8 replies to this topic

[Cris D.]

File Name: easyPoll
File Submitter: Cris D.
File Submitted: 12 Dec 2007
File Category: Feedback / E-Mail Forms

Snippet: easyPollV1.0
Date: 2007/12/12
Author: Cris D.
For: Etomite 0.6.1.4
Use: Allows users to vote on custom options and displays the results in a fully configurable graph.

############## Installation Instructions ####################

1) Create two folders under assets called 'graph' and 'img' ie assets/graph/img

2) Upload the postgraph_poll.class.php file to the graph folder.

3) Save the contents of the easyPoll.txt in your snippet library,
call it whatever you want eg "easyPoll".

4) Call this snippet [!easyPoll!} in an uncached page.

5) Configure the snippet for your personal use and requirements.

6) div classes used for CSS:
div.success{} div.error{} div.emailForm{}

See here for a live demo (email addresses are not stored).



Click here to download this file

[Dean]

Is there any way to stop multiple voting?

Also, is the e-Mail address field protected against injection?

[Cris D.]

Quote

Is there any way to stop multiple voting?

It was written to allow multiple votes, but this could be stopped by using sessions, or more checking for the existence of the email address used in the table before a record is saved, not too hard to do.

Quote

Also, is the e-Mail address field protected against injection?

A good question, it checks for the email being a valid domain first and if not, returns an error message. I was thinking that this would have been enough to stop malicious data being saved to the table, I did not consider an header injection (an oversite I know). I will have a look into it a bit more. Thanks for the heads up.

[churchyard]

I've got this error: http://www.prdi.cz/test2

"SQL" said:

CREATE TABLE `prefix_easypoll_votes` ( `id` INT(100) NOT NULL AUTO_INCREMENT, `choice` VARCHAR(100) NOT NULL, `email` vARCHAR(100), `tstmp` TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP , PRIMARY KEY (`id`) ) TYPE = myisam

[Cris D.]

churchyard, on Mar 30 2008, 01:49 AM, said:

I've got this error: http://www.prdi.cz/test2

I just re-installed this stock standard and confirmed that it wworks OK on my server. don't know what settings would stop this transaction taking place, so I suggest copying this code and querying it directly in your phpMyAdmin (or manually making the table yourself).

CREATE TABLE `prdi_easypoll_votes` `id` INT(10) NOT NULL AUTO_INCREMENT, `choice` VARCHAR(100) NOT NULL, `email` VARCHAR(100), `tstmp` TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, PRIMARY KEY `id`;

Perhaps your server needs the database name sent too? Anyway if you try this directly in phpMyAdmin it will give you more specific error messages to look at anyway.

[Ralph]

Perhaps prefix_easypoll_votes was the problem... $etomite->dbConfig['prefix'] can be used to get the prefix...

[Cris D.]

The snippet uses:

$etoPrefix=$GLOBALS['table_prefix'];	//etomite_

The fact that the $tableCheck returns false and not an error connecting to the database it uses extTableExists() tells me that the $GLOBALS are not the problem and a valid prefix (and all other connection params) is being returned (unless the code has been modified).

The error posted above is not the same as the error in the link, the link seems like a valid prefix.

@churchyard, is the prefix in the link to your web site error correct for your table? "prdi_"?
If so, there is another issue besides the prefix being returned.

[mike_e]

How do I turn the email verification off. The site is private and I just want people to just click and vote. Also is there a way to display the numbers of votes in a text form along with the graph ?

Thanks for a great contrib. and you help

[Cris D.]

@mike_e: This snippet was written specifically to collect email addresses and therefore (unfortunately) this part of the code is pretty ingrained. HAving said that, it's also pretty easy to remove it by:
1)Change

if (isset($_POST['send_email']) && $_POST['send_email'] == 'sent'&& isset($_POST['elf'])) {

to something along the lines of

if($_POST['elf']){

to remove any email address validation and adjust the logic to continue to save the record to the table and change the form so that no email inputs are returned.
To return just text lables and their values would be easier to write code for that purpose using getIntTableRows and a bit of logic instead of hacking this snippet which was written for a very specific output (the postgraph class).