supermerc Posted April 15, 2007 Share Posted April 15, 2007 Hey, I have a rating system, and its supposed to let people vote only once but right now I can vote 50 times in a row if I want, and I dont know why its letting me vote multiple times, here is my code <?php include'config.php'; $tableName="ratings"; $one="1"; $rating_posted=$_GET['vote'];//pased variable by the the stars value $id=(INT)$_GET['member_id']; $sql = "SELECT total_votes, total_value, used_ips FROM $tableName WHERE which_id = $id"; if ($result = mysql_query($sql)) { if (mysql_num_rows($result)) { $numbers = mysql_fetch_assoc($result); $checkIP = unserialize($numbers['used_ips']); $count = $numbers['total_votes'];//how many votes total $current_rating = $numbers['total_value'];//total number of rating added together and stored $sum = $rating_posted+$current_rating;// add together the current vote value and the total vote value $tense = ($count==1) ? "vote" : "votes";//plural form votes/vote } else { echo "No results found"; } } else { echo "Query failed<br />$sql<br />". mysql_error(); } $voted=@mysql_fetch_assoc(@mysql_query("SELECT title FROM $tableName WHERE used_ips LIKE '%".$_SERVER['REMOTE_ADDR']."%' AND id='$id' ")); //Pattern match ip:suggested by Bramus! http://www.bram.us/ - this variable searches through the previous ip address that have voted and returns true or false if($voted){ echo "<div class=\"rating\">". "<ul class=\"star-rating\">". "<li class=\"current-rating\" style=\"width:". @number_format($current_rating/$count,2)*30 ."px;\">Current rating.</li>". "<li class=\"one-star\">1</li>". "<li class=\"two-stars\" >2</li>". "<li class=\"three-stars\">3</li>". "<li class=\"four-stars\">4</li>". "<li class=\"five-stars\">5</li>". "</ul>". "<p>Rating: <strong>".@number_format($current_rating/$count,2)."</strong> {".$count." ".$tense." cast} <br />You have previously voted.</p></div>";//show the current value of the vote with the current numbers }else{ if(isset($_GET['vote'])){ if($sum==0){ $added=0;//checking to see if the first vote has been tallied }else{ $added=$count+1;//increment the current number of votes } if(is_array($checkIP)){ array_push($checkIP,$_SERVER['REMOTE_ADDR']);//if it is an array i.e. already has entries the push in another value }else{ $checkIP=array($_SERVER['REMOTE_ADDR']);//for the first entry } $insert=serialize($checkIP); $query = mysql_query("select * from ratings where which_id=$id"); $num = mysql_num_rows($query); if ($num != 1) { mysql_query("INSERT INTO ratings(total_votes, total_value, used_ips, which_id) VALUES ('".$one."','".$rating_posted."','".$insert."', '{$id}')"); } else { mysql_query("UPDATE $tableName SET total_votes='".$added."', total_value='".$sum."', used_ips='".$insert."' WHERE which_id='{$id}'"); } echo "<div class=\"rating\"><p>Rating: <strong>".@number_format($sum/$added,2)."</strong> {".$added." ".$tense." cast} <span>Thank you for your vote!</span></p></div>";//show the updated value of the vote }else{ ?> <link href="star_rating.css" rel="stylesheet" type="text/css" /> <div class="rating"> <p>How clear was this tutorial?</p> <ul class="star-rating"> <li class="current-rating" style="width:<?php echo @number_format($current_rating/$count,2)*30 ?>px;">Current rating</li> <li><a href="<?php echo $_SERVER['PHP_SELF'] . "?" .$_GET['section'] . "member_id=" . (INT)$_GET['member_id'] . "&vote=1";?>" title="Rate this 1 star out of 5" class="one-star">1</a></li> <li><a href="<?php echo $_SERVER['PHP_SELF'] . "?" .$_GET['section'] . "member_id=" . (INT)$_GET['member_id'] . "&vote=2";?>" title="Rate this 2 stars out of 5" class="two-stars" >2</a></li> <li><a href="<?php echo $_SERVER['PHP_SELF'] . "?" .$_GET['section'] . "member_id=" . (INT)$_GET['member_id'] . "&vote=3";?>" title="Rate this 3 stars out of 5" class="three-stars" >3</a></li> <li><a href="<?php echo $_SERVER['PHP_SELF'] . "?" .$_GET['section'] . "member_id=" . (INT)$_GET['member_id'] . "&vote=4";?>" title="Rate this 4 stars out of 5" class="four-stars" >4</a></li> <li><a href="<?php echo $_SERVER['PHP_SELF'] . "?" .$_GET['section'] . "member_id=" . (INT)$_GET['member_id'] . "&vote=5";?>" title="Rate this 5 stars out of 5" class="five-stars" >5</a></li> </ul> <?php echo "<p>Rating: <strong>".@number_format($sum/$count,2)."</strong> {".$count." ".$tense." cast}</p></div>";//show the current updated value of the vote } // end isset get vote } //end voted true, false ?> Thanks a lot for the help Quote Link to comment Share on other sites More sharing options...
