Vote System (Web)

Have you created a useful tool? or Do you want to get help building one? This is the right place!
Forum rules
READ NOW: L2j Forums Rules of Conduct
Kriogen
Posts: 65
Joined: Mon May 11, 2009 11:38 am

Re: Vote System (Web)

Post by Kriogen »

U could try to add ip restriction from mysql, not from php like:

Code: Select all

ALTER TABLE accounts ADD COLUMN points CHAR(15) NOT NULL default '0' AFTER lastIP;ALTER TABLE accounts ADD COLUMN lastvote VARCHAR(30) NULL DEFAULT NULL AFTER pointsALTER TABLE accounts ADD COLUMN points VARCHAR(30) NULL DEFAULT NULL AFTER lastvote; 
and add this in painel.php
$today=date("Y-m-d");
$ip=$_SERVER['REMOTE_ADDR'];

and now check for the ip and if today he has voted from that ip:

Code: Select all

$ipcheck = mysql_query("SELECT ip FROM accounts WHERE lastIP = '$ip' and lastvote = '$today'"); if ( mysql_num_rows( $ipcheck ) == '0' ) {$insert = "UPDATE accounts SET points=$points WHERE id = $id";$ip = "UPDATE accounts SET lastIP = '$ip' WHERE id = $id";$data = "UPDATE accounts SET lastvote = '$today' WHERE id = $id";mysql_query($insert);mysql_query($ip);mysql_query($data);} else {echo "error you have voted today";} 
Or something like this....i don't fully understand your script since it's in spanish...
PoRnosJH
Posts: 332
Joined: Wed Mar 17, 2010 10:33 am
Location: Greece
Contact:

Re: Vote System (Web)

Post by PoRnosJH »

how this system works ??
where i have to give access on the mysql user ?

how the character take his reward ??

only Portugal plays in your servers?
Image
User avatar
u3games
Posts: 1156
Joined: Sun Feb 27, 2011 7:00 pm
Location: España
Contact:

Re: Vote System (Web)

Post by u3games »

LaP1 wrote:Up :roll:
Updated in first post ^^
Image
User avatar
UnAfraid
L2j Veteran
L2j Veteran
Posts: 4199
Joined: Mon Jul 23, 2007 4:25 pm
Location: Bulgaria
Contact:

Re: Vote System (Web)

Post by UnAfraid »

This system is full of sql injection possibilities :(
I'd suggest you to use mysql_real_string_escape or something that uses prepared statements like PDO.
I am using PDO and adodb i like adodb because it works with all known database sources and its easy to use and safe against sql injections also noob friendly :P

Try to use english for variable naming and stuff like that.
Also i would not modify login server's tables but create my own.
Image
User avatar
u3games
Posts: 1156
Joined: Sun Feb 27, 2011 7:00 pm
Location: España
Contact:

Re: Vote System (Web)

Post by u3games »

UnAfraid wrote:This system is full of sql injection possibilities :(
I'd suggest you to use mysql_real_string_escape or something that uses prepared statements like PDO.
I am using PDO and adodb i like adodb because it works with all known database sources and its easy to use and safe against sql injections also noob friendly :P

Try to use english for variable naming and stuff like that.
Also i would not modify login server's tables but create my own.
The code is not mine, just update it to make it work.

In the future, it could develop and improve ;)
Image
Sdw
L2j Veteran
L2j Veteran
Posts: 855
Joined: Mon May 03, 2010 8:38 am
Location: France

Re: Vote System (Web)

Post by Sdw »

UnAfraid wrote:This system is full of sql injection possibilities :(
I'd suggest you to use mysql_real_string_escape or something that uses prepared statements like PDO.
I am using PDO and adodb i like adodb because it works with all known database sources and its easy to use and safe against sql injections also noob friendly :P

Try to use english for variable naming and stuff like that.
Also i would not modify login server's tables but create my own.
Just don't say anything, how are we going to access all server out there if they stop using code like that ? :D
xban1x
L2j Veteran
L2j Veteran
Posts: 1228
Joined: Thu Jan 17, 2013 9:46 am

Re: Vote System (Web)

Post by xban1x »

Just make at least a mysql replace into mysqli :P To use better libs.
User avatar
u3games
Posts: 1156
Joined: Sun Feb 27, 2011 7:00 pm
Location: España
Contact:

Re: Vote System (Web)

Post by u3games »

up links ^^
Image
User avatar
regenx
Posts: 319
Joined: Sat Jul 17, 2010 6:55 am

Re: Vote System (Web)

Post by regenx »

Just don't use any search fields on your websites and you're 90% safe ;)
No inputs > No injections.
Use .htaccess file.
Isolate your javascripts and your mysql constants from config.php
User avatar
u3games
Posts: 1156
Joined: Sun Feb 27, 2011 7:00 pm
Location: España
Contact:

Re: Vote System (Web)

Post by u3games »

regenx wrote:Just don't use any search fields on your websites and you're 90% safe ;)
No inputs > No injections.
Use .htaccess file.
Isolate your javascripts and your mysql constants from config.php
Ups, i up images ^^

Yes, is old code... it's not mine. In the future..

--> https://github.com/u3games/U3G_VoteSystem_Web
Image
Post Reply