plateforme-tfjm2/server_files/controllers/ajouter_tournoi.php

<?php

if (!isset($_SESSION["role"]) || $_SESSION["role"] != Role::ADMIN)
	require_once "server_files/403.php";

$orgas_response = $DB->query("SELECT `id`, `surname`, `first_name` FROM `users` WHERE (`role` = 'ORGANIZER' OR `role` = 'ADMIN') AND `year` = '$YEAR';");

if (isset($_POST["submitted"])) {
    $error_message = registerTournament();
}

function registerTournament() {
    global $DB, $YEAR, $MAIL_ADDRESS;

    $name = htmlspecialchars($_POST["name"]);

    $result = $DB->query("SELECT `id` FROM `tournaments` WHERE `name` = '" . $name . "' AND `year` = '$YEAR';");
    if ($result->fetch())
        return "Un tournoi existe déjà avec ce nom.";

    if (!isset($_POST["organizer"]) || sizeof($_POST["organizer"]) == 0)
        return "Aucun organisateur n'a été choisi.";

    $organizers = $_POST["organizer"];
    $orga_mails = [];

    foreach ($organizers as $orga) {
		$result = $DB->query("SELECT `role`, `email` FROM `users` WHERE `id` = '" . $orga . "' AND `year` = '$YEAR';");
		$data = $result->fetch();
		if ($data === FALSE)
			return "L'organisateur spécifié n'existe pas.";
		if ($data["role"] != Role::ORGANIZER && $data["role"] != Role::ADMIN)
			return "L'organisateur indiqué ne peut pas organiser de tournoi.";
		$orga_mails[] = $data["email"];
	}

    try {
        $size = intval(htmlspecialchars($_POST["size"]));
    }
    catch (Exception $ex) {
        return "Le nombre d'équipes indiqué n'est pas un entier valide.";
    }

    if ($size < 3 || $size > 12)
        return "Un tournoi doit comporter entre 3 et 12 équipes.";

    $place = htmlspecialchars($_POST["place"]);

    try {
        $price = intval(htmlspecialchars($_POST["price"]));
    }
    catch (Throwable $t) {
        return "Le tarif pour les participants n'est pas un nombre valide.";
    }

    if ($price < 0)
        return "Le TFJM² ne va pas payer les élèves pour venir.";

    if ($price > 50)
        return "Soyons raisonnable sur le prix.";

    $date_start = htmlspecialchars($_POST["date_start"]);
    $date_start_parsed = date_parse_from_format("yyyy-mm-dd", $date_start);

    $date_end = htmlspecialchars($_POST["date_end"]);
    $date_end_parsed = date_parse_from_format("yyyy-mm-dd", $date_end);

    $date_inscription = htmlspecialchars($_POST["date_inscription"]);
    $time_inscription = htmlspecialchars($_POST["time_inscription"]);
    $date_inscription_parsed = date_parse_from_format("yyyy-mm-dd", $date_inscription . ' ' . $time_inscription);

    $date_solutions = htmlspecialchars($_POST["date_solutions"]);
    $time_solutions = htmlspecialchars($_POST["time_solutions"]);
    $date_solutions_parsed = date_parse_from_format("yyyy-mm-dd", $date_solutions . ' ' . $time_solutions);

    $date_syntheses = htmlspecialchars($_POST["date_syntheses"]);
    $time_syntheses = htmlspecialchars($_POST["time_syntheses"]);
    $date_syntheses_parsed = date_parse_from_format("yyyy-mm-dd", $date_syntheses . ' ' . $time_syntheses);

    if (!$date_start_parsed || !$date_end_parsed || !$date_inscription_parsed || !$date_solutions_parsed || !$date_syntheses_parsed)
        return "Une date est mal formée.";

    $description = htmlspecialchars($_POST["description"]);
    
    $final = isset($_POST["final"]) && $_POST["final"];
    
    if ($final && $DB->query("SELECT `id` FROM `tournaments` WHERE `final` = true AND `year` = $YEAR;")->fetch() !== false)
        return "Une finale est déjà enregistrée.";

    $req = $DB->prepare("INSERT INTO `tournaments` (`name`, `size`, `place`, `price`, `description`, 
                           `date_start`, `date_end`, `date_inscription`, `date_solutions`, `date_syntheses`, `final`, `year`)
                           VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?);");
    $req->execute([$name, $size, $place, $price, $description, $date_start, $date_end,
        "$date_inscription $time_inscription", "$date_solutions $time_solutions", "$date_syntheses $time_syntheses", $final, $YEAR]);

    $req = $DB->query("SELECT `id` FROM `tournaments` WHERE `name` = '$name' AND `year` = $YEAR;");
    $tournament_id = $req->fetch()["id"];

    foreach ($organizers as $orga) {
        $req = $DB->prepare("INSERT INTO `organizers`(`organizer`, `tournament`) VALUES(?, ?);");
        $req->execute([$orga, $tournament_id]);
    }

    foreach ($orga_mails as $orga_mail)
        mail($orga_mail, "Organisateur TFJM² " . $name, "Vous venez d'être promu organisateur du tournoi " . $name . " pour le TFJM² $YEAR !", "From: $MAIL_ADDRESS");

    return false;
}

require_once "server_files/views/ajouter_tournoi.php";
Séparation vue et contrôleur 2019-09-06 11:48:50 +00:00			`<?php`

Utilisation des nouvelles classes, amélioration du code 2019-09-06 23:33:05 +00:00			`if (!isset($_SESSION["role"]) \|\| $_SESSION["role"] != Role::ADMIN)`
Utilisation d'un dispatcher pour gérer les redirections 2019-09-07 11:42:36 +00:00			`require_once "server_files/403.php";`
Séparation vue et contrôleur 2019-09-06 11:48:50 +00:00
			$orgas_response = $DB->query("SELECT `id`, `surname`, `first_name` FROM `users` WHERE (`role` = 'ORGANIZER' OR `role` = 'ADMIN') AND `year` = '$YEAR';");

