1<?php 2 3use App\Repository\BugRepository; 4use App\Repository\VoteRepository; 5 6// Obtain common includes 7require_once '../include/prepend.php'; 8 9$id = isset($_POST['id']) ? (int) $_POST['id'] : 0; 10if (empty($id)) { 11 die('invalid bug id'); 12} 13 14if (!isset($_POST['score'])) die("missing parameter score"); 15$score = (int) $_POST['score']; 16if ($score < -2 || $score > 2) { 17 die("invalid score: $score"); 18} 19 20if (!isset($_POST['reproduced'])) die("missing parameter reproduced"); 21$reproduced = (int) $_POST['reproduced']; 22 23$samever = isset($_POST['samever']) ? (int) $_POST['samever'] : 0; 24$sameos = isset($_POST['sameos']) ? (int) $_POST['sameos'] : 0; 25 26if (!$container->get(BugRepository::class)->exists($id)) { 27 session_start(); 28 29 // Authenticate 30 bugs_authenticate($user, $pw, $logged_in, $user_flags); 31 32 response_header('No such bug.'); 33 display_bug_error("No such bug #{$id}"); 34 response_footer(); 35 exit; 36} 37 38// Figure out which IP the user is coming from avoiding RFC 1918 space 39function get_real_ip () 40{ 41 $ip = false; 42 43 // User is behind a proxy and check that we discard RFC1918 IP 44 // addresses if they are behind a proxy then only figure out which 45 // IP belongs to the user. Might not need any more hacking if 46 // there is a squid reverse proxy infront of apache. 47 if (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) { 48 $ips = explode (", ", $_SERVER['HTTP_X_FORWARDED_FOR']); 49 if ($ip) { array_unshift($ips, $ip); $ip = false; } 50 for ($i = 0; $i < count($ips); $i++) { 51 // Skip RFC 1918 IP's 10.0.0.0/8, 172.16.0.0/12 and 192.168.0.0/16 52 // -- jim kill me later with my regexp pattern below. 53 if (!eregi ("^(10|172\.16|192\.168)\.", $ips[$i]) && 54 preg_match("/\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}/", $ips[$i])) { 55 $ip = $ips[$i]; 56 break; 57 } 58 } 59 } 60 return ($ip ? $ip : $_SERVER['REMOTE_ADDR']); 61} 62 63$ip = ip2long(get_real_ip()); 64// TODO: check if ip address has been banned. hopefully this will never need to be implemented. 65 66// Check whether the user has already voted on this bug. 67if (empty($container->get(VoteRepository::class)->findOneByIdAndIp($id, $ip))) { 68 // If the user vote isn't found, create one. 69 $dbh->prepare(" 70 INSERT INTO bugdb_votes (bug, ip, score, reproduced, tried, sameos, samever) 71 VALUES ( 72 {$id}, {$ip}, {$score}, " . 73 ($reproduced == 1 ? "1," : "0,") . 74 ($reproduced != 2 ? "1," : "0,") . 75 ($reproduced ? "$sameos," : "NULL,") . 76 ($reproduced ? "$samever" : "NULL") . 77 ')' 78 )->execute(); 79 80 // redirect to the bug page (which will display the success message) 81 redirect("bug.php?id=$id&thanks=6"); 82} else { 83 // As the user has already voted, just update their existing vote. 84 $dbh->prepare("UPDATE bugdb_votes 85 SET score = ?, reproduced = ? , tried = ?, sameos = ?, samever = ? 86 WHERE bug = ? AND ip = ?") 87 ->execute([ 88 $score, 89 ($reproduced == 1 ? "1" : "0"), 90 ($reproduced != 2 ? "1" : "0"), 91 ($reproduced ? "$sameos" : null), 92 ($reproduced ? "$samever" : null), 93 $id, 94 $ip 95 ]); 96 97 // Let the user know they have already voted and the existing vote will be 98 // updated. 99 redirect("bug.php?id=$id&thanks=10"); 100} 101