Uploaded image for project: 'phpBB'
  1. phpBB
  2. PHPBB-8842

PHPBB polls return incorrect results

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Blocker Blocker
    • None
    • 3.0.5
    • Viewing posts
    • None
    • PHP Environment:
      Database: PostgreSQL

      Hello,

      IMHO, this is a grave bug. We are a French association called "Bulle Immobilière" (i.e. Real Estate Bubble). We have been using PhpBB with great success for years. For stability and speed we use PostgreSQL with full-text patch (which was neved included in PHPBB, what a shame).

      Now we have a real problem with pools. We use PhpBB polls to elect our president and bureau. The association members were able to vote several times after deleting their cookies. So first, it seems that anyone can vote several times. We checked and double-checked, PHPBB forum polls are broken. They can be bypassed easily.

      So I did some modification in the code :

      ALTER TABLE phpbb_poll_votes
      		 
        ADD CONSTRAINT phpbb_poll_votes_vote_unique UNIQUE(topic_id, vote_user_id);

      I don't know if MySQL supports this kind of rule. The rule can only be applied after removing duplicates. It breaks the ability for multiple votes, but we really need this check for our association votes.

      Furthermore, I discovered that votes were counted using i++. When people remove their cookies it is possible to vote several times. Instead there should be an SQL count query.

      Here is my try:

      --- viewtopic.php   2009-11-01 12:35:33.000000000 +0100
      		 
      +++ viewtopic_new.php   2009-11-01 13:15:29.000000000 +0100
      		 
      @@ -718,12 +718,6 @@
      		 
                  continue;
      		 
               }
      		 
       
      		 
      -         $sql = 'UPDATE ' . POLL_OPTIONS_TABLE . '
      		 
      -            SET poll_option_total = poll_option_total + 1
      		 
      -            WHERE poll_option_id = ' . (int) $option . '
      		 
      -               AND topic_id = ' . (int) $topic_id;
      		 
      -         $db->sql_query($sql);
      		 
      -
      		 
               if ($user->data['is_registered'])
      		 
               {
      		 
                  $sql_ary = array(
      		 
      @@ -733,21 +727,21 @@
      		 
                     'vote_user_ip'      => (string) $user->ip,
      		 
                  );
      		 
       
      		 
      -            $sql = 'INSERT INTO ' . POLL_VOTES_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary);
      		 
      +            $sql = 'DELETE FROM ' . POLL_VOTES_TABLE . ' WHERE topic_id = '. (int) $topic_id . ' AND  vote_user_id = '.(int) $user->data['user_id'] ;
      		 
      +        $db->sql_query($sql);
      		 
      +        $sql = 'INSERT INTO ' . POLL_VOTES_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary);
      		 
                  $db->sql_query($sql);
      		 
               }
      		 
      +
      		 
      +         $sql = 'UPDATE ' . POLL_OPTIONS_TABLE . ' SET poll_option_total = (SELECT COUNT(*) FROM '. POLL_VOTES_TABLE .' WHERE poll_option_id = ' . (int) $option . ' AND topic_id = ' . (int) $topic_id .') WHERE topic_id = ' . (int) $topic_id . ' AND poll_option_id = ' . (int) $option . '';
      		 
      +         $db->sql_query($sql);
      		 
      +
      		 
            }
      		 
       
      		 
            foreach ($cur_voted_id as $option)
      		 
            {
      		 
               if (!in_array($option, $voted_id))
      		 
               {
      		 
      -            $sql = 'UPDATE ' . POLL_OPTIONS_TABLE . '
      		 
      -               SET poll_option_total = poll_option_total - 1
      		 
      -               WHERE poll_option_id = ' . (int) $option . '
      		 
      -                  AND topic_id = ' . (int) $topic_id;
      		 
      -            $db->sql_query($sql);
      		 
      -
      		 
                  if ($user->data['is_registered'])
      		 
                  {
      		 
                     $sql = 'DELETE FROM ' . POLL_VOTES_TABLE . '
      		 
      @@ -756,6 +750,9 @@
      		 
                           AND vote_user_id = ' . (int) $user->data['user_id'];
      		 
                     $db->sql_query($sql);
      		 
                  }
      		 
      +
      		 
      +         $sql = 'UPDATE ' . POLL_OPTIONS_TABLE . ' SET poll_option_total = (SELECT COUNT(*) FROM '. POLL_VOTES_TABLE .' WHERE poll_option_id = ' . (int) $option . ' AND topic_id = ' . (int) $topic_id .') WHERE topic_id = ' . (int) $topic_id . ' AND poll_option_id = ' . (int) $option . '';
      		 
      +         $db->sql_query($sql);
      		 
               }
      		 
            }
      		 
       
      		 
      @@ -1600,4 +1597,4 @@
      		 
       
      		 
      page_footer();
      		 
       
      		 
      -?>
      		 
      \ Pas de fin de ligne à la fin du fichier.
      		 
      +?>

      Also I corrected old votes:

      UPDATE phpbb_poll_options
      		 
      SET poll_option_total =
      		 
      (SELECT COUNT(*) FROM phpbb_poll_votes WHERE phpbb_poll_votes.poll_option_id = phpbb_poll_options.poll_option_id AND phpbb_poll_votes.topic_id = phpbb_poll_options.topic_id)

      Still, we discovered that some people could still vote several times, but we have little information how this was possible.

      Could you help us and focuss understand why ALL phpBB forums polls seem to be broken.

      Furthermore, is there a public SVN and discussion list where we can exchange information? Two years ago, when I tried to submit the PostgreSQL full-text search patch, I never reached the hidden list and therefore the patch was never applied.

      Our priority is polls, can you help us?

      Kind regards,
      Jean-Michel

            Kellanved Kellanved [X] (Inactive)
            jmpoure jmpoure
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: