440 lines
15 KiB
PHP
440 lines
15 KiB
PHP
<?php
|
|
|
|
|
|
|
|
require $baseDir . '/../composer/vendor/autoload.php';
|
|
|
|
use Shuchkin\SimpleXLSX;
|
|
|
|
if (isset($_POST['apply_bulk_action']) ) {
|
|
if (!verify_csrf()) {
|
|
$_SESSION['form_message'] = 'Sicherheitsüberprüfung fehlgeschlagen.';
|
|
$_SESSION['form_message_type'] = 0;
|
|
} elseif ( empty($_POST['turnerin_ids']) || !is_array($_POST['turnerin_ids']) ) {
|
|
$_SESSION['form_message'] = 'Keine Turnerinnen für die Aktion ausgewählt.';
|
|
$_SESSION['form_message_type'] = 0;
|
|
} elseif (!isset($_POST['bulk_action_programm']) && !isset($_POST['bulk_action_bezahlt'])) {
|
|
$_SESSION['form_message'] = 'Kein Programm für die Massenänderung ausgewählt.';
|
|
$_SESSION['form_message_type'] = 0;
|
|
} else {
|
|
$ids_to_update = array_map('intval', $_POST['turnerin_ids'] ?? []);
|
|
$new_programm = isset($_POST['bulk_action_programm']) ? trim($_POST['bulk_action_programm']) : '';
|
|
$bezahlt_update = $_POST['bulk_action_bezahlt'] ?? null;
|
|
|
|
if (empty($ids_to_update)) {
|
|
$_SESSION['form_message'] = 'Keine Einträge ausgewählt.';
|
|
$_SESSION['form_message_type'] = 0;
|
|
header("Location: " . $_SERVER['REQUEST_URI']);
|
|
exit;
|
|
}
|
|
|
|
$set_clauses = [];
|
|
$params = [];
|
|
$types = '';
|
|
|
|
if ($new_programm !== '') {
|
|
$set_clauses[] = 'programm = ?';
|
|
$params[] = $new_programm;
|
|
$types .= 's';
|
|
}
|
|
|
|
if (in_array($bezahlt_update, ['0', '3', '4', '5'], true)) {
|
|
$set_clauses[] = 'bezahltoverride = ?';
|
|
$params[] = (int)$bezahlt_update;
|
|
$types .= 'i';
|
|
}
|
|
|
|
if (empty($set_clauses)) {
|
|
$_SESSION['form_message'] = 'Keine gültigen Änderungen gewählt.';
|
|
$_SESSION['form_message_type'] = 0;
|
|
header("Location: " . $_SERVER['REQUEST_URI']);
|
|
exit;
|
|
}
|
|
|
|
if (strlen($types) !== count($params) || count($params) !== count($set_clauses)) {
|
|
die('Type/value mismatch: ' . strlen($types) . ' vs ' . count($params));
|
|
}
|
|
|
|
/* WHERE id IN (?, ?, ...) */
|
|
$placeholders = implode(',', array_fill(0, count($ids_to_update), '?'));
|
|
$sql = "UPDATE $tableTurnerinnen SET " . implode(', ', $set_clauses) . " WHERE id IN ($placeholders)";
|
|
|
|
$stmt = $mysqli->prepare($sql);
|
|
|
|
/* add ID params */
|
|
foreach ($ids_to_update as $id) {
|
|
$params[] = $id;
|
|
$types .= 'i';
|
|
}
|
|
|
|
$stmt->bind_param($types, ...$params);
|
|
|
|
if (!$stmt->execute()) {
|
|
throw new RuntimeException('DB error: ' . $stmt->error);
|
|
}
|
|
|
|
$updated_count = $stmt->affected_rows;
|
|
|
|
$stmt->close();
|
|
|
|
if ($updated_count === -1) {
|
|
$_SESSION['form_message'] = 'Ein Fehler ist bei der Aktualisierung aufgetreten.';
|
|
$_SESSION['form_message_type'] = 0;
|
|
