Quick fix to make sure you can't switch to an inactive conference through the API

This commit is contained in:
jacob 2012-02-06 17:41:50 +00:00
parent b1d2fd76a6
commit 0f26cbbf2c
2 changed files with 18 additions and 9 deletions

14
api.php
View File

@ -195,16 +195,22 @@ switch($request[0]) {
*/
if($request[1]=="switch") {
if($_POST['conferences_id']) {
//this makes sure its valid and sets teh session
switchConference($_POST['conferences_id']);
//this makes sure its valid and sets the sessiona
$cid = intval($_POST['conferences_id']);
if(switchConference($cid)){
//get rid of their current roles, and load their record for the new conference
if(is_array($_SESSION['roles'])) {
$_SESSION['roles']=array();
user_conference_load($_SESSION['accounts_id'],$_SESSION['conferences_id']);
user_conference_load($_SESSION['accounts_id'], $cid);
}
$ret['status']="ok";
$ret['conferences_id']=$_SESSION['conferences_id'];
$ret['conferences_id'] = $cid;
}else{
// not a valid conference id
$ret['status'] = "error";
$ret['error'] = "Conference ID #$cid is either inactive or invalid";
}
} else {
$ret['status']="error";
$ret['error']='conferences_id (integer) is required';

View File

@ -211,13 +211,16 @@ if(!$_SESSION['conferences_id']) {
}*/
}
// switch tho the conference of the specified ID. Returns true on success, false otherwise.
function switchConference($cid) {
$rval = false;
$cid=intval($cid);
// echo "cid=$cid";
$q=mysql_query("SELECT * FROM conferences WHERE id='$cid' AND status='running'");
if($r=mysql_fetch_object($q)) {
$_SESSION['conferences_id']=$cid;
$rval = true;
}
return $rval;
}
//move the conference stuff before the configuration loading, so we can load the right configuration for the conference :)
if(isset($_GET['switchconference'])) {