Prevent double posts

tmalahie · Feb 1, 2024 · c9551ca · c9551ca
1 parent 975420a
commit c9551ca
Show file tree

Hide file tree

Showing 9 changed files with 172 additions and 86 deletions.
diff --git a/php/api/saveCreation.php b/php/api/saveCreation.php
@@ -56,15 +56,31 @@
 					$circuitId = -1;
 			}
 			else {
-				include('../includes/utils-cooldown.php');
-				if (isTrackCooldowned(array('type' => 'mkcircuits'))) {
-					logCooldownEvent('track');
-					echo -1;
+				include('../includes/idempotency.php');
+				$isNew = false;
+				$circuitId = withRequestIdempotency(array(
+					'is_cache_stale' => function($circuitId) {
+						return !mysql_numrows(mysql_query('SELECT * FROM `mkcircuits` WHERE id="'.$circuitId.'"'));
+					},
+					'callback' => function() use($identifiants, $isBattle, $map, $laps, &$isNew) {
+						include('../includes/utils-cooldown.php');
+						if (isTrackCooldowned(array('type' => 'mkcircuits'))) {
+							logCooldownEvent('track');
+							echo -1;
+							mysql_close();
+							exit;
+						}
+						mysql_query('INSERT INTO `mkcircuits` VALUES (null, CURRENT_TIMESTAMP(), '.$identifiants[0].','.$identifiants[1].','.$identifiants[2].','.$identifiants[3].',0,0,0,0,0,'.$isBattle.',"'.$map.'","'.$laps.'","'. $_POST['nom'] .'","'. $_POST['auteur'] .'")');
+						$circuitId = mysql_insert_id();
+						$isNew = true;
+						return $circuitId;
+					}
+				));
+				if (!$isNew) {
+					echo $circuitId;
 					mysql_close();
 					exit;
 				}
-				mysql_query('INSERT INTO `mkcircuits` VALUES (null, CURRENT_TIMESTAMP(), '.$identifiants[0].','.$identifiants[1].','.$identifiants[2].','.$identifiants[3].',0,0,0,0,0,'.$isBattle.',"'.$map.'","'.$laps.'","'. $_POST['nom'] .'","'. $_POST['auteur'] .'")');
-				$circuitId = mysql_insert_id();
 				include('../includes/session.php');
 				if ($id) {
 					$getFollowers = mysql_query('SELECT follower FROM `mkfollowusers` WHERE followed="'. $id .'"');
@@ -105,4 +121,5 @@
 		}
 	}
 }
+//echo 'aaa';
 ?>
diff --git a/php/api/saveCup.php b/php/api/saveCup.php
@@ -61,14 +61,23 @@
 			}
 		}
 		else {
-			mysql_query('INSERT INTO `mkcups` VALUES(NULL,CURRENT_TIMESTAMP(),'.$identifiants[0].','.$identifiants[1].','.$identifiants[2].','.$identifiants[3].',0,0,0,0,0,"'. $mode .'","'. $_POST['cid0'] .'","'. $_POST['cid1'] .'","'. $_POST['cid2'] .'","'. $_POST['cid3'] .'","'. $_POST['nom'] .'","'. $_POST['auteur'] .'")');
-			$cupId = mysql_insert_id();
-			include('../includes/session.php');
-			if ($id) {
-				$getFollowers = mysql_query('SELECT follower FROM `mkfollowusers` WHERE followed="'. $id .'"');
-				while ($follower = mysql_fetch_array($getFollowers))
-					mysql_query('INSERT INTO `mknotifs` SET type="follower_circuit", user="'. $follower['follower'] .'", link="3,'.$cupId.'"');
-			}
+			include('../includes/idempotency.php');
+			$cupId = withRequestIdempotency(array(
+				'is_cache_stale' => function($cupId) {
+					return !mysql_numrows(mysql_query('SELECT * FROM `mkcups` WHERE id="'.$cupId.'"'));
+				},
+				'callback' => function() use($identifiants, $mode) {
