pollvote.php

Revision 357, 7.3 kB (checked in by hannes, 3 years ago)
don't allow voting on closed topics (ticket #122)

Line
1	<?php
2
3	/**
4	* Package: Spam Board 5
5	* File: redirectors/pollvote.php
6	* Description: Popup to show a poll's result or actually vote
7	*
8	* Copyright (C) 2007, 2008, 2009 Hannes Schueller
9	*
10	* This program is free software: you can redistribute it and/or modify
11	* it under the terms of the GNU Affero General Public License as
12	* published by the Free Software Foundation, version 3 of the
13	* License.
14	*
15	* This program is distributed in the hope that it will be useful,
16	* but WITHOUT ANY WARRANTY; without even the implied warranty of
17	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18	* GNU Affero General Public License for more details.
19	*
20	* You should have received a copy of the GNU Affero General Public License
21	* along with this program (see LICENCE). If not,
22	* see <http://www.gnu.org/licenses/>.
23	**/
24
25	// called independently from index
26	require_once('../includes/config/settings.php');
27
28	// load classes on demand
29	function __autoload($class) {
30	global $SETTINGS;
31	if (is_file($SETTINGS['fspath'] . 'classes/pages/' . $class . '.php')) {
32	require_once($SETTINGS['fspath'] . 'classes/pages/' . $class . '.php');
33	} elseif (is_file($SETTINGS['fspath'] . 'classes/misc/' . $class . '.php')) {
34	require_once($SETTINGS['fspath'] . 'classes/misc/' . $class . '.php');
35	} else { die('Class ' . $class . ' not found.'); }
36	}
37
38	// initialize global warnings array
39	$WARNINGS = Array();
40
41	// import version number
42	require_once($SETTINGS['fspath'] . 'includes/config/version.php');
43	// bots definition
44	require_once($SETTINGS['fspath'] . 'includes/config/bots.php');
45	// formatting object
46	$F = new Format();
47	require($SETTINGS['fspath'] . 'includes/lang/' . $SETTINGS['language'] . '.php');
48	// open database connection
49	$C = new Connection();
50	Member::session();
51	if (isset($_SESSION['lang']) && $_SESSION['lang'] != '') {
52	include($SETTINGS['fspath'] . 'includes/lang/' . $_SESSION['lang'] . '.php');
53	}
54	// translate passed variables to local identifiers
55	require($SETTINGS['fspath'] . 'includes/input.php');
56
57	// page start
58	$_pref = '../';
59	$html = Page::start();
60
61	switch (isset($INPUT['showresults'])) {
62	// don't modify any votes, but just show the results so far
63	case 'yes':
64	// check if user has permission; required: read; independent from id
65	if (Member::checkRights('Pollvote', 'r')) {
66	// permission granted
67	// get poll info
68	$q = $C->prepare('SELECT topictitle FROM ' . $SETTINGS['dbtableprefix'] . 'topics WHERE poll=:id');
69	$q->bindParam(':id', $INPUT['id'], PDO::PARAM_INT, 12);
70	$s = $q->execute();
71	$row_q = $q->fetchAll();
72	$q = NULL;;
73	$q2 = $C->prepare('SELECT * FROM ' . $SETTINGS['dbtableprefix'] . 'polls WHERE pollid=:id');
74	$q2->bindParam(':id', $INPUT['id'], PDO::PARAM_INT, 12);
75	$s2 = $q2->execute();
76	if ($s && $s2) {
77	$row_title = $row_q[0]['topictitle'];
78	$row = $q2->fetchObject();
79	$q2 = NULL;;
80	// heading
81	$html->body->addChild('h2', $row_title);
82	$div = $html->body->addChild('div', $LANG['Results'] . ':');
83	$div->addAttribute('class', 'pollheaders');
84	// assemble data for the results table
85	$table = new Table('poll');
86	$pollchoices = split("\n", $row->pollchoices);
87	$pollvotes = split("\n", $row->pollvotes);
88	// count total votes
89	$i = 0;
90	while ($pollvotes[$i] != '') {
91	$totalpollvotes = $totalpollvotes + $pollvotes[$i];
92	$i++;
93	}
94	$i = 0;
95	while ($pollchoices[$i]) {
96	if ($totalpollvotes > 0) {
97	// calculate percentage for this option
98	$percentage = round($pollvotes[$i] * 100 / $totalpollvotes, 0);
99	}
100	// write this option to table
