81 lines
2.3 KiB
PHP
81 lines
2.3 KiB
PHP
<?php
|
|
|
|
if (!isset($_GET["file_id"])) {
|
|
header("Location: $URL_BASE");
|
|
exit();
|
|
}
|
|
|
|
if (!isset($_SESSION["user_id"]))
|
|
require_once "server_files/403.php";
|
|
|
|
$id = htmlspecialchars($_GET["file_id"]);
|
|
$type = "SOLUTION";
|
|
|
|
$req = $DB->query("SELECT * FROM `solutions` WHERE `file_id` = '$id';");
|
|
if (($data = $req->fetch()) === false) {
|
|
$req = $DB->query("SELECT * FROM `syntheses` WHERE `file_id` = '$id';");
|
|
$type = "SYNTHESE";
|
|
|
|
if (($data = $req->fetch()) === false) {
|
|
$req = $DB->query("SELECT * FROM `documents` WHERE `file_id` = '$id';");
|
|
$type = "DOCUMENT";
|
|
$data = $req->fetch();
|
|
}
|
|
}
|
|
|
|
if ($data !== false) {
|
|
$team = Team::fromId($data["team"]);
|
|
$tournament = Tournament::fromId($data["tournament"]);
|
|
$trigram = $team->getTrigram();
|
|
if ($type == "SOLUTION") {
|
|
$problem = $data["problem"];
|
|
$name = "Problème $problem $trigram.pdf";
|
|
|
|
if (($_SESSION["role"] == Role::PARTICIPANT || $_SESSION["role"] == Role::ENCADRANT) && (!isset($_SESSION["team"]) || $_SESSION["team"]->getId() != $team->getId()))
|
|
require_once "server_files/403.php";
|
|
|
|
// TODO Seuls les organisateurs concernés doivent pouvoir télécharger les fichiers
|
|
}
|
|
else if ($type == "SYNTHESE") {
|
|
$dest = $data["dest"];
|
|
$name = "Note de synthèse $trigram pour " . ($dest == "OPPOSANT" ? "l'opposant" : "le rapporteur") . ".pdf";
|
|
|
|
// TODO Seuls les organisateurs, défenseurs, opposants et rapporteurs doivent pouvoir télécharger les fichiers
|
|
}
|
|
else if ($type == "DOCUMENT") {
|
|
$user_id = $data["user"];
|
|
$user = User::fromId($user_id);
|
|
|
|
if (($_SESSION["role"] == Role::PARTICIPANT || $_SESSION["role"] == Role::ENCADRANT) && $user_id != $_SESSION["user_id"])
|
|
require_once "server_files/403.php";
|
|
|
|
// TODO Seuls les organisateurs concernés doivent pouvoir télécharger les fichiers
|
|
|
|
$surname = $user->getSurname();
|
|
$first_name = $user->getFirstName();
|
|
switch ($data["type"]) {
|
|
case "PARENTAL_CONSENT":
|
|
$name = "Autorisation parentale";
|
|
break;
|
|
case "PHOTO_CONSENT":
|
|
$name = "Autorisation de droit à l'image";
|
|
break;
|
|
case "SANITARY_PLUG":
|
|
$name = "Fiche sanitaire";
|
|
break;
|
|
}
|
|
$name .= " de $first_name $surname.pdf";
|
|
}
|
|
}
|
|
else {
|
|
require_once "server_files/404.php";
|
|
http_response_code(404);
|
|
exit();
|
|
}
|
|
|
|
header("Content-Type: application/pdf");
|
|
header("Content-Disposition: inline; filename=\"$name\"");
|
|
|
|
readfile("$URL_BASE/files/$id");
|
|
|
|
exit();
|