Beispiel #1
0
 if (!tokenvalid($r['id'], $r['token'])) {
     makeError(3);
 }
 $query = "select vote from vts where postid={$r['postid']} and id={$r['id']}";
 $result = mysqli_query($con, $query);
 $vote = $r['action'] == 'upvote' ? 1 : ($r['action'] == 'downvote' ? -1 : 0);
 if (mysqli_num_rows($result) > 0) {
     // already voted
     $curVote = mysqli_fetch_row($result)[0];
     if ($curVote == $vote) {
         // alerady voted same
         die(json_encode($rarr));
     }
     // change vote
     if ($vote == 0) {
         removeVote($r['id'], $r['postid']);
     } else {
         execQuery("update vts set vote={$vote} where id={$r['id']} and postid={$r['postid']}", 5);
     }
     // update counts
     if ($vote == 1) {
         $pQuery = genCountQuery(2, 1, -1);
     } else {
         if ($vote == -1) {
             $pQuery = genCountQuery(-2, -1, 1);
         } else {
             if ($curVote == 1) {
                 $pQuery = genCountQuery(-1, -1, 0);
             } else {
                 $pQuery = genCountQuery(1, 0, -1);
             }
Beispiel #2
0
 /**
  * Allow the user to vote.
  * It is called to register a vote in a poll.
  * Must be called with a topic and option specified.
  * Requires the poll_vote permission.
  * Upon successful completion of action will direct user back to topic.
  * Accessed via ?action=poll;sa=vote.
  *
  * @uses Post language file.
  */
 public function action_vote()
 {
     global $topic, $user_info, $modSettings;
     require_once SUBSDIR . '/Poll.subs.php';
     // Make sure you can vote.
     isAllowedTo('poll_vote');
     loadLanguage('Post');
     // Check if they have already voted, or voting is locked.
     $row = checkVote($topic);
     if (empty($row)) {
         fatal_lang_error('poll_error', false);
     }
     // If this is a guest can they vote?
     if ($user_info['is_guest']) {
         // Guest voting disabled?
         if (!$row['guest_vote']) {
             fatal_lang_error('guest_vote_disabled');
         } elseif (!empty($_COOKIE['guest_poll_vote']) && preg_match('~^[0-9,;]+$~', $_COOKIE['guest_poll_vote']) && strpos($_COOKIE['guest_poll_vote'], ';' . $row['id_poll'] . ',') !== false) {
             // ;id,timestamp,[vote,vote...]; etc
             $guestinfo = explode(';', $_COOKIE['guest_poll_vote']);
             // Find the poll we're after.
             foreach ($guestinfo as $i => $guestvoted) {
                 $guestvoted = explode(',', $guestvoted);
                 if ($guestvoted[0] == $row['id_poll']) {
                     break;
                 }
             }
             // Has the poll been reset since guest voted?
             if (isset($guestvoted[1]) && $row['reset_poll'] > $guestvoted[1]) {
                 // Remove the poll info from the cookie to allow guest to vote again
                 unset($guestinfo[$i]);
                 if (!empty($guestinfo)) {
                     $_COOKIE['guest_poll_vote'] = ';' . implode(';', $guestinfo);
                 } else {
                     unset($_COOKIE['guest_poll_vote']);
                 }
             } else {
                 fatal_lang_error('poll_error', false);
             }
             unset($guestinfo, $guestvoted, $i);
         }
     }
     // Is voting locked or has it expired?
     if (!empty($row['voting_locked']) || !empty($row['expire_time']) && time() > $row['expire_time']) {
         fatal_lang_error('poll_error', false);
     }
     // If they have already voted and aren't allowed to change their vote - hence they are outta here!
     if (!$user_info['is_guest'] && $row['selected'] != -1 && empty($row['change_vote'])) {
         fatal_lang_error('poll_error', false);
     } elseif (!empty($row['change_vote']) && !$user_info['is_guest'] && empty($_POST['options'])) {
         checkSession('request');
         // Find out what they voted for before.
         $pollOptions = determineVote($user_info['id'], $row['id_poll']);
         // Just skip it if they had voted for nothing before.
         if (!empty($pollOptions)) {
             // Update the poll totals.
             decreaseVoteCounter($row['id_poll'], $pollOptions);
             // Delete off the log.
             removeVote($user_info['id'], $row['id_poll']);
         }
         // Redirect back to the topic so the user can vote again!
         if (empty($_POST['options'])) {
             redirectexit('topic=' . $topic . '.' . $_REQUEST['start']);
         }
     }
     checkSession('request');
     // Make sure the option(s) are valid.
     if (empty($_POST['options'])) {
         fatal_lang_error('didnt_select_vote', false);
     }
     // Too many options checked!
     if (count($_REQUEST['options']) > $row['max_votes']) {
         fatal_lang_error('poll_too_many_votes', false, array($row['max_votes']));
     }
     $pollOptions = array();
     $inserts = array();
     foreach ($_REQUEST['options'] as $id) {
         $id = (int) $id;
         $pollOptions[] = $id;
         $inserts[] = array($row['id_poll'], $user_info['id'], $id);
     }
     // Add their vote to the tally.
     addVote($inserts);
     increaseVoteCounter($row['id_poll'], $pollOptions);
     // If it's a guest don't let them vote again.
     if ($user_info['is_guest'] && count($pollOptions) > 0) {
         // Time is stored in case the poll is reset later, plus what they voted for.
         $_COOKIE['guest_poll_vote'] = empty($_COOKIE['guest_poll_vote']) ? '' : $_COOKIE['guest_poll_vote'];
         // ;id,timestamp,[vote,vote...]; etc
         $_COOKIE['guest_poll_vote'] .= ';' . $row['id_poll'] . ',' . time() . ',' . (count($pollOptions) > 1 ? implode(',', $pollOptions) : $pollOptions[0]);
         // Increase num guest voters count by 1
         increaseGuestVote($row['id_poll']);
         require_once SUBSDIR . '/Auth.subs.php';
         $cookie_url = url_parts(!empty($modSettings['localCookies']), !empty($modSettings['globalCookies']));
         elk_setcookie('guest_poll_vote', $_COOKIE['guest_poll_vote'], time() + 2500000, $cookie_url[1], $cookie_url[0], false, false);
     }
     // Maybe let a social networking mod log this, or something?
     call_integration_hook('integrate_poll_vote', array(&$row['id_poll'], &$pollOptions));
     // Return to the post...
     redirectexit('topic=' . $topic . '.' . $_REQUEST['start']);
 }