Location: PHPKode > projects > Gnew > Gnew-2013.1/polls/vote.php
<?php
// -----------------------------------------------------------------------------
// $Id: vote.php 676 2013-03-27 13:38:34Z raoul $
//
// Copyright (C) 2013 Raoul Proença
// License: GNU GPL version 3 (see copying.txt file)
// Website: http://www.gnew.fr/
// -----------------------------------------------------------------------------
// This program is free software: you can redistribute it and/or modify it under
// the terms of the GNU General Public License as published by the Free Software
// Foundation, either version 3 of the License, or (at your option) any later
// version.
//
// This program is distributed in the hope that it will be useful, but WITHOUT
// ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
// FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
// details.
//
// You should have received a copy of the GNU General Public License along with
// this program. If not, see <http://www.gnu.org/licenses/>.
// -----------------------------------------------------------------------------

include('./../includes/common.php');

page_header($lang['POLLS_VOTE']);

// From vote form?
if (isset($_POST['add_vote']))
{
    // User logged?
    if ($_SESSION['user_id'] > 0)
    {
        $error = '';
        if (empty($_POST['answer_id']))
        {
            $error .= $lang['ERROR_NO_ANSWER'];
        }
        // Anti-flood - x days
        $sql->query('SELECT MAX(vote_creation) AS last_vote
                     FROM ' . TABLE_VOTES . '
                     WHERE question_id = \'' . $_POST['question_id'] . '\'
                     AND user_id = \'' . $_SESSION['user_id'] . '\'');
        $table_votes = $sql->fetch();
        if ($table_votes['last_vote'] >= (time() - ($settings['votes_interval'] * 24 * 3600)))
        {
            $error .= sprintf($lang['ERROR_VOTES_INTERVAL'], $settings['votes_interval']);
        }
        if ($error)
        {
            error_template($error);
        }
        else
        {
            $sql->query('UPDATE ' . TABLE_ANSWERS . '
                         SET answer_votes = answer_votes + 1
                         WHERE answer_id = \'' . $_POST['answer_id'] . '\'');
            $sql->query('UPDATE ' . TABLE_QUESTIONS . '
                         SET question_votes = question_votes + 1
                         WHERE question_id = \'' . $_POST['question_id'] . '\'');
            $sql->query('UPDATE ' . TABLE_USERS . '
                         SET user_votes = user_votes + 1
                         WHERE user_id = \'' . $_SESSION['user_id'] . '\'');
            $sql->query('INSERT INTO ' . TABLE_VOTES . ' (question_id, answer_id, user_id, vote_creation)
                         VALUES (\'' . $_POST['question_id'] . '\', \'' . $_POST['answer_id'] . '\', \'' . $_SESSION['user_id'] . '\', \'' . time() . '\')');
            $GLOBALS['cache']->clean(TABLE_ANSWERS);
            $GLOBALS['cache']->clean(TABLE_QUESTIONS);
            $GLOBALS['cache']->clean(TABLE_USERS);
            $GLOBALS['cache']->clean(TABLE_VOTES);
            success_template($lang['VOTE_ADDED'], './../polls/view.php?question_id=' . $_POST['question_id']);
        }
    }
    else
    {
        error_template($lang['ERROR_USER_OFFLINE']);
    }
}
// Vote form
else
{
    // Check query
    if (!empty($_GET['question_id']) && string_is_int($_GET['question_id']))
    {
        $template->set_file('vote', 'polls/vote.htpl');
        $template->set_block('vote', 'ANSWERS_BLOCK', 'answers');
        $sql->query('SELECT answer_id, answer_text
                     FROM ' . TABLE_ANSWERS . '
                     WHERE question_id = \'' . $_GET['question_id'] . '\'
                     ORDER BY answer_id');
        while ($table_answers = $sql->fetch())
        {
            $template->set_var(array('ANSWER_ID' => $table_answers['answer_id'],
                                     'ANSWER_TEXT' => $table_answers['answer_text']));
            $template->parse('ANSWERS_BLOCK', 'answers', true);
            $answers_exist = true;
        }
        if (isset($answers_exist))
        {
            $sql->query('SELECT t1.user_id, t1.question_comment, t1.question_text, t1.question_creation, t1.question_edition, t1.edition_id, t1.edition_name, t2.user_name
                         FROM ' . TABLE_QUESTIONS . ' AS t1
                         INNER JOIN ' . TABLE_USERS . ' AS t2
                                     ON (t2.user_id = t1.user_id)
                         WHERE t1.question_id = \'' . $_GET['question_id'] . '\'');
            $table_questions = $sql->fetch();
            if ($table_questions['question_edition'])
            {
                $question_edited = sprintf($lang['EDITED_BY'], $table_questions['edition_id'], $table_questions['edition_name'], format_date($table_questions['question_edition']));
            }
            else
            {
                $question_edited = '';
            }
            $template->set_var(array('QUESTION_COMMENT' => $table_questions['question_comment'],
                                     'QUESTION_EDITED' => $question_edited,
                                     'QUESTION_ID' => $_GET['question_id'],
                                     'QUESTION_POSTED' => sprintf($lang['POSTED_BY'], $table_questions['user_id'], $table_questions['user_name'], format_date($table_questions['question_creation'])),
                                     'QUESTION_TEXT' => $table_questions['question_text']));
            $template->parse('vote', null, false, array(TABLE_ANSWERS, TABLE_QUESTIONS));
        }
        else
        {
            error_template($lang['ERROR_NO_DATA']);
        }
    }
    else
    {
        error_template($lang['ERROR_NO_DATA']);
    }
}

page_footer();

?>
Return current item: Gnew