4
The issue is some users can vote many times on one picture.
It does not record in the database the user has voted, if another user has already voted on the same ip address.
e.g. 2 family members of the same house want to vote, the first person votes, and then can't vote anymore
the second person votes, and can vote as many times as they like.
The script checks and see's the user has not voted but as the ip address is the same as one already on record for that picture it does not record this new users info into the database, and for this reason they can continue to vote on the same picture over and over again.
I think all that needs to change is the area of ratepic.php
// Update the votes table
$sql = "INSERT INTO ".$xoopsDB->prefix("xcgal_votes")." ".
"VALUES ('$pic', '".$_SERVER['REMOTE_ADDR']."', '$curr_time', '$vid')";
$result = $xoopsDB->queryF($sql);
redirect_header($location,2,_MD_RATE_OK);
The following is the script for rating a pic, hope it helps.
include "../../mainfile.php";
define('IN_XCGALLERY', true);
require('include/init.inc.php');
// Check if required parameters are present
if (!isset($_GET['pic']) || !isset($_GET['rate'])) redirect_header('index.php',2,_MD_PARAM_MISSING);
$pic = (int)$_GET['pic'];
$rate = (int)$_GET['rate'];
$rate = min($rate, 5);
$rate = max($rate, 0);
// If user does not accept script's cookies, we don't accept the vote
if (!isset($_COOKIE[$xoopsModuleConfig['cookie_name'].'_data'])) {
redirect_header('displayimage.php?pid='.$pic.'&pos='.(-$pic),2,"Please enable Cookies!");
exit;
}
$location = "displayimage.php?pid=".$pic."&pos=".(-$pic);
// Retrieve picture/album information & check if user can rate picture
$sql = "SELECT a.votes as votes_allowed, p.votes as votes, pic_rating ".
"FROM ".$xoopsDB->prefix("xcgal_pictures")." AS p, ".$xoopsDB->prefix("xcgal_albums")." AS a ".
"WHERE p.aid = a.aid AND pid = '$pic' LIMIT 1";
$result = $xoopsDB->query($sql);
if (!$xoopsDB->getRowsNum($result)) redirect_header('index.php',2,_MD_NON_EXIST_AP);
$row = $xoopsDB->fetchArray($result);
$xoopsDB->freeRecordSet($result);
if (!USER_CAN_RATE_PICTURES || $row['votes_allowed'] == 'NO') redirect_header($location,2,_MD_PERM_DENIED);
// Clean votes older votes
$curr_time = time();
if ($xoopsModuleConfig['keep_votes_time'] > 0){
$clean_before = $curr_time - $xoopsModuleConfig['keep_votes_time'] * 86400;
$sql = "DELETE ".
"FROM ".$xoopsDB->prefix("xcgal_votes")." ".
"WHERE vote_time < $clean_before";
$result = $xoopsDB->queryf($sql);
}
// Check if user already rated this picture
if (is_object($xoopsUser)){
$vid = $xoopsUser->uid();
$sql = "SELECT * ".
"FROM ".$xoopsDB->prefix("xcgal_votes")." ".
"WHERE pic_id = '$pic' AND v_uid = '$vid'";
}
else {
$vid = 0;
$sql = "SELECT * ".
"FROM ".$xoopsDB->prefix("xcgal_votes")." ".
"WHERE pic_id = '$pic' AND vote_time > '".(time()-86400)."' AND ip='".$_SERVER['REMOTE_ADDR']."'";
}
$result = $xoopsDB->query($sql);
if ($xoopsDB->getRowsNum($result)) redirect_header($location,2,_MD_RATE_ALREADY);
// Update picture rating
$new_rating = round(($row['votes'] * $row['pic_rating'] + $rate * 2000)/($row['votes']+1));
$sql = "UPDATE ".$xoopsDB->prefix("xcgal_pictures")." ".
"SET pic_rating = '$new_rating', votes = votes + 1 ".
"WHERE pid = '$pic' LIMIT 1";
$result = $xoopsDB->queryf($sql);
// Update the votes table
$sql = "INSERT INTO ".$xoopsDB->prefix("xcgal_votes")." ".
"VALUES ('$pic', '".$_SERVER['REMOTE_ADDR']."', '$curr_time', '$vid')";
$result = $xoopsDB->queryF($sql);
redirect_header($location,2,_MD_RATE_OK);
?>
Love any help that can be given.
