<?php$servername = "localhost";$username = "spatyk_ttwmobile";$password =

1. <?php
2. $servername = "localhost";
3. $username = "spatyk_ttwmobile";
4. $password = "nie dla psa";
5. $dbname="spatyk_ttwmobile";
6. $cookie=true;
7. $link='https://ttwmobile.eu/dlstest?'.$_POST['name'];
8. $conn = new mysqli($servername, $username, $password, $dbname);
9. mysqli_set_charset($conn, "utf8");
10. $logged = false;
11. function random_string(){
12. $result="";
13. for($i=0;$i<64;$i++){
14. $result = $result . chr(rand(65,90));
15. }
16. return $result;
17. }
18. if(!empty($_COOKIE['login_cookie'])){
19. if(empty($_POST['name'])){
20. $sql = "select name from comps where cookie = '" . $_COOKIE['login_cookie'] . "'";
21. $result = $conn->query($sql)->fetch_assoc();
22. $_POST['name'] = $result['name'];
23. }
24. $sql = 'select cookie from comps where name = "' . $_POST['name'] . '"';
25. $result = $conn->query($sql)->fetch_assoc();
26. if($_COOKIE['login_cookie'] == $result['cookie']){
27. $logged = true;
28. }
29. else{
30. $cookie = false;
31. }
32. }
33. $logged_out = false;
34. if($_POST['type']=='L_O'){
35. $logged_out = true;
36. }
37. if(!empty($_POST["name"])||!empty($_POST["password"]))
38. {
39. $result=$conn->query("SELECT password FROM `comps` WHERE name='".nh($_POST['name'])."'")->fetch_row();
40. if(password_verify(nh($_POST["password"]),$result[0]))
41. {
42. $logged = true;
43. $pass=password_hash(nh($_POST['password']), PASSWORD_DEFAULT);
44. $cookie = random_string();
45. $sql = "update comps set cookie = '" . $cookie . "' where name = '" . $_POST['name'] . "'";
46. setcookie('login_cookie', $cookie, time() + 900);
47. $conn->query($sql);
48. }
49. else if($cookie)
50. {
51. if(!$logged_out){
52. $Err='password and comp name doesn\'t match';
53. }else{
54. $logged = false;
55. }
56. }
57. }
58. echo '<!DOCTYPE html>
59. <html>
60. <head>
61. <title>Admin Panel</title>
62. <style>
63. .error {color: #FF0000;}
64. .D {background-color: #DB7093}
65. .B {background-color: #FF6347}
66. .U {background-color: #FFFF66}
67.  
68. </style>
69. <link rel="stylesheet" href="styles/visibleIf.css" type="text/css" />
70. <script type="text/javascript" src="scripts/EventHelpers.js"></script>
71. <script type="text/javascript" src="scripts/visibleIf.js"></script>
72. <link rel="icon" href="favicon.ico">
73. <meta charset="utf-8">
74. <script src="scripts/jquery.js"></script>
75. <script src="scripts/adminScript.js"></script>
76. </head>';
77. if(!$logged){
78. echo '<body style="background-color:#D3D3D3;margin-top:0;padding-top:0">
79. <div id="box" style="position:relative;width:60vw;left:20vw;top:0vh;text-align:center;background-color: #4169E1;height:98vh">
80. <h1 style="top:5vh;">Admin tools</h1>
81. <div style="position:relative;top:5vh;">
82. <span class="error">'.$Err.'</span>
83. <form action="admin.php" method="post" enctype="multipart/form-data">
84. <p>Comp name <br> <input type="text" name="name" /></p>
85. <p>Password <br> <input type="password" name="password" /></p>
86. <p><input type="submit"></p>
87. </form>
88. </div>
89. </div>
90. </body>';
91. }else{
92. $_events = Array();
93. echo '<body><h1>Welcome to the control panel<br></h1>';
94. echo '';
95. $sql = "select id from comps where name = '" . $_POST['name'] . "'";
96. $result = $conn->query($sql)->fetch_assoc();
97. $comp_id = $result['id'];
98. echo '<span id="'.$_POST['name'].'" class="harmo" style="position:absolute;right:1vw;bottom:1vh" >Print Schedule</span>';
99. if(!isset($_POST['round']))
100. $_POST['round']='';
101. if(!isset($_POST['cutoff']))
102. $_POST['cutoff']='';
103. if(!isset($_POST['format']))
104. $_POST['format']='';
105. if($_POST['time']=='')
106. $time=$_POST['timeDB'];
107. else
108. $time=$_POST['time'];
109. if($_POST['rname']=='')
110. $rname=$_POST['rnameDB'];
111. else
112. $rname=$_POST['rname'];
113. if($_POST['type']=='A_E'){
114. $sql3 = "insert into harmo values (". $comp_id . " , '" . $time.
