$confirmed = 0;
if (isset($_POST['confirmed'])) {
$confirmed = (int) $_POST['confirmed'];
}
if (isset($_POST['confirmed'])) {
// someone is trying to break the form
// TODO: implement preview
if ($confirmed < 1 || $confirmed > 2) {
echo '<div class="static_page_box">' . "\n";
$site->dieAndEndPage('Your (id=' . $viewerid . ') attempt to insert wrong data into the form was detected.');
}
$new_randomkey_name = '';
if (isset($_POST['key_name'])) {
$new_randomkey_name = html_entity_decode($_POST['key_name']);
}
$randomkeysmatch = $site->compare_keys($randomkey_name, $new_randomkey_name);
if (!$randomkeysmatch) {
echo '<div class="static_page_box">' . "\n";
echo '<p>The key did not match. It looks like you came from somewhere else.</p>';
$site->dieAndEndPage('');
}
$invited_to_team = $leader_of_team_with_id;
if ($allow_invite_in_any_team) {
$invited_to_team = urldecode($_POST['invite_to_team_id']);
// does the specified team exist and is not deleted at all?
$query = 'SELECT `teams`.`id` FROM `teams`,`teams_overview`';
$query .= ' WHERE (`teams_overview`.`deleted`=' . "'" . sqlSafeString('0') . "'";
$query .= ' OR `teams_overview`.`deleted`=' . "'" . sqlSafeString('1') . "'";
$query .= ' OR `teams_overview`.`deleted`=' . "'" . sqlSafeString('3') . "'";
$query .= ') AND `teams`.`id`=`teams_overview`.`teamid`';
$query .= ' AND `teams`.`id`=`teams_overview`.`teamid` AND `teams`.`id`=' . "'" . sqlSafeString($invited_to_team) . "'";
