SHOW:
|
|
- or go back to the newest paste.
1 | <?php | |
2 | $servername = "localhost"; | |
3 | $username = "spatyk_ttwmobile"; | |
4 | - | $password = "AlfaBetaArekCD"; |
4 | + | $password = "nie dla psa"; |
5 | $dbname="spatyk_ttwmobile"; | |
6 | $cookie=true; | |
7 | $link='https://ttwmobile.eu/dlstest?'.$_POST['name']; | |
8 | $conn = new mysqli($servername, $username, $password, $dbname); | |
9 | mysqli_set_charset($conn, "utf8"); | |
10 | $logged = false; | |
11 | function random_string(){ | |
12 | $result=""; | |
13 | for($i=0;$i<64;$i++){ | |
14 | $result = $result . chr(rand(65,90)); | |
15 | } | |
16 | return $result; | |
17 | } | |
18 | if(!empty($_COOKIE['login_cookie'])){ | |
19 | if(empty($_POST['name'])){ | |
20 | $sql = "select name from comps where cookie = '" . $_COOKIE['login_cookie'] . "'"; | |
21 | $result = $conn->query($sql)->fetch_assoc(); | |
22 | $_POST['name'] = $result['name']; | |
23 | } | |
24 | $sql = 'select cookie from comps where name = "' . $_POST['name'] . '"'; | |
25 | $result = $conn->query($sql)->fetch_assoc(); | |
26 | if($_COOKIE['login_cookie'] == $result['cookie']){ | |
27 | $logged = true; | |
28 | } | |
29 | else{ | |
30 | $cookie = false; | |
31 | } | |
32 | } | |
33 | $logged_out = false; | |
34 | if($_POST['type']=='L_O'){ | |
35 | $logged_out = true; | |
36 | } | |
37 | if(!empty($_POST["name"])||!empty($_POST["password"])) | |
38 | { | |
39 | $result=$conn->query("SELECT password FROM `comps` WHERE name='".nh($_POST['name'])."'")->fetch_row(); | |
40 | if(password_verify(nh($_POST["password"]),$result[0])) | |
41 | { | |
42 | $logged = true; | |
43 | $pass=password_hash(nh($_POST['password']), PASSWORD_DEFAULT); | |
44 | $cookie = random_string(); | |
45 | $sql = "update comps set cookie = '" . $cookie . "' where name = '" . $_POST['name'] . "'"; | |
46 | setcookie('login_cookie', $cookie, time() + 900); | |
47 | $conn->query($sql); | |
48 | } | |
49 | else if($cookie) | |
50 | { | |
51 | if(!$logged_out){ | |
52 | $Err='password and comp name doesn\'t match'; | |
53 | }else{ | |
54 | $logged = false; | |
55 | } | |
56 | } | |
57 | } | |
58 | echo '<!DOCTYPE html> | |
59 | <html> | |
60 | <head> | |
61 | <title>Admin Panel</title> | |
62 | <style> | |
63 | .error {color: #FF0000;} | |
64 | .D {background-color: #DB7093} | |
65 | .B {background-color: #FF6347} | |
66 | .U {background-color: #FFFF66} | |
67 | ||
68 | </style> | |
69 | <link rel="stylesheet" href="styles/visibleIf.css" type="text/css" /> | |
70 | <script type="text/javascript" src="scripts/EventHelpers.js"></script> | |
71 | <script type="text/javascript" src="scripts/visibleIf.js"></script> | |
72 | <link rel="icon" href="favicon.ico"> | |
73 | <meta charset="utf-8"> | |
74 | <script src="scripts/jquery.js"></script> | |
75 | <script src="scripts/adminScript.js"></script> | |
76 | </head>'; | |
77 | if(!$logged){ | |
78 | echo '<body style="background-color:#D3D3D3;margin-top:0;padding-top:0"> | |
79 | <div id="box" style="position:relative;width:60vw;left:20vw;top:0vh;text-align:center;background-color: #4169E1;height:98vh"> | |
80 | <h1 style="top:5vh;">Admin tools</h1> | |
81 | <div style="position:relative;top:5vh;"> | |
82 | <span class="error">'.$Err.'</span> | |
83 | <form action="admin.php" method="post" enctype="multipart/form-data"> | |
84 | <p>Comp name <br> <input type="text" name="name" /></p> | |
85 | <p>Password <br> <input type="password" name="password" /></p> | |
86 | <p><input type="submit"></p> | |
87 | </form> | |
88 | </div> | |
89 | </div> | |
90 | </body>'; | |
91 | }else{ | |
92 | $_events = Array(); | |
93 | echo '<body><h1>Welcome to the control panel<br></h1>'; | |
94 | echo ''; | |
95 | $sql = "select id from comps where name = '" . $_POST['name'] . "'"; | |
96 | $result = $conn->query($sql)->fetch_assoc(); | |
97 | $comp_id = $result['id']; | |
98 | echo '<span id="'.$_POST['name'].'" class="harmo" style="position:absolute;right:1vw;bottom:1vh" >Print Schedule</span>'; | |
99 | if(!isset($_POST['round'])) | |
100 | $_POST['round']=''; | |
101 | if(!isset($_POST['cutoff'])) | |
102 | $_POST['cutoff']=''; | |
103 | if(!isset($_POST['format'])) | |
104 | $_POST['format']=''; | |
105 | if($_POST['time']=='') | |
106 | $time=$_POST['timeDB']; | |
107 | else | |
108 | $time=$_POST['time']; | |
109 | if($_POST['rname']=='') | |
110 | $rname=$_POST['rnameDB']; | |
111 | else | |
112 | $rname=$_POST['rname']; | |
113 | if($_POST['type']=='A_E'){ | |
114 | $sql3 = "insert into harmo values (". $comp_id . " , '" . $time. | |
115 | "', " . $_POST['newid'] . | |
116 | ", '" . $rname. | |
117 | "', '" . $_POST['round'] . | |
118 | "', '". $_POST['cutoff']. | |
119 | "','" . $_POST['eventType']. | |
120 | "', '". $_POST['format'] . | |
121 | "', '". $_POST['proceed'] . "')"; | |
122 | $conn->query($sql3); | |
123 | } | |
124 | if($_POST['type']=='C_E'){ | |
125 | $sql3 = "Update harmo set time='".$time."',eventName='".$rname."',round='".$_POST['round']."',cutOff='".$_POST['cutoff']."',eventType='".$_POST['eventType']."',format='".$_POST['format']."',proceed='".$_POST['proceed']."' WHERE eventID='".$_POST["id"]."'"; | |
126 | $conn->query($sql3); | |
127 | } | |
128 | $sql2 = 'select time, eventid, eventName, round, cutOff, eventType, format,proceed from harmo where compID = ' . $comp_id . ' order by time'; | |
129 | $result2 = $conn->query($sql2); | |
130 | echo '<div style="position:absolute;right:1vw;margin-left:1vw;top:5vh"><a href="'.$link.'"><input type="text" value="'.$link.'" id="link"></a>'; | |
131 | echo '<br><span id="copy">Copy link to competiton site</span></div><div style="float:left"><table id="schedule">'; | |
132 | $last_id = 0; | |
133 | echo '<tr><td>Godziny</td><td>Nazwa</td><td>Runda</td><td>Cutoff</td><td>Typ</td><td>Format</td><td>Proceed</td><td>Del</td></tr>'; | |
134 | while($row = $result2->fetch_assoc()){ | |
135 | if($last_id < $row['eventid']){ | |
136 | $last_id = $row['eventid']; | |
137 | } | |
138 | if($row['eventType']=='O' || $row['eventType']=='U'){ | |
139 | array_push($_events, $row); | |
140 | } | |
141 | echo '<tr class="'.$row['eventType'].'" id="'.$row['eventid'].':'.strtoupper($_POST['name']).'">'; | |
142 | echo "<td id='".$row['eventid']."time'>".$row['time']."</td>"; | |
143 | echo "<td id='".$row['eventid']."eventName'>".$row['eventName']."</td>"; | |
144 | echo "<td id='".$row['eventid']."round'>".$row['round']."</td>"; | |
145 | echo "<td id='".$row['eventid']."cutOff'>".$row['cutOff']."</td>"; | |
146 | echo "<td id='".$row['eventid']."eventType'>".$row['eventType']."</td>"; | |
147 | echo "<td id='".$row['eventid']."format'>".$row['format']."</td>"; | |
148 | echo "<td id='".$row['eventid']."proceed'>".$row['proceed']."</td>"; | |
149 | echo '<td id="del"><button onClick="delRow(\''.$row['eventid']."?".$_POST['name'].'\')">✖</button></td>'; | |
150 | ||
151 | echo "</form>"; | |
152 | echo "</tr>"; | |
153 | } | |
154 | $last_id += 1; | |
155 | echo '</table></div>'; | |
156 | echo '<div id="add" style="float:left;margin-left:5vw"><h4>Dodaj event</h4>'; | |
157 | echo '<form action="admin.php" method="post" enctype="multipart/form-data" id="formadd">'; | |
158 | echo '<input type="hidden" name="type" value="A_E">'; | |
159 | echo '<input type="hidden" name="name" value="' . $_POST['name'] .'">'; | |
160 | echo '<input type="hidden" name="newid" value="' . $last_id . '">'; | |
161 | echo '<p>Type of event</p>'; | |
162 | echo '<select name="eventType"> | |
163 | <option value="D">New day</option> | |
164 | <option value="B">Break</option> | |
165 | <option value="O">Official Event</option> | |
166 | <option value="U">Unofficial Event</option> | |
167 | </select>'; | |
168 | echo '<p>Time</p>'; | |
169 | echo '<p class="visibleIf" data-visibleif-rule="eventType != \'D\'"><input type="text" placeholder="DHH:MM - HH:MM" name="time"></p>'; | |
170 | echo '<p class="visibleIf" data-visibleif-rule="eventType == \'D\'"><input type="text" placeholder="D" name="timeDB"></p>'; | |
171 | echo '<p class="visibleIf" data-visibleif-rule="(eventType != \'D\')">Event name</p>'; | |
172 | echo '<p class="visibleIf" data-visibleif-rule="(eventType != \'D\')"><input type="text" name="rname"></p>'; | |
173 | echo '<p class="visibleIf" data-visibleif-rule="(eventType == \'D\')">Date</p>'; | |
174 | echo '<p class="visibleIf" data-visibleif-rule="(eventType == \'D\')"><input type="text" placeholder="SATURDAY - 2 DECEMBER 2017" name="rnameDB"></p>'; | |
175 | echo '<p class="visibleIf" data-visibleif-rule="(eventType != \'D\')&&(eventType != \'B\')">Round</p>'; | |
176 | echo '<p class="visibleIf" data-visibleif-rule="(eventType != \'D\')&&(eventType != \'B\')"><input type="text" name="round"></p>'; | |
177 | echo '<p class="visibleIf" data-visibleif-rule="(eventType != \'D\')&&(eventType != \'B\')">Cutoff</p>'; | |
178 | echo '<p class="visibleIf" data-visibleif-rule="(eventType != \'D\')&&(eventType != \'B\')"><input type="text" name="cutoff"></p>'; | |
179 | echo '<p class="visibleIf" data-visibleif-rule="(eventType != \'D\')&&(eventType != \'B\')">Format (ao5, bo3, etc)</p>'; | |
180 | echo '<p class="visibleIf" data-visibleif-rule="(eventType != \'D\')&&(eventType != \'B\')"><input type="text" name="format"></p>'; | |
181 | echo '<p class="visibleIf" data-visibleif-rule="(eventType != \'D\')&&(eventType != \'B\')">Proceed</p>'; | |
182 | echo '<p class="visibleIf" data-visibleif-rule="(eventType != \'D\')&&(eventType != \'B\')"><input type="text" name="proceed"></p>'; | |
183 | echo '<td><button type="submit" form="formadd">Add event</button></td>'; | |
184 | echo '</form></div>'; | |
185 | echo '<div style="position:absolute;right:1vw;margin-left:1vw;top:1vh"><form action="admin.php" method="post" enctype="multipart/form-data" id="formlogout">'; | |
186 | echo '<input type="hidden" name="type" value="L_O">'; | |
187 | echo '<button type="submit" form="formlogout">Log out</button></div>'; | |
188 | echo '</form>'; | |
189 | echo '<div id="uploadcsv" style="position:absolute;right:1vw"><h4>Import csv</h4>'; | |
190 | if($_POST['type']=='U_C'){ | |
191 | if($_FILES['csv']['error']==0){ | |
192 | $format = explode('.', $_FILES['csv']['name']); | |
193 | if($format[1]!='csv'){ | |
194 | echo "Use a .csv file, not a " . $format[1] . " file"; | |
195 | }else{ | |
196 | $file = file($_FILES['csv']['tmp_name']); | |
197 | $events = Array(); | |
198 | $first = explode(',', $file[0]); | |
199 | //print_r($first); | |
200 | $event_names = Array(); | |
201 | for($i = 3; $i < sizeof($first); $i++){ | |
202 | $events[$i] = Array(); | |
203 | $event_names[$i] = trim($first[$i]); | |
204 | } | |
205 | $sql = "select max(id) from competitors"; | |
206 | $result = $conn->query($sql)->fetch_row(); | |
207 | $nxt_id = $result[0] + 1; | |
208 | for($i = 0; $i < sizeof($event_names); $i++){ | |
209 | $name = $event_names[$i+3]; | |
210 | //echo $name; | |
211 | $sql = "SELECT round FROM `harmo` where eventName = '" . $name . "' and compid = " . $comp_id; | |
212 | $res = $conn->query($sql)->fetch_row(); | |
213 | //print_r($res); | |
214 | $event_names[$i+3] = $name . "," . $res[0]; | |
