From f6878779f2d66f88381126ca0a1915336bc7e858 Mon Sep 17 00:00:00 2001 From: Leander Date: Mon, 24 Apr 2017 09:25:54 +0200 Subject: [PATCH] fixed token management --- Question.php | 2 +- answer.php | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/Question.php b/Question.php index 8ad3a45..36876a6 100644 --- a/Question.php +++ b/Question.php @@ -36,7 +36,7 @@ class Question $db->query('UPDATE "Games" SET "current_right_answer" = $1, "current_category" = $2 WHERE "ID" = $3', array($ca_position, $cid, $uid)); $this->token = md5(uniqid(rand(), true)); - $db->query('UPDATE "Games" SET "current_token" = $1 WHERE "ID" = $2', array($this->token, $uid)); + $db->query('UPDATE "Users" SET "current_token" = $1 WHERE "ID" = $2', array($this->token, $uid)); } public static function get_next_question($db, $uid) { diff --git a/answer.php b/answer.php index 5f1755a..3d5a404 100644 --- a/answer.php +++ b/answer.php @@ -34,7 +34,7 @@ function calculate_points($time) { $correct_answer = $db->query('SELECT "current_right_answer" FROM "Games" WHERE "ID" = $1', array($uid)) ['data'][0]['current_right_answer']; -$correct_token = $db->query('SELECT "current_token" FROM "Games" WHERE "ID" = $1', array($uid)) +$correct_token = $db->query('SELECT "current_token" FROM "Users" WHERE "ID" = $1', array($uid)) ['data'][0]['current_token']; $correct = $correct_answer == $chosen_answer ? true : false; $score = $correct_answer == $chosen_answer ? calculate_points($time) : 0; @@ -44,11 +44,11 @@ if($uid == '') { $error = 13102; } else if($chosen_answer == -1) { $error = 13103; +} else if($token != $correct_token) { + $data = []; } else if($db->query('SELECT EXISTS (SELECT 1 FROM "Games" WHERE "ID" = $1)', array($uid)) ['data'][0]['exists'] == 'f') { $error = 13104; -} else if($token != $correct_token) { - $data = []; } else { //set time and points $old_q_count = $db->query('SELECT "answered_questions" FROM "Games" WHERE "ID" = $1', @@ -94,7 +94,7 @@ if($uid == '') { array($uid))['data'][0]['answered_questions']; $new_points = round($new_points / $answered_questions); $new_user_high = $old_user_high == 0 ? $new_points : round($old_user_high * 0.95 + $new_points * 0.05); - $db->query('UPDATE "Users" SET "highscore" = $1 WHERE "ID" = $2', array($new_user_high, $uid)); + $db->query('UPDATE "Users" SET "highscore" = $1, "current_token" = NULL WHERE "ID" = $2', array($new_user_high, $uid)); $db->query('DELETE FROM "Games" WHERE "ID" = $1', array($uid)); } }