admin/Facilitor
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

AAIT#83573 fac_like.asp kan via een bookmark gebruikt worden, als je niet ingelogd was, loggen we je ook gelijk weer uit en maken we gebruik van een beveiligde link naar een save-pagina die iedereen kan en mag aanroepen en uitvoeren (mits de link-beveiliging goedgekeurd is).

Browse Source 
svn path=/Website/trunk/; revision=67770
This commit is contained in:
Koen Reefman
2025-01-28 16:41:06 +00:00
parent 712caa4993
commit 0ba8666953
2 changed files with 44 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

55
APPL/FAC/fac_like.asp
View File

@@ -21,15 +21,21 @@ FCLTHeader.Requires({ plugins: ["jQuery"] });
var key = getQParamInt("key");
var node = getQParam("node");
var oordeel = getQParamInt("oordeel", null);
var this_like = like.func_enabled_like(key, node);
user.auth_required_or_abort(this_like.canChange);
var TransitParam = buildTransitParam(["key", "node"]);
var transitParam = buildTransitParam(["key", "node"]);
var ANON = false;
if (Session("login_by_fallback")) {
// Vanuit bookmark ingelogd
Session.Abandon();
user_key = -1; // We hebben deze niet meer nodig, en hij zou de protectQS in de weg zitten
ANON = true;
}
// validatie:
// is het van mij
// mag ik het etc.
%>
<html>
@@ -38,20 +44,32 @@ var TransitParam = buildTransitParam(["key", "node"]);
</head>
<script type="text/javascript">
<% if (!ANON) { %>
function fac_cancel()
{
FcltMgr.closeDetail(window, { cancel: true } );
}
<% } %>
function fac_submit_callback(json) {
$("#buttons").remove();
$(".card-body").text(json.result);
json.close = true;
FcltMgr.closeDetail(window, json);
}
function fac_submit()
{
if (!$("[name=flike_oordeel]:checked").val())
{
if (!$("[name=flike_oordeel]:checked").val()) {
FcltMgr.alert("<%=L('lcl_fac_like_geenoordeel')%>");
return false;
}
$.post($("form[name=flike]")[0].action, $("[name=flike]").serialize(), FcltCallbackClose, "json");
<% if (ANON) { %>
var url = "<%=protectQS.create("fac_like_save_anon.asp?x=x" + transitParam)%>";
<% } else { %>
var url = $("form[name=flike]")[0].action;
<% } %>
$.post(url, $("[name=flike]").serialize(), FcltCallbackAndThen(fac_submit_callback), "json");
return true; // disable button
}
@@ -64,7 +82,7 @@ var TransitParam = buildTransitParam(["key", "node"]);
<body class="modal" id="fac_like">
<% MODAL_START(); %>
<form id="flike" name="flike" action="fac_like_save.asp?x=x<%=TransitParam%>" method="post">
<form id="flike" name="flike" action="fac_like_save.asp?x=x<%=transitParam%>" method="post">
<%
MODAL_BLOCK_START("facLike", L("lcl_fac_like_block"), { icon: "fa-star" });
var table = "";
@@ -98,7 +116,7 @@ var TransitParam = buildTransitParam(["key", "node"]);
+ " FROM " + table
+ " WHERE " + table + "_key = " + key;
var oRs = Oracle.Execute(sql);
var oordeel = oRs(0).value;
oordeel = oordeel || oRs(0).value;
var opmerking = oRs(1).value;
oRs.Close();
@@ -110,7 +128,7 @@ var TransitParam = buildTransitParam(["key", "node"]);
<li>
<label for="flike_oordeel5">
<input type="radio" id="flike_oordeel5" name="flike_oordeel" value="<%=S('fac_like_excellent')%>"<%=(oordeel==S("fac_like_excellent")? " checked" : "")%>>
<%=rating.stars(S("fac_like_excellent"), {rating: {note: L("lcl_faclike_statisf5")}})%>&nbsp&nbsp<%=L("lcl_faclike_statisf5")%>
<%=rating.stars(S("fac_like_excellent"), {rating: {note: L("lcl_faclike_statisf5")}})%><%=L("lcl_faclike_statisf5")%>
</label>
</li>
<% }
@@ -119,7 +137,7 @@ var TransitParam = buildTransitParam(["key", "node"]);
<li>
<label for="flike_oordeel4">
<input type="radio" id="flike_oordeel4" name="flike_oordeel" value="<%=S('fac_like_good')%>"<%=(oordeel==S("fac_like_good")? " checked" : "")%>>
<%=rating.stars(S("fac_like_good"), {rating: {note: L("lcl_faclike_statisf4")}})%>&nbsp&nbsp<%=L("lcl_faclike_statisf4")%>
<%=rating.stars(S("fac_like_good"), {rating: {note: L("lcl_faclike_statisf4")}})%><%=L("lcl_faclike_statisf4")%>
</label>
</li>
<% }
@@ -128,7 +146,7 @@ var TransitParam = buildTransitParam(["key", "node"]);
<li>
<label for="flike_oordeel3">
<input type="radio" id="flike_oordeel3" name="flike_oordeel" value="<%=S('fac_like_normal')%>"<%=(oordeel==S("fac_like_normal")? " checked" : "")%>>
<%=rating.stars(S("fac_like_normal"), {rating: {note: L("lcl_faclike_statisf3")}})%>&nbsp&nbsp<%=L("lcl_faclike_statisf3")%>
<%=rating.stars(S("fac_like_normal"), {rating: {note: L("lcl_faclike_statisf3")}})%><%=L("lcl_faclike_statisf3")%>
</label>
</li>
<% }
@@ -137,7 +155,7 @@ var TransitParam = buildTransitParam(["key", "node"]);
<li>
<label for="flike_oordeel2">
<input type="radio" id="flike_oordeel2" name="flike_oordeel" value="<%=S('fac_like_poor')%>"<%=(oordeel==S("fac_like_poor")? " checked" : "")%>>
<%=rating.stars(S("fac_like_poor"), {rating: {note: L("lcl_faclike_statisf2")}})%>&nbsp&nbsp<%=L("lcl_faclike_statisf2")%>
<%=rating.stars(S("fac_like_poor"), {rating: {note: L("lcl_faclike_statisf2")}})%><%=L("lcl_faclike_statisf2")%>
</label>
</li>
<% }
@@ -146,7 +164,7 @@ var TransitParam = buildTransitParam(["key", "node"]);
<li>
<label for="flike_oordeel1">
<input type="radio" id="flike_oordeel1" name="flike_oordeel" value="<%=S('fac_like_bad')%>"<%=(oordeel==S("fac_like_bad")? " checked" : "")%>>
<%=rating.stars(S("fac_like_bad"), {rating: {note: L("lcl_faclike_statisf1")}})%>&nbsp&nbsp<%=L("lcl_faclike_statisf1")%>
<%=rating.stars(S("fac_like_bad"), {rating: {note: L("lcl_faclike_statisf1")}})%><%=L("lcl_faclike_statisf1")%>
</label>
</li>
<% } %>
@@ -154,7 +172,8 @@ var TransitParam = buildTransitParam(["key", "node"]);
<div id="flike_op">
<span onClick="togglerPressed()"><%=I("fa-chevron-down")%>
<label onClick="togglerPressed()" for="flike_opmerk"><%=L("lcl_fac_like_remark")%></label></span>
<label onClick="togglerPressed()" for="flike_opmerk"><%=L("lcl_fac_like_remark")%></label>
</span>
</div>
<textarea class="fldtxt" rows="3" maxlength="2000" id="flike_opmerk" name="flike_opmerk"
style="<%=(opmerking ? null : "display:none")%>"><%=safe.textarea(opmerking)%></textarea>
@@ -164,7 +183,9 @@ var TransitParam = buildTransitParam(["key", "node"]);
MODAL_BLOCK_END();
buttons = [];
buttons.push({title: L("lcl_fac_like_submit"), icon: "fa-fclt-save", action: "fac_submit()", importance: 1 });
buttons.push({title: L("lcl_fac_like_cancel"), icon: "fa-fclt-cancel", action: "fac_cancel()", importance: 3 });
if (!ANON) {
buttons.push({title: L("lcl_fac_like_cancel"), icon: "fa-fclt-cancel", action: "fac_cancel()", importance: 3 });
}
SIMPLE_BLOCK_START();
CreateButtons(buttons, {showIcons: true});
SIMPLE_BLOCK_END();

