From 1eea2951fbebb5bb4dfc0c09ad7622f03e4a6471 Mon Sep 17 00:00:00 2001 From: canyonknight Date: Wed, 23 May 2012 15:20:58 -0400 Subject: addvote.php: Pull out DB code * Verifying a username exists should use already present valid_user function * Create new functions in acctfuncs.inc.php with SQL queries from addvote.php * Centralization of DB code important in a future transition to PDO interface Signed-off-by: canyonknight Signed-off-by: Lukas Fleischer --- web/html/addvote.php | 31 ++++--------------------------- web/lib/acctfuncs.inc.php | 38 +++++++++++++++++++++++++++++++++++++- 2 files changed, 41 insertions(+), 28 deletions(-) (limited to 'web') diff --git a/web/html/addvote.php b/web/html/addvote.php index cc463b2..dd1f47b 100644 --- a/web/html/addvote.php +++ b/web/html/addvote.php @@ -12,40 +12,22 @@ html_header($title); if (isset($_COOKIE["AURSID"])) { $atype = account_from_sid($_COOKIE["AURSID"]); + $uid = uid_from_sid($_COOKIE["AURSID"]); } else { $atype = ""; } if ($atype == "Trusted User" || $atype == "Developer") { - $dbh = db_connect(); if (!empty($_POST['addVote'])) { $error = ""; if (!empty($_POST['user'])) { - $qcheck = "SELECT * FROM Users WHERE Username = '" . db_escape_string($_POST['user']) . "'"; - $result = db_query($qcheck, $dbh); - if ($result) { - $check = mysql_num_rows($result); - } - else { - $check = 0; - } - - if ($check == 0) { + if (!valid_user($_POST['user'])) { $error.= __("Username does not exist."); } else { - $qcheck = "SELECT * FROM TU_VoteInfo WHERE User = '" . db_escape_string($_POST['user']) . "'"; - $qcheck.= " AND End > UNIX_TIMESTAMP()"; - $result = db_query($qcheck, $dbh); - if ($result) { - $check = mysql_num_rows($result); - } - else { - $check = 0; - } - if ($check != 0) { + if (open_user_proposals($_POST['user'])) { $error.= __("%s already has proposal running for them.", htmlentities($_POST['user'])); } } @@ -69,13 +51,8 @@ if ($atype == "Trusted User" || $atype == "Developer") { } if (!empty($_POST['addVote']) && empty($error)) { - $q = "INSERT INTO TU_VoteInfo (Agenda, User, Submitted, End, SubmitterID) VALUES "; - $q.= "('" . db_escape_string($_POST['agenda']) . "', "; - $q.= "'" . db_escape_string($_POST['user']) . "', "; - $q.= "UNIX_TIMESTAMP(), UNIX_TIMESTAMP() + " . db_escape_string($len); - $q.= ", " . uid_from_sid($_COOKIE["AURSID"]) . ")"; + add_tu_proposal($_POST['agenda'], $_POST['user'], $len, $uid); - db_query($q, $dbh); print "

" . __("New proposal submitted.") . "

\n"; } else { ?> diff --git a/web/lib/acctfuncs.inc.php b/web/lib/acctfuncs.inc.php index 9e50cfd..bb1f6e8 100644 --- a/web/lib/acctfuncs.inc.php +++ b/web/lib/acctfuncs.inc.php @@ -522,8 +522,13 @@ function valid_username($user) { * Checks if the username is valid and if it exists in the database * Returns the username ID or nothing */ -function valid_user($user, $dbh) { +function valid_user($user, $dbh=NULL) { /* if ( $user = valid_username($user) ) { */ + + if(!$dbh) { + $dbh = db_connect(); + } + if ( $user ) { $q = "SELECT ID FROM Users WHERE Username = '" . db_escape_string($user). "'"; @@ -538,6 +543,37 @@ function valid_user($user, $dbh) { return; } +# Check for any open proposals about a user. Used to prevent multiple proposals. +function open_user_proposals($user, $dbh=NULL) { + if(!$dbh) { + $dbh = db_connect(); + } + $q = "SELECT * FROM TU_VoteInfo WHERE User = '" . db_escape_string($user) . "'"; + $q.= " AND End > UNIX_TIMESTAMP()"; + $result = db_query($q, $dbh); + if (mysql_num_rows($result)) { + return true; + } + else { + return false; + } +} + +# Creates a new trusted user proposal from entered agenda. +# Optionally takes proposal about specific user. Length of vote set by submitter. +function add_tu_proposal($agenda, $user, $votelength, $submitteruid, $dbh=NULL) { + if(!$dbh) { + $dbh = db_connect(); + } + $q = "INSERT INTO TU_VoteInfo (Agenda, User, Submitted, End, SubmitterID) VALUES "; + $q.= "('" . db_escape_string($agenda) . "', "; + $q.= "'" . db_escape_string($user) . "', "; + $q.= "UNIX_TIMESTAMP(), UNIX_TIMESTAMP() + " . db_escape_string($votelength); + $q.= ", " . $submitteruid . ")"; + db_query($q, $dbh); + +} + function good_passwd($passwd) { if ( strlen($passwd) >= PASSWD_MIN_LEN ) { return true; -- cgit v1.2.3-70-g09d2