495 lines
13 KiB
PHP
495 lines
13 KiB
PHP
<?php
|
|
/** searches for persons and events
|
|
*
|
|
* @version 2.0.0
|
|
* @since 2008-02-13
|
|
* @author Martin Lenzelbauer
|
|
*/
|
|
|
|
define("ROOT", "../");
|
|
require_once(ROOT."include/config.inc.php");
|
|
require_once(ROOT."include/db.inc.php");
|
|
require_once(ROOT."include/xml.inc.php");
|
|
|
|
|
|
if(DEBUG){
|
|
foreach($_GET as $i=>$j){
|
|
$_POST[$i] = urldecode($j);
|
|
}
|
|
}
|
|
|
|
switch($_GET['action']){
|
|
case "searchCustomers": searchCustomers();
|
|
break;
|
|
case "searchLooseCustomers": searchLooseCustomers();
|
|
break;
|
|
case "searchEvents": searchEvents();
|
|
break;
|
|
case "searchOrdersByOrderId": searchOrdersByOrderId();
|
|
break;
|
|
case "searchOrdersByCustomerId": searchOrdersByCustomerId();
|
|
break;
|
|
case "searchOrdersByDateId": searchOrdersByDateId();
|
|
break;
|
|
}
|
|
|
|
|
|
|
|
|
|
/** searches for customers
|
|
*/
|
|
##########################################
|
|
function searchCustomers(){
|
|
##########################################
|
|
|
|
$customers = doSearchCustomers($_POST['id'], ($_POST['email']), ($_POST['surname']), ($_POST['firstname']));
|
|
|
|
if(sizeof($customers) == 0){
|
|
echo "&result=empty&";
|
|
return;
|
|
}
|
|
|
|
$xml = '<?xml version="1.0" encoding="utf-8"?>';
|
|
$xml .= "<customers>";
|
|
|
|
foreach($customers as $c){
|
|
$xml .= '<customer id="' . $c['id'] . '" firstname="' . xmlstring($c['firstname']) . '" surname="' . xmlstring($c['surname']) . '" ';
|
|
$xml .= 'email="' . xmlstring($c['email']) . '" address="' . xmlstring($c['address']) . '" zip="' . xmlstring($c['zip']) . '" ';
|
|
$xml .= 'city="' . xmlstring($c['city']) . '" phone="' . xmlstring($c['phone']) . '" country="' . xmlstring($c['country']) . '" ';
|
|
$xml .= 'gender="' . $c['gender'] . '" acad="' . xmlstring($c['acad']) . '" locked="' . $c['locked'] . '" newsletter="' . $c['newsletter'] . '" ';
|
|
$xml .= 'loose="' . $c['loose'] . '" />';
|
|
}
|
|
|
|
$xml .= '</customers>';
|
|
|
|
echo "&result=ok&customers=" . xmlencode($xml) . "&";
|
|
|
|
}
|
|
|
|
|
|
/** searches for customers with loose registration
|
|
*/
|
|
##########################################
|
|
function searchLooseCustomers(){
|
|
##########################################
|
|
|
|
$customers = doSearchLooseCustomers(($_POST['surname']), ($_POST['firstname']));
|
|
|
|
if(sizeof($customers) == 0){
|
|
echo "&result=empty&";
|
|
return;
|
|
}
|
|
|
|
$xml = '<?xml version="1.0" encoding="utf-8"?>';
|
|
$xml .= "<customers>";
|
|
|
|
foreach($customers as $c){
|
|
$xml .= '<customer id="' . $c['id'] . '" firstname="' . xmlstring($c['firstname']) . '" surname="' . xmlstring($c['surname']) . '" ';
|
|
$xml .= 'email="' . xmlstring($c['email']) . '" address="' . xmlstring($c['address']) . '" zip="' . xmlstring($c['zip']) . '" ';
|
|
$xml .= 'city="' . xmlstring($c['city']) . '" phone="' . xmlstring($c['phone']) . '" country="' . xmlstring($c['country']) . '" ';
|
|
$xml .= 'gender="' . $c['gender'] . '" acad="' . xmlstring($c['acad']) . '" locked="' . $c['locked'] . '" newsletter="' . $c['newsletter'] . '" ';
|
|
$xml .= 'loose="' . $c['loose'] . '" />';
|
|
}
|
|
|
|
$xml .= '</customers>';
|
|
|
|
echo "&result=ok&customers=" . xmlencode($xml) . "&";
|
|
|
|
}
|
|
|
|
|
|
/** searches for customers
|
|
*/
|
|
##########################################
|
|
function doSearchCustomers($id, $email, $surname, $firstname){
|
|
##########################################
|
|
|
|
checkMagicQuotes();
|
|
|
|
$customers = array();
|
|
|
|
// search by customer id
|
|
if(!empty($id)){
|
|
$query = sprintf("SELECT * FROM bruckm_ticketcustomer
|
|
WHERE id = %d",
|
|
sqlnum($id));
|
|
$result = dbQuery($query);
|
|
if($line = mysqli_fetch_array($result, MYSQLI_ASSOC)){
|
|
$customers[] = $line;
|
|
return $customers;
|
|
}
|
|
}
|
|
|
|
// search by e-mail
|
|
if(!empty($email)){
|
|
$query = sprintf("SELECT * FROM bruckm_ticketcustomer
|
|
WHERE email = %s ORDER BY surname, firstname ASC",
|
|
sqlstring($email));
|
|
$result = dbQuery($query);
|
|
while($line = mysqli_fetch_array($result, MYSQLI_ASSOC)){
|
|
$customers[] = $line;
|
|
}
|
|
if(sizeof($customers) > 0){
|
|
return $customers;
|
|
}
|
|
}
|
|
|
|
// search by name
|
|
if(!empty($surname)){
|
|
|
|
// search exact matches for surname and firstname
|
|
if(!empty($firstname)){
|
|
$query = sprintf("SELECT * FROM bruckm_ticketcustomer
|
|
WHERE surname = %s AND firstname = %s ORDER BY id ASC",
|
|
sqlstring($surname),
|
|
sqlstring($firstname));
|
|
$result = dbQuery($query);
|
|
while($line = mysqli_fetch_array($result, MYSQLI_ASSOC)){
|
|
$customers[] = $line;
|
|
}
|
|
if(sizeof($customers) > 0){
|
|
return $customers;
|
|
}
|
|
}
|
|
|
|
//search exact matches for surname
|
|
$query = sprintf("SELECT * FROM bruckm_ticketcustomer
|
|
WHERE surname = %s ORDER BY firstname ASC, id ASC",
|
|
sqlstring($surname));
|
|
$result = dbQuery($query);
|
|
while($line = mysqli_fetch_array($result, MYSQLI_ASSOC)){
|
|
$customers[] = $line;
|
|
}
|
|
if(sizeof($customers) > 0){
|
|
return $customers;
|
|
}
|
|
|
|
//search wildcard matches for surname
|
|
$query = sprintf("SELECT * FROM bruckm_ticketcustomer
|
|
WHERE surname LIKE %s ORDER BY surname ASC, firstname ASC, id ASC",
|
|
sqlstring("%".$surname."%"));
|
|
$result = dbQuery($query);
|
|
while($line = mysqli_fetch_array($result, MYSQLI_ASSOC)){
|
|
$customers[] = $line;
|
|
}
|
|
if(sizeof($customers) > 0){
|
|
return $customers;
|
|
}
|
|
|
|
}
|
|
|
|
return $customers;
|
|
|
|
}
|
|
|
|
|
|
/** searches for customers with loose registration
|
|
*/
|
|
##########################################
|
|
function doSearchLooseCustomers($surname, $firstname){
|
|
##########################################
|
|
|
|
checkMagicQuotes();
|
|
|
|
$customers = array();
|
|
|
|
// search by name
|
|
if(!empty($surname)){
|
|
|
|
// search exact matches for surname and firstname
|
|
if(!empty($firstname)){
|
|
$query = sprintf("SELECT * FROM bruckm_ticketcustomer
|
|
WHERE surname = %s AND firstname = %s AND loose = 'true' ORDER BY id ASC",
|
|
sqlstring($surname),
|
|
sqlstring($firstname));
|
|
$result = dbQuery($query);
|
|
while($line = mysqli_fetch_array($result, MYSQLI_ASSOC)){
|
|
$customers[] = $line;
|
|
}
|
|
if(sizeof($customers) > 0){
|
|
return $customers;
|
|
}
|
|
}
|
|
|
|
//search exact matches for surname
|
|
$query = sprintf("SELECT * FROM bruckm_ticketcustomer
|
|
WHERE surname = %s AND loose = 'true' ORDER BY firstname ASC, id ASC",
|
|
sqlstring($surname));
|
|
$result = dbQuery($query);
|
|
while($line = mysqli_fetch_array($result, MYSQLI_ASSOC)){
|
|
$customers[] = $line;
|
|
}
|
|
if(sizeof($customers) > 0){
|
|
return $customers;
|
|
}
|
|
|
|
//search wildcard matches for surname
|
|
$query = sprintf("SELECT * FROM bruckm_ticketcustomer
|
|
WHERE surname LIKE %s AND loose = 'true' ORDER BY surname ASC, firstname ASC, id ASC",
|
|
sqlstring("%".$surname."%"));
|
|
$result = dbQuery($query);
|
|
while($line = mysqli_fetch_array($result, MYSQLI_ASSOC)){
|
|
$customers[] = $line;
|
|
}
|
|
if(sizeof($customers) > 0){
|
|
return $customers;
|
|
}
|
|
|
|
}
|
|
|
|
return $customers;
|
|
|
|
}
|
|
|
|
|
|
/** searches for events
|
|
*/
|
|
##########################################
|
|
function searchEvents(){
|
|
##########################################
|
|
|
|
|
|
$events = doSearchEvents(($_POST['title']));
|
|
|
|
|
|
if(sizeof($events) == 0){
|
|
echo "&result=empty&";
|
|
return;
|
|
}
|
|
|
|
$xml = '<?xml version="1.0" encoding="utf-8"?>';
|
|
$xml .= "<events>";
|
|
|
|
foreach($events as $e){
|
|
$xml .= '<event id="' . $e['id'] . '" title="' . xmlstring($e['name']) . '" reservationtype="' . $e['reservationType'] . '" />';
|
|
}
|
|
|
|
$xml .= '</events>';
|
|
|
|
echo "&result=ok&events=" . xmlencode($xml) . "&";
|
|
|
|
}
|
|
|
|
|
|
/** searches for events
|
|
*/
|
|
##########################################
|
|
function doSearchEvents($title){
|
|
##########################################
|
|
|
|
checkMagicQuotes();
|
|
|
|
$events = array();
|
|
|
|
// search exact matches
|
|
$query = sprintf("SELECT id, name, dates, reservationType FROM bruckm_ticketevent
|
|
WHERE name = %s AND reservationType != 'none'
|
|
ORDER BY endDate DESC",
|
|
sqlstring($title));
|
|
$result = dbQuery($query);
|
|
while($line = mysqli_fetch_assoc($result)){
|
|
if(!empty($line['dates'])){
|
|
$events[] = $line;
|
|
}
|
|
}
|
|
if(sizeof($events) > 0){
|
|
return $events;
|
|
}
|
|
|
|
// search wildcard matches
|
|
$query = sprintf("SELECT id, name, dates, reservationType FROM bruckm_ticketevent
|
|
WHERE name LIKE %s AND reservationType != 'none'
|
|
ORDER BY endDate DESC",
|
|
sqlstring("%".$title."%"));
|
|
$result = dbQuery($query);
|
|
while($line = mysqli_fetch_assoc($result)){
|
|
if(!empty($line['dates'])){
|
|
$events[] = $line;
|
|
}
|
|
}
|
|
if(sizeof($events) > 0){
|
|
return $events;
|
|
}
|
|
|
|
return $events;
|
|
|
|
}
|
|
|
|
|
|
/** searches for orders by order id
|
|
*/
|
|
##########################################
|
|
function searchOrdersByOrderId(){
|
|
##########################################
|
|
searchOrders(true, false, false);
|
|
}
|
|
|
|
|
|
/** searches for orders by customer id
|
|
*/
|
|
##########################################
|
|
function searchOrdersByCustomerId(){
|
|
##########################################
|
|
searchOrders(false, true, false);
|
|
}
|
|
|
|
|
|
/** searches for orders by date id
|
|
*/
|
|
##########################################
|
|
function searchOrdersByDateId(){
|
|
##########################################
|
|
searchOrders(false, false, true);
|
|
}
|
|
|
|
|
|
/** searches for orders
|
|
* @param order search by order id
|
|
* @param customer search by customer id
|
|
* @param event search by event id
|
|
*/
|
|
##########################################
|
|
function searchOrders($order, $customer, $event){
|
|
##########################################
|
|
|
|
$orders;
|
|
if($order){
|
|
$orders = doSearchOrdersByOrderId($_POST['id']);
|
|
}
|
|
else if($customer){
|
|
$orders = doSearchOrdersByCustomerId($_POST['id']);
|
|
}
|
|
else{
|
|
$orders = doSearchOrdersByEventId($_POST['id']);
|
|
}
|
|
|
|
if(sizeof($orders) == 0){
|
|
echo "&result=empty&";
|
|
return;
|
|
}
|
|
|
|
$xml = '<?xml version="1.0" encoding="utf-8"?>';
|
|
$xml .= "<orders>";
|
|
|
|
foreach($orders as $o){
|
|
$xml .= '<order id="' . $o['id'] . '" title="' . xmlstring($o['title']) . '" timestamp="' . $o['orderDate'] . '" paid="' . $o['paid'] . '" ';
|
|
$xml .= 'dateid="' . $o['dateId'] . '" customerid="' . $o['customerId'] . '" paymethod="' . $o['payMethod'] . '" />';
|
|
}
|
|
|
|
$xml .= '</orders>';
|
|
|
|
echo "&result=ok&orders=" . xmlencode($xml) . "&";
|
|
|
|
}
|
|
|
|
|
|
/** searches for orders by order id
|
|
*/
|
|
##########################################
|
|
function doSearchOrdersByOrderId($id){
|
|
##########################################
|
|
|
|
$orders = array();
|
|
|
|
// search orders
|
|
$query = sprintf("SELECT * FROM bruckm_ticketorder WHERE id = %d ORDER BY orderDate DESC",
|
|
sqlnum($id));
|
|
$result = dbQuery($query);
|
|
while($line = mysqli_fetch_array($result, MYSQLI_ASSOC)){
|
|
$orders[] = $line;
|
|
}
|
|
|
|
// search event titles
|
|
foreach($orders as $i=>$order){
|
|
$query = sprintf("SELECT eventId FROM bruckm_ticketdate WHERE id = %d", sqlnum($order['dateId']));
|
|
$result = dbQuery($query);
|
|
$line = mysqli_fetch_array($result, MYSQLI_ASSOC);
|
|
$query = sprintf("SELECT name FROM bruckm_ticketevent WHERE id = %d", sqlnum($line['eventId']));
|
|
$result = dbQuery($query);
|
|
$line = mysqli_fetch_array($result, MYSQLI_ASSOC);
|
|
$orders[$i]['title'] = $line['name'];
|
|
}
|
|
|
|
return $orders;
|
|
|
|
}
|
|
|
|
|
|
/** searches for orders by customer id
|
|
*/
|
|
##########################################
|
|
function doSearchOrdersByCustomerId($id){
|
|
##########################################
|
|
|
|
$orders = array();
|
|
|
|
// search orders
|
|
$query = sprintf("SELECT * FROM bruckm_ticketorder WHERE customerId = %d ORDER BY orderDate DESC",
|
|
sqlnum($id));
|
|
$result = dbQuery($query);
|
|
while($line = mysqli_fetch_array($result, MYSQLI_ASSOC)){
|
|
$orders[] = $line;
|
|
}
|
|
|
|
// search event titles
|
|
foreach($orders as $i=>$order){
|
|
$query = sprintf("SELECT eventId FROM bruckm_ticketdate WHERE id = %d", sqlnum($order['dateId']));
|
|
$result = dbQuery($query);
|
|
$line = mysqli_fetch_array($result, MYSQLI_ASSOC);
|
|
$query = sprintf("SELECT name FROM bruckm_ticketevent WHERE id = %d", sqlnum($line['eventId']));
|
|
$result = dbQuery($query);
|
|
$line = mysqli_fetch_array($result, MYSQLI_ASSOC);
|
|
$orders[$i]['title'] = $line['name'];
|
|
}
|
|
|
|
return $orders;
|
|
|
|
}
|
|
|
|
|
|
/** searches for orders by date id
|
|
*/
|
|
##########################################
|
|
function doSearchOrdersByDateId($id){
|
|
##########################################
|
|
|
|
$orders = array();
|
|
|
|
// search orders
|
|
$query = sprintf("SELECT * FROM bruckm_ticketorder WHERE dateId = %d ORDER BY orderDate DESC",
|
|
sqlnum($id));
|
|
$result = dbQuery($query);
|
|
while($line = mysqli_fetch_array($result, MYSQLI_ASSOC)){
|
|
$orders[] = $line;
|
|
}
|
|
|
|
// search event titles
|
|
foreach($orders as $i=>$order){
|
|
$query = sprintf("SELECT eventId FROM bruckm_ticketdate WHERE id = %d", sqlnum($order['dateId']));
|
|
$result = dbQuery($query);
|
|
$line = mysqli_fetch_array($result, MYSQLI_ASSOC);
|
|
$query = sprintf("SELECT name FROM bruckm_ticketevent WHERE id = %d", sqlnum($line['eventId']));
|
|
$result = dbQuery($query);
|
|
$line = mysqli_fetch_array($result, MYSQLI_ASSOC);
|
|
$orders[$i]['title'] = $line['name'];
|
|
}
|
|
|
|
return $orders;
|
|
|
|
}
|
|
|
|
|
|
/** checks for magic quotes and strips slashes, if magic quotes are on
|
|
*/
|
|
##########################################
|
|
function checkMagicQuotes(){
|
|
##########################################
|
|
if (get_magic_quotes_gpc()) {
|
|
foreach($_POST as $i=>$j){
|
|
$_POST[$i] = stripslashes($j);
|
|
}
|
|
}
|
|
}
|
|
|
|
|
|
?>
|