Grisu/PunkteSystem-KSP
1
0
Fork 0
Code Issues 2 Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: Grisu:b0478a7dd44236b13cd92cae74afaeb790bacd06
Branches Tags
Grisu:main Grisu:dev
...
compare: Grisu:dev
Branches Tags
Grisu:dev Grisu:main

20 Commits
b0478a7dd4 ... dev

Author SHA1 Message Date
Grisu
484cf11c07 added pass mark 2022-12-05 12:44:39 +01:00
Grisu
2e77ac243b added compression for download and ensure utf-8 encoding 2022-12-04 23:04:29 +01:00
Grisu
42d3f01176 Merge pull request 'added csv download' (#9) from dev into main 
Reviewed-on: #9
 2022-12-04 21:49:55 +00:00
Grisu
c4d62ac658 added csv download 2022-12-04 22:34:01 +01:00
Grisu
c1ffddfdb2 as admin you now can't delete your own account 2022-09-22 18:09:50 +02:00
Grisu
dc4d28cd91 Merge pull request 'dev' (#4) from dev into main 
Reviewed-on: #4
 2022-09-22 15:42:36 +00:00
Grisu
3598769c04 added warning when wrong password is entered 2022-09-22 17:38:02 +02:00
Grisu
cfc9c96a17 updated database schema 2022-09-22 14:19:38 +02:00
Grisu
e62be84d35 you can now edit, add and delete results 2022-09-22 14:17:29 +02:00
Grisu
c3873744be you can now set if a station needs points or get the results of the excersice and the website should calculate the points 2022-09-22 11:22:25 +02:00
Grisu
bb118e169e fixed typo 2022-09-18 21:12:35 +02:00
Grisu
458e0cbad9 Merge pull request 'changed the total score to a station ranking on the homepage' (#3) from dev into main 
Reviewed-on: #3
 2022-09-18 17:34:05 +00:00
Grisu
eacf3ce9b5 changed the total score to a station ranking on the homepage 2022-09-18 19:32:26 +02:00
Grisu
ca6549280f Merge pull request 'Adding close button to the edit and add pages' (#2) from dev into main 
Reviewed-on: #2
 2022-09-18 17:11:41 +00:00
Grisu
55e51a8214 added close button 2022-09-18 19:05:46 +02:00
Grisu
0a3beeeaec fixed typo and added close button to edit pages 2022-09-16 09:49:36 +02:00
Grisu
506982f1b1 fixed bug where you can't change the station which a station account belongs to 2022-09-15 10:32:13 +02:00
Grisu
83c62d0015 Points are now only counted if it is selected 2022-09-04 16:51:47 +02:00
Grisu
0f221c9303 fixed time encoding 2022-06-21 23:40:10 +02:00
Grisu
6d74360d1d sanitize all input against xss and fixed bug with time encoding when adding result 2022-06-21 23:35:06 +02:00
22 changed files with 580 additions and 142 deletions
Expand all files Collapse all files

87
app/public/add_entry.php
View File

@@ -4,18 +4,41 @@
include("../scripts/functions.php");
$user_data = check_login($con);
if($_SERVER['REQUEST_METHOD'] == "POST") {
$points = $_POST['points'];
$minutes = $_POST['minutes'];
$seconds = $_POST['seconds'];
$miliseconds = $_POST['miliseconds'];
if($_SERVER['REQUEST_METHOD'] == "GET") {
$s_id = sanitize_input($_GET['station']);
}
if($minutes == 0 && $seconds == 0 && $miliseconds == 0){
$time = null;
} else {
$time = "00:" . $minutes . ":" . $seconds . "." . $miliseconds;
if($_SERVER['REQUEST_METHOD'] == "POST") {
$s_id = sanitize_input($_GET['station']);
if(isset($_POST['save']) && get_direct_points($con, $s_id)->fetch()['direkte_punkte'] == 1){
$points = sanitize_input($_POST['points']);
$minutes = sanitize_input($_POST['minutes']);
$seconds = sanitize_input($_POST['seconds']);
$miliseconds = sanitize_input($_POST['miliseconds']);
$m_id = sanitize_input($_POST['team']);
if($minutes == 0 && $seconds == 0 && $miliseconds == 0){
$time = null;
} else {
if ($minutes < 10) {
$minutes = "0" . $minutes;
}
if ($seconds < 10) {
$seconds = "0" . $seconds;
}
if ($miliseconds < 10) {
$miliseconds = "0" . $miliseconds;
}
$time = "00:" . $minutes . ":" . $seconds . "." . $miliseconds;
}
write_points($con, $s_id, $m_id, $points, $time);
} elseif (isset($_POST['save'])) {
$result = sanitize_input($_POST['result']);
$m_id = sanitize_input($_POST['team']);
write_result($con, $s_id, $m_id, $result);
}
write_points($con, $_GET['station'], $_POST['team'], $points, $time);
header("Location: statistik.php");
die;
}
@@ -26,39 +49,47 @@
<body>
<div class="center">
<div class="headline">
<h2>Ergebniss eintragen</h2>
<h2>Ergebnis eintragen</h2>
</div>
<div class="form_div">
<form action="" method="post">
<div id="team-div" class="dropdown">
<label for="team">Mannschaft</label>
<select name="team" id="team">
<?php load_teams_no_points($con, $_GET['station'])?>
<?php load_teams_no_points($con, sanitize_input($_GET['station']))?>
</select>
</div>
<div class="number_field">
<label for="points">Punkte: </label>
<input name="points" id="points" type="number" max="15" min="0" value="0" required/>
<?php
if(get_direct_points($con, $s_id)->fetch()['direkte_punkte'] == 1) {
echo "<div class=\"number_field\">
<label for=\"points\">Punkte: </label>
<input name=\"points\" id=\"points\" type=\"number\" max=\"15\" min=\"0\" value=\"0\" required/>
</div>
<div class="headline">
<div class=\"headline\">
<h3>Zeit</h3>
</div>
<div id="zeit">
<div class="number_field">
<label for="minutes">Minuten</label>
<input name="minutes" id="minutes" type="number" max="60" min="0" value="0"/>
<div id=\"zeit\">
<div class=\"number_field\">
<label for=\"minutes\">Minuten</label>
<input name=\"minutes\" id=\"minutes\" type=\"number\" max=\"60\" min=\"0\" value=\"0\"/>
</div>
<div class="number_field">
<label for="seconds">Sekunden</label>
<input name="seconds" id="seconds" type="number" max="60" min="0" value="0"/>
<div class=\"number_field\">
<label for=\"seconds\">Sekunden</label>
<input name=\"seconds\" id=\"seconds\" type=\"number\" max=\"60\" min=\"0\" value=\"0\"/>
</div>
<div class="number_field">
<label for="miliseconds">Millisekunden</label>
<input name="miliseconds" id="miliseconds" type="number" max="99" min="0" value="0"/>
<div class=\"number_field\">
<label for=\"miliseconds\">Millisekunden</label>
<input name=\"miliseconds\" id=\"miliseconds\" type=\"number\" max=\"99\" min=\"0\" value=\"0\"/>
</div>
</div>
</div>";} else {
echo "<div class=\"number_field\">
<label for=\"result\">Ergebnis: </label>
<input name=\"result\" id=\"result\" type=\"number\" max=\"65535\" min=\"0\" value=\"0\" required/>
</div>";
}?>
<div>
<input id="button" type="submit" value="Eintragen" class="btn-confirm"/>
<input id="button" type="submit" value="Eintragen" class="btn-confirm" name="save"/>
<input id="close" type="submit" value="Schließen" class="btn-confirm" name="close">
</div>
</form>
</div>

