Complete initial pass of sql conversion

Ethics questions can now be asked as a required field for each project. 
To activate this feature navigate to Configuration >> Configuration Variables >> Participant Registration 
and change  “Ask if the project requires human and/or animal participants” to “Yes”. 

All projects with human and/or animal participants can be selected using the Report Editor.

Under “Input Received Signature Forms” a button called “Receive All” was created. 
Clicking this button will cause the program to assign project numbers and mark the 
signature page as received for all students who have completed the registration process. 
Confirmation emails are sent to each student that had their signature page marked as received.

"Remove Old Judge Data" and "Remove Old Emergency Contact/Parent Data" was added to
"Database Backup/Restore".  These permanently remove all information from the database 
about these two respective groups.  This means that all historical data will be lost but  
the most recent information about judges and emergency contacts remains. Cleaning the database 
this way dramatically improves the speed of the user editor.  Make sure the database has been
backed up before trying these.

The judge's name now appears on the cancellation popup window when deleting an individual judge.

admin/anneal.inc.php

@@ -1,5 +1,28 @@
-<?php
+<?
+/* 
+   This file is part of the 'Science Fair In A Box' project
+   SFIAB Website: http://www.sfiab.ca
 
+   Copyright (C) 2005-2008 Sci-Tech Ontario Inc <info@scitechontario.org>
+   Copyright (C) 2008-2012 Youth Science Ontario <info@youthscienceontario.ca>
+   Copyright (C) 2005-2012 James Grant <james@lightbox.org>
+
+   This program is free software; you can redistribute it and/or
+   modify it under the terms of the GNU General Public
+   License as published by the Free Software Foundation, version 2.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+    General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program; see the file COPYING.  If not, write to
+   the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
+   Boston, MA 02111-1307, USA.
+*/
+?>
+<?
 
 class annealer {
 
@@ -309,6 +332,11 @@ class annealer {
 			
 			if($temperature < 0.1 && $last_cost_count > 10) 
 				break;
+
+			//if we go 1 million iterations without changing the cost, lets give up
+			if($last_cost_count>1000000)
+				break;
+
 //			TRACE("Cost is {$this->cost}\n");
 			$temperature *= $this->rate;
             /*

admin/award_awardcreatedivisional.php

@@ -39,8 +39,10 @@
  else if($_POST['award_types_id']) $award_types_id=$_POST['award_types_id'];
 
 	//first, we can only do this if we dont have any type=divisional awards created yet
-	$q=mysql_query("SELECT COUNT(id) AS num FROM award_awards WHERE award_types_id='1' AND year='{$config['FAIRYEAR']}'");
+	
-	$r=mysql_fetch_object($q);
+	$q = $pdo->prepare("SELECT COUNT(id) AS num FROM award_awards WHERE award_types_id='1' AND year='{$config['FAIRYEAR']}'");
+	$q->execute();
+	$r = $q->fetch(PDO::FETCH_OBJ);
 	if($r->num)
 	{
 		echo error(i18n("%1 Divisional awards already exist.  There must not be any divisional awards in order to run this wizard",array($r->num)));
@@ -48,21 +50,27 @@
 	else
 	{
 
-		$q=mysql_query("SELECT * FROM projectdivisions WHERE year='".$config['FAIRYEAR']."' ORDER BY id");
+
-		while($r=mysql_fetch_object($q))
+		$q = $pdo->prepare("SELECT * FROM projectdivisions WHERE year='".$config['FAIRYEAR']."' ORDER BY id");
+	$q->execute();
+		while($r = $q->fetch(PDO::FETCH_OBJ))
 			$div[$r->id]=$r->division;
 
-		$q=mysql_query("SELECT * FROM projectcategories WHERE year='".$config['FAIRYEAR']."' ORDER BY id");
+		
-		while($r=mysql_fetch_object($q))
+		$q = $pdo->prepare("SELECT * FROM projectcategories WHERE year='".$config['FAIRYEAR']."' ORDER BY id");
+		$q->execute();
+		while($r=$q->fetch(PDO::FETCH_OBJ))
 			$cat[$r->id]=$r->category;
 
 		$dkeys = array_keys($div);
 		$ckeys = array_keys($cat);
 
 		if($config['filterdivisionbycategory']=="yes") {
-			$q=mysql_query("SELECT * FROM projectcategoriesdivisions_link WHERE year='".$config['FAIRYEAR']."' ORDER BY projectdivisions_id,projectcategories_id");
+			
+			$q = $pdo->prepare("SELECT * FROM projectcategoriesdivisions_link WHERE year='".$config['FAIRYEAR']."' ORDER BY projectdivisions_id,projectcategories_id");
+		$q->execute();
 			$divcat=array();
-			while($r=mysql_fetch_object($q)) {
+			while($r=$q->fetch(PDO::FETCH_OBJ)) {
 				$divcat[]=array("c"=>$r->projectcategories_id,"d"=>$r->projectdivisions_id);
 			}
 
@@ -79,9 +87,11 @@
 
 		if($_GET['action']=="create" && $_GET['sponsors_id'])
 		{
-			$q=mysql_query("SELECT * FROM award_prizes WHERE year='-1' AND award_awards_id='0' ORDER BY `order`");
+		
+			$q = $pdo->prepare("SELECT * FROM award_prizes WHERE year='-1' AND award_awards_id='0' ORDER BY `order`");
+			$q->execute();
 			$prizes=array();
-			while($r=mysql_fetch_object($q))
+			while($r=$q->fetch(PDO::FETCH_OBJ))
 			{
 				$prizes[]=array(
 						"cash"=>$r->cash,
@@ -106,7 +116,8 @@
 				$c_category=$cat[$c_id];
 					
 					echo i18n("Creating %1 - %2",array($c_category,$d_division))."<br />";
-					mysql_query("INSERT INTO award_awards (sponsors_id,award_types_id,name,criteria,`order`,year) VALUES (
+					
+					$q = $pdo->prepare("INSERT INTO award_awards (sponsors_id,award_types_id,name,criteria,`order`,year) VALUES (
 						'{$_GET['sponsors_id']}',
 						'1',
 						'$c_category - $d_division',
@@ -114,19 +125,26 @@
 						'$ord',
 						'{$config['FAIRYEAR']}'
 					)");
-					echo mysql_error();
+					$q->execute();
-					$award_awards_id=mysql_insert_id();
+					echo $pdo->errorInfo();
+					$award_awards_id=$pdo->lastInsertId();
 
 
-					mysql_query("INSERT INTO award_awards_projectcategories (award_awards_id,projectcategories_id,year) VALUES ('$award_awards_id','$c_id','{$config['FAIRYEAR']}')");
+					
-					mysql_query("INSERT INTO award_awards_projectdivisions (award_awards_id,projectdivisions_id,year) VALUES ('$award_awards_id','$d_id','{$config['FAIRYEAR']}')");
 
-					$ord++;
+					$q = $pdo->prepare("INSERT INTO award_awards_projectcategories (award_awards_id,projectcategories_id,year) VALUES ('$award_awards_id','$c_id','{$config['FAIRYEAR']}')");
+					$q->execute();
+
+					$q = $pdo->prepare("INSERT INTO award_awards_projectdivisions (award_awards_id,projectdivisions_id,year) VALUES ('$award_awards_id','$d_id','{$config['FAIRYEAR']}')");
+					$q->execute();
+										$ord++;
 
 					echo "&nbsp;&nbsp;".i18n("Prizes: ");
 					foreach($prizes AS $prize)
 					{
-						mysql_query("INSERT INTO award_prizes (award_awards_id,cash,scholarship,value,prize,number,`order`,excludefromac,trophystudentkeeper,trophystudentreturn,trophyschoolkeeper,trophyschoolreturn,year) VALUES (
+						
+						
+						$q = $pdo->prepare("INSERT INTO award_prizes (award_awards_id,cash,scholarship,value,prize,number,`order`,excludefromac,trophystudentkeeper,trophystudentreturn,trophyschoolkeeper,trophyschoolreturn,year) VALUES (
 							'$award_awards_id',
 							'{$prize['cash']}',
 							'{$prize['scholarship']}',
@@ -141,6 +159,10 @@
 							'{$prize['trophyschoolreturn']}',
 							'{$config['FAIRYEAR']}'
 							)");
+						
+						$q->execute();
+
+
 						echo $prize['prize'].",";
 					}
 					echo "<br />";
@@ -157,11 +179,13 @@
 
 			echo "<table>";
 			echo "<tr><td>".i18n("Sponsor").":</td><td>";
-			$sq=mysql_query("SELECT id,organization FROM sponsors ORDER BY organization");
+			
+			$sq = $pdo->prepare("SELECT id,organization FROM sponsors ORDER BY organization");
+			$sq->execute();
 			echo "<select name=\"sponsors_id\">";
 			//only show the "choose a sponsor" option if we are adding,if we are editing, then they must have already chosen one.
 			echo $firstsponsor;
-			while($sr=mysql_fetch_object($sq))
+			while($sr=$sq->fetch(PDO::FETCH_OBJ))
 			{
 				if($sr->id == $sponsors_id)
 					$sel="selected=\"selected\"";
@@ -175,9 +199,11 @@
 			echo "<tr><td>".i18n("Prizes")."</td><td><a href=\"award_prizes.php?award_awards_id=-1\">Edit prize template for divisional awards</a>";
 			//the 'generic' template prizes for the awards are stored with year =-1 and award_awards_id=0
 
-			$q=mysql_query("SELECT * FROM award_prizes WHERE year='-1' AND award_awards_id='0' ORDER BY `order`");
+			
+			$q = $pdo->prepare("SELECT * FROM award_prizes WHERE year='-1' AND award_awards_id='0' ORDER BY `order`");
+			$q->execute();
 
-			if(mysql_num_rows($q))
+			if($q->rowCount())
 			{
 			/*
 				echo "<form method=\"post\" action=\"award_prizes.php\">";
@@ -197,7 +223,7 @@
 				echo "</tr>\n";
 
 
-				while($r=mysql_fetch_object($q))
+				while($r=$q->fetch(PDO::FETCH_OBJ))
 				{
 					echo "<tr>\n";
 					echo " <td>$r->prize</td>\n";

admin/award_awards.php

@@ -30,8 +30,10 @@
  switch($_GET['action']) {
  case 'awardinfo_load':
  	$id = intval($_GET['id']);
-	$q=mysql_query("SELECT * FROM award_awards WHERE id='$id'");
+	
-	$ret = mysql_fetch_assoc($q);
+	$q = $pdo->prepare("SELECT * FROM award_awards WHERE id='$id'");
+	$q->execute();	
+	$ret = $q->fetch(PDO::FETCH_ASSOC);
 	//json_encode NEEDS UTF8 DATA, but we store it in the database as ISO :(
 	foreach($ret AS $k=>$v) {
 		$ret[$k]=iconv("ISO-8859-1","UTF-8",$v);
@@ -50,9 +52,11 @@
 	$id=intval($_POST['id']);
 
 	if($id == -1) {
-		$q=mysql_query("INSERT INTO award_awards (year,self_nominate,schedule_judges) 
+		
+		$q = $prepare("INSERT INTO award_awards (year,self_nominate,schedule_judges) 
 				VALUES ('{$config['FAIRYEAR']}','yes','yes')");
-		$id = mysql_insert_id();
+		$q->execute();
+		$id = $pdo->lastInsertId();
 		happy_("Award Created");
 		/* Set the award_id in the client */
 		echo "<script type=\"text/javascript\">award_id=$id;</script>";
@@ -60,25 +64,26 @@
 
 	$q = "UPDATE award_awards SET 
 		award_types_id='".intval($_POST['award_types_id'])."',
-		presenter='".mysql_escape_string(iconv("UTF-8","ISO-8859-1",stripslashes($_POST['presenter'])))."', 
+		presenter='".iconv("UTF-8","ISO-8859-1",stripslashes($_POST['presenter']))."', 
 		excludefromac='".(($_POST['excludefromac'] == 1) ? 1 : 0)."',
 		cwsfaward='".(($_POST['cwsfaward'] == 1) ? 1 : 0)."', 
 		self_nominate='".(($_POST['self_nominate'] == 'yes') ? 'yes' : 'no')."', 
 		schedule_judges='".(($_POST['schedule_judges'] == 'yes') ? 'yes' : 'no')."', 
-		description='".mysql_escape_string(iconv("UTF-8","ISO-8859-1",stripslashes($_POST['description'])))."' ";
+		description='".iconv("UTF-8","ISO-8859-1",stripslashes($_POST['description']))."' ";
 
 	if(array_key_exists('name', $_POST)) {
 		/* These values may be disabled, if they name key exists, assume
 		 * they aren't disabled and save them too */
-		$q .= ",name='".mysql_escape_string(iconv("UTF-8","ISO-8859-1",stripslashes($_POST['name'])))."',
+		$q .= ",name='".iconv("UTF-8","ISO-8859-1",stripslashes($_POST['name']))."',
-			criteria='".mysql_escape_string(iconv("UTF-8","ISO-8859-1",stripslashes($_POST['criteria'])))."', 
+			criteria='".iconv("UTF-8","ISO-8859-1",stripslashes($_POST['criteria']))."', 
 			sponsors_id='".intval($_POST['sponsors_id'])."' ";
 	}
 	$q .= "WHERE id='$id'";
-	mysql_query($q);
+	$q = $pdo->prepare($q);
+	$q->execute();
 	print_r($_POST);
 	echo $q;
-	echo mysql_error();
+	echo $pdo->errorInfo();
 	happy_("Award information saved");
 	exit;
 
@@ -86,14 +91,17 @@
  	$id = intval($_GET['id']);
 	//select the current categories that this award is linked to
 	$ret = array('categories'=>array(), 'divisions'=>array() );
-	$q=mysql_query("SELECT * FROM award_awards_projectcategories WHERE award_awards_id='$id'");
+	
-	while($r=mysql_fetch_assoc($q)) {
+	$q=$pdo->prepare("SELECT * FROM award_awards_projectcategories WHERE award_awards_id='$id'");
+	$q->execute();
+	while($r=$q->fetch(PDO::FETCH_ASSOC)) {
 		$ret['categories'][] = $r['projectcategories_id'];
 	}
 
 	//select the current categories that this award is linked to
-	$q=mysql_query("SELECT * FROM award_awards_projectdivisions WHERE award_awards_id='$id'");
+	$q = $pdo->$prepare("SELECT * FROM award_awards_projectdivisions WHERE award_awards_id='$id'");
-	while($r=mysql_fetch_assoc($q)) {
+	$q->execute();
+	while($r=$q->fetch(PDO::FETCH_ASSOC)) {
 		$ret['divisions'][] = $r['projectdivisions_id'];
 	}
 	echo json_encode($ret);
@@ -109,24 +117,29 @@
 	}
 
 	//wipe out any old award-category links
-	mysql_query("DELETE FROM award_awards_projectcategories WHERE award_awards_id='$id'");
+	$q = $pdo->prepare("DELETE FROM award_awards_projectcategories WHERE award_awards_id='$id'");
-
+	$q->execute();
 	foreach($_POST['categories'] AS $key=>$cat) {
 		$c = intval($cat);
-		mysql_query("INSERT INTO award_awards_projectcategories (award_awards_id,projectcategories_id,year) 
+		$q = $pdo->prepare("INSERT INTO award_awards_projectcategories (award_awards_id,projectcategories_id,year) 
 				VALUES ('$id','$c','{$config['FAIRYEAR']}')");
-		echo mysql_error();
+		$q->execute();
+		echo $q->errorInfo();
 	}
 
 	//wipe out any old award-divisions links
-	mysql_query("DELETE FROM award_awards_projectdivisions WHERE award_awards_id='$id'");
+	
+	$q = $pdo->prepare("DELETE FROM award_awards_projectdivisions WHERE award_awards_id='$id'");
+	$q->execute();
 
 	//now add the new ones
 	foreach($_POST['divisions'] AS $key=>$div) {
 		$d = intval($div);
-		mysql_query("INSERT INTO award_awards_projectdivisions (award_awards_id,projectdivisions_id,year) 
+	
+		$q = $pdo->prepare("INSERT INTO award_awards_projectdivisions (award_awards_id,projectdivisions_id,year) 
 				VALUES ('$id','$d','{$config['FAIRYEAR']}')");
-		echo mysql_error();
+		$q->execute();
+		echo $pdo->errorInfo();
 	}
 	happy_("Eligibility information saved");
 	exit;
@@ -136,8 +149,9 @@
 	foreach ($_GET['prizelist'] as $position=>$id) {
 		if($id == '') continue;
 		$order++;
-		mysql_query("UPDATE `award_prizes` SET `order`='$order' WHERE `id`='$id'");
+		
-	}
+		$q = $pdo->prepare("UPDATE `award_prizes` SET `order`='$order' WHERE `id`='$id'");
+	$q->execute();	}
 //	print_r($_GET);
 	happy_("Order Updated.");
 	exit;
@@ -147,7 +161,9 @@
 	foreach ($_GET['awardlist'] as $position=>$id) {
 		if($id == '') continue;
 		$order++;
-		mysql_query("UPDATE `award_awards` SET `order`='$order' WHERE `id`='$id'");
+		
+		$q = $pdo->prepare("UPDATE `award_awards` SET `order`='$order' WHERE `id`='$id'");
+		$q->execute();
 	}
 	happy_("Order updated");
 	exit;
@@ -155,11 +171,15 @@
  case 'prizeinfo_load':
 	$id = intval($_GET['id']);
 	if($id == -1) {
-		$q=mysql_query("SELECT * FROM award_prizes WHERE year='-1' AND award_awards_id='0' ORDER BY `order`");
+		
+		$q = $pdo->prepare("SELECT * FROM award_prizes WHERE year='-1' AND award_awards_id='0' ORDER BY `order`");
+		$q->execute();
 	} else {
-		$q = mysql_query("SELECT * FROM award_prizes WHERE award_awards_id='$id' ORDER BY `order`");
+		
+		$q = $prepare("SELECT * FROM award_prizes WHERE award_awards_id='$id' ORDER BY `order`");
+		$q->execute();
 	}
-	while($r=mysql_fetch_assoc($q)) {
+	while($r=$q->fetch(PDO::FETCH_ASSOC)) {
 		foreach($r AS $k=>$v) {
 			$r[$k]=iconv("ISO-8859-1","UTF-8",$v);
 		}
@@ -169,8 +189,10 @@
 	exit;
  case 'prize_load':
 	$id = intval($_GET['id']);
-	$q = mysql_query("SELECT * FROM award_prizes WHERE id='$id'");
+	
-	$ret=mysql_fetch_assoc($q);
+	$q = $pdo->prepare("SELECT * FROM award_prizes WHERE id='$id'");
+	$q->execute();
+	$ret = $q->fetch(PDO::FETCH_ASSOC);
 	foreach($ret AS $k=>$v) {
 		$ret[$k]=iconv("ISO-8859-1","UTF-8",$v);
 	}
@@ -184,15 +206,17 @@
 		$aaid = 0;
 		$year = -1;
 	}
-	mysql_query("INSERT INTO award_prizes(award_awards_id,year) VALUES ('$aaid','$year');");
+
-	$ret = array('id' => mysql_insert_id() );
+	$q = $pdo->prepare("INSERT INTO award_prizes(award_awards_id,year) VALUES ('$aaid','$year');");
+	$ret = array('id' => $pdo->lastInsertId() );
 	echo json_encode($ret);
 	exit;
 
  case 'prize_save':
 	$id = intval($_POST['id']);
-	$q="UPDATE award_prizes SET 
+	
-				prize='".mysql_escape_string(stripslashes(iconv("UTF-8","ISO-8859-1",$_POST['prize'])))."', 
+	$q = $pdo->prepare("UPDATE award_prizes SET 
+				prize='".stripslashes(iconv("UTF-8","ISO-8859-1",$_POST['prize']))."', 
 				cash='".intval($_POST['cash'])."',
 				scholarship='".intval($_POST['scholarship'])."',
 				value='".intval($_POST['value'])."',
@@ -202,8 +226,9 @@
 				trophystudentreturn='".(($_POST['trophystudentreturn']==1) ? 1 : 0)."',
 				trophyschoolkeeper='".(($_POST['trophyschoolkeeper']==1) ? 1 : 0)."',
 				trophyschoolreturn='".(($_POST['trophyschoolreturn']==1) ? 1 : 0)."'
-				WHERE id='$id'";
+				WHERE id='$id'");
-	mysql_query($q);
+	
+	$q->execute();
 //	echo $q;
 //	echo mysql_error();
 	happy_("Prize saved");
@@ -218,15 +243,19 @@
  case 'feeder_load':
  	$id = intval($_GET['id']);
 	/* Prepare two lists of fair IDs, for which fairs can upload and download this award */
-	$q=mysql_query("SELECT * FROM fairs_awards_link WHERE award_awards_id='$id'");
+	
+	$q = $pdo->prepare("SELECT * FROM fairs_awards_link WHERE award_awards_id='$id'");
+	$q->execute();
 	$ul = array(); 
 	$dl = array();
-	while($r=mysql_fetch_assoc($q)) {
+	while($r=$q->fetch(PDO::FETCH_ASSOC)) {
 		if($r['upload_winners'] == 'yes') $ul[$r['fairs_id']] = true;
 		if($r['download_award'] == 'yes') $dl[$r['fairs_id']] = true;
 	}
-	$q = mysql_query("SELECT * FROM award_awards WHERE id='$id'");
+	
-	$a = mysql_fetch_assoc($q);
+	$q = $pdo->prepare("SELECT * FROM award_awards WHERE id='$id'");
+	$q -> execute();
+	$a = fetch(PDO::FETCH_ASSOC)
 ?>
 	<h4><?=i18n("Feeder Fairs")?></h4>
 	<form id="feeder_form">
@@ -257,13 +286,15 @@
 		<th style="width: 5em"><?=i18n("Upload Winners")?></th>
 		</tr>
 <?
-	$q = mysql_query("SELECT * FROM fairs WHERE type='feeder'");
+	
-	while($r = mysql_fetch_assoc($q)) {
+	$q = $pdo->prepare("SELECT * FROM fairs WHERE type='feeder'");
+	$q->execute();
+	while($r = $q->fetch(PDO::FETCH_ASSOC)) {
 		echo "<tr><td style=\"padding-left:1em;padding-right:1em\">{$r['name']}</td>";
 		$ch = $dl[$r['id']] == true ? 'checked="checked"' : '';
-		echo "<td style=\"text-align:center\"><input type=\"checkbox\" name=\"feeder_dl[]\" value=\"{$r['id']} $ch \"></td>";
+		echo "<td style=\"text-align:center\"><input type=\"checkbox\" name=\"feeder_dl[]\" value=\"{$r['id']}\" $ch ></td>";
 		$ch = $ul[$r['id']] == true ? 'checked="checked"' : '';
-		echo "<td style=\"text-align:center\"><input type=\"checkbox\" name=\"feeder_ul[]\" value=\"{$r['id']} $ch \"></td>";
+		echo "<td style=\"text-align:center\"><input type=\"checkbox\" name=\"feeder_ul[]\" value=\"{$r['id']}\" $ch ></td>";
 		echo '</tr>';
 	}
 ?>
@@ -288,24 +319,31 @@
 	foreach($ul AS $fairs_id) $data[$fairs_id]['ul']  = true;
 
 	/* Now save each one */
-	mysql_query("DELETE FROM fairs_awards_link WHERE award_awards_id='$id'");
+	
-				echo mysql_error();
+	$q = $pdo->prepare("DELETE FROM fairs_awards_link WHERE award_awards_id='$id'");
+	$q->execute();
+	echo $pdo->errorInfo();
 	foreach($data as $fairs_id=>$f) {
 		$dl = ($f['dl'] == true) ? 'yes' : 'no';
 		$ul = ($f['ul'] == true) ? 'yes' : 'no';
-		mysql_query("INSERT INTO fairs_awards_link (award_awards_id,fairs_id,download_award,upload_winners)
+	
+		$q = $pdo->prepare("INSERT INTO fairs_awards_link (award_awards_id,fairs_id,download_award,upload_winners)
 				VALUES ('$id','$fairs_id','$dl','$ul')");
-				echo mysql_error();
+		$q->execute();
+		echo $pdo->errorInfo();
 	}
-	$ident=mysql_escape_string(stripslashes($_POST['identifier']));
+	$ident=stripslashes($_POST['identifier']);
 	$per_fair = $_POST['per_fair'] == 'yes' ? 'yes' : 'no';
 	$mat = intval($_POST['additional_materials']);
 	$w = intval($_POST['register_winners']);
-	mysql_query("UPDATE award_awards SET external_identifier='$ident',
+	
+	
+	$q = $pdo->prepare("UPDATE award_awards SET external_identifier='$ident',
 						external_additional_materials='$mat',
 						external_register_winners='$w',
 						per_fair='$per_fair'
 					WHERE id='$id'");
+	$q->execute();
 
 	happy_("Feeder Fair information saved");
 	exit;
@@ -629,10 +667,12 @@ $(document).ready(function() {
 			</td></tr>
 		<tr><td><?=i18n("Sponsor")?>:</td><td>
 <?
-	$sq=mysql_query("SELECT id,organization FROM sponsors ORDER BY organization");
+	
+	$sq = $pdo->prepare("SELECT id,organization FROM sponsors ORDER BY organization");
+	$sq->execute();
 	echo "<select id=\"awardinfo_sponsors_id\" name=\"sponsors_id\">";
 	echo "<option value=\"\">".i18n("Choose a sponsor")."</option>\n";
-	while($sr=mysql_fetch_object($sq)) {
+	while($sr=$sq->fetch(PDO::FETCH_OBJ)) {
 		echo "<option value=\"$sr->id\">".i18n($sr->organization)."</option>";
 	}
 ?>
@@ -642,11 +682,13 @@ $(document).ready(function() {
 			</td></tr>
 		<tr><td><?=i18n("Type")?>:</td><td>
 <?
-	$tq=mysql_query("SELECT id,type FROM award_types WHERE year='{$config['FAIRYEAR']}' ORDER BY type");
+	
+	$tq = $pdo->prepare("SELECT id,type FROM award_types WHERE year='{$config['FAIRYEAR']}' ORDER BY type");
+	$tq->execute();
 	echo "<select id=\"awardinfo_award_types_id\" name=\"award_types_id\">";
 	//only show the "choose a type" option if we are adding,if we are editing, then they must have already chosen one.
 	echo $firsttype;
-	while($tr=mysql_fetch_object($tq)) {
+	while($tr=$tq->fetch(PDO::FETCH_OBJ)) {
 		echo "<option value=\"$tr->id\">".i18n($tr->type)."</option>";
 	}
 ?>
@@ -687,9 +729,11 @@ $(document).ready(function() {
 //	if(count($currentcategories)==0) $class="class=\"error\""; else $class="";
 
 	//now select all the categories so we can list them all
-	$cq=mysql_query("SELECT * FROM projectcategories WHERE year='{$config['FAIRYEAR']}' ORDER BY mingrade");
+
-	echo mysql_error();
+	$cq = $pdo->prepare("SELECT * FROM projectcategories WHERE year='{$config['FAIRYEAR']}' ORDER BY mingrade");
-	while($cr=mysql_fetch_object($cq)) {
+	$cq->execute();
+	echo $pdo->errorInfo();
+	while($cr=$cq->fetch(PDO::FETCH_OBJ)) {
 		echo "<input type=\"checkbox\" id=\"eligibility_categories_{$cr->id}\" name=\"categories[]\" value=\"$cr->id\" />".i18n($cr->category)."<br />";
 	}
 ?>
@@ -697,9 +741,11 @@ $(document).ready(function() {
 
 	<tr><td><?=i18n("Divisions")?>:</td><td>
 <?
-	$dq=mysql_query("SELECT * FROM projectdivisions WHERE year='{$config['FAIRYEAR']}' ORDER BY division");
+	
-	echo mysql_error();
+	$dq->prepare("SELECT * FROM projectdivisions WHERE year='{$config['FAIRYEAR']}' ORDER BY division");
-	while($dr=mysql_fetch_object($dq)) {
+	$dq->execute();
+	echo errorInfo();
+	while($dr=$dq->fetch(PDO::FETCH_OBJ)) {
 		echo "<input type=\"checkbox\" id=\"eligibility_divisions_{$dr->id}\" name=\"divisions[]\" value=\"$dr->id\" />".i18n($dr->division)."<br />";
 	}
 //	if(count($currentcategories)==0 || count($currentdivisions)==0)
@@ -919,10 +965,12 @@ echo "<form method=\"get\" action=\"award_awards.php\" name=\"filterchange\">";
 
 echo "<table><tr><td colspan=\"2\">";
 
-$q=mysql_query("SELECT id,organization FROM sponsors ORDER BY organization");
+
+$q = $pdo->prepare("SELECT id,organization FROM sponsors ORDER BY organization");
+$q->execute();
 echo "<select name=\"sponsors_id\" onchange=\"document.forms.filterchange.submit()\">";
 echo "<option value=\"all\">".i18n("All Sponsors")."</option>";
-while($r=mysql_fetch_object($q)) {
+while($r=$q->fetch(PDO::FETCH_OBJ)) {
 	if($r->id == $sponsors_id) {
 		$sel="selected=\"selected\"";
 		$sponsors_organization=$r->organization;
@@ -934,10 +982,12 @@ echo "</select>";
 echo "</td></tr>";
 echo "<tr><td>";
 
-$q=mysql_query("SELECT id,type FROM award_types WHERE year='{$config['FAIRYEAR']}' ORDER BY type");
+
+$q = $pdo->prepare("SELECT id,type FROM award_types WHERE year='{$config['FAIRYEAR']}' ORDER BY type");
+$q->execute();
 echo "<select name=\"award_types_id\" onchange=\"document.forms.filterchange.submit()\">";
 echo "<option value=\"all\">".i18n("All Award Types")."</option>";
-while($r=mysql_fetch_object($q)) {
+while($r=$q->fetch(PDO::FETCH_OBJ)) {
 	if($r->id == $award_types_id) {
 		$sel="selected=\"selected\"";
 		$award_types_type=$r->type;
@@ -983,7 +1033,8 @@ if($award_types_id) $where_ati="AND award_types_id='$award_types_id'";
 
 if(!$orderby) $orderby="order";
 
-$q=mysql_query("SELECT 
+
+	$q = $pdo->prepare("SELECT 
 			award_awards.id,
 			award_awards.name,
 			award_awards.order,
@@ -1000,10 +1051,12 @@ $q=mysql_query("SELECT
 				$where_ati
 			AND 	award_types.year='{$config['FAIRYEAR']}'
 		ORDER BY `$orderby`");
+	
+	$q->execute();
 
-echo mysql_error();
+echo $pdo->errorInfo();
 
-if(mysql_num_rows($q))
+if($q->rowCount())
 		{
 	echo "* ".i18n("Click on the Script Order and drag to re-order the awards");
 	echo "<table id=\"awardlist\" class=\"tableview\" >";
@@ -1018,7 +1071,7 @@ if(mysql_num_rows($q))
 
 
 		$hasexternal=false;
-		while($r=mysql_fetch_object($q)) {
+		while($r=$q->fetch(PDO::FETCH_OBJ)) {
 			if($r->award_source_fairs_id) {
 				$cl="externalaward";
 				$hasexternal=true;
@@ -1031,8 +1084,10 @@ if(mysql_num_rows($q))
 			echo " <td $eh>{$r->type}</td>\n";
 			echo " <td $eh>{$r->name}</td>\n";
 
-			$numq=mysql_query("SELECT SUM(number) AS num FROM award_prizes WHERE award_awards_id='{$r->id}'");
+	
-			$numr=mysql_fetch_assoc($numq);
+			$numq = $pdo->prepare("SELECT SUM(number) AS num FROM award_prizes WHERE award_awards_id='{$r->id}'");
+			$numq->execute();
+			$numr=$numq->fetch(PDO::FETCH_ASSOC);
 			if(!$numr['num'])
 				$numr['num']=0;
 

admin/award_download.php

@@ -32,8 +32,10 @@
 switch($_GET['action']) {
 case 'check':
 	$fairs_id = intval($_GET['fairs_id']);
-	$q=mysql_query("SELECT * FROM fairs WHERE id='$fairs_id'");
+	
-	$fair=mysql_fetch_assoc($q);
+	$q = $pdo->prepare("SELECT * FROM fairs WHERE id='$fairs_id'");
+	$q->execute();
+	$fair = $q->fetch(PDO::FETCH_ASSOC);
 	if(!($fair['username'] && $fair['password'])) {
 		echo error(i18n("Username and Password are not set for source '%1'.  Please set them in the SFIAB Configuration/External Award Sources editor first",array($r->name)));
 		return;
@@ -71,9 +73,11 @@ case 'check':
 	}			
 
 	//get a list of all the existing awards for this external source
-	$aq=mysql_query("SELECT * FROM award_awards WHERE award_source_fairs_id='$fairs_id' AND year='{$config['FAIRYEAR']}'");
+	
+	$aq = $pdo->prepare("SELECT * FROM award_awards WHERE award_source_fairs_id='$fairs_id' AND year='{$config['FAIRYEAR']}'");
+	$aq->execute();
 	$existingawards=array();
-	while($ar=mysql_fetch_object($aq)) {
+	while($ar=$aq->fetch(PDO::FETCH_OBJ)) {
 		$existingawards[$ar->id] = true;
 	}
 	
@@ -106,27 +110,34 @@ case 'check':
 			continue;
 		}
 
-		$tq=mysql_query("SELECT * FROM award_awards WHERE 
+	
+		$tq = $pdo->prepare("SELECT * FROM award_awards WHERE 
 					external_identifier='$identifier' AND 
 					award_source_fairs_id='$fairs_id' AND 
 					year='$year'");
-		if(mysql_num_rows($tq)  == 0) {
+		$tq->execute();
+		if($tq->rowCount()  == 0) {
 			/* Award doesn't exist, create it, then update it with the common code below */
-			mysql_query("INSERT INTO award_awards (award_types_id,
+			
+			$q = $pdo->prepare("INSERT INTO award_awards (award_types_id,
 						year, external_identifier,
 						award_source_fairs_id) 
 					VALUES (2,'{$year}',
-					'".mysql_escape_string($identifier)."',
+					'".$identifier."',
 					'$fairs_id')");
-			$award_id=mysql_insert_id();
+			$q->execute();
+			$award_id=$q->insertLastId();
 			/* By default make all divs/cats eligible */
 			foreach($divs as $id=>$d) 
-				mysql_query("INSERT INTO award_awards_projectdivisions(award_awards_id,projectdivisions_id,year) VALUES ('$award_id','$id','{$config['FAIRYEAR']}')");
+			$q = $pdo->prepare("INSERT INTO award_awards_projectdivisions(award_awards_id,projectdivisions_id,year) VALUES ('$award_id','$id','{$config['FAIRYEAR']}')");	
+			$q->execute();
+			
 			foreach($cats as $id=>$c) 
-				mysql_query("INSERT INTO award_awards_projectcategories(award_awards_id,projectcategories_id,year) VALUES ('$award_id','$id','{$config['FAIRYEAR']}')");
+			$q = $pdo->prepare("INSERT INTO award_awards_projectcategories(award_awards_id,projectcategories_id,year) VALUES ('$award_id','$id','{$config['FAIRYEAR']}')");	
+			$q->execute();
 		} else {
 			echo i18n("Award already exists, updating info")."<br />";
-			$awardrecord=mysql_fetch_object($tq);
+			$awardrecord=Tq->fetch(PDO::FETCH_OBJ);
 			$award_id = $awardrecord->id;
 		}
 
@@ -134,35 +145,40 @@ case 'check':
 		unset($existingawards[$award_id]);
 
 		//check if the sponsor exists, if not, add them
-		$sponsor_str = mysql_escape_string($award['sponsor']);
+		$sponsor_str = $award['sponsor'];
-		$sponsorq=mysql_query("SELECT * FROM sponsors WHERE organization='$sponsor_str'");
+		
-		if($sponsorr=mysql_fetch_object($sponsorq)) {
+		$sponsorq=$pdo->prepare("SELECT * FROM sponsors WHERE organization='$sponsor_str'");
+		$sponsorq->execute();
+		if($sponsorr=$sponsorq->fetch(PDO::FETHC_OBJ)) {
 			$sponsor_id=$sponsorr->id;
 		} else {
-			mysql_query("INSERT INTO sponsors (organization,year,notes) 
+			$q = $pdo->prepare("INSERT INTO sponsors (organization,year,notes) 
-				VALUES ('$sponsor_str','$year','".mysql_escape_string("Imported from external source: $r->name")."')");
+				VALUES ('$sponsor_str','$year','"."Imported from external source: $r->name"."')");
-			echo mysql_error();
+			$q->execute();
-			$sponsor_id=mysql_insert_id();
+			echo $q->errroInfo();
+			$sponsor_id=$pdo->lastInsertId();
 		}
 
 
 		$self_nominate = ($award['self_nominate'] == 'yes') ? 'yes' : 'no';
 		$schedule_judges = ($award['schedule_judges'] == 'yes') ? 'yes' : 'no';
-		mysql_query("UPDATE award_awards SET
+		
+		$q = $pdo->prepare("UPDATE award_awards SET
 				sponsors_id='$sponsor_id',
-				name='".mysql_escape_string($award['name_en'])."',
+				name='".$award['name_en']."',
-				criteria='".mysql_escape_string($award['criteria_en'])."',
+				criteria='".$award['criteria_en']."',
-				external_postback='".mysql_escape_string($postback)."',
+				external_postback='".$postback."',
 				external_register_winners='".(($award['external_register_winners']==1)?1:0)."',
 				external_additional_materials='".(($award['external_additional_materials']==1)?1:0)."',
 				self_nominate='$self_nominate',
 				schedule_judges='$schedule_judges'
 			WHERE 
 				id='$award_id' 
-				AND external_identifier='".mysql_escape_string($identifier)."' 
+				AND external_identifier='".$identifier."' 
 				AND year='$year'
 		");
-		echo mysql_error();
+		$q->execute();
+		echo $q->errorInfo();
 
 		//update the prizes
 		$prizes = $award['prizes'];
@@ -172,9 +188,11 @@ case 'check':
 
 		echo i18n("Number of prizes: %1",array(count($prizes)))."<br />";
 		/* Get existing prizes */
-		$pq=mysql_query("SELECT * FROM award_prizes WHERE award_awards_id='$award_id'");
+		
+		$pq = $pdo->prepare("SELECT * FROM award_prizes WHERE award_awards_id='$award_id'");
+		$pq->execute();
 		$existingprizes=array();
-		while($pr=mysql_fetch_assoc($pq)) 
+		while($pr=$pq->fetch(PDO::FETCH_ASSOC)) 
 			$existingprizes[$pr['prize']]=$pr;
 
 
@@ -186,10 +204,12 @@ case 'check':
 				 * but it's much shorter code, and means changing things in only
 				 * one spot */
 				echo "&nbsp;".i18n("Adding prize %1",array($prize['prize_en']))."<br />";
-				$p = mysql_escape_string(stripslashes($prize['prize_en']));
+				$p = stripslashes($prize['prize_en']);
-				mysql_query("INSERT INTO award_prizes (award_awards_id,prize,year,external_identifier)
+				
+				$q = $pdo->prepare("INSERT INTO award_prizes (award_awards_id,prize,year,external_identifier)
 					VALUES ('$award_id','$p','$year','$p')");
-				$prize_id = mysql_insert_id();
+				$q->execute();
+				$prize_id = $pdo->insertLastId();
 			} else {
 				$ep=$existingprizes[$prize['prize_en']];
 				echo "&nbsp;".i18n("Updating prize %1",array($ep['prize']))."<br />";
@@ -200,22 +220,25 @@ case 'check':
 
 			if(!array_key_exists('identifier', $prize)) $prize['identifier'] = $prize['prize_en'];
 
-			mysql_query("UPDATE award_prizes SET 
+			
+			$q = $pdo->prepare("UPDATE award_prizes SET 
 					cash='".intval($prize['cash'])."',
 					scholarship='".intval($prize['scholarship'])."',
 					value='".intval($prize['value'])."',
-					prize='".mysql_escape_string($prize['prize_en'])."',
+					prize='".$prize['prize_en']."',
 					number='".intval($prize['number'])."',
 					`order`='".intval($prize['ord'])."',
-					external_identifier='".mysql_real_escape_string(stripslashes($prize['identifier']))."',
+					external_identifier='".stripslashes($prize['identifier'])."',
 					trophystudentkeeper='".intval($prize['trophystudentkeeper'])."',
 					trophystudentreturn='".intval($prize['trophystudentreturn'])."',
 					trophyschoolkeeper='".intval($prize['trophyschoolkeeper '])."',
 					trophyschoolreturn='".intval($prize['trophyschoolreturn'])."'
 				WHERE
 					id='$prize_id'");
+			
+			$q->execute();
 
-			echo mysql_error();
+			echo $pdo->errorInfo();
 			//FIXME: update the translations
 		}
 
@@ -272,8 +295,10 @@ if(!function_exists('curl_init')) {
 </tr></thead>
 <?
 
-$q=mysql_query("SELECT * FROM fairs WHERE enable_awards='yes' ORDER BY name");
+
-while($r=mysql_fetch_object($q)) {
+$q = $pdo->prepare("SELECT * FROM fairs WHERE enable_awards='yes' ORDER BY name");
+$q->execute();
+while($r=$q->fetch(PDO::FETCH_OBJ)) {
 	echo "<tr>";
 	echo "<td>{$r->name}</td>\n";
 	echo "<td>{$r->url}</td>";

admin/award_upload.php

@@ -68,28 +68,34 @@ function get_winners($awardid, $fairs_id)
 	$awards = array();
 	if($awardid == -1) {
 		/* Get all for this fair */
-	 	$q=mysql_query("SELECT * FROM award_awards WHERE award_source_fairs_id='$fairs_id' AND year='{$config['FAIRYEAR']}'");
+	
-		if(mysql_num_rows($q) == 0) {
+		$q = $pdo->prepare("SELECT * FROM award_awards WHERE award_source_fairs_id='$fairs_id' AND year='{$config['FAIRYEAR']}'");
+		if($q->rowCount() == 0) {
 			error_("Can't find award id $awardid");
 			return false;
 		}
-		while($a = mysql_fetch_assoc($q)) {
+		while($a = $q->fetch(PDO::FETCH_ASSOC)) {
 			$awards[] = $a;
 		}
 	} else {
 		/* Get the award */
-	 	$q=mysql_query("SELECT * FROM award_awards WHERE id='$awardid' AND year='{$config['FAIRYEAR']}'");
+	 	
-		if(mysql_num_rows($q)!=1) {
+		$q = $pdo->prepare("SELECT * FROM award_awards WHERE id='$awardid' AND year='{$config['FAIRYEAR']}'");
+		$q->execute();
+		if($q->rowCount()!=1) {
 			error_("Can't find award id $awardid");
 			return false;
 		}
-		$award=mysql_fetch_assoc($q);
+		$award=$q->fetch(PDO::FETCH_ASSOC);
 		$awards[] = $award;
 	}
 
 	/* Get the fair for the div/cat mappings */
-	$q = mysql_query("SELECT * FROM fairs WHERE id='{$award['award_source_fairs_id']}'");
+	
-	$fair = mysql_fetch_assoc($q);
+	$q = $pdo->prepare("SELECT * FROM fairs WHERE id='{$award['award_source_fairs_id']}'");
+	$q->execute();
+	$fair = $q->fetch(PDO::FETCH_ASSOC);
+	
 	$catmap = unserialize($fair['catmap']);
 	$divmap = unserialize($fair['divmap']);
 
@@ -107,29 +113,37 @@ function get_winners($awardid, $fairs_id)
 		}
 
 		/* Get the prizes */
-		$q=mysql_query("SELECT * FROM award_prizes WHERE award_awards_id='{$award['id']}'");
+	
-		while($prize=mysql_fetch_assoc($q)) {
+		$q = $pdo->prepare("SELECT * FROM award_prizes WHERE award_awards_id='{$award['id']}'");
+		$q->execute();
+		while($prize=$q->fetch(PDO::FETCH_ASSOC)) {
 			$pid = $prize['id'];
-			$wq=mysql_query("SELECT projects.* FROM award_prizes
+		
+			$wq = $pdo->prepare("SELECT projects.* FROM award_prizes
 						LEFT JOIN winners ON winners.awards_prizes_id=award_prizes.id
 						LEFT JOIN projects ON projects.id=winners.projects_id
 					WHERE 
 						awards_prizes_id='$pid' AND 
 						winners.year='{$config['FAIRYEAR']}'");
-			echo mysql_error();
+			$wq->execute();
+			echo $pdo->erroInfo();
 			/* Get all projects assigned to this prize */
 			$prizewinners = array();
-			while($project=mysql_fetch_assoc($wq)) {
+			while($project=$wq->fetch(PDO::FETCH_ASSOC)) {
 
 				/* Get the students */
-				$sq=mysql_query("SELECT * FROM students WHERE registrations_id='{$project['registrations_id']}'
+			
+				$sq = $pdo->prepare("SELECT * FROM students WHERE registrations_id='{$project['registrations_id']}'
 							AND year='{$config['FAIRYEAR']}'");
+				$sq->execute();
 				$students=array();
-				while($s=mysql_fetch_assoc($sq)) {
+				while($s=$sq->fetch(PDO::FETCH_ASSOC)) {
 
 					/* Get the student's school */
-					$schoolq=mysql_query("SELECT * FROM schools WHERE id='{$s['schools_id']}'");
+					
-					$schoolr=mysql_fetch_assoc($schoolq);
+					$schoolq = $pdo->prepare("SELECT * FROM schools WHERE id='{$s['schools_id']}'");
+					$schoolq->execute();
+					$schoolr=$schoolq->fetch(PDO::FETCH_ASSOC);
 					$school = array("xml_type"=>"school");/* for ysc compatability */
 					foreach($school_fields as $k=>$v) 
 						$school[$k] = $schoolr[$v];
@@ -179,37 +193,45 @@ function count_winners($awardid, $fairs_id)
 	$awards = array();
 	if($awardid == -1) {
 		/* Get all for this fair */
-	 	$q=mysql_query("SELECT * FROM award_awards WHERE award_source_fairs_id='$fairs_id' AND year='{$config['FAIRYEAR']}'");
+	 	
-		if(mysql_num_rows($q) == 0) {
+		$q = $pdo->prepare("SELECT * FROM award_awards WHERE award_source_fairs_id='$fairs_id' AND year='{$config['FAIRYEAR']}'");
+		$q->execute();
+		if($q->rowCount() == 0) {
 			error_("Can't find award id $awardid");
 			return 0;
 		}
-		while($a = mysql_fetch_assoc($q)) {
+		while($a = $q->fetch(PDO::FETCH_ASSOC)) {
 			$awards[] = $a;
 		}
 	} else {
 		/* Get the award */
-	 	$q=mysql_query("SELECT * FROM award_awards WHERE id='$awardid' AND year='{$config['FAIRYEAR']}'");
+	 	
-		if(mysql_num_rows($q)!=1) {
+		$q = $pdo->prepare("SELECT * FROM award_awards WHERE id='$awardid' AND year='{$config['FAIRYEAR']}'");
+		$q->execute();
+		if($q->rowcount()!=1) {
 			error_("Can't find award id $awardid");
 			return 0;
 		}
-		$award=mysql_fetch_assoc($q);
+		$award=$q->fetch(PDO::FETCH_ASSOC);
 		$awards[] = $award;
 	}
 
 	foreach($awards as $award) {
 		/* Get the prizes */
-		$q=mysql_query("SELECT * FROM award_prizes WHERE award_awards_id='{$award['id']}'");
+		
-		while($prize=mysql_fetch_assoc($q)) {
+		$q = $pdo->prepare("SELECT * FROM award_prizes WHERE award_awards_id='{$award['id']}'");
+		$q->execute();
+		while($prize=$q->fetch(PDO::FETCH_ASSOC)) {
 			$pid = $prize['id'];
-			$wq=mysql_query("SELECT COUNT(projects.id) as C FROM award_prizes
+		
+			$wq = $pdo->prepare("SELECT COUNT(projects.id) as C FROM award_prizes
 						LEFT JOIN winners ON winners.awards_prizes_id=award_prizes.id
 						LEFT JOIN projects ON projects.id=winners.projects_id
 					WHERE 
 						awards_prizes_id='$pid' AND 
 						winners.year='{$config['FAIRYEAR']}'");
-			$wc = mysql_fetch_assoc($wq);
+			$wq->execute();
+			$wc = $wq->fetch(PDO::FETCH_ASSOC);
 			$count += $wc['C'];
 		}
 	}
@@ -221,8 +243,10 @@ function count_winners($awardid, $fairs_id)
 function load_server_cats_divs($fairs_id)
 {
 	global $config;
-	$q = mysql_query("SELECT * FROM fairs WHERE id='$fairs_id'");
+
-	$fair = mysql_fetch_assoc($q);
+	$q = $pdo->prepare("SELECT * FROM fairs WHERE id='$fairs_id'");
+	$q->execute();
+	$fair = $q->fetch(PDO::FETCH_ASSOC);
 
 	$req = array('get_categories' => array('year' => $config['FAIRYEAR']),
 			'get_divisions' => array('year' => $config['FAIRYEAR'])
@@ -235,8 +259,10 @@ function load_server_cats_divs($fairs_id)
 	} else {
 		$catmap = array();
 		/* Load ours */
-		$q=mysql_query("SELECT * FROM projectcategories WHERE year='{$config['FAIRYEAR']}' ORDER BY mingrade");
+	
-		while($r=mysql_fetch_object($q)) {
+		$q = $pdo->prepare("SELECT * FROM projectcategories WHERE year='{$config['FAIRYEAR']}' ORDER BY mingrade");
+		$q->execute();
+		while($r=$q->fetch(PDO::FETCH_OBJ)) {
 			foreach($data['categories'] as $id=>$c) {
 				if($c['mingrade'] == $r->mingrade) {
 					$catmap[$r->id] = $id;
@@ -249,8 +275,10 @@ function load_server_cats_divs($fairs_id)
 		$divmap = unserialize($fair['divmap']);
 	} else {
 		$ret['divmap'] = array();
-		$q=mysql_query("SELECT * FROM projectdivisions WHERE year='{$config['FAIRYEAR']}' ORDER BY id");
+	
-		while($r=mysql_fetch_object($q)) {
+		$q = $pdo->prepare("SELECT * FROM projectdivisions WHERE year='{$config['FAIRYEAR']}' ORDER BY id");
+		$q->execute();
+		while($r=$q->fetch(PDO::FETCH_OBJ)) {
 			$lowest = 999;
 			$lowest_id = 0;
 			foreach($data['divisions'] as $id=>$d) {
@@ -278,8 +306,10 @@ case 'award_upload':
 	$all_winners = get_winners($award_awards_id, $fairs_id);
 
 	/* Get the fair */
-	$q = mysql_query("SELECT * FROM fairs WHERE id='$fairs_id}'");
+	
-	$fair = mysql_fetch_assoc($q);
+	$q = $pdo->prepare("SELECT * FROM fairs WHERE id='$fairs_id}'");
+	$q->execute();
+	$fair = $q->fetch(PDO::FETCH_ASSOC);;
 
 	echo '<br />';
 	/* Check that we're going to upload something, and override the 
@@ -365,8 +395,11 @@ case 'catdiv_load':
 	list($c, $d, $cm, $dm) = load_server_cats_divs($fairs_id);
 	$divs = projectdivisions_load();
 
-	$q = mysql_query("SELECT * FROM fairs WHERE id='$fairs_id}'");
+	
-	$fair = mysql_fetch_assoc($q);
+	$q = $pdo->prepare("SELECT * FROM fairs WHERE id='$fairs_id}'");
+	$q->execute();
+	$fair = $q->fetch(PDO::FETCH_ASSOC);
+
 
 ?>	<h4><?=i18n("Division Mapping")?></h4>
 	<br />
@@ -407,21 +440,27 @@ case 'catdiv_save':
 		$div[intval($key)] = intval($d);
 	}
 	
-	$catmap = mysql_real_escape_string(serialize($cat));
+	$catmap = serialize($cat);
-	$divmap = mysql_real_escape_string(serialize($div));
+	$divmap = serialize($div);
-	mysql_query("UPDATE fairs SET catmap='$catmap',divmap='$divmap' WHERE id='$fairs_id'");
+
-	echo "UPDATE fairs SET catmap='$catmap',divmap='$divmap' WHERE id='$fairs_id'";
+	$q = $pdo->prepare("UPDATE fairs SET catmap='$catmap',divmap='$divmap' WHERE id='$fairs_id'");
-	echo mysql_error();
+
+	$q->execute();
+	echo $pdo->errorInfo();
 
 	happy_("Category/Division mapping information saved");
 	exit;
 
 case 'additional_materials':
 	$award_awards_id = intval($_GET['award_awards_id']);
-	$q = mysql_query("SELECT award_source_fairs_id,external_identifier FROM award_awards WHERE id='$award_awards_id'");
+	
-	$a = mysql_fetch_assoc($q);
+	$q = $pdo->prepare("SELECT award_source_fairs_id,external_identifier FROM award_awards WHERE id='$award_awards_id'");
-	$q = mysql_query("SELECT * FROM fairs WHERE id='{$a['award_source_fairs_id']}'");
+	$q->execute();
-	$fair = mysql_fetch_assoc($q);
+	$a = $q->fetch(PDO::FETCH_ASSOC);
+	
+	$q = $pdo->prepare("SELECT * FROM fairs WHERE id='{$a['award_source_fairs_id']}'");
+	$q->execute();
+	$fair = $q->fetch(PDO::FETCH_ASSOC);
 	$req = array('award_additional_materials' => array(
 				'year'=>$config['FAIRYEAR'],
 				'identifier'=>$a['external_identifier'])
@@ -439,8 +478,11 @@ case 'load':
 	$winners = get_winners($award_awards_id, $fairs_id);
 	$divs = projectdivisions_load();
 
-	$q = mysql_query("SELECT * FROM fairs WHERE id='$fairs_id}'");
+	
-	$fair = mysql_fetch_assoc($q);
+	$q = $pdo->prepare("SELECT * FROM fairs WHERE id='$fairs_id}'");
+	$q->execute();
+	$fair = $q->fetch(PDO::FETCH_ASSOC);
+	
 
 	echo i18n("The following list of winning projects/students will be sent to: <b>%1</b>.  Use the 'Edit Default Division Assignments' button to change the default mappings for divisions.  You can over-ride any division assignment by changing it in the list below.  Category assignments are done automatically based on grade.  When you are happy with the list below, click the 'Upload Winners' button.", array($fair['name']));
 
@@ -659,13 +701,15 @@ if(!function_exists('curl_init')) {
 
 
 /* Fairs first */
-$q = mysql_query("SELECT fairs.id, fairs.name, fairs.type, COUNT(award_awards.id) as AWARD_COUNT FROM fairs 
+
+$q = $pdo->prepare("SELECT fairs.id, fairs.name, fairs.type, COUNT(award_awards.id) as AWARD_COUNT FROM fairs 
 			LEFT JOIN award_awards ON award_awards.award_source_fairs_id=fairs.id
 			WHERE award_awards.award_source_fairs_id IS NOT NULL
 				AND award_awards.year='{$config['FAIRYEAR']}'
 			GROUP BY fairs.id
 			ORDER BY fairs.name ");
-echo mysql_error();
+$q->execute();
+echo $q->errorInfo();
 
 ?>
 <h4><?=i18n('Upload all winners to a source')?>:</h4>
@@ -678,7 +722,7 @@ echo mysql_error();
 </tr></thead>
 <?
 
-while($r=mysql_fetch_object($q)) {
+while($r=$q->fetch(PDO::FETCH_OBJ)) {
 	$count = count_winners(-1, $r->id);
 ?>
 	<tr><td><?=$r->name?></td>
@@ -700,7 +744,7 @@ while($r=mysql_fetch_object($q)) {
 
 <?
 
-$q = mysql_query("SELECT award_awards.id, award_awards.name AS awardname,
+$q = $pdo->prepare("SELECT award_awards.id, award_awards.name AS awardname,
 			  fairs.name as fairname, award_source_fairs_id, 
 			  fairs.type as fairtype, award_awards.external_additional_materials
 			FROM award_awards 
@@ -708,7 +752,8 @@ $q = mysql_query("SELECT award_awards.id, award_awards.name AS awardname,
 			WHERE award_awards.award_source_fairs_id IS NOT NULL
 				AND award_awards.year='{$config['FAIRYEAR']}'
 			ORDER BY fairs.name, award_awards.name");
-echo mysql_error();
+$q->execute();
+echo $pdo->errorInfo();
 
 ?>
 <h4><?=i18n('Upload individual winners to a source')?>:</h4>
@@ -721,7 +766,7 @@ echo mysql_error();
 <th><?=i18n("Additional<br />Info")?></th>
 </tr></thead>
 <?
-while($r=mysql_fetch_object($q)) {
+while($r=$q->fetch(PDO::FETCH_OBJ)) {
 	$count = count_winners($r->id, $r->award_source_fairs_id);
 ?>	
 	<tr><td><?=$r->awardname?></td>

admin/awards.inc.php

@@ -25,25 +25,42 @@
 function award_delete($award_awards_id)
 {
 	/* Delete all winners attached to this award */
-	$q = mysql_query("SELECT id FROM award_prizes WHERE award_awards_id='$award_awards_id'");
+	
-	while(($p = mysql_fetch_assoc($q))) {
+   $q = $pdo->prepare("SELECT id FROM award_prizes WHERE award_awards_id='$award_awards_id'");
-		mysql_query("DELETE FROM winners WHERE award_prizes_id='{$p['id']}'");
+   $q->execute();
+   	while(($p = $q->fetch(PDO::FETCH_ASSOC))) {
+		
+      $q = $pdo->prepare();
+      $q->execute("DELETE FROM winners WHERE award_prizes_id='{$p['id']}'");
 	}
 
 	/* FIXME: maybe delte judging teams and judge 
 	 * assignments and timeslots?
 
 	/* Delete the award */
-	mysql_query("DELETE FROM award_prizes WHERE award_awards_id='$award_awards_id'");
+	
-	mysql_query("DELETE FROM award_awards_projectcategories WHERE award_awards_id='$award_awards_id'");
+   $q = $pdo->prepare("DELETE FROM award_prizes WHERE award_awards_id='$award_awards_id'");
-	mysql_query("DELETE FROM award_awards_projectdivisions WHERE award_awards_id='$award_awards_id'");
+   $q->execute();
-	mysql_query("DELETE FROM award_awards WHERE id='$award_awards_id'");
+	
+   $q = $pdo->prepare("DELETE FROM award_awards_projectcategories WHERE award_awards_id='$award_awards_id'");
+   $q->execute();
+
+   $q = $pdo->prepare("DELETE FROM award_awards_projectdivisions WHERE award_awards_id='$award_awards_id'");
+   $q->execute();
+	
+   $q = $pdo->prepare("DELETE FROM award_awards WHERE id='$award_awards_id'");
+   $q->execute();
 }
 
 function award_prize_delete($award_prizes_id)
 {
-	mysql_query("DELETE FROM winners WHERE award_prizes_id='$award_prizes_id'");
+	
-	mysql_query("DELETE FROM award_prizes WHERE id='$award_prizes_id'");
+   $q = $pdo->prepare("DELETE FROM winners WHERE award_prizes_id='$award_prizes_id'");
+   $q->execute();
+
+   $q = $pdo->prepare("DELETE FROM award_prizes WHERE id='$award_prizes_id'");
+   $q->execute();
+
 }
 
 ?>

admin/cms.php

@@ -53,15 +53,17 @@
 		$insertdt=date("Y-m-d H:i:s");
 		$text=stripslashes($_POST[$textname]);
 
-		mysql_query("INSERT INTO cms (filename,dt,lang,text,title,showlogo) VALUES (
+		
-			'".mysql_escape_string($filename)."',
+		$q = $pdo->prepare("INSERT INTO cms (filename,dt,lang,text,title,showlogo) VALUES (
+			'".$filename."',
 			'$insertdt',
 			'$lang',
-			'".mysql_escape_string($text)."',
+			'".$text."',
-			'".mysql_escape_string($_POST[$titlename])."',
+			'".$_POST[$titlename]."',
 			'".$_POST[$showlogoname]."'
 			)");
-		if(mysql_error()) {
+		$q->execute();
+		if($pdo->errorInfo()) {
 			echo error(i18n("An error occurred saving %1 in %2",array($filename,$langname)));
 			$err=true;
 		}
@@ -85,14 +87,18 @@
 	foreach($config['languages'] AS $lang=>$langname) {
 		echo "<table class=\"tableview\" width=\"100%\">";
 		echo "<tr><th colspan=\"2\">";
-		$q=mysql_query("SELECT * FROM cms WHERE filename='".mysql_escape_string($_GET['filename'])."' AND lang='$lang' ORDER BY dt DESC LIMIT 1");
+		
-		if($r=mysql_fetch_object($q)) {
+		$q = $pdo->prepare("SELECT * FROM cms WHERE filename='".$_GET['filename']."' AND lang='$lang' ORDER BY dt DESC LIMIT 1");
+		$q->execute();
+		if($r=$q->fetch(PDO::FETCH_OBJ)) {
 			if($r->dt=="0000-00-00 00:00:00" || !$r->dt) $dt="Never";
 			else $dt=$r->dt;
 			echo "<b>".htmlspecialchars($_GET['filename'])." - $langname</b> &nbsp;&nbsp; ".i18n("Last updated").": $dt<br />";
 			if($_GET['dt']) {
-				$q2=mysql_query("SELECT * FROM cms WHERE filename='".mysql_escape_string($_GET['filename'])."' AND lang='$lang' AND dt<='".$_GET['dt']."' ORDER BY dt DESC LIMIT 1");
+				
-				$r2=mysql_fetch_object($q2);
+				$q2 = $pdo->prepare("SELECT * FROM cms WHERE filename='".$_GET['filename']."' AND lang='$lang' AND dt<='".$_GET['dt']."' ORDER BY dt DESC LIMIT 1");
+				$q2->execute();
+				$r2=$q2->fetch(PDO::FETCH_OBJ);
 				if($r2->dt!=$r->dt)
 				{
 					echo "Displaying historical file.  Date: $r->dt";
@@ -136,10 +142,13 @@
 	else $historylimit=30;
 
 	echo "<tr><th>".i18n("File History")."</th></tr>\n";
-	$q=mysql_query("SELECT DISTINCT(dt) FROM cms WHERE filename='".mysql_escape_string($_GET['filename'])."' ORDER BY dt DESC LIMIT $historylimit");
+	
+
+	$q = $pdo->prepare("SELECT DISTINCT(dt) FROM cms WHERE filename='".$_GET['filename']."' ORDER BY dt DESC LIMIT $historylimit");
+	$q->execute();
 	$first=true;
-	if(mysql_num_rows($q)) {
+	if($q->rowCount()) {
-		while($r=mysql_fetch_object($q)) 
+		while($r=$q->fetch(PDO::FETCH_OBJ)) 
 		{
 			if($r->dt==$_GET['dt']) $style="font-weight: bold;"; 
 			else $style="font-weight: normal;";
@@ -177,14 +186,15 @@
 	 echo "<a href=\"cms.php?action=create\">".i18n("or click here to create a new file")."</a><br />\n";
 
 	 echo "<table class=\"summarytable\">";
-
+	$q = $pdo->prepare("SELECT DISTINCT(filename) AS filename FROM cms ORDER BY filename");
-	 $q=mysql_query("SELECT DISTINCT(filename) AS filename FROM cms ORDER BY filename");
+	
 	 echo "<tr><th>".i18n("Filename")."</th><th>".i18n("Last Update")."</th></tr>";
-	 while($r=mysql_fetch_object($q))
+	 while($r=$q->fetch(PDO::FETCH_ASSOC))
 	 {
 		echo "<tr><td><a href=\"cms.php?filename=".rawurlencode($r->filename)."\">/web/$r->filename</a></td>";
-		$q2=mysql_query("SELECT dt FROM cms WHERE filename='".mysql_escape_string($r->filename)."' ORDER BY dt DESC LIMIT 1");
+		$q2 = $pdo->prepare("SELECT dt FROM cms WHERE filename='".$r->filename."' ORDER BY dt DESC LIMIT 1");
-		$r2=mysql_fetch_object($q2);
+	
+		$r2=$q2->fetch(PDO::FETCH_OBJ);
 		if($r2->dt=="0000-00-00 00:00:00") $dt="Never";
 		else $dt=$r2->dt;
 		echo "<td>$dt</td>";

admin/committees.php

@@ -128,7 +128,9 @@ function actionSubmit()
 if($_POST['addcommittee'])
 {
 	//add a new committee
-	mysql_query("INSERT INTO committees (name) VALUES ('".mysql_escape_string($_POST['addcommittee'])."')");
+	//re-order the committees
+	$q = $pdo->prepare("INSERT INTO committees (name) VALUES ('".$_POST['addcommittee']."')");
+	$q->execute();
 	echo happy(i18n("Committee successfully added"));
 }
 
@@ -142,7 +144,9 @@ if($_POST['committees_id'] && $_POST['committees_ord']) {
 	$pords = $_POST['order'];
 	while($ids[$x]) {
 		$cid = intval($ids[$x]);
-		mysql_query("UPDATE committees SET ord='".intval($ords[$x])."' WHERE id='$cid'");
+
+		$q = $pdo->prepare("UPDATE committees SET ord='".intval($ords[$x])."' WHERE id='$cid'");
+		$q->execute();
 		$x++;
 
 		$ctitle = $titles[$cid];
@@ -155,12 +159,12 @@ if($_POST['committees_id'] && $_POST['committees_ord']) {
 
 		foreach($ctitle as $uid=>$title) {
 			$o = intval($cord[$uid]);
-			$t = mysql_escape_string(stripslashes($title));
+			$t = stripslashes($title);
 			$u = intval($uid);
-			$q = "UPDATE committees_link SET title='$t', ord='$o'
+			
-				WHERE committees_id='$cid' AND users_uid='$u'";
+			$q = $pdo->prepare("UPDATE committees_link SET title='$t', ord='$o'
-//				echo $q;
+				WHERE committees_id='$cid' AND users_uid='$u'");
-			mysql_query($q);
+			$q->execute();
 		}
 
 	}
@@ -172,10 +176,12 @@ if($_POST['action']=="assign")
 {
 	if($_POST['committees_id'] && $_POST['users_uid']) {
 		$cid = intval($_POST['committees_id']);
-		$q=mysql_query("SELECT * FROM committees_link WHERE committees_id='$cid' AND users_uid='$uid'");
+		$q = $pdo->prepare("SELECT * FROM committees_link WHERE committees_id='$cid' AND users_uid='$uid'");
+		$q->execute();
 
-		if(!mysql_num_rows($q)) {
+		if(!$q->rowCount()) {
-			mysql_query("INSERT INTO committees_link (committees_id,users_uid) VALUES ('$cid','$uid')");
+			$q = $pdo->prepare("INSERT INTO committees_link (committees_id,users_uid) VALUES ('$cid','$uid')");
+			$q->execute();
 			echo happy(i18n("Successfully added member to committee"));
 		}
 		else
@@ -187,7 +193,9 @@ if($_POST['action']=="assign")
 
 if($_GET['deletecommittee']) {
 	$del = intval($_GET['deletecommittee']);
-	mysql_query("DELETE FROM committees WHERE id='$del'");
+
+	$q = $pdo->prepare("DELETE FROM committees WHERE id='$del'");
+	$q->execute();
 	echo happy(i18n("Committee removed"));
 }
 
@@ -201,7 +209,9 @@ if($_GET['unlinkmember'] && $_GET['unlinkcommittee']) {
 	$mem = intval($_GET['unlinkmember']);
 	$com = intval($_GET['unlinkcommittee']);
 	//unlink the member from the committee
-	mysql_query("DELETE FROM committees_link WHERE users_uid='$mem' AND committees_id='$com'");
+
+	$q = $pdo->prepare("DELETE FROM committees_link WHERE users_uid='$mem' AND committees_id='$com'");
+	$q->execute();
 	echo happy(i18n("Committee member unlinked from committee"));
 }
 
@@ -247,10 +257,13 @@ if($_GET['unlinkmember'] && $_GET['unlinkcommittee']) {
 	echo "</select>";
 
 	echo "</td><td>";
-	$q=mysql_query("SELECT uid,MAX(year),firstname,lastname,email,deleted FROM users WHERE types LIKE '%committee%' GROUP BY uid ORDER BY firstname");
+	$q = $pdo->prepare("SELECT uid,MAX(year),firstname,lastname,email,deleted FROM users WHERE types LIKE '%committee%' GROUP BY uid ORDER BY firstname");
+	$q->execute();
+	
+	
 	echo "<select name=\"users_uid\">";
 	echo "<option value=\"\">".i18n("Select a Member")."</option>\n";
-	while($r=mysql_fetch_object($q))
+	while($r=$q->fetch(PDO::FETCH_OBJ))
 	{
 		if($r->deleted != 'no') continue;
 		$displayname = $r->firstname.' '.$r->lastname;
@@ -265,10 +278,11 @@ if($_GET['unlinkmember'] && $_GET['unlinkcommittee']) {
 	//The Assign Div
 	echo "<div id=\"assigndiv\">";
 	echo i18n("To Committee").": ";
-	$q=mysql_query("SELECT * FROM committees ORDER BY ord,name");
+	$q = $pdo->prepare("SELECT * FROM committees ORDER BY ord,name");
+	$q->execute();
 	echo "<select name=\"committees_id\">";
 	echo "<option value=\"\">".i18n("Select a Committee")."</option>\n";
-	while($r=mysql_fetch_object($q))
+	while($r=$q->fetch(PDO::FETCH_OBJ))
 	{
 		echo "<option value=\"$r->id\">$r->name</option>\n";
 	}
@@ -287,8 +301,10 @@ if($_GET['unlinkmember'] && $_GET['unlinkcommittee']) {
 	echo "<hr />";
 
 
-	$q=mysql_query("SELECT * FROM committees ORDER BY ord,name");
+
-	if(mysql_num_rows($q))
+	$q = $pdo->prepare("SELECT * FROM committees ORDER BY ord,name");
+	$q->execute();
+	if($q->rowCout())
 	{
 		echo "<h4>".i18n("Committees")."</h4>";
 		echo "<form method=\"post\" action=\"committees.php\">\n";
@@ -296,16 +312,17 @@ if($_GET['unlinkmember'] && $_GET['unlinkcommittee']) {
 		echo "<tr><td colspan=\"2\"></td><td><b>".i18n('Title')."</b></td>";
 		echo "<td><b>".i18n('Order')."</b></td>";
 		echo "<td><b>".i18n("Public Email / Private Email")."</b></td></tr>";
-		while($r=mysql_fetch_object($q))
+		while($r=$q->fetch(PDO::FETCH_OBJ))
 		{
 			echo "<tr>";
 			echo "<td colspan=\"3\">";
 			echo "<input type=\"hidden\" name=\"committees_id[]\" value=\"$r->id\" />";
 			echo "<input size=\"1\" type=\"text\" name=\"committees_ord[]\" value=\"$r->ord\" />";
-			echo "&nbsp; <b>$r->name</b>";
+			echo "&nbsp; <b>".i18n($r->name)."</b>";
 
 
-			$q2=mysql_query("SELECT 
+			
+			$q2 = $pdo->prepare("SELECT 
 								committees_link.title,
 								committees_link.ord,
 								users.uid,
@@ -317,15 +334,16 @@ if($_GET['unlinkmember'] && $_GET['unlinkcommittee']) {
 								GROUP BY users.uid 
 								ORDER BY ord,
 								users.lastname ");
+			$q2->execute();
 
-			if(mysql_num_rows($q2)==0) {
+			if($q2->rowCount()==0) {
 				echo "&nbsp; &nbsp;";
 				echo "<a title=\"Remove Committee\" onclick=\"return confirmClick('Are you sure you want to remove this committee?');\" href=\"committees.php?deletecommittee=$r->id\"><img src=\"".$config['SFIABDIRECTORY']."/images/16/button_cancel.".$config['icon_extension']."\" border=\"0\" alt=\"Remove Committee\" /></a>";
 			}
 
 			echo "</td></tr>\n";
-			echo mysql_error();
+			echo $pdo->errorInfo();
-			while($r2=mysql_fetch_object($q2)) {
+			while($r2=$q2->fetch(PDO::FETCH_OBJ)) {
 				$u = user_load_by_uid($r2->uid);
 				echo "<tr><td align=\"right\">&nbsp;&nbsp;&nbsp;&nbsp;";
 				echo "<a title=\"Edit Member\" href=\"#\" onclick=\"openeditor({$u['id']})\"><img src=\"{$config['SFIABDIRECTORY']}/images/16/edit.{$config['icon_extension']}\" border=\"0\" alt=\"Edit\" /></a>";

admin/communication.inc.php

@@ -1,7 +1,10 @@
 <?
+// This file was modified Jan of 2014 by Richard Sin
+// A glitch that grabs old emails has been resolved.
+
 	$mailqueries=array(
 		"committee_all"=>array("name"=>"Committee members (all)","query"=>
-			"SELECT firstname, lastname, organization, email FROM users WHERE types LIKE '%committee%' AND deleted='no' GROUP BY uid"),
+			"SELECT u.firstname, u.lastname, u.organization, u.email, u.deleted, q.year FROM users AS u INNER JOIN (SELECT uid, max(year) AS year FROM users GROUP BY uid) AS q ON u.uid = q.uid AND u.year = q.year WHERE u.types LIKE '%committee%' AND u.deleted='no' GROUP BY `u`.`id` ASC"),
 
 		/* The WHERE clause evaluates which rows to add to the GROUP
 		BY, the HAVING clase evaluates which grouped rows show up.  We
@@ -11,24 +14,32 @@
 		end up picking up a user active in, say 2007 and 2008, but
 		deleted in 2009. */
 		"judges_all"=>array("name"=>"Judges from all years (except deleted judges)","query"=>
-			"SELECT firstname, lastname, email, deleted, MAX(year) 
+			"SELECT u.firstname, u.lastname, u.email, u.deleted, q.year FROM users AS u INNER JOIN (SELECT uid, max(year) AS year FROM users GROUP BY uid ) AS q ON u.uid = q.uid AND u.year = q.year WHERE u.types LIKE '%judge%' AND u.deleted='no' ORDER BY `u`.`email` ASC"),
-				FROM users WHERE types LIKE '%judge%' GROUP BY uid HAVING deleted='no' ORDER BY email"),
 
-		"judges_active_thisyear"=>array("name"=>"Judges active for this year", "query"=>
+		"judges_active_lastyear"=>array("name"=>"Judges (all) active from last year", "query"=>
+			"SELECT firstname, lastname, email FROM users LEFT JOIN users_judge ON users_judge.users_id=users.id WHERE types LIKE '%judge%' AND year='".($config['FAIRYEAR']-1)."' AND deleted='no' AND users_judge.judge_active='yes' ORDER BY email"),
+
+		"judges_active_thisyear"=>array("name"=>"Judges (all) active for this year", "query"=>
 			"SELECT firstname, lastname, email FROM users LEFT JOIN users_judge ON users_judge.users_id=users.id WHERE types LIKE '%judge%' AND year='{$config['FAIRYEAR']}' AND deleted='no' AND users_judge.judge_active='yes' ORDER BY email"),
 
-		"judges_inactive"=>array("name"=>"Judges not active for this year", "query"=>
+		"judges_div_active_thisyear"=>array("name"=>"Judges (regular judges only) active for this year", "query"=>
+			"SELECT firstname, lastname, email FROM users LEFT JOIN users_judge ON users_judge.users_id=users.id WHERE types LIKE '%judge%' AND year='{$config['FAIRYEAR']}' AND deleted='no' AND users_judge.judge_active='yes' AND (users_judge.special_award_only='no' OR users_judge.special_award_only='' OR users_judge.special_award_only IS NULL) ORDER BY email"),
+
+		"judges_spec_active_thisyear"=>array("name"=>"Judges (special award judges only) active for this year", "query"=>
+			"SELECT firstname, lastname, email FROM users LEFT JOIN users_judge ON users_judge.users_id=users.id WHERE types LIKE '%judge%' AND year='{$config['FAIRYEAR']}' AND deleted='no' AND users_judge.judge_active='yes' AND users_judge.special_award_only='yes' ORDER BY email"),
+
+		"judges_inactive"=>array("name"=>"Judges (all) not active for this year", "query"=>
 			"SELECT firstname, lastname, email, judge_active, deleted, MAX(year) 
 				FROM users LEFT JOIN users_judge ON users_judge.users_id=users.id 
 				WHERE types LIKE '%judge%'
 				GROUP BY uid HAVING  deleted='no' AND ((max(year)='{$config['FAIRYEAR']}' AND judge_active='no') OR max(year)<'{$config['FAIRYEAR']}')
 				ORDER BY email"),
 
-		"judges_active_complete_thisyear"=>array("name"=>"Judges active for this year and complete", "query"=>
+		"judges_active_complete_thisyear"=>array("name"=>"Judges (all) active for this year and complete", "query"=>
 			"SELECT firstname, lastname, email FROM users LEFT JOIN users_judge ON users_judge.users_id=users.id WHERE types LIKE '%judge%' AND year='{$config['FAIRYEAR']}' AND users_judge.judge_complete='yes' AND deleted='no' AND users_judge.judge_active='yes' ORDER BY email"),
 
-		"judges_active_incomplete_thisyear"=>array("name"=>"Judges active for this year but not complete", "query"=>
+		"judges_active_incomplete_thisyear"=>array("name"=>"Judges (all) active for this year but not complete", "query"=>
-			"SELECT firstname, lastname, email FROM users LEFT JOIN users_judge ON users_judge.users_id=users.id WHERE types LIKE '%judge%' AND year='{$config['FAIRYEAR']}' AND users_judge.judge_complete='no' AND deleted='no' AND users_judge.judge_active='yes' ORDER BY email"),
+			"SELECT firstname, lastname, email FROM users LEFT JOIN users_judge ON users_judge.users_id=users.id WHERE types LIKE '%judge%' AND year='{$config['FAIRYEAR']}' AND (users_judge.judge_complete!='yes' OR users_judge.judge_complete IS NULL) AND deleted='no' AND users_judge.judge_active='yes' ORDER BY email"),
 
 		"participants_complete_thisyear"=>array("name"=>"Participants complete this year","query"=>
 			"SELECT firstname, lastname, students.email FROM students,registrations WHERE students.registrations_id=registrations.id AND registrations.year='".$config['FAIRYEAR']."' AND ( registrations.status='complete' OR registrations.status='paymentpending') ORDER BY students.email"),
@@ -56,6 +67,28 @@
 			WHERE award_awards.cwsfaward='1' AND winners.year='".$config['FAIRYEAR']."'
 			ORDER BY students.email"),
 
