Removed Chat

Ethics questions can now be asked as a required field for each project. 
To activate this feature navigate to Configuration >> Configuration Variables >> Participant Registration 
and change  “Ask if the project requires human and/or animal participants” to “Yes”. 

All projects with human and/or animal participants can be selected using the Report Editor.

Under “Input Received Signature Forms” a button called “Receive All” was created. 
Clicking this button will cause the program to assign project numbers and mark the 
signature page as received for all students who have completed the registration process. 
Confirmation emails are sent to each student that had their signature page marked as received.

"Remove Old Judge Data" and "Remove Old Emergency Contact/Parent Data" was added to
"Database Backup/Restore".  These permanently remove all information from the database 
about these two respective groups.  This means that all historical data will be lost but  
the most recent information about judges and emergency contacts remains. Cleaning the database 
this way dramatically improves the speed of the user editor.  Make sure the database has been
backed up before trying these.

The judge's name now appears on the cancellation popup window when deleting an individual judge.

admin/anneal.inc.php

@@ -1,5 +1,28 @@
-<?php
+<?
+/* 
+   This file is part of the 'Science Fair In A Box' project
+   SFIAB Website: http://www.sfiab.ca
 
+   Copyright (C) 2005-2008 Sci-Tech Ontario Inc <info@scitechontario.org>
+   Copyright (C) 2008-2012 Youth Science Ontario <info@youthscienceontario.ca>
+   Copyright (C) 2005-2012 James Grant <james@lightbox.org>
+
+   This program is free software; you can redistribute it and/or
+   modify it under the terms of the GNU General Public
+   License as published by the Free Software Foundation, version 2.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+    General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program; see the file COPYING.  If not, write to
+   the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
+   Boston, MA 02111-1307, USA.
+*/
+?>
+<?
 
 class annealer {
 
@@ -309,6 +332,11 @@ class annealer {
 			
 			if($temperature < 0.1 && $last_cost_count > 10) 
 				break;
+
+			//if we go 1 million iterations without changing the cost, lets give up
+			if($last_cost_count>1000000)
+				break;
+
 //			TRACE("Cost is {$this->cost}\n");
 			$temperature *= $this->rate;
             /*

admin/award_awards.php

@@ -261,9 +261,9 @@
 	while($r = mysql_fetch_assoc($q)) {
 		echo "<tr><td style=\"padding-left:1em;padding-right:1em\">{$r['name']}</td>";
 		$ch = $dl[$r['id']] == true ? 'checked="checked"' : '';
-		echo "<td style=\"text-align:center\"><input type=\"checkbox\" name=\"feeder_dl[]\" value=\"{$r['id']} $ch \"></td>";
+		echo "<td style=\"text-align:center\"><input type=\"checkbox\" name=\"feeder_dl[]\" value=\"{$r['id']}\" $ch ></td>";
 		$ch = $ul[$r['id']] == true ? 'checked="checked"' : '';
-		echo "<td style=\"text-align:center\"><input type=\"checkbox\" name=\"feeder_ul[]\" value=\"{$r['id']} $ch \"></td>";
+		echo "<td style=\"text-align:center\"><input type=\"checkbox\" name=\"feeder_ul[]\" value=\"{$r['id']}\" $ch ></td>";
 		echo '</tr>';
 	}
 ?>

admin/committees.php

@@ -302,7 +302,7 @@ if($_GET['unlinkmember'] && $_GET['unlinkcommittee']) {
 			echo "<td colspan=\"3\">";
 			echo "<input type=\"hidden\" name=\"committees_id[]\" value=\"$r->id\" />";
 			echo "<input size=\"1\" type=\"text\" name=\"committees_ord[]\" value=\"$r->ord\" />";
-			echo "&nbsp; <b>$r->name</b>";
+			echo "&nbsp; <b>".i18n($r->name)."</b>";
 
 
 			$q2=mysql_query("SELECT 

admin/communication.inc.php

@@ -1,7 +1,10 @@
 <?
+// This file was modified Jan of 2014 by Richard Sin
+// A glitch that grabs old emails has been resolved.
+
 	$mailqueries=array(
 		"committee_all"=>array("name"=>"Committee members (all)","query"=>
-			"SELECT firstname, lastname, organization, email FROM users WHERE types LIKE '%committee%' AND deleted='no' GROUP BY uid"),
+			"SELECT u.firstname, u.lastname, u.organization, u.email, u.deleted, q.year FROM users AS u INNER JOIN (SELECT uid, max(year) AS year FROM users GROUP BY uid) AS q ON u.uid = q.uid AND u.year = q.year WHERE u.types LIKE '%committee%' AND u.deleted='no' GROUP BY `u`.`id` ASC"),
 
 		/* The WHERE clause evaluates which rows to add to the GROUP
 		BY, the HAVING clase evaluates which grouped rows show up.  We
@@ -11,24 +14,32 @@
 		end up picking up a user active in, say 2007 and 2008, but
 		deleted in 2009. */
 		"judges_all"=>array("name"=>"Judges from all years (except deleted judges)","query"=>
-			"SELECT firstname, lastname, email, deleted, MAX(year) 
-				FROM users WHERE types LIKE '%judge%' GROUP BY uid HAVING deleted='no' ORDER BY email"),
+			"SELECT u.firstname, u.lastname, u.email, u.deleted, q.year FROM users AS u INNER JOIN (SELECT uid, max(year) AS year FROM users GROUP BY uid ) AS q ON u.uid = q.uid AND u.year = q.year WHERE u.types LIKE '%judge%' AND u.deleted='no' ORDER BY `u`.`email` ASC"),
 
-		"judges_active_thisyear"=>array("name"=>"Judges active for this year", "query"=>
+		"judges_active_lastyear"=>array("name"=>"Judges (all) active from last year", "query"=>
+			"SELECT firstname, lastname, email FROM users LEFT JOIN users_judge ON users_judge.users_id=users.id WHERE types LIKE '%judge%' AND year='".($config['FAIRYEAR']-1)."' AND deleted='no' AND users_judge.judge_active='yes' ORDER BY email"),
+
+		"judges_active_thisyear"=>array("name"=>"Judges (all) active for this year", "query"=>
 			"SELECT firstname, lastname, email FROM users LEFT JOIN users_judge ON users_judge.users_id=users.id WHERE types LIKE '%judge%' AND year='{$config['FAIRYEAR']}' AND deleted='no' AND users_judge.judge_active='yes' ORDER BY email"),
 
-		"judges_inactive"=>array("name"=>"Judges not active for this year", "query"=>
+		"judges_div_active_thisyear"=>array("name"=>"Judges (regular judges only) active for this year", "query"=>
+			"SELECT firstname, lastname, email FROM users LEFT JOIN users_judge ON users_judge.users_id=users.id WHERE types LIKE '%judge%' AND year='{$config['FAIRYEAR']}' AND deleted='no' AND users_judge.judge_active='yes' AND (users_judge.special_award_only='no' OR users_judge.special_award_only='' OR users_judge.special_award_only IS NULL) ORDER BY email"),
+
+		"judges_spec_active_thisyear"=>array("name"=>"Judges (special award judges only) active for this year", "query"=>
+			"SELECT firstname, lastname, email FROM users LEFT JOIN users_judge ON users_judge.users_id=users.id WHERE types LIKE '%judge%' AND year='{$config['FAIRYEAR']}' AND deleted='no' AND users_judge.judge_active='yes' AND users_judge.special_award_only='yes' ORDER BY email"),
+
+		"judges_inactive"=>array("name"=>"Judges (all) not active for this year", "query"=>
 			"SELECT firstname, lastname, email, judge_active, deleted, MAX(year) 
 				FROM users LEFT JOIN users_judge ON users_judge.users_id=users.id 
 				WHERE types LIKE '%judge%'
 				GROUP BY uid HAVING  deleted='no' AND ((max(year)='{$config['FAIRYEAR']}' AND judge_active='no') OR max(year)<'{$config['FAIRYEAR']}')
 				ORDER BY email"),
 
-		"judges_active_complete_thisyear"=>array("name"=>"Judges active for this year and complete", "query"=>
+		"judges_active_complete_thisyear"=>array("name"=>"Judges (all) active for this year and complete", "query"=>
 			"SELECT firstname, lastname, email FROM users LEFT JOIN users_judge ON users_judge.users_id=users.id WHERE types LIKE '%judge%' AND year='{$config['FAIRYEAR']}' AND users_judge.judge_complete='yes' AND deleted='no' AND users_judge.judge_active='yes' ORDER BY email"),
 
-		"judges_active_incomplete_thisyear"=>array("name"=>"Judges active for this year but not complete", "query"=>
-			"SELECT firstname, lastname, email FROM users LEFT JOIN users_judge ON users_judge.users_id=users.id WHERE types LIKE '%judge%' AND year='{$config['FAIRYEAR']}' AND users_judge.judge_complete='no' AND deleted='no' AND users_judge.judge_active='yes' ORDER BY email"),
+		"judges_active_incomplete_thisyear"=>array("name"=>"Judges (all) active for this year but not complete", "query"=>
+			"SELECT firstname, lastname, email FROM users LEFT JOIN users_judge ON users_judge.users_id=users.id WHERE types LIKE '%judge%' AND year='{$config['FAIRYEAR']}' AND (users_judge.judge_complete!='yes' OR users_judge.judge_complete IS NULL) AND deleted='no' AND users_judge.judge_active='yes' ORDER BY email"),
 
 		"participants_complete_thisyear"=>array("name"=>"Participants complete this year","query"=>
 			"SELECT firstname, lastname, students.email FROM students,registrations WHERE students.registrations_id=registrations.id AND registrations.year='".$config['FAIRYEAR']."' AND ( registrations.status='complete' OR registrations.status='paymentpending') ORDER BY students.email"),
@@ -56,6 +67,28 @@
 			WHERE award_awards.cwsfaward='1' AND winners.year='".$config['FAIRYEAR']."'
 			ORDER BY students.email"),
 
+		"participants_cwsf_lastyear"=>array("name"=>"CWSF Winners from last year","query"=>"
+		SELECT DISTINCT students.firstname, students.lastname, students.email 
+			FROM award_awards
+			JOIN award_prizes ON award_prizes.award_awards_id=award_awards.id
+			JOIN winners ON winners.awards_prizes_id=award_prizes.id
+			JOIN projects ON winners.projects_id=projects.id
+			JOIN registrations ON projects.registrations_id=registrations.id
+			JOIN students ON students.registrations_id=registrations.id
+			WHERE award_awards.cwsfaward='1' AND winners.year='".($config['FAIRYEAR']-1)."'
+			ORDER BY students.email"),
+
+		"participants_cwsf_allyears"=>array("name"=>"CWSF Winners from all years","query"=>"
+		SELECT DISTINCT students.firstname, students.lastname, students.email 
+			FROM award_awards
+			JOIN award_prizes ON award_prizes.award_awards_id=award_awards.id
+			JOIN winners ON winners.awards_prizes_id=award_prizes.id
+			JOIN projects ON winners.projects_id=projects.id
+			JOIN registrations ON projects.registrations_id=registrations.id
+			JOIN students ON students.registrations_id=registrations.id
+			WHERE award_awards.cwsfaward='1'
+			ORDER BY students.email"),
+
 		"sponsors"=>array("name"=>"Organization sponsors","query"=>
 			"SELECT id, organization, email FROM sponsors WHERE email!='' ORDER BY email"),
 
@@ -88,6 +121,51 @@
                 ORDER BY users.email
                 "),
 
+		"sponsors_specialawards"=>array("name"=>"Organization sponsors for Special Awards","query"=>
+			"SELECT DISTINCT sponsors.id, organization, email 
+			FROM sponsors 
+			JOIN award_awards ON sponsors.id=award_awards.sponsors_id
+			WHERE 
+				email!='' 
+				AND award_awards.award_types_id=2
+			ORDER BY email"),
+
+
+		"sponsors_primarycontacts_specialawards"=>array("name"=>"Organization sponsors for Special Awards (primary contacts)","query"=>
+			"SELECT DISTINCT uid, MAX(users.year) AS year, sponsors.organization, users.firstname, users.lastname, users.email, deleted, users_sponsor.primary 
+                FROM sponsors, 
+                        users_sponsor, 
+                        users,
+						award_awards 
+                WHERE 
+                    users.id=users_sponsor.users_id
+                    AND users_sponsor.sponsors_id=sponsors.id
+                    AND users.types LIKE '%sponsor%'
+                    AND users.email!=''
+					AND sponsors.id=award_awards.sponsors_id
+					AND award_awards.award_types_id=2
+                GROUP BY uid 
+                HAVING deleted='no' AND users_sponsor.primary='yes'
+                ORDER BY users.email
+                "),
+
+		"sponsors_allcontacts_specialawards"=>array("name"=>"Organization sponsors for Special Awards (all contacts)","query"=>
+			"SELECT DISTINCT(users.email), sponsors.organization, users.firstname, users.lastname, users.email 
+                FROM sponsors, 
+                        users_sponsor, 
+                        users,
+						award_awards 
+                WHERE 
+                    users.id=users_sponsor.users_id
+                    AND users_sponsor.sponsors_id=sponsors.id
+                    AND users.types LIKE '%sponsor%'
+                    AND users.deleted='no'
+                    AND users.email!=''
+					AND sponsors.id=award_awards.sponsors_id
+					AND award_awards.award_types_id=2
+                ORDER BY users.email
+                "),
+
 /*
 		"special_award_sponsors_unconfirmed"=>array("name"=>"Special award sponsors (unconfirmed only)","query"=>
 			"SELECT DISTINCT(award_sponsors.id), organization, firstname, lastname, award_contacts.email FROM award_sponsors, award_awards, award_contacts WHERE award_awards.sponsors_id=award_sponsors.id AND award_contacts.award_sponsors_id=award_sponsors.id AND award_sponsors.confirmed='no' AND award_awards.award_types_id='2' AND award_contacts.year='".$config['FAIRYEAR']."'"),
@@ -97,15 +175,28 @@
 
 */
 		"school_principals"=>array("name"=>"School principals","query"=>
-			"SELECT school, principal AS firstname, schoolemail AS email FROM schools WHERE schools.year='".$config['FAIRYEAR']."' AND schoolemail!=''"),
+			"SELECT schools.principal_uid AS uid, schools.school, users.firstname AS firstname, users.lastname AS lastname, users.email AS email FROM schools 
+			JOIN users ON schools.principal_uid=users.uid AND users.id=(SELECT id FROM users WHERE users.uid=schools.principal_uid ORDER BY `year` DESC LIMIT 1)
+				WHERE schools.year='".$config['FAIRYEAR']."' AND users.email!=''"),
+
 		"school_scienceheads"=>array("name"=>"School science heads","query"=>
-			"SELECT school, sciencehead AS firstname, scienceheademail AS email FROM schools WHERE schools.year='".$config['FAIRYEAR']."' AND scienceheademail!=''"),
+			"SELECT schools.sciencehead_uid AS uid, schools.school, users.firstname AS firstname, users.lastname AS lastname, users.email AS email FROM schools 
+			JOIN users ON schools.sciencehead_uid=users.uid AND users.id=(SELECT id FROM users WHERE users.uid=schools.sciencehead_uid ORDER BY `year` DESC LIMIT 1)
+				WHERE schools.year='".$config['FAIRYEAR']."' AND users.email!=''"),
+                "school_with_project_thisyear"=>array("name"=>"Schools with projects this year","query"=>
+                        "SELECT  DISTINCT(sc.schoolemail) AS email, sc.school AS firstname FROM students AS st LEFT JOIN schools AS sc ON sc.id = st.schools_id WHERE st.year = ".$config['FAIRYEAR']." AND LENGTH( sc.schoolemail ) !=0 ORDER BY email
+"),
+
+		"school_thisyear"=>array("name"=>"Schools this year","query"=>
+			"SELECT school AS firstname, schoolemail AS email FROM `schools` WHERE `year` ='".$config['FAIRYEAR']."' GROUP BY schoolemail"),
 		"school_teachers_thisyear"=>array("name"=>"Teachers (as entered by students) this year","query"=>
-			"SELECT DISTINCT(teacheremail) AS email, teachername AS firstname FROM students WHERE year='".$config['FAIRYEAR']."' AND teacheremail!=''"),
+			"SELECT teachername AS firstname, teacheremail AS email FROM students WHERE year = '".$config['FAIRYEAR']."' GROUP BY teacheremail"),
+
 		"school_teachers_lastyear"=>array("name"=>"Teachers (as entered by students) last year","query"=>
-			"SELECT DISTINCT(teacheremail) AS email, teachername AS firstname FROM students WHERE year='".($config['FAIRYEAR']-1)."' AND teacheremail!=''"),
+			"SELECT teachername AS firstname, teacheremail AS email FROM students WHERE year = '".($config['FAIRYEAR']-1)."' GROUP BY teacheremail"),
+
 		"school_teachers_allyears"=>array("name"=>"Teachers (as entered by students) all years","query"=>
-			"SELECT DISTINCT(teacheremail) AS email, teachername AS firstname FROM students WHERE teacheremail!=''"),
+			"SELECT teachername AS firstname, teacheremail AS email FROM students GROUP BY teacheremail"),
 /* Volunteers */
 		"volunteers_active_complete_thisyear"=>array("name"=>"Volunteers active for this year and complete", "query"=>
 			"SELECT id, firstname, lastname, email FROM users LEFT JOIN users_volunteer ON users_volunteer.users_id=users.id WHERE users.year='{$config['FAIRYEAR']}' AND users_volunteer.volunteer_complete='yes' AND users_volunteer.volunteer_active='yes' AND users.deleted='no' AND types LIKE '%volunteer%' ORDER BY email"),

admin/communication.php

@@ -24,6 +24,8 @@
 <?
  require_once("../common.inc.php");
  require_once("../user.inc.php");
+ include "communication.inc.php";
+
  user_auth_required('committee', 'admin');
 
  function launchQueue() {
@@ -309,6 +311,7 @@ case 'dialog_edit':
 					<option value="REGNUM">[REGNUM]</option>
 					<option value="URLMAIN">[URLMAIN]</option>
 					<option value="URLLOGIN">[URLLOGIN]</option>
+					<option value="ACCESSCODE" title="School Access Code">[ACCESSCODE]</option>
 					</select>
 				</td></tr></table>
 		</td>
@@ -643,9 +646,20 @@ case "email_get_list":
 		echo "ok";
 	 }
 	 exit;
+
+	case 'loadaddresses':
+		if($_GET['query'] && array_key_exists($_GET['query'],$mailqueries)) {
+			$q=mysql_query($mailqueries[$_GET['query']]['query']);
+			while($r=mysql_fetch_object($q)) {
+				if($r->organization) $s="($r->organization) ";
+				else $s="";
+				echo "$r->firstname $r->lastname {$s}&lt;$r->email&gt;<br />";
+			}
+		}
+
+	exit;
 }
 
- include "communication.inc.php";
 
  if($_GET['action']=="sendqueue") {
 	$fcid=intval($_POST['fundraising_campaigns_id']);
@@ -684,6 +698,12 @@ case "email_get_list":
 	$urllogin = "$urlmain/login.php";
 	while($r=mysql_fetch_object($recipq)) {
 		$u=user_load_by_uid($r->users_uid);
+
+		//we only send school access codes to science heads or principals
+		$acq=mysql_query("SELECT accesscode FROM schools WHERE (sciencehead_uid='{$u['uid']}' OR principal_uid='{$u['uid']}') AND `year`='{$config['FAIRYEAR']}'");
+		$acr=mysql_fetch_object($acq);
+		$accesscode=$acr->accesscode;
+
 		$replacements=array(
 					"FAIRNAME"=>$config['fairname'],
 					"SALUTATION"=>$u['salutation'],
@@ -694,6 +714,7 @@ case "email_get_list":
 					"ORGANIZATION"=>$u['sponsor']['organization'],
 					"URLMAIN"=>$urlmain,
 					"URLLOGIN"=>$urllogin,
+					"ACCESSCODE"=>$accesscode,
 					);
 
 		if($u['email'] && $u['email'][0] != '*') {
@@ -718,6 +739,23 @@ case "email_get_list":
             "communication"
 			);
  echo "<br />";
+ ?>
+ <script type="text/javascript">
+ function toggleAddresses() {
+	 if($("#toaddresses").is(":visible")) {
+		 $("#toaddresses").hide();
+		 $("#toaddresses-view").html("Show Recipients");
+	 } else {
+		 $("#toaddresses").show();
+		 $("#toaddresses-view").html("Hide Recipients");
+	 }
+	 return false;
+ }
+ function loadAddresses() {
+	 $("#toaddresses").load("communication.php?action=loadaddresses&query="+$("#to").val());
+ }
+ </script>
+ <?
 
  if($_GET['action']=="delete" && $_GET['delete']) {
  	mysql_query("DELETE FROM emails WHERE id='".$_GET['delete']."' AND `type`='user'");
@@ -725,6 +763,7 @@ case "email_get_list":
  }
 
 	if($_GET['action']=="send" && $_GET['send']) {
+		echo mysql_error();
 		$q=mysql_query("SELECT * FROM emails WHERE id='".$_GET['send']."'");
 		$r=mysql_fetch_object($q);
 
@@ -735,7 +774,7 @@ case "email_get_list":
 		echo "<table cellspacing=0 cellpadding=3 border=1>";
 		echo "<tr><td><b>From:</b></td><td>".htmlspecialchars($r->from)."</td></tr>";
 		echo "<tr><td><b>To:</b></td><td>";
-		echo "<select name=\"to\">";
+		echo "<select name=\"to\" id=\"to\" onchange=\"loadAddresses();\">";
 		echo " <option value=\"\">Choose Email Recipients</option>";
 		$str="";
 		foreach($mailqueries AS $k=>$mq) {
@@ -752,6 +791,8 @@ case "email_get_list":
 			echo " <option value=\"$k\">".i18n($mq['name'])." (".i18n("%1 recipients",array($num),array("number")).")</option>";
 		}
 		echo "</select>";
+		echo "<div id=\"toaddresses-view-wrapper\"><a href=\"#\" onclick=\"return toggleAddresses()\"><span id=\"toaddresses-view\">View Recipients</span></a></div>";
+		echo "<div id=\"toaddresses\" style=\"width: 100%; height: 300px; overflow: auto; border: 1px solid grey; background-color: #FFFFFF; display: none;\">empty</div>";
 		echo "</td></tr>";
 		echo "<tr><td><b>Date:</b></td><td>".date("r")."</td></tr>";
 		echo "<tr><td><b>Subject:</b></td><td>".htmlspecialchars($r->subject)."</td></tr>";
@@ -762,7 +803,7 @@ case "email_get_list":
 			$body=nl2br(htmlspecialchars($r->body));
 		}
 
-		echo "<tr><td colspan=2>".$body."</td></tr>";
+		echo "<tr><td colspan=2>".$body."<br />(".mb_detect_encoding($body).")</td></tr>";
 
 		echo "</table>";
 
@@ -835,9 +876,17 @@ case "email_get_list":
 							"ORGANIZATION"=>$r->organization,
 							"URLMAIN"=>$urlmain,
 							"URLLOGIN"=>$urllogin,
+							"ACCESSCODE"=>"unknown",
 							);
 			}
 			if($u) {
+
+				//we only send school access codes to science heads or principals
+				$acq=mysql_query("SELECT accesscode FROM schools WHERE (sciencehead_uid='{$u['uid']}' OR principal_uid='{$u['uid']}') AND `year`='{$config['FAIRYEAR']}'");
+				echo mysql_error();
+				$acr=mysql_fetch_object($acq);
+				$accesscode=$acr->accesscode;
+
 				$replacements=array(
 							"FAIRNAME"=>$config['fairname'],
 							"SALUTATION"=>$u['salutation'],
@@ -848,6 +897,7 @@ case "email_get_list":
 							"ORGANIZATION"=>$u['sponsor']['organization'],
 							"URLMAIN"=>$urlmain,
 							"URLLOGIN"=>$urllogin,
+							"ACCESSCODE"=>$accesscode,
 							);
 
 				$toname=$u['name'];

admin/curl.inc.php

@@ -94,7 +94,7 @@
 	curl_setopt ($ch, CURLOPT_POST, 1);  /// tell it to make a POST, not a GET
 	curl_setopt ($ch, CURLOPT_POSTFIELDS, "$var=".urlencode($str));  /// put the query string here starting with "?"
 	curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1); /// This allows the output to be set into a variable $datastream
-	curl_setopt ($ch, CURLOPT_POSTFIELDSIZE, 0);
+//	curl_setopt ($ch, CURLOPT_POSTFIELDSIZE, 0);
 	curl_setopt ($ch, CURLOPT_TIMEOUT, 360);
 	curl_setopt ($ch, CURLOPT_SSLVERSION, 3);
 	curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, false);

admin/index.php

@@ -26,12 +26,15 @@
  require_once("../user.inc.php");
  require_once("../committee.inc.php");
 
+
  user_auth_required('committee','admin');
 
  send_header("Administration",
  	array('Committee Main' => 'committee_main.php'),
 	"administration");
 
+
+
  echo "<table class=\"adminconfigtable\">";
  echo " <tr>";
  echo "  <td><a href=\"registration.php\">".theme_icon("participant_registration")."<br />".i18n("Participant Registration")."</a></td>";
@@ -77,13 +80,13 @@
  echo "<hr />";
  echo "<table class=\"adminconfigtable\">";
  echo " <tr>";
- if($config['score_entry_enable'] == 'yes') {
-	echo "<td><a href=\"judging_score_entry.php\">".theme_icon("judging_score_entry")."<br />".i18n("Judging Score Entry")."</a></td>";
- }
  echo "  <td><a href=\"winners.php\">".theme_icon("enter_winning_projects")."<br />".i18n("Enter Winning Projects")."</a></td>";
  echo "  <td><a href=\"cwsfregister.php\">".theme_icon("one-click_cwsf_registration")."<br />".i18n("One-Click CWSF Registration")."</a></td>";
  echo "  <td><a href=\"fair_stats.php\">".theme_icon("fair_stats")."<br />".i18n("Upload Fair Statistics")."</a></td>";
  echo "  <td><a href=\"user_list.php?show_types[]=fair\">".theme_icon("sciencefair_management")."<br />".i18n("Feeder/Upstream Fair Management")."</a></td>";
+if($config['score_entry_enable'] == 'yes') {
+ echo "<td><a href=\"judging_score_entry.php\">".theme_icon("judging_score_entry")."<br />".i18n("Judging Score Entry")."</a></td>";
+ }
  echo " </tr>\n";
  echo "</table>\n";
  echo "<hr />";
@@ -93,7 +96,10 @@
  echo "  <td><a href=\"documents.php\">".theme_icon("internal_document_management")."<br />".i18n("Internal Document Management")."</a></td>";
  echo "  <td><a href=\"cms.php\">".theme_icon("website_content_management")."<br />".i18n("Website Content Management")."</a></td>";
  echo "  <td><a href=\"fundraising.php\">".theme_icon("fundraising")."<br />".i18n("Fundraising")."</a></td>";
- echo "  <td></td>";
+ if($config['score_entry_enable'] == 'yes') {
+ echo "<td><a href=\"../plugins/evaluations/index.php\">".theme_icon("judging_score_entry")."<br />".i18n("Evaluations Plugin")."</a></td>"; 
+ }
+ //echo "  <td><a href=\"../plugins/evaluations/index.php\">Go To Evaluations</a></td>";
  echo " </tr>\n";
  echo "</table>\n";
 

admin/judges.inc.php

@@ -88,7 +88,7 @@ function getJudgingTeams()
 			FROM judges_teams_timeslots_projects_link 
 			LEFT JOIN projects ON judges_teams_timeslots_projects_link.projects_id=projects.id
 			WHERE judges_teams_timeslots_projects_link.year='{$config['FAIRYEAR']}' AND
-			judges_teams_id='$r->id' ");
+			judges_teams_id='$r->id' AND language!='' ");
 		echo mysql_error();
 		$projectlangs=array();
 		while($lr=mysql_fetch_object($lq)) {

admin/judges_info.php

@@ -43,8 +43,8 @@ $preferencechoices=array(
 $id = intval($_GET['id']);
 $judgeinfo = user_load($id);
 
-echo '<div style="text-align:center; padding: 5px;">';
 send_popup_header("Judge Information");
+echo '<div style="text-align:center; padding: 5px;">';
 
  if($id < 1) {
 	echo error(i18n("No Judge ID passed to Judges Info"));
@@ -121,7 +121,8 @@ if($config['judges_availability_enable'] == 'yes'){
 echo '<div style="text-align:left">';
 
 // is their info complete?
-$completeText = $judgeinfo['complete']=="yes" ? "Yes" : "No";
+$completeText = $judgeinfo['judge_complete']=="yes" ? "Yes" : "No";
+$activeText = $judgeinfo['judge_active']=="yes" ? "Yes" : "No";
 
 // find out if they've signed up for judging any special awards
 $specialAwardsText = "";
@@ -156,6 +157,9 @@ $catPreferenceText .= "</ul>";
 	<tr><td>
 		<ul>
 
+			<li><strong><?="Active for {$config['FAIRYEAR']}";?>: </strong>
+			<?=$activeText;?></li>
+
 			<li><strong><?="Complete for {$config['FAIRYEAR']}";?>: </strong>
 			<?=$completeText;?></li>
 

admin/judges_sa.php

@@ -3,8 +3,9 @@
    This file is part of the 'Science Fair In A Box' project
    SFIAB Website: http://www.sfiab.ca
 
-   Copyright (C) 2005 Sci-Tech Ontario Inc <info@scitechontario.org>
-   Copyright (C) 2005 James Grant <james@lightbox.org>
+   Copyright (C) 2005-2008 Sci-Tech Ontario Inc <info@scitechontario.org>
+   Copyright (C) 2008-2012 Youth Science Ontario <info@youthscienceontario.ca>
+   Copyright (C) 2005-2012 James Grant <james@lightbox.org>
 
    This program is free software; you can redistribute it and/or
    modify it under the terms of the GNU General Public
@@ -29,6 +30,12 @@
  require_once('judges.inc.php');
  require_once('anneal.inc.php');
 
+// INFO ONLY:  Re Windows OS.   I have not found a test that works for both methods of starting this
+// SERVER_ADDR is Always null in Windows OS   IIS server
+// when I launch using judges_sa_launcher_apache.php  I could test using SERVER_NAME
+// However when I Launch using $WshShell->run($bat_filename,0,false ); for Windows IIS it seems:
+// All the $_SERVER variables are set as if were a website page so any variable I have tried will cause a bailout
+// THUS..   There is no test I have found to verify this was run from the command line (or in background) for Windows
 if($_SERVER['SERVER_ADDR']) {
 	echo "This script must be run from the command line";
 	exit;
@@ -139,15 +146,18 @@ function judges_cost_function($annealer, $bucket_id, $ids)
 		for($y=0; $y < count($t['cats']); $y++) {
 			$l = $t['cats'][$y];
 			/* Lookup the judge cat pref for this category */
-			$pref = -$j['catprefs'][$l] + 2;
+			$pref = -$j['cat_prefs'][$l] + 2;
 			/* $pref = 0 (best match) --- 4 (worst match) */
+			//but wait, if they're "indifferent" then we really dont care, so the cost for it shoudl be 0.
+			if($pref==2) $pref=0;
+
 			$cpref += $pref;
 		}
 		$dpref = 0;
 		for($y=0; $y < count($t['divs']); $y++) {
 			$l = $t['divs'][$y];
 			/* Lookup the judge cat pref for this category */
-			$pref = -$j['divprefs'][$l] + 2;
+			$pref = -$j['div_prefs'][$l] + 5;
 			/* $pref = 0 (best match) --- 4 (worst match) */
 			$dpref += $pref;
 		}
@@ -326,11 +336,22 @@ function pr_judge(&$jt, $jid)
 	print("(");
 	foreach($jt['cats'] as $c)
 		print("c{$c}={$j['cat_prefs'][$c]} ");
+	echo " / ";
+	foreach($j['cat_prefs'] AS $k=>$v) {
+		print("c{$k}=$v ");
+	}
+	echo ") (";
+
 	foreach($jt['divs'] as $d)
 		print("d{$d}={$j['div_prefs'][$d]} ");
 
+	echo " / ";
+	foreach($j['div_prefs'] AS $k=>$v) {
+		print("d{$k}=$v ");
+	}
+
 	print(")");
-	if($j['willing_chair'] == 'yes') print(" (chair) ");
+	if($j['willing_chair'] == 'yes') print(" chair ");
 
 	print("\n");
 }	
@@ -737,7 +758,7 @@ for($x=1;$x<count($jteam); $x++) {
 	asort($t['cats']);
 	asort($t['divs']);
 
-	print("langs=($langstr)");
+	print("langs=($langstr) ");
 	print("cats=(");
 	$catstr="";
 
@@ -750,7 +771,7 @@ for($x=1;$x<count($jteam); $x++) {
 	            $first=false;
         	}
 	}
-	print(")divs=(");
+	print(") divs=(");
 	$divstr="";
 	if(count($t['divs'])) {
 		$first=true;
@@ -1022,11 +1043,12 @@ if($config['scheduler_enable_sa_scheduling'] == 'yes') {
 	$required_judges = 0;
 	while($i = mysql_fetch_object($r)) {
 		$projects = getProjectsNominatedForSpecialAward($i->id);
+		$languages = getLanguagesOfProjectsNominatedForSpecialAward($i->id);
 
 		/* Construct an internal team for annealing, and create
 		 * a DB team too */
 		$sa_jteam[$x]['num'] = next_judges_teams_number();
-		$sa_jteam[$x]['id'] = judge_team_create($sa_jteam[$x]['num'], $i->name);
+		$sa_jteam[$x]['id'] = judge_team_create($sa_jteam[$x]['num'], $i->name." (".implode(" ",$languages).")");
 		/* Note, we use $x instead of the ID, because the DB id could be zero. */
 		$sa_jteam[$x]['projects'] = $projects;
 		$sa_jteam[$x]['round'] = NULL;

admin/judges_sa_launcher.php

@@ -6,10 +6,54 @@ if(!file_exists("../data/logs"))
 
  if(!file_exists("../data/logs/.htaccess"))
  	@file_put_contents("../data/logs/.htaccess","Order Deny,Allow\r\nDeny From All\r\n");
-
+//   Check which OS we are running
+$pos = strpos(getcwd(),'/');
+if($pos === false)
+	{
+	// Windows os server. 
+	// if IIS Web Server use WScript.Shell 'run' command and.. we need a batch file to start a process and return immediately
+	$bat_filename = "../data/judges_sa.bat";
+	if(file_exists($bat_filename)){
+	// delete the batch file then re-create it with the current date
+	unlink($bat_filename);
+	}
+	$bat_file = fopen($bat_filename, "w");
+	if($bat_file) {
+      	fwrite($bat_file, "ECHO OFF"."\n");
+        fwrite($bat_file, "START /BELOWNORMAL /B php judges_sa.php >../data/logs/judge_scheduler_".date("YmdHis").".log 2>&1 &"."\n");
+        fwrite($bat_file, "EXIT"."\n");
+  	 	fclose($bat_file);
+	}
+	$WshShell = new COM("WScript.Shell");
+	//  next line designed for Windows os with IIS web server. It will probably fail if Windows using apache web server
+	try {
+		$oExec = $WshShell->run($bat_filename,0,false );     // THIS SHOULD WORK for windows using IIS as webserver. 
+	}
+	catch (Exception $e) {
+		//  if the wshshell-> run fails then we are perhaps running an apache server and the next might work.
+		//  But, the call in judges_sa_launcher_apache.php does not return until completed so I use this logic
+		//  to inform the user how to get to the status page.
+		//	CAUTION:  This path REQUIRES that php be compiled with CLI option and other things Dennis does not understand!
+		//  This may work for some servers.    NEVER use this on a shared server - you will hog it and get your account suspended.
+		echo " This server requires manual intervention to start the scheduler and to navigate to the Status page.<br/>";
+		echo " The scheduler will run at normal priority - which in some servers may present a sluggish response.<br />";
+		echo " Please follow these instruction exactly:<br />";
+		echo " 1. Click 'Start the Scheduler' link ONCE. (You will not see any change in this screen) <br />";
+		echo "       *** DO NOT Click 'Start the Scheduler' more than once!<br />";
+		echo " 2. Click 'Check the Status' link and wait. (You will be taken to the Status Page. There, you should see that the scheduler is running.) <br />";
+		echo "<br /><a href=\"judges_sa_launcher_apache.php\">Start the Scheduler</a><br /><br />";
+		echo "<a href=\"judges_scheduler_status.php\">Check the Status</a><br />";
+		exit;
+	 // This is the call that works - but it does not return until judges_sa is finished so... I launch it from another window
+		//	exec("php judges_sa.php >../data/logs/judge_scheduler_".date("YmdHis").".log 2>&1 &");
+	}
+}
+else{
+	// *nix server
 //add PHP_SELF just so when we do a process listing on the server we know which fair its running for
 //the argument does not get used by the script at all
 exec("nice php judges_sa.php {$_SERVER['PHP_SELF']} >../data/logs/judge_scheduler_".date("YmdHis").".log 2>&1 &");
+}
 usleep(1500000); // 1.5 second to allow the judges_sa to update the % status to 0% otherwise the status page will think its not running if it gets there too soon
 header("Location: judges_scheduler_status.php");
 exit;

admin/judges_sa_launcher_apache.php

@@ -0,0 +1,6 @@
+<?php
+//  In Windows OS with Apache server this exec call will start judges_sa.php as a separate process but the call to exec() does not return until the scheduler completes. Note the process runs at normal priority. Status can be checked with judges_scheduler_status.php. This is a temporary solution for Windows / Apache
+exec("php judges_sa.php >../data/logs/judge_scheduler_".date("YmdHis").".log 2>&1 &");
+exit;
+?>
+

admin/judges_scheduler_status.php

@@ -151,6 +151,7 @@ echo "<br />";
 echo "<a href=\"reports.php\">".i18n("Print/Export Reports")."</a>";
 echo "<br />";
 echo "<br />";
+echo "Note: If you are using Windows Internet Explorer and do not see status updates do this:<br /> Click menu bar 'Tools' then 'Internet Options'.<br /> In the 'General' Tab under 'Browsing history' click 'Settings'.<br /> Under 'Check for newer versions of stored pages:'<br /> Select the option 'Every time I visit the webpage'.<br /> Click OK then OK"; 
 }
  send_footer();
 

admin/judges_scheduler_status_output.php

@@ -1,6 +1,6 @@
 <?
 include "../data/config.inc.php";
-mysql_connect($DBHOST,$DBUSER,$DBPASS);
+mysql_connect($DBHOST,substr($DBUSER,0,16),$DBPASS);
 mysql_select_db($DBNAME);
 $q=mysql_query("SELECT val FROM config WHERE year='0' AND var='judge_scheduler_percent'");
 $r=mysql_fetch_object($q);

admin/judges_schedulerconfig_check.inc.php

@@ -169,7 +169,7 @@ function judges_scheduler_check_judges()
 			}
 
 			echo "<tr><td>Judging Division Group $jdiv_id</td>";
-			echo "<td align=\"center\">$c</td>";
+			echo "<td align=\"center\">{$jd['num_projects']['total']}</td>";
 			$langstr="";
 			foreach($config['languages'] AS $lkey=>$lname) {
 				$clang=($jd['num_projects'][$lkey]?$jd['num_projects'][$lkey]:0);

admin/judges_teams.php

@@ -205,17 +205,29 @@
 						award_types_order, 
 						award_awards.order,
 						name");
-			$num=1;
-			while($r=mysql_fetch_object($q))
-			{
+
+			//startat
+			$q2=mysql_query("SELECT MAX(num) AS lastnum FROM judges_teams WHERE year='{$config['FAIRYEAR']}'");
+			$r2=mysql_fetch_object($q2);
+			if($r2->lastnum)
+				$num=$r2->lastnum+1;
+			else
+				$num=1;
+
+			while($r=mysql_fetch_object($q)) {
 //				print_r($r);
 				$name=mysql_escape_string("($r->award_type) $r->name");
 				mysql_query("INSERT INTO judges_teams(num,name,autocreate_type_id,year) VALUES ('$num','$name','$r->award_types_id','".$config['FAIRYEAR']."')");
 				echo mysql_error();
 				$team_id=mysql_insert_id();
-				//now link the new team to the award
-				mysql_query("INSERT INTO judges_teams_awards_link (award_awards_id,judges_teams_id,year) VALUES ('$r->id','$team_id','".$config['FAIRYEAR']."')");
-				message_push(happy(i18n("Created team #%1: %2",array($num,$name))));
+				if($team_id) {
+					//now link the new team to the award
+					mysql_query("INSERT INTO judges_teams_awards_link (award_awards_id,judges_teams_id,year) VALUES ('$r->id','$team_id','".$config['FAIRYEAR']."')");
+					message_push(happy(i18n("Created team #%1: %2",array($num,$name))));
+				}
+				else {
+					message_push(error(i18n("Error creating team #%1: %2",array($num,$name))));
+				}
 				$num++;
 			}
 		}
@@ -365,15 +377,7 @@ function addclicked()
 		echo "<br />";
 
 		$teams=getJudgingTeams();
-		//print_r($teams);
-
-		if(!count($teams))
-		{
-			echo "<a href=\"judges_teams.php?action=createall\">".i18n("Automatically create one new team for every non-divisional award")."</a><br />";
-			echo "<a href=\"judges_teams.php?action=add&num=1\">".i18n("Manually add individual team")."</a><br />";
-		}
-		else
-		{
+		if(count($teams)) {
 			//grab an array of all the current team numbers
 			foreach($teams AS $team)
 				$teamnumbers[$team['num']]=1;
@@ -384,12 +388,23 @@ function addclicked()
 			{
 				$newteamnum++;
 			}
+		}
 
+		//print_r($teams);
+
+		echo "<table width=\"95%\">";
+		echo "<tr><td>";
+		$q=mysql_query("SELECT COUNT(*) AS c FROM judges_teams WHERE autocreate_type_id!='1' AND year='".$config['FAIRYEAR']."'");
+		$r=mysql_fetch_object($q);
+		if(!$r->c) {
+			echo "<a href=\"judges_teams.php?action=createall\">".i18n("Automatically create one new team for every non-divisional award")."</a><br />";
+		}
+		echo "<a href=\"judges_teams.php?action=add&num=$newteamnum\">".i18n("Manually add individual team")."</a><br />";
+		echo "</td><td>";
+
+		if(count($teams)) 
+		{
 
-			echo "<table width=\"95%\">";
-			echo "<tr><td>";
-			echo "<a href=\"judges_teams.php?action=add&num=$newteamnum\">Add individual team</a><br />";
-			echo "</td><td>";
 			echo "<a onclick=\"return confirmClick('".i18n("Are you sure you want to delete all teams that are assigned to divisional awards?")."')\" href=\"judges_teams.php?action=deletealldivisional\">Delete all teams assigned to divisional awards</a>";
 			echo "<br />";
 			echo "<a onclick=\"return confirmClick('".i18n("Are you sure you want to delete all teams?")."')\" href=\"judges_teams.php?action=deleteall\">Delete all teams</a><br />";
@@ -436,6 +451,9 @@ function addclicked()
 			echo "<script type=\"text/javascript\">$('.summarytable').tablesorter();</script>";
 			echo "<br />";
 		}
+		else {
+			echo "</td></tr></table>";
+		}
 	}
 	send_footer();
 

admin/judges_teams_members.php

@@ -106,8 +106,7 @@ jQuery(document).ready(function(){
 </script>
 <?
 
