<?php
/**
* @author Stuart <RogueX | iVariable>
* @version 1.1 UPDATED: 06.09.2010
* @comment fixed a few bugs
*/
/**
* mysql database hostname
*/
define("MYSQL_HOST", "localhost");
/**
* mysql username to connect to the database server
*/
define("MYSQL_USERNAME", "harmank_vote");
/**
* mysql password the password to connect to the database server
*/
define("MYSQL_PASSWORD", "------");
/**
* mysql database the database name in which you have your vote table setup
*/
define("MYSQL_DATABASE", "harmank_vote");
/**
* vote url this is the url which where users will be sent to on voting
*/
define("VOTE_URL", "http://www.runelocus.com/toplist/index.php?action=vote&id=26645");
/**
* The number of hours between voting
*/
define("VOTE_HOURS", 24);
/**
* connect() this function is used to connect to the mysql database server.
*/
function connect()
{
if (!@mysql_connect(MYSQL_HOST, MYSQL_USERNAME, MYSQL_PASSWORD))
die("Could not connect to mysql database: " . mysql_error());
if (!@mysql_select_db(MYSQL_DATABASE))
die("Could not select mysql database: " . mysql_error());
$tables = mysql_list_tables(MYSQL_DATABASE);
while (list($temp) = mysql_fetch_array($tables)) {
if ($temp == "votes") {
return;
}
}
query("CREATE TABLE `votes` (
`playerName` VARCHAR( 255 ) NOT NULL ,
`ip` VARCHAR( 255 ) NOT NULL,
`time` BIGINT NOT NULL ,
`recieved` INT( 1 ) NOT NULL DEFAULT '0')");
}
/**
* query(string query) this function is used to query the mysql database server.
*/
function query($s)
{
$query = @mysql_query($s);
if (!$query)
die("Error running query('" . $s . "'): " . mysql_error());
return $query;
}
/**
* anti_inject(string text) this function is used to make sure no injections can be made.
*/
function anti_inject($sql)
{
$sql = preg_replace(sql_regcase("/(from|select|insert|delete|where|drop table|show tables|#|\*|--|\\\\)/"),
"", $sql);
$sql = trim($sql);
$sql = strip_tags($sql);
$sql = addslashes($sql);
$sql = strtolower($sql);
return $sql;
}
/**
* clean_request(int timestamp, string username) this function is used to delete any entries if they have already expired.
*/
function clean_request($time, $username)
{
$query = query("SELECT * FROM `votes` WHERE `playerName`='" . $username . "'");
if (mysql_num_rows($query) > 0) {
$row = mysql_fetch_array($query);
$timerequested = $row['time'];
if ($time - $timerequested > VOTE_HOURS * 3600)
query("DELETE FROM `votes` WHERE time='" . $timerequested . "'");
}
}
/**
* vote_entries(string ip) this function is used return the number of rows within the table
*/
function vote_entries($ip)
{
$query = query("SELECT * FROM `votes` WHERE ip='" . $ip . "'");
return mysql_num_rows($query);
}
/**
* This is the actual working of the script, do not change anything below unless you're fully aware of what it is you're doing.
*/
if (isset($_POST['submit']) || isset($_GET['username']) && isset($_GET['type'])) {
connect();
if ($_POST['submit']) {
if(@fsockopen($_SERVER['REMOTE_ADDR'], 80, $errno, $errstr, 1))
die("Sorry but you have port 80 open, this is to stop voting by proxy address.");
if(isset($_COOKIE['voted']))
die("Sorry but it looks like you have already voted...");
$username = anti_inject($_POST['username']);
$ip = gethostbyaddr($_SERVER['REMOTE_ADDR']);
clean_request(time(), $username);
if (vote_entries($ip) == 0) {
setcookie ("voted", "yes", VOTE_HOURS * 3600);
query("INSERT INTO `votes` (`playerName`, `ip`, `time`) VALUES ('" . $username .
"', '" . $ip . "', '" . time() . "')");
header("Location: " . VOTE_URL . "");
} else {
die("You have already voted once today.");
}
} elseif ($_GET['type'] == "checkvote") {
$username = anti_inject($_GET['username']);
$query = query("SELECT * FROM `votes` WHERE `playerName`='" . $username . "'");
if (mysql_num_rows($query) == 1) {
$results = mysql_fetch_array($query);
if ($results['recieved'] == 0) {
query("UPDATE `votes` SET `recieved`='1' WHERE `playerName`='" . $username . "'");
die("user needs reward...");
} else {
die("user been given reward...");
}
} else {
die("Vote not found... ". $username .".");
}
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Vote for a reward!</title>
</head>
<body>
<div align="center" style="color:#00F"><h2>Vote for a reward!</h3></div>
<table align="center">
<form action="vote.php" method="post">
<tr>
<td align="right">Username: </td>
<td><input name="username" type="text" /></td>
</tr>
<tr>
<td> </td>
<td align="center"><input type="submit" name="submit" value="Vote now" /></td>
</tr>
</form>
</table>
</body>
</html>