Commit 0dc3c835 authored by Mahmoud Aglan's avatar Mahmoud Aglan

fix: replace Auth::csrfField() with Auth::csrfToken() + fix org-leaderboards view mismatch

Auth::csrfField() doesn't exist — replaced all 24 occurrences across org modules
with the correct <input type="hidden" name="_csrf" value="<?= Auth::csrfToken() ?>">.
Also fixed org-leaderboards index.php which was actually the org-board view (using
$org variable that wasn't passed by the index action), renamed it to org-board.php
and created a proper index.php for global rankings. Fixed org_members column name
(user_id → player_id) in org-applications controller.
Co-Authored-By: 's avatarClaude Opus 4.6 <noreply@anthropic.com>
parent e79d4439
......@@ -16,7 +16,7 @@ $formAction = $isEdit
<div class="card max-w-lg">
<form method="POST" action="<?= $formAction ?>" enctype="multipart/form-data" data-validate>
<?= Auth::csrfField() ?>
<input type="hidden" name="_csrf" value="<?= Auth::csrfToken() ?>">
<div class="form-group">
<label class="form-label">المنظمة</label>
......
......@@ -120,12 +120,12 @@
<a href="/organizations/<?= $org['id'] ?>/announcements/<?= $ann['id'] ?>/edit" class="dropdown-item">تعديل</a>
<?php if ($ann['is_draft'] ?? true): ?>
<form method="POST" action="/organizations/<?= $org['id'] ?>/announcements/<?= $ann['id'] ?>/publish" style="margin:0;">
<?= Auth::csrfField() ?>
<input type="hidden" name="_csrf" value="<?= Auth::csrfToken() ?>">
<button type="submit" class="dropdown-item">نشر</button>
</form>
<?php else: ?>
<form method="POST" action="/organizations/<?= $org['id'] ?>/announcements/<?= $ann['id'] ?>/unpublish" style="margin:0;">
<?= Auth::csrfField() ?>
<input type="hidden" name="_csrf" value="<?= Auth::csrfToken() ?>">
<button type="submit" class="dropdown-item">إلغاء النشر</button>
</form>
<?php endif; ?>
......
......@@ -92,8 +92,7 @@ class OrgApplicationsController
// Get player's current org memberships
$playerOrgs = $this->db->select('org_members', [
'select' => '*',
'user_id' => "eq.{$application['player_id']}",
'status' => 'eq.active',
'player_id' => "eq.{$application['player_id']}",
]);
foreach ($playerOrgs as &$membership) {
$membership['organization'] = $this->db->selectOne('el3ab_organizations', ['id' => "eq.{$membership['org_id']}"]);
......@@ -146,9 +145,8 @@ class OrgApplicationsController
// Add to org_members
$this->db->insert('org_members', [
'org_id' => $application['org_id'],
'user_id' => $application['player_id'],
'player_id' => $application['player_id'],
'role' => $application['target_role'] ?? 'member',
'status' => 'active',
'joined_at' => date('c'),
]);
......@@ -244,9 +242,8 @@ class OrgApplicationsController
$this->db->insert('org_members', [
'org_id' => $application['org_id'],
'user_id' => $application['player_id'],
'player_id' => $application['player_id'],
'role' => $application['target_role'] ?? 'member',
'status' => 'active',
'joined_at' => date('c'),
]);
......
......@@ -116,7 +116,7 @@
<a href="/org-applications/<?= $app['id'] ?>" class="btn btn-ghost btn-sm">عرض</a>
<?php if (($app['status'] ?? '') === 'pending'): ?>
<form method="POST" action="/org-applications/<?= $app['id'] ?>/approve" style="display:inline;">
<?= Auth::csrfField() ?>
<input type="hidden" name="_csrf" value="<?= Auth::csrfToken() ?>">
<button type="submit" class="btn btn-success btn-sm" title="قبول">
<svg width="14" height="14" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><polyline points="20 6 9 17 4 12"/></svg>
</button>
......@@ -158,7 +158,7 @@
<button class="btn btn-icon btn-ghost" onclick="closeRejectModal()">&times;</button>
</div>
<form method="POST" id="rejectForm">
<?= Auth::csrfField() ?>
<input type="hidden" name="_csrf" value="<?= Auth::csrfToken() ?>">
<div class="form-group">
<label class="form-label">سبب الرفض *</label>
<textarea name="review_note" class="form-input" required placeholder="اكتب سبب رفض الطلب..."></textarea>
......@@ -180,7 +180,7 @@
<button class="btn btn-icon btn-ghost" onclick="closeBulkRejectModal()">&times;</button>
</div>
<form method="POST" action="/org-applications/bulk-reject" id="bulkRejectForm">
<?= Auth::csrfField() ?>
<input type="hidden" name="_csrf" value="<?= Auth::csrfToken() ?>">
<input type="hidden" name="ids" id="bulkRejectIds">
<div class="form-group">
<label class="form-label">سبب الرفض *</label>
......@@ -226,7 +226,7 @@ function bulkApprove() {
const form = document.createElement('form');
form.method = 'POST';
form.action = '/org-applications/bulk-approve';
form.innerHTML = '<?= Auth::csrfField() ?>';
form.innerHTML = '<input type="hidden" name="_csrf" value="<?= Auth::csrfToken() ?>">';
ids.forEach(id => {
const input = document.createElement('input');
input.type = 'hidden';
......
......@@ -161,7 +161,7 @@
<div class="card">
<div class="card-header"><h3 class="card-title">قبول الطلب</h3></div>
<form method="POST" action="/org-applications/<?= $application['id'] ?>/approve">
<?= Auth::csrfField() ?>
<input type="hidden" name="_csrf" value="<?= Auth::csrfToken() ?>">
<div class="form-group">
<label class="form-label">ملاحظة (اختياري)</label>
<textarea name="review_note" class="form-input" placeholder="أضف ملاحظة على القبول..."></textarea>
......@@ -176,7 +176,7 @@
<div class="card">
<div class="card-header"><h3 class="card-title">رفض الطلب</h3></div>
<form method="POST" action="/org-applications/<?= $application['id'] ?>/reject">
<?= Auth::csrfField() ?>
<input type="hidden" name="_csrf" value="<?= Auth::csrfToken() ?>">
<div class="form-group">
<label class="form-label">سبب الرفض *</label>
<textarea name="review_note" class="form-input" required placeholder="اكتب سبب رفض الطلب..."></textarea>
......
......@@ -9,7 +9,7 @@
<div class="card max-w-lg">
<form method="POST" action="/challenges/store" data-validate>
<?= Auth::csrfField() ?>
<input type="hidden" name="_csrf" value="<?= Auth::csrfToken() ?>">
<!-- Organizations -->
<div class="grid grid-2 gap-4">
......
......@@ -79,22 +79,22 @@ $cStatus = $challenge['status'] ?? 'pending';
<?php if ($cStatus === 'pending'): ?>
<div class="flex gap-3">
<form method="POST" action="/challenges/<?= $challenge['id'] ?>/accept" style="margin:0;">
<?= Auth::csrfField() ?>
<input type="hidden" name="_csrf" value="<?= Auth::csrfToken() ?>">
<button type="submit" class="btn btn-primary">قبول</button>
</form>
<form method="POST" action="/challenges/<?= $challenge['id'] ?>/reject" style="margin:0;">
<?= Auth::csrfField() ?>
<input type="hidden" name="_csrf" value="<?= Auth::csrfToken() ?>">
<button type="submit" class="btn btn-danger">رفض</button>
</form>
</div>
<?php elseif ($cStatus === 'accepted'): ?>
<form method="POST" action="/challenges/<?= $challenge['id'] ?>/start" style="margin:0;">
<?= Auth::csrfField() ?>
<input type="hidden" name="_csrf" value="<?= Auth::csrfToken() ?>">
<button type="submit" class="btn btn-primary">بدء التحدي</button>
</form>
<?php elseif ($cStatus === 'in_progress'): ?>
<form method="POST" action="/challenges/<?= $challenge['id'] ?>/complete" data-validate>
<?= Auth::csrfField() ?>
<input type="hidden" name="_csrf" value="<?= Auth::csrfToken() ?>">
<div class="grid grid-2 gap-4 mb-4">
<div class="form-group">
<label class="form-label">نتيجة المتحدي</label>
......@@ -111,7 +111,7 @@ $cStatus = $challenge['status'] ?? 'pending';
<?php if (in_array($cStatus, ['pending', 'accepted', 'in_progress'])): ?>
<form method="POST" action="/challenges/<?= $challenge['id'] ?>/cancel" style="margin-top: 12px;" onsubmit="return confirm('هل أنت متأكد من إلغاء التحدي؟')">
<?= Auth::csrfField() ?>
<input type="hidden" name="_csrf" value="<?= Auth::csrfToken() ?>">
<button type="submit" class="btn btn-ghost" style="color: var(--danger);">إلغاء التحدي</button>
</form>
<?php endif; ?>
......
......@@ -77,7 +77,7 @@
<div class="flex gap-2">
<a href="/organizations/<?= $org['id'] ?>/chat/channels/<?= $channel['id'] ?>" class="btn btn-ghost btn-sm">الرسائل</a>
<form method="POST" action="/organizations/<?= $org['id'] ?>/chat/channels/<?= $channel['id'] ?>/delete" style="margin:0;" onsubmit="return confirm('هل أنت متأكد من حذف هذه القناة؟')">
<?= Auth::csrfField() ?>
<input type="hidden" name="_csrf" value="<?= Auth::csrfToken() ?>">
<button type="submit" class="btn btn-danger btn-sm">حذف</button>
</form>
</div>
......
......@@ -35,14 +35,14 @@
</div>
<div class="flex gap-2">
<form method="POST" action="/organizations/<?= $org['id'] ?>/chat/messages/<?= $msg['id'] ?>/pin" style="margin:0;">
<?= Auth::csrfField() ?>
<input type="hidden" name="_csrf" value="<?= Auth::csrfToken() ?>">
<button type="submit" class="btn btn-ghost btn-sm" title="<?= ($msg['is_pinned'] ?? false) ? 'إلغاء التثبيت' : 'تثبيت' ?>">
<svg width="14" height="14" viewBox="0 0 24 24" fill="<?= ($msg['is_pinned'] ?? false) ? 'currentColor' : 'none' ?>" stroke="currentColor" stroke-width="2"><path d="M12 2L12 22M12 2L8 6M12 2L16 6"/></svg>
</button>
</form>
<?php if (!($msg['is_deleted'] ?? false)): ?>
<form method="POST" action="/organizations/<?= $org['id'] ?>/chat/messages/<?= $msg['id'] ?>/delete" style="margin:0;" onsubmit="return confirm('هل أنت متأكد من حذف هذه الرسالة؟')">
<?= Auth::csrfField() ?>
<input type="hidden" name="_csrf" value="<?= Auth::csrfToken() ?>">
<button type="submit" class="btn btn-danger btn-sm">حذف</button>
</form>
<?php endif; ?>
......
......@@ -11,7 +11,7 @@
<div class="card mb-4">
<h3 style="margin-bottom: 16px;">إجراء جديد</h3>
<form method="POST" action="/organizations/<?= $org['id'] ?>/chat/moderation/action" data-validate>
<?= Auth::csrfField() ?>
<input type="hidden" name="_csrf" value="<?= Auth::csrfToken() ?>">
<div class="grid grid-4 gap-4">
<div class="form-group">
<label class="form-label">اللاعب</label>
......@@ -73,7 +73,7 @@
<td><?= View::e($muted['moderator_name'] ?? '-') ?></td>
<td>
<form method="POST" action="/organizations/<?= $org['id'] ?>/chat/moderation/unmute" style="margin:0;">
<?= Auth::csrfField() ?>
<input type="hidden" name="_csrf" value="<?= Auth::csrfToken() ?>">
<input type="hidden" name="player_id" value="<?= $muted['player_id'] ?>">
<button type="submit" class="btn btn-sm btn-primary">إلغاء الكتم</button>
</form>
......
......@@ -16,7 +16,7 @@ $formAction = $isEdit
<div class="card max-w-lg">
<form method="POST" action="<?= $formAction ?>" data-validate>
<?= Auth::csrfField() ?>
<input type="hidden" name="_csrf" value="<?= Auth::csrfToken() ?>">
<div class="form-group">
<label class="form-label">العنوان (English)</label>
......
......@@ -106,7 +106,7 @@
<div class="dropdown-menu">
<a href="/organizations/<?= $org['id'] ?>/content/<?= $item['id'] ?>/edit" class="dropdown-item">تعديل</a>
<form method="POST" action="/organizations/<?= $org['id'] ?>/content/<?= $item['id'] ?>/toggle-publish" style="margin:0;">
<?= Auth::csrfField() ?>
<input type="hidden" name="_csrf" value="<?= Auth::csrfToken() ?>">
<button type="submit" class="dropdown-item">
<?= ($item['is_published'] ?? false) ? 'إلغاء النشر' : 'نشر' ?>
</button>
......
