Untitled

<?php
session_start();
//include_once('connect.php');
// Configuration
function get_configuration($data)
{
	$query = mysql_query("SELECT * FROM " . global_mysql_configuration_table)or die('<span class="error_span"><u>MySQL error:</u> ' . htmlspecialchars(mysql_error()) . '</span>');
	$configuration = mysql_fetch_array($query);
	return($configuration[$data]);
}
// Password
function random_password()
{
	$password = rand('1001', '9999');
	return $password;
}
function encrypt_password($password)
{
	$password = crypt($password, '$1$' . global_salt);
	return($password);
}
function add_salt($password)
{
	$password = '$1$' . substr(global_salt, 0, -1) . '$' . $password;
	return($password);
}
function strip_salt($password)
{
	$password = str_replace('$1$' . substr(global_salt, 0, -1) . '$', '', $password);
	return($password);
}
// String manipulation
function modify_email($email)
{
	$email = str_replace('@', '(at)', $email);
	$email = str_replace('.', '(dot)', $email);
	return($email);
}
// String validation
function validate_user_name($user_name)
{
	if(preg_match('/^[a-z æøåÆØÅ]{2,12}$/i', $user_name))
	{
		return(true);
	}
}
function validate_user_phone($user_mobile)
{
	if(preg_match('/^[0-9]{10}$/', $user_mobile)) // To make sure leading digit is not zero, use '/^[1-9][0-9]{0,15}$/'
	{
		return(true);
	}
}
function validate_user_email($user_email)
{
	if(filter_var($user_email, FILTER_VALIDATE_EMAIL) && strlen($user_email) < 51)
	{
		return(true);
	}
}
function validate_user_password($user_password)
{
	if(strlen($user_password) > 3 && trim($user_password) != '')
	{
		return(true);
	}
}
function validate_price($price)
{
	if(is_numeric($price))
	{
		return(true);
	}
}
// User validation
function user_name_exists($user_name)
{
	$query = mysql_query("SELECT * FROM " . global_mysql_users_table . " WHERE user_name='$user_name'")or die('<span class="error_span"><u>MySQL error:</u> ' . htmlspecialchars(mysql_error()) . '</span>');
	if(mysql_num_rows($query) > 0)
	{
		return(true);
	}
}
function user_email_exists($user_email)
{
	$query = mysql_query("SELECT * FROM " . global_mysql_users_table . " WHERE user_email='$user_email'")or die('<span class="error_span"><u>MySQL error:</u> ' . htmlspecialchars(mysql_error()) . '</span>');
	if(mysql_num_rows($query) > 0)
	{
		return(true);
	}
}
// Login
function get_login_data($data)
{
	if($data == 'user_email' && isset($_COOKIE[global_cookie_prefix . '_user_email']))
	{
		return($_COOKIE[global_cookie_prefix . '_user_email']);
	}
	elseif($data == 'user_password' && isset($_COOKIE[global_cookie_prefix . '_user_password']))
	{
		return($_COOKIE[global_cookie_prefix . '_user_password']);
	}
	elseif($data == 'user_company' && isset($_COOKIE[global_cookie_prefix . '_user_company']))
	{
		return($_COOKIE[global_cookie_prefix . '_user_company']);
	}
	elseif($data == 'registration_company' && isset($_COOKIE[global_cookie_prefix . '_registration_company']))
	{
		return($_COOKIE[global_cookie_prefix . '_registration_company']);
	}
	elseif($data == 'registration_name' && isset($_COOKIE[global_cookie_prefix . '_registration_name']))
	{
		return($_COOKIE[global_cookie_prefix . '_registration_name']);
	}
	elseif($data == 'registration_email' && isset($_COOKIE[global_cookie_prefix . '_registration_email']))
	{
		return($_COOKIE[global_cookie_prefix . '_registration_email']);
	}
	elseif($data == 'registration_password' && isset($_COOKIE[global_cookie_prefix . '_registration_password']))
	{
		return($_COOKIE[global_cookie_prefix . '_registration_password']);
	}

}
function login($user_email, $user_password, $user_company, $user_remember)
{

	/*if(validate_user_name($user_name) != true)
	{
		return('<span class="error_span">Name must be <u>letters only</u> and be <u>2 to 12 letters long</u>.</span>');
	}*/
	if(validate_user_email($user_email) != true)
	{
		return('<span class="error_span">Email must be a valid email address and be no more than 50 characters long</span>');
	}
	elseif(validate_user_password($user_password) != true)
	{
		return('<span class="error_span">Password must be at least 4 characters</span>');
	}
	elseif(global_secret_code != '0' && $user_secret_code != global_secret_code)
	{
		return('<span class="error_span">Wrong secret code</span>');
	}

	$user_password_encrypted = encrypt_password($user_password);
	$user_password = add_salt($user_password);


	$database = $user_company;

 $_SESSION['company_name'] = $user_company;

	$company_name = $user_company;

	if(isset($_SESSION['new_user_db'])){
	$database = $_SESSION['new_user_db'];
	}
   else{
	$database = $user_company;
	}

	$_SESSION['db'] = $database;

	connect_to_db();

	/*if(user_name_exists($user_name) == true)
	{
		return('<span class="error_span">Name is already in use. If you have the same name as someone else, use another spelling that identifies you</span>');
	}*/

	/*if(user_email_exists($user_email) == true)
	     {
		    return('<span class="error_span">Email is already registered. <a href="#forgot_password">Forgot your password?</a></span>');
	     }
		 */

	$query = mysql_query("SELECT * FROM " . global_mysql_users_table . " WHERE user_email='$user_email' AND user_password='$user_password_encrypted' AND company_name='$company_name' OR user_email='$user_email' AND user_password='$user_password' AND company_name='$company_name'")or die('<span class="error_span"><u>MySQL error:</u> ' . htmlspecialchars(mysql_error()) . '</span>');
	if(mysql_num_rows($query) == 1)
	{
			$user = mysql_fetch_array($query);
			$_SESSION['user_id'] = $user['user_id'];
			$_SESSION['user_is_admin'] = $user['user_is_admin'];
			$_SESSION['user_email'] = $user['user_email'];
			$_SESSION['user_name'] = $user['user_name'];
			$_SESSION['user_reservation_reminder'] = $user['user_reservation_reminder'];
			$_SESSION['logged_in'] = '1';
			$_SESSION['db'] = $database;
			if($user_remember == '1')
			{
				$user_password = strip_salt($user['user_password']);
				setcookie(global_cookie_prefix . '_user_email', $user['user_email'], time() );
				setcookie(global_cookie_prefix . '_user_password', $user_password, time() );
				setcookie(global_cookie_prefix . '_user_company', $user_password, time() );

