submit user vote britch council

1. <?php
2. header('P3P: CP="CAO PSA OUR"');
3. //require_once 'config.php';
4. require_once 'facebook/facebook.php';
5. $facebook = new Facebook(array(
6. 'appId' => '138686456312470',
7. 'secret' => 'f0d8d3bc8f575bc68f6a580b61a0c3f6',
8. 'cookie' => true,
9. "oauth" => true
10. ));
11.  
12. //$request = $facebook->getSignedRequest();
13. $request=$_SESSION['signedRequest'] ;
14.  
15. /*if(isset($request)){
16. $_SESSION['signedRequest'] = $request;
17.  
18. }
19. else $request = $_SESSION['signedRequest']; */
20.  
21. //var_dump($request);
22. if($_GET["usl"] != null && isset($_GET["usl"]))
23. {
24. $liked = $_GET["usl"];
25. }
26. else
27. { //echo "asdsadsadasdsad";
28. if( $request['page']['liked'] == 1 )
29. {
30. $liked = 1;
31.  
32. // Get User ID
33. $user = $facebook->getUser();
34.  
35. if ($user) {
36. try {
37. $user_profile = $facebook->api('/me');
38. } catch (FacebookApiException $e) {
39. error_log($e);
40. $user = null;
41. }
42. }
43.  
44. //https://www.facebook.com/pages/BritishCouncilLebanon/335428453222155?sk=app_169635233185732
45. if ($user) {
46. } else {
47. $loginUrl = $facebook->getLoginUrl(array(
48. 'canvas'=> 1,
49. 'fbconnect'=>1,
50. "scope"=>"email,publish_stream,status_update,user_birthday,user_location,user_work_history",
51. "next"=>'https://www.facebook.com/BritishCouncilLebanon/app_138686456312470')
52. );
53. echo "<script type='text/javascript'>top.location.href = '$loginUrl'</script>";
54. exit;
55. }
56. }
57. else
58. {
59. $liked = 0;
60. }
61. }
62. if ($user){
63.  
64. mysql_connect("localhost", "yasserc" , "Qkjf7v1&pcHj");
65. mysql_set_charset("utf8");
66. mysql_select_db("yasserc_britishcouncil");
67.  
68. if($_GET["partid"] != null && isset($_GET["partid"]))
69. {
70. $partid = $_GET["partid"];
71. }
72.  
73. $countquery = "SELECT COUNT(*) AS num FROM voter WHERE voter_id = $user";
74. $res = mysql_query($countquery);
75. $countRow = mysql_fetch_array($res);
76.  
77. if($countRow["num"] == 0)
78. {
79. $voterInsertQuery = "INSERT INTO voter VALUES( '$user',NOW())";
80. mysql_query($voterInsertQuery);
81.  
82. //Mysql Update -- Add One Vote
83. $mysqlUpdateQuery = "UPDATE participants SET votes = votes+1 WHERE id = ".$partid;
84. mysql_query($mysqlUpdateQuery);
85.  
86. //Redirect to thank you for voting page
87. header("Location: thankyouvote.php");
88. }
89. else
90. {
91. $mysqlselectQuery = "SELECT * FROM voter WHERE voter_id = $user";
92. $result = mysql_query($mysqlselectQuery);
93. $row = mysql_fetch_array($result);
94.  
95. //Check time limitations
96. $atoms = explode('-',$row["voter_time_last_voted"]);
97. $lastVotedYear = intval($atoms[0]);
98. $lastVotedMonth = intval($atoms[1]);
99. $lastVotedDay = intval($atoms[2]);
100.  
101. $currentDate = date("Y-m-d");
102. $curdate = explode('-', $currentDate);
103. $curYear = intval($curdate[0]);
104. $curMonth = intval($curdate[1]);
105. $curDay = intval($curdate[2]);
106.  
107. $valid = 0;
108.  
109. if($curYear >= $lastVotedYear && $curMonth >= $lastVotedMonth)
110. {
111. if ( $curMonth > $lastVotedMonth)
112. {
113. $valid = 1;
114. }
115. else if ($curMonth == $lastVotedMonth)
116. {
117. if ($curDay > $lastVotedDay)
118. {
119. $valid = 1;
120. }
121. else
122. {
123. $valid = 0;
124. }
125. }
126. else
127. {
128. $valid = 0;
129. }
130. }
131. else
132. {
133. $valid = 0;
134. }
135.  
136. //Add TO voter table to check 24 hour restriction
137. if ($valid == 1 && $facebook->api('/me'))
138. {
139. //Mysql Update -- Add One Vote
140. $mysqlUpdateQuery = "UPDATE participants SET votes = votes+1 WHERE id = ".$partid;
141. mysql_query($mysqlUpdateQuery);
142. echo mysql_error();
143.  
144. //Mysql UPDATE time last voted
145. $mysqlUpdateQuery = "UPDATE voter SET voter_time_last_voted = NOW() WHERE voter_id = ".$user;
146. mysql_query($mysqlUpdateQuery);
147. echo mysql_error();
148.  
149.  
150. //check Fraud
151. honeypot();
152.  
153.  
154.  
155. $mysqlInsertQuery = "INSERT INTO vote_transaction VALUES ('$user','$username',$partid,NOW())";
156. mysql_query($mysqlInsertQuery);
157. echo mysql_error();
158.  
159. mysql_select_db("yasserc_mailing");
160.  
161. $mysqlInsertToMailListQuery = "INSERT IGNORE INTO list VALUES ('$user', '$username', '$usermail', 'BritishCouncilApp', NOW())";
162. mysql_query($mysqlInsertToMailListQuery);
163. echo mysql_error();
164.  
165. //Redirect to thank you for voting page
166. header("Location: thankyouvote.php");
167. }
168. else
169. {
170. header("Location: youhavealreadyvoted.php");
171. }
172. }
173. }
174.  
175. else {
176.  
177. echo '<script>window.top.location.href = "https://www.facebook.com/BritishCouncilLebanon/app_138686456312470"</script>';
178.  
179. }
180.  
181. ?>