......@@ -16,7 +16,7 @@ $formAction = $isEdit
<div class="card max-w-lg">
<form method="POST" action="<?= $formAction ?>" data-validate>
<?= Auth::csrfField() ?>
<input type="hidden" name="_csrf" value="<?= Auth::csrfToken() ?>">
<div class="form-group">
<label class="form-label">المنظمة</label>
......
......@@ -130,7 +130,7 @@
<div class="dropdown-menu">
<a href="/organizations/<?= $org['id'] ?>/events/<?= $event['id'] ?>/edit" class="dropdown-item">تعديل</a>
<form method="POST" action="/organizations/<?= $org['id'] ?>/events/<?= $event['id'] ?>/cancel" style="margin:0;">
<?= Auth::csrfField() ?>
<input type="hidden" name="_csrf" value="<?= Auth::csrfToken() ?>">
<button type="submit" class="dropdown-item">إلغاء الفعالية</button>
</form>
<div class="dropdown-divider"></div>
......
......@@ -9,7 +9,7 @@
<div class="card max-w-lg">
<form method="POST" action="/organizations/<?= $org['id'] ?>/invites/store" data-validate>
<?= Auth::csrfField() ?>
<input type="hidden" name="_csrf" value="<?= Auth::csrfToken() ?>">
<div class="form-group">
<label class="form-label">الحد الأقصى للاستخدام</label>
......
......@@ -87,7 +87,7 @@
<div class="dropdown-menu">
<a href="/organizations/<?= $org['id'] ?>/invites/<?= $invite['id'] ?>/usage" class="dropdown-item">الاستخدام</a>
<form method="POST" action="/organizations/<?= $org['id'] ?>/invites/<?= $invite['id'] ?>/toggle" style="margin:0;">
<?= Auth::csrfField() ?>
<input type="hidden" name="_csrf" value="<?= Auth::csrfToken() ?>">
<button type="submit" class="dropdown-item">
<?= ($invite['is_active'] ?? false) ? 'تعطيل' : 'تفعيل' ?>
</button>
......
<div class="content-header">
<div class="flex items-center gap-4">
<a href="/organizations/<?= $org['id'] ?>" class="btn btn-icon btn-ghost">
<svg width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><polyline points="9 18 15 12 9 6"/></svg>
</a>
<h1>المتصدرين - <?= View::e($org['name_ar'] ?? $org['name']) ?></h1>
</div>
<form method="POST" action="/org-leaderboards/<?= $org['id'] ?>/recalculate" style="margin:0;">
<?= Auth::csrfField() ?>
<button type="submit" class="btn btn-primary" onclick="return confirm('هل تريد إعادة حساب النقاط؟')">
<svg width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><polyline points="23 4 23 10 17 10"/><path d="M20.49 15a9 9 0 1 1-2.12-9.36L23 10"/></svg>
إعادة الحساب
</button>
</form>
<h1>لوحة المتصدرين العامة</h1>
<a href="/org-leaderboards/seasonal" class="btn btn-ghost">التصنيف الموسمي</a>
</div>
<!-- Filters -->
<div class="card mb-5">
<form method="GET" action="/org-leaderboards/<?= $org['id'] ?>" class="flex gap-4 items-end flex-wrap">
<div class="form-group" style="margin-bottom:0;">
<label class="form-label">الموسم</label>
<input type="text" name="season" class="form-input" value="<?= View::e($_GET['season'] ?? '') ?>" placeholder="e.g. 2024-Q1" dir="ltr">
</div>
<button type="submit" class="btn btn-primary">تصفية</button>
</form>
</div>
<!-- Leaderboard Table -->
<div class="data-table-wrapper">
<?php if (empty($leaderboard)): ?>
<?php if (empty($rankings)): ?>
<div class="empty-state">
<svg class="empty-state-icon" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.5"><path d="M12 15l-2 5l9-11h-5l2-5l-9 11h5z"/></svg>
