query("SELECT `id`, `surname`, `first_name` FROM `users` WHERE (`role` = 'ORGANIZER' OR `role` = 'ADMIN') AND `year` = '$YEAR';"); if (isset($_POST["submitted"])) { $error_message = registerTournament(); } function registerTournament() { global $DB, $YEAR, $MAIL_ADDRESS; $name = htmlspecialchars($_POST["name"]); $result = $DB->query("SELECT `id` FROM `tournaments` WHERE `name` = '" . $name . "' AND `year` = '$YEAR';"); if ($result->fetch()) return "Un tournoi existe déjà avec ce nom."; if (!isset($_POST["organizer"]) || sizeof($_POST["organizer"]) == 0) return "Aucun organisateur n'a été choisi."; $organizers = $_POST["organizer"]; $orga_mails = []; foreach ($organizers as $orga) { $result = $DB->query("SELECT `role`, `email` FROM `users` WHERE `id` = '" . $orga . "' AND `year` = '$YEAR';"); $data = $result->fetch(); if ($data === FALSE) return "L'organisateur spécifié n'existe pas."; if ($data["role"] != "ORGANIZER" && $data["role"] != "ADMIN") return "L'organisateur indiqué ne peut pas organiser de tournoi."; $orga_mails[] = $data["email"]; } try { $size = intval(htmlspecialchars($_POST["size"])); } catch (Exception $ex) { return "Le nombre d'équipes indiqué n'est pas un entier valide."; } if ($size < 3 || $size > 12) return "Un tournoi doit comporter entre 3 et 12 équipes."; $place = htmlspecialchars($_POST["place"]); try { $price = intval(htmlspecialchars($_POST["price"])); } catch (Throwable $t) { return "Le tarif pour les participants n'est pas un nombre valide."; } if ($price < 0) return "Le TFJM² ne va pas payer les élèves pour venir."; if ($price > 50) return "Soyons raisonnable sur le prix."; $date_start = htmlspecialchars($_POST["date_start"]); $date_start_parsed = date_parse_from_format("yyyy-mm-dd", $date_start); $date_end = htmlspecialchars($_POST["date_end"]); $date_end_parsed = date_parse_from_format("yyyy-mm-dd", $date_end); $date_inscription = htmlspecialchars($_POST["date_inscription"]); $time_inscription = htmlspecialchars($_POST["time_inscription"]); $date_inscription_parsed = date_parse_from_format("yyyy-mm-dd", $date_inscription . ' ' . $time_inscription); $date_solutions = htmlspecialchars($_POST["date_solutions"]); $time_solutions = htmlspecialchars($_POST["time_solutions"]); $date_solutions_parsed = date_parse_from_format("yyyy-mm-dd", $date_solutions . ' ' . $time_solutions); $date_syntheses = htmlspecialchars($_POST["date_syntheses"]); $time_syntheses = htmlspecialchars($_POST["time_syntheses"]); $date_syntheses_parsed = date_parse_from_format("yyyy-mm-dd", $date_syntheses . ' ' . $time_syntheses); if (!$date_start_parsed || !$date_end_parsed || !$date_inscription_parsed || !$date_solutions_parsed || !$date_syntheses_parsed) return "Une date est mal formée."; $description = htmlspecialchars($_POST["description"]); $final = isset($_POST["final"]) && $_POST["final"]; if ($final && $DB->query("SELECT `id` FROM `tournaments` WHERE `final` = true AND `year` = $YEAR;")->fetch() !== false) return "Une finale est déjà enregistrée."; $req = $DB->prepare("INSERT INTO `tournaments` (`name`, `size`, `place`, `price`, `description`, `date_start`, `date_end`, `date_inscription`, `date_solutions`, `date_syntheses`, `final`, `year`) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?);"); $req->execute([$name, $size, $place, $price, $description, $date_start, $date_end, "$date_inscription $time_inscription", "$date_solutions $time_solutions", "$date_syntheses $time_syntheses", $final, $YEAR]); $req = $DB->query("SELECT `id` FROM `tournaments` WHERE `name` = '$name' AND `year` = $YEAR;"); $tournament_id = $req->fetch()["id"]; foreach ($organizers as $orga) { $req = $DB->prepare("INSERT INTO `organizers`(`organizer`, `tournament`) VALUES(?, ?);"); $req->execute([$orga, $tournament_id]); } foreach ($orga_mails as $orga_mail) mail($orga_mail, "Organisateur TFJM² " . $name, "Vous venez d'être promu organisateur du tournoi " . $name . " pour le TFJM² $YEAR !", "From: $MAIL_ADDRESS"); return false; } ?>

Vous n'êtes pas autorisé à accéder à cette page.

Erreur : " . $error_message . ""; } else { echo "

Tournoi de " . htmlspecialchars($_POST["name"]) . " ajouté avec succès !

"; } }?>
Du au