First version, for githup; UNSTABLE, DO NOT USE!

2026-04-12 21:25:44 +02:00
commit a51fd9dbeb
423 changed files with 58560 additions and 0 deletions
--- a/scripts/trainer/post-handler.php
+++ b/scripts/trainer/post-handler.php
@@ -0,0 +1,440 @@
+<?php
+
+
+
+require $baseDir . '/../composer/vendor/autoload.php';
+
+use Shuchkin\SimpleXLSX;
+
+if (isset($_POST['apply_bulk_action']) ) {
+    if (!verify_csrf()) {
+        $_SESSION['form_message'] = 'Sicherheitsüberprüfung fehlgeschlagen.';
+        $_SESSION['form_message_type'] = 0;
+    } elseif ( empty($_POST['turnerin_ids']) || !is_array($_POST['turnerin_ids']) ) {
+        $_SESSION['form_message'] = 'Keine Turnerinnen für die Aktion ausgewählt.';
+        $_SESSION['form_message_type'] = 0;
+    } elseif (!isset($_POST['bulk_action_programm']) && !isset($_POST['bulk_action_bezahlt'])) {
+        $_SESSION['form_message'] = 'Kein Programm für die Massenänderung ausgewählt.';
+        $_SESSION['form_message_type'] = 0;
+    } else {
+        $ids_to_update = array_map('intval', $_POST['turnerin_ids'] ?? []);
+        $new_programm = isset($_POST['bulk_action_programm']) ? trim($_POST['bulk_action_programm']) : '';
+        $bezahlt_update = $_POST['bulk_action_bezahlt'] ?? null;
+
+        if (empty($ids_to_update)) {
+            $_SESSION['form_message'] = 'Keine Einträge ausgewählt.';
+            $_SESSION['form_message_type'] = 0;
+            header("Location: " . $_SERVER['REQUEST_URI']);
+            exit;
+        }
+
+        $set_clauses = [];
+        $params = [];
+        $types = '';
+
+        if ($new_programm !== '') {
+            $set_clauses[] = 'programm = ?';
+            $params[] = $new_programm;
+            $types .= 's';
+        }
+
+        if (in_array($bezahlt_update, ['0', '3', '4', '5'], true)) {
+            $set_clauses[] = 'bezahltoverride = ?';
+            $params[] = (int)$bezahlt_update;
+            $types .= 'i';
+        }
+
+        if (empty($set_clauses)) {
+            $_SESSION['form_message'] = 'Keine gültigen Änderungen gewählt.';
+            $_SESSION['form_message_type'] = 0;
+            header("Location: " . $_SERVER['REQUEST_URI']);
+            exit;
+        }
+
+        if (strlen($types) !== count($params) || count($params) !== count($set_clauses)) {
+            die('Type/value mismatch: ' . strlen($types) . ' vs ' . count($params));
+        }
+
+        /* WHERE id IN (?, ?, ...) */
+        $placeholders = implode(',', array_fill(0, count($ids_to_update), '?'));
+        $sql = "UPDATE $tableTurnerinnen SET " . implode(', ', $set_clauses) . " WHERE id IN ($placeholders)";
+
+        $stmt = $mysqli->prepare($sql);
+
+        /* add ID params */
+        foreach ($ids_to_update as $id) {
+            $params[] = $id;
+            $types .= 'i';
+        }
+
+        $stmt->bind_param($types, ...$params);
+
+        if (!$stmt->execute()) {
+            throw new RuntimeException('DB error: ' . $stmt->error);
+        }
+
+        $updated_count = $stmt->affected_rows;
+
+        $stmt->close();
+
+        if ($updated_count === -1) {
+            $_SESSION['form_message'] = 'Ein Fehler ist bei der Aktualisierung aufgetreten.';
+            $_SESSION['form_message_type'] = 0;
+        } elseif ($updated_count > 0) {
+            $_SESSION['form_message'] = $updated_count . ' Einträge erfolgreich aktualisiert.';
+            $_SESSION['form_message_type'] = 1;
+        } else {
+            $_SESSION['form_message'] = 'Keine Änderungen vorgenommen.';
+            $_SESSION['form_message_type'] = 0;
+        }
+    }
+
+    header('Location: ' . $_SERVER['REQUEST_URI']);
+    exit; 
+}
+
+if (isset($_POST['delete_id']) && verify_csrf()) {
+    $delete_id = intval($_POST['delete_id']);
+
+    $stmt = $mysqli->prepare("DELETE FROM $tableTurnerinnen where id = ?");
+
+    $stmt->bind_param('i', $delete_id);
+    
+    if ($stmt->execute()) {
+        $_SESSION['form_message'] = 'Eintrag erfolgreich gelöscht.';
+        $_SESSION['form_message_type'] = 1;
+    } else {
+        $_SESSION['form_message'] = 'Löschen fehlgeschlagen.';
+        $_SESSION['form_message_type'] = 0;
+    }
+
+    header("Location: ". $_SERVER['REQUEST_URI']);
+    exit;
+}	
+
+if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_FILES['xlsx_file'])) {
+
+    if ($_FILES['xlsx_file']['error'] === UPLOAD_ERR_OK) {
+
+    $tmpName = $_FILES['xlsx_file']['tmp_name'];
+
+    if (class_exists('Shuchkin\\SimpleXLSX') && $xlsx = SimpleXLSX::parse($tmpName)) {
+
+        $rows = $xlsx->rows();
+
+        $vereine_rows = db_select($mysqli, $tableVereine, 'verein', '', [], 'verein ASC');
+        $vereine = array_column($vereine_rows, 'verein');
+
+        if (count($rows) < 2) {
+        $excelMessage = '❌ Excel must have headers and at least one data row.';
+        } else {
+        $headers = array_map('trim', $rows[0]);
+        unset($rows[0]);
+
+        $columnMap = [
+            'Nachname' => 'name',
+            'Vorname'  => 'vorname',
+            'Geburtsdatum' => 'geburtsdatum',
+            'Programm' => 'programm'
+        ];
+        
+
+        if ($selectedverein === 'admin') {
+            $columnMap['Verein'] = 'verein';
+        }
+        
+
+        $columnIndexes = [];
+        foreach ($columnMap as $excelHeader => $dbColumn) {
+            $index = array_search($excelHeader, $headers);
+            if ($index === false) {
+            $excelMessage = "❌ Column '$excelHeader' not found in Excel.";
+            break;
+            }
+            $columnIndexes[$dbColumn] = $index;
+        }
+
+        if (empty($excelMessage)) {
+            $inserted = 0;
+
+            foreach ($rows as $row) {
+            if (!array_filter($row)) continue;
+
+            $data = [];
+            foreach ($columnIndexes as $dbCol => $i) {
+                $data[$dbCol] = isset($row[$i]) ? trim($row[$i]) : null;
+            }
+            
+            if ($selectedverein !== 'admin'){
+                $data['verein'] = $selectedverein;
+            } else {
+
+                if (!in_array($data['verein'], $vereine, true)) {
+                $excelMessage = "❌ admin: {$data['verein']} not valid";
+                }
+            }
+                    
+            
+            $raw = trim($data['geburtsdatum']);
+
+            // Try DD.MM.YYYY first
+            $temp = DateTime::createFromFormat('d.m.Y', $raw);
+
+            if ($temp && $temp->format('d.m.Y') === $raw) {
+                $data['geburtsdatum'] = $temp->format('Y-m-d');
+            } else {
+                // Fallback: if it's already YYYY-MM-DD or YYYY-MM-DD HH:MM:SS
+                $data['geburtsdatum'] = substr($raw, 0, 10); // take first 10 chars
+            }
+            
+            
+            if (!(in_array($data['programm'], $programmes)) && is_array($programmes)){
+                $_SESSION['form_message'] = "❌ Programm '{$data['programm']}' nicht valide bei Turnerin ".$data['name']." ".$data['vorname'].". Alle Turnereinnen nach ".$data['name']." ".$data['vorname']." wurden nicht geladen.";
+                $_SESSION['form_message_type'] = 0;
+                header('Location: '. $_SERVER['REQUEST_URI']); // Redirect to same page
+                exit;
+            }
+
+            if (!empty($tableTurnerinnen)) {
+                $columns = array_keys($data);
+
+                $set = implode(
+                    ', ',
+                    array_map(fn($col) => "$col = ?", $columns)
+                );
+
+                $sql = "INSERT INTO $tableTurnerinnen SET $set";
+
+                $stmt = $mysqli->prepare($sql);
+
+                $types  = str_repeat('s', count($data));
+                $values = array_values($data);
+
+                $stmt->bind_param($types, ...$values);
+
+                if (!$stmt->execute()) {
+                    echo 'DB error: ' . $stmt->error;
+                }
+
+                $stmt->close();
+
+                $inserted++;
+            }
+            }
+            
+            $_SESSION['form_message'] = "✅ Erfolgreich $inserted Turnerinnen via Excel geladen.";
+            $_SESSION['form_message_type'] = 1;
