Subject:*
<
Name/Email:*
<
Message Icon:*
<
Select*
<
Message:*
<



Click the Preview to see the content in action.
Options:*
<
Confirmation Code*
<
2 + 8 = ?  
Input the result from the expression
Maximum attempts you can try: 10
*
<
   

Re: HELP!!! xcgallery voting/Rate this pick
by Kiwi_Chris on 2009/7/2 9:45:06

Perfect, can't see any other bugs,,,

well a couple of theme ones but I'll work that out another day.

Legend. Thank you so Much.
Re: HELP!!! xcgallery voting/Rate this pick
by ghia on 2009/7/2 8:19:45

Backup your db.
Run following SQL command in phpMyAdmin:
le="color: #000000"><?php ALTER TABLE `xoopsprefix_xcgal_votes` DROP PRIMARY KEY , ADD PRIMARY KEY ( `pic_id` , `ip` , `v_uid` )
(Replace xoopsprefix by your own)
Re: xcgallery voting/Rate this pick
by Kiwi_Chris on 2009/7/2 5:20:28

If anyone has any idea's of what I can try please post here.

I am in real need of help.

Please.
Re: xcgallery voting/Rate this pick
by Kiwi_Chris on 2009/7/1 21:06:10

The issue is some users can vote many times on one picture.
It does not record in the database the user has voted, if another user has already voted on the same ip address.

e.g. 2 family members of the same house want to vote, the first person votes, and then can't vote anymore
the second person votes, and can vote as many times as they like.

The script checks and see's the user has not voted but as the ip address is the same as one already on record for that picture it does not record this new users info into the database, and for this reason they can continue to vote on the same picture over and over again.

I think all that needs to change is the area of ratepic.php

// Update the votes table
$sql = "INSERT INTO ".$xoopsDB->prefix("xcgal_votes")." ".
"VALUES ('$pic', '".$_SERVER['REMOTE_ADDR']."', '$curr_time', '$vid')";
$result = $xoopsDB->queryF($sql);
redirect_header($location,2,_MD_RATE_OK);


The following is the script for rating a pic, hope it helps.


include "../../mainfile.php";
define('IN_XCGALLERY', true);

require('include/init.inc.php');


// Check if required parameters are present
if (!isset($_GET['pic']) || !isset($_GET['rate'])) redirect_header('index.php',2,_MD_PARAM_MISSING);

$pic = (int)$_GET['pic'];
$rate = (int)$_GET['rate'];

$rate = min($rate, 5);
$rate = max($rate, 0);


// If user does not accept script's cookies, we don't accept the vote
if (!isset($_COOKIE[$xoopsModuleConfig['cookie_name'].'_data'])) {
redirect_header('displayimage.php?pid='.$pic.'&pos='.(-$pic),2,"Please enable Cookies!");
exit;
}

$location = "displayimage.php?pid=".$pic."&pos=".(-$pic);
// Retrieve picture/album information & check if user can rate picture
$sql = "SELECT a.votes as votes_allowed, p.votes as votes, pic_rating ".
"FROM ".$xoopsDB->prefix("xcgal_pictures")." AS p, ".$xoopsDB->prefix("xcgal_albums")." AS a ".
"WHERE p.aid = a.aid AND pid = '$pic' LIMIT 1";
$result = $xoopsDB->query($sql);
if (!$xoopsDB->getRowsNum($result)) redirect_header('index.php',2,_MD_NON_EXIST_AP);
$row = $xoopsDB->fetchArray($result);
$xoopsDB->freeRecordSet($result);
if (!USER_CAN_RATE_PICTURES || $row['votes_allowed'] == 'NO') redirect_header($location,2,_MD_PERM_DENIED);


// Clean votes older votes
$curr_time = time();
if ($xoopsModuleConfig['keep_votes_time'] > 0){
$clean_before = $curr_time - $xoopsModuleConfig['keep_votes_time'] * 86400;
$sql = "DELETE ".
"FROM ".$xoopsDB->prefix("xcgal_votes")." ".
"WHERE vote_time < $clean_before";
$result = $xoopsDB->queryf($sql);
}

// Check if user already rated this picture
if (is_object($xoopsUser)){
$vid = $xoopsUser->uid();
$sql = "SELECT * ".
"FROM ".$xoopsDB->prefix("xcgal_votes")." ".
"WHERE pic_id = '$pic' AND v_uid = '$vid'";
}
else {
$vid = 0;
$sql = "SELECT * ".
"FROM ".$xoopsDB->prefix("xcgal_votes")." ".
"WHERE pic_id = '$pic' AND vote_time > '".(time()-86400)."' AND ip='".$_SERVER['REMOTE_ADDR']."'";
}

$result = $xoopsDB->query($sql);
if ($xoopsDB->getRowsNum($result)) redirect_header($location,2,_MD_RATE_ALREADY);


// Update picture rating
$new_rating = round(($row['votes'] * $row['pic_rating'] + $rate * 2000)/($row['votes']+1));
$sql = "UPDATE ".$xoopsDB->prefix("xcgal_pictures")." ".
"SET pic_rating = '$new_rating', votes = votes + 1 ".
"WHERE pid = '$pic' LIMIT 1";
$result = $xoopsDB->queryf($sql);


// Update the votes table
$sql = "INSERT INTO ".$xoopsDB->prefix("xcgal_votes")." ".
"VALUES ('$pic', '".$_SERVER['REMOTE_ADDR']."', '$curr_time', '$vid')";
$result = $xoopsDB->queryF($sql);
redirect_header($location,2,_MD_RATE_OK);

?>

Love any help that can be given.
Re: xcgallery voting/Rate this pick
by Kiwi_Chris on 2009/7/1 20:45:47

Ghia Thank you,

I have found a potential big bug with the voting system and I am hoping there is already a fix as I was in the middle of competition on my site.

The issue is that the database seems to only record the UID if the ip address for that PID is unique.

Issue is when a second uid on the same IP votes on a PID, they are able to vote without end, so allowing them to vote over and over again.

So I desperately need a fix, I mean this could have very negative effects for my site.

Who's Online

106 user(s) are online (85 user(s) are browsing Support Forums)


Members: 0


Guests: 106


more...

Donat-O-Meter

Stats
Goal: $15.00
Due Date: Jul 31
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $15.00
Make donations with PayPal!

Latest GitHub Commits