mirror of
https://github.com/CHOMPStation2/CHOMPStation2.git
synced 2025-12-11 18:53:06 +00:00
Implementing TGSQL security
This commit is contained in:
Cadyn
@@ -50,13 +50,13 @@
|
||||
var/isadmin = 0
|
||||
if(src.client && src.client.holder)
|
||||
isadmin = 1
|
||||
var/DBQuery/query = SSdbcore.NewQuery("SELECT id FROM erro_poll_question WHERE [(isadmin ? "" : "adminonly = false AND")] Now() BETWEEN starttime AND endtime AND id NOT IN (SELECT pollid FROM erro_poll_vote WHERE ckey = \"[ckey]\") AND id NOT IN (SELECT pollid FROM erro_poll_textreply WHERE ckey = \"[ckey]\")") //CHOMPEdit TGSQL
|
||||
var/DBQuery/query = SSdbcore.NewQuery("SELECT id FROM erro_poll_question WHERE [(isadmin ? "" : "adminonly = false AND")] Now() BETWEEN starttime AND endtime AND id NOT IN (SELECT pollid FROM erro_poll_vote WHERE ckey = :t_ckey) AND id NOT IN (SELECT pollid FROM erro_poll_textreply WHERE ckey = :t_ckey)",list("t_ckey" = ckey)) //CHOMPEdit TGSQL
|
||||
query.Execute()
|
||||
var/newpoll = 0
|
||||
while(query.NextRow())
|
||||
newpoll = 1
|
||||
break
|
||||
|
||||
qdel(query) //CHOMPEdit TGSQL
|
||||
if(newpoll)
|
||||
output += "<p><b><a href='byond://?src=\ref[src];showpoll=1'>Show Player Polls</A> (NEW!)</b></p>"
|
||||
else
|
||||
@@ -221,12 +221,12 @@
|
||||
var/voted = 0
|
||||
|
||||
//First check if the person has not voted yet.
|
||||
var/DBQuery/query = SSdbcore.NewQuery("SELECT * FROM erro_privacy WHERE ckey='[src.ckey]'") //CHOMPEdit TGSQL
|
||||
var/DBQuery/query = SSdbcore.NewQuery("SELECT * FROM erro_privacy WHERE ckey=:t_ckey", list("t_ckey" = src.ckey)) //CHOMPEdit TGSQL
|
||||
query.Execute()
|
||||
while(query.NextRow())
|
||||
voted = 1
|
||||
break
|
||||
|
||||
qdel(query) //CHOMPEdit TGSQL
|
||||
//This is a safety switch, so only valid options pass through
|
||||
var/option = "UNKNOWN"
|
||||
switch(href_list["privacy_poll"])
|
||||
@@ -246,10 +246,12 @@
|
||||
return
|
||||
|
||||
if(!voted)
|
||||
var/sql = "INSERT INTO erro_privacy VALUES (null, Now(), '[src.ckey]', '[option]')"
|
||||
var/DBQuery/query_insert = SSdbcore.NewQuery(sql) //CHOMPEdit TGSQL
|
||||
var/list/sqlargs = list("t_ckey" = src.ckey, "t_option" = "[option]") //CHOMPEdit TGSQL
|
||||
var/sql = "INSERT INTO erro_privacy VALUES (null, Now(), :t_ckey, :t_option)" //CHOMPEdit TGSQL
|
||||
var/DBQuery/query_insert = SSdbcore.NewQuery(sql,sqlargs) //CHOMPEdit TGSQL
|
||||
query_insert.Execute()
|
||||
to_chat(usr, "<b>Thank you for your vote!</b>")
|
||||
qdel(query_insert)
|
||||
usr << browse(null,"window=privacypoll")
|
||||
|
||||
if(!ready && href_list["preference"])
|
||||
|
||||
@@ -5,12 +5,12 @@
|
||||
return
|
||||
var/voted = 0
|
||||
|
||||
var/DBQuery/query = SSdbcore.NewQuery("SELECT * FROM erro_privacy WHERE ckey='[src.ckey]'") //CHOMPEdit TGSQL