+            header("Location: ". $_SERVER['REQUEST_URI']); // Redirect to same page
+            exit;
+        }
+        }
+
+    } else {
+        $parseError = SimpleXLSX::parseError();
+        $excelMessage = '❌ Failed to parse Excel file: ' . $parseError;
+    }
+
+    } else {
+    $excelMessage = '❌ File upload error.';
+    }
+}
+
+
+        
+if (!empty($_FILES['music_file']['name']) && isset($_POST['music_id'])) {
+    echo 'ja';
+    $edit_id = (int) $_POST['music_id'];
+    $uploadedFile = $_FILES['music_file'];
+
+    // Validate actual MIME type
+    $finfo = finfo_open(FILEINFO_MIME_TYPE);
+    $mimeType = finfo_file($finfo, $uploadedFile['tmp_name']);
+    finfo_close($finfo);
+
+    $allowedTypes = ['audio/mpeg', 'audio/wav', 'audio/ogg'];
+    if (!in_array($mimeType, $allowedTypes, true)) {
+        die('Invalid file type.');
+    }
+
+    // Fetch and remove old file
+    $stmt = $mysqli->prepare("SELECT bodenmusik FROM $tableTurnerinnen WHERE id = ?");
+    $stmt->bind_param("i", $edit_id);
+    $stmt->execute();
+    $stmt->bind_result($oldurl);
+    $stmt->fetch();
+    $stmt->close();
+
+    if (!empty($oldurl) && is_file($oldurl)) unlink($oldurl);
+
+    // Ensure upload directory exists
+    $uploadDir = $baseDir . '/wk-musik-boden/';
+    if (!is_dir($uploadDir)) mkdir($uploadDir, 0755, true);
+
+    // Clean file name
+    $cleanName = preg_replace("/[^a-zA-Z0-9-_\.]/", "_", $uploadedFile['name']);
+    $filename = uniqid('music_', true) . '_' . $cleanName;
+    $targetPath = $uploadDir . $filename;
+
+    if (move_uploaded_file($uploadedFile['tmp_name'], $targetPath)) {
+        $stmt = $mysqli->prepare("UPDATE $tableTurnerinnen SET bodenmusik = ? WHERE id = ?");
+        $stmt->bind_param("si", $targetPath, $edit_id);
+        if (!$stmt->execute()) echo 'DB error: ' . $stmt->error;
+        $stmt->close();
+    } else {
+        die('Failed to move uploaded file.');
+    }
+
+    header('Location: ' . $_SERVER['REQUEST_URI']);
+    exit;
+}
+
+$edit_row = null;
+if ($access_granted_trainer && isset($_GET['edit_id']) && is_numeric($_GET['edit_id']) && !isset($_POST['submit_turnerinnen_form'])) {
+    $edit_id = intval($_GET['edit_id']);
+    $edit_rows = db_select($mysqli, $tableTurnerinnen, "*", 'id = ?', [$edit_id]);
+    if (!isset($edit_rows) || !is_array($edit_rows) || count($edit_rows) !== 1){http_response_code(422); exit;}
+    $edit_row = $edit_rows[0];
+    if ($edit_row && ($edit_row['verein'] === $selectedverein || $selectedverein === 'admin')) {
+        $_POST['nachname'] = $edit_row['name'] ?? '';
+        $_POST['vorname'] = $edit_row['vorname'] ?? '';
+        $_POST['geburtsdatum'] = $edit_row['geburtsdatum'] ?? '';
+        $_POST['programm'] = $edit_row['programm'] ?? '';
+        $_POST['edit_id'] = $edit_id;
+        if ($selectedverein === 'admin'){
+            $_POST['verein'] = $edit_row['verein'] ?? '';
+            if (intval($edit_row['bezahltoverride']) !== 0) {
+                $_POST['bezahltoverride'] = $edit_row['bezahltoverride'] ?? '';
+            } else {
+                $_POST['bezahltoverride'] = $edit_row['bezahlt'] ?? '';
+            }
+        }
+    } else {
+        $_SESSION['form_message'] = 'Ungültiger Eintrag zum Bearbeiten.';
+        $_SESSION['form_message_type'] = 0;
+        header('Location: '. $_SERVER['REQUEST_URI']);
+        exit;
+    }
+}
+
+// === INSERT/UPDATE Handler ===
+if ( $access_granted_trainer && isset($_POST['submit_turnerinnen_form']) ) {
+    // Check nonce
+    if ( !verify_csrf() ) {
+        $_SESSION['form_message'] = 'Sicherheitsproblem: Ungültige Formularübermittlung.';
+        $_SESSION['form_message_type'] = 0;
+    } else {
+        $name     = htmlspecialchars( $_POST['nachname'] );
+        $vorname  = htmlspecialchars( $_POST['vorname'] );
+        $geburtsdatum = trim($_POST['geburtsdatum'] );
+        $programm = htmlspecialchars( $_POST['programm'] );
+        if ($selectedverein !== 'admin'){
+            $verein   = $selectedverein;
