Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- $servername = "localhost";
- $username = "spatyk_ttwmobile";
- $password = "nie dla psa";
- $dbname="spatyk_ttwmobile";
- $cookie=true;
- $link='https://ttwmobile.eu/dlstest?'.$_POST['name'];
- $conn = new mysqli($servername, $username, $password, $dbname);
- mysqli_set_charset($conn, "utf8");
- $logged = false;
- function random_string(){
- $result="";
- for($i=0;$i<64;$i++){
- $result = $result . chr(rand(65,90));
- }
- return $result;
- }
- if(!empty($_COOKIE['login_cookie'])){
- if(empty($_POST['name'])){
- $sql = "select name from comps where cookie = '" . $_COOKIE['login_cookie'] . "'";
- $result = $conn->query($sql)->fetch_assoc();
- $_POST['name'] = $result['name'];
- }
- $sql = 'select cookie from comps where name = "' . $_POST['name'] . '"';
- $result = $conn->query($sql)->fetch_assoc();
- if($_COOKIE['login_cookie'] == $result['cookie']){
- $logged = true;
- }
- else{
- $cookie = false;
- }
- }
- $logged_out = false;
- if($_POST['type']=='L_O'){
- $logged_out = true;
- }
- if(!empty($_POST["name"])||!empty($_POST["password"]))
- {
- $result=$conn->query("SELECT password FROM `comps` WHERE name='".nh($_POST['name'])."'")->fetch_row();
- if(password_verify(nh($_POST["password"]),$result[0]))
- {
- $logged = true;
- $pass=password_hash(nh($_POST['password']), PASSWORD_DEFAULT);
- $cookie = random_string();
- $sql = "update comps set cookie = '" . $cookie . "' where name = '" . $_POST['name'] . "'";
- setcookie('login_cookie', $cookie, time() + 900);
- $conn->query($sql);
- }
- else if($cookie)
- {
- if(!$logged_out){
- $Err='password and comp name doesn\'t match';
- }else{
- $logged = false;
- }
- }
- }
- echo '<!DOCTYPE html>
- <html>
- <head>
- <title>Admin Panel</title>
- <style>
- .error {color: #FF0000;}
- .D {background-color: #DB7093}
- .B {background-color: #FF6347}
- .U {background-color: #FFFF66}
- </style>
- <link rel="stylesheet" href="styles/visibleIf.css" type="text/css" />
- <script type="text/javascript" src="scripts/EventHelpers.js"></script>
- <script type="text/javascript" src="scripts/visibleIf.js"></script>
- <link rel="icon" href="favicon.ico">
- <meta charset="utf-8">
- <script src="scripts/jquery.js"></script>
- <script src="scripts/adminScript.js"></script>
- </head>';
- if(!$logged){
- echo '<body style="background-color:#D3D3D3;margin-top:0;padding-top:0">
- <div id="box" style="position:relative;width:60vw;left:20vw;top:0vh;text-align:center;background-color: #4169E1;height:98vh">
- <h1 style="top:5vh;">Admin tools</h1>
- <div style="position:relative;top:5vh;">
- <span class="error">'.$Err.'</span>
- <form action="admin.php" method="post" enctype="multipart/form-data">
- <p>Comp name <br> <input type="text" name="name" /></p>
- <p>Password <br> <input type="password" name="password" /></p>
- <p><input type="submit"></p>
- </form>
- </div>
- </div>
- </body>';
- }else{
- $_events = Array();
- echo '<body><h1>Welcome to the control panel<br></h1>';
- echo '';
- $sql = "select id from comps where name = '" . $_POST['name'] . "'";
- $result = $conn->query($sql)->fetch_assoc();
- $comp_id = $result['id'];
- echo '<span id="'.$_POST['name'].'" class="harmo" style="position:absolute;right:1vw;bottom:1vh" >Print Schedule</span>';
- if(!isset($_POST['round']))
- $_POST['round']='';
- if(!isset($_POST['cutoff']))
- $_POST['cutoff']='';
- if(!isset($_POST['format']))
- $_POST['format']='';
- if($_POST['time']=='')
- $time=$_POST['timeDB'];
- else
- $time=$_POST['time'];
- if($_POST['rname']=='')
- $rname=$_POST['rnameDB'];
- else
- $rname=$_POST['rname'];
- if($_POST['type']=='A_E'){
- $sql3 = "insert into harmo values (". $comp_id . " , '" . $time.
- "', " . $_POST['newid'] .
- ", '" . $rname.
- "', '" . $_POST['round'] .
- "', '". $_POST['cutoff'].
- "','" . $_POST['eventType'].
- "', '". $_POST['format'] .
