keii.dev
1<?php
2
3session_start();
4
5require_once '../priv/twig.php';
6require_once '../priv/pdo.php';
7require_once '../priv/errorhandler.php';
8
9if(!isset($_SESSION['qr']['is_admin']) || $_SESSION['qr']['is_admin'] === '0')
10{
11 header('Location: index.php');
12 die();
13}
14
15if($_SERVER['REQUEST_METHOD'] === 'GET')
16{
17 if(!isset($_GET['userId']) || !isset($_GET['eventId']))
18 {
19 die('Du måste ange event och spelar ID.');
20 }
21
22 $sql = '
23 SELECT COUNT(qr_kills.id), qr_players.*, qr_users.*
24 FROM qr_players
25 JOIN qr_users
26 JOIN qr_kills
27 ON qr_kills.killer = qr_users.id
28 AND qr_users.id = qr_players.qr_users_id
29 AND qr_kills.qr_events_id = qr_players.qr_events_id
30 WHERE qr_players.qr_users_id = ? AND qr_players.qr_events_id = ?
31 ';
32 $model['blob'] = DB::prepare($sql)->texecute([$_GET['userId'], $_GET['eventId']])->fetch();
33
34 echo $twig->render('admin/blob.html', $model);
35 die();
36}
37
38if($_SERVER['REQUEST_METHOD'] === 'POST')
39{
40 if($_POST['action'] === 'Skapa')
41 {
42 $sql = 'INSERT INTO qr_events (name, start_date, end_date, display_date) VALUES (?, ?, ?, ?)';
43 DB::prepare($sql)->texecute([$_POST['name'], $_POST['start_date'], $_POST['end_date'], $_POST['display_date']]);
44 header('Location: event.php?id=' . DB::lastInsertId());
45 die();
46 }
47
48 if($_POST['action'] == 'Radera')
49 {
50 $sql = 'DELETE FROM qr_players WHERE qr_events_id = ?';
51 DB::prepare($sql)->texecute([$_POST['id']]);
52
53 $sql = 'DELETE FROM qr_events WHERE id = ?';
54 DB::prepare($sql)->texecute([$_POST['id']]);
55
56 header('Location: index.php');
57 die();
58 }
59
60 if($_POST['action'] == 'Uppdatera')
61 {
62 $sql = 'UPDATE qr_events SET name = ?, start_date = ?, end_date = ?, display_date = ?';
63 DB::prepare($sql)->texecute([$_POST['name'], $_POST['start_date'], $_POST['end_date'], $_POST['display_date']]);
64 header('Location: event.php?id=' . $_POST['id']);
65 die();
66 }
67
68 if($_POST['action'] === 'Lägg till användare')
69 {
70 if($_POST['whitelist'] !== '')
71 {
72 $classes = explode(',', $_POST['whitelist']);
73 $in = str_repeat('?,', count($classes) - 1) . '?';
74 $sql = "SELECT id FROM qr_users WHERE class IN ($in)";
75 $users = DB::prepare($sql)->texecute($classes)->fetchAll();
76 }
77 else if($_POST['whitelistStudents'] !== '')
78 {
79 $usernames = explode(',', $_POST['whitelistStudents']);
80 $in = str_repeat('?,', count($classes) - 1) . '?';
81 $sql = "SELECT id FROM qr_users WHERE username IN ($in)";
82 $users = DB::prepare($sql)->texecute($usernames)->fetchAll();
83 }
84 else
85 {
86 $sql = "SELECT id FROM qr_users";
87 $users = DB::prepare($sql)->texecute()->fetchAll();
88 }
89
90 foreach($users as $key => $user)
91 {
92 $secret = substr(str_shuffle('ABCDEFGHIJKLMNOPQRSTUVW'), 0, 5);
93 $sql = 'INSERT INTO qr_players (qr_events_id, qr_users_id, secret) VALUES (?, ?, ?) ON DUPLICATE KEY UPDATE secret = CONCAT(secret, \'X\')';
94 DB::prepare($sql)->texecute([$_POST['id'], $user['id'], $secret]);
95 }
96
97 header('Location: event.php?id=' . $_POST['id']);
98 die();
99 }
100
101 if($_POST['action'] === 'Ta bort')
102 {
103 $sql = 'DELETE FROM qr_players WHERE qr_events_id = ? AND qr_users_id = ?';
104 DB::prepare($sql)->texecute([$_POST['eventId'], $_POST['userId']]);
105 header('Location: event.php?id=' . $_POST['eventId']);
106 die();
107 }
108
109 if($_POST['action'] === 'Tilldela mål')
110 {
111 $sql = 'SELECT * FROM qr_players WHERE qr_events_id = ?';
112 $users = DB::prepare($sql)->texecute([$_POST['id']])->fetchAll();
113 shuffle($users);
114
115 $sql = 'UPDATE qr_players SET target = ? WHERE qr_users_id = ? AND qr_events_id = ?';
116 foreach($users as $key => $user)
117 {
118 $id = isset($users[$key + 1]) ? $users[$key + 1]['qr_users_id'] : $users[0]['qr_users_id'];
119 DB::prepare($sql)->texecute([$id, $user['qr_users_id'], $_POST['id']]);
120 }
121 header('Location: event.php?id=' . $_POST['id']);
122 die();
123 }
124}