			}
			return(1);
	}
}
function check_login()
{
	//if(isset($_SESSION['logged_in']))
		//{

	$database = $_SESSION['db'];

	$company_name = $_SESSION['company_name'];


	connect_to_db();
		$user_id = $_SESSION['user_id'];
		$query = mysql_query("SELECT * FROM " . global_mysql_users_table . " WHERE user_id='$user_id' AND company_name='$company_name'")or die('<span class="error_span"><u>MySQL error:</u> ' . htmlspecialchars(mysql_error()) . '</span>');
		if(mysql_num_rows($query) == 1)
		{
			return(true);
		}
		else
		{
			logout();
			echo '<script type="text/javascript">window.location.replace(\'.\');</script>';
		}
	//}
	//else
	//{
		//logout();
		//echo '<script type="text/javascript">window.location.replace(\'.\');</script>';
	//}
}
function check_if_ur_exists($url){
$database = 'sydney';
connect_to_db();
$query = mysql_query("SELECT * FROM configuration WHERE url='$url'")or die('<span class="error_span"><u>MySQL error:</u> ' . htmlspecialchars(mysql_error()) . '</span>');
		if(mysql_num_rows($query) == 1)
		{
		  $user = mysql_fetch_array($query);
		  $_SESSION['login_company_name'] = $user['company'];
			return(1);
		}
//"UPDATE " . global_mysql_configuration_table . " SET price='$price'"
/*$query = mysql_query("UPDATE configuration SET url='$url'")or die('<span class="error_span"><u>MySQL error:</u> ' . htmlspecialchars(mysql_error()) . '</span>');*/
//mysql_close($connect_me);
return(0);
}
function logout()
{
	session_unset();
	setcookie(global_cookie_prefix . '_user_email', '', time() - 60);
	setcookie(global_cookie_prefix . '_user_password', '', time() - 60);
	setcookie(global_cookie_prefix . '_user_company', '', time() - 60);

}
function create_user($user_company, $user_name,$user_mobile, $user_email, $user_password, $user_secret_code)
{
    //$database = $user_company;
	$database = 'sydney';

	$company_name = $user_company;

	if(validate_user_phone($user_mobile) != true)
	{
		return('<span class="error_span"> Phone invalid <u>letters only</u> and be <u>2 to 12 letters long</u>. If your name is longer, use a short version of your name</span>');
	}


	if(validate_user_name($user_name) != true)
	{
		return('<span class="error_span">Name must be <u>letters only</u> and be <u>2 to 12 letters long</u>. If your name is longer, use a short version of your name</span>');
	}
	elseif(validate_user_email($user_email) != true)
	{
		return('<span class="error_span">Email must be a valid email address and be no more than 50 characters long</span>');
	}
	elseif(validate_user_password($user_password) != true)
	{
		return('<span class="error_span">Password must be at least 4 characters</span>');
	}
	elseif(global_secret_code != '0' && $user_secret_code != global_secret_code)
	{
		return('<span class="error_span">Wrong secret code</span>');
	}
	/*elseif(user_name_exists($user_name) == true)
	{
		return('<span class="error_span">Name is already in use. If you have the same name as someone else, use another spelling that identifies you</span>');
	}*/

	else
	{

		//if( $_SESSION['register'] == '1'){
			/*********************************DB REGISTRATION***************************************************/
			//$con=mysqli_connect("localhost","root","");


			/*
			$sql="SELECT SCHEMA_NAME FROM INFORMATION_SCHEMA.SCHEMATA WHERE SCHEMA_NAME = '$database'";
			$result = mysqli_query($con,$sql);

			if(mysqli_num_rows($result) == 1)
            {
			  return('<span class="error_span">The company name you are trying to register already exists. Please use a different company name.</span>');
			  }


			*/


			//$sql="CREATE DATABASE $database";
			// mysqli_query($con,$sql);

			//  connect to database
			//$con=mysqli_connect("localhost","root","","$database");
			// Check connection
		/*	 $configuration =" CREATE TABLE IF NOT EXISTS phpmyreservation_configuration (
			 id int(10) NOT NULL AUTO_INCREMENT,
			 price float NOT NULL,
			 PRIMARY KEY (id)
			 ) ENGINE=MyISAM  DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci AUTO_INCREMENT=2" ;
			 mysqli_query($con,$configuration);

			//Dumping data for table `phpmyreservation_configuration
			 mysqli_query($con,"INSERT INTO phpmyreservation_configuration (id, price) VALUES
			 (1, 2)");   */
			/*

			  $reservations = "CREATE TABLE IF NOT EXISTS reservations_table (
			  company_name varchar(100) COLLATE utf8_unicode_ci NOT NULL,
			  reservation_id int(10) NOT NULL AUTO_INCREMENT,
			  reservation_made_time datetime NOT NULL,
			  reservation_year smallint(4) NOT NULL,
			  reservation_week tinyint(2) NOT NULL,
				reservation_day tinyint(1) NOT NULL,
				reservation_time varchar(100) COLLATE utf8_unicode_ci NOT NULL,
				reservation_price float NOT NULL,
				reservation_user_id int(10) NOT NULL,
				reservation_user_email varchar(100) COLLATE utf8_unicode_ci NOT NULL,
				reservation_user_name varchar(100) COLLATE utf8_unicode_ci NOT NULL,
				PRIMARY KEY (reservation_id)
				) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci AUTO_INCREMENT=1" ;
				mysqli_query($con,$reservations); */

