fapweb: usrajax.php comparison

comparison usrajax.php @ 245:bb96aef874a9

Work on the voting backend code.

author	Matti Hamalainen <ccr@tnsp.org>
date	Fri, 22 Nov 2013 15:58:17 +0200
parents	1bb4f4bcb027
children	efba5a51f8fa

comparison

equal deleted inserted replaced

-:70c424d025d6
+:bb96aef874a9
 if (!stConnectSQLDB())
 die("Could not connect to SQL database.");
 stReloadSettings();
+$userKeyLen = stGetSetting("userKeyLength");
+$voteMin = stGetSetting("voteMin");
+$voteMax = stGetSetting("voteMax");
 //
 // Handle the request
 //
 switch (stGetRequestItem("action"))
 {
 case "set":
 //
 // Set vote, if voting is enabled
 //
-if (stChkSetting("allowVoting") &&
+if (!stChkSetting("allowVoting"))
-stChkRequestItem("votekey") &&
+stError("Voting is not enabled.")
-stChkRequestItem("entry_id") &&
+else
-stChkRequestItem("vote"))
+if (stChkRequestItem("entry_id", $entry_id,
+array(CHK_TYPE, VT_INT, "Invalid data.")) &&
+stChkRequestItem("vote", $vote,
+array(CHK_TYPE, VT_INT, "Invalid data."),
+array(CHK_RANGE, VT_INT, array($voteMin, $voteMax), "Invalid vote value."))
 {
 // Check if voting is enabled on the compo and voter is valid
-$entry_id = stGetRequestItem("entry_id");
+$sql = stPrepareSQL("SELECT * FROM votekeys WHERE key=%s", stGetSessionItem("key"));
+if (($votekey = stFetchSQL($sql)) !== false)
-$sql = stPrepareSQL("SELECT * FROM votekeys WHERE key=%s", stGetRequestItem("votekey"));
-if (($votekey = stFetchSQLColumn($sql)) !== false)
 {
 }
+else
+stError("Invalid data.");
 }
+break;
+case "submit":
+if (!stChkSetting("allowVoting"))
+stError("Voting is not enabled.")
 else
-stSetStatus(902, "No data.");
+{
+$sql = stPrepareSQL("SELECT * FROM votekeys WHERE key=%s", stGetSessionItem("key"));
+if (($votekey = stFetchSQL($sql)) !== false)
+{
+}
+else
+stError("Invalid data.");
+}
 break;
 default:
 stSetStatus(404, "Not Found");
 break;

Mercurial > hg > fapweb

comparison usrajax.php @ 245:bb96aef874a9