1<?php 2 3use App\Repository\BugRepository; 4use App\Repository\VoteRepository; 5 6die('Voting on tickets is disabled'); 7 8// Obtain common includes 9require_once '../include/prepend.php'; 10 11$id = isset($_POST['id']) ? (int) $_POST['id'] : 0; 12if (empty($id)) { 13 die('invalid bug id'); 14} 15 16if (!isset($_POST['score'])) die("missing parameter score"); 17$score = (int) $_POST['score']; 18if ($score < -2 || $score > 2) { 19 die("invalid score: $score"); 20} 21 22if (!isset($_POST['reproduced'])) die("missing parameter reproduced"); 23$reproduced = (int) $_POST['reproduced']; 24 25$samever = isset($_POST['samever']) ? (int) $_POST['samever'] : 0; 26$sameos = isset($_POST['sameos']) ? (int) $_POST['sameos'] : 0; 27 28if (!$container->get(BugRepository::class)->exists($id)) { 29 session_start(); 30 31 // Authenticate 32 bugs_authenticate($user, $pw, $logged_in, $user_flags); 33 34 response_header('No such bug.'); 35 display_bug_error("No such bug #{$id}"); 36 response_footer(); 37 exit; 38} 39 40// Figure out which IP the user is coming from avoiding RFC 1918 space 41function get_real_ip () 42{ 43 $ip = false; 44 45 // User is behind a proxy and check that we discard RFC1918 IP 46 // addresses if they are behind a proxy then only figure out which 47 // IP belongs to the user. Might not need any more hacking if 48 // there is a squid reverse proxy infront of apache. 49 if (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) { 50 $ips = explode (", ", $_SERVER['HTTP_X_FORWARDED_FOR']); 51 if ($ip) { array_unshift($ips, $ip); $ip = false; } 52 for ($i = 0; $i < count($ips); $i++) { 53 // Skip RFC 1918 IP's 10.0.0.0/8, 172.16.0.0/12 and 192.168.0.0/16 54 // -- jim kill me later with my regexp pattern below. 55 if (!eregi ("^(10|172\.16|192\.168)\.", $ips[$i]) && 56 preg_match("/\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}/", $ips[$i])) { 57 $ip = $ips[$i]; 58 break; 59 } 60 } 61 } 62 return ($ip ? $ip : $_SERVER['REMOTE_ADDR']); 63} 64 65$ip = ip2long(get_real_ip()); 66// TODO: check if ip address has been banned. hopefully this will never need to be implemented. 67 68// Check whether the user has already voted on this bug. 69if (empty($container->get(VoteRepository::class)->findOneByIdAndIp($id, $ip))) { 70 // If the user vote isn't found, create one. 71 $dbh->prepare(" 72 INSERT INTO bugdb_votes (bug, ip, score, reproduced, tried, sameos, samever) 73 VALUES ( 74 {$id}, {$ip}, {$score}, " . 75 ($reproduced == 1 ? "1," : "0,") . 76 ($reproduced != 2 ? "1," : "0,") . 77 ($reproduced ? "$sameos," : "NULL,") . 78 ($reproduced ? "$samever" : "NULL") . 79 ')' 80 )->execute(); 81 82 // redirect to the bug page (which will display the success message) 83 redirect("bug.php?id=$id&thanks=6"); 84} else { 85 // As the user has already voted, just update their existing vote. 86 $dbh->prepare("UPDATE bugdb_votes 87 SET score = ?, reproduced = ? , tried = ?, sameos = ?, samever = ? 88 WHERE bug = ? AND ip = ?") 89 ->execute([ 90 $score, 91 ($reproduced == 1 ? "1" : "0"), 92 ($reproduced != 2 ? "1" : "0"), 93 ($reproduced ? "$sameos" : null), 94 ($reproduced ? "$samever" : null), 95 $id, 96 $ip 97 ]); 98 99 // Let the user know they have already voted and the existing vote will be 100 // updated. 101 redirect("bug.php?id=$id&thanks=10"); 102} 103