} elseif ($updated_count > 0) {
|
|
$_SESSION['form_message'] = $updated_count . ' Einträge erfolgreich aktualisiert.';
|
|
$_SESSION['form_message_type'] = 1;
|
|
} else {
|
|
$_SESSION['form_message'] = 'Keine Änderungen vorgenommen.';
|
|
$_SESSION['form_message_type'] = 0;
|
|
}
|
|
}
|
|
|
|
header('Location: ' . $_SERVER['REQUEST_URI']);
|
|
exit;
|
|
}
|
|
|
|
if (isset($_POST['delete_id']) && verify_csrf()) {
|
|
$delete_id = intval($_POST['delete_id']);
|
|
|
|
$stmt = $mysqli->prepare("DELETE FROM $tableTurnerinnen where id = ?");
|
|
|
|
$stmt->bind_param('i', $delete_id);
|
|
|
|
if ($stmt->execute()) {
|
|
$_SESSION['form_message'] = 'Eintrag erfolgreich gelöscht.';
|
|
$_SESSION['form_message_type'] = 1;
|
|
} else {
|
|
$_SESSION['form_message'] = 'Löschen fehlgeschlagen.';
|
|
$_SESSION['form_message_type'] = 0;
|
|
}
|
|
|
|
header("Location: ". $_SERVER['REQUEST_URI']);
|
|
exit;
|
|
}
|
|
|
|
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_FILES['xlsx_file'])) {
|
|
|
|
if ($_FILES['xlsx_file']['error'] === UPLOAD_ERR_OK) {
|
|
|
|
$tmpName = $_FILES['xlsx_file']['tmp_name'];
|
|
|
|
if (class_exists('Shuchkin\\SimpleXLSX') && $xlsx = SimpleXLSX::parse($tmpName)) {
|
|
|
|
$rows = $xlsx->rows();
|
|
|
|
$vereine_rows = db_select($mysqli, $tableVereine, 'verein', '', [], 'verein ASC');
|
|
$vereine = array_column($vereine_rows, 'verein');
|
|
|
|
if (count($rows) < 2) {
|
|
$excelMessage = '❌ Excel must have headers and at least one data row.';
|
|
} else {
|
|
$headers = array_map('trim', $rows[0]);
|
|
unset($rows[0]);
|
|
|
|
$columnMap = [
|
|
'Nachname' => 'name',
|
|
'Vorname' => 'vorname',
|
|
'Geburtsdatum' => 'geburtsdatum',
|
|
'Programm' => 'programm'
|
|
];
|
|
|
|
|
|
if ($selectedverein === 'admin') {
|
|
$columnMap['Verein'] = 'verein';
|
|
}
|
|
|
|
|
|
$columnIndexes = [];
|
|
foreach ($columnMap as $excelHeader => $dbColumn) {
|
|
$index = array_search($excelHeader, $headers);
|
|
if ($index === false) {
|
|
$excelMessage = "❌ Column '$excelHeader' not found in Excel.";
|
|
break;
|
|
}
|
|
$columnIndexes[$dbColumn] = $index;
|
|
}
|
|
|
|
if (empty($excelMessage)) {
|
|
$inserted = 0;
|
|
|
|
foreach ($rows as $row) {
|
|
if (!array_filter($row)) continue;
|
|
|
|
$data = [];
|
|
foreach ($columnIndexes as $dbCol => $i) {
|
|
$data[$dbCol] = isset($row[$i]) ? trim($row[$i]) : null;
|
|
}
|
|
|
|
if ($selectedverein !== 'admin'){
|
|
$data['verein'] = $selectedverein;
|
|
} else {
|
|
|
|
if (!in_array($data['verein'], $vereine, true)) {
|
|
$excelMessage = "❌ admin: {$data['verein']} not valid";
|
|
}
|
|
}
|
|
|
|
|
|
$raw = trim($data['geburtsdatum']);
|
|
|
|
// Try DD.MM.YYYY first
|
|
$temp = DateTime::createFromFormat('d.m.Y', $raw);
|
|
|
|
