From 0f26cbbf2c4b416aa56b012f658d62053c020d2b Mon Sep 17 00:00:00 2001
From: jacob <jacob>
Date: Mon, 6 Feb 2012 17:41:50 +0000
Subject: [PATCH] Quick fix to make sure you can't switch to an inactive
 conference through the API

---
 api.php                  | 22 ++++++++++++++--------
 common.inc.bootstrap.php |  5 ++++-
 2 files changed, 18 insertions(+), 9 deletions(-)

diff --git a/api.php b/api.php
index 2e21d4f..8a36d43 100644
--- a/api.php
+++ b/api.php
@@ -195,16 +195,22 @@ switch($request[0]) {
 		*/
 		if($request[1]=="switch") {
 			if($_POST['conferences_id']) {
-				//this makes sure its valid and sets teh session
-				switchConference($_POST['conferences_id']);
+				//this makes sure its valid and sets the sessiona
+				$cid = intval($_POST['conferences_id']);
+				if(switchConference($cid)){
 
-				//get rid of their current roles, and load their record for the new conference
-				if(is_array($_SESSION['roles'])) {
-					$_SESSION['roles']=array();
-					user_conference_load($_SESSION['accounts_id'],$_SESSION['conferences_id']);
+					//get rid of their current roles, and load their record for the new conference
+					if(is_array($_SESSION['roles'])) {
+						$_SESSION['roles']=array();
+						user_conference_load($_SESSION['accounts_id'], $cid);
+					}
+					$ret['status']="ok";
+					$ret['conferences_id'] = $cid;
+				}else{
+					// not a valid conference id
+					$ret['status'] = "error";
+					$ret['error'] = "Conference ID #$cid is either inactive or invalid";
 				}
-				$ret['status']="ok";
-				$ret['conferences_id']=$_SESSION['conferences_id'];
 			} else {
 				$ret['status']="error";
 				$ret['error']='conferences_id (integer) is required';
diff --git a/common.inc.bootstrap.php b/common.inc.bootstrap.php
index 4b02d2f..14f88a2 100644
--- a/common.inc.bootstrap.php
+++ b/common.inc.bootstrap.php
@@ -211,13 +211,16 @@ if(!$_SESSION['conferences_id']) {
 	}*/
 }
 
+// switch tho the conference of the specified ID.  Returns true on success, false otherwise.
 function switchConference($cid) {
+	$rval = false;
 	$cid=intval($cid);
-//	echo "cid=$cid";
 	$q=mysql_query("SELECT * FROM conferences WHERE id='$cid' AND status='running'");
 	if($r=mysql_fetch_object($q)) {
 		$_SESSION['conferences_id']=$cid;
+		$rval = true;
 	}
+	return $rval;
 }
 //move the conference stuff before the configuration loading, so we can load the right configuration for the conference :)
 if(isset($_GET['switchconference'])) {