[php]<?php
$ip = getenv(“REMOTE_ADDR”);
$sql0 = mysql_query(“SELECT ip FROM votes WHERE ip=’”.$ip."’");
mysql_num_rows($sql0);
if(mysql_num_rows($sql0) != 1)
{
mysql_query(“INSERT INTO votes(ip) VALUES (’”.$ip."’)");
}

//////////////////////
// CONFIG
$points = 5;
$vote_time = 12 * 3600;
$new_time = time() + $vote_time;
// END
//////////////////////
if($_GET[‘vote’])
{

if($_GET['vote'] == "xtop") 
{ 
$vote_site = "http://www.xtremetop100.com/in.php?site=1132321739"; 
}else { 
$vote_site = "http://www.gtop100.com/in.php?site=61474s"; 
} 

$site = $_GET['vote']; 
$sql2 = mysql_query("SELECT ".$site."_time FROM votes WHERE ip='".$ip."'"); 
$res2 = mysql_fetch_array($sql2); 
 
if(time() > $res2[$site."_time"]){ 
    mysql_query("UPDATE votes SET ".$site."_time='".$new_time."' WHERE ip='".$ip."'"); 
    mysql_query("UPDATE votes SET ".$site."_count=".$site."_count+1 WHERE ip='".$ip."'"); 
    mysql_query("UPDATE accounts SET, donation_points=donation_points+'".$row['reward']."' WHERE username='".$_SESSION['account']."'"); 
        echo '<meta http-equiv="refresh" content="0;'.$vote_site.'" />'; 

}
}

$sql3 = mysql_query("SELECT * FROM votes WHERE ip='".$ip."'"); 
$row3 = mysql_fetch_array($sql3); 
$gtime = $row3[1]; 
$xtime = $row3[3]; 

?>

Vote for Donation Points

<a href="?p=vote&vote=gtop"><center> 
    <img src="http://www.gtop100.com/images/votebutton.jpg" /> 
</center></a> 
<center><?php 
if(!$gtime < time()){ 
 
    $left = $gtime - time(); 
    $hours = $left / 3600; 
    settype($hours , "integer"); 
        echo "You have to wait ".$hours." Hours before u can vote again"; 
} else { 
    echo "You are able to vote now!"; 
} 
?></center> 
<br /> 
</p> 
<p> 
<a href="?p=vote&vote=xtop"><center> 
<img src="http://www.xtremetop100.com/votenew.jpg" /> 
</center></a> 
<center><?php    
if(!$xtime < time()){ 
 
    $left = $xtime - time(); 
    $hours = $left / 3600; 
    settype($hours , "integer"); 
        echo "You have to wait ".$hours." Hours before u can vote again"; 
} else { 
    echo "You are able to vote now!"; 
} 
?></center> 
</p>[/php]

pls help… i want this to be fix. this is a website voting script

the tables are in Accounts.sql and it name as donation_points

help pls help

Hi Sherwin,

Specifically, what error message(s) are you getting?

with out explaining the problem it is hard to come up with an answer a couple things I would change:
[php]
if($_GET[‘vote’])
{

if($_GET['vote'] == "xtop") 
{ 

[/php]
change to
[php]
if(isset($_GET[‘vote’]))
{

if($_GET['vote'] == "xtop") 
{ [/php]

then what is up with :
[php]
if(!$gtime < time()){

[/php]
why not just
[php]
f($gtime > time()){
[/php]
since they have to wait until gtime to be able to vote.
same thing here

[php]
if($xtime > time()){
[/php]

change to:
[php]
if($xtime > time()){
[/php]
other than that it seems ok to me

thanks for the help. but my problem is the points is not updating on the donation_points field on my accounts.sql in my sql… after i vote it must update 5 points each site pls i need it so badly thanks for the help too

There’s typo in your UPDATE statement…Remove the comma (,) next to SET…

[php]mysql_query("UPDATE accounts SET, donation_points=donation_points…
[/php]

must be

[php]mysql_query("UPