Jump to content
MakeWebGames

Rate a user


bloodless2010
 Share

Recommended Posts

Hi!

I made this feature in V1, but I'm pretty sure it should work fine (mostly) in V2, if anyone can convert, would be awesome!

About this mod - Quite a simple mod that allows users to either +1 or -1 a user daily, normal users can rate a user once a day, but donators can rate twice.

First of all, go into phpmyadmin and run these 2 SQL's

You're unable to view this code.

Viewing code within this forum requires registration, you can register here for free.

 

and

You're unable to view this code.

Viewing code within this forum requires registration, you can register here for free.

 

-Rate is the current users rating

-Canrate is the amount of ratings a user can currently give

giverate.php;

You're unable to view this code.

Viewing code within this forum requires registration, you can register here for free.

 

 

Add this to viewuser.php where you want it;

You're unable to view this code.

Viewing code within this forum requires registration, you can register here for free.

 

 

And finally, you want to make it so they can rate again at the end of the day ! :)

add this to your daily cron file;

You're unable to view this code.

Viewing code within this forum requires registration, you can register here for free.

 

If you used, feel free to say thank you below :)

Also - If you guys want, I can post the hall of fame code for it! (for most ratings and lowest ratings) :p

Link to comment
Share on other sites

I dont want to sound like a hater so dont take it that way but one thing you should think about is securing your gets and posts even if its just a little bit like using mysql_real_escape_string($_GET['action']) and even is_numeric($_GET['u']) or abs((int)$_GET ['u']).

That will atleast help with basic stuff

Also are you only allowing people to give 1 or 2 ratings per day on purpose? It seems more logical to give unlimited and do a check to make sure they are not rating the same user over and over

Edited by KyleMassacre
Link to comment
Share on other sites

I dont want to sound like a hater so dont take it that way but one thing you should think about is securing your gets and posts even if its just a little bit like using mysql_real_escape_string($_GET['action']) and even is_numeric($_GET['u']) or abs((int)$_GET ['u']).

That will atleast help with basic stuff

Also are you only allowing people to give 1 or 2 ratings per day on purpose? It seems more logical to give unlimited and do a check to make sure they are not rating the same user over and over

First of all, I'm using $_GET['u'] = abs((int) $_GET['u']); already, and second of all, I don't need to secure $_GET['action'] because it isn't being inserted into the database at all.

And yes I'm using the 1 rate or 2 rate per day because that's how I like it to be, I wouldn't want users rating a bunch of people every day. I think it's fair like that

Link to comment
Share on other sites

First of all, I'm using $_GET['u'] = abs((int) $_GET['u']); already, and second of all, I don't need to secure $_GET['action'] because it isn't being inserted into the database at all.

And yes I'm using the 1 rate or 2 rate per day because that's how I like it to be, I wouldn't want users rating a bunch of people every day. I think it's fair like that

Whoa slow down turbo no need for anger and just because its not being inserted into the db doesnt mean it shouldt be secured. If you understand even the basics on how injections work you would know that people pass strings through the url a lot of the times and not just in <input>s. Maybe try adding in there some isset()s as well and if you dont want to trust me thats fine and dandy with me but I wouldnt advertise your game in public then

Link to comment
Share on other sites

$_GET['action'] is being checked against 2 specific words (give/take) - If anything other than that is passed through the action then the script will cease to execute. Granted, it's not the best script (not hating, +1 for your contribution) but you definitely cannot inject the action.

Edited by LeeMason
Link to comment
Share on other sites

Whoa slow down turbo no need for anger and just because its not being inserted into the db doesnt mean it shouldt be secured. If you understand even the basics on how injections work you would know that people pass strings through the url a lot of the times and not just in <input>s. Maybe try adding in there some isset()s as well and if you dont want to trust me thats fine and dandy with me but I wouldnt advertise your game in public then

Didn't mean for it to sound angry, sorry. Could you please explain a bit more then? the action is being checked towards 2 things (Give or Take) otherwise nothing will happen.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...