private function randomKeyMatch()
{
global $site;
$randomKeyValue = '';
$randomKeyName = '';
if (isset($_POST['key_name'])) {
$randomKeyName = htmlent_decode($_POST['key_name']);
if (isset($_POST[$randomKeyName])) {
$randomKeyValue = htmlent_decode($_POST[$randomKeyName]);
}
}
return $randomkeysmatch = $site->validateKey($randomKeyName, $randomKeyValue);
}
<?php
// this is plain text!
header('Content-Type: text/plain');
require realpath('../CMS/siteinfo.php');
$site = new siteinfo();
$connection = $site->connect_to_db();
// display teams
$query = 'SELECT `teams`.`id`,`teams`.`name` FROM `teams`,`teams_overview`' . ' WHERE `teams_overview`.`teamid`=`teams`.`id` AND `teams_overview`.`deleted`<>' . sqlSafeStringQuotes(2);
if (!($result = @$site->execute_silent_query('teams,teams_overview', $query, $connection))) {
$site->dieAndEndPage('It seems like the team profile can not be accessed for an unknown reason.');
}
while ($row = mysql_fetch_array($result)) {
echo 'TE: ' . $row['id'] . ', ' . htmlent_decode($row['name']) . "\n";
}
mysql_free_result($result);
$query = 'SELECT `id`,`teamid`,`name` FROM `users`' . ' WHERE `users`.`status`=' . sqlSafeStringQuotes('active');
if (!($result = @$site->execute_silent_query('users', $query, $connection))) {
$site->dieAndEndPage('It seems like the player profile can not be accessed for an unknown reason.');
}
while ($row = mysql_fetch_array($result)) {
echo 'PL: ' . $row['teamid'] . ', ' . $row['id'] . ', ' . htmlent_decode($row['name']) . "\n";
}
mysql_free_result($result);
// done with outputting stats
function sanityCheck(&$confirmed)
{
global $config;
global $tmpl;
global $db;
// < 0: undefined, 0: edit screen, 1: preview, 2: send, > 2: undefined
if ($confirmed < 0 || $confirmed > 2) {
// changed undefined values to a defined state
$confirmed = 0;
}
if (isset($_GET['userid']) && intval($_GET['userid']) > 0) {
$this->pm->addUserID($_GET['userid'], true);
}
if (isset($_GET['teamid']) && intval($_GET['teamid']) > 0) {
$this->pm->addTeamID($_GET['teamid'], true);
}
if (isset($_GET['reply']) && isset($_GET['id']) && intval($_GET['id']) > 0) {
// add all original recipients and author or only original author to default recipients
// find out if original message was readable for user
$query = $db->prepare('SELECT COUNT(*) FROM `pmsystem_msg_users` WHERE `msgid`=? AND `userid`=?');
$db->execute($query, array($_GET['id'], user::getCurrentUserId()));
$rows = $db->fetchRow($query);
$db->free($query);
// silently drop on no permisson issue
// message to self may be listed twice, for inbox and outbox
// TODO: output error
if (count($rows) > 0 && $rows['COUNT(*)'] > 0) {
$query = $db->prepare('SELECT `subject`, `message` FROM `pmsystem_msg_storage`' . ' WHERE `id`=? LIMIT 1');
$db->execute($query, $_GET['id']);
$row = $db->fetchRow($query);
$db->free($query);
if (count($row) > 0) {
$this->pm->setSubject($row['subject']);
// quote old message
$this->pm->setContent(rtrim('> ' . str_replace("\n", "\n> ", htmlent_decode($row['message'])), "\n") . "\n\n");
}
if (strcmp($_GET['reply'], 'all') === 0) {
// add original author to recipients
$origAuthorQuery = $db->prepare('SELECT `name` FROM `users`' . ' WHERE `id`=(SELECT `author_id` FROM `pmsystem_msg_storage`' . ' WHERE `id`=? LIMIT 1) LIMIT 1');
$db->execute($origAuthorQuery, intval($_GET['id']));
while ($row = $db->fetchRow($origAuthorQuery)) {
$this->pm->addUserName($row['name']);
}
$db->free($origAuthorQuery);
// prepare further recipients queries
$usersQuery = $db->prepare('SELECT `name`' . ' FROM `pmsystem_msg_recipients_users` LEFT JOIN `users`' . ' ON `pmsystem_msg_recipients_users`.`userid`=`users`.`id`' . ' WHERE `msgid`=?');
