Location: PHPKode > projects > Enigma > Enigma2/Enigma2_Install/modules/Module_Polls.php
<?php
/*
*****************************************************************

 Mod_Polls.php
 
*****************************************************************
This file and all of Poll Blocks and Polls Management are a
direct derivitive of the SMF Polls code since this feature
is an extension of the existing SMF Polls features
*****************************************************************
LSP: Lunabyte Systems Portal
Open-Source Project Inspired by Zef Hemel (hide@address.com)
*****************************************************************
Software Version:             LSP 2.0 "Enigma 2"
Software by:                  Lunabyte Systems (http://www.lunabyte.net)
Copyright 2002-2005 by:       Lunabyte Systems (http://www.lunabyte.net)
Support, News, Updates at:    http://www.lunabyte.net
*****************************************************************
This program is free software; you may redistribute it and/or modify it 
under the terms of the provided license as published by Lunabyte Systems.

This program is distributed in the hope that it is and will be useful,
but WITHOUT ANY WARRANTIES; without even any implied warranty of           
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.                        

See the "LSP_license.txt" file for details of the LSP license.
The latest version can always be found at http://www.lunabyte.net.
*****************************************************************
*/
if (!defined('ENIGMA'))
	die('<b>Access Violation</b><br />Direct Access to this location is not allowed.');
else
	PollsHub();

/*	This file contains the functions for voting and locking polls.

	void Vote()
		- is called to register a vote in a poll.
		- must be called with an option specified and possible a topic.
		- uses the Post and Polls language files.
		- requires the poll_vote permission.
		- upon successful completion of action will direct user back to the page they were on.
		- is accessed via ?module=Polls;sa=vote.

	void LockVoting()
		- is called to lock or unlock voting on a poll.
		- must be called with a poll and/or topic specified from the poll form.
		- an admin always has over riding permission to lock a poll.
		- if not an admin must have poll_lock_any permission. (future?)
		- otherwise must be poll starter with poll_lock_own permission. (future?)
		- upon successful completion of action will direct user back to the page they were on.
		- is accessed via ?module=Polls;sa=lockVoting.

*/

function PollsHub()
{
	global $context, $txt;

	loadMLanguage('PollsManagement');

	$sa = !empty($_REQUEST['sa']) ? $_REQUEST['sa'] : NULL;

	$subActions = array(
		'vote',
		'lockVoting',
	);

	if (in_array($sa, $subActions))
		$sa();
	elseif (isset($subActions[$sa]))
		$subActions[$sa]();
	else // if there's no subaction, they don't have access
		fatal_lang_error('1');

	unset($subActions);
}

// Allow the user to vote.
function vote()
{
	global $txt, $db_prefix, $ID_MEMBER, $user_info;

	// Make sure we have something to vote on, if not just give a general permission error.
	if(empty($_REQUEST['poll']))
		fatal_lang_error('1');

	// Guests can never vote.
	if ($user_info['is_guest'])
		fatal_lang_error('cannot_poll_vote');

	loadLanguage('Post');

	// Check if they have already voted, or voting is locked.
	$request = db_query("
		SELECT IFNULL(lp.ID_CHOICE, -1) AS selected, p.votingLocked, p.ID_POLL, p.expireTime, p.maxVotes, p.changeVote,
			t.ID_TOPIC, t.ID_BOARD, b.ID_BOARD, b.memberGroups
		FROM ({$db_prefix}polls AS p)
			LEFT JOIN {$db_prefix}log_polls AS lp ON (p.ID_POLL = lp.ID_POLL AND lp.ID_MEMBER = $ID_MEMBER)
			LEFT JOIN {$db_prefix}topics AS t ON (t.ID_POLL = p.ID_POLL)
			LEFT JOIN {$db_prefix}boards AS b ON (b.ID_BOARD = t.ID_BOARD)
		WHERE p.ID_POLL = $_REQUEST[poll]
		LIMIT 1", __FILE__, __LINE__);
	if (mysql_num_rows($request) == 0)
		fatal_lang_error('smf27', false);
	$row = mysql_fetch_assoc($request);
	mysql_free_result($request);

	// we need to do some additional permissions checks to make sure they can vote on this poll
	// if the poll is attached to a message topic, make sure they can view the board and vote in that board
	if (!empty($bpollinfo['ID_TOPIC']))
	{
		$boardGroups = $bpollinfo['memberGroups'] == '' ? array() : explode(',', $bpollinfo['memberGroups']);
		if (count(array_intersect($user_info['groups'], $boardGroups)) == 0 && !$user_info['is_admin'])
			fatal_lang_error('cannot_poll_vote'); // they're not even allowed to view this board & topic, let alone vote on a poll

		isAllowedTo('poll_vote', $row['ID_BOARD']);
	}
	// is this poll just a block poll?  Can they vote on it?
	if (empty($bpollinfo['ID_TOPIC']))
		isAllowedTo('bpoll_view');

	// Is voting locked or has it expired?
	if (!empty($row['votingLocked']) || (!empty($row['expireTime']) && time() > $row['expireTime']))
		fatal_lang_error('smf27', false);

	// If they have already voted and aren't allowed to change their vote - hence they are outta here!
	if ($row['selected'] != -1 && empty($row['changeVote']))
		fatal_lang_error('smf27', false);
	// Otherwise if they can change their vote, remove their original vote.
	elseif (!empty($_POST['changevote']))
	{
		$pollOptions = array();

		// Find out what they voted for before.
		$request = db_query("
			SELECT ID_CHOICE
			FROM {$db_prefix}log_polls
			WHERE ID_MEMBER = $ID_MEMBER
				AND ID_POLL = $row[ID_POLL]", __FILE__, __LINE__);
		while ($choice = mysql_fetch_row($request))
			$pollOptions[] = $choice[0];
		mysql_free_result($request);

		// Just skip it if they had voted for nothing before.
		if (!empty($pollOptions))
		{
			// Update the poll totals.
			db_query("
				UPDATE {$db_prefix}poll_choices
				SET votes = votes - 1
				WHERE ID_POLL = $row[ID_POLL]
					AND ID_CHOICE IN (" . implode(', ', $pollOptions) . ")
					AND votes > 0
				LIMIT " . count($pollOptions), __FILE__, __LINE__);

			// Delete off the log.
			db_query("
				DELETE FROM {$db_prefix}log_polls
				WHERE ID_MEMBER = $ID_MEMBER
					AND ID_POLL = $row[ID_POLL]", __FILE__, __LINE__);
		}

	}

	// Make sure the option(s) are valid.
	if (empty($_POST['options']))
		fatal_lang_error('smf26', false);

	// Too many options checked!
	if (count($_REQUEST['options']) > $row['maxVotes'])
		fatal_error(sprintf($txt['poll_error1'], $row['maxVotes']), false);

	$pollOptions = array();
	$setString = '';
	foreach ($_REQUEST['options'] as $id)
	{
		$id = (int) $id;

		$pollOptions[] = $id;
		$setString .= "
				($row[ID_POLL], $ID_MEMBER, $id),";
	}
	$setString = substr($setString, 0, -1);

	// Add their vote to the tally.
	db_query("
		INSERT INTO {$db_prefix}log_polls
			(ID_POLL, ID_MEMBER, ID_CHOICE)
		VALUES $setString", __FILE__, __LINE__);
	db_query("
		UPDATE {$db_prefix}poll_choices
		SET votes = votes + 1
		WHERE ID_POLL = $row[ID_POLL]
			AND ID_CHOICE IN (" . implode(', ', $pollOptions) . ")
		LIMIT " . count($pollOptions), __FILE__, __LINE__);

	// Return back to the same page...
	redirectexit($_POST['qstr'], false);
}

// Lock the voting for a poll.
function lockVoting()
{
	global $db_prefix;

     // verify permissions
	isAllowedTo('bpoll_lock');

	// Lock!  *Poof* - no one can vote.
	db_query("
		UPDATE {$db_prefix}polls
		SET votingLocked = $_POST[status]
		WHERE ID_POLL = $_REQUEST[poll]
		LIMIT 1", __FILE__, __LINE__);

	// Return back to the previous page...
	redirectexit($_POST['qstr'], false);
}

?>
Return current item: Enigma