2023-10-22 19:24:59 +02:00
|
|
|
<?php
|
|
|
|
|
|
|
|
|
|
|
2023-11-03 22:22:27 +01:00
|
|
|
include("test_creds.php");
|
2023-11-01 22:23:40 +01:00
|
|
|
|
2023-11-03 22:22:27 +01:00
|
|
|
$conn = new mysqli($servername, $username, $password,$dbname);
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// /!\ A CHANGER EN PROD /!\
|
|
|
|
|
$uploadDir = '/opt/lampp/htdocs/annales/archives/';
|
|
|
|
|
|
|
|
|
|
// le type de document est classifié entre 0 et n dans l'ensemble des entiers naturels
|
|
|
|
|
$max_val_type = 2;
|
2023-11-01 22:23:40 +01:00
|
|
|
|
|
|
|
|
// Liste des extensions autorisées pour les images
|
|
|
|
|
$image_extensions = [
|
|
|
|
|
'jpg',
|
|
|
|
|
'jpeg',
|
|
|
|
|
'png',
|
|
|
|
|
'gif',
|
|
|
|
|
'bmp',
|
|
|
|
|
'tiff',
|
|
|
|
|
'tif',
|
|
|
|
|
'webp',
|
|
|
|
|
'svg',
|
|
|
|
|
'ico',
|
|
|
|
|
'raw'];
|
|
|
|
|
|
|
|
|
|
// Liste des extensions autorisées pour les fichiers PDF
|
|
|
|
|
$pdf_extensions = ['pdf'];
|
|
|
|
|
|
|
|
|
|
// Liste des extensions autorisées pour les fichiers de présentation (par exemple, PowerPoint)
|
|
|
|
|
$presentation_extensions = ['ppt', 'pptx','odp','pptm','ppsx'];
|
|
|
|
|
|
|
|
|
|
// Fusionner les listes en une seule liste
|
2023-11-03 22:22:27 +01:00
|
|
|
$ext_autorisees = array_merge($image_extensions, $pdf_extensions, $presentation_extensions);
|
2023-11-01 22:23:40 +01:00
|
|
|
|
|
|
|
|
function check_ext($filename) {
|
|
|
|
|
$extension = pathinfo($filename, PATHINFO_EXTENSION);
|
|
|
|
|
return in_array(strtolower($extension), $GLOBALS["ext_autorisees"]);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2023-10-22 20:01:47 +02:00
|
|
|
function ajouter_doc($request){
|
2023-10-22 19:24:59 +02:00
|
|
|
|
2023-11-03 22:22:27 +01:00
|
|
|
global $conn;
|
2023-10-22 19:24:59 +02:00
|
|
|
|
2023-11-03 22:22:27 +01:00
|
|
|
print_r($request);
|
2023-10-22 20:09:34 +02:00
|
|
|
|
2023-10-22 20:01:47 +02:00
|
|
|
// Check connection
|
|
|
|
|
if ($conn->connect_error) {
|
|
|
|
|
die("Connection failed: " . $conn->connect_error);
|
|
|
|
|
}
|
2023-10-22 19:24:59 +02:00
|
|
|
|
2023-11-03 22:22:27 +01:00
|
|
|
$sql = "INSERT INTO ensemble (commentaire_auteur) VALUES(\"".htmlspecialchars($request['commentaire_auteur'])."\")";
|
2023-10-22 20:01:47 +02:00
|
|
|
|
|
|
|
|
try{
|
2023-10-22 20:09:34 +02:00
|
|
|
$conn->execute_query($sql);
|
2023-11-03 22:22:27 +01:00
|
|
|
saveFilesFromPost($request,mysqli_insert_id($conn));
|
2023-10-22 20:01:47 +02:00
|
|
|
}catch(Exception $e){
|
2023-11-03 22:22:27 +01:00
|
|
|
echo(json_encode(["status"=>"0","msg"=>$e->getMessage()]));
|
2023-10-22 19:24:59 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
2023-11-03 22:22:27 +01:00
|
|
|
function saveFilesFromPost($postData,$id_ensemble) {
|
|
|
|
|
|
|
|
|
|
global $conn;
|
|
|
|
|
|
|
|
|
|
|
2023-10-22 19:24:59 +02:00
|
|
|
// Check if the $_POST variable is set and contains files
|
2023-11-01 22:23:40 +01:00
|
|
|
echo(print_r($_FILES,true));
|
2023-11-05 16:49:48 +01:00
|
|
|
|
2023-11-03 22:22:27 +01:00
|
|
|
if (isset($_FILES) && is_array($_FILES)) {
|
|
|
|
|
|
2023-11-01 22:23:40 +01:00
|
|
|
|
|
|
|
|
|
|
|
|
|
// Iterate through each file in the $_FILES array
|
2023-11-05 16:49:48 +01:00
|
|
|
|
|
|
|
|
$safe_type = intval($postData['type']);
