die("Nope!"); } CheckPermission('user.voteposts'); $pid = (int) $_GET["id"]; $post = Fetch(Query("SELECT * FROM {posts} WHERE id = {0}", $pid)); if (!$post) { die("Unknown post"); } if ($post["user"] == $loguserid) { die("Nope!"); } $thread = Fetch(Query("SELECT * FROM {threads} WHERE id = {0}", $post["thread"])); if (!$thread) { die("Unknown thread"); } if (!HasPermission('forum.viewforum', $thread['forum'])) { die('Nice try hacker kid, but no.'); } if ($thread["closed"]) { die(__("Thread is closed")); } $vote = Fetch(Query("SELECT * FROM {postplusones} WHERE post = {0} AND user = {1}", $pid, $loguserid)); if (!$vote) { Query("UPDATE {posts} SET postplusones = postplusones+1 WHERE id = {0} LIMIT 1", $pid); Query("UPDATE {users} SET postplusones = postplusones+1 WHERE id = {0} LIMIT 1", $post["user"]); Query("UPDATE {users} SET postplusonesgiven = postplusonesgiven+1 WHERE id = {0} LIMIT 1", $loguserid); Query("INSERT INTO {postplusones} (user, post) VALUES ({0}, {1})", $loguserid, $pid); $post["postplusones"]++; } echo formatPlusOnes($post["postplusones"]);
<?php global $loguser; if ($post["id"] != "_") { $plusOne = ""; $plusOne .= "<span class=\"postplusone\">"; $plusOne .= formatPlusOnes($post["postplusones"]); if ($post["u_id"] != $loguserid && $loguserid != 0) { $url = actionLink("plusone", $post["id"], "key=" . $loguser["token"]); $url = htmlspecialchars($url); $plusOne .= " <a href=\"\" onclick=\"\$(this.parentElement).load('{$url}'); return false;\">+1</a>"; } $plusOne .= "</span>"; $links->add(new PipeMenuHtmlEntry($plusOne)); }