lkddi/nexusphp
1
0
Fork 0
mirror of https://github.com/lkddi/nexusphp.git synced 2026-04-24 12:07:23 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix voting for non-existent offers

Browse Source
This commit is contained in:
NekoCH
2024-08-13 10:33:52 +08:00
parent b59377ab47
commit 39853b221a
1 changed files with 14 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files
public/offers.php
+7 -2
View File
@@ -147,6 +147,9 @@ if (isset($_GET['off_details']) && $_GET["off_details"]){
$res = sql_query("SELECT * FROM offers WHERE id = $id") or sqlerr(__FILE__,__LINE__); $res = sql_query("SELECT * FROM offers WHERE id = $id") or sqlerr(__FILE__,__LINE__);
$num = mysql_fetch_array($res); $num = mysql_fetch_array($res);
if (!$num) {
bark($lang_offers['text_nothing_found']);
}
$s = $num["name"]; $s = $num["name"];
@@ -508,10 +511,12 @@ if (isset($_GET["vote"]) && $_GET["vote"]){
} }
else else
{ {
sql_query("UPDATE offers SET $vote = $vote + 1 WHERE id=".sqlesc($offerid)) or sqlerr(__FILE__,__LINE__);
$res = sql_query("SELECT users.username, offers.userid, offers.name FROM offers LEFT JOIN users ON offers.userid = users.id WHERE offers.id = ".sqlesc($offerid)) or sqlerr(__FILE__,__LINE__); $res = sql_query("SELECT users.username, offers.userid, offers.name FROM offers LEFT JOIN users ON offers.userid = users.id WHERE offers.id = ".sqlesc($offerid)) or sqlerr(__FILE__,__LINE__);
$arr = mysql_fetch_assoc($res); $arr = mysql_fetch_assoc($res);
if (!$arr) {
bark($lang_offers['text_nothing_found']);
}
sql_query("UPDATE offers SET $vote = $vote + 1 WHERE id=".sqlesc($offerid)) or sqlerr(__FILE__,__LINE__);
$locale = get_user_locale($arr['userid']); $locale = get_user_locale($arr['userid']);
$rs = sql_query("SELECT yeah, against, allowed FROM offers WHERE id=".sqlesc($offerid)) or sqlerr(__FILE__,__LINE__); $rs = sql_query("SELECT yeah, against, allowed FROM offers WHERE id=".sqlesc($offerid)) or sqlerr(__FILE__,__LINE__);