<h3 class="empty-state-title">لا توجد بيانات</h3>
<p class="empty-state-text">لم يتم تسجيل أي نقاط بعد. استخدم زر "إعادة الحساب" لتحديث البيانات.</p>
<svg class="empty-state-icon" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.5"><path d="M8 21h8m-4-4v4m-4.5-8.5L12 8l4.5 4.5M3 3h18v4H3z"/></svg>
<h3 class="empty-state-title">لا توجد تصنيفات</h3>
<p class="empty-state-text">لم يتم تسجيل أي تصنيفات بعد</p>
</div>
<?php else: ?>
<table class="data-table">
<thead>
<tr>
<th style="width: 60px;">المركز</th>
<th>اللاعب</th>
<th>المنظمة</th>
<th>النقاط</th>
<th>المباريات</th>
<th>الفوز</th>
<th>البطولات</th>
<th>فوز مباريات</th>
<th>فوز بطولات</th>
<th>سلسلة حالية</th>
<th>أفضل سلسلة</th>
<th>فوز تحديات</th>
<th></th>
</tr>
</thead>
<tbody>
<?php foreach ($leaderboard as $index => $entry): ?>
<?php foreach ($rankings as $index => $ranking): ?>
<?php
$rank = $pagination->offset + $index + 1;
$player = $entry['profiles'] ?? null;
$playerName = $player['display_name'] ?? $player['username'] ?? substr($entry['player_id'], 0, 8) . '...';
$org = $ranking['el3ab_organizations'] ?? null;
$orgName = $org['name_ar'] ?? $org['name'] ?? '-';
?>
<tr>
<td>
......@@ -65,19 +40,21 @@
</td>
<td>
<div class="flex items-center gap-2">
<?php if (!empty($player['avatar_url'])): ?>
<img src="<?= View::e($player['avatar_url']) ?>" alt="" style="width:24px;height:24px;border-radius:50%;">
<?php if (!empty($org['logo_url'])): ?>
<img src="<?= View::e($org['logo_url']) ?>" alt="" style="width:24px;height:24px;border-radius:4px;">
<?php endif; ?>
<span><?= View::e($playerName) ?></span>
<span><?= View::e($orgName) ?></span>
</div>
</td>
<td><strong class="tabular-nums"><?= number_format($entry['points'] ?? 0) ?></strong></td>
<td class="tabular-nums"><?= number_format($entry['matches_played'] ?? 0) ?></td>
<td class="tabular-nums"><?= number_format($entry['matches_won'] ?? 0) ?></td>
<td class="tabular-nums"><?= number_format($entry['tournaments_played'] ?? 0) ?></td>
<td class="tabular-nums"><?= number_format($entry['tournaments_won'] ?? 0) ?></td>
<td class="tabular-nums"><?= number_format($entry['streak_current'] ?? 0) ?></td>
<td class="tabular-nums"><?= number_format($entry['streak_best'] ?? 0) ?></td>
<td><strong class="tabular-nums"><?= number_format($ranking['total_points'] ?? 0) ?></strong></td>
<td class="tabular-nums"><?= number_format($ranking['matches_won'] ?? 0) ?></td>
<td class="tabular-nums"><?= number_format($ranking['tournaments_won'] ?? 0) ?></td>
<td class="tabular-nums"><?= number_format($ranking['challenges_won'] ?? 0) ?></td>
<td>
<?php if ($org): ?>
<a href="/org-leaderboards/<?= $org['id'] ?>" class="btn btn-sm btn-ghost">التفاصيل</a>
<?php endif; ?>
</td>
</tr>
<?php endforeach; ?>
</tbody>
......@@ -87,7 +64,7 @@
<span><?= $pagination->rangeText() ?></span>
<div class="pagination">
<?php foreach ($pagination->pages() as $p): ?>
<a href="?page=<?= $p ?>&season=<?= urlencode($_GET['season'] ?? '') ?>" class="pagination-btn <?= $p === $pagination->page ? 'active' : '' ?>"><?= $p ?></a>
<a href="?page=<?= $p ?>" class="pagination-btn <?= $p === $pagination->page ? 'active' : '' ?>"><?= $p ?></a>
<?php endforeach; ?>
</div>
</div>
......
