Fixes Polls

Author: oliveratgithub

www/actions/poll_state.php

@@ -5,6 +5,8 @@
  */
 require_once __DIR__.'/../includes/poll.inc.php';
 
+global $polls;
+
 /** Input validation and sanitization */
 $pollId = filter_input(INPUT_GET, 'poll', FILTER_VALIDATE_INT) ?? null; // $_GET['poll']
 $pollState = filter_input(INPUT_GET, 'state', FILTER_DEFAULT, FILTER_REQUIRE_SCALAR) ?? null; // $_GET['state']
@@ -22,7 +24,7 @@
 	user_error('Invalid poll-id: '.$pollId, E_USER_ERROR);
 }
 
-$polls = new Polls();
+//$polls = new Polls(); --> Instantiated in poll.inc.php
 
 $e = $db->query('SELECT * FROM polls WHERE user=? AND id=?', __FILE__, __LINE__, 'SELECT', [$user->id, $pollId]);
 $d = $db->fetch($e);

www/actions/poll_unvote.php

@@ -3,21 +3,21 @@
  * Poll Unvote.
  * @packages zorg\Polls
  */
-require_once dirname(__FILE__).'/../includes/poll.inc.php';
+require_once __DIR__.'/../includes/poll.inc.php';
 
-/** Input validation and sanitization */
-$pollId = filter_input(INPUT_GET, 'poll', FILTER_VALIDATE_INT) ?? null; // $_GET['poll']
+global $polls;
 
 if(!$user->is_loggedin()) {
 	http_response_code(403); // Set response code 403 (Access denied)
 	user_error('Du bist nicht eingeloggt', E_USER_ERROR);
 }
+$pollId = filter_input(INPUT_GET, 'poll', FILTER_VALIDATE_INT) ?? null; // $_GET['poll']
 if(empty($pollId) || $pollId <= 0) {
 	http_response_code(404); // Set response code 404 (Not found)
 	user_error('Invalid poll-id: '.$pollId, E_USER_ERROR);
 }
 
-$polls = new Polls();
+//$polls = new Polls(); --> Instantiated in poll.inc.php
 
 $e = $db->query('SELECT * FROM polls WHERE id=?', __FILE__, __LINE__, 'SELECT', [$pollId]);
 $d = $db->fetch($e);

www/actions/poll_vote.php

@@ -5,34 +5,33 @@
  */
 require_once __DIR__.'/../includes/poll.inc.php';
 
-/** Input validation and sanitization */
-$poll = (filter_input(INPUT_POST, 'poll', FILTER_VALIDATE_INT) ?? (filter_input(INPUT_GET, 'poll', FILTER_VALIDATE_INT) ?? null)); // $_POST['poll'] / $_GET['poll']
-$vote = (filter_input(INPUT_POST, 'vote', FILTER_VALIDATE_INT) ?? (filter_input(INPUT_GET, 'vote', FILTER_VALIDATE_INT) ?? null)); // $_POST['vote'] / $_GET['vote']
-$redirect = base64url_decode(filter_input(INPUT_GET, 'redirect', FILTER_DEFAULT, FILTER_REQUIRE_SCALAR)) ?? null; // $_GET['redirect']
+global $polls;
 
 if (!$user->is_loggedin()) {
 	http_response_code(403); // Set response code 403 (Access denied)
 	user_error('Access denied', E_USER_ERROR);
 }
+$poll = (filter_input(INPUT_POST, 'poll', FILTER_VALIDATE_INT) ?? (filter_input(INPUT_GET, 'poll', FILTER_VALIDATE_INT) ?? null)); // $_POST['poll'] / $_GET['poll']
+$vote = (filter_input(INPUT_POST, 'vote', FILTER_VALIDATE_INT) ?? (filter_input(INPUT_GET, 'vote', FILTER_VALIDATE_INT) ?? null)); // $_POST['vote'] / $_GET['vote']
 if (empty($poll) || $poll <= 0 || empty($vote) || $vote <= 0) {
 	http_response_code(403); // Set response code 403 (Access denied)
 	user_error('Nice try', E_USER_ERROR);
 }
 
-if ($poll !== null && $vote !== null)
+if ($poll>0 && $vote>0)
 {
-	$polls = new Polls();
+	//$polls = new Polls(); --> Instantiated in poll.inc.php
 
 	$e = $db->query('SELECT p.* FROM polls p, poll_answers a WHERE a.poll=p.id AND p.id=? AND a.id=?', __FILE__, __LINE__, __FILE__, [$poll, $vote]);
 	$d = $db->fetch($e);
 
 	if ($d && $d['state']=='open' && $polls->user_has_vote_permission($d['type'])) {
-		$db->query('REPLACE INTO poll_votes (poll, user, answer) VALUES (?, ?, ?)',
-					__FILE__, __LINE__, 'REPLACE INTO poll_votes', [$poll, $user->id, $vote]);
+		$db->query('REPLACE INTO poll_votes (poll, user, answer) VALUES (?, ?, ?)', __FILE__, __LINE__, 'REPLACE INTO poll_votes', [$poll, $user->id, $vote]);
 	}else{
 		user_error('Invalid Poll/Vote "'.$poll.' / '.$vote.'"', E_USER_ERROR);
 	}
 
+	$redirect = base64url_decode(filter_input(INPUT_GET, 'redirect', FILTER_DEFAULT, FILTER_REQUIRE_SCALAR)) ?? null; // $_GET['redirect']
 	header('Location: '.$redirect);
 	exit;
 

www/includes/poll.inc.php

@@ -38,24 +38,34 @@ class Polls
 	 * @param $id Poll-ID to display
 	 * @global object $db Globales Class-Object mit allen MySQL-Methoden
 	 * @global object $user Globales Class-Object mit den User-Methoden & Variablen
-	 * @return string HTML-markup to display the Poll
+	 * @return string smarty->fetch() Results
 	 */
 	function show($id)
 	{
 		global $db, $user, $smarty;
 
+		/** Validate Parameters */
+		if (!is_numeric($id) || $id <= 0) {
+			$smarty->assign('error', ['type' => 'warn', 'title' => t('invalid-poll_id', 'poll', [$id]), 'dismissable' => false]);
+			return $smarty->fetch('file:layout/elements/block_error.tpl');
+		}
+		$id = intval($id);
+		zorgDebugger::log()->debug('poll %d', [$id]);
+
+		$sql = '';
 		$params = [];
-		$sql = 'SELECT p.* ,UNIX_TIMESTAMP(p.date) date ,(SELECT count(*) FROM poll_votes WHERE poll=?) total_votes
-					'.($user->is_loggedin() ? ',(SELECT answer FROM poll_votes WHERE poll=? AND user=?) myvote' : '').'
-				FROM polls p WHERE id=? GROUP BY p.id';
-		$params[] = $id;
 		if ($user->is_loggedin()) {
+			$sql = 'SELECT p.*, UNIX_TIMESTAMP(p.date) date, (SELECT count(*) FROM poll_votes WHERE poll=?) total_votes, (SELECT answer FROM poll_votes WHERE poll=? AND user=?) myvote FROM polls p WHERE id=? GROUP BY p.id';
+			$params[] = $id;
 			$params[] = $id;
 			$params[] = $user->id;
+			$params[] = $id;
+		} else {
+			$sql = 'SELECT p.*, UNIX_TIMESTAMP(p.date) date, (SELECT count(*) FROM poll_votes WHERE poll=?) total_votes FROM polls p WHERE id=? GROUP BY p.id';
+			$params[] = $id;
+			$params[] = $id;
 		}
-		$params = $id;
 		$poll = $db->fetch($db->query($sql, __FILE__, __LINE__, __FUNCTION__, $params));
-		//if (DEVELOPMENT) error_log(sprintf('[DEBUG] <%s:%d> $poll: %s', __FUNCTION__, __LINE__, print_r($poll,true)));
 
 		if (!empty($poll) && $poll !== false)
 		{
@@ -66,29 +76,28 @@ function show($id)
 			$smarty->assign('user_has_vote_permission', $user_has_vote_permission);
 			//if (DEVELOPMENT) error_log(sprintf('[DEBUG] <%s:%d> $user_has_vote_permission: %s', __FUNCTION__, __LINE__, ($user_has_vote_permission?'true':'false')));
 
