Mercurial > hg > fapweb
annotate usrajax.php @ 1065:511147c1e119
Move some of the show.php javascript code to show.js.
author | Matti Hamalainen <ccr@tnsp.org> |
---|---|
date | Tue, 24 Jan 2017 13:13:48 +0200 |
parents | ffacd904fd1f |
children | 5f92fa5e683a |
rev | line source |
---|---|
93 | 1 <? |
2 // | |
571
ce11ea112a65
Change the header blurb a bit.
Matti Hamalainen <ccr@tnsp.org>
parents:
565
diff
changeset
|
3 // FAPWeb - Simple Web-based Demoparty Management System |
155
5b92f130ba87
Add copyright header blurbs.
Matti Hamalainen <ccr@tnsp.org>
parents:
153
diff
changeset
|
4 // User actions page AJAX backend module |
1001 | 5 // (C) Copyright 2012-2015 Tecnic Software productions (TNSP) |
93 | 6 // |
7 $sessionType = "user"; | |
175
8df523e6326a
User require_once instead of require.
Matti Hamalainen <ccr@tnsp.org>
parents:
165
diff
changeset
|
8 require_once "mconfig.inc.php"; |
8df523e6326a
User require_once instead of require.
Matti Hamalainen <ccr@tnsp.org>
parents:
165
diff
changeset
|
9 require_once "msite.inc.php"; |
8df523e6326a
User require_once instead of require.
Matti Hamalainen <ccr@tnsp.org>
parents:
165
diff
changeset
|
10 require_once "msession.inc.php"; |
93 | 11 |
161 | 12 // |
316 | 13 // Update one vote (prevalidated) |
161 | 14 // |
316 | 15 function stUpdateVote($key_id, $entry_id, $vote) |
93 | 16 { |
161 | 17 // Check if the vote already exists |
316 | 18 $sql = stPrepareSQL("SELECT id FROM votes WHERE key_id=%d AND entry_id=%d", |
19 $key_id, $entry_id); | |
93 | 20 |
21 if (($res = stFetchSQLColumn($sql)) === false) | |
22 { | |
161 | 23 // Didn't exist, insert it |
93 | 24 $sql = stPrepareSQL( |
762
539bfbdd43ec
Add timestamps to votes, bump database version.
Matti Hamalainen <ccr@tnsp.org>
parents:
739
diff
changeset
|
25 "INSERT INTO votes (key_id,entry_id,value,utime) VALUES (%d,%d,%d,%d)", |
539bfbdd43ec
Add timestamps to votes, bump database version.
Matti Hamalainen <ccr@tnsp.org>
parents:
739
diff
changeset
|
26 $key_id, $entry_id, $vote, time()); |
93 | 27 } |
28 else | |
29 { | |
161 | 30 // Existed, thusly update |
775
62a98cb255f7
Oops, 100L .. a remnant of SQL code change experiment. Fixed.
Matti Hamalainen <ccr@tnsp.org>
parents:
762
diff
changeset
|
31 $sql = stPrepareSQL( |
762
539bfbdd43ec
Add timestamps to votes, bump database version.
Matti Hamalainen <ccr@tnsp.org>
parents:
739
diff
changeset
|
32 "UPDATE votes SET value=%d,utime=%d WHERE key_id=%d AND entry_id=%d", |
539bfbdd43ec
Add timestamps to votes, bump database version.
Matti Hamalainen <ccr@tnsp.org>
parents:
739
diff
changeset
|
33 $vote, time(), $key_id, $entry_id); |
93 | 34 } |
35 | |
225 | 36 return stExecSQL($sql); |
93 | 37 } |
38 | |
39 | |
739 | 40 function stCheckVoteValue($id, &$value) |
41 { | |
42 return | |
43 stChkRequestItem($id, $value, | |
44 array(CHK_TYPE, VT_INT, "Invalid entry vote value data."), | |
45 array(CHK_RANGE, VT_INT, array(stGetSetting("voteMin"), stGetSetting("voteMax")), "Invalid vote value, not in range.")); | |
46 } | |
47 | |
48 | |
165 | 49 // |
50 // Initialize | |
51 // | |
360
2af8458058ab
Implement CSRF token checks.
Matti Hamalainen <ccr@tnsp.org>
parents:
332
diff
changeset
|
52 if (!stUserSessionAuth() || !stCSRFCheck()) |
93 | 53 { |
54 stSetupCacheControl(); | |
55 | |
56 stSessionEnd(SESS_USER); | |
57 | |
789
24bbd1f89794
Add few new settings, bump database version.
