function dbUnlockTable($pdo = null)
{
global $_lockedTable;
$pdo = is_null($pdo) ? FlexiModelUtil::getInstance()->getXPDO() : $pdo;
$_lockedTable = array();
//free all tables
return dbExecute("UNLOCK TABLES", array(), $pdo);
}
function simpleDB($qry, $verbose, $write = false)
{
// Returns the single value from a query, return false in an error
// Handle memcache
global $memcache;
if (isset($memcache) && !$write) {
// Create a lookup key for memcache
$memcache_key = md5(DB_DATABASE . $qry);
// Lookup value in memcache
$result = $memcache->get($memcache_key);
// If memcache doesn't have the result
if ($result) {
return $result;
}
}
// Connect to the database with the READ or WRITE account
if ($write) {
$mysqli = @new mysqli(DB_HOST, DB_WRITE_USERNAME, DB_WRITE_PASSWORD, DB_DATABASE, DB_PORT);
} else {
$mysqli = @new mysqli(DB_HOST, DB_READ_USERNAME, DB_READ_PASSWORD, DB_DATABASE, DB_PORT);
}
// If there is an error in the database connection, prevent the page from loading
//if ($mysqli->connect_error) die("Database is offline for maintenance: ".$mysqli->connect_error);
if ($mysqli->connect_error) {
die("Database is offline for maintenance.");
}
// Prepare the SQL statement
$stmt = $mysqli->prepare($qry);
$return = false;
// Execute the statement
if (dbExecute($stmt, $verbose, $mysqli)) {
// Store the result
$stmt->store_result();
// Count the number of rows before binding
$rowcount = $mysqli->affected_rows;
// If SQL is using SELECT, return the results
if (!$write) {
try {
// Bind the result
if (!@$stmt->bind_result($a)) {
// If the statement caused an error, throw an error
throw new Exception(mysqli_errno($mysqli) . ": " . mysqli_error($mysqli));
}
// If a record is returned
if ($rowcount > 0) {
while ($stmt->fetch()) {
// Return the first variable
$return = stripslashes($a);
}
} else {
$return = false;
}
} catch (Exception $e) {
// If the output should be verbose
if ($verbose) {
$output = "Query error: " . $qry . " - " . $e->getMessage();
print_r($output);
}
}
}
}
// Close the connection
$stmt->close();
// Handle memcache
if (isset($memcache) && !$write) {
$memcache->set($memcache_key, $result, MEMCACHE_ADD_FLAG, MEMCACHE_ADD_TIMEOUT);
}
return $return;
}
<?php
include __DIR__ . "/include.php";
check_access(TEACHER);
list($user, $email, $password, $password2) = apiCheckParams("user", "email", "password", "password2");
apiCheck(isAdmin() || $user === $_SESSION["user"], "Keine Berechtigung");
apiCheck(dbExists("SELECT id FROM user WHERE id = :id", ["id" => $user]), "Unbekannter Benutzer");
if ($email) {
apiCheck(filter_var($email, FILTER_VALIDATE_EMAIL), "Bitte eine gültige Email angeben.");
apiCheck(!dbExists("SELECT id FROM user WHERE email = :email", ['email' => $email]), "Diese E-Mail-Adresse ist bereits vergeben.");
}
apiCheck($password == $password2, "Die Passwörter müssen übereinstimmen.");
apiAction(function () use($user, $password, $email) {
if ($email) {
dbExecute("UPDATE user SET email = :email WHERE id = :id", ["email" => $email, "id" => $user]);
}
if ($password) {
$password_hash = password_hash($password, PASSWORD_DEFAULT);
dbExecute("UPDATE user SET password = :password WHERE id = :id", ["password" => $password_hash, "id" => $user]);
}
});
<?php
include __DIR__ . "/include.php";
list($email) = apiCheckParams("email");
$email = trim($email);
apiCheck(filter_var($email, FILTER_VALIDATE_EMAIL), "Bitte eine gültige Email angeben.");
