function do_edit()
{
if ($_POST['xsrf_token'] != $_SESSION['xsrf_token']) {
trigger_error('XSRF code incorrect', E_USER_ERROR);
}
$name = htmlentities($_POST['name']);
if (strlen($name) > 100) {
trigger_error('Edit: length of name > 100', E_USER_ERROR);
}
if ($name == '') {
show_add_page('Category Name cannot be blank');
return;
}
$query = 'UPDATE file_categories SET name="' . mysqli_real_escape_string(DB::get(), $name) . '" WHERE category_id="' . mysqli_real_escape_string(DB::get(), $_GET['ID']) . '" LIMIT 1';
DB::queryRaw($query);
$_SESSION['FILE_category_edited'] = 'The category "' . $name . '" has been edited';
header('Location: Files');
}
function do_add()
{
if ($_POST['xsrf_token'] != $_SESSION['xsrf_token']) {
trigger_error('XSRF code incorrect', E_USER_ERROR);
}
$display_name = htmlentities($_POST['name']);
if (strlen($display_name) > 100) {
trigger_error('Add: name > 100 characters', E_USER_ERROR);
}
if ($display_name == '') {
show_add_page('Display Name cannot be blank');
return;
}
$visibility = $_POST['visibility'];
if ($visibility != 'P' && $visibility != 'M' && $visibility != 'A') {
trigger_error('Add visibility not P, M or A', E_USER_ERROR);
}
$category_id = htmlentities($_POST['category']);
if ($category_id != '0') {
$query = 'SELECT * FROM file_categories WHERE category_id="' . mysqli_real_escape_string(DB::get(), $category_id) . '"';
$result = DB::queryRaw($query);
if (mysqli_num_rows($result) != 1) {
trigger_error('Add: Incorrect number of files match submitted ID', E_USER_ERROR);
}
}
if (!$_FILES['upload']['name']) {
show_add_page('Please select a file to upload');
return;
}
if ($_FILES['upload']['error'] != UPLOAD_ERR_OK) {
show_add_page('An error occurred while uploading your file');
return;
}
// Process File
$filename = $_FILES['upload']['name'];
$did_rename_file = false;
if (file_exists('../.content/uploads/' . $filename)) {
$path_info = pathinfo($filename);
$filename = $path_info['filename'] . '-' . generate_code(4) . '.' . $path_info['extension'];
$did_rename_file = true;
if (file_exists('../.content/uploads/' . $filename)) {
show_add_page('An error occurred while processing your file. Please try again.');
return;
}
}
if (!move_uploaded_file($_FILES['upload']['tmp_name'], '../.content/uploads/' . $filename)) {
show_add_page('An error occurred while processing your file');
return;
}
// VALIDATION COMPLETE
$query = 'SELECT MAX(order_num) FROM files WHERE category="' . mysqli_real_escape_string(DB::get(), $category_id) . '"';
$result = DB::queryRaw($query);
$row = mysqli_fetch_assoc($result);
$order = $row['MAX(order_num)'] + 1;
$query = 'INSERT INTO files (name, filename, permissions, category, order_num) VALUES ("' . mysqli_real_escape_string(DB::get(), $display_name) . '", "' . mysqli_real_escape_string(DB::get(), $filename) . '", "' . mysqli_real_escape_string(DB::get(), $visibility) . '", "' . mysqli_real_escape_string(DB::get(), $category_id) . '", "' . mysqli_real_escape_string(DB::get(), $order) . '")';
DB::queryRaw($query);
$_SESSION['FILE_added'] = 'The file "' . $display_name . '" has been added';
if ($did_rename_file) {
$_SESSION['FILE_added'] .= '. Since a file with the same file name already exists, this one has been renamed to "' . htmlentities($filename) . '".';
}
header('Location: Files');
}
function do_add()
{
if ($_POST['xsrf_token'] != $_SESSION['xsrf_token']) {
trigger_error('XSRF code incorrect', E_USER_ERROR);
}
global $team_name, $members;
$team_name = htmlentities(trim($_POST['team_name']));
$name_msg = validate_team_name($team_name);
if ($name_msg !== true) {
show_add_page($name_msg, 'team_name');
}
$member_name_msg = true;
$member_grade_msg = true;
for ($i = 1; $i <= 6; $i++) {
$members[$i]['name'] = htmlentities(ucwords(trim($_POST['name' . $i])));
if ($members[$i]['name'] == '') {
$members[$i]['exists'] = false;
} else {
$members[$i]['exists'] = true;
$name_msg = validate_member_name($members[$i]['name']);
if ($name_msg !== true) {
$member_name_msg = $name_msg;
$member_name_msg_field = 'name' . $i;
}
if ($_POST['grade' . $i] == '6') {
$members[$i]['grade'] = 6;
$members[$i]['6sel'] = ' selected="selected"';
} else {
if ($_POST['grade' . $i] == '7') {
$members[$i]['grade'] = 7;
$members[$i]['7sel'] = ' selected="selected"';
} else {
if ($_POST['grade' . $i] == '8') {
$members[$i]['grade'] = 8;
$members[$i]['8sel'] = ' selected="selected"';
} else {
$member_grade_msg = 'That\'s not a valid grade';
$member_grade_msg_field = 'grade' . $i;
}
}
}
}
}
if ($member_name_msg !== true) {
show_add_page($member_name_msg, $member_name_msg_field);
}
if ($member_grade_msg !== true) {
show_add_page($member_grade_msg, $member_grade_msg_field);
}
$c = DB::queryFirstField('SELECT COUNT(*) FROM teams WHERE name=%s AND school=%i', $team_name, $_SESSION['LMT_user_id']);
if ($c > 0) {
show_add_page('You already have a team with that name', 'team_name');
}
// ** All information has been validated at this point **
DB::insert('teams', array('name' => $team_name, 'school' => $_SESSION['LMT_user_id']));
$team_id = DB::insertId();
for ($i = 1; $i <= 6; $i++) {
if ($members[$i]['exists']) {
DB::insert('individuals', array('name' => $members[$i]['name'], 'grade' => $members[$i]['grade'], 'team' => $team_id));
}
}
header('Location: Home');
}
