34352-vm/submit_score.php

<?php
require_once 'db/config.php';

if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
    http_response_code(405);
    die('Method Not Allowed');
}

// Handle score update from edit_score.php
if (isset($_POST['action']) && $_POST['action'] === 'update') {
    session_start();
    // TODO: Add role-based authentication check here.
    // For example, check if $_SESSION['user_role'] is 'admin' or 'coach'.
    // if (!isset($_SESSION['user_role']) || !in_array($_SESSION['user_role'], ['admin', 'coach'])) {
    //     die('Access denied. You do not have permission to edit scores.');
    // }

    $score_id = $_POST['score_id'] ?? null;
    $scores = $_POST['scores'] ?? [];

    if (!$score_id || empty($scores)) {
        die('Invalid data for update.');
    }

    try {
        $pdo = db();

        // Get course and existing score details
        $stmt = $pdo->prepare('SELECT course_id, holes_played FROM scores WHERE id = ?');
        $stmt->execute([$score_id]);
        $score_info = $stmt->fetch();

        if (!$score_info) {
            die('Score not found.');
        }

        $stmt = $pdo->prepare('SELECT * FROM courses WHERE id = ?');
        $stmt->execute([$score_info['course_id']]);
        $course = $stmt->fetch();

        $total_score = 0;
        $total_par = 0;
        $update_sql_parts = [];
        $params = [];

        for ($i = 1; $i <= $score_info['holes_played']; $i++) {
            $hole_score = $scores[$i] ?? 0;
            $total_score += $hole_score;
            $total_par += $course['par_hole_' . $i];
            $update_sql_parts[] = "hole_{$i}_score = :hole_{$i}_score";
            $params[":hole_{$i}_score"] = $hole_score;
        }

        $total_to_par = $total_score - $total_par;

        $sql = "UPDATE scores SET total_score = :total_score, total_to_par = :total_to_par, " . implode(', ', $update_sql_parts) . " WHERE id = :score_id";
        $params[':total_score'] = $total_score;
        $params[':total_to_par'] = $total_to_par;
        $params[':score_id'] = $score_id;

        $stmt = $pdo->prepare($sql);
        $stmt->execute($params);

        header('Location: results.php?course_id=' . $score_info['course_id']);
        exit;

    } catch (PDOException $e) {
        die("Database error: " . $e->getMessage());
    }
}

// Existing logic for new score submission (API-style)
$data = json_decode(file_get_contents('php://input'), true);

if (!$data) {
    http_response_code(400);
    echo json_encode(['error' => 'Invalid data']);
    exit;
}

$required_fields = ['playerId', 'courseId', 'holes', 'scores'];
foreach ($required_fields as $field) {
    if (empty($data[$field])) {
        http_response_code(400);
        echo json_encode(['error' => "Missing required field: {$field}"]);
        exit;
    }
}

try {
    $pdo = db();

    $stmt = $pdo->prepare("SELECT name, team_id FROM players WHERE id = ?");
    $stmt->execute([$data['playerId']]);
    $player = $stmt->fetch();

    if (!$player) {
        http_response_code(404);
        echo json_encode(['error' => 'Player not found']);
        exit;
    }

    $team_id = $player['team_id'];
    $player_name = $player['name'];

    $stmt = $pdo->prepare("SELECT name FROM teams WHERE id = ?");
    $stmt->execute([$team_id]);
    $team = $stmt->fetch();

    if (!$team) {
        http_response_code(404);
        echo json_encode(['error' => 'Team not found']);
        exit;
    }

    $team_name = $team['name'];

    $sql = "INSERT INTO scores (player_id, team_id, course_id, holes_played, total_score, total_to_par";
    $params = [
        ':player_id' => $data['playerId'],
        ':team_id' => $team_id,
        ':course_id' => $data['courseId'],
        ':holes_played' => $data['holes'],
        ':total_score' => $data['totalScore'],
        ':total_to_par' => $data['totalToPar']
    ];

    for ($i = 1; $i <= $data['holes']; $i++) {
        $sql .= ", hole_{$i}_score";
        $params[":hole_{$i}_score"] = $data['scores']["hole{$i}_score"] ?? null;
    }

    $sql .= ") VALUES (" . implode(', ', array_keys($params)) . ")";

    $stmt = $pdo->prepare($sql);
    $stmt->execute($params);

    http_response_code(201);
    echo json_encode(['success' => 'Score submitted successfully']);

} catch (PDOException $e) {
    http_response_code(500);
    echo json_encode(['error' => 'Database error: ' . $e->getMessage()]);
}