Welcome Guest, Not a member yet? Register   Sign In
Ajax star rating bar
#11

[eluser]wiredesignz[/eluser]
Thanks taewoo, I just noticed that the forums had deleted the javascript tags from the welcome_view.

It is fixed now. TipSaduse & lt; script ...)
#12

[eluser]wiredesignz[/eluser]
It appears someone (who shall remain nameless, but has a Bear avatar), was able to send 1000 votes to the rating system. :lol:

I really didn’t bother to improve the security from the original script. But now I would suggest adding a limit field to the table with which to compare the submitted vote.

Modified ratings table
Code:
-- Table structure for table `ratings`

CREATE TABLE `ratings` (
  `id` varchar(11) NOT NULL,
  `total_votes` int(11) NOT NULL default '0',
  `total_value` int(11) NOT NULL default '0',
  `vote_limit`  int(11) NOT NULL default '0',    //added vote limit
  `used_ips` longtext,
  PRIMARY KEY  (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8;


Modify application/controllers/ratings_rpc.php
Code:
//get the current values!
if ($numbers = $this->ratings_model->findBy_id($id_sent))
{
    // kill the script if vote limit is exceeded.
    if ($vote_sent > $numbers['vote_limit']) die("Sorry, your vote appears to be invalid.");
    
    $checkIP = unserialize($numbers['used_ips']);
    $count = $numbers['total_votes']; //how many votes total
    $current_rating = $numbers['total_value']; //total number of rating
    $sum = $vote_sent + $current_rating; // add together the current vote value and the total vote value
    $tense = ($count == 1) ? "vote" : "votes"; //plural form votes/vote
}

...

//get the new values!
if ($numbers = $this->ratings_model->findBy_id($id_sent))
{
    $checkIP = unserialize($numbers['used_ips']);
    $count = $numbers['total_votes']; //how many votes total
    $current_rating = $numbers['total_value']; //total number of rating
    $tense = ($count == 1) ? "vote" : "votes"; //plural form votes/vote
    $units = $numbers['vote_limit']; //get the vote limit
}


Modify application/models/ratings_model.php
Code:
// get votes, values, ips for the current rating bar
if (!$numbers = $this->findBy_id($id))
{
    // insert the id in the DB if it doesn't exist already
    $data = array(
        'id' => $id,
        'total_votes' => $count,
        'total_value' => $current_rating,
        'vote_limit'  => $units,        //set the vote limit
        'used_ips' => '',
    );
    $this->insert($data);
}

...

function findBy_id($id)
{
    $this->db->select('total_votes, total_value, vote_limit, used_ips');
    $query = $this->db->getwhere('ratings', "id = '{$id}'");
    return $query->row_array();
}
#13

[eluser]CI Lee[/eluser]
Darn them! Darn them all!

Hey that voting system prior to the bug fix worked much like the voting system of a Country in North America that happens to be in between Canada and Mexico yet shall remain nameless....
#14

[eluser]taewoo[/eluser]
Hey wiredesignz...

I've done it EXACTLY the way you described (including the bug fix). All the icons show up and everything seems dandy.. except when I click on one of the stars, I just get that "working.gif" (the icon that shows up when ajax is working) and nothing happens.

I checked the DB. When the page loads, all the IDS appear as rows with total_votes = 0 and total_value = 0. WHen I click on the stars, "working.gif" shows up but nothing happens to database.

What am I doing wrong or what am i missing?
#15

[eluser]wiredesignz[/eluser]
@taewoo: Try calling the script like
Code:
rpc.php?j=2&q=id21&t=xxx.xxx.xxx.xxx&c=10&r=1
from the address bar, see what output you get. (where xxx.xxx.xxx.xxx = your IP Address)

Note: any errors in the rating_rpc controller will kill it silently when you use Ajax.
#16

[eluser]taewoo[/eluser]
Hmm.. i am getting a 404 when I call

Code:
http://localhost/index.php/welcome/rpc.php?j=2&q=id21&t=127.0.0.1&c=10&r=1

But I do have
Code:
$route['rpc.php'] = 'ratings_rpc/index';


...?
#17

[eluser]wiredesignz[/eluser]
Wrong path taewoo, remove the welcome segment. Tongue

Code:
http://localhost/index.php/rpc.php?...
#18

[eluser]taewoo[/eluser]
Oh oops. Big Grin

I tested that... it just seems to do a HEADER redirect back to
Code:
http://localhost/index.php/welcome/
#19

[eluser]wiredesignz[/eluser]
And were the ratings updated after the redirect?