/*
			   $sql = "CREATE TABLE IF NOT EXISTS users_table (
			    company_name varchar(100) COLLATE utf8_unicode_ci NOT NULL,
				user_id int(10) NOT NULL AUTO_INCREMENT,
				user_is_admin tinyint(1) NOT NULL,
				user_email varchar(100) COLLATE utf8_unicode_ci NOT NULL,
				user_password varchar(1000) COLLATE utf8_unicode_ci NOT NULL,
				user_name varchar(100) COLLATE utf8_unicode_ci NOT NULL,
				user_mobile bigint(20) NOT NULL,
				user_reservation_reminder tinyint(1) NOT NULL,
				PRIMARY KEY (user_id)
				) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci AUTO_INCREMENT=1" ;
				mysqli_query($con,$sql) ;
				mysqli_close($con);*/

				//$_SESSION['new_user_db'] = $database;


          /********************************************************************************************/

	    //$_SESSION['new_user_db'] = $database;
	    connect_to_db();
 /*
        if(user_email_exists($user_email) == true)
	     {
		    return('<span class="error_span">Email is already registered. <a href="#forgot_password">Forgot your password?</a></span>');
	     }
		 */

		$query = mysql_query("SELECT * FROM " . global_mysql_users_table . " WHERE company_name='$company_name'")or die('<span class="error_span"><u>MySQL error:</u> ' . htmlspecialchars(mysql_error()) . '</span>');
		if(mysql_num_rows($query) == 0)
		{
			$user_is_admin = '1';
			$_SESSION['just_registered'] = '1';
			$url=$company_name;
			$sms_msg='Hello [user_name] , This is a remainder for your appointment with [business_name] today, the [today_date] , at [appointment_time] . The team,    [business_name] .';

			$email_msg='Hello [user_name] , This is a remainder for your appointment with [business_name] today, the [today_date] , at [appointment_time] . The team,    [business_name] .';

			$welcome_msg='Hello [user_name] , This is a remainder for your appointment with [business_name] today, the [today_date] , at [appointment_time] . The team,    [business_name] .';


			mysql_query (" INSERT INTO configuration (secret_code, company, sms_message, email_message, welcome_email_message, enable_sms, enable_email, enable_email_verification, registration_enabling, who_can, url) VALUES
            (0, '$company_name', '$sms_msg', '$email_msg', '$welcome_msg', 0, 0,0, 1, 0, '$url')")or die('<span class="error_span"><u>MySQL error:</u> ' . htmlspecialchars(mysql_error()) . '</span>');
		}
		else
		{
			$user_is_admin = '0';
			$_SESSION['just_signed_up'] = '1';

			send_mail_if_enabled();
			}
		$user_password = encrypt_password($user_password);

		mysql_query("INSERT INTO " . global_mysql_users_table . " (company_name,user_is_admin,user_email,user_password,user_name,user_mobile,user_reservation_reminder) VALUES ('$company_name',$user_is_admin,'$user_email','$user_password','$user_name','$user_mobile','0')")or die('<span class="error_span"><u>MySQL error:</u> ' . htmlspecialchars(mysql_error()) . '</span>');


		$url=$company_name;
		$_SESSION['url']=$url;

		$_SESSION['company_name'] = $company_name ;


		$user_password = strip_salt($user_password);
		setcookie(global_cookie_prefix . '_user_email', $user_email, time() +60 );
		setcookie(global_cookie_prefix . '_user_password', $user_password, time() + 60 );
		setcookie(global_cookie_prefix . '_user_company', $user_company, time() + 60);
		return(1);
	}
}
function send_mail_if_enabled()
{
$company_name = $_SESSION['company_name'];

	$query = mysql_query("SELECT * FROM configuration WHERE company ='$company_name'")or die('<span class="error_span"><u>MySQL error:</u> ' . htmlspecialchars(mysql_error()) . '</span>');
	$user = mysql_fetch_array($query);
	if($user['enable_email_verification'] == 1){
	   $myemail="matt.mwansa@yahoo.com";
	   $subject="go fool";
	   $message="let go";
	   mail($myemail, $subject, $message);
 }
 }
function list_admin_users()
{
	$query = mysql_query("SELECT * FROM " . global_mysql_users_table . " WHERE user_is_admin='1' ORDER BY user_name")or die('<span class="error_span"><u>MySQL error:</u> ' . htmlspecialchars(mysql_error()) . '</span>');
	if(mysql_num_rows($query) < 1)
	{
		return('<span class="error_span">There are no admins</span>');
	}
	else
	{
		$return = '<table id="forgot_password_table"><tr><th>Name</th><th>Email</th></tr>';
		$i = 0;
		while($user = mysql_fetch_array($query))
		{
			$i++;
			$return .= '<tr><td>' . $user['user_name'] . '</td><td><span id="email_span_' . $i . '"></span></td></tr><script type="text/javascript">$(\'#email_span_' . $i . '\').html(\'<a href="mailto:\'+$.base64.decode(\'' . base64_encode($user['user_email']) . '\')+\'">\'+$.base64.decode(\'' . base64_encode($user['user_email']) . '\')+\'</a>\');</script>';
		}
		$return .= '</table>';
		return($return);
	}
}
// Reservations
function highlight_day($day)
{
	$day = str_ireplace(global_day_name, '<span id="today_span">' . global_day_name . '</span>', $day);
	return $day;
}
function read_reservation($week, $day, $time)
{
     $company_name = $_SESSION['company_name'];
	 $user_name = $_SESSION['user_name'];
	 $is_admin = $_SESSION['user_is_admin'];

	$query = mysql_query("SELECT * FROM " . global_mysql_reservations_table . " WHERE reservation_week='$week'
	AND company_name='$company_name' AND reservation_day='$day' AND reservation_time='$time'")or die('<span class="error_span"><u>MySQL error:</u> ' . htmlspecialchars(mysql_error()) . '</span>');
	$reservation = mysql_fetch_array($query);

	if( $is_admin == 1){
		if((strcmp( $reservation['reservation_user_name'], $user_name ) === 0 )){
				return( ' <span style="color:red">'.$reservation['reservation_user_name'].'</span>');
			}
		else{
			return($reservation['reservation_user_name']);
			}
	}

	if( strcmp( $reservation['reservation_user_name'], $user_name ) === 0){
	  return($reservation['reservation_user_name']);
	  }

     if( $reservation['reservation_user_name'] != '') {
	 return ('Reserved');
	}


	return($reservation['reservation_user_name']);

