plateforme-tfjm2/server_files/mon_equipe.php

<?php

require_once 'config.php';

if (isset($_POST["leave_team"])) {
	for ($i = 1; $i <= ($_SESSION["role"] == "PARTICIPANT" ? 6 : 2); ++$i)
		/** @noinspection SqlResolve */
		$DB->exec("UPDATE `teams` SET `" . strtolower($_SESSION["role"]) . "_$i` = NULL WHERE `" . strtolower($_SESSION["role"]) . "_$i` = " . $_SESSION["user_id"] . ";");
	$DB->exec("UPDATE `users` SET `team_id` = NULL WHERE `id` = " . $_SESSION["user_id"] . ";");
	$DB->exec("UPDATE `teams` SET `encadrant_1` = `encadrant_2`, `encadrant_2` = NULL WHERE `encadrant_1` IS NULL;");
	for ($i = 1; $i <= 5; ++$i) {
		/** @noinspection SqlResolve */
		$DB->exec("UPDATE `teams` SET `participant_$i` = `participant_" . strval($i + 1) . "`, `participant_" . strval($i + 1) . "` = NULL WHERE `participant_$i` IS NULL;");
	}
	
	$req = $DB->query("SELECT `file_id` FROM `documents` WHERE `user` = '" . $_SESSION["user_id"] . "';");
	while (($data = $req->fetch()) !== false)
		unlink("$URL_BASE/files/" . $data["file_id"]);
	$DB->exec("DELETE FROM `documents` WHERE `user` = '" . $_SESSION["user_id"] . "';");
	
	if ($DB->exec("DELETE FROM `teams` WHERE `encadrant_1` IS NULL AND `participant_1` IS NULL;") > 0) {
		$req = $DB->query("SELECT `file_id` FROM `solutions` WHERE `team` = '" . $_SESSION["team_id"] . "';");
		while (($data = $req->fetch()) !== false)
			unlink("$URL_BASE/files/" . $data["file_id"]);
		$DB->exec("DELETE FROM `solutions` WHERE `team` = " . $_SESSION["team_id"] . ";");
		
		$req = $DB->query("SELECT `file_id` FROM `syntheses` WHERE `team` = '" . $_SESSION["team_id"] . "';");
		while (($data = $req->fetch()) !== false)
			unlink("$URL_BASE/files/" . $data["file_id"]);
		$DB->exec("DELETE FROM `syntheses` WHERE `team` = " . $_SESSION["team_id"] . ";");
	}
	unset($_SESSION["team_id"]);
	unset($_SESSION["team_validation_status"]);
	header("Location: $URL_BASE");
	exit();
}

$tournaments_response = $DB->query("SELECT `id`, `name` FROM `tournaments` WHERE `year` = '$YEAR';");

if (isset($_POST["send_document"])) {
	$error_message = sendDocument();
}

if (isset($_POST["request_validation"])) {
	if (!checkCanValidate())
		$error_message = "Votre équipe ne peut pas demander la validation : il manque soit des participants, soit des documents.";
	else {
		$DB->exec("UPDATE `teams` SET `validation_status` = 'WAITING' WHERE `id` = " . $_SESSION["team_id"] . ";");
		$_SESSION["team_validation_status"] = "WAITING";
	}
}

if (isset($_SESSION["user_id"]) && isset($_SESSION["team_id"])) {
	$result = $DB->query("SELECT * FROM `teams` WHERE `id` = '" . $_SESSION["team_id"] . "' AND `year` = '$YEAR';");
	$team_data = $result->fetch();
	
	$tournament_data = $DB->query("SELECT `name`, `date_start` FROM `tournaments` WHERE `id` = '" . $team_data["tournament"] . "' AND `year` = '$YEAR';")->fetch();
	
	$documents_req = $DB->prepare("SELECT `file_id`, `type`, COUNT(`type`) AS `version` FROM `documents` WHERE `user` = ? AND `tournament` = ? GROUP BY `type`, `uploaded_at` ORDER BY `type`, `uploaded_at` DESC;");
	$documents_req->execute([$_SESSION["user_id"], $_SESSION[isset($_SESSION["final_id"]) ? "final_id" : "tournament_id"]]);
}

if (isset($_POST["team_edit"])) {
	$error_message = updateTeam();
}

function sendDocument()
{
	global $LOCAL_PATH, $DB;
	
