Mercurial > hg > fapweb
annotate usrajax.php @ 571:ce11ea112a65
Change the header blurb a bit.
author | Matti Hamalainen <ccr@tnsp.org> |
---|---|
date | Fri, 23 May 2014 17:18:33 +0300 |
parents | ed2247111fdd |
children | 3929a5a87815 |
rev | line source |
---|---|
93 | 1 <? |
2 // | |
571
ce11ea112a65
Change the header blurb a bit.
Matti Hamalainen <ccr@tnsp.org>
parents:
565
diff
changeset
|
3 // FAPWeb - Simple Web-based Demoparty Management System |
155
5b92f130ba87
Add copyright header blurbs.
Matti Hamalainen <ccr@tnsp.org>
parents:
153
diff
changeset
|
4 // User actions page AJAX backend module |
565 | 5 // (C) Copyright 2012-2014 Tecnic Software productions (TNSP) |
93 | 6 // |
7 $sessionType = "user"; | |
175
8df523e6326a
User require_once instead of require.
Matti Hamalainen <ccr@tnsp.org>
parents:
165
diff
changeset
|
8 require_once "mconfig.inc.php"; |
8df523e6326a
User require_once instead of require.
Matti Hamalainen <ccr@tnsp.org>
parents:
165
diff
changeset
|
9 require_once "msite.inc.php"; |
8df523e6326a
User require_once instead of require.
Matti Hamalainen <ccr@tnsp.org>
parents:
165
diff
changeset
|
10 require_once "msession.inc.php"; |
93 | 11 |
161 | 12 // |
316 | 13 // Update one vote (prevalidated) |
161 | 14 // |
316 | 15 function stUpdateVote($key_id, $entry_id, $vote) |
93 | 16 { |
161 | 17 // Check if the vote already exists |
316 | 18 $sql = stPrepareSQL("SELECT id FROM votes WHERE key_id=%d AND entry_id=%d", |
19 $key_id, $entry_id); | |
93 | 20 |
21 if (($res = stFetchSQLColumn($sql)) === false) | |
22 { | |
161 | 23 // Didn't exist, insert it |
93 | 24 $sql = stPrepareSQL( |
316 | 25 "INSERT INTO votes (key_id,entry_id,value) VALUES (%d,%d,%d)", |
26 $key_id, $entry_id, $vote); | |
93 | 27 } |
28 else | |
29 { | |
161 | 30 // Existed, thusly update |
93 | 31 $sql = stPrepareSQL( |
316 | 32 "UPDATE votes SET value=%d WHERE key_id=%d AND entry_id=%d", |
329
899a3583666d
Yay, noscript voting also works now.
Matti Hamalainen <ccr@tnsp.org>
parents:
325
diff
changeset
|
33 $vote, $key_id, $entry_id); |
93 | 34 } |
35 | |
225 | 36 return stExecSQL($sql); |
93 | 37 } |
38 | |
39 | |
165 | 40 // |
41 // Initialize | |
42 // | |
360
2af8458058ab
Implement CSRF token checks.
Matti Hamalainen <ccr@tnsp.org>
parents:
332
diff
changeset
|
43 if (!stUserSessionAuth() || !stCSRFCheck()) |
93 | 44 { |
45 stSetupCacheControl(); | |
46 | |
47 stSessionEnd(SESS_USER); | |
48 | |
123
5837b9333964
Add new "about" page, and setting for default page.
Matti Hamalainen <ccr@tnsp.org>
parents:
101
diff
changeset
|
49 header("Location: ".stGetSetting("defaultPage")); |
93 | 50 exit; |
51 } | |
52 | |
544 | 53 ob_start(); |
54 | |
93 | 55 stSetupCacheControl(); |
56 | |
57 if (!stConnectSQLDB()) | |
58 die("Could not connect to SQL database."); | |
59 | |
60 stReloadSettings(); | |
61 | |
310
8098b5b80f8c
We won't be checking key validity while session is in progress, thus get rid
Matti Hamalainen <ccr@tnsp.org>
parents:
294
diff
changeset
|
62 $voteKeyId = stGetSessionItem("key_id"); |
245
bb96aef874a9
Work on the voting backend code.
Matti Hamalainen <ccr@tnsp.org>
parents:
225
diff
changeset
|
63 $voteMin = stGetSetting("voteMin"); |
bb96aef874a9
Work on the voting backend code.
Matti Hamalainen <ccr@tnsp.org>
parents:
225
diff
changeset
|
64 $voteMax = stGetSetting("voteMax"); |
93 | 65 |
310
8098b5b80f8c
We won't be checking key validity while session is in progress, thus get rid
Matti Hamalainen <ccr@tnsp.org>
parents:
294
diff
changeset
|
66 |
161 | 67 // |
68 // Handle the request | |
69 // | |
216 | 70 switch (stGetRequestItem("action")) |
93 | 71 { |
72 case "set": | |
73 // | |
153
aecf145e7c70
Some work on the voting backend.
Matti Hamalainen <ccr@tnsp.org>
parents:
123
diff
changeset
|
74 // Set vote, if voting is enabled |
93 | 75 // |
245
bb96aef874a9
Work on the voting backend code.
Matti Hamalainen <ccr@tnsp.org>
parents:
225
diff
changeset
|
76 if (!stChkSetting("allowVoting")) |
294 | 77 stError("Voting is not enabled."); |
245
bb96aef874a9
Work on the voting backend code.
Matti Hamalainen <ccr@tnsp.org>
parents:
225
diff
changeset
|
78 else |
bb96aef874a9
Work on the voting backend code.
Matti Hamalainen <ccr@tnsp.org>
parents:
225
diff
changeset
|
79 if (stChkRequestItem("entry_id", $entry_id, |
bb96aef874a9
Work on the voting backend code.
Matti Hamalainen <ccr@tnsp.org>
parents:
225
diff
changeset
|
80 array(CHK_TYPE, VT_INT, "Invalid data.")) && |
bb96aef874a9
Work on the voting backend code.
Matti Hamalainen <ccr@tnsp.org>
parents:
225
diff
changeset
|
81 stChkRequestItem("vote", $vote, |
bb96aef874a9
Work on the voting backend code.
Matti Hamalainen <ccr@tnsp.org>
parents:
225
diff
changeset
|
82 array(CHK_TYPE, VT_INT, "Invalid data."), |
294 | 83 array(CHK_RANGE, VT_INT, array($voteMin, $voteMax), "Invalid vote value."))) |
93 | 84 { |
316 | 85 // Check if the entry_id is actually valid |
520
6e9d03f10328
Add transactions to voting.
Matti Hamalainen <ccr@tnsp.org>
parents:
368
diff
changeset
|
86 stExecSQL("BEGIN TRANSACTION"); |
316 | 87 $sql = stPrepareSQL("SELECT * FROM entries WHERE id=%d", $entry_id); |
88 if (($entry = stFetchSQL($sql)) !== false) | |
89 { | |
90 // Check if the compo is valid for the entry | |
91 $sql = stPrepareSQL("SELECT * FROM compos WHERE id=%d", $entry["compo_id"]); | |
92 if (($compo = stFetchSQL($sql)) !== false && $compo["voting"] != 0) | |
93 { | |
94 stUpdateVote($voteKeyId, $entry_id, $vote); | |
95 } | |
96 } | |
520
6e9d03f10328
Add transactions to voting.
Matti Hamalainen <ccr@tnsp.org>
parents:
368
diff
changeset
|
97 stExecSQL("COMMIT"); |
93 | 98 } |
245
bb96aef874a9
Work on the voting backend code.
Matti Hamalainen <ccr@tnsp.org>
parents:
225
diff
changeset
|
99 break; |
bb96aef874a9
Work on the voting backend code.