}
function read_reservation_details($week, $day, $time)
{
	 $company_name = $_SESSION['company_name'];

	$query = mysql_query("SELECT * FROM " . global_mysql_reservations_table . " WHERE reservation_week='$week' AND reservation_day='$day' AND company_name='$company_name' AND reservation_time='$time'")or die('<span class="error_span"><u>MySQL error:</u> ' . htmlspecialchars(mysql_error()) . '</span>');
	$reservation = mysql_fetch_array($query);
	if(empty($reservation))
	{
		return(0);

	}
	else
	{
		return('<b>Reservation made:</b> ' . $reservation['reservation_made_time'] . '<br><b>User\'s email:</b> ' . $reservation['reservation_user_email']);
	}
}
function make_reservation($week, $day, $time)
{
	$user_id = $_SESSION['user_id'];
	$user_email = $_SESSION['user_email'];
	$user_name = $_SESSION['user_name'];
	$price = global_price;

	$user_reservation_id = $_SESSION['user_id'];


	$company_name = $_SESSION['company_name'];
	if($week == '0' && $day == '0' && $time == '0')
	{
		mysql_query("INSERT INTO " . global_mysql_reservations_table . " (company_name,reservation_made_time,reservation_week,reservation_day,reservation_time,reservation_price,reservation_user_id,reservation_user_email,reservation_user_name) VALUES ( '$company_name',now(),'$week','$day','$time','$price','$user_id','$user_email','$user_name')")or die('<span class="error_span"><u>MySQL error:</u> ' . htmlspecialchars(mysql_error()) . '</span>');
		return(1);
	}
	elseif($week < global_week_number && $_SESSION['user_is_admin'] != '1' || $week == global_week_number && $day < global_day_number && $_SESSION['user_is_admin'] != '1')
	{
		return('You can\'t reserve back in time');
	}
	elseif($week > global_week_number + global_weeks_forward && $_SESSION['user_is_admin'] != '1')
	{
		return('You can only reserve ' . global_weeks_forward . ' weeks forward in time');
	}
	else
	{
		$query = mysql_query("SELECT * FROM " . global_mysql_reservations_table . " WHERE reservation_week='$week' AND reservation_day='$day'AND company_name='$company_name' AND reservation_time='$time'")or die('<span class="error_span"><u>MySQL error:</u> ' . htmlspecialchars(mysql_error()) . '</span>');
		if(mysql_num_rows($query) < 1)
		{
			$year = global_year;
			mysql_query("INSERT INTO " . global_mysql_reservations_table . " (company_name, reservation_made_time,reservation_year,reservation_week,reservation_day,reservation_time,reservation_price,reservation_user_id,reservation_user_email,reservation_user_name) VALUES ('$company_name',now(),'$year','$week','$day','$time','$price','$user_id','$user_email','$user_name')")or die('<span class="error_span"><u>MySQL error:</u> ' . htmlspecialchars(mysql_error()) . '</span>');
			return(1);
		}
		else
		{
			return('Someone else just reserved this time');
		}
	}
}
function delete_reservation($week, $day, $time)
{
      $company_name = $_SESSION['company_name'];

	if($week < global_week_number && $_SESSION['user_is_admin'] != '1' || $week == global_week_number && $day < global_day_number && $_SESSION['user_is_admin'] != '1')
	{
		return('You can\'t reserve back in time');
	}
	elseif($week > global_week_number + global_weeks_forward && $_SESSION['user_is_admin'] != '1')
	{
		return('You can only reserve ' . global_weeks_forward . ' weeks forward in time');
	}
	else
	{
		$query = mysql_query("SELECT * FROM " . global_mysql_reservations_table . " WHERE reservation_week='$week' AND reservation_day='$day' AND reservation_time='$time' AND company_name='$company_name'")or die('<span class="error_span"><u>MySQL error:</u> ' . htmlspecialchars(mysql_error()) . '</span>');
		$user = mysql_fetch_array($query);
		if($user['reservation_user_id'] == $_SESSION['user_id'] || $_SESSION['user_is_admin'] == '1')
		{
			mysql_query("DELETE FROM " . global_mysql_reservations_table . " WHERE reservation_week='$week' AND reservation_day='$day' AND reservation_time='$time'")or die('<span class="error_span"><u>MySQL error:</u> ' . htmlspecialchars(mysql_error()) . '</span>');
			return(1);
		}
		else
		{
			return('You can\'t remove other users\' reservations');
		}
	}
}
// Admin control panel
function list_users()
{

	$company_name = $_SESSION['company_name'];