+		"participants_cwsf_lastyear"=>array("name"=>"CWSF Winners from last year","query"=>"
+		SELECT DISTINCT students.firstname, students.lastname, students.email 
+			FROM award_awards
+			JOIN award_prizes ON award_prizes.award_awards_id=award_awards.id
+			JOIN winners ON winners.awards_prizes_id=award_prizes.id
+			JOIN projects ON winners.projects_id=projects.id
+			JOIN registrations ON projects.registrations_id=registrations.id
+			JOIN students ON students.registrations_id=registrations.id
+			WHERE award_awards.cwsfaward='1' AND winners.year='".($config['FAIRYEAR']-1)."'
+			ORDER BY students.email"),
+
+		"participants_cwsf_allyears"=>array("name"=>"CWSF Winners from all years","query"=>"
+		SELECT DISTINCT students.firstname, students.lastname, students.email 
+			FROM award_awards
+			JOIN award_prizes ON award_prizes.award_awards_id=award_awards.id
+			JOIN winners ON winners.awards_prizes_id=award_prizes.id
+			JOIN projects ON winners.projects_id=projects.id
+			JOIN registrations ON projects.registrations_id=registrations.id
+			JOIN students ON students.registrations_id=registrations.id
+			WHERE award_awards.cwsfaward='1'
+			ORDER BY students.email"),
+
 		"sponsors"=>array("name"=>"Organization sponsors","query"=>
 			"SELECT id, organization, email FROM sponsors WHERE email!='' ORDER BY email"),
 
@@ -88,6 +121,51 @@
                 ORDER BY users.email
                 "),
 
+		"sponsors_specialawards"=>array("name"=>"Organization sponsors for Special Awards","query"=>
+			"SELECT DISTINCT sponsors.id, organization, email 
+			FROM sponsors 
+			JOIN award_awards ON sponsors.id=award_awards.sponsors_id
+			WHERE 
+				email!='' 
+				AND award_awards.award_types_id=2
+			ORDER BY email"),
+
+
+		"sponsors_primarycontacts_specialawards"=>array("name"=>"Organization sponsors for Special Awards (primary contacts)","query"=>
+			"SELECT DISTINCT uid, MAX(users.year) AS year, sponsors.organization, users.firstname, users.lastname, users.email, deleted, users_sponsor.primary 
+                FROM sponsors, 
+                        users_sponsor, 
+                        users,
+						award_awards 
+                WHERE 
+                    users.id=users_sponsor.users_id
+                    AND users_sponsor.sponsors_id=sponsors.id
+                    AND users.types LIKE '%sponsor%'
+                    AND users.email!=''
+					AND sponsors.id=award_awards.sponsors_id
+					AND award_awards.award_types_id=2
+                GROUP BY uid 
+                HAVING deleted='no' AND users_sponsor.primary='yes'
+                ORDER BY users.email
+                "),
+
+		"sponsors_allcontacts_specialawards"=>array("name"=>"Organization sponsors for Special Awards (all contacts)","query"=>
+			"SELECT DISTINCT(users.email), sponsors.organization, users.firstname, users.lastname, users.email 
+                FROM sponsors, 
+                        users_sponsor, 
+                        users,
+						award_awards 
+                WHERE 
+                    users.id=users_sponsor.users_id
+                    AND users_sponsor.sponsors_id=sponsors.id
+                    AND users.types LIKE '%sponsor%'
+                    AND users.deleted='no'
+                    AND users.email!=''
+					AND sponsors.id=award_awards.sponsors_id
+					AND award_awards.award_types_id=2
+                ORDER BY users.email
+                "),
+
 /*
 		"special_award_sponsors_unconfirmed"=>array("name"=>"Special award sponsors (unconfirmed only)","query"=>
 			"SELECT DISTINCT(award_sponsors.id), organization, firstname, lastname, award_contacts.email FROM award_sponsors, award_awards, award_contacts WHERE award_awards.sponsors_id=award_sponsors.id AND award_contacts.award_sponsors_id=award_sponsors.id AND award_sponsors.confirmed='no' AND award_awards.award_types_id='2' AND award_contacts.year='".$config['FAIRYEAR']."'"),
@@ -97,15 +175,28 @@
 
 */
 		"school_principals"=>array("name"=>"School principals","query"=>
-			"SELECT school, principal AS firstname, schoolemail AS email FROM schools WHERE schools.year='".$config['FAIRYEAR']."' AND schoolemail!=''"),
+			"SELECT schools.principal_uid AS uid, schools.school, users.firstname AS firstname, users.lastname AS lastname, users.email AS email FROM schools 
+			JOIN users ON schools.principal_uid=users.uid AND users.id=(SELECT id FROM users WHERE users.uid=schools.principal_uid ORDER BY `year` DESC LIMIT 1)
+				WHERE schools.year='".$config['FAIRYEAR']."' AND users.email!=''"),
+
 		"school_scienceheads"=>array("name"=>"School science heads","query"=>
-			"SELECT school, sciencehead AS firstname, scienceheademail AS email FROM schools WHERE schools.year='".$config['FAIRYEAR']."' AND scienceheademail!=''"),
+			"SELECT schools.sciencehead_uid AS uid, schools.school, users.firstname AS firstname, users.lastname AS lastname, users.email AS email FROM schools 
+			JOIN users ON schools.sciencehead_uid=users.uid AND users.id=(SELECT id FROM users WHERE users.uid=schools.sciencehead_uid ORDER BY `year` DESC LIMIT 1)
+				WHERE schools.year='".$config['FAIRYEAR']."' AND users.email!=''"),
+                "school_with_project_thisyear"=>array("name"=>"Schools with projects this year","query"=>
+                        "SELECT  DISTINCT(sc.schoolemail) AS email, sc.school AS firstname FROM students AS st LEFT JOIN schools AS sc ON sc.id = st.schools_id WHERE st.year = ".$config['FAIRYEAR']." AND LENGTH( sc.schoolemail ) !=0 ORDER BY email
+"),
+
+		"school_thisyear"=>array("name"=>"Schools this year","query"=>
+			"SELECT school AS firstname, schoolemail AS email FROM `schools` WHERE `year` ='".$config['FAIRYEAR']."' GROUP BY schoolemail"),
 		"school_teachers_thisyear"=>array("name"=>"Teachers (as entered by students) this year","query"=>
-			"SELECT DISTINCT(teacheremail) AS email, teachername AS firstname FROM students WHERE year='".$config['FAIRYEAR']."' AND teacheremail!=''"),
+			"SELECT teachername AS firstname, teacheremail AS email FROM students WHERE year = '".$config['FAIRYEAR']."' GROUP BY teacheremail"),
+
 		"school_teachers_lastyear"=>array("name"=>"Teachers (as entered by students) last year","query"=>
-			"SELECT DISTINCT(teacheremail) AS email, teachername AS firstname FROM students WHERE year='".($config['FAIRYEAR']-1)."' AND teacheremail!=''"),
+			"SELECT teachername AS firstname, teacheremail AS email FROM students WHERE year = '".($config['FAIRYEAR']-1)."' GROUP BY teacheremail"),
+
 		"school_teachers_allyears"=>array("name"=>"Teachers (as entered by students) all years","query"=>
-			"SELECT DISTINCT(teacheremail) AS email, teachername AS firstname FROM students WHERE teacheremail!=''"),
+			"SELECT teachername AS firstname, teacheremail AS email FROM students GROUP BY teacheremail"),
 /* Volunteers */
 		"volunteers_active_complete_thisyear"=>array("name"=>"Volunteers active for this year and complete", "query"=>
 			"SELECT id, firstname, lastname, email FROM users LEFT JOIN users_volunteer ON users_volunteer.users_id=users.id WHERE users.year='{$config['FAIRYEAR']}' AND users_volunteer.volunteer_complete='yes' AND users_volunteer.volunteer_active='yes' AND users.deleted='no' AND types LIKE '%volunteer%' ORDER BY email"),

admin/communication.php

@@ -24,6 +24,8 @@
 <?
  require_once("../common.inc.php");
  require_once("../user.inc.php");
+ include "communication.inc.php";
+
  user_auth_required('committee', 'admin');
 
  function launchQueue() {
@@ -40,8 +42,9 @@
 switch($_GET['action']) {
 case 'dialog_choose_load':
 	$emails_id = intval($_GET['emails_id']);
-	$q = mysql_query("SELECT * FROM emails WHERE id='$emails_id'");
+	$q = $pdo->prepare("SELECT * FROM emails WHERE id='$emails_id'");
-	$e = mysql_fetch_assoc($q);
+	$q->execute();
+	$e = $q->fetch(PDO::FETCH_ASSOC);
 	?>
 	<table class="editor">
 	<tr><td class="label" style="width:15%"><?=i18n('Name')?>:</td><td class="input"><?=$e['name']?></td></tr>
@@ -62,9 +65,10 @@ case 'dialog_choose':
 	<select id="comm_dialog_choose_emails_id">
 		<option value="-1">-- <?=i18n('Choose a Communication')?> --</option>
 	<?
-	$type = mysql_real_escape_string($_GET['type']);
+	$type = $_GET['type'];
-	$q = mysql_query("SELECT * FROM emails WHERE type='$type'");
+	$q = $pdo->prepare("SELECT * FROM emails WHERE type='$type'");
-	while($e = mysql_fetch_assoc($q)) {
+	$q->execute();
+	while($e = $q->fetch(PDO::FETCH_ASSOC)) {
 		echo "<option value=\"{$e['id']}\">{$e['name']}</option>";
 	}
 	?>
@@ -153,21 +157,22 @@ case 'email_save':
 	$subject=iconv("UTF-8","ISO-8859-1//TRANSLIT",$subject);
 
 	//Now its safe to escape it for the db query
-	$name = mysql_real_escape_string(stripslashes($name));
+	$name = stripslashes($name);
-	$description = mysql_real_escape_string(stripslashes($description));
+	$description = stripslashes($description);
-	$from = mysql_real_escape_string(stripslashes($from));
+	$from = stripslashes($from);
-	$subject = mysql_real_escape_string(stripslashes($subject));
+	$subject = stripslashes($subject);
-	$bodyhtml = mysql_real_escape_string(stripslashes($bodyhtml));
+	$bodyhtml = stripslashes($bodyhtml);
 
-	$type = mysql_real_escape_string($_POST['type']);
+	$type = $_POST['type'];
-	$key = mysql_real_escape_string($_POST['key']);
+	$key = $_POST['key'];
-	$fcid = mysql_real_escape_string($_POST['fcid']);
+	$fcid = $_POST['fcid'];
 
 	if($id == 0) {
 		if($key && $name) {
-			mysql_query("INSERT INTO emails(type,val) VALUES('$type','$key')");
+			$q = $pdo->prepare("INSERT INTO emails(type,val) VALUES('$type','$key')");
-			echo mysql_error();
+			$q->execute();
-			$id = mysql_insert_id();
+			echo $pdo->errorInfo();
+			$id = lastInsertId();
 		} else {
 			error_("Email Key and Name are required");
 			exit;
@@ -178,7 +183,7 @@ case 'email_save':
 	$fcstr = ($fcid == 0) ? 'NULL' : "'$fcid'";
 
 	$body=getTextFromHtml($bodyhtml);
-	mysql_query("UPDATE emails SET 
+	$q = $pdo->prepare("UPDATE emails SET 
 								name='$name',
 								description='$description',
 								`from`='$from',
@@ -187,7 +192,8 @@ case 'email_save':
 								bodyhtml='$bodyhtml',
 								fundraising_campaigns_id=$fcstr
 						WHERE id='$id'");
-	echo mysql_error();
+	$q->execute();
+	echo $pdo->errorInfo();
 	happy_("Email Saved");
 	exit;
 
@@ -206,8 +212,8 @@ case 'dialog_edit':
 		if(array_key_exists('fundraising_campaigns_id', $_GET)) {
 			$fcid = intval( $_GET['fundraising_campaigns_id']);
 			$type = 'fundraising';
-			$q=mysql_query("SELECT * FROM fundraising_campaigns WHERE id='$fcid'");
+			$q=$pdo->prepare("SELECT * FROM fundraising_campaigns WHERE id='$fcid'");
-			$fc=mysql_fetch_object($q);
+			$fc=$q->fetch(PDO::FETCH_OBJ);
 			$name=i18n("%1 communication for %2",array(ucfirst($key),$fc->name));
 		} else {
 			$fcid = 0;
@@ -217,12 +223,13 @@ case 'dialog_edit':
 		$from=$_SESSION['name']." <".$_SESSION['email'].">";
 	}
 	if($id) {
-		$q = mysql_query("SELECT * FROM emails WHERE id='$id'");
+		$q = $pdo->prepare("SELECT * FROM emails WHERE id='$id'");
-		if(mysql_num_rows($q) != 1) {
+		$q->execute();
+		if($q->rowCount() != 1) {
 			echo "Ambiguous edit";
 			exit;
 		}
-		$e = mysql_fetch_assoc($q);
+		$e = $q->fetch(PDO::FETCH_ASSOC);
 
 		/* If we're supposed to clone it, load it then zero out the
 		 * id so we make a new record on save, and override the key */
@@ -309,6 +316,7 @@ case 'dialog_edit':
 					<option value="REGNUM">[REGNUM]</option>
 					<option value="URLMAIN">[URLMAIN]</option>
 					<option value="URLLOGIN">[URLLOGIN]</option>
+					<option value="ACCESSCODE" title="School Access Code">[ACCESSCODE]</option>
 					</select>
 				</td></tr></table>
 		</td>
@@ -395,18 +403,21 @@ case 'dialog_send':
 	$fcid=intval($_GET['fundraising_campaigns_id']);
 	$emailid=intval($_GET['emails_id']);
 
-	$fcq=mysql_query("SELECT * FROM fundraising_campaigns WHERE id='$fcid'");
+	$fcq=$pdo->prepare("SELECT * FROM fundraising_campaigns WHERE id='$fcid'");
-	$fc=mysql_fetch_object($fcq);
+	$fcq->execute();
+	$fc=$fcq->fetch(PDO::FETCH_OBJ);
 
-	$emailq=mysql_query("SELECT * FROM emails WHERE id='$emailid'");
+	$emailq=$pdo->prepare("SELECT * FROM emails WHERE id='$emailid'");
-	$email=mysql_fetch_object($emailq);
+	$emailq->execute();
+	$email=$email->fetch(PDO::FETCH_OBJ);
 
 	?>
 	<form id="send">
 	<table style="width:100%">
 	<?
-	$q=mysql_query("SELECT COUNT(*) AS num FROM fundraising_campaigns_users_link WHERE fundraising_campaigns_id='$fcid'");
+	$q=$pdo->prepare("SELECT COUNT(*) AS num FROM fundraising_campaigns_users_link WHERE fundraising_campaigns_id='$fcid'");
-	$r=mysql_fetch_object($q);
+	$q->execute();
+	$r=$q->fetch(PDO::FETCH_OBJ);
 	$numrecipients=$r->num;
 
 	echo "<tr><td>".i18n("Appeal")."</td><td>".$fc->name." - ".i18n(ucfirst($email->val))."</td></tr>\n";
@@ -499,8 +510,9 @@ case 'dialog_sender':
 	$u=user_load_by_uid(intval($_GET['uid']));
 
 	if($_GET['template']) {
-		$emailq=mysql_query("SELECT * FROM emails WHERE `val`='".mysql_real_escape_string($_GET['template'])."'");
+		$emailq=$pdo->prepare("SELECT * FROM emails WHERE `val`='".$_GET['template']."'");
-		$e=mysql_fetch_assoc($emailq);
+		$emailq->execute();
+		$e=$emailq->fetch(PDO::FETCH_ASSOC);
 	}
 	else
 		$e=null;
@@ -606,14 +618,15 @@ case "email_send":
 
 case "email_get_list":
 
-	 $q=mysql_query("SELECT * FROM emails ORDER BY type,name");
+	$q = $pdo->prepare("SELECT * FROM emails ORDER BY type,name");
+
 	 echo "<table class=\"tableview\">";
 	 echo "<thead><tr>";
 	 echo " <th>".i18n("Name")."</th>";
 	 echo " <th>".i18n("Type")."</th>";
 	 echo " <th>".i18n("Actions")."</th>";
 	 echo "</tr></thead>";
-	 while($r=mysql_fetch_object($q)) {
+	 while($r=$q->fetch(PDO::FETCH_OBJ)) {
 		if($r->fundraising_campaigns_id) $fcid=$r->fundraising_campaigns_id;
 		else $fcid='null';
 		if($r->name) $name=$r->name;
@@ -638,52 +651,84 @@ case "email_get_list":
 
 	 case 'cancel':
 	 if($_GET['cancel']) {
-		mysql_query("UPDATE emailqueue SET finished=NOW() WHERE id='".intval($_GET['cancel'])."'");
+		
-		mysql_query("UPDATE emailqueue_recipients SET result='cancelled' WHERE emailqueue_id='".intval($_GET['cancel'])."' AND sent IS NULL AND result IS NULL");
+		$q = $pdo->prepare("UPDATE emailqueue SET finished=NOW() WHERE id='".intval($_GET['cancel'])."'");
+		$q->execute();
+	
+		$q = $pdo->prepare("UPDATE emailqueue_recipients SET result='cancelled' WHERE emailqueue_id='".intval($_GET['cancel'])."' AND sent IS NULL AND result IS NULL");
+		$q->execute();
 		echo "ok";
 	 }
 	 exit;
+
+	case 'loadaddresses':
+		if($_GET['query'] && array_key_exists($_GET['query'],$mailqueries)) {
+			
+			$q = $pdo->prepare($mailqueries[$_GET['query']]['query']);
+			$q->execute();
+			while($r=$q->fetch(PDO::FETCH_OBJ)) {
+				if($r->organization) $s="($r->organization) ";
+				else $s="";
+				echo "$r->firstname $r->lastname {$s}&lt;$r->email&gt;<br />";
+			}
+		}
+
+	exit;
 }
 
- include "communication.inc.php";
 
  if($_GET['action']=="sendqueue") {
 	$fcid=intval($_POST['fundraising_campaigns_id']);
 	$emailid=intval($_POST['emails_id']);
 
-	$fcq=mysql_query("SELECT * FROM fundraising_campaigns WHERE id='$fcid'");
-	$fc=mysql_fetch_object($fcq);
 
-	$emailq=mysql_query("SELECT * FROM emails WHERE id='$emailid'");
+	$fcq = $pdo->prepare("SELECT * FROM fundraising_campaigns WHERE id='$fcid'");
-	$email=mysql_fetch_object($emailq);
+	$fcq->execute();
+	$fc=$fcq->fetch(PDO::FETCH_OBJ);
 
-	$recipq=mysql_query("SELECT * FROM fundraising_campaigns_users_link
+	
+	$emailq = $pdo->prepare("SELECT * FROM emails WHERE id='$emailid'");
+	$emailq.execute();
+	$email=$emailq.fetch(PDO::FETCH_OBJ);
+
+	$recipq = $pdo->prepare("SELECT * FROM fundraising_campaigns_users_link
 						WHERE fundraising_campaigns_id='$fcid'");
-	echo mysql_error();
+	$recipq.execute();
+	echo $pdo->errorInfo();
 
-	$numtotal=mysql_num_rows($recipq);
+	$numtotal=$recipq->rowCount();
-	mysql_query("INSERT INTO emailqueue (val,name,users_uid,`from`,subject,body,bodyhtml,`type`,fundraising_campaigns_id,started,finished,numtotal,numsent) VALUES (
+
-			'".mysql_real_escape_string($email->val)."',
+	$q = $pdo->prepare("INSERT INTO emailqueue (val,name,users_uid,`from`,subject,body,bodyhtml,`type`,fundraising_campaigns_id,started,finished,numtotal,numsent) VALUES (
-			'".mysql_real_escape_string($email->name)."',
+			'".$email->val."',
+			'".$email->name."',
 			'".$_SESSION['users_uid']."',
-			'".mysql_real_escape_string($email->from)."',
+			'".$email->from."',
-			'".mysql_real_escape_string($email->subject)."',
+			'".$email->subject."',
-			'".mysql_real_escape_string($email->body)."',
+			'".$email->body."',
-			'".mysql_real_escape_string($email->bodyhtml)."',
+			'".$email->bodyhtml."',
-			'".mysql_real_escape_string($email->type)."',
+			'".$email->type."',
 			$fcid,
 			NOW(),
 			NULL,
 			$numtotal,
 			0)");
-	$emailqueueid=mysql_insert_id();
+	$q->execute();
-	echo mysql_error();
+	$emailqueueid=$pdo->lastInsertId();
+	echo $pdo->errorInfo();
 
 	$urlproto = $_SERVER['SERVER_PORT'] == 443 ? "https://" : "http://";
 	$urlmain = "$urlproto{$_SERVER['HTTP_HOST']}{$config['SFIABDIRECTORY']}";
 	$urllogin = "$urlmain/login.php";
-	while($r=mysql_fetch_object($recipq)) {
+	while($r=$recipq->fetch(PDO::FETCH_OBJ)) {
 		$u=user_load_by_uid($r->users_uid);
+
+		//we only send school access codes to science heads or principals
+	
+		$acq = $pdo->prepare("SELECT accesscode FROM schools WHERE (sciencehead_uid='{$u['uid']}' OR principal_uid='{$u['uid']}') AND `year`='{$config['FAIRYEAR']}'");
+		$acq->execute();
+		$acr=$acq->fetch(PDO::FETCH_OBJ);
+		$accesscode=$acr->accesscode;
+
 		$replacements=array(
 					"FAIRNAME"=>$config['fairname'],
 					"SALUTATION"=>$u['salutation'],
@@ -694,18 +739,22 @@ case "email_get_list":
 					"ORGANIZATION"=>$u['sponsor']['organization'],
 					"URLMAIN"=>$urlmain,
 					"URLLOGIN"=>$urllogin,
+					"ACCESSCODE"=>$accesscode,
 					);
 
 		if($u['email'] && $u['email'][0] != '*') {
-			mysql_query("INSERT INTO emailqueue_recipients (emailqueue_id,toemail,toname,replacements,sent) VALUES (
+			
+			$q = $pdo->prepare("INSERT INTO emailqueue_recipients (emailqueue_id,toemail,toname,replacements,sent) VALUES (
 				'$emailqueueid',
-				'".mysql_real_escape_string($u['email'])."',
+				'".$u['email']."',
-				'".mysql_real_escape_string($u['name'])."',
+				'".$u['name']."',
-				'".mysql_real_escape_string(json_encode($replacements))."',
+				'".json_encode($replacements."',
-				NULL)");
+				NULL)"));
-			echo mysql_error();
+			$q->execute();
+			echo $pdo->erroInfo();
 		}
-		mysql_query("UPDATE emails SET lastsent=NOW() WHERE id='$emailid'");
+		$q = $pdo->prepare("UPDATE emails SET lastsent=NOW() WHERE id='$emailid'");
+		$q->execute();
 	}
 	echo "ok";
 	launchQueue();
@@ -718,15 +767,37 @@ case "email_get_list":
             "communication"
 			);
  echo "<br />";
+ ?>
+ <script type="text/javascript">
+ function toggleAddresses() {
+	 if($("#toaddresses").is(":visible")) {
+		 $("#toaddresses").hide();
+		 $("#toaddresses-view").html("Show Recipients");
+	 } else {
+		 $("#toaddresses").show();
+		 $("#toaddresses-view").html("Hide Recipients");
+	 }
+	 return false;
+ }
+ function loadAddresses() {
+	 $("#toaddresses").load("communication.php?action=loadaddresses&query="+$("#to").val());
+ }
+ </script>
+ <?
 
  if($_GET['action']=="delete" && $_GET['delete']) {
- 	mysql_query("DELETE FROM emails WHERE id='".$_GET['delete']."' AND `type`='user'");
+	$q = $pdo->prepare("DELETE FROM emails WHERE id='".$_GET['delete']."' AND `type`='user'");
+ 	$q->execute();
 	echo happy("Email successfully deleted");
  }
 
 	if($_GET['action']=="send" && $_GET['send']) {
-		$q=mysql_query("SELECT * FROM emails WHERE id='".$_GET['send']."'");
+		echo $pdo->errorInfo();
-		$r=mysql_fetch_object($q);
+	
+		$q = $pdo->prepare("SELECT * FROM emails WHERE id='".$_GET['send']."'");
+		$q->execute();
+
+		$r=$q->fetch(PDO::FETCH_OBJ);
 
 		echo i18n("Please confirm you would like to send the following email, and choose who to send it to");
 		echo "<br>";
@@ -735,23 +806,27 @@ case "email_get_list":
 		echo "<table cellspacing=0 cellpadding=3 border=1>";
 		echo "<tr><td><b>From:</b></td><td>".htmlspecialchars($r->from)."</td></tr>";
 		echo "<tr><td><b>To:</b></td><td>";
-		echo "<select name=\"to\">";
+		echo "<select name=\"to\" id=\"to\" onchange=\"loadAddresses();\">";
 		echo " <option value=\"\">Choose Email Recipients</option>";
 		$str="";
 		foreach($mailqueries AS $k=>$mq) {
-			$tq=mysql_query($mq['query']);
+			$tq=$pdo->prepare($mq['query']);
-            if(mysql_error()) {
+			
-                echo mysql_error();
+			$tq->execute();
+            if($pdo->errorInfo()) {
+                echo $pdo->errorInfo();
                 exit;
             }
-			$num=mysql_num_rows($tq);
+			$num=$tq->rowCount();
 			$str.="<h2>".$mq['name']." $num </h2>";
-			while($tr=mysql_fetch_object($tq)) {
+			while($tr=$tq->fetch(PDO::FETCH_OBJ)) {
 				$str.="[".$tr->uid."][".$tr->year."] ".$tr->firstname." ".$tr->lastname." &lt;{$tr->email}&gt;<br />";
 			}
 			echo " <option value=\"$k\">".i18n($mq['name'])." (".i18n("%1 recipients",array($num),array("number")).")</option>";
 		}
 		echo "</select>";
+		echo "<div id=\"toaddresses-view-wrapper\"><a href=\"#\" onclick=\"return toggleAddresses()\"><span id=\"toaddresses-view\">View Recipients</span></a></div>";
+		echo "<div id=\"toaddresses\" style=\"width: 100%; height: 300px; overflow: auto; border: 1px solid grey; background-color: #FFFFFF; display: none;\">empty</div>";
 		echo "</td></tr>";
 		echo "<tr><td><b>Date:</b></td><td>".date("r")."</td></tr>";
 		echo "<tr><td><b>Subject:</b></td><td>".htmlspecialchars($r->subject)."</td></tr>";
@@ -762,7 +837,7 @@ case "email_get_list":
 			$body=nl2br(htmlspecialchars($r->body));
 		}
 
-		echo "<tr><td colspan=2>".$body."</td></tr>";
+		echo "<tr><td colspan=2>".$body."<br />(".mb_detect_encoding($body).")</td></tr>";
 
 		echo "</table>";
 
@@ -787,37 +862,39 @@ case "email_get_list":
 	}
 	else if($_POST['action']=="reallysend" && $_POST['reallysend'] && $_POST['to']) {
 		$emailid=intval($_POST['reallysend']);
-		$emailq=mysql_query("SELECT * FROM emails WHERE id='$emailid'");
+		$emailq=$pdo->prepare("SELECT * FROM emails WHERE id='$emailid'");
-		$email=mysql_fetch_object($emailq);
+		$email=$emailq->fetch(PDO::FETCH_OBJ);
 		$to=$_POST['to'];
 
 		if(array_key_exists($to,$mailqueries)) {
-				$recipq=mysql_query($mailqueries[$to]['query']);
+				$recipq=$pdo->prepare($mailqueries[$to]['query']);
+				$recipq->execute();
 		}
 
-		$numtotal=mysql_num_rows($recipq);
+		$numtotal=$recipq->rowCount();
-		mysql_query("INSERT INTO emailqueue (val,name,users_uid,`from`,subject,body,bodyhtml,`type`,fundraising_campaigns_id,started,finished,numtotal,numsent) VALUES (
+		$q = $pdo->prepare("INSERT INTO emailqueue (val,name,users_uid,`from`,subject,body,bodyhtml,`type`,fundraising_campaigns_id,started,finished,numtotal,numsent) VALUES (
-				'".mysql_real_escape_string($email->val)."',
+				'".$email->val."',
-				'".mysql_real_escape_string($email->name)."',
+				'".$email->name."',
 				'".$_SESSION['users_uid']."',
-				'".mysql_real_escape_string($email->from)."',
+				'".$email->from."',
-				'".mysql_real_escape_string($email->subject)."',
+				'".$email->subject."',
-				'".mysql_real_escape_string($email->body)."',
+				'".$email->body."',
-				'".mysql_real_escape_string($email->bodyhtml)."',
+				'".$email->bodyhtml."',
-				'".mysql_real_escape_string($email->type)."',
+				'".$email->type."',
 				NULL,
 				NOW(),
 				NULL,
 				$numtotal,
 				0)");
-		$emailqueueid=mysql_insert_id();
+		$q->execute();
-		echo mysql_error();
+		$emailqueueid=lastInsertId();
+		echo $pdo->errorInfo();
 
 		$urlproto = $_SERVER['SERVER_PORT'] == 443 ? "https://" : "http://";
 		$urlmain = "$urlproto{$_SERVER['HTTP_HOST']}{$config['SFIABDIRECTORY']}";
 		$urllogin = "$urlmain/login.php";
 
-		while($r=mysql_fetch_object($recipq)) {
+		while($r=$recipq->fetch(PDO::FETCH_OBJ)) {
 			if($r->uid)
 				$u=user_load_by_uid($r->uid);
 			else if($r->users_uid) 
@@ -835,9 +912,18 @@ case "email_get_list":
 							"ORGANIZATION"=>$r->organization,
 							"URLMAIN"=>$urlmain,
 							"URLLOGIN"=>$urllogin,
+							"ACCESSCODE"=>"unknown",
 							);
 			}
 			if($u) {
+
+				//we only send school access codes to science heads or principals
+				$acq=$pdo->prepare("SELECT accesscode FROM schools WHERE (sciencehead_uid='{$u['uid']}' OR principal_uid='{$u['uid']}') AND `year`='{$config['FAIRYEAR']}'");
+				$acq->execute();
+				echo $pdo->errorInfo();
+				$acr=$acq->fetch(PDO::FETCH-OBJ);
+				$accesscode=$acr->accesscode;
+
 				$replacements=array(
 							"FAIRNAME"=>$config['fairname'],
 							"SALUTATION"=>$u['salutation'],
@@ -848,6 +934,7 @@ case "email_get_list":
 							"ORGANIZATION"=>$u['sponsor']['organization'],
 							"URLMAIN"=>$urlmain,
 							"URLLOGIN"=>$urllogin,
+							"ACCESSCODE"=>$accesscode,
 							);
 
 				$toname=$u['name'];
@@ -855,15 +942,18 @@ case "email_get_list":
 			}
 
 			if($toemail) {
-				mysql_query("INSERT INTO emailqueue_recipients (emailqueue_id,toemail,toname,replacements,sent) VALUES (
+				$q = $pdo->prepare("INSERT INTO emailqueue_recipients (emailqueue_id,toemail,toname,replacements,sent) VALUES (
 					'$emailqueueid',
-					'".mysql_real_escape_string($toemail)."',
+					'".$toemail."',
-					'".mysql_real_escape_string($toname)."',
+					'".$toname."',
-					'".mysql_real_escape_string(json_encode($replacements))."',
+					'".json_encode($replacements)."',
 					NULL)");
-				echo mysql_error();
+				$q->execute();
+				echo $pdo->errorInfo();
 			}
-			mysql_query("UPDATE emails SET lastsent=NOW() WHERE id='$emailid'");
+			
+			$q = $pdo->prepare("UPDATE emails SET lastsent=NOW() WHERE id='$emailid'");
+			$q->execute();
 		}
 		launchQueue();
 		echo "<br />";

admin/communication_send_status.php

@@ -27,12 +27,15 @@
  user_auth_required('committee', 'admin');
 
  if($_GET['action']=="status") {
-	 $q=mysql_query("SELECT * FROM emailqueue WHERE finished IS NULL");
+	
+	 $q = $pdo->prepare("SELECT * FROM emailqueue WHERE finished IS NULL");
+	 $q->execute();
 
-	 if($config['emailqueue_lock'] || mysql_num_rows($q)) {
+	 if($config['emailqueue_lock'] || $q->rowCount()) {
 		echo "<h4>".i18n("Active Send Queues")."</h4>\n";
-		$q=mysql_query("SELECT *,UNIX_TIMESTAMP(started) AS ts FROM emailqueue WHERE finished IS NULL ORDER BY started DESC");
+		
-
+		$q = $pdo->prepare("SELECT *,UNIX_TIMESTAMP(started) AS ts FROM emailqueue WHERE finished IS NULL ORDER BY started DESC");
+		$q->execute();
 	 	if(!$config['emailqueue_lock']) {
 			echo error(i18n("It looks like there's emails waiting to send, but the sending process isnt running.").
 			"<br />".
@@ -51,7 +54,7 @@
 		echo " <th>".i18n("Cancel")."</th>\n";
 		echo "</tr></thead>\n";
 
-		while($r=mysql_fetch_object($q)) {
+		while($r=$q->fetch(PDO::FETCH_OBJ)) {
 			echo "<tr>";
 			echo " <td>$r->name</td>\n";
 			echo " <td>$r->subject</td>\n";
@@ -89,7 +92,9 @@
 		<?
 	 }
 
-	$q=mysql_query("SELECT * FROM emailqueue WHERE finished IS NOT NULL ORDER BY started DESC LIMIT 10");
+
+	$q = $pdo->prepare("SELECT * FROM emailqueue WHERE finished IS NOT NULL ORDER BY started DESC LIMIT 10");
+	$q->execute();
 	echo "<h4>".i18n("Completed Send Queues")."</h4>\n";
 	echo "<table class=\"tableview\">\n";
 	echo "<thead><tr>";
@@ -103,7 +108,7 @@
 	//FIXME: comment bounced until we implement it
 //	echo " <th>".i18n("Bounced")."</th>\n";
 	echo "</tr></thead>\n";
-	while($r=mysql_fetch_object($q)) {
+	while($r=$q->fetch(PDO::FETCH_OBJ)) {
 		echo "<tr>";
 		echo " <td>$r->name</td>\n";
 		echo " <td>$r->subject</td>\n";

admin/curl.inc.php

@@ -94,7 +94,7 @@
 	curl_setopt ($ch, CURLOPT_POST, 1);  /// tell it to make a POST, not a GET
 	curl_setopt ($ch, CURLOPT_POSTFIELDS, "$var=".urlencode($str));  /// put the query string here starting with "?"
 	curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1); /// This allows the output to be set into a variable $datastream
-	curl_setopt ($ch, CURLOPT_POSTFIELDSIZE, 0);
+//	curl_setopt ($ch, CURLOPT_POSTFIELDSIZE, 0);
 	curl_setopt ($ch, CURLOPT_TIMEOUT, 360);
 	curl_setopt ($ch, CURLOPT_SSLVERSION, 3);
 	curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, false);

admin/cwsfregister.php

@@ -29,14 +29,15 @@ include "xml.inc.php";
  	global $config;
  	$winners=array();
 
- 	$q=mysql_query("SELECT * FROM award_awards WHERE cwsfaward='1' AND year='".$config['FAIRYEAR']."'");
+ 	$q=$pdo->prepare("SELECT * FROM award_awards WHERE cwsfaward='1' AND year='".$config['FAIRYEAR']."'");
-	if(mysql_num_rows($q)==1)
+	$q->execute();
+	if($q->rowCount()==1)
 	{
-		$award=mysql_fetch_object($q);
+		$award=$q->fetch(PDO::FETCH_OBJ);
-		$pq=mysql_query("SELECT * FROM award_prizes WHERE award_awards_id='$award->id'");
+		$pq=$pdo->prepare("SELECT * FROM award_prizes WHERE award_awards_id='$award->id'");
-		while($prize=mysql_fetch_object($pq))
+		while($prize=$pq->fetch(PDO::FETCH_OBJ))
 		{
-			$wq=mysql_query("SELECT 
+			$wq=$pdo->prepare("SELECT 
 						projects.id,
 						projects.projectnumber,
 						projects.title,
@@ -52,13 +53,16 @@ include "xml.inc.php";
 						winners.projects_id=projects.id AND
 						awards_prizes_id='$prize->id' AND 
 						winners.year='".$config['FAIRYEAR']."'");
-						echo mysql_error();
+				$wq->execute();
-			while($project=mysql_fetch_object($wq))
+				
+						echo $pdo->errorInfo();
+			while($project=$wq->fetch(PDO::FETCH_OBJ))
 			{
-				$sq=mysql_query("SELECT * FROM students WHERE registrations_id='$project->registrations_id' AND year='".$config['FAIRYEAR']."'");
+				$sq=$pdo->prepare("SELECT * FROM students WHERE registrations_id='$project->registrations_id' AND year='".$config['FAIRYEAR']."'");
+				$sq->execute();
 				$students=array();
 				$cwsf_agecategory=0;
-				while($s=mysql_fetch_object($sq))
+				while($s=$sq->fetch(PDO::FETCH_OBJ))
 				{
 					if($s->grade>=7 && $s->grade<=8)
 					{
@@ -129,7 +133,8 @@ include "xml.inc.php";
  {
  	foreach($_POST['cwsfdivision'] AS $p=>$d)
 	{
-		mysql_query("UPDATE projects SET cwsfdivisionid='$d' WHERE id='$p'");
+		$q = $pdo->prepare("UPDATE projects SET cwsfdivisionid='$d' WHERE id='$p'");
+		$q->execute();
 	}
 	echo happy(i18n("CWSF Project Divisions saved"));
  }
@@ -166,12 +171,13 @@ include "xml.inc.php";
  }
 
  /* Load the YSC fair */
- $q = mysql_query("SELECT * FROM fairs WHERE abbrv='YSC'");
+ $q = $pdo->prepare("SELECT * FROM fairs WHERE abbrv='YSC'");
- if(mysql_num_rows($q) < 1) {
+ $q->execute();
+ if($q->rowCount() < 1) {
  	echo error(i18n("You have not defined the YSC upstream fair in the Science Fair Management area."));
 	$ok = false;
  } else {
-	 $f = mysql_fetch_assoc($q);
+	 $f = $q->fetch(PDO::FETCH_ASSOC);
 	 $ysc_region_id = $f['username'];
 	 $ysc_region_password = $f['password'];
  }
@@ -188,20 +194,21 @@ include "xml.inc.php";
 
  if($ok)
  {
- 	$q=mysql_query("SELECT * FROM award_awards WHERE cwsfaward='1' AND year='".$config['FAIRYEAR']."'");
+ 	$q=$pdo->prepare("SELECT * FROM award_awards WHERE cwsfaward='1' AND year='".$config['FAIRYEAR']."'");
-	if(!mysql_num_rows($q))
+	$q->execute();
+	if(!$q->rowCount())
 	{
 		echo error(i18n("Cannot find an award that is specified as the Canada-Wide Science Fair Award"));
 		echo i18n("Please go to the awards manager and select which award identifies your CWSF students");
 	}
-	else if(mysql_num_rows($q)>1)
+	else if($q->rowCount()>1)
 	{
 		echo error(i18n("There is more than one award that is identified as your Canada-Wide Science Fair award."));
 		echo i18n("Please go to the awards manager and choose only one award that identifies your CWSF students");
 	}
 	else
 	{
-		$award=mysql_fetch_object($q);
+		$award=$q->fetch(PDO::FETCH_OBJ);
 		echo "<b>".i18n("CWSF Award").":</b> ".$award->name."<br />";
 		echo i18n("Please review the list of winning projects/students below.  If it is all correct then you can click the 'Register for CWSF' button at the bottom of the page to send the information to YSC");
 		echo "<br />";
@@ -258,8 +265,9 @@ include "xml.inc.php";
 
 			echo "</td><td>";
 
-			$t=mysql_query("SELECT * FROM projectdivisions WHERE year='".$config['FAIRYEAR']."' AND id='".$winner['projectdivisions_id']."'");
+			$t=$q->prepare("SELECT * FROM projectdivisions WHERE year='".$config['FAIRYEAR']."' AND id='".$winner['projectdivisions_id']."'");
-			$tr=mysql_fetch_object($t);
+			$t->execute();
+			$tr=$t->fetch(PDO::FETCH_OBJ);
 			echo $tr->division;
 			echo "<br />";
 

admin/documentdownloader.php

@@ -24,8 +24,9 @@
  require("../common.inc.php");
  require_once("../user.inc.php");
  user_auth_required('committee', 'admin');
- $q=mysql_query("SELECT * FROM documents WHERE id='".$_GET['id']."'");
+ $q=$pdo->prepare("SELECT * FROM documents WHERE id='".$_GET['id']."'");
- if($r=mysql_fetch_object($q))
+ $q->execute();
+ if($r=$q->fetch(PDO::FETCH_OBJ))
  {
 	header("Content-type: ".trim(exec("file -bi ../data/documents/$r->filename")));
 	header("Content-disposition: inline; filename=\"".$r->filename."\"");

admin/donations.php

@@ -143,11 +143,15 @@ function refresh_fundraising_table() {
 <?
 
  //first, insert any defaults
- $q=mysql_query("SELECT * FROM fundraising WHERE year='".$config['FAIRYEAR']."'");
+ $q=$pdo->prepare("SELECT * FROM fundraising WHERE year='".$config['FAIRYEAR']."'");
- if(!mysql_num_rows($q)) {
+ $q->execute();
-	 $q=mysql_query("SELECT * FROM fundraising WHERE year='-1'");
+ if(!$q->rowCount()) {
-	 while($r=mysql_fetch_object($q)) {
+	 $q=$pdo->prepare("SELECT * FROM fundraising WHERE year='-1'");
-		 mysql_query("INSERT INTO fundraising (`type`,`name`,`description`,`system`,`goal`,`year`) VALUES ('$r->type','".mysql_real_escape_string($r->name)."','".mysql_real_escape_string($r->description)."','$r->system','$r->goal','".$config['FAIRYEAR']."')");
+
+     $q->execute();
+	 while($r=$q->fetch(PDO::FETCH_OBJ)) {
+		$q = $pdo->prepare("INSERT INTO fundraising (`type`,`name`,`description`,`system`,`goal`,`year`) VALUES ('$r->type','".$r->name."','".$r->description."','$r->system','$r->goal','".$config['FAIRYEAR']."')");
+        $q->execute();
 	 }
  }
 

admin/donors.php

@@ -31,8 +31,9 @@ require_once("fundraising_common.inc.php");
 switch($_GET['action']) {
 	case 'organizationinfo_load':
 		$id=intval($_GET['id']);
-		$q=mysql_query("SELECT * FROM sponsors WHERE id='$id'");
+		$q=$pdo->prepare("SELECT * FROM sponsors WHERE id='$id'");
-		$ret=mysql_fetch_assoc($q);
+		$q->execute();
+		$ret=$q->fetch(PDO::FETCH_ASSOC);
 		echo json_encode($ret);		
 		exit;
 		break;
@@ -40,8 +41,9 @@ switch($_GET['action']) {
 	case 'organizationinfo_save':
 		$id=intval($_POST['sponsor_id']);
 		if($id==-1) {
-			$q=mysql_query("INSERT INTO sponsors (year) VALUES ('".$config['FAIRYEAR']."')");
+			$q=$pdo->prepare("INSERT INTO sponsors (year) VALUES ('".$config['FAIRYEAR']."')");
-			$id=mysql_insert_id();
+			$q->execute();
+			$id=$pdo->lastInsertId();
 			echo json_encode(array("id"=>$id));
 			save_activityinfo("Created donor/sponsor", $id, $_SESSION['users_uid'],"System");
 			$createnew=true;
@@ -50,26 +52,27 @@ switch($_GET['action']) {
 
 		if($id) {
 			$exec="UPDATE sponsors SET ".
-			"donortype='".mysql_escape_string(stripslashes($_POST['donortype']))."', ".
+			"donortype='".stripslashes($_POST['donortype'])."', ".
-			"organization='".mysql_escape_string(stripslashes($_POST['organization']))."', ".
+			"organization='".stripslashes($_POST['organization'])."', ".
-			"address='".mysql_escape_string(stripslashes($_POST['address']))."', ".
+			"address='".stripslashes($_POST['address'])."', ".
-			"address2='".mysql_escape_string(stripslashes($_POST['address2']))."', ".
+			"address2='".stripslashes($_POST['address2'])."', ".
-			"city='".mysql_escape_string(stripslashes($_POST['city']))."', ".
+			"city='".stripslashes($_POST['city'])."', ".
-			"province_code='".mysql_escape_string(stripslashes($_POST['province_code']))."', ".
+			"province_code='".stripslashes($_POST['province_code'])."', ".
-			"postalcode='".mysql_escape_string(stripslashes($_POST['postalcode']))."', ".
+			"postalcode='".stripslashes($_POST['postalcode'])."', ".
-			"phone='".mysql_escape_string(stripslashes($_POST['phone']))."', ".
+			"phone='".stripslashes($_POST['phone'])."', ".
-			"tollfree='".mysql_escape_string(stripslashes($_POST['tollfree']))."', ".
+			"tollfree='".stripslashes($_POST['tollfree'])."', ".
-			"fax='".mysql_escape_string(stripslashes($_POST['fax']))."', ".
+			"fax='".stripslashes($_POST['fax'])."', ".
-			"email='".mysql_escape_string(stripslashes($_POST['email']))."', ".
+			"email='".stripslashes($_POST['email'])."', ".
-			"website='".mysql_escape_string(stripslashes($_POST['website']))."', ".
+			"website='".stripslashes($_POST['website'])."', ".
-			"notes='".mysql_escape_string(stripslashes($_POST['notes']))."', ".
+			"notes='".stripslashes($_POST['notes'])."', ".
-			"donationpolicyurl='".mysql_escape_string(stripslashes($_POST['donationpolicyurl']))."', ".
+			"donationpolicyurl='".stripslashes($_POST['donationpolicyurl'])."', ".
-			"fundingselectiondate='".mysql_escape_string(stripslashes($_POST['fundingselectiondate']))."', ".
+			"fundingselectiondate='".stripslashes($_POST['fundingselectiondate'])."', ".
-			"proposalsubmissiondate='".mysql_escape_string(stripslashes($_POST['proposalsubmissiondate']))."', ".
+			"proposalsubmissiondate='".stripslashes($_POST['proposalsubmissiondate'])."', ".
-			"waiveraccepted='".mysql_escape_string(stripslashes($_POST['waiveraccepted']))."' ".
+			"waiveraccepted='".stripslashes($_POST['waiveraccepted'])."' ".
 			"WHERE id='$id'";
-			mysql_query($exec);
+			$q = $pdo->prepare($exec);
-			echo mysql_error();
+			$q->execute();
+			echo $q->errorInfo();
 
 			//FIXME accept the logo
 			//"logo='".mysql_escape_string(stripslashes($_POST['logo']))."', ".
@@ -89,33 +92,35 @@ switch($_GET['action']) {
 
 
 		//LAST DONATION
-		$q=mysql_query("SELECT * FROM fundraising_donations WHERE sponsors_id='$id' ORDER BY datereceived DESC LIMIT 1");
+		$q=$pdo->prepare("SELECT * FROM fundraising_donations WHERE sponsors_id='$id' ORDER BY datereceived DESC LIMIT 1");
-		if($r=mysql_fetch_object($q))
+		$q->execute();
+		if($r=$q->fetch(PDO::FETCH_OBJ))
 			$lastdonation=i18n("%1 on %2",array(format_money($r->value,false),format_date($r->datereceived)),array("Donation amount","Donation date"));
 		else
 			$lastdonation=i18n("Never");
 
 		//TOTAL THIS YEAR
-		$q=mysql_query("SELECT SUM(value) AS total FROM fundraising_donations 
+		$q=$pdo->prepare("SELECT SUM(value) AS total FROM fundraising_donations 
 				WHERE sponsors_id='$id' 
 				AND status='received'
 				AND fiscalyear={$config['FISCALYEAR']} 
 				");
-
+		$q->execute();
-		if($r=mysql_fetch_object($q))
+		if($r=$q->fetch(PDO::FETCH_OBJ))
 			$totalthisyear=format_money($r->total,false);
 		else
 			$totalthisyear=format_money(0);
 
 		//TOTAL LAST YEAR
 		$lastyear=$config['FISCALYEAR']-1;
-		$q=mysql_query("SELECT SUM(value) AS total FROM fundraising_donations 
+		$q=$pdo->prepare("SELECT SUM(value) AS total FROM fundraising_donations 
 				WHERE sponsors_id='$id' 
 				AND status='received'
 				AND fiscalyear=$lastyear
 				");
+		$q->execute();
 
-		if($r=mysql_fetch_object($q))
+		if($r=$q->fetch(PDO::FETCH_OBJ))
 			$totallastyear=format_money($r->total,false);
 		else
 			$totallastyear=format_money(0);
@@ -129,7 +134,7 @@ switch($_GET['action']) {
 		echo "<br />\n";
 		echo "<h4>".i18n("Donations/Sponsorships")."</h4>\n";
 		echo "<div id=\"thisyeardonationhistory\">";
-		$q=mysql_query("SELECT fundraising_donations.*, 
+		$q=$pdo->prepare("SELECT fundraising_donations.*, 
 				fundraising_campaigns.name AS campaignname 
 				FROM fundraising_donations 
 				LEFT JOIN fundraising_campaigns ON fundraising_donations.fundraising_campaigns_id=fundraising_campaigns.id 
@@ -137,9 +142,10 @@ switch($_GET['action']) {
 				AND status='received' 
 				AND fundraising_donations.fiscalyear='{$config['FISCALYEAR']}' 
 				ORDER BY datereceived DESC");
-		echo mysql_Error();
+		$q->execute();
+		echo $pdo->errorInfo();
 
-		if(mysql_num_rows($q)) {
+		if($q->rowCount()) {
 			echo "<table class=\"tableview\">";
 			echo "<thead>";
 			echo "<tr>";
@@ -150,7 +156,7 @@ switch($_GET['action']) {
 			echo " <th>".i18n("Remove")."</th>\n";
 			echo "</tr>";
 			echo "</thead>";
-			while($r=mysql_fetch_object($q)) {
+			while($r=$q->fetch(PDO::FETCH_OBJ)) {
 				echo "<tr>\n";
 				echo " <td>".format_date($r->datereceived)."</td>\n";
 				$goal=getGoal($r->fundraising_goal);
@@ -182,14 +188,15 @@ switch($_GET['action']) {
 		echo "</tr>";
 		echo "</thead>";
 
-		$q=mysql_query("SELECT fundraising_donations.*, 
+		$q=$pdo->prepare("SELECT fundraising_donations.*, 
 				fundraising_campaigns.name AS campaignname 
 				FROM fundraising_donations 
 				LEFT JOIN fundraising_campaigns ON fundraising_donations.fundraising_campaigns_id=fundraising_campaigns.id 
 				WHERE sponsors_id='$id' 
 					AND status='received' 
 				ORDER BY datereceived DESC");
-		while($r=mysql_fetch_object($q)) {
+		$q->execute();
+		while($r=$q->fetch(PDO::FETCH_OBJ)) {
 			echo "<tr>\n";
 			echo " <td>".format_date($r->datereceived)."</td>\n";
 				$goal=getGoal($r->fundraising_goal);
@@ -215,7 +222,7 @@ switch($_GET['action']) {
 		echo "</td><td>";
 
 			// loop through each contact in the donor
-			$query = mysql_query("SELECT users.id,users.uid,users.deleted,MAX(year) 
+			$query = $pdo->prepare("SELECT users.id,users.uid,users.deleted,MAX(year) 
 				FROM users 
 				LEFT JOIN users_sponsor ON users_sponsor.users_id=users.id
 				WHERE 
@@ -225,29 +232,32 @@ switch($_GET['action']) {
 				HAVING deleted='no' 
 				ORDER BY users_sponsor.primary DESC,lastname,firstname
 			");
-			echo mysql_error();
+			$query->execute();
+			echo $pdo->errorInfo();
 			$uids=array();
-			while($r=mysql_fetch_object($query)) {
+			while($r=$query->fetch(PDO::FETCH_OBJ)) {
 				$uids[]=$r->uid;
 			}
 
-		$q=mysql_query("SELECT * FROM fundraising_campaigns
+		$q=$pdo->prepare("SELECT * FROM fundraising_campaigns
 				WHERE fiscalyear='{$config['FISCALYEAR']}' 
 				ORDER BY name");
+		$q->execute();
 		$str="";
 		echo "<select id=\"fundraising_campaign_id\" name=\"fundraising_campaigns_id\" onchange=\"campaignchange()\">";
 		echo "<option value=\"\">".i18n("Choose an appeal")."</option>\n";
-		while($r=mysql_fetch_object($q)) {
+		while($r=$q->fetch(PDO::FETCH_OBJ)) {
 				//if there's uids, we can check if this sponsor is in the campaign
 				//if there's no uids, (aka no contacts) then there's no way we could have included them in a cmomunication
 				//but they could still get here fors ome reason, so we still need to show all the campaigns
 
 				if(count($uids)) {
-					$tq=mysql_query("SELECT * FROM fundraising_campaigns_users_link
+					$tq=$pdo->prepare("SELECT * FROM fundraising_campaigns_users_link
 						WHERE fundraising_campaigns_id='$r->id'
 						AND users_uid IN (".implode(",",$uids).")
 						");
-					if(mysql_num_rows($tq)) {
+					$tq->execute();
+					if($tq->rowCount()) {
 						$incampaign=i18n("*In Appeal*").": ";
 					}
 					else $incampaign="";
@@ -272,8 +282,9 @@ switch($_GET['action']) {
 		echo "<option value=\"\">".i18n("Choose a purpose")."</option>\n";
 		//FIXME: only show campaigns that they were included as part of
 		//we need a campaigns_users_link or campaigns_sponsors_link or something
-		$q=mysql_query("SELECT * FROM fundraising_goals WHERE fiscalyear='{$config['FISCALYEAR']}' ORDER BY name");
+		$q=$pdo->prepare("SELECT * FROM fundraising_goals WHERE fiscalyear='{$config['FISCALYEAR']}' ORDER BY name");
-		while($r=mysql_fetch_object($q)) {
+		$q->execute();
+		while($r=$q->fetch(PDO::FETCH_OBJ)) {
 			echo "<option value=\"$r->goal\">$r->name</option>\n";
 		}
 
@@ -352,9 +363,9 @@ switch($_GET['action']) {
 	case 'newcontactsearch':
 
 		if($_POST['email'])
-		$q=mysql_query("SELECT *,MAX(year) FROM users WHERE email='".trim($_POST['email'])."' GROUP BY uid HAVING deleted='no'");
+		$q=$pdo->prepare("SELECT *,MAX(year) FROM users WHERE email='".trim($_POST['email'])."' GROUP BY uid HAVING deleted='no'");
-
+		$q->execute();
-		if($r=mysql_fetch_object($q)) {
+		if($r=$q->fetch(PDO::FETCH_OBJ)) {
 			echo i18n("There is an exact email address match for %1",array($_POST['email']));
 			echo "<ul>";
 			echo "<li><a href=\"#\" onclick=\"useexistingcontact($r->uid)\">$r->firstname $r->lastname $r->email $r->phonehome</a></li>\n";
@@ -381,15 +392,16 @@ switch($_GET['action']) {
 			if($_POST['email'])
 				$searchstr.=" AND email LIKE '%".$_POST['email']."%'";
 
-			$q=mysql_query("SELECT *,MAX(year) FROM users WHERE $searchstr GROUP BY uid HAVING deleted='no'");
+			$q=$pdo->prepare("SELECT *,MAX(year) FROM users WHERE $searchstr GROUP BY uid HAVING deleted='no'");
-			$num=mysql_num_rows($q);
+			$q->execute();
+			$num=$q->rowCount();
 			if($num==0) {
 				echo i18n("No existing users match, will create a new user");
 			}
 			else if($num<15) {
 				echo i18n("Did you mean one of these existing users? (click to choose one)")."<br />";
 				echo "<ul>";
-				while($r=mysql_fetch_object($q)) {
+				while($r=$q->fetch(PDO::FETCH_OBJ)) {
 					echo "<li><a href=\"#\" onclick=\"useexistingcontact($r->uid)\">$r->firstname $r->lastname $r->email $r->phonehome</a></li>\n";
 				}
 				echo "</ul>";
@@ -410,22 +422,23 @@ switch($_GET['action']) {
 		$datereceived=$_POST['datereceived'];
 
 		if($goal && $value && $supporttype) {
-			mysql_query("INSERT INTO fundraising_donations (sponsors_id,fundraising_goal,fundraising_campaigns_id,value,status,probability,fiscalyear,thanked,datereceived,supporttype) VALUES (
+			$q = $pdo->prepare("INSERT INTO fundraising_donations (sponsors_id,fundraising_goal,fundraising_campaigns_id,value,status,probability,fiscalyear,thanked,datereceived,supporttype) VALUES (
 			'$sponsorid',
-			'".mysql_real_escape_string($goal)."',
+			'".$goal."',
 			'$campaignid',
 			'$value',
 			'received',
 			'100',
 			'{$config['FISCALYEAR']}',
 			'no',
-			'".mysql_real_escape_string($datereceived)."',
+			'".$datereceived."',
-			'".mysql_real_escape_string($supporttype)."'
+			'".$supporttype."'
 			)");
-			$id=mysql_insert_id();
+			$q->execute();
+			$id=$pdo->lastInsertId();
 			$logStr=getDonationString($id);
 			save_activityinfo("Added donation/sponsorship: $logStr", $sponsorid, $_SESSION['users_uid'],"System");
-			echo mysql_error();
+			echo $pdo->errorInfo();
 
 			happy_("Donation/sponsorship added");
 		} else {
@@ -441,8 +454,9 @@ switch($_GET['action']) {
 		if($logStr=getDonationString($id)) {
 			save_activityinfo("Removed donation/sponsorship: $logStr", $sponsorid, $_SESSION['users_uid'],"System");
 			happy_("Donation/sponsorship removed");
-			mysql_query("DELETE FROM fundraising_donations WHERE id='$id' AND sponsors_id='$sponsorid'");
+			$q = $pdo->prepare("DELETE FROM fundraising_donations WHERE id='$id' AND sponsors_id='$sponsorid'");
-			echo mysql_error();
+			$q->execute();
+			echo $pdo->errorInfo();
 		}
 		else {
 			error_("Invalid donation/sponsorship to remove");
@@ -461,8 +475,9 @@ send_header("Donor/Sponsor Management",
 function delete_contact(){
 	if(array_key_exists('userid', $_POST)){
 		$uid = $_POST['userid'];
-		$data = mysql_query("SELECT CONCAT_WS(' ', users.firstname, users.lastname) AS name FROM users WHERE id=" . $uid);
+		$data = $pdo->prepare("SELECT CONCAT_WS(' ', users.firstname, users.lastname) AS name FROM users WHERE id=" . $uid);
-		$namedata = mysql_fetch_array($data);
+		$data->execute();
+		$namedata = $data->fetch();
 		$name = trim($namedata['name']);
 		user_delete($uid,"sponsor");
 		happy_("Deleted contact %1", array($name));
@@ -498,8 +513,9 @@ function save_contact(){
 		if($_POST['recordtype'] == 'new'){
 
 			if($_POST['email']) {
-				$q=mysql_query("SELECT *,MAX(year) FROM users WHERE email='".trim($_POST['email'])."' GROUP BY uid HAVING deleted='no'");
+				$q=$pdo->prepare("SELECT *,MAX(year) FROM users WHERE email='".trim($_POST['email'])."' GROUP BY uid HAVING deleted='no'");
-				if(mysql_num_rows($q)) {
+				$q->execute();
+				if($q->rowCount()) {
 					error_("A user with that email address already exists");
 					exit;
 				}
@@ -531,15 +547,17 @@ function save_contact(){
 				AND `primary`='yes'
 				AND year='".$config['FAIRYEAR']."'
 				AND users_id!='$id'";
-			$q = mysql_query($query);
+			$q = $pdo->prepare($query);
-			if(mysql_num_rows($q) == 0) {
+			$q->execute();
+			if($q->rowCount() == 0) {
 				/* This has to be the primary since there isn't one already */
 				$p = 'yes';
 			}
 		} else {
 			/* Unset all other primaries */
-			mysql_query("UPDATE users_sponsor SET `primary`='no'
+			$q=$pdo->prepare("UPDATE users_sponsor SET `primary`='no'
 					WHERE sponsors_id='$sponsor_id' AND users_id != '$id'");
+			$q->execute();
 		}
 
 		// we now know whether or not they're the primary user.  Update them with that,
@@ -602,7 +620,7 @@ function draw_contactsinfo_form($contact = null){
 
 
 	// loop through each contact and draw a form with their data in it.
-	$query = mysql_query("SELECT *,MAX(year) FROM users LEFT JOIN users_sponsor ON users_sponsor.users_id=users.id
+	$query = $pdo->prepare("SELECT *,MAX(year) FROM users LEFT JOIN users_sponsor ON users_sponsor.users_id=users.id
 	WHERE 
 	sponsors_id='" . $sponsor_id . "' 
 	AND types LIKE '%sponsor%'
@@ -610,9 +628,10 @@ function draw_contactsinfo_form($contact = null){
 	HAVING deleted='no' 
 	ORDER BY users_sponsor.primary DESC,lastname,firstname
 	");
-	echo mysql_error();
+	$query->execute();
+	echo $pdo->errorInfo();
 
-	while($contact = mysql_fetch_array($query)){
+	while($contact = $query->fetch()){
 		// draw a header for this user
 		echo "<h3><a href=\"#\">";
 		echo $contact["firstname"] . " " . $contact["lastname"];
@@ -645,8 +664,9 @@ function draw_contact_form($sponsor_id, $contact = null){
 	global $config;
 
 	//grab the sponsor details, so we can do diff things for individual vs organization
-	$q=mysql_query("SELECT * FROM sponsors WHERE id='$sponsor_id'");
+	$q=$pdo->prepare("SELECT * FROM sponsors WHERE id='$sponsor_id'");
-	$sponsor=mysql_fetch_object($q);
+	$q->execute();
+	$sponsor=$q->fetch(PDO::FETCH_OBJ);
 
 	if($contact != null){
 		$id = $contact["id"];
@@ -794,10 +814,11 @@ function draw_activityinfo_form(){
 			</td>
 			<td align="center">
 <?php
-				$q=mysql_query("SELECT * FROM fundraising_campaigns WHERE fiscalyear='{$config['FISCALYEAR']}' ORDER BY name");
+				$q=$pdo->prepare("SELECT * FROM fundraising_campaigns WHERE fiscalyear='{$config['FISCALYEAR']}' ORDER BY name");
+				$q->execute();
 				echo "<select name=\"fundraising_campaigns_id\">";
 				echo "<option value=\"\">".i18n("Choose Appeal")."</option>\n";
-				while($r=mysql_fetch_object($q)) {
+				while($r=$q->fetch(PDO::FETCH_OBJ)) {
 					echo "<option value=\"$r->id\">$r->name</option>\n";
 				}
 				echo "</select>\n";
@@ -817,10 +838,11 @@ function draw_activityinfo_form(){
 		  LEFT JOIN fundraising_campaigns ON fdl.fundraising_campaigns_id=fundraising_campaigns.id
 		  WHERE sponsors_id=" . $sponsorid. " ORDER BY dt DESC";
 	//echo "<tr><td colspan=\"3\">" . $query . "</td></tr>";
-	$q = mysql_query($query);
+	$q = $pdo->prepare($query);
-	echo mysql_error();
+	$q->execute();
-	if(mysql_num_rows($q)) {
+	echo $pdo->errorInfo();
-		while($r = mysql_fetch_array($q)) {
+	if($q->rowCount()) {
+		while($r = $q->fetch()) {
 			echo "<tr><td>" . $r["dt"] . "</td>";
 			echo "<td>" . $r["name"] . "</td>";
 			echo "<td>" . $r["type"] . "</td>";
@@ -846,25 +868,27 @@ function save_activityinfo($comment, $donorId, $userId, $type, $campaign_id=null
 		VALUES ($donorId,
 		NOW(),
 		$userId,
-		'".mysql_real_escape_string($comment)."',
+		'".$comment."',
-		'".mysql_real_escape_string($type)."',
+		'".$type."',
 		$cid)";
-	mysql_query($query);
+	$q = $pdo->prepare($query);
-	echo mysql_error();
+	$q->execute();
+	echo $pdo->errorInfo();
 }
 
 function getDonationString($id) {
 	global $config;
-	$q=mysql_query("SELECT fundraising_donations.*, 
+	$q=$pdo->prepare("SELECT fundraising_donations.*, 
 		fundraising_campaigns.name AS campaignname 
 		FROM fundraising_donations 
 		LEFT JOIN fundraising_campaigns ON fundraising_donations.fundraising_campaigns_id=fundraising_campaigns.id 
 		WHERE fundraising_donations.id='$id' 
 		AND fundraising_donations.fiscalyear='{$config['FISCALYEAR']}' 
 		");
-	echo mysql_error();
+	$q->execute();
+	echo $pdo->errorInfo();
 	$str="";
-	if($r=mysql_fetch_object($q)) {
+	if($r=$q->fetch(PDO::FETCH_OBJ)) {
 		$str.=format_date($r->datereceived)." - ";
 		$goal=getGoal($r->fundraising_goal);
 		if($goal) {

admin/donors_search.php

@@ -30,7 +30,7 @@
 		//$q=mysql_query("SELECT * FROM award_sponsors WHERE year='".$config['FAIRYEAR']."' ORDER BY organization");
 		//we want to show all years, infact that year field probably shouldnt even be there.
 		$sql="";
-		if($_POST['search']) $sql.=" AND organization LIKE '%".mysql_real_escape_string($_POST['search'])."%' ";
+		if($_POST['search']) $sql.=" AND organization LIKE '%".$_POST['search']."%' ";
 		if(count($_POST['donortype'])) {
 			$sql.=" AND (0 ";
 			foreach($_POST['donortype'] AS $d) {
@@ -40,19 +40,22 @@
 		}
 		$query="SELECT * FROM sponsors WHERE 1 $sql ORDER BY organization";
 //		echo "query=$query";
-		$q=mysql_query($query);
+		$q=$pdo->prepare($query);
+		$q->execute();
 
 		$thisyear=$config['FISCALYEAR'];
 		$lastyear=$config['FISCALYEAR']-1;
 		$rows=array();
 
-		while($r=mysql_fetch_object($q))
+		while($r=$q->fetch(PDO::FETCH_OBJ))
 		{
-			$cq=mysql_query("SELECT SUM(value) AS total FROM fundraising_donations WHERE sponsors_id='$r->id' AND status='received' AND fiscalyear='$thisyear'");
+			$cq=$pdo->prepare("SELECT SUM(value) AS total FROM fundraising_donations WHERE sponsors_id='$r->id' AND status='received' AND fiscalyear='$thisyear'");
-			$cr=mysql_fetch_object($cq);
+			$cq->execute();
+			$cr=$cq->fetch(PDO::FETCH_OBJ);
 			$thisyeartotal=$cr->total;
-			$cq=mysql_query("SELECT SUM(value) AS total FROM fundraising_donations WHERE sponsors_id='$r->id' AND status='received' AND fiscalyear='$lastyear'");
+			$cq=$pdo->prepare("SELECT SUM(value) AS total FROM fundraising_donations WHERE sponsors_id='$r->id' AND status='received' AND fiscalyear='$lastyear'");
-			$cr=mysql_fetch_object($cq);
+			$cq->execute();
+			$cr=$cq->fetch(PDO::FETCH_OBJ);
 			$lastyeartotal=$cr->total;
 			if($lastyeartotal)
 				$change=round(($thisyeartotal-$lastyeartotal)/$lastyeartotal*100);

admin/exhibithall_sa.php

@@ -172,9 +172,10 @@ TRACE("<pre>\n");
 
 /* Load exhibit halls */
 $exhibithall = array();
-$q = mysql_query("SELECT * FROM exhibithall WHERE type='exhibithall'");
+$q = $pdo->prepare("SELECT * FROM exhibithall WHERE type='exhibithall'");
+$q->execute();
 TRACE("Loading exhibit halls...\n");
-while(($r = mysql_fetch_assoc($q))) {
+while(($r = $q->fetch(PDO::FETCH_ASSOC))) {
 	$r['divs'] = unserialize($r['divs']);
 	$r['cats'] = unserialize($r['cats']);
 	$exhibithall[$r['id']] = $r;
@@ -183,9 +184,10 @@ while(($r = mysql_fetch_assoc($q))) {
 
 /* Load objects */
 $objects = array();
-$q = mysql_query("SELECT * FROM exhibithall WHERE type='wall' OR type='project'");
+$q = $pdo->prepare("SELECT * FROM exhibithall WHERE type='wall' OR type='project'");
+$q->execute();
 TRACE("Loading objects...\n");
-while(($r = mysql_fetch_assoc($q))) {
+while(($r = $q->fetch([PDO::FETCH_ASSOC]))) {
 	$r['divs'] = unserialize($r['divs']);
 	$r['cats'] = unserialize($r['cats']);
 	$objects[$r['id']] = $r;
@@ -215,8 +217,9 @@ TRACE("Grid size: {$grid_size}m\n");
 
 $div = array();
 TRACE("Loading Project Divisions...\n");
-$q=mysql_query("SELECT * FROM projectdivisions WHERE year='{$config['FAIRYEAR']}' ORDER BY id");
+$q=$pdo->prepare("SELECT * FROM projectdivisions WHERE year='{$config['FAIRYEAR']}' ORDER BY id");
-while($r=mysql_fetch_object($q))
+while($r=$q->fetch(PDO::FETCH_OBJ))
+{
 {
 	$divshort[$r->id]=$r->division_shortform;
 	$div[$r->id]=$r->division;
@@ -225,8 +228,9 @@ while($r=mysql_fetch_object($q))
 
 TRACE("Loading Project Age Categories...\n");
 $cat = array();
-$q=mysql_query("SELECT * FROM projectcategories WHERE year='{$config['FAIRYEAR']}' ORDER BY id");
+$q=$pdo->prepare("SELECT * FROM projectcategories WHERE year='{$config['FAIRYEAR']}' ORDER BY id");
-while($r=mysql_fetch_object($q)) {
+$q->execute();
+while($r=$q->fetch(PDO::FETCH_OBJ) {
 	$catshort[$r->id]=$r->category_shortform;
 	$cat[$r->id]=$r->category;
 	TRACE("   {$r->id} - {$r->category}\n");
@@ -234,17 +238,19 @@ while($r=mysql_fetch_object($q)) {
 
 TRACE("Loading Projects...\n");
 $projects = array();
-$q = mysql_query("SELECT projects.* FROM projects, registrations 
+$q = $pdo->prepare("SELECT projects.* FROM projects, registrations 
 				WHERE
 					projects.year='{$config['FAIRYEAR']}' 
 					AND registrations.id = projects.registrations_id
 				".getJudgingEligibilityCode());
-while($p = mysql_fetch_object($q)) {
+$q->execute();
-	$qq = mysql_query("SELECT grade,schools_id FROM students WHERE registrations_id='{$p->registrations_id}'");
+while($p = $q->fetch(PDO::FETCH_OBJ)) {
-	$num_students = mysql_num_rows($qq);
+	$qq = $pdo->prepare("SELECT grade,schools_id FROM students WHERE registrations_id='{$p->registrations_id}'");
+	$qq->execute();
+	$num_students = $qq->rowCouunt();
 	$grade = 0;
 	$schools_id = 0;
-	while($s = mysql_fetch_assoc($qq)) {
+	while($s = $qq->fetch(PDO::FETCH_ASSOC)) {
 		if($s['grade'] > $grade) {
 			$grade = $s['grade'];
 			$schools_id = $s['schools_id'];
@@ -271,7 +277,8 @@ if($action == 'pn') {
 		$n = sprintf("%03d", $p['floornumber']);
 		$pn = "$c $n $d";
 		TRACE("Project {$p['projects_id']} at loc {$p['floornumber']}: $pn\n");
-		mysql_query("UPDATE projects SET projectnumber='$pn' WHERE id='{$p['projects_id']}'");
+		$q=$pdo->prepare("UPDATE projects SET projectnumber='$pn' WHERE id='{$p['projects_id']}'");
+		$q->execute();
 	}
 	TRACE("Done.\n");
 	exit;
@@ -597,10 +604,12 @@ for($x=0;$x<$a->num_buckets; $x++) {
 print_r($projects);
 
 /* Assign floor numbers */
-mysql_query("UPDATE projects SET floornumber=0 WHERE year='{$config['FAIRYEAR']}'");
+$q = $pdo->prepare("UPDATE projects SET floornumber=0 WHERE year='{$config['FAIRYEAR']}'");
+$q->execute();
 
 foreach($projects as $pid=>$p) {
-	mysql_query("UPDATE projects SET floornumber='{$p['floornumber']}' WHERE id='$pid'");
+	$q=$pdo->prepare("UPDATE projects SET floornumber='{$p['floornumber']}' WHERE id='$pid'");
+	$q->execute();
 	TRACE("Project $pid => Floor number {$p['floornumber']}\n");
 }
 

admin/export_checkin.php

@@ -27,8 +27,9 @@
  user_auth_required('committee', 'admin');
  require("../lpdf.php");
 
-$catq=mysql_query("SELECT * FROM projectcategories WHERE year='".$config['FAIRYEAR']."' AND id='".$_GET['cat']."'");
+$catq=$pdo->prepare("SELECT * FROM projectcategories WHERE year='".$config['FAIRYEAR']."' AND id='".$_GET['cat']."'");
-if($catr=mysql_fetch_object($catq))
+$catq->execute();
+if($catr=$catq->fetch(PDO::FETCH_OBJ))
 {
 
  	$pdf=new lpdf(	i18n($config['fairname']),
@@ -38,7 +39,7 @@ if($catr=mysql_fetch_object($catq))
 
 	$pdf->newPage();
 	$pdf->setFontSize(11);
-	$q=mysql_query("SELECT  registrations.id AS reg_id,
+	$q=$pdo->prepare("SELECT  registrations.id AS reg_id,
 				registrations.num AS reg_num,
 				registrations.status,
 				projects.title,
@@ -54,7 +55,8 @@ if($catr=mysql_fetch_object($catq))
 			ORDER BY
 				projects.title
 			");
-		echo mysql_error();
+		$q->execute();
+		echo $pdo->errorInfo();
 
 	$table=array();
 
@@ -72,22 +74,24 @@ if($catr=mysql_fetch_object($catq))
 		$table['dataalign']=array("left","left","left","center");
 
 	}
-	while($r=mysql_fetch_object($q))
+	while($r=$q->fetch(PDO::FETCH_OBJ))
 	{
-		$divq=mysql_query("SELECT division,division_shortform FROM projectdivisions WHERE year='".$config['FAIRYEAR']."' AND id='".$r->projectdivisions_id."'");
+		$divq=$pdo->prepare("SELECT division,division_shortform FROM projectdivisions WHERE year='".$config['FAIRYEAR']."' AND id='".$r->projectdivisions_id."'");
-		$divr=mysql_fetch_object($divq);
+		$divq->execute();
+		$divr=$divq->fetch(PDO::FETCH_OBJ);
 
-		$sq=mysql_query("SELECT students.firstname,
+		$sq=$pdo->prepare("SELECT students.firstname,
 					students.lastname
 				FROM
 					students
 				WHERE
 					students.registrations_id='$r->reg_id'
 				");
+		$sq->execute();
 
 		$students="";
 		$studnum=0;
-		while($studentinfo=mysql_fetch_object($sq))
+		while($studentinfo=$sq->fetch(PDO::FETCH_OBJ))
 		{
 			if($studnum>0) $students.=", ";
 			$students.="$studentinfo->firstname $studentinfo->lastname";

admin/fair_stats.php

@@ -31,8 +31,9 @@
 
  /* Hack so we can jump right to YSC stats */
  if($_GET['abbrv'] == 'YSC') {
- 	$q = mysql_query("SELECT id FROM fairs WHERE abbrv='YSC'");
+ 	$q = $pdo->prepare("SELECT id FROM fairs WHERE abbrv='YSC'");
-	$r = mysql_fetch_assoc($q);
+	$q->execute();
+	$r = $q->fetch(PDO::FETCH_ASSOC);
 	$_GET['id'] = $r['id'];
  }
 
@@ -92,8 +93,9 @@
  else $fairs_id = -1;
 
  if($fairs_id != -1) {
- 	$q = mysql_query("SELECT * FROM fairs WHERE id='$fairs_id'");
+ 	$q = $pdo->prepare("SELECT * FROM fairs WHERE id='$fairs_id'");
-	$fair = mysql_fetch_assoc($q);
+	$q->execute();
+	$fair = $q->fetch(PDO::FETCH_ASSOC);
  }
 
  $action = $_POST['action'];
@@ -134,19 +136,21 @@
 
 
  echo "<form name=\"fairselect\" action=\"$PHPSELF\" method=\"get\">";
- $q=mysql_query("SELECT * FROM fairs WHERE `type`='sfiab' OR `type`='ysc' AND enable_stats='yes'");
+ $q = $pdo->prepare("SELECT * FROM fairs WHERE `type`='sfiab' OR `type`='ysc' AND enable_stats='yes'");
+ $q->execute();
  echo "<select name=\"id\">";
  echo "<option value=\"\">".i18n("Choose a destination")."</option>\n";
- while($r=mysql_fetch_object($q)) {
+ while($r=$q->fetch(PDO::FETCH_OBJ)) {
  	if($fairs_id==$r->id) $sel="selected=\"selected\""; else $sel="";
  	echo "<option $sel value=\"{$r->id}\">{$r->name} ({$r->abbrv})</option>\n";
  }
  echo "</select>\n";
 
- $q=mysql_query("SELECT DISTINCT(year) AS year FROM config WHERE year>0 ORDER BY year");
+ $q = $pdo->prepare("SELECT DISTINCT(year) AS year FROM config WHERE year>0 ORDER BY year");
+ $q->execute();
  echo "<select name=\"year\">";
  echo "<option value=\"\">".i18n("Choose a year")."</option>\n";
- while($r=mysql_fetch_object($q)) {
+ while($r=$q->fetch(PDO::FETCH_OBJ)) {
  	if($year==$r->year) $sel="selected=\"selected\""; else $sel="";
  	echo "<option $sel value=\"$r->year\">$r->year</option>\n";
  }
@@ -213,24 +217,26 @@
  /* And now, overwrite all the stuff we pulled down with stats we can compute */
 
