if (!tokenvalid($r['id'], $r['token'])) {
makeError(3);
}
$query = "select vote from vts where postid={$r['postid']} and id={$r['id']}";
$result = mysqli_query($con, $query);
$vote = $r['action'] == 'upvote' ? 1 : ($r['action'] == 'downvote' ? -1 : 0);
if (mysqli_num_rows($result) > 0) {
// already voted
$curVote = mysqli_fetch_row($result)[0];
if ($curVote == $vote) {
// alerady voted same
die(json_encode($rarr));
}
// change vote
if ($vote == 0) {
removeVote($r['id'], $r['postid']);
} else {
execQuery("update vts set vote={$vote} where id={$r['id']} and postid={$r['postid']}", 5);
}
// update counts
if ($vote == 1) {
$pQuery = genCountQuery(2, 1, -1);
} else {
if ($vote == -1) {
$pQuery = genCountQuery(-2, -1, 1);
} else {
if ($curVote == 1) {
$pQuery = genCountQuery(-1, -1, 0);
} else {
$pQuery = genCountQuery(1, 0, -1);
}
/**
* Allow the user to vote.
* It is called to register a vote in a poll.
* Must be called with a topic and option specified.
* Requires the poll_vote permission.
* Upon successful completion of action will direct user back to topic.
* Accessed via ?action=poll;sa=vote.
*
* @uses Post language file.
*/
public function action_vote()
{
global $topic, $user_info, $modSettings;
require_once SUBSDIR . '/Poll.subs.php';
// Make sure you can vote.
isAllowedTo('poll_vote');
loadLanguage('Post');
// Check if they have already voted, or voting is locked.
$row = checkVote($topic);
if (empty($row)) {
fatal_lang_error('poll_error', false);
}
// If this is a guest can they vote?
if ($user_info['is_guest']) {
// Guest voting disabled?
if (!$row['guest_vote']) {
fatal_lang_error('guest_vote_disabled');
} elseif (!empty($_COOKIE['guest_poll_vote']) && preg_match('~^[0-9,;]+$~', $_COOKIE['guest_poll_vote']) && strpos($_COOKIE['guest_poll_vote'], ';' . $row['id_poll'] . ',') !== false) {
// ;id,timestamp,[vote,vote...]; etc
$guestinfo = explode(';', $_COOKIE['guest_poll_vote']);
// Find the poll we're after.
foreach ($guestinfo as $i => $guestvoted) {
$guestvoted = explode(',', $guestvoted);
if ($guestvoted[0] == $row['id_poll']) {
break;
}
}
// Has the poll been reset since guest voted?
if (isset($guestvoted[1]) && $row['reset_poll'] > $guestvoted[1]) {
// Remove the poll info from the cookie to allow guest to vote again
unset($guestinfo[$i]);
if (!empty($guestinfo)) {
$_COOKIE['guest_poll_vote'] = ';' . implode(';', $guestinfo);
} else {
unset($_COOKIE['guest_poll_vote']);
}
} else {
fatal_lang_error('poll_error', false);
}
unset($guestinfo, $guestvoted, $i);
}
}
// Is voting locked or has it expired?
if (!empty($row['voting_locked']) || !empty($row['expire_time']) && time() > $row['expire_time']) {
fatal_lang_error('poll_error', false);
}
// If they have already voted and aren't allowed to change their vote - hence they are outta here!
if (!$user_info['is_guest'] && $row['selected'] != -1 && empty($row['change_vote'])) {
fatal_lang_error('poll_error', false);
} elseif (!empty($row['change_vote']) && !$user_info['is_guest'] && empty($_POST['options'])) {
checkSession('request');
// Find out what they voted for before.
$pollOptions = determineVote($user_info['id'], $row['id_poll']);
// Just skip it if they had voted for nothing before.
if (!empty($pollOptions)) {
// Update the poll totals.
decreaseVoteCounter($row['id_poll'], $pollOptions);
// Delete off the log.
removeVote($user_info['id'], $row['id_poll']);
}
// Redirect back to the topic so the user can vote again!
if (empty($_POST['options'])) {
redirectexit('topic=' . $topic . '.' . $_REQUEST['start']);
}
}
checkSession('request');
// Make sure the option(s) are valid.
if (empty($_POST['options'])) {
fatal_lang_error('didnt_select_vote', false);
}
// Too many options checked!
if (count($_REQUEST['options']) > $row['max_votes']) {
fatal_lang_error('poll_too_many_votes', false, array($row['max_votes']));
}
$pollOptions = array();
$inserts = array();
foreach ($_REQUEST['options'] as $id) {
$id = (int) $id;
$pollOptions[] = $id;
$inserts[] = array($row['id_poll'], $user_info['id'], $id);
}
// Add their vote to the tally.
addVote($inserts);
increaseVoteCounter($row['id_poll'], $pollOptions);
// If it's a guest don't let them vote again.
if ($user_info['is_guest'] && count($pollOptions) > 0) {
// Time is stored in case the poll is reset later, plus what they voted for.
$_COOKIE['guest_poll_vote'] = empty($_COOKIE['guest_poll_vote']) ? '' : $_COOKIE['guest_poll_vote'];
// ;id,timestamp,[vote,vote...]; etc
$_COOKIE['guest_poll_vote'] .= ';' . $row['id_poll'] . ',' . time() . ',' . (count($pollOptions) > 1 ? implode(',', $pollOptions) : $pollOptions[0]);
// Increase num guest voters count by 1
increaseGuestVote($row['id_poll']);
require_once SUBSDIR . '/Auth.subs.php';
$cookie_url = url_parts(!empty($modSettings['localCookies']), !empty($modSettings['globalCookies']));
elk_setcookie('guest_poll_vote', $_COOKIE['guest_poll_vote'], time() + 2500000, $cookie_url[1], $cookie_url[0], false, false);
}
// Maybe let a social networking mod log this, or something?
call_integration_hook('integrate_poll_vote', array(&$row['id_poll'], &$pollOptions));
// Return to the post...
redirectexit('topic=' . $topic . '.' . $_REQUEST['start']);
}