101	$table->addRow(Array($pollchoices[$i], '<td valign="middle"><img src="../images/pollbar.png" width="' . $percentage . '" height="16" alt="' . $percentage . '%" /></td>', '<td align="right">' . $percentage . '%</td>', '<td align="right">(' . $pollvotes[$i] . ' ' . $word_votes . ')</td>'));
102	$i++;
103	}
104	// add table to tree
105	$div = $html->body->addChild('div');
106	$div->addAttribute('class', 'pollbody');
107	$div->addElement($table->get());
108	$div = $html->body->addChild('div');
109	$div->addAttribute('class', 'pollbottom');
110	$div = $html->body->addChild('div');
111	$div->addAttribute('align', 'center');
112	$a = $div->addChild('a', $LANG['Close_Window']);
113	$a->addAttribute('href', 'javascript:self.close()');
114	} else {
115	$q2->closeCursor();
116	$div = $html->body->addChild('div', $LANG['error_id']);
117	$div->addAttribute('class', 'message');
118	}
119	} else {
120	$div = $html->body->addChild('div', $LANG['error_permission_denied']);
121	$div->addAttribute('class', 'message');
122	}
123	break;
124	// try to add vote
125	default:
126	// check if user has permission; required: write; independent from id
127	if (Member::checkRights('Pollvote', 'w') && isset($_SESSION['memberid']) && $_SESSION['memberid'] > 0) {
128	// permission granted
129	$q = $C->prepare('SELECT t.closed, p.pollid, p.pollchoices, p.pollvotes, p.pollvoters FROM ' . $SETTINGS['dbtableprefix'] . 'polls AS p INNER JOIN ' . $SETTINGS['dbtableprefix'] . 'topics AS t ON t.poll = p.pollid WHERE p.pollid = :id');
130	$q->bindParam(':id', $INPUT['poll'], PDO::PARAM_INT, 12);
131	if ($q->execute()) {
132	$row = $q->fetchObject();
133	$q = NULL;
134	// check if topic is closed
135	if ($row->closed == 0) {
136	// check if logged in member already voted
137	$pollvoters = split("\n", $row->pollvoters);
138	$i = 0; $voted = 0;
139	while ($pollvoters[$i] != '') {
140	if ($_SESSION['memberid'] == $pollvoters[$i]) {
141	$voted = 1;
142	}
143	$i++;
144	}
145	if ($voted === 0) {
146	// not voted yet -> add vote
147	$pollvotes = split("\n", $row->pollvotes);
148	$pollvotes[$INPUT['vote']]++;
149	$row->pollvotes = implode("\n", $pollvotes);
150	$row->pollvoters .= $_SESSION['memberid'] . "\n";
151	// update database
152	$q = $C->prepare('UPDATE ' . $SETTINGS['dbtableprefix'] . 'polls SET pollvotes=:votes, pollvoters=:voters WHERE pollid=:id');
153	$q->bindParam(':votes', $row->pollvotes, PDO::PARAM_STR);
154	$q->bindParam(':voters', $row->pollvoters, PDO::PARAM_STR);
155	$q->bindParam(':id', $INPUT['poll'], PDO::PARAM_INT, 12);
156	$q->execute();
157	$q = NULL;
158	// close database connection
159	$C = NULL;
160	session_write_close();
161	session_start();
162	// refresh topic
163	header('Location: ' . $SETTINGS['webpath'] . $F->link('topic') . 'id=' . $INPUT['topic'] . '&page=' . $INPUT['page'] . '&' . strip_tags(SID));
164	// some message in case redirecting failed
165	$div = $html->body->addChild('div', str_replace(Array('%topic%', '%page%'), Array($INPUT['topic'], $INPUT['page']), $LANG['voting_successful']));
166	$div->addAttribute('class', 'message');
167	} else {
168	// someone trying to vote more than once
169	$div = $html->body->addChild('div', $LANG['error_already_voted']);
170	$div->addAttribute('class', 'message');
171	}
172	} else {
173	// no voting on closed topics
174	$div = $html->body->addChild('div', $LANG['error_topic_closed']);
175	$div->addAttribute('class', 'message');
176	}
177	} else {
178	// call error
179	$q->closeCursor();
180	$div = $html->body->addChild('div', $LANG['error_id']);
181	$div->addAttribute('class', 'message');
182	}
183	} else {
184	// not allowed
185	$div = $html->body->addChild('div', $LANG['error_permission_denied']);
186	$div->addAttribute('class', 'message');
187	}
188	break;
189	}
190
191	// page output
192	Page::send($html);
193
194	?>

Note: See TracBrowser for help on using the browser.

root/trunk/redirectors/pollvote.php

Download in other formats: