</tr> <?php } ?> </table> <br> <h2>Download winners</h2> <form action="exportw.php" method="get" style="max-width:150px;"> <input name="date" type="date"> <input type="submit" value="Download"> </form> <br> <?php $dbh = resetPDO($dbh); $sql = 'SELECT `user`.*, `comment`.`comment` AS comment, `comment`.`created_at` AS commented_date, `comment`.`comment_id` AS comment_id, `hotel`.`name_en` AS hotel FROM `user`, `comment`, `hotel` WHERE `user`.`user_id` = `comment`.`user_id` AND `comment`.`hotel_id` = `hotel`.`hotel_id` ORDER BY `comment`.`validated` DESC, `comment`.`created_at` DESC LIMIT 10;'; $stmt = $dbh->prepare($sql); $executed = $stmt->execute(); $tab = $stmt->fetchAll(); ?> <br> <hr> <br> <h2>Last Comments</h2> <table> <tr> <th>User ID</th> <th>Name</th> <th>Phone</th> <th>Email</th>
function addParticipation() { $data = file_get_contents("php://input"); $objData = json_decode($data); if (!isset($objData->data->hash)) { $error = array("error" => "No hash value."); return json_encode($error); } if (!isset($objData->data->user)) { $error = array("error" => "No user value."); return json_encode($error); } if (!isValidHash($objData->data->hash)) { $error = array("error" => "Incorrect hash value."); return json_encode($error); } $dbh = $GLOBALS['dbh']; $id = -1; $alreadyID = true; $sql = "SELECT COUNT(`user_id`) AS count FROM `user` WHERE `facebook_id` LIKE :facebook_id;"; $stmt = $dbh->prepare($sql); $executed = $stmt->execute(array(':facebook_id' => $objData->data->user->facebook_id)); if ($executed) { $obj = $stmt->fetch(PDO::FETCH_LAZY); if ($obj->count == 0) { $alreadyID = false; $error = array("error" => "noUser"); return json_encode($error); } } else { $error = array("error" => "SELECT user fb_id query error."); return json_encode($error); } if ($alreadyID) { $dbh = resetPDO($dbh); $sql = "INSERT INTO `participation`(`facebook_id`, `score`) VALUES (:facebook_id, :score);"; $stmt = $dbh->prepare($sql); $executed = $stmt->execute(array(':facebook_id' => $objData->data->user->facebook_id, ':score' => $objData->data->user->score)); if ($executed) { $id = $dbh->lastInsertId(); return $id; } else { $error = array("error" => "INSERT participation query error."); return json_encode($error); } } }
function play() { $data = file_get_contents("php://input"); $objData = json_decode($data); if (!isset($objData->data->hash)) { $error = array("error" => "No hash value."); return json_encode($error); } if (!isset($objData->data->user)) { $error = array("error" => "No user value."); return json_encode($error); } if (!isValidHash($objData->data->hash)) { $error = array("error" => "Incorrect hash value."); return json_encode($error); } $dbh = $GLOBALS['dbh']; $sql = "SELECT `credits` FROM `user` WHERE `user_id` = :id;"; $stmt = $dbh->prepare($sql); $unsafeUserId = intval($objData->data->user->id); $executed = $stmt->execute(array(':id' => $unsafeUserId)); if ($executed) { if ($stmt->columnCount() > 0) { $obj = $stmt->fetch(PDO::FETCH_LAZY); if (intval($obj->credits) > 0) { $dbh = resetPDO($dbh); $sql = "UPDATE `user` SET `credits` = `credits`-1, `last_play` = CURDATE() WHERE `user_id` = :id;"; $stmt = $dbh->prepare($sql); $executed = $stmt->execute(array(':id' => $unsafeUserId)); if ($executed) { $dbh = resetPDO($dbh); $sql = "SELECT `prize_id`, `name`, `quantity` FROM `prize` ORDER BY `prize_id`;"; $stmt = $dbh->prepare($sql); $executed = $stmt->execute(); if ($executed) { if ($stmt->columnCount() > 0) { $prizes = $stmt->fetchAll(); $prize = 999; $rand = rand(1, 500); switch ($rand) { case $rand == 1 && intval($prizes[0]['quantity']) > 0: $prize = intval($prizes[0]['prize_id']); break; case $rand == 2 && intval($prizes[1]['quantity']) > 0: $prize = intval($prizes[1]['prize_id']); break; case $rand == 3 && intval($prizes[2]['quantity']) > 0: $prize = intval($prizes[2]['prize_id']); break; case $rand == 4 && intval($prizes[3]['quantity']) > 0: $prize = intval($prizes[3]['prize_id']); break; case $rand == 5 && intval($prizes[4]['quantity']) > 0: $prize = intval($prizes[4]['prize_id']); break; case $rand == 6 && intval($prizes[5]['quantity']) > 0: $prize = intval($prizes[5]['prize_id']); break; } if ($prize == 999 && intval($obj->credits) == 1 && intval($prizes[6]['quantity']) > 0) { $prize = 7; $dbh = resetPDO($dbh); $sql = "SELECT COUNT(`user_id`) as total FROM `winner` WHERE `user_id` = :id AND (`prize_id` = 7 OR (DAY(`created_at`) = DAY(CURDATE()) AND MONTH(`created_at`) = MONTH(CURDATE()) AND YEAR(`created_at`) = YEAR(CURDATE())));"; $stmt = $dbh->prepare($sql); $unsafeUserId = intval($objData->data->user->id); $executed = $stmt->execute(array(':id' => $unsafeUserId)); if ($executed) { $obj = $stmt->fetch(PDO::FETCH_LAZY); if (intval($obj->total) == 0) { $dbh = resetPDO($dbh); $sql = "UPDATE `prize` SET `quantity` = `quantity`-1 WHERE `prize_id` = :prize_id;"; $stmt = $dbh->prepare($sql); $executed = $stmt->execute(array(':prize_id' => $prize)); if ($executed) { $dbh = resetPDO($dbh); $sql = "INSERT INTO `winner`(`user_id`, `prize_id`) VALUES (:id, :prize);"; $stmt = $dbh->prepare($sql); $executed = $stmt->execute(array(':id' => $unsafeUserId, ':prize' => $prize)); if ($executed) { return $prize; } else { $error = array("error" => "INSERT winner7 query error."); return json_encode($error); } } else { $error = array("error" => "UPDATE quantity7 error."); return json_encode($error); } } else { return 999; } } else { $error = array("error" => "SELECT user prize7 error."); return json_encode($error); } } else { if ($prize != 999) { $dbh = resetPDO($dbh); $sql = "SELECT COUNT(`user_id`) as total FROM `winner` WHERE `user_id` = :id AND `prize_id` != 7;"; $stmt = $dbh->prepare($sql); $unsafeUserId = intval($objData->data->user->id); $executed = $stmt->execute(array(':id' => $unsafeUserId)); if ($executed) { $obj = $stmt->fetch(PDO::FETCH_LAZY); if (intval($obj->total) == 0) { $dbh = resetPDO($dbh); $sql = "UPDATE `prize` SET `quantity` = `quantity`-1 WHERE `prize_id` = :prize_id;"; $stmt = $dbh->prepare($sql); $executed = $stmt->execute(array(':prize_id' => $prize)); if ($executed) { $dbh = resetPDO($dbh); $sql = "INSERT INTO `winner`(`user_id`, `prize_id`) VALUES (:id, :prize);"; $stmt = $dbh->prepare($sql); $executed = $stmt->execute(array(':id' => $unsafeUserId, ':prize' => $prize)); if ($executed) { return $prize; } else { $error = array("error" => "INSERT winner query error."); return json_encode($error); } } else { $error = array("error" => "UPDATE quantity error."); return json_encode($error); } } else { return 999; } } else { $error = array("error" => "SELECT user prize error."); return json_encode($error); } } else { return $prize; } } } else { $error = array("error" => "noPrizes"); return json_encode($error); } } else { $error = array("error" => "SELECT prizes error."); return json_encode($error); } } else { $error = array("error" => "UPDATE credits error."); return json_encode($error); } } else { $error = array("error" => "noCredits"); return json_encode($error); } } else { $error = array("error" => "noUser"); return json_encode($error); } } else { $error = array("error" => "SELECT credits query error."); return json_encode($error); } }