sixfold/app.sixfold.org
1
0
Fork 0
Code Activity
app.sixfold.org/www/games/submit.php

301 lines
12 KiB
PHP
Raw Permalink Blame History

<?php
use Enums\SubmissionStatus;
if (!LOGGED_IN) {
$title = "Log In";
$description = "Log in to enter a work into this vote.";
http_response_code(401);
}
if (LOGGED_IN && isset($_GET["game"])) {
$sql = "SELECT id FROM submissions
WHERE game_id = :game_id AND member_id = :member_id";
$stmt = $db["data"]->prepare($sql);
$stmt->execute([
"game_id" => $_GET["game"],
"member_id" => $_SESSION["account"]->id,
]);
$HAS_SUBMISSION = $stmt->fetch(PDO::FETCH_COLUMN) !== false;
$sql = "SELECT transaction_id FROM submissions
WHERE game_id = :game_id AND member_id = :member_id";
$stmt = $db["data"]->prepare($sql);
$stmt->execute([
"game_id" => $_GET["game"],
"member_id" => $_SESSION["account"]->id,
]);
$IS_PAID = $stmt->fetch(PDO::FETCH_COLUMN) !== NULL;
if ($HAS_SUBMISSION && $IS_PAID) {
http_response_code(303);
header("Location: /games/" . $_GET["game"] . "/update");
die();
}
$sql = "SELECT id, name, status_id FROM games
WHERE id = :id";
$stmt = $db["data"]->prepare($sql);
$stmt->execute([
"id" => $_GET["game"],
]);
$game = $stmt->fetch(PDO::FETCH_OBJ);
$title = "Submit: {$game->name}";
$description = "Enter a work into the " . $game->name . " vote.";
}
if ($_SERVER["REQUEST_METHOD"] === "POST"):
$stmt = $db["data"]->prepare("SELECT id FROM games WHERE id = :id");
$stmt->execute([
"id" => $_GET["game"],
]);
$game_id = $stmt->fetch(PDO::FETCH_COLUMN) ?? false;
$errors = [];
$RULES_FOLLOWED =
isset($_POST["agree-toc"]) &&
$_POST["agree-toc"] === "1" &&
(isset($_POST["agree-guidelines"]) &&
$_POST["agree-guidelines"] === "1");
if (!$RULES_FOLLOWED) {
http_response_code(400);
$errors["agreements"] =
"Please accept the Terms & Conditions and the Submission Guidelines.";
}
if ($_FILES["manuscript"]["size"] === 0) {
http_response_code(400);
$errors["filesize"] = "A file upload is required.";
} elseif ($_FILES["manuscript"]["size"] > UPLOAD_MAX_FILESIZE) {
http_response_code(400);
$errors["filesize"] = "Your document is too large.";
} else {
$finfo = finfo_open(FILEINFO_MIME_TYPE);
$mime_type = finfo_file($finfo, $_FILES["manuscript"]["tmp_name"]);
finfo_close($finfo);
$PROPER_MIMETYPE = $mime_type === "application/pdf";
}
if (isset($PROPER_MIMETYPE) && !$PROPER_MIMETYPE) {
http_response_code(400);
$errors["mimetype"] = "Only PDF submissions are allowed.";
}
if (!isset($_POST["title"]) || !trim($_POST["title"])) {
http_response_code(400);
$errors["title"] = "Please enter a title.";
}
if (!isset($_SESSION["account"]) && !isset($_SESSION["account"]->id)) {
http_response_code(500);
$errors["account"] =
"We can't upload a document without knowing which account it belongs to.";
}
if (!$game_id) {
http_response_code(400);
$errors["game"] = "The chosen game doesn't exist.";
}
if (count($errors) > 0) {
if (!isset($errors["filesize"]) && !isset($errors["mimetype"])) {
$errors["upload"] =
"Fix all other errors and choose your file again.";
}
} else {
$new_basename =
md5(microtime() . $game_id . $_SESSION["account"]->id) . ".pdf";
$lookup_hash = md5(
$_SESSION["account"]->id . $game_id . microtime() . "salt"
);
$file_destination = sprintf(
"%s/%s/%s",
DIRECTORY_DOCS,
$game_id,
$new_basename
);
try {
$file_moved = move_uploaded_file(
$_FILES["manuscript"]["tmp_name"],
$file_destination
);
if ($file_moved) {
$show_doc = isset($_POST["public-doc"]) ? 1 : 0;
$show_name = isset($_POST["public-name"]) ? 1 : 0;
$stmt = $db["data"]
->prepare("INSERT INTO submissions (member_id, game_id, title, basename, hash, doc_is_public, name_is_public, transaction_id, status, is_freeroll, created_at)
VALUES (:member_id, :game_id, :title, :basename, :hash, :doc_is_public, :name_is_public, :transaction_id, :status, :is_freeroll, :created_at)");
$stmt->execute([
"member_id" => $_SESSION["account"]->id,
"game_id" => $_GET["game"],
"title" => $_POST["title"],
"basename" => "$new_basename",
"hash" => $lookup_hash,
"doc_is_public" => $show_doc,
"name_is_public" => $show_name,
"transaction_id" => NULL,
"status" => SubmissionStatus::Pending->value,
"is_freeroll" => 0,
"created_at" => date("Y-m-d\TH:i:s\Z"),
]);
http_response_code(303);
header("Location: /games/" . $_GET["game"] . "/submit");
}
} catch (Exception $e) {
http_response_code(500);
unlink($file_destination);
$errors["upload"] =
"There was an error adding your submission to our database. Please try again.";
}
}
endif;
include "partials/head.php";
?>
<body>
<?php include "partials/header.php"; ?>
<main id="main" class="flow">
<header>
<h1><?= $title ?></h1>
</header>
<?php if (!LOGGED_IN) {
include "partials/login-form.php";
} else if (!$HAS_SUBMISSION) {
if (
http_response_code() === 400 ||
http_response_code() === 500
) { ?>
<aside class='alert'>
<p>We found <?= count(
$errors
) ?> error(s) with your submission. Please correct the errors provided by each field.</p>
</aside>
<?php } ?>
<form action="<?= $_SERVER[
"REQUEST_URI"
] ?>" method="post" enctype="multipart/form-data" class="flow">
<p><b>After submitting you work, you will be redirected to a payment page. Payment is required for inclusion in the contest.</b></p>
<?php if (
isset($errors) &&
isset($errors["account"])
) { ?><p><mark><?= $errors[
"account"
] ?></mark></p><?php } ?>
<?php if (
isset($errors) &&
isset($errors["game"])
) { ?><p><mark><?= $errors[
"game"
] ?></mark></p><?php } ?>
<fieldset class="flow">
<legend>Manuscript details</legend>
<label>
<span>Title of Work</span>
<?php if (
isset($errors) &&
isset($errors["title"])
) { ?><span><mark><?= $errors[
"title"
] ?></mark></span><?php } ?>
<input type="text" name="title" value='<?= $_POST[
"title"
] ?? "" ?>'/>
</label>
<label>
<span>Manuscript PDF <small>(6MB limit)</small></span>
<?php if (
isset($errors) &&
isset($errors["upload"])
) { ?><span><mark><?= $errors[
"upload"
] ?></mark></span><?php } ?>
<?php if (
isset($errors) &&
isset($errors["filesize"])
) { ?><span><mark><?= $errors[
"filesize"
] ?></mark></span><?php } ?>
<?php if (
isset($errors) &&
isset($errors["mimetype"])
) { ?><span><mark><?= $errors[
"mimetype"
] ?></mark></span><?php } ?>
<input type="file" name="manuscript" accept="application/pdf"/>
</label>
<div>
<?php if (
isset($errors) &&
isset($errors["agreements"])
) { ?><span><mark><?= $errors[
"agreements"
] ?></mark></span><?php } ?>
<label>
<input type="checkbox" name="agree-toc" value="1" <?= isset(
$_POST["agree-toc"]
)
? "checked"
: "" ?>/>
<span>I agree to <i>Sixfold</i>'s <a href="https://sixfold.org/terms-and-conditions" target="_blank">terms and conditions</a></span>
</label>
<label>
<input type="checkbox" name="agree-guidelines" value="1" <?= isset(
$_POST["agree-guidelines"]
)
? "checked"
: "" ?>/>
<span>I confirm that the submitted manuscript meets the <strong></strong><a href="https://sixfold.org/how-it-works/submission-guidelines" target="_blank">submission guidelines</a></span>
</label>
</div>
</fieldset>
<fieldset>
<legend>Privacy settings</legend>
<label>
<input type="checkbox" name="public-name" value="1" <?= isset(
$_POST["public-name"]
)
? "checked"
: "" ?>/>
<span>Display my name in the public results</span>
</label>
<label>
<input type="checkbox" name="public-doc" value="1" <?= isset(
$_POST["public-doc"]
)
? "checked"
: "" ?>/>
<span>Display my document in the public results</span>
</label>
</fieldset>
<button type="submit">Submit work</button>
</form>
<?php
} else if (!$IS_PAID) { ?>
<form class="flow">
<aside class="alert">
<p>Your manuscript submission has been processed.</p>
</aside>
<p><b>Payment is required for participation.</b></p>
<input type="hidden" id="game-name" value="<?= $game->name ?>" />
<input type="hidden" id="game-id" value="<?= $game->id ?>" />
<p><mark id='paypal-errors' aria-live='polite'></mark></p>
<div id="paypal-button-container"></div>
<script
src="https://www.paypal.com/sdk/js?merchant-id=LF2R8M5TKKHRL&client-id=<?= PAYPAL_CLIENT_ID ?>&currency=USD&components=buttons&enable-funding=card,venmo&disable-funding=paylater"
data-sdk-integration-source="developer-studio"></script>
<script src="/assets/js/paypal.js?ver=<?= time() ?>"></script>
</form>
<?php } ?>
</main>
<?php include "partials/footer.php"; ?>
View git blame Copy permalink