$teamsQuery = $db->prepare('SELECT `name`' . ' FROM `pmsystem_msg_recipients_teams` LEFT JOIN `teams`' . ' ON `pmsystem_msg_recipients_teams`.`teamid`=`teams`.`id`' . ' WHERE `msgid`=?');
// add users to recipients
$db->execute($usersQuery, intval($_GET['id']));
while ($row = $db->fetchRow($usersQuery)) {
$this->pm->addUserName($row['name']);
}
$db->free($usersQuery);
// add teams to recipients
$db->execute($teamsQuery, intval($_GET['id']));
while ($row = $db->fetchRow($teamsQuery)) {
$this->pm->addTeamName($row['name']);
}
$db->free($teamsQuery);
} elseif (strcmp($_GET['reply'], 'author') === 0) {
// only 1 author, thus no loop
$query = $db->prepare('SELECT `name` FROM `users`' . ' WHERE `id`=(SELECT `author_id` FROM `pmsystem_msg_storage`' . ' WHERE `id`=? LIMIT 1) LIMIT 1');
$db->execute($query, intval($_GET['id']));
$row = $db->fetchRow($query);
$db->free($query);
$this->pm->addUserName($row['name']);
}
}
}
if ($confirmed > 0 || isset($_POST['editPageAgain'])) {
// no need to check for a key match if no content was supplied
if (!$this->randomKeyMatch($confirmed)) {
// editing cancelled due to random key mismatch
$confirmed = 0;
return 'nokeymatch';
}
if (isset($_POST['subject']) && strlen(strval($_POST['subject'])) > 0) {
$this->pm->setSubject($_POST['subject']);
}
if (isset($_POST['content']) && strlen(strval($_POST['content'])) > 0) {
$this->pm->setContent(strval($_POST['content']));
}
// add all set team recipients
$i = 0;
while (isset($_POST['teamRecipient' . $i])) {
// user requested removal of a recipient -> do not send now
if (isset($_POST['removeTeamRecipient' . $i])) {
$confirmed = 0;
}
// exclude team recipients that are requested to be removed
if (isset($_POST['teamRecipient' . $i]) && !isset($_POST['removeTeamRecipient' . $i])) {
$this->pm->addTeamName($_POST['teamRecipient' . $i], $confirmed > 0 && !isset($_POST['addTeamRecipient']) && !isset($_POST['addPlayerRecipient']) && !isset($_POST['editPageAgain']));
}
$i++;
}
// add new team recipient if requested explicitly or implicitly
if (isset($_POST['teamRecipient'])) {
$this->pm->addTeamName($_POST['teamRecipient'], $confirmed > 0);
}
// do not send the message if adding team was explicitly requested
if (isset($_POST['addTeamRecipient'])) {
$confirmed = 0;
}
// add all set player recipients
$i = 0;
while (isset($_POST['playerRecipient' . $i])) {
// user requested removal of a recipient -> do not send now
if (isset($_POST['removePlayerRecipient' . $i])) {
$confirmed = 0;
}
// exclude player recipients that are requested to be removed
if (isset($_POST['playerRecipient' . $i]) && !isset($_POST['removePlayerRecipient' . $i])) {
$this->pm->addUserName($_POST['playerRecipient' . $i], $confirmed > 0 && !isset($_POST['addPlayerRecipient']) && !isset($_POST['editPageAgain']));
}
$i++;
}
// add new player recipient if requested explicitly or implicitly
if (isset($_POST['playerRecipient'])) {
$this->pm->addUserName($_POST['playerRecipient'], $confirmed > 0);
}
// do not send the message if adding player was explicitly requested
if (isset($_POST['addPlayerRecipient'])) {
$confirmed = 0;
}
}
if ($confirmed > 0 && $this->pm->countUsers() < 1 && $this->pm->countTeams() < 1) {
$tmpl->assign('MSG', 'A PM can not be sent without any recipients set.');
$confirmed = 0;
}
// check for too long or too short message
// first ask config on database
$dbCharset = $config->getValue('db.userInputFieldCharset');
if ($dbCharset === true) {
$tmpl->assign('MSG', 'FATAL ERROR: Config value db.userInputFieldCharset returned true.');
$db->logError('FATAL ERROR: Config value db.userInputFieldCharset returned true. ' . 'Check if it is set in settings file. ' . 'It must return a string containing DB field charset for user input.');
