[ PHPXref.com ] [ Generated: Sun Jul 20 20:23:56 2008 ] [ Siteseed 1.6 ]
[ Index ]     [ Variables ]     [ Functions ]     [ Classes ]     [ Constants ]     [ Statistics ]

title

Body

[close]

/siteseed/ -> vote.php (source)

   1  <?
   2  /**************************************
   3  
   4  Project: Siteseed (copyright MrNet 2001 - All right reserved)
   5  Filename: vote.php
   6  Last modified: 20020420 (security code audit by pls)
   7  Category: publicly accessible file that can be called directly.
   8  ***************************************/
   9  
  10  require  "include/db_connect.php";
  11  require  "bo/include/defaults.php";
  12  
  13  // validade data
  14  $survey_id += 0;
  15  if (!$url) $url = "index.php";
  16  
  17  $cookie_name = "poll$survey_id";
  18  $vote_count=0;
  19  
  20  // keep vote if user has not voted yet
  21  if (!$$cookie_name)
  22  {
  23      reset ($_POST);
  24      while (list ($key, $val) = each ($_POST))
  25      {
  26          if(ereg("question(([0-9])+)-option_id",$key,$regs))
  27          {
  28              $question_id = $regs[1] + 0;
  29              $option_id["question$question_id"] = $val + 0;
  30              if ($option_id["question$question_id"]) $wasvoted["question$question_id"]=1;
  31              $answered_questions = count($wasvoted);
  32          }
  33          else if(ereg("option_id",$key,$regs))
  34          {
  35              $question_id = 1;
  36              $option_id["question$question_id"] = $val + 0;
  37              $answered_questions = 1;
  38          }
  39      }
  40      
  41      $query = mysql_query ("SELECT * FROM surveys WHERE survey_id=$survey_id");
  42      $quest_count=mysql_num_rows($query);
  43      if ($quest_count != $answered_questions)
  44      {
  45          header ("Location: $url");
  46      }
  47  
  48      for ($i=1; $i<=count($option_id); $i++)
  49      {
  50          //check if record already exists in database
  51          $query = mysql_query ("SELECT counter FROM survey_votes WHERE survey_id=$survey_id AND option_id=".$option_id["question$i"]." AND question_id=$i");
  52      
  53          if (mysql_num_rows($query))
  54          {
  55              $query = mysql_query ("UPDATE survey_votes SET counter=counter+1 WHERE survey_id=$survey_id AND option_id=".$option_id["question$i"]." AND question_id=$i");
  56          }
  57          else
  58          {
  59              $query = mysql_query ("INSERT INTO survey_votes SET counter=1, survey_id=$survey_id, option_id=".$option_id["question$i"].", question_id=$i");
  60          }
  61          
  62      }
  63      setcookie ("$cookie_name", "1");
  64  }
  65  header ("Location: $url");
  66  ?>


[ Powered by PHPXref - Served by Debian GNU/Linux ]