Mercurial > hg > fapweb
view dovote.php @ 20:02ff0c29df8a
s/voter/entry/.
author | Matti Hamalainen <ccr@tnsp.org> |
---|---|
date | Thu, 06 Dec 2012 18:45:43 +0200 |
parents | ea0f98a0bed8 |
children |
line wrap: on
line source
<? require "mconfig.inc.php"; require "msite.inc.php"; stSetupCacheControl(); // Initiate SQL database connection if (!stConnectSQLDB()) { header("Location: vote"); exit; } // Get settings stReloadSettings(); // Start vote session if (!stVoteSessionStart()) { header("Location: vote"); exit; } $_SESSION["message"] = ""; stSetVoteStatus(0); if (stCheckHTTPS() && stChkSetting("allowVoting")) { stGetCompoList(FALSE); $mode = stGetRequestItem("mode"); // Check received data if (stChkDataItem("key") || strlen(stGetRequestItem("key")) != stGetSetting("voteKeyLength")) { stError("Invalid or empty vote key, please check."); } else { // Check if the key exists and is active $sql = stPrepareSQL( "SELECT * FROM voters WHERE key=%S AND enabled<>0", "key"); if (($voter = stFetchSQL($sql)) === FALSE) stError("Vote key does not exist, perhaps you typed it incorrectly?"); } if (!$errorSet && $mode == "key") { $_SESSION["key"] = stGetRequestItem("key"); stSetVoteStatus(1); // Try fetching previously stored votes $sql = stPrepareSQL( "SELECT * FROM votes WHERE voter_id=%d", $voter["id"]); if (($res = stExecSQL($sql)) !== false) { foreach ($res as $vote) { $_SESSION["entry".$vote["entry_id"]] = $vote["value"]; } } // print_r($_SESSION); exit; } if (!$errorSet && $mode == "check") { // Check the submitted vote values foreach ($compos as $id => $compo) if (count($compo["entries"]) > 0) { foreach ($compo["entries"] as $eid => $entry) { $name = "entry".$eid; $vote = stGetRequestItem($name); if (!$errorSet && ($vote < stGetSetting("voteMin") || $vote > stGetSetting("voteMax"))) { stError("One or more vote value was out of bounds. Trying to cheat, eh?"); $vote = 0; } $_SESSION[$name] = $vote; } } } // Ookkay... if (!$errorSet && $mode == "check") { foreach ($compos as $id => $compo) if (count($compo["entries"]) > 0) { foreach ($compo["entries"] as $eid => $entry) { $vote = stGetRequestItem("entry".$eid); $sql = stPrepareSQL("SELECT id FROM votes WHERE voter_id=%d AND entry_id=%d", $voter["id"], $eid); if (($res = stFetchSQLColumn($sql)) === false) { $sql = stPrepareSQL( "INSERT INTO votes (voter_id,entry_id,value) VALUES (%d,%d,%d)", $voter["id"], $eid, $vote); if (stExecSQL($sql) === false) break; } else { $sql = stPrepareSQL( "UPDATE votes SET value=%d WHERE voter_id=%d AND entry_id=%d", $vote, $voter["id"], $eid); if (stExecSQL($sql) === false) break; } } } stSetVoteStatus(2); } } if ($errorSet) { stSetVoteStatus(-1); $_SESSION["message"] = $errorMsg; } header("Location: vote"); ?>