	$type = strtoupper(htmlspecialchars($_POST["type"]));
	if (!isset($type) || ($type != "PARENTAL_CONSENT" && $type != "PHOTO_CONSENT" && $type != "SANITARY_PLUG"))
		return "Le type de document est invalide. Merci de ne pas formuler vos propres requêtes.";
	
	$file = $_FILES["document"];
	
	if ($file["size"] > 5000000 || $file["error"])
		return "Une erreur est survenue. Merci de vérifier que le fichier pèse moins que 5 Mo.";
	
	if (finfo_file(finfo_open(FILEINFO_MIME_TYPE), $file["tmp_name"]) != 'application/pdf')
		return "Le fichier doit être au format PDF.";
	
	if (!is_dir("$LOCAL_PATH/files") && !mkdir("$LOCAL_PATH/files"))
		return "Les droits sont insuffisants. Veuillez contacter l'administrateur du serveur.";
	
	$alphabet = "abcdefghijklmnopqrstuvwxyz0123456789";
	
	do {
		$id = "";
		for ($i = 0; $i < 64; ++$i) {
			$id .= $alphabet[rand(0, strlen($alphabet) - 1)];
		}
	} while (file_exists("$LOCAL_PATH/files/$id"));
	
	if (!rename($file["tmp_name"], "$LOCAL_PATH/files/$id"))
		return "Une erreur est survenue lors de l'envoi du fichier.";
	
	$req = $DB->prepare("INSERT INTO `documents`(`file_id`, `user`, `team`, `tournament`, `type`)
                VALUES (?, ?, ?, ?, ?);");
	$req->execute([$id, $_SESSION["user_id"], $_SESSION["team_id"], $_SESSION[isset($_SESSION["final_id"]) ? "final_id" : "tournament_id"], $type]);
	
	return false;
}

function updateTeam()
{
	global $DB, $YEAR, $URL_BASE, $team_data;
	
	if ($_SESSION["team_id"] == NULL)
		return "Vous n'êtes pas dans une équipe.";
	
	$name = htmlspecialchars($_POST["name"]);
	
	if (!isset($name) || $name == "")
		return "Vous devez spécifier un nom d'équipe.";
	
	echo $team_data["id"];
	$result = $DB->query("SELECT `id` FROM `teams` WHERE `name` = '" . $name . "' AND `id` != " . $team_data["id"] . " AND `year` = '$YEAR';");
	if ($result->fetch())
		return "Une équipe existe déjà avec ce nom." . $team_data["id"];
	
	$trigram = strtoupper(htmlspecialchars($_POST["trigram"]));
	
	if (!preg_match("#^[A-Z][A-Z][A-Z]$#", $trigram))
		return "Le trigramme entré n'est pas valide.";
	
	$result = $DB->query("SELECT `id` FROM `teams` WHERE `trigram` = '" . $trigram . "' AND `id` != '" . $team_data["id"] . "' AND `year` = '$YEAR';");
	if ($result->fetch())
		return "Une équipe a déjà choisi ce trigramme.";
	
	$tournament_id = intval(htmlspecialchars($_POST["tournament"]));
	
	$result = $DB->query("SELECT `id`, `name` FROM `tournaments` WHERE `id` = '" . $tournament_id . "' AND `year` = '$YEAR';");
	$data = $result->fetch();
	if ($data === FALSE)
		return "Le tournoi spécifié n'existe pas.";
	
	$req = $DB->prepare("UPDATE `teams` SET `name` = ?, `trigram` = ?, `tournament` = ? WHERE `id` = ?;");
	$req->execute([$name, $trigram, $tournament_id, $team_data["id"]]);
	
	header("Location: $URL_BASE/mon_equipe");
	
	return false;
}

function checkCanValidate()
{
	global $DB, $team_data, $tournament_data, $YEAR;
	$can_validate = $team_data["validation_status"] == "NOT_READY";
	$can_validate &= $team_data["encadrant_1"] != NULL;
	$can_validate &= $team_data["participant_4"] != NULL;
	for ($i = 1; $i <= 2; ++$i) {
		if ($team_data["encadrant_$i"] === NULL)
			continue;
		
		$req = $DB->prepare("SELECT COUNT(`type`) AS `version` FROM `documents` WHERE `user` = ? AND `type` = ? GROUP BY `uploaded_at` ORDER BY `uploaded_at` DESC;");
		$req->execute([$team_data["encadrant_$i"], "PHOTO_CONSENT"]);
		$d = $req->fetch();
		$can_validate &= $d["version"] > 0;
		
		$req = $DB->prepare("SELECT COUNT(`type`) AS `version` FROM `documents` WHERE `user` = ? AND `type` = ? GROUP BY `uploaded_at` ORDER BY `uploaded_at` DESC;");
		$req->execute([$team_data["encadrant_$i"], "SANITARY_PLUG"]);
		$d = $req->fetch();
		$can_validate &= $d["version"] > 0;
	}
	for ($i = 1; $i <= 6; ++$i) {
		if ($team_data["participant_$i"] === NULL)
			continue;
		
		$req = $DB->prepare("SELECT COUNT(`type`) AS `version` FROM `documents` WHERE `user` = ? AND `type` = ? GROUP BY `uploaded_at` ORDER BY `uploaded_at` DESC;");
		$req->execute([$team_data["participant_$i"], "PHOTO_CONSENT"]);
		$d = $req->fetch();
		$can_validate &= $d["version"] > 0;
		
		$req = $DB->prepare("SELECT COUNT(`type`) AS `version` FROM `documents` WHERE `user` = ? AND `type` = ? GROUP BY `uploaded_at` ORDER BY `uploaded_at` DESC;");
		$req->execute([$team_data["participant_$i"], "SANITARY_PLUG"]);
		$d = $req->fetch();
		$can_validate &= $d["version"] > 0;
		
		$birth_date = $DB->query("SELECT `birth_date` FROM `users` WHERE `id` = " . $team_data["participant_$i"] . ";")->fetch()["birth_date"];
		if ($birth_date > strval($YEAR - 18) . substr($tournament_data["date_start"], 4)) {
			$req = $DB->prepare("SELECT COUNT(`type`) AS `version` FROM `documents` WHERE `user` = ? AND `type` = ? GROUP BY `uploaded_at` ORDER BY `uploaded_at` DESC;");
			$req->execute([$team_data["participant_$i"], "PARENTAL_CONSENT"]);
			$d = $req->fetch();
			$can_validate &= $d["version"] > 0;
		}
	}
	
	return $can_validate;
}

?>

<?php require_once "header.php" ?>

<?php if (!isset($_SESSION["user_id"]) || !isset($_SESSION["team_id"]) || $_SESSION["team_id"] == NULL) {
	echo "<h2>Vous devez être dans une équipe pour afficher cette page.</h2>";
	require_once "footer.php";
	return;
} ?>

<?php if (isset($error_message)) {
	if ($error_message !== false) {
		echo "<h2>Erreur : " . $error_message . "</h2>";
	} else {
		echo "<h2>Le fichier a été correctement envoyé !</h2>";
	}
} ?>

<h2>Informations sur l'équipe</h2>

Nom de l'équipe : <?= $team_data["name"] ?><br/>
Trigramme : <?= $team_data["trigram"] ?><br/>
Tournoi : <a href="<?= $tournament_data["name"] ?>"><?= $tournament_data["name"] ?></a><br/>
<?php
for ($i = 1; $i <= 2; ++$i) {
	if ($team_data["encadrant_" . $i] == NULL)
		continue;
	$user_data = $DB->query("SELECT `surname`, `first_name` FROM `users` WHERE `id` = " . $team_data["encadrant_" . $i] . " AND `year` = '$YEAR';")->fetch();
	echo "Encadrant $i : " . $user_data["first_name"] . " " . $user_data["surname"] . "<br />";
}
for ($i = 1; $i <= 6; ++$i) {
	if ($team_data["participant_" . $i] == NULL)
		continue;
	$user_data = $DB->query("SELECT `surname`, `first_name` FROM `users` WHERE `id` = " . $team_data["participant_" . $i] . " AND `year` = '$YEAR';")->fetch();
	echo "Participant $i : " . $user_data["first_name"] . " " . $user_data["surname"] . "<br />";
}
?>
Code d'accès : <strong><?php echo $team_data["access_code"] ?></strong><br/>
<?php if (isset($_SESSION["final_id"])) {
    $final_name = $_SESSION["final_name"];
	echo "<strong>Équipe sélectionnée pour la <a href=\"$URL_BASE/tournoi/$final_name\">finale nationale</a>.</strong><br />";
} ?>

