plateforme-tfjm2/server_files/ajouter_tournoi.php

<?php

include 'config.php';

$orgas_response = $DB->query("SELECT `id`, `surname`, `first_name` FROM `users` WHERE (`role` = 'ORGANIZER' OR `role` = 'ADMIN') AND `year` = '$YEAR';");

if (isset($_POST["submitted"])) {
    $error_message = registerTournament();
}

function registerTournament() {
    global $DB, $YEAR, $MAIL_ADDRESS;

    $name = htmlspecialchars($_POST["name"]);

    $result = $DB->query("SELECT `id` FROM `tournaments` WHERE `name` = '" . $name . "' AND `year` = '$YEAR';");
    if ($result->fetch())
        return "Un tournoi existe déjà avec ce nom.";

    try {
        $organizer_id = intval(htmlspecialchars($_POST["organizer"]));
    }
    catch (Exception $ex) {
        return "Un problème a eu lieu concernant le choix de l'organisateur. Merci de ne pas formuler vous-même vos requêtes.";
    }

    $result = $DB->query("SELECT `role`, `email` FROM `users` WHERE `id` = '" . $organizer_id . "' AND `year` = '$YEAR';");
    $data = $result->fetch();
    if ($data === FALSE)
        return "L'organisateur spécifié n'existe pas.";
    if ($data["role"] != "ORGANIZER" && $data["role"] != "ADMIN")
        return "L'organisateur indiqué ne peut pas organiser de tournoi.";
    $organize_mail = $data["email"];

    try {
        $size = intval(htmlspecialchars($_POST["size"]));
    }
    catch (Exception $ex) {
        return "Le nombre d'équipes indiqué n'est pas un entier valide.";
    }

    if ($size < 3 || $size > 12)
        return "Un tournoi doit comporter entre 3 et 12 équipes.";

    $place = htmlspecialchars($_POST["place"]);

    try {
        $price = intval(htmlspecialchars($_POST["price"]));
    }
    catch (Throwable $t) {
        return "Le tarif pour les participants n'est pas un nombre valide.";
    }

    if ($price < 0)
        return "Le TFJM² ne va pas payer les élèves pour venir.";

    if ($price > 50)
        return "Soyons raisonnable sur le prix.";

    $date_start = htmlspecialchars($_POST["date_start"]);
    $date_start_parsed = date_parse_from_format("yyyy-mm-dd", $date_start);

    $date_end = htmlspecialchars($_POST["date_end"]);
    $date_end_parsed = date_parse_from_format("yyyy-mm-dd", $date_end);

    $date_inscription = htmlspecialchars($_POST["date_inscription"]);
    $time_inscription = htmlspecialchars($_POST["time_inscription"]);
    $date_inscription_parsed = date_parse_from_format("yyyy-mm-dd", $date_inscription . ' ' . $time_inscription);

    $date_solutions = htmlspecialchars($_POST["date_solutions"]);
    $time_solutions = htmlspecialchars($_POST["time_solutions"]);
    $date_solutions_parsed = date_parse_from_format("yyyy-mm-dd", $date_solutions . ' ' . $time_solutions);

    $date_syntheses = htmlspecialchars($_POST["date_syntheses"]);
    $time_syntheses = htmlspecialchars($_POST["time_syntheses"]);
    $date_syntheses_parsed = date_parse_from_format("yyyy-mm-dd", $date_syntheses . ' ' . $time_syntheses);

    if (!$date_start_parsed || !$date_end_parsed || !$date_inscription_parsed || !$date_solutions_parsed || !$date_syntheses_parsed)
        return "Une date est mal formée.";

    $description = htmlspecialchars($_POST["description"]);

    $req = $DB->prepare("INSERT INTO `tournaments` (`name`, `organizer`, `size`, `place`, `description`, 
                           `date_start`, `date_end`, `date_inscription`, `date_solutions`, `date_syntheses`, `year`) 
                           VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?);");
    $result = $req->execute([$name, $organizer_id, $size, $place, $description, $date_start, $date_end,
        "$date_inscription $time_inscription", "$date_solutions $time_solutions", "$date_syntheses $time_syntheses", $YEAR]);

    mail($organize_mail, "Organisateur TFJM² " . $name, "Vous venez d'être promu organisateur du tournoi " . $name . " pour le TFJM² $YEAR !", "From: $MAIL_ADDRESS");

    return false;
}

?>

<?php include "header.php" ?>

<?php

if (!isset($_SESSION["role"]) or $_SESSION["role"] != "ADMIN") {
?>
<h2>Vous n'êtes pas autorisé à accéder à cette page.</h2>
<?php } else { ?>

<?php if (isset($error_message)) {
        if ($error_message !== false) {
            echo "<h2>Erreur : " . $error_message . "</h2>";
        } else {
            echo "<h2>Tournoi de " . htmlspecialchars($_POST["name"]) . " ajouté avec succès !</h2>";
        }
    }?>

<form method="POST">
    <input type="hidden" name="submitted" value="true" />
    <table>
        <tbody>
            <tr>
                <td>
                    <label for="name">Nom :</label>
                </td>
                <td>
                    <input type="text" id="name" name="name" />
                </td>
            </tr>
            <tr>
                <td>
                    <label for="organizer">Organisateur :</label>
                </td>
                <td>
                    <select id="organizer" name="organizer">
                    <?php
                    while (($data = $orgas_response->fetch()) !== FALSE) {
                        echo "<option value=\"" . $data["id"] . "\">" . $data["first_name"] . " " . $data["surname"] . "</option>\n";
                    }
                    ?>
                    </select>
                </td>
            </tr>
            <tr>
                <td>
                    <label for="size">Nombre d'équipes :</label>
                </td>
                <td>
                    <input type="number" id="size" name="size" min="3" max="12" value="6" />
                </td>
            </tr>
            <tr>
                <td>
                    <label for="place">Lieu :</label>
                </td>
                <td>
                    <input type="text" id="place" name="place" />
                </td>
            </tr>
            <tr>
                <td>
                    <label for="price">Prix par participant</label>
                </td>
                <td>
                    <input type="number" id="price" name="price" min="0" max="21" value="21" />
                </td>
            </tr>
            <tr>
                <td>
                    <label for="date_start">Dates :</label>
                </td>
                <td>
                    Du <input type="date" id="date_start" name="date_start" /> au <input type="date" id="date_end" name="date_end" />
                </td>
            </tr>
            <tr>
                <td>
                    <label for="date_inscription">Date limite d'inscription :</label>
                </td>
                <td>
                    <input type="date" id="date_inscription" name="date_inscription" />
                    <input type="time" id="time_inscription" name="time_inscription" />
                </td>
            </tr>
            <tr>
                <td>
                    <label for="date_solutions">Date limite pour rendre les solutions :</label>
                </td>
                <td>
                    <input type="date" id="date_solutions" name="date_solutions" />
                    <input type="time" id="time_solutions" name="time_solutions" />
                </td>
            </tr>
            <tr>
                <td>
                    <label for="date_syntheses">Date limite pour rendre les notes de synthèse :</label>
                </td>
                <td>
                    <input type="date" id="date_syntheses" name="date_syntheses" />
                    <input type="time" id="time_syntheses" name="time_syntheses" />
                </td>
            </tr>
            <tr>
                <td>
                    <label for="description">Description :</label>
                </td>
                <td>
                    <textarea name="description" id="description"></textarea>
                </td>
            </tr>
            <tr>
                <td>
                    <input type="submit" />
                </td>
            </tr>
        </tbody>
    </table>
</form>

<?php include "footer.php" ?>

<?php } ?>
Initial commit 2019-08-21 20:56:46 +00:00			`<?php`

			`include 'config.php';`

			$orgas_response = $DB->query("SELECT `id`, `surname`, `first_name` FROM `users` WHERE (`role` = 'ORGANIZER' OR `role` = 'ADMIN') AND `year` = '$YEAR';");

			`if (isset($_POST["submitted"])) {`
			`$error_message = registerTournament();`
			`}`

