diff -r 000000000000 -r e96ded22104a plugins/Surveyor.php --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/plugins/Surveyor.php Sat Nov 29 01:14:25 2008 -0500 @@ -0,0 +1,539 @@ +Important: When first loaded, this plugin creates the following tables in your Enano database: enano_polls, enano_poll_options, enano_poll_results +Author: Dan Fuhry +Version: 1.0.1 +Author URI: http://enano.homelinux.org/ + +Changelog: + 9/27/06: + Updated to be valid XHTML 1.1 + 11/2/07: + Made compatible with Loch Ness and later (oops!) +*/ + +/* + * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between + * Version 1.0.1 (Loch Ness) + * Copyright (C) 2006-2007 Dan Fuhry + * + * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied + * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details. + */ + +global $db, $session, $paths, $template, $plugins; // Common objects + +// Uncomment this line once the plugin has been enabled for the first time and at least one page has been requested +define('ENANO_SURVEYOR_TABLES_CREATED', 'true'); + + if(!defined('ENANO_SURVEYOR_TABLES_CREATED')) { + $e = $db->sql_query('CREATE TABLE IF NOT EXISTS '.table_prefix.'polls( + poll_id mediumint(5) NOT NULL auto_increment, + poll_question text, + end_time datetime, + enabled tinyint(1), + PRIMARY KEY (poll_id) + );'); + if(!$e) $db->_die('Surveyor plugin: error creating table '.table_prefix.'polls.'); + + $e = $db->sql_query('CREATE TABLE IF NOT EXISTS '.table_prefix.'poll_options( + item_id mediumint(5) NOT NULL auto_increment, + poll_id mediumint(5) NOT NULL, + option_value text, + PRIMARY KEY (item_id) + );'); + if(!$e) $db->_die('Surveyor plugin: error creating table '.table_prefix.'poll_options.'); + + $e = $db->sql_query('CREATE TABLE IF NOT EXISTS '.table_prefix.'poll_results( + poll_id mediumint(5), + item_id mediumint(5), + user_id mediumint(8), + ip_addr varchar(10) + );'); + if(!$e) $db->_die('Surveyor plugin: error creating table '.table_prefix.'poll_results.'); + +} + +class Surveyor_Plugin { + var $header_added; + function html($pid = false) + { + global $db, $session, $paths, $template, $plugins; // Common objects + $s = ''; + if(is_int($pid)) $s = ' AND p.poll_id='.$pid; + $ret = ''; + if(!is_int($pid)) $ret .= '
'; + $ret .= '
'; + $q = $db->sql_query('SELECT p.poll_id AS pid,o.item_id AS oid,p.poll_question AS q,o.option_value AS v FROM '.table_prefix.'polls p, '.table_prefix.'poll_options o WHERE p.poll_id=o.poll_id AND p.enabled=1'.$s.';'); + if(!$q) $db->_die('An error occurred whilst selecting the poll data.'); + $l = Array(); + while($row = $db->fetchrow()) + { + if(!isset($l[$row['q']])) + { + $l[$row['q']] = Array(); + $l[$row['q']]['pid'] = $row['pid']; + } + $l[$row['q']][] = $row; + } + if(sizeof($l) < 1) return 'No polls created yet'; + $ques = array_rand($l); + $poll_id = $l[$ques]['pid']; + unset($l[$ques]['pid']); + if(!$poll_id) die_semicritical('Surveyor plugin error', 'Invalid poll ID: '.$poll_id); + $q = $db->sql_query('SELECT * FROM '.table_prefix.'poll_results WHERE poll_id='.$poll_id.' AND ( ip_addr=\''.mysql_real_escape_string(ip2hex($_SERVER['REMOTE_ADDR'])).'\' OR user_id='.$session->user_id.' );'); + if(!$q) $db->_die('Error obtaining vote result information'); + if($db->numrows() > 0) + { + if(!isset($_GET['results'])) $_GET['results'] = ''; + $_REQUEST['poll_id'] = $poll_id.''; + $_GET['poll_id'] = $poll_id.''; + return __enanoVoteAjaxhandler(false); + } + $ret .= ''; + $ret .= ''.$ques.'
'; + foreach($l[$ques] as $o) + { + $ret .= '
'; + } + $ret .= '
'; + $ret .= '
'; + if(!is_int($pid)) $ret .= '
'; + + $template->add_header(' + + '); + + return $ret; + } +} + +$plugins->attachHook('base_classes_initted', ' + $paths->add_page(Array( + \'name\'=>\'Submit a poll vote\', + \'urlname\'=>\'SubmitVote\', + \'namespace\'=>\'Special\', + \'special\'=>0,\'visible\'=>0,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\', + )); + $paths->addAdminNode(\'Plugin configuration\', \'Manage polls\', \'PollEditor\'); + '); + +function __mdgPluginDoSurvey() { + global $db, $session, $paths, $template, $plugins; // Common objects + $s = new Surveyor_Plugin(); + $template->sidebar_widget('Poll', $s->html()); +} +$plugins->attachHook('compile_template', '__mdgPluginDoSurvey();'); + +function page_Special_SubmitVote() +{ + echo __enanoVoteAjaxhandler(); +} +function __enanoVoteAjaxhandler($allow_vote = true) +{ + global $db, $session, $paths, $template, $plugins; // Common objects + $ret = ''; + if(!isset($_REQUEST['poll_id'])) { die_semicritical('Critical error in plugin', '$_REQUEST[\'poll_id\'] is not set'); $paths->main_page(); exit; } + if(!preg_match('/^([0-9]+)$/', $_REQUEST['poll_id'])) die('Hacking attempt'); // Prevents SQL injection from the URL + if(isset($_GET['results'])) + { + $q = $db->sql_query('SELECT p.poll_id AS pid,o.item_id AS oid,p.poll_question AS q,o.option_value AS v FROM '.table_prefix.'polls p, '.table_prefix.'poll_options o WHERE p.poll_id=o.poll_id AND p.poll_id=\''.