public function register_vote($request) { global $current_user; $poll_id = $this->id; $unique_id = strip_tags(xss_clean($this->unique_id)); $location = strip_tags(xss_clean($request['location'])); $vote_id = uniqid('vote_id_'); $vote_type = $request['vote_type']; $SuperCookie = strip_tags(xss_clean($request['supercookie'])); $tr_id = strip_tags(xss_clean($request['yop_poll_tr_id'])); $votes = 0; $user_id = 0; $user_type = 'default'; $user_details = ''; if (wp_verify_nonce($request['yop-poll-nonce-' . $poll_id . $unique_id], 'yop_poll-' . $this->ID . $unique_id . '-user-actions')) { switch ($vote_type) { default: $user_id = $current_user->ID != null ? $current_user->ID : 0; $user_type = 'default'; break; case 'wordpress': $user_id = $current_user->ID; $user_type = 'wordpress'; break; case 'anonymous': $user_type = 'anonymous'; break; } $log_to_add = array('poll_id' => $this->ID, 'vote_id' => $vote_id, 'ip' => yop_poll_get_ip(), 'user_id' => $user_id, 'user_type' => $user_type, 'user_details' => json_encode($user_details), 'tr_id' => $tr_id); } else { $this->error = __yop_poll('Bad Request!'); $log_to_add['message'] = __yop_poll('Bad request'); insert_log_in_db($log_to_add); return false; } if (wp_verify_nonce($request['yop-poll-nonce-' . $this->ID . $unique_id], 'yop_poll-' . $this->ID . $unique_id . '-user-actions')) { $tr_id = $request['yop_poll_tr_id']; $super_perm = true; if (in_array("supercookie", $this->blocking_voters)) { $super_perm = $this->is_voted_supercookie($SuperCookie); } if ($super_perm == true) { $current_date = yop_poll_get_mysql_curent_date(); if ($this->is_allowed_to_vote($vote_type)) { if ($current_date >= convert_date($this->poll_start_date, 'Y-m-d H:i:s')) { if ($current_date <= convert_date($this->poll_end_date, 'Y-m-d H:i:s')) { if ('closed' == $this->status) { $this->error = __yop_poll('This poll is closed!'); $log_to_add['message'] = __yop_poll('Poll Closed'); insert_log_in_db($log_to_add); return false; } else { if (!$this->is_voted($vote_type, $facebook_user_details, $google_user_details, true, $SuperCookie)) { $voter = array(); $voter['poll_id'] = $poll_id; $voter['user_id'] = $current_user->ID; $voter['user_type'] = $vote_type; if ($this->user_have_votes_to_vote($voter, $SuperCookie)) { $i = 1; $cookie = ''; $log = array(); foreach ($this->questions as &$question) { $answers = array(); if (isset($request['yop_poll_answer'][$question->ID])) { if ('yes' == $question->allow_multiple_answers) { if (count($request['yop_poll_answer'][$question->ID]) <= intval($question->allow_multiple_answers_number)) { if (count($request['yop_poll_answer'][$question->ID]) >= intval($question->allow_multiple_answers_min_number)) { $answers = array(); foreach ($request['yop_poll_answer'][$question->ID] as $answer) { $new_answer = array(); $new_answer['answer_id'] = $answer; $new_answer['type'] = 'default'; if ('other' == $answer) { $a = new YOP_POLL_Answer_Model(); if (isset($request['yop_poll_other_answer'][$question->ID]) && '' != strip_tags(trim($request['yop_poll_other_answer'][$question->ID]))) { $a->type = 'other'; $a->poll_id = $poll_id; $a->question_id = $question->ID; $a->answer = strip_tags(trim($request['yop_poll_other_answer'][$question->ID])); $a->answer_date = current_time('mysql'); $a->answer_modified = current_time('mysql'); $a->status = 'active'; $a->question_order = $question->countanswers() + 1; $a->answer_author = $current_user->ID; $a->save(); if (!