function do_enter_clarified_score() { if (!validate_theme_score($_GET['Score'])) { trigger_error('Score isn\'t valid this time?!', E_USER_ERROR); } $row = DB::queryFirstRow('SELECT name, score_theme FROM individuals WHERE id="' . mysqli_real_escape_string(DB::get(), $_GET['ID']) . '"'); if (!is_null($row['score_theme']) && !isset($_GET['Overwrite'])) { if (isset($_GET['xsrf_token'])) { header('Location: Theme?ID=' . $_GET['ID'] . '&Score=' . $_GET['Score']); die; } else { $msg = 'A score of ' . htmlentities($row['score_theme']) . ' has already been entered for ' . htmlentities($row['name']); if ($row['score_theme'] != $_GET['Score']) { $msg .= ' (<a href="Theme?Overwrite&ID=' . htmlentities($_GET['ID']) . '&Score=' . htmlentities($_GET['Score']) . '&xsrf_token=' . $_SESSION['xsrf_token'] . '">change to ' . htmlentities($_GET['Score']) . '</a>)'; } show_page($msg, ''); } } // we check this later so we can go here without a token, too - so we can show an override message // if the individual already has a score entered if ($_GET['xsrf_token'] != $_SESSION['xsrf_token']) { trigger_error('XSRF code incorrect', E_USER_ERROR); } DB::queryRaw('UPDATE individuals SET score_theme="' . mysqli_real_escape_string(DB::get(), $_GET['Score']) . '" WHERE id="' . mysqli_real_escape_string(DB::get(), $_GET['ID']) . '" LIMIT 1'); $msg = 'A score of ' . htmlentities($_GET['Score']) . ' was entered for ' . htmlentities($row['name']); show_page($msg, ''); }
function do_change_theme_round() { if ($_POST['xsrf_token'] != $_SESSION['xsrf_token']) { trigger_error('XSRF code incorrect', E_USER_ERROR); } if (!scoring_is_enabled()) { header('Location: ../Scoring_Frozen'); die; } $score = intval($_POST['score']); if ($_POST['hasValue'] == 'Yes') { $score = $_POST['score']; $score_msg = validate_theme_score($score); if ($score_msg !== true) { display_individual($score_msg, 'document.forms[\'lmtDataThemeRoundScore\'].score.focus();'); } DB::queryRaw('UPDATE individuals SET score_theme="' . mysqli_real_escape_string(DB::get(), $score) . '" WHERE id="' . mysqli_real_escape_string(DB::get(), $_GET['ID']) . '" AND (score_theme <> "' . mysqli_real_escape_string(DB::get(), $score) . '" OR score_theme IS NULL) LIMIT 1'); } else { DB::queryRaw('UPDATE individuals SET score_theme=NULL WHERE id="' . mysqli_real_escape_string(DB::get(), $_GET['ID']) . '" AND score_theme IS NOT NULL LIMIT 1'); } global $LMT_DB; if (mysqli_affected_rows($LMT_DB) == 1) { add_alert('lmt_data_individual_update_theme_score', 'Theme round score was changed'); } header('Location: Individual?ID=' . $_GET['ID']); }