21
app/public/add_station.php
View File

@@ -5,7 +5,12 @@
$user_data = check_login($con);
if($_SERVER['REQUEST_METHOD'] == "POST") {
write_station($con, $_POST['station_name'], $_POST['station_pos']);
if(isset($_POST['save'])){
$station_name = sanitize_input($_POST['station_name']);
$station_pos = sanitize_input($_POST['station_pos']);
$station_direct_points = sanitize_input($_POST['direkte_punkte']);
write_station($con, $station_name, $station_pos, $station_direct_points);
}
header("Location: stationen.php");
die;
}
@@ -21,16 +26,24 @@
<div class="form_div">
<form method="post">
<div class="txt_field">
<input id="station_name" type="text" name="station_name" required/>
<input class="input_field" id="station_name" type="text" name="station_name" required/>
<span></span>
<label for="station_name">Name</label>
</div>
<div class="txt_field">
<input id="station_pos" type="text" name="station_pos" required/>
<input class="input_field" id="station_pos" type="text" name="station_pos" required/>
<span></span>
<label for="station_pos">Standort</label>
</div>
<input id="button" type="submit" value="Hinzufügen" class="btn-confirm"/>
<div class="dropdown">
<label for="direkte_punkte">Punkte eintragen</label>
<select name="direkte_punkte" id="direkte_punkte">
<option value="1" selected>Ja</option>
<option value="0">Nein</option>
</select>
</div>
<input id="button" type="submit" value="Hinzufügen" class="btn-confirm" name="save"/>
<a href="stationen.php" class="btn-close">Schließen</a>
</form>
</div>
</div>

9
app/public/add_team.php
View File

@@ -5,7 +5,11 @@
$user_data = check_login($con);
if($_SERVER['REQUEST_METHOD'] == "POST") {
write_team($con, $_POST['team_name'], $_POST['fire_department']);
if(isset($_POST['save'])) {
$team_name = sanitize_input($_POST['team_name']);
$fire_department = sanitize_input($_POST['fire_department']);
write_team($con, $team_name, $fire_department);
}
header("Location: mannschaft.php");
die;
}
@@ -35,7 +39,8 @@
<span></span>
<label for="fire_department">Feuerwehr</label>
</div>
<input id="button" type="submit" value="Hinzufügen" class="btn-confirm"/>
<input id="button" type="submit" value="Hinzufügen" class="btn-confirm" name="save"/>
<a href="mannschaft.php">Schließen</a>
</form>
</div>
</div>

13
app/public/add_user.php
View File

@@ -6,14 +6,14 @@
$error = null;
if($_SERVER['REQUEST_METHOD'] == "POST") {
$user_name = $_POST['user_name'];
$password = $_POST['password'];
$user_group = $_POST['user_group'];
$bind_station = $_POST['bind_station'];
$user_name = sanitize_input($_POST['user_name']);
$password = sanitize_input($_POST['password']);
$user_group = sanitize_input($_POST['user_group']);
$bind_station = sanitize_input($_POST['bind_station']);
if(!empty($user_name) && !empty($password)) {
$salt = generate_salt();
$user_id = generate_user_id($_POST['user_name'], $salt);
$phash = generate_password_hash($_POST['password'], $salt);
$user_id = generate_user_id($user_name, $salt);
$phash = generate_password_hash($password, $salt);
if($user_group == "station") {
write_user($con, $user_name, $user_id, $phash, $salt, $user_group, $bind_station);
} else {
@@ -64,6 +64,7 @@
</select>
</div>
<input type="submit" value="Hinzufügen" class="btn-confirm"/>
<a href="manage_user.php">Schließen</a>
</form>
</div>
</div>

4
app/public/css/edit.css
View File

@@ -130,6 +130,10 @@ form .txt_field{
width: 100%;
}
.btn-close a {
text-decoration: none;
}
.form_div {
margin-left: 5px;
margin-right: 5px;

9
app/public/css/login.css
View File

@@ -101,3 +101,12 @@ input[type="submit"]:hover{
border-color: #2691d9;
transition: .5s;
}
.warnings {
outline: none;
margin-top: 0px;
margin-bottom: 10px;
background-color: #ff8080;
border-radius: 4px;
padding: 4px;
}