apiAction(function () use($email) {
// don't leak information over registered emails
$user = fetch("SELECT id FROM user WHERE email = :email", ["email" => $email]);
if ($user !== false) {
// from http://stackoverflow.com/a/17649993
$rand = bin2hex(openssl_random_pseudo_bytes(16));
dbExecute("INSERT INTO forgot (id, user, created_at) VALUES (:rand, :user, NOW())", ["user" => $user->id, "rand" => $rand]);
own_mail($email, "Passwort vergessen", "Hallo,\r\num dein Passwort zurückzusetzen gehe bitte auf diesen Link: https://www.weltfairsteher.de/resetPassword.php?forgotid={$rand}\r\nViele Grüße\r\nDein Weltfairsteher Team");
}
});
/**
* Prepare to remove a cache of classes
*
* @param array $params Database access data and other parameters
*
* @return bool
*/
function doRemoveCache($params)
{
$result = true;
$pdoErrorMsg = '';
\Includes\Decorator\Utils\CacheManager::cleanupCacheIndicators();
\Includes\Decorator\Utils\CacheManager::cleanupRebuildIndicator();
// Remove all LiteCommerce tables if exists
$connection = dbConnect($params, $pdoErrorMsg);
if ($connection) {
// Check if LiteCommerce tables is already exists
$res = dbFetchAll('SHOW TABLES LIKE \'xlite_%\'');
if (is_array($res)) {
dbExecute('SET FOREIGN_KEY_CHECKS=0', $pdoErrorMsg);
foreach ($res as $row) {
$tableName = array_pop($row);
$pdoErrorMsg = '';
$_query = sprintf('DROP TABLE `%s`', $tableName);
dbExecute($_query, $pdoErrorMsg);
if (!empty($pdoErrorMsg)) {
$result = false;
break;
}
}
$pdoErrorMsg2 = '';
dbExecute('SET FOREIGN_KEY_CHECKS=1', $pdoErrorMsg2);
if (empty($pdoErrorMsg)) {
$pdoErrorMsg = $pdoErrorMsg2;
}
}
} else {
$result = false;
}
if (!$result) {
x_install_log(xtr('doRemoveCache() failed'), $pdoErrorMsg);
}
return $result;
}
<?php
include __DIR__ . "/include.php";
check_access(ADMIN);
list($points, $description) = apiCheckParams("points", "description");
$description = trim($description);
apiCheck(ctype_digit($points), "Punkte müssen eine Zahl sein");
apiCheck(!dbExists("SELECT id FROM milestone WHERE points = :p", ["p" => $points]), "Punkte schon vorhanden");
apiCheck(strlen($description) !== 0, "Beschreibung darf nicht leer sein");
apiAction(function () use($points, $description) {
dbExecute("INSERT INTO milestone (points, description) VALUES (:points, :description)", ["points" => $points, "description" => $description]);
});
<?php
include __DIR__ . "/include.php";
check_access(ADMIN);
list($id) = apiCheckParams("id");
apiAction(function () use($id) {
dbExecute("DELETE FROM feedback WHERE challenge = :id", ['id' => $id]);
dbExecute("DELETE FROM solved_challenge WHERE challenge = :id", ['id' => $id]);
dbExecute("DELETE FROM challenge WHERE id = :id", ['id' => $id]);
});
<?php
include __DIR__ . "/include.php";
check_access(ADMIN);
list($m, $points, $description) = apiCheckParams("milestone", "points", "description");
$description = trim($description);
apiCheck(dbExists("SELECT id FROM milestone WHERE id = :id", ["id" => $m]), "Unbekannte Etappe");
if ($points) {
apiCheck(ctype_digit($points), "Punkte müssen eine Zahl sein");
apiCheck(!dbExists("SELECT id FROM milestone WHERE points = :p", ["p" => $points]), "Punkte schon vorhanden");
}
apiAction(function () use($m, $points, $description) {
if ($points) {
dbExecute("UPDATE milestone SET points = :points WHERE id = :id", ["points" => $points, "id" => $m]);
}
if ($description) {
