From e54925060bf36883a22a4170002d8f47d17d1573 Mon Sep 17 00:00:00 2001
From: Les De Ridder <les@lesderid.net>
Date: Mon, 22 Oct 2018 20:47:51 +0200
Subject: [PATCH] Fix poll admin password checking

---
 app/Http/Controllers/PollController.php | 4 ++++
 resources/views/edit_poll.blade.php     | 6 +++---
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/app/Http/Controllers/PollController.php b/app/Http/Controllers/PollController.php
index cf3c971..10f905f 100644
--- a/app/Http/Controllers/PollController.php
+++ b/app/Http/Controllers/PollController.php
@@ -273,6 +273,10 @@ class PollController extends Controller
 
     public function edit(Request $request, Poll $poll)
     {
+        if($poll->admin_password == null || $request->query('password') != $poll->admin_password) {
+            return redirect()->action('PollController@viewResults', ['poll' => $poll]);
+        }
+
         if($request->has('extra_codes')) {
             if($poll->duplicate_vote_checking != 'codes') {
                 return redirect()->action('PollController@view', ['poll' => $poll]);
diff --git a/resources/views/edit_poll.blade.php b/resources/views/edit_poll.blade.php
index 489bf2c..42973f8 100644
--- a/resources/views/edit_poll.blade.php
+++ b/resources/views/edit_poll.blade.php
@@ -23,7 +23,7 @@
 
         <section class="grid grid--large">
             <div class="some-top-margin">
-                <form action="{{ action('PollController@edit', ['poll' => $poll, 'password' => $poll->password]) }}" method="post">
+                <form action="{{ action('PollController@edit', ['poll' => $poll, 'password' => $poll->admin_password]) }}" method="post">
                     @method('PATCH')
 
                     @csrf
@@ -58,7 +58,7 @@
 
             @if ($poll->duplicate_vote_checking == 'codes')
                 <div class="some-top-margin">
-                    <form action="{{ action('PollController@edit', ['poll' => $poll, 'password' => $poll->password]) }}" method="post">
+                    <form action="{{ action('PollController@edit', ['poll' => $poll, 'password' => $poll->admin_password]) }}" method="post">
                         @method('PATCH')
 
                         @csrf
@@ -82,7 +82,7 @@
         <div class="text-browser"><br></div>
 
         <section>
-            <form action="{{ action('PollController@edit', ['poll' => $poll, 'password' => $poll->password]) }}" method="post">
+            <form action="{{ action('PollController@edit', ['poll' => $poll, 'password' => $poll->admin_password]) }}" method="post">
                 @method('PATCH')
 
                 @csrf