Mercurial > hg > fapweb

view usrajax.php @ 1096:bbc0a3d0b51e

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Major renaming / refactor of site messages. Some that were previously modifiable from admin interface are now "hardcoded" in the configuration file. Having these settings made modifiable from there made no sense and just took space in the UI.
author Matti Hamalainen <ccr@tnsp.org>
date Fri, 27 Jan 2017 22:15:06 +0200
parents 95b74632cfe2
children 0a2117349f46
line wrap: on
line source

<?php
//
// FAPWeb - Simple Web-based Demoparty Management System
// User actions page AJAX backend module
// (C) Copyright 2012-2017 Tecnic Software productions (TNSP)
//
$sessionType = "user";
require_once "mconfig.inc.php";
require_once "msite.inc.php";
require_once "msession.inc.php";

//
// Update one vote (prevalidated)
//
function stUpdateVote($key_id, $entry_id, $vote)
{
  // Check if the vote already exists
  $sql = stPrepareSQL("SELECT id FROM votes WHERE key_id=%d AND entry_id=%d",
    $key_id, $entry_id);

  if (($res = stFetchSQLColumn($sql)) === false)
  {
    // Didn't exist, insert it
    $sql = stPrepareSQL(
      "INSERT INTO votes (key_id,entry_id,value,utime) VALUES (%d,%d,%d,%d)",
      $key_id, $entry_id, $vote, time());
  }
  else
  {
    // Existed, thusly update
    $sql = stPrepareSQL(
      "UPDATE votes SET value=%d,utime=%d WHERE key_id=%d AND entry_id=%d",
      $vote, time(), $key_id, $entry_id);
  }

  return stExecSQL($sql);
}


function stCheckVoteValue($id, &$value)
{
  return
    stChkRequestItem($id, $value,
    array(CHK_TYPE, VT_INT, "Invalid entry vote value data."),
    array(CHK_RANGE, VT_INT, array(stGetSetting("voteMin"), stGetSetting("voteMax")), "Invalid vote value, not in range."));
}


//
// Initialize
//
if (!stUserSessionAuth() || !stCSRFCheck())
{
  stSetupCacheControl();

  stSessionEnd(SESS_USER);

  switch (stGetRequestItem("action"))
  {
    case "submit":
      header("Location: ".stGetRequestItem("onerror", stGetSetting("defaultPage")));
      break;

    default:
      stError("You are not authenticated currently. Try to login again.");
      stSetStatus(902, "Not authenticated.");
      stDumpAJAXStatusErrors(FALSE);
      break;
  }
  exit;
}

ob_start();

stSetupCacheControl();

if (!stConnectSQLDB())
  die("Could not connect to SQL database.");

stReloadSettings();

$userKeyId = stGetSessionItem("key_id");

//
// Check vote key validity
//
$sql = stPrepareSQL("SELECT * FROM userkeys WHERE id=%d", $userKeyId);
if (($key = stFetchSQL($sql)) === false)
{
  stError("Userkey does not exist.");
}
else
{
  // Validate login based on current vote key mode
  switch (stGetSetting("userKeyMode"))
  {
    case VOTE_ACTIVATE:
      if ($key["active"] == 0)
        stError("Userkey is not active.");
      break;

    case VOTE_ASSIGN:
      $sql = stPrepareSQL("SELECT id FROM attendees WHERE key_id=%d", $key["id"]);
      if (stFetchSQL($sql) === false)
        stError("Userkey is not assigned to any user.");
      break;
  }
}

//
// Handle the request
//
switch (stGetRequestItem("action"))
{
  case "set":
    //
    // Set vote, if voting is enabled
    //
    $ajax = TRUE;
    if (!stChkSetting("allowVoting"))
      stError("Voting is not enabled.");
    else
    if (stChkRequestItem("entry_id", $entry_id,
        array(CHK_TYPE, VT_INT, "Invalid data.")) &&
        stCheckVoteValue("vote", $vote))
    {
      // Check if the entry_id is actually valid
      stDBBeginTransaction();
      $sql = stPrepareSQL("SELECT * FROM entries WHERE id=%d", $entry_id);
      if (($entry = stFetchSQL($sql)) !== false)
      {
        // Check if the compo is valid for the entry
        $sql = stPrepareSQL("SELECT * FROM compos WHERE id=%d", $entry["compo_id"]);
        if (($compo = stFetchSQL($sql)) !== false && $compo["voting"] != 0)
          stUpdateVote($userKeyId, $entry_id, $vote);
      }
      stDBCommitTransaction();
    }
    break;

  case "submit":
    //
    // Submit all votes, if voting is enabled
    //
    $ajax = FALSE;
    if (!stChkSetting("allowVoting"))
      stError("Voting is not enabled.");
    else
    foreach (stExecSQL("SELECT * FROM compos WHERE visible<>0 AND voting<>0") as $compo)
    {
      stDBBeginTransaction();
      foreach (stExecSQL("SELECT * FROM entries WHERE compo_id=".$compo["id"]) as $entry)
      {
        if (stCheckVoteValue("ventry".$entry["id"], $value))
        {
          if (!stUpdateVote($userKeyId, $entry["id"], $value))
            stError("Could not set vote for compo #".$compo["id"].", entry #".$entry["id"]);
        }
      }
      stDBCommitTransaction();
    }
    stSetSessionItem("mode", "done");
    break;

  default:
    stSetStatus(902, "Operation not supported.");
    break;
}


if ($errorSet)
{
  ob_clean();
  stSetSessionItem("mode", "error");
  stSetSessionItem("error", $errorMsgs);
}

if ($ajax)
{
  if ($errorSet)
    stDumpAJAXStatusErrors();
}
else
{
  header("Location: ".stGetRequestItem("goto", "vote"));
}

ob_end_flush();
?>