File: /var/www/vhosts/creativefellows.nl/kika.creativefellows.nl/src/Cassette/Controller.php
<?php
namespace Cassette;
use PHPMailer\PHPMailer\PHPMailer;
use PHPMailer\PHPMailer\Exception;
class Controller{
function __construct($container,$user_id = null)
{
$this->db = $container->get('db');
$this->router = $container->get('router');
$this->view = $container->get('renderer');
$this->settings = $container->get('settings');
$this->user_id = $user_id;
}
public function errorPage($request, $response, $args)
{
// return the page
return $this->view->render($response, "view.error.php", array(
"config" => $this->settings,
"router" => $this->router
));
}
public function subscribePage($request, $response, $args)
{
// return the page
return $this->view->render($response, "view.subscribe.php", array(
"config" => $this->settings,
"router" => $this->router
));
}
public function postUser($request, $response, $args)
{
/*
* Get post data
*/
$postData = $request->getParsedBody();
//d($postData);
// value of bet
$email = $postData['email'];
$phone = $postData['phone'];
$saldo = 0;//$postData['saldo'];
// check email
$email_exists = $this->userExists($email);
// email bestaat al in DB
if($email_exists == true)
{
$request = $request->withAttribute('feedback','E-mailadres bestaat al');
return $this->loginPage($request,$response);
}
// insert new permissions
$sth = $this->db->prepare("INSERT INTO users (email,phone,saldo) VALUES (:email, :phone, :saldo)");
$sth->execute(array(
"email" => $email,
"phone" => $phone,
"saldo" => $saldo
));
// send email
$mailed = $this->sendEmailConfirmation( $email );
$request = $request->withAttribute('feedback','Bevestigingsemail verstuurd');
return $this->loginPage($request,$response);
}
private function userExists($email)
{
$sth = $this->db->prepare("SELECT count(*) as user_count FROM users WHERE email = :email");
$sth->execute([
"email" => $email
]);
$data = $sth->fetch();
return $data["user_count"] > 0 ? true : false;
}
private function sendEmailConfirmation($email_addr)
{
$email = new PHPMailer();
$email->isHTML(true);
// subject
$email->Subject = $this->settings["email_subject"];
// from user
$email->setFrom($this->settings["email_from"]);
// reply to
$email->addReplyTo($this->settings["email_from"]);
// hidden copy to sender
$email->addBCC($this->settings["email_from"]);
// to user
$email->addAddress($email_addr);
$email->Body = '<p>Hallo,</p>
<p>Leuk dat je mee wilt spelen met Kika Roulette, je kan nu direct <a href="http://kika.creativefellows.nl/" target="_blank">inloggen</a> met je email en telefoonnummer.</p>
<p>Het speelsaldo waarmee je wilt spelen kan je betalen via een Tikkie met de onderstaande link:</p>
<p><a href="https://tikkie.me/pay/if5ashinbfk8o5560bk7" target="_blank">https://tikkie.me/pay/if5ashinbfk8o5560bk7</a></p>
<p>Zodra het Tikkie is betaald zullen wij je speelsaldo activeren. Doordat wij je saldo handmatig moeten activeren kan het soms wat langer duren voordat je kunt spelen. </p>
<p>Wil je je speelsaldo verhogen dan kun je dezelfde Tikkie gebruiken!</p>
<p>Voor vragen stuur een email naar <a href="mailto:kikaroulette@xs4all.nl">kikaroulette@xs4all.nl</a></p>
<p>Veel plezier<br />
Leonie</p>';
if( $email->send() ) return true;
else return false;
}
public function viewUsers($request, $response, $args)
{
// return the page
return $this->view->render($response, "view.users.php", array(
"config" => $this->settings,
"router" => $this->router,
"users" => $this->getUsers()
));
}
private function getUsers()
{
$sth = $this->db->prepare("SELECT * FROM users WHERE admin = 0 ORDER BY email");
$sth->execute();
return $sth->fetchAll();
}
private function getUser($userid)
{
$sth = $this->db->prepare("SELECT * FROM users WHERE user_id = :userid");
$sth->execute([
"userid" => $userid
]);
return $sth->fetch();
}
public function viewUser($request, $response, $args)
{
// return the page
return $this->view->render($response, "view.user_edit.php", array(
"config" => $this->settings,
"router" => $this->router,
"user" => $this->getUser($args["id"])
));
}
public function patchuser($request, $response, $args)
{
/*
* Get post data
*/
$postData = $request->getParsedBody();
$user_id = $args['id'];
$email = $postData['email'];
$phone = $postData['phone'];
$saldo = $postData['saldo'];
$sth = $this->db->prepare("UPDATE users SET email = :email, phone = :phone, saldo = :saldo WHERE user_id = :userid"
);
$sth->execute(array(
"email" => $email,
"phone" => $phone,
"saldo" => $saldo,
"userid" => $user_id
));
return $response->withRedirect( $this->router->pathFor('viewuser',["id" => $user_id]) );
}
/*
* View page
*/
public function loginPage($request, $response)
{
// return the page
return $this->view->render($response, "view.login-register.php", array(
"config" => $this->settings,
"router" => $this->router,
'feedback' => $request->getAttribute('feedback')
));
}
public function gamePage($request, $response, $args)
{
// return the page
return $this->view->render($response, "view.mygames.php", array(
"config" => $this->settings,
"router" => $this->router,
"games" => $this->getGames(),
"new_games" => $this->getOpenGames($args["id"]),
"user" => $this->getUser($this->getUserId())
));
}
private function getGames()
{
$sth = $this->db->prepare("SELECT * FROM game_users LEFT JOIN games on game_users.game_id = games.game_id WHERE user_id = :userid AND closed = 0");
$sth->execute(array(
"userid" => $this->getUserId(),
));
// query results
return $sth->fetchAll();
}
private function getOpenGames()
{
// get all games
$sth = $this->db->prepare("SELECT * FROM games WHERE closed = 0");
$sth->execute();
$games = [];
while($row = $sth->fetch()){
// get max users
$max_users = $row["users"];
$user_in_games = $this->userInGame($row["game_id"]);
//$user_count_in_game = $this->userCountInGame($row["game_id"],$max_users);
if($user_in_games === false ) $games[] = $row; // && $user_count_in_game == false
}
return $games;
}
private function userInGame($game_id)
{
// get all games
$sth = $this->db->prepare("SELECT * FROM game_users WHERE game_id = :gameid AND user_id = :userid");
$sth->execute([
"gameid" => $game_id,
"userid" => $this->getUserId()
]);
return ($sth->rowCount() == 1) ? true : false;
}
private function userCountInGame($game_id,$max_users)
{
$sth = $this->db->prepare("SELECT count(*) AS user_count FROM game_users WHERE game_id = :gameid");
$sth->execute([
"gameid" => $game_id,
]);
$data = $sth->fetch();
return $data["user_count"] < $max_users ? false : true;
}
public function viewGame($request, $response, $args)
{
//die("here");
// return the page
return $this->view->render($response, "view.game.php", array(
"config" => $this->settings,
"router" => $this->router,
"game" => $this->getGame($args["id"]),
"bets" => $this->getGameBets($args["game_user_id"]),
"all_bets" => $this->getAllGameBets($args["id"]),
));
}
public function startNewGame($request, $response, $args)
{
$user_has_bet = $this->isUserInGame($args["id"]);
"bets=".$user_has_bet;
// only bets once in a game
if($user_has_bet != 0){
return $this->view->render($response, "view.play_once.php", array(
"config" => $this->settings,
"router" => $this->router
));
}
// return the page
return $this->view->render($response, "view.game.php", array(
"config" => $this->settings,
"router" => $this->router,
"game" => $this->getGame($args["id"]),
"bets" => [],
"all_bets" => $this->getAllGameBets($args["id"]),
));
}
private function isUserInGame($game_id)
{
$sth = $this->db->prepare("SELECT count(*) as count FROM game_users WHERE game_id = :game_id AND user_id = :userid");
$sth->execute(array(
