forked from science-ation/science-ation
Quick fix to make sure you can't switch to an inactive conference through the API
This commit is contained in:
parent
b1d2fd76a6
commit
0f26cbbf2c
14
api.php
14
api.php
@ -195,16 +195,22 @@ switch($request[0]) {
|
||||
*/
|
||||
if($request[1]=="switch") {
|
||||
if($_POST['conferences_id']) {
|
||||
//this makes sure its valid and sets teh session
|
||||
switchConference($_POST['conferences_id']);
|
||||
//this makes sure its valid and sets the sessiona
|
||||
$cid = intval($_POST['conferences_id']);
|
||||
if(switchConference($cid)){
|
||||
|
||||
//get rid of their current roles, and load their record for the new conference
|
||||
if(is_array($_SESSION['roles'])) {
|
||||
$_SESSION['roles']=array();
|
||||
user_conference_load($_SESSION['accounts_id'],$_SESSION['conferences_id']);
|
||||
user_conference_load($_SESSION['accounts_id'], $cid);
|
||||
}
|
||||
$ret['status']="ok";
|
||||
$ret['conferences_id']=$_SESSION['conferences_id'];
|
||||
$ret['conferences_id'] = $cid;
|
||||
}else{
|
||||
// not a valid conference id
|
||||
$ret['status'] = "error";
|
||||
$ret['error'] = "Conference ID #$cid is either inactive or invalid";
|
||||
}
|
||||
} else {
|
||||
$ret['status']="error";
|
||||
$ret['error']='conferences_id (integer) is required';
|
||||
|
@ -211,13 +211,16 @@ if(!$_SESSION['conferences_id']) {
|
||||
}*/
|
||||
}
|
||||
|
||||
// switch tho the conference of the specified ID. Returns true on success, false otherwise.
|
||||
function switchConference($cid) {
|
||||
$rval = false;
|
||||
$cid=intval($cid);
|
||||
// echo "cid=$cid";
|
||||
$q=mysql_query("SELECT * FROM conferences WHERE id='$cid' AND status='running'");
|
||||
if($r=mysql_fetch_object($q)) {
|
||||
$_SESSION['conferences_id']=$cid;
|
||||
$rval = true;
|
||||
}
|
||||
return $rval;
|
||||
}
|
||||
//move the conference stuff before the configuration loading, so we can load the right configuration for the conference :)
|
||||
if(isset($_GET['switchconference'])) {
|
||||
|
Loading…
Reference in New Issue
Block a user