philipp/bm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
bm/public_html/public/tickets/search.php
Philipp Hofer 447ae6d97d track bm files
2025-09-24 13:26:28 +02:00

495 lines
13 KiB
PHP
Raw Permalink Blame History

<?php
/** searches for persons and events
*
* @version 2.0.0
* @since 2008-02-13
* @author Martin Lenzelbauer
*/
define("ROOT", "../");
require_once(ROOT."include/config.inc.php");
require_once(ROOT."include/db.inc.php");
require_once(ROOT."include/xml.inc.php");
if(DEBUG){
foreach($_GET as $i=>$j){
$_POST[$i] = urldecode($j);
}
}
switch($_GET['action']){
case "searchCustomers": searchCustomers();
break;
case "searchLooseCustomers": searchLooseCustomers();
break;
case "searchEvents": searchEvents();
break;
case "searchOrdersByOrderId": searchOrdersByOrderId();
break;
case "searchOrdersByCustomerId": searchOrdersByCustomerId();
break;
case "searchOrdersByDateId": searchOrdersByDateId();
break;
}
/** searches for customers
*/
##########################################
function searchCustomers(){
##########################################
$customers = doSearchCustomers($_POST['id'], ($_POST['email']), ($_POST['surname']), ($_POST['firstname']));
if(sizeof($customers) == 0){
echo "&result=empty&";
return;
}
$xml = '<?xml version="1.0" encoding="utf-8"?>';
$xml .= "<customers>";
foreach($customers as $c){
$xml .= '<customer id="' . $c['id'] . '" firstname="' . xmlstring($c['firstname']) . '" surname="' . xmlstring($c['surname']) . '" ';
$xml .= 'email="' . xmlstring($c['email']) . '" address="' . xmlstring($c['address']) . '" zip="' . xmlstring($c['zip']) . '" ';
$xml .= 'city="' . xmlstring($c['city']) . '" phone="' . xmlstring($c['phone']) . '" country="' . xmlstring($c['country']) . '" ';
$xml .= 'gender="' . $c['gender'] . '" acad="' . xmlstring($c['acad']) . '" locked="' . $c['locked'] . '" newsletter="' . $c['newsletter'] . '" ';
$xml .= 'loose="' . $c['loose'] . '" />';
}
$xml .= '</customers>';
echo "&result=ok&customers=" . xmlencode($xml) . "&";
}
/** searches for customers with loose registration
*/
##########################################
function searchLooseCustomers(){
##########################################
$customers = doSearchLooseCustomers(($_POST['surname']), ($_POST['firstname']));
if(sizeof($customers) == 0){
echo "&result=empty&";
return;
}
$xml = '<?xml version="1.0" encoding="utf-8"?>';
$xml .= "<customers>";
foreach($customers as $c){
$xml .= '<customer id="' . $c['id'] . '" firstname="' . xmlstring($c['firstname']) . '" surname="' . xmlstring($c['surname']) . '" ';
$xml .= 'email="' . xmlstring($c['email']) . '" address="' . xmlstring($c['address']) . '" zip="' . xmlstring($c['zip']) . '" ';
$xml .= 'city="' . xmlstring($c['city']) . '" phone="' . xmlstring($c['phone']) . '" country="' . xmlstring($c['country']) . '" ';
$xml .= 'gender="' . $c['gender'] . '" acad="' . xmlstring($c['acad']) . '" locked="' . $c['locked'] . '" newsletter="' . $c['newsletter'] . '" ';
$xml .= 'loose="' . $c['loose'] . '" />';
}
$xml .= '</customers>';
echo "&result=ok&customers=" . xmlencode($xml) . "&";
}
/** searches for customers
*/
##########################################
function doSearchCustomers($id, $email, $surname, $firstname){
##########################################
checkMagicQuotes();
$customers = array();
// search by customer id
if(!empty($id)){
$query = sprintf("SELECT * FROM bruckm_ticketcustomer
WHERE id = %d",
sqlnum($id));
$result = dbQuery($query);
if($line = mysqli_fetch_array($result, MYSQLI_ASSOC)){
$customers[] = $line;
return $customers;
}
}
// search by e-mail
if(!empty($email)){
$query = sprintf("SELECT * FROM bruckm_ticketcustomer
WHERE email = %s ORDER BY surname, firstname ASC",
sqlstring($email));
$result = dbQuery($query);
while($line = mysqli_fetch_array($result, MYSQLI_ASSOC)){
$customers[] = $line;
}
if(sizeof($customers) > 0){
return $customers;
}
}
// search by name
if(!empty($surname)){
// search exact matches for surname and firstname
if(!empty($firstname)){
$query = sprintf("SELECT * FROM bruckm_ticketcustomer
WHERE surname = %s AND firstname = %s ORDER BY id ASC",
sqlstring($surname),
sqlstring($firstname));