|
||||
var/DBQuery/query = SSdbcore.NewQuery("SELECT * FROM erro_privacy WHERE ckey=:t_ckey", list("t_ckey" = src.ckey)) //CHOMPEdit TGSQL
|
||||
query.Execute()
|
||||
while(query.NextRow())
|
||||
voted = 1
|
||||
break
|
||||
|
||||
qdel(query) //CHOMPEdit TGSQL
|
||||
if(!voted)
|
||||
privacy_poll()
|
||||
|
||||
@@ -72,7 +72,7 @@
|
||||
pollquestion = select_query.item[2]
|
||||
output += "<tr bgcolor='[ (i % 2 == 1) ? color1 : color2 ]'><td><a href=\"byond://?src=\ref[src];pollid=[pollid]\"><b>[pollquestion]</b></a></td></tr>"
|
||||
i++
|
||||
|
||||
qdel(select_query) //CHOMPEdit TGSQL
|
||||
output += "</table>"
|
||||
|
||||
src << browse(output,"window=playerpolllist;size=500x300")
|
||||
@@ -101,7 +101,7 @@
|
||||
polltype = select_query.item[4]
|
||||
found = 1
|
||||
break
|
||||
|
||||
qdel(select_query) //CHOMPEdit TGSQL
|
||||
if(!found)
|
||||
to_chat(usr, "<font color='red'>Poll question details not found.</font>")
|
||||
return
|
||||
@@ -109,7 +109,7 @@
|
||||
switch(polltype)
|
||||
//Polls that have enumerated options
|
||||
if("OPTION")
|
||||
var/DBQuery/voted_query = SSdbcore.NewQuery("SELECT optionid FROM erro_poll_vote WHERE pollid = [pollid] AND ckey = '[usr.ckey]'") //CHOMPEdit TGSQL
|
||||
var/DBQuery/voted_query = SSdbcore.NewQuery("SELECT optionid FROM erro_poll_vote WHERE pollid = [pollid] AND ckey = :t_ckey", list("t_ckey" = usr.ckey)) //CHOMPEdit TGSQL
|
||||
voted_query.Execute()
|
||||
|
||||
var/voted = 0
|
||||
@@ -118,7 +118,7 @@
|
||||
votedoptionid = text2num(voted_query.item[1])
|
||||
voted = 1
|
||||
break
|
||||
|
||||
qdel(voted_query) //CHOMPEdit TGSQL
|
||||
var/list/datum/polloption/options = list()
|
||||
|
||||
var/DBQuery/options_query = SSdbcore.NewQuery("SELECT id, text FROM erro_poll_option WHERE pollid = [pollid]") //CHOMPEdit TGSQL
|
||||
@@ -128,7 +128,7 @@
|
||||
PO.optionid = text2num(options_query.item[1])
|
||||
PO.optiontext = options_query.item[2]
|
||||
options += PO
|
||||
|
||||
qdel(options_query) //CHOMPEdit TGSQL
|
||||
var/output = "<div align='center'><B>Player poll</B>"
|
||||
output +="<hr>"
|
||||
output += "<b>Question: [pollquestion]</b><br>"
|
||||
@@ -162,7 +162,7 @@
|
||||
|
||||
//Polls with a text input
|
||||
if("TEXT")
|
||||
var/DBQuery/voted_query = SSdbcore.NewQuery("SELECT replytext FROM erro_poll_textreply WHERE pollid = [pollid] AND ckey = '[usr.ckey]'") //CHOMPEdit TGSQL
|
||||
var/DBQuery/voted_query = SSdbcore.NewQuery("SELECT replytext FROM erro_poll_textreply WHERE pollid = [pollid] AND ckey = :t_ckey", list("t_ckey" = usr.ckey)) //CHOMPEdit TGSQL
|
||||
voted_query.Execute()
|
||||
|
||||
var/voted = 0
|
||||
@@ -171,7 +171,7 @@
|
||||
vote_text = voted_query.item[1]
