$_POST['accord'] == "on"
)
{
- mysql_query("BEGIN TRANSACTION");
- mysql_query("
+ pg_query("BEGIN");
+
+ // Cherche un id libre.
+ // Pour des questions de sécurité, les ids ne sont pas générés sequentiellement
+ // car ils sont mémorisé dans un cookie et permette l'authentification.
+ $id = 0;
+ do
+ {
+ $id = rand(1, PHP_INT_MAX);
+ $row = pg_fetch_row(pg_query_params("SELECT count(*) FROM participants WHERE id = $1", array($id)));
+ } while ($row[0] != 0);
+
+ pg_query_params("
INSERT INTO participants
- (pseudo, password, clan_nom, clan_tag, nom, prenom, age, e_mail, remarques)
- VALUES (
- '".addslashes($_POST['pseudo'])."',
- '".addslashes($_POST['pass1'])."',
- '".addslashes($_POST['clan_nom'])."',
- '".addslashes($_POST['clan_tag'])."',
- '".addslashes($_POST['nom'])."',
- '".addslashes($_POST['prenom'])."',
- '".addslashes($_POST['age'])."',
- '".addslashes($_POST['e_mail'])."',
- '".addslashes($_POST['remarques'])."'
- )"
+ (id, pseudo, password, clan_nom, clan_tag, nom, prenom, age, e_mail, remarques)
+ VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10)
+ ",
+ array(
+ $id,
+ $_POST['pseudo'],
+ $_POST['pass1'],
+ $_POST['clan_nom'],
+ $_POST['clan_tag'],
+ $_POST['nom'],
+ $_POST['prenom'],
+ $_POST['age'],
+ $_POST['e_mail'],
+ $_POST['remarques'],
+ )
);
- $id = mysql_insert_id();
+
$this->set_periodes($id);
- mysql_query("COMMIT");
+ pg_query("COMMIT");
$this->participant = new participant($_POST['pseudo'], $_POST['pass1']);
setcookie("COOKIE_INFO_PARTICIPANT", $this->participant->info->id, time() + 31104000);
}
}
# un participant modifie ses infos
- else if(isset($_POST['modification_participant']) && $this->participant->valide)
+ else if(isset($_POST['modification_participant']) && $this->participant->existe())
{
if ($this->config->get("inscription_terminees"))
return;
$this->traiter_donnees_inscription();
if (!$this->login_deja_pris() && $this->donnees_inscription_valides())
{
- mysql_query("BEGIN TRANSACTION");
- mysql_query("UPDATE participants SET pseudo = '".addslashes($_POST['pseudo'])."' WHERE id = " . $this->participant->info->id);
- mysql_query("UPDATE participants SET password = '".addslashes($_POST['pass1'])."' WHERE id = " . $this->participant->info->id);
- mysql_query("UPDATE participants SET clan_nom = '".addslashes($_POST['clan_nom'])."' WHERE id = " . $this->participant->info->id);
- mysql_query("UPDATE participants SET clan_tag = '".addslashes($_POST['clan_tag'])."' WHERE id = " . $this->participant->info->id);
- mysql_query("UPDATE participants SET nom = '".addslashes($_POST['nom'])."' WHERE id = " . $this->participant->info->id);
- mysql_query("UPDATE participants SET prenom = '".addslashes($_POST['prenom'])."' WHERE id = " . $this->participant->info->id);
- mysql_query("UPDATE participants SET age = '".addslashes($_POST['age'])."' WHERE id = " . $this->participant->info->id);
- mysql_query("UPDATE participants SET e_mail = '".addslashes($_POST['e_mail'])."' WHERE id = " . $this->participant->info->id);
- mysql_query("UPDATE participants SET remarques = '".addslashes($_POST['remarques'])."' WHERE id = " . $this->participant->info->id);
+ pg_query("BEGIN");
+ pg_query_params("UPDATE participants SET pseudo = $1 WHERE id = $2", array($_POST['pseudo'], $this->participant->info->id));
+ pg_query_params("UPDATE participants SET password = $1 WHERE id = $2", array($_POST['pass1'], $this->participant->info->id));
+ pg_query_params("UPDATE participants SET clan_nom = $1 WHERE id = $2", array($_POST['clan_nom'], $this->participant->info->id));
+ pg_query_params("UPDATE participants SET clan_tag = $1 WHERE id = $2", array($_POST['clan_tag'], $this->participant->info->id));
+ pg_query_params("UPDATE participants SET nom = $1 WHERE id = $2", array($_POST['nom'], $this->participant->info->id));
+ pg_query_params("UPDATE participants SET prenom = $1 WHERE id = $2", array($_POST['prenom'], $this->participant->info->id));
+ pg_query_params("UPDATE participants SET age = $1 WHERE id = $2", array($_POST['age'], $this->participant->info->id));
+ pg_query_params("UPDATE participants SET e_mail = $1 WHERE id = $2", array($_POST['e_mail'], $this->participant->info->id));
+ pg_query_params("UPDATE participants SET remarques = $1 WHERE id = $2", array($_POST['remarques'], $this->participant->info->id));
$this->set_periodes($this->participant->info->id);
- mysql_query("COMMIT");
+ pg_query("COMMIT");
//header("Location: /inscrits.html");
$this->message_utilisateur = "Les modifications ont été enregistrées";
- $page = "inscrits"; // TODO : moche car la page ne va plus correspondre à l'url
+
+ // Puisque les données du participant ont changés il faut les re-charger.
