Esempio n. 1
0
function checkMilestone($class, $action)
{
    if (!$class) {
        $action();
        return;
    }
    $milestones = fetchAll("SELECT points FROM milestone ORDER BY points ASC");
    $startPoints = array_pop(calculatePoints($class)["points"]);
    $action();
    $endPoints = array_pop(calculatePoints($class)["points"]);
    $achieved = [];
    foreach ($milestones as $stone) {
        if ($stone->points > $endPoints) {
            break;
        }
        if ($stone->points > $startPoints) {
            array_push($achieved, $stone->points);
        }
    }
    if (empty($achieved)) {
        return;
    }
    $classInfo = fetch("SELECT c.name, u.email FROM class AS c JOIN user AS u ON c.teacher = u.id");
    $n = "";
    if (count($achieved) > 1) {
        $n = "n";
    }
    foreach (fetchAll("SELECT email FROM user WHERE role = :admin", ["admin" => ADMIN]) as $admin) {
        own_mail($admin->email, "Etappe{$n} erreicht", "Guten Tag,\r\nDie Klasse \"{$classInfo->name}\" hat die Etappe{$n} " . implode(", ", $achieved) . " erreicht!\r\nDie Lehrkraft ist: {$classInfo->email} \r\n\r\nNachhaltige Grüße\r\nIhre Weltfairsteher-Website");
    }
    own_mail($classInfo->email, "Etappe{$n} erreicht", "Herzlichen Glückwunsch, Ihre  Klasse \"{$classInfo->name}\" hat bei WeltFAIRsteher die Etappe{$n} " . implode(", ", $achieved) . " erreicht!\r\nSie erhalten demnächst eine Überraschung per Post\r\n\r\nNachhaltige Grüße\r\nIhr WeltFAIRsteher-Team");
}
<?php

include __DIR__ . "/include.php";
check_access(TEACHER);
list($challenge, $fun, $integration, $duration, $problems, $comment) = apiCheckParams("challenge", "fun", "integration", "duration", "problems", "comment");
apiCheck(ctype_digit($fun) && ctype_digit($integration) && ctype_digit($duration) && ctype_digit($problems), "Werte müssen Zahlen sein!");
$challengeRow = fetch("SELECT name FROM challenge WHERE id = :id", ["id" => $challenge]);
apiCheck($challengeRow !== false, "Unbekannte Challenge");
apiAction(function () use($challenge, $fun, $integration, $duration, $problems, $comment, $challengeRow) {
    dbExecute("INSERT INTO feedback (challenge, fun, integration, duration, problems, comment) VALUES (:challenge, :fun, :integration, :duration, :problems, :comment)", ["challenge" => $challenge, "fun" => $fun, "integration" => $integration, "duration" => $duration, "problems" => $problems, "comment" => $comment]);
    own_mail("*****@*****.**", "Neues Feedback", "Es ist ein neues Feedback für die Challenge " . e($challengeRow->name) . " eingegangen.\r\nGehe auf www.weltfairsteher.de/feedback.php zu anzeigen!");
});
<?php

include __DIR__ . "/include.php";
list($email) = apiCheckParams("email");
$email = trim($email);
apiCheck(filter_var($email, FILTER_VALIDATE_EMAIL), "Bitte eine gültige Email angeben.");
apiAction(function () use($email) {
    // don't leak information over registered emails
    $user = fetch("SELECT id FROM user WHERE email = :email", ["email" => $email]);
    if ($user !== false) {
        // from http://stackoverflow.com/a/17649993
        $rand = bin2hex(openssl_random_pseudo_bytes(16));
        dbExecute("INSERT INTO forgot (id, user, created_at) VALUES (:rand, :user, NOW())", ["user" => $user->id, "rand" => $rand]);
        own_mail($email, "Passwort vergessen", "Hallo,\r\num dein Passwort zurückzusetzen gehe bitte auf diesen Link: https://www.weltfairsteher.de/resetPassword.php?forgotid={$rand}\r\nViele Grüße\r\nDein Weltfairsteher Team");
    }
});
    $extrapoints = null;
}
apiCheck(ctype_digit($points), "Punkte müssen eine Zahl sein");
apiCheck(!$extrapoints || ctype_digit($extrapoints), "Extrapunkte müssen eine Zahl sein");
apiCheck(strlen($title) !== 0, "Titel darf nicht leer sein");
apiCheck(strlen($desc) !== 0, "Beschreibung darf nicht leer sein");
apiCheck(isAdmin() || dbExists("SELECT id FROM class WHERE id = :id AND teacher = :teacher", ["id" => $class, "teacher" => $user]), "Keine Berechtigung für diese Klasse");
apiCheck(!$suggested || dbExists("SELECT id FROM class WHERE id = :id", ["id" => $class]), "Ungültige Klasse");
apiCheck(isAdmin() || $suggested, "Keine Berechtigung");
apiCheck($suggested || $category === "selfmade" || array_filter($categories, function ($cat) use($category) {
    return $cat->name === $category;
}), "Ungültige Kategorie");
apiCheck(array_filter($locationTypes, function ($lt) use($location) {
    return $lt["name"] === $location;
}), "Ungültige Location!");
apiCheck(!$suggested || fetch("SELECT COUNT(*) AS count FROM (SELECT class FROM suggested UNION ALL SELECT author AS class FROM challenge) AS c WHERE c.class = :id", ["id" => $class])->count < MAX_SELFMADE_PER_CLASS, "Es sind maximal " . MAX_SELFMADE_PER_CLASS . " Eigenkreationen pro Klasse erlaubt.");
apiAction(function () use($title, $desc, $class, $points, $suggested, $category, $location, $extrapoints) {
    if ($suggested) {
        dbExecute("INSERT INTO suggested (title, description, class, points, location, extrapoints) VALUES (:title, :desc, :class, :points, :location, :extrapoints)", ["title" => $title, "desc" => $desc, "class" => $class, "points" => $points, "location" => $location, "extrapoints" => $extrapoints]);
        foreach (fetchAll("SELECT email FROM user WHERE role = :admin", ["admin" => ADMIN]) as $admin) {
            own_mail($admin->email, "Challenge vorgeschlagen", "Es wurde eine neue Challenge vorgeschlagen.\r\n\r\nTitel: {$title}\r\nBeschreibung:\r\n{$desc}\r\n\r\nZum Ablehnen oder Bestätigen bitte auf www.weltfairsteher.de/admin.php gehen.");
        }
    } else {
        if (!dbExists("SELECT id FROM class WHERE id = :id", ["id" => $class])) {
            $class = NULL;
        }
        checkMilestone($class, function () use($title, $desc, $class, $points, $suggested, $category, $location, $extrapoints) {
            dbExecute("INSERT INTO challenge (name, description, author, points, category, author_time, location, extrapoints) VALUES (:title, :desc, :class, :points, :category, NOW(), :location, :extrapoints)", ["title" => $title, "desc" => $desc, "class" => $class, "points" => $points, "location" => $location, "category" => $category, "extrapoints" => $extrapoints]);
        });
    }
});