-			/** Query Poll answers and return each answer with votes count */
-			$pollMaxvotes = ($poll['total_votes'] > 0 ? $poll['total_votes'] : 0);
-			$pollbarMaxwidth = 200;
-			$pollbarSize = 0;
-
-			//$e = $db->query('SELECT count(*) anz FROM poll_votes WHERE poll='.$id.' GROUP BY answer', __FILE__, __LINE__, __FUNCTION__);
-			$sql = 'SELECT a.*, count(v.user) votes FROM poll_answers a
-						LEFT JOIN poll_votes v ON v.answer=a.id
-					WHERE a.poll=? GROUP BY a.id ORDER BY a.id';
+			$sql = 'SELECT a.*, count(v.user) votes FROM poll_answers a LEFT JOIN poll_votes v ON v.answer=a.id WHERE a.poll=? GROUP BY a.id ORDER BY a.id';
 			$pollAnswers = $db->query($sql, __FILE__, __LINE__, __FUNCTION__, [$id]);
 			while ($pollAnswer = $db->fetch($pollAnswers))
 			{
 				$pollAnswersArray[$pollAnswer['id']] = $pollAnswer;
 
+				/** Query Poll answers and return each answer with votes count */
+				$pollMaxvotes = ($poll['total_votes'] > 0 ? $poll['total_votes'] : 0);
+				$pollbarMaxwidth = 200;
+				$pollbarSize = 0;
+
 				/** Poll votes result-bar calculations */
-				if ($pollAnswer['votes'] == 0) $pollbarSize = 1;
-				else $pollbarSize = round($pollAnswer['votes'] / $pollMaxvotes * $pollbarMaxwidth);
+				if (empty($pollAnswer['votes'])) {
+					$pollbarSize = 1;
+				} else {
+					$pollbarSize = round($pollAnswer['votes'] / $pollMaxvotes * $pollbarMaxwidth);
+				}
 				$pollAnswersArray[$pollAnswer['id']]['pollbar_size'] = $pollbarSize;
 				$pollAnswersArray[$pollAnswer['id']]['pollbar_space'] = $pollbarMaxwidth - $pollbarSize;
 
 				if ($poll['myvote'] == $pollAnswer['id']) {
 					if ($poll['myvote'] && $poll['state']=='open' && $user_has_vote_permission) {
-						//$old_url = base64url_encode("$_SERVER[PHP_SELF]?".url_params());
 						$pollAnswersArray[$pollAnswer['id']]['unvote_url'] = '/actions/poll_unvote.php?poll='.$poll['id'].'&redirect='.getURL();
 					}
 				}
@@ -117,12 +126,12 @@ function show($id)
 				$smarty->assign('voters', $pollVotersArray);
 			}
 
-			$smarty->display('file:layout/partials/polls/poll.tpl');
+			return $smarty->fetch('file:layout/partials/polls/poll.tpl');
 
 		/** Poll not found - $id invalid */
 		} else {
 			$smarty->assign('error', ['type' => 'warn', 'title' => t('invalid-poll_id', 'poll', [$id]), 'dismissable' => false]);
-			$smarty->display('file:layout/elements/block_error.tpl');
+			return $smarty->fetch('file:layout/elements/block_error.tpl');
 		}
 	}
 
@@ -143,7 +152,7 @@ function user_has_vote_permission($poll_type)
 	}
 
 	/**
-	 * Updates the title and options of a poll.
+	 * // TODO Updates the title and options of a poll.
 	 * @link https://zorg.ch/bug/765 [Bug #765] Edit-Link bei bestehenden My Polls fehlt
 	 *
 	 * @version 1.0
@@ -173,4 +182,29 @@ public function update($poll_id, $title, $type, $answers) {
 
 		return true;
 	}
+
+	/**
+	 * Return all Poll IDs
+	 *
+	 * @version 1.0
+	 * @since 1.0 `11.01.2024` `IneX` Method added
+	 *
+	 * @global object $db Globales Class-Object mit allen MySQL-Methoden
+	 * @return array Array with all IDs of all Polls
+	 */
+	public function getAll()
+	{
+		global $db;
+
+		$polls = [];
+		$e = $db->query('SELECT id FROM polls ORDER BY date DESC', __FILE__, __LINE__, 'SELECT id FROM polls');
+		while ($d = $db->fetch($e)) {
+		 	$polls[] = $d['id'];
+		}
+
+		return $polls;
+	}
 }
+
+/** Instantiate Polls */
+$polls = new Polls();

