standardebooks/web
1
0
Fork 0
mirror of https://github.com/standardebooks/web.git synced 2025-07-13 18:11:52 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Switch logged in user to static typed variable instead of in $GLOBALS

Browse source
This commit is contained in:
Alex Cabal 2024-11-10 22:37:59 -06:00
parent acb30b897c
commit 1449148989
25 changed files with 88 additions and 91 deletions
Download patch file Download diff file Expand all files Collapse all files

8
lib/Core.php
View file

@ -68,9 +68,9 @@ if(SITE_STATUS == SITE_STATUS_LIVE){
$GLOBALS['DbConnection'] = new DbConnection(DATABASE_DEFAULT_DATABASE, DATABASE_DEFAULT_HOST);
$GLOBALS['User'] = Session::GetLoggedInUser();
Session::InitializeFromCookie();
if($GLOBALS['User'] === null){
if(Session::$User === null){
$httpBasicAuthLogin = $_SERVER['PHP_AUTH_USER'] ?? null;
if($httpBasicAuthLogin !== null){
@ -83,10 +83,10 @@ if($GLOBALS['User'] === null){
$password = null;
}
// Most patrons have a null password, meaning they only need to log in using an email and a blank password.
// Most patrons have a `null` password, meaning they only need to log in using an email and a blank password.
// Some users with admin rights need a password to log in.
$session->Create($httpBasicAuthLogin, $password);
$GLOBALS['User'] = $session->User;
Session::$User = $session->User;
}
catch(Exception){
// Do nothing.

46
lib/Session.php
View file

@ -3,17 +3,17 @@ use Ramsey\Uuid\Uuid;
use Safe\DateTimeImmutable;
/**
* @property User $User
* @property string $Url
*/
class Session{
use Traits\Accessor;
public static ?User $User = null;
public int $UserId;
public DateTimeImmutable $Created;
public string $SessionId;
protected User $_User;
public string $_Url;
@ -42,8 +42,8 @@ class Session{
*/
public function Create(?string $identifier = null, ?string $password = null): void{
try{
$this->User = User::GetIfRegistered($identifier, $password);
$this->UserId = $this->User->UserId;
Session::$User = User::GetIfRegistered($identifier, $password);
$this->UserId = Session::$User->UserId;
$existingSessions = Db::Query('
SELECT SessionId,
@ -76,26 +76,6 @@ class Session{
}
}
public static function GetLoggedInUser(): ?User{
$sessionId = HttpInput::Str(COOKIE, 'sessionid');
if($sessionId !== null){
$result = Db::Query('
SELECT u.*
from Users u
inner join Sessions s using (UserId)
where s.SessionId = ?
', [$sessionId], User::class);
if(sizeof($result) > 0){
self::SetSessionCookie($sessionId);
return $result[0];
}
}
return null;
}
public static function SetSessionCookie(string $sessionId): void{
/** @throws void */
setcookie('sessionid', $sessionId, ['expires' => intval((new DateTimeImmutable('+1 week'))->format(Enums\DateTimeFormat::UnixTimestamp->value)), 'path' => '/', 'domain' => SITE_DOMAIN, 'secure' => true, 'httponly' => false, 'samesite' => 'Lax']); // Expires in two weeks
@ -122,4 +102,22 @@ class Session{
return $result[0] ?? throw new Exceptions\SessionNotFoundException();
}
public static function InitializeFromCookie(): void{
$sessionId = HttpInput::Str(COOKIE, 'sessionid');
if($sessionId !== null){
$result = Db::Query('
SELECT u.*
from Users u
inner join Sessions s using (UserId)
where s.SessionId = ?
', [$sessionId], User::class);
if(sizeof($result) > 0){
self::SetSessionCookie($sessionId);
Session::$User = $result[0];
}
}
}
}

6
templates/ArtworkForm.php
View file

@ -171,10 +171,10 @@ $isEditForm = $isEditForm ?? false;
<textarea maxlength="1024" name="artwork-notes"><?= Formatter::EscapeHtml($artwork->Notes) ?></textarea>
</label>
</fieldset>
<? if($artwork->CanStatusBeChangedBy($GLOBALS['User'] ?? null) || $artwork->CanEbookUrlBeChangedBy($GLOBALS['User'] ?? null)){ ?>
<? if($artwork->CanStatusBeChangedBy(Session::$User) || $artwork->CanEbookUrlBeChangedBy(Session::$User)){ ?>
<fieldset>
<legend>Editor options</legend>
<? if($artwork->CanStatusBeChangedBy($GLOBALS['User'] ?? null)){ ?>
<? if($artwork->CanStatusBeChangedBy(Session::$User)){ ?>
<label>
<span>Artwork approval status</span>
<span>
@ -186,7 +186,7 @@ $isEditForm = $isEditForm ?? false;
</span>
</label>
<? } ?>
<? if($artwork->CanEbookUrlBeChangedBy($GLOBALS['User'] ?? null)){ ?>
<? if($artwork->CanEbookUrlBeChangedBy(Session::$User)){ ?>
<label>
<span>In use by</span>
<span>The full S.E. ebook URL. If not in use, leave this blank.</span>

4
templates/DonationAlert.php
View file

@ -3,7 +3,7 @@
$donationDrive = DonationDrive::GetByIsRunning();
if(
$GLOBALS['User'] !== null // If a user is logged in.
Session::$User !== null // If a user is logged in.
||
$donationDrive !== null // There is a currently-running donation drive.
||
@ -12,7 +12,7 @@ if(
return;
}
if($GLOBALS['User'] === null){
if(Session::$User === null){
// The Kindle browsers renders `<aside>` as an undismissable popup. Serve a `<div>` to Kindle instead.
// See <https://github.com/standardebooks/web/issues/204>.
$element = 'aside';

2
templates/DonationProgress.php
View file

@ -6,7 +6,7 @@ if(
||
($autoHide ?? $_COOKIE['hide-donation-alert'] ?? false) // If the user has hidden the box.
||
$GLOBALS['User'] !== null // If a user is logged in.
Session::$User !== null // If a user is logged in.
||
$donationDrive === null // There is no donation drive running right now.
){

4
templates/FeedHowTo.php
View file

@ -1,6 +1,6 @@
<section id="accessing-the-feeds">
<h2>Accessing the feeds</h2>
<? if($GLOBALS['User'] === null){ ?>
<? if(Session::$User === null){ ?>
<p>Our New Releases feeds are open to everyone. Our other feeds are a benefit of Patrons Circle membership.</p>
<ul>
<li>
@ -19,7 +19,7 @@
<p>
<i>If youre a Patrons Circle member, when prompted enter your email address and leave the password field blank to access a feed.</i>
</p>
<? }elseif($GLOBALS['User']->Benefits->CanAccessFeeds){ ?>
<? }elseif(Session::$User->Benefits->CanAccessFeeds){ ?>
<p>When prompted enter your email address and leave the password field blank to access a feed.</p>
<? }else{ ?>
<p>

4
www/artists/get.php
View file

@ -1,6 +1,6 @@
<?
$isReviewerView = $GLOBALS['User']?->Benefits?->CanReviewArtwork ?? false;
$submitterUserId = $GLOBALS['User']?->Benefits?->CanUploadArtwork ? $GLOBALS['User']->UserId : null;
$isReviewerView = Session::$User?->Benefits?->CanReviewArtwork ?? false;
$submitterUserId = Session::$User?->Benefits?->CanUploadArtwork ? Session::$User->UserId : null;
$isSubmitterView = !$isReviewerView && $submitterUserId !== null;
$filterArtworkStatus = 'all';

