34
Quote:
I think the polls are based on username, if the voter is logged in. For anonymous users, we use IP.
IMHO, nope...
I think there is some logic to correct, here:
here is the code from XoopsPollLog:
$sql = "SELECT COUNT(*) FROM ".$db->prefix("xoopspoll_log")." WHERE poll_id=".$poll_id." AND (ip='".$ip."'";
if ( !empty($user_id) ) {
$sql .= " OR user_id=".$user_id."";
}
$sql .= ")";
list($count) = $db->fetchRow($db->query($sql));
if ( $count > 0 ) {
return true;
The request is thus, for a logged user:
AND ( IP = ... OR UID = ... ) ==> has voted
in other words, when I have 2 users behind the same firewall, the first is able to vote, but for the second, the IP is the same, the OR condition is true and thus he can't vote.
The correct logic should be:
UID not null ==> use it whatever the ip is.
UID null ==> use the ip whichever it is (this will prevent two anonymous from behind the same firewall, but prevents also a logged user from logging out and voting again)
The corrected code should looks like:
$sql = "SELECT COUNT(*) FROM ".$db->prefix("xoopspoll_log")." WHERE poll_id=".$poll_id." AND ";
if ( !empty($user_id) ) {
$sql .= " user_id=".$user_id;
} else {
$sql .= "ip='".$ip."'";
}
Quote:
Yes, sounds like some nice ideas. 
thanks
