function showEventBrief($idEvent, $showRelationship = true)
{
    if (!isUserLoggedIn()) {
        throw new RuntimeException("You need to be logged in.");
    }
    if (!canSeeEvent($_SESSION["userid"], $idEvent)) {
        throw new RuntimeException("You do not have access to this event.");
    }
    $event = getEvent($idEvent);
    $canEdit = isUserLoggedIn() && $event["owner"] === getUserID();
    echo '<div class="event_brief" id="event' . $idEvent . '">';
    echo '<div class="name"><a href="view_event.php?id=' . $idEvent . '">';
    echo '<h2>' . htmlspecialchars($event["name"]) . '</h2>';
    echo '</a></div>';
    if ($showRelationship) {
        if ($canEdit) {
            echo '<div class="owner"></div>';
        } else {
            if (isUserRegisteredInEvent(getUserID(), $idEvent)) {
                echo '<div class="registered"></div>';
            } else {
                echo '<div class="not_registered"></div>';
            }
        }
    }
    echo '<img src="database/event_image.php?id=' . $idEvent . '" alt="' . htmlspecialchars($event["name"]) . '" width="64" height="64" />';
    echo '<div class="description">';
    echo '<p class="description">' . htmlspecialchars($event["description"]) . '</p>';
    echo '</div>';
    echo '<datetime>' . htmlspecialchars($event["date"]) . '</datetime>';
    echo '</div>';
}

function getMeeting($u_ID, $year, $level)
{
    $query = mysql_query("select distinct meeting.meeting from content, event, content_user, meeting where content_user.u_ID = '{$u_ID}' and content_user.c_ID = content.c_ID and content.e_ID = event.e_ID and event.m_ID = meeting.m_ID and meeting.year = '{$year}' order by meeting.meeting asc");
    while ($ans = mysql_fetch_array($query)) {
        if ($level > 1) {
            getEvent($ans['meeting'], $u_ID, $level);
        }
    }
}

function showResults()
{
    #----------------------------------------------------------------------
    global $chosenEventId, $chosenRegionId, $chosenYears, $chosenShow, $chosenSingle, $chosenAverage;
    #--- Try the cache
    tryCache('event', $chosenEventId, preg_replace('/ /', '', $chosenRegionId), $chosenYears, preg_replace('/ /', '', $chosenShow), $chosenSingle, $chosenAverage);
    #------------------------------
    # Prepare stuff for the query.
    #------------------------------
    $eventCondition = eventCondition();
    $yearCondition = yearCondition();
    $regionCondition = regionCondition('result');
    $limitCondition = '';
    if (preg_match('/^10+/', $chosenShow, $matches)) {
        $limitNumber = $matches[0];
        $limitCondition = 'LIMIT ' . 2 * $limitNumber;
    }
    $valueSource = $chosenAverage ? 'average' : 'best';
    $valueName = $chosenAverage ? 'Average' : 'Single';
    #------------------------------
    # Get results from database.
    #------------------------------
    if ($chosenShow == 'By Region') {
        require 'includes/events_regions.php';
        return;
    }
    if ($chosenShow == '100 Results' || $chosenShow == '1000 Results') {
        require 'includes/events_results.php';
    } else {
        require 'includes/events_persons.php';
    }
    #------------------------------
    # Show the table.
    #------------------------------
    startTimer();
    $event = getEvent($chosenEventId);
    tableBegin('results', 6);
    tableCaption(true, spaced(array($event['name'], chosenRegionName(), $chosenYears, $chosenShow)));
    $headerSources = $chosenAverage ? 'Result Details' : '';
    tableHeader(explode('|', "Rank|Person|Result|Citizen of|Competition|{$headerSources}"), array(0 => "class='r'", 2 => "class='R2'", 5 => 'class="f"'));
    $ctr = 0;
    foreach ($results as $result) {
        extract($result);
        $ctr++;
        $no = isset($previousValue) && $value == $previousValue ? ' ' : $ctr;
        if ($limitCondition && $no > $limitNumber) {
            break;
        }
        tableRow(array($no, personLink($personId, $personName), formatValue($value, $event['format']), htmlEntities($countryName), competitionLink($competitionId, $competitionName), formatAverageSources($chosenAverage, $result, $event['format'])));
        $previousValue = $value;
    }
    tableEnd();
    stopTimer("printing the table");
}