dbExecute("UPDATE milestone SET description = :description WHERE id = :id", ["description" => $description, "id" => $m]);
}
});
<?php
include __DIR__ . "/include.php";
check_access(ADMIN);
list($name, $teacher, $class) = apiCheckParams("name", "teacher", "class");
$name = trim($name);
apiCheck(dbExists("SELECT id FROM class WHERE id = :id", ["id" => $class]), "Klasse existiert nicht.");
if (!empty($name)) {
apiCheck(!dbExists("SELECT id FROM class WHERE name = :name", ["name" => $name]), "Name ist bereits vorhanden.");
}
if ($teacher >= 0) {
apiCheck(dbExists("SELECT id FROM user WHERE id = :id", ["id" => $teacher]), "Lehrer existiert nicht.");
}
apiAction(function () use($class, $name, $teacher, $db) {
if (!empty($name)) {
dbExecute("UPDATE class SET name = :name WHERE id = :id ", ["name" => $name, "id" => $class]);
}
if ($teacher >= 0) {
dbExecute("UPDATE class SET teacher = :teacher WHERE id = :id ", ["teacher" => $teacher, "id" => $class]);
}
});
/**
* Execute a set of SQL queries from file
*
* @param string $fileName The name of file which contains SQL queries
* @param bool $ignoreErrors Ignore errors flag
* @param bool $is_restore ?
*
* @return bool
*/
function uploadQuery($fileName, $ignoreErrors = false, $is_restore = false)
{
$fp = @fopen($fileName, 'rb');
if (!$fp) {
echo '<font color="red">[Failed to open ' . $fileName . ']</font></pre>' . "\n";
return false;
}
$command = '';
$counter = 1;
while (!feof($fp)) {
$c = '';
// read SQL statement from file
do {
$c .= fgets($fp, 1024);
$endPos = strlen($c) - 1;
} while (substr($c, $endPos) != "\n" && !feof($fp));
$c = chop($c);
// skip comments
if (substr($c, 0, 1) == '#' || substr($c, 0, 2) == '--') {
continue;
}
// parse SQL statement
$command .= $c;
if (substr($command, -1) == ';') {
$command = substr($command, 0, strlen($command) - 1);
$table_name = '';
if (preg_match('/^CREATE TABLE `?([_a-zA-Z0-9]*)`?/i', $command, $matches)) {
$table_name = $matches[1];
echo 'Creating table [' . $table_name . '] ... ';
} elseif (preg_match('/^ALTER TABLE `?([_a-zA-Z0-9]*)`?/i', $command, $matches)) {
$table_name = $matches[1];
echo 'Altering table [' . $table_name . '] ... ';
} elseif (preg_match('/^DROP TABLE IF EXISTS `?([_a-zA-Z0-9]*)`?/i', $command, $matches)) {
$table_name = $matches[1];
echo 'Deleting table [' . $table_name . '] ... ';
} else {
$counter++;
}
// Execute SQL query
dbExecute($command, $myerr);
// check for errors
if (!empty($myerr)) {
showQueryStatus($myerr, $ignoreErrors);
if (!$ignoreErrors) {
break;
}
} elseif ($table_name != "") {
echo '<font color="green">[OK]</font><br />' . "\n";
} elseif (!($counter % 5)) {
echo '.';
}
$command = '';
flush();
}
}
fclose($fp);
if ($counter > 20) {
print "<br />\n";
}
return !$is_restore && $ignoreErrors ? true : empty($myerr);
}
$userid = fetch("SELECT user, created_at FROM forgot WHERE id = :id", ["id" => $forgotid]);
$valid = true;
$delete = false;
if ($userid === false) {
$valid = false;
} else {
if (strtotime($userid->created_at) + EXPIRE_TIME < time()) {
// expired
$valid = false;
$delete = true;
}
}
if ($valid) {
$delete = true;
// log the user in
$user = fetch("SELECT id, role FROM user WHERE id = :id", ["id" => $userid->user]);
$_SESSION["role"] = $user->role;
$_SESSION["user"] = $user->id;
?>
<b style="margin-left: 30%;"> Jippie, Sie sind wieder da! In wenigen Augenblicken geht´s weiter... </b>
<script type="text/javascript">
setTimeout(function() {window.location = "teacher.php#changeUser"}, 1);
</script>
<?php
} else {
echo "Ungültiger Link!";
}
if ($delete) {
dbExecute("DELETE FROM forgot WHERE id = :id", ["id" => $forgotid]);
}
include "include/footer.php";
<?php
include __DIR__ . "/include.php";
check_access(ADMIN);
list($teacher) = apiCheckParams("teacher");
apiCheck(dbExists("SELECT id FROM user WHERE id = :teacher AND role != :admin", ['teacher' => $teacher, "admin" => ADMIN]), "Lehrer existiert nicht oder ist ein Admin");
apiCheck(!dbExists("SELECT id FROM class WHERE teacher = :id", ["id" => $teacher]), "Benutzer kann nur entfernt werden, wenn er keine Klassen mehr hat.");
apiAction(function () use($teacher, $db) {
$statement = $db->prepare("DELETE FROM user WHERE id = :teacher");
$result = $statement->execute(['teacher' => $teacher]);
dbExecute("DELETE FROM forgot WHERE user = :id", ["id" => $id]);
});
<?php
include __DIR__ . "/include.php";
check_access(ADMIN);
list($id) = apiCheckParams("id");
apiAction(function () use($id) {
dbExecute("UPDATE challenge SET author = NULL WHERE author = :id", ["id" => $id]);
dbExecute("DELETE FROM solved_challenge WHERE class = :id", ['id' => $id]);
dbExecute("DELETE FROM suggested WHERE class = :id", ['id' => $id]);
dbExecute("DELETE FROM class WHERE id = :id", ['id' => $id]);
});
function zdb_Execute($tagId, &$arrayTag, &$arrayTagId, $arrayOrder)
{
$arrParam = $arrayTag[$tagId][ztagParam];
$strId = $arrParam["id"];
$strUse = $arrParam["use"];
$errorMessage .= ztagParamCheck($arrParam, "use");
if ($arrayTag[$tagId][ztagContentWidth]) {
$strContent = ztagVars($arrayTag[$tagId][ztagContent], $arrayTagId);
$strLocalId = $strUse;
if ($strId) {
$strLocalId = $strId;
$arrayTagId[$strId][ztagIdValue] = $strContent;
$arrayTagId[$strId][ztagIdLength] = strlen($strContent);
$arrayTagId[$strId][ztagIdType] = idTypeExecute;
$arrayTagId[$strId][ztagIdHandle] = $arrayTagId[$strUse][ztagIdHandle];
}
dbExecute($arrayTagId[$strLocalId][ztagIdHandle], $strContent);
} else {
$errorMessage .= "<br />Tag Execute cannot be empty!";
}
ztagError($errorMessage, $arrayTag, $tagId);
}
/**
* Building cache and installing database
*
* @param array $params
* @param boolean $silentMode Silent mode
*
* @return bool
*/
function module_install_cache(&$params, $silentMode = false)
{
global $error;
$result = false;
if (!empty($params['new_installation']) && 'Y' == $params['demo']) {
$dump_file = LC_DIR_ROOT . 'dump.sql';
if (file_exists($dump_file) && is_readable($dump_file)) {
echo xtr('Uploading dump.sql into database...');
$sql = file_get_contents($dump_file);
$sql = str_replace('`xlite_', '`' . $params['mysqlprefix'], $sql);
$randPrefix = rand(0, 99);
$sql = str_replace('`FK_', '`FK_' . $randPrefix, $sql);
$sql = str_replace('`IDX_', '`IDX_' . $randPrefix, $sql);
// Drop existing X-Cart tables
if (doDropDatabaseTables($params)) {
// Load SQL dump to the database
$pdoErrorMsg = '';
dbExecute($sql, $pdoErrorMsg);
if (empty($pdoErrorMsg)) {
$result = true;
}
}
@unlink($dump_file);
if ($result) {
echo '<span class="status-ok">OK</span>';
echo '<br /><p>' . xtr('Redirecting to the next step...') . '</p>';
?>
<script type="text/javascript">
function isProcessComplete() {
if (document.getElementById('next-button')) {
setNextButtonDisabled(false, true);
setNextButtonDisabled(true);
document.getElementById('back-button').disabled = 'disabled';
} else {
setTimeout('isProcessComplete()', 1000);
}
}
window.onload = function () {
setNextButtonDisabled(true);
}
setTimeout('isProcessComplete()', 1000);
</script>
<?php
}
}
}
if (!$result) {
$result = doPrepareFixtures($params, $silentMode);
if ($result) {
doRemoveCache(null);
?>
<div id="cache-rebuild-failed" class="cache-error" style="display: none;"><span><?php
echo xtr('Oops! Cache rebuild failed.');
?>
</span> <?php
echo xtr('Check for possible reasons <a href="http://kb.x-cart.com/pages/viewpage.action?pageId=7504578">here</a>.');
?>
</div>
<iframe id="process_iframe" style="padding-top: 15px;" src="admin.php?doNotRedirectAfterCacheIsBuilt&<?php
echo time();
?>
" width="100%" height="300" frameborder="0" marginheight="10" marginwidth="10"></iframe>
<br />
<br />
<br />
<?php
echo xtr('Building cache notice');
?>
<script type="text/javascript">
var errCount = 0;
var isStopped = false;
function isProcessComplete() {
var iframe = document.getElementById('process_iframe').contentWindow.document;
if (iframe.getElementById('finish')) {
resetCacheWindowContent();
} else {
if (iframe.readyState == 'complete') {
if (errCount > 60) {
var pattern = /^.*Deploying store \[step (\d+) of (\d+)\].*$/m;
var matches = iframe.body.innerHTML.match(pattern);
processCacheRebuildFailure(matches);
isStopped = true;
} else {
errCount = errCount + 1;
}
} else {
errCount = 0;
}
setTimeout('isProcessComplete()', 1000);
}
}
setTimeout('isProcessComplete()', 1000);
</script>
<?php
} else {
fatal_error(xtr('Error has encountered while creating fixtures or modules list.'), 'file', 'fixtures');
}
$error = true;
}
return false;
}
<?php
include __DIR__ . "/include.php";
//check_access(TEACHER);
list($link, $title, $type, $category, $captcha) = apiCheckParams("link", "title", "type", "category", "captcha_code");
apiCheck(strlen($link) != 0, "Link darf nicht leer sein");
apiCheck(strlen($title) != 0, "Titel darf nicht leer sein");
apiCheck($category == "other" || array_filter($categories, function ($cat) use($category) {
return $cat->name === $category;
}), "Ungültige Kategorie");
apiCheck(array_filter($leckerwissenTypes, function ($t) use($type) {
return $t["name"] === $type;
}), "Ungültiger Typ");
apiCheck($captcha === $_SESSION['captcha_spam'], "Der Captcha-Code war leider falsch!");
apiAction(function () use($link, $title, $type, $category) {
dbExecute("INSERT INTO leckerwissen (link, title, type, category) VALUES (:link, :title, :type, :category)", ["link" => $link, "title" => $title, "type" => $type, "category" => $category]);
});
<?php
include __DIR__ . "/include.php";
check_access(ADMIN);
list($id, $table) = apiCheckParams("id", "table");
// user has special rules (can't delete admin)
if (in_array($table, ["leckerwissen", "milestone", "suggested", "solved_challenge"])) {
apiCheck(dbExists("SELECT id FROM {$table} WHERE id = :id", ['id' => $id]), "Eintrag existiert nicht!");
} else {
apiAddError("Ungültiger Tabellenname");
}
apiAction(function () use($id, $table) {
dbExecute("DELETE FROM {$table} WHERE id = :id", ['id' => $id]);
});
}
if ($category) {
apiCheck(array_filter($categories, function ($cat) use($category) {
return $cat->name === $category;
}), "Ungültige Kategorie");
}
if ($location) {
apiCheck(array_filter($locationTypes, function ($lt) use($location) {
return $lt["name"] === $location;
}), "Ungültige Location!");
}
apiAction(function () use($c, $name, $desc, $points, $category, $location, $extrapoints) {
if ($name) {
