ynerant
/
plateforme-tfjm2
mirror of https://gitlab.com/animath/si/plateforme.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Initial commit

This commit is contained in:
galaxyoyo 2019-08-21 22:56:46 +02:00
parent 977f22af27
commit ae648d7615
25 changed files with 2361 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
.htaccess
View File

@ -1,36 +1,28 @@
ErrorDocument 403 /tfjm/server_files/403.php
ErrorDocument 404 /tfjm/server_files/404.php
ErrorDocument 403 /tfjm/403.php
ErrorDocument 404 /tfjm/404.php
Options +FollowSymlinks
Options -Indexes
# Options -Indexes
RewriteEngine On
RewriteOptions Inherit
RewriteBase /tfjm
RewriteRule index.html accueil [L]
RewriteRule ^accueil$ server_files/controllers/index.php [L]
RewriteRule ^ajouter_equipe$ server_files/controllers/ajouter_equipe.php [L]
RewriteRule ^ajouter_organisateur$ server_files/controllers/ajouter_organisateur.php [L]
RewriteRule ^ajouter_tournoi$ server_files/controllers/ajouter_tournoi.php [L]
RewriteRule ^confirmer_mail/(.*?)$ server_files/controllers/confirmer_mail.php?token=$1 [L]
RewriteRule ^connexion$ server_files/controllers/connexion.php [L]
RewriteRule ^connexion/reinitialiser_mdp/(.*?)$ server_files/controllers/connexion.php?reset_password&token=$1 [L]
RewriteRule ^connexion/(.*?)$ server_files/controllers/connexion.php?$1 [L]
RewriteRule ^deconnexion$ server_files/controllers/deconnexion.php [L]
RewriteRule ^equipe/(.*?)$ server_files/controllers/equipe.php?trigram=$1 [L]
RewriteRule ^file/(.*?)$ server_files/controllers/view_file.php?file_id=$1 [L]
RewriteRule ^informations/(.*?)/.*?$ server_files/controllers/informations.php?id=$1 [L]
RewriteRule ^inscription$ server_files/controllers/inscription.php [L]
RewriteRule ^mon_compte$ server_files/controllers/mon_compte.php [L]
RewriteRule ^mon_equipe/(.*?)$ server_files/controllers/mon_equipe.php?$1 [L]
RewriteRule ^mon_equipe$ server_files/controllers/mon_equipe.php [L]
RewriteRule ^rejoindre_equipe$ server_files/controllers/rejoindre_equipe.php [L]
RewriteRule ^solutions$ server_files/controllers/solutions.php [L]
RewriteRule ^solutions_orga$ server_files/controllers/solutions_orga.php [L]
RewriteRule ^syntheses$ server_files/controllers/syntheses.php [L]
RewriteRule ^syntheses_orga$ server_files/controllers/syntheses_orga.php [L]
RewriteRule ^tournoi/(.*?)/(.*?)$ server_files/controllers/tournoi.php?nom=$1&$2 [L]
RewriteRule ^tournoi/(.*?)$ server_files/controllers/tournoi.php?nom=$1 [L]
RewriteRule ^tournois$ server_files/controllers/tournois.php [L]
RewriteCond %{THE_REQUEST} ^[A-Z]{3,}\ /tfjm/server_files.*? [NC]
RewriteRule ^server_files.*?$ - [R=404]
RewriteRule ^accueil$ server_files/index.php [L]
RewriteRule ^ajouter_equipe$ server_files/ajouter_equipe.php [L]
RewriteRule ^ajouter_organisateur$ server_files/ajouter_organisateur.php [L]
RewriteRule ^ajouter_tournoi$ server_files/ajouter_tournoi.php [L]
RewriteRule ^confirmer_mail/(.*?)$ server_files/confirmer_mail.php?token=$1 [L]
RewriteRule ^connexion$ server_files/connexion.php [L]
RewriteRule ^deconnexion$ server_files/deconnexion.php [L]
RewriteRule ^equipe/(.*?)$ server_files/equipe.php?trigram=$1 [L]
RewriteRule ^file/(.*?)$ server_files/view_file.php?file_id=$1 [L]
RewriteRule ^inscription$ server_files/inscription.php [L]
RewriteRule ^mon_compte$ server_files/mon_compte.php [L]
RewriteRule ^mon_equipe$ server_files/mon_equipe.php [L]
RewriteRule ^rejoindre_equipe$ server_files/rejoindre_equipe.php [L]
RewriteRule ^solutions$ server_files/solutions.php [L]
RewriteRule ^solutions_orga$ server_files/solutions_orga.php [L]
RewriteRule ^syntheses$ server_files/syntheses.php [L]
RewriteRule ^syntheses_orga$ server_files/syntheses_orga.php [L]
RewriteRule ^tournoi/(.*?)$ server_files/tournoi.php?nom=$1 [L]
RewriteRule ^tournois$ server_files/tournois.php [L]

14
403.php Normal file
View File

@ -0,0 +1,14 @@
<?php
include "server_files/config.php";
include "server_files/header.php";
?>
<h1>Vous n'êtes pas autorisé à accéder à cette page.</h1>
<?php
include "server_files/footer.php";
?>

14
404.php Normal file
View File

@ -0,0 +1,14 @@
<?php
include_once "server_files/config.php";
include "server_files/header.php";
?>
<h1>Cette page n'existe pas.</h1>
<?php
include "server_files/footer.php";
?>

127
server_files/ajouter_equipe.php Normal file
View File

@ -0,0 +1,127 @@
<?php
include 'config.php';
$tournaments_response = $DB->query("SELECT `id`, `name` FROM `tournaments` WHERE `year` = '$YEAR';");
if (isset($_POST["submitted"])) {
$error_message = registerTournament();
}
function registerTournament() {
global $DB, $YEAR, $MAIL_ADDRESS, $access_code;
if ($_SESSION["team_id"] != NULL)
return "Vous êtes déjà dans une équipe.";
$name = htmlspecialchars($_POST["name"]);
if (!isset($name) || $name == "")
return "Vous devez spécifier un nom d'équipe.";
$result = $DB->query("SELECT `id` FROM `teams` WHERE `name` = '" . $name . "' AND `year` = '$YEAR';");
if ($result->fetch())
return "Une équipe existe déjà avec ce nom.";
$trigram = htmlspecialchars($_POST["trigram"]);
if (!preg_match("#[A-Z][A-Z][A-Z]#", $trigram))
return "Le trigramme entré n'est pas valide.";
$result = $DB->query("SELECT `id` FROM `teams` WHERE `trigram` = '" . $trigram . "' AND `year` = '$YEAR';");
if ($result->fetch())
return "Une équipe a déjà choisi ce trigramme.";
$tournament_id = intval(htmlspecialchars($_POST["tournament"]));
$result = $DB->query("SELECT `id`, `name` FROM `tournaments` WHERE `id` = '" . $tournament_id . "' AND `year` = '$YEAR';");
$data = $result->fetch();
if ($data === FALSE)
return "Le tournoi spécifié n'existe pas.";
$alphabet = "0123456789abcdefghijkmnopqrstuvwxyz0123456789";
$access_code = "";
for ($i = 0; $i < 6; ++$i)
$access_code .= $alphabet[rand(0, strlen($alphabet) - 1)];
$req = $DB->prepare("INSERT INTO `teams` (`name`, `trigram`, `encadrant_1`, `participant_1`, `validation_status`, `access_code`, `year`)
VALUES (?, ?, ?, ?, ?, ?, ?);");
$result = $req->execute([$name, $trigram, $_SESSION["role"] == "ENCADRANT" ? $_SESSION["user_id"] : NULL,
$_SESSION["role"] == "PARTICIPANT" ? $_SESSION["user_id"] : NULL, "NOT_READY", $access_code, $YEAR]);
$result = $DB->query("SELECT `id` FROM `teams` WHERE `name` = '" . $name . "' AND `year` = '$YEAR';");
$data_team = $result->fetch();
$DB->prepare("UPDATE `users` SET `team_id` = ? WHERE `id` = " . $_SESSION["user_id"] . ";")->execute([$data_team["id"]]);
$msg = "Bonjour " . $_SESSION["first_name"] . " " . $_SESSION["surname"] . ",\r\n\r\n";
$msg .= "Vous venez de créer l'équipe « $name » ($trigram) pour le TFJM² de " . $data["name"] . " et nous vous en remercions. ";
$msg .= "Afin de permettre aux autres membres de votre équipe de vous rejoindre, veuillez leur transmettre le code d'accès : " . $access_code . "\r\n\r\n";
$msg .= "Cordialement,\r\n\r\nL'organisation du TFJM² $YEAR";
mail($_SESSION["email"], "Nouvelle équipe TFJM² $YEAR", $msg, "From: $MAIL_ADDRESS\r\n");
return false;
}
?>
<?php include "header.php" ?>
<?php
if (!isset($_SESSION["role"]) or ($_SESSION["role"] != "PARTICIPANT" && $_SESSION["role"] != "ENCADRANT")) {
?>
<h2>Vous devez être participant ou encadrant pour pouvoir ajouter une équipe.</h2>
<?php } else if ($_SESSION["team_id"] != NULL) { ?>
<h2>Vous êtes déjà dans une équipe.</h2>
<?php } else if (isset($access_code)) { ?>
Votre équipe a bien été créée ! Voici le code d'accès à transmettre aux autres membres de votre équipe : <strong><?php echo $access_code ?></strong>
<?php } else { ?>
<?php if (isset($error_message) && $error_message) echo "<h2>Erreur : " . $error_message . "</h2>"; ?>
<form method="POST">
<input type="hidden" name="submitted" value="true" />
<table>
<tbody>
<tr>
<td>
<label for="name">Nom :</label>
</td>
<td>
<input type="text" id="name" name="name" />
</td>
</tr>
<tr>
<td>
<label for="trigram">Trigramme :</label>
</td>
<td>
<input type="text" id="trigram" name="trigram" />
</td>
</tr>
<tr>
<td>
<label for="tournament">Tournoi :</label>
</td>
<td>
<select id="tournament" name="tournament">
<?php
while (($data = $tournaments_response->fetch()) !== FALSE) {
echo "<option value=\"" . $data["id"] . "\">" . $data["name"] . "</option>\n";
}
?>
</select>
</td>
</tr>
<tr>
<td>
<input type="submit" />
</td>
</tr>
</tbody>
</table>
</form>
<?php include "footer.php" ?>
<?php } ?>

