Files
bm/public_html/public/tickets/order.php
2025-09-24 13:26:28 +02:00

614 lines
19 KiB
PHP

<?php
/** loads and saves ticket orders
*
* @version 2.1.1
* @since 2008-02-13
* @author Martin Lenzelbauer
*
* @change 2008-04-19
* added culture card
*
* @change 2008-07-20
* added delivery info
*/
/* serialized ticket data:
0 id
1 category
2 reduction
3 culture card number
4 seat number
5 table number
6 row number
7 floor number
8 room id
9 seat index
10 table index
11 row index
12 floor index
13 printed flag
14 computed entry
15 zeitorte card
*/
define("ROOT", "../");
require_once(ROOT."include/config.inc.php");
require_once(ROOT."include/db.inc.php");
dbQuery("SET NAMES utf8");
if(DEBUG){
foreach($_GET as $i=>$j){
$_POST[$i] = urldecode($j);
}
}
switch($_GET['action']){
case "load": load($_GET['id']);
break;
case "send": send();
break;
case "cancelAll": cancelAll();
break;
case "cancelSelected": cancelSelected();
break;
case "saveOrder": updateOrder();
break;
case "saveTickets": updateTickets();
break;
case "checkForDelivery": checkForDelivery();
}
/** loads a order with all tickets
* @param id order id
*/
############################################
function load($id){
############################################
$query = sprintf("SELECT * FROM bruckm_ticketorder WHERE id = %d", sqlnum($id));
$result = dbQuery($query);
$line = mysqli_fetch_array($result, MYSQLI_ASSOC);
$paidDate = strtotime($line['paidDate']);
if ($paidDate > 0) {
$paidDate = 'paidDate="' . $paidDate . '"';
} else {
$paidDate = '';
}
$xml = '<?xml version="1.0" encoding="utf-8"?>';
$xml .= '<order id="' . $line['id'] . '" paid="' . $line['paid'] . '" dateid="' . $line['dateId'] . '" customerid="' . $line['customerId'] . '" ';
$xml .= 'timestamp="' . strtotime($line['orderDate']) . '" paymethod="' . $line['payMethod'] . '" ' . $paidDate . ' shipping="' . $line['shipping'] . '">';
$xml .= '<comments><![CDATA[' . $line['comments'] . ']]></comments>';
$xml .= '<voucher value="' . $line['voucherValue'] . '" info="' . $line['voucherInfo'] . '" />';
// load tickets
$query = sprintf("SELECT * FROM bruckm_ticket WHERE orderId = %d ORDER BY floorIndex ASC, rowIndex ASC, seatIndex ASC", $line['id']);
$ticket = dbQuery($query);
while($t = mysqli_fetch_array($ticket, MYSQLI_ASSOC)){
$xml .= '<ticket id="' . $t['id'] . '" category="' . $t['category'] . '" reductionid="' . $t['reductionId'] . '" ';
$xml .= 'seat="' . $t['seat'] . '" table="' . $t['table'] . '" row="' . $t['row'] . '" floor="' . $t['floor'] . '" room="' . $t['room'] . '" ';
$xml .= 'seatindex="' . $t['seatIndex'] . '" rowindex="' . $t['rowIndex'] . '" floorindex="' . $t['floorIndex'] . '" tableindex="' . $t['tableIndex'] . '" ';
$xml .= 'printed="' . $t['printed'] . '" culturecardid="' . sprintf("%012d", $t['cultureCardId']) . '" zeitortecardid="' . $t['zeitorteCardId'] . '" />';
}
$xml .= '</order>';
header('Content-Type: text/xml');
echo $xml;
}
/** tries to send the order
*/
############################################
function send(){
############################################
// deserialize ticket data
$tickets = explode("\n", $_POST['tickets']);
foreach($tickets as $i=>$ticket){
$tickets[$i] = explode("\t", $ticket);
}
// check if all tickets are still available (seat reservation)
if($_POST['reservationType'] == "seat" || $_POST['reservationType'] == "table"){
$occupied = array();
foreach($tickets as $i=>$ticket){
$query = sprintf("SELECT id FROM bruckm_ticket WHERE dateId = %d AND floorIndex = %d AND rowIndex = %d AND tableIndex = %d AND seatIndex = %d LIMIT 1",
sqlnum($_POST['dateId']),
sqlnum($ticket[12]),
sqlnum($ticket[11]),
sqlnum($ticket[10]),
