Having trouble adding a 24 hour voting system?

StackOverflow https://stackoverflow.com/questions/8952942

  •  18-04-2021
  •  | 
  •  

Question

There is a script that triggers the code below

I want to disallow executing the script more than once per 24 hours.

I wanted this script to store the last visit time in a table against the user id in a database, then do a time calculation and back them out until the 24 hour expiry time.

Can someone explain how to do this? It would be greatly appreciated if someone could help me with this?

<?php
//Input correct values into this section
$dbhost = '888888';
$dbuser = '888888';
$dbpass = '888888';
$dbname = '888888';
$dbtable = 'redeem';
$dbtable2 = 'playersthatvoted';
//------------------------------------
$input = 'diamond 12';
$player = $_POST['Player'];
$time = time();
if(!isset($_COOKIE['24Hourvote'])){
   //---- This is the connection
   $conn = mysql_connect ($dbhost, $dbuser, $dbpass) or die ('Error: ' . mysql_error());
   mysql_select_db($dbname);
   $query1 = "INSERT INTO `".$dbname."`.`".$dbtable."` (`player`, `item`) VALUES ('".$player."', '".$input."')";
   $query2 = "INSERT INTO `".$dbname."`.`".$dbtable2."` (`player`, `time`) VALUES ('".$player."', '".$time."')";
   mysql_query($query1);
   mysql_query($query2);
   $query= 'SELECT `player` FROM `playersthatvoted` ASC LIMIT 0, 10 ';
   $result = mysql_query($query);
   mysql_close($conn);
   echo 'Done! Type /redeem in-game to get your diamonds.';
   $ip=@$REMOTE_ADDR;
   setcookie ("24Hourvote",$ip,time()+86400,'/',true,…
} else {
   echo 'You have already voted today! Come back later...'; }
?>

EDIT: and could I make it so that it displays the time left until the user can vote again?

Was it helpful?

Solution 

<?php
//Input correct values into this section
$dbhost = '888888';
$dbuser = '888888';
$dbpass = '888888';
$dbname = '888888';
$dbtable = 'redeem';
$dbtable2 = 'playersthatvoted';
//------------------------------------
$input = 'diamond 12';
$time = time();
if(!isset($_COOKIE['24Hourvote'])){
       $ip = $_SERVER['REMOTE_ADDR'];
   //---- This is the connection
   $conn = mysql_connect ($dbhost, $dbuser, $dbpass) or die ('Error: ' . mysql_error());
   mysql_select_db($dbname);

      // Escape all user entered data always
      $player = mysql_real_escape_string($_POST['Player']);

   // Select time for this player if available
   $query = "SELECT time FROM playersthatvoted WHERE player = '$player' ORDER BY time DESC LIMIT 0, 1";
   $result = mysql_query($query);

   if(mysql_num_rows($result) != 0)
   {
       $row = mysql_fetch_row($result);
       $last_visit = $row[0];
       $vote_allowed_time = $last_visit + 86400; 

       // Allowed to vote
       if($time > $vote_allowed_time)
       {
           // Do whatever else you need to here ...

           setcookie ("24Hourvote",$ip,time()+86400,'/');
       }
       else
       {
           echo 'This player has already voted today! Come back later...';
       }
   }
   else
   {
       $query1 = "INSERT INTO `".$dbname."`.`".$dbtable."` (`player`, `item`) VALUES ('".$player."', '".$input."')";
       $query2 = "INSERT INTO `".$dbname."`.`".$dbtable2."` (`player`, `time`) VALUES ('".$player."', '".$time."')";
       mysql_query($query1);
       mysql_query($query2);
       $query= 'SELECT `player` FROM `playersthatvoted` ASC LIMIT 0, 10 ';
       $result = mysql_query($query);
       mysql_close($conn);
       echo 'Done! Type /redeem in-game to get your diamonds.';

       setcookie ("24Hourvote",$ip,time()+86400,'/');
   }
} else {
   echo 'You have already voted today! Come back later...'; }
?>

Note: Never trust the user input, always validate and escape the data.

Changed:

$player = $_POST['Player'];

to:

$player = mysql_real_escape_string($_POST['Player']);

Added:

 // Select time for this player if available
 $query = "SELECT time FROM playersthatvoted WHERE player = '$player' ORDER BY time DESC LIMIT 0, 1";
 $result = mysql_query($query);


if($result)
   {
       $row = mysql_fetch_row($result);
       $last_visit = $row[0];
       $vote_allowed_time = $last_visit + 86400; 

       // Allowed to vote
       if($time > $vote_allowed_time)
       {
           // Do whatever else you need to here ...

           setcookie ("24Hourvote",$ip,time()+86400,'/');
       }
       else
       {
           echo 'This player has already voted today! Come back later...';
       }
   }
   else
   {
       ...
   }

UPDATE

I would like to highlight the fact that as it stands anyone can enter the player name and try to vote for it and that does not necessarily mean the same user who clicks the vote button.

Additionally the IP address is not being used for any purposes, it may be an idea to use this for further permission/security checks.

OTHER TIPS

To me it looks like you already know what you have to do:

I wanted this script to store the last visit time in a table against the user id in a database.Then do a time calculation and back them out until the 24 hour expiry time.

So:

  1. Forget about the cookie. It is stored on client side and can be manipulated.
  2. Before count the vote check the [lastvisit] field of the current user.
  3. If not set count the vote and set the [lastvisit] field in your table to the current date.
  4. If set calculate the time span between now and the last vote. If bigger than 24 hours, count the vote and set the [lastvisit] field in your table to the current date.

Be aware of:

  • Manipulated parameters: $_POST['Player'];
  • SQL injections: VALUES ('".$player."', '".$input."')

If you have problems with one of these tasks then ask about the specific problem.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top