function checkMilestone($class, $action) { if (!$class) { $action(); return; } $milestones = fetchAll("SELECT points FROM milestone ORDER BY points ASC"); $startPoints = array_pop(calculatePoints($class)["points"]); $action(); $endPoints = array_pop(calculatePoints($class)["points"]); $achieved = []; foreach ($milestones as $stone) { if ($stone->points > $endPoints) { break; } if ($stone->points > $startPoints) { array_push($achieved, $stone->points); } } if (empty($achieved)) { return; } $classInfo = fetch("SELECT c.name, u.email FROM class AS c JOIN user AS u ON c.teacher = u.id"); $n = ""; if (count($achieved) > 1) { $n = "n"; } foreach (fetchAll("SELECT email FROM user WHERE role = :admin", ["admin" => ADMIN]) as $admin) { own_mail($admin->email, "Etappe{$n} erreicht", "Guten Tag,\r\nDie Klasse \"{$classInfo->name}\" hat die Etappe{$n} " . implode(", ", $achieved) . " erreicht!\r\nDie Lehrkraft ist: {$classInfo->email} \r\n\r\nNachhaltige Grüße\r\nIhre Weltfairsteher-Website"); } own_mail($classInfo->email, "Etappe{$n} erreicht", "Herzlichen Glückwunsch, Ihre Klasse \"{$classInfo->name}\" hat bei WeltFAIRsteher die Etappe{$n} " . implode(", ", $achieved) . " erreicht!\r\nSie erhalten demnächst eine Überraschung per Post\r\n\r\nNachhaltige Grüße\r\nIhr WeltFAIRsteher-Team"); }
<?php include __DIR__ . "/include.php"; check_access(TEACHER); list($challenge, $fun, $integration, $duration, $problems, $comment) = apiCheckParams("challenge", "fun", "integration", "duration", "problems", "comment"); apiCheck(ctype_digit($fun) && ctype_digit($integration) && ctype_digit($duration) && ctype_digit($problems), "Werte müssen Zahlen sein!"); $challengeRow = fetch("SELECT name FROM challenge WHERE id = :id", ["id" => $challenge]); apiCheck($challengeRow !== false, "Unbekannte Challenge"); apiAction(function () use($challenge, $fun, $integration, $duration, $problems, $comment, $challengeRow) { dbExecute("INSERT INTO feedback (challenge, fun, integration, duration, problems, comment) VALUES (:challenge, :fun, :integration, :duration, :problems, :comment)", ["challenge" => $challenge, "fun" => $fun, "integration" => $integration, "duration" => $duration, "problems" => $problems, "comment" => $comment]); own_mail("*****@*****.**", "Neues Feedback", "Es ist ein neues Feedback für die Challenge " . e($challengeRow->name) . " eingegangen.\r\nGehe auf www.weltfairsteher.de/feedback.php zu anzeigen!"); });
<?php include __DIR__ . "/include.php"; list($email) = apiCheckParams("email"); $email = trim($email); apiCheck(filter_var($email, FILTER_VALIDATE_EMAIL), "Bitte eine gültige Email angeben."); apiAction(function () use($email) { // don't leak information over registered emails $user = fetch("SELECT id FROM user WHERE email = :email", ["email" => $email]); if ($user !== false) { // from http://stackoverflow.com/a/17649993 $rand = bin2hex(openssl_random_pseudo_bytes(16)); dbExecute("INSERT INTO forgot (id, user, created_at) VALUES (:rand, :user, NOW())", ["user" => $user->id, "rand" => $rand]); own_mail($email, "Passwort vergessen", "Hallo,\r\num dein Passwort zurückzusetzen gehe bitte auf diesen Link: https://www.weltfairsteher.de/resetPassword.php?forgotid={$rand}\r\nViele Grüße\r\nDein Weltfairsteher Team"); } });
$extrapoints = null; } apiCheck(ctype_digit($points), "Punkte müssen eine Zahl sein"); apiCheck(!$extrapoints || ctype_digit($extrapoints), "Extrapunkte müssen eine Zahl sein"); apiCheck(strlen($title) !== 0, "Titel darf nicht leer sein"); apiCheck(strlen($desc) !== 0, "Beschreibung darf nicht leer sein"); apiCheck(isAdmin() || dbExists("SELECT id FROM class WHERE id = :id AND teacher = :teacher", ["id" => $class, "teacher" => $user]), "Keine Berechtigung für diese Klasse"); apiCheck(!$suggested || dbExists("SELECT id FROM class WHERE id = :id", ["id" => $class]), "Ungültige Klasse"); apiCheck(isAdmin() || $suggested, "Keine Berechtigung"); apiCheck($suggested || $category === "selfmade" || array_filter($categories, function ($cat) use($category) { return $cat->name === $category; }), "Ungültige Kategorie"); apiCheck(array_filter($locationTypes, function ($lt) use($location) { return $lt["name"] === $location; }), "Ungültige Location!"); apiCheck(!$suggested || fetch("SELECT COUNT(*) AS count FROM (SELECT class FROM suggested UNION ALL SELECT author AS class FROM challenge) AS c WHERE c.class = :id", ["id" => $class])->count < MAX_SELFMADE_PER_CLASS, "Es sind maximal " . MAX_SELFMADE_PER_CLASS . " Eigenkreationen pro Klasse erlaubt."); apiAction(function () use($title, $desc, $class, $points, $suggested, $category, $location, $extrapoints) { if ($suggested) { dbExecute("INSERT INTO suggested (title, description, class, points, location, extrapoints) VALUES (:title, :desc, :class, :points, :location, :extrapoints)", ["title" => $title, "desc" => $desc, "class" => $class, "points" => $points, "location" => $location, "extrapoints" => $extrapoints]); foreach (fetchAll("SELECT email FROM user WHERE role = :admin", ["admin" => ADMIN]) as $admin) { own_mail($admin->email, "Challenge vorgeschlagen", "Es wurde eine neue Challenge vorgeschlagen.\r\n\r\nTitel: {$title}\r\nBeschreibung:\r\n{$desc}\r\n\r\nZum Ablehnen oder Bestätigen bitte auf www.weltfairsteher.de/admin.php gehen."); } } else { if (!dbExists("SELECT id FROM class WHERE id = :id", ["id" => $class])) { $class = NULL; } checkMilestone($class, function () use($title, $desc, $class, $points, $suggested, $category, $location, $extrapoints) { dbExecute("INSERT INTO challenge (name, description, author, points, category, author_time, location, extrapoints) VALUES (:title, :desc, :class, :points, :category, NOW(), :location, :extrapoints)", ["title" => $title, "desc" => $desc, "class" => $class, "points" => $points, "location" => $location, "category" => $category, "extrapoints" => $extrapoints]); }); } });