Jump to content

[SOLVED] Problem with IP checking

supermerc

By supermerc
in PHP Coding Help

 Share

Recommended Posts

supermerc Regular Member

supermerc

Posted
Posted

Hey, I have a rating system, and its supposed to let people vote only once but right now I can vote 50 times in a row if I want, and I dont know why its letting me vote multiple times, here is my code

 

<?php
include'config.php';
$tableName="ratings";
$one="1";
$rating_posted=$_GET['vote'];//pased variable by the the stars value
$id=(INT)$_GET['member_id'];
$sql = "SELECT total_votes, total_value, used_ips FROM $tableName WHERE which_id = $id";
if ($result = mysql_query($sql)) {
  if (mysql_num_rows($result)) {
    $numbers = mysql_fetch_assoc($result);
    $checkIP = unserialize($numbers['used_ips']);
    $count = $numbers['total_votes'];//how many votes total
    $current_rating = $numbers['total_value'];//total number of rating added together and stored
    $sum = $rating_posted+$current_rating;// add together the current vote value and the total vote value
    $tense = ($count==1) ? "vote" : "votes";//plural form votes/vote
  } else {
    echo "No results found";
  }
} else {
  echo "Query failed<br />$sql<br />". mysql_error();
}
$voted=@mysql_fetch_assoc(@mysql_query("SELECT title FROM $tableName WHERE used_ips LIKE '%".$_SERVER['REMOTE_ADDR']."%' AND id='$id' ")); //Pattern match ip:suggested by Bramus! http://www.bram.us/ - this variable searches through the previous ip address that have voted and returns true or false

if($voted){
echo "<div class=\"rating\">".
"<ul class=\"star-rating\">".
"<li class=\"current-rating\" style=\"width:". @number_format($current_rating/$count,2)*30 ."px;\">Current rating.</li>".
     "<li class=\"one-star\">1</li>".
     "<li class=\"two-stars\" >2</li>".
     "<li class=\"three-stars\">3</li>".
     "<li class=\"four-stars\">4</li>".
     "<li class=\"five-stars\">5</li>".
"</ul>".
"<p>Rating: <strong>".@number_format($current_rating/$count,2)."</strong> {".$count." ".$tense." cast} <br />You have previously voted.</p></div>";//show the current value of the vote with the current numbers
}else{

if(isset($_GET['vote'])){

if($sum==0){
$added=0;//checking to see if the first vote has been tallied
}else{
$added=$count+1;//increment the current number of votes
}

if(is_array($checkIP)){
array_push($checkIP,$_SERVER['REMOTE_ADDR']);//if it is an array i.e. already has entries the push in another value
}else{
$checkIP=array($_SERVER['REMOTE_ADDR']);//for the first entry
}

$insert=serialize($checkIP);
$query = mysql_query("select * from ratings where which_id=$id");
$num = mysql_num_rows($query);
if ($num != 1)
{
mysql_query("INSERT INTO ratings(total_votes, total_value, used_ips, which_id) VALUES ('".$one."','".$rating_posted."','".$insert."', '{$id}')");

}
else
{
mysql_query("UPDATE $tableName SET total_votes='".$added."', total_value='".$sum."', used_ips='".$insert."' WHERE which_id='{$id}'");
}

echo 	"<div class=\"rating\"><p>Rating: <strong>".@number_format($sum/$added,2)."</strong> {".$added." ".$tense." cast} <span>Thank you for your vote!</span></p></div>";//show the updated value of the vote
}else{
?>
<link href="star_rating.css" rel="stylesheet" type="text/css" />


<div class="rating">
<p>How clear was this tutorial?</p>
<ul class="star-rating">
<li class="current-rating" style="width:<?php echo @number_format($current_rating/$count,2)*30 ?>px;">Current rating</li>
     <li><a href="<?php echo $_SERVER['PHP_SELF'] . "?" .$_GET['section'] . "member_id=" . (INT)$_GET['member_id'] . "&vote=1";?>" title="Rate this 1 star out of 5" class="one-star">1</a></li>
     <li><a href="<?php echo $_SERVER['PHP_SELF'] . "?" .$_GET['section'] . "member_id=" . (INT)$_GET['member_id'] . "&vote=2";?>" title="Rate this 2 stars out of 5" class="two-stars" >2</a></li>
     <li><a href="<?php echo $_SERVER['PHP_SELF'] . "?" .$_GET['section'] . "member_id=" . (INT)$_GET['member_id'] . "&vote=3";?>" title="Rate this 3 stars out of 5" class="three-stars" >3</a></li>
     <li><a href="<?php echo $_SERVER['PHP_SELF'] . "?" .$_GET['section'] . "member_id=" . (INT)$_GET['member_id'] . "&vote=4";?>" title="Rate this 4 stars out of 5" class="four-stars" >4</a></li>
     <li><a href="<?php echo $_SERVER['PHP_SELF'] . "?" .$_GET['section'] . "member_id=" . (INT)$_GET['member_id'] . "&vote=5";?>" title="Rate this 5 stars out of 5" class="five-stars" >5</a></li>
</ul>
<?php
echo	"<p>Rating: <strong>".@number_format($sum/$count,2)."</strong> {".$count." ".$tense." cast}</p></div>";//show the current updated value of the vote
}	// end isset get vote	
}	//end voted true, false
?>

 

Thanks a lot for the help

Link to comment
Share on other sites
rcorlew Member

rcorlew

Posted
Posted

You are not checking the used_ips in your table before you do an insert. You should do a query to check if the ip has been used and then something like this

 

<?php
$ip = $_SERVER['REMOTE_ADDR'];
$query = mysql_query("SELECT * FROM table WHERE used_ips = '$ip'"); 

$num_rows = mysql_num_rows($query);

if($num_rows == 0) {
//run insert query here
}

if($num_rows > 0) {
echo "You have already voted";
}
?>

Link to comment
Share on other sites
per1os Member

per1os

Posted
Posted

You mean you cannot serialize the ip to check it against the db? =) IE

 

<?php
$ip = serialize($_SERVER['REMOTE_ADDR']);
$query = mysql_query("SELECT * FROM table WHERE used_ips = '$ip'"); 

$num_rows = mysql_num_rows($query);

if($num_rows == 0) {
//run insert query here
}

if($num_rows > 0) {
echo "You have already voted";
}
?>

 

I have no clue if it would work or not, I would think it would.

Link to comment
Share on other sites
per1os Member

per1os

Posted
Posted

Alright man maybe I did not explain my self clear enough.

 

$voted=@mysql_fetch_assoc(@mysql_query("SELECT title FROM $tableName WHERE used_ips LIKE '%".$_SERVER['REMOTE_ADDR']."%' AND id='$id' ")); //Pattern match ip:suggested by Bramus! http://www.bram.us/ - this variable searches through the previous ip address that have voted and returns true or false

Change that to::

$voted=@mysql_fetch_assoc(@mysql_query("SELECT title FROM $tableName WHERE used_ips LIKE '%".serialize($_SERVER['REMOTE_ADDR'])."%' AND id='$id' ")); //Pattern match ip:suggested by Bramus! http://www.bram.us/ - this variable searches through the previous ip address that have voted and returns true or false

 

The reason I am serializing it in that "like" statement is that  it can check against the serialized IP inside the database, which according to you is perfectly fine being serialized inside the DB. But in order to check a serialized string inside of a DB without take it out an un-serializing it, you need to serialize the string you want to test it against. Understand?

Link to comment
Share on other sites
supermerc Regular Member

supermerc

Posted
  • Author
Posted

Sorry for double post, but I changed what frost had posted arround a bit and it works now, theres just one problem now, when someone has already voted the css style sheet that is attached dont show, so instead of being stars it says this

 

    * Current rating.

    * 1

    * 2

    * 3

    * 4

    * 5

 

Rating: 5.00 {1 vote cast}

You have previously voted.

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.