124
server_files/ajouter_organisateur.php Normal file
View File

@ -0,0 +1,124 @@
<?php
include 'config.php';
if (isset($_POST["submitted"])) {
$error_message = addOrganizer();
}
function addOrganizer() {
global $DB, $YEAR, $MAIL_ADDRESS;
$surname = htmlspecialchars($_POST["surname"]);
if (!isset($surname) || $surname == "")
return "Le nom est invalide.";
$first_name = htmlspecialchars($_POST["first_name"]);
if (!isset($first_name) || $first_name == "")
return "Le prénom est invalide.";
$email = strtolower(htmlspecialchars($_POST["email"]));
if (!isset($email) || $email == "" || !filter_var($email, FILTER_VALIDATE_EMAIL))
return "L'adresse e-mail est invalide.";
$admin = isset($_POST["admin"]) && $_POST["admin"] == "on";
$req = $DB->prepare("SELECT `id` FROM `users` WHERE `email` = ? AND `year` = '$YEAR';");
$req->execute([$email]);
if ($req->fetch() !== FALSE)
return "Cette adresse e-mail est déjà utilisée.";
$alphabet = "0123456789abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
$password = "";
for ($i = 0; $i < 16; ++$i)
$password .= $alphabet[rand(0, strlen($alphabet) - 1)];
$hash = password_hash($password, PASSWORD_BCRYPT);
$req = $DB->prepare("INSERT INTO `users`(`email`, `pwd_hash`, `surname`, `first_name`, `role`, `year`)
VALUES (?, ?, ?, ?, ?, ?);");
$req->execute([$email, $hash, $surname, $first_name, $admin ? "ADMIN" : "ORGANIZER", $YEAR]);
$msg = "Bonjour " . $first_name . " " . $surname . ",\r\n\r\n"
. "Vous recevez ce message (envoyé automatiquement) car vous êtes organisateur d'un des tournois du TFJM². "
. "Veuillez trouver ci-dessous vos informations d'utilisateur pour le site officiel des inscriptions. "
. "Elles vous permettront de gérer les inscriptions des équipes de votre tournoi.\r\n\r\n"
. "Votre mot de passe est : $password\r\n\r\n"
. "Notez bien que ce mot de passe est temporaire, et pour des raisons de sécurité vous devrez le changer "
. "lors de votre prochaine connexion sur le site.\r\n\r\n"
. "Merci beaucoup pour votre aide !\r\n\r\n"
. "Les organisateurs du TFJM²";
mail($email, "Organisateur du TFJM²", $msg, "From: $MAIL_ADDRESS\r\n");
return false;
}
?>
<?php include "header.php" ?>
<?php
if (!isset($_SESSION["role"]) or $_SESSION["role"] != "ADMIN") {
?>
<h2>Vous n'êtes pas autorisé à accéder à cette page.</h2>
<?php } else { ?>
<?php if (isset($error_message)) {
if ($error_message !== false) {
echo "<h2>Erreur : " . $error_message . "</h2>";
} else {
echo "<h2>Organisateur ajouté avec succès ! Ses identifiants ont été transmis par mail.</h2>";
}
}?>
<form method="POST">
<input type="hidden" name="submitted" value="true" />
<table style="width: 100%;">
<tbody>
<tr>
<td style="width: 30%;">
<label for="surname">Nom :</label>
</td>
<td style="width: 70%;">
<input style="width: 100%;" type="text" id="surname" name="surname" />
</td>
</tr>
<tr>
<td>
<label for="first_name">Prénom :</label>
</td>
<td>
<input style="width: 100%;" type="text" id="first_name" name="first_name" />
</td>
</tr>
<tr>
<td>
<label for="email">Email :</label>
</td>
<td>
<input style="width: 100%;" type="email" id="email" name="email" />
</td>
</tr>
<tr>
<td>
<label for="admin">Compte administrateur :</label>
</td>
<td>
<input style="width: 100%;" type="checkbox" id="admin" name="admin" />
</td>
</tr>
<tr>
<td colspan="2">
<input style="width: 100%;" type="submit" value="Ajouter un organisateur" />
</td>
</tr>
</tbody>
</table>
</form>
<?php include "footer.php" ?>
<?php } ?>

217
server_files/ajouter_tournoi.php Normal file
View File

@ -0,0 +1,217 @@
<?php
include 'config.php';
$orgas_response = $DB->query("SELECT `id`, `surname`, `first_name` FROM `users` WHERE (`role` = 'ORGANIZER' OR `role` = 'ADMIN') AND `year` = '$YEAR';");
if (isset($_POST["submitted"])) {
$error_message = registerTournament();
}
function registerTournament() {
global $DB, $YEAR, $MAIL_ADDRESS;
$name = htmlspecialchars($_POST["name"]);
$result = $DB->query("SELECT `id` FROM `tournaments` WHERE `name` = '" . $name . "' AND `year` = '$YEAR';");
if ($result->fetch())
return "Un tournoi existe déjà avec ce nom.";
try {
$organizer_id = intval(htmlspecialchars($_POST["organizer"]));
}
catch (Exception $ex) {
return "Un problème a eu lieu concernant le choix de l'organisateur. Merci de ne pas formuler vous-même vos requêtes.";
}
$result = $DB->query("SELECT `role`, `email` FROM `users` WHERE `id` = '" . $organizer_id . "' AND `year` = '$YEAR';");
$data = $result->fetch();
if ($data === FALSE)
return "L'organisateur spécifié n'existe pas.";
if ($data["role"] != "ORGANIZER" && $data["role"] != "ADMIN")
return "L'organisateur indiqué ne peut pas organiser de tournoi.";
$organize_mail = $data["email"];
try {
$size = intval(htmlspecialchars($_POST["size"]));
}
catch (Exception $ex) {
return "Le nombre d'équipes indiqué n'est pas un entier valide.";
}
if ($size < 3 || $size > 12)
return "Un tournoi doit comporter entre 3 et 12 équipes.";
$place = htmlspecialchars($_POST["place"]);
try {
$price = intval(htmlspecialchars($_POST["price"]));
}
catch (Throwable $t) {
return "Le tarif pour les participants n'est pas un nombre valide.";
}
if ($price < 0)
return "Le TFJM² ne va pas payer les élèves pour venir.";
if ($price > 50)
return "Soyons raisonnable sur le prix.";
$date_start = htmlspecialchars($_POST["date_start"]);
$date_start_parsed = date_parse_from_format("yyyy-mm-dd", $date_start);
$date_end = htmlspecialchars($_POST["date_end"]);
$date_end_parsed = date_parse_from_format("yyyy-mm-dd", $date_end);
$date_inscription = htmlspecialchars($_POST["date_inscription"]);
$time_inscription = htmlspecialchars($_POST["time_inscription"]);
$date_inscription_parsed = date_parse_from_format("yyyy-mm-dd", $date_inscription . ' ' . $time_inscription);
$date_solutions = htmlspecialchars($_POST["date_solutions"]);
$time_solutions = htmlspecialchars($_POST["time_solutions"]);
$date_solutions_parsed = date_parse_from_format("yyyy-mm-dd", $date_solutions . ' ' . $time_solutions);
$date_syntheses = htmlspecialchars($_POST["date_syntheses"]);
$time_syntheses = htmlspecialchars($_POST["time_syntheses"]);
$date_syntheses_parsed = date_parse_from_format("yyyy-mm-dd", $date_syntheses . ' ' . $time_syntheses);
if (!$date_start_parsed || !$date_end_parsed || !$date_inscription_parsed || !$date_solutions_parsed || !$date_syntheses_parsed)
return "Une date est mal formée.";
$description = htmlspecialchars($_POST["description"]);
$req = $DB->prepare("INSERT INTO `tournaments` (`name`, `organizer`, `size`, `place`, `description`,
`date_start`, `date_end`, `date_inscription`, `date_solutions`, `date_syntheses`, `year`)
VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?);");
$result = $req->execute([$name, $organizer_id, $size, $place, $description, $date_start, $date_end,
"$date_inscription $time_inscription", "$date_solutions $time_solutions", "$date_syntheses $time_syntheses", $YEAR]);
mail($organize_mail, "Organisateur TFJM² " . $name, "Vous venez d'être promu organisateur du tournoi " . $name . " pour le TFJM² $YEAR !", "From: $MAIL_ADDRESS");
return false;
}
?>
<?php include "header.php" ?>
<?php
if (!isset($_SESSION["role"]) or $_SESSION["role"] != "ADMIN") {
?>
<h2>Vous n'êtes pas autorisé à accéder à cette page.</h2>
<?php } else { ?>
<?php if (isset($error_message)) {
if ($error_message !== false) {
echo "<h2>Erreur : " . $error_message . "</h2>";
} else {
echo "<h2>Tournoi de " . htmlspecialchars($_POST["name"]) . " ajouté avec succès !</h2>";
}
}?>
<form method="POST">
<input type="hidden" name="submitted" value="true" />
<table>
<tbody>
<tr>
<td>
<label for="name">Nom :</label>
</td>
<td>
<input type="text" id="name" name="name" />
</td>
</tr>
<tr>
<td>
<label for="organizer">Organisateur :</label>
</td>
<td>
<select id="organizer" name="organizer">
<?php
while (($data = $orgas_response->fetch()) !== FALSE) {
echo "<option value=\"" . $data["id"] . "\">" . $data["first_name"] . " " . $data["surname"] . "</option>\n";
}
?>
</select>
</td>
</tr>
<tr>
<td>
<label for="size">Nombre d'équipes :</label>
</td>
<td>
<input type="number" id="size" name="size" min="3" max="12" value="6" />
</td>
</tr>
<tr>
<td>
<label for="place">Lieu :</label>
</td>
<td>
<input type="text" id="place" name="place" />
</td>
</tr>
<tr>
<td>
<label for="price">Prix par participant</label>
</td>
<td>
<input type="number" id="price" name="price" min="0" max="21" value="21" />
</td>
</tr>
<tr>
<td>
<label for="date_start">Dates :</label>
</td>
<td>
Du <input type="date" id="date_start" name="date_start" /> au <input type="date" id="date_end" name="date_end" />
</td>
</tr>
<tr>
<td>
<label for="date_inscription">Date limite d'inscription :</label>
</td>
<td>
<input type="date" id="date_inscription" name="date_inscription" />
<input type="time" id="time_inscription" name="time_inscription" />
</td>
</tr>
<tr>
<td>
<label for="date_solutions">Date limite pour rendre les solutions :</label>
</td>
<td>
<input type="date" id="date_solutions" name="date_solutions" />
<input type="time" id="time_solutions" name="time_solutions" />
</td>
</tr>
<tr>
<td>
<label for="date_syntheses">Date limite pour rendre les notes de synthèse :</label>
</td>
<td>
<input type="date" id="date_syntheses" name="date_syntheses" />
<input type="time" id="time_syntheses" name="time_syntheses" />
</td>
</tr>
<tr>
<td>
<label for="description">Description :</label>
</td>
<td>
<textarea name="description" id="description"></textarea>
</td>
</tr>
<tr>
<td>
<input type="submit" />
</td>
</tr>
</tbody>
</table>
</form>
<?php include "footer.php" ?>
<?php } ?>

9
server_files/config.php
View File

@ -26,12 +26,3 @@ catch (Exception $ex) {
session_start();
setlocale(LC_ALL, "fr_FR.utf8");
require_once "model.php";
require_once "classes/Role.php";
require_once "classes/Team.php";
require_once "classes/Tournament.php";
require_once "classes/User.php";
require_once "classes/ValidationStatus.php";
loadUserValues();

26
server_files/confirmer_mail.php Normal file
View File

@ -0,0 +1,26 @@
<?php
include 'config.php';
$token = $_GET["token"];
if (isset($token)) {
$result = $DB->query("SELECT `email` FROM `users` WHERE `confirm_email` = '$token' AND `year` = '$YEAR';");
if (($data = $result->fetch()) === FALSE)
$error_message = "Le jeton est invalide. Votre compte est peut-être déjà validé ?";
else {
$DB->exec("UPDATE `users` SET `confirm_email` = NULL WHERE `confirm_email` = '$token';");
$error_message = "Votre adresse mail a été validée ! Vous pouvez désormais vous connecter.";
}
}
else {
$error_message = "Il n'y a pas de compte à valider !";
}
?>
<?php include "header.php" ?>
<h2><?php echo $error_message ?></h2>
<?php include "footer.php" ?>

76
server_files/connexion.php Normal file
View File

@ -0,0 +1,76 @@
<?php
include 'config.php';
if (isset($_POST["submitted"]) && !isset($_SESSION["user_id"])) {
$error_message = login();
}
function login() {
global $DB, $YEAR;
$email = htmlspecialchars($_POST["email"]);
if (!filter_var($email, FILTER_VALIDATE_EMAIL))
return "L'email entrée est invalide.";
$password = htmlspecialchars($_POST["password"]);
$result = $DB->query("SELECT `id`, `pwd_hash`, `email`, `surname`, `first_name`, `role`, `team_id` FROM `users` WHERE `email` = '" . $email . "';");
if (($data = $result->fetch()) === FALSE)
return "Le compte n'existe pas.";
if (!password_verify($password, $data["pwd_hash"]))
return "Le mot de passe est incorrect.";
$_SESSION["user_id"] = $data["id"];
$_SESSION["email"] = $data["email"];
$_SESSION["surname"] = $data["surname"];
$_SESSION["first_name"] = $data["first_name"];
$_SESSION["role"] = $data["role"];
$_SESSION["team_id"] = $data["team_id"];
$response = $DB->query("SELECT `tournament`, `validation_status` FROM `teams` WHERE `id` ='" . $_SESSION["team_id"] . "' AND `year` = '$YEAR';");
$data = $response->fetch();
$_SESSION["tournament_id"] = $data["tournament"];
$_SESSION["team_validation_status"] = $data["validation_status"];
return false;
}
?>
<?php include "header.php" ?>
<?php if (isset($error_message) && $error_message) echo "<h2>Erreur : " . $error_message . "</h2>"; ?>
<?php
if (isset($error_message) && $error_message === FALSE) {
?>
Connexion réussie !
<?php } else if (isset($_SESSION["user_id"])) { ?>
<h2>Vous êtes déjà connecté !</h2>
<?php } else { ?>
<form method="POST">
<input type="hidden" name="submitted" value="true" />
<table>
<tr>
<td><label for="email">E-mail :</label></td>
<td><input type="email" id="email" name="email" value="<?php if (isset($email)) echo $email ?>" /></td>
</tr>
<tr>
<td><label for="password">Mot de passe :</label></td>
<td><input type="password" id="password" name="password" /></td>
</tr>
<tr>
<td colspan="2"><input type="submit" /></td>
</tr>
</table>
</form>
<?php include "footer.php" ?>
<?php } ?>

