From 273bd059443031812e6115b5f5c70e4a00c7a4f8 Mon Sep 17 00:00:00 2001 From: Yohann Date: Mon, 2 Sep 2019 20:57:26 +0200 Subject: [PATCH] =?UTF-8?q?Quelques=20v=C3=A9rifications=20temporelles=20e?= =?UTF-8?q?t=20autres?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- server_files/ajouter_equipe.php | 2 +- server_files/config.php | 8 + server_files/equipe.php | 2 +- server_files/footer.php | 3 +- server_files/informations.php | 4 +- server_files/mon_equipe.php | 359 +++++++++++++++++++------------- server_files/solutions.php | 81 +++---- server_files/syntheses.php | 81 ++++--- 8 files changed, 320 insertions(+), 220 deletions(-) diff --git a/server_files/ajouter_equipe.php b/server_files/ajouter_equipe.php index b0bc049..d9aa7fa 100644 --- a/server_files/ajouter_equipe.php +++ b/server_files/ajouter_equipe.php @@ -2,7 +2,7 @@ include 'config.php'; -$tournaments_response = $DB->query("SELECT `id`, `name` FROM `tournaments` WHERE `year` = '$YEAR';"); +$tournaments_response = $DB->query("SELECT `id`, `name` FROM `tournaments` WHERE `date_inscription` > CURRENT_DATE AND `year` = '$YEAR';"); if (isset($_POST["submitted"])) { $error_message = registerTeam(); diff --git a/server_files/config.php b/server_files/config.php index 1ecd6c0..18db43f 100644 --- a/server_files/config.php +++ b/server_files/config.php @@ -57,4 +57,12 @@ function echo_date($date = NULL, $with_time = false) { return strftime("%d %B %G" . ($with_time ? " %H:%M" : ""), strtotime($date)); } +function error403() { + include "../403.php"; +} + +function error404() { + include "../404.php"; +} + ?> diff --git a/server_files/equipe.php b/server_files/equipe.php index ca955de..bb40602 100644 --- a/server_files/equipe.php +++ b/server_files/equipe.php @@ -11,7 +11,7 @@ if (isset($_POST["validate"])) { $team_data = $DB->query("SELECT * FROM `teams` WHERE `trigram` = '$trigram' AND `year` = $YEAR;")->fetch(); if ($team_data === false) - include "../404.php"; + error404(); $tournament_data = $DB->query("SELECT `name`, `date_start` FROM `tournaments` WHERE `id` = '" . $team_data["tournament"] . "' AND `year` = '$YEAR';")->fetch(); diff --git a/server_files/footer.php b/server_files/footer.php index 0289fab..b806435 100644 --- a/server_files/footer.php +++ b/server_files/footer.php @@ -2,4 +2,5 @@ - \ No newline at end of file + + diff --git a/server_files/informations.php b/server_files/informations.php index c4c66c5..be15241 100644 --- a/server_files/informations.php +++ b/server_files/informations.php @@ -3,14 +3,14 @@ include "config.php"; if (!isset($_SESSION["role"]) || $_SESSION["role"] != "ORGANIZER" && $_SESSION["role"] != "ADMIN") { - include "../403.php"; + error403(); } $id = $_GET["id"]; $user_data = $DB->query("SELECT * FROM `users` WHERE `id` = $id;")->fetch(); if ($user_data === false) { - include "../404.php"; + error404(); } $team_data = false; diff --git a/server_files/mon_equipe.php b/server_files/mon_equipe.php index 3e00703..b853e37 100644 --- a/server_files/mon_equipe.php +++ b/server_files/mon_equipe.php @@ -3,56 +3,60 @@ include 'config.php'; if (isset($_POST["leave_team"])) { - for ($i = 1; $i <= ($_SESSION["role"] == "PARTICIPANT" ? 6 : 2); ++$i) - /** @noinspection SqlResolve */ - $DB->exec("UPDATE `teams` SET `" . strtolower($_SESSION["role"]) . "_$i` = NULL WHERE `" . strtolower($_SESSION["role"]) . "_$i` = " . $_SESSION["user_id"] . ";"); - $DB->exec("UPDATE `users` SET `team_id` = NULL WHERE `id` = " . $_SESSION["user_id"] . ";"); - $DB->exec("UPDATE `teams` SET `encadrant_1` = `encadrant_2`, `encadrant_2` = NULL WHERE `encadrant_1` IS NULL;"); - for ($i = 1; $i <= 5; ++$i) { - /** @noinspection SqlResolve */ - $DB->exec("UPDATE `teams` SET `participant_$i` = `participant_" . strval($i + 1) . "`, `participant_" . strval($i + 1) . "` = NULL WHERE `participant_$i` IS NULL;"); - } - - $req = $DB->query("SELECT `file_id` FROM `documents` WHERE `user` = '" . $_SESSION["user_id"] . "';"); - while (($data = $req->fetch()) !== false) - unlink("$URL_BASE/files/" . $data["file_id"]); - $DB->exec("DELETE FROM `documents` WHERE `user` = '" . $_SESSION["user_id"] . "';"); - - if ($DB->exec("DELETE FROM `teams` WHERE `encadrant_1` IS NULL AND `participant_1` IS NULL;") > 0) { + for ($i = 1; $i <= ($_SESSION["role"] == "PARTICIPANT" ? 6 : 2); ++$i) + /** @noinspection SqlResolve */ + $DB->exec("UPDATE `teams` SET `" . strtolower($_SESSION["role"]) . "_$i` = NULL WHERE `" . strtolower($_SESSION["role"]) . "_$i` = " . $_SESSION["user_id"] . ";"); + $DB->exec("UPDATE `users` SET `team_id` = NULL WHERE `id` = " . $_SESSION["user_id"] . ";"); + $DB->exec("UPDATE `teams` SET `encadrant_1` = `encadrant_2`, `encadrant_2` = NULL WHERE `encadrant_1` IS NULL;"); + for ($i = 1; $i <= 5; ++$i) { + /** @noinspection SqlResolve */ + $DB->exec("UPDATE `teams` SET `participant_$i` = `participant_" . strval($i + 1) . "`, `participant_" . strval($i + 1) . "` = NULL WHERE `participant_$i` IS NULL;"); + } + + $req = $DB->query("SELECT `file_id` FROM `documents` WHERE `user` = '" . $_SESSION["user_id"] . "';"); + while (($data = $req->fetch()) !== false) + unlink("$URL_BASE/files/" . $data["file_id"]); + $DB->exec("DELETE FROM `documents` WHERE `user` = '" . $_SESSION["user_id"] . "';"); + + if ($DB->exec("DELETE FROM `teams` WHERE `encadrant_1` IS NULL AND `participant_1` IS NULL;") > 0) { $req = $DB->query("SELECT `file_id` FROM `solutions` WHERE `team` = '" . $_SESSION["team_id"] . "';"); while (($data = $req->fetch()) !== false) unlink("$URL_BASE/files/" . $data["file_id"]); - $DB->exec("DELETE FROM `solutions` WHERE `team` = " . $_SESSION["team_id"] . ";"); - + $DB->exec("DELETE FROM `solutions` WHERE `team` = " . $_SESSION["team_id"] . ";"); + $req = $DB->query("SELECT `file_id` FROM `syntheses` WHERE `team` = '" . $_SESSION["team_id"] . "';"); while (($data = $req->fetch()) !== false) unlink("$URL_BASE/files/" . $data["file_id"]); $DB->exec("DELETE FROM `syntheses` WHERE `team` = " . $_SESSION["team_id"] . ";"); - } - unset($_SESSION["team_id"]); - unset($_SESSION["team_validation_status"]); - header("Location: $URL_BASE"); - exit(); + } + unset($_SESSION["team_id"]); + unset($_SESSION["team_validation_status"]); + header("Location: $URL_BASE"); + exit(); } $tournaments_response = $DB->query("SELECT `id`, `name` FROM `tournaments` WHERE `year` = '$YEAR';"); if (isset($_POST["send_document"])) { - sendDocument(); + $error_message = sendDocument(); } if (isset($_POST["request_validation"])) { - $DB->exec("UPDATE `teams` SET `validation_status` = 'WAITING' WHERE `id` = " . $_SESSION["team_id"] . ";"); - $_SESSION["team_validation_status"] = "WAITING"; + if (!checkCanValidate()) + $error_message = "Votre équipe ne peut pas demander la validation : il manque