Blabla

author: Marvin Borner 2020-10-07 10:06:28 +0200
committer: Marvin Borner 2020-10-07 10:06:28 +0200
commit: 42154f7baf7b61686eea00bf4d2807881093ef82 (patch)
tree: 8883bbcb0289ea11d3e91b93a1457b31c7e59473
parent: fd15546c012e42867f9b052433f968d7cd2f27da (diff)
2 files changed, 3 insertions, 2 deletions
diff --git a/auth/index.js b/auth/index.js
index bfff5e1..a64d582 100644
--- a/auth/index.js
+++ b/auth/index.js
@@ -62,8 +62,8 @@ app.get("/api/list", checkUser, async (req, res) => {
         users = await db.query("SELECT id, name, middlename, surname FROM users ORDER BY name");
     } else {
         users = await db.query(
-            "SELECT id, name, middlename, surname FROM users WHERE class_id = (SELECT class_id FROM users WHERE id = ?) ORDER BY name",
-            [req.session.uid],
+            "SELECT id, name, middlename, surname FROM users WHERE class_id = (SELECT class_id FROM users WHERE id = ?) AND id != ? ORDER BY name",
+            [req.session.uid, req.session.uid],
         );
     }
 
diff --git a/poll/index.js b/poll/index.js
index 74b5875..809ab44 100644
--- a/poll/index.js
+++ b/poll/index.js
@@ -7,6 +7,7 @@ app.use("/", checkUser, express.static(__dirname + "/public"));
 
 app.post("/api/answer", checkUser, async (req, res) => {
     if (!req.body.answer || !req.body.question) return res.send("error");
+    if (req.body.answer == req.session.uid) return res.send("error");
     try {
         const user_class = (await db.query("SELECT class_id FROM users WHERE id = ?", [req.session.uid]))[0].class_id;
         const answer_class = (await db.query("SELECT class_id FROM users WHERE id = ?", [parseInt(req.body.answer)]))[0]
author	Marvin Borner	2020-10-07 10:06:28 +0200
committer	Marvin Borner	2020-10-07 10:06:28 +0200
commit	42154f7baf7b61686eea00bf4d2807881093ef82 (patch)
tree	8883bbcb0289ea11d3e91b93a1457b31c7e59473
parent	fd15546c012e42867f9b052433f968d7cd2f27da (diff)