added pass mark

Reviewed-on: #9

app/public/css/styles.css

@@ -217,6 +217,14 @@ div.headline h2{
     visibility: visible;
 }
 
+#icon-download {
+    position:absolute;
+    top: 6px;
+    left: 5px;
+    pointer-events: none;
+    visibility: visible;
+}
+
 .input-table{
     padding-left: 2px;
     padding-right: 2px;

app/public/delete_user.php

@@ -6,8 +6,11 @@
 
     if($_SERVER['REQUEST_METHOD'] == "POST") {
         try {
-            $stmt = $con->prepare("DELETE FROM users WHERE id = :id");
+            $selected_user_id  = get_id_user_by_user_id($con, $_SESSION['user_id']);
-            $stmt->execute(['id' => $_POST['id']]);
+            if($selected_user_id != $_POST['id']) {
+                $stmt = $con->prepare("DELETE FROM users WHERE id = :id");
+                $stmt->execute(['id' => $_POST['id']]);
+            }
         } catch(PDOException $e) {
             handle_pdo_exception($e);
         }

app/public/download_table.php

@@ -0,0 +1,36 @@
+<?php
+    session_start();
+
+    include("../scripts/connection.php");
+    include("../scripts/functions.php");
+    $user_data = check_admin($con);
+
+    if(isset($_GET['table'])) {
+        $table = $_GET['table'];
+    }
+
+    ob_start('ob_gzhandler'); #compressing data which is sent to the browser, the browser will decompress the data automatically
+    header('Content-type: text/csv; charset="UTF-8" ');
+    header('Content-Disposition: attachment; filename="table.csv" ');
+
+function download_table($stmt) {
+    $output = fopen('php://output', 'w');
+    $header = true;
+    while ($row = $stmt->fetch()) {
+        if ($header) {
+            fputcsv($output, array_keys($row));
+            $header = false;
+        }
+        fputcsv($output, $row);
+    }
+    fclose($output);
+}
+
+    if($table == "total-score") {
+        $total_score = get_total_score($con);
+        download_table($total_score);
+    } else {
+        $station = get_station($con, $table);
+        download_table($station);
+    }
+?>

app/public/statistik.php

@@ -74,6 +74,16 @@
                         </form>
                         </div>\n";
                     }
+                
+                    if($user_data['user_group'] == 'admin') {
+                        echo "<div class=\"btn-div\">
+                                <form action=\"download_table.php\" method=\"get\">
+                                    <span class=\"gg-software-download icon\" id=\"icon-download\"></span>
+                                    <input type=\"hidden\" name=\"table\" value=\"$session\">
+                                    <input type=\"submit\" value=\"\">
+                                </form>
+                              </div>";
+                    }
                 ?>
             </div>
             <div class="table-div">

app/scripts/database_queries.php

@@ -530,3 +530,15 @@ function get_result_team_station($con, $s_id, $m_id) {
         handle_pdo_exception($e);
     }
 }
+
+function get_id_user_by_user_id($con, $user_id) {
+    try {
+        $stmt = $con->prepare("SELECT * FROM users WHERE user_id = ?");
+        $stmt->bindParam(1, $user_id, PDO::PARAM_STR);
+        $stmt->execute();
+        $stmt->setFetchMode(PDO::FETCH_ASSOC);
+        return $stmt->fetch()['id'];
+    } catch( PDOException $e) {
+        handle_pdo_exception($e);
+    }
+}

app/scripts/functions.php

@@ -235,6 +235,9 @@ function update_points($con, $s_id) {
     $factor = $results[0]['erg']/ 15.0;
     foreach($results as $row) {
         $points = round($row['erg']/$factor);
+        if ($points == 0 && $row['erg'] != 0) {
+            $points = 1;
+        }
         change_points($con, $row['m_id'], $s_id, $points);
     }
 }