$result = dbQuery($query);
while($line = mysqli_fetch_array($result, MYSQLI_ASSOC)){
$customers[] = $line;
}
if(sizeof($customers) > 0){
return $customers;
}
}
//search exact matches for surname
$query = sprintf("SELECT * FROM bruckm_ticketcustomer
WHERE surname = %s ORDER BY firstname ASC, id ASC",
sqlstring($surname));
$result = dbQuery($query);
while($line = mysqli_fetch_array($result, MYSQLI_ASSOC)){
$customers[] = $line;
}
if(sizeof($customers) > 0){
return $customers;
}
//search wildcard matches for surname
$query = sprintf("SELECT * FROM bruckm_ticketcustomer
WHERE surname LIKE %s ORDER BY surname ASC, firstname ASC, id ASC",
sqlstring("%".$surname."%"));
$result = dbQuery($query);
while($line = mysqli_fetch_array($result, MYSQLI_ASSOC)){
$customers[] = $line;
}
if(sizeof($customers) > 0){
return $customers;
}
}
return $customers;
}
/** searches for customers with loose registration
*/
##########################################
function doSearchLooseCustomers($surname, $firstname){
##########################################
checkMagicQuotes();
$customers = array();
// search by name
if(!empty($surname)){
// search exact matches for surname and firstname
if(!empty($firstname)){
$query = sprintf("SELECT * FROM bruckm_ticketcustomer
WHERE surname = %s AND firstname = %s AND loose = 'true' ORDER BY id ASC",
sqlstring($surname),
sqlstring($firstname));
$result = dbQuery($query);
while($line = mysqli_fetch_array($result, MYSQLI_ASSOC)){
$customers[] = $line;
}
if(sizeof($customers) > 0){
return $customers;
}
}
//search exact matches for surname
$query = sprintf("SELECT * FROM bruckm_ticketcustomer
WHERE surname = %s AND loose = 'true' ORDER BY firstname ASC, id ASC",
sqlstring($surname));
$result = dbQuery($query);
while($line = mysqli_fetch_array($result, MYSQLI_ASSOC)){
$customers[] = $line;
}
if(sizeof($customers) > 0){
return $customers;
}
//search wildcard matches for surname
$query = sprintf("SELECT * FROM bruckm_ticketcustomer
WHERE surname LIKE %s AND loose = 'true' ORDER BY surname ASC, firstname ASC, id ASC",
sqlstring("%".$surname."%"));
$result = dbQuery($query);
while($line = mysqli_fetch_array($result, MYSQLI_ASSOC)){
$customers[] = $line;
}
if(sizeof($customers) > 0){
return $customers;
}
}
return $customers;
}
/** searches for events
*/
##########################################
function searchEvents(){
##########################################
$events = doSearchEvents(($_POST['title']));
if(sizeof($events) == 0){
echo "&result=empty&";
return;
}
$xml = '<?xml version="1.0" encoding="utf-8"?>';
$xml .= "<events>";
foreach($events as $e){
$xml .= '<event id="' . $e['id'] . '" title="' . xmlstring($e['name']) . '" reservationtype="' . $e['reservationType'] . '" />';
}
$xml .= '</events>';
echo "&result=ok&events=" . xmlencode($xml) . "&";
}
/** searches for events
*/
##########################################
function doSearchEvents($title){
##########################################
checkMagicQuotes();
$events = array();
// search exact matches
$query = sprintf("SELECT id, name, dates, reservationType FROM bruckm_ticketevent
WHERE name = %s AND reservationType != 'none'
ORDER BY endDate DESC",
sqlstring($title));
$result = dbQuery($query);
while($line = mysqli_fetch_assoc($result)){
if(!empty($line['dates'])){
$events[] = $line;
}
}
if(sizeof($events) > 0){
return $events;
}
// search wildcard matches
$query = sprintf("SELECT id, name, dates, reservationType FROM bruckm_ticketevent
WHERE name LIKE %s AND reservationType != 'none'
ORDER BY endDate DESC",
sqlstring("%".$title."%"));
$result = dbQuery($query);
while($line = mysqli_fetch_assoc($result)){
if(!empty($line['dates'])){
$events[] = $line;
}
}
if(sizeof($events) > 0){
return $events;
}
return $events;
}
/** searches for orders by order id
*/
##########################################
function searchOrdersByOrderId(){
##########################################
searchOrders(true, false, false);
}
/** searches for orders by customer id
*/
##########################################
function searchOrdersByCustomerId(){
##########################################
searchOrders(false, true, false);
