Mercurial > hg > fapweb
changeset 5:76c3b89d7b11
Improve voting, clean up the code, etc.
| author | Matti Hamalainen <ccr@tnsp.org> |
|---|---|
| date | Wed, 05 Dec 2012 08:08:58 +0200 |
| parents | 934ab7d8c244 |
| children | 2a9267ad0ceb |
| files | admin.inc.php ajax.php attendees.inc.php fap.css index.php login.php logout.inc.php msite.inc.php results.inc.php vote.inc.php |
| diffstat | 10 files changed, 243 insertions(+), 267 deletions(-) [+] |
line wrap: on
line diff
--- a/admin.inc.php Tue Dec 04 21:28:11 2012 +0200 +++ b/admin.inc.php Wed Dec 05 08:08:58 2012 +0200 @@ -1,20 +1,21 @@ <? // Check if sessions are enabled -if (!stChkSetting("admpass")) +if (!stChkSetting("admPassword")) { echo "<h1>Oh noes, admin configuration not done!</h1>\n". "<p>Better go and prod that, so you get to use the fine admin interface.</p>\n"; $authState = "error"; } else -if (stAuthSession()) +if (stAdmSessionAuth()) { $authState = "ok"; } else { // Perform authentication if we are not in session already - echo "<h1>Party admin login</h1>\n". + echo + "<h1>Party admin login</h1>\n". "<p>Please use illegal telepathy over HTTP to provide a password to enter the party administration systembolaget.</p>\n". "<form name=\"admlogin\" action=\"login.php\" method=\"post\">\n". stGetFormHiddenInput("mode", "check")."\n". @@ -363,29 +364,24 @@ } </script> -<div id="nstatus"> -- -</div> +<!-- ========================== --> -<div id="pageTabs"> -</div> +<div id="nstatus">-</div> + +<div id="pageTabs"></div> <!-- ========================== --> <div id="ntab0"> - -<form method="post" action="" onsubmit="return addNews()"> - <input id="nntitle" type="text" size="40" /><br /> - <textarea id="nntext" rows="5" cols="60"></textarea><br /> - <input id="nnauthor" type="text" value="orgaz" /> - <input id="nnadd" type="submit" value=" Add post " /> - <input type="button" value=" Clear " onClick="this.form.reset()" /> -</form> - -<hr /> - -<div id="nnews"> -</div> + <form method="post" action="" onsubmit="return addNews()"> + <input id="nntitle" type="text" size="40" /><br /> + <textarea id="nntext" rows="5" cols="60"></textarea><br /> + <input id="nnauthor" type="text" value="orgaz" /> + <input id="nnadd" type="submit" value=" Add post " /> + <input type="button" value=" Clear " onClick="this.form.reset()" /> + </form> + <hr /> + <div id="nnews"></div> </div> <!-- ========================== --> @@ -398,55 +394,47 @@ <!-- ========================== --> <div id="ntab2"> -<div id="ndump"> -</div> + <div id="ndump"></div> </div> <!-- ========================== --> <div id="ntab3"> - -<form method="post" action="" onsubmit="return addCompo()"> - <input id="ncname" type="text" size="64" /><br /> - <textarea id="ncdescription" rows="5" cols="60"></textarea><br /> - <input id="nccompo" type="submit" value=" Add compo " /> - <input type="button" value=" Clear " onClick="this.form.reset()" /> -</form> - -<hr /> -<div id="ncompos"> -</div> + <form method="post" action="" onsubmit="return addCompo()"> + <input id="ncname" type="text" size="64" /><br /> + <textarea id="ncdescription" rows="5" cols="60"></textarea><br /> + <input id="nccompo" type="submit" value=" Add compo " /> + <input type="button" value=" Clear " onClick="this.form.reset()" /> + </form> + <hr /> + <div id="ncompos"></div> </div> <!-- ========================== --> <div id="ntab4"> -<div id="nentries"> -</div> + <div id="nentries"></div> </div> <!-- ========================== --> <div id="ntab5"> -<p> -Key entries can only be generated via the shell-utility 'keygen'. -</p> -<div id="nvoters"> -</div> + <p> + Key entries can only be generated via the shell-utility 'keygen'. + </p> + <div id="nvoters"></div> </div> <!-- ========================== --> <script type="text/javascript"> -registerTab("ntab0", "News"); -registerTab("ntab1", "Attendees"); -registerTab("ntab2", "Dump"); -registerTab("ntab3", "Compos"); -registerTab("ntab4", "Entries"); -registerTab("ntab5", "Voters"); -updateTabList(); -switchActiveTab("ntab0"); + registerTab("ntab0", "News"); + registerTab("ntab1", "Attendees"); + registerTab("ntab2", "Dump"); + registerTab("ntab3", "Compos"); + registerTab("ntab4", "Entries"); + registerTab("ntab5", "Voters"); + updateTabList(); + switchActiveTab("ntab0"); </script> -<? -} -?> \ No newline at end of file +<? } ?> \ No newline at end of file
--- a/ajax.php Tue Dec 04 21:28:11 2012 +0200 +++ b/ajax.php Wed Dec 05 08:08:58 2012 +0200 @@ -3,7 +3,7 @@ require "msite.inc.php"; // Check if we are allowed to execute -if (!stCheckHTTPS() || !stAuthSession()) +if (!stCheckHTTPS() || !stAdmSessionAuth()) { header("Status: 404 Not Found"); exit; @@ -195,12 +195,12 @@ if ($type == "voters") { echo - "<table class=\"misc\">\n". + "<table class=\"voters\">\n". " <tr>\n". - " <th style=\"width: 5%; text-align: center;\">#</th>\n". - " <th style=\"\">Vote key</th>\n". - " <th style=\"\">Name</th>\n". - " <th style=\"width: 5%; text-align: center;\">Active</th>\n". + " <th class=\"vid\">#</th>\n". + " <th class=\"vkey\">Vote key</th>\n". + " <th class=\"vname\">Name</th>\n". + " <th style=\"vactive\">Active</th>\n". " </tr>\n"; $row = 0; foreach ($res as $item) @@ -209,12 +209,13 @@ $prefix = "vo"; echo " <tr>\n". - " <tr class=\"".($row % 2 == 1 ? "rodd" : "reven")."\" id=\"voter".$id."\">\n". - " <td>".sprintf("%04d", $id)."</td>\n". - " <td>".chentities($item["key"])."</td>\n". - " <td>".stGetFormTextInput(40, 64, "name", $id, $prefix, $item["name"], + " <tr class=\"".($item["enabled"] ? "vactive " : ""). + ($row % 2 == 1 ? "rodd" : "reven")."\" id=\"voter".$id."\">\n". + " <td class=\"vid\">".sprintf("%04d", $id)."</td>\n". + " <td class=\"vkey\">".chentities($item["key"])."</td>\n". + " <td class=\"vname\">".stGetFormTextInput(40, 64, "name", $id, $prefix, $item["name"], "onBlur=\"updateVoter(".$id.")\" autocomplete=\"off\"")."</td>\n". - " <td>".stGetFormCheckBoxInput("enabled", $id, $prefix, $item["enabled"], "Active", + " <td class=\"vactive\">".stGetFormCheckBoxInput("enabled", $id, $prefix, $item["enabled"], "", "onClick=\"updateVoter(".$id.")\"")."</td>\n". " </tr>\n"; $row++;
--- a/attendees.inc.php Tue Dec 04 21:28:11 2012 +0200 +++ b/attendees.inc.php Wed Dec 05 08:08:58 2012 +0200 @@ -9,7 +9,7 @@ } //echo "<h1>Current attendees</h1>\n"; -$maxAttendees = stGetSetting("maxAttendees", 20); +$maxAttendees = stGetSetting("maxAttendees"); $numAttendees = 0; if (($res = $db->query("SELECT COUNT(*) FROM attendees")) !== FALSE) $numAttendees = $res->fetchColumn();