8
app/public/css/styles.css
View File

@@ -217,6 +217,14 @@ div.headline h2{
visibility: visible;
}
#icon-download {
position:absolute;
top: 6px;
left: 5px;
pointer-events: none;
visibility: visible;
}
.input-table{
padding-left: 2px;
padding-right: 2px;

7
app/public/delete_statistics.php
View File

@@ -10,6 +10,13 @@
$stmt->bindParam(1, $_POST["m_id"], PDO::PARAM_INT);
$stmt->bindParam(2, $_POST["s_id"], PDO::PARAM_INT);
$stmt->execute();
if(get_direct_points($con, $_POST['s_id'])->fetch()['direkte_punkte'] == 0) {
$stmt = $con->prepare("DELETE FROM Ergebnisse WHERE m_id = ? AND s_id =?");
$stmt->bindParam(1, $_POST["m_id"], PDO::PARAM_INT);
$stmt->bindParam(2, $_POST["s_id"], PDO::PARAM_INT);
$stmt->execute();
update_points($con, $_POST["s_id"]);
}
} catch(PDOException $e) {
handle_pdo_exception($e);
}

7
app/public/delete_user.php
View File

@@ -6,8 +6,11 @@
if($_SERVER['REQUEST_METHOD'] == "POST") {
try {
$stmt = $con->prepare("DELETE FROM users WHERE id = :id");
$stmt->execute(['id' => $_POST['id']]);
$selected_user_id = get_id_user_by_user_id($con, $_SESSION['user_id']);
if($selected_user_id != $_POST['id']) {
$stmt = $con->prepare("DELETE FROM users WHERE id = :id");
$stmt->execute(['id' => $_POST['id']]);
}
} catch(PDOException $e) {
handle_pdo_exception($e);
}

36
app/public/download_table.php Normal file
View File

@@ -0,0 +1,36 @@
<?php
session_start();
include("../scripts/connection.php");
include("../scripts/functions.php");
$user_data = check_admin($con);
if(isset($_GET['table'])) {
$table = $_GET['table'];
}
ob_start('ob_gzhandler'); #compressing data which is sent to the browser, the browser will decompress the data automatically
header('Content-type: text/csv; charset="UTF-8" ');
header('Content-Disposition: attachment; filename="table.csv" ');
function download_table($stmt) {
$output = fopen('php://output', 'w');
$header = true;
while ($row = $stmt->fetch()) {
if ($header) {
fputcsv($output, array_keys($row));
$header = false;
}
fputcsv($output, $row);
}
fclose($output);
}
if($table == "total-score") {
$total_score = get_total_score($con);
download_table($total_score);
} else {
$station = get_station($con, $table);
download_table($station);
}
?>

55
app/public/edit_station.php
View File

@@ -5,21 +5,39 @@
$user_data = check_admin($con);
if($_SERVER['REQUEST_METHOD'] == "GET") {
$s_id = sanitize_input($_GET['s_id']);
$row = get_station_all($con, $_GET['s_id'])->fetch();
include("header_footer/header.php");
}
if($_SERVER['REQUEST_METHOD'] == "POST") {
$station = get_station_all($con, $_POST['station_id'])->fetch();
$s_id = intval($station['s_id']);
$name = strval($station['name']);
$standort = strval($station['standort']);
if($name != $_POST['station_name']) {
update_station_name($con, $s_id, $_POST['station_name']);
}
if(!isset($_POST['close'])){
$station_id = sanitize_input($_POST['station_id']);
$station_name = sanitize_input($_POST['station_name']);
$station_pos = sanitize_input($_POST['station_pos']);
$station_gewertet = sanitize_input($_POST['gewertet']);
$station_direct_points = sanitize_input($_POST['direkte_punkte']);
$station = get_station_all($con, $station_id)->fetch();
$s_id = intval($station['s_id']);
$name = strval($station['name']);
$standort = strval($station['standort']);
$gewertet = intval($station['gewertet']);
$direct_points = intval($station['direkte_punkte']);
if($name != $station_name) {
update_station_name($con, $s_id, $station_name);
}
if($standort != $_POST['station_pos']) {
update_station_pos($con, $s_id, $_POST['station_pos']);
if($standort != $station_pos) {
update_station_pos($con, $s_id, $station_pos);
}
if($gewertet != $station_gewertet) {
update_station_gewertet($con, $s_id, $station_gewertet);
}
if($direct_points != $station_direct_points) {
update_station_direct_points($con, $s_id, $station_direct_points);
}
}
header("Location: stationen.php");
die;
@@ -43,8 +61,25 @@
<span></span>
<label for="station_pos">Stations Standort:</label>
</div>
<div class="dropdown">
<label for="gewertet">Wertung:</label>
<select name="gewertet" id="gewertet">
<option value="1" <?php if($row['gewertet'] == '1'){echo " selected";}?>>Ja</option>
<option value="0" <?php if($row['gewertet'] == '0'){echo " selected";}?>>Nein</option>
</select>
</div>
<div class="dropdown">
<label for="direkte_punkte">Punkte eintragen</label>
<select name="direkte_punkte" id="direkte_punkte">
<option value="1" <?php if($row['direkte_punkte'] == '1'){echo " selected";}?>>Ja</option>
<option value="0" <?php if($row['direkte_punkte'] == '0'){echo " selected";}?>>Nein</option>
</select>
</div>
<input type="hidden" name="station_id" <?php echo "value=\"" . $row ['s_id'] . "\""?>/>
<input type="submit" value="Speichern" class="btn-confirm"/>
<div>
<input type="submit" value="Speichern" class="btn-confirm"/>
<input type="submit" value="Schließen" class="btn-confirm" name="close">
</div>
</form>
</div>
</div>

