<?php
$pid=$HTTP_POST_VARS['pid'];
$page=$HTTP_POST_VARS['page'];
$vote=$HTTP_POST_VARS['vote'];
require "inc.php";
$myid=$_COOKIE["usid"];
$mypass=$_COOKIE["pass"];
$db=mysql_connect($dbhost, $dbuser, $dbpass);
mysql_select_db($dbname,$db);
if (!isset($myid)) $myid=0;
$sqlc="select * from users where usid=$myid";
$c=mysql_query($sqlc);
$resc=mysql_fetch_array($c);
if ($resc[pass]==$mypass)
{
$sql="select * from poll where pid='$pid' and usid='$myid'";
$a=mysql_query($sql);
if (mysql_num_rows($a)==0)
{
$sql="select * from forum where pid='$pid'";
$a=mysql_query($sql);
$res=mysql_fetch_array($a);
if ($vote=="1")
{
$v=$res[poll_res1]+1;
$sql="update forum set poll_res1='$v' where pid='$pid'";
$a=mysql_query($sql);
}else
if ($vote=="2")
{
$v=$res[poll_res2]+1;
$sql="update forum set poll_res2='$v' where pid='$pid'";
$a=mysql_query($sql);
}else
if ($vote=="3")
{
$v=$res[poll_res3]+1;
$sql="update forum set poll_res3='$v' where pid='$pid'";
$a=mysql_query($sql);
}
$sql="insert into poll values(null,'$pid','$myid')";
$a=mysql_query($sql);
}
}
Header("Location: viewtop.php?pid=$pid&page=$page");
//echo $vote." ".$pid." ".$page;
?>