Quick fix to make sure you can't switch to an inactive conference through the API

This commit is contained in:
jacob 2012-02-06 17:41:50 +00:00
parent b1d2fd76a6
commit 0f26cbbf2c
2 changed files with 18 additions and 9 deletions

22
api.php
View File

@ -195,16 +195,22 @@ switch($request[0]) {
*/ */
if($request[1]=="switch") { if($request[1]=="switch") {
if($_POST['conferences_id']) { if($_POST['conferences_id']) {
//this makes sure its valid and sets teh session //this makes sure its valid and sets the sessiona
switchConference($_POST['conferences_id']); $cid = intval($_POST['conferences_id']);
if(switchConference($cid)){
//get rid of their current roles, and load their record for the new conference //get rid of their current roles, and load their record for the new conference
if(is_array($_SESSION['roles'])) { if(is_array($_SESSION['roles'])) {
$_SESSION['roles']=array(); $_SESSION['roles']=array();
user_conference_load($_SESSION['accounts_id'],$_SESSION['conferences_id']); user_conference_load($_SESSION['accounts_id'], $cid);
}
$ret['status']="ok";
$ret['conferences_id'] = $cid;
}else{
// not a valid conference id
$ret['status'] = "error";
$ret['error'] = "Conference ID #$cid is either inactive or invalid";
} }
$ret['status']="ok";
$ret['conferences_id']=$_SESSION['conferences_id'];
} else { } else {
$ret['status']="error"; $ret['status']="error";
$ret['error']='conferences_id (integer) is required'; $ret['error']='conferences_id (integer) is required';

View File

@ -211,13 +211,16 @@ if(!$_SESSION['conferences_id']) {
}*/ }*/
} }
// switch tho the conference of the specified ID. Returns true on success, false otherwise.
function switchConference($cid) { function switchConference($cid) {
$rval = false;
$cid=intval($cid); $cid=intval($cid);
// echo "cid=$cid";
$q=mysql_query("SELECT * FROM conferences WHERE id='$cid' AND status='running'"); $q=mysql_query("SELECT * FROM conferences WHERE id='$cid' AND status='running'");
if($r=mysql_fetch_object($q)) { if($r=mysql_fetch_object($q)) {
$_SESSION['conferences_id']=$cid; $_SESSION['conferences_id']=$cid;
$rval = true;
} }
return $rval;
} }
//move the conference stuff before the configuration loading, so we can load the right configuration for the conference :) //move the conference stuff before the configuration loading, so we can load the right configuration for the conference :)
if(isset($_GET['switchconference'])) { if(isset($_GET['switchconference'])) {