--- a/fap.css Tue Dec 04 21:28:11 2012 +0200 +++ b/fap.css Wed Dec 05 08:08:58 2012 +0200 @@ -155,14 +155,13 @@ } -table.attendees,table.misc { +table.attendees,table.misc,table.vote { width: 100%; font-size: 10pt; } -table.attendees th,table.misc th { +table th { background: rgba(0,0,0,0.25); - width: 15%; } table.attendees th.regtime { @@ -180,12 +179,12 @@ background: rgba(0,0,0,0.15); } -table.misc { +table.misc, table.vote { padding-top: 1em; } -table.misc tr:hover td { - background: rgba(0,255,0,0.15); +table.misc tr:hover td, table.vote tr:hover td { + background: rgba(0,50,0,0.50); } div.reglink { @@ -239,10 +238,32 @@ right: -2em; } -table.misc th.vvalue { +table.vote th.vvalue { width: 1%; + min-width: 2.5em; +} + +table.vote td.vvalue { + text-align: center; +} + +td.vactive, td.vid { + text-align: center; } -table.misc td.vvalue { - text-align: center; +td.vid { + padding-right: 1em; + padding-left: 1em; +} + +td.vkey { + width: 25%; } + +table.voters tr.vactive td { + background: rgba(255,0,0,0.5); +} + +div.votectrl { + padding: 1em; +}
--- a/index.php Tue Dec 04 21:28:11 2012 +0200 +++ b/index.php Wed Dec 05 08:08:58 2012 +0200 @@ -12,11 +12,7 @@ if (isset($_SERVER["REQUEST_URI"]) && array_key_exists($_SERVER["REQUEST_URI"], $securePages)) -{ - header("Cache-Control: private"); - header("Cache-Control: must-revalidate"); - header("Cache-Control: ".($securePages[$_SERVER["REQUEST_URI"]] ? "no-store" : "no-cache")); -} + stSetupCacheControl(); printPageHeader($pageTitle, " <meta http-equiv=\"Pragma\" content=\"no-cache\" />");
--- a/login.php Tue Dec 04 21:28:11 2012 +0200 +++ b/login.php Wed Dec 05 08:08:58 2012 +0200 @@ -2,9 +2,10 @@ require "mconfig.inc.php"; require "msite.inc.php"; -if (stChkRequestItem("admpass") && - stGetRequestItem("admpass") == stGetSetting("admpass", FALSE)) - stStartSession(); +stSetupCacheControl(); + +if (stGetRequestItem("admpass", FALSE) == stGetSetting("admPassword")) + stAdmSessionStart(); header("Location: https://".stGetRequestItem("goto")); ?> \ No newline at end of file
--- a/logout.inc.php Tue Dec 04 21:28:11 2012 +0200 +++ b/logout.inc.php Wed Dec 05 08:08:58 2012 +0200 @@ -1,5 +1,7 @@ <? -if (stEndSession()) +stSetupCacheControl(); + +if (stSessionEnd(stAdmSessionAuth())) { echo "<h1>Logged out</h1>\n". "<p>Have a nice day.</p>\n";
--- a/msite.inc.php Tue Dec 04 21:28:11 2012 +0200 +++ b/msite.inc.php Wed Dec 05 08:08:58 2012 +0200 @@ -19,17 +19,42 @@ } -function stAuthSession() +function stSetupCacheControl() +{ + header("Cache-Control: private"); + header("Cache-Control: must-revalidate"); + header("Cache-Control: no-store"); +} + + +function stSessionExpire($type) { - if (@session_start() === TRUE && isset($_SESSION["admpass"]) && - $_SESSION["admpass"] == stGetSetting("admpass", FALSE)) + // Check for session expiration + if (!isset($_SESSION["expires"]) || $_SESSION["expires"] < time()) + return FALSE; + + // Add more time to expiration + $_SESSION["expires"] = time() + stGetSetting($type); + return TRUE; +} + + +function stAdmSessionAuth() +{ + if (@session_start() === TRUE && isset($_SESSION["admPassword"]) && + $_SESSION["admPassword"] == stGetSetting("admPassword")) + return