+ $this->participant->chargerInfos();
}
}
# vote pour des jeux (autorisé même lorsque les inscriptions sont terminées)
- else if (isset($_POST['set_jeux_joues']) && $this->participant->valide)
+ else if (isset($_POST['set_jeux_joues']) && $this->participant->existe())
{
$votes = $_POST['votes'];
if (!$votes)
$votes = array();
- mysql_query("BEGIN TRANSACTION");
+ pg_query("BEGIN");
# l'utilisateur peut proposer le nom d'un jeu qui ne se trouve pas dans la liste
$jeu = trim($_POST['jeu']);
if ($jeu !== '')
{
- mysql_query("INSERT INTO jeux (nom) VALUES ('".addslashes($jeu)."')");
- $id = mysql_insert_id();
- if ($id != 0) # si le jeu se trouve déjà dans la liste alors $id == 0
- array_unshift($votes, $id);
+ if(@pg_query_params("INSERT INTO jeux (nom) VALUES ($1)", array($jeu)))
+ {
+ $row = pg_fetch_row(pg_query("SELECT LASTVAL()"));
+ $id = $row[0];
+ if ($id != 0) # si le jeu se trouve déjà dans la liste alors $id == 0
+ array_unshift($votes, $id);
+ }
+ else # Puisque le jeu existe déjà, on le recherche
+ {
+ pg_query("ROLLBACK");
+ pg_query("BEGIN");
+ $res = pg_query_params("SELECT id FROM jeux WHERE nom = $1", array($jeu));
+ if ($id = pg_fetch_object($res))
+ array_unshift($votes, $id->id);
+ }
}
# suppression des anciens votes (remplacement par les nouveaux)
- mysql_query("DELETE FROM jeux_choisis WHERE participant_id = " . $this->participant->info->id);
+ pg_query_params("DELETE FROM jeux_choisis WHERE participant_id = $1", array($this->participant->info->id));
# traite les trois premiers votes
for ($i = 0; $i < count($votes) && $i < $this->config->get('nb_votes_jeux'); $i++)
{
- mysql_query("INSERT INTO jeux_choisis (participant_id, jeu_id) VALUES (".$this->participant->info->id.", ".(int)$votes[$i].")");
+ pg_query_params("INSERT INTO jeux_choisis (participant_id, jeu_id) VALUES ($1, $2)", array($this->participant->info->id, (int)$votes[$i]));
}
- mysql_query("COMMIT");
+ pg_query("COMMIT");
}
}
private function login_deja_pris()
{
- if ($this->participant->valide && strtolower($this->participant->info->pseudo) === strtolower($_POST['pseudo'])) // le pseudo n'a pas changé
+ if ($this->participant->existe() && strtolower($this->participant->info->pseudo) === strtolower($_POST['pseudo'])) // le pseudo n'a pas changé
return FALSE;
- $loginDejaPris = mysql_fetch_array(mysql_query("SELECT count(*) FROM participants WHERE pseudo = '".addslashes($_POST['pseudo'])."'"));
+ $loginDejaPris = pg_fetch_array(pg_query_params("SELECT count(*) FROM participants WHERE pseudo = $1", array($_POST['pseudo'])));
if ($loginDejaPris[0] > 0)
{
$this->message_utilisateur = "Le pseudo '".$_POST["pseudo"]."' est déjà pris";
if (!$periodes)
$periodes = array();
- mysql_query("DELETE FROM participations WHERE participant_id = " . (int)$id);
+ pg_query_params("DELETE FROM participations WHERE participant_id = $1", array($id));
for ($i = 0; $i < count($periodes); $i++)
{
- mysql_query("
+ pg_query_params("
INSERT INTO participations (participant_id, periode_id)
- VALUES (".$id.", ".(int)$periodes[$i].")
- ");
+ VALUES ($1, $2)", array($id, $periodes[$i])
+ );
}
}
}