Polls fix for Mambo portal
10-04-2002

Copyright (C) 2002 Emir Sakic
Distributed under the terms of the GNU General Public License
This information may be used without warranty provided.
This source is available at http://www.superbosna.com/mambo_hacks

Mambo is Copyright (C) 2000-2001 Miro Construct Pty Ltd
Source is available at http://sourceforge.net/projects/mambo
Site Name: Mambo Open Source Edition Version 3.0.7

Date: 10/04/2001
Version #: 1.0.0
Comments: Send your comments and suggestions to: saka@hotmail.com


Problem:  The Polls in Mambo Open Source portal are cookie driven. 
          The flood check is done by reading the poll cookie value.
          This check can be bypassed by blocking all cookies (extra easy with IE6 privacy settings).
          This way the user can abuse the poll by voting as many times as he wants if cookies are disabled.

Solution: Before allowing user to vote we will check if cookies are enabled.
          We can try to read an already set cookie value called "sessioncookie".
          If script can't read it that means that the cookies are blocked and voting should not be allowed.

Hack:     1) Open the file pollBooth.php
          2) Search for line:
             $database = new database();
          3) Insert following code bellow:
             
             // check if cookies enabled
             global $sessioncookie;
             if(empty($sessioncookie)) {
                print "<SCRIPT> alert('Cookies must be enabled!'); window.history.go(-1);</SCRIPT>\n";
             } else {
             
          4) Search for line:
             function pollresult($database, $poll, $view, $pollID, $month){
          5) Insert following code above:

             } // end else

          6) Done

Note that this check can still be bypassed by deleting the cookies after every voting,
but that is more annoying for abusers than just blocking the cookies.