diff --git a/index.php b/index.php index f1d435ccc8b..6d184bc2a60 100644 --- a/index.php +++ b/index.php @@ -187,6 +187,42 @@ $_SESSION['oldsid']=$sid; } +//Check if TOKEN is used for EVERY PAGE +//This function fixes bug #998700 - Users able to submit two surveys/votes +//by checking that the token has not been used at each page displayed. +if ($tokensexist == 1 && returnglobal('token')) + { + //check if token actually does exist + $tkquery = "SELECT * FROM {$dbprefix}tokens_$sid WHERE token='".trim(returnglobal('token'))."' AND completed != 'Y'"; + $tkresult = mysql_query($tkquery); + $tkexist = mysql_num_rows($tkresult); + if (!$tkexist) + { + sendcacheheaders(); + echo "\n"; + //TOKEN DOESN'T EXIST OR HAS ALREADY BEEN USED. EXPLAIN PROBLEM AND EXIT + foreach(file("$thistpl/startpage.pstpl") as $op) + { + echo templatereplace($op); + } + foreach(file("$thistpl/survey.pstpl") as $op) + { + echo "\t".templatereplace($op); + } + echo "\t