4
www/artworks/edit.php
View file

@ -9,7 +9,7 @@ $exception = $_SESSION['exception'] ?? null;
$artwork = $_SESSION['artwork'] ?? null;
try{
if($GLOBALS['User'] === null){
if(Session::$User === null){
throw new Exceptions\LoginRequiredException();
}
@ -17,7 +17,7 @@ try{
$artwork = Artwork::GetByUrl(HttpInput::Str(GET, 'artist-url-name'), HttpInput::Str(GET, 'artwork-url-name'));
}
if(!$artwork->CanBeEditedBy($GLOBALS['User'])){
if(!$artwork->CanBeEditedBy(Session::$User)){
throw new Exceptions\InvalidPermissionsException();
}

18
www/artworks/get.php
View file

@ -28,14 +28,14 @@ try{
}
}
$isReviewerView = $GLOBALS['User']->Benefits->CanReviewArtwork ?? false;
$isAdminView = $GLOBALS['User']->Benefits->CanReviewOwnArtwork ?? false;
$isReviewerView = Session::$User->Benefits->CanReviewArtwork ?? false;
$isAdminView = Session::$User->Benefits->CanReviewOwnArtwork ?? false;
// If the artwork is not approved, and we're not an admin or the submitter when they can edit, don't show it.
if(
($GLOBALS['User'] === null && $artwork->Status != Enums\ArtworkStatusType::Approved)
(Session::$User === null && $artwork->Status != Enums\ArtworkStatusType::Approved)
||
($GLOBALS['User'] !== null && $artwork->Status != Enums\ArtworkStatusType::Approved && $artwork->SubmitterUserId != $GLOBALS['User']->UserId && !$isReviewerView)
(Session::$User !== null && $artwork->Status != Enums\ArtworkStatusType::Approved && $artwork->SubmitterUserId != Session::$User->UserId && !$isReviewerView)
){
throw new Exceptions\InvalidPermissionsException();
}
@ -164,20 +164,20 @@ catch(Exceptions\InvalidPermissionsException){
<?= Formatter::MarkdownToHtml($artwork->Notes) ?>
<? } ?>
<? if($artwork->CanBeEditedBy($GLOBALS['User'])){ ?>
<? if($artwork->CanBeEditedBy(Session::$User)){ ?>
<h2>Edit artwork</h2>
<p>An editor or the submitter may edit this artwork before its approved. Once its approved, it can no longer be edited.</p>
<p><a href="<?= $artwork->EditUrl ?>">Edit this artwork.</a></p>
<? } ?>
<? if($artwork->CanStatusBeChangedBy($GLOBALS['User']) || $artwork->CanEbookUrlBeChangedBy($GLOBALS['User'])){ ?>
<? if($artwork->CanStatusBeChangedBy(Session::$User) || $artwork->CanEbookUrlBeChangedBy(Session::$User)){ ?>
<h2>Editor options</h2>
<? if($artwork->CanStatusBeChangedBy($GLOBALS['User'])){ ?>
<? if($artwork->CanStatusBeChangedBy(Session::$User)){ ?>
<p>Review the metadata and PD proof for this artwork submission. Approve to make it available for future producers. Once an artwork is approved, it can no longer be edited.</p>
<? } ?>
<form method="post" action="<?= $artwork->Url ?>" autocomplete="off">
<input type="hidden" name="_method" value="PATCH" />
<? if($artwork->CanStatusBeChangedBy($GLOBALS['User'])){ ?>
<? if($artwork->CanStatusBeChangedBy(Session::$User)){ ?>
<label>
<span>Artwork approval status</span>
<span>
@ -191,7 +191,7 @@ catch(Exceptions\InvalidPermissionsException){
<? }else{ ?>
<input type="hidden" name="artwork-status" value="<?= Formatter::EscapeHtml($artwork->Status->value ?? '') ?>" />
<? } ?>
<? if($artwork->CanEbookUrlBeChangedBy($GLOBALS['User'])){ ?>
<? if($artwork->CanEbookUrlBeChangedBy(Session::$User)){ ?>
<label>
<span>In use by</span>
<span>The full S.E. ebook URL. If not in use, leave this blank.</span>

6
www/artworks/index.php
View file

@ -11,8 +11,8 @@ $totalArtworkCount = 0;
$pageDescription = '';
$pageTitle = '';
$queryString = '';
$isReviewerView = $GLOBALS['User']?->Benefits?->CanReviewArtwork ?? false;
$submitterUserId = $GLOBALS['User']?->Benefits?->CanUploadArtwork ? $GLOBALS['User']->UserId : null;
$isReviewerView = Session::$User?->Benefits?->CanReviewArtwork ?? false;
$submitterUserId = Session::$User?->Benefits?->CanUploadArtwork ? Session::$User->UserId : null;
$isSubmitterView = !$isReviewerView && $submitterUserId !== null;
try{
@ -132,7 +132,7 @@ catch(Exceptions\PageOutOfBoundsException){
<main class="artworks">
<section class="narrow">
<h1>Browse U.S. Public Domain Artwork</h1>
<p><? if($GLOBALS['User']?->Benefits->CanUploadArtwork){ ?><a href="/artworks/new">Submit new public domain artwork.</a><? }else{ ?>You can help Standard Ebooks by <a href="/artworks/new">submitting new public domain artwork</a> to add to this catalog for use in future ebooks. For free access to the submission form, <a href="/about#editor-in-chief">contact the Editor-in-Chief</a>.<? } ?></p>
<p><? if(Session::$User?->Benefits->CanUploadArtwork){ ?><a href="/artworks/new">Submit new public domain artwork.</a><? }else{ ?>You can help Standard Ebooks by <a href="/artworks/new">submitting new public domain artwork</a> to add to this catalog for use in future ebooks. For free access to the submission form, <a href="/about#editor-in-chief">contact the Editor-in-Chief</a>.<? } ?></p>
<form class="browse-artwork" action="/artworks" method="get" rel="search">
<label>
<span>Status</span>

6
www/artworks/new.php
View file

@ -10,11 +10,11 @@ $exception = $_SESSION['exception'] ?? null;
$artwork = $_SESSION['artwork'] ?? null;
try{
if($GLOBALS['User'] === null){
if(Session::$User === null){
throw new Exceptions\LoginRequiredException();
}
if(!$GLOBALS['User']->Benefits->CanUploadArtwork){
if(!Session::$User->Benefits->CanUploadArtwork){
throw new Exceptions\InvalidPermissionsException();
}
@ -35,7 +35,7 @@ try{
$artwork = new Artwork();
$artwork->Artist = new Artist();
if($GLOBALS['User']->Benefits->CanReviewOwnArtwork){
if(Session::$User->Benefits->CanReviewOwnArtwork){
$artwork->Status = Enums\ArtworkStatusType::Approved;
}
}

