Integrated selective viewing for competitions

TODO.md

@@ -0,0 +1,41 @@
+1. Admin
+     - accounts
+       - famat.php L2: this
+       - import-account.php L48: bad
+     - bubbles
+       - createPDF.php L77: Implement team selection
+       - createPDF.php L144: make better
+     - competitions
+       - compTracker.php L136: Make this better, this is really, really bad!
+       - compTracker.php L181: Move functions out
+       - compTracker.php L197: I REALLY don't like this! I REALLY DON'T!!!
+       - compTracker.php L223: Do it right
+       - helper.php L59: Integrate "Comptition Fee" (not a generic payment) so that it is either paid or not
+     - reports
+       - comp-checkoff.php L54: Although this is admin only, make more secure
+       - comp-checkoff.php L89: make function
+       - comp-checkoff.php L91: make not bad
+2. custom
+     - update background.png
+3. docs
+     - update DOCS
+4. img
+5. shared
+     - accounts.php L9: implement into codebase
+     - accounts.php L273: comp info update (student and >=officer)
+     - accounts.php L286: Rethink end of school year
+     - accounts.php L299: implement getDivision function
+     - competitions.php L115: enumerate possibilities
+     - snippets.php L57: Reconsider placement (might need to move higher up in call list; ASK: "Should it be handled here?")
+     - snippets.php L199: use `second` parameter??
+     - sql.php L15: Lord, the <i>security</i>
+     - transactions.php L3: implement into codebase
+     - transactions.php L57: review
+6. student
+     - info.php L13: don't use $_POST['select-id']
+     - info.php L77: This is bad and ugly and makes me want to cry. I hate my old code :(
+     - transactions.php L130: fix
+7. favicon.ico
+     - update icon
+8. index.php
+     - create a homepage

account/login.php

@@ -11,7 +11,8 @@
 	try {
 		$cycle_and_email_result = cycleLoginCode($_POST['id']);
 	} catch (\PHPMailer\PHPMailer\Exception $e) {
-	}  // TODO: error message
+		$error_message = "Eror: Unable to process cycle login. " . $e->getMessage();
+	}
 else if (isset($_POST['login'])) {
 	if (getAccountDetail('login', 'code', $_POST['id']) == strtoupper($_POST['code'])) {
 		$_SESSION['id'] = $_POST['id']; // Login (session)
@@ -36,9 +37,7 @@
 <div style="display: flex; justify-content: center; align-items: center; height: 85vh;">
     <div style="display: inline-block; background: rgba(255, 255, 255, 0.65); padding: 5px; border-radius: 10px;">
         <div style="display: inline-block; background: #e3e9ff; padding: 4px; border-radius: 10px;">
-			<?php
-			calendar();
-			?>
+		<!-- INSERT IFRAME HERE -->
         </div>
     </div>
 

admin/accounts/delete.php

@@ -42,8 +42,6 @@
 personSelectForm();
 personSelect();
 ?><br>
-
-    <!--    TODO: fix styling   -->
     <form method="post" style="margin: 6px;">
         <fieldset class="filled border">
             <legend>Account Information</legend>

admin/competitions/CUD.php

@@ -1,65 +1,82 @@
 <?php
 
-function createCompetition($comp_name, $start_date, $end_date, $payment_id, $show_forms, $show_bus, $show_room, $comp_desc): bool
+function createCompetition($comp_name, $start_date, $end_date, $payment_id, $show_forms, $show_bus, $show_room, $comp_desc, $hidden): bool
 {
-	require_once $_SERVER['DOCUMENT_ROOT'] . "/shared/sql.php";
-	$sql_conn = getDBConn();
+    require_once $_SERVER['DOCUMENT_ROOT'] . "/shared/sql.php";
+    $sql_conn = getDBConn();
 
-	$create_competition_stmt = $sql_conn->prepare(
-		"INSERT INTO competitions (competition_name, start_date, end_date, payment_id, show_forms, show_bus, show_room, description)
-			   VALUES (?, ?, ?, ?, ?, ?, ?, ?)");
+    $create_competition_stmt = $sql_conn->prepare(
+        "INSERT INTO competitions (competition_name, start_date, end_date, payment_id, show_forms, show_bus, show_room, description, hidden)
+               VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)"
+    );
 
-	if (empty($payment_id))
-		$payment_id = null;
-	$create_competition_stmt->bind_param('ssssiiis',
-		$comp_name, $start_date, $end_date, $payment_id,
-		$show_forms, $show_bus, $show_room,
-		$comp_desc);
+    if (empty($payment_id))
+        $payment_id = null;
+    $create_competition_stmt->bind_param('ssssiiisi',
+        $comp_name, $start_date, $end_date, $payment_id,
+        $show_forms, $show_bus, $show_room,
+        $comp_desc, $hidden
+    );
 
-	return $create_competition_stmt->execute() && $sql_conn->close();
+    return $create_competition_stmt->execute() && $sql_conn->close();
 }
 
-function updateCompetition($comp_name, $start_date, $end_date, $payment_id, $show_forms, $show_bus, $show_room, $comp_desc): bool
+function updateCompetition($comp_name, $start_date, $end_date, $payment_id, $show_forms, $show_bus, $show_room, $comp_desc, $hidden): bool
 {
-	require_once $_SERVER['DOCUMENT_ROOT'] . "/shared/sql.php";
-	$sql_conn = getDBConn();
-
-	$update_competition_stmt = $sql_conn->prepare(
-		"UPDATE competitions SET start_date = ?, end_date = ?, payment_id = ?, show_forms = ?, show_bus = ?, show_room = ?, description = ?
-			   WHERE competition_name = ?");
-
-	if (empty($payment_id))
-		$payment_id = null;
-	$update_competition_stmt->bind_param('sssiiiss',
-		$start_date, $end_date, $payment_id,
-		$show_forms, $show_bus, $show_room,
-		$comp_desc,
-		$comp_name);
-
-	return $update_competition_stmt->execute() && $sql_conn->close();
+    require_once $_SERVER['DOCUMENT_ROOT'] . "/shared/sql.php";
+    $sql_conn = getDBConn();
+
+    $update_competition_stmt = $sql_conn->prepare(
+        "UPDATE competitions SET start_date = ?, end_date = ?, payment_id = ?, show_forms = ?, show_bus = ?, show_room = ?, description = ?, hidden = ?
+               WHERE competition_name = ?"
+    );
+
+    if (empty($payment_id))
+        $payment_id = null;
+    $update_competition_stmt->bind_param('sssiiissi',
+        $start_date, $end_date, $payment_id,
+        $show_forms, $show_bus, $show_room,
+        $comp_desc, $hidden,
+        $comp_name
+    );
+
+    return $update_competition_stmt->execute() && $sql_conn->close();
 }
 
-// Deletes corresponding competitions and transactions
-function deleteCompetition($comp_name): bool
+function hideCompetition($comp_name): bool
 {
-	require_once $_SERVER['DOCUMENT_ROOT'] . "/shared/sql.php";
-	$sql_conn = getDBConn();
-
-	// Competition
-	$delete_comp_stmt = $sql_conn->prepare("DELETE FROM competitions WHERE competition_name = ?");
-	$delete_comp_stmt->bind_param('s', $comp_name);
-	$result_comp = $delete_comp_stmt->execute();
-
-	// Competition Data
-	$delete_comp_data_stmt = $sql_conn->prepare("DELETE FROM competition_data WHERE competition_name = ?");
-	$delete_comp_data_stmt->bind_param('s', $comp_name);
-	$result_comp_data = $delete_comp_data_stmt->execute();
-
-	// Competition Selections
-	$delete_comp_selections_stmt = $sql_conn->prepare("DELETE FROM competition_selections WHERE competition_name = ?");
-	$delete_comp_selections_stmt->bind_param('s', $comp_name);
-	$result_comp_selections = $delete_comp_selections_stmt->execute();
-
-	$sql_conn->close();
-	return ($result_comp && $result_comp_data && $result_comp_selections);
+    require_once $_SERVER['DOCUMENT_ROOT'] . "/shared/sql.php";
+    $sql_conn = getDBConn();
+
+    // Update hidden attribute
+    $hide_comp_stmt = $sql_conn->prepare("UPDATE competitions SET hidden = 1 WHERE competition_name = ?");
+    $hide_comp_stmt->bind_param('s', $comp_name);
+    $result_comp = $hide_comp_stmt->execute();
+
+    $sql_conn->close();
+    return $result_comp;
 }
+
+function deleteCompetition($comp_name): bool
+{
+    require_once $_SERVER['DOCUMENT_ROOT'] . "/shared/sql.php";
+    $sql_conn = getDBConn();
+
+    // Competition
+    $delete_comp_stmt = $sql_conn->prepare("DELETE FROM competitions WHERE competition_name = ?");
+    $delete_comp_stmt->bind_param('s', $comp_name);
+    $result_comp = $delete_comp_stmt->execute();
+
+    // Competition Data
+    $delete_comp_data_stmt = $sql_conn->prepare("DELETE FROM competition_data WHERE competition_name = ?");
+    $delete_comp_data_stmt->bind_param('s', $comp_name);
+    $result_comp_data = $delete_comp_data_stmt->execute();
+
+    // Competition Selections
+    $delete_comp_selections_stmt = $sql_conn->prepare("DELETE FROM competition_selections WHERE competition_name = ?");
+    $delete_comp_selections_stmt->bind_param('s', $comp_name);
+    $result_comp_selections = $delete_comp_selections_stmt->execute();
+
+    $sql_conn->close();
+    return ($result_comp && $result_comp_data && $result_comp_selections);
+}