/**
 * Created by PhpStorm.
 * User: andry
 * Date: 13.01.16
 * Time: 16:48
 */
function ajax()
{
    switch ($_GET['action']) {
        case 'getEvent':
            $arr = getEvent();
            echo $arr;
            break;
        default:
            break;
    }
}

function getMeeting($u_ID, $year, $level)
{
    $query = mysql_query("select distinct meeting.meeting from content, event, content_user, meeting where content_user.u_ID = '{$u_ID}' and content_user.c_ID = content.c_ID and content.e_ID = event.e_ID and event.m_ID = meeting.m_ID and meeting.year = '{$year}'");
    while ($ans = mysql_fetch_array($query)) {
        echo "<div style='border:1px solid #000;padding:5px 15px;margin-top:5px'>";
        echo "<h3 style='margin:10px'>" . $year . "-第" . $ans['meeting'] . "次校长办公会" . "</h3>";
        if ($level > 1) {
            getEvent($ans['meeting'], $u_ID, $level);
        }
        echo "</div>";
    }
}

 public static function find($id)
 {
     $event_query = getEvent($id);
     $event = new Event();
     $event->setId($event_query["id"]);
     $event->setDate($event_query["date"]);
     $event->setDescription($event_query["description"]);
     $event->setName($event_query["name"]);
     $event->setPublic($event_query["public"]);
     $event->setOwner($event_query["owner"]);
     $event->setImagePath($event_query["imagePath"]);
     return $event;
 }

function getMeeting($u_ID, $year, $level)
{
    $query = mysql_query("select distinct meeting.meeting from content, event, content_user, meeting where content_user.u_ID = '{$u_ID}' and content_user.c_ID = content.c_ID and content.e_ID = event.e_ID and event.m_ID = meeting.m_ID and meeting.year = '{$year}'");
    while ($ans = mysql_fetch_array($query)) {
        echo "<tr>";
        echo "<td colspan='11'>";
        echo "<h3 style='margin:10px'>" . $year . "-第" . $ans['meeting'] . "次校长办公会" . "</h3>";
        if ($level > 1) {
            getEvent($ans['meeting'], $u_ID, $level);
        }
        echo "</td>";
        echo "</tr>";
    }
}

function getMeeting($u_ID, $year, $level)
{
    $query = mysql_query("select distinct meeting.meeting,meeting.m_ID from content, event, content_user, meeting where content_user.u_ID = '{$u_ID}' and content_user.c_ID = content.c_ID and content.e_ID = event.e_ID and event.m_ID = meeting.m_ID and meeting.year = '{$year}' order by meeting.meeting asc");
    while ($ans = mysql_fetch_array($query)) {
        $result = getMeetingCompletion($ans['m_ID']);
        $mid = $ans['m_ID'];
        echo "<tr>";
        echo "<td><div class='container-fluid'><div class='row'>";
        echo "<div class='col-lg-12 lv-meeting' style='background-color:rgb(128,185,188); border-radius:0.5em; padding:5px;'><span style='font-size:1.5em;'>" . $year . "-第" . $ans['meeting'] . "次校长办公会" . "</span><span class='pull-right' style='padding:5px;'>实际完成率：{$result['0']}%;&nbsp;&nbsp;&nbsp;参考完成率: {$result['1']}%;</span></div>";
        getEvent($ans['meeting'], $u_ID, $level);
        echo "</div></div></td>";
        echo "</tr>";
    }
}

function showEventDetails()
{
    $EventID = $_GET['EventID'];
    if (!isset($EventID)) {
        $errorMessage = 'You must provide an EventID to display.';
        include '../view/404.php';
    } else {
        $row = getEvent($EventID);
        if ($row == FALSE) {
            $errorMessage = 'No event was found.';
            include '../view/404.php';
        } else {
            include '../view/eventDetails.php';
        }
    }
}

function g_cal_updateEvent($client, $eventEditUrl, $title = '', $desc = '', $where = '', $startDate = '', $endDate = '')
{
    $gdataCal = new Zend_Gdata_Calendar($client);
    if ($eventOld = $gdataCal->getEvent($eventId)) {
        echo "Old title: " . $eventOld->title->text . "<br />\n";
        $eventOld->title = $gdataCal->newTitle($newTitle);
        try {
            $eventOld->save();
        } catch (Zend_Gdata_App_Exception $e) {
            var_dump($e);
            return null;
        }
        $eventNew = getEvent($client, $eventId);
        echo "New title: " . $eventNew->title->text . "<br />\n";
        return $eventNew;
    } else {
        return null;
    }
}

