function checkLogin($email, $password) { $person = getPersonId($email); if (!$person || $password != $person["password"]) { return false; } return $person["person_id"]; }
// Sanitize the inputs a little bit. $declarationId = (int)$_GET['declaration_id']; $startWord = (int)$_GET['start_word']; $endWord = (int)$_GET['end_word']; $action = $_GET['action']; // The content is duplicated from what's in the declaration itself, but we // want to do this in case in some future we start correcting or editing // declarations, in which case we'll need to realign the highlights. $content = mysql_real_escape_string($_GET['content']); if ($action == 'add') { insertHighlight($uid, $declarationId, $startWord, $endWord, $content); } else { deleteHighlight($uid, $declarationId, $startWord, $endWord, $content); } // Also record this in the moderation queue so we can see who added what. $ip = $_SERVER['REMOTE_ADDR']; $userLogin = getUserLogin($uid); $personId = getPersonId($declarationId); mysql_query( "INSERT INTO moderation_queue(type, idperson, value, ip, time) VALUES('highlight', {$personId}, 'highlight by {$userLogin}', '$ip', ". time() . ")"); echo "OK"; require_once('../_bottom.php'); ?>
} if (($values[] = getValue('average')) === null) { error('Invalid calling - no average'); } if (($values[] = getRecord('regionalSingleRecord')) === null) { error('Invalid calling - no regionalSingleRecord'); } if (($values[] = getRecord('regionalAverageRecord')) === null) { error('Invalid calling - no regionalAverageRecord'); } $values[] = $resultId; pdo_query('UPDATE Results ' . 'SET value1=?, value2=?, value3=?, value4=?, value5=?, best=?, average=?, regionalSingleRecord=?, regionalAverageRecord=? ' . 'WHERE id=?', $values); die('{"success":1}'); } else { // provide data if (!($personId = getPersonId())) { error('Invalid calling - no personId'); } if ($competitionId = getCompetitionId()) { if ($eventId = getEventId()) { $roundId = getRoundId(); } else { $roundId = null; } } else { $eventId = null; $roundId = null; } $return = array(); if (!$competitionId) { $result = pdo_query('SELECT name FROM Persons WHERE id=?', array($personId));