+        } else {$verein = htmlspecialchars( $_POST['verein'] ); $bezahlt = htmlspecialchars( $_POST['bezahlt'] ); }
+        if ( empty($name) || empty($vorname) || empty($geburtsdatum) || empty($programm)) {
+            $_SESSION['form_message'] = 'Bitte füllen Sie alle erforderlichen Felder aus.';
+            $_SESSION['form_message_type'] = 0;
+        } else {
+
+            $data_to_insert = [];
+            
+            $data_to_insert = array(
+                'name'     => $name,
+                'vorname'  => $vorname,
+                'geburtsdatum' => $geburtsdatum,
+                'programm' => $programm,
+                'verein'   => $verein,
+            );
+            
+
+            $data_formats = array('%s', '%s', '%s', '%s', '%s');
+
+            if ($selectedverein === 'admin') {
+                $data_to_insert['bezahltoverride'] = $bezahlt;
+                $data_formats[] = '%d';
+            }
+
+            print_r($data_to_insert);
+
+
+            // Check if we are editing an existing entry
+            $is_editing = isset($_POST['edit_id']) && is_numeric($_POST['edit_id']) && $_POST['edit_id'] > 0;
+            
+            if ($is_editing) {
+                $edit_id = intval($_POST['edit_id']);
+
+                $entries = db_select($mysqli, $tableTurnerinnen, '*', 'id = ?', [$edit_id], 'rang ASC');
+
+                $entry = $entries[0]; // since you're fetching by ID, this should return exactly one row
+
+                $columns = array_keys($data_to_insert);
+
+                $set = implode(
+                    ', ',
+                    array_map(fn($col) => "$col = ?", $columns)
+                );
+
+                $sql = "UPDATE $tableTurnerinnen SET $set WHERE id = ?";
+
+                var_dump($sql);
+                $stmt = $mysqli->prepare($sql);
+
+                $types = str_repeat('s', count($data_to_insert)) . 'i';
+                $values = array_values($data_to_insert);
+                $values[] = $edit_id;
+
+                $stmt->bind_param($types, ...$values);
+
+                $updated = $stmt->execute();
+
+                $stmt->close();
+
+                if ($updated === false) {
+                    error_log('DB Update Error: ' . $wpdb->last_error);
+                    $_SESSION['form_message'] = 'Fehler beim Aktualisieren des Eintrags.';
+                    $_SESSION['form_message_type'] = 0;
+                } else if ($updated === 0) {
+                    $_SESSION['form_message'] = 'Keine Änderungen vorgenommen.';
+                    $_SESSION['form_message_type'] = 0;
+                } else {
+                    $_SESSION['form_message'] = 'Eintrag erfolgreich aktualisiert!';
+                    $_SESSION['form_message_type'] = 1;
+                    $_POST = [];
+                    header('Location: ' . strtok($_SERVER['REQUEST_URI'], '?'));
+                    exit;
+                }
+            } else {
+
+                $columns = array_keys($data_to_insert);
+
+                $set = implode(
+                    ', ',
+                    array_map(fn($col) => "$col = ?", $columns)
+                );
+
+                $sql = "INSERT INTO $tableTurnerinnen SET $set";               
+
+                $stmt = $mysqli->prepare($sql);
+
+                $types  = str_repeat('s', count($data_to_insert));
+                $values = array_values($data_to_insert);
+
+                $stmt->bind_param($types, ...$values);
+
+                $inserted = $stmt->execute();
+
+                $stmt->close();
+
+
+                if ( $inserted ) {
+                    $_SESSION['form_message'] = 'Daten erfolgreich gespeichert!';
+                    $_SESSION['form_message_type'] = 1;
+                    header('Location: ' . strtok($_SERVER['REQUEST_URI'], '?'));
+                    exit;
+                } else {
+                    $_SESSION['form_message'] = 'Fehler beim Speichern der Daten. Bitte versuchen Sie es später erneut.';
+                    $_SESSION['form_message_type'] = 0;
+                }
+            }
+        }
+    }
+}