+					mysql_query('INSERT INTO `mkcups` VALUES(NULL,CURRENT_TIMESTAMP(),'.$identifiants[0].','.$identifiants[1].','.$identifiants[2].','.$identifiants[3].',0,0,0,0,0,"'. $mode .'","'. $_POST['cid0'] .'","'. $_POST['cid1'] .'","'. $_POST['cid2'] .'","'. $_POST['cid3'] .'","'. $_POST['nom'] .'","'. $_POST['auteur'] .'")');
+					$cupId = mysql_insert_id();
+					include('../includes/session.php');
+					if ($id) {
+						$getFollowers = mysql_query('SELECT follower FROM `mkfollowusers` WHERE followed="'. $id .'"');
+						while ($follower = mysql_fetch_array($getFollowers))
+							mysql_query('INSERT INTO `mknotifs` SET type="follower_circuit", user="'. $follower['follower'] .'", link="3,'.$cupId.'"');
+					}
+					return $cupId;
+				}
+			));
 		}
 		if ($cupId != -1) {
 			if (isset($_POST['cl'])) {

diff --git a/php/api/saveMCup.php b/php/api/saveMCup.php
@@ -49,13 +49,29 @@
 				$save = false;
 		}
 		else {
-			mysql_query('INSERT INTO `mkmcups` VALUES(NULL,CURRENT_TIMESTAMP(),'.$identifiants[0].','.$identifiants[1].','.$identifiants[2].','.$identifiants[3].',0,0,0,0,0,"'. $mode .'","'. $_POST['nom'] .'","'. $_POST['auteur'] .'","'.$optionsJson.'")');
-			$cupId = mysql_insert_id();
-			include('../includes/session.php');
-			if ($id) {
-				$getFollowers = mysql_query('SELECT follower FROM `mkfollowusers` WHERE followed="'. $id .'"');
-				while ($follower = mysql_fetch_array($getFollowers))
-					mysql_query('INSERT INTO `mknotifs` SET type="follower_circuit", user="'. $follower['follower'] .'", link="4,'.$cupId.'"');
+			include('../includes/idempotency.php');
+			$isNew = false;
+			$cupId = withRequestIdempotency(array(
+				'is_cache_stale' => function($cupId) {
+					return !mysql_numrows(mysql_query('SELECT * FROM `mkmcups` WHERE id="'. $cupId .'"'));
+				},
+				'callback' => function() use($identifiants, $mode, $optionsJson, &$isNew) {
+					mysql_query('INSERT INTO `mkmcups` VALUES(NULL,CURRENT_TIMESTAMP(),'.$identifiants[0].','.$identifiants[1].','.$identifiants[2].','.$identifiants[3].',0,0,0,0,0,"'. $mode .'","'. $_POST['nom'] .'","'. $_POST['auteur'] .'","'.$optionsJson.'")');
+					$cupId = mysql_insert_id();
+					include('../includes/session.php');
+					if ($id) {
+						$getFollowers = mysql_query('SELECT follower FROM `mkfollowusers` WHERE followed="'. $id .'"');
+						while ($follower = mysql_fetch_array($getFollowers))
+							mysql_query('INSERT INTO `mknotifs` SET type="follower_circuit", user="'. $follower['follower'] .'", link="4,'.$cupId.'"');
+					}
+					$isNew = true;
+					return $cupId;
+				}
+			));
+			if (!$isNew) {
+				echo $cupId;
+				mysql_close();
+				exit;
 			}
 		}
 	}

diff --git a/php/includes/apc.php b/php/includes/apc.php
@@ -3,7 +3,7 @@
     $apcStore = array();
     function apcu_fetch($key) {
         global $apcStore;
-        return isset($apcStore[$key]) ? $apcStore[$key]:null;
+        return isset($apcStore[$key]) ? $apcStore[$key]:false;
     }
     function apcu_store($key,$value,$ttl=0) {
         global $apcStore;

diff --git a/php/includes/idempotency.php b/php/includes/idempotency.php
@@ -0,0 +1,26 @@
+<?php
+require_once('apc.php');
+function getRequestIdempotencyId() {
+    global $identifiants;
+    $requestData = $identifiants[0].':'.$_SERVER['REQUEST_URI'].':'.http_build_query($_POST);
+    return md5($requestData);
