From 015f5764296357feb66c23316d5fbc69aaf8a6f0 Mon Sep 17 00:00:00 2001
From: Jonathan Ervine <jonny@perseus.ipa.champion>
Date: Thu, 26 Nov 2020 10:54:41 +0800
Subject: [PATCH] Adding duplicate vote detection

---
 routes/_hkfcD_motm.py          |  6 +++---
 templates/_hkfcDVoteFraud.html | 20 ++++++++++++++++++++
 2 files changed, 23 insertions(+), 3 deletions(-)
 create mode 100644 templates/_hkfcDVoteFraud.html

diff --git a/routes/_hkfcD_motm.py b/routes/_hkfcD_motm.py
index 44cdf3b..92732bb 100644
--- a/routes/_hkfcD_motm.py
+++ b/routes/_hkfcD_motm.py
@@ -134,7 +134,6 @@ def hkfcDMotmAdmin():
         if form.saveButton.data:
             flash('Settings saved!')
             urlSuffix = randomUrlSuffix(8)
-            print(urlSuffix)
             sql3 = "UPDATE hkfcDAdminSettings SET motmUrlSuffix='" + urlSuffix + "' WHERE userid='admin'"
             sql_write_static(sql3)
             flash('MotM URL https://hockey.ervine.dev/hkfc-d/motm/'+urlSuffix)
@@ -146,7 +145,6 @@ def hkfcDMotmAdmin():
             sql6 = "SELECT motmUrlSuffix FROM hkfcDAdminSettings WHERE userid='admin'"
             tempSuffix = sql_read_static(sql6)
             currSuffix = tempSuffix[0]['motmUrlSuffix']
-            print(currSuffix)
             flash('Man of the Match vote is now activated')
             flash('MotM URL https://hockey.ervine.dev/hkfc-d/motm/'+currSuffix)
         else:
@@ -241,8 +239,10 @@ def hkfcD_vote_thanks():
             if prev_identity:
                 vote_query = "SELECT dotd_" + _matchDate + " FROM motmSessions WHERE sessionID='" + prev_identity + "'"
                 vote_check = sql_read(vote_query)
-                if vote_check:
+                vote_valid = vote_check[0]['dotd_" + _matchDate + "']
+                if vote_valid:
                     warn("Naughty, naughty, you've already voted!")
+                    return render_template('_hkfcDVoteFraud.html', sessionID=prev_identity)
                 else:
                     sql = "INSERT INTO _hkfc_d_motm (playerNumber, playerName, motmTotal, motm_" + _matchDate + ") SELECT playerNumber, playerNickname, '1', '1' FROM _HKFC_players WHERE playerNumber='" + _motm + "' ON DUPLICATE KEY UPDATE motmTotal = motmTotal + 1, motm_" + _matchDate + " = motm_" + _matchDate + " + 1"
                     sql2 = "INSERT INTO _hkfc_d_motm (playerNumber, playerName, dotdTotal, dotd_" + _matchDate + ") SELECT playerNumber, playerNickname, '1', '1' FROM _HKFC_players WHERE playerNumber='" + _dotd + "' ON DUPLICATE KEY UPDATE dotdTotal = dotdTotal + 1, dotd_" + _matchDate + " = dotd_" + _matchDate + " + 1"
diff --git a/templates/_hkfcDVoteFraud.html b/templates/_hkfcDVoteFraud.html
new file mode 100644
index 0000000..d6fa14b
--- /dev/null
+++ b/templates/_hkfcDVoteFraud.html
@@ -0,0 +1,20 @@
+<html>
+  <head>
+    <title>HKFC Men's D Team - MotM and DotD vote</title>
+    <link rel="stylesheet" media="screen" href ="/static/css/bootstrap.min.css">
+    <link rel="stylesheet" href="/static/css/bootstrap-theme.min.css">
+    <meta name="viewport" content = "width=device-width, initial-scale=1.0">
+    <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js"></script>
+    <script src="/static/js/bootstrap.min.js"></script>
+  </head>
+  <h2>Have you already submitted a vote?</h2>
+  <body>
+    It looks like you have already voted ... are you trying to fiddle the results? If you think this is an error, let Smithers know the following code:
+    {{ sessionID }}
+    <p>
+      <img src="https://storage.googleapis.com/hk-hockey-data/images/monkey-vote-fraud.jpg"></img>
+    </p>
+    <a class="btn btn-primary" href="/dashboard" role="button">Home</a>
+    <a class="btn btn-info" href="/hkfc-d/comments" role="button">Comments</a>
+  </body>
+</html>