Try this updated, updated version of ratings_rpc:
Code:
<?php if (!defined('BASEPATH')) exit('No direct script access allowed');

class Ratings_rpc extends Controller
{
    function Ratings_rpc()
    {
        parent::Controller();
        $this->load->model('ratings_model');
        
        $this->output->set_header("Cache-Control: no-cache");
        $this->output->set_header("Pragma: nocache");
    }
    
    function index()
    {        
        //get the values
        $vote_sent = preg_replace("/[^0-9]/", "", $this->input->get('j'));
        $id_sent   = preg_replace("/[^0-9a-zA-Z]/", "", $this->input->get('q'));
        $ip_num    = preg_replace("/(^0-9\.)/", "", $this->input->get('t'));
        $units     = preg_replace("/(^0-9)/", "", $this->input->get('c'));
        $ip        = $this->input->ip_address();

        //added to detect if javascript is disabled `r=1`
        $nojs = (bool)preg_replace("/(^0-9)/", "", $this->input->get('r'));
        
        //default values
        $checkIP = NULL;
        $count = 0;
        $current_rating = 0;
        $sum = 0;
        $tense = "votes"; // 0 votes
        
        //get the current values!
        if ($numbers = $this->ratings_model->findBy_id($id_sent))
        {
            // kill the script if vote limit is exceeded.
            if ($vote_sent > $numbers['vote_limit']) die("Sorry, vote appears to be invalid.");
            
            $checkIP = unserialize($numbers['used_ips']);
            $count = $numbers['total_votes']; //how many votes total
            $current_rating = $numbers['total_value']; //total number of rating
            $sum = $vote_sent + $current_rating; // add together the current vote value and the total vote value
            $tense = ($count == 1) ? "vote" : "votes"; //plural form votes/vote
        }
        
        // checking to see if the first vote has been tallied or increment the current number of votes
        ($sum == 0 ? $added = 0 : $added = $count + 1);
        
        // if it is an array i.e. already has entries the push in another value
        (is_array($checkIP) ? array_push($checkIP, $ip_num) : $checkIP = array($ip_num));
        
        //if the user hasn't yet voted, then vote normally...
        if ($this->ratings_model->countBy_ip($ip, $id_sent) == 0)
        {            
            //make sure vote is valid and IP matches - no monkey business!
            if ($vote_sent > 0 && $ip == $ip_num)
            {
                $this->ratings_model->updateBy_id($id_sent, array(
                    'total_votes' => $added,
                    'total_value' => $sum,
                    'used_ips'    => serialize($checkIP),
                ));
            }
        }
        
        //get the new values!
        if ($numbers = $this->ratings_model->findBy_id($id_sent))
        {
            $checkIP = unserialize($numbers['used_ips']);
            $count = $numbers['total_votes']; //how many votes total
            $current_rating = $numbers['total_value']; //total number of rating
            $tense = ($count == 1) ? "vote" : "votes"; //plural form votes/vote
            $units = $numbers['vote_limit']; //get the vote limit
        }    
        
        if($nojs)  //javascript is disabled so redirect
        {
            //set nojspage in config/ratings.php
            redirect($this->config->item('nojspage'));
        }
        
        $data = array(
            'id_sent' => $id_sent,
            'current_rating' => $current_rating,
            'count' => $count,
            'sum'   => $sum,
            'added' => $added,
            'units' => $units,
            'tense' => $tense,
            'rating_unitwidth' => $this->config->item('rating_unitwidth'),
        );
        
        $this->load->view('newback_view', $data);
    }
}
#20

[eluser]wiredesignz[/eluser]
Also try that link again manually but remove `&r=1` so it responds with the view partial instead of redirecting to welcome.

The only other thing I can think of is that I have used .htaccess mod-rewrite and removed index.php from my config, using index.php will affect the relationship of your assets location (css, js) to the page location and will need adjusting accordingly.




Theme © iAndrew 2016 - Forum software by © MyBB