if ($temp && $temp->format('d.m.Y') === $raw) {
|
|
$data['geburtsdatum'] = $temp->format('Y-m-d');
|
|
} else {
|
|
// Fallback: if it's already YYYY-MM-DD or YYYY-MM-DD HH:MM:SS
|
|
$data['geburtsdatum'] = substr($raw, 0, 10); // take first 10 chars
|
|
}
|
|
|
|
|
|
if (!(in_array($data['programm'], $programmes)) && is_array($programmes)){
|
|
$_SESSION['form_message'] = "❌ Programm '{$data['programm']}' nicht valide bei Turnerin ".$data['name']." ".$data['vorname'].". Alle Turnereinnen nach ".$data['name']." ".$data['vorname']." wurden nicht geladen.";
|
|
$_SESSION['form_message_type'] = 0;
|
|
header('Location: '. $_SERVER['REQUEST_URI']); // Redirect to same page
|
|
exit;
|
|
}
|
|
|
|
if (!empty($tableTurnerinnen)) {
|
|
$columns = array_keys($data);
|
|
|
|
$set = implode(
|
|
', ',
|
|
array_map(fn($col) => "$col = ?", $columns)
|
|
);
|
|
|
|
$sql = "INSERT INTO $tableTurnerinnen SET $set";
|
|
|
|
$stmt = $mysqli->prepare($sql);
|
|
|
|
$types = str_repeat('s', count($data));
|
|
$values = array_values($data);
|
|
|
|
$stmt->bind_param($types, ...$values);
|
|
|
|
if (!$stmt->execute()) {
|
|
echo 'DB error: ' . $stmt->error;
|
|
}
|
|
|
|
$stmt->close();
|
|
|
|
$inserted++;
|
|
}
|
|
}
|
|
|
|
$_SESSION['form_message'] = "✅ Erfolgreich $inserted Turnerinnen via Excel geladen.";
|
|
$_SESSION['form_message_type'] = 1;
|
|
header("Location: ". $_SERVER['REQUEST_URI']); // Redirect to same page
|
|
exit;
|
|
}
|
|
}
|
|
|
|
} else {
|
|
$parseError = SimpleXLSX::parseError();
|
|
$excelMessage = '❌ Failed to parse Excel file: ' . $parseError;
|
|
}
|
|
|
|
} else {
|
|
$excelMessage = '❌ File upload error.';
|
|
}
|
|
}
|
|
|
|
|
|
|
|
if (!empty($_FILES['music_file']['name']) && isset($_POST['music_id'])) {
|
|
echo 'ja';
|
|
$edit_id = (int) $_POST['music_id'];
|
|
$uploadedFile = $_FILES['music_file'];
|
|
|
|
// Validate actual MIME type
|
|
$finfo = finfo_open(FILEINFO_MIME_TYPE);
|
|
$mimeType = finfo_file($finfo, $uploadedFile['tmp_name']);
|
|
finfo_close($finfo);
|
|
|
|
$allowedTypes = ['audio/mpeg', 'audio/wav', 'audio/ogg'];
|
|
if (!in_array($mimeType, $allowedTypes, true)) {
|
|
die('Invalid file type.');
|
|
}
|
|
|
|
// Fetch and remove old file
|
|
$stmt = $mysqli->prepare("SELECT bodenmusik FROM $tableTurnerinnen WHERE id = ?");
|
|
$stmt->bind_param("i", $edit_id);
|
|
$stmt->execute();
|
|
$stmt->bind_result($oldurl);
|
|
$stmt->fetch();
|
|
$stmt->close();
|
|
|
|
if (!empty($oldurl) && is_file($oldurl)) unlink($oldurl);
|
|
|
|
// Ensure upload directory exists
|
|
$uploadDir = $baseDir . '/wk-musik-boden/';
|
|
if (!is_dir($uploadDir)) mkdir($uploadDir, 0755, true);
|
|
|
|
// Clean file name
|
|
$cleanName = preg_replace("/[^a-zA-Z0-9-_\.]/", "_", $uploadedFile['name']);
|
|
$filename = uniqid('music_', true) . '_' . $cleanName;
|
|
$targetPath = $uploadDir . $filename;
|
|
|
|
if (move_uploaded_file($uploadedFile['tmp_name'], $targetPath)) {
|
|
$stmt = $mysqli->prepare("UPDATE $tableTurnerinnen SET bodenmusik = ? WHERE id = ?");
|
|
$stmt->bind_param("si", $targetPath, $edit_id);
|
|
if (!$stmt->execute()) echo 'DB error: ' . $stmt->error;
|
|
$stmt->close();
|
|
} else {
|
|
die('Failed to move uploaded file.');
|
|
}
|
|
|
|
header('Location: ' . $_SERVER['REQUEST_URI']);
|
|
exit;
|
|
}
|
|
|
|
$edit_row = null;
|
|
if ($access_granted_trainer && isset($_GET['edit_id']) && is_numeric($_GET['edit_id']) && !isset($_POST['submit_turnerinnen_form'])) {
|
|
$edit_id = intval($_GET['edit_id']);
|
|
$edit_rows = db_select($mysqli, $tableTurnerinnen, "*", 'id = ?', [$edit_id]);
|
|
if (!isset($edit_rows) || !is_array($edit_rows) || count($edit_rows) !== 1){http_response_code(422); exit;}
|
|
$edit_row = $edit_rows[0];
|
|
if ($edit_row && ($edit_row['verein'] === $selectedverein || $selectedverein === 'admin')) {
|
|
$_POST['nachname'] = $edit_row['name'] ?? '';
|
|
$_POST['vorname'] = $edit_row['vorname'] ?? '';
|
|
$_POST['geburtsdatum'] = $edit_row['geburtsdatum'] ?? '';
|
|
$_POST['programm'] = $edit_row['programm'] ?? '';
|
|
$_POST['edit_id'] = $edit_id;
|
|
if ($selectedverein === 'admin'){
|
|
$_POST['verein'] = $edit_row['verein'] ?? '';
|
|
if (intval($edit_row['bezahltoverride']) !== 0) {
|
|
$_POST['bezahltoverride'] = $edit_row['bezahltoverride'] ?? '';
|
|
} else {
|
|
$_POST['bezahltoverride'] = $edit_row['bezahlt'] ?? '';
|
|
}
|
|
}
|
|
} else {
|
|
$_SESSION['form_message'] = 'Ungültiger Eintrag zum Bearbeiten.';
|
|
$_SESSION['form_message_type'] = 0;
|
|
header('Location: '. $_SERVER['REQUEST_URI']);
|
|
exit;
|
|
}
|
|
}
|
|
|
|
// === INSERT/UPDATE Handler ===
|
|
if ( $access_granted_trainer && isset($_POST['submit_turnerinnen_form']) ) {
|
|
// Check nonce
|
|
if ( !verify_csrf() ) {
|
|
$_SESSION['form_message'] = 'Sicherheitsproblem: Ungültige Formularübermittlung.';
|
|
$_SESSION['form_message_type'] = 0;
|
|
} else {
|
|
$name = htmlspecialchars( $_POST['nachname'] );
|
|
$vorname = htmlspecialchars( $_POST['vorname'] );
|
|
$geburtsdatum = trim($_POST['geburtsdatum'] );
|
|
$programm = htmlspecialchars( $_POST['programm'] );
|
|
if ($selectedverein !== 'admin'){
|
|
$verein = $selectedverein;
|
|
} else {$verein = htmlspecialchars( $_POST['verein'] ); $bezahlt = htmlspecialchars( $_POST['bezahlt'] ); }
|
|
if ( empty($name) || empty($vorname) || empty($geburtsdatum) || empty($programm)) {
|
|
$_SESSION['form_message'] = 'Bitte füllen Sie alle erforderlichen Felder aus.';
|
|
$_SESSION['form_message_type'] = 0;
|
|
} else {
|
|
|
|
$data_to_insert = [];
|
|
|