soit des participants, soit des documents."; + else { + $DB->exec("UPDATE `teams` SET `validation_status` = 'WAITING' WHERE `id` = " . $_SESSION["team_id"] . ";"); + $_SESSION["team_validation_status"] = "WAITING"; + } } if (isset($_SESSION["user_id"]) && isset($_SESSION["team_id"])) { - $result = $DB->query("SELECT * FROM `teams` WHERE `id` = '" . $_SESSION["team_id"] . "' AND `year` = '$YEAR';"); - $team_data = $result->fetch(); - - $tournament_data = $DB->query("SELECT `name`, `date_start` FROM `tournaments` WHERE `id` = '" . $team_data["tournament"] . "' AND `year` = '$YEAR';")->fetch(); - - $documents_req = $DB->prepare("SELECT `file_id`, `type`, COUNT(`type`) AS `version` FROM `documents` WHERE `user` = ? GROUP BY `type` ORDER BY `type` ASC, `uploaded_at` DESC;"); + $result = $DB->query("SELECT * FROM `teams` WHERE `id` = '" . $_SESSION["team_id"] . "' AND `year` = '$YEAR';"); + $team_data = $result->fetch(); + + $tournament_data = $DB->query("SELECT `name`, `date_start` FROM `tournaments` WHERE `id` = '" . $team_data["tournament"] . "' AND `year` = '$YEAR';")->fetch(); + + $documents_req = $DB->prepare("SELECT `file_id`, `type`, COUNT(`type`) AS `version` FROM `documents` WHERE `user` = ? GROUP BY `type`, `uploaded_at` ORDER BY `type`, `uploaded_at` DESC;"); $documents_req->execute([$_SESSION["user_id"]]); } @@ -60,128 +64,173 @@ if (isset($_POST["team_edit"])) { $error_message = updateTeam(); } -function sendDocument() { +function sendDocument() +{ global $LOCAL_PATH, $DB; - + $type = strtoupper(htmlspecialchars($_POST["type"])); if (!isset($type) || ($type != "PARENTAL_CONSENT" && $type != "PHOTO_CONSENT" && $type != "SANITARY_PLUG")) - return "Le type de document est invalide. Merci de ne pas formuler vos propres requêtes."; - + return "Le type de document est invalide. Merci de ne pas formuler vos propres requêtes."; + $file = $_FILES["document"]; - + if ($file["size"] > 5000000 || $file["error"]) return "Une erreur est survenue. Merci de vérifier que le fichier pèse moins que 5 Mo."; - + if (finfo_file(finfo_open(FILEINFO_MIME_TYPE), $file["tmp_name"]) != 'application/pdf') return "Le fichier doit être au format PDF."; - + if (!is_dir("$LOCAL_PATH/files") && !mkdir("$LOCAL_PATH/files")) return "Les droits sont insuffisants. Veuillez contacter l'administrateur du serveur."; - + $alphabet = "abcdefghijklmnopqrstuvwxyz0123456789"; - + do { $id = ""; for ($i = 0; $i < 64; ++$i) { $id .= $alphabet[rand(0, strlen($alphabet) - 1)]; } - } - while (file_exists("$LOCAL_PATH/files/$id")); - + } while (file_exists("$LOCAL_PATH/files/$id")); + if (!rename($file["tmp_name"], "$LOCAL_PATH/files/$id")) return "Une erreur est survenue lors de l'envoi du fichier."; - + $req = $DB->prepare("INSERT INTO `documents`(`file_id`, `user`, `team`, `tournament`, `type`) VALUES (?, ?, ?, ?, ?);"); $req->execute([$id, $_SESSION["user_id"], $_SESSION["team_id"], $_SESSION["tournament_id"], $type]); - + return false; } -function updateTeam() { - global $DB, $YEAR, $URL_BASE, $MAIL_ADDRESS, $team_data; - +function updateTeam() +{ + global $DB, $YEAR, $URL_BASE, $team_data; + if ($_SESSION["team_id"] == NULL) return "Vous n'êtes pas dans une équipe."; - + $name = htmlspecialchars($_POST["name"]); - + if (!isset($name) || $name == "") return "Vous devez spécifier un nom d'équipe."; - + echo $team_data["id"]; $result = $DB->query("SELECT `id` FROM `teams` WHERE `name` = '" . $name . "' AND `id` != " . $team_data["id"] . " AND `year` = '$YEAR';"); if ($result->fetch()) return "Une équipe existe déjà avec ce nom." . $team_data["id"]; - + $trigram = strtoupper(htmlspecialchars($_POST["trigram"])); - + if (!preg_match("#^[A-Z][A-Z][A-Z]$#", $trigram)) return "Le trigramme entré n'est pas valide."; - + $result = $DB->query("SELECT `id` FROM `teams` WHERE `trigram` = '" . $trigram . "' AND `id` != '" . $team_data["id"] . "' AND `year` = '$YEAR';"); if ($result->fetch()) return "Une équipe a déjà choisi ce trigramme."; - + $tournament_id = intval(htmlspecialchars($_POST["tournament"])); - + $result = $DB->query("SELECT `id`, `name` FROM `tournaments` WHERE `id` = '" . $tournament_id . "' AND `year` = '$YEAR';"); $data = $result->fetch(); if ($data === FALSE) return "Le tournoi spécifié n'existe pas."; - + $req = $DB->prepare("UPDATE `teams` SET `name` = ?, `trigram` = ?, `tournament` = ? WHERE `id` = ?;"); $req->execute([$name, $trigram, $tournament_id, $team_data["id"]]); - + header("Location: $URL_BASE/mon_equipe"); - + return false; } +function checkCanValidate() { + global $DB, $team_data, $tournament_data, $YEAR; + $can_validate = $team_data["validation_status"] == "NOT_READY"; + $can_validate &= $team_data["encadrant_1"] != NULL; + $can_validate &= $team_data["participant_4"] != NULL; + for ($i = 1; $i <= 2; ++$i) { + if ($team_data["encadrant_$i"] === NULL) + continue; + + $req = $DB->prepare("SELECT COUNT(`type`) AS `version` FROM `documents` WHERE `user` = ? AND `type` = ? GROUP BY `uploaded_at` ORDER BY `uploaded_at` DESC;"); + $req->execute([$team_data["encadrant_$i"], "PHOTO_CONSENT"]); + $d = $req->fetch(); + $can_validate &= $d["version"] > 0; + + $req = $DB->prepare("SELECT COUNT(`type`) AS `version` FROM `documents` WHERE `user` = ? AND `type` = ? GROUP BY `uploaded_at` ORDER BY `uploaded_at` DESC;"); + $req->execute([$team_data["encadrant_$i"], "SANITARY_PLUG"]); + $d = $req->fetch(); + $can_validate &= $d["version"] > 0; + } + for ($i = 1; $i <= 6; ++$i) { + if ($team_data["participant_$i"] === NULL) + continue; + + $req = $DB->prepare("SELECT COUNT(`type`) AS `version` FROM `documents` WHERE `user` = ? AND `type` = ? GROUP BY `uploaded_at` ORDER BY `uploaded_at` DESC;"); + $req->execute([$team_data["participant_$i"], "PHOTO_CONSENT"]); + $d = $req->fetch(); + $can_validate &= $d["version"] > 0; + + $req = $DB->prepare("SELECT COUNT(`type`) AS `version` FROM `documents` WHERE `user` = ? AND `type` = ? GROUP BY `uploaded_at` ORDER BY `uploaded_at` DESC;"); + $req->execute([$team_data["participant_$i"], "SANITARY_PLUG"]); + $d = $req->fetch(); + $can_validate &= $d["version"] > 0; + + $birth_date = $DB->query("SELECT `birth_date` FROM `users` WHERE `id` = " . $team_data["participant_$i"] . ";")->fetch()["birth_date"]; + if ($birth_date > strval($YEAR - 18) . substr($tournament_data["date_start"], 4)) { + $req = $DB->prepare("SELECT COUNT(`type`) AS `version` FROM `documents` WHERE `user` = ? AND `type` = ? GROUP BY `uploaded_at` ORDER BY `uploaded_at` DESC;"); + $req->execute([$team_data["participant_$i"], "PARENTAL_CONSENT"]); + $d = $req->fetch(); + $can_validate &= $d["version"] > 0; + } + } + + return $can_validate; +} + ?> Vous devez être dans une équipe pour afficher cette page."; - include "footer.php"; - return; + echo "

Vous devez être dans une équipe pour afficher cette page.

"; + include "footer.php"; + return; } ?> Erreur : " . $error_message . ""; - } - else { + } else { echo "

Le fichier a été correctement envoyé !

"; } -}?> +} ?>

Informations sur l'équipe

-Nom de l'équipe :
-Trigramme :
-Tournoi :
+Nom de l'équipe :
+Trigramme :
+Tournoi : ">
query("SELECT `surname`, `first_name` FROM `users` WHERE `id` = " . $team_data["encadrant_" . $i] . " AND `year` = '$YEAR';")->fetch(); - echo "Encadrant $i : " . $user_data["first_name"] . " " . $user_data["surname"] . "
"; + if ($team_data["encadrant_" . $i] == NULL) + continue; + $user_data = $DB->query("SELECT `surname`, `first_name` FROM `users` WHERE `id` = " . $team_data["encadrant_" . $i] . " AND `year` = '$YEAR';")->fetch(); + echo "Encadrant $i : " . $user_data["first_name"] . " " . $user_data["surname"] . "
"; } for ($i = 1; $i <= 6; ++$i) { - if ($team_data["participant_" . $i] == NULL) - continue; - $user_data = $DB->query("SELECT `surname`, `first_name` FROM `users` WHERE `id` = " . $team_data["participant_" . $i] . " AND `year` = '$YEAR';")->fetch(); - echo "Participant $i : " . $user_data["first_name"] . " " . $user_data["surname"] . "
"; + if ($team_data["participant_" . $i] == NULL) + continue; + $user_data = $DB->query("SELECT `surname`, `first_name` FROM `users` WHERE `id` = " . $team_data["participant_" . $i] . " AND `year` = '$YEAR';")->fetch(); + echo "Participant $i : " . $user_data["first_name"] . " " . $user_data["surname"] . "
"; } ?> -Code d'accès :
+Code d'accès :
- + @@ -189,7 +238,7 @@ Code d'accès :
@@ -197,7 +246,8 @@ Code d'accès :
@@ -216,7 +266,7 @@ Code d'accès :
@@ -224,72 +274,89 @@ Code d'accès :
- - - Modifier mon équipe -
-

Mes autorisations

- fetch()) !== false) { - $file_id = $data["file_id"]; - $type = $data["type"]; - $version = $data["version"]; - switch ($data["type"]) { - case "PARENTAL_CONSENT": - $name = "Autorisation parentale"; - break; - case "PHOTO_CONSENT": - $name = "Autorisation de droit à l'image"; - break; - case "SANITARY_PLUG": - $name = "Fiche sanitaire"; - break; + + + + Modifier mon équipe +
+

