1
0
mirror of https://gitlab.com/animath/si/plateforme.git synced 2024-12-27 09:02:23 +00:00
plateforme-tfjm2/server_files/controllers/informations.php
Yohann D'ANELLO 2ee1c75d0c Sécurité
2020-01-22 22:18:55 +01:00

176 lines
5.1 KiB
PHP

<?php
if (!isset($_SESSION["role"]))
require_once "server_files/403.php";
$id = $_GET["id"];
$user = User::fromId($id);
$team = Team::fromId($user->getTeamId());
if ($_SESSION["role"] != Role::ADMIN) {
if ($_SESSION["role"] == Role::ORGANIZER) {
if (($user->getRole() == Role::PARTICIPANT || $user->getRole() == Role::PARTICIPANT) && ($team == null || $team->getTournamentId() == null || !Tournament::fromId($team->getTournamentId())->organize($_SESSION["user_id"])))
require_once "server_files/403.php";
}
elseif ($user->getId() != $_SESSION["user_id"])
require_once "server_files/403.php";
}
if ($user === null)
require_once "server_files/404.php";
if ($team != null) {
$documents = $user->getAllDocuments($team->getTournamentId());
$payment = $user->getPayment();
$tournament = Tournament::fromId($team->getTournamentId());
}
$has_error = false;
$error_message = null;
if (isset($_POST["kick"])) {
if ($team == null) {
$has_error = true;
$error_message = "La personne à expulser n'est dans aucune équipe.";
}
else {
quitTeam($id);
$team = null;
}
}
if (isset($_POST["attribute_team"])) {
$attribute_team = new AttributeTeam($_POST);
try {
$attribute_team->makeVerifications();
$attribute_team->attribute();
} catch (AssertionError $e) {
$has_error = true;
$error_message = $e->getMessage();
}
}
if (isset($_POST["validate_payment"])) {
$validate_payment = new ValidatePayment($_POST);
try {
$validate_payment->makeVerifications();
$validate_payment->validate();
} catch (AssertionError $e) {
$has_error = true;
$error_message = $e->getMessage();
}
}
if (isset($_POST["view_as"]) && $_SESSION["role"] == Role::ADMIN) {
if (!isset($_SESSION["admin"]))
$_SESSION["admin"] = $_SESSION["user_id"];
$_SESSION["user_id"] = $user->getId();
header("Location: /");
exit();
}
if (isset($_POST["delete_account"]) && $team == null && $_SESSION["role"] == Role::ADMIN) {
/** @var Document $document */
foreach ($user->getAllDocuments($team->getTournamentId()) as $document)
unlink($LOCAL_PATH . "/files/" . $document->getFileId());
$DB->prepare("DELETE FROM `documents` WHERE `user` = ?;")->execute([$user->getId()]);
$DB->prepare("DELETE FROM `organizers` WHERE `organizer` = ?;")->execute([$user->getId()]);
$DB->prepare("DELETE FROM `users` WHERE `id` = ?;")->execute([$user->getId()]);
header("Location: /");
exit();
}
class AttributeTeam
{
private $team_id;
private $team;
private $min_null_index;
public function __construct($data)
{
$this->team_id = htmlspecialchars($data["team"]);
$this->team = Team::fromId($this->team_id);
}
public function makeVerifications()
{
global $user;
ensure($user->getConfirmEmailToken() == null, "Ce participant n'a pas encore validé son adresse e-mail.");
ensure($this->team_id != "no_team", "Vous n'avez pas choisi d'équipe.");
ensure($this->team != null, "Cette équipe n'existe pas.");
ensure($user->getTeamId() <= 0, "Cette personne est déjà dans une équipe !");
ensure($this->team->getValidationStatus() == ValidationStatus::NOT_READY, "Cette équipe est déjà validée ou en cours de validation.");
$role = $user->getRole();
for ($i = 1; $i <= $role == Role::ENCADRANT ? 2 : 6; ++$i) {
if (($role == Role::PARTICIPANT ? $this->team->getParticipants()[$i - 1] : $this->team->getEncadrants()[$i]) == NULL)
break;
}
$this->min_null_index = $i;
ensure($role == Role::PARTICIPANT && $this->min_null_index <= 6 || $role == Role::ENCADRANT && $this->min_null_index <= 2,
"Il n'y a plus de place pour vous dans l'équipe.");
}
public function attribute()
{
global $user, $team;
$user->setTeamId($this->team->getId());
if ($user->getRole() == Role::ENCADRANT)
$this->team->setEncadrant($this->min_null_index, $user->getId());
else
$this->team->setParticipant($this->min_null_index, $user->getId());
Mailer::sendJoinTeamMail($user, $this->team, Tournament::fromId($this->team->getTournamentId()));
$team = $this->team;
global $documents, $payment, $tournament;
$documents = $user->getAllDocuments($team->getTournamentId());
$payment = $user->getPayment();
$tournament = Tournament::fromId($team->getTournamentId());
}
}
class ValidatePayment
{
private $accept, $reject;
private $message;
private $payment;
public function __construct($data)
{
global $user;
foreach ($data as $key => $value)
$this->$key = htmlspecialchars($value);
$this->payment = $user->getPayment();
}
public function makeVerifications()
{
ensure($this->payment->getValidationStatus() == ValidationStatus::WAITING, "Le paiement n'était pas en attente.");
ensure(isset($this->accept) ^ isset($this->reject), "La sélection de validation est invalide.");
}
public function validate()
{
global $user, $team, $tournament;
if ($this->accept)
$this->payment->setValidationStatus(ValidationStatus::VALIDATED);
else
$this->payment->setValidationStatus(ValidationStatus::NOT_READY);
Mailer::sendValidatePayment($user, $team, $tournament, $this->payment, $this->message);
}
}
require_once "server_files/views/informations.php";