dbExecute("UPDATE challenge SET name = :name WHERE id = :id", ["id" => $c, "name" => $name]);
}
if ($desc) {
dbExecute("UPDATE challenge SET description = :desc WHERE id = :id", ["id" => $c, "desc" => $desc]);
}
if ($points) {
dbExecute("UPDATE challenge SET points = :points WHERE id = :id", ["id" => $c, "points" => $points]);
}
if ($extrapoints !== "nochange") {
dbExecute("UPDATE challenge SET extrapoints = :extrapoints WHERE id = :id", ["id" => $c, "extrapoints" => $extrapoints]);
}
if ($category) {
dbExecute("UPDATE challenge SET category = :category WHERE id = :id", ["id" => $c, "category" => $category]);
}
if ($location) {
dbExecute("UPDATE challenge SET location = :location WHERE id = :id", ["id" => $c, "location" => $location]);
}
});
<?php
include __DIR__ . "/include.php";
check_access(TEACHER);
list($challenge, $fun, $integration, $duration, $problems, $comment) = apiCheckParams("challenge", "fun", "integration", "duration", "problems", "comment");
apiCheck(ctype_digit($fun) && ctype_digit($integration) && ctype_digit($duration) && ctype_digit($problems), "Werte müssen Zahlen sein!");
$challengeRow = fetch("SELECT name FROM challenge WHERE id = :id", ["id" => $challenge]);
apiCheck($challengeRow !== false, "Unbekannte Challenge");
apiAction(function () use($challenge, $fun, $integration, $duration, $problems, $comment, $challengeRow) {
dbExecute("INSERT INTO feedback (challenge, fun, integration, duration, problems, comment) VALUES (:challenge, :fun, :integration, :duration, :problems, :comment)", ["challenge" => $challenge, "fun" => $fun, "integration" => $integration, "duration" => $duration, "problems" => $problems, "comment" => $comment]);
own_mail("*****@*****.**", "Neues Feedback", "Es ist ein neues Feedback für die Challenge " . e($challengeRow->name) . " eingegangen.\r\nGehe auf www.weltfairsteher.de/feedback.php zu anzeigen!");
});
<?php
include __DIR__ . "/include.php";
check_access(ADMIN);
list($lw, $link, $title, $type, $category) = apiCheckParams("lw", "link", "title", "type", "category");
apiCheck(dbExists("SELECT id FROM leckerwissen WHERE id = :id", ["id" => $lw]), "Ungültiges Leckerwissen");
if ($category) {
apiCheck($category == "other" || array_filter($categories, function ($cat) use($category) {
return $cat->name === $category;
}), "Ungültige Kategorie");
}
if ($type) {
apiCheck(array_filter($leckerwissenTypes, function ($t) use($type) {
return $t["name"] === $type;
}), "Ungültiger Typ");
}
apiAction(function () use($lw, $link, $title, $type, $category) {
if ($link) {
dbExecute("UPDATE leckerwissen SET link = :link WHERE id = :id", ["id" => $lw, "link" => $link]);
}
if ($title) {
dbExecute("UPDATE leckerwissen SET title = :title WHERE id = :id", ["id" => $lw, "title" => $title]);
}
if ($category) {
dbExecute("UPDATE leckerwissen SET category = :category WHERE id = :id", ["id" => $lw, "category" => $category]);
}
if ($type) {
dbExecute("UPDATE leckerwissen SET type = :type WHERE id = :id", ["id" => $lw, "type" => $type]);
}
});
<?php
include __DIR__ . "/include.php";
check_access(TEACHER);
list($class, $challenge) = apiCheckParams("class", "challenge");
$user = $_SESSION["user"];
$extra = isset($_POST["extra"]);
apiCheck(dbExists(isTeacher() ? "SELECT id FROM class WHERE id = :class AND teacher = :teacher" : "SELECT id FROM class WHERE id = :class AND :teacher != -1", ['class' => $class, "teacher" => $user]), "Ungültige Klasse");
apiCheck(dbExists("SELECT id FROM challenge WHERE id = :id", ["id" => $challenge]), "Ungültige Challenge");
apiCheck(!dbExists("SELECT * FROM solved_challenge WHERE class = :class AND challenge = :challenge", ["class" => $class, "challenge" => $challenge]), "Challenge wurde von der Klasse schon gelöst");
apiCheck(!$extra || dbExists("SELECT id FROM challenge WHERE id = :id AND extrapoints IS NOT NULL", ["id" => $challenge]), "Kann keine Extrapunkte für Challenge ohne Extrapunkte setzen!");
apiAction(function () use($class, $challenge, $extra) {
checkMilestone($class, function () use($class, $challenge, $extra) {
dbExecute("INSERT INTO solved_challenge (class, challenge, extra, at) VALUES (:class, :challenge, :extra, NOW())", ["class" => $class, "challenge" => $challenge, "extra" => $extra]);
});
});
$extrapoints = null;
}
apiCheck(ctype_digit($points), "Punkte müssen eine Zahl sein");
apiCheck(!$extrapoints || ctype_digit($extrapoints), "Extrapunkte müssen eine Zahl sein");
apiCheck(strlen($title) !== 0, "Titel darf nicht leer sein");
apiCheck(strlen($desc) !== 0, "Beschreibung darf nicht leer sein");
apiCheck(isAdmin() || dbExists("SELECT id FROM class WHERE id = :id AND teacher = :teacher", ["id" => $class, "teacher" => $user]), "Keine Berechtigung für diese Klasse");
apiCheck(!$suggested || dbExists("SELECT id FROM class WHERE id = :id", ["id" => $class]), "Ungültige Klasse");
apiCheck(isAdmin() || $suggested, "Keine Berechtigung");
apiCheck($suggested || $category === "selfmade" || array_filter($categories, function ($cat) use($category) {
return $cat->name === $category;
}), "Ungültige Kategorie");
apiCheck(array_filter($locationTypes, function ($lt) use($location) {
return $lt["name"] === $location;
}), "Ungültige Location!");
apiCheck(!$suggested || fetch("SELECT COUNT(*) AS count FROM (SELECT class FROM suggested UNION ALL SELECT author AS class FROM challenge) AS c WHERE c.class = :id", ["id" => $class])->count < MAX_SELFMADE_PER_CLASS, "Es sind maximal " . MAX_SELFMADE_PER_CLASS . " Eigenkreationen pro Klasse erlaubt.");
apiAction(function () use($title, $desc, $class, $points, $suggested, $category, $location, $extrapoints) {
if ($suggested) {
dbExecute("INSERT INTO suggested (title, description, class, points, location, extrapoints) VALUES (:title, :desc, :class, :points, :location, :extrapoints)", ["title" => $title, "desc" => $desc, "class" => $class, "points" => $points, "location" => $location, "extrapoints" => $extrapoints]);
foreach (fetchAll("SELECT email FROM user WHERE role = :admin", ["admin" => ADMIN]) as $admin) {
own_mail($admin->email, "Challenge vorgeschlagen", "Es wurde eine neue Challenge vorgeschlagen.\r\n\r\nTitel: {$title}\r\nBeschreibung:\r\n{$desc}\r\n\r\nZum Ablehnen oder Bestätigen bitte auf www.weltfairsteher.de/admin.php gehen.");
}
} else {
if (!dbExists("SELECT id FROM class WHERE id = :id", ["id" => $class])) {
$class = NULL;
}
checkMilestone($class, function () use($title, $desc, $class, $points, $suggested, $category, $location, $extrapoints) {
dbExecute("INSERT INTO challenge (name, description, author, points, category, author_time, location, extrapoints) VALUES (:title, :desc, :class, :points, :category, NOW(), :location, :extrapoints)", ["title" => $title, "desc" => $desc, "class" => $class, "points" => $points, "location" => $location, "category" => $category, "extrapoints" => $extrapoints]);
});
}
});