  //number of schools
- $q=mysql_query("SELECT COUNT(id) AS num FROM schools WHERE year='$year'");
+ $q=$pdo->prepare("SELECT COUNT(id) AS num FROM schools WHERE year='$year'");
- $r=mysql_fetch_object($q);
+ $q->execute();
+ $r=$q->fetch(PDO::FETCH_OBJ);
  $stats['schools_total']=$r->num;
 
  //number of schools participating
- $q=mysql_query("SELECT DISTINCT(students.schools_id) AS sid, schools.*
+ $q=$pdo->prepare("SELECT DISTINCT(students.schools_id) AS sid, schools.*
  		 	FROM students 
 				LEFT JOIN registrations ON students.registrations_id=registrations.id 
 				LEFT JOIN schools ON students.schools_id=schools.id
 			WHERE students.year='$year' 
 				AND registrations.year='$year' 
 				AND (registrations.status='complete' OR registrations.status='paymentpending')");
- $stats['schools_active']=mysql_num_rows($q);
+	$q->execute();
+ $stats['schools_active']=$q->rowCount();
  $stats['schools_public'] = 0;
  $stats['schools_private'] = 0;
  $stats['schools_atrisk'] = 0;
  $districts = array();
- while($si=mysql_fetch_assoc($q)) {
+ while($si=$q->fetch(PDO::FETCH_ASSOC)) {
 	if($si['designate'] == 'public') 
 		 $stats['schools_public']++;
 	if($si['designate'] == 'independent') 
@@ -243,15 +249,16 @@
  $stats['schools_districts'] = count($districts);
 
  //numbers of students:
- $q=mysql_query("SELECT students.*,schools.* 
+ $q=$pdo->error("SELECT students.*,schools.* 
 	 		FROM students
 				LEFT JOIN registrations ON students.registrations_id=registrations.id 
 				LEFT JOIN schools on students.schools_id=schools.id
 			WHERE students.year='$year' 
 				AND registrations.year='$year' 
 				AND (registrations.status='complete' OR registrations.status='paymentpending')");
- echo mysql_error();
+$q->execute();
- $stats['students_total'] = mysql_num_rows($q);
+ echo $pdo->errorInfo();
+ $stats['students_total'] = $q->rowCount();
  $stats['students_public'] = 0;
  $stats['students_private'] = 0;
  $stats['students_atrisk'] = 0;
@@ -263,7 +270,7 @@
  	$stats["projects_$g"] = 0;
  }
  $unknown = array();
- while($s=mysql_fetch_assoc($q)) {
+ while($s=$q->fetch(PDO::FETCH_ASSOC)) {
  	if(!in_array($s['sex'], array('male','female'))) 
 		$unknown[$grademap[$s['grade']]]++;
 	else 
@@ -285,7 +292,7 @@
  }
 
  //projects
- $q=mysql_query("SELECT MAX(students.grade) AS grade FROM students
+ $q=$pdo->prepare("SELECT MAX(students.grade) AS grade FROM students
 	 		LEFT JOIN registrations ON students.registrations_id=registrations.id 
 			LEFT JOIN projects ON projects.registrations_id=registrations.id 
 		WHERE  students.year='$year' 
@@ -293,28 +300,31 @@
 			AND projects.year='$year' 
 			AND (registrations.status='complete' OR registrations.status='paymentpending') 
 			GROUP BY projects.id");
- echo mysql_error();
+$q->execute();
- while($r=mysql_fetch_assoc($q)) {
+ echo $pdo->errorInfo();
+ while($r=$q->fetch(PDO::FETCH_ASSOC)) {
 	$stats["projects_{$grademap[$r['grade']]}"]++;
  }
 
 
- $q=mysql_query("SELECT COUNT(id) AS num FROM users 
+ $q=$pdo->prepare("SELECT COUNT(id) AS num FROM users 
  				LEFT JOIN users_committee ON users_committee.users_id=users.id
 	 		WHERE types LIKE '%committee%' 
 				AND year='$year' 
 				AND users_committee.committee_active='yes'
 				AND deleted='no'");
- $r = mysql_fetch_object($q);
+$q->execute();
+ $r = $q->fetch(PDO::FETCH_OBJ);
  $stats['committee_members'] = $r->num;
 
- $q=mysql_query("SELECT COUNT(id) AS num FROM users LEFT JOIN users_judge ON users_judge.users_id=users.id 
+ $q=$pdo->prepare("SELECT COUNT(id) AS num FROM users LEFT JOIN users_judge ON users_judge.users_id=users.id 
  					WHERE users.year='$year' 
 						AND users.types LIKE '%judge%'
 						AND users.deleted='no'
 						AND users_judge.judge_complete='yes' 
 						AND users_judge.judge_active='yes'");
- $r=mysql_fetch_object($q);
+$q->execute();
+ $r=$q->fetch(PDO::FETCH_OBJ);
  $stats['judges'] = $r->num;
 
 

admin/fair_stats_select.php

@@ -52,8 +52,9 @@
 		}
 	}
 	$s = join(',', $_POST['stats']);
-	$q = mysql_query("UPDATE fairs SET gather_stats='$s' WHERE id='$id'");
+	$q = $pdo->prepare("UPDATE fairs SET gather_stats='$s' WHERE id='$id'");
-	echo mysql_error();
+	$q->execute();
+	echo $pdo->errorInfo();
 	echo "UPDATE fairs SET gather_stats='$s' WHERE id='$id'";
 	happy_("Saved");
 	exit;
@@ -62,8 +63,9 @@
  /* Load the user we're editting */
  $u = user_load($_SESSION['embed_edit_id']);
  /* Load the fair attached to the user */
- $q = mysql_query("SELECT * FROM fairs WHERE id={$u['fairs_id']}");
+ $q = $pdo->prepare("SELECT * FROM fairs WHERE id={$u['fairs_id']}");
- $f = mysql_fetch_assoc($q);
+ $q->execute();
+ $f = $q->fetch(PDO::FETCH_ASSOC);
 
 ?>
 

admin/fix_judges_autocomplete.php

@@ -5,18 +5,22 @@ require_once("../user.inc.php");
 
 user_auth_required('committee', 'admin');
 
-$q = mysql_query("SELECT * FROM judges WHERE passwordexpiry IS NULL");
+$q = $pdo->prepare("SELECT * FROM judges WHERE passwordexpiry IS NULL");
-while($i = mysql_fetch_object($q)) {
+$q->execute();
+while($i = $q->fetch(PDO::FETCH_OBJ)) {
 	echo "Autocompleting Judge {$i->email}<br />";
 	$id = $i->id;
 
 	$p = generatePassword(12);
-	mysql_query("UPDATE judges SET password='$p',complete='yes'");
+	$stmt = $pdo->prepare("UPDATE judges SET password='$p',complete='yes'");
-	echo mysql_error();
+	$stmt->execute();
-	mysql_query("DELETE FROM judges_years WHERE judges_id='$id'");
+	echo $pdo->errorInfo();
-	echo mysql_error();
+	$stmt = $pdo->prepare("DELETE FROM judges_years WHERE judges_id='$id'");
-	mysql_query("INSERT INTO judges_years (`judges_id`,`year`) VALUES ('$id','{$config['FAIRYEAR']}')");
+	$stmt->execute();
-	echo mysql_error();
+	echo $pdo->errorInfo();
+	$stmt = $pdo->prepare("INSERT INTO judges_years (`judges_id`,`year`) VALUES ('$id','{$config['FAIRYEAR']}')");
+	$stmt->execute();
+	echo $pdo->errorInfo();
 }
 
 ?>

admin/fundraising.php

@@ -31,8 +31,8 @@ if($_GET['action']=="refresh") {
 
 <h3><?=i18n("Fundraising Purposes and Progress Year to Date")?></h3>
 <?
-$q=mysql_query("SELECT * FROM fundraising_goals WHERE fiscalyear='{$config['FISCALYEAR']}' ORDER BY deadline");
+$q=$pdo->prepare("SELECT * FROM fundraising_goals WHERE fiscalyear='{$config['FISCALYEAR']}' ORDER BY deadline");
-
+$q->execute();
 ?>
 <table class="tableview">
  <thead>
@@ -45,11 +45,12 @@ $q=mysql_query("SELECT * FROM fundraising_goals WHERE fiscalyear='{$config['FISC
  </tr>
  </thead>
  <?
- while($r=mysql_fetch_object($q)) {
+ while($r=$q->fetch(PDO::FETCH_OBJ)) {
      //lookup all donations made towards this goal
-     $recq=mysql_query("SELECT SUM(value) AS received FROM fundraising_donations WHERE fundraising_goal='$r->goal' AND fiscalyear='{$config['FISCALYEAR']}' AND status='received'");
+     $recq=$pdo->prepare("SELECT SUM(value) AS received FROM fundraising_donations WHERE fundraising_goal='$r->goal' AND fiscalyear='{$config['FISCALYEAR']}' AND status='received'");
-     echo mysql_error();
+     $recq->execute();
-     $recr=mysql_fetch_object($recq);
+     echo $pdo->errorInfo();
+     $recr=$recq->fetch(PDO::FETCH_OBJ);
      $received=$recr->received;
      if($r->budget)
          $percent=round($received/$r->budget*100,1);
@@ -82,15 +83,18 @@ $q=mysql_query("SELECT * FROM fundraising_goals WHERE fiscalyear='{$config['FISC
  </tr>
  </thead>
 <?
- $q=mysql_query("SELECT * FROM fundraising_campaigns WHERE fiscalyear='{$config['FISCALYEAR']}'");
+ $q=$pdo->prepare("SELECT * FROM fundraising_campaigns WHERE fiscalyear='{$config['FISCALYEAR']}'");
+ $q->execute();
 
- while($r=mysql_fetch_object($q)) {
+ while($r=$q->fetch(PDO::FETCH_OBJ)) {
 
-    $goalq=mysql_query("SELECT * FROM fundraising_goals WHERE goal='{$r->fundraising_goal}' AND fiscalyear='{$config['FISCALYEAR']}'");
+    $goalq=$pdo->prepare("SELECT * FROM fundraising_goals WHERE goal='{$r->fundraising_goal}' AND fiscalyear='{$config['FISCALYEAR']}'");
-    $goalr=mysql_fetch_object($goalq);
+    $goalq->execute();
-    $recq=mysql_query("SELECT SUM(value) AS received FROM fundraising_donations WHERE fundraising_campaigns_id='$r->id' AND fiscalyear='{$config['FISCALYEAR']}' AND status='received'");
+    $goalr=$goalq->fetch(PDO:FETCH_OBJ);
-    echo mysql_error();
+    $recq=$pdo->prepare("SELECT SUM(value) AS received FROM fundraising_donations WHERE fundraising_campaigns_id='$r->id' AND fiscalyear='{$config['FISCALYEAR']}' AND status='received'");
-    $recr=mysql_fetch_object($recq);
+    $recq->execute();
+    echo $pdo->errorInfo();
+    $recr=$recq->fetch(PDO::FETCH_OBJ);
     $received=$recr->received;
     if($r->target)
         $percent=round($received/$r->target*100,1);
@@ -119,7 +123,7 @@ $q=mysql_query("SELECT * FROM fundraising_goals WHERE fiscalyear='{$config['FISC
 <h3><?=i18n("To Do List")?></h3>
 <h4><?=i18n("Thank You's")?></h4>
 <?
-$q=mysql_query("SELECT id,value, thanked, status, sponsors_id, datereceived,
+$q=$pdo->prepare("SELECT id,value, thanked, status, sponsors_id, datereceived,
 	DATE_ADD(datereceived, INTERVAL 1 MONTH) < NOW() AS onemonth,
 	DATE_ADD(datereceived, INTERVAL 2 MONTH) < NOW() AS twomonth
     FROM fundraising_donations
@@ -127,9 +131,10 @@ $q=mysql_query("SELECT id,value, thanked, status, sponsors_id, datereceived,
     AND fiscalyear='{$config['FISCALYEAR']}' 
     ORDER BY datereceived
     ");
-echo mysql_error();
+$q->execute();
+echo $pdo->errorInfo();
 
-if(mysql_num_rows($q)) {
+if($q->rowCount()) {
     echo "<table class=\"tableview\">";
     echo "<thead><tr><th>".i18n("Name")."</th>\n";
     echo "<th>".i18n("Date Received")."</th>\n";
@@ -138,9 +143,10 @@ if(mysql_num_rows($q)) {
     echo "<th>".i18n("Thanked")."</th>\n";
     echo "</tr></thead>\n";
 
-    while($r=mysql_fetch_object($q)) {
+    while($r=$q->fetch(PDO::FETCH_OBJ)) {
-        $dq=mysql_query("SELECT organization AS name FROM sponsors WHERE id='$r->sponsors_id'");
+        $dq=$pdo->prepare("SELECT organization AS name FROM sponsors WHERE id='$r->sponsors_id'");
-        $dr=mysql_fetch_object($dq);
+        $dq->execute();
+        $dr=$dq->fetch(PDO::FETCH_OBJ);
 		if($r->twomonth) $s="style=\"background-color: ".colour_to_percent(0).";\"";
 		else if($r->onemonth) $s="style=\"background-color: ".colour_to_percent(50).";\"";
 		else $s="";
@@ -171,7 +177,7 @@ if(mysql_num_rows($q)) {
 <br />
 <h4><?=i18n("Receipts to Issue")?></h4>
 <?
-$q=mysql_query("SELECT value, receiptrequired, receiptsent, status, sponsors_id, datereceived,
+$q=$pdo->prepare("SELECT value, receiptrequired, receiptsent, status, sponsors_id, datereceived,
 	DATE_ADD(datereceived, INTERVAL 1 MONTH) < NOW() AS onemonth,
 	DATE_ADD(datereceived, INTERVAL 2 MONTH) < NOW() AS twomonth
     FROM fundraising_donations
@@ -179,8 +185,9 @@ $q=mysql_query("SELECT value, receiptrequired, receiptsent, status, sponsors_id,
     AND fiscalyear='{$config['FISCALYEAR']}' 
     ORDER BY datereceived
     ");
-echo mysql_error();
+$q->execute();
-if(mysql_num_rows($q)) {
+echo $pdo->errorInfo();
+if($q->rowCount()) {
     echo "<table class=\"tableview\">";
     echo "<tr><th>".i18n("Name")."</th>\n";
     echo "<th>".i18n("Date Received")."</th>\n";
@@ -188,9 +195,10 @@ if(mysql_num_rows($q)) {
     echo "<th>".i18n("Generate Receipt")."</th>\n";
     echo "</tr>\n";
 
-    while($r=mysql_fetch_object($q)) {
+    while($r=$q->fetch(PDO::FETCH_OBJ)) {
-        $dq=mysql_query("SELECT organization AS name FROM sponsors WHERE id='$r->sponsors_id'");
+        $dq=$pdo->prepare("SELECT organization AS name FROM sponsors WHERE id='$r->sponsors_id'");
-        $dr=mysql_fetch_object($dq);
+        $dq->execute();
+        $dr=$dq->fetch(PDO::FETCH_OBJ);
 		if($r->twomonth) $s="style=\"background-color: ".colour_to_percent(0).";\"";
 		else if($r->onemonth) $s="style=\"background-color: ".colour_to_percent(50).";\"";
 		else $s="";
@@ -213,16 +221,17 @@ if(mysql_num_rows($q)) {
 <br />
 <h4><?=i18n("Appeal Follow-Ups")?></h4>
 <?
-$q=mysql_query("SELECT * FROM fundraising_campaigns WHERE followupdate>=NOW() ORDER BY followupdate LIMIT 5");
+$q=$pdo->prepare("SELECT * FROM fundraising_campaigns WHERE followupdate>=NOW() ORDER BY followupdate LIMIT 5");
-echo mysql_error();
+$q->execute();
-if(mysql_num_rows($q)) {
+echo $pdo->errorInfo();
+if($q->rowCount()) {
     echo "<table class=\"tableview\">";
     echo "<thead><tr>";
     echo " <th>".i18n("Appeal")."</th>\n";
     echo " <th>".i18n("Start Date")."</th>\n";
     echo " <th>".i18n("Follow-Up Date")."</th>\n";
     echo "</tr></thead>\n";
-    while($r=mysql_fetch_object($q)) {
+    while($r=$q->fetch(PDO::FETCH_OBJ)) {
         echo "<tr><td>$r->name</td><td>".format_date($r->startdate)."</td><td>".format_date($r->followupdate)."</td></tr>\n";
     }
     echo "</table>\n";
@@ -235,16 +244,17 @@ if(mysql_num_rows($q)) {
 <br />
 <h4>Upcoming Proposals</h4>
 <?
-$q=mysql_query("SELECT * FROM sponsors WHERE fundingselectiondate>=NOW() OR proposalsubmissiondate>=NOW() ORDER BY fundingselectiondate LIMIT 5");
+$q=$pdo->prepare("SELECT * FROM sponsors WHERE fundingselectiondate>=NOW() OR proposalsubmissiondate>=NOW() ORDER BY fundingselectiondate LIMIT 5");
-echo mysql_error();
+$q->execute();
-if(mysql_num_rows($q)) {
+echo $pdo->errorInfo();
+if($q->rowCount()) {
     echo "<table class=\"tableview\">";
     echo "<tr>";
     echo " <th>".i18n("Name")."</th>\n";
     echo " <th>".i18n("Proposal Submission Date")."</th>\n";
     echo " <th>".i18n("Funding Selection Date")."</th>\n";
     echo "</tr>\n";
-    while($r=mysql_fetch_object($q)) {
+    while($r=$q->fetch(PDO::FETCH_OBJ)) {
         echo "<tr><td>$r->organization</td>";
         echo "<td>".format_date($r->proposalsubmissiondate)."</td>";
         echo "<td>".format_date($r->fundingselectiondate)."</td>";
@@ -259,7 +269,8 @@ if(mysql_num_rows($q)) {
 }
 else if (count($_POST['thanked'])) {
 	foreach($_POST['thanked'] AS $t) {
-		mysql_query("UPDATE fundraising_donations SET thanked='yes' WHERE id='$t'");
+		$stmt = $pdo->prepare("UPDATE fundraising_donations SET thanked='yes' WHERE id='$t'");
+    $stmt->execute();
 	}
 }
  

admin/fundraising_campaigns.php

@@ -34,8 +34,9 @@ switch($_GET['action']){
 
    case "modify":
     echo "<div id=\"campaignaccordion\" style=\"width: 780px;\">\n";
-    $q=mysql_query("SELECT * FROM fundraising_campaigns WHERE fiscalyear='{$config['FISCALYEAR']}' ORDER BY name");
+    $q=$pdo->prepare("SELECT * FROM fundraising_campaigns WHERE fiscalyear='{$config['FISCALYEAR']}' ORDER BY name");
-    while($r=mysql_fetch_object($q)) {
+   $q->execute();
+    while($r=$q->fetch(PDO::FETCH_OBJ)) {
         echo "<h3><a href=\"#\">".htmlspecialchars($r->name)."</a></h3>\n";
         echo "<div id=\"campaign_{$r->id}\">\n";
         echo "<form id=\"campaigninfo_{$r->id}\" method=\"post\" action=\"{$_SERVER['PHP_SELF']}\" onsubmit=\"return campaigninfo_save($r->id)\">\n";
@@ -91,15 +92,17 @@ switch($_GET['action']){
  </tr>
  </thead>
 <?
- $q=mysql_query("SELECT * FROM fundraising_campaigns WHERE fiscalyear='{$config['FISCALYEAR']}'");
+ $q=$pdo->prepare("SELECT * FROM fundraising_campaigns WHERE fiscalyear='{$config['FISCALYEAR']}'");
+$q->execute();
+ while($r=$q->fetch(PDO::FETCH_OBJ)) {
 
- while($r=mysql_fetch_object($q)) {
+    $goalq=$pdo->prepare("SELECT * FROM fundraising_goals WHERE goal='{$r->fundraising_goal}' AND fiscalyear='{$config['FISCALYEAR']}'");
-
+    $goalq->execute();
-    $goalq=mysql_query("SELECT * FROM fundraising_goals WHERE goal='{$r->fundraising_goal}' AND fiscalyear='{$config['FISCALYEAR']}'");
+    $goalr=$goalq->fetch(PDO::FETCH_OBJ);
-    $goalr=mysql_fetch_object($goalq);
+    $recq=$pdo->prepare("SELECT SUM(value) AS received FROM fundraising_donations WHERE fundraising_campaigns_id='$r->id' AND fiscalyear='{$config['FISCALYEAR']}' AND status='received'");
-    $recq=mysql_query("SELECT SUM(value) AS received FROM fundraising_donations WHERE fundraising_campaigns_id='$r->id' AND fiscalyear='{$config['FISCALYEAR']}' AND status='received'");
+    $recq->execute();
-    echo mysql_error();
+    echo $pdo->errorInfo();
-    $recr=mysql_fetch_object($recq);
+    $recr=$recq->fetch(PDO::FETCH_OBJ);
     $received=$recr->received;
     if($r->target)
         $percent=round($received/$r->target*100,1);
@@ -133,8 +136,9 @@ switch($_GET['action']){
         exit;
     }
     $id=intval($_GET['id']);
-    $q=mysql_query("SELECT * FROM fundraising_campaigns WHERE id='$id'");
+    $q=$pdo->prepare("SELECT * FROM fundraising_campaigns WHERE id='$id'");
-    $campaign=mysql_fetch_object($q);
+    $q->execute();
+    $campaign=$q->fetch(PDO::FETCH_OBJ);
     echo "<h3>$campaign->name</h3>\n";
     ?>
     <div id="campaign_tabs">
@@ -164,14 +168,15 @@ switch($_GET['action']){
 
    case "manage_tab_overview":
          $campaign_id=intval($_GET['id']);
-         $q=mysql_query("SELECT * FROM fundraising_campaigns WHERE id='$campaign_id' AND fiscalyear='{$config['FISCALYEAR']}'");
+         $q=$pdo->prepare("SELECT * FROM fundraising_campaigns WHERE id='$campaign_id' AND fiscalyear='{$config['FISCALYEAR']}'");
-
+        $q->execute();
-         if($r=mysql_fetch_object($q)) {
+         if($r=$q->fetch(PDO::FETCH_OBJ)) {
 
 			$goalr=getGoal($r->fundraising_goal);
-            $recq=mysql_query("SELECT SUM(value) AS received FROM fundraising_donations WHERE fundraising_campaigns_id='$r->id' AND fiscalyear='{$config['FISCALYEAR']}' AND status='received'");
+            $recq=$pdo->prepare("SELECT SUM(value) AS received FROM fundraising_donations WHERE fundraising_campaigns_id='$r->id' AND fiscalyear='{$config['FISCALYEAR']}' AND status='received'");
-            echo mysql_error();
+            $recq->execute();
-            $recr=mysql_fetch_object($recq);
+            echo $pdo->errorInfo();
+            $recr=recq->fetch(PDO::FETCH_OBJ);
             $received=$recr->received;
             if($r->target)
                 $percent=round($received/$r->target*100,1);
@@ -202,8 +207,9 @@ switch($_GET['action']){
 
    case "manage_tab_donations":
          $campaign_id=intval($_GET['id']);
-         $q=mysql_query("SELECT * FROM fundraising_campaigns WHERE id='$campaign_id' AND fiscalyear='{$config['FISCALYEAR']}'");
+         $q=$pdo->prepare("SELECT * FROM fundraising_campaigns WHERE id='$campaign_id' AND fiscalyear='{$config['FISCALYEAR']}'");
-         if($campaign=mysql_fetch_object($q)) {
+        $q->execute();
+         if($campaign=$q->fetch(PDO::FETCH_OBJ)) {
 			echo "<table class=\"tableview\">";
 			echo "<thead>";
 			echo "<tr>";
@@ -215,12 +221,13 @@ switch($_GET['action']){
 			echo "</tr>";
 			echo "</thead>\n";
 
-			$q=mysql_query("SELECT * FROM fundraising_donations WHERE fundraising_campaigns_id='$campaign_id'
+			$q=$pdo->prepare("SELECT * FROM fundraising_donations WHERE fundraising_campaigns_id='$campaign_id'
 			AND status='received' ORDER BY datereceived DESC");
-			while($r=mysql_fetch_object($q)) {
+			while($r=$q->fetch(PDO::FETCH_OBJ)) {
 				$goal=getGoal($r->fundraising_goal);
-				$sq=mysql_query("SELECT * FROM sponsors WHERE id='{$r->sponsors_id}'");
+				$sq=$pdo->prepare("SELECT * FROM sponsors WHERE id='{$r->sponsors_id}'");
-				$sponsor=mysql_fetch_object($sq);
+                $sq->execute();
+				$sponsor=$sq->fetch(PDO::FETCH_OBJ);
 				echo "<tr><td>".format_date($r->datereceived)."</td>\n";
 				echo "    <td>".$sponsor->organization."</td>\n";
 				echo "    <td>".$goal->name."</td>\n";
@@ -250,8 +257,9 @@ switch($_GET['action']){
 				"mentor"=>"Mentor (not implemented)",
 				);
          $campaign_id=intval($_GET['id']);
-         $q=mysql_query("SELECT * FROM fundraising_campaigns WHERE id='$campaign_id' AND fiscalyear='{$config['FISCALYEAR']}'");
+         $q=$pdo->prepare("SELECT * FROM fundraising_campaigns WHERE id='$campaign_id' AND fiscalyear='{$config['FISCALYEAR']}'");
-		 $campaign=mysql_fetch_object($q);
+		 $q->execute();
+         $campaign=$q->fetch(PDO::FETCH_OBJ);
 		 if($campaign->filterparameters) {
 			echo "<h4>".i18n("User List")."</h4>\n";
 			$params=unserialize($campaign->filterparameters);
@@ -298,8 +306,9 @@ switch($_GET['action']){
 			echo "<br />";
 			echo "<form id=\"prospectremoveform\" onsubmit=\"return removeselectedprospects()\">\n";
 			echo "<input type=\"hidden\" name=\"fundraising_campaigns_id\" value=\"$campaign_id\" />\n";
-			 $q=mysql_query("SELECT * FROM fundraising_campaigns_users_link WHERE fundraising_campaigns_id='$campaign_id'");
+			 $q=$pdo->prepare("SELECT * FROM fundraising_campaigns_users_link WHERE fundraising_campaigns_id='$campaign_id'");
-			 while($r=mysql_fetch_object($q)) {
+			 $q->execute();
+             while($r=$q->fetch(PDO::FETCH_OBJ)) {
 				 $u=user_load_by_uid($r->users_uid);
 				 //hopefully this never returns false, but who knows..
 				 if($u) {
@@ -349,8 +358,9 @@ switch($_GET['action']){
         </td></tr>
         <tr><td><?=i18n("Donation Level")?>:</td><td>
             <?
-            $q=mysql_query("SELECT * FROM fundraising_donor_levels WHERE fiscalyear='{$config['FISCALYEAR']}' ORDER BY min");
+            $q=$pdo->prepare("SELECT * FROM fundraising_donor_levels WHERE fiscalyear='{$config['FISCALYEAR']}' ORDER BY min");
-            while($r=mysql_fetch_object($q)) {
+           $q->execute();
+            while($r=$q->fetch(PDO::FETCH_OBJ)) {
                 echo "<label><input onchange=\"return prospect_search()\" disabled=\"disabled\" type=\"checkbox\" name=\"donationlevel[]\" value=\"$r->level\" >".i18n($r->level)." (".format_money($r->min,false)." - ".format_money($r->max,false).")</label><br />\n";
             }
 			echo "(disabled until the logic requirements can be established)";
@@ -398,9 +408,9 @@ switch($_GET['action']){
 
    case "manage_tab_communications":
          $campaign_id=intval($_GET['id']);
-         $q=mysql_query("SELECT * FROM fundraising_campaigns WHERE id='$campaign_id' AND fiscalyear='{$config['FISCALYEAR']}'");
+         $q=$pdo->prepare("SELECT * FROM fundraising_campaigns WHERE id='$campaign_id' AND fiscalyear='{$config['FISCALYEAR']}'");
-
+            $q->execute();
-         if($r=mysql_fetch_object($q)) {
+         if($r=$q->fetch(PDO::FETCH_OBJ)) {
 
          }
 		 $communications=array("initial"=>"Initial Communication",
@@ -409,8 +419,9 @@ switch($_GET['action']){
 		 foreach($communications as $key=>$name) {
 					echo "<h4>".i18n($name)."</h4>\n";
 			//check if they have one in the emails database
-			$q=mysql_query("SELECT * FROM emails WHERE fundraising_campaigns_id='$campaign_id' AND val='$key'");
+			$q=$pdo->prepare("SELECT * FROM emails WHERE fundraising_campaigns_id='$campaign_id' AND val='$key'");
-			if($email=mysql_fetch_object($q)) {
+			$q->execute();
+            if($email=$q->fetch(PDO::FETCH_OBJ)) {
 				echo "<div style=\"float: right; margin-right: 15px;\">";
 				echo "<a title=\"Edit\" href=\"#\" onclick=\"return opencommunicationeditor(null,$email->id,$campaign_id)\"><img src=\"".$config['SFIABDIRECTORY']."/images/16/edit.".$config['icon_extension']."\" border=0></a>";
 				echo "&nbsp;&nbsp;";
@@ -459,15 +470,18 @@ switch($_GET['action']){
 		if(is_array($_POST['prospectremovefromlist'])) {
 			$uidlist=implode(",",$_POST['prospectremovefromlist']);
 			$query="DELETE FROM fundraising_campaigns_users_link WHERE fundraising_campaigns_id='$campaignid' AND users_uid IN ($uidlist)";
-			mysql_query($query);
+			$stmt = $pdo->prepare($query);
-			echo mysql_error();
+            $stmt->execute();
+			echo $pdo->errorInfo();
 		}
 		//if theres nobody left in the list we need to reset the filter params as well
-		$q=mysql_query("SELECT COUNT(*) AS num FROM fundraising_campaigns_users_link WHERE fundraising_campaigns_id='$campaignid'");
+		$q=$pdo->prepare("SELECT COUNT(*) AS num FROM fundraising_campaigns_users_link WHERE fundraising_campaigns_id='$campaignid'");
-		$r=mysql_fetch_object($q);
+		$q->execute();
+        $r=$q->fetch(PDO::FETCH_OBJ);
 		if($r->num==0) {
-			mysql_query("UPDATE fundraising_campaigns SET filterparameters=NULL WHERE id='$campaignid'");
+			$stmt = $pdo->prepare("UPDATE fundraising_campaigns SET filterparameters=NULL WHERE id='$campaignid'");
-		}
+            $stmt->execute();
+        }
 
 		happy_("Selected users removed from list");
 	exit;
@@ -475,22 +489,26 @@ switch($_GET['action']){
 
 	case "prospect_removeall":
 		$campaignid=intval($_POST['fundraising_campaigns_id']);
-		mysql_query("DELETE FROM fundraising_campaigns_users_link WHERE fundraising_campaigns_id='$campaignid'");
+		$stmt = $pdo->prepare("DELETE FROM fundraising_campaigns_users_link WHERE fundraising_campaigns_id='$campaignid'");
-		mysql_query("UPDATE fundraising_campaigns SET filterparameters=NULL WHERE id='$campaignid'");
+		$stmt->execute();
-		happy_("All users removed from list");
+        $stmt = $pdo->prepare("UPDATE fundraising_campaigns SET filterparameters=NULL WHERE id='$campaignid'");
+		$stmt->execute();
+        happy_("All users removed from list");
 	exit;
 	break;
 
 	case "communication_remove":
 		$emails_id=$_POST['id'];
 		//check if its been sent, if so, it cannot be deleted, sorry!
-		$q=mysql_query("SELECT * FROM emails WHERE id='$emails_id'");
+		$q=$pdo->prepare("SELECT * FROM emails WHERE id='$emails_id'");
-		$e=mysql_fetch_object($q);
+        $q->execute();
+		$e=$q->fetch(PDO::FETCH_OBJ);
 		if($e->lastsent) {
 			error_("Cannot remove an email that has already been sent");
 		}
 		else {
-			mysql_query("DELETE FROM emails WHERE id='$emails_id'");
+			$stmt = $pdo->prepare("DELETE FROM emails WHERE id='$emails_id'");
+            $stmt->execute();
 			happy_("Communicaton removed");
 		}
 
@@ -509,22 +527,23 @@ function save_campaign_info(){
 
 	if(!$_GET['id']) {
 		$query = "INSERT INTO fundraising_campaigns (name,fiscalyear) VALUES (
-            '".mysql_real_escape_string(stripslashes($_POST['name']))."','{$config['FISCALYEAR']}')";
+            '".stripslashes($_POST['name'])."','{$config['FISCALYEAR']}')";
-        mysql_query($query);
+        $stmt = $pdo->prepare($query);
-		$id = mysql_insert_id();
+        $stmt->execute();
+		$id = $pdo->lastInsertId();
         happy_("Appeal Created");
 	}else{
 		$id = $_GET["id"];
         happy_("Appeal Saved");
     }
-    mysql_query("UPDATE fundraising_campaigns SET 
+    $stmt = $pdo->prepare("UPDATE fundraising_campaigns SET 
-       name='".mysql_real_escape_string(stripslashes($_POST['name']))."',
+       name='".stripslashes($_POST['name'])."',
-       `type`='".mysql_real_escape_string($_POST['type'])."',
+       `type`='".$_POST['type']."',
-       startdate='".mysql_real_escape_string($startdate)."',
+       startdate='".$startdate."',
-       followupdate='".mysql_real_escape_string($_POST['followupdate'])."',
+       followupdate='".$_POST['followupdate']."',
-       enddate='".mysql_real_escape_string($_POST['enddate'])."',
+       enddate='".$_POST['enddate']."',
-       target='".mysql_real_escape_string($_POST['target'])."',
+       target='".$_POST['target']."',
-       fundraising_goal='".mysql_real_escape_string($_POST['fundraising_goal'])."'
+       fundraising_goal='".$_POST['fundraising_goal']."'
        WHERE id='$id'");
 }
 
@@ -765,10 +784,11 @@ function display_campaign_form($r=null) {
 			<td><?=i18n("Target")?></td><td>$<input type="text" id="target" name="target" size="10" value="<?=$r->target?>" /></td>
 			<td><?=i18n("Default Purpose")?></td><td colspan="3">
             <?
-            $fgq=mysql_query("SELECT * FROM fundraising_goals WHERE fiscalyear='{$config['FISCALYEAR']}' ORDER BY name");
+            $fgq=$pdo->prepare("SELECT * FROM fundraising_goals WHERE fiscalyear='{$config['FISCALYEAR']}' ORDER BY name");
+            $fgq->execute();
             echo "<select name=\"fundraising_goal\">";
             echo "<option value=\"\">".i18n("Choose Default Purpose")."</option>\n";
-            while($fgr=mysql_fetch_object($fgq)) {
+            while($fgr=$fgq->fetch(PDO::FETCH_OBJ)) {
                 if($r->fundraising_goal==$fgr->goal) $sel="selected=\"selected\""; else $sel="";
                 echo "<option $sel value=\"$fgr->goal\">".i18n($fgr->name)."</option>\n";
             }

admin/fundraising_campaigns_prospecting.php

@@ -30,8 +30,10 @@
     $otherlist=array();
 
 if($_POST['donortype']=="organization") {
-    $q=mysql_query("SELECT id, organization AS name, address, address2, city, province_code, postalcode FROM sponsors ORDER BY name");
+    $q=$pdo->prepare("SELECT id, organization AS name, address, address2, city, province_code, postalcode FROM sponsors ORDER BY name");
-    echo mysql_error();
+   
+	$q->execute();
+	echo $pdo->errorInfo();
 
     if(!$_POST['contacttype'])
         $contacttype=array("primary","secondary");
@@ -39,7 +41,7 @@ if($_POST['donortype']=="organization") {
         $contacttype=$_POST['contacttype'];
 
     $primary="";
-    while($r=mysql_fetch_object($q)) {
+    while($r=$q->fetch(PDO::FETCH_OBJ)) {
         foreach($contacttype AS $ct) {
             switch($ct) {
                 case "primary":
@@ -49,7 +51,7 @@ if($_POST['donortype']=="organization") {
                     $primary="no";
                     break;
             }
-			$cq = mysql_query("SELECT *,MAX(year) FROM users LEFT JOIN users_sponsor ON users_sponsor.users_id=users.id
+			$cq = $pdo->prepare("SELECT *,MAX(year) FROM users LEFT JOIN users_sponsor ON users_sponsor.users_id=users.id
 			WHERE 
 			sponsors_id='" . $r->id . "' 
 			AND `primary`='$primary' 
@@ -58,9 +60,10 @@ if($_POST['donortype']=="organization") {
 			HAVING deleted='no' 
 			ORDER BY users_sponsor.primary DESC,lastname,firstname
 			");
+			$cq->execute();
 
-            echo mysql_error();
+            echo $pdo->errorInfo();
-            while($cr=mysql_fetch_object($cq)) {
+            while($cr=m$cq->fetch(PDO::FETCH_OBJ)) {
                 if(!$userslist[$cr->uid])
                     $userslist[$cr->uid]=user_load($cr->users_id);
             }
@@ -76,9 +79,10 @@ else if($_POST['donortype']=="individual") {
 
     foreach($individual_type AS $t) {
 		$query="SELECT *,MAX(year) FROM users WHERE types LIKE '%$t%' GROUP BY uid HAVING deleted='no' ORDER BY lastname,firstname";
-		$q=mysql_query($query);
+		$q=$pdo->prepare($query);
-		echo mysql_error();
+		$q->execute();
-		while($r=mysql_fetch_object($q)) {
+		echo $pdo->errorInfo();
+		while($r=$q->fetch(PDO::FETCH_OBJ)) {
 			if(!$userslist[$r->uid])
 				$userslist[$r->uid]=user_load_by_uid($r->uid);
         }
@@ -140,8 +144,9 @@ $thisyearlist=$userslist;
 
 	foreach($neverlist AS $uid=>$u) {
 		if($u['sponsors_id']) {
-			$q=mysql_query("SELECT * FROM fundraising_donations WHERE status='received' AND sponsors_id='{$u['sponsors_id']}'");
+			$q=$pdo->prepare("SELECT * FROM fundraising_donations WHERE status='received' AND sponsors_id='{$u['sponsors_id']}'");
-			if(mysql_num_rows($q)) {
+			$q->execute();
+			if($q->rowCount()) {
 		//		echo "removing $uid because they have donated in the past <br />";
 				unset($neverlist[$uid]);
 			}
@@ -154,8 +159,9 @@ $thisyearlist=$userslist;
 	
 	foreach($pastlist AS $uid=>$u) {
 		if($u['sponsors_id']) {
-			$q=mysql_query("SELECT * FROM fundraising_donations WHERE status='received' AND sponsors_id='{$u['sponsors_id']}'");
+			$q=$pdo->prepare("SELECT * FROM fundraising_donations WHERE status='received' AND sponsors_id='{$u['sponsors_id']}'");
-			if(!mysql_num_rows($q)) {
+			$q->execute();
+			if(!$q->rowCount()) {
 		//		echo "removing $uid because they have NOT donated in the past <br />";
 				unset($pastlist[$uid]);
 			}
@@ -171,8 +177,9 @@ $thisyearlist=$userslist;
 
 	foreach($lastyearlist AS $uid=>$u) {
 		if($u['sponsors_id']) {
-			$q=mysql_query("SELECT * FROM fundraising_donations WHERE status='received' AND sponsors_id='{$u['sponsors_id']}' AND fiscalyear='$lastyear'");
+			$q=$pdo->prepare("SELECT * FROM fundraising_donations WHERE status='received' AND sponsors_id='{$u['sponsors_id']}' AND fiscalyear='$lastyear'");
-			if(!mysql_num_rows($q)) {
+			$q->execute();
+			if(!$q->rowCount()) {
 		//		echo "removing $uid because they have NOT donated last year <br />";
 				unset($lastyearlist[$uid]);
 			}
@@ -186,8 +193,9 @@ $thisyearlist=$userslist;
 
 	foreach($thisyearlist AS $uid=>$u) {
 		if($u['sponsors_id']) {
-			$q=mysql_query("SELECT * FROM fundraising_donations WHERE status='received' AND sponsors_id='{$u['sponsors_id']}' AND fiscalyear='{$config['FISCALYEAR']}'");
+			$q=$pdo->prepare("SELECT * FROM fundraising_donations WHERE status='received' AND sponsors_id='{$u['sponsors_id']}' AND fiscalyear='{$config['FISCALYEAR']}'");
-			if(!mysql_num_rows($q)) {
+			$q->execcute();
+			if(!$q->rowCount()) {
 		//		echo "removing $uid because they have NOT donated this year <br />";
 				unset($thisyearlist[$uid]);
 			}
@@ -218,11 +226,13 @@ if($_GET['generatelist']) {
 	$campaignid=$_POST['fundraising_campaigns_id'];
 	$params=serialize($_POST);
 	echo "params=$params";
-	mysql_query("UPDATE fundraising_campaigns SET filterparameters='{$params}' WHERE id='$campaignid'");
+	$stmt = $pdo->prepare("UPDATE fundraising_campaigns SET filterparameters='{$params}' WHERE id='$campaignid'");
+	$stmt->execute();
 	$uids=array_keys($userslist);
 	foreach($uids AS $u) {
-		mysql_query("INSERT INTO fundraising_campaigns_users_link (fundraising_campaigns_id, users_uid) VALUES ('$campaignid','$u')");
+		$stmt = $pdo->prepare("INSERT INTO fundraising_campaigns_users_link (fundraising_campaigns_id, users_uid) VALUES ('$campaignid','$u')");
-	}
+	$stmt->execute();}
+
 	echo "List created";
 }
 else {

admin/fundraising_common.inc.php

@@ -4,8 +4,9 @@ $salutations=array("Mr.","Mrs.","Ms","Dr.","Professor");
 
 function getGoal($goal) {
 	global $config;
-	$q=mysql_query("SELECT * FROM fundraising_goals WHERE goal='$goal' AND fiscalyear='{$config['FISCALYEAR']}' LIMIT 1");
+	$q=$pdo->prepare("SELECT * FROM fundraising_goals WHERE goal='$goal' AND fiscalyear='{$config['FISCALYEAR']}' LIMIT 1");
-	return mysql_fetch_object($q);
+	$q->execute();
-}
+	return $q->rowCount();
+
 
 ?>

admin/fundraising_goals_handler.inc.php

@@ -2,14 +2,17 @@
 if($_POST['action']=="funddelete" && $_POST['delete']) {
 	//first lookup all the sponsorships inside the fund
 	$id=intval($_POST['delete']);
-	$q=mysql_query("SELECT * FROM fundraising_goals WHERE id='$id' AND year='".$config['FISCALYEAR']."'");
+	$q=$pdo->prepare("SELECT * FROM fundraising_goals WHERE id='$id' AND year='".$config['FISCALYEAR']."'");
-	$f=mysql_fetch_object($q);
+	$q->execute();
+	$f=$q->fetch(PDO::FETCH_OBJ);
 	//hold yer horses, no deleting system funds!
 	if($f) {
 		if($f->system=="no") {
-			mysql_query("DELETE FROM fundraising_donations WHERE fundraising_goal='".mysql_real_escape_string($f->type)."' AND fiscalyear='".$config['FISCALYEAR']."'");
+			$stmt = $pdo->prepare("DELETE FROM fundraising_donations WHERE fundraising_goal='".$f->type."' AND fiscalyear='".$config['FISCALYEAR']."'");
-			mysql_query("DELETE FROM fundraising_goals WHERE id='$id'");
+			$stmt->execute();
-			if(mysql_affected_rows())
+			$stmt = $pdo->prepare("DELETE FROM fundraising_goals WHERE id='$id'");
+			$stmt->execute();
+			if($pdo->rowCount())
 				happy_("Successfully removed fund %1",array($f->name));
 		}
 		else {
@@ -21,26 +24,31 @@ if($_POST['action']=="funddelete" && $_POST['delete']) {
 if($_POST['action']=="fundedit" || $_POST['action']=="fundadd") {
 	$fundraising_id=intval($_POST['fundraising_id']);
 	if($fundraising_id) {
-		$q=mysql_query("SELECT * FROM fundraising_goals WHERE id='$fundraising_id'");
+		$q=$pdo->prepare("SELECT * FROM fundraising_goals WHERE id='$fundraising_id'");
-		$f=mysql_fetch_object($q);
+		$q->execute();
+		$f=$q->fetch(PDO::FETCH_OBJ);
 		$system=$f->system;
 	}
-	$name=mysql_real_escape_string($_POST['name']);
+	$name=$_POST['name'];
-	$goal=mysql_real_escape_string($_POST['goal']);
+	$goal=$_POST['goal'];
-	$description=mysql_real_escape_string($_POST['description']);
+	$description=$_POST['description'];
 	$budget=intval($_POST['budget']);
 }
 
 if($_POST['action']=="fundedit") {
 	if( ($system=="yes" && $budget) || ($system=="no" && $budget && $goal && $name) ) {
 		if($system=="yes") {
-			mysql_query("UPDATE fundraising SET budget='$budget', description='$description' WHERE id='$fundraising_id'");
+			$stmt = $pdo->prepare("UPDATE fundraising SET budget='$budget', description='$description' WHERE id='$fundraising_id'");
+		$stmt->execute();
 		}
+
 		else {
-			mysql_query("UPDATE fundraising SET budget='$budget', description='$description', goal='$goal', name='$name' WHERE id='$fundraising_id'");
+			$stmt = $pdo->prepare("UPDATE fundraising SET budget='$budget', description='$description', goal='$goal', name='$name' WHERE id='$fundraising_id'");
+		$stmt->execute();
 		}
-		if(mysql_error())
+
-			error_("MySQL Error: %1",array(mysql_error()));
+		if($pdo->errorInfo())
+			error_("MySQL Error: %1",array($pdo->errorInfo()));
 		else
 			happy_("Saved fund changes");
 	}
@@ -52,13 +60,14 @@ if($_POST['action']=="fundedit") {
 }
 if($_POST['action']=="fundadd") {
 	if( $goal && $type && $name) {
-		mysql_query("INSERT INTO fundraising_goals (goal,name,description,system,budget,fiscalyear) VALUES ('$goal','$name','$description','no','$budget','{$config['FISCALYEAR']}')");
+		$stmt = $pdo->prepare("INSERT INTO fundraising_goals (goal,name,description,system,budget,fiscalyear) VALUES ('$goal','$name','$description','no','$budget','{$config['FISCALYEAR']}')");
+		$stmt->execute();
 		happy_("Added new fund");
 	}
 	else
 		error_("Required fields were missing, please try again");
-	if(mysql_error())
+	if($pdo->errorInfo())
-		error_("MySQL Error: %1",array(mysql_error()));
+		error_("MySQL Error: %1",array($pdo->errorInfo()));
     exit;
 }
 

admin/fundraising_main.inc.php

@@ -2,10 +2,11 @@
 if($_GET['action']=="fundraisingmain") {
 
 //this table is eventually going to be massive, and probably not in a tableview format, it'll show goals as well as all ongoing fund pledges, probabilities, etc as well as over/under, etc, all prettily colour coded.. basically a good overview of the total fundraising status of the fair.
- $q=mysql_query("SELECT * FROM fundraising_goals WHERE fiscalyear='{$config['FISCALYEAR']}' ORDER BY system DESC,goal");
+ $q=$pdo->prepare("SELECT * FROM fundraising_goals WHERE fiscalyear='{$config['FISCALYEAR']}' ORDER BY system DESC,goal");
+ $q->execute();
  echo "<table class=\"fundraisingtable\">";
 
- while($r=mysql_fetch_object($q)) {
+ while($r=$q->fetch(PDO::FETCH_OBJ)) {
 	 echo "<tr>";
 	 echo "<th><a title=\"".i18n("Edit fund details")."\" onclick=\"return popup_fund_editor('fundraising_types.php?id=$r->id')\" href=\"#\"><img border=\"0\" src=\"".$config['SFIABDIRECTORY']."/images/16/edit.".$config['icon_extension']."\"></a>";
 	 if($r->system=="no") {
@@ -24,7 +25,7 @@ if($_GET['action']=="fundraisingmain") {
 
 	$typetotal=0;
 	$typeprobtotal=0;
-	$sq=mysql_query("
+	$sq=$pdo->prepare("
             SELECT fundraising_donations.id, sponsors.organization AS name, fundraising_donations.value, fundraising_donations.status, fundraising_donations.probability
 		 FROM fundraising_donations
 		 JOIN sponsors ON fundraising_donations.sponsors_id=sponsors.id
@@ -41,8 +42,9 @@ if($_GET['action']=="fundraisingmain") {
 
 		  ORDER BY status DESC, probability DESC, name
             ");
-    echo mysql_error();
+	 $sq->execute();
-	while($sr=mysql_fetch_object($sq)) {
+    echo $pdo->errorInfo();
+	while($sr=$sq->fetch(PDO::FETCH_OBJ)) {
 		echo "<tr id=\"sponsorships_$sr->id\" class=\"fundraising{$sr->status}\">";
 		echo "<td>";
         echo "<img style=\"cursor:pointer;\" onclick=\"delete_sponsorship($sr->id)\" border=\"0\" src=\"".$config['SFIABDIRECTORY']."/images/16/button_cancel.".$config['icon_extension']."\">";

admin/fundraising_reports.php

@@ -52,8 +52,9 @@ $(document).ready( function(){
   <select name="fundraising_campaigns_id">
    <option value="">All appeals</option>
    <?
-   $q=mysql_query("SELECT * FROM fundraising_campaigns WHERE fiscalyear='{$config['FISCALYEAR']}' ORDER BY name");
+   $q=$pdo->prepare("SELECT * FROM fundraising_campaigns WHERE fiscalyear='{$config['FISCALYEAR']}' ORDER BY name");
-   while($r=mysql_fetch_object($q)) {
+   $q->execute();
+   while($r=$q->fetch(PDO::FETCH_OBJ)) {
 	   echo "<option value=\"$r->id\">$r->name</option>\n";
    }
    ?>
@@ -82,8 +83,9 @@ $(document).ready( function(){
   <select name="goal">
    <option value="">All purposes</option>
    <?
-   $q=mysql_query("SELECT * FROM fundraising_goals WHERE fiscalyear='{$config['FISCALYEAR']}' ORDER BY name");
+   $q=$pdo->prepare("SELECT * FROM fundraising_goals WHERE fiscalyear='{$config['FISCALYEAR']}' ORDER BY name");
-   while($r=mysql_fetch_object($q)) {
+   $q->execute();
+   while($r=$q->fetch(PDO::FETCH_OBJ)) {
 	   echo "<option value=\"$r->goal\">$r->name</option>\n";
    }
    ?>

admin/fundraising_reports_std.php

@@ -51,9 +51,10 @@
 				 $sql.=" AND id='".intval($_GET['fundraising_campaigns_id'])."'";
 			 }
 			 $sql.=" ORDER BY name";
-			 $q=mysql_query($sql);
+			 $q=$pdo->prepare($sql);
-			 echo mysql_error();
+			 $q->execute();
-			 while($r=mysql_fetch_object($q)) {
+			 echo $pdo->errorInfo();
+			 while($r=$q->fetch(PDO::FETCH_OBJ)) {
 				 $rep->heading($r->name);
 				 $table=array();
 				 $table['header']=array("Name","Contact","Phone","Address","$ appeal","$ this year","$ last year","%chg");
@@ -63,8 +64,9 @@
 				$thisyear=$config['FISCALYEAR'];
 				$lastyear=$config['FISCALYEAR']-1;
 
-				 $pq=mysql_query("SELECT * FROM fundraising_campaigns_users_link WHERE fundraising_campaigns_id='$r->id'");
+				 $pq=$pdo->prepare("SELECT * FROM fundraising_campaigns_users_link WHERE fundraising_campaigns_id='$r->id'");
-				 while($pr=mysql_fetch_object($pq)) {
+				 $pq->execute();
+				 while($pr=$pq->fetch(PDO::FETCH_OBJ)) {
 					 $u=user_load_by_uid($pr->users_uid);
 					 //hopefully this never returns false, but who knows..
 					 if($u) {
@@ -75,14 +77,17 @@
 						//gah i dont know what the heck to do here
 
 						if($u['sponsors_id']) {
-							$cq=mysql_query("SELECT SUM(value) AS total FROM fundraising_donations WHERE sponsors_id='{$u['sponsors_id']}' AND fundraising_campaigns_id='$r->id' AND status='received' AND fiscalyear='$thisyear'");
+							$cq=$pdo->prepare("SELECT SUM(value) AS total FROM fundraising_donations WHERE sponsors_id='{$u['sponsors_id']}' AND fundraising_campaigns_id='$r->id' AND status='received' AND fiscalyear='$thisyear'");
-							$cr=mysql_fetch_object($cq);
+							$cq->execute();
+							$cr=$cq->fetch(PDO::FETCH_OBJ);
 							$thisappeal=$cr->total;
-							$cq=mysql_query("SELECT SUM(value) AS total FROM fundraising_donations WHERE sponsors_id='{$u['sponsors_id']}' AND status='received' AND fiscalyear='$thisyear'");
+							$cq=$pdo->prepare("SELECT SUM(value) AS total FROM fundraising_donations WHERE sponsors_id='{$u['sponsors_id']}' AND status='received' AND fiscalyear='$thisyear'");
-							$cr=mysql_fetch_object($cq);
+							$cq->execute();
+							$cr=$cq->fetch(PDO::FETCH_OBJ);
 							$thisyeartotal=$cr->total;
-							$cq=mysql_query("SELECT SUM(value) AS total FROM fundraising_donations WHERE sponsors_id='{$u['sponsors_id']}' AND status='received' AND fiscalyear='$lastyear'");
+							$cq=$pdo->prepare("SELECT SUM(value) AS total FROM fundraising_donations WHERE sponsors_id='{$u['sponsors_id']}' AND status='received' AND fiscalyear='$lastyear'");
-							$cr=mysql_fetch_object($cq);
+							$cq->execute();
+							$cr=$cq->fetch(PDO::FETCH_OBJ);
 							$lastyeartotal=$cr->total;
 							if($lastyeartotal)
 								$change=round(($thisyeartotal-$lastyeartotal)/$lastyeartotal*100);
@@ -132,13 +137,14 @@
 			 }
 			 $sql="SELECT * FROM fundraising_goals WHERE fiscalyear='{$config['FISCALYEAR']}' ";
 			 if($_GET['goal']) {
-				 $sql.=" AND goal='".mysql_real_escape_string($_GET['goal'])."'";
+				 $sql.=" AND goal='".$_GET['goal']."'";
 			 }
 			 $sql.=" ORDER BY name";
-			 $q=mysql_query($sql);
+			 $q=$pdo->prepare($sql);
-			 echo mysql_error();
+			 $q->execute();
+			 echo $pdo->errorInfo();
 
-			 while($r=mysql_fetch_object($q)) {
+			 while($r=$q->fetch(PDO::FETCH_OBJ)) {
 				 $rep->heading($r->name)." (".$r->budget.")";
 
 				 $table=array();
@@ -146,8 +152,9 @@
 				 $table['widths']=array(1.5,0.5,0.5,0.75,0.9,0.9,0.9,0.5);
 				 $table['dataalign']=array("left","right","right","center","center","center","center","right");
 
-				 $cq=mysql_query("SELECT * FROM fundraising_campaigns WHERE fundraising_goal='$r->goal' AND fiscalyear='{$config['FISCALYEAR']}'");
+				 $cq=$pdo->prepare("SELECT * FROM fundraising_campaigns WHERE fundraising_goal='$r->goal' AND fiscalyear='{$config['FISCALYEAR']}'");
-				 while($cr=mysql_fetch_object($cq)) {
+				 $cq->execute();
+				 while($cr=$cq->fetch(PDO::FETCH_OBJ)) {
 					 $table['data'][]=array(
 						$cr->name,
 						$cr->target,

admin/fundraising_setup.php

@@ -27,40 +27,47 @@
  user_auth_required('committee', 'admin');
 
  //first, insert any default fundraising donor levels
- $q=mysql_query("SELECT * FROM fundraising_donor_levels WHERE fiscalyear='".$config['FISCALYEAR']."'");
+ $q=$pdo->prepare("SELECT * FROM fundraising_donor_levels WHERE fiscalyear='".$config['FISCALYEAR']."'");
- if(!mysql_num_rows($q)) {
+ $q->execute();
-     $q=mysql_query("SELECT * FROM fundraising_donor_levels WHERE fiscalyear='-1'");
+ if(!$q->rowCount()) {
-     while($r=mysql_fetch_object($q)) {
+     $q=$pdo->prepare("SELECT * FROM fundraising_donor_levels WHERE fiscalyear='-1'");
-         mysql_query("INSERT INTO fundraising_donor_levels (`level`,`min`,`max`,`description`,`fiscalyear`) VALUES (
+     $q->execute();
-            '".mysql_real_escape_string($r->level)."',
+     while($r=$q->fetch(PDO::FETCH_OBJ)) {
-            '".mysql_real_escape_string($r->min)."',
+         $pdo->prepare("INSERT INTO fundraising_donor_levels (`level`,`min`,`max`,`description`,`fiscalyear`) VALUES (
-            '".mysql_real_escape_string($r->max)."',
+            '".$r->level."',
-            '".mysql_real_escape_string($r->description)."',
+            '".$r->min."',
-            '".$config['FISCALYEAR']."')");
+            '".$r->max."',
+            '".$r->description."',
+            '".$config['FISCALYEAR'].")')");
+        $pdo->execute();
      }
  }
 
  //first, insert any default fundraising goals
- $q=mysql_query("SELECT * FROM fundraising_goals WHERE fiscalyear='".$config['FISCALYEAR']."'");
+ $q=$pdo->prepare("SELECT * FROM fundraising_goals WHERE fiscalyear='".$config['FISCALYEAR']."'");
- if(!mysql_num_rows($q)) {
+ $q->execute();
-     $q=mysql_query("SELECT * FROM fundraising_goals WHERE fiscalyear='-1'");
+ if(!$q->rowCount()) {
-     while($r=mysql_fetch_object($q)) {
+     $q=$pdo->prepare("SELECT * FROM fundraising_goals WHERE fiscalyear='-1'");
-         mysql_query("INSERT INTO fundraising_goals (`goal`,`name`,`description`,`system`,`budget`,`fiscalyear`) VALUES (
+     $q->execute();
-            '".mysql_real_escape_string(stripslashes($r->goal))."',
+     while($r=$q->fetch(PDO::FETCH_OBJ)) {
-            '".mysql_real_escape_string(stripslashes($r->name))."',
+         $stmt = pdo->prepare("INSERT INTO fundraising_goals (`goal`,`name`,`description`,`system`,`budget`,`fiscalyear`) VALUES (
-            '".mysql_real_escape_string(stripslashes($r->description))."',
+            '".stripslashes($r->goal)."',
-            '".mysql_real_escape_string($r->system)."',
+            '".stripslashes($r->name)."',
-            '".mysql_real_escape_string($r->budget)."',
+            '".stripslashes($r->description)."',
+            '".$r->system."',
+            '".$r->budget."',
             '".$config['FISCALYEAR']."')");
+        $stmt->execute();
      }
  }
 
 
  switch($_GET['gettab']) {
 	case "levels": 
-		$q=mysql_query("SELECT * FROM fundraising_donor_levels WHERE fiscalyear='{$config['FISCALYEAR']}' ORDER BY max");
+		$q=$pdo->prepare("SELECT * FROM fundraising_donor_levels WHERE fiscalyear='{$config['FISCALYEAR']}' ORDER BY max");
-		echo "<div id=\"levelaccordion\" style=\"width: 75%;\">\n";
+		$q->execute();
-		while($r=mysql_fetch_object($q)) {
+        echo "<div id=\"levelaccordion\" style=\"width: 75%;\">\n";
+		while($r=$q->fetch(PDO::FETCH_OBJ)) {
 			echo "<h3><a href=\"#\">$r->level (".format_money($r->min,false)." to ".format_money($r->max,false).")</a></h3>\n";
 			echo "<div id=\"level_$r->id\">\n";
             echo "<form id=\"level_form_$r->id\" onsubmit=\"return level_save($r->id)\">\n";
@@ -112,9 +119,10 @@
 	break;
 
 	case "goals": 
-		$q=mysql_query("SELECT * FROM fundraising_goals WHERE fiscalyear='{$config['FISCALYEAR']}' ORDER BY name");
+		$q=$pdo->prepare("SELECT * FROM fundraising_goals WHERE fiscalyear='{$config['FISCALYEAR']}' ORDER BY name");
-		echo "<div id=\"goalaccordion\" style=\"width: 75%;\">\n";
+		$q->execute();
-		while($r=mysql_fetch_object($q)) {
+        echo "<div id=\"goalaccordion\" style=\"width: 75%;\">\n";
+		while($r=$q->fetch(PDO::FETCH_OBJ)) {
 			echo "<h3><a href=\"#\">$r->name (".format_money($r->budget,false).") Deadline: ".format_date($r->deadline)."</a></h3>\n";
 			echo "<div id=\"goal_$r->id\">\n";
             echo "<form id=\"goal_form_$r->id\" onsubmit=\"return goal_save($r->id)\">\n";
@@ -210,29 +218,33 @@
            }
 
            if($id) {
-                mysql_query("UPDATE fundraising_donor_levels SET
+                $stmt = $pdo->prepare("UPDATE fundraising_donor_levels SET
-                    min='".mysql_real_escape_string($_POST['min'])."',
+                    min='".$_POST['min']."',
-                    max='".mysql_real_escape_string($_POST['max'])."',
+                    max='".$_POST['max']."',
-                    level='".mysql_real_escape_string(stripslashes($_POST['level']))."',
+                    level='".stripslashes($_POST['level'])."',
-                    description='".mysql_real_escape_string(stripslashes($_POST['description']))."'
+                    description='".stripslashes($_POST['description'])."'
                     WHERE id='$id' AND fiscalyear='{$config['FISCALYEAR']}'
                     ");
+                $stmt->execute();
                 happy_("Level Saved");
+
             }
             else {
-                mysql_query("INSERT INTO fundraising_donor_levels (`level`,`min`,`max`,`description`,`fiscalyear`) VALUES (
+                $stmt = $pdo->prepare("INSERT INTO fundraising_donor_levels (`level`,`min`,`max`,`description`,`fiscalyear`) VALUES (
-                '".mysql_real_escape_string($_POST['level'])."',
+                '".$_POST['level']."',
-                '".mysql_real_escape_string($_POST['min'])."',
+                '".$_POST['min']."',
-                '".mysql_real_escape_string($_POST['max'])."',
+                '".$_POST['max']."',
-                '".mysql_real_escape_string($_POST['description'])."',
+                '".$_POST['description']."',
                 '{$config['FISCALYEAR']}')");
+                $stmt->execute();
                 happy_("Level Created");
             }
         exit;
         break;
         case "level_delete":
            $id=$_POST['id'];
-           mysql_query("DELETE FROM fundraising_donor_levels WHERE id='$id' AND fiscalyear='{$config['FISCALYEAR']}'");
+           $stmt = $pdo->prepare("DELETE FROM fundraising_donor_levels WHERE id='$id' AND fiscalyear='{$config['FISCALYEAR']}'");
+           $stmt->execute();
            happy_("Level Deleted");
        exit;
        break;
@@ -244,32 +256,35 @@
                 exit;
            }
            if($id) {
-                mysql_query("UPDATE fundraising_goals SET
+                $stmt = $pdo->prepare("UPDATE fundraising_goals SET
-                    budget='".mysql_real_escape_string($_POST['budget'])."',
+                    budget='".$_POST['budget']."',
-                    deadline='".mysql_real_escape_string($_POST['deadline'])."',
+                    deadline='".$_POST['deadline']."',
-                    name='".mysql_real_escape_string(stripslashes($_POST['name']))."',
+                    name='".stripslashes($_POST['name'])."',
-                    description='".mysql_real_escape_string(stripslashes($_POST['description']))."'
+                    description='".stripslashes($_POST['description'])."'
                     WHERE id='$id' AND fiscalyear='{$config['FISCALYEAR']}'
                     ");
+                $stmt->execute();
                 happy_("Purpose Saved");
             }
             else {
                 $goal=strtolower($_POST['name']);
                 $goal=ereg_replace("[^a-z]","",$goal);
-                $q=mysql_query("SELECT * FROM fundraising_goals WHERE goal='$goal' AND fiscalyear='{$config['FISCALYEAR']}'");
+                $q=$pdo->prepare("SELECT * FROM fundraising_goals WHERE goal='$goal' AND fiscalyear='{$config['FISCALYEAR']}'");
-                echo mysql_error();
+                $q->execute();
-                if(mysql_num_rows($q)) {
+                echo $pdo->errorInfo();
+                if($q->rowCount()) {
                     error_("The automatically generated purpose key (%1) generated from (%2) is not unique.  Please try a different Purpose Name",array($goal,$_POST['name']));
                     exit;
                 }
 
-                mysql_query("INSERT INTO fundraising_goals (`goal`,`name`,`budget`,`deadline`,`description`,`fiscalyear`) VALUES (
+                $stmt = $pdo->prepare("INSERT INTO fundraising_goals (`goal`,`name`,`budget`,`deadline`,`description`,`fiscalyear`) VALUES (
-                '".mysql_real_escape_string($goal)."',
+                '".$goal."',
-                '".mysql_real_escape_string($_POST['name'])."',
+                '".$_POST['name']."',
-                '".mysql_real_escape_string($_POST['budget'])."',
+                '".$_POST['budget']."',
-                '".mysql_real_escape_string($_POST['deadline'])."',
+                '".$_POST['deadline']."',
-                '".mysql_real_escape_string($_POST['description'])."',
+                '".$_POST['description']."',
                 '{$config['FISCALYEAR']}')");
+                $stmt->execute();
                 happy_("Purpose Created");
             }
         exit;
@@ -277,8 +292,9 @@
         case "goal_delete":
            $id=$_POST['id'];
            //they cant delete system ones
-           $q=mysql_query("SELECT * FROM fundraising_goals WHERE id='$id' AND fiscalyear='{$config['FISCALYEAR']}'");
+           $q=$pdo->prepare("SELECT * FROM fundraising_goals WHERE id='$id' AND fiscalyear='{$config['FISCALYEAR']}'");
-           if(!$r=mysql_fetch_object($q)) {
+           $q->execute();
+           if(!$r=$q->fetch(PDO::FETCH_OBJ)) {
                error_("Invalid goal to delete");
                exit;
            }
@@ -286,22 +302,30 @@
                error_("Fundraising goals created automatically and used by the system cannot be deleted");
                exit;
            }
-           $q=mysql_query("SELECT * FROM fundraising_donations WHERE fundraising_goal='$r->goal' AND fiscalyear='{$config['FISCALYEAR']}'");
+           $q=$pdo->prepare("SELECT * FROM fundraising_donations WHERE fundraising_goal='$r->goal' AND fiscalyear='{$config['FISCALYEAR']}'");
-           if(mysql_num_rows($q)) {
+           $q->execute();
+           if($q->rowCount()) {
                error_("This goal already has donations assigned to it, it cannot be deleted");
                exit;
            }
 
-           mysql_query("DELETE FROM fundraising_goals WHERE id='$id' AND fiscalyear='{$config['FISCALYEAR']}'");
+           $stmt = $pdo->prepare("DELETE FROM fundraising_goals WHERE id='$id' AND fiscalyear='{$config['FISCALYEAR']}'");
+           $stmt->execute();
            happy_("Purpose Deleted");
        exit;
        break;
 
        case "setup_save":
        $fye=sprintf("%02d-%02d",intval($_POST['fiscalendmonth']),intval($_POST['fiscalendday']));
-       mysql_query("UPDATE config SET val='$fye' WHERE var='fiscal_yearend' AND year='{$config['FAIRYEAR']}'");
+       
-       mysql_query("UPDATE config SET val='".mysql_real_escape_string($_POST['registeredcharity'])."' WHERE var='registered_charity' AND year='{$config['FAIRYEAR']}'");
+       $stmt = $pdo->prepare("UPDATE config SET val='$fye' WHERE var='fiscal_yearend' AND year='{$config['FAIRYEAR']}'");
-       mysql_query("UPDATE config SET val='".mysql_real_escape_string($_POST['charitynumber'])."' WHERE var='charity_number' AND year='{$config['FAIRYEAR']}'");
+       $stmt->execute();
+
+       $stmt = $pdo->prepare("UPDATE config SET val='".$_POST['registeredcharity']."' WHERE var='registered_charity' AND year='{$config['FAIRYEAR']}'");
+       $stmt->execute();
+
+       $stmt = $pdo->prepare("UPDATE config SET val='".$_POST['charitynumber']."' WHERE var='charity_number' AND year='{$config['FAIRYEAR']}'");
+       $stmt->execute();
        happy_("Fundraising module setup saved");
        exit;
        break;

admin/fundraising_sponsorship.php

@@ -28,8 +28,9 @@
 
  if($_GET['id']) {
 	 $id=intval($_GET['id']);
-	 $q=mysql_query("SELECT fundraising_donations.*, sponsors.organization FROM fundraising_donations,sponsors WHERE fundraising_donations.id='$id' AND fundraising_donations.sponsors_id=sponsors.id");
+	 $q=$pdo->prepare("SELECT fundraising_donations.*, sponsors.organization FROM fundraising_donations,sponsors WHERE fundraising_donations.id='$id' AND fundraising_donations.sponsors_id=sponsors.id");
-	 $sponsorship=mysql_fetch_object($q);
+	 $q->execute();
+	 $sponsorship=$q->fetch(PDO::FETCH_OBJ);
 	 $formaction="sponsorshipedit";
  }
  else
@@ -69,12 +70,13 @@ function typechange() {
          echo "<tr><th>".i18n("Donor")."</th>";
          echo "<td>";
 
-	 $q=mysql_query("SELECT * FROM sponsors ORDER BY organization");
+	 $q=$pdo->prepare("SELECT * FROM sponsors ORDER BY organization");
-	 echo mysql_error();
+	 $q->execute();
+	 echo $pdo->errorInfo();
      echo "<span id=\"sponsor_type_organization\" style=\"display: none;\">";
 	 echo "<select name=\"sponsors_id\">";
 	 echo "<option value=\"\">".i18n("Choose")."</option>\n";
-	 while($r=mysql_fetch_object($q)) {
+	 while($r=$q->fetch(PDO::FETCH_OBJ)) {
 		 if($r->id==$sponsorship->sponsors_id) $sel="selected=\"selected\""; else $sel="";
 		 echo "<option $sel value=\"$r->id\">$r->organization</option>\n";
 	 }
@@ -82,12 +84,13 @@ function typechange() {
      echo "</span>";
 
 
-	 $q=mysql_query("SELECT users.*, MAX(year) AS year FROM users WHERE (firstname!='' AND lastname!='') GROUP BY uid HAVING deleted='no' ORDER BY lastname,firstname");
+	 $q=$pdo->prepare("SELECT users.*, MAX(year) AS year FROM users WHERE (firstname!='' AND lastname!='') GROUP BY uid HAVING deleted='no' ORDER BY lastname,firstname");
-	 echo mysql_error();
+	 $q->execute();
+	 echo $pdo->errorInfo();
      echo "<span id=\"sponsor_type_individual\" style=\"display: none;\">";
 	 echo "<select name=\"users_uid\">";
 	 echo "<option value=\"\">".i18n("Choose")."</option>\n";
-	 while($r=mysql_fetch_object($q)) {
+	 while($r=$q->fetch(PDO::FETCH_OBJ)) {
 		 if($r->uid==$sponsorship->users_uid) $sel="selected=\"selected\""; else $sel="";
 		 echo "<option $sel value=\"$r->uid\">[$r->year][$r->uid] $r->lastname, $r->firstname ($r->email)</option>\n";
 	 }
@@ -111,11 +114,12 @@ function typechange() {
 
 	 echo "<tr><th>".i18n("Donation Allocation")."</th>";
 	 echo "<td>";
-	 $q=mysql_query("SELECT * FROM fundraising WHERE year='{$config['FAIRYEAR']}' ORDER BY name");
+	 $q=$pdo->prepare("SELECT * FROM fundraising WHERE year='{$config['FAIRYEAR']}' ORDER BY name");
-	 echo mysql_error();
+	 $q->execute();
+	 echo $pdo->errorInfo();
 	 echo "<select name=\"fundraising_type\">";
 	 echo "<option value=\"\">".i18n("Choose")."</option>\n";
-	 while($r=mysql_fetch_object($q)) {
+	 while($r=$q->fetch(PDO::FETCH_OBJ)) {
 		 if($r->type==$sponsorship->fundraising_type || $r->type==$fundraising_type) $sel="selected=\"selected\""; else $sel="";
 		 echo "<option $sel value=\"$r->type\">$r->name</option>\n";
 	 }

admin/fundraising_sponsorship_handler.inc.php

@@ -1,7 +1,8 @@
 <?
 if($_POST['action']=="sponsorshipdelete") {
-	mysql_query("DELETE FROM fundraising_donations WHERE id='".intval($_POST['delete'])."'");
+	$stmt = $pdo->prepare("DELETE FROM fundraising_donations WHERE id='".intval($_POST['delete'])."'");
-	if(mysql_affected_rows())
+	$stmt->execute();
+	if($pdo->rowCount())
 		happy_("Successfully removed sponsorship");
    exit;
 }
@@ -9,11 +10,11 @@ if($_POST['action']=="sponsorshipdelete") {
 if($_POST['action']=="sponsorshipedit" || $_POST['action']=="sponsorshipadd") {
 	$sponsors_id=intval($_POST['sponsors_id']);
 	$fundraising_donations_id=intval($_POST['fundraising_donations_id']);
-	$fundraising_type=mysql_real_escape_string($_POST['fundraising_type']);
+	$fundraising_type=$_POST['fundraising_type'];
 	
-	$value=mysql_real_escape_string($_POST['value']);
+	$value=$_POST['value'];
-	$status=mysql_real_escape_string($_POST['status']);
+	$status=$_POST['status'];
-	$probability=mysql_real_escape_string($_POST['probability']);
+	$probability=$_POST['probability'];
 
 	if($status=="confirmed" || $status=="received") $probability="100";
 	if($probability==100 && $status=="pending") $status="confirmed";
@@ -22,8 +23,9 @@ if($_POST['action']=="sponsorshipedit" || $_POST['action']=="sponsorshipadd") {
 if($_POST['action']=="sponsorshipedit") {
 
 	if($fundraising_donations_id && $fundraising_type && $value) {
-		$q=mysql_query("SELECT * FROM fundraising_donations WHERE id='$fundraising_donations_id'");
+		$q=$pdo->prepare("SELECT * FROM fundraising_donations WHERE id='$fundraising_donations_id'");
-		$current=mysql_fetch_object($q);
+		$q->execute();
+		$current=$q->fetch(PDO::FETCH_OBJ);
 
 		unset($log);
 		$log=array();
@@ -40,18 +42,18 @@ if($_POST['action']=="sponsorshipedit") {
 			$log[]="Changed sponsorship probability from $current->probability to $probability";
 
 		if(count($log)) {
-			mysql_query("UPDATE fundraising_donations SET fundraising_type='$fundraising_type', value='$value', status='$status', probability='$probability' WHERE id='$fundraising_donations_id'");
+			$stmt = $pdo->prepare("UPDATE fundraising_donations SET fundraising_type='$fundraising_type', value='$value', status='$status', probability='$probability' WHERE id='$fundraising_donations_id'");
-
+			$stmt->execute();
 			foreach($log AS $l) {
-					mysql_query("INSERT INTO fundraising_donor_logs (sponsors_id,dt,users_id,log) VALUES (
+					$stmt = $pdo->prepare("INSERT INTO fundraising_donor_logs (sponsors_id,dt,users_id,log) VALUES (
 						'$current->sponsors_id',
 						NOW(),
 						'".$_SESSION['users_id']."',
-						'".mysql_real_escape_string($l)."')");
+						'".$l."')");
-
+					$stmt->execute();
 			}
-			if(mysql_error())
+			if($pdo->errorInfo())
-				echo error_(mysql_error());
+				echo error_($pdo->errorInfo());
 			else
                 echo happy_("Saved sponsorship changes");
 		}
@@ -65,18 +67,24 @@ if($_POST['action']=="sponsorshipedit") {
 }
 if($_POST['action']=="sponsorshipadd") {
 	if($sponsors_id && $fundraising_type && $value) {
-		mysql_query("INSERT INTO fundraising_donations (sponsors_id,fundraising_type,value,status,probability,fiscalyear) VALUES ('$sponsors_id','$fundraising_type','$value','$status','$probability','{$config['FISCALYEAR']}')");
+		
-		mysql_query("INSERT INTO fundraising_donor_logs (sponsors_id,dt,users_id,log) VALUES (
+		
+		$stmt = $pdo->prepare("INSERT INTO fundraising_donations (sponsors_id,fundraising_type,value,status,probability,fiscalyear) VALUES ('$sponsors_id','$fundraising_type','$value','$status','$probability','{$config['FISCALYEAR']}')");
+		$stmt->execute();
+
+		
+		$stmt = $pdo->prepare("INSERT INTO fundraising_donor_logs (sponsors_id,dt,users_id,log) VALUES (
+		$stmt->execute();
 			'$sponsors_id',
 			NOW(),
 			'".$_SESSION['users_id']."',
-			'".mysql_real_escape_string("Created sponsorship: type=$fundraising_type, value=\$$value, status=$status, probability=$probability%")."')");
+			'"."Created sponsorship: type=$fundraising_type, value=\$$value, status=$status, probability=$probability%")."')";
 		happy_("Added new sponsorship");
 	}
 	else
 		error_("Required fields were missing, please try again");
-	if(mysql_error())
+	if($pdo->errorInfo())
-		error_(mysql_error());
+		error_($pdo->errorInfo());
    exit;
 }
 

admin/fundraising_types.php

@@ -28,9 +28,10 @@
 
 	if($_GET['id']) {
 		$id=intval($_GET['id']);
-		$q=mysql_query("SELECT * FROM fundraising WHERE id='$id'");
+		$q=$pdo->prepare("SELECT * FROM fundraising WHERE id='$id'");
+		$q->execute();
 	//	echo "<h2>Edit Fund</h2>";
-		$fund=mysql_fetch_object($q);
+		$fund=$q->fetch(PDO::FETCH_OBJ);
 		$formaction="fundedit";
 	}
 	else {

admin/gettranslation.php

@@ -28,8 +28,9 @@ user_auth_required('committee', 'admin');
 $ret=array();
 foreach($config['languages'] AS $l=>$ln) {
 	if($l==$config['default_language']) continue;
-	$q=mysql_query("SELECT * FROM translations WHERE lang='$l' AND strmd5='".md5(iconv("ISO-8859-1","UTF-8",$_GET['str']))."'");
+	$q=$pdo->prepare("SELECT * FROM translations WHERE lang='$l' AND strmd5='".md5(iconv("ISO-8859-1","UTF-8",$_GET['str']))."'");
-	if($r=mysql_fetch_object($q))
+	$q->execute();
+        if($r=$q->fetch(PDO::FETCH_OBJ))
         $ret[$l]=iconv("ISO-8859-1","UTF-8",$r->val);
 	else
         $ret[$l]="";

admin/index.php

@@ -26,12 +26,15 @@
  require_once("../user.inc.php");
  require_once("../committee.inc.php");
 
+
  user_auth_required('committee','admin');
 
  send_header("Administration",
  	array('Committee Main' => 'committee_main.php'),
 	"administration");
 
+
+
  echo "<table class=\"adminconfigtable\">";
  echo " <tr>";
  echo "  <td><a href=\"registration.php\">".theme_icon("participant_registration")."<br />".i18n("Participant Registration")."</a></td>";
@@ -77,13 +80,13 @@
  echo "<hr />";
  echo "<table class=\"adminconfigtable\">";
  echo " <tr>";
- if($config['score_entry_enable'] == 'yes') {
-	echo "<td><a href=\"judging_score_entry.php\">".theme_icon("judging_score_entry")."<br />".i18n("Judging Score Entry")."</a></td>";
- }
  echo "  <td><a href=\"winners.php\">".theme_icon("enter_winning_projects")."<br />".i18n("Enter Winning Projects")."</a></td>";
  echo "  <td><a href=\"cwsfregister.php\">".theme_icon("one-click_cwsf_registration")."<br />".i18n("One-Click CWSF Registration")."</a></td>";
  echo "  <td><a href=\"fair_stats.php\">".theme_icon("fair_stats")."<br />".i18n("Upload Fair Statistics")."</a></td>";
  echo "  <td><a href=\"user_list.php?show_types[]=fair\">".theme_icon("sciencefair_management")."<br />".i18n("Feeder/Upstream Fair Management")."</a></td>";
+if($config['score_entry_enable'] == 'yes') {
+ echo "<td><a href=\"judging_score_entry.php\">".theme_icon("judging_score_entry")."<br />".i18n("Judging Score Entry")."</a></td>";
+ }
  echo " </tr>\n";
  echo "</table>\n";
  echo "<hr />";
@@ -93,7 +96,10 @@
  echo "  <td><a href=\"documents.php\">".theme_icon("internal_document_management")."<br />".i18n("Internal Document Management")."</a></td>";
  echo "  <td><a href=\"cms.php\">".theme_icon("website_content_management")."<br />".i18n("Website Content Management")."</a></td>";
  echo "  <td><a href=\"fundraising.php\">".theme_icon("fundraising")."<br />".i18n("Fundraising")."</a></td>";
- echo "  <td></td>";
+ if($config['score_entry_enable'] == 'yes') {
+ echo "<td><a href=\"../plugins/evaluations/index.php\">".theme_icon("judging_score_entry")."<br />".i18n("Evaluations Plugin")."</a></td>"; 
+ }
+ //echo "  <td><a href=\"../plugins/evaluations/index.php\">Go To Evaluations</a></td>";
  echo " </tr>\n";
  echo "</table>\n";
 

admin/judges.inc.php

@@ -3,7 +3,7 @@ function getJudgingTeams()
 {
 	global $config;
 
-	$q=mysql_query("SELECT 	judges_teams.id,
+	$q=$pdo->prepare("SELECT 	judges_teams.id,
 				judges_teams.num,
 				judges_teams.name
 			FROM 
@@ -13,12 +13,13 @@ function getJudgingTeams()
 			ORDER BY 
 				num,name
 				");
+	$q->execute();
 
 	$lastteamid=-1;
 	$lastteamnum=-1;
-	echo mysql_error();
+	echo $pdo->errorInfo();
 	$teams=array();
-	while($r=mysql_fetch_object($q))
+	while($r=$q->fetch(PDO::FETCH_OBJS))
 	{
 		$teams[$r->id]['id']=$r->id;
 		$teams[$r->id]['num']=$r->num;
@@ -28,22 +29,24 @@ function getJudgingTeams()
 
 		/* Load timeslots */
 		$rounds = array();
-		$tq = mysql_query("SELECT * FROM judges_teams_timeslots_link
+		$tq = $pdo->prepare("SELECT * FROM judges_teams_timeslots_link
 					LEFT JOIN judges_timeslots ON judges_timeslots.id=judges_teams_timeslots_link.judges_timeslots_id
 					WHERE judges_teams_timeslots_link.judges_teams_id='{$r->id}'");
+		tq->execute();
 		$teams[$r->id]['timeslots'] = array();
 		$teams[$r->id]['rounds'] = array();
-		while($ts = mysql_fetch_assoc($tq)) {
+		while($ts = $tq->fetch(PDO::FETCH_ASSOC)) {
 			$teams[$r->id]['timeslots'][] = $ts;
 			$rounds[$ts['round_id']] = $ts['round_id'];
 		}
 		foreach($rounds as $round_id) {
-			$tq = mysql_query("SELECT * FROM judges_timeslots WHERE id='{$round_id}'");
+			$tq = $pdo->prepare("SELECT * FROM judges_timeslots WHERE id='{$round_id}'");
-			$teams[$r->id]['rounds'][] = mysql_fetch_assoc($tq);
+			$tq->execute();
+			$teams[$r->id]['rounds'][] = $tq->fetch(PDO::FETCH_ASSOC);
 		}
 
 		//get the members for this team
-		$mq=mysql_query("SELECT 	
+		$mq=$pdo->prepare("SELECT 	
 			users.id AS judges_id,
 			users.firstname,
 			users.lastname,
@@ -59,11 +62,12 @@ function getJudgingTeams()
 			captain DESC,
 			lastname,
 			firstname");
-		echo mysql_error();
+		$mq->execute();
+		echo $pdo->errorInfo();
 
 		
         $teamlangs=array();
-		while($mr=mysql_fetch_object($mq))
+		while($mr=$mq->fetch(PDO::FETCH_OBJ))
 		{
 			$u = user_load($mr->judges_id, false);
 			$judgelangs = join('/', $u['languages']);
@@ -84,14 +88,15 @@ function getJudgingTeams()
         $teams[$r->id]['languages_members']=$teamlangs;
 
 		//we also need to add all the languages that the team must JUDGE to the teams languages.
-		$lq=mysql_query("SELECT projects.language
+		$lq=$pdo->prepare("SELECT projects.language
 			FROM judges_teams_timeslots_projects_link 
 			LEFT JOIN projects ON judges_teams_timeslots_projects_link.projects_id=projects.id
 			WHERE judges_teams_timeslots_projects_link.year='{$config['FAIRYEAR']}' AND
-			judges_teams_id='$r->id' ");
+			judges_teams_id='$r->id' AND language!='' ");
-		echo mysql_error();
+		$lq->execute();
+		echo $pdo->errorInfo();
 		$projectlangs=array();
-		while($lr=mysql_fetch_object($lq)) {
+		while($lr=$lq->fetch(PDO::FETCH_OBJ)) {
 			if(!in_array($lr->language,$projectlangs))
 				$projectlangs[]=$lr->language;
 			if(!in_array($lr->language,$teamlangs))
@@ -101,7 +106,7 @@ function getJudgingTeams()
         $teams[$r->id]['languages']=$teamlangs;
 
 		//get the awards for this team
-		$aq=mysql_query("SELECT award_awards.id,
+		$aq=$pdo->prepare("SELECT award_awards.id,
 					award_awards.name,
 					award_awards.criteria,
 					award_awards.award_types_id,
@@ -118,7 +123,8 @@ function getJudgingTeams()
 				ORDER BY
 					name
 				");
-		while($ar=mysql_fetch_object($aq))
+			$aq->execute();
+		while($ar=$aq->fetch(PDO::FETCH_OBJ))
 		{
 			$teams[$r->id]['awards'][]=array(
 					"id"=>$ar->id,
@@ -136,7 +142,7 @@ function getJudgingTeam($teamid)
 {
 	global $config;
 
-	$q=mysql_query("SELECT 	judges_teams.id,
+	$q=$pdo->prepare("SELECT 	judges_teams.id,
 				judges_teams.num,
 				judges_teams.name
 				
@@ -149,18 +155,19 @@ function getJudgingTeam($teamid)
 				num,
 				name
 				");
+	$q->execute();
 
 	$team=array();
 
 	$first=true;
-	while($r=mysql_fetch_object($q))
+	while($r=$q->fetch(PDO::FETCH_OBJS))
 	{
 		$team['id']=$r->id;
 		$team['num']=$r->num;
 		$team['name']=$r->name;
 
 		//get the members for this team
-		$mq=mysql_query("SELECT 	
+		$mq=$pdo->prepare("SELECT 	
 			users.id AS judges_id,
 			users.firstname,
 			users.lastname,
@@ -176,10 +183,11 @@ function getJudgingTeam($teamid)
 			captain DESC,
 			lastname,
 			firstname");
-		echo mysql_error();
+		$mq->execute();
+		echo $pdo->errorInfo();
 
 		
-		while($mr=mysql_fetch_object($mq))
+		while($mr=$mq->fetch(PDO::FETCH_OBJ))
 		{
 			$team['members'][]=array(
 				"id"=>$mr->judges_id,
@@ -191,7 +199,7 @@ function getJudgingTeam($teamid)
 
 
 		//get the awards for this team
-		$aq=mysql_query("SELECT award_awards.id,
+		$aq=$pdo->prepare("SELECT award_awards.id,
 					award_awards.name,
 					award_awards.award_types_id,
 					award_types.type AS award_type
@@ -207,7 +215,8 @@ function getJudgingTeam($teamid)
 				ORDER BY
 					name
 				");
-		while($ar=mysql_fetch_object($aq))
+		$aq->execute();
+		while($ar=$aq->fetch(PDO::OBJ))
 		{
 			$team['awards'][]=array(
 					"id"=>$ar->id,
@@ -254,8 +263,9 @@ function judges_load_all()
 				AND year='{$config['FAIRYEAR']}'
 				AND deleted='no'
 				ORDER BY lastname, firstname";
-	$r = mysql_query($query);
+	$r = $pdo->prepare($query);
-	while($i = mysql_fetch_assoc($r)) {
+	$r->execute();
+	while($i = $r->fetch(PDO::FETCH_ASSOC)) {
 		$u = user_load($i['id']);
 		if($u['judge_complete'] == 'no') continue;
 		if($u['judge_active'] == 'no') continue;

admin/judges_info.php

@@ -43,8 +43,8 @@ $preferencechoices=array(
 $id = intval($_GET['id']);
 $judgeinfo = user_load($id);
 
-echo '<div style="text-align:center; padding: 5px;">';
 send_popup_header("Judge Information");
+echo '<div style="text-align:center; padding: 5px;">';
 
  if($id < 1) {
 	echo error(i18n("No Judge ID passed to Judges Info"));
@@ -105,9 +105,10 @@ send_popup_header("Judge Information");
 // get their availability
 $availabilityText = "";
 if($config['judges_availability_enable'] == 'yes'){
-	$q = mysql_query("SELECT * FROM judges_availability WHERE users_id=\"{$judgeinfo['id']}\" ORDER BY `start`");
+	$q = $pdo->prepare("SELECT * FROM judges_availability WHERE users_id=\"{$judgeinfo['id']}\" ORDER BY `start`");
+	$q->execute();
 	$sel = array();
-	while($r=mysql_fetch_object($q)) {
+	while($r=$q->fetch(PDO::FETCH_OBJ)) {
 		$st = substr($r->start, 0, 5);
 		$end = substr($r->end, 0, 5);
 		$availabilityText .= "<li>$st - $end</li>";
@@ -121,7 +122,8 @@ if($config['judges_availability_enable'] == 'yes'){
 echo '<div style="text-align:left">';
 
 // is their info complete?
-$completeText = $judgeinfo['complete']=="yes" ? "Yes" : "No";
+$completeText = $judgeinfo['judge_complete']=="yes" ? "Yes" : "No";
+$activeText = $judgeinfo['judge_active']=="yes" ? "Yes" : "No";
 
 // find out if they've signed up for judging any special awards
 $specialAwardsText = "";
@@ -130,8 +132,9 @@ if($judgeinfo['special_award_only'] == "yes"){
 		. " JOIN users ON jss.users_id = users.id"
 		. " JOIN award_awards aa ON aa.id = jss.award_awards_id"
 		. " WHERE users.id=" . $id;
-	$results = mysql_query($query);
+	$results = $pdo->prepare($query);
-	while($record = mysql_fetch_array($results)){
+	$results.execute();
+	while($record = $results.fetch()){
 		$awardList[] = $record['awardname'];
 	}
 	$specialAwardsText .= implode(', ', $awardList);
@@ -141,10 +144,11 @@ if($judgeinfo['special_award_only'] == "yes"){
 }
 
 // get their preference for age category
-$q=mysql_query("SELECT * FROM projectcategories WHERE year='{$config['FAIRYEAR']}'");
+$q=$pdo->prepare("SELECT * FROM projectcategories WHERE year='{$config['FAIRYEAR']}'");
+$q->execute();
 
-$catPreferenceText =  mysql_error() . "<ul>";
+$catPreferenceText =  $pdo->errorInfo() . "<ul>";
-while($r=mysql_fetch_object($q)) {
+while($r=$q->fetch(PDO::FETCH_OBJ)) {
 	$p = intval($judgeinfo['cat_prefs'][$r->id]);
 	$catPreferenceText .= "<li><em>" . i18n($r->category)."</em>: {$preferencechoices[$p]}</li>";
 }
@@ -156,6 +160,9 @@ $catPreferenceText .= "</ul>";
 	<tr><td>
 		<ul>
 
+			<li><strong><?="Active for {$config['FAIRYEAR']}";?>: </strong>
+			<?=$activeText;?></li>
+
 			<li><strong><?="Complete for {$config['FAIRYEAR']}";?>: </strong>
 			<?=$completeText;?></li>
 
@@ -182,9 +189,10 @@ $catPreferenceText .= "</ul>";
 <?php
 
 //grab the list of divisions, because the last fields of the table will be the sub-divisions 
-$q=mysql_query("SELECT * FROM projectdivisions WHERE year='{$config['FAIRYEAR']}' ORDER BY id");
+$q=$pdo->prepare("SELECT * FROM projectdivisions WHERE year='{$config['FAIRYEAR']}' ORDER BY id");
+$q->execute();
 $divs=array();
-while($r=mysql_fetch_object($q))
+while($r=$q->fetch(PDO::FETCH_OBJ))
 {
 	$divs[]=$r->id;
 	$divnames[$r->id]=$r->division;
@@ -197,10 +205,11 @@ foreach($divs as $div)
 	echo " <td>$p/5</td>";
 
 	echo "<td>";
-	$subq=mysql_query("SELECT * FROM projectsubdivisions WHERE 
+	$subq=$pdo->prepare("SELECT * FROM projectsubdivisions WHERE 
 				projectdivisions_id='$div' AND year='{$config['FAIRYEAR']}' ORDER BY subdivision");
+	$subq->execute();
 	$sd = array();
-	while($subr=mysql_fetch_object($subq)) {
+	while($subr=$subq->fetch(PDO::FETCH_OBJ)) {
 		if($u['div_prefs_sub'][$subr->id] == 1) {
 			$sd[] = $subdivr->subdivision;
 		}
@@ -238,7 +247,7 @@ echo "<tr>\n";
 echo " <th valign=\"top\" align=\"right\" colspan=\"2\">".i18n("Time Availability").":</th><td colspan=\"2\">";
 $q = mysql_query("SELECT * FROM judges_availability WHERE users_id=\"{$judgeinfo['id']}\" ORDER BY `start`");
 $sel = array();
-while($r=mysql_fetch_object($q)) {
+while($r=$q->fetch(PDO::FETCH_OBJ)) {
 	$st = substr($r->start, 0, 5);
 	$end = substr($r->end, 0, 5);
 	echo "$st - $end<br />";

admin/judges_invite.php

@@ -35,15 +35,17 @@
  echo "<br />";
  if($_POST['action']=="invite" && $_POST['email'])
  {
- 	$q=mysql_query("SELECT id FROM judges WHERE email='".$_POST['email']."'");
+ 	$q=$pdo->prepare("SELECT id FROM judges WHERE email='".$_POST['email']."'");
-	if(mysql_num_rows($q))
+	$q->execute();
+	if($q->rowCount())
 	{
 		echo error(i18n("A judge already exists with that email address"));
 	}
 	else
 	{
 		$pass=generatePassword();
-		mysql_query("INSERT INTO judges (email,password) VALUES ('".mysql_escape_string(stripslashes($_POST['email']))."','$pass')");
+		$pdo->prepare("INSERT INTO judges (email,password) VALUES ('".stripslashes($_POST['email']))."','$pass')";
+		$pdo->execute();
 		email_send("new_judge_invite",stripslashes($_POST['email']),array("FAIRNAME"=>$config['fairname']),array("FAIRNAME"=>$config['fairname'],"EMAIL"=>stripslashes($_POST['email']),"PASSWORD"=>$pass));
 
 		echo happy(i18n("%1 has been invited to be a judge",array($_POST['email'])));

admin/judges_jdiv.php

@@ -56,15 +56,17 @@ function newbuttonclicked(jdivs)
 
 	$div = array();
 	$divshort = array();
-	$q=mysql_query("SELECT * FROM projectdivisions WHERE year='".$config['FAIRYEAR']."' ORDER BY id");
+	$q=$pdo->prepare("SELECT * FROM projectdivisions WHERE year='".$config['FAIRYEAR']."' ORDER BY id");
-	while($r=mysql_fetch_object($q)) {
+	$q->execute();
+	while($r=$q->fetch(PDO::FETCH_OBJ)) {
 		$divshort[$r->id]=$r->division_shortform;
 		$div[$r->id]=$r->division;
 	}
 
 	$cat = array();
-	$q=mysql_query("SELECT * FROM projectcategories WHERE year='".$config['FAIRYEAR']."' ORDER BY id");
+	$q=$pdo->prepare("SELECT * FROM projectcategories WHERE year='".$config['FAIRYEAR']."' ORDER BY id");
-	while($r=mysql_fetch_object($q)) {
+	$q->execute();
+	while($r=$q->fetch(PDO::FETCH_OBJ)) {
 		$cat[$r->id]=$r->category;
 	}
 
@@ -72,9 +74,10 @@ function newbuttonclicked(jdivs)
 	$ckeys = array_keys($cat);
 
 	if($config['filterdivisionbycategory']=="yes") {
-		$q=mysql_query("SELECT * FROM projectcategoriesdivisions_link WHERE year='".$config['FAIRYEAR']."' ORDER BY projectdivisions_id,projectcategories_id");
+		$q=$pdo->prepare("SELECT * FROM projectcategoriesdivisions_link WHERE year='".$config['FAIRYEAR']."' ORDER BY projectdivisions_id,projectcategories_id");
+		$q->execute();
 		$divcat=array();
-		while($r=mysql_fetch_object($q)) {
+		while($r=$q->fetch(PDO::FETCH_OBJ)) {
 			$divcat[]=array("c"=>$r->projectcategories_id,"d"=>$r->projectdivisions_id);
 		}
 
@@ -89,8 +92,9 @@ function newbuttonclicked(jdivs)
 	}
 	
 	$langr = array();
-	$q=mysql_query("SELECT * FROM languages WHERE active='Y'");
+	$q=$pdo->prepare("SELECT * FROM languages WHERE active='Y'");
-	while($r=mysql_fetch_object($q)) {
+	$q->execute();
+	while($r=$q->fetch(PDO::FETCH_OBJ)) {
 		$langr[$r->lang] = $r->langname;
 	}
 
@@ -103,8 +107,9 @@ function get_all_divs()
 
 	$cdlcheck = array();
 	$cdl = array();
-	$q=mysql_query("SELECT * FROM judges_jdiv");
+	$q=$pdo->prepare("SELECT * FROM judges_jdiv");
-	while($r=mysql_fetch_object($q)) {
+	$q->execute();
+	while($r=$q->fetch(PDO::FETCH_OBJ)) {
 		$cdl[$r->id]['id'] = $r->id;
 		$cdl[$r->id]['jdiv'] = $r->jdiv_id;
 		$cdl[$r->id]['div'] = $r->projectdivisions_id;
@@ -128,13 +133,15 @@ function get_all_divs()
 
 			/* Also, make an entry in the DB, so that this isn't 
 			 * unassigned anymore */
-			mysql_query("INSERT INTO judges_jdiv (id, jdiv_id, projectdivisions_id, projectcategories_id, lang) ".
+			$stmt = $pdo->prepare("INSERT INTO judges_jdiv (id, jdiv_id, projectdivisions_id, projectcategories_id, lang) ".
 					" VALUES('', 0, '$y', '$x', '$z')"); 
-			$q = mysql_query("SELECT id FROM judges_jdiv WHERE ".
+			$stmt->execute();
+			$q = $pdo->prepare("SELECT id FROM judges_jdiv WHERE ".
 					" projectdivisions_id='$y' ".
 					" AND projectcategories_id='$x' ".
 					" AND lang='$z' ");
-			$r = mysql_fetch_object($q);
+			$q->execute();
+			$r = $q->fetch(PDO::FETCH_OBJ);
 
 			$cdl[$r->id]['id'] = $r->id;
 			$cdl[$r->id]['jdiv'] = 0; /* Unassigned */
@@ -153,16 +160,17 @@ function get_all_divs()
 		$x = $cat[$cdl[$id]['cat']];
 		$y = $divshort[$cdl[$id]['div']];
 		$z = $div[$cdl[$id]['div']];
-		$q = mysql_query("SELECT count(projects.id) AS cnt FROM projects,registrations WHERE ".
+		$q = $pdo->prepare("SELECT count(projects.id) AS cnt FROM projects,registrations WHERE ".
 			" projectdivisions_id='{$cdl[$id]['div']}' ".
 			" AND projectcategories_id='{$cdl[$id]['cat']}' ".
 			" AND language='{$cdl[$id]['lang']}' ".
 			" AND registrations.year='{$config['FAIRYEAR']}'".
 			" AND projects.registrations_id=registrations.id".
 			" AND (registrations.status='complete' OR registrations.status='paymentpending')");
+		$q->execute();
 
-		$r = mysql_fetch_object($q);
+		$r = $q->fetch(PDO::FETCH_OBJ);
-		echo mysql_error();
+		echo $pdo->errorInfo();
 		$c = $r->cnt;
 
 		$cdl[$id]['name'] = "$x $y ({$cdl[$id]['lang']}) ($c project".($c==1?'':'s').")";
@@ -175,24 +183,28 @@ function get_all_divs()
 	if($_POST['action']=="add" && $_POST['jdiv_id'] && count($_POST['cdllist'])>0)
 	{
 		foreach($_POST['cdllist'] AS $selectedcdl) {
-			$q=mysql_query("UPDATE judges_jdiv SET jdiv_id='{$_POST['jdiv_id']}' WHERE ".
+			$q=$pdo->prepare("UPDATE judges_jdiv SET jdiv_id='{$_POST['jdiv_id']}' WHERE ".
 						" id='$selectedcdl' ");
+			$q->execute();
 		}
 		echo happy(i18n("Judging Division(s) successfully added"));
 	}
 
 	if($_GET['action']=="del" && $_GET['cdl_id']) {
-		mysql_query("UPDATE judges_jdiv SET jdiv_id=0 WHERE id='{$_GET['cdl_id']}'");
+		$stmt = $pdo->prepare("UPDATE judges_jdiv SET jdiv_id=0 WHERE id='{$_GET['cdl_id']}'");
+		$stmt->execute();
 	}
 
 	if($_GET['action']=="empty" && $_GET['jdiv_id']) {
-		mysql_query("UPDATE judges_jdiv SET jdiv_id=0 WHERE jdiv_id='{$_GET['jdiv_id']}' ");
+		$stmt = $pdo->prepare("UPDATE judges_jdiv SET jdiv_id=0 WHERE jdiv_id='{$_GET['jdiv_id']}' ");
+		$stmt->execute();
 		echo happy(i18n("Emptied all divisions from Judging Division Group %1",array($_GET['jdiv_id'])));
 	}
 
 	if($_GET['action']=="recreate") {
 		//just delete them all, they'll be recreated automagically
-		mysql_query("TRUNCATE TABLE judges_jdiv");
+		$stmt = $pdo->prepare("TRUNCATE TABLE judges_jdiv");
+		$stmt->execute();
 		echo happy(i18n("Recreated all division/category/language options"));
 	}
 

admin/judges_sa.php

@@ -3,8 +3,9 @@
    This file is part of the 'Science Fair In A Box' project
    SFIAB Website: http://www.sfiab.ca
 
-   Copyright (C) 2005 Sci-Tech Ontario Inc <info@scitechontario.org>
+   Copyright (C) 2005-2008 Sci-Tech Ontario Inc <info@scitechontario.org>
-   Copyright (C) 2005 James Grant <james@lightbox.org>
+   Copyright (C) 2008-2012 Youth Science Ontario <info@youthscienceontario.ca>
+   Copyright (C) 2005-2012 James Grant <james@lightbox.org>
 
    This program is free software; you can redistribute it and/or
    modify it under the terms of the GNU General Public
@@ -29,6 +30,12 @@
  require_once('judges.inc.php');
  require_once('anneal.inc.php');
 
+// INFO ONLY:  Re Windows OS.   I have not found a test that works for both methods of starting this
+// SERVER_ADDR is Always null in Windows OS   IIS server
+// when I launch using judges_sa_launcher_apache.php  I could test using SERVER_NAME
+// However when I Launch using $WshShell->run($bat_filename,0,false ); for Windows IIS it seems:
+// All the $_SERVER variables are set as if were a website page so any variable I have tried will cause a bailout
+// THUS..   There is no test I have found to verify this was run from the command line (or in background) for Windows
 if($_SERVER['SERVER_ADDR']) {
 	echo "This script must be run from the command line";
 	exit;
@@ -50,8 +57,9 @@ $round_divisional2 = NULL;
 function set_status($txt)
 {
 	TRACE("Status: $txt\n");
-	mysql_query("UPDATE config SET val='$txt' WHERE 
+	$stmt = $pdo->prepare("UPDATE config SET val='$txt' WHERE 
 			var='judge_scheduler_activity' AND year=0");
+	$stmt->execute();
 }
 
 $set_percent_last_percent = -1;
@@ -61,8 +69,9 @@ function set_percent($n)
 	$p = floor($n);
 	if($p == $set_percent_last_percent) return;
 	TRACE("Progress: $p\%\n");
-	mysql_query("UPDATE config SET val='$p' WHERE 
+	$stmt = $pdo->prepare("UPDATE config SET val='$p' WHERE 
 			var='judge_scheduler_percent' AND year=0");
+	$stmt->execute();
 	$set_percent_last_percent = $p;
 }
 
@@ -139,15 +148,18 @@ function judges_cost_function($annealer, $bucket_id, $ids)
 		for($y=0; $y < count($t['cats']); $y++) {
 			$l = $t['cats'][$y];
 			/* Lookup the judge cat pref for this category */
-			$pref = -$j['catprefs'][$l] + 2;
+			$pref = -$j['cat_prefs'][$l] + 2;
 			/* $pref = 0 (best match) --- 4 (worst match) */
+			//but wait, if they're "indifferent" then we really dont care, so the cost for it shoudl be 0.
+			if($pref==2) $pref=0;
+
 			$cpref += $pref;
 		}
 		$dpref = 0;
 		for($y=0; $y < count($t['divs']); $y++) {
 			$l = $t['divs'][$y];
 			/* Lookup the judge cat pref for this category */
-			$pref = -$j['divprefs'][$l] + 2;
+			$pref = -$j['div_prefs'][$l] + 5;
 			/* $pref = 0 (best match) --- 4 (worst match) */
 			$dpref += $pref;
 		}
@@ -326,11 +338,22 @@ function pr_judge(&$jt, $jid)
 	print("(");
 	foreach($jt['cats'] as $c)
 		print("c{$c}={$j['cat_prefs'][$c]} ");
+	echo " / ";
+	foreach($j['cat_prefs'] AS $k=>$v) {
+		print("c{$k}=$v ");
+	}
+	echo ") (";
+
 	foreach($jt['divs'] as $d)
 		print("d{$d}={$j['div_prefs'][$d]} ");
 
+	echo " / ";
+	foreach($j['div_prefs'] AS $k=>$v) {
+		print("d{$k}=$v ");
+	}
+
 	print(")");
-	if($j['willing_chair'] == 'yes') print(" (chair) ");
+	if($j['willing_chair'] == 'yes') print(" chair ");
 
 	print("\n");
 }	
@@ -340,8 +363,9 @@ set_status("Loading Data From Database...");
 TRACE("\n\n");
 $div = array();
 TRACE("Loading Project Divisions...\n");
-$q=mysql_query("SELECT * FROM projectdivisions WHERE year='".$config['FAIRYEAR']."' ORDER BY id");
+$q=$pdo->prepare("SELECT * FROM projectdivisions WHERE year='".$config['FAIRYEAR']."' ORDER BY id");
-while($r=mysql_fetch_object($q))
+$q->execute();
+while($r=$q->fetch(PDO::FETCH_OBJ))
 {
 	$divshort[$r->id]=$r->division_shortform;
 	$div[$r->id]=$r->division;
@@ -350,16 +374,17 @@ while($r=mysql_fetch_object($q))
 
 TRACE("Loading Project Age Categories...\n");
 $cat = array();
-$q=mysql_query("SELECT * FROM projectcategories WHERE year='".$config['FAIRYEAR']."' ORDER BY id");
+$q=$pdo->prepare("SELECT * FROM projectcategories WHERE year='".$config['FAIRYEAR']."' ORDER BY id");
-while($r=mysql_fetch_object($q)) {
+$q->execute();
+while($r=$q->fetch(PDO::FETCH_OBJ)) {
 	$cat[$r->id]=$r->category;
 	TRACE("   {$r->id} - {$r->category}\n");
 }
 
 TRACE("Loading Languages...\n");
 $langr = array();
-$q=mysql_query("SELECT * FROM languages WHERE active='Y'");
+dddddddddddddddo->prepare("SELECT * FROM languages WHERE active='Y'");
-while($r=mysql_fetch_object($q)) {
+while($r=$q->fetch(PDO::FETCH_OBJ)) {
 	$langr[$r->lang] = $r->langname;
 	TRACE("   {$r->lang} - {$r->langname}\n");
 }
@@ -367,17 +392,19 @@ while($r=mysql_fetch_object($q)) {
 TRACE("Loading Judging Round time data...\n");
 $round_special_awards = array();
 $round = array();
-$q = mysql_query("SELECT * FROM judges_timeslots WHERE round_id='0' AND `year`='{$config['FAIRYEAR']}'");
+$q = $pdo->prepare("SELECT * FROM judges_timeslots WHERE round_id='0' AND `year`='{$config['FAIRYEAR']}'");
+$q->execute();
 /* Loads judges_timeslots.id, .starttime, .endtime, .date, .name */
-while($r = mysql_fetch_assoc($q)) {
+while($r = $q=>fetch(PDO::FETCH_ASSOC)) {
 	TRACE("   id:{$r['id']} type:{$r['type']} name:{$r['name']}\n");
 
-	$qq = mysql_query("SELECT * FROM judges_timeslots WHERE round_id='{$r['id']}'");
+	$qq = $pdo->prepare("SELECT * FROM judges_timeslots WHERE round_id='{$r['id']}'");
-	if(mysql_num_rows($qq) == 0) {
+	$qq->execute();
+	if($qq->rowCount() == 0) {
 		echo "ERROR: Round type:{$r['type']} name:{$r['name']} has no judging timeslots!  Abort.\n";
 		exit;
 	}
-	while($rr = mysql_fetch_assoc($qq)) {
+	while($rr = $qq->fetch(PDO::FETCH_ASSOC)) {
 		TRACE("      Timeslot: {$rr['starttime']}-{$rr['endtime']}\n");
 		$r['timeslots'][] = $rr;
 	}
@@ -395,8 +422,9 @@ if($round_divisional1 == NULL) {
 
 $jdiv = array();
 TRACE("Loading Judging Division Configuration and Projects...\n");
-$q=mysql_query("SELECT * FROM judges_jdiv");
+$q=$pdo->prepare("SELECT * FROM judges_jdiv");
-while($r=mysql_fetch_object($q)) {
+$q->execute();
+while($r=$q->fetch(PDO::FETCH_OBJ)) {
 	/* Ignore jdiv 0 (all unassigned div/cats) */
 	if($r->jdiv_id == 0) continue;
 
@@ -413,7 +441,7 @@ foreach($keys as $jdiv_id) {
 		$d = $jdiv[$jdiv_id]['config'][$x];
 		if($x > 0) TRACE("\t- ");
 		TRACE($cat[$d['cat']]." ".$div[$d['div']]." - ".$langr[$d['lang']]);
-		$qp = mysql_query("SELECT projects.* FROM projects, registrations WHERE ".
+		$qp = $pdo->prepare("SELECT projects.* FROM projects, registrations WHERE ".
 					" projects.year='".$config['FAIRYEAR']."' AND ".
 					" projectdivisions_id='{$d['div']}' AND ".
 					" projectcategories_id='{$d['cat']}' AND ".
@@ -421,8 +449,9 @@ foreach($keys as $jdiv_id) {
 					" registrations.id = projects.registrations_id " .
 					getJudgingEligibilityCode()
 				);
+		$qp->execute();
 		$count = 0;
-		while($rp = mysql_fetch_object($qp)) {
+		while($rp = $qp->fetch(PDO::FETCH_OBJ)) {
 			$jdiv[$jdiv_id]['projects'][$rp->id] = array( 
 					'div' => $d['div'],
 					'cat' => $d['cat'],
@@ -441,39 +470,56 @@ foreach($keys as $jdiv_id) {
 
 /* Clean out the judging teams that were autocreated in a previous run */
 TRACE("Deleting autocreated divisional and special award judging teams:");
-$q = mysql_query("SELECT * FROM judges_teams WHERE autocreate_type_id=1 AND year={$config['FAIRYEAR']}");
+$q = pdo->prepare("SELECT * FROM judges_teams WHERE autocreate_type_id=1 AND year={$config['FAIRYEAR']}");
-while($r = mysql_fetch_object($q)) {
+$q->execute();
+while($r = $q->fetch(PDO::FETCH_OBJ)) {
 	$id = $r->id;
 	print(" $id");
 	/* Clean out the judges_teams_link */
-	mysql_query("DELETE FROM judges_teams_link WHERE judges_teams_id='$id' AND year={$config['FAIRYEAR']}");
+	
-	print mysql_error();
+	
+	$stmt = $pdo->prepare("DELETE FROM judges_teams_link WHERE judges_teams_id='$id' AND year={$config['FAIRYEAR']}");
+	$stmt->execute();
+	print $pdo->errorInfo();
 	/* Awards */
-	mysql_query("DELETE FROM judges_teams_awards_link WHERE judges_teams_id='$id' AND year={$config['FAIRYEAR']}");
+	
-	print mysql_error();
+	
+	$stmt = $pdo->prepare("DELETE FROM judges_teams_awards_link WHERE judges_teams_id='$id' AND year={$config['FAIRYEAR']}");
+	$stmt->execute();
+	print $pdo->errorInfo();
 	/* Timeslots */
-	mysql_query("DELETE FROM judges_teams_timeslots_link WHERE judges_teams_id='$id' AND year={$config['FAIRYEAR']}");
+	
-	print mysql_error();
+	
+	$stmt = $pdo->prepare("DELETE FROM judges_teams_timeslots_link WHERE judges_teams_id='$id' AND year={$config['FAIRYEAR']}");
+	$stmt->execute();
+	print $pdo->errorInfo();
 	/* Timeslots projects */
-	mysql_query("DELETE FROM judges_teams_timeslots_projects_link WHERE judges_teams_id='$id' AND year={$config['FAIRYEAR']}");
+	
-	print mysql_error();
+	
+	$stmt = $pdo->prepare("DELETE FROM judges_teams_timeslots_projects_link WHERE judges_teams_id='$id' AND year={$config['FAIRYEAR']}");
+	$stmt->execute();
+	print $pdo->errorInfo();
 }
 echo "\n";
 
 /* Finally, delete all the autocreated judges teams */
-mysql_query("DELETE FROM judges_teams WHERE autocreate_type_id=1 AND year={$config['FAIRYEAR']}");
+$stmt = $pdo->prepare("DELETE FROM judges_teams WHERE autocreate_type_id=1 AND year={$config['FAIRYEAR']}");
-print mysql_error();
+$stmt->execute();
+print $pdo->errorInfo();
 
 /* Also delete any judges_teams_link that link to teams that dont exist, just 
  * in case */
-$q=mysql_query("SELECT judges_teams_link.id, judges_teams.id AS judges_teams_id 
+$q=$pdo->prepare("SELECT judges_teams_link.id, judges_teams.id AS judges_teams_id 
 			FROM judges_teams_link 
 			LEFT JOIN judges_teams ON judges_teams_link.judges_teams_id=judges_teams.id 
 			WHERE judges_teams_link.year={$config['FAIRYEAR']}");
+
+$q->execute();
 $n=0;
-while($r=mysql_fetch_object($q)) {
+while($r=$q->fetch(PDO::FETCH_OBJ)) {
 	if(!$r->judges_teams_id) {
-		mysql_query("DELETE FROM judges_teams_link WHERE id='$r->id'");
+		$stmt = $pdo->prepare("DELETE FROM judges_teams_link WHERE id='$r->id'");
+		$stmt->execute();
 		$n++;
 	}
 }
@@ -498,51 +544,54 @@ foreach($judges as &$j) {
 		continue;
 	}
 
-	$q = mysql_query("SELECT users_id FROM judges_teams_link WHERE 
+	$q = $pdo->prepare("SELECT users_id FROM judges_teams_link WHERE 
 				users_id='{$j['id']}'
 				AND year='{$config['FAIRYEAR']}'");
-	if(mysql_num_rows($q) != 0) {
+	$q->execute();
+	if($q->rowCount()!= 0) {
 		TRACE("   {$j['name']} is already on a judging team, skipping.\n");
 		unset($judges[$j['id']]);
 		continue;
 	}
 	if($config['judges_availability_enable']=="yes") {
 		/* Load the judge time availability */
-		$q = mysql_query("SELECT * FROM judges_availability WHERE users_id='{$j['id']}' ORDER BY `start`");
+		$q = $pdo->prepare("SELECT * FROM judges_availability WHERE users_id='{$j['id']}' ORDER BY `start`");
-		if(mysql_num_rows($q) == 0) {
+		if($q->rowCount()== 0) {
 			TRACE("   {$j['name']} hasn't selected any time availability, POTENTIAL BUG (they shouldn't be marked as complete).\n");
 			TRACE("      Ignoring this judge.\n");
 			unset($judges[$j['id']]);
 			continue;
 		}
-		while($r = mysql_fetch_assoc($q)) {
+		$q->execute();
+		while($r = $q=>fetch(PDO::FETCH_ASSOC)) {
 			$j['availability'][] = $r;
 		}
 	}
 
 	/* Load special award preferences */
-	$q = mysql_query("SELECT award_awards.id,award_awards.name FROM 
+	$q = $pdo->prepare("SELECT award_awards.id,award_awards.name FROM 
 				judges_specialaward_sel,award_awards 
 				WHERE
 				award_awards.id=judges_specialaward_sel.award_awards_id
 				AND judges_specialaward_sel.users_id='{$j['id']}'
 				AND award_awards.year='{$config['FAIRYEAR']}'");
-	echo mysql_error();
+	$q->execute();
+		echo $pdo->errorInfo();
 
 	if($j['special_award_only'] == 'yes') {
 		TRACE("   {$j['name']} is a special awards only.\n");
 		/* Find their special award id */
-		if(mysql_num_rows($q) == 0) {
+		if($q->rowCount()== 0) {
 			TRACE("      NO special award selected! (removing special award only request)\n");
 			$j['special_award_only'] = 'no';
-//		} else if(mysql_num_rows($q) > 1) {
+//		} else if($q->rowCount()> 1) {
 //			TRACE("      More than ONE special award selected (removing special award only request):\n");
 //			$j['special_award_only'] = 'no';
 		} 
 	}
 
 	$j['special_awards'] = array();
-	while($r = mysql_fetch_object($q)) {
+	while($r = $q->fetch(PDO::FETCH_OBJ)) {
 		if($j['special_award_only'] == 'yes') {
 			TRACE("      {$r->name}\n");
 		}
@@ -569,9 +618,10 @@ if(count($judges)==0) {
 
 /* Load the numbers for any user-defined judge teams that already exist,
  * these numbers will be off-limits for auto-assigning numbers */
-$q = mysql_query("SELECT * FROM judges_teams WHERE year={$config['FAIRYEAR']}");
+$q = $pdo->prepare("SELECT * FROM judges_teams WHERE year={$config['FAIRYEAR']}");
+$q->execute();
 $used_judges_teams_numbers = array();
-while($i = mysql_fetch_assoc($q)) {
+while($i = $q=>fetch(PDO::FETCH_ASSOC)) {
 	$used_judges_teams_numbers[] = $i['num'];
 }
 echo "The following judge team numbers are already used: \n";
@@ -597,21 +647,23 @@ function next_judges_teams_number()
 function judge_team_create($num, $name)
 {
 	global $config;
-	$name = mysql_escape_string($name);
+	$name = $name;
-	mysql_query("INSERT INTO judges_teams (num,name,autocreate_type_id,year)
+	$stmt = $pdo->prepare("INSERT INTO judges_teams (num,name,autocreate_type_id,year)
 		VALUES ('$num','$name','1','{$config['FAIRYEAR']}')");
-	$id = mysql_insert_id();
+	$stmt->execute();
+	$id = lastInsertId();
 	return $id;
 }
 
 function judge_team_add_judge($team_id, $users_id)
 {
 	global $config, $judges;
-	mysql_query("INSERT INTO judges_teams_link
+	$stmt = $pdo->prepare("INSERT INTO judges_teams_link
 			 (users_id,judges_teams_id,captain,year) 
 		 VALUES ('$users_id','$team_id','{$judges[$users_id]['willing_chair']}',
 				'{$config['FAIRYEAR']}')");
-	echo mysql_error();
+	$stmt->execute();
+	echo $pdo->errorInfo();
 }
 
 /****************************************************************************
@@ -737,7 +789,7 @@ for($x=1;$x<count($jteam); $x++) {
 	asort($t['cats']);
 	asort($t['divs']);
 
-	print("langs=($langstr)");
+	print("langs=($langstr) ");
 	print("cats=(");
 	$catstr="";
 
@@ -750,7 +802,7 @@ for($x=1;$x<count($jteam); $x++) {
 	            $first=false;
         	}
 	}
-	print(")divs=(");
+	print(") divs=(");
 	$divstr="";
 	if(count($t['divs'])) {
 		$first=true;
@@ -791,7 +843,7 @@ for($x=1;$x<count($jteam); $x++) {
 	$jd = $jdiv[$t['jdiv_id']];
 	for($y=0; $y<count($jd['config']); $y++) {
 		$cfg = $jd['config'][$y];
-		$q=mysql_query("SELECT award_awards.id FROM 
+		$q=$pdo->prepare("SELECT award_awards.id FROM 
 						award_awards,
 						award_awards_projectcategories,
 						award_awards_projectdivisions
@@ -803,14 +855,16 @@ for($x=1;$x<count($jteam); $x++) {
 						AND award_awards_projectdivisions.projectdivisions_id='{$cfg['div']}'
 						AND award_awards.award_types_id='1'
 					");
-		if(mysql_num_rows($q)!=1) {
+		$q->execute();
+		if($q->rowCount()!=1) {
 			echo error(i18n("Cannot find award for %1 - %2",array($cat[$cfg['cat']],$div[$cfg['div']])));
 		} else {
-			$r=mysql_fetch_object($q);
+			$r=$q->fetch(PDO::FETCH_OBJ);
-			mysql_query("INSERT INTO judges_teams_awards_link (award_awards_id,judges_teams_id,year) VALUES ('$r->id','$team_id','{$config['FAIRYEAR']}')");
+			$stmt = $pdo->prepare("INSERT INTO judges_teams_awards_link (award_awards_id,judges_teams_id,year) VALUES ('$r->id','$team_id','{$config['FAIRYEAR']}')");
 			/* Add the award ID to the jdiv, if it's not already there */
 			if(!in_array($r->id, $jdiv[$t['jdiv_id']]['award_ids'])) {
 				$jdiv[$t['jdiv_id']]['award_ids'][] = $r->id;
+			$stmt->execute();
 			}
 		}
 	}
@@ -883,7 +937,8 @@ if($round_divisional2 == NULL) {
 
 		/* Assign all the awards in this jdiv */
 		foreach($jd['award_ids'] as $aid) {
-			mysql_query("INSERT INTO judges_teams_awards_link (award_awards_id,judges_teams_id,year) VALUES ('$aid','$team_id','{$config['FAIRYEAR']}')");
+			$stmt = $pdo->prepare("INSERT INTO judges_teams_awards_link (award_awards_id,judges_teams_id,year) VALUES ('$aid','$team_id','{$config['FAIRYEAR']}')");
+			$stmt->execute();
 		}
 	}
 
@@ -1007,8 +1062,9 @@ if($config['scheduler_enable_sa_scheduling'] == 'yes') {
 			AND award_types.year='{$config['FAIRYEAR']}'
 			AND award_types.type='Special' 
 		";
-	$r = mysql_query($q);
+	$r = $stmt->prepare($q);
-	print(mysql_error());
+	$r->execute();
+	print($pdo->errorInfo());
 	/* sa_jteam for leftover judges, if any */
 	$sa_jteam = array();
 	$sa_jteam[0]['id'] = 0;
@@ -1020,13 +1076,14 @@ if($config['scheduler_enable_sa_scheduling'] == 'yes') {
 
 	$x=1;
 	$required_judges = 0;
-	while($i = mysql_fetch_object($r)) {
+	while($i = $r->fetch(PDO::FETCH_OBJ)) {
 		$projects = getProjectsNominatedForSpecialAward($i->id);
+		$languages = getLanguagesOfProjectsNominatedForSpecialAward($i->id);
 
 		/* Construct an internal team for annealing, and create
 		 * a DB team too */
 		$sa_jteam[$x]['num'] = next_judges_teams_number();
-		$sa_jteam[$x]['id'] = judge_team_create($sa_jteam[$x]['num'], $i->name);
+		$sa_jteam[$x]['id'] = judge_team_create($sa_jteam[$x]['num'], $i->name." (".implode(" ",$languages).")");
 		/* Note, we use $x instead of the ID, because the DB id could be zero. */
 		$sa_jteam[$x]['projects'] = $projects;
 		$sa_jteam[$x]['round'] = NULL;
@@ -1041,8 +1098,9 @@ if($config['scheduler_enable_sa_scheduling'] == 'yes') {
 		$required_judges += $min;
 		
 		/* Link the award to this team */
-		mysql_query("INSERT INTO judges_teams_awards_link (award_awards_id,judges_teams_id,year) 
+		$stmt = $pdo->prepare("INSERT INTO judges_teams_awards_link (award_awards_id,judges_teams_id,year) 
 				VALUES ('{$i->id}','{$sa_jteam[$x]['id']}','{$config['FAIRYEAR']}')");
+		$stmt->execute();
 
 		TRACE("Created Team: {$i->name}, ".count($projects)." projects => $min judges needed (db id:{$sa_jteam[$x]['id']}) \n");
 		$x++;
@@ -1232,17 +1290,19 @@ if($config['scheduler_enable_sa_scheduling'] == 'yes') {
 			print("\n");
 
 			/* Do timeslot and project timeslot assignment */
-			mysql_query("INSERT INTO judges_teams_timeslots_link 
+			$stmt = $pdo->prepare("INSERT INTO judges_teams_timeslots_link 
 							(judges_teams_id,judges_timeslots_id,year)
-							VALUES ('{$t['id']}', '{$r['timeslots'][0]['id']}', '{$config['FAIRYEAR']}')");
+							VALUES ('{$t['id']}', '{$r['timeslots'][0]['id']}', '{$config['FAIRYEAR']}')")
-			echo mysql_error();
+			$stmt->execute();
+			echo $pdo->errorInfo();
 
 			foreach($t['projects'] as $proj) {
 				$pid = $proj['id'];
-				mysql_query("INSERT INTO judges_teams_timeslots_projects_link 
+				$stmt = $pdo->prepare("INSERT INTO judges_teams_timeslots_projects_link 
 								(judges_teams_id,judges_timeslots_id,projects_id,year)
 								VALUES ('{$t['id']}', '{$r['timeslots'][0]['id']}', '$pid', '{$config['FAIRYEAR']}')");
-				echo mysql_error();
+				$stmt->execute();
+				echo $pdo->errorInfo();
 			}
 			$ids = $a->bucket[$x];
 			foreach($a->bucket[$x] as $jid) {
@@ -1272,13 +1332,14 @@ set_status("Assigning Judging Teams and Projects to Timeslots");
 TRACE("Loading Divisional1 Timeslot Data\n");
 $available_timeslots=array();
 
-$q=mysql_query("SELECT * FROM judges_timeslots WHERE 
+$q=$pdo->prepare("SELECT * FROM judges_timeslots WHERE 
 			round_id='{$round_divisional1['id']}' 
 			AND year='{$config['FAIRYEAR']}' 
 			AND type='timeslot'
 			ORDER BY date,starttime");
+$q->execute();
 $x=0;
-while($r=mysql_fetch_object($q)) {
+while($r=$q->fetch(PDO::FETCH_OBJ)) {
         $available_timeslots[]=array("id"=>$r->id,
 				"date"=>$r->date,
 				"starttime"=>substr($r->starttime,0,-3),
@@ -1442,17 +1503,19 @@ for($k=0; $k<$keys_count; $k++) {
 			if($jteam_id == 0) continue;
 
 			/* if jteam_id isn't 0, instert it into the db */
-			mysql_query("INSERT INTO judges_teams_timeslots_link ".
+			$stmt = $pdo->prepare("INSERT INTO judges_teams_timeslots_link ".
 				" (judges_teams_id,judges_timeslots_id,year)".
 				" VALUES ('{$jteam[$jteam_id]['team_id']}', ".
 				" '{$available_timeslots[$y]['id']}', ".
 				" '{$config['FAIRYEAR']}')");
+			$stmt->execute();
 														 
-			mysql_query("INSERT INTO judges_teams_timeslots_projects_link ".
+			$stmt = $pdo->prepare("INSERT INTO judges_teams_timeslots_projects_link ".
 				" (judges_teams_id,judges_timeslots_id,projects_id,year) ".
 				" VALUES ('{$jteam[$jteam_id]['team_id']}', ".
 				" '{$available_timeslots[$y]['id']}', ".
 				" '$pid', '{$config['FAIRYEAR']}')");
+			$stmt->execute();
 
 		}
 		printf("\n");

admin/judges_sa_launcher.php

@@ -6,10 +6,54 @@ if(!file_exists("../data/logs"))
 
  if(!file_exists("../data/logs/.htaccess"))
  	@file_put_contents("../data/logs/.htaccess","Order Deny,Allow\r\nDeny From All\r\n");
-
+//   Check which OS we are running
+$pos = strpos(getcwd(),'/');
+if($pos === false)
+	{
+	// Windows os server. 
+	// if IIS Web Server use WScript.Shell 'run' command and.. we need a batch file to start a process and return immediately
+	$bat_filename = "../data/judges_sa.bat";
+	if(file_exists($bat_filename)){
+	// delete the batch file then re-create it with the current date
+	unlink($bat_filename);
+	}
+	$bat_file = fopen($bat_filename, "w");
+	if($bat_file) {
+      	fwrite($bat_file, "ECHO OFF"."\n");
+        fwrite($bat_file, "START /BELOWNORMAL /B php judges_sa.php >../data/logs/judge_scheduler_".date("YmdHis").".log 2>&1 &"."\n");
+        fwrite($bat_file, "EXIT"."\n");
+  	 	fclose($bat_file);
+	}
+	$WshShell = new COM("WScript.Shell");
+	//  next line designed for Windows os with IIS web server. It will probably fail if Windows using apache web server
+	try {
+		$oExec = $WshShell->run($bat_filename,0,false );     // THIS SHOULD WORK for windows using IIS as webserver. 
+	}
+	catch (Exception $e) {
+		//  if the wshshell-> run fails then we are perhaps running an apache server and the next might work.
+		//  But, the call in judges_sa_launcher_apache.php does not return until completed so I use this logic
+		//  to inform the user how to get to the status page.
+		//	CAUTION:  This path REQUIRES that php be compiled with CLI option and other things Dennis does not understand!
+		//  This may work for some servers.    NEVER use this on a shared server - you will hog it and get your account suspended.
+		echo " This server requires manual intervention to start the scheduler and to navigate to the Status page.<br/>";
+		echo " The scheduler will run at normal priority - which in some servers may present a sluggish response.<br />";
+		echo " Please follow these instruction exactly:<br />";
+		echo " 1. Click 'Start the Scheduler' link ONCE. (You will not see any change in this screen) <br />";
+		echo "       *** DO NOT Click 'Start the Scheduler' more than once!<br />";
+		echo " 2. Click 'Check the Status' link and wait. (You will be taken to the Status Page. There, you should see that the scheduler is running.) <br />";
+		echo "<br /><a href=\"judges_sa_launcher_apache.php\">Start the Scheduler</a><br /><br />";
+		echo "<a href=\"judges_scheduler_status.php\">Check the Status</a><br />";
+		exit;
+	 // This is the call that works - but it does not return until judges_sa is finished so... I launch it from another window
+		//	exec("php judges_sa.php >../data/logs/judge_scheduler_".date("YmdHis").".log 2>&1 &");
+	}
+}
+else{
+	// *nix server
 //add PHP_SELF just so when we do a process listing on the server we know which fair its running for
 //the argument does not get used by the script at all
 exec("nice php judges_sa.php {$_SERVER['PHP_SELF']} >../data/logs/judge_scheduler_".date("YmdHis").".log 2>&1 &");
+}
 usleep(1500000); // 1.5 second to allow the judges_sa to update the % status to 0% otherwise the status page will think its not running if it gets there too soon
 header("Location: judges_scheduler_status.php");
 exit;

admin/judges_sa_launcher_apache.php

@@ -0,0 +1,6 @@
+<?php
+//  In Windows OS with Apache server this exec call will start judges_sa.php as a separate process but the call to exec() does not return until the scheduler completes. Note the process runs at normal priority. Status can be checked with judges_scheduler_status.php. This is a temporary solution for Windows / Apache
+exec("php judges_sa.php >../data/logs/judge_scheduler_".date("YmdHis").".log 2>&1 &");
+exit;
+?>
+

admin/judges_scheduler_status.php

@@ -151,6 +151,7 @@ echo "<br />";
 echo "<a href=\"reports.php\">".i18n("Print/Export Reports")."</a>";
 echo "<br />";
 echo "<br />";
+echo "Note: If you are using Windows Internet Explorer and do not see status updates do this:<br /> Click menu bar 'Tools' then 'Internet Options'.<br /> In the 'General' Tab under 'Browsing history' click 'Settings'.<br /> Under 'Check for newer versions of stored pages:'<br /> Select the option 'Every time I visit the webpage'.<br /> Click OK then OK"; 
 }
  send_footer();
 

admin/judges_scheduler_status_output.php

@@ -1,13 +1,15 @@
 <?
 include "../data/config.inc.php";
-mysql_connect($DBHOST,$DBUSER,$DBPASS);
+include "../common.inc.php";
-mysql_select_db($DBNAME);
+
-$q=mysql_query("SELECT val FROM config WHERE year='0' AND var='judge_scheduler_percent'");
+$q=$pdo->prepare("SELECT val FROM config WHERE year='0' AND var='judge_scheduler_percent'");
-$r=mysql_fetch_object($q);
+$q->execute();
+$r=$q->fetch(PDO::FETCH_OBJ);
 $percent=$r->val;
 
-$q=mysql_query("SELECT val FROM config WHERE year='0' AND var='judge_scheduler_activity'");
+$q=$pdo->prepare("SELECT val FROM config WHERE year='0' AND var='judge_scheduler_activity'");
-$r=mysql_fetch_object($q);
+$q->execute();
+$r=$q->fetch(PDO::FETCH_OBJ);
 $status=$r->val;
 
 echo "$percent:$status\n";

admin/judges_schedulerconfig.php

@@ -48,7 +48,8 @@ ogram; see the file COPYING.  If not, write to
 
  if($_GET['action']=="reset")
  {
- 	mysql_query("UPDATE config SET `val`='-1' WHERE `var`='judge_scheduler_percent' AND `year`=0");
+ 	$stmt = $pdo->prepare("UPDATE config SET `val`='-1' WHERE `var`='judge_scheduler_percent' AND `year`=0");
+	$stmt->execute();
 	$config['judge_scheduler_percent']="-1";
 	echo happy(i18n("Judge scheduler status forcibly reset"));
  }

admin/judges_schedulerconfig_check.inc.php

@@ -4,13 +4,15 @@ function judges_scheduler_check_timeslots()
 {
 	global $config;
 
-	$q=mysql_query("SELECT * FROM judges_timeslots WHERE ".
+	$q=$pdo->prepare("SELECT * FROM judges_timeslots WHERE ".
 		" year='".$config['FAIRYEAR']."'".
 		" AND `type`='divisional1'" );
-	if(mysql_num_rows($q)) {
+	$q->execute();
-		$round=mysql_fetch_object($q);
+	if($q->rowCount()) {
-		$q=mysql_query("SELECT * FROM judges_timeslots WHERE round_id='$round->id' AND type='timeslot'");
+		$round=$q->fetch(PDO::FETCH_OBJ);
-		return mysql_num_rows($q);
+		$q=$stmt->prepare("SELECT * FROM judges_timeslots WHERE round_id='$round->id' AND type='timeslot'");
+		$q->execute();
+		return $q->rowCount();
 	}
 	else
 		return 0;
@@ -21,13 +23,15 @@ function judges_scheduler_check_timeslots_sa()
 	global $config;
 	$rows = 0;
 
-	$q=mysql_query("SELECT * FROM judges_timeslots WHERE ".
+	$q=$pdo->prepare("SELECT * FROM judges_timeslots WHERE ".
 		" year='".$config['FAIRYEAR']."'".
 		" AND `type`='special'" );
-	if(mysql_num_rows($q)) {
+	$q->execute();
-		while((	$round=mysql_fetch_object($q))) {
+	if($q->rowCount()) {
-			$rq=mysql_query("SELECT * FROM judges_timeslots WHERE round_id='$round->id' AND type='timeslot'");
+		while((	$round=$q->fetch(PDO::FETCH_OBJ))) {
-			$rows += mysql_num_rows($rq);
+			$rq=$pdo->prepare("SELECT * FROM judges_timeslots WHERE round_id='$round->id' AND type='timeslot'");
+			$rq->execute();
+			$rows += $rq->rowCount();
 		}
 	}
 	return $rows;
@@ -37,21 +41,24 @@ function judges_scheduler_check_awards()
 {
 	global $config;
 
-	$q=mysql_query("SELECT * FROM projectdivisions WHERE year='".$config['FAIRYEAR']."' ORDER BY id");
+	$q=$pdo->prepare("SELECT * FROM projectdivisions WHERE year='".$config['FAIRYEAR']."' ORDER BY id");
-	while($r=mysql_fetch_object($q))
+	$q->execute();
+	while($r=$q->fetch(PDO::FETCH_OBJ))
 		$div[$r->id]=$r->division;
 
-	$q=mysql_query("SELECT * FROM projectcategories WHERE year='".$config['FAIRYEAR']."' ORDER BY id");
+	$q=$pdo->prepare("SELECT * FROM projectcategories WHERE year='".$config['FAIRYEAR']."' ORDER BY id");
-	while($r=mysql_fetch_object($q))
+	$q->execute();
+	while($r=$q->fetch(PDO::FETCH_OBJ))
 		$cat[$r->id]=$r->category;
 
 	$dkeys = array_keys($div);
 	$ckeys = array_keys($cat);
 
 	if($config['filterdivisionbycategory']=="yes") {
-		$q=mysql_query("SELECT * FROM projectcategoriesdivisions_link WHERE year='".$config['FAIRYEAR']."' ORDER BY projectdivisions_id,projectcategories_id");
+		$q=$pdo->prepare("SELECT * FROM projectcategoriesdivisions_link WHERE year='".$config['FAIRYEAR']."' ORDER BY projectdivisions_id,projectcategories_id");
+		$q->execute();
 		$divcat=array();
-		while($r=mysql_fetch_object($q)) {
+		while($r=$q->fetch(PDO::FETCH_OBJ)) {
 			$divcat[]=array("c"=>$r->projectcategories_id,"d"=>$r->projectdivisions_id);
 		}
 
@@ -70,7 +77,7 @@ function judges_scheduler_check_awards()
 	foreach($divcat AS $dc) {
 		$d=$dc['d'];
 		$c=$dc['c'];
-			$q=mysql_query("SELECT award_awards.id FROM 
+			$q=$pdo->prepare("SELECT award_awards.id FROM 
 							award_awards,
 							award_awards_projectcategories,
 							award_awards_projectdivisions
@@ -84,9 +91,10 @@ function judges_scheduler_check_awards()
 							AND award_awards_projectdivisions.projectdivisions_id='$d'
 							AND award_awards.award_types_id='1'
 						");
-						echo mysql_error();
+			$q->execute();
-			if(mysql_num_rows($q)!=1) {
+						echo $pdo->errorInfo();
-				$missing_awards[] = "{$cat[$c]} - {$div[$d]} (".i18n("%1 found",array(mysql_num_rows($q))).")";
+			if($q->rowCount()!=1) {
+				$missing_awards[] = "{$cat[$c]} - {$div[$d]} (".i18n("%1 found",array($q->rowCount())).")";
 			}
 	}
 	return $missing_awards;
@@ -97,8 +105,9 @@ function judges_scheduler_check_jdivs()
 {
 	global $config;
 
-	$q=mysql_query("SELECT DISTINCT jdiv_id FROM judges_jdiv ");
+	$q=$pdo->prepare("SELECT DISTINCT jdiv_id FROM judges_jdiv ");
-	$rows = mysql_num_rows($q);
+	$q->execute();
+	$rows = $q->rowCount();
 
 	return $rows;
 }
@@ -110,8 +119,9 @@ function judges_scheduler_check_judges()
 	$ok = 1;
 
 	$jdiv = array();
-	$q=mysql_query("SELECT * FROM judges_jdiv ORDER BY jdiv_id");
+	$q=$pdo->prepare("SELECT * FROM judges_jdiv ORDER BY jdiv_id");
-	while($r=mysql_fetch_object($q)) {
+	$q->execute();
+	while($r=$q->fetch(PDO::FETCH_OBJ)) {
 		/* Ignore any div/cat with jdiv 0 */
 		if($r->jdiv_id == 0) continue;
 
@@ -119,7 +129,7 @@ function judges_scheduler_check_judges()
 		$c = $r->projectcategories_id;
 		$l = $r->lang;
 
-		$qp = mysql_query("SELECT COUNT(projects.id) as cnt FROM projects, registrations WHERE ".
+		$qp = $pdo->prepare("SELECT COUNT(projects.id) as cnt FROM projects, registrations WHERE ".
 						" projects.year='".$config['FAIRYEAR']."' AND ".
 						" projectdivisions_id='$d' AND ".
 						" projectcategories_id='$c' AND ".
@@ -127,7 +137,8 @@ function judges_scheduler_check_judges()
 						" registrations.id = projects.registrations_id " .
 						getJudgingEligibilityCode()
 				);
-		$qr = mysql_fetch_object($qp);
+		$qp->execute();
+		$qr = $qp->fetch(PDO::FETCH_OBJ);
 		
 		$jdiv[$r->jdiv_id]['num_projects']['total'] += $qr->cnt;
 		$jdiv[$r->jdiv_id]['num_projects'][$l] += $qr->cnt;
@@ -169,7 +180,7 @@ function judges_scheduler_check_judges()
 			}
 
 			echo "<tr><td>Judging Division Group $jdiv_id</td>";
-			echo "<td align=\"center\">$c</td>";
+			echo "<td align=\"center\">{$jd['num_projects']['total']}</td>";
 			$langstr="";
 			foreach($config['languages'] AS $lkey=>$lname) {
 				$clang=($jd['num_projects'][$lkey]?$jd['num_projects'][$lkey]:0);

admin/judges_teams.php

@@ -35,35 +35,45 @@
 	if($action=="delete" && $_GET['delete'])
 	{
 		//ALSO DELETE: team members, timeslots, projects, awards
-		mysql_query("DELETE FROM judges_teams_link WHERE judges_teams_id='".$_GET['delete']."' AND year='".$config['FAIRYEAR']."'");
+		
-		mysql_query("DELETE FROM judges_teams_timeslots_link WHERE judges_teams_id='".$_GET['delete']."' AND year='".$config['FAIRYEAR']."'");
+		$stmt = $pdo->prepare("DELETE FROM judges_teams_link WHERE judges_teams_id='".$_GET['delete']."' AND year='".$config['FAIRYEAR']."'");
-		mysql_query("DELETE FROM judges_teams_timeslots_projects_link WHERE judges_teams_id='".$_GET['delete']."' AND year='".$config['FAIRYEAR']."'");
+		$stmt->execute();
-		mysql_query("DELETE FROM judges_teams_awards_link WHERE judges_teams_id='".$_GET['delete']."' AND year='".$config['FAIRYEAR']."'");
+		$stmt = $pdo->prepare("DELETE FROM judges_teams_timeslots_link WHERE judges_teams_id='".$_GET['delete']."' AND year='".$config['FAIRYEAR']."'");
-		mysql_query("DELETE FROM judges_teams WHERE id='".$_GET['delete']."' AND year='".$config['FAIRYEAR']."'");
+		$stmt->execute();
-		message_push(happy(i18n("Judge team successfully removed, and all of its corresponding members, timeslots, projects and awards unlinked from team")));
+		$stmt = $pdo->prepare("DELETE FROM judges_teams_timeslots_projects_link WHERE judges_teams_id='".$_GET['delete']."' AND year='".$config['FAIRYEAR']."'");
+		$stmt->execute();
+		$stmt = $pdo->prepare("DELETE FROM judges_teams_awards_link WHERE judges_teams_id='".$_GET['delete']."' AND year='".$config['FAIRYEAR']."'");
+		$stmt->execute();
+		$stmt = $pdo->prepare("DELETE FROM judges_teams WHERE id='".$_GET['delete']."' AND year='".$config['FAIRYEAR']."'");
+		$stmt->execute();message_push(happy(i18n("Judge team successfully removed, and all of its corresponding members, timeslots, projects and awards unlinked from team")));
 	}
 
 	if($action=="deletealldivisional")
 	{
-		$q2=mysql_query("SELECT *
+		$q2=$pdo->prepare("SELECT *
 				FROM 	
 					judges_teams
 				WHERE 
 					year='".$config['FAIRYEAR']."'
 					AND autocreate_type_id='1'
 					");
-					echo mysql_error();
+					echo $pdo->errorInfo();
 		$numdeleted=0;
-		while($r2=mysql_fetch_object($q2))
+		while($r2=$q2->fetch(PDO::FETCH_OBJ))
 		{
 			//okay now we can start deleting things! whew!
 			//first delete any linkings to the team
-			mysql_query("DELETE FROM judges_teams_link WHERE judges_teams_id='$r2->id' AND year='".$config['FAIRYEAR']."'");
+			
-			mysql_query("DELETE FROM judges_teams_timeslots_link WHERE judges_teams_id='$r2->id' AND year='".$config['FAIRYEAR']."'");
+			$stmt = $pdo->prepare("DELETE FROM judges_teams_link WHERE judges_teams_id='$r2->id' AND year='".$config['FAIRYEAR']."'");
-			mysql_query("DELETE FROM judges_teams_timeslots_projects_link WHERE judges_teams_id='$r2->id' AND year='".$config['FAIRYEAR']."'");
+			$stmt->execute();
-			mysql_query("DELETE FROM judges_teams_awards_link WHERE judges_teams_id='$r2->id' AND year='".$config['FAIRYEAR']."'");
+			$stmt = $pdo->prepare("DELETE FROM judges_teams_timeslots_link WHERE judges_teams_id='$r2->id' AND year='".$config['FAIRYEAR']."'");
-			mysql_query("DELETE FROM judges_teams WHERE id='$r2->id' AND year='".$config['FAIRYEAR']."'");
+			$stmt->execute();
-			$numdeleted++;
+			$stmt = $pdo->prepare("DELETE FROM judges_teams_timeslots_projects_link WHERE judges_teams_id='$r2->id' AND year='".$config['FAIRYEAR']."'");
+			$stmt->execute();
+			$stmt = $pdo->prepare("DELETE FROM judges_teams_awards_link WHERE judges_teams_id='$r2->id' AND year='".$config['FAIRYEAR']."'");
+			$stmt->execute();
+			$stmt = $pdo->prepare("DELETE FROM judges_teams WHERE id='$r2->id' AND year='".$config['FAIRYEAR']."'");
+			$stmt->execute();$numdeleted++;
 		}
 		if($numdeleted)
 			message_push(happy(i18n("Successfully deleted %1 auto-created divisional team(s)",array($numdeleted))));
@@ -73,22 +83,28 @@
 	
 	if($action=="deleteall")
 	{
-		$q2=mysql_query("SELECT *
+		$q2=$pdo->prepare("SELECT *
 				FROM 	judges_teams
 				WHERE 
 					year='".$config['FAIRYEAR']."'
 					");
+		$q2->execute();
 		$numdeleted=0;
-		while($r2=mysql_fetch_object($q2))
+		while($r2=$Q2->FETCH(PDO::FETCH_OBJ))
 		{
 			//okay now we can start deleting things! whew!
 			//first delete any linkings to the team
-			mysql_query("DELETE FROM judges_teams_link WHERE judges_teams_id='$r2->id' AND year='".$config['FAIRYEAR']."'");
+			
-			mysql_query("DELETE FROM judges_teams_timeslots_link WHERE judges_teams_id='$r2->id' AND year='".$config['FAIRYEAR']."'");
+			$stmt = $pdo->prepare("DELETE FROM judges_teams_link WHERE judges_teams_id='$r2->id' AND year='".$config['FAIRYEAR']."'");
-			mysql_query("DELETE FROM judges_teams_timeslots_projects_link WHERE judges_teams_id='$r2->id' AND year='".$config['FAIRYEAR']."'");
+			$stmt->execute();
-			mysql_query("DELETE FROM judges_teams_awards_link WHERE judges_teams_id='$r2->id' AND year='".$config['FAIRYEAR']."'");
+			$stmt = $pdo->prepare("DELETE FROM judges_teams_timeslots_link WHERE judges_teams_id='$r2->id' AND year='".$config['FAIRYEAR']."'");
-			mysql_query("DELETE FROM judges_teams WHERE id='$r2->id' AND year='".$config['FAIRYEAR']."'");
+			$stmt->execute();
-			$numdeleted++;
+			$stmt = $pdo->prepare("DELETE FROM judges_teams_timeslots_projects_link WHERE judges_teams_id='$r2->id' AND year='".$config['FAIRYEAR']."'");
+			$stmt->execute();
+			$stmt = $pdo->prepare("DELETE FROM judges_teams_awards_link WHERE judges_teams_id='$r2->id' AND year='".$config['FAIRYEAR']."'");
+			$stmt->execute();
+			$stmt = $pdo->prepare("DELETE FROM judges_teams WHERE id='$r2->id' AND year='".$config['FAIRYEAR']."'");
+			$stmt->execute();$numdeleted++;
 		}
 		if($numdeleted)
 			message_push(happy(i18n("Successfully deleted %1 team(s)",array($numdeleted))));
@@ -102,11 +118,12 @@
 		//but when we're done, if we're "assign" then go back to edit that team
 		//if we're save, then go back to the team list
 		$err=false;
-		$q=mysql_query("UPDATE judges_teams SET num='".$_POST['team_num']."', name='".mysql_escape_string(stripslashes($_POST['team_name']))."' WHERE id='$edit'");
+		$q=$pdo->prepare("UPDATE judges_teams SET num='".$_POST['team_num']."', name='".(stripslashes($_POST['team_name']))."' WHERE id='$edit'");
-		if(mysql_error())
+		$q->execute();
+		if($pdo->errorInfo())
 		{
 			$err=true;
-			message_push(error(mysql_error()));
+			message_push(error($pdo->errorInfo()));
 		}
 
 		if($_POST['award'])
@@ -116,13 +133,14 @@
 			//the judges wouldnt know which projects to judge for which award.  This doesnt apply for divisions
 			//because the category/division is obvious based on project numbesr.  A divisional judge team could easily
 			//be assigned to do all of Comp Sci - Junior, Intermediate and Senior without any problems.
-			$q=mysql_query("SELECT award_types.type FROM award_awards, award_types WHERE award_awards.award_types_id=award_types.id AND award_awards.id='".$_POST['award']."'");
+			$q=$pdo->prepare("SELECT award_types.type FROM award_awards, award_types WHERE award_awards.award_types_id=award_types.id AND award_awards.id='".$_POST['award']."'");
-			$aw=mysql_fetch_object($q);
+			$q->execute();
+			$aw=$q->fetch(PDO::FETCHH_OBJ);
 
 			$addaward=true;
 			if($aw->type=="Special")
 			{
-				$q=mysql_query("SELECT COUNT(*) AS num FROM 
+				$q=$pdo->prepare("SELECT COUNT(*) AS num FROM 
 							judges_teams_awards_link,
 							award_awards,
 							award_types
@@ -132,7 +150,8 @@
 							AND award_awards.award_types_id=award_types.id
 							AND award_types.type='Special'
 						");
-				$r=mysql_fetch_object($q);
+				$q->exxecute();
+				$r=$q->fetch(PDO::FETCHH_OBJ);
 				echo "special awards: $r->num";
 				if($r->num)
 				{
@@ -148,7 +167,8 @@
 			if($addaward)
 			{
 				//link up the award
-				mysql_query("INSERT INTO judges_teams_awards_link (award_awards_id,judges_teams_id,year) VALUES ('".$_POST['award']."','$edit','".$config['FAIRYEAR']."')");
+				$stmt = $pdo->prepare("INSERT INTO judges_teams_awards_link (award_awards_id,judges_teams_id,year) VALUES ('".$_POST['award']."','$edit','".$config['FAIRYEAR']."')");
+				$stmt->execute();
 				message_push(happy(i18n("Award assigned to team")));
 			}
 		}
@@ -171,7 +191,8 @@
 
 	if($action=="unassign")
 	{
-		mysql_query("DELETE FROM judges_teams_awards_link WHERE judges_teams_id='$edit' AND award_awards_id='".$_GET['unassign']."' AND year='".$config['FAIRYEAR']."'");
+		$stmt = $pdo->prepare("DELETE FROM judges_teams_awards_link WHERE judges_teams_id='$edit' AND award_awards_id='".$_GET['unassign']."' AND year='".$config['FAIRYEAR']."'");
+		$stmt->execute();
 		message_push(happy(i18n("Award unassigned from judge team")));
 		//keep editing the same team
 		$action="edit";
@@ -180,8 +201,9 @@
 	if($action=="createall")
 	{
 		//first make sure we dont have any non-divisional award teams (dont want people hitting refresh and adding all the teams twice
-		$q=mysql_query("SELECT COUNT(*) AS c FROM judges_teams WHERE autocreate_type_id!='1' AND year='".$config['FAIRYEAR']."'");
+		$q=$pdo->prepare("SELECT COUNT(*) AS c FROM judges_teams WHERE autocreate_type_id!='1' AND year='".$config['FAIRYEAR']."'");
-		$r=mysql_fetch_object($q);
+		$q->execute();
+		$r=$q->fetch(PDO::FETCHH_OBJ);
 		if($r->c)
 		{
 			message_push(error(i18n("Cannot 'Create All' teams when any divisional teams currently exist.  Try deleting all existing non-divisional teams first.")));
@@ -189,7 +211,7 @@
 		else
 		{
 			//grab all the awards
-			$q=mysql_query("SELECT 
+			$q=$pdo->prepare("SELECT 
 						award_awards.*, 
 						award_types.type AS award_type, 
 						award_types.order AS award_types_order 
@@ -205,17 +227,33 @@
 						award_types_order, 
 						award_awards.order,
 						name");
-			$num=1;
+			$q->execute();
-			while($r=mysql_fetch_object($q))
+
-			{
+			//startat
+			$q2=$pdo->prepare("SELECT MAX(num) AS lastnum FROM judges_teams WHERE year='{$config['FAIRYEAR']}'");
+			$q2->execute();
+			$r2=$q2->fetch(PDO::FETCH_OBJ);
+			if($r2->lastnum)
+				$num=$r2->lastnum+1;
+			else
+				$num=1;
+
+			while($r=$q->fetch(PDO::FETCHH_OBJ)) {
 //				print_r($r);
-				$name=mysql_escape_string("($r->award_type) $r->name");
+				$name="($r->award_type) $r->name";
-				mysql_query("INSERT INTO judges_teams(num,name,autocreate_type_id,year) VALUES ('$num','$name','$r->award_types_id','".$config['FAIRYEAR']."')");
+				$stmt = $pdo->prepare("INSERT INTO judges_teams(num,name,autocreate_type_id,year) VALUES ('$num','$name','$r->award_types_id','".$config['FAIRYEAR']."')");
-				echo mysql_error();
+				$stmt->execute();
-				$team_id=mysql_insert_id();
+				echo $pdo->errorInfo();
-				//now link the new team to the award
+				$team_id=$pdo->lastInsertId();
-				mysql_query("INSERT INTO judges_teams_awards_link (award_awards_id,judges_teams_id,year) VALUES ('$r->id','$team_id','".$config['FAIRYEAR']."')");
+				if($team_id) {
-				message_push(happy(i18n("Created team #%1: %2",array($num,$name))));
+					//now link the new team to the award
+					$stmt = $pdo->prepare("INSERT INTO judges_teams_awards_link (award_awards_id,judges_teams_id,year) VALUES ('$r->id','$team_id','".$config['FAIRYEAR']."')");
+					$stmt->execute();
+					message_push(happy(i18n("Created team #%1: %2",array($num,$name))));
+				}
+				else {
+					message_push(error(i18n("Error creating team #%1: %2",array($num,$name))));
+				}
 				$num++;
 			}
 		}
@@ -223,9 +261,10 @@
 
 	if($action=="add" && $_GET['num'])
 	{
-		mysql_query("INSERT INTO judges_teams(num,year) VALUES ('".$_GET['num']."','".$config['FAIRYEAR']."')");
+		$stmt = $pdo->prepare("INSERT INTO judges_teams(num,year) VALUES ('".$_GET['num']."','".$config['FAIRYEAR']."')");
-		echo mysql_error();
+		$stmt->execute();
-		$edit=mysql_insert_id();
+		echo $pdo->errorInfo();
+		$edit=$pdo->lastInsertId();
 		$action="edit";
 	}
 
@@ -333,13 +372,14 @@ function addclicked()
 		}
 
 		echo "<tr><td colspan=2>";
-		$q=mysql_query($querystr);
+		$q=$pdo->prepare($querystr);
+		$q->execute();
 
-		echo mysql_error();
+		echo $pdo->errorInfo();
 		echo "<select name=\"award\">";
 		echo "<option value=\"\">".i18n("Choose award to assign to team")."</option>\n";
 
-		while($r=mysql_fetch_object($q))
+		while($r=$q->fetch(PDO::FETCHH_OBJ))
 		{
 			echo "<option value=\"$r->id\">($r->award_type) $r->name</option>\n";
 		}
@@ -365,15 +405,7 @@ function addclicked()
 		echo "<br />";
 
 		$teams=getJudgingTeams();
-		//print_r($teams);
+		if(count($teams)) {
-
-		if(!count($teams))
-		{
-			echo "<a href=\"judges_teams.php?action=createall\">".i18n("Automatically create one new team for every non-divisional award")."</a><br />";
-			echo "<a href=\"judges_teams.php?action=add&num=1\">".i18n("Manually add individual team")."</a><br />";
-		}
-		else
-		{
 			//grab an array of all the current team numbers
 			foreach($teams AS $team)
 				$teamnumbers[$team['num']]=1;
@@ -384,12 +416,24 @@ function addclicked()
 			{
 				$newteamnum++;
 			}
+		}
 
+		//print_r($teams);
+
+		echo "<table width=\"95%\">";
+		echo "<tr><td>";
+		$q=$pdo->prepare("SELECT COUNT(*) AS c FROM judges_teams WHERE autocreate_type_id!='1' AND year='".$config['FAIRYEAR']."'");
+		$q->execute();
+		$r=$q->fetch(PDO::FETCH_OBJ);
+		if(!$r->c) {
+			echo "<a href=\"judges_teams.php?action=createall\">".i18n("Automatically create one new team for every non-divisional award")."</a><br />";
+		}
+		echo "<a href=\"judges_teams.php?action=add&num=$newteamnum\">".i18n("Manually add individual team")."</a><br />";
+		echo "</td><td>";
+
+		if(count($teams)) 
+		{
 
-			echo "<table width=\"95%\">";
-			echo "<tr><td>";
-			echo "<a href=\"judges_teams.php?action=add&num=$newteamnum\">Add individual team</a><br />";
-			echo "</td><td>";
 			echo "<a onclick=\"return confirmClick('".i18n("Are you sure you want to delete all teams that are assigned to divisional awards?")."')\" href=\"judges_teams.php?action=deletealldivisional\">Delete all teams assigned to divisional awards</a>";
 			echo "<br />";
 			echo "<a onclick=\"return confirmClick('".i18n("Are you sure you want to delete all teams?")."')\" href=\"judges_teams.php?action=deleteall\">Delete all teams</a><br />";
@@ -436,6 +480,9 @@ function addclicked()
 			echo "<script type=\"text/javascript\">$('.summarytable').tablesorter();</script>";
 			echo "<br />";
 		}
+		else {
+			echo "</td></tr></table>";
+		}
 	}
 	send_footer();
 

admin/judges_teams_members.php

@@ -106,13 +106,13 @@ jQuery(document).ready(function(){
 </script>
 <?
 
-	if($_POST['action']=="add" && $_POST['team_num'] && count($_POST['judgelist'])>0)
+	if($_POST['action']=="add" && $_POST['team_num'] && count($_POST['judgelist'])>0) {
-	{
 		//first check if this team exists.
-		$q=mysql_query("SELECT id,name FROM judges_teams WHERE num='".$_POST['team_num']."' AND year='".$config['FAIRYEAR']."'");
+		$q=$pdo->prepare("SELECT id,name FROM judges_teams WHERE num='".$_POST['team_num']."' AND year='".$config['FAIRYEAR']."'");
-		if(mysql_num_rows($q))
+		$q->execute();
+		if($q->rowCount();)
 		{
-			$r=mysql_fetch_object($q);
+			$r=$q->fetch(PDO::FETCH_OBJ);
 			$team_id=$r->id;
 			$team_name=$r->name;
 
@@ -125,20 +125,19 @@ jQuery(document).ready(function(){
 		}
 		$added=0;
 
-		foreach($_POST['judgelist'] AS $selectedjudge)
+		foreach($_POST['judgelist'] AS $selectedjudge) {
-		{
 			//before we insert them, we need to make sure they dont already belong to this team.  We can not have the same judge assigned to the same team multiple times.
 
-			$q=mysql_query("SELECT * FROM judges_teams_link WHERE users_id='$selectedjudge' AND judges_teams_id='$team_id'");
+			$q=$pdo->prepare("SELECT * FROM judges_teams_link WHERE users_id='$selectedjudge' AND judges_teams_id='$team_id'");
-			if(mysql_num_rows($q))
+			$q->execute();
-			{
+			if($q->rowCount();) {
 				echo notice(i18n("Judge (%1) already belongs to judging team: %2",array($selectedjudge,$team_name)));
 
 			}
-			else
+			else {
-			{
 				//lets make the first one we add a captain, the rest, non-captains :)
-				mysql_query("INSERT INTO judges_teams_link (users_id,judges_teams_id,captain,year) VALUES ('$selectedjudge','$team_id','$captain','".$config['FAIRYEAR']."')");	
+				$stmt = $pdo->prepare("INSERT INTO judges_teams_link (users_id,judges_teams_id,captain,year) VALUES ('$selectedjudge','$team_id','$captain','".$config['FAIRYEAR']."')");	
+				$stmt->execute();
 				$added++;
 			}
 			//if this is alreayd no, then who cares, but if its the first one that is going into the new team, then
@@ -155,18 +154,20 @@ jQuery(document).ready(function(){
 
 	if($_GET['action']=="del" && $_GET['team_num'] && $_GET['team_id'] && $_GET['users_id'])
 	{
-		mysql_query("DELETE FROM judges_teams_link WHERE users_id='".$_GET['users_id']."' AND judges_teams_id='".$_GET['team_id']."' AND year='".$config['FAIRYEAR']."'");
+		$stmt = $pdo->prepare("DELETE FROM judges_teams_link WHERE users_id='".$_GET['users_id']."' AND judges_teams_id='".$_GET['team_id']."' AND year='".$config['FAIRYEAR']."'");
+		$stmt->execute();
 		echo happy(i18n("Removed judge from team #%1 (%2)",array($_GET['team_num'],$_GET['team_name'])));
 
 		//if there is still members left in the team, make sure we have a captain still
-		$q=mysql_query("SELECT * FROM judges_teams_link WHERE judges_teams_id='".$_GET['team_id']."' AND year='".$config['FAIRYEAR']."'");
+		$q = $pdo->prepare("SELECT * FROM judges_teams_link WHERE judges_teams_id='".$_GET['team_id']."' AND year='".$config['FAIRYEAR']."'");
-		if(mysql_num_rows($q))
+		$q->execute();
+		if($q->rowCount();)
 		{
 			//make sure the team still has a captain!
 			//FIXME: this might best come from the "i am willing to be a team captain" question under the judges profile
 			$gotcaptain=false;
 			$first=true;
-			while($r=mysql_fetch_object($q))
+			while($r=$q->fetch(PDO::FETCH_OBJ))
 			{
 				if($first)
 				{
@@ -183,7 +184,8 @@ jQuery(document).ready(function(){
 			if(!$gotcaptain)
 			{
 				//make the first judge the captain
-				mysql_query("UPDATE judges_teams_link SET captain='yes' WHERE judges_teams_id='".$_GET['team_id']."' AND users_id='$firstjudge' AND year='".$config['FAIRYEAR']."'");	
+				$stmt = $pdo->prepare("UPDATE judges_teams_link SET captain='yes' WHERE judges_teams_id='".$_GET['team_id']."' AND users_id='$firstjudge' AND year='".$config['FAIRYEAR']."'");	
+				$stmt->execute();
 				echo notice(i18n("Team captain was removed. A new team captain has been automatically assigned"));
 			}
 		}
@@ -191,7 +193,8 @@ jQuery(document).ready(function(){
 
 	if($_GET['action']=="empty" && $_GET['team_num'] && $_GET['team_id'])
 	{
-		mysql_query("DELETE FROM judges_teams_link WHERE judges_teams_id='".$_GET['team_id']."' AND year='".$config['FAIRYEAR']."'");
+		$stmt = $pdo->prepare("DELETE FROM judges_teams_link WHERE judges_teams_id='".$_GET['team_id']."' AND year='".$config['FAIRYEAR']."'");
+		$stmt->execute();
 		echo happy(i18n("Emptied all judges from team #%1 (%2)",array($_GET['team_num'],$_GET['team_name'])));
 	}
 
@@ -201,7 +204,8 @@ jQuery(document).ready(function(){
 		{
 			foreach($_POST['team_names'] AS $team_id=>$team_name)
 			{
-				mysql_query("UPDATE judges_teams SET name='".mysql_escape_string(stripslashes($team_name))."' WHERE id='$team_id'");
+				$stmt = $pdo->prepare("UPDATE judges_teams SET name='".stripslashes($team_name)."' WHERE id='$team_id'");
+				$stmt->execute();
 			}
 			echo happy(i18n("Team names successfully saved"));
 		}
@@ -212,25 +216,85 @@ jQuery(document).ready(function(){
 	{
 
 		//teams can have as many captains as they want, so just add it.
-		mysql_query("UPDATE judges_teams_link SET captain='yes' WHERE judges_teams_id='".$_GET['team_id']."' AND users_id='".$_GET['judge_id']."'");
+		$stmt = $pdo->prepare("UPDATE judges_teams_link SET captain='yes' WHERE judges_teams_id='".$_GET['team_id']."' AND users_id='".$_GET['judge_id']."'");
+		$stmt->execute();
 		echo happy(i18n("Team captain assigned"));
 	}
 
 	if($_GET['action']=="removecaptain")
 	{
 		//teams must always have at least one captain, so if we only have one, and we are trying to remove it, dont let them!
-		$q=mysql_query("SELECT * FROM judges_teams_link WHERE captain='yes' AND judges_teams_id='".$_GET['team_id']."'");
+		$q=$pdo->prepare("SELECT * FROM judges_teams_link WHERE captain='yes' AND judges_teams_id='".$_GET['team_id']."'");
-		if(mysql_num_rows($q)<2)
+		$q->execute();
+		if($q->rowCount();<2)
 		{
 			echo error(i18n("A judge team must always have at least one captain"));
 		}
 		else
 		{
-			mysql_query("UPDATE judges_teams_link SET captain='no' WHERE judges_teams_id='".$_GET['team_id']."' AND users_id='".$_GET['judge_id']."'");
+			$pdo->prepare("UPDATE judges_teams_link SET captain='no' WHERE judges_teams_id='".$_GET['team_id']."' AND users_id='".$_GET['judge_id']."'");
+			$pdo->execute();
 			echo happy(i18n("Team captain removed"));
 		}
 	}
 
+	if($_GET['action']=="autoassignspecial") {
+
+		/* Load all the judges (judge_complete=yes, deleted=no, year=fairyear) */
+		$judgelist = judges_load_all();
+
+		/* Load all the teams */
+		$teams = array();
+		$q = $pdo->prepare("SELECT * FROM judges_teams WHERE year='{$config['FAIRYEAR']}'");
+		$q->execute();
+		while($i = $q->fetch(PDO::FETCH_ASSOC)) {
+			$teams[$i['id']] = $i;
+		}
+
+		/* And the links */
+		$links = array();
+		$q = $pdo->prepare("SELECT * FROM judges_teams_link WHERE year='{$config['FAIRYEAR']}'");
+		$q->execute();
+		while($i = $q->fetch(PDO::FETCH_ASSOC)) {
+			$judgelist[$i['users_id']]['teams_links'][] = $i;
+		}
+
+		$jlist = array();
+
+		/* Remove all judges that have a link */
+		foreach($judgelist as $j) {
+			if(count($j['teams_links']) == 0 && $j['special_award_only']=="yes") 
+				$jlist[] = $j['id'];
+		}
+		echo "We have ".count($jlist)." special awards judges to assign";
+		foreach($jlist AS $jid) {
+			$j=$judgelist[$jid];
+			if(is_array($j['special_award_selected']) && count($j['special_award_selected'])) {
+				//assing them to ALL teams for ALL awards
+				foreach($j['special_award_selected'] AS $awardid) {
+					echo "Looking for a team for award $awardid <br />";
+					//find the award id linked to a team
+					$q=$pdo->prepare("SELECT * FROM judges_teams_awards_link WHERE award_awards_id='{$awardid}' AND year='{$config['FAIRYEAR']}'");
+					$q->execute();
+					if($q->rowCount();) {
+						while($r=$q->fetch(PDO::FETCH_OBJ)) {
+							$stmt = $pdo->prepare("INSERT INTO judges_teams_link (users_id,judges_teams_id,captain,year) VALUES ('$jid','$r->judges_teams_id','yes','{$config['FAIRYEAR']}')");
+							$stmt->execute();
+							echo happy(i18n("%1 %2 to their special award(s) team(s)",array($j['firstname'],$j['lastname'])));
+						}
+					}
+					else {
+						echo error(i18n("%1 %2 not assigned - No team found that is judging award id %1",array($awardid)));
+					}
+				}
+			}
+			else {
+				echo error(i18n("%1 %2 has indicated special awards only, but didnt selected any awards",array($j['firstname'],$j['lastname'])));
+			}
+
+		}
+	}
+
 	if(!$_SESSION['viewstate']['judges_teams_list_show'])
 		$_SESSION['viewstate']['judges_teams_list_show']='unassigned';
 	//now update the judges_teams_list_show viewstate
@@ -272,15 +336,17 @@ jQuery(document).ready(function(){
 
 	/* Load all the teams */
 	$teams = array();
-	$q = mysql_query("SELECT * FROM judges_teams WHERE year='{$config['FAIRYEAR']}'");
+	$q = $pdo->prepare("SELECT * FROM judges_teams WHERE year='{$config['FAIRYEAR']}'");
-	while($i = mysql_fetch_assoc($q)) {
+	$q->execute();
+	while($i = $q->fetch(PDO::FETCH_ASSOC)) {
 		$teams[$i['id']] = $i;
 	}
 
 	/* And the links */
 	$links = array();
-	$q = mysql_query("SELECT * FROM judges_teams_link WHERE year='{$config['FAIRYEAR']}'");
+	$q = $pdo->prepare("SELECT * FROM judges_teams_link WHERE year='{$config['FAIRYEAR']}'");
-	while($i = mysql_fetch_assoc($q)) {
+	$q->execute();
+	while($i = $q->fetch(PDO::FETCH_ASSOC)) {
 		$judgelist[$i['users_id']]['teams_links'][] = $i;
 	}
 
@@ -298,17 +364,24 @@ jQuery(document).ready(function(){
 	echo i18n("Listing %1 judges",array(count($jlist)));
 	echo "<br />";
 	echo "</center>";
-	echo mysql_error();
+	echo $pdo->errorInfo();
 	echo "<select name=\"judgelist[]\" onchange=\"switchjudgeinfo()\" multiple=\"multiple\" style=\"width: 250px; height: 600px;\">";
 
 	foreach($jlist as $jid) {
 		$u = &$judgelist[$jid];
-		if($u['firstname'] && $u['lastname'])
+		if($u['firstname'] && $u['lastname']) {
-			echo "<option value=\"$jid\">{$u['firstname']} {$u['lastname']} (" . implode(' ', $u['languages']) . ")</option>\n";
+			if($u['special_award_only']=='yes') {
+				$sp="[sp] ";
+			}
+			else $sp="";
+			echo "<option value=\"$jid\">{$sp}{$u['firstname']} {$u['lastname']} (" . implode(' ', $u['languages']) . ")</option>\n";
+		}
 	}
 	unset($u);
 
 	echo "</select>";
+	echo "<br />";
+	echo "<a href=\"judges_teams_members.php?action=autoassignspecial\">Auto-Assign Special Awards Judges to Special Awards Teams</a>\n";
 	echo "</td>";
 	echo "<td valign=\"top\">";
 
@@ -322,6 +395,7 @@ jQuery(document).ready(function(){
 		echo "<input onclick=\"addbuttonclicked('".$team['num']."')\" type=\"button\" value=\"Add &gt;&gt;\">";
 		echo "</td><td>";
 
+
 		echo "<table width=\"100%\">\n";
 		echo "<tr><th colspan=\"2\" align=\"left\">#".$team['num'].": ";
 		echo $team['name'];
@@ -336,18 +410,40 @@ jQuery(document).ready(function(){
 			foreach($team['members'] AS $member) {
 				$j = &$judgelist[$member['id']];
 				echo "<tr><td>";
+				/*
+				if($team['num']=="89") {
+					echo "<pre>";
+					print_r($team);
+					print_r($j);
+					echo "</pre>";
+				}
+				*/
 
 				$langerr=false;
+				$judgeerr=false;
 				foreach($team['languages'] AS $teamlang) {
-					if(!in_array($teamlang,$j['languages'])) {
+					if(is_array($j['languages'])) {
+						if(!in_array($teamlang,$j['languages'])) {
+							$langerr=true;
+							break;
+						}
+					} else {
 						$langerr=true;
-						break;
 					}
 				}
 
+				if(!$j['id']) {
+					$judgeerr=true;
+				}
+
 				echo "<a onclick=\"return confirmClick('Are you sure you want to remove this judge from this team?')\" href=\"judges_teams_members.php?action=del&team_id=".$team['id']."&team_num=".$team['num']."&users_id=".$member['id']."&team_name=".rawurlencode($team['name'])."\"><img border=0 src=\"".$config['SFIABDIRECTORY']."/images/16/button_cancel.".$config['icon_extension']."\"></a>";
 				echo "</td><td width=\"100%\">";
-				if($langerr) echo "<span class=\"error\" style=\"width: 100%; display: block;\">";
+				if($langerr || $judgeerr) echo "<span class=\"error\" style=\"width: 100%; display: block;\">";
+				if($judgeerr) {
+					echo "ERROR: this judge is assigned to the team, but they are not an active/complete judge! <br />";
+				}
+
+
 				if($member['captain']=="yes") {
 					echo "<a title=\"Captain - Click to remove captain status\" href=\"judges_teams_members.php?action=removecaptain&team_id=".$team['id']."&judge_id=".$member['id']."\">";
 					echo "<img border=0 src=\"".$config['SFIABDIRECTORY']."/images/16/bookmark.".$config['icon_extension']."\">";
@@ -366,7 +462,7 @@ jQuery(document).ready(function(){
 					$l = is_array($j['languages']) ? join(' ',$j['languages']) : '';
 
 				echo "</a>&nbsp;<span style=\"font-size: 1.0em;\">($l)</span>\n";
-				if($langerr) echo "</span>\n";
+				if($langerr || $judgeerr) echo "</span>\n";
 				echo "</td></tr>";
 			}
 
@@ -394,7 +490,7 @@ jQuery(document).ready(function(){
 	echo "</td></tr>";
 	echo "</table>";
 	echo "</form>";
-	echo '<div id="infodiv" style="background-color: #DDF; border:solid;'
+	echo '<div id="infodiv" style="font-size: 1.2em; background-color: #DDF; border:solid;'
 		. ' border-width:1px;'
 		. ' border-color: #000;'
 		. ' position:absolute;'

admin/judges_teams_projects.php

@@ -79,7 +79,8 @@ if($_GET['judges_projects_list_eligible'])
 
 if($_GET['action']=="delete" && $_GET['delete'] && $_GET['edit'])
 {
-	mysql_query("DELETE FROM judges_teams_timeslots_projects_link WHERE id='".$_GET['delete']."'");
+	$stmt = $pdo->prepare("DELETE FROM judges_teams_timeslots_projects_link WHERE id='".$_GET['delete']."'");
+	$stmt->execute();
 	echo happy(i18n("Judging team project successfully removed"));
 	$action="edit";
 }
@@ -87,12 +88,14 @@ if($_GET['action']=="delete" && $_GET['delete'] && $_GET['edit'])
 
 if($_POST['action']=="assign" && $_POST['edit'] && $_POST['timeslot'] && $_POST['project_id'])
 {
-	mysql_query("INSERT INTO judges_teams_timeslots_projects_link (judges_teams_id,judges_timeslots_id,projects_id,year) VALUES ('".$_POST['edit']."','".$_POST['timeslot']."','".$_POST['project_id']."','".$config['FAIRYEAR']."')");
+	$stmt = $pdo->prepare("INSERT INTO judges_teams_timeslots_projects_link (judges_teams_id,judges_timeslots_id,projects_id,year) VALUES ('".$_POST['edit']."','".$_POST['timeslot']."','".$_POST['project_id']."','".$config['FAIRYEAR']."')");
+	$stmt->execute();
 	echo happy(i18n("Project assigned to team timeslot"));
 }
 
-$q=mysql_query("SELECT DISTINCT(date) AS d FROM judges_timeslots WHERE year='".$config['FAIRYEAR']."'");
+$q=$pdo->prepare("SELECT DISTINCT(date) AS d FROM judges_timeslots WHERE year='".$config['FAIRYEAR']."'");
-if(mysql_num_rows($q)>1)
+$q->execute();
+if($q-rowCount()>1)
 	$show_date=true;
 else
 	$show_date=false;
@@ -150,7 +153,7 @@ if( ($action=="edit" || $action=="assign" ) && $edit)
 	echo $awardlist;
 
 	//get the timeslots that this team has.
-	$q=mysql_query("SELECT 
+	$q=$pdo->prepare("SELECT 
 				judges_timeslots.id,
 				judges_timeslots.date,
 				judges_timeslots.starttime,
@@ -166,9 +169,10 @@ if( ($action=="edit" || $action=="assign" ) && $edit)
 			ORDER BY
 				date,starttime
 			");
+	$q->execute();
 
 
-	$numslots=mysql_num_rows($q);
+	$numslots=$q-rowCount();
 	if($numslots)
 	{
 
@@ -236,8 +240,9 @@ if( ($action=="edit" || $action=="assign" ) && $edit)
 				ORDER BY
 					projectnumber";
 		}
-		$pq=mysql_query($querystr);
+		$pq=$pdo->($querystr);
-		echo mysql_error();
+		$pq->execute();
+		echo $pdo->errorInfo();
 	
 		$eligibleprojects=getProjectsEligibleOrNominatedForAwards($award_ids);
 //		echo nl2br(print_r($eligibleprojects,true));
@@ -248,7 +253,7 @@ if( ($action=="edit" || $action=="assign" ) && $edit)
 		$numprojects=0;
 		echo "<select name=\"project_id\">";
 		echo "<option value=\"\">".i18n("Choose Project to Assign to Timeslot")."</option>\n";
-		while($pr=mysql_fetch_object($pq)) {
+		while($pr=$pq->fetch(PDO::FETCH_OBJ)) {
 			if($_SESSION['viewstate']['judges_projects_list_eligible']=='true') {
 				if(in_array($pr->projectnumber,$eligibleprojectsnumbers)) {
 					echo "<option value=\"$pr->id\">$pr->projectnumber - $pr->title</option>\n";
@@ -276,7 +281,7 @@ if( ($action=="edit" || $action=="assign" ) && $edit)
 		echo "</tr>";
 
 
-		while($r=mysql_fetch_object($q)) {
+		while($r=$q->fetch(PDO::FETCH_OBJ)) {
 			echo "<tr><td>";
 
 			echo "<nobr>";
@@ -288,7 +293,7 @@ if( ($action=="edit" || $action=="assign" ) && $edit)
 			echo "</nobr>";
 			echo "</td><td>";
 			
-			$projq=mysql_query("SELECT
+			$projq=$pdo->prepare("SELECT
 						judges_teams_timeslots_projects_link.id AS link_id,
 						projects.projectnumber,
 						projects.id,
@@ -304,9 +309,10 @@ if( ($action=="edit" || $action=="assign" ) && $edit)
 					ORDER BY
 						projectnumber
 					");
+			$projq->execute();
 
-		echo mysql_Error();
+		echo $pdo->errorInfo();
-			while($proj=mysql_fetch_object($projq)) {
+			while($proj=$projq->fetch(PDO::FETCH_OBJ)) {
 				echo "<a onclick=\"return confirmClick('Are you sure you want to remove this project from this team timeslot?')\" href=\"judges_teams_projects.php?action=delete&delete=".$proj->link_id."&edit=".$team['id']."\"><img border=0 src=\"".$config['SFIABDIRECTORY']."/images/16/button_cancel.".$config['icon_extension']."\"></a>";
 				echo "$proj->projectnumber - $proj->title <br />";
 
@@ -361,7 +367,7 @@ if( ($action=="edit" || $action=="assign" ) && $edit)
 		echo "</td>";
 		echo "<td>";
 		//get the timeslots that this team has.
-		$q=mysql_query("SELECT 
+		$q=$pdo->prepare("SELECT 
 					judges_timeslots.id,
 					judges_timeslots.date,
 					judges_timeslots.starttime,
@@ -377,13 +383,14 @@ if( ($action=="edit" || $action=="assign" ) && $edit)
 				ORDER BY
 					date,starttime
 				");
-		$numslots=mysql_num_rows($q);
+		$q->execute();
+		$numslots=$q-rowCount();
 
 		echo "<a href=\"judges_teams_projects.php?action=edit&edit=".$team['id']."\">".i18n("Edit team project assignments")."</a>";
 
 		echo "<table class=\"tableview\" style=\"margin-left: 0px; width: 100%; font-size: 1.0em;\">";
 
-		while($r=mysql_fetch_object($q)) {
+		while($r=$q->fetch(PDO::FETCH_OBJ)) {
 			echo "<tr><td width=\"100\" align=\"center\">";
 
 			echo "<nobr>";
@@ -395,7 +402,7 @@ if( ($action=="edit" || $action=="assign" ) && $edit)
 			echo "</nobr>";
 			echo "</td><td>";
 
-			$projq=mysql_query("SELECT
+			$projq=$pdo->prepare("SELECT
 					projects.projectnumber,
 					projects.id,
 					projects.title,
@@ -411,15 +418,16 @@ if( ($action=="edit" || $action=="assign" ) && $edit)
 				ORDER BY
 					projectnumber
 				");
+			$projq->execute();
 
-			echo mysql_error();
+			echo $pdo->errorInfo();
-			while($proj=mysql_fetch_object($projq)) {
+			while($proj=$projq->fetch(PDO::FETCH_OBJ)) {
                 if(!in_array($proj->language,$team['languages_members'])) 
                     echo "<span class=\"error\">";
 
 				echo "$proj->projectnumber - $proj->title ($proj->language)";
 
-                if(!in_array($proj->language,$team['languages'])) 
+                if(!in_array($proj->language,$team['languages_members'])) 
                     echo "</span>\n";
                 echo "<br />";
 			}

admin/judges_teams_timeslots.php

@@ -40,13 +40,15 @@
 
  if($action == 'delete' && array_key_exists('delete', $_GET)) {
 	$id = intval($_GET['delete']);
- 	mysql_query("DELETE FROM judges_teams_timeslots_link WHERE id='$id'");
+ 	$stmt = $pdo->prepare("DELETE FROM judges_teams_timeslots_link WHERE id='$id'");
+	$stmt->execute();
 	message_push(happy(i18n("Judging team timeslot successfully removed")));
  }
 
  if($action == 'empty' && array_key_exists('empty',$_GET)) {
 	$id = intval($_GET['empty']);
- 	mysql_query("DELETE FROM judges_teams_timeslots_link WHERE judges_teams_id='$id'");
+ 	$stmt = $pdo->prepare("DELETE FROM judges_teams_timeslots_link WHERE judges_teams_id='$id'");
+	$stmt->execute();
 	message_push(happy(i18n("Judging team timeslots successfully removed")));
  }
 
@@ -56,9 +58,9 @@
 	if(count($_POST['teams']) && count($_POST['timeslots'])) {
 		foreach($_POST['teams'] AS $tm) {
 			foreach($_POST['timeslots'] AS $ts) {
-				mysql_query("INSERT INTO judges_teams_timeslots_link (judges_teams_id,judges_timeslots_id,year) 
+				$stmt = $pdo->prepare("INSERT INTO judges_teams_timeslots_link (judges_teams_id,judges_timeslots_id,year) 
 						VALUES ('$tm','$ts','{$config['FAIRYEAR']}')");
-
+				$stmt->execute();
 			}
 		}
 		message_push(happy(i18n("%1 Timeslots assigned to %2 teams",array(count($_POST['timeslots']),count($_POST['teams'])))));
@@ -126,8 +128,9 @@ function checkinvert(what)
 	echo "<a href=\"\" onclick=\"return checkinvert('timeslots')\">invert selection</a>";
 
 
-	$q=mysql_query("SELECT DISTINCT(date) AS d FROM judges_timeslots WHERE year='".$config['FAIRYEAR']."'");
+	$q=$pdo->prepare("SELECT DISTINCT(date) AS d FROM judges_timeslots WHERE year='".$config['FAIRYEAR']."'");
-	if(mysql_num_rows($q)>1)
+	$q->execute();
+	if($q->rowCount()>1)
 		$show_date=true;
 	else
 		$show_date=false;
@@ -140,16 +143,18 @@ function checkinvert(what)
 	echo "<th>".i18n("End Time")."</th>";
 	echo "</tr>\n";
 	
-	$q=mysql_query("SELECT * FROM judges_timeslots 
+	$q=$pdo->prepare("SELECT * FROM judges_timeslots 
 			WHERE year='{$config['FAIRYEAR']}' 
 			AND round_id='0' ORDER BY date,starttime");
-	while($r=mysql_fetch_object($q)) {
+	$q->execute();
+	while($r=$q->fetch(PDO::FETCH_OBJ)) {
 		echo "<tr>";
 		$span = $show_date ? 4 : 3;
 		echo "<td colspan=\"$span\">{$r->name} (".$round_str[$r->type].")</td>";
-		$qq = mysql_query("SELECT * FROM judges_timeslots 
+		$qq = $pdo->prepare("SELECT * FROM judges_timeslots 
 					WHERE round_id='{$r->id}' ORDER BY date,starttime");
-		while($rr = mysql_fetch_object($qq)) {
+		$qq->execute();
+		while($rr = $qq->fetch(PDO::FETCH_OBJ)) {
 			echo "<tr>";
 			echo "<td><input type=\"checkbox\" name=\"timeslots[]\" value=\"{$rr->id}\" /></td>";
 			if($show_date)	echo "<td>".format_date($r->date)."</td>";
@@ -202,7 +207,7 @@ function checkinvert(what)
 		echo "</td>";
 		echo "<td>";
 		//get the timeslots that this team has.
-		$q=mysql_query("SELECT 
+		$q=$pdo->prepare("SELECT 
 					judges_teams_timeslots_link.id,
 					judges_timeslots.date,
 					judges_timeslots.starttime,
@@ -218,9 +223,10 @@ function checkinvert(what)
 				ORDER BY
 					date,starttime
 				");
-		$numslots=mysql_num_rows($q);
+		$q->execute();
+		$numslots=$q->rowCount();
 
-		while($r=mysql_fetch_object($q))
+		while($r=$q->fetch(PDO::FETCH_OBJ))
 		{
 			echo "<nobr>";
 			if($show_date)

admin/judges_timeslots.php

@@ -76,21 +76,23 @@
 		message_push(error(i18n('Invalid type specified')));
 	}
 
-	$name = mysql_escape_string(stripslashes($_POST['name']));
+	$name = stripslashes($_POST['name']);
 
 	if($save == true) {
 		if($round_id == 0) {
 			/* New entry */
-			mysql_query("INSERT INTO judges_timeslots (round_id,year) VALUES('0','{$config['FAIRYEAR']}')");
+			$stmt = $pdo->prepare("INSERT INTO judges_timeslots (round_id,year) VALUES('0','{$config['FAIRYEAR']}')");
-			$round_id = mysql_insert_id();
+			$stmt->execute();
+			$round_id = $pdo->lastInsertId();
 		}
 
-		mysql_query("UPDATE judges_timeslots SET `date`='$date', 
+		$stmt = $pdo->prepare("UPDATE judges_timeslots SET `date`='$date', 
 								starttime='$starttime', endtime='$endtime',
 								`name`='$name',
 								`type`='$type' WHERE id='$round_id'");
+		$stmt->execute();
 
-		echo mysql_error();
+		echo $pdo->errorInfo();
 		message_push(happy(i18n("Round successfully saved")));
 		$action = '';
 	}
@@ -98,14 +100,20 @@
  }
 
  if($action == 'deleteround') {
- 	mysql_query("DELETE FROM judges_timeslots WHERE id='$round_id'");
+ 	
+	$stmt = $pdo->prepare("DELETE FROM judges_timeslots WHERE id='$round_id'");
+	$stmt->execute();
 	/* Also delete all timeslots */
- 	mysql_query("DELETE FROM judges_timeslots WHERE round_id='$round_id'");
+ 	
+	$stmt = $pdo->prepare("DELETE FROM judges_timeslots WHERE round_id='$round_id'");
+	$stmt->execute();
 	message_push(happy(i18n("Round successfully removed")));
 	$action = '';
  }
  if($action == 'deletetimeslot') {
- 	mysql_query("DELETE FROM judges_timeslots WHERE id='$timeslot_id'");
+ 	
+	$stmt = $pdo->prepare("DELETE FROM judges_timeslots WHERE id='$timeslot_id'");
+	$stmt->execute();
 	message_push(happy(i18n("Timeslot successfully removed")));
 	$action = '';
  } 
@@ -113,8 +121,9 @@
  if($action == 'savetimeslot') {
 	$save = true;
 
-	$q = mysql_query("SELECT * FROM judges_timeslots WHERE id='$round_id'");
+	$q = $pdo->prepare("SELECT * FROM judges_timeslots WHERE id='$round_id'");
-	$round_data = mysql_fetch_assoc($q);
+	$q->execute();
+	$round_data = $q->fetch(PDO::FETCH_ASSOC);
 
 	$date = $round_data['date'];
 
@@ -135,15 +144,17 @@
 	if($save == true) {
 		if($timeslot_id == 0) {
 			/* New entry */
-			mysql_query("INSERT INTO judges_timeslots (round_id,date,type,year) VALUES('$round_id',
+			$stmt = $pdo->prepare("INSERT INTO judges_timeslots (round_id,date,type,year) VALUES('$round_id',
 								'$date','timeslot','{$config['FAIRYEAR']}')");
-			$timeslot_id = mysql_insert_id();
+			$stmt->execute();
+			$timeslot_id = $pdo->lastInsertId();
 		}
 
-		mysql_query("UPDATE judges_timeslots SET starttime='$starttime', endtime='$endtime'
+		$stmt = $pdo->prepare("UPDATE judges_timeslots SET starttime='$starttime', endtime='$endtime'
 								WHERE id='$timeslot_id'");
+		$stmt->execute();
 
-		echo mysql_error();
+		echo $pdo->errorInfo();
 		message_push(happy(i18n("Timeslot successfully saved")));
 		$action = '';
 	}
@@ -158,8 +169,9 @@
 
 	if(array_key_exists('starttime_hour', $_POST) && array_key_exists('starttime_minute',$_POST) && $addnum && $duration) {
 	    	
-		$q = mysql_query("SELECT * FROM judges_timeslots WHERE id='$round_id'");
+		$q = $pdo->prepare("SELECT * FROM judges_timeslots WHERE id='$round_id'");
-		$round_data = mysql_fetch_assoc($q);
+		$q->execute();
+		$round_data = $q->fetch(PDO::FETCH_ASSOC);
 
 		$date = $round_data['date'];
 
@@ -169,20 +181,22 @@
 		$tt=$duration+$break;
 
 		for($x=0;$x<$addnum;$x++) {
-			$q=mysql_query("SELECT 	DATE_ADD('$date $hr:$min:00', INTERVAL $duration MINUTE) AS endtime, 
+			$q=$pdo->prepare("SELECT 	DATE_ADD('$date $hr:$min:00', INTERVAL $duration MINUTE) AS endtime, 
 						DATE_ADD('$date $hr:$min:00', INTERVAL $tt MINUTE) AS startnext ");
-			echo mysql_error();
+			$q->execute();
-			$r=mysql_fetch_object($q);
+			echo $pdo->errorInfo();
+			$r=$q->fetch(PDO::FETCH_OBJ);
 			list($ed,$et)=split(" ",$r->endtime);
 			list($nd,$nt)=split(" ",$r->startnext);
 
 			$starttime = sprintf("%02d:%02d:00", $hr, $min);
 
-			mysql_query("INSERT INTO judges_timeslots (date,type,round_id,starttime,endtime,year) VALUES (
+			$stmt = $pdo->prepare("INSERT INTO judges_timeslots (date,type,round_id,starttime,endtime,year) VALUES (
 					'$date','timeslot','{$round_data['id']}',
 					'$starttime', '$et',
 					'{$config['FAIRYEAR']}')");
-			echo mysql_error();
+			$stmt->execute();
+			echo $pdo->errorInfo();
 			$date=$nd;
 			list($s_h,$s_m,$s_s)=split(":",$nt);
 			list($e_h,$e_m,$e_s)=split(":",$et);
@@ -224,12 +238,13 @@
 		$r['date'] = $config['dates']['fairdate'];
 	} else {
 		echo "<h3>Edit Judging Round</h3>";
-		$q=mysql_query("SELECT * FROM judges_timeslots WHERE id='$round_id'");
+		$q=$pdo->prepare("SELECT * FROM judges_timeslots WHERE id='$round_id'");
-		if(mysql_num_rows($q) != 1) {
+		$q->execute();
+		if($q->rowCount() != 1) {
 		    	echo "UNKNOWN ROUND $round_id";
 			exit;
 		}
-		$r = mysql_fetch_assoc($q);
+		$r = $q->fetch(PDO::FETCH_ASSOC);
 	}
 
 	echo "<table>";
@@ -269,8 +284,9 @@
 	echo "<input type=\"hidden\" name=\"round_id\" value=\"$round_id\">\n";
 	echo "<input type=\"hidden\" name=\"timeslot_id\" value=\"$timeslot_id\">\n";
 
-	$q = mysql_query("SELECT * FROM judges_timeslots WHERE id='$round_id'");
+	$q = $pdo->prepare("SELECT * FROM judges_timeslots WHERE id='$round_id'");
-	$round_data = mysql_fetch_assoc($q);
+		$q->execute();
+	$round_data = $q->fetch(PDO::FETCH_ASSOC);
 
 	if($action == 'addtimeslot') {
 		echo "<h3>Add New Judging Timeslot</h3>";
@@ -278,12 +294,13 @@
 		$r['date'] = $round_data['date'];
 	} else {
 		echo "<h3>Edit Judging Timeslot</h3>";
-		$q=mysql_query("SELECT * FROM judges_timeslots WHERE id='$timeslot_id'");
+		$q=$pdo->prepare("SELECT * FROM judges_timeslots WHERE id='$timeslot_id'");
-		if(mysql_num_rows($q) != 1) {
+		$q->execute();
+		if($q->rowCount() != 1) {
 		    	echo "UNKNOWN ROUND $round_id";
 			exit;
 		}
-		$r = mysql_fetch_assoc($q);
+		$r = $q->fetch(PDO::FETCH_ASSOC);
 	}
 
 	echo "<table>";
@@ -313,8 +330,9 @@
 	echo "<input type=\"hidden\" name=\"round_id\" value=\"$round_id\">\n";
 	echo "<input type=\"hidden\" name=\"timeslot_id\" value=\"$timeslot_id\">\n";
 
-	$q = mysql_query("SELECT * FROM judges_timeslots WHERE id='$round_id'");
+	$q = $pdo->prepare("SELECT * FROM judges_timeslots WHERE id='$round_id'");
-	$round_data = mysql_fetch_assoc($q);
+	$q->execute();
+	$round_data = $q->fetch(PDO::FETCH_ASSOC);
 
 	echo "<table border=\"0\">";
 	echo "<tr><td>".i18n('Round Type').":</td><td>{$round_str[$round_data['type']]}</td></tr>";
@@ -353,11 +371,14 @@
 	echo "<th>".i18n("Actions")."</th>";
 	echo "</tr>";
 
-	$q=mysql_query("SELECT * FROM judges_timeslots WHERE year='{$config['FAIRYEAR']}' AND `type`!='timeslot' ORDER BY date,starttime");
+	
-	while($r=mysql_fetch_object($q)) {
+	$q=$pdo->prepare("SELECT * FROM judges_timeslots WHERE year='{$config['FAIRYEAR']}' AND `type`!='timeslot' ORDER BY date,starttime");
+	$q->execute();
+	while($r=$q->fetch(PDO::FETCH_OBJ)) {
 		echo "<tr>";
-		$qq = mysql_query("SELECT * FROM judges_timeslots WHERE round_id='{$r->id}' ORDER BY `date`,`starttime`");
+		$qq = $pdo->prepare("SELECT * FROM judges_timeslots WHERE round_id='{$r->id}' ORDER BY `date`,`starttime`");
-		$c = mysql_num_rows($qq) +1;
+		$qq->execute();
+		$c = $qq->rowCount() +1;
 
 		echo "<td rowspan=\"$c\"><b>".format_date($r->date)."</b></td>";
 		echo "<td align=\"center\"><b>".format_time($r->starttime)."</b><br/>";
@@ -376,7 +397,7 @@
 
 		echo "</tr>";
 
-		while($rr = mysql_fetch_object($qq)) {
+		while($rr = $qq->fetch(PDO::FETCH_OBJ)) {
 			echo "<tr>";
 //			echo "<td></td>";
 			echo "<td align=\"right\">".format_time($rr->starttime)."</td>";

admin/judging_score_edit.php

@@ -45,13 +45,17 @@
                          if($score == 0) {
                                  $score = "NULL";
                          } else {
-                                 $score = mysql_real_escape_string($score);
+                                 $score = $score;
                          }
-		 mysql_query("UPDATE judges_teams_timeslots_projects_link 
+						 if($score >100.00) {
+							$score_error = "*** ERROR **** You entered a value greater than 100.00";							
+						 }
+		 $stmt = $pdo->prepare("UPDATE judges_teams_timeslots_projects_link 
 				 					SET score=" . $score . 
-			          " WHERE judges_teams_id = " . mysql_real_escape_string($_POST["team_" . $curr_team . "_id"]) . 
+			          " WHERE judges_teams_id = " . $_POST["team_" . $curr_team . "_id"] . 
 			          " and projects_id =$project_id and year=$year");
-		 echo mysql_error();
+		$stmt->execute();
+		 echo $pdo->errorInfo();
 		 }
 		 $curr_team--;
 	 }
@@ -60,25 +64,36 @@
   ?>
 <?
 if($project_id) {
-$q=mysql_query("SELECT * FROM projectcategories WHERE year='$year' ORDER BY id");
+$q=$pdo->prepare("SELECT * FROM projects WHERE projects.id = '".$project_id."'");
-while($r=mysql_fetch_object($q))
+$q->execute();
+$r=$q->fetch(PDO::FETCH_OBJ);
+$project_number = $r->projectnumber;
+$project_title = $r->title;
+$q=$pdo->prepare("SELECT * FROM projectcategories WHERE year='$year' ORDER BY id");
+$q->execute();
+while($r=$q->fetch(PDO::FETCH_OBJ))
 	$cats[$r->id]=$r->category;
 
-$q=mysql_query("SELECT * FROM projectdivisions WHERE year='$year' ORDER BY id");
+$q=$pdo->prepare("SELECT * FROM projectdivisions WHERE year='$year' ORDER BY id");
+$q->execute();
 
 
-	$q=mysql_query("SELECT judges_teams_timeslots_projects_link.judges_teams_id, 
+	$q=$pdo->prepare("SELECT judges_teams_timeslots_projects_link.judges_teams_id, 
 												 score, 
 												 judges_teams.num
 			            FROM judges_teams_timeslots_projects_link, 
 									     judges_teams
 			            WHERE judges_teams_timeslots_projects_link.judges_teams_id = judges_teams.id 
-									     AND projects_id = ".mysql_real_escape_string($project_id)." ORDER BY judges_teams_id"
+									     AND projects_id = ".$project_id." ORDER BY judges_teams_id"
 								);
-	echo mysql_error();
+	$q->execute();
-
+	echo $pdo->errorInfo();
+    echo "Project# ".$project_number."  ".$project_title."<br />";
+	if ($score_error != "") {
+	echo $score_error."<br />";	
+	}
 	echo "<form action=\"judging_score_edit.php\" method=\"post\">";
-	echo "<input type=\"hidden\" name=\"score_count\" value=\"" . mysql_num_rows($q) . "\"/>";
+	echo "<input type=\"hidden\" name=\"score_count\" value=\"" . $q->rowCount() . "\"/>";
 	echo "<input type=\"hidden\" name=\"projectid\" value=\"$project_id\"/>";
 	echo "<table class=\"tableview\">";
 	echo "<tr>";
@@ -89,7 +104,7 @@ $q=mysql_query("SELECT * FROM projectdivisions WHERE year='$year' ORDER BY id");
 	echo "</tr>";
 
 	$i = 1;
-	while($r=mysql_fetch_object($q)) {
+	while($r=$q->fetch(PDO::FETCH_OBJ)) {
 		$team=getJudgingTeam($r->judges_teams_id);
 		$teamNames=array_map("teamMemberToName", $team['members']);
 		echo "<tr>\n";
@@ -108,7 +123,7 @@ $q=mysql_query("SELECT * FROM projectdivisions WHERE year='$year' ORDER BY id");
 		}
 		echo "\n</td>\n";
 		echo "<td style=\"vertical-align: middle; text-align: center\">\n";
-		echo "<input type=\"text\" size=\"3\" maxlength=\"3\" name=\"team_" . $i . "_score\" value=\"$r->score\"/>\n";
+		echo "<input type=\"text\" size=\"5\" maxlength=\"5\" name=\"team_" . $i . "_score\" value=\"$r->score\"/>\n";
 		echo "</td>\n";
 		echo "</tr>\n";
 		$i++;

admin/judging_score_entry.php

@@ -42,17 +42,19 @@
  }
  ?>
 <?
-$q=mysql_query("SELECT * FROM projectcategories WHERE year='$year' ORDER BY id");
+$q=$pdo->prepare("SELECT * FROM projectcategories WHERE year='$year' ORDER BY id");
-while($r=mysql_fetch_object($q))
+$q->execute();
+while($r=$q->fetch(PDO::FETCH_OBJ))
 	$cats[$r->id]=$r->category;
 
-$q=mysql_query("SELECT * FROM projectdivisions WHERE year='$year' ORDER BY id");
+$q=$pdo->prepare("SELECT * FROM projectdivisions WHERE year='$year' ORDER BY id");
-while($r=mysql_fetch_object($q))
+$q->execute();
+while($r=$q->fetch(PDO::FETCH_OBJ))
 	$divs[$r->id]=$r->division;
 
 $ORDERBY="projects.projectcategories_id, projects.projectdivisions_id, projects.projectnumber";
 
-	$q=mysql_query("SELECT  registrations.id AS reg_id,
+	$q=$pdo->prepare("SELECT  registrations.id AS reg_id,
 				registrations.num AS reg_num,
 				projects.id as projectid,
 				projects.title,
@@ -76,7 +78,8 @@ $ORDERBY="projects.projectcategories_id, projects.projectdivisions_id, projects.
 			ORDER BY
 				$ORDERBY
 			");
-		echo mysql_error();
+	$q->execute();
+		echo $pdo->errorInfo();
 	
 	if($_GET['csv'] != 'yes') {
 		echo "<a href='judging_score_entry.php?csv=yes'>" . i18n("Generate CSV Report") . "</a>\n";
@@ -94,20 +97,21 @@ $ORDERBY="projects.projectcategories_id, projects.projectdivisions_id, projects.
 		echo "Project #\tTitle\tCategory\tDivision\tScore\tNormalized Scores\tJudge Name\tJudges Score\n";
 	}
 
-	while($r=mysql_fetch_object($q))
+	while($r=$q->fetch(PDO::FETCH_OBJ))
 	{
 		if($_GET['csv'] == 'yes') {
 			echo "$r->projectnumber \t $r->title \t" . $cats[$r->projectcategories_id] . "\t" . $divs[$r->projectdivisions_id] . " \t $r->score \t $r->norm_score ";
-			$p=mysql_query("SELECT judges_teams_timeslots_projects_link.judges_teams_id, 
+			$p=$pdo->prepare("SELECT judges_teams_timeslots_projects_link.judges_teams_id, 
 								    				 score, 
 												     judges_teams.num
 			                FROM judges_teams_timeslots_projects_link, 
 									         judges_teams
 			                WHERE judges_teams_timeslots_projects_link.judges_teams_id = judges_teams.id 
-									          AND projects_id = ".mysql_real_escape_string($r->projectid)." ORDER BY judges_teams_id"
+									          AND projects_id = ".$r->projectid." ORDER BY judges_teams_id"
 								);
-	echo mysql_error();
+			$p->execute();
-			while($s=mysql_fetch_object($p)) {
+	echo $pdo->errorInfo();
+			while($s=$p->fetch(PDO::FETCH_OBJ)) {
                                 $team=getJudgingTeam($s->judges_teams_id);
                                 $teamNames=array_map("teamMemberToName", $team['members']);
 				echo "\t " . implode(", ", $teamNames) . " \t $s->score";

admin/project_editor.php

@@ -20,6 +20,11 @@
    the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
    Boston, MA 02111-1307, USA.
 */
+
+// This file was modified Jan of 2014 by Richard Sin
+// Project type has been added and can be toggled by configuration.
+// Feedback box also has been added for flagging purposes
+
 ?>
 <?
 require_once('../common.inc.php');
@@ -41,11 +46,14 @@ if($auth_type == 'fair') {
 	} else {
 		/* Make sure they have permission to laod this student, check
 		the master copy of the fairs_id in the project */
-		$q=mysql_query("SELECT * FROM projects WHERE 
+		$q=$pdo>prepare("SELECT * FROM projects WHERE 
 				registrations_id='$registrations_id' 
 				AND year='{$config['FAIRYEAR']}'
 				AND fairs_id=$fairs_id");
-		if(mysql_num_rows($q) != 1) {
+
+
+		$q->execute();
+		if($q->rowCount()!= 1) {
 			echo "permission denied.";
 			exit;
 		} 
@@ -63,19 +71,22 @@ case 'project_regenerate_number':
 	project_save();
 
 	/* Now generate */
-	$q=mysql_query("SELECT id FROM projects WHERE registrations_id='{$registrations_id}' AND year='{$config['FAIRYEAR']}'");
+	$q=$pdo->prepare("SELECT id FROM projects WHERE registrations_id='{$registrations_id}' AND year='{$config['FAIRYEAR']}'");
-	$i=mysql_fetch_assoc($q);
+	$q->execute();
+	$i=$q->fetch(PDO::FETCH_ASSOC);;
 	$id = $i['id'];
 
-	mysql_query("UPDATE projects SET projectnumber=NULL,projectsort=NULL,
+	$pdo->prepare("UPDATE projects SET projectnumber=NULL,projectsort=NULL,
 				projectnumber_seq='0',projectsort_seq='0'
 				WHERE id='$id'");
-	echo mysql_error();
+	$pdo->execute();
+	echo $pdo->errorInfo();
  	list($pn,$ps,$pns,$pss) = generateProjectNumber($registrations_id);
 //	print("Generated Project Number [$pn]");
-	mysql_query("UPDATE projects SET projectnumber='$pn',projectsort='$ps',
+	$pdo->prepare("UPDATE projects SET projectnumber='$pn',projectsort='$ps',
 				projectnumber_seq='$pns',projectsort_seq='$pss'
 				WHERE id='$id'");
+	$pdo->execute();
 	happy_("Generated and Saved Project Number: $pn");
 	break;
 
@@ -93,8 +104,9 @@ function project_save()
 	global $registrations_id, $config;
 
 	//first, lets make sure this project really does belong to them
-	$q=mysql_query("SELECT * FROM projects WHERE registrations_id='{$registrations_id}' AND year='{$config['FAIRYEAR']}'");
+	$q=$pdo->prepare("SELECT * FROM projects WHERE registrations_id='{$registrations_id}' AND year='{$config['FAIRYEAR']}'");
-	$projectinfo=mysql_fetch_object($q);
+	$q->execute();
+	$projectinfo = $q->fetch(PDO::FETCH_OBJ);
 	if(!projectinfo) {
 		echo error(i18n("Invalid project to update"));
 	}
@@ -106,36 +118,58 @@ function project_save()
 	else
 		$summarycountok=1;
 
+	//check if it is flagged then update it
+
+	if(empty($_POST['feedback'])) {
+		$stmt = $pdo->prepare("UPDATE projects SET ".
+			"flagged='0'".
+			"WHERE id='".intval($_POST['id'])."'");
+		$stmt->execute();
+	} else {
+		$stmt = $pdo->prepare("UPDATE projects SET ".
+			"flagged='1'".
+			"WHERE id='".intval($_POST['id'])."'");
+		$stmt->execute();
+	}
+	echo $pdo->errorInfo();
+	happy_("Flagging process successfully updated");
+	
 	if($config['participant_project_title_charmax'] && strlen(stripslashes($_POST['title']))>$config['participant_project_title_charmax']) {  //0 for no limit, eg 255 database field limit 
 		$title=substr(stripslashes($_POST['title']),0,$config['participant_project_title_charmax']);
 		error_("Project title truncated to %1 characters",array($config['participant_project_title_charmax']));
 	} else
 		$title=stripslashes($_POST['title']);
 
-	mysql_query("UPDATE projects SET ".
+	$stmt = $pdo->prepare("UPDATE projects SET ".
-			"title='".mysql_escape_string(iconv("UTF-8","ISO-8859-1//TRANSLIT",$title))."', ".
+			"title='".iconv("UTF-8","ISO-8859-1//TRANSLIT",$title)."', ".
-			"projectdivisions_id='".intval($_POST['projectdivisions_id'])."', ".
+			"projectdivisions_id='".intval($_POST['projectdivisions_id']."', ".
-			"language='".mysql_escape_string(stripslashes($_POST['language']))."', ".
+			"projecttype='".stripslashes($_POST['projecttype'])."', ".
-			"req_table='".mysql_escape_string(stripslashes($_POST['req_table']))."', ".
+			"language='".stripslashes($_POST['language'])."', ".
-			"req_electricity='".mysql_escape_string(stripslashes($_POST['req_electricity']))."', ".
+			"req_table='".stripslashes($_POST['req_table'])."', ".
-			"req_special='".mysql_escape_string(iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['req_special'])))."', ".
+			"req_electricity='".stripslashes($_POST['req_electricity'])."', ".
-			"summary='".mysql_escape_string(iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['summary'])))."', ".
+			"req_special='".iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['req_special']))."', ".
+			"human_participants='".stripslashes($_POST['human_participants'])."', ".
+			"animal_participants='".stripslashes($_POST['animal_participants'])."', ".
+			"summary='".iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['summary']))."', ".
 			"summarycountok='$summarycountok',".
-			"projectsort='".mysql_escape_string(stripslashes($_POST['projectsort']))."'".
+			"feedback='".iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['feedback']))."', ".
-			"WHERE id='".intval($_POST['id'])."'");
+			"projectsort='".stripslashes($_POST['projectsort'])."'".
-			echo mysql_error();
+			"WHERE id='".intval($_POST['id']))."'");
+			echo $pdo->errorInfo();
 	happy_("Project information successfully updated");
 
 	//check if they changed the project number
 	if($_POST['projectnumber']!=$projectinfo->projectnumber) {
 		//check if hte new one is available
-		$q=mysql_query("SELECT * FROM projects WHERE year='".$config['FAIRYEAR']."' AND projectnumber='".$_POST['projectnumber']."'");
+		$q=$pdo->prepare("SELECT * FROM projects WHERE year='".$config['FAIRYEAR']."' AND projectnumber='".$_POST['projectnumber']."'");
-		if(mysql_num_rows($q)) {
+		$q->execute();
+		if($q->rowCount()) {
 			error_("Could not change project number.  %1 is already in use",array($_POST['projectnumber']));
 		} else {
-			mysql_query("UPDATE projects SET
+			$stmt = $pdo->prepare("UPDATE projects SET
 					projectnumber='".$_POST['projectnumber']."'
 					WHERE id='".$_POST['id']."'");
+			$stmt->execute();
 			happy_("Project number successfully changed to %1",array($_POST['projectnumber']));
 		}
 	}
@@ -145,14 +179,15 @@ function project_save()
 function project_load()
 {
 	global $registrations_id, $config;
-
 	//now lets find out their MAX grade, so we can pre-set the Age Category
-	$q=mysql_query("SELECT MAX(grade) AS maxgrade FROM students WHERE registrations_id='".$registrations_id."'");
+	$q=$pdo->prepare("SELECT MAX(grade) AS maxgrade FROM students WHERE registrations_id='".$registrations_id."'");
-	$gradeinfo=mysql_fetch_object($q);
+	$q->execute();
+	$gradeinfo=$q->fetch(PDO::FETCH_OBJ);
 
 	//now lets grab all the age categories, so we can choose one based on the max grade
-	$q=mysql_query("SELECT * FROM projectcategories WHERE year='".$config['FAIRYEAR']."' ORDER BY id");
+	$q=$pdo->prepare("SELECT * FROM projectcategories WHERE year='".$config['FAIRYEAR']."' ORDER BY id");
-	while($r=mysql_fetch_object($q)) {
+	$q->execute();
+	while($r=$q->fetch(PDO::FETCH_OBJ)) {
 		//save these in an array, just incase we need them later (FIXME: remove this array if we dont need it)
 		$agecategories[$r->id]['category']=$r->category;
 		$agecategories[$r->id]['mingrade']=$r->mingrade;
@@ -163,14 +198,24 @@ function project_load()
 	}
 
 	//now select their project info
-	$q=mysql_query("SELECT * FROM projects WHERE registrations_id='".$registrations_id."' AND year='".$config['FAIRYEAR']."'");
+	$q=$pdo->prepare("SELECT * FROM projects WHERE registrations_id='".$registrations_id."' AND year='".$config['FAIRYEAR']."'");
 	//check if it exists, if we didnt find any record, lets insert one
-	$projectinfo=mysql_fetch_object($q);
+	$q->execute();
+	$projectinfo=$q->fetch(PDO::FETCH_OBJ);
+	if(!$projectinfo) {
+		$stmt = $pdo->prepare("INSERT INTO projects (registrations_id,projectcategories_id,year) VALUES ('".$registrations_id."','$projectcategories_id','".$config['FAIRYEAR']."')"); 
+		//and then pull it back out
+		$stmt->execute();
+		$q=$pdo->prepare("SELECT * FROM projects WHERE registrations_id='".$registrations_id."' AND year='".$config['FAIRYEAR']."'");
+		$q->execute();
+		$projectinfo=$q->fetch(PDO::FETCH_OBJ);
+	}
 
 	//make sure that if they changed their grade on the student page, we update their projectcategories_id accordingly
 	if($projectcategories_id && $projectinfo->projectcategories_id!=$projectcategories_id) {
 		echo notice(i18n("Age category changed, updating to %1",array($agecategories[$projectcategories_id]['category'])));
-		mysql_query("UPDATE projects SET projectcategories_id='$projectcategories_id' WHERE id='$projectinfo->id'");
+		$stmt = $pdo->prepare("UPDATE projects SET projectcategories_id='$projectcategories_id' WHERE id='$projectinfo->id'");
+		$stmt->execute();
 	}
 
 	//output the current status
@@ -207,7 +252,7 @@ function countwords()
 	<input type="hidden" name="id" value="<?=$projectinfo->id?>">
 	<table>
 	<tr>	<td><?=i18n("Project Title")?>: </td>
-		<td><input type="text" name="title" size="50" value="<?=htmlspecialchars($projectinfo->title)?>" /><?=REQUIREDFIELD?>
+		<td><input type="text" name="title" size="50" value="<?=htmlspecialchars($projectinfo->title,null,"ISO8859-1")?>" /><?=REQUIREDFIELD?>
 <?
 	if($config['participant_project_title_charmax'])
 		echo i18n("(Max %1 characters)",array($config['participant_project_title_charmax']));
@@ -220,8 +265,33 @@ function countwords()
 		</td>
 	</tr><tr>
 		<td><?=i18n("Project Sort")?>: </td>
-		<td><input type="text" name="projectsort" size="10" value="<?=$projectinfo->projectsort?>" /></td>
+		<td><input type="text" name="projectsort" size="10" value="<?=$projectinfo->projectsort?>" /></td></tr>
-	</tr><tr>
+
+<?
+if($config['project_type'] == 'yes'){
+ $q=$pdo->prepare("SELECT * FROM projecttypes ORDER BY type");
+ $q->execute();
+ echo "<tr><td>".i18n("Project Type").": </td><td>";
+ echo "<select name=\"projecttype\">\n";
+ echo "<option value=\"\">".i18n("Select a project type")."</option>\n";
+ //FIXME: need to fix the loading glitch
+ while($r=$q->fetch(PDO::FETCH_OBJ))
+ {	
+ 	if($r->type == $projectinfo->projecttype)
+	{
+		$sel="selected=\"selected\"";
+	}
+	else 
+	{
+		$sel="";
+	}
+	echo "<option $sel value=\"$r->type\">".htmlspecialchars(i18n($r->type),null,"ISO8859-1")."</option>\n";
+	
+ }
+ echo "</select>".REQUIREDFIELD."</td></tr>";
+}
+?>
+	<tr>
 		<td><?=i18n("Age Category")?>: </td>
 		<td><?=i18n($agecategories[$projectcategories_id]['category'])?> (<?=i18n("Grades %1-%2",array($agecategories[$projectcategories_id]['mingrade'],$agecategories[$projectcategories_id]['maxgrade']))?>)</td>
 	</tr><tr>
@@ -230,17 +300,19 @@ function countwords()
 <?
 	//###### Feature Specific - filtering divisions by category
 	if($config['filterdivisionbycategory']=="yes"){
-		$q=mysql_query("SELECT projectdivisions.* FROM projectdivisions,projectcategoriesdivisions_link WHERE projectdivisions.id=projectdivisions_id AND projectcategories_id=".$projectcategories_id." AND projectdivisions.year='".$config['FAIRYEAR']."' AND projectcategoriesdivisions_link.year='".$config['FAIRYEAR']."' ORDER BY division"); 
+		$q=$pdo->prepare("SELECT projectdivisions.* FROM projectdivisions,projectcategoriesdivisions_link WHERE projectdivisions.id=projectdivisions_id AND projectcategories_id=".$projectcategories_id." AND projectdivisions.year='".$config['FAIRYEAR']."' AND projectcategoriesdivisions_link.year='".$config['FAIRYEAR']."' ORDER BY division"); 
-		echo mysql_error();
+		$q->execute();
+		echo $pdo->errorInfo();
 	//###
 	} else
-		$q=mysql_query("SELECT * FROM projectdivisions WHERE year='".$config['FAIRYEAR']."' ORDER BY division");
+		$q=$pdo->prepare("SELECT * FROM projectdivisions WHERE year='".$config['FAIRYEAR']."' ORDER BY division");
+$q->execute();
 
 	echo "<select name=\"projectdivisions_id\">";
 	echo "<option value=\"\">".i18n("Select a division")."</option>\n";
-	while($r=mysql_fetch_object($q)) {
+	while($r=$q->fetch(PDO::FETCH_OBJ)) {
 		if($r->id == $projectinfo->projectdivisions_id) $sel="selected=\"selected\""; else $sel="";
-		echo "<option $sel value=\"$r->id\">".htmlspecialchars(i18n($r->division))."</option>\n";
+		echo "<option $sel value=\"$r->id\">".htmlspecialchars(i18n($r->division),null,"ISO8859-1")."</option>\n";
 	}
 	echo "</select>".REQUIREDFIELD;
 
@@ -319,9 +391,36 @@ function countwords()
 
 	echo "</table>";
 
+
+	if($config['ethics_questions']=="yes")
+		// If we have set ethics questions to yes then ask the ethics questions!
+		{
+	 echo "<tr><td>".i18n("Ethics Questions").":</td><td>";
+	 	echo "<table>";
+	 	echo "<tr>";
+		echo " <td>".i18n("My project involves human participants").REQUIREDFIELD."</td>";
+		if($projectinfo->human_participants=="yes") $check="checked=\"checked\""; else $check="";
+		echo " <td><input $check type=\"radio\" name=\"human_participants\" value=\"yes\" />Yes</td>";
+		echo " <td width=\"20\">&nbsp;</td>";
+		if($projectinfo->human_participants=="no") $check="checked=\"checked\""; else $check="";
+		echo " <td><input $check type=\"radio\" name=\"human_participants\" value=\"no\" />No</td>";
+		echo "</tr>";
+
+
+		echo "<tr>";
+		echo " <td>".i18n("My project involves animals").REQUIREDFIELD."</td>";
+		if($projectinfo->animal_participants=="yes") $check="checked=\"checked\""; else $check="";
+		echo " <td><input $check type=\"radio\" name=\"animal_participants\" value=\"yes\" />Yes</td>";
+		echo " <td width=\"20\">&nbsp;</td>";
+		if($projectinfo->animal_participants=="no") $check="checked=\"checked\""; else $check="";
+		echo " <td><input $check type=\"radio\" name=\"animal_participants\" value=\"no\" />No</td>";
+		echo "</tr>";
+		echo "</table>";
+
+	}
 	echo "</td></tr>";
 
-	echo "<tr><td>".i18n("Summary").": </td><td><textarea onchange='countwords()' onkeypress='countwords()' cols=\"60\" rows=\"12\" id=\"summary\" name=\"summary\">".htmlspecialchars($projectinfo->summary)."</textarea>".REQUIREDFIELD."<br />";
+	echo "<tr><td>".i18n("Summary").": </td><td><textarea onchange='countwords()' onkeypress='countwords()' cols=\"60\" rows=\"12\" id=\"summary\" name=\"summary\">".htmlspecialchars($projectinfo->summary,null,"ISO8859-1")."</textarea>".REQUIREDFIELD."<br />";
 
 	$summarywords=preg_split("/[\s,]+/",$projectinfo->summary);
 	$summarywordcount=count($summarywords);
@@ -334,6 +433,8 @@ function countwords()
 	echo i18n("%1 words maximum",array($config['participant_project_summary_wordmax']));
 	echo "</div>";
 
+	echo"<tr><td>".i18n("Feedback").": </td><td><textarea cols=\"60\" rows=\"4\" id=\"feedback\" name=\"feedback\">".htmlspecialchars($projectinfo->feedback,null,"ISO8859-1")."</textarea><br />";
+
 ?>
 	</td></tr>
 	</table>

admin/registration.php

@@ -23,6 +23,7 @@
 ?>
 <?
  require("../common.inc.php");
+ include"../config/signaturepage_or_permissionform.php";
  require_once("../user.inc.php");
  user_auth_required('committee', 'admin');
  send_header("Participant Registration",
@@ -31,7 +32,7 @@
             "participant_registration"
 			);
  echo "<br />";
- echo "<a href=\"registration_receivedforms.php\">".i18n("Input Received Signature Forms")."</a> <br />";
+ echo "<a href=\"registration_receivedforms.php\">".i18n("Input Received $plural_participationform")."</a> <br />";
  echo "<a href=\"registration_list.php\">".i18n("Registration List and Student/Project Editor")."</a> <br />";
  echo "<a href=\"registration_stats.php\">".i18n("Registration Statistics")."</a> <br />";
  echo "<a href=\"registration_webconsent.php\">".i18n("Website Consent")."</a> <br />";

admin/registration_list.php

@@ -20,6 +20,10 @@
    the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
    Boston, MA 02111-1307, USA.
 */
+
+// This file was modified Jan of 2014 by Richard Sin
+// Flagging has been added to monitor projects with concern.
+
 ?>
 <?
  require_once('../common.inc.php');
@@ -32,12 +36,16 @@ $auth_type = user_auth_required(array('fair','committee'), 'admin');
  if($_GET['year']) $year=$_GET['year'];
  else $year=$config['FAIRYEAR'];
 
-$q=mysql_query("SELECT * FROM projectcategories WHERE year='$year' ORDER BY id");
+ $q = $pdo->prepare("SELECT * FROM projectcategories WHERE year='$year' ORDER BY id");
-while($r=mysql_fetch_object($q))
+ $q->execute();
+
+while($r=$q->fetch(PDO::FETCH_OBJ))
 	$cats[$r->id]=$r->category;
 
-$q=mysql_query("SELECT * FROM projectdivisions WHERE year='$year' ORDER BY id");
+$q = $pdo->prepare("SELECT * FROM projectdivisions WHERE year='$year' ORDER BY id");
-while($r=mysql_fetch_object($q))
+$q->execute();
+
+while($q->fetch(PDO::FETCH_OBJ))
 	$divs[$r->id]=$r->division;
 
 $action=$_GET['action'];
@@ -45,31 +53,47 @@ switch($action) {
 case 'load_row':
 	$id = intval($_GET['id']);
 	$q = list_query($year, '', $id);
-	$r = mysql_fetch_object($q);
+	$r = $q->fetch(PDO::FETCH_OBJ);
 	print_row($r);
 	exit;
 
 case 'delete':
 	$regid = intval($_GET['id']);
-	$q = mysql_query("SELECT * FROM projects WHERE registrations_id='$regid'");
+	$q = $pdo->prepare("SELECT * FROM projects WHERE registrations_id='$regid'");
-	if(mysql_num_rows($q)) {
+	$q->execute();
-		$p = mysql_fetch_assoc($q);
+	if($q->rowCount()) {
-		mysql_query("DELETE FROM winners WHERE projects_id='{$p['id']}'");
+		$p = $q->fetch(PDO::FETCH_ASSOC);
+		$stmt = $pdo->prepare("DELETE FROM winners WHERE projects_id='{$p['id']}'");
+		$stmt->execute();
 	}
- 	mysql_query("DELETE FROM registrations WHERE id='$regid' AND year='".$config['FAIRYEAR']."'");
+ 	
-	mysql_query("DELETE FROM students WHERE registrations_id='$regid' AND year='".$config['FAIRYEAR']."'");
+	$stmt = $pdo->prepare("DELETE FROM registrations WHERE id='$regid' AND year='".$config['FAIRYEAR']."'");
-	mysql_query("DELETE FROM projects WHERE registrations_id='$regid' AND year='".$config['FAIRYEAR']."'");
+	$stmt->execute();
-	mysql_query("DELETE FROM safety WHERE registrations_id='$regid' AND year='".$config['FAIRYEAR']."'");
+
-	mysql_query("DELETE FROM questions_answers WHERE registrations_id='$regid' AND year='".$config['FAIRYEAR']."'");
+	$stmt = $pdo->prepare("DELETE FROM students WHERE registrations_id='$regid' AND year='".$config['FAIRYEAR']."'");
-	mysql_query("DELETE FROM mentors WHERE registrations_id='$regid' AND year='".$config['FAIRYEAR']."'");
+	$stmt->execute();
-	mysql_query("DELETE FROM emergencycontact WHERE registrations_id='$regid' AND year='".$config['FAIRYEAR']."'");
+
+	$stmt = $pdo->prepare("DELETE FROM projects WHERE registrations_id='$regid' AND year='".$config['FAIRYEAR']."'");
+	$stmt->execute();
+
+	$stmt = $pdo->prepare("DELETE FROM safety WHERE registrations_id='$regid' AND year='".$config['FAIRYEAR']."'");
+	$stmt->execute();
+
+	$stmt = $pdo->prepare("DELETE FROM questions_answers WHERE registrations_id='$regid' AND year='".$config['FAIRYEAR']."'");
+	$stmt->execute();
+
+	$stmt = $pdo->prepare("DELETE FROM mentors WHERE registrations_id='$regid' AND year='".$config['FAIRYEAR']."'");
+	$stmt->execute();
+
+	$stmt = $pdo->prepare("DELETE FROM emergencycontact WHERE registrations_id='$regid' AND year='".$config['FAIRYEAR']."'");
+	$stmt->execute();
 	happy_("Registration and all related data successfully deleted");
 	exit;
 }
 
 if($auth_type == 'committee') {
 	 send_header("Registration Management",
- 		array('Committee Main' => 'committee_main.php',
+	 	array('Committee Main' => 'committee_main.php',
 			'Administration' => 'admin/index.php',
 			'Participant Registration' => 'admin/registration.php')
 				);
@@ -361,10 +385,11 @@ echo  "<th>".i18n("Age Category")."</th>";
 echo  "<th>".i18n("Division")."</th>";
 echo  "<th>".i18n("School(s)")."</th>";
 echo  "<th>".i18n("Student(s)")."</th>";
+echo  "<th>".i18n("Flagged")."</th>";
 echo  "<th>".i18n("Action")."</th>";
 echo "</tr></thead>";
 
-while($r=mysql_fetch_object($q)) {
+while($r=$q->fetch(PDO::FETCH_OBJ)) {
 	echo "<tr id=\"row_{$r->reg_id}\">";
 	print_row($r);
 	echo "</tr>";
@@ -376,7 +401,7 @@ echo "<br/><br/>The statistics have moved here: <a href=\"registration_stats.php
 
 send_footer();
 
-/* Now some helper fucntions we call more than once */
+/* Now some helper functions we call more than once */
 function list_query($year, $wherestatus, $reg_id)
 {
 	global $auth_type;
@@ -390,14 +415,16 @@ function list_query($year, $wherestatus, $reg_id)
 		$fair = "AND projects.fairs_id='{$_SESSION['fairs_id']}'";
 	}
 
-	$q=mysql_query("SELECT  registrations.id AS reg_id,
+	$q = pdo->prepare("SELECT  registrations.id AS reg_id,
 				registrations.num AS reg_num,
 				registrations.status,
 				registrations.email,
 				projects.title,
 				projects.projectnumber,
 				projects.projectcategories_id,
-				projects.projectdivisions_id
+				projects.projectdivisions_id,
+				projects.feedback,
+				projects.flagged
 			FROM
 				registrations
 				left outer join projects on projects.registrations_id=registrations.id
@@ -409,7 +436,10 @@ function list_query($year, $wherestatus, $reg_id)
 			ORDER BY
 				registrations.status DESC, projects.title
 			");
-	echo mysql_error();
+
+	
+
+	echo $pdo->erroInfo();
 	return $q;
 }
 
@@ -440,7 +470,7 @@ function print_row($r)
 	echo "<td $scl>".i18n($cats[$r->projectcategories_id])."</td>";
 	echo "<td $scl>".i18n($divs[$r->projectdivisions_id])."</td>";
 
-	$sq=mysql_query("SELECT students.firstname,
+	$sq=$pdo->prepare("SELECT students.firstname,
 				students.lastname,
 				students.id,
 				schools.school,
@@ -453,12 +483,13 @@ function print_row($r)
 				AND
 				students.schools_id=schools.id
 			");
-			echo mysql_error();
+	$sq->execute();
+			echo $pdo->errorInfo();
 
 	$studnum=1;
 	$schools="";
 	$students="";
-	while($studentinfo=mysql_fetch_object($sq))
+	while($studentinfo=$sq->fetch(PDO::FETCH_OBJ))
 	{
 		$students.="$studentinfo->firstname $studentinfo->lastname<br />";
 		$schools.="$studentinfo->school <br />";
@@ -466,6 +497,19 @@ function print_row($r)
 
 	echo "<td $scl>$schools</td>";
 	echo "<td $scl>$students</td>";
+
+	echo "<td align=\"center\"  >";
+	if($r->flagged == false) {
+		echo "<a title=\"".i18n("Not flagged")."\" href=\"#\" onClick=\"popup_editor('{$r->reg_id}','project');\" >";
+		echo "<img src=\"".$config['SFIABDIRECTORY']."/images/16/ok.".$config['icon_extension']."\" border=0>";
+		echo "</a>";
+	}
+	else {
+		echo "<a title=\"".i18n("Flagged")."\" href=\"#\" onClick=\"popup_editor('{$r->reg_id}','project');\" >";
+		echo "<img src=\"".$config['SFIABDIRECTORY']."/images/16/flagged.".$config['icon_extension']."\" border=0>";
+		echo "</a>";
+	}
+	
 	echo "<td align=\"center\"  >";
 	if($year==$config['FAIRYEAR']) {
 		echo "<a title=\"".i18n("Delete this registration")."\" href=\"#\" onClick=\"delete_registration({$r->reg_id});return false\" >";

admin/registration_receivedforms.php

@@ -20,14 +20,19 @@
    the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
    Boston, MA 02111-1307, USA.
 */
+
+   // This file was modified March of 2015 by Sebastian Ruan
+   // Receive all button was added
+
 ?>
 <?
  require("../common.inc.php");
+ include "../config/signaturepage_or_permissionform.php";
  require_once("../user.inc.php");
  user_auth_required('committee', 'admin');
  require("../register_participants.inc.php");
 
- send_header("Input Received Signature Forms",
+ send_header("Input Received $plural_participationform",
  		array('Committee Main' => 'committee_main.php',
 			'Administration' => 'admin/index.php',
 			'Participant Registration' => 'admin/registration.php')
@@ -37,10 +42,11 @@
 $showformatbottom=true;
  if($_POST['action']=="received" && $_POST['registration_number'])
  {
- 	$q=mysql_query("SELECT * FROM registrations WHERE num='".$_POST['registration_number']."' AND year='".$config['FAIRYEAR']."'");
+ 	$q=$pdo->prepare("SELECT * FROM registrations WHERE num='".$_POST['registration_number']."' AND year='".$config['FAIRYEAR']."'");
-	if(mysql_num_rows($q)==1)
+	$q->execute();
+	if($q->rowCount()==1)
 	{
-		$r=mysql_fetch_object($q);
+		$r=$q->fetch(PDO::FETCH_OBJ);
 		$reg_id=$r->id;
 		$reg_num=$r->num;
 		$reg_status=$r->status;
@@ -71,7 +77,7 @@ $showformatbottom=true;
 				$statusnamecheck == "complete"
 			) {
 				
-				$q=mysql_query("SELECT projects.title,
+				$q=$pdo->prepare("SELECT projects.title,
 							projectcategories.category,
 							projectdivisions.division
 						FROM
@@ -82,10 +88,15 @@ $showformatbottom=true;
 							projects.projectcategories_id=projectcategories.id
 							AND
 							projects.projectdivisions_id=projectdivisions.id
+							AND 
+							projectcategories.year=projects.year
+							AND
+							projectdivisions.year=projects.year
 						");
+				$q->execute();
 
-echo mysql_Error();
+echo $pdo->errorInfo();
-				$projectinfo=mysql_fetch_object($q);
+				$projectinfo=$q->fetch(PDO::FETCH_OBJ);
 				echo "<table class=\"summarytable\">";
  				echo "<tr><th colspan=\"2\">".i18n("Registration Summary for %1",array($reg_num))."</th></tr>";
 				switch($reg_status)
@@ -100,7 +111,7 @@ echo mysql_Error();
 				echo "<tr><td><b>".i18n("Project Title")."</b></td><td>$projectinfo->title</td></tr>";
 				echo "<tr><td><b>".i18n("Category / Division")."</b></td><td>$projectinfo->category / $projectinfo->division</td></tr>";
 
-				$q=mysql_query("SELECT students.firstname,
+				$q=$pdo->prepare("SELECT students.firstname,
 							students.lastname,
 							schools.school
 						FROM
@@ -110,9 +121,10 @@ echo mysql_Error();
 							AND
 							students.schools_id=schools.id
 						");
+				$q->execute();
 
 				$studnum=1;
-				while($studentinfo=mysql_fetch_object($q))
+				while($studentinfo=$q->fetch(PDO::FETCH_OBJ))
 				{
 					echo "<tr><td><b>".i18n("School %1",array($studnum))."</b></td><td>$studentinfo->school </td></tr>";
 
@@ -137,7 +149,7 @@ echo mysql_Error();
 					echo "<form method=\"post\" action=\"registration_receivedforms.php\">";
 					echo "<input type=\"hidden\" name=\"registration_number\" value=\"$reg_num\" />";
 					echo "<input type=\"hidden\" name=\"action\" value=\"receivedno\" />";
-					echo "<input type=submit value=\"".i18n("No, this is the wrong form")."\" style=\"width: 400px;\"/>";
+					echo "<input type=submit value=\"".i18n("No, this is the wrong form")."\" style=\"width: 400px; height: 40px; margin: 10px;\"/>";
 					echo "</form>";
 
 					if($config['regfee']>0)
@@ -146,13 +158,13 @@ echo mysql_Error();
 						echo "<form method=\"post\" action=\"registration_receivedforms.php\">";
 						echo "<input type=\"hidden\" name=\"registration_number\" value=\"$reg_num\" />";
 						echo "<input type=\"hidden\" name=\"action\" value=\"receivedyes\" />";
-						echo "<input type=submit value=\"".i18n("Yes, right form with registration fee")."\" style=\"width: 400px;\"/>";
+						echo "<input type=submit value=\"".i18n("Yes, right form with registration fee")."\" style=\"width: 400px; height: 40px; margin: 10px;\"/>";
 						echo "</form>";
 
 						echo "<form method=\"post\" action=\"registration_receivedforms.php\">";
 						echo "<input type=\"hidden\" name=\"registration_number\" value=\"$reg_num\" />";
 						echo "<input type=\"hidden\" name=\"action\" value=\"receivedyesnocash\" />";
-						echo "<input type=submit value=\"".i18n("Yes, right form without registration fee")."\" style=\"width: 400px;\"/>";
+						echo "<input type=submit value=\"".i18n("Yes, right form without registration fee")."\" style=\"width: 400px; height: 40px; margin: 10px;\"/>";
 						echo "</form>";
 					}
 					else
@@ -160,7 +172,7 @@ echo mysql_Error();
 						echo "<form method=\"post\" action=\"registration_receivedforms.php\">";
 						echo "<input type=\"hidden\" name=\"registration_number\" value=\"$reg_num\" />";
 						echo "<input type=\"hidden\" name=\"action\" value=\"receivedyes\" />";
-						echo "<input type=submit value=\"".i18n("Yes, this is the right form")."\" style=\"width: 400px;\"/>";
+						echo "<input type=submit value=\"".i18n("Yes, this is the right form")."\" style=\"width: 400px; height: 40px; margin: 10px;\"/>";
 						echo "</form>";
 
 
@@ -200,22 +212,24 @@ echo mysql_Error();
  else if(($_POST['action']=="receivedyes" || $_POST['action']=="receivedyesnocash") && $_POST['registration_number']) {
  	
 	$regnum = intval($_POST['registration_number']);
- 	$checkNumQuery=mysql_query("SELECT projectnumber
+ 	$checkNumQuery=$pdo->prepare("SELECT projectnumber
 					FROM projects, registrations 
 					WHERE projects.registrations_id = registrations.id 
 						AND num='$regnum'
 						AND registrations.year='{$config['FAIRYEAR']}'");
-	$checkNumResults=mysql_fetch_object($checkNumQuery);
+	$checkNumQuery->execute();
+	$checkNumResults=$checkNumQuery->fetch(PDO::FETCH_OBJ);
  	$projectnum=$checkNumResults->projectnumber;
 
-	$q=mysql_query("SELECT id FROM registrations WHERE num='$regnum' AND year='{$config['FAIRYEAR']}'");
+	$q=$pdo->prepare("SELECT id FROM registrations WHERE num='$regnum' AND year='{$config['FAIRYEAR']}'");
-	$r=mysql_fetch_object($q);
+	$q->execute();
+	$r=$q->fetch(PDO::FETCH_OBJ);
 	$reg_id = $r->id;
 
  	if($projectnum == null)
  	{
 	 	list($projectnumber,$ps,$pns,$pss) = generateProjectNumber($reg_id);
-		mysql_query("UPDATE projects SET projectnumber='$projectnumber',
+		$stmt = $pdo->prepare("UPDATE projects SET projectnumber='$projectnumber',
 				projectsort='$ps',projectnumber_seq='$pns',projectsort_seq='$pss'
 				WHERE registrations_id='$reg_id' AND year='{$config['FAIRYEAR']}'");
 		echo happy(i18n("Assigned Project Number: %1",array($projectnumber)));
@@ -229,8 +243,8 @@ echo mysql_Error();
  	if($_POST['action']=="receivedyes")
  	{
  		//actually set it to 'complete'
-		mysql_query("UPDATE registrations SET status='complete' WHERE num='$regnum' AND year='{$config['FAIRYEAR']}'");
+		$stmt = $pdo->prepare("UPDATE registrations SET status='complete' WHERE num='$regnum' AND year='{$config['FAIRYEAR']}'");
-
+		$stmt->execute();
 		foreach($recipients AS $recip) {
 			$to=$recip['to'];
 			$subsub=array();
@@ -251,8 +265,8 @@ echo mysql_Error();
  	else if($_POST['action']=="receivedyesnocash")
  	{
  		//actually set it to 'paymentpending'
-		mysql_query("UPDATE registrations SET status='paymentpending' WHERE num='$regnum' AND year='{$config['FAIRYEAR']}'");
+		$stmt = $pdo->prepare("UPDATE registrations SET status='paymentpending' WHERE num='$regnum' AND year='{$config['FAIRYEAR']}'");
-
+		$stmt->execute();
 		foreach($recipients AS $recip) {
 			$to=$recip['to'];
 			$subsub=array();
@@ -278,19 +292,23 @@ echo mysql_Error();
  }
  else if($_GET['action']=="unregister" && $_GET['registration_number']) {
  	$reg_num=intval(trim($_GET['registration_number']));
- 	$q=mysql_query("SELECT registrations.id AS reg_id, projects.id AS proj_id FROM projects,registrations WHERE projects.registrations_id=registrations.id AND registrations.year='{$config['FAIRYEAR']}' AND registrations.num='$reg_num'");
+ 	$q=$pdo-prepare("SELECT registrations.id AS reg_id, projects.id AS proj_id FROM projects,registrations WHERE projects.registrations_id=registrations.id AND registrations.year='{$config['FAIRYEAR']}' AND registrations.num='$reg_num'");
-	$r=mysql_fetch_object($q);
+	$q->execute();
- 	mysql_query("UPDATE projects SET projectnumber=null, projectsort=null, projectnumber_seq=0, projectsort_seq=0 WHERE id='$r->proj_id' AND year='{$config['FAIRYEAR']}'");
+	$r=$q->fetch(PDO::FETCH_OBJ);
- 	mysql_query("UPDATE registrations SET status='open' WHERE id='$r->reg_id' AND year='{$config['FAIRYEAR']}'");
+ 	$stmt=$pdo->prepare("UPDATE projects SET projectnumber=null, projectsort=null, projectnumber_seq=0, projectsort_seq=0 WHERE id='$r->proj_id' AND year='{$config['FAIRYEAR']}'");
+ 	$stmt->execute();
+	$stmt=$pdo->prepare("UPDATE registrations SET status='open' WHERE id='$r->reg_id' AND year='{$config['FAIRYEAR']}'");
+	$stmt->execute();
 	echo happy(i18n("Successfully unregistered project"));
  }
 
 
  if($showformatbottom)
- {
+ {echo "<table>";
+	 echo "<tr><td>";
 	 echo "<form id=\"inputform\" method=\"post\" action=\"registration_receivedforms.php\">";
 	 echo "<input type=\"hidden\" name=\"action\" value=\"received\" />";
-	 echo i18n("Enter the registration number from the signature form: ")."<br />";
+	 echo i18n("Enter the registration number from the $signatureformpermissionform : ")."<br />";
 	 echo "<input id=\"registration_number\" type=\"text\" size=\"15\" name=\"registration_number\" />";
 	 echo "<input type=\"submit\" value=\"".i18n("Lookup Registration Number")."\" />";
 	 echo "</form>";
@@ -299,7 +317,156 @@ echo mysql_Error();
 	 document.forms.inputform.registration_number.focus();
 	 </script>
 	 <?
+
+	echo "<br/><br/>";
+	 echo "</td></tr><tr><td>";
+	 echo "<font size=\"2\" color=\"red\">This button does not keep track of payments</font>";
+	 echo "</td></tr><tr><td>";
+	 echo "<form method=\"post\" action=\"registration_receivedforms.php\">";
+	 echo "<input type=\"hidden\" name=\"action\" value=\"recieve_all\" />";
+	 echo "<input type=\"submit\" value=\"".i18n("Receive All")."\" onclick=\"return confirmClick('Are you sure you wish to mark all students as has having their $signatureformpermissionform received?')\" />";
+	 echo "</form>";
+	 echo "</tr></td>";
+	 echo "</table>";
+	 echo "<br>";
+	 echo i18n(" <lh>'Receive All' notes:</lh> <ul><li>The button will mark all open-status students that have completed registration as having their $signatureformpermissionform received.
+	 												    <li> Students with above status will be emailed a \"$signatureformpermissionform received\" confirmation.
+	 												    <li> Project numbers will be assigned to these students' projects.
+	 												</ul>");
  }
 
- send_footer();
+
-?>
+if ($_POST['action'] == 'recieve_all')
+{	
+	// Grab all projects that don't have project numbers. Status should therefor be open or new but not complete 
+	$query_noprojectnumber = $pdo->prepare("SELECT * FROM projects WHERE projectnumber IS NULL AND year =".$config['FAIRYEAR']."");
+	// Define arrays to append to later
+	$query_noprojectnumber.execute();
+	$completed_students = array();
+	$incomplete_students = array();
+	$newstatus_students = array();
+
+	// loop through each project that doesn't have a project number
+	while($studentproject=$query_noprojectnumber->fetch(PDO::FETCH_ASSOC))
+	{	
+		// Grab registration information about the current project
+	 	$q=$pdo->prepare("SELECT * FROM registrations WHERE id='".$studentproject['registrations_id']."' AND year='".$config['FAIRYEAR']."'");
+		$q->execute();
+		$r=$q->fetch(PDO::FETCH_OBJ);
+		$reg_id=$r->id;
+		$reg_num=$r->num;
+		$reg_status=$r->status;
+
+		// student has completed some or all of the registration process for their project. Let's find out which one is true
+		if ($r->status!='new')
+			{
+				//make sure all of the statuses are correct
+				$statusstudent=studentStatus($reg_id);
+				$statusemergencycontact=emergencycontactStatus($reg_id);
+				$statusproject=projectStatus($reg_id);
+				if($config['participant_mentor']=="yes")
+					$statusmentor=mentorStatus($reg_id);
+				else
+					$statusmentor="complete";
+				$statussafety=safetyStatus($reg_id);
+				$statusnamecheck=namecheckStatus($reg_id);
+
+				if(
+					$statusstudent == "complete" &&
+					$statusemergencycontact == "complete" &&
+					//S$statusproject == "complete" &&
+					$statusmentor == "complete" &&
+					$statussafety == "complete" &&
+					$statusnamecheck == "complete" &&
+					$r->status!='complete'
+					//above: project status must not be complete. If it is complete signature page/permission form has already been received.
+				) {
+				 	
+				 	// Generate project number and update it in data base
+				 	list($projectnumber,$ps,$pns,$pss) = generateProjectNumber($reg_id);
+					$stmt = $pdo->prepare("UPDATE projects SET projectnumber='$projectnumber',
+							projectsort='$ps',projectnumber_seq='$pns',projectsort_seq='$pss'
+							WHERE registrations_id='$reg_id' AND year='{$config['FAIRYEAR']}'");
+					$stmt->execute();
+
+				//email stuff
+					//get all students with this registration number
+					//$recipients=getEmailRecipientsForRegistration($reg_id);
+
+			 		//Set status to 'complete'
+					$stmt = $pdo->prepare("UPDATE registrations SET status='complete' WHERE num='$reg_num' AND year='{$config['FAIRYEAR']}'");
+					$stmt->execute();
+					/*foreach($recipients AS $recip) {
+						$to=$recip['to'];
+						$subsub=array();
+						$subbod=array(
+							"TO"=>$recip['to'],
+							"EMAIL"=>$recip['email'],
+							"FIRSTNAME"=>$recip['firstname'],
+							"LASTNAME"=>$recip['lastname'],
+							"NAME"=>$recip['firstname']." ".$recip['lastname'],
+							"REGNUM"=>$regnum,
+							"PROJECTNUMBER"=>$projectnumber,
+							);
+						email_send("register_participants_received",$to,$subsub,$subbod);
+					}*/
+
+				// End email stuff
+					//add cuurent registration number to completed_students array
+					$completed_students[] = $reg_num;
+
+				}else{
+					// or add current registration number to incomplete_student array
+					$incomplete_students[] = $reg_num;
+				}
+			
+
+			}
+		//New status automatically means student has not completed the registration process for their project. So execute below:
+		else{
+			// or add current registration number to newstatus_students array
+			$newstatus_students[] = $reg_num;
+			}
+
+		
+	}
+	// Find how many project numbers were assigned/how many projects have complete status (ie signature page/permission form is considered received)
+	$total_completed = count($completed_students);
+
+	// since incomplete_students and newstatus_students both did not get project numbers and are not considered as having signature page/permission form received
+	//    combine them 
+	$total_incomplete = array_merge($incomplete_students, $newstatus_students);
+	
+	echo "<br><br>";
+	echo "<table>";
+	echo "<tr><td>".i18n("$total_completed student(s) registered as $non_capital_participationform received.")."</td></tr>";
+	
+	//display below only if there are registration numbers that don't have project numbers and the students have not completed the registration process
+	if (count($total_incomplete) > 0) {
+		echo "<tr><td>".i18n("Registration numbers which are NOT marked as having their $non_capital_participationform received are shown below:")."</td></tr>";
+		echo "<tr><td>&nbsp</td></tr>";
+		$string = "";
+		echo "<tr><td>";
+
+		//create a string that contains all incomplete registration numbers
+		foreach ($total_incomplete as $regnum){
+			$string = $string.i18n($regnum);
+			$string = $string.", ";
+		} 
+
+		// delete the comma at the end of the string
+		$string = substr($string, 0, strlen($string)-2);
+		echo $string;
+		echo "</td></tr>";
+		echo "<tr><td>&nbsp</td></tr>";
+		echo "<tr><td>";
+		echo i18n("The above registration numbers correspond to projects in which the registration process has not been completed by the student.");
+		echo "</td></tr>";
+	}
+	echo "</table>";
+	echo happy_(i18n("Received all permision forms for complete students"));
+}
+
+send_footer();
+
+?>

admin/registration_stats.php

@@ -61,12 +61,15 @@
  echo "</select>";
  echo "</form>";
 
-$q=mysql_query("SELECT * FROM projectcategories WHERE year='$year' ORDER BY id");
+$q=$pdo->prepare("SELECT * FROM projectcategories WHERE year='$year' ORDER BY id");
-while($r=mysql_fetch_object($q))
+
+
+while($r=$q->fetch(PDO::FETCH_OBJ)
 	$cats[$r->id]=$r->category;
 
-$q=mysql_query("SELECT * FROM projectdivisions WHERE year='$year' ORDER BY id");
+$q=$pdo->prepare("SELECT * FROM projectdivisions WHERE year='$year' ORDER BY id");
-while($r=mysql_fetch_object($q))
+$q->execute();
+while($r=$q->fetch(PDO::FETCH_OBJ))
 	$divs[$r->id]=$r->division;
 
 if($showstatus) {
@@ -90,14 +93,15 @@ else $wherestatus="";
 		default:	$ORDERBY="registrations.status DESC, projects.title"; break;
 	}
 
-	$q=mysql_query("SELECT  registrations.id AS reg_id,
+	$q=$pdo->prepare("SELECT  registrations.id AS reg_id,
 				registrations.num AS reg_num,
 				registrations.status,
 				registrations.email,
 				projects.title,
 				projects.projectnumber,
 				projects.projectcategories_id,
-				projects.projectdivisions_id
+				projects.projectdivisions_id,
+				projects.language
 			FROM
 				registrations
 				left outer join projects on projects.registrations_id=registrations.id
@@ -108,7 +112,8 @@ else $wherestatus="";
 			ORDER BY
 				$ORDERBY
 			");
-		echo mysql_error();
+		$q->execute();
+		echo $pdo->errorInfo();
 	
 	$stats_totalprojects=0;
 	$stats_totalstudents=0;
@@ -118,14 +123,18 @@ else $wherestatus="";
 	$stats_projects_catdiv=array();
 	$stats_students_schools=array();
 	$stats_projects_schools=array();
+	$stats_projects_lang=array();
 	$schools_names=array();
+	$languages=array();
 
-	while($r=mysql_fetch_object($q))
+	while($r=$q->fetch(PDO::FETCH_OBJ))
 	{
 		$stats_totalprojects++;
 		$stats_divisions[$r->projectdivisions_id]++;
 		$stats_categories[$r->projectcategories_id]++;
 		$stats_projects_catdiv[$r->projectcategories_id][$r->projectdivisions_id]++;
+		$stats_projects_lang[$r->projectcategories_id][$r->projectdivisions_id][$r->language]++;
+		$languages[$r->language]++;
 
 		switch($r->status)
 		{
@@ -137,7 +146,7 @@ else $wherestatus="";
 		$status_text=i18n($status_text);
 
 
-		$sq=mysql_query("SELECT students.firstname,
+		$sq=$pdo->prepare("SELECT students.firstname,
 					students.lastname,
 					students.id,
 					schools.school,
@@ -150,12 +159,12 @@ else $wherestatus="";
 					AND
 					students.schools_id=schools.id
 				");
-				echo mysql_error();
+				echo $pdo->errorInfo();
 
 		$studnum=1;
 		$schools="";
 		$students="";
-		while($studentinfo=mysql_fetch_object($sq))
+		while($studentinfo=$sq->fetch(PDO::FETCH_OBJ))
 		{
 			$stats_totalstudents++;
 			$stats_students_catdiv[$r->projectcategories_id][$r->projectdivisions_id]++;
@@ -257,6 +266,70 @@ else $wherestatus="";
 	echo i18n("%1 schools total",array(count($schools_names)));
 
 	echo "</td></tr>";
+	echo "<tr><td colspan=\"2\"><br /></td></tr>";
+	echo "<tr><td colspan=\"2\"><h3>{$status_str[$showstatus]} - ".i18n("Projects per age category / division / language")."</h3></td></tr>";
+	echo "<tr><td colspan=\"2\">";
+	echo "<table class=\"tableview\" width=\"100%\">";	
+	echo "<thead><tr><td rowspan='2' width=\"50%\"></td>";
+	foreach($cats AS $c=>$cn) {
+		echo "<th colspan='".count($languages)."'>$cn</th>";
+	}
+	echo "<th colspan='".count($languages)."'>".i18n("Total")."</nobr></th>";
+	echo "</tr><tr>";
+	ksort($languages);
+	$tprojcat = array();
+	foreach($cats AS $c=>$cn) {
+		foreach($languages AS $l=>$ln) {
+			echo "<th>$l</th>";
+		}
+	}
+	foreach($languages AS $l=>$ln) {
+		echo "<th>$l</th>";
+	}
+	echo "</tr></thead>";
+	foreach($divs AS $d=>$dn) {
+		echo "<tr><td>$dn</td>";
+		$tproj=array();
+		foreach($cats AS $c=>$cn)
+		{
+			foreach($languages AS $l=>$ln) {
+				echo "<td align=\"center\">";
+				echo ($stats_projects_lang[$c][$d][$l]?$stats_projects_lang[$c][$d][$l]:0);
+				echo "</td>";
+				$tproj[$l]+=$stats_projects_lang[$c][$d][$l];
+
+				$tprojcat[$c][$l]+=$stats_projects_lang[$c][$d][$l];
+			}
+		}
+		foreach($tproj AS $l=>$ln) {
+			echo "<td align=\"center\"><b>";
+			echo ($ln?$ln:0);
+			echo "</b></td>";
+		}
+		echo "</tr>";
+	}
+	echo "<tr><td><b>".i18n("Total")."</b></td>";
+	$tproj=array();
+	foreach($cats AS $c=>$cn) {
+		foreach($languages AS $l=>$ln) {
+			echo "<td align=\"center\"><b>";
+			echo ($tprojcat[$c][$l]?$tprojcat[$c][$l]:0);
+			echo "</b></td>";
+			$tproj[$l]+=$tprojcat[$c][$l];
+		}
+	}
+	foreach($tproj AS $l=>$ln) {
+		echo "<td align=\"center\"><b>";
+		echo ($ln);
+		echo "</b></td>";
+	}
+	echo "</tr>";
+
+
+	echo "</table>";
+
+	echo "</td></tr>";
+
 	echo "</table>";
 
 	echo "<br />";

admin/registration_webconsent.php

@@ -45,7 +45,7 @@
 			$webfirst=$_POST['webfirst'][$id]=="yes"?"yes":"no";
 			$weblast=$_POST['weblast'][$id]=="yes"?"yes":"no";
 			$webphoto=$_POST['webphoto'][$id]=="yes"?"yes":"no";
-			mysql_query("UPDATE students SET 
+			$stmt = $pdo->prepare("UPDATE students SET 
 					webfirst='$webfirst',
 					weblast='$weblast',
 					webphoto='$webphoto'
@@ -71,7 +71,7 @@
 
  <?
 
-		$sq=mysql_query("SELECT students.firstname,
+		$sq=$pdo->prepare("SELECT students.firstname,
 					students.lastname,
 					students.id,
 					projects.projectnumber,
@@ -91,7 +91,8 @@
 				AND 	students.year='".$config['FAIRYEAR']."' 
 				ORDER BY projectnumber
 				");
-				echo mysql_error();
+		$sq->execute();
+				echo $pdo->errorInfo();
 
 	echo "<form method=\"post\" action=\"registration_webconsent.php\">";
 	echo "<table class=\"tableview\">";
@@ -102,7 +103,7 @@
 	echo " <th>".i18n("Last")."</th>";
 	echo " <th>".i18n("Photo")."</th>";
 	echo "</tr></thead>";
-	while($r=mysql_fetch_object($sq))
+	while($r=$sq->fetch(PDO::FETCH_OBJ))
 	{
 		echo "<tr>";
 		echo "<td>$r->projectnumber<input id=\"changed_$r->id\" type=\"hidden\" name=\"changed[$r->id]\" value=\"0\"></td>";

admin/reports.inc.php

@@ -21,11 +21,14 @@
    Boston, MA 02111-1307, USA.
 */
 
- require_once("reports_students.inc.php");  /* $report_students_fields */
+// This file was modified Jan of 2014 by Richard Sin
- require_once("reports_judges.inc.php");  /* $report_students_fields */
+// A glitch that prints out both english and french columns has been modified.
- require_once("reports_awards.inc.php");  /* $report_students_fields */
+
- require_once("reports_committees.inc.php");  /* $report_students_fields */
+ require_once("reports_students.inc.php");  	/* $report_students_fields */
- require_once("reports_volunteers.inc.php"); /* $report_volunteers_fields */
+ require_once("reports_judges.inc.php");  	/* $report_students_fields */
+ require_once("reports_awards.inc.php");  	/* $report_students_fields */
+ require_once("reports_committees.inc.php"); 	/* $report_students_fields */
+ require_once("reports_volunteers.inc.php"); 	/* $report_volunteers_fields */
  require_once("reports_schools.inc.php");
  require_once("reports_tours.inc.php");
  require_once("reports_fairs.inc.php");
@@ -299,6 +302,11 @@ foreach($report_stock as $n=>$v) {
 			'custom_url' => 'admin/reports_judges.php?type=csv',
 			'creator' => 'The Grant Brothers');
  $x++;
+ $report_custom[$x] = array('id' => $x, 'name' => 'Custom -- Judges List (CSV) -- ALL YEARS',
+ 			'desc' => 'Judges List - All Years',
+			'custom_url' => 'admin/reports_judges_allyears.php?type=csv',
+			'creator' => 'The Grant Brothers');
+ $x++;
  $report_custom[$x] = array('id' => $x, 'name' => 'Custom -- Judging Teams Project Assignments (PDF)',
  			'desc' => 'Judging Teams Project Assignments',
 			'custom_url' => 'admin/reports_judges_teams_projects.php?type=pdf',
@@ -337,9 +345,10 @@ foreach($report_stock as $n=>$v) {
 	$allow_fields = array_keys($$fieldvar);
 
 	/* First delete all existing fields */
-	mysql_query("DELETE FROM reports_items 
+	$stmt = $pdo->prepare("DELETE FROM reports_items 
 			WHERE `reports_id`='{$report['id']}'
 			AND `type`='$type'");
+	$stmt->execute();
 	/* Now add new ones */
 
 	if(count($report[$type]) == 0) return;
@@ -349,12 +358,12 @@ foreach($report_stock as $n=>$v) {
 	foreach($report[$type] as $k=>$v) {
 		if($type == 'option') {
 			/* field, value, x, y, w, h, lines, face, align, valign, fn, fs, fsize, overflow */
-			$vals = "'$k','$v','0','0','0','0','0','','','','','','0','truncate'";
+			$vals = "'".$k."','".$v."','0','0','0','0','0','','','','','','0','truncate'";
 		} else {
 			if($v['lines'] == 0) $v['lines'] =1;
 			$fs = is_array($v['fontstyle']) ? implode(',',$v['fontstyle']) : '';
 			$opts = "{$v['align']} {$v['valign']}";
-			$vals = "'{$v['field']}','{$v['value']}',
+			$vals = "'{$v['field']}','".$v['value']."',
 				'{$v['x']}','{$v['y']}','{$v['w']}',
 				'{$v['h']}','{$v['lines']}','{$v['face']}',
 				'$opts','{$v['valign']}',
@@ -366,13 +375,14 @@ foreach($report_stock as $n=>$v) {
 		$x++;
 	}
 	
-	mysql_query("INSERT INTO reports_items(`reports_id`,`type`,`ord`,
+	$stmt = $pdo->prepare("INSERT INTO reports_items(`reports_id`,`type`,`ord`,
 				`field`,`value`,`x`, `y`, `w`, `h`,
 				`lines`, `face`, `align`,`valign`,
 				`fontname`,`fontstyle`,`fontsize`,`on_overflow`) 
 			VALUES $q;");
 
-	echo mysql_error();
+	$stmt->execute();
+	echo $pdo->erroInfo();
 	
  }
 	
@@ -386,8 +396,9 @@ foreach($report_stock as $n=>$v) {
 
 	$report = array();
 
-	$q = mysql_query("SELECT * FROM reports WHERE id='$report_id'");
+	$q = $pdo->prepare("SELECT * FROM reports WHERE id='$report_id'");
-	$r = mysql_fetch_assoc($q);
+	$q->execute();
+	$r = $q->fetch(PDO::FETCH_ASSOC);
 	$report['name'] = $r['name'];
 	$report['id'] = $r['id'];
 	$report['system_report_id'] = $r['system_report_id']; 
@@ -409,14 +420,15 @@ foreach($report_stock as $n=>$v) {
 	else
 		$allow_fields=array();
 
- 	$q = mysql_query("SELECT * FROM reports_items 
+ 	$q = $pdo->prepare("SELECT * FROM reports_items 
 			WHERE reports_id='{$report['id']}' 
 			ORDER BY `ord`");
-	print(mysql_error());
+	$q->execute();
+	print($pdo->erroInfo());
 	
-	if(mysql_num_rows($q) == 0) return $ret;
+	if($q->rowCount() == 0) return $report;
 
-	while($a = mysql_fetch_assoc($q)) {
+	while($a = $q->fetch(PDO::FETCH_ASSOC)) {
 		$f = $a['field'];
 		$t = $a['type'];
 		switch($t) {
@@ -424,14 +436,13 @@ foreach($report_stock as $n=>$v) {
 			/* We dont' care about order, just construct
 			 * ['option'][name] = value; */
 			if(!in_array($f, $allow_options)) {
-				print("Type[$type] Field[$f] not allowed.\n");
+//				print("Type[$type] Field[$f] not allowed.\n");
 				continue;
 			}
 			$report['option'][$f] = $a['value'];
-			break;
 		default:
 			if(!in_array($f, $allow_fields)) {
-				print("Type[$type] Field[$f] not allowed.\n");
+//				print("Type[$type] Field[$f] not allowed.\n");
 				continue;
 			}
 			/* Pull out all the data */
@@ -465,13 +476,15 @@ foreach($report_stock as $n=>$v) {
  {
  	if($report['id'] == 0) {
 		/* New report */
-		mysql_query("INSERT INTO reports (`id`) VALUES ('')");
+		$stmt = $pdo->prepare("INSERT INTO reports (`id`) VALUES ('')");
-		$report['id'] = mysql_insert_id();
+		$stmt->execute();
+		$report['id'] = $pdo->lastInsertId();
 	} else {
 		/* if the report['id'] is not zero, see if this is a
 		 * systeim report before doing anything. */
-		$q = mysql_query("SELECT system_report_id FROM reports WHERE id='{$report['id']}'");
+		$q = $pdo->prepare("SELECT system_report_id FROM reports WHERE id='{$report['id']}'");
-		$i = mysql_fetch_assoc($q);
+		$q->execute();
+		$i = $q->fetch(PDO::FETCH_ASSOC);
 		if(intval($i['system_report_id']) != 0) {
 			/* This is a system report, the editor (should)
 			 * properly setup the editor pages so that the user
@@ -490,12 +503,13 @@ foreach($report_stock as $n=>$v) {
 	print("</pre>");
 */
 
- 	mysql_query("UPDATE reports SET 
+ 	$stmt = $pdo->prepare("UPDATE reports SET 
-			`name`='".mysql_escape_string($report['name'])."',
+			`name`='".$report['name']."',
-			`desc`='".mysql_escape_string($report['desc'])."',
+			`desc`='".$report['desc']."',
-			`creator`='".mysql_escape_string($report['creator'])."',
+			`creator`='".$report['creator']."',
-			`type`='".mysql_escape_string($report['type'])."'
+			`type`='".$report['type']."'
 			WHERE `id`={$report['id']}");
+	$stmt->execute();
 
 	report_save_field($report, 'col', $report['loc']);
 	report_save_field($report, 'group', array());
@@ -509,9 +523,9 @@ foreach($report_stock as $n=>$v) {
  function report_load_all() 
  {
  	$ret = array();
- 	$q = mysql_query("SELECT * FROM reports ORDER BY `name`");
+ 	$q = $pdo->prepare("SELECT * FROM reports ORDER BY `name`");
 
-	while($r = mysql_fetch_assoc($q)) {
+	while($r = $q->fetch(PDO::FETCH_ASSOC)) {
 		$report = array();
 	        $report['name'] = $r['name'];
 	        $report['id'] = $r['id'];
@@ -528,8 +542,9 @@ foreach($report_stock as $n=>$v) {
  	$r = intval($report_id);
 	/* if the report['id'] is not zero, see if this is a
 	 * systeim report before doing anything. */
-	$q = mysql_query("SELECT system_report_id FROM reports WHERE id='$r'");
+	$q = $pdo->prepare("SELECT system_report_id FROM reports WHERE id='$r'");
-	$i = mysql_fetch_assoc($q);
+	$q->execute();
+	$i = $q->fetch(PDO::FETCH_ASSOC);
 	if(intval($i['system_report_id']) != 0) {
 		/* This is a system report, the editor (should)
 		 * properly setup the editor pages so that the user
@@ -539,19 +554,27 @@ foreach($report_stock as $n=>$v) {
 		echo "ERROR: attempt to delete a system report (reports.id=$r)";
 		exit;
 	}
- 	mysql_query("DELETE FROM reports WHERE `id`=$r");
+ 	$stmt = $pdo->prepare("DELETE FROM reports WHERE `id`=$r");
-	mysql_query("DELETE FROM reports_items WHERE `reports_id`=$r");
+	$stmt->execute();
- }
+	$stmt = $pdo->prepare("DELETE FROM reports_items WHERE `reports_id`=$r");
+ $stmt->execute();}
+
 
  function report_gen($report) 
  {
- 	global $config, $report_students_fields, $report_judges_fields, $report_awards_fields, $report_schools_fields;
+foreach($report['col'] as $v)
+
+	global $config, $report_students_fields, $report_judges_fields, $report_awards_fields, $report_schools_fields;
 	global $report_stock, $report_committees_fields, $report_volunteers_fields;
 	global $report_tours_fields, $report_fairs_fields;
 	global $report_fundraisings_fields;
 	global $filter_ops;
 
-	//print_r($report);
+//foreach($report as $k=>$v){
+//print_r($k.' ~	>');
+//print_r($v);
+//print_r('<br> <br>');
+//}
 	$fieldvar = "report_{$report['type']}s_fields";
 	$fields = $$fieldvar;
 
@@ -639,25 +662,42 @@ foreach($report_stock as $n=>$v) {
 
 	$total_width = 0;
 	$scale_width = 0;
+	$temp=array();
+	$count=0;
+	foreach($report['col'] as $o=>$d) {
+		if($config['default_language']!='fr'){
+			if(strpos($d['field'],'fr_')!='fr_'){
+			$temp[$count]=$d;
+			$count++;
+			}
+		} 
+	}
+	$report['col']=$temp;
 	/* Add up the column widths, and figure out which
 	 * ones are scalable, just in case */
 	foreach($report['col'] as $o=>$d) {
 		$f = $d['field'];
 		$total_width += $fields[$f]['width'];
-		if($fields[$f]['scalable'] == true) 
+		if($fields[$f]['scalable'] == true)
 			$scale_width += $fields[$f]['width'];
 	}
 
 	/* Determine the scale factor (use the label width so
 	 * we can enforce margins) */
+
 	if($report['option']['fit_columns'] == 'yes') { // && $total_width > $label_stock['label_width'])  {
 		$static_width = $total_width - $scale_width;
-        if($scale_width) 
+        	if($scale_width){
-            $scale_factor = ($label_stock['label_width'] - $static_width) / $scale_width;
+			if ($label_stock['label_width'] - $static_width > 0) {
-        else
+	        		$scale_factor = ($label_stock['label_width'] - $static_width) / $scale_width;
-            $scale_factor = 1.0;
+ 			} else {
+				$scale_factor = $label_stock['label_width']/$total_width;
+			} 
+		} else {
+        		$scale_factor = 1.0;
+		}
 	} else {
-		$scale_factor = 1.0;
+			$scale_factor = 1.0;
 	}
 
 	/* Select columns to display */
@@ -699,6 +739,7 @@ foreach($report_stock as $n=>$v) {
 		}
 	}
 
+
 	/* If no sort order is specified, make the first field the order */
 	if(count($report['sort']) == 0) 
 		$report['sort'] = array(0 => array('field' => $report['col'][0]['field']));
@@ -761,11 +802,13 @@ foreach($report_stock as $n=>$v) {
 	$q = call_user_func_array($func, array($report, $components));
 
 	$q = "SELECT $sel  $q  $filter_query $group_query ORDER BY $order";
-	$r = mysql_query($q);
+	$r = $pdo->prepare($q);
-
+	$r->execute();
+ 
 //	print_r($report);
 //	print_r($report['filter']);
 //	echo "$q";
+	
 
 	if($r == false) {
 		echo "The report database query has failed.  This is
@@ -775,20 +818,19 @@ foreach($report_stock as $n=>$v) {
 		a bug report so we can get this fixed.<br />"; 
 		echo "<pre>";
 		echo "Query: [$q]<br />";
-		echo "Error: [".mysql_error()."]<br />";
+		echo "Error: [".$pdo->erroInfo()."]<br />";
 		echo "</pre>";
 		exit;
 	}
-	echo mysql_error();
+	echo $pdo->erroInfo();
 
 	$ncols = count($report['col']);
 	$n_groups = count($report['group']);
 	$last_group_data = array();
 
 //	echo "<pre>";print_r($rep);
-
+	while($i = $r->fetch(PDO::FETCH_ASSOC)) {
-	while($i = mysql_fetch_assoc($r)) {
+		
-
 		if($n_groups > 0) {
 			$group_change = false;
 			/* See if any of the "group" fields have changed */
@@ -808,9 +850,10 @@ foreach($report_stock as $n=>$v) {
 
 			if($group_change) {
 				/* Dump the last table */
+
 				if(count($table['data'])) {
 				//	print_r($table);
-					$rep->addTable($table);
+					$rep->addTable($table);  //table is the content
 					$rep->nextLine();
 					$table['data'] = array();
 					$table['total'] = 0;
@@ -843,18 +886,17 @@ foreach($report_stock as $n=>$v) {
 			$rep->label_new();
 		}
 
-		foreach($report['col'] as $o=>$d) {
+		foreach($report['col'] as $o=>$d) {			//fill in one page
 			$f = $d['field'];
+
 			if(is_array($fields[$f]['value_map'])) {
 				$v = $fields[$f]['value_map'][$i["C$o"]];
 			} else if(is_callable($fields[$f]['exec_function'])) {
 				$v = call_user_func_array($fields[$f]['exec_function'], array($report, $f, $i["C$o"]));
-//			} else if(isset($fields[$f]['exec_code'])) {
-//				Somethign like this, how do we pass $i["C$o"] in?
-//				$v = exec($fields[$f]['exec_code']);
 			} else {
 				$v =  $i["C$o"];
 			}
+
 			if($gen_mode == 'table') {
 				$data[] = $v;
 			} else if($gen_mode == 'label') {
@@ -865,7 +907,7 @@ foreach($report_stock as $n=>$v) {
 				if($report['option']['field_box'] == 'yes') 
 					$opt[] = 'field_box';
 
-
+//the page content is filled
 				/* Special column, draw a box */
 				if($f == 'static_box') {
 					$rep->addLabelBox($d['x'], $d['y'], $d['w'],
@@ -885,20 +927,73 @@ foreach($report_stock as $n=>$v) {
 
 //				echo "<pre>"; print_r($d);
 
+				switch($f) {
+				case 'static_box':
+					$rep->label_rect($d['x'], $d['y'], $d['w'], $d['h']);
+					break;
+				case 'fair_logo':
+					$rep->label_fair_logo($d['x'], $d['y'], $d['w'], $d['h'], $show_box);
+					break;
+				case "projectbarcode":
+					$style = array(
+					'border' => 2,
+					'vpadding' => 'auto',
+					'hpadding' => 'auto',
+					'fgcolor' => array(0,0,0),
+					'bgcolor' => false, //array(255,255,255)
+					'module_width' => 2, // width of a single module in points
+					'module_height' => 2 // height of a single module in points
+					);
+					$rep->label_barcode($v, 'QRCODE,H', $d['x'], $d['y'], $d['w'], $d['h'], $style, 'N');
+				break;
+					
+				default:
+					if($f == 'static_text') 
+						$v = $d['value'];
+
+					$v = iconv("ISO-8859-1","UTF-8",$v);
+
+					$rep->label_text($d['x'], $d['y'], $d['w'], $d['h'],
+					$v, $show_box, $d['align'], $d['valign'],
+					$d['fontname'],$d['fontstyle'],$d['fontsize'],
+					$d['on_overflow']);
+
+					break;
+				}
+
+
+
+/*
 				if($f == 'static_box') {
 					$rep->label_rect($d['x'], $d['y'], $d['w'], $d['h']);
 				} else {
 					if($f == 'static_text') $v = $d['value'];
 
 					$v = iconv("ISO-8859-1//TRANSLIT", "UTF-8", $v);
+					if($f=="projectbarcode") {
+						$style = array(
+							'border' => 2,
+							'vpadding' => 'auto',
+							'hpadding' => 'auto',
+							'fgcolor' => array(0,0,0),
+							'bgcolor' => false, //array(255,255,255)
+							'module_width' => 2, // width of a single module in points
+							'module_height' => 2 // height of a single module in points
+						);
+						$rep->label_barcode($v, 'QRCODE,H', $d['x'], $d['y'], $d['w'], $d['h'], $style, 'N');
+					}
+					else {
+						$rep->label_text($d['x'], $d['y'], $d['w'], $d['h'],
+								$v, $show_box, $d['align'], $d['valign'],
+								$d['fontname'],$d['fontstyle'],$d['fontsize'],
+								$d['on_overflow']);
+					}
 
-					$rep->label_text($d['x'], $d['y'], $d['w'], $d['h'],
-							$v, $show_box, $d['align'], $d['valign'],
-							$d['fontname'],$d['fontstyle'],$d['fontsize'],
-							$d['on_overflow']);
 				}
+				*/
 
 			}
+//}
 
 			if($fields[$f]['total'] == true)
 				$table['total'] += $v;

admin/reports.php

@@ -35,8 +35,9 @@ $option_keys = array('type','stock');
 switch($_GET['action']) {
 case 'remove_report':
  	$id = intval($_GET['id']);
-	mysql_query("DELETE FROM reports_committee WHERE
+	$stmt = $pdo->prepare("DELETE FROM reports_committee WHERE
 			users_id='{$_SESSION['users_uid']}' AND id='$id'");
+	$stmt->execute();
 	happy_('Report successfully removed');
 	exit;
 case 'reload':
@@ -60,16 +61,17 @@ case 'load_report':
 		$ret['name'] = $report['name'];
 		$ret['category'] = '';
 	} else {
-		$q = mysql_query("SELECT * FROM reports_committee WHERE id='$id'");
+		$q = $pdo->prepare("SELECT * FROM reports_committee WHERE id='$id'");
-		$ret = mysql_fetch_assoc($q);
+		$ret = $q->fetch(PDO::FETCH_ASSOC);
 		$ret['type'] = $ret['format'];
 	}
 
 	/* Load available categories */
-	$q = mysql_query("SELECT DISTINCT category FROM reports_committee
+	$q = $pdo->prepare("SELECT DISTINCT category FROM reports_committee
  			WHERE users_id='{$_SESSION['users_uid']}'
 			ORDER BY category");
-	while($i = mysql_fetch_object($q))
+	$q->execute();
+	while($i = $q->fetch(PDO::FETCH_OBJ))
 		$ret['cat'][] = $i->category;
 	echo json_encode($ret);
 	exit;
@@ -81,19 +83,20 @@ case 'save':
  	$reports_id = intval($_POST['reports_id']);
 	if($id == -1) {
 		/* New entry */
-		mysql_query("INSERT INTO `reports_committee` (`users_id`,`reports_id`) 
+		$stmt = $pdo->prepare("INSERT INTO `reports_committee` (`users_id`,`reports_id`) 
 			VALUES('{$_SESSION['users_uid']}','$reports_id');");
-		echo mysql_error();
+		$stmt->execute();
-		$id = mysql_insert_id();
+		echo $pdo->errorInfo();
+		$id = $pdo->lastInsertId();
 	}
 
 	/* Update entry */
 	$category = $_POST['category'];
 	$category_exist = $_POST['category_exist'];
-	$comment = mysql_real_escape_string(stripslashes($_POST['comment']));
+	$comment = stripslashes($_POST['comment']);
 
 	if($category_exist != '') $category = $category_exist;
-	$category = mysql_real_escape_string(stripslashes(trim($category)));
+	$category = stripslashes(trim($category));
 
 	if($category == '') $category = 'default';
 
@@ -115,12 +118,13 @@ case 'save':
 		$stock = '';
 	}
 
-	mysql_query("UPDATE `reports_committee` SET
+	$stmt = $pdo->prepare("UPDATE `reports_committee` SET
 			`category`='$category',
 			`comment`='$comment',
 			`format`='$type',
 			`stock`='$stock'
 			WHERE id='$id'");
+	$stmt->execute();
 	happy_("Saved");
 	exit;
  }
@@ -237,20 +241,21 @@ $(document).ready(function() {
 <?
 
  /* Load all the users reports */
- $q = mysql_query("SELECT reports_committee.*,reports.name
+ $q = $pdo->prepare("SELECT reports_committee.*,reports.name
  			FROM reports_committee 
 				LEFT JOIN reports ON reports.id=reports_committee.reports_id
  			WHERE users_id='{$_SESSION['users_uid']}'
 			ORDER BY category,id");
- echo mysql_error();
+$q->execute();
- if(mysql_num_rows($q) == 0) {
+ echo $pdo->errorInfo();
+ if($q->rowCount()== 0) {
  	echo i18n('You have no reports saved');
  } else {
 
 	$last_category = '';
 	$x=0;
 	echo "<table class=\"tableview\" style=\"border:0px;\">";
-	while($i = mysql_fetch_object($q)) {
+	while($i = $q->fetch(PDO::FETCH_OBJ)) {
 		$x++;
 		if($last_category != $i->category) {
 			/* New category */

admin/reports_acscript.php

@@ -9,7 +9,7 @@
  else $foryear=$config['FAIRYEAR'];
 
  if($_GET['awardtype']=="All") $awardtype="";
- else if($_GET['awardtype']) $awardtype=" AND award_types.type='".mysql_escape_string($_GET['awardtype'])."'";
+ else if($_GET['awardtype']) $awardtype=" AND award_types.type='".$_GET['awardtype']."'";
  else $awardtype="";
 
  if($_GET['show_unawarded_awards']=="on") $show_unawarded_awards="yes";
@@ -24,7 +24,11 @@
  if(is_array($_GET['show_category'])) {
 	 $show_category = array();
  	foreach($_GET['show_category'] as $id=>$val) {
-		$show_category[] = "award_awards_projectcategories.projectcategories_id='$id'";
+		$show_category[] = "projects.projectcategories_id='$id'";
+	}
+	if($show_unawarded_prizes=="yes")
+	{
+		$show_category[] = "projects.projectcategories_id IS NULL";
 	}
 	$and_categories = join(' OR ', $show_category);
  } else {
@@ -52,7 +56,7 @@ if(!$scriptformat) $scriptformat="default";
 	else if($type=="csv") {
 		$rep=new lcsv(i18n("Awards Ceremony Script"));
 	}
-	$q=mysql_query("SELECT 
+	$q=$pdo->prepare("SELECT 
 				award_awards.id,
 				award_awards.name,
 				award_awards.presenter,
@@ -64,31 +68,28 @@ if(!$scriptformat) $scriptformat="default";
 			FROM 
 				award_awards,
 				award_types,
-				sponsors,
+				sponsors
-				award_awards_projectcategories
 			WHERE 
 					award_awards.year='$foryear'
 				AND	award_types.year='$foryear'
 				AND	award_awards.award_types_id=award_types.id
 				AND	award_awards.sponsors_id=sponsors.id
-				AND     award_awards.id=award_awards_projectcategories.award_awards_id
 				AND	award_awards.excludefromac='0'
-				AND ($and_categories)
 				$awardtype
-			GROUP BY award_awards.id
 			ORDER BY awards_order");
+		$q->execute();
 
-	echo mysql_error();
+	echo $pdo->errorInfo();
 //	echo "<pre>";
-	if(!mysql_num_rows($q)) {
+	if(!$q->rowCount()) {
 		$rep->output();
 		exit;
 	}
 	$awards = array();
 
-	while($r=mysql_fetch_object($q)) {
+	while($r=$q->fetch(PDO::FETCH_OBJ)) {
 
-		$pq=mysql_query("SELECT 
+		$pq=$pdo->prepare("SELECT 
 						award_prizes.prize,
 						award_prizes.number,
 						award_prizes.id,
@@ -107,14 +108,16 @@ if(!$scriptformat) $scriptformat="default";
 						award_awards_id='{$r->id}' 
 						AND award_prizes.year='$foryear'
 						AND award_prizes.excludefromac='0'
+						AND ($and_categories)
 					ORDER BY 
 						`order`,
 						projects.projectnumber");
-					echo mysql_error();
+		$pq->execute();
+					echo $pdo->errorInfo();
 
 		$r->winners = array();
 		$r->awarded_count = 0;
-		while($w = mysql_fetch_object($pq)) {
+		while($w = $pq->fetch(PDO::FETCH_OBJ)) {
 			if($w->projects_id)
 			{
 				$r->awarded_count++;
@@ -228,7 +231,7 @@ if(!$scriptformat) $scriptformat="default";
 						if($scriptformat=="default") 
 							$rep->addText( "    ($pr->projectnumber) $pr->title");
 
-						$sq=mysql_query("SELECT students.firstname,
+						$sq=$pdo->prepare("SELECT students.firstname,
 									students.lastname,
 									students.pronunciation,
 									students.schools_id,
@@ -240,12 +243,13 @@ if(!$scriptformat) $scriptformat="default";
 									students.registrations_id='$pr->reg_id'
 									AND students.schools_id=schools.id
 								");
+						$sq->execute();
 	
 						$students="       Students: ";
 						$studnum=0;
 						$pronounce = "";
 						$rawpronounce = "";
-						while($studentinfo=mysql_fetch_object($sq)) {
+						while($studentinfo=$sq->fetch(PDO::FETCH_OBJ)) {
 							if($studnum>0) $students.=", ";
 							$students.="$studentinfo->firstname $studentinfo->lastname";
 

admin/reports_appeal_letters.php

@@ -30,7 +30,7 @@ require_once('../tcpdf/tcpdf_sfiab_config.php');
 require_once('../tcpdf/tcpdf.php');
 
 $fcid = intval($_GET['fundraising_campaigns_id']);
-$key = mysql_real_escape_string($_GET['key']);
+$key = $_GET['key'];
 
 /* Start an output PDF */
 $pdf = new TCPDF(PDF_PAGE_ORIENTATION, PDF_UNIT, PDF_PAGE_FORMAT, true, 'UTF-8', false);
@@ -69,16 +69,17 @@ $pdf->setImageScale(PDF_IMAGE_SCALE_RATIO);
 
 /* Load the users */
 $users = array();
-$q = mysql_query("SELECT * FROM fundraising_campaigns_users_link WHERE fundraising_campaigns_id='$fcid'");
+$q = $pdo->prepare("SELECT * FROM fundraising_campaigns_users_link WHERE fundraising_campaigns_id='$fcid'");
-while($l = mysql_fetch_assoc($q)) {
+while($l = $q->fetch(PDO::FETCH_ASSOC))) {
 	$uid = $l['users_uid'];
 	$users[$uid] = user_load_by_uid($uid);
 }
 
 /* Grab all the emails */
-$q = mysql_query("SELECT * FROM emails WHERE fundraising_campaigns_id='$fcid' AND val='$key'");
+$q = $pdo->prepare("SELECT * FROM emails WHERE fundraising_campaigns_id='$fcid' AND val='$key'");
+$q->execute();
 
-while($e = mysql_fetch_assoc($q)) {
+while($e = $q->fetch(PDO::FETCH_ASSOC))) {
 
 	foreach($users as $uid=>&$u) {
 	 	$subject = communication_replace_vars($e['subject'], $u);

admin/reports_awards.inc.php

@@ -21,6 +21,14 @@
    Boston, MA 02111-1307, USA.
 */
 
+function report_awards_fr($report, $field, $text) {
+	return i18n($text,array(),array(),"fr");
+}
+
+function report_cash_words($report, $field, $text) {
+	return wordify($text, true);
+}
+
 $report_awards_fields = array(
 	'name' =>  array(
 		'start_option_group' => 'Award Information',
@@ -29,12 +37,26 @@ $report_awards_fields = array(
 		'width' => 3.0,
 		'table' => 'award_awards.name' ),
 
+	'name_fr' =>  array(
+		'name' => 'Award -- Name (French)',
+		'header' => 'Award Name',
+		'width' => 3.0,
+		'table' => 'award_awards.name',
+		'exec_function' => 'report_awards_fr' ),
+
 	'criteria' =>  array(
 		'name' => 'Award -- Criteria',
 		'header' => 'Award Criteria',
 		'width' => 3.0,
 		'table' => 'award_awards.criteria' ),
 
+	'criteria_fr' =>  array(
+		'name' => 'Award -- Criteria (French)',
+		'header' => 'Award Criteria',
+		'width' => 3.0,
+		'table' => 'award_awards.criteria',
+		'exec_function' => 'report_awards_fr' ),
+
 	'presenter' =>  array(
 		'name' => 'Award -- Presenter',
 		'header' => 'Award Presenter',
@@ -197,6 +219,36 @@ $report_awards_fields = array(
 		'width' => 3,
 		'table' => 'PRIMARYCONTACT.notes' ),
 
+	'pcontact_address' =>  array(
+		'name' => 'Primary Contact Address -- Street',
+		'header' => 'Address',
+		'width' => 2.0,
+		'table' => "CONCAT(PRIMARYCONTACTUSER.address, ' ', PRIMARYCONTACTUSER.address2)"),
+
+	'pcontact_city' =>  array(
+		'name' => 'Primary Contact Address -- City',
+		'header' => 'City',
+		'width' => 1.5,
+		'table' => 'PRIMARYCONTACTUSER.city'),
+
+	'pcontact_province' =>  array(
+		'name' => 'Primary Contact Address -- '.$config['provincestate'],
+		'header' => $config['provincestate'],
+		'width' => 0.75,
+		'table' => 'PRIMARYCONTACTUSER.province'),
+
+	'pcontact_postal' =>  array(
+		'name' => 'Primary Contact Address -- '.$config['postalzip'],
+		'header' => $config['postalzip'],
+		'width' => 0.75,
+		'table' => 'PRIMARYCONTACTUSER.postalcode' ),
+
+ 	'pcontact_city_prov' =>  array(
+		'name' => 'Primary Contact Address -- City, '.$config['provincestate'].' (for mailing)',
+		'header' => 'City',
+		'width' => 1.5,
+		'table' => "CONCAT(PRIMARYCONTACTUSER.city, ', ', PRIMARYCONTACTUSER.province)"),
+
 	'judgeteamname' => array(
 		'start_option_group' => 'Judging Team',
 		'components' => array('judgingteam'),
@@ -242,6 +294,15 @@ $report_awards_fields = array(
 		'table' => 'award_prizes.cash',
 		'components' => array('prizes')),
 
+	'prize_cash_words' => array(
+		'name' => 'Prize --  Cash Amount In Words',
+		'header' => 'Cash',
+		'width' => 0.5,
+		'table' => 'award_prizes.cash',
+		'components' => array('prizes'),
+		'exec_function' => 'report_cash_words'
+		),
+	
 	'prize_scholarship' => array(
 		'name' => 'Prize --  Scholarship Amount',
 		'header' => 'Scholarship',

admin/reports_ceremony.php

@@ -38,10 +38,11 @@
  echo "<tr><td><b>".i18n("Year").":</b></td><td>";
 
  //get the year information, use fairname since it should be there for all years[right?]
- $results = mysql_query("SELECT year FROM config WHERE var='fairname' AND year > 0 ORDER BY year DESC");
+ $results = $pdo->prepare("SELECT year FROM config WHERE var='fairname' AND year > 0 ORDER BY year DESC");
+ $results->execute();
  
  echo "<select name=\"year\" size=1>";
- while($r=mysql_fetch_object($results)) {
+ while($r=$results->fetch(PDO::FETCH_OBJ)) {
  	echo "<option>$r->year</option>";
  }
  echo "</select></td></tr>";
@@ -60,9 +61,10 @@
  echo "<tr>";
  //list award subsets to output
  echo "<td><b>".i18n("Award Type").":</b></td> <td> <select name=\"awardtype\" size=1>";
- $results = mysql_query("SELECT type FROM award_types WHERE year=".$config['FAIRYEAR']." ORDER BY type");
+ $results = $pdo->prepare("SELECT type FROM award_types WHERE year=".$config['FAIRYEAR']." ORDER BY type");
+ $results->execute();
  echo "<option value=\"All\">".i18n("All")."</option>";
- while($r=mysql_fetch_object($results)) {
+ while($r=$results->fetch(PDO::FETCH_OBJ)) {
  	echo "<option value=\"$r->type\">".i18n("$r->type")."</option>";
  }
  echo "</select></td>";
@@ -92,8 +94,9 @@
 
  echo "<tr><td><b>".i18n("Include the following age categories").":</b></td>";
  echo "<td>";
- $q=mysql_query("SELECT * FROM projectcategories WHERE year='{$config['FAIRYEAR']}' ORDER BY id");
+ $q=$pdo->prepare("SELECT * FROM projectcategories WHERE year='{$config['FAIRYEAR']}' ORDER BY id");
- while($r=mysql_fetch_object($q)) {
+ $q->execute();
+ while($r=$q->fetch(PDO::FETCH_OBJ)) {
 	echo "<input name=\"show_category[{$r->id}]\" type=\"checkbox\" checked=\"checked\" />";
 	echo "".i18n($r->category)."<br />";
  }

admin/reports_committees.inc.php

@@ -95,6 +95,24 @@ $report_committees_fields = array(
 		'width' => 2,
 		'table' => 'users.organization'),
 
+	'committee' => array(
+		'name' => 'Committee Member -- Committee Name',
+		'header' => 'Committee',
+		'width' => 2,
+		'table' => 'committees.name'),
+
+	'title' => array(
+		'name' => 'Committee Member -- Title on Committee',
+		'header' => 'Title',
+		'width' => 2,
+		'table' => 'committees_link.title'),
+
+	'committeetitle' => array(
+		'name' => 'Committee Member -- Committee and Title',
+		'header' => 'Committee and Title',
+		'width' => 2,
+		'table' => "CONCAT(committees.name, ' - ', committees_link.title)"),
+
 	'firstaid' => array(
 		'name' => 'Committee Member -- First Aid Training',
 		'header' => 'F.Aid',
@@ -135,9 +153,16 @@ $report_committees_fields = array(
 	}
 */										
 	$q = "	FROM 
-			users
+			committees_link
+			JOIN committees ON committees_link.committees_id=committees.id
+			JOIN users
+				ON committees_link.users_uid=users.uid
+			LEFT OUTER JOIN users u2
+				ON u2.uid=users.uid
+				AND u2.year>users.year
 		WHERE
 			users.types LIKE '%committee%'
+			AND u2.uid IS NULL
 		";
 
 	return $q;

admin/reports_editor.php

@@ -22,6 +22,7 @@
 */
 ?>
 <?
+ 
  require("../common.inc.php");
  require_once("../user.inc.php");
  user_auth_required('committee', 'admin');
@@ -38,6 +39,7 @@
  require_once('reports.inc.php');
  require_once('../tcpdf.inc.php');
 
+
  $fields = array();
  $locs = array('X' => 'x', 'Y' => 'y', 'W' => 'w', 'H' => 'h', 'Lines' => 'lines');
 
@@ -53,6 +55,10 @@
 			if($in_optgroup) echo '</optgroup>';
 			echo '<optgroup label="'.i18n($f['start_option_group']).'">';
 		}
+		if($f['name']=='Project -- Type'){										//filter out if the configuration setting does not allow for the project type
+			global $config;
+			if($config['project_type']=='no') continue;
+		}
 		$sel = ($selected == $k) ? 'selected=\"selected\"': '' ;
         	echo "<option value=\"$k\" $sel >{$f['name']}</option>";
 	}	
@@ -64,7 +70,7 @@
  {
 	echo "<select name=\"$name\" $onchange >";
 	foreach($a as $v=>$val) {
-		$sel = ($selected == $v) ? 'selected=\"selected\"' : '';
+		$sel = ($selected == $v) ? 'selected=selected' : '';
 		echo "<option value=\"$v\" $sel>$val</option>";
 	}
 	echo '</select>';
@@ -317,13 +323,14 @@ function createDataTCPDF(x,y,w,h,align,valign,fontname,fontstyle,fontsize,value)
 
  if($repaction == 'export') {
  	echo "<pre>";
-	$q = mysql_query("SELECT system_report_id FROM reports WHERE 1 ORDER BY system_report_id DESC");
+	$q = $pdo->prepare("SELECT system_report_id FROM reports WHERE 1 ORDER BY system_report_id DESC");
-	$r = mysql_fetch_assoc($q);
+	$q->execute();
+	$r = $q->fetch(PDO::FETCH_ASSOC);
 	$sid = $r['system_report_id'] + 1;
-	$n = mysql_escape_string($report['name']);
+	$n = $report['name'];
-	$c = mysql_escape_string($report['creator']);
+	$c = $report['creator'];
-	$d = mysql_escape_string($report['desc']);
+	$d = $report['desc'];
-	$t = mysql_escape_string($report['type']);
+	$t = $report['type'];
 
  	echo "INSERT INTO `reports` (`id`, `system_report_id`, `name`, `desc`, `creator`, `type`) VALUES\n";
 	echo "\t('', '$sid', '$n', '$d', '$c', '$t');\n";
@@ -333,7 +340,7 @@ function createDataTCPDF(x,y,w,h,align,valign,fontname,fontstyle,fontsize,value)
 	/* Do the options */
 	$x = 0;
 	foreach($report['option'] as $k=>$v) {
-		echo "\n\t('', LAST_INSERT_ID(), 'option', $x, '$k', '$v', 0, 0, 0, 0, 0, '', ''),";
+		echo "\n\t('', LAST_INSERT_ID(), 'option', $x, '$k', '".$v."', 0, 0, 0, 0, 0, '', ''),";
 		$x++;
 	}
 	/* Do the fields */
@@ -350,7 +357,7 @@ function createDataTCPDF(x,y,w,h,align,valign,fontname,fontstyle,fontsize,value)
 			if($vlines == 0) $vlines = 1;
 			$face = $v['face'];
 			$align = $v['align']. ' ' . $v['valign'];
-			$value=mysql_escape_string(stripslashes($v['value']));
+			$value= stripslashes($v['value']);
 			if(!$first) echo ',';
 			$first = false;
 			echo "\n\t('', LAST_INSERT_ID(), '$f', $x, '$k', '$value', $vx, $vy, $vw, $vh, $vlines, '$face', '$align')";
@@ -574,14 +581,14 @@ $doCanvasSampletcpdf = false;
  }
  echo "</table>\n";
  echo "<h4>Grouping</h4>";
- for($x=0;$x<2;$x++) {
+ for($x=0;$x<3;$x++) {
 	echo "Group By".($x + 1).": ";
 	$f = $report['group'][$x]['field'];
 	field_selector("group[$x]", "group$x", $f);
 	echo "<br />"; 
  }
  echo "<h4>Sorting</h4>";
- for($x=0;$x<3;$x++) {
+ for($x=0;$x<5;$x++) {
 	echo "Sort By".($x + 1).": ";
 	$f = $report['sort'][$x]['field'];
 	field_selector("sort[$x]", "sort$x",$f); 

admin/reports_fundraising.inc.php

@@ -24,7 +24,7 @@
 
 /* Take the language array in users_fundraising, unserialize it, and join it
  * with a space */
-function report_fundraisings_languages(&$report, $field, $text)
+function report_fundraisings_languages($report, $field, $text)
 {
 		$l = unserialize($text);
 		return join(' ', $l);

admin/reports_gen.php

@@ -39,8 +39,9 @@
  /* If it's a system report, turn that into the actual report id */
  if(array_key_exists('sid', $_GET)) {
  	$sid = intval($_GET['sid']);
- 	$q = mysql_query("SELECT id FROM reports WHERE system_report_id='$sid'");
+ 	$q = $pdo->prepare("SELECT id FROM reports WHERE system_report_id='$sid'");
-	$r = mysql_fetch_assoc($q);
+	$q->execute();
+	$r = $q->fetch(PDO::FETCH_OBJ);
 	$id = $r['id'];
  }
  
@@ -88,11 +89,12 @@ case 'dialog_gen':
 	</tr><tr>
 	<?
 	/* See if the report is in this committee member's list */
-	$q = mysql_query("SELECT * FROM reports_committee 
+	$q = $pd->prepare("SELECT * FROM reports_committee 
  				WHERE users_id='{$_SESSION['users_uid']}'
 				AND reports_id='{$report['id']}'");
-	if(mysql_num_rows($q) > 0) {
+	$q->execute();
-		$i = mysql_fetch_assoc($q);
+	if($q->rowCount() > 0) {
+		$i = $q->fetch(PDO::FETCH_ASSOC);
 		?>
 		<td colspan="2"><hr /><h3><?=i18n('My Reports Info')?></h3></td>
 		</tr><tr>
@@ -125,10 +127,11 @@ case 'dialog_gen':
 		echo "</select></td></tr>\n";
 	}
 	/* Find all the years */
-	$q = mysql_query("SELECT DISTINCT year FROM config WHERE year>1000 ORDER BY year DESC");
+	$q = $pdo->prepare("SELECT DISTINCT year FROM config WHERE year>1000 ORDER BY year DESC");
+	$q->execute();
 	echo "<tr><td  class=\"label\"><b>".i18n('Year')."</b>:</td>";
 	echo "<td class=\"input\"><select name=\"year\" id=\"year\">";
-	while($i = mysql_fetch_assoc($q)) {
+	while($i =$q->fetch(PDO::FETCH_ASSOC)) {
 		$y = $i['year'];
 		$sel = ($config['FAIRYEAR'] == $y) ? 'selected="selected"' : '';
 		echo "<option value=\"$y\" $sel>$y</option>";
@@ -215,13 +218,14 @@ case 'dialog_gen':
 
  echo '<tr><td colspan="2"><hr /></td></tr>';
  /* See if the report is in this committee member's list */
- $q = mysql_query("SELECT * FROM reports_committee 
+ $q = $pdo->prepare("SELECT * FROM reports_committee 
  			WHERE users_id='{$_SESSION['users_uid']}'
 			AND reports_id='{$report['id']}'");
+	$q->execute();
  echo "<tr><td colspan=\"2\"><h3>".i18n('My Reports Info')."</h3></td></tr>";
- if(mysql_num_rows($q) > 0) {
+ if($q->rowCount() > 0) {
  	/* Yes, it is */
-	$i = mysql_fetch_object($q);
+	$i = $q->fetch(PDO::FETCH_OBJ);
 	echo "<tr><td><b>".i18n('Category')."</b>:</td>";
 	echo "<td>{$i->category}</td></tr>";
 	echo "<tr><td><b>".i18n('Comment')."</b>:</td>";
@@ -249,10 +253,11 @@ case 'dialog_gen':
 	echo "</select></td></tr>";
  }
  /* Find all the years */
- $q = mysql_query("SELECT DISTINCT year FROM config WHERE year>1000 ORDER BY year DESC");
+ $q = $pdo->prepare("SELECT DISTINCT year FROM config WHERE year>1000 ORDER BY year DESC");
+ $q->execute();
  echo "<tr><td><b>".i18n('Year')."</b>:</td>";
  echo "<td><select name=\"year\" id=\"year\">";
- while($i = mysql_fetch_assoc($q)) {
+ while($i =$q->fetch(PDO::FETCH_ASSOC)) {
  	$y = $i['year'];
 	$sel = ($config['FAIRYEAR'] == $y) ? 'selected="selected"' : '';
 	echo "<option value=\"$y\" $sel>$y</option>";

admin/reports_judges.inc.php

@@ -25,7 +25,7 @@ require_once('../questions.inc.php');
 
 /* Take the language array in users_judge, unserialize it, and join it
  * with a space */
-function report_judges_languages(&$report, $field, $text)
+function report_judges_languages($report, $field, $text)
 {
 	$l = unserialize($text);
 	return ($l?join(' ', $l):'');
@@ -39,11 +39,13 @@ $report_judges_cats = array();
 function report_judges_load_divs($year)
 {
 	global $report_judges_divs;
+	global $pdo;
 	/* Load divisions for this year, only once */
 	if(!array_key_exists($year, $report_judges_divs)) {
 		$report_judges_divs[$year] = array();
-		$q = mysql_query("SELECT * FROM projectdivisions WHERE year='$year'");
+		$q = $pdo->prepare("SELECT * FROM projectdivisions WHERE year='$year'");
-		while(($d = mysql_fetch_assoc($q))) {
+		$q->execute();
+		while(($d =$q->fetch(PDO::FETCH_ASSOC))) {
 			$report_judges_divs[$year][$d['id']] = $d;
 		}
 	}
@@ -51,9 +53,11 @@ function report_judges_load_divs($year)
 function report_judges_load_cats($year)
 {
 	global $report_judges_cats;
+	global $pdo;
 	if(!array_key_exists($year, $report_judges_cats)) {
-	        $q = mysql_query("SELECT * FROM projectcategories WHERE year='$year'");
+			$q = $pdo->prepare("SELECT * FROM projectcategories WHERE year='$year'");
-		while(($c = mysql_fetch_assoc($q))) {
+			$q->execute();
+		while(($c = $q->fetch(PDO::FETCH_ASSOC))) {
 			$report_judges_cats[$year][$c['id']] = $c;
 		}
 	}
@@ -61,7 +65,7 @@ function report_judges_load_cats($year)
 
 
 /* Return all divisions rated at expertise level x */
-function report_judges_divs_at_exp(&$report, $field, $text)
+function report_judges_divs_at_exp($report, $field, $text)
 {
 	global $report_judges_divs;
 
@@ -89,7 +93,7 @@ function report_judges_divs_at_exp(&$report, $field, $text)
 	return join(', ', $retl);
 }
 
-function report_judges_cats_at_pref(&$report, $field, $text)
+function report_judges_cats_at_pref($report, $field, $text)
 {
 	global $report_judges_cats;
 	$prefs = array('H' => 2, 'h' => 1, 'i' => 0, 'l' => -1, 'L' => -2);
@@ -118,7 +122,7 @@ function report_judges_cats_at_pref(&$report, $field, $text)
 	return join(', ', $retl);
 }
 
-function report_judges_custom_question(&$report, $field, $text)
+function report_judges_custom_question($report, $field, $text)
 {
 	/* Field is 'question_x', users_id is passed in $text */
 	$q_ord = substr($field, 9);
@@ -126,19 +130,21 @@ function report_judges_custom_question(&$report, $field, $text)
 	$users_id = $text;
 
 	/* Find the actual question ID */
-	$q = mysql_query("SELECT * FROM questions WHERE year='$year' AND ord='$q_ord'");
+	$q = $pdo->prepare("SELECT * FROM questions WHERE year='$year' AND ord='$q_ord'");
-	if(mysql_num_rows($q) != 1)
+	$q->execute();
+	if($q->rowCount() != 1)
 		return 'Question not specified';
-	$question = mysql_fetch_assoc($q);
+	$question = $q->fetch(PDO::FETCH_ASSOC);
 
-	$q = mysql_query("SELECT * FROM question_answers WHERE users_id='$users_id' AND questions_id='{$question['id']}'");
+	$q = $pdo->prepare("SELECT * FROM question_answers WHERE users_id='$users_id' AND questions_id='{$question['id']}'");
-	if(mysql_num_rows($q) != 1)
+	$q->execute();
+	if($q->rowCount() != 1)
 		return '';
-	$answer = mysql_fetch_assoc($q);
+	$answer = $q->fetch(PDO::FETCH_ASSOC);
 	return $answer['answer'];
 }
 
-function report_judges_div_exp(&$report, $field, $text)
+function report_judges_div_exp($report, $field, $text)
 {
 	/* Field is 'div_exp_x', users_id is passed in $text */
 	$div_id = substr($field, 8);
@@ -150,7 +156,7 @@ function report_judges_div_exp(&$report, $field, $text)
 
 	return $divprefs[$div_id];
 }
-function report_judges_cat_pref(&$report, $field, $text)
+function report_judges_cat_pref($report, $field, $text)
 {
 	$prefs = array(-2 => 'Lowest', -1 => 'Low',
 			0 => '--',
@@ -166,16 +172,17 @@ function report_judges_cat_pref(&$report, $field, $text)
 	return i18n($prefs[$catprefs[$cat_id]]);
 }
 
-function report_judges_team_members(&$report, $field, $text)
+function report_judges_team_members($report, $field, $text)
 {
 	$year = $report['year'];
 	$judges_teams_id = $text;
-	$q = mysql_query("SELECT * FROM judges_teams_link 
+	$q = $pdo->prepare("SELECT * FROM judges_teams_link 
 						LEFT JOIN users ON judges_teams_link.users_id=users.id
 						WHERE judges_teams_link.year='$year'
 						AND judges_teams_link.judges_teams_id='$judges_teams_id'");
+	$q->execute();
 	$ret = '';
-	while( ($m = mysql_fetch_assoc($q))) {
+	while( ($m = $q->fetch(PDO::FETCH_ASSOC))) {
 		$add = false;
 		switch($field) {
 		case 'team_captain':
@@ -212,9 +219,10 @@ function report_judges_load_rounds($year)
 	global $config, $report_judges_rounds;
 	if(count($report_judges_rounds)) return ;
 
-	$q = mysql_query("SELECT * FROM judges_timeslots WHERE round_id='0' AND `year`='$year'");
+	$q = $pdo->prepare("SELECT * FROM judges_timeslots WHERE round_id='0' AND `year`='$year'");
+	$q->execute();
 	/* Loads judges_timeslots.id, .starttime, .endtime, .date, .name */
-	while($r = mysql_fetch_assoc($q)) {
+	while($r = $q->fetch(PDO::FETCH_ASSOC)) {
         	$report_judges_rounds[] = $r;
 
 		if($r['type'] == 'divisional1') $report_judges_rounds['divisional1'] = $r;
@@ -223,7 +231,19 @@ function report_judges_load_rounds($year)
 //        if($r['type'] == 'special') $round_special_awards[] = $r;
 }
 
-function report_judges_time_availability(&$report, $field, $text)
+function report_judges_specialaward($report, $field, $text)
+{
+	global $config, $report_judges_rounds;
+	$year = $report['year'];
+	$award_id = $text;
+	$q=$pdo->prepare("SELECT * FROM award_awards WHERE id='".intval($award_id)."'");
+	$q->execute();
+	$r=$q->fetch(PDO::FETCH_OBJ);
+	return $r->name;
+
+}
+
+function report_judges_time_availability($report, $field, $text)
 {
 	global $config, $report_judges_rounds;
 	$year = $report['year'];
@@ -243,9 +263,10 @@ function report_judges_time_availability(&$report, $field, $text)
 		exit;
 	}
 
-	$q = mysql_query("SELECT * FROM judges_availability WHERE users_id='$users_id'");
+	$q = $pdo->prepare("SELECT * FROM judges_availability WHERE users_id='$users_id'");
+	$q->execute();
 //	echo mysql_error();
-	while(($r = mysql_fetch_assoc($q))) {
+	while(($r = $q->fetch(PDO::FETCH_ASSOC))) {
 		 if($r['start'] <= $round['starttime'] 
                   && $r['end'] >= $round['endtime'] 
                   && $r['date'] == $round['date'] ) {
@@ -443,6 +464,13 @@ $report_judges_fields = array(
 		'exec_function' => 'report_judges_divs_at_exp', /* Yes, the same function as divs_at_exp_5 */
 		'components' => array('users_judge')),
 
+        'other_exp' => array(
+                'name' => 'Judge -- Other Expertise',
+                'header' => 'Expertise Other',
+                'width' => 2,
+                'table' => 'users_judge.expertise_other',
+                'components' => array('users_judge')),
+
 	/* Fill these in below, they're all the same */
 	'div_exp_1' => array(), 'div_exp_2' => array(), 'div_exp_3' => array(), 'div_exp_4' => array(), 'div_exp_5' => array(), 
 	'div_exp_6' => array(), 'div_exp_7' => array(), 'div_exp_8' => array(), 'div_exp_9' => array(), 'div_exp_10' => array(), 
@@ -609,6 +637,14 @@ $report_judges_fields = array(
 		'table' => 'users_judge.special_award_only',
 		'components' => array('users_judge')),
 
+	'special_award_only_sa' =>  array(
+		'name' => 'Judge -- Special Award Only - Selected Special Award',
+		'header' => 'Selected Special Award',
+		'width' => 2.5,
+		'table' => 'judges_specialaward_sel.award_awards_id',
+		'exec_function' => 'report_judges_specialaward',
+		'components' => array('users_judge')),
+
 	'year' =>  array(
 		'name' => 'Judge -- Year',
 		'header' => 'Year',
@@ -882,6 +918,7 @@ function report_judges_update_cats($year)
 
 	report_judges_load_cats($year);
 
+	////FIXME No check for empty projectcategories, please check the NULL case of count($report_judges_cats[$year])
 	if(count($report_judges_cats[$year]) > 10) {
 		echo "Not enough judge age category fields, please file a bug report at sfiab.ca and report that you have ".count($report_judges_cats[$year])." age categories, but the system can handle a maximum of 10.";
 		exit;
@@ -919,6 +956,7 @@ function report_judges_fromwhere($report, $components)
 
 	if(in_array('users_judge', $components)) {
 		$uj_from = 'LEFT JOIN users_judge ON users_judge.users_id=users.id';
+		$uj_from .= ' LEFT JOIN judges_specialaward_sel ON judges_specialaward_sel.users_id=users.id';
 	}
 					