+}
+function withRequestIdempotency($opts) {
+    $IDEMPOTENCY_RES_TTL = 1000;
+    $idempotencyId = getRequestIdempotencyId();
+    $idempotencyKey = "idempotency:$idempotencyId";
+    $res = apcu_fetch($idempotencyKey);
+    if ($res !== false) {
+        $resJson = json_decode($res);
+        if (isset($opts['is_cache_stale']) && $opts['is_cache_stale']($resJson)) {
+            apcu_delete($idempotencyKey);
+            unset($resJson);
+        }
+    }
+    if (isset($resJson))
+        $res = $resJson;
+    else
+        $res = $opts['callback']();
+    apcu_store($idempotencyKey,json_encode($res), $IDEMPOTENCY_RES_TTL);
+    return $res;
+}
diff --git a/php/pages/edit.php b/php/pages/edit.php
@@ -41,7 +41,7 @@
 		$getBanned = mysql_query('SELECT banned FROM `mkjoueurs` WHERE id="'. $id .'"');
 		if (($banned=mysql_fetch_array($getBanned)) && $banned['banned'])
 			include('../includes/ban_msg.php');
-		elseif (isset($_POST['message'])) {
+		elseif (isset($_POST['message']) && (trim($_POST['message'])!=='')) {
 			require_once('../includes/getRights.php');
 			$lastMessage = mysql_fetch_array(mysql_query('SELECT auteur,message FROM `mkmessages` WHERE id="'. $_GET['id'] .'" AND topic="'. $_GET['topic'] .'"'));
 			if (($lastMessage['auteur'] == $id) || hasRight('moderator')) {
@@ -103,7 +103,7 @@ function array_rmvalue(&$arr,&$val) {
 		else {
 			$getMessage = mysql_fetch_array(mysql_query('SELECT message FROM `mkmessages` WHERE id="'. $_GET['id'] .'" AND topic="'. $_GET['topic'].'"'));
 		?>
-<form method="post" action="edit.php?id=<?php echo urlencode($_GET['id']); ?>&amp;topic=<?php echo urlencode($_GET['topic']); ?>" onsubmit="if(!this.message.value){alert('<?php echo $language ? 'Please enter a message':'Veuillez entrer un message'; ?>');return false}this.querySelector('[type=submit]').disabled=true">
+<form method="post" action="edit.php?id=<?php echo urlencode($_GET['id']); ?>&amp;topic=<?php echo urlencode($_GET['topic']); ?>" onsubmit="this.querySelector('[type=submit]').disabled=true">
 <table id="nMessage">
 <tr><td class="mLabel">BBcode :<br /><a href="javascript:helpBbCode()"><?php echo $language ? 'Help':'Aide'; ?></a></td><td><?php include('../includes/bbButtons.php'); ?></td></tr>
 <tr><td class="mLabel"><p><label for="message">Message :</label></p>
@@ -112,7 +112,7 @@ function array_rmvalue(&$arr,&$val) {
 	echo ' <a href="javascript:ajouter(\''. $smileys[$i] .'\')"><img src="images/smileys/smiley'. $i .'.png" alt="'. $smileys[$i] .'" /></a> ';
 ?>
 <a href="javascript:moresmileys()" id="more-smileys"><?php echo $language ? 'More smileys':'Plus de smileys'; ?></a></p>
-</td><td class="mInput"><textarea name="message" id="message" rows="10"><?php
+</td><td class="mInput"><textarea name="message" id="message" rows="10" required><?php
 	echo htmlspecialchars($getMessage['message']);
 ?></textarea></td></tr>
 <tr><td colspan="2" class="mLabel"><input type="button" value="<?php echo $language ? 'Preview':'Aper&ccedil;u'; ?>" onclick="apercu()" /> &nbsp; <input type="submit" value="<?php echo $language ? 'Send':'Envoyer'; ?>" /></td></tr>

diff --git a/php/pages/edittopic.php b/php/pages/edittopic.php
@@ -40,7 +40,7 @@
 		$getBanned = mysql_fetch_array(mysql_query('SELECT banned FROM `mkjoueurs` WHERE id="'. $id .'"'));
 		if ($getBanned && $getBanned['banned'])
 			include('../includes/ban_msg.php');
-		elseif (isset($_POST['titre']) && isset($_POST['message']) && isset($_POST['message'])) {
+		elseif (isset($_POST['titre']) && isset($_POST['message']) && trim($_POST['titre']) && trim($_POST['message'])) {
 			$lastMessage = mysql_fetch_array(mysql_query('SELECT * FROM `mkmessages` WHERE id=1 AND topic="'. $_GET['topic'] .'"'));
 			if (($lastMessage['auteur'] == $id) || hasRight('moderator')) {
 				$categoryID = intval($_POST['category']);
@@ -107,13 +107,13 @@ function array_rmvalue(&$arr,&$val) {
 		}
 		else {
 		?>
-<form method="post" action="edittopic.php?topic=<?php echo urlencode($_GET['topic']); ?>" onsubmit="if(!this.titre.value){alert('<?php echo $language ? 'Please enter a title':'Veuillez entrer un titre'; ?>');return false}if(!this.message.value){alert('<?php echo $language ? 'Please enter a message':'Veuillez entrer un message'; ?>');return false}this.querySelector('[type=submit]').disabled=true">
+<form method="post" action="edittopic.php?topic=<?php echo urlencode($_GET['topic']); ?>" onsubmit="this.querySelector('[type=submit]').disabled=true">
 <table id="nMessage">
 <tr><td class="mLabel"><label for="titre"><?php echo $language ? 'Title':'Titre'; ?> :</label></td>
 <td class="mInput"><input type="text" id="titre" name="titre" value="<?php
 	$getTopic = mysql_fetch_array(mysql_query('SELECT titre,category,private FROM `mktopics` WHERE id="'. $_GET['topic'] .'"'));
 	echo htmlspecialchars($getTopic['titre']);
-?>" /></td></tr>
+?>" required /></td></tr>
 <tr><td class="mLabel"><label for="category"><?php echo $language ? 'Category':'Catégorie'; ?> :</label></td>
 <td class="mInput">
 	<select id="category" name="category">
@@ -136,7 +136,7 @@ function array_rmvalue(&$arr,&$val) {
 	echo ' <a href="javascript:ajouter(\''. $smileys[$i] .'\')"><img src="images/smileys/smiley'. $i .'.png" alt="'. $smileys[$i] .'" /></a> ';
 ?>
 <a href="javascript:moresmileys()" id="more-smileys"><?php echo $language ? 'More smileys':'Plus de smileys'; ?></a></p>
-</td><td class="mInput"><textarea name="message" id="message" rows="10"><?php
+</td><td class="mInput"><textarea name="message" id="message" rows="10" required><?php
 	$getMessage = mysql_fetch_array(mysql_query('SELECT message FROM `mkmessages` WHERE id=1 AND topic="'. $_GET['topic'] .'"'));
 	echo htmlspecialchars($getMessage['message']);
 ?></textarea></td></tr>

diff --git a/php/pages/newtopic.php b/php/pages/newtopic.php
@@ -46,40 +46,49 @@
 	$banned = mysql_fetch_array(mysql_query('SELECT banned FROM `mkjoueurs` WHERE id="'. $id .'"'));
 	if ($banned['banned'])
 		include('../includes/ban_msg.php');
-	elseif (isset($_POST['titre']) && isset($_POST['message'])) {
+	elseif (isset($_POST['titre']) && isset($_POST['message']) && trim($_POST['titre']) && trim($_POST['message'])) {
 		include('../includes/utils-cooldown.php');
 		if (isMsgCooldowned(array('newtopic' => 1))) {
 			logCooldownEvent('forum_topic');
 			printMsgCooldowned();
 		}
 		else {
-			$private = (isset($_POST['admin']) && hasRight('manager')) ? 1:0;
