bloodless2010 Posted January 31, 2013 Share Posted January 31, 2013 Hi! I made this feature in V1, but I'm pretty sure it should work fine (mostly) in V2, if anyone can convert, would be awesome! About this mod - Quite a simple mod that allows users to either +1 or -1 a user daily, normal users can rate a user once a day, but donators can rate twice. First of all, go into phpmyadmin and run these 2 SQL's You're unable to view this code. Viewing code within this forum requires registration, you can register here for free. and You're unable to view this code. Viewing code within this forum requires registration, you can register here for free. -Rate is the current users rating -Canrate is the amount of ratings a user can currently give giverate.php; You're unable to view this code. Viewing code within this forum requires registration, you can register here for free. Add this to viewuser.php where you want it; You're unable to view this code. Viewing code within this forum requires registration, you can register here for free. And finally, you want to make it so they can rate again at the end of the day ! :) add this to your daily cron file; You're unable to view this code. Viewing code within this forum requires registration, you can register here for free. If you used, feel free to say thank you below :) Also - If you guys want, I can post the hall of fame code for it! (for most ratings and lowest ratings) :p Quote Link to comment Share on other sites More sharing options...
KyleMassacre Posted January 31, 2013 Share Posted January 31, 2013 (edited) I dont want to sound like a hater so dont take it that way but one thing you should think about is securing your gets and posts even if its just a little bit like using mysql_real_escape_string($_GET['action']) and even is_numeric($_GET['u']) or abs((int)$_GET ['u']). That will atleast help with basic stuff Also are you only allowing people to give 1 or 2 ratings per day on purpose? It seems more logical to give unlimited and do a check to make sure they are not rating the same user over and over Edited January 31, 2013 by KyleMassacre Quote Link to comment Share on other sites More sharing options...
JamesRage Posted January 31, 2013 Share Posted January 31, 2013 Nice, thanks for sharing. :) Quote Link to comment Share on other sites More sharing options...
bloodless2010 Posted January 31, 2013 Author Share Posted January 31, 2013 I dont want to sound like a hater so dont take it that way but one thing you should think about is securing your gets and posts even if its just a little bit like using mysql_real_escape_string($_GET['action']) and even is_numeric($_GET['u']) or abs((int)$_GET ['u']). That will atleast help with basic stuff Also are you only allowing people to give 1 or 2 ratings per day on purpose? It seems more logical to give unlimited and do a check to make sure they are not rating the same user over and over First of all, I'm using $_GET['u'] = abs((int) $_GET['u']); already, and second of all, I don't need to secure $_GET['action'] because it isn't being inserted into the database at all. And yes I'm using the 1 rate or 2 rate per day because that's how I like it to be, I wouldn't want users rating a bunch of people every day. I think it's fair like that Quote Link to comment Share on other sites More sharing options...
KyleMassacre Posted January 31, 2013 Share Posted January 31, 2013 First of all, I'm using $_GET['u'] = abs((int) $_GET['u']); already, and second of all, I don't need to secure $_GET['action'] because it isn't being inserted into the database at all. And yes I'm using the 1 rate or 2 rate per day because that's how I like it to be, I wouldn't want users rating a bunch of people every day. I think it's fair like that Whoa slow down turbo no need for anger and just because its not being inserted into the db doesnt mean it shouldt be secured. If you understand even the basics on how injections work you would know that people pass strings through the url a lot of the times and not just in <input>s. Maybe try adding in there some isset()s as well and if you dont want to trust me thats fine and dandy with me but I wouldnt advertise your game in public then Quote Link to comment Share on other sites More sharing options...
LeeMason Posted January 31, 2013 Share Posted January 31, 2013 (edited) $_GET['action'] is being checked against 2 specific words (give/take) - If anything other than that is passed through the action then the script will cease to execute. Granted, it's not the best script (not hating, +1 for your contribution) but you definitely cannot inject the action. Edited January 31, 2013 by LeeMason Quote Link to comment Share on other sites More sharing options...
bloodless2010 Posted February 1, 2013 Author Share Posted February 1, 2013 Whoa slow down turbo no need for anger and just because its not being inserted into the db doesnt mean it shouldt be secured. If you understand even the basics on how injections work you would know that people pass strings through the url a lot of the times and not just in <input>s. Maybe try adding in there some isset()s as well and if you dont want to trust me thats fine and dandy with me but I wouldnt advertise your game in public then Didn't mean for it to sound angry, sorry. Could you please explain a bit more then? the action is being checked towards 2 things (Give or Take) otherwise nothing will happen. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.