diff --git a/CHANGELOG.txt b/CHANGELOG.txt
index 50ddb55f95496199f76b209de4d7de6e77a1d7df..60d86a7c22e19e401cd64887c5f05c166cc9396b 100644
--- a/CHANGELOG.txt
+++ b/CHANGELOG.txt
@@ -5,6 +5,9 @@ Drupal x.x.x, xxxx-xx-xx (development version)
* improved configurability of the contact forms.
- block system:
* extended the block visibility settings with a role specific settings..
+- poll module:
+ * optionally allow people to inspect all votes.
+ * optionally allow people to cancel their vote.
- distributed authentication:
* added default server option.
- fixed critical SQL issue, see SA-2006-005
diff --git a/database/database.4.0.mysql b/database/database.4.0.mysql
index e2a9d0009da14b7ca9542cad71fa0f7b2a68cde5..cb842043d9afe8e21b50072240b297919b2f5025 100644
--- a/database/database.4.0.mysql
+++ b/database/database.4.0.mysql
@@ -537,6 +537,7 @@ CREATE TABLE poll (
CREATE TABLE poll_votes (
nid int(10) unsigned NOT NULL,
uid int(10) unsigned NOT NULL default 0,
+ chorder int(10) NOT NULL default -1,
hostname varchar(128) NOT NULL default '',
INDEX (nid),
INDEX (uid),
diff --git a/database/database.4.1.mysql b/database/database.4.1.mysql
index 4518b7224cd177daa977b1ba584d06153fa70ddd..7fa9539398da08290b422e766cc4e633e455c24d 100644
--- a/database/database.4.1.mysql
+++ b/database/database.4.1.mysql
@@ -573,6 +573,7 @@ DEFAULT CHARACTER SET utf8;
CREATE TABLE poll_votes (
nid int(10) unsigned NOT NULL,
uid int(10) unsigned NOT NULL default 0,
+ chorder int(10) NOT NULL default -1,
hostname varchar(128) NOT NULL default '',
INDEX (nid),
INDEX (uid),
diff --git a/database/database.pgsql b/database/database.pgsql
index a2812b604778b4ec7c4f3f0e1b716d1d02b9452a..e02f8d0c8f7c2c3fb72211c12d1938187ff1fed2 100644
--- a/database/database.pgsql
+++ b/database/database.pgsql
@@ -540,6 +540,7 @@ CREATE TABLE poll (
CREATE TABLE poll_votes (
nid int NOT NULL,
uid int NOT NULL default 0,
+ chorder int NOT NULL default -1,
hostname varchar(128) NOT NULL default ''
);
CREATE INDEX poll_votes_nid_idx ON poll_votes (nid);
diff --git a/database/updates.inc b/database/updates.inc
index c5ebdb71d1f8b0b11d64947db0c9fa4bf2ad9c92..18079b90153c3042199cddc89a1c5d0b90e0dbde 100644
--- a/database/updates.inc
+++ b/database/updates.inc
@@ -2040,3 +2040,23 @@ function system_update_183() {
}
return $ret;
}
+
+function system_update_184() {
+ // change DB schema for better poll support
+ $ret = array();
+
+ switch ($GLOBALS['db_type']) {
+ case 'mysqli':
+ case 'mysql':
+ // alter poll_votes table
+ $ret[] = update_sql("ALTER TABLE {poll_votes} ADD COLUMN chorder int(10) NOT NULL default -1 AFTER uid");
+ break;
+
+ case 'pgsql':
+ db_add_column($ret, 'poll_votes', 'chorder', 'int', array('not null' => TRUE, 'default' => "'-1'"));
+ break;
+ }
+
+ return $ret;
+}
+
diff --git a/modules/poll.module b/modules/poll.module
index d7b03f7e654975cf3ab71ee656275820753c44b9..9a956e466ec6592b67dd97bc7d4a21721c607a18 100644
--- a/modules/poll.module
+++ b/modules/poll.module
@@ -201,11 +201,24 @@ function poll_menu($may_cache) {
'callback' => 'poll_vote',
