summaryrefslogtreecommitdiffstats
path: root/web/html
diff options
context:
space:
mode:
authorcanyonknight <canyonknight@gmail.com>2012-05-23 15:20:58 -0400
committerLukas Fleischer <archlinux@cryptocrack.de>2012-07-06 11:26:51 +0200
commit1eea2951fbebb5bb4dfc0c09ad7622f03e4a6471 (patch)
tree76bf838824feafda7bf4aeeab8bd27adadc959ea /web/html
parent09e50568e41a470093486dbd20f3aa4f4da08444 (diff)
downloadaurweb-1eea2951fbebb5bb4dfc0c09ad7622f03e4a6471.tar.xz
addvote.php: Pull out DB code
* Verifying a username exists should use already present valid_user function * Create new functions in acctfuncs.inc.php with SQL queries from addvote.php * Centralization of DB code important in a future transition to PDO interface Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Diffstat (limited to 'web/html')
-rw-r--r--web/html/addvote.php31
1 files changed, 4 insertions, 27 deletions
diff --git a/web/html/addvote.php b/web/html/addvote.php
index cc463b2..dd1f47b 100644
--- a/web/html/addvote.php
+++ b/web/html/addvote.php
@@ -12,40 +12,22 @@ html_header($title);
if (isset($_COOKIE["AURSID"])) {
$atype = account_from_sid($_COOKIE["AURSID"]);
+ $uid = uid_from_sid($_COOKIE["AURSID"]);
} else {
$atype = "";
}
if ($atype == "Trusted User" || $atype == "Developer") {
- $dbh = db_connect();
if (!empty($_POST['addVote'])) {
$error = "";
if (!empty($_POST['user'])) {
- $qcheck = "SELECT * FROM Users WHERE Username = '" . db_escape_string($_POST['user']) . "'";
- $result = db_query($qcheck, $dbh);
- if ($result) {
- $check = mysql_num_rows($result);
- }
- else {
- $check = 0;
- }
-
- if ($check == 0) {
+ if (!valid_user($_POST['user'])) {
$error.= __("Username does not exist.");
} else {
- $qcheck = "SELECT * FROM TU_VoteInfo WHERE User = '" . db_escape_string($_POST['user']) . "'";
- $qcheck.= " AND End > UNIX_TIMESTAMP()";
- $result = db_query($qcheck, $dbh);
- if ($result) {
- $check = mysql_num_rows($result);
- }
- else {
- $check = 0;
- }
- if ($check != 0) {
+ if (open_user_proposals($_POST['user'])) {
$error.= __("%s already has proposal running for them.", htmlentities($_POST['user']));
}
}
@@ -69,13 +51,8 @@ if ($atype == "Trusted User" || $atype == "Developer") {
}
if (!empty($_POST['addVote']) && empty($error)) {
- $q = "INSERT INTO TU_VoteInfo (Agenda, User, Submitted, End, SubmitterID) VALUES ";
- $q.= "('" . db_escape_string($_POST['agenda']) . "', ";
- $q.= "'" . db_escape_string($_POST['user']) . "', ";
- $q.= "UNIX_TIMESTAMP(), UNIX_TIMESTAMP() + " . db_escape_string($len);
- $q.= ", " . uid_from_sid($_COOKIE["AURSID"]) . ")";
+ add_tu_proposal($_POST['agenda'], $_POST['user'], $len, $uid);
- db_query($q, $dbh);
print "<p class=\"pkgoutput\">" . __("New proposal submitted.") . "</p>\n";
} else {
?>