sqlnum($ticket[9]));
$result = dbQuery($query);
if($line = mysqli_fetch_array($result, MYSQLI_ASSOC)){
$occupied[] = $i;
}
}
if(sizeof($occupied) > 0){
echo "&result=failed&tickets=" . implode("\t", $occupied) . "&";
return;
}
}
// decrease seat number (simple reservation)
else{
$counts = array('a' => 0, 'b' => 0, 'c' => 0, 'total' => 0);
foreach ($tickets as $i=>$ticket) {
$counts[$ticket[1]]++;
$counts['total']++;
}
$query = sprintf("UPDATE bruckm_ticketdate SET seats = seats - %d, seatsA = seatsA - %d, seatsB = seatsB - %d, seatsC = seatsC - %d WHERE id = %d",
sqlnum($counts['total']),
sqlnum($counts['a']),
sqlnum($counts['b']),
sqlnum($counts['c']),
sqlnum($_POST['dateId']));
dbQuery($query);
}
// save order
$ticketIds = array();
$query = sprintf("INSERT INTO bruckm_ticketorder (customerId, dateId, paid, payMethod, shipping, orderDate, voucherValue, voucherInfo, paidDate)
VALUES (%d, %d, %s, %s, %f, NOW(), %d, %s, %s)",
sqlnum($_POST['customerId']),
sqlnum($_POST['dateId']),
sqlstring($_POST['paid']),
sqlstring($_POST['payMethod']),
sqlnum($_POST['shipping']),
sqlnum($_POST['voucherValue']),
sqlstring($_POST['voucherInfo']),
sqlstring($_POST['payMethod'] == 'instant' ? date('Y-m-d') : '0000-00-00'));
dbQuery($query);
$orderId = mysql_insert_id();
foreach($tickets as $i=>$ticket){
$query = sprintf("INSERT INTO bruckm_ticket
(category, reductionId, cultureCardId, zeitorteCardId, seat, `table`, row, floor, room, seatIndex, tableIndex, rowIndex, floorIndex, orderId, dateId)
VALUES (%s, %d, %d, %s, %d, %d, %d, %s, %s, %d, %d, %d, %d, %d, %d)",
sqlstring($ticket[1]),
sqlnum($ticket[2]),
sqlnum($ticket[3]),
sqlstring($ticket[15]),
sqlnum($ticket[4]),
sqlnum($ticket[5]),
sqlnum($ticket[6]),
sqlstring($ticket[7]),
sqlstring($ticket[8]),
sqlnum($ticket[9]),
sqlnum($ticket[10]),
sqlnum($ticket[11]),
sqlnum($ticket[12]),
sqlnum($orderId),
sqlnum($_POST['dateId']));
dbQuery($query);
$ticketIds[] = mysql_insert_id();
// culture card
if($ticket[3] != 0){
$query = sprintf("UPDATE bruckm_ticketculturecard SET tickets = tickets - 1 WHERE id = %d", sqlnum($ticket[3]));
dbQuery($query);
// auto-insert non existent culture card
if(mysql_affected_rows() == 0){
$query = sprintf("INSERT INTO bruckm_ticketculturecard (id, owner, tickets) VALUES (%d, %s, 5)",
sqlnum($ticket[3]),
sqlstring("id:" . $_POST['customerId']));
dbQuery($query);
}
// check if all free tickets are used
else{
$query = sprintf("SELECT tickets FROM bruckm_ticketculturecard WHERE id = %d", sqlnum($ticket[3]));
$result = dbQuery($query);
$line = mysqli_fetch_array($result, MYSQLI_ASSOC);
if($line['tickets'] == 0){
sendCultureCardMemo($ticket[3]);
}
}
}
}
if($_POST['publicOrder'] == "true"){
$query = sprintf("SELECT * FROM bruckm_ticketcustomer WHERE id = %d", sqlnum($_POST['customerId']));
$result = dbQuery($query);
$customer = mysqli_fetch_array($result, MYSQLI_ASSOC);
sendMailToCustomer($customer, $tickets, sprintf("%08d", $orderId));
sendMailToOffice($customer, $tickets, sprintf("%08d", $orderId));
}
echo "&result=ok&id=" . $orderId . "&tickets=" . implode("\t", $ticketIds) . "&";
}
/** sends a confirmation mail to the customer
* @param customer customer data
* @param tickets array of tickets
* @param orderId order id
*/
############################################
function sendMailToCustomer($customer, $tickets, $orderId){
############################################
$to = $customer['email'];
$subject = "Ticketbestellung | Kulturhaus Pregarten Bruckmühle";
$message = "";
$from = "FROM: tickets@bruckmuehle.at";
// address
if($customer['gender'] == "f"){
$message = "Sehr geehrte Frau " . $customer['firstname'] . " " . $customer['surname'] . ", \n\n";