Matti Hamalainen <ccr@tnsp.org>
parents:
787
diff
changeset
|
58 switch (stGetRequestItem("action")) |
24bbd1f89794
Add few new settings, bump database version.
Matti Hamalainen <ccr@tnsp.org>
parents:
787
diff
changeset
|
59 { |
24bbd1f89794
Add few new settings, bump database version.
Matti Hamalainen <ccr@tnsp.org>
parents:
787
diff
changeset
|
60 case "submit": |
24bbd1f89794
Add few new settings, bump database version.
Matti Hamalainen <ccr@tnsp.org>
parents:
787
diff
changeset
|
61 header("Location: ".stGetRequestItem("onerror", stGetSetting("defaultPage"))); |
24bbd1f89794
Add few new settings, bump database version.
Matti Hamalainen <ccr@tnsp.org>
parents:
787
diff
changeset
|
62 break; |
24bbd1f89794
Add few new settings, bump database version.
Matti Hamalainen <ccr@tnsp.org>
parents:
787
diff
changeset
|
63 |
24bbd1f89794
Add few new settings, bump database version.
Matti Hamalainen <ccr@tnsp.org>
parents:
787
diff
changeset
|
64 default: |
24bbd1f89794
Add few new settings, bump database version.
Matti Hamalainen <ccr@tnsp.org>
parents:
787
diff
changeset
|
65 stError("You are not authenticated currently. Try to login again."); |
24bbd1f89794
Add few new settings, bump database version.
Matti Hamalainen <ccr@tnsp.org>
parents:
787
diff
changeset
|
66 stSetStatus(902, "Not authenticated."); |
24bbd1f89794
Add few new settings, bump database version.
Matti Hamalainen <ccr@tnsp.org>
parents:
787
diff
changeset
|
67 stDumpAJAXStatusErrors(FALSE); |
24bbd1f89794
Add few new settings, bump database version.
Matti Hamalainen <ccr@tnsp.org>
parents:
787
diff
changeset
|
68 break; |
24bbd1f89794
Add few new settings, bump database version.
Matti Hamalainen <ccr@tnsp.org>
parents:
787
diff
changeset
|
69 } |
93 | 70 exit; |
71 } | |
72 | |
544 | 73 ob_start(); |
74 | |
93 | 75 stSetupCacheControl(); |
76 | |
77 if (!stConnectSQLDB()) | |
78 die("Could not connect to SQL database."); | |
79 | |
80 stReloadSettings(); | |
81 | |
310
8098b5b80f8c
We won't be checking key validity while session is in progress, thus get rid
Matti Hamalainen <ccr@tnsp.org>
parents:
294
diff
changeset
|
82 $voteKeyId = stGetSessionItem("key_id"); |
93 | 83 |
310
8098b5b80f8c
We won't be checking key validity while session is in progress, thus get rid
Matti Hamalainen <ccr@tnsp.org>
parents:
294
diff
changeset
|
84 |
161 | 85 // |
86 // Handle the request | |
87 // | |
216 | 88 switch (stGetRequestItem("action")) |
93 | 89 { |
90 case "set": | |
91 // | |
153
aecf145e7c70
Some work on the voting backend.
Matti Hamalainen <ccr@tnsp.org>
parents:
123
diff
changeset
|
92 // Set vote, if voting is enabled |
93 | 93 // |
245
bb96aef874a9
Work on the voting backend code.
Matti Hamalainen <ccr@tnsp.org>
parents:
225
diff
changeset
|
94 if (!stChkSetting("allowVoting")) |
294 | 95 stError("Voting is not enabled."); |
245
bb96aef874a9
Work on the voting backend code.
Matti Hamalainen <ccr@tnsp.org>
parents:
225
diff
changeset
|
96 else |
bb96aef874a9
Work on the voting backend code.
Matti Hamalainen <ccr@tnsp.org>
parents:
225
diff
changeset
|
97 if (stChkRequestItem("entry_id", $entry_id, |
bb96aef874a9
Work on the voting backend code.
Matti Hamalainen <ccr@tnsp.org>
parents:
225
diff
changeset
|
98 array(CHK_TYPE, VT_INT, "Invalid data.")) && |
739 | 99 stCheckVoteValue("vote", $vote)) |
93 | 100 { |
316 | 101 // Check if the entry_id is actually valid |
580
3929a5a87815
Use the new transaction functions here as well.