$a->id) { $this->error = __yop_poll('Other answer for question ') . $i . __yop_poll(' could not be inserted!'); $log_to_add['message'] = __yop_poll('Other answer for question ') . $i . __yop_poll(' could not be inserted'); insert_log_in_db($log_to_add); return false; } } else { $this->error = __yop_poll('Other answer from question ') . $i . __yop_poll(' is empty'); $log_to_add['message'] = __yop_poll('Other answer from question ') . $i . __yop_poll(' is empty'); insert_log_in_db($log_to_add); return false; } $question->addAnswer($a); $new_answer['answer_id'] = $a->id; $new_answer['type'] = 'other'; unset($a); } $new_answer['poll_id'] = $poll_id; $new_answer['vote_id'] = $vote_id; $new_answer['ip'] = yop_poll_get_ip(); $new_answer['user_id'] = $current_user->ID; $new_answer['user_type'] = 'default'; if ($vote_type == 'anonymous' || $vote_type == 'wordpress') { $new_answer['user_type'] = $vote_type; } $new_answer['http_referer'] = $_SERVER['HTTP_REFERER']; $new_answer['tr_id'] = $tr_id; $new_answer['host'] = esc_attr(@gethostbyaddr(yop_poll_get_ip())); $new_answer['other_answer_value'] = ''; $answers[] = $new_answer; } } else { $this->error = __yop_poll("Too few answers selected for question ") . $i . __yop_poll("! Only more than ") . $question->allow_multiple_answers_min_number . __yop_poll(" answers allowed!"); $log_to_add['message'] = __yop_poll("Too few answers selected for question ") . $i; insert_log_in_db($log_to_add); return false; } } else { $this->error = __yop_poll("Too many answers selected for question ") . $i . __yop_poll("! Only ") . $question->allow_multiple_answers_number . __yop_poll(" answers allowed!"); $log_to_add['message'] = __yop_poll("Too many answers selected for question ") . $i; insert_log_in_db($log_to_add); return false; } } else { $new_answer = array(); $new_answer['answer_id'] = $request['yop_poll_answer'][$question->ID]; $new_answer['type'] = 'default'; if ('other' == $request['yop_poll_answer'][$question->ID]) { $a = new YOP_POLL_Answer_Model(); if (isset($request['yop_poll_other_answer'][$question->ID]) && '' != strip_tags(trim($request['yop_poll_other_answer'][$question->ID]))) { $a->type = 'other'; $a->poll_id = $poll_id; $a->question_id = $question->ID; $a->answer = strip_tags(trim($request['yop_poll_other_answer'][$question->ID])); $a->answer_date = current_time('mysql'); $a->question_order = $question->countanswers(); $a->answer_author = $current_user->ID; $a->votes = 0; $a->save(); if (!$a->id) { $this->error = __yop_poll("Other answer for question ") . $i . __yop_poll(" could not be inserted!"); $log_to_add['message'] = __yop_poll("Other answer for question ") . $i . __yop_poll(" could not be inserted"); insert_log_in_db($log_to_add); return false; } } else { $this->error = __yop_poll("Other answer from question ") . $i . ' ' . __yop_poll('is empty'); $log_to_add['message'] = __yop_poll("Other answer from question ") . $i . ' ' . __yop_poll('empty'); insert_log_in_db($log_to_add); return false; } $question->addAnswer($a); $new_answer['answer_id'] = $a->id; $new_answer['type'] = 'other'; unset($a); } $new_answer['poll_id'] = $poll_id; $new_answer['vote_id'] = $vote_id; $new_answer['ip'] = yop_poll_get_ip(); $new_answer['user_id'] = $current_user->ID; $new_answer['user_type'] = 'default'; $new_answer['http_referer'] = $_SERVER['HTTP_REFERER']; $new_answer['tr_id'] = $tr_id; $new_answer['host'] = esc_attr(@gethostbyaddr(yop_poll_get_ip())); $new_answer['other_answer_value'] = ''; $answers[] = $new_answer; } if (count($answers) > 0) { $custom_fields = array(); $poll_custom_fields = $question->custom_fields; if (count($poll_custom_fields) > 0) { if (isset($request['yop_poll_customfield'][$question->ID])) { foreach ($poll_custom_fields as $custom_field) { if (isset($request['yop_poll_customfield'][$question->ID][$custom_field->ID])) { if ('' == trim(strip_tags($request['yop_poll_customfield'][$question->ID][$custom_field->ID])) && 'yes' == $custom_field->required) { $this->error = __yop_poll("Custom field ") . $custom_field->custom_field . __yop_poll(" from question ") . $i . ' ' . __yop_poll("is required") . "!"; $log_to_add['message'] = __yop_poll("Custom field ") . $custom_field->custom_field . __yop_poll(" from question ") . $i . ' ' . __yop_poll("required"); insert_log_in_db($log_to_add); return false; } else { if (trim(strip_tags($request['yop_poll_customfield'][$question->ID][$custom_field->ID])) != '') { $new_custom_field = array(); $new_custom_field['poll_id'] = $poll_id; $new_custom_field['question_id'] = $question->ID; $new_custom_field['vote_id'] = $vote_id; $new_custom_field['custom_field_id'] = $custom_field->ID; $new_custom_field['user_id'] = $current_user->ID; $new_custom_field['user_type'] = 'default'; if ($vote_type == 'wordpress' || $vote_type == 'anonymous') { $new_custom_field['user_type'] = $vote_type; } $new_custom_field['custom_field_value'] = strip_tags(trim($request['yop_poll_customfield'][$question->ID][$custom_field->ID])); $custom_fields[] = $new_custom_field; } } } else { $this->error = __yop_poll("Custom field ") . '"' . $custom_field->custom_field . '"' . __yop_poll(" from question ") . $i . ' ' . __yop_poll("is missing ") . '!'; $log_to_add['message'] = __yop_poll("Custom field ") . '"' . $custom_field->custom_field . '"' . __yop_poll(" from question ") . $i . ' ' . __yop_poll("missing"); insert_log_in_db($log_to_add); return false; } } } else { $this->error = __yop_poll("Custom fields from question ") . $i . ' ' . __yop_poll("are missing") . '!'; $log_to_add['message'] = __yop_poll("Custom fields from question ") . $i . ' ' . __yop_poll("missing") . '!'; insert_log_in_db($log_to_add); return false; } } if ('yes' == $this->use_captcha) { require_once YOP_POLL_INC . '/securimage.php'; $img = new Yop_Poll_Securimage(); $img->namespace = 'yop_poll_' . $poll_id . $unique_id; if ($img->check($_REQUEST['yop_poll_captcha_input'][$poll_id])) { $mail_notifications_answers[$question->ID] = array(); $add_to_log = $this->update_votes($question, $answers, $votes, $mail_notifications_answers[$question->ID], $facebook_user_details['id'], $google_user_details['id']); $log["q-" . $question->ID]['question'] = $question->question; $log["q-" . $question->ID]['a'] = $add_to_log['a']; $log["q-" . $question->ID]['answers'] = $add_to_log['answers']; $mail_notifications_answers[$question->ID] = trim($mail_notifications_answers[$question->ID], '<br>'); $mail_notifications_custom_fields[$question->ID] = ''; foreach ($custom_fields as $custom_field) { if ('anonymous' == $vote_type) { $custom_field['user_id'] = 0; } $custom_field['tr_id'] = $tr_id; self::insert_vote_custom_field_in_database($custom_field); $cf = $question->getCustomFieldById($custom_field['custom_field_id']); $mail_notifications_custom_fields[$question->ID][$cf->custom_field] = $custom_field['custom_field_value']; } if ('yes' == $this->number_of_votes_per_user) { $this->success = str_replace('%USER-VOTES-LEFT%', intval($this->number_of_votes_per_user) - $this->get_voter_number_of_votes($voter), $poll_options['message_after_vote']); } else { $this->success = str_replace('%USER-VOTES-LEFT%', '', $this->message_after_vote); } } else { $this->error = __yop_poll("Incorrect security code entered!"); $log_to_add['message'] = __yop_poll("Incorrect security code entered"); insert_log_in_db($log_to_add); return false; } } else { $mail_notifications_answers[$question->ID] = array(); $add_to_log = $this->update_votes($question, $answers, $votes, $mail_notifications_answers[$question->ID], $vote_type, $facebook_user_details['id'], $google_user_details['id']); $log["q-" . $question->ID]['question'] = $question->question; $log["q-" . $question->ID]['id'] = $question->ID; $log["q-" . $question->ID]['a'] = $add_to_log['a']; $log["q-" . $question->ID]['answers'] = $add_to_log['answers']; $mail_notifications_custom_fields[$question->ID] = array(); $add_to_log = array(); foreach ($custom_fields as $custom_field) { if ('google' == $vote_type) { $custom_field['user_id'] = $google_user_details['id']; } if ('anonymous' == $vote_type) { $custom_field['user_id'] = 0; } $custom_field['tr_id'] = $tr_id; $cf_id = self::insert_vote_custom_field_in_database($custom_field); $add_to_log[] = $cf_id; $cf = $question->getCustomFieldById($custom_field['custom_field_id']); $mail_notifications_custom_fields[$question->ID][$cf->custom_field] = $custom_field['custom_field_value']; } $log["q-" . $question->ID]['cf'] = $add_to_log; if ('yes' == $this->number_of_votes_per_user) { $this->success = str_replace('%USER-VOTES-LEFT%', intval($this->number_of_votes_per_user) - $this->get_voter_number_of_votes($voter), $this->message_after_vote); } else { $this->success = str_replace('%USER-VOTES-LEFT%', '', $this->message_after_vote); } } } else { $this->error = __yop_poll("No vote registered!"); $log_to_add['message'] = __yop_poll("No vote registered"); insert_log_in_db($log_to_add); return false; } } else { $this->error = __yop_poll("No answer selected for question ") . $i; $log_to_add['message'] = __yop_poll("No answer selected for question ") . $i; insert_log_in_db($log_to_add); return false; } $i++; } } else { $this->error = __yop_poll("You have run out of votes!"); $log_to_add['message'] = __yop_poll("Run out of votes"); insert_log_in_db($log_to_add); return false; } } else { $this->error = __yop_poll("You Already voted!"); $log_to_add['message'] = __yop_poll("Already Voted"); insert_log_in_db($log_to_add); return false; } } } else { $this->error = __yop_poll("This poll is closed!"); $log_to_add['message'] = __yop_poll("Poll Closed"); insert_log_in_db($log_to_add); return false; } } else { $this->error = __yop_poll("You can vote once the poll starts!"); $log_to_add['message'] = __yop_poll("Poll not started"); insert_log_in_db($log_to_add); return false; } } else { $this->error = __yop_poll("You are not allowed to vote!"); $log_to_add['message'] = __yop_poll("Not allowed to vote"); insert_log_in_db($log_to_add); return false; } } else { $this->error = __yop_poll("You are not allowed to vote!"); return false; } } else { $this->error = __yop_poll("Bad Request!"); $log_to_add['message'] = __yop_poll("Bad request"); insert_log_in_db($log_to_add); return false; } if ($this->send_email_notifications == "yes") { $this->sendMail($mail_notifications_answers, $mail_notifications_custom_fields, $vote_id); } $this->update_poll_total_votes(1); $log_to_add['message'] = __yop_poll('Success'); $log_to_add['vote_details'] = json_encode($log); insert_log_in_db($log_to_add); $ip_data = @json_decode(file_get_contents("http://www.geoplugin.net/json.gp?ip=" . $log_to_add['ip'])); $log_to_add['country'] = $ip_data->geoplugin_countryName; insert_result_in_db($log_to_add); $this->set_vote_cookie(json_encode($log), $vote_type, $facebook_user_details, $google_user_details); $this->vote = true; $this->poll_total_votes += 1; return do_shortcode($this->return_poll_html(array('tr_id' => $tr_id, 'location' => $location))); }
public function ajax_play_captcha() { if (is_admin()) { $poll_id = isset($_REQUEST['poll_id']) ? $_REQUEST['poll_id'] : null; $unique_id = isset($_REQUEST['unique_id']) ? $_REQUEST['unique_id'] : null; if ($poll_id) { require_once YOP_POLL_MODELS . 'poll_model.php'; $yop_poll_model = new YOP_POLL_MODEL($poll_id); if ('yes' == $yop_poll_model->use_captcha) { require_once YOP_POLL_INC . 'securimage.php'; $img = new Yop_Poll_Securimage(); $img->audio_path = YOP_POLL_PATH . 'captcha/audio/'; $img->audio_noise_path = YOP_POLL_PATH . 'captcha/audio/noise/'; $img->namespace = 'yop_poll_' . $poll_id . $unique_id; $img->outputAudioFile(); } } else { wp_die('Invalid Poll'); } } else { wp_die('captcha error'); } die; }
/** * Generate a new captcha ID or retrieve the current ID * * @param $new bool If true, generates a new challenge and returns and ID * @param $options array Additional options to be passed to Securimage * * @return null|string Returns null if no captcha id set and new was false, or string captcha ID */ public static function getCaptchaId($new = true, array $options = array()) { if ((bool) $new == true) { $id = sha1(uniqid($_SERVER['REMOTE_ADDR'], true)); $opts = array('no_session' => true, 'use_sqlite_db' => true); if (sizeof($options) > 0) { $opts = array_merge($opts, $options); } $si = new self($opts); Yop_Poll_Securimage::$_captchaId = $id; $si->createCode(); return $id; } else { return Yop_Poll_Securimage::$_captchaId; } }