www/includes/smarty.fnc.php

@@ -20,7 +20,6 @@
 include_once INCLUDES_DIR.'go_game.inc.php';
 include_once INCLUDES_DIR.'quotes.inc.php';
 include_once INCLUDES_DIR.'stockbroker.inc.php';
-include_once INCLUDES_DIR.'util.inc.php';
 include_once INCLUDES_DIR.'poll.inc.php';
 include_once INCLUDES_DIR.'stl.inc.php';
 include_once INCLUDES_DIR.'error.inc.php';
@@ -587,11 +586,13 @@ function smarty_new_tpl_link ($params, $content, &$smarty, &$repeat) {
 
 		return '<a href="/?tpleditor=1&tplupd=new&location='.base64url_encode($_SERVER['PHP_SELF'].'?'.url_params()).'">'.$content.'</a>';
 	}
-	function smarty_edit_link ($params, $content, &$smarty, &$repeat) {
-
+	function smarty_edit_link ($params, $content, &$smarty, &$repeat)
+	{
 		if (!$repeat) {  // closing tag
 			if ($params['tpl']) {
 				$tpl = $params['tpl'];
+				$rights = 0;
+				$owner = 0;
 			}else{
 				$vars = $smarty->get_template_vars();
 				$tpl = $vars['tpl']['id'];
@@ -740,12 +741,13 @@ function smarty_getdailyquote ($params) {
  */
 	function smarty_poll ($params)
 	{
-		if (!isset($params['id']) || empty($params['id']) || !is_numeric($params['id']))
+		global $polls;
+		if (!isset($params['id']) || empty($params['id']) || !is_numeric($params['id']) || intval($params['id'])<=0)
 		{
 			return smarty_error(['msg' => t('invalid-poll_id', 'poll', [$params['id']])]);
 		} else {
-			$poll = new Polls();
-			return $poll->show($params['id']);
+			//$poll = new Polls(); --> Instantiated in poll.inc.php
+			return $polls->show(intval($params['id']));
 		}
 	}
 

www/packages/polls.php

@@ -0,0 +1,19 @@
+<?php
+/**
+ * Polls Packages
+ *
+ * Holt und übergibt Polls an Smarty
+ *
+ * @version 1.0
+ * @since 1.0 `11.01.2024` `IneX` Package added
+ *
+ * @package		zorg\Polls
+ */
+
+/**
+ * @global object $polls Globales Class-Object mit allen Polls-Methoden
+ */
+global $polls;
+
+//$polls = new Polls(); --> Instantiated in poll.inc.php
+$smarty->assign('polls', $polls->getAll());

www/scripts/poll_editor.php

@@ -1,21 +1,19 @@
 <?php
-require_once dirname(__FILE__).'/../includes/config.inc.php';
+require_once __DIR__.'/../includes/config.inc.php';
 require_once INCLUDES_DIR.'usersystem.inc.php';
 
 global $smarty, $user;
 
 if ($user->is_loggedin())
 {
-	$types = array();
-	$types_n = array();
-	$types[] = 'standard';
-	$types_n[] = 'Standard';
-	
-	if ($user->typ == USER_MEMBER) {
+	$types = ['standard'];
+	$types_n = ['Standard'];
+
+	if ($user->typ >= USER_MEMBER) {
 		$types[] = 'member';
 		$types_n[] = 'Member';
 	}
-	
+
 	$smarty->assign('poll_types_v', $types);
 	$smarty->assign('poll_types_n', $types_n);
 } else {

www/scripts/poll_my.php

@@ -3,8 +3,8 @@
 
 if ($user->is_loggedin())
 {
-	$e = $db->query('SELECT * FROM polls WHERE user='.$user->id.' ORDER BY date DESC', __FILE__, __LINE__, 'SELECT * FROM polls');
-	$polls = array();
+	$polls = [];
+	$e = $db->query('SELECT * FROM polls WHERE user=? ORDER BY date DESC', __FILE__, __LINE__, 'SELECT polls of User', [$user->id]);
 	while ($d = $db->fetch($e)) {
 		$polls[] = $d['id'];
 	}

www/scripts/poll_overview.php

@@ -1,8 +1,8 @@
 <?php
 global $db, $user, $smarty;
 
-$e = $db->query('SELECT * FROM polls ORDER BY date DESC', __FILE__, __LINE__);
-$polls = array();
+$polls = [];
+$e = $db->query('SELECT * FROM polls ORDER BY date DESC', __FILE__, __LINE__, 'SELECT * FROM polls');
 while ($d = $db->fetch($e)) {
 	$polls[] = $d['id'];
 }