MyBB PHP Cross Reference Discussion Forums

Source: /polls.php - 1081 lines - 24615 bytes - Summary - Text - Print

Description: MyBB 1.6 Copyright 2010 MyBB Group, All Rights Reserved

   1  <?php
   2  /**
   3   * MyBB 1.6
   4   * Copyright 2010 MyBB Group, All Rights Reserved
   5   *
   6   * Website: http://mybb.com
   7   * License: http://mybb.com/about/license
   8   *
   9   * $Id$
  10   */
  11  
  12  define("IN_MYBB", 1);
  13  define('THIS_SCRIPT', 'polls.php');
  14  
  15  $templatelist = "changeuserbox,loginbox,polls_newpoll_option,polls_newpoll,polls_editpoll_option,polls_editpoll,polls_showresults_resultbit,polls_showresults";
  16  require_once  "./global.php";
  17  require_once  MYBB_ROOT."inc/functions_post.php";
  18  require_once  MYBB_ROOT."inc/class_parser.php";
  19  $parser = new postParser;
  20  
  21  // Load global language phrases
  22  $lang->load("polls");
  23  
  24  if($mybb->user['uid'] != 0)
  25  {
  26      eval("\$loginbox = \"".$templates->get("changeuserbox")."\";");
  27  }
  28  else
  29  {
  30      eval("\$loginbox = \"".$templates->get("loginbox")."\";");
  31  }
  32  
  33  if($mybb->input['preview'] || $mybb->input['updateoptions'])
  34  {
  35      if($mybb->input['action'] == "do_editpoll")
  36      {
  37          $mybb->input['action'] = "editpoll";
  38      }
  39      else
  40      {
  41          $mybb->input['action'] = "newpoll";
  42      }
  43  }
  44  if($mybb->input['action'] == "newpoll")
  45  {
  46      // Form for new poll
  47      $tid = intval($mybb->input['tid']);
  48  
  49      $plugins->run_hooks("polls_newpoll_start");
  50  
  51      $query = $db->simple_select("threads", "*", "tid='".intval($mybb->input['tid'])."'");
  52      $thread = $db->fetch_array($query);
  53      if(!$thread['tid'])
  54      {
  55          error($lang->error_invalidthread);
  56      }
  57  
  58      $fid = $thread['fid'];
  59      $forumpermissions = forum_permissions($fid);
  60  
  61      // Get forum info
  62      $forum = get_forum($fid);
  63      if(!$forum)
  64      {
  65          error($lang->error_invalidforum);
  66      }
  67      else
  68      {
  69          // Is our forum closed?
  70          if($forum['open'] == 0 && !is_moderator($fid, "caneditposts"))
  71          {
  72              // Doesn't look like it is
  73              error($lang->error_closedinvalidforum);
  74          }
  75      }
  76      // Make navigation
  77      build_forum_breadcrumb($fid);
  78      add_breadcrumb(htmlspecialchars_uni($thread['subject']), get_thread_link($thread['tid']));
  79      add_breadcrumb($lang->nav_postpoll);
  80  
  81      // No permission if: Not thread author; not moderator; no forum perms to view, post threads, post polls
  82      if(($thread['uid'] != $mybb->user['uid'] && !is_moderator($fid)) || ($forumpermissions['canview'] == 0 || $forumpermissions['canpostthreads'] == 0 || $forumpermissions['canpostpolls'] == 0))
  83      {
  84          error_no_permission();
  85      }
  86  
  87      if($thread['poll'])
  88      {
  89          error($lang->error_pollalready);
  90      }
  91  
  92      // Sanitize number of poll options
  93      if($mybb->input['numpolloptions'] > 0)
  94      {
  95          $mybb->input['polloptions'] = $mybb->input['numpolloptions'];
  96      }
  97      if($mybb->settings['maxpolloptions'] && $mybb->input['polloptions'] > $mybb->settings['maxpolloptions'])
  98      {    // Too big
  99          $polloptions = $mybb->settings['maxpolloptions'];
 100      }
 101      elseif($mybb->input['polloptions'] < 2)
 102      {    // Too small
 103          $polloptions = 2;
 104      }
 105      else
 106      {    // Just right
 107          $polloptions = intval($mybb->input['polloptions']);
 108      }
 109  
 110      $question = htmlspecialchars_uni($mybb->input['question']);
 111  
 112      $postoptions = $mybb->input['postoptions'];
 113      if($postoptions['multiple'] == 1)
 114      {
 115          $postoptionschecked['multiple'] = 'checked="checked"';
 116      }
 117      if($postoptions['public'] == 1)
 118      {
 119          $postoptionschecked['public'] = 'checked="checked"';
 120      }
 121  
 122      $options = $mybb->input['options'];
 123      $optionbits = '';
 124      for($i = 1; $i <= $polloptions; ++$i)
 125      {
 126          $option = $options[$i];
 127          $option = htmlspecialchars_uni($option);
 128          eval("\$optionbits .= \"".$templates->get("polls_newpoll_option")."\";");
 129          $option = "";
 130      }
 131  
 132      if($mybb->input['timeout'] > 0)
 133      {
 134          $timeout = intval($mybb->input['timeout']);
 135      }
 136      else
 137      {
 138          $timeout = 0;
 139      }
 140  
 141      $plugins->run_hooks("polls_newpoll_end");
 142  
 143      eval("\$newpoll = \"".$templates->get("polls_newpoll")."\";");
 144      output_page($newpoll);
 145  }
 146  if($mybb->input['action'] == "do_newpoll" && $mybb->request_method == "post")
 147  {
 148      // Verify incoming POST request
 149      verify_post_check($mybb->input['my_post_key']);
 150  
 151      $plugins->run_hooks("polls_do_newpoll_start");
 152  
 153      $query = $db->simple_select("threads", "*", "tid='".intval($mybb->input['tid'])."'");
 154      $thread = $db->fetch_array($query);
 155      if(!$thread['tid'])
 156      {
 157          error($lang->error_invalidthread);
 158      }
 159  
 160      $fid = $thread['fid'];
 161      $forumpermissions = forum_permissions($fid);
 162  
 163      // Get forum info
 164      $forum = get_forum($fid);
 165      if(!$forum)
 166      {
 167          error($lang->error_invalidforum);
 168      }
 169      else
 170      {
 171          // Is our forum closed?
 172          if($forum['open'] == 0 && !is_moderator($fid, "caneditposts"))
 173          {
 174              // Doesn't look like it is
 175              error($lang->error_closedinvalidforum);
 176          }
 177      }
 178  
 179      // No permission if: Not thread author; not moderator; no forum perms to view, post threads, post polls
 180      if(($thread['uid'] != $mybb->user['uid'] && !is_moderator($fid)) || ($forumpermissions['canview'] == 0 || $forumpermissions['canpostthreads'] == 0 || $forumpermissions['canpostpolls'] == 0))
 181      {
 182          error_no_permission();
 183      }
 184  
 185      if($thread['poll'])
 186      {
 187          error($lang->error_pollalready);
 188      }
 189  
 190      $polloptions = $mybb->input['polloptions'];
 191      if($mybb->settings['maxpolloptions'] && $polloptions > $mybb->settings['maxpolloptions'])
 192      {
 193          $polloptions = $mybb->settings['maxpolloptions'];
 194      }
 195  
 196      $postoptions = $mybb->input['postoptions'];
 197      if($postoptions['multiple'] != '1')
 198      {
 199          $postoptions['multiple'] = 0;
 200      }
 201  
 202      if($postoptions['public'] != '1')
 203      {
 204          $postoptions['public'] = 0;
 205      }
 206  
 207      if($polloptions < 2)
 208      {
 209          $polloptions = "2";
 210      }
 211      $optioncount = "0";
 212      $options = $mybb->input['options'];
 213  
 214      for($i = 1; $i <= $polloptions; ++$i)
 215      {
 216          if(trim($options[$i]) != "")
 217          {
 218              $optioncount++;
 219          }
 220  
 221          if(my_strlen($options[$i]) > $mybb->settings['polloptionlimit'] && $mybb->settings['polloptionlimit'] != 0)
 222          {
 223              $lengtherror = 1;
 224              break;
 225          }
 226      }
 227  
 228      if($lengtherror)
 229      {
 230          error($lang->error_polloptiontoolong);
 231      }
 232  
 233      if(empty($mybb->input['question']) || $optioncount < 2)
 234      {
 235          error($lang->error_noquestionoptions);
 236      }
 237  
 238      $optionslist = '';
 239      $voteslist = '';
 240      for($i = 1; $i <= $polloptions; ++$i)
 241      {
 242          if(trim($options[$i]) != '')
 243          {
 244              if($optionslist != '')
 245              {
 246                  $optionslist .= '||~|~||';
 247                  $voteslist .= '||~|~||';
 248              }
 249              $optionslist .= trim($options[$i]);
 250              $voteslist .= '0';
 251          }
 252      }
 253  
 254      if($mybb->input['timeout'] > 0)
 255      {
 256          $timeout = intval($mybb->input['timeout']);
 257      }
 258      else
 259      {
 260          $timeout = 0;
 261      }
 262  
 263      $newpoll = array(
 264          "tid" => $thread['tid'],
 265          "question" => $db->escape_string($mybb->input['question']),
 266          "dateline" => TIME_NOW,
 267          "options" => $db->escape_string($optionslist),
 268          "votes" => $db->escape_string($voteslist),
 269          "numoptions" => intval($optioncount),
 270          "numvotes" => 0,
 271          "timeout" => $timeout,
 272          "closed" => 0,
 273          "multiple" => $postoptions['multiple'],
 274          "public" => $postoptions['public']
 275      );
 276  
 277      $plugins->run_hooks("polls_do_newpoll_process");
 278  
 279      $pid = $db->insert_query("polls", $newpoll);
 280  
 281      $db->update_query("threads", array('poll' => $pid), "tid='".$thread['tid']."'");
 282  
 283      $plugins->run_hooks("polls_do_newpoll_end");
 284  
 285      if($thread['visible'] == 1)
 286      {
 287          redirect(get_thread_link($thread['tid']), $lang->redirect_pollposted);
 288      }
 289      else
 290      {
 291          redirect(get_forum_link($thread['fid']), $lang->redirect_pollpostedmoderated);
 292      }
 293  }
 294  
 295  if($mybb->input['action'] == "editpoll")
 296  {
 297      $pid = intval($mybb->input['pid']);
 298  
 299      $plugins->run_hooks("polls_editpoll_start");
 300  
 301      $query = $db->simple_select("polls", "*", "pid='$pid'");
 302      $poll = $db->fetch_array($query);
 303  
 304      if(!$poll['pid'])
 305      {
 306          error($lang->error_invalidpoll);
 307      }
 308  
 309      $query = $db->simple_select("threads", "*", "poll='$pid'");
 310      $thread = $db->fetch_array($query);
 311      $tid = $thread['tid'];
 312      if(!$tid)
 313      {
 314          error($lang->error_invalidthread);
 315      }
 316  
 317      $fid = $thread['fid'];
 318  
 319      // Make navigation
 320      build_forum_breadcrumb($fid);
 321      add_breadcrumb(htmlspecialchars_uni($thread['subject']), get_thread_link($thread['tid']));
 322      add_breadcrumb($lang->nav_editpoll);
 323  
 324      $forumpermissions = forum_permissions($fid);
 325  
 326      // Get forum info
 327      $forum = get_forum($fid);
 328      if(!$forum)
 329      {
 330          error($lang->error_invalidforum);
 331      }
 332      else
 333      {
 334          // Is our forum closed?
 335          if($forum['open'] == 0 && !is_moderator($fid, "caneditposts"))
 336          {
 337              // Doesn't look like it is
 338              error($lang->error_closedinvalidforum);
 339          }
 340      }
 341  
 342      if(!is_moderator($fid, "caneditposts"))
 343      {
 344          error_no_permission();
 345      }
 346  
 347      $polldate = my_date($mybb->settings['dateformat'], $poll['dateline']);
 348      if(!$mybb->input['preview'] && !$mybb->input['updateoptions'])
 349      {
 350          if($poll['closed'] == 1)
 351          {
 352              $postoptionschecked['closed'] = 'checked="checked"';
 353          }
 354  
 355          if($poll['multiple'] == 1)
 356          {
 357              $postoptionschecked['multiple'] = 'checked="checked"';
 358          }
 359  
 360          if($poll['public'] == 1)
 361          {
 362              $postoptionschecked['public'] = 'checked="checked"';
 363          }
 364  
 365          $optionsarray = explode("||~|~||", $poll['options']);
 366          $votesarray = explode("||~|~||", $poll['votes']);
 367  
 368  
 369          for($i = 1; $i <= $poll['numoptions']; ++$i)
 370          {
 371              $poll['totvotes'] = $poll['totvotes'] + $votesarray[$i-1];
 372          }
 373  
 374          $question = htmlspecialchars_uni($poll['question']);
 375          $numoptions = $poll['numoptions'];
 376          $optionbits = "";
 377          for($i = 0; $i < $numoptions; ++$i)
 378          {
 379              $counter = $i + 1;
 380              $option = $optionsarray[$i];
 381              $option = htmlspecialchars_uni($option);
 382              $optionvotes = intval($votesarray[$i]);
 383  
 384              if(!$optionvotes)
 385              {
 386                  $optionvotes = 0;
 387              }
 388  
 389              eval("\$optionbits .= \"".$templates->get("polls_editpoll_option")."\";");
 390              $option = "";
 391              $optionvotes = "";
 392          }
 393  
 394          if(!$poll['timeout'])
 395          {
 396              $timeout = 0;
 397          }
 398          else
 399          {
 400              $timeout = $poll['timeout'];
 401          }
 402      }
 403      else
 404      {
 405          if($mybb->settings['maxpolloptions'] && $mybb->input['numoptions'] > $mybb->settings['maxpolloptions'])
 406          {
 407              $numoptions = $mybb->settings['maxpolloptions'];
 408          }
 409          elseif($mybb->input['numoptions'] < 2)
 410          {
 411              $numoptions = "2";
 412          }
 413          else
 414          {
 415              $numoptions = $mybb->input['numoptions'];
 416          }
 417          $question = htmlspecialchars_uni($mybb->input['question']);
 418  
 419          $postoptions = $mybb->input['postoptions'];
 420          if($postoptions['multiple'] == 1)
 421          {
 422              $postoptionschecked['multiple'] = 'checked="checked"';
 423          }
 424  
 425          if($postoptions['public'] == 1)
 426          {
 427              $postoptionschecked['public'] = 'checked="checked"';
 428          }
 429  
 430          if($postoptions['closed'] == 1)
 431          {
 432              $postoptionschecked['closed'] = 'checked="checked"';
 433          }
 434  
 435          $options = $mybb->input['options'];
 436          $votes = $mybb->input['votes'];
 437          $optionbits = '';
 438          for($i = 1; $i <= $numoptions; ++$i)
 439          {
 440              $counter = $i;
 441              $option = $options[$i];
 442              $option = htmlspecialchars_uni($option);
 443              $optionvotes = $votes[$i];
 444  
 445              if(!$optionvotes)
 446              {
 447                  $optionvotes = 0;
 448              }
 449  
 450              eval("\$optionbits .= \"".$templates->get("polls_editpoll_option")."\";");
 451              $option = "";
 452          }
 453  
 454          if($mybb->input['timeout'] > 0)
 455          {
 456              $timeout = $mybb->input['timeout'];
 457          }
 458          else
 459          {
 460              $timeout = 0;
 461          }
 462      }
 463  
 464      $plugins->run_hooks("polls_editpoll_end");
 465  
 466      eval("\$editpoll = \"".$templates->get("polls_editpoll")."\";");
 467      output_page($editpoll);
 468  }
 469  
 470  if($mybb->input['action'] == "do_editpoll" && $mybb->request_method == "post")
 471  {
 472      // Verify incoming POST request
 473      verify_post_check($mybb->input['my_post_key']);
 474  
 475      $plugins->run_hooks("polls_do_editpoll_start");
 476  
 477      $query = $db->simple_select("polls", "*", "pid='".intval($mybb->input['pid'])."'");
 478      $poll = $db->fetch_array($query);
 479  
 480      if(!$poll['pid'])
 481      {
 482          error($lang->error_invalidpoll);
 483      }
 484  
 485      $query = $db->simple_select("threads", "*", "poll='".intval($mybb->input['pid'])."'");
 486      $thread = $db->fetch_array($query);
 487      if(!$thread['tid'])
 488      {
 489          error($lang->error_invalidthread);
 490      }
 491  
 492      $forumpermissions = forum_permissions($thread['fid']);
 493  
 494      // Get forum info
 495      $forum = get_forum($thread['fid']);
 496      if(!$forum)
 497      {
 498          error($lang->error_invalidforum);
 499      }
 500      else
 501      {
 502          // Is our forum closed?
 503          if($forum['open'] == 0 && !is_moderator($fid, "caneditposts"))
 504          {
 505              // Doesn't look like it is
 506              error($lang->error_closedinvalidforum);
 507          }
 508      }
 509  
 510      if(!is_moderator($thread['fid'], "caneditposts"))
 511      {
 512          error_no_permission();
 513      }
 514  
 515      if($mybb->settings['maxpolloptions'] && $mybb->input['numoptions'] > $mybb->settings['maxpolloptions'])
 516      {
 517          $numoptions = $mybb->settings['maxpolloptions'];
 518      }
 519      elseif(!$mybb->input['numoptions'])
 520      {
 521          $numoptions = 2;
 522      }
 523      else
 524      {
 525          $numoptions = $mybb->input['numoptions'];
 526      }
 527  
 528      $postoptions = $mybb->input['postoptions'];
 529      if($postoptions['multiple'] != '1')
 530      {
 531          $postoptions['multiple'] = 0;
 532      }
 533  
 534      if($postoptions['public'] != '1')
 535      {
 536          $postoptions['public'] = 0;
 537      }
 538  
 539      if($postoptions['closed'] != '1')
 540      {
 541          $postoptions['closed'] = 0;
 542      }
 543      $optioncount = "0";
 544      $options = $mybb->input['options'];
 545  
 546      for($i = 1; $i <= $numoptions; ++$i)
 547      {
 548          if(trim($options[$i]) != '')
 549          {
 550              $optioncount++;
 551          }
 552  
 553          if(my_strlen($options[$i]) > $mybb->settings['polloptionlimit'] && $mybb->settings['polloptionlimit'] != 0)
 554          {
 555              $lengtherror = 1;
 556              break;
 557          }
 558      }
 559  
 560      if($lengtherror)
 561      {
 562          error($lang->error_polloptiontoolong);
 563      }
 564  
 565      if(trim($mybb->input['question']) == '' || $optioncount < 2)
 566      {
 567          error($lang->error_noquestionoptions);
 568      }
 569  
 570      $optionslist = '';
 571      $voteslist = '';
 572      $numvotes = '';
 573      $votes = $mybb->input['votes'];
 574      for($i = 1; $i <= $numoptions; ++$i)
 575      {
 576          if(trim($options[$i]) != '')
 577          {
 578              if($optionslist != '')
 579              {
 580                  $optionslist .= "||~|~||";
 581                  $voteslist .= "||~|~||";
 582              }
 583  
 584              $optionslist .= trim($options[$i]);
 585              if(intval($votes[$i]) <= 0)
 586              {
 587                  $votes[$i] = "0";
 588              }
 589              $voteslist .= $votes[$i];
 590              $numvotes = $numvotes + $votes[$i];
 591          }
 592      }
 593  
 594      if($mybb->input['timeout'] > 0)
 595      {
 596          $timeout = intval($mybb->input['timeout']);
 597      }
 598      else
 599      {
 600          $timeout = 0;
 601      }
 602  
 603      $updatedpoll = array(
 604          "question" => $db->escape_string($mybb->input['question']),
 605          "options" => $db->escape_string($optionslist),
 606          "votes" => $db->escape_string($voteslist),
 607          "numoptions" => intval($optioncount),
 608          "numvotes" => $numvotes,
 609          "timeout" => $timeout,
 610          "closed" => $postoptions['closed'],
 611          "multiple" => $postoptions['multiple'],
 612          "public" => $postoptions['public']
 613      );
 614  
 615      $plugins->run_hooks("polls_do_editpoll_process");
 616  
 617      $db->update_query("polls", $updatedpoll, "pid='".intval($mybb->input['pid'])."'");
 618  
 619      $plugins->run_hooks("polls_do_editpoll_end");
 620  
 621      $modlogdata['fid'] = $thread['fid'];
 622      $modlogdata['tid'] = $thread['tid'];
 623      log_moderator_action($modlogdata, $lang->poll_edited);
 624  
 625      redirect(get_thread_link($thread['tid']), $lang->redirect_pollupdated);
 626  }
 627  
 628  if($mybb->input['action'] == "showresults")
 629  {
 630      $query = $db->simple_select("polls", "*", "pid='".intval($mybb->input['pid'])."'");
 631      $poll = $db->fetch_array($query);
 632  
 633      if(!$poll['pid'])
 634      {
 635          error($lang->error_invalidpoll);
 636      }
 637  
 638      $tid = $poll['tid'];
 639      $query = $db->simple_select("threads", "*", "tid='$tid'");
 640      $thread = $db->fetch_array($query);
 641      if(!$thread['tid'])
 642      {
 643          error($lang->error_invalidthread);
 644      }
 645  
 646      $fid = $thread['fid'];
 647  
 648      // Get forum info
 649      $forum = get_forum($fid);
 650      if(!$forum)
 651      {
 652          error($lang->error_invalidforum);
 653      }
 654  
 655      $forumpermissions = forum_permissions($forum['fid']);
 656  
 657      $plugins->run_hooks("polls_showresults_start");
 658  
 659      if($forumpermissions['canviewthreads'] == 0 || $forumpermissions['canview'] == 0 || ($forumpermissions['canonlyviewownthreads'] != 0 && $thread['uid'] != $mybb->user['uid']))
 660      {
 661          error_no_permission();
 662      }
 663  
 664      // Make navigation
 665      build_forum_breadcrumb($fid);
 666      add_breadcrumb(htmlspecialchars_uni($thread['subject']), get_thread_link($thread['tid']));
 667      add_breadcrumb($lang->nav_pollresults);
 668  
 669      $voters = array();
 670  
 671      // Calculate votes
 672      $query = $db->query("
 673          SELECT v.*, u.username
 674          FROM ".TABLE_PREFIX."pollvotes v
 675          LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=v.uid)
 676          WHERE v.pid='{$poll['pid']}'
 677          ORDER BY u.username
 678      ");
 679      while($voter = $db->fetch_array($query))
 680      {
 681          // Mark for current user's vote
 682          if($mybb->user['uid'] == $voter['uid'] && $mybb->user['uid'])
 683          {
 684              $votedfor[$voter['voteoption']] = 1;
 685          }
 686  
 687          // Count number of guests and users without a username (assumes they've been deleted)
 688          if($voter['uid'] == 0 || $voter['username'] == '')
 689          {
 690              // Add one to the number of voters for guests
 691              ++$guest_voters[$voter['voteoption']];
 692          }
 693          else
 694          {
 695              $voters[$voter['voteoption']][$voter['uid']] = $voter['username'];
 696          }
 697      }
 698  
 699      $optionsarray = explode("||~|~||", $poll['options']);
 700      $votesarray = explode("||~|~||", $poll['votes']);
 701      for($i = 1; $i <= $poll['numoptions']; ++$i)
 702      {
 703          $poll['totvotes'] = $poll['totvotes'] + $votesarray[$i-1];
 704      }
 705  
 706      $polloptions = '';
 707      for($i = 1; $i <= $poll['numoptions']; ++$i)
 708      {
 709          $parser_options = array(
 710              "allow_html" => $forum['allowhtml'],
 711              "allow_mycode" => $forum['allowmycode'],
 712              "allow_smilies" => $forum['allowsmilies'],
 713              "allow_imgcode" => $forum['allowimgcode'],
 714              "allow_videocode" => $forum['allowvideocode'],
 715              "filter_badwords" => 1
 716          );
 717          $option = $parser->parse_message($optionsarray[$i-1], $parser_options);
 718  
 719          $votes = $votesarray[$i-1];
 720          $number = $i;
 721          // Make the mark for current user's voted option
 722          if($votedfor[$number])
 723          {
 724              $optionbg = 'trow2';
 725              $votestar = '*';
 726          }
 727          else
 728          {
 729              $optionbg = 'trow1';
 730              $votestar = '';
 731          }
 732  
 733          if($votes == '0')
 734          {
 735              $percent = '0';
 736          }
 737          else
 738          {
 739              $percent = number_format($votes / $poll['totvotes'] * 100, 2);
 740          }
 741  
 742          $imagewidth = round($percent/3) * 5;
 743          $comma = '';
 744          $guest_comma = '';
 745          $userlist = '';
 746          $guest_count = 0;
 747          if($poll['public'] == 1 || is_moderator($fid))
 748          {
 749              if(is_array($voters[$number]))
 750              {
 751                  foreach($voters[$number] as $uid => $username)
 752                  {
 753                      $userlist .= $comma.build_profile_link($username, $uid);
 754                      $comma = $guest_comma = $lang->comma;
 755                  }
 756              }
 757  
 758              if($guest_voters[$number] > 0)
 759              {
 760                  if($guest_voters[$number] == 1)
 761                  {
 762                      $userlist .= $guest_comma.$lang->guest_count;
 763                  }
 764                  else
 765                  {
 766                      $userlist .= $guest_comma.$lang->sprintf($lang->guest_count_multiple, $guest_voters[$number]);
 767                  }
 768              }
 769          }
 770          eval("\$polloptions .= \"".$templates->get("polls_showresults_resultbit")."\";");
 771      }
 772  
 773      if($poll['totvotes'])
 774      {
 775          $totpercent = '100%';
 776      }
 777      else
 778      {
 779          $totpercent = '0%';
 780      }
 781  
 782      $plugins->run_hooks("polls_showresults_end");
 783  
 784      $poll['question'] = htmlspecialchars_uni($poll['question']);
 785      eval("\$showresults = \"".$templates->get("polls_showresults")."\";");
 786      output_page($showresults);
 787  }
 788  if($mybb->input['action'] == "vote" && $mybb->request_method == "post")
 789  {
 790      // Verify incoming POST request
 791      verify_post_check($mybb->input['my_post_key']);
 792  
 793      $query = $db->simple_select("polls", "*", "pid='".intval($mybb->input['pid'])."'");
 794      $poll = $db->fetch_array($query);
 795      $poll['timeout'] = $poll['timeout']*60*60*24;
 796  
 797      $plugins->run_hooks("polls_vote_start");
 798  
 799      if(!$poll['pid'])
 800      {
 801          error($lang->error_invalidpoll);
 802      }
 803  
 804      $query = $db->simple_select("threads", "*", "poll='".$poll['pid']."'");
 805      $thread = $db->fetch_array($query);
 806  
 807      if(!$thread['tid'] || $thread['visible'] == 0)
 808      {
 809          error($lang->error_invalidthread);
 810      }
 811  
 812      $fid = $thread['fid'];
 813      $forumpermissions = forum_permissions($fid);
 814      if($forumpermissions['canvotepolls'] == 0)
 815      {
 816          error_no_permission();
 817      }
 818  
 819      // Get forum info
 820      $forum = get_forum($fid);
 821      if(!$forum)
 822      {
 823          error($lang->error_invalidforum);
 824      }
 825      else
 826      {
 827          // Is our forum closed?