Matti Hamalainen <ccr@tnsp.org>
parents:
225
diff
changeset
|
100 |
bb96aef874a9
Work on the voting backend code.
Matti Hamalainen <ccr@tnsp.org>
parents:
225
diff
changeset
|
101 case "submit": |
bb96aef874a9
Work on the voting backend code.
Matti Hamalainen <ccr@tnsp.org>
parents:
225
diff
changeset
|
102 if (!stChkSetting("allowVoting")) |
294 | 103 stError("Voting is not enabled."); |
93 | 104 else |
245
bb96aef874a9
Work on the voting backend code.
Matti Hamalainen <ccr@tnsp.org>
parents:
225
diff
changeset
|
105 { |
520
6e9d03f10328
Add transactions to voting.
Matti Hamalainen <ccr@tnsp.org>
parents:
368
diff
changeset
|
106 stExecSQL("BEGIN TRANSACTION"); |
316 | 107 foreach (stExecSQL("SELECT * FROM compos WHERE visible<>0 AND voting<>0") as $compo) |
108 { | |
109 $cid = $compo["id"]; | |
110 foreach (stExecSQL("SELECT * FROM entries WHERE compo_id=".$cid) as $entry) | |
111 { | |
329
899a3583666d
Yay, noscript voting also works now.
Matti Hamalainen <ccr@tnsp.org>
parents:
325
diff
changeset
|
112 $value = stGetRequestItem("ventry".$entry["id"], 0); |
325 | 113 if (!stUpdateVote($voteKeyId, $entry["id"], $value)) |
114 { | |
115 stError("Could not set vote for compo #".$cid.", entry #".$entry["id"]); | |
116 break; | |
117 } | |
316 | 118 } |
119 } | |
520
6e9d03f10328
Add transactions to voting.
Matti Hamalainen <ccr@tnsp.org>
parents:
368
diff
changeset
|
120 stExecSQL("COMMIT"); |
368
cbe2693a3cd1
Error handling improvements.
Matti Hamalainen <ccr@tnsp.org>
parents:
360
diff
changeset
|
121 |
cbe2693a3cd1
Error handling improvements.
Matti Hamalainen <ccr@tnsp.org>
parents:
360
diff
changeset
|
122 if ($errorSet) |
325 | 123 { |
368
cbe2693a3cd1
Error handling improvements.
Matti Hamalainen <ccr@tnsp.org>
parents:
360
diff
changeset
|
124 stSetSessionItem("mode", "error"); |
cbe2693a3cd1
Error handling improvements.
Matti Hamalainen <ccr@tnsp.org>
parents:
360
diff
changeset
|
125 stSetSessionItem("error", $errorMsgs); |
cbe2693a3cd1
Error handling improvements.
Matti Hamalainen <ccr@tnsp.org>
parents:
360
diff
changeset
|
126 } |
cbe2693a3cd1
Error handling improvements.
Matti Hamalainen <ccr@tnsp.org>
parents:
360
diff
changeset
|
127 else |
325 | 128 stSetSessionItem("mode", "done"); |
368
cbe2693a3cd1
Error handling improvements.
Matti Hamalainen <ccr@tnsp.org>
parents:
360
diff
changeset
|
129 |
cbe2693a3cd1
Error handling improvements.
Matti Hamalainen <ccr@tnsp.org>
parents:
360
diff
changeset
|
130 header("Location: ".stGetRequestItem("goto", "vote")); |
245
bb96aef874a9
Work on the voting backend code.
Matti Hamalainen <ccr@tnsp.org>
parents:
225
diff
changeset
|
131 } |
93 | 132 break; |
133 | |
134 default: | |
135 stSetStatus(404, "Not Found"); | |
136 break; | |
137 } | |
138 | |
544 | 139 if ($errorSet) |
140 { | |
141 ob_clean(); | |
142 stDumpAJAXStatusErrors(); | |
143 } | |
144 | |
145 ob_end_flush(); | |
93 | 146 ?> |