module doesnt save vote

I've spent hours trying, but I haven't been able to reproduce this bug. I'm guessing that it relates to the voting_flash() function. That's the function that saves the vote and retrieves the new average. I don't think it's a problem with the Flash SWF file. I made a few minor changes to the voting module this morning and I rewrote part of this function. I removed one of the user_access checks that shouldn't be necessary and changed a couple other things that I thought could be written better. Please try the new version and let me know.

If it still doesn't work, would you mind starting off with a fresh Drupal install with no other modules? I did this, following my own instructions, and didn't have any problems.

I too am having problems with the voting.module the logs say the file /voting/flash does not exist .

However when i look at the function voting_menu() within voting.module under /modules/voting all looks ok ..

function voting_menu($type) {
$items = array();
$items[] = array(
'path' => 'voting/flash',
'title' => t('voting'),
'callback' => 'voting_flash',
'access' => user_access('access content'),
'type' => MENU_CALLBACK);

return $items;
}

.. as it should call the callback function voting_flash() .

Can you offer any assitance in getting past this problem.From a users point of view i have the problem
that i can't save a vote and then the see the average

Any assistance would be great as i would very much like to use this module.Can you also offer please some insights to into how it all works ,do flash clients in the browser call php on the server , if so how is this done exactly ?

I'll keep digging .

Best Regards
Paul

This is actually related to another bug report that I've figured out, but haven't solved. The problem is that you're probably not using clean urls.

The module passes the Flash file a callback variable 'voting/flash', but that variable don't exist unless you use clean urls. If you pass the Flash file a callback variable such as index.php?q=voting/flash it has to be urlencoded, but then Flash would need to unencode it and I haven't figure that part out yet.

Brilliant .

Enabling clean URI's on the server and everthing started to work .

A great little module.

Best Regards
Paul

I found the way how to solve the problem for Drupal 4.6. After the following update you should be able to launch the voting module on Drupal using clean URLs as well as on Drupal with the "?q=" in the URLs.

You need just to change the lines

into

in the file voting.module (function theme_voting_control_flash)

AND

to change

into

in the file voting.fla (Scene 1, function sendAndLoadVote).
Don't forget to recompile voting.fla for production (to make voting.swf file).

If you don't have time or skills to do that yourself, check the attachment. There are all the updated files.

Good Luck.

Attachment	Size
voting updates.zip	26.71 KB

By the way, benshell, Flash or browser decodes the urlencoded variables transfered through the params automaticaly. The variables should be urlencoded in the source only for the correct HTML.

One simple correction for the patch posted by me earlier (Forgot the second argument for the variable_get function):

The second argument 0 should be added to the function variable_get in the previously patched version.

For your convenience all the updated files (including flash) are attached.

Attachment	Size
voting_updates_1.zip	26.71 KB

Is this still an issue in Drupal 4.7?

I'm having similar issue in version 4.7.3. It only saves up to two votes and then no matter what I do It shows Average and total is two votes.
Please see this url for instance to test.
Please help...
Thanks in advance!

Are you using the latest version for download from the drupal.org/project/voting page? CVS current as of Oct. 3, 2006?

Yes, here is my modules/voting/CHANGELOG.txt file date: 2416 Oct 3 13:03 CHANGELOG.txt
(date above indicates it's a latest version).
Please let me know if I could help from my end...

Hello,

There is a new problem with registering a vote which is attributed to the new security release from drupal (at least on 4.6).

It looks as though the flash client HTTP post needs to include the new form_token() with its post to /voting/flash otherwise the post will be discarded before voting_flash() is called.

Index: index.php
===================================================================
RCS file: /cvs/drupal/drupal/index.php,v
retrieving revision 1.82
diff -u -Ffunction -r1.82 index.php
--- index.php 21 Aug 2004 06:42:34 -0000 1.82
+++ index.php 18 Oct 2006 16:19:58 -0000
@@ -14,6 +14,7 @@
include_once 'includes/common.inc';

fix_gpc_magic();
+drupal_check_token();

$status = menu_execute_active_handler();
switch ($status) {
Index: update.php
===================================================================

Index: includes/common.inc
===================================================================
RCS file: /cvs/drupal/drupal/includes/common.inc,v
retrieving revision 1.434.2.20
diff -u -Ffunction -r1.434.2.20 common.inc
--- includes/common.inc 13 Mar 2006 21:29:57 -0000 1.434.2.20
+++ includes/common.inc 18 Oct 2006 16:19:58 -0000
@@ -912,6 +912,61 @@ function format_name($object) {
*/

/**
+ * Check the form token if there is POST data for an authenticated user to defend against cross site request forgeries.
+ *
+ * $_POST will be cleared if the token is absent or incorrect.
+ *
+ */
+function drupal_check_token() {
+ global $user;
+ if ($user->uid && ($_SERVER['REQUEST_METHOD'] == 'POST') && !(isset($_POST['edit']) && isset($_POST['edit']['token']) && drupal_valid_token($_POST['edit']['token']))) {
+ drupal_set_message(t('Validation error. Please try again.'), 'error');
+ $_POST = array();
+ }
+}
+
+/**
+ * Ensure the private key variable used to generate tokens is set.
+ *
+ * @return
+ * The private key
+ */
+function drupal_get_private_key() {
+ if (!($key = variable_get('drupal_private_key', 0))) {
+ $key = mt_rand();
+ variable_set('drupal_private_key', $key);
+ }
+ return $key;
+}
+
+/**
+ * Generate a token based on $value, the current user session and private key.
+ *
+ * @param $value
+ * An additional value to base the token on
+ */
+function drupal_get_token($value = '') {
+ $private_key = drupal_get_private_key();
+ return md5(session_id() . $value . $private_key);
+}
+
+/**
+ * Validate a token based on $value, the current user session and private key or penultimate private key.
+ *
+ * @param $token
+ * The token to be validated.
+ * @param $value
+ * An additional value to base the token on
+ * @return
+ * True for a valid token, False for an invalid token.
+ */
+function drupal_valid_token($token, $value = '') {
+ return ($token == md5(session_id() . $value . variable_get('drupal_private_key', '')));
+}
+
+
+
+/**
* @defgroup form Form generation
* @{
* Functions to enable output of HTML forms and form elements.
@@ -922,6 +977,13 @@ * Drupal uses these functions to achiev
*/

/**
+ * Generate a form token based on the session and the private key to defend against cross site request forgeries.
+ */
+function form_token() {
+ return form_hidden('token', drupal_get_token());
+}
+
+/**
* Generate a form from a set of form elements.
*
* @param $form
@@ -939,7 +1001,7 @@ function form($form, $method = 'post', $
if (!$action) {
$action = request_uri();
}
- return '\n". $form ."\n\n";
+ return '\n". $form . form_token() ."\n\n";
}

Output is changed as follows to include form_token() in some drupal modules
$output .= '' . form_token() . '';

Please let me know if you need any further assistance ?

Best Regards
Paul

Hey there,

We're having the same problem with a 4.7 site (and yep, we're running the latest version of voting.module). As far as we can tell, all anon users are assigned the same user ID of '0', so all anon votes are treated as being from the same (apparently repetitive and highly indecisive) user. We want to encourage site visitors to vote without signing up as an authenticated user, so I'm hoping someone might have an idea as to what we can do to tweak/hack the module.

Does the fix posted above work for 4.7 as well as 4.6? Anyone? Bueller?

Thanks in advance,

Heather