Warning: Filename cannot be empty - help?

[AdamCCFC]

Hey guys, I'm trying to get a simple good/bad voting system on my website. I've used a free script but I'm getting this warning -

 

 

Warning: file() [function.file]: Filename cannot be empty in C:\xampp\htdocs\mydreamz\vote\vote.php on line 64

 

Above that I'm also seeing -

 

Thank you for voting"; } else { echo "You have already voted"; $vote=fopen($ficdest, "w"); $new_stats=fputs($vote, "$stats[0]|$stats[1]|$stats[2]|$ip|"); fclose($vote); } } ?>

 

Here's the code -

 

<STYLE type=text/css>
TD {
COLOR: #000000; FONT-FAMILY: Verdana, Helvetica, Arial; FONT-SIZE: 11px
}
</style>
<? 
extract($HTTP_GET_VARS);
extract($HTTP_POST_VARS);
/********* PHP Voting SYSTEM v1.0 ************ 
Copyright 2007, Scriptsez.net
You have to leave the copyright. 
If you have any problem just let us know.
Website: http://www.scriptsez.net
**********************************************/ 
$ficdest1=explode(".",basename($PHP_SELF)); 
$ficdest="vote/".$ficdest1[0].".dat"; 
$ip = getenv(REMOTE_ADDR); 
if(file_exists($ficdest)) { 
     $compteur=fopen($ficdest, "r"); 
     $old_stats=file($ficdest); 
     $stats=explode("|", $old_stats[0]); 
     fclose($compteur); 
     $new_count=$stats[0]; 
     $ip_hit=$ip;
} 
else { 
     $nouveau_compteur=fopen($ficdest, "w"); 
     fputs($nouveau_compteur, "0|0|0|0|"); 
     fclose($nouveau_compteur); 
} 

if (!empty($envoi)&& $note !="") { 
$vote=fopen($ficdest, "r"); 
$old_stats=file($ficdest); 
$stats=explode("|", $old_stats[0]); 
fclose($vote); 
$nbr_votes=$stats[0]; 
$moy_votes=$stats[1]; 
if ($stats[3] != $ip) {
$new_count = $stats[0]+1;		 
if($note=="Good"){
$moy_votes1=$moy_votes+1;
$statical=$stats[2];
}elseif($note=="Bad"){
$statical=$stats[2]+1;
$moy_votes1=$moy_votes;
}
$vote=fopen($ficdest, "w"); 
$new_stats=fputs($vote, "$new_count|$moy_votes1|$statical|$ip|"); 
fclose($vote); 
echo "<font face=Verdana size=2 color=blue>Thank you for voting</font>";
} 
else { echo "<font face=Verdana size=2 color=red>You have already voted</font>";
     $vote=fopen($ficdest, "w"); 
     $new_stats=fputs($vote, "$stats[0]|$stats[1]|$stats[2]|$ip|"); 
     fclose($vote); 

} 
}
?>
<!-- Copyright Scriptsez.net Visit http://www.scriptsez.net to get this script for Free -->
<?php
print ("<form method=post>"); 
$old_stats=file($ficdest); 
$stats=explode("|", $old_stats[0]);
$total=($stats[1]+$stats[2]);
if($total<="0"){
$total="1";
$mtotal="Not yet voted";
}else{
if($total=="1"){$spell="vote";}else{$spell="votes";}
$mtotal="$total $spell";
}
$gpercentage=(($stats[1]/$total)*1000);
$goodp=round(($gpercentage / 10 * 10))/10;
$bpercentage=(($stats[2]/$total)*1000);
$badp=round(($bpercentage / 10 * 10))/10;
echo "<table><tr><td><img src=images/thumbs_up.gif>$goodp %</td><td>   </td><td><img src=images/thumbs_down.gif>$badp %</td><td>[$mtotal]</td></tr></table>";
echo"<table><tr><td align=center><img src=images/thumbs_up.gif></td><td><input type=radio name=note value=Good>Good</td>";
echo"<td align=center><img src=images/thumbs_down.gif></td><td><input type=radio name=note value=Bad>Bad</td>";
print ("<td><input type=hidden name=envoi value=1><input type=submit value=Vote style=background:#ffcc00;border-width:1;Border-color:#ffcc00;></td></tr></table></form></font>");
?>

 

Does anybody know why I am getting this, and how I can solve it? Any help would be greatly appreciated!

[AdamCCFC]

This is line 64 btw -

 

$old_stats=file($ficdest); 

[PFMaBiSmAd]

$HTTP_GET_VARS and $HTTP_POST_VARS were depreciated long long ago (php4.1), turned off by default in php5, and completely removed in php6. $PHP_SELF was depreciated long ago (php4.2) when register_globals were turned off by default and completely removed in php6.

 

Also using extract($any_external_variable_here); emulates what register_globals did and allows hackers to set your program variables to any value they want.

 

That code is way out of date (despite the 2007 copyright date), should have been updated or removed from distribution long ago, and is potentially insecure.

[AdamCCFC]

Ohh right ok! Cheers for that