117
app/public/edit_statistics.php
View File

@@ -5,30 +5,43 @@
$user_data=check_login($con);
if($_SERVER['REQUEST_METHOD'] == "GET") {
$row = get_result($con, $_GET["m_id"], $_GET['s_id'])->fetch();
$m_id = intval(sanitize_input($_GET['m_id']));
$s_id = intval(sanitize_input($_GET['s_id']));
$row = get_result($con, $m_id, $s_id)->fetch();
include("header_footer/header.php");
}
if($_SERVER['REQUEST_METHOD'] == 'POST') {
$m_id = intval($_POST['m_id']);
$s_id = intval($_POST['s_id']);
$points = intval($_POST['points']);
$minutes = intval($_POST['minutes']);
$seconds = intval($_POST['seconds']);
$millis = intval($_POST['millis']);
if (get_points($con, $m_id, $s_id)->fetch()['punkte'] != $points) {
change_points($con, $m_id, $s_id, $points);
}
if (get_minutes($con, $m_id, $s_id)->fetch()['minutes'] != $minutes || get_seconds($con, $m_id, $s_id)->fetch()['seconds'] != $seconds || get_millis($con, $m_id, $s_id)->fetch()['millis'] != $millis) {
if ($millis < 10) {
$time = "00:" . $minutes . ":" . $seconds . "." . "0" . $millis;
} else {
$time = "00:" . $minutes . ":" . $seconds . "." . $millis;
$s_id = intval(sanitize_input($_POST['s_id']));
$m_id = intval(sanitize_input($_POST['m_id']));
if(isset($_POST['save']) && get_direct_points($con, $s_id)->fetch()['direkte_punkte'] == 1) {
$points = intval(sanitize_input($_POST['points']));
$minutes = intval(sanitize_input($_POST['minutes']));
$seconds = intval(sanitize_input($_POST['seconds']));
$millis = intval(sanitize_input($_POST['millis']));
if (get_points($con, $m_id, $s_id)->fetch()['punkte'] != $points) {
change_points($con, $m_id, $s_id, $points);
}
change_time($con, $m_id, $s_id, $time);
if (get_minutes($con, $m_id, $s_id)->fetch()['minutes'] != $minutes || get_seconds($con, $m_id, $s_id)->fetch()['seconds'] != $seconds || get_millis($con, $m_id, $s_id)->fetch()['millis'] != $millis) {
if ($millis < 10) {
$millis = "0" . $millis;
}
if ($minutes < 10) {
$minutes = "0" . $minutes;
}
if ($seconds < 10) {
$seconds = "0" . $seconds;
}
$time = "00:" . $minutes . ":" . $seconds . "." . $millis;
change_time($con, $m_id, $s_id, $time);
}
} elseif(isset($_POST['save'])) {
$result = intval(sanitize_input($_POST['result']));
update_result($con, $s_id, $m_id, $result);
}
header("Location: statistik.php");
die;
}
@@ -36,37 +49,65 @@
<body>
<div class="center">
<div class="headline">
<h2>Ergebniss bearbeiten</h2>
<h2>Ergebnis bearbeiten</h2>
</div>
<div class="form_div">
<form method="post">
<label class="information">Mannschaftsname: <?php echo $row['name']?></label><br>
<label for="fire_department" class="information">Feuerwehr: <?php echo $row["feuerwehr"]?></label><br>
<div class="number_field">
<label for="points">Punkte:</label>
<input type="number" min="0" max="15" name="points" value="<?php echo $row['punkte']?>"/>
<?php
if (get_direct_points($con, $s_id)->fetch()['direkte_punkte'] == 1){
echo "<div class=\"number_field\">
<label for=\"points\">Punkte:</label>
<input type=\"number\" min=\"0\" max=\"15\" name=\"points\" value=\"" . $row['punkte'] . "\"/>
</div>
<div class="headline">
<div class=\"headline\">
<h3>Zeit</h3>
</div>
<div id="time">
<?php $time_set = check_time($con, $row['m_id'], $row['s_id']);?>
<div class="number_field">
<label for="minutes">Minuten:</label>
<input name="minutes" type="number" min="0" max="60" value=<?php if(!$time_set){echo "\"0\"";} else {echo "\"" . get_minutes($con, $row['m_id'], $row['s_id'])->fetch()['minutes'] . "\""; }?>/>
<div id=\"time\">";
$time_set = check_time($con, $m_id, $s_id);
echo "<div class=\"number_field\">
<label for=\"minutes\">Minuten:</label>
<input name=\"minutes\" type=\"number\" min=\"0\" max=\"60\" value=";
if(!$time_set){
echo "\"0\"";
} else {
echo "\"" . get_minutes($con, $m_id, $s_id)->fetch()['minutes'] . "\"";
}
echo "/>
</div>
<div class="number_field">
<label for="seconds">Sekunden</label>
<input name="seconds" type="number" min="0" max="60" value=<?php if(!$time_set){echo"\"0\"";} else { echo "\"" . get_seconds($con, $row['m_id'], $row['s_id'])->fetch()['seconds'] . "\""; }?>/>
<div class=\"number_field\">
<label for=\"seconds\">Sekunden</label>
<input name=\"seconds\" type=\"number\" min=\"0\" max=\"60\" value=";
if(!$time_set){
echo"\"0\"";
} else {
echo "\"" . get_seconds($con, $m_id, $s_id)->fetch()['seconds'] . "\""; }
echo"/>
</div>
<div class="number_field">
<label for="millis">Millisekunden</label>
<input name="millis" type="number" min="0" max="99" value=<?php if(!$time_set){echo"\"0\"";} else { echo "\"" . get_millis($con, $row['m_id'], $row['s_id'])->fetch()['millis'] / 1e4 . "\""; }?>/>
<div class=\"number_field\">
<label for=\"millis\">Millisekunden</label>
<input name=\"millis\" type=\"number\" min=\"0\" max=\"99\" value=";
if(!$time_set) {
echo"\"0\"";
} else {
$millis = get_millis($con, $m_id, $s_id)->fetch()['millis'] / 1e4;
echo "\"" . $millis . "\"";
}
echo"/>
</div>
</div>
<input type="hidden" name="m_id" value=<?php echo $row['m_id'] ?>/>
<input type="hidden" name="s_id" value=<?php echo $row['s_id'] ?>/>
<input name="button" type="submit" value="Speichern" class="btn-confirm"/>
</div>";
} else {
echo "<div class=\"number_field\">
<label for=\"result\">Ergebnis: </label>
<input name=\"result\" type=\"number\" min=\"0\" max=\"65535\" value=";
echo "\"" . get_result_team_station($con, $s_id, $m_id) . "\"";
echo "</div>";
}?>
<input type="hidden" name="m_id" value=<?php echo $m_id ?>/>
<input type="hidden" name="s_id" value=<?php echo $s_id ?>/>
<input name="save" type="submit" value="Speichern" class="btn-confirm"/>
<input type="submit" name="close" value="Schließen" class="btn-confirm"/>
</form>
</div>
</div>

