Mercurial > hg > fapweb
changeset 29:4b5a176805e2
Moar work.
| author | Matti Hamalainen <ccr@tnsp.org> |
|---|---|
| date | Sun, 09 Dec 2012 05:41:18 +0200 |
| parents | bf567e6402bf |
| children | ad25827304b6 |
| files | ajax.php createdb.php entry.inc.php submit.php |
| diffstat | 4 files changed, 166 insertions(+), 68 deletions(-) [+] |
line wrap: on
line diff
--- a/ajax.php Sat Dec 08 14:40:13 2012 +0200 +++ b/ajax.php Sun Dec 09 05:41:18 2012 +0200 @@ -152,7 +152,7 @@ " </tr>\n". " <tr>\n". " <th>Title</th>\n". - " <th>Author</th>\n". + " <th>Author(s)</th>\n". " <th>Actions</th>\n". " </tr>\n"; @@ -161,8 +161,8 @@ { echo " <tr id=\"entry".$eid."\">\n". - " <td>".stGetFormTextInput(40, 64, "name", $eid, "en", $entry["name"])."</td>\n". - " <td>".stGetFormTextInput(40, 64, "author", $eid, "en", $entry["author"])."</td>\n". + " <td>".stGetFormTextInput(35, 64, "name", $eid, "en", $entry["name"])."</td>\n". + " <td>".stGetFormTextInput(30, 64, "author", $eid, "en", $entry["author"])."</td>\n". " <td>". stGetFormButtonInput("update", $eid, $prefix, " Update ", "updateEntry(".$eid.")"). stGetFormButtonInput("delete", $eid, $prefix, " Delete ", "deleteEntry(".$eid.")").
--- a/createdb.php Sat Dec 08 14:40:13 2012 +0200 +++ b/createdb.php Sun Dec 09 05:41:18 2012 +0200 @@ -116,6 +116,9 @@ </p> </div>", "News page header text"), + + + "entrySubmitInfo" => array(VT_TEXT, "Rules for entry submission ... ", "Entry submission information blurb"), ); $sqlTables = array(
--- a/entry.inc.php Sat Dec 08 14:40:13 2012 +0200 +++ b/entry.inc.php Sun Dec 09 05:41:18 2012 +0200 @@ -25,7 +25,7 @@ if ($mode == 0) { echo - "<h1>Compo submission system</h1>\n". + "<h1>Compo entry submission (login)</h1>\n". stGetFormStart("entry", "submit.php"). " ".stGetFormHiddenInput("mode", "key")."\n". " ".stGetFormHiddenInput("goto", "entry")."\n". @@ -40,24 +40,64 @@ if ($mode == 1) { echo - "<h1>Compo submission system</h1>\n". - stGetFormStart("entry", "submit.php"). - " ".stGetFormHiddenInput("mode", "entry")."\n". + "<h1>Compo entry submission (info)</h1>\n". + stGetFormStart("entry", "submit.php")."\n". + " ".stGetFormHiddenInput("mode", "info")."\n". " ".stGetFormHiddenInput("goto", "entry")."\n". - " ".stGetFormHiddenInput("key", stGetSessionItem("key"))."\n"; - + " ".stGetFormHiddenInput("key", stGetSessionItem("key"))."\n". + " <table>\n". + " <tr>\n". + " <th>Compo</th>\n". + " <th>Title</th>\n". + " <th>Author(s)</th>\n". + " </tr>\n". + " <tr>\n". + " <td>\n". + " <select class=\"dropdown\" name=\"compo_id\">\n"; foreach (stExecSQL("SELECT id,name FROM compos WHERE visible<>0") as $entry) - { - print_r($entry); - } - + echo " <option value=\"".$entry["id"]."\">".chentities($entry["name"])."</option>\n"; echo - " <div class=\"votectrl\">".stGetFormSubmitInput("entry", "Submit votes!")."</div>\n". - "</form>\n"; + " </select>\n". + " </td>\n". + " <td>".stGetFormTextInput(35, 64, "name", "", "", stGetSessionItem("name"))."</td>\n". + " <td>".stGetFormTextInput(30, 64, "author", "", "", stGetSessionItem("author"))."</td>\n". + " </tr>\n". + " </table>\n". + " <div>".stGetFormSubmitInput("entry", "Continue")."</div>\n". + "</form>\n". + "<p>".stGetSetting("entrySubmitInfo")."</p>\n"; } else if ($mode == 2) { + $compo = stFetchSQLColumn( + stPrepareSQL("SELECT name FROM compos WHERE visible<>0 AND id=%D", + "compo_id")); + + echo + "<h1>Compo entry submission (files)</h1>\n". + stGetFormStart("entry", "submit.php")."\n". + " ".stGetFormHiddenInput("mode", "files")."\n". + " ".stGetFormHiddenInput("goto", "entry")."\n". + " ".stGetFormHiddenInput("key", stGetSessionItem("key"))."\n". + " <table>\n". + " <tr>\n". + " <td>".chentities($compo)."</td>\n". + " <td>".chentities(stGetSessionItem("name"))."</td>\n". + " <td>".chentities(stGetSessionItem("author"))."</td>\n". + " </tr>\n". + " <tr>\n". + " <td>Entry file:</td>\n". + " <td><input type=\"file\" name=\"file\" id=\"file\"></td>\n". + " <td>".stGetFormSubmitInput("entry", "Submit entry")."</td>\n". + " </tr>\n". + " </table>\n". + "</form>\n". + "<p>".stGetSetting("entrySubmitInfo")."</p>\n"; + } + else + if ($mode == 3) + { echo "<h1>Yay, you submitted some entries!</h1>\n". "<p>Now go FAP some more! And make wait for voting.</p>"; stSessionEnd(TRUE);
--- a/submit.php Sat Dec 08 14:40:13 2012 +0200 +++ b/submit.php Sun Dec 09 05:41:18 2012 +0200 @@ -2,6 +2,58 @@ require "mconfig.inc.php"; require "msite.inc.php"; +function stCheckVoteValues() +{ + // Check the submitted vote values + foreach ($compos as $id => $compo) + foreach ($compo["entries"] as $eid => $entry) + { + $name = "entry".$eid; + $vote = stGetRequestItem($name); + if (!$errorSet && ($vote < stGetSetting("voteMin") || $vote > stGetSetting("voteMax"))) + { + stError("One or more vote value was out of bounds. Trying to cheat, eh?"); + $vote = 0; + } + $_SESSION[$name] = $vote; + } +} + +function stSubmitVotes() +{ + foreach ($compos as $id => $compo) + foreach ($compo["entries"] as $eid => $entry) + { + $vote = stGetRequestItem("entry".$eid); + $sql = stPrepareSQL("SELECT id FROM votes WHERE voter_id=%d AND entry_id=%d", + $voter["id"], $eid); + + if (($res = stFetchSQLColumn($sql)) === false) + { + $sql = stPrepareSQL( + "INSERT INTO votes (voter_id,entry_id,value) VALUES (%d,%d,%d)", + $voter["id"], $eid, $vote); + + if (stExecSQL($sql) === false) + return FALSE; + } + else + { + $sql = stPrepareSQL( + "UPDATE votes SET value=%d WHERE voter_id=%d AND entry_id=%d", + $vote, $voter["id"], $eid); + + if (stExecSQL($sql) === false) + return FALSE; + } + } + return TRUE; +} + + +// +// Start of the main code +// stSetupCacheControl(); $sessionDestPage = stGetRequestItem("goto", FALSE); @@ -11,7 +63,7 @@ exit; // Initiate SQL database connection -if (!stConnectSQLDB()) +if (!stConnectSQLDB() || !stCheckHTTPS()) { header("Location: ".$sessionDestPage); exit; @@ -20,20 +72,11 @@ // Get settings stReloadSettings(); - -// Start vote session -if (!stUserSessionStart()) +// Start the session +if ((stChkSetting("allowVoting") || stChkSetting("allowSubmit")) && stUserSessionStart()) { - header("Location: ".$sessionDestPage); - exit; -} - -$_SESSION["message"] = ""; -stSetSessionStatus(0); - - -if (stCheckHTTPS() && (stChkSetting("allowVoting") || stChkSetting("allowSubmit"))) -{ + $_SESSION["message"] = ""; + stSetSessionStatus(0); stGetCompoList(FALSE); $mode = stGetRequestItem("mode"); @@ -73,59 +116,71 @@ } } + // Vote submission if (!$errorSet && $mode == "vote") { - // Check the submitted vote values - foreach ($compos as $id => $compo) - foreach ($compo["entries"] as $eid => $entry) - { - $name = "entry".$eid; - $vote = stGetRequestItem($name); - if (!$errorSet && ($vote < stGetSetting("voteMin") || $vote > stGetSetting("voteMax"))) - { - stError("One or more vote value was out of bounds. Trying to cheat, eh?"); - $vote = 0; - } - $_SESSION[$name] = $vote; - } - + stCheckVoteValues(); if (!$errorSet) { - foreach ($compos as $id => $compo) - foreach ($compo["entries"] as $eid => $entry) - { - $vote = stGetRequestItem("entry".$eid); - $sql = stPrepareSQL("SELECT id FROM votes WHERE voter_id=%d AND entry_id=%d", - $voter["id"], $eid); + stSubmitVotes(); + stSetSessionStatus(2); + } + } + + // Entry submission + if (!$errorSet && $mode == "info") + { + stSetSessionStatus(2); + } + + if (!$errorSet && $mode == "files") + { +/* + $allowedExts = array("zip", "rar", "lha", "7z"); + $filename = $_FILES["file"]["name"]; + $extension = end(explode(".", $filename)); + $type = $_FILES["file"]["type"]; - if (($res = stFetchSQLColumn($sql)) === false) + if (($type == "image/gif" || $type == "image/jpeg" || $type == "image/png" || $type == "image/pjpeg") && + ($_FILES["file"]["size"] < 20000) && in_array($extension, $allowedExts)) + { + if ($_FILES["file"]["error"] > 0) + { + echo "Return Code: " . $_FILES["file"]["error"] . "<br>"; + } + else + { + + echo "Upload: " . $filename . "<br>"; + echo "Type: " . $type . "<br>"; + echo "Size: " . ($_FILES["file"]["size"] / 1024) . " kB<br>"; + echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br>"; + + if (file_exists("upload/" . $filename)) { - $sql = stPrepareSQL( - "INSERT INTO votes (voter_id,entry_id,value) VALUES (%d,%d,%d)", - $voter["id"], $eid, $vote); - - if (stExecSQL($sql) === false) - break; + echo $filename . " already exists. "; } else { - $sql = stPrepareSQL( - "UPDATE votes SET value=%d WHERE voter_id=%d AND entry_id=%d", - $vote, $voter["id"], $eid); - - if (stExecSQL($sql) === false) - break; + move_uploaded_file($_FILES["file"]["tmp_name"], + "upload/" . $filename); + echo "Stored in: " . "upload/" . $filename; } } - stSetSessionStatus(2); } + else + { + echo "Invalid file"; + } + stSetSessionStatus(3); +*/ } -} -if ($errorSet) -{ - stSetSessionStatus(-1); - $_SESSION["message"] = $errorMsg; + if ($errorSet) + { + stSetSessionStatus(-1); + $_SESSION["message"] = $errorMsg; + } } header("Location: ".$sessionDestPage);