<div class="content-header">
<div class="flex items-center gap-4">
<a href="/organizations/<?= $org['id'] ?>" class="btn btn-icon btn-ghost">
<svg width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><polyline points="9 18 15 12 9 6"/></svg>
</a>
<h1>المتصدرين - <?= View::e($org['name_ar'] ?? $org['name']) ?></h1>
</div>
<form method="POST" action="/org-leaderboards/recalculate/<?= $org['id'] ?>" style="margin:0;">
<input type="hidden" name="_csrf" value="<?= Auth::csrfToken() ?>">
<button type="submit" class="btn btn-primary" onclick="return confirm('هل تريد إعادة حساب النقاط؟')">
<svg width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><polyline points="23 4 23 10 17 10"/><path d="M20.49 15a9 9 0 1 1-2.12-9.36L23 10"/></svg>
إعادة الحساب
</button>
</form>
</div>
<!-- Filters -->
<div class="card mb-5">
<form method="GET" action="/org-leaderboards/<?= $org['id'] ?>" class="flex gap-4 items-end flex-wrap">
<div class="form-group" style="margin-bottom:0;">
<label class="form-label">الموسم</label>
<input type="text" name="season" class="form-input" value="<?= View::e($_GET['season'] ?? '') ?>" placeholder="e.g. 2024-Q1" dir="ltr">
</div>
<button type="submit" class="btn btn-primary">تصفية</button>
</form>
</div>
<!-- Leaderboard Table -->
<div class="data-table-wrapper">
<?php if (empty($leaderboard)): ?>
<div class="empty-state">
<svg class="empty-state-icon" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.5"><path d="M12 15l-2 5l9-11h-5l2-5l-9 11h5z"/></svg>
<h3 class="empty-state-title">لا توجد بيانات</h3>
<p class="empty-state-text">لم يتم تسجيل أي نقاط بعد. استخدم زر "إعادة الحساب" لتحديث البيانات.</p>
</div>
<?php else: ?>
<table class="data-table">
<thead>
<tr>
<th style="width: 60px;">المركز</th>
<th>اللاعب</th>
<th>النقاط</th>
<th>المباريات</th>
<th>الفوز</th>
<th>البطولات</th>
<th>فوز بطولات</th>
<th>سلسلة حالية</th>
<th>أفضل سلسلة</th>
</tr>
</thead>
<tbody>
<?php foreach ($leaderboard as $index => $entry): ?>
<?php
$rank = $pagination->offset + $index + 1;
$player = $entry['profiles'] ?? null;
$playerName = $player['display_name'] ?? $player['username'] ?? substr($entry['player_id'], 0, 8) . '...';
?>
<tr>
<td>
<?php if ($rank <= 3): ?>
<span class="badge <?= $rank === 1 ? 'badge-warning' : ($rank === 2 ? 'badge-default' : 'badge-info') ?>">#<?= $rank ?></span>
<?php else: ?>
<span class="text-muted">#<?= $rank ?></span>
<?php endif; ?>
</td>
<td>
<div class="flex items-center gap-2">
<?php if (!empty($player['avatar_url'])): ?>
<img src="<?= View::e($player['avatar_url']) ?>" alt="" style="width:24px;height:24px;border-radius:50%;">
<?php endif; ?>
<span><?= View::e($playerName) ?></span>
</div>
</td>
<td><strong class="tabular-nums"><?= number_format($entry['points'] ?? 0) ?></strong></td>
<td class="tabular-nums"><?= number_format($entry['matches_played'] ?? 0) ?></td>
<td class="tabular-nums"><?= number_format($entry['matches_won'] ?? 0) ?></td>
<td class="tabular-nums"><?= number_format($entry['tournaments_played'] ?? 0) ?></td>
<td class="tabular-nums"><?= number_format($entry['tournaments_won'] ?? 0) ?></td>
<td class="tabular-nums"><?= number_format($entry['streak_current'] ?? 0) ?></td>
<td class="tabular-nums"><?= number_format($entry['streak_best'] ?? 0) ?></td>
</tr>
<?php endforeach; ?>
</tbody>
</table>
<div class="table-footer">
<span><?= $pagination->rangeText() ?></span>
<div class="pagination">
<?php foreach ($pagination->pages() as $p): ?>
<a href="?page=<?= $p ?>&season=<?= urlencode($_GET['season'] ?? '') ?>" class="pagination-btn <?= $p === $pagination->page ? 'active' : '' ?>"><?= $p ?></a>
<?php endforeach; ?>
</div>
</div>
<?php endif; ?>
</div>
......@@ -16,7 +16,7 @@ $actionUrl = $isEdit
<div class="card max-w-lg">
<form method="POST" action="<?= $actionUrl ?>" data-validate>
<?= Auth::csrfField() ?>
<input type="hidden" name="_csrf" value="<?= Auth::csrfToken() ?>">
<div class="form-group">
<label class="form-label">الاسم (English)</label>
......
