Gitiles
Code Review Sign In
gerrit.avm99963.com / edu / fisi-pastanagapp / 556a05a42cc6c6ce220f58ae14c1230ae2aff71b / . / admin / insert.php
blob: 5a50a8f63ef35d3e34f3bf13e28770427ecb7b0e [file] [log] [blame]
Andreufd98b5d2019-09-22 13:15:10 +0200[diff] [blame]1<?php
2 require '../credentials.php';
3 require '../php/utils.php';
Adrià Vilanova Martínez36362912022-11-20 01:30:13 +0100[diff] [blame]4
5 $credentials = new Credentials();
Adrià Vilanova Martínez60524332022-11-20 02:33:56 +0100[diff] [blame]6 if ($credentials->adminToken() != ($_POST["token"] ?? "")) {
Adrià Vilanova Martínez36362912022-11-20 01:30:13 +0100[diff] [blame]7 exit();
8 }
9
Andreu8192d552019-09-22 16:51:39 +0200[diff] [blame]10 $csvname = $_FILES['csvname']['tmp_name'];
11 $dbname = $_POST['dbname'];
Andreub78c8792019-09-22 14:51:13 +0200[diff] [blame]12
13 // Read from CSV
Andreu8192d552019-09-22 16:51:39 +0200[diff] [blame]14 $inscrits = array_map('str_getcsv', file($csvname));
Andreub78c8792019-09-22 14:51:13 +0200[diff] [blame]15 array_shift($inscrits); // remove header
Adrià Vilanova Martínez4861da62022-12-10 21:58:42 +0100[diff] [blame]16
17 foreach ($inscrits as $key => &$inscrit) {
18 $inscrit["key"] = $key;
19 }
20
Andreu20af6c22019-09-24 18:33:50 +0200[diff] [blame]21 shuffle($inscrits); // shuffle randomly
Adrià Vilanova Martínez4861da62022-12-10 21:58:42 +0100[diff] [blame]22
23 $forceposraw = $_POST['forcepos'] ?? "[]";
24 $forcepos = json_decode($forceposraw, true);
25 foreach ($forcepos as $pos) {
26 if (!isset($pos["id"]) || !isset($pos["pos"])) continue;
27
28 // Switch entry with key |$pos["id"]| to position |$pos["pos"]|.
29 $key = -1;
30 foreach ($inscrits as $itKey => &$inscrit) {
31 if ($inscrit["key"] == $pos["id"]) {
32 $key = $itKey;
33 break;
34 }
35 }
36 if ($key === -1) continue;
37
38 // Switch places
39 $tmp = $inscrits[$pos["pos"]];
40 $inscrits[$pos["pos"]] = $inscrits[$key];
41 $inscrits[$key] = $tmp;
42 }
43
Andreub78c8792019-09-22 14:51:13 +0200[diff] [blame]44 $start = 1;
Andreufd98b5d2019-09-22 13:15:10 +0200[diff] [blame]45 $i = $start;
46 foreach ($inscrits as $user) {
47 $i = ($i + 1) % ($start + count($inscrits));
48 if ($i == 0) $i = $i + 1;
Adrià Vilanova Martínez4861da62022-12-10 21:58:42 +0100[diff] [blame]49 $nom = mysqli_real_escape_string($conn, $user[0]);
50 $curs = mysqli_real_escape_string($conn, $user[1]);
51 $grau = mysqli_real_escape_string($conn, $user[2]);
52 $password = mysqli_real_escape_string($conn, password_hash($user[3], PASSWORD_DEFAULT));
Andreu20af6c22019-09-24 18:33:50 +0200[diff] [blame]53 // Input values into SQL values
54 $template = "INSERT INTO `$dbname` (`id`, `nom`, `curs`, `grau`, `quimata`, `requested`, `mort`, `password`, `bits`)" .
Adrià Vilanova Martínez4861da62022-12-10 21:58:42 +0100[diff] [blame]55 " VALUES (NULL, '$nom', '$curs', '$grau', $i, 0, 0, '$password', ".(int)rand(1,512).")";
Andreu8192d552019-09-22 16:51:39 +0200[diff] [blame]56
Andreu20af6c22019-09-24 18:33:50 +0200[diff] [blame]57 if (!query($template)) die("An error ocurred." . $template);
Andreufd98b5d2019-09-22 13:15:10 +0200[diff] [blame]58 }
Andreu99501052019-09-22 20:09:08 +0200[diff] [blame]59
Andreu03d030d2019-09-25 21:52:01 +0200[diff] [blame]60 die("<script>window.location.href = './?successinserting'</script>");
Andreufd98b5d2019-09-22 13:15:10 +0200[diff] [blame]61?>