$confirmed = 0;
}
// fallback to UTF-8 if not set
if ($dbCharset === false) {
$dbCharset = 'UTF-8';
}
// do the actual message length check
$len = mb_strlen($this->pm->getContent(), $dbCharset);
if ($len < 1) {
$tmpl->assign('MSG', 'A message must not be empty.');
$confirmed = 0;
}
if ($len > 4000) {
$tmpl->assign('MSG', 'A message must not be longer than 4000 characters.');
$confirmed = 0;
}
return true;
}
function updateVersion4()
{
global $db;
status('Replace player in table names with user ');
$db->SQL('RENAME TABLE `players` TO `users`');
$db->SQL('RENAME TABLE `players_passwords` TO `users_passwords`');
$db->SQL('RENAME TABLE `players_profile` TO `users_profile`');
status('Renaming several table fields to lower case');
$db->SQL('ALTER TABLE `CMS` CHANGE `requestPath` `request_path` VARCHAR(1000) NOT NULL DEFAULT \'/\'');
$db->SQL('ALTER TABLE `matches` CHANGE `team1ID` `team1_id` INT(11) UNSIGNED NOT NULL DEFAULT \'0\'');
$db->SQL('ALTER TABLE `matches` CHANGE `team2ID` `team2_id` INT(11) UNSIGNED NOT NULL DEFAULT \'0\'');
$db->SQL('ALTER TABLE `matches_edit_stats` CHANGE `team1ID` `team1_id` INT(11) UNSIGNED NOT NULL DEFAULT \'0\'');
$db->SQL('ALTER TABLE `matches_edit_stats` CHANGE `team2ID` `team2_id` INT(11) UNSIGNED NOT NULL DEFAULT \'0\'');
$db->SQL('ALTER TABLE `users_profile` CHANGE `UTC` `utc` TINYINT(2) NOT NULL DEFAULT \'0\'');
status('Creating new cms_bans table');
$db->SQL('CREATE TABLE `cms_bans` (
`id` int(11) unsigned NOT NULL AUTO_INCREMENT,
`ip-address` varchar(100) NOT NULL DEFAULT \'0.0.0.0.0\',
`expiration_timestamp` varchar(19) NOT NULL DEFAULT \'0000-00-00 00:00:00\' COMMENT \'0000-00-00 00:00:00 means a ban won\'\'t expire\',
PRIMARY KEY (`id`)
) ENGINE=MyISAM AUTO_INCREMENT=2 DEFAULT CHARSET=utf8');
status('Creating new users_rejected_logins table');
$db->SQL('CREATE TABLE `users_rejected_logins` (
`id` int(11) unsigned NOT NULL AUTO_INCREMENT,
`name` varchar(50) NOT NULL DEFAULT \'\',
`ip-address` varchar(100) NOT NULL DEFAULT \'0.0.0.0.0\',
`forwarded_for` varchar(200) DEFAULT NULL,
`host` varchar(100) DEFAULT NULL,
`timestamp` varchar(19) NOT NULL DEFAULT \'0000-00-00 00:00:00\',
`reason` enum(\'unknown\',\'fieldMissing\',\'emptyUserName\',\'emptyPassword\',\'tooLongPassword\',\'tooLongUserName\',\'passwordMismatch\',\'missconfiguration\') DEFAULT NULL,
PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COMMENT=\'Log failed logins with their reason\'');
status('Creating new users_permissions table');
$db->SQL('CREATE TABLE `users_permissions` (
`id` int(11) unsigned NOT NULL AUTO_INCREMENT,
`userid` int(11) unsigned NOT NULL,
`permissions` varchar(1023) NOT NULL DEFAULT \'\',
PRIMARY KEY (`id`),
KEY `userid` (`userid`),
CONSTRAINT `users_permissions_ibfk_1` FOREIGN KEY (`userid`) REFERENCES `users` (`id`) ON DELETE CASCADE ON UPDATE CASCADE
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COMMENT=\'Applies to local login only at the moment\'');
status('Adjusting foreign keys in users_profile table');
$db->SQL('ALTER TABLE `users_profile` DROP FOREIGN KEY `users_profile_ibfk_1`');
$db->SQL('ALTER TABLE `users_profile` CHANGE `playerid` `userid` INT(11) UNSIGNED NOT NULL DEFAULT \'0\'');
$db->SQL('ALTER TABLE `users_profile` ADD FOREIGN KEY (`userid`) REFERENCES `users` (`id`) ON DELETE CASCADE ON UPDATE CASCADE');
status('Adjusting foreign keys in users_passwords table');
$db->SQL('ALTER TABLE `users_passwords` DROP FOREIGN KEY `users_passwords_ibfk_1`');
$db->SQL('ALTER TABLE `users_passwords` CHANGE `playerid` `userid` INT(11) UNSIGNED NOT NULL DEFAULT \'0\'');
$db->SQL('ALTER TABLE `users_passwords` ADD FOREIGN KEY (`userid`) REFERENCES `users` (`id`) ON DELETE CASCADE ON UPDATE CASCADE');