'access' => user_access('vote on polls'),
'type' => MENU_CALLBACK);
+
+ $items[] = array('path' => 'poll/cancel',
+ 'title' => t('cancel'),
+ 'callback' => 'poll_cancel',
+ 'access' => user_access('cancel own vote'),
+ 'type' => MENU_CALLBACK);
}
else {
if (arg(0) == 'node' && is_numeric(arg(1))) {
$node = node_load(arg(1));
-
+ if ($node->type == 'poll') {
+ $items[] = array('path' => 'node/'. arg(1) .'/votes',
+ 'title' => t('votes'),
+ 'callback' => 'poll_votes',
+ 'access' => user_access('inspect all votes'),
+ 'weight' => 3,
+ 'type' => MENU_LOCAL_TASK);
+ }
if ($node->type == 'poll' && $node->allowvotes) {
$items[] = array('path' => 'node/'. arg(1) .'/results',
'title' => t('results'),
@@ -237,10 +250,17 @@ function poll_load($node) {
// Determine whether or not this user is allowed to vote
$poll->allowvotes = FALSE;
if (user_access('vote on polls') && $poll->active) {
- if ($user->uid && db_num_rows(db_query('SELECT uid FROM {poll_votes} WHERE nid = %d AND uid = %d', $node->nid, $user->uid)) == 0) {
- $poll->allowvotes = TRUE;
+ if ($user->uid) {
+ $result = db_fetch_object(db_query('SELECT chorder FROM {poll_votes} WHERE nid = %d AND uid = %d', $node->nid, $user->uid));
+ }
+ else {
+ $result = db_fetch_object(db_query("SELECT chorder FROM {poll_votes} WHERE nid = %d AND hostname = '%s'", $node->nid, $_SERVER['REMOTE_ADDR']));
}
- else if ($user->uid == 0 && db_num_rows(db_query("SELECT hostname FROM {poll_votes} WHERE nid = %d AND hostname = '%s'", $node->nid, $_SERVER['REMOTE_ADDR'])) == 0) {
+ if (isset($result->chorder)) {
+ $poll->vote = $result->chorder;
+ }
+ else {
+ $poll->vote = -1;
$poll->allowvotes = TRUE;
}
}
@@ -272,7 +292,7 @@ function poll_page() {
* Implementation of hook_perm().
*/
function poll_perm() {
- return array('create polls', 'vote on polls');
+ return array('create polls', 'vote on polls', 'cancel own vote', 'inspect all votes');
}
/**
@@ -342,12 +362,12 @@ function poll_view_results(&$node, $teaser, $page, $block) {
}
}
- $output .= theme('poll_results', check_plain($node->title), $poll_results, $total_votes, $node->links, $block);
+ $output .= theme('poll_results', check_plain($node->title), $poll_results, $total_votes, $node->links, $block, $node->nid, $node->vote);
return $output;
}
-function theme_poll_results($title, $results, $votes, $links, $block) {
+function theme_poll_results($title, $results, $votes, $links, $block, $nid, $vote) {
if ($block) {
$output .= '<div class="poll">';
$output .= '<div class="title">'. $title .'</div>';
@@ -360,6 +380,15 @@ function theme_poll_results($title, $results, $votes, $links, $block) {
$output .= '<div class="poll">';
$output .= $results;
$output .= '<div class="total">'. t('Total votes: %votes', array('%votes' => $votes)) .'</div>';
+ if (isset($vote) && $vote > -1) {
+ if (user_access('cancel own vote')) {
+ $form['#action'] = url("poll/cancel/$nid");
+ $form['choice'] = array('#type' => 'hidden', '#value' => $vote);
+ $form['submit'] = array('#type' => 'submit', '#value' => t('Cancel your vote'));
+ $output .= drupal_get_form('poll_cancel_form', $form);
+ }
+ $output .= '</div>';
+ }
$output .= '</div>';
}
@@ -394,6 +423,33 @@ function poll_results() {
}
}
+/**
+ * Callback for the 'votes' tab for polls you can see other votes on
+ */
+function poll_votes() {
+ if ($node = node_load(arg(1))) {
+ drupal_set_title(check_plain($node->title));
+ $output = t('This table lists all the recorded votes for this poll. If anonymous users are allowed to vote, they will be identified by the IP address of the computer they used when they voted.');
+
+ $header[] = array('data' => t('Visitor'), 'field' => 'u.name');
+ $header[] = array('data' => t('Vote'), 'field' => 'pv.chorder');
+
+ $result = pager_query("SELECT pv.chorder, pv.uid, pv.hostname, u.name FROM {poll_votes} pv LEFT JOIN {users} u ON pv.uid = u.uid WHERE pv.nid = %d" . tablesort_sql($header), 20, 0, NULL, $node->nid);
+ $rows = array();
+ while ($vote = db_fetch_object($result)) {
+ $rows[] = array(
+ $vote->name ? theme('username', $vote) : check_plain($vote->hostname),
+ check_plain($node->choice[$vote->chorder]['chtext']));
+ }
+ $output .= theme('table', $header, $rows);
+ $output .= theme('pager', NULL, 20, 0);
+ print theme('page', $output);
+ }
+ else {
+ drupal_not_found();
+ }
+}
+
/**
* Callback for processing a vote
*/
@@ -408,12 +464,12 @@ function poll_vote(&$node) {
if (isset($choice) && isset($node->choice[$choice])) {
if ($node->allowvotes) {
- // Mark the user or host as having voted.
+ // Record the vote by this user or host.
if ($user->uid) {
- db_query('INSERT INTO {poll_votes} (nid, uid) VALUES (%d, %d)', $node->nid, $user->uid);
+ db_query('INSERT INTO {poll_votes} (nid, chorder, uid) VALUES (%d, %d, %d)', $node->nid, $choice, $user->uid);
}
else {
- db_query("INSERT INTO {poll_votes} (nid, hostname) VALUES (%d, '%s')", $node->nid, $_SERVER['REMOTE_ADDR']);
+ db_query("INSERT INTO {poll_votes} (nid, chorder, hostname) VALUES (%d, %d, '%s')", $node->nid, $choice, $_SERVER['REMOTE_ADDR']);
}
// Add one to the votes.
@@ -424,13 +480,49 @@ function poll_vote(&$node) {
drupal_set_message(t('Your vote was recorded.'));
}
else {
- drupal_set_message(t("You're not allowed to vote on this poll."), 'error');
+ drupal_set_message(t("You are not allowed to vote on this poll."), 'error');
}
}
else {
- drupal_set_message(t("You didn't specify a valid poll choice."), 'error');
+ drupal_set_message(t("You did not specify a valid poll choice."), 'error');
}
+ drupal_goto('node/'. $nid);
+ }
+ else {
+ drupal_not_found();
+ }
+}
+
+
+/**
+ * Callback for canceling a vote
+ */
+function poll_cancel(&$node) {
+ global $user;
+
+ $nid = arg(2);
+ if ($node = node_load(array('nid' => $nid))) {
+ $edit = $_POST['edit'];
+ $choice = $edit['choice'];
+ $cancel = $_POST['cancel'];
+
+ if (isset($choice) && isset($node->choice[$choice])) {
+ if ($user->uid) {
+ db_query('DELETE FROM {poll_votes} WHERE nid = %d and uid = %d', $node->nid, $user->uid);
+ }
+ else {
+ db_query("DELETE FROM {poll_votes} WHERE nid = %d and hostname = '%s'", $node->nid, $_SERVER['REMOTE_ADDR']);
+ }
+ // Subtract from the votes.
