$j){ $_POST[$i] = urldecode($j); } } switch($_GET['action']){ case "searchCustomers": searchCustomers(); break; case "searchLooseCustomers": searchLooseCustomers(); break; case "searchEvents": searchEvents(); break; case "searchOrdersByOrderId": searchOrdersByOrderId(); break; case "searchOrdersByCustomerId": searchOrdersByCustomerId(); break; case "searchOrdersByDateId": searchOrdersByDateId(); break; } /** searches for customers */ ########################################## function searchCustomers(){ ########################################## $customers = doSearchCustomers($_POST['id'], ($_POST['email']), ($_POST['surname']), ($_POST['firstname'])); if(sizeof($customers) == 0){ echo "&result=empty&"; return; } $xml = ''; $xml .= ""; foreach($customers as $c){ $xml .= ''; } $xml .= ''; echo "&result=ok&customers=" . xmlencode($xml) . "&"; } /** searches for customers with loose registration */ ########################################## function searchLooseCustomers(){ ########################################## $customers = doSearchLooseCustomers(($_POST['surname']), ($_POST['firstname'])); if(sizeof($customers) == 0){ echo "&result=empty&"; return; } $xml = ''; $xml .= ""; foreach($customers as $c){ $xml .= ''; } $xml .= ''; echo "&result=ok&customers=" . xmlencode($xml) . "&"; } /** searches for customers */ ########################################## function doSearchCustomers($id, $email, $surname, $firstname){ ########################################## checkMagicQuotes(); $customers = array(); // search by customer id if(!empty($id)){ $query = sprintf("SELECT * FROM bruckm_ticketcustomer WHERE id = %d", sqlnum($id)); $result = dbQuery($query); if($line = mysqli_fetch_array($result, MYSQLI_ASSOC)){ $customers[] = $line; return $customers; } } // search by e-mail if(!empty($email)){ $query = sprintf("SELECT * FROM bruckm_ticketcustomer WHERE email = %s ORDER BY surname, firstname ASC", sqlstring($email)); $result = dbQuery($query); while($line = mysqli_fetch_array($result, MYSQLI_ASSOC)){ $customers[] = $line; } if(sizeof($customers) > 0){ return $customers; } } // search by name if(!empty($surname)){ // search exact matches for surname and firstname if(!empty($firstname)){ $query = sprintf("SELECT * FROM bruckm_ticketcustomer WHERE surname = %s AND firstname = %s ORDER BY id ASC", sqlstring($surname), sqlstring($firstname)); $result = dbQuery($query); while($line = mysqli_fetch_array($result, MYSQLI_ASSOC)){ $customers[] = $line; } if(sizeof($customers) > 0){ return $customers; } } //search exact matches for surname $query = sprintf("SELECT * FROM bruckm_ticketcustomer WHERE surname = %s ORDER BY firstname ASC, id ASC", sqlstring($surname)); $result = dbQuery($query); while($line = mysqli_fetch_array($result, MYSQLI_ASSOC)){ $customers[] = $line; } if(sizeof($customers) > 0){ return $customers; } //search wildcard matches for surname $query = sprintf("SELECT * FROM bruckm_ticketcustomer WHERE surname LIKE %s ORDER BY surname ASC, firstname ASC, id ASC", sqlstring("%".$surname."%")); $result = dbQuery($query); while($line = mysqli_fetch_array($result, MYSQLI_ASSOC)){ $customers[] = $line; } if(sizeof($customers) > 0){ return $customers; } } return $customers; } /** searches for customers with loose registration */ ########################################## function doSearchLooseCustomers($surname, $firstname){ ########################################## checkMagicQuotes(); $customers = array(); // search by name if(!empty($surname)){ // search exact matches for surname and firstname if(!empty($firstname)){ $query = sprintf("SELECT * FROM bruckm_ticketcustomer WHERE surname = %s AND firstname = %s AND loose = 'true' ORDER BY id ASC", sqlstring($surname), sqlstring($firstname)); $result = dbQuery($query); while($line = mysqli_fetch_array($result, MYSQLI_ASSOC)){ $customers[] = $line; } if(sizeof($customers) > 0){ return $customers; } } //search exact matches for surname $query = sprintf("SELECT * FROM bruckm_ticketcustomer WHERE surname = %s AND loose = 'true' ORDER BY firstname ASC, id ASC", sqlstring($surname)); $result = dbQuery($query); while($line = mysqli_fetch_array($result, MYSQLI_ASSOC)){ $customers[] = $line; } if(sizeof($customers) > 0){ return $customers; } //search wildcard matches for surname $query = sprintf("SELECT * FROM bruckm_ticketcustomer WHERE surname LIKE %s AND loose = 'true' ORDER BY surname ASC, firstname ASC, id ASC", sqlstring("%".$surname."%")); $result = dbQuery($query); while($line = mysqli_fetch_array($result, MYSQLI_ASSOC)){ $customers[] = $line; } if(sizeof($customers) > 0){ return $customers; } } return $customers; } /** searches for events */ ########################################## function searchEvents(){ ########################################## $events = doSearchEvents(($_POST['title'])); if(sizeof($events) == 0){ echo "&result=empty&"; return; } $xml = ''; $xml .= ""; foreach($events as $e){ $xml .= ''; } $xml .