<?php require_once("wm_core.php");
if (!defined('IsAdmin')) define('IsAdmin', FALSE);
InitDB();
if (!IsAdmin) InitSession();

function FraudAlert() {
    redirect("fraud.php");
    die;
}

# verification function: triggers "fraud alert" if there already was a match of
# the specified class
function Verify($class) {
    $q = Query("SELECT time FROM wm_matches WHERE class=$class ORDER BY time ASC LIMIT 1");
    if (!isset($q[0]['time']))
        return;
    if ($Now > $q[0]['time'])
        FraudAlert();
}

# override user ID
if (IsAdmin) {
    $uid = intval($_GET['user']);
    if (!$uid) {
        echo "Error: adm_do_update_bets.php called without user ID";
        die;
    }
}

# set bonus bets
$q = "";
if (isset($_POST['bet0'])) { Verify(100); $q .= ", bet0=" . int_or_null($_POST['bet0']); }
if (isset($_POST['bet8'])) { Verify(8);   $q .= ", bet8=" . int_or_null($_POST['bet8']); }
if (isset($_POST['bet4'])) { Verify(4);   $q .= ", bet4=" . int_or_null($_POST['bet4']); }
if (isset($_POST['bet2'])) { Verify(2);   $q .= ", bet2=" . int_or_null($_POST['bet2']); }
$q = substr($q, 2);
if ($q)
    Query("UPDATE wm_users SET $q WHERE id=$uid");

# set other bets
for ($mid = 1;  $mid <= MatchCount;  $mid++) {
    $mask = 0;
    $goalsA = "";
    $goalsB = "";
    if (isset($_POST["A$mid"])) { $goalsA = $_POST["A$mid"]; $mask |= 1; }
    if (isset($_POST["B$mid"])) { $goalsB = $_POST["B$mid"]; $mask |= 2; }
    SetBet($uid, $mid, ($goalsA === "") ? NULL : intval($goalsA), ($goalsB === "") ? NULL : intval($goalsB), $mask);
}

# redirect to bet page
$baseurl = "bets.php?order=" . urlencode($_GET['order']);
redirect(IsAdmin ? "adm_$baseurl&user=$uid" : $baseurl);
CloseDB();
?>