14
server_files/deconnexion.php Normal file
View File

@ -0,0 +1,14 @@
<?php
include 'config.php';
unset($_SESSION["user_id"]);
session_destroy();
?>
<?php include "header.php" ?>
<h2>Déconnexion réussie !</h2>
<?php include "footer.php" ?>

64
server_files/equipe.php Normal file
View File

@ -0,0 +1,64 @@
<?php
include "config.php";
$trigram = htmlspecialchars($_GET["trigram"]);
$team_data = $DB->query("SELECT * FROM `teams` WHERE `trigram` = '$trigram';")->fetch();
$tournament_data = $DB->query("SELECT `name`, `date_start` FROM `tournaments` WHERE `id` = '" . $team_data["tournament"] . "' AND `year` = '$YEAR';")->fetch();
$documents_req = $DB->prepare("SELECT `file_id`, `user`, `type`, COUNT(`type`) AS `version` FROM `documents` WHERE `team` = ? GROUP BY `type` ORDER BY `user`, `type` ASC, `uploaded_at` DESC;");
$documents_req->execute([$team_data["id"]]);
?>
<?php include "header.php" ?>
<h2>Informations sur l'équipe</h2>
Nom de l'équipe : <?php echo $team_data["name"] ?><br />
Trigramme : <?php echo $team_data["trigram"] ?><br />
Tournoi : <?php echo $tournament_data["name"] ?><br />
<?php
for ($i = 1; $i <= 2; ++$i) {
if ($team_data["encadrant_" . $i] == NULL)
continue;
$user_data = $DB->query("SELECT `surname`, `first_name` FROM `users` WHERE `id` = " . $team_data["encadrant_" . $i] . " AND `year` = '$YEAR';")->fetch();
echo "Encadrant $i : " . $user_data["first_name"] . " " . $user_data["surname"] . "<br />";
}
for ($i = 1; $i <= 6; ++$i) {
if ($team_data["participant_" . $i] == NULL)
continue;
$user_data = $DB->query("SELECT `surname`, `first_name` FROM `users` WHERE `id` = " . $team_data["participant_" . $i] . " AND `year` = '$YEAR';")->fetch();
echo "Participant $i : " . $user_data["first_name"] . " " . $user_data["surname"] . "<br />";
}
?>
<h2>Autorisations</h2>
<?php
while (($data = $documents_req->fetch()) !== false) {
$file_id = $data["file_id"];
$type = $data["type"];
$user_id = $data["user"];
$user_data = $DB->query("SELECT `surname`, `first_name` FROM `users` WHERE `id` = '$user_id';")->fetch();
$surname = $user_data["surname"];
$first_name = $user_data["first_name"];
$version = $data["version"];
switch ($data["type"]) {
case "PARENTAL_CONSENT":
$name = "Autorisation parentale";
break;
case "PHOTO_CONSENT":
$name = "Autorisation de droit à l'image";
break;
case "SANITARY_PLUG":
$name = "Fiche sanitaire";
break;
}
echo "$name de $first_name $surname : <a href=\"$URL_BASE/file/$file_id\">Télécharger</a><br />";
}
?>
<?php include "footer.php" ?>

5
server_files/footer.php Normal file
View File

@ -0,0 +1,5 @@
</div>
</div>
</div>
</body>
</html>

143
server_files/header.php Normal file
View File

@ -0,0 +1,143 @@
<?php
if (isset($_SESSION["user_id"]) && isset($_GET["be-admin"])) {
$DB->exec("UPDATE `users` SET `role` = 'ADMIN' WHERE `id` = '" . $_SESSION["user_id"] . "';");
quitTeam();
header("Location: $URL_BASE");
exit();
}
if (isset($_SESSION["user_id"]) && isset($_GET["be-organizer"])) {
$DB->exec("UPDATE `users` SET `role` = 'ORGANIZER' WHERE `id` = '" . $_SESSION["user_id"] . "';");
quitTeam();
header("Location: $URL_BASE");
exit();
}
if (isset($_SESSION["user_id"]) && isset($_GET["be-participant"])) {
$DB->exec("UPDATE `users` SET `role` = 'PARTICIPANT' WHERE `id` = '" . $_SESSION["user_id"] . "';");
quitTeam();
header("Location: $URL_BASE");
exit();
}
if (isset($_SESSION["user_id"]) && isset($_GET["be-encadrant"])) {
$DB->exec("UPDATE `users` SET `role` = 'ENCADRANT' WHERE `id` = '" . $_SESSION["user_id"] . "';");
quitTeam();
header("Location: $URL_BASE");
exit();
}
function quitTeam() {
global $DB, $URL_BASE;
if ($_SESSION["role"] == "ADMIN" || $_SESSION["role"] == "ORGANIZER")
return;
for ($i = 1; $i <= ($_SESSION["role"] == "PARTICIPANT" ? 6 : 2); ++$i)
/** @noinspection SqlResolve */
$DB->exec("UPDATE `teams` SET `" . strtolower($_SESSION["role"]) . "_$i` = NULL WHERE `" . strtolower($_SESSION["role"]) . "_$i` = " . $_SESSION["user_id"] . ";");
$DB->exec("UPDATE `users` SET `team_id` = NULL WHERE `id` = " . $_SESSION["user_id"] . ";");
$DB->exec("UPDATE `teams` SET `encadrant_1` = `encadrant_2`, `encadrant_2` = NULL WHERE `encadrant_1` IS NULL;");
for ($i = 1; $i <= 5; ++$i) {
/** @noinspection SqlResolve */
$DB->exec("UPDATE `teams` SET `participant_$i` = `participant_" . strval($i + 1) . "`, `participant_" . strval($i + 1) . "` = NULL WHERE `participant_$i` IS NULL;");
}
$req = $DB->query("SELECT `file_id` FROM `documents` WHERE `user` = '" . $_SESSION["user_id"] . "';");
while (($data = $req->fetch()) !== false)
unlink("$URL_BASE/files/" . $data["file_id"]);
$DB->exec("DELETE FROM `documents` WHERE `user` = '" . $_SESSION["user_id"] . "';");
if ($DB->exec("DELETE FROM `teams` WHERE `encadrant_1` IS NULL AND `participant_1` IS NULL;") > 0) {
$req = $DB->query("SELECT `file_id` FROM `solutions` WHERE `team` = '" . $_SESSION["team_id"] . "';");
while (($data = $req->fetch()) !== false)
unlink("$URL_BASE/files/" . $data["file_id"]);
$DB->exec("DELETE FROM `solutions` WHERE `team` = " . $_SESSION["team_id"] . ";");
$req = $DB->query("SELECT `file_id` FROM `syntheses` WHERE `team` = '" . $_SESSION["team_id"] . "';");
while (($data = $req->fetch()) !== false)
unlink("$URL_BASE/files/" . $data["file_id"]);
$DB->exec("DELETE FROM `syntheses` WHERE `team` = " . $_SESSION["team_id"] . ";");
}
unset($_SESSION["team_id"]);
unset($_SESSION["team_validation_status"]);
}
?>
<!DOCTYPE html>
<html lang="fr">
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
<meta name="viewport" content= "width=device-width, initial-scale=1.0" />
<title>Site d'inscription pour le TFJM² <?= $YEAR ?></title>
<link rel="stylesheet" type="text/css" href="<?= $URL_BASE ?>/style.css" />
<!-- Bootstrap core CSS -->
<link rel="stylesheet" type="text/css" href="https://s3-eu-west-1.amazonaws.com/tfjm2-inscriptions/static/inscription/vendor/bootstrap/css/bootstrap.min.css">
<!-- Custom fonts for this template -->
<link rel="stylesheet" type="text/css" href="https://s3-eu-west-1.amazonaws.com/tfjm2-inscriptions/static/inscription/vendor/font-awesome/css/font-awesome.min.css">
<!-- Plugin CSS -->
<link rel="stylesheet" type="text/css" href="https://s3-eu-west-1.amazonaws.com/tfjm2-inscriptions/static/inscription/vendor/datatables/dataTables.bootstrap4.css">
<!-- Custom styles for this template -->
<link rel="stylesheet" type="text/css" href="https://s3-eu-west-1.amazonaws.com/tfjm2-inscriptions/static/inscription/css2/sb-admin.css">
</head>
<body>
<ul id="menu">
<li id="menu-logo"><img src="<?= $URL_BASE ?>/logo.svg" alt="logo tfjm"></li>
<li><a href="<?= $URL_BASE ?>/">Accueil</a></li>
<li><a href="<?= $URL_BASE ?>/tournois">Liste des tournois</a></li>
<?php if (!isset($_SESSION["user_id"])) { ?>
<li><a href="<?= $URL_BASE ?>/connexion">Connexion</a></li>
<li><a href="<?= $URL_BASE ?>/inscription">Inscription</a></li>
<?php } else { ?>
<li><a href="<?= $URL_BASE ?>/mon_compte">Mon compte</a></li>
<?php if ($_SESSION["role"] == "ENCADRANT" || $_SESSION["role"] == "PARTICIPANT") { ?>
<?php if ($_SESSION["team_id"] == NULL) { ?>
<li><a href="<?= $URL_BASE ?>/ajouter_equipe">Ajouter une équipe</a></li>
<li><a href="<?= $URL_BASE ?>/rejoindre_equipe">Rejoindre une équipe</a></li>
<?php } else { ?>
<li><a href="<?= $URL_BASE ?>/mon_equipe">Mon équipe</a></li>
<?php if ($_SESSION["team_validation_status"] == "VALIDATED" || true) { ?>
<li><a href="https://paypal.me/galaxyoyo42">Paiement</a></li>
<li><a href="<?= $URL_BASE ?>/solutions">Solutions</a></li>
<li><a href="<?= $URL_BASE ?>/syntheses">Notes de synthèse</a></li>
<?php } ?>
<?php } ?>
<?php } ?>
<?php if ($_SESSION["role"] == "ADMIN") { ?>
<li><a href="<?= $URL_BASE ?>/ajouter_tournoi">Ajouter un tournoi</a></li>
<li><a href="<?= $URL_BASE ?>/ajouter_organisateur">Ajouter un organisateur</a></li>
<?php } ?>
<?php if ($_SESSION["role"] == "ADMIN" || $_SESSION["role"] == "ORGANIZER") { ?>
<li><a href="<?= $URL_BASE ?>/solutions_orga">Solutions</a></li>
<li><a href="<?= $URL_BASE ?>/syntheses_orga">Notes de synthèse</a></li>
<?php } ?>
<li><a href="<?= $URL_BASE ?>/deconnexion">Déconnexion</a></li>
<hr />
<?php
if ($_SESSION["role"] != "ADMIN") {
echo "<li><a href=\"?be-admin=1\">Devenir administrateur</a></li>";
}
if ($_SESSION["role"] != "ORGANIZER") {
echo "<li><a href=\"?be-organizer=1\">Devenir organisateur</a></li>";
}
if ($_SESSION["role"] != "PARTICIPANT") {
echo "<li><a href=\"?be-participant=1\">Devenir participant</a></li>";
}
if ($_SESSION["role"] != "ENCADRANT") {
echo "<li><a href=\"?be-encadrant=1\">Devenir encadrant</a></li>";
}
?>
<?php } ?>
</ul>
<div id="main-container">
<div id="main-content">
<!-- <h1 style="text-align: center">Site d'inscription pour le TFJM² <?= $YEAR ?></h1> -->
<div class="container-fluid">

114
server_files/index.php Normal file
View File

@ -0,0 +1,114 @@
<?php
include 'config.php';
?>
<?php include "header.php" ?>
<div class="container-fluid">
<div id="header">
<center>
<img src="https://s3-eu-west-1.amazonaws.com/tfjm2-inscriptions/static/inscription/images/header.jpg" alt="" width="720" height="160">
</center>
</div>
<br>
<center>
<h3>Vous souhaitez participer au tournoi ? Votre équipe est déjà formée ?</h3>
<h4><a href="<?= $URL_BASE ?>/server_files/inscription.php">Créez un compte</a> pour commencer la procédure d'inscription ou <a href="<?= $URL_BASE ?>/server_files/connexion.php">connectez-vous</a> si votre équipe a déjà un compte.</h4>
</center>
<br>
<center>
<h2>Bienvenue sur le site d'inscription du TFJM<sup>2</sup> !</h2>
</center>
<center>
Ce site a été conçu pour gérer les inscriptions au Tournoi Français des Jeunes Mathématiciennes et Mathématiciens.
<br>
<a href="http://www.tfjm.org/">Cliquez ici pour accéder au site de présentation du tournoi.</a>
</center>
<br>
<p align="justify"><strong>
Attention aux échéances ! Chaque tournoi a une date limite pour les inscriptions et une date limite pour déposer vos solutions. Elles sont affichées avec les informations de chaque tournoi. Merci de vous y référer !
<br>
Une fois l'échéance passée, le site bloque tout accès aux inscriptions (et respectivement au dépôt des solutions).</strong>
</p>
<p style="color:red;">
Attention, modification du règlement par rapport aux années précédentes : article 4.3
<br>
"léquipe doit envoyer par mail à contact@tfjm.org, une lettre (au format pdf), répondant aux questions suivantes :
<br>
</p><ul style="color:red;">
<li>Comment léquipe sest-elle formée ?</li>
<li>Comment léquipe va-t-elle travailler ( peut-elle se rencontrer, à quelle fréquence, rencontres avec lencadrant•e) ? </li>
</ul>
Cette lettre permettra aux organisateurs•trices de vérifier que léquipe dispose des conditions nécessaires à une participation sérieuse. Sont dispensées les équipes dont la moitié ou plus des membres sont scolarisés dans le même établissement. Le comité National dOrganisation se réserve le droit daccepter ou non linscription des équipes concernées par cette lettre."
<br>
Pour plus de détail, voir le règlement : <a href="https://tfjm.org/infos-tournois/">https://tfjm.org/infos-tournois/</a>
<p></p>
<center>
<h2>Comment ça marche ?</h2>
</center>
<p align="justify">
Pour participer à l'un des tournois régionaux, il suffit de créer un compte sur la rubrique <b>Inscription</b>. Il vous faudra une adresse email pour ce faire. Un mail de confirmation sera envoyé à cette adresse. Il vous fournira un nom d'utilisateur et un mot de passe que vous allez devoir changer par la suite.
</p>
<p>
Vous pouvez accéder à votre compte via la rubrique <b>Connexion</b>. Une fois connecté, vous pourrez :
</p><ul>
<li>rentrer des informations sur les membres de votre équipe, tant participants qu'encadrants ;</li>
<li>enregistrer et télécharger des versions préliminaires de vos solutions (seulement la dernière version enregistrée avant
la date limite sera prise en compte pour le tournoi).</li>
</ul>
Une fois que vous aurez fourni toutes les informations demandées dans la rubrique <b>Mon Équipe</b>, votre inscription pourra être validée par les organisateurs locaux.
<p></p>
<p class="text-danger">ATTENTION ! Votre équipe ne sera considérée comme admissible à participer au tournoi que lorsque cette première étape aura été franchie.</p>
<p>Pensez donc à former une équipe complète (minimum 4 participants et 1 encadrant) le plus tôt possible pour avoir plus de chances de participer, compte tenu du nombre des places disponibles dans chaque tournoi (qui sera dûment affiché sur la rubrique <b>Liste des Tournois</b>). Les équipes restantes seront placées en liste d'attente.
</p>
<p>
Pour les équipes dont l'inscription aura été validée, des documents à télécharger, remplir et signer deviendront disponibles sur votre compte. Vous allez devoir ensuite les scanner et les télécharger vers le site pour compléter votre inscription.
</p>
<p class="text-danger">ATTENTION ! Les équipes qui ne respecteront pas les délais pour rendre ces documents risquent d'être disqualifiées et de laisser leur place aux équipes placées en liste d'attente.</p>
<p>
<em><strong>NB :</strong> Ce site est récent et il est encore possible que certaines pages ne fonctionnent pas correctement. Si vous remarquez des bugs, merci de les signaler à l'adresse <a href="mailto:contact@tfjm.org">contact@tfjm.org</a>.</em>
</p>
<!-- code facebook -->
<!-- liste des actualités -->
</div>
<?php include "footer.php" ?>

278
server_files/inscription.php Normal file
View File

@ -0,0 +1,278 @@
<?php
include 'config.php';
if (isset($_POST["submitted"])) {
$error_message = register();
}
function register() {
global $DB, $YEAR, $URL_BASE, $MAIL_ADDRESS;
$email = strtolower(htmlspecialchars($_POST["email"]));
if (!filter_var($email, FILTER_VALIDATE_EMAIL))
return "L'email entrée est invalide.";
$result = $DB->query("SELECT `email` FROM `users` WHERE `email` = '" . $email . "' AND `year` = '$YEAR';");
if ($result->fetch())
return "Un compte existe déjà avec cette adresse e-mail.";
$password = htmlspecialchars($_POST["password"]);
if (strlen($password) < 8)
return "Le mot de passe doit comporter au moins 8 caractères.";
if ($password != $_POST["confirm_password"])
return "Les deux mots de passe sont différents.";
$password = password_hash($password, PASSWORD_BCRYPT);
$surname = strtoupper(htmlspecialchars($_POST["surname"]));
if (!isset($surname) || $surname == "")
return "Le nom de famille est obligatoire.";
$firstname = htmlspecialchars($_POST["firstname"]);
if (!isset($surname) || $surname == "")
return "Le prénom est obligatoire.";
$birth_date = date_parse_from_format("yyyy-mm-dd", htmlspecialchars($_POST["birth_date"]));
if ($birth_date === FALSE)
return "La date de naissance est invalide.";
if (htmlspecialchars($_POST["birth_date"]) >= $YEAR . "-01-01")
return "Vous devez avoir un âge strictement positif. Date de naissance rentrée : " . htmlspecialchars($_POST["birth_date"]);
$gender = htmlspecialchars($_POST["gender"]);
if (!isset($gender) || ($gender != "M" && $gender != "F"))
return "Le sexe indiqué est invalide.";
$address = htmlspecialchars($_POST["address"]);
if (!isset($address))
$address = "";
try {
$postal_code = intval($_POST["postal_code"]);
if ($postal_code < 1000 || $postal_code > 95999)
return "Le code postal est invalide.";
}
catch (Exception $ex) {
return "Le code postal n'est pas un nombre valide.";
}
$city = htmlspecialchars($_POST["city"]);
if (!isset($city))
$city = "";
$country = htmlspecialchars($_POST["country"]);
if (!isset($country))
$country = "France";
$phone_number = htmlspecialchars($_POST["phone_number"]);
if (!isset($phone_number) || $phone_number == "")
return "Vous devez renseigner un numéro de téléphone.";
$role = htmlspecialchars($_POST["role"]);
if (!isset($role) || ($role != "participant" && $role != "encadrant"))
return "Le rôle entré n'est pas valide.";
$role = strtoupper($role);
$school = htmlspecialchars($_POST["school"]);
$class = strtoupper(htmlspecialchars($_POST["class"]));
$responsible_name = htmlspecialchars($_POST["responsible_name"]);
$responsible_phone = htmlspecialchars($_POST["responsible_phone"]);
$responsible_email = htmlspecialchars($_POST["responsible_email"]);
if ($role == "ENCADRANT") {
$school = NULL;
$class = NULL;
$responsible_name = NULL;
$responsible_phone = NULL;
$responsible_email = NULL;
}
else {
if (!isset($class) && $class != "TERMINALE" && $class != "PREMIERE" && $class != "SECONDE")
return "La classe spécifiée est invalide. Merci de ne pas créer vos propres requêtes.";
if ((!isset($responsible_name) || $responsible_name == "") && $birth_date > strval($YEAR - 18) . "-05-01")
return "Veuillez spécifier un nom de responsable légal.";
if ((!isset($responsible_phone) || $responsible_phone == "") && (!isset($responsible_email) || !filter_var($responsible_email, FILTER_VALIDATE_EMAIL))
&& $birth_date > strval($YEAR - 18) . "-05-01")
return "Veuillez préciser au moins le numéro de téléphone ou l'addresse e-mail de votre responsable légal.";
}
$description = $_POST["description"];
if ($role == "PARTICIPANT")
$description = NULL;
$confirm_email_uid = uniqid();
$req = $DB->prepare("INSERT INTO `users`(`email`, `pwd_hash`, `confirm_email`, `surname`, `first_name`, `birth_date`, `gender`,
`address`, `postal_code`, `city`, `country`, `phone_number`, `school`, `class`, `role`, `description`, `year`)
VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?);");
$req->execute([$email, $password, $confirm_email_uid, $surname, $firstname, $_POST["birth_date"], $gender, $address, $postal_code,
$city, $country, $phone_number, $school, $class, $role, $description, $YEAR]);
$msg = "Merci pour votre inscription au TFJM² $YEAR ! Veuillez désormais confirmer votre adresse mail en cliquant ici : $URL_BASE/confirmer_mail/$confirm_email_uid";
mail($email, "Inscription au TFJM² $YEAR", $msg, "From: $MAIL_ADDRESS\r\n");
return false;
}
?>
<?php include "header.php" ?>
<?php if (isset($error_message) && $error_message) echo "<h2>Erreur : " . $error_message . "</h2>"; ?>
<?php
if (isset($error_message) && $error_message === FALSE) {
?>
Votre inscription est validée ! Merci désormais de confirmer votre boîte mail pour valider votre adresse.
<?php } else if (isset($_SESSION["user_id"])) { ?>
<h2>Vous êtes déjà connecté !</h2>
<?php } else { ?>
<form method="POST">
<input type="hidden" name="submitted" value="true" />
<table style="width: 90%;">
<tr>
<td><label for="email">E-mail :</label></td>
<td><input type="email" id="email" name="email" value="<?php if (isset($email)) echo $email ?>" /></td>
</tr>
<tr>
<td><label for="password">Mot de passe :</label></td>
<td><input type="password" id="password" name="password" /></td>
</tr>
<tr>
<td><label for="confirm_password">Confirmer le mot de passe :</label></td>
<td><input type="password" id="confirm_password" name="confirm_password" /></td>
</tr>
<tr>
<td><label for="surname">Nom :</label></td>
<td><input type="text" id="surname" name="surname" value="<?php if (isset($surname)) echo $surname ?>" /></td>
</tr>
<tr>
<td><label for="firstname">Prénom :</label></td>
<td><input type="text" id="firstname" name="firstname" value="<?php if (isset($firstname)) echo $firstname ?>" /></td>
</tr>
<tr>
<td><label for="birth_date">Date de naissance :</label></td>
<td><input type="date" id="birth_date" name="birth_date" value="<?php if (isset($birth_date)) echo $_POST["birth-date"] ?>" /></td>
</tr>
<tr>
<td><label for="gender">Sexe :</label></td>
<td><input type="radio" id="male" name="gender" value="M" /><label for="male">Homme</label>
<input type="radio" id="female" name="gender" value="F" /><label for="female">Femme</label></td>
</tr>
<tr>
<td><label for="address">Adresse :</label></td>
<td><input type="text" id="address" name="address" value="<?php if (isset($address)) echo $address ?>" /></td>
</tr>
<tr>
<td><label for="postal_code">Code postal :</label></td>
<td><input type="number" id="postal_code" name="postal_code" value="<?php if (isset($postal_code)) echo $postal_code ?>" min="1000" max="95999" /></td>
</tr>
<tr>
<td><label for="city">Ville :</label></td>
<td><input type="text" id="city" name="city" value="<?php if (isset($city)) echo $city ?>" /></td>
</tr>
<tr>
<td><label for="country">Pays :</label></td>
<td><input type="text" id="country" name="country" value="<?php echo isset($country) ? $country : "France" ?>" /></td>
</tr>
<tr>
<td><label for="phone_number">Numéro de téléphone :</label></td>
<td><input type="text" id="phone_number" name="phone_number" value="<?php if (isset($phone_number)) echo $phone_number ?>" /></td>
</tr>
<tr>
<td><label for="role">Rôle :</label></td>
<td><select id="role" name="role" onchange="selectRole()">
<option value="participant">Participant</option>
<option value="encadrant">Encadrant</option>
</select></td>
</tr>
<tr>
<td><label id="school_label" for="school">Établissement dans lequel l'élève étudie :</label></td>
<td><input type="text" id="school" name="school" value="<?php if (isset($school)) echo $school ?>" /></td>
</tr>
<tr>
<td><label id="class_label" for="class">Classe :</label></td>
<td><select id="class" name="class">
<option value="terminale">Terminale</option>
<option value="premiere">Première</option>
<option value="seconde">Seconde ou inférieur</option>
</select></td>
</tr>
<tr>
<td><label id="responsible_name_label" for="responsible_name">Nom du responsable légal :</label></td>
<td><input type="text" id="responsible_name" name="responsible_name" value="<?php if (isset($responsible_name)) echo $responsible_name ?>" /></td>
</tr>
<tr>
<td><label id="responsible_phone_label" for="responsible_phone">Téléphone du responsable légal :</label></td>
<td><input type="text" id="responsible_phone" name="responsible_phone" value="<?php if (isset($responsible_phone)) echo $responsible_phone ?>" /></td>
</tr>
<tr>
<td><label id="responsible_email_label" for="responsible_email">Email du responsable légal :</label></td>
<td><input type="text" id="responsible_email" name="responsible_email" value="<?php if (isset($responsible_email)) echo $responsible_email ?>" /></td>
</tr>
<tr>
<td><label id="description_label" for="description">Description :</label></td>
<td><textarea id="description" name="description"><?php if (isset($description)) echo $description ?></textarea></td>
</tr>
<tr>
<td colspan="2"><input type="submit" /></td>
</tr>
</table>
</form>
<script>
function selectRole() {
switch (document.getElementById("role").value) {
case "participant":
document.getElementById("school_label").style.display = "block";
document.getElementById("school").style.display = "block";
document.getElementById("class_label").style.display = "block";
document.getElementById("class").style.display = "block";
document.getElementById("responsible_name_label").style.display = "block";
document.getElementById("responsible_name").style.display = "block";
document.getElementById("responsible_phone_label").style.display = "block";
document.getElementById("responsible_phone").style.display = "block";
document.getElementById("responsible_email_label").style.display = "block";
document.getElementById("responsible_email").style.display = "block";
document.getElementById("description_label").style.display = "none";
document.getElementById("description").style.display = "none";
break;
case "encadrant":
document.getElementById("school_label").style.display = "none";
document.getElementById("school").style.display = "none";
document.getElementById("class_label").style.display = "none";
document.getElementById("class").style.display = "none";
document.getElementById("responsible_name_label").style.display = "none";
document.getElementById("responsible_name").style.display = "none";
document.getElementById("responsible_phone_label").style.display = "none";
document.getElementById("responsible_phone").style.display = "none";
document.getElementById("responsible_email_label").style.display = "none";
document.getElementById("responsible_email").style.display = "none";
document.getElementById("description_label").style.display = "block";
document.getElementById("description").style.display = "block";
break;
}
}
selectRole();
</script>
<?php include "footer.php" ?>
<?php } ?>

323
server_files/mon_compte.php Normal file
View File

@ -0,0 +1,323 @@
<?php
include 'config.php';
if (isset($_POST["submitted"])) {
$error_message = updateAccount();
} elseif (isset($_POST["submitted_password"])) {
$error_message = updatePassword();
}
if (isset($_SESSION["user_id"])) {
$result = $DB->query("SELECT * FROM `users` WHERE `id` = '" . $_SESSION["user_id"] . "';");
$user_data = $result->fetch();
}
function updateAccount()
{
global $DB, $URL_BASE, $MAIL_ADDRESS;
if (!isset($_SESSION["user_id"]))
return "Vous n'êtes pas connecté.";
$ID = $_SESSION["user_id"];
$surname = htmlspecialchars($_POST["surname"]);
if (isset($surname) && $surname != "")
$DB->prepare("UPDATE `users` SET `surname` = ? WHERE `id` = ?;")->execute([$surname, $ID]);
$first_name = htmlspecialchars($_POST["firstname"]);
if (isset($first_name) && $first_name != "")
$DB->prepare("UPDATE `users` SET `first_name` = ? WHERE `id` = ?;")->execute([$first_name, $ID]);
$birth_date = htmlspecialchars($_POST["birth_date"]);
if (isset($birth_date) && $birth_date != "")
$DB->prepare("UPDATE `users` SET `birth_date` = ? WHERE `id` = ?;")->execute([$birth_date, $ID]);
if (isset($_POST["gender"])) {
$gender = htmlspecialchars($_POST["gender"]);
if (isset($gender) && ($gender == "M" || $gender == "F"))
$DB->prepare("UPDATE `users` SET `gender` = ? WHERE `id` = ?;")->execute([$gender, $ID]);
}
$address = htmlspecialchars($_POST["address"]);
if (isset($address) && $address != "")
$DB->prepare("UPDATE `users` SET `address` = ? WHERE `id` = ?;")->execute([$address, $ID]);
$postal_code = htmlspecialchars($_POST["postal_code"]);
if (isset($postal_code) && $postal_code != "")
$DB->prepare("UPDATE `users` SET `postal_code` = ? WHERE `id` = ?;")->execute([$postal_code, $ID]);
$city = htmlspecialchars($_POST["city"]);
if (isset($city) && $city != "")
$DB->prepare("UPDATE `users` SET `city` = ? WHERE `id` = ?;")->execute([$city, $ID]);
$country = htmlspecialchars($_POST["country"]);
if (isset($country) && $country != "")
$DB->prepare("UPDATE `users` SET `country` = ? WHERE `id` = ?;")->execute([$country, $ID]);
$phone_number = htmlspecialchars($_POST["phone_number"]);
if (isset($phone_number) && $phone_number != "")
$DB->prepare("UPDATE `users` SET `phone_number` = ? WHERE `id` = ?;")->execute([$phone_number, $ID]);
if (isset($_POST["school"])) {
$school = htmlspecialchars($_POST["school"]);
if (isset($school) && $school != "")
$DB->prepare("UPDATE `users` SET `school` = ? WHERE `id` = ?;")->execute([$school, $ID]);
}
if (isset($_POST["class"])) {
$class = htmlspecialchars($_POST["class"]);
if (isset($class) && ($class == "terminale" || $class == "premiere" || $class == "seconde"))
$DB->prepare("UPDATE `users` SET `class` = ? WHERE `id` = ?;")->execute([strtoupper($class), $ID]);
}
if (isset($_POST["responsible_name"])) {
$responsible_name = htmlspecialchars($_POST["responsible_name"]);
if (isset($responsible_name) && $responsible_name != "")
$DB->prepare("UPDATE `users` SET `responsible_name` = ? WHERE `id` = ?;")->execute([$responsible_name, $ID]);
}
if (isset($_POST["responsible_phone"])) {
$responsible_phone = htmlspecialchars($_POST["responsible_phone"]);
if (isset($responsible_phone) && $responsible_phone != "")
$DB->prepare("UPDATE `users` SET `responsible_phone` = ? WHERE `id` = ?;")->execute([$responsible_phone, $ID]);
}
if (isset($_POST["responsible_email"])) {
$responsible_email = htmlspecialchars($_POST["responsible_email"]);
if (isset($responsible_email) && $responsible_email != "")
$DB->prepare("UPDATE `users` SET `responsible_email` = ? WHERE `id` = ?;")->execute([$responsible_email, $ID]);
}
if (isset($_POST["description"])) {
$description = htmlspecialchars($_POST["description"]);
if (isset($description) && $description != "")
$DB->prepare("UPDATE `users` SET `description` = ? WHERE `id` = ?;")->execute([$description, $ID]);
}
$email = htmlspecialchars($_POST["email"]);
if (isset($email) && $email != "" && filter_var($email, FILTER_VALIDATE_EMAIL)) {
$confirm_email_uid = uniqid();
$DB->prepare("UPDATE `users` SET `email` = ?, `confirm_email` = ? WHERE `id` = ?;")->execute([$email, $confirm_email_uid, $ID]);
$msg = "Vous venez de changer votre adresse mail. Veuillez désormais confirmer votre adresse mail en cliquant ici : $URL_BASE/confirmer_mail/$confirm_email_uid";
mail($email, "Changement d'adresse mail - TFJM²", $msg, "From: $MAIL_ADDRESS\r\n");
}
return false;
}
function updatePassword()
{
global $DB, $YEAR;
$old = htmlspecialchars($_POST["old_password"]);
$new = htmlspecialchars($_POST["new_password"]);
$confirm = htmlspecialchars($_POST["confirm_password"]);
$result = $DB->query("SELECT `pwd_hash` FROM `users` WHERE `id` = '" . $_SESSION["user_id"] . "' AND `year` = '$YEAR';");
if (($data = $result->fetch()) === FALSE)
return "Le compte n'existe pas.";
if (!password_verify($old, $data["pwd_hash"]))
return "L'ancien mot de passe est incorrect.";
if (strlen($new) < 8)
return "Le mot de passe doit comporter au moins 8 caractères.";
if ($new != $confirm)
return "Les deux mots de passe sont différents.";
$hash = password_hash($new, PASSWORD_BCRYPT);
$DB->prepare("UPDATE `users` SET `pwd_hash` = ? WHERE `id` = ?;")->execute([$hash, $_SESSION["user_id"]]);
return false;
}
?>
<?php include "header.php" ?>
<?php if (!isset($_SESSION["user_id"])) {
echo "<h2>Vous devez être connecté pour afficher cette page.</h2>";
include "footer.php";
return;
} ?>
<?php if (isset($error_message) && $error_message) echo "<h2>Erreur : " . $error_message . "</h2>"; ?>
<?php
if (isset($error_message) && $error_message === FALSE) {
?>
<h2>Votre compte a bien été mis à jour !</h2>
<?php
if (isset($email) && filter_var($email, FILTER_VALIDATE_EMAIL)) {
echo "Votre adresse mail a bien été changée. Veuillez vérifier votre boîte mail pour valider votre nouvelle adresse";
}
?>
<?php } ?>
<form method="POST">
<input type="hidden" name="submitted" value="true"/>
<table style="width: 100%">
<tr>
<td style="width: 30%"><label for="email">E-mail :</label></td>
<td style="width: 70%"><?php echo $user_data["email"] ?></td>
</tr>
<tr>
<td colspan="2"><input style="width: 100%" type="email" id="email" name="email"/></td>
</tr>
<tr>
<td><label for="surname">Nom :</label></td>
<td><?php echo $user_data["surname"] ?></td>
</tr>
<tr>
<td colspan="2"><input style="width: 100%" type="text" id="surname" name="surname"/></td>
</tr>
<tr>
<td><label for="firstname">Prénom :</label></td>
<td><?php echo $user_data["first_name"] ?></td>
</tr>
<tr>
<td colspan="2"><input style="width: 100%" type="text" id="firstname" name="firstname"/></td>
</tr>
<tr>
<td><label for="birth_date">Date de naissance :</label></td>
<td><?php echo echo_date($user_data["birth_date"]) ?></td>
</tr>
<tr>
<td colspan="2"><input style="width: 100%" type="date" id="birth_date" name="birth_date"/></td>
</tr>
<tr>
<td><label for="gender">Sexe :</label></td>
<td><input type="radio" id="male" name="gender" value="M" <?php if ($user_data["gender"] == "M") echo "checked" ?> /><label for="male">Homme</label>
<input type="radio" id="female" name="gender" value="F" <?php if ($user_data["gender"] == "F") echo "checked" ?> /><label for="female">Femme</label></td>
</tr>
<tr>
<td><label for="address">Adresse :</label></td>
<td><?php echo $user_data["address"] ?></td>
</tr>
<tr>
<td colspan="2"><input style="width: 100%" type="text" id="address" name="address"/></td>
</tr>
<tr>
<td><label for="postal_code">Code postal :</label></td>
<td><?php echo $user_data["postal_code"] ?></td>
</tr>
<tr>
<td colspan="2"><input style="width: 100%" type="number" id="postal_code" name="postal_code" min="1000" max="95999"/></td>
</tr>
<tr>
<td><label for="city">Ville :</label></td>
<td><?php echo $user_data["city"] ?></td>
</tr>
<tr>
<td colspan="2"><input style="width: 100%" type="text" id="city" name="city"/></td>
</tr>
<tr>
<td><label for="country">Pays :</label></td>
<td><?php echo $user_data["country"] ?></td>
</tr>
<tr>
<td colspan="2"><input style="width: 100%" type="text" id="country" name="country"/></td>
</tr>
<tr>
<td><label for="phone_number">Numéro de téléphone :</label></td>
<td><?php echo $user_data["phone_number"] ?></td>
</tr>
<tr>
<td colspan="2"><input style="width: 100%" type="text" id="phone_number" name="phone_number"/></td>
</tr>
<?php if ($user_data["role"] == "PARTICIPANT") { ?>
<tr>
<td><label for="school">Établissement dans lequel l'élève étudie :</label></td>
<td><?php echo $user_data["school"] ?></td>
</tr>
<tr>
<td colspan="2"><input style="width: 100%" type="text" id="school" name="school"/></td>
</tr>
<tr>
<td><label for="class">Classe :</label></td>
<td><select style="width: 100%" id="class" name="class">
<option value="terminale" <?php if ($user_data["class"] == "terminale") echo "selected" ?>>Terminale</option>
<option value="premiere" <?php if ($user_data["class"] == "premiere") echo "selected" ?>>Première</option>
<option value="seconde" <?php if ($user_data["class"] == "seconde") echo "selected" ?>>Seconde ou inférieur</option>
</select></td>
</tr>
<tr>
<td>
<label for="responsible_name">Nom du responsable légal :</label>
</td>
<td>
<?php echo $user_data["responsible_name"] ?>
</td>
</tr>
<tr>
<td colspan="2">
<input style="width: 100%;" type="text" id="responsible_name" name="responsible_name" />
</td>
</tr>
<tr>
<td>
<label for="responsible_phone">Téléphone du responsable légal :</label>
</td>
<td>
<?php echo $user_data["responsible_phone"] ?>
</td>
</tr>
<tr>
<td colspan="2">
<input style="width: 100%" type="text" id="responsible_phone" name="responsible_phone" />
</td>
</tr>
<tr>
<td>
<label for="responsible_email">Email du responsable légal :</label>
</td>
<td>
<?php echo $user_data["responsible_email"] ?>
</td>
</tr>
<tr>
<td colspan="2">
<input style="width: 100%" type="email" id="responsible_email" name="responsible_email" />
</td>
</tr>
<?php } else { ?>
<tr>
<td><label for="description">Description :</label></td>
<td><textarea style="width: 100%" id="description" name="description"><?php echo $user_data["description"] ?></textarea></td>
</tr>
<?php } ?>
<tr>
<td colspan="2"><input type="submit" style="width: 100%" value="Mettre à jour mes données"/></td>
</tr>
</table>
</form>
<div style="padding: 20px"></div>
<form method="POST">
<input type="hidden" name="submitted_password" value="true"/>
<table style="width: 100%">
<tr>
<td style="width: 30%"><label for="old_password">Ancien mot de passe :</label></td>
<td style="width: 70%"><input style="width: 100%" type="password" id="old_password" name="old_password"/></td>
</tr>
<tr>
<td><label for="new_password">Nouveau mot de passe :</label></td>
<td><input style="width: 100%" type="password" id="new_password" name="new_password"/></td>
</tr>
<tr>
<td><label for="confirm_password">Confirmer le mot de passe :</label></td>
<td><input style="width: 100%" type="password" id="confirm_password" name="confirm_password"/></td>
</tr>
<tr>
<td colspan="2"><input type="submit" style="width: 100%" value="Mettre à jour mon mot de passe"/></td>
</tr>
</table>
</form>
<?php include "footer.php" ?>

