$confirmed = 0; if (isset($_POST['confirmed'])) { $confirmed = (int) $_POST['confirmed']; } if (isset($_POST['confirmed'])) { // someone is trying to break the form // TODO: implement preview if ($confirmed < 1 || $confirmed > 2) { echo '<div class="static_page_box">' . "\n"; $site->dieAndEndPage('Your (id=' . $viewerid . ') attempt to insert wrong data into the form was detected.'); } $new_randomkey_name = ''; if (isset($_POST['key_name'])) { $new_randomkey_name = html_entity_decode($_POST['key_name']); } $randomkeysmatch = $site->compare_keys($randomkey_name, $new_randomkey_name); if (!$randomkeysmatch) { echo '<div class="static_page_box">' . "\n"; echo '<p>The key did not match. It looks like you came from somewhere else.</p>'; $site->dieAndEndPage(''); } $invited_to_team = $leader_of_team_with_id; if ($allow_invite_in_any_team) { $invited_to_team = urldecode($_POST['invite_to_team_id']); // does the specified team exist and is not deleted at all? $query = 'SELECT `teams`.`id` FROM `teams`,`teams_overview`'; $query .= ' WHERE (`teams_overview`.`deleted`=' . "'" . sqlSafeString('0') . "'"; $query .= ' OR `teams_overview`.`deleted`=' . "'" . sqlSafeString('1') . "'"; $query .= ' OR `teams_overview`.`deleted`=' . "'" . sqlSafeString('3') . "'"; $query .= ') AND `teams`.`id`=`teams_overview`.`teamid`'; $query .= ' AND `teams`.`id`=`teams_overview`.`teamid` AND `teams`.`id`=' . "'" . sqlSafeString($invited_to_team) . "'";