Mes autorisations

+ fetch()) !== false) { + $file_id = $data["file_id"]; + $type = $data["type"]; + $version = $data["version"]; + switch ($data["type"]) { + case "PARENTAL_CONSENT": + $name = "Autorisation parentale"; + break; + case "PHOTO_CONSENT": + $name = "Autorisation de droit à l'image"; + break; + case "SANITARY_PLUG": + $name = "Fiche sanitaire"; + break; + } + echo "$name : Télécharger
"; } - echo "$name : Télécharger
"; - } - ?> + ?> - - -
- " /> + "/>
- " /> + "/>
- +
- - - - - - - - - - - - - -
- - - -
- - - -
- -
- -
- -
-
- -
- +
+ + + + + + + + + + + + + + + +
+ + + +
+ + + +
+ +
+
+
+ + + + + + + + +
+
+ +
+ 		+
+ +
+
+ + diff --git a/server_files/solutions.php b/server_files/solutions.php index d243f31..6eb747c 100644 --- a/server_files/solutions.php +++ b/server_files/solutions.php @@ -2,13 +2,20 @@ include 'config.php'; +if (!isset($_SESSION["team_id"])) + error403(); + if (isset($_POST["send_solution"])) { $error_message = saveSolution(); } -$solutions_req = $DB->prepare("SELECT `file_id`, `problem`, COUNT(`problem`) AS `version` FROM `solutions` WHERE `team` = ? GROUP BY `problem` ORDER BY `problem` ASC, `uploaded_at` DESC;"); +$solutions_req = $DB->prepare("SELECT `file_id`, `problem`, COUNT(`problem`) AS `version` FROM `solutions` WHERE `team` = ? GROUP BY `problem`, `uploaded_at` ORDER BY `problem`, `uploaded_at` DESC;"); $solutions_req->execute([$_SESSION["team_id"]]); +$tournament_req = $DB->prepare("SELECT `date_solutions` FROM `tournaments` WHERE `id` = ?;"); +$tournament_req->execute([$_SESSION["tournament_id"]]); +$tournament_data = $tournament_req->fetch(); + function saveSolution() { global $LOCAL_PATH, $DB; @@ -64,42 +71,44 @@ function saveSolution() { } }?> -
- - - - - - - - - - - - - - - -
- - - -
- - - -
- -
-
+ +
+ + + + + + + + + + + + + + + +
+ + + +
+ + + +
+ +
+
+ -
+

Solutions soumises :

diff --git a/server_files/syntheses.php b/server_files/syntheses.php index 377825f..8e692d0 100644 --- a/server_files/syntheses.php +++ b/server_files/syntheses.php @@ -2,13 +2,20 @@ include 'config.php'; +if (!isset($_SESSION["team_id"])) + error403(); + if (isset($_POST["send_synthese"])) { $error_message = saveSynthese(); } -$syntheses_req = $DB->prepare("SELECT `file_id`, `dest`, COUNT(`dest`) AS `version` FROM `syntheses` WHERE `team` = ? GROUP BY `dest` ORDER BY `dest` ASC, `uploaded_at` DESC;"); +$syntheses_req = $DB->prepare("SELECT `file_id`, `dest`, COUNT(`dest`) AS `version` FROM `syntheses` WHERE `team` = ? GROUP BY `dest`, `uploaded_at` ORDER BY `dest`, `uploaded_at` DESC;"); $syntheses_req->execute([$_SESSION["team_id"]]); +$tournament_req = $DB->prepare("SELECT `date_solutions`, `date_syntheses` FROM `tournaments` WHERE `id` = ?;"); +$tournament_req->execute([$_SESSION["tournament_id"]]); +$tournament_data = $tournament_req->fetch(); + function saveSynthese() { global $LOCAL_PATH, $DB; @@ -52,7 +59,13 @@ function saveSynthese() { -Il est trop tôt pour se préoccuper des notes de synthèse, attendez le tirage des poules."; + include "footer.php"; +} + +if (isset($error_message)) { if ($error_message !== false) { echo "

Erreur : " . $error_message . "

"; } @@ -61,37 +74,39 @@ function saveSynthese() { } }?> -
- - - - - - - - - - - - - - - -
- - - -
- - - -
- -
-
+ +
+ + + + + + + + + + + + + + + +
+ + + +
+ + + +
+ +
+
+