$j){ $_POST[$i] = urldecode($j); } } switch($_GET['action']){ case "load": load($_GET['id']); break; case "send": send(); break; case "cancelAll": cancelAll(); break; case "cancelSelected": cancelSelected(); break; case "saveOrder": updateOrder(); break; case "saveTickets": updateTickets(); break; case "checkForDelivery": checkForDelivery(); } /** loads a order with all tickets * @param id order id */ ############################################ function load($id){ ############################################ $query = sprintf("SELECT * FROM bruckm_ticketorder WHERE id = %d", sqlnum($id)); $result = dbQuery($query); $line = mysqli_fetch_array($result, MYSQLI_ASSOC); $paidDate = strtotime($line['paidDate']); if ($paidDate > 0) { $paidDate = 'paidDate="' . $paidDate . '"'; } else { $paidDate = ''; } $xml = ''; $xml .= ''; $xml .= ''; $xml .= ''; // load tickets $query = sprintf("SELECT * FROM bruckm_ticket WHERE orderId = %d ORDER BY floorIndex ASC, rowIndex ASC, seatIndex ASC", $line['id']); $ticket = dbQuery($query); while($t = mysqli_fetch_array($ticket, MYSQLI_ASSOC)){ $xml .= ''; } $xml .= ''; header('Content-Type: text/xml'); echo $xml; } /** tries to send the order */ ############################################ function send(){ ############################################ // deserialize ticket data $tickets = explode("\n", $_POST['tickets']); foreach($tickets as $i=>$ticket){ $tickets[$i] = explode("\t", $ticket); } // check if all tickets are still available (seat reservation) if($_POST['reservationType'] == "seat" || $_POST['reservationType'] == "table"){ $occupied = array(); foreach($tickets as $i=>$ticket){ $query = sprintf("SELECT id FROM bruckm_ticket WHERE dateId = %d AND floorIndex = %d AND rowIndex = %d AND tableIndex = %d AND seatIndex = %d LIMIT 1", sqlnum($_POST['dateId']), sqlnum($ticket[12]), sqlnum($ticket[11]), sqlnum($ticket[10]), sqlnum($ticket[9])); $result = dbQuery($query); if($line = mysqli_fetch_array($result, MYSQLI_ASSOC)){ $occupied[] = $i; } } if(sizeof($occupied) > 0){ echo "&result=failed&tickets=" . implode("\t", $occupied) . "&"; return; } } // decrease seat number (simple reservation) else{ $counts = array('a' => 0, 'b' => 0, 'c' => 0, 'total' => 0); foreach ($tickets as $i=>$ticket) { $counts[$ticket[1]]++; $counts['total']++; } $query = sprintf("UPDATE bruckm_ticketdate SET seats = seats - %d, seatsA = seatsA - %d, seatsB = seatsB - %d, seatsC = seatsC - %d WHERE id = %d", sqlnum($counts['total']), sqlnum($counts['a']), sqlnum($counts['b']), sqlnum($counts['c']), sqlnum($_POST['dateId'])); dbQuery($query); } // save order $ticketIds = array(); $query = sprintf("INSERT INTO bruckm_ticketorder (customerId, dateId, paid, payMethod, shipping, orderDate, voucherValue, voucherInfo, paidDate) VALUES (%d, %d, %s, %s, %f, NOW(), %d, %s, %s)", sqlnum($_POST['customerId']), sqlnum($_POST['dateId']), sqlstring($_POST['paid']), sqlstring($_POST['payMethod']), sqlnum($_POST['shipping']), sqlnum($_POST['voucherValue']), sqlstring($_POST['voucherInfo']), sqlstring($_POST['payMethod'] == 'instant' ? date('Y-m-d') : '0000-00-00')); dbQuery($query); $orderId = mysql_insert_id(); foreach($tickets as $i=>$ticket){ $query = sprintf("INSERT INTO bruckm_ticket (category, reductionId, cultureCardId, zeitorteCardId, seat, `table`, row, floor, room, seatIndex, tableIndex, rowIndex, floorIndex, orderId, dateId) VALUES (%s, %d, %d, %s, %d, %d, %d, %s, %s, %d, %d, %d, %d, %d, %d)", sqlstring($ticket[1]), sqlnum($ticket[2]), sqlnum($ticket[3]), sqlstring($ticket[15]), sqlnum($ticket[4]), sqlnum($ticket[5]), sqlnum($ticket[6]), sqlstring($ticket[7]), sqlstring($ticket[8]), sqlnum($ticket[9]), sqlnum($ticket[10]), sqlnum($ticket[11]), sqlnum($ticket[12]), sqlnum($orderId), sqlnum($_POST['dateId'])); dbQuery($query); $ticketIds[] = mysql_insert_id(); // culture card if($ticket[3] != 0){ $query = sprintf("UPDATE bruckm_ticketculturecard SET tickets = tickets - 1 WHERE id = %d", sqlnum($ticket[3])); dbQuery($query); // auto-insert non existent culture card if(mysql_affected_rows() == 0){ $query = sprintf("INSERT INTO bruckm_ticketculturecard (id, owner, tickets) VALUES (%d, %s, 5)", sqlnum($ticket[3]), sqlstring("id:" . $_POST['customerId'])); dbQuery($query); } // check if all free tickets are used else{ $query = sprintf("SELECT tickets FROM bruckm_ticketculturecard WHERE id = %d", sqlnum($ticket[3])); $result = dbQuery($query); $line = mysqli_fetch_array($result, MYSQLI_ASSOC); if($line['tickets'] == 0){ sendCultureCardMemo($ticket[3]); } } } } if($_POST['publicOrder'] == "true"){ $query = sprintf("SELECT * FROM bruckm_ticketcustomer WHERE id = %d", sqlnum($_POST['customerId'])); $result = dbQuery($query); $customer = mysqli_fetch_array($result, MYSQLI_ASSOC); sendMailToCustomer($customer, $tickets, sprintf("%08d", $orderId)); sendMailToOffice($customer, $tickets, sprintf("%08d", $orderId)); } echo "&result=ok&id=" . $orderId . "&tickets=" . implode("\t", $ticketIds) . "&"; } /** sends a confirmation mail to the customer * @param customer customer data * @param tickets array of tickets * @param orderId order id */ ############################################ function sendMailToCustomer($customer, $tickets, $orderId){ ############################################ $to = $customer['email']; $subject = "Ticketbestellung | Kulturhaus Pregarten Bruckmühle"; $message = ""; $from = "FROM: tickets@bruckmuehle.at"; // address if($customer['gender'] == "f"){ $message = "Sehr geehrte Frau " . $customer['firstname'] . " " . $customer['surname'] . ", \n\n"; } else if($customer['gender'] == "m"){ $message = "Sehr geehrter Herr " . $customer['firstname'] . " " . $customer['surname'] . ", \n\n"; } else{ $message = "Sehr geehrte(r) Herr/Frau " . $customer['surname'] . ", \n\n"; } // load reductions $reductions = array(); $query = sprintf("SELECT id, classId, name FROM bruckm_index WHERE class = 'TicketReduction' ORDER BY name ASC"); $result = dbQuery($query); while($line = mysqli_fetch_array($result, MYSQLI_ASSOC)){ $reductions[$line['classId']] = $line; } // list ticket reservations $sum = 0; $message .= "Ihre Ticketbestellung für \"" . stripslashes($_POST['event']) . "\" am " . date("d.m.Y", $_POST['timestamp']) . " wurde erfolgreich abgeschlossen. "; $message .= "Folgende Tickets wurden für Sie reserviert: \n\n"; foreach($tickets as $t){ if($t[5] != -1){ $message .= "Tisch $t[5], "; } else if($t[4] != -1){ $message .= "Platz $t[4], Reihe $t[6], $t[7], "; } else{ $message .= "Freie Platzwahl, "; } $message .= "Kategorie " . strtoupper($t[1]) . ",\t"; if($t[3] != 0) { $message .= trim($reductions[$t[2]]['name']) . " Nr. " . sprintf("%012d", $t[3]) . " " . moneyFormat($t[14]) . "\n"; } else { $message .= trim($reductions[$t[2]]['name']) . " " . moneyFormat($t[14]) . "\n"; } $sum += $t[14]; } if ($_POST['shipping']) { $message .= "Zustellung\t\t" . moneyFormat($_POST['shipping']) . "\n"; $sum += $_POST['shipping']; } $message .= "Gesamtsumme:\t" . moneyFormat($sum) . "\n\n"; if($_POST['delivery'] == "true") { if (time() > strtotime("2017-07-21") && time() < strtotime("2017-08-21")) { $message .= "Die Tickets werden nach unserer Sommerpause (bis 21. August) per Post zugestellt."; } else { $message .= "Die Tickets werden Ihnen innerhalb von vier Werktagen per Post zugestellt.\n\n"; } } else{ $message .= "Die Tickets sind eine halbe Stunde vor Veranstaltungsbeginn an der Abendkasse abzuholen.\n\n"; } $message .= "\n-------------------------------------------------------\n\n"; /* // payment if($_POST['payMethod'] == "transfer" && $sum > 0){ $message .= "Bitte überweisen Sie den Betrag von " . moneyFormat($sum) . " mit dem Verweis 'Rechnungsnr. " . $orderId . "' auf folgendes Konto: \n\n"; $message .= " Kulturhaus Bruckmühle Pregarten\n"; $message .= " Bahnhofstraße 12\n"; $message .= " 4230 Pregarten\n\n"; $message .= " Kontonummer: 01234567890\n"; $message .= " BLZ: 10000\n"; $message .= " Swift Code: DEUT DE DB 760\n"; $message .= " IBAN: DE 19 7607 0024 0811 5008 00\n\n"; $message .= " Adresse der Bank\n"; $message .= " Sparkasse Pregarten\n"; $message .= " Hauptplatz 1\n"; $message .= " 4230 Pregarten\n\n"; } */ // additional information $message .= "Ihre Kundendaten: \n\n"; $message .= " Kundennummer: " . sprintf("%08d", $customer['id']) . "\n"; $message .= " " . $customer['firstname'] . " " . $customer['surname'] . "\n"; $message .= " " . $customer['address'] . "\n"; $message .= " " . $customer['zip'] . " " . $customer['city'] . "\n\n"; $message .= "Sie können Ihre Kundendaten jederzeit unter der URL http://www.bruckmuehle.at/tickets/edit.php ändern.\n\n"; $message .= "-------------------------------------------------------\n\n"; $message .= "Mit freundlichen Grüßen,\n"; $message .= "Ihr Bruckmühle Team\n\n"; $message .= "__________________________________________\n\n"; $message .= "Kulturhaus Pregarten Bruckmühle\n"; $message .= "Bahnhofstraße 12\n"; $message .= "4230 Pregarten\n"; $message .= "E-mail: kulturhaus@bruckmuehle.at\n"; $message .= "http://www.kulturhaus-bruckmuehle.at\n\n"; $message .= "UID: ATU 49258501\n"; $message .= "FB: FN 190621a\n"; $message .= "DVR: 0550868\n"; $message .= "__________________________________________"; @mail($to, $subject, $message, $from); #$f = fopen("mail1.txt", "w"); #fwrite($f, $message); #fclose($f); } /** sends a information mail to the office * @param customer customer data * @param tickets array of tickets * @param orderId order id */ ############################################ function sendMailToOffice($customer, $tickets, $orderId){ ############################################ $to = OFFICE; $subject = "Ticketbestellung"; $message = ""; $from = "FROM: tickets@bruckmuehle.at"; // load reductions $reductions = array(); $query = sprintf("SELECT id, classId, name FROM bruckm_index WHERE class = 'TicketReduction' ORDER BY name ASC"); $result = dbQuery($query); while($line = mysqli_fetch_array($result, MYSQLI_ASSOC)){ $reductions[$line['classId']] = $line; } // list ticket reservations $sum = 0; $message .= "Bestellung für \"" . stripslashes($_POST['event']) . "\" am " . date("d.m.Y", $_POST['timestamp']) . ": \n\n"; foreach($tickets as $t){ if($t[5] != -1){ $message .= "Tisch $t[5], "; } else if($t[4] != -1){ $message .= "Platz $t[4], Reihe $t[6], $t[7], "; } else{ $message .= "Freie Platzwahl, "; } $message .= "Kategorie " . strtoupper($t[1]) . ",\t"; if($t[3] != 0) { $message .= trim($reductions[$t[2]]['name']) . " Nr. " . sprintf("%012d", $t[3]) . " " . moneyFormat($t[14]) . "\n"; } else { $message .= trim($reductions[$t[2]]['name']) . " " . moneyFormat($t[14]) . "\n"; } $sum += $t[14]; } if ($_POST['shipping']) { $sum += $_POST['shipping']; } /* if($_POST['delivery'] == "true"){ $sum += DELIVERY_FEES; } */ $message .= "\n-------------------------------------------------------\n\n"; // payment $message .= "Rechnungsnr.: " . $orderId . "\n"; $message .= "Rechnungsbetrag: " . moneyFormat($sum) . "\n"; $message .= "Zustellung: "; if($_POST['delivery'] == "true"){ $message .= "ja\n\n"; } else { $message .= "nein\n\n"; } $message .= "-------------------------------------------------------\n\n"; // customer data $message .= "Kundendaten: \n\n"; $message .= $customer['firstname'] . " " . $customer['surname'] . "\n"; $message .= $customer['address'] . "\n"; $message .= $customer['zip'] . " " . $customer['city'] . "\n"; $message .= "Kundennr.: " . sprintf("%08d", $customer['id']) . "\n\n"; @mail($to, $subject, $message, $from); #@mail('contact@mlenzelbauer.at', $subject, $message, $from); #$f = fopen("mail2.txt", "w"); #fwrite($f, $message); #fclose($f); } /** sends a memo that a culture card has expired * @param serial culture card serial number */ ############################################ function sendCultureCardMemo($serial){ ############################################ if(!$serial){ $msg = "public order: " . $_POST['publicOrder']; @mail(ADMIN, "culturecard error (serial = 0)", $msg); return; } $to = OFFICE; $subject = "Kulturcard Erinnerung"; $message = "Die Kulturcard $serial wurde aufgebraucht."; $from = "FROM: tickets@bruckmuehle.at"; @mail($to, $subject, $message, $from); } /** checks if the tickets will be delivered or if the customer has to pick them up */ ############################################ function checkForDelivery(){ ############################################ $days = intval(($_POST['timestamp'] - time()) / 60 / 60 / 24); $query = sprintf("SELECT * FROM bruckm_ticketcalendar WHERE holiday <= %s AND holiday > %s", sqlstring(date("Y-m-d", $_POST['timestamp'])), sqlstring(date("Y-m-d"))); $result = dbQuery($query); $days -= mysql_num_rows($result); if ($days < 5) { echo "&result=ok&delivery=false&shipping=0"; return; } if (intval($_POST['timestamp']) < mktime(0, 0, 0, 9, 1, 2014)) { echo "&result=ok&delivery=true&shipping=0"; return; } echo "&result=ok&delivery=true&shipping=1"; } /** formats the given number as money string * @param number * @return e.g. € 00,00 */ ############################################ function moneyFormat($number){ ############################################ $money = explode(".", $number); $out = $money[0]; $out .= ","; if($money[1]){ if(strlen($money[1]) == 1){ $out .= $money[1]."0"; } else{ $out .= $money[1]; } } else{ $out .= "00"; } return "EUR " .$out; } /** cancels the complete order */ ############################################ function cancelAll(){ ############################################ $query = sprintf("SELECT cultureCardId FROM bruckm_ticket WHERE orderId = %d AND cultureCardId != 0", sqlnum($_POST['id'])); $result = dbQuery($query); while ($line = mysqli_fetch_array($result, MYSQLI_ASSOC)) { $query = sprintf("UPDATE bruckm_ticketculturecard SET tickets = tickets + 1 WHERE id = %d", sqlnum($line['cultureCardId'])); dbQuery($query); } $query = sprintf("DELETE FROM bruckm_ticketorder WHERE id = %d", sqlnum($_POST['id'])); dbQuery($query); $query = sprintf("DELETE FROM bruckm_ticket WHERE orderId = %d", sqlnum($_POST['id'])); dbQuery($query); } /** cancels selected tickets */ ############################################ function cancelSelected(){ ############################################ $tickets = explode("\t", $_POST['tickets']); foreach($tickets as $i=>$ticket){ $query = sprintf("SELECT cultureCardId FROM bruckm_ticket WHERE id = %d", sqlnum($ticket)); $result = dbQuery($query); $line = mysqli_fetch_array($result, MYSQLI_ASSOC); if($line['cultureCardId'] != 0) { $query = sprintf("UPDATE bruckm_ticketculturecard SET tickets = tickets + 1 WHERE id = %d", sqlnum($line['cultureCardId'])); dbQuery($query); } $query = sprintf("DELETE FROM bruckm_ticket WHERE id = %d", sqlnum($ticket)); dbQuery($query); } } /** updates the order */ ############################################ function updateOrder(){ ############################################ if (!isset($_POST['paidDate'])) { $_POST['paidDate'] = date('Y-m-d'); } $query = sprintf("UPDATE bruckm_ticketorder SET paid = %s, payMethod = %s, paidDate = %s, shipping = %f, comments = %s WHERE id = %d", sqlstring($_POST['paid']), sqlstring($_POST['payMethod']), sqlstring(date('Y-m-d', $_POST['paidDate'])), sqlnum($_POST['shipping']), sqlstring($_POST['comments']), sqlnum($_POST['id'])); dbQuery($query); } /** updates the tickets */ ############################################ function updateTickets(){ ############################################ // deserialize ticket data $tickets = explode("\n", $_POST['tickets']); foreach($tickets as $i=>$ticket){ $tickets[$i] = explode("\t", $ticket); } $out = ""; // update tickets foreach($tickets as $i=>$ticket){ $query = sprintf("SELECT cultureCardId FROM bruckm_ticket WHERE id = %d", sqlnum($ticket[0])); $result = dbQuery($query); $line = mysqli_fetch_array($result, MYSQLI_ASSOC); if(sprintf("%012d", $line['cultureCardId']) != $ticket[3]){ if($line['cultureCardId'] != 0){ $query = sprintf("UPDATE bruckm_ticketculturecard SET tickets = tickets + 1 WHERE id = %d", sqlnum($line['cultureCardId'])); dbQuery($query); } if($ticket[3] != 0){ $query = sprintf("UPDATE bruckm_ticketculturecard SET tickets = tickets - 1 WHERE id = %d", sqlnum($ticket[3])); dbQuery($query); } } $query = sprintf("UPDATE bruckm_ticket SET printed = %s, reductionId = %d, cultureCardId = %d, zeitorteCardId = %s WHERE id = %d", sqlstring($ticket[13]), sqlnum($ticket[2]), sqlnum($ticket[3]), sqlstring($ticket[15]), sqlnum($ticket[0])); dbQuery($query); $out .= $query . "\r\n"; } } ?>