			`function registerTournament() {`
			`global $DB, $YEAR, $MAIL_ADDRESS;`

			`$name = htmlspecialchars($_POST["name"]);`

			$result = $DB->query("SELECT `id` FROM `tournaments` WHERE `name` = '" . $name . "' AND `year` = '$YEAR';");
			`if ($result->fetch())`
			`return "Un tournoi existe déjà avec ce nom.";`

			`try {`
			`$organizer_id = intval(htmlspecialchars($_POST["organizer"]));`
			`}`
			`catch (Exception $ex) {`
			`return "Un problème a eu lieu concernant le choix de l'organisateur. Merci de ne pas formuler vous-même vos requêtes.";`
			`}`

			$result = $DB->query("SELECT `role`, `email` FROM `users` WHERE `id` = '" . $organizer_id . "' AND `year` = '$YEAR';");
			`$data = $result->fetch();`
			`if ($data === FALSE)`
			`return "L'organisateur spécifié n'existe pas.";`
			`if ($data["role"] != "ORGANIZER" && $data["role"] != "ADMIN")`
			`return "L'organisateur indiqué ne peut pas organiser de tournoi.";`
			`$organize_mail = $data["email"];`

			`try {`
			`$size = intval(htmlspecialchars($_POST["size"]));`
			`}`
			`catch (Exception $ex) {`
			`return "Le nombre d'équipes indiqué n'est pas un entier valide.";`
			`}`

			`if ($size < 3 \|\| $size > 12)`
			`return "Un tournoi doit comporter entre 3 et 12 équipes.";`

			`$place = htmlspecialchars($_POST["place"]);`

			`try {`
			`$price = intval(htmlspecialchars($_POST["price"]));`
			`}`
			`catch (Throwable $t) {`
			`return "Le tarif pour les participants n'est pas un nombre valide.";`
			`}`

			`if ($price < 0)`
			`return "Le TFJM² ne va pas payer les élèves pour venir.";`

			`if ($price > 50)`
			`return "Soyons raisonnable sur le prix.";`

			`$date_start = htmlspecialchars($_POST["date_start"]);`
			`$date_start_parsed = date_parse_from_format("yyyy-mm-dd", $date_start);`

			`$date_end = htmlspecialchars($_POST["date_end"]);`
			`$date_end_parsed = date_parse_from_format("yyyy-mm-dd", $date_end);`

			`$date_inscription = htmlspecialchars($_POST["date_inscription"]);`
			`$time_inscription = htmlspecialchars($_POST["time_inscription"]);`
			`$date_inscription_parsed = date_parse_from_format("yyyy-mm-dd", $date_inscription . ' ' . $time_inscription);`

			`$date_solutions = htmlspecialchars($_POST["date_solutions"]);`
			`$time_solutions = htmlspecialchars($_POST["time_solutions"]);`
			`$date_solutions_parsed = date_parse_from_format("yyyy-mm-dd", $date_solutions . ' ' . $time_solutions);`

			`$date_syntheses = htmlspecialchars($_POST["date_syntheses"]);`
			`$time_syntheses = htmlspecialchars($_POST["time_syntheses"]);`
			`$date_syntheses_parsed = date_parse_from_format("yyyy-mm-dd", $date_syntheses . ' ' . $time_syntheses);`

			`if (!$date_start_parsed \|\| !$date_end_parsed \|\| !$date_inscription_parsed \|\| !$date_solutions_parsed \|\| !$date_syntheses_parsed)`
			`return "Une date est mal formée.";`

			`$description = htmlspecialchars($_POST["description"]);`

			$req = $DB->prepare("INSERT INTO `tournaments` (`name`, `organizer`, `size`, `place`, `description`,
			`date_start`, `date_end`, `date_inscription`, `date_solutions`, `date_syntheses`, `year`)
			`VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?);");`
			`$result = $req->execute([$name, $organizer_id, $size, $place, $description, $date_start, $date_end,`
			`"$date_inscription $time_inscription", "$date_solutions $time_solutions", "$date_syntheses $time_syntheses", $YEAR]);`

