<?php
/*
*
* @copyright (c) 2009 animegame.eu
* @license http://www.gnu.org/licenses/gpl-3.0.html GNU General Public Licence
*
*/
include_once ($_SERVER['DOCUMENT_ROOT'] . 'ag/include/config.inc.php');
include_once ($_SERVER['DOCUMENT_ROOT'] . 'ag/include/designfunctions.inc.php');
include_once ($_SERVER['DOCUMENT_ROOT'] . 'ag/include/fehlerausgabe.inc.php');
include_once ($_SERVER['DOCUMENT_ROOT'] . 'ag/include/parse.inc.php');
// GET-Section
// Kritisch (SQL-Injections)
$clan_name = validateName($_GET['clan_name']);
$clan_pw = validateString($_GET['clan_pw']);
$clan_for = validateString($_GET['clan_for']);
$clan_back = validateString($_GET['clan_back']);
$clan_info = validateString($_GET['clan_info']);
// Unkritisch
$user = $user_ida;
$charm = $_GET['charm'];
if ($charm == 1) {
$clanz = mysql_fetch_assoc(mysql_Query("SELECT id FROM clan ORDER BY id DESC LIMIT 1"));
$clan_upps = mysql_fetch_assoc(mysql_query("SELECT id FROM clan WHERE clanname='$clan_name' OR clanzeichen='$clan_for,$clan_back'"));
$clan_num = $clanz['id'] + 1;
if ($clan_upps[id]) {
displayErrorMessage(NULL, 'Clanname oder Clan Zeichen gibt es schon.', displayHistoryBackLink());
exit;
}
if (!$clan_pw) {
displayErrorMessage(NULL, 'Clan Passwort Eingeben!', displayHistoryBackLink());
exit;
}
if (!$clan_for AND !$clan_back) {
displayErrorMessage(NULL, 'Sie müssen ein Clanzeichen haben.', displayHistoryBackLink());
exit;
}
if (!$clan_name) {
displayErrorMessage(NULL, 'Sie müssen einen Clannamen haben.', displayHistoryBackLink());
exit;
}
if ($user['clan'] != 0) {
displayErrorMessage(NULL, 'Sie haben schon einen Clan.', displayHistoryBackLink());
exit;
}
$clan_name = preg_replace("#<#", "<", $clan_name);
$clan_pw = preg_replace("#<#", "<", $clan_pw);
$clan_info = preg_replace("#<#", "<", $clan_info);
mysql_query("INSERT INTO clan SET clanname='$clan_name', clanzeichen='$clan_for,$clan_back', pw='$clan_pw', info='$clan_info', leader='$user_ida[id]'") OR DIE (mysql_error());
$c_id = mysql_fetch_assoc(mysql_query('Select * from clan where clanname = \''.$clan_name.'\''));
mysql_query('UPDATE user SET clan='.$c_id['id'].' WHERE id='.$user_ida['id']);
displayErrorMessage(NULL, 'Clan erfolgreich Erstellt.', '<a href="index.php?as=clan/index">weiter...</a>');
exit;
}
?>
<html>
<body>
<form action="index.php" method="GET">
<input type="hidden" name="as" value="clan/new" />
<input type="hidden" name="charm" value="1" />
<table cellpadding="0" cellspacing="0" width="100%">
<!-- MSTableType="layout" -->
<tr>
<td height="25" valign="top" width="557" colspan="2">
<p align="center"><b>Clan Gründen</b></td>
</tr>
<tr>
<td height="25" width="162" valign="top">
<p align="center"><b>Clanname</b></td>
<td height="25" width="395" valign="top"> <input name="clan_name"></td>
</tr>
<tr>
<td height="25" width="162" valign="top">
<p align="center"><b>Clan Passwort</b></td>
<td height="25" width="395" valign="top"> <input name="clan_pw"></td>
</tr>
<tr>
<td height="25" width="162" valign="top">
<p align="center"><b>Clanzeichen vorn</b></td>
<td height="25" width="395" valign="top"> <input name="clan_for" size=5 maxlength=10></td>
</tr>
<tr>
<td height="25" width="162" valign="top">
<p align="center"><b>Clanzeichen hinten</b></td>
<td height="25" width="395" valign="top"> <input name="clan_back" size=5 maxlength=10></td>
</tr>
<tr>
<td height="25" width="162" valign="top">
<p align="center"><b>Clan Info</b></td>
<td height="25" width="395" valign="top"> <textarea rows=5 cols=30 name="clan_info"></textarea></td>
</tr>
<tr>
<td height="25" width="162"> </td>
<td height="25" width="395" valign="top"> <input type=submit value="Clan Gründen"></td>
</tr>
</table>
</form>
</body>
</html>