new database

Backend/Controllers/FileHandler/updateFiles.php

@@ -2,15 +2,31 @@
 require_once "../../../bootstrap.php";
 require_once('../Group/Group.php');
 require_once('FileHandler.php');
-use Backend\Models\GameData;
 
-if(isLogin()){
-    if(isset($_POST['submitUpdate'])){
+use Backend\Models\GameData;
+use Backend\Models\Registration;
+
+if (isLogin()) {
+    if (isset($_POST['submitUpdate'])) {
+        //Get the game data
+        $gameData = GameData::find($_POST['gameDataId']);
+        if ($gameData === null) {
+            http_response_code(400);
+            echo json_encode(["message" => "game data not found"]);
+            exit();
+        }
+        //Get the group
+        $group = groupViaToken($_SESSION['token']);
+        if (!in_array($gameData->id, Registration::where("group_id", $group->id)->pluck("game_data_id")->toArray())) {
+            http_response_code(401);
+            exit();
+        }
+
         $gameFile = $_FILES['gameFile'];
         $desc = $_POST['description'];
         $title = $_POST['gameTitle'];
         $thumbnail = $_FILES['thumbnailFile'];
-        $isWebBased = isset( $_POST['isWebBased']);
+        $isWebBased = isset($_POST['isWebBased']);
 
         $gameFileName = $_FILES['gameFile']['name'];//Game name
         $gameFileTmp = $_FILES['gameFile']['tmp_name'];//Tmp location of the file
@@ -18,34 +34,29 @@ if(isLogin()){
 
         $thumbnailFileName = $_FILES['thumbnailFile']['name'];//Game name
         $thumbnailFileTmp = $_FILES['thumbnailFile']['tmp_name'];//Tmp location of the file
-        $thumbnailFileError =$_FILES['thumbnailFile']['error'];//File error
+        $thumbnailFileError = $_FILES['thumbnailFile']['error'];//File error
 
-
-        //Get the group
-        $group = groupViaToken($_SESSION['token']);
-        //Get the game data, from the group
-        $gameData = GameData::find($group->game_data_id);
         $gameData->game_name = $title;
-        if(isset($gameData) && $gameFileError === 0){
-            unlink("../../Games/".$gameData->game_link);
-            $gameData->game_link = ZipFileHandler($gameFileName,$gameFileTmp);
+        if (isset($gameData) && $gameFileError === 0) {
+            unlink("../../Games/" . $gameData->game_link);
+            $gameData->game_link = ZipFileHandler($gameFileName, $gameFileTmp);
         }
         $gameData->description = $desc;
-        if(isset($thumbnail)  && $thumbnailFileError === 0){
-            unlink("../../../Frontend/images/".$gameData->img);
-            $gameData->img = imagesFileHandler($thumbnailFileName,$thumbnailFileTmp);
+        if (isset($thumbnail) && $thumbnailFileError === 0) {
+            unlink("../../../Frontend/images/" . $gameData->img);
+            $gameData->img = imagesFileHandler($thumbnailFileName, $thumbnailFileTmp);
         }
         $gameData->is_web_Based = $isWebBased;
-        if(!$gameData->save()){
-           http_response_code(500);
-        }else{
-           http_response_code(201);
+        if (!$gameData->save()) {
+            http_response_code(500);
+        } else {
+            http_response_code(201);
         }
 
-    }else{
-       http_response_code(400);
+    } else {
+        http_response_code(400);
     }
-}else{
-   http_response_code(401);
-   echo json_encode(["message" => "is not login"]);
+} else {
+    http_response_code(401);
+    echo json_encode(["message" => "is not login"]);
 }