aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--auth/index.js4
-rw-r--r--poll/index.js1
2 files changed, 3 insertions, 2 deletions
diff --git a/auth/index.js b/auth/index.js
index bfff5e1..a64d582 100644
--- a/auth/index.js
+++ b/auth/index.js
@@ -62,8 +62,8 @@ app.get("/api/list", checkUser, async (req, res) => {
users = await db.query("SELECT id, name, middlename, surname FROM users ORDER BY name");
} else {
users = await db.query(
- "SELECT id, name, middlename, surname FROM users WHERE class_id = (SELECT class_id FROM users WHERE id = ?) ORDER BY name",
- [req.session.uid],
+ "SELECT id, name, middlename, surname FROM users WHERE class_id = (SELECT class_id FROM users WHERE id = ?) AND id != ? ORDER BY name",
+ [req.session.uid, req.session.uid],
);
}
diff --git a/poll/index.js b/poll/index.js
index 74b5875..809ab44 100644
--- a/poll/index.js
+++ b/poll/index.js
@@ -7,6 +7,7 @@ app.use("/", checkUser, express.static(__dirname + "/public"));
app.post("/api/answer", checkUser, async (req, res) => {
if (!req.body.answer || !req.body.question) return res.send("error");
+ if (req.body.answer == req.session.uid) return res.send("error");
try {
const user_class = (await db.query("SELECT class_id FROM users WHERE id = ?", [req.session.uid]))[0].class_id;
const answer_class = (await db.query("SELECT class_id FROM users WHERE id = ?", [parseInt(req.body.answer)]))[0]