</tr>
<?php
}
?>
</table>
<br>
<h2>Download winners</h2>
<form action="exportw.php" method="get" style="max-width:150px;">
<input name="date" type="date">
<input type="submit" value="Download">
</form>
<br>
<?php
$dbh = resetPDO($dbh);
$sql = 'SELECT `user`.*, `comment`.`comment` AS comment, `comment`.`created_at` AS commented_date, `comment`.`comment_id` AS comment_id, `hotel`.`name_en` AS hotel FROM `user`, `comment`, `hotel` WHERE `user`.`user_id` = `comment`.`user_id` AND `comment`.`hotel_id` = `hotel`.`hotel_id` ORDER BY `comment`.`validated` DESC, `comment`.`created_at` DESC LIMIT 10;';
$stmt = $dbh->prepare($sql);
$executed = $stmt->execute();
$tab = $stmt->fetchAll();
?>
<br>
<hr>
<br>
<h2>Last Comments</h2>
<table>
<tr>
<th>User ID</th>
<th>Name</th>
<th>Phone</th>
<th>Email</th>
function addParticipation()
{
$data = file_get_contents("php://input");
$objData = json_decode($data);
if (!isset($objData->data->hash)) {
$error = array("error" => "No hash value.");
return json_encode($error);
}
if (!isset($objData->data->user)) {
$error = array("error" => "No user value.");
return json_encode($error);
}
if (!isValidHash($objData->data->hash)) {
$error = array("error" => "Incorrect hash value.");
return json_encode($error);
}
$dbh = $GLOBALS['dbh'];
$id = -1;
$alreadyID = true;
$sql = "SELECT COUNT(`user_id`) AS count FROM `user` WHERE `facebook_id` LIKE :facebook_id;";
$stmt = $dbh->prepare($sql);
$executed = $stmt->execute(array(':facebook_id' => $objData->data->user->facebook_id));
if ($executed) {
$obj = $stmt->fetch(PDO::FETCH_LAZY);
if ($obj->count == 0) {
$alreadyID = false;
$error = array("error" => "noUser");
return json_encode($error);
}
} else {
$error = array("error" => "SELECT user fb_id query error.");
return json_encode($error);
}
if ($alreadyID) {
$dbh = resetPDO($dbh);
$sql = "INSERT INTO `participation`(`facebook_id`, `score`) VALUES (:facebook_id, :score);";
$stmt = $dbh->prepare($sql);
$executed = $stmt->execute(array(':facebook_id' => $objData->data->user->facebook_id, ':score' => $objData->data->user->score));
if ($executed) {
$id = $dbh->lastInsertId();
return $id;
} else {
$error = array("error" => "INSERT participation query error.");
return json_encode($error);
}
}
}
function play()
{
$data = file_get_contents("php://input");
$objData = json_decode($data);
if (!isset($objData->data->hash)) {
$error = array("error" => "No hash value.");
return json_encode($error);
}
if (!isset($objData->data->user)) {
$error = array("error" => "No user value.");
return json_encode($error);
}
if (!isValidHash($objData->data->hash)) {
$error = array("error" => "Incorrect hash value.");
return json_encode($error);
}
$dbh = $GLOBALS['dbh'];
$sql = "SELECT `credits` FROM `user` WHERE `user_id` = :id;";
$stmt = $dbh->prepare($sql);
$unsafeUserId = intval($objData->data->user->id);
$executed = $stmt->execute(array(':id' => $unsafeUserId));
if ($executed) {
if ($stmt->columnCount() > 0) {
$obj = $stmt->fetch(PDO::FETCH_LAZY);
if (intval($obj->credits) > 0) {
$dbh = resetPDO($dbh);
$sql = "UPDATE `user` SET `credits` = `credits`-1, `last_play` = CURDATE() WHERE `user_id` = :id;";
$stmt = $dbh->prepare($sql);
$executed = $stmt->execute(array(':id' => $unsafeUserId));
if ($executed) {
$dbh = resetPDO($dbh);
$sql = "SELECT `prize_id`, `name`, `quantity` FROM `prize` ORDER BY `prize_id`;";
$stmt = $dbh->prepare($sql);
$executed = $stmt->execute();
if ($executed) {
if ($stmt->columnCount() > 0) {
$prizes = $stmt->fetchAll();
$prize = 999;
$rand = rand(1, 500);
switch ($rand) {
case $rand == 1 && intval($prizes[0]['quantity']) > 0:
$prize = intval($prizes[0]['prize_id']);
break;
case $rand == 2 && intval($prizes[1]['quantity']) > 0:
$prize = intval($prizes[1]['prize_id']);
break;
case $rand == 3 && intval($prizes[2]['quantity']) > 0:
$prize = intval($prizes[2]['prize_id']);
break;
case $rand == 4 && intval($prizes[3]['quantity']) > 0:
$prize = intval($prizes[3]['prize_id']);
break;
case $rand == 5 && intval($prizes[4]['quantity']) > 0:
$prize = intval($prizes[4]['prize_id']);
break;
case $rand == 6 && intval($prizes[5]['quantity']) > 0:
$prize = intval($prizes[5]['prize_id']);
break;
}
if ($prize == 999 && intval($obj->credits) == 1 && intval($prizes[6]['quantity']) > 0) {
$prize = 7;
$dbh = resetPDO($dbh);
$sql = "SELECT COUNT(`user_id`) as total FROM `winner` WHERE `user_id` = :id AND (`prize_id` = 7 OR (DAY(`created_at`) = DAY(CURDATE()) AND MONTH(`created_at`) = MONTH(CURDATE()) AND YEAR(`created_at`) = YEAR(CURDATE())));";
$stmt = $dbh->prepare($sql);
$unsafeUserId = intval($objData->data->user->id);
$executed = $stmt->execute(array(':id' => $unsafeUserId));
if ($executed) {
$obj = $stmt->fetch(PDO::FETCH_LAZY);
if (intval($obj->total) == 0) {
$dbh = resetPDO($dbh);
$sql = "UPDATE `prize` SET `quantity` = `quantity`-1 WHERE `prize_id` = :prize_id;";
$stmt = $dbh->prepare($sql);
$executed = $stmt->execute(array(':prize_id' => $prize));
if ($executed) {
$dbh = resetPDO($dbh);
$sql = "INSERT INTO `winner`(`user_id`, `prize_id`) VALUES (:id, :prize);";
$stmt = $dbh->prepare($sql);
$executed = $stmt->execute(array(':id' => $unsafeUserId, ':prize' => $prize));
if ($executed) {
return $prize;
} else {
$error = array("error" => "INSERT winner7 query error.");
return json_encode($error);
}
} else {
$error = array("error" => "UPDATE quantity7 error.");
return json_encode($error);
}
} else {
return 999;
}
} else {
$error = array("error" => "SELECT user prize7 error.");
return json_encode($error);
}
} else {
if ($prize != 999) {
$dbh = resetPDO($dbh);
$sql = "SELECT COUNT(`user_id`) as total FROM `winner` WHERE `user_id` = :id AND `prize_id` != 7;";
$stmt = $dbh->prepare($sql);
$unsafeUserId = intval($objData->data->user->id);
$executed = $stmt->execute(array(':id' => $unsafeUserId));
if ($executed) {
$obj = $stmt->fetch(PDO::FETCH_LAZY);
if (intval($obj->total) == 0) {
$dbh = resetPDO($dbh);
$sql = "UPDATE `prize` SET `quantity` = `quantity`-1 WHERE `prize_id` = :prize_id;";
$stmt = $dbh->prepare($sql);
$executed = $stmt->execute(array(':prize_id' => $prize));
if ($executed) {
$dbh = resetPDO($dbh);
$sql = "INSERT INTO `winner`(`user_id`, `prize_id`) VALUES (:id, :prize);";
$stmt = $dbh->prepare($sql);
$executed = $stmt->execute(array(':id' => $unsafeUserId, ':prize' => $prize));
if ($executed) {
return $prize;
} else {
$error = array("error" => "INSERT winner query error.");
return json_encode($error);
}
} else {
$error = array("error" => "UPDATE quantity error.");
return json_encode($error);
}
} else {
return 999;
}
} else {
$error = array("error" => "SELECT user prize error.");
return json_encode($error);
}
} else {
return $prize;
}
}
} else {
$error = array("error" => "noPrizes");
return json_encode($error);
}
} else {
$error = array("error" => "SELECT prizes error.");
return json_encode($error);
}
} else {
$error = array("error" => "UPDATE credits error.");
return json_encode($error);
}
} else {
$error = array("error" => "noCredits");
return json_encode($error);
}
} else {
$error = array("error" => "noUser");
return json_encode($error);
}
} else {
$error = array("error" => "SELECT credits query error.");
return json_encode($error);
}
}