<?php

session_start();
include_once "database/events.php";
$id = $_GET['id'];
$event = getEvent($id);
if (isset($_SESSION['username'])) {
    if ($_SESSION['username'] == 'admin' || $_SESSION['username'] == $event['creator']) {
        deleteEvent($id, $_SESSION['username']);
    }
}
header('Location: ' . './list_events.php');

     $out = register($_POST['email'], $_POST['password'], $_POST['nickname']);
     break;
 case 'getRowById':
     $out = getRowById($_POST['table'], $_POST['id']);
     break;
 case 'getRowByColumn':
     $out = getRowByColumn($_POST['table'], $_POST['source_column'], $_POST['value']);
     break;
 case 'getColumnByColumn':
     $out = getColumnByColumn($_POST['table'], $_POST['source_column'], $_POST['value'], $_POST['returned_column']);
     break;
 case 'addEvent':
     $out = addEvent($_POST['id_sport'], $_POST['id_location'], $_POST['date'], $_POST['time'], $_POST['description'], $_POST['id_user']);
     break;
 case 'getEvent':
     $out = getEvent($_POST['id_sport'], $_POST['id_location'], $_POST['date']);
     break;
 case 'getHistoryForPlayer':
     $out = getHistoryForPlayer($_POST['id_user']);
     break;
 case 'getUpcomingEvents':
     $out = getUpcomingEvents($_POST['id_user']);
     break;
 case 'getEventBySportName':
     $out = getEventBySportName($_POST['name_sport'], $_POST['name_location'], $_POST['date']);
     break;
 case 'getNewEventsForUser':
     $out = getNewEventsForUser($_POST['id_user']);
     break;
 case 'updateChatForEvent':
     $out = updateChatForEvent($_POST['id_event'], $_POST['chat']);

    $authenticatedMachines = $stmt->fetchAll();
    return $authenticatedMachines;
}
$sanitizer = Sanitizer::getInstance();
$username = $sanitizer->filterString('username');
$password = $sanitizer->filterString('password');
$isStaff = $sanitizer->filterString('fullrequest');
try {
    Session::checkCredentials($username, $password);
    $user = User::getUser($username);
} catch (\libAllure\UserNotFoundException $e) {
    apiReturn('reject-authentication', 'User not found');
} catch (\libAllure\IncorrectPasswordException $e) {
    apiReturn('reject-authentication', 'Password is incorrect');
}
$event = getEvent();
$signupStatus = getSignupStatus($user->getId(), $event['id']);
switch ($signupStatus) {
    case 'PAID':
        $authenticatedMachines = getAuthenticatedMachines($user->getId(), $event['id']);
        $sql = 'SELECT s.numberMachinesAllowed FROM signups s WHERE s.user = :user AND s.event = :event';
        $stmt = DatabaseFactory::getInstance()->prepare($sql);
        $stmt->bindValue(':user', $user->getId());
        $stmt->bindValue(':event', $event['id']);
        $stmt->execute();
        $signup = $stmt->fetchRowNotNull();
        if (count($authenticatedMachines) >= $signup['numberMachinesAllowed']) {
            apiReturn('reject-overuse');
        } else {
            $sql = 'INSERT INTO authenticated_machines (user, event, seat, ip, hostname, mac) VALUES (:user, :event, :seat, :ip, :hostname, :mac)';
            $stmt = DatabaseFactory::getInstance()->prepare($sql);

         //RESPONSE \"([[:ascii:]]+?)\" \"([[:ascii:]]+?)\"
         $F = getParameters($front);
         $D = getParameters($data);
         $State['IdArray_Token'] = $D[0];
         $State['IdArray_base64'] = $D[1];
         $State['IdArray'] = unpack("N*", base64_decode($D[1]));
         $musicDB = new MusicDB();
         CheckPlaylist($musicDB);
         $musicDB->close();
     }
     Send("");
     $DataHandled = true;
 } elseif (strpos($data, "EVENT ") !== false) {
     // EVENTs are sent by Your linn - those that were subscribed
     // to. We think the below ones are interesting....
     $E = getEvent($data);
     if (strpos($data, "EVENT " . $SubscribeType['Ds/Product']) !== false) {
         if (strpos($data, "SourceIndex ") !== false) {
             $State['SourceIndex'] = $E[SourceIndex];
         }
         if (strpos($data, "ProductModel ") !== false) {
             $State['ProductModel'] = $E[ProductModel];
         }
         if (strpos($data, "ProductName ") !== false) {
             $State['ProductName'] = $E[ProductName];
         }
         if (strpos($data, "ProductRoom ") !== false) {
             $State['ProductRoom'] = $E[ProductRoom];
         }
         if (strpos($data, "ProductType ") !== false) {
             $State['ProductType'] = $E[ProductType];

require INCLUDES_PATH . "/edit_event_image_action.php";
try {
    if (!isset($_GET["id"])) {
        http_response_code(400);
        showError('Missing event ID.');
    } else {
        if (!isUserLoggedIn()) {
            http_response_code(403);
            showError('You need to login to view this event.');
        } else {
            if (!canSeeEvent($_SESSION["userid"], $_GET["id"])) {
                http_response_code(403);
                showError('You do not have access to this event.');
            } else {
                $idEvent = $_GET["id"];
                $event = getEvent($idEvent);
                $canEdit = isUserLoggedIn() && $event["owner"] === getUserID();
                echo '<div class="event" id="event' . $idEvent . '">';
                if ($canEdit) {
                    echo '<a href="delete_event.php?id=' . $idEvent . '&amp;csrf_token=' . rawurlencode($_SESSION['csrf_token']) . '" class="delete" id="delete_event" onclick="return confirm(\'Are you sure you want to delete this event?\');"><div alt="Delete Event"></div></a>';
                    $public = $event["public"];
                    if ($public) {
                        echo '<a href="change_event_privacy.php?id=' . $idEvent . '&action=0&csrf_token=' . rawurlencode($_SESSION['csrf_token']) . '" class="change_privacy public" id="change_privacy"><div alt="Change Event Privacy"></div><p class="description">Make me private</p></a>';
                    } else {
                        echo '<a href="change_event_privacy.php?id=' . $idEvent . '&action=1&csrf_token=' . rawurlencode($_SESSION['csrf_token']) . '" class="change_privacy private" id="change_privacy"><div alt="Change Event Privacy"></div><p class="description">Make me public</p></a>';
                    }
                    echo '<div class="registration owner"></div>';
                    echo '<form class="invite_user" action="invite_user.php" method="get">';
                    echo '<input type="hidden" name="csrf_token" value="' . $_SESSION['csrf_token'] . '" />';
                    echo '<input type="hidden" name="idEvent" value="' . $idEvent . '" />';
                    echo '<input type="text" value="" placeholder="Invite user" name="invited_username" required/>';

<?php

session_start();
require_once "../../inc/config.php";
require_once ROOT_PATH . "inc/database.php";
include ROOT_PATH . "inc/header.php";
// TODO: clean $_GET["event_id"];
$event = getEvent($_GET["event_id"]);
$admin = getUser($_SESSION["user_id"]);
if ($_SERVER["REQUEST_METHOD"] == "POST") {
    // process the event deletion
    if (password_verify($_POST["admin_password"], $admin["password"])) {
        deleteEvent($event["event_id"]);
        $_SESSION["delete"] = true;
    } else {
        $_SESSION["incorrect-password"] = true;
    }
    header("Location:/admin/events/delete/" . $event["event_id"]);
} else {
    ?>
<html>
<?php 
    include ROOT_PATH . "inc/head.php";
    ?>
<body>
  <div class="wrapper content">
    <div class="row">
      <nav class="col-20">
        <ul class="side-nav">
          <li><a href="/admin/users/">User Accounts</a></li>
          <li class="selected">

<?php

require_once 'connect.php';
require_once 'mailer.php';
$post = file_get_contents("php://input");
$postData = json_decode($post, true);
$data['result'] = false;
$data['postData'] = $postData;
if (isset($postData['choice']) && !empty($postData['choice']) && isset($postData['choiceId']) && !empty($postData['choiceId']) && isset($postData['event_date_id']) && !empty($postData['event_date_id']) && isset($postData['event_id']) && !empty($postData['event_id'])) {
    $choice = $postData['choice'];
    $choiceId = $postData['choiceId'];
    $event_date_id = $postData['event_date_id'];
    if ($choice == 1 || $choice == 2 || $choice == 3) {
        $event = getEvent($postData['event_id']);
        if ($event) {
            $qry = "UPDATE \n\t\t\t\t\t\tdate_userchoice\n\t\t\t\t\tSET\n\t\t\t\t\t\tchoice = '" . mysqli_real_escape_string($connection, $choice) . "'\n\t\t\t\t\tWHERE \n\t\t\t\t\t\tid = '" . mysqli_real_escape_string($connection, $choiceId) . "'\n\t\t\t\t\tAND\n\t\t\t\t\t\tevent_date_id = '" . mysqli_real_escape_string($connection, $event_date_id) . "'";
            $result = mysqli_query($connection, $qry);
            if ($result) {
                $data['result'] = true;
                if (allUsersMadeChoice($event['id'])) {
                    $creatorOfEvent = getCreatorOfEvent($event['id']);
                    if ($creatorOfEvent) {
                        $html = '
						Hoi ' . $creatorOfEvent['name'] . ',<br>
						Iedereen heeft een datum gekozen voor je evenement <b>' . $event['name'] . '</b><br>
						<a href="http://www.tengwerda.nl/prikkr/#/event/overview/' . $event['code'] . '/' . $creatorOfEvent['code'] . '">Bekijk welke geschikte datum(s) er zijn!</a>.<br>
						';
                        mailIt($creatorOfEvent['email'], 'De stemmen zijn geteld voor "' . $creatorOfEvent['name'] . '" op Prikkr', $html);
                    }
                }
            }

/**
 * Deletes the event specified by retrieving the atom entry object
 * and calling Zend_Feed_EntryAtom::delete() method.  This is for
 * example purposes only, as it is inefficient to retrieve the entire
 * atom entry only for the purposes of deleting it.
 *
 * @param  Zend_Http_Client $client  The authenticated client object
 * @param  string           $eventId The event ID string
 * @return void
 */
function deleteEventById(Zend_Http_Client $client, $eventId)
{
    $event = getEvent($client, $eventId);
    $event->delete();
}

/**
 * Deletes the event specified by retrieving the atom entry object
 * and calling Zend_Feed_EntryAtom::delete() method.  This is for
 * example purposes only, as it is inefficient to retrieve the entire
 * atom entry only for the purposes of deleting it.
 *
 * @param Zend_Http_Client $client The authenticated client object
 * @param string $eventId The event ID string
 * @return void
 */
function deleteEventById($client, $eventId)
{
    $event = getEvent($client, $eventId);
    $event->delete();
}

 $stmt->execute();
 $result = $stmt->get_result();
 $results = array();
 while ($row = $result->fetch_assoc()) {
     array_push($results, $row);
 }
 $follows = array_reverse($results);
 for ($i = 0; $i < 5; $i++) {
     echo '<div class="row">';
     echo '<div class="col s6">';
     echo '<p class="left-align">';
     if (@$goingTo[$i]['userID'] != NULL) {
         $uID = $goingTo[$i]['userID'];
         echo '<i class="mdi-hardware-keyboard-tab"></i>
         &nbsp&nbsp' . getName($uID) . ' ' . (getName($uID) == "You" ? "are" : "is") . ' 
         going to <a href="event.php?id=' . $goingTo[$i]['eventID'] . '">' . getEvent($goingTo[$i]['eventID'])['name'] . "</a>";
     }
     echo '</p>';
     echo '</div>';
     echo '<div class="col s6">';
     echo '<p class="right-align">';
     if (@$follows[$i]['User1'] != NULL) {
         $row = $follows[$i];
         echo getName($row['User1']) . " followed " . getName($row['User2']) . "&nbsp&nbsp\n              <i class=\"mdi-social-person-add\"></i></p>";
     }
     echo '</p>';
     echo '</div>';
     echo '</div>';
 }
 echo '</div>
           </div>