function authenticateUser($user, $pass, $rfid, $db)
{
$user = mysqli_real_escape_string($db, $user);
$pass = mysqli_real_escape_string($db, md5(sha1($pass)));
$rfid = mysqli_real_escape_String($db, $rfid);
$ip = $_SERVER['REMOTE_ADDR'];
if ($user == "attendee") {
return false;
}
if (isset($_SESSION['authenticated'])) {
return false;
}
if ($result = mysqli_query($db, "SELECT * FROM allowedIps WHERE ip = '" . $ip . "';")) {
if (mysqli_num_rows($result) == 0) {
echo "Debug: user IP not in table" . $_SERVER['REMOTE_ADDR'];
return false;
}
}
if ($result = mysqli_query($db, "SELECT * FROM users WHERE (rfid_tag = '" . $rfid . "' AND username = '******' AND password = '******' AND username != 'attendee');")) {
if (mysqli_num_rows($result) == 0) {
echo "Debug: user allowed in IP, but not in table";
return false;
}
$data = $result->fetch_array(MYSQLI_ASSOC);
$_SESSION['admin'] = $data['admin'];
$_SESSION['cashier'] = $data['cashier'];
$_SESSION['registration'] = $data['registration'];
$_SESSION['authenticated'] = true;
$_SESSION['fullname'] = $data['fullname'];
echo "Debug: authenticated";
}
return true;
}
function getBio($competitorID)
{
global $con;
$competitorid = mysqli_real_escape_String($con, $competitorID);
// Selects basic bio data for athlete
$biosql = "SELECT forename, surname, gender, birthday, nationality\n\t\t\t\tFROM competitor\n\t\t\t\tWHERE competitorID = {$competitorID}";
$bioRes = mysqli_fetch_assoc(mysqli_query($con, $biosql));
return $bioRes;
}
function getAP($competitorID)
{
global $con;
$competitorid = mysqli_real_escape_String($con, $competitorID);
//Get Competitor Air Pistol Results
$apsql = "SELECT scoreap.*, shoot.*, event.*, meeting.*, (\n\t\t\t\tSELECT ratingap.rating\n\t\t\t\tFROM ratingap\n\t\t\t\tWHERE scoreap.scoreapID = ratingap.scoreapID\n\t\t\t\t) AS rating\n\t\t\t\tFROM scoreap\n\t\t\t\tINNER JOIN shoot ON scoreap.shootID = shoot.shootID\n\t\t\t\tINNER JOIN event ON shoot.eventID = event.eventID\n\t\t\t\tINNER JOIN meeting ON event.meetingID = meeting.meetingID\n\t\t\t\tWHERE scoreap.competitorID = {$competitorid}\n\t\t\t\tORDER BY scoreap.scoreapID DESC";
$apresults = mysqli_query($con, $apsql) or die(mysqli_error($con));
$resultsAP = mysqli_fetch_assoc($apresults);
return $resultsAP;
}
function getRating($competitorID, $discipline)
{
global $con;
// Sanitises parameters
$competitorid = mysqli_real_escape_String($con, $competitorID);
$discipline = mysqli_real_escape_String($con, $discipline);
// Get ratingID for Competitor, and get Ranking/Rating if ratingID exists
// Prone
if ($discipline == "pr") {
$pridsql = "SELECT MAX(ratingprID) AS prid\n\t\t\t\t\tFROM ratingpr\n\t\t\t\t\tWHERE competitorID = {$competitorid}";
// Check if the competitor has a Prone Rating
$row = mysqli_fetch_assoc(mysqli_query($con, $pridsql));
$prid = $row["prid"];
// If rating exists, get latest rating & rank
if ($prid !== NULL) {
$ratesql = "SELECT\n\t\t\t\tIFNULL((SELECT rating FROM ratingpr WHERE ratingprid = {$prid}),0) AS pronerate, \n\t\t\t\tIFNULL((SELECT rank FROM rankingpr WHERE ratingprid = {$prid} ORDER BY rankindexprid DESC LIMIT 1),0) AS pronerank";
$prRate = mysqli_fetch_assoc(mysqli_query($con, $ratesql));
return $prRate;
}
} elseif ($discipline == "tp") {
$tpidsql = "SELECT MAX(ratingtpID) AS tpid\n\t\t\t\t\tFROM ratingtp\n\t\t\t\t\tWHERE competitorID = {$competitorid}";
