SESSION_TIMEOUT) {
// Timeout expired
session_unset();
session_destroy();
session_start();
$_SESSION['timeout_message'] = 'Session expired due to inactivity. Please log in again.';
} else {
$_SESSION['last_activity'] = time();
}
}
// CSRF token generation and validation
function generate_csrf_token() {
if (empty($_SESSION['csrf_token'])) {
$_SESSION['csrf_token'] = bin2hex(random_bytes(32));
}
return $_SESSION['csrf_token'];
}
function validate_csrf_token($token) {
return isset($_SESSION['csrf_token']) && hash_equals($_SESSION['csrf_token'], $token);
}
// Available markets
$markets = [
'hongkongpools' => 'Hongkongpools',
];
// Determine selected market from GET or POST, default to hongkongpools
$selected_market = 'hongkongpools';
if (isset($_GET['market']) && array_key_exists(strtolower($_GET['market']), $markets)) {
$selected_market = strtolower($_GET['market']);
} elseif (isset($_POST['market']) && array_key_exists(strtolower($_POST['market']), $markets)) {
$selected_market = strtolower($_POST['market']);
}
// Path to JSON file for selected market
$data_file = __DIR__ . '/' . $selected_market . '.json';
// Messages
$login_error = '';
$login_success = '';
$form_error = '';
$form_success = '';
$timeout_message = $_SESSION['timeout_message'] ?? '';
unset($_SESSION['timeout_message']);
// Handle logout
if (isset($_GET['action']) && $_GET['action'] === 'logout') {
session_unset();
session_destroy();
header('Location: ' . strtok($_SERVER["REQUEST_URI"], '?'));
exit;
}
// Handle login form submission
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['login_password'])) {
if ($_SESSION['login_attempts'] >= MAX_LOGIN_ATTEMPTS) {
$login_error = 'Maximum login attempts exceeded. Please try again later.';
} else {
$password = $_POST['login_password'];
if (password_verify($password, PASSWORD_HASH)) {
// Successful login
session_regenerate_id(true);
$_SESSION['logged_in'] = true;
$_SESSION['last_activity'] = time();
$_SESSION['login_attempts'] = 0;
$login_success = 'Login successful. You can now update lottery results.';
// Redirect to avoid form resubmission
header('Location: ' . strtok($_SERVER["REQUEST_URI"], '?'));
exit;
} else {
$_SESSION['login_attempts']++;
$login_error = 'Incorrect password. Attempts left: ' . (MAX_LOGIN_ATTEMPTS - $_SESSION['login_attempts']);
}
}
}
// Check if logged in
$logged_in = $_SESSION['logged_in'] ?? false;
// Handle form submission for updating results
if ($_SERVER['REQUEST_METHOD'] === 'POST' && $logged_in && isset($_POST['update_results'])) {
// Validate CSRF token
if (!validate_csrf_token($_POST['csrf_token'] ?? '')) {
$form_error = 'Invalid CSRF token. Please refresh the page and try again.';
} else {
// Sanitize and validate inputs
$first_prize = trim($_POST['first_prize'] ?? '');
$second_prize = trim($_POST['second_prize'] ?? '');
$third_prize = trim($_POST['third_prize'] ?? '');
$starter_prizes = $_POST['starter_prizes'] ?? [];
$consolation_prizes = $_POST['consolation_prizes'] ?? [];
// Basic validation: all fields required, starter_prizes count 4, consolation_prizes count 8
$errors = [];
if ($first_prize === '') $errors[] = 'First prize is required.';
if ($second_prize === '') $errors[] = 'Second prize is required.';
if ($third_prize === '') $errors[] = 'Third prize is required.';
if (!is_array($starter_prizes) || count($starter_prizes) !== 4) $errors[] = 'Starter prizes must have 4 entries.';
if (!is_array($consolation_prizes) || count($consolation_prizes) !== 8) $errors[] = 'Consolation prizes must have 8 entries.';
// Trim and check each starter prize
foreach ($starter_prizes as $i => $val) {
$starter_prizes[$i] = trim($val);
if ($starter_prizes[$i] === '') {
$errors[] = 'Starter prize #' . ($i + 1) . ' is required.';
}
}
// Trim and check each consolation prize
foreach ($consolation_prizes as $i => $val) {
$consolation_prizes[$i] = trim($val);
if ($consolation_prizes[$i] === '') {
$errors[] = 'Consolation prize #' . ($i + 1) . ' is required.';
}
}
if (empty($errors)) {
// Prepare data array
$data = [
'first_prize' => $first_prize,
'second_prize' => $second_prize,
'third_prize' => $third_prize,
'starter_prizes' => $starter_prizes,
'consolation_prizes' => $consolation_prizes,
'updated_at' => date('c'),
];
// Save to JSON file
$json_data = json_encode($data, JSON_PRETTY_PRINT | JSON_UNESCAPED_UNICODE);
if (file_put_contents($data_file, $json_data) !== false) {
$form_success = 'Lottery results updated successfully for ' . e($markets[$selected_market]) . '.';
} else {
$form_error = 'Failed to save data. Please check file permissions.';
}
} else {
$form_error = implode(' ', $errors);
}
}
}
// Load existing data if available
$existing_data = null;
if (file_exists($data_file)) {
$json_content = file_get_contents($data_file);
$decoded = json_decode($json_content, true);
if (is_array($decoded)) {
$existing_data = $decoded;
}
}
// Prepare values for form fields (prefer POST data on error, else existing data, else empty)
function get_post_or_existing($key, $index = null) {
global $existing_data;
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
if ($index === null) {
return $_POST[$key] ?? '';
} else {
return $_POST[$key][$index] ?? '';
}
} elseif ($existing_data !== null) {
if ($index === null) {
return $existing_data[$key] ?? '';
} else {
return $existing_data[$key][$index] ?? '';
}
}
return '';
}
?>
Update Lottery Results -