From a5f9c2a022513059aabe6d4ed823a478ae6396dc Mon Sep 17 00:00:00 2001
From: Ajay Ramachandran <dev@ajay.app>
Date: Sun, 23 May 2021 16:57:41 -0400
Subject: [PATCH] Don't allow self votes

---
 src/routes/voteOnSponsorTime.ts | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/routes/voteOnSponsorTime.ts b/src/routes/voteOnSponsorTime.ts
index 4418c27..c7bb6e7 100644
--- a/src/routes/voteOnSponsorTime.ts
+++ b/src/routes/voteOnSponsorTime.ts
@@ -383,7 +383,8 @@ export async function voteOnSponsorTime(req: Request, res: Response) {
 
         // Only change the database if they have made a submission before and haven't voted recently
         const ableToVote = isVIP
-            || ((await db.prepare("get", `SELECT "userID" FROM "sponsorTimes" WHERE "userID" = ?`, [nonAnonUserID])) !== undefined
+            || (!(isOwnSubmission && incrementAmount > 0)
+                && (await db.prepare("get", `SELECT "userID" FROM "sponsorTimes" WHERE "userID" = ?`, [nonAnonUserID])) !== undefined
                 && (await privateDB.prepare("get", `SELECT "userID" FROM "shadowBannedUsers" WHERE "userID" = ?`, [nonAnonUserID])) === undefined
                 && (await privateDB.prepare("get", `SELECT "UUID" FROM "votes" WHERE "UUID" = ? AND "hashedIP" = ? AND "userID" != ?`, [UUID, hashedIP, userID])) === undefined)
                 && finalResponse.finalStatus === 200;