status('Adjusting foreign keys in visits table');
$db->SQL('ALTER TABLE `visits` DROP FOREIGN KEY `visits_ibfk_1`');
$db->SQL('ALTER TABLE `visits` CHANGE `playerid` `userid` INT(11) UNSIGNED NOT NULL DEFAULT \'0\'');
$db->SQL('ALTER TABLE `visits` ADD FOREIGN KEY (`userid`) REFERENCES `users` (`id`) ON DELETE CASCADE ON UPDATE CASCADE');
status('');
status('+----------------------------------------------------------------------------------------------------------------------+');
status('| If you hardcoded logout path into webserver config you must remove that path now. That path is now set in CMS table. |');
status('+----------------------------------------------------------------------------------------------------------------------+');
status('');
$db->SQL('INSERT INTO `CMS` (`request_path`, `title`, `addon`) VALUES (\'Logout/\', \'Logout\', \'logoutSystem\')');
status('');
status('+---------------------------------------------------------------------------------------------------------------------------+');
status('| If you hardcoded Online User path into webserver config you must remove that path now. That path is now set in CMS table. |');
status('+---------------------------------------------------------------------------------------------------------------------------+');
status('');
$db->SQL('INSERT INTO `CMS` (`request_path`, `title`, `addon`) VALUES (\'Online/\', \'Online users\', \'onlineUserSystem\')');
/*
status('');
status('+-----------------------------------------------------------------------------------------------------------------------+');
status('| If you hardcoded Matches path into webserver config you must remove that path now. That path is now set in CMS table. |');
status('+-----------------------------------------------------------------------------------------------------------------------+');
status('');
$db->SQL('INSERT INTO `CMS` (`request_path`, `title`, `addon`) VALUES (\'Matches/\', \'Matches\', \'matchServices\')');
*/
status('Renaming CMS table to cms_paths');
$db->SQL('RENAME TABLE `CMS` TO `cms_paths`');
// delete maintenance log file, new version uses database instead
global $installationPath;
if (file_exists($installationPath . 'CMS/maintenance/maintenance.txt')) {
status('Resetting maintenance date');
$db->SQL('Update `misc_data` SET `last_maintenance`=\'0000-00-00\'');
if (!unlink($installationPath . 'CMS/maintenance/maintenance.txt')) {
status('Could not delete file ' . $installationPath . 'CMS/maintenance/maintenance.txt');
return false;
}
$maintDir = scandir($installationPath . 'CMS/maintenance/');
if ($maintDir !== false && count(scandir($maintDir)) === 0 && rmdir($maintDir)) {
status('Deleted empty maintenance folder');
} else {
status('Could not delete maintenance folder');
return false;
}
}
status('Renaming any_teamless_player_can_join to team_open');
$db->SQL('ALTER TABLE `teams_overview` CHANGE `any_teamless_player_can_join` `open` TINYINT(1) NOT NULL DEFAULT \'1\'');
status('Removing leading and trailing whitespace from team names, unescape team names in db');
$query = $db->SQL('SELECT `id`,`name` FROM `teams`');
$updateQuery = $db->prepare('UPDATE `teams` SET name=:name WHERE id=:id');
while ($row = $db->fetchRow($query)) {
if (!$db->execute($updateQuery, array(':id' => array((int) $row['id'], PDO::PARAM_INT), ':name' => array(htmlent_decode(trim($row['name'])), PDO::PARAM_STR)))) {
status('Unable to execute update query on team name: ' . $row['name']);
return false;
}
}
$db->free($query);
unset($updateQuery);
status('Updating invitations table: rename column invited_playerid to userid');
$db->SQL('ALTER TABLE `invitations` DROP FOREIGN KEY `invitations_ibfk_1`');
$db->SQL('ALTER TABLE `invitations` DROP FOREIGN KEY `invitations_ibfk_2`');
$db->SQL('ALTER TABLE `invitations` CHANGE `invited_playerid` `userid` INT(11) UNSIGNED NOT NULL DEFAULT \'0\'');
$db->SQL('ALTER TABLE `invitations` ADD FOREIGN KEY (`userid`) REFERENCES `users` (`id`) ON DELETE CASCADE ON UPDATE CASCADE');
$db->SQL('ALTER TABLE `invitations` ADD FOREIGN KEY (`teamid`) REFERENCES `teams` (`id`) ON DELETE CASCADE ON UPDATE CASCADE');
status('Updating teams profile: Add cached value for total matches played');
$db->SQL('ALTER TABLE `teams_profile` ADD `num_matches_total` INT(11) NOT NULL DEFAULT \'0\' AFTER `teamid`');
$query = $db->SQL('SELECT * FROM `teams_profile`');
while ($row = $db->fetchRow($query)) {
$total = (int) $row['num_matches_won'] + (int) $row['num_matches_draw'] + (int) $row['num_matches_lost'];
$db->SQL('UPDATE `teams_profile` SET `num_matches_total`=' . $total . ' WHERE `teamid`=' . $row['teamid']);
unset($total);
unset($teamid);
}
$db->free($query);
status('Updating teams_overview: Dropping old num_matches_played column');
$db->SQL('ALTER TABLE `teams_overview` DROP `num_matches_played`');
status('Updating teams_overview: Column member_count is now 0 by default');
$db->SQL('ALTER TABLE `teams_overview` CHANGE `member_count` `member_count` INT(11) UNSIGNED NOT NULL DEFAULT \'0\'');
return true;
}
$location = (int) $row['location'];
$timezone = (int) $row['UTC'];
$user_comment = $row['raw_user_comment'];
$admin_comments = $row['raw_admin_comments'];
$logo_url = $row['logo_url'];
}
mysql_free_result($result);
// show some sort of comment because one would expect some profile text
// admin comments in contrary should not be set often and thus just ignore the default to make sure it does not get set by accident
if (strcmp($user_comment, '') === 0) {
$user_comment = 'No profile text has yet been set up';
}
// admins may change user names
if (isset($_SESSION['allow_ban_any_user']) && $_SESSION['allow_ban_any_user']) {
echo '<p><label class="player_edit" for="edit_player_name">Change callsign:</label> ';
$site->write_self_closing_tag('input id="edit_player_name" type="text" name="callsign" maxlength="50" size="60" value="' . htmlent_decode($callsign) . '"');
echo '</p>';
}
// location
$query = 'SELECT `id`,`name` FROM `countries` ORDER BY `name`';
if (!($result = @$site->execute_query('countries', $query, $connection))) {
$site->dieAndEndPage('Could not retrieve list of countries from database.');
}
echo '<p><label class="player_edit" for="edit_player_location">Change country:</label> ';
echo '<select id="edit_player_location" name="location">';
while ($row = mysql_fetch_array($result)) {
echo '<option value="';
echo htmlspecialchars($row['id']);
if ($location === (int) $row['id']) {
echo '" selected="selected';
}
function edit()
{
global $entry_edit_permission;
global $config;
global $site;
global $tmpl;
global $user;
// initialise variables
$confirmed = 0;
$content = '';
// set their values in case the POST variables are set
if (isset($_POST['confirmationStep'])) {
$confirmed = intval($_POST['confirmationStep']);
}
if (isset($_POST['editPageAgain']) && strlen($_POST['editPageAgain']) > 0) {
// user looked at preview but chose to edit the message again
$confirmed = 0;
}
if (isset($_POST['staticContent'])) {
$content = htmlent_decode($_POST['staticContent']);
}
// sanity check variabless
$test = $this->caller->sanityCheck($confirmed);
switch ($test) {
case true && $confirmed === 1:
$tmpl->assign('submitText', 'Write changes');
// user may decide not to submit after seeing preview
$tmpl->assign('editAgainText', 'Edit again');
$this->caller->insertEditText(true);
break;
// use this as guard to prevent selection of noperm or nokeymatch cases
// use this as guard to prevent selection of noperm or nokeymatch cases
case strlen($test) < 2:
$this->caller->insertEditText(false);
break;
case 'noperm':
$tmpl->assign('MSG', 'You need write permission to edit the content.');
break;
case 'nokeymatch':
$this->caller->insertEditText(false);
$tmpl->assign('MSG', 'The magic key does not match, it looks like you came from somewhere else or your session expired.');
break;
unset($test);
}
// there is no step lower than 0
if ($confirmed < 0) {
$confirmed = 0;
}
// increase confirmation step by one so we get to the next level
if ($confirmed > 1) {
$tmpl->assign('confirmationStep', 1);
} else {
$tmpl->assign('confirmationStep', $confirmed + 1);
}
switch ($confirmed) {
case 1:
break;
case 2:
$status = $this->caller->writeContent($content);
if ($status === true) {
if ($tmpl->getTemplateVars('MSG') === null) {
$tmpl->assign('MSG', 'Changes written successfully.' . $tmpl->linebreaks("\n\n"));
}
} else {
$tmpl->assign('MSG', 'Failed writing changes. The underlying error message was: ' . $status . $tmpl->linebreaks("\n\n"));
}
$tmpl->assign('submitText', 'Add another entry');
break;
default:
$tmpl->assign('USER_NOTE');
if ($config->getValue('bbcodeLibAvailable')) {
$tmpl->assign('notes', 'Keep in mind to use BBCode instead of HTML or XHTML.');
} else {
if ($config->getValue('useXhtml')) {
$tmpl->assign('notes', 'Keep in mind the home page currently uses XHTML, not HTML or BBCode.');
} else {
$tmpl->assign('notes', 'Keep in mind the home page currently uses HTML, not XHTML or BBCode.');
}
}
$tmpl->assign('submitText', 'Preview');
}
$randomKeyName = $this->caller->randomKeyName . microtime();
// convert some special chars to underscores
$randomKeyName = strtr($randomKeyName, array(' ' => '_', '.' => '_'));
$randomkeyValue = $site->setKey($randomKeyName);
$tmpl->assign('keyName', $randomKeyName);
$tmpl->assign('keyValue', htmlent($randomkeyValue));
}
$player_name = $row['name'];
}
mysql_free_result($result);
// PMComposer needs some classes to be already set up.
// It will be easier when this file is replaced with an add-on.
require dirname(dirname(__FILE__)) . '/CMS/classes/config.php';
global $config;
$config = new config();
require dirname(dirname(__FILE__)) . '/CMS/classes/db.php';
global $db;
$db = new database();
require dirname(dirname(__FILE__)) . '/CMS/add-ons/pmSystem/classes/PMComposer.php';
$pmComposer = new pmComposer();
$pmComposer->setSubject("Invitation to team {$team_name}");
// TODO: do not assume that BBCode is enabled
$pmComposer->setContent("Congratulations, you were invited by {$player_name} to join team " . htmlent_decode($team_name) . "!\n\n[URL=\"" . basepath() . "Teams/?join={$invited_to_team}\"]Click here to accept the invitation.[/URL]\n\nYou must leave your current team before accepting an invitation to a new team.\n\nThe invitation will expire in 7 days.");
$pmComposer->setTimestamp(date('Y-m-d H:i:s'));
$pmComposer->addUserID($profile);
$pmComposer->send();
echo '<div class="static_page_box">' . "\n";
echo '<p>The player was invited successfully.</p>' . "\n";
// invitation and notification was sent
$site->dieAndEndPage('');
}
if ($allow_invite_in_any_team || $leader_of_team_with_id > 0) {
echo '<div class="static_page_box">' . "\n";
echo '<form enctype="application/x-www-form-urlencoded" method="post" action="?invite=' . htmlentities(urlencode($profile)) . '">' . "\n";
echo '<div>';
$site->write_self_closing_tag('input type="hidden" name="confirmed" value="1"');
echo '</div>' . "\n";
// display team picker in case the user can invite a player to any team