View file mforum/vote.php

File size: 1.26Kb
<?php
	$pid=$HTTP_POST_VARS['pid'];
	$page=$HTTP_POST_VARS['page'];
	$vote=$HTTP_POST_VARS['vote'];
	require "inc.php";
	$myid=$_COOKIE["usid"];
	$mypass=$_COOKIE["pass"];
	$db=mysql_connect($dbhost, $dbuser, $dbpass);
	mysql_select_db($dbname,$db);
	if (!isset($myid)) $myid=0;
	$sqlc="select * from users where usid=$myid";
	$c=mysql_query($sqlc);
	$resc=mysql_fetch_array($c);
	if ($resc[pass]==$mypass)
	{
		$sql="select * from poll where pid='$pid' and usid='$myid'";
		$a=mysql_query($sql);
		if (mysql_num_rows($a)==0)
		{
			$sql="select * from forum where pid='$pid'";
			$a=mysql_query($sql);
			$res=mysql_fetch_array($a);
			if ($vote=="1")
			{
				$v=$res[poll_res1]+1;
				$sql="update forum set poll_res1='$v' where pid='$pid'";
				$a=mysql_query($sql);
			}else
			if ($vote=="2")
			{
				$v=$res[poll_res2]+1;
				$sql="update forum set poll_res2='$v' where pid='$pid'";
				$a=mysql_query($sql);
			}else
			if ($vote=="3")
			{
				$v=$res[poll_res3]+1;
				$sql="update forum set poll_res3='$v' where pid='$pid'";
				$a=mysql_query($sql);
			}
			$sql="insert into poll values(null,'$pid','$myid')";
			$a=mysql_query($sql);
		}
	}
	Header("Location: viewtop.php?pid=$pid&page=$page");
	//echo $vote." ".$pid." ".$page;
?>