Files
bm/public_html/public/tickets/orders.php
2025-09-24 13:26:28 +02:00

73 lines
2.5 KiB
PHP

<?php
/** loads unpaid orders
*
* @version 2.0.0
* @since 2008-02-13
* @author Martin Lenzelbauer
*
*/
define("ROOT", "../");
require_once(ROOT."include/config.inc.php");
require_once(ROOT."include/db.inc.php");
require_once(ROOT."include/xml.inc.php");
dbQuery("SET NAMES utf8");
switch($_GET['action']){
case "loadUnpaidOrders": loadUnpaidOrders($_GET['dateId']);
break;
}
/** loads unpaid orders
* @param dateId date id or undefined, if all unpaid orders should be loaded
*/
########################################
function loadUnpaidOrders($dateId){
########################################
// load event titles
$events = array();
$query = sprintf("SELECT DISTINCT dateId FROM bruckm_ticketorder WHERE paid = 'false'");
if(!empty($dateId)){
$query = sprintf("SELECT DISTINCT dateId FROM bruckm_ticketorder WHERE dateId = %d AND paid = 'false'", sqlnum($dateId));
}
$result = dbQuery($query);
while($line = mysqli_fetch_array($result, MYSQLI_ASSOC)){
$query = sprintf("SELECT eventId, `date` FROM bruckm_ticketdate WHERE id = %d", sqlnum($line['dateId']));
$date = dbQuery($query);
$d = mysqli_fetch_array($date, MYSQLI_ASSOC);
$query = sprintf("SELECT name FROM bruckm_ticketevent WHERE id = %d", sqlnum($d['eventId']));
$event = dbQuery($query);
$e = mysqli_fetch_array($event, MYSQLI_ASSOC);
$events[$line['dateId']]['title'] = $e['name'];
$events[$line['dateId']]['date'] = $d['date'];
}
// load orders
$query = sprintf("SELECT id, orderDate, customerId, dateId FROM bruckm_ticketorder WHERE paid = 'false' ORDER BY id ASC");
if(isset($dateId)){
$query = sprintf("SELECT id, orderDate, customerId, dateId FROM bruckm_ticketorder WHERE dateId = %d AND paid = 'false' ORDER BY id ASC",
sqlnum($dateId));
}
$result = dbQuery($query);
$xml = '<?xml version="1.0" encoding="utf-8"?>';
$xml .= '<orders>';
while($line = mysqli_fetch_array($result, MYSQLI_ASSOC)){
// load customer name
$query = sprintf("SELECT firstname, surname FROM bruckm_ticketcustomer WHERE id = %d", sqlnum($line['customerId']));
$customer = dbQuery($query);
$c = mysqli_fetch_array($customer, MYSQLI_ASSOC);
$xml .= '<order id="' . $line['id'] . '" timestamp="' . strtotime($line['orderDate']) . '" event="' . xmlstring($events[$line['dateId']]['title']) . '" ';
$xml .= 'date="' . strtotime($events[$line['dateId']]['date']) . '" firstname="' . xmlstring($c['firstname']) . '" surname="' . xmlstring($c['surname']) . '" />';
}
$xml .= '</orders>';
header('Content-Type: text/xml');
echo $xml;
}
?>