Mercurial > hg > fapweb
view usrajax.php @ 1112:0eca3f1b1d48
Improve error handling.
author | Matti Hamalainen <ccr@tnsp.org> |
---|---|
date | Wed, 27 Sep 2017 14:16:11 +0300 |
parents | 95b74632cfe2 |
children | 0a2117349f46 |
line wrap: on
line source
<?php // // FAPWeb - Simple Web-based Demoparty Management System // User actions page AJAX backend module // (C) Copyright 2012-2017 Tecnic Software productions (TNSP) // $sessionType = "user"; require_once "mconfig.inc.php"; require_once "msite.inc.php"; require_once "msession.inc.php"; // // Update one vote (prevalidated) // function stUpdateVote($key_id, $entry_id, $vote) { // Check if the vote already exists $sql = stPrepareSQL("SELECT id FROM votes WHERE key_id=%d AND entry_id=%d", $key_id, $entry_id); if (($res = stFetchSQLColumn($sql)) === false) { // Didn't exist, insert it $sql = stPrepareSQL( "INSERT INTO votes (key_id,entry_id,value,utime) VALUES (%d,%d,%d,%d)", $key_id, $entry_id, $vote, time()); } else { // Existed, thusly update $sql = stPrepareSQL( "UPDATE votes SET value=%d,utime=%d WHERE key_id=%d AND entry_id=%d", $vote, time(), $key_id, $entry_id); } return stExecSQL($sql); } function stCheckVoteValue($id, &$value) { return stChkRequestItem($id, $value, array(CHK_TYPE, VT_INT, "Invalid entry vote value data."), array(CHK_RANGE, VT_INT, array(stGetSetting("voteMin"), stGetSetting("voteMax")), "Invalid vote value, not in range.")); } // // Initialize // if (!stUserSessionAuth() || !stCSRFCheck()) { stSetupCacheControl(); stSessionEnd(SESS_USER); switch (stGetRequestItem("action")) { case "submit": header("Location: ".stGetRequestItem("onerror", stGetSetting("defaultPage"))); break; default: stError("You are not authenticated currently. Try to login again."); stSetStatus(902, "Not authenticated."); stDumpAJAXStatusErrors(FALSE); break; } exit; } ob_start(); stSetupCacheControl(); if (!stConnectSQLDB()) die("Could not connect to SQL database."); stReloadSettings(); $userKeyId = stGetSessionItem("key_id"); // // Check vote key validity // $sql = stPrepareSQL("SELECT * FROM userkeys WHERE id=%d", $userKeyId); if (($key = stFetchSQL($sql)) === false) { stError("Userkey does not exist."); } else { // Validate login based on current vote key mode switch (stGetSetting("userKeyMode")) { case VOTE_ACTIVATE: if ($key["active"] == 0) stError("Userkey is not active."); break; case VOTE_ASSIGN: $sql = stPrepareSQL("SELECT id FROM attendees WHERE key_id=%d", $key["id"]); if (stFetchSQL($sql) === false) stError("Userkey is not assigned to any user."); break; } } // // Handle the request // switch (stGetRequestItem("action")) { case "set": // // Set vote, if voting is enabled // $ajax = TRUE; if (!stChkSetting("allowVoting")) stError("Voting is not enabled."); else if (stChkRequestItem("entry_id", $entry_id, array(CHK_TYPE, VT_INT, "Invalid data.")) && stCheckVoteValue("vote", $vote)) { // Check if the entry_id is actually valid stDBBeginTransaction(); $sql = stPrepareSQL("SELECT * FROM entries WHERE id=%d", $entry_id); if (($entry = stFetchSQL($sql)) !== false) { // Check if the compo is valid for the entry $sql = stPrepareSQL("SELECT * FROM compos WHERE id=%d", $entry["compo_id"]); if (($compo = stFetchSQL($sql)) !== false && $compo["voting"] != 0) stUpdateVote($userKeyId, $entry_id, $vote); } stDBCommitTransaction(); } break; case "submit": // // Submit all votes, if voting is enabled // $ajax = FALSE; if (!stChkSetting("allowVoting")) stError("Voting is not enabled."); else foreach (stExecSQL("SELECT * FROM compos WHERE visible<>0 AND voting<>0") as $compo) { stDBBeginTransaction(); foreach (stExecSQL("SELECT * FROM entries WHERE compo_id=".$compo["id"]) as $entry) { if (stCheckVoteValue("ventry".$entry["id"], $value)) { if (!stUpdateVote($userKeyId, $entry["id"], $value)) stError("Could not set vote for compo #".$compo["id"].", entry #".$entry["id"]); } } stDBCommitTransaction(); } stSetSessionItem("mode", "done"); break; default: stSetStatus(902, "Operation not supported."); break; } if ($errorSet) { ob_clean(); stSetSessionItem("mode", "error"); stSetSessionItem("error", $errorMsgs); } if ($ajax) { if ($errorSet) stDumpAJAXStatusErrors(); } else { header("Location: ".stGetRequestItem("goto", "vote")); } ob_end_flush(); ?>