215 | } | |
216 | //print_r($event_names); | |
217 | $bigsql = 'insert into competing (person_id, comp_id, event_name) values '; | |
218 | $done = false; | |
219 | for($i = 1; $i < sizeof($file); $i++){ | |
220 | $person = explode(',',$file[$i]); | |
221 | //print_r($person); | |
222 | $sql = "SELECT count(id) from competitors where name = '" . $person[0] ."' and dob = '" . $person[1] . "' and sex = '" . $person[2] ."'"; | |
223 | /*echo $sql; | |
224 | echo "<br>";*/ | |
225 | $res = $conn->query($sql)->fetch_row(); | |
226 | $person_id = 0; | |
227 | if($res[0]==0){ | |
228 | /*echo $nxt_id; | |
229 | echo "<br>";*/ | |
230 | $sql = "insert into competitors (id, name, dob, sex) values (" . $nxt_id . ",'" . $person[0] . "', '" . $person[1] . "', '" . $person[2] . "')"; | |
231 | $conn->query($sql); | |
232 | //echo $sql; | |
233 | $person_id = $nxt_id; | |
234 | $nxt_id += 1; | |
235 | }else{ | |
236 | $sql2 = "SELECT id from competitors where name = '" . $person[0] ."' and dob = '" . $person[1] . "' and sex = '" . $person[2] ."'"; | |
237 | $res2 = $conn->query($sql2)->fetch_row(); | |
238 | $person_id = $res2[0]; | |
239 | } | |
240 | for($j = 3; $j < sizeof($person); $j++){ | |
241 | if(trim($person[$j]) == "1"){ | |
242 | $nsql = "(" . $person_id . ", " . $comp_id . ", '" . $event_names[$j] . "'), "; | |
243 | $bigsql = $bigsql . $nsql; | |
244 | $done = true; | |
245 | } | |
246 | } | |
247 | } | |
248 | if($done){ | |
249 | $conn->query(substr($bigsql, 0, -2)); | |
250 | } | |
251 | } | |
252 | }else{ | |
253 | echo "doesn't work"; | |
254 | } | |
255 | } | |
256 | echo '<form action="admin.php" method="post" enctype="multipart/form-data" id="formcsv">'; | |
257 | echo '<input type="file" name="csv" id="csv">'; | |
258 | echo '<input type="hidden" name="type" value="U_C">'; | |
259 | echo '<input type="submit" value="Upload CSV" name="submit">'; | |
260 | echo '</form>'; | |
261 | echo '<br><br><br><br><br><br>'; | |
262 | echo '<button onClick="delAC(\''.$comp_id.'\')">Delete All Competitors</button>'; | |
263 | /*echo '</div>'; | |
264 | echo '<div>';*/ | |
265 | echo '<table>'; | |
266 | echo '<tr><td>Name</td>'; | |
267 | foreach($_events as $e){ | |
268 | echo "<td>" . $e["eventName"] . " " . $e["round"] . "</td>"; | |
269 | } | |
270 | echo '</tr>'; | |
271 | $sql = "select distinct c.person_id, c2.name from competing c, competitors c2 where comp_id = ". $comp_id . " and c2.id = c.person_id order by person_id"; | |
272 | $result = $conn->query($sql); | |
273 | while($row = $result->fetch_row()){ | |
274 | //print_r($row); | |
275 | $sql2 = "select event_name from competing where comp_id = " . $comp_id . " and person_id = " . $row[0]; | |
276 | $result2 = $conn->query($sql2); | |
277 | $this_person = Array(); | |
278 | while ($row2 = $result2->fetch_row()){ | |
279 | $this_person[$row2[0]] = 1; | |
280 | } | |
281 | echo "<tr>"; | |
282 | echo "<td>"; | |
283 | echo $row[1]; | |
284 | echo "</td>"; | |
285 | foreach($_events as $e){ | |
286 | echo "<td>"; | |
287 | if($this_person[$e["eventName"] . "," . $e["round"]]==1){ | |
288 | echo "X"; | |
289 | }else{ | |
290 | echo "-"; | |
291 | } | |
292 | echo "</td>"; | |
293 | } | |
294 | echo "</tr>"; | |
295 | } | |
296 | echo '</table>'; | |
297 | echo '</div>'; | |
298 | echo '</body>'; | |
299 | } | |
300 | echo '</html>'; | |
301 | function nh($msg) | |
302 | { | |
303 | return htmlspecialchars($msg); | |
304 | } | |
305 | function clog($msg) { | |
306 | echo "<script type='text/javascript'>console.log('$msg');</script>"; | |
307 | } | |
308 | function alert($msg) { | |
309 | echo "<script type='text/javascript'>alert('$msg');</script>"; | |
310 | } | |
311 | ?> |