+ db_query("UPDATE {poll_choices} SET chvotes = chvotes - 1 WHERE nid = %d AND chorder = %d", $node->nid, $choice);
+ $node->allowvotes = true;
+ $node->choice[$choice]['chvotes']--;
+ drupal_set_message(t('Your vote was canceled.'));
+ }
+ else {
+ drupal_set_message(t("You are not allowed to cancel an invalid poll choice."), 'error');
+ }
drupal_goto('node/'. $nid);
}
else {
diff --git a/modules/poll/poll.module b/modules/poll/poll.module
index d7b03f7e654975cf3ab71ee656275820753c44b9..9a956e466ec6592b67dd97bc7d4a21721c607a18 100644
--- a/modules/poll/poll.module
+++ b/modules/poll/poll.module
@@ -201,11 +201,24 @@ function poll_menu($may_cache) {
'callback' => 'poll_vote',
'access' => user_access('vote on polls'),
'type' => MENU_CALLBACK);
+
+ $items[] = array('path' => 'poll/cancel',
+ 'title' => t('cancel'),
+ 'callback' => 'poll_cancel',
+ 'access' => user_access('cancel own vote'),
+ 'type' => MENU_CALLBACK);
}
else {
if (arg(0) == 'node' && is_numeric(arg(1))) {
$node = node_load(arg(1));
-
+ if ($node->type == 'poll') {
+ $items[] = array('path' => 'node/'. arg(1) .'/votes',
+ 'title' => t('votes'),
+ 'callback' => 'poll_votes',
+ 'access' => user_access('inspect all votes'),
+ 'weight' => 3,
+ 'type' => MENU_LOCAL_TASK);
+ }
if ($node->type == 'poll' && $node->allowvotes) {
$items[] = array('path' => 'node/'. arg(1) .'/results',
'title' => t('results'),
@@ -237,10 +250,17 @@ function poll_load($node) {
// Determine whether or not this user is allowed to vote
$poll->allowvotes = FALSE;
if (user_access('vote on polls') && $poll->active) {
- if ($user->uid && db_num_rows(db_query('SELECT uid FROM {poll_votes} WHERE nid = %d AND uid = %d', $node->nid, $user->uid)) == 0) {
- $poll->allowvotes = TRUE;
+ if ($user->uid) {
+ $result = db_fetch_object(db_query('SELECT chorder FROM {poll_votes} WHERE nid = %d AND uid = %d', $node->nid, $user->uid));
+ }
+ else {
+ $result = db_fetch_object(db_query("SELECT chorder FROM {poll_votes} WHERE nid = %d AND hostname = '%s'", $node->nid, $_SERVER['REMOTE_ADDR']));
}
- else if ($user->uid == 0 && db_num_rows(db_query("SELECT hostname FROM {poll_votes} WHERE nid = %d AND hostname = '%s'", $node->nid, $_SERVER['REMOTE_ADDR'])) == 0) {
+ if (isset($result->chorder)) {
+ $poll->vote = $result->chorder;
+ }
+ else {
+ $poll->vote = -1;
$poll->allowvotes = TRUE;
}
}
@@ -272,7 +292,7 @@ function poll_page() {
* Implementation of hook_perm().
*/
function poll_perm() {
- return array('create polls', 'vote on polls');
+ return array('create polls', 'vote on polls', 'cancel own vote', 'inspect all votes');
}
/**
@@ -342,12 +362,12 @@ function poll_view_results(&$node, $teaser, $page, $block) {
}
}
- $output .= theme('poll_results', check_plain($node->title), $poll_results, $total_votes, $node->links, $block);
+ $output .= theme('poll_results', check_plain($node->title), $poll_results, $total_votes, $node->links, $block, $node->nid, $node->vote);
return $output;
}
-function theme_poll_results($title, $results, $votes, $links, $block) {
+function theme_poll_results($title, $results, $votes, $links, $block, $nid, $vote) {
if ($block) {
$output .= '<div class="poll">';
$output .= '<div class="title">'. $title .'</div>';
@@ -360,6 +380,15 @@ function theme_poll_results($title, $results, $votes, $links, $block) {
$output .= '<div class="poll">';
$output .= $results;
$output .= '<div class="total">'. t('Total votes: %votes', array('%votes' => $votes)) .'</div>';
+ if (isset($vote) && $vote > -1) {
+ if (user_access('cancel own vote')) {
+ $form['#action'] = url("poll/cancel/$nid");
+ $form['choice'] = array('#type' => 'hidden', '#value' => $vote);
