store client ip hash

asterjdm · May 15, 2024 · 1814e20 · 1814e20
1 parent c275bc5
commit 1814e20
Show file tree

Hide file tree

Showing 3 changed files with 47 additions and 3 deletions.
diff --git a/api/newRating.php b/api/newRating.php
@@ -3,7 +3,11 @@
 ini_set('display_startup_errors', '1');
 error_reporting(E_ALL);
 
+header('Content-type: application/json');
+
 include_once(dirname(__FILE__) . "/database.php");
+include_once(dirname(__FILE__) . "/utils/getClientIp.php");
+include_once(dirname(__FILE__) . "/secrets.php");
 
 $db = new Database;
 $teachingQualityRating = $db->escapeStrings($_POST["teachingQuality"]);
@@ -13,6 +17,9 @@
 
 $teacherId = $db->escapeStrings($_POST["teacherId"]);
 
+$clientIp = getClientIp();
+$hashedIp = $db->escapeStrings(hash("sha256", $clientIp. HASH_SECRET));
+
 if($teachingQualityRating > 10 || $teachingQualityRating <= 0 || 
    $kindnessRating > 10 || $kindnessRating <= 0 || 
    $authorityRating > 10 || $authorityRating <= 0 || 
@@ -21,8 +28,22 @@
     exit();
 }
 
-$db->query("INSERT INTO cescoleaks_votes (teacher_ID, teaching_quality, kindness, authority, humor) VALUES 
-            ('$teacherId', '$teachingQualityRating', '$kindnessRating', '$authorityRating', '$humorRating')");
+$sameUserVotes = $db->select("SELECT * FROM cescoleaks_votes WHERE teacher_ID = '$teacherId' AND IP = '$hashedIp'");
+if(count($sameUserVotes) >= 1){
+    $db->query("UPDATE cescoleaks_votes 
+                SET teaching_quality = '$teachingQualityRating', 
+                    kindness = '$kindnessRating', 
+                    authority = '$authorityRating', 
+                    humor = '$humorRating' 
+                WHERE teacher_ID = '$teacherId' AND IP = '$hashedIp'
+    ");
+
+    echo json_encode(array("info" => "vote updated"));
+    exit();
+}
+
+$db->query("INSERT INTO cescoleaks_votes (teacher_ID, IP, teaching_quality, kindness, authority, humor) VALUES 
+            ('$teacherId', '$hashedIp', '$teachingQualityRating', '$kindnessRating', '$authorityRating', '$humorRating')");
 
 exit(); // we never know
 ?>
diff --git a/api/utils/getClientIp.php b/api/utils/getClientIp.php
@@ -0,0 +1,21 @@
+<?php
+function getClientIp() {
+    $ipaddress = '';
+    if (isset($_SERVER['HTTP_CLIENT_IP']))
+        $ipaddress = $_SERVER['HTTP_CLIENT_IP'];
+    else if(isset($_SERVER['HTTP_X_FORWARDED_FOR']))
+        $ipaddress = $_SERVER['HTTP_X_FORWARDED_FOR'];
+    else if(isset($_SERVER['HTTP_X_FORWARDED']))
+        $ipaddress = $_SERVER['HTTP_X_FORWARDED'];
+    else if(isset($_SERVER['HTTP_FORWARDED_FOR']))
+        $ipaddress = $_SERVER['HTTP_FORWARDED_FOR'];
+    else if(isset($_SERVER['HTTP_FORWARDED']))
+        $ipaddress = $_SERVER['HTTP_FORWARDED'];
+    else if(isset($_SERVER['REMOTE_ADDR']))
+        $ipaddress = $_SERVER['REMOTE_ADDR'];
+    else
+        $ipaddress = 'UNKNOWN';
+    return $ipaddress;
+}
+
+?>
diff --git a/scripts/rating.js b/scripts/rating.js
@@ -12,5 +12,7 @@ async function sendVotes(profId, teachingQuality, kindness, authority, humor) {
     }),
   });
 
-  console.log(response);
+  if (response.json().info == "vote updated") {
+    alert("Votre vote a été mis a jour");
+  }
 }