Merge pull request #411 from ex-hentai/detached

fix voting for non-existent offers

public/offers.php

@@ -147,6 +147,9 @@ if (isset($_GET['off_details']) && $_GET["off_details"]){
 
 	$res = sql_query("SELECT * FROM offers WHERE id = $id") or sqlerr(__FILE__,__LINE__);
 	$num = mysql_fetch_array($res);
+    if (!$num) {
+        bark($lang_offers['text_nothing_found']);
+    }
 
 	$s = $num["name"];
 
@@ -508,10 +511,12 @@ if (isset($_GET["vote"]) && $_GET["vote"]){
 		}
 		else
 		{
-			sql_query("UPDATE offers SET $vote = $vote + 1 WHERE id=".sqlesc($offerid)) or sqlerr(__FILE__,__LINE__);
-
 			$res = sql_query("SELECT users.username, offers.userid, offers.name FROM offers LEFT JOIN users ON offers.userid = users.id WHERE offers.id = ".sqlesc($offerid)) or sqlerr(__FILE__,__LINE__);
 			$arr = mysql_fetch_assoc($res);
+            if (!$arr) {
+                bark($lang_offers['text_nothing_found']);
+            }
+            sql_query("UPDATE offers SET $vote = $vote + 1 WHERE id=".sqlesc($offerid)) or sqlerr(__FILE__,__LINE__);
             $locale = get_user_locale($arr['userid']);
 
 			$rs = sql_query("SELECT yeah, against, allowed FROM offers WHERE id=".sqlesc($offerid)) or sqlerr(__FILE__,__LINE__);