Ejemplo n.º 1
0
function do_enter_individual_score()
{
    if ($_POST['xsrf_token'] != $_SESSION['xsrf_token']) {
        trigger_error('XSRF code incorrect', E_USER_ERROR);
    }
    $score_msg = validate_individual_score($_POST['score']);
    if ($score_msg !== true) {
        show_page($score_msg, '');
    }
    $result = DB::queryRaw('SELECT id, name, attendance, score_individual FROM individuals WHERE name=%s AND deleted="0"', $_POST['name']);
    if (mysqli_num_rows($result) == 0) {
        show_page('An individual named "' . htmlentities($_POST['name']) . '" not found', '');
    }
    if (mysqli_num_rows($result) > 1) {
        show_multiple_results_page();
    }
    $row = mysqli_fetch_assoc($result);
    if ($row['attendance'] == '0') {
        show_page(htmlentities($row['name']) . ' is absent', '');
    }
    if (!is_null($row['score_individual'])) {
        $msg = 'A score of ' . htmlentities($row['score_individual']) . ' has already been entered for ' . htmlentities($row['name']);
        if ($row['score_individual'] != $_POST['score']) {
            $msg .= ' (<a href="Individual?Overwrite&amp;ID=' . htmlentities($row['id']) . '&amp;Score=' . htmlentities($_POST['score']) . '&amp;xsrf_token=' . $_SESSION['xsrf_token'] . '">change to ' . htmlentities($_POST['score']) . '</a>)';
        }
        show_page($msg, '');
    }
    DB::query('UPDATE individuals SET score_individual=%s WHERE id=%i LIMIT 1', $_POST['score'], $row['id']);
    $msg = 'A score of ' . htmlentities($_POST['score']) . ' was entered for ' . htmlentities($row['name']);
    if (isset($_GET['ID'])) {
        show_page($msg, '');
    } else {
        show_page('', $msg);
    }
}
Ejemplo n.º 2
0
function do_enter_team_score()
{
    if ($_POST['xsrf_token'] != $_SESSION['xsrf_token']) {
        trigger_error('XSRF code incorrect', E_USER_ERROR);
    }
    $score_msg = validate_team_long_score($_POST['score']);
    if ($score_msg !== true) {
        show_page($score_msg, '');
    }
    $result = DB::queryRaw('SELECT team_id, name, score_team_long FROM teams WHERE name="' . mysqli_real_escape_string(DB::get(), $_POST['name']) . '" AND deleted="0"');
    if (mysqli_num_rows($result) == 0) {
        show_page('An team named "' . htmlentities($_POST['name']) . '" not found', '');
    }
    if (mysqli_num_rows($result) > 1) {
        show_multiple_results_page();
    }
    $row = mysqli_fetch_assoc($result);
    if (!is_null($row['score_team_long'])) {
        $msg = 'A score of ' . htmlentities($row['score_team_long']) . ' has already been entered for ' . htmlentities($row['name']);
        if ($row['score_team_long'] != $_POST['score']) {
            $msg .= ' (<a href="Team_Long?Overwrite&amp;ID=' . htmlentities($row['team_id']) . '&amp;Score=' . htmlentities($_POST['score']) . '&amp;xsrf_token=' . $_SESSION['xsrf_token'] . '">change to ' . htmlentities($_POST['score']) . '</a>)';
        }
        show_page($msg, '');
    }
    DB::queryRaw('UPDATE teams SET score_team_long="' . mysqli_real_escape_string(DB::get(), $_POST['score']) . '" WHERE team_id="' . mysqli_real_escape_string(DB::get(), $row['team_id']) . '" LIMIT 1');
    $msg = 'A score of ' . htmlentities($_POST['score']) . ' was entered for ' . htmlentities($row['name']);
    if (isset($_GET['ID'])) {
        alert($msg, 1);
        header('Location: Team_Long');
        die;
    }
    show_page('', $msg);
}