ruler Posted August 17, 2015 Share Posted August 17, 2015 hi this is my first post here and really hoping to get some help with this. just left another php forum because i found them to be unfriendly and unhelpful. below i have a small script which is part of a photo voting system. when a person votes on a photo it is supposed to check their IP and then check the db to see if their IP is already listed and if it is listed then they can not vote again, only one vote per person. i really do not know how to get this thing working and i have tried everything i can, even google led me on a wild goose chase. in the script i have marked where the problem is and really hope someone can help thanks <?php include("config.php"); if(isset($_POST['id']) and !empty($_POST['id'])){ $id= intval($_POST['id']); $contest= htmlspecialchars($_POST['contest']); $ip = $_POST['fingerprint']; $ret = mysqli_query($bd, "select * from contests where contest = '$contest'"); if ($ret !== null){ $contest_settings = mysqli_fetch_object($ret); if ($contest_settings->voting_type == "contest"){ $ip_sql=mysqli_query($bd, "select ip_add from image_IP where contest = '$contest'"); }else{ $ip_sql=mysqli_query($bd, "select ip_add from image_IP where img_id_fk=$id and ip_add='$ip'"); } // next 2 lines need changing to search the db in collumn ip_add and compare if the connecting users ip is listed and if not then allow the vote. if the ip is found then deny the vote. $query = mysqli_query($bd,"SELECT ip_add FROM image_ip WHERE ip_add=$ip"); // the line above is my problem and the line below if($ip !== $query){ $sql = "UPDATE `images` SET love = love +1 WHERE img_id = ".$id; mysqli_query($bd, $sql); $sql_in = "insert into image_IP (ip_add,img_id_fk,contest) values ('$ip',$id,'$contest')"; mysqli_query($bd, $sql_in); $result=mysqli_query($bd, "select love from images where img_id=$id"); $row=mysqli_fetch_array($result); $love=$row['love']; ?> <span title="<?php echo _('I vote for this.'); ?>"><span class="fa fa-heart"></span> <?php echo $love; ?> </span> <?php }else{ echo _('You have already voted !'); } } } if (isset($_POST['action'])){ if ($_POST['action'] == 'login'){ $pwd = $_POST['pwd']; if ($pwd == PASSWD){ $ok = setcookie(COOKIE_NAME, sha1(PASSWD.HASH), 0, '/', '', FALSE, TRUE); if (!$ok){ echo '<div class="alert error">cookie failed !</div>'; } }else{ echo '<div class="alert error"><a class="alert-close" href="#" title="'._('Close').'">×</a>'._('Wrong password !').'</div>'; } } } ?> in the database the column ip_add is varchar(40) Quote Link to comment Share on other sites More sharing options...
Barand Posted August 17, 2015 Share Posted August 17, 2015 (edited) $query = mysqli_query($bd,"SELECT ip_add FROM image_ip WHERE ip_add=$ip"); $query contains a result object, not the the value of the ip_add column. You need to fetch a row from the result then check the ip_add column Edited August 17, 2015 by Barand Quote Link to comment Share on other sites More sharing options...
Solution Ch0cu3r Posted August 17, 2015 Solution Share Posted August 17, 2015 $query = mysqli_query($bd,"SELECT ip_add FROM image_ip WHERE ip_add=$ip"); // the line above is my problem and the line below $ip in the query needs to be wrapped in quotes WHERE ip_add='$ip' if($ip !== $query){ You dont want to be comparing the ip address again as you have done that in your query. Also mysqli_query does not return the ip address from the query only the result set. What you want to be doing is checking to see if the query returned a row (a row will be returned if the ip address matches), which you will use mysqli_num_rows if(mysqli_num_rows($query) !== 0) { // query did match ip address } else { // query did not match ip address } Also note ip addresses are rarely persistent. Most ISP's isssue dynamic ip addresses where by the ip address can change at anytime, every hour, day, week, fortnightly, month etc. IP addresses can easily be spoofed too. So you cannot really trust the user ip address. Quote Link to comment Share on other sites More sharing options...
ruler Posted August 17, 2015 Author Share Posted August 17, 2015 ive been at this for weeks before i finally asked for help. i tried everything and run out of answers. it seems im very out of touch with php programming after a 8 year break. the idea of using an ip address was because i couldnt think of any other way to allow only one user to vote and people cant register to vote because it is just a simple voting system without user accounts. the main thing is everything is now working accept the ip matching issue. i still dont really know where to start or what code to use. maybe i have been looking at it too much Quote Link to comment Share on other sites More sharing options...
ruler Posted August 17, 2015 Author Share Posted August 17, 2015 omg that code worked, i can't believe it ty ty ty im not sure of any other way to allow only 1 vote per person apart from using the IP method, if you know of another way that would be great. i know you can do it through cookies but it only takes someone to delete the cookies or use another browser or computer to get around it Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.