- "', '". $_POST['proceed'] . "')";
- $conn->query($sql3);
- }
- if($_POST['type']=='C_E'){
- $sql3 = "Update harmo set time='".$time."',eventName='".$rname."',round='".$_POST['round']."',cutOff='".$_POST['cutoff']."',eventType='".$_POST['eventType']."',format='".$_POST['format']."',proceed='".$_POST['proceed']."' WHERE eventID='".$_POST["id"]."'";
- $conn->query($sql3);
- }
- $sql2 = 'select time, eventid, eventName, round, cutOff, eventType, format,proceed from harmo where compID = ' . $comp_id . ' order by time';
- $result2 = $conn->query($sql2);
- echo '<div style="position:absolute;right:1vw;margin-left:1vw;top:5vh"><a href="'.$link.'"><input type="text" value="'.$link.'" id="link"></a>';
- echo '<br><span id="copy">Copy link to competiton site</span></div><div style="float:left"><table id="schedule">';
- $last_id = 0;
- echo '<tr><td>Godziny</td><td>Nazwa</td><td>Runda</td><td>Cutoff</td><td>Typ</td><td>Format</td><td>Proceed</td><td>Del</td></tr>';
- while($row = $result2->fetch_assoc()){
- if($last_id < $row['eventid']){
- $last_id = $row['eventid'];
- }
- if($row['eventType']=='O' || $row['eventType']=='U'){
- array_push($_events, $row);
- }
- echo '<tr class="'.$row['eventType'].'" id="'.$row['eventid'].':'.strtoupper($_POST['name']).'">';
- echo "<td id='".$row['eventid']."time'>".$row['time']."</td>";
- echo "<td id='".$row['eventid']."eventName'>".$row['eventName']."</td>";
- echo "<td id='".$row['eventid']."round'>".$row['round']."</td>";
- echo "<td id='".$row['eventid']."cutOff'>".$row['cutOff']."</td>";
- echo "<td id='".$row['eventid']."eventType'>".$row['eventType']."</td>";
- echo "<td id='".$row['eventid']."format'>".$row['format']."</td>";
- echo "<td id='".$row['eventid']."proceed'>".$row['proceed']."</td>";
- echo '<td id="del"><button onClick="delRow(\''.$row['eventid']."?".$_POST['name'].'\')">✖</button></td>';
- echo "</form>";
- echo "</tr>";
- }
- $last_id += 1;
- echo '</table></div>';
- echo '<div id="add" style="float:left;margin-left:5vw"><h4>Dodaj event</h4>';
- echo '<form action="admin.php" method="post" enctype="multipart/form-data" id="formadd">';
- echo '<input type="hidden" name="type" value="A_E">';
- echo '<input type="hidden" name="name" value="' . $_POST['name'] .'">';
- echo '<input type="hidden" name="newid" value="' . $last_id . '">';
- echo '<p>Type of event</p>';
- echo '<select name="eventType">
- <option value="D">New day</option>
- <option value="B">Break</option>
- <option value="O">Official Event</option>
- <option value="U">Unofficial Event</option>
- </select>';
- echo '<p>Time</p>';
- echo '<p class="visibleIf" data-visibleif-rule="eventType != \'D\'"><input type="text" placeholder="DHH:MM - HH:MM" name="time"></p>';
- echo '<p class="visibleIf" data-visibleif-rule="eventType == \'D\'"><input type="text" placeholder="D" name="timeDB"></p>';
- echo '<p class="visibleIf" data-visibleif-rule="(eventType != \'D\')">Event name</p>';
- echo '<p class="visibleIf" data-visibleif-rule="(eventType != \'D\')"><input type="text" name="rname"></p>';
- echo '<p class="visibleIf" data-visibleif-rule="(eventType == \'D\')">Date</p>';
- echo '<p class="visibleIf" data-visibleif-rule="(eventType == \'D\')"><input type="text" placeholder="SATURDAY - 2 DECEMBER 2017" name="rnameDB"></p>';
- echo '<p class="visibleIf" data-visibleif-rule="(eventType != \'D\')&&(eventType != \'B\')">Round</p>';
- echo '<p class="visibleIf" data-visibleif-rule="(eventType != \'D\')&&(eventType != \'B\')"><input type="text" name="round"></p>';
- echo '<p class="visibleIf" data-visibleif-rule="(eventType != \'D\')&&(eventType != \'B\')">Cutoff</p>';
- echo '<p class="visibleIf" data-visibleif-rule="(eventType != \'D\')&&(eventType != \'B\')"><input type="text" name="cutoff"></p>';
- echo '<p class="visibleIf" data-visibleif-rule="(eventType != \'D\')&&(eventType != \'B\')">Format (ao5, bo3, etc)</p>';
- echo '<p class="visibleIf" data-visibleif-rule="(eventType != \'D\')&&(eventType != \'B\')"><input type="text" name="format"></p>';
- echo '<p class="visibleIf" data-visibleif-rule="(eventType != \'D\')&&(eventType != \'B\')">Proceed</p>';
- echo '<p class="visibleIf" data-visibleif-rule="(eventType != \'D\')&&(eventType != \'B\')"><input type="text" name="proceed"></p>';
- echo '<td><button type="submit" form="formadd">Add event</button></td>';
- echo '</form></div>';
- echo '<div style="position:absolute;right:1vw;margin-left:1vw;top:1vh"><form action="admin.php" method="post" enctype="multipart/form-data" id="formlogout">';
- echo '<input type="hidden" name="type" value="L_O">';
- echo '<button type="submit" form="formlogout">Log out</button></div>';
- echo '</form>';
- echo '<div id="uploadcsv" style="position:absolute;right:1vw"><h4>Import csv</h4>';
- if($_POST['type']=='U_C'){
- if($_FILES['csv']['error']==0){
- $format = explode('.', $_FILES['csv']['name']);
- if($format[1]!='csv'){
- echo "Use a .csv file, not a " . $format[1] . " file";
- }else{
- $file = file($_FILES['csv']['tmp_name']);
- $events = Array();
- $first = explode(',', $file[0]);
- //print_r($first);
- $event_names = Array();
- for($i = 3; $i < sizeof($first); $i++){
- $events[$i] = Array();
- $event_names[$i] = trim($first[$i]);
- }
- $sql = "select max(id) from competitors";
- $result = $conn->query($sql)->fetch_row();
- $nxt_id = $result[0] + 1;
- for($i = 0; $i < sizeof($event_names); $i++){
- $name = $event_names[$i+3];
- //echo $name;
- $sql = "SELECT round FROM `harmo` where eventName = '" . $name . "' and compid = " . $comp_id;
- $res = $conn->query($sql)->fetch_row();
- //print_r($res);
- $event_names[$i+3] = $name . "," . $res[0];
- }
- //print_r($event_names);
- $bigsql = 'insert into competing (person_id, comp_id, event_name) values ';
- $done = false;
- for($i = 1; $i < sizeof($file); $i++){
- $person = explode(',',$file[$i]);
- //print_r($person);
- $sql = "SELECT count(id) from competitors where name = '" . $person[0] ."' and dob = '" . $person[1] . "' and sex = '" . $person[2] ."'";
- /*echo $sql;
- echo "<br>";*/
- $res = $conn->query($sql)->fetch_row();
- $person_id = 0;
- if($res[0]==0){
- /*echo $nxt_id;
- echo "<br>";*/
- $sql = "insert into competitors (id, name, dob, sex) values (" . $nxt_id . ",'" . $person[0] . "', '" . $person[1] . "', '" . $person[2] . "')";
- $conn->query($sql);
- //echo $sql;
- $person_id = $nxt_id;
- $nxt_id += 1;
- }else{
- $sql2 = "SELECT id from competitors where name = '" . $person[0] ."' and dob = '" . $person[1] . "' and sex = '" . $person[2] ."'";
- $res2 = $conn->query($sql2)->fetch_row();
- $person_id = $res2[0];
- }
- for($j = 3; $j < sizeof($person); $j++){
- if(trim($person[$j]) == "1"){
- $nsql = "(" . $person_id . ", " . $comp_id . ", '" . $event_names[$j] . "'), ";
- $bigsql = $bigsql . $nsql;
- $done = true;
- }
- }
- }
- if($done){
- $conn->query(substr($bigsql, 0, -2));
- }
- }
- }else{
- echo "doesn't work";
- }
- }
- echo '<form action="admin.php" method="post" enctype="multipart/form-data" id="formcsv">';
- echo '<input type="file" name="csv" id="csv">';
- echo '<input type="hidden" name="type" value="U_C">';
- echo '<input type="submit" value="Upload CSV" name="submit">';
- echo '</form>';
- echo '<br><br><br><br><br><br>';
- echo '<button onClick="delAC(\''.$comp_id.'\')">Delete All Competitors</button>';
- /*echo '</div>';
- echo '<div>';*/
- echo '<table>';
- echo '<tr><td>Name</td>';
- foreach($_events as $e){
- echo "<td>" . $e["eventName"] . " " . $e["round"] . "</td>";
- }
- echo '</tr>';
- $sql = "select distinct c.person_id, c2.name from competing c, competitors c2 where comp_id = ". $comp_id . " and c2.id = c.person_id order by person_id";
- $result = $conn->query($sql);
- while($row = $result->fetch_row()){
- //print_r($row);
- $sql2 = "select event_name from competing where comp_id = " . $comp_id . " and person_id = " . $row[0];
- $result2 = $conn->query($sql2);
- $this_person = Array();
- while ($row2 = $result2->fetch_row()){
- $this_person[$row2[0]] = 1;
- }
- echo "<tr>";
- echo "<td>";
- echo $row[1];
- echo "</td>";
- foreach($_events as $e){
- echo "<td>";
- if($this_person[$e["eventName"] . "," . $e["round"]]==1){
- echo "X";
- }else{
- echo "-";
- }
- echo "</td>";
- }
- echo "</tr>";
- }
- echo '</table>';
- echo '</div>';
- echo '</body>';
- }
- echo '</html>';
- function nh($msg)
- {
- return htmlspecialchars($msg);
- }
- function clog($msg) {
- echo "<script type='text/javascript'>console.log('$msg');</script>";
- }
- function alert($msg) {
- echo "<script type='text/javascript'>alert('$msg');</script>";
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement