function do_edit() { if ($_POST['xsrf_token'] != $_SESSION['xsrf_token']) { trigger_error('XSRF code incorrect', E_USER_ERROR); } $name = htmlentities($_POST['name']); if (strlen($name) > 100) { trigger_error('Edit: length of name > 100', E_USER_ERROR); } if ($name == '') { show_add_page('Category Name cannot be blank'); return; } $query = 'UPDATE file_categories SET name="' . mysqli_real_escape_string(DB::get(), $name) . '" WHERE category_id="' . mysqli_real_escape_string(DB::get(), $_GET['ID']) . '" LIMIT 1'; DB::queryRaw($query); $_SESSION['FILE_category_edited'] = 'The category "' . $name . '" has been edited'; header('Location: Files'); }
function do_add() { if ($_POST['xsrf_token'] != $_SESSION['xsrf_token']) { trigger_error('XSRF code incorrect', E_USER_ERROR); } $display_name = htmlentities($_POST['name']); if (strlen($display_name) > 100) { trigger_error('Add: name > 100 characters', E_USER_ERROR); } if ($display_name == '') { show_add_page('Display Name cannot be blank'); return; } $visibility = $_POST['visibility']; if ($visibility != 'P' && $visibility != 'M' && $visibility != 'A') { trigger_error('Add visibility not P, M or A', E_USER_ERROR); } $category_id = htmlentities($_POST['category']); if ($category_id != '0') { $query = 'SELECT * FROM file_categories WHERE category_id="' . mysqli_real_escape_string(DB::get(), $category_id) . '"'; $result = DB::queryRaw($query); if (mysqli_num_rows($result) != 1) { trigger_error('Add: Incorrect number of files match submitted ID', E_USER_ERROR); } } if (!$_FILES['upload']['name']) { show_add_page('Please select a file to upload'); return; } if ($_FILES['upload']['error'] != UPLOAD_ERR_OK) { show_add_page('An error occurred while uploading your file'); return; } // Process File $filename = $_FILES['upload']['name']; $did_rename_file = false; if (file_exists('../.content/uploads/' . $filename)) { $path_info = pathinfo($filename); $filename = $path_info['filename'] . '-' . generate_code(4) . '.' . $path_info['extension']; $did_rename_file = true; if (file_exists('../.content/uploads/' . $filename)) { show_add_page('An error occurred while processing your file. Please try again.'); return; } } if (!move_uploaded_file($_FILES['upload']['tmp_name'], '../.content/uploads/' . $filename)) { show_add_page('An error occurred while processing your file'); return; } // VALIDATION COMPLETE $query = 'SELECT MAX(order_num) FROM files WHERE category="' . mysqli_real_escape_string(DB::get(), $category_id) . '"'; $result = DB::queryRaw($query); $row = mysqli_fetch_assoc($result); $order = $row['MAX(order_num)'] + 1; $query = 'INSERT INTO files (name, filename, permissions, category, order_num) VALUES ("' . mysqli_real_escape_string(DB::get(), $display_name) . '", "' . mysqli_real_escape_string(DB::get(), $filename) . '", "' . mysqli_real_escape_string(DB::get(), $visibility) . '", "' . mysqli_real_escape_string(DB::get(), $category_id) . '", "' . mysqli_real_escape_string(DB::get(), $order) . '")'; DB::queryRaw($query); $_SESSION['FILE_added'] = 'The file "' . $display_name . '" has been added'; if ($did_rename_file) { $_SESSION['FILE_added'] .= '. Since a file with the same file name already exists, this one has been renamed to "' . htmlentities($filename) . '".'; } header('Location: Files'); }
function do_add() { if ($_POST['xsrf_token'] != $_SESSION['xsrf_token']) { trigger_error('XSRF code incorrect', E_USER_ERROR); } global $team_name, $members; $team_name = htmlentities(trim($_POST['team_name'])); $name_msg = validate_team_name($team_name); if ($name_msg !== true) { show_add_page($name_msg, 'team_name'); } $member_name_msg = true; $member_grade_msg = true; for ($i = 1; $i <= 6; $i++) { $members[$i]['name'] = htmlentities(ucwords(trim($_POST['name' . $i]))); if ($members[$i]['name'] == '') { $members[$i]['exists'] = false; } else { $members[$i]['exists'] = true; $name_msg = validate_member_name($members[$i]['name']); if ($name_msg !== true) { $member_name_msg = $name_msg; $member_name_msg_field = 'name' . $i; } if ($_POST['grade' . $i] == '6') { $members[$i]['grade'] = 6; $members[$i]['6sel'] = ' selected="selected"'; } else { if ($_POST['grade' . $i] == '7') { $members[$i]['grade'] = 7; $members[$i]['7sel'] = ' selected="selected"'; } else { if ($_POST['grade' . $i] == '8') { $members[$i]['grade'] = 8; $members[$i]['8sel'] = ' selected="selected"'; } else { $member_grade_msg = 'That\'s not a valid grade'; $member_grade_msg_field = 'grade' . $i; } } } } } if ($member_name_msg !== true) { show_add_page($member_name_msg, $member_name_msg_field); } if ($member_grade_msg !== true) { show_add_page($member_grade_msg, $member_grade_msg_field); } $c = DB::queryFirstField('SELECT COUNT(*) FROM teams WHERE name=%s AND school=%i', $team_name, $_SESSION['LMT_user_id']); if ($c > 0) { show_add_page('You already have a team with that name', 'team_name'); } // ** All information has been validated at this point ** DB::insert('teams', array('name' => $team_name, 'school' => $_SESSION['LMT_user_id'])); $team_id = DB::insertId(); for ($i = 1; $i <= 6; $i++) { if ($members[$i]['exists']) { DB::insert('individuals', array('name' => $members[$i]['name'], 'grade' => $members[$i]['grade'], 'team' => $team_id)); } } header('Location: Home'); }