agng/clan/new.php

<?php
/*
 *
 * @copyright (c) 2009 animegame.eu
 * @license http://www.gnu.org/licenses/gpl-3.0.html GNU General Public Licence
 *
 */

include_once ($_SERVER['DOCUMENT_ROOT'] . 'ag/include/config.inc.php');
include_once ($_SERVER['DOCUMENT_ROOT'] . 'ag/include/designfunctions.inc.php');
include_once ($_SERVER['DOCUMENT_ROOT'] . 'ag/include/fehlerausgabe.inc.php');
include_once ($_SERVER['DOCUMENT_ROOT'] . 'ag/include/parse.inc.php');
// GET-Section
// Kritisch (SQL-Injections)
$clan_name = validateName($_GET['clan_name']);
$clan_pw = validateString($_GET['clan_pw']);
$clan_for = validateString($_GET['clan_for']);
$clan_back = validateString($_GET['clan_back']);
$clan_info = validateString($_GET['clan_info']);

// Unkritisch
$user = $user_ida;
$charm = $_GET['charm'];


if ($charm == 1) {
	$clanz = mysql_fetch_assoc(mysql_Query("SELECT id FROM clan ORDER BY id DESC LIMIT 1"));
	$clan_upps = mysql_fetch_assoc(mysql_query("SELECT id FROM clan WHERE clanname='$clan_name' OR clanzeichen='$clan_for,$clan_back'"));
	$clan_num = $clanz['id'] + 1;

	if ($clan_upps[id]) {
		displayErrorMessage(NULL, 'Clanname oder Clan Zeichen gibt es schon.', displayHistoryBackLink());
		exit;
	}

	if (!$clan_pw) {
		displayErrorMessage(NULL, 'Clan Passwort Eingeben!', displayHistoryBackLink());
		exit;
	}

	if (!$clan_for AND !$clan_back) {
		displayErrorMessage(NULL, 'Sie m&uuml;ssen ein Clanzeichen haben.', displayHistoryBackLink());
		exit;
	}

	if (!$clan_name) {
		displayErrorMessage(NULL, 'Sie m&uuml;ssen einen Clannamen haben.', displayHistoryBackLink());
		exit;
	}

	if ($user['clan'] != 0) {
		displayErrorMessage(NULL, 'Sie haben schon einen Clan.', displayHistoryBackLink());
		exit;
	}

	$clan_name = preg_replace("#<#", "&lt;", $clan_name);
	$clan_pw = preg_replace("#<#", "&lt;", $clan_pw);
	$clan_info = preg_replace("#<#", "&lt;", $clan_info);

	mysql_query("INSERT INTO clan SET clanname='$clan_name', clanzeichen='$clan_for,$clan_back', pw='$clan_pw', info='$clan_info', leader='$user_ida[id]'") OR DIE (mysql_error());
	$c_id = mysql_fetch_assoc(mysql_query('Select * from clan where clanname = \''.$clan_name.'\''));
	mysql_query('UPDATE user SET clan='.$c_id['id'].' WHERE id='.$user_ida['id']);

	displayErrorMessage(NULL, 'Clan erfolgreich Erstellt.', '<a href="index.php?as=clan/index">weiter...</a>');
	exit;
}
?>
<html>
<body>
<form action="index.php" method="GET">
	<input type="hidden" name="as" value="clan/new" />
	<input type="hidden" name="charm" value="1" />

<table cellpadding="0" cellspacing="0" width="100%">
	<!-- MSTableType="layout" -->
	<tr>
		<td height="25" valign="top" width="557" colspan="2">
		<p align="center"><b>Clan Gr&uuml;nden</b></td>
	</tr>
	<tr>
		<td height="25" width="162" valign="top">
		<p align="center"><b>Clanname</b></td>
		<td height="25" width="395" valign="top">&nbsp;<input name="clan_name"></td>
	</tr>
	<tr>
		<td height="25" width="162" valign="top">
		<p align="center"><b>Clan Passwort</b></td>
		<td height="25" width="395" valign="top">&nbsp;<input name="clan_pw"></td>
	</tr>
	<tr>
		<td height="25" width="162" valign="top">
		<p align="center"><b>Clanzeichen vorn</b></td>
		<td height="25" width="395" valign="top">&nbsp;<input name="clan_for" size=5 maxlength=10></td>
	</tr>
	<tr>
		<td height="25" width="162" valign="top">
		<p align="center"><b>Clanzeichen hinten</b></td>
		<td height="25" width="395" valign="top">&nbsp;<input name="clan_back" size=5 maxlength=10></td>
	</tr>
	<tr>
		<td height="25" width="162" valign="top">
		<p align="center"><b>Clan Info</b></td>
		<td height="25" width="395" valign="top">&nbsp;<textarea rows=5 cols=30 name="clan_info"></textarea></td>
	</tr>
	<tr>
		<td height="25" width="162">&nbsp;</td>
		<td height="25" width="395" valign="top">&nbsp;<input type=submit value="Clan Gr&uuml;nden"></td>
	</tr>
</table>
</form>
</body>

</html>