function do_change_name() { if ($_POST['xsrf_token'] != $_SESSION['xsrf_token']) { trigger_error('XSRF code incorrect', E_USER_ERROR); } $name_msg = validate_team_name($_POST['team_name']); if ($name_msg !== true) { display_team($name_msg, 'document.forms[\'lmtDataTeamName\'].team_name.focus();'); } $result = DB::queryRaw('SELECT team_id FROM teams WHERE name="' . mysqli_real_escape_string(DB::get(), $_POST['team_name']) . '" AND school = (SELECT school FROM teams WHERE team_id="' . mysqli_real_escape_string(DB::get(), $_GET['ID']) . '" AND deleted="0") AND deleted="0"'); $row = mysqli_fetch_assoc($result); if ($row['team_id'] == $_GET['ID']) { header('Location: Team?ID=' . $_GET['ID']); die; } else { if ($row) { display_team('The school already has a team with that name', 'document.forms[\'lmtDataTeamName\'].team_name.focus();'); } } DB::queryRaw('UPDATE teams SET name="' . mysqli_real_escape_string(DB::get(), $_POST['team_name']) . '" WHERE team_id="' . mysqli_real_escape_string(DB::get(), $_GET['ID']) . '" LIMIT 1'); add_alert('lmt_data_team_update_name', 'Name was changed'); header('Location: Team?ID=' . $_GET['ID']); }
function do_edit_name() { if ($_POST['xsrf_token'] != $_SESSION['xsrf_token']) { trigger_error('XSRF code incorrect', E_USER_ERROR); } global $team_name; $team_name = htmlentities(trim($_POST['team_name'])); $name_msg = validate_team_name($team_name); if ($name_msg !== true) { show_edit_page($name_msg, "document.forms['lmtRegEditTeam'].team_name.focus();"); } $name = DB::queryFirstField('SELECT name FROM teams WHERE team_id=%i AND school=%i', $_GET['Edit'], $_SESSION['LMT_user_id']); if ($name == $team_name) { header('Location: Team?Edit=' . $_GET['Edit']); die; } $c = DB::queryFirstField('SELECT COUNT(*) FROM teams WHERE name=%s AND school=%i', $team_name, $_SESSION['LMT_user_id']); if ($c > 0) { show_edit_page('You already have a team with that name', 'team_name'); } DB::update('teams', array('name' => $team_name), 'team_id=%i AND school=%i', $_GET['Edit'], $_SESSION['LMT_user_id']); alert('The team name has been changed', 1); header('Location: Team?Edit=' . $_GET['Edit']); }