115. "', " . $_POST['newid'] .
116. ", '" . $rname.
117. "', '" . $_POST['round'] .
118. "', '". $_POST['cutoff'].
119. "','" . $_POST['eventType'].
120. "', '". $_POST['format'] .
121. "', '". $_POST['proceed'] . "')";
122. $conn->query($sql3);
123. }
124. if($_POST['type']=='C_E'){
125. $sql3 = "Update harmo set time='".$time."',eventName='".$rname."',round='".$_POST['round']."',cutOff='".$_POST['cutoff']."',eventType='".$_POST['eventType']."',format='".$_POST['format']."',proceed='".$_POST['proceed']."' WHERE eventID='".$_POST["id"]."'";
126. $conn->query($sql3);
127. }
128. $sql2 = 'select time, eventid, eventName, round, cutOff, eventType, format,proceed from harmo where compID = ' . $comp_id . ' order by time';
129. $result2 = $conn->query($sql2);
130. echo '<div style="position:absolute;right:1vw;margin-left:1vw;top:5vh"><a href="'.$link.'"><input type="text" value="'.$link.'" id="link"></a>';
131. echo '<br><span id="copy">Copy link to competiton site</span></div><div style="float:left"><table id="schedule">';
132. $last_id = 0;
133. echo '<tr><td>Godziny</td><td>Nazwa</td><td>Runda</td><td>Cutoff</td><td>Typ</td><td>Format</td><td>Proceed</td><td>Del</td></tr>';
134. while($row = $result2->fetch_assoc()){
135. if($last_id < $row['eventid']){
136. $last_id = $row['eventid'];
137. }
138. if($row['eventType']=='O' || $row['eventType']=='U'){
139. array_push($_events, $row);
140. }
141. echo '<tr class="'.$row['eventType'].'" id="'.$row['eventid'].':'.strtoupper($_POST['name']).'">';
142. echo "<td id='".$row['eventid']."time'>".$row['time']."</td>";
143. echo "<td id='".$row['eventid']."eventName'>".$row['eventName']."</td>";
144. echo "<td id='".$row['eventid']."round'>".$row['round']."</td>";
145. echo "<td id='".$row['eventid']."cutOff'>".$row['cutOff']."</td>";
146. echo "<td id='".$row['eventid']."eventType'>".$row['eventType']."</td>";
147. echo "<td id='".$row['eventid']."format'>".$row['format']."</td>";
148. echo "<td id='".$row['eventid']."proceed'>".$row['proceed']."</td>";
149. echo '<td id="del"><button onClick="delRow(\''.$row['eventid']."?".$_POST['name'].'\')">&#10006</button></td>';
150.  
151. echo "</form>";
152. echo "</tr>";
153. }
154. $last_id += 1;
155. echo '</table></div>';
156. echo '<div id="add" style="float:left;margin-left:5vw"><h4>Dodaj event</h4>';
157. echo '<form action="admin.php" method="post" enctype="multipart/form-data" id="formadd">';
158. echo '<input type="hidden" name="type" value="A_E">';
159. echo '<input type="hidden" name="name" value="' . $_POST['name'] .'">';
160. echo '<input type="hidden" name="newid" value="' . $last_id . '">';
161. echo '<p>Type of event</p>';
162. echo '<select name="eventType">
163. <option value="D">New day</option>
164. <option value="B">Break</option>
165. <option value="O">Official Event</option>
166. <option value="U">Unofficial Event</option>
167. </select>';
168. echo '<p>Time</p>';
169. echo '<p class="visibleIf" data-visibleif-rule="eventType != \'D\'"><input type="text" placeholder="DHH:MM - HH:MM" name="time"></p>';
170. echo '<p class="visibleIf" data-visibleif-rule="eventType == \'D\'"><input type="text" placeholder="D" name="timeDB"></p>';
171. echo '<p class="visibleIf" data-visibleif-rule="(eventType != \'D\')">Event name</p>';
172. echo '<p class="visibleIf" data-visibleif-rule="(eventType != \'D\')"><input type="text" name="rname"></p>';
173. echo '<p class="visibleIf" data-visibleif-rule="(eventType == \'D\')">Date</p>';
174. echo '<p class="visibleIf" data-visibleif-rule="(eventType == \'D\')"><input type="text" placeholder="SATURDAY - 2 DECEMBER 2017" name="rnameDB"></p>';
175. echo '<p class="visibleIf" data-visibleif-rule="(eventType != \'D\')&&(eventType != \'B\')">Round</p>';
176. echo '<p class="visibleIf" data-visibleif-rule="(eventType != \'D\')&&(eventType != \'B\')"><input type="text" name="round"></p>';
177. echo '<p class="visibleIf" data-visibleif-rule="(eventType != \'D\')&&(eventType != \'B\')">Cutoff</p>';
178. echo '<p class="visibleIf" data-visibleif-rule="(eventType != \'D\')&&(eventType != \'B\')"><input type="text" name="cutoff"></p>';
179. echo '<p class="visibleIf" data-visibleif-rule="(eventType != \'D\')&&(eventType != \'B\')">Format (ao5, bo3, etc)</p>';
180. echo '<p class="visibleIf" data-visibleif-rule="(eventType != \'D\')&&(eventType != \'B\')"><input type="text" name="format"></p>';
181. echo '<p class="visibleIf" data-visibleif-rule="(eventType != \'D\')&&(eventType != \'B\')">Proceed</p>';
182. echo '<p class="visibleIf" data-visibleif-rule="(eventType != \'D\')&&(eventType != \'B\')"><input type="text" name="proceed"></p>';
183. echo '<td><button type="submit" form="formadd">Add event</button></td>';
184. echo '</form></div>';
185. echo '<div style="position:absolute;right:1vw;margin-left:1vw;top:1vh"><form action="admin.php" method="post" enctype="multipart/form-data" id="formlogout">';
186. echo '<input type="hidden" name="type" value="L_O">';
187. echo '<button type="submit" form="formlogout">Log out</button></div>';
188. echo '</form>';
189. echo '<div id="uploadcsv" style="position:absolute;right:1vw"><h4>Import csv</h4>';
190. if($_POST['type']=='U_C'){
191. if($_FILES['csv']['error']==0){
192. $format = explode('.', $_FILES['csv']['name']);
193. if($format[1]!='csv'){
194. echo "Use a .csv file, not a " . $format[1] . " file";
195. }else{
196. $file = file($_FILES['csv']['tmp_name']);
197. $events = Array();
198. $first = explode(',', $file[0]);
199. //print_r($first);
200. $event_names = Array();
201. for($i = 3; $i < sizeof($first); $i++){
202. $events[$i] = Array();
203. $event_names[$i] = trim($first[$i]);
204. }
205. $sql = "select max(id) from competitors";
206. $result = $conn->query($sql)->fetch_row();
