Mercurial > hg > fapweb
changeset 314:50527339b615
Make sure that the key ID # is valid.
author | Matti Hamalainen <ccr@tnsp.org> |
---|---|
date | Wed, 27 Nov 2013 03:16:36 +0200 |
parents | 915a14409c7b |
children | 100d9f7f9dde |
files | admajax.php |
diffstat | 1 files changed, 14 insertions(+), 8 deletions(-) [+] |
line wrap: on
line diff
--- a/admajax.php Wed Nov 27 03:13:44 2013 +0200 +++ b/admajax.php Wed Nov 27 03:16:36 2013 +0200 @@ -718,16 +718,22 @@ { case "assign": // Check if already assigned to someone .. - $sql = stPrepareSQL("SELECT * FROM attendees WHERE key_id=%D", "key_id"); - if (($attn = stFetchSQL($sql)) === false || $attn["id"] == $id) + $sql = stPrepareSQL("SELECT * FROM votekeys WHERE id=%D", "key_id"); + if (stFetchSQL($sql) === false) + stError("Invalid key ID #."); + else { - // Assign .. - $sql = stPrepareSQL("UPDATE attendees SET key_id=%D WHERE id=%d", - "key_id", $id); - stExecSQLCond($sql, "Assigned key updated."); + $sql = stPrepareSQL("SELECT * FROM attendees WHERE key_id=%D", "key_id"); + if (($attn = stFetchSQL($sql)) === false || $attn["id"] == $id) + { + // Assign .. + $sql = stPrepareSQL("UPDATE attendees SET key_id=%D WHERE id=%d", + "key_id", $id); + stExecSQLCond($sql, "Assigned key updated."); + } + else + stError("That key has already been assigned to another attendee!"); } - else - stError("That key has already been assigned to another attendee!"); break; case "active":