admin/events.php at master · keii.dev/qrkill

keii.dev / qrkill
A php killer game implementation
qrkill / admin / events.php
at master 5.0 kB view raw
  1<?php
  2
  3session_start();
  4
  5require_once '../priv/twig.php';
  6require_once '../priv/pdo.php';
  7require_once '../priv/errorhandler.php';
  8
  9if(!isset($_SESSION['qr']['is_admin']) || $_SESSION['qr']['is_admin'] === '0')
 10{
 11    header('Location: index.php');
 12    die();
 13}
 14
 15if($_SERVER['REQUEST_METHOD'] === 'GET')
 16{
 17    if(!isset($_GET['id']))
 18    {
 19        $sql = 'SELECT * FROM qr_events';
 20        $model['events'] = DB::prepare($sql)->texecute()->fetchAll();
 21        echo $twig->render('admin/events.html', $model);
 22        die();
 23    }
 24    
 25    $sql = 'SELECT * FROM qr_events WHERE id = ?';
 26    $model['event'] = DB::prepare($sql)->texecute([$_GET['id']])->fetch();
 27    
 28    if(empty($model['event']))
 29    {
 30        http_response_code(404);
 31        die('Kunde inte hitta eventet');
 32    }
 33
 34    $sql = 'SELECT qr_users.*, qr_players.secret, qr_players.target, qr_players.alive FROM qr_players RIGHT JOIN qr_users ON qr_players.qr_users_id = qr_users.id WHERE qr_players.qr_events_id = ?';
 35    $users = DB::prepare($sql)->texecute([$_GET['id']])->fetchAll();
 36    $model['users'] = $users;
 37
 38    foreach($users as $user)
 39    {
 40        $model['userMap'][$user['id']] = $user['name'];
 41    }
 42    
 43    echo $twig->render('admin/event.html', $model);
 44    die();
 45}
 46
 47if($_SERVER['REQUEST_METHOD'] === 'POST')
 48{
 49    if($_POST['action'] === 'Skapa')
 50    {
 51        $sql = 'INSERT INTO qr_events (name, start_date, end_date, display_date, show_class) VALUES (?, ?, ?, ?, ?)';
 52        DB::prepare($sql)->texecute([$_POST['name'], $_POST['start_date'], $_POST['end_date'], $_POST['display_date'], isset($_POST['show_class']) ? 1 : 0]);
 53        header('Location: events.php?id=' . DB::lastInsertId());
 54        die();
 55    }
 56
 57    if($_POST['action'] == 'Radera')
 58    {
 59        $sql = 'DELETE FROM qr_events WHERE id = ?';
 60        DB::prepare($sql)->texecute([$_POST['id']]);
 61        
 62        header('Location: index.php');
 63        die();
 64    }
 65
 66    if($_POST['action'] == 'Uppdatera')
 67    {
 68        $sql = 'UPDATE qr_events SET name = ?, start_date = ?, end_date = ?, display_date = ?, show_class = ? WHERE id = ?';
 69        DB::prepare($sql)->texecute([$_POST['name'], $_POST['start_date'], $_POST['end_date'], $_POST['display_date'], isset($_POST['show_class']) ? 1 : 0, $_POST['id']]);
 70        header('Location: events.php?id=' . $_POST['id']);
 71        die();
 72    }
 73
 74    if($_POST['action'] === 'Lägg till användare')
 75    {
 76        if($_POST['whitelist'] !== '')
 77        {
 78            $classes = explode(',', $_POST['whitelist']);
 79            $in = str_repeat('?,', count($classes) - 1) . '?';
 80            $sql = "SELECT id FROM qr_users WHERE class IN ($in)";
 81            $users = DB::prepare($sql)->texecute($classes)->fetchAll();
 82        }
 83        else if($_POST['whitelistStudents'] !== '')
 84        {
 85            $usernames = explode(',', $_POST['whitelistStudents']);
 86            $in = str_repeat('?,', count($usernames) - 1) . '?';
 87            $sql = "SELECT id FROM qr_users WHERE username IN ($in)";
 88            $users = DB::prepare($sql)->texecute($usernames)->fetchAll();
 89        }
 90        else
 91        {
 92            $sql = "SELECT id FROM qr_users";
 93            $users = DB::prepare($sql)->texecute()->fetchAll();
 94        }
 95
 96        foreach($users as $key => $user)
 97        {
 98            $secret = substr(str_shuffle('ABCDEFGHIJKLMNOPQRSTUVW'), 0, 5);
 99            $sql = 'INSERT INTO qr_players (qr_events_id, qr_users_id, secret) VALUES (?, ?, ?) ON DUPLICATE KEY UPDATE secret = CONCAT(secret, \'X\')';
100            DB::prepare($sql)->texecute([$_POST['id'], $user['id'], $secret]);
101        }
102        
103        header('Location: events.php?id=' . $_POST['id']);
104        die();
105    }
106
107    if($_POST['action'] === 'Ta bort')
108    {
109        $sql = '
110        UPDATE qr_players AS del_user
111        INNER JOIN qr_players AS target ON target.qr_users_id = del_user.target
112        INNER JOIN qr_players AS hunter ON hunter.target = del_user.qr_users_id
113        SET hunter.target = target.qr_users_id
114        WHERE del_user.qr_users_id = ? AND del_user.qr_events_id = ?
115        ';
116        DB::prepare($sql)->texecute([$_POST['userId'], $_POST['eventId']]);
117
118        $sql = 'DELETE FROM qr_players WHERE qr_events_id = ? AND qr_users_id = ?';
119        DB::prepare($sql)->texecute([$_POST['eventId'], $_POST['userId']]);
120        header('Location: events.php?id=' . $_POST['eventId']);
121        die();
122    }
123    
124    if($_POST['action'] === 'Tilldela mål')
125    {
126        $sql = 'SELECT * FROM qr_players WHERE qr_events_id = ?';
127        $users = DB::prepare($sql)->texecute([$_POST['id']])->fetchAll();
128        shuffle($users);
129        
130        $sql = 'UPDATE qr_players SET target = ? WHERE qr_users_id = ? AND qr_events_id = ?';
131        foreach($users as $key => $user)
132        {
133            $id = isset($users[$key + 1]) ? $users[$key + 1]['qr_users_id'] : $users[0]['qr_users_id'];
134            DB::prepare($sql)->texecute([$id, $user['qr_users_id'], $_POST['id']]);
135        }
136        header('Location: events.php?id=' . $_POST['id']);
137        die();
138    }
139}