207. $nxt_id = $result[0] + 1;
208. for($i = 0; $i < sizeof($event_names); $i++){
209. $name = $event_names[$i+3];
210. //echo $name;
211. $sql = "SELECT round FROM `harmo` where eventName = '" . $name . "' and compid = " . $comp_id;
212. $res = $conn->query($sql)->fetch_row();
213. //print_r($res);
214. $event_names[$i+3] = $name . "," . $res[0];
215. }
216. //print_r($event_names);
217. $bigsql = 'insert into competing (person_id, comp_id, event_name) values ';
218. $done = false;
219. for($i = 1; $i < sizeof($file); $i++){
220. $person = explode(',',$file[$i]);
221. //print_r($person);
222. $sql = "SELECT count(id) from competitors where name = '" . $person[0] ."' and dob = '" . $person[1] . "' and sex = '" . $person[2] ."'";
223. /*echo $sql;
224. echo "<br>";*/
225. $res = $conn->query($sql)->fetch_row();
226. $person_id = 0;
227. if($res[0]==0){
228. /*echo $nxt_id;
229. echo "<br>";*/
230. $sql = "insert into competitors (id, name, dob, sex) values (" . $nxt_id . ",'" . $person[0] . "', '" . $person[1] . "', '" . $person[2] . "')";
231. $conn->query($sql);
232. //echo $sql;
233. $person_id = $nxt_id;
234. $nxt_id += 1;
235. }else{
236. $sql2 = "SELECT id from competitors where name = '" . $person[0] ."' and dob = '" . $person[1] . "' and sex = '" . $person[2] ."'";
237. $res2 = $conn->query($sql2)->fetch_row();
238. $person_id = $res2[0];
239. }
240. for($j = 3; $j < sizeof($person); $j++){
241. if(trim($person[$j]) == "1"){
242. $nsql = "(" . $person_id . ", " . $comp_id . ", '" . $event_names[$j] . "'), ";
243. $bigsql = $bigsql . $nsql;
244. $done = true;
245. }
246. }
247. }
248. if($done){
249. $conn->query(substr($bigsql, 0, -2));
250. }
251. }
252. }else{
253. echo "doesn't work";
254. }
255. }
256. echo '<form action="admin.php" method="post" enctype="multipart/form-data" id="formcsv">';
257. echo '<input type="file" name="csv" id="csv">';
258. echo '<input type="hidden" name="type" value="U_C">';
259. echo '<input type="submit" value="Upload CSV" name="submit">';
260. echo '</form>';
261. echo '<br><br><br><br><br><br>';
262. echo '<button onClick="delAC(\''.$comp_id.'\')">Delete All Competitors</button>';
263. /*echo '</div>';
264. echo '<div>';*/
265. echo '<table>';
266. echo '<tr><td>Name</td>';
267. foreach($_events as $e){
268. echo "<td>" . $e["eventName"] . " " . $e["round"] . "</td>";
269. }
270. echo '</tr>';
271. $sql = "select distinct c.person_id, c2.name from competing c, competitors c2 where comp_id = ". $comp_id . " and c2.id = c.person_id order by person_id";
272. $result = $conn->query($sql);
273. while($row = $result->fetch_row()){
274. //print_r($row);
275. $sql2 = "select event_name from competing where comp_id = " . $comp_id . " and person_id = " . $row[0];
276. $result2 = $conn->query($sql2);
277. $this_person = Array();
278. while ($row2 = $result2->fetch_row()){
279. $this_person[$row2[0]] = 1;
280. }
281. echo "<tr>";
282. echo "<td>";
283. echo $row[1];
284. echo "</td>";
285. foreach($_events as $e){
286. echo "<td>";
287. if($this_person[$e["eventName"] . "," . $e["round"]]==1){
288. echo "X";
289. }else{
290. echo "-";
291. }
292. echo "</td>";
293. }
294. echo "</tr>";
295. }
296. echo '</table>';
297. echo '</div>';
298. echo '</body>';
299. }
300. echo '</html>';
301. function nh($msg)
302. {
303. return htmlspecialchars($msg);
304. }
305. function clog($msg) {
306. echo "<script type='text/javascript'>console.log('$msg');</script>";
307. }
308. function alert($msg) {
309. echo "<script type='text/javascript'>alert('$msg');</script>";
310. }
311. ?>