Mercurial > hg > fapweb

view usrajax.php @ 294:efba5a51f8fa

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Fix some 10L's ... durr.
author Matti Hamalainen <ccr@tnsp.org>
date Mon, 25 Nov 2013 03:19:58 +0200
parents bb96aef874a9
children 8098b5b80f8c
line wrap: on
line source

<?
//
// FAPWeb Simple Demoparty System
// User actions page AJAX backend module
// (C) Copyright 2012-2013 Tecnic Software productions (TNSP)
//
$sessionType = "user";
require_once "mconfig.inc.php";
require_once "msite.inc.php";
require_once "msession.inc.php";


//
// "Submit" one vote into the database
//
function stSubmitOneVote($voter_id, $entry_id, $vote)
{
  // Check if the entry_id is actually valid
  $sql = stPrepareSQL("SELECT * FROM entries WHERE id=%d", $entry_id);
  if (($entry = stFetchSQL($sql)) === false)
    return FALSE;

  // Check if the compo is valid for the entry
  $sql = stPrepareSQL("SELECT * FROM compos WHERE id=%d", $entry["compo_id"]);
  if (($compo = stFetchSQL($sql)) === false || $compo["voting"] == 0)
    return FALSE;

  // Check if the vote already exists
  $sql = stPrepareSQL("SELECT id FROM votes WHERE voter_id=%d AND entry_id=%d",
    $voter_id, $entry_id);

  if (($res = stFetchSQLColumn($sql)) === false)
  {
    // Didn't exist, insert it
    $sql = stPrepareSQL(
      "INSERT INTO votes (voter_id,entry_id,value) VALUES (%d,%d,%d)",
      $voter_id, $entry_id, $vote);
  }
  else
  {
    // Existed, thusly update
    $sql = stPrepareSQL(
      "UPDATE votes SET value=%d WHERE voter_id=%d AND entry_id=%d",
      $vote, $voter_id, $eid);
  }

  return stExecSQL($sql);
}


//
// Initialize
//
if (!stUserSessionAuth())
{
  stSetupCacheControl();

  stSessionEnd(SESS_USER);

  header("Location: ".stGetSetting("defaultPage"));
  exit;
}

stSetupCacheControl();

if (!stConnectSQLDB())
  die("Could not connect to SQL database.");

stReloadSettings();

$userKeyLen = stGetSetting("userKeyLength");
$voteMin = stGetSetting("voteMin");
$voteMax = stGetSetting("voteMax");

//
// Handle the request
//
switch (stGetRequestItem("action"))
{
  case "set":
    //
    // Set vote, if voting is enabled
    //
    if (!stChkSetting("allowVoting"))
      stError("Voting is not enabled.");
    else
    if (stChkRequestItem("entry_id", $entry_id,
        array(CHK_TYPE, VT_INT, "Invalid data.")) &&
      stChkRequestItem("vote", $vote,
        array(CHK_TYPE, VT_INT, "Invalid data."),
        array(CHK_RANGE, VT_INT, array($voteMin, $voteMax), "Invalid vote value.")))
    {
      // Check if voting is enabled on the compo and voter is valid
      $sql = stPrepareSQL("SELECT * FROM votekeys WHERE key=%s", stGetSessionItem("key"));
      if (($votekey = stFetchSQL($sql)) !== false)
      {
      }
      else
        stError("Invalid data.");
    }
    break;

  case "submit":
    if (!stChkSetting("allowVoting"))
      stError("Voting is not enabled.");
    else
    {
      $sql = stPrepareSQL("SELECT * FROM votekeys WHERE key=%s", stGetSessionItem("key"));
      if (($votekey = stFetchSQL($sql)) !== false)
      {
      }
      else
        stError("Invalid data.");
    }
    break;

  default:
    stSetStatus(404, "Not Found");
    break;
}

stDumpAJAXStatusErrors();
?>