From f91407f051b2b8869dfc3a7b24dc4108ba8a24ee Mon Sep 17 00:00:00 2001
From: Baptiste <baptiste.rebillard@outlook.fr>
Date: Wed, 15 Jun 2022 22:02:42 +0200
Subject: [PATCH] stat

---
 admin/stats.php | 133 ++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 133 insertions(+)

diff --git a/admin/stats.php b/admin/stats.php
index a2199a9..b5d4f8a 100644
--- a/admin/stats.php
+++ b/admin/stats.php
@@ -1,5 +1,64 @@
 <?php
 include "script.php";
+
+$req = $db->query('SELECT id, texte, points, team, id_staff FROM scores');
+
+
+if(isset($_GET['del']) AND !empty(['del']))
+{
+
+	$del = (int) htmlspecialchars($_GET['del']);
+
+	$req_del = $db->prepare("SELECT id_staff FROM scores WHERE id = ?");
+	$req_del->execute(array($del));
+
+	$staff = $req_del -> fetchAll(PDO::FETCH_ASSOC);
+
+	if($user['perm'] >= 2 OR $staff[0]['id_staff'] == $_SESSION['id']) {
+		$req_del = $db->prepare('DELETE FROM scores WHERE id =?');
+		$req_del->execute(array($del));
+		header('Location: stats.php');
+	}
+}
+
+if(isset($_POST['teamall'])) {
+	$req = $db->query('SELECT id, texte, points, team, id_staff FROM scores');
+}
+
+if(isset($_POST['team0'])) {
+	$req = $db->query('SELECT id, texte, points, team, id_staff FROM scores WHERE team = 0');
+}
+
+if(isset($_POST['team1'])) {
+	$req = $db->query('SELECT id, texte, points, team, id_staff FROM scores WHERE team = 1');
+}
+
+if(isset($_POST['send'])) {
+	if(isset($_POST['texte']) AND !empty($_POST['texte']) AND isset($_POST['point']) AND !empty($_POST['point']) AND isset($_POST['team']) AND !empty($_POST['team'])) {
+		$texte = htmlspecialchars($_POST['texte']);
+		$point = (int) htmlspecialchars($_POST['point']);
+		$team = htmlspecialchars($_POST['team']);
+
+		switch ($team) {
+		case "t0":
+			$team_int = 0;
+			break;
+	    case "t1":
+	    	$team_int = 1;
+	        break;
+		}
+
+		if(strlen($pseudo) <= 50) {
+			$req_ins = $db->prepare("INSERT INTO scores(texte, points, team, id_staff) VALUES(?, ?, ?, ?)");
+			$req_ins->execute(array($texte, $point, $team_int, $_SESSION['id']));
+			header('refresh:0');
+		} else {
+			$error = "le texte de doit pas dépasser 50 char";
+		}
+	} else {
+		$error = "Tout les champs doivent être complétés";
+	}
+}
 ?>
 <!DOCTYPE html>
 <html>
@@ -10,6 +69,80 @@ include "script.php";
 </head>
 <body>
     <main>
+    	<form method="POST">
+			<input type="text" placeholder="Texte" name="texte" class="input_inline">
+			<input type="number" placeholder="point" name="point" class="input_inline">
+			<select name="team" class="input_inline">
+				<option value="t0">Pkpeach</option>
+				<option value="t1">Boomario</option>
+			</select>
+			<input type="submit" name="send" value="Ajouter" class="submit_inline">
+		</form>
+		<?php
+		if(isset($error)) {
+			echo "<font color='red'>".$error."</font>";
+		}
+		?>
+		<br><br>
+		<form method="POST">
+			<input type="submit" name="teamall" value="All" class="submit_inline">
+			<input type="submit" name="team0" value="Pkpeach" class="submit_inline">
+			<input type="submit" name="team1" value="Boomario" class="submit_inline">
+		</form>
+		<br><br>
+		<table class="acces">
+			<tr>
+				<th width="10%">ID (db)</td>
+				<th width="40%">Texte</td>
+				<th width="20%">Points</td>
+				<th width="10%">Team</td>
+				<th width="10%">Staff</td>
+				<th width="10%">Action</td>
+			</tr>
+			<?php
+			while($stat = $req->fetch()) {
+			?>
+				<tr>
+					<td><?= $stat['id'] ?></td>
+					<td><?= $stat['texte'] ?></td>
+					<td><?= $stat['points'] ?></td>
+					<td><?php
+					switch ($stat['team']) {
+					case "0":
+						echo "Pkpeach";
+						break;
+				    case "1":
+				    	echo "Boomario";
+				        break;
+					}
+					?></td>
+					<td><?php
+					$req_adm = $db->prepare("SELECT pseudo FROM admin WHERE id = ?");
+					$req_adm->execute(array($stat['id_staff']));
+
+					$staff = $req_adm -> fetchAll(PDO::FETCH_ASSOC);
+
+					if(isset($staff[0]['pseudo'])) {
+						echo $staff[0]['pseudo']." (".$stat['id_staff'].")";
+					} else {
+						echo "<font color='red'>UNDEFINED</font> "."(".$stat['id_staff'].")";
+					}
+					
+					?></td>
+					<td><?php
+
+						$req_int = $db->prepare("SELECT id_staff FROM scores WHERE id = ?");
+						$req_int->execute(array($stat['id']));
+
+						$staff = $req_int -> fetchAll(PDO::FETCH_ASSOC);
+						
+						if($user['perm'] >= 2 OR $staff[0]['id_staff'] == $_SESSION['id']) {
+							?><a href="?del=<?= $stat['id'] ?>" class="cross">X</a></td><?php
+						}
+					?></td>
+				</tr>
+			<?php } ?>
+		</table>
     </main>
 </body>
 </html>
\ No newline at end of file