View difference between Paste ID: <a href="/yH58La0g">yH58La0g</a> and <a href="/iERYHiu0">iERYHiu0</a>

<?php
1		<?php
2		$servername = "localhost";
3		$username = "spatyk_ttwmobile";
4	-	$password = "AlfaBetaArekCD";
4	+	$password = "nie dla psa";
5		$dbname="spatyk_ttwmobile";
6		$cookie=true;
7		$link='https://ttwmobile.eu/dlstest?'.$_POST['name'];
8		$conn = new mysqli($servername, $username, $password, $dbname);
9		mysqli_set_charset($conn, "utf8");
10		$logged = false;
11		function random_string(){
12		$result="";
13		for($i=0;$i<64;$i++){
14		$result = $result . chr(rand(65,90));
15		}
16		return $result;
17		}
18		if(!empty($_COOKIE['login_cookie'])){
19		if(empty($_POST['name'])){
20		$sql = "select name from comps where cookie = '" . $_COOKIE['login_cookie'] . "'";
21		$result = $conn->query($sql)->fetch_assoc();
22		$_POST['name'] = $result['name'];
23		}
24		$sql = 'select cookie from comps where name = "' . $_POST['name'] . '"';
25		$result = $conn->query($sql)->fetch_assoc();
26		if($_COOKIE['login_cookie'] == $result['cookie']){
27		$logged = true;
28		}
29		else{
30		$cookie = false;
31		}
32		}
33		$logged_out = false;
34		if($_POST['type']=='L_O'){
35		$logged_out = true;
36		}
37		if(!empty($_POST["name"])\|\|!empty($_POST["password"]))
38		{
39		$result=$conn->query("SELECT password FROM `comps` WHERE name='".nh($_POST['name'])."'")->fetch_row();
40		if(password_verify(nh($_POST["password"]),$result[0]))
41		{
42		$logged = true;
43		$pass=password_hash(nh($_POST['password']), PASSWORD_DEFAULT);
44		$cookie = random_string();
45		$sql = "update comps set cookie = '" . $cookie . "' where name = '" . $_POST['name'] . "'";
46		setcookie('login_cookie', $cookie, time() + 900);
47		$conn->query($sql);
48		}
49		else if($cookie)
50		{
51		if(!$logged_out){
52		$Err='password and comp name doesn\'t match';
53		}else{
54		$logged = false;
55		}
56		}
57		}
58		echo '<!DOCTYPE html>
59		<html>
60		<head>
61		<title>Admin Panel</title>
62		<style>
63		.error {color: #FF0000;}
64		.D {background-color: #DB7093}
65		.B {background-color: #FF6347}
66		.U {background-color: #FFFF66}
67
68		</style>
69		<link rel="stylesheet" href="styles/visibleIf.css" type="text/css" />
70		<script type="text/javascript" src="scripts/EventHelpers.js"></script>
71		<script type="text/javascript" src="scripts/visibleIf.js"></script>
72		<link rel="icon" href="favicon.ico">
73		<meta charset="utf-8">
74		<script src="scripts/jquery.js"></script>
75		<script src="scripts/adminScript.js"></script>
76		</head>';
77		if(!$logged){
78		echo '<body style="background-color:#D3D3D3;margin-top:0;padding-top:0">
79		<div id="box" style="position:relative;width:60vw;left:20vw;top:0vh;text-align:center;background-color: #4169E1;height:98vh">
80		<h1 style="top:5vh;">Admin tools</h1>
81		<div style="position:relative;top:5vh;">
82		<span class="error">'.$Err.'</span>
83		<form action="admin.php" method="post" enctype="multipart/form-data">
84		<p>Comp name <br> <input type="text" name="name" /></p>
85		<p>Password <br> <input type="password" name="password" /></p>
86		<p><input type="submit"></p>
87		</form>
88		</div>
89		</div>
90		</body>';
91		}else{
92		$_events = Array();
93		echo '<body><h1>Welcome to the control panel<br></h1>';
94		echo '';
95		$sql = "select id from comps where name = '" . $_POST['name'] . "'";
96		$result = $conn->query($sql)->fetch_assoc();
97		$comp_id = $result['id'];
98		echo '<span id="'.$_POST['name'].'" class="harmo" style="position:absolute;right:1vw;bottom:1vh" >Print Schedule</span>';
99		if(!isset($_POST['round']))
100		$_POST['round']='';
101		if(!isset($_POST['cutoff']))
102		$_POST['cutoff']='';
103		if(!isset($_POST['format']))
104		$_POST['format']='';
105		if($_POST['time']=='')
106		$time=$_POST['timeDB'];
107		else
108		$time=$_POST['time'];
109		if($_POST['rname']=='')
110		$rname=$_POST['rnameDB'];
111		else
112		$rname=$_POST['rname'];
113		if($_POST['type']=='A_E'){
114		$sql3 = "insert into harmo values (". $comp_id . " , '" . $time.
115		"', " . $_POST['newid'] .
116		", '" . $rname.
117		"', '" . $_POST['round'] .
118		"', '". $_POST['cutoff'].
119		"','" . $_POST['eventType'].
120		"', '". $_POST['format'] .
121		"', '". $_POST['proceed'] . "')";
122		$conn->query($sql3);
123		}
124		if($_POST['type']=='C_E'){
125		$sql3 = "Update harmo set time='".$time."',eventName='".$rname."',round='".$_POST['round']."',cutOff='".$_POST['cutoff']."',eventType='".$_POST['eventType']."',format='".$_POST['format']."',proceed='".$_POST['proceed']."' WHERE eventID='".$_POST["id"]."'";
126		$conn->query($sql3);
127		}
128		$sql2 = 'select time, eventid, eventName, round, cutOff, eventType, format,proceed from harmo where compID = ' . $comp_id . ' order by time';
129		$result2 = $conn->query($sql2);
130		echo '<div style="position:absolute;right:1vw;margin-left:1vw;top:5vh"><a href="'.$link.'"><input type="text" value="'.$link.'" id="link"></a>';
131		echo '<br><span id="copy">Copy link to competiton site</span></div><div style="float:left"><table id="schedule">';
132		$last_id = 0;
133		echo '<tr><td>Godziny</td><td>Nazwa</td><td>Runda</td><td>Cutoff</td><td>Typ</td><td>Format</td><td>Proceed</td><td>Del</td></tr>';
134		while($row = $result2->fetch_assoc()){
135		if($last_id < $row['eventid']){
136		$last_id = $row['eventid'];
137		}
138		if($row['eventType']=='O' \|\| $row['eventType']=='U'){
139		array_push($_events, $row);
140		}
141		echo '<tr class="'.$row['eventType'].'" id="'.$row['eventid'].':'.strtoupper($_POST['name']).'">';
142		echo "<td id='".$row['eventid']."time'>".$row['time']."</td>";
143		echo "<td id='".$row['eventid']."eventName'>".$row['eventName']."</td>";
144		echo "<td id='".$row['eventid']."round'>".$row['round']."</td>";
145		echo "<td id='".$row['eventid']."cutOff'>".$row['cutOff']."</td>";
146		echo "<td id='".$row['eventid']."eventType'>".$row['eventType']."</td>";
147		echo "<td id='".$row['eventid']."format'>".$row['format']."</td>";
148		echo "<td id='".$row['eventid']."proceed'>".$row['proceed']."</td>";
149		echo '<td id="del"><button onClick="delRow(\''.$row['eventid']."?".$_POST['name'].'\')">&#10006</button></td>';
150
151		echo "</form>";
152		echo "</tr>";
153		}
154		$last_id += 1;
155		echo '</table></div>';
156		echo '<div id="add" style="float:left;margin-left:5vw"><h4>Dodaj event</h4>';
157		echo '<form action="admin.php" method="post" enctype="multipart/form-data" id="formadd">';
158		echo '<input type="hidden" name="type" value="A_E">';
159		echo '<input type="hidden" name="name" value="' . $_POST['name'] .'">';
160		echo '<input type="hidden" name="newid" value="' . $last_id . '">';
161		echo '<p>Type of event</p>';
162		echo '<select name="eventType">
163		<option value="D">New day</option>
164		<option value="B">Break</option>
165		<option value="O">Official Event</option>
166		<option value="U">Unofficial Event</option>
167		</select>';
168		echo '<p>Time</p>';
169		echo '<p class="visibleIf" data-visibleif-rule="eventType != \'D\'"><input type="text" placeholder="DHH:MM - HH:MM" name="time"></p>';
170		echo '<p class="visibleIf" data-visibleif-rule="eventType == \'D\'"><input type="text" placeholder="D" name="timeDB"></p>';
171		echo '<p class="visibleIf" data-visibleif-rule="(eventType != \'D\')">Event name</p>';
172		echo '<p class="visibleIf" data-visibleif-rule="(eventType != \'D\')"><input type="text" name="rname"></p>';
173		echo '<p class="visibleIf" data-visibleif-rule="(eventType == \'D\')">Date</p>';
174		echo '<p class="visibleIf" data-visibleif-rule="(eventType == \'D\')"><input type="text" placeholder="SATURDAY - 2 DECEMBER 2017" name="rnameDB"></p>';
175		echo '<p class="visibleIf" data-visibleif-rule="(eventType != \'D\')&&(eventType != \'B\')">Round</p>';
176		echo '<p class="visibleIf" data-visibleif-rule="(eventType != \'D\')&&(eventType != \'B\')"><input type="text" name="round"></p>';
177		echo '<p class="visibleIf" data-visibleif-rule="(eventType != \'D\')&&(eventType != \'B\')">Cutoff</p>';
178		echo '<p class="visibleIf" data-visibleif-rule="(eventType != \'D\')&&(eventType != \'B\')"><input type="text" name="cutoff"></p>';
179		echo '<p class="visibleIf" data-visibleif-rule="(eventType != \'D\')&&(eventType != \'B\')">Format (ao5, bo3, etc)</p>';
180		echo '<p class="visibleIf" data-visibleif-rule="(eventType != \'D\')&&(eventType != \'B\')"><input type="text" name="format"></p>';
181		echo '<p class="visibleIf" data-visibleif-rule="(eventType != \'D\')&&(eventType != \'B\')">Proceed</p>';
182		echo '<p class="visibleIf" data-visibleif-rule="(eventType != \'D\')&&(eventType != \'B\')"><input type="text" name="proceed"></p>';
183		echo '<td><button type="submit" form="formadd">Add event</button></td>';
184		echo '</form></div>';
185		echo '<div style="position:absolute;right:1vw;margin-left:1vw;top:1vh"><form action="admin.php" method="post" enctype="multipart/form-data" id="formlogout">';
186		echo '<input type="hidden" name="type" value="L_O">';
187		echo '<button type="submit" form="formlogout">Log out</button></div>';
188		echo '</form>';
189		echo '<div id="uploadcsv" style="position:absolute;right:1vw"><h4>Import csv</h4>';
190		if($_POST['type']=='U_C'){
191		if($_FILES['csv']['error']==0){
192		$format = explode('.', $_FILES['csv']['name']);
193		if($format[1]!='csv'){
194		echo "Use a .csv file, not a " . $format[1] . " file";
195		}else{
196		$file = file($_FILES['csv']['tmp_name']);
197		$events = Array();
198		$first = explode(',', $file[0]);
199		//print_r($first);
200		$event_names = Array();
201		for($i = 3; $i < sizeof($first); $i++){
202		$events[$i] = Array();
203		$event_names[$i] = trim($first[$i]);
204		}
205		$sql = "select max(id) from competitors";
206		$result = $conn->query($sql)->fetch_row();
207		$nxt_id = $result[0] + 1;
208		for($i = 0; $i < sizeof($event_names); $i++){
209		$name = $event_names[$i+3];
210		//echo $name;
211		$sql = "SELECT round FROM `harmo` where eventName = '" . $name . "' and compid = " . $comp_id;
212		$res = $conn->query($sql)->fetch_row();
213		//print_r($res);
214		$event_names[$i+3] = $name . "," . $res[0];
215		}
216		//print_r($event_names);
217		$bigsql = 'insert into competing (person_id, comp_id, event_name) values ';
218		$done = false;
219		for($i = 1; $i < sizeof($file); $i++){
220		$person = explode(',',$file[$i]);
221		//print_r($person);
222		$sql = "SELECT count(id) from competitors where name = '" . $person[0] ."' and dob = '" . $person[1] . "' and sex = '" . $person[2] ."'";
223		/*echo $sql;
224		echo "<br>";*/
225		$res = $conn->query($sql)->fetch_row();
226		$person_id = 0;
227		if($res[0]==0){
228		/*echo $nxt_id;
229		echo "<br>";*/
230		$sql = "insert into competitors (id, name, dob, sex) values (" . $nxt_id . ",'" . $person[0] . "', '" . $person[1] . "', '" . $person[2] . "')";
231		$conn->query($sql);
232		//echo $sql;
233		$person_id = $nxt_id;
234		$nxt_id += 1;
235		}else{
236		$sql2 = "SELECT id from competitors where name = '" . $person[0] ."' and dob = '" . $person[1] . "' and sex = '" . $person[2] ."'";
237		$res2 = $conn->query($sql2)->fetch_row();
238		$person_id = $res2[0];
239		}
240		for($j = 3; $j < sizeof($person); $j++){
241		if(trim($person[$j]) == "1"){
242		$nsql = "(" . $person_id . ", " . $comp_id . ", '" . $event_names[$j] . "'), ";
243		$bigsql = $bigsql . $nsql;
244		$done = true;
245		}
246		}
247		}
248		if($done){
249		$conn->query(substr($bigsql, 0, -2));
250		}
251		}
252		}else{
253		echo "doesn't work";
254		}
255		}
256		echo '<form action="admin.php" method="post" enctype="multipart/form-data" id="formcsv">';
257		echo '<input type="file" name="csv" id="csv">';
258		echo '<input type="hidden" name="type" value="U_C">';
259		echo '<input type="submit" value="Upload CSV" name="submit">';
260		echo '</form>';
261		echo '<br><br><br><br><br><br>';
262		echo '<button onClick="delAC(\''.$comp_id.'\')">Delete All Competitors</button>';
263		/*echo '</div>';
264		echo '<div>';*/
265		echo '<table>';
266		echo '<tr><td>Name</td>';
267		foreach($_events as $e){
268		echo "<td>" . $e["eventName"] . " " . $e["round"] . "</td>";
269		}
270		echo '</tr>';
271		$sql = "select distinct c.person_id, c2.name from competing c, competitors c2 where comp_id = ". $comp_id . " and c2.id = c.person_id order by person_id";
272		$result = $conn->query($sql);
273		while($row = $result->fetch_row()){
274		//print_r($row);
275		$sql2 = "select event_name from competing where comp_id = " . $comp_id . " and person_id = " . $row[0];
276		$result2 = $conn->query($sql2);
277		$this_person = Array();
278		while ($row2 = $result2->fetch_row()){
279		$this_person[$row2[0]] = 1;
280		}
281		echo "<tr>";
282		echo "<td>";
283		echo $row[1];
284		echo "</td>";
285		foreach($_events as $e){
286		echo "<td>";
287		if($this_person[$e["eventName"] . "," . $e["round"]]==1){
288		echo "X";
289		}else{
290		echo "-";
291		}
292		echo "</td>";
293		}
294		echo "</tr>";
295		}
296		echo '</table>';
297		echo '</div>';
298		echo '</body>';
299		}
300		echo '</html>';
301		function nh($msg)
302		{
303		return htmlspecialchars($msg);
304		}
305		function clog($msg) {
306		echo "<script type='text/javascript'>console.log('$msg');</script>";
307		}
308		function alert($msg) {
309		echo "<script type='text/javascript'>alert('$msg');</script>";
310		}
311		?>