ynerant/plateforme-tfjm2
1
0
Fork 0
mirror of https://gitlab.com/animath/si/plateforme.git synced 2025-11-04 13:12:17 +01:00
Code Issues Releases Wiki Activity

Séparation vue et contrôleur

Browse Source
This commit is contained in:
galaxyoyo
2019-09-06 13:48:50 +02:00
parent a1b4c42707
commit a1ef162bdb
58 changed files with 2628 additions and 2758 deletions
Download Patch File Download Diff File Expand all files Collapse all files

67
server_files/controllers/ajouter_equipe.php Normal file
View File

@@ -0,0 +1,67 @@
<?php
require_once "../config.php";
$tournaments_response = $DB->query("SELECT `id`, `name` FROM `tournaments` WHERE `date_inscription` > CURRENT_DATE AND `year` = '$YEAR';");
if (isset($_POST["submitted"])) {
$error_message = registerTeam();
}
function registerTeam() {
global $DB, $YEAR, $MAIL_ADDRESS, $access_code;
if ($_SESSION["team_id"] != NULL)
return "Vous êtes déjà dans une équipe.";
$name = htmlspecialchars($_POST["name"]);
if (!isset($name) || $name == "")
return "Vous devez spécifier un nom d'équipe.";
$result = $DB->query("SELECT `id` FROM `teams` WHERE `name` = '" . $name . "' AND `year` = '$YEAR';");
if ($result->fetch())
return "Une équipe existe déjà avec ce nom.";
$trigram = strtoupper(htmlspecialchars($_POST["trigram"]));
if (!preg_match("#^[A-Z][A-Z][A-Z]$#", $trigram))
return "Le trigramme entré n'est pas valide.";
$result = $DB->query("SELECT `id` FROM `teams` WHERE `trigram` = '" . $trigram . "' AND `year` = '$YEAR';");
if ($result->fetch())
return "Une équipe a déjà choisi ce trigramme.";
$tournament_id = intval(htmlspecialchars($_POST["tournament"]));
$result = $DB->query("SELECT `id`, `name` FROM `tournaments` WHERE `id` = '" . $tournament_id . "' AND `year` = '$YEAR';");
$data = $result->fetch();
if ($data === FALSE)
return "Le tournoi spécifié n'existe pas.";
$alphabet = "0123456789abcdefghijkmnopqrstuvwxyz0123456789";
$access_code = "";
for ($i = 0; $i < 6; ++$i)
$access_code .= $alphabet[rand(0, strlen($alphabet) - 1)];
$req = $DB->prepare("INSERT INTO `teams` (`name`, `trigram`, `tournament`, `encadrant_1`, `participant_1`, `validation_status`, `access_code`, `year`)
VALUES (?, ?, ?, ?, ?, ?, ?, ?);");
$req->execute([$name, $trigram, $tournament_id, $_SESSION["role"] == "ENCADRANT" ? $_SESSION["user_id"] : NULL,
$_SESSION["role"] == "PARTICIPANT" ? $_SESSION["user_id"] : NULL, "NOT_READY", $access_code, $YEAR]);
$result = $DB->query("SELECT `id` FROM `teams` WHERE `name` = '" . $name . "' AND `year` = '$YEAR';");
$data_team = $result->fetch();
$DB->prepare("UPDATE `users` SET `team_id` = ? WHERE `id` = " . $_SESSION["user_id"] . ";")->execute([$data_team["id"]]);
$msg = "Bonjour " . $_SESSION["first_name"] . " " . $_SESSION["surname"] . ",\r\n\r\n";
$msg .= "Vous venez de créer l'équipe « $name » ($trigram) pour le TFJM² de " . $data["name"] . " et nous vous en remercions. ";
$msg .= "Afin de permettre aux autres membres de votre équipe de vous rejoindre, veuillez leur transmettre le code d'accès : " . $access_code . "\r\n\r\n";
$msg .= "Cordialement,\r\n\r\nL'organisation du TFJM² $YEAR";
mail($_SESSION["email"], "Nouvelle équipe TFJM² $YEAR", $msg, "From: $MAIL_ADDRESS\r\n");
return false;
}
require_once "../views/header.php";
require_once "../views/ajouter_equipe.php";
require_once "../views/footer.php";

64
server_files/controllers/ajouter_organisateur.php Normal file
View File

@@ -0,0 +1,64 @@
<?php
require_once "../config.php";
if (!isset($_SESSION["role"]) || $_SESSION["role"] != "ADMIN")
require_once "../403.php";
if (isset($_POST["submitted"])) {
$error_message = addOrganizer();
}
function addOrganizer()
{
global $DB, $YEAR, $MAIL_ADDRESS;
$surname = htmlspecialchars($_POST["surname"]);
if (!isset($surname) || $surname == "")
return "Le nom est invalide.";
$first_name = htmlspecialchars($_POST["first_name"]);
if (!isset($first_name) || $first_name == "")
return "Le prénom est invalide.";
$email = strtolower(htmlspecialchars($_POST["email"]));
if (!isset($email) || $email == "" || !filter_var($email, FILTER_VALIDATE_EMAIL))
return "L'adresse e-mail est invalide.";
$admin = isset($_POST["admin"]) && $_POST["admin"] == "on";
$req = $DB->prepare("SELECT `id` FROM `users` WHERE `email` = ? AND `year` = '$YEAR';");
$req->execute([$email]);
if ($req->fetch() !== FALSE)
return "Cette adresse e-mail est déjà utilisée.";
$alphabet = "0123456789abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
$password = "";
for ($i = 0; $i < 16; ++$i)
$password .= $alphabet[rand(0, strlen($alphabet) - 1)];
$hash = password_hash($password, PASSWORD_BCRYPT);
$req = $DB->prepare("INSERT INTO `users`(`email`, `pwd_hash`, `surname`, `first_name`, `role`, `year`)
VALUES (?, ?, ?, ?, ?, ?);");
$req->execute([$email, $hash, $surname, $first_name, $admin ? "ADMIN" : "ORGANIZER", $YEAR]);
$msg = "Bonjour " . $first_name . " " . $surname . ",\r\n\r\n"
. "Vous recevez ce message (envoyé automatiquement) car vous êtes organisateur d'un des tournois du TFJM². "
. "Veuillez trouver ci-dessous vos informations d'utilisateur pour le site officiel des inscriptions. "
. "Elles vous permettront de gérer les inscriptions des équipes de votre tournoi.\r\n\r\n"
. "Votre mot de passe est : $password\r\n\r\n"
. "Notez bien que ce mot de passe est temporaire, et pour des raisons de sécurité vous devrez le changer "
. "lors de votre prochaine connexion sur le site.\r\n\r\n"
. "Merci beaucoup pour votre aide !\r\n\r\n"
. "Les organisateurs du TFJM²";
mail($email, "Organisateur du TFJM²", $msg, "From: $MAIL_ADDRESS\r\n");
return false;
}
require_once "../views/header.php";
require_once "../views/ajouter_organisateur.php";
require_once "../views/footer.php";

114
server_files/controllers/ajouter_tournoi.php Normal file
View File

@@ -0,0 +1,114 @@
<?php
require_once "../config.php";
if (!isset($_SESSION["role"]) || $_SESSION["role"] != "ADMIN")
require_once "../403.php";
$orgas_response = $DB->query("SELECT `id`, `surname`, `first_name` FROM `users` WHERE (`role` = 'ORGANIZER' OR `role` = 'ADMIN') AND `year` = '$YEAR';");
if (isset($_POST["submitted"])) {
$error_message = registerTournament();
}
function registerTournament() {
global $DB, $YEAR, $MAIL_ADDRESS;
$name = htmlspecialchars($_POST["name"]);
$result = $DB->query("SELECT `id` FROM `tournaments` WHERE `name` = '" . $name . "' AND `year` = '$YEAR';");
if ($result->fetch())
return "Un tournoi existe déjà avec ce nom.";
if (!isset($_POST["organizer"]) || sizeof($_POST["organizer"]) == 0)
return "Aucun organisateur n'a été choisi.";
$organizers = $_POST["organizer"];
$orga_mails = [];
foreach ($organizers as $orga) {
$result = $DB->query("SELECT `role`, `email` FROM `users` WHERE `id` = '" . $orga . "' AND `year` = '$YEAR';");
$data = $result->fetch();
if ($data === FALSE)
return "L'organisateur spécifié n'existe pas.";
if ($data["role"] != "ORGANIZER" && $data["role"] != "ADMIN")
return "L'organisateur indiqué ne peut pas organiser de tournoi.";
$orga_mails[] = $data["email"];
}
try {
$size = intval(htmlspecialchars($_POST["size"]));
}
catch (Exception $ex) {
return "Le nombre d'équipes indiqué n'est pas un entier valide.";
}
if ($size < 3 || $size > 12)
return "Un tournoi doit comporter entre 3 et 12 équipes.";
$place = htmlspecialchars($_POST["place"]);
try {
$price = intval(htmlspecialchars($_POST["price"]));
}
catch (Throwable $t) {
return "Le tarif pour les participants n'est pas un nombre valide.";
}
if ($price < 0)
return "Le TFJM² ne va pas payer les élèves pour venir.";
if ($price > 50)
return "Soyons raisonnable sur le prix.";
$date_start = htmlspecialchars($_POST["date_start"]);
$date_start_parsed = date_parse_from_format("yyyy-mm-dd", $date_start);
$date_end = htmlspecialchars($_POST["date_end"]);
$date_end_parsed = date_parse_from_format("yyyy-mm-dd", $date_end);
$date_inscription = htmlspecialchars($_POST["date_inscription"]);
$time_inscription = htmlspecialchars($_POST["time_inscription"]);
$date_inscription_parsed = date_parse_from_format("yyyy-mm-dd", $date_inscription . ' ' . $time_inscription);
$date_solutions = htmlspecialchars($_POST["date_solutions"]);
$time_solutions = htmlspecialchars($_POST["time_solutions"]);
$date_solutions_parsed = date_parse_from_format("yyyy-mm-dd", $date_solutions . ' ' . $time_solutions);
$date_syntheses = htmlspecialchars($_POST["date_syntheses"]);
$time_syntheses = htmlspecialchars($_POST["time_syntheses"]);
$date_syntheses_parsed = date_parse_from_format("yyyy-mm-dd", $date_syntheses . ' ' . $time_syntheses);
if (!$date_start_parsed || !$date_end_parsed || !$date_inscription_parsed || !$date_solutions_parsed || !$date_syntheses_parsed)
return "Une date est mal formée.";
$description = htmlspecialchars($_POST["description"]);
$final = isset($_POST["final"]) && $_POST["final"];
if ($final && $DB->query("SELECT `id` FROM `tournaments` WHERE `final` = true AND `year` = $YEAR;")->fetch() !== false)
return "Une finale est déjà enregistrée.";
$req = $DB->prepare("INSERT INTO `tournaments` (`name`, `size`, `place`, `price`, `description`,
`date_start`, `date_end`, `date_inscription`, `date_solutions`, `date_syntheses`, `final`, `year`)
VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?);");
$req->execute([$name, $size, $place, $price, $description, $date_start, $date_end,
"$date_inscription $time_inscription", "$date_solutions $time_solutions", "$date_syntheses $time_syntheses", $final, $YEAR]);
$req = $DB->query("SELECT `id` FROM `tournaments` WHERE `name` = '$name' AND `year` = $YEAR;");
$tournament_id = $req->fetch()["id"];
foreach ($organizers as $orga) {
$req = $DB->prepare("INSERT INTO `organizers`(`organizer`, `tournament`) VALUES(?, ?);");
$req->execute([$orga, $tournament_id]);
}
foreach ($orga_mails as $orga_mail)
mail($orga_mail, "Organisateur TFJM² " . $name, "Vous venez d'être promu organisateur du tournoi " . $name . " pour le TFJM² $YEAR !", "From: $MAIL_ADDRESS");
return false;
}
require_once "../views/header.php";
require_once "../views/ajouter_tournoi.php";
require_once "../views/footer.php";

21
server_files/controllers/confirmer_mail.php Normal file
View File

@@ -0,0 +1,21 @@
<?php
require_once "../config.php";
$token = $_GET["token"];
if (isset($token)) {
$result = $DB->query("SELECT `email` FROM `users` WHERE `confirm_email` = '$token' AND `year` = '$YEAR';");
if (($data = $result->fetch()) === FALSE)
$error_message = "Le jeton est invalide. Votre compte est peut-être déjà validé ?";
else {
$DB->exec("UPDATE `users` SET `confirm_email` = NULL WHERE `confirm_email` = '$token';");
$error_message = "Votre adresse mail a été validée ! Vous pouvez désormais vous connecter.";
}
}
else {
$error_message = "Il n'y a pas de compte à valider !";
}
require_once "../views/header.php";
echo "<h2>$error_message</h2>";
require_once "../views/footer.php";

137
server_files/controllers/connexion.php Normal file
View File

@@ -0,0 +1,137 @@
<?php
require_once "../config.php";
if (isset($_POST["submitted"]) && !isset($_SESSION["user_id"])) {
$error_message = login();
}
if (isset($_POST["forgotten_password"]) && !isset($_SESSION["user_id"])) {
$error_message = recuperateAccount();
}
if (isset($_GET["reset_password"]) && isset($_GET["token"]) && !isset($_SESSION["user_id"])) {
$reset_data = $DB->query("SELECT `id`, `email` FROM `users` WHERE `forgotten_password` = '" . htmlspecialchars($_GET["token"]) . "';")->fetch();
if ($reset_data === FALSE) {
header("Location: $URL_BASE/connexion");
exit();
}
if (isset($_POST["reset_password"]))
$error_message = resetPassword();
}
if (isset($_GET["confirmation-mail"]) && !isset($_SESSION["user_id"])) {
$error_message = sendConfirmEmail();
}
function login() {
global $DB, $URL_BASE;
$email = htmlspecialchars($_POST["email"]);
if (!filter_var($email, FILTER_VALIDATE_EMAIL))
return "L'email entrée est invalide.";
$password = htmlspecialchars($_POST["password"]);
$result = $DB->query("SELECT `id`, `pwd_hash`, `email`, `surname`, `first_name`, `role`, `team_id`, `confirm_email` FROM `users` WHERE `email` = '" . $email . "';");
if (($data = $result->fetch()) === FALSE)
return "Le compte n'existe pas.";
if ($data["confirm_email"] !== NULL) {
$_SESSION["confirm_email"] = $email;
return "L'adresse mail n'a pas été validée. Veuillez vérifier votre boîte mail (surtout vos spams). <a href=\"$URL_BASE/connexion/confirmation-mail\">Cliquez ici pour renvoyer le mail de confirmation</a>.";
}
if (!password_verify($password, $data["pwd_hash"]))
return "Le mot de passe est incorrect.";
$_SESSION["user_id"] = $data["id"];
loadUserValues();
return false;
}
function recuperateAccount() {
global $DB, $MAIL_ADDRESS, $URL_BASE, $YEAR;
$email = htmlspecialchars($_POST["email"]);
if (!filter_var($email, FILTER_VALIDATE_EMAIL))
return "L'email entrée est invalide.";
$req = $DB->query("SELECT `id` FROM `users` WHERE `email` = '$email' AND `year` = $YEAR;");
if (!$req->fetch())
return "Le compte n'existe pas.";
$token = uniqid();
$DB->exec("UPDATE `users` SET `forgotten_password` = '$token' WHERE `email` = '$email' AND `year` = $YEAR;");
$msg = "Bonjour,\r\n\r\n"
. "Vous avez indiqué avoir oublié votre mot de passe. Veuillez cliquer ici pour le réinitialiser : $URL_BASE/connexion/reinitialiser_mdp/$token\r\n\r\n"
. "Si vous n'êtes pas à l'origine de cette manipulation, vous pouvez ignorer ce message.\r\n\r\n"
. "Cordialement,\r\n\r\n"
. "Le comité national d'organisation du TFJM².";
mail("$email", "Mot de passe oublié - TFJM²", $msg, "From: $MAIL_ADDRESS\r\n");
return false;
}
function resetPassword() {
global $DB, $MAIL_ADDRESS, $reset_data;
$id = $reset_data["id"];
$email = $reset_data["email"];
$password = htmlspecialchars($_POST["password"]);
$confirm = htmlspecialchars($_POST["confirm_password"]);
if (strlen($password) < 8)
return "Le mot de passe doit comporter au moins 8 caractères.";
if ($password != $confirm)
return "Les deux mots de passe sont différents.";
$hash = password_hash($password, PASSWORD_BCRYPT);
$DB->prepare("UPDATE `users` SET `pwd_hash` = ?, `forgotten_password` = NULL WHERE `id` = ?;")->execute([$hash, $id]);
$msg = "Bonjour,\r\n\r\nNous vous informons que votre mot de passe vient d'être modifié. "
. "Si vous n'êtes pas à l'origine de cette manipulation, veuillez immédiatement vérifier vos accès à votre boîte mail et changer votre mot de passe sur la plateforme d'inscription.\r\n\r\n"
. "Cordialement,\r\n\r\nLe comité national d'organisation du TFJM²";
mail($email, "Mot de passe modifié TFJM²", $msg, "From: $MAIL_ADDRESS\r\n");
return false;
}
function sendConfirmEmail() {
global $DB, $URL_BASE, $MAIL_ADDRESS, $YEAR;
$email = htmlspecialchars($_SESSION["confirm_email"]);
if (!isset($email)) {
header("Location: $URL_BASE/connexion");
exit();
}
$data = $DB->query("SELECT `confirm_email` FROM `users` WHERE `email` = '$email' AND `year` = $YEAR;")->fetch();
if ($data === FALSE) {
unset($_SESSION["confirm_email"]);
header("Location: $URL_BASE/connexion");
exit();
}
$confirm_email_uid = $data["confirm_email"];
$msg = "Bonjour,\r\n\r\nPour confirmer votre adresse mail, cliquez ici : $URL_BASE/confirmer_mail/$confirm_email_uid\r\n\r\n"
. "Cordialement,\r\n\r\nLe comité national d'organisation du TFJM²";
mail($email, "Confirmation d'adresse mail TFJM² $YEAR", $msg, "From: $MAIL_ADDRESS\r\n");
return false;
}
require_once "../views/header.php";
require_once "../views/connexion.php";
require_once "../views/footer.php";

10
server_files/controllers/deconnexion.php Normal file
View File

@@ -0,0 +1,10 @@
<?php
require_once "../config.php";
unset($_SESSION["user_id"]);
session_destroy();
require_once "../views/header.php";
echo "<h2>Déconnexion réussie !</h2>";
require_once "../views/footer.php";

77
server_files/controllers/equipe.php Normal file
View File

@@ -0,0 +1,77 @@
<?php
require_once "../config.php";
$trigram = htmlspecialchars($_GET["trigram"]);
if (isset($_POST["validate"])) {
$DB->exec("UPDATE `teams` SET `validation_status` = 'VALIDATED' WHERE `trigram` = '$trigram' AND `year` = $YEAR;");
}
$team_data = $DB->query("SELECT * FROM `teams` WHERE `trigram` = '$trigram' AND `year` = $YEAR;")->fetch();
if (isset($_POST["select"])) {
$DB->exec("UPDATE `teams` SET `final_selection` = true, `validation_status` = 'NOT_READY' WHERE `trigram` = '$trigram' AND `year` = $YEAR;");
$team_data["validation_status"] = "NOT_READY";
$team_data["final_selection"] = true;
$final_id = $_SESSION["final_id"];
$team_id = $team_data["id"];
$sols_req = $DB->prepare("SELECT `file_id`, `problem`, COUNT(`problem`) AS `version` FROM `solutions` WHERE `team` = ? AND `tournament` = ? GROUP BY `problem`, `uploaded_at` ORDER BY `problem`, `uploaded_at` DESC;");
$sols_req->execute([$team_data["id"], $team_data["tournament"]]);
while (($sol_data = $sols_req->fetch()) !== false) {
$old_id = $sol_data["file_id"];
$alphabet = "abcdefghijklmnopqrstuvwxyz0123456789";
do {
$id = "";
for ($i = 0; $i < 64; ++$i) {
$id .= $alphabet[rand(0, strlen($alphabet) - 1)];
}
}
while (file_exists("$LOCAL_PATH/files/$id"));
copy("$LOCAL_PATH/files/$old_id", "$LOCAL_PATH/files/$id");
$req = $DB->prepare("INSERT INTO `solutions`(`file_id`, `team`, `tournament`, `problem`)
VALUES (?, ?, ?, ?);");
$req->execute([$id, $team_id, $_SESSION["final_id"], $sol_data["problem"]]);
}
$syntheses_req = $DB->prepare("SELECT `file_id`, `dest`, COUNT(`dest`) AS `version` FROM `syntheses` WHERE `team` = ? AND `tournament` = ? GROUP BY `dest`, `uploaded_at` ORDER BY `dest`, `uploaded_at` DESC;");
$syntheses_req->execute([$team_data["id"], $team_data["tournament"]]);
while (($synthese_data = $syntheses_req->fetch()) !== false) {
$old_id = $synthese_data["file_id"];
$alphabet = "abcdefghijklmnopqrstuvwxyz0123456789";
do {
$id = "";
for ($i = 0; $i < 64; ++$i) {
$id .= $alphabet[rand(0, strlen($alphabet) - 1)];
}
}
while (file_exists("$LOCAL_PATH/files/$id"));
copy("$LOCAL_PATH/files/$old_id", "$LOCAL_PATH/files/$id");
$req = $DB->prepare("INSERT INTO `syntheses`(`file_id`, `team`, `tournament`, `dest`) VALUES (?, ?, ?, ?);");
$req->execute([$id, $team_id, $_SESSION["final_id"], $synthese_data["dest"]]);
}
}
if ($team_data === false)
require_once "../404.php";
$tournament_data = $DB->query("SELECT `name`, `date_start` FROM `tournaments` WHERE `id` = '" . $team_data["tournament"] . "' AND `year` = '$YEAR';")->fetch();
$documents_req = $DB->prepare("SELECT `file_id`, `user`, `type`, COUNT(`type`) AS `version` FROM `documents` WHERE `team` = ? AND `tournament` = ? GROUP BY `user`, `type` ORDER BY `user`, `type` ASC, MAX(`uploaded_at`) DESC;");
$documents_req->execute([$team_data["id"], $team_data["tournament"]]);
if ($team_data["final_selection"]) {
$documents_final_req = $DB->prepare("SELECT `file_id`, `user`, `type`, COUNT(`type`) AS `version` FROM `documents` WHERE `team` = ? AND `tournament` != ? GROUP BY `user`, `type` ORDER BY `user`, `type` ASC, MAX(`uploaded_at`) DESC;");
$documents_final_req->execute([$team_data["id"], $_SESSION["final_id"]]);
}
require_once "../views/header.php";
require_once "../views/equipe.php";
require_once "../views/footer.php";

6
server_files/controllers/index.php Normal file
View File

@@ -0,0 +1,6 @@
<?php
require_once "../config.php";
require_once "../views/header.php";
require_once "../views/index.php";
require_once "../views/footer.php";

25
server_files/controllers/informations.php Normal file
View File

@@ -0,0 +1,25 @@
<?php
require_once "../config.php";
if (!isset($_SESSION["role"]) || $_SESSION["role"] != "ORGANIZER" && $_SESSION["role"] != "ADMIN") {
require_once "../403.php";
}
$id = $_GET["id"];
$user_data = $DB->query("SELECT * FROM `users` WHERE `id` = $id;")->fetch();
if ($user_data === false) {
require_once "../404.php";
}
$team_data = false;
if ($user_data["team_id"] !== NULL)
$team_data = $DB->query("SELECT `name`, `trigram` FROM `teams` WHERE `id` = " . $user_data["team_id"] . ";")->fetch();
$documents_req = $DB->query("SELECT * FROM `documents` WHERE `user` = $id;");
$tournaments_req = $DB->query("SELECT `tournament`, `name` FROM `organizers` JOIN `tournaments` ON `tournaments`.`id` = `tournament` WHERE `organizer` = $id ORDER BY `date_start`, `name`;");
require_once "../views/header.php";
require_once "../views/informations.php";
require_once "../views/footer.php";

133
server_files/controllers/inscription.php Normal file
View File

@@ -0,0 +1,133 @@
<?php
require_once "../config.php";
if (isset($_POST["submitted"])) {
$error_message = register();
}
function register() {
global $DB, $YEAR, $URL_BASE, $MAIL_ADDRESS;
global $email, $firstname, $surname, $birth_date, $gender, $address, $postal_code, $city, $country, $phone_number, $role, $school, $class, $responsible_name, $responsible_phone, $responsible_email;
$email = strtolower(htmlspecialchars($_POST["email"]));
if (!filter_var($email, FILTER_VALIDATE_EMAIL))
return "L'email entrée est invalide.";
$result = $DB->query("SELECT `email` FROM `users` WHERE `email` = '" . $email . "' AND `year` = '$YEAR';");
if ($result->fetch())
return "Un compte existe déjà avec cette adresse e-mail.";
$password = htmlspecialchars($_POST["password"]);
if (strlen($password) < 8)
return "Le mot de passe doit comporter au moins 8 caractères.";
if ($password != $_POST["confirm_password"])
return "Les deux mots de passe sont différents.";
$password = password_hash($password, PASSWORD_BCRYPT);
$surname = strtoupper(htmlspecialchars($_POST["surname"]));
if (!isset($surname) || $surname == "")
return "Le nom de famille est obligatoire.";
$firstname = htmlspecialchars($_POST["firstname"]);
if (!isset($surname) || $surname == "")
return "Le prénom est obligatoire.";
$birth_date = date_parse_from_format("yyyy-mm-dd", htmlspecialchars($_POST["birth_date"]));
if ($birth_date === FALSE)
return "La date de naissance est invalide.";
if (htmlspecialchars($_POST["birth_date"]) >= $YEAR . "-01-01")
return "Vous devez avoir un âge strictement positif. Date de naissance rentrée : " . htmlspecialchars($_POST["birth_date"]);
$gender = htmlspecialchars($_POST["gender"]);
if (!isset($gender) || ($gender != "M" && $gender != "F"))
return "Le sexe indiqué est invalide.";
$address = htmlspecialchars($_POST["address"]);
if (!isset($address))
$address = "";
try {
$postal_code = intval($_POST["postal_code"]);
if ($postal_code < 1000 || $postal_code > 95999)
return "Le code postal est invalide.";
}
catch (Exception $ex) {
return "Le code postal n'est pas un nombre valide.";
}
$city = htmlspecialchars($_POST["city"]);
if (!isset($city))
$city = "";
$country = htmlspecialchars($_POST["country"]);
if (!isset($country))
$country = "France";
$phone_number = htmlspecialchars($_POST["phone_number"]);
if (!isset($phone_number) || $phone_number == "")
return "Vous devez renseigner un numéro de téléphone.";
$role = htmlspecialchars($_POST["role"]);
if (!isset($role) || ($role != "participant" && $role != "encadrant"))
return "Le rôle entré n'est pas valide.";
$role = strtoupper($role);
$school = htmlspecialchars($_POST["school"]);
$class = strtoupper(htmlspecialchars($_POST["class"]));
$responsible_name = htmlspecialchars($_POST["responsible_name"]);
$responsible_phone = htmlspecialchars($_POST["responsible_phone"]);
$responsible_email = htmlspecialchars($_POST["responsible_email"]);
if ($role == "ENCADRANT") {
$school = NULL;
$class = NULL;
$responsible_name = NULL;
$responsible_phone = NULL;
$responsible_email = NULL;
}
else {
if (!isset($class) && $class != "TERMINALE" && $class != "PREMIERE" && $class != "SECONDE")
return "La classe spécifiée est invalide. Merci de ne pas créer vos propres requêtes.";
if ((!isset($responsible_name) || $responsible_name == "") && $birth_date > strval($YEAR - 18) . "-05-01")
return "Veuillez spécifier un nom de responsable légal.";
if ((!isset($responsible_phone) || $responsible_phone == "") && (!isset($responsible_email) || !filter_var($responsible_email, FILTER_VALIDATE_EMAIL))
&& $birth_date > strval($YEAR - 18) . "-05-01")
return "Veuillez préciser au moins le numéro de téléphone ou l'addresse e-mail de votre responsable légal.";
}
$description = $_POST["description"];
if ($role == "PARTICIPANT")
$description = NULL;
$confirm_email_uid = uniqid();
$req = $DB->prepare("INSERT INTO `users`(`email`, `pwd_hash`, `confirm_email`, `surname`, `first_name`, `birth_date`, `gender`,
`address`, `postal_code`, `city`, `country`, `phone_number`, `school`, `class`, `role`, `description`, `year`)
VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?);");
$req->execute([$email, $password, $confirm_email_uid, $surname, $firstname, $_POST["birth_date"], $gender, $address, $postal_code,
$city, $country, $phone_number, $school, $class, $role, $description, $YEAR]);
$msg = "Merci pour votre inscription au TFJM² $YEAR ! Veuillez désormais confirmer votre adresse mail en cliquant ici : $URL_BASE/confirmer_mail/$confirm_email_uid";
mail($email, "Inscription au TFJM² $YEAR", $msg, "From: $MAIL_ADDRESS\r\n");
return false;
}
require_once "../views/header.php";
require_once "../views/inscription.php";
require_once "../views/footer.php";

143
server_files/controllers/mon_compte.php Normal file
View File

@@ -0,0 +1,143 @@
<?php
require_once "../config.php";
if (isset($_POST["submitted"])) {
$error_message = updateAccount();
} elseif (isset($_POST["submitted_password"])) {
$error_message = updatePassword();
}
if (isset($_SESSION["user_id"])) {
$result = $DB->query("SELECT * FROM `users` WHERE `id` = '" . $_SESSION["user_id"] . "';");
$user_data = $result->fetch();
}
else
require_once "../403.php";
function updateAccount()
{
global $DB, $URL_BASE, $MAIL_ADDRESS;
if (!isset($_SESSION["user_id"]))
return "Vous n'êtes pas connecté.";
$ID = $_SESSION["user_id"];
$surname = htmlspecialchars($_POST["surname"]);
if (isset($surname) && $surname != "")
$DB->prepare("UPDATE `users` SET `surname` = ? WHERE `id` = ?;")->execute([$surname, $ID]);
$first_name = htmlspecialchars($_POST["firstname"]);
if (isset($first_name) && $first_name != "")
$DB->prepare("UPDATE `users` SET `first_name` = ? WHERE `id` = ?;")->execute([$first_name, $ID]);
$birth_date = htmlspecialchars($_POST["birth_date"]);
if (isset($birth_date) && $birth_date != "")
$DB->prepare("UPDATE `users` SET `birth_date` = ? WHERE `id` = ?;")->execute([$birth_date, $ID]);
if (isset($_POST["gender"])) {
$gender = htmlspecialchars($_POST["gender"]);
if (isset($gender) && ($gender == "M" || $gender == "F"))
$DB->prepare("UPDATE `users` SET `gender` = ? WHERE `id` = ?;")->execute([$gender, $ID]);
}
$address = htmlspecialchars($_POST["address"]);
if (isset($address) && $address != "")
$DB->prepare("UPDATE `users` SET `address` = ? WHERE `id` = ?;")->execute([$address, $ID]);
$postal_code = htmlspecialchars($_POST["postal_code"]);
if (isset($postal_code) && $postal_code != "")
$DB->prepare("UPDATE `users` SET `postal_code` = ? WHERE `id` = ?;")->execute([$postal_code, $ID]);
$city = htmlspecialchars($_POST["city"]);
if (isset($city) && $city != "")
$DB->prepare("UPDATE `users` SET `city` = ? WHERE `id` = ?;")->execute([$city, $ID]);
$country = htmlspecialchars($_POST["country"]);
if (isset($country) && $country != "")
$DB->prepare("UPDATE `users` SET `country` = ? WHERE `id` = ?;")->execute([$country, $ID]);
$phone_number = htmlspecialchars($_POST["phone_number"]);
if (isset($phone_number) && $phone_number != "")
$DB->prepare("UPDATE `users` SET `phone_number` = ? WHERE `id` = ?;")->execute([$phone_number, $ID]);
if (isset($_POST["school"])) {
$school = htmlspecialchars($_POST["school"]);
if (isset($school) && $school != "")
$DB->prepare("UPDATE `users` SET `school` = ? WHERE `id` = ?;")->execute([$school, $ID]);
}
if (isset($_POST["class"])) {
$class = htmlspecialchars($_POST["class"]);
if (isset($class) && ($class == "terminale" || $class == "premiere" || $class == "seconde"))
$DB->prepare("UPDATE `users` SET `class` = ? WHERE `id` = ?;")->execute([strtoupper($class), $ID]);
}
if (isset($_POST["responsible_name"])) {
$responsible_name = htmlspecialchars($_POST["responsible_name"]);
if (isset($responsible_name) && $responsible_name != "")
$DB->prepare("UPDATE `users` SET `responsible_name` = ? WHERE `id` = ?;")->execute([$responsible_name, $ID]);
}
if (isset($_POST["responsible_phone"])) {
$responsible_phone = htmlspecialchars($_POST["responsible_phone"]);
if (isset($responsible_phone) && $responsible_phone != "")
$DB->prepare("UPDATE `users` SET `responsible_phone` = ? WHERE `id` = ?;")->execute([$responsible_phone, $ID]);
}
if (isset($_POST["responsible_email"])) {
$responsible_email = htmlspecialchars($_POST["responsible_email"]);
if (isset($responsible_email) && $responsible_email != "")
$DB->prepare("UPDATE `users` SET `responsible_email` = ? WHERE `id` = ?;")->execute([$responsible_email, $ID]);
}
if (isset($_POST["description"])) {
$description = htmlspecialchars($_POST["description"]);
if (isset($description) && $description != "")
$DB->prepare("UPDATE `users` SET `description` = ? WHERE `id` = ?;")->execute([$description, $ID]);
}
$email = htmlspecialchars($_POST["email"]);
if (isset($email) && $email != "" && filter_var($email, FILTER_VALIDATE_EMAIL)) {
$confirm_email_uid = uniqid();
$DB->prepare("UPDATE `users` SET `email` = ?, `confirm_email` = ? WHERE `id` = ?;")->execute([$email, $confirm_email_uid, $ID]);
$msg = "Vous venez de changer votre adresse mail. Veuillez désormais confirmer votre adresse mail en cliquant ici : $URL_BASE/confirmer_mail/$confirm_email_uid";
mail($email, "Changement d'adresse mail - TFJM²", $msg, "From: $MAIL_ADDRESS\r\n");
}
return false;
}
function updatePassword()
{
global $DB, $YEAR;
$old = htmlspecialchars($_POST["old_password"]);
$new = htmlspecialchars($_POST["new_password"]);
$confirm = htmlspecialchars($_POST["confirm_password"]);
$result = $DB->query("SELECT `pwd_hash` FROM `users` WHERE `id` = '" . $_SESSION["user_id"] . "' AND `year` = '$YEAR';");
if (($data = $result->fetch()) === FALSE)
return "Le compte n'existe pas.";
if (!password_verify($old, $data["pwd_hash"]))
return "L'ancien mot de passe est incorrect.";
if (strlen($new) < 8)
return "Le mot de passe doit comporter au moins 8 caractères.";
if ($new != $confirm)
return "Les deux mots de passe sont différents.";
$hash = password_hash($new, PASSWORD_BCRYPT);
$DB->prepare("UPDATE `users` SET `pwd_hash` = ? WHERE `id` = ?;")->execute([$hash, $_SESSION["user_id"]]);
return false;
}
require_once "../views/header.php";
require_once "../views/mon_compte.php";
require_once "../views/footer.php";

167
server_files/controllers/mon_equipe.php Normal file
View File

@@ -0,0 +1,167 @@
<?php
require_once "../config.php";
if (isset($_POST["leave_team"])) {
quitTeam();
}
$tournaments_response = $DB->query("SELECT `id`, `name` FROM `tournaments` WHERE `year` = '$YEAR';");
if (isset($_POST["send_document"])) {
$error_message = sendDocument();
}
if (isset($_POST["request_validation"])) {
if (!checkCanValidate())
$error_message = "Votre équipe ne peut pas demander la validation : il manque soit des participants, soit des documents.";
else {
$DB->exec("UPDATE `teams` SET `validation_status` = 'WAITING' WHERE `id` = " . $_SESSION["team_id"] . ";");
$_SESSION["team_validation_status"] = "WAITING";
}
}
if (isset($_SESSION["user_id"]) && isset($_SESSION["team_id"])) {
$result = $DB->query("SELECT * FROM `teams` WHERE `id` = '" . $_SESSION["team_id"] . "' AND `year` = '$YEAR';");
$team_data = $result->fetch();
$tournament_data = $DB->query("SELECT `name`, `date_start` FROM `tournaments` WHERE `id` = '" . $team_data["tournament"] . "' AND `year` = '$YEAR';")->fetch();
$documents_req = $DB->prepare("SELECT `file_id`, `type`, COUNT(`type`) AS `version` FROM `documents` WHERE `user` = ? AND `tournament` = ? GROUP BY `type`, `uploaded_at` ORDER BY `type`, `uploaded_at` DESC;");
$documents_req->execute([$_SESSION["user_id"], $_SESSION[isset($_SESSION["final_id"]) ? "final_id" : "tournament_id"]]);
}
else
require_once "../403.php";
if (isset($_POST["team_edit"])) {
$error_message = updateTeam();
}
function sendDocument()
{
global $LOCAL_PATH, $DB;
$type = strtoupper(htmlspecialchars($_POST["type"]));
if (!isset($type) || ($type != "PARENTAL_CONSENT" && $type != "PHOTO_CONSENT" && $type != "SANITARY_PLUG"))
return "Le type de document est invalide. Merci de ne pas formuler vos propres requêtes.";
$file = $_FILES["document"];
if ($file["size"] > 5000000 || $file["error"])
return "Une erreur est survenue. Merci de vérifier que le fichier pèse moins que 5 Mo.";
if (finfo_file(finfo_open(FILEINFO_MIME_TYPE), $file["tmp_name"]) != 'application/pdf')
return "Le fichier doit être au format PDF.";
if (!is_dir("$LOCAL_PATH/files") && !mkdir("$LOCAL_PATH/files"))
return "Les droits sont insuffisants. Veuillez contacter l'administrateur du serveur.";
$alphabet = "abcdefghijklmnopqrstuvwxyz0123456789";
do {
$id = "";
for ($i = 0; $i < 64; ++$i) {
$id .= $alphabet[rand(0, strlen($alphabet) - 1)];
}
} while (file_exists("$LOCAL_PATH/files/$id"));
if (!rename($file["tmp_name"], "$LOCAL_PATH/files/$id"))
return "Une erreur est survenue lors de l'envoi du fichier.";
$req = $DB->prepare("INSERT INTO `documents`(`file_id`, `user`, `team`, `tournament`, `type`)
VALUES (?, ?, ?, ?, ?);");
$req->execute([$id, $_SESSION["user_id"], $_SESSION["team_id"], $_SESSION[isset($_SESSION["final_id"]) ? "final_id" : "tournament_id"], $type]);
return false;
}
function updateTeam()
{
global $DB, $YEAR, $URL_BASE, $team_data;
if ($_SESSION["team_id"] == NULL)
return "Vous n'êtes pas dans une équipe.";
$name = htmlspecialchars($_POST["name"]);
if (!isset($name) || $name == "")
return "Vous devez spécifier un nom d'équipe.";
echo $team_data["id"];
$result = $DB->query("SELECT `id` FROM `teams` WHERE `name` = '" . $name . "' AND `id` != " . $team_data["id"] . " AND `year` = '$YEAR';");
if ($result->fetch())
return "Une équipe existe déjà avec ce nom." . $team_data["id"];
$trigram = strtoupper(htmlspecialchars($_POST["trigram"]));
if (!preg_match("#^[A-Z][A-Z][A-Z]$#", $trigram))
return "Le trigramme entré n'est pas valide.";
$result = $DB->query("SELECT `id` FROM `teams` WHERE `trigram` = '" . $trigram . "' AND `id` != '" . $team_data["id"] . "' AND `year` = '$YEAR';");
if ($result->fetch())
return "Une équipe a déjà choisi ce trigramme.";
$tournament_id = intval(htmlspecialchars($_POST["tournament"]));
$result = $DB->query("SELECT `id`, `name` FROM `tournaments` WHERE `id` = '" . $tournament_id . "' AND `year` = '$YEAR';");
$data = $result->fetch();
if ($data === FALSE)
return "Le tournoi spécifié n'existe pas.";
$req = $DB->prepare("UPDATE `teams` SET `name` = ?, `trigram` = ?, `tournament` = ? WHERE `id` = ?;");
$req->execute([$name, $trigram, $tournament_id, $team_data["id"]]);
header("Location: $URL_BASE/mon_equipe");
return false;
}
function checkCanValidate()
{
global $DB, $team_data, $tournament_data, $YEAR;
$can_validate = $team_data["validation_status"] == "NOT_READY";
$can_validate &= $team_data["encadrant_1"] != NULL;
$can_validate &= $team_data["participant_4"] != NULL;
for ($i = 1; $i <= 2; ++$i) {
if ($team_data["encadrant_$i"] === NULL)
continue;
$req = $DB->prepare("SELECT COUNT(`type`) AS `version` FROM `documents` WHERE `user` = ? AND `type` = ? GROUP BY `uploaded_at` ORDER BY `uploaded_at` DESC;");
$req->execute([$team_data["encadrant_$i"], "PHOTO_CONSENT"]);
$d = $req->fetch();
$can_validate &= $d["version"] > 0;
$req = $DB->prepare("SELECT COUNT(`type`) AS `version` FROM `documents` WHERE `user` = ? AND `type` = ? GROUP BY `uploaded_at` ORDER BY `uploaded_at` DESC;");
$req->execute([$team_data["encadrant_$i"], "SANITARY_PLUG"]);
$d = $req->fetch();
$can_validate &= $d["version"] > 0;
}
for ($i = 1; $i <= 6; ++$i) {
if ($team_data["participant_$i"] === NULL)
continue;
$req = $DB->prepare("SELECT COUNT(`type`) AS `version` FROM `documents` WHERE `user` = ? AND `type` = ? GROUP BY `uploaded_at` ORDER BY `uploaded_at` DESC;");
$req->execute([$team_data["participant_$i"], "PHOTO_CONSENT"]);
$d = $req->fetch();
$can_validate &= $d["version"] > 0;
$req = $DB->prepare("SELECT COUNT(`type`) AS `version` FROM `documents` WHERE `user` = ? AND `type` = ? GROUP BY `uploaded_at` ORDER BY `uploaded_at` DESC;");
$req->execute([$team_data["participant_$i"], "SANITARY_PLUG"]);
$d = $req->fetch();
$can_validate &= $d["version"] > 0;
$birth_date = $DB->query("SELECT `birth_date` FROM `users` WHERE `id` = " . $team_data["participant_$i"] . ";")->fetch()["birth_date"];
if ($birth_date > strval($YEAR - 18) . substr($tournament_data["date_start"], 4)) {
$req = $DB->prepare("SELECT COUNT(`type`) AS `version` FROM `documents` WHERE `user` = ? AND `type` = ? GROUP BY `uploaded_at` ORDER BY `uploaded_at` DESC;");
$req->execute([$team_data["participant_$i"], "PARENTAL_CONSENT"]);
$d = $req->fetch();
$can_validate &= $d["version"] > 0;
}
}
return $can_validate;
}
require_once "../views/header.php";
require_once "../views/mon_equipe.php";
require_once "../views/footer.php";

55
server_files/controllers/rejoindre_equipe.php Normal file
View File

@@ -0,0 +1,55 @@
<?php
require_once "../config.php";
if (isset($_POST["submitted"])) {
$error_message = joinTeam();
}
function joinTeam() {
global $DB, $YEAR, $MAIL_ADDRESS, $access_code, $data;
if ($_SESSION["team_id"] != NULL)
return "Vous êtes déjà dans une équipe.";
$access_code = htmlspecialchars($_POST["access_code"]);
if (!isset($access_code) || strlen($access_code) != 6)
return "Le code d'accès doit comporter 6 caractères.";
$result = $DB->query("SELECT * FROM `teams` WHERE `access_code` = '" . $access_code . "' AND `year` = '$YEAR';");
if (($data = $result->fetch()) === FALSE)
return "Ce code d'accès est invalide.";
if ($_SESSION["role"] != "PARTICIPANT" && $_SESSION["role"] != "ENCADRANT")
return "Seuls les participants et les encadrants peuvent rejoindre une équipe.";
if ($data["validation_status"] != "NOT_READY")
return "Cette équipe est déjà en cours de validation ou validée, vous ne pouvez pas la rejoindre.";
for ($i = 1; $i <= $_SESSION["role"] == "PARTICIPANT" ? 6 : 2; ++$i) {
if ($data[strtolower($_SESSION["role"]) . "_" . strval($i)] == NULL)
break;
}
if ($_SESSION["role"] == "PARTICIPANT" && $i == 7 || $_SESSION["role"] == "ENCADRANT" && $i == 3)
return "Il n'y a plus de place pour vous dans l'équipe.";
$DB->prepare("UPDATE `users` SET `team_id` = ? WHERE `id` = " . $_SESSION["user_id"] . ";")->execute([$data["id"]]);
/** @noinspection SqlResolve */
$DB->prepare("UPDATE `teams` SET `" . strtolower($_SESSION["role"]) . "_" . strval($i) . "` = ? WHERE `id` = " . $data["id"] . ";")->execute([$_SESSION["user_id"]]);
$_SESSION["team_id"] = $data["id"];
$_SESSION["team_validation_status"] = $data["validation_status"];
$msg = "Bonjour " . $_SESSION["first_name"] . " " . $_SESSION["surname"] . ",\r\n\r\n";
$msg .= "Vous venez de rejoindre l'équipe « " . $data["name"] . " » (" . $data["trigram"] . ") pour le TFJM² de " . $data["name"] . " et nous vous en remercions.\r\n\r\n";
$msg .= "Cordialement,\r\n\r\nL'organisation du TFJM² $YEAR";
mail($_SESSION["email"], "Équipe rejointe TFJM² $YEAR", $msg, "From: $MAIL_ADDRESS\r\n");
return false;
}
require_once "../views/header.php";
require_once "../views/rejoindre_equipe.php";
require_once "../views/footer.php";

63
server_files/controllers/solutions.php Normal file
View File

@@ -0,0 +1,63 @@
<?php
require_once "../config.php";
if (!isset($_SESSION["team_id"]))
require_once "../403.php";
if (isset($_POST["send_solution"])) {
$error_message = saveSolution();
}
$solutions_req = $DB->prepare("SELECT `file_id`, `problem`, COUNT(`problem`) AS `version` FROM `solutions` WHERE `team` = ? AND `tournament` = ? GROUP BY `problem`, `uploaded_at` ORDER BY `problem`, `uploaded_at` DESC;");
$solutions_req->execute([$_SESSION["team_id"], $_SESSION[isset($_SESSION["final_id"]) ? "final_id" : "tournament_id"]]);
$tournament_req = $DB->prepare("SELECT `date_solutions` FROM `tournaments` WHERE `id` = ?;");
$tournament_req->execute([$_SESSION[isset($_SESSION["final_id"]) ? "final_id" : "tournament_id"]]);
$tournament_data = $tournament_req->fetch();
function saveSolution() {
global $LOCAL_PATH, $DB;
try {
$problem = $_POST["problem"];
if ($problem < 1 || $problem > 9)
return "Le numéro de problème est invalide.";
}
catch (Throwable $t) {
return "Le numéro de problème n'est pas valide. Merci de ne pas créer vos propres requêtes.";
}
$file = $_FILES["solution"];
if ($file["size"] > 5000000 || $file["error"])
return "Une erreur est survenue. Merci de vérifier que le fichier pèse moins que 5 Mo.";
if (finfo_file(finfo_open(FILEINFO_MIME_TYPE), $file["tmp_name"]) != 'application/pdf')
return "Le fichier doit être au format PDF.";
if (!is_dir("$LOCAL_PATH/files") && !mkdir("$LOCAL_PATH/files"))
return "Les droits sont insuffisants. Veuillez contacter l'administrateur du serveur.";
$alphabet = "abcdefghijklmnopqrstuvwxyz0123456789";
do {
$id = "";
for ($i = 0; $i < 64; ++$i) {
$id .= $alphabet[rand(0, strlen($alphabet) - 1)];
}
}
while (file_exists("$LOCAL_PATH/files/$id"));
if (!rename($file["tmp_name"], "$LOCAL_PATH/files/$id"))
return "Une erreur est survenue lors de l'envoi du fichier.";
$req = $DB->prepare("INSERT INTO `solutions`(`file_id`, `team`, `tournament`, `problem`) VALUES (?, ?, ?, ?);");
$req->execute([$id, $_SESSION["team_id"], $_SESSION["tournament_id"], $problem]);
return false;
}
require_once "../views/header.php";
require_once "../views/solutions.php";
require_once "../views/footer.php";

72
server_files/controllers/solutions_orga.php Normal file
View File

@@ -0,0 +1,72 @@
<?php
require_once "../config.php";
if (!isset($_SESSION["role"]) || $_SESSION["role"] != "ADMIN" && $_SESSION["role"] != "ORGANIZER")
require_once "../403.php";
$req = $DB->query("SELECT `tournaments`.`id`, `name` FROM `tournaments` JOIN `organizers` ON `tournament` = `tournaments`.`id` WHERE "
. ($_SESSION["role"] == "ADMIN" ? "" : "`organizer` = '" . $_SESSION["user_id"] . "' AND ")
. "`year` = $YEAR GROUP BY `tournament` ORDER BY `name`;");
if (isset($_POST["download_zip"])) {
$id = $_POST["tournament"];
$tournament_name = $_POST["tournament_name"];
$files_req = $DB->query("SELECT *, COUNT(`problem`) AS `version` FROM `solutions` WHERE `tournament` = '$id' GROUP BY `team`, `problem` ORDER BY `team`, `problem`, `uploaded_at` DESC;");
$zip = new ZipArchive();
$temp = tempnam("tmp", "tfjm-");
if ($zip->open($temp, ZipArchive::CREATE) !== true) {
die("Impossible de créer le fichier zip.");
}
while (($data_file = $files_req->fetch()) !== false) {
$file_id = $data_file["file_id"];
$problem = $data_file["problem"];
$version = $data_file["version"];
$team_id = $data_file["team"];
$team_data = $DB->query("SELECT `name`, `trigram` FROM `teams` WHERE `id` = '$team_id' AND `year` = $YEAR;")->fetch();
$team_name = $team_data["name"];
$team_trigram = $team_data["trigram"];
$zip->addFile("$LOCAL_PATH/files/$file_id", "Problème $problem $team_trigram.pdf");
}
$zip->close();
header("Content-Type: application/zip");
header("Content-Disposition: attachment; filename=\"Solutions du tournoi de $tournament_name.zip\"");
header("Content-Length: " . strval(filesize($temp)));
readfile($temp);
exit();
}
require_once "../views/header.php";
while (($data_tournament = $req->fetch()) !== false) {
echo "<h1>Tournoi de " . $data_tournament["name"] . "</h1>\n";
$id = $data_tournament["id"];
$files_req = $DB->query("SELECT *, COUNT(`problem`) AS `version` FROM `solutions` WHERE `tournament` = '$id' GROUP BY `team` ORDER BY `team`, `problem`, `uploaded_at` DESC;");
while (($data_file = $files_req->fetch()) !== false) {
$file_id = $data_file["file_id"];
$problem = $data_file["problem"];
$version = $data_file["version"];
$team_id = $data_file["team"];
$team_data = $DB->query("SELECT `name`, `trigram` FROM `teams` WHERE `id` = '$team_id' AND `year` = $YEAR;")->fetch();
$team_name = $team_data["name"];
$team_trigram = $team_data["trigram"];
echo "Problème n°$problem de l'équipe $team_name ($team_trigram), version $version : <a href=\"$URL_BASE/file/$file_id\">Télécharger</a><br />";
}
echo "<form method=\"POST\">\n";
echo "<input type=\"hidden\" name=\"tournament\" value=\"$id\" />\n";
echo "<input type=\"hidden\" name=\"tournament_name\" value=\"" . $data_tournament["name"] . "\" />\n";
echo "<input style=\"width: 100%\" type=\"submit\" name=\"download_zip\" value=\"Télécharger l'archive\" />\n";
echo "</form><hr />\n";
}
require_once "../views/footer.php";

59
server_files/controllers/syntheses.php Normal file
View File

@@ -0,0 +1,59 @@
<?php
require_once "../config.php";
if (!isset($_SESSION["team_id"]))
require_once "../403.php";
if (isset($_POST["send_synthese"])) {
$error_message = saveSynthese();
}
$syntheses_req = $DB->prepare("SELECT `file_id`, `dest`, COUNT(`dest`) AS `version` FROM `syntheses` WHERE `team` = ? AND `tournament` = ? GROUP BY `dest`, `uploaded_at` ORDER BY `dest`, `uploaded_at` DESC;");
$syntheses_req->execute([$_SESSION["team_id"], $_SESSION[isset($_SESSION["final_id"]) ? "final_id" : "tournament_id"]]);
$tournament_req = $DB->prepare("SELECT `date_solutions`, `date_syntheses` FROM `tournaments` WHERE `id` = ?;");
$tournament_req->execute([$_SESSION[isset($_SESSION["final_id"]) ? "final_id" : "tournament_id"]]);
$tournament_data = $tournament_req->fetch();
function saveSynthese() {
global $LOCAL_PATH, $DB;
$dest = strtoupper(htmlspecialchars($_POST["dest"]));
if (!isset($dest) || ($dest != "OPPOSANT" && $dest != "RAPPORTEUR"))
return "Le destinataire est invalide.";
$file = $_FILES["synthese"];
if ($file["size"] > 5000000 || $file["error"])
return "Une erreur est survenue. Merci de vérifier que le fichier pèse moins que 5 Mo.";
if (finfo_file(finfo_open(FILEINFO_MIME_TYPE), $file["tmp_name"]) != 'application/pdf')
return "Le fichier doit être au destmat PDF.";
if (!is_dir("$LOCAL_PATH/files") && !mkdir("$LOCAL_PATH/files"))
return "Les droits sont insuffisants. Veuillez contacter l'administrateur du serveur.";
$alphabet = "abcdefghijklmnopqrstuvwxyz0123456789";
do {
$id = "";
for ($i = 0; $i < 64; ++$i) {
$id .= $alphabet[rand(0, strlen($alphabet) - 1)];
}
}
while (file_exists("$LOCAL_PATH/files/$id"));
if (!rename($file["tmp_name"], "$LOCAL_PATH/files/$id"))
return "Une erreur est survenue lors de l'envoi du fichier.";
$req = $DB->prepare("INSERT INTO `syntheses`(`file_id`, `team`, `tournament`, `dest`) VALUES (?, ?, ?, ?);");
$req->execute([$id, $_SESSION["team_id"], $_SESSION["tournament_id"], $dest]);
return false;
}
require_once "../views/header.php";
require_once "../views/syntheses.php";
require_once "../views/footer.php";

73
server_files/controllers/syntheses_orga.php Normal file
View File

@@ -0,0 +1,73 @@
<?php require_once "../config.php"; ?>
<?php
if (!isset($_SESSION["role"]) || $_SESSION["role"] != "ADMIN" && $_SESSION["role"] != "ORGANIZER")
require_once "../403.php";
if (isset($_POST["download_zip"])) {
$id = $_POST["tournament"];
$tournament_name = $_POST["tournament_name"];
$files_req = $DB->query("SELECT *, COUNT(`dest`) AS `version` FROM `syntheses` WHERE `tournament` = '$id' GROUP BY `team`, `dest`, `uploaded_at` ORDER BY `team`, `dest`, `uploaded_at` DESC;");
$zip = new ZipArchive();
$temp = tempnam("tmp", "tfjm-");
if ($zip->open($temp, ZipArchive::CREATE) !== true) {
die("Impossible de créer le fichier zip.");
}
while (($data_file = $files_req->fetch()) !== false) {
$file_id = $data_file["file_id"];
$dest = $data_file["dest"];
$version = $data_file["version"];
$team_id = $data_file["team"];
$team_data = $DB->query("SELECT `name`, `trigram` FROM `teams` WHERE `id` = '$team_id' AND `year` = $YEAR;")->fetch();
$team_name = $team_data["name"];
$team_trigram = $team_data["trigram"];
$zip->addFile("$LOCAL_PATH/files/$file_id", "Note de synthèse $team_trigram pour " . ($dest == "OPPOSANT" ? "l'opposant" : "le rapporteur") . ".pdf");
}
$zip->close();
header("Content-Type: application/zip");
header("Content-Disposition: attachment; filename=\"Notes de syntèses du tournoi de $tournament_name.zip\"");
header("Content-Length: " . strval(filesize($temp) + 1));
readfile($temp);
exit();
}
require_once "../views/header.php";
$req = $DB->query("SELECT `tournaments`.`id`, `name` FROM `tournaments` JOIN `organizers` ON `tournament` = `tournaments`.`id` WHERE "
. ($_SESSION["role"] == "ADMIN" ? "" : "`organizer` = '" . $_SESSION["user_id"] . "' AND ")
. "`year` = $YEAR GROUP BY `tournament`, `name` ORDER BY `name`;");
while (($data_tournament = $req->fetch()) !== false) {
echo "<h1>Tournoi de " . $data_tournament["name"] . "</h1>\n";
$id = $data_tournament["id"];
$files_req = $DB->query("SELECT *, COUNT(`dest`) AS `version` FROM `syntheses` WHERE `tournament` = '$id' GROUP BY `team`, `dest`, `uploaded_at` ORDER BY `team`, `dest`, `uploaded_at` DESC;");
while (($data_file = $files_req->fetch()) !== false) {
$file_id = $data_file["file_id"];
$dest = $data_file["dest"];
$version = $data_file["version"];
$team_id = $data_file["team"];
$team_data = $DB->query("SELECT `name`, `trigram` FROM `teams` WHERE `id` = '$team_id' AND `year` = $YEAR;")->fetch();
$team_name = $team_data["name"];
$team_trigram = $team_data["trigram"];
echo "Note de synthèse de l'équipe $team_name ($team_trigram) pour " . ($dest == "OPPOSANT" ? "l'opposant" : "le rapporteur")
. ", version $version : <a href=\"$URL_BASE/file/$file_id\">Télécharger</a><br />";
}
echo "<form method=\"POST\">\n";
echo "<input type=\"hidden\" name=\"tournament\" value=\"$id\" />\n";
echo "<input type=\"hidden\" name=\"tournament_name\" value=\"" . $data_tournament["name"] . "\" />\n";
echo "<input style=\"width: 100%\" type=\"submit\" name=\"download_zip\" value=\"Télécharger l'archive\" />\n";
echo "</form><hr />\n";
}
require_once '../views/footer.php';

133
server_files/controllers/tournoi.php Normal file
View File

@@ -0,0 +1,133 @@
<?php
require_once "../config.php";
$tournament_name = htmlspecialchars($_GET["nom"]);
$response = $DB->prepare("SELECT * FROM `tournaments` WHERE `name` = ? AND `year` = $YEAR;");
$response->execute([$tournament_name]);
$data = $response->fetch();
if ($data === false)
require_once "../404.php";
$orgas_req = $DB->query("SELECT `users`.`id` AS `id`, `surname`, `first_name` FROM `users` JOIN `organizers` ON `users`.`id` = `organizer` WHERE `tournament` = " . $data["id"] . ";");
$orgas = [];
$orgas_id = [];
while (($orga_data = $orgas_req->fetch()) !== false) {
$orgas[] = $orga_data["first_name"] . " " . $orga_data["surname"];
$orgas_id[] = $orga_data["id"];
}
if (isset($_GET["modifier"]) && $_SESSION["role"] != "ADMIN" && !in_array($_SESSION["user_id"], $orgas_id))
require_once "../403.php";
if (isset($_POST["edit_tournament"])) {
$error_message = updateTournament();
}
if ($data["final"])
$teams_response = $DB->query("SELECT `id`, `name`, `trigram`, `inscription_date`, `validation_status` FROM `teams` WHERE `final_selection` AND `year` = $YEAR;");
else
$teams_response = $DB->query("SELECT `id`, `name`, `trigram`, `inscription_date`, `validation_status` FROM `teams` WHERE `tournament` = " . $data["id"] . " AND `year` = $YEAR;");
$orgas_response = $DB->query("SELECT `id`, `surname`, `first_name` FROM `users` WHERE (`role` = 'ORGANIZER' OR `role` = 'ADMIN') AND `year` = '$YEAR';");
function updateTournament() {
global $DB, $URL_BASE, $YEAR, $data;
$tournament_id = $data["id"];
$name = htmlspecialchars($_POST["name"]);
$result = $DB->query("SELECT `id` FROM `tournaments` WHERE `name` = '" . $name . "' AND `id` != $tournament_id AND `year` = '$YEAR';");
if ($result->fetch())
return "Un tournoi existe déjà avec ce nom.";
if (!isset($_POST["organizer"]) || sizeof($_POST["organizer"]) == 0)
return "Aucun organisateur n'a été choisi.";
if ($_SESSION["role"] == "ADMIN") {
$organizers = $_POST["organizer"];
$orga_mails = [];
foreach ($organizers as $orga) {
$result = $DB->query("SELECT `role`, `email` FROM `users` WHERE `id` = '" . $orga . "' AND `year` = '$YEAR';");
$data = $result->fetch();
if ($data === FALSE)
return "L'organisateur spécifié n'existe pas.";
if ($data["role"] != "ORGANIZER" && $data["role"] != "ADMIN")
return "L'organisateur indiqué ne peut pas organiser de tournoi.";
$orga_mails[] = $data["email"];
}
}
try {
$size = intval(htmlspecialchars($_POST["size"]));
}
catch (Exception $ex) {
return "Le nombre d'équipes indiqué n'est pas un entier valide.";
}
if ($size < 3 || $size > 12)
return "Un tournoi doit comporter entre 3 et 12 équipes.";
$place = htmlspecialchars($_POST["place"]);
try {
$price = intval(htmlspecialchars($_POST["price"]));
}
catch (Throwable $t) {
return "Le tarif pour les participants n'est pas un nombre valide.";
}
if ($price < 0)
return "Le TFJM² ne va pas payer les élèves pour venir.";
if ($price > 50)
return "Soyons raisonnable sur le prix.";
$date_start = htmlspecialchars($_POST["date_start"]);
$date_start_parsed = date_parse_from_format("yyyy-mm-dd", $date_start);
$date_end = htmlspecialchars($_POST["date_end"]);
$date_end_parsed = date_parse_from_format("yyyy-mm-dd", $date_end);
$date_inscription = htmlspecialchars($_POST["date_inscription"]);
$time_inscription = htmlspecialchars($_POST["time_inscription"]);
$date_inscription_parsed = date_parse_from_format("yyyy-mm-dd", $date_inscription . ' ' . $time_inscription);
$date_solutions = htmlspecialchars($_POST["date_solutions"]);
$time_solutions = htmlspecialchars($_POST["time_solutions"]);
$date_solutions_parsed = date_parse_from_format("yyyy-mm-dd", $date_solutions . ' ' . $time_solutions);
$date_syntheses = htmlspecialchars($_POST["date_syntheses"]);
$time_syntheses = htmlspecialchars($_POST["time_syntheses"]);
$date_syntheses_parsed = date_parse_from_format("yyyy-mm-dd", $date_syntheses . ' ' . $time_syntheses);
if (!$date_start_parsed || !$date_end_parsed || !$date_inscription_parsed || !$date_solutions_parsed || !$date_syntheses_parsed)
return "Une date est mal formée.";
$description = htmlspecialchars($_POST["description"]);
$req = $DB->prepare("UPDATE `tournaments` SET `name` = ?, `size` = ?, `place` = ?, `price` = ?, `description` = ?,
`date_start` = ?, `date_end` = ?, `date_inscription` = ?, `date_solutions` = ?, `date_syntheses` = ?
WHERE `id` = $tournament_id;");
$req->execute([$name, $size, $place, $price, $description, $date_start, $date_end,
"$date_inscription $time_inscription", "$date_solutions $time_solutions", "$date_syntheses $time_syntheses"]);
if ($_SESSION["role"] == "ADMIN") {
$DB->exec("DELETE FROM `organizers` WHERE `tournament` = $tournament_id;");
foreach ($organizers as $orga) {
$req = $DB->prepare("INSERT INTO `organizers`(`organizer`, `tournament`) VALUES(?, ?);");
$req->execute([$orga, $tournament_id]);
}
}
header("Location: $URL_BASE/tournoi/" . $name);
exit();
}
require_once "../views/header.php";
require_once "../views/tournoi.php";
require_once "../views/footer.php";

11
server_files/controllers/tournois.php Normal file
View File

@@ -0,0 +1,11 @@
<?php
require_once "../config.php";
$response = $DB->query("SELECT `name`, `date_start`, `date_end`, `date_inscription`, `date_solutions`, `size` FROM `tournaments`
WHERE `year` = '$YEAR' AND `final` = false ORDER BY `date_start`, `name`;");
$final_data = $DB->query("SELECT `name`, `date_start`, `date_end`, `date_solutions`, `size` FROM `tournaments` WHERE `final` AND `year` = $YEAR;")->fetch();
require_once "../views/header.php";
require_once "../views/tournois.php";
require_once "../views/footer.php";

67
server_files/controllers/view_file.php Normal file
View File

@@ -0,0 +1,67 @@
<?php
require_once "../config.php";
if (!isset($_GET["file_id"])) {
header("Location: $URL_BASE");
exit();
}
$id = htmlspecialchars($_GET["file_id"]);
$type = "SOLUTION";
$req = $DB->query("SELECT * FROM `solutions` WHERE `file_id` = '$id';");
if (($data = $req->fetch()) === false) {
$req = $DB->query("SELECT * FROM `syntheses` WHERE `file_id` = '$id';");
$type = "SYNTHESE";
if (($data = $req->fetch()) === false) {
$req = $DB->query("SELECT * FROM `documents` WHERE `file_id` = '$id';");
$type = "DOCUMENT";
$data = $req->fetch();
}
}
if ($data !== false) {
$team_data = $DB->query("SELECT `trigram` FROM `teams` WHERE `id` = " . $data["team"] . ";")->fetch();
$tournament_data = $DB->query("SELECT `name` FROM `tournaments` WHERE `id` = " . $data["tournament"] . ";")->fetch();
$trigram = $team_data["trigram"];
if ($type == "SOLUTION") {
$problem = $data["problem"];
$name = "Problème $problem $trigram.pdf";
}
else if ($type == "SYNTHESE") {
$dest = $data["dest"];
$name = "Note de synthèse $trigram pour " . ($dest == "OPPOSANT" ? "l'opposant" : "le rapporteur") . ".pdf";
}
else if ($type == "DOCUMENT") {
$user_id = $data["user"];
$user_data = $DB->query("SELECT `surname`, `first_name` FROM `users` WHERE `id` = 'user';")->fetch();
$surname = $user_data["surname"];
$first_name = $user_data["first_name"];
switch ($data["type"]) {
case "PARENTAL_CONSENT":
$name = "Autorisation parentale";
break;
case "PHOTO_CONSENT":
$name = "Autorisation de droit à l'image";
break;
case "SANITARY_PLUG":
$name = "Fiche sanitaire";
break;
}
$name .= " de $first_name $surname.pdf";
}
}
else {
require_once "../404.php";
http_response_code(404);
exit();
}
header("Content-Type: application/pdf");
header("Content-Disposition: inline; filename=\"$name\"");
readfile("$URL_BASE/files/$id");
exit();