-			mysql_query('INSERT INTO `mktopics` VALUES(NULL, "'. $_POST['titre'] .'","'. $categoryID .'",'. $language .','.$private.',0,1,NULL)');
-			$iGenerated = mysql_insert_id();
-			mysql_query('INSERT INTO `mkmessages` VALUES(1, '. $iGenerated .', "'.$id.'", NULL, "'. $_POST['message'] .'")');
-			mysql_query('UPDATE `mkprofiles` SET nbmessages=nbmessages+1,last_connect=NULL WHERE id="'.$id.'"');
-			mysql_query('INSERT INTO `mkfollowers` VALUES("'. $id .'","'. $iGenerated .'")');
-			$getFollowers = mysql_query('SELECT follower FROM `mkfollowusers` WHERE followed="'. $id .'"');
-			while ($follower = mysql_fetch_array($getFollowers))
-				mysql_query('INSERT INTO `mknotifs` SET type="follower_topic", user="'. $follower['follower'] .'", link="'.$iGenerated.'"');
-			preg_match_all('#\B@([a-zA-Z0-9\-_]+?)#isU', stripcslashes($_POST['message']), $mentions);
-			foreach ($mentions[1] as $pseudo) {
-				$getMids = mysql_query('SELECT id FROM `mkjoueurs` WHERE id!='. $id .' AND nom="'. $pseudo .'"');
-				if ($getMid=mysql_fetch_array($getMids))
-					mysql_query('INSERT INTO `mknotifs`  SET type="forum_mention", user="'. $getMid['id'] .'", link="'.$iGenerated.',1"');
-			}
-			preg_match_all('#\[quote=(.+)\].*\[\/quote\]#isU', stripcslashes($_POST['message']), $quotes);
-			foreach ($quotes[1] as $pseudo) {
-				$getMids = mysql_query('SELECT id FROM `mkjoueurs` WHERE id!='. $id .' AND nom="'. $pseudo .'"');
-				if ($getMid=mysql_fetch_array($getMids))
-					mysql_query('INSERT INTO `mknotifs`  SET type="forum_quote", user="'. $getMid['id'] .'", link="'.$iGenerated.',1"');
-			}
+			include('../includes/idempotency.php');
+			$topicId = withRequestIdempotency(array(
+				'is_cache_stale' => function($topicId) {
+					return !mysql_numrows(mysql_query('SELECT * FROM `mktopics` WHERE id="'.$topicId.'"'));
+				},
+				'callback' => function() use($id, $categoryID, $language) {
+					$private = (isset($_POST['admin']) && hasRight('manager')) ? 1:0;
+					mysql_query('INSERT INTO `mktopics` VALUES(NULL, "'. $_POST['titre'] .'","'. $categoryID .'",'. $language .','.$private.',0,1,NULL)');
+					$iGenerated = mysql_insert_id();
+					mysql_query('INSERT INTO `mkmessages` VALUES(1, '. $iGenerated .', "'.$id.'", NULL, "'. $_POST['message'] .'")');
+					mysql_query('UPDATE `mkprofiles` SET nbmessages=nbmessages+1,last_connect=NULL WHERE id="'.$id.'"');
+					mysql_query('INSERT INTO `mkfollowers` VALUES("'. $id .'","'. $iGenerated .'")');
+					$getFollowers = mysql_query('SELECT follower FROM `mkfollowusers` WHERE followed="'. $id .'"');
+					while ($follower = mysql_fetch_array($getFollowers))
+						mysql_query('INSERT INTO `mknotifs` SET type="follower_topic", user="'. $follower['follower'] .'", link="'.$iGenerated.'"');
+					preg_match_all('#\B@([a-zA-Z0-9\-_]+?)#isU', stripcslashes($_POST['message']), $mentions);
+					foreach ($mentions[1] as $pseudo) {
+						$getMids = mysql_query('SELECT id FROM `mkjoueurs` WHERE id!='. $id .' AND nom="'. $pseudo .'"');
+						if ($getMid=mysql_fetch_array($getMids))
+							mysql_query('INSERT INTO `mknotifs`  SET type="forum_mention", user="'. $getMid['id'] .'", link="'.$iGenerated.',1"');
+					}
+					preg_match_all('#\[quote=(.+)\].*\[\/quote\]#isU', stripcslashes($_POST['message']), $quotes);
+					foreach ($quotes[1] as $pseudo) {
+						$getMids = mysql_query('SELECT id FROM `mkjoueurs` WHERE id!='. $id .' AND nom="'. $pseudo .'"');
+						if ($getMid=mysql_fetch_array($getMids))
+							mysql_query('INSERT INTO `mknotifs`  SET type="forum_quote", user="'. $getMid['id'] .'", link="'.$iGenerated.',1"');
+					}
+					return $iGenerated;
+				}
+			));
 			echo $language ? '<p id="successSent">Message sent successfully<br />
-			<a href="topic.php?topic='. $iGenerated .'">Click here</a> to go to the topic.<br />
+			<a href="topic.php?topic='. $topicId .'">Click here</a> to go to the topic.<br />
 			<a href="category.php?category='. $categoryID .'">Click here</a> to return to the category.<br />
 			<a href="forum.php">Click here</a> to return to the forum.</p>' :
 			'<p id="successSent">Message envoy&eacute; avec succ&egrave;s<br />
-			<a href="topic.php?topic='. $iGenerated .'">Cliquez ici</a> pour acc&eacute;der au topic.<br />
+			<a href="topic.php?topic='. $topicId .'">Cliquez ici</a> pour acc&eacute;der au topic.<br />
 			<a href="category.php?category='. $categoryID .'">Cliquez ici</a> pour retourner à la catégorie.<br />
 			<a href="forum.php">Cliquez ici</a> pour retourner au forum.</p>';
 		}
@@ -91,18 +100,18 @@
 		include('../includes/utils-moderation.php');
 		printForumReplyNotices();
 	?>
-<form method="post" action="newtopic.php?category=<?php echo $categoryID; ?>" onsubmit="if(!this.titre.value){alert('<?php echo $language ? 'Please enter a title':'Veuillez entrer un titre'; ?>');return false}if(!this.message.value){alert('<?php echo $language ? 'Please enter a message':'Veuillez entrer un message'; ?>');return false}this.querySelector('[type=submit]').disabled=true">
+<form method="post" action="newtopic.php?category=<?php echo $categoryID; ?>" onsubmit="this.querySelector('[type=submit]').disabled=true">
 <table id="nMessage">
 <tr><td class="mLabel"><label for="titre"><?php echo $language ? 'Title':'Titre'; ?> :</label></td>
-<td class="mInput"><input type="text" id="titre" name="titre" /></td></tr>
+<td class="mInput"><input type="text" id="titre" name="titre"<?php if (isset($_POST['titre'])) echo ' value="'. htmlspecialchars($_POST['titre']) .'"'; ?> required /></td></tr>
 <tr><td class="mLabel">BBcode :<br /><a href="javascript:helpBbCode()"><?php echo $language ? 'Help':'Aide'; ?></a></td><td><?php include('../includes/bbButtons.php'); ?></td></tr>
 <tr><td class="mLabel"><p><label for="message">Message :</label></p>
 <p><?php
 for ($i=0;$i<$nbSmileys;$i++)
 	echo ' <a href="javascript:ajouter(\''. $smileys[$i] .'\')"><img src="images/smileys/smiley'. $i .'.png" alt="'. $smileys[$i] .'" /></a> ';
 ?>
 <a href="javascript:moresmileys()" id="more-smileys"><?php echo $language ? 'More smileys':'Plus de smileys'; ?></a></p>
-</td><td class="mInput"><textarea name="message" id="message" rows="10"></textarea></td></tr>
+</td><td class="mInput"><textarea name="message" id="message" rows="10" required><?php if (isset($_POST['message'])) echo htmlspecialchars($_POST['message']); ?></textarea></td></tr>
 <?php
 if (hasRight('manager')) {
 	?>