[eluser]wiredesignz[/eluser]
Thanks taewoo, I just noticed that the forums had deleted the javascript tags from the welcome_view.
It is fixed now. Tip use & lt; script ...)
[eluser]wiredesignz[/eluser]
It appears someone (who shall remain nameless, but has a Bear avatar), was able to send 1000 votes to the rating system. :lol:
I really didn’t bother to improve the security from the original script. But now I would suggest adding a limit field to the table with which to compare the submitted vote.
Modified ratings table
Code: -- Table structure for table `ratings`
CREATE TABLE `ratings` (
`id` varchar(11) NOT NULL,
`total_votes` int(11) NOT NULL default '0',
`total_value` int(11) NOT NULL default '0',
`vote_limit` int(11) NOT NULL default '0', //added vote limit
`used_ips` longtext,
PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8;
Modify application/controllers/ratings_rpc.php
Code: //get the current values!
if ($numbers = $this->ratings_model->findBy_id($id_sent))
{
// kill the script if vote limit is exceeded.
if ($vote_sent > $numbers['vote_limit']) die("Sorry, your vote appears to be invalid.");
$checkIP = unserialize($numbers['used_ips']);
$count = $numbers['total_votes']; //how many votes total
$current_rating = $numbers['total_value']; //total number of rating
$sum = $vote_sent + $current_rating; // add together the current vote value and the total vote value
$tense = ($count == 1) ? "vote" : "votes"; //plural form votes/vote
}
...
//get the new values!
if ($numbers = $this->ratings_model->findBy_id($id_sent))
{
$checkIP = unserialize($numbers['used_ips']);
$count = $numbers['total_votes']; //how many votes total
$current_rating = $numbers['total_value']; //total number of rating
$tense = ($count == 1) ? "vote" : "votes"; //plural form votes/vote
$units = $numbers['vote_limit']; //get the vote limit
}
Modify application/models/ratings_model.php
Code: // get votes, values, ips for the current rating bar
if (!$numbers = $this->findBy_id($id))
{
// insert the id in the DB if it doesn't exist already
$data = array(
'id' => $id,
'total_votes' => $count,
'total_value' => $current_rating,
'vote_limit' => $units, //set the vote limit
'used_ips' => '',
);
$this->insert($data);
}
...
function findBy_id($id)
{
$this->db->select('total_votes, total_value, vote_limit, used_ips');
$query = $this->db->getwhere('ratings', "id = '{$id}'");
return $query->row_array();
}
[eluser]CI Lee[/eluser]
Darn them! Darn them all!
Hey that voting system prior to the bug fix worked much like the voting system of a Country in North America that happens to be in between Canada and Mexico yet shall remain nameless....
[eluser]taewoo[/eluser]
Hey wiredesignz...
I've done it EXACTLY the way you described (including the bug fix). All the icons show up and everything seems dandy.. except when I click on one of the stars, I just get that "working.gif" (the icon that shows up when ajax is working) and nothing happens.
I checked the DB. When the page loads, all the IDS appear as rows with total_votes = 0 and total_value = 0. WHen I click on the stars, "working.gif" shows up but nothing happens to database.
What am I doing wrong or what am i missing?
[eluser]wiredesignz[/eluser]
@taewoo: Try calling the script like
Code: rpc.php?j=2&q=id21&t=xxx.xxx.xxx.xxx&c=10&r=1
from the address bar, see what output you get. (where xxx.xxx.xxx.xxx = your IP Address)
Note: any errors in the rating_rpc controller will kill it silently when you use Ajax.
[eluser]taewoo[/eluser]
Hmm.. i am getting a 404 when I call
Code: http://localhost/index.php/welcome/rpc.php?j=2&q=id21&t=127.0.0.1&c=10&r=1
But I do have
Code: $route['rpc.php'] = 'ratings_rpc/index';
...?
[eluser]wiredesignz[/eluser]
Wrong path taewoo, remove the welcome segment.
