<% Dim pollID:pollID = request.form("pollID") Dim pollOption:pollOption = request.form("pollOption") Dim appid:appid = Clng(request.form("appid")) Dim forumID:forumID = Clng(request.form("forumID")) Dim referer:referer = lcase(request("http_referer")) Dim voteAllowed, allForum, objCom, return, allowVote 'response.write referer &"
" 'response.write request.form("pollOption") 'response.end If not fromThisDomain ("tm.asp?|m.asp?|tm.htm") then response.redirect (forumdir&"first.asp?error=referer") response.end end if ' first security measure allForum = Application(dbName&"foruminfo") if allForum(0,appid) <> forumID then call RejectVote() end if ' second security measure Dim objPermission Set objPermission = new PermissionSetting With objPermission .memID = memID .appid = appid .GetPermission(true) allowVote = .vote End With Set objPermission = nothing if not allowVote then call RejectVote() If request.form("pollOption")="" then call RejectVote() end if If isGuest then call RejectVote() end if set objCom = server.createobject("adodb.command") With objCom .activeConnection = datastore .commandText = dbOwnerPrefix&"spPollVote" .commandType = adCmdStoredProc .Parameters.Append .Createparameter("@RETURN_VALUE", adInteger, adParamReturnValue, 0) .Parameters.Append .Createparameter("@int_memID", adInteger, adParamInput, 0, memID) .Parameters.Append .Createparameter("@int_forumID", adInteger, adParamInput, 0, forumID) .Parameters.Append .Createparameter("@int_PollID", adInteger, adParamInput, 0, pollID) .Parameters.Append .Createparameter("@int_TrackBy", adUnsignedTinyInt, adParamInput, 0, Application(dbName&"pollTrack")) .Parameters.Append .Createparameter("@str_IP", adVarChar, adParamInput, 50, Request.ServerVariables("REMOTE_ADDR")) .execute , , adExecuteNoRecords return = .Parameters("@RETURN_VALUE") End With set objCom = nothing if return = 0 then Dim strPollVoteSQL:strPollVoteSQL = "" Dim iPollCollection:iPollCollection = 1 for iPollCollection = 1 to request.form("pollOption").count strPollVoteSQL = strPollVoteSQL & _ "Update pgd_poll SET counts = counts + 1 WHERE (forumid = "&Clng(forumID)&" AND PollID = "&Clng(pollID)&" AND choiceID = "&Clng(request.form("pollOption")(iPollCollection))&") " &_ "Insert into pgd_pollLog VALUES ("&Clng(pollID)&", "&Clng(request.form("pollOption")(iPollCollection))&", "&Clng(memID)&", '"&Request.ServerVariables("REMOTE_ADDR")&"', Getdate()) " next Dim objCon ' response.write strPollVoteSQL ' response.end Set objCon = server.createobject("adodb.connection") with objCon .open datastore .execute strPollVoteSQL, , adCmdtext + adExecuteNoRecords .close end with set objCon = nothing end if response.redirect (referer) %>