Jump to content

[SOLVED] Voting system not working anymore


GamerGun

Recommended Posts

Hello all,

 

I'm suffering from a problem with my voting system and i'm unable to find out what is going on.

 

Files affected:

 

index2.php

pre_rate_game.php

rating.php

 

index2.php is being used to play a game. Also the option to rate and such are included here.

 

<?php 
session_start();
?>

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<base href="http://www.gamergun.nl" />
<!-- 10eeb0a7337dc8db46881b3e2d4fb620mochiads.com -->
<?php include("parse.php"); ?>
<?php include("header.php"); ?>

<script type="text/javascript">//<![CDATA[

function checkAgeCheckBox(f){

var dob=new Date();
var date=dob.getDate();
var month=dob.getMonth() + 1;
var year=dob.getFullYear();

var cmbmonth=parseInt(document.getElementById("cmbmonth").options[document.getElementById("cmbmonth").selectedIndex].value);
var cmbday=parseInt(document.getElementById("cmbday").options[document.getElementById("cmbday").selectedIndex].value);
var cmbyear=parseInt(document.getElementById("cmbyear").options[document.getElementById("cmbyear").selectedIndex].value);

age=year-cmbyear;

if(cmbmonth>month){age--;}
else{if(cmbmonth==month && cmbday>=date){age--;}}

if(cmbmonth==0){alert("Je moet wel je geboortemaand opgeven.");return false;}
else if(cmbday==0){alert("Je moet wel je geboortedag opgeven.");return false;}
else if(cmbyear==2008){alert("Je moet wel je geboortejaar opgeven.");return false;}
else if(age<18){alert("Je bent onder de 18 jaar en mag geen gebruik maken van deze adult games!");location.replace("http://www.gamergun.nl/");return false;}
else if(!document.getElementById("agree").checked){alert('Je moet wel instemmen met de voorwaarden.');return false;}
else{return true;}

}

//]]></script>

</head>
<body>
<a name="top"></a>
<table width="892" cellpadding="0" cellspacing="0" align="center" class="text">
<tr><td>
<div id="container">
<!--[if lte IE 7]>
    <link rel="stylesheet" type="text/css" href="ie_style.css" media="screen" />
<![endif]--> 

<!--Thumbnails-->

<div id="thumbblok"></div>
<script type="text/javascript" src="js/thumbs.js"></script>
<script language="JavaScript" src="w4ftell.js" type="text/javascript"></script>
<!--End Thumbnails-->
<?php include("menu.php"); ?>

<div id="box_random">
<?php
///////////////////////////////// Random Games ////////////////////////////////////
// random blok
	$mode = "two_random"; // opbouw manier van random

	include('pre_list_random.php');


?>
</div>

<?php
function curPageURL() {
$pageURL = 'http';
if ($_SERVER["HTTPS"] == "on") {$pageURL .= "s";}
$pageURL .= "://";
if ($_SERVER["SERVER_PORT"] != "80") {
  $pageURL .= $_SERVER["SERVER_NAME"].":".$_SERVER["SERVER_PORT"].$_SERVER["REQUEST_URI"];
} else {
  $pageURL .= $_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"];
}
return $pageURL;
}
?>

<?php
$URL = curPageURL();
$parsedURL = parse_url ($URL); 

$splitPath = preg_split ('/\//', $parsedURL['path'], 0, PREG_SPLIT_NO_EMPTY);
$test = $splitPath[1];
?>

<div id="content">

<div id="games">
<div style="text-align:center" /><?php	
///////////////////////////////// Spelletjes spelen ////////////////////////////////////////////////
	if(!empty($_GET['game'])){

		include("preloader.php");
		$game = $test;
		$query="SELECT * from games WHERE id='" .$game . "'";
		$result = mysql_query($query) or die ("ERROR: " . mysql_error());
		$rij = mysql_fetch_object($result);
		$title = $rij->title;
		$descr = $rij->descr;
		$tagging = $rij->tagging;
		$page = $rij->page;
		$cid = $rij->cid;
		$age= $_GET['yes'];
		if($_SESSION['id'] == 1){
		$age = "0"; }
		if($age == "0"){
		session_register('id');
		$_SESSION['id'] = "1";
		$query="SELECT gamex, gamey from settings WHERE sid='1'";
		$result = mysql_query($query) or die ("ERROR: " . mysql_error());
		$rij = mysql_fetch_object($result);
		$gamex = $rij->gamex;
		$gamey = $rij->gamey;
		// records times played
		include("pre_update_clicks.php");
		echo("<h2>$title</h2>");
		echo("Omschrijving: " .$descr);
		?>
		<p align="center">
		<?php include("flash.php"); ?>
		<br />
		<a href="javascript:newWindow('sendpage.php?'+document.location.href,'tell',500,400,'')">Breng iemand op de hoogte van dit spelletje!</a> - 
		<a href="javascript:newWindow('pre_send_mail_broken.php?'+document.location.href,'tell',500,450,'')">Werkt dit spel niet? Laat ons het weten!</a><br />
		<?php
		echo("</p>");
		include("pre_rate_game.php");
		include("footer.php");

		}else{
		if($cid == "116"){include('TGD_ageVer.php');}else{  		
		$query="SELECT gamex, gamey from settings WHERE sid='1'";
		$result = mysql_query($query) or die ("ERROR: " . mysql_error());
		$rij = mysql_fetch_object($result);
		$gamex = $rij->gamex;
		$gamey = $rij->gamey;
		// records times played
		include("pre_update_clicks.php");
		echo("<h2>$title</h2>");
		echo("Description: " .$descr);
		?>
		<p align="center"><script  type="text/javascript" src="http://www.ads4free.nl/show_banner.php?user=gamergun&size=4"></script>
		<?php include("flash.php"); ?>
		<br />
		<a href="javascript:newWindow('sendpage.php?'+document.location.href,'tell',500,400,'')">Notify someone about this game!</a> - 
		<a href="javascript:newWindow('pre_send_mail_broken.php?'+document.location.href,'tell',500,450,'')">Game not working? Tell us now!</a><br />
		<?php
		echo("</p>");
		include("pre_rate_game.php");
		include("footer.php");

	}
	}							
	}
///////////////////////////////// Einde spelletjes spelen //////////////////////////////////////////	?>

</div>
</div>
</div>
</td></tr></table>
</body>
</html>

 

pre_rate_game.php is the form to vote and which sends the information

 

<?php include("header.php"); ?>

<?php
$query = mysql_query("SELECT votes, score, clicks, tagging FROM games WHERE id='$game' ")or die(" Error: ".mysql_error());
$numbers = mysql_fetch_assoc($query);
$count = $numbers['votes']; 
$score = $numbers['score']; 
$real_ip = isset($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR'];

if($score != 0){ $avg = $score/$count; } else { $avg = 0; }
if($count == 1){ $votes = "vote"; } else { $votes = "votes"; }
echo("Times played: ".$numbers['clicks']." - Score: <b>". round($avg,1) . " / 10  </b>(".$count. " ".$votes.")");

$voted=mysql_num_rows(mysql_query("SELECT used_ips FROM games WHERE used_ips LIKE '%".$real_ip."%' AND id='".$game."' "));
if(!$voted) {     //if the user hasn't yet voted, then vote normally...
?>

<form method="post" action="rating.php">
<input type="hidden" name="ip" value="<?php echo($real_ip);?>" />
<input type="hidden" name="id" value="<?php echo($game); ?>" />
<label for="cijfer">Rate:</label>
<select name="vote" id="vote">
<?php
for ($i = 10; $i >= 1; $i--){
	echo '<option>'.$i.'</option>'.PHP_EOL;
}
?> 
</select>
<input type="submit" value="Vote!" />
</form>
<?php 
} else {
echo(" <font color=#387C44>Thank you for voting!</font><br /><br />");
}
// tags voor zoek verbetering
echo("<b>Tags:</b> ".$tagging."");
?>

 

rating.php is to transfer the information into the db and reloads the index2.php page with the updated rating.

 

<?php
header("Cache-Control: no-cache");
header("Pragma: nocache");
require('connect/connect-db.php'); // get the db connection info

//getting the values
$vote_sent = mysql_real_escape_string($_POST['vote']);
$id_sent = mysql_real_escape_string($_POST['id']);
$ip_sent = mysql_real_escape_string($_POST['ip']);

//connecting to the database to get some information
$query = mysql_query("SELECT votes, score, used_ips FROM games WHERE id='$id_sent' ")or die(" Error: ".mysql_error());
$numbers = mysql_fetch_assoc($query);
$checkIP = unserialize($numbers['used_ips']);
$count = $numbers['votes']; //how many votes total
$current_rating = $numbers['score']; //total number of rating added together and stored
$sum = $vote_sent+$current_rating; // add together the current vote value and the total vote value
$tense = ($count==1) ? "stem" : "stemmen"; //plural form votes/vote

// checking to see if the first vote has been tallied
// or increment the current number of votes
($sum==0 ? $added=0 : $added=$count+1);

// if it is an array i.e. already has entries the push in another value
((is_array($checkIP)) ? array_push($checkIP,$ip_sent) : $checkIP=array($ip_sent));
$insertip=serialize($checkIP);

//IP check when voting
$voted=mysql_num_rows(mysql_query("SELECT used_ips FROM games WHERE used_ips LIKE '%".$ip_sent."%' AND id='".$id_sent."' "));
if(!$voted) {     //if the user hasn't yet voted, then vote normally...
if ($vote_sent >= 1 && $vote_sent < 11) { // keep votes within range
	$update = "UPDATE games SET votes='".$added."', score='".$sum."', used_ips='".$insertip."' WHERE id='$id_sent'";
	$result = mysql_query($update) or die(" Error: ".mysql_error());				
}
#echo("<meta http-equiv=\"refresh\" content=\"0;URL=http://gamergun.nl/game/$id_sent/.html\" />");
echo $id_sent;
exit;
} else {
#echo("<meta http-equiv=\"refresh\" content=\"0;URL=http://gamergun.nl/game/$id_sent/.html\" />");
echo $id_sent;
}
?>

 

To make a long story short, $id_sent is empty.

 

As you can see it starts with $test = $splitPath[1]; in index2.php

This transforms into $game = $test;

 

After that, it goes to pre_rate_game.php

In that one, it's being used as <input type="hidden" name="id" value="<?php echo($game); ?>" />

 

Till there it looks like that it is working. Just when doing the final step, the problem occurs.

$id_sent = mysql_real_escape_string($_POST['id']); that is.

 

Any idea why the data is not being send or where it can go wrong?

 

I've been playing with it for hours now and i just can't find out what is going wrong.

 

Thanks in advance.

 

Pz -T

 

 

Link to comment
Share on other sites

Look back at pre_rate_game.php

 

Where does $game come from? Is it set in header.php, maybe you've doen something naughty and have registered globals on, but this would be a good starting point.

 

No, it's not in the header, but pre_rate_game.php is a part of index2.php e.g. being included.

 

Should that not be enough? When i echo $game in that file i get the correct output.

Link to comment
Share on other sites

Yep, it does

 

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>GamerGun - Play Games For Free - Free Flash Games</title>
<meta name="Keywords" content="" />
<meta name="Play games for free" content="" />
<link href="index.css" rel="stylesheet" type="text/css" />
Times played: 55 - Score: <b>0 / 10  </b>(0 votes)
<form method="post" action="rating.php">
<input type="hidden" name="ip" value="194.171.252.100" />
<input type="hidden" name="id" value="2952" />
<label for="cijfer">Rate:</label>
<select name="vote" id="vote">

<option>10</option>
<option>9</option>
<option>8</option>
<option>7</option>
<option>6</option>
<option>5</option>
<option>4</option>
<option>3</option>
<option>2</option>

<option>1</option>

 

Thanks for helping me out

Link to comment
Share on other sites

Before this line;

 

$id_sent = mysql_real_escape_string($_POST['id']);

 

put;

 

echo '<pre>';var_dump($_POST);echo '</pre>';

 

Copy and pasted the extra stuff that gets posted.

 

Also $id_sent should be a variable so you can do this to be secure;

 

$id_sent = (int) $_POST['id'];

Link to comment
Share on other sites

try putting print_r($_POST); at the top of ur pages, then use the source viewer to look at the results.

 

All are just outputting Array ( )

 

Before this line;

 

$id_sent = mysql_real_escape_string($_POST['id']);

 

put;

 

echo '<pre>';var_dump($_POST);echo '</pre>';

 

Copy and pasted the extra stuff that gets posted.

 

Also $id_sent should be a variable so you can do this to be secure;

 

$id_sent = (int) $_POST['id'];

 

This gives me:

 

array(0) {
}

0

 

echo '<pre>';var_dump($_POST);echo '</pre>';
$id_sent = (int) $_POST['id'];
#$id_sent = mysql_real_escape_string($_POST['id']);

 

Thanks

 

Pz -T

Link to comment
Share on other sites

There is something ouve missed or not told us,

 

The page is not recieving any post information. at all. as if your not submitting the form to that page.

 

make a normal html document, put the action to the URL of the buggy script, post any data with the var dump or print r at the top of your page. you should.

 

Apart from;

$_POST var being reset,

accidentally posting URL arguments ($_GET);

Old version of PHP (other scripts wouldnt work).

 

there shud be no possible explanation why there is no post data. the other pages accept post data fine.

 

Link to comment
Share on other sites

There is something ouve missed or not told us,

 

The page is not recieving any post information. at all. as if your not submitting the form to that page.

 

Yes, looks like rating.php is not getting anything. Just tested $vote_sent and such too, all empty.

 

make a normal html document, put the action to the URL of the buggy script, post any data with the var dump or print r at the top of your page. you should.

 

Sorry i don't get what you mean. A new html document, instead of rating.php or a new combination of both pre_rate_game.php and rating.php?

 

Apart from;

$_POST var being reset,

accidentally posting URL arguments ($_GET);

 

How can i check this?

 

Old version of PHP (other scripts wouldnt work).

 

I'm using PHP version 5.1 or 5.2 so that should be fine. Got no other problems.

 

there shud be no possible explanation why there is no post data. the other pages accept post data fine.

 

Indeed. Thanks for helping me

Link to comment
Share on other sites

gevans, he stated his version. but yes you could try request to see if the data is being accidentall sent threough the URL. via _GET.

 

OR;

 

save this to test.html (change ACTION_HERE to the URL of the buggy script).

 

<form method="post" action="ACTION_HERE">
<input type="text" name="text_input"><br />
<input type="checkbox" value="Check1"><Br />
<input type="submit" value="Submit Form">
</form>

 

view test.html in any browser (does not have to be off server can just double click the file.), and see if it has any post data then.

Link to comment
Share on other sites

gevans, he stated his version. but yes you could try request to see if the data is being accidentall sent threough the URL. via _GET.

 

OR;

 

save this to test.html (change ACTION_HERE to the URL of the buggy script).

 

<form method="post" action="ACTION_HERE">
<input type="text" name="text_input"><br />
<input type="checkbox" value="Check1"><Br />
<input type="submit" value="Submit Form">
</form>

 

view test.html in any browser (does not have to be off server can just double click the file.), and see if it has any post data then.

 

Thanks. Take a look: http://gamergun.nl/test.html

 

This is giving me output, so perhaps that gives us some more information

Link to comment
Share on other sites

Yep, it does

 

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>GamerGun - Play Games For Free - Free Flash Games</title>
<meta name="Keywords" content="" />
<meta name="Play games for free" content="" />
<link href="index.css" rel="stylesheet" type="text/css" />
Times played: 55 - Score: <b>0 / 10  </b>(0 votes)
<form method="post" action="rating.php">
<input type="hidden" name="ip" value="194.171.252.100" />
<input type="hidden" name="id" value="2952" />
<label for="cijfer">Rate:</label>
<select name="vote" id="vote">

<option>10</option>
<option>9</option>
<option>8</option>
<option>7</option>
<option>6</option>
<option>5</option>
<option>4</option>
<option>3</option>
<option>2</option>

<option>1</option>

 

Thanks for helping me out

 

Check your HTML, there's no head tag closing or body tags in this code.

Link to comment
Share on other sites

Hmm, it seems i cannot debug any further, your server will not accept POST variables sent from an outside address, so i cant mess around with the form.

 

Basically, put this into test.html:

 

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<base href="http://www.gamergun.nl" />
<!-- 10eeb0a7337dc8db46881b3e2d4fb620mochiads.com -->


<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>GamerGun - Play Games For Free - Free Flash Games</title>
<meta name="Keywords" content="" />
<meta name="Play games for free" content="" />
<link href="index.css" rel="stylesheet" type="text/css" /><script type="text/javascript">//<![CDATA[

function checkAgeCheckBox(f){

var dob=new Date();
var date=dob.getDate();
var month=dob.getMonth() + 1;
var year=dob.getFullYear();

var cmbmonth=parseInt(document.getElementById("cmbmonth").options[document.getElementById("cmbmonth").selectedIndex].value);
var cmbday=parseInt(document.getElementById("cmbday").options[document.getElementById("cmbday").selectedIndex].value);
var cmbyear=parseInt(document.getElementById("cmbyear").options[document.getElementById("cmbyear").selectedIndex].value);

age=year-cmbyear;

if(cmbmonth>month){age--;}
else{if(cmbmonth==month && cmbday>=date){age--;}}

if(cmbmonth==0){alert("Je moet wel je geboortemaand opgeven.");return false;}
else if(cmbday==0){alert("Je moet wel je geboortedag opgeven.");return false;}
else if(cmbyear==2008){alert("Je moet wel je geboortejaar opgeven.");return false;}
else if(age<18){alert("Je bent onder de 18 jaar en mag geen gebruik maken van deze adult games!");location.replace("http://www.gamergun.nl/");return false;}
else if(!document.getElementById("agree").checked){alert('Je moet wel instemmen met de voorwaarden.');return false;}
else{return true;}

}

//]]></script>

<script src="/mint/?js" type="text/javascript"></script>
</head>
<body>

<a name="top"></a>
<table width="892" cellpadding="0" cellspacing="0" align="center" class="text">
<tr><td>
<div id="container">
<!--[if lte IE 7]>
    <link rel="stylesheet" type="text/css" href="ie_style.css" media="screen" />
<![endif]--> 

<!--Thumbnails-->

<div id="thumbblok"></div>
<script type="text/javascript" src="js/thumbs.js"></script>
<script language="JavaScript" src="w4ftell.js" type="text/javascript"></script>
<!--End Thumbnails-->
<div id="header">
<h1>GamerGun</h1>

<h2>Play games for free</h2>
<ul>
	<li><a href="index.php" accesskey="3" title="">Home</a></li>
        <li><a href="multiplayerbox.php" accesskey="2" title="multiplayer games">Multiplayer</a></li>
	<li><a href="index_games.php?games=alle" accesskey="4" title="">All games</a></li>
	<li><a href="index_cats.php?cat=alle" accesskey="5" title="">Categories</a></li>

	<li><a href="help.php" accesskey="6" title="">Help</a></li>
</ul>
</div>
<div id="box_random">
<table width="250" border="0" cellpadding="3" cellspacing="0" class="random_text"><tr><td rowspan="2" width="75" valign="top"><a href="game/79/Bug_Patrol.html"><img src="411.png" width="75" height="75" border="0" alt="" /></a></td><td valign="top" width="175" height="10"><a href="game/79/Bug_Patrol.html">Bug Patrol</a></td></tr><tr><td valign="top">Spray down the approaching bugs using your deadly spray before they reach the flowers....</td></tr></table><table width="250" border="0" cellpadding="3" cellspacing="0" class="random_text"><tr><td rowspan="2" width="75" valign="top"><a href="game/2187/Metroid_Elements.html"><img src="1536.png" width="75" height="75" border="0" alt="" /></a></td><td valign="top" width="175" height="10"><a href="game/2187/Metroid_Elements.html">Metroid Elements</a></td></tr><tr><td valign="top">Guide Samus Aran through the dangerous Pyramid and destroy all the Metroids and defeat Ridley....</td></tr></table></div>



<div id="content">


<div id="games">
<div style="text-align:center" /> 

<h2>Snoopy Click</h2>Description: Snoopy Cilck is a game with its intention to test your memory capability.			<p align="center"><script  type="text/javascript" src="http://www.ads4free.nl/show_banner.php?user=gamergun&size=4"></script>
		<object type="application/x-shockwave-flash" data="games/20529.swf" width="700" height="550"> <param name="movie" value="games/20529.swf" /> <param name="quality" value="high"/> </object>			<br />
		<a href="javascript:newWindow('sendpage.php?'+document.location.href,'tell',500,400,'')">Notify someone about this game!</a> - 
		<a href="javascript:newWindow('pre_send_mail_broken.php?'+document.location.href,'tell',500,450,'')">Game not working? Tell us now!</a><br />

		</p> 

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>GamerGun - Play Games For Free - Free Flash Games</title>
<meta name="Keywords" content="" />
<meta name="Play games for free" content="" />
<link href="index.css" rel="stylesheet" type="text/css" />Times played: 10 - Score: <b>0 / 10  </b>(0 votes)
<form method="post" action="rating.php">
<input type="hidden" name="ip" value="93.97.208.2" />
<input type="hidden" name="id" value="443" />
<label for="cijfer">Rate:</label>
<select name="vote" id="vote">
<option>10</option>

<option>9</option>
<option>8</option>
<option>7</option>
<option>6</option>
<option>5</option>
<option>4</option>
<option>3</option>
<option>2</option>
<option>1</option>


</select>
<input type="submit" value="Vote!" />
</form>
<b>Tags:</b> <div id="footer_ads">
<table class="footerding" align="center">
<tr><td width="250"><b>Steun GamerGun</b><br />
Steun GamerGun.nl door op <a href="http://www.gamergun.nl/out.php?id=17" target="_blank">deze link</a> te klikken.<br />
Hiermee komen wij hoger in de GameTop.
Bedankt!</td>

<td width="50">|<br />|<br />|<br />|</td>
<td width="500" align="center">	<p><a href="http://www.gamergun.nl/out.php?id=17" target="_blank"><img src="http://www.gamergun.nl/images/gametop_banner_xxx.gif" border="0" style="border-color: #000000" width="468" height="60" alt="Kom jij met mij spelen Gametop" title="Kom jij met mij spelen Gametop" /></a></p></td></tr>
</table></div>

<div id="footer">

<div class="topimage"><a href="#top"><img src="images/top.jpg" alt="Go to top" border="0" /></a></div>

<p style="text-align: center"> <br />Copyright (c) 2009 GamerGun - Play Games For Free - Free Flash Games. All Rights Reserved.<br />
<a href="index.php" accesskey="8" title="">Home</a> | 

<a href="help.php" accesskey="8" title="">Help</a> | 
<a href="advertise.php" accesskey="8" title="">Advertise</a> | 
<a href="linktous.php" accesskey="8" title="">Link to GamerGun</a> | 
<a href="terms.php" accesskey="8" title="">Terms</a> | 
<a href="newsletter.php" accesskey="8" title="">Newsletter</a> | 
<a href="mail.php" accesskey="8" title="">Contact</a><br />

Page loaded in 0.019 seconds
</p></div>

</div>
</div>
</div>
</td></tr></table>
</body>
</html>

 

Then, keep trying to post data from it, start with just leaving the form tags and the form elements, if that works then you know its something on the page; and you can start putting bits back in line b line until you find whats causing it.

 

the fact that the small test.html works shows that there is something wrong with the way its posting data, maybe a server restriction bug (never seen this restriction b4), or just something in your html markup is messing up the form - you need to find out what it is.

 

Good Luck.

Link to comment
Share on other sites

yes exactly, the small test file works, this 1 doesn't.

 

So, there is something on that page stopping it from working, keep taking bits out around the form until it works, or until your left with the form, i which case ill be here 2 moro helpin u out again lol.

Link to comment
Share on other sites

I found the problem!

 

After i removed <base href="http://www.gamergun.nl" />, it is working fine.

 

Now you'd ask, why are you using that base href? Well, im having some rewrite rules:

 

Options +FollowSymLinks
RewriteEngine On

RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^(.*)$ http://%1/$1 [R=301,L] 

RewriteRule ^([^/]*)\.(jpg|gif|png)$ thumbnails/$1.$2

RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?gamergun.nl/.*$ [NC]
RewriteRule .*\.(swf)$ http://www.gamergun.nl [R,NC]

RewriteRule ^game/([^/]*)/([^/]*)\.html$ /index2.php?game=$1&name=$2 [L]

 

Without it, images don't load and such. Let me test it on the live version.

 

 

Link to comment
Share on other sites

There you go, at least you found the problem, and you've learned a little debugging technique at the same time ;).

 

Now you just have to find out why base ref affected form data, or find a way around using it.

 

unfortunately i never got into mod_rewrite but im sure there are plenty of rewrite experts on here!

Link to comment
Share on other sites

See what i mean;

 

http://gamergun.nl/game/2962/Math_Lines.html

 

But now the VOTE button is giving a 404. The error log says:

 

[error] [client 194.171.252.100] File does not exist: /home/mqxfaokl/domains/gamergun.nl/public_html/game, referer: http://gamergun.nl/game/2962/Math_Lines.html

 

After "game" there should be a / and the ID, which is not the case.

 

rating.php

 

echo("<meta http-equiv=\"refresh\" content=\"0;URL=http://gamergun.nl/game/$id_sent/.html\" />");
exit;
} else {
echo("<meta http-equiv=\"refresh\" content=\"0;URL=http://gamergun.nl/game/$id_sent/.html\" />");
}

Link to comment
Share on other sites

Okay, changed some things, but still having the problem that it is not submitting stuff.

 

See for yourself: http://gamergun.nl/game/529/Bullseye.html

 

index2.php

 

<?php 
session_start();
?>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>

<!-- 10eeb0a7337dc8db46881b3e2d4fb620mochiads.com -->
<?php include("parse.php"); ?>
<?php include("header.php"); ?>
<script type="text/javascript">//<![CDATA[

function checkAgeCheckBox(f){

var dob=new Date();
var date=dob.getDate();
var month=dob.getMonth() + 1;
var year=dob.getFullYear();

var cmbmonth=parseInt(document.getElementById("cmbmonth").options[document.getElementById("cmbmonth").selectedIndex].value);
var cmbday=parseInt(document.getElementById("cmbday").options[document.getElementById("cmbday").selectedIndex].value);
var cmbyear=parseInt(document.getElementById("cmbyear").options[document.getElementById("cmbyear").selectedIndex].value);

age=year-cmbyear;

if(cmbmonth>month){age--;}
else{if(cmbmonth==month && cmbday>=date){age--;}}

if(cmbmonth==0){alert("Je moet wel je geboortemaand opgeven.");return false;}
else if(cmbday==0){alert("Je moet wel je geboortedag opgeven.");return false;}
else if(cmbyear==2008){alert("Je moet wel je geboortejaar opgeven.");return false;}
else if(age<18){alert("Je bent onder de 18 jaar en mag geen gebruik maken van deze adult games!");location.replace("http://www.gamergun.nl/");return false;}
else if(!document.getElementById("agree").checked){alert('Je moet wel instemmen met de voorwaarden.');return false;}
else{return true;}

}

//]]></script>

</head>
<body>
<a name="top"></a>
<table width="892" cellpadding="0" cellspacing="0" align="center" class="text">
<tr><td>
<div id="container">
<!--[if lte IE 7]>
    <link rel="stylesheet" type="text/css" href="http://www.gamergun.nl/ie_style.css" media="screen" />
<![endif]--> 

<!--Thumbnails-->

<div id="thumbblok"></div>
<script type="text/javascript" src="http://www.gamergun.nl/js/thumbs.js"></script>
<script language="JavaScript" src="http://www.gamergun.nl/w4ftell.js" type="text/javascript"></script>
<!--End Thumbnails-->
<?php include("menu.php"); ?>

<div id="box_random">
<?php
///////////////////////////////// Random Games ////////////////////////////////////
// random blok
	$mode = "two_random"; // opbouw manier van random

	include('pre_list_random.php');


?>
</div>

<div id="content">

<div id="games">
<div style="text-align:center" /><?php	
///////////////////////////////// Spelletjes spelen ////////////////////////////////////////////////
	if(!empty($_GET['game'])){

		include("preloader.php");
		$game = mysql_real_escape_string($_GET['game']);
		$query="SELECT * from games WHERE id='" .$game . "'";
		$result = mysql_query($query) or die ("ERROR: " . mysql_error());
		$rij = mysql_fetch_object($result);
		$title = $rij->title;
		$descr = $rij->descr;
		$tagging = $rij->tagging;
		$page = $rij->page;
		$cid = $rij->cid;
		$age= $_GET['yes'];
		if($_SESSION['id'] == 1){
		$age = "0"; }
		if($age == "0"){
		session_register('id');
		$_SESSION['id'] = "1";
		$query="SELECT gamex, gamey from settings WHERE sid='1'";
		$result = mysql_query($query) or die ("ERROR: " . mysql_error());
		$rij = mysql_fetch_object($result);
		$gamex = $rij->gamex;
		$gamey = $rij->gamey;
		// records times played
		include("pre_update_clicks.php");
		echo("<h2>$title</h2>");
		echo("Omschrijving: " .$descr);
		?>
		<p align="center">
		<?php include("flash.php"); ?>
		<br />
		<a href="javascript:newWindow('http://www.gamergun.nl/sendpage.php?'+document.location.href,'tell',500,400,'')">Breng iemand op de hoogte van dit spelletje!</a> - 
		<a href="javascript:newWindow('http://www.gamergun.nl/pre_send_mail_broken.php?'+document.location.href,'tell',500,450,'')">Werkt dit spel niet? Laat ons het weten!</a><br />
		<?php
		echo("</p>");
		include("pre_rate_game.php");
		include("footer.php");

		}else{
		if($cid == "116"){include('TGD_ageVer.php');}else{  		
		$query="SELECT gamex, gamey from settings WHERE sid='1'";
		$result = mysql_query($query) or die ("ERROR: " . mysql_error());
		$rij = mysql_fetch_object($result);
		$gamex = $rij->gamex;
		$gamey = $rij->gamey;
		// records times played
		include("pre_update_clicks.php");
		echo("<h2>$title</h2>");
		echo("Description: " .$descr);
		?>
		<p align="center"><script  type="text/javascript" src="http://www.ads4free.nl/show_banner.php?user=gamergun&size=4"></script>
		<?php include("flash.php"); ?>
		<br />
		<a href="javascript:newWindow('http://www.gamergun.nl/sendpage.php?'+document.location.href,'tell',500,400,'')">Notify someone about this game!</a> - 
		<a href="javascript:newWindow('http://www.gamergun.nl/pre_send_mail_broken.php?'+document.location.href,'tell',500,450,'')">Game not working? Tell us now!</a><br />
		<?php
		echo("</p>");
		include("pre_rate_game.php");
		include("footer.php");

	}
	}							
	}
///////////////////////////////// Einde spelletjes spelen //////////////////////////////////////////	?>

</div>
</div>
</div>
</td></tr></table>
</body>
</html>

 

pre_rate_game.php

 

<?php
$query = mysql_query("SELECT votes, score, clicks, tagging FROM games WHERE id='$game' ")or die(" Error: ".mysql_error());
$numbers = mysql_fetch_assoc($query);
$count = $numbers['votes']; 
$score = $numbers['score']; 
$real_ip = isset($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR'];

if($score != 0){ $avg = $score/$count; } else { $avg = 0; }
if($count == 1){ $votes = "vote"; } else { $votes = "votes"; }
echo("Times played: ".$numbers['clicks']." - Score: <b>". round($avg,1) . " / 10  </b>(".$count. " ".$votes.")");

$voted=mysql_num_rows(mysql_query("SELECT used_ips FROM games WHERE used_ips LIKE '%".$real_ip."%' AND id='".$game."' "));
if(!$voted) {     //if the user hasn't yet voted, then vote normally...
?>

<form method="post" action="http://www.gamergun.nl/rating.php">
<input type="hidden" name="ip" value="<?php echo($real_ip);?>" />
<input type="hidden" name="id" value="<?php echo($game); ?>" />
<label for="cijfer">Rate:</label>
<select name="vote" id="vote">
<?php
for ($i = 10; $i >= 1; $i--){
	echo '<option>'.$i.'</option>'.PHP_EOL;
}
?> 
</select>
<input type="submit" value="Vote!" />
</form>
<?php 
} else {
echo(" <font color=#387C44>Thank you for voting!</font><br /><br />");
}

?>

 

rating.php

 

<?php
header("Cache-Control: no-cache");
header("Pragma: nocache");
require('connect/connect-db.php'); // get the db connection info

//getting the values
$vote_sent = mysql_real_escape_string($_POST['vote']);
echo '<pre>';var_dump($_POST);echo '</pre>';
$id_sent = mysql_real_escape_string($_POST['id']);
$ip_sent = mysql_real_escape_string($_POST['ip']);

//connecting to the database to get some information
$query = mysql_query("SELECT votes, score, used_ips FROM games WHERE id='$id_sent' ")or die(" Error: ".mysql_error());
$numbers = mysql_fetch_assoc($query);
$checkIP = unserialize($numbers['used_ips']);
$count = $numbers['votes']; //how many votes total
$current_rating = $numbers['score']; //total number of rating added together and stored
$sum = $vote_sent+$current_rating; // add together the current vote value and the total vote value
$tense = ($count==1) ? "stem" : "stemmen"; //plural form votes/vote

// checking to see if the first vote has been tallied
// or increment the current number of votes
($sum==0 ? $added=0 : $added=$count+1);

// if it is an array i.e. already has entries the push in another value
((is_array($checkIP)) ? array_push($checkIP,$ip_sent) : $checkIP=array($ip_sent));
$insertip=serialize($checkIP);

//IP check when voting
$voted=mysql_num_rows(mysql_query("SELECT used_ips FROM games WHERE used_ips LIKE '%".$ip_sent."%' AND id='".$id_sent."' "));
if(!$voted) {     //if the user hasn't yet voted, then vote normally...
if ($vote_sent >= 1 && $vote_sent < 11) { // keep votes within range
	$update = "UPDATE games SET votes='".$added."', score='".$sum."', used_ips='".$insertip."' WHERE id='$id_sent'";
	$result = mysql_query($update) or die(" Error: ".mysql_error());				
}
echo("<meta http-equiv=\"refresh\" content=\"5;URL=index2.php?game=$id_sent\" />");
exit;
} else {
echo("<meta http-equiv=\"refresh\" content=\"5;URL=index2.php?game=$id_sent\" />");
}
?>

Link to comment
Share on other sites

Fixed it the dirty way. Well.. fixed... more like a work around but it works.

 

Just using GET instead of POST. Dunno why that is working. Not that safe but like anyone is gonna hack a voting system :')

 

Thanks for thinking with me. Pz -T

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.