|
||||
voted = 1
|
||||
break
|
||||
|
||||
qdel(voted_query) //CHOMPEdit TGSQL
|
||||
|
||||
var/output = "<div align='center'><B>Player poll</B>"
|
||||
output +="<hr>"
|
||||
@@ -204,7 +204,7 @@
|
||||
|
||||
//Polls with a text input
|
||||
if("NUMVAL")
|
||||
var/DBQuery/voted_query = SSdbcore.NewQuery("SELECT o.text, v.rating FROM erro_poll_option o, erro_poll_vote v WHERE o.pollid = [pollid] AND v.ckey = '[usr.ckey]' AND o.id = v.optionid") //CHOMPEdit TGSQL
|
||||
var/DBQuery/voted_query = SSdbcore.NewQuery("SELECT o.text, v.rating FROM erro_poll_option o, erro_poll_vote v WHERE o.pollid = [pollid] AND v.ckey = :t_ckey AND o.id = v.optionid", list("t_ckey" = usr.ckey)) //CHOMPEdit TGSQL
|
||||
voted_query.Execute()
|
||||
|
||||
var/output = "<div align='center'><B>Player poll</B>"
|
||||
@@ -220,7 +220,7 @@
|
||||
var/rating = voted_query.item[2]
|
||||
|
||||
output += "<br><b>[optiontext] - [rating]</b>"
|
||||
|
||||
qdel(voted_query) //CHOMPEdit TGSQL
|
||||
if(!voted) //Only make this a form if we have not voted yet
|
||||
output += "<form name='cardcomp' action='?src=\ref[src]' method='get'>"
|
||||
output += "<input type='hidden' name='src' value='\ref[src]'>"
|
||||
@@ -264,7 +264,7 @@
|
||||
output += "<option value='[j]'>[j]</option>"
|
||||
|
||||
output += "</select>"
|
||||
|
||||
qdel(option_query) //CHOMPEdit TGSQL
|
||||
output += "<input type='hidden' name='minid' value='[minid]'>"
|
||||
output += "<input type='hidden' name='maxid' value='[maxid]'>"
|
||||
|
||||
@@ -273,7 +273,7 @@
|
||||
|
||||
src << browse(output,"window=playerpoll;size=500x500")
|
||||
if("MULTICHOICE")
|
||||
var/DBQuery/voted_query = SSdbcore.NewQuery("SELECT optionid FROM erro_poll_vote WHERE pollid = [pollid] AND ckey = '[usr.ckey]'") //CHOMPEdit TGSQL
|
||||
var/DBQuery/voted_query = SSdbcore.NewQuery("SELECT optionid FROM erro_poll_vote WHERE pollid = [pollid] AND ckey = :t_ckey", list("t_ckey" = usr.ckey)) //CHOMPEdit TGSQL
|
||||
voted_query.Execute()
|
||||
|
||||
var/list/votedfor = list()
|
||||
@@ -281,7 +281,7 @@
|
||||
while(voted_query.NextRow())
|
||||
votedfor.Add(text2num(voted_query.item[1]))
|
||||
voted = 1
|
||||
|
||||
qdel(voted_query) //CHOMPEdit TGSQL
|
||||
var/list/datum/polloption/options = list()
|
||||
var/maxoptionid = 0
|
||||
var/minoptionid = 0
|
||||
@@ -297,7 +297,7 @@
|
||||
if(PO.optionid < minoptionid || !minoptionid)
|
||||
minoptionid = PO.optionid
|
||||
options += PO
|
||||
|
||||
qdel(options_query) //CHOMPEdit TGSQL
|
||||
|
||||
if(select_query.item[5])
|
||||
multiplechoiceoptions = text2num(select_query.item[5])
|
||||
@@ -358,7 +358,7 @@
|
||||
if(select_query.item[5])
|
||||
multiplechoiceoptions = text2num(select_query.item[5])
|
||||
break
|
||||
|
||||
qdel(select_query) //CHOMPEdit TGSQL
|
||||
if(!validpoll)
|
||||
to_chat(usr, "<font color='red'>Poll is not valid.</font>")
|
||||
return
|
||||
@@ -378,14 +378,14 @@
|
||||
|
||||
var/alreadyvoted = 0
|
||||
|
||||
var/DBQuery/voted_query = SSdbcore.NewQuery("SELECT id FROM erro_poll_vote WHERE pollid = [pollid] AND ckey = '[usr.ckey]'") //CHOMPEdit TGSQL
|
||||
var/DBQuery/voted_query = SSdbcore.NewQuery("SELECT id FROM erro_poll_vote WHERE pollid = [pollid] AND ckey = :t_ckey", list("t_ckey" = usr.ckey)) //CHOMPEdit TGSQL
|
||||
voted_query.Execute()
|
||||
|
||||
while(voted_query.NextRow())
|
||||
alreadyvoted += 1
|
||||
if(!multichoice)
|
||||
break
|
||||
|
||||
qdel(voted_query) //CHOMPEdit TGSQL
|
||||
if(!multichoice && alreadyvoted)
|
||||
to_chat(usr, "<font color='red'>You already voted in this poll.</font>")
|
||||
return
|
||||
@@ -399,10 +399,11 @@
|
||||
adminrank = usr.client.holder.rank
|
||||
|
||||
|
||||
var/DBQuery/insert_query = SSdbcore.NewQuery("INSERT INTO erro_poll_vote (id ,datetime ,pollid ,optionid ,ckey ,ip ,adminrank) VALUES (null, Now(), [pollid], [optionid], '[usr.ckey]', '[usr.client.address]', '[adminrank]')") //CHOMPEdit TGSQL
|
||||
var/DBQuery/insert_query = SSdbcore.NewQuery("INSERT INTO erro_poll_vote (id ,datetime ,pollid ,optionid ,ckey ,ip ,adminrank) VALUES (null, Now(), [pollid], [optionid], :t_ckey, '[usr.client.address]', '[adminrank]')", list("t_ckey" = usr.ckey)) //CHOMPEdit TGSQL
|
||||
insert_query.Execute()
|
||||
|
||||
to_chat(usr, "<font color='blue'>Vote successful.</font>")
|
||||
qdel(insert_query) //CHOMPEdit TGSQL
|
||||
usr << browse(null,"window=playerpoll")
|
||||
|
||||
|
||||
@@ -425,20 +426,20 @@
|
||||
return
|
||||
validpoll = 1
|
||||
break
|
||||
|
||||
qdel(select_query) //CHOMPEdit TGSQL
|
||||
if(!validpoll)
|
||||
to_chat(usr, "<font color='red'>Poll is not valid.</font>")
|
||||
return
|
||||
|
||||
var/alreadyvoted = 0
|
||||
|
||||
var/DBQuery/voted_query = SSdbcore.NewQuery("SELECT id FROM erro_poll_textreply WHERE pollid = [pollid] AND ckey = '[usr.ckey]'") //CHOMPEdit TGSQL
|
||||
var/DBQuery/voted_query = SSdbcore.NewQuery("SELECT id FROM erro_poll_textreply WHERE pollid = [pollid] AND ckey = :t_ckey", list("t_ckey" = usr.ckey)) //CHOMPEdit TGSQL
|
||||
voted_query.Execute()
|
||||
|
||||
while(voted_query.NextRow())
|
||||
alreadyvoted = 1
|
||||
break
|
||||
|
||||
qdel(voted_query) //CHOMPEdit TGSQL
|
||||
if(alreadyvoted)
|
||||
to_chat(usr, "<font color='red'>You already sent your feedback for this poll.</font>")
|
||||
return
|
||||
@@ -457,10 +458,11 @@
|
||||
to_chat(usr, "The text you entered was blank, contained illegal characters or was too long. Please correct the text and submit again.")
