Mercurial > hg > fapweb

changeset 6:2a9267ad0ceb

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Add new module.
author Matti Hamalainen <ccr@tnsp.org>
date Wed, 05 Dec 2012 08:14:04 +0200
parents 76c3b89d7b11
children d76020022881
files dovote.php
diffstat 1 files changed, 123 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/dovote.php	Wed Dec 05 08:14:04 2012 +0200
@@ -0,0 +1,123 @@
+<?
+require "mconfig.inc.php";
+require "msite.inc.php";
+
+stSetupCacheControl();
+if (!stVoteSessionStart())
+{
+  header("Location: vote");
+  exit;
+}
+
+$_SESSION["message"] = "";
+stSetVoteStatus(0);
+
+
+if (stCheckHTTPS() && stChkSetting("allowVoting") && stConnectSQLDB())
+{
+  stGetCompoList(FALSE);
+  $mode = stGetRequestItem("mode");
+
+  // Check received data
+  if (stChkDataItem("key") ||
+    strlen(stGetRequestItem("key")) != stGetSetting("voteKeyLength"))
+  {
+    stError("Invalid or empty vote key, please check.");
+  }
+  else
+  {
+    // Check if the key exists and is active
+    $sql = stPrepareSQL(
+      "SELECT * FROM voters WHERE key=%S AND enabled<>0",
+      "key");
+
+    if (($voter = stFetchSQL($sql)) === FALSE)
+      stError("Vote key does not exist, perhaps you typed it incorrectly?");
+  }
+
+  if (!$errorSet && $mode == "key")
+  {
+    $_SESSION["key"] = stGetRequestItem("key");
+    stSetVoteStatus(1);
+
+    // Try fetching previously stored votes
+    $sql = stPrepareSQL(
+      "SELECT * FROM votes WHERE voter_id=%d",
+      $voter["id"]);
+
+    if (($res = stExecSQL($sql)) !== false)
+    {
+      foreach ($res as $vote)
+      {
+        $_SESSION["entry".$vote["entry_id"]] = $vote["value"];
+      }
+    }
+    
+//    print_r($_SESSION); exit;
+  }
+
+  if (!$errorSet && $mode == "check")
+  {
+    // Check the submitted vote values
+    foreach ($compos as $id => $compo)
+    if (count($compo["entries"]) > 0)
+    {
+      foreach ($compo["entries"] as $eid => $entry)
+      {
+        $name = "entry".$eid;
+        $vote = stGetRequestItem($name);
+        if (!$errorSet && ($vote < stGetSetting("voteMin") || $vote > stGetSetting("voteMax")))
+        {
+          stError("One or more vote value was out of bounds. Trying to cheat, eh?");
+          $vote = 0;
+        }
+        $_SESSION[$name] = $vote;
+      }
+    }
+  }
+
+  // Ookkay...
+  if (!$errorSet && $mode == "check")
+  {
+    foreach ($compos as $id => $compo)
+    if (count($compo["entries"]) > 0)
+    {
+      foreach ($compo["entries"] as $eid => $entry)
+      {
+        $vote = stGetRequestItem("entry".$eid);
+        $sql = stPrepareSQL("SELECT id FROM votes WHERE voter_id=%d AND entry_id=%d",
+          $voter["id"], $eid);
+
+        if (($res = stFetchSQLColumn($sql)) === false)
+        {
+          $sql = stPrepareSQL(
+            "INSERT INTO votes (voter_id,entry_id,value) VALUES (%d,%d,%d)",
+            $voter["id"], $eid, $vote);
+
+          if (stExecSQL($sql) === false)
+            break;
+        }
+        else
+        {
+          $sql = stPrepareSQL(
+            "UPDATE votes SET value=%d WHERE voter_id=%d AND entry_id=%d",
+            $vote, $voter["id"], $eid);
+
+          if (stExecSQL($sql) === false)
+            break;
+        }
+      }
+    }
+
+    stSetVoteStatus(2);
+  }
+}
+
+if ($errorSet)
+{
+  stSetVoteStatus(-1);
+  $_SESSION["message"] = $errorMsg;
+}
+
+header("Location: vote");
+?>
\ No newline at end of file