118 lines
3.4 KiB
Plaintext
Executable File
118 lines
3.4 KiB
Plaintext
Executable File
<?_code
|
|
{
|
|
use strict;
|
|
use vars qw(%FORM $title $body);
|
|
|
|
$title = $ML{'.title'};
|
|
$body = "";
|
|
|
|
# answers to checkbox questions are null-separated sequences
|
|
# since our inout correctness check rules out nulls, we change them
|
|
# to commas here rather than inside LJ::Poll::submit() .
|
|
foreach (values %FORM) {
|
|
s/\0/,/g;
|
|
}
|
|
unless (LJ::text_in(\%FORM)) {
|
|
$body = "<?badinput?>";
|
|
return;
|
|
}
|
|
|
|
my $remote = LJ::get_remote();
|
|
|
|
my $pollid = ($FORM{'id'} || $FORM{'pollid'})+0;
|
|
|
|
unless ($pollid) {
|
|
$body .= $ML{'.gotocreate'};
|
|
return;
|
|
}
|
|
|
|
my $dbr = LJ::get_db_reader();
|
|
my $po = $dbr->selectrow_hashref("SELECT itemid, whovote, journalid, posterid, whoview, whovote, name ".
|
|
"FROM poll WHERE pollid=?", undef, $pollid);
|
|
unless ($po) {
|
|
$title = $ML{'Error'};
|
|
$body = $ML{'.pollnotfound'};
|
|
return;
|
|
}
|
|
|
|
my $u = LJ::load_userid($po->{'journalid'});
|
|
my $jarg = $u->{'clusterid'} ? "journal=$u->{'user'}&" : "";
|
|
|
|
my $mode = "";
|
|
foreach my $m ([ "enter", $ML{'.filloutpoll'} ], [ "results" , $ML{'.viewresults'} ]) {
|
|
if ($FORM{'mode'} eq $m->[0]) {
|
|
$mode = $FORM{'mode'};
|
|
$body .= "<b>[ $m->[1] ]</b> ";
|
|
} else {
|
|
$body .= "<a href=\"$LJ::SITEROOT/poll/?id=$pollid&mode=$m->[0]\">[ $m->[1] ]</a> ";
|
|
}
|
|
}
|
|
|
|
# load the item being shown
|
|
my $udbr = LJ::get_cluster_reader($u);
|
|
my $itemid = int($po->{'itemid'} / 256);
|
|
my $anum = $po->{'itemid'} % 256;
|
|
my $log = $udbr->selectrow_hashref("SELECT * FROM log2 WHERE journalid=? AND jitemid=? AND anum=?",
|
|
undef, $u->{'userid'}, $itemid, $anum);
|
|
$log->{'ownerid'} = $log->{'journalid'};
|
|
unless ($log) {
|
|
$body = $ML{'.error.postdeleted'};
|
|
return;
|
|
}
|
|
|
|
unless (LJ::can_view($remote, $log)) {
|
|
$body = $ML{'.error.cantview'};
|
|
return;
|
|
}
|
|
|
|
$body .= "<a href='" . LJ::item_link($u, $itemid, $anum) . "'>[ $ML{'.discuss'} ]</a> ";
|
|
|
|
if ($FORM{'mode'} eq "ans") { $mode = "ans"; } # also allowed, but not shown
|
|
|
|
$body .= "<hr><p>";
|
|
|
|
if (defined $FORM{'poll-submit'})
|
|
{
|
|
unless (LJ::did_post()) {
|
|
$title = $ML{'Error'};
|
|
$body = $ML{'bml.requirepost'};
|
|
return;
|
|
}
|
|
|
|
unless (LJ::check_form_auth()) {
|
|
$title = $ML{'Error'};
|
|
$body = $ML{'error.invalidform'};
|
|
return;
|
|
}
|
|
|
|
my $error;
|
|
LJ::Poll::submit($remote, \%FORM, \$error);
|
|
if ($error) {
|
|
$title = $ML{'Error'};
|
|
$body .= $error;
|
|
return;
|
|
}
|
|
$title = $ML{'.submitted.title'};
|
|
$body .= "<?h1 $ML{'.submitted.head'} h1?><?p $ML{'.submitted.text'} p?>";
|
|
return;
|
|
}
|
|
|
|
my $opts = { 'mode' => $mode,
|
|
'qid' => $FORM{'qid'},
|
|
'prefill' => 1,
|
|
};
|
|
|
|
## itemid 0 means no security is done to check that it's not hijacked:
|
|
$body .= LJ::Poll::show_poll(0, $remote, $pollid, $opts);
|
|
|
|
return;
|
|
}
|
|
_code?><?page
|
|
title=><?_code return $title; _code?>
|
|
body=><?_code return $body; _code?>
|
|
page?><?_c <LJDEP>
|
|
lib: cgi-bin/ljlib.pl, cgi-bin/cleanhtml.pl
|
|
link: htdocs/poll/index.bml, htdocs/talkread.bml, htdocs/support/faqbrowse.bml, htdocs/poll/create.bml
|
|
</LJDEP> _c?>
|
|
|