function do_enter_individual_score()
{
if ($_POST['xsrf_token'] != $_SESSION['xsrf_token']) {
trigger_error('XSRF code incorrect', E_USER_ERROR);
}
$score_msg = validate_individual_score($_POST['score']);
if ($score_msg !== true) {
show_page($score_msg, '');
}
$result = DB::queryRaw('SELECT id, name, attendance, score_individual FROM individuals WHERE name=%s AND deleted="0"', $_POST['name']);
if (mysqli_num_rows($result) == 0) {
show_page('An individual named "' . htmlentities($_POST['name']) . '" not found', '');
}
if (mysqli_num_rows($result) > 1) {
show_multiple_results_page();
}
$row = mysqli_fetch_assoc($result);
if ($row['attendance'] == '0') {
show_page(htmlentities($row['name']) . ' is absent', '');
}
if (!is_null($row['score_individual'])) {
$msg = 'A score of ' . htmlentities($row['score_individual']) . ' has already been entered for ' . htmlentities($row['name']);
if ($row['score_individual'] != $_POST['score']) {
$msg .= ' (<a href="Individual?Overwrite&ID=' . htmlentities($row['id']) . '&Score=' . htmlentities($_POST['score']) . '&xsrf_token=' . $_SESSION['xsrf_token'] . '">change to ' . htmlentities($_POST['score']) . '</a>)';
}
show_page($msg, '');
}
DB::query('UPDATE individuals SET score_individual=%s WHERE id=%i LIMIT 1', $_POST['score'], $row['id']);
$msg = 'A score of ' . htmlentities($_POST['score']) . ' was entered for ' . htmlentities($row['name']);
if (isset($_GET['ID'])) {
show_page($msg, '');
} else {
show_page('', $msg);
}
}
function do_enter_team_score()
{
if ($_POST['xsrf_token'] != $_SESSION['xsrf_token']) {
trigger_error('XSRF code incorrect', E_USER_ERROR);
}
$score_msg = validate_team_long_score($_POST['score']);
if ($score_msg !== true) {
show_page($score_msg, '');
}
$result = DB::queryRaw('SELECT team_id, name, score_team_long FROM teams WHERE name="' . mysqli_real_escape_string(DB::get(), $_POST['name']) . '" AND deleted="0"');
if (mysqli_num_rows($result) == 0) {
show_page('An team named "' . htmlentities($_POST['name']) . '" not found', '');
}
if (mysqli_num_rows($result) > 1) {
show_multiple_results_page();
}
$row = mysqli_fetch_assoc($result);
if (!is_null($row['score_team_long'])) {
$msg = 'A score of ' . htmlentities($row['score_team_long']) . ' has already been entered for ' . htmlentities($row['name']);
if ($row['score_team_long'] != $_POST['score']) {
$msg .= ' (<a href="Team_Long?Overwrite&ID=' . htmlentities($row['team_id']) . '&Score=' . htmlentities($_POST['score']) . '&xsrf_token=' . $_SESSION['xsrf_token'] . '">change to ' . htmlentities($_POST['score']) . '</a>)';
}
show_page($msg, '');
}
DB::queryRaw('UPDATE teams SET score_team_long="' . mysqli_real_escape_string(DB::get(), $_POST['score']) . '" WHERE team_id="' . mysqli_real_escape_string(DB::get(), $row['team_id']) . '" LIMIT 1');
$msg = 'A score of ' . htmlentities($_POST['score']) . ' was entered for ' . htmlentities($row['name']);
if (isset($_GET['ID'])) {
alert($msg, 1);
header('Location: Team_Long');
die;
}
show_page('', $msg);
}