// Check if the competitor has a 3P Rating
$row = mysqli_fetch_assoc(mysqli_query($con, $tpidsql));
$tpid = $row["tpid"];
// If rating exists, get latest rating & rank
if ($tpid !== NULL) {
$ratesql = "SELECT \n\t\t\t\tIFNULL((SELECT rating FROM ratingtp WHERE ratingtpid = {$tpid}),0) AS tprate, \n\t\t\t\tIFNULL((SELECT rank FROM rankingtp WHERE ratingtpid = {$tpid} ORDER BY rankindextpid DESC LIMIT 1),0) AS tprank";
$tpRate = mysqli_fetch_assoc(mysqli_query($con, $ratesql));
return $tpRate;
}
} elseif ($discipline == "ar") {
$aridsql = "SELECT MAX(ratingarID) AS arid\n\t\t\t\t\tFROM ratingar\n\t\t\t\t\tWHERE competitorID = {$competitorid}";
// Check if the competitor has an Air Rifle Rating
$row = mysqli_fetch_assoc(mysqli_query($con, $aridsql));
$arid = $row["arid"];
// If rating exists, get latest rating & rank
if ($arid !== NULL) {
$ratesql = "SELECT \n\t\t\t\tIFNULL((SELECT rating FROM ratingar WHERE ratingarid = {$arid}),0) AS arrate, \n\t\t\t\tIFNULL((SELECT rank FROM rankingar WHERE ratingarid = {$arid} ORDER BY rankingindexarid DESC LIMIT 1),0) AS arrank";
$arRate = mysqli_fetch_assoc(mysqli_query($con, $ratesql));
return $arRate;
}
} elseif ($discipline == "ap") {
$apidsql = "SELECT MAX(ratingapID) AS apid\n\t\t\t\t\tFROM ratingap\n\t\t\t\t\tWHERE competitorID = {$competitorid}";
// Check if the competitor has an Air Pistol Rating
$row = mysqli_fetch_array(mysqli_query($con, $apidsql));
$apid = $row["apid"];
// If rating exists, get latest rating & rank
if ($apid !== NULL) {
$ratesql = "SELECT \n\t\t\t\tIFNULL((SELECT rating FROM ratingap WHERE ratingapid = {$apid}),0) AS aprate, \n\t\t\t\tIFNULL((SELECT rank FROM rankingap WHERE ratingapid = {$apid} ORDER BY rankingindexapid DESC LIMIT 1),0) AS aprank";
$apRate = mysqli_fetch_assoc(mysqli_query($con, $ratesql));
return $apRate;
}
}
}
<!-- This page selects all competitors from a specific shoot and recalculates
their live rating based on their performance in that shoot. It DOES NOT commit that rating
to the ranking system or update the rankings in any way. -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Ratings Generator</title>
</head>
<body>
<?php
include '../../scripts/connection.php';
$shoot = mysqli_real_escape_String($_POST["{$shoot}"]);
/* Select competitors and positions */
$positionsql = "SELECT scorepr.scoreprID, scorepr.shootID, scorepr.competitorID, scorepr.position,\n IFNULL((SELECT ratingpr.rating\n FROM ratingpr\n WHERE scorepr.competitorID = ratingpr.competitorID\n ORDER BY ratingpr.ratingprid DESC\n LIMIT 1\n ),1500) AS rating FROM scorepr\n WHERE scorepr.shootID = {$shoot}\n ORDER BY scorepr.position;";
$positionarray = mysqli_query($con, $positionsql);
/* Count number of rows */
$rows = mysqli_num_rows($positionarray);
echo "<p>Competitors: " . $rows . "</p>";
/* Sum ratings */
$sum = 0;
while ($row = mysqli_fetch_assoc($positionarray)) {
$sum += $row['rating'];
}
echo "<p>Sum of Ratings: " . $sum . "</p>";
/* Calculate competition average
[ Select competitor rating;
Subtract competitor rating from $sum;
function arrank($arrankID = 0, $limit = 0)
{
global $con;
$arindex = mysqli_real_escape_String($con, $arrankID);
$limit = mysqli_real_escape_String($con, $limit);
// Check if arrankID is set to default or if it has a non-zero value
if ($arindex == 0) {
// If no rankID is provided, select latest AP ranking ID.
$rankindexsql = "SELECT MAX(rankindexarID) AS id FROM rankindexar";
$arindex = mysqli_query($con, $rankindexsql) or die(mysqli_error($con));
$row = mysqli_fetch_assoc($arindex);
$arindex = $row["id"];
}
// Check there's a number there and we're not going to feed 'null' into the SQL
if (is_numeric($arindex)) {
// Select all competitors, ordered by rating.
if ($limit == 0) {
echo "AR Went ==";
$arsql = "SELECT rating, forename, surname, gender, nationality FROM ratingar\n\t\t\tINNER JOIN competitor ON competitor.competitorID = ratingar.competitorID\n\t\t\tINNER JOIN rankingar ON rankingar.ratingarID = ratingpr.ratingarID\n\t\t\tWHERE rankingar.rankindexarID = '{$arindex}'\n\t\t\tORDER BY rating DESC";
} elseif ($limit !== 0) {
$arsql = "SELECT rating, forename, surname, gender, nationality FROM ratingar\n\t\t\tINNER JOIN competitor ON competitor.competitorID = ratingar.competitorID\n\t\t\tINNER JOIN rankingar ON rankingar.ratingarID = ratingpr.ratingarID\n\t\t\tWHERE rankingar.rankindexarID = '{$arindex}'\n\t\t\tORDER BY rating DESC\n\t\t\tLIMIT {$limit}";
}
$rankingar = mysqli_query($con, $arsql) or die(mysqli_error($con));
return $rankingar;
} else {
return null;
}
}
<?php
//Fetches list of shoots at an event
include '../scripts/conn.php';
//POST in $event value & sanitise
$event = $_POST["shootevent"];
$event = mysqli_real_escape_String($event);
$sql = "SELECT shootID, name, courseID FROM shoot WHERE eventID = {$event}";
$event_res = mysqli_query($con, $sql) or die(mysqli_error());
while ($row = mysqli_fetch_array($event_res)) {
$shootid = $row["shootID"];
$name = $row["name"];
$courseid = $row["courseID"];
echo "<p>{$shootid}, {$name}, {$courseid}</p>";
}
?>
<?php
$success = "";
$e1 = "";
// Check whether form has been submitted
if (isset($_POST['submit'])) {
require '../../scripts/connection.php';
// Declare variables
$meetingname = mysqli_real_escape_String($con, $_POST["meetingname"]);
$meetingyear = mysqli_real_escape_String($con, $_POST["meetingyear"]);
// Validation
$flag = 0;
if (strlen($meetingname) <= 1) {
$flag = 1;
$e1 = "Please enter a Meeting Name";
}
// On success
if ($flag == 0) {
// Insert into DB
$sql = "INSERT INTO meeting (meetingname, year) VALUES ('{$meetingname}','{$meetingyear}')";
if (!mysqli_query($con, $sql)) {
die('Error: ' . mysqli_error($con));
} else {
$meetingid = mysqli_insert_id($con);
$success = "\"" . $meetingname . "\" was added successfully!";
}
// Close connection
mysqli_close($con);
}
}
?>
$disciplinename = $row["name"];
$doptions .= "<OPTION VALUE=\"{$disciplineid}\">" . $disciplinename . "</option>";
}
// Form action
$success = "";
$e1 = "";
$e2 = "";
$e3 = "";
// Check whether form has been submitted
if (isset($_POST['submit'])) {
// Declare variables
$eventmeeting = mysqli_real_escape_String($con, $_POST["eventmeeting"]);
$eventname = mysqli_real_escape_String($con, $_POST["eventname"]);
$eventdiscipline = mysqli_real_escape_String($con, $_POST["eventdiscipline"]);
$gender = mysqli_real_escape_String($con, $_POST["gender"]);
$entrants = mysqli_real_escape_String($con, $_POST["entrants"]);
// Validation
$flag = 0;
if ($eventmeeting == 0) {
$flag = 1;
$e1 = "Please choose a meeting.";
}
if (strlen($eventname) <= 1) {
$flag = 2;
$e2 = "Please enter an event name.";
}
if ($eventdiscipline == 0) {
$flag = 3;
$e3 = "Please select a discipline.";
}
// On success
$e1 = "";
$e2 = "";
$e3 = "";
$e4 = "";
$e5 = "";
// Check whether form has been submitted
if (isset($_POST['submit'])) {
// Declare variables
$shootmeet = mysqli_real_escape_String($con, $_POST["shootmeet"]);
$shootevent = mysqli_real_escape_String($con, $_POST["shootevent"]);
$shoottype = mysqli_real_escape_String($con, $_POST["shoottype"]);
$shootdated = mysqli_real_escape_String($con, $_POST["dated"]);
$shootdatem = mysqli_real_escape_String($con, $_POST["datem"]);
$shootdatey = mysqli_real_escape_String($con, $_POST["datey"]);
if (isset($_POST["decimal"])) {
$decimal = mysqli_real_escape_String($con, $_POST["decimal"]);
} else {
$decimal = "";
}
// Validation
$flag = 0;
if ($shootmeet == 0) {
$flag = 5;
$e5 = "Please select a meeting.";
}
if ($shootevent == 0) {
$flag = 1;
$e1 = "Please select an event.";
}
if ($shoottype == 0) {
$flag = 2;