= ''; echo "&result=ok&events=" . xmlencode($xml) . "&"; } /** searches for events */ ########################################## function doSearchEvents($title){ ########################################## checkMagicQuotes(); $events = array(); // search exact matches $query = sprintf("SELECT id, name, dates, reservationType FROM bruckm_ticketevent WHERE name = %s AND reservationType != 'none' ORDER BY endDate DESC", sqlstring($title)); $result = dbQuery($query); while($line = mysqli_fetch_assoc($result)){ if(!empty($line['dates'])){ $events[] = $line; } } if(sizeof($events) > 0){ return $events; } // search wildcard matches $query = sprintf("SELECT id, name, dates, reservationType FROM bruckm_ticketevent WHERE name LIKE %s AND reservationType != 'none' ORDER BY endDate DESC", sqlstring("%".$title."%")); $result = dbQuery($query); while($line = mysqli_fetch_assoc($result)){ if(!empty($line['dates'])){ $events[] = $line; } } if(sizeof($events) > 0){ return $events; } return $events; } /** searches for orders by order id */ ########################################## function searchOrdersByOrderId(){ ########################################## searchOrders(true, false, false); } /** searches for orders by customer id */ ########################################## function searchOrdersByCustomerId(){ ########################################## searchOrders(false, true, false); } /** searches for orders by date id */ ########################################## function searchOrdersByDateId(){ ########################################## searchOrders(false, false, true); } /** searches for orders * @param order search by order id * @param customer search by customer id * @param event search by event id */ ########################################## function searchOrders($order, $customer, $event){ ########################################## $orders; if($order){ $orders = doSearchOrdersByOrderId($_POST['id']); } else if($customer){ $orders = doSearchOrdersByCustomerId($_POST['id']); } else{ $orders = doSearchOrdersByEventId($_POST['id']); } if(sizeof($orders) == 0){ echo "&result=empty&"; return; } $xml = ''; $xml .= ""; foreach($orders as $o){ $xml .= ''; } $xml .= ''; echo "&result=ok&orders=" . xmlencode($xml) . "&"; } /** searches for orders by order id */ ########################################## function doSearchOrdersByOrderId($id){ ########################################## $orders = array(); // search orders $query = sprintf("SELECT * FROM bruckm_ticketorder WHERE id = %d ORDER BY orderDate DESC", sqlnum($id)); $result = dbQuery($query); while($line = mysqli_fetch_array($result, MYSQLI_ASSOC)){ $orders[] = $line; } // search event titles foreach($orders as $i=>$order){ $query = sprintf("SELECT eventId FROM bruckm_ticketdate WHERE id = %d", sqlnum($order['dateId'])); $result = dbQuery($query); $line = mysqli_fetch_array($result, MYSQLI_ASSOC); $query = sprintf("SELECT name FROM bruckm_ticketevent WHERE id = %d", sqlnum($line['eventId'])); $result = dbQuery($query); $line = mysqli_fetch_array($result, MYSQLI_ASSOC); $orders[$i]['title'] = $line['name']; } return $orders; } /** searches for orders by customer id */ ########################################## function doSearchOrdersByCustomerId($id){ ########################################## $orders = array(); // search orders $query = sprintf("SELECT * FROM bruckm_ticketorder WHERE customerId = %d ORDER BY orderDate DESC", sqlnum($id)); $result = dbQuery($query); while($line = mysqli_fetch_array($result, MYSQLI_ASSOC)){ $orders[] = $line; } // search event titles foreach($orders as $i=>$order){ $query = sprintf("SELECT eventId FROM bruckm_ticketdate WHERE id = %d", sqlnum($order['dateId'])); $result = dbQuery($query); $line = mysqli_fetch_array($result, MYSQLI_ASSOC); $query = sprintf("SELECT name FROM bruckm_ticketevent WHERE id = %d", sqlnum($line['eventId'])); $result = dbQuery($query); $line = mysqli_fetch_array($result, MYSQLI_ASSOC); $orders[$i]['title'] = $line['name']; } return $orders; } /** searches for orders by date id */ ########################################## function doSearchOrdersByDateId($id){ ########################################## $orders = array(); // search orders $query = sprintf("SELECT * FROM bruckm_ticketorder WHERE dateId = %d ORDER BY orderDate DESC", sqlnum($id)); $result = dbQuery($query); while($line = mysqli_fetch_array($result, MYSQLI_ASSOC)){ $orders[] = $line; } // search event titles foreach($orders as $i=>$order){ $query = sprintf("SELECT eventId FROM bruckm_ticketdate WHERE id = %d", sqlnum($order['dateId'])); $result = dbQuery($query); $line = mysqli_fetch_array($result, MYSQLI_ASSOC); $query = sprintf("SELECT name FROM bruckm_ticketevent WHERE id = %d", sqlnum($line['eventId'])); $result = dbQuery($query); $line = mysqli_fetch_array($result, MYSQLI_ASSOC); $orders[$i]['title'] = $line['name']; } return $orders; } /** checks for magic quotes and strips slashes, if magic quotes are on */ ########################################## function checkMagicQuotes(){ ########################################## if (get_magic_quotes_gpc()) { foreach($_POST as $i=>$j){ $_POST[$i] = stripslashes($j); } } } ?>