function do_enter_clarified_score() { if (!validate_team_short_score($_GET['Score'])) { trigger_error('Score isn\'t valid this time?!', E_USER_ERROR); } $row = DB::queryFirstRow('SELECT name, score_team_short FROM teams WHERE team_id="' . mysqli_real_escape_string(DB::get(), $_GET['ID']) . '"'); if (!is_null($row['score_team_short']) && !isset($_GET['Overwrite'])) { if (isset($_GET['xsrf_token'])) { header('Location: Team_Short?ID=' . $_GET['ID'] . '&Score=' . $_GET['Score']); die; } else { $msg = 'A score of ' . htmlentities($row['score_team_short']) . ' has already been entered for ' . htmlentities($row['name']); if ($row['score_team_short'] != $_GET['Score']) { $msg .= ' (<a href="Team_Short?Overwrite&ID=' . htmlentities($_GET['ID']) . '&Score=' . htmlentities($_GET['Score']) . '&xsrf_token=' . $_SESSION['xsrf_token'] . '">change to ' . htmlentities($_GET['Score']) . '</a>)'; } show_page($msg, ''); } } // we check this later so we can go here without a token, too - so we can show an override message // if the team already has a score entered if ($_GET['xsrf_token'] != $_SESSION['xsrf_token']) { trigger_error('XSRF code incorrect', E_USER_ERROR); } DB::queryRaw('UPDATE teams SET score_team_short="' . mysqli_real_escape_string(DB::get(), $_GET['Score']) . '" WHERE team_id="' . mysqli_real_escape_string(DB::get(), $_GET['ID']) . '" LIMIT 1'); $msg = 'A score of ' . htmlentities($_GET['Score']) . ' was entered for ' . htmlentities($row['name']); if (isset($_GET['ID'])) { alert($msg, 1); header('Location: Team_Short'); die; } show_page('', $msg); }
function do_set_team_round_short() { if ($_POST['xsrf_token'] != $_SESSION['xsrf_token']) { trigger_error('XSRF code incorrect', E_USER_ERROR); } if (!scoring_is_enabled()) { header('Location: ../Scoring_Frozen'); die; } if ($_POST['teamRoundShortHasValue'] == 'Yes') { $score = $_POST['teamRoundShortScore']; $score_msg = validate_team_short_score($score); if ($score_msg !== true) { display_team($score_msg, 'document.forms[\'lmtDataTeamRoundShortScore\'].teamRoundShortScore.focus();'); } DB::queryRaw('UPDATE teams SET score_team_short="' . mysqli_real_escape_string(DB::get(), $score) . '" WHERE team_id="' . mysqli_real_escape_string(DB::get(), $_GET['ID']) . '" AND (score_team_short <> "' . mysqli_real_escape_string(DB::get(), $score) . '" OR score_team_short IS NULL) LIMIT 1'); } else { DB::queryRaw('UPDATE teams SET score_team_short=NULL WHERE team_id="' . mysqli_real_escape_string(DB::get(), $_GET['ID']) . '" AND score_team_short IS NOT NULL LIMIT 1'); } global $LMT_DB; if (mysqli_affected_rows($LMT_DB) == 1) { add_alert('lmt_data_team_update_team_score_short', 'Team round short answer score was changed'); } header('Location: Team?ID=' . $_GET['ID']); }