get_admin_level($mod) > 0) { $db->query("INSERT INTO `{$mod}_poll` VALUES ('','{$_REQUEST['title']}','{$_REQUEST['question']}','{$_REQUEST['num_votes']}',0)"); if ($st = mysql_error()) die ($st); $pid = mysql_insert_id(); for ($i = 0; $i<10; $i++) if (trim($answer = $_REQUEST['answer'.$i])) $db->query("INSERT INTO `{$mod}_poll-option` VALUES ('','$pid','$answer')"); } header("Location: ".$_SERVER['PHP_SELF']."?module=$mod"); exit; } if ($action == 'update') { if ($users->get_admin_level($mod) > 0) { $_REQUEST['id'] = (int)$_REQUEST['id']; $_REQUEST['title'] = mysql_escape_string($_REQUEST['title']); $_REQUEST['question'] = mysql_escape_string($_REQUEST['question']); $db->query("UPDATE `{$mod}_poll` SET `name`='{$_REQUEST['title']}',`question`='{$_REQUEST['question']}' WHERE `id`='{$_REQUEST['id']}'"); $error .= mysql_error(); foreach ($_REQUEST['answer'] as $id=>$value) { $value = mysql_escape_string($value); $db->query("UPDATE `{$mod}_poll-option` SET `name`='$value' WHERE `id`='$id'"); $error .= mysql_error(); } } if ($error == '') header("Location: ".$_SERVER['PHP_SELF']."?module=$mod&pid=".$_REQUEST['id']); else echo $error; exit; } if ($action == 'dovote') { $pid = $_REQUEST['pid']; $poll = $db->get_array("SELECT * FROM `{$mod}_poll` WHERE `id`='$pid'"); if (($db->get_count("SELECT * FROM `{$mod}_poll-voted` WHERE `uid`='{$users->user['id']}' AND `pid`='$pid'") == 0) && $users->user['id'] > 0) { if (count($_REQUEST['vote']) <= $poll['num_votes'] && count($_REQUEST['vote']) != 0) { foreach($_REQUEST['vote'] as $num) { $db->query("INSERT INTO `{$mod}_poll-voted` VALUES ('{$user['id']}','$pid','$num')"); echo mysql_error(); } } header("Location: ".$_SERVER['PHP_SELF']."?module=$mod&pid=$pid"); } else header("Location: ".$_SERVER['PHP_SELF']."?module=$mod&action=error&errno=65535"); exit; } ?>