}
/** searches for orders by date id
*/
##########################################
function searchOrdersByDateId(){
##########################################
searchOrders(false, false, true);
}
/** searches for orders
* @param order search by order id
* @param customer search by customer id
* @param event search by event id
*/
##########################################
function searchOrders($order, $customer, $event){
##########################################
$orders;
if($order){
$orders = doSearchOrdersByOrderId($_POST['id']);
}
else if($customer){
$orders = doSearchOrdersByCustomerId($_POST['id']);
}
else{
$orders = doSearchOrdersByEventId($_POST['id']);
}
if(sizeof($orders) == 0){
echo "&result=empty&";
return;
}
$xml = '<?xml version="1.0" encoding="utf-8"?>';
$xml .= "<orders>";
foreach($orders as $o){
$xml .= '<order id="' . $o['id'] . '" title="' . xmlstring($o['title']) . '" timestamp="' . $o['orderDate'] . '" paid="' . $o['paid'] . '" ';
$xml .= 'dateid="' . $o['dateId'] . '" customerid="' . $o['customerId'] . '" paymethod="' . $o['payMethod'] . '" />';
}
$xml .= '</orders>';
echo "&result=ok&orders=" . xmlencode($xml) . "&";
}
/** searches for orders by order id
*/
##########################################
function doSearchOrdersByOrderId($id){
##########################################
$orders = array();
// search orders
$query = sprintf("SELECT * FROM bruckm_ticketorder WHERE id = %d ORDER BY orderDate DESC",
sqlnum($id));
$result = dbQuery($query);
while($line = mysqli_fetch_array($result, MYSQLI_ASSOC)){
$orders[] = $line;
}
// search event titles
foreach($orders as $i=>$order){
$query = sprintf("SELECT eventId FROM bruckm_ticketdate WHERE id = %d", sqlnum($order['dateId']));
$result = dbQuery($query);
$line = mysqli_fetch_array($result, MYSQLI_ASSOC);
$query = sprintf("SELECT name FROM bruckm_ticketevent WHERE id = %d", sqlnum($line['eventId']));
$result = dbQuery($query);
$line = mysqli_fetch_array($result, MYSQLI_ASSOC);
$orders[$i]['title'] = $line['name'];
}
return $orders;
}
/** searches for orders by customer id
*/
##########################################
function doSearchOrdersByCustomerId($id){
##########################################
$orders = array();
// search orders
$query = sprintf("SELECT * FROM bruckm_ticketorder WHERE customerId = %d ORDER BY orderDate DESC",
sqlnum($id));
$result = dbQuery($query);
while($line = mysqli_fetch_array($result, MYSQLI_ASSOC)){
$orders[] = $line;
}
// search event titles
foreach($orders as $i=>$order){
$query = sprintf("SELECT eventId FROM bruckm_ticketdate WHERE id = %d", sqlnum($order['dateId']));
$result = dbQuery($query);
$line = mysqli_fetch_array($result, MYSQLI_ASSOC);
$query = sprintf("SELECT name FROM bruckm_ticketevent WHERE id = %d", sqlnum($line['eventId']));
$result = dbQuery($query);
$line = mysqli_fetch_array($result, MYSQLI_ASSOC);
$orders[$i]['title'] = $line['name'];
}
return $orders;
}
/** searches for orders by date id
*/
##########################################
function doSearchOrdersByDateId($id){
##########################################
$orders = array();
// search orders
$query = sprintf("SELECT * FROM bruckm_ticketorder WHERE dateId = %d ORDER BY orderDate DESC",
sqlnum($id));
$result = dbQuery($query);
while($line = mysqli_fetch_array($result, MYSQLI_ASSOC)){
$orders[] = $line;
}
// search event titles
foreach($orders as $i=>$order){
$query = sprintf("SELECT eventId FROM bruckm_ticketdate WHERE id = %d", sqlnum($order['dateId']));
$result = dbQuery($query);
$line = mysqli_fetch_array($result, MYSQLI_ASSOC);
$query = sprintf("SELECT name FROM bruckm_ticketevent WHERE id = %d", sqlnum($line['eventId']));
$result = dbQuery($query);
$line = mysqli_fetch_array($result, MYSQLI_ASSOC);
$orders[$i]['title'] = $line['name'];
}
return $orders;
}
/** checks for magic quotes and strips slashes, if magic quotes are on
*/
##########################################
function checkMagicQuotes(){
##########################################
if (get_magic_quotes_gpc()) {
foreach($_POST as $i=>$j){
$_POST[$i] = stripslashes($j);
}
}
}
?>
Reference in New Issue View Git Blame Copy Permalink