function do_change_name()
{
if ($_POST['xsrf_token'] != $_SESSION['xsrf_token']) {
trigger_error('XSRF code incorrect', E_USER_ERROR);
}
$name_msg = validate_member_name($_POST['name']);
if ($name_msg !== true) {
display_individual($name_msg, 'document.forms[\'lmtDataIndividualName\'].name.focus();');
}
$result = DB::queryRaw('SELECT id FROM individuals WHERE name="' . mysqli_real_escape_string(DB::get(), $_POST['name']) . '" AND team = (SELECT team FROM individuals WHERE id="' . mysqli_real_escape_string(DB::get(), $_GET['ID']) . '") AND team <> "-1" AND deleted="0"');
$row = mysqli_fetch_assoc($result);
if ($row['id'] == $_GET['ID']) {
header('Location: Individual?ID=' . $_GET['ID']);
die;
}
DB::update('individuals', ['name' => $_POST['name']], 'id=%i LIMIT 1', $_GET['ID']);
if ($row) {
alert('Name was changed. WARNING: Another individual on the same team has that name.', 1);
} else {
alert('Name was changed', 1);
}
lmt_location('Backstage/Data/Individual?ID=' . $_GET['ID']);
}
function do_edit_member()
{
if ($_POST['xsrf_token'] != $_SESSION['xsrf_token']) {
trigger_error('XSRF code incorrect', E_USER_ERROR);
}
global $name, $grade;
$name = htmlentities(ucwords(trim($_POST['name'])));
$grade = htmlentities($_POST['grade']);
$name_msg = validate_member_name($name);
if ($name_msg !== true) {
show_edit_member_page($name_msg);
}
$grade_msg = validate_grade($grade);
if ($grade_msg !== true) {
show_edit_member_page($grade_msg);
}
$team = DB::queryFirstField('SELECT team FROM individuals WHERE id=%i', $_GET['EditMember']);
$school = DB::queryFirstField('SELECT school FROM teams WHERE team_id=%i', $team);
if ($school != $_SESSION['LMT_user_id']) {
trigger_error('Edit Member: Member does not attend this school', E_USER_ERROR);
}
// ** All information has been validated at this point **
DB::update('individuals', array('name' => $name, 'grade' => $grade), 'id=%i', $_GET['EditMember']);
header('Location: Team?Edit=' . $team);
}
