public function update($id)
{
$current_user = User::current();
if ($current_user->id != $id && !$current_user->isAdmin()) {
http_response_code(403);
echo "Not allowed";
return;
}
if (!Request::isPost()) {
http_response_code(400);
return;
}
$data = json_decode(file_get_contents('php://input'));
$update_data = array();
$valid_keys = array();
if ($current_user->isAdmin()) {
$valid_keys[] = "admin";
}
$user = $this->users->getById($id);
$vars = get_object_vars($user);
foreach ($vars as $k => $v) {
if (in_array($k, $valid_keys) && isset($data->{$k})) {
if ($data->{$k} != $v) {
$update_data[$k] = $data->{$k};
}
}
}
if (count($update_data) > 0) {
$this->users->update($user->id, $update_data);
Audit::log($current_user, 'update user ' . $user, $update_data);
}
}
public function create()
{
if (!Request::isPost()) {
http_response_code(400);
return;
}
$data = json_decode(file_get_contents('php://input'));
if (is_array($data)) {
$this->createMany($data);
return;
}
$current_user = User::current();
$user = User::instance()->findId($data->user_id);
if ($current_user->isAdmin()) {
if ($user == NULL) {
http_response_code(409);
echo 'Invalid user id';
return;
}
} else {
if ($current_user->id != $user->id) {
http_response_code(403);
echo 'User ID does not match current user';
return;
}
}
$data->user = $user->login;
$result = [];
if (!$this->validate_key($data, $result)) {
http_response_code($result['status']);
echo $result['message'];
return;
}
$this->sanitize_key($data);
$existing_key = $this->keys->getByUserHost($user, $data->host);
if ($existing_key != NULL) {
http_response_code(409);
echo 'Host already exists for that user';
return;
}
$key = $this->keys->create($user, $data->host, $data->hash);
Audit::log($current_user, 'create key ' . $key->id . ' for ' . $user, $key);
http_response_code(200);
echo json_encode($key, JSON_PRETTY_PRINT);
}
public function create()
{
if (Request::isPost()) {
//Checkbox validation
if ($_POST['participeAvant'] == "Yes") {
$participe_avant = 'true';
} else {
$participe_avant = 'false';
}
//date validation
$_POST['dateD'] = $this->validate_date($_POST['dateD']);
$_POST['dateF'] = $this->validate_date($_POST['dateF']);
if ($_POST['dateD'] != null && $_POST['dateF'] != null) {
if (!$this->is_date_higher($_POST['dateD'], $_POST['dateF'])) {
$_POST['dateD'] = null;
$_POST['dateF'] = null;
}
}
GUMP::set_field_name("titre", "\"Titre\"");
GUMP::set_field_name("dateD", "\"Date de début\"");
GUMP::set_field_name("dateF", "\"Date de fin\"");
GUMP::set_field_name("participeAvant", "\"Participe avant\"");
GUMP::set_field_name("nbParticipantsMax", "\"Nombre de participant max\"");
GUMP::set_field_name("image_concours", "\"Image\"");
$is_valid = GUMP::is_valid(array_merge($_POST, $_FILES), array('titre' => 'required', 'dateD' => 'required', 'dateF' => 'required', 'participeAvant' => 'boolean', 'nbParticipantsMax' => 'required|integer', 'image_concours' => 'required', 'nb_votes_max' => 'required|integer'));
//A modifier
$id_client = 1;
$image_concours = "image_concours";
//save de contest
if ($is_valid === true) {
/*
$concour = array(
'titre' => $_POST['titre'],
'theme' => $_POST['theme'],
'reglement' => $_POST['reglement'],
'description' => $_POST['description'],
'lots' => $_POST['lots'],
'dateD' => $_POST['dateD'],
'dateF' => $_POST['dateF'],
'nbParticipantsMax' => intval($_POST['nbPaticipantsMax']),
'participeAvant' => $_POST['participeAvant'],
'image_concours' => $image_concours,
'fk_id_client' => $id_client,
'nb_votes_max' => intval($_POST['nb_votes_max'])
);
*/
$query = "INSERT INTO concours(titre, theme, reglement, description, lots, \"dateD\",\n \"dateF\", \"nbParticipantsMax\", image_concours,\n \"participeAvant\", fk_id_client, nb_votes_max)\n\n VALUES ('" . $_POST['titre'] . "',' " . $_POST['theme'] . "', '" . $_POST['reglement'] . "', '" . $_POST['description'] . "', '" . $_POST['lots'] . "', '" . $_POST['dateD'] . "', '" . $_POST['dateF'] . "', " . intval($_POST['nbPaticipantsMax']) . ", '" . $image_concours . "', '" . $participe_avant . "', " . $id_client . ", '" . $_POST['nb_votes_max'] . "')";
$bdd = pg_connect(DB_CONFIG);
//$res = pg_insert($bdd, "concours", $concour);
$res = pg_query($bdd, $query);
pg_close($bdd);
if ($res) {
$data['saved_correctly'] = true;
} else {
$data['is_error'] = true;
$data['is_valid'] = array('Une erreur s\'est produite au moment de la sauvegarde');
}
} else {
$data['post'] = $_POST;
$data['is_error'] = true;
$data['is_valid'] = $is_valid;
}
}
$this->validate_date("4/13/2017");
$data['title'] = $this->language->get('createContest');
//Adding specific JS files
$data['js-datePlaceholder'] = true;
View::renderTemplate('backoffice/header', $data);
View::renderTemplate('backoffice/main_header', $data);
View::render('backoffice/contest/create', $data);
View::renderTemplate('backoffice/footer', $data);
}