-
Notifications
You must be signed in to change notification settings - Fork 0
/
index.php
143 lines (125 loc) · 6.42 KB
/
index.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
<?php
# global toggle to disable voting
$voting = true;
# send proper HTTP Content-Type header
header('Content-Type: text/html; charset=utf-8');
# only enable during development
#ini_set('error_reporting', -1);
#ini_set('display_errors', 1);
# include database login data: $host, $db, $user, $pass
require_once 'dbdata.inc.php';
# create database connection and set default fetch mode
$dbh = new PDO("mysql:host=$host;dbname=$db", $user, $pass);
$dbh->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_ASSOC);
# evaluate GET parameters
if (isset($_GET['name']) && !empty($_GET['name']) && isset($_GET['k']) && !empty($_GET['k'])) {
$name = $_GET['name'];
$k = $_GET['k'];
}
# evaluate POST parameters
if (isset($_POST['name']) && !empty($_POST['name']) && isset($_POST['k']) && !empty($_POST['k']) && isset($_POST['vote']) && !empty($_POST['vote'])) {
$name = $_POST['name'];
$k = $_POST['k'];
$vote = $_POST['vote'];
}
# name and key present, validate
if (isset($name) && isset($k)) {
# compare the stored hash with the supplied name & key, using the stored salt, never mind the \n
$stmt = $dbh->prepare("SELECT STRCMP(SHA1(CONCAT(salt,:name,:k,'\n')), hash) AS cmp, id FROM users WHERE name=:name");
# different way to use bind parameters
//$stmt->bindParam(':name', $name, PDO::PARAM_STR, 13);
//$stmt->bindParam(':k', $k, PDO::PARAM_STR, 13);
# bind parameters & execute query
$stmt->execute(array('name' => $name, 'k' => $k));
# fetch and check result and act accordingly
while($row = $stmt->fetch()) {
if (isset($row['cmp']) && $row['cmp'] != 0) {
die("Ungültige Benutzerdaten!");
} else {
# stupid way of saying the authorization data was valid
$id = $row['id'];
}
}
}
# someone voted!
if ($voting && isset($id) && isset($vote)) {
$votes = array();
for ($i = 1; $i <= 7; $i++) {
if (isset($_POST[$i]) && ($_POST[$i] >= 0) && ($_POST[$i] <=2 )) {
$votes[$i] = $_POST[$i];
}
}
# prepare insert/update statement
$stmt = $dbh->prepare("INSERT INTO votes (day, user, vote) VALUES (:i, :id, :vote) ON DUPLICATE KEY UPDATE day=:i, user=:id, vote=:vote");
for ($i = 1; $i <= 7; $i++) {
# bind & execute
$stmt->execute(array('i' => $i, 'id' => $id, 'vote' => $votes[$i]));
}
}
# really stupid, error-prone but simple way of differentiating between at least Firefox and Chrome
$gecko = strpos($_SERVER['HTTP_USER_AGENT'],"Gecko/");
$webkit= strpos($_SERVER['HTTP_USER_AGENT'],"AppleWebKit");
# never mind the horrible way of going into and out of php for conditional blocks and simple prints, that could probably be simplified
?>
<!DOCTYPE HTML>
<html>
<head>
<title>HddF Raidtage-Vote</title>
<base href="https://www.hüter.net/vote/" />
<style type="text/css">
div { margin-bottom: 20px; }
#wrapper { margin-left: auto; margin-right: auto; width: 800px; text-align: center; font-family: sans-serif;}
table { margin-left: auto; margin-right: auto; }
<?php if ($webkit) { ?> td { padding: 0px 10px 0px 10px; } <?php } ?>
</style>
</head>
<body>
<div id="wrapper">
<h1>Raidtage-Vote</h1>
<h2>Gammelig, und ohne Style!</h2>
<div id="help">
<?php if (!$webkit) { ?>Gib bitte eine Zahl zwischen 0 und 2 ein, je nach dem, wie gut dir der jeweilige Tag passt.<br />0 = passt schlecht, 1 = akzeptabel, 2 = passt gut.<?php } ?>
</div>
<div id="results">
<?php
# get the maximum number of votes possible (users' votes can range from 0 to 2, so the maximum is 2 * number of users)
$rows = $dbh->query('SELECT COUNT(id) AS num_users FROM users');
$row = $rows->fetch();
$numvotes = 2*$row['num_users'];
# get the number of votes for the days with the lowest votes and highest votes, respectively
$rows = $dbh->query('SELECT MIN(votes) AS minvote, MAX(votes) AS maxvote FROM (SELECT SUM(vote) AS votes FROM votes GROUP BY day) AS sums');
$row = $rows->fetch();
$maxvote = $row['maxvote'];
$minvote = $row['minvote'];
# for each day (by id) get the sum of the votes and then get the votes per day (by name) from that
# call the image create script for each one, passing: actual number of votes, maximum number of votes, lowest vote, highest vote, name of the day
foreach($dbh->query("SELECT a.day AS dayname, b.vote FROM days a JOIN (SELECT day, SUM(vote) AS vote FROM votes GROUP BY day) b ON b.day=a.id") as $row) { ?>
<img alt="<?php print($row['dayname']) ?>" title="<?php print($row['dayname']) ?>" src="image.php?votes=<?php print($row['vote']) ?>&max=<?php print($numvotes) ?>&low=<?php print($minvote) ?>&high=<?php print($maxvote) ?>&day=<?php print($row['dayname']) ?>" />
<?php } ?>
</div>
<?php if (isset($id)) { ?>
<form action="<?php print("/vote/$name/$k") ?>" method="POST">
<input type="hidden" name="name" value="<?php if (isset($name)) print($name); ?>" />
<input type="hidden" name="k" value="<?php if (isset($name)) print($k); ?>" />
<input type="hidden" name="vote" value="true" />
<table>
<?php foreach($dbh->query('SELECT id,day FROM days ORDER BY id ASC') as $row) { ?>
<tr><td><?php print($row['day']) ?>:</td>
<?php if ($webkit) { ?>
<td>schlechter</td><td><input type="range" name="<?php print($row['id']) ?>" min="0" max="2" default="1" /></td><td>besser</td></tr>
<?php } else { ?>
<td><input type="text" name="<?php print($row['id']) ?>" pattern="[012]" required="required" placeholder="1" /></td></tr>
<?php }} ?>
</table>
<input type="submit" value="Absenden!" <?php if (!$voting) print('disabled="disabled"'); ?>/>
</form>
<?php if ($voting) { ?>
Ihr könnt beliebig oft eure Auswahl verändern und wieder auf "absenden" klicken, eure neue Auswahl überschreibt dann eure vorherige.
<?php } else { ?>
Die Abstimmung wurde deaktiviert.
<?php } ?>
<?php } ?>
</div>
</body>
</html>
<?php $dbh = null; ?>