			`mail($organize_mail, "Organisateur TFJM² " . $name, "Vous venez d'être promu organisateur du tournoi " . $name . " pour le TFJM² $YEAR !", "From: $MAIL_ADDRESS");`

			`return false;`
			`}`

			`?>`

			`<?php include "header.php" ?>`

			`<?php`

			`if (!isset($_SESSION["role"]) or $_SESSION["role"] != "ADMIN") {`
			`?>`
			`<h2>Vous n'êtes pas autorisé à accéder à cette page.</h2>`
			`<?php } else { ?>`

			`<?php if (isset($error_message)) {`
			`if ($error_message !== false) {`
			`echo "<h2>Erreur : " . $error_message . "</h2>";`
			`} else {`
			`echo "<h2>Tournoi de " . htmlspecialchars($_POST["name"]) . " ajouté avec succès !</h2>";`
			`}`
			`}?>`

			`<form method="POST">`
			`<input type="hidden" name="submitted" value="true" />`
			`<table>`
			`<tbody>`
			`<tr>`
			`<td>`
			`<label for="name">Nom :</label>`
			`</td>`
			`<td>`
			`<input type="text" id="name" name="name" />`
			`</td>`
			`</tr>`
			`<tr>`
			`<td>`
			`<label for="organizer">Organisateur :</label>`
			`</td>`
			`<td>`
			`<select id="organizer" name="organizer">`
			`<?php`
			`while (($data = $orgas_response->fetch()) !== FALSE) {`
			`echo "<option value=\"" . $data["id"] . "\">" . $data["first_name"] . " " . $data["surname"] . "</option>\n";`
			`}`
			`?>`
			`</select>`
			`</td>`
			`</tr>`
			`<tr>`
			`<td>`
			`<label for="size">Nombre d'équipes :</label>`
			`</td>`
			`<td>`
			`<input type="number" id="size" name="size" min="3" max="12" value="6" />`
			`</td>`
			`</tr>`
			`<tr>`
			`<td>`
			`<label for="place">Lieu :</label>`
			`</td>`
			`<td>`
			`<input type="text" id="place" name="place" />`
			`</td>`
			`</tr>`
			`<tr>`
			`<td>`
			`<label for="price">Prix par participant</label>`
			`</td>`
			`<td>`
			`<input type="number" id="price" name="price" min="0" max="21" value="21" />`
			`</td>`
			`</tr>`
			`<tr>`
			`<td>`
			`<label for="date_start">Dates :</label>`
			`</td>`
			`<td>`
			`Du <input type="date" id="date_start" name="date_start" /> au <input type="date" id="date_end" name="date_end" />`
			`</td>`
			`</tr>`
			`<tr>`
			`<td>`
			`<label for="date_inscription">Date limite d'inscription :</label>`
			`</td>`
			`<td>`
			`<input type="date" id="date_inscription" name="date_inscription" />`
			`<input type="time" id="time_inscription" name="time_inscription" />`
			`</td>`
			`</tr>`
			`<tr>`
			`<td>`
			`<label for="date_solutions">Date limite pour rendre les solutions :</label>`
			`</td>`
			`<td>`
			`<input type="date" id="date_solutions" name="date_solutions" />`
			`<input type="time" id="time_solutions" name="time_solutions" />`
			`</td>`
			`</tr>`
			`<tr>`
			`<td>`
			`<label for="date_syntheses">Date limite pour rendre les notes de synthèse :</label>`
			`</td>`
			`<td>`
			`<input type="date" id="date_syntheses" name="date_syntheses" />`
			`<input type="time" id="time_syntheses" name="time_syntheses" />`
			`</td>`
			`</tr>`
			`<tr>`
			`<td>`
			`<label for="description">Description :</label>`
			`</td>`
			`<td>`
			`<textarea name="description" id="description"></textarea>`
			`</td>`
			`</tr>`
			`<tr>`
			`<td>`
			`<input type="submit" />`
			`</td>`
			`</tr>`
			`</tbody>`
			`</table>`
			`</form>`

			`<?php include "footer.php" ?>`

			`<?php } ?>`