Non puoi selezionare più di 25 argomenti Gli argomenti devono iniziare con una lettera o un numero, possono includere trattini ('-') e possono essere lunghi fino a 35 caratteri.

144 righe
4.3 KiB

  1. <?php
  2. /**
  3. * Mempersiapkan session. session.use_trans_sid digunakan untuk menghindari
  4. * penyantuman Session ID pada setiap URL.
  5. *
  6. * Ref: https://stackoverflow.com/questions/1745984/php-session-use-trans-sid
  7. */
  8. ini_set('session.use_only_cookies', TRUE );
  9. ini_set('session.use_trans_sid', FALSE );
  10. session_start();
  11. require_once("conn/db.php");
  12. require_once('utils/helper.php');
  13. /**
  14. * Cek session serta token. Kemudian menyimpan nilai NIM dari session.
  15. */
  16. if (!isset($_SESSION['nim']) && !isset($_SESSION['token'])) {
  17. header('location:login.php');
  18. } else {
  19. $nim = $_SESSION['nim'];
  20. }
  21. /**
  22. * Di file ini ada 2 proses, yakni submit dari form voting
  23. * dan submit dari form login. Form login akan dihapus nanti.
  24. */
  25. if ($_POST['formSubmit'] == "Submit") {
  26. /**
  27. * Cek jika token pada $_POST ada.
  28. */
  29. if (!empty($_POST['token_'])) {
  30. if (hash_equals($_SESSION['token'], $_POST['token_'])) {
  31. /**
  32. * Menyipakan data yang akan diinput ke DB
  33. */
  34. $senat = $_POST['senat'];
  35. $balma = $_POST['balma'];
  36. // Ada yang kosong.
  37. if (!isset($senat) || !isset($balma) || empty($senat) || empty($balma)) {
  38. $_SESSION['get'] = 1;
  39. header('location:index.php?get=1');
  40. } else {
  41. $pecah = explode('-', $senat);
  42. $pecah2 = explode('-', $balma);
  43. $id_cln_senat = $pecah[0];
  44. $id_sts_senat = $pecah[1];
  45. $id_cln_balma = $pecah2[0];
  46. $id_sts_balma = $pecah2[1];
  47. if (empty($id_cln_senat) && empty($id_cln_balma) && empty($id_sts_senat) && empty($id_sts_balma)) {
  48. $_SESSION['get'] = 4;
  49. header('location:index.php?get=4');
  50. } else {
  51. $queryCheckSenat = "SELECT * FROM tb_calon WHERE id_calon='$id_cln_senat' AND id_status='$id_sts_senat'";
  52. $queryCheckBalma = "SELECT * FROM tb_calon WHERE id_calon='$id_cln_balma' AND id_status='$id_sts_balma'";
  53. $isCandidateSenat = odbc_num_rows(odbc_exec($koneksi, $queryCheckSenat));
  54. $isCandidateBalma = odbc_num_rows(odbc_exec($koneksi, $queryCheckBalma));
  55. //cek jika hasil pecah terdapat di db
  56. if ($isCandidateSenat == 1 && $isCandidateBalma == 1) {
  57. $a = "SELECT * FROM tb_pemilu WHERE nim_mhs = '".$nim."'";
  58. $b = odbc_exec($koneksi,$a);
  59. $c = odbc_num_rows($b);
  60. $ipaddr = getRealIpAddr();
  61. if ($c == 0) { // Cek jika dia belum voting sebelumnya
  62. // Menyiapkan query, proses ini sudah pakai Transaction
  63. odbc_autocommit($koneksi, FALSE);
  64. $stmt1 = odbc_prepare($koneksi, 'INSERT INTO tb_pemilu (id_calon,id_status,nim_mhs,ip) values (?, ?, ?, ?)');
  65. $stmt2 = odbc_prepare($koneksi, 'INSERT INTO tb_pemilu (id_calon,id_status,nim_mhs,ip) values (?, ?, ?, ?)');
  66. $values1 = array($id_cln_senat, $id_sts_senat, $nim, $ipaddr);
  67. $values2 = array($id_cln_balma, $id_sts_balma, $nim, $ipaddr);
  68. $exec0 = odbc_execute($stmt1, $values1);
  69. $exec1 = odbc_execute($stmt2, $values2);
  70. if (!odbc_error()) {
  71. odbc_commit($koneksi);
  72. } else{
  73. odbc_rollback($koneksi);
  74. }
  75. odbc_close($koneksi);
  76. // Voting selesai
  77. $params = session_get_cookie_params();
  78. setcookie(session_name(), '', time() - 42000,
  79. $params["path"], $params["domain"],
  80. $params["secure"], $params["httponly"]
  81. );
  82. session_destroy();
  83. header('location:login.php');
  84. } else {
  85. // Udah voting sebelumnya, logout.
  86. $params = session_get_cookie_params();
  87. setcookie(session_name(), '', time() - 42000,
  88. $params["path"], $params["domain"],
  89. $params["secure"], $params["httponly"]
  90. );
  91. session_destroy();
  92. header('location:login.php');
  93. }
  94. } else {
  95. //jika tidak terdapat di db
  96. $_SESSION['get'] = 1;
  97. header('location:index.php?get=1');
  98. }
  99. }
  100. }
  101. } else {
  102. // Token beda, logout.
  103. $params = session_get_cookie_params();
  104. setcookie(session_name(), '', time() - 42000,
  105. $params["path"], $params["domain"],
  106. $params["secure"], $params["httponly"]
  107. );
  108. session_destroy();
  109. header('location:login.php');
  110. }
  111. } else {
  112. // Token kosong, logout.
  113. $params = session_get_cookie_params();
  114. setcookie(session_name(), '', time() - 42000,
  115. $params["path"], $params["domain"],
  116. $params["secure"], $params["httponly"]
  117. );
  118. session_destroy();
  119. header('location:login.php');
  120. }
  121. }