......@@ -72,7 +72,7 @@ $rewardTypeBadges = [
<td><?= number_format((int)($reward['reward_amount'] ?? 0)) ?></td>
<td>
<form method="POST" action="/organizations/<?= $org['id'] ?>/loyalty/<?= $reward['id'] ?>/toggle" style="margin:0;">
<?= Auth::csrfField() ?>
<input type="hidden" name="_csrf" value="<?= Auth::csrfToken() ?>">
<label class="toggle">
<input type="checkbox" <?= ($reward['is_active'] ?? false) ? 'checked' : '' ?> onchange="this.closest('form').submit()">
<span class="toggle-track"></span>
......@@ -84,7 +84,7 @@ $rewardTypeBadges = [
<div class="flex gap-2">
<a href="/organizations/<?= $org['id'] ?>/loyalty/<?= $reward['id'] ?>/edit" class="btn btn-sm btn-ghost">تعديل</a>
<form method="POST" action="/organizations/<?= $org['id'] ?>/loyalty/<?= $reward['id'] ?>/delete" style="margin:0;" onsubmit="return confirm('هل أنت متأكد من حذف هذه المكافأة؟')">
<?= Auth::csrfField() ?>
<input type="hidden" name="_csrf" value="<?= Auth::csrfToken() ?>">
<button type="submit" class="btn btn-sm btn-danger">حذف</button>
</form>
</div>
......
......@@ -85,16 +85,16 @@ $typeBadges = [
<a href="/org-partnerships/<?= $partnership['id'] ?>" class="btn btn-sm btn-ghost">عرض</a>
<?php if ($status === 'pending'): ?>
<form method="POST" action="/org-partnerships/<?= $partnership['id'] ?>/approve" style="margin:0;" onsubmit="return confirm('هل أنت متأكد من قبول هذه الشراكة؟')">
<?= Auth::csrfField() ?>
<input type="hidden" name="_csrf" value="<?= Auth::csrfToken() ?>">
<button type="submit" class="btn btn-sm btn-primary">قبول</button>
</form>
<form method="POST" action="/org-partnerships/<?= $partnership['id'] ?>/reject" style="margin:0;" onsubmit="return confirm('هل أنت متأكد من رفض هذه الشراكة؟')">
<?= Auth::csrfField() ?>
<input type="hidden" name="_csrf" value="<?= Auth::csrfToken() ?>">
<button type="submit" class="btn btn-sm btn-danger">رفض</button>
</form>
<?php elseif ($status === 'active'): ?>
<form method="POST" action="/org-partnerships/<?= $partnership['id'] ?>/dissolve" style="margin:0;" onsubmit="return confirm('هل أنت متأكد من حل هذه الشراكة؟')">
<?= Auth::csrfField() ?>
<input type="hidden" name="_csrf" value="<?= Auth::csrfToken() ?>">
<button type="submit" class="btn btn-sm btn-danger">حل الشراكة</button>
</form>
<?php endif; ?>
......
......@@ -123,16 +123,16 @@ if (!empty($partnership['benefits'])) {
<div class="flex gap-2 mt-4">
<?php if ($status === 'pending'): ?>
<form method="POST" action="/org-partnerships/<?= $partnership['id'] ?>/approve" style="margin:0;" onsubmit="return confirm('هل أنت متأكد من قبول هذه الشراكة؟')">
<?= Auth::csrfField() ?>
<input type="hidden" name="_csrf" value="<?= Auth::csrfToken() ?>">
<button type="submit" class="btn btn-primary">قبول الشراكة</button>
</form>
<form method="POST" action="/org-partnerships/<?= $partnership['id'] ?>/reject" style="margin:0;" onsubmit="return confirm('هل أنت متأكد من رفض هذه الشراكة؟')">
<?= Auth::csrfField() ?>
<input type="hidden" name="_csrf" value="<?= Auth::csrfToken() ?>">
<button type="submit" class="btn btn-danger">رفض الشراكة</button>
</form>
<?php elseif ($status === 'active'): ?>
<form method="POST" action="/org-partnerships/<?= $partnership['id'] ?>/dissolve" style="margin:0;" onsubmit="return confirm('هل أنت متأكد من حل هذه الشراكة؟')">
<?= Auth::csrfField() ?>
<input type="hidden" name="_csrf" value="<?= Auth::csrfToken() ?>">
<button type="submit" class="btn btn-danger">حل الشراكة</button>
</form>
<?php endif; ?>
......
