Lock user after replying

author Rich Salz <rsalz@openssl.org>

Mon, 27 Mar 2017 21:33:58 +0000 (17:33 -0400)

committer Rich Salz <rsalz@openssl.org>

Mon, 27 Mar 2017 21:33:58 +0000 (17:33 -0400)
author Rich Salz <rsalz@openssl.org>
Mon, 27 Mar 2017 21:33:58 +0000 (17:33 -0400)
committer Rich Salz <rsalz@openssl.org>
Mon, 27 Mar 2017 21:33:58 +0000 (17:33 -0400)
diff --git a/cgi-bin/receive-reply.py b/cgi-bin/receive-reply.py

index 3015bae0d400bbefc16c83020fb3def47c9d29be..575384ec389dbac94a4bbdfbe6b27c22a43207f0 100755 (executable)
--- a/cgi-bin/receive-reply.py
+++ b/cgi-bin/receive-reply.py
@@ -43,18 +43,25 @@ if 'comment' in form:
  
  conn = mysql.connector.connect(**dbconfig)
  cursor = conn.cursor()
-q = "SELECT secret FROM users WHERE uid = %s"
+q = "SELECT secret,reply FROM users WHERE uid = %s"
  cursor.execute(q, (uid,))
  row = cursor.fetchone()
  if not row:
      print "No such user.  Please check the link.\n", trailer
      raise SystemExit
-if secret != row[0]:
+dbsecret, dbreply = row
+if secret != dbsecret:
      print "Password does not match.  Please check the link or\n"
      print '<a href="/cgi-bin/send-email.py?uid=%s">re-send' % (uid,)
      print "the agreement email</a>"
      print trailer
      raise SystemExit
+if dbreply != '-':
+    print "Already replied.  If you wish to change your answer, please"
+    print "send email to"
+    print "<a href='mailto:license@openssl.org'>license@openssl.org</a>"
+    print "Describing your change."
+    raise SystemExit
  
  today = datetime.datetime.today().date()
  t = ("UPDATE users SET date_replied=%s, reply=%s, comment=%s"
author	Rich Salz <rsalz@openssl.org>
	Mon, 27 Mar 2017 21:33:58 +0000 (17:33 -0400)
committer	Rich Salz <rsalz@openssl.org>
	Mon, 27 Mar 2017 21:33:58 +0000 (17:33 -0400)