function do_change_name() { if ($_POST['xsrf_token'] != $_SESSION['xsrf_token']) { trigger_error('XSRF code incorrect', E_USER_ERROR); } $name_msg = validate_member_name($_POST['name']); if ($name_msg !== true) { display_individual($name_msg, 'document.forms[\'lmtDataIndividualName\'].name.focus();'); } $result = DB::queryRaw('SELECT id FROM individuals WHERE name="' . mysqli_real_escape_string(DB::get(), $_POST['name']) . '" AND team = (SELECT team FROM individuals WHERE id="' . mysqli_real_escape_string(DB::get(), $_GET['ID']) . '") AND team <> "-1" AND deleted="0"'); $row = mysqli_fetch_assoc($result); if ($row['id'] == $_GET['ID']) { header('Location: Individual?ID=' . $_GET['ID']); die; } DB::update('individuals', ['name' => $_POST['name']], 'id=%i LIMIT 1', $_GET['ID']); if ($row) { alert('Name was changed. WARNING: Another individual on the same team has that name.', 1); } else { alert('Name was changed', 1); } lmt_location('Backstage/Data/Individual?ID=' . $_GET['ID']); }
function do_edit_member() { if ($_POST['xsrf_token'] != $_SESSION['xsrf_token']) { trigger_error('XSRF code incorrect', E_USER_ERROR); } global $name, $grade; $name = htmlentities(ucwords(trim($_POST['name']))); $grade = htmlentities($_POST['grade']); $name_msg = validate_member_name($name); if ($name_msg !== true) { show_edit_member_page($name_msg); } $grade_msg = validate_grade($grade); if ($grade_msg !== true) { show_edit_member_page($grade_msg); } $team = DB::queryFirstField('SELECT team FROM individuals WHERE id=%i', $_GET['EditMember']); $school = DB::queryFirstField('SELECT school FROM teams WHERE team_id=%i', $team); if ($school != $_SESSION['LMT_user_id']) { trigger_error('Edit Member: Member does not attend this school', E_USER_ERROR); } // ** All information has been validated at this point ** DB::update('individuals', array('name' => $name, 'grade' => $grade), 'id=%i', $_GET['EditMember']); header('Location: Team?Edit=' . $team); }