You have a bug in the voting system...
Email me: leachy_ov_ashton@hotmail.com and will explain in full detail and provide a fix....

http://www.msgpluslive.net/scripts/browse/index.php?act=view&id=80 You may want to delete the last vote on this.

Just mailed you, thank you in advance .

You've got mail

Thank you. I saw it, will work on a solution tomorrow. Since people already started exploiting it and there is no real security risk I'll rather work on a good fix tomorrow than a quick fix now.

lol i seen a few then at top of highest votes with 362/5 lol

Is it the one where the cookie stops you from revoting so by deleting you can re-vote then i guess anyone could have figured it out. Ip log per vote per script isnt feasible plus even that is easy to get by

quote:

---

Originally posted by leachy08
lol i seen a few then at top of highest votes with 362/5 lol

---

nope its not. There's an exploit in the actual code of the voting. There is no check on the value that is being passed to the script. Therefore the user can send a vote of 1,000,000 instead of 5 if they wanted to.

ok, so all he has to do is fix the security flaw, then write a mini script to delete any vote thats not between 0 and 5

quote:

---

Originally posted by NiteMare
ok, so all he has to do is fix the security flaw, then write a mini script to delete any vote thats not between 0 and 5

---

Ahh so you will need to find each vote which is corrupt and clear it. I know id80 need clearing cuz thats mine i tested it on. To fix the flaw is easy though simple if statement...

code:

---

if ($_POST['vote'] < 0 || $_POST['vote'] > 5) {
     echo "Error with voting";
     die();
}

---

quote:

---

Originally posted by leachy08
you will need to find each vote which is corrupt and clear it. I know id80 need clearing

---

quote:

---

Originally posted by leachy08
if ($_POST['vote'] < 0 || $_POST['vote'] > 5)

---

I was going to add that but thought that it may have already been handled.

code:

---

is_int
if ($_POST['vote'] < 0 || $_POST['vote'] > 5 || !is_int($_POST['vote'])) {
     echo "Error with voting";
     die();
}

---

quote:

---

Originally posted by leachy08
!is_int($_POST['vote']

---

quote:

---

Originally posted by PHP Docs
Note:  To test if a variable is a number or a numeric string (such as form input, which is always a string), you must use is_numeric().

---

quote:

---

Originally posted by PHP Docs
Numeric strings consist of optional sign, any number of digits, optional decimal part and optional exponential part.

---

intval

This will work. Simply takes the interger value of the $_POST['vote'] and checks if it is the same as the normal value. If its not then there is a point.

if ($_POST['vote'] < 0 || $_POST['vote'] > 5 || intval($_POST['vote']) != $_POST['vote']) {
     echo "Error with voting";
     die();
}

Everything should be fixed now (it was already a few hours ago, but i tweaked it some more).

- Voting anything except 1,2,3,4 or 5 should not be possible
- Bug reported to PHP Arena ( http://www.phparena.net/forums/showthread.php?t=3912 )

And as a bonus...
- If somebody has voted, removes his cookie, and then votes again within a few hours, the vote will not be counted. I know it doesn't really stop people from making multiple votes, but it is at least something.
- Same counts for number of downloads... more than 1 downloads in a few hours from the same IP will be counted as only 1 download.

----

quote:

---

Originally posted by John Anderton
Is it the one where the cookie stops you from revoting so by deleting you can re-vote then i guess anyone could have figured it out. Ip log per vote per script isnt feasible plus even that is easy to get by

---

You should just store 1 vote as one record in mysql. This will slow things down but shouldnt be that bad. Then this would be near enough impossible to break.

Same with downloads. Therefore it would be harder to replicate and the same ip would not be able to vote again for the download. And as for the download count you could use SELECT DISTINCT statement and count the recordset.

quote:

---

Originally posted by leachy08
You should just store 1 vote as one record in mysql. This will slow things down but shouldnt be that bad.

---

quote:

---

Originally posted by leachy08
And as for the download count you could use SELECT DISTINCT statement and count the recordset.

---

I work at Co-Op bank and i run queries with just uner 1 million records at a time and are usually reuturned within in a few seconds on a normal windows nt box. Therefore on a server like this one this will not be a problem.

Or maybe just store the ip address and the id of the script for the vote it made. Therefore you could just be able to

code:

---

"SELECT COUNT FROM tbllog WHERE ip ='" & ip & "' AND id=" & id

---

quote:

---

Originally posted by leachy08
I work at Co-Op bank and i run queries with just under 1 million records at a time and are usually returned within in a few seconds on a normal windows nt box

---

just been thinking about what i said. Man i was tired complete nonesense. The recordset is nearly a million but i do not cycle through it and add values in a running total. That would totally screw the server load up silly me

quote:

---

Originally posted by leachy08
You should just store 1 vote as one record in mysql.

---