|
||||
return
|
||||
|
||||
var/DBQuery/insert_query = SSdbcore.NewQuery("INSERT INTO erro_poll_textreply (id ,datetime ,pollid ,ckey ,ip ,replytext ,adminrank) VALUES (null, Now(), [pollid], '[usr.ckey]', '[usr.client.address]', '[replytext]', '[adminrank]')") //CHOMPEdit TGSQL
|
||||
var/DBQuery/insert_query = SSdbcore.NewQuery("INSERT INTO erro_poll_textreply (id ,datetime ,pollid ,ckey ,ip ,replytext ,adminrank) VALUES (null, Now(), [pollid], :t_ckey, '[usr.client.address]', :t_reply, '[adminrank]')", list("t_ckey" = usr.ckey, "t_reply" = replytext)) //CHOMPEdit TGSQL
|
||||
insert_query.Execute()
|
||||
|
||||
to_chat(usr, "<font color='blue'>Feedback logging successful.</font>")
|
||||
qdel(insert_query) //CHOMPEdit TGSQL
|
||||
usr << browse(null,"window=playerpoll")
|
||||
|
||||
|
||||
@@ -483,7 +485,7 @@
|
||||
return
|
||||
validpoll = 1
|
||||
break
|
||||
|
||||
qdel(select_query) //CHOMPEdit TGSQL
|
||||
if(!validpoll)
|
||||
to_chat(usr, "<font color='red'>Poll is not valid.</font>")
|
||||
return
|
||||
@@ -496,20 +498,20 @@
|
||||
while(select_query2.NextRow())
|
||||
validoption = 1
|
||||
break
|
||||
|
||||
qdel(select_query2) //CHOMPEdit TGSQL
|
||||
if(!validoption)
|
||||
to_chat(usr, "<font color='red'>Poll option is not valid.</font>")
|
||||
return
|
||||
|
||||
var/alreadyvoted = 0
|
||||
|
||||
var/DBQuery/voted_query = SSdbcore.NewQuery("SELECT id FROM erro_poll_vote WHERE optionid = [optionid] AND ckey = '[usr.ckey]'") //CHOMPEdit TGSQL
|
||||
var/DBQuery/voted_query = SSdbcore.NewQuery("SELECT id FROM erro_poll_vote WHERE optionid = [optionid] AND ckey = :t_ckey", list("t_ckey" = usr.ckey)) //CHOMPEdit TGSQL
|
||||
voted_query.Execute()
|
||||
|
||||
while(voted_query.NextRow())
|
||||
alreadyvoted = 1
|
||||
break
|
||||
|
||||
qdel(voted_query) //CHOMPEdit TGSQL
|
||||
if(alreadyvoted)
|
||||
to_chat(usr, "<font color='red'>You already voted in this poll.</font>")
|
||||
return
|
||||
@@ -519,8 +521,9 @@
|
||||
adminrank = usr.client.holder.rank
|
||||
|
||||
|
||||
var/DBQuery/insert_query = SSdbcore.NewQuery("INSERT INTO erro_poll_vote (id ,datetime ,pollid ,optionid ,ckey ,ip ,adminrank, rating) VALUES (null, Now(), [pollid], [optionid], '[usr.ckey]', '[usr.client.address]', '[adminrank]', [(isnull(rating)) ? "null" : rating])") //CHOMPEdit TGSQL
|
||||
var/DBQuery/insert_query = SSdbcore.NewQuery("INSERT INTO erro_poll_vote (id ,datetime ,pollid ,optionid ,ckey ,ip ,adminrank, rating) VALUES (null, Now(), [pollid], [optionid], '[usr.ckey]', '[usr.client.address]', '[adminrank]', :t_rating)", list("t_ckey" = usr.ckey, "t_rating" = rating)) //CHOMPEdit TGSQL
|
||||
insert_query.Execute()
|
||||
|
||||
to_chat(usr, "<font color='blue'>Vote successful.</font>")
|
||||
qdel(insert_query) //CHOMPEdit TGSQL
|
||||
usr << browse(null,"window=playerpoll")
|
||||
Reference in New Issue
Block a user