-	if($_POST['action']=="add" && $_POST['team_num'] && count($_POST['judgelist'])>0)
-	{
+	if($_POST['action']=="add" && $_POST['team_num'] && count($_POST['judgelist'])>0) {
 		//first check if this team exists.
 		$q=mysql_query("SELECT id,name FROM judges_teams WHERE num='".$_POST['team_num']."' AND year='".$config['FAIRYEAR']."'");
 		if(mysql_num_rows($q))
@@ -125,18 +124,15 @@ jQuery(document).ready(function(){
 		}
 		$added=0;
 
-		foreach($_POST['judgelist'] AS $selectedjudge)
-		{
+		foreach($_POST['judgelist'] AS $selectedjudge) {
 			//before we insert them, we need to make sure they dont already belong to this team.  We can not have the same judge assigned to the same team multiple times.
 
 			$q=mysql_query("SELECT * FROM judges_teams_link WHERE users_id='$selectedjudge' AND judges_teams_id='$team_id'");
-			if(mysql_num_rows($q))
-			{
+			if(mysql_num_rows($q)) {
 				echo notice(i18n("Judge (%1) already belongs to judging team: %2",array($selectedjudge,$team_name)));
 
 			}
-			else
-			{
+			else {
 				//lets make the first one we add a captain, the rest, non-captains :)
 				mysql_query("INSERT INTO judges_teams_link (users_id,judges_teams_id,captain,year) VALUES ('$selectedjudge','$team_id','$captain','".$config['FAIRYEAR']."')");	
 				$added++;
@@ -231,6 +227,59 @@ jQuery(document).ready(function(){
 		}
 	}
 
+	if($_GET['action']=="autoassignspecial") {
+
+		/* Load all the judges (judge_complete=yes, deleted=no, year=fairyear) */
+		$judgelist = judges_load_all();
+
+		/* Load all the teams */
+		$teams = array();
+		$q = mysql_query("SELECT * FROM judges_teams WHERE year='{$config['FAIRYEAR']}'");
+		while($i = mysql_fetch_assoc($q)) {
+			$teams[$i['id']] = $i;
+		}
+
+		/* And the links */
+		$links = array();
+		$q = mysql_query("SELECT * FROM judges_teams_link WHERE year='{$config['FAIRYEAR']}'");
+		while($i = mysql_fetch_assoc($q)) {
+			$judgelist[$i['users_id']]['teams_links'][] = $i;
+		}
+
+		$jlist = array();
+
+		/* Remove all judges that have a link */
+		foreach($judgelist as $j) {
+			if(count($j['teams_links']) == 0 && $j['special_award_only']=="yes") 
+				$jlist[] = $j['id'];
+		}
+		echo "We have ".count($jlist)." special awards judges to assign";
+		foreach($jlist AS $jid) {
+			$j=$judgelist[$jid];
+			if(is_array($j['special_award_selected']) && count($j['special_award_selected'])) {
+				//assing them to ALL teams for ALL awards
+				foreach($j['special_award_selected'] AS $awardid) {
+					echo "Looking for a team for award $awardid <br />";
+					//find the award id linked to a team
+					$q=mysql_query("SELECT * FROM judges_teams_awards_link WHERE award_awards_id='{$awardid}' AND year='{$config['FAIRYEAR']}'");
+					if(mysql_num_rows($q)) {
+						while($r=mysql_fetch_object($q)) {
+							mysql_query("INSERT INTO judges_teams_link (users_id,judges_teams_id,captain,year) VALUES ('$jid','$r->judges_teams_id','yes','{$config['FAIRYEAR']}')");
+							echo happy(i18n("%1 %2 to their special award(s) team(s)",array($j['firstname'],$j['lastname'])));
+						}
+					}
+					else {
+						echo error(i18n("%1 %2 not assigned - No team found that is judging award id %1",array($awardid)));
+					}
+				}
+			}
+			else {
+				echo error(i18n("%1 %2 has indicated special awards only, but didnt selected any awards",array($j['firstname'],$j['lastname'])));
+			}
+
+		}
+	}
+
 	if(!$_SESSION['viewstate']['judges_teams_list_show'])
 		$_SESSION['viewstate']['judges_teams_list_show']='unassigned';
 	//now update the judges_teams_list_show viewstate
@@ -303,12 +352,19 @@ jQuery(document).ready(function(){
 
 	foreach($jlist as $jid) {
 		$u = &$judgelist[$jid];
-		if($u['firstname'] && $u['lastname'])
-			echo "<option value=\"$jid\">{$u['firstname']} {$u['lastname']} (" . implode(' ', $u['languages']) . ")</option>\n";
+		if($u['firstname'] && $u['lastname']) {
+			if($u['special_award_only']=='yes') {
+				$sp="[sp] ";
+			}
+			else $sp="";
+			echo "<option value=\"$jid\">{$sp}{$u['firstname']} {$u['lastname']} (" . implode(' ', $u['languages']) . ")</option>\n";
+		}
 	}
 	unset($u);
 
 	echo "</select>";
+	echo "<br />";
+	echo "<a href=\"judges_teams_members.php?action=autoassignspecial\">Auto-Assign Special Awards Judges to Special Awards Teams</a>\n";
 	echo "</td>";
 	echo "<td valign=\"top\">";
 
@@ -322,6 +378,7 @@ jQuery(document).ready(function(){
 		echo "<input onclick=\"addbuttonclicked('".$team['num']."')\" type=\"button\" value=\"Add &gt;&gt;\">";
 		echo "</td><td>";
 
+
 		echo "<table width=\"100%\">\n";
 		echo "<tr><th colspan=\"2\" align=\"left\">#".$team['num'].": ";
 		echo $team['name'];
@@ -336,18 +393,40 @@ jQuery(document).ready(function(){
 			foreach($team['members'] AS $member) {
 				$j = &$judgelist[$member['id']];
 				echo "<tr><td>";
+				/*
+				if($team['num']=="89") {
+					echo "<pre>";
+					print_r($team);
+					print_r($j);
+					echo "</pre>";
+				}
+				*/
 
 				$langerr=false;
+				$judgeerr=false;
 				foreach($team['languages'] AS $teamlang) {
-					if(!in_array($teamlang,$j['languages'])) {
+					if(is_array($j['languages'])) {
+						if(!in_array($teamlang,$j['languages'])) {
+							$langerr=true;
+							break;
+						}
+					} else {
 						$langerr=true;
-						break;
 					}
 				}
 
+				if(!$j['id']) {
+					$judgeerr=true;
+				}
+
 				echo "<a onclick=\"return confirmClick('Are you sure you want to remove this judge from this team?')\" href=\"judges_teams_members.php?action=del&team_id=".$team['id']."&team_num=".$team['num']."&users_id=".$member['id']."&team_name=".rawurlencode($team['name'])."\"><img border=0 src=\"".$config['SFIABDIRECTORY']."/images/16/button_cancel.".$config['icon_extension']."\"></a>";
 				echo "</td><td width=\"100%\">";
-				if($langerr) echo "<span class=\"error\" style=\"width: 100%; display: block;\">";
+				if($langerr || $judgeerr) echo "<span class=\"error\" style=\"width: 100%; display: block;\">";
+				if($judgeerr) {
+					echo "ERROR: this judge is assigned to the team, but they are not an active/complete judge! <br />";
+				}
+
+
 				if($member['captain']=="yes") {
 					echo "<a title=\"Captain - Click to remove captain status\" href=\"judges_teams_members.php?action=removecaptain&team_id=".$team['id']."&judge_id=".$member['id']."\">";
 					echo "<img border=0 src=\"".$config['SFIABDIRECTORY']."/images/16/bookmark.".$config['icon_extension']."\">";
@@ -366,7 +445,7 @@ jQuery(document).ready(function(){
 					$l = is_array($j['languages']) ? join(' ',$j['languages']) : '';
 
 				echo "</a>&nbsp;<span style=\"font-size: 1.0em;\">($l)</span>\n";
-				if($langerr) echo "</span>\n";
+				if($langerr || $judgeerr) echo "</span>\n";
 				echo "</td></tr>";
 			}
 
@@ -394,7 +473,7 @@ jQuery(document).ready(function(){
 	echo "</td></tr>";
 	echo "</table>";
 	echo "</form>";
-	echo '<div id="infodiv" style="background-color: #DDF; border:solid;'
+	echo '<div id="infodiv" style="font-size: 1.2em; background-color: #DDF; border:solid;'
 		. ' border-width:1px;'
 		. ' border-color: #000;'
 		. ' position:absolute;'

admin/judges_teams_projects.php

@@ -419,7 +419,7 @@ if( ($action=="edit" || $action=="assign" ) && $edit)
 
 				echo "$proj->projectnumber - $proj->title ($proj->language)";
 
-                if(!in_array($proj->language,$team['languages'])) 
+                if(!in_array($proj->language,$team['languages_members'])) 
                     echo "</span>\n";
                 echo "<br />";
 			}

admin/judging_score_edit.php

@@ -47,6 +47,9 @@
                          } else {
                                  $score = mysql_real_escape_string($score);
                          }
+						 if($score >100.00) {
+							$score_error = "*** ERROR **** You entered a value greater than 100.00";							
+						 }
 		 mysql_query("UPDATE judges_teams_timeslots_projects_link 
 				 					SET score=" . $score . 
 			          " WHERE judges_teams_id = " . mysql_real_escape_string($_POST["team_" . $curr_team . "_id"]) . 
@@ -60,6 +63,10 @@
   ?>
 <?
 if($project_id) {
+$q=mysql_query("SELECT * FROM projects WHERE projects.id = '".$project_id."'");
+$r=mysql_fetch_object($q);
+$project_number = $r->projectnumber;
+$project_title = $r->title;
 $q=mysql_query("SELECT * FROM projectcategories WHERE year='$year' ORDER BY id");
 while($r=mysql_fetch_object($q))
 	$cats[$r->id]=$r->category;
@@ -76,7 +83,10 @@ $q=mysql_query("SELECT * FROM projectdivisions WHERE year='$year' ORDER BY id");
 									     AND projects_id = ".mysql_real_escape_string($project_id)." ORDER BY judges_teams_id"
 								);
 	echo mysql_error();
-
+    echo "Project# ".$project_number."  ".$project_title."<br />";
+	if ($score_error != "") {
+	echo $score_error."<br />";	
+	}
 	echo "<form action=\"judging_score_edit.php\" method=\"post\">";
 	echo "<input type=\"hidden\" name=\"score_count\" value=\"" . mysql_num_rows($q) . "\"/>";
 	echo "<input type=\"hidden\" name=\"projectid\" value=\"$project_id\"/>";
@@ -108,7 +118,7 @@ $q=mysql_query("SELECT * FROM projectdivisions WHERE year='$year' ORDER BY id");
 		}
 		echo "\n</td>\n";
 		echo "<td style=\"vertical-align: middle; text-align: center\">\n";
-		echo "<input type=\"text\" size=\"3\" maxlength=\"3\" name=\"team_" . $i . "_score\" value=\"$r->score\"/>\n";
+		echo "<input type=\"text\" size=\"5\" maxlength=\"5\" name=\"team_" . $i . "_score\" value=\"$r->score\"/>\n";
 		echo "</td>\n";
 		echo "</tr>\n";
 		$i++;

admin/project_editor.php

@@ -20,6 +20,11 @@
    the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
    Boston, MA 02111-1307, USA.
 */
+
+// This file was modified Jan of 2014 by Richard Sin
+// Project type has been added and can be toggled by configuration.
+// Feedback box also has been added for flagging purposes
+
 ?>
 <?
 require_once('../common.inc.php');
@@ -106,6 +111,20 @@ function project_save()
 	else
 		$summarycountok=1;
 
+	//check if it is flagged then update it
+
+	if(empty($_POST['feedback'])) {
+		mysql_query("UPDATE projects SET ".
+			"flagged='0'".
+			"WHERE id='".intval($_POST['id'])."'");
+	} else {
+		mysql_query("UPDATE projects SET ".
+			"flagged='1'".
+			"WHERE id='".intval($_POST['id'])."'");
+	}
+	echo mysql_error();
+	happy_("Flagging process successfully updated");
+	
 	if($config['participant_project_title_charmax'] && strlen(stripslashes($_POST['title']))>$config['participant_project_title_charmax']) {  //0 for no limit, eg 255 database field limit 
 		$title=substr(stripslashes($_POST['title']),0,$config['participant_project_title_charmax']);
 		error_("Project title truncated to %1 characters",array($config['participant_project_title_charmax']));
@@ -115,12 +134,16 @@ function project_save()
 	mysql_query("UPDATE projects SET ".
 			"title='".mysql_escape_string(iconv("UTF-8","ISO-8859-1//TRANSLIT",$title))."', ".
 			"projectdivisions_id='".intval($_POST['projectdivisions_id'])."', ".
+			"projecttype='".mysql_escape_string(stripslashes($_POST['projecttype']))."', ".
 			"language='".mysql_escape_string(stripslashes($_POST['language']))."', ".
 			"req_table='".mysql_escape_string(stripslashes($_POST['req_table']))."', ".
 			"req_electricity='".mysql_escape_string(stripslashes($_POST['req_electricity']))."', ".
 			"req_special='".mysql_escape_string(iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['req_special'])))."', ".
+			"human_participants='".mysql_escape_string(stripslashes($_POST['human_participants']))."', ".
+			"animal_participants='".mysql_escape_string(stripslashes($_POST['animal_participants']))."', ".
 			"summary='".mysql_escape_string(iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['summary'])))."', ".
 			"summarycountok='$summarycountok',".
+			"feedback='".mysql_escape_string(iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['feedback'])))."', ".
 			"projectsort='".mysql_escape_string(stripslashes($_POST['projectsort']))."'".
 			"WHERE id='".intval($_POST['id'])."'");
 			echo mysql_error();
@@ -145,7 +168,6 @@ function project_save()
 function project_load()
 {
 	global $registrations_id, $config;
-
 	//now lets find out their MAX grade, so we can pre-set the Age Category
 	$q=mysql_query("SELECT MAX(grade) AS maxgrade FROM students WHERE registrations_id='".$registrations_id."'");
 	$gradeinfo=mysql_fetch_object($q);
@@ -166,6 +188,12 @@ function project_load()
 	$q=mysql_query("SELECT * FROM projects WHERE registrations_id='".$registrations_id."' AND year='".$config['FAIRYEAR']."'");
 	//check if it exists, if we didnt find any record, lets insert one
 	$projectinfo=mysql_fetch_object($q);
+	if(!$projectinfo) {
+		mysql_query("INSERT INTO projects (registrations_id,projectcategories_id,year) VALUES ('".$registrations_id."','$projectcategories_id','".$config['FAIRYEAR']."')"); 
+		//and then pull it back out
+		$q=mysql_query("SELECT * FROM projects WHERE registrations_id='".$registrations_id."' AND year='".$config['FAIRYEAR']."'");
+		$projectinfo=mysql_fetch_object($q);
+	}
 
 	//make sure that if they changed their grade on the student page, we update their projectcategories_id accordingly
 	if($projectcategories_id && $projectinfo->projectcategories_id!=$projectcategories_id) {
@@ -207,7 +235,7 @@ function countwords()
 	<input type="hidden" name="id" value="<?=$projectinfo->id?>">
 	<table>
 	<tr>	<td><?=i18n("Project Title")?>: </td>
-		<td><input type="text" name="title" size="50" value="<?=htmlspecialchars($projectinfo->title)?>" /><?=REQUIREDFIELD?>
+		<td><input type="text" name="title" size="50" value="<?=htmlspecialchars($projectinfo->title,null,"ISO8859-1")?>" /><?=REQUIREDFIELD?>
 <?
 	if($config['participant_project_title_charmax'])
 		echo i18n("(Max %1 characters)",array($config['participant_project_title_charmax']));
@@ -220,8 +248,32 @@ function countwords()
 		</td>
 	</tr><tr>
 		<td><?=i18n("Project Sort")?>: </td>
-		<td><input type="text" name="projectsort" size="10" value="<?=$projectinfo->projectsort?>" /></td>
-	</tr><tr>
+		<td><input type="text" name="projectsort" size="10" value="<?=$projectinfo->projectsort?>" /></td></tr>
+
+<?
+if($config['project_type'] == 'yes'){
+ $q=mysql_query("SELECT * FROM projecttypes ORDER BY type");
+ echo "<tr><td>".i18n("Project Type").": </td><td>";
+ echo "<select name=\"projecttype\">\n";
+ echo "<option value=\"\">".i18n("Select a project type")."</option>\n";
+ //FIXME: need to fix the loading glitch
+ while($r=mysql_fetch_object($q))
+ {	
+ 	if($r->type == $projectinfo->projecttype)
+	{
+		$sel="selected=\"selected\"";
+	}
+	else 
+	{
+		$sel="";
+	}
+	echo "<option $sel value=\"$r->type\">".htmlspecialchars(i18n($r->type),null,"ISO8859-1")."</option>\n";
+	
+ }
+ echo "</select>".REQUIREDFIELD."</td></tr>";
+}
+?>
+	<tr>
 		<td><?=i18n("Age Category")?>: </td>
 		<td><?=i18n($agecategories[$projectcategories_id]['category'])?> (<?=i18n("Grades %1-%2",array($agecategories[$projectcategories_id]['mingrade'],$agecategories[$projectcategories_id]['maxgrade']))?>)</td>
 	</tr><tr>
@@ -240,7 +292,7 @@ function countwords()
 	echo "<option value=\"\">".i18n("Select a division")."</option>\n";
 	while($r=mysql_fetch_object($q)) {
 		if($r->id == $projectinfo->projectdivisions_id) $sel="selected=\"selected\""; else $sel="";
-		echo "<option $sel value=\"$r->id\">".htmlspecialchars(i18n($r->division))."</option>\n";
+		echo "<option $sel value=\"$r->id\">".htmlspecialchars(i18n($r->division),null,"ISO8859-1")."</option>\n";
 	}
 	echo "</select>".REQUIREDFIELD;
 
@@ -319,9 +371,36 @@ function countwords()
 
 	echo "</table>";
 
+
+	if($config['ethics_questions']=="yes")
+		// If we have set ethics questions to yes then ask the ethics questions!
+		{
+	 echo "<tr><td>".i18n("Ethics Questions").":</td><td>";
+	 	echo "<table>";
+	 	echo "<tr>";
+		echo " <td>".i18n("My project involves human participants").REQUIREDFIELD."</td>";
+		if($projectinfo->human_participants=="yes") $check="checked=\"checked\""; else $check="";
+		echo " <td><input $check type=\"radio\" name=\"human_participants\" value=\"yes\" />Yes</td>";
+		echo " <td width=\"20\">&nbsp;</td>";
+		if($projectinfo->human_participants=="no") $check="checked=\"checked\""; else $check="";
+		echo " <td><input $check type=\"radio\" name=\"human_participants\" value=\"no\" />No</td>";
+		echo "</tr>";
+
+
+		echo "<tr>";
+		echo " <td>".i18n("My project involves animals").REQUIREDFIELD."</td>";
+		if($projectinfo->animal_participants=="yes") $check="checked=\"checked\""; else $check="";
+		echo " <td><input $check type=\"radio\" name=\"animal_participants\" value=\"yes\" />Yes</td>";
+		echo " <td width=\"20\">&nbsp;</td>";
+		if($projectinfo->animal_participants=="no") $check="checked=\"checked\""; else $check="";
+		echo " <td><input $check type=\"radio\" name=\"animal_participants\" value=\"no\" />No</td>";
+		echo "</tr>";
+		echo "</table>";
+
+	}
 	echo "</td></tr>";
 
-	echo "<tr><td>".i18n("Summary").": </td><td><textarea onchange='countwords()' onkeypress='countwords()' cols=\"60\" rows=\"12\" id=\"summary\" name=\"summary\">".htmlspecialchars($projectinfo->summary)."</textarea>".REQUIREDFIELD."<br />";
+	echo "<tr><td>".i18n("Summary").": </td><td><textarea onchange='countwords()' onkeypress='countwords()' cols=\"60\" rows=\"12\" id=\"summary\" name=\"summary\">".htmlspecialchars($projectinfo->summary,null,"ISO8859-1")."</textarea>".REQUIREDFIELD."<br />";
 
 	$summarywords=preg_split("/[\s,]+/",$projectinfo->summary);
 	$summarywordcount=count($summarywords);
@@ -334,6 +413,8 @@ function countwords()
 	echo i18n("%1 words maximum",array($config['participant_project_summary_wordmax']));
 	echo "</div>";
 
+	echo"<tr><td>".i18n("Feedback").": </td><td><textarea cols=\"60\" rows=\"4\" id=\"feedback\" name=\"feedback\">".htmlspecialchars($projectinfo->feedback,null,"ISO8859-1")."</textarea><br />";
+
 ?>
 	</td></tr>
 	</table>

admin/registration.php

@@ -23,6 +23,7 @@
 ?>
 <?
  require("../common.inc.php");
+ include"../config/signaturepage_or_permissionform.php";
  require_once("../user.inc.php");
  user_auth_required('committee', 'admin');
  send_header("Participant Registration",
@@ -31,7 +32,7 @@
             "participant_registration"
 			);
  echo "<br />";
- echo "<a href=\"registration_receivedforms.php\">".i18n("Input Received Signature Forms")."</a> <br />";
+ echo "<a href=\"registration_receivedforms.php\">".i18n("Input Received $plural_participationform")."</a> <br />";
  echo "<a href=\"registration_list.php\">".i18n("Registration List and Student/Project Editor")."</a> <br />";
  echo "<a href=\"registration_stats.php\">".i18n("Registration Statistics")."</a> <br />";
  echo "<a href=\"registration_webconsent.php\">".i18n("Website Consent")."</a> <br />";

admin/registration_list.php

@@ -20,6 +20,10 @@
    the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
    Boston, MA 02111-1307, USA.
 */
+
+// This file was modified Jan of 2014 by Richard Sin
+// Flagging has been added to monitor projects with concern.
+
 ?>
 <?
  require_once('../common.inc.php');
@@ -32,12 +36,16 @@ $auth_type = user_auth_required(array('fair','committee'), 'admin');
  if($_GET['year']) $year=$_GET['year'];
  else $year=$config['FAIRYEAR'];
 
-$q=mysql_query("SELECT * FROM projectcategories WHERE year='$year' ORDER BY id");
-while($r=mysql_fetch_object($q))
+ $q = $pdo->prepare("SELECT * FROM projectcategories WHERE year='$year' ORDER BY id");
+ $q->execute();
+
+while($r=$q->fetch(PDO::FETCH_OBJ))
 	$cats[$r->id]=$r->category;
 
-$q=mysql_query("SELECT * FROM projectdivisions WHERE year='$year' ORDER BY id");
-while($r=mysql_fetch_object($q))
+$q = $pdo->prepare("SELECT * FROM projectdivisions WHERE year='$year' ORDER BY id");
+$q->execute();
+
+while($q->fetch(PDO::FETCH_OBJ))
 	$divs[$r->id]=$r->division;
 
 $action=$_GET['action'];
@@ -69,7 +77,7 @@ case 'delete':
 
 if($auth_type == 'committee') {
 	 send_header("Registration Management",
- 		array('Committee Main' => 'committee_main.php',
+	 	array('Committee Main' => 'committee_main.php',
 			'Administration' => 'admin/index.php',
 			'Participant Registration' => 'admin/registration.php')
 				);
@@ -361,6 +369,7 @@ echo  "<th>".i18n("Age Category")."</th>";
 echo  "<th>".i18n("Division")."</th>";
 echo  "<th>".i18n("School(s)")."</th>";
 echo  "<th>".i18n("Student(s)")."</th>";
+echo  "<th>".i18n("Flagged")."</th>";
 echo  "<th>".i18n("Action")."</th>";
 echo "</tr></thead>";
 
@@ -376,7 +385,7 @@ echo "<br/><br/>The statistics have moved here: <a href=\"registration_stats.php
 
 send_footer();
 
-/* Now some helper fucntions we call more than once */
+/* Now some helper functions we call more than once */
 function list_query($year, $wherestatus, $reg_id)
 {
 	global $auth_type;
@@ -397,7 +406,9 @@ function list_query($year, $wherestatus, $reg_id)
 				projects.title,
 				projects.projectnumber,
 				projects.projectcategories_id,
-				projects.projectdivisions_id
+				projects.projectdivisions_id,
+				projects.feedback,
+				projects.flagged
 			FROM
 				registrations
 				left outer join projects on projects.registrations_id=registrations.id
@@ -466,6 +477,19 @@ function print_row($r)
 
 	echo "<td $scl>$schools</td>";
 	echo "<td $scl>$students</td>";
+
+	echo "<td align=\"center\"  >";
+	if($r->flagged == false) {
+		echo "<a title=\"".i18n("Not flagged")."\" href=\"#\" onClick=\"popup_editor('{$r->reg_id}','project');\" >";
+		echo "<img src=\"".$config['SFIABDIRECTORY']."/images/16/ok.".$config['icon_extension']."\" border=0>";
+		echo "</a>";
+	}
+	else {
+		echo "<a title=\"".i18n("Flagged")."\" href=\"#\" onClick=\"popup_editor('{$r->reg_id}','project');\" >";
+		echo "<img src=\"".$config['SFIABDIRECTORY']."/images/16/flagged.".$config['icon_extension']."\" border=0>";
+		echo "</a>";
+	}
+	
 	echo "<td align=\"center\"  >";
 	if($year==$config['FAIRYEAR']) {
 		echo "<a title=\"".i18n("Delete this registration")."\" href=\"#\" onClick=\"delete_registration({$r->reg_id});return false\" >";

admin/registration_receivedforms.php

@@ -20,14 +20,19 @@
    the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
    Boston, MA 02111-1307, USA.
 */
+
+   // This file was modified March of 2015 by Sebastian Ruan
+   // Receive all button was added
+
 ?>
 <?
  require("../common.inc.php");
+ include "../config/signaturepage_or_permissionform.php";
  require_once("../user.inc.php");
  user_auth_required('committee', 'admin');
  require("../register_participants.inc.php");
 
- send_header("Input Received Signature Forms",
+ send_header("Input Received $plural_participationform",
  		array('Committee Main' => 'committee_main.php',
 			'Administration' => 'admin/index.php',
 			'Participant Registration' => 'admin/registration.php')
@@ -82,6 +87,10 @@ $showformatbottom=true;
 							projects.projectcategories_id=projectcategories.id
 							AND
 							projects.projectdivisions_id=projectdivisions.id
+							AND 
+							projectcategories.year=projects.year
+							AND
+							projectdivisions.year=projects.year
 						");
 
 echo mysql_Error();
@@ -137,7 +146,7 @@ echo mysql_Error();
 					echo "<form method=\"post\" action=\"registration_receivedforms.php\">";
 					echo "<input type=\"hidden\" name=\"registration_number\" value=\"$reg_num\" />";
 					echo "<input type=\"hidden\" name=\"action\" value=\"receivedno\" />";
-					echo "<input type=submit value=\"".i18n("No, this is the wrong form")."\" style=\"width: 400px;\"/>";
+					echo "<input type=submit value=\"".i18n("No, this is the wrong form")."\" style=\"width: 400px; height: 40px; margin: 10px;\"/>";
 					echo "</form>";
 
 					if($config['regfee']>0)
@@ -146,13 +155,13 @@ echo mysql_Error();
 						echo "<form method=\"post\" action=\"registration_receivedforms.php\">";
 						echo "<input type=\"hidden\" name=\"registration_number\" value=\"$reg_num\" />";
 						echo "<input type=\"hidden\" name=\"action\" value=\"receivedyes\" />";
-						echo "<input type=submit value=\"".i18n("Yes, right form with registration fee")."\" style=\"width: 400px;\"/>";
+						echo "<input type=submit value=\"".i18n("Yes, right form with registration fee")."\" style=\"width: 400px; height: 40px; margin: 10px;\"/>";
 						echo "</form>";
 
 						echo "<form method=\"post\" action=\"registration_receivedforms.php\">";
 						echo "<input type=\"hidden\" name=\"registration_number\" value=\"$reg_num\" />";
 						echo "<input type=\"hidden\" name=\"action\" value=\"receivedyesnocash\" />";
-						echo "<input type=submit value=\"".i18n("Yes, right form without registration fee")."\" style=\"width: 400px;\"/>";
+						echo "<input type=submit value=\"".i18n("Yes, right form without registration fee")."\" style=\"width: 400px; height: 40px; margin: 10px;\"/>";
 						echo "</form>";
 					}
 					else
@@ -160,7 +169,7 @@ echo mysql_Error();
 						echo "<form method=\"post\" action=\"registration_receivedforms.php\">";
 						echo "<input type=\"hidden\" name=\"registration_number\" value=\"$reg_num\" />";
 						echo "<input type=\"hidden\" name=\"action\" value=\"receivedyes\" />";
-						echo "<input type=submit value=\"".i18n("Yes, this is the right form")."\" style=\"width: 400px;\"/>";
+						echo "<input type=submit value=\"".i18n("Yes, this is the right form")."\" style=\"width: 400px; height: 40px; margin: 10px;\"/>";
 						echo "</form>";
 
 
@@ -287,10 +296,11 @@ echo mysql_Error();
 
 
  if($showformatbottom)
- {
+ {echo "<table>";
+	 echo "<tr><td>";
 	 echo "<form id=\"inputform\" method=\"post\" action=\"registration_receivedforms.php\">";
 	 echo "<input type=\"hidden\" name=\"action\" value=\"received\" />";
-	 echo i18n("Enter the registration number from the signature form: ")."<br />";
+	 echo i18n("Enter the registration number from the $signatureformpermissionform : ")."<br />";
 	 echo "<input id=\"registration_number\" type=\"text\" size=\"15\" name=\"registration_number\" />";
 	 echo "<input type=\"submit\" value=\"".i18n("Lookup Registration Number")."\" />";
 	 echo "</form>";
@@ -299,7 +309,154 @@ echo mysql_Error();
 	 document.forms.inputform.registration_number.focus();
 	 </script>
 	 <?
+
+	echo "<br/><br/>";
+	 echo "</td></tr><tr><td>";
+	 echo "<font size=\"2\" color=\"red\">This button does not keep track of payments</font>";
+	 echo "</td></tr><tr><td>";
+	 echo "<form method=\"post\" action=\"registration_receivedforms.php\">";
+	 echo "<input type=\"hidden\" name=\"action\" value=\"recieve_all\" />";
+	 echo "<input type=\"submit\" value=\"".i18n("Receive All")."\" onclick=\"return confirmClick('Are you sure you wish to mark all students as has having their $signatureformpermissionform received?')\" />";
+	 echo "</form>";
+	 echo "</tr></td>";
+	 echo "</table>";
+	 echo "<br>";
+	 echo i18n(" <lh>'Receive All' notes:</lh> <ul><li>The button will mark all open-status students that have completed registration as having their $signatureformpermissionform received.
+	 												    <li> Students with above status will be emailed a \"$signatureformpermissionform received\" confirmation.
+	 												    <li> Project numbers will be assigned to these students' projects.
+	 												</ul>");
  }
 
- send_footer();
-?>
+
+if ($_POST['action'] == 'recieve_all')
+{	
+	// Grab all projects that don't have project numbers. Status should therefor be open or new but not complete 
+	$query_noprojectnumber = mysql_query("SELECT * FROM projects WHERE projectnumber IS NULL AND year =".$config['FAIRYEAR']."");
+	// Define arrays to append to later
+	$completed_students = array();
+	$incomplete_students = array();
+	$newstatus_students = array();
+
+	// loop through each project that doesn't have a project number
+	while($studentproject=mysql_fetch_assoc($query_noprojectnumber))
+	{	
+		// Grab registration information about the current project
+	 	$q=mysql_query("SELECT * FROM registrations WHERE id='".$studentproject['registrations_id']."' AND year='".$config['FAIRYEAR']."'");
+		
+		$r=mysql_fetch_object($q);
+		$reg_id=$r->id;
+		$reg_num=$r->num;
+		$reg_status=$r->status;
+
+		// student has completed some or all of the registration process for their project. Let's find out which one is true
+		if ($r->status!='new')
+			{
+				//make sure all of the statuses are correct
+				$statusstudent=studentStatus($reg_id);
+				$statusemergencycontact=emergencycontactStatus($reg_id);
+				$statusproject=projectStatus($reg_id);
+				if($config['participant_mentor']=="yes")
+					$statusmentor=mentorStatus($reg_id);
+				else
+					$statusmentor="complete";
+				$statussafety=safetyStatus($reg_id);
+				$statusnamecheck=namecheckStatus($reg_id);
+
+				if(
+					$statusstudent == "complete" &&
+					$statusemergencycontact == "complete" &&
+					//S$statusproject == "complete" &&
+					$statusmentor == "complete" &&
+					$statussafety == "complete" &&
+					$statusnamecheck == "complete" &&
+					$r->status!='complete'
+					//above: project status must not be complete. If it is complete signature page/permission form has already been received.
+				) {
+				 	
+				 	// Generate project number and update it in data base
+				 	list($projectnumber,$ps,$pns,$pss) = generateProjectNumber($reg_id);
+					mysql_query("UPDATE projects SET projectnumber='$projectnumber',
+							projectsort='$ps',projectnumber_seq='$pns',projectsort_seq='$pss'
+							WHERE registrations_id='$reg_id' AND year='{$config['FAIRYEAR']}'");
+
+				//email stuff
+					//get all students with this registration number
+					//$recipients=getEmailRecipientsForRegistration($reg_id);
+
+			 		//Set status to 'complete'
+					mysql_query("UPDATE registrations SET status='complete' WHERE num='$reg_num' AND year='{$config['FAIRYEAR']}'");
+
+					/*foreach($recipients AS $recip) {
+						$to=$recip['to'];
+						$subsub=array();
+						$subbod=array(
+							"TO"=>$recip['to'],
+							"EMAIL"=>$recip['email'],
+							"FIRSTNAME"=>$recip['firstname'],
+							"LASTNAME"=>$recip['lastname'],
+							"NAME"=>$recip['firstname']." ".$recip['lastname'],
+							"REGNUM"=>$regnum,
+							"PROJECTNUMBER"=>$projectnumber,
+							);
+						email_send("register_participants_received",$to,$subsub,$subbod);
+					}*/
+
+				// End email stuff
+					//add cuurent registration number to completed_students array
+					$completed_students[] = $reg_num;
+
+				}else{
+					// or add current registration number to incomplete_student array
+					$incomplete_students[] = $reg_num;
+				}
+			
+
+			}
+		//New status automatically means student has not completed the registration process for their project. So execute below:
+		else{
+			// or add current registration number to newstatus_students array
+			$newstatus_students[] = $reg_num;
+			}
+
+		
+	}
+	// Find how many project numbers were assigned/how many projects have complete status (ie signature page/permission form is considered received)
+	$total_completed = count($completed_students);
+
+	// since incomplete_students and newstatus_students both did not get project numbers and are not considered as having signature page/permission form received
+	//    combine them 
+	$total_incomplete = array_merge($incomplete_students, $newstatus_students);
+	
+	echo "<br><br>";
+	echo "<table>";
+	echo "<tr><td>".i18n("$total_completed student(s) registered as $non_capital_participationform received.")."</td></tr>";
+	
+	//display below only if there are registration numbers that don't have project numbers and the students have not completed the registration process
+	if (count($total_incomplete) > 0) {
+		echo "<tr><td>".i18n("Registration numbers which are NOT marked as having their $non_capital_participationform received are shown below:")."</td></tr>";
+		echo "<tr><td>&nbsp</td></tr>";
+		$string = "";
+		echo "<tr><td>";
+
+		//create a string that contains all incomplete registration numbers
+		foreach ($total_incomplete as $regnum){
+			$string = $string.i18n($regnum);
+			$string = $string.", ";
+		} 
+
+		// delete the comma at the end of the string
+		$string = substr($string, 0, strlen($string)-2);
+		echo $string;
+		echo "</td></tr>";
+		echo "<tr><td>&nbsp</td></tr>";
+		echo "<tr><td>";
+		echo i18n("The above registration numbers correspond to projects in which the registration process has not been completed by the student.");
+		echo "</td></tr>";
+	}
+	echo "</table>";
+	echo happy_(i18n("Received all permision forms for complete students"));
+}
+
+send_footer();
+
+?>

admin/registration_stats.php

@@ -97,7 +97,8 @@ else $wherestatus="";
 				projects.title,
 				projects.projectnumber,
 				projects.projectcategories_id,
-				projects.projectdivisions_id
+				projects.projectdivisions_id,
+				projects.language
 			FROM
 				registrations
 				left outer join projects on projects.registrations_id=registrations.id
@@ -118,7 +119,9 @@ else $wherestatus="";
 	$stats_projects_catdiv=array();
 	$stats_students_schools=array();
 	$stats_projects_schools=array();
+	$stats_projects_lang=array();
 	$schools_names=array();
+	$languages=array();
 
 	while($r=mysql_fetch_object($q))
 	{
@@ -126,6 +129,8 @@ else $wherestatus="";
 		$stats_divisions[$r->projectdivisions_id]++;
 		$stats_categories[$r->projectcategories_id]++;
 		$stats_projects_catdiv[$r->projectcategories_id][$r->projectdivisions_id]++;
+		$stats_projects_lang[$r->projectcategories_id][$r->projectdivisions_id][$r->language]++;
+		$languages[$r->language]++;
 
 		switch($r->status)
 		{
@@ -257,6 +262,70 @@ else $wherestatus="";
 	echo i18n("%1 schools total",array(count($schools_names)));
 
 	echo "</td></tr>";
+	echo "<tr><td colspan=\"2\"><br /></td></tr>";
+	echo "<tr><td colspan=\"2\"><h3>{$status_str[$showstatus]} - ".i18n("Projects per age category / division / language")."</h3></td></tr>";
+	echo "<tr><td colspan=\"2\">";
+	echo "<table class=\"tableview\" width=\"100%\">";	
+	echo "<thead><tr><td rowspan='2' width=\"50%\"></td>";
+	foreach($cats AS $c=>$cn) {
+		echo "<th colspan='".count($languages)."'>$cn</th>";
+	}
+	echo "<th colspan='".count($languages)."'>".i18n("Total")."</nobr></th>";
+	echo "</tr><tr>";
+	ksort($languages);
+	$tprojcat = array();
+	foreach($cats AS $c=>$cn) {
+		foreach($languages AS $l=>$ln) {
+			echo "<th>$l</th>";
+		}
+	}
+	foreach($languages AS $l=>$ln) {
+		echo "<th>$l</th>";
+	}
+	echo "</tr></thead>";
+	foreach($divs AS $d=>$dn) {
+		echo "<tr><td>$dn</td>";
+		$tproj=array();
+		foreach($cats AS $c=>$cn)
+		{
+			foreach($languages AS $l=>$ln) {
+				echo "<td align=\"center\">";
+				echo ($stats_projects_lang[$c][$d][$l]?$stats_projects_lang[$c][$d][$l]:0);
+				echo "</td>";
+				$tproj[$l]+=$stats_projects_lang[$c][$d][$l];
+
+				$tprojcat[$c][$l]+=$stats_projects_lang[$c][$d][$l];
+			}
+		}
+		foreach($tproj AS $l=>$ln) {
+			echo "<td align=\"center\"><b>";
+			echo ($ln?$ln:0);
+			echo "</b></td>";
+		}
+		echo "</tr>";
+	}
+	echo "<tr><td><b>".i18n("Total")."</b></td>";
+	$tproj=array();
+	foreach($cats AS $c=>$cn) {
+		foreach($languages AS $l=>$ln) {
+			echo "<td align=\"center\"><b>";
+			echo ($tprojcat[$c][$l]?$tprojcat[$c][$l]:0);
+			echo "</b></td>";
+			$tproj[$l]+=$tprojcat[$c][$l];
+		}
+	}
+	foreach($tproj AS $l=>$ln) {
+		echo "<td align=\"center\"><b>";
+		echo ($ln);
+		echo "</b></td>";
+	}
+	echo "</tr>";
+
+
+	echo "</table>";
+
+	echo "</td></tr>";
+
 	echo "</table>";
 
 	echo "<br />";

admin/reports.inc.php

@@ -21,11 +21,14 @@
    Boston, MA 02111-1307, USA.
 */
 
- require_once("reports_students.inc.php");  /* $report_students_fields */
- require_once("reports_judges.inc.php");  /* $report_students_fields */
- require_once("reports_awards.inc.php");  /* $report_students_fields */
- require_once("reports_committees.inc.php");  /* $report_students_fields */
- require_once("reports_volunteers.inc.php"); /* $report_volunteers_fields */
+// This file was modified Jan of 2014 by Richard Sin
+// A glitch that prints out both english and french columns has been modified.
+
+ require_once("reports_students.inc.php");  	/* $report_students_fields */
+ require_once("reports_judges.inc.php");  	/* $report_students_fields */
+ require_once("reports_awards.inc.php");  	/* $report_students_fields */
+ require_once("reports_committees.inc.php"); 	/* $report_students_fields */
+ require_once("reports_volunteers.inc.php"); 	/* $report_volunteers_fields */
  require_once("reports_schools.inc.php");
  require_once("reports_tours.inc.php");
  require_once("reports_fairs.inc.php");
@@ -299,6 +302,11 @@ foreach($report_stock as $n=>$v) {
 			'custom_url' => 'admin/reports_judges.php?type=csv',
 			'creator' => 'The Grant Brothers');
  $x++;
+ $report_custom[$x] = array('id' => $x, 'name' => 'Custom -- Judges List (CSV) -- ALL YEARS',
+ 			'desc' => 'Judges List - All Years',
+			'custom_url' => 'admin/reports_judges_allyears.php?type=csv',
+			'creator' => 'The Grant Brothers');
+ $x++;
  $report_custom[$x] = array('id' => $x, 'name' => 'Custom -- Judging Teams Project Assignments (PDF)',
  			'desc' => 'Judging Teams Project Assignments',
 			'custom_url' => 'admin/reports_judges_teams_projects.php?type=pdf',
@@ -349,12 +357,12 @@ foreach($report_stock as $n=>$v) {
 	foreach($report[$type] as $k=>$v) {
 		if($type == 'option') {
 			/* field, value, x, y, w, h, lines, face, align, valign, fn, fs, fsize, overflow */
-			$vals = "'$k','$v','0','0','0','0','0','','','','','','0','truncate'";
+			$vals = "'".mysql_real_escape_string($k)."','".mysql_real_escape_string($v)."','0','0','0','0','0','','','','','','0','truncate'";
 		} else {
 			if($v['lines'] == 0) $v['lines'] =1;
 			$fs = is_array($v['fontstyle']) ? implode(',',$v['fontstyle']) : '';
 			$opts = "{$v['align']} {$v['valign']}";
-			$vals = "'{$v['field']}','{$v['value']}',
+			$vals = "'{$v['field']}','".mysql_real_escape_string($v['value'])."',
 				'{$v['x']}','{$v['y']}','{$v['w']}',
 				'{$v['h']}','{$v['lines']}','{$v['face']}',
 				'$opts','{$v['valign']}',
@@ -414,7 +422,7 @@ foreach($report_stock as $n=>$v) {
 			ORDER BY `ord`");
 	print(mysql_error());
 	
-	if(mysql_num_rows($q) == 0) return $ret;
+	if(mysql_num_rows($q) == 0) return $report;
 
 	while($a = mysql_fetch_assoc($q)) {
 		$f = $a['field'];
@@ -424,14 +432,13 @@ foreach($report_stock as $n=>$v) {
 			/* We dont' care about order, just construct
 			 * ['option'][name] = value; */
 			if(!in_array($f, $allow_options)) {
-				print("Type[$type] Field[$f] not allowed.\n");
+//				print("Type[$type] Field[$f] not allowed.\n");
 				continue;
 			}
 			$report['option'][$f] = $a['value'];
-			break;
 		default:
 			if(!in_array($f, $allow_fields)) {
-				print("Type[$type] Field[$f] not allowed.\n");
+//				print("Type[$type] Field[$f] not allowed.\n");
 				continue;
 			}
 			/* Pull out all the data */
@@ -545,13 +552,19 @@ foreach($report_stock as $n=>$v) {
 
  function report_gen($report) 
  {
- 	global $config, $report_students_fields, $report_judges_fields, $report_awards_fields, $report_schools_fields;
+foreach($report['col'] as $v)
+
+	global $config, $report_students_fields, $report_judges_fields, $report_awards_fields, $report_schools_fields;
 	global $report_stock, $report_committees_fields, $report_volunteers_fields;
 	global $report_tours_fields, $report_fairs_fields;
 	global $report_fundraisings_fields;
 	global $filter_ops;
 
-	//print_r($report);
+//foreach($report as $k=>$v){
+//print_r($k.' ~	>');
+//print_r($v);
+//print_r('<br> <br>');
+//}
 	$fieldvar = "report_{$report['type']}s_fields";
 	$fields = $$fieldvar;
 
@@ -639,25 +652,42 @@ foreach($report_stock as $n=>$v) {
 
 	$total_width = 0;
 	$scale_width = 0;
+	$temp=array();
+	$count=0;
+	foreach($report['col'] as $o=>$d) {
+		if($config['default_language']!='fr'){
+			if(strpos($d['field'],'fr_')!='fr_'){
+			$temp[$count]=$d;
+			$count++;
+			}
+		} 
+	}
+	$report['col']=$temp;
 	/* Add up the column widths, and figure out which
 	 * ones are scalable, just in case */
 	foreach($report['col'] as $o=>$d) {
 		$f = $d['field'];
 		$total_width += $fields[$f]['width'];
-		if($fields[$f]['scalable'] == true) 
+		if($fields[$f]['scalable'] == true)
 			$scale_width += $fields[$f]['width'];
 	}
 
 	/* Determine the scale factor (use the label width so
 	 * we can enforce margins) */
+
 	if($report['option']['fit_columns'] == 'yes') { // && $total_width > $label_stock['label_width'])  {
 		$static_width = $total_width - $scale_width;
-        if($scale_width) 
-            $scale_factor = ($label_stock['label_width'] - $static_width) / $scale_width;
-        else
-            $scale_factor = 1.0;
+        	if($scale_width){
+			if ($label_stock['label_width'] - $static_width > 0) {
+	        		$scale_factor = ($label_stock['label_width'] - $static_width) / $scale_width;
+ 			} else {
+				$scale_factor = $label_stock['label_width']/$total_width;
+			} 
+		} else {
+        		$scale_factor = 1.0;
+		}
 	} else {
-		$scale_factor = 1.0;
+			$scale_factor = 1.0;
 	}
 
 	/* Select columns to display */
@@ -699,6 +729,7 @@ foreach($report_stock as $n=>$v) {
 		}
 	}
 
+
 	/* If no sort order is specified, make the first field the order */
 	if(count($report['sort']) == 0) 
 		$report['sort'] = array(0 => array('field' => $report['col'][0]['field']));
@@ -762,10 +793,11 @@ foreach($report_stock as $n=>$v) {
 
 	$q = "SELECT $sel  $q  $filter_query $group_query ORDER BY $order";
 	$r = mysql_query($q);
-
+ 
 //	print_r($report);
 //	print_r($report['filter']);
 //	echo "$q";
+	
 
 	if($r == false) {
 		echo "The report database query has failed.  This is
@@ -786,9 +818,8 @@ foreach($report_stock as $n=>$v) {
 	$last_group_data = array();
 
 //	echo "<pre>";print_r($rep);
-
 	while($i = mysql_fetch_assoc($r)) {
-
+		
 		if($n_groups > 0) {
 			$group_change = false;
 			/* See if any of the "group" fields have changed */
@@ -808,9 +839,10 @@ foreach($report_stock as $n=>$v) {
 
 			if($group_change) {
 				/* Dump the last table */
+
 				if(count($table['data'])) {
 				//	print_r($table);
-					$rep->addTable($table);
+					$rep->addTable($table);  //table is the content
 					$rep->nextLine();
 					$table['data'] = array();
 					$table['total'] = 0;
@@ -843,18 +875,17 @@ foreach($report_stock as $n=>$v) {
 			$rep->label_new();
 		}
 
-		foreach($report['col'] as $o=>$d) {
+		foreach($report['col'] as $o=>$d) {			//fill in one page
 			$f = $d['field'];
+
 			if(is_array($fields[$f]['value_map'])) {
 				$v = $fields[$f]['value_map'][$i["C$o"]];
 			} else if(is_callable($fields[$f]['exec_function'])) {
 				$v = call_user_func_array($fields[$f]['exec_function'], array($report, $f, $i["C$o"]));
-//			} else if(isset($fields[$f]['exec_code'])) {
-//				Somethign like this, how do we pass $i["C$o"] in?
-//				$v = exec($fields[$f]['exec_code']);
 			} else {
 				$v =  $i["C$o"];
 			}
+
 			if($gen_mode == 'table') {
 				$data[] = $v;
 			} else if($gen_mode == 'label') {
@@ -865,7 +896,7 @@ foreach($report_stock as $n=>$v) {
 				if($report['option']['field_box'] == 'yes') 
 					$opt[] = 'field_box';
 
-
+//the page content is filled
 				/* Special column, draw a box */
 				if($f == 'static_box') {
 					$rep->addLabelBox($d['x'], $d['y'], $d['w'],
@@ -885,20 +916,73 @@ foreach($report_stock as $n=>$v) {
 
 //				echo "<pre>"; print_r($d);
 
+				switch($f) {
+				case 'static_box':
+					$rep->label_rect($d['x'], $d['y'], $d['w'], $d['h']);
+					break;
+				case 'fair_logo':
+					$rep->label_fair_logo($d['x'], $d['y'], $d['w'], $d['h'], $show_box);
+					break;
+				case "projectbarcode":
+					$style = array(
+					'border' => 2,
+					'vpadding' => 'auto',
+					'hpadding' => 'auto',
+					'fgcolor' => array(0,0,0),
+					'bgcolor' => false, //array(255,255,255)
+					'module_width' => 2, // width of a single module in points
+					'module_height' => 2 // height of a single module in points
+					);
+					$rep->label_barcode($v, 'QRCODE,H', $d['x'], $d['y'], $d['w'], $d['h'], $style, 'N');
+				break;
+					
+				default:
+					if($f == 'static_text') 
+						$v = $d['value'];
+
+					$v = iconv("ISO-8859-1","UTF-8",$v);
+
+					$rep->label_text($d['x'], $d['y'], $d['w'], $d['h'],
+					$v, $show_box, $d['align'], $d['valign'],
+					$d['fontname'],$d['fontstyle'],$d['fontsize'],
+					$d['on_overflow']);
+
+					break;
+				}
+
+
+
+/*
 				if($f == 'static_box') {
 					$rep->label_rect($d['x'], $d['y'], $d['w'], $d['h']);
 				} else {
 					if($f == 'static_text') $v = $d['value'];
 
 					$v = iconv("ISO-8859-1//TRANSLIT", "UTF-8", $v);
+					if($f=="projectbarcode") {
+						$style = array(
+							'border' => 2,
+							'vpadding' => 'auto',
+							'hpadding' => 'auto',
+							'fgcolor' => array(0,0,0),
+							'bgcolor' => false, //array(255,255,255)
+							'module_width' => 2, // width of a single module in points
+							'module_height' => 2 // height of a single module in points
+						);
+						$rep->label_barcode($v, 'QRCODE,H', $d['x'], $d['y'], $d['w'], $d['h'], $style, 'N');
+					}
+					else {
+						$rep->label_text($d['x'], $d['y'], $d['w'], $d['h'],
+								$v, $show_box, $d['align'], $d['valign'],
+								$d['fontname'],$d['fontstyle'],$d['fontsize'],
+								$d['on_overflow']);
+					}
 
-					$rep->label_text($d['x'], $d['y'], $d['w'], $d['h'],
-							$v, $show_box, $d['align'], $d['valign'],
-							$d['fontname'],$d['fontstyle'],$d['fontsize'],
-							$d['on_overflow']);
 				}
+				*/
 
 			}
+//}
 
 			if($fields[$f]['total'] == true)
 				$table['total'] += $v;

admin/reports_acscript.php

@@ -24,7 +24,11 @@
  if(is_array($_GET['show_category'])) {
 	 $show_category = array();
  	foreach($_GET['show_category'] as $id=>$val) {
-		$show_category[] = "award_awards_projectcategories.projectcategories_id='$id'";
+		$show_category[] = "projects.projectcategories_id='$id'";
+	}
+	if($show_unawarded_prizes=="yes")
+	{
+		$show_category[] = "projects.projectcategories_id IS NULL";
 	}
 	$and_categories = join(' OR ', $show_category);
  } else {
@@ -64,18 +68,14 @@ if(!$scriptformat) $scriptformat="default";
 			FROM 
 				award_awards,
 				award_types,
-				sponsors,
-				award_awards_projectcategories
+				sponsors
 			WHERE 
 					award_awards.year='$foryear'
 				AND	award_types.year='$foryear'
 				AND	award_awards.award_types_id=award_types.id
 				AND	award_awards.sponsors_id=sponsors.id
-				AND     award_awards.id=award_awards_projectcategories.award_awards_id
 				AND	award_awards.excludefromac='0'
-				AND ($and_categories)
 				$awardtype
-			GROUP BY award_awards.id
 			ORDER BY awards_order");
 
 	echo mysql_error();
@@ -107,6 +107,7 @@ if(!$scriptformat) $scriptformat="default";
 						award_awards_id='{$r->id}' 
 						AND award_prizes.year='$foryear'
 						AND award_prizes.excludefromac='0'
+						AND ($and_categories)
 					ORDER BY 
 						`order`,
 						projects.projectnumber");

admin/reports_awards.inc.php

@@ -21,6 +21,14 @@
    Boston, MA 02111-1307, USA.
 */
 
+function report_awards_fr($report, $field, $text) {
+	return i18n($text,array(),array(),"fr");
+}
+
+function report_cash_words($report, $field, $text) {
+	return wordify($text, true);
+}
+
 $report_awards_fields = array(
 	'name' =>  array(
 		'start_option_group' => 'Award Information',
@@ -29,12 +37,26 @@ $report_awards_fields = array(
 		'width' => 3.0,
 		'table' => 'award_awards.name' ),
 
+	'name_fr' =>  array(
+		'name' => 'Award -- Name (French)',
+		'header' => 'Award Name',
+		'width' => 3.0,
+		'table' => 'award_awards.name',
+		'exec_function' => 'report_awards_fr' ),
+
 	'criteria' =>  array(
 		'name' => 'Award -- Criteria',
 		'header' => 'Award Criteria',
 		'width' => 3.0,
 		'table' => 'award_awards.criteria' ),
 
+	'criteria_fr' =>  array(
+		'name' => 'Award -- Criteria (French)',
+		'header' => 'Award Criteria',
+		'width' => 3.0,
+		'table' => 'award_awards.criteria',
+		'exec_function' => 'report_awards_fr' ),
+
 	'presenter' =>  array(
 		'name' => 'Award -- Presenter',
 		'header' => 'Award Presenter',
@@ -197,6 +219,36 @@ $report_awards_fields = array(
 		'width' => 3,
 		'table' => 'PRIMARYCONTACT.notes' ),
 
+	'pcontact_address' =>  array(
+		'name' => 'Primary Contact Address -- Street',
+		'header' => 'Address',
+		'width' => 2.0,
+		'table' => "CONCAT(PRIMARYCONTACTUSER.address, ' ', PRIMARYCONTACTUSER.address2)"),
+
+	'pcontact_city' =>  array(
+		'name' => 'Primary Contact Address -- City',
+		'header' => 'City',
+		'width' => 1.5,
+		'table' => 'PRIMARYCONTACTUSER.city'),
+
+	'pcontact_province' =>  array(
+		'name' => 'Primary Contact Address -- '.$config['provincestate'],
+		'header' => $config['provincestate'],
+		'width' => 0.75,
+		'table' => 'PRIMARYCONTACTUSER.province'),
+
+	'pcontact_postal' =>  array(
+		'name' => 'Primary Contact Address -- '.$config['postalzip'],
+		'header' => $config['postalzip'],
+		'width' => 0.75,
+		'table' => 'PRIMARYCONTACTUSER.postalcode' ),
+
+ 	'pcontact_city_prov' =>  array(
+		'name' => 'Primary Contact Address -- City, '.$config['provincestate'].' (for mailing)',
+		'header' => 'City',
+		'width' => 1.5,
+		'table' => "CONCAT(PRIMARYCONTACTUSER.city, ', ', PRIMARYCONTACTUSER.province)"),
+
 	'judgeteamname' => array(
 		'start_option_group' => 'Judging Team',
 		'components' => array('judgingteam'),
@@ -242,6 +294,15 @@ $report_awards_fields = array(
 		'table' => 'award_prizes.cash',
 		'components' => array('prizes')),
 
+	'prize_cash_words' => array(
+		'name' => 'Prize --  Cash Amount In Words',
+		'header' => 'Cash',
+		'width' => 0.5,
+		'table' => 'award_prizes.cash',
+		'components' => array('prizes'),
+		'exec_function' => 'report_cash_words'
+		),
+	
 	'prize_scholarship' => array(
 		'name' => 'Prize --  Scholarship Amount',
 		'header' => 'Scholarship',

admin/reports_committees.inc.php

@@ -95,6 +95,24 @@ $report_committees_fields = array(
 		'width' => 2,
 		'table' => 'users.organization'),
 
+	'committee' => array(
+		'name' => 'Committee Member -- Committee Name',
+		'header' => 'Committee',
+		'width' => 2,
+		'table' => 'committees.name'),
+
+	'title' => array(
+		'name' => 'Committee Member -- Title on Committee',
+		'header' => 'Title',
+		'width' => 2,
+		'table' => 'committees_link.title'),
+
+	'committeetitle' => array(
+		'name' => 'Committee Member -- Committee and Title',
+		'header' => 'Committee and Title',
+		'width' => 2,
+		'table' => "CONCAT(committees.name, ' - ', committees_link.title)"),
+
 	'firstaid' => array(
 		'name' => 'Committee Member -- First Aid Training',
 		'header' => 'F.Aid',
@@ -135,9 +153,16 @@ $report_committees_fields = array(
 	}
 */										
 	$q = "	FROM 
-			users
+			committees_link
+			JOIN committees ON committees_link.committees_id=committees.id
+			JOIN users
+				ON committees_link.users_uid=users.uid
+			LEFT OUTER JOIN users u2
+				ON u2.uid=users.uid
+				AND u2.year>users.year
 		WHERE
 			users.types LIKE '%committee%'
+			AND u2.uid IS NULL
 		";
 
 	return $q;

admin/reports_editor.php

@@ -22,6 +22,7 @@
 */
 ?>
 <?
+ 
  require("../common.inc.php");
  require_once("../user.inc.php");
  user_auth_required('committee', 'admin');
@@ -38,6 +39,7 @@
  require_once('reports.inc.php');
  require_once('../tcpdf.inc.php');
 
+
  $fields = array();
  $locs = array('X' => 'x', 'Y' => 'y', 'W' => 'w', 'H' => 'h', 'Lines' => 'lines');
 
@@ -53,6 +55,10 @@
 			if($in_optgroup) echo '</optgroup>';
 			echo '<optgroup label="'.i18n($f['start_option_group']).'">';
 		}
+		if($f['name']=='Project -- Type'){										//filter out if the configuration setting does not allow for the project type
+			global $config;
+			if($config['project_type']=='no') continue;
+		}
 		$sel = ($selected == $k) ? 'selected=\"selected\"': '' ;
         	echo "<option value=\"$k\" $sel >{$f['name']}</option>";
 	}	
@@ -64,7 +70,7 @@
  {
 	echo "<select name=\"$name\" $onchange >";
 	foreach($a as $v=>$val) {
-		$sel = ($selected == $v) ? 'selected=\"selected\"' : '';
+		$sel = ($selected == $v) ? 'selected=selected' : '';
 		echo "<option value=\"$v\" $sel>$val</option>";
 	}
 	echo '</select>';
@@ -333,7 +339,7 @@ function createDataTCPDF(x,y,w,h,align,valign,fontname,fontstyle,fontsize,value)
 	/* Do the options */
 	$x = 0;
 	foreach($report['option'] as $k=>$v) {
-		echo "\n\t('', LAST_INSERT_ID(), 'option', $x, '$k', '$v', 0, 0, 0, 0, 0, '', ''),";
+		echo "\n\t('', LAST_INSERT_ID(), 'option', $x, '$k', '".mysql_real_escape_string($v)."', 0, 0, 0, 0, 0, '', ''),";
 		$x++;
 	}
 	/* Do the fields */
@@ -574,14 +580,14 @@ $doCanvasSampletcpdf = false;
  }
  echo "</table>\n";
  echo "<h4>Grouping</h4>";
- for($x=0;$x<2;$x++) {
+ for($x=0;$x<3;$x++) {
 	echo "Group By".($x + 1).": ";
 	$f = $report['group'][$x]['field'];
 	field_selector("group[$x]", "group$x", $f);
 	echo "<br />"; 
  }
  echo "<h4>Sorting</h4>";
- for($x=0;$x<3;$x++) {
+ for($x=0;$x<5;$x++) {
 	echo "Sort By".($x + 1).": ";
 	$f = $report['sort'][$x]['field'];
 	field_selector("sort[$x]", "sort$x",$f); 

admin/reports_fundraising.inc.php

@@ -24,7 +24,7 @@
 
 /* Take the language array in users_fundraising, unserialize it, and join it
  * with a space */
-function report_fundraisings_languages(&$report, $field, $text)
+function report_fundraisings_languages($report, $field, $text)
 {
 		$l = unserialize($text);
 		return join(' ', $l);

admin/reports_judges.inc.php

@@ -25,7 +25,7 @@ require_once('../questions.inc.php');
 
 /* Take the language array in users_judge, unserialize it, and join it
  * with a space */
-function report_judges_languages(&$report, $field, $text)
+function report_judges_languages($report, $field, $text)
 {
 	$l = unserialize($text);
 	return ($l?join(' ', $l):'');
@@ -39,11 +39,13 @@ $report_judges_cats = array();
 function report_judges_load_divs($year)
 {
 	global $report_judges_divs;
+	global $pdo;
 	/* Load divisions for this year, only once */
 	if(!array_key_exists($year, $report_judges_divs)) {
 		$report_judges_divs[$year] = array();
-		$q = mysql_query("SELECT * FROM projectdivisions WHERE year='$year'");
-		while(($d = mysql_fetch_assoc($q))) {
+		$q = $pdo->prepare("SELECT * FROM projectdivisions WHERE year='$year'");
+		$q->execute();
+		while(($d =$q->fetch(PDO::FETCH_ASSOC))) {
 			$report_judges_divs[$year][$d['id']] = $d;
 		}
 	}
@@ -51,9 +53,11 @@ function report_judges_load_divs($year)
 function report_judges_load_cats($year)
 {
 	global $report_judges_cats;
+	global $pdo;
 	if(!array_key_exists($year, $report_judges_cats)) {
-	        $q = mysql_query("SELECT * FROM projectcategories WHERE year='$year'");
-		while(($c = mysql_fetch_assoc($q))) {
+			$q = $pdo->prepare("SELECT * FROM projectcategories WHERE year='$year'");
+			$q->execute();
+		while(($c = $q->fetch(PDO::FETCH_ASSOC))) {
 			$report_judges_cats[$year][$c['id']] = $c;
 		}
 	}
@@ -61,7 +65,7 @@ function report_judges_load_cats($year)
 
 
 /* Return all divisions rated at expertise level x */
-function report_judges_divs_at_exp(&$report, $field, $text)
+function report_judges_divs_at_exp($report, $field, $text)
 {
 	global $report_judges_divs;
 
@@ -89,7 +93,7 @@ function report_judges_divs_at_exp(&$report, $field, $text)
 	return join(', ', $retl);
 }
 
-function report_judges_cats_at_pref(&$report, $field, $text)
+function report_judges_cats_at_pref($report, $field, $text)
 {
 	global $report_judges_cats;
 	$prefs = array('H' => 2, 'h' => 1, 'i' => 0, 'l' => -1, 'L' => -2);
@@ -118,7 +122,7 @@ function report_judges_cats_at_pref(&$report, $field, $text)
 	return join(', ', $retl);
 }
 
-function report_judges_custom_question(&$report, $field, $text)
+function report_judges_custom_question($report, $field, $text)
 {
 	/* Field is 'question_x', users_id is passed in $text */
 	$q_ord = substr($field, 9);
@@ -138,7 +142,7 @@ function report_judges_custom_question(&$report, $field, $text)
 	return $answer['answer'];
 }
 
-function report_judges_div_exp(&$report, $field, $text)
+function report_judges_div_exp($report, $field, $text)
 {
 	/* Field is 'div_exp_x', users_id is passed in $text */
 	$div_id = substr($field, 8);
@@ -150,7 +154,7 @@ function report_judges_div_exp(&$report, $field, $text)
 
 	return $divprefs[$div_id];
 }
-function report_judges_cat_pref(&$report, $field, $text)
+function report_judges_cat_pref($report, $field, $text)
 {
 	$prefs = array(-2 => 'Lowest', -1 => 'Low',
 			0 => '--',
@@ -166,7 +170,7 @@ function report_judges_cat_pref(&$report, $field, $text)
 	return i18n($prefs[$catprefs[$cat_id]]);
 }
 
-function report_judges_team_members(&$report, $field, $text)
+function report_judges_team_members($report, $field, $text)
 {
 	$year = $report['year'];
 	$judges_teams_id = $text;
@@ -223,7 +227,18 @@ function report_judges_load_rounds($year)
 //        if($r['type'] == 'special') $round_special_awards[] = $r;
 }
 
-function report_judges_time_availability(&$report, $field, $text)
+function report_judges_specialaward($report, $field, $text)
+{
+	global $config, $report_judges_rounds;
+	$year = $report['year'];
+	$award_id = $text;
+	$q=mysql_query("SELECT * FROM award_awards WHERE id='".intval($award_id)."'");
+	$r=mysql_fetch_object($q);
+	return $r->name;
+
+}
+
+function report_judges_time_availability($report, $field, $text)
 {
 	global $config, $report_judges_rounds;
 	$year = $report['year'];
@@ -443,6 +458,13 @@ $report_judges_fields = array(
 		'exec_function' => 'report_judges_divs_at_exp', /* Yes, the same function as divs_at_exp_5 */
 		'components' => array('users_judge')),
 
+        'other_exp' => array(
+                'name' => 'Judge -- Other Expertise',
+                'header' => 'Expertise Other',
+                'width' => 2,
+                'table' => 'users_judge.expertise_other',
+                'components' => array('users_judge')),
+
 	/* Fill these in below, they're all the same */
 	'div_exp_1' => array(), 'div_exp_2' => array(), 'div_exp_3' => array(), 'div_exp_4' => array(), 'div_exp_5' => array(), 
 	'div_exp_6' => array(), 'div_exp_7' => array(), 'div_exp_8' => array(), 'div_exp_9' => array(), 'div_exp_10' => array(), 
@@ -609,6 +631,14 @@ $report_judges_fields = array(
 		'table' => 'users_judge.special_award_only',
 		'components' => array('users_judge')),
 
+	'special_award_only_sa' =>  array(
+		'name' => 'Judge -- Special Award Only - Selected Special Award',
+		'header' => 'Selected Special Award',
+		'width' => 2.5,
+		'table' => 'judges_specialaward_sel.award_awards_id',
+		'exec_function' => 'report_judges_specialaward',
+		'components' => array('users_judge')),
+
 	'year' =>  array(
 		'name' => 'Judge -- Year',
 		'header' => 'Year',
@@ -882,6 +912,7 @@ function report_judges_update_cats($year)
 
 	report_judges_load_cats($year);
 
+	////FIXME No check for empty projectcategories, please check the NULL case of count($report_judges_cats[$year])
 	if(count($report_judges_cats[$year]) > 10) {
 		echo "Not enough judge age category fields, please file a bug report at sfiab.ca and report that you have ".count($report_judges_cats[$year])." age categories, but the system can handle a maximum of 10.";
 		exit;
@@ -919,6 +950,7 @@ function report_judges_fromwhere($report, $components)
 
 	if(in_array('users_judge', $components)) {
 		$uj_from = 'LEFT JOIN users_judge ON users_judge.users_id=users.id';
+		$uj_from .= ' LEFT JOIN judges_specialaward_sel ON judges_specialaward_sel.users_id=users.id';
 	}
 					
 	$teams_from = '';

admin/reports_judges.php

@@ -99,6 +99,34 @@ while($r=mysql_fetch_object($q))
 //now append the arrays together
 $table['header']=array_merge($table['header'],array_merge($catheadings,$divheadings));
 
+	$times = array();
+	$datetimeheadings=array();
+
+	/* Load the judging rounds */
+	$q = mysql_query("SELECT date,starttime,endtime,name FROM judges_timeslots WHERE round_id='0' AND year='{$config['FAIRYEAR']}' ORDER BY starttime,type");
+	$x = 0;
+	while($r = mysql_fetch_object($q)) {
+		$found = false;
+		foreach($times as $xx => $t) {
+			if($t['date'] == $r->date && $t['starttime'] == $r->starttime && $t['endtime'] == $r->endtime) {
+				$times[$xx]['name'] .= ", {$r->name}";
+				$found = true;
+				break;
+			}
+		}
+		if(!$found) {
+			$times[$x] = array( 'date' => $r->date,
+					'starttime' => $r->starttime,
+					'endtime' => $r->endtime,
+					'name' => $r->name);
+			$datetimeheadings[]=$r->name;
+			$x++;
+		}
+	}
+
+$table['header']=array_merge($table['header'],$datetimeheadings);
+
+
 
 //fill these in if we ever make this PDFable
 $table['widths']=array();
@@ -150,6 +178,27 @@ while($r=mysql_fetch_object($q)) {
 	foreach($keys as $qid) {
 		$qarray[] = $qans[$qid];
 	}
+
+
+	$tq = mysql_query("SELECT * FROM judges_availability WHERE users_id=\"".$r->id."\" ORDER BY `start`");
+
+	$sel = array();
+	$timedata=array();
+	while($tr=mysql_fetch_object($tq)) {
+		foreach($times as $x=>$t) {
+			if($tr->start == $t['starttime'] && $tr->end == $t['endtime'] && $tr->date == $t['date']) {
+				$sel[$x] = true;
+			}
+		}
+	}
+
+	foreach($times as $x=>$t) {
+		if($sel[$x]==true) {
+			$timedata[]="yes";
+		} else {
+			$timedata[]="no";
+		}
+	}
 		
 	$tmp=array(
 		$r->id,
@@ -175,7 +224,7 @@ while($r=mysql_fetch_object($q)) {
 	$tmp = array_merge($tmp, $qarray);
 
 	$extradata=array_merge($catdata,$divdata);
-	$table['data'][]=array_merge($tmp,$extradata);
+	$table['data'][]=array_merge(array_merge($tmp,$extradata),$timedata);
 }
 
 $rep->addTable($table);

admin/reports_judges_allyears.php

@@ -0,0 +1,185 @@
+<?
+/* 
+   This file is part of the 'Science Fair In A Box' project
+   SFIAB Website: http://www.sfiab.ca
+
+   Copyright (C) 2005 Sci-Tech Ontario Inc <info@scitechontario.org>
+   Copyright (C) 2005 James Grant <james@lightbox.org>
+
+   This program is free software; you can redistribute it and/or
+   modify it under the terms of the GNU General Public
+   License as published by the Free Software Foundation, version 2.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+    General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program; see the file COPYING.  If not, write to
+   the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
+   Boston, MA 02111-1307, USA.
+*/
+?>
+<?
+ require("../common.inc.php");
+ require_once("../user.inc.php");
+ user_auth_required('committee', 'admin');
+ require("../lpdf.php");
+ require("../lcsv.php");
+ require("../questions.inc.php");
+
+ if(!$_GET['type']) $type="csv";
+ else $type=$_GET['type'];
+
+if($type=="pdf")
+{
+	$rep=new lpdf(	i18n($config['fairname']),
+			i18n("Judge List"),
+			$_SERVER['DOCUMENT_ROOT'].$config['SFIABDIRECTORY']."/data/logo-200.gif"
+			);
+
+	$rep->newPage();
+	$rep->setFontSize(11);
+}
+else if($type=="csv")
+{
+	$rep=new lcsv(i18n("Judge List"));
+}
+
+$table=array();
+$table['header']=array( 
+			i18n("ID"),	
+			i18n("Unique ID"),	
+			i18n("Year"),	
+			i18n("Last Name"),
+			i18n("First Name"),
+			i18n("Email"),
+			i18n("Phone Home"),
+			i18n("Phone Work"),
+			i18n("Phone Work Ext"),
+			i18n("Phone Cell"),
+			i18n("Languages"),
+			i18n("Organization"),
+			i18n("Address 1"),
+			i18n("Address 2"),
+			i18n("City"),
+			i18n($config['provincestate']),
+			i18n($config['postalzip']),
+			i18n("Highest PostSecDeg"),
+			i18n("Professional Quals"),
+			i18n("Expertise Other"));
+
+/* Append headers for all the custom questions */
+$qs=questions_load_questions('judgereg', $config['FAIRYEAR']);
+$keys = array_keys($qs);
+foreach($keys as $qid) {
+	$table['header'][] = i18n($qs[$qid]['db_heading']);
+}
+
+
+//grab the list of divisions, because the last fields of the table will be the sub-divisions 
+$q=mysql_query("SELECT * FROM projectcategories WHERE year='".$config['FAIRYEAR']."' ORDER BY id");
+$numcats=mysql_num_rows($q);
+$catheadings=array();
+while($r=mysql_fetch_object($q))
+{
+	$cats[]=$r->id;
+	$catheadings[]="$r->category (out of 5)";
+}
+//grab the list of divisions, because the last fields of the table will be the sub-divisions 
+$q=mysql_query("SELECT * FROM projectdivisions WHERE year='".$config['FAIRYEAR']."' ORDER BY id");
+$divheadings=array();
+while($r=mysql_fetch_object($q))
+{
+	$divs[]=$r->id;
+	$divheadings[]="$r->division (out of 5)";
+	$divheadings[]="$r->division subdivisions";
+}
+
+//now append the arrays together
+$table['header']=array_merge($table['header'],array_merge($catheadings,$divheadings));
+
+
+//fill these in if we ever make this PDFable
+$table['widths']=array();
+$table['dataalign']=array();
+
+$q=mysql_query("SELECT 
+				users.*,
+				users_judge.*
+			FROM 
+				users
+				JOIN users_judge ON users.id=users_judge.users_id
+			WHERE 
+				users.deleted='no'
+				AND users.types LIKE '%judge%'
+			ORDER BY 
+				lastname,
+				firstname,
+				year");
+echo mysql_error();
+while($r=mysql_fetch_object($q)) {
+	$u=user_load($r->id);
+
+	$expertise_other=str_replace("\n"," ",$r->expertise_other);
+	$expertise_other=str_replace("\r","",$expertise_other);
+
+	if(isset($divdata)) unset($divdata); $divdata=array();
+	if(isset($catdata)) unset($catdata); $catdata=array();
+	$languages="";
+
+	foreach($u['cat_prefs'] AS $c) {
+		$catdata[]=$c+2;
+	}
+
+	foreach($u['div_prefs'] AS $d) {
+		$divdata[]=$d;
+		//FIXME: 2010-01-22 - James - get the sub divisions for now we use a placeholder
+		$divdata[]="";
+	}
+
+	foreach($u['languages'] AS $k=>$v) {
+		$languages.="$v/";
+	}
+	$languages=substr($languages,0,-1);
+
+	$qarray = array();
+	$qans = questions_load_answers('judgereg', $r->id, $config['FAIRYEAR']);
+	$keys = array_keys($qans);
+	foreach($keys as $qid) {
+		$qarray[] = $qans[$qid];
+	}
+		
+	$tmp=array(
+		$r->id,
+		$r->uid,
+		$r->year,
+		$r->lastname,
+		$r->firstname,
+		$r->email,
+		$r->phonehome,
+		$r->phonework,
+		$r->phoneworkext,
+		$r->phonecell,
+		$languages,
+		$r->organization,
+		$r->address,
+		$r->address2,
+		$r->city,
+		$r->province,
+		$r->postalcode,
+		$r->highest_psd,
+		$r->professional_quals,
+		$expertise_other
+		);
+	$tmp = array_merge($tmp, $qarray);
+
+	$extradata=array_merge($catdata,$divdata);
+	$table['data'][]=array_merge($tmp,$extradata);
+}
+
+$rep->addTable($table);
+$rep->output();
+
+?>

admin/reports_judges_teams_projects.php

@@ -60,7 +60,7 @@
 		$table=array();
 		$table['header']=array(i18n("Timeslot"),i18n("Proj #"),i18n("Project Title"));
 		if($show_date)
-			$table['widths']=array(		2.25,		0.75, 		4.00);
+			$table['widths']=array(		2.50,		0.75, 		3.75);
 		else
 			$table['widths']=array(		1.5,		0.75, 		4.75);
 
@@ -140,7 +140,7 @@
 		while($r=mysql_fetch_object($q))
 		{
 			if($show_date)
-				$timeslot=$r->date." ";
+				$timeslot=format_date($r->date)." ";
 			else
 				$timeslot="";
 			$timeslot.=format_time($r->starttime)." - ".format_time($r->endtime);

admin/reports_mailinglabels_generator.php

@@ -68,6 +68,7 @@ if($report)
 		case "schools":
 				$q=mysql_query("SELECT  
 							schools.school AS name,
+							schools.board AS board,
 							schools.schoollang,
 							schools.sciencehead AS co,
 							schools.address AS address,
@@ -153,17 +154,23 @@ if($report)
 				$coname=i18n("Science Department Head",array(),array(),$r->schoollang);
 
 			$co=i18n("C/O %1",array($coname),array("Name of person"),$r->schoollang);
-		}
-		else $co="C/O $r->co";
 
-		if($_GET['type']=="pdf")
-		{
-			$rep->newLabel();
-			$rep->mailingLabel($r->name,$co,$r->address,$r->city,$r->province,$r->postalcode);
+			
+			$name=$r->name;
+			if($r->board) 
+				$name.=" [".$r->board."]";
 		}
-		else if($_GET['type']=="csv")
-		{
-			$table['data'][]=array($r->name,$co,$r->address,$r->city,$r->province,$r->postalcode);
+		else {
+			 $co="C/O $r->co";
+			 $name=$r->name;
+		}
+
+		if($_GET['type']=="pdf") {
+			$rep->newLabel();
+			$rep->mailingLabel($name,$co,$r->address,$r->city,$r->province,$r->postalcode);
+		}
+		else if($_GET['type']=="csv") {
+			$table['data'][]=array($name,$co,$r->address,$r->city,$r->province,$r->postalcode);
 		}
 	}
 

admin/reports_projects_judges_teams.php

@@ -110,7 +110,7 @@
 		$table=array();
 		$table['header']=array(i18n("Timeslot"),i18n("Judging Team"));
 		if($show_date)
-			$table['widths']=array(		2.25,		4.75);
+			$table['widths']=array(		2.50,		4.50);
 		else
 			$table['widths']=array(		1.5,		5.50);
 

admin/reports_schools.inc.php

@@ -22,7 +22,7 @@
 */
 
 
-function reports_schools_principal(&$report, $field, $text)
+function reports_schools_principal($report, $field, $text)
 {
 	$year = $report['year'];
 	if($text > 0) { /* text is the uid */
@@ -31,17 +31,17 @@ function reports_schools_principal(&$report, $field, $text)
 	}
 	return '';
 }
-function reports_schools_sciencehead(&$report, $field, $text)
+function reports_schools_sciencehead($report, $field, $text)
 {
 	$year = $report['year'];
 	if($text > 0) { /* text is the uid */
 		$u = user_load_by_uid_year($text, $year);
-		return $u['name'];
+		return i18n("%1 or Science Department Head",array($u['name']));
 	}
-	return '';
+	return i18n("Science Department Head");
 }
 
-function reports_schools_shphone(&$report, $field, $text)
+function reports_schools_shphone($report, $field, $text)
 {
 	$year = $report['year'];
 	if($text > 0) { /* text is the uid */
@@ -51,7 +51,7 @@ function reports_schools_shphone(&$report, $field, $text)
 	return '';
 }
 
-function reports_schools_shemail(&$report, $field, $text)
+function reports_schools_shemail($report, $field, $text)
 {
 	$year = $report['year'];
 	if($text > 0) { /* text is the uid */

admin/reports_students.inc.php

@@ -13,7 +13,7 @@
    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-    General Public License for more details.
+   General Public License for more details.
 
    You should have received a copy of the GNU General Public License
    along with this program; see the file COPYING.  If not, write to
@@ -21,12 +21,65 @@
    Boston, MA 02111-1307, USA.
 */
 
-function report_students_i18n_fr(&$report, $field, $text)
+// This file was modified Jan of 2014 by Richard Sin
+// Project Type has been added to the list.
+// Cheque Splitting algorithm is added.
+
+function report_students_i18n_fr($report, $field, $text)
 {
 	return i18n($text, array(), array(), 'fr');
 }
 
-function reports_students_numstudents(&$report, $field, $text)
+function report_student_cash_words($report, $field, $text) {
+	return wordify($text, true);
+}
+
+function report_student_cash_cheque($report, $field, $text) {
+	return sprintf("\$***%0.2f", $text);
+}
+
+function report_student_get_date_today($report, $field, $text) {
+	return format_date(time());
+}
+
+function report_student_get_date_today_for_cheques($report, $field, $text) {
+	global $config;
+	$format = $config['cheque_date_format'];
+	$format = str_replace(array('YYYY', 'MM', 'DD'), array('Y', 'm', 'd'), $format);
+	if(!(strlen($format) == 3 && strstr('Y', $format) !== null && strstr('m', $format) !== null && strstr('d', $format) !== null)){
+		$format = 'Ymd';
+	}
+	return implode(' ', preg_split('//', date($format), -1));
+}
+
+function report_student_get_cheque_date_format($report, $field, $text){
+	global $config;
+	return implode('  ', preg_split('//', $config['cheque_date_format'], -1));
+}
+
+function report_student_safety_question($report, $field, $text) {
+
+
+	/* Field is 'safetyquestion_x', registration_id is passed in $text */
+	$q_ord = intval(substr($field, 15));
+	$regid = $text;
+
+	//safetyquestions start counting 1-10, but when we LIMIT, we need to index on 0-9
+	$q_ord--;
+
+		$q=mysql_query("SELECT safetyquestions.question,
+			safety.answer
+		FROM safetyquestions
+		JOIN safety ON safetyquestions.id=safety.safetyquestions_id
+		WHERE safety.registrations_id='".$regid."' 
+		ORDER BY safetyquestions.ord LIMIT $q_ord,1");
+
+	$r=mysql_fetch_object($q);
+	return $r->answer;
+}
+
+
+function reports_students_numstudents($report, $field, $text)
 {
 	$year = $report['year'];
 	$q = mysql_query("SELECT students.id FROM students 
@@ -35,7 +88,7 @@ function reports_students_numstudents(&$report, $field, $text)
 	return mysql_num_rows($q);
 }
 
-function reports_students_award_selfnom_num(&$report, $field, $text, $n)
+function reports_students_award_selfnom_num($report, $field, $text, $n)
 {
 	$year = $report['year'];
 	$q = mysql_query("SELECT award_awards.name FROM 
@@ -50,27 +103,27 @@ function reports_students_award_selfnom_num(&$report, $field, $text, $n)
 	$i = mysql_fetch_assoc($q);
 	return $i['name'];
 }
-function reports_students_award_selfnom_1(&$report, $field, $text)
+function reports_students_award_selfnom_1($report, $field, $text)
 {
-	return reports_students_award_selfnom_num(&$report, $field, $text, 0);
+	return reports_students_award_selfnom_num($report, $field, $text, 0);
 }
-function reports_students_award_selfnom_2(&$report, $field, $text)
+function reports_students_award_selfnom_2($report, $field, $text)
 {
-	return reports_students_award_selfnom_num(&$report, $field, $text, 1);
+	return reports_students_award_selfnom_num($report, $field, $text, 1);
 }
-function reports_students_award_selfnom_3(&$report, $field, $text)
+function reports_students_award_selfnom_3($report, $field, $text)
 {
-	return reports_students_award_selfnom_num(&$report, $field, $text, 2);
+	return reports_students_award_selfnom_num($report, $field, $text, 2);
 }
-function reports_students_award_selfnom_4(&$report, $field, $text)
+function reports_students_award_selfnom_4($report, $field, $text)
 {
-	return reports_students_award_selfnom_num(&$report, $field, $text, 3);
+	return reports_students_award_selfnom_num($report, $field, $text, 3);
 }
-function reports_students_award_selfnom_5(&$report, $field, $text)
+function reports_students_award_selfnom_5($report, $field, $text)
 {
-	return reports_students_award_selfnom_num(&$report, $field, $text, 4);
+	return reports_students_award_selfnom_num($report, $field, $text, 4);
 }
-function reports_students_school_principal(&$report, $field, $text)
+function reports_students_school_principal($report, $field, $text)
 {
 	$year = $report['year'];
 	if($text > 0) { /* text is the uid */
@@ -80,15 +133,53 @@ function reports_students_school_principal(&$report, $field, $text)
 	return '';
 }
 
+function report_student_regfee_item($report, $field, $text) {
+	$year = $report['year'];
+	$id=intval(substr($field,12));
+	$q=mysql_query("SELECT regfee_items_id FROM regfee_items_link WHERE students_id='$text' AND regfee_items_id='$id'");
+	echo mysql_error();
+	if($r=mysql_fetch_object($q)) {
+		return i18n("Yes");
+	}
+	else {
+		return i18n("No");
+	}
+}
+
+ $q = $pdo->prepare("SELECT * FROM regfee_items WHERE year='{$config['FAIRYEAR']}'");
+ $q->execute();
+ $regfeeitems=array();
+ $first=true;
+ while($i = $q->fetch(PDO::FETCH_ASSOC)) {
+	 $regfeeitems["regfee_item_".$i['id']] = array (
+		'name' => "Registration Fee Items -- {$i['name']}",
+		'header' => $i['name'],
+		'width' => 1,
+		'table' => 'students.id',
+		'table_sort' => 'students.id',
+		'exec_function' => 'report_student_regfee_item');
+
+	 if($first) $regfeeitems["regfee_item_".$i['id']]=array_merge($regfeeitems["regfee_item_".$i['id']],array( 'start_option_group' => 'Registration Fee Items'));
+	 $first=false;
+ }
+
 
 $report_students_fields = array(
 	'pn' => array(
 		'name' => 'Project Number',
 		'header' => '#',
-		'width' => 0.6,
+		'width' => 0.7,
 		'table' => 'projects.projectnumber',
 		'table_sort' => 'projects.projectsort, projects.projectnumber'),
 
+	'projectbarcode' => array(
+		'name' => 'Project Barcode',
+		'header' => 'Barcode',
+		'width' => 1,
+		'table' => 'projects.projectnumber',
+		'table_sort' => 'projects.projectsort, projects.projectnumber',
+		),
+
 	'last_name' =>  array(
 		'start_option_group' => 'Student Name Information',
 		'name' => 'Student -- Last Name',
@@ -151,6 +242,13 @@ $report_students_fields = array(
 		'table' => "GROUP_CONCAT(students.firstname, ' ', students.lastname ORDER BY students.lastname SEPARATOR ', ')",
 		'group_by' => array('students.registrations_id')),
 
+	'allnames_split' =>  array(
+		'name' => "Student -- All Student Names (REQUIRES MYSQL 5.0) (Split) ",
+		'header' => 'Student(s)',
+		'width' => 3.0,
+		'scalable' => true,
+		'table' => "CONCAT(students.firstname, ' ', students.lastname)",),
+
 	'pronunciation'  =>  array(
 		'name' => 'Student -- Name Pronunciation',
 		'header' => 'Pronunciation',
@@ -184,6 +282,12 @@ $report_students_fields = array(
 		'width' => 1.5,
 		'table' => 'students.city' ),
 
+	'county' =>  array(
+		'name' => 'Student -- County',
+		'header' => 'County',
+		'width' => 1.5,
+		'table' => 'students.county' ),
+
 	'province' =>  array(
 		'name' => 'Student -- '.$config['provincestate'],
 		'header' => $config['provincestate'],
@@ -203,6 +307,12 @@ $report_students_fields = array(
 		'scalable' => true,
 		'table' => "CONCAT(students.address, ', ', students.city, ', ', students.province, ', ', students.postalcode)" ),
 
+	'address_full_with_county' => array(
+		'name' => 'Student -- Full Address Including County',
+		'header' => 'Address',
+		'width' => 3.0,
+		'scalable' => true,
+		'table' => "CONCAT(students.address, ', ', students.city, ', ', students.county, ', ', students.province, ', ', students.postalcode)" ),
 
 	'grade' =>  array(
 		'start_option_group' => 'Other Student Information',
@@ -241,7 +351,7 @@ $report_students_fields = array(
 	'tshirt' =>  array(
 		'name' => 'Student -- T-Shirt Size',
 		'header' => 'T-Shirt',
-		'width' => 0.55,
+		'width' => 0.70,
 		'table' => 'students.tshirt',
 		'value_map' => array ('none' => '', 'xsmall' => 'X-Small', 'small' => 'Small', 'medium' => 'Medium',
 					'large' => 'Large', 'xlarge' => 'X-Large')),
@@ -290,9 +400,15 @@ $report_students_fields = array(
 	'division' =>  array(
 		'name' => 'Project -- Division',
 		'header' => 'Division',
-		'width' => 3.0,
+		'width' => 1.0,
 		'table' => 'projectdivisions.division' ),
 
+	'projecttype' =>  array(
+		'name' => 'Project -- Type',
+		'header' => 'Type',
+		'width' => 1.0,
+		'table' => 'projects.projecttype' ),
+
 	'div' => array(
 		'name' => 'Project -- Division Short Form' ,
 		'header' => 'Div',
@@ -348,6 +464,13 @@ $report_students_fields = array(
 		'scalable' => true,
 		'table' => 'projects.summary' ),
 
+	'title_summary' => array(
+		'name' => 'Project -- Title and Summary',
+		'header' => 'Project Title and Summary',
+		'width' => 5.00,
+		'scalable' => true,
+		'table' => "CONCAT('Title: ', projects.title, '\n',projects.summary)" ),
+
 	'language' => array(
 		'name' => 'Project -- Language',
 		'header' => 'Lang',
@@ -380,6 +503,20 @@ $report_students_fields = array(
 		'width' => .5,
 		'table' => "projects.req_table",
 		'value_map' => array ('no' => '', 'yes' => 'Yes')),
+
+	'human_participants' => array(
+		'name' => 'Project -- If the project uses human participants',
+		'header' => 'Human Par.',
+		'width' => .5,
+		'table' => "projects.human_participants",
+		'value_map' => array ('no' => 'No', 'yes' => 'Yes')),
+
+	'animal_participants' => array(
+		'name' => 'Project -- If the project requires animals',
+		'header' => 'animal Par',
+		'width' => .5,
+		'table' => "projects.animal_participants",
+		'value_map' => array ('no' => 'No', 'yes' => 'Yes')),
 		
 	'req_special' => array(
 		'name' => 'Project -- Any special requirements the project has',
@@ -387,6 +524,76 @@ $report_students_fields = array(
 		'width' => 3,
 		'table' => "projects.req_special"),
 
+	'safetyquestion_1' => array(
+		'start_option_group' => 'Project Safety Questions',
+		'name' => 'Project Safety -- Safety Question 1',
+		'header' => 'Q1',
+		'width' => 15 /*mm*/,
+		'table' => 'registrations.id',
+		'exec_function' => 'report_student_safety_question'),
+
+	'safetyquestion_2' => array(
+		'name' => 'Project Safety -- Safety Question 2',
+		'header' => 'Q2',
+		'width' => 15 /*mm*/,
+		'table' => 'registrations.id',
+		'exec_function' => 'report_student_safety_question'),
+
+	'safetyquestion_3' => array(
+		'name' => 'Project Safety -- Safety Question 3',
+		'header' => 'Q3',
+		'width' => 15 /*mm*/,
+		'table' => 'registrations.id',
+		'exec_function' => 'report_student_safety_question'),
+
+	'safetyquestion_4' => array(
+		'name' => 'Project Safety -- Safety Question 4',
+		'header' => 'Q4',
+		'width' => 15 /*mm*/,
+		'table' => 'registrations.id',
+		'exec_function' => 'report_student_safety_question'),
+
+	'safetyquestion_5' => array(
+		'name' => 'Project Safety -- Safety Question 5',
+		'header' => 'Q5',
+		'width' => 15 /*mm*/,
+		'table' => 'registrations.id',
+		'exec_function' => 'report_student_safety_question'),
+
+	'safetyquestion_6' => array(
+		'name' => 'Project Safety -- Safety Question 6',
+		'header' => 'Q6',
+		'width' => 15 /*mm*/,
+		'table' => 'registrations.id',
+		'exec_function' => 'report_student_safety_question'),
+
+	'safetyquestion_7' => array(
+		'name' => 'Project Safety -- Safety Question 7',
+		'header' => 'Q7',
+		'width' => 15 /*mm*/,
+		'table' => 'registrations.id',
+		'exec_function' => 'report_student_safety_question'),
+
+	'safetyquestion_8' => array(
+		'name' => 'Project Safety -- Safety Question 8',
+		'header' => 'Q8',
+		'width' => 15 /*mm*/,
+		'table' => 'registrations.id',
+		'exec_function' => 'report_student_safety_question'),
+
+	'safetyquestion_9' => array(
+		'name' => 'Project Safety -- Safety Question 9',
+		'header' => 'Q9',
+		'width' => 15 /*mm*/,
+		'table' => 'registrations.id',
+		'exec_function' => 'report_student_safety_question'),
+
+	'safetyquestion_10' => array(
+		'name' => 'Project Safety -- Safety Question 10',
+		'header' => 'Q10',
+		'width' => 15 /*mm*/,
+		'table' => 'registrations.id',
+		'exec_function' => 'report_student_safety_question'),
 
 	'school' =>  array(
 		'start_option_group' => 'School Information',
@@ -437,7 +644,7 @@ $report_students_fields = array(
 	'school_city' =>  array(
 		'name' => 'School -- City',
 		'header' => 'City',
-		'width' => 1.5,
+		'width' => 1.0,
 		'table' => 'schools.city' ),
 
 	'school_province' =>  array(
@@ -502,6 +709,14 @@ $report_students_fields = array(
 		'table_sort' => 'award_awards.order',
 		'components' => array('awards')),
 
+        'award_prize_script_order' => array(
+                'name' => 'Award -- Script Order',
+                'header' => 'Prize Script Order',
+                'width' => 4,
+                'table' => 'award_prizes.id',
+                'table_sort' => 'award_prizes.id DESC',
+                'components' => array('awards')),
+
 	'award_type' => array(
 		'name' => 'Award -- Type (Divisional, Special, etc.)',
 		'header' => 'Award Type',
@@ -539,6 +754,45 @@ $report_students_fields = array(
 		'table' => 'award_prizes.cash',
 		'components' => array('awards')),
 
+	'award_prize_cash_split' => array(
+		'name' => 'Award -- Prize Cash Amount (Split)',
+		'header' => 'Cash',
+		'width' => 0.5,
+		'table' => 'award_prizes.cash/a.count',
+		'components' => array('awards')),
+
+	'award_prize_cash_cheque' => array(
+		'name' => 'Award -- Prize Cash Amount for Cheques',
+		'header' => 'Cash',
+		'width' => 0.5,
+		'table' => 'award_prizes.cash',
+		'components' => array('awards'),
+		'exec_function' => 'report_student_cash_cheque'),
+
+	'award_prize_cash_cheque_split' => array(
+		'name' => 'Award -- Prize Cash Amount for Cheques (Split)',
+		'header' => 'Cash',
+		'width' => 0.5,
+		'table' => 'award_prizes.cash/a.count',
+		'components' => array('awards'),
+		'exec_function' => 'report_student_cash_cheque'),
+
+	'award_prize_cash_words' => array(
+		'name' => 'Award -- Prize Cash Amount In Words',
+		'header' => 'Cash',
+		'width' => 0.5,
+		'table' => 'award_prizes.cash',
+		'components' => array('awards'),
+		'exec_function' => 'report_student_cash_words'),
+
+	'award_prize_cash_words_split' => array(
+		'name' => 'Award -- Prize Cash Amount In Words (Split)',
+		'header' => 'Cash',
+		'width' => 0.5,
+		'table' => 'award_prizes.cash/a.count',
+		'components' => array('awards'),
+		'exec_function' => 'report_student_cash_words'),
+
 	'award_prize_scholarship' => array(
 		'name' => 'Award -- Prize Scholarship Amount',
 		'header' => 'Scholarship',
@@ -650,6 +904,8 @@ $report_students_fields = array(
 		'table_sort' => 'projects.id',
 		'exec_function' => 'reports_students_award_selfnom_5'),
 
+
+
 /* Emergency Contact Info */
 	'emerg_name' => array(
 		'start_option_group' => 'Emergency Contact Information',
@@ -673,6 +929,13 @@ $report_students_fields = array(
 		'table' => "CONCAT(emergencycontact.phone1, ' ', emergencycontact.phone2, ' ', emergencycontact.phone3, ' ', emergencycontact.phone4)",
 		'components' => array('emergencycontacts')),
 
+	'emerg_email' => array(
+		'name' => 'Emergency Contact -- Email',
+		'header' => 'Email',
+		'width' => 1,
+		'table' => "emergencycontact.email",
+		'components' => array('emergencycontacts')),
+
 /* Tour Information */
 	'tour_assign_name' => array(
 		'start_option_group' => 'Tour Information',
@@ -806,7 +1069,13 @@ $report_students_fields = array(
 		'name' => 'Fair -- Name',
 		'header' => 'Fair Name',
 		'width' => 3,
-		'table' => "'".mysql_escape_string($config['fairname'])."'"),
+		'table' => "'".$config['fairname']."'"),
+
+	'fair_logo' =>  array(
+		'name' => 'Fair -- Logo (for Labels only)',
+		'header' => '',
+		'width' => 1 /*mm*/,
+		'table' => "CONCAT(' ')"),
 
 /* Special/Misc/Other */
 	'static_text' => array (
@@ -837,9 +1106,30 @@ $report_students_fields = array(
 		'total' => true,
 		'group_by' => array('students.tshirt')),
 
+	'current_date' => array(
+		'name' => 'Current Date',
+		'header' => 'Date',
+		'width' => 0.5,
+		'table' => "CONCAT(' ')",
+		'exec_function' => 'report_student_get_date_today'),
 
+	'current_date_for_cheques' => array(
+		'name' => 'Current Date for Cheques',
+		'header' => 'Date',
+		'width' => 0.5,
+		'table' => "CONCAT(' ')",
+		'exec_function' => 'report_student_get_date_today_for_cheques'),
+
+	'current_date_format_for_cheques' => array(
+		'name' => 'Current Date Format for Cheques',
+		'header' => 'Format',
+		'width' => 0.5,
+		'table' => "CONCAT(' ')",
+		'exec_function' => 'report_student_get_cheque_date_format'),
 );
 
+$report_students_fields = array_merge($report_students_fields,$regfeeitems);
+
  function report_students_fromwhere($report, $components)
  {
  	global $config, $report_students_fields;
@@ -856,7 +1146,11 @@ $report_students_fields = array(
 		$awards_join = "LEFT JOIN winners ON winners.projects_id = projects.id
 				LEFT JOIN award_prizes ON award_prizes.id = winners.awards_prizes_id
 				LEFT JOIN award_awards ON award_awards.id = award_prizes.award_awards_id
-				LEFT JOIN award_types ON award_types.id=award_awards.award_types_id";
+				LEFT JOIN award_types ON award_types.id=award_awards.award_types_id
+				LEFT JOIN (SELECT registrations_id AS id, COUNT( * ) AS count
+					FROM students
+					GROUP BY registrations_id) a
+				ON a.id=students.registrations_id";
 		$awards_where = " AND winners.year='$year'
 				AND award_awards.year='$year'
 				AND award_prizes.year='$year'

admin/schools.php

@@ -63,6 +63,8 @@
 		} else 
 			$pl = false;
 
+		$em = $_POST['principalemail'];
+
 		/* If we loaded or created an entry, either
 		 * update and save, or purge it */
 		if(is_array($pl)) {
@@ -72,6 +74,7 @@
 			} else {
 				$pl['firstname'] = $first;
 				$pl['lastname'] = $last;
+				$pl['email'] = $em;
 				user_save($pl);
 			}
 		} 
@@ -237,7 +240,11 @@
 			$pl = user_load_by_uid($r->principal_uid);
 		else
 			$pl = array();
+		/* Don't show autogenerated emails */
+		$e = $pl['email'][0] == '*' ? '' : $pl['email'];
 		echo "<tr><td>".i18n("Principal")."</td><td><input type=\"text\" name=\"principal\" value=\"".htmlspecialchars($pl['name'])."\" size=\"60\" maxlength=\"64\" /></td></tr>\n";
+		echo "<tr><td>".i18n("Principal Email")."</td><td><input type=\"text\" name=\"principalemail\" value=\"".htmlspecialchars($e)."\" size=\"60\" maxlength=\"128\" /></td></tr>\n";
+
 		echo "<tr><td>".i18n("School Email")."</td><td><input type=\"text\" name=\"schoolemail\" value=\"".htmlspecialchars($r->schoolemail)."\" size=\"60\" maxlength=\"128\" /></td></tr>\n";
 		echo "<tr><td>".i18n("Access Code")."</td><td><input type=\"text\" name=\"accesscode\" value=\"".htmlspecialchars($r->accesscode)."\" size=\"32\" maxlength=\"32\" /></td></tr>\n";
 		echo "<tr><td colspan=2><br /><b>".i18n("Science head/teacher or science fair contact at school")."</b></td></tr>";

admin/schoolsimport.php

@@ -55,7 +55,38 @@
 				$loaded=0;
 				foreach($CSVP->data AS $row)
 				{
-					mysql_query("INSERT INTO schools (school,schoollang,schoollevel,board,district,phone,fax,address,city,province_code,postalcode,principal,schoolemail,sciencehead,scienceheademail,scienceheadphone,accesscode,registration_password,projectlimit,projectlimitper,year) VALUES (
+					for($n = 0; $n < count($row); $n++){
+						$row[$n] = trim($row[$n]);
+					}
+
+					$email = $row[16];
+					if($email != ''){
+						$scienceHead = user_load_by_email($email);
+						if(!$scienceHead){
+							$scienceHead = user_create('teacher', $email);
+							$scienceHead['email'] = $email;
+						}
+						list($first, $last) = explode(' ', $row[15], 2);
+						$scienceHead['firstname'] = $first;
+						$scienceHead['lastname'] = $last;
+						$scienceHead['phonework'] = $row[17];
+						user_save($scienceHead);
+					}
+
+					$email = $row[12];
+					if($email != ''){
+						$principal = user_load_by_email($email);
+						if(!$principal){
+							$principal = user_create('principal', $email);
+							$principal['email'] = $email;
+						}
+						list($first, $last) = explode(' ', $row[11], 2);
+						$principal['firstname'] = $first;
+						$principal['lastname'] = $last;
+						$principal['phonework'] = $row[13];
+						user_save($principal);
+					}
+					mysql_query("INSERT INTO schools (school,schoollang,schoollevel,board,district,phone,fax,address,city,province_code,postalcode,schoolemail,accesscode,registration_password,projectlimit,projectlimitper,year,principal_uid,sciencehead_uid) VALUES (
 						'".mysql_escape_string(stripslashes($row[0]))."',
 						'".mysql_escape_string(stripslashes($row[1]))."',
 						'".mysql_escape_string(stripslashes($row[2]))."',
@@ -67,16 +98,14 @@
 						'".mysql_escape_string(stripslashes($row[8]))."',
 						'".mysql_escape_string(stripslashes($row[9]))."',
 						'".mysql_escape_string(stripslashes($row[10]))."',
-						'".mysql_escape_string(stripslashes($row[11]))."',
-						'".mysql_escape_string(stripslashes($row[12]))."',
-						'".mysql_escape_string(stripslashes($row[13]))."',
 						'".mysql_escape_string(stripslashes($row[14]))."',
-						'".mysql_escape_string(stripslashes($row[15]))."',
-						'".mysql_escape_string(stripslashes($row[16]))."',
-						'".mysql_escape_string(stripslashes($row[17]))."',
 						'".mysql_escape_string(stripslashes($row[18]))."',
 						'".mysql_escape_string(stripslashes($row[19]))."',
-						'".$config['FAIRYEAR']."')");
+						'".mysql_escape_string(stripslashes($row[20]))."',
+						'".mysql_escape_string(stripslashes($row[21]))."',
+						'".$config['FAIRYEAR']."',
+						'".$principal['uid']."',
+						'".$scienceHead['uid']."')");
 					if(!mysql_Error())
 						$loaded++;
 					else
@@ -104,7 +133,7 @@
 		echo i18n("Choose the CSV file containing the school information.  The COLUMNS of the file must contain the following information, in this exact order, separated by comma's (,) with fields optionally enclosed by quotes (\"):");
 		echo "<br />";
 		echo "<br />";
-		echo i18n("School Name, School Lang, School Level, Board, District, Phone, Fax, Address, City, %1, %2, Principal, School Email, Science Head, Science Head Email, Science Head Phone, Access Code, Registration Password, Project Limit, Project Limit Per(total or agecategory)",array(i18n($config['provincestate']),i18n($config['postalzip'])));
+		echo i18n("School Name, School Lang, School Level, Board, District, Phone, Fax, Address, City, %1, %2, Principal, Principal Email, Principal Phone, School Email, Science Head, Science Head Email, Science Head Phone, Access Code, Registration Password, Project Limit, Project Limit Per(total or agecategory)",array(i18n($config['provincestate']),i18n($config['postalzip'])));
 
 		echo "<br />";
 		echo "<br />";

admin/student_editor.php

@@ -241,10 +241,9 @@ function students_load()
 		echo "</tr>\n";
 
 		echo "<tr>\n";
-		echo " <td>".i18n("Email Address")."</td><td><input type=\"text\" name=\"email[$x]\" value=\"$studentinfo->email\" />".REQUIREDFIELD."</td>\n";
+		echo " <td>".i18n("Email Address")."</td><td><input size=\"30\" type=\"text\" name=\"email[$x]\" value=\"$studentinfo->email\" />".REQUIREDFIELD."</td>\n";
 
-		if($config['participant_student_personal']=="yes")
-		{
+		if($config['participant_student_personal']=="yes") {
 			echo " <td>".i18n("City")."</td><td><input type=\"text\" name=\"city[$x]\" value=\"$studentinfo->city\" />".REQUIREDFIELD."</td>\n";
 		} 
 		else
@@ -345,7 +344,7 @@ function students_load()
 
 		echo "<tr>\n";
 		echo " <td>".i18n("School")."</td><td colspan=\"3\">";
-		if( $config['participant_registration_type']=="open" || $config['participant_registration_type']=="singlepassword" || ($studentinfo && !$studentinfo->schools_id) )
+		if( $config['participant_registration_type']=="open" || $config['participant_registration_type']=="singlepassword" || $config['participant_registration_type']=="openorinvite" || ($studentinfo && !$studentinfo->schools_id) )
 		{
 			$schoolq=mysql_query("SELECT id,school,city FROM schools WHERE year='".$config['FAIRYEAR']."' ORDER by city,school");
 			echo "<select name=\"schools_id[$x]\">\n";

admin/tours_sa_status.php

@@ -26,7 +26,7 @@ ogram; see the file COPYING.  If not, write to
 
  if($_GET['action'] == 'output') {
 	include "../data/config.inc.php";
-	mysql_connect($DBHOST,$DBUSER,$DBPASS);
+	mysql_connect($DBHOST,substr($DBUSER,0,16),$DBPASS);
 	mysql_select_db($DBNAME);
 	$q=mysql_query("SELECT val FROM config WHERE year='0' AND var='tours_assigner_percent'");
 	$r=mysql_fetch_object($q);

admin/user_editor_window.php

@@ -102,6 +102,11 @@ echo mysql_error();
 				 * so we'll never add a judge/committee role to a student */
 				user_create($type, $username, $u);
 			}
+		} else {
+			//undelete them?
+			mysql_query("UPDATE users SET deleted='no' WHERE id='$r->id'");
+			//then load them?
+			$u = user_load($r->id);
 		}
 	} else {
 		$u = user_create($type, $username);
@@ -179,5 +184,5 @@ $icon_path = $config['SFIABDIRECTORY']."/images/16/";
 $icon_exitension = $config['icon_extension'];
 
 
-	send_popup_footer();
+	//send_popup_footer();
 ?>

admin/user_list.php

@@ -20,6 +20,11 @@
    the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
    Boston, MA 02111-1307, USA.
 */
+
+// This file was modified March of 2015 by Sebastian Ruan
+/* Flagging for judges has been added to monitor concerns.
+   Update User button also added; allows super users to update
+   a judge to the current fair year without logging in as them. */
 ?>
 <?
  require_once('../common.inc.php');
@@ -46,6 +51,8 @@
 	message_push(happy(i18n('User deleted.')));
  }
 
+
+
  send_header("User Editor",
  		array('Committee Main' => 'committee_main.php',
 			'Administration' => 'admin/index.php')
@@ -62,6 +69,8 @@ function openeditor(id)
 
 }
 
+
+
 function toggleoptions()
 {
 	if(document.getElementById('options').style.display == 'none') {
@@ -95,10 +104,96 @@ function neweditor()
 	return false;
 }
 
+
+/* update (id) grabs the current url and appends an action called update as well as the id it is going to renew.
+			   If there is already an action called update and an id the function will change the id to the new
+			      id as determined by the button clicked 
+
+   update (id) Int -> String
+
+   Effects: update(id) reloads the page with the adjusted url 
+
+   Example: update (2526) => http://localhost/sfiab/testfair/admin/user_list.php?show_types[]=judge&action=update&id=2526 */
+
+function update (id)
+{	
+	var url = window.location.href;
+
+	// if a previous update button was already clicked
+	if(url.indexOf('&action=')>-1){
+		url = url.substring(0,url.indexOf('&action=update')); 
+        url += '&action=update&id='+id;
+	}
+	// if there is no ? in the url already present
+    else if (url.indexOf ('?') == -1) {
+        url += '?action=update&id='+id;
+    }
+    //if '?action...' is present in url 
+    else if(url.indexOf('?action=')>-1){
+		url = url.substring(0,url.indexOf('?action=update')); 
+        url += '?action=update&id='+id;
+	}
+
+   else{
+		url += '&action=update&id='+id;
+	}
+
+	// reload using adjusted url 
+	window.location.href=url;
+	
+	
+}
+
 </script>
 
 <?
 
+// Begin updating user
+	if($_GET['action']=='update') {
+		$id = intval($_GET['id']);
+
+		//if no id print error
+		if(!$id) {
+			echo "Invalid id for update";
+			exit;
+		}
+
+		$user = user_load($id);
+
+		// Determine if there is a more recent uid that may possibly be in the current FAIRYEAR (allows refresh page to work)
+		$query = mysql_query("SELECT id,uid,year FROM users WHERE uid='{$user['uid']}'
+					ORDER BY year DESC LIMIT 1");
+
+		$user_new = mysql_fetch_assoc($query);
+
+		// Make sure our user is NOT in the current FAIRYEAR (again, this helps with page refresh to work )
+		if ($user_new['year'] != $config['FAIRYEAR']) {
+			/* Update user to new year via dupelicating row into new id.
+			   If multiple Roles, all updated */
+			user_dupe($user, $config['FAIRYEAR']);
+			message_push(happy(i18n('User Updated')));
+
+			//find the newly updated user
+			$q_reload = mysql_query("SELECT id FROM users WHERE uid='{$user['uid']}'
+						ORDER BY year DESC LIMIT 1");
+
+			$reload_user = mysql_fetch_assoc($q_reload);
+			
+			?>
+			<script language="javascript" type="text/javascript">
+			
+			var new_id=<?=$reload_user['id'];?>; 
+			// open or reopen user_editor_window.php with user's new id
+			openeditor(new_id);
+			
+			</script>
+			<?
+
+		}
+		
+	}
+ //End update to user
+
 	echo "<div class=\"notice\">";
 	echo "<a id=\"optionstext\" onclick=\"toggleoptions();return false;\">- ".i18n('Hide Display Options')."</a>";
 
@@ -207,9 +302,14 @@ function neweditor()
 	echo mysql_error();
 //	echo $querystr;
 	$num=mysql_num_rows($q);
-	echo i18n("Listing %1 people total.  See the bottom for breakdown of by complete status",array($num));
-
 	echo mysql_error();
+	echo i18n("Listing %1 people total.  See the table at the bottom for the totals by status <br><br><br>",array($num));
+	echo i18n(" <lh>Notes:</lh> <ul><li> Deleting users from this list is a permanent operation and cannot be undone.  Consider editing the user and deactivating or deleting roles in their account instead.
+					      		   <li> Updating a user to the current fair year allows you to then complete the user from this list.
+							       <li> A flagged judge indicates there is text in the private information field for that judge.
+							       <li> Only committee members can see text entered into the private information field for judges. This field is not seen nor editable by any judge.");
+							       
+
 	echo "<thead>";
 	echo "<tr>";
 	echo " <th>".i18n("Name")."</th>";
@@ -218,6 +318,7 @@ function neweditor()
 	echo " <th>".i18n("Type(s)")."</th>";
 	echo " <th>".i18n("Active")."</th>";
 	echo " <th>".i18n("Complete")."</th>";
+	echo " <th>".i18n("Flagged")."</th>";
 	echo " <th>".i18n("Actions")."</th>";
 	echo "</tr>";
 	echo "</thead>";
@@ -237,11 +338,16 @@ function neweditor()
 		if(in_array('judge',$show_types)){
 			$u=user_load_by_uid($r['uid']);
 
-			//we also set teh $r array so it displays properly on first load
+			//we also set the $r array so it displays properly on first load
 			if(judge_status_update($u)=="complete")
 				$r['judge_complete']='yes';
+
+			else{
+				$r['judge_complete']='no';
+			}
+				
 		}
-		$types = split(',', $r['types']);
+		$types = explode(',', $r['types']);
 		$span = count($types) > 1 ? "rowspan=\"".count($types)."\"" : '';
 		echo "<tr><td $span>";
 
@@ -289,11 +395,57 @@ function neweditor()
 			}
 			echo "</td>";
 
+
+			// Begin flagging process
+
+			echo "<td align=\"center\">";
+
+			// Must be a judge in order to be flagged
+			if ($t == 'judge'){
+
+				 /* Determine if judge is flagged and display X icon.
+				    Icon is clickable. Brings user to user_editor_window file.
+				    Would preferably ALSO bring the user to the judge other tab*/
+				if($r['flagged_judge'] == '1') {
+					echo "<a title=\"".i18n("Flagged")."\" href=\"#\" onClick=\"return openeditor({$r['id']});\">";
+					echo "<img src=\"".$config['SFIABDIRECTORY']."/images/16/flagged.".$config['icon_extension']."\" border=0>";
+					echo "</a>";
+				
+				 // Otherwise judge is not flagged; display checkmark icon. Also clickable.
+				} else { echo "<a title=\"".i18n("Not flagged")."\" href=\"#\" onClick=\"return openeditor({$r['id']});\">";
+					echo "<img src=\"".$config['SFIABDIRECTORY']."/images/16/ok.".$config['icon_extension']."\" border=0>";
+					echo "</a>";
+					}
+
+			} else {
+			 	// Do nothing. Only judges can be flagged.
+			}
+
+			echo "</td>";
+
+			//end flagging process
+
+
 			if($first) {
+				if ($name == ' ')
+					$name = 'Noname';
+
 				/* Finish off the the first line */
-				echo "<td $span align=\"center\">";
-				echo "<a href=\"#\" onclick=\"return openeditor({$r['id']})\"><img border=0 src=\"{$config['SFIABDIRECTORY']}/images/16/edit.{$config['icon_extension']}\"></a>&nbsp;";
-				echo "<a onclick=\"return confirmClick('Are you sure you wish to completely delete this user?')\" href=\"user_list.php?action=remove&uid={$r['id']}\"><img border=0 src=\"{$config['SFIABDIRECTORY']}/images/16/button_cancel.{$config['icon_extension']}\"></a>";
+				// If judge not in current fair year need seperate icons so that all icons align nicely in the table
+				if ($t == 'judge' and $r['year'] != $config['FAIRYEAR']){
+					echo "<td $span align=\"center\">";
+					echo "&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp"; // aligns icons
+					echo "<a title = \"Edit User \" href=\"#\" onclick=\"return openeditor({$r['id']})\"><img border=0 src=\"{$config['SFIABDIRECTORY']}/images/16/edit.{$config['icon_extension']}\"></a>&nbsp;";
+					echo "<a title = \"Delete User\" onclick=\"return confirmClick('Are you sure you wish to completely delete ". $name ." \\'s account?')\" href=\"user_list.php?action=remove&uid={$r['id']}\"><img border=0 src=\"{$config['SFIABDIRECTORY']}/images/16/button_cancel.{$config['icon_extension']}\"></a>";
+					echo "&nbsp<a title = \"Update User to Current Fair Year\"href=\"#\" onclick=\"update({$r['id']});return false;\"><img border=0 src=\"{$config['SFIABDIRECTORY']}/images/16/update2.{$config['icon_extension']}\" height = \"17\" ></a>";
+					
+				}else{
+					echo "<td $span align=\"center\">";
+					echo "<a href=\"#\" onclick=\"return openeditor({$r['id']})\"><img border=0 src=\"{$config['SFIABDIRECTORY']}/images/16/edit.{$config['icon_extension']}\"></a>&nbsp;";
+					echo "<a onclick=\"return confirmClick('Are you sure you wish to completely delete ". $name ." \\'s account?')\" href=\"user_list.php?action=remove&uid={$r['id']}\"><img border=0 src=\"{$config['SFIABDIRECTORY']}/images/16/button_cancel.{$config['icon_extension']}\"></a>";
+				}
+
+				
 				echo "</td>";
 			}
 			
@@ -309,7 +461,6 @@ function neweditor()
 	}
 
 	echo "</table>";
-	echo i18n("Note: Deleting users from this list is a permanent operation and cannot be undone.  Consider editting the user and deactivating or deleting roles in their account instead.");
 
 	// let's make a table with the complete/incomplete counts and the active/inacteve states
 ?>

admin/winners.php

@@ -573,7 +573,7 @@ function print_award(&$r, $fairs_id, $editor=false, $editor_data=array())
 			<option value=""><?=i18n('Choose a project')?></option>
 <?			foreach($editor_data['projects_nominated'] as $p) {
 				if($fairs_id != 0 && $p['fairs_id']!= $fairs_id) continue;
-				echo "<option value=\"{$p['id']}\">({$p['projectnumber']}) {$p['title']}</option>";
+				echo "<option value=\"{$p['id']}\">{$p['projectnumber']} {$p['title']}</option>";
 				$n_nom++;
 			}
 ?>			</select>
@@ -581,7 +581,7 @@ function print_award(&$r, $fairs_id, $editor=false, $editor_data=array())
 			<option value=""><?=i18n('Choose a project')?></option>
 <?			foreach($editor_data['projects_eligible'] as $p) {
 				if($fairs_id != 0 && $p['fairs_id']!= $fairs_id) continue;
-				echo "<option value=\"{$p['id']}\">({$p['projectnumber']}) {$p['title']}</option>";
+				echo "<option value=\"{$p['id']}\">{$p['projectnumber']} {$p['title']}</option>";
 				$n_eli++;
 				print_r($p);
 			}

app/projectinfo.php

@@ -0,0 +1,91 @@
+<?
+/* 
+   This file is part of the 'Science Fair In A Box' project
+   SFIAB Website: http://www.sfiab.ca
+
+   Copyright (C) 2011 James Grant <james@lightbox.org>
+
+   This program is free software; you can redistribute it and/or
+   modify it under the terms of the GNU General Public
+   License as published by the Free Software Foundation, version 2.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+    General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program; see the file COPYING.  If not, write to
+   the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
+   Boston, MA 02111-1307, USA.
+*/
+?>
+<?
+ require("../common.inc.php");
+
+	//first, lets make sure someone isng tryint to see something that they arent allowed to!
+	$q=mysql_query("SELECT (NOW()>='".$config['dates']['postparticipants']."') AS test");
+	$r=mysql_fetch_object($q);
+
+	$pn=trim(mysql_real_escape_string($_GET['n']));
+
+	if($r->test) {
+
+		$q=mysql_query("SELECT  
+					registrations.id AS reg_id,
+					registrations.status,
+					projects.title,
+					projects.summary,
+					projects.projectnumber,
+					projects.projectcategories_id,
+					projects.projectdivisions_id,
+					projectcategories.category,
+					projectdivisions.division
+					
+				FROM
+					registrations
+					LEFT JOIN projects on projects.registrations_id=registrations.id
+					LEFT JOIN projectcategories ON projectcategories.id=projects.projectcategories_id
+					LEFT JOIN projectdivisions ON projectdivisions.id=projects.projectdivisions_id
+				WHERE
+					registrations.year='".$config['FAIRYEAR']."' 
+					AND projectcategories.year='".$config['FAIRYEAR']."' 
+					AND projectdivisions.year='".$config['FAIRYEAR']."' 
+					AND (status='complete' OR status='paymentpending')
+					AND projects.projectnumber='$pn'
+				LIMIT 1
+				");
+			echo mysql_error();
+		$r=mysql_fetch_assoc($q);
+
+		$regid=$r['reg_id'];
+
+		$q2=mysql_query("SELECT firstname,lastname,webfirst,weblast,schools.school FROM students JOIN schools ON students.schools_id=schools.id WHERE registrations_id='$regid' ORDER BY lastname");
+		$students="";
+		while($stud=mysql_fetch_object($q2)) {
+
+			if($stud->webfirst=="yes")
+				$students.="$stud->firstname ";
+			if($stud->weblast=="yes")
+				$students.="$stud->lastname ";
+			if($stud->webfirst=="yes" || $stud->weblast=="yes")
+				$students.=", ";
+
+			//we just use the last school, it should match
+			$school=$stud->school;
+		}
+		if(strlen($students))
+			$students=substr($students,0,-2);
+		
+		$ret=array();
+		foreach($r AS $k=>$v) {
+			$ret[$k]=iconv("ISO-8859-1","UTF-8//TRANSLIT",trim($v));
+		}
+		$ret['students']=iconv("ISO-8859-1","UTF-8//TRANSLIT",trim($students));
+		$ret['school']=iconv("ISO-8859-1","UTF-8//TRANSLIT",trim($school));
+		$ret['photo']="";
+	}
+	//simulate slow loading
+//	usleep(2000000);
+	echo json_encode($ret);
+?>

app/projectlist.php

@@ -0,0 +1,70 @@
+<?
+/* 
+   This file is part of the 'Science Fair In A Box' project
+   SFIAB Website: http://www.sfiab.ca
+
+   Copyright (C) 2011 James Grant <james@lightbox.org>
+
+   This program is free software; you can redistribute it and/or
+   modify it under the terms of the GNU General Public
+   License as published by the Free Software Foundation, version 2.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+    General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program; see the file COPYING.  If not, write to
+   the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
+   Boston, MA 02111-1307, USA.
+*/
+?>
+<?
+ require("../common.inc.php");
+
+	//first, lets make sure someone isnt trying to see something that they arent allowed to!
+	$q=mysql_query("SELECT (NOW()>='".$config['dates']['postparticipants']."') AS test");
+	$r=mysql_fetch_object($q);
+
+	if($r->test) {
+
+		$q=mysql_query("SELECT  registrations.id AS reg_id,
+					registrations.status,
+					projects.title,
+					projects.projectnumber,
+					projects.projectcategories_id,
+					projects.projectdivisions_id,
+					projectcategories.category,
+					projectdivisions.division
+					
+				FROM
+					registrations
+					LEFT JOIN projects on projects.registrations_id=registrations.id
+					LEFT JOIN projectcategories ON projectcategories.id=projects.projectcategories_id
+					LEFT JOIN projectdivisions ON projectdivisions.id=projects.projectdivisions_id
+				WHERE
+					1
+					AND registrations.year='".$config['FAIRYEAR']."' 
+					AND projectcategories.year='".$config['FAIRYEAR']."' 
+					AND projectdivisions.year='".$config['FAIRYEAR']."' 
+					AND (status='complete' OR status='paymentpending')
+				ORDER BY
+					projectcategories.id,
+					projectdivisions.id,
+					projects.projectnumber
+				");
+			echo mysql_error();
+		
+		$lastcat="something_that_does_not_exist";
+		$lastdiv="something_that_does_not_exist";
+		while($r=mysql_fetch_object($q)) {
+			if(!$r->title) $t="{no title}";
+			else $t=$r->title;
+
+			$ret["[".$r->projectcategories_id."] ".$r->category." - ".$r->division][]=array("n"=>$r->projectnumber, "t"=>iconv("ISO-8859-1","UTF-8",$t));
+		}
+	}
+
+	echo json_encode($ret);
+?>

app/projects.php

@@ -0,0 +1,89 @@
+<?
+/* 
+   This file is part of the 'Science Fair In A Box' project
+   SFIAB Website: http://www.sfiab.ca
+
+   Copyright (C) 2011 James Grant <james@lightbox.org>
+
+   This program is free software; you can redistribute it and/or
+   modify it under the terms of the GNU General Public
+   License as published by the Free Software Foundation, version 2.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+    General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program; see the file COPYING.  If not, write to
+   the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
+   Boston, MA 02111-1307, USA.
+*/
+?>
+<?
+ require("../common.inc.php");
+
+	//first, lets make sure someone isnt trying to see something that they arent allowed to!
+	$q=mysql_query("SELECT (NOW()>='".$config['dates']['postparticipants']."') AS test");
+	$r=mysql_fetch_object($q);
+	$ret=array();
+
+	if($r->test) {
+		$ret['status']="ok";
+
+		$q=mysql_query("SELECT  registrations.id AS reg_id,
+					registrations.status,
+					projects.id AS projects_id,
+					projects.title,
+					projects.projectnumber,
+					projects.projectcategories_id,
+					projects.projectdivisions_id,
+					projectcategories.category,
+					projectdivisions.division
+					
+				FROM
+					registrations
+					LEFT JOIN projects on projects.registrations_id=registrations.id
+					LEFT JOIN projectcategories ON projectcategories.id=projects.projectcategories_id
+					LEFT JOIN projectdivisions ON projectdivisions.id=projects.projectdivisions_id
+				WHERE
+					1
+					AND registrations.year='".$config['FAIRYEAR']."' 
+					AND projectcategories.year='".$config['FAIRYEAR']."' 
+					AND projectdivisions.year='".$config['FAIRYEAR']."' 
+					AND (status='complete' OR status='paymentpending')
+				ORDER BY
+					projectcategories.id,
+					projectdivisions.id,
+					projects.projectnumber
+				");
+			echo mysql_error();
+		
+		$lastcat="something_that_does_not_exist";
+		$lastdiv="something_that_does_not_exist";
+		$projects=array();
+		while($r=mysql_fetch_object($q)) {
+			if(!$r->title) $t="{no title}";
+			else $t=$r->title;
+
+			if(file_exists("../data/photos/{$config['FAIRYEAR']}/{$r->projects_id}.jpg")) {
+				$photo=true;
+			}
+			else {
+				 $photo=false;
+			}
+
+			$projects["[".$r->projectcategories_id."] ".$r->category." - ".$r->division][]=array(
+					"n"=>$r->projectnumber, 
+					"t"=>iconv("ISO-8859-1","UTF-8//TRANSLIT",trim($t)),
+					"p"=>$photo);
+		}
+		$ret['projects']=$projects;
+	}
+	else {
+		$ret['status']="error";
+		$ret['error']="Project list for this fair will be made public on {$config['dates']['postparticipants']}";
+	}
+
+	echo json_encode($ret);
+?>

committee_main.php

@@ -26,11 +26,12 @@
  require_once("common.inc.php");
  require_once("user.inc.php");
  require_once("user_page.inc.php");
+ require_once("chat.inc.php");
 
  user_auth_required('committee');
 
  send_header("Committee Main", array());
-
+ draw_chatbox('general');
  //only display the named greeting if we have their name
  echo i18n("Hello <b>%1</b>",array($_SESSION['name']));
  echo "<br />";

committees.php

@@ -27,10 +27,13 @@
  send_header("Committee List", null, "committee_management");
 
 	echo "<table>";
-	$q=mysql_query("SELECT * FROM committees ORDER BY ord,name");
-	while($r=mysql_fetch_object($q)) {
-		/* Select all the users in the committee, using MAX(year) for the most recent year */
-		$q2=mysql_query("SELECT committees_link.*,users.uid,MAX(users.year),users.lastname
+	$q = $pdo->prepare("SELECT * FROM committees ORDER BY ord,name");
+	$q->execute();
+
+	while($r=$q->fetch())
+	 {
+		/* Select all the u$q=("SELECT * FROM committees ORDER BY ord,name");sers in the committee, using MAX(year) for the most recent year */
+		$q2=("SELECT committees_link.*,users.uid,MAX(users.year),users.lastname
 							FROM committees_link LEFT JOIN users ON users.uid = committees_link.users_uid 
 							WHERE committees_id='{$r->id}' 
 							GROUP BY users.uid ORDER BY ord,users.lastname ");
@@ -40,11 +43,11 @@
 			continue;
 
 		echo "<tr>";
-		echo "<td colspan=\"3\"><h3>{$r->name}</h3>";
+		echo "<td colspan=\"3\"><h3>".i18n($r->name)."</h3>";
 		echo "</td></tr>\n";
 
-		echo mysql_error();
-		while($r2=mysql_fetch_object($q2)) {
+		echo pdo->errorInfo();
+		while($r2 = $q2->fetch()){
 
 			$uid = $r2->users_uid;
 			$u = user_load_by_uid($uid);
@@ -57,13 +60,13 @@
 
 			//make sure we do emailprivate before email so we dont match the wrong thing
 			if($u['emailprivate'] && $u['displayemail']=='yes') {
-				list($b,$a)=split("@",$u['emailprivate']);
+				list($b,$a)=explode("@",$u['emailprivate']);
 				$output=str_replace("emailprivate","<script language=\"javascript\" type=\"text/javascript\">em('$b','$a')</script>",$output);
 			} else
 				 $output=str_replace("emailprivate","",$output);
 
 			if($u['email'] && $u['displayemail']=='yes') {
-				list($b,$a)=split("@",$u['email']);
+				list($b,$a)=explode("@",$u['email']);
 				$output=str_replace("email","<script language=\"javascript\" type=\"text/javascript\">em('$b','$a')</script>",$output);
 			} else
 				$output=str_replace("email","",$output);
@@ -86,7 +89,7 @@
 			if($r2->email)
 			{
 				echo "&nbsp; &nbsp; &nbsp;";
-				list($b,$a)=split("@",$r2->email);
+				list($b,$a)=explode("@",$r2->email);
 				echo "<script language=javascript>em('$b','$a')</script>";
 			}
 			else

common.inc.php

@@ -22,26 +22,31 @@
 */
 ?>
 <?
-//if we dont set the charset any page that doesnt call send_header() (where it used to be set) would defualt to the server's encoding,
-//which in many cases (like ysf-fsj.ca/sfiab) is UTF-8.  This was causing a lot of the newly AJAX'd editors to fail on french characters,
-//becuase they were being encoded improperly.  Ideally, all the databases will be switched to UTF-8, but thats not a near-term possibility,
-//so this is kind of a band-aid solution until we can make everything UTF8.  Hope it doesnt break anything anywhere else!
-header("Content-Type: text/html; charset=iso-8859-1"); 
+//////echo phpinfo();
+header("Content-Type: text/html; charset=utf8"); 
 
 //set error reporting to not show notices, for some reason some people's installation dont set this by default
 //so we will set it in the code instead just to make sure
-error_reporting(E_ALL ^ E_NOTICE); 
+#error_reporting(E_ALL);
+error_reporting( E_ALL ^ E_WARNING ); 
+#error_reporting( E_ALL ^ E_WARNING ^ E_NOTICE ^ E_DEPRECATED ); 
 
 define('REQUIREDFIELD','<span class="requiredfield">*</span>');
 
 //figure out the directory to prepend to directoroy names, depending on if we are in a subdirectory or not
-if(substr(getcwd(),-6)=="/admin")
+// Dennis Fix so works in windows servers.
+// Windows based servers use '\' in directories. This code works for WIN servers and or *nix servers.
+if(substr(getcwd(),-6)=="/admin" || substr(getcwd(),-6)=="\\admin")
 	$prependdir="../";
-else if(substr(getcwd(),-7)=="/config")
+else if(substr(getcwd(),-6)=="/super" || substr(getcwd(),-6)=="\\super")
 	$prependdir="../";
-else if(substr(getcwd(),-3)=="/db")
+else if(substr(getcwd(),-7)=="/config" || substr(getcwd(),-7)=="\\config")
 	$prependdir="../";
-else if(substr(getcwd(),-8)=="/scripts")
+else if(substr(getcwd(),-3)=="/db" || substr(getcwd(),-3)=="\\db")
+	$prependdir="../";
+else if(substr(getcwd(),-8)=="/scripts" || substr(getcwd(),-8)=="\\scripts")
+	$prependdir="../";
+else if(substr(getcwd(),-4)=="/app" || substr(getcwd(),-4)=="\\app")
 	$prependdir="../";
 else
 	$prependdir="";
@@ -49,7 +54,6 @@ else
 $sfiabversion=@file($prependdir."version.txt");
 $config['version']=trim($sfiabversion[0]);
 
-
 //make sure the data subdirectory is writable, if its not, then we're screwed, so make sure it is!
 if(!is_writable($prependdir."data"))
 {
@@ -80,7 +84,11 @@ else
 	exit;
 }
 
-if(!mysql_connect($DBHOST,$DBUSER,$DBPASS))
+$dsn = "mysql:host=db;dbname=sfiab;charset=utf8mb4";
+
+$pdo = new PDO($dsn,$DBUSER,$DBPASS,$dsn_options);
+
+if(!$pdo)
 {
 	echo "<html><head><title>SFIAB ERROR</title></head><body>";
 	echo "<h1>Science Fair In A Box - ERROR</h1>";
@@ -88,24 +96,18 @@ if(!mysql_connect($DBHOST,$DBUSER,$DBPASS))
 	echo "</body></html>";
 	exit;
 }
-	
-if(!mysql_select_db($DBNAME))
-{
-	echo "<html><head><title>SFIAB ERROR</title></head><body>";
-	echo "<h1>Science Fair In A Box - ERROR</h1>";
-	echo "Cannot select database!";
-	echo "</body></html>";
-	exit;
-}
-
-//this will silently fail on mysql 4.x, but is needed on mysql5.x to ensure we're only using iso-8859-1 (/latin1) encodings
-@mysql_query("SET NAMES latin1");
 
 //find out the fair year and any other 'year=0' configuration parameters (things that dont change as the years go on)
-$q=@mysql_query("SELECT * FROM config WHERE year='0'");
+
 
 //we might get an error if installation step 2 is not done (ie, the config table doesnt even exist)
-if(mysql_error())
+
+//if we have 0 (<1) then install2 is not done, which would get caught above, 
+//if we have 1 (<2) then insatll3 is not done (no entries for FAIRYEAR and SFIABDIRECTORY)
+$q = $pdo->prepare("SELECT * FROM config WHERE year='0'");
+$q->execute();
+
+if($pdo->errorInfo()[0] != '00000')
 {
 	echo "<html><head><title>SFIAB ERROR</title></head><body>";
 	echo "<h1>Science Fair In A Box - ERROR</h1>";
@@ -114,9 +116,9 @@ if(mysql_error())
 	echo "</body></html>";
 	exit;
 }
-//if we have 0 (<1) then install2 is not done, which would get caught above, 
-//if we have 1 (<2) then insatll3 is not done (no entries for FAIRYEAR and SFIABDIRECTORY)
-if(mysql_num_rows($q)<2)
+
+
+if($q->rowCount()<2)
 {
 	echo "<html><head><title>SFIAB ERROR</title></head><body>";
 	echo "<h1>Science Fair In A Box - ERROR</h1>";
@@ -127,10 +129,11 @@ if(mysql_num_rows($q)<2)
 
 }
 else
-{
-	while($r=mysql_fetch_object($q))
+{	
+	while($r=$q->fetch())
 	{
-		$config[$r->var]=$r->val;
+		
+		$config[$r['var']]=$r['val'];
 	}
 }
 
@@ -138,6 +141,7 @@ $dbdbversion=$config['DBVERSION'];
 $dbcodeversion=@file($prependdir."db/db.code.version.txt");
 $dbcodeversion=trim($dbcodeversion[0]);
 
+
 if(!$dbdbversion)
 {
 	echo "<html><head><title>SFIAB ERROR</title></head><body>";
@@ -169,42 +173,20 @@ if($dbcodeversion!=$dbdbversion)
 	exit;
 }
 
-/* Check that magic_quotes is OFF */
-if(get_magic_quotes_gpc()) {
-?>
-	<html><head><title>SFIAB ERROR</title></head><body>
-	<h1>Science Fair In A Box - ERROR</h1>
-	<p>Your PHP configuration has magic_quotes ENABLED.  They should be
-	disabled, and are disabled in the .htaccess file, so your server is
-	ignoring the .htaccess file or overriding it.
-	<p>Magic quotes is DEPRECATED as of PHP 5.3.0, REMOVE as of 6.0, but ON
-	by default for any PHP &lt; 5.3.0.  
-	<p>It's a pain in the butt because PHP runs urldecode() on all inputs 
-	from GET and POST, but if it sees the string has quotes, then it escapes
-	existing quotes before passing it to us.  This is a problem for json_decode
-	where we do not want this behaviour, and thus need to pass through stripslashes()
-	first, but only if magicquotes is ON.  If it's off, stripslashes will
-	break json_decode.
-	<p>Add <pre>php_flag magic_quotes_gpc off</pre> to the .htacces, or add
-	<pre>php_flag magic_quotes_gpc=off</pre> to php.ini
-
-	<br></body></html>
-<?
-	exit;
-}
-
 //now pull the rest of the configuration
-$q=mysql_query("SELECT * FROM config WHERE year='".$config['FAIRYEAR']."'");
-while($r=mysql_fetch_object($q))
+$q = $pdo->prepare("SELECT * FROM config WHERE year='".$config['FAIRYEAR']."'");
+$q->execute();
+while($r=$q->fetch())
 {
-	$config[$r->var]=$r->val;
+	$config[$r['var']]=$r['val'];
 }
 
 //now pull the dates
-$q=mysql_query("SELECT * FROM dates WHERE year='".$config['FAIRYEAR']."'");
-while($r=mysql_fetch_object($q))
+$q = $pdo->prepare("SELECT * FROM dates WHERE year='".$config['FAIRYEAR']."'");
+$q->execute();
+while($r=$q->fetch())
 {
-	$config['dates'][$r->name]=$r->date;
+	$config['dates'][$r['name']]=$r['date'];
 }
 
 //and now pull the theme
@@ -213,14 +195,15 @@ require_once("theme/{$config['theme_icons']}/icons.php");
 
 require_once("committee.inc.php");
 
+session_start();
+
 if($config['SFIABDIRECTORY'] == '') {
 	session_name("SFIABSESSID");
 	session_set_cookie_params(0,'/');
 } else {
-	session_name("SFIABSESSID".ereg_replace("[^A-Za-z]","_",$config['SFIABDIRECTORY']));
+	session_name("SFIABSESSID".preg_replace("/[^A-Za-z]/","_",$config['SFIABDIRECTORY']));
 	session_set_cookie_params(0,$config['SFIABDIRECTORY']);
 }
-session_start();
 
 //detect the browser first, so we know what icons to use - we store this in the config array as well
 //even though its not configurable by the fair
@@ -232,17 +215,18 @@ else
 
 
 //now get the languages, and make sure we have at least one active language
-$q=mysql_query("SELECT * FROM languages WHERE active='Y' ORDER BY langname");
-if(mysql_num_rows($q)==0)
+
+$q=$pdo->prepare("SELECT * FROM languages WHERE active='Y' ORDER BY langname");
+$q->execute();
+if($q->rowCount()==0)
 {
 	echo "No active languages defined, defaulting to English";
 	$config['languages']['en']="English";
 }
 else
-{
-	while($r=mysql_fetch_object($q))
+{	while($r=$q->fetch())
 	{
-		$config['languages'][$r->lang]=$r->langname;
+		$config['languages'][$r['lang']]=$r['langname'];
 	}
 }
 //now if no language has been set yet, lets set it to the default language
@@ -266,7 +250,7 @@ if($_GET['switchlanguage'])
 	if($config['languages'][$_GET['switchlanguage']])
 	{
 		$_SESSION['lang']=$_GET['switchlanguage'];
-
+ 
 	}
 	else
 	{
@@ -275,7 +259,7 @@ if($_GET['switchlanguage'])
 }
 
 function i18n($str,$args=array(),$argsdesc=array(),$forcelang="")
-{
+{	global $pdo;
 	if(!$str)
 		return "";
 
@@ -298,12 +282,15 @@ function i18n($str,$args=array(),$argsdesc=array(),$forcelang="")
 		}
 		else
 		{
-			$q=mysql_query("SELECT * FROM translations WHERE lang='".$_SESSION['lang']."' AND strmd5='".md5($str)."'");
-			if($r=@mysql_fetch_object($q))
+			
+			$q = $pdo->prepare("SELECT * FROM translations WHERE lang='".$_SESSION['lang']."' AND strmd5='".md5($str)."'");
+			$q->execute();
+			if($r = $q->fetch())
+		
 			{
-				if($r->val)
+				if($r["val"])
 				{
-					$ret=$r->val;
+					$ret=$r["val"];
 
 					for($x=1;$x<=count($args);$x++)
 					{
@@ -335,12 +322,13 @@ function i18n($str,$args=array(),$argsdesc=array(),$forcelang="")
 						$n++;
 					}
 					$argsdescstring=substr($argsdescstring,0,-2);
-					$argsdescstring="'".mysql_escape_string($argsdescstring)."'";
+					$argsdescstring=pdo->quote($argsdescstring)."'";
 				}
 				else
 					$argsdescstring="null";
 
-				mysql_query("INSERT INTO translations (lang,strmd5,str,argsdesc) VALUES ('".$_SESSION['lang']."','".md5($str)."','".mysql_escape_string($str)."',$argsdescstring)");
+				$stmt = $pdo->prepare("INSERT INTO translations (lang,strmd5,str,argsdesc) VALUES (?,?,?,?)");
+				$stmt->execute([$_SESSION['lang'], md5($str), $pdo->quote($str), $argsdescstring]);
 				for($x=1;$x<=count($args);$x++)
 				{
 					$str=str_replace("%$x",$args[$x-1],$str);
@@ -407,12 +395,13 @@ function send_header($title="", $nav=null, $icon=null, $titletranslated=false)
 ?>
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> 
 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
-<head><title><? if($title && !$titletranslated) echo i18n($title); else if($title) echo $title; else echo i18n($config['fairname']); ?></title>
+<head><title><? //if($title && !$titletranslated) echo i18n($title); else if($title) echo $title; else echo i18n($config['fairname']); ?></title>
 <link rel="stylesheet" href="<?=$config['SFIABDIRECTORY']?>/theme/<?=$config['theme']?>/jquery-ui-1.7.2.custom.css" type="text/css" media="all" />
 <link rel="stylesheet" href="<?=$config['SFIABDIRECTORY']?>/theme/<?=$config['theme']?>/sfiab.css" type="text/css" media="all" />
 <link rel="stylesheet" href="<?=$config['SFIABDIRECTORY']?>/tableeditor.css" type="text/css" media="all" />
 </head>
 <body>
+<!-- <? if($title && !$titletranslated) echo i18n($title); else if($title) echo $title; else echo i18n($config['fairname']); ?> -->
 <script type="text/javascript" src="<?=$config['SFIABDIRECTORY']?>/js/jquery/1.3.2/jquery.min.js"></script>
 <script type="text/javascript" src="<?=$config['SFIABDIRECTORY']?>/js/jqueryui/1.7.2/jquery-ui.min.js"></script>
 <script type="text/javascript" src="<?=$config['SFIABDIRECTORY']?>/js/sfiab.js"></script>
@@ -424,7 +413,7 @@ $(document).ready(function(){
 </script>
 <?
 //if we're under /admin or /config we also want the translation editor
-if(substr(getcwd(),-6)=="/admin" || substr(getcwd(),-7)=="/config")
+if(substr(getcwd(),-6)=="/admin" || substr(getcwd(),-7)=="/config" || substr(getcwd(),-6)=="\\admin" || substr(getcwd(),-7)=="\\config")
 	require_once("../translationseditor.inc.php");
 ?>
 
@@ -476,8 +465,8 @@ echo "</div>";
 	//only display it if a date is set to begin with.
 	if($config['dates']['postparticipants'] && $config['dates']['postparticipants']!="0000-00-00 00:00:00")
 	{
-		$q=mysql_query("SELECT (NOW()>'".$config['dates']['regclose']."') AS test");
-		$r=mysql_fetch_object($q);
+		$q=("SELECT (NOW()>'".$config['dates']['regclose']."') AS test");
+		$r=$q->fetch();
 		if($r->test==1)
 		{
 			$registrationconfirmationlink="<li><a href=\"".$config['SFIABDIRECTORY']."/confirmed_participants.php\">".i18n("Confirmed Participants")."</a></li>";
@@ -510,6 +499,7 @@ if(is_array($nav)) {
 <?
  echo "<li><a href=\"{$config['SFIABDIRECTORY']}/index.php\">".i18n("Home Page").'</a></li>';
  echo "<li><a href=\"{$config['SFIABDIRECTORY']}/important_dates.php\">".i18n("Important Dates").'</a></li>';
+
  echo $registrationconfirmationlink;
  /*
  echo "<li><a href=\"{$config['SFIABDIRECTORY']}/register_participants.php\">".i18n("Participant Registration").'</a></li>';
@@ -624,7 +614,7 @@ else if($title)
 	echo "<h2>".$title."</h2>";
 
 //if we're under /admin or /config then we want to show the ? help icon
-if(substr(getcwd(),-6)=="/admin" || substr(getcwd(),-7)=="/config")
+if(substr(getcwd(),-6)=="/admin" || substr(getcwd(),-7)=="/config" || substr(getcwd(),-6)=="\\admin" || substr(getcwd(),-7)=="\\config" )
 {
 	if($_SERVER['REDIRECT_SCRIPT_URL'])
 		$fname=substr($_SERVER['REDIRECT_SCRIPT_URL'],strlen($config['SFIABDIRECTORY'])+1);
@@ -650,7 +640,13 @@ global $config;
 //we only show the debug session variables if we have an ODD numbered version.
 if(substr($config['version'], -1) % 2 != 0)
 {
-	$revision=exec("svn info |grep Revision");
+	$pos = strpos(getcwd(),'/');
+	if($pos === false){ // Windows OS
+		$revision = "na";
+    }
+	else{
+		$revision=exec("svn info |grep Revision");
+	}
 	$extra=" (Development $revision)";
 	if($_SESSION['debug']=="true")
 		$extra.=" DEBUG: ".print_r($_SESSION,true);
@@ -685,7 +681,7 @@ function send_popup_header($title="")
 <link rel="stylesheet" href="<?=$config['SFIABDIRECTORY']?>/theme/<?=$config['theme']?>/sfiab.css" type="text/css" media="all" />
 <link media=all href="<?=$config['SFIABDIRECTORY']?>/tableeditor.css" type=text/css rel=stylesheet>
 </head>
-<body onload="window.focus()">
+<body onLoad="window.focus()">
 <script type="text/javascript" src="<?=$config['SFIABDIRECTORY']?>/js/jquery/1.3.2/jquery.min.js"></script>
 <script type="text/javascript" src="<?=$config['SFIABDIRECTORY']?>/js/jqueryui/1.7.2/jquery-ui.min.js"></script> 
 <script type="text/javascript" src="<?=$config['SFIABDIRECTORY']?>/js/sfiab.js"></script>
@@ -779,7 +775,7 @@ function emit_date_selector($name,$selected="")
 {
 	if($selected)
 	{
-		list($year,$month,$day)=split("-",$selected);
+		list($year,$month,$day)=explode("-",$selected);
 	}
 	echo "<table cellpadding=0>";
 	echo "<tr><td>";
@@ -831,7 +827,7 @@ function emit_time_selector($name,$selected="")
 
 	if($selected)
 	{
-		list($hour,$minute,$second)=split(":",$selected);
+		list($hour,$minute,$second)=explode(":",$selected);
 	}
 	echo "<table cellpadding=0>";
 	echo "<tr><td>";
@@ -846,10 +842,10 @@ function emit_time_selector($name,$selected="")
 function emit_province_selector($name,$selected="",$extra="")
 {
 	global $config;
-	$q=mysql_query("SELECT * FROM provinces WHERE countries_code='".mysql_escape_string($config['country'])."' ORDER BY province");
+	$q=("SELECT * FROM provinces WHERE countries_code='".mysql_escape_string($config['country'])."' ORDER BY province");
 	if(mysql_num_rows($q)==1)
 	{
-		$r=mysql_fetch_object($q);
+		$r = $q->fetch();
 		echo "<input type=\"hidden\" name=\"$name\" value=\"$r-code\">";
 		echo i18n($r->province);
 	}
@@ -857,7 +853,7 @@ function emit_province_selector($name,$selected="",$extra="")
 	{
 		echo "<select name=\"$name\" $extra>\n";
 		echo "<option value=\"\">".i18n("Select a {$config['provincestate']}")."</option>\n";
-		while($r=mysql_fetch_object($q))
+		while($r = $q->fetch())
 		{
 			if($r->code == $selected) $sel="selected=\"selected\""; else $sel="";
 
@@ -901,7 +897,7 @@ function outputStatus($status)
 
 //returns true if its a valid email address, false if its not
 function isEmailAddress($str) {
-	if(eregi('^[+a-zA-Z0-9._-]+@[a-zA-Z0-9._-]+\.([a-zA-Z]{2,4})$', $str))
+	if(preg_match('/^[+a-zA-Z0-9._-]+@[a-zA-Z0-9._-]+\.([a-zA-Z]{2,4})$/i', $str))
 		return true;
 	else
 		return false;
@@ -956,12 +952,16 @@ function email_send($val,$to,$sub_subject=array(),$sub_body=array())
 
 	//if our "to" doesnt look like a valid email, then forget about sending it.
 	if(!isEmailAddress($to))
+	{
 		return false;
+	}
 
-	$q=mysql_query("SELECT * FROM emails WHERE val='$val'");
-	if($r=mysql_fetch_object($q)) {
-		$subject=i18n($r->subject);
-		$body=i18n($r->body);
+	$q=("SELECT * FROM emails WHERE val='$val'");
+	if($r = $q->fetch()) {
+		//we dont want to translate these, the messages themselves shoudl contain whatever languages they need
+		$subject=$r->subject;
+		$body=$r->body;
+		$bodyhtml=$r->bodyhtml;
 		
 		/* Eventually we should just do this with communication_replace_vars() */
 		if(count($sub_subject)) {
@@ -975,6 +975,12 @@ function email_send($val,$to,$sub_subject=array(),$sub_body=array())
 			}
 		}
 
+		if(count($sub_body)) {
+			foreach($sub_body AS $sub_k=>$sub_v) {
+				$bodyhtml=ereg_replace("\[$sub_k\]","$sub_v",$bodyhtml);
+			}
+		}
+
 		if($r->from)
 			$fr=$r->from;
 		else if ($config['fairmanageremail'])
@@ -985,7 +991,7 @@ function email_send($val,$to,$sub_subject=array(),$sub_body=array())
 		//only send the email if we have a from
 		if($fr) {
 			//send using RMail
-			email_send_new($to,$fr,$subject,$body);
+			email_send_new($to,$fr,$subject,$body,$bodyhtml);
 		}
 		else
 			echo error(i18n("CRITICAL ERROR: email '%1' does not have a 'From' and the Fair Manager Email is not configured",array($val),array("email key name")));	
@@ -1036,8 +1042,8 @@ function getEmailRecipientsForRegistration($reg_id)
 {
 	global $config;
 	//okay first grab the registration record, to see if we should email the kids, the teacher, and/or the parents
-	$q=mysql_query("SELECT * FROM registrations WHERE id='$reg_id' AND year='{$config['FAIRYEAR']}'");
-	$registration=mysql_fetch_object($q);
+	$q=("SELECT * FROM registrations WHERE id='$reg_id' AND year='{$config['FAIRYEAR']}'");
+	$registration=$q->fetch();
 
 	if($registration->emailcontact && isEmailAddress($registration->emailcontact)) {
 			$ret[]=array("to"=>$registration->emailcontact,
@@ -1047,18 +1053,11 @@ function getEmailRecipientsForRegistration($reg_id)
 				);
 	}
 
-	$sq=mysql_query("SELECT * FROM students WHERE registrations_id='$reg_id' AND year='{$config['FAIRYEAR']}'");
+	$sq=("SELECT * FROM students WHERE registrations_id='$reg_id' AND year='{$config['FAIRYEAR']}'");
 	$ret=array();
-	while($sr=mysql_fetch_object($sq)) {
+	while($sr=$sq->fetch()) {
 		if($sr->email && isEmailAddress($sr->email)) {
-			if($sr->firstname && $sr->lastname)
-				$to=$sr->firstname." ".$sr->lastname." <".$sr->email.">";
-			else if($sr->firstname)
-				$to=$sr->firstname." <".$sr->email.">";
-			else if($sr->lastname)
-				$to=$sr->lastname." <".$sr->email.">";
-			else
-				$to=$sr->email;
+			$to=$sr->email;
 
 			$ret[]=array("to"=>$to,
 					"firstname"=>$sr->firstname,
@@ -1073,14 +1072,17 @@ function getEmailRecipientsForRegistration($reg_id)
 function output_page_text($textname)
 {
 	global $config;
-	$q=mysql_query("SELECT * FROM pagetext WHERE textname='$textname' AND year='".$config['FAIRYEAR']."' AND lang='".$_SESSION['lang']."'");
-	if(mysql_num_rows($q))
-		$r=mysql_fetch_object($q);
+	global $pdo;
+	
+	$q = $pdo->prepare("SELECT * FROM pagetext WHERE textname='$textname' AND year='".$config['FAIRYEAR']."' AND lang='".$_SESSION['lang']."'");
+	$q->execute();
+	if($q->rowCount())
+		$r = $q->fetch();
 	else
 	{
 		//not defined, lets grab the default text
-		$q=mysql_query("SELECT * FROM pagetext WHERE textname='$textname' AND year='-1' AND lang='".$config['default_language']."'");
-		$r=mysql_fetch_object($q);
+		$q=("SELECT * FROM pagetext WHERE textname='$textname' AND year='-1' AND lang='".$config['default_language']."'");
+		$r = $q->fetch();
 	}
 
 	//if it looks like we have HTML content, dont do a nl2br, if there's no html, then do the nl2br
@@ -1093,10 +1095,13 @@ function output_page_text($textname)
 function output_page_cms($filename)
 {
 	global $config;
-	$q=mysql_query("SELECT * FROM cms WHERE filename='".mysql_escape_string($filename)."' AND lang='".$_SESSION['lang']."' ORDER BY dt DESC LIMIT 1");
-	if(mysql_num_rows($q))
+	global $pdo;
+	
+	$q = $pdo->prepare("SELECT * FROM cms WHERE filename='".$filename."' AND lang='".$_SESSION['lang']."' ORDER BY dt DESC LIMIT 1");
+	$q->execute();
+	if($q->rowCount())
 	{
-		$r=mysql_fetch_object($q);
+		$r = $q->fetch();
 		send_header($r->title,null,null,true);
 
 		if(file_exists("data/logo-200.gif") && $r->showlogo==1)
@@ -1126,7 +1131,7 @@ function generatePassword($pwlen=8)
 
 	$key="";
 	for($x=0;$x<$pwlen;$x++)
-		$key.=$available{rand(0,$len)};
+		$key.=$available[rand(0,$len)];
 	return $key;
 }
 
@@ -1147,33 +1152,41 @@ function admin_warnings()
 function committee_warnings()
 {
 	global $config;
+	global $pdo;
 	//it is vital that each year the system be rolled over before we start it again
 	//we should do this, say, 4 months after the FAIRDATE, so its soon enough that they should see
 	//the message as soon as they login to start preparing for hte new year, but not too late to do it
 	//properly :)
 
-	$q=mysql_query("SELECT DATE_ADD('".$config['dates']['fairdate']."', INTERVAL 4 MONTH) < NOW() AS rollovercheck");
-	$r=mysql_fetch_object($q);
+
+
+	$q = $pdo->prepare("SELECT DATE_ADD('".$config['dates']['fairdate']."', INTERVAL 4 MONTH) < NOW() AS rollovercheck");
+	$q->execute();
+
+	$r = $q->fetch();
 	if($r->rollovercheck) {
 		echo error(i18n("It has been more than 4 months since your fair.  In order to prepare the system for the next year's fair, you should go to the SFIAB Configuration page, and click on 'Rollover Fair Year'.  Do not start updating the system with new information until the year has been properly rolled over."));
 	}
 
 	$warn = false;
-	$q = mysql_query("SELECT * FROM award_prizes WHERE `external_identifier` IS NOT NULL 
+	
+	$q = $pdo->prepare("SELECT * FROM award_prizes WHERE `external_identifier` IS NOT NULL 
 				AND external_identifier=prize");
-	if(mysql_num_rows($q) > 0) {
+	$q->execute();
+	if($q->rowCount() > 0) {
 		/* The bug was that the external_identifier was set to the prize name.. so only display the warning
 		 * if we find that case for a non-sfiab external fair */
-		while(($p = mysql_fetch_assoc($q) )) {
-			$qq = mysql_query("SELECT * FROM award_awards 
+		while(($p = $q->fetch(PDO::FETCH_ASSOC) )) {
+			$qq = ("SELECT * FROM award_awards 
 						LEFT JOIN fairs ON fairs.id=award_awards.award_source_fairs_id
 						WHERE award_awards.id='{$p['award_awards_id']}'
 						AND year='{$config['FAIRYEAR']}'
 						AND award_awards.award_source_fairs_id IS NOT NULL
 						AND fairs.type='ysc' ");
-						echo mysql_error();
+						echo pdo->errorInfo();
 			if(mysql_num_rows($qq) > 0) {
-				$warn = true;
+				$warn;
+				
 				break;
 			}
 		}
@@ -1186,15 +1199,13 @@ function committee_warnings()
 }
 
 $CWSFDivisions=array(
-	1=>"Automotive",
-	2=>"Biotechnology & Pharmaceutical Sciences",
-	3=>"Computing & Information Technology",
-	4=>"Earth & Environmental Sciences",
-	5=>"Engineering",
-	6=>"Environmental Innovation",
-	7=>"Health Sciences",
-	8=>"Life Sciences",
-	9=>"Physical & Mathematical Sciences"
+	1=>"Discovery",
+	2=>"Energy",
+	3=>"Environment",
+	4=>"Health",
+	5=>"Information",
+	6=>"Innovation",
+	7=>"Resources"
 );
 
 function theme_icon($icon, $width=0) {
@@ -1231,7 +1242,7 @@ function format_datetime($dt) {
         return format_date($dt)." ".i18n("at")." ".format_time($dt);
     }
     else {
-        list($d,$t)=split(" ",$dt);
+        list($d,$t)=explode(" ",$dt);
         return format_date($d)." ".i18n("at")." ".format_time($t);
     }
 }
@@ -1385,7 +1396,7 @@ function getTextFromHtml($html) {
 
 function getUserForSponsor($sponsor_id) {
 	// loop through each contact and draw a form with their data in it.
-	$q = mysql_query("SELECT *,MAX(year) FROM users LEFT JOIN users_sponsor ON users_sponsor.users_id=users.id
+	$q = ("SELECT *,MAX(year) FROM users LEFT JOIN users_sponsor ON users_sponsor.users_id=users.id
 	WHERE 
 	sponsors_id='" . $sponsor_id . "' 
     AND types LIKE '%sponsor%'
@@ -1394,7 +1405,7 @@ function getUserForSponsor($sponsor_id) {
 	ORDER BY users_sponsor.primary DESC,lastname,firstname
 	LIMIT 1
     ");
-	$r=mysql_fetch_object($q);
+	$r = $q->fetch();
 	return user_load_by_uid($r->uid);
 }
 
@@ -1403,8 +1414,8 @@ function projectdivisions_load($year = false)
 	global $config;
 	if($year == false) $year = $config['FAIRYEAR'];
 	$divs = array();
-	$q = mysql_query("SELECT * FROM projectdivisions WHERE year='$year'");
-	while(($d = mysql_fetch_assoc($q))) $divs[$d['id']] = $d;
+	$q = ("SELECT * FROM projectdivisions WHERE year='$year'");
+	while(($d = $q->fetch(PDO::FETCH_ASSOC))) $divs[$d['id']] = $d;
 	return $divs;
 }
 function projectcategories_load($year = false)
@@ -1412,10 +1423,107 @@ function projectcategories_load($year = false)
 	global $config;
 	if($year == false) $year = $config['FAIRYEAR'];
 	$cats = array();
-	$q = mysql_query("SELECT * FROM projectcategories WHERE year='$year'");
-	while(($c = mysql_fetch_assoc($q))) $cats[$c['id']] = $d;
+	$q = ("SELECT * FROM projectcategories WHERE year='$year'");
+	while(($c = $q->fetch(PDO::FETCH_ASSOC))) $cats[$c['id']] = $d;
 	return $cats;
 }
 
+// Converts the numeric value "$val" to an English text representation of it (e.g. "two thousand four"). 
+// If the "$monetize" flag is set to true, then it's formatted to be useable on printed cheques (e.g. "***** Two Thousand Four 00/100 *****".
+function wordify($val, $monetize = false){
+	$digits = array('zero', 'one', 'two', 'three', 'four', 'five', 'six', 'seven', 'eight', 'nine');
+	if($monetize){
+		$pennies = intval(($val - intval($val)) * 100);
+		$returnval = "and " . sprintf("%02d", $pennies) . "/100";
+	}else if($val != intval($val)){
+		$dec = $val - intval($val);
+		$returnval = 'point';
+		while($dec){
+			$dec *= 10;
+			$returnval .= " " . smallIntToText(intval($dec));
+			$dec -= intval($dec);
+		}
+	}
+	$val = intval($val);
+	$powerofthousand = array(
+		'', 'Thousand', 'Million', 'Billion', 'trillion', 'quadrillion'
+	);
+	$n = 0;
+	if(!$val){
+		$returnval = "Zero " . $returnval;
+	}else{
+		while($val > 0){
+			$sectionVal = $val % 1000;
+			if($sectionVal != 0){
+				$sectionText = smallIntToText($sectionVal);
+				if($powerofthousand[$n] != ''){
+					$returnval = $sectionText . " " . $powerofthousand[$n] . " " . $returnval;
+				}else{
+					$returnval = $sectionText . " " . $returnval;
+				}
+			}
+			$val = intval($val / 1000);
+			$n++;
+		}
+	}
+	if($monetize) $returnval = '***' . $returnval;
+	return $returnval;
+}
+
+// Converts a number between zero and one thousand to Canadian English text
+function smallIntToText($number){
+	$number %= 1000;
+	$rvals = array(
+		0 => 'Zero',
+		1 => 'One',
+		2 => 'Two',
+		3 => 'Three',
+		4 => 'Four',
+		5 => 'Five',
+		6 => 'Six',
+		7 => 'Seven',
+		8 => 'Eight',
+		9 => 'Nine',
+		10 => 'Ten',
+		11 => 'Eleven',
+		12 => 'Twelve',
+		13 => 'Thirteen',
+		14 => 'Fourteen',
+		15 => 'Fifteen',
+		16 => 'Sixteen',
+		17 => 'Seventeen',
+		18 => 'Eighteen',
+		19 => 'Nineteen',
+		20 => 'Twenty',
+		30 => 'Thirty',
+		40 => 'Forty',
+		50 => 'Fifty',
+		60 => 'Sixty',
+		70 => 'Seventy',
+		80 => 'Eighty',
+		90 => 'Ninety',
+	);
+	if(array_key_exists($number, $rvals)) return $rvals[$number];
+	$returnval = '';
+	if($number >= 100){
+		$hundred = intval($number / 100);
+		$returnval = $rvals[$hundred] . " Hundred";
+		$number -= 100 * $hundred;
+	}
+	if(array_key_exists($number, $rvals)){
+		if($number > 0) $returnval .= " " . $rvals[$number];
+		return $returnval;
+	}
+	if($number >= 10){
+		$ten = intval($number / 10);
+		if($returnval != '') $returnval .= ' ';
+		$returnval .= $rvals[10 * $ten];
+		$number -= 10 * $ten;
+	}
+	if($number > 0){
+		$returnval .= ' ' . $rvals[$number];
+	}
+	return $returnval;
+}
 
 ?>

config/backuprestore.php

@@ -83,6 +83,8 @@ header("Content-Length: ".strlen($dump));
 header("Pragma: public");
 echo $dump;
 }
+
+
 else if($_POST['action']=="restore") {
 	echo send_header("Database Backup/Restore",
  		array('Committee Main' => 'committee_main.php',
@@ -153,7 +155,7 @@ else if($_POST['action']=="restoreproceed") {
 	);
 
 	//make sure the filename's good before we used it
-	if(ereg("^[a-z0-9]{32}$",$_POST['realfilename']) && file_exists("../data/backuprestore/".$_POST['realfilename'])) {
+	if(mb_ereg("^[a-z0-9]{32}$",$_POST['realfilename']) && file_exists("../data/backuprestore/".$_POST['realfilename'])) {
 		$filename=$_POST['realfilename'];
 		echo i18n("Proceeding with database restore from %1",array($_POST['filename']))."...";
 		$lines=file("../data/backuprestore/$filename");
@@ -161,13 +163,13 @@ else if($_POST['action']=="restoreproceed") {
 		echo "<pre>";
 		foreach($lines AS $line) {
 			$line=trim($line);
-			if(ereg("^#TABLE: (.*)",$line,$args)) {
+			if(mb_ereg("^#TABLE: (.*)",$line,$args)) {
 				//empty out the table
 				$sql="TRUNCATE TABLE `".$args[1]."`";
 		//			echo $sql."\n";
 				mysql_query($sql);
 			}
-			else if(ereg("^#",$line)) {
+			else if(mb_ereg("^#",$line)) {
 				//just skip it
 			}
 			else
@@ -196,6 +198,106 @@ else if($_POST['action']=="restoreproceed") {
 	send_footer();
 
 }
+
+
+else if ($_POST['action'] == 'clean_judges') {
+	
+	//select all judges
+	$query = mysql_query('SELECT * FROM users WHERE types LIKE "judge"');
+	echo mysql_error();
+	
+	// Go through each judge and test:
+	while($judge = mysql_fetch_assoc($query)){
+
+		//if they are deleted
+		if ($judge['deleted'] == 'yes') {
+			// Make types an array if it isn't already. Allows user_purge function to work properly
+			if (!is_array($judge['types'])){
+				$judge['types'] = array($judge['types']);
+			}
+			
+			user_purge($judge, 'judge');
+	    	
+		}
+
+		else{
+			// Find max year of judge
+			$max_year_query = mysql_query('SELECT year FROM users WHERE uid = '. $judge['uid'] .' ORDER BY year DESC limit 1'); 
+			$judge_max_year = mysql_fetch_assoc($max_year_query);
+			// Grab old judge info. 
+			// Old judge info consists of all entries in the database that are not the most recent for the specific judge 
+			$deletable = mysql_query('SELECT * FROM users WHERE uid ='. $judge['uid'] .' AND year NOT LIKE '.$judge_max_year['year']);
+
+			// and if they have old data from previous fair years
+			if (mysql_num_rows($deletable) > 0){
+				// delete old data one by one
+				while ($old_judge_data = mysql_fetch_assoc($deletable)){
+					if (!is_array($old_judge_data['type'])){
+						$old_judge_data['types'] = array($old_judge_data['types']);	
+					}
+					user_purge($old_judge_data, 'judge');
+
+
+				}
+
+			}
+		}	
+	}
+
+	echo send_header("Database Backup/Restore",
+ 		array('Committee Main' => 'committee_main.php',
+			'SFIAB Configuration' => 'config/index.php')
+            ,"backup_restore"
+	);
+
+	mysql_query("OPTIMIZE TABLE users, users_judge");
+
+	$str = mysql_error();
+
+	echo $str;
+
+	if($str == '')
+		echo happy(i18n("Old judge data purged."));
+
+	else{
+		error(i18n($str));}
+		
+}
+else if ($_POST['action'] == 'clean_parents') {
+	
+	$query_parents = mysql_query('SELECT * FROM users WHERE types LIKE "parent" AND year !='.$config['FAIRYEAR']);
+
+	while($parent = mysql_fetch_assoc($query_parents)){
+
+		if (!is_array($parent['types'])){
+				$parent['types'] = array($parent['types']);
+			}
+
+		user_purge($parent, 'parent');
+
+	}
+
+	echo send_header("Database Backup/Restore",
+ 		array('Committee Main' => 'committee_main.php',
+			'SFIAB Configuration' => 'config/index.php')
+            ,"backup_restore"
+	);
+
+	mysql_query("OPTIMIZE TABLE users, users_parent");
+
+	$str = mysql_error();
+
+	echo $str;
+
+	if($str == '')
+		echo happy(i18n("Old parent data purged."));
+
+	else{
+		error(i18n($str));}
+		
+}
+
+
 else
 {
 	echo send_header("Database Backup/Restore",
@@ -210,7 +312,7 @@ else
 	$dh=opendir("../data/backuprestore");
 	$removed=false;
 	while($fn=readdir($dh)) {
-		if(ereg("[a-z0-9]{32}",$fn)) {
+		if(mb_ereg("[a-z0-9]{32}",$fn)) {
 			unlink("../data/backuprestore/$fn");
 			$removed=true;
 		}
@@ -236,6 +338,31 @@ else
 	echo "</form>\n";
 
 
+
+	echo "<br>";
+	echo "<h3>".i18n("Clean Database")."</h3>\n";
+	echo error(i18n("WARNING: Cleaning the database COMPLETELY DELETES old data on users"));
+	
+	echo "<font size = 4 color=\"red\"> RECOMMENDED: Backup database before using the below buttons</font><br><br>";
+	
+	echo "<font color=\"red\"> Remove Old Judge Data <ul>  <li> All information about who has judged in past fairs will be lost
+	                                                       <li> All deleted judges will be purged from the system </ul></font>";
+	
+	echo "<br><font color=\"red\"> Remove Old Emergency Contact / Parent Data<ul> <li> All parent information or other emergency contact information from all previous fair years will be purged from the system
+	                               												<li> It will no longer be possible to email any emergency contacts from previous fair years once the button is clicked </ul></font><br>";                                                            
+	echo "<table>";
+	echo "<tr><td style = \"width: 46%\">";
+	echo "<form method=\"post\" action=\"backuprestore.php\" enctype=\"multipart/form-data\">\n";
+	echo "<input type=\"hidden\" name=\"action\" value=\"clean_judges\">\n";
+	echo "<input type=\"submit\" onClick=\"return confirmClick('Are you sure you wish to purge old judge data?')\" value=\"".i18n("Remove Old Judge Data")."\">\n";
+	echo "</form>";
+	echo "</td><td>";
+    
+	echo "<form method=\"post\" action=\"backuprestore.php\" enctype=\"multipart/form-data\">\n";
+	echo "<input type=\"hidden\" name=\"action\" value=\"clean_parents\">\n";
+	echo "<input type=\"submit\" onClick=\"return confirmClick('Are you sure you wish to purge old parent data?')\" value=\"".i18n("Remove Old Emergency Contact / Parent Data")."\">\n";
+	echo "</form>";
+	
 	send_footer();
 }
 

config/categories.php

@@ -143,9 +143,9 @@
 	echo "</tr>";
  }
  else
- {
-	 $q=mysql_query("SELECT * FROM projectcategories WHERE year='".$config['FAIRYEAR']."' ORDER BY mingrade");
-	 while($r=mysql_fetch_object($q))
+ {	$q = $pdo->prepare("SELECT * FROM projectcategories WHERE year='".$config['FAIRYEAR']."' ORDER BY mingrade");
+	$q->execute();
+	 while($r=$q->fetch(PDO::FETCH_OBJ))
 	 {
 		echo "<tr>";
 		echo " <td align=\"center\">$r->id</td>";

config/dates.php

@@ -31,8 +31,10 @@
             ,"important_dates"
 			);
 
-$q=mysql_query("SELECT * FROM dates WHERE year='-1'");
-while($r=mysql_fetch_object($q)) {
+$q = $pdo->prepare("SELECT * FROM dates WHERE year='-1'");
+$q->execute();
+
+while($r=$q->fetch(PDO::FETCH_OBJ)) {
 	$defaultdates[$r->name]=$r;
 }
 
@@ -78,15 +80,17 @@ $dates  = array('fairdate' => array() ,
 		'specawardregclose' => array());
 
 /* Now copy the SQL data into the above array */
- $q=mysql_query("SELECT * FROM dates WHERE year='".$config['FAIRYEAR']."' ORDER BY date");
- while($r=mysql_fetch_object($q)) {
+
+ $q = $pdo->prepare("SELECT * FROM dates WHERE year='".$config['FAIRYEAR']."' ORDER BY date");
+ $q->execute();
+ while($r=$q->fetch(PDO::FETCH_OBJ)) {
  	$dates[$r->name]['description'] = $r->description;
 	$dates[$r->name]['id'] = $r->id;
 	$dates[$r->name]['date'] = $r->date;
 
 	$v = $r->date;
 	/* See if $v is something resembling a valid date */
-	if(!ereg("([0-9]{4})-([0-9]{1,2})-([0-9]{1,2})", $v, $d)) {
+	if(!preg_match("/([0-9]{4})-([0-9]{1,2})-([0-9]{1,2})/", $v, $d)) {
 		$error_ids[$r->id] = i18n("Invalid date format");
 	} else if($d[3]==0 || $d[2]==0 || $d[1]==0) {
 		$error_ids[$r->id] = i18n("Invalid date");
@@ -101,8 +105,8 @@ function chkafter($d1, $d2)
 	$id2 = $dates[$d2]['id'];
 
 	/* Parse both dates 1, 2, 3, 4, 5, 6 */
-	ereg("([0-9]{4})-([0-9]{1,2})-([0-9]{1,2}) ([0-9]{1,2}):([0-9]{1,2}):([0-9]{1,2})",$dates[$d1]['date'], $p1);
-	ereg("([0-9]{4})-([0-9]{1,2})-([0-9]{1,2}) ([0-9]{1,2}):([0-9]{1,2}):([0-9]{1,2})",$dates[$d2]['date'], $p2);
+	preg_match("/([0-9]{4})-([0-9]{1,2})-([0-9]{1,2}) ([0-9]{1,2}):([0-9]{1,2}):([0-9]{1,2})/",$dates[$d1]['date'], $p1);
+	preg_match("/([0-9]{4})-([0-9]{1,2})-([0-9]{1,2}) ([0-9]{1,2}):([0-9]{1,2}):([0-9]{1,2})/",$dates[$d2]['date'], $p2);
 
 	// int mktime ( [int hour [, int minute [, int second [, int month [, int day [, int year [, int is_dst]]]]]]] )
 	$u1 = mktime($p1[4], $p1[5], $p1[6], $p1[2], $p1[3], $p1[1]);
@@ -138,7 +142,7 @@ foreach($dates as $dn=>$d) {
 	if($error_ids[$d['id']]) {
 		$e = "<span style=\"color: red;\">*</span> ".$error_ids[$d['id']]."</font>";
 	}
-    list($_d,$_t)=split(" ",$d['date']);
+    list($_d,$_t)=explode(" ",$d['date']);
 
 	echo "<tr><td>".i18n($d['description'])."</td>";
     echo "<td><input size=\"10\" class=\"date\" type=\"text\" name=\"savedates[{$d['id']}]\" value=\"{$_d}\" />";

config/divisions.php

@@ -184,9 +184,9 @@ if($_GET['action']=="edit" || $_GET['action']=="new") {
 	echo "</tr>";
  }
  else
- {
-	 $q=mysql_query("SELECT * FROM projectdivisions WHERE year='".$config['FAIRYEAR']."' ORDER BY id");
-	 while($r=mysql_fetch_object($q))
+ {	$q = $pdo->prepare("SELECT * FROM projectdivisions WHERE year='".$config['FAIRYEAR']."' ORDER BY id");
+	 $q->execute();
+	 while($r=$q->fetch(PDO::FETCH_OBJ))
 	 {
 		echo "<tr>";
 		echo " <td>$r->id</td>";

config/divisions_cwsf.php

@@ -31,6 +31,7 @@
             ,"cwsf_project_divisions"
 			);
 
+////// FIX ME!!!!!
  if(count($_POST['cwsfdivision']))
  {
  	foreach($_POST['cwsfdivision'] AS $k=>$v)

config/index.php

@@ -23,7 +23,9 @@
 ?>
 <?
  require("../common.inc.php");
+ require("signaturepage_or_permissionform.php");
  require_once("../user.inc.php");
+ require_once("../chat.inc.php");
  user_auth_required('committee', 'config');
 
  send_header("SFIAB Configuration",
@@ -32,6 +34,8 @@
 		);
 
 
+draw_chatbox('general');
+
  echo "<table class=\"adminconfigtable\">";
  echo " <tr>";
  echo "  <td><a href=\"variables.php\">".theme_icon("configuration_variables")."<br />".i18n("Configuration Variables")."</a></td>";
@@ -43,7 +47,7 @@
  echo "  <td><a href=\"divisions_cwsf.php\">".theme_icon("cwsf_project_divisions")."<br />".i18n("CWSF Project Divisions")."</a></td>";
  echo "  <td><a href=\"subdivisions.php\">".theme_icon("project_sub_divisions")."<br />".i18n("Project Sub-Divisions")."</a></td>";
  echo "  <td><a href=\"pagetexts.php\">".theme_icon("page_texts")."<br />".i18n("Page Texts")."</a></td>";
- echo "  <td><a href=\"signaturepage.php\">".theme_icon("exhibitor_signature_page")."<br />".i18n("Exhibitor Signature Page")."</a></td>";
+ echo "  <td><a href=\"signaturepage.php\">".theme_icon("exhibitor_signature_page")."<br />".i18n("Exhibitor $participationform")."</a></td>";
  echo " </tr>\n";
  echo " <tr>";
  echo "  <td><a href=\"judges_questions.php\">".theme_icon("judge_registration_questions")."<br />".i18n("Judge Registration Questions")."</a></td>";
@@ -65,6 +69,7 @@
  echo "<table class=\"adminconfigtable\">";
  echo " <tr>";
  echo "  <td><a href=\"rollover.php\">".theme_icon("rollover_fair_year")."<br />".i18n("Rollover Fair Year")."</a></td>";
+ echo "  <td><a href=\"rolloverfiscal.php\">".theme_icon("rollover_fiscal_year")."<br />".i18n("Rollover Fiscal Year")."</a></td>";
  echo "  <td><a href=\"backuprestore.php\">".theme_icon("backup_restore")."<br />".i18n("Database Backup/Restore")."</a></td>";
  echo "  <td></td>\n";
  echo "  <td></td>\n";

config/pagetexts.php

@@ -37,16 +37,18 @@
             ,"page_texts"
 			);
 
- $q=mysql_query("SELECT * FROM pagetext WHERE year='-1' ORDER BY textname");
- while($r=mysql_fetch_object($q))
+$q = $pdo->prepare("SELECT * FROM pagetext WHERE year='-1' ORDER BY textname");
+ $q->execute();
+ while($r=$q->fetch(PDO::FETCH_OBJ))
  {
 	 foreach($config['languages'] AS $lang=>$langname) {
-        mysql_query("INSERT INTO pagetext (textname,textdescription,text,year,lang) VALUES (
-            '".mysql_escape_string($r->textname)."',
-            '".mysql_escape_string($r->textdescription)."',
-            '".mysql_escape_string($r->text)."',
+		$q = $pdo->prepare("INSERT INTO pagetext (textname,textdescription,text,year,lang) VALUES (
+            '".$r->textname."',
+            '".$r->textdescription."',
+            '".$r->text."',
             '".$config['FAIRYEAR']."',
-            '".mysql_escape_string($lang)."')");
+            '".$lang."')");
+        $q->execute();
     }
  }
 

config/rolloverfiscal.php

@@ -1,22 +1,154 @@
 <?
 //FIXME: I just ripped these out of the fair year rollover since they are no longer tied to the fair year, they are now tied to the FISCAL year, we'll need to implement a new fiscal year rollover mechanism similar to the fairyear rollover
 //FIXME: The table names are also wrong since i've now renamed htem all, will fix when the fiscal rollover is implemented
-		echo i18n("Rolling fundraising goals")." <br />";
-        roll($currentfairyear, $newfairyear, "fundraising",
-            array("type","name","description","system","goal"));
+include "../common.inc.php";
 
-		echo i18n("Rolling sponsorship levels")." <br />";
-        roll($currentfairyear, $newfairyear, "sponsorships_levels",
-            array("level","min","max","description"));
+if(array_key_exists('action', $_POST)){
+	switch($_POST['action']){
+		case 'rollover':
+			// error check the data that's getting posted
+			$year = $_POST['year'];
+			if(!is_numeric($year)){
+				error_("Not a valid year");
+				break;
+			}
+			if($year <= $config['FISCALYEAR']){
+				error_("The new fiscal year must be after the current one");
+				break;
+			}
 
-		echo i18n("Rolling sponsorships")." <br />";
-        roll($currentfairyear, $newfairyear, "sponsorships",
-            array("sponsors_id","fundraising_type","value")); //no need to roll status or probability, because we're about to reset them..
-        mysql_query("UPDATE sponsorships SET status='pending', probability=25 WHERE year='$newfairyear'");
-        $q=mysql_query("SELECT * FROM sponsorships WHERE year='$newfairyear'");
-        while($r=mysql_fetch_object($q)) {
-            mysql_query("INSERT INTO sponsors_logs (sponsors_id,dt,users_id,log) VALUES ('$r->sponsors_id',NOW(),'{$_SESSION['auth_user_id']}','Fair year rollover - reset status=pending, probability=25\%')");
-        }
+			// ok, the request checks out, let's go ahead and do the rollover
+//			echo "Updating to the year $year";
+			echo rolloverfiscalyear($year);
+			break;
+		default:
 
+	}
+	exit;
+}
 
+ send_header("Fiscal Year Rollover",
+ 		array('Committee Main' => 'committee_main.php',
+			'SFIAB Configuration' => 'config/index.php')
+            ,"rollover_fiscal_year"
+			);
+draw_body();
+send_footer();
+exit;
+function draw_body(){
+	global $config;
 ?>
+
+	<script language="javascript" type="text/javascript">
+
+	function confirmYearRollover(){
+		var currentyear = <?=$config['FISCALYEAR']?>;
+		var nextyear = document.forms.rollover.nextfiscalyear.value;
+
+		if(nextyear<currentyear)
+			alert('You cannot roll backwards in years!');
+		else if(nextyear==currentyear)
+			alert('You cannot roll to the same year!');
+		else {
+			var okay=confirm('Are you sure you want to roll the FISCALYEAR from '+currentyear+' to '+nextyear+'? This can not be undone and should only be done if you are absolutely sure!');
+			if(okay){
+				$.post('rolloverfiscal.php', {'action':'rollover', 'year':$('#nextfiscalyear').val()}, function(result){
+					$('#results').html(result);
+				});
+			}
+		}
+		return false;
+	}
+	</script>
+<?
+	echo "<br />";
+	echo "<a href=\"backuprestore.php\">".i18n("You should consider making a database backup before rolling over, just in case!")."</a><br />\n";
+	echo "<br />";
+	echo "<form name=\"rollover\" method=\"post\" action=\"rolloverfiscal.php\" onsubmit=\"return confirmYearRollover()\">";
+	echo i18n("Current Fiscal Year").": <b>".$config['FISCALYEAR']."</b><br />";
+	$nextfiscalyear = $config['FISCALYEAR'] + 1;
+	echo i18n("Next Fiscal Year").": <input size=\"8\" type=\"text\" id=\"nextfiscalyear\" value=\"$nextfiscalyear\" />";
+	echo "<br />";
+	echo "<input type=\"submit\" value=\"".i18n("Rollover Fiscal Year")."\" />";
+	echo "</form>";
+	echo "<div id=\"results\"></div>";
+}
+
+function rolloverfiscalyear($newYear){
+	global $config;
+	$oldYear = $config['FISCALYEAR'];
+	$yearDiff = $newYear - $oldYear;
+
+	// first we'll roll over fundraising_campaigns:
+	$fields = "`name`,`type`,`startdate`,`enddate`,`followupdate`,`active`,`target`,`fundraising_goal`,`filterparameters`";
+	$q = mysql_query("SELECT $fields FROM fundraising_campaigns WHERE fiscalyear = $oldYear");
+	while(mysql_error() == null && $r = mysql_fetch_assoc($q)){
+		foreach(array('startdate','enddate','followupdate') as $dateField){
+			$dateval = $r[$dateField];
+			$parts = explode('-', $dateval);
+			if($parts[0] != '0000')
+				$parts[0] += $yearDiff;
+			$r[$dateField] = implode('-', $parts);
+		}
+		$r['fiscalyear'] = $newYear;
+
+		$fields = array_keys($r);
+		$values = array_values($r);
+		foreach($values as $idx => $val){
+			$values[$idx] = mysql_real_escape_string($val);
+		}
+		$query = "INSERT INTO fundraising_campaigns (`" . implode("`,`", $fields) . "`) VALUES('" . implode("','", $values) . "')";
+		mysql_query($query);
+	}
+
+	// next we'll hit findraising_donor_levels
+	$fields = "`level`,`min`,`max`,`description`";
+	if(mysql_error() == null)
+		$q = mysql_query("SELECT $fields FROM fundraising_donor_levels WHERE fiscalyear = $oldYear");
+	while(mysql_error() == null && $r = mysql_fetch_assoc($q)){
+		$r['fiscalyear'] = $newYear;
+		$fields = array_keys($r);
+		$values = array_values($r);
+		foreach($values as $idx => $val){
+			$values[$idx] = mysql_real_escape_string($val);
+		}
+		$query = "INSERT INTO fundraising_donor_levels (`" . implode("`,`", $fields) . "`) VALUES('" . implode("','", $values) . "')";
+		mysql_query($query);
+	}
+
+	// and now we'll do findraising_goals
+	$fields = "`goal`,`name`,`description`,`system`,`budget`,`deadline`";
+	if(mysql_error() == null){
+		$q = mysql_query("SELECT $fields FROM fundraising_goals WHERE fiscalyear = $oldYear");
+	}
+	while(mysql_error() == null && $r = mysql_fetch_assoc($q)){
+		$dateval = $r['deadline'];
+		$parts = explode('-', $dateval);
+		if($parts[0] != '0000')
+			$parts[0] += $yearDiff;
+		$r['deadline'] = implode('-', $parts);
+
+		$r['fiscalyear'] = $newYear;
+
+		$fields = array_keys($r);
+		$values = array_values($r);
+		foreach($values as $idx => $val){
+			$values[$idx] = mysql_real_escape_string($val);
+		}
+		$query = "INSERT INTO fundraising_goals (`" . implode("`,`", $fields) . "`) VALUES('" . implode("','", $values) . "')";
+		mysql_query($query);
+	}
+
+	// finally, let's update the fiscal year itself:
+	if(mysql_error() == null){
+		mysql_query("UPDATE config SET val='$newYear' WHERE var='FISCALYEAR'");
+	}
+
+	if(mysql_error() == null){
+		$config['FISCALYEAR'] = $newYear;
+		echo happy(i18n("Fiscal year has been rolled over from %1 to %2", array($oldYear, $newYear)));
+	}else{
+		echo error(mysql_error());
+	}
+	
+}

config/safetyquestions.php

@@ -142,9 +142,10 @@
  echo "<a href=\"safetyquestions.php?action=new\">".i18n("Add new safety question")."</a>";
 
  echo "<table class=\"summarytable\">";
- $q=mysql_query("SELECT * FROM safetyquestions WHERE year='".$config['FAIRYEAR']."' ORDER BY ord");
+ $q = $pdo->prepare("SELECT * FROM safetyquestions WHERE year='".$config['FAIRYEAR']."' ORDER BY ord");
+ $q->execute();
  echo "<tr><th>".i18n("Ord")."</th><th>".i18n("Question")."</th><th>".i18n("Type")."</th><th>".i18n("Required")."</th><th>".i18n("Actions")."</th></tr>";
- while($r=mysql_fetch_object($q))
+ while($r=$q->fetch(PDO::FETCH_OBJ))
  {
  	echo "<tr>";
 	echo "<td>$r->ord</td>";

config/signaturepage.php

@@ -23,9 +23,10 @@
 ?>
 <?
  require("../common.inc.php");
+ require("signaturepage_or_permissionform.php");
  require_once("../user.inc.php");
  user_auth_required('committee', 'config');
- send_header("Signature Page",
+ send_header("$participationform",
  		array('Committee Main' => 'committee_main.php',
 			'SFIAB Configuration' => 'config/index.php')
             ,"exhibitor_signature_page"
@@ -44,13 +45,13 @@
  	mysql_query("UPDATE signaturepage SET `use`='$usete', `text`='".mysql_escape_string(stripslashes($_POST['teacherdeclaration']))."' WHERE name='teacherdeclaration'");
  	mysql_query("UPDATE signaturepage SET `use`='$usepa', `text`='".mysql_escape_string(stripslashes($_POST['postamble']))."' WHERE name='postamble'");
  	mysql_query("UPDATE signaturepage SET `use`='$userf', `text`='' WHERE name='regfee'");
-	echo happy(i18n("Signature page text successfully saved"));
+	echo happy(i18n("$sentence_begin_participationform text successfully saved"));
  }
 
 echo "<a href=\"../register_participants_signature.php?sample=true\">Preview your signature form as a PDF (as a student would see it)</a><br />";
-
-$q=mysql_query("SELECT * FROM signaturepage WHERE name='exhibitordeclaration'");
-$r=mysql_fetch_object($q);
+$q = $pdo->prepare("SELECT * FROM signaturepage WHERE name='exhibitordeclaration'");
+$q->execute();
+$r=$q->fetch(PDO::FETCH_OBJ);
 echo "<form method=\"post\" action=\"signaturepage.php\">";
 echo "<input type=\"hidden\" name=\"action\" value=\"save\">\n";
 if($r->use) $ch="checked=\"checked\""; else $ch="";
@@ -60,8 +61,9 @@ echo "<textarea name=\"exhibitordeclaration\" rows=\"8\" cols=\"80\">".$r->text.
 echo "<br />";
 echo "<br />";
 
-$q=mysql_query("SELECT * FROM signaturepage WHERE name='parentdeclaration'");
-$r=mysql_fetch_object($q);
+$q = $pdo->prepare("SELECT * FROM signaturepage WHERE name='parentdeclaration'");
+$q->execute();
+$r=$q->fetch(PDO::FETCH_OBJ);
 if($r->use) $ch="checked=\"checked\""; else $ch="";
 echo "<input $ch type=\"checkbox\" name=\"useparentdeclaration\" value=\"1\">".i18n("Use the parent/guardian declaration and obtain parent/guardian signatures");
 echo "<br />";
@@ -69,8 +71,10 @@ echo "<textarea name=\"parentdeclaration\" rows=\"8\" cols=\"80\">".$r->text."</
 echo "<br />";
 echo "<br />";
 
-$q=mysql_query("SELECT * FROM signaturepage WHERE name='teacherdeclaration'");
-$r=mysql_fetch_object($q);
+$q = $pdo->prepare("SELECT * FROM signaturepage WHERE name='teacherdeclaration'");
+$q->execute();
+$r=$q->fetch(PDO::FETCH_OBJ);
+
 if($r->use) $ch="checked=\"checked\""; else $ch="";
 echo "<input $ch type=\"checkbox\" name=\"useteacherdeclaration\" value=\"1\">".i18n("Use the teacher declaration and obtain teacher's signature");
 echo "<br />";
@@ -78,15 +82,20 @@ echo "<textarea name=\"teacherdeclaration\" rows=\"8\" cols=\"80\">".$r->text."<
 echo "<br />";
 echo "<br />";
 
-$q=mysql_query("SELECT * FROM signaturepage WHERE name='regfee'");
-$r=mysql_fetch_object($q);
+
+$q = $pdo->prepare("SELECT * FROM signaturepage WHERE name='regfee'");
+$q->execute();
+$r=$q->fetch(PDO::FETCH_OBJ);
+
 if($r->use) $ch="checked=\"checked\""; else $ch="";
-echo "<input $ch type=\"checkbox\" name=\"useregfee\" value=\"1\">".i18n("Include registration fee information on the signature page");
+echo "<input $ch type=\"checkbox\" name=\"useregfee\" value=\"1\">".i18n("Include registration fee information on the $non_capital_participationform");
 echo "<br />";
 echo "<br />";
 
-$q=mysql_query("SELECT * FROM signaturepage WHERE name='postamble'");
-$r=mysql_fetch_object($q);
+$q = $pdo->prepare("SELECT * FROM signaturepage WHERE name='postamble'");
+$q->execute();
+$r=$q->fetch(PDO::FETCH_OBJ);
+
 if($r->use) $ch="checked=\"checked\""; else $ch="";
 echo "<input $ch type=\"checkbox\" name=\"usepostamble\" value=\"1\">".i18n("Place Additional Information after all the required signatures");
 echo "<br />";
@@ -94,7 +103,7 @@ echo "<textarea name=\"postamble\" rows=\"8\" cols=\"80\">".$r->text."</textarea
 echo "<br />";
 echo "<br />";
 
-echo "<input type=\"submit\" value=\"".i18n("Save Signature Page")."\">";
+echo "<input type=\"submit\" value=\"".i18n("Save $non_capital_participationform")."\">";
 echo "</form>";
 
  send_footer();

config/signaturepage_or_permissionform.php

@@ -0,0 +1,29 @@
+<?php
+
+// This file was created February 2015 by Sebastian Ruan
+/* It determines if signature page is to be called permission form.
+   The multiple variables allow for correct grammer to be observed
+   on the website.
+*/
+
+if ($config['signaturepage_or_permissionform']=="permissionform"){
+	
+	$participationform = 'Permission Form';
+	$plural_participationform = 'Permission Forms';
+	$non_capital_participationform = 'permission form';
+	$non_capital_plural_participationform = 'permission forms';
+	$sentence_begin_participationform = 'Permission form';
+	$signatureformpermissionform = 'permission form';
+}
+
+else {
+	$participationform = 'Signature Page';
+	$plural_participationform = 'Siganture Forms';
+	$non_capital_participationform = 'signature page';
+	$non_capital_plural_participationform = 'signature forms';
+	$sentence_begin_participationform = 'Signature page';
+	$signatureformpermissionform = 'signature form';
+}
+
+
+?>

config/subdivisions.php

@@ -148,8 +148,7 @@
 	echo "</tr>";
  }
  else
- {
-	 $q=mysql_query("SELECT projectsubdivisions.id, 
+ {	$q = $pdo->prepare("SELECT projectsubdivisions.id, 
 	 			projectsubdivisions.projectdivisions_id,
 				projectsubdivisions.subdivision,
 				projectdivisions.division
@@ -162,8 +161,9 @@
 					AND projectsubdivisions.projectdivisions_id=projectdivisions.id
 				ORDER BY 
 					division,subdivision");
-echo mysql_error();
-	 while($r=mysql_fetch_object($q))
+	 $q->execute();
+echo $pdo->errorInfo();
+	 while($r=$q->fetch(PDO::FETCH_OBJ))
 	 {
 		echo "<tr>";
 		echo " <td>$r->division</td>";

config/variables.php

@@ -27,16 +27,18 @@
  require_once("../config_editor.inc.php");
  user_auth_required('committee', 'config');
 
- $q=mysql_query("SELECT * FROM config WHERE year='-1'");
- while($r=mysql_fetch_object($q)) {
-	mysql_query("INSERT INTO config (var,val,category,type,type_values,ord,description,year) VALUES (
-		'".mysql_escape_string($r->var)."',
-		'".mysql_escape_string($r->val)."',
-		'".mysql_escape_string($r->category)."',
-		'".mysql_escape_string($r->type)."',
-		'".mysql_escape_string($r->type_values)."',
-		'".mysql_escape_string($r->ord)."',
-		'".mysql_escape_string($r->description)."',
+ 
+ $q = $pdo->prepare("SELECT * FROM config WHERE year='-1'");
+ $q->execute();
+ while($r=$q->fetch(PDO::FETCH_OBJ)) {
+	$q = $pdo->prepare("INSERT INTO config (var,val,category,type,type_values,ord,description,year) VALUES (
+		'".$r->var."',
+		'".$r->val."',
+		'".$r->category."',
+		'".$r->type."',
+		'".$r->type_values."',
+		'".$r->ord."',
+		'".$r->description."',
 		'".$config['FAIRYEAR']."')");
  }
 
