News:

SMF 2.1.4 has been released! Take it for a spin! Read more.

Main Menu

bug with ssi_showPoll

Started by sykic, December 16, 2006, 07:13:32 PM

Previous topic - Next topic

sykic

ssi_showPoll does not allow users to vote even when they should be able to
if the user goes ito the topic within the forum then they can vote


The admin is allowed to vote when logged in and using  ssi_showPoll

I confirmed this but setting a test user to have all permissions still could not vote
I then made them an admin and they could then vote via ssi_showPoll


I am confused as ssi_showPoll seems to call the same function as those within the forum?
Any guidance where I should look would be appreciated

hope I have posted this in the right place


Sykic


by the way using SMF1.1 no mods except grabmessage

sykic

JUst relised I think it is this DB acces that is wrong but can not see where


$request = db_query("
SELECT ID_MEMBER
FROM {$db_prefix}log_polls
WHERE ID_POLL = $row[ID_POLL]
AND ID_MEMBER = $ID_MEMBER
LIMIT 1", __FILE__, __LINE__);
$allow_vote = mysql_num_rows($request) == 0;
mysql_free_result($request);



sykic

codenaught

This does seem to be a bug in SMF. Can you try the following change?

Find (in SSI.php - showPoll function)

$request = db_query("
SELECT
p.ID_POLL, p.question, p.votingLocked, p.hideResults, p.expireTime, p.maxVotes
FROM ({$db_prefix}topics AS t, {$db_prefix}polls AS p, {$db_prefix}boards AS b)


Change to:

$request = db_query("
SELECT
p.ID_POLL, p.question, p.votingLocked, p.hideResults, p.expireTime, p.maxVotes, b.ID_BOARD
FROM ({$db_prefix}topics AS t, {$db_prefix}polls AS p, {$db_prefix}boards AS b)


Next find:

elseif ($user_info['is_guest'] || !empty($row['votingLocked']) || !allowedTo('poll_vote'))
$allow_vote = false;


Change to:

elseif ($user_info['is_guest'] || !empty($row['votingLocked']) || !allowedTo('poll_vote', array($row['ID_BOARD'])))
$allow_vote = false;

Dev Consultant
Former SMF Doc Coordinator

sykic

Well done   :) :) :)

that seems to fix the problem with a very quick check
I will let you know if it hasn't after further testing

where do I report the bug properly so it gets fixed in the next release ?
where are known bugs listed ?

I feel I have helped a bit improving SMF 8)


sykic

codenaught

I have already reported it myself. The bug tracker is currently internal and private to the team. However we are making plans on opening it up a bit to the public soon. In the meantime, if you find future bugs, please report them right here in the SMF Coding Discussion board.

Thanks for reporting this. :)
Dev Consultant
Former SMF Doc Coordinator

Kender

looking at this fix, i seem to get results still for guest, but not for registered users anymore, is there a fix to make it so guest sees options, but not able to vote?
http://chucknorris2012.com  Avoid a roundhouse kick to the head!  Sign the petition

[SiNaN]

Former SMF Core Developer | My Mods | SimplePortal

Kender

Quote from: [SiNaN] on February 19, 2008, 09:18:43 AM
This could help may be:

http://www.simplemachines.org/community/index.php?topic=207377.0
from the look of that conversation, the end result was still not showing poll options to guests, only members, while guests saw results -- and the last line in that discussion brought us full circle back to this post, and its fix (which again, does not allow guest to see options, only results)
http://chucknorris2012.com  Avoid a roundhouse kick to the head!  Sign the petition

Kender

i did a hack to get this to work how i wanted.

Guest sees options, with button that is disabled, saying login to vote
user with voting permissions sees options,  with button to vote
admin sees options with button to vote

once voted, you see results (except guest again, who will see disabled options)

FIND (assuming you made changes suggested earlier in the thread)

// Check if they can vote.
if ($user_info['is_guest'] || !empty($row['expireTime']) && $row['expireTime'] < time())
$allow_vote = false;


REPLACE WITH (removing the bit about guests)

// Check if they can vote.
if (!empty($row['expireTime']) && $row['expireTime'] < time())
$allow_vote = false;


FIND

if ($return['allow_vote'])


ADD BEFORE

if ($user_info['is_guest'])
{
echo '
<form action="', $boardurl, '/SSI.php?ssi_function=pollVote" method="post" accept-charset="', $context['character_set'], '">
<input type="hidden" name="poll" value="', $return['id'], '" />
<table border="0" cellspacing="1" cellpadding="0" class="ssi_table">
<tr>
<td><b>', $return['question'], '</b></td>
</tr>
<tr>
<td>', $return['allowed_warning'], '</td>
</tr>';
foreach ($return['options'] as $option)
echo '
<tr>
<td><label for="', $option['id'], '">', $option['vote_button'], ' ', $option['option'], '</label></td>
</tr>';
echo '
<tr>
<td><input type="submit" value="Login to Vote" DISABLED /></td>
</tr>
</table>
<input type="hidden" name="sc" value="', $sc, '" />
</form>';
}

This sets up a view for guests only, allowing a view of options, but disabled button

FIND

else
{

echo '
<table border="0" cellspacing="1" cellpadding="0" class="ssi_table">
<tr>
<td colspan="2"><b>', $return['question'], '</b></td>
</tr>';
foreach ($return['options'] as $option)
echo '
<tr>
<td align="right" valign="top">', $option['option'], '</td>
<td align="left">', $option['bar'], ' ', $option['votes'], ' (', $option['percent'], '%)</td>
</tr>';
echo '
<tr>
<td colspan="2"><b>', $txt['smf24'], ': ', $return['total_votes'], '</b></td>
</tr>
</table>';
}
}


REPLACE WITH

else
if (!$user_info['is_guest'])
{

echo '
<table border="0" cellspacing="1" cellpadding="0" class="ssi_table">
<tr>
<td colspan="2"><b>', $return['question'], '</b></td>
</tr>';
foreach ($return['options'] as $option)
echo '
<tr>
<td align="right" valign="top">', $option['option'], '</td>
<td align="left">', $option['bar'], ' ', $option['votes'], ' (', $option['percent'], '%)</td>
</tr>';
echo '
<tr>
<td colspan="2"><b>', $txt['smf24'], ': ', $return['total_votes'], '</b></td>
</tr>
</table>';
}
}

in this part, we are adding a "if user is NOT a guest" but doesn't fit the other criteria, then we show them the results
http://chucknorris2012.com  Avoid a roundhouse kick to the head!  Sign the petition

DarkCAMV

Thanks akabugeyes and Kender that was exactly what I was looking for... and now guests get a disabled botton... :D

Thanks again

Kender

while its not recommended to change your SSI.php file, you may want to rename the function and readd the original function with full capabilities
http://chucknorris2012.com  Avoid a roundhouse kick to the head!  Sign the petition

Advertisement: