Mercurial > hg > fapweb
changeset 6:2a9267ad0ceb
Add new module.
author | Matti Hamalainen <ccr@tnsp.org> |
---|---|
date | Wed, 05 Dec 2012 08:14:04 +0200 |
parents | 76c3b89d7b11 |
children | d76020022881 |
files | dovote.php |
diffstat | 1 files changed, 123 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/dovote.php Wed Dec 05 08:14:04 2012 +0200 @@ -0,0 +1,123 @@ +<? +require "mconfig.inc.php"; +require "msite.inc.php"; + +stSetupCacheControl(); +if (!stVoteSessionStart()) +{ + header("Location: vote"); + exit; +} + +$_SESSION["message"] = ""; +stSetVoteStatus(0); + + +if (stCheckHTTPS() && stChkSetting("allowVoting") && stConnectSQLDB()) +{ + stGetCompoList(FALSE); + $mode = stGetRequestItem("mode"); + + // Check received data + if (stChkDataItem("key") || + strlen(stGetRequestItem("key")) != stGetSetting("voteKeyLength")) + { + stError("Invalid or empty vote key, please check."); + } + else + { + // Check if the key exists and is active + $sql = stPrepareSQL( + "SELECT * FROM voters WHERE key=%S AND enabled<>0", + "key"); + + if (($voter = stFetchSQL($sql)) === FALSE) + stError("Vote key does not exist, perhaps you typed it incorrectly?"); + } + + if (!$errorSet && $mode == "key") + { + $_SESSION["key"] = stGetRequestItem("key"); + stSetVoteStatus(1); + + // Try fetching previously stored votes + $sql = stPrepareSQL( + "SELECT * FROM votes WHERE voter_id=%d", + $voter["id"]); + + if (($res = stExecSQL($sql)) !== false) + { + foreach ($res as $vote) + { + $_SESSION["entry".$vote["entry_id"]] = $vote["value"]; + } + } + +// print_r($_SESSION); exit; + } + + if (!$errorSet && $mode == "check") + { + // Check the submitted vote values + foreach ($compos as $id => $compo) + if (count($compo["entries"]) > 0) + { + foreach ($compo["entries"] as $eid => $entry) + { + $name = "entry".$eid; + $vote = stGetRequestItem($name); + if (!$errorSet && ($vote < stGetSetting("voteMin") || $vote > stGetSetting("voteMax"))) + { + stError("One or more vote value was out of bounds. Trying to cheat, eh?"); + $vote = 0; + } + $_SESSION[$name] = $vote; + } + } + } + + // Ookkay... + if (!$errorSet && $mode == "check") + { + foreach ($compos as $id => $compo) + if (count($compo["entries"]) > 0) + { + foreach ($compo["entries"] as $eid => $entry) + { + $vote = stGetRequestItem("entry".$eid); + $sql = stPrepareSQL("SELECT id FROM votes WHERE voter_id=%d AND entry_id=%d", + $voter["id"], $eid); + + if (($res = stFetchSQLColumn($sql)) === false) + { + $sql = stPrepareSQL( + "INSERT INTO votes (voter_id,entry_id,value) VALUES (%d,%d,%d)", + $voter["id"], $eid, $vote); + + if (stExecSQL($sql) === false) + break; + } + else + { + $sql = stPrepareSQL( + "UPDATE votes SET value=%d WHERE voter_id=%d AND entry_id=%d", + $vote, $voter["id"], $eid); + + if (stExecSQL($sql) === false) + break; + } + } + } + + stSetVoteStatus(2); + } +} + +if ($errorSet) +{ + stSetVoteStatus(-1); + $_SESSION["message"] = $errorMsg; +} + +header("Location: vote"); +?> \ No newline at end of file