Mercurial > hg > fapweb
changeset 32:36392d1d6b5f
Moar work.
| author | Matti Hamalainen <ccr@tnsp.org> |
|---|---|
| date | Mon, 10 Dec 2012 11:14:05 +0200 |
| parents | eaa65f0b3ce7 |
| children | 5bf22431176c |
| files | admin.inc.php admlogin.php admlogout.php ajax.php createdb.php entry.inc.php esubmit.php login.php logout.inc.php msite.inc.php submit.php usrlogout.php vote.inc.php vsubmit.php |
| diffstat | 14 files changed, 384 insertions(+), 357 deletions(-) [+] |
line wrap: on
line diff
--- a/admin.inc.php Sun Dec 09 06:21:19 2012 +0200 +++ b/admin.inc.php Mon Dec 10 11:14:05 2012 +0200 @@ -1,4 +1,6 @@ <? +$sessionType = "admin"; + function stCreateSettingsData() { $args = array(); @@ -46,11 +48,11 @@ echo "<h1>Party admin login</h1>\n". "<p>Please use illegal telepathy over HTTP to provide a password to enter the party administration systembolaget.</p>\n". - "<form name=\"admlogin\" action=\"login.php\" method=\"post\">\n". + stGetFormStart("admlogin", "admlogin.php"). stGetFormHiddenInput("mode", "check")."\n". - stGetFormHiddenInput("goto", $_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"])."\n". - stGetFormPasswordInput("admpass","", "")."\n". - " <input type=\"submit\" value=\" Login \" />\n". + stGetFormHiddenInput("goto", "admin")."\n". + stGetFormPasswordInput("admpass", "", "")."\n". + stGetFormSubmitInput("submit", "Login"). "</form>\n"; $authState = "login"; @@ -114,7 +116,7 @@ { if (req.status == 404) { - window.location = "logout"; + window.location = "admlogout.php"; } else if (req.status == 200) @@ -376,7 +378,7 @@ "')\">"+registeredTabs[id]+"</a>"; } - str += "<a class=\"admin\" href=\"logout\">Logout</a>"; + str += "<a class=\"admin\" href=\"admlogout.php\">Logout</a>"; item.innerHTML = str; }
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/admlogin.php Mon Dec 10 11:14:05 2012 +0200 @@ -0,0 +1,24 @@ +<? +$sessionType = "admin"; +require "mconfig.inc.php"; +require "msite.inc.php"; + +stSetupCacheControl(); + +$target = stGetRequestItem("goto", FALSE); +if (!stCheckHTTPS() || $target === FALSE || $target == "" || strpos($target, "login.php") !== FALSE) + exit; + +$password = stGetSetting("admPassword"); +if (stGetRequestItem("admpass", FALSE) == $password) +{ + if (!stSessionStart($password, "admTimeout")) + error_log("Admin session AUTH LOGIN failed (session setup)"); +} +else +{ + error_log("Admin session AUTH LOGIN failed (password)"); +} + +header("Location: ".$target); +?> \ No newline at end of file
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/admlogout.php Mon Dec 10 11:14:05 2012 +0200 @@ -0,0 +1,11 @@ +<? +$sessionType = "admin"; +require "mconfig.inc.php"; +require "msite.inc.php"; + +stSetupCacheControl(); + +stSessionEnd(); + +header("Location: admin"); +?> \ No newline at end of file
--- a/ajax.php Sun Dec 09 06:21:19 2012 +0200 +++ b/ajax.php Mon Dec 10 11:14:05 2012 +0200 @@ -1,4 +1,5 @@ <? +$sessionType = "admin"; require "mconfig.inc.php"; require "msite.inc.php";
--- a/createdb.php Sun Dec 09 06:21:19 2012 +0200 +++ b/createdb.php Mon Dec 10 11:14:05 2012 +0200 @@ -11,8 +11,8 @@ $siteDefaults = array( "maxAttendees" => array(VT_INT, 30, "Maximum attendees (soft limit)"), - "voteTimeout" => array(VT_INT, 120, "Vote page timeout (minutes)"), - "admTimeout" => array(VT_INT, 15, "Administration interface timeout (minutes)"), + "userTimeout" => array(VT_INT, 120, "User pages (voting, entry submission) timeout in minutes"), + "admTimeout" => array(VT_INT, 15, "Administration interface timeout in minutes"), "showAdmin" => array(VT_BOOL, false, "Show administration interface link on the menu"), "showAttendees" => array(VT_BOOL, false, "Show attendees list"),
--- a/entry.inc.php Sun Dec 09 06:21:19 2012 +0200 +++ b/entry.inc.php Mon Dec 10 11:14:05 2012 +0200 @@ -1,5 +1,7 @@ <? -// Check if voting is enabled +$sessionType = "entry"; + +// Check if entry submission is enabled if (!stChkSetting("allowSubmit")) { echo @@ -8,42 +10,16 @@ } else { - stUserSessionAuth(); - $mode = stGetSessionItem("status", 0); - - if ($mode < 0) - { - echo "<h1>Oh noes, an error!</h1>\n". - "<ul>\n".stGetSessionItem("message", "")."</ul>\n". - stGetFormStart("entry"). - " ".stGetFormHiddenInput("goto", "entry")."\n". - " ".stGetFormSubmitInput("back", "Go back")."\n". - "</form>\n"; - stSetSessionStatus(0); - } - else - if ($mode == 0) - { - echo - "<h1>Compo entry submission (login)</h1>\n". - stGetFormStart("entry", "submit.php"). - " ".stGetFormHiddenInput("mode", "key")."\n". - " ".stGetFormHiddenInput("goto", "entry")."\n". - " <div class=\"votectrl\">\n". - " Enter your user key:\n". - " ".stGetFormTextInput(30, 30, "key", "", "", stGetSessionItem("key"), "autocomplete=\"off\"")."\n". - " ".stGetFormSubmitInput("login", "Login")."\n". - " </div>\n". - "</form>\n"; - } - else - if ($mode == 1) + $status = stGetSubmitStatus(); + + stStartSubmitStatus($status, "entry", "esubmit.php", "Compo entry submission (login)"); + + if ($status == 1) { echo "<h1>Compo entry submission (info)</h1>\n". - stGetFormStart("entry", "submit.php")."\n". + stGetFormStart("entry", "esubmit.php")."\n". " ".stGetFormHiddenInput("mode", "info")."\n". - " ".stGetFormHiddenInput("goto", "entry")."\n". " ".stGetFormHiddenInput("key", stGetSessionItem("key"))."\n". " <table>\n". " <tr>\n". @@ -59,16 +35,17 @@ echo " </select>\n". " </td>\n". - " <td>".stGetFormTextInput(35, 64, "name", "", "", stGetSessionItem("name"))."</td>\n". - " <td>".stGetFormTextInput(30, 64, "author", "", "", stGetSessionItem("author"))."</td>\n". + " <td>".stGetFormTextInput(35, 64, "name", "", "", stGetSessionItem("name", ""))."</td>\n". + " <td>".stGetFormTextInput(30, 64, "author", "", "", stGetSessionItem("author", ""))."</td>\n". " </tr>\n". " </table>\n". - " <div>".stGetFormSubmitInput("entry", "Continue")."</div>\n". - "</form>\n". - "<p>".stGetSetting("entrySubmitInfo")."</p>\n"; + " ".stGetFormSubmitInput("entry", "Continue")."\n". + "</form>\n"; + stSubmitLogout("entry", "esubmit.php"); + echo "<p>".stGetSetting("entrySubmitInfo")."</p>\n"; } else - if ($mode == 2) + if ($status == 2) { $compo = stFetchSQLColumn( stPrepareSQL("SELECT name FROM compos WHERE visible<>0 AND id=%D", @@ -76,9 +53,8 @@ echo "<h1>Compo entry submission (files)</h1>\n". - stGetFormStart("entry", "submit.php")."\n". + stGetFormStart("entry", "esubmit.php")."\n". " ".stGetFormHiddenInput("mode", "files")."\n". - " ".stGetFormHiddenInput("goto", "entry")."\n". " ".stGetFormHiddenInput("key", stGetSessionItem("key"))."\n". " <table>\n". " <tr>\n". @@ -96,7 +72,7 @@ "<p>".stGetSetting("entrySubmitInfo")."</p>\n"; } else - if ($mode == 3) + if ($status == 3) { echo "<h1>Yay, you submitted some entries!</h1>\n". "<p>Now go FAP some more! And make wait for voting.</p>";
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/esubmit.php Mon Dec 10 11:14:05 2012 +0200 @@ -0,0 +1,90 @@ +<? +$sessionType = "entry"; +require "mconfig.inc.php"; +require "msite.inc.php"; + +// +// Start of the main code +// +if (stStartSubmitSession("allowSubmit", $sessionType)) +{ + print_r($_SESSION); + exit; + + // Entry submission + if (!$errorSet && $mode == "info") + { + if (stChkRequestItem("compo_id") && + stChkRequestItem("name") && stChkRequestItem("author")) + { + $compo_id = stGetRequestItem("compo_id", FALSE); + $name = stGetRequestItem("name", ""); + $author = stGetRequestItem("author", ""); + stSetSessionItem("compo_id", $compo_id); + stSetSessionItem("name", $name); + stSetSessionItem("author", $author); + + if ($compo_id !== FALSE && $name != "" && $author != "") + { + stSetSessionStatus(2); + } + else + { + stError("Entry name/title and author must be set."); + stSetSessionStatus(1); + } + } + else + { + stError("Required entry information not set (name, compo, author)."); + } + } + + if (!$errorSet && $mode == "files") + { +/* + stSessionEnd(); + $allowedExts = array("zip", "rar", "lha", "7z"); + $filename = $_FILES["file"]["name"]; + $extension = end(explode(".", $filename)); + $type = $_FILES["file"]["type"]; + + if (($type == "image/gif" || $type == "image/jpeg" || $type == "image/png" || $type == "image/pjpeg") && + ($_FILES["file"]["size"] < 20000) && in_array($extension, $allowedExts)) + { + if ($_FILES["file"]["error"] > 0) + { + echo "Return Code: " . $_FILES["file"]["error"] . "<br>"; + } + else + { + + echo "Upload: " . $filename . "<br>"; + echo "Type: " . $type . "<br>"; + echo "Size: " . ($_FILES["file"]["size"] / 1024) . " kB<br>"; + echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br>"; + + if (file_exists("upload/" . $filename)) + { + echo $filename . " already exists. "; + } + else + { + move_uploaded_file($_FILES["file"]["tmp_name"], + "upload/" . $filename); + echo "Stored in: " . "upload/" . $filename; + } + } + } + else + { + echo "Invalid file"; + } + stSetSessionStatus(3); +*/ + } + + stEndSubmitSession($sessionType); +} + +?> \ No newline at end of file
--- a/login.php Sun Dec 09 06:21:19 2012 +0200 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,19 +0,0 @@ -<? -require "mconfig.inc.php"; -require "msite.inc.php"; - -stSetupCacheControl(); - -$target = stGetRequestItem("goto", FALSE); -if ($target === FALSE || $target == "" || strpos($target, "login.php") !== FALSE) - exit; - -if (stGetRequestItem("admpass", FALSE) == stGetSetting("admPassword")) - stAdmSessionStart(); -else -{ - if (stGetSetting("debug")) error_log("Admin session AUTH LOGIN failed (".stGetRequestItem("admpass", FALSE).")"); -} - -header("Location: https://".$target); -?> \ No newline at end of file
--- a/logout.inc.php Sun Dec 09 06:21:19 2012 +0200 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,13 +0,0 @@ -<? -stSetupCacheControl(); - -if (stSessionEnd(stAdmSessionAuth())) -{ - echo "<h1>Logged out</h1>\n". - "<p>Have a nice day.</p>\n"; -} -else -{ - header("Location: admin"); -} -?> \ No newline at end of file
--- a/msite.inc.php Sun Dec 09 06:21:19 2012 +0200 +++ b/msite.inc.php Mon Dec 10 11:14:05 2012 +0200 @@ -14,6 +14,16 @@ define("VT_TEXT", 4); +if (function_exists("ini_set")) +{ + // Use cookies to store the session ID on the client side + @ini_set("session.use_only_cookies", 1); + + // Disable transparent Session ID support + @ini_set("session.use_trans_sid", 0); +} + + function stError($msg) { global $errorSet, $errorMsg; @@ -35,71 +45,109 @@ } -function stSessionExpire($type) +function stSessionExpire() { + global $sessionType; + // Check for session expiration - if (!isset($_SESSION["expires"])) + if (!isset($_SESSION[$sessionType]) || !isset($_SESSION[$sessionType]["expires"])) { - if (stGetSetting("debug")) error_log("Session $type expires due to expire time not set."); + if (stGetSetting("debug")) error_log("Session ".$sessionType." expires due to expire time not set."); + stSessionEnd(); return FALSE; } - if ($_SESSION["expires"] < time()) + if ($_SESSION[$sessionType]["expires"] < time()) { - if (stGetSetting("debug")) error_log("Session $type / ".session_id()." expires due to timeout ".$_SESSION["expires"]." < ".time()); + if (stGetSetting("debug")) error_log("Session ".$sessionType." / ".session_id()." expires due to timeout ".$_SESSION[$sessionType]["expires"]." < ".time()); + stSessionEnd(); return FALSE; } // Add more time to expiration - if (stGetSetting("debug")) error_log("Adding more time to $type session ".session_id()." :: ".stGetSetting($type)); - $_SESSION["expires"] = time() + stGetSetting($type) * 60; + $timeout = stGetSetting($_SESSION[$sessionType]["timeout"], 0); + if (stGetSetting("debug")) error_log("Adding more time to ".$sessionType." session ".session_id()." :: ".$timeout); + $_SESSION[$sessionType]["expires"] = time() + $timeout * 60; return TRUE; } -function stSessionEnd($ok) +function stSessionEnd() { - if (stGetSetting("debug")) error_log("END session ".$_SESSION["type"]." / ".$_SESSION["expires"]." == ".$ok); - $_SESSION = array(); - if (ini_get("session.use_cookies")) + global $sessionType; + $result = FALSE; + + if (stGetSetting("debug")) error_log("Request END session ".$sessionType); + + if (@session_start() === TRUE && isset($_SESSION)) { - $params = session_get_cookie_params(); - setcookie(session_name(), "", time() - 242000, - $params["path"], $params["domain"], - $params["secure"], $params["httponly"] + // End current session type + if (isset($_SESSION[$sessionType])) + { + if (stGetSetting("debug")) error_log("END session ".$sessionType." / ".$_SESSION[$sessionType]["expires"]); + $_SESSION[$sessionType] = array(); + unset($_SESSION[$sessionType]); + $result = TRUE; + } + + // If all session types are ended, clear the cookies etc + if (!isset($_SESSION["user"]) && !isset($_SESSION["admin"])) + { + if (stGetSetting("debug")) error_log("Clearing all session data."); + $_SESSION = array(); + + if (ini_get("session.use_cookies")) + { + $params = session_get_cookie_params(); + setcookie(session_name(), "", time() - 242000, + $params["path"], $params["domain"], + $params["secure"], $params["httponly"] + ); + } + + @session_destroy(); + } + } + + return $result; +} + + +function stSessionStart($key, $timeout) +{ + global $sessionType; + + if (@session_start() === TRUE) + { + if (stGetSetting("debug")) error_log("START ".$sessionType." session OK."); + $_SESSION[$sessionType] = array( + "key" => $key, + "timeout" => $timeout, + "expires" => time() + stGetSetting($timeout) * 60, + "message" => "", + "status" => 0, ); + return TRUE; } - @session_destroy(); - return $ok; + else + { + if (stGetSetting("debug")) error_log("START ".