}
else if($customer['gender'] == "m"){
$message = "Sehr geehrter Herr " . $customer['firstname'] . " " . $customer['surname'] . ", \n\n";
}
else{
$message = "Sehr geehrte(r) Herr/Frau " . $customer['surname'] . ", \n\n";
}
// load reductions
$reductions = array();
$query = sprintf("SELECT id, classId, name FROM bruckm_index WHERE class = 'TicketReduction' ORDER BY name ASC");
$result = dbQuery($query);
while($line = mysqli_fetch_array($result, MYSQLI_ASSOC)){
$reductions[$line['classId']] = $line;
}
// list ticket reservations
$sum = 0;
$message .= "Ihre Ticketbestellung für \"" . stripslashes($_POST['event']) . "\" am " . date("d.m.Y", $_POST['timestamp']) . " wurde erfolgreich abgeschlossen. ";
$message .= "Folgende Tickets wurden für Sie reserviert: \n\n";
foreach($tickets as $t){
if($t[5] != -1){
$message .= "Tisch $t[5], ";
}
else if($t[4] != -1){
$message .= "Platz $t[4], Reihe $t[6], $t[7], ";
}
else{
$message .= "Freie Platzwahl, ";
}
$message .= "Kategorie " . strtoupper($t[1]) . ",\t";
if($t[3] != 0) {
$message .= trim($reductions[$t[2]]['name']) . " Nr. " . sprintf("%012d", $t[3]) . " " . moneyFormat($t[14]) . "\n";
}
else {
$message .= trim($reductions[$t[2]]['name']) . " " . moneyFormat($t[14]) . "\n";
}
$sum += $t[14];
}
if ($_POST['shipping']) {
$message .= "Zustellung\t\t" . moneyFormat($_POST['shipping']) . "\n";
$sum += $_POST['shipping'];
}
$message .= "Gesamtsumme:\t" . moneyFormat($sum) . "\n\n";
if($_POST['delivery'] == "true") {
if (time() > strtotime("2017-07-21") && time() < strtotime("2017-08-21")) {
$message .= "Die Tickets werden nach unserer Sommerpause (bis 21. August) per Post zugestellt.";
} else {
$message .= "Die Tickets werden Ihnen innerhalb von vier Werktagen per Post zugestellt.\n\n";
}
}
else{
$message .= "Die Tickets sind eine halbe Stunde vor Veranstaltungsbeginn an der Abendkasse abzuholen.\n\n";
}
$message .= "\n-------------------------------------------------------\n\n";
/*
// payment
if($_POST['payMethod'] == "transfer" && $sum > 0){
$message .= "Bitte überweisen Sie den Betrag von " . moneyFormat($sum) . " mit dem Verweis 'Rechnungsnr. " . $orderId . "' auf folgendes Konto: \n\n";
$message .= " Kulturhaus Bruckmühle Pregarten\n";
$message .= " Bahnhofstraße 12\n";
$message .= " 4230 Pregarten\n\n";
$message .= " Kontonummer: 01234567890\n";
$message .= " BLZ: 10000\n";
$message .= " Swift Code: DEUT DE DB 760\n";
$message .= " IBAN: DE 19 7607 0024 0811 5008 00\n\n";
$message .= " Adresse der Bank\n";
$message .= " Sparkasse Pregarten\n";
$message .= " Hauptplatz 1\n";
$message .= " 4230 Pregarten\n\n";
}
*/
// additional information
$message .= "Ihre Kundendaten: \n\n";
$message .= " Kundennummer: " . sprintf("%08d", $customer['id']) . "\n";
$message .= " " . $customer['firstname'] . " " . $customer['surname'] . "\n";
$message .= " " . $customer['address'] . "\n";
$message .= " " . $customer['zip'] . " " . $customer['city'] . "\n\n";
$message .= "Sie können Ihre Kundendaten jederzeit unter der URL http://www.bruckmuehle.at/tickets/edit.php ändern.\n\n";
$message .= "-------------------------------------------------------\n\n";
$message .= "Mit freundlichen Grüßen,\n";
$message .= "Ihr Bruckmühle Team\n\n";
$message .= "__________________________________________\n\n";
$message .= "Kulturhaus Pregarten Bruckmühle\n";
$message .= "Bahnhofstraße 12\n";
$message .= "4230 Pregarten\n";
$message .= "E-mail: kulturhaus@bruckmuehle.at\n";
$message .= "http://www.kulturhaus-bruckmuehle.at\n\n";
$message .= "UID: ATU 49258501\n";
$message .= "FB: FN 190621a\n";
$message .= "DVR: 0550868\n";
$message .= "__________________________________________";
@mail($to, $subject, $message, $from);
#$f = fopen("mail1.txt", "w");
#fwrite($f, $message);
#fclose($f);
}
/** sends a information mail to the office
* @param customer customer data
* @param tickets array of tickets
* @param orderId order id
*/
############################################
function sendMailToOffice($customer, $tickets, $orderId){
############################################
$to = OFFICE;
$subject = "Ticketbestellung";
$message = "";
$from = "FROM: tickets@bruckmuehle.at";
// load reductions
$reductions = array();
$query = sprintf("SELECT id, classId, name FROM bruckm_index WHERE class = 'TicketReduction' ORDER BY name ASC");
$result = dbQuery($query);
while($line = mysqli_fetch_array($result, MYSQLI_ASSOC)){
$reductions[$line['classId']] = $line;
}
// list ticket reservations
$sum = 0;
$message .= "Bestellung für \"" . stripslashes($_POST['event']) . "\" am " . date("d.m.Y", $_POST['timestamp']) . ": \n\n";
foreach($tickets as $t){
if($t[5] != -1){
$message .= "Tisch $t[5], ";
}
else if($t[4] != -1){
$message .= "Platz $t[4], Reihe $t[6], $t[7], ";
}
else{
$message .= "Freie Platzwahl, ";
}
$message .= "Kategorie " . strtoupper($t[1]) . ",\t";
if($t[3] != 0) {
$message .= trim($reductions[$t[2]]['name']) . " Nr. " . sprintf("%012d", $t[3]) . " " . moneyFormat($t[14]) . "\n";
}
else {
$message .= trim($reductions[$t[2]]['name']) . " " . moneyFormat($t[14]) . "\n";
}
$sum += $t[14];
}
if ($_POST['shipping']) {
$sum += $_POST['shipping'];
}
/*
if($_POST['delivery'] == "true"){
$sum += DELIVERY_FEES;
}
*/
$message .= "\n-------------------------------------------------------\n\n";
// payment
$message .= "Rechnungsnr.: " . $orderId . "\n";
$message .= "Rechnungsbetrag: " . moneyFormat($sum) . "\n";
$message .= "Zustellung: ";
if($_POST['delivery'] == "true"){
$message .= "ja\n\n";
}
else {
$message .= "nein\n\n";
}
$message .= "-------------------------------------------------------\n\n";
// customer data
$message .= "Kundendaten: \n\n";
$message .= $customer['firstname'] . " " . $customer['surname'] . "\n";
$message .= $customer['address'] . "\n";
$message .= $customer['zip'] . " " . $customer['city'] . "\n";
$message .= "Kundennr.: " . sprintf("%08d", $customer['id']) . "\n\n";
@mail($to, $subject, $message, $from);
#@mail('contact@mlenzelbauer.at', $subject, $message, $from);
#$f = fopen("mail2.txt", "w");
#fwrite($f, $message);
#fclose($f);
}
/** sends a memo that a culture card has expired
* @param serial culture card serial number
*/
############################################
function sendCultureCardMemo($serial){
############################################
if(!$serial){
$msg = "public order: " . $_POST['publicOrder'];
@mail(ADMIN, "culturecard error (serial = 0)", $msg);
return;
}
$to = OFFICE;
$subject = "Kulturcard Erinnerung";
$message = "Die Kulturcard $serial wurde aufgebraucht.";
$from = "FROM: tickets@bruckmuehle.at";
@mail($to, $subject, $message, $from);
}
/** checks if the tickets will be delivered or if the customer has to pick them up
*/
############################################
function checkForDelivery(){
############################################
$days = intval(($_POST['timestamp'] - time()) / 60 / 60 / 24);
$query = sprintf("SELECT * FROM bruckm_ticketcalendar WHERE holiday <= %s AND holiday > %s",
sqlstring(date("Y-m-d", $_POST['timestamp'])),
sqlstring(date("Y-m-d")));
$result = dbQuery($query);
$days -= mysql_num_rows($result);
if ($days < 5) {
echo "&result=ok&delivery=false&shipping=0";
return;
}
if (intval($_POST['timestamp']) < mktime(0, 0, 0, 9, 1, 2014)) {
echo "&result=ok&delivery=true&shipping=0";
return;
}
echo "&result=ok&delivery=true&shipping=1";
}
/** formats the given number as money string
* @param number
* @return e.g. € 00,00
*/
############################################
function moneyFormat($number){
############################################
$money = explode(".", $number);
$out = $money[0];
$out .= ",";
if($money[1]){
if(strlen($money[1]) == 1){
$out .= $money[1]."0";
}
else{
$out .= $money[1];
}
}
else{
$out .= "00";
}
return "EUR " .$out;
}
/** cancels the complete order
*/
############################################
function cancelAll(){
############################################
$query = sprintf("SELECT cultureCardId FROM bruckm_ticket WHERE orderId = %d AND cultureCardId != 0", sqlnum($_POST['id']));
$result = dbQuery($query);
while ($line = mysqli_fetch_array($result, MYSQLI_ASSOC)) {
$query = sprintf("UPDATE bruckm_ticketculturecard SET tickets = tickets + 1 WHERE id = %d", sqlnum($line['cultureCardId']));
dbQuery($query);
}
$query = sprintf("DELETE FROM bruckm_ticketorder WHERE id = %d", sqlnum($_POST['id']));
dbQuery($query);
$query = sprintf("DELETE FROM bruckm_ticket WHERE orderId = %d", sqlnum($_POST['id']));
dbQuery($query);
}
/** cancels selected tickets
*/
############################################
function cancelSelected(){
############################################
$tickets = explode("\t", $_POST['tickets']);
foreach($tickets as $i=>$ticket){
$query = sprintf("SELECT cultureCardId FROM bruckm_ticket WHERE id = %d", sqlnum($ticket));
$result = dbQuery($query);
$line = mysqli_fetch_array($result, MYSQLI_ASSOC);
if($line['cultureCardId'] != 0) {
$query = sprintf("UPDATE bruckm_ticketculturecard SET tickets = tickets + 1 WHERE id = %d", sqlnum($line['cultureCardId']));
dbQuery($query);
}
$query = sprintf("DELETE FROM bruckm_ticket WHERE id = %d", sqlnum($ticket));
dbQuery($query);
}
}
/** updates the order
*/
############################################
function updateOrder(){
############################################
if (!isset($_POST['paidDate'])) {
$_POST['paidDate'] = date('Y-m-d');
}
$query = sprintf("UPDATE bruckm_ticketorder SET paid = %s, payMethod = %s, paidDate = %s, shipping = %f, comments = %s WHERE id = %d",
sqlstring($_POST['paid']),
sqlstring($_POST['payMethod']),
sqlstring(date('Y-m-d', $_POST['paidDate'])),
sqlnum($_POST['shipping']),
sqlstring($_POST['comments']),
sqlnum($_POST['id']));
dbQuery($query);
}
/** updates the tickets
*/
############################################
function updateTickets(){
############################################
// deserialize ticket data
$tickets = explode("\n", $_POST['tickets']);
foreach($tickets as $i=>$ticket){
$tickets[$i] = explode("\t", $ticket);
}
$out = "";
// update tickets
foreach($tickets as $i=>$ticket){
$query = sprintf("SELECT cultureCardId FROM bruckm_ticket WHERE id = %d", sqlnum($ticket[0]));
$result = dbQuery($query);
$line = mysqli_fetch_array($result, MYSQLI_ASSOC);
if(sprintf("%012d", $line['cultureCardId']) != $ticket[3]){
if($line['cultureCardId'] != 0){
$query = sprintf("UPDATE bruckm_ticketculturecard SET tickets = tickets + 1 WHERE id = %d", sqlnum($line['cultureCardId']));
dbQuery($query);
}
if($ticket[3] != 0){
$query = sprintf("UPDATE bruckm_ticketculturecard SET tickets = tickets - 1 WHERE id = %d", sqlnum($ticket[3]));
dbQuery($query);
}
}
$query = sprintf("UPDATE bruckm_ticket SET printed = %s, reductionId = %d, cultureCardId = %d, zeitorteCardId = %s WHERE id = %d",
sqlstring($ticket[13]),
sqlnum($ticket[2]),
sqlnum($ticket[3]),
sqlstring($ticket[15]),
sqlnum($ticket[0]));
dbQuery($query);
$out .= $query . "\r\n";
}
}
?>