aboutsummaryrefslogtreecommitdiff
path: root/poll
diff options
context:
space:
mode:
Diffstat (limited to 'poll')
-rw-r--r--poll/index.js7
-rw-r--r--poll/public/script.js4
2 files changed, 8 insertions, 3 deletions
diff --git a/poll/index.js b/poll/index.js
index ab9ee6f..74b5875 100644
--- a/poll/index.js
+++ b/poll/index.js
@@ -8,6 +8,11 @@ app.use("/", checkUser, express.static(__dirname + "/public"));
app.post("/api/answer", checkUser, async (req, res) => {
if (!req.body.answer || !req.body.question) return res.send("error");
try {
+ const user_class = (await db.query("SELECT class_id FROM users WHERE id = ?", [req.session.uid]))[0].class_id;
+ const answer_class = (await db.query("SELECT class_id FROM users WHERE id = ?", [parseInt(req.body.answer)]))[0]
+ .class_id;
+ if (user_class != answer_class) return res.send("error");
+
await db.query("INSERT INTO ranking_answers (question_id, user_id, answer_id) VALUE (?,?,?)", [
parseInt(req.body.question),
req.session.uid,
@@ -25,7 +30,7 @@ app.get("/api/get", checkUser, async (req, res) => {
const question = (
await db.query(
"SELECT q.id, q.question, t.name FROM ranking_questions AS q INNER JOIN types AS t ON type_id = t.id WHERE q.id NOT IN (SELECT question_id FROM ranking_answers WHERE user_id = ?) AND t.name = 'pupil' LIMIT 1",
- [req.session.uid]
+ [req.session.uid],
)
)[0];
res.json(question);
diff --git a/poll/public/script.js b/poll/public/script.js
index a42777f..bfb686d 100644
--- a/poll/public/script.js
+++ b/poll/public/script.js
@@ -10,7 +10,7 @@ function appendOption(response) {
"beforeend",
`<option value="${elem["id"]}">${elem["name"]} ${elem["middlename"] ? elem["middlename"] : " "}${
elem["surname"]
- }</option>`
+ }</option>`,
);
});
}
@@ -23,7 +23,7 @@ function appendQuote(response) {
"beforeend",
`<li>${elem["name"]} ${elem["middlename"] ? elem["middlename"] : " "}${elem["surname"]}: ${
elem["quote"]
- }</li>`
+ }</li>`,
);
});
}