feedback.php at master · keii.dev/qrkill

keii.dev / qrkill

A php killer game implementation

qrkill / feedback.php

at master 1.0 kB view raw

 1<?php
 2
 3session_start();
 4
 5require_once 'priv/errorhandler.php';
 6require_once 'priv/pdo.php';
 7
 8header('Location: index.php');
 9
10if($_SERVER['REQUEST_METHOD'] != 'POST')
11{
12    die();
13}
14
15if(
16   !isset($_POST['rate']) 
17|| !isset($_POST['feedback']) 
18|| intval($_POST['rate']) > 4 
19|| intval($_POST['rate']) < 1 
20|| strlen($_POST['feedback']) > 310)
21{
22    die('Ogiltigt svar');
23}
24
25$sql = "
26SELECT event.id, player.feedback_given
27FROM qr_events AS event 
28RIGHT JOIN qr_players AS player ON event.id = player.qr_events_id 
29WHERE player.qr_users_id = ? AND NOW() < display_date AND NOW() > start_date
30";
31$event = DB::prepare($sql)->texecute([$_SESSION['qr']['id']])->fetch();
32
33if($event['feedback_given'] == 1)
34{
35    die();
36}
37
38$sql = 'INSERT INTO qr_feedback (rate, feedback, qr_events_id) VALUES (?, ?, ?)';
39DB::prepare($sql)->texecute([$_POST['rate'], $_POST['feedback'], $event['id']]);
40
41$sql = 'UPDATE qr_players SET feedback_given = 1 WHERE qr_users_id = ? AND qr_events_id = ?';
42DB::prepare($sql)->texecute([$_SESSION['qr']['id'], $event['id']]);