|
$data_to_insert = array(
|
|
'name' => $name,
|
|
'vorname' => $vorname,
|
|
'geburtsdatum' => $geburtsdatum,
|
|
'programm' => $programm,
|
|
'verein' => $verein,
|
|
);
|
|
|
|
|
|
$data_formats = array('%s', '%s', '%s', '%s', '%s');
|
|
|
|
if ($selectedverein === 'admin') {
|
|
$data_to_insert['bezahltoverride'] = $bezahlt;
|
|
$data_formats[] = '%d';
|
|
}
|
|
|
|
print_r($data_to_insert);
|
|
|
|
|
|
// Check if we are editing an existing entry
|
|
$is_editing = isset($_POST['edit_id']) && is_numeric($_POST['edit_id']) && $_POST['edit_id'] > 0;
|
|
|
|
if ($is_editing) {
|
|
$edit_id = intval($_POST['edit_id']);
|
|
|
|
$entries = db_select($mysqli, $tableTurnerinnen, '*', 'id = ?', [$edit_id], 'rang ASC');
|
|
|
|
$entry = $entries[0]; // since you're fetching by ID, this should return exactly one row
|
|
|
|
$columns = array_keys($data_to_insert);
|
|
|
|
$set = implode(
|
|
', ',
|
|
array_map(fn($col) => "$col = ?", $columns)
|
|
);
|
|
|
|
$sql = "UPDATE $tableTurnerinnen SET $set WHERE id = ?";
|
|
|
|
var_dump($sql);
|
|
$stmt = $mysqli->prepare($sql);
|
|
|
|
$types = str_repeat('s', count($data_to_insert)) . 'i';
|
|
$values = array_values($data_to_insert);
|
|
$values[] = $edit_id;
|
|
|
|
$stmt->bind_param($types, ...$values);
|
|
|
|
$updated = $stmt->execute();
|
|
|
|
$stmt->close();
|
|
|
|
if ($updated === false) {
|
|
error_log('DB Update Error: ' . $wpdb->last_error);
|
|
$_SESSION['form_message'] = 'Fehler beim Aktualisieren des Eintrags.';
|
|
$_SESSION['form_message_type'] = 0;
|
|
} else if ($updated === 0) {
|
|
$_SESSION['form_message'] = 'Keine Änderungen vorgenommen.';
|
|
$_SESSION['form_message_type'] = 0;
|
|
} else {
|
|
$_SESSION['form_message'] = 'Eintrag erfolgreich aktualisiert!';
|
|
$_SESSION['form_message_type'] = 1;
|
|
$_POST = [];
|
|
header('Location: ' . strtok($_SERVER['REQUEST_URI'], '?'));
|
|
exit;
|
|
}
|
|
} else {
|
|
|
|
$columns = array_keys($data_to_insert);
|
|
|
|
$set = implode(
|
|
', ',
|
|
array_map(fn($col) => "$col = ?", $columns)
|
|
);
|
|
|
|
$sql = "INSERT INTO $tableTurnerinnen SET $set";
|
|
|
|
$stmt = $mysqli->prepare($sql);
|
|
|
|
$types = str_repeat('s', count($data_to_insert));
|
|
$values = array_values($data_to_insert);
|
|
|
|
$stmt->bind_param($types, ...$values);
|
|
|
|
$inserted = $stmt->execute();
|
|
|
|
$stmt->close();
|
|
|
|
|
|
if ( $inserted ) {
|
|
$_SESSION['form_message'] = 'Daten erfolgreich gespeichert!';
|
|
$_SESSION['form_message_type'] = 1;
|
|
header('Location: ' . strtok($_SERVER['REQUEST_URI'], '?'));
|
|
exit;
|
|
} else {
|
|
$_SESSION['form_message'] = 'Fehler beim Speichern der Daten. Bitte versuchen Sie es später erneut.';
|
|
$_SESSION['form_message_type'] = 0;
|
|
}
|
|
}
|
|
}
|
|
}
|
|
} |