Mercurial > hg > fapweb

view dovote.php @ 20:02ff0c29df8a

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
s/voter/entry/.
author Matti Hamalainen <ccr@tnsp.org>
date Thu, 06 Dec 2012 18:45:43 +0200
parents ea0f98a0bed8
children
line wrap: on
line source

<?
require "mconfig.inc.php";
require "msite.inc.php";

stSetupCacheControl();

// Initiate SQL database connection
if (!stConnectSQLDB())
{
  header("Location: vote");
  exit;
}

// Get settings
stReloadSettings();


// Start vote session
if (!stVoteSessionStart())
{
  header("Location: vote");
  exit;
}

$_SESSION["message"] = "";
stSetVoteStatus(0);


if (stCheckHTTPS() && stChkSetting("allowVoting"))
{
  stGetCompoList(FALSE);
  $mode = stGetRequestItem("mode");

  // Check received data
  if (stChkDataItem("key") ||
    strlen(stGetRequestItem("key")) != stGetSetting("voteKeyLength"))
  {
    stError("Invalid or empty vote key, please check.");
  }
  else
  {
    // Check if the key exists and is active
    $sql = stPrepareSQL(
      "SELECT * FROM voters WHERE key=%S AND enabled<>0",
      "key");

    if (($voter = stFetchSQL($sql)) === FALSE)
      stError("Vote key does not exist, perhaps you typed it incorrectly?");
  }

  if (!$errorSet && $mode == "key")
  {
    $_SESSION["key"] = stGetRequestItem("key");
    stSetVoteStatus(1);

    // Try fetching previously stored votes
    $sql = stPrepareSQL(
      "SELECT * FROM votes WHERE voter_id=%d",
      $voter["id"]);

    if (($res = stExecSQL($sql)) !== false)
    {
      foreach ($res as $vote)
      {
        $_SESSION["entry".$vote["entry_id"]] = $vote["value"];
      }
    }
    
//    print_r($_SESSION); exit;
  }

  if (!$errorSet && $mode == "check")
  {
    // Check the submitted vote values
    foreach ($compos as $id => $compo)
    if (count($compo["entries"]) > 0)
    {
      foreach ($compo["entries"] as $eid => $entry)
      {
        $name = "entry".$eid;
        $vote = stGetRequestItem($name);
        if (!$errorSet && ($vote < stGetSetting("voteMin") || $vote > stGetSetting("voteMax")))
        {
          stError("One or more vote value was out of bounds. Trying to cheat, eh?");
          $vote = 0;
        }
        $_SESSION[$name] = $vote;
      }
    }
  }

  // Ookkay...
  if (!$errorSet && $mode == "check")
  {
    foreach ($compos as $id => $compo)
    if (count($compo["entries"]) > 0)
    {
      foreach ($compo["entries"] as $eid => $entry)
      {
        $vote = stGetRequestItem("entry".$eid);
        $sql = stPrepareSQL("SELECT id FROM votes WHERE voter_id=%d AND entry_id=%d",
          $voter["id"], $eid);

        if (($res = stFetchSQLColumn($sql)) === false)
        {
          $sql = stPrepareSQL(
            "INSERT INTO votes (voter_id,entry_id,value) VALUES (%d,%d,%d)",
            $voter["id"], $eid, $vote);

          if (stExecSQL($sql) === false)
            break;
        }
        else
        {
          $sql = stPrepareSQL(
            "UPDATE votes SET value=%d WHERE voter_id=%d AND entry_id=%d",
            $vote, $voter["id"], $eid);

          if (stExecSQL($sql) === false)
            break;
        }
      }
    }

    stSetVoteStatus(2);
  }
}

if ($errorSet)
{
  stSetVoteStatus(-1);
  $_SESSION["message"] = $errorMsg;
}

header("Location: vote");
?>