function _POST_num($key) { $v = _POST_key($key); return (is_numeric($v) ? $v+0 : null); }
unset($_SESSION["c_country"]); unset($_SESSION["c_name"]); if (preg_match("~^admin\\.~i",$_SERVER["HTTP_HOST"])) header("Location: index.php\r\n"); else header("Location: admin.php\r\n"); die(); } $_POSTid = NULL; if (array_key_exists('id', $_POST)) $_POSTid = _POST_num("id"); else $_POSTid = $_SESSION["c_id"]; if (array_key_exists("pw",$_POST)) $_POSTpw = _POST_key("pw"); else $_POSTpw = $_SESSION["c_pw"]; unset($_SESSION["c_pw"]); if (is_null($_POSTid)) _error("Invalid calling params"); if (!$_POSTpw) _error("Blank password"); $result = strict_query("SELECT * FROM competitions WHERE id=?",array($_POSTid)); if (!$result || sql_num_rows($result) != 1) _error("Competition not available"); if (cased_mysql_result($result,0,"admin_pw")==$_POSTpw) { $_SESSION["c_id"] = $_POSTid; $_SESSION["c_admin"] = true; $_SESSION["c_country"] = cased_mysql_result($result,0,"country"); $_SESSION["c_name"] = cased_mysql_result($result,0,"name");