Jump to content

query problem


ruler
Go to solution Solved by Ch0cu3r,

Recommended Posts

hi this is my first post here and really hoping to get some help with this. just left another php forum because i found them to be unfriendly and unhelpful.

below i have a small script which is part of a photo voting system. when a person votes on a photo it is supposed to check their IP and then check the db to see if their IP is already listed and if it is listed then they can not vote again, only one vote per person. i really do not know how to get this thing working and i have tried everything i can, even google led me on a wild goose chase. in the script i have marked where the problem is and really hope someone can help thanks

<?php
include("config.php");
if(isset($_POST['id']) and !empty($_POST['id'])){
	$id= intval($_POST['id']);
	$contest= htmlspecialchars($_POST['contest']);
	$ip = $_POST['fingerprint'];
  $ret = mysqli_query($bd, "select * from contests where contest = '$contest'");
  if ($ret !== null){
    $contest_settings = mysqli_fetch_object($ret);
    if ($contest_settings->voting_type == "contest"){
      $ip_sql=mysqli_query($bd, "select ip_add from image_IP where contest = '$contest'");
    }else{
      $ip_sql=mysqli_query($bd, "select ip_add from image_IP where img_id_fk=$id and ip_add='$ip'");
    }
// next 2 lines need changing to search the db in collumn ip_add and compare if the connecting users ip is listed and if not then allow the vote. if the ip is found then deny the vote.


		$query = mysqli_query($bd,"SELECT ip_add FROM image_ip WHERE ip_add=$ip");
// the line above is my problem and the line below

		if($ip !== $query){


  		$sql = "UPDATE `images` SET love = love +1 WHERE img_id = ".$id;
  		mysqli_query($bd, $sql);
  		$sql_in = "insert into image_IP (ip_add,img_id_fk,contest) values ('$ip',$id,'$contest')";
  		mysqli_query($bd, $sql_in);
  		$result=mysqli_query($bd, "select love from images where img_id=$id");		
  		$row=mysqli_fetch_array($result);
  		$love=$row['love'];
  		?>
		  <span title="<?php echo _('I vote for this.'); ?>"><span class="fa fa-heart"></span> <?php echo $love; ?> </span>
  		<?php
  	}else{
  		echo _('You have already voted !');
  	}
  }
}

if (isset($_POST['action'])){
	if ($_POST['action'] == 'login'){
		$pwd = $_POST['pwd'];
		if ($pwd == PASSWD){
			$ok = setcookie(COOKIE_NAME, sha1(PASSWD.HASH), 0, '/', '', FALSE, TRUE);
			if (!$ok){
        echo '<div class="alert error">cookie failed !</div>';
      }
		}else{
			echo '<div class="alert error"><a class="alert-close" href="#" title="'._('Close').'">×</a>'._('Wrong password !').'</div>';
		}
	}
}
?>

in the database the column ip_add is varchar(40)

Link to comment
Share on other sites

  • Solution
$query = mysqli_query($bd,"SELECT ip_add FROM image_ip WHERE ip_add=$ip");
// the line above is my problem and the line below

$ip in the query needs to be wrapped in quotes  WHERE ip_add='$ip'

		if($ip !== $query){

You dont want to be comparing the ip address again as you have done that in your query. Also mysqli_query does not return the ip address from the query only the result set. What you want to be doing is checking to see if the query returned a row (a row will be returned if the ip address matches), which you will use mysqli_num_rows

if(mysqli_num_rows($query) !== 0)
{
    // query did match ip address
}
else
{
   // query did not match ip address
}

Also note ip addresses are rarely persistent. Most ISP's isssue dynamic ip addresses where by the ip address can change at anytime, every hour, day, week, fortnightly, month etc. IP addresses can easily be spoofed too. So you cannot really trust the user ip address.

Link to comment
Share on other sites

ive been at this for weeks before i finally asked for help. i tried everything and run out of answers. it seems im very out of touch with php programming after a 8 year break. the idea of using an ip address was because i couldnt think of any other way to allow only one user to vote and people cant register to vote because it is just a simple voting system without user accounts. the main thing is everything is now working accept the ip matching issue. i still dont really know where to start or what code to use. maybe i have been looking at it too much

Link to comment
Share on other sites

omg that code worked, i can't believe it :happy-04: ty ty ty 

im not sure of any other way to allow only 1 vote per person apart from using the IP method, if you know of another way that would be great. i know you can do it through cookies but it only takes someone to delete the cookies or use another browser or computer to get around it

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.