sixfold/app.sixfold.org
1
0
Fork 0
Code Activity
app.sixfold.org/www/games/update.php
Ainsley Ellis 074c9cbad9 In medias res
2024-11-14 04:30:20 -05:00

370 lines
14 KiB
PHP
Raw Blame History

<?php
if (!LOGGED_IN) {
$title = "Log In";
$description = "Log in to update your existing submission for this vote.";
http_response_code(401);
}
if (LOGGED_IN && isset($_GET["game"])) {
$sql = "SELECT * FROM submissions
WHERE game_id = :game_id AND member_id = :member_id";
$stmt = $db["data"]->prepare($sql);
$stmt->execute([
"game_id" => $_GET["game"],
"member_id" => $_SESSION["account"]->id,
]);
$submission = $stmt->fetch(PDO::FETCH_OBJ);
if (!$submission) {
http_response_code(303);
header("Location: /games/" . $_GET["game"]);
die();
}
$sql = "SELECT id, name, status_id FROM games
WHERE id = :id";
$stmt = $db["data"]->prepare($sql);
$stmt->execute([
"id" => $_GET["game"],
]);
$game = $stmt->fetch(PDO::FETCH_OBJ);
define("GAME_IS_OPEN", $game->status_id === STATUS_ENROLLING);
$title = "Update: {$game->name}";
$description = "Update your submission for the " . $game->name . " vote.";
}
if ($_SERVER["REQUEST_METHOD"] === "POST"):
define("NEW_MANUSCRIPT", $_POST["keep-manuscript"] === "0");
define("EXISTING_MANUSCRIPT", $_POST["keep-manuscript"] === "1");
define(
"RULES_WERE_FOLLOWED",
isset($_POST["agree-toc"]) &&
$_POST["agree-toc"] === "1" &&
(isset($_POST["agree-guidelines"]) &&
$_POST["agree-guidelines"] === "1")
);
define("FILE_EMPTY", $_FILES["manuscript"]["size"] === 0);
define("FILE_TOO_BIG", $_FILES["manuscript"]["size"] > UPLOAD_MAX_FILESIZE);
$stmt = $db["data"]->prepare("SELECT id FROM games WHERE id = :id");
$stmt->execute([
"id" => $_GET["game"],
]);
$errors = [];
if (!$stmt->fetch(PDO::FETCH_COLUMN)) {
$errors["game"] = "The chosen game doesn't exist.";
}
if (GAME_IS_OPEN && NEW_MANUSCRIPT && !RULES_WERE_FOLLOWED) {
$errors["agreements"] =
"Please accept the Terms & Conditions and the Submission Guidelines.";
}
if (GAME_IS_OPEN && NEW_MANUSCRIPT && FILE_EMPTY) {
$errors["filesize"] = "A file upload is required.";
} elseif (NEW_MANUSCRIPT && FILE_TOO_BIG) {
$errors["filesize"] = "Your document is too large.";
} elseif (GAME_IS_OPEN && NEW_MANUSCRIPT) {
$finfo = finfo_open(FILEINFO_MIME_TYPE);
$mime_type = finfo_file($finfo, $_FILES["manuscript"]["tmp_name"]);
finfo_close($finfo);
$PROPER_MIMETYPE = $mime_type === "application/pdf";
}
if (isset($PROPER_MIMETYPE) && !$PROPER_MIMETYPE) {
$errors["mimetype"] = "Only PDF submissions are allowed.";
}
if (GAME_IS_OPEN && (!isset($_POST["title"]) || !trim($_POST["title"]))) {
$errors["title"] = "Please enter a title.";
}
if (GAME_IS_OPEN && !isset($_SESSION["account"])) {
$errors["account"] =
"We can't upload a document without knowing which account it belongs to.";
}
if (GAME_IS_OPEN && !isset($_POST["tx-id"])) {
$errors["payment"] = "You must submit a payment.";
}
if (count($errors) > 0) {
http_response_code(400);
define(
"HAS_FILE_ERRORS",
isset($errors["filesize"]) || isset($errors["mimetype"])
);
if (NEW_MANUSCRIPT && !HAS_FILE_ERRORS) {
$errors["upload"] =
"Fix all other errors and choose your file again.";
}
} else {
$params = [
"submission_id" => $submission->id,
"title" => $_POST["title"],
"doc_is_public" => isset($_POST["public-doc"]) ? 1 : 0,
"name_is_public" => isset($_POST["public-name"]) ? 1 : 0,
];
if (GAME_IS_OPEN && NEW_MANUSCRIPT) {
$basename =
md5(microtime() . $game->id . $_SESSION["account"]->id) .
".pdf";
$hash = md5(
$_SESSION["account"]->id . $game->id . microtime() . "salt"
);
$file_destination = sprintf(
"%s/%s/%s",
DIRECTORY_DOCS,
$game->id,
$basename
);
try {
$file_moved = move_uploaded_file(
$_FILES["manuscript"]["tmp_name"],
$file_destination
);
if ($file_moved) {
$stmt = $db["data"]->prepare(
"SELECT basename FROM submissions WHERE id = :submission_id"
);
$stmt->execute([
"submission_id" => $submission->id,
]);
$old_manuscript = sprintf(
"%s/%s/%s",
DIRECTORY_DOCS,
$game->id,
$stmt->fetch(PDO::FETCH_COLUMN)
);
unlink($old_manuscript);
$stmt = $db["data"]
->prepare("UPDATE submissions SET (title, basename, hash, doc_is_public, name_is_public, created_at)
= (:title, :basename, :hash, :doc_is_public, :name_is_public, :created_at) WHERE id = :submission_id");
$params["basename"] = $basename;
$params["hash"] = $hash;
$params["created_at"] = date("Y-m-d\TH:i:s\Z");
$stmt->execute($params);
http_response_code(303);
header("Location: /games/" . $_GET["game"]);
}
} catch (Exception $e) {
var_dump($e);
http_response_code(500);
unlink($file_destination);
$errors["upload"] =
"There was an error adding your submission to our database. Please try again.";
}
}
if (GAME_IS_OPEN && EXISTING_MANUSCRIPT) {
$stmt = $db["data"]
->prepare("UPDATE submissions SET (title, doc_is_public, name_is_public)
= (:title, :doc_is_public, :name_is_public) WHERE id = :submission_id");
$stmt->execute($params);
http_response_code(303);
header("Location: /games/" . $_GET["game"]);
}
if (!GAME_IS_OPEN) {
$stmt = $db["data"]
->prepare("UPDATE submissions SET (doc_is_public, name_is_public)
= (:doc_is_public, :name_is_public) WHERE id = :submission_id");
$stmt->execute([
"submission_id" => $submission->id,
"doc_is_public" => isset($_POST["public-doc"]) ? 1 : 0,
"name_is_public" => isset($_POST["public-name"]) ? 1 : 0,
]);
http_response_code(303);
header("Location: /games/" . $_GET["game"]);
}
}
endif;
include "partials/head.php";
?>
<body>
<?php include "partials/header.php"; ?>
<main id="main" class="flow">
<header>
<h1><?= $title ?></h1>
</header>
<?php if (!LOGGED_IN) {
include "partials/login-form.php";
} else {
if (GAME_IS_OPEN) { ?>
<p><b>If you would like to withdraw your submission, please email us at <a href="mailto:sixfold@sixfold.org?subject=Withdraw Submission: <?= $game->name ?>">sixfold@sixfold.org</a>.</b></p>
<?php } else { ?>
<p><b>This game's submissions are now locked, and you may only edit your work's public visibility.</b></p>
<?php } ?>
<div role="region" aria-labelledby="table-caption" tabindex="0">
<table>
<caption id='table-caption'>Submission Details</caption>
<thead>
<tr>
<th scope='col'>Submission ID</th>
<th scope='col'>Transaction ID</th>
<th scope='col'>Account ID</th>
</tr>
</thead>
<tbody>
<tr>
<td><?= $submission->id ?></td>
<td><?= $submission->transaction_id ?></td>
<td><?= $_SESSION["account"]->id ?></td>
</tr>
</tbody>
</table>
</div>
<?php if (
http_response_code() === 400 ||
http_response_code() === 500
) { ?>
<aside class='alert'>
<p>We found <?= count(
$errors
) ?> error(s) with your submission. Please correct the errors provided by each field.</p>
</aside>
<?php } ?>
<?php
$doc_is_public = isset($_POST["public-doc"])
? (bool) $_POST["public-doc"]
: $submission->doc_is_public;