 	$teams_from = '';

admin/reports_judges.php

@@ -78,18 +78,20 @@ foreach($keys as $qid) {
 
 
 //grab the list of divisions, because the last fields of the table will be the sub-divisions 
-$q=mysql_query("SELECT * FROM projectcategories WHERE year='".$config['FAIRYEAR']."' ORDER BY id");
+$q=$pdo->prepare("SELECT * FROM projectcategories WHERE year='".$config['FAIRYEAR']."' ORDER BY id");
-$numcats=mysql_num_rows($q);
+$q->execute();
+$numcats=$q->rowCount();
 $catheadings=array();
-while($r=mysql_fetch_object($q))
+while($r=$q->fetch(PDO::FETCH_OBJ))
 {
 	$cats[]=$r->id;
 	$catheadings[]="$r->category (out of 5)";
 }
 //grab the list of divisions, because the last fields of the table will be the sub-divisions 
-$q=mysql_query("SELECT * FROM projectdivisions WHERE year='".$config['FAIRYEAR']."' ORDER BY id");
+$q=$pdo->prepare("SELECT * FROM projectdivisions WHERE year='".$config['FAIRYEAR']."' ORDER BY id");
+$q->execute();
 $divheadings=array();
-while($r=mysql_fetch_object($q))
+while($r=$q->fetch(PDO::FETCH_OBJ))
 {
 	$divs[]=$r->id;
 	$divheadings[]="$r->division (out of 5)";
@@ -99,12 +101,41 @@ while($r=mysql_fetch_object($q))
 //now append the arrays together
 $table['header']=array_merge($table['header'],array_merge($catheadings,$divheadings));
 
+	$times = array();
+	$datetimeheadings=array();
+
+	/* Load the judging rounds */
+	$q = $pdo->prepare("SELECT date,starttime,endtime,name FROM judges_timeslots WHERE round_id='0' AND year='{$config['FAIRYEAR']}' ORDER BY starttime,type");
+	$q->execute();
+	$x = 0;
+	while($r = $q->fetch(PDO::FETCH_OBJ)) {
+		$found = false;
+		foreach($times as $xx => $t) {
+			if($t['date'] == $r->date && $t['starttime'] == $r->starttime && $t['endtime'] == $r->endtime) {
+				$times[$xx]['name'] .= ", {$r->name}";
+				$found = true;
+				break;
+			}
+		}
+		if(!$found) {
+			$times[$x] = array( 'date' => $r->date,
+					'starttime' => $r->starttime,
+					'endtime' => $r->endtime,
+					'name' => $r->name);
+			$datetimeheadings[]=$r->name;
+			$x++;
+		}
+	}
+
+$table['header']=array_merge($table['header'],$datetimeheadings);
+
+
 
 //fill these in if we ever make this PDFable
 $table['widths']=array();
 $table['dataalign']=array();
 
-$q=mysql_query("SELECT 
+$q=$pdo->prepare("SELECT 
 				users.*,
 				users_judge.*
 			FROM 
@@ -118,8 +149,9 @@ $q=mysql_query("SELECT
 			ORDER BY 
 				lastname,
 				firstname");
-echo mysql_error();
+$q->execute();
-while($r=mysql_fetch_object($q)) {
+echo $pdo->errorInfo();
+while($r=$q->fetch(PDO::FETCH_OBJ)) {
 	$u=user_load($r->id);
 
 	$expertise_other=str_replace("\n"," ",$r->expertise_other);
@@ -150,6 +182,28 @@ while($r=mysql_fetch_object($q)) {
 	foreach($keys as $qid) {
 		$qarray[] = $qans[$qid];
 	}
+
+
+	$tq = $pdo->prepare("SELECT * FROM judges_availability WHERE users_id=\"".$r->id."\" ORDER BY `start`");
+	$tq->execute();
+
+	$sel = array();
+	$timedata=array();
+	while($tr=$tq->fetch(PDO::FETCH_OBJ)) {
+		foreach($times as $x=>$t) {
+			if($tr->start == $t['starttime'] && $tr->end == $t['endtime'] && $tr->date == $t['date']) {
+				$sel[$x] = true;
+			}
+		}
+	}
+
+	foreach($times as $x=>$t) {
+		if($sel[$x]==true) {
+			$timedata[]="yes";
+		} else {
+			$timedata[]="no";
+		}
+	}
 		
 	$tmp=array(
 		$r->id,
@@ -175,7 +229,7 @@ while($r=mysql_fetch_object($q)) {
 	$tmp = array_merge($tmp, $qarray);
 
 	$extradata=array_merge($catdata,$divdata);
-	$table['data'][]=array_merge($tmp,$extradata);
+	$table['data'][]=array_merge(array_merge($tmp,$extradata),$timedata);
 }
 
 $rep->addTable($table);

admin/reports_judges_allyears.php

@@ -0,0 +1,188 @@
+<?
+/* 
+   This file is part of the 'Science Fair In A Box' project
+   SFIAB Website: http://www.sfiab.ca
+
+   Copyright (C) 2005 Sci-Tech Ontario Inc <info@scitechontario.org>
+   Copyright (C) 2005 James Grant <james@lightbox.org>
+
+   This program is free software; you can redistribute it and/or
+   modify it under the terms of the GNU General Public
+   License as published by the Free Software Foundation, version 2.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+    General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program; see the file COPYING.  If not, write to
+   the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
+   Boston, MA 02111-1307, USA.
+*/
+?>
+<?
+ require("../common.inc.php");
+ require_once("../user.inc.php");
+ user_auth_required('committee', 'admin');
+ require("../lpdf.php");
+ require("../lcsv.php");
+ require("../questions.inc.php");
+
+ if(!$_GET['type']) $type="csv";
+ else $type=$_GET['type'];
+
+if($type=="pdf")
+{
+	$rep=new lpdf(	i18n($config['fairname']),
+			i18n("Judge List"),
+			$_SERVER['DOCUMENT_ROOT'].$config['SFIABDIRECTORY']."/data/logo-200.gif"
+			);
+
+	$rep->newPage();
+	$rep->setFontSize(11);
+}
+else if($type=="csv")
+{
+	$rep=new lcsv(i18n("Judge List"));
+}
+
+$table=array();
+$table['header']=array( 
+			i18n("ID"),	
+			i18n("Unique ID"),	
+			i18n("Year"),	
+			i18n("Last Name"),
+			i18n("First Name"),
+			i18n("Email"),
+			i18n("Phone Home"),
+			i18n("Phone Work"),
+			i18n("Phone Work Ext"),
+			i18n("Phone Cell"),
+			i18n("Languages"),
+			i18n("Organization"),
+			i18n("Address 1"),
+			i18n("Address 2"),
+			i18n("City"),
+			i18n($config['provincestate']),
+			i18n($config['postalzip']),
+			i18n("Highest PostSecDeg"),
+			i18n("Professional Quals"),
+			i18n("Expertise Other"));
+
+/* Append headers for all the custom questions */
+$qs=questions_load_questions('judgereg', $config['FAIRYEAR']);
+$keys = array_keys($qs);
+foreach($keys as $qid) {
+	$table['header'][] = i18n($qs[$qid]['db_heading']);
+}
+
+
+//grab the list of divisions, because the last fields of the table will be the sub-divisions 
+$q=$pdo->prepare("SELECT * FROM projectcategories WHERE year='".$config['FAIRYEAR']."' ORDER BY id");
+$q->execute();
+$numcats=$q->rowCount();
+$catheadings=array();
+while($r=$q->fetch(PDO::FETCH_OBJ))
+{
+	$cats[]=$r->id;
+	$catheadings[]="$r->category (out of 5)";
+}
+//grab the list of divisions, because the last fields of the table will be the sub-divisions 
+$q=$pdo->prepare("SELECT * FROM projectdivisions WHERE year='".$config['FAIRYEAR']."' ORDER BY id");
+$q->execute();
+$divheadings=array();
+while($r=$q->fetch(PDO::FETCH_OBJ))
+{
+	$divs[]=$r->id;
+	$divheadings[]="$r->division (out of 5)";
+	$divheadings[]="$r->division subdivisions";
+}
+
+//now append the arrays together
+$table['header']=array_merge($table['header'],array_merge($catheadings,$divheadings));
+
+
+//fill these in if we ever make this PDFable
+$table['widths']=array();
+$table['dataalign']=array();
+
+$q=$pdo->prepare("SELECT 
+				users.*,
+				users_judge.*
+			FROM 
+				users
+				JOIN users_judge ON users.id=users_judge.users_id
+			WHERE 
+				users.deleted='no'
+				AND users.types LIKE '%judge%'
+			ORDER BY 
+				lastname,
+				firstname,
+				year");
+$q->execute();
+echo $pdo->errorInfo();
+while($r=$q->fetch(PDO::FETCH_OBJ)) {
+	$u=user_load($r->id);
+
+	$expertise_other=str_replace("\n"," ",$r->expertise_other);
+	$expertise_other=str_replace("\r","",$expertise_other);
+
+	if(isset($divdata)) unset($divdata); $divdata=array();
+	if(isset($catdata)) unset($catdata); $catdata=array();
+	$languages="";
+
+	foreach($u['cat_prefs'] AS $c) {
+		$catdata[]=$c+2;
+	}
+
+	foreach($u['div_prefs'] AS $d) {
+		$divdata[]=$d;
+		//FIXME: 2010-01-22 - James - get the sub divisions for now we use a placeholder
+		$divdata[]="";
+	}
+
+	foreach($u['languages'] AS $k=>$v) {
+		$languages.="$v/";
+	}
+	$languages=substr($languages,0,-1);
+
+	$qarray = array();
+	$qans = questions_load_answers('judgereg', $r->id, $config['FAIRYEAR']);
+	$keys = array_keys($qans);
+	foreach($keys as $qid) {
+		$qarray[] = $qans[$qid];
+	}
+		
+	$tmp=array(
+		$r->id,
+		$r->uid,
+		$r->year,
+		$r->lastname,
+		$r->firstname,
+		$r->email,
+		$r->phonehome,
+		$r->phonework,
+		$r->phoneworkext,
+		$r->phonecell,
+		$languages,
+		$r->organization,
+		$r->address,
+		$r->address2,
+		$r->city,
+		$r->province,
+		$r->postalcode,
+		$r->highest_psd,
+		$r->professional_quals,
+		$expertise_other
+		);
+	$tmp = array_merge($tmp, $qarray);
+
+	$extradata=array_merge($catdata,$divdata);
+	$table['data'][]=array_merge($tmp,$extradata);
+}
+
+$rep->addTable($table);
+$rep->output();
+
+?>

admin/reports_judges_teams_projects.php

@@ -49,8 +49,9 @@
 
 	$teams=getJudgingTeams();
 
-	$q=mysql_query("SELECT DISTINCT(date) AS d FROM judges_timeslots WHERE year='".$config['FAIRYEAR']."'");
+	$q=$pdo->prepare("SELECT DISTINCT(date) AS d FROM judges_timeslots WHERE year='".$config['FAIRYEAR']."'");
-	if(mysql_num_rows($q)>1)
+	$q->execute();
+	if($q->rowCount()>1)
 		$show_date=true;
 	else
 		$show_date=false;
@@ -60,7 +61,7 @@
 		$table=array();
 		$table['header']=array(i18n("Timeslot"),i18n("Proj #"),i18n("Project Title"));
 		if($show_date)
-			$table['widths']=array(		2.25,		0.75, 		4.00);
+			$table['widths']=array(		2.50,		0.75, 		3.75);
 		else
 			$table['widths']=array(		1.5,		0.75, 		4.75);
 
@@ -91,10 +92,11 @@
 				$rep->addText(i18n("Criteria").": ".$award['criteria']);
 
 				//get category eligibility
-				$q=mysql_query("SELECT projectcategories.category FROM projectcategories, award_awards_projectcategories WHERE award_awards_projectcategories.projectcategories_id=projectcategories.id AND award_awards_projectcategories.award_awards_id='{$award['id']}' AND award_awards_projectcategories.year='{$config['FAIRYEAR']}' AND projectcategories.year='{$config['FAIRYEAR']}' ORDER BY category");
+				$q=$pdo->prepare("SELECT projectcategories.category FROM projectcategories, award_awards_projectcategories WHERE award_awards_projectcategories.projectcategories_id=projectcategories.id AND award_awards_projectcategories.award_awards_id='{$award['id']}' AND award_awards_projectcategories.year='{$config['FAIRYEAR']}' AND projectcategories.year='{$config['FAIRYEAR']}' ORDER BY category");
-				echo mysql_error();
+				$q->execute();
+				echo $pdo->erroInfo();
 				$cats="";
-				while($r=mysql_fetch_object($q))
+				while($r=$q->fetch(PDO::FETCH_OBJ))
 				{
 					if($cats) $cats.=", ".i18n($r->category);
 					else $cats=i18n($r->category);
@@ -103,10 +105,11 @@
 
 
 				//get division eligibility
-				$q=mysql_query("SELECT projectdivisions.division_shortform FROM projectdivisions, award_awards_projectdivisions WHERE award_awards_projectdivisions.projectdivisions_id=projectdivisions.id AND award_awards_projectdivisions.award_awards_id='{$award['id']}' AND award_awards_projectdivisions.year='{$config['FAIRYEAR']}' AND projectdivisions.year='{$config['FAIRYEAR']}' ORDER BY division_shortform");
+				$q=$pdo->prepare("SELECT projectdivisions.division_shortform FROM projectdivisions, award_awards_projectdivisions WHERE award_awards_projectdivisions.projectdivisions_id=projectdivisions.id AND award_awards_projectdivisions.award_awards_id='{$award['id']}' AND award_awards_projectdivisions.year='{$config['FAIRYEAR']}' AND projectdivisions.year='{$config['FAIRYEAR']}' ORDER BY division_shortform");
-				echo mysql_error();
+				$q->execute();
+				echo $pdo->erroInfo();
 				$divs="";
-				while($r=mysql_fetch_object($q))
+				while($r=$q->fetch(PDO::FETCH_OBJ))
 				{
 					if($divs) $divs.=", ".i18n($r->division_shortform);
 					else $divs=i18n($r->division_shortform);
@@ -119,7 +122,7 @@
 		$rep->nextLine();
 
 		//get the timeslots that this team has.
-		$q=mysql_query("SELECT 
+		$q=$pdo->prepare("SELECT 
 					judges_timeslots.id,
 					judges_timeslots.date,
 					judges_timeslots.starttime,
@@ -135,17 +138,18 @@
 				ORDER BY
 					date,starttime
 				");
-		$numslots=mysql_num_rows($q);
+		$q->execute();
+		$numslots=$q->rowCount();
 
-		while($r=mysql_fetch_object($q))
+		while($r=$q->fetch(PDO::FETCH_OBJ))
 		{
 			if($show_date)
-				$timeslot=$r->date." ";
+				$timeslot=format_date($r->date)." ";
 			else
 				$timeslot="";
 			$timeslot.=format_time($r->starttime)." - ".format_time($r->endtime);
 
-			$projq=mysql_query("SELECT
+			$projq=$pdo->prepare("SELECT
 					projects.projectnumber,
 					projects.id,
 					projects.title
@@ -160,8 +164,9 @@
 				ORDER BY
 					projectnumber
 				");
+			$projq->execute(;)
 
-			while($proj=mysql_fetch_object($projq))
+			while($proj=$projq->fetch(PDO::FETCH_OBJ))
 			{
 				$table['data'][]=array($timeslot, $proj->projectnumber,$proj->title);
 				//make the timeslot empty so we dont list it each time if there's more than one project in the timeslot

admin/reports_mailinglabels_generator.php

@@ -66,8 +66,9 @@ if($report)
 	{
 		//IF(schools.sciencehead=\"\",\"Science Department Head\",schools.sciencehead) AS co,
 		case "schools":
-				$q=mysql_query("SELECT  
+				$q=$pdo->prepare("SELECT  
 							schools.school AS name,
+							schools.board AS board,
 							schools.schoollang,
 							schools.sciencehead AS co,
 							schools.address AS address,
@@ -81,11 +82,12 @@ if($report)
 						ORDER BY
 							school
 						");
+				$q->execute();
 		break;
 
 		case "sponsors":
 
-				$q=mysql_query("SELECT  
+				$q=$pdo->prepare("SELECT  
 							award_sponsors.organization AS name,
 							award_sponsors.address AS address,
 							award_sponsors.city AS city,
@@ -104,10 +106,11 @@ if($report)
 						ORDER BY
 							organization
 						");
+				$q->execute();
 			break;
 
 			case "judges":
-				$q=mysql_query("SELECT  
+				$q=$pdo->prepare("SELECT  
 							CONCAT(judges.firstname,' ',judges.lastname) AS name,
 							IF(judges.address2=\"\",
 								judges.address,
@@ -126,6 +129,7 @@ if($report)
 						ORDER BY
 							lastname,firstname
 						");
+				$q->execute();
 			break;
 
 	}
@@ -143,7 +147,7 @@ if($report)
 					i18n($config['postalzip']));
 	}
 	
-	while($r=mysql_fetch_object($q))
+	while($r=$q-.fetch(PDO::FETCH_OBJ))
 	{
 		//handle C/O differently for schools, becuase, well, french schools are picky!
 		if($report=="schools") {
@@ -153,17 +157,23 @@ if($report)
 				$coname=i18n("Science Department Head",array(),array(),$r->schoollang);
 
 			$co=i18n("C/O %1",array($coname),array("Name of person"),$r->schoollang);
-		}
-		else $co="C/O $r->co";
 
-		if($_GET['type']=="pdf")
+			
-		{
+			$name=$r->name;
-			$rep->newLabel();
+			if($r->board) 
-			$rep->mailingLabel($r->name,$co,$r->address,$r->city,$r->province,$r->postalcode);
+				$name.=" [".$r->board."]";
 		}
-		else if($_GET['type']=="csv")
+		else {
-		{
+			 $co="C/O $r->co";
-			$table['data'][]=array($r->name,$co,$r->address,$r->city,$r->province,$r->postalcode);
+			 $name=$r->name;
+		}
+
+		if($_GET['type']=="pdf") {
+			$rep->newLabel();
+			$rep->mailingLabel($name,$co,$r->address,$r->city,$r->province,$r->postalcode);
+		}
+		else if($_GET['type']=="csv") {
+			$table['data'][]=array($name,$co,$r->address,$r->city,$r->province,$r->postalcode);
 		}
 	}
 

admin/reports_program_awards.php

@@ -23,7 +23,7 @@
 	{
 		$rep=new lcsv(i18n("Program Awards"));
 	}
-	$q=mysql_query("SELECT 
+	$q=$pdo->prepare("SELECT 
 				award_awards.id,
 				award_awards.name,
 				award_awards.criteria,
@@ -40,27 +40,29 @@
 				AND	award_awards.excludefromac='0'
 				AND	(award_types.type='special' OR award_types.type='grand')
 			ORDER BY awards_order");
+	$q->execute();
 
-	echo mysql_error();
+	echo $pdo->errorInfo();
 
-	if(mysql_num_rows($q))
+	if($q->rowCCount())
 	{
-		while($r=mysql_fetch_object($q))
+		while($r=$q->fetch(PDO::FETCH_OBJ))
 		{
 			$rep->heading(i18n($r->name));
 
 			//get teh age categories
-			$acq=mysql_query("SELECT projectcategories.category FROM projectcategories, award_awards_projectcategories  WHERE projectcategories.year='".$config['FAIRYEAR']."' AND award_awards_projectcategories.year='".$config['FAIRYEAR']."' AND award_awards_projectcategories.award_awards_id='$r->id' AND award_awards_projectcategories.projectcategories_id=projectcategories.id ORDER BY projectcategories.id");
+			$acq=$pdo->prepare("SELECT projectcategories.category FROM projectcategories, award_awards_projectcategories  WHERE projectcategories.year='".$config['FAIRYEAR']."' AND award_awards_projectcategories.year='".$config['FAIRYEAR']."' AND award_awards_projectcategories.award_awards_id='$r->id' AND award_awards_projectcategories.projectcategories_id=projectcategories.id ORDER BY projectcategories.id");
-			echo mysql_error();
+			$acq->execute();
+			echo $pdo->errorInfo();
 			$cats="";
-			while($acr=mysql_fetch_object($acq))
+			while($acr=$acq->fetch(PDO::FETCH_OBJ))
 			{
 				$cats.=i18n($acr->category).", ";
 			}
 			$cats=substr($cats,0,-2);
 			$rep->addText("$cats: ".i18n($r->criteria));
 
-			$pq=mysql_query("SELECT 
+			$pq=$pdo->prepare("SELECT 
 						award_prizes.prize,
 						award_prizes.number,
 						award_prizes.id,
@@ -74,9 +76,10 @@
 						AND award_prizes.excludefromac='0'
 					ORDER BY 
 						`order`");
-					echo mysql_error();
+			$pq->execute();
+					echo $pdo->errorInfo();
 			$prevprizeid=-1;
-			while($pr=mysql_fetch_object($pq))
+			while($pr=$pq->fetch(PDO::FETCH_OBJ))
 			{
 				if($prevprizeid!=$pr->id)
 				{

admin/reports_projects_details.php

@@ -47,7 +47,7 @@
 		$rep=new lcsv(i18n("Project Details"));
 	}
 
-	$projq=mysql_query("SELECT  
+	$projq=$pdo->prepare("SELECT  
 				registrations.id AS reg_id,
 				registrations.num AS reg_num,
 				projects.id,
@@ -77,25 +77,25 @@
 			ORDER BY
 				projects.projectnumber
 			");
-			echo mysql_error();
+			echo $pdo->errorInfo();
 
-	$totalprojects=mysql_num_rows($projq);
+	$totalprojects=$projq->rowCount();
 	$projectcount=0;
 	
-	while($proj=mysql_fetch_object($projq))
+	while($proj=$projq->fetch(PDO::FETCH_OBJ))
 	{
 		$projectcount++;
-		$sq=mysql_query("SELECT students.firstname,
+		$sq=$pdo->prepare("SELECT students.firstname,
 					students.lastname
 				FROM
 					students
 				WHERE
 					students.registrations_id='$proj->reg_id'
 				");
-
+		$sq->execute();
 		$students="";
 		$studnum=0;
-		while($studentinfo=mysql_fetch_object($sq))
+		while($studentinfo=$sq->fetch(PDO::FETCH_OBJ))
 		{
 			if($studnum>0) $students.=", ";
 			$students.="$studentinfo->firstname $studentinfo->lastname";
@@ -120,14 +120,15 @@
 		$rep->addTable($table);
 		unset($table);
 
-		$q=mysql_query("SELECT * FROM mentors WHERE registrations_id='".$proj->reg_id."'");
+		$q=$pdo->prepare("SELECT * FROM mentors WHERE registrations_id='".$proj->reg_id."'");
+		$q->execute();
 		$rep->nextline();
 		$rep->heading(i18n("Mentor Information"));
 		$rep->nextline();
 
-		if(mysql_num_rows($q))
+		if($q->rowCount())
 		{
-		while($r=mysql_fetch_object($q))
+		while($r=$q->fetch(PDO::FETCH_OBJ))
 		{
 			$rep->addText(i18n("%1 %2 from %3",array($r->firstname,$r->lastname,$r->organization)));
 			$rep->addText(i18n("Phone: %1 Email: %2",array($r->phone,$r->email)));

admin/reports_projects_judges_teams.php

@@ -49,14 +49,15 @@
 
 	$teams=getJudgingTeams();
 
-	$q=mysql_query("SELECT DISTINCT(date) AS d FROM judges_timeslots WHERE year='".$config['FAIRYEAR']."'");
+	$q=$pdo->prepare("SELECT DISTINCT(date) AS d FROM judges_timeslots WHERE year='".$config['FAIRYEAR']."'");
-	if(mysql_num_rows($q)>1)
+	$q->execute();
+	if($q->rowCount()>1)
 		$show_date=true;
 	else
 		$show_date=false;
 
 
-	$projq=mysql_query("SELECT  
+	$projq=$pdo->prepare("SELECT  
 				registrations.id AS reg_id,
 				registrations.num AS reg_num,
 				projects.id,
@@ -81,24 +82,26 @@
 			ORDER BY
 				projects.projectnumber
 			");
-			echo mysql_error();
+		$projq->execute();
+			echo $pdo->errorInfo();
 	
-	while($proj=mysql_fetch_object($projq))
+	while($proj=$projq->fetch(PDO::FETCH_OBJ))
 	{
 		$rep->heading("(".$proj->projectnumber.") ".$proj->title);
 
-		$sq=mysql_query("SELECT students.firstname,
+		$sq=$pdo->prepare("SELECT students.firstname,
 					students.lastname
 				FROM
 					students
 				WHERE
 					students.registrations_id='$proj->reg_id'
 				");
+		$sq->execute();
 
 
 		$students="";
 		$studnum=0;
-		while($studentinfo=mysql_fetch_object($sq))
+		while($studentinfo=$sq->fetch(PDO::fETCH_OBJ)
 		{
 			if($studnum>0) $students.=", ";
 			$students.="$studentinfo->firstname $studentinfo->lastname";
@@ -110,14 +113,14 @@
 		$table=array();
 		$table['header']=array(i18n("Timeslot"),i18n("Judging Team"));
 		if($show_date)
-			$table['widths']=array(		2.25,		4.75);
+			$table['widths']=array(		2.50,		4.50);
 		else
 			$table['widths']=array(		1.5,		5.50);
 
 		$table['dataalign']=array("center","left");
 
 		//get the timeslots that this project has assigned to been judged.
-		$q=mysql_query("SELECT 
+		$q=$pdo->prepare("SELECT 
 					judges_timeslots.date,
 					judges_timeslots.starttime,
 					judges_timeslots.endtime,
@@ -132,9 +135,10 @@
 				ORDER BY
 					date,starttime
 				");
-		$numslots=mysql_num_rows($q);
+		$q->execute();
+		$numslots=$q->rowCount();
 
-		while($r=mysql_fetch_object($q))
+		while($r=$q->fetch(PDO::FETCH_OBJ))
 		{
 			if($show_date)
 				$timeslot=format_date($r->date)." ";

admin/reports_schools.inc.php

@@ -22,7 +22,7 @@
 */
 
 
-function reports_schools_principal(&$report, $field, $text)
+function reports_schools_principal($report, $field, $text)
 {
 	$year = $report['year'];
 	if($text > 0) { /* text is the uid */
@@ -31,17 +31,17 @@ function reports_schools_principal(&$report, $field, $text)
 	}
 	return '';
 }
-function reports_schools_sciencehead(&$report, $field, $text)
+function reports_schools_sciencehead($report, $field, $text)
 {
 	$year = $report['year'];
 	if($text > 0) { /* text is the uid */
 		$u = user_load_by_uid_year($text, $year);
-		return $u['name'];
+		return i18n("%1 or Science Department Head",array($u['name']));
 	}
-	return '';
+	return i18n("Science Department Head");
 }
 
-function reports_schools_shphone(&$report, $field, $text)
+function reports_schools_shphone($report, $field, $text)
 {
 	$year = $report['year'];
 	if($text > 0) { /* text is the uid */
@@ -51,7 +51,7 @@ function reports_schools_shphone(&$report, $field, $text)
 	return '';
 }
 
-function reports_schools_shemail(&$report, $field, $text)
+function reports_schools_shemail($report, $field, $text)
 {
 	$year = $report['year'];
 	if($text > 0) { /* text is the uid */

admin/reports_students.inc.php

@@ -13,7 +13,7 @@
    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-    General Public License for more details.
+   General Public License for more details.
 
    You should have received a copy of the GNU General Public License
    along with this program; see the file COPYING.  If not, write to
@@ -21,24 +21,79 @@
    Boston, MA 02111-1307, USA.
 */
 
-function report_students_i18n_fr(&$report, $field, $text)
+// This file was modified Jan of 2014 by Richard Sin
+// Project Type has been added to the list.
+// Cheque Splitting algorithm is added.
+
+function report_students_i18n_fr($report, $field, $text)
 {
 	return i18n($text, array(), array(), 'fr');
 }
 
-function reports_students_numstudents(&$report, $field, $text)
+function report_student_cash_words($report, $field, $text) {
-{
+	return wordify($text, true);
-	$year = $report['year'];
-	$q = mysql_query("SELECT students.id FROM students 
-				WHERE students.registrations_id='$text'
-					AND students.year='$year'");
-	return mysql_num_rows($q);
 }
 
-function reports_students_award_selfnom_num(&$report, $field, $text, $n)
+function report_student_cash_cheque($report, $field, $text) {
+	return sprintf("\$***%0.2f", $text);
+}
+
+function report_student_get_date_today($report, $field, $text) {
+	return format_date(time());
+}
+
+function report_student_get_date_today_for_cheques($report, $field, $text) {
+	global $config;
+	$format = $config['cheque_date_format'];
+	$format = str_replace(array('YYYY', 'MM', 'DD'), array('Y', 'm', 'd'), $format);
+	if(!(strlen($format) == 3 && strstr('Y', $format) !== null && strstr('m', $format) !== null && strstr('d', $format) !== null)){
+		$format = 'Ymd';
+	}
+	return implode(' ', preg_split('//', date($format), -1));
+}
+
+function report_student_get_cheque_date_format($report, $field, $text){
+	global $config;
+	return implode('  ', preg_split('//', $config['cheque_date_format'], -1));
+}
+
+function report_student_safety_question($report, $field, $text) {
+
+
+	/* Field is 'safetyquestion_x', registration_id is passed in $text */
+	$q_ord = intval(substr($field, 15));
+	$regid = $text;
+
+	//safetyquestions start counting 1-10, but when we LIMIT, we need to index on 0-9
+	$q_ord--;
+
+		$q=$pdo->prepare("SELECT safetyquestions.question,
+			safety.answer
+		FROM safetyquestions
+		JOIN safety ON safetyquestions.id=safety.safetyquestions_id
+		WHERE safety.registrations_id='".$regid."' 
+		ORDER BY safetyquestions.ord LIMIT $q_ord,1");
+		$q->execute();
+
+	$r=$q->fetch(PDO::FETCH_OBJ);
+	return $r->answer;
+}
+
+
+function reports_students_numstudents($report, $field, $text)
 {
 	$year = $report['year'];
-	$q = mysql_query("SELECT award_awards.name FROM 
+	$q = $pdo->prepare("SELECT students.id FROM students 
+				WHERE students.registrations_id='$text'
+					AND students.year='$year'");
+	$q->execute();
+	return $q->rowCount();
+}
+
+function reports_students_award_selfnom_num($report, $field, $text, $n)
+{
+	$year = $report['year'];
+	$q = $pdo->prepare("SELECT award_awards.name FROM 
 				projects 
 				LEFT JOIN project_specialawards_link ON project_specialawards_link.projects_id=projects.id
 				LEFT JOIN award_awards ON award_awards.id=project_specialawards_link.award_awards_id
@@ -46,31 +101,32 @@ function reports_students_award_selfnom_num(&$report, $field, $text, $n)
 					AND projects.year='$year'
 					AND project_specialawards_link.year='$year'
 				LIMIT $n,1");
-	echo mysql_error();
+	$q->execute();
-	$i = mysql_fetch_assoc($q);
+	echo $pdo->errorInfo();
+	$i = $q->fetch(PDO::FETCH_OBJ);
 	return $i['name'];
 }
-function reports_students_award_selfnom_1(&$report, $field, $text)
+function reports_students_award_selfnom_1($report, $field, $text)
 {
-	return reports_students_award_selfnom_num(&$report, $field, $text, 0);
+	return reports_students_award_selfnom_num($report, $field, $text, 0);
 }
-function reports_students_award_selfnom_2(&$report, $field, $text)
+function reports_students_award_selfnom_2($report, $field, $text)
 {
-	return reports_students_award_selfnom_num(&$report, $field, $text, 1);
+	return reports_students_award_selfnom_num($report, $field, $text, 1);
 }
-function reports_students_award_selfnom_3(&$report, $field, $text)
+function reports_students_award_selfnom_3($report, $field, $text)
 {
-	return reports_students_award_selfnom_num(&$report, $field, $text, 2);
+	return reports_students_award_selfnom_num($report, $field, $text, 2);
 }
-function reports_students_award_selfnom_4(&$report, $field, $text)
+function reports_students_award_selfnom_4($report, $field, $text)
 {
-	return reports_students_award_selfnom_num(&$report, $field, $text, 3);
+	return reports_students_award_selfnom_num($report, $field, $text, 3);
 }
-function reports_students_award_selfnom_5(&$report, $field, $text)
+function reports_students_award_selfnom_5($report, $field, $text)
 {
-	return reports_students_award_selfnom_num(&$report, $field, $text, 4);
+	return reports_students_award_selfnom_num($report, $field, $text, 4);
 }
-function reports_students_school_principal(&$report, $field, $text)
+function reports_students_school_principal($report, $field, $text)
 {
 	$year = $report['year'];
 	if($text > 0) { /* text is the uid */
@@ -80,15 +136,54 @@ function reports_students_school_principal(&$report, $field, $text)
 	return '';
 }
 
+function report_student_regfee_item($report, $field, $text) {
+	$year = $report['year'];
+	$id=intval(substr($field,12));
+	$q=$pdo->prepare("SELECT regfee_items_id FROM regfee_items_link WHERE students_id='$text' AND regfee_items_id='$id'");
+	$q->execute();
+	echo $pdo->errorInfo();
+	if($r=$q->fetch(PDO::FETCH_OBJ)) {
+		return i18n("Yes");
+	}
+	else {
+		return i18n("No");
+	}
+}
+
+ $q = $pdo->prepare("SELECT * FROM regfee_items WHERE year='{$config['FAIRYEAR']}'");
+ $q->execute();
+ $regfeeitems=array();
+ $first=true;
+ while($i = $q->fetch(PDO::FETCH_ASSOC)) {
+	 $regfeeitems["regfee_item_".$i['id']] = array (
+		'name' => "Registration Fee Items -- {$i['name']}",
+		'header' => $i['name'],
+		'width' => 1,
+		'table' => 'students.id',
+		'table_sort' => 'students.id',
+		'exec_function' => 'report_student_regfee_item');
+
+	 if($first) $regfeeitems["regfee_item_".$i['id']]=array_merge($regfeeitems["regfee_item_".$i['id']],array( 'start_option_group' => 'Registration Fee Items'));
+	 $first=false;
+ }
+
 
 $report_students_fields = array(
 	'pn' => array(
 		'name' => 'Project Number',
 		'header' => '#',
-		'width' => 0.6,
+		'width' => 0.7,
 		'table' => 'projects.projectnumber',
 		'table_sort' => 'projects.projectsort, projects.projectnumber'),
 
+	'projectbarcode' => array(
+		'name' => 'Project Barcode',
+		'header' => 'Barcode',
+		'width' => 1,
+		'table' => 'projects.projectnumber',
+		'table_sort' => 'projects.projectsort, projects.projectnumber',
+		),
+
 	'last_name' =>  array(
 		'start_option_group' => 'Student Name Information',
 		'name' => 'Student -- Last Name',
@@ -151,6 +246,13 @@ $report_students_fields = array(
 		'table' => "GROUP_CONCAT(students.firstname, ' ', students.lastname ORDER BY students.lastname SEPARATOR ', ')",
 		'group_by' => array('students.registrations_id')),
 
+	'allnames_split' =>  array(
+		'name' => "Student -- All Student Names (REQUIRES  5.0) (Split) ",
+		'header' => 'Student(s)',
+		'width' => 3.0,
+		'scalable' => true,
+		'table' => "CONCAT(students.firstname, ' ', students.lastname)",),
+
 	'pronunciation'  =>  array(
 		'name' => 'Student -- Name Pronunciation',
 		'header' => 'Pronunciation',
@@ -184,6 +286,12 @@ $report_students_fields = array(
 		'width' => 1.5,
 		'table' => 'students.city' ),
 
+	'county' =>  array(
+		'name' => 'Student -- County',
+		'header' => 'County',
+		'width' => 1.5,
+		'table' => 'students.county' ),
+
 	'province' =>  array(
 		'name' => 'Student -- '.$config['provincestate'],
 		'header' => $config['provincestate'],
@@ -203,6 +311,12 @@ $report_students_fields = array(
 		'scalable' => true,
 		'table' => "CONCAT(students.address, ', ', students.city, ', ', students.province, ', ', students.postalcode)" ),
 
+	'address_full_with_county' => array(
+		'name' => 'Student -- Full Address Including County',
+		'header' => 'Address',
+		'width' => 3.0,
+		'scalable' => true,
+		'table' => "CONCAT(students.address, ', ', students.city, ', ', students.county, ', ', students.province, ', ', students.postalcode)" ),
 
 	'grade' =>  array(
 		'start_option_group' => 'Other Student Information',
@@ -241,7 +355,7 @@ $report_students_fields = array(
 	'tshirt' =>  array(
 		'name' => 'Student -- T-Shirt Size',
 		'header' => 'T-Shirt',
-		'width' => 0.55,
+		'width' => 0.70,
 		'table' => 'students.tshirt',
 		'value_map' => array ('none' => '', 'xsmall' => 'X-Small', 'small' => 'Small', 'medium' => 'Medium',
 					'large' => 'Large', 'xlarge' => 'X-Large')),
@@ -290,9 +404,15 @@ $report_students_fields = array(
 	'division' =>  array(
 		'name' => 'Project -- Division',
 		'header' => 'Division',
-		'width' => 3.0,
+		'width' => 1.0,
 		'table' => 'projectdivisions.division' ),
 
+	'projecttype' =>  array(
+		'name' => 'Project -- Type',
+		'header' => 'Type',
+		'width' => 1.0,
+		'table' => 'projects.projecttype' ),
+
 	'div' => array(
 		'name' => 'Project -- Division Short Form' ,
 		'header' => 'Div',
@@ -348,6 +468,13 @@ $report_students_fields = array(
 		'scalable' => true,
 		'table' => 'projects.summary' ),
 
+	'title_summary' => array(
+		'name' => 'Project -- Title and Summary',
+		'header' => 'Project Title and Summary',
+		'width' => 5.00,
+		'scalable' => true,
+		'table' => "CONCAT('Title: ', projects.title, '\n',projects.summary)" ),
+
 	'language' => array(
 		'name' => 'Project -- Language',
 		'header' => 'Lang',
@@ -380,6 +507,20 @@ $report_students_fields = array(
 		'width' => .5,
 		'table' => "projects.req_table",
 		'value_map' => array ('no' => '', 'yes' => 'Yes')),
+
+	'human_participants' => array(
+		'name' => 'Project -- If the project uses human participants',
+		'header' => 'Human Par.',
+		'width' => .5,
+		'table' => "projects.human_participants",
+		'value_map' => array ('no' => 'No', 'yes' => 'Yes')),
+
+	'animal_participants' => array(
+		'name' => 'Project -- If the project requires animals',
+		'header' => 'animal Par',
+		'width' => .5,
+		'table' => "projects.animal_participants",
+		'value_map' => array ('no' => 'No', 'yes' => 'Yes')),
 		
 	'req_special' => array(
 		'name' => 'Project -- Any special requirements the project has',
@@ -387,6 +528,76 @@ $report_students_fields = array(
 		'width' => 3,
 		'table' => "projects.req_special"),
 
+	'safetyquestion_1' => array(
+		'start_option_group' => 'Project Safety Questions',
+		'name' => 'Project Safety -- Safety Question 1',
+		'header' => 'Q1',
+		'width' => 15 /*mm*/,
+		'table' => 'registrations.id',
+		'exec_function' => 'report_student_safety_question'),
+
+	'safetyquestion_2' => array(
+		'name' => 'Project Safety -- Safety Question 2',
+		'header' => 'Q2',
+		'width' => 15 /*mm*/,
+		'table' => 'registrations.id',
+		'exec_function' => 'report_student_safety_question'),
+
+	'safetyquestion_3' => array(
+		'name' => 'Project Safety -- Safety Question 3',
+		'header' => 'Q3',
+		'width' => 15 /*mm*/,
+		'table' => 'registrations.id',
+		'exec_function' => 'report_student_safety_question'),
+
+	'safetyquestion_4' => array(
+		'name' => 'Project Safety -- Safety Question 4',
+		'header' => 'Q4',
+		'width' => 15 /*mm*/,
+		'table' => 'registrations.id',
+		'exec_function' => 'report_student_safety_question'),
+
+	'safetyquestion_5' => array(
+		'name' => 'Project Safety -- Safety Question 5',
+		'header' => 'Q5',
+		'width' => 15 /*mm*/,
+		'table' => 'registrations.id',
+		'exec_function' => 'report_student_safety_question'),
+
+	'safetyquestion_6' => array(
+		'name' => 'Project Safety -- Safety Question 6',
+		'header' => 'Q6',
+		'width' => 15 /*mm*/,
+		'table' => 'registrations.id',
+		'exec_function' => 'report_student_safety_question'),
+
+	'safetyquestion_7' => array(
+		'name' => 'Project Safety -- Safety Question 7',
+		'header' => 'Q7',
+		'width' => 15 /*mm*/,
+		'table' => 'registrations.id',
+		'exec_function' => 'report_student_safety_question'),
+
+	'safetyquestion_8' => array(
+		'name' => 'Project Safety -- Safety Question 8',
+		'header' => 'Q8',
+		'width' => 15 /*mm*/,
+		'table' => 'registrations.id',
+		'exec_function' => 'report_student_safety_question'),
+
+	'safetyquestion_9' => array(
+		'name' => 'Project Safety -- Safety Question 9',
+		'header' => 'Q9',
+		'width' => 15 /*mm*/,
+		'table' => 'registrations.id',
+		'exec_function' => 'report_student_safety_question'),
+
+	'safetyquestion_10' => array(
+		'name' => 'Project Safety -- Safety Question 10',
+		'header' => 'Q10',
+		'width' => 15 /*mm*/,
+		'table' => 'registrations.id',
+		'exec_function' => 'report_student_safety_question'),
 
 	'school' =>  array(
 		'start_option_group' => 'School Information',
@@ -437,7 +648,7 @@ $report_students_fields = array(
 	'school_city' =>  array(
 		'name' => 'School -- City',
 		'header' => 'City',
-		'width' => 1.5,
+		'width' => 1.0,
 		'table' => 'schools.city' ),
 
 	'school_province' =>  array(
@@ -502,6 +713,14 @@ $report_students_fields = array(
 		'table_sort' => 'award_awards.order',
 		'components' => array('awards')),
 
+        'award_prize_script_order' => array(
+                'name' => 'Award -- Script Order',
+                'header' => 'Prize Script Order',
+                'width' => 4,
+                'table' => 'award_prizes.id',
+                'table_sort' => 'award_prizes.id DESC',
+                'components' => array('awards')),
+
 	'award_type' => array(
 		'name' => 'Award -- Type (Divisional, Special, etc.)',
 		'header' => 'Award Type',
@@ -539,6 +758,45 @@ $report_students_fields = array(
 		'table' => 'award_prizes.cash',
 		'components' => array('awards')),
 
+	'award_prize_cash_split' => array(
+		'name' => 'Award -- Prize Cash Amount (Split)',
+		'header' => 'Cash',
+		'width' => 0.5,
+		'table' => 'award_prizes.cash/a.count',
+		'components' => array('awards')),
+
+	'award_prize_cash_cheque' => array(
+		'name' => 'Award -- Prize Cash Amount for Cheques',
+		'header' => 'Cash',
+		'width' => 0.5,
+		'table' => 'award_prizes.cash',
+		'components' => array('awards'),
+		'exec_function' => 'report_student_cash_cheque'),
+
+	'award_prize_cash_cheque_split' => array(
+		'name' => 'Award -- Prize Cash Amount for Cheques (Split)',
+		'header' => 'Cash',
+		'width' => 0.5,
+		'table' => 'award_prizes.cash/a.count',
+		'components' => array('awards'),
+		'exec_function' => 'report_student_cash_cheque'),
+
+	'award_prize_cash_words' => array(
+		'name' => 'Award -- Prize Cash Amount In Words',
+		'header' => 'Cash',
+		'width' => 0.5,
+		'table' => 'award_prizes.cash',
+		'components' => array('awards'),
+		'exec_function' => 'report_student_cash_words'),
+
+	'award_prize_cash_words_split' => array(
+		'name' => 'Award -- Prize Cash Amount In Words (Split)',
+		'header' => 'Cash',
+		'width' => 0.5,
+		'table' => 'award_prizes.cash/a.count',
+		'components' => array('awards'),
+		'exec_function' => 'report_student_cash_words'),
+
 	'award_prize_scholarship' => array(
 		'name' => 'Award -- Prize Scholarship Amount',
 		'header' => 'Scholarship',
@@ -650,6 +908,8 @@ $report_students_fields = array(
 		'table_sort' => 'projects.id',
 		'exec_function' => 'reports_students_award_selfnom_5'),
 
+
+
 /* Emergency Contact Info */
 	'emerg_name' => array(
 		'start_option_group' => 'Emergency Contact Information',
@@ -673,6 +933,13 @@ $report_students_fields = array(
 		'table' => "CONCAT(emergencycontact.phone1, ' ', emergencycontact.phone2, ' ', emergencycontact.phone3, ' ', emergencycontact.phone4)",
 		'components' => array('emergencycontacts')),
 
+	'emerg_email' => array(
+		'name' => 'Emergency Contact -- Email',
+		'header' => 'Email',
+		'width' => 1,
+		'table' => "emergencycontact.email",
+		'components' => array('emergencycontacts')),
+
 /* Tour Information */
 	'tour_assign_name' => array(
 		'start_option_group' => 'Tour Information',
@@ -806,7 +1073,13 @@ $report_students_fields = array(
 		'name' => 'Fair -- Name',
 		'header' => 'Fair Name',
 		'width' => 3,
-		'table' => "'".mysql_escape_string($config['fairname'])."'"),
+		'table' => "'".$config['fairname']."'"),
+
+	'fair_logo' =>  array(
+		'name' => 'Fair -- Logo (for Labels only)',
+		'header' => '',
+		'width' => 1 /*mm*/,
+		'table' => "CONCAT(' ')"),
 
 /* Special/Misc/Other */
 	'static_text' => array (
@@ -837,9 +1110,30 @@ $report_students_fields = array(
 		'total' => true,
 		'group_by' => array('students.tshirt')),
 
+	'current_date' => array(
+		'name' => 'Current Date',
+		'header' => 'Date',
+		'width' => 0.5,
+		'table' => "CONCAT(' ')",
+		'exec_function' => 'report_student_get_date_today'),
 
+	'current_date_for_cheques' => array(
+		'name' => 'Current Date for Cheques',
+		'header' => 'Date',
+		'width' => 0.5,
+		'table' => "CONCAT(' ')",
+		'exec_function' => 'report_student_get_date_today_for_cheques'),
+
+	'current_date_format_for_cheques' => array(
+		'name' => 'Current Date Format for Cheques',
+		'header' => 'Format',
+		'width' => 0.5,
+		'table' => "CONCAT(' ')",
+		'exec_function' => 'report_student_get_cheque_date_format'),
 );
 
+$report_students_fields = array_merge($report_students_fields,$regfeeitems);
+
  function report_students_fromwhere($report, $components)
  {
  	global $config, $report_students_fields;
@@ -856,7 +1150,11 @@ $report_students_fields = array(
 		$awards_join = "LEFT JOIN winners ON winners.projects_id = projects.id
 				LEFT JOIN award_prizes ON award_prizes.id = winners.awards_prizes_id
 				LEFT JOIN award_awards ON award_awards.id = award_prizes.award_awards_id
-				LEFT JOIN award_types ON award_types.id=award_awards.award_types_id";
+				LEFT JOIN award_types ON award_types.id=award_awards.award_types_id
+				LEFT JOIN (SELECT registrations_id AS id, COUNT( * ) AS count
+					FROM students
+					GROUP BY registrations_id) a
+				ON a.id=students.registrations_id";
 		$awards_where = " AND winners.year='$year'
 				AND award_awards.year='$year'
 				AND award_prizes.year='$year'

admin/reports_volunteers.inc.php

@@ -112,7 +112,7 @@ $report_volunteers_fields = array(
 		'name' => 'Fair -- Name',
 		'header' => 'Fair Name',
 		'width' => 3,
-		'table' => "'".mysql_escape_string($config['fairname'])."'"),
+		'table' => "'".$config['fairname'])."'",
 
 	'static_text' => array (
 		'name' => 'Static Text (useful for labels)',

admin/rerollprizes.php

@@ -15,113 +15,132 @@
 	{
 
 	//make sure the number of awards are identical (aka they havent added any new ones)
-	$nq1=mysql_query("SELECT * FROM award_awards WHERE year='$newfairyear'");
+	$nq1=$pdo->prepare("SELECT * FROM award_awards WHERE year='$newfairyear'");
-	$nq2=mysql_query("SELECT * FROM award_awards WHERE year='$currentfairyear'");
+	$nq1->execute();
-	if(mysql_num_rows($nq1)==mysql_num_rows($nq2)) 
+	$nq2=$pdo->prepare("SELECT * FROM award_awards WHERE year='$currentfairyear'");
+	$nq2->execute();
+	if($nq1->rowCount()==$nq2->rowcount()) 
 	{
-		$npq1=mysql_query("SELECT * FROM award_prizes WHERE year='$newfairyear'");
+		$npq1=$pdo->prepare("SELECT * FROM award_prizes WHERE year='$newfairyear'");
-		$npq2=mysql_query("SELECT * FROM award_prizes WHERE year='$currentfairyear'");
+		$npq1->execute();
+		$npq2=$pdo->prepare("SELECT * FROM award_prizes WHERE year='$currentfairyear'");
+		$npq2->execute();
 
-		if(mysql_num_rows($npq2)>0 && mysql_num_rows($npq1)==0) 
+		if($npq2->rowCount()>0 && $npq1->rowCount()==0) 
 		{
 
 
 	echo "<br />";
 	echo notice(i18n("A BUG WAS IDENTIFIED IN YOUR PREVIOUS YEAR ROLLOVER WHICH CAUSED AWARD PRIZES TO NOT BE ROLLED OVER PROPERLY.  THEY ARE NOW BEING RE-ROLLED OVER WITH THE PROPER PRIZE INFORMATION.  THIS WILL ONLY HAPPEN ONCE."))."<br />";
-	mysql_query("DELETE FROM award_awards WHERE year='$newfairyear'");
+	$stmt = $pdo->prepare("DELETE FROM award_awards WHERE year='$newfairyear'");
-	mysql_query("DELETE FROM award_prizes WHERE year='$newfairyear'");
+	$stmt->execute();
-	mysql_query("DELETE FROM award_contacts WHERE year='$newfairyear'");
+	$stmt = $pdo->prepare("DELETE FROM award_prizes WHERE year='$newfairyear'");
-	mysql_query("DELETE FROM award_types WHERE year='$newfairyear'");
+	$stmt->execute();
-	mysql_query("DELETE FROM award_awards_projectcategories WHERE year='$newfairyear'");
+	$stmt = $pdo->prepare("DELETE FROM award_contacts WHERE year='$newfairyear'");
-	mysql_query("DELETE FROM award_awards_projectdivisions WHERE year='$newfairyear'");
+	$stmt->execute();
+	$stmt = $pdo->prepare("DELETE FROM award_types WHERE year='$newfairyear'");
+	$stmt->execute();
+	$stmt = $pdo->prepare("DELETE FROM award_awards_projectcategories WHERE year='$newfairyear'");
+	$stmt->execute();
+	$stmt = $pdo->prepare("DELETE FROM award_awards_projectdivisions WHERE year='$newfairyear'");
+$stmt->execute();
 
 	echo i18n("Rolling awards")."<br />";
 		//awards
-		$q=mysql_query("SELECT * FROM award_awards WHERE year='$currentfairyear'");
+		$q=$pdo->prepare("SELECT * FROM award_awards WHERE year='$currentfairyear'");
-		echo mysql_error();
+		$q->execute();
-		while($r=mysql_fetch_object($q))
+		echo $pdo->errorInfo();
+		while($r=$q->fetch(PDO::FETCH_OBJ))
 		{
-			mysql_query("INSERT INTO award_awards (award_sponsors_id,award_types_id,name,criteria,presenter,`order`,year,excludefromac,cwsfaward) VALUES (
+			$stmt = $pdo->prepare("INSERT INTO award_awards (award_sponsors_id,award_types_id,name,criteria,presenter,`order`,year,excludefromac,cwsfaward) VALUES (
-				'".mysql_escape_string($r->award_sponsors_id)."',
+				'".$r->award_sponsors_id."',
-				'".mysql_escape_string($r->award_types_id)."',
+				'".$r->award_types_i)."',
-				'".mysql_escape_string($r->name)."',
+				'".$r->name."',
-				'".mysql_escape_string($r->criteria)."',
+				'".$r->criteria."',
-				'".mysql_escape_string($r->presenter)."',
+				'".$r->presenter."',
-				'".mysql_escape_string($r->order)."',
+				'".$r->order."',
-				'".mysql_escape_string($newfairyear)."',
+				'".$newfairyear."',
-				'".mysql_escape_string($r->excludefromac)."',
+				'".$r->excludefromac."',
-				'".mysql_escape_string($r->cwsfaward)."')");
+				'".$r->cwsfaward."')");
-			$award_awards_id=mysql_insert_id();
+			$award_awards_id=$pdo->lastInsertId();
 			
-			$q2=mysql_query("SELECT * FROM award_awards_projectcategories WHERE year='$currentfairyear' AND award_awards_id='$r->id'");
+			$q2=$pdo->prepare("SELECT * FROM award_awards_projectcategories WHERE year='$currentfairyear' AND award_awards_id='$r->id'");
-			echo mysql_error();
+			$q2->execute();
-			while($r2=mysql_fetch_object($q2))
+			echo $pdo->errorInfo();
+			while($r2=$q2->fetch(PDO::FETCH_OBJ))
 			{
-				mysql_query("INSERT INTO award_awards_projectcategories (award_awards_id,projectcategories_id,year) VALUES (
+				$stmt = $pdo->prepare("INSERT INTO award_awards_projectcategories (award_awards_id,projectcategories_id,year) VALUES (
-				'".mysql_escape_string($award_awards_id)."',
+				'".$award_awards_id."',
-				'".mysql_escape_string($r2->projectcategories_id)."',
+				'".$r2->projectcategories_id."',
-				'".mysql_escape_string($newfairyear)."')");
+				'".$newfairyear."')");
+				$stmt->execute();
 
 			}
 
-			$q2=mysql_query("SELECT * FROM award_awards_projectdivisions WHERE year='$currentfairyear' AND award_awards_id='$r->id'");
+			$q2=$pdo->prepare("SELECT * FROM award_awards_projectdivisions WHERE year='$currentfairyear' AND award_awards_id='$r->id'");
-			echo mysql_error();
+			$q2->execute();
-			while($r2=mysql_fetch_object($q2))
+			echo $pdo->errorInfo();
+			while($r2=$q2->fetch(PDO::FETCH_OBJ))
 			{
-				mysql_query("INSERT INTO award_awards_projectdivisions (award_awards_id,projectdivisions_id,year) VALUES (
+				$stmt = $pdo->prepare("INSERT INTO award_awards_projectdivisions (award_awards_id,projectdivisions_id,year) VALUES (
-				'".mysql_escape_string($award_awards_id)."',
+				'".$award_awards_id."',
-				'".mysql_escape_string($r2->projectdivisions_id)."',
+				'".$r2->projectdivisions_id."',
-				'".mysql_escape_string($newfairyear)."')");
+				'".$newfairyear."')");
+				$stmt->execute();
 
 			}
 
 			echo i18n("&nbsp; Rolling award prizes")."<br />";
-			$q2=mysql_query("SELECT * FROM award_prizes WHERE year='$currentfairyear' AND award_awards_id='$r->id'");
+			$q2=$pdo->prepare("SELECT * FROM award_prizes WHERE year='$currentfairyear' AND award_awards_id='$r->id'");
-			echo mysql_error();
+			$q2->execute();
-			while($r2=mysql_fetch_object($q2))
+			echo $pdo->errorInfo();
+			while($r2=$q2->fetch(PDO::FETCH_OBJ))
 			{
-				mysql_query("INSERT INTO award_prizes (award_awards_id,cash,scholarship,`value`,prize,number,`order`,year,excludefromac) VALUES (
+				$stmt = $pdo->prepare("INSERT INTO award_prizes (award_awards_id,cash,scholarship,`value`,prize,number,`order`,year,excludefromac) VALUES (
-				'".mysql_escape_string($award_awards_id)."',
+				'".$award_awards_id."',
-				'".mysql_escape_string($r2->cash)."',
+				'".$r2->cash."',
-				'".mysql_escape_string($r2->scholarship)."',
+				'".$r2->scholarship."',
-				'".mysql_escape_string($r2->value)."',
+				'".$r2->value."',
-				'".mysql_escape_string($r2->prize)."',
+				'".$r2->prize."',
-				'".mysql_escape_string($r2->number)."',
+				'".$r2->number."',
-				'".mysql_escape_string($r2->order)."',
+				'".$r2->order."',
-				'".mysql_escape_string($newfairyear)."',
+				'".$newfairyear."',
-				'".mysql_escape_string($r2->excludefromac)."')");
+				'".$r2->excludefromac."')");
 			}
 		}
 
 		echo i18n("Rolling award contacts")."<br />";
 		//award contacts
-		$q=mysql_query("SELECT * FROM award_contacts WHERE year='$currentfairyear'");
+		$q=$pdo->prepare("SELECT * FROM award_contacts WHERE year='$currentfairyear'");
-		echo mysql_error();
+		$q->execute();
-		while($r=mysql_fetch_object($q))
+		echo $pdo->errorInfo();
-			mysql_query("INSERT INTO award_contacts (award_sponsors_id,salutation,firstname,lastname,position,email,phonehome,phonework,phonecell,fax,notes,year) VALUES (
+		while($r=$q->fetch(PDO::FETCH_OBJ))
-				'".mysql_escape_string($r->award_sponsors_id)."',
+			$stmt = $pdo->prepare("INSERT INTO award_contacts (award_sponsors_id,salutation,firstname,lastname,position,email,phonehome,phonework,phonecell,fax,notes,year) VALUES (
-				'".mysql_escape_string($r->salutation)."',
+				'".$r->award_sponsors_id."',
-				'".mysql_escape_string($r->firstname)."',
+				'".$r->salutation."',
-				'".mysql_escape_string($r->lastname)."',
+				'".$r->firstname."',
-				'".mysql_escape_string($r->position)."',
+				'".$r->lastname."',
-				'".mysql_escape_string($r->email)."',
+				'".$r->position."',
-				'".mysql_escape_string($r->phonehome)."',
+				'".$r->email."',
-				'".mysql_escape_string($r->phonework)."',
+				'".$r->phonehome."',
-				'".mysql_escape_string($r->phonecell)."',
+				'".$r->phonework."',
-				'".mysql_escape_string($r->fax)."',
+				'".$r->phonecell."',
-				'".mysql_escape_string($r->notes)."',
+				'".$r->fax."',
-				'".mysql_escape_string($newfairyear)."')");
+				'".$r->notes."',
+				'".$newfairyear."')");
 
 		echo i18n("Rolling award types")."<br />";
 		//award types
-		$q=mysql_query("SELECT * FROM award_types WHERE year='$currentfairyear'");
+		$q=$pdo->prepare("SELECT * FROM award_types WHERE year='$currentfairyear'");
-		echo mysql_error();
+		$q->execute();
-		while($r=mysql_fetch_object($q))
+		echo $pdo->errorInfo();
-			mysql_query("INSERT INTO award_types (id,type,`order`,year) VALUES (
+		while($r=$q->fetch(PDO::FETCH_OBJ))
-				'".mysql_escape_string($r->id)."',
+			$stmt = $pdo->prepare("INSERT INTO award_types (id,type,`order`,year) VALUES (
-				'".mysql_escape_string($r->type)."',
+				'".$r->id."',
-				'".mysql_escape_string($r->order)."',
+				'".$r->type."',
-				'".mysql_escape_string($newfairyear)."')");
+				'".$r->order."',
+				'".$newfairyear."')");
+			$stmt->execute();
 
 		}
 	}

admin/schools.php

@@ -31,8 +31,9 @@
 	{
 		if($_POST['save']=="add")
 		{
-			$q=mysql_query("INSERT INTO schools (year) VALUES ('".$config['FAIRYEAR']."')");
+			$q=$pdo->prepare("INSERT INTO schools (year) VALUES ('".$config['FAIRYEAR']."')");
-			$id=mysql_insert_id();
+			$q->execute();
+			$id=$pdo->lastInsertId();
 		}
 		else
 			$id=intval($_POST['id']);
@@ -47,8 +48,9 @@
 */
 
 		/* Get the uids for principal/science head */
-		$q = mysql_query("SELECT principal_uid,sciencehead_uid FROM schools WHERE id='$id'");
+		$q = $pdo->prepare("SELECT principal_uid,sciencehead_uid FROM schools WHERE id='$id'");
-		$i = mysql_fetch_assoc($q);
+		$q->execute();
+		$i = $q->fetch(PDO::FETCH_ASSOC);
 
 		$principal_update = '';
 		$sciencehead_update = '';
@@ -63,6 +65,8 @@
 		} else 
 			$pl = false;
 
+		$em = $_POST['principalemail'];
+
 		/* If we loaded or created an entry, either
 		 * update and save, or purge it */
 		if(is_array($pl)) {
@@ -72,6 +76,7 @@
 			} else {
 				$pl['firstname'] = $first;
 				$pl['lastname'] = $last;
+				$pl['email'] = $em;
 				user_save($pl);
 			}
 		} 
@@ -117,29 +122,30 @@
 		}
 
 		$exec="UPDATE schools SET ".
-			"school='".mysql_escape_string(stripslashes($_POST['school']))."', ".
+			"school='".stripslashes($_POST['school'])."', ".
-			"schoollang='".mysql_escape_string(stripslashes($_POST['schoollang']))."', ".
+			"schoollang='".stripslashes($_POST['schoollang'])."', ".
-			"designate='".mysql_escape_string(stripslashes($_POST['schooldesignate']))."', ".
+			"designate='".stripslashes($_POST['schooldesignate'])."', ".
-			"schoollevel='".mysql_escape_string(stripslashes($_POST['schoollevel']))."', ".
+			"schoollevel='".stripslashes($_POST['schoollevel'])."', ".
-			"school='".mysql_escape_string(stripslashes($_POST['school']))."', ".
+			"school='".stripslashes($_POST['school'])."', ".
-			"board='".mysql_escape_string(stripslashes($_POST['board']))."', ".
+			"board='".stripslashes($_POST['board'])."', ".
-			"district='".mysql_escape_string(stripslashes($_POST['district']))."', ".
+			"district='".stripslashes($_POST['district'])."', ".
-			"address='".mysql_escape_string(stripslashes($_POST['address']))."', ".
+			"address='".stripslashes($_POST['address'])."', ".
-			"city='".mysql_escape_string(stripslashes($_POST['city']))."', ".
+			"city='".stripslashes($_POST['city'])."', ".
-			"province_code='".mysql_escape_string(stripslashes($_POST['province_code']))."', ".
+			"province_code='".stripslashes($_POST['province_code'])."', ".
-			"postalcode='".mysql_escape_string(stripslashes($_POST['postalcode']))."', ".
+			"postalcode='".stripslashes($_POST['postalcode'])."', ".
-			"schoolemail='".mysql_escape_string(stripslashes($_POST['schoolemail']))."', ".
+			"schoolemail='".stripslashes($_POST['schoolemail'])."', ".
-			"phone='".mysql_escape_string(stripslashes($_POST['phone']))."', ".
+			"phone='".stripslashes($_POST['phone'])."', ".
-			"fax='".mysql_escape_string(stripslashes($_POST['fax']))."', ".
+			"fax='".stripslashes($_POST['fax'])."', ".
-			"registration_password='".mysql_escape_string(stripslashes($_POST['registration_password']))."', ".
+			"registration_password='".stripslashes($_POST['registration_password'])."', ".
-			"projectlimit='".mysql_escape_string(stripslashes($_POST['projectlimit']))."', ".
+			"projectlimit='".stripslashes($_POST['projectlimit'])."', ".
-			"projectlimitper='".mysql_escape_string(stripslashes($_POST['projectlimitper']))."', ".
+			"projectlimitper='".stripslashes($_POST['projectlimitper'])."', ".
-			"accesscode='".mysql_escape_string(stripslashes($_POST['accesscode']))."', ".
+			"accesscode='".stripslashes($_POST['accesscode'])."', ".
 			$sciencehead_update.$principal_update.
 			"atrisk='$atrisk' ".
 			"WHERE id='$id'";
-		mysql_query($exec);
+		$stmt = $pdo->prepare($exec);
-		echo mysql_error();
+		$stmt->execute();
+		echo $pdo->errorInfo();
 
 		if($_POST['save']=="add")
 			$notice = 'added';
@@ -149,23 +155,27 @@
 
 	if($_GET['action']=="delete" && $_GET['delete'])
 	{
-		mysql_query("DELETE FROM schools WHERE id='".$_GET['delete']."'");
+		$stmt = $pdo->prepare("DELETE FROM schools WHERE id='".$_GET['delete']."'");
+		$stmt->execute();
 		$notice = 'deleted';
 	}
 
 	if($_GET['action']=="clearaccesscodes")
 	{
-		mysql_query("UPDATE schools SET accesscode=NULL WHERE year='{$config['FAIRYEAR']}'");
+		$stmt = $pdo->prepare("UPDATE schools SET accesscode=NULL WHERE year='{$config['FAIRYEAR']}'");
+		$stmt->execute();
 		$notice = 'clearaccess';
 	}
 
 	if($_GET['action']=="makeaccesscodes")
 	{
-		$q=mysql_query("SELECT id FROM schools WHERE year='{$config['FAIRYEAR']}' AND (accesscode IS NULL OR accesscode='')");
+		$q=$pdo->prepare("SELECT id FROM schools WHERE year='{$config['FAIRYEAR']}' AND (accesscode IS NULL OR accesscode='')");
-		while($r=mysql_fetch_object($q))
+		$q->execute();
+		while($r=$q->fetch(PDO::FETCH_OBJ))
 		{
 			$ac=generatePassword(5);
-			mysql_query("UPDATE schools SET accesscode='$ac' WHERE id='$r->id' AND year='{$config['FAIRYEAR']}'");
+			$stmt = $pdo->prepare("UPDATE schools SET accesscode='$ac' WHERE id='$r->id' AND year='{$config['FAIRYEAR']}'");
+			$stmt->execute();
 
 		}
 		$notice = 'makeaccess';
@@ -183,8 +193,9 @@
 		if($_GET['action']=="edit")
 		{
 			$buttontext="Save School";
-			$q=mysql_query("SELECT * FROM schools WHERE id='".$_GET['edit']."'");
+			$q=$pdo->prepare("SELECT * FROM schools WHERE id='".$_GET['edit']."'");
-			$r=mysql_fetch_object($q);
+			$q->execute();
+			$r=$q->fetch(PDO::FETCH_OBJ);
 		}
 		else if($_GET['action']=="add")
 		{
@@ -237,7 +248,11 @@
 			$pl = user_load_by_uid($r->principal_uid);
 		else
 			$pl = array();
+		/* Don't show autogenerated emails */
+		$e = $pl['email'][0] == '*' ? '' : $pl['email'];
 		echo "<tr><td>".i18n("Principal")."</td><td><input type=\"text\" name=\"principal\" value=\"".htmlspecialchars($pl['name'])."\" size=\"60\" maxlength=\"64\" /></td></tr>\n";
+		echo "<tr><td>".i18n("Principal Email")."</td><td><input type=\"text\" name=\"principalemail\" value=\"".htmlspecialchars($e)."\" size=\"60\" maxlength=\"128\" /></td></tr>\n";
+
 		echo "<tr><td>".i18n("School Email")."</td><td><input type=\"text\" name=\"schoolemail\" value=\"".htmlspecialchars($r->schoolemail)."\" size=\"60\" maxlength=\"128\" /></td></tr>\n";
 		echo "<tr><td>".i18n("Access Code")."</td><td><input type=\"text\" name=\"accesscode\" value=\"".htmlspecialchars($r->accesscode)."\" size=\"32\" maxlength=\"32\" /></td></tr>\n";
 		echo "<tr><td colspan=2><br /><b>".i18n("Science head/teacher or science fair contact at school")."</b></td></tr>";
@@ -339,8 +354,9 @@
 		echo " <th>".i18n("Action")."</th>";
 		echo "</tr></thead>\n";
 
-		$q=mysql_query("SELECT * FROM schools WHERE year='".$config['FAIRYEAR']."' ORDER BY school");
+		$q = $pdo->prepare("SELECT * FROM schools WHERE year='".$config['FAIRYEAR']."' ORDER BY school");
-		while($r=mysql_fetch_object($q))
+		$q->execute();
+		while($r=$q->fetch(PDO::FETCH_OBJ))
 		{
 			echo "<tr>\n";
 			echo " <td>$r->school</td>\n";

admin/schoolsimport.php

@@ -49,38 +49,69 @@
 				if($_POST['emptycurrent']==1)
 				{
 					echo happy(i18n("Old school data erased"));
-					mysql_query("DELETE FROM schools WHERE year='".$config['FAIRYEAR']."'");
+					$stmt = $pdo->prepare("DELETE FROM schools WHERE year='".$config['FAIRYEAR']."'");
+					$stmt->execute();
 				}
 
 				$loaded=0;
 				foreach($CSVP->data AS $row)
 				{
-					mysql_query("INSERT INTO schools (school,schoollang,schoollevel,board,district,phone,fax,address,city,province_code,postalcode,principal,schoolemail,sciencehead,scienceheademail,scienceheadphone,accesscode,registration_password,projectlimit,projectlimitper,year) VALUES (
+					for($n = 0; $n < count($row); $n++){
-						'".mysql_escape_string(stripslashes($row[0]))."',
+						$row[$n] = trim($row[$n]);
-						'".mysql_escape_string(stripslashes($row[1]))."',
+					}
-						'".mysql_escape_string(stripslashes($row[2]))."',
+
-						'".mysql_escape_string(stripslashes($row[3]))."',
+					$email = $row[16];
-						'".mysql_escape_string(stripslashes($row[4]))."',
+					if($email != ''){
-						'".mysql_escape_string(stripslashes($row[5]))."',
+						$scienceHead = user_load_by_email($email);
-						'".mysql_escape_string(stripslashes($row[6]))."',
+						if(!$scienceHead){
-						'".mysql_escape_string(stripslashes($row[7]))."',
+							$scienceHead = user_create('teacher', $email);
-						'".mysql_escape_string(stripslashes($row[8]))."',
+							$scienceHead['email'] = $email;
-						'".mysql_escape_string(stripslashes($row[9]))."',
+						}
-						'".mysql_escape_string(stripslashes($row[10]))."',
+						list($first, $last) = explode(' ', $row[15], 2);
-						'".mysql_escape_string(stripslashes($row[11]))."',
+						$scienceHead['firstname'] = $first;
-						'".mysql_escape_string(stripslashes($row[12]))."',
+						$scienceHead['lastname'] = $last;
-						'".mysql_escape_string(stripslashes($row[13]))."',
+						$scienceHead['phonework'] = $row[17];
-						'".mysql_escape_string(stripslashes($row[14]))."',
+						user_save($scienceHead);
-						'".mysql_escape_string(stripslashes($row[15]))."',
+					}
-						'".mysql_escape_string(stripslashes($row[16]))."',
+
-						'".mysql_escape_string(stripslashes($row[17]))."',
+					$email = $row[12];
-						'".mysql_escape_string(stripslashes($row[18]))."',
+					if($email != ''){
-						'".mysql_escape_string(stripslashes($row[19]))."',
+						$principal = user_load_by_email($email);
-						'".$config['FAIRYEAR']."')");
+						if(!$principal){
-					if(!mysql_Error())
+							$principal = user_create('principal', $email);
+							$principal['email'] = $email;
+						}
+						list($first, $last) = explode(' ', $row[11], 2);
+						$principal['firstname'] = $first;
+						$principal['lastname'] = $last;
+						$principal['phonework'] = $row[13];
+						user_save($principal);
+					}
+					$stmt = $pdo->prepare("INSERT INTO schools (school,schoollang,schoollevel,board,district,phone,fax,address,city,province_code,postalcode,schoolemail,accesscode,registration_password,projectlimit,projectlimitper,year,principal_uid,sciencehead_uid) VALUES (
+						'".stripslashes($row[0])."',
+						'".stripslashes($row[1])."',
+						'".stripslashes($row[2])."',
+						'".stripslashes($row[3])."',
+						'".stripslashes($row[4])."',
+						'".stripslashes($row[5])."',
+						'".stripslashes($row[6])."',
+						'".stripslashes($row[7])."',
+						'".stripslashes($row[8])."',
+						'".stripslashes($row[9])."',
+						'".stripslashes($row[10])."',
+						'".stripslashes($row[14])."',
+						'".stripslashes($row[18])."',
+						'".stripslashes($row[19])."',
+						'".stripslashes($row[20])."',
+						'".stripslashes($row[21])."',
+						'".$config['FAIRYEAR']."',
+						'".$principal['uid']."',
+						'".$scienceHead['uid']."')");
+					$stmt->execute();
+										if(!$pdo->errorInfo())
 						$loaded++;
 					else
-						echo mysql_error();
+						echo $pdo->errorInfo();
 				}
 				echo happy(i18n("Successfully loaded %1 schools",array($loaded)));
 				echo "<a href=\"schools.php\">".i18n("School Management")."</a> <br />";
@@ -104,7 +135,7 @@
 		echo i18n("Choose the CSV file containing the school information.  The COLUMNS of the file must contain the following information, in this exact order, separated by comma's (,) with fields optionally enclosed by quotes (\"):");
 		echo "<br />";
 		echo "<br />";
-		echo i18n("School Name, School Lang, School Level, Board, District, Phone, Fax, Address, City, %1, %2, Principal, School Email, Science Head, Science Head Email, Science Head Phone, Access Code, Registration Password, Project Limit, Project Limit Per(total or agecategory)",array(i18n($config['provincestate']),i18n($config['postalzip'])));
+		echo i18n("School Name, School Lang, School Level, Board, District, Phone, Fax, Address, City, %1, %2, Principal, Principal Email, Principal Phone, School Email, Science Head, Science Head Email, Science Head Phone, Access Code, Registration Password, Project Limit, Project Limit Per(total or agecategory)",array(i18n($config['provincestate']),i18n($config['postalzip'])));
 
 		echo "<br />";
 		echo "<br />";

admin/send_emailqueue.php

@@ -28,15 +28,18 @@ $sleepmax=2000000; // 2.0 second
 
 echo date("r")."\n";
 if(!$config['emailqueue_lock'])  {
-	mysql_query("UPDATE config SET val='".date("r")."' WHERE var='emailqueue_lock'");
+	$stmt = $pdo->prepare("UPDATE config SET val='".date("r")."' WHERE var='emailqueue_lock'");
+	$stmt->execute();
 
 	//loop forever, but not really, it'll get break'd as soon as there's nothing left to send
 	while(true) {
-		$q=mysql_query("SELECT * FROM emailqueue_recipients WHERE sent IS NULL AND result IS NULL LIMIT 1");
+		$q=$pdo->prepare("SELECT * FROM emailqueue_recipients WHERE sent IS NULL AND result IS NULL LIMIT 1");
-		if(mysql_num_rows($q)) {
+		$q->execute();
-			$r=mysql_fetch_object($q);
+		if($q->rowCount()) {
-			$eq=mysql_query("SELECT * FROM emailqueue WHERE id='$r->emailqueue_id'");
+			$r=$q->fetch(PDO::FETCH_OBJ);
-			$email=mysql_fetch_object($eq);
+			$eq=$pdo->prepare("SELECT * FROM emailqueue WHERE id='$r->emailqueue_id'");
+			$eq->execute();
+			$email=$eq->fetch(PDO::FETCH_OBJ);
 
