Mercurial > hg > fapweb

changeset 314:50527339b615

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Make sure that the key ID # is valid.
author Matti Hamalainen <ccr@tnsp.org>
date Wed, 27 Nov 2013 03:16:36 +0200
parents 915a14409c7b
children 100d9f7f9dde
files admajax.php
diffstat 1 files changed, 14 insertions(+), 8 deletions(-) [+]
line wrap: on
line diff
--- a/admajax.php	Wed Nov 27 03:13:44 2013 +0200
+++ b/admajax.php	Wed Nov 27 03:16:36 2013 +0200
@@ -718,16 +718,22 @@
         {
           case "assign":
             // Check if already assigned to someone ..
-            $sql = stPrepareSQL("SELECT * FROM attendees WHERE key_id=%D", "key_id");
-            if (($attn = stFetchSQL($sql)) === false || $attn["id"] == $id)
+            $sql = stPrepareSQL("SELECT * FROM votekeys WHERE id=%D", "key_id");
+            if (stFetchSQL($sql) === false)
+              stError("Invalid key ID #.");
+            else
             {
-              // Assign ..
-              $sql = stPrepareSQL("UPDATE attendees SET key_id=%D WHERE id=%d",
-                "key_id", $id);
-              stExecSQLCond($sql, "Assigned key updated.");
+              $sql = stPrepareSQL("SELECT * FROM attendees WHERE key_id=%D", "key_id");
+              if (($attn = stFetchSQL($sql)) === false || $attn["id"] == $id)
+              {
+                // Assign ..
+                $sql = stPrepareSQL("UPDATE attendees SET key_id=%D WHERE id=%d",
+                  "key_id", $id);
+                stExecSQLCond($sql, "Assigned key updated.");
+              }
+              else
+                stError("That key has already been assigned to another attendee!");
             }
-            else
-              stError("That key has already been assigned to another attendee!");
             break;
           
           case "active":