	$query = mysql_query("SELECT * FROM " . global_mysql_users_table . " WHERE company_name='$company_name' ORDER BY user_is_admin DESC, user_name")or die('<span class="error_span"><u>MySQL error:</u> ' . htmlspecialchars(mysql_error()) . '</span>');
	$users = '<table id="users_table"><tr><th>ID</th><th>Admin</th><th>Name</th><th>Email</th><th>Reminders</th><th>Usage</th><th>Cost</th><th></th></tr>';
	while($user = mysql_fetch_array($query))
	{
		$users .= '<tr id="user_tr_' . $user['user_id'] . '"><td><label for="user_radio_' . $user['user_id'] . '">' . $user['user_id'] . '</label></td><td>' . $user['user_is_admin'] . '</td><td><label for="user_radio_' . $user['user_id'] . '">' . $user['user_name'] . '</label></td><td><label for="user_radio_' . $user['user_id'] . '">' . $user['user_email'] . '</label></td><td>' . $user['user_reservation_reminder'] . '</td><td>' . count_reservations($user['user_id']) . '</td><td>' . cost_reservations($user['user_id']) . ' ' . global_currency . '</td><td><input type="radio" name="user_radio" class="user_radio" id="user_radio_' . $user['user_id'] . '" value="' . $user['user_id'] . '"></td></tr>';
	}
	$users .= '</table>';
	return($users);
}
function reset_user_password($user_id)
{
	$password = random_password();
	$password_encrypted = encrypt_password($password);
	mysql_query("UPDATE " . global_mysql_users_table . " SET user_password='$password_encrypted' WHERE user_id='$user_id'")or die('<span class="error_span"><u>MySQL error:</u> ' . htmlspecialchars(mysql_error()) . '</span>');
	if($user_id == $_SESSION['user_id'])
	{
		return(0);
	}
	else
	{
		return('The password to the user with ID ' . $user_id . ' is now "' . $password . '". The user can now log in and change the password');
	}
}
function change_user_permissions($user_id)
{
	if($user_id == $_SESSION['user_id'])
	{
		return('<span class="error_span">Sorry, you can\'t use your superuser powers to remove them</span>');
	}
	else
	{
		mysql_query("UPDATE " . global_mysql_users_table . " SET user_is_admin = 1 - user_is_admin WHERE user_id='$user_id'")or die('<span class="error_span"><u>MySQL error:</u> ' . htmlspecialchars(mysql_error()) . '</span>');
		return(1);
	}
}
function delete_user_data($user_id, $data)
{
	if($user_id == $_SESSION['user_id'] && $data != 'reservations')
	{
		return('<span class="error_span">Sorry, self-destructive behaviour is not accepted</span>');
	}
	else
	{
		if($data == 'reservations')
		{
			mysql_query("DELETE FROM " . global_mysql_reservations_table . " WHERE reservation_user_id='$user_id'")or die('<span class="error_span"><u>MySQL error:</u> ' . htmlspecialchars(mysql_error()) . '</span>');
		}
		elseif($data == 'user')
		{
			mysql_query("DELETE FROM " . global_mysql_users_table . " WHERE user_id='$user_id'")or die('<span class="error_span"><u>MySQL error:</u> ' . htmlspecialchars(mysql_error()) . '</span>');
			mysql_query("DELETE FROM " . global_mysql_reservations_table . " WHERE reservation_user_id='$user_id'")or die('<span class="error_span"><u>MySQL error:</u> ' . htmlspecialchars(mysql_error()) . '</span>');
		}
		return(1);
	}
}
function delete_all($data)
{
	$user_id = $_SESSION['user_id'];
	if($data == 'reservations')
	{
		mysql_query("DELETE FROM " . global_mysql_reservations_table . " WHERE reservation_user_id!='$user_id'")or die('<span class="error_span"><u>MySQL error:</u> ' . htmlspecialchars(mysql_error()) . '</span>');
	}
	elseif($data == 'users')
	{
		mysql_query("DELETE FROM " . global_mysql_users_table . " WHERE user_id!='$user_id'")or die('<span class="error_span"><u>MySQL error:</u> ' . htmlspecialchars(mysql_error()) . '</span>');
		mysql_query("DELETE FROM " . global_mysql_reservations_table . " WHERE reservation_user_id!='$user_id'")or die('<span class="error_span"><u>MySQL error:</u> ' . htmlspecialchars(mysql_error()) . '</span>');
	}
	elseif($data == 'everything')
	{
		mysql_query("DELETE FROM " . global_mysql_users_table . "")or die('<span class="error_span"><u>MySQL error:</u> ' . htmlspecialchars(mysql_error()) . '</span>');
		mysql_query("DELETE FROM " . global_mysql_reservations_table . "")or die('<span class="error_span"><u>MySQL error:</u> ' . htmlspecialchars(mysql_error()) . '</span>');
	}
	return(1);
}
function save_system_configuration($price)
{
	if(validate_price($price) != true)
	{
		return('<span class="error_span">Price must be a number (use . and not , if you want to use decimals)</span>');
	}
	else
	{
		mysql_query("UPDATE " . global_mysql_configuration_table . " SET price='$price'")or die('<span class="error_span"><u>MySQL error:</u> ' . htmlspecialchars(mysql_error()) . '</span>');
	}
	return(1);
}
// User control panel
function get_usage()
{
	$usage = '<table id="usage_table"><tr><th>Reservations</th><th>Cost</th><th>Current price per reservation</th></tr><tr><td>' . count_reservations($_SESSION['user_id']) . '</td><td>' . cost_reservations($_SESSION['user_id']) . ' ' . global_currency . '</td><td>' . global_price . ' ' . global_currency . '</td></tr></table>';
	return($usage);
}
function count_reservations($user_id)
{
	$query = mysql_query("SELECT * FROM " . global_mysql_reservations_table . " WHERE reservation_user_id='$user_id'")or die('<span class="error_span"><u>MySQL error:</u> ' . htmlspecialchars(mysql_error()) . '</span>');
	$count = mysql_num_rows($query);
	return($count);
}
function cost_reservations($user_id)
{
	$query = mysql_query("SELECT * FROM " . global_mysql_reservations_table . " WHERE reservation_user_id='$user_id'")or die('<span class="error_span"><u>MySQL error:</u> ' . htmlspecialchars(mysql_error()) . '</span>');
	$cost = 0;
	while($reservation = mysql_fetch_array($query))
	{
		$cost =+ $cost + $reservation['reservation_price'];
	}
	return($cost);
}
function get_reservation_reminders()
{
	$user_id = $_SESSION['user_id'];
	$query = mysql_query("SELECT * FROM " . global_mysql_users_table . " WHERE user_id='$user_id'")or die('<span class="error_span"><u>MySQL error:</u> ' . htmlspecialchars(mysql_error()) . '</span>');
	$user = mysql_fetch_array($query);
	if($user['user_reservation_reminder'] == 1)
	{
		$return = '<input type="checkbox" id="reservation_reminders_checkbox" checked="checked">';
	}
	else
	{
		$return = '<input type="checkbox" id="reservation_reminders_checkbox">';
	}
	return($return);
}
function get_sms_reminders()
{
	$company_name = $_SESSION['company_name'];

	$query = mysql_query("SELECT * FROM configuration WHERE company ='$company_name'")or die('<span class="error_span"><u>MySQL error:</u> ' . htmlspecialchars(mysql_error()) . '</span>');
	$user = mysql_fetch_array($query);
	if($user['enable_sms'] == 1)
	{
		$return = '<input type="checkbox" id="sms_reminders_checkbox" checked="checked">';
	}
	else
	{
		$return = '<input type="checkbox" id="sms_reminders_checkbox">';
	}
	return($return);
}
function get_email_verification()
{
	$company_name = $_SESSION['company_name'];

	$query = mysql_query("SELECT * FROM configuration WHERE company ='$company_name'")or die('<span class="error_span"><u>MySQL error:</u> ' . htmlspecialchars(mysql_error()) . '</span>');
	$user = mysql_fetch_array($query);
	if($user['enable_email_verification'] == 1)
	{
		$return = '<input type="checkbox" id="email_verification_checkbox" checked="checked">';
	}
	else
	{
		$return = '<input type="checkbox" id="email_verification_checkbox">';
	}
	return($return);
}
function get_email_reminders()
{
    $company_name = $_SESSION['company_name'];

	$query = mysql_query("SELECT * FROM configuration WHERE company ='$company_name'")or die('<span class="error_span"><u>MySQL error:</u> ' . htmlspecialchars(mysql_error()) . '</span>');
	$user = mysql_fetch_array($query);
	if($user['enable_email'] == 1)
	{
		$return = '<input type="checkbox" id="email_reminders_checkbox" checked="checked">';
	}
	else
	{
		$return = '<input type="checkbox" id="email_reminders_checkbox">';
	}
	return($return);
}
function toggle_reservation_reminder()
{
	$user_id = $_SESSION['user_id'];
	mysql_query("UPDATE " . global_mysql_users_table . " SET user_reservation_reminder = 1 - user_reservation_reminder WHERE user_id='$user_id'")or die('<span class="error_span"><u>MySQL error:</u> ' . htmlspecialchars(mysql_error()) . '</span>');
	return(1);
}
function toggle_sms_reminder()
{
	$company_name = $_SESSION['company_name'];

	mysql_query("UPDATE configuration SET enable_sms = 1 - enable_sms WHERE company ='$company_name'")or die('<span class="error_span"><u>MySQL error:</u> ' . htmlspecialchars(mysql_error()) . '</span>');
	return(1);
}
function toggle_email_verification()
{
	$company_name = $_SESSION['company_name'];

	mysql_query("UPDATE configuration SET enable_email_verification = 1 - enable_email_verification WHERE company ='$company_name'")or die('<span class="error_span"><u>MySQL error:</u> ' . htmlspecialchars(mysql_error()) . '</span>');
	return(1);
}
function toggle_email_reminder()
{
	$company_name = $_SESSION['company_name'];
	mysql_query("UPDATE configuration SET enable_email = 1 - enable_email WHERE company ='$company_name'")or die('<span class="error_span"><u>MySQL error:</u> ' . htmlspecialchars(mysql_error()) . '</span>');
	return(1);
}
function change_user_details($user_name, $user_email, $user_password)
{

	$user_id = $_SESSION['user_id'];
	if(validate_user_name($user_name) != true)
	{
		return('<span class="error_span">Name must be <u>letters only</u> and be <u>2 to 12 letters long</u>. If your name is longer, use a short version of your name</span>');
	}
	if(validate_user_email($user_email) != true)
	{
		return('<span class="error_span">Email must be a valid email address and be no more than 50 characters long</span>');
	}
	elseif(validate_user_password($user_password) != true && !empty($user_password))
	{
		return('<span class="error_span">Password must be at least 4 characters</span>');
	}
	elseif(user_name_exists($user_name) == true && $user_name != $_SESSION['user_name'])
	{
		return('<span class="error_span">Name is already in use. If you have the same name as someone else, use another spelling that identifies you</span>');
	}
	elseif(user_email_exists($user_email) == true && $user_email != $_SESSION['user_email'])
	{
		return('<span class="error_span">Email is already registered</span>');
	}
	else
	{
		if(empty($user_password))
		{
			mysql_query("UPDATE " . global_mysql_users_table . " SET user_name='$user_name', user_email='$user_email' WHERE user_id='$user_id'")or die('<span class="error_span"><u>MySQL error:</u> ' . htmlspecialchars(mysql_error()) . '</span>');
		}
		else
		{
			$user_password = encrypt_password($user_password);
			mysql_query("UPDATE " . global_mysql_users_table . " SET user_name='$user_name', user_email='$user_email', user_password='$user_password' WHERE user_id='$user_id'")or die('<span class="error_span"><u>MySQL error:</u> ' . htmlspecialchars(mysql_error()) . '</span>');
		}
		mysql_query("UPDATE " . global_mysql_reservations_table . " SET reservation_user_name='$user_name', reservation_user_email='$user_email' WHERE reservation_user_id='$user_id'")or die('<span class="error_span"><u>MySQL error:</u> ' . htmlspecialchars(mysql_error()) . '</span>');
		$_SESSION['user_name'] = $user_name;
		$_SESSION['user_email'] = $user_email;
		$user_password = strip_salt($user_password);
		setcookie(global_cookie_prefix . '_user_email', $user_email, time() + 3600 * 24 * intval(global_remember_login_days));
		setcookie(global_cookie_prefix . '_user_password', $user_password, time() + 3600 * 24 * intval(global_remember_login_days));
		return(1);
	}
}
function update_sms_details($user_name)
{
	$company_name = $_SESSION['company_name'];

		mysql_query("UPDATE  configuration  SET sms_message='$user_name' WHERE company='$company_name'")or die('<span class="error_span"><u>MySQL error:</u> ' . htmlspecialchars(mysql_error()) . '</span>');

		return(1);

}
function update_email_details($user_name)
{
	$company_name = $_SESSION['company_name'];

		mysql_query("UPDATE  configuration  SET email_message='$user_name' WHERE company='$company_name'")or die('<span class="error_span"><u>MySQL error:</u> ' . htmlspecialchars(mysql_error()) . '</span>');

		return(1);

}
function update_welcome_email_msg($user_name)
{
	$company_name = $_SESSION['company_name'];

		mysql_query("UPDATE  configuration  SET welcome_email_message='$user_name' WHERE company='$company_name'")or die('<span class="error_span"><u>MySQL error:</u> ' . htmlspecialchars(mysql_error()) . '</span>');

		return(1);

}
function get_current_sms_message(){
$company_name = $_SESSION['company_name'];
	$query = mysql_query("SELECT * FROM configuration WHERE company='$company_name'")or die('<span class="error_span"><u>MySQL error:</u> ' . htmlspecialchars(mysql_error()) . '</span>');

	$result = mysql_fetch_array($query);
	if($result['sms_message'] )
$sms_message= $result['sms_message'];
$span_start = ' <span style="color:red">[';
$span_end = ']</span> ';
$sms_message = str_replace("[user_name],", "[user_name],</br>", $sms_message);
$sms_message = str_replace("[appointment_time].", "[appointment_time].</br>", $sms_message);
$sms_message = str_replace("team, ", "team, </br>", $sms_message);
$sms_message = str_replace("[", $span_start, $sms_message);
$sms_message = str_replace("]", $span_end, $sms_message);
return($sms_message);
}
function get_current_email_message(){
   $company_name = $_SESSION['company_name'];

	$query = mysql_query("SELECT * FROM configuration WHERE company='$company_name'")or die('<span class="error_span"><u>MySQL error:</u> ' . htmlspecialchars(mysql_error()) . '</span>');

	$result = mysql_fetch_array($query);
	if($result['email_message'] )
    $email_message= $result['email_message'];

$span_start = ' <span style="color:red">[';
$span_end = ']</span> ';
 $email_message = str_replace("[user_name],", "[user_name],</br>", $email_message);
 $email_message = str_replace("[appointment_time].", "[appointment_time].</br>", $email_message);
 $email_message = str_replace("team, ", "team, </br>", $email_message);
 $email_message = str_replace("[", $span_start, $email_message);
 $email_message = str_replace("]", $span_end, $email_message);

    return($email_message);
}
function get_welcome_email_message(){
$company_name = $_SESSION['company_name'];
	$query = mysql_query("SELECT * FROM configuration WHERE company='$company_name'")or die('<span class="error_span"><u>MySQL error:</u> ' . htmlspecialchars(mysql_error()) . '</span>');

	$result = mysql_fetch_array($query);
	if($result['welcome_email_message'] )
    $welcome_email_message= $result['welcome_email_message'];


$span_start = ' <span style="color:red">[';
$span_end = ']</span> ';
 $welcome_email_message = str_replace("[user_name],", "[user_name],</br>", $welcome_email_message);
 $welcome_email_message = str_replace("[appointment_time].", "[appointment_time].</br>", $welcome_email_message);
 $welcome_email_message = str_replace("team, ", "team, </br>", $welcome_email_message);
 $welcome_email_message = str_replace("[", $span_start, $welcome_email_message);
 $welcome_email_message = str_replace("]", $span_end, $welcome_email_message);


    return($welcome_email_message);
}
function registration_settings($user_name)
{
	$company_name = $_SESSION['company_name'];

		mysql_query("UPDATE  configuration  SET registration='$user_name' WHERE company='$company_name'")or die('<span class="error_span"><u>MySQL error:</u> ' . htmlspecialchars(mysql_error()) . '</span>');

		return(1);

}
function registration_enabling($enable_id)
{
	$company_name = $_SESSION['company_name'];

		mysql_query("UPDATE  configuration  SET registration_enabling='$enable_id' WHERE company='$company_name'")or die('<span class="error_span"><u>MySQL error:</u> ' . htmlspecialchars(mysql_error()) . '</span>');

		return(1);

}
function check_registration_settings_radio(){
   $company_name = $_SESSION['company_name'];
   $anyone=0;
   $secret=0;
   $disable=0;


	$query = mysql_query("SELECT * FROM configuration WHERE company ='$company_name'")or die('<span class="error_span"><u>MySQL error:</u> ' . htmlspecialchars(mysql_error()) . '</span>');
	$user = mysql_fetch_array($query);

	if($user['registration'] == 1){
	$return =
'<input type="radio" id="new_user_registration_anyone" name="reg_radio" checked="checked" />
<label for="new_user_registration_settings" id="anyone" ><span style="top:-11px">Allow anyone to register</span></label></br>
<input type="radio" id="new_user_registration_secret_code" name="reg_radio"   />
<label for="new_user_registration_settings" id="secret_code  ><span style="top:-11px">Set secret registration code</span></label></br>
<input type="radio" id="new_user_registration_disable" name="reg_radio"   />
<label for="new_user_registration_settings" id="disable" ><span style="top:-11px">Disable registration.</span></label></br>';
	}

	else if($user['registration'] == 2){
	$return =
'<input type="radio" id="new_user_registration_anyone" name="reg_radio"   />
<label for="new_user_registration_settings" id="anyone" ><span style="top:-11px">Allow anyone to register</span></label></br>
<input type="radio" id="new_user_registration_secret_code" name="reg_radio"  checked="checked"/>
<label for="new_user_registration_settings" id="secret_code ><span style="top:-11px">Set secret registration code</span></label></br>
<input type="radio" id="new_user_registration_disable" name="reg_radio"  />
<label for="new_user_registration_settings" id="disable" ><span style="top:-11px">Disable registration.</span></label></br>';
	}

else{
$return =
'<input type="radio" id="new_user_registration_anyone"  />
<label for="new_user_registration_settings" id="anyone" ><span style="top:-11px">Allow anyone to register</span></label></br>
<input type="radio" id="new_user_registration_secret_code" />
<label for="new_user_registration_settings" id="secret_code ><span style="top:-11px">Set secret registration code</span></label></br>
<input type="radio" id="new_user_registration_disable"  />
<label for="new_user_registration_settings" id="disable" ><span style="top:-11px">Disable registration.</span></label></br>';
}
	return($return);
}
function check_registration_enabling_radio(){
   $company_name = $_SESSION['company_name'];


	$query = mysql_query("SELECT * FROM configuration WHERE company ='$company_name'")or die('<span class="error_span"><u>MySQL error:</u> ' . htmlspecialchars(mysql_error()) . '</span>');
	$user = mysql_fetch_array($query);

	if($user['registration_enabling'] == 1){
	        $return ='
            <p class="radio_button">
			<input type="radio" id="enable_registration" name="registration_radio" checked="checked" />
			<label for="enable_registration"  >Enable_Registration</label></p>
			<p id="enable_registration_message_p"></p>
			<p class="under_radio_button"> When selected, users must register before the can make a reservation.</br> The reservation table will only be visible
			    to users who have signed up to you reservation service.
			</p>

			<p class="radio_button">
			<input type="radio" id="disable_registration" name="registration_radio"   />
			<label for="disable_registration" id="disabling_registration " >Disable Registration</label></p>
			<p id="disable_registration_message_p"></p>
			<p class="under_radio_button"> This is the alternative option. When selected, user reach your reservation table without signing up to your reservation service.</b> Please note that this means that anonymous clients with knowledge of your unique url or who search for your reservation service through our system will be able to make reservations.
			</p>';
            }
    else{
        $return = '
		    <p class="radio_button">
			<input type="radio" id="enable_registration" name="registration_radio"  />
			<label for="enable_registration"  >Enable_Registration</label></p>
			<p id="enable_registration_message_p"></p>
			<p class="under_radio_button"> When selected, users must register before the can make a reservation.</br> The reservation table will only be visible
			    to users who have signed up to you reservation service.
			</p>

			<p class="radio_button">
			<input type="radio" id="disable_registration" name="registration_radio"  checked="checked"  />
			<label for="disable_registration" id="disabling_registration " >Disable Registration</label></p>
			<p id="disable_registration_message_p"></p>
			<p class="under_radio_button"> This is the alternative option. When selected, user reach your reservation table without signing up to your reservation service.</b> Please note that this means that anonymous clients with knowledge of your unique url or who search for your reservation service through our system will be able to make reservations.
			</p>';
            }
    return($return);
}
function check_who_can_register_radio(){
$company_name = $_SESSION['company_name'];


	$query = mysql_query("SELECT * FROM configuration WHERE company ='$company_name'")or die('<span class="error_span"><u>MySQL error:</u> ' . htmlspecialchars(mysql_error()) . '</span>');
	$user = mysql_fetch_array($query);

	if($user['who_can'] == 0){
	        $return =
			'<p class="radio_button">
			<input type="radio" id="registration_anyone" name="who_can_radio" checked="checked" />
			<label for="registration_anyone" >Anyone</label></p>
			<p class="under_radio_button">This options allows any user to sign up to a business reservation service.</p>

			<p class="radio_button">
			<input type="radio" id="registration_secret" name="who_can_radio"  />
			<label for="registration_secret" >Set secret code</label></p>
			<p class="under_radio_button" style="margin-bottom:0px"> With this option, a six digit secret code is set. Anyone is still allowed to sign up to the reservation service , but they must also enter the secret code.</br> This option is necessary when only users with prior knowledge of the secret code are allowed to sign up.</br> Before you set or update the secret code, make sure the set secret code radio button is enabled. </p>';
			}

    else{
	        $return =
			'<p class="radio_button">
			<input type="radio" id="registration_anyone" name="who_can_radio"  />
			<label for="registration_anyone" >Anyone</label></p>
			<p class="under_radio_button">This options allows any user to sign up to a business reservation service.</p>

			<p class="radio_button">
			<input type="radio" id="registration_secret" name="who_can_radio" checked="checked"  />
			<label for="registration_secret" >Set Secret code</label></p>
			<p class="under_radio_button" style="margin-bottom:0px"> With this option, a six digit secret code is set. Anyone is still allowed to sign up to the reservation service , but they must also enter the secret code.</br> This option is necessary when only users with prior knowledge of the secret code are allowed to sign up.</br> Before you set or update the secret code, make sure the set secret code radio button is enabled.</p>';
			}

	return $return;
}
function get_current_secrect_code(){
if(isset($_SESSION['company_name'])){
$company_name = $_SESSION['company_name'];
}
else
{
$company_name = $_SESSION['login_company_name'];
connect_to_db();
}


	$query = mysql_query("SELECT * FROM configuration WHERE company ='$company_name'")or die('<span class="error_span"><u>MySQL error:</u> ' . htmlspecialchars(mysql_error()) . '</span>');
	$user = mysql_fetch_array($query);

	if($user['who_can'] != 0){
	  return $user['who_can'];
	  }
	 return ('');
}
function update_who_can_register($who_can_id, $who_can_value){
$company_name = $_SESSION['company_name'];

		mysql_query("UPDATE  configuration  SET who_can='$who_can_value' WHERE company='$company_name'")or die('<span class="error_span"><u>MySQL error:</u> ' . htmlspecialchars(mysql_error()) . '</span>');

		return(1);

}
function get_admin_email($company_name){
$query = mysql_query("SELECT * FROM users_table WHERE company_name ='$company_name' AND user_is_admin = '1'")or die('<span class="error_span"><u>MySQL error:</u> ' . htmlspecialchars(mysql_error()) . '</span>');
	$admin_email = mysql_fetch_array($query);

	$email = $admin_email['user_email'];

	return $email;
}
function change_url($new_url)
{
$company_name = $_SESSION['company_name'];

		mysql_query("UPDATE  configuration  SET url ='$new_url' WHERE company='$company_name'")or die('<span class="error_span"><u>MySQL error:</u> ' . htmlspecialchars(mysql_error()) . '</span>');

		return(1);
}
function get_current_url(){
$company_name = $_SESSION['company_name'];
$query = mysql_query("SELECT * FROM configuration WHERE company ='$company_name' ")or die('<span class="error_span"><u>MySQL error:</u> ' . htmlspecialchars(mysql_error()) . '</span>');
	$current_url = mysql_fetch_array($query);

	$url = $current_url['url'];

	return $url;
}
?>