Mercurial > hg > fapweb
comparison usrajax.php @ 245:bb96aef874a9
Work on the voting backend code.
author | Matti Hamalainen <ccr@tnsp.org> |
---|---|
date | Fri, 22 Nov 2013 15:58:17 +0200 |
parents | 1bb4f4bcb027 |
children | efba5a51f8fa |
comparison
equal
deleted
inserted
replaced
244:70c424d025d6 | 245:bb96aef874a9 |
---|---|
66 if (!stConnectSQLDB()) | 66 if (!stConnectSQLDB()) |
67 die("Could not connect to SQL database."); | 67 die("Could not connect to SQL database."); |
68 | 68 |
69 stReloadSettings(); | 69 stReloadSettings(); |
70 | 70 |
71 $userKeyLen = stGetSetting("userKeyLength"); | |
72 $voteMin = stGetSetting("voteMin"); | |
73 $voteMax = stGetSetting("voteMax"); | |
71 | 74 |
72 // | 75 // |
73 // Handle the request | 76 // Handle the request |
74 // | 77 // |
75 switch (stGetRequestItem("action")) | 78 switch (stGetRequestItem("action")) |
76 { | 79 { |
77 case "set": | 80 case "set": |
78 // | 81 // |
79 // Set vote, if voting is enabled | 82 // Set vote, if voting is enabled |
80 // | 83 // |
81 if (stChkSetting("allowVoting") && | 84 if (!stChkSetting("allowVoting")) |
82 stChkRequestItem("votekey") && | 85 stError("Voting is not enabled.") |
83 stChkRequestItem("entry_id") && | 86 else |
84 stChkRequestItem("vote")) | 87 if (stChkRequestItem("entry_id", $entry_id, |
88 array(CHK_TYPE, VT_INT, "Invalid data.")) && | |
89 stChkRequestItem("vote", $vote, | |
90 array(CHK_TYPE, VT_INT, "Invalid data."), | |
91 array(CHK_RANGE, VT_INT, array($voteMin, $voteMax), "Invalid vote value.")) | |
85 { | 92 { |
86 // Check if voting is enabled on the compo and voter is valid | 93 // Check if voting is enabled on the compo and voter is valid |
87 $entry_id = stGetRequestItem("entry_id"); | 94 $sql = stPrepareSQL("SELECT * FROM votekeys WHERE key=%s", stGetSessionItem("key")); |
88 | 95 if (($votekey = stFetchSQL($sql)) !== false) |
89 $sql = stPrepareSQL("SELECT * FROM votekeys WHERE key=%s", stGetRequestItem("votekey")); | |
90 if (($votekey = stFetchSQLColumn($sql)) !== false) | |
91 { | 96 { |
92 } | 97 } |
98 else | |
99 stError("Invalid data."); | |
93 } | 100 } |
101 break; | |
102 | |
103 case "submit": | |
104 if (!stChkSetting("allowVoting")) | |
105 stError("Voting is not enabled.") | |
94 else | 106 else |
95 stSetStatus(902, "No data."); | 107 { |
108 $sql = stPrepareSQL("SELECT * FROM votekeys WHERE key=%s", stGetSessionItem("key")); | |
109 if (($votekey = stFetchSQL($sql)) !== false) | |
110 { | |
111 } | |
112 else | |
113 stError("Invalid data."); | |
114 } | |
96 break; | 115 break; |
97 | 116 |
98 default: | 117 default: |
99 stSetStatus(404, "Not Found"); | 118 stSetStatus(404, "Not Found"); |
100 break; | 119 break; |