ljr/livejournal/htdocs/poll/index.bml

118 lines
3.4 KiB
Plaintext
Raw Normal View History

2019-02-05 21:49:12 +00:00
<?_code
{
use strict;
use vars qw(%FORM $title $body);
$title = $ML{'.title'};
$body = "";
# answers to checkbox questions are null-separated sequences
# since our inout correctness check rules out nulls, we change them
# to commas here rather than inside LJ::Poll::submit() .
foreach (values %FORM) {
s/\0/,/g;
}
unless (LJ::text_in(\%FORM)) {
$body = "<?badinput?>";
return;
}
my $remote = LJ::get_remote();
my $pollid = ($FORM{'id'} || $FORM{'pollid'})+0;
unless ($pollid) {
$body .= $ML{'.gotocreate'};
return;
}
my $dbr = LJ::get_db_reader();
my $po = $dbr->selectrow_hashref("SELECT itemid, whovote, journalid, posterid, whoview, whovote, name ".
"FROM poll WHERE pollid=?", undef, $pollid);
unless ($po) {
$title = $ML{'Error'};
$body = $ML{'.pollnotfound'};
return;
}
my $u = LJ::load_userid($po->{'journalid'});
my $jarg = $u->{'clusterid'} ? "journal=$u->{'user'}&amp;" : "";
my $mode = "";
foreach my $m ([ "enter", $ML{'.filloutpoll'} ], [ "results" , $ML{'.viewresults'} ]) {
if ($FORM{'mode'} eq $m->[0]) {
$mode = $FORM{'mode'};
$body .= "<b>[ $m->[1] ]</b> ";
} else {
$body .= "<a href=\"$LJ::SITEROOT/poll/?id=$pollid&amp;mode=$m->[0]\">[ $m->[1] ]</a> ";
}
}
# load the item being shown
my $udbr = LJ::get_cluster_reader($u);
my $itemid = int($po->{'itemid'} / 256);
my $anum = $po->{'itemid'} % 256;
my $log = $udbr->selectrow_hashref("SELECT * FROM log2 WHERE journalid=? AND jitemid=? AND anum=?",
undef, $u->{'userid'}, $itemid, $anum);
$log->{'ownerid'} = $log->{'journalid'};
unless ($log) {
$body = $ML{'.error.postdeleted'};
return;
}
unless (LJ::can_view($remote, $log)) {
$body = $ML{'.error.cantview'};
return;
}
$body .= "<a href='" . LJ::item_link($u, $itemid, $anum) . "'>[ $ML{'.discuss'} ]</a> ";
if ($FORM{'mode'} eq "ans") { $mode = "ans"; } # also allowed, but not shown
$body .= "<hr><p>";
if (defined $FORM{'poll-submit'})
{
unless (LJ::did_post()) {
$title = $ML{'Error'};
$body = $ML{'bml.requirepost'};
return;
}
unless (LJ::check_form_auth()) {
$title = $ML{'Error'};
$body = $ML{'error.invalidform'};
return;
}
my $error;
LJ::Poll::submit($remote, \%FORM, \$error);
if ($error) {
$title = $ML{'Error'};
$body .= $error;
return;
}
$title = $ML{'.submitted.title'};
$body .= "<?h1 $ML{'.submitted.head'} h1?><?p $ML{'.submitted.text'} p?>";
return;
}
my $opts = { 'mode' => $mode,
'qid' => $FORM{'qid'},
'prefill' => 1,
};
## itemid 0 means no security is done to check that it's not hijacked:
$body .= LJ::Poll::show_poll(0, $remote, $pollid, $opts);
return;
}
_code?><?page
title=><?_code return $title; _code?>
body=><?_code return $body; _code?>
page?><?_c <LJDEP>
lib: cgi-bin/ljlib.pl, cgi-bin/cleanhtml.pl
link: htdocs/poll/index.bml, htdocs/talkread.bml, htdocs/support/faqbrowse.bml, htdocs/poll/create.bml
</LJDEP> _c?>