Allow non-mods to change poll votes in forums with revealed voters

Exclude certain forums from double post protection
2025-02-20 20:29:03 +00:00 · 2011-05-14 08:00:05 +00:00 · 2011-05-14 08:00:05 +00:00 · 7630c3567c
commit 7630c3567c
parent edaabc385b
7 changed files with 26 additions and 19 deletions
--- a/classes/config.template
+++ b/classes/config.template
@ -109,6 +109,7 @@ define('STATUS_CHAN', '#');
 // Miscellaneous values

 $ForumsRevealVoters = array();
+$ForumsDoublePost = array();

 $Categories = array('Music', 'Applications', 'E-Books', 'Audiobooks', 'E-Learning Videos', 'Comedy', 'Comics');
 $CategoryIcons = array('music.png', 'apps.png', 'ebook.png', 'audiobook.png', 'elearning.png', 'comedy.png', 'comics.png');
--- a/sections/forums/add_poll_option.php
+++ b/sections/forums/add_poll_option.php
@ -1,17 +1,19 @@
 <?
 authorize();

-if(!check_perms("site_moderate_forums")) {
-	error(403);
-}
-
 $ThreadID = $_POST['threadid'];
 $NewOption = $_POST['new_option'];

 if(!is_number($ThreadID)) {
 	error(404);
 }
-
+if(!check_perms("site_moderate_forums")) {
+	$DB->query("SELECT ForumID FROM forums_topics WHERE ID = $ThreadID");
+	list($ForumID) = $DB->next_record();
+	if(!in_array($ForumID, $ForumsRevealVoters)) {
+		error(403);
+	}
+}
 $DB->query("SELECT Answers FROM forums_polls WHERE TopicID = ".$ThreadID);
 if($DB->record_count() < 1) {
 	error(404);
--- a/sections/forums/change_vote.php
+++ b/sections/forums/change_vote.php
@ -1,13 +1,18 @@
 <?
-if(!check_perms("site_moderate_forums")) {
-	error(403);
-}
-
 authorize();
 $ThreadID = $_GET['threadid'];
 $NewVote = $_GET['vote'];

 if(is_number($ThreadID) && is_number($NewVote)) {
+
+	if(!check_perms("site_moderate_forums")) {
+		$DB->query("SELECT ForumID FROM forums_topics WHERE ID = $ThreadID");
+		list($ForumID) = $DB->next_record();
+		if(!in_array($ForumID, $ForumsRevealVoters)) {
+			error(403);
+		}
+	}
+
 	$DB->query("UPDATE forums_polls_votes SET Vote = ".$NewVote." WHERE TopicID = ".$ThreadID." AND UserID = ".$LoggedUser['ID']);
 	$Cache->delete_value('polls_'.$ThreadID);
 	header("Location: forums.php?action=viewthread&threadid=".$ThreadID);
--- a/sections/forums/take_reply.php
+++ b/sections/forums/take_reply.php
@ -60,7 +60,7 @@
 }

 //Now lets handle the special case of merging posts, we can skip bumping the thread and all that fun
-if ($ThreadInfo['LastPostAuthorID'] == $LoggedUser['ID'] && (!check_perms('site_forums_double_post') || isset($_POST['merge']))) {
+if ($ThreadInfo['LastPostAuthorID'] == $LoggedUser['ID'] && ((!check_perms('site_forums_double_post') && !in_array($ForumID, $ForumsDoublePost)) || isset($_POST['merge']))) {
 	//Get the id for this post in the database to append
 	$DB->query("SELECT ID FROM forums_posts WHERE TopicID='$TopicID' AND AuthorID='".$LoggedUser['ID']."' ORDER BY ID DESC LIMIT 1");
 	list($PostID) = $DB->next_record();
--- a/sections/forums/thread.php
+++ b/sections/forums/thread.php
@ -450,7 +450,7 @@
 						<label for="subscribebox">Subscribe</label>
 <?
 }
-	if($ThreadInfo['LastPostAuthorID']==$LoggedUser['ID'] && check_perms('site_forums_double_post')) {
+	if($ThreadInfo['LastPostAuthorID']==$LoggedUser['ID'] && (check_perms('site_forums_double_post') || in_array($ForumID, $ForumsDoublePost))) {
 ?>
 						<input id="mergebox" type="checkbox" name="merge" checked="checked" tabindex="2" />
 						<label for="mergebox">Merge</label>
--- a/sections/register/index.php
+++ b/sections/register/index.php
@ -78,17 +78,15 @@
 				$Enabled = '0';
 			}

+			$ipcc = geoip($_SERVER['REMOTE_ADDR']);
 			
 			
 			$DB->query("INSERT INTO users_main 
-				(Username,Email,PassHash,Secret,torrent_pass,IP,PermissionID,Enabled,Invites,Uploaded) VALUES
-				('".db_string(trim($_POST['username']))."','".db_string($_POST['email'])."','".db_string(make_hash($_POST['password'],$Secret))."','".db_string($Secret)."','".db_string($torrent_pass)."','".db_string($_SERVER['REMOTE_ADDR'])."','".$Class."','".$Enabled."','".STARTING_INVITES."', '524288000')");
-			
-			
+				(Username,Email,PassHash,Secret,torrent_pass,IP,PermissionID,Enabled,Invites,Uploaded,ipcc) VALUES
+				('".db_string(trim($_POST['username']))."','".db_string($_POST['email'])."','".db_string(make_hash($_POST['password'],$Secret))."','".db_string($Secret)."','".db_string($torrent_pass)."','".db_string($_SERVER['REMOTE_ADDR'])."','".$Class."','".$Enabled."','".STARTING_INVITES."', '524288000', '$ipcc')");
+
 			$UserID = $DB->inserted_id();
-			$DB->query("SELECT Code FROM geoip_country WHERE '".ip2long($_SERVER['REMOTE_ADDR'])."' BETWEEN StartIP AND EndIP");
-			list($ipcc) = $DB->next_record();
-			$DB->query("UPDATE users_main SET ipcc = '".$ipcc."' WHERE ID = '$UserID'");
+			
 			
 			//User created, delete invite. If things break after this point then it's better to have a broken account to fix, or a 'free' invite floating around that can be reused
 			$DB->query("DELETE FROM invites WHERE InviteKey='".db_string($_REQUEST['invite'])."'");
--- a/sections/user/user.php
+++ b/sections/user/user.php
@ -518,7 +518,8 @@ function check_paranoia_here($Setting) {
 	list($Invited) = $DB->next_record();
 ?>
 				<li>Invited: <?=number_format($Invited)?></li>
-<? } ?>
+<?
+} ?>
 			</ul>
 		</div>
 	</div>