Mercurial > hg > fapweb
view submit.php @ 31:eaa65f0b3ce7
Cleanups.
| author | Matti Hamalainen <ccr@tnsp.org> |
|---|---|
| date | Sun, 09 Dec 2012 06:21:19 +0200 |
| parents | 4b5a176805e2 |
| children |
line wrap: on
line source
<? require "mconfig.inc.php"; require "msite.inc.php"; function stCheckVoteValues() { // Check the submitted vote values foreach ($compos as $id => $compo) foreach ($compo["entries"] as $eid => $entry) { $name = "entry".$eid; $vote = stGetRequestItem($name); if (!$errorSet && ($vote < stGetSetting("voteMin") || $vote > stGetSetting("voteMax"))) { stError("One or more vote value was out of bounds. Trying to cheat, eh?"); $vote = 0; } $_SESSION[$name] = $vote; } } function stSubmitVotes() { foreach ($compos as $id => $compo) foreach ($compo["entries"] as $eid => $entry) { $vote = stGetRequestItem("entry".$eid); $sql = stPrepareSQL("SELECT id FROM votes WHERE voter_id=%d AND entry_id=%d", $voter["id"], $eid); if (($res = stFetchSQLColumn($sql)) === false) { $sql = stPrepareSQL( "INSERT INTO votes (voter_id,entry_id,value) VALUES (%d,%d,%d)", $voter["id"], $eid, $vote); if (stExecSQL($sql) === false) return FALSE; } else { $sql = stPrepareSQL( "UPDATE votes SET value=%d WHERE voter_id=%d AND entry_id=%d", $vote, $voter["id"], $eid); if (stExecSQL($sql) === false) return FALSE; } } return TRUE; } function stSubmitFiles() { /* $allowedExts = array("zip", "rar", "lha", "7z"); $filename = $_FILES["file"]["name"]; $extension = end(explode(".", $filename)); $type = $_FILES["file"]["type"]; if (($type == "image/gif" || $type == "image/jpeg" || $type == "image/png" || $type == "image/pjpeg") && ($_FILES["file"]["size"] < 20000) && in_array($extension, $allowedExts)) { if ($_FILES["file"]["error"] > 0) { echo "Return Code: " . $_FILES["file"]["error"] . "<br>"; } else { echo "Upload: " . $filename . "<br>"; echo "Type: " . $type . "<br>"; echo "Size: " . ($_FILES["file"]["size"] / 1024) . " kB<br>"; echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br>"; if (file_exists("upload/" . $filename)) { echo $filename . " already exists. "; } else { move_uploaded_file($_FILES["file"]["tmp_name"], "upload/" . $filename); echo "Stored in: " . "upload/" . $filename; } } } else { echo "Invalid file"; } stSetSessionStatus(3); */ } // // Start of the main code // stSetupCacheControl(); $sessionDestPage = stGetRequestItem("goto", FALSE); if ($sessionDestPage === FALSE || $sessionDestPage == "" || strpos($sessionDestPage, "submit.php") !== FALSE) exit; // Initiate SQL database connection if (!stConnectSQLDB() || !stCheckHTTPS()) { header("Location: ".$sessionDestPage); exit; } // Get settings stReloadSettings(); // Start the session if ((stChkSetting("allowVoting") || stChkSetting("allowSubmit")) && stUserSessionStart()) { $_SESSION["message"] = ""; stSetSessionStatus(0); stGetCompoList(FALSE); $mode = stGetRequestItem("mode"); // Check received data if (stChkDataItem("key") || strlen(stGetRequestItem("key")) != stGetSetting("userKeyLength")) { stError("Invalid or empty user key, please check."); } else { // Check if the key exists and is active $sql = stPrepareSQL( "SELECT * FROM users WHERE key=%S AND active<>0", "key"); if (($voter = stFetchSQL($sql)) === FALSE) stError("User key does not exist, perhaps you typed it incorrectly?"); } if (!$errorSet && $mode == "key") { $_SESSION["key"] = stGetRequestItem("key"); stSetSessionStatus(1); // Try fetching previously stored votes $sql = stPrepareSQL( "SELECT * FROM votes WHERE voter_id=%d", $voter["id"]); if (($res = stExecSQL($sql)) !== false) { foreach ($res as $vote) { $_SESSION["entry".$vote["entry_id"]] = $vote["value"]; } } } // Vote submission if (!$errorSet && $mode == "vote") { stCheckVoteValues(); if (!$errorSet) { stSubmitVotes(); stSetSessionStatus(2); } } // Entry submission if (!$errorSet && $mode == "info") { stSetSessionStatus(2); } if (!$errorSet && $mode == "files") { } if ($errorSet) { stSetSessionStatus(-1); $_SESSION["message"] = $errorMsg; } } header("Location: ".$sessionDestPage); ?>