+ $form['submit'] = array('#type' => 'submit', '#value' => t('Cancel your vote'));
+ $output .= drupal_get_form('poll_cancel_form', $form);
+ }
+ $output .= '</div>';
+ }
$output .= '</div>';
}
@@ -394,6 +423,33 @@ function poll_results() {
}
}
+/**
+ * Callback for the 'votes' tab for polls you can see other votes on
+ */
+function poll_votes() {
+ if ($node = node_load(arg(1))) {
+ drupal_set_title(check_plain($node->title));
+ $output = t('This table lists all the recorded votes for this poll. If anonymous users are allowed to vote, they will be identified by the IP address of the computer they used when they voted.');
+
+ $header[] = array('data' => t('Visitor'), 'field' => 'u.name');
+ $header[] = array('data' => t('Vote'), 'field' => 'pv.chorder');
+
+ $result = pager_query("SELECT pv.chorder, pv.uid, pv.hostname, u.name FROM {poll_votes} pv LEFT JOIN {users} u ON pv.uid = u.uid WHERE pv.nid = %d" . tablesort_sql($header), 20, 0, NULL, $node->nid);
+ $rows = array();
+ while ($vote = db_fetch_object($result)) {
+ $rows[] = array(
+ $vote->name ? theme('username', $vote) : check_plain($vote->hostname),
+ check_plain($node->choice[$vote->chorder]['chtext']));
+ }
+ $output .= theme('table', $header, $rows);
+ $output .= theme('pager', NULL, 20, 0);
+ print theme('page', $output);
+ }
+ else {
+ drupal_not_found();
+ }
+}
+
/**
* Callback for processing a vote
*/
@@ -408,12 +464,12 @@ function poll_vote(&$node) {
if (isset($choice) && isset($node->choice[$choice])) {
if ($node->allowvotes) {
- // Mark the user or host as having voted.
+ // Record the vote by this user or host.
if ($user->uid) {
- db_query('INSERT INTO {poll_votes} (nid, uid) VALUES (%d, %d)', $node->nid, $user->uid);
+ db_query('INSERT INTO {poll_votes} (nid, chorder, uid) VALUES (%d, %d, %d)', $node->nid, $choice, $user->uid);
}
else {
- db_query("INSERT INTO {poll_votes} (nid, hostname) VALUES (%d, '%s')", $node->nid, $_SERVER['REMOTE_ADDR']);
+ db_query("INSERT INTO {poll_votes} (nid, chorder, hostname) VALUES (%d, %d, '%s')", $node->nid, $choice, $_SERVER['REMOTE_ADDR']);
}
// Add one to the votes.
@@ -424,13 +480,49 @@ function poll_vote(&$node) {
drupal_set_message(t('Your vote was recorded.'));
}
else {
- drupal_set_message(t("You're not allowed to vote on this poll."), 'error');
+ drupal_set_message(t("You are not allowed to vote on this poll."), 'error');
}
}
else {
- drupal_set_message(t("You didn't specify a valid poll choice."), 'error');
+ drupal_set_message(t("You did not specify a valid poll choice."), 'error');
}
+ drupal_goto('node/'. $nid);
+ }
+ else {
+ drupal_not_found();
+ }
+}
+
+
+/**
+ * Callback for canceling a vote
+ */
+function poll_cancel(&$node) {
+ global $user;
+
+ $nid = arg(2);
+ if ($node = node_load(array('nid' => $nid))) {
+ $edit = $_POST['edit'];
+ $choice = $edit['choice'];
+ $cancel = $_POST['cancel'];
+
+ if (isset($choice) && isset($node->choice[$choice])) {
+ if ($user->uid) {
+ db_query('DELETE FROM {poll_votes} WHERE nid = %d and uid = %d', $node->nid, $user->uid);
+ }
+ else {
+ db_query("DELETE FROM {poll_votes} WHERE nid = %d and hostname = '%s'", $node->nid, $_SERVER['REMOTE_ADDR']);
+ }
+ // Subtract from the votes.
+ db_query("UPDATE {poll_choices} SET chvotes = chvotes - 1 WHERE nid = %d AND chorder = %d", $node->nid, $choice);
+ $node->allowvotes = true;
+ $node->choice[$choice]['chvotes']--;
+ drupal_set_message(t('Your vote was canceled.'));
+ }
+ else {
+ drupal_set_message(t("You are not allowed to cancel an invalid poll choice."), 'error');
+ }
drupal_goto('node/'. $nid);
}
else {