Mercurial > hg > fapweb
view usrajax.php @ 720:4f334b3c884f
Cleanups.
author | Matti Hamalainen <ccr@tnsp.org> |
---|---|
date | Thu, 13 Nov 2014 09:30:40 +0200 |
parents | 3929a5a87815 |
children | bf33cec02dc6 |
line wrap: on
line source
<? // // FAPWeb - Simple Web-based Demoparty Management System // User actions page AJAX backend module // (C) Copyright 2012-2014 Tecnic Software productions (TNSP) // $sessionType = "user"; require_once "mconfig.inc.php"; require_once "msite.inc.php"; require_once "msession.inc.php"; // // Update one vote (prevalidated) // function stUpdateVote($key_id, $entry_id, $vote) { // Check if the vote already exists $sql = stPrepareSQL("SELECT id FROM votes WHERE key_id=%d AND entry_id=%d", $key_id, $entry_id); if (($res = stFetchSQLColumn($sql)) === false) { // Didn't exist, insert it $sql = stPrepareSQL( "INSERT INTO votes (key_id,entry_id,value) VALUES (%d,%d,%d)", $key_id, $entry_id, $vote); } else { // Existed, thusly update $sql = stPrepareSQL( "UPDATE votes SET value=%d WHERE key_id=%d AND entry_id=%d", $vote, $key_id, $entry_id); } return stExecSQL($sql); } // // Initialize // if (!stUserSessionAuth() || !stCSRFCheck()) { stSetupCacheControl(); stSessionEnd(SESS_USER); header("Location: ".stGetSetting("defaultPage")); exit; } ob_start(); stSetupCacheControl(); if (!stConnectSQLDB()) die("Could not connect to SQL database."); stReloadSettings(); $voteKeyId = stGetSessionItem("key_id"); $voteMin = stGetSetting("voteMin"); $voteMax = stGetSetting("voteMax"); // // Handle the request // switch (stGetRequestItem("action")) { case "set": // // Set vote, if voting is enabled // if (!stChkSetting("allowVoting")) stError("Voting is not enabled."); else if (stChkRequestItem("entry_id", $entry_id, array(CHK_TYPE, VT_INT, "Invalid data.")) && stChkRequestItem("vote", $vote, array(CHK_TYPE, VT_INT, "Invalid data."), array(CHK_RANGE, VT_INT, array($voteMin, $voteMax), "Invalid vote value."))) { // Check if the entry_id is actually valid stDBBeginTransaction(); $sql = stPrepareSQL("SELECT * FROM entries WHERE id=%d", $entry_id); if (($entry = stFetchSQL($sql)) !== false) { // Check if the compo is valid for the entry $sql = stPrepareSQL("SELECT * FROM compos WHERE id=%d", $entry["compo_id"]); if (($compo = stFetchSQL($sql)) !== false && $compo["voting"] != 0) { stUpdateVote($voteKeyId, $entry_id, $vote); } } stDBCommitTransaction(); } break; case "submit": if (!stChkSetting("allowVoting")) stError("Voting is not enabled."); else { stDBBeginTransaction(); foreach (stExecSQL("SELECT * FROM compos WHERE visible<>0 AND voting<>0") as $compo) { $cid = $compo["id"]; foreach (stExecSQL("SELECT * FROM entries WHERE compo_id=".$cid) as $entry) { $value = stGetRequestItem("ventry".$entry["id"], 0); if (!stUpdateVote($voteKeyId, $entry["id"], $value)) { stError("Could not set vote for compo #".$cid.", entry #".$entry["id"]); break; } } } stDBCommitTransaction(); if ($errorSet) { stSetSessionItem("mode", "error"); stSetSessionItem("error", $errorMsgs); } else stSetSessionItem("mode", "done"); header("Location: ".stGetRequestItem("goto", "vote")); } break; default: stSetStatus(404, "Not Found"); break; } if ($errorSet) { ob_clean(); stDumpAJAXStatusErrors(); } ob_end_flush(); ?>