Commit 1eea2951 authored by canyonknight's avatar canyonknight Committed by Lukas Fleischer
Browse files

addvote.php: Pull out DB code



* Verifying a username exists should use already present valid_user function
* Create new functions in acctfuncs.inc.php with SQL queries from addvote.php
* Centralization of DB code important in a future transition to PDO interface

Signed-off-by: default avatarcanyonknight <canyonknight@gmail.com>
Signed-off-by: default avatarLukas Fleischer <archlinux@cryptocrack.de>
parent 09e50568
......@@ -12,40 +12,22 @@ html_header($title);
if (isset($_COOKIE["AURSID"])) {
$atype = account_from_sid($_COOKIE["AURSID"]);
$uid = uid_from_sid($_COOKIE["AURSID"]);
} else {
$atype = "";
}
if ($atype == "Trusted User" || $atype == "Developer") {
$dbh = db_connect();
if (!empty($_POST['addVote'])) {
$error = "";
if (!empty($_POST['user'])) {
$qcheck = "SELECT * FROM Users WHERE Username = '" . db_escape_string($_POST['user']) . "'";
$result = db_query($qcheck, $dbh);
if ($result) {
$check = mysql_num_rows($result);
}
else {
$check = 0;
}
if ($check == 0) {
if (!valid_user($_POST['user'])) {
$error.= __("Username does not exist.");
} else {
$qcheck = "SELECT * FROM TU_VoteInfo WHERE User = '" . db_escape_string($_POST['user']) . "'";
$qcheck.= " AND End > UNIX_TIMESTAMP()";
$result = db_query($qcheck, $dbh);
if ($result) {
$check = mysql_num_rows($result);
}
else {
$check = 0;
}
if ($check != 0) {
if (open_user_proposals($_POST['user'])) {
$error.= __("%s already has proposal running for them.", htmlentities($_POST['user']));
}
}
......@@ -69,13 +51,8 @@ if ($atype == "Trusted User" || $atype == "Developer") {
}
if (!empty($_POST['addVote']) && empty($error)) {
$q = "INSERT INTO TU_VoteInfo (Agenda, User, Submitted, End, SubmitterID) VALUES ";
$q.= "('" . db_escape_string($_POST['agenda']) . "', ";
$q.= "'" . db_escape_string($_POST['user']) . "', ";
$q.= "UNIX_TIMESTAMP(), UNIX_TIMESTAMP() + " . db_escape_string($len);
$q.= ", " . uid_from_sid($_COOKIE["AURSID"]) . ")";
add_tu_proposal($_POST['agenda'], $_POST['user'], $len, $uid);
db_query($q, $dbh);
print "<p class=\"pkgoutput\">" . __("New proposal submitted.") . "</p>\n";
} else {
?>
......
......@@ -522,8 +522,13 @@ function valid_username($user) {
* Checks if the username is valid and if it exists in the database
* Returns the username ID or nothing
*/
function valid_user($user, $dbh) {
function valid_user($user, $dbh=NULL) {
/* if ( $user = valid_username($user) ) { */
if(!$dbh) {
$dbh = db_connect();
}
if ( $user ) {
$q = "SELECT ID FROM Users WHERE Username = '"
. db_escape_string($user). "'";
......@@ -538,6 +543,37 @@ function valid_user($user, $dbh) {
return;
}
# Check for any open proposals about a user. Used to prevent multiple proposals.
function open_user_proposals($user, $dbh=NULL) {
if(!$dbh) {
$dbh = db_connect();
}
$q = "SELECT * FROM TU_VoteInfo WHERE User = '" . db_escape_string($user) . "'";
$q.= " AND End > UNIX_TIMESTAMP()";
$result = db_query($q, $dbh);
if (mysql_num_rows($result)) {
return true;
}
else {
return false;
}
}
# Creates a new trusted user proposal from entered agenda.
# Optionally takes proposal about specific user. Length of vote set by submitter.
function add_tu_proposal($agenda, $user, $votelength, $submitteruid, $dbh=NULL) {
if(!$dbh) {
$dbh = db_connect();
}
$q = "INSERT INTO TU_VoteInfo (Agenda, User, Submitted, End, SubmitterID) VALUES ";
$q.= "('" . db_escape_string($agenda) . "', ";
$q.= "'" . db_escape_string($user) . "', ";
$q.= "UNIX_TIMESTAMP(), UNIX_TIMESTAMP() + " . db_escape_string($votelength);
$q.= ", " . $submitteruid . ")";
db_query($q, $dbh);
}
function good_passwd($passwd) {
if ( strlen($passwd) >= PASSWD_MIN_LEN ) {
return true;
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment