public function testHasVoted() { $db_conn = $this->initAndClearTables(); $this->insertSubmission($db_conn, 'Q', 'test1', 0, 0, 23456); $qid1 = $this->getSubmissionID($db_conn, 'Q', 'test1'); $this->insertSubmission($db_conn, 'Q', 'test2', 1, 0, 23456); $qid2 = $this->getSubmissionID($db_conn, 'Q', 'test2'); $this->addToVotedOn($db_conn, 'Q', $qid2, 123); include_once '../../Incognito/students/scripts/studentfeed_lookup_questions.php'; // UID 123 has voted for question test2, but not for test1. $voted = hasVoted('Q', $qid1, 123, $db_conn); $this->assertEquals(0, $voted); $voted = hasVoted('Q', $qid2, 123, $db_conn); $this->assertEquals(1, $voted); }
function printfive($result) { $query = "SELECT questionText, answer1Text, answer2Text, postID FROM Question ORDER BY postID DESC;"; $result = mysql_query($query); $record = mysql_fetch_array($result); while ($record != false) { $questionText = $record['questionText']; $answer1Text = $record['answer1Text']; $answer2Text = $record['answer2Text']; $postID = $record['postID']; $normalQuestion = stripslashes($questionText); $normalA1 = stripslashes($answer1Text); $normalA2 = stripslashes($answer2Text); if (hasVoted($userID, $postID)) { showResults($postID, $normalQuestion, $normalA1, $normalA2); } else { echo "\t<td>{$normalQuestion}</td> "; echo <<<BLOCK2 \t\t\t\t<tr> \t\t \t\t\t\t\t<td>\t\t\t\t\t \t\t\t\t\t\t\t<div onclick="location.href='vote.php?postID={$postID}&answerChoice=1'" class="ans1"> \t\t\t\t\t\t\t\t<input type="image" src="MidiateRedMan.png" name="redman" \t\t\t\t\t\t\t\twidth="60" height="60" /> {$normalA1}       \t\t\t\t\t\t\t</div> \t\t\t\t\t\t\t<div onclick="location.href='vote.php?postID={$postID}&answerChoice=2'" class="ans2"> \t\t\t\t\t\t\t \t\t\t\t\t\t\t {$normalA2} <input type="image" src="MidiateBlueMan.png" name="blueman" \t\t\t\t\t\t\t\twidth="60" height="60" /> \t\t\t\t\t\t\t</div> \t\t\t\t\t\t</td> \t\t\t\t\t</tr> BLOCK2; } $record = mysql_fetch_array($result); } }
function getQuestions($sid, $filter, $sort, $uid) { $db_conn = connectToDB(); $uid; if (isset($_POST['sid'])) { $uid = $_POST['uid']; } $feed = array(); $query = null; // There are seven filtering options and three sorting options. Each combination // of these options needs to be handled differently. if ($filter == "None" || $filter == "All Questions") { $query = null; if ($sort == "Newest") { $query = sprintf("SELECT * FROM Question WHERE sid = %d ORDER BY time DESC", $sid); } elseif ($sort == "Priority") { $query = sprintf("SELECT * FROM Question WHERE sid = %d ORDER BY numvotes DESC", $sid); } else { $query = sprintf("SELECT * FROM Question WHERE sid = %d", $sid); } $results = mysql_query($query, $db_conn); if (!$results) { die("Error: " . mysql_error($db_conn)); } while ($r = mysql_fetch_assoc($results)) { $qid = (int) $r["qid"]; $voted = hasVoted('Q', $qid, $uid, $db_conn); $feed[] = array('voted' => $voted, 'text' => $r["text"], 'answered' => $r["answered"], 'type' => 'Q', 'id' => $r["qid"], 'numvotes' => $r["numvotes"], 'time' => $r["time"]); } } if ($filter == "None" || $filter == "All Feedback") { $query = null; // echo "Filter By: All Feedback</br>"; if ($sort == "Newest") { // Get results sorted by timestamp in descending order // echo "Sort By: Newest</br>"; $query = sprintf("SELECT * FROM Feedback WHERE sid = %d ORDER BY time DESC", $sid); } elseif ($sort == "Priority") { // Get results sorted by the number of votes in descending order // echo "Sort By: Priority</br>"; $query = sprintf("SELECT * FROM Feedback WHERE sid = %d ORDER BY numvotes DESC", $sid); } else { // No sorting specified // echo "Sort By: None</br>"; $query = sprintf("SELECT * FROM Feedback WHERE sid = %d", $sid); } // Run the query and fetch the results $results = mysql_query($query, $db_conn); if (!$results) { die("Error: " . mysql_error($db_conn)); } while ($r = mysql_fetch_assoc($results)) { $fid = (int) $r["fid"]; $voted = hasVoted('F', $fid, $uid, $db_conn); $feed[] = array('voted' => $voted, 'text' => $r["text"], 'isread' => $r["isread"], 'type' => 'F', 'id' => $r["fid"], 'numvotes' => $r["numvotes"], 'time' => $r["time"]); } // If filter is None, there will be results from the Questions query in $feed already, so // we need to sort the array to make sure the sorting is properly applied. If filter is All Feedback, // we don't need to sort the array again, but it won't hurt to do so, and it saves a bit of control // flow logic. $feed = sortResults($feed, $sort); } elseif ($filter == "Answered") { // echo "Filter By: Answered</br>"; if ($sort == "Newest") { // Get results sorted by timestamp in descending order // echo "Sort By: Answered</br>"; $query = sprintf("SELECT * FROM Question WHERE sid = %d AND answered = 1 ORDER BY time DESC", $sid); } elseif ($sort == "Priority") { // Get results sorted by the number of votes in descending order // echo "Sort By: Priority</br>"; $query = sprintf("SELECT * FROM Question WHERE sid = %d AND answered = 1 ORDER BY numvotes DESC", $sid); } else { // No sorting specified // echo "Sort By: None</br>"; $query = sprintf("SELECT * FROM Question WHERE sid = %d AND answered = 1", $sid); } // Run the query and fetch the results $results = mysql_query($query, $db_conn); if (!$results) { die("Error: " . mysql_error($db_conn)); } while ($r = mysql_fetch_assoc($results)) { $qid = (int) $r["qid"]; $voted = hasVoted('Q', $qid, $uid, $db_conn); $feed[] = array('voted' => $voted, 'text' => $r["text"], 'answered' => $r["answered"], 'type' => 'Q', 'id' => $r["qid"]); } } elseif ($filter == "Unanswered") { // echo "Filter By: Unanswered</br>"; if ($sort == "Newest") { // Get results sorted by timestamp in descending order // echo "Sort By: Newest</br>"; $query = sprintf("SELECT * FROM Question WHERE sid = %d AND answered = 0 ORDER BY time DESC", $sid); } elseif ($sort == "Priority") { // Get results sorted by the number of votes in descending order // echo "Sort By: Priority</br>"; $query = sprintf("SELECT * FROM Question WHERE sid = %d AND answered = 0 ORDER BY numvotes DESC", $sid); } else { // No sorting specified // echo "Sort By: None</br>"; $query = sprintf("SELECT * FROM Question WHERE sid = %d AND answered = 0", $sid); } // Run the query and fetch the results $results = mysql_query($query, $db_conn); if (!$results) { die("Error: " . mysql_error($db_conn)); } while ($r = mysql_fetch_assoc($results)) { $qid = (int) $r["qid"]; $voted = hasVoted('Q', $qid, $uid, $db_conn); $feed[] = array('voted' => $voted, 'text' => $r["text"], 'answered' => $r["answered"], 'type' => 'Q', 'id' => $r["qid"]); } } elseif ($filter == "Unread") { // echo "Filter By: Unread</br>"; if ($sort == "Newest") { // Get results sorted by timestamp in descending order // echo "Sort By: Newest</br>"; $query = sprintf("SELECT * FROM Feedback WHERE sid = %d AND isread = 0 ORDER BY time DESC", $sid); } elseif ($sort == "Priority") { // Get results sorted by the number of votes in descending order // echo "Sort By: Priority</br>"; $query = sprintf("SELECT * FROM Feedback WHERE sid = %d AND isread = 0 ORDER BY numvotes DESC", $sid); } else { // No sorting specified // echo "Sort By: None</br>"; $query = sprintf("SELECT * FROM Feedback WHERE sid = %d AND isread = 0", $sid); } $results = mysql_query($query, $db_conn); if (!$results) { die("Error: " . mysql_error($db_conn)); } while ($r = mysql_fetch_assoc($results)) { $fid = (int) $r["fid"]; $voted = hasVoted('F', $fid, $uid, $db_conn); $feed[] = array('voted' => $voted, 'text' => $r["text"], 'isread' => $r["isread"], 'type' => 'F', 'id' => $r["fid"]); } } elseif ($filter == "Read") { // echo "Filter By: Read</br>"; if ($sort == "Newest") { // Get results sorted by timestamp in descending order // echo "Sort By: Newest</br>"; $query = sprintf("SELECT * FROM Feedback WHERE sid = %d AND isread = 1 ORDER BY time DESC", $sid); } elseif ($sort == "Priority") { // Get results sorted by the number of votes in descending order // echo "Sort By: Priority</br>"; $query = sprintf("SELECT * FROM Feedback WHERE sid = %d AND isread = 1 ORDER BY numvotes DESC", $sid); } else { // No sorting specified // echo "Sort By: None</br>"; $query = sprintf("SELECT * FROM Feedback WHERE sid = %d AND isread = 1", $sid); } // Run the query and fetch the results $results = mysql_query($query, $db_conn); if (!$results) { die("Error: " . mysql_error($db_conn)); } while ($r = mysql_fetch_assoc($results)) { $fid = (int) $r["fid"]; $voted = hasVoted('F', $fid, $uid, $db_conn); $feed[] = array('voted' => $voted, 'text' => $r["text"], 'isread' => $r["isread"], 'type' => 'F', 'id' => $r["fid"]); } } mysql_close($db_conn); return $feed; }
<?php session_start(); require_once 'includes/connect.php'; require_once 'includes/forceopen.php'; //Make sure you aren't trying to double vote if (hasVoted()) { header("Location: /thanks"); exit; } if ($_SESSION['confirmcheck'] !== "CONFIRMED") { die("<h1>eror</h1>"); } $totalvotes = $_SESSION['totalvotes']; for ($i = 0; $i < $totalvotes; $i += 1) { $vid = $_SESSION['ballotData'][$i]['vid']; $title = $_SESSION['ballotData'][$i]['title']; $viewCount = $_SESSION['ballotData'][$i]['viewCount']; $smallthumb = $_SESSION['ballotData'][$i]['smallthumb']; $bigthumb = $_SESSION['ballotData'][$i]['bigthumb']; $artist = $_SESSION['ballotData'][$i]['artist']; $artisturl = $_SESSION['ballotData'][$i]['artisturl']; $title = $con->escape_string($title); $artist = $con->escape_string($artist); $sql = "SELECT * from `votes` WHERE `vid`='" . $_SESSION['ballotData'][$i]['vid'] . "'"; $result = $con->query($sql); if ($result->num_rows < 1) { $sql = "INSERT INTO votes \t(`vid`, `name`, `tally`, `views`, `smallthumb`, `bigthumb`,\n\t\t\t\t\t\t\t\t\t\t `artist`, `artisturl`, `dAdded`, `dLastvoted`) " . "VALUES \t('{$vid}', '{$title}', 1, {$viewCount}, '{$smallthumb}', '{$bigthumb}',\n\t\t\t\t\t\t\t\t'{$artist}', '{$artisturl}', CURDATE(), CURDATE())"; $con->query($sql); } else { //Add 1 to the tally already recorded and update
function updateAnswers($pollid, $userid, $values) { global $db; if (!hasVoted($pollid, $userid)) { return false; } $useranswer = $db->selectOneRow('detailedpoll_user_answers', '`useranswerid`', '`userid`=' . (int) $userid . ' AND `detailedpollid`=' . (int) $pollid); $db->update('detailedpoll_user_answers', "`date`= " . time(), "`useranswerid`= " . $useranswer['useranswerid']); foreach ($values as $questionid => $value) { $db->update('detailedpoll_answers', "`value`=" . (int) $value, "`questionid`=" . (int) $questionid . " AND `useranswerid`=" . (int) $useranswer['useranswerid']); } return $useranswer['useranswerid']; }
$sendResult = updateAnswers($pollid, $login->currentUserId(), $_POST['values']); } else { $sendResult = saveAnswers($pollid, $login->currentUserId(), $_POST['values']); } if ($sendResult > 0) { $notify->add($lang->get('detailedpoll'), $lang->get('notify_send_successfull')); redirect(makeUrl('detailedpoll', array())); } else { $notify->add($lang->get('detailedpoll'), $lang->get('notify_send_unsuccessfull')); } } else { $notify->add($lang->get('detailedpoll'), $lang->get('notify_send_unsuccessfull_fields_missing')); $smarty->assign('values', $_POST['values']); } } if (hasVoted($pollid, $login->currentUserId())) { $smarty->assign('values', getMyAnswers($pollid, $login->currentUserId())); } $smarty->assign('sendAvailable', $poll['state'] == 1); $smarty->assign('resultAvailable', $poll['state'] >= 2); $smarty->assign('poll', $poll); if ($poll['state'] >= 2) { $questions = calculatePoll($pollid); $smarty->assign('result', getCalculatedPoll($questions)); } else { $questions = getQuestions($pollid); } $smarty->assign('questions', $questions); $colors = array(0 => '#aaa', 1 => '#bbb', 2 => '#ccc', 3 => '#ddd'); $smarty->assign('color', $colors); $smarty->assign('path', $template_dir . '/poll.tpl');
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title><?php echo BBSNAME; ?> </title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <link href="default.css" rel="stylesheet" type="text/css" /> </head> <body class="main"> <p><a href="voting_booth.php">back to voting booth</a> </p> <?php if (!hasVoted($_SESSION['id'], $req['id'])) { $row_topic = @mysql_fetch_assoc($sth_topic); ?> <form method="post" action="voting_tally.php" name="form1"> <h1><?php echo $row_topic['name']; ?> </h1> <?php while ($row_options = @mysql_fetch_assoc($sth_options)) { ?> <p> <label> <input type="radio" name="option" value="<?php echo $row_options['opt']; ?>
<?php require_once 'lib/utils.php'; session_start(); authenticate(); foreach ($_POST as $name => $value) { $req[$name] = trim(clean($value, 255)); } if (!isset($req['id']) or !isset($req['option']) or hasVoted($_SESSION['id'], $req['id'])) { header("Location: http://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . "/voting_vote.php?badvote=true" . "&id=" . $req['id']); exit; } $sql_tally = "INSERT INTO votes (user_id, topic_id, option_id) SELECT u.id AS user_id, \n\t\tvt.id AS topic_id, vo.id AS option_id FROM users u, voting_topics vt, voting_options vo\n\t\tWHERE u.alias = '" . $_SESSION['alias'] . "' AND vt.id = " . $req['id'] . " AND vo.opt \n\t\t= '" . $req['option'] . "'"; myLog('VOTE', $_SESSION['id'], $req['id']); if (@mysql_query($sql_tally)) { header("Location: http://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . "/voting_vote.php?id=" . $req['id']); exit; } else { header("Location: http://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . "/voting_vote.php?badvote=true" . "&id=" . $req['id']); exit; }