コード例 #1
0
ファイル: Theme.php プロジェクト: lhsmath/lhsmath.org
function do_enter_clarified_score()
{
    if (!validate_theme_score($_GET['Score'])) {
        trigger_error('Score isn\'t valid this time?!', E_USER_ERROR);
    }
    $row = DB::queryFirstRow('SELECT name, score_theme FROM individuals WHERE id="' . mysqli_real_escape_string(DB::get(), $_GET['ID']) . '"');
    if (!is_null($row['score_theme']) && !isset($_GET['Overwrite'])) {
        if (isset($_GET['xsrf_token'])) {
            header('Location: Theme?ID=' . $_GET['ID'] . '&Score=' . $_GET['Score']);
            die;
        } else {
            $msg = 'A score of ' . htmlentities($row['score_theme']) . ' has already been entered for ' . htmlentities($row['name']);
            if ($row['score_theme'] != $_GET['Score']) {
                $msg .= ' (<a href="Theme?Overwrite&amp;ID=' . htmlentities($_GET['ID']) . '&amp;Score=' . htmlentities($_GET['Score']) . '&amp;xsrf_token=' . $_SESSION['xsrf_token'] . '">change to ' . htmlentities($_GET['Score']) . '</a>)';
            }
            show_page($msg, '');
        }
    }
    // we check this later so we can go here without a token, too - so we can show an override message
    // if the individual already has a score entered
    if ($_GET['xsrf_token'] != $_SESSION['xsrf_token']) {
        trigger_error('XSRF code incorrect', E_USER_ERROR);
    }
    DB::queryRaw('UPDATE individuals SET score_theme="' . mysqli_real_escape_string(DB::get(), $_GET['Score']) . '" WHERE id="' . mysqli_real_escape_string(DB::get(), $_GET['ID']) . '" LIMIT 1');
    $msg = 'A score of ' . htmlentities($_GET['Score']) . ' was entered for ' . htmlentities($row['name']);
    show_page($msg, '');
}
コード例 #2
0
ファイル: Individual.php プロジェクト: lhsmath/lhsmath.org
function do_change_theme_round()
{
    if ($_POST['xsrf_token'] != $_SESSION['xsrf_token']) {
        trigger_error('XSRF code incorrect', E_USER_ERROR);
    }
    if (!scoring_is_enabled()) {
        header('Location: ../Scoring_Frozen');
        die;
    }
    $score = intval($_POST['score']);
    if ($_POST['hasValue'] == 'Yes') {
        $score = $_POST['score'];
        $score_msg = validate_theme_score($score);
        if ($score_msg !== true) {
            display_individual($score_msg, 'document.forms[\'lmtDataThemeRoundScore\'].score.focus();');
        }
        DB::queryRaw('UPDATE individuals SET score_theme="' . mysqli_real_escape_string(DB::get(), $score) . '" WHERE id="' . mysqli_real_escape_string(DB::get(), $_GET['ID']) . '" AND (score_theme <> "' . mysqli_real_escape_string(DB::get(), $score) . '" OR score_theme IS NULL) LIMIT 1');
    } else {
        DB::queryRaw('UPDATE individuals SET score_theme=NULL WHERE id="' . mysqli_real_escape_string(DB::get(), $_GET['ID']) . '" AND score_theme IS NOT NULL LIMIT 1');
    }
    global $LMT_DB;
    if (mysqli_affected_rows($LMT_DB) == 1) {
        add_alert('lmt_data_individual_update_theme_score', 'Theme round score was changed');
    }
    header('Location: Individual?ID=' . $_GET['ID']);
}