From f9aa709a4b63558d37fe0958161caa071e77e3ae Mon Sep 17 00:00:00 2001 From: Jonathan Ervine Date: Wed, 25 Nov 2020 22:07:24 +0800 Subject: [PATCH] If cookie value already exists, then don't let a vote happen --- routes/_hkfcD_motm.py | 41 ++++++++++++++++++++++------------------- 1 file changed, 22 insertions(+), 19 deletions(-) diff --git a/routes/_hkfcD_motm.py b/routes/_hkfcD_motm.py index 759cf64..397a5c9 100644 --- a/routes/_hkfcD_motm.py +++ b/routes/_hkfcD_motm.py @@ -236,27 +236,30 @@ def hkfcD_vote_thanks(): if _motm and _dotd and request.method == 'POST': prev_identity = request.cookies.get('sessionID') warn(prev_identity) - identity = randomUrlSuffix(8) - id_commit = "INSERT INTO motmSessions (sessionID) VALUES ('" + identity + "')" - sql_write(id_commit) - sql = "INSERT INTO _hkfc_d_motm (playerNumber, playerName, motmTotal, motm_" + _matchDate + ") SELECT playerNumber, playerNickname, '1', '1' FROM _HKFC_players WHERE playerNumber='" + _motm + "' ON DUPLICATE KEY UPDATE motmTotal = motmTotal + 1, motm_" + _matchDate + " = motm_" + _matchDate + " + 1" - sql2 = "INSERT INTO _hkfc_d_motm (playerNumber, playerName, dotdTotal, dotd_" + _matchDate + ") SELECT playerNumber, playerNickname, '1', '1' FROM _HKFC_players WHERE playerNumber='" + _dotd + "' ON DUPLICATE KEY UPDATE dotdTotal = dotdTotal + 1, dotd_" + _matchDate + " = dotd_" + _matchDate + " + 1" - if _comments == "": - print("No comment") - elif _comments == "Optional comments added here": - print("No comment") + if prev_identity: + warn("Naughty, naughty, you've already voted!") else: -### The matchDate has been replaced with the matchNumber - this should be corrected at some point (via a fixture table lookup) - sql3 = "INSERT INTO _motmComments (_matchDate, opposition, comment) VALUES ('" + _matchDate + "', '" + _oppo + "', '" + _fixed_comments + "')" - #sql_write(sql3) - #sql_write(sql) - #sql_write(sql2) - resp = make_response(render_template('_hkfcDVoteThanks.html')) - expire_date = datetime.now() - expire_date = expire_date + timedelta(days=90) + identity = randomUrlSuffix(8) + id_commit = "INSERT INTO motmSessions (sessionID) VALUES ('" + identity + "')" + sql_write(id_commit) + sql = "INSERT INTO _hkfc_d_motm (playerNumber, playerName, motmTotal, motm_" + _matchDate + ") SELECT playerNumber, playerNickname, '1', '1' FROM _HKFC_players WHERE playerNumber='" + _motm + "' ON DUPLICATE KEY UPDATE motmTotal = motmTotal + 1, motm_" + _matchDate + " = motm_" + _matchDate + " + 1" + sql2 = "INSERT INTO _hkfc_d_motm (playerNumber, playerName, dotdTotal, dotd_" + _matchDate + ") SELECT playerNumber, playerNickname, '1', '1' FROM _HKFC_players WHERE playerNumber='" + _dotd + "' ON DUPLICATE KEY UPDATE dotdTotal = dotdTotal + 1, dotd_" + _matchDate + " = dotd_" + _matchDate + " + 1" + if _comments == "": + print("No comment") + elif _comments == "Optional comments added here": + print("No comment") + else: + ### The matchDate has been replaced with the matchNumber - this should be corrected at some point (via a fixture table lookup) + sql3 = "INSERT INTO _motmComments (_matchDate, opposition, comment) VALUES ('" + _matchDate + "', '" + _oppo + "', '" + _fixed_comments + "')" + #sql_write(sql3) + #sql_write(sql) + #sql_write(sql2) + resp = make_response(render_template('_hkfcDVoteThanks.html')) + expire_date = datetime.now() + expire_date = expire_date + timedelta(days=90) - resp.set_cookie('sessionID', identity, expires=expire_date) - return resp + resp.set_cookie('sessionID', identity, expires=expire_date) + return resp else: return 'Ouch ... something went wrong here' except Exception as e: