) {
error_("That email address is in use by another user");
echo "email error";
$save = false;

5
volunteer.inc.php
View File

@ -31,8 +31,9 @@ function volunteer_status_position($u)
/* See if they have selected something */
$q = "SELECT * FROM volunteer_positions_signup WHERE users_id='{$u['id']}'
AND year='{$config['FAIRYEAR']}'";
$r = mysql_query($q);
if(mysql_num_rows($r) >= 1) {
$r = $pdo->prepare($q);
$r->execute();
if($r->rowCount() >= 1) {
return "complete";
}
return "incomplete";

25
volunteer_position.php
View File

@ -44,8 +44,9 @@
/* Load available IDs */
$posns = array();
$q = "SELECT * FROM volunteer_positions WHERE year='{$config['FAIRYEAR']}'";
$r = mysql_query($q);
while($p = mysql_fetch_object($r)) {
$r = $pdo->prepare($q);
$r->execute();
while($p = $r->fetch(PDO::FETCH_OBJ)) {
$posns[] = $p->id;
}
@ -59,18 +60,20 @@
}
/* Delete existing selections */
mysql_query("DELETE FROM volunteer_positions_signup
$stmt = $pdo->prepare("DELETE FROM volunteer_positions_signup
WHERE
users_id='{$u['id']}'
AND year='{$config['FAIRYEAR']}' ");
echo mysql_error();
$stmt->execute();
echo $pdo->errorInfo();
/* Add new selections if there are any */
if($vals != '') {
$q = "INSERT INTO volunteer_positions_signup (users_id, volunteer_positions_id,year)
VALUES $vals";
$r=mysql_query($q);
echo mysql_error();
$r=$po->prepare($q);
$r->execute();
echo $pdo->errorInfo();
}
@ -110,17 +113,19 @@ if($_SESSION['embed'] == true) {
$q = "SELECT * FROM volunteer_positions_signup WHERE
users_id = '{$u['id']}'
AND year='{$config['FAIRYEAR']}'";
$r = mysql_query($q);
$r = $pdo->prepare($q);
$r->execute();
$checked_positions = array();
while($p = mysql_fetch_object($r)) {
while($p = $r->fetch(PDO::FETCH_OBJ)) {
$checked_positions[] = $p->volunteer_positions_id;
}
/* Load available volunteer positions */
$q = "SELECT *,UNIX_TIMESTAMP(start) as ustart, UNIX_TIMESTAMP(end) as uend
FROM volunteer_positions WHERE year='{$config['FAIRYEAR']}'";
$r = mysql_query($q);
while($p = mysql_fetch_object($r)) {
$r = $pdo->prepare($q);
$r->execute();
while($p = $r->fetch(PDO::FETCH_OBJ)) {
echo '<tr><td>';

39
winners.php
View File

@ -37,7 +37,7 @@ if($_GET['year'] && $_GET['type']) {
$show_unawarded_awards="no";
$show_unawarded_prizes="no";
$year=intval($_GET['year']);
$type=mysql_real_escape_string($_GET['type']);
$type=$_GET['type'];
echo "<h2>".i18n("%1 ".$type." Award Winners",array($_GET['year']))."</h2>";
@ -45,8 +45,9 @@ if($_GET['year'] && $_GET['type']) {
//first, lets make sure someone isnt tryint to see something that they arent allowed to!
//but only if the year they want is the FAIRYEAR. If they want a past year, thats cool
if($_GET['year']>=$config['FAIRYEAR']) {
$q=mysql_query("SELECT (NOW()>'".$config['dates']['postwinners']."') AS test");
$r=mysql_fetch_object($q);
$q=$pdo->prepare("SELECT (NOW()>'".$config['dates']['postwinners']."') AS test");
$q->execute();
$r=$q->fetch(PDO::FETCH_OBJ);
if($r->test!=1)
{
echo error(i18n("Crystal ball says future is very hard to see!"));
@ -57,7 +58,7 @@ if($_GET['year'] && $_GET['type']) {
if($ok)
{
$q=mysql_query("SELECT
$q=$pdo->prepare("SELECT
award_awards.id,
award_awards.name,
award_awards.order AS awards_order,
@ -73,15 +74,15 @@ if($_GET['year'] && $_GET['type']) {
ORDER BY
awards_order");
echo mysql_error();
echo $pdo->errorInfo();
if(mysql_num_rows($q))
if($q->rowCount())
{
echo "<a href=\"winners.php\">".i18n("Back to Winners main page")."</a>";
echo "<br />";
while($r=mysql_fetch_object($q))
while($r=$q->fetch(PDO::FETCH_OBJ))
{
$pq=mysql_query("SELECT
$pq=$pdo->prepare("SELECT
award_prizes.prize,
award_prizes.number,
award_prizes.id,
@ -100,17 +101,19 @@ if($_GET['year'] && $_GET['type']) {
AND award_prizes.year='$year'
ORDER BY
`order`");
echo mysql_error();
$pq->execute();
echo $pdo->errorInfo();
$awarded_count = 0;
if($show_unawarded_awards=="no")
{
while($pr=mysql_fetch_object($pq))
while($pr=$pq->fetch(PDO::FETCH_OBJ))
{
if($pr->projectnumber)
{
$awarded_count++;
}
}
// Still have to find the PDO equivalent
mysql_data_seek($pq, 0);
}
if($show_unawarded_awards=="yes" || $awarded_count > 0)
@ -119,7 +122,7 @@ if($_GET['year'] && $_GET['type']) {
}
$prevprizeid=-1;
while($pr=mysql_fetch_object($pq))
while($pr=$pq->fetch(PDO::FETCH_OBJ))
{
if(!($pr->projectnumber) && $show_unawarded_prizes=="no")
{
@ -153,7 +156,7 @@ if($_GET['year'] && $_GET['type']) {
echo "&nbsp&nbsp;&nbsp;&nbsp;";
echo "($pr->projectnumber) ".htmlspecialchars($pr->title);
$sq=mysql_query("SELECT students.firstname,
$sq=$pdo->prepare("SELECT students.firstname,
students.lastname,
students.schools_id,
students.webfirst,
@ -167,11 +170,12 @@ if($_GET['year'] && $_GET['type']) {
students.registrations_id='$pr->reg_id'
AND students.schools_id=schools.id
");
$sq->execute();
$studnum=0;
$students="";
$schools=array();
while($studentinfo=mysql_fetch_object($sq))
while($studentinfo=$sq->fetch([PDO::FETCH_OBJ]))
{
if($studnum>0 && $prev) $students.=", ";
@ -242,7 +246,7 @@ else
$first=true;
if($q->rowCount())
{
while($r=mysql_fetch_object($q))
while($r=$q->fetch(PDO::FETCH_OBJ))
{
if($first && $r->year != $config['FAIRYEAR'])
{
@ -258,7 +262,7 @@ else
//do this each time, because each year the names of the award types could change, along with what is actually given out.
//
$tq=mysql_query("SELECT
$tq=$pdo->prepare("SELECT
DISTINCT(award_types.type) AS type
FROM
winners,
@ -273,8 +277,9 @@ else
ORDER BY
award_types.order
");
echo mysql_error();
while($tr=mysql_fetch_object($tq)) {
$tq->execute();
echo $pdo->errorInfo();
while($tr=$tq->fetch(PDO::FETCH_OBJ)) {
echo "&nbsp;&nbsp;<a href=\"winners.php?year=$r->year&type=$tr->type\">".i18n("%1 $tr->type award winners",array($r->year))."</a><br />";
}
echo "<br />";