"game_id" => $game_id,
"userid" => $this->getUserId()
));
// query results
return $sth->fetch()["count"];
}
/*
* Get bets on game
*/
private function getGameBets($game_user_id)
{
$sth = $this->db->prepare("SELECT * FROM game_users WHERE game_user_id = :game_user_id AND user_id = :userid");
$sth->execute(array(
"game_user_id" => $game_user_id,
"userid" => $this->getUserId()
));
// query results
return $sth->fetch();
}
private function getAllGameBets($game_id)
{
$sth = $this->db->prepare("SELECT bet FROM game_users WHERE game_id = :game_id");
$sth->execute(array(
"game_id" => $game_id
));
$bets = [];
while($row = $sth->fetch()) {
$bets[] = $row["bet"];
}
return $bets;
}
private function getGame($id)
{
$sth = $this->db->prepare("SELECT * FROM games WHERE game_id = :gameid");
$sth->execute(array(
"gameid" => $id
));
// query results
return $sth->fetch();
}
private function getUserId()
{
return $this->user_id;
}
/*
* place a new bet
*/
public function placeBet($request, $response, $args)
{
/*
* Get post data
*/
$postData = $request->getParsedBody();
// value of bet
$bet_value = $postData['bet'];
// game id
$game_id = $args["id"];
// bet amount
$bet_amount = $postData["amount"];
// insert in DB
$post_bet = $this->postBet($game_id,$bet_value,$bet_amount);
if($post_bet) return $response->withRedirect($this->router->pathFor('viewgame',["game_user_id" => $post_bet,"id" => $game_id]));
else return $response->withRedirect($this->router->pathFor('geensaldo'));
}
private function postBet($game_id,$bet_value,$bet_amount){
// update user saldo
$can_play = $this->patchUserSaldo($bet_amount);
// user has saldo to play with
if($can_play === true){
// insert new bet
$sth = $this->db->prepare("INSERT INTO game_users (user_id,game_id,bet) VALUES (:userid, :gameid, :bet)");
$sth->execute(array(
"userid" => $this->getUserId(),
"gameid" => $game_id,
"bet" => $bet_value
));
return $this->db->lastInsertId();
}
else return false;
}
public function setGameStatus($request, $response, $args)
{
/*
* Get post data
*/
$postData = $request->getParsedBody();
$guid = $postData['gameuserid'];
$sth = $this->db->prepare("UPDATE game_users SET has_played = 1 WHERE game_user_id = :gameuserid");
$sth->execute(array(
"gameuserid" => $guid
));
return $response->withStatus(200);//->write( );
}
private function patchUserSaldo($bet_amount)
{
// get current saldo
$sth = $this->db->prepare("SELECT * FROM users WHERE user_id = :userid");
$sth->execute(array(
"userid" => $this->getUserId()
));
$data = $sth->fetch();
$saldo = $data["saldo"];
// new saldo
$new_saldo = $saldo - $bet_amount;
if($new_saldo >= 0){
$sth = $this->db->prepare("UPDATE users SET saldo = :saldo WHERE user_id = :user_id");
$sth->execute(array(
"saldo" => $new_saldo,
"user_id" => $this->getUserId()
));
return true;
}
return false;
}
public function newGame($request, $response, $args)
{
// return the page
return $this->view->render($response, "view.new.php", array(
"config" => $this->settings,
"router" => $this->router
));
}
public function postGame($request, $response, $args)
{
/*
* Get post data
*/
$postData = $request->getParsedBody();
//d($postData);
// value of bet
$name = $postData['name'];
$description = $postData['description'];
$users = $postData['users'];
$bet = $postData['bet'];
$result = $postData['number'];
// insert new permissions
$sth = $this->db->prepare("INSERT INTO games (name,description,users,amount,result) VALUES (:name, :description, :users,:bet,:result)");
$sth->execute(array(
"name" => $name,
"description" => $description,
"users" => $users,
"bet" => $bet,
"result" => $result
));
return $response->withRedirect($this->router->pathFor('admin'));
}
/*
* admin functions
*/
public function admin($request, $response, $args)
{
if($_SESSION['admin'] != 1) return $response->withHeader('Location',$this->router->pathFor('gamepage'));
// return the page
return $this->view->render($response, "view.admin.php", array(
"config" => $this->settings,
"router" => $this->router,
"games" => $this->getAdminGames()
));
}
private function getAdminGames()
{
$sth = $this->db->prepare("SELECT games.* FROM games LEFT JOIN game_users ON games.game_id = game_users.game_id WHERE name IS NOT NULL GROUP BY games.game_id");
$sth->execute();
$games = [];
while($row = $sth->fetch()) {
$data = $row;
$data["count"] = $this->getUserCount($row["game_id"]);
$games[] = $data;
}
return $games;
}
private function getUserCount($game_id)
{
$sth = $this->db->prepare("SELECT count(*) as count FROM game_users WHERE game_id = :gameid");
$sth->execute(array(
"gameid" => $game_id
));
// query results
$data = $sth->fetch();
return $data["count"];
}
public function viewGameDetails($request, $response, $args)
{
// return the page
return $this->view->render($response, "view.admin_game.php", array(
"config" => $this->settings,
"router" => $this->router,
"game" => $this->getGame($args["id"]),
"users" => $this->getGameUsers($args["id"]),
));
}
private function getGameUsers($game_id)
{
$sth = $this->db->prepare("SELECT * FROM game_users LEFT JOIN users ON game_users.user_id = users.user_id WHERE game_id = :gameid");
$sth->execute(array(
"gameid" => $game_id
));
// query results
return $sth->fetchAll();
}
public function patchGame($request, $response, $args)
{
/*
* Get post data
*/
$postData = $request->getParsedBody();
// value of bet
$game_id = $args['id'];
$name = $postData['name'];
$description = $postData['description'];
$users = $postData['users'];
$number = $postData['number'];
$amount = $postData['bet'];
$closed = $postData['closed'];
$sth = $this->db->prepare(
"UPDATE games
SET
name = :name,
description = :description,
users = :users,
result = :result,
amount = :amount,
closed = :closed
WHERE
game_id = :game_id"
);
$sth->execute(array(
"name" => $name,
"description" => $description,
"users" => $users,
"result" => $number,
"game_id" => $game_id,
"amount" => $amount,
"closed" => $closed
));
return $response->withRedirect($this->router->pathFor('admin'));
}
/*
* Login
*/
public function login($request,$response)
{
/*
* Get post data
*/
$postData = $request->getParsedBody();
/*
* Verify post login data
*/
$user = $this->getLogin($postData['username'],$postData['password']);
/*
* Login failed
*/
if (empty($user))
{
return $this->failedLogin($request,$response);
}
/*
* Login hash
*/
$_SESSION['session_id'] = $user;
if($_SESSION['admin'] == 1){
return $response->withHeader('Location',$this->router->pathFor('admin'));
}
/*
* Redirect to gamepage
*/
return $response->withHeader('Location',$this->router->pathFor('gamepage'));
}
private function getLogin($username,$password)
{
$sth = $this->db->prepare("SELECT * FROM users WHERE email = :email AND phone = :password");
$sth->execute(array(
"email" => $username,
"password" => $password
));
// query results
$user_data = $sth->fetch();
// login is ok
if($sth->rowCount() == 1)
{
$_SESSION['user_id'] = $user_data["user_id"];
$_SESSION['admin'] = $user_data["admin"];
$user_browser = $_SERVER['HTTP_USER_AGENT'];
$login_str = hash('sha512',$password . $user_browser);
$this->user_id = $user_data["user_id"];
return $login_str;
}
else return;
}
private function failedLogin($request,$response)
{
// Clear the session data
$_SESSION['session_id'] = null;
$_SESSION['user_id'] = null;
$_SESSION['role'] = null;
$attempts = $request->getAttribute('loginAttemps');
// Set error to response
$request = $request->withAttribute('loginError','Inloggen mislukt');
$request = $request->withAttribute('loginAttemps',$attempts);
// return the login view
return $this->loginPage($request,$response);
}
}
?>