 828          if ($forum['open'] == 0)
 829          {
 830              // Doesn't look like it is
 831              error($lang->error_closedinvalidforum);
 832          }
 833      }
 834  
 835      $expiretime = $poll['dateline'] + $poll['timeout'];
 836      $now = TIME_NOW;
 837      if($poll['closed'] == 1 || $thread['closed'] == 1 || ($expiretime < $now && $poll['timeout']))
 838      {
 839          error($lang->error_pollclosed);
 840      }
 841  
 842      if(!isset($mybb->input['option']))
 843      {
 844          error($lang->error_nopolloptions);
 845      }
 846  
 847      // Check if the user has voted before...
 848      if($mybb->user['uid'])
 849      {
 850          $query = $db->simple_select("pollvotes", "*", "uid='".$mybb->user['uid']."' AND pid='".$poll['pid']."'");
 851          $votecheck = $db->fetch_array($query);
 852      }
 853  
 854      if($votecheck['vid'] || (isset($mybb->cookies['pollvotes'][$poll['pid']]) && $mybb->cookies['pollvotes'][$poll['pid']] !== ""))
 855      {
 856          error($lang->error_alreadyvoted);
 857      }
 858      elseif(!$mybb->user['uid'])
 859      {
 860          // Give a cookie to guests to inhibit revotes
 861          if(is_array($mybb->input['option']))
 862          {
 863              // We have multiple options here...
 864              $votes_cookie = implode(',', array_keys($mybb->input['option']));
 865          }
 866          else
 867          {
 868              $votes_cookie = $mybb->input['option'];
 869          }
 870  
 871          my_setcookie("pollvotes[{$poll['pid']}]", $votes_cookie);
 872      }
 873  
 874      $votesql = '';
 875      $now = TIME_NOW;
 876      $votesarray = explode("||~|~||", $poll['votes']);
 877      $option = $mybb->input['option'];
 878      $numvotes = (int)$poll['numvotes'];
 879      if($poll['multiple'] == 1)
 880      {
 881          if(is_array($option))
 882          {
 883              foreach($option as $voteoption => $vote)
 884              {
 885                  if($vote == 1 && isset($votesarray[$voteoption-1]))
 886                  {
 887                      if($votesql)
 888                      {
 889                          $votesql .= ",";
 890                      }
 891                      $votesql .= "('".$poll['pid']."','".$mybb->user['uid']."','".$db->escape_string($voteoption)."','$now')";
 892                      $votesarray[$voteoption-1]++;
 893                      $numvotes = $numvotes+1;
 894                  }
 895              }
 896          }
 897      }
 898      else
 899      {
 900          if(is_array($option) || !isset($votesarray[$option-1]))
 901          {
 902              error($lang->error_nopolloptions);
 903          }
 904          $votesql = "('".$poll['pid']."','".$mybb->user['uid']."','".$db->escape_string($option)."','$now')";
 905          $votesarray[$option-1]++;
 906          $numvotes = $numvotes+1;
 907      }
 908  
 909      if(!$votesql)
 910      {
 911          error($lang->error_nopolloptions);
 912      }
 913  
 914      $db->write_query("
 915          INSERT INTO
 916          ".TABLE_PREFIX."pollvotes (pid,uid,voteoption,dateline)
 917          VALUES $votesql
 918      ");
 919      $voteslist = '';
 920      for($i = 1; $i <= $poll['numoptions']; ++$i)
 921      {
 922          if($i > 1)
 923          {
 924              $voteslist .= "||~|~||";
 925          }
 926          $voteslist .= $votesarray[$i-1];
 927      }
 928      $updatedpoll = array(
 929          "votes" => $db->escape_string($voteslist),
 930          "numvotes" => intval($numvotes),
 931      );
 932  
 933      $plugins->run_hooks("polls_vote_process");
 934  
 935      $db->update_query("polls", $updatedpoll, "pid='".$poll['pid']."'");
 936  
 937      $plugins->run_hooks("polls_vote_end");
 938  
 939      redirect(get_thread_link($poll['tid']), $lang->redirect_votethanks);
 940  }
 941  
 942  if($mybb->input['action'] == "do_undovote")
 943  {
 944      verify_post_check($mybb->input['my_post_key']);
 945  
 946      $plugins->run_hooks("polls_do_undovote_start");
 947      if($mybb->usergroup['canundovotes'] != 1)
 948      {
 949          error_no_permission();
 950      }
 951  
 952      $query = $db->simple_select("polls", "*", "pid='".intval($mybb->input['pid'])."'");
 953      $poll = $db->fetch_array($query);
 954      $poll['numvotes'] = (int)$poll['numvotes'];
 955  
 956      if(!$poll['pid'])
 957      {
 958          error($lang->error_invalidpoll);
 959      }
 960  
 961      // We do not have $forum_cache available here since no forums permissions are checked in undo vote
 962      // Get thread ID and then get forum info
 963      $query = $db->simple_select("threads", "*", "tid='".intval($poll['tid'])."'");
 964      $thread = $db->fetch_array($query);
 965      if(!$thread['tid'] || $thread['visible'] == 0)
 966      {
 967          error($lang->error_invalidthread);
 968      }
 969  
 970      $fid = $thread['fid'];
 971  
 972      // Get forum info
 973      $forum = get_forum($fid);
 974      if(!$forum)
 975      {
 976          error($lang->error_invalidforum);
 977      }
 978      else
 979      {
 980          // Is our forum closed?
 981          if ($forum['open'] == 0)
 982          {
 983              // Doesn't look like it is
 984              error($lang->error_closedinvalidforum);
 985          }
 986      }
 987  
 988      $poll['timeout'] = $poll['timeout']*60*60*24;
 989  
 990  
 991      $expiretime = $poll['dateline'] + $poll['timeout'];
 992      if($poll['closed'] == 1 || $thread['closed'] == 1 || ($expiretime < TIME_NOW && $poll['timeout']))
 993      {
 994          error($lang->error_pollclosed);
 995      }
 996  
 997      // Check if the user has voted before...
 998      $vote_options = array();
 999      if($mybb->user['uid'])
1000      {
1001          $query = $db->simple_select("pollvotes", "vid,voteoption", "uid='".$mybb->user['uid']."' AND pid='".$poll['pid']."'");
1002          while($voteoption = $db->fetch_array($query))
1003          {
1004              $vote_options[$voteoption['vid']] = $voteoption['voteoption'];
1005          }
1006      }
1007      else
1008      {
1009          // for Guests, we simply see if they've got the cookie
1010          $vote_options = explode(',', $mybb->cookies['pollvotes'][$poll['pid']]);
1011      }
1012      $votecheck = !empty($vote_options);
1013  
1014      if(!$votecheck)
1015      {
1016          error($lang->error_notvoted);
1017      }
1018      else if(!$mybb->user['uid'])
1019      {
1020          // clear cookie for Guests
1021          my_setcookie("pollvotes[{$poll['pid']}]", "");
1022      }
1023  
1024      // Note, this is not thread safe!
1025      $votesarray = explode("||~|~||", $poll['votes']);
1026      if(count($votesarray) > $poll['numoptions'])
1027      {
1028          $votesarray = array_slice(0, $poll['numoptions']);
1029      }
1030  
1031      if($poll['multiple'] == 1)
1032      {
1033          foreach($vote_options as $vote)
1034          {
1035              if(isset($votesarray[$vote-1]))
1036              {
1037                  --$votesarray[$vote-1];
1038                  --$poll['numvotes'];
1039              }
1040          }
1041      }
1042      else
1043      {
1044          $voteoption = reset($vote_options);
1045          if(isset($votesarray[$voteoption-1]))
1046          {
1047              --$votesarray[$voteoption-1];
1048              --$poll['numvotes'];
1049          }
1050      }
1051  
1052      // check if anything < 0 - possible if Guest vote undoing is allowed (generally Guest unvoting should be disabled >_>)
1053      if($poll['numvotes'] < 0)
1054      {
1055          $poll['numvotes'] = 0;
1056      }
1057  
1058      foreach($votesarray as $i => $votes)
1059      {
1060          if($votes < 0)
1061          {
1062              $votesarray[$i] = 0;
1063          }
1064      }
1065  
1066      $voteslist = implode("||~|~||", $votesarray);
1067      $updatedpoll = array(
1068          "votes" => $db->escape_string($voteslist),
1069          "numvotes" => intval($poll['numvotes']),
1070      );
1071  
1072      $plugins->run_hooks("polls_do_undovote_process");
1073  
1074      $db->delete_query("pollvotes", "uid='".$mybb->user['uid']."' AND pid='".$poll['pid']."'");
1075      $db->update_query("polls", $updatedpoll, "pid='".$poll['pid']."'");
1076  
1077      $plugins->run_hooks("polls_do_undovote_end");
1078  
1079      redirect(get_thread_link($poll['tid']), $lang->redirect_unvoted);
1080  }
1081  ?>

title

Description

title

Description

title

Description

title

title

Body