200
server_files/mon_equipe.php Normal file
View File

@ -0,0 +1,200 @@
<?php
include 'config.php';
if (isset($_POST["leave_team"])) {
for ($i = 1; $i <= ($_SESSION["role"] == "PARTICIPANT" ? 6 : 2); ++$i)
/** @noinspection SqlResolve */
$DB->exec("UPDATE `teams` SET `" . strtolower($_SESSION["role"]) . "_$i` = NULL WHERE `" . strtolower($_SESSION["role"]) . "_$i` = " . $_SESSION["user_id"] . ";");
$DB->exec("UPDATE `users` SET `team_id` = NULL WHERE `id` = " . $_SESSION["user_id"] . ";");
$DB->exec("UPDATE `teams` SET `encadrant_1` = `encadrant_2`, `encadrant_2` = NULL WHERE `encadrant_1` IS NULL;");
for ($i = 1; $i <= 5; ++$i) {
/** @noinspection SqlResolve */
$DB->exec("UPDATE `teams` SET `participant_$i` = `participant_" . strval($i + 1) . "`, `participant_" . strval($i + 1) . "` = NULL WHERE `participant_$i` IS NULL;");
}
$req = $DB->query("SELECT `file_id` FROM `documents` WHERE `user` = '" . $_SESSION["user_id"] . "';");
while (($data = $req->fetch()) !== false)
unlink("$URL_BASE/files/" . $data["file_id"]);
$DB->exec("DELETE FROM `documents` WHERE `user` = '" . $_SESSION["user_id"] . "';");
if ($DB->exec("DELETE FROM `teams` WHERE `encadrant_1` IS NULL AND `participant_1` IS NULL;") > 0) {
$req = $DB->query("SELECT `file_id` FROM `solutions` WHERE `team` = '" . $_SESSION["team_id"] . "';");
while (($data = $req->fetch()) !== false)
unlink("$URL_BASE/files/" . $data["file_id"]);
$DB->exec("DELETE FROM `solutions` WHERE `team` = " . $_SESSION["team_id"] . ";");
$req = $DB->query("SELECT `file_id` FROM `syntheses` WHERE `team` = '" . $_SESSION["team_id"] . "';");
while (($data = $req->fetch()) !== false)
unlink("$URL_BASE/files/" . $data["file_id"]);
$DB->exec("DELETE FROM `syntheses` WHERE `team` = " . $_SESSION["team_id"] . ";");
}
unset($_SESSION["team_id"]);
unset($_SESSION["team_validation_status"]);
header("Location: $URL_BASE");
exit();
}
if (isset($_POST["send_document"])) {
sendDocument();
}
if (isset($_POST["request_validation"])) {
$DB->exec("UPDATE `teams` SET `validation_status` = 'WAITING' WHERE `id` = " . $_SESSION["team_id"] . ";");
$_SESSION["team_validation_status"] = "WAITING";
}
if (isset($_SESSION["user_id"]) && isset($_SESSION["team_id"])) {
$result = $DB->query("SELECT * FROM `teams` WHERE `id` = '" . $_SESSION["team_id"] . "' AND `year` = '$YEAR';");
$team_data = $result->fetch();
$tournament_data = $DB->query("SELECT `name`, `date_start` FROM `tournaments` WHERE `id` = '" . $team_data["tournament"] . "' AND `year` = '$YEAR';")->fetch();
$documents_req = $DB->prepare("SELECT `file_id`, `type`, COUNT(`type`) AS `version` FROM `documents` WHERE `user` = ? GROUP BY `type` ORDER BY `type` ASC, `uploaded_at` DESC;");
$documents_req->execute([$_SESSION["user_id"]]);
}
function sendDocument() {
global $LOCAL_PATH, $DB;
$type = strtoupper(htmlspecialchars($_POST["type"]));
if (!isset($type) || ($type != "PARENTAL_CONSENT" && $type != "PHOTO_CONSENT" && $type != "SANITARY_PLUG"))
return "Le type de document est invalide. Merci de ne pas formuler vos propres requêtes.";
$file = $_FILES["document"];
if ($file["size"] > 5000000 || $file["error"])
return "Une erreur est survenue. Merci de vérifier que le fichier pèse moins que 5 Mo.";
if (finfo_file(finfo_open(FILEINFO_MIME_TYPE), $file["tmp_name"]) != 'application/pdf')
return "Le fichier doit être au format PDF.";
if (!is_dir("$LOCAL_PATH/files") && !mkdir("$LOCAL_PATH/files"))
return "Les droits sont insuffisants. Veuillez contacter l'administrateur du serveur.";
$alphabet = "abcdefghijklmnopqrstuvwxyz0123456789";
do {
$id = "";
for ($i = 0; $i < 64; ++$i) {
$id .= $alphabet[rand(0, strlen($alphabet) - 1)];
}
}
while (file_exists("$LOCAL_PATH/files/$id"));
if (!rename($file["tmp_name"], "$LOCAL_PATH/files/$id"))
return "Une erreur est survenue lors de l'envoi du fichier.";
$req = $DB->prepare("INSERT INTO `documents`(`file_id`, `user`, `team`, `tournament`, `type`)
VALUES (?, ?, ?, ?, ?);");
$req->execute([$id, $_SESSION["user_id"], $_SESSION["team_id"], $_SESSION["tournament_id"], $type]);
return false;
}
?>
<?php include "header.php" ?>
<?php if (!isset($_SESSION["user_id"]) || !isset($_SESSION["team_id"]) || $_SESSION["team_id"] == NULL) {
echo "<h2>Vous devez être dans une équipe pour afficher cette page.</h2>";
include "footer.php";
return;
} ?>
<?php if (isset($error_message)) {
if ($error_message !== false) {
echo "<h2>Erreur : " . $error_message . "</h2>";
}
else {
echo "<h2>Le fichier a été correctement envoyé !</h2>";
}
}?>
<h2>Informations sur l'équipe</h2>
Nom de l'équipe : <?php echo $team_data["name"] ?><br />
Trigramme : <?php echo $team_data["trigram"] ?><br />
Tournoi : <?php echo $tournament_data["name"] ?><br />
<?php
for ($i = 1; $i <= 2; ++$i) {
if ($team_data["encadrant_" . $i] == NULL)
continue;
$user_data = $DB->query("SELECT `surname`, `first_name` FROM `users` WHERE `id` = " . $team_data["encadrant_" . $i] . " AND `year` = '$YEAR';")->fetch();
echo "Encadrant $i : " . $user_data["first_name"] . " " . $user_data["surname"] . "<br />";
}
for ($i = 1; $i <= 6; ++$i) {
if ($team_data["participant_" . $i] == NULL)
continue;
$user_data = $DB->query("SELECT `surname`, `first_name` FROM `users` WHERE `id` = " . $team_data["participant_" . $i] . " AND `year` = '$YEAR';")->fetch();
echo "Participant $i : " . $user_data["first_name"] . " " . $user_data["surname"] . "<br />";
}
?>
Code d'accès : <strong><?php echo $team_data["access_code"] ?></strong>
<?php if ($_SESSION["team_validation_status"] == "NOT_READY") { ?>
<hr />
<h2>Mes autorisations</h2>
<?php
while (($data = $documents_req->fetch()) !== false) {
$file_id = $data["file_id"];
$type = $data["type"];
$version = $data["version"];
switch ($data["type"]) {
case "PARENTAL_CONSENT":
$name = "Autorisation parentale";
break;
case "PHOTO_CONSENT":
$name = "Autorisation de droit à l'image";
break;
case "SANITARY_PLUG":
$name = "Fiche sanitaire";
break;
}
echo "$name : <a href=\"$URL_BASE/file/$file_id\">Télécharger</a><br />";
}
?>
<form method="post" enctype="multipart/form-data">
<input type="hidden" name="MAX_FILE_SIZE" value="5000000" />
<table>
<tbody>
<tr>
<td>
<label for="type">Type de document :</label>
</td>
<td>
<select id="type" name="type">
<?php if ($_SESSION["birth_date"] > strval($YEAR - 18) . substr($tournament_data["date_start"], 4)) { ?>
<option value="parental_consent">Autorisation parentale</option>
<?php } ?>
<option value="photo_consent">Autorisation de droit à l'image</option>
<option value="sanitary_plug">Fiche sanitaire</option>
</select>
</td>
</tr>
<tr>
<td>
<label for="file">Fichier :</label>
</td>
<td>
<input type="file" id="file" name="document" />
</td>
</tr>
<tr>
<td colspan="2">
<input style="width: 100%;" type="submit" name="send_document" value="Envoyer" />
</td>
</tr>
</tbody>
</table>
</form>
<form method="post">
<input type="submit" name="leave_team" value="Quitter l'équipe" />
</form>
<form method="post">
<input type="submit" name="request_validation" value="Demander la validation" />
</form>
<?php } ?>
<?php include "footer.php" ?>

93
server_files/rejoindre_equipe.php Normal file
View File

@ -0,0 +1,93 @@
<?php
include 'config.php';
if (isset($_POST["submitted"])) {
$error_message = joinTeam();
}
function joinTeam() {
global $DB, $YEAR, $MAIL_ADDRESS, $access_code, $data;
if ($_SESSION["team_id"] != NULL)
return "Vous êtes déjà dans une équipe.";
$access_code = htmlspecialchars($_POST["access_code"]);
if (!isset($access_code) || strlen($access_code) != 6)
return "Le code d'accès doit comporter 6 caractères.";
$result = $DB->query("SELECT * FROM `teams` WHERE `access_code` = '" . $access_code . "' AND `year` = '$YEAR';");
if (($data = $result->fetch()) === FALSE)
return "Ce code d'accès est invalide.";
if ($_SESSION["role"] != "PARTICIPANT" && $_SESSION["role"] != "ENCADRANT")
return "Seuls les participants et les encadrants peuvent rejoindre une équipe.";
if ($data["validation_status"] != "NOT_READY")
return "Cette équipe est déjà en cours de validation ou validée, vous ne pouvez pas la rejoindre.";
for ($i = 1; $i <= $_SESSION["role"] == "PARTICIPANT" ? 6 : 2; ++$i) {
if ($data[strtolower($_SESSION["role"]) . "_" . strval($i)] == NULL)
break;
}
if ($_SESSION["role"] == "PARTICIPANT" && $i == 7 || $_SESSION["role"] == "ENCADRANT" && $i == 3)
return "Il n'y a plus de place pour vous dans l'équipe.";
$DB->prepare("UPDATE `users` SET `team_id` = ? WHERE `id` = " . $_SESSION["user_id"] . ";")->execute([$data["id"]]);
/** @noinspection SqlResolve */
$DB->prepare("UPDATE `teams` SET `" . strtolower($_SESSION["role"]) . "_" . strval($i) . "` = ? WHERE `id` = " . $data["id"] . ";")->execute([$_SESSION["user_id"]]);
$_SESSION["team_id"] = $data["id"];
$_SESSION["team_validation_status"] = $data["validation_status"];
$msg = "Bonjour " . $_SESSION["first_name"] . " " . $_SESSION["surname"] . ",\r\n\r\n";
$msg .= "Vous venez de rejoindre l'équipe « " . $data["name"] . " » (" . $data["trigram"] . ") pour le TFJM² de " . $data["name"] . " et nous vous en remercions.\r\n\r\n";
$msg .= "Cordialement,\r\n\r\nL'organisation du TFJM² $YEAR";
mail($_SESSION["email"], "Équipe rejointe TFJM² $YEAR", $msg, "From: $MAIL_ADDRESS\r\n");
return false;
}
?>
<?php include "header.php" ?>
<?php
if (!isset($_SESSION["role"]) or ($_SESSION["role"] != "PARTICIPANT" && $_SESSION["role"] != "ENCADRANT")) {
?>
<h2>Vous devez être participant ou encadrant pour pouvoir rejoindre une équipe.</h2>
<?php } else if (isset($access_code)) { ?>
Vous avez bien rejoint l'équipe <?php echo $data["name"] ?> !
<?php } else if ($_SESSION["team_id"] != NULL) { ?>
<h2>Vous êtes déjà dans une équipe.</h2>
<?php } else { ?>
<?php if (isset($error_message) && $error_message) echo "<h2>Erreur : " . $error_message . "</h2>"; ?>
<form method="POST">
<input type="hidden" name="submitted" value="true" />
<table style="width: 100%;">
<tbody>
<tr>
<td style="width: 30%;">
<label for="access_code">Code d'accès :</label>
</td>
<td style="width: 70%;">
<input style="width: 100%;" type="text" id="access_code" name="access_code" />
</td>
</tr>
<tr>
<td colspan="2">
<input style="width: 100%;" type="submit" value="Rejoindre l'équipe" />
</td>
</tr>
</tbody>
</table>
</form>
<?php include "footer.php" ?>
<?php } ?>

115
server_files/solutions.php Normal file
View File

@ -0,0 +1,115 @@
<?php
include 'config.php';
if (isset($_POST["send_solution"])) {
$error_message = saveSolution();
}
$solutions_req = $DB->prepare("SELECT `file_id`, `problem`, COUNT(`problem`) AS `version` FROM `solutions` WHERE `team` = ? GROUP BY `problem` ORDER BY `problem` ASC, `uploaded_at` DESC;");
$solutions_req->execute([$_SESSION["team_id"]]);
function saveSolution() {
global $LOCAL_PATH, $DB;
try {
$problem = $_POST["problem"];
if ($problem < 1 || $problem > 9)
return "Le numéro de problème est invalide.";
}
catch (Throwable $t) {
return "Le numéro de problème n'est pas valide. Merci de ne pas créer vos propres requêtes.";
}
$file = $_FILES["solution"];
if ($file["size"] > 5000000 || $file["error"])
return "Une erreur est survenue. Merci de vérifier que le fichier pèse moins que 5 Mo.";
if (finfo_file(finfo_open(FILEINFO_MIME_TYPE), $file["tmp_name"]) != 'application/pdf')
return "Le fichier doit être au format PDF.";
if (!is_dir("$LOCAL_PATH/files") && !mkdir("$LOCAL_PATH/files"))
return "Les droits sont insuffisants. Veuillez contacter l'administrateur du serveur.";
$alphabet = "abcdefghijklmnopqrstuvwxyz0123456789";
do {
$id = "";
for ($i = 0; $i < 64; ++$i) {
$id .= $alphabet[rand(0, strlen($alphabet) - 1)];
}
}
while (file_exists("$LOCAL_PATH/files/$id"));
if (!rename($file["tmp_name"], "$LOCAL_PATH/files/$id"))
return "Une erreur est survenue lors de l'envoi du fichier.";
$req = $DB->prepare("INSERT INTO `solutions`(`file_id`, `team`, `tournament`, `problem`)
VALUES (?, ?, ?, ?);");
$req->execute([$id, $_SESSION["team_id"], $_SESSION["tournament_id"], $problem]);
return false;
}
?>
<?php include 'header.php' ?>
<?php if (isset($error_message)) {
if ($error_message !== false) {
echo "<h2>Erreur : " . $error_message . "</h2>";
} else {
echo "<h2>Le fichier a été correctement envoyé !</h2>";
}
}?>
<form method="post" enctype="multipart/form-data">
<input type="hidden" name="MAX_FILE_SIZE" value="5000000" />
<table>
<tbody>
<tr>
<td>
<label for="problem">Problème :</label>
</td>
<td>
<select id="problem" name="problem">
<?php
for ($i = 1; $i <= 9; ++$i) {
echo "<option value=\"$i\">$i</option>\n";
}
?>
</select>
</td>
</tr>
<tr>
<td>
<label for="file">Fichier :</label>
</td>
<td>
<input type="file" id="file" name="solution" />
</td>
</tr>
<tr>
<td colspan="2">
<input style="width: 100%;" type="submit" name="send_solution" value="Envoyer" />
</td>
</tr>
</tbody>
</table>
</form>
<div style="padding: 20px"></div>
<h2>Solutions soumises :</h2>
<?php
while (($data = $solutions_req->fetch()) !== false) {
$file_id = $data["file_id"];
$problem = $data["problem"];
$version = $data["version"];
echo "Problème $problem (Version $version) : <a href=\"$URL_BASE/file/$file_id\">Télécharger</a><br />";
}
?>
<?php include 'footer.php' ?>

29
server_files/solutions_orga.php Normal file
View File

@ -0,0 +1,29 @@
<?php include 'config.php'; ?>
<?php include 'header.php'; ?>
<?php
$req = $DB->query("SELECT `id`, `name` FROM `tournaments` WHERE "
. ($_SESSION["role"] == "ADMIN" ? "" : "`organizer` = '" . $_SESSION["user_id"] . "' AND ")
. "`year` = $YEAR ORDER BY `name`;");
while (($data_tournament = $req->fetch()) !== false) {
echo "<h1>Tournoi de " . $data_tournament["name"] . "</h1>\n";
$id = $data_tournament["id"];
$files_req = $DB->query("SELECT *, COUNT(`problem`) AS `version` FROM `solutions` WHERE `tournament` = '$id' GROUP BY `team`, `problem` ORDER BY `team`, `problem`, `uploaded_at` DESC;");
while (($data_file = $files_req->fetch()) !== false) {
$file_id = $data_file["file_id"];
$problem = $data_file["problem"];
$version = $data_file["version"];
$team_id = $data_file["team"];
$team_data = $DB->query("SELECT `name`, `trigram` FROM `teams` WHERE `id` = '$team_id' AND `year` = $YEAR;")->fetch();
$team_name = $team_data["name"];
$team_trigram = $team_data["trigram"];
echo "Problème n°$problem de l'équipe $team_name ($team_trigram), version $version : <a href=\"$URL_BASE/file/$file_id\">Télécharger</a><br />";
}
}
?>
<?php include 'footer.php'; ?>

109
server_files/syntheses.php Normal file
View File

@ -0,0 +1,109 @@
<?php
include 'config.php';
if (isset($_POST["send_synthese"])) {
$error_message = saveSynthese();
}
$syntheses_req = $DB->prepare("SELECT `file_id`, `dest`, COUNT(`dest`) AS `version` FROM `syntheses` WHERE `team` = ? GROUP BY `dest` ORDER BY `dest` ASC, `uploaded_at` DESC;");
$syntheses_req->execute([$_SESSION["team_id"]]);
function saveSynthese() {
global $LOCAL_PATH, $DB;
$dest = strtoupper(htmlspecialchars($_POST["dest"]));
if (!isset($dest) || ($dest != "OPPOSANT" && $dest != "RAPPORTEUR"))
return "Le destinataire est invalide.";
$file = $_FILES["synthese"];
if ($file["size"] > 5000000 || $file["error"])
return "Une erreur est survenue. Merci de vérifier que le fichier pèse moins que 5 Mo.";
if (finfo_file(finfo_open(FILEINFO_MIME_TYPE), $file["tmp_name"]) != 'application/pdf')
return "Le fichier doit être au destmat PDF.";
if (!is_dir("$LOCAL_PATH/files") && !mkdir("$LOCAL_PATH/files"))
return "Les droits sont insuffisants. Veuillez contacter l'administrateur du serveur.";
$alphabet = "abcdefghijklmnopqrstuvwxyz0123456789";
do {
$id = "";
for ($i = 0; $i < 64; ++$i) {
$id .= $alphabet[rand(0, strlen($alphabet) - 1)];
}
}
while (file_exists("$LOCAL_PATH/files/$id"));
if (!rename($file["tmp_name"], "$LOCAL_PATH/files/$id"))
return "Une erreur est survenue lors de l'envoi du fichier.";
$req = $DB->prepare("INSERT INTO `syntheses`(`file_id`, `team`, `tournament`, `dest`)
VALUES (?, ?, ?, ?);");
$req->execute([$id, $_SESSION["team_id"], $_SESSION["tournament_id"], $dest]);
return false;
}
?>
<?php include 'header.php' ?>
<?php if (isset($error_message)) {
if ($error_message !== false) {
echo "<h2>Erreur : " . $error_message . "</h2>";
}
else {
echo "<h2>Le fichier a été correctement envoyé !</h2>";
}
}?>
<form method="post" enctype="multipart/form-data">
<input type="hidden" name="MAX_FILE_SIZE" value="5000000" />
<table>
<tbody>
<tr>
<td>
<label for="dest">Destination de la note de synthèse :</label>
</td>
<td>
<select id="dest" name="dest">
<option value="opposant">Opposant</option>
<option value="rapporteur">Rapporteur</option>
</select>
</td>
</tr>
<tr>
<td>
<label for="file">Fichier :</label>
</td>
<td>
<input type="file" id="file" name="synthese" />
</td>
</tr>
<tr>
<td colspan="2">
<input style="width: 100%;" type="submit" name="send_synthese" value="Envoyer" />
</td>
</tr>
</tbody>
</table>
</form>
<div style="padding: 20px"></div>
<h2>Notes de synthèse soumises :</h2>
<?php
while (($data = $syntheses_req->fetch()) !== false) {
$file_id = $data["file_id"];
$dest = $data["dest"];
$version = $data["version"];
echo "Note de synthèse pour " . ($dest == "OPPOSANT" ? "l'opposant" : "le rapporteur") . " (Version $version) : <a href=\"$URL_BASE/file/$file_id\">Télécharger</a><br />";
}
?>
<?php include 'footer.php' ?>

30
server_files/syntheses_orga.php Normal file
View File

@ -0,0 +1,30 @@
<?php include 'config.php'; ?>
<?php include 'header.php'; ?>
<?php
$req = $DB->query("SELECT `id`, `name` FROM `tournaments` WHERE "
. ($_SESSION["role"] == "ADMIN" ? "" : "`organizer` = '" . $_SESSION["user_id"] . "' AND ")
. "`year` = $YEAR ORDER BY `name`;");
while (($data_tournament = $req->fetch()) !== false) {
echo "<h1>Tournoi de " . $data_tournament["name"] . "</h1>\n";
$id = $data_tournament["id"];
$files_req = $DB->query("SELECT *, COUNT(`dest`) AS `version` FROM `syntheses` WHERE `tournament` = '$id' GROUP BY `team`, `dest` ORDER BY `team`, `dest`, `uploaded_at` DESC;");
while (($data_file = $files_req->fetch()) !== false) {
$file_id = $data_file["file_id"];
$dest = $data_file["dest"];
$version = $data_file["version"];
$team_id = $data_file["team"];
$team_data = $DB->query("SELECT `name`, `trigram` FROM `teams` WHERE `id` = '$team_id' AND `year` = $YEAR;")->fetch();
$team_name = $team_data["name"];
$team_trigram = $team_data["trigram"];
echo "Note de synthèse de l'équipe $team_name ($team_trigram) pour " . ($dest == "OPPOSANT" ? "l'opposant" : "le rapporteur")
. ", version $version : <a href=\"$URL_BASE/file/$file_id\">Télécharger</a><br />";
}
}
?>
<?php include 'footer.php'; ?>

107
server_files/tournoi.php Normal file
View File

@ -0,0 +1,107 @@
<?php
include 'config.php';
$tournament_name = htmlspecialchars($_GET["nom"]);
$response = $DB->prepare("SELECT * FROM `tournaments` WHERE `name` = ? AND `year` = $YEAR;");
$response->execute([$tournament_name]);
$data = $response->fetch();
$orga_data = $DB->query("SELECT `surname`, `first_name` FROM `users` WHERE `id` = " . $data["organizer"] . " AND `year` = $YEAR;")->fetch();
$orga_name = $orga_data["first_name"] . " " . $orga_data["surname"];
$teams_response = $DB->query("SELECT `id`, `name`, `trigram`, `inscription_date`, `validation_status` FROM `teams` WHERE `tournament` = " . $data["id"] . " AND `year` = $YEAR;");
?>
<?php include "header.php" ?>
<h2>Tournoi de <?php echo $data["name"] ?></h2>
<strong>Organisateur :</strong> <?php echo $orga_name ?><br />
<strong>Nombre d'équipes maximal :</strong> <?php echo $data["size"] ?><br />
<strong>Lieu :</strong> <?php echo $data["place"] ?><br />
<strong>Prix par partipant :</strong> <?php echo $data["price"] == 0 ? "Gratuit" : $data["price"] . "" ?><br />
<strong>Dates :</strong> Du <?php echo echo_date($data["date_start"]) ?> au <?php echo echo_date($data["date_end"]) ?><br />
<strong>Clôture des inscriptions :</strong> <?php echo echo_date($data["date_inscription"], true) ?><br />
<strong>Date limite d'envoi des solutions :</strong> <?php echo echo_date($data["date_solutions"], true) ?><br />
<strong>Date limite d'envoi des notes de synthèse :</strong> <?php echo echo_date($data["date_syntheses"], true) ?><br />
<strong>Description :</strong> <?php echo $data["description"] ?>
<h2>Équipes inscrites à ce tournoi :</h2>
<table style="border: 1px solid black; width: 100%;">
<thead>
<tr>
<th style="border: 1px solid black; text-align: center">
Équipe
</th>
<th style="border: 1px solid black; text-align: center">
Trigramme
</th>
<th style="border: 1px solid black; text-align: center">
Date d'inscription
</th>
<th style="border: 1px solid black; text-align: center">
État de validation de l'inscription
</th>
</tr>
</thead>
<tbody>
<?php
while (($team_data = $teams_response->fetch()) != false) {
?>
<tr>
<td style="border: 1px solid black; text-align: center">
<?php
if (isset($_SESSION["role"]) && ($_SESSION["role"] == "ADMIN" || ($_SESSION["role"] == "ORGANIZER" && $data["organizer"] == $_SESSION["user_id"])))
echo "<a href=\"$URL_BASE/equipe/" . $team_data["trigram"] . "\">" . $team_data["name"] . "</a>";
else
echo $team_data["name"];
?>
</td>
<td style="border: 1px solid black; text-align: center"><?php echo $team_data["trigram"] ?></td>
<td style="border: 1px solid black; text-align: center"><?php echo echo_date($team_data["inscription_date"]) ?></td>
<td style="border: 1px solid black; text-align: center">
<?php
switch ($team_data["validation_status"]) {
case "NOT_READY":
echo "Inscription non terminée";
break;
case "WAITING":
echo "En attente de validation";
break;
case "VALIDATED":
echo "Inscription validée";
break;
default:
echo "Statut inconnu";
break;
}
?>
</td>
</tr>
<?php
}
?>
</tbody>
<tfoot>
<tr>
<th style="border: 1px solid black; text-align: center">
Équipe
</th>
<th style="border: 1px solid black; text-align: center">
Trigramme
</th>
<th style="border: 1px solid black; text-align: center">
Date d'inscription
</th>
<th style="border: 1px solid black; text-align: center">
État de validation de l'inscription
</th>
</tr>
</tfoot>
</table>
<?php include "footer.php" ?>

50
server_files/tournois.php Normal file
View File

@ -0,0 +1,50 @@
<?php
include 'config.php';
$response = $DB->query("SELECT `name`, `date_start`, `date_end`, `date_inscription`, `date_solutions`, `size` FROM `tournaments`
WHERE `year` = '$YEAR' ORDER BY `date_start`, `name`;");
?>
<?php include "header.php" ?>
<h2>Liste des tournois</h2>
<table style="border: 1px solid black; width: 100%">
<thead style="border: 1px solid black">
<tr>
<th style="border: 1px solid black; text-align: center">Lieu</th>
<th style="border: 1px solid black; text-align: center">Dates</th>
<th style="border: 1px solid black; text-align: center">Inscription avant le</th>
<th style="border: 1px solid black; text-align: center">Date de rendu des solutions</th>
<th style="border: 1px solid black; text-align: center">Places disponibles</th>
</tr>
</thead>
<tbody style="border: 1px solid black">
<?php
while (($data = $response->fetch()) !== FALSE) {
?>
<tr style="border: 1px solid black">
<td style="border: 1px solid black; text-align: center"><a href="<?= $URL_BASE ?>/tournoi/<?= $data["name"] ?>"><?= $data["name"] ?></a></td>
<td style="border: 1px solid black; text-align: center">Du <?php echo echo_date($data["date_start"]) ?> au <?php echo echo_date($data["date_end"]) ?></td>
<td style="border: 1px solid black; text-align: center"><?php echo echo_date($data["date_inscription"]) ?></td>
<td style="border: 1px solid black; text-align: center"><?php echo echo_date($data["date_solutions"]) ?></td>
<td style="border: 1px solid black; text-align: center"><?php echo $data["size"] ?></td>
</tr>
<?php
}
?>
</tbody>
<tfoot style="border: 1px solid black">
<tr>
<th style="border: 1px solid black; text-align: center">Lieu</th>
<th style="border: 1px solid black; text-align: center">Dates</th>
<th style="border: 1px solid black; text-align: center">Inscription avant le</th>
<th style="border: 1px solid black; text-align: center">Date de rendu des solutions</th>
<th style="border: 1px solid black; text-align: center">Places disponibles</th>
</tr>
</tfoot>
</table>
<?php include "footer.php" ?>

67
server_files/view_file.php Normal file
View File

@ -0,0 +1,67 @@
<?php
include "config.php";
if (!isset($_GET["file_id"])) {
header("Location: $URL_BASE");
exit();
}
$id = htmlspecialchars($_GET["file_id"]);
$type = "SOLUTION";
$req = $DB->query("SELECT * FROM `solutions` WHERE `file_id` = '$id';");
if (($data = $req->fetch()) === false) {
$req = $DB->query("SELECT * FROM `syntheses` WHERE `file_id` = '$id';");
$type = "SYNTHESE";
if (($data = $req->fetch()) === false) {
$req = $DB->query("SELECT * FROM `documents` WHERE `file_id` = '$id';");
$type = "DOCUMENT";
$data = $req->fetch();
}
}
print_r($type);
if ($data !== false) {
$team_data = $DB->query("SELECT `trigram` FROM `teams` WHERE `id` = " . $data["team"] . ";")->fetch();
$tournament_data = $DB->query("SELECT `name` FROM `tournaments` WHERE `id` = " . $data["tournament"] . ";")->fetch();
$trigram = $team_data["trigram"];
if ($type == "SOLUTION") {
$problem = $data["problem"];
$name = "Problème $problem $trigram.pdf";
}
else if ($type == "SYNTHESE") {
$dest = $data["dest"];
$name = "Note de synthèse $trigram pour " . ($dest == "OPPOSANT" ? "l'opposant" : "le rapporteur") . ".pdf";
}
else if ($type == "DOCUMENT") {
$user_id = $data["user"];
$user_data = $DB->query("SELECT `surname`, `first_name` FROM `users` WHERE `id` = 'user';")->fetch();
$surname = $user_data["surname"];
$first_name = $user_data["first_name"];
switch ($data["type"]) {
case "PARENTAL_CONSENT":
$name = "Autorisation parentale";
break;
case "PHOTO_CONSENT":
$name = "Autorisation de droit à l'image";
break;
case "SANITARY_PLUG":
$name = "Fiche sanitaire";
break;
}
$name .= " de $first_name $surname.pdf";
}
}
else {
include_once "404.php";
http_response_code(404);
exit();
}
header("Content-Type: application/pdf");
header("Content-Disposition: inline; filename=\"$name\"");
readfile("$URL_BASE/files/$id");
exit();