Mercurial > hg > fapweb
view usrajax.php @ 1096:bbc0a3d0b51e
Major renaming / refactor of site messages. Some that were previously
modifiable from admin interface are now "hardcoded" in the configuration
file. Having these settings made modifiable from there made no sense
and just took space in the UI.
author | Matti Hamalainen <ccr@tnsp.org> |
---|---|
date | Fri, 27 Jan 2017 22:15:06 +0200 |
parents | 95b74632cfe2 |
children | 0a2117349f46 |
line wrap: on
line source
<?php // // FAPWeb - Simple Web-based Demoparty Management System // User actions page AJAX backend module // (C) Copyright 2012-2017 Tecnic Software productions (TNSP) // $sessionType = "user"; require_once "mconfig.inc.php"; require_once "msite.inc.php"; require_once "msession.inc.php"; // // Update one vote (prevalidated) // function stUpdateVote($key_id, $entry_id, $vote) { // Check if the vote already exists $sql = stPrepareSQL("SELECT id FROM votes WHERE key_id=%d AND entry_id=%d", $key_id, $entry_id); if (($res = stFetchSQLColumn($sql)) === false) { // Didn't exist, insert it $sql = stPrepareSQL( "INSERT INTO votes (key_id,entry_id,value,utime) VALUES (%d,%d,%d,%d)", $key_id, $entry_id, $vote, time()); } else { // Existed, thusly update $sql = stPrepareSQL( "UPDATE votes SET value=%d,utime=%d WHERE key_id=%d AND entry_id=%d", $vote, time(), $key_id, $entry_id); } return stExecSQL($sql); } function stCheckVoteValue($id, &$value) { return stChkRequestItem($id, $value, array(CHK_TYPE, VT_INT, "Invalid entry vote value data."), array(CHK_RANGE, VT_INT, array(stGetSetting("voteMin"), stGetSetting("voteMax")), "Invalid vote value, not in range.")); } // // Initialize // if (!stUserSessionAuth() || !stCSRFCheck()) { stSetupCacheControl(); stSessionEnd(SESS_USER); switch (stGetRequestItem("action")) { case "submit": header("Location: ".stGetRequestItem("onerror", stGetSetting("defaultPage"))); break; default: stError("You are not authenticated currently. Try to login again."); stSetStatus(902, "Not authenticated."); stDumpAJAXStatusErrors(FALSE); break; } exit; } ob_start(); stSetupCacheControl(); if (!stConnectSQLDB()) die("Could not connect to SQL database."); stReloadSettings(); $userKeyId = stGetSessionItem("key_id"); // // Check vote key validity // $sql = stPrepareSQL("SELECT * FROM userkeys WHERE id=%d", $userKeyId); if (($key = stFetchSQL($sql)) === false) { stError("Userkey does not exist."); } else { // Validate login based on current vote key mode switch (stGetSetting("userKeyMode")) { case VOTE_ACTIVATE: if ($key["active"] == 0) stError("Userkey is not active."); break; case VOTE_ASSIGN: $sql = stPrepareSQL("SELECT id FROM attendees WHERE key_id=%d", $key["id"]); if (stFetchSQL($sql) === false) stError("Userkey is not assigned to any user."); break; } } // // Handle the request // switch (stGetRequestItem("action")) { case "set": // // Set vote, if voting is enabled // $ajax = TRUE; if (!stChkSetting("allowVoting")) stError("Voting is not enabled."); else if (stChkRequestItem("entry_id", $entry_id, array(CHK_TYPE, VT_INT, "Invalid data.")) && stCheckVoteValue("vote", $vote)) { // Check if the entry_id is actually valid stDBBeginTransaction(); $sql = stPrepareSQL("SELECT * FROM entries WHERE id=%d", $entry_id); if (($entry = stFetchSQL($sql)) !== false) { // Check if the compo is valid for the entry $sql = stPrepareSQL("SELECT * FROM compos WHERE id=%d", $entry["compo_id"]); if (($compo = stFetchSQL($sql)) !== false && $compo["voting"] != 0) stUpdateVote($userKeyId, $entry_id, $vote); } stDBCommitTransaction(); } break; case "submit": // // Submit all votes, if voting is enabled // $ajax = FALSE; if (!stChkSetting("allowVoting")) stError("Voting is not enabled."); else foreach (stExecSQL("SELECT * FROM compos WHERE visible<>0 AND voting<>0") as $compo) { stDBBeginTransaction(); foreach (stExecSQL("SELECT * FROM entries WHERE compo_id=".$compo["id"]) as $entry) { if (stCheckVoteValue("ventry".$entry["id"], $value)) { if (!stUpdateVote($userKeyId, $entry["id"], $value)) stError("Could not set vote for compo #".$compo["id"].", entry #".$entry["id"]); } } stDBCommitTransaction(); } stSetSessionItem("mode", "done"); break; default: stSetStatus(902, "Operation not supported."); break; } if ($errorSet) { ob_clean(); stSetSessionItem("mode", "error"); stSetSessionItem("error", $errorMsgs); } if ($ajax) { if ($errorSet) stDumpAJAXStatusErrors(); } else { header("Location: ".stGetRequestItem("goto", "vote")); } ob_end_flush(); ?>