Untitled

// On line 82 of .htaccess (i.e., at the bottom of the "Misc" section), I added the following

RewriteRule ^cast_vote/([0-9]+)$ action.php?action=cast_vote&id=$1 [L]


// On line 354 of post.php (in the new topic/not editing section, just above "if ($namefag != '') {", I added code to validate poll options:

                // Is this a valid poll?
                if(!empty($_POST['option'][0]) && !empty($_POST['option'][1])) {
                    if(count($_POST['option']) > 10) {
                        $_POST['option'] = array_slice($_POST['option'], 0, 9);
                    }

                    foreach($_POST['option'] as $id => $text) {
                        if(empty($text)) {
                            unset($_POST['option'][$id]);
                        }
                        else if(strlen($text) > 80) {
                            $id = $id +1;
                            add_error('Poll option ' . $id . ' exceeded 80 characters.');
                        }
                    }
                    $poll = 1;
                }
                else {
                    $poll = 0;
                }


// One (what was now) line 342 of post.php, I changed the new topic creation query to include two new fields:

                    $stmt = $link->db_exec('INSERT INTO topics (author, author_ip, headline, body, last_post, time, namefag, tripfag, sticky, locked, poll) VALUES (%1, %2, %3, %4, UNIX_TIMESTAMP(), UNIX_TIMESTAMP(), %5, %6, %7, %8, %9)', $author, $_SERVER['REMOTE_ADDR'], $headline, $body, $namefag[0], $namefag[1], $sticky, $locked, $poll);


// Immediately below the line that follows that query ("$inserted_id = $link->insert_id();"), I added:

                    if($poll) {
                        foreach($_POST['option'] as $option) {
                            $stmt = $link->db_exec('INSERT INTO poll_options (`parent_id`, `option`) VALUES (%1, %2)', $inserted_id, $option);
                        }
                    }


// After "echo "<p>To post as a Wiseguy, just enter your name and tripcode. Your name will always have a Wiseguy link, unless you use no name at all.</p>"; }, I added

        if(!$reply) {
        ?>

        <p style="display:none;" id="attach_poll"><a href="javascript:void(0);" onclick="$('#attach_poll').hide(); $('#poll_fields').show()" >+ Attach poll</a></p>

        <div id="poll_fields">
            <p>To attach a poll to this thread, fill in at least <em>two</em> of the options below.</p>

            <div class="row">
                <label>Option #1</label>
                <input type="text" size="80" maxlength="80" name="option[]" value="<?php if($_POST['form_sent']) echo htmlspecialchars($_POST['option'][0]) ?>" class="inline" />
            </div>

            <div class="row">
                <label>Option #2</label>
                <input type="text" size="80" maxlength="80" name="option[]" value="<?php if($_POST['form_sent']) echo htmlspecialchars($_POST['option'][1]) ?>" class="inline" />
            </div>

            <div class="row">
                <label>Option #3</label>
                <input type="text" size="80" maxlength="80" name="option[]" value="<?php if($_POST['form_sent']) echo htmlspecialchars($_POST['option'][2]) ?>" class="inline" />
            </div>

            <div class="row">
                <label>Option #4</label>
                <input type="text" size="80" maxlength="80" name="option[]" value="<?php if($_POST['form_sent']) echo htmlspecialchars($_POST['option'][3]) ?>" class="inline" />
            </div>

            <div class="row">
                <label>Option #5</label>
                <input type="text" size="80" maxlength="80" name="option[]" value="<?php if($_POST['form_sent']) echo htmlspecialchars($_POST['option'][4]) ?>" class="inline" />
            </div>

            <div class="row">
                <label>Option #6</label>
                <input type="text" size="80" maxlength="80" name="option[]" value="<?php if($_POST['form_sent']) echo htmlspecialchars($_POST['option'][5]) ?>" class="inline" />
            </div>

            <div class="row">
                <label>Option #7</label>
                <input type="text" size="80" maxlength="80" name="option[]" value="<?php if($_POST['form_sent']) echo htmlspecialchars($_POST['option'][6]) ?>" class="inline" />
            </div>

            <div class="row">
                <label>Option #8</label>
                <input type="text" size="80" maxlength="80" name="option[]" value="<?php if($_POST['form_sent']) echo htmlspecialchars($_POST['option'][7]) ?>" class="inline" />
            </div>

            <div class="row">
                <label>Option #9</label>
                <input type="text" size="80" maxlength="80" name="option[]" value="<?php if($_POST['form_sent']) echo htmlspecialchars($_POST['option'][8]) ?>" class="inline" />
            </div>

            <div class="row">
                <label>Option #10</label>
                <input type="text" size="80" maxlength="80" name="option[]" value="<?php if($_POST['form_sent']) echo htmlspecialchars($_POST['option'][9]) ?>" class="inline" />
            </div>
        </div>

        <?php
            if(empty($_POST['option'][0])) {
                echo "<script>$('#attach_poll').show(); $('#poll_fields').hide()</script>";
            }
        }

        ?>


// I added the following to action.php

    case 'cast_vote':
        if( ! ctype_digit($_GET['id'])) {
            add_error('Invalid topic ID.', true);
        }

        $id = $_GET['id'];
        $page_title = 'Cast vote';

        if(ctype_digit($_POST['option_id'])) {
            check_token();

            $check_votes = $link->db_exec('SELECT 1 FROM poll_votes WHERE (ip = %1 OR uid = %2) AND parent_id = %3', $_SERVER['REMOTE_ADDR'], $_SESSION['UID'], $id);
            if($link->num_rows() == 0) {
                $record = $link->db_exec('INSERT INTO poll_votes (uid, ip, parent_id, option_id) VALUES (%1, %2, %3, %4)', $_SESSION['UID'], $_SERVER['REMOTE_ADDR'], $id, $_POST['option_id']);
                $increment_option = $link->db_exec('UPDATE poll_options SET votes = votes + 1 WHERE id = %1', $_POST['option_id']);
                $increment_poll = $link->db_exec('UPDATE topics SET poll_votes = poll_votes + 1 WHERE id = %1', $id);
            }
            else {
                add_error('You\'ve already voted in this poll.', true);
            }
            redirect('Thanks for voting.', 'topic/' . $id);
        }
        else {
            redirect('You need to select an option.', 'topic/' . $id);
        }

    break;


// In topic.php, I updated the statements near the start to include the two new fields.

if (ALLOW_IMAGES) {
    $stmt = $link->db_exec('SELECT topics.time, topics.author, topics.visits, topics.replies, topics.headline, topics.body, topics.edit_time, topics.edit_mod, images.file_name, topics.namefag, topics.tripfag, topics.sticky, topics.locked, topics.poll, topics.poll_votes FROM topics LEFT OUTER JOIN images ON topics.id = images.topic_id WHERE topics.id = %1', $_GET['id']);
} else {
    $stmt = $link->db_exec('SELECT time, author, visits, replies, headline, body, edit_time, edit_mod, namefag, tripfag, sticky, locked, poll, poll_votes FROM topics WHERE id = %1', $_GET['id']);
}

//...and...

if (ALLOW_IMAGES) {
    list($topic_time, $topic_author, $topic_visits, $topic_replies, $topic_headline, $topic_body, $topic_edit_time, $topic_edit_mod, $topic_image_name, $opnamefag, $optripfag, $sticky, $locked, $poll, $poll_votes) = $link->fetch_row($stmt);
} else {
    list($topic_time, $topic_author, $topic_visits, $topic_replies, $topic_headline, $topic_body, $topic_edit_time, $topic_edit_mod, $opnamefag, $optripfag, $sticky, $locked, $poll, $poll_votes) = $link->fetch_row($stmt);
}


// Immediately after the OP's post is output (line 125), I added the following to output the poll:

// Output poll.
if($poll) {
    $check_votes = $link->db_exec('SELECT option_id FROM poll_votes WHERE uid = %1 AND parent_id = %2', $_SESSION['UID'], $_GET['id']);
    list($voted) = $link->fetch_row($check_votes);

    if(!$voted) {
        echo '<form action="' . DOMAIN . 'cast_vote/' . $_GET['id'] . '" method="POST">';
        csrf_token();
    }

    $table = new table();

    $columns = array
    (
        'Poll option',
        'Votes',
        'Percentage',
        'Graph'
    );
    $table->define_columns($columns, 'Poll option');

    $options = $link->db_exec('SELECT poll_options.id, poll_options.option, poll_options.votes FROM poll_options WHERE poll_options.parent_id = %1', $_GET['id']);
    while(list($option_id, $option_text, $option_votes) = $link->fetch_row($options)) {
        if($poll_votes == 0) {
            $percent = 0;
        }
        else {
            $percent = round(100 * $option_votes / $poll_votes);
        }

        $values = array
        (
            htmlspecialchars($option_text),
            format_number($option_votes),
            $percent . '%',
            '<div class="bar_container help" style="width: 130px; padding:1px; border:1px solid #555" title=" ' . $option_votes . ' of ' . $poll_votes . ' "><div class="bar" style="width: ' . $percent . '%; height:.9em; background-color:#990000;"></div></div>'
        );

        if(!$voted) {
            $values[0] = '<input name="option_id" class="inline" value="' . $option_id . '" id="option_' . $option_id . '" type="radio" /><label for="option_' . $option_id . '" class="inline">' . $values[0] . '</label>';
        }
        else if($voted == $option_id) {
            $values[0] = '<strong title="You voted for this." class="help">' . $values[0] . '</strong>';
        }

        $table->row($values);
    }

    echo $table->output('options');
    if(!$voted) {
        echo '<div class="row"><input type="submit" name="cast_vote" value="Cast your vote" /></div></form>';
    }
}