$name_is_public = isset($_POST["public-name"])
? (bool) $_POST["public-name"]
: $submission->name_is_public;
?>
<form action="<?= $_SERVER[
"REQUEST_URI"
] ?>" method="post" enctype="multipart/form-data" class="flow">
<?php if (
isset($errors) &&
isset($errors["account"])
) { ?><p><mark><?= $errors[
"account"
] ?></mark></p><?php } ?>
<?php if (GAME_IS_OPEN) { ?>
<fieldset class="flow">
<legend>Manuscript details</legend>
<label>
<span>Title of Work</span>
<?php if (
isset($errors) &&
isset($errors["title"])
) { ?><span><mark><?= $errors[
"title"
] ?></mark></span><?php } ?>
<input type="text" name="title" value='<?= $_POST[
"title"
] ?? $submission->title ?>'/>
</label>
<input type='radio' name='keep-manuscript' id='keep-existing' value='1' <?= !isset(
$_POST["keep-manuscript"]
) ||
(isset($_POST["keep-manuscript"]) &&
$_POST["keep-manuscript"] === "1")
? "checked"
: "" ?>/><label for='keep-existing'>Keep existing manuscript</label><br/>
<input type='radio' name='keep-manuscript' id='upload-new' value='0' <?= isset(
$_POST["keep-manuscript"]
) && NEW_MANUSCRIPT
? "checked"
: "" ?>/><label for='upload-new'>Upload new manuscript</label>
<label id='manuscript'>
<span>Manuscript PDF <small>(6MB limit)</small></span>
<?php if (
isset($errors) &&
isset($errors["upload"])
) { ?><span><mark><?= $errors[
"upload"
] ?></mark></span><?php } ?>
<?php if (
isset($errors) &&
isset($errors["filesize"])
) { ?><span><mark><?= $errors[
"filesize"
] ?></mark></span><?php } ?>
<?php if (
isset($errors) &&
isset($errors["mimetype"])
) { ?><span><mark><?= $errors[
"mimetype"
] ?></mark></span><?php } ?>
<input type="file" name="manuscript" accept="application/pdf"/>
</label>
<div id='guidelines'>
<?php if (
isset($errors) &&
isset($errors["agreements"])
) { ?><span><mark><?= $errors[
"agreements"
] ?></mark></span><?php } ?>
<label>
<input type="checkbox" name="agree-toc" value="1" <?= isset(
$_POST["agree-toc"]
)
? "checked"
: "" ?>/>
<span>I agree to <i>Sixfold</i>'s <a href="/terms-and-conditions" target="_blank">terms and conditions</a></span>
</label>
<label>
<input type="checkbox" name="agree-guidelines" value="1" <?= isset(
$_POST["agree-guidelines"]
)
? "checked"
: "" ?>/>
<span>I confirm that the submitted manuscript meets the <strong></strong><a href="/how-it-works/submission-guidelines" target="_blank">submission guidelines</a></span>
</label>
</div>
</fieldset>
<?php } ?>
<fieldset>
<legend>Privacy settings</legend>
<label>
<input type="checkbox" name="public-name" value="1" <?= $name_is_public
? "checked"
: "" ?>/>
<span>Display my name in the public results</span>
</label>
<label>
<input type='checkbox' name='public-doc' value='1' <?= $doc_is_public
? "checked"
: "" ?>/>
<span>Display my document in the public results</span>
</label>
</fieldset>
<?php if (GAME_IS_OPEN) { ?>
<fieldset>
<legend>Payment</legend>
<div class="flow">
<p><b>You have already paid for this submission.</b> (Transaction ID: <?= $submission->transaction_id ?>)</p>
<input type="hidden" name="tx-id" value="<?= $submission->transaction_id ?>"/>
</fieldset>
<?php } ?>
<button type="submit">Update submission</button>
</form>
<?php
} ?>
</main>
<?php include "partials/footer.php"; ?>
View git blame Copy permalink