<?php
// File: $Id: polls.php,v 1.14 2001/12/05 13:37:11 gregorrothfuss Exp $ $Name: $
// ----------------------------------------------------------------------
// POST-NUKE Content Management System
// Copyright (C) 2001 by the Post-Nuke Development Team.
// http://www.postnuke.com/
// ----------------------------------------------------------------------
// Based on:
// PHP-NUKE Web Portal System - http://phpnuke.org/
// Thatware - http://thatware.org/
// ----------------------------------------------------------------------
// LICENSE
//
// This program is free software; you can redistribute it and/or
// modify it under the terms of the GNU General Public License (GPL)
// as published by the Free Software Foundation; either version 2
// of the License, or (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// To read the license please visit http://www.gnu.org/copyleft/gpl.html
// ----------------------------------------------------------------------
// Original Author of file:
// Purpose of file:
// ----------------------------------------------------------------------
if (!eregi("admin.php", $PHP_SELF)) { die ("Access Denied"); }
$hlpfile = "manual/surveys.html";
modules_get_language();
/*********************************************************/
/* Poll/Surveys Functions */
/*********************************************************/
function poll_createPoll() { /* ML Added dropdown to select the language */
global $language, $hlpfile, $admin, $currentlang;
include ('header.php');
GraphicAdmin($hlpfile);
OpenTable();
echo "<center><font class=\"pn-logo\">"._POLLSADMIN."</font></center>";
CloseTable();
echo "<br>";
OpenTable();
if (!authorised(0, 'Polls::', '::', ACCESS_EDIT)) {
echo _POLLSEDITNOAUTH;
CloseTable();
include 'footer.php';
return;
}
echo "<center><font class=\"pn-normal\">[ <a href=\"admin.php?op=modify\">"._MODIFYPOLLS."</a> ]</font></center><br><br>";
if (authorised(0, 'Polls::', '::', ACCESS_ADD)) {
echo "<center><font class=\"pn-title\">"._CREATEPOLL."</font></center><br><br>"
."<form action=\"admin.php\" method=\"post\">"
."<input type=\"hidden\" name=\"op\" value=\"createPosted\">"
."<font class=\"pn-normal\">"._POLLTITLE.": <input type=\"text\" name=\"pollTitle\" size=\"50\" maxlength=\"100\"><br>";
print '<br>'._LANGUAGE.': ' /* ML pre-select language equal to default language */
.'<select name="planguage" size="1">'
;
$lang = languagelist();
$sel_lang[$currentlang] = ' selected';
print "<option value=\"\" $sel_lang[$currentlang]>"._ALL.'</option>'
;
$handle = opendir('language');
while ($f = readdir($handle))
{
if (is_dir("language/$f") && $lang[$f])
{
$langlist[$f] = $lang[$f];
}
}
asort($langlist);
foreach ($langlist as $k=>$v)
{
print "<option value=\"$k\"$sel_lang[$k]>$v</option>\n";
}
echo "</select></font><br><br>" /* ML END */
."<font class=\"pn-normal\">"._POLLEACHFIELD."<br></font>"
."<table border=\"0\">";
for($i = 1; $i <= 12; $i++) {
echo "<tr>"
."<td><font class=\"pn-normal\">"._OPTION." $i:</font></td><td><input type=\"text\" name=\"optionText[$i]\" size=\"50\" maxlength=\"50\"></td>"
."</tr>";
}
echo "</table><br><br>"
."<input type=\"submit\" value=\""._CREATEPOLLBUT."\">"
."</form>";
}
CloseTable();
include ('footer.php');
}
function poll_createPosted() { /* ML added planguage */
global $pollTitle, $optionText, $pntable, $planguage, $dbconn;
csrfcheck();
$timeStamp = time();
if (!authorised(0, 'Polls::', "$pollTitle::", ACCESS_ADD)) {
echo _POLLSADDNOAUTH;
CloseTable();
include 'footer.php';
return;
}
$pollTitle = FixQuotes($pollTitle);
$column = &$pntable['poll_desc_column'];
// FTO : Add SEQ suffix to avoid conflict name with ORACLE
$nextId = $dbconn->GenId("{$pntable['poll_desc']}_SEQ");
$result = $dbconn->Execute("INSERT INTO $pntable[poll_desc] ($column[pollid],
$column[polltitle], $column[timestamp],
$column[voters], $column[planguage])
VALUES ($nextId, '$pollTitle', '$timeStamp', 0,
'$planguage')");
if($dbconn->ErrorNo()<>0)
{
echo $dbconn->ErrorNo() . ": " . $dbconn->ErrorMsg() . "<br>";
error_log("DB Error: poll_createPosted: can not insert into poll_desc: " . $dbconn->ErrorMsg());
return;
}
$column = &$pntable['poll_desc_column'];
$result = $dbconn->Execute("SELECT $column[pollid]
FROM $pntable[poll_desc]
WHERE $column[polltitle]='$pollTitle'");
list($id) = $result->fields;
for($i = 1; $i <= sizeof($optionText); $i++) {
if($optionText[$i] != "") {
$optionText[$i] = FixQuotes($optionText[$i]);
$column =&$pntable['poll_data_column'];
$result = $dbconn->Execute("INSERT INTO $pntable[poll_data] ($column[pollid],
$column[optiontext], $column[optioncount],
$column[voteid])
VALUES ($id, '$optionText[$i]', 0, $i)");
if($dbconn->ErrorNo()<>0)
{
echo $dbconn->ErrorNo() . ": " . $dbconn->ErrorMsg() . "<br>";
error_log("DB Error: poll_createPosted: can not insert into poll_data" . $dbconn->ErrorMsg());
return;
}
}
}
pnRedirect('admin.php?op=adminMain');
}
function poll_ModList() {
global $hlpfile, $pntable, $dbconn;
$hlpfile = "manual/surveys.html";
include ('header.php');
GraphicAdmin($hlpfile);
OpenTable();
echo "<center><font class=\"pn-logo\">"._POLLSADMIN."</font></center>";
CloseTable();
echo "<br>";
if (!authorised(0, 'Polls::', '::', ACCESS_EDIT)) {
echo _POLLSEDITNOAUTH;
include 'footer.php';
return;
}
OpenTable();
echo "<center><font class=\"pn-title\">"._EDITEXISTING."</font><br><br></center>"
."<font class=\"pn-normal\">"._CHOOSEPOLL."</font><br>";
$column =&$pntable['poll_desc_column'];
$result = $dbconn->Execute("SELECT $column[pollid], $column[polltitle],
$column[timestamp], $column[planguage]
FROM $pntable[poll_desc] ORDER BY $column[timestamp]");
if($dbconn->ErrorNo()<>0)
{
echo $dbconn->ErrorNo() . ": " . $dbconn->ErrorMsg() . "<br>";
error_log("Error: " . $dbconn->ErrorMsg());
return;
}
// FTO Check EOF and databse error
while(!$result->EOF) {
list($pollID, $pollTitle, $timeStamp, $planguage) = $result->fields;
$result->MoveNext();
if ($planguage == "")
{
$planguage = _ALL ;
}
if (authorised(0, 'Polls::', "$pollTitle::$pollID", ACCESS_EDIT)) {
echo "<font class=\"pn-normal\"><li>$pollTitle - ($planguage) [ <a href=\"admin.php?op=poll_editPoll&id=$pollID\">"._EDIT."</a> ";
if (authorised(0, 'Polls::', "$pollTitle::$pollID", ACCESS_DELETE)) {
echo "| <a href=\"admin.php?op=removePosted&id=$pollID\">"._DELETE."</a> ]</font>";
} else {
echo "]</font>";
}
}
}
CloseTable();
include ('footer.php');
}
function poll_EditPoll () {
global $id, $pntable, $dbconn;
include ('header.php');
GraphicAdmin($hlpfile);
OpenTable();
echo "<center><font class=\"pn-logo\">"._POLLSADMIN."</font></center>";
CloseTable();
echo "<br><br>";
OpenTable();
$column =&$pntable['poll_desc_column'];
$result_title = $dbconn->Execute("SELECT $column[polltitle], $column[planguage]
FROM $pntable[poll_desc]
WHERE $column[pollid]=$id");
// FTO Check databse error
if (!$result_title) PN_DBMsgError($dbconn, __FILE__, __LINE__, "An error ocurred");
list($pollTitle, $planguage) = $result_title->fields;
if (!authorised(0, 'Polls::', "$pollTitle::$id", ACCESS_EDIT)) {
echo _POLLSEDITNOAUTH;
CloseTable();
include 'footer.php';
return;
}
$column =&$pntable['poll_data_column'];
$result_data = $dbconn->Execute("SELECT $column[optiontext], $column[optioncount]
FROM $pntable[poll_data]
WHERE $column[pollid]=$id ORDER BY $column[voteid]");
// FTO Check databse error
if (!$result_data) PN_DBMsgError($dbconn, __FILE__, __LINE__, "An error ocurred");
echo "<form action=\"admin.php\" method=\"post\">"
."<input type=\"hidden\" name=\"op\" value=\"poll_modifyPosted\">"
."<input type=\"hidden\" name=\"id\" value=\"$id\">"
."<font class=\"pn-normal\">"._POLLTITLE.": <input type=\"text\" name=\"pollTitle\" size=\"50\" maxlength=\"100\" value=\"$pollTitle\"><br>";
$lang = languagelist();
if (!$planguage)
{
$sel_lang[0] = ' selected';
} else {
$sel_lang[$planguage] = ' selected';
}
print '<br>'._LANGUAGE.': ' /* ML Dropdown with available languages to update */
.'<select name="planguage" size="1">'
."<option value=\"\" $sel_lang[0]>"._ALL.'</option>'
;
$handle = opendir('language');
while ($f = readdir($handle))
{
if (is_dir("language/$f") && $lang[$f])
{
$langlist[$f] = $lang[$f];
}
}
asort($langlist);
foreach ($langlist as $k=>$v)
{
print "<option value=\"$k\"$sel_lang[$k]>$v</option>\n";
}
print '</select>';
echo "<br><br>"._POLLEACHFIELD."</font><br>"
."<table border=\"0\">";
$i = 1;
// FTO Check EOF and databse error
while(!$result_data->EOF) {
list($optionText, $optionCount) = $result_data->fields;
$result_data->MoveNext();
echo "<tr><td><font class=\"pn-normal\">"._OPTION." $i</font></td><td>";
echo "<input type=\"text\" name=\"optionText{$i}\" size=\"50\" maxlength=\"50\" value=\"$optionText\"></td></tr>";
$i += 1;
}
if ($i < 12) {
//FTO Bug . for ($i = $i + 1; $i <=12; $i++) {
for ($i = $i; $i <=12; $i++) {
echo "<tr><td><font class=\"pn-normal\">"._OPTION." ".$i."</font></td><td><input type=\"text\" name=\"optionText{$i}\" size=\"50\" maxlength=\"50\" value=\"\"></td></tr>";
}
}
echo "</table><br><br><input type=\"submit\" value=\""._MODIFY."\"></form>";
CloseTable();
include ('footer.php');
}
function poll_modifyPosted($pollTitle, $planguage, $optionText, $id) {
global $pntable, $dbconn;
csrfcheck();
if (!authorised(0, 'Polls::', "$pollTitle::$id", ACCESS_EDIT)) {
include 'header.php';
echo _POLLSEDITNOAUTH;
include 'footer.php';
return;
}
$pollTitle = FixQuotes($pollTitle);
$column =&$pntable['poll_desc_column'];
$result = $dbconn->Execute("UPDATE $pntable[poll_desc]
SET $column[polltitle]='$pollTitle',
$column[planguage]='$planguage'
WHERE $column[pollid]=$id");
if($dbconn->ErrorNo()<>0)
{
error_log("Error: poll_modifyPosted" . $dbconn->ErrorMsg());
}
$column =&$pntable['poll_data_column'];
//FTODEBUG
$dbconn->debug=true;
for ($i=1; $i<=12; $i++) {
$optionText[$i]=trim($optionText[$i]);
if (!empty($optionText[$i]))
{
$sql = "UPDATE $pntable[poll_data] SET $column[optiontext]='" . $optionText[$i] . "' WHERE $column[pollid]=$id AND $column[voteid] = $i";
}
//echo $sql."<br>";
$result = $dbconn->Execute($sql);
// FTO Check databse error
if (!$result) PN_DBMsgError($dbconn, __FILE__, __LINE__, "An error ocurred");
// if($dbconn->ErrorNo()<>0)
// {
// error_log("DB Error: poll_modifyPosted: can not modify poll_data: " . $dbconn->ErrorMsg());
// }
}
pnRedirect('admin.php?op=modify');
}
function poll_removePosted() {
global $id, $pntable, $dbconn;
csrfcheck();
if (!authorised(0, 'Polls::', "$pollTitle::$id", ACCESS_DELETE)) {
include 'header.php';
echo _POLLSDELNOAUTH;
include 'footer.php';
return;
}
$result = $dbconn->Execute("DELETE FROM $pntable[poll_desc]
WHERE {$pntable[poll_desc_column][pollid]}=$id");
$result = $dbconn->Execute("DELETE FROM $pntable[poll_data]
WHERE {$pntable[poll_data_column][pollid]}=$id");
pnRedirect('admin.php?op=adminMain');
}
if (!authorised(0, 'Polls::', '::', ACCESS_ADMIN)) {
include 'header.php';
echo _POLLSNOAUTH;
include 'footer.php';
} else {
switch($op) {
case "create":
poll_createPoll();
break;
case "createPosted":
poll_createPosted();
break;
case "modify":
poll_ModList();
break;
case "poll_editPoll": /* What happened to this ? Should this be re-written ?*/
poll_editPoll($pollID);
break;
case "poll_modifyPosted": /* What happened to this ? */
// we combine all 12 option fields into one array for easier function-passing
for ($i=1; $i<=12; $i++) {
$optiontxt = "optionText" . $i;
$option[$i] = $$optiontxt;
}
poll_ModifyPosted($pollTitle, $planguage, $option, $id);
break;
case "removePosted":
poll_removePosted();
break;
}
}
?>