Location: PHPKode > projects > Gnew > Gnew-2013.1/admin/polls.php
<?php
// -----------------------------------------------------------------------------
// $Id: polls.php 682 2013-03-28 14:17:41Z raoul $
//
// Copyright (C) 2013 Raoul Proença
// License: GNU GPL version 3 (see copying.txt file)
// Website: http://www.gnew.fr/
// -----------------------------------------------------------------------------
// This program is free software: you can redistribute it and/or modify it under
// the terms of the GNU General Public License as published by the Free Software
// Foundation, either version 3 of the License, or (at your option) any later
// version.
//
// This program is distributed in the hope that it will be useful, but WITHOUT
// ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
// FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
// details.
//
// You should have received a copy of the GNU General Public License along with
// this program. If not, see <http://www.gnu.org/licenses/>.
// -----------------------------------------------------------------------------

include('./../includes/common.php');

page_header($lang['ADMIN_POLLS']);

// Moderator?
if ($users['user_level'] > 1)
{
    // Add?
    if (isset($_POST['add_poll']))
    {
        $error = '';
        if (!trim($_POST['question_text']))
        {
            $error .= $lang['ERROR_NO_QUESTION'];
        }
        if (!trim($_POST['answer_text']))
        {
            $error .= $lang['ERROR_NO_ANSWER'];
        }
        if ($error)
        {
            error_template($error);
        }
        else
        {
            if ($settings['allow_html'])
            {
                $question_comment = do_html($_POST['question_comment']);
            }
            else
            {
                $question_comment = utf8_entities($_POST['question_comment']);
            }
            $question_comment = make_clickable($question_comment);
            $question_comment = do_bbcodes($question_comment);
            if ($settings['allow_emoticons'])
            {
                $question_comment = do_emoticons($question_comment);
            }
            $sql->query('INSERT INTO ' . TABLE_QUESTIONS . ' (user_id, question_comment, question_text, question_creation)
                         VALUES (\'' . $_SESSION['user_id'] . '\', \'' . $question_comment . '\', \'' . utf8_entities($_POST['question_text']) . '\', \'' . time() . '\')');
            $question_id = $sql->insert_id();
            $answer_text = preg_split('`\r?\n`', $_POST['answer_text']);
            $num_answers = count($answer_text);
            for ($i = 0; $i < $num_answers; $i++)
            {
                $sql->query('INSERT INTO ' . TABLE_ANSWERS . ' (question_id, answer_text)
                             VALUES (\'' . $question_id . '\', \'' . utf8_entities($answer_text[$i]) . '\')');
            }
            $sql->query('UPDATE ' . TABLE_QUESTIONS . '
                         SET question_answers = \'' . $num_answers . '\'
                         WHERE question_id = \'' . $question_id . '\'');
            $sql->query('UPDATE ' . TABLE_USERS . '
                         SET user_polls = user_polls + 1
                         WHERE user_id = \'' . $_SESSION['user_id'] . '\'');
            make_polls_feed();
            $GLOBALS['cache']->clean(TABLE_ANSWERS);
            $GLOBALS['cache']->clean(TABLE_QUESTIONS);
            $GLOBALS['cache']->clean(TABLE_USERS);
            success_template($lang['POLL_ADDED'], './../admin/polls.php?action=view_polls');
        }
    }
    // Polls list
    elseif (isset($_GET['action']) && $_GET['action'] == 'view_polls')
    {
        // Query string - ?action=view_polls&sort=&order=&page=&list=
        if (!empty($_GET['sort']) && preg_match('`^(question_id|question_text)$`', $_GET['sort']))
        {
            $query = 'sort=' . $_GET['sort'];
        }
        if (!empty($_GET['order']) && preg_match('`^(ASC|DESC)$`', $_GET['order']))
        {
            if (!empty($_GET['sort']) && preg_match('`^(question_id|question_text)$`', $_GET['sort']))
            {
                $query .= '&amp;order=' . $_GET['order'];
            }
        }
        if ((empty($_GET['sort']) || !preg_match('`^(question_id|question_text)$`', $_GET['sort'])) || (empty($_GET['order']) || !preg_match('`^(ASC|DESC)$`', $_GET['order'])))
        {
            $clause = '';
            $query = '';
        }
        else
        {
            $clause = 'ORDER BY ' . $_GET['sort'] . ' ' . $_GET['order'];
            $query .= '&amp;';
        }

        // Create pages list
        if (empty($_GET['page']) || !string_is_int($_GET['page']))
        {
            $_GET['page'] = 1;
        }
        $polls_offset = ($_GET['page'] - 1) * $settings['questions_per_page'];
        $sql->query('SELECT question_id
                     FROM ' . TABLE_QUESTIONS);
        $num_polls = $sql->num_rows();
        $num_pages = ceil($num_polls / $settings['questions_per_page']);
        $pages_list = get_pages_list('./../admin/polls.php?action=view_polls&amp;' . $query, $num_pages);

        $template->set_file('admin', 'admin/polls/view.htpl');
        $template->set_block('admin', 'QUESTIONS_BLOCK', 'questions');
        $sql->query('SELECT question_answers, question_id, question_text
                     FROM ' . TABLE_QUESTIONS . '
                     ' . $clause . '
                     LIMIT ' . $settings['questions_per_page'] . ' OFFSET ' . $polls_offset);
        while ($table_questions = $sql->fetch())
        {
            $template->set_var(array('QUESTION_ANSWERS' => $table_questions['question_answers'],
                                     'QUESTION_ID' => $table_questions['question_id'],
                                     'QUESTION_TEXT' => $table_questions['question_text']));
            $template->parse('QUESTIONS_BLOCK', 'questions', true);
        }
        $template->set_var('PAGES', sprintf($lang['PAGES'], $pages_list));
        $template->parse('admin');
    }
    // Edit form
    elseif (isset($_GET['action']) && $_GET['action'] == 'edit_poll')
    {
        if (!empty($_GET['question_id']) && string_is_int($_GET['question_id']))
        {
            $sql->query('SELECT question_comment, question_text
                         FROM ' . TABLE_QUESTIONS . '
                         WHERE question_id = \'' . $_GET['question_id'] . '\'');
            $table_questions = $sql->fetch();
            // Check question
            if (!$table_questions['question_text'])
            {
                error_template($lang['ERROR_QUERY']);
            }
            else
            {
                $template->set_file('admin', 'admin/polls/edit.htpl');
                $template->set_block('admin', 'ANSWERS_BLOCK', 'answers');
                $sql->query('SELECT answer_id, answer_text
                             FROM ' . TABLE_ANSWERS . '
                             WHERE question_id = \'' . $_GET['question_id'] . '\'
                             ORDER BY answer_id');
                while ($table_answers = $sql->fetch())
                {
                    $template->set_var(array('ANSWER_ID' => $table_answers['answer_id'],
                                             'ANSWER_TEXT' => $table_answers['answer_text']));
                    $template->parse('ANSWERS_BLOCK', 'answers', true);
                }
                if ($settings['allow_html'])
                {
                    $html_support = $lang['HTML_ENABLED'];
                }
                else
                {
                    $html_support = $lang['HTML_DISABLED'];
                }
                $question_comment = undo_emoticons($table_questions['question_comment']);
                $question_comment = undo_bbcodes($question_comment);
                $template->set_var(array('EMOTICONS_LIST' => get_emoticons_list(0),
                                         'HTML_SUPPORT' => $html_support,
                                         'QUESTION_COMMENT' => $question_comment,
                                         'QUESTION_ID' => $_GET['question_id'],
                                         'QUESTION_TEXT' => $table_questions['question_text']));
                $template->parse('admin');
            }
        }
        else
        {
            error_template($lang['ERROR_QUERY']);
        }
    }
    // Edit?
    elseif (isset($_POST['edit_poll']))
    {
        $error = '';
        $answer_id = array_keys($_POST['answer_text']);
        $answer_text = array_values($_POST['answer_text']);
        $num_answers = count($answer_text);
        if (!trim($_POST['question_text']))
        {
            $error .= $lang['ERROR_NO_QUESTION'];
        }
        if (isset($_POST['delete_id']))
        {
            $delete_id = array_keys($_POST['delete_id']);
            if ((count($delete_id) == $num_answers) && empty($_POST['answer_text_new']))
            {
                $error .= $lang['ERROR_NO_ANSWER'];
            }
        }
        else
        {
            for ($i = 0; $i < $num_answers; $i++)
            {
                if (!trim($answer_text[$i]))
                {
                    $error .= $lang['ERROR_NO_ANSWER'];
                }
            }
        }
        if ($error)
        {
            error_template($error);
        }
        else
        {
            for ($i = 0; $i < $num_answers; $i++)
            {
                if (isset($delete_id[$i]))
                {
                    $j = $votes_per_answer = 0;
                    $queries = array();
                    $sql->query('SELECT user_id, COUNT(*) AS votes_per_user
                                 FROM ' . TABLE_VOTES . '
                                 WHERE answer_id = \'' . $delete_id[$i] . '\'
                                 GROUP BY user_id
                                 ORDER BY user_id');
                    while ($table_votes = $sql->fetch())
                    {
                        $votes_per_answer += $table_votes['votes_per_user'];
                        $queries[$j] = 'UPDATE ' . TABLE_USERS . '
                                        SET user_votes = user_votes - ' . $table_votes['votes_per_user'] . '
                                        WHERE user_id = \'' . $table_votes['user_id'] . '\'';
                        $j++;
                    }
                    for ($k = 0; $k < $j; $k++)
                    {
                        $sql->query($queries[$k]);
                    }
                    $sql->query('DELETE FROM ' . TABLE_ANSWERS . '
                                 WHERE answer_id = \'' . $delete_id[$i] . '\'');
                    $sql->query('UPDATE ' . TABLE_QUESTIONS . '
                                 SET question_answers = question_answers - 1, question_votes = question_votes - ' . $votes_per_answer . '
                                 WHERE question_id = \'' . $_POST['question_id'] . '\'');
                    $sql->query('DELETE FROM ' . TABLE_VOTES . '
                                 WHERE answer_id = \'' . $delete_id[$i] . '\'');
                }
                else
                {
                    $sql->query('UPDATE ' . TABLE_ANSWERS . '
                                 SET answer_text = \'' . utf8_entities($answer_text[$i]) . '\'
                                 WHERE answer_id = \'' . $answer_id[$i] . '\'');
                }
            }
            if ($settings['allow_html'])
            {
                $question_comment = do_html($_POST['question_comment']);
            }
            else
            {
                $question_comment = utf8_entities($_POST['question_comment']);
            }
            $question_comment = make_clickable($question_comment);
            $question_comment = do_bbcodes($question_comment);
            if ($settings['allow_emoticons'])
            {
                $question_comment = do_emoticons($question_comment);
            }
            $sql->query('UPDATE ' . TABLE_QUESTIONS . '
                         SET question_comment = \'' . $question_comment . '\', question_text = \'' . utf8_entities($_POST['question_text']) . '\', question_edition = \'' . time() . '\', edition_id = \'' . $_SESSION['user_id'] . '\', edition_name = \'' . $users['user_name'] . '\'
                         WHERE question_id = \'' . $_POST['question_id'] . '\'');
            if (!empty($_POST['answer_text_new']))
            {
                $sql->query('INSERT INTO ' . TABLE_ANSWERS . ' (question_id, answer_text)
                             VALUES (\'' . $_POST['question_id'] . '\', \'' . utf8_entities($_POST['answer_text_new']) . '\')');
                $sql->query('UPDATE ' . TABLE_QUESTIONS . '
                             SET question_answers = question_answers + 1
                             WHERE question_id = \'' . $_POST['question_id'] . '\'');
            }
            make_polls_feed();
            $GLOBALS['cache']->clean(TABLE_ANSWERS);
            $GLOBALS['cache']->clean(TABLE_QUESTIONS);
            $GLOBALS['cache']->clean(TABLE_VOTES);
            success_template($lang['POLL_EDITED'], './../admin/polls.php?action=view_polls');
        }
    }
    // Delete?
    elseif (isset($_GET['action']) && $_GET['action'] == 'delete_poll')
    {
        // Check query
        if (!empty($_GET['question_id']) && string_is_int($_GET['question_id']))
        {
            $sql->query('SELECT user_id
                         FROM ' . TABLE_QUESTIONS . '
                         WHERE question_id = \'' . $_GET['question_id'] . '\'');
            $table_questions = $sql->fetch();
            // Check question
            if (!$table_questions['user_id'])
            {
                error_template($lang['ERROR_QUERY']);
            }
            else
            {
                $i = 0;
                $queries = array();
                $sql->query('SELECT user_id, COUNT(*) AS votes_per_user
                             FROM ' . TABLE_VOTES . '
                             WHERE question_id = \'' . $_GET['question_id'] . '\'
                             GROUP BY user_id
                             ORDER BY user_id');
                while ($table_votes = $sql->fetch())
                {
                    $queries[$i] = 'UPDATE ' . TABLE_USERS . '
                                    SET user_votes = user_votes - ' . $table_votes['votes_per_user'] . '
                                    WHERE user_id = \'' . $table_votes['user_id'] . '\'';
                    $i++;
                }
                for ($j = 0; $j < $i; $j++)
                {
                    $sql->query($queries[$j]);
                }
                $sql->query('DELETE FROM ' . TABLE_ANSWERS . '
                             WHERE question_id = \'' . $_GET['question_id'] . '\'');
                $sql->query('DELETE FROM ' . TABLE_QUESTIONS . '
                             WHERE question_id = \'' . $_GET['question_id'] . '\'');
                $sql->query('UPDATE ' . TABLE_USERS . '
                             SET user_polls = user_polls - 1
                             WHERE user_id = \'' . $table_questions['user_id'] . '\'');
                $sql->query('DELETE FROM ' . TABLE_VOTES . '
                             WHERE question_id = \'' . $_GET['question_id'] . '\'');
                make_polls_feed();
                $GLOBALS['cache']->clean(TABLE_ANSWERS);
                $GLOBALS['cache']->clean(TABLE_QUESTIONS);
                $GLOBALS['cache']->clean(TABLE_USERS);
                $GLOBALS['cache']->clean(TABLE_VOTES);
                success_template($lang['POLL_DELETED'], './../admin/polls.php?action=view_polls');
            }
        }
        else
        {
            error_template($lang['ERROR_QUERY']);
        }
    }
    // Add form
    else
    {
        if ($settings['allow_html'])
        {
            $html_support = $lang['HTML_ENABLED'];
        }
        else
        {
            $html_support = $lang['HTML_DISABLED'];
        }
        $template->set_file('admin', 'admin/polls/add.htpl');
        $template->set_var(array('EMOTICONS_LIST' => get_emoticons_list(1),
                                 'HTML_SUPPORT' => $html_support));
        $template->parse('admin');
    }
}
// Other
else
{
    error_template($lang['ERROR_LEVEL_ACCESS']);
}

page_footer();

?>
Return current item: Gnew