Matti Hamalainen <ccr@tnsp.org>
parents:
571
diff
changeset
|
102 stDBBeginTransaction(); |
316 | 103 $sql = stPrepareSQL("SELECT * FROM entries WHERE id=%d", $entry_id); |
104 if (($entry = stFetchSQL($sql)) !== false) | |
105 { | |
106 // Check if the compo is valid for the entry | |
107 $sql = stPrepareSQL("SELECT * FROM compos WHERE id=%d", $entry["compo_id"]); | |
108 if (($compo = stFetchSQL($sql)) !== false && $compo["voting"] != 0) | |
109 stUpdateVote($voteKeyId, $entry_id, $vote); | |
110 } | |
580
3929a5a87815
Use the new transaction functions here as well.
Matti Hamalainen <ccr@tnsp.org>
parents:
571
diff
changeset
|
111 stDBCommitTransaction(); |
93 | 112 } |
245
bb96aef874a9
Work on the voting backend code.
Matti Hamalainen <ccr@tnsp.org>
parents:
225
diff
changeset
|
113 break; |
bb96aef874a9
Work on the voting backend code.
Matti Hamalainen <ccr@tnsp.org>
parents:
225
diff
changeset
|
114 |
bb96aef874a9
Work on the voting backend code.
Matti Hamalainen <ccr@tnsp.org>
parents:
225
diff
changeset
|
115 case "submit": |
bb96aef874a9
Work on the voting backend code.
Matti Hamalainen <ccr@tnsp.org>
parents:
225
diff
changeset
|
116 if (!stChkSetting("allowVoting")) |
294 | 117 stError("Voting is not enabled."); |
93 | 118 else |
245
bb96aef874a9
Work on the voting backend code.
Matti Hamalainen <ccr@tnsp.org>
parents:
225
diff
changeset
|
119 { |
316 | 120 foreach (stExecSQL("SELECT * FROM compos WHERE visible<>0 AND voting<>0") as $compo) |
121 { | |
722 | 122 stDBBeginTransaction(); |
123 foreach (stExecSQL("SELECT * FROM entries WHERE compo_id=".$compo["id"]) as $entry) | |
316 | 124 { |
739 | 125 if (stCheckVoteValue("ventry".$entry["id"], $value)) |
325 | 126 { |
739 | 127 if (!stUpdateVote($voteKeyId, $entry["id"], $value)) |
128 stError("Could not set vote for compo #".$compo["id"].", entry #".$entry["id"]); | |
325 | 129 } |
316 | 130 } |
722 | 131 stDBCommitTransaction(); |
316 | 132 } |
368
cbe2693a3cd1
Error handling improvements.
Matti Hamalainen <ccr@tnsp.org>
parents:
360
diff
changeset
|
133 |
cbe2693a3cd1
Error handling improvements.
Matti Hamalainen <ccr@tnsp.org>
parents:
360
diff
changeset
|
134 if ($errorSet) |
325 | 135 { |
368
cbe2693a3cd1
Error handling improvements.
Matti Hamalainen <ccr@tnsp.org>
parents:
360
diff
changeset
|
136 stSetSessionItem("mode", "error"); |
cbe2693a3cd1
Error handling improvements.
Matti Hamalainen <ccr@tnsp.org>
parents:
360
diff
changeset
|
137 stSetSessionItem("error", $errorMsgs); |
cbe2693a3cd1
Error handling improvements.
Matti Hamalainen <ccr@tnsp.org>
parents:
360
diff
changeset
|
138 } |
cbe2693a3cd1
Error handling improvements.
Matti Hamalainen <ccr@tnsp.org>
parents:
360
diff
changeset
|
139 else |
325 | 140 stSetSessionItem("mode", "done"); |
368
cbe2693a3cd1
Error handling improvements.
Matti Hamalainen <ccr@tnsp.org>
parents:
360
diff
changeset
|
141 |
cbe2693a3cd1
Error handling improvements.
Matti Hamalainen <ccr@tnsp.org>
parents:
360
diff
changeset
|
142 header("Location: ".stGetRequestItem("goto", "vote")); |
245
bb96aef874a9
Work on the voting backend code.
Matti Hamalainen <ccr@tnsp.org>
parents:
225
diff
changeset
|
143 } |
93 | 144 break; |
145 | |
146 default: | |
787 | 147 stSetStatus(902, "Operation not supported."); |
93 | 148 break; |
149 } | |
150 | |
544 | 151 if ($errorSet) |
152 { | |
153 ob_clean(); | |
154 stDumpAJAXStatusErrors(); | |
155 } | |
156 | |
157 ob_end_flush(); | |
93 | 158 ?> |