$_GET['poll_id'].'\';'); + $l = Array(); + while($row = $db->fetchrow()) + { + if(!isset($l[$row['q']])) + { + $l[$row['q']] = Array(); + $l[$row['q']]['pid'] = $row['pid']; + } + $l[$row['q']][] = $row; + } + // The reason we use array_rand() here? Simple - we used a WHERE clause to select only one poll, and since poll_id is + // a primary key, there is only one match in the polls table. Therefore, array_rand() effectively returns the first key in the array + $ques = array_rand($l); + $poll_id = $l[$ques]['pid']; + unset($l[$ques]['pid']); + $results = Array(); + foreach($l[$ques] as $o) + { + $q = $db->sql_query('SELECT * FROM '.table_prefix.'poll_results WHERE poll_id='.$_GET['poll_id'].' AND item_id='.$o['oid'].';'); + if(!$q) $db->_die('The poll result data could not be selected.'); + $results[$o['v']] = $db->numrows(); + } + $k = array_keys($results); + $total = 0; + foreach($k as $key) + { + $total = $total + $results[$key]; + } + if($total==0) $total = 1; + // Figure out the percentage, round it, and send the images + $ret .= ''; + $ret .= ''; + foreach($k as $key) + { + $this_width = round(100*($results[$key] / $total)); + if ( $this_width == 0 ) + $this_width = 4; + $ret .= ' + + + + + + + '; + } + if($allow_vote) $ret .= ''; + $ret .= '
'.$ques.'
'.$key.'
+ Poll barPoll barPoll bar + + + ['.$results[$key].'] +
'; + } elseif(isset($_GET['voteform'])) { + $s = new Surveyor_Plugin(); + $pid = (int)$_GET['poll_id']; + $ret .= $s->html($pid); + } else { + if(!isset($_POST['item_id']) || (isset($_POST['item_id']) && !preg_match('/^([0-9]+)$/', $_POST['item_id']))) die('Hacking attempt'); // Once again, ensure that only numbers are passed on the URL + if(isset($_GET['redirect']) && $_GET['redirect'] == 'no') + { + header('Content-type: text/plain'); + $q = $db->sql_query('SELECT * FROM '.table_prefix.'poll_results WHERE poll_id='.$_POST['poll_id'].' AND ( ip_addr=\''.mysql_real_escape_string(ip2hex($_SERVER['REMOTE_ADDR'])).'\' OR user_id='.$session->user_id.' );'); + if(!$q) $db->_die('Error obtaining vote result information'); + if($db->numrows() > 0) + { + die('Looks like you already voted in this poll.'); + } + $q = $db->sql_query('INSERT INTO '.table_prefix.'poll_results(poll_id,item_id,ip_addr,user_id) VALUES('.$_POST['poll_id'].', '.$_POST['item_id'].', \''.ip2hex($_SERVER['REMOTE_ADDR']).'\', '.$session->user_id.');'); + if(!$q) $db->_die('Your vote could not be inserted into the results table.'); + $ret .= 'Your vote has been cast.'; + } else { + $paths->main_page(); + } + } + return $ret; +} + +function page_Admin_PollEditor() +{ + global $db, $session, $paths, $template, $plugins; if(!$session->sid_super || $session->user_level < 2) { header('Location: '.makeUrl($paths->nslist['Special'].'Administration'.urlSeparator.'noheaders')); die('Hacking attempt'); } + if(isset($_POST['newpoll_create'])) + { + $date_string = $_POST['newpoll_year'].'-'.$_POST['newpoll_month'].'-'.$_POST['newpoll_day'].' '.$_POST['newpoll_hour'].':'.$_POST['newpoll_minute'].':00'; + if(isset($_POST['newpoll_never'])) + $date_string = '9999-01-01 00:00:00'; + if(!$db->sql_query('INSERT INTO '.table_prefix.'polls(poll_question,enabled,end_time) VALUES(\''.mysql_real_escape_string($_POST['newpoll_name']).'\', 1, \''.$date_string.'\');')) $db->_die('The poll information could not be inserted.'); + $q = $db->sql_query('SELECT poll_id FROM '.table_prefix.'polls WHERE poll_question=\''.mysql_real_escape_string($_POST['newpoll_name']).'\' AND end_time=\''.$date_string.'\';'); + if(!$q) $db->_die('The new poll ID could not be fetched.'); + $r = $db->fetchrow(); + if(!$db->sql_query('INSERT INTO '.table_prefix.'poll_options(poll_id,option_value) VALUES('.$r['poll_id'].', \'First option\')')) $db->_die('The default option data could not be inserted.'); + } + + echo '
'; + ?> +

Create a new poll

+

Question:

+

Ending time: + + , +    + :
      

+ +

+ '; + + $q = $db->sql_query('SELECT p.poll_id AS pid,o.item_id AS oid,p.poll_question AS q,o.option_value AS v,p.end_time,p.enabled FROM '.table_prefix.'polls p, '.table_prefix.'poll_options o WHERE p.poll_id=o.poll_id;'); + if(!$q) $db->_die('The poll information could not be selected.'); + $l = Array(); + while($row = $db->fetchrow()) + { + if(!isset($l[$row['q']])) + { + $l[$row['q']] = Array(); + } + $l[$row['q']][] = $row; + } + $k = array_keys($l); + foreach ( $k as $key ) + { + $c = $l[$key][0]; + $poll_id = $c['pid']; + $enabled = $c['enabled']; + $ending_time = $c['end_time']; + $year = substr($ending_time, 0, 4); + $month = substr($ending_time, 5, 2); + $day = substr($ending_time, 8, 2); + $hour = substr($ending_time, 11, 2); + $minute = substr($ending_time, 14, 2); + if(isset($_POST['poll_'.$c['pid'].'_update'])) + { + $date_string = $_POST['poll_'.$c['pid'].'_year'].'-'.$_POST['poll_'.$c['pid'].'_month'].'-'.$_POST['poll_'.$c['pid'].'_day'].' '.$_POST['poll_'.$c['pid'].'_hour'].':'.$_POST['poll_'.$c['pid'].'_minute'].':00'; + if(isset($_POST['poll_'.$c['pid'].'_never'])) + $date_string = '9999-01-01 00:00:00'; + $en = isset($_POST['poll_'.$c['pid'].'_enabled']) ? '1' : '0'; + $q = $db->sql_query('UPDATE '.table_prefix.'polls SET enabled='.$en.',end_time=\''.$date_string.'\' WHERE poll_id='.$c['pid'].';'); + if(!$q) $db->_die('The poll data could not be updated.'); + + $q = $db->sql_query('SELECT p.poll_id AS pid,o.item_id AS oid,p.poll_question AS q,o.option_value AS v,p.end_time,p.enabled FROM '.table_prefix.'polls p, '.table_prefix.'poll_options o WHERE p.poll_id=o.poll_id;'); + if(!$q) $db->_die('The poll information could not be selected.'); + $l = Array(); + while($row = $db->fetchrow()) + { + if(!isset($l[$row['q']])) + { + $l[$row['q']] = Array(); + } + $l[$row['q']][] = $row; + } + $k = array_keys($l); + + echo '

Information

Poll updated successfully.

