Shoutbox

quote:

---

Originally posted by leachy08
you will need to find each vote which is corrupt and clear it. I know id80 need clearing

---

I have just reset all votes on all IDs because they were all messed up (somebody was probably bored).

quote:

---

Originally posted by leachy08
if ($_POST['vote'] < 0 || $_POST['vote'] > 5)

---

I used that as fix before I saw your post, but found out you could still mess with floating values (like 3.5) that way which somehow messes it up too. It's now fixed so only 1,2,3,4 and 5 are allowed values.

I was going to add that but thought that it may have already been handled.

code:

---

is_int
if ($_POST['vote'] < 0 || $_POST['vote'] > 5 || !is_int($_POST['vote'])) {
     echo "Error with voting";
     die();
}

---

quote:

---

Originally posted by leachy08
!is_int($_POST['vote']

---

Thought about that too, but PHP documentation says:

quote:

---

Originally posted by PHP Docs
Note:  To test if a variable is a number or a numeric string (such as form input, which is always a string), you must use is_numeric().

---

and is_numeric() says:

quote:

---

Originally posted by PHP Docs
Numeric strings consist of optional sign, any number of digits, optional decimal part and optional exponential part.

---

...So I'm just hard checking for 1,2,3,4 or 5 now. There is probably a prettier solution, but this will do the job .



I reported it to PHP Arena too BTW: (security) flaw in version 3.5.3 voting code @ paFileDB Forums.

intval

This will work. Simply takes the interger value of the $_POST['vote'] and checks if it is the same as the normal value. If its not then there is a point.

if ($_POST['vote'] < 0 || $_POST['vote'] > 5 || intval($_POST['vote']) != $_POST['vote']) {
     echo "Error with voting";
     die();
}

Everything should be fixed now (it was already a few hours ago, but i tweaked it some more).

- Voting anything except 1,2,3,4 or 5 should not be possible
- Bug reported to PHP Arena ( http://www.phparena.net/forums/showthread.php?t=3912 )

And as a bonus...
- If somebody has voted, removes his cookie, and then votes again within a few hours, the vote will not be counted. I know it doesn't really stop people from making multiple votes, but it is at least something.
- Same counts for number of downloads... more than 1 downloads in a few hours from the same IP will be counted as only 1 download.

----

quote:

---

Originally posted by John Anderton
Is it the one where the cookie stops you from revoting so by deleting you can re-vote then i guess anyone could have figured it out. Ip log per vote per script isnt feasible plus even that is easy to get by

---

I agree it's easy to get by, but I still added this extra "security", it's at least something . Because I already saw somebody trying to get his script high in top ratings this way right after I reset votes .

You should just store 1 vote as one record in mysql. This will slow things down but shouldnt be that bad. Then this would be near enough impossible to break.

Same with downloads. Therefore it would be harder to replicate and the same ip would not be able to vote again for the download. And as for the download count you could use SELECT DISTINCT statement and count the recordset.

quote:

---

Originally posted by leachy08
You should just store 1 vote as one record in mysql. This will slow things down but shouldnt be that bad.

---

It will be that bad. Imagine, a few months down the line, several thousand votes have been cast. The query will take far longer to run than collecting all votes into a single record per script.

quote:

---

Originally posted by leachy08
And as for the download count you could use SELECT DISTINCT statement and count the recordset.

---

SELECT DISTINCT should only be used where necessary, as again it can slow queries down considerably. Again, with several thousand downloads, maybe even tens or hundreds of thousands, the size of the recordset makes SELECT DISTINCT impractical.

I work at Co-Op bank and i run queries with just uner 1 million records at a time and are usually reuturned within in a few seconds on a normal windows nt box. Therefore on a server like this one this will not be a problem.

Or maybe just store the ip address and the id of the script for the vote it made. Therefore you could just be able to

code:

---

"SELECT COUNT(*) FROM tbllog WHERE ip ='" & ip & "' AND id=" & id

---

This would be the best option.

quote:

---

Originally posted by leachy08
I work at Co-Op bank and i run queries with just under 1 million records at a time and are usually returned within in a few seconds on a normal windows nt box

---

Ah, but how many concurrent users? That's also important.

just been thinking about what i said. Man i was tired complete nonesense. The recordset is nearly a million but i do not cycle through it and add values in a running total. That would totally screw the server load up silly me