 			$blank=array();
 			$replacements=(array)json_decode($r->replacements);
@@ -66,33 +69,40 @@ if(!$config['emailqueue_lock'])  {
 			$result=email_send_new($to,$email->from,$email->subject,$body,$bodyhtml);
 
 			if($result) {
-				mysql_query("UPDATE emailqueue_recipients SET sent=NOW(), `result`='ok' WHERE id='$r->id'");
+				$stmt = $pdo->prepare("UPDATE emailqueue_recipients SET sent=NOW(), `result`='ok' WHERE id='$r->id'");
-				echo mysql_error();
+				$stmt->execute()
+				echo $pdo->errorInfo();
 				$newnumsent=$email->numsent+1;
-				mysql_query("UPDATE emailqueue SET numsent=$newnumsent WHERE id='$email->id'");
+				$stmt = $pdo->prepare("UPDATE emailqueue SET numsent=$newnumsent WHERE id='$email->id'");
-				echo mysql_error();
+				$stmt->execute();
+				echo $pdo->errorInfo();
 				echo "ok\n";
 			}
 			else {
-				mysql_query("UPDATE emailqueue_recipients SET `sent`=NOW(), `result`='failed' WHERE id='$r->id'");
+				$stmt = Spdo->prepare("UPDATE emailqueue_recipients SET `sent`=NOW(), `result`='failed' WHERE id='$r->id'");
-				echo mysql_error();
+				$stmt->execute();
+				echo $pdo->errorInfo();
 				$newnumfailed=$email->numfailed+1;
-				mysql_query("UPDATE emailqueue SET numfailed=$newnumfailed WHERE id='$email->id'");
+				$stmt = $pdo->prepare("UPDATE emailqueue SET numfailed=$newnumfailed WHERE id='$email->id'");
-				echo mysql_error();
+				$stmt->execute();
+				echo $pdo->errorInfo();
 				echo "failed\n";
 			}
 			//now check if we're done yet
-			$rq=mysql_query("SELECT COUNT(*) AS num FROM emailqueue_recipients WHERE sent IS NULL AND emailqueue_id='$email->id'");
+			$rq=$pdo->prepare("SELECT COUNT(*) AS num FROM emailqueue_recipients WHERE sent IS NULL AND emailqueue_id='$email->id'");
-			$rr=mysql_fetch_object($rq);
+			$rq->execute();
+			$rr=$rq;->fetch(PDO::FETCH_OBJ)
 			if($rr->num==0) {
-				mysql_query("UPDATE emailqueue SET finished=NOW() WHERE id='$email->id'");
+				$stmt = $pdo->prepare("UPDATE emailqueue SET finished=NOW() WHERE id='$email->id'");
+				$stmt->execute();
 			}
 			usleep(rand($sleepmin,$sleepmax));
 		}
 		else
 			break;
 	}
-	mysql_query("UPDATE config SET val='' WHERE var='emailqueue_lock'");
+	$stmt = $pdo->prepare("UPDATE config SET val='' WHERE var='emailqueue_lock'");
+	$stmt->execute();
 }
 else {
 	echo "Already locked\n";

admin/settranslation.php

@@ -32,15 +32,19 @@ foreach($config['languages'] AS $l=>$ln) {
     $m=md5($_POST['translate_str_hidden']);
 
     if($_POST['translate_'.$l]) {
-        $q=mysql_query("SELECT * FROM translations WHERE lang='$l' AND strmd5='$m'");
+        $q=$pdo->prepare("SELECT * FROM translations WHERE lang='$l' AND strmd5='$m'");
-        if(mysql_num_rows($q))
+        $q->execute();
-            mysql_query("UPDATE translations SET val='".mysql_real_escape_string(iconv("UTF-8","ISO-8859-1",stripslashes($_POST['translate_'.$l])))."' WHERE lang='$l' AND strmd5='$m'");
+        if($q->rowCount())
-        else
+            $stmt = $pdo->prepare("UPDATE translations SET val='".iconv("UTF-8","ISO-8859-1",stripslashes($_POST['translate_'.$l]))."' WHERE lang='$l' AND strmd5='$m'");
-            mysql_query("INSERT INTO translations (lang,strmd5,str,val) VALUES ('$l','$m','".mysql_real_escape_string(iconv("UTF-8","ISO-8859-1",stripslashes($_POST['translate_str_hidden'])))."','".mysql_escape_string(iconv("UTF-8","ISO-8859-1",stripslashes($_POST['translate_'.$l])))."')");
+        $stmt->execute();else
-    }
+
+            $stmt = $pdo->prepare("INSERT INTO translations (lang,strmd5,str,val) VALUES ('$l','$m','".iconv("UTF-8","ISO-8859-1",stripslashes($_POST['translate_str_hidden']))."','".iconv("UTF-8","ISO-8859-1",stripslashes($_POST['translate_'.$l]))."')");
+    $stmt->execute();}
+
     else {
-        mysql_query("DELETE FROM translations WHERE lang='$l' AND strmd5='$m'");
+        $stmt = $pdo->prepare("DELETE FROM translations WHERE lang='$l' AND strmd5='$m'");
-    }
+    $stmt->execute();}
+
 }
 echo "ok";
 

admin/sponsor_contacts.php

@@ -38,11 +38,12 @@
 ?>
 
 <?
-	$q=mysql_query("SELECT id,organization FROM sponsors ORDER BY organization");
+	$q=$pdo->prepare("SELECT id,organization FROM sponsors ORDER BY organization");
+	$q->execute();
 	echo "<form method=\"get\" action=\"sponsor_contacts.php\" name=\"sponsorchange\">";
 	echo "<select name=\"sponsors_id\" onchange=\"document.forms.sponsorchange.submit()\">";
 	echo "<option value=\"\">".i18n("Choose a sponsor to view contacts")."</option>";
-	while($r=mysql_fetch_object($q))
+	while($r=$q->fetch(PDO::fETCH_OBJ))
 	{
 		if($r->id == $sponsors_id)
 		{
@@ -73,7 +74,7 @@
 
 			if($p == 'no') {
 				/* Make sure this sponsor ($sponsors_id) has a primary */
-				$q = mysql_query("SELECT users_id 
+				$q = $pdo->prepare("SELECT users_id 
 							FROM users_sponsor, users 
 							WHERE
 							users_sponsor.users_id=users.id
@@ -81,14 +82,16 @@
 							AND `primary`='yes'
 							AND year='".$config['FAIRYEAR']."'
 							AND users_id!='$id'");
-				if(mysql_num_rows($q) == 0) {
+					$q->execute();
+				if($q->rowCount() == 0) {
 					/* This must be the primary */
 					$p = 'yes';
 				} 
 			} else {
 				/* Unset all other primaries */
-				mysql_query("UPDATE users_sponsor SET `primary`='no'
+				$stmt = $pdo->prepare("UPDATE users_sponsor SET `primary`='no'
 						WHERE  sponsors_id='$sponsors_id'");
+				$stmt->execute();
 			}
 
 			$u['primary']=$p;
@@ -125,7 +128,7 @@
 				echo "<h3>".i18n("Edit %1 Contact",array($sponsors_organization))."</h3>\n";
 				$buttontext="Save Contact";
 //				$q=mysql_query("SELECT * FROM sponsor_contacts WHERE id='".$_GET['edit']."'");
-//				$r=mysql_fetch_object($q);
+//				$r=$q->fetch(PDO::fETCH_OBJ);
 				$u=user_load(intval($_GET['edit']));
 			}
 			else if($_GET['action']=="add")
@@ -171,14 +174,15 @@
 			echo "<a href=\"sponsor_contacts.php?sponsors_id=$sponsors_id&action=add\">".i18n("Add New Contact to %1",array($sponsors_organization))."</a>\n";
 			echo "<br />";
 
-			$q=mysql_query("SELECT * FROM users LEFT JOIN users_sponsor ON users_sponsor.users_id=users.id
+			$q=$pdo->prepare("SELECT * FROM users LEFT JOIN users_sponsor ON users_sponsor.users_id=users.id
 					 WHERE year='".$config['FAIRYEAR']."' 
 					 AND sponsors_id='$sponsors_id' 
 					 AND deleted='no' 
 					 ORDER BY lastname,firstname");
-			echo mysql_Error();
+			$q->execute();
+			echo $pdo->errorInfo();
 
-			if(mysql_num_rows($q))
+			if($q->rowCount())
 			{
 				echo "<table class=\"tableview\">";
 				echo "<thead><tr>";
@@ -191,7 +195,7 @@
 				echo "</tr></thead>\n";
 
 
-				while($r=mysql_fetch_object($q))
+				while($r=$q->fetch(PDO::fETCH_OBJ))
 				{
 					echo "<tr>\n";
 					echo " <td>";

admin/student_editor.php

@@ -38,11 +38,12 @@ if($auth_type == 'fair') {
 	} else {
 		/* Make sure they have permission to laod this student, check
 		the master copy of the fairs_id in the project */
-		$q=mysql_query("SELECT * FROM projects WHERE 
+		$q=$pdo->prepare("SELECT * FROM projects WHERE 
 				registrations_id='$registrations_id' 
 				AND year='{$config['FAIRYEAR']}'
 				AND fairs_id=$fairs_id");
-		if(mysql_num_rows($q) != 1) {
+		$q->execute();
+		if($q->rowCount() != 1) {
 			echo "permission denied.";
 			exit;
 		} 
@@ -70,20 +71,53 @@ case 'students_save':
 
 case 'student_remove':
 	$remove_id = intval($_GET['students_id']);
-	$q=mysql_query("SELECT id FROM students WHERE id='$remove_id' AND registrations_id='$registrations_id'");
+	$q=$pdo->prepare("SELECT id FROM students WHERE id='$remove_id' AND registrations_id='$registrations_id'");
-	if(mysql_num_rows($q)!=1) {
+	$q->execute();
+	if($q->rowCount()!=1) {
+		error_("Invalid student to remove");
+		exit;
+	}
+	if($q->rowCount()!=1) {
 		error_("Invalid student to remove");
 		exit;
 	}
 
-	mysql_query("DELETE FROM students WHERE id='$remove_id' AND registrations_id='$registrations_id'");
+	$stmt = $pdo->prepare("DELETE FROM students WHERE id='$remove_id' AND registrations_id='$registrations_id'");
+	$stmt->execute();
 
 	//now see if they have an emergency contact that also needs to be removed
-	$q=mysql_query("SELECT id FROM emergencycontact WHERE students_id='$remove_id' AND registrations_id='$registrations_id' AND year='{$config['FAIRYEAR']}'");
+	$q=$pdo->prepare("SELECT id FROM emergencycontact WHERE students_id='$remove_id' AND registrations_id='$registrations_id' AND year='{$config['FAIRYEAR']}'");
+	$q->execute();
 	//no need to error message if this doesnt exist
-	if(mysql_num_rows($q)==1)
+	if($q->rowCount()==1)
-		mysql_query("DELETE FROM emergencycontact WHERE students_id='$remove_id' AND registrations_id='$registrations_id' AND year='{$config['FAIRYEAR']}'");
+		$stmt = $do->prepare("DELETE FROM emergencycontact WHERE students_id='$remove_id' AND registrations_id='$registrations_id' AND year='{$config['FAIRYEAR']}'");
+		$stmt->execute();
+	if($q->rowCount()!=1) {
+		error_("Invalid student to remove");
+		exit;
+	}
 
+	$stmt = $pdo->prepare("DELETE FROM students WHERE id='$remove_id' AND registrations_id='$registrations_id'");
+	$stmt->execute();
+
+	//now see if they have an emergency contact that also needs to be removed
+	$q=$pdo->prepare("SELECT id FROM emergencycontact WHERE students_id='$remove_id' AND registrations_id='$registrations_id' AND year='{$config['FAIRYEAR']}'");
+	$q->execute();
+	//no need to error message if this doesnt exist
+	if($q->rowCount()==1)
+		$stmt = $do->prepare("DELETE FROM emergencycontact WHERE students_id='$remove_id' AND registrations_id='$registrations_id' AND year='{$config['FAIRYEAR']}'");
+		$stmt->execute();
+
+	$stmt = $pdo->prepare("DELETE FROM students WHERE id='$remove_id' AND registrations_id='$registrations_id'");
+	$stmt->execute();
+
+	//now see if they have an emergency contact that also needs to be removed
+	$q=$pdo->prepare("SELECT id FROM emergencycontact WHERE students_id='$remove_id' AND registrations_id='$registrations_id' AND year='{$config['FAIRYEAR']}'");
+	$q->execute();
+	//no need to error message if this doesnt exist
+	if($q->rowCount()==1)
+		$stmt = $do->prepare("DELETE FROM emergencycontact WHERE students_id='$remove_id' AND registrations_id='$registrations_id' AND year='{$config['FAIRYEAR']}'");
+		$stmt->execute();
 	happy_("Student successfully removed");
 	exit;
 
@@ -105,34 +139,35 @@ function students_save()
 		if($_POST['id'][$x]==0) {
 			//if they use schoolpassword or singlepassword, then we need to set the school based on the school stored in the registration record.  for anything else they can school the school on their own.
 			if($config['participant_registration_type']=="schoolpassword" || $config['participant_registration_type']=="invite") {
-				$q=mysql_query("SELECT schools_id FROM registrations WHERE id='$registrations_id' AND YEAR='{$config['FAIRYEAR']}'");
+				$q=$pdo->prepare("SELECT schools_id FROM registrations WHERE id='$registrations_id' AND YEAR='{$config['FAIRYEAR']}'");
-				$r=mysql_fetch_object($q);
+				$q->execute();
+				$r=$q->fetch(PDO::FETCH_OBJ);
 				$schools_id=$r->schools_id;
 				$schoolvalue="'$schools_id', ";
 			} else {
-				$schoolvalue="'".mysql_escape_string(stripslashes($_POST['schools_id'][$x]))."', ";
+				$schoolvalue="'".stripslashes($_POST['schools_id'][$x])."', ";
 			}
 			//INSERT new record
 			$dob=$_POST['year'][$x]."-".$_POST['month'][$x]."-".$_POST['day'][$x];
-			mysql_query("INSERT INTO students (registrations_id,firstname,lastname,sex,email,address,city,province,postalcode,phone,dateofbirth,grade,schools_id,tshirt,medicalalert,foodreq,teachername,teacheremail,year) VALUES (".
+			$stmt -> prepare("INSERT INTO students (registrations_id,firstname,lastname,sex,email,address,city,province,postalcode,phone,dateofbirth,grade,schools_id,tshirt,medicalalert,foodreq,teachername,teacheremail,year) VALUES (".
 					"'".$registrations_id."', ".
-					"'".mysql_escape_string(iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['firstname'][$x])))."', ".
+					"'".iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['firstname'][$x]))."', ".
-					"'".mysql_escape_string(iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['lastname'][$x])))."', ".
+					"'".iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['lastname'][$x]))."', ".
-					"'".mysql_escape_string(stripslashes($_POST['sex'][$x]))."', ".
+					"'".stripslashes($_POST['sex'][$x])."', ".
-					"'".mysql_escape_string(iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['email'][$x])))."', ".
+					"'".iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['email'][$x]))."', ".
-					"'".mysql_escape_string(iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['address'][$x])))."', ".
+					"'".iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['address'][$x]))."', ".
-					"'".mysql_escape_string(iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['city'][$x])))."', ".
+					"'".iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['city'][$x]))."', ".
-					"'".mysql_escape_string(iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['province'][$x])))."', ".
+					"'".iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['province'][$x]))."', ".
-					"'".mysql_escape_string(stripslashes($_POST['postalcode'][$x]))."', ".
+					"'".stripslashes($_POST['postalcode'][$x])."', ".
-					"'".mysql_escape_string(stripslashes($_POST['phone'][$x]))."', ".
+					"'".stripslashes($_POST['phone'][$x])."', ".
 					"'$dob', ".
-					"'".mysql_escape_string(stripslashes($_POST['grade'][$x]))."', ".
+					"'".stripslashes($_POST['grade'][$x])."', ".
 					$schoolvalue.
-					"'".mysql_escape_string(stripslashes($_POST['tshirt'][$x]))."', ".
+					"'".stripslashes($_POST['tshirt'][$x])."', ".
-					"'".mysql_escape_string(stripslashes($_POST['medicalalert'][$x]))."', ".
+					"'".stripslashes($_POST['medicalalert'][$x])."', ".
-					"'".mysql_escape_string(stripslashes($_POST['foodreq'][$x]))."', ".
+					"'".stripslashes($_POST['foodreq'][$x])."', ".
-					"'".mysql_escape_string(iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['teachername'][$x])))."', ".
+					"'".iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['teachername'][$x]))."', ".
-					"'".mysql_escape_string(iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['teacheremail'][$x])))."', ".
+					"'".iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['teacheremail'][$x]))."', ".
 					"'".$config['FAIRYEAR']."')");
 
 			happy_("%1 %2 successfully added",array($_POST['firstname'][$x],$_POST['lastname'][$x]));
@@ -143,32 +178,33 @@ function students_save()
 			if(( $config['participant_registration_type']=="schoolpassword" || $config['participant_registration_type']=="invite") && !$_POST['schools_id'][$x]) {
 				$schoolquery="";
 			} else if($_POST['schools_id'][$x]) {
-				$schoolquery="schools_id='".mysql_escape_string(stripslashes($_POST['schools_id'][$x]))."', ";
+				$schoolquery="schools_id='".stripslashes($_POST['schools_id'][$x])."', ";
 			} else
 				$schoolquery="";
 
 
 			//UPDATE existing record
 			$dob=$_POST['year'][$x]."-".$_POST['month'][$x]."-".$_POST['day'][$x];
-			mysql_query("UPDATE students SET ".
+			$stmt = $pdo->prepare("UPDATE students SET ".
-					"firstname='".mysql_escape_string(iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['firstname'][$x])))."', ".
+					"firstname='".iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['firstname'][$x]))."', ".
-					"lastname='".mysql_escape_string(iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['lastname'][$x])))."', ".
+					"lastname='".iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['lastname'][$x]))."', ".
-					"sex='".mysql_escape_string(stripslashes($_POST['sex'][$x]))."', ".
+					"sex='".stripslashes($_POST['sex'][$x])."', ".
-					"email='".mysql_escape_string(iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['email'][$x])))."', ".
+					"email='".iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['email'][$x]))."', ".
-					"address='".mysql_escape_string(iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['address'][$x])))."', ".
+					"address='".iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['address'][$x]))."', ".
-					"city='".mysql_escape_string(iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['city'][$x])))."', ".
+					"city='".iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['city'][$x]))."', ".
-					"province='".mysql_escape_string(iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['province'][$x])))."', ".
+					"province='".iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['province'][$x]))."', ".
-					"postalcode='".mysql_escape_string(stripslashes($_POST['postalcode'][$x]))."', ".
+					"postalcode='".stripslashes($_POST['postalcode'][$x])."', ".
-					"phone='".mysql_escape_string(stripslashes($_POST['phone'][$x]))."', ".
+					"phone='".stripslashes($_POST['phone'][$x])."', ".
 					"dateofbirth='$dob', ".
-					"grade='".mysql_escape_string(stripslashes($_POST['grade'][$x]))."', ".
+					"grade='".stripslashes($_POST['grade'][$x])."', ".
 					$schoolquery.
-					"medicalalert='".mysql_escape_string(iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['medicalalert'][$x])))."', ".
+					"medicalalert='".iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['medicalalert'][$x]))."', ".
-					"foodreq='".mysql_escape_string(iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['foodreq'][$x])))."', ".
+					"foodreq='".iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['foodreq'][$x]))."', ".
-					"teachername='".mysql_escape_string(iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['teachername'][$x])))."', ".
+					"teachername='".iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['teachername'][$x]))."', ".
-					"teacheremail='".mysql_escape_string(iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['teacheremail'][$x])))."', ".
+					"teacheremail='".iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['teacheremail'][$x]))."', ".
-					"tshirt='".mysql_escape_string(stripslashes($_POST['tshirt'][$x]))."' ".
+					"tshirt='".stripslashes($_POST['tshirt'][$x])."' ".
 					"WHERE id='".$_POST['id'][$x]."'");
+			$stmt->execute();
 			happy_("%1 %2 successfully updated",array(iconv("UTF-8","ISO-8859-1//TRANSLIT",$_POST['firstname'][$x]),iconv("UTF-8","ISO-8859-1//TRANSLIT",$_POST['lastname'][$x])));
 		}
 		$x++;	
@@ -181,12 +217,13 @@ function students_load()
 	global $registrations_id, $config;
 
 	//now query and display 
-	$q=mysql_query("SELECT * FROM students WHERE
+	$q=$pdo->prepare("SELECT * FROM students WHERE
 				registrations_id='$registrations_id' 
 				AND year='{$config['FAIRYEAR']}'");
-	echo mysql_error();
+	$q->execute();
+	echo $pdo->errorInfo();
 
-	$numfound=mysql_num_rows($q);
+	$numfound=$q->rowCount();
 
 	$numtoshow = intval($_GET['numstudents']);
 	if($numtoshow == 0) $numtoshow=$numfound;
@@ -208,7 +245,7 @@ function students_load()
 
 	echo "<form id=\"students_form\" >";
 	for($x=1;$x<=$numtoshow;$x++) {
- 		$studentinfo=mysql_fetch_object($q);
+ 		$studentinfo=$q->fetch(PDO::FETCH_OBJ);
 		echo "<h3>".i18n("Student %1 Details",array($x))."</h3>";
 		//if we have a valid student, set their ID, so we can UPDATE when we submit
 		//if there is no record for this student, then set the ID to 0, so we will INSERT when we submit
@@ -241,10 +278,9 @@ function students_load()
 		echo "</tr>\n";
 
 		echo "<tr>\n";
-		echo " <td>".i18n("Email Address")."</td><td><input type=\"text\" name=\"email[$x]\" value=\"$studentinfo->email\" />".REQUIREDFIELD."</td>\n";
+		echo " <td>".i18n("Email Address")."</td><td><input size=\"30\" type=\"text\" name=\"email[$x]\" value=\"$studentinfo->email\" />".REQUIREDFIELD."</td>\n";
 
-		if($config['participant_student_personal']=="yes")
+		if($config['participant_student_personal']=="yes") {
-		{
 			echo " <td>".i18n("City")."</td><td><input type=\"text\" name=\"city[$x]\" value=\"$studentinfo->city\" />".REQUIREDFIELD."</td>\n";
 		} 
 		else
@@ -345,12 +381,13 @@ function students_load()
 
 		echo "<tr>\n";
 		echo " <td>".i18n("School")."</td><td colspan=\"3\">";
-		if( $config['participant_registration_type']=="open" || $config['participant_registration_type']=="singlepassword" || ($studentinfo && !$studentinfo->schools_id) )
+		if( $config['participant_registration_type']=="open" || $config['participant_registration_type']=="singlepassword" || $config['participant_registration_type']=="openorinvite" || ($studentinfo && !$studentinfo->schools_id) )
 		{
-			$schoolq=mysql_query("SELECT id,school,city FROM schools WHERE year='".$config['FAIRYEAR']."' ORDER by city,school");
+			$schoolq=$pdo->prepare("SELECT id,school,city FROM schools WHERE year='".$config['FAIRYEAR']."' ORDER by city,school");
+			$schoolq->execute();
 			echo "<select name=\"schools_id[$x]\">\n";
 			echo "<option value=\"\">".i18n("Choose School")."</option>\n";
-			while($r=mysql_fetch_object($schoolq))
+			while($r=$schoolq->fetch(PDO::FETCH_OBJ))
 			{
 				if($studentinfo->schools_id==$r->id) $sel="selected=\"selected\""; else $sel="";
 				echo "<option $sel value=\"$r->id\">".htmlspecialchars($r->city).' - '.htmlspecialchars($r->school)."</option>\n";
@@ -360,8 +397,9 @@ function students_load()
 		}
 		else
 		{
-			$schoolq=mysql_query("SELECT id,school FROM schools WHERE year='".$config['FAIRYEAR']."' AND id='$studentinfo->schools_id'");
+			$schoolq=$pdo->prepare("SELECT id,school FROM schools WHERE year='".$config['FAIRYEAR']."' AND id='$studentinfo->schools_id'");
-			$r=mysql_fetch_object($schoolq);
+			$schoolq->execute();
+			$r=$schoolq->fetch(PDO::FETCH_OBJ);
 			echo $r->school;
 		}
 
@@ -415,22 +453,25 @@ function registration_load()
 		/* Find a reg num */
 		do {
 			$regnum=rand(100000,999999);
-			$q=mysql_query("SELECT * FROM registrations WHERE num='$regnum' AND year={$config['FAIRYEAR']}");
+			$q=$pdo->prepare("SELECT * FROM registrations WHERE num='$regnum' AND year={$config['FAIRYEAR']}");
-		} while(mysql_num_rows($q)>0);
+			$q->execute();
+		} while($q->rowCount()>0);
 
 		$r['num'] = $regnum;
 		echo notice(i18n('New registration number generated.'));
 		echo notice(i18n('This new registration will added when the "Save Registration Information" button is pressed below.  At that time the other tabs will become available.'));
 	} else {
-		$q = mysql_query("SELECT * FROM registrations WHERE id='$registrations_id'");
+		$q = $pdo->prepare("SELECT * FROM registrations WHERE id='$registrations_id'");
-		if(mysql_num_rows($q) != 1) 
+		$q->execute();
+		if($q->rowCount() != 1) 
 			$r = array();
 		else {
-			$r = mysql_fetch_assoc($q);
+			$r = $q->fetch(PDO::FETCH_ASSOC);
 			/* Get the fair from the project */
-			$q = mysql_query("SELECT fairs_id FROM projects WHERE registrations_id='$registrations_id'");
+			$q = $pdo->prepare("SELECT fairs_id FROM projects WHERE registrations_id='$registrations_id'");
-			if(mysql_num_rows($q) == 1) {
+			$q->execute();
-				$p = mysql_fetch_assoc($q);
+			if($q->rowCount() == 1) {
+				$p = $q->fetch(PDO::FETCH_ASSOC);
 				$r['fairs_id'] = $p['fairs_id'];
 			}
 		}
@@ -439,8 +480,9 @@ function registration_load()
 
 	/* Load fairs */
 	$fairs = array();
-	$q = mysql_query("SELECT * FROM fairs WHERE type='feeder'");
+	$q = $pdo->prepare("SELECT * FROM fairs WHERE type='feeder'");
-	while(($f = mysql_fetch_assoc($q))) {
+	$q->execute();
+	while(($f = $q->fetch(PDO::FETCH_ASSOC))) {
 		$fairs[$f['id']] = $f;
 	}
 
@@ -501,40 +543,47 @@ function registration_save()
 {
 	global $registrations_id, $config, $auth_type;
 	$registration_num = intval($_POST['registration_num']);
-	$registration_status = mysql_real_escape_string(stripslashes($_POST['registration_status']));
+	$registration_status = stripslashes($_POST['registration_status']);
-	$registration_email = mysql_real_escape_string(stripslashes($_POST['registration_email']));
+	$registration_email = stripslashes($_POST['registration_email']);
 	$fairs_id = intval($_POST['registration_fair']);
 
 	if($registrations_id == -1) {
-		mysql_query("INSERT INTO registrations (start,schools_id,year) VALUES (
+		$stmt=$pdo->prepare("INSERT INTO registrations (start,schools_id,year) VALUES (
 					NOW(), NULL, '{$config['FAIRYEAR']}')");
-		$registrations_id = mysql_insert_id();
+		$stmt->execute();
+		$registrations_id = $pdo->lastInsertId();
 
 		/* Create one student and a project */
-		mysql_query("INSERT INTO students (registrations_id,email,year) VALUES (
+		$stmt=$pdo->prepare("INSERT INTO students (registrations_id,email,year) VALUES (
+		
 					$registrations_id, '$registration_email', '{$config['FAIRYEAR']}')");
-		mysql_query("INSERT INTO projects (registrations_id,year) VALUES (
+		$stmt->execute();
+		$stmt=$pdo->prepare("INSERT INTO projects (registrations_id,year) VALUES (
+		
 					$registrations_id, '{$config['FAIRYEAR']}')");
+		$stmt->execute();
 		happy_('Created student and project record');
 	}
 
 	/* Update registration */
-	mysql_query("UPDATE registrations SET 
+	$stmt = $pdo->prepare("UPDATE registrations SET 
 					num='$registration_num',
 					status='$registration_status',
 					email='$registration_email'
 				WHERE 
 					id='$registrations_id'");
-	echo mysql_error();
+	$stmt->execute();
+	echo $pdo->errorInfo();
 
 	/* And the fairs_id, override anythign specified 
 	 * if the user is a fair, force their own fairs_id */
 	if($auth_type == 'fair') $fairs_id = $_SESSION['fairs_id'];
-	mysql_query("UPDATE projects SET 
+	$stmt = $pdo->prepare("UPDATE projects SET 
 					fairs_id='$fairs_id'
 				WHERE 
 					registrations_id='$registrations_id'");
-	echo mysql_error();
+	$stmt->execute();
+	echo $pdo->errorInfo();
 	happy_('Information Saved');
 	echo "<script language=\"javascript\" type=\"text/javascript\">";
 	echo "registrations_id=$registrations_id;";

admin/tours_assignments.php

@@ -30,9 +30,10 @@
  /* Load Tours */
  $query = "SELECT * FROM tours WHERE 
 		year='{$config['FAIRYEAR']}'";
- $r = mysql_query($query);
+ $r = $pdo->prepare($query);
+ $r->execute();
  $tours = array();
- while($i = mysql_fetch_object($r)) {
+ while($i = $r->fetch(PDO::FETCH_OBJ)) {
 	$tours[$i->id]['name'] = $i->name;
 	$tours[$i->id]['num'] = $i->num;
  }
@@ -42,8 +43,9 @@
 
 	$query="SELECT * FROM students WHERE id='$sid'
 			AND year='{$config['FAIRYEAR']}'";
-	$r = mysql_query($query);
+	$r = $pdo->prepare($query);
-	$i = mysql_fetch_object($r);
+	$r->execute();
+	$i = $r->fetch(PDO::FETCH_OBJ);
 
 	send_popup_header(i18n('Student Tour Rank Information - %1 %2',
 				array($i->firstname, $i->lastname)));
@@ -51,10 +53,11 @@
 				WHERE students_id='$sid'
 				AND year='{$config['FAIRYEAR']}'
 				ORDER BY rank";
-	$r = mysql_query($query);
+	$r = $pdo->prepare($query);
+	$r->execute();
 	echo '<table>';
-	$count = mysql_num_rows($r);
+	$count = $r->rowwCount();
-	while($i = mysql_fetch_object($r)) {
+	while($i = $r->fetch(PDO::FETCH_OBJ)) {
 		echo '<tr><td align="right">';
 		if($i->rank == 0) {
 			echo '<b><nobr>'.i18n('Current Assigned Tour').':</nobr></b>';
@@ -152,23 +155,26 @@ function switchinfo()
 			/* Make sure the student exists */
 			$sid = intval($sid);
 
-			$q = mysql_query("SELECT registrations_id FROM students 
+			$q = $pdo->prepare("SELECT registrations_id FROM students 
 					WHERE id='$sid'");
-			$i = mysql_fetch_object($q);
+			$q->execute();
+			$i = $q->fetch(PDO::FETCH_OBJ);
 			$rid = $i->registrations_id;
 
 			/* Delete any old linking */
-			mysql_query("DELETE FROM tours_choice WHERE
+			$stmt = $pdo->prepare("DELETE FROM tours_choice WHERE
 					students_id='$sid' AND
 					year='{$config['FAIRYEAR']}' AND
 					rank='0'");
+			$stmt->execute();
 			/* Connect this student to this tour */
-			mysql_query("INSERT INTO tours_choice 
+			$stmt = $pdo->prepare("INSERT INTO tours_choice 
 					(`students_id`,`registrations_id`,
 						`tour_id`,`year`,`rank`)
 					VALUES (
 					'$sid', '$rid', '$tours_id',
 					'{$config['FAIRYEAR']}','0')");
+			$stmt->execute();
 			$added++;
 		}
 		if($added==1) $j=i18n("student");
@@ -182,10 +188,11 @@ function switchinfo()
 	$students_id = intval($_GET['students_id']);
 
 	if($_GET['action']=='del' && $tours_id>0 && $students_id>0) {
-		mysql_query("DELETE FROM tours_choice 
+		$stmt = $pdo->prepare("DELETE FROM tours_choice 
 				WHERE students_id='$students_id' 
 				AND year='{$config['FAIRYEAR']}'
 				AND rank='0'");
+		$stmt->execute();
 
 		echo happy(i18n("Removed student from tour #%1 (%2)",array($tours[$tours_id]['num'],$tours[$tours_id]['name'])));
 
@@ -193,10 +200,11 @@ function switchinfo()
 
 	if($_GET['action']=="empty" && $tours_id>0)
 	{
-		mysql_query("DELETE FROM tours_choice WHERE 
+		$stmt=$po->prepare("DELETE FROM tours_choice WHERE 
 				tour_id='$tours_id'
 				AND year='{$config['FAIRYEAR']}'
 				AND rank='0'");
+		$stmt->execute();
 		echo happy(i18n("Emptied all students from tour #%1 (%2)",array($tours[$tours_id]['num'],$tours[$tours_id]['name'])));
 	}
 
@@ -241,13 +249,14 @@ function switchinfo()
 				students.firstname,
 				tours_choice.rank";
 
-	$q=mysql_query($querystr);
+	$q=$pdo->prepare($querystr);
+	$q->execute();
 
-	echo mysql_error();
+	echo $pdo->errorInfo();
 
 	$student = array();
 	$last_student_id = -1;
-	while($r=mysql_fetch_object($q))
+	while($r=$q->fetch(PDO::FETCH_OBJ))
 	{
 		$id = $r->id;
 		$tours_id = $r->tour_id;

admin/tours_manager.php

@@ -38,10 +38,12 @@
 
 
  if($_GET['action'] == 'renumber') {
- 	$q = mysql_query("SELECT id FROM tours WHERE year='{$config['FAIRYEAR']}'");
+ 	$q = $pdo->prepare("SELECT id FROM tours WHERE year='{$config['FAIRYEAR']}'");
+	$q->execute();
 	$x = 1;
-	while($i = mysql_fetch_object($q)) {
+	while($i = $q->fetch(PDP::FETCH_OBJ)) {
-		mysql_query("UPDATE tours SET num='$x' WHERE id='{$i->id}'");
+		$stmt = $pdo->prepare("UPDATE tours SET num='$x' WHERE id='{$i->id}'");
+		$stmt->execute();
 		$x++;
 	}
 	echo happy(i18n('Tours successfully renumbered'));

admin/tours_sa.php

@@ -44,8 +44,9 @@ TRACE("<pre>");
 function set_status($txt)
 {
 	TRACE("Status: $txt\n");
-	mysql_query("UPDATE config SET val='$txt' WHERE 
+	$stmt = $pdo->prepare("UPDATE config SET val='$txt' WHERE 
 			var='tours_assigner_activity' AND year=0");
+	$stmt->execute();
 }
 
 $set_percent_last_percent = -1;
@@ -56,8 +57,9 @@ function set_percent($n)
 	if($p == $set_percent_last_percent) return;
 	TRACE("Progress: $p\%\n");
 	$set_percent_last_percent = $p;
-	mysql_query("UPDATE config SET val='$p' WHERE 
+	$stmt=$pdo->prepare("UPDATE config SET val='$p' WHERE 
 			var='tours_assigner_percent' AND year=0");
+	$stmt->execute();
 }
 
 set_status("Initializing...");
@@ -180,19 +182,21 @@ function tour_cost_function($annealer, $bucket_id, $ids)
 
 set_status("Cleaning existing tour assignments...");
 TRACE("\n\n");
-$q=mysql_query("DELETE FROM tours_choice 
+$q=$pdo->prepare("DELETE FROM tours_choice 
 		WHERE year='{$config['FAIRYEAR']}'
 		AND rank='0'");
+$q->execute();
 
 set_status("Loading Data From Database...");
 TRACE("\n\n");
 TRACE("Tours...\n");
 $tours = array();
-$q=mysql_query("SELECT * FROM tours WHERE year='{$config['FAIRYEAR']}'");
+$q=$pdo->prepare("SELECT * FROM tours WHERE year='{$config['FAIRYEAR']}'");
+$q-->execute();
 $x=0;
 /* Index with $x here, because these need to match up with the bucket ids of
  * the annealer */
-while($r=mysql_fetch_object($q)) {
+while($r=$q->fetch(PDO::FETCH_OBJ)) {
 	$tours[$x]['capacity'] = $r->capacity; 
 	$tours[$x]['grade_min'] = $r->grade_min; 
 	$tours[$x]['grade_max'] = $r->grade_max; 
@@ -204,7 +208,7 @@ while($r=mysql_fetch_object($q)) {
 
 $students = array();
 TRACE("Loading Students...\n");
-$q=mysql_query("SELECT students.id,students.grade,
+$q=$pdo->prepare("SELECT students.id,students.grade,
 			students.registrations_id,
 			students.schools_id,
 			students.firstname, students.lastname
@@ -217,9 +221,10 @@ $q=mysql_query("SELECT students.id,students.grade,
 		ORDER BY
 			students.id
 			");
+	$q->execute();
 $last_sid = -1;
-TRACE(mysql_error());
+TRACE($pdo->errorInfo());
-while($r=mysql_fetch_object($q)) {
+while($r=$q->fetch(PDO::FETCH_OBJ)) {
 	$sid = $r->id;
 	$students[$sid]['name'] = $r->firstname.' '.$r->lastname;
 	$students[$sid]['grade'] = $r->grade;
@@ -231,12 +236,13 @@ $student_ids = array_keys($students);
 TRACE("   ".(count($student_ids))." students loaded\n");
 
 TRACE("Loading Tour Selection Preferences...\n");
-$q=mysql_query("SELECT * FROM tours_choice WHERE
+$q=$pdo->prepare("SELECT * FROM tours_choice WHERE
 			tours_choice.year='{$config['FAIRYEAR']}' 
 			ORDER BY rank ");
-TRACE(mysql_error());
+$q->execute();
+TRACE($pdo->errorInfo());
 $x=0;
-while($r=mysql_fetch_object($q)) {
+while($r=$q->fetch(PDO::FETCH_OBJ)) {
 	$sid = $r->students_id;
 	if(!array_key_exists($sid, $students)) continue;
 	$students[$sid]['rank'][$r->rank] = $r->tour_id;
@@ -269,13 +275,14 @@ foreach($tours as $x=>$t) {
 		$s = $students[$sid];
 		$tids = implode(' ', $s['rank']);
 		TRACE("   - {$s['name']} ($tids) (g:{$s['grade']} sid:{$sid} sch:{$s['schools_id']})\n");
-		mysql_query("INSERT INTO tours_choice 
+		$stmt = $pdo->prepare("INSERT INTO tours_choice 
 				(`students_id`,`registrations_id`,
 						`tour_id`,`year`,`rank`)
 				VALUES (
 				'$sid', '{$s['registrations_id']}', 
 				'{$t['id']}', '{$config['FAIRYEAR']}',
 				'0')");
+		$stmt->execute();
 	}
 }
 

admin/tours_sa_config.php

@@ -54,14 +54,15 @@ ogram; see the file COPYING.  If not, write to
  function tours_check_tours()
  {
  	global $config;
-	$q = mysql_query("SELECT * FROM tours WHERE year='{$config['FAIRYEAR']}'");
+	$q = $pdo->prepare("SELECT * FROM tours WHERE year='{$config['FAIRYEAR']}'");
-	return mysql_num_rows($q);
+	$q->execute();
+	return $q->rowCount();
  }
 
  function tours_check_students()
  {
  	global $config;
-	$q=mysql_query("SELECT students.id
+	$q=$pdo->prepare("SELECT students.id
 		FROM students
 			LEFT JOIN tours_choice ON (tours_choice.students_id=students.id)
 			LEFT JOIN registrations ON (registrations.id=students.registrations_id)
@@ -72,11 +73,13 @@ ogram; see the file COPYING.  If not, write to
 		ORDER BY
 			students.id, tours_choice.rank
 			");
-	return mysql_num_rows($q);
+	$q->execute();
+	return $q->rowCount();
  }
 
  if($_GET['action']=="reset") {
- 	mysql_query("UPDATE config SET `val`='-1' WHERE `var`='tours_assigner_percent' AND `year`=0");
+ 	$stmt = $pdo->prepare("UPDATE config SET `val`='-1' WHERE `var`='tours_assigner_percent' AND `year`=0");
+	$stmt->execute();
 	$config['tours_assigner_percent']=="-1";
 	echo happy(i18n("Judge assigner status forcibly reset"));
  }

admin/tours_sa_status.php

@@ -26,14 +26,16 @@ ogram; see the file COPYING.  If not, write to
 
  if($_GET['action'] == 'output') {
 	include "../data/config.inc.php";
-	mysql_connect($DBHOST,$DBUSER,$DBPASS);
+	include "../common.inc.php";
-	mysql_select_db($DBNAME);
+	
-	$q=mysql_query("SELECT val FROM config WHERE year='0' AND var='tours_assigner_percent'");
+	$q=$pdo->prepare("SELECT val FROM config WHERE year='0' AND var='tours_assigner_percent'");
-	$r=mysql_fetch_object($q);
+	$q->execute();
+	$r=$q->fetch(PDO::FETCH_OBJ);
 	$percent=$r->val;
 
-	$q=mysql_query("SELECT val FROM config WHERE year='0' AND var='tours_assigner_activity'");
+	$q=$pdo->prepare("SELECT val FROM config WHERE year='0' AND var='tours_assigner_activity'");
-	$r=mysql_fetch_object($q);
+	$q->execute();
+	$r=$q->fetch(PDO::FETCH_OBJ);
 	$status=$r->val;
 
 	echo "$percent:$status\n";
@@ -47,20 +49,7 @@ ogram; see the file COPYING.  If not, write to
 			'Tours' => 'admin/tours.php')
 				);
  require_once("../ajax.inc.php");
-?>
+?>DBHOST'updatestatus').innerHTML="Updating...";
-
-<script type="text/javascript">
-var starttime=0;
-var startpercent=0;
-var deltatime=0;
-var deltapercent=0;
-var avgtimeperpercent=0;
-var remainingpercent=0;
-var remainingtime=0;
-
-function updateStatus()
-{
-	document.getElementById('updatestatus').innerHTML="Updating...";
 	var url="tours_sa_status.php?action=output";
 	http.open("GET",url,true);
 	http.onreadystatechange=handleResponse;
@@ -73,26 +62,26 @@ function clearUpdatingMessage()
 
 }
 
-function handleResponse()
+function handleResponse()DBHOST
 {
 	try {
 
 		if(http.readyState==4)
-		{
+		{DBHOST
 			var obj=http.responseText.split(":");
-			document.getElementById('schedulerstatus').innerHTML=obj[1];
+			document.getEleDBHOSTmentById('schedulerstatus').innerHTML=obj[1];
 			if(obj[0]=="-1")
 			{
 				document.getElementById('schedulerpercent').innerHTML="100%";
 				document.getElementById('updatestatus').innerHTML="Scheduling Complete";
-				document.getElementById('schedulereta').innerHTML="Complete";
+				document.getDBHOSTElementById('schedulereta').innerHTML="Complete";
 			}
 			else
 			{
 				document.getElementById('schedulerpercent').innerHTML=obj[0]+"%";
-				setTimeout('updateStatus()',5000);
+				setTimeout('DBHOSTupdateStatus()',5000);
 				document.getElementById('updatestatus').innerHTML="Updating... Done!";
-				setTimeout('clearUpdatingMessage()',500);
+				setTimeout('DBHOSTclearUpdatingMessage()',500);
 
 				var currentTime=new Date();
 				if(starttime==0)
@@ -100,7 +89,7 @@ function handleResponse()
 					starttime=currentTime.getTime();
 					startpercent=obj[0];
 				}
-				deltatime=currentTime.getTime()-starttime;
+				deltatime=cDBHOSTurrentTime.getTime()-starttime;
 				deltapercent=obj[0]-startpercent;
 
 				avgtimeperpercent=deltatime/deltapercent;
@@ -113,7 +102,7 @@ function handleResponse()
 			}
 		}
 	}
-	catch(e)
+	catch(e)DBHOST
 	{
 		alert('caught error'+e);
 	

admin/translations.php

@@ -48,14 +48,16 @@ if($_POST['action']=="save") {
     //first, delete anything thats supposed to eb deleted
     if(count($_POST['delete'])) {
         foreach($_POST['delete'] AS $del) {
-            mysql_query("DELETE FROM translations WHERE lang='".mysql_real_escape_string($_SESSION['translang'])."' AND strmd5='".mysql_real_escape_string($del)."'"); 
+            
+            $stmt = $pdo->prepare("DELETE FROM translations WHERE lang='".$_SESSION['translang']."' AND strmd5='".$del."'"); 
+            $stmt->execute();
         }
         echo happy(i18n("Translation(s) deleted"));
     }
     if($_POST['changedFields']) {
         $changed=split(",",$_POST['changedFields']);
         foreach($changed AS $ch) {
-            mysql_query("UPDATE translations SET val='".mysql_escape_string(stripslashes($_POST['val'][$ch]))."' WHERE strmd5='".mysql_real_escape_string($ch)."' AND lang='".mysql_real_escape_string($_SESSION['translang'])."'");
+            $stmt = $pdo->prepare("UPDATE translations SET val='".stripslashes($_POST['val'][$ch])."' WHERE strmd5='".$ch."' AND lang='".$_SESSION['translang']."'");
         }
         echo happy(i18n("Translation(s) saved"));
     }
@@ -67,8 +69,9 @@ echo i18n("Choose a language to manage translations for");
 echo "</td><td>";
 echo "<form name=\"langswitch\" method=\"get\" action=\"translations.php\">";
 echo "<select name=\"translang\" onchange=\"document.forms.langswitch.submit()\">";
-$q=mysql_query("SELECT * FROM languages WHERE lang!='en'");
+$q=$pdo->prepare("SELECT * FROM languages WHERE lang!='en'");
-while($r=mysql_fetch_object($q))
+$q->execute();
+while($r=$q->fetch(PDO::FETCH_OBJ))
 {
 	if($_SESSION['translang']==$r->lang){ $sel="selected=\"selected\""; $translangname=$r->langname;} else $sel="";
 	echo "<option $sel value=\"$r->lang\">$r->langname</option>";
@@ -98,8 +101,9 @@ echo "<br />";
 if($show=="missing") $showquery="AND ( val is null OR val='' )";
 else $showquery="";
 
-$q=mysql_query("SELECT * FROM translations WHERE lang='".$_SESSION['translang']."' $showquery ORDER BY str");
+$q=$pdo->prepare("SELECT * FROM translations WHERE lang='".$_SESSION['translang']."' $showquery ORDER BY str");
-$num=mysql_num_rows($q);
+$q->execute();
+$num=$q->rowCount();
 echo i18n("Showing %1 translation strings",array($num),array("number of strings"));
 
 echo "<form method=\"post\" action=\"translations.php\">";
@@ -126,7 +130,7 @@ echo "<tr><th>";
 echo "<img border=\"0\" src=\"".$config['SFIABDIRECTORY']."/images/16/button_cancel.".$config['icon_extension']."\">\n";
 echo "</th>";
 echo "<th>".i18n("English")." / ".$translangname."</th></tr>\n";
-while($r=mysql_fetch_object($q))
+while($r=$q->fetch(PDO::FETCH_OBJ))
 {
 	echo "<tr>";
 	echo "<td valign=\"top\" rowspan=\"2\">";

admin/user_editor_window.php

@@ -85,12 +85,13 @@ $tabs = array(	'fairinfo' => array(
 if(array_key_exists('username',$_GET)) {
 	$username = $_GET['username'];
 	$type = $_GET['type'];
-	$un = mysql_escape_string($username);
+	$un = $username;
-	$q = mysql_query("SELECT id,MAX(year),deleted FROM users WHERE username='$un' GROUP BY uid");
+	$q = $pdo->prepare("SELECT id,MAX(year),deleted FROM users WHERE username='$un' GROUP BY uid");
-echo mysql_error();
+	$q->execute();
+echo $pdo->errorInfo();
 
-	if(mysql_num_rows($q)) {
+	if($q->rowCount()) {
-		$r = mysql_fetch_object($q);
+		$r = $q->fetch(PDO::FETCH_OBJ);
 		if($r->deleted == 'no') {
 			/* Load the user */
 			$u = user_load_by_email($username);
@@ -102,6 +103,12 @@ echo mysql_error();
 				 * so we'll never add a judge/committee role to a student */
 				user_create($type, $username, $u);
 			}
+		} else {
+			//undelete them?
+			$stmt = $pdo->prepare("UPDATE users SET deleted='no' WHERE id='$r->id'");
+			$stmt->execute();
+			//then load them?
+			$u = user_load($r->id);
 		}
 	} else {
 		$u = user_create($type, $username);
@@ -179,5 +186,5 @@ $icon_path = $config['SFIABDIRECTORY']."/images/16/";
 $icon_exitension = $config['icon_extension'];
 
 
-	send_popup_footer();
+	//send_popup_footer();
 ?>

admin/user_list.php

@@ -20,6 +20,11 @@
    the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
    Boston, MA 02111-1307, USA.
 */
+
+// This file was modified March of 2015 by Sebastian Ruan
+/* Flagging for judges has been added to monitor concerns.
+   Update User button also added; allows super users to update
+   a judge to the current fair year without logging in as them. */
 ?>
 <?
  require_once('../common.inc.php');
@@ -46,6 +51,8 @@
 	message_push(happy(i18n('User deleted.')));
  }
 
+
+
  send_header("User Editor",
  		array('Committee Main' => 'committee_main.php',
 			'Administration' => 'admin/index.php')
@@ -62,6 +69,8 @@ function openeditor(id)
 
 }
 
+
+
 function toggleoptions()
 {
 	if(document.getElementById('options').style.display == 'none') {
@@ -95,10 +104,98 @@ function neweditor()
 	return false;
 }
 
+
+/* update (id) grabs the current url and appends an action called update as well as the id it is going to renew.
+			   If there is already an action called update and an id the function will change the id to the new
+			      id as determined by the button clicked 
+
+   update (id) Int -> String
+
+   Effects: update(id) reloads the page with the adjusted url 
+
+   Example: update (2526) => http://localhost/sfiab/testfair/admin/user_list.php?show_types[]=judge&action=update&id=2526 */
+
+function update (id)
+{	
+	var url = window.location.href;
+
+	// if a previous update button was already clicked
+	if(url.indexOf('&action=')>-1){
+		url = url.substring(0,url.indexOf('&action=update')); 
+        url += '&action=update&id='+id;
+	}
+	// if there is no ? in the url already present
+    else if (url.indexOf ('?') == -1) {
+        url += '?action=update&id='+id;
+    }
+    //if '?action...' is present in url 
+    else if(url.indexOf('?action=')>-1){
+		url = url.substring(0,url.indexOf('?action=update')); 
+        url += '?action=update&id='+id;
+	}
+
+   else{
+		url += '&action=update&id='+id;
+	}
+
+	// reload using adjusted url 
+	window.location.href=url;
+	
+	
+}
+
 </script>
 
 <?
 
+// Begin updating user
+	if($_GET['action']=='update') {
+		$id = intval($_GET['id']);
+
+		//if no id print error
+		if(!$id) {
+			echo "Invalid id for update";
+			exit;
+		}
+
+		$user = user_load($id);
+
+		// Determine if there is a more recent uid that may possibly be in the current FAIRYEAR (allows refresh page to work)
+		$query = $pdo->prepare("SELECT id,uid,year FROM users WHERE uid='{$user['uid']}'
+					ORDER BY year DESC LIMIT 1");
+		$query->execute();
+
+		$user_new = $query->fetch(PDO::FETCH_ASSOC);
+
+		// Make sure our user is NOT in the current FAIRYEAR (again, this helps with page refresh to work )
+		if ($user_new['year'] != $config['FAIRYEAR']) {
+			/* Update user to new year via dupelicating row into new id.
+			   If multiple Roles, all updated */
+			user_dupe($user, $config['FAIRYEAR']);
+			message_push(happy(i18n('User Updated')));
+
+			//find the newly updated user
+			$q_reload = $pdo->prepare("SELECT id FROM users WHERE uid='{$user['uid']}'
+						ORDER BY year DESC LIMIT 1");
+			$q_reload->execute();
+
+			$reload_user = $q_reload->fetch(PDO::FETCH_ASSOC);
+			
+			?>
+			<script language="javascript" type="text/javascript">
+			
+			var new_id=<?=$reload_user['id'];?>; 
+			// open or reopen user_editor_window.php with user's new id
+			openeditor(new_id);
+			
+			</script>
+			<?
+
+		}
+		
+	}
+ //End update to user
+
 	echo "<div class=\"notice\">";
 	echo "<a id=\"optionstext\" onclick=\"toggleoptions();return false;\">- ".i18n('Hide Display Options')."</a>";
 
@@ -203,13 +300,21 @@ function neweditor()
 				lastname ASC,
 				firstname ASC,
 				year DESC";
-	$q=mysql_query($querystr);
+	
-	echo mysql_error();
+	$q = $pdo->prepare($querystr);
+	$q->execute();
+	
+	echo $pdo->errorInfo();
 //	echo $querystr;
-	$num=mysql_num_rows($q);
+	$num=$q->rowCount();
-	echo i18n("Listing %1 people total.  See the bottom for breakdown of by complete status",array($num));
+	echo $pdo->errorInfo();
+	echo i18n("Listing %1 people total.  See the table at the bottom for the totals by status <br><br><br>",array($num));
+	echo i18n(" <lh>Notes:</lh> <ul><li> Deleting users from this list is a permanent operation and cannot be undone.  Consider editing the user and deactivating or deleting roles in their account instead.
+					      		   <li> Updating a user to the current fair year allows you to then complete the user from this list.
+							       <li> A flagged judge indicates there is text in the private information field for that judge.
+							       <li> Only committee members can see text entered into the private information field for judges. This field is not seen nor editable by any judge.");
+							       
 
-	echo mysql_error();
 	echo "<thead>";
 	echo "<tr>";
 	echo " <th>".i18n("Name")."</th>";
@@ -218,6 +323,7 @@ function neweditor()
 	echo " <th>".i18n("Type(s)")."</th>";
 	echo " <th>".i18n("Active")."</th>";
 	echo " <th>".i18n("Complete")."</th>";
+	echo " <th>".i18n("Flagged")."</th>";
 	echo " <th>".i18n("Actions")."</th>";
 	echo "</tr>";
 	echo "</thead>";
@@ -229,7 +335,7 @@ function neweditor()
 	$tally['active']['incomplete'] = 0;
 	$tally['inactive']['complete'] = 0;
 	$tally['inactive']['incomplete'] = 0;
-	while($r=mysql_fetch_assoc($q))
+	while($r=$q->fetch(PDO::FETCH_ASSOC))
 	{
 		//JAMES - TEMP - due to the previous error with improperly setting judge status to NOT complete when special awards was turned off
 		//we now need to make sure we re-calculate all the judge statuses somehow, so might as well do it here.
@@ -237,20 +343,26 @@ function neweditor()
 		if(in_array('judge',$show_types)){
 			$u=user_load_by_uid($r['uid']);
 
-			//we also set teh $r array so it displays properly on first load
+			//we also set the $r array so it displays properly on first load
 			if(judge_status_update($u)=="complete")
 				$r['judge_complete']='yes';
+
+			else{
+				$r['judge_complete']='no';
+			}
+				
 		}
-		$types = split(',', $r['types']);
+		$types = explode(',', $r['types']);
 		$span = count($types) > 1 ? "rowspan=\"".count($types)."\"" : '';
 		echo "<tr><td $span>";
 
 		$name = "{$r['firstname']} {$r['lastname']}";
 		if(in_array('fair', $types)) {
-			$qq = mysql_query("SELECT * FROM users_fair 
+			$qq = $pdo->prepare("SELECT * FROM users_fair 
 							LEFT JOIN fairs ON fairs.id=users_fair.fairs_id
 						WHERE users_id='{$r['id']}'");
-			$rr = mysql_fetch_assoc($qq);
+			
+			$rr = $qq->fetch(PDO::FETCH_ASSOC);
 			$name = "{$rr['name']}".((trim($name)=='') ? '' : "<br />($name)");
 		} 
 		echo "<a href=\"#\" onclick=\"return openeditor({$r['id']})\">$name</a>";
@@ -289,11 +401,57 @@ function neweditor()
 			}
 			echo "</td>";
 
+
+			// Begin flagging process
+
+			echo "<td align=\"center\">";
+
+			// Must be a judge in order to be flagged
+			if ($t == 'judge'){
+
+				 /* Determine if judge is flagged and display X icon.
+				    Icon is clickable. Brings user to user_editor_window file.
+				    Would preferably ALSO bring the user to the judge other tab*/
+				if($r['flagged_judge'] == '1') {
+					echo "<a title=\"".i18n("Flagged")."\" href=\"#\" onClick=\"return openeditor({$r['id']});\">";
+					echo "<img src=\"".$config['SFIABDIRECTORY']."/images/16/flagged.".$config['icon_extension']."\" border=0>";
+					echo "</a>";
+				
+				 // Otherwise judge is not flagged; display checkmark icon. Also clickable.
+				} else { echo "<a title=\"".i18n("Not flagged")."\" href=\"#\" onClick=\"return openeditor({$r['id']});\">";
+					echo "<img src=\"".$config['SFIABDIRECTORY']."/images/16/ok.".$config['icon_extension']."\" border=0>";
+					echo "</a>";
+					}
+
+			} else {
+			 	// Do nothing. Only judges can be flagged.
+			}
+
+			echo "</td>";
+
+			//end flagging process
+
+
 			if($first) {
+				if ($name == ' ')
+					$name = 'Noname';
+
 				/* Finish off the the first line */
-				echo "<td $span align=\"center\">";
+				// If judge not in current fair year need seperate icons so that all icons align nicely in the table
-				echo "<a href=\"#\" onclick=\"return openeditor({$r['id']})\"><img border=0 src=\"{$config['SFIABDIRECTORY']}/images/16/edit.{$config['icon_extension']}\"></a>&nbsp;";
+				if ($t == 'judge' and $r['year'] != $config['FAIRYEAR']){
-				echo "<a onclick=\"return confirmClick('Are you sure you wish to completely delete this user?')\" href=\"user_list.php?action=remove&uid={$r['id']}\"><img border=0 src=\"{$config['SFIABDIRECTORY']}/images/16/button_cancel.{$config['icon_extension']}\"></a>";
+					echo "<td $span align=\"center\">";
+					echo "&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp"; // aligns icons
+					echo "<a title = \"Edit User \" href=\"#\" onclick=\"return openeditor({$r['id']})\"><img border=0 src=\"{$config['SFIABDIRECTORY']}/images/16/edit.{$config['icon_extension']}\"></a>&nbsp;";
+					echo "<a title = \"Delete User\" onclick=\"return confirmClick('Are you sure you wish to completely delete ". $name ." \\'s account?')\" href=\"user_list.php?action=remove&uid={$r['id']}\"><img border=0 src=\"{$config['SFIABDIRECTORY']}/images/16/button_cancel.{$config['icon_extension']}\"></a>";
+					echo "&nbsp<a title = \"Update User to Current Fair Year\"href=\"#\" onclick=\"update({$r['id']});return false;\"><img border=0 src=\"{$config['SFIABDIRECTORY']}/images/16/update2.{$config['icon_extension']}\" height = \"17\" ></a>";
+					
+				}else{
+					echo "<td $span align=\"center\">";
+					echo "<a href=\"#\" onclick=\"return openeditor({$r['id']})\"><img border=0 src=\"{$config['SFIABDIRECTORY']}/images/16/edit.{$config['icon_extension']}\"></a>&nbsp;";
+					echo "<a onclick=\"return confirmClick('Are you sure you wish to completely delete ". $name ." \\'s account?')\" href=\"user_list.php?action=remove&uid={$r['id']}\"><img border=0 src=\"{$config['SFIABDIRECTORY']}/images/16/button_cancel.{$config['icon_extension']}\"></a>";
+				}
+
+				
 				echo "</td>";
 			}
 			
@@ -309,7 +467,6 @@ function neweditor()
 	}
 
 	echo "</table>";
-	echo i18n("Note: Deleting users from this list is a permanent operation and cannot be undone.  Consider editting the user and deactivating or deleting roles in their account instead.");
 
 	// let's make a table with the complete/incomplete counts and the active/inacteve states
 ?>

admin/winners.php

@@ -34,8 +34,9 @@ $action = $_GET['action'];
 
 /* Load fairs */
 $fairs = array();
-$q = mysql_query("SELECT * FROM fairs WHERE type='feeder' ORDER BY name");
+$q=$pdo->prepare("SELECT * FROM fairs WHERE type='feeder' ORDER BY name");
-while(($f = mysql_fetch_assoc($q))) {
+$q->execute();
+while(($f = $q->fetch(PDO::FETCH_ASSOC))) {
 	$fairs[$f['id']] = $f;
 }
 
@@ -51,20 +52,23 @@ case 'addwinner':
 	}
 	
 	//first check how many we are allowed to have
-	$q=mysql_query("SELECT number FROM award_prizes WHERE id='$prize_id'");
+	$q=pdo->prepare("SELECT number FROM award_prizes WHERE id='$prize_id'");
-	echo mysql_error();
+	$q->execute();
-	$r=mysql_fetch_assoc($q);
+	echo $pdo->errorInfo();
+	$r=$q->fetch(PDO::FETCH_ASSOC);
 	$number=$r['number'];
 
 	/* Get the award info */
-	$q = mysql_query("SELECT * FROM award_awards WHERE id='$award_awards_id'");
+	$q = $pdo->prepare("SELECT * FROM award_awards WHERE id='$award_awards_id'");
-	echo mysql_error();
+	$q->execute();
-	$a=mysql_fetch_assoc($q);
+	echo $pdo->errorInfo();
+	$a=$q->fetch(PDO::FETCH_ASSOC);
 
 	/* Get the project */
-	$q = mysql_query("SELECT fairs_id FROM projects WHERE id='$projects_id'");
+	$q = $pdo->prepare("SELECT fairs_id FROM projects WHERE id='$projects_id'");
-	echo mysql_error();
+	$q->execute();
-	$p=mysql_fetch_assoc($q);
+	echo $pdo->errorInfo();
+	$p=$q->fetch(PDO::FETCH_ASSOC);
 	$fairs_id = $p['fairs_id'];
 
 	/* Quick sanity check don't let a fair user do an assignment for someone not
@@ -76,24 +80,27 @@ case 'addwinner':
 
 	if($a['per_fair'] == 'yes') {
 		/* Count is the number of this fair already assigned */
-		$q=mysql_query("SELECT COUNT(*) AS count FROM winners 
+		$q=$pdo->prepare("SELECT COUNT(*) AS count FROM winners 
 						LEFT JOIN projects ON winners.projects_id=projects.id
 					WHERE 
 						projects.fairs_id='$fairs_id'
 						awards_prizes_id='$prize_id'");
-		echo mysql_error();
+		$q->execute();
-		$r=mysql_fetch_assoc($q);
+		echo $pdo->errorInfo();
+		$r=$q->fetch(PDO::FETCH_ASSOC);
 		$count=$r['count'];
 	} else {
 		/* Count is the total number assigned */
-		$q=mysql_query("SELECT COUNT(*) AS count FROM winners WHERE awards_prizes_id='$prize_id'");
+		$q=$pdo->prepare("SELECT COUNT(*) AS count FROM winners WHERE awards_prizes_id='$prize_id'");
-		echo mysql_error();
+		$q->execute();
-		$r=mysql_fetch_assoc($q);
+		echo $pdo->errorInfo();
+		$r=$q->fetch(PDO::FETCH_ASSOC);
 		$count=$r['count'];
 	}
 
 	if($count<$number) {
-		mysql_query("INSERT INTO winners (awards_prizes_id,projects_id,year) VALUES ('$prize_id','$projects_id','{$config['FAIRYEAR']}')");
+		$stmt = $pdo->prepare("INSERT INTO winners (awards_prizes_id,projects_id,year) VALUES ('$prize_id','$projects_id','{$config['FAIRYEAR']}')");
+		$stmt->execute();
 		happy_("Winning project added");
 	} else {
 		error_("This prize cannot accept any more winners.  Maximum: %1",$number);
@@ -106,14 +113,15 @@ case 'deletewinner':
 	$projects_id = intval($_GET['projects_id']);
 
 	if($prize_id && $projects_id) {
-		mysql_query("DELETE FROM winners WHERE awards_prizes_id='$prize_id' AND projects_id='$projects_id'");
+		$stmt = $pdo->prepare("DELETE FROM winners WHERE awards_prizes_id='$prize_id' AND projects_id='$projects_id'");
+		$stmt->execute();
 		happy_("Winning project removed");
 	}
 	exit;
 case 'award_load':
 	$fairs_id = intval($_GET['fairs_id']);
 	/* Load the award */
-	$q=mysql_query("SELECT 
+	$q=$pdo->prepare("SELECT 
 				award_awards.id,
 				award_awards.name,
 				award_awards.criteria,
@@ -131,14 +139,15 @@ case 'award_load':
 				AND 	award_types.year=award_awards.year
 				AND	award_awards.id='$award_awards_id'
 			");
+	$q->execute();
 
-	echo mysql_error();
+	echo $pdo->errorInfo();
 
-	if(mysql_num_rows($q) != 1) {
+	if($q->rowCount() != 1) {
 		echo i18n("Invalid award to load $award_awards_id");
 		exit;
 	}
-	$r=mysql_fetch_assoc($q);
+	$r=$q->fetch(PDO::FETCH_ASSOC);
 	print_award($r, $fairs_id);
 	exit;
 
@@ -149,7 +158,7 @@ case 'edit_load':
 //	if($auth_type == 'fair') $fairs_id = $_SESSION['fairs_id'];
 
 	/* Load the award */
-	$q=mysql_query("SELECT 
+	$q=$pdo->prepare("SELECT 
 				award_awards.id,
 				award_awards.name,
 				award_awards.criteria,
@@ -167,15 +176,16 @@ case 'edit_load':
 				AND 	award_types.year=award_awards.year
 				AND	award_awards.id='$award_awards_id'
 			");
+	$q->execute();
 
-	echo mysql_error();
+	echo $pdo->errorInfo();
 
-	if(mysql_num_rows($q) != 1) {
+	if($q->rowCount() != 1) {
 		echo i18n("Invalid award to edit $award_awards_id");
 		exit;
 	}
 
-	$r=mysql_fetch_assoc($q);
+	$r=$q->fetch(PDO::FETCH_ASSOC);
 
 	$editor_data = array();
 
@@ -202,14 +212,16 @@ case 'edit_load':
 
 case 'additional_materials':
 	$fairs_id = intval($_GET['fairs_id']);
-	$q = mysql_query("SELECT * FROM award_awards WHERE id='$award_awards_id'");
+	$q = $pdo->prepare("SELECT * FROM award_awards WHERE id='$award_awards_id'");
+	$q->execute();
 	if($fairs_id == 0) {
 		echo "Unsupported Action: Can't get additional materials for fairs_id=0.  Edit the project and set it's fair to anything except 'Local/Unspecified'.";
 		exit;
 	}
-	$a = mysql_fetch_assoc($q);
+	$a = $q->fetch(PDO::FETCH_ASSOC);
-	$q = mysql_query("SELECT * FROM fairs WHERE id='$fairs_id'");
+	$q = $pdo->prepare("SELECT * FROM fairs WHERE id='$fairs_id'");
-	$fair = mysql_fetch_assoc($q);
+	$q->execute();
+	$fair = $q->fetch(PDO::FETCH_ASSOC);
 	$pdf = fair_additional_materials($fair, $a, $config['FAIRYEAR']);
 	foreach($pdf['header'] as $h) header($h);
 	echo $pdf['data'];
@@ -386,7 +398,7 @@ if($auth_type == 'fair') {
 	$fair_where = "AND fairs_awards_link.upload_winners='yes' 
 			AND fairs_awards_link.fairs_id='{$_SESSION['fairs_id']}'";
 }
-$q=mysql_query("SELECT 
+$q = $pdo->prepare("SELECT 
 			award_awards.id,
 			award_awards.name,
 			award_awards.order AS awards_order,
@@ -407,9 +419,9 @@ $q=mysql_query("SELECT
 			$fair_where
 		ORDER BY awards_order");
 
-echo mysql_error();
+echo $pdo->errorInfo();
 
-if(mysql_num_rows($q) == 0) {
+if($q->rowCount() == 0) {
 	echo i18n('No awards to display.');
 	send_footer();
 	exit;
@@ -422,7 +434,7 @@ echo "<br />";
 
 $fairs_id = ($auth_type == 'fair') ? $_SESSION['fairs_id'] : 0;
 
-while($r=mysql_fetch_assoc($q)) {
+while($r=$q->fetch(PDO::FETCH_ASSOC)) {
 	if($r['per_fair'] == 'yes' && $auth_type != 'fair') {
 ?>		<?=$r['type']?> - <?=$r['name']?>
 		<span style="font-size: 0.8em; font-style: italic;">(<?=$r['organization']?>)</span><br />
@@ -471,7 +483,7 @@ function print_award(&$r, $fairs_id, $editor=false, $editor_data=array())
 	
 
 	/* Load prizes for this award */
-	$q=mysql_query("SELECT 
+	$q=$pdo->prepare("SELECT 
 				award_prizes.prize,
 				award_prizes.number,
 				award_prizes.id,
@@ -484,11 +496,12 @@ function print_award(&$r, $fairs_id, $editor=false, $editor_data=array())
 				AND award_prizes.year='{$config['FAIRYEAR']}'
 			ORDER BY 
 				`order`");
-	echo mysql_error();
+	$q->execute();
+	echo $pdo->errorInfo();
 	
 	echo "<table width=\"100%\"><tr><td>";
 	$has_winners = false;
-	while($pr=mysql_fetch_object($q)) {
+	while($pr=$q->fetch(PDO::FETCH_OBJ)) {
 
 		if($editor == true) {
 			echo '<br /><hr />';
@@ -507,7 +520,7 @@ function print_award(&$r, $fairs_id, $editor=false, $editor_data=array())
 		}
 
 		/* Load winners for this prize */
-		$cq=mysql_query("SELECT winners.projects_id,
+		$cq=$pdo->prepare("SELECT winners.projects_id,
 					projects.projectnumber,
 					projects.title,
 					projects.fairs_id
@@ -517,8 +530,9 @@ function print_award(&$r, $fairs_id, $editor=false, $editor_data=array())
 				WHERE 
 					winners.awards_prizes_id='{$pr->id}'
 					$fairs_where ");
-		echo mysql_error();
+		$cq->execute();
-		$count = mysql_num_rows($cq);
+		echo $pdo->errorInfo();
+		$count = $cq->rowCount();
 //		echo "winners=$count";
 
 		/* Print count */ 
@@ -530,7 +544,7 @@ function print_award(&$r, $fairs_id, $editor=false, $editor_data=array())
 
 		/* List current winners for this prize */
 		$winners = array();
-		while($w = mysql_fetch_assoc($cq)) {
+		while($w = $cq->fetch(PDO::FETCH_ASSOC)) {
 			if($w['projectnumber']) {
 				echo "&nbsp;&nbsp;&nbsp;&nbsp;";
 				if($editor == true) {
@@ -573,7 +587,7 @@ function print_award(&$r, $fairs_id, $editor=false, $editor_data=array())
 			<option value=""><?=i18n('Choose a project')?></option>
 <?			foreach($editor_data['projects_nominated'] as $p) {
 				if($fairs_id != 0 && $p['fairs_id']!= $fairs_id) continue;
-				echo "<option value=\"{$p['id']}\">({$p['projectnumber']}) {$p['title']}</option>";
+				echo "<option value=\"{$p['id']}\">{$p['projectnumber']} {$p['title']}</option>";
 				$n_nom++;
 			}
 ?>			</select>
@@ -581,7 +595,7 @@ function print_award(&$r, $fairs_id, $editor=false, $editor_data=array())
 			<option value=""><?=i18n('Choose a project')?></option>
 <?			foreach($editor_data['projects_eligible'] as $p) {
 				if($fairs_id != 0 && $p['fairs_id']!= $fairs_id) continue;
-				echo "<option value=\"{$p['id']}\">({$p['projectnumber']}) {$p['title']}</option>";
+				echo "<option value=\"{$p['id']}\">{$p['projectnumber']} {$p['title']}</option>";
 				$n_eli++;
 				print_r($p);
 			}

app/projectinfo.php

@@ -0,0 +1,93 @@
+<?
+/* 
+   This file is part of the 'Science Fair In A Box' project
+   SFIAB Website: http://www.sfiab.ca
+
+   Copyright (C) 2011 James Grant <james@lightbox.org>
+
+   This program is free software; you can redistribute it and/or
+   modify it under the terms of the GNU General Public
+   License as published by the Free Software Foundation, version 2.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+    General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program; see the file COPYING.  If not, write to
+   the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
+   Boston, MA 02111-1307, USA.
+*/
+?>
+<?
+ require("../common.inc.php");
+
+	//first, lets make sure someone isng tryint to see something that they arent allowed to!
+	$q=$pdo->prepare("SELECT (NOW()>='".$config['dates']['postparticipants']."') AS test");
+	$q->execute();
+	$r=$q->fetch(PDO::FETCH_OBJ);
+
+	$pn=trim($_GET['n']);
+
+	if($r->test) {
+
+		$q=$pdo->prepare("SELECT  
+					registrations.id AS reg_id,
+					registrations.status,
+					projects.title,
+					projects.summary,
+					projects.projectnumber,
+					projects.projectcategories_id,
+					projects.projectdivisions_id,
+					projectcategories.category,
+					projectdivisions.division
+					
+				FROM
+					registrations
+					LEFT JOIN projects on projects.registrations_id=registrations.id
+					LEFT JOIN projectcategories ON projectcategories.id=projects.projectcategories_id
+					LEFT JOIN projectdivisions ON projectdivisions.id=projects.projectdivisions_id
+				WHERE
+					registrations.year='".$config['FAIRYEAR']."' 
+					AND projectcategories.year='".$config['FAIRYEAR']."' 
+					AND projectdivisions.year='".$config['FAIRYEAR']."' 
+					AND (status='complete' OR status='paymentpending')
+					AND projects.projectnumber='$pn'
+				LIMIT 1
+				");
+			echo $pdo->errorInfo();
+		$r=$q->fetch(PDO::FETCH_ASSOC);
+
+		$regid=$r['reg_id'];
+
+		$q2=$pdo->prepare("SELECT firstname,lastname,webfirst,weblast,schools.school FROM students JOIN schools ON students.schools_id=schools.id WHERE registrations_id='$regid' ORDER BY lastname");
+		$q2->execute();
+		$students="";
+		while($stud=$q2->fetch(PDO::FETCH_OBJ)) {
+
+			if($stud->webfirst=="yes")
+				$students.="$stud->firstname ";
+			if($stud->weblast=="yes")
+				$students.="$stud->lastname ";
+			if($stud->webfirst=="yes" || $stud->weblast=="yes")
+				$students.=", ";
+
+			//we just use the last school, it should match
+			$school=$stud->school;
+		}
+		if(strlen($students))
+			$students=substr($students,0,-2);
+		
+		$ret=array();
+		foreach($r AS $k=>$v) {
+			$ret[$k]=iconv("ISO-8859-1","UTF-8//TRANSLIT",trim($v));
+		}
+		$ret['students']=iconv("ISO-8859-1","UTF-8//TRANSLIT",trim($students));
+		$ret['school']=iconv("ISO-8859-1","UTF-8//TRANSLIT",trim($school));
+		$ret['photo']="";
+	}
+	//simulate slow loading
+//	usleep(2000000);
+	echo json_encode($ret);
+?>

app/projectlist.php

@@ -0,0 +1,72 @@
+<?
+/* 
+   This file is part of the 'Science Fair In A Box' project
+   SFIAB Website: http://www.sfiab.ca
+
+   Copyright (C) 2011 James Grant <james@lightbox.org>
+
+   This program is free software; you can redistribute it and/or
+   modify it under the terms of the GNU General Public
+   License as published by the Free Software Foundation, version 2.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+    General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program; see the file COPYING.  If not, write to
+   the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
+   Boston, MA 02111-1307, USA.
+*/
+?>
+<?
+ require("../common.inc.php");
+
+	//first, lets make sure someone isnt trying to see something that they arent allowed to!
+	$q=$pdo->prepare("SELECT (NOW()>='".$config['dates']['postparticipants']."') AS test");
+	$q->execute();
+	$r=$q->fetch(PDO::FETCH_OBJ);
+
+	if($r->test) {
+
+		$q=$pdo->prepare("SELECT  registrations.id AS reg_id,
+					registrations.status,
+					projects.title,
+					projects.projectnumber,
+					projects.projectcategories_id,
+					projects.projectdivisions_id,
+					projectcategories.category,
+					projectdivisions.division
+					
+				FROM
+					registrations
+					LEFT JOIN projects on projects.registrations_id=registrations.id
+					LEFT JOIN projectcategories ON projectcategories.id=projects.projectcategories_id
+					LEFT JOIN projectdivisions ON projectdivisions.id=projects.projectdivisions_id
+				WHERE
+					1
+					AND registrations.year='".$config['FAIRYEAR']."' 
+					AND projectcategories.year='".$config['FAIRYEAR']."' 
+					AND projectdivisions.year='".$config['FAIRYEAR']."' 
+					AND (status='complete' OR status='paymentpending')
+				ORDER BY
+					projectcategories.id,
+					projectdivisions.id,
+					projects.projectnumber
+				");
+			$q->execute();
+			echo $pdo->errorInfo();
+		
+		$lastcat="something_that_does_not_exist";
+		$lastdiv="something_that_does_not_exist";
+		while($r=$q->fetch(PDO::FETCH_OBJ)) {
+			if(!$r->title) $t="{no title}";
+			else $t=$r->title;
+
+			$ret["[".$r->projectcategories_id."] ".$r->category." - ".$r->division][]=array("n"=>$r->projectnumber, "t"=>iconv("ISO-8859-1","UTF-8",$t));
+		}
+	}
+
+	echo json_encode($ret);
+?>

app/projects.php

@@ -0,0 +1,91 @@
+<?
+/* 
+   This file is part of the 'Science Fair In A Box' project
+   SFIAB Website: http://www.sfiab.ca
+
+   Copyright (C) 2011 James Grant <james@lightbox.org>
+
+   This program is free software; you can redistribute it and/or
+   modify it under the terms of the GNU General Public
+   License as published by the Free Software Foundation, version 2.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+    General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program; see the file COPYING.  If not, write to
+   the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
+   Boston, MA 02111-1307, USA.
+*/
+?>
+<?
+ require("../common.inc.php");
+
+	//first, lets make sure someone isnt trying to see something that they arent allowed to!
+	$q=$pdo->prepare("SELECT (NOW()>='".$config['dates']['postparticipants']."') AS test");
+	$q->execute();
+	$r=$q->fetch(PDO::FETCH_OBJ);
+	$ret=array();
+
+	if($r->test) {
+		$ret['status']="ok";
+
+		$q=$pdo->prepare("SELECT  registrations.id AS reg_id,
+					registrations.status,
+					projects.id AS projects_id,
+					projects.title,
+					projects.projectnumber,
+					projects.projectcategories_id,
+					projects.projectdivisions_id,
+					projectcategories.category,
+					projectdivisions.division
+					
+				FROM
+					registrations
+					LEFT JOIN projects on projects.registrations_id=registrations.id
+					LEFT JOIN projectcategories ON projectcategories.id=projects.projectcategories_id
+					LEFT JOIN projectdivisions ON projectdivisions.id=projects.projectdivisions_id
+				WHERE
+					1
+					AND registrations.year='".$config['FAIRYEAR']."' 
+					AND projectcategories.year='".$config['FAIRYEAR']."' 
+					AND projectdivisions.year='".$config['FAIRYEAR']."' 
+					AND (status='complete' OR status='paymentpending')
+				ORDER BY
+					projectcategories.id,
+					projectdivisions.id,
+					projects.projectnumber
+				");
+			$q->execute();
+			echo $pdo->errorInfo();
+		
+		$lastcat="something_that_does_not_exist";
+		$lastdiv="something_that_does_not_exist";
+		$projects=array();
+		while($r=$q->fetch(PDO::fETCH_OBJ)) {
+			if(!$r->title) $t="{no title}";
+			else $t=$r->title;
+
+			if(file_exists("../data/photos/{$config['FAIRYEAR']}/{$r->projects_id}.jpg")) {
+				$photo=true;
+			}
+			else {
+				 $photo=false;
+			}
+
+			$projects["[".$r->projectcategories_id."] ".$r->category." - ".$r->division][]=array(
+					"n"=>$r->projectnumber, 
+					"t"=>iconv("ISO-8859-1","UTF-8//TRANSLIT",trim($t)),
+					"p"=>$photo);
+		}
+		$ret['projects']=$projects;
+	}
+	else {
+		$ret['status']="error";
+		$ret['error']="Project list for this fair will be made public on {$config['dates']['postparticipants']}";
+	}
+
+	echo json_encode($ret);
+?>