/** * Handles database insertion if the user tries to submit a new week. * * @param $db * The database reference. */ function week_post_handler(&$db) { if (isset($_POST)) { return; } global $success_message; global $error_message; global $WEEK_TYPE_DICT; if (!check_post_values_set(array('week_number', 'week_type', 'week_season', 'week_start_date', 'week_end_date'))) { $error_message = "Missing expected POST week values."; return; } if (!is_valid_number($_POST['week_number'])) { $error_message = "Illegal week number detected."; return; } $week_number = intval($_POST['week_number']); if (!is_valid_number($_POST['week_season'])) { $error_message = "Season is invalid."; return; } $week_season_id = intval($_POST['week_season']); if (!is_valid_number($_POST['week_type'])) { $error_message = "Unexpected week type."; return; } $week_type = intval($_POST['week_type']); if ($week_type < 0 || $week_type >= count($WEEK_TYPE_DICT)) { $error_message = "Unexpected week type number enumeration (outside range)."; return; } if (!is_valid_date($_POST['week_start_date'])) { $error_message = "Invalid start date, is it in YYYY-MM-DD form?"; return; } $start_date = $_POST['week_start_date']; if (!is_valid_date($_POST['week_end_date'])) { $error_message = "Invalid end date, is it in YYYY-MM-DD form?"; return; } $end_date = $_POST['week_end_date']; if ($start_date > $end_date) { $error_message = "Start date is after the end date."; return; } if (!week_in_season_range($start_date, $end_date, $db)) { $error_message = "This week is not in any season date range. Cannot figure out what season it belongs to."; return; } try { $stmt = $db->prepare('INSERT INTO weeks(fk_season_id, number, type, start_date, end_date) VALUES(:sid, :wnum, :wtype, :sdate, :edate)'); $stmt->execute(array("sid" => $week_season_id, "wnum" => $week_number, "wtype" => $week_type, "sdate" => $start_date, "edate" => $end_date)); $success_message = "Successful week addition."; } catch (PDOException $e) { $error_message = "Error adding week: " . $e->getMessage(); } }
/** * Handles database insertion if the user tries to submit a new map. * * @param $db * The database reference. */ function map_post_handler(&$db) { if (isset($_POST)) { return; } global $success_message; global $error_message; if (!check_post_values_set(array('map_file_id', 'map_pack', 'map_name', 'map_number'))) { $error_message = "Missing expected POST map values."; return; } if (!is_valid_number($_POST['map_file_id'])) { $error_message = "Illegal file ID number detected."; return; } $fk_file_id = intval($_POST['map_file_id']); if (!is_valid_number($_POST['map_number'])) { $error_message = "Illegal map number detected."; return; } $map_number = intval($_POST['map_number']); if ($map_number < 0) { $error_message = "Cannot have a negative map number."; return; } if (!preg_match('/[-a-zA-Z0-9_.! ]+/', $_POST['map_name'])) { $error_message = "Map name must only contain letters, numbers, spaces, or any of: ,.!_-"; return; } if ($_POST['map_name'] >= MAX_MAP_NAME_LENGTH) { $error_message = "Map name too long (must be less than " . MAX_MAP_NAME_LENGTH . " characters)."; return; } $map_name = $_POST['map_name']; if (!preg_match('/[-a-zA-Z0-9_.! ]+/', $_POST['map_pack'])) { $error_message = "Map pack must only contain letters, numbers, spaces, or any of: ,.!_-"; return; } if ($_POST['map_pack'] >= MAX_MAP_NAME_LENGTH) { $error_message = "Map pack too long (must be less than " . MAX_MAP_PACK_LENGTH . " characters)."; return; } $map_pack = $_POST['map_pack']; try { $stmt = $db->prepare('INSERT INTO maps(fk_file_image_id, pack, name, number) VALUES(:fkfile, :pack, :name, :num)'); $stmt->execute(array("fkfile" => $fk_file_id, "pack" => $map_pack, "name" => $map_name, "num" => $map_number)); $success_message = "Successful map addition."; } catch (PDOException $e) { $error_message = "Error adding map: " . $e->getMessage(); } }
<?php require_once '../core.php'; define('SEASON_NAME_MAX_CHARS', 128); $db = get_database_connection(); $error_message = NULL; $developer_error_message = NULL; $success_message = NULL; // Look for any POST data that we could process. if (isset($_POST)) { // Make sure all fields are available and valid before committing a new season. if (check_post_values_set(array('season_name', 'season_start_date', 'season_end_date'))) { if (preg_match('/[-a-zA-Z0-9_. ]+/', $_POST['season_name'])) { if (strlen($_POST['season_name']) < SEASON_NAME_MAX_CHARS) { if (is_valid_date($_POST['season_start_date'])) { if (is_valid_date($_POST['season_end_date'])) { if ($_POST['season_start_date'] < $_POST['season_end_date']) { $season_name = $_POST['season_name']; $start_date = $_POST['season_start_date']; $end_date = $_POST['season_end_date']; try { $stmt = $db->prepare('INSERT INTO seasons(name, start_date, end_date) VALUES(:sname, :sdate, :edate)'); $stmt->execute(array("sname" => $season_name, "sdate" => $start_date, "edate" => $end_date)); $success_message = "Successful season addition."; } catch (PDOException $e) { $error_message = "Error adding season: " . $e->getMessage(); } } else { $error_message = "Start date is after the end date."; } } else {