Code: http://localhost/index.php/rpc.php?...
[eluser]taewoo[/eluser]
Oh oops.
I tested that... it just seems to do a HEADER redirect back to
Code: http://localhost/index.php/welcome/
[eluser]wiredesignz[/eluser]
And were the ratings updated after the redirect?
Try this updated, updated version of ratings_rpc:
Code: <?php if (!defined('BASEPATH')) exit('No direct script access allowed');
class Ratings_rpc extends Controller
{
function Ratings_rpc()
{
parent::Controller();
$this->load->model('ratings_model');
$this->output->set_header("Cache-Control: no-cache");
$this->output->set_header("Pragma: nocache");
}
function index()
{
//get the values
$vote_sent = preg_replace("/[^0-9]/", "", $this->input->get('j'));
$id_sent = preg_replace("/[^0-9a-zA-Z]/", "", $this->input->get('q'));
$ip_num = preg_replace("/(^0-9\.)/", "", $this->input->get('t'));
$units = preg_replace("/(^0-9)/", "", $this->input->get('c'));
$ip = $this->input->ip_address();
//added to detect if javascript is disabled `r=1`
$nojs = (bool)preg_replace("/(^0-9)/", "", $this->input->get('r'));
//default values
$checkIP = NULL;
$count = 0;
$current_rating = 0;
$sum = 0;
$tense = "votes"; // 0 votes
//get the current values!
if ($numbers = $this->ratings_model->findBy_id($id_sent))
{
// kill the script if vote limit is exceeded.
if ($vote_sent > $numbers['vote_limit']) die("Sorry, vote appears to be invalid.");
$checkIP = unserialize($numbers['used_ips']);
$count = $numbers['total_votes']; //how many votes total
$current_rating = $numbers['total_value']; //total number of rating
$sum = $vote_sent + $current_rating; // add together the current vote value and the total vote value
$tense = ($count == 1) ? "vote" : "votes"; //plural form votes/vote
}
// checking to see if the first vote has been tallied or increment the current number of votes
($sum == 0 ? $added = 0 : $added = $count + 1);
// if it is an array i.e. already has entries the push in another value
(is_array($checkIP) ? array_push($checkIP, $ip_num) : $checkIP = array($ip_num));
//if the user hasn't yet voted, then vote normally...
if ($this->ratings_model->countBy_ip($ip, $id_sent) == 0)
{
//make sure vote is valid and IP matches - no monkey business!
if ($vote_sent > 0 && $ip == $ip_num)
{
$this->ratings_model->updateBy_id($id_sent, array(
'total_votes' => $added,
'total_value' => $sum,
'used_ips' => serialize($checkIP),
));
}
}
//get the new values!
if ($numbers = $this->ratings_model->findBy_id($id_sent))
{
$checkIP = unserialize($numbers['used_ips']);
$count = $numbers['total_votes']; //how many votes total
$current_rating = $numbers['total_value']; //total number of rating
$tense = ($count == 1) ? "vote" : "votes"; //plural form votes/vote
$units = $numbers['vote_limit']; //get the vote limit
}
if($nojs) //javascript is disabled so redirect
{
//set nojspage in config/ratings.php
redirect($this->config->item('nojspage'));
}
$data = array(
'id_sent' => $id_sent,
'current_rating' => $current_rating,
'count' => $count,
'sum' => $sum,
'added' => $added,
'units' => $units,
'tense' => $tense,
'rating_unitwidth' => $this->config->item('rating_unitwidth'),
);
$this->load->view('newback_view', $data);
}
}
[eluser]wiredesignz[/eluser]
Also try that link again manually but remove `&r=1` so it responds with the view partial instead of redirecting to welcome.
The only other thing I can think of is that I have used .htaccess mod-rewrite and removed index.php from my config, using index.php will affect the relationship of your assets location (css, js) to the page location and will need adjusting accordingly.
|