Page 2 of 2
Re: Vote System (Web)
Posted: Mon Nov 28, 2011 2:18 pm
by Kriogen
U could try to add ip restriction from mysql, not from php like:
Code: Select all
ALTER TABLE accounts ADD COLUMN points CHAR(15) NOT NULL default '0' AFTER lastIP;ALTER TABLE accounts ADD COLUMN lastvote VARCHAR(30) NULL DEFAULT NULL AFTER pointsALTER TABLE accounts ADD COLUMN points VARCHAR(30) NULL DEFAULT NULL AFTER lastvote;
and add this in painel.php
$today=date("Y-m-d");
$ip=$_SERVER['REMOTE_ADDR'];
and now check for the ip and if today he has voted from that ip:
Code: Select all
$ipcheck = mysql_query("SELECT ip FROM accounts WHERE lastIP = '$ip' and lastvote = '$today'"); if ( mysql_num_rows( $ipcheck ) == '0' ) {$insert = "UPDATE accounts SET points=$points WHERE id = $id";$ip = "UPDATE accounts SET lastIP = '$ip' WHERE id = $id";$data = "UPDATE accounts SET lastvote = '$today' WHERE id = $id";mysql_query($insert);mysql_query($ip);mysql_query($data);} else {echo "error you have voted today";}
Or something like this....i don't fully understand your script since it's in spanish...
Re: Vote System (Web)
Posted: Sun Dec 04, 2011 5:22 pm
by PoRnosJH
how this system works ??
where i have to give access on the mysql user ?
how the character take his reward ??
only Portugal plays in your servers?
Re: Vote System (Web)
Posted: Mon Jun 23, 2014 3:30 pm
by u3games
LaP1 wrote:Up
Updated in first post ^^
Re: Vote System (Web)
Posted: Mon Jun 23, 2014 4:04 pm
by UnAfraid
This system is full of sql injection possibilities
I'd suggest you to use mysql_real_string_escape or something that uses prepared statements like PDO.
I am using PDO and adodb i like adodb because it works with all known database sources and its easy to use and safe against sql injections also noob friendly
Try to use english for variable naming and stuff like that.
Also i would not modify login server's tables but create my own.
Re: Vote System (Web)
Posted: Mon Jun 23, 2014 7:38 pm
by u3games
UnAfraid wrote:This system is full of sql injection possibilities
I'd suggest you to use mysql_real_string_escape or something that uses prepared statements like PDO.
I am using PDO and adodb i like adodb because it works with all known database sources and its easy to use and safe against sql injections also noob friendly
Try to use english for variable naming and stuff like that.
Also i would not modify login server's tables but create my own.
The code is not mine, just update it to make it work.
In the future, it could develop and improve
Re: Vote System (Web)
Posted: Thu Jun 26, 2014 7:26 am
by Sdw
UnAfraid wrote:This system is full of sql injection possibilities
I'd suggest you to use mysql_real_string_escape or something that uses prepared statements like PDO.
I am using PDO and adodb i like adodb because it works with all known database sources and its easy to use and safe against sql injections also noob friendly
Try to use english for variable naming and stuff like that.
Also i would not modify login server's tables but create my own.
Just don't say anything, how are we going to access all server out there if they stop using code like that ?
Re: Vote System (Web)
Posted: Wed Oct 22, 2014 1:17 pm
by xban1x
Just make at least a mysql replace into mysqli
To use better libs.
Re: Vote System (Web)
Posted: Tue Feb 09, 2016 7:45 pm
by u3games
up links ^^
Re: Vote System (Web)
Posted: Wed Feb 10, 2016 4:06 am
by regenx
Just don't use any search fields on your websites and you're 90% safe
No inputs > No injections.
Use .htaccess file.
Isolate your javascripts and your mysql constants from config.php
Re: Vote System (Web)
Posted: Wed Feb 10, 2016 4:35 pm
by u3games
regenx wrote:Just don't use any search fields on your websites and you're 90% safe
No inputs > No injections.
Use .htaccess file.
Isolate your javascripts and your mysql constants from config.php
Ups, i up images ^^
Yes, is old code... it's not mine. In the future..
-->
https://github.com/u3games/U3G_VoteSystem_Web