Thanks taewoo, I just noticed that the forums had deleted the javascript tags from the welcome_view.
It is fixed now. Tip  use & lt; script ...)
It appears someone (who shall remain nameless, but has a Bear avatar), was able to send 1000 votes to the rating system. :lol:
I really didn’t bother to improve the security from the original script. But now I would suggest adding a limit field to the table with which to compare the submitted vote.
Modified ratings table
Code: -- Table structure for table `ratings`
CREATE TABLE `ratings` (
`id` varchar(11) NOT NULL,
`total_votes` int(11) NOT NULL default '0',
`total_value` int(11) NOT NULL default '0',
`vote_limit` int(11) NOT NULL default '0', //added vote limit
`used_ips` longtext,
Modify application/controllers/ratings_rpc.php
Code: //get the current values!
if ($numbers = $this->ratings_model->findBy_id($id_sent))
// kill the script if vote limit is exceeded.
if ($vote_sent > $numbers['vote_limit']) die("Sorry, your vote appears to be invalid.");
$checkIP = unserialize($numbers['used_ips']);
$count = $numbers['total_votes']; //how many votes total
$current_rating = $numbers['total_value']; //total number of rating
$sum = $vote_sent + $current_rating; // add together the current vote value and the total vote value
$tense = ($count == 1) ? "vote" : "votes"; //plural form votes/vote
//get the new values!
if ($numbers = $this->ratings_model->findBy_id($id_sent))
$checkIP = unserialize($numbers['used_ips']);
$count = $numbers['total_votes']; //how many votes total
$current_rating = $numbers['total_value']; //total number of rating
$tense = ($count == 1) ? "vote" : "votes"; //plural form votes/vote
$units = $numbers['vote_limit']; //get the vote limit
Modify application/models/ratings_model.php
Code: // get votes, values, ips for the current rating bar
if (!$numbers = $this->findBy_id($id))
// insert the id in the DB if it doesn't exist already
$data = array(
'id' => $id,
'total_votes' => $count,
'total_value' => $current_rating,
'vote_limit' => $units, //set the vote limit
'used_ips' => '',
function findBy_id($id)
$this->db->select('total_votes, total_value, vote_limit, used_ips');
$query = $this->db->getwhere('ratings', "id = '{$id}'");
return $query->row_array();
[eluser]CI Lee[/eluser]
Darn them! Darn them all!
Hey that voting system prior to the bug fix worked much like the voting system of a Country in North America that happens to be in between Canada and Mexico yet shall remain nameless....
Hey wiredesignz...
I've done it EXACTLY the way you described (including the bug fix). All the icons show up and everything seems dandy.. except when I click on one of the stars, I just get that "working.gif" (the icon that shows up when ajax is working) and nothing happens.
I checked the DB. When the page loads, all the IDS appear as rows with total_votes = 0 and total_value = 0. WHen I click on the stars, "working.gif" shows up but nothing happens to database.
What am I doing wrong or what am i missing?
@taewoo: Try calling the script like
Code: rpc.php?j=2&q=id21&t=xxx.xxx.xxx.xxx&c=10&r=1
from the address bar, see what output you get. (where xxx.xxx.xxx.xxx = your IP Address)
Note: any errors in the rating_rpc controller will kill it silently when you use Ajax.
Hmm.. i am getting a 404 when I call
Code: http://localhost/index.php/welcome/rpc.php?j=2&q=id21&t=
But I do have
Code: $route['rpc.php'] = 'ratings_rpc/index';
Wrong path taewoo, remove the welcome segment.
Code: http://localhost/index.php/rpc.php?...
Oh oops.
I tested that... it just seems to do a HEADER redirect back to
Code: http://localhost/index.php/welcome/
And were the ratings updated after the redirect?
Try this updated, updated version of ratings_rpc:
Code: <?php if (!defined('BASEPATH')) exit('No direct script access allowed');
class Ratings_rpc extends Controller
function Ratings_rpc()
$this->output->set_header("Cache-Control: no-cache");
$this->output->set_header("Pragma: nocache");
function index()
//get the values
$vote_sent = preg_replace("/[^0-9]/", "", $this->input->get('j'));
$id_sent = preg_replace("/[^0-9a-zA-Z]/", "", $this->input->get('q'));
$ip_num = preg_replace("/(^0-9\.)/", "", $this->input->get('t'));
$units = preg_replace("/(^0-9)/", "", $this->input->get('c'));
$ip = $this->input->ip_address();
//added to detect if javascript is disabled `r=1`
$nojs = (bool)preg_replace("/(^0-9)/", "", $this->input->get('r'));
//default values
$checkIP = NULL;
$count = 0;
$current_rating = 0;
$sum = 0;
$tense = "votes"; // 0 votes
//get the current values!
if ($numbers = $this->ratings_model->findBy_id($id_sent))
// kill the script if vote limit is exceeded.
if ($vote_sent > $numbers['vote_limit']) die("Sorry, vote appears to be invalid.");
$checkIP = unserialize($numbers['used_ips']);
$count = $numbers['total_votes']; //how many votes total
$current_rating = $numbers['total_value']; //total number of rating
$sum = $vote_sent + $current_rating; // add together the current vote value and the total vote value
$tense = ($count == 1) ? "vote" : "votes"; //plural form votes/vote
// checking to see if the first vote has been tallied or increment the current number of votes
($sum == 0 ? $added = 0 : $added = $count + 1);
// if it is an array i.e. already has entries the push in another value
(is_array($checkIP) ? array_push($checkIP, $ip_num) : $checkIP = array($ip_num));
//if the user hasn't yet voted, then vote normally...
if ($this->ratings_model->countBy_ip($ip, $id_sent) == 0)
//make sure vote is valid and IP matches - no monkey business!
if ($vote_sent > 0 && $ip == $ip_num)
$this->ratings_model->updateBy_id($id_sent, array(
'total_votes' => $added,
'total_value' => $sum,
'used_ips' => serialize($checkIP),
//get the new values!
if ($numbers = $this->ratings_model->findBy_id($id_sent))
$checkIP = unserialize($numbers['used_ips']);
$count = $numbers['total_votes']; //how many votes total
$current_rating = $numbers['total_value']; //total number of rating
$tense = ($count == 1) ? "vote" : "votes"; //plural form votes/vote
$units = $numbers['vote_limit']; //get the vote limit
if($nojs) //javascript is disabled so redirect
//set nojspage in config/ratings.php
$data = array(
'id_sent' => $id_sent,
'current_rating' => $current_rating,
'count' => $count,
'sum' => $sum,
'added' => $added,
'units' => $units,
'tense' => $tense,
'rating_unitwidth' => $this->config->item('rating_unitwidth'),
$this->load->view('newback_view', $data);
Also try that link again manually but remove `&r=1` so it responds with the view partial instead of redirecting to welcome.
The only other thing I can think of is that I have used .htaccess mod-rewrite and removed index.php from my config, using index.php will affect the relationship of your assets location (css, js) to the page location and will need adjusting accordingly.