From 5f4afcc8cb6dcc5dcbe4d5161fad5372eb5f6435 Mon Sep 17 00:00:00 2001 From: Callan Barrett Date: Sun, 30 Dec 2007 08:56:33 +0900 Subject: Add support for variable length votes in voting application Signed-off-by: Callan Barrett --- web/html/addvote.php | 38 +++++++++++++++++++++++++++----------- 1 file changed, 27 insertions(+), 11 deletions(-) (limited to 'web/html/addvote.php') diff --git a/web/html/addvote.php b/web/html/addvote.php index 91a0658..ef1c6c3 100644 --- a/web/html/addvote.php +++ b/web/html/addvote.php @@ -18,36 +18,48 @@ if ($atype == "Trusted User" OR $atype == "Developer") { $dbh = db_connect(); if (!empty($_POST['addVote'])) { - $aweek = 60*60*24*7; $error = ""; - if (!empty($_REQUEST['user'])) { - $qcheck = "SELECT * FROM Users WHERE Username = '" . mysql_real_escape_string($_REQUEST['user']) . "'"; + if (!empty($_POST['user'])) { + $qcheck = "SELECT * FROM Users WHERE Username = '" . mysql_real_escape_string($_POST['user']) . "'"; $check = mysql_num_rows(db_query($qcheck, $dbh)); if ($check == 0) { $error.= "
Username does not exist.
"; } else { - $qcheck = "SELECT * FROM TU_VoteInfo WHERE User = '" . mysql_real_escape_string($_REQUEST['user']) . "'"; - $qcheck.= " AND Submitted + " . $aweek . " > UNIX_TIMESTAMP()"; + $qcheck = "SELECT * FROM TU_VoteInfo WHERE User = '" . mysql_real_escape_string($_POST['user']) . "'"; + $qcheck.= " AND End > UNIX_TIMESTAMP()"; $check = mysql_num_rows(db_query($qcheck, $dbh)); if ($check != 0) { - $error.= "
" . mysql_real_escape_string($_REQUEST['user']) . " already has proposal running for them.
"; + $error.= "
" . htmlentities($_POST['user']) . " already has proposal running for them.
"; } } } - if (empty($_REQUEST['agenda'])) { + if (!empty($_POST['length'])) { + if (!is_numeric($_POST['length'])) { + $error.= "
Length must be a number.
"; + } else if ($_POST['length'] < 1) { + $error.= "
Length must be at least 1.
"; + } else { + $len = (60*60*24)*$_POST['length']; + } + } else { + $len = 60*60*24*7; + } + + if (empty($_POST['agenda'])) { $error.= "
Proposal cannot be empty.
"; } } if (!empty($_POST['addVote']) && empty($error)) { - $q = "INSERT INTO TU_VoteInfo (Agenda, User, Submitted, SubmitterID) VALUES "; - $q.= "('" . mysql_real_escape_string($_REQUEST['agenda']) . "', "; - $q.= "'" . mysql_real_escape_string($_REQUEST['user']) . "', "; - $q.= "UNIX_TIMESTAMP(), " . uid_from_sid($_COOKIE["AURSID"]) . ")"; + $q = "INSERT INTO TU_VoteInfo (Agenda, User, Submitted, End, SubmitterID) VALUES "; + $q.= "('" . mysql_real_escape_string($_POST['agenda']) . "', "; + $q.= "'" . mysql_real_escape_string($_POST['user']) . "', "; + $q.= "UNIX_TIMESTAMP(), UNIX_TIMESTAMP() + " . mysql_real_escape_string($len); + $q.= ", " . uid_from_sid($_COOKIE["AURSID"]) . ")"; db_query($q, $dbh); print "

New proposal submitted.

\n"; @@ -60,6 +72,10 @@ if ($atype == "Trusted User" OR $atype == "Developer") { '> (empty if not applicable)
+Length in days: +'> +(defaults to 7 if empty) +
Proposal:

-- cgit v1.2.3-70-g09d2