supermerc Posted April 16, 2007 Author Share Posted April 16, 2007 bump Quote Link to comment Share on other sites More sharing options...
rcorlew Posted April 16, 2007 Share Posted April 16, 2007 You are not checking the used_ips in your table before you do an insert. You should do a query to check if the ip has been used and then something like this <?php $ip = $_SERVER['REMOTE_ADDR']; $query = mysql_query("SELECT * FROM table WHERE used_ips = '$ip'"); $num_rows = mysql_num_rows($query); if($num_rows == 0) { //run insert query here } if($num_rows > 0) { echo "You have already voted"; } ?> Quote Link to comment Share on other sites More sharing options...
supermerc Posted April 16, 2007 Author Share Posted April 16, 2007 But theres more than 1 ip in used_ips and also its serialized Quote Link to comment Share on other sites More sharing options...
supermerc Posted April 16, 2007 Author Share Posted April 16, 2007 Bump Quote Link to comment Share on other sites More sharing options...
per1os Posted April 16, 2007 Share Posted April 16, 2007 You mean you cannot serialize the ip to check it against the db? =) IE <?php $ip = serialize($_SERVER['REMOTE_ADDR']); $query = mysql_query("SELECT * FROM table WHERE used_ips = '$ip'"); $num_rows = mysql_num_rows($query); if($num_rows == 0) { //run insert query here } if($num_rows > 0) { echo "You have already voted"; } ?> I have no clue if it would work or not, I would think it would. Quote Link to comment Share on other sites More sharing options...
supermerc Posted April 16, 2007 Author Share Posted April 16, 2007 no, it serializes fine in the database, its just that When it checks it it doesnt stop people from voting multiple times Quote Link to comment Share on other sites More sharing options...
per1os Posted April 16, 2007 Share Posted April 16, 2007 Alright man maybe I did not explain my self clear enough. $voted=@mysql_fetch_assoc(@mysql_query("SELECT title FROM $tableName WHERE used_ips LIKE '%".$_SERVER['REMOTE_ADDR']."%' AND id='$id' ")); //Pattern match ip:suggested by Bramus! http://www.bram.us/ - this variable searches through the previous ip address that have voted and returns true or false Change that to:: $voted=@mysql_fetch_assoc(@mysql_query("SELECT title FROM $tableName WHERE used_ips LIKE '%".serialize($_SERVER['REMOTE_ADDR'])."%' AND id='$id' ")); //Pattern match ip:suggested by Bramus! http://www.bram.us/ - this variable searches through the previous ip address that have voted and returns true or false The reason I am serializing it in that "like" statement is that it can check against the serialized IP inside the database, which according to you is perfectly fine being serialized inside the DB. But in order to check a serialized string inside of a DB without take it out an un-serializing it, you need to serialize the string you want to test it against. Understand? Quote Link to comment Share on other sites More sharing options...
supermerc Posted April 16, 2007 Author Share Posted April 16, 2007 well i changed it then i tested it but i could still vote multiple times Quote Link to comment Share on other sites More sharing options...
supermerc Posted April 16, 2007 Author Share Posted April 16, 2007 Sorry for double post, but I changed what frost had posted arround a bit and it works now, theres just one problem now, when someone has already voted the css style sheet that is attached dont show, so instead of being stars it says this * Current rating. * 1 * 2 * 3 * 4 * 5 Rating: 5.00 {1 vote cast} You have previously voted. Quote Link to comment Share on other sites More sharing options...
Dragen Posted April 16, 2007 Share Posted April 16, 2007 put the line <link href="star_rating.css" rel="stylesheet" type="text/css" /> above all the php code. Quote Link to comment Share on other sites More sharing options...
supermerc Posted April 16, 2007 Author Share Posted April 16, 2007 thanks a lot Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.