function do_search() { $userdata = autocomplete_users_php($_REQUEST['query']); if (count($userdata) == 0) { alert('No results!', -1); show_search_page(); return; } elseif (count($userdata) == 1) { redirect($userdata[0]['id']); } else { show_search_page(); list_results($userdata); } }
function do_combine() { // Check XSRF token if ($_SESSION['xsrf_token'] != $_POST['xsrf_token']) { trigger_error('Combine: Invalid XSRF token', E_USER_ERROR); } // Must enter a user to combine with if ($_POST['actual_user'] == '') { show_combine_page('You must enter an account to combine this one into'); return; } $id = $_GET['ID']; // Locate entered user $completed = autocomplete_users_php($_POST['actual_user'], 'permissions!="T" AND id!=%i', $id); if (count($completed) == 0) { show_combine_page('"' . htmlentities($_POST['actual_user']) . '" could not be found'); return; } else { if (count($completed) > 1) { show_combine_page('"' . htmlentities($_POST['actual_user']) . '" matches multiple people'); return; } } $combine_with = $completed[0]['id']; if ($combine_with == $id) { show_combine_page('You cannot combine an account with itself'); return; } // Check for duplicate values $duplicates = DB::queryFirstField('SELECT COUNT(*) AS num_tests FROM test_scores WHERE user_id=%i OR user_id=%i GROUP BY test_id', $id, $combine_with); if ($duplicates > 0) { global $duplicate_with_id; $duplicate_with_id = $combine_with; show_combine_page('Some tests overlap. The scores from the account being merged into will be used.'); return; } // INFORMATION VALIDATED DB::update('test_scores', 'user_id=%i', 'user_id=%i', $combine_with, $id); DB::delete('users', 'id=%i LIMIT 1', $id); header('Location: Temporary_Users'); }
function process_form() { // Check XSRF token if ($_SESSION['xsrf_token'] != $_REQUEST['xsrf_token']) { trigger_error('Invalid XSRF token', E_USER_ERROR); } //Check Test ID $row = DB::queryFirstRow('SELECT test_id, name, total_points FROM tests WHERE test_id=%s LIMIT 1', $_REQUEST['ID']); if (!$row) { trigger_error('Process_Form: Invalid Test ID', E_USER_ERROR); } //Get some data $test_name = $row['name']; $test_id = intval($row['test_id']); $total_points = intval($row['total_points']); $score = $_REQUEST['score']; //No intval() because intval('') is 0. $user = sanitize_username($_REQUEST['user']); if ($user === false) { //Validate username alert('Name must have only letters, hyphens, apostrophes, and spaces, and be between 3 and 30 characters long', -1); } elseif (!val('i0+', $score) || ($score = intval($score)) > $total_points) { //Validate Score alert('Score must be a nonnegative integer not more than the total points', -1); } elseif (count($userdata = autocomplete_users_php($user)) == 0) { // Check for username - No such users found. if (@isset($_GET['Temporary'])) { if (DB::queryFirstField('SELECT COUNT(*) FROM users WHERE name=%s', $user) > 0) { alert('User already exists!', -1); } DB::insert('users', array('name' => $user, 'permissions' => 'T', 'approved' => 1)); DB::insert('test_scores', array('test_id' => $test_id, 'user_id' => DB::insertId(), 'score' => $score)); alert('Created new temporary user <b>' . $user . '</b>, and entered a score of ' . $score . '.', 1); } else { alert('Could not find <b>' . $user . '</b>. <a href="Enter_Scores?Temporary&ID=' . $test_id . '&user='******'&score=' . $score . '&xsrf_token=' . $_SESSION['xsrf_token'] . '">Create Temporary User</a>?', -1); } } elseif (count($userdata) > 1) { alert('<b>' . $user . '</b> matches multiple people.' . ' <a href="Enter_Scores?Temporary&ID=' . $test_id . '&user='******'&score=' . $score . '&xsrf_token=' . $_SESSION['xsrf_token'] . '">Create Temporary User?</a>', -1); } else { //We've got exactly one match for the user name. $user = $userdata[0]['name']; $user_id = (int) $userdata[0]['id']; // Check for previously-entered scores $row = DB::queryFirstRow('SELECT score_id, score FROM test_scores WHERE test_id=%i AND user_id=%i LIMIT 1', $test_id, $user_id); $prev_score = $row['score']; $score_id = $row['score_id']; if (!is_null($prev_score)) { //Already entered. $prev_score = intval($prev_score); if ($prev_score == $score) { alert('<b>' . $user . '</b>\'s score has already been entered as ' . $prev_score, -1); } else { if (@isset($_REQUEST['Override'])) { DB::update('test_scores', array('score' => $score), 'score_id=%i LIMIT 1', $score_id); alert('Changed score from ' . $prev_score . ' to ' . $score . ' for <b>' . $user . '</b>', 1); } else { alert("<b>{$user}</b>'s score has already been entered as {$prev_score}. <a href='?Override&ID={$test_id}&user={$user}&score={$score}&xsrf_token={$_SESSION['xsrf_token']}'>Change to {$score}?</a>", -1); } } } else { //Non-duplicate, valid. Let's enter it. DB::insert('test_scores', array('test_id' => $test_id, 'user_id' => $user_id, 'score' => $score)); alert('Entered a score of ' . $score . ' for ' . $user, 1); } } show_page(); }