'; + } + if(isset($_POST['poll_'.$c['pid'].'_delete'])) + { + // Safe to use the poll ID here because it's the primary key + if(!$db->sql_query('DELETE FROM '.table_prefix.'poll_results WHERE poll_id='.$c['pid'].';') ) $db->_die('The poll results could not be deleted.'); + if(!$db->sql_query('DELETE FROM '.table_prefix.'poll_options WHERE poll_id='.$c['pid'].';') ) $db->_die('The poll options could not be deleted.'); + if(!$db->sql_query('DELETE FROM '.table_prefix.'polls WHERE poll_id='.$c['pid'].';') ) $db->_die('The poll could not be deleted.'); + unset($l[$key]); + echo '

Information

Poll deleted.

'; + } + } + $k = array_keys($l); // Refresh the key list after any deletions that may have been done + foreach ( $k as $key ) + { + if(isset($_POST['create_'.$l[$key][0]['pid']])) + { + $str = mysql_real_escape_string($_POST['value_'.$l[$key][0]['pid']]); + $q = $db->sql_query('INSERT INTO '.table_prefix.'poll_options(poll_id,option_value) VALUES('.$l[$key][0]['pid'].', \''.$str.'\');'); + if(!$q) $db->_die('The poll data could not be inserted.'); + $q = $db->sql_query('SELECT o.item_id AS oid,option_value AS v, p.poll_id AS pid FROM '.table_prefix.'polls p, '.table_prefix.'poll_options o WHERE p.poll_id=o.poll_id AND option_value=\''.$str.'\';'); + if(!$q) $db->_die('The poll data could not be selected.'); + $nr = $db->fetchrow(); + $l[$key][] = $nr; // Fetches the option ID, which is needed for updating and deleting the poll option + } + echo '

Poll: '.$key.'

'; + echo ''; + $poll_id = $l[$key][0]['pid']; + $enabled = $l[$key][0]['enabled']; + $ending_time = $l[$key][0]['end_time']; + $year = substr($ending_time, 0, 4); + $month = substr($ending_time, 5, 2); + $day = substr($ending_time, 8, 2); + $hour = substr($ending_time, 11, 2); + $minute = substr($ending_time, 14, 2); + ?> +

Ending time: + + , +    + :
+       

+

+

+ + + 1) + { + $q = $db->sql_query('DELETE FROM '.table_prefix.'poll_options WHERE poll_id='.$row['pid'].' AND item_id='.$row['oid'].';'); + if(!$q) $db->_die('The poll data could not be deleted.'); + $q = $db->sql_query('DELETE FROM '.table_prefix.'poll_results WHERE poll_id='.$row['pid'].' AND item_id='.$row['oid'].';'); + if(!$q) $db->_die('The poll result data could not be deleted.'); + echo ''; + } else { + if(isset($_POST['delete_'.$row['pid'].'_'.$row['oid']]) && sizeof($l[$key]) < 2) + echo ''; + if(isset($_POST['update_'.$row['pid'].'_'.$row['oid']])) + { + $q = $db->sql_query('UPDATE '.table_prefix.'poll_options SET option_value=\''.mysql_real_escape_string($_POST['value_'.$row['pid'].'_'.$row['oid']]).'\' WHERE poll_id='.$row['pid'].' AND item_id='.$row['oid'].';'); + if(!$q) $db->_die('The poll data could not be updated.'); + $row['v'] = $_POST['value_'.$row['pid'].'_'.$row['oid']]; + } + // Sorry guys, really, I hate to make a ton of queries here but there's really no other way to do this :'( + $q = $db->sql_query('SELECT * FROM '.table_prefix.'poll_results WHERE poll_id='.$row['pid'].' AND item_id='.$row['oid'].';'); + if(!$q) $db->_die('The poll result data could not be selected.'); + echo ''; + } + //$last_pid + } + ?> + +
Option valueVotesActions
Item deleted.
You cannot delete the last option in a poll.
Instead, please use the "Update" button.
'.$db->numrows().'
+ '; + } +} + +?> \ No newline at end of file