stSessionExpire("admTimeout"); + else + return FALSE; +} + + +function stAdmSessionStart() +{ + if (@session_start() === TRUE) { - // Check for session expiration - if (!isset($_SESSION["expires"]) || $_SESSION["expires"] < time()) - return FALSE; - - // Add more time to expiration - $_SESSION["expires"] = time() + stGetSetting("admtimeout", 5 * 60); + $_SESSION["admPassword"] = stGetSetting("admPassword"); + $_SESSION["expires"] = time() + stGetSetting("admTimeout"); return TRUE; } else @@ -37,12 +62,20 @@ } -function stStartSession() +function stVoteSessionAuth() +{ + if (@session_start() === TRUE && isset($_SESSION["key"]) && isset($_SESSION["votes"])) + return stSessionExpire("voteTimeout"); + else + return FALSE; +} + + +function stVoteSessionStart() { if (@session_start() === TRUE) { - $_SESSION["admpass"] = stGetSetting("admpass", FALSE); - $_SESSION["expires"] = time() + stGetSetting("admtimeout", 5 * 60); + $_SESSION["expires"] = time() + stGetSetting("voteTimeout"); return TRUE; } else @@ -50,9 +83,14 @@ } -function stEndSession() +function stSetVoteStatus($st) { - $ok = stAuthSession(); + $_SESSION["status"] = $st; +} + + +function stSessionEnd($ok) +{ $_SESSION = array(); if (ini_get("session.use_cookies")) { @@ -67,13 +105,16 @@ } -function stGetSetting($name, $default) +function stGetSetting($name) { - global $siteSettings; + global $siteSettings, $siteDefaults; if (isset($siteSettings[$name])) return $siteSettings[$name]; else - return $default; + if (isset($siteDefaults[$name])) + return $siteDefaults[$name]; + else + die("No config value or default for '".$name."'.\n"); } @@ -117,7 +158,7 @@ return "<input ".$extra." type=\"checkbox\" id=\"".$prefix.$name.$id."\" ". "name=\"".$prefix.$name.$id."\" ".($checked ? "checked=\"checked\" " : "")." />". - "<label for=\"".$prefix.$name.$id."\">".$label."</label>"; + ($label != "" ? "<label for=\"".$prefix.$name.$id."\">".$label."</label>" : ""); } @@ -260,7 +301,7 @@ { global $db; try { - $db = new PDO("sqlite:".stGetSetting("dbfilename", FALSE)); + $db = new PDO("sqlite:".stGetSetting("sqlDBfilename")); } catch (PDOException $e) { error_log("Could not connect to SQL database: ".$e->getMessage().".");
--- a/results.inc.php Tue Dec 04 21:28:11 2012 +0200 +++ b/results.inc.php Wed Dec 05 08:08:58 2012 +0200 @@ -1,7 +1,7 @@ <? $text = TRUE; -$showResults = stGetSetting("showResults", FALSE); -$showAuthors = stGetSetting("showResAuthors", FALSE); +$showResults = stGetSetting("showResults"); +$showAuthors = stGetSetting("showResAuthors"); echo "<h1>Results</h1>\n"; if (!$showResults)
--- a/vote.inc.php Tue Dec 04 21:28:11 2012 +0200 +++ b/vote.inc.php Wed Dec 05 08:08:58 2012 +0200 @@ -1,191 +1,117 @@ <? -$mode = stGetRequestItem("mode", "start"); -$showAuthors = stGetSetting("showVoteAuthors", FALSE); - -stGetCompoList(FALSE); - - -function stPrintFormData($button, $mode = "start") +function stGetSessionItem($name, $default = "") { - global $compos; - - echo - "<form name=\"vote\" action=\"vote\" method=\"post\">\n". - " <input type=\"submit\" value=\"".chentities($button)."\" />\n"; - - stPrintFormHiddenInput("mode", $mode); - stPrintFormHiddenInput("key", stGetRequestItem("key")); - - foreach ($compos as $id => $compo) - { - foreach ($compo["entries"] as $eid => $entry) - { - stPrintFormHiddenInput("entry".$eid, stGetRequestItem("entry".$eid)); - } - } - - echo "</form>\n"; + return isset($_SESSION[$name]) ? trim($_SESSION[$name]) : $default; } // Check if voting is enabled if (!stChkSetting("allowVoting")) { -?> -<h1>Sorry, voting disabled!</h1> -<p> -Voting functionality not available at this time. -</p> -<? + echo + "<h1>Sorry, voting disabled!</h1>\n". + "<p>Voting functionality not available at this time.</p>\n"; } else -if ($mode == "start") { -?> -<h1>Way Too Simple Vote System</h1> - -<form name="vote" action="vote" method="post"> - <input type="hidden" name="mode" value="check"> - <table class="misc"> -<? - -stPrintFormTextInput("Vote key:", "(that series of characters)", 30, 30, "key", "autocomplete=\"off\""); -echo "</table>\n"; - -foreach ($compos as $id => $compo) -if (count($compo["entries"]) > 0) -{ - echo - " <table class=\"misc\">\n". - " <tr><th colspan=\"3\">".chentities($compo["name"])."</th></tr>\n". - " <tr>\n". - " <th class=\"vtitle\">Title</th>\n". - ($showAuthors ? " <th class=\"vauthor\">Author</th>\n" : ""). - " "; - - for ($i = stGetSetting("voteMin", -2); $i <= stGetSetting("voteMax", 2); $i++) + stVoteSessionAuth(); + $mode = stGetSessionItem("status", 0); + + if ($mode < 0) + { + echo "<h1>Oh noes, an error!</h1>\n". + "<ul>\n".stGetSessionItem("message", "")."</ul>\n". + "<form name=\"vote\" action=\"vote\" method=\"post\">\n". + " <input type=\"submit\" value=\" Go back \" />\n". + "</form>\n"; + stSetVoteStatus(0); + } + else + if ($mode == 0) { echo - "<th class=\"vvalue\">".$i."</th>"; + "<h1>Voting system</h1>\n". + "<form name=\"vote\" action=\"dovote.php\" method=\"post\">\n". + stGetFormHiddenInput("mode", "key")."\n". + " <div class=\"votectrl\">\n". + " Enter your vote key: ". + stGetFormTextInput(30, 30, "key", "key", "", stGetSessionItem("key"), "autocomplete=\"off\""). + " <input type=\"submit\" value=\" Login \" />". + " </div>\n"; + "</form>\n"; } - echo "\n". - " </tr>\n"; + else + if ($mode == 1) + { + $showAuthors = stGetSetting("showVoteAuthors"); + stGetCompoList(FALSE); - foreach ($compo["entries"] as $eid => $entry) - { echo - " <tr>\n". - " <td class=\"vtitle\">".$entry["name"]."</td>\n". - ($showAuthors ? " <td class=\"vauthor\">".$entry["author"]."</td>\n" : ""). - " "; + "<h1>Voting system</h1>\n". + "<form name=\"vote\" action=\"dovote.php\" method=\"post\">\n". + stGetFormHiddenInput("mode", "check")."\n". + stGetFormHiddenInput("key", stGetSessionItem("key"))."\n". + " <div class=\"votectrl\">\n". + " <input type=\"submit\" value=\" Submit votes! \" />". + " </div>\n"; + + foreach ($compos as $id => $compo) + if (count($compo["entries"]) > 0) + { + echo + " <table class=\"vote\">\n". + " <tr><th colspan=\"3\">".chentities($compo["name"])."</th></tr>\n". + " <tr>\n". + " <th class=\"vtitle\">Title</th>\n". + ($showAuthors ? " <th class=\"vauthor\">Author</th>\n" : ""). + " "; - for ($i = stGetSetting("voteMin", -2); $i <= stGetSetting("voteMax", 2); $i++) - { - $name = "entry".$eid; - $checked = stChkRequestItem($name) ? stGetRequestItem($name) : 0; + for ($i = stGetSetting("voteMin"); $i <= stGetSetting("voteMax"); $i++) + { + echo + "<th class=\"vvalue\">".$i."</th>"; + } + echo "\n". + " </tr>\n"; + + $row = 0; + foreach ($compo["entries"] as $eid => $entry) + { + echo + " <tr class=\"".($row % 2 == 1 ? "rodd" : "reven")."\">\n". + " <td class=\"vtitle\">".$entry["name"]."</td>\n". + ($showAuthors ? " <td class=\"vauthor\">".$entry["author"]."</td>\n" : ""). + " "; + + for ($i = stGetSetting("voteMin"); $i <= stGetSetting("voteMax"); $i++) + { + $name = "entry".$eid; + echo + "<td class=\"vvalue\"><input type=\"radio\" name=\"".$name."\" ". + ($i == stGetSessionItem($name, 0) ? "checked=\"checked\" " : "")."value=\"".$i."\" /></td>"; + } + + echo + "\n". + " </tr>\n"; + + $row++; + } echo - "<td class=\"vvalue\"><input type=\"radio\" name=\"".$name."\" ". - ($i == $checked ? "checked=\"checked\" " : "")."value=\"".$i."\" /></td>"; + " </table>\n"; } echo - "\n". - " </tr>\n"; - } - echo - " </table>\n"; -} -?> - <input type="submit" value="Vote!" /><br /> -</form> -<? -} -else -if ($mode == "check") -{ - // Check received data - if (stChkDataItem("key") || - strlen(stGetRequestItem("key")) != stGetSetting("votekeylen", 8)) - { - stError("Invalid or empty vote key, please check."); + "<div class=\"votectrl\"><input type=\"submit\" value=\" Submit votes! \" /></div>\n"; + echo + "</form>\n"; } else - { - // Check if the key exists and is active - $sql = stPrepareSQL( - "SELECT * FROM voters WHERE key=%S AND enabled<>0", - "key"); - - if (($voter = stFetchSQL($sql)) === FALSE) - stError("Vote key does not exist, perhaps you typed it incorrectly?"); - } - - // Check the submitted vote values - foreach ($compos as $id => $compo) - if (count($compo["entries"]) > 0) - { - foreach ($compo["entries"] as $eid => $entry) - { - $vote = stGetRequestItem("entry".$eid); - if ($vote < stGetSetting("voteMin", -2) || $vote > stGetSetting("voteMax", 2)) - { - stError("One or more vote value was out of bounds. Trying to cheat, eh?"); - break; - } - } - } - - // Ookkay... - if ($errorSet) - { - echo "<p>Following errors occured:</p>\n". - "<ul>\n".$errorMsg."</ul>\n"; - stPrintFormData("Go back"); - } - else + if ($mode == 2) { - foreach ($compos as $id => $compo) - if (count($compo["entries"]) > 0) - { - foreach ($compo["entries"] as $eid => $entry) - { - $vote = stGetRequestItem("entry".$eid); - $sql = stPrepareSQL("SELECT id FROM votes WHERE voter_id=%d AND entry_id=%d", - $voter["id"], $eid); - - if (stFetchSQLColumn($sql) === false) - { - $sql = stPrepareSQL( - "INSERT INTO votes (voter_id,entry_id,value) VALUES (%d,%d,%d)", - $voter["id"], $eid, $vote); - - if (stExecSQL($sql) === false) - break; - } - else - { - $sql = stPrepareSQL( - "UPDATE votes SET value=%d WHERE voter_id=%d AND entry_id=%d", - $vote, $voter["id"], $eid); - - if (stExecSQL($sql) === false) - break; - } - } - } - - if ($errorSet) - { - echo "<h1>An error occured.</h1>\n"; - echo "<p>Following errors occured:</p>\n". - "<ul>\n".$errorMsg."</ul>\n"; - stPrintFormData("Go back"); - } - else - { - echo "<h1>Voting successful</h1>\n"; - echo "<p>Now go FAP some more! Or whatever.</p>\n"; - } + echo "<h1>Yay, you have voted!</h1>\n". + "<p>Now go FAP some more! And make a demo about it.</p>"; + stSessionEnd(TRUE); } } ?> \ No newline at end of file