12
APPL/FAC/fac_like_deep.asp
View File

@@ -7,14 +7,13 @@
Description: Vanuit deeplike bookmark die is aangemaakt in fac.createlikebookmark
Parameters: key
node
Note: hmac beschermd
*/ %>
<%
Note: DEPRECATED; deze hele pagina mag weg vanaf 2025.2; fac.createlikebookmark wijst (vanaf) nu naar fac_like.asp
*/
%>
<!-- #include file="../Shared/common.inc" -->
<!-- #include file="./fac_like.inc" -->
<%
protectQS.verify({ expire: 1, relaxed: true }); // tamper check. HMAC is *net* gezet door shorturl.asp dus 1 minuut is nog heel ruim
protectQS.verify({ expire: 1, relaxed: true }); // tamper check. HMAC is *net* gezet door shorturl.asp dus 1 minuut is nog heel ruim. KR; volgens mij zet shorturl hier nooit een HMAC en is deze regel overbodig ..
var key = getQParamInt("key");
var node = getQParam("node");
@@ -31,8 +30,9 @@ var sql = "UPDATE fac_bookmark"
+ " AND fac_bookmark_naam = 'faclikedeeplink'";
Oracle.Execute(sql);
if (Session("login_by_fallback"))
if (Session("login_by_fallback")) {
Session.Abandon();
}
var txt = L("lcl_fac_liked_deep");
// Als de tekst exact 9 slashes heeft dan is dat de scheider voor 10(!) teksten.
@@ -49,4 +49,4 @@ if (txtarr.length == 10)
}
shared.simpel_page(txt); // uw mening wordt gewaardeerd
%><% ASPPAGE_END(); %>
%><% ASPPAGE_END(); %>