# HG changeset patch
# User Matti Hamalainen <ccr@tnsp.org>
# Date 1382702863 -10800
# Node ID aecf145e7c708559cc08476d0dc7e220f1d14f82
# Parent  6e6fba2da3d1400ec3fce89dd6a81eda7aece66d
Some work on the voting backend.

diff -r 6e6fba2da3d1 -r aecf145e7c70 usrajax.php
--- a/usrajax.php	Fri Oct 25 02:10:14 2013 +0300
+++ b/usrajax.php	Fri Oct 25 15:07:43 2013 +0300
@@ -92,14 +92,35 @@
 
   case "set":
     //
-    // Set vote
+    // Set vote, if voting is enabled
     //
-    if ($type == "votes" && stChkRequestItem("voter_id") &&
-      stChkRequestItem("entry_id") && stChkRequestItem("vote"))
+    if ($type == "votes" && stChkSetting("allowVoting") &&
+      stChkRequestItem("votekey") &&
+      stChkRequestItem("entry_id") &&
+      stChkRequestItem("vote"))
     {
-      stGetCompoList(FALSE);
+      // Check if voting is enabled on the compo and voter is valid
+      $entry_id = stGetRequestItem("entry_id");
+
+      $sql = stPrepareSQL("SELECT * FROM votekeys WHERE key=%s", stGetRequestItem("votekey"));
+      if (($votekey = stFetchSQLColumn($sql)) !== false)
+      {
+      }
       
-      stSubmitOneVote(stGetRequestItem("voter_id"), stGetRequestItem("entry_id"), stGetRequestItem("vote"));
+
+      $sql = stPrepareSQL("SELECT * FROM entries WHERE id=%d", $entry_id);
+      if (($entry = stFetchSQL($sql)) !== false)
+      {
+        if (($compo = stFetchSQL("SELECT * FROM compos WHERE id=".$entry["compo_id"])) !== false
+          && $compo["voting"] != 0)
+        {
+          stSubmitOneVote(stGetRequestItem("voter_id"), $entry_id, stGetRequestItem("vote"));
+        }
+        else
+          stSetStatus(902, "Voting not enabled on that compo.");
+      }
+      else
+        stSetStatus(902, "No such entry.");
     }
     else
       stSetStatus(902, "No data.");