This repository was archived by the owner on Jan 13, 2018. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathviewthread.php
More file actions
107 lines (95 loc) · 3.82 KB
/
viewthread.php
File metadata and controls
107 lines (95 loc) · 3.82 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
<?php
include 'config.php';
include 'template.php';
$db = new mysqli($db_server, $db_user, $db_password) or die('<div class="failure">ERROR: Database connection failed</div>');
if($db->select_db($db_database))
{
if(isset($_GET['thread']))
{
$result = $db->query('SELECT title, type, question, tag FROM thread WHERE tid='.(int)$_GET['thread']);
$thread = $result->fetch_array();
if($thread)
{
$title = template_thread_title($thread['title'], $thread['type'], $thread['tag']);
template_head($title, 'Jason Gassel, Josh Galan, Matthew McKeller');
template_forum_header();
echo " <section class=\"thread\">\n";
echo " <h2>$title</h2>\n";
// Delete post
if(isset($_GET['delete']))
{
// Check permission to delete post
$result = $db->query('SELECT uid FROM post WHERE pid='.(int)$_GET['delete']);
$row = $result->fetch_array();
if($row)
{
if($row['uid'] == $_SESSION['uid'])
$db->query('DELETE FROM post WHERE pid='.(int)$_GET['delete']);
}
}
// Record vote, vulnerable to tampering but don't care right now
if(isset($_POST['submit']) && $_SESSION['uid'] != 0)
{
$chosen = intval($_POST['poll']);
$success = $db->query('INSERT INTO poll_vote (tid, uid, oid) VALUES('.$_GET['thread'].', '.$_SESSION['uid'].', '.$chosen.')');
if(!$success)
$db->query("UPDATE poll_vote SET oid =$chosen WHERE tid=".$_GET['thread'].' AND uid='.$_SESSION['uid']);
}
// Display poll
if($thread['type'] & ThreadType::Poll)
{
?>
<form name="postForm" action="viewthread.php?thread=<?= $_GET['thread']; ?>" method="post" class="poll">
<strong><?= $thread['question']; ?></strong><br />
<?php
$result = $db->query('SELECT oid, option_text FROM poll_option WHERE tid='.(int)$_GET['thread'].' ORDER BY oid');
$totalResult = $db->query('SELECT COUNT(uid) AS count FROM poll_vote WHERE tid='.(int)$_GET['thread']);
$total = $totalResult->fetch_array();
if($total)
$totalCount = $total['count'];
else
$totalCount = 0;
$first = true;
while($row = $result->fetch_array())
{
// Doing one poll option at a time rather than using GROUP BY to simplify the case where there's no votes
$votesResult = $db->query('SELECT COUNT(uid) AS count FROM poll_vote WHERE tid='.(int)$_GET['thread'].' AND oid='.$row['oid']);
$votes = $votesResult->fetch_array();
if($votes)
$voteCount = $votes['count'];
else
$voteCount = 0;
?>
<input type="radio" name="poll" value="<?= $row['oid']; ?>" <?= ($first ? 'checked = "checked" ' : '' ); ?>/><label for="option<?= $row['oid']; ?>">[<?= $voteCount; ?>/<?= $totalCount; ?>] <?= $row['option_text']; ?></label><br />
<?php
$first = false;
}
?>
<input type="submit" value="Vote" name="submit" />
</form>
<?php
}
$posts = $db->query('SELECT pid, uid, date, time, text FROM post WHERE tid='.(int)$_GET['thread'].' ORDER BY pid');
while($post = $posts->fetch_array())
{
template_post($db, (int)$_GET['thread'], $post['pid'], $post['uid'], $post['date'], $post['time'], $post['text']);
}
echo " </section>\n";
}
}
else
{
template_head('TODO', 'Jason Gassel, Josh Galan, Matthew McKeller');
template_forum_header();
echo " <h4 style=\"text-align: center;\">ERROR: Invalid Thread ID</h4>\n";
}
}
else
{
template_head('View Thread', 'Jason Gassel, Josh Galan, Matthew McKeller');
template_forum_header();
echo " <h4 style=\"text-align: center;\">Database not found: <a href=\"install.php\">Install</a></h4>\n";
}
$db->close();
template_footer();
?>