<?php
/**
 * Tis file is part of XNova:Legacies
 *
 * @license http://www.gnu.org/licenses/gpl-3.0.txt
 * @see http://www.xnova-ng.org/
 *
 * Copyright (c) 2009-Present, XNova Support Team <http://www.xnova-ng.org>
 * All rights reserved.
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 *
 *                                --> NOTICE <--
 *  This file is part of the core development branch, changing its contents will
 * make you unable to use the automatic updates manager. Please refer to the
 * documentation for further information about customizing XNova.
 *
 */

define('INSIDE' , true);
define('INSTALL' , false);
require_once dirname(__FILE__) .'/common.php';

	includeLang('admin');

	$_POST['mode'] = isset($_POST['mode']) ? $_POST['mode'] : '';
	$mode      = $_POST['mode'];

	$PageTpl   = gettemplate("add_declare");
	$parse     = $lang;

	if ($mode == 'addit') {
		$declarator = $user['id'];
		$declarator_name = mysql_real_escape_string($user['username']);
		$decl1 = mysql_real_escape_string($_POST['dec1']);
		$decl2 = mysql_real_escape_string($_POST['dec2']);
		$decl3 = mysql_real_escape_string($_POST['dec3']);
		$reason1 = mysql_real_escape_string($_POST['reason']);
			
		//on verifie si le premiere utilisateur saisie existe
		$verification_utilisateur = $db->query("SELECT * FROM {{table}} WHERE `username` = ':username'")
		->table("users")
		->datas(array(":username" => $decl1))
		->select()
		->fetch();
			
		//on verifie si le deuxieme utilisateur saisie existe
		$verification_utilisateur2 = $db->query("SELECT * FROM {{table}} WHERE `username` = ':username'")
		->table("users")
		->datas(array(":username" => $decl2))
		->select()
		->fetch();
			
		//on verifie si le troisieme utilisateur saisie existe
		$verification_utilisateur3 = $db->query("SELECT * FROM {{table}} WHERE `username` = ':username'")
		->table("users")
		->datas(array(":username" => $decl3))
		->select()
		->fetch();
			
		// erreur general
		if(!isset($declarator) or empty($declarator)){ AdminMessage ("erreur de multi, veuillez contacter l\'administrateur.","Ajout"); }
		
		// on verifi si il n'existe pas ou il est vide ou que le pseudo n'existe pas
		if(!isset($decl1) or empty($decl1) or !$verification_utilisateur) { AdminMessage ("erreur de multi,veuillez saisir le pseudo de la personne concerner.", "Ajout"); }
		
		// on verifi si il existe et qu'il n'est vide
		if(isset($decl2) and !empty($decl2)) {
			//si l'utilisateur n'xiste pas
			if(!$verification_utilisateur2) { AdminMessage ("erreur de multi,veuillez saisir le pseudo 2 de la personne concerner.", "Ajout"); }
		}
		// on verifi si il existe et qu'il n'est vide
		if(isset($decl3) and !empty($decl3)) {
			//si l'utilisateur n'xiste pas
			if(!$verification_utilisateur3) { AdminMessage ("erreur de multi,veuillez saisir le pseudo 3 de la personne concerner.", "Ajout"); }
		}
			
		if(empty($reason1)) { AdminMessage ("Erreur de multi, veuillez saisir la raison.","Ajout"); };
			
		$db->query("INSERT INTO {{table}}(`declarator`,`declarator_name`,`declared_1`,`declared_2`,`declared_3`,`reason`) VALUES (':declarator',':declarator_name',':declared_1',':declared_2',':declared_3',':reason')")
		->table("declared")
		->datas(array(":declarator" => $declarator,":declarator_name" =>$declarator_name,":declared_1" => $decl1,":declared_2" => $decl2,":declared_3" => $decl3,":reason" => $reason1))
		->insert();
		
		$db->query("UPDATE {{table}} SET `multi_validated` = ':multi_validated' WHERE `username` = ':username'")
		->table("users")
		->datas(array(":multi_validated" => 1, ":username" => $user['username']))
		->update();

		AdminMessage( "Merci, votre demande a ete prise en compte. Les autres joueurs que vous avez implique doivent egalement et imperativement suivre cette procedure aussi.", "Ajout" );
	}

	$Page = parsetemplate($PageTpl, $parse);
	display ($Page, $title = 'Déclaration', $topnav = true, $metatags = '', $AdminPage = false, $leftMenu = true);

// -----------------------------------------------------------------------------------------------------------
// History version
// by mandalorien
// 1.0	- Modification des Requêtes
//		- securisation des champs avec les vérification.
?>