@@ -67,14 +69,14 @@
             ,"configuration_variables"
 			);
 
-
- $q=mysql_query("SELECT DISTINCT(category) AS cat FROM config ORDER BY cat");
+$q = $pdo->prepare("SELECT DISTINCT(category) AS cat FROM config ORDER BY cat");
+$q->execute();
  echo "\n<table valign=\"top\" cellspacing=0 cellpadding=5 border=0>";
 
  echo "<tr><td width=\"120\" style=\"border-right: 1px solid black;\">";
  echo "<table cellspacing=0 cellpadding=3 border=0>";
  $trclass = 'odd';
- while($r=mysql_fetch_object($q)) {
+ while($r=$q->fetch(PDO::FETCH_ASSOC)) {
  	$trclass = ($trclass == 'odd') ? 'even' : 'odd';
  	echo "<tr class=\"$trclass\">";
  	echo "<td align=\"right\">"; 

config_editor.inc.php

@@ -24,13 +24,13 @@
 <?
 
 function config_editor_load($category, $year)
-{
+{	global $pdo;
 	$query = "SELECT * FROM config WHERE year='$year' AND category='$category' ORDER BY ord";
-	$q = mysql_query($query);
-	print(mysql_error());
+	$q = $pdo->prepare($query);
+	print($pdo->errorInfo());
 
 	$var = array();
-	while($r=mysql_fetch_object($q)) {
+	while($r=$q->fetch()) {
 		$var[$r->var]['val'] = $r->val;
 		$var[$r->var]['desc'] = $r->description;
 		$var[$r->var]['category'] = $r->category;
@@ -84,8 +84,8 @@ function config_update_variables($fairyear=NULL, $lastfairyear=NULL)
 		LEFT JOIN `config` AS C2 ON(config.var=C2.var 
 					AND C2.year='$fairyear') 
 		WHERE config.year=-1 AND C2.year IS NULL";
-	$r = mysql_query($q);
-	while($i = mysql_fetch_assoc($r)) {
+	$r = ($q);
+	while($i = $r->fetch(PDO::FETCH_ASSOC)) {
 		$var = $i['var'];
 		/* See if this var exists for last year or
 		 * the -1 year, prefer last year's value */
@@ -94,22 +94,22 @@ function config_update_variables($fairyear=NULL, $lastfairyear=NULL)
 				AND (config.year='$lastfairyear' 
 					OR config.year='-1')
 			ORDER BY config.year DESC";
-		$r2 = mysql_query($q);
+		$r2 = ($q);
 		if(mysql_num_rows($r2) < 1) {
 			/* Uhoh, this shouldn't happen */
 			echo "ERROR, Variable '$var' doesn't exist";
 			exit;
 		}
-		$v = mysql_fetch_object($r2);
+		$v = $r2->fetch();
 
-		mysql_query("INSERT INTO config (var,val,category,type,type_values,ord,description,year) VALUES (
-	                '".mysql_escape_string($v->var)."',
-			'".mysql_escape_string($v->val)."',
-			'".mysql_escape_string($v->category)."',
-			'".mysql_escape_string($v->type)."',
-			'".mysql_escape_string($v->type_values)."',
-			'".mysql_escape_string($v->ord)."',
-			'".mysql_escape_string($v->description)."',
+		("INSERT INTO config (var,val,category,type,type_values,ord,description,year) VALUES (
+	                '".pdo->quote($v->var)."',
+			'".pdo->quote($v->val)."',
+			'".pdo->quote($v->category)."',
+			'".pdo->quote($v->type)."',
+			'".pdo->quote($v->type_values)."',
+			'".pdo->quote($v->ord)."',
+			'".pdo->quote($v->description)."',
 			'$fairyear')");
 	}
 }
@@ -151,12 +151,9 @@ function config_editor_handle_actions($category, $year, $array_name)
 			}
 
 			/* Prep for MySQL update */
-			$val = mysql_escape_string($val);
-			$v = mysql_escape_string(stripslashes($k));
-			mysql_query("UPDATE config SET val=\"$val\" 
-					WHERE var=\"$v\" 
-					AND `year`='$year'");
-			print mysql_error();
+			$stmt = $pdo->prepare("UPDATE config SET val = ? WHERE var = ? AND year = ?");
+			$stmt->execute([$val, $k, $year]);
+			print pdo->errorInfo();
 //			echo "Saving {$v} = $val<br>";
 			$config_editor_updated = true;
 			$updated = true;
@@ -228,7 +225,7 @@ function config_editor($category, $year, $array_name, $self)
 			print("</select>");
 			break;
 		case "enum":
-			$val = split(',', $val);
+			$val = explode(',', $val);
 			$values = $var[$k]['type_values'];
 			/* Split values */
 			/* The PERL regex here matches any string of the form
@@ -268,7 +265,7 @@ function config_editor($category, $year, $array_name, $self)
 			break;
 		case 'multisel':
 			/* same PERL parse statements as above */
-			$val = split(',', $val);
+			$val = explode(',', $val);
 			$values = $var[$k]['type_values'];
 			preg_match_all("/([^\|=]+)(?:=([^\|]+))?\|?/", $values, $regs);
 			/* Decide which way to show this list */

confirmed_participants.php

@@ -23,20 +23,25 @@
 ?>
 <?
  require("common.inc.php");
+ require("./config/signaturepage_or_permissionform.php");
 
  send_header("Confirmed Participants");
 
 	//first, lets make sure someone isnt tryint to see something that they arent allowed to!
-	$q=mysql_query("SELECT (NOW()>'".$config['dates']['postparticipants']."') AS test");
-	$r=mysql_fetch_object($q);
+	
+	$q=$pdo->prepare("SELECT (NOW()>'".$config['dates']['postparticipants']."') AS test");
+	$q->execute();
+	$r=$q->fetch();
 	if($r->test!=1)
 	{
-		list($d,$t)=split(" ",$config['dates']['postparticipants']);
-		echo i18n("Confirmed participants (that signature forms have been received for) will be posted here on %1 at %2.  Please do not contact the fair to inquire about receipt of your signature form until after this date (and only if you are not listed here after this date).",array($d,$t));
+		list($d,$t)=explode(" ",$config['dates']['postparticipants']);
+		echo i18n("Confirmed participants (that $signatureformpermissionform have been received for) will be posted here on %1 at %2.  Please do not contact the fair to inquire about receipt of your $signatureformpermissionform until after this date (and only if you are not listed here after this date).",array($d,$t));
 	}
-	else
+	else https://marketplace.visualstudio.com/items?itemName=oscarotero.vento-syntax
 	{
-		$q=mysql_query("SELECT  registrations.id AS reg_id,
+
+		
+		$q=$pdo->prepare("SELECT  registrations.id AS reg_id,
 					registrations.status,
 					registrations.email,
 					projects.title,
@@ -62,20 +67,21 @@
 					projectdivisions.id,
 					projects.projectnumber
 				");
-			echo mysql_error();
+			$q->execute();
+			echo $pdo->errorInfo();
 		
 		$lastcat="something_that_does_not_exist";
 		$lastdiv="something_that_does_not_exist";
-		echo i18n("The following is a list of all confirmed participants that the signature form has been received for.  If you think you registered but you are not on this list, you should contact the %1 immediately.",array($config['fairname']))."<br />";
+		echo i18n("The following is a list of all confirmed participants that the $signatureformpermissionform has been received for.  If you think you registered but you are not on this list, you should contact the %1 immediately.",array($config['fairname']))."<br />";
 		if($config['regfee']>0)
 		{
 			echo "<br />";
-			echo "<font color=\"red\">*</font>".i18n(" indicates payment was not received with the signature form.");
+			echo "<font color=\"red\">*</font>".i18n(" indicates payment was not received with the $signatureformpermissionform.");
 			echo "<br />";
 			echo "<br />";
 		}
 		echo "<table style=\"font-size: 0.9em;\">";
-		while($r=mysql_fetch_object($q))
+		while($r=$q->fetch())
 		{
 			if($r->category != $lastcat)
 			{
@@ -116,7 +122,7 @@
 			echo "<td>$r->projectnumber</td>";
 			echo "<td>$r->title</td>";
 
-			$sq=mysql_query("SELECT students.firstname,
+			$sq=("SELECT students.firstname,
 						students.lastname,
 						students.id,
 						students.webfirst,
@@ -129,14 +135,14 @@
 						AND
 						students.schools_id=schools.id
 					");
-					echo mysql_error();
+					echo pdo->errorInfo();
 
 			$studnum=1;
 			$schools="";
 			$students="";
 			$sameschools=true;
 			$lastschool="";
-			while($studentinfo=mysql_fetch_object($sq))
+			while($studentinfo=$sq->fetch())
 			{
 				if($studentinfo->webfirst=="yes")
 					$students.="$studentinfo->firstname ";

contact.php

@@ -26,16 +26,18 @@
 
  function cleanify($in) {
  	$in=ereg_replace("\r","\n",$in);
- 	$lines=split("\n",$in);
+ 	$lines=explode("\n",$in);
 	return trim($lines[0]);
  }
 
  if($_POST['action']=="send") {
  	if($_POST['to'] && $_POST['subject'] && $_POST['message'] && $_POST['from'] && $_POST['fromemail']) {
 		if(isEmailAddress($_POST['fromemail'])) {
-			list($id,$md5email)=split(":",$_POST['to']);
-			$q=mysql_query("SELECT * FROM users WHERE uid='$id' ORDER BY year DESC LIMIT 1");
-			$r=mysql_fetch_object($q);
+			list($id,$md5email)=explode(":",$_POST['to']);
+			
+			$q=pdo->prepare("SELECT * FROM users WHERE uid=.?. ORDER BY year DESC LIMIT 1");
+			$q->bindParam(1, $id);
+			$q->execute();
 			//if a valid selection is made from the list, then this will always match.
 			if($md5email == md5($r->email)) {
 				$from=cleanify($_POST['from'])." <".cleanify($_POST['fromemail']).">";
@@ -80,31 +82,43 @@ function tochange() {
 	echo "<tr><td>".i18n("To").":</td>";
 	echo "<td><select name=\"to\" onchange=\"tochange()\">";
 	echo "<option value=\"\">".i18n("Choose a person to contact")."</option>\n";
-	$q=mysql_query("SELECT * FROM committees ORDER BY ord,name");
-	while($r=mysql_fetch_object($q)) {
+	$q=pdo->query("SELECT * FROM committees ORDER BY ord,name");
+	while($r->fetch()) {
 
 		/* Select everyone in this committee, attach the user data using MAX(year) so we only get the most recent
 		 * user data */
-		$q2=mysql_query("SELECT committees_link.*,users.uid,MAX(users.year),users.firstname,users.lastname,users.email,users.deleted
-							FROM committees_link LEFT JOIN users ON users.uid = committees_link.users_uid 
-							 WHERE committees_id='{$r->id}' 
-							 GROUP BY users.uid ORDER BY ord,users.lastname ");
+		$q2=pdo->query("SELECT committees_link.*,
+								users.uid,
+								MAX(users.year) AS my,
+								users.firstname,
+								users.lastname,
+								users.email,
+								users.deleted
+							FROM committees_link 
+							LEFT JOIN users ON users.uid = committees_link.users_uid 
+							WHERE committees_id='{$r->id}' 
+							GROUP BY users.uid
+							ORDER BY ord,users.lastname ");
 
 		//if there's nobody in this committee, then just skip it and go on to the next one.
+
+		// FIX ME !!!!!
 		if(mysql_num_rows($q2)==0)
 			continue;
 
 		echo "<option value=\"\">{$r->name}</option>\n";
 
-		echo mysql_error();
-		while($r2=mysql_fetch_object($q2))
-		{
-			if($r2->deleted != 'no') continue;
+		echo pdo->errorInfo();
+		while($r2=$q2->fetch()) {
+			$q3=pdo->query("SELECT firstname,lastname,email,deleted FROM users WHERE uid='$r2->uid' AND year='$r2->my'");
+	
+			$r3 = $q3->fetch();
+			if($r3->deleted != 'no') continue;
 
-			if($r2->email) {
-				$name=$r2->firstname.' '.$r2->lastname;
+			if($r3->email) {
+				$name=$r3->firstname.' '.$r3->lastname;
 				if($r2->title) $titlestr=" ($r2->title)"; else $titlestr="";
-				echo "<option value=\"$r2->uid:".md5($r2->email)."\">&nbsp;&nbsp;-{$name}{$titlestr}</option>\n";
+				echo "<option value=\"$r2->uid:".md5($r3->email)."\">&nbsp;&nbsp;-{$name}{$titlestr}</option>\n";
 			}
 		}
 	}

data/backuprestore/.htaccess

@@ -0,0 +1,2 @@
+Order Deny,Allow
+Deny From All

data/config.inc.php

@@ -0,0 +1,29 @@
+<?
+/* 
+   This file is part of the 'Science Fair In A Box' project
+   SFIAB Website: http://www.sfiab.ca
+
+   Copyright (C) 2005 Sci-Tech Ontario Inc <info@scitechontario.org>
+   Copyright (C) 2005 James Grant <james@lightbox.org>
+
+   This program is free software; you can redistribute it and/or
+   modify it under the terms of the GNU General Public
+   License as published by the Free Software Foundation, version 2.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+    General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program; see the file COPYING.  If not, write to
+   the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
+   Boston, MA 02111-1307, USA.
+*/
+?>
+<?
+$DBHOST=		"db";
+$DBNAME=		"sfiab";
+$DBUSER=		"sfiab";
+$DBPASS=		"ScienceFair123!";
+?>

db/db.code.version.txt

@@ -1 +1 @@
-171
+179

db/db.update.161.sql

@@ -1,3 +1,3 @@
 ALTER TABLE `emailqueue` ADD `numfailed` INT NOT NULL DEFAULT '0';
 ALTER TABLE `emailqueue` ADD `numbounced` INT NOT NULL DEFAULT '0';
-ALTER TABLE `emailqueue_recipients` ADD `result` ENUM( 'ok', 'failed' ) NULL DEFAULT NULL 
+ALTER TABLE `emailqueue_recipients` ADD `result` ENUM( 'ok', 'failed' ) NULL DEFAULT NULL;

db/db.update.172.sql

@@ -0,0 +1 @@
+ALTER TABLE `users_judge` CHANGE `div_prefs` `div_prefs` TEXT NOT NULL ;

db/db.update.173.sql

@@ -0,0 +1,24 @@
+DELETE FROM reports_items WHERE reports_id=30;
+
+INSERT INTO `reports_items` (`reports_id`, `type`, `ord`, `field`, `value`, `x`, `y`, `w`, `h`, `lines`, `face`, `fontname`, `fontstyle`, `fontsize`, `align`, `valign`, `on_overflow`) VALUES
+(30, 'col', 7, 'fair_logo', '', 1, 1, 33, 33, 1, '', '', '', 0, 'center middle', 'middle', ''),
+(30, 'col', 6, 'projectbarcode', '', 10, 145, 22, 22, 1, '', '', '', 14, 'center middle', 'middle', ''),
+(30, 'col', 5, 'static_text', 'Safety Check:', 180, 153, 30, 5, 1, '', '', '', 10, 'right middle', 'middle', ''),
+(30, 'sort', 0, 'pn', '', 0, 0, 0, 0, 1, '', '', '', 0, ' ', '', ''),
+(30, 'distinct', 0, 'pn', '', 0, 0, 0, 0, 1, '', '', '', 0, ' ', '', ''),
+(30, 'option', 9, 'stock', 'fullpage_landscape', 0, 0, 0, 0, 0, '', '', '', 0, '', '', 'truncate'),
+(30, 'option', 8, 'default_font_size', '10', 0, 0, 0, 0, 0, '', '', '', 0, '', '', 'truncate'),
+(30, 'option', 7, 'label_logo', 'yes', 0, 0, 0, 0, 0, '', '', '', 0, '', '', 'truncate'),
+(30, 'option', 6, 'label_fairname', 'yes', 0, 0, 0, 0, 0, '', '', '', 0, '', '', 'truncate'),
+(30, 'option', 4, 'label_box', 'no', 0, 0, 0, 0, 0, '', '', '', 0, '', '', 'truncate'),
+(30, 'option', 5, 'field_box', 'no', 0, 0, 0, 0, 0, '', '', '', 0, '', '', 'truncate'),
+(30, 'col', 4, 'static_box', '', 215, 150, 14, 14, 1, '', '', '', 10, 'center middle', 'middle', ''),
+(30, 'option', 3, 'fit_columns', 'no', 0, 0, 0, 0, 0, '', '', '', 0, '', '', 'truncate'),
+(30, 'option', 2, 'allow_multiline', 'no', 0, 0, 0, 0, 0, '', '', '', 0, '', '', 'truncate'),
+(30, 'option', 1, 'group_new_page', 'no', 0, 0, 0, 0, 0, '', '', '', 0, '', '', 'truncate'),
+(30, 'option', 0, 'type', 'tcpdf_label', 0, 0, 0, 0, 0, '', '', '', 0, '', '', 'truncate'),
+(30, 'col', 3, 'categorydivision', '', 1, 125, 235, 14, 1, '', '', '', 22, 'center middle', 'middle', ''),
+(30, 'col', 1, 'title', '', 35, 5, 200, 25, 1, '', '', '', 28, 'center middle', 'middle', 'scale'),
+(30, 'col', 2, 'pn', '', 1, 36, 235, 50, 1, '', '', '', 128, 'center middle', 'middle', ''),
+(30, 'col', 0, 'bothnames', '', 1, 105, 235, 12, 1, '', '', '', 18, 'center middle', 'middle', '');
+

db/db.update.174.php

@@ -0,0 +1,13 @@
+<?
+function db_update_174_post()
+{
+	global $config;
+
+	$q = mysql_query("SELECT * FROM users WHERE deleted = 'yes'");
+	while($row = mysql_fetch_assoc($q)){
+		echo "Flagging user records prior to " . $row['year'] . " for user " . $row['uid'] . " as deleted - ";
+		mysql_query("UPDATE users SET deleted = 'yes' WHERE uid = " . $row['uid'] . " AND year < " . $row['year']);
+		echo mysql_affected_rows() . " rows affected.\n";
+	}
+}
+?>

db/db.update.175.sql

@@ -0,0 +1,39 @@
+INSERT INTO `config` (`var`, `val`, `category`, `type`, `type_values`, `ord`, `description`, `year`) VALUES
+('cheque_date_format', 'DDMMYYYY', 'Localization', 'enum', 'YYYYMMDD=YYYYMMDD|DDMMYYYY=DDMMYYYY|MMDDYYYY=MMDDYYYY', '220', 'Format for dates on printed cheques', '-1'),
+('cheque_date_format', 'DDMMYYYY', 'Localization', 'enum', 'YYYYMMDD=YYYYMMDD|DDMMYYYY=DDMMYYYY|MMDDYYYY=MMDDYYYY', '220', 'Format for dates on printed cheques', '2012');
+
+
+INSERT INTO `reports` (`system_report_id`, `name`, `desc`, `creator`, `type`) VALUES
+(48, 'Cheques Divisional Award Winners', 'Cheques for Divisional Award Winners', 'Lightbox Technologies', 'student');
+
+INSERT INTO `reports_items` (`reports_id`, `type`, `ord`, `field`, `value`, `x`, `y`, `w`, `h`, `lines`, `face`, `fontname`, `fontstyle`, `fontsize`, `align`, `valign`, `on_overflow`) VALUES
+(LAST_INSERT_ID(), 'col', 0, 'namefl', '', 10, 12, 80, 2, 1, '', '', '', 0, 'left vcenter', '', ''),
+(LAST_INSERT_ID(), 'col', 1, 'award_prize_cash_cheque', '', 80, 7, 20, 2, 1, '', '', '', 0, 'right vcenter', '', ''),
+(LAST_INSERT_ID(), 'col', 2, 'award_name', '', 4, 35, 67, 2, 1, '', '', '', 0, 'left vcenter', '', ''),
+(LAST_INSERT_ID(), 'col', 3, 'award_prize_name', '', 8, 40, 70, 2, 1, '', '', '', 0, 'left vcenter', '', ''),
+(LAST_INSERT_ID(), 'col', 4, 'award_prize_cash_cheque', '', 80, 40, 19, 2, 1, '', '', '', 0, 'right vcenter', '', ''),
+(LAST_INSERT_ID(), 'col', 5, 'current_date_for_cheques', '', 82, 0.3, 18, 2, 1, '', '', '', 0, 'center vcenter', '', ''),
+(LAST_INSERT_ID(), 'col', 6, 'award_name', '', 4, 72, 67, 2, 1, '', '', '', 0, 'left vcenter', '', ''),
+(LAST_INSERT_ID(), 'col', 7, 'award_prize_name', '', 8, 77, 70, 2, 1, '', '', '', 0, 'left vcenter', '', ''),
+(LAST_INSERT_ID(), 'col', 8, 'award_prize_cash_cheque', '', 80, 77, 19, 2, 1, '', '', '', 0, 'right vcenter', '', ''),
+(LAST_INSERT_ID(), 'col', 9, 'allnames', '', 8, 45, 70, 2, 1, '', '', '', 0, 'left vcenter', '', ''),
+(LAST_INSERT_ID(), 'col', 10, 'allnames', '', 8, 82, 70, 2, 1, '', '', '', 0, 'left vcenter', '', ''),
+(LAST_INSERT_ID(), 'col', 11, 'award_prize_cash_words', '', 10, 7, 69, 2, 1, '', '', '', 0, 'left vcenter', '', ''),
+(LAST_INSERT_ID(), 'col', 12, 'current_date_for_cheques', '', 78, 35, 21, 2, 1, '', '', '', 0, 'right vcenter', '', ''),
+(LAST_INSERT_ID(), 'col', 13, 'current_date_for_cheques', '', 78, 72, 21, 2, 1, '', '', '', 0, 'right vcenter', '', ''),
+(LAST_INSERT_ID(), 'col', 14, 'static_text', 'DATE', 74, 0.5, 8, 1.5, 1, '', '', '', 0, 'right vcenter', '', ''),
+(LAST_INSERT_ID(), 'col', 15, 'current_date_format_for_cheques', '', 82, 2.9, 18, 1.1, 1, '', '', '', 0, 'center vcenter', '', ''),
+(LAST_INSERT_ID(), 'distinct', 0, 'registrations_num', '', 0, 0, 0, 0, 1, '', '', '', 0, ' ', '', ''),
+(LAST_INSERT_ID(), 'option', 0, 'type', 'label', 0, 0, 0, 0, 0, '', '', '', 0, '', '', 'truncate'),
+(LAST_INSERT_ID(), 'option', 1, 'group_new_page', 'no', 0, 0, 0, 0, 0, '', '', '', 0, '', '', 'truncate'),
+(LAST_INSERT_ID(), 'option', 2, 'allow_multiline', 'no', 0, 0, 0, 0, 0, '', '', '', 0, '', '', 'truncate'),
+(LAST_INSERT_ID(), 'option', 3, 'fit_columns', 'no', 0, 0, 0, 0, 0, '', '', '', 0, '', '', 'truncate'),
+(LAST_INSERT_ID(), 'option', 4, 'label_box', 'no', 0, 0, 0, 0, 0, '', '', '', 0, '', '', 'truncate'),
+(LAST_INSERT_ID(), 'option', 5, 'field_box', 'no', 0, 0, 0, 0, 0, '', '', '', 0, '', '', 'truncate'),
+(LAST_INSERT_ID(), 'option', 6, 'label_fairname', 'no', 0, 0, 0, 0, 0, '', '', '', 0, '', '', 'truncate'),
+(LAST_INSERT_ID(), 'option', 7, 'label_logo', 'no', 0, 0, 0, 0, 0, '', '', '', 0, '', '', 'truncate'),
+(LAST_INSERT_ID(), 'option', 8, 'default_font_size', '10', 0, 0, 0, 0, 0, '', '', '', 0, '', '', 'truncate'),
+(LAST_INSERT_ID(), 'option', 9, 'stock', 'fullpage', 0, 0, 0, 0, 0, '', '', '', 0, '', '', 'truncate'),
+(LAST_INSERT_ID(), 'filter', 0, 'award_type', 'divisional', 0, 0, 0, 0, 1, '', '', '', 0, ' ', '', ''),
+(LAST_INSERT_ID(), 'filter', 1, 'award_prize_cash', '0', 4, 0, 0, 0, 1, '', '', '', 0, ' ', '', '');
+

db/db.update.176.sql

@@ -0,0 +1,32 @@
+/* This file was modified Jan of 2014 by Richard Sin     */
+/* below are the updated tables, alterations, and inserts*/
+
+CREATE TABLE `projecttypes` 
+	(id int(10),
+	type varchar(64) COLLATE latin1_swedish_ci);
+
+INSERT INTO `projecttypes` (`id`,`type`) VALUES
+(1,'Experiment'),
+(2,'Innovation'),
+(3,'Study');
+
+INSERT INTO `config` (`var`,`val`,`category`, `type`, `type_values`, `ord`, `description`, `year`) VALUES
+('project_type','no','Participant Registration', 'yesno','','3100','Allows the ability to categorize projects into Experiments, Studies, or Innovations.','-1');
+
+ALTER TABLE `projects` ADD
+	(projecttype varchar(64) COLLATE latin1_swedish_ci,
+	feedback text COLLATE latin1_swedish_ci,
+	flagged tinyint(1));
+
+UPDATE `reports_items` SET `field`= 'allnames'
+WHERE `id` = 9099;
+
+INSERT INTO `translations` (lang, strmd5, str, val, argsdesc) VALUES
+('fr','245fe794333c2b0d5c513129b346b93f','Project Type','',''),
+('fr','22413e12cc28e98272e112ec778b8807','Select a project','',''),
+('fr','05aeba473f4906b85c7627ba045e890a','Experiment','',''),
+('fr','0a3dac2314e66e15240f019afcbd6b0f','Study','',''),
+('fr','32f28a2c732e178e43a0ceeffa08ab08','Innovation','',''),
+('fr','bea4c2c8eb82d05891ddd71584881b56','Feedback','',''),
+('fr','72d68acd07c783e657e2d2a9c50f16df','Flagged','',''),
+('fr','d47429e01c5a1c8768a0e293fe9b9ce5','Not flagged','','');

db/db.update.177.sql

@@ -0,0 +1,14 @@
+ALTER TABLE `students` ADD `county` VARCHAR( 64 ) NULL DEFAULT NULL AFTER `city`;
+INSERT INTO `config` (
+	`var` ,
+	`val` ,
+	`category` ,
+	`type` ,
+	`type_values` ,
+	`ord` ,
+	`description` ,
+	`year`
+)
+VALUES (
+	'participant_address_include_county', 'no', 'Participant Registration', 'yesno', '', '2100', 'Require that participants includes their county in their address.', '-1'
+);

db/db.update.178.sql

@@ -0,0 +1,23 @@
+/* This file was modified Feb of 2015 by Sebastian Ruan     */
+/* below is the updated table users_judge*/
+
+INSERT INTO `config` ( `var` , `val` , `category` , `type` , `type_values` , `ord` , `description` , `year`) VALUES (
+'signaturepage_or_permissionform', 'signaturepage', 'Participant Registration', 'enum', 'signaturepage = Signature Page|permissionform = Permission Form', 
+'2775', 'Change the name of the form that must be signed in order to participate in this fair to: <br><ul><li>Signature Page<li>Permission Form </ul>', '-1');
+
+UPDATE `config` SET `description`='Does the signature page/permission form need to be received BEFORE students are allowed to self nominate for special awards?' WHERE `var`='specialawardnomination_aftersignatures';
+
+ALTER TABLE `users_judge` ADD
+	(private_info text COLLATE latin1_swedish_ci,
+	flagged_judge tinyint(1));
+
+INSERT INTO `translations` (lang, strmd5, str, val, argsdesc) VALUES
+('fr','0a05f902716d6694a01443967d100221','Private Information','',''),
+('fr','370695d562057f1a0cf254e513d115e5','Flagged Judge','','');
+
+
+
+
+
+
+

db/db.update.179.sql

@@ -0,0 +1,13 @@
+/* This file was created March of 2015 by Sebastian Ruan 
+   below is the updated table, projects*/
+
+INSERT INTO `config` ( `var` , `val` , `category` , `type` , `type_values` , `ord` , `description` , `year`) VALUES (
+'ethics_questions', 'yes', 'Participant Registration', 'yesno', '', '2550', 'Ask if the project requires human and/or animal participants.', '-1');
+
+ALTER TABLE `projects` ADD
+	(human_participants ENUM( 'no', 'yes' ) COLLATE latin1_swedish_ci,
+	animal_participants ENUM( 'no', 'yes' ) COLLATE latin1_swedish_ci);
+
+INSERT INTO `translations` (lang, strmd5, str, val, argsdesc) VALUES
+('fr','fa7eac4f388ce0bb76f280026f10d181','My project involves human participants','',''),
+('fr','0b6e87dd18d0cb0df5a63ea74bee6989','My project involves animals','','');

db/db_update.php

@@ -19,6 +19,8 @@ else
 	exit;
 }
 
+//same fix here for mysql 5.1 not truncating the 16 char usernames
+$DBUSER=substr($DBUSER,0,16);
 
 mysql_connect($DBHOST,$DBUSER,$DBPASS);
 mysql_select_db($DBNAME);
@@ -82,7 +84,50 @@ if($dbcodeversion && $dbdbversion)
 				echo "db.update.$ver.sql detected - running...\n";
 				readfile("db.update.$ver.sql");
 				echo "\n";
-				system("mysql --default-character-set=latin1 -h$DBHOST -u$DBUSER -p$DBPASS $DBNAME <db.update.$ver.sql");
+				//  Dennis If 'system' and 'mysql' do not exist use each section of the sql files not system("sql" 
+				//  i.e. for windows ISP servers that do not provide system and sql.exe executable
+				exec("mysql -q --help", $outputnotused, $exec_sqlstatus);
+				if(function_exists("system") and $exec_sqlstatus == 0 )  {
+					// echo "<b><br />** db_update USING system('mysql ..) on this server!<b><br />";
+					system("mysql --default-character-set=latin1 -h$DBHOST -u$DBUSER -p$DBPASS $DBNAME <db.update.$ver.sql", $exit_code);
+				}
+				else{
+					// Dennis  'system and 'mysql' not available on this server. loop thru all sections of .sql files
+					$exit_code = 0;   // assume no errors for now
+					$filename = 'db.update.'.$ver.'.sql';
+					// Temporary variable, used to store current query
+					$templine = '';
+					// Read in entire file
+					$lines = file($filename);
+					// Loop through each line
+					foreach ($lines as $line)
+					{
+						// Skip it if it's a comment
+						if (substr($line, 0, 2) == '--' || $line == '')
+							continue;
+ 						// Add this line to the current segment
+						$templine .= $line;
+						// If it has a semicolon at the end, it's the end of the query
+						if (substr(trim($line), -1, 1) == ';')
+						{
+							// Perform the query
+							if(!mysql_query($templine)){
+								echo('<br/>Error performing query!<br/>'.$templine.'<br/>  mysqlerror: '.mysql_error().'<br /><br />');
+								$error_count += 1;
+							    $exit_code = -1;   // do we bail out here or keep going?  keep going for now,  get all errors
+							}
+							// Reset temp variable to empty
+							$templine = '';
+						}
+					}
+					echo "<br />";				
+				}
+				if($exit_code != 0) {
+					/* mysql failed!, what now? */
+					$error_count += 1;
+		        	echo "<br /><b>ERROR in db_update: Failed to execute query(s) without error!<br />";
+					echo "Update scripts bad or system('mysql' .. ) call failed!</b><br /><br />";
+				}
 			}
 			else
 			{

fair_additional_materials.inc.php

@@ -41,7 +41,7 @@ function fair_additional_materials($fair, $award, $year)
 				LEFT JOIN winners ON winners.awards_prizes_id=award_prizes.id
 			WHERE winners.year='$year' 
 				AND winners.fairs_id='{$fair['id']}'");
-	while($r = mysql_fetch_assoc($q)) {
+	while($r = $q->fetch()) {
 		$pid = $r['projects_id'];
 		$rep->newPage("","",1);
 		$rep->setFontSize(12);
@@ -90,7 +90,7 @@ function fair_additional_materials($fair, $award, $year)
 			$rep->nextLine();
 			$rep->addTextX("Grade: _____________          Date of birth: _____________", $x);
 			$rep->addTextX("{$s['grade']}", $x+0.75);
-			list($y,$m,$d) = split('-',$s['dateofbirth']);
+			list($y,$m,$d) = explode('-',$s['dateofbirth']);
 			$dob = date('M j, Y', mktime(0,0,0,$m,$d,$y));
 			$rep->addTextX("$dob", $x+3);
 			$rep->nextLine();

fair_info.php

@@ -49,33 +49,37 @@ switch($_GET['action']) {
 case 'save':
 	$fairs_id = intval($u['fairs_id']);
 	if($fairs_id == 0) {
-		$q = mysql_query("INSERT INTO fairs(`id`,`name`) VALUES('','new entry')");
-		$id = mysql_insert_id();
+		$stmt = $pdo->prepare("INSERT INTO fairs ('id', 'name') VALUES('', 'new entry')");
+		$stmt->execute([$id, $name]);
+		$id = $pdo->lastInsertId();
+		
 	} else {
 		$id = intval($fairs_id);
 	}
+	
+	$name = pdo->quote(stripslashes($_POST['name']));
+	$abbrv = pdo->quote(striplashes($_POST['abbrv']));
+	$url = pdo->quote($_POST['url']);
+	$website = pdo->quote($_POST['website']);
 
-	$name = mysql_real_escape_string(stripslashes($_POST['name']));
-	$abbrv = mysql_real_escape_string(stripslashes($_POST['abbrv']));
-	$url = mysql_real_escape_string($_POST['url']);
-	$website = mysql_real_escape_string($_POST['website']);
 	$type = array_key_exists($_POST['type'], $fair_type) ? $_POST['type'] : '';
-	$username = mysql_real_escape_string(stripslashes($_POST['username']));
-	$password = mysql_real_escape_string(stripslashes($_POST['password']));
+	$username = pdo->prepare(striplashes($_POST['username']));
+	$password = pdo->prepare(striplashes($_POST['password']));
+
 	$enable_stats = ($_POST['enable_stats'] == 'yes') ? 'yes' : 'no';
 	$enable_awards = ($_POST['enable_awards'] == 'yes') ? 'yes' : 'no';
 	$enable_winners = ($_POST['enable_winners'] == 'yes') ? 'yes' : 'no';
 
-	$q = mysql_query("UPDATE fairs SET `name`='$name',
-				`abbrv`='$abbrv', `url`='$url',
-				`website`='$website',
-				`type`='$type' , `username`='$username',
-				`password`='$password',
-				`enable_stats`='$enable_stats',
-				`enable_awards`='$enable_awards',
-				`enable_winners`='$enable_winners'
-				WHERE id=$id");
-	echo mysql_error();
+	$q = $pdo->prepare("UPDATE contacts SET name = $name, abbrv = '$abbrv', url = '$url', website='$website',
+				type='$type' , username='$username',
+				password='$password',
+				enable_stats='$enable_stats',
+				enable_awards='$enable_awards',
+				enable_winners='$enable_winners' WHERE id = $id");
+	$q->execute([$name, $age, $email, $id]);
+
+	echo pdo->errorInfo();
+	
 	$u['fairs_id'] = $id;
 	user_save($u);
 	happy_("Fair Informaiton successfully updated");
@@ -128,9 +132,12 @@ function fairinfo_save()
 
 <?
  /* Load the fair info */
- $q = mysql_query("SELECT * FROM fairs WHERE id={$u['fairs_id']}");
+ $q = $pdo->query;
+ $q = $pdo->query("SELECT * FROM fairs WHERE id={$u['fairs_id']}");
+
+ ######## FIX ME!!!!!
  if(mysql_num_rows($q)) {
-	 $f = mysql_fetch_assoc($q);
+	 $f = $q->fetch;
  } else {
 	 $f = array();
  }

fair_stats.php

@@ -55,10 +55,14 @@ case 'save':
 	//  $str = join(',',$stats);
 	$keys = '`fairs_id`,`year`,`'.join('`,`', array_keys($stats)).'`';
 	$vals = "'{$u['fairs_id']}','$year','".join("','", array_values($stats))."'";
-	mysql_query("DELETE FROM fairs_stats WHERE fairs_id='{$u['fairs_id']}' AND year='$year'");
-	echo mysql_error();
+	$stmt = $pdo->prepare("DELETE FROM fairs_stats WHERE fairs_id = :fairs_id AND year = :year");
+	$stmt->execute([
+    ':fairs_id' => $u['fairs_id'],
+    ':year' => $year
+]);
+	echo pdo->errorInfo();
 	mysql_query("INSERT INTO fairs_stats (`id`,$keys) VALUES ('',$vals)");
-	echo mysql_error();
+	echo pdo->errorInfo();
 
 	happy_("Fair Information Saved.");
 	exit;
@@ -108,11 +112,15 @@ $year = intval($_POST['year']);
 if($year < 1900) $year = $config['FAIRYEAR'];
 
  /* Get the stats we want from this fair */
-$q = mysql_query("SELECT * FROM fairs WHERE id='{$u['fairs_id']}'");
-echo mysql_error();
-$fair = mysql_fetch_assoc($q);
+ $q = $pdo->prepare("SELECT * FROM fairs WHERE id = :fairs_id");
 
-$s = split(',', $fair['gather_stats']);
+ $q->execute([
+	 ':fairs_id' => $u['fairs_id']
+ ]);
+echo pdo->errorInfo();
+$fair = $q->fetch(PDO::FETCH_ASSOC);
+
+$s = explode(',', $fair['gather_stats']);
 foreach($s as $k) {
 	if(trim($k) == '') continue;
 	$server_config[$k] = true;
@@ -137,9 +145,14 @@ echo "</form>";
 echo "<br />";
 
 /* Load stats */
-$q = mysql_query("SELECT * FROM fairs_stats WHERE fairs_id='{$u['fairs_id']}'
-	                   AND year='$year'");
-$stats = mysql_fetch_assoc($q);
+$q = $pdo->prepare("SELECT * FROM fairs_stats WHERE fairs_id = :fairs_id AND year = :year");
+
+$q->execute([
+    ':fairs_id' => $u['fairs_id'],
+    ':year' => $year
+]);
+
+$stats = $q->fetch(PDO::FETCH_ASSOC);
 
 /* Print stats */
 

fckeditor/editor/filemanager/connectors/php/config.php

@@ -43,7 +43,14 @@ $Config['UserFilesPath'] = $config_sfiabdirectory.'/data/userfiles/' ;
 // user files directory. Useful if you are using a virtual directory, symbolic
 // link or alias. Examples: 'C:\\MySite\\userfiles\\' or '/root/mysite/userfiles/'.
 // Attention: The above 'UserFilesPath' must point to the same directory.
-$Config['UserFilesAbsolutePath'] = '' ;
+list($sub,$junk)=explode(".",$_SERVER['HTTP_HOST'],2);
+if($junk=="sfiab.com") {
+	$p="{$_SERVER['DOCUMENT_ROOT']}/{$sub}/data/userfiles/";
+	$Config['UserFilesAbsolutePath'] = $p;
+}
+else {
+	$Config['UserFilesAbsolutePath'] = '';
+}
 
 // Due to security issues with Apache modules, it is recommended to leave the
 // following setting enabled.

important_dates.php

@@ -26,9 +26,12 @@
  send_header("Important Dates",null,"important_dates");
 
  echo "<table>";
+ $q = $pdo->prepare("SELECT *, UNIX_TIMESTAMP(date) AS udate FROM dates WHERE year = :year ORDER BY date");
 
- $q=mysql_query("SELECT *,UNIX_TIMESTAMP(date) AS udate FROM dates WHERE year='{$config['FAIRYEAR']}' ORDER BY date");
- while($r=mysql_fetch_object($q))
+ $q->execute([
+     ':year' => $config['FAIRYEAR']
+ ]);
+ while($r = $q->fetch(PDO::FETCH_OBJ))
  {
  	$trclass = ($trclass == 'odd') ? 'even' : 'odd';
 	if($r->date != '0000-00-00 00:00:00') {

install.php

@@ -38,18 +38,47 @@ if(file_exists("data/config.inc.php"))
 	exit;
 }
 ?>
+<?php
+//  Dennis  2011-02-21   Added all these checks prior to install 
+if(!function_exists("system")) {
+	echo "<br />Warning: Function 'system' is not available in this server! Installation may not work!<br /><br />";
+}
+if(!function_exists("exec")) {
+	echo "Warning: Function 'exec' is not available in this server! Installation may not work!<br /><br />";
+}
+else {
+	$status = 99;
+    exec("mysql -q --help", $output, $status);
+	if(!$status == 0){
+		echo "Warning: Functions 'system' and 'exec' are available but 'mysql.exe' is not setup for use in system() calls<br />Install on this server may not have full funtionality!<br /><br />";		
+	}
+	$status = 99;
+	exec("php -v",$output,$status);
+	if ($status == 0){
+		//echo "Good:  php is callable from exec and system!<br />";	
+		}
+	else{
+		echo "Warning: Functions 'system' and 'exec' are available but 'php.exe' is not setup for use in system() calls<br />Install on this server may not have full funtionality!<br /><br />";	
+		}
+}
+//  This check can be eliminated after all pdf reports are converted to tcpdf
+if (!function_exists("pdf_new")){
+echo "Warning: pdflib is not installed on this server! Most pdf reports will fail!<br /><br />";	
+}
 
-
+?>
 <?
 $showform=true;
 
 if($_POST['dbhost'] && $_POST['dbname'] && $_POST['dbuser'] && $_POST['dbpass'])
+
 {
-	if(@mysql_connect($_POST['dbhost'],$_POST['dbuser'],$_POST['dbpass']))
-	{
-		if(mysql_select_db($_POST['dbname']))
-		{
-			$showform=false;
+
+	try {
+		$pdo = new PDO('mysql:host=' . $_POST['dbhost'] . ';dbname=' . $_POST['dbname'], $_POST['dbuser'], $_POST['dbpass']);
+		$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
+
+		$showform=false;
 			echo "<div class=\"happy\">Database connection successful!</div>";
 			echo "<br />";
 			echo "Storing database connection information... ";
@@ -72,20 +101,31 @@ if($_POST['dbhost'] && $_POST['dbname'] && $_POST['dbuser'] && $_POST['dbpass'])
 				echo "<div class=\"error\">Cannot write to data/config.inc.php.  Make sure the web server has write access to the data/ subdirectory</div>";
 
 			}
+	} catch (PDOException $e) {
+		// Handle error
+		echo 'Connection failed: ' . $e->getMessage();
+	}
+	echo "<a href=\"install2.php\">Proceed to installation step 2</a><br />";
+}
+else
+{
+	echo "<div class=\"error\">Cannot write to data/config.inc.php.  Make sure the web server has write access to the data/ subdirectory</div>";
 
-		}
-		else
-		{
-			echo "<div class=\"error\">Connected, but cannot select database.  Make sure Database Name is correct, and that the user '".$_POST['dbuser']."' has access to it</div>";
-		}
-	
-	
-	}
-	else
-	{
-		echo "<div class=\"error\">Cannot connect to database.  Make sure Host, User and Pass are correct</div>";
-	}
-	echo "<br />";
+}
+
+}
+else
+{
+echo "<div class=\"error\">Connected, but cannot select database.  Make sure Database Name is correct, and that the user '".$_POST['dbuser']."' has access to it</div>";
+}
+
+
+}
+else
+{
+echo "<div class=\"error\">Cannot connect to database.  Make sure Host, User and Pass are correct</div>";
+}
+echo "<br />";
 }
 
 

install2.php

@@ -36,6 +36,9 @@ if(!function_exists("system")) {
 	echo "</body></html>";
 	exit;
 }
+// Dennis    see if mysql is available from cli
+$exec_sqlstatus = 99;    // will be set to 0 if following works. I test this prior to system("mysql...) calls
+exec("mysql -q --help", $outputnotused, $exec_sqlstatus);
 
 if(!file_exists("data/config.inc.php"))
 {
@@ -46,8 +49,8 @@ if(!file_exists("data/config.inc.php"))
 }
 
 require_once("data/config.inc.php");
-mysql_connect($DBHOST,$DBUSER,$DBPASS);
-mysql_select_db($DBNAME);
+$DBUSER=substr($DBUSER,0,16);
+pdo = new PDO($DBHOST,$DBUSER,$DBPASS);
 
 		echo "Getting database version requirements for code... ";
 
@@ -65,8 +68,10 @@ mysql_select_db($DBNAME);
 
 		echo "Checking for existing SFIAB database... ";
 
-		$q=@mysql_query("SELECT val FROM config WHERE var='DBVERSION' AND year='0'");
-		$r=@mysql_fetch_object($q);
+		$q = $pdo->prepare("SELECT val FROM config WHERE var = 'DBVERSION' AND year = '0'");
+$q->execute();
+
+$r = $q->fetch(PDO::FETCH_OBJ);
 		$dbdbversion=$r->val;
 
 		if($dbdbversion)
@@ -86,23 +91,73 @@ mysql_select_db($DBNAME);
 		{
 			echo "<b>Not found (good!)</b><br />";
 		}
-
+		// Dennis  count the errors here and in db_update
+		$error_count = 0;
 		echo "Checking for database installer for version $dbcodeversion... ";
 		if(file_exists("db/db.full.$dbcodeversion.sql"))
 		{
 			echo "<b>db/db.full.$dbcodeversion.sql found</b><br />";
 
 			echo "Setting up database tables... ";
-
-			system("mysql --default-character-set=latin1 -h$DBHOST -u$DBUSER -p$DBPASS $DBNAME <db/db.full.$dbcodeversion.sql");
-
+			//  Dennis If 'system' and 'mysql' do not exist use each section of the sql files not system("sql" ... 
+			//  i.e. for windows ISP servers that do not provide system and sql.exe executable
+			if(function_exists("system") and $exec_sqlstatus == 0 )  {
+				echo "<b><br />** USING system('mysql ..) on this server!<b><br />";
+				system("mysql --default-character-set=latin1 -h$DBHOST -u$DBUSER -p$DBPASS $DBNAME <db/db.full.$dbcodeversion.sql, $exit_code");
+				}
+			else    // 'system' and 'mysql' not available. Try to break up the query and just do each part.
+				{
+				$exit_code = 0;
+				$filename = 'db/db.full.'.$dbcodeversion.'.sql';
+				// Temporary variable, used to store current query
+				$templine = '';
+				// Read in entire file
+				$lines = file($filename);
+				// Loop through each line
+				foreach ($lines as $line)
+				{
+					// Skip it if it's a comment
+					if (substr($line, 0, 2) == '--' || $line == '')
+					continue;
+					// Add this line to the current segment
+					$templine .= $line;
+					// If it has a semicolon at the end, it's the end of the query
+					if (substr(trim($line), -1, 1) == ';')
+					{
+					// Perform the query
+					if(!pdo->exec($templine)){
+						echo('<br/>Error performing query!<br/>'.$templine.'<br/>  mysqlerror: '.pdo->errorInfo().'<br /><br />');
+						$exit_code = -1;   // do we bail out here or keep going?  keep going for now,  get all errors
+					}
+					// Reset temp variable to empty
+					$templine = '';
+					}
+				}
+				echo "<br/><br />";
+			}
+			if($exit_code != 0) {
+				/* mysql failed!, what now?  */
+				$error_count += 1;
+				echo "<br /><b>mysql failed to execute query(s) without error!<b><br />"; 
+			}
 			echo "<b>Done! installed database version $dbcodeversion</b><br />\n";
 
 			//now update the db version in the database
-			mysql_query("UPDATE config SET val='$dbcodeversion' WHERE var='DBVERSION' AND year='0'");
+			$stmt = $pdo->prepare("UPDATE config SET val = :dbcodeversion WHERE var = 'DBVERSION' AND year = '0'");
+$stmt->execute([
+    ':dbcodeversion' => $dbcodeversion
+]);
+
 
 			echo "<br />";
 			echo "<b>Done!</b><br />";
+			//   Dennis allert if errors! 
+			if ($error_count > 0){
+			  echo "<b>THERE WERE ERRORS!  The database was not created correctly!</b><br />";
+			}
+			else{
+			   echo "<b>DATABASE CREATED SUCCESSFULLY!</b><br />";	
+			}
 			echo "<a href=\"install3.php\">Proceed to installation step 3</a><br />";
 		}
 		else
@@ -111,18 +166,59 @@ mysql_select_db($DBNAME);
 			echo "Trying to find an older version... <br />";
 
 			for($x=$dbcodeversion;$x>0;$x--)
-			{
+			{ALTER TABLE `reports_items` ADD `on_overflow` ENUM( 'truncate', '...', 'scale' ) NOT NULL;
+
 				if(file_exists("db/db.full.$x.sql"))
 				{
 					echo "<b>db/db.full.$x.sql found</b><br />";
 					echo "Setting up database tables... ";
-
-					system("mysql --default-character-set=latin1 -h$DBHOST -u$DBUSER -p$DBPASS $DBNAME <db/db.full.$x.sql");
-
+					//  Dennis If 'system' and 'mysql' do not exist use each section of the sql files not system("sql" 
+					//  i.e. for windows ISP servers that do not provide system and sql.exe executable
+					if(function_exists("system") and $exec_sqlstatus == 0 )  {
+					echo "<b><br />** USING system('mysql ..) on this server!<b><br />";
+					system("mysql --default-character-set=latin1 -h$DBHOST -u$DBUSER -p$DBPASS $DBNAME <db/db.full.$x.sql", $exit_code);
+					}
+					else    // 'system' and 'mysql' not available. Try to break up the query and just do each part.
+						{
+						$exit_code = 0;
+						$filename = 'db/db.full.'.$x.'.sql';
+						// Temporary variable, used to store current query
+						$templine = '';
+						// Read in entire file
+						$lines = file($filename);
+						// Loop through each line
+						foreach ($lines as $line)
+						{
+							// Skip it if it's a comment
+							if (substr($line, 0, 2) == '--' || $line == '')
+							continue;
+							// Add this line to the current segment
+							$templine .= $line;
+							// If it has a semicolon at the end, it's the end of the query
+							if (substr(trim($line), -1, 1) == ';')
+							{
+							// Perform the query
+							if(!pdo->exec($templine)){
+								echo('<br/>Error performing query!<br/>'.$templine.'<br/>  mysqlerror: '.pdo->errorInfo().'<br /><br />');
+							    $exit_code = -1;   // do we bail out here or keep going?  keep going for now,  get all errors
+							}
+							// Reset temp variable to empty
+							$templine = '';
+							}
+						}
+						echo "<br/><br />";
+					}
+					if($exit_code != 0) {
+						/* mysql failed!, what now?  */
+						$error_count += 1;
+						echo "<br/><b>mysql failed to execute query(s) without error!<b><br/>"; 
+					}
 					echo "<b>Done! installed database version $x</b><br />\n";
 
 					//now update the db version in the database
-					mysql_query("UPDATE config SET val='$x' WHERE var='DBVERSION' AND year='0'");
+					$stmt = $pdo->prepare("UPDATE config SET val = :x WHERE var = 'DBVERSION' AND year = '0'");$stmt->execute([
+    ':x' => $x
+]);
 
 					echo "<b>Attempting to update database using standard update script to update from $x to $dbcodeversion<br />";
 					echo "<br />Please scroll to the bottom of this page for the link to the next step of the installation process.<br /></b>";
@@ -135,6 +231,13 @@ mysql_select_db($DBNAME);
 
 					echo "<br />";
 					echo "<b>Done!</b><br />";
+					//   Dennis allert if errors!  2011-02-18
+					if ($error_count > 0){
+					  echo "<b>THERE WERE ERRORS!  The database was not created correctly!</b><br />";
+					}
+					else{
+					   echo "<b>DATABASE CREATED SUCCESSFULLY!</b><br />";	
+					}
 					echo "<a href=\"install3.php\">Proceed to installation step 3</a><br />";
 					break;
 				}

install3.php

@@ -42,13 +42,22 @@ require_once("data/config.inc.php");
 require_once("config_editor.inc.php");
 require_once("user.inc.php");
 require_once("committee.inc.php");
-mysql_connect($DBHOST,$DBUSER,$DBPASS);
-mysql_select_db($DBNAME);
+$DBUSER=substr($DBUSER,0,16);
+
+
+pdo = new PDO($DBHOST,$DBUSER,$DBPASS)
+
 
 		echo "Checking for SFIAB database... ";
 
-		$q=@mysql_query("SELECT val FROM config WHERE var='DBVERSION' AND year='0'");
-		$r=@mysql_fetch_object($q);
+
+
+		$stmt = $pdo->prepare("SELECT val FROM config WHERE var = :var AND year = :year");
+		$stmt->execute([':var' => 'DBVERSION', ':year' => 0]);
+
+
+    	$r = $stmt->fetch(PDO::FETCH_OBJ);
+
 		$dbdbversion=$r->val;
 
 		if(!$dbdbversion)
@@ -60,9 +69,9 @@ mysql_select_db($DBNAME);
 		}
 
 //a fresh install should ONLY have DBVERSION defined in the config table.  If there are others (FAIRYEAR, SFIABDIRECTORY) then this is NOT fresh
-$q=mysql_query("SELECT * FROM config WHERE year='0' AND ( var='DBVERSION' OR var='FAIRYEAR' OR var='SFIABDIRECTORY') ");
+$q=pdo->query("SELECT * FROM config WHERE year='0' AND ( var='DBVERSION' OR var='FAIRYEAR' OR var='SFIABDIRECTORY') ");
 //we might get an error if the config table does not exist (ie, installer step 2 failed)
-if(mysql_error())
+if(pdo->errorInfo)
 {
 	//we say all tables, but really only we check for config where year=0;
 	echo "<div class=\"error\">ERROR: No SFIAB tables detected,  It seems like step 2 failed.  Please go <a href=\"install2.php\">Back to Installation Step 2</a> and try again.</div>";
@@ -109,9 +118,37 @@ if($_POST['action']=="save")
 	if(!$err)
 	{
 		echo "Creating configuration settings...";
-		mysql_query("INSERT INTO config (var,val,category,ord,year) VALUES ('FAIRYEAR','".$_POST['fairyear']."','Special','0','0')");
-		mysql_query("INSERT INTO config (var,val,category,ord,year) VALUES ('FISCALYEAR','".$_POST['fiscalyear']."','Special','0','0')");
-		mysql_query("INSERT INTO config (var,val,category,ord,year) VALUES ('SFIABDIRECTORY','".$_POST['sfiabdirectory']."','Special','','0')");
+		
+
+
+$stmt = $pdo->prepare("INSERT INTO config (var, val, category, ord, year) VALUES (:var, :val, :category, :ord, :year)");
+
+
+$stmt->execute([
+    ':var' => 'FAIRYEAR',
+    ':val' => $_POST['fairyear'],
+    ':category' => 'Special',
+    ':ord' => '0',
+    ':year' => '0'
+]);
+
+$stmt->execute([
+    ':var' => 'FISCALYEAR',
+    ':val' => $_POST['fiscalyear'],
+    ':category' => 'Special',
+    ':ord' => '0',
+    ':year' => '0'
+]);
+
+$stmt->execute([
+    ':var' => 'SFIABDIRECTORY',
+    ':val' => $_POST['sfiabdirectory'],
+    ':category' => 'Special',
+    ':ord' => '',
+    ':year' => '0'
+]);
+
+
 
 		$year = intval($_POST['fairyear']);
 		
@@ -119,25 +156,52 @@ if($_POST['action']=="save")
 		config_update_variables($year);
 
 		// Update some variables 
-		mysql_query("UPDATE config SET 
-				val='".mysql_escape_string(stripslashes($_POST['fairname']))."'
-				WHERE var='fairname' AND year='$year'");
+	
 
-		mysql_query("UPDATE config SET 
-				val='".mysql_escape_string(stripslashes($_POST['email']))."'
-				WHERE var='fairmanageremail' AND year='$year'");
+		$stmt = pdo->prepare("UPDATE config SET val = :fairname WHERE var = 'fairname' AND year = :year")
+		$stmt.execute(':fairname' => stripslashes($_POST['fairname']),
+    					':year' => $year)
+		
+		$stmt = pdo->prepare("UPDATE config SET val = :email WHERE var = 'fairmanageremail' AND year = :year")
+		$stmt->execute([':email' => $_POST['email'],':year' => $year
+		]);
 
-		$q=mysql_query("SELECT * FROM dates WHERE year='-1'");
-		while($r=mysql_fetch_object($q))
-		{
-			mysql_query("INSERT INTO dates (date,name,description,year) VALUES ('$r->date','$r->name','$r->description','".$_POST['fairyear']."')");
+
+	
+		$stmt = $pdo->prepare("SELECT * FROM dates WHERE year = :year");
+
+		$stmt->execute([':year' => '-1']);
+
+
+		$results = $stmt->fetchAll(PDO::FETCH_OBJ);
+
+		$stmt = pdo->prepare("INSERT INTO dates (date, name, description, year) VALUES (:date, :name, :description, :fairyear)")
+
+		foreach($results as $r){
+			$stmt->execute([
+				':date' => $r->date,
+       			 ':name' => $r->name,
+        		':description' => $r->description,
+        		':fairyear' => $_POST['fairyear']
+			]);
 		}
 
+		$stmt = pdo->prepare('SELECT * FROM award_types WHERE year=:year')
+
+		$stmt->execute(['year' => -1])
+
+		$results = $stmt->fetchAll(PDO::FETCH_OBJ);
+
+		$insertStmt = $pdo->prepare("INSERT INTO award_types (id, type, `order`, year) VALUES (:id, :type, :order, :year)");
 		//copy over the award_types defautls
-		$q=mysql_query("SELECT * FROM award_types WHERE year='-1'");
-		while($r=mysql_fetch_object($q))
-		{
-			mysql_query("INSERT INTO award_types (id,type,`order`,year) VALUES ('$r->id','$r->type','$r->order','".$_POST['fairyear']."')");
+
+		foreach($results as $r){
+			$insertStmt->execute([
+				'id' => $r->id,
+				'type' => $r->type,
+				'order' => $r->order,
+				'year' => $fairYear
+			]);
 		}
 
 		echo "<b>Done!</b><br />";
@@ -158,7 +222,7 @@ if($_POST['action']=="save")
 		$u['password'] = mysql_escape_string(stripslashes($_POST['pass1']));
 		$u['access_admin'] = 'yes';
 		$u['access_config'] = 'yes';
-		$u['access_super'] = 'yes';
+		$u['access_super'] = 'yes'; 
 		user_save($u);
 
 		echo "<b>Done!</b><br />";
@@ -171,7 +235,10 @@ if($_POST['action']=="save")
 }
 
 echo "<br />";
+
 echo "Please enter the following options <br />";
+
+}
 echo "<br />";
 
 $month=date("m");
@@ -180,8 +247,9 @@ else $fairyearsuggest=date("Y");
 
 if($month>6) $fiscalyearsuggest=date("Y")+1;
 else $fiscalyearsuggest=date("Y");
-
-$directorysuggest=substr($_SERVER['REQUEST_URI'],0,-13);
+// Dennis  $_SERVER['REQUEST_URI'] is not available on many Windows servers
+//$directorysuggest = substr($_SERVER['REQUEST_URI'],0,-13);
+$directorysuggest = substr(getenv("SCRIPT_NAME"),0,-13);
 echo "<h3>Options</h3>";
 echo "<form method=\"post\" action=\"install3.php\">";
 echo "<input type=\"hidden\" name=\"action\" value=\"save\" />";
@@ -198,7 +266,8 @@ echo "<h3>Superuser Account</h3>";
 echo "Please choose your superuser account which is required to login to SFIAB and configure the system, as well as to add other users. <br />";
 echo "<table>";
 echo "<tr><td>Superuser Email Address</td><td><input size=\"40\" type=\"text\" name=\"email\"></td></tr>";
-echo "<tr><td>Superuser Password</td><td><input size=\"15\" type=\"password\" name=\"pass1\"></td></tr>";
+echo "<tr><td>Superuser Password</td><td><input size=\"15\" type=\"password\" name=
+		}\"pass1\"></td></tr>";
 echo "<tr><td>Superuser Password (Confirm)</td><td><input size=\"15\" type=\"password\" name=\"pass2\"></td></tr>";
 echo "</table>";
 echo "<br />";

judge.inc.php

@@ -64,11 +64,29 @@ function judge_status_other(&$u)
 
 	/* They must select a language to judge in */
 	if(count($u['languages']) < 1) return 'incomplete';
-
-	return 'complete';
+	return judge_status_questions($u);
 }
 
+function judge_status_questions($u){
+	/* Logic:
+		- count the number of required questions and get their id's.
+		- count the questions answered by the user which match those id's
+		- if those counts are not the same, then the user has not answered all required questions
+	*/
+	global $config;
+	// get the questions we're looking for
+	$q = mysql_query("SELECT id FROM questions WHERE year=" . $config['FAIRYEAR'] . " AND required='yes'");
+	$idList = array();
+	while($row = mysql_fetch_assoc($q)) $idList[] = $row['id'];
 
+	$rval = 'complete';
+	if(count($idList)){
+		$q = mysql_query("SELECT COUNT(*) AS tally FROM question_answers WHERE questions_id IN(" . implode(',', $idList) . ") AND users_id=" . $u['id'] . " AND answer IS NOT NULL");
+		$row = mysql_fetch_assoc($q);
+		if(intval($row['tally']) != count($idList)) $rval = 'incomplete';
+	}
+	return $rval;
+}
 
 function judge_status_special_awards(&$u)
 {

judge_expertise.php

@@ -188,6 +188,7 @@ echo "<input type=\"hidden\" name=\"users_id\" value=\"{$u['id']}\">\n";
 	echo "<tr class=\"$trclass\"><td><b>".i18n($r->division)."</b></td>";
 
 	for($x=1;$x<=5;$x++) {
+		if(!$u['div_prefs'][$r->id]) $u['div_prefs'][$r->id]=1;
 		$sel = ($u['div_prefs'][$r->id]==$x) ? "checked=\"checked\"" : '';
 		echo "<td width=\"30\"><input onclick=\"fieldChanged()\" $sel type=\"radio\" name=\"division[$r->id]\" value=\"$x\" /></td>";
 	}

judge_other.php

@@ -20,6 +20,11 @@
    the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
    Boston, MA 02111-1307, USA.
 */
+
+// This file was modified March of 2015 by Sebastian Ruan
+// Judges now have a private information field which only committee members can see and edit.
+// If information is entered into this field the judge will be flagged in ./admin/user_list.php table.
+
 ?>
 <?
  require_once('common.inc.php');
@@ -57,11 +62,22 @@ case 'save':
 	$u['years_regional'] = intval($_POST['years_regional']);
 	$u['years_national'] = intval($_POST['years_national']);
 	$u['highest_psd'] = stripslashes($_POST['highest_psd']);
+	$u['private_info'] = mysql_escape_string(iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['private_info'])));
+
+	//check if judge has been flagged then update them
+
+	if(empty($_POST['private_info'])) {
+		$u['flagged_judge'] = '0';
+	} 
+	else {
+		$u['flagged_judge'] = '1';
+	}
 
 	user_save($u);
     questions_save_answers("judgereg",$u['id'],$_POST['questions']);
 	happy_("Preferences successfully saved");
 
+
 	$u=user_load($eid);
 	$newstatus=judge_status_other($u);
         echo "<script type=\"text/javascript\">";
@@ -159,8 +175,10 @@ if($config['judges_specialaward_only_enable'] == 'yes') {
 	<? $ch = ($u['willing_chair'] == 'yes') ? 'checked="checked"' : ''; ?>
  	<input <?=$ch?> type="checkbox" name="willing_chair" value="yes" />
 </tr><tr>
+
 	<td><?=i18n("Highest post-secondary degree")?></td>
 	<td><input onchange="fieldChanged()" type="text" name="highest_psd" size="35" value="<?=$u['highest_psd']?>" /></td>
+
 </tr><tr>
 	<td colspan="2"><hr /></td></tr>
 </table>
@@ -171,6 +189,21 @@ questions_print_answer_editor('judgereg', $u, 'questions');
 ?>
 </table>
 
+<?
+if ($_SESSION['users_type'] == 'committee' && committee_auth_has_access('admin') == true){
+?>
+	<table class="editor">
+	<tr><td colspan="4"><hr /></td></tr><tr>
+	<?
+	//<td><?=i18n("Private Information")? > </td><td>
+	//<input onchange="fieldChanged()" type="textarea" name="private_info" size="35" value="<?=$u['private_info']? >"></td></tr>
+	echo"<tr><td>".i18n("Private Information").": </td><td><textarea cols=\"110\" rows=\"8\" id=\"private_info\" name=\"private_info\">".htmlspecialchars($u['private_info'])."</textarea><br />";
+	?>
+	</table>
+<?
+}
+?>
+
 <br /><br />
 
 <input type="submit" onclick="judgeother_save(); return false;" value="<?=i18n("Save Information")?>" />

judge_special_awards.php

@@ -132,7 +132,7 @@ if($_SESSION['embed'] != true) {
  while($r=mysql_fetch_object($q))
  {
  	?>
- 	<tr><td rowspan=\"2\">
+ 	<tr><td rowspan="2">
 		<? $ch = (in_array($r->id,$spawards)) ? "checked=\"checked\"" : ""; ?>
 		<input onclick="checkboxclicked(this)" <?=$ch?> type="checkbox" name="spaward[]" value="<?=$r->id?>" />
 		</td><td>

lpdf.php

@@ -20,6 +20,10 @@
    the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
    Boston, MA 02111-1307, USA.
 */
+
+// This file was modified Jan of 2014 by Richard Sin
+// It properly formats pdf files and prevents overflows.
+
 ?>
 <?
 class lpdf
@@ -216,6 +220,8 @@ class lpdf
 //				echo "breaking because nr==prevnr ($nr==$prevnr) trying to output [$textstr] (debug: fontsize=$fontsize, lineheight=$lineheight, stringwidth=$stringwidth, left=".$this->loc(0.75).", top=".$this->loc($this->yloc).", width=".$this->loc(7).", height=$lineheight)\n";
 				break;
 			}
+			$q=mysql_query("SELECT * FROM translations WHERE lang='".$_SESSION['lang']."' AND strmd5='".md5($str)."'");
+			if($r=@mysql_fetch_object($q))
 
 			$prevnr=$nr;
 //			printf("x=%f y=%f w=%f h=%f",$this->loc(0.75),$this->loc($this->yloc),$this->loc(7),$lineheight);
@@ -664,18 +670,20 @@ class lpdf
 		//if we get a table passed in that doesnt look like a table (not an array) then just return doing nothing
 		if(!is_array($table)) return;
 
-		if(is_array($table['header'])) {
+		if(is_array($table['header'])) 
+		{
 			$table_cols=count($table['header']);
 		} else {
 			$table_cols=count($table['data']);
 		}
-		$line_height=round(round($this->defaultFontSize)/64,2);
 
+		$line_height=round(round($this->defaultFontSize)/64,2);
 		$table_width=array_sum($table['widths']);
 		$table_padding=0.03;
-	
 		$allow_multiline = false;
-		if(is_array($table['option'])) {
+
+		if(is_array($table['option'])) 
+		{
 			$allow_multiline = ($table['option']['allow_multiline'] == true) ? true : false;
 		}
 
@@ -691,113 +699,124 @@ class lpdf
 		//now do the data in the table
 		if($table['data'])
 		{
+
 			pdf_setfont($this->pdf,$this->normalfont,$this->defaultFontSize);
 			foreach($table['data'] AS $dataline)
 			{
-//				$this->yloc-=$line_height;
-				$xpos=$xpos_of_table;
-
-				/* Fit first */
-				$col_width = array();
-				$col_height = 1;
-				for($c=0;$c<$table_cols;$c++)
+				do
 				{
-					$width=$table['widths'][$c];
-					$textstr=trim($dataline[$c]);
-					$try=0;
-					$h = $col_height;
-					$last_notfit = 0;
-
-					while(1) {
-//						echo "h=$h, width=$width, text=[$textstr]\n";
-						$notfit=pdf_show_boxed($this->pdf,$textstr,
-							$this->loc($xpos+$table_padding),$this->loc($this->yloc-($h)*$line_height),
-							$this->loc($width-2*$table_padding),$this->loc($line_height*$h),
-							$table['dataalign'][$c],'blind');
-//					 	echo "  nofit=$notfit\n";
-
-						/* It fits, break and do it for real */
-						if($notfit == 0) break;
-
-						/* If we're not allowed to use multiple lines, we're done. */ 
-						if($allow_multiline == false) break; 
-
-						if($last_notfit == $notfit) {
-							/* Height was increased, but it didn't help the fit at all
-							 * Try again up to 5 times. */
-							if($try == 5) {
-								/* Text in is the same as text out for 5 line increments,
-								 * we're probably in an infinite loop.  So, instead
-								 * of trying to just add vspace, fudge the hspace and
-								 * restart */
-								$h = 1;
-								$width += 0.1;
-								$try=0;
-								continue;
-							}
-							$try++;
-						} else {
-							/* We found a line height that helped the fit */
-							$try=0;
-						}
-						$last_notfit = $notfit;
-
-						/* Increase the height and try again */
-						$h++;
-					}
-					$col_width[$c] = $width;
-					if($h > $col_height) $col_height = $h;
-				}
-
-				/* If this entry goes off the bottom of the
-				 * page, start a new page, and then blindly
-				 * dump this entry on it (but try to squeeze on
-				 * as much as possible) */
-				if($this->yloc - ($line_height * $col_height) < 0.75)
-				{
-					$this->addTableEnd($table, $xpos_of_table, $top_of_table);
-					$this->newPage($this->page_width,$this->page_height);
-					$top_of_table = $this->addTableStart($table, $xpos_of_table, $table_width);
-				}
-
-				/* Do it for real */
-				for($c=0;$c<$table_cols;$c++)
-				{
-					$width = $col_width[$c];
-					$h = $col_height * $line_height;
-					$textstr=trim($dataline[$c]);
-
-					$notfit = pdf_show_boxed($this->pdf,$textstr,
-						$this->loc($xpos+$table_padding),$this->loc($this->yloc-$h),
-						$this->loc($width-2*$table_padding),$this->loc($h),
-						$table['dataalign'][$c],null);
-
-					//put a little "..." at the end of the field
-					if($notfit)
+					$xpos=$xpos_of_table;
+	
+					/* Fit first */
+					$col_width = array();
+					$col_height = 1;
+					for($c=0;$c<$table_cols;$c++)
 					{
-						pdf_setfont($this->pdf,$this->normalfont,8);
-						pdf_show_boxed($this->pdf,"...",
-							$this->loc($xpos+$width-0.10),$this->loc($this->yloc-$line_height-0.05),
-							$this->loc(0.10),$this->loc($line_height),
-							$table['dataalign'][$c],null);
-						pdf_setfont($this->pdf,$this->normalfont,$this->defaultFontSize);
+						$width=$table['widths'][$c];
+						$textstr=trim($dataline[$c]);
+						$try=0;
+						$h = $col_height;
+						$last_notfit = 0;
+						while(1) 
+						{
+							$notfit=pdf_show_boxed($this->pdf,$textstr,
+								$this->loc($xpos+$table_padding),$this->loc($this->yloc-($h)*$line_height),
+								$this->loc($width-2*$table_padding),$this->loc($line_height*$h),
+								$table['dataalign'][$c],'blind');
+	
+							/* It fits, break and do it for real */
+							if($notfit == 0) break;
+	
+							/* If we're not allowed to use multiple lines, we're done. */ 
+							if($allow_multiline == false) break; 
+	
+							if($last_notfit == $notfit) 
+							{
+								/* Height was increased, but it didn't help the fit at all
+								 * Try again up to 5 times. */
+								if($try == 5) 
+								{
+									/* Text in is the same as text out for 5 line increments,
+									 * we're probably in an infinite loop.  So, instead
+									 * of trying to just add vspace, fudge the hspace and
+									 * restart */
+									$h = 1;
+									$width += 0.1;
+									$try=0;
+									continue;
+								}
+								$try++;
+							} else {
+								/* We found a line height that helped the fit */
+								$try=0;
+							}
+	
+							$last_notfit = $notfit;
+							if($this->yloc - ($line_height * $h) < 0.75)
+							{
+								$h--;
+								break;
+							} else {
+								/* Increase the height and try again */
+								$h++;
+							}
+						}
+						$col_width[$c] = $width;
+						
+						if($h > $col_height) $col_height = $h;
 					}
-
-					$xpos+=$width;
-				}
-				$this->yloc -= $line_height*$col_height;
-
-				//draw the line below the table data)
-				pdf_moveto($this->pdf,$this->loc($xpos_of_table),$this->loc($this->yloc));
-				pdf_lineto($this->pdf,$this->loc($xpos_of_table+$table_width),$this->loc($this->yloc));
-				pdf_stroke($this->pdf);
-
-				if($this->yloc<1.1)
-				{
-					$this->addTableEnd($table, $xpos_of_table, $top_of_table);
-					$this->newPage($this->page_width,$this->page_height);
-					$top_of_table = $this->addTableStart($table, $xpos_of_table, $table_width);
-				}
+	
+					/* If this entry goes off the bottom of the
+					 * page, start a new page, and then blindly
+					 * dump this entry on it (but try to squeeze on
+					 * as much as possible) */
+					//if($this->yloc - ($line_height * $col_height) < 0.75)
+					//{
+					//	$this->addTableEnd($table, $xpos_of_table, $top_of_table);
+					//	$this->newPage($this->page_width,$this->page_height);
+					//	$top_of_table = $this->addTableStart($table, $xpos_of_table, $table_width);
+					//}
+	
+					/* Do it for real */
+					for($c=0;$c<$table_cols;$c++)
+					{
+						$width = $col_width[$c];
+						$h = $col_height * $line_height;
+						$textstr=trim($dataline[$c]);
+	
+						$notfit = pdf_show_boxed($this->pdf,$textstr,
+							$this->loc($xpos+$table_padding),$this->loc($this->yloc-$h),
+							$this->loc($width-2*$table_padding),$this->loc($h),
+							$table['dataalign'][$c],null);
+	
+						//put a little "..." at the end of the field
+						if($notfit)
+						{	
+							$dataline[$c]=substr($textstr,-$notfit);
+							pdf_setfont($this->pdf,$this->normalfont,8);
+							if($allow_multiline)pdf_show_boxed($this->pdf,"(continued..)",
+								$this->loc($xpos+$width-0.55),$this->loc($this->yloc-$h-0.15),
+								$this->loc(0.6),$this->loc($line_height),
+								$table['dataalign'][$c],null);
+							pdf_setfont($this->pdf,$this->normalfont,$this->defaultFontSize);
+						}
+	
+						$xpos+=$width;
+					}
+					$this->yloc -= $line_height*$col_height;
+	
+					//draw the line below the table data)
+					pdf_moveto($this->pdf,$this->loc($xpos_of_table),$this->loc($this->yloc));
+					pdf_lineto($this->pdf,$this->loc($xpos_of_table+$table_width),$this->loc($this->yloc));
+					pdf_stroke($this->pdf);
+	
+					if($this->yloc<1.1)
+					{
+						$this->addTableEnd($table, $xpos_of_table, $top_of_table);
+						$this->newPage($this->page_width,$this->page_height);
+						$top_of_table = $this->addTableStart($table, $xpos_of_table, $table_width);
+					}
+				}while($notfit>0);
 			}
 		}
 

projects.inc.php

@@ -63,6 +63,35 @@ function getProjectsEligibleForAward($award_id)
 	return $projects;
 }
 
+function getLanguagesOfProjectsEligibleForAward($award_id)
+{
+	global $config;
+
+	$prjq=mysql_query("SELECT DISTINCT(projects.language) AS language
+			FROM
+				award_awards,
+				award_awards_projectcategories,
+				award_awards_projectdivisions,
+				projects
+			WHERE
+				award_awards.id='$award_id'
+				AND award_awards.id=award_awards_projectcategories.award_awards_id
+				AND award_awards.id=award_awards_projectdivisions.award_awards_id
+				AND projects.projectcategories_id=award_awards_projectcategories.projectcategories_id
+				AND projects.projectdivisions_id=award_awards_projectdivisions.projectdivisions_id
+				AND projects.projectnumber is not null
+				AND projects.year='".$config['FAIRYEAR']."'
+			ORDER BY
+				language
+				");
+	$languages=array();
+	while($r=mysql_fetch_object($prjq)) {
+		if($r->language) 
+			$languages[]=$r->language;
+	}
+	return $languages;
+}
+
 function getProjectsEligibleOrNominatedForAwards($awards_ids_array)
 {
 	$projects=array();
@@ -202,6 +231,7 @@ function getProjectsNominatedForSpecialAward($award_id)
 		$prjq=mysql_query("SELECT
 					projects.projectnumber,
 					projects.title,
+					projects.language,
 					projects.id AS projects_id
 				FROM
 					project_specialawards_link,
@@ -220,6 +250,7 @@ function getProjectsNominatedForSpecialAward($award_id)
 			$projects[$prjr->projectnumber]=array(
 						"id"=>$prjr->projects_id,
 						"projectnumber"=>$prjr->projectnumber,
+						"language"=>$prjr->language,
 						"title"=>$prjr->title
 					);
 		}
@@ -233,6 +264,40 @@ function getProjectsNominatedForSpecialAward($award_id)
 	}
 }
 
+function getLanguagesOfProjectsNominatedForSpecialAward($award_id)
+{
+	global $config;
+
+	//if they dont use special award nominations, then we will instead get all of the projects that
+	//are eligible for the award, instead of nominated for it.
+	if($config['specialawardnomination']!="none") {
+		$prjq=mysql_query("SELECT  DISTINCT(projects.language) AS language
+				FROM
+					project_specialawards_link,
+					projects
+				WHERE
+					project_specialawards_link.award_awards_id='$award_id'
+					AND project_specialawards_link.projects_id=projects.id
+					AND projects.projectnumber is not null
+					AND projects.year='".$config['FAIRYEAR']."'
+					ORDER BY language
+					");
+		$languages=array();
+		while($r=mysql_fetch_object($prjq)) {
+			//dont count "" as a language, if the project doesnt have a language specified too bad they're up shit creek without a paddle
+			if($r->langauge) {
+				$languages[]=$r->language;
+			}
+
+		}
+		return $languages;
+	}
+	else {
+		//return the projects that are eligible for the award instead
+		return getLanguagesOfProjectsEligibleForAward($award_id);
+	}
+}
+
 function getSpecialAwardsNominatedByRegistrationID($id)
 {
 	global $config;

questions.inc.php

@@ -40,15 +40,17 @@ function questions_load_answers($section, $users_id)
 }
 
 function questions_load_questions($section, $year)
-{
-	$q = mysql_query('SELECT * FROM questions '.
+{	global $pdo;
+	$q = $pdo->prepare('SELECT * FROM questions '.
 			"WHERE year='$year' ".
 			"   AND section='$section'  ".
 			'ORDER BY ord ASC');
-	print(mysql_error());
+	$q->execute();
+
+	print($pdo->errorInfo());
 
 	$qs = array();
-	while($r=mysql_fetch_object($q)) {
+	while($r=$q->fetch(PDO::FETCH_OBJ)) {
 		$qs[$r->id]['id'] = $r->id;
 		$qs[$r->id]['ord'] = $r->ord;
 		$qs[$r->id]['section'] = $r->section;
@@ -100,8 +102,9 @@ function questions_print_answer_editor($section, &$u, $array_name)
 	$qs = questions_load_questions($section, $u['year']);
 	$keys = array_keys($qs);
 	foreach($keys as $qid) {
+		$required = $qs[$qid]['required'] == 'yes' ? '<span class="requiredfield" style="float:right">&nbsp;*</span>' : '';
 		print("<tr>\n");
-		print(" <td colspan=\"2\">".i18n($qs[$qid]['question'])."</td>\n");
+		print(" <td colspan=\"2\">$required".i18n($qs[$qid]['question'])."</td>\n");
 		print(" <td colspan=\"2\">");
 		$iname = "{$array_name}[{$qid}]";
 		switch($qs[$qid]['type']) {