22
www/artworks/post.php
View file

@ -9,30 +9,30 @@ try{
throw new Exceptions\InvalidRequestException('File upload too large.');
}
if($GLOBALS['User'] === null){
if(Session::$User === null){
throw new Exceptions\LoginRequiredException();
}
// POSTing a new artwork
if($httpMethod == Enums\HttpMethod::Post){
if(!$GLOBALS['User']->Benefits->CanUploadArtwork){
if(!Session::$User->Benefits->CanUploadArtwork){
throw new Exceptions\InvalidPermissionsException();
}
$artwork = new Artwork();
$artwork->FillFromHttpPost();
$artwork->SubmitterUserId = $GLOBALS['User']->UserId ?? null;
$artwork->SubmitterUserId = Session::$User->UserId ?? null;
// Only approved reviewers can set the status to anything but unverified when uploading.
// The submitter cannot review their own submissions unless they have special permission.
if($artwork->Status !== Enums\ArtworkStatusType::Unverified && !$artwork->CanStatusBeChangedBy($GLOBALS['User'])){
if($artwork->Status !== Enums\ArtworkStatusType::Unverified && !$artwork->CanStatusBeChangedBy(Session::$User)){
throw new Exceptions\InvalidPermissionsException();
}
// If the artwork is approved, set the reviewer.
if($artwork->Status !== Enums\ArtworkStatusType::Unverified){
$artwork->ReviewerUserId = $GLOBALS['User']->UserId;
$artwork->ReviewerUserId = Session::$User->UserId;
}
$artwork->Create(HttpInput::File('artwork-image'));
@ -48,7 +48,7 @@ try{
if($httpMethod == Enums\HttpMethod::Put){
$originalArtwork = Artwork::GetByUrl(HttpInput::Str(GET, 'artist-url-name'), HttpInput::Str(GET, 'artwork-url-name'));
if(!$originalArtwork->CanBeEditedBy($GLOBALS['User'])){
if(!$originalArtwork->CanBeEditedBy(Session::$User)){
throw new Exceptions\InvalidPermissionsException();
}
@ -62,11 +62,11 @@ try{
$newStatus = Enums\ArtworkStatusType::tryFrom(HttpInput::Str(POST, 'artwork-status') ?? '');
if($newStatus !== null){
if($originalArtwork->Status != $newStatus && !$originalArtwork->CanStatusBeChangedBy($GLOBALS['User'])){
if($originalArtwork->Status != $newStatus && !$originalArtwork->CanStatusBeChangedBy(Session::$User)){
throw new Exceptions\InvalidPermissionsException();
}
$artwork->ReviewerUserId = $GLOBALS['User']->UserId;
$artwork->ReviewerUserId = Session::$User->UserId;
$artwork->Status = $newStatus;
}
@ -93,11 +93,11 @@ try{
if(isset($_POST['artwork-status'])){
$newStatus = Enums\ArtworkStatusType::tryFrom(HttpInput::Str(POST, 'artwork-status') ?? '');
if($newStatus !== null){
if($artwork->Status != $newStatus && !$artwork->CanStatusBeChangedBy($GLOBALS['User'])){
if($artwork->Status != $newStatus && !$artwork->CanStatusBeChangedBy(Session::$User)){
throw new Exceptions\InvalidPermissionsException();
}
$artwork->ReviewerUserId = $GLOBALS['User']->UserId;
$artwork->ReviewerUserId = Session::$User->UserId;
$artwork->Status = $newStatus;
}
@ -108,7 +108,7 @@ try{
if(isset($_POST['artwork-ebook-url'])){
$newEbookUrl = HttpInput::Str(POST, 'artwork-ebook-url');
if($artwork->EbookUrl != $newEbookUrl && !$artwork->CanEbookUrlBeChangedBy($GLOBALS['User'])){
if($artwork->EbookUrl != $newEbookUrl && !$artwork->CanEbookUrlBeChangedBy(Session::$User)){
throw new Exceptions\InvalidPermissionsException();
}

2
www/bulk-downloads/collection.php
View file

@ -9,7 +9,7 @@ if($class === null || ($class != 'authors' && $class != 'collections' && $class
Template::Emit404();
}
if($GLOBALS['User'] !== null && $GLOBALS['User']->Benefits->CanBulkDownload){
if(Session::$User?->Benefits->CanBulkDownload){
$canDownload = true;
}

4
www/bulk-downloads/download.php
View file

@ -10,7 +10,7 @@ try{
throw new Exceptions\InvalidFileException();
}
if($GLOBALS['User'] === null){
if(Session::$User === null){
throw new Exceptions\LoginRequiredException();
}
@ -18,7 +18,7 @@ try{
throw new Exceptions\InvalidPermissionsException();
}
if(!$GLOBALS['User']->Benefits->CanBulkDownload){
if(!Session::$User->Benefits->CanBulkDownload){
throw new Exceptions\InvalidPermissionsException();
}

2
www/bulk-downloads/get.php
View file

@ -8,7 +8,7 @@ $authorUrlName = HttpInput::Str(GET, 'author');
$canDownload = false;
try{
if($GLOBALS['User'] !== null && $GLOBALS['User']->Benefits->CanBulkDownload){
if(Session::$User?->Benefits->CanBulkDownload){
$canDownload = true;
}

2
www/bulk-downloads/index.php
View file

@ -1,6 +1,6 @@
<?
$canDownload = false;
if($GLOBALS['User'] !== null && $GLOBALS['User']->Benefits->CanBulkDownload){
if(Session::$User?->Benefits->CanBulkDownload){
$canDownload = true;
}

2
www/ebooks/download.php
View file

@ -5,7 +5,7 @@ use Safe\DateTimeImmutable;
$ebook = null;
$downloadCount = $_COOKIE['download-count'] ?? 0;
$showThankYouPage = $GLOBALS['User'] === null && $downloadCount < 5;
$showThankYouPage = Session::$User === null && $downloadCount < 5;
$downloadUrl = null;
try{

3
www/feeds/atom/index.php
View file

@ -15,7 +15,8 @@
</li>
<li>
<p><a href="/feeds/atom/all">All ebooks</a></p>
<p class="url"><? if($GLOBALS['User'] !== null){ ?>https://<?= rawurlencode($GLOBALS['User']->Email) ?>@<?= SITE_DOMAIN ?><? }else{ ?><?= SITE_URL ?><? } ?>/feeds/atom/all</p>
<p class="url">
<? if(isset(Session::$User->Email)){ ?>https://<?= rawurlencode(Session::$User->Email) ?>@<?= SITE_DOMAIN ?><? }else{ ?><?= SITE_URL ?><? } ?>/feeds/atom/all</p>
<p>All Standard Ebooks, most-recently-released first.</p>
</li>
</ul>

2
www/feeds/collection.php
View file

@ -41,7 +41,7 @@ catch(Safe\Exceptions\ApcuException){
<? foreach($feeds as $feed){ ?>
<li>
<p><a href="<?= Formatter::EscapeHtml($feed->Url) ?>"><?= Formatter::EscapeHtml($feed->Label) ?></a></p>
<p class="url"><? if($GLOBALS['User'] !== null){ ?>https://<?= rawurlencode($GLOBALS['User']->Email) ?>@<?= SITE_DOMAIN ?><? }else{ ?><?= SITE_URL ?><? } ?><?= Formatter::EscapeHtml($feed->Url) ?></p>
<p class="url"><? if(isset(Session::$User->Email)){ ?>https://<?= rawurlencode(Session::$User->Email) ?>@<?= SITE_DOMAIN ?><? }else{ ?><?= SITE_URL ?><? } ?><?= Formatter::EscapeHtml($feed->Url) ?></p>
</li>
<? } ?>
</ul>

4
www/feeds/download.php
View file

@ -33,7 +33,7 @@ try{
}
if(!$isUserAgentAllowed){
if($GLOBALS['User'] === null){
if(Session::$User === null){
throw new Exceptions\LoginRequiredException();
}
@ -41,7 +41,7 @@ try{
throw new Exceptions\InvalidPermissionsException();
}
if(!$GLOBALS['User']->Benefits->CanAccessFeeds){
if(!Session::$User->Benefits->CanAccessFeeds){
throw new Exceptions\InvalidPermissionsException();
}
}

2
www/feeds/get.php
View file

@ -82,7 +82,7 @@ catch(Exceptions\CollectionNotFoundException){
<ul class="feed">
<li>
<p><a href="/feeds/<?= $type ?>/<?= $name ?>/<?= $target?>"><?= Formatter::EscapeHtml($label) ?></a></p>
<p class="url"><? if($GLOBALS['User'] !== null){ ?>https://<?= rawurlencode($GLOBALS['User']->Email) ?>@<?= SITE_DOMAIN ?><? }else{ ?><?= SITE_URL ?><? } ?>/feeds/<?= $type ?>/<?= $name ?>/<?= $target?></p>
<p class="url"><? if(isset(Session::$User->Email)){ ?>https://<?= rawurlencode(Session::$User->Email) ?>@<?= SITE_DOMAIN ?><? }else{ ?><?= SITE_URL ?><? } ?>/feeds/<?= $type ?>/<?= $name ?>/<?= $target?></p>
</li>
</ul>
</section>

2
www/feeds/index.php
View file

@ -17,7 +17,7 @@
<ul class="feed">
<li>
<p><a href="/feeds/opds">The Standard Ebooks OPDS feed</a></p>
<p class="url"><? if($GLOBALS['User'] !== null){ ?>https://<?= rawurlencode($GLOBALS['User']->Email) ?>@<?= SITE_DOMAIN ?><? }else{ ?><?= SITE_URL ?><? } ?>/feeds/opds</p>
<p class="url"><? if(isset(Session::$User->Email)){ ?>https://<?= rawurlencode(Session::$User->Email) ?>@<?= SITE_DOMAIN ?><? }else{ ?><?= SITE_URL ?><? } ?>/feeds/opds</p>
</li>
</ul>
</section>

14
www/polls/get.php
View file

@ -1,22 +1,20 @@
<?
use Safe\DateTimeImmutable;
$poll = new Poll();
$canVote = true; // Allow non-logged-in users to see the 'vote' button
$canVote = true; // Allow non-logged-in users to see the 'vote' button.
try{
$poll = Poll::GetByUrlName(HttpInput::Str(GET, 'pollurlname'));
if(!$poll->IsActive() && $poll->End !== null && $poll->End < NOW){
// If the poll ended, redirect to the results
// If the poll ended, redirect to the results.
header('Location: ' . $poll->Url . '/votes');
exit();
}
if(isset($GLOBALS['User'])){
$canVote = false; // User is logged in, hide the vote button unless they haven't voted yet
if(Session::$User !== null){
$canVote = false; // User is logged in, hide the vote button unless they haven't voted yet.
try{
PollVote::Get($poll->UrlName, $GLOBALS['User']->UserId);
PollVote::Get($poll->UrlName, Session::$User->UserId);
}
catch(Exceptions\AppException){
// User has already voted
@ -42,7 +40,7 @@ catch(Exceptions\AppException){
<? } ?>
<p class="button-row narrow">
<? if($canVote){ ?>
<a href="<?= $poll->Url ?>/votes/new" class="button">Vote now</a>
<a href="<?= $poll->Url ?>/votes/new" class="button">Vote now</a>
<? } ?>
<a href="<?= $poll->Url ?>/votes" class="button">View results</a>
</p>

8
www/polls/votes/new.php
View file

@ -9,7 +9,7 @@ $vote = new PollVote();
$exception = $_SESSION['exception'] ?? null;
try{
if($GLOBALS['User'] === null){
if(Session::$User === null){
throw new Exceptions\LoginRequiredException();
}
@ -19,14 +19,14 @@ try{
}
if(!isset($vote->UserId)){
$vote->UserId = $GLOBALS['User']->UserId;
$vote->User = $GLOBALS['User'];
$vote->UserId = Session::$User->UserId;
$vote->User = Session::$User;
}
$poll = Poll::GetByUrlName(HttpInput::Str(GET, 'pollurlname'));
try{
$vote = PollVote::Get($poll->UrlName, $GLOBALS['User']->UserId);
$vote = PollVote::Get($poll->UrlName, Session::$User->UserId);
// Vote was found, don't allow another vote
throw new Exceptions\PollVoteExistsException($vote);

2
www/sessions/new.php
View file

@ -3,7 +3,7 @@ use function Safe\session_unset;
session_start();
if($GLOBALS['User'] !== null){
if(Session::$User !== null){
header('Location: /');
exit();
}