/** Returns true if the user can edit the clan ID specified @param $clanid is the clanid to check against @param $plr is either an array of plr info (including clanid) or a numeric plr ID to check against @param $user (optional) specifies the user object to check against, uses the logged in user if null */ function ps_user_can_edit_clan($clanid, $plr = null, $user = null) { global $cms, $ps; if ($user == null) { $user =& $cms->user; } if ($user->is_admin()) { return true; } if (is_array($clanid)) { $clanid = $clanid['clanid']; } if (!is_array($plr)) { if ($plr == null) { $plr = ps_user_plrid($user); } $plrid = $plr; $plr = $ps->get_player_profile($plrid); } return $user->logged_in() and $plr['userid'] == $user->userid() and $plr['clanid'] == $clanid; }
// no matching profile; lets create one (all clans should have one, regardless) $_id = $ps->db->escape($id, true); $ps->db->insert($ps->t_clan_profile, array('clantag' => $clan['clantag'])); } if (!$clan) { $data = array('message' => $cms->trans("Invalid clan ID Specified")); $cms->full_page_err(basename(__FILE__, '.php'), $data); exit; } } else { $data = array('message' => $cms->trans("Invalid clan ID Specified")); $cms->full_page_err(basename(__FILE__, '.php'), $data); exit; } // check privileges to edit this clan if (!ps_user_can_edit_clan($clan['clanid'], ps_user_plrid())) { $data = array('message' => $cms->trans("Insufficient privileges to edit clan!")); $cms->full_page_err(basename(__FILE__, '.php'), $data); exit; } // add or delete a member (ajax request) if ($add) { if (!is_array($add)) { $add = array($add); } $cmd = "SELECT plrid FROM {$ps->t_plr} p WHERE plrid IN (%s) AND p.clanid=0"; $ids = array(); $msg = ""; foreach ($add as $plrid) { if (is_numeric($plrid)) { $ids[] = $plrid;