			`if (isset($_POST["submitted"])) {`
			`$error_message = registerTournament();`
			`}`

			`function registerTournament() {`
			`global $DB, $YEAR, $MAIL_ADDRESS;`

			`$name = htmlspecialchars($_POST["name"]);`

			$result = $DB->query("SELECT `id` FROM `tournaments` WHERE `name` = '" . $name . "' AND `year` = '$YEAR';");
			`if ($result->fetch())`
			`return "Un tournoi existe déjà avec ce nom.";`

			`if (!isset($_POST["organizer"]) \|\| sizeof($_POST["organizer"]) == 0)`
			`return "Aucun organisateur n'a été choisi.";`

			`$organizers = $_POST["organizer"];`
			`$orga_mails = [];`

			`foreach ($organizers as $orga) {`
			$result = $DB->query("SELECT `role`, `email` FROM `users` WHERE `id` = '" . $orga . "' AND `year` = '$YEAR';");
			`$data = $result->fetch();`
			`if ($data === FALSE)`
			`return "L'organisateur spécifié n'existe pas.";`
Utilisation des nouvelles classes, amélioration du code 2019-09-06 23:33:05 +00:00			`if ($data["role"] != Role::ORGANIZER && $data["role"] != Role::ADMIN)`
Séparation vue et contrôleur 2019-09-06 11:48:50 +00:00			`return "L'organisateur indiqué ne peut pas organiser de tournoi.";`
			`$orga_mails[] = $data["email"];`
			`}`

			`try {`
			`$size = intval(htmlspecialchars($_POST["size"]));`
			`}`
			`catch (Exception $ex) {`
			`return "Le nombre d'équipes indiqué n'est pas un entier valide.";`
			`}`

			`if ($size < 3 \|\| $size > 12)`
			`return "Un tournoi doit comporter entre 3 et 12 équipes.";`

			`$place = htmlspecialchars($_POST["place"]);`

			`try {`
			`$price = intval(htmlspecialchars($_POST["price"]));`
			`}`
			`catch (Throwable $t) {`
			`return "Le tarif pour les participants n'est pas un nombre valide.";`
			`}`

			`if ($price < 0)`
			`return "Le TFJM² ne va pas payer les élèves pour venir.";`

			`if ($price > 50)`
			`return "Soyons raisonnable sur le prix.";`

			`$date_start = htmlspecialchars($_POST["date_start"]);`
			`$date_start_parsed = date_parse_from_format("yyyy-mm-dd", $date_start);`

			`$date_end = htmlspecialchars($_POST["date_end"]);`
			`$date_end_parsed = date_parse_from_format("yyyy-mm-dd", $date_end);`

			`$date_inscription = htmlspecialchars($_POST["date_inscription"]);`
			`$time_inscription = htmlspecialchars($_POST["time_inscription"]);`
			`$date_inscription_parsed = date_parse_from_format("yyyy-mm-dd", $date_inscription . ' ' . $time_inscription);`

			`$date_solutions = htmlspecialchars($_POST["date_solutions"]);`
			`$time_solutions = htmlspecialchars($_POST["time_solutions"]);`
			`$date_solutions_parsed = date_parse_from_format("yyyy-mm-dd", $date_solutions . ' ' . $time_solutions);`

			`$date_syntheses = htmlspecialchars($_POST["date_syntheses"]);`
			`$time_syntheses = htmlspecialchars($_POST["time_syntheses"]);`
			`$date_syntheses_parsed = date_parse_from_format("yyyy-mm-dd", $date_syntheses . ' ' . $time_syntheses);`

			`if (!$date_start_parsed \|\| !$date_end_parsed \|\| !$date_inscription_parsed \|\| !$date_solutions_parsed \|\| !$date_syntheses_parsed)`
			`return "Une date est mal formée.";`

			`$description = htmlspecialchars($_POST["description"]);`

			`$final = isset($_POST["final"]) && $_POST["final"];`

			if ($final && $DB->query("SELECT `id` FROM `tournaments` WHERE `final` = true AND `year` = $YEAR;")->fetch() !== false)
			`return "Une finale est déjà enregistrée.";`

			$req = $DB->prepare("INSERT INTO `tournaments` (`name`, `size`, `place`, `price`, `description`,
			`date_start`, `date_end`, `date_inscription`, `date_solutions`, `date_syntheses`, `final`, `year`)
			`VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?);");`
			`$req->execute([$name, $size, $place, $price, $description, $date_start, $date_end,`
			`"$date_inscription $time_inscription", "$date_solutions $time_solutions", "$date_syntheses $time_syntheses", $final, $YEAR]);`

			$req = $DB->query("SELECT `id` FROM `tournaments` WHERE `name` = '$name' AND `year` = $YEAR;");
			`$tournament_id = $req->fetch()["id"];`

			`foreach ($organizers as $orga) {`
			$req = $DB->prepare("INSERT INTO `organizers`(`organizer`, `tournament`) VALUES(?, ?);");
			`$req->execute([$orga, $tournament_id]);`
			`}`

			`foreach ($orga_mails as $orga_mail)`
			`mail($orga_mail, "Organisateur TFJM² " . $name, "Vous venez d'être promu organisateur du tournoi " . $name . " pour le TFJM² $YEAR !", "From: $MAIL_ADDRESS");`

			`return false;`
			`}`

Utilisation d'un dispatcher pour gérer les redirections 2019-09-07 11:42:36 +00:00			`require_once "server_files/views/ajouter_tournoi.php";`