diff -r 000000000000 -r e96ded22104a plugins/Surveyor.php
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/plugins/Surveyor.php Sat Nov 29 01:14:25 2008 -0500
@@ -0,0 +1,539 @@
+Important: When first loaded, this plugin creates the following tables in your Enano database: enano_polls, enano_poll_options, enano_poll_results
+Author: Dan Fuhry
+Version: 1.0.1
+Author URI: http://enano.homelinux.org/
+
+Changelog:
+ 9/27/06:
+ Updated to be valid XHTML 1.1
+ 11/2/07:
+ Made compatible with Loch Ness and later (oops!)
+*/
+
+/*
+ * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
+ * Version 1.0.1 (Loch Ness)
+ * Copyright (C) 2006-2007 Dan Fuhry
+ *
+ * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
+ * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
+ */
+
+global $db, $session, $paths, $template, $plugins; // Common objects
+
+// Uncomment this line once the plugin has been enabled for the first time and at least one page has been requested
+define('ENANO_SURVEYOR_TABLES_CREATED', 'true');
+
+ if(!defined('ENANO_SURVEYOR_TABLES_CREATED')) {
+ $e = $db->sql_query('CREATE TABLE IF NOT EXISTS '.table_prefix.'polls(
+ poll_id mediumint(5) NOT NULL auto_increment,
+ poll_question text,
+ end_time datetime,
+ enabled tinyint(1),
+ PRIMARY KEY (poll_id)
+ );');
+ if(!$e) $db->_die('Surveyor plugin: error creating table '.table_prefix.'polls.');
+
+ $e = $db->sql_query('CREATE TABLE IF NOT EXISTS '.table_prefix.'poll_options(
+ item_id mediumint(5) NOT NULL auto_increment,
+ poll_id mediumint(5) NOT NULL,
+ option_value text,
+ PRIMARY KEY (item_id)
+ );');
+ if(!$e) $db->_die('Surveyor plugin: error creating table '.table_prefix.'poll_options.');
+
+ $e = $db->sql_query('CREATE TABLE IF NOT EXISTS '.table_prefix.'poll_results(
+ poll_id mediumint(5),
+ item_id mediumint(5),
+ user_id mediumint(8),
+ ip_addr varchar(10)
+ );');
+ if(!$e) $db->_die('Surveyor plugin: error creating table '.table_prefix.'poll_results.');
+
+}
+
+class Surveyor_Plugin {
+ var $header_added;
+ function html($pid = false)
+ {
+ global $db, $session, $paths, $template, $plugins; // Common objects
+ $s = '';
+ if(is_int($pid)) $s = ' AND p.poll_id='.$pid;
+ $ret = '';
+ if(!is_int($pid)) $ret .= '
';
+ $ret .= '
';
+ if(!is_int($pid)) $ret .= '
';
+
+ $template->add_header('
+
+ ');
+
+ return $ret;
+ }
+}
+
+$plugins->attachHook('base_classes_initted', '
+ $paths->add_page(Array(
+ \'name\'=>\'Submit a poll vote\',
+ \'urlname\'=>\'SubmitVote\',
+ \'namespace\'=>\'Special\',
+ \'special\'=>0,\'visible\'=>0,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',
+ ));
+ $paths->addAdminNode(\'Plugin configuration\', \'Manage polls\', \'PollEditor\');
+ ');
+
+function __mdgPluginDoSurvey() {
+ global $db, $session, $paths, $template, $plugins; // Common objects
+ $s = new Surveyor_Plugin();
+ $template->sidebar_widget('Poll', $s->html());
+}
+$plugins->attachHook('compile_template', '__mdgPluginDoSurvey();');
+
+function page_Special_SubmitVote()
+{
+ echo __enanoVoteAjaxhandler();
+}
+function __enanoVoteAjaxhandler($allow_vote = true)
+{
+ global $db, $session, $paths, $template, $plugins; // Common objects
+ $ret = '';
+ if(!isset($_REQUEST['poll_id'])) { die_semicritical('Critical error in plugin', '$_REQUEST[\'poll_id\'] is not set'); $paths->main_page(); exit; }
+ if(!preg_match('/^([0-9]+)$/', $_REQUEST['poll_id'])) die('Hacking attempt'); // Prevents SQL injection from the URL
+ if(isset($_GET['results']))
+ {
+ $q = $db->sql_query('SELECT p.poll_id AS pid,o.item_id AS oid,p.poll_question AS q,o.option_value AS v FROM '.table_prefix.'polls p, '.table_prefix.'poll_options o WHERE p.poll_id=o.poll_id AND p.poll_id=\''.$_GET['poll_id'].'\';');
+ $l = Array();
+ while($row = $db->fetchrow())
+ {
+ if(!isset($l[$row['q']]))
+ {
+ $l[$row['q']] = Array();
+ $l[$row['q']]['pid'] = $row['pid'];
+ }
+ $l[$row['q']][] = $row;
+ }
+ // The reason we use array_rand() here? Simple - we used a WHERE clause to select only one poll, and since poll_id is
+ // a primary key, there is only one match in the polls table. Therefore, array_rand() effectively returns the first key in the array
+ $ques = array_rand($l);
+ $poll_id = $l[$ques]['pid'];
+ unset($l[$ques]['pid']);
+ $results = Array();
+ foreach($l[$ques] as $o)
+ {
+ $q = $db->sql_query('SELECT * FROM '.table_prefix.'poll_results WHERE poll_id='.$_GET['poll_id'].' AND item_id='.$o['oid'].';');
+ if(!$q) $db->_die('The poll result data could not be selected.');
+ $results[$o['v']] = $db->numrows();
+ }
+ $k = array_keys($results);
+ $total = 0;
+ foreach($k as $key)
+ {
+ $total = $total + $results[$key];
+ }
+ if($total==0) $total = 1;
+ // Figure out the percentage, round it, and send the images
+ $ret .= '';
+ } elseif(isset($_GET['voteform'])) {
+ $s = new Surveyor_Plugin();
+ $pid = (int)$_GET['poll_id'];
+ $ret .= $s->html($pid);
+ } else {
+ if(!isset($_POST['item_id']) || (isset($_POST['item_id']) && !preg_match('/^([0-9]+)$/', $_POST['item_id']))) die('Hacking attempt'); // Once again, ensure that only numbers are passed on the URL
+ if(isset($_GET['redirect']) && $_GET['redirect'] == 'no')
+ {
+ header('Content-type: text/plain');
+ $q = $db->sql_query('SELECT * FROM '.table_prefix.'poll_results WHERE poll_id='.$_POST['poll_id'].' AND ( ip_addr=\''.mysql_real_escape_string(ip2hex($_SERVER['REMOTE_ADDR'])).'\' OR user_id='.$session->user_id.' );');
+ if(!$q) $db->_die('Error obtaining vote result information');
+ if($db->numrows() > 0)
+ {
+ die('Looks like you already voted in this poll.');
+ }
+ $q = $db->sql_query('INSERT INTO '.table_prefix.'poll_results(poll_id,item_id,ip_addr,user_id) VALUES('.$_POST['poll_id'].', '.$_POST['item_id'].', \''.ip2hex($_SERVER['REMOTE_ADDR']).'\', '.$session->user_id.');');
+ if(!$q) $db->_die('Your vote could not be inserted into the results table.');
+ $ret .= 'Your vote has been cast.';
+ } else {
+ $paths->main_page();
+ }
+ }
+ return $ret;
+}
+
+function page_Admin_PollEditor()
+{
+ global $db, $session, $paths, $template, $plugins; if(!$session->sid_super || $session->user_level < 2) { header('Location: '.makeUrl($paths->nslist['Special'].'Administration'.urlSeparator.'noheaders')); die('Hacking attempt'); }
+ if(isset($_POST['newpoll_create']))
+ {
+ $date_string = $_POST['newpoll_year'].'-'.$_POST['newpoll_month'].'-'.$_POST['newpoll_day'].' '.$_POST['newpoll_hour'].':'.$_POST['newpoll_minute'].':00';
+ if(isset($_POST['newpoll_never']))
+ $date_string = '9999-01-01 00:00:00';
+ if(!$db->sql_query('INSERT INTO '.table_prefix.'polls(poll_question,enabled,end_time) VALUES(\''.mysql_real_escape_string($_POST['newpoll_name']).'\', 1, \''.$date_string.'\');')) $db->_die('The poll information could not be inserted.');
+ $q = $db->sql_query('SELECT poll_id FROM '.table_prefix.'polls WHERE poll_question=\''.mysql_real_escape_string($_POST['newpoll_name']).'\' AND end_time=\''.$date_string.'\';');
+ if(!$q) $db->_die('The new poll ID could not be fetched.');
+ $r = $db->fetchrow();
+ if(!$db->sql_query('INSERT INTO '.table_prefix.'poll_options(poll_id,option_value) VALUES('.$r['poll_id'].', \'First option\')')) $db->_die('The default option data could not be inserted.');
+ }
+
+ echo '