......@@ -9,7 +9,7 @@
<div class="card max-w-lg">
<form method="POST" action="/organizations/<?= $org['id'] ?>/spotlights/store" data-validate>
<?= Auth::csrfField() ?>
<input type="hidden" name="_csrf" value="<?= Auth::csrfToken() ?>">
<div class="form-group">
<label class="form-label">اللاعب <span style="color:var(--danger);">*</span></label>
......
......@@ -104,7 +104,7 @@
</button>
<div class="dropdown-menu">
<form method="POST" action="/organizations/<?= $org['id'] ?>/spotlights/<?= $spotlight['id'] ?>/toggle" style="margin:0;">
<?= Auth::csrfField() ?>
<input type="hidden" name="_csrf" value="<?= Auth::csrfToken() ?>">
<button type="submit" class="dropdown-item">
<?= ($spotlight['is_active'] ?? false) ? 'تعطيل' : 'تفعيل' ?>
</button>
......
......@@ -117,7 +117,7 @@ if ($currentStepIndex === false) $currentStepIndex = -1;
<!-- Approve with step -->
<form method="POST" action="/transfers/<?= $transfer['id'] ?>/approve" class="mb-4" data-validate>
<?= Auth::csrfField() ?>
<input type="hidden" name="_csrf" value="<?= Auth::csrfToken() ?>">
<div class="grid grid-2 gap-4">
<div class="form-group">
<label class="form-label">الموافقة على مرحلة</label>
......@@ -138,19 +138,19 @@ if ($currentStepIndex === false) $currentStepIndex = -1;
<div class="flex gap-3">
<!-- Complete -->
<form method="POST" action="/transfers/<?= $transfer['id'] ?>/complete" style="margin:0;">
<?= Auth::csrfField() ?>
<input type="hidden" name="_csrf" value="<?= Auth::csrfToken() ?>">
<button type="submit" class="btn btn-primary">إكمال الانتقال</button>
</form>
<!-- Reject -->
<form method="POST" action="/transfers/<?= $transfer['id'] ?>/reject" style="margin:0;" onsubmit="return confirm('هل أنت متأكد من رفض هذا الانتقال؟')">
<?= Auth::csrfField() ?>
<input type="hidden" name="_csrf" value="<?= Auth::csrfToken() ?>">
<button type="submit" class="btn btn-danger">رفض</button>
</form>
<!-- Cancel -->
<form method="POST" action="/transfers/<?= $transfer['id'] ?>/cancel" style="margin:0;" onsubmit="return confirm('هل أنت متأكد من إلغاء هذا الانتقال؟')">
<?= Auth::csrfField() ?>
<input type="hidden" name="_csrf" value="<?= Auth::csrfToken() ?>">
<button type="submit" class="btn btn-ghost" style="color: var(--danger);">إلغاء</button>
</form>
</div>
......
......@@ -53,7 +53,7 @@
<div class="card mb-4">
<h3 style="margin-bottom: 16px;">إيداع</h3>
<form method="POST" action="/organizations/<?= $org['id'] ?>/treasury/deposit" data-validate>
<?= Auth::csrfField() ?>
<input type="hidden" name="_csrf" value="<?= Auth::csrfToken() ?>">
<div class="grid grid-3 gap-4">
<div class="form-group">
<label class="form-label">العملة</label>
......@@ -79,7 +79,7 @@
<div class="card mb-4">
<h3 style="margin-bottom: 16px;">سحب</h3>
<form method="POST" action="/organizations/<?= $org['id'] ?>/treasury/withdraw" data-validate>
<?= Auth::csrfField() ?>
<input type="hidden" name="_csrf" value="<?= Auth::csrfToken() ?>">
<div class="grid grid-3 gap-4">
<div class="form-group">
<label class="form-label">العملة</label>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment