-
Notifications
You must be signed in to change notification settings - Fork 1
/
registervote.php
109 lines (86 loc) · 2.78 KB
/
registervote.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
<?php
session_start();
include 'inc/checker.php';
include 'inc/config.php';
// Registering Vote to a poll!
$pollid=$_GET['pollid'];
$userid=$_GET['userid'];
$optionid=$_GET['optionid'];
if($userid!=$_SESSION['polluserid'])
echo "Unauthorised."; // First step, if user is not authenticated.
else if($pollid && $userid && $userid==$_SESSION['polluserid'] && $optionid>=0){
// Main execution.
$sampquery=$db->query("SELECT * FROM ".$subscript."polls WHERE pollid='".$pollid."'");
$retquery=$db->query("SELECT * FROM ".$subscript."pollvotes WHERE userid='".$userid."' AND pollid='".$pollid."'");
if($db->numrows($retquery)==0 && $db->numrows($sampquery)>0)
{
$checker1=$db->fetch($sampquery);
$nooptions=$checker1['nooptions'];
if($optionid<$nooptions)
{
// Getting the assoc array to edit the results.
$result=unserialize($checker1['results']);
// Editing
$result=($checker1['results']);
$results=unserialize($result);
foreach ($results as $key => $value) {
if($key==$optionid){
$results[$key]=$results[$key]+1;
}
}
$results=serialize($results); // To be stored inside the Database.
if($db->query("INSERT INTO ".$subscript."pollvotes(pollid,userid,voteindex) VALUES('$pollid','$userid','$optionid')") && $db->query("UPDATE ".$subscript."polls SET results='$results' WHERE pollid='$pollid'"))
{
echo "200"; // No error. Successful execution.
}
else{
echo "500"; // Some Error.
}
}
else
echo "300"; // Invalid Option ID.
}
else if($db->numrows($sampquery)>0 && $db->numrows($retquery)>0){
$checkerobject=$db->fetch($retquery);
// Obtained Object to check which option had gotten the vote.
$checker1=$db->fetch($sampquery);
$nooptions=$checker1['nooptions'];
$prevoption=$checkerobject['voteindex'];
$voteid=$checkerobject['voteid'];
if($optionid<$nooptions)
{
if($prevoption==$optionid)
echo "Already Registered.";
else
{
$result=unserialize($checker1['results']);
// Editing
$result=($checker1['results']);
$results=unserialize($result);
foreach ($results as $key => $value) {
if($key==$prevoption){
$results[$key]=$results[$key]-1;
}
if($key==$optionid){
$results[$key]=$results[$key]+1;
}
}
$results=serialize($results); // To be stored inside the Database.
if($db->query("UPDATE ".$subscript."pollvotes SET voteindex='$optionid' WHERE userid='$userid' AND pollid='$pollid' AND voteid='$voteid'") && $db->query("UPDATE ".$subscript."polls SET results='$results' WHERE pollid='$pollid'")) // No injection and no need to update no of votes of user and so on.
echo "200";
else
echo "500";
}
}
else{
echo "300"; // Invalid Option ID.
}
}
else{
echo "500";
}
}
else{
echo "500";
}
?>