Mercurial > hg > fapweb
view usrajax.php @ 1063:85e268f6a822
Cleanup.
author | Matti Hamalainen <ccr@tnsp.org> |
---|---|
date | Wed, 14 Sep 2016 12:42:03 +0300 |
parents | ffacd904fd1f |
children | 5f92fa5e683a |
line wrap: on
line source
<? // // FAPWeb - Simple Web-based Demoparty Management System // User actions page AJAX backend module // (C) Copyright 2012-2015 Tecnic Software productions (TNSP) // $sessionType = "user"; require_once "mconfig.inc.php"; require_once "msite.inc.php"; require_once "msession.inc.php"; // // Update one vote (prevalidated) // function stUpdateVote($key_id, $entry_id, $vote) { // Check if the vote already exists $sql = stPrepareSQL("SELECT id FROM votes WHERE key_id=%d AND entry_id=%d", $key_id, $entry_id); if (($res = stFetchSQLColumn($sql)) === false) { // Didn't exist, insert it $sql = stPrepareSQL( "INSERT INTO votes (key_id,entry_id,value,utime) VALUES (%d,%d,%d,%d)", $key_id, $entry_id, $vote, time()); } else { // Existed, thusly update $sql = stPrepareSQL( "UPDATE votes SET value=%d,utime=%d WHERE key_id=%d AND entry_id=%d", $vote, time(), $key_id, $entry_id); } return stExecSQL($sql); } function stCheckVoteValue($id, &$value) { return stChkRequestItem($id, $value, array(CHK_TYPE, VT_INT, "Invalid entry vote value data."), array(CHK_RANGE, VT_INT, array(stGetSetting("voteMin"), stGetSetting("voteMax")), "Invalid vote value, not in range.")); } // // Initialize // if (!stUserSessionAuth() || !stCSRFCheck()) { stSetupCacheControl(); stSessionEnd(SESS_USER); switch (stGetRequestItem("action")) { case "submit": header("Location: ".stGetRequestItem("onerror", stGetSetting("defaultPage"))); break; default: stError("You are not authenticated currently. Try to login again."); stSetStatus(902, "Not authenticated."); stDumpAJAXStatusErrors(FALSE); break; } exit; } ob_start(); stSetupCacheControl(); if (!stConnectSQLDB()) die("Could not connect to SQL database."); stReloadSettings(); $voteKeyId = stGetSessionItem("key_id"); // // Handle the request // switch (stGetRequestItem("action")) { case "set": // // Set vote, if voting is enabled // if (!stChkSetting("allowVoting")) stError("Voting is not enabled."); else if (stChkRequestItem("entry_id", $entry_id, array(CHK_TYPE, VT_INT, "Invalid data.")) && stCheckVoteValue("vote", $vote)) { // Check if the entry_id is actually valid stDBBeginTransaction(); $sql = stPrepareSQL("SELECT * FROM entries WHERE id=%d", $entry_id); if (($entry = stFetchSQL($sql)) !== false) { // Check if the compo is valid for the entry $sql = stPrepareSQL("SELECT * FROM compos WHERE id=%d", $entry["compo_id"]); if (($compo = stFetchSQL($sql)) !== false && $compo["voting"] != 0) stUpdateVote($voteKeyId, $entry_id, $vote); } stDBCommitTransaction(); } break; case "submit": if (!stChkSetting("allowVoting")) stError("Voting is not enabled."); else { foreach (stExecSQL("SELECT * FROM compos WHERE visible<>0 AND voting<>0") as $compo) { stDBBeginTransaction(); foreach (stExecSQL("SELECT * FROM entries WHERE compo_id=".$compo["id"]) as $entry) { if (stCheckVoteValue("ventry".$entry["id"], $value)) { if (!stUpdateVote($voteKeyId, $entry["id"], $value)) stError("Could not set vote for compo #".$compo["id"].", entry #".$entry["id"]); } } stDBCommitTransaction(); } if ($errorSet) { stSetSessionItem("mode", "error"); stSetSessionItem("error", $errorMsgs); } else stSetSessionItem("mode", "done"); header("Location: ".stGetRequestItem("goto", "vote")); } break; default: stSetStatus(902, "Operation not supported."); break; } if ($errorSet) { ob_clean(); stDumpAJAXStatusErrors(); } ob_end_flush(); ?>