28
app/public/edit_team.php
View File

@@ -5,20 +5,25 @@
$user_data = check_admin($con);
if($_SERVER['REQUEST_METHOD'] == "GET") {
$row = get_team($con, $_GET['m_id'])->fetch();
$m_id = $_GET['m_id'];
$row = get_team($con, $m_id)->fetch();
}
if($_SERVER['REQUEST_METHOD'] == "POST") {
$row = get_team($con, $_POST['m_id'])->fetch();
if($_POST['team_name'] != $row['name']) {
update_team_name($con, $_POST['m_id'], $_POST['team_name']);
if(isset($_POST['save'])) {
$m_id = sanitize_input($_POST['m_id']);
$team_name = sanitize_input($_POST['team_name']);
$fire_department = sanitize_input($_POST['fire_department']);
$row = get_team($con, $m_id)->fetch();
if($_POST['team_name'] != $row['name']) {
update_team_name($con, $m_id, $team_name);
}
if($_POST['fire_department'] != $row['feuerwehr']) {
update_team_fire_department($con, $m_id, $fire_department);
}
}
if($_POST['fire_department'] != $row['feuerwehr']) {
update_team_fire_department($con, $_POST['m_id'], $_POST['fire_department']);
}
header("Location: mannschaft.php");
die;
}
@@ -48,7 +53,8 @@
<label for="fire_department">Feuerwehr</label>
</div>
<input type="hidden" name="m_id" <?php echo "value=\"" . $row['m_id'] . "\""?> />
<input type="submit" value="Speichern" class="btn-confirm"/>
<input type="submit" value="Speichern" class="btn-confirm" name="save"/>
<input type="submit" nam="close" value="Schließen" class="btn-confirm"/>
</form>
</div>
</div>

52
app/public/edit_user.php
View File

@@ -5,30 +5,43 @@
$user_data = check_admin($con);
if($_SERVER['REQUEST_METHOD'] == "GET") {
$row = get_user($con, $_GET['id'])->fetch();
$id = sanitize_input($_GET['id']);
$row = get_user($con, $id)->fetch();
include("header_footer/header.php");
}
if($_SERVER['REQUEST_METHOD'] == "POST") {
$user = get_user($con, $_POST['id'])->fetch();
if($user['user_name'] != $_POST['user_name']) {
change_user_name($con, $_POST['id'], $_POST['user_name']);
}
if($user['user_group'] != $_POST['user_group']) {
if($_POST['user_group'] == "station") {
change_user_group($con, $_POST['id'], $_POST['user_group'], $_POST['bind_station']);
} else {
change_user_group($con, $_POST['id'], $_POST['user_group'], NULL);
if(isset($_POST['save'])){
$id = sanitize_input($_POST['id']);
$user = get_user($con, $id)->fetch();
$user_group = sanitize_input($_POST['user_group']);
$user_name = sanitize_input($_POST['user_name']);
$bind_station = sanitize_input($_POST['bind_station']);
$password = sanitize_input($_POST['password']);
if($user['user_name'] != $user_name) {
change_user_name($con, $id, $user_name);
}
if($user['user_group'] != $user_group) {
if($user_group == "station") {
change_user_group($con, $id, $user_group, $bind_station);
} else {
change_user_group($con, $id, $user_group, NULL);
}
}
if($user['s_id'] != $bind_station) {
if ($user_group == "station") {
change_s_id($con, $id, $bind_station);
}
}
if(!empty($password)) {
$phash = generate_password_hash($password, $user['salt']);
change_password($con, $id, $phash);
}
}
if(!empty($_POST['password'])) {
$phash = generate_password_hash($_POST['password'], $user['salt']);
change_password($con, $_POST['id'], $phash);
}
header("Location: manage_user.php");
die;
}
@@ -72,7 +85,8 @@
</select>
</div>
<input type="hidden" value=<?php echo "\"" . $row['id'] . "\""?> name="id"/>
<input type="submit" value="ändern" class="btn-confirm"/>
<input type="submit" value="Speichern" class="btn-confirm" name="save"/>
<input type="submit" value="Schließen" class="btn-confirm" name="close"/>
</form>
</div>
</div>

7
app/public/header_footer/header.php
View File

@@ -9,12 +9,13 @@
<link rel="stylesheet" href="css/edit.css">
<script src="js/navbar.js" defer></script>
<script src="js/edit_table.js"></script>
<script src="js/add_entries.js"></script>
</head>
<body>
<header>
<nav class="navbar">
<div id="logo">
Punktesystem-KSP
Punktesystem-Kreispokalwettbewerb
</div>
<a href="#" class="toggle-button">
<span class="bar"></span>
@@ -32,9 +33,9 @@
echo "<li><a href=\"stationen.php\">Stationen</a></li>\n";
}
if ($_SESSION['user_group'] == 'statistics') {
echo "<li><a href=\"statistik.php\">Ergebnisse</a></li>";
echo "<li><a href=\"statistik.php\">Ergebnis</a></li>";
} else {
echo "<li><a href=\"statistik.php\">Ergebnisse eintragen</a></li>";
echo "<li><a href=\"statistik.php\">Ergebnis eintragen</a></li>";
}
}
?>

6
app/public/index.php
View File

@@ -11,14 +11,14 @@
<body>
<div class="center">
<div class="headline">
<h1><span>Punktesystem Kreispokalwettbewerb Altdorf</span></h1>
<h1><span>Punktesystem Kreispokalwettbewerb</span></h1>
</div>
<div class="home">
<h2>Gesamtergebniss</h2>
<h2>Stationsranking</h2>
</div>
<div class="home-menu-table table-div">
<table id="table">
<?php load_total_score($con); ?>
<?php load_station_ranking($con); ?>
</table>
</div>
</div>

31
app/public/login.php
View File

@@ -2,10 +2,12 @@
session_start();
include("../scripts/connection.php");
include("../scripts/functions.php");
$password_wrong = false;
$wrong_data = false;
if($_SERVER['REQUEST_METHOD'] == "POST"){
$user_name = $_POST['user_name'];
$password = $_POST['password'];
$user_name = sanitize_input($_POST['user_name']);
$password = sanitize_input($_POST['password']);
if(!empty($user_name) && !empty($password)) {
$user_data = get_user_data_name($con, $user_name);
@@ -21,14 +23,14 @@
}
die;
} else {
echo "Benutzername oder Passwort stimmen nicht";
$password_wrong = true;
}
} else {
echo "Benutzername oder Passwort stimmen nicht";
$password_wrong = true;
}
} else {
echo "Gib bitte gültige Daten ein!";
$wrong_data = true;
}
}
$con = null;
@@ -41,11 +43,11 @@
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<link rel="stylesheet" href="css/login.css">
<title>Punktesystem-KSP</title>
<title>Punktesystem-KPW</title>
</head>
<body>
<div class="center">
<h1>PUNKTESYSTEM-KSP</h1>
<h1>PUNKTESYSTEM-KPW</h1>
<form method="post">
<div class="txt_field">
<input id="user_name" type="text" name="user_name" required/>
@@ -57,6 +59,21 @@
<span></span>
<label>Passwort</label>
</div>
<?php
if ($password_wrong == true) {
echo "
<div class=\"warnings\" id=\"wrong_user_name\">
<label for=\"warnings\">Benutzername oder <br>Passwort stimmen nicht!</label>
</div>";
}
if ($wrong_data == true) {
echo "
<div class=\"warnings\" id=\"wrong_data\">
<label for=\"warnings\">Gib bitte gültige Daten ein!</label>
</div>";
}
?>
<input class="button" id="button" type="submit" value="Login"><br><br>
</form>
</div>

2
app/public/stationen.php
View File

@@ -42,6 +42,8 @@
<tr>
<th scope="col">Name</th>
<th scope="col">Standort</th>
<th scope="col">Gewertet</th>
<th scope="col">Direkt Punkte eintragen</th>
</tr>
</thead>
<tbody>

10
app/public/statistik.php
View File

@@ -74,6 +74,16 @@
</form>
</div>\n";
}
if($user_data['user_group'] == 'admin') {
echo "<div class=\"btn-div\">
<form action=\"download_table.php\" method=\"get\">
<span class=\"gg-software-download icon\" id=\"icon-download\"></span>
<input type=\"hidden\" name=\"table\" value=\"$session\">
<input type=\"submit\" value=\"\">
</form>
</div>";
}
?>
</div>
<div class="table-div">

123
app/scripts/database_queries.php
View File

@@ -87,7 +87,18 @@ function get_teams($con) {
function get_total_score($con) {
try {
$stmt = $con->prepare("SELECT M.name as Mannschaftsname, M.feuerwehr as Feuerwehr, SUM(P.punkte) as Gesamtpunkte FROM Punkte as P, Mannschaft as M WHERE P.m_id = M.m_id GROUP BY M.m_id ORDER BY Gesamtpunkte DESC");
$stmt = $con->prepare("SELECT M.name as Mannschaftsname, M.feuerwehr as Feuerwehr, SUM(P.punkte) as Gesamtpunkte FROM Punkte as P, Mannschaft as M, Station as S WHERE P.m_id = M.m_id AND P.s_id = S.s_id AND S.gewertet = \"1\" GROUP BY M.m_id ORDER BY Gesamtpunkte DESC");
$stmt->execute();
$stmt->setFetchMode(PDO::FETCH_ASSOC);
return $stmt;
} catch(PDOException $e) {
handle_pdo_exception($e);
}
}
function get_station_ranking($con) {
try {
$stmt = $con->prepare("SELECT S.name as Stationsname, SUM(P.punkte) as Gesamtpunkte FROM Punkte as P, Station as S WHERE P.s_id = S.s_id AND S.gewertet = \"1\" GROUP BY S.s_id ORDER BY Gesamtpunkte DESC");
$stmt->execute();
$stmt->setFetchMode(PDO::FETCH_ASSOC);
return $stmt;
@@ -156,11 +167,12 @@ function write_points($con, $s_id, $m_id, $points, $time) {
}
}
function write_station($con, $station_name, $station_pos) {
function write_station($con, $station_name, $station_pos, $station_direct_points) {
try {
$stmt = $con->prepare("INSERT INTO Station (name, standort) VALUES (?, ?)");
$stmt = $con->prepare("INSERT INTO Station (name, standort, direkte_punkte) VALUES (?, ?, ?)");
$stmt->bindParam(1, $station_name, PDO::PARAM_STR);
$stmt->bindParam(2, $station_pos, PDO::PARAM_STR);
$stmt->bindParam(3, $station_direct_points, PDO::PARAM_INT);
$stmt->execute();
} catch(PDOException $e) {
handle_pdo_exceptio($e);
@@ -260,6 +272,17 @@ function change_password($con, $id, $password) {
}
}
function change_s_id($con, $id, $s_id) {
try {
$stmt = $con->prepare("UPDATE users SET s_id = ? WHERE id= ?");
$stmt->bindParam(1, $s_id, PDO::PARAM_INT);
$stmt->bindParam(2, $id, PDO::PARAM_STR);
$stmt->execute();
} catch(PDOException $e) {
handle_pdo_exception($e);
}
}
function get_result($con, $m_id, $s_id) {
try {
$stmt = $con->prepare("SELECT P.*, M.name as name, M.feuerwehr as feuerwehr FROM Punkte P, Mannschaft M WHERE M.m_id = P.m_id AND P.m_id = ? AND P.s_id = ?");
@@ -393,6 +416,28 @@ function update_station_pos($con, $s_id, $pos) {
}
}
function update_station_gewertet($con, $s_id, $gewertet) {
try {
$stmt = $con->prepare("UPDATE Station SET gewertet = ? WHERE s_id = ?");
$stmt->bindParam(1, $gewertet, PDO::PARAM_INT);
$stmt->bindParam(2, $s_id, PDO::PARAM_INT);
$stmt->execute();
} catch(PDOExeption $e) {
handle_pdo_exception($e);
}
}
function update_station_direct_points($con, $s_id, $direct_points) {
try {
$stmt = $con->prepare("UPDATE Station SET direkte_punkte = ? WHERE s_id = ?");
$stmt->bindParam(1, $direct_points, PDO::PARAM_INT);
$stmt->bindParam(2, $s_id, PDO::PARAM_INT);
$stmt->execute();
} catch(PDOExeption $e) {
handle_pdo_exception($e);
}
}
function get_team($con, $m_id) {
try {
$stmt = $con->prepare("SELECT * FROM Mannschaft WHERE m_id = :m_id");
@@ -424,4 +469,76 @@ function update_team_fire_department($con, $m_id, $dep) {
} catch(PDOException $e) {
handle_pdo_exception($e);
}
}
function get_direct_points($con, $s_id) {
try {
$stmt = $con->prepare("SELECT direkte_punkte FROM Station WHERE s_id = :s_id");
$stmt->execute(['s_id' => $s_id]);
$stmt->setFetchMode(PDO::FETCH_ASSOC);
return $stmt;
} catch(PDOException $e) {
handle_pdo_exception($e);
}
}
function write_result_db($con, $s_id, $m_id, $result) {
try {
$stmt = $con->prepare("INSERT INTO Ergebnisse (s_id, m_id, erg) VALUES (?, ?, ?)");
$stmt->bindParam(1, $s_id, PDO::PARAM_INT);
$stmt->bindParam(2, $m_id, PDO::PARAM_INT);
$stmt->bindParam(3, $result, PDO::PARAM_INT);
$stmt->execute();
} catch(PDOException $e) {
handle_pdo_exception($e);
}
}
function get_results($con, $s_id) {
try {
$stmt = $con->prepare("SELECT * FROM Ergebnisse WHERE s_id = :s_id ORDER BY erg DESC");
$stmt->execute(['s_id' => $s_id]);
$stmt->setFetchMode(PDO::FETCH_ASSOC);
return $stmt;
} catch(PDOException $e) {
handle_pdo_exception($e);
}
}
function update_result_db($con, $s_id, $m_id, $result) {
try {
$stmt = $con->prepare("UPDATE Ergebnisse SET erg = ? WHERE s_id = ? AND m_id = ?");
$stmt->bindParam(1, $result, PDO::PARAM_INT);
$stmt->bindParam(2, $s_id, PDO::PARAM_INT);
$stmt->bindParam(3, $m_id, PDO::PARAM_INT);
$stmt->execute();
} catch(PDOException $e) {
handle_pdo_exception($e);
}
}
function get_result_team_station($con, $s_id, $m_id) {
try {
$stmt = $con->prepare("SELECT * FROM Ergebnisse WHERE s_id = ? AND m_id = ?");
$stmt->bindParam(1, $s_id, PDO::PARAM_INT);
$stmt->bindParam(2, $m_id, PDO::PARAM_INT);
$stmt->execute();
$stmt->setFetchMode(PDO::FETCH_ASSOC);
$result = $stmt->fetch()['erg'];
return $result;
} catch( PDOException $e) {
handle_pdo_exception($e);
}
}
function get_id_user_by_user_id($con, $user_id) {
try {
$stmt = $con->prepare("SELECT * FROM users WHERE user_id = ?");
$stmt->bindParam(1, $user_id, PDO::PARAM_STR);
$stmt->execute();
$stmt->setFetchMode(PDO::FETCH_ASSOC);
return $stmt->fetch()['id'];
} catch( PDOException $e) {
handle_pdo_exception($e);
}
}

56
app/scripts/functions.php
View File

@@ -37,9 +37,21 @@ function generate_password_hash($password, $salt) {
function load_stations_table($con) {
$stmt = get_stations_all($con);
foreach($stmt->fetchAll() as $row) {
if ($row['gewertet'] == '1') {
$checked = "Ja";
} else {
$checked = "Nein";
}
if ($row['direkte_punkte'] == '1') {
$direkte_punkte = "Ja";
} else {
$direkte_punkte = "Nein";
}
echo "<tr id=\"" . $row['s_id'] . "\">";
echo "<td>" . $row['name'] . "</td>";
echo "<td>" . $row['standort'] . "</td>";
echo "<td>". $checked . "</td>";
echo "<td>" . $direkte_punkte . "</td>";
echo "</tr>";
}
}
@@ -72,6 +84,22 @@ function load_total_score($con) {
echo "</tbody>\n";
}
function load_station_ranking($con) {
echo "<thead> \n
<th scope=\"col\">Station</th>\n
<th scope=\"col\">Gesamtpunkte</th>\n
</thead>\n
<tbody>\n";
$stmt = get_station_ranking($con);
foreach($stmt->fetchAll() as $row) {
echo "<tr>\n";
echo "<td>" . $row['Stationsname'] . "</td>\n";
echo "<td>" . $row['Gesamtpunkte'] . "</td>\n";
echo "</tr>\n";
}
echo "</tbody>\n";
}
function load_options_stations($con, $session, $stats) {
$stmt = get_stations_all($con);
if ($session == "total-score"){
@@ -195,4 +223,32 @@ function get_time_str($con, $m_id, $s_id) {
$time .= "." . $millis;
}
return $time;
}
function sanitize_input ($input) {
$return = strip_tags($input);
return htmlspecialchars($return, ENT_QUOTES);
}
function update_points($con, $s_id) {
$results = get_results($con, $s_id)->fetchAll();
$factor = $results[0]['erg']/ 15.0;
foreach($results as $row) {
$points = round($row['erg']/$factor);
if ($points == 0 && $row['erg'] != 0) {
$points = 1;
}
change_points($con, $row['m_id'], $s_id, $points);
}
}
function write_result($con, $s_id, $m_id, $result) {
write_result_db($con, $s_id, $m_id, $result);
write_points($con, $s_id, $m_id, 0, null);
update_points($con, $s_id);
}
function update_result($con, $s_id, $m_id, $result) {
update_result_db($con, $s_id, $m_id, $result);
update_points($con, $s_id);
}

34
mysql-schema/schema.sql
View File

@@ -1,8 +1,8 @@
-- MariaDB dump 10.19 Distrib 10.8.3-MariaDB, for Linux (x86_64)
-- MariaDB dump 10.19 Distrib 10.9.2-MariaDB, for Linux (x86_64)
--
-- Host: localhost Database: ksp
-- ------------------------------------------------------
-- Server version 10.7.3-MariaDB-1:10.7.3+maria~focal
-- Server version 10.9.2-MariaDB-1:10.9.2+maria~ubu2204
/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
@@ -15,6 +15,26 @@
/*!40101 SET @OLD_SQL_MODE=@@SQL_MODE, SQL_MODE='NO_AUTO_VALUE_ON_ZERO' */;
/*!40111 SET @OLD_SQL_NOTES=@@SQL_NOTES, SQL_NOTES=0 */;
--
-- Table structure for table `Ergebnisse`
--
DROP TABLE IF EXISTS `Ergebnisse`;
/*!40101 SET @saved_cs_client = @@character_set_client */;
/*!40101 SET character_set_client = utf8 */;
CREATE TABLE `Ergebnisse` (
`erg_id` smallint(5) unsigned NOT NULL AUTO_INCREMENT,
`s_id` tinyint(3) unsigned DEFAULT NULL,
`m_id` tinyint(3) unsigned DEFAULT NULL,
`erg` smallint(5) unsigned DEFAULT NULL,
PRIMARY KEY (`erg_id`),
KEY `s_id` (`s_id`),
KEY `m_id` (`m_id`),
CONSTRAINT `Ergebnisse_ibfk_1` FOREIGN KEY (`s_id`) REFERENCES `Station` (`s_id`),
CONSTRAINT `Ergebnisse_ibfk_2` FOREIGN KEY (`m_id`) REFERENCES `Mannschaft` (`m_id`)
) ENGINE=InnoDB AUTO_INCREMENT=9 DEFAULT CHARSET=utf8mb4;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Table structure for table `Mannschaft`
--
@@ -27,7 +47,7 @@ CREATE TABLE `Mannschaft` (
`name` tinytext DEFAULT NULL,
`feuerwehr` tinytext DEFAULT NULL,
PRIMARY KEY (`m_id`)
) ENGINE=InnoDB AUTO_INCREMENT=12 DEFAULT CHARSET=utf8mb4;
) ENGINE=InnoDB AUTO_INCREMENT=15 DEFAULT CHARSET=utf8mb4;
/*!40101 SET character_set_client = @saved_cs_client */;
--
@@ -60,8 +80,10 @@ CREATE TABLE `Station` (
`s_id` tinyint(3) unsigned NOT NULL AUTO_INCREMENT,
`name` tinytext DEFAULT NULL,
`standort` text DEFAULT NULL,
`gewertet` tinyint(1) DEFAULT 1,
`direkte_punkte` tinyint(1) DEFAULT 1,
PRIMARY KEY (`s_id`)
) ENGINE=InnoDB AUTO_INCREMENT=6 DEFAULT CHARSET=utf8mb4;
) ENGINE=InnoDB AUTO_INCREMENT=9 DEFAULT CHARSET=utf8mb4;
/*!40101 SET character_set_client = @saved_cs_client */;
--
@@ -85,7 +107,7 @@ CREATE TABLE `users` (
UNIQUE KEY `user_name` (`user_name`),
KEY `s_id` (`s_id`),
CONSTRAINT `users_ibfk_1` FOREIGN KEY (`s_id`) REFERENCES `Station` (`s_id`)
) ENGINE=InnoDB AUTO_INCREMENT=7 DEFAULT CHARSET=utf8mb4;
) ENGINE=InnoDB AUTO_INCREMENT=12 DEFAULT CHARSET=utf8mb4;
/*!40101 SET character_set_client = @saved_cs_client */;
/*!40103 SET TIME_ZONE=@OLD_TIME_ZONE */;
@@ -97,4 +119,4 @@ CREATE TABLE `users` (
/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
/*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */;
-- Dump completed on 2022-06-19 22:58:36
-- Dump completed on 2022-09-22 14:19:05