It would be really appreciated if Rune-Server actually updated and/or explained the callback correctly.
There is a post from an administrator here if you go to "Add/Edit Your Server" on the toplist, it shows you the link, however it explains hardly anything. The guy that posted that should 1 update the message, and explain more, or simply have rune-server or have himself re-do the system. I made the RuneLocus callback work in 2 seconds, but Rune-Server I still have yet to figure out. He states there is two methods, IP check and Incentive. Well, first things first, when you go to vote, it should allow you to have an API or "special key" that helps prevent your votecallback.php from being exploited, thus allowing you to use an IP as well, but it doesn't work that way, it only returns the domainhere.com/votecallback.php?incentive=insentivehere. So when I went to add a hash value, I was like shit, that can get abused and exploited easily, so I added a time system, but it still doesn't work the way I need it. It works half the time. Rune-Server needs a way better callback system. Also, trying the first method, how does that even work, unless the person is redirected to the callbackURL, which still makes no sense cause how does it get back to rune-server? Just makes no sense.
Someone else should explain a better callback system. Or help me with mine (rune-server wise)
Here's what I go though, it might help you in the long run, or someone else cause this threads so old I bet you got it fixed already.
Code:
// Callback URL : http://example.com/VoteCallBack.php?api=CALL-BACK-API&data= [Works For Runelocus]
// Above is what you would enter for RuneLocus's "Incentive" call back URL.
// Callback URL: http://example.com/VoteCallBack.php
// Above is what you would enter for Rune-Server's "Incentive" call back URL.
if (!isset($_GET["api"]) && !isset($_GET["postback"])) {
die("Please insert an API code");
} else if ($_GET["api"] != "API-CODE-HERE" && !isset($_GET["postback"])) {
die("Please enter a correct API key");
} else if (!isset($_GET["data"]) && !isset($_GET["postback"])) {
die("There is currently no data");
}
$data = $_GET["data"];
// Check Rune-Server Callback
if (isset($_GET["postback"])) {
$id = $_GET["postback"];
} else {
// Check RuneLocus Callback
if (strpos($data, "=") !== false) {
$explode = explode("=", $data);
$id = $explode[1];
} else {
$id = $data;
}
}
$result = $dbhM->query("SELECT * FROM `votecallback` WHERE `hash` = '".$id."' OR `ipAddr` = '".$id."'");
$count = $dbhM->query("SELECT COUNT(*) FROM `votecallback` WHERE `hash` = '".$id."' OR `ipAddr` = '".$id."'");
if ($count->fetchColumn() >= 1) {
if (isset($_GET["postback"])) {
foreach($result as $row) {
$called = $row["called"];
$until = $row["until"];
$add = ($called + 1);
$randHash = sha1(rand(1,2147000000));
$untilNow = (time() + 43200);
if ($until >= time()) {
die("You have already voted at Rune-Server");
} else {
$dbhM->query("UPDATE `votecallback` SET `called` = '".$add."', `hash` = '".$randHash."', `until` = '".$untilNow."' WHERE `hash` = '".$id."'");
die("updated");
}
}
} else {
foreach($result as $row2) {
$called = $row2["called"];
$add = ($called + 1);
$randHash = sha1(rand(1,2147000000));
$dbhM->query("UPDATE `votecallback` SET `called` = '".$add."', `hash` = '".$randHash."' WHERE `ipAddr` = '".$id."'");
die("updated");
}
}
} else {
die("Seems like you tried to trick the system ey? Too bad.");
}
No need to "ROFL" at the PHP either, if you do not think it's "up to standards" cause it was done quickly.