$j){
$_POST[$i] = urldecode($j);
}
}
switch($_GET['action']){
case "searchCustomers": searchCustomers();
break;
case "searchLooseCustomers": searchLooseCustomers();
break;
case "searchEvents": searchEvents();
break;
case "searchOrdersByOrderId": searchOrdersByOrderId();
break;
case "searchOrdersByCustomerId": searchOrdersByCustomerId();
break;
case "searchOrdersByDateId": searchOrdersByDateId();
break;
}
/** searches for customers
*/
##########################################
function searchCustomers(){
##########################################
$customers = doSearchCustomers($_POST['id'], ($_POST['email']), ($_POST['surname']), ($_POST['firstname']));
if(sizeof($customers) == 0){
echo "&result=empty&";
return;
}
$xml = '';
$xml .= "";
foreach($customers as $c){
$xml .= '';
}
$xml .= '';
echo "&result=ok&customers=" . xmlencode($xml) . "&";
}
/** searches for customers with loose registration
*/
##########################################
function searchLooseCustomers(){
##########################################
$customers = doSearchLooseCustomers(($_POST['surname']), ($_POST['firstname']));
if(sizeof($customers) == 0){
echo "&result=empty&";
return;
}
$xml = '';
$xml .= "";
foreach($customers as $c){
$xml .= '';
}
$xml .= '';
echo "&result=ok&customers=" . xmlencode($xml) . "&";
}
/** searches for customers
*/
##########################################
function doSearchCustomers($id, $email, $surname, $firstname){
##########################################
checkMagicQuotes();
$customers = array();
// search by customer id
if(!empty($id)){
$query = sprintf("SELECT * FROM bruckm_ticketcustomer
WHERE id = %d",
sqlnum($id));
$result = dbQuery($query);
if($line = mysqli_fetch_array($result, MYSQLI_ASSOC)){
$customers[] = $line;
return $customers;
}
}
// search by e-mail
if(!empty($email)){
$query = sprintf("SELECT * FROM bruckm_ticketcustomer
WHERE email = %s ORDER BY surname, firstname ASC",
sqlstring($email));
$result = dbQuery($query);
while($line = mysqli_fetch_array($result, MYSQLI_ASSOC)){
$customers[] = $line;
}
if(sizeof($customers) > 0){
return $customers;
}
}
// search by name
if(!empty($surname)){
// search exact matches for surname and firstname
if(!empty($firstname)){
$query = sprintf("SELECT * FROM bruckm_ticketcustomer
WHERE surname = %s AND firstname = %s ORDER BY id ASC",
sqlstring($surname),
sqlstring($firstname));
$result = dbQuery($query);
while($line = mysqli_fetch_array($result, MYSQLI_ASSOC)){
$customers[] = $line;
}
if(sizeof($customers) > 0){
return $customers;
}
}
//search exact matches for surname
$query = sprintf("SELECT * FROM bruckm_ticketcustomer
WHERE surname = %s ORDER BY firstname ASC, id ASC",
sqlstring($surname));
$result = dbQuery($query);
while($line = mysqli_fetch_array($result, MYSQLI_ASSOC)){
$customers[] = $line;
}
if(sizeof($customers) > 0){
return $customers;
}
//search wildcard matches for surname
$query = sprintf("SELECT * FROM bruckm_ticketcustomer
WHERE surname LIKE %s ORDER BY surname ASC, firstname ASC, id ASC",
sqlstring("%".$surname."%"));
$result = dbQuery($query);
while($line = mysqli_fetch_array($result, MYSQLI_ASSOC)){
$customers[] = $line;
}
if(sizeof($customers) > 0){
return $customers;
}
}
return $customers;
}
/** searches for customers with loose registration
*/
##########################################
function doSearchLooseCustomers($surname, $firstname){
##########################################
checkMagicQuotes();
$customers = array();
// search by name
if(!empty($surname)){
// search exact matches for surname and firstname
if(!empty($firstname)){
$query = sprintf("SELECT * FROM bruckm_ticketcustomer
WHERE surname = %s AND firstname = %s AND loose = 'true' ORDER BY id ASC",
sqlstring($surname),
sqlstring($firstname));
$result = dbQuery($query);
while($line = mysqli_fetch_array($result, MYSQLI_ASSOC)){
$customers[] = $line;
}
if(sizeof($customers) > 0){
return $customers;
}
}
//search exact matches for surname
$query = sprintf("SELECT * FROM bruckm_ticketcustomer
WHERE surname = %s AND loose = 'true' ORDER BY firstname ASC, id ASC",
sqlstring($surname));
$result = dbQuery($query);
while($line = mysqli_fetch_array($result, MYSQLI_ASSOC)){
$customers[] = $line;
}
if(sizeof($customers) > 0){
return $customers;
}
//search wildcard matches for surname
$query = sprintf("SELECT * FROM bruckm_ticketcustomer
WHERE surname LIKE %s AND loose = 'true' ORDER BY surname ASC, firstname ASC, id ASC",
sqlstring("%".$surname."%"));
$result = dbQuery($query);
while($line = mysqli_fetch_array($result, MYSQLI_ASSOC)){
$customers[] = $line;
}
if(sizeof($customers) > 0){
return $customers;
}
}
return $customers;
}
/** searches for events
*/
##########################################
function searchEvents(){
##########################################
$events = doSearchEvents(($_POST['title']));
if(sizeof($events) == 0){
echo "&result=empty&";
return;
}
$xml = '';
$xml .= "";
foreach($events as $e){
$xml .= '';
}
$xml .= '';
echo "&result=ok&events=" . xmlencode($xml) . "&";
}
/** searches for events
*/
##########################################
function doSearchEvents($title){
##########################################
checkMagicQuotes();
$events = array();
// search exact matches
$query = sprintf("SELECT id, name, dates, reservationType FROM bruckm_ticketevent
WHERE name = %s AND reservationType != 'none'
ORDER BY endDate DESC",
sqlstring($title));
$result = dbQuery($query);
while($line = mysqli_fetch_assoc($result)){
if(!empty($line['dates'])){
$events[] = $line;
}
}
if(sizeof($events) > 0){
return $events;
}
// search wildcard matches
$query = sprintf("SELECT id, name, dates, reservationType FROM bruckm_ticketevent
WHERE name LIKE %s AND reservationType != 'none'
ORDER BY endDate DESC",
sqlstring("%".$title."%"));
$result = dbQuery($query);
while($line = mysqli_fetch_assoc($result)){
if(!empty($line['dates'])){
$events[] = $line;
}
}
if(sizeof($events) > 0){
return $events;
}
return $events;
}
/** searches for orders by order id
*/
##########################################
function searchOrdersByOrderId(){
##########################################
searchOrders(true, false, false);
}
/** searches for orders by customer id
*/
##########################################
function searchOrdersByCustomerId(){
##########################################
searchOrders(false, true, false);
}
/** searches for orders by date id
*/
##########################################
function searchOrdersByDateId(){
##########################################
searchOrders(false, false, true);
}
/** searches for orders
* @param order search by order id
* @param customer search by customer id
* @param event search by event id
*/
##########################################
function searchOrders($order, $customer, $event){
##########################################
$orders;
if($order){
$orders = doSearchOrdersByOrderId($_POST['id']);
}
else if($customer){
$orders = doSearchOrdersByCustomerId($_POST['id']);
}
else{
$orders = doSearchOrdersByEventId($_POST['id']);
}
if(sizeof($orders) == 0){
echo "&result=empty&";
return;
}
$xml = '';
$xml .= "";
foreach($orders as $o){
$xml .= '';
}
$xml .= '';
echo "&result=ok&orders=" . xmlencode($xml) . "&";
}
/** searches for orders by order id
*/
##########################################
function doSearchOrdersByOrderId($id){
##########################################
$orders = array();
// search orders
$query = sprintf("SELECT * FROM bruckm_ticketorder WHERE id = %d ORDER BY orderDate DESC",
sqlnum($id));
$result = dbQuery($query);
while($line = mysqli_fetch_array($result, MYSQLI_ASSOC)){
$orders[] = $line;
}
// search event titles
foreach($orders as $i=>$order){
$query = sprintf("SELECT eventId FROM bruckm_ticketdate WHERE id = %d", sqlnum($order['dateId']));
$result = dbQuery($query);
$line = mysqli_fetch_array($result, MYSQLI_ASSOC);
$query = sprintf("SELECT name FROM bruckm_ticketevent WHERE id = %d", sqlnum($line['eventId']));
$result = dbQuery($query);
$line = mysqli_fetch_array($result, MYSQLI_ASSOC);
$orders[$i]['title'] = $line['name'];
}
return $orders;
}
/** searches for orders by customer id
*/
##########################################
function doSearchOrdersByCustomerId($id){
##########################################
$orders = array();
// search orders
$query = sprintf("SELECT * FROM bruckm_ticketorder WHERE customerId = %d ORDER BY orderDate DESC",
sqlnum($id));
$result = dbQuery($query);
while($line = mysqli_fetch_array($result, MYSQLI_ASSOC)){
$orders[] = $line;
}
// search event titles
foreach($orders as $i=>$order){
$query = sprintf("SELECT eventId FROM bruckm_ticketdate WHERE id = %d", sqlnum($order['dateId']));
$result = dbQuery($query);
$line = mysqli_fetch_array($result, MYSQLI_ASSOC);
$query = sprintf("SELECT name FROM bruckm_ticketevent WHERE id = %d", sqlnum($line['eventId']));
$result = dbQuery($query);
$line = mysqli_fetch_array($result, MYSQLI_ASSOC);
$orders[$i]['title'] = $line['name'];
}
return $orders;
}
/** searches for orders by date id
*/
##########################################
function doSearchOrdersByDateId($id){
##########################################
$orders = array();
// search orders
$query = sprintf("SELECT * FROM bruckm_ticketorder WHERE dateId = %d ORDER BY orderDate DESC",
sqlnum($id));
$result = dbQuery($query);
while($line = mysqli_fetch_array($result, MYSQLI_ASSOC)){
$orders[] = $line;
}
// search event titles
foreach($orders as $i=>$order){
$query = sprintf("SELECT eventId FROM bruckm_ticketdate WHERE id = %d", sqlnum($order['dateId']));
$result = dbQuery($query);
$line = mysqli_fetch_array($result, MYSQLI_ASSOC);
$query = sprintf("SELECT name FROM bruckm_ticketevent WHERE id = %d", sqlnum($line['eventId']));
$result = dbQuery($query);
$line = mysqli_fetch_array($result, MYSQLI_ASSOC);
$orders[$i]['title'] = $line['name'];
}
return $orders;
}
/** checks for magic quotes and strips slashes, if magic quotes are on
*/
##########################################
function checkMagicQuotes(){
##########################################
if (get_magic_quotes_gpc()) {
foreach($_POST as $i=>$j){
$_POST[$i] = stripslashes($j);
}
}
}
?>