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
$i = 0;
|
2023-11-01 22:23:40 +01:00
|
|
|
foreach ($_FILES as $file) {
|
2023-10-22 19:24:59 +02:00
|
|
|
// Extract file information
|
2023-11-01 22:23:40 +01:00
|
|
|
if (isset($file['name'])){
|
2023-11-05 16:49:48 +01:00
|
|
|
$fileName = htmlspecialchars($file['name']);
|
2023-11-01 22:23:40 +01:00
|
|
|
if(!check_ext($fileName)){
|
|
|
|
|
echo(json_encode(["status"=>"0","msg"=>"Error saving file '$uniqueFileName'"]));
|
|
|
|
|
exit;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
}else{
|
|
|
|
|
echo("WTFFF");
|
|
|
|
|
print_r($file);
|
|
|
|
|
}
|
2023-10-22 19:24:59 +02:00
|
|
|
|
|
|
|
|
// Create a unique filename to avoid overwriting existing files
|
2023-11-05 16:49:48 +01:00
|
|
|
$uniqueFileName = uniqid() . '_' . $fileName;
|
2023-10-22 19:24:59 +02:00
|
|
|
|
|
|
|
|
// Define the path to save the file
|
2023-11-03 22:22:27 +01:00
|
|
|
$filePath = $GLOBALS['uploadDir'] . $uniqueFileName;
|
2023-10-22 19:24:59 +02:00
|
|
|
|
2023-11-01 22:23:40 +01:00
|
|
|
//echo($filePath."\n");
|
|
|
|
|
|
|
|
|
|
|
2023-10-22 19:24:59 +02:00
|
|
|
// Save the file
|
2023-11-01 22:23:40 +01:00
|
|
|
if (move_uploaded_file($file['tmp_name'], $filePath)) {
|
2023-10-22 19:24:59 +02:00
|
|
|
echo(json_encode(["status"=>"1","msg" =>"File '$uniqueFileName' has been saved successfully."]));
|
|
|
|
|
} else {
|
|
|
|
|
echo(json_encode(["status"=>"0","msg"=>"Error saving file '$uniqueFileName'"]));
|
2023-11-01 22:23:40 +01:00
|
|
|
exit;
|
|
|
|
|
|
2023-10-22 19:24:59 +02:00
|
|
|
}
|
2023-10-22 20:01:47 +02:00
|
|
|
|
2023-11-01 22:23:40 +01:00
|
|
|
|
|
|
|
|
|
|
|
|
|
try{
|
2023-10-22 20:01:47 +02:00
|
|
|
//update the database
|
|
|
|
|
$safe_titre = htmlspecialchars($postData['titre']);
|
2023-11-03 22:22:27 +01:00
|
|
|
|
|
|
|
|
global $max_val_type;
|
|
|
|
|
|
|
|
|
|
if ($safe_type < 1|| $safe_type > $max_val_type) {
|
|
|
|
|
echo(json_encode(['status'=> '2','msg'=>"Le type de document spécifié n'existe pas."]));
|
|
|
|
|
exit;
|
|
|
|
|
}
|
2023-10-22 20:01:47 +02:00
|
|
|
|
|
|
|
|
// pour tester, pas implémenté les commentaires globaux ni les themes
|
|
|
|
|
$sql="INSERT INTO documents (titre,type,upload_path,commentaire_auteur,ensemble_id) VALUES(?,?,?,?,?)";
|
2023-11-05 16:49:48 +01:00
|
|
|
$conn->execute_query($sql,array($safe_titre,$safe_type,$filePath,$postData['commentaire_doc_'.$i],$id_ensemble));
|
2023-11-01 22:23:40 +01:00
|
|
|
}catch(Exception $e){
|
2023-11-03 22:22:27 +01:00
|
|
|
echo(json_encode(['status'=> '0','msg'=>$e->getMessage()]));
|
|
|
|
|
//exit;
|
2023-11-01 22:23:40 +01:00
|
|
|
}
|
|
|
|
|
|
2023-11-05 16:49:48 +01:00
|
|
|
|
|
|
|
|
|
|
|
|
|
$i ++;
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// enregistrement des exercices dans le cas d'une annale
|
|
|
|
|
if($safe_type == 1){
|
|
|
|
|
|
|
|
|
|
$exercices = $postData['exercices'];
|
|
|
|
|
|
|
|
|
|
foreach ($exercices as $key => $ex) {
|
|
|
|
|
|
|
|
|
|
// premièrement, on enregistre l'exercice
|
|
|
|
|
$sql= 'INSERT INTO exercices (commentaire_auteur,ensemble_id,duree) VALUES(?,?,?)';
|
|
|
|
|
$conn->execute_query($sql,array($ex["commentaire_exo"],$id_ensemble,$ex["duree"]));
|
|
|
|
|
|
|
|
|
|
$id_exo = mysqli_insert_id($conn);
|
|
|
|
|
|
|
|
|
|
// on recherche pour chaque thème s'il n'existe pas déjà,
|
|
|
|
|
// si non, on en créer un nouveau
|
|
|
|
|
|
|
|
|
|
foreach($ex["themes"] as $theme){
|
|
|
|
|
|
|
|
|
|
// pour l'instant un match complet mais on va essayer d'ameliorer ça avec
|
|
|
|
|
// des regex
|
|
|
|
|
$sql= "SELECT id FROM themes WHERE name=\"".htmlspecialchars($theme)."\"";
|
|
|
|
|
$result = $conn->execute_query($sql);
|
|
|
|
|
if ($result){
|
|
|
|
|
if (mysqli_num_rows($result) > 0) {
|
|
|
|
|
$row = mysqli_fetch_assoc($result);
|
|
|
|
|
$id_theme = $row["id"];
|
|
|
|
|
}else{
|
|
|
|
|
|
|
|
|
|
$sql = "INSERT INTO themes (name) VALUES(?)";
|
|
|
|
|
$conn->execute_query($sql,array($theme));
|
|
|
|
|
|
|
|
|
|
$id_theme = mysqli_insert_id($conn);
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// ensuite, on enregistre les qui lui sont associés
|
|
|
|
|
$sql= 'INSERT INTO exercices_themes (exercice_id,theme_id) VALUES(?,?)';
|
|
|
|
|
$result = $conn->execute_query($sql,array($id_exo,$id_theme));
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
2023-10-22 19:24:59 +02:00
|
|
|
}
|
2023-11-01 22:23:40 +01:00
|
|
|
|
|
|
|
|
|
2023-11-05 16:49:48 +01:00
|
|
|
|
|
|
|
|
|
2023-10-22 19:24:59 +02:00
|
|
|
} else {
|
|
|
|
|
echo(json_encode(["status"=>"2","msg"=>"No files in the POST data."]));
|
2023-11-01 22:23:40 +01:00
|
|
|
exit;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
function searchExercises($query, $length, $tags)
|
|
|
|
|
{
|
|
|
|
|
$conn = new mysqli($GLOBALS["servername"], $GLOBALS["username"], $GLOBALS["password"], $GLOBALS["dbname"]);
|
|
|
|
|
|
|
|
|
|
if ($conn->connect_error) {
|
|
|
|
|
throw new Exception("Connection failed: " . $conn->connect_error);
|
2023-10-22 19:24:59 +02:00
|
|
|
}
|
2023-11-01 22:23:40 +01:00
|
|
|
|
|
|
|
|
// Build the SQL query based on the search parameters
|
|
|
|
|
$sql = "SELECT * FROM exercices";
|
|
|
|
|
|
|
|
|
|
if (!empty($query) || !empty($length) || !empty($tags)) {
|
|
|
|
|
$sql .= " WHERE";
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$conditions = [];
|
|
|
|
|
|
|
|
|
|
if (!empty($query)) {
|
|
|
|
|
$conditions[] = "titre LIKE '%$query%'";
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!empty($length)) {
|
|
|
|
|
$conditions[] = "duree = $length";
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!empty($tags)) {
|
|
|
|
|
$tagConditions = array_map(function ($tag) {
|
|
|
|
|
return "EXISTS (SELECT 1 FROM exercices_themes et, themes t WHERE et.exercice_id = e.id AND et.theme_id = t.id AND t.name = '$tag')";
|
|
|
|
|
}, $tags);
|
|
|
|
|
|
|
|
|
|
$conditions[] = implode(" AND ", $tagConditions);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$sql .= implode(" AND ", $conditions);
|
|
|
|
|
|
|
|
|
|
// Execute the query
|
|
|
|
|
$result = $conn->query($sql);
|
|
|
|
|
|
|
|
|
|
if (!$result) {
|
|
|
|
|
throw new Exception("Error executing search query: " . $conn->error);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$exercises = [];
|
|
|
|
|
|
|
|
|
|
while ($row = $result->fetch_assoc()) {
|
|
|
|
|
$exercises[] = $row;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$conn->close();
|
|
|
|
|
|
|
|
|
|
return $exercises;
|
2023-10-22 19:24:59 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
?>
|
