ynerant/plateforme-tfjm2
1
0
Fork 0
mirror of https://gitlab.com/animath/si/plateforme.git synced 2025-06-26 23:18:40 +02:00
Code Issues Releases Wiki Activity

Quelques éléments de vérification de sécurité

Browse Source
This commit is contained in:
Yohann
2019-09-02 21:21:37 +02:00
parent 946d261c71
commit 683b8c71b7
5 changed files with 26 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
server_files/syntheses_orga.php
View File

@ -2,10 +2,13 @@
<?php
if (!isset($_SESSION["role"]) || $_SESSION["role"] != "ADMIN" && $_SESSION["role"] != "ORGANIZER")
include "403.php";
if (isset($_POST["download_zip"])) {
$id = $_POST["tournament"];
$tournament_name = $_POST["tournament_name"];
$files_req = $DB->query("SELECT *, COUNT(`dest`) AS `version` FROM `syntheses` WHERE `tournament` = '$id' GROUP BY `team`, `dest` ORDER BY `team`, `dest`, `uploaded_at` DESC;");
$files_req = $DB->query("SELECT *, COUNT(`dest`) AS `version` FROM `syntheses` WHERE `tournament` = '$id' GROUP BY `team`, `dest`, `uploaded_at` ORDER BY `team`, `dest`, `uploaded_at` DESC;");
$zip = new ZipArchive();
@ -46,12 +49,12 @@ if (isset($_POST["download_zip"])) {
$req = $DB->query("SELECT `tournaments`.`id`, `name` FROM `tournaments` JOIN `organizers` ON `tournament` = `tournaments`.`id` WHERE "
. ($_SESSION["role"] == "ADMIN" ? "" : "`organizer` = '" . $_SESSION["user_id"] . "' AND ")
. "`year` = $YEAR GROUP BY `tournament` ORDER BY `name`;");
. "`year` = $YEAR GROUP BY `tournament`, `name` ORDER BY `name`;");
while (($data_tournament = $req->fetch()) !== false) {
echo "<h1>Tournoi de " . $data_tournament["name"] . "</h1>\n";
$id = $data_tournament["id"];
$files_req = $DB->query("SELECT *, COUNT(`dest`) AS `version` FROM `syntheses` WHERE `tournament` = '$id' GROUP BY `team`, `dest` ORDER BY `team`, `dest`, `uploaded_at` DESC;");
$files_req = $DB->query("SELECT *, COUNT(`dest`) AS `version` FROM `syntheses` WHERE `tournament` = '$id' GROUP BY `team`, `dest`, `uploaded_at` ORDER BY `team`, `dest`, `uploaded_at` DESC;");
while (($data_file = $files_req->fetch()) !== false) {
$file_id = $data_file["file_id"];
$dest = $data_file["dest"];