$sessionType." session --FAILED--"); + return FALSE; + } } function stAdmSessionAuth() { - if (@session_start() === TRUE && isset($_SESSION["admPassword"]) && - $_SESSION["admPassword"] == stGetSetting("admPassword")) + if (@session_start() === TRUE && + stGetSessionItem("key", FALSE) == stGetSetting("admPassword")) { - if (stGetSetting("debug")) error_log("AUTH admin session."); - return stSessionExpire("admTimeout"); - } - else - return FALSE; -} - - -function stAdmSessionStart() -{ - if (@session_start() === TRUE) - { - if (stGetSetting("debug")) error_log("START admin session OK."); - $_SESSION["type"] = "admin"; - $_SESSION["admPassword"] = stGetSetting("admPassword"); - $_SESSION["expires"] = time() + stGetSetting("admTimeout") * 60; - return TRUE; + if (stGetSetting("debug")) error_log("AUTH admin session OK."); + return stSessionExpire(); } else { - if (stGetSetting("debug")) error_log("START admin session --FAILED--"); + if (stGetSetting("debug")) error_log("AUTH admin session FAIL."); return FALSE; } } @@ -107,29 +155,27 @@ function stUserSessionAuth() { - if (@session_start() === TRUE && isset($_SESSION["key"]) && isset($_SESSION["votes"])) - return stSessionExpire("voteTimeout"); + global $sessionType; + + if (@session_start() === TRUE && + isset($_SESSION[$sessionType]) && + isset($_SESSION[$sessionType]["key"])) + return stSessionExpire(); else return FALSE; } -function stUserSessionStart() +function stSetSessionStatus($status) { - if (@session_start() === TRUE) + global $sessionType; + if (isset($_SESSION[$sessionType]) || session_start() === TRUE) { - $_SESSION["type"] = "vote"; - $_SESSION["expires"] = time() + stGetSetting("voteTimeout") * 60; - return TRUE; + if ($status >= 0) + stSetSessionItem("prevstatus", stGetSessionItem("status", FALSE)); + + stSetSessionItem("status", $status); } - else - return FALSE; -} - - -function stSetSessionStatus($st) -{ - $_SESSION["status"] = $st; } @@ -376,7 +422,21 @@ function stGetSessionItem($name, $default = "") { - return isset($_SESSION[$name]) ? trim($_SESSION[$name]) : $default; + global $sessionType; + if (isset($sessionType)) + return (isset($_SESSION[$sessionType]) && isset($_SESSION[$sessionType][$name])) ? trim($_SESSION[$sessionType][$name]) : $default; + else + return isset($_SESSION[$name]) ? trim($_SESSION[$name]) : $default; +} + + +function stSetSessionItem($name, $value) +{ + global $sessionType; + if (!isset($sessionType)) + die("Session type not set."); + + $_SESSION[$sessionType][$name] = $value; } @@ -590,4 +650,5 @@ } } + ?> \ No newline at end of file
--- a/submit.php Sun Dec 09 06:21:19 2012 +0200 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,191 +0,0 @@ -<? -require "mconfig.inc.php"; -require "msite.inc.php"; - -function stCheckVoteValues() -{ - // Check the submitted vote values - foreach ($compos as $id => $compo) - foreach ($compo["entries"] as $eid => $entry) - { - $name = "entry".$eid; - $vote = stGetRequestItem($name); - if (!$errorSet && ($vote < stGetSetting("voteMin") || $vote > stGetSetting("voteMax"))) - { - stError("One or more vote value was out of bounds. Trying to cheat, eh?"); - $vote = 0; - } - $_SESSION[$name] = $vote; - } -} - -function stSubmitVotes() -{ - foreach ($compos as $id => $compo) - foreach ($compo["entries"] as $eid => $entry) - { - $vote = stGetRequestItem("entry".$eid); - $sql = stPrepareSQL("SELECT id FROM votes WHERE voter_id=%d AND entry_id=%d", - $voter["id"], $eid); - - if (($res = stFetchSQLColumn($sql)) === false) - { - $sql = stPrepareSQL( - "INSERT INTO votes (voter_id,entry_id,value) VALUES (%d,%d,%d)", - $voter["id"], $eid, $vote); - - if (stExecSQL($sql) === false) - return FALSE; - } - else - { - $sql = stPrepareSQL( - "UPDATE votes SET value=%d WHERE voter_id=%d AND entry_id=%d", - $vote, $voter["id"], $eid); - - if (stExecSQL($sql) === false) - return FALSE; - } - } - return TRUE; -} - - -function stSubmitFiles() -{ -/* - $allowedExts = array("zip", "rar", "lha", "7z"); - $filename = $_FILES["file"]["name"]; - $extension = end(explode(".", $filename)); - $type = $_FILES["file"]["type"]; - - if (($type == "image/gif" || $type == "image/jpeg" || $type == "image/png" || $type == "image/pjpeg") && - ($_FILES["file"]["size"] < 20000) && in_array($extension, $allowedExts)) - { - if ($_FILES["file"]["error"] > 0) - { - echo "Return Code: " . $_FILES["file"]["error"] . "<br>"; - } - else - { - - echo "Upload: " . $filename . "<br>"; - echo "Type: " . $type . "<br>"; - echo "Size: " . ($_FILES["file"]["size"] / 1024) . " kB<br>"; - echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br>"; - - if (file_exists("upload/" . $filename)) - { - echo $filename . " already exists. "; - } - else - { - move_uploaded_file($_FILES["file"]["tmp_name"], - "upload/" . $filename); - echo "Stored in: " . "upload/" . $filename; - } - } - } - else - { - echo "Invalid file"; - } - stSetSessionStatus(3); -*/ -} - -// -// Start of the main code -// -stSetupCacheControl(); - -$sessionDestPage = stGetRequestItem("goto", FALSE); -if ($sessionDestPage === FALSE || - $sessionDestPage == "" || - strpos($sessionDestPage, "submit.php") !== FALSE) - exit; - -// Initiate SQL database connection -if (!stConnectSQLDB() || !stCheckHTTPS()) -{ - header("Location: ".$sessionDestPage); - exit; -} - -// Get settings -stReloadSettings(); - -// Start the session -if ((stChkSetting("allowVoting") || stChkSetting("allowSubmit")) && stUserSessionStart()) -{ - $_SESSION["message"] = ""; - stSetSessionStatus(0); - stGetCompoList(FALSE); - $mode = stGetRequestItem("mode"); - - // Check received data - if (stChkDataItem("key") || - strlen(stGetRequestItem("key")) != stGetSetting("userKeyLength")) - { - stError("Invalid or empty user key, please check."); - } - else - { - // Check if the key exists and is active - $sql = stPrepareSQL( - "SELECT * FROM users WHERE key=%S AND active<>0", - "key"); - - if (($voter = stFetchSQL($sql)) === FALSE) - stError("User key does not exist, perhaps you typed it incorrectly?"); - } - - if (!$errorSet && $mode == "key") - { - $_SESSION["key"] = stGetRequestItem("key"); - stSetSessionStatus(1); - - // Try fetching previously stored votes - $sql = stPrepareSQL( - "SELECT * FROM votes WHERE voter_id=%d", - $voter["id"]); - - if (($res = stExecSQL($sql)) !== false) - { - foreach ($res as $vote) - { - $_SESSION["entry".$vote["entry_id"]] = $vote["value"]; - } - } - } - - // Vote submission - if (!$errorSet && $mode == "vote") - { - stCheckVoteValues(); - if (!$errorSet) - { - stSubmitVotes(); - stSetSessionStatus(2); - } - } - - // Entry submission - if (!$errorSet && $mode == "info") - { - stSetSessionStatus(2); - } - - if (!$errorSet && $mode == "files") - { - } - - if ($errorSet) - { - stSetSessionStatus(-1); - $_SESSION["message"] = $errorMsg; - } -} - -header("Location: ".$sessionDestPage); -?> \ No newline at end of file
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/usrlogout.php Mon Dec 10 11:14:05 2012 +0200 @@ -0,0 +1,11 @@ +<? +$sessionType = "user"; +require "mconfig.inc.php"; +require "msite.inc.php"; + +stSetupCacheControl(); + +stSessionEnd(); + +header("Location: admin"); +?> \ No newline at end of file
--- a/vote.inc.php Sun Dec 09 06:21:19 2012 +0200 +++ b/vote.inc.php Mon Dec 10 11:14:05 2012 +0200 @@ -1,4 +1,6 @@ <? +$sessionType = "vote"; + // Check if voting is enabled if (!stChkSetting("allowVoting")) { @@ -7,44 +9,43 @@ "<p>Voting functionality not available at this time.</p>\n"; } else +if (stUserSessionAuth()) { - stUserSessionAuth(); - $mode = stGetSessionItem("status", 0); + $authState = "ok"; +} +else +{ - if ($mode < 0) - { - echo "<h1>Oh noes, an error!</h1>\n". - "<ul>\n".stGetSessionItem("message", "")."</ul>\n". - stGetFormStart("vote"). - " ".stGetFormHiddenInput("goto", "vote")."\n". - " ".stGetFormSubmitInput("back", "Go back")."\n". - "</form>\n"; - stSetSessionStatus(0); - } - else - if ($mode == 0) - { - echo - "<h1>Voting system</h1>\n". - stGetFormStart("vote", "submit.php"). - " ".stGetFormHiddenInput("mode", "key")."\n". - " ".stGetFormHiddenInput("goto", "vote")."\n". - " <div class=\"votectrl\">\n". - " Enter your user key:\n". - " ".stGetFormTextInput(30, 30, "key", "", "", stGetSessionItem("key"), "autocomplete=\"off\"")."\n". - " ".stGetFormSubmitInput("login", "Login")."\n". - " </div>\n". - "</form>\n"; - } - else - if ($mode == 1) + $authState = "login"; +} + + +{ + $status = stGetSubmitStatus(); + + stStartSubmitStatus($status, "vote", "vsubmit.php", "Vote system"); + + if ($status == 1) { $showAuthors = stGetSetting("showVoteAuthors"); stGetCompoList(TRUE, TRUE); + // Try fetching previously stored votes + $sql = stPrepareSQL( + "SELECT * FROM votes WHERE voter_id=%d", + stGetSessionItem("user_id")); + + if (($res = stExecSQL($sql)) !== false) + { + foreach ($res as $vote) + { + stSetSessionItem("entry".$vote["entry_id"], $vote["value"]); + } + } + echo "<h1>Voting system</h1>\n". - stGetFormStart("vote", "submit.php"). + stGetFormStart("vote", "vsubmit.php"). " ".stGetFormHiddenInput("mode", "vote")."\n". " ".stGetFormHiddenInput("goto", "vote")."\n". " ".stGetFormHiddenInput("key", stGetSessionItem("key"))."\n". @@ -102,7 +103,7 @@ "</form>\n"; } else - if ($mode == 2) + if ($status == 2) { echo "<h1>Yay, you have voted!</h1>\n". "<p>Now go FAP some more! And make a demo about it.</p>";
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/vsubmit.php Mon Dec 10 11:14:05 2012 +0200 @@ -0,0 +1,73 @@ +<? +$sessionType = "vote"; +require "mconfig.inc.php"; +require "msite.inc.php"; + +function stSubmitVotes($user_id) +{ + foreach ($compos as $id => $compo) + foreach ($compo["entries"] as $eid => $entry) + { + $vote = stGetRequestItem("entry".$eid); + $sql = stPrepareSQL("SELECT id FROM votes WHERE voter_id=%d AND entry_id=%d", + $user_id, $eid); + + if (($res = stFetchSQLColumn($sql)) === false) + { + $sql = stPrepareSQL( + "INSERT INTO votes (voter_id,entry_id,value) VALUES (%d,%d,%d)", + $user_id, $eid, $vote); + + if (stExecSQL($sql) === false) + return FALSE; + } + else + { + $sql = stPrepareSQL( + "UPDATE votes SET value=%d WHERE voter_id=%d AND entry_id=%d", + $vote, $user_id, $eid); + + if (stExecSQL($sql) === false) + return FALSE; + } + } + return TRUE; +} + + +// +// Start of the main code +// +if (stStartSubmitSession("allowVoting", $sessionType)) +{ + // Vote submission + if (!$errorSet && $mode == "vote") + { + stSetSessionStatus(1); + stGetCompoList(FALSE); + + // Check the submitted vote values + foreach ($compos as $id => $compo) + foreach ($compo["entries"] as $eid => $entry) + { + $name = "entry".$eid; + $vote = stGetRequestItem($name); + if (!$errorSet && ($vote < stGetSetting("voteMin") || $vote > stGetSetting("voteMax"))) + { + stError("One or more vote value was out of bounds. Trying to cheat, eh?"); + $vote = 0; + } + stSetSessionItem($name, $vote); + } + + if (!$errorSet) + { + if (stSubmitVotes($user["id"])) + stSetSessionStatus(2); + } + } + + stEndSubmitSession($sessionType); +} + +?> \ No newline at end of file