<?php if (isset($_GET["modifier"])) { ?>

    <form method="POST">
        <input type="hidden" name="team_edit" value="true"/>
        <table style="width: 100%;">
            <tbody>
            <tr>
                <td style="width: 30%;">
                    <label for="name">Nom :</label>
                </td>
                <td style="width: 70%;">
                    <input style="width: 100%;" type="text" id="name" name="name" value="<?= $team_data["name"] ?>"/>
                </td>
            </tr>
            <tr>
                <td>
                    <label for="trigram">Trigramme :</label>
                </td>
                <td>
                    <input style="width: 100%;" type="text" id="trigram" name="trigram"
                           value="<?= $team_data["trigram"] ?>"/>
                </td>
            </tr>
            <tr>
                <td>
                    <label for="tournament">Tournoi :</label>
                </td>
                <td>
                    <select style="width: 100%;" id="tournament" name="tournament">
						<?php
						while (($data = $tournaments_response->fetch()) !== FALSE) {
							echo "<option value=\"" . $data["id"] . "\">" . $data["name"] . "</option>\n";
						}
						?>
                    </select>
                </td>
            </tr>
            <tr>
                <td colspan="2">
                    <input style="width: 100%;" type="submit" value="Modifier l'équipe"/>
                </td>
            </tr>
            </tbody>
        </table>
    </form>

<?php } else { ?>
	
	<?php if ($_SESSION["team_validation_status"] == "NOT_READY") { ?>
        <!--suppress HtmlUnknownTarget -->
        <a href="<?= $URL_BASE ?>/mon_equipe/modifier">Modifier mon équipe</a>
	<?php } ?>
    <hr/>
    <h2>Mes autorisations</h2>
	<?php
	while (($data = $documents_req->fetch()) !== false) {
		$file_id = $data["file_id"];
		$type = $data["type"];
		$version = $data["version"];
		switch ($data["type"]) {
			case "PARENTAL_CONSENT":
				$name = "Autorisation parentale";
				break;
			case "PHOTO_CONSENT":
				$name = "Autorisation de droit à l'image";
				break;
			case "SANITARY_PLUG":
				$name = "Fiche sanitaire";
				break;
		}
		echo "$name : <a href=\"$URL_BASE/file/$file_id\">Télécharger</a><br />";
	}
	if ($team_data["validation_status"] == "NOT_READY") { ?>
        <form method="post" enctype="multipart/form-data">
            <input type="hidden" name="MAX_FILE_SIZE" value="5000000"/>
            <table style="width: 100%;">
                <tbody>
                <tr>
                    <td>
                        <label for="type">Type de document :</label>
                    </td>
                    <td>
                        <select style="width: 100%;" id="type" name="type">
							<?php if ($_SESSION["birth_date"] > strval($YEAR - 18) . substr($tournament_data["date_start"], 4)) { ?>
                                <option value="parental_consent">Autorisation parentale</option>
							<?php } ?>
                            <option value="photo_consent">Autorisation de droit à l'image</option>
                            <option value="sanitary_plug">Fiche sanitaire</option>
                        </select>
                    </td>
                </tr>
                <tr>
                    <td>
                        <label for="file">Fichier :</label>
                    </td>
                    <td>
                        <input style="width: 100%;" type="file" id="file" name="document"/>
                    </td>
                </tr>
                <tr>
                    <td colspan="2">
                        <input style="width: 100%;" type="submit" name="send_document" value="Envoyer le document"/>
                    </td>
                </tr>
                </tbody>
            </table>
        </form>
	<?php } ?>
    <hr/>
	<?php if ($team_data["validation_status"] == "NOT_READY") { ?>
        <table style="width: 100%;">
            <tr>
                <td style="width: 50%;">
                    <form method="post">
                        <input style="width: 100%;" type="submit" name="leave_team" value="Quitter l'équipe"/>
                    </form>
                </td>
				<?php
				$can_validate = checkCanValidate();
				if ($can_validate) { ?>
                    <td style="width: 50%;">
                        <form method="post">
                            <input style="width: 100%;" type="submit" name="request_validation"
                                   value="Demander la validation"/>
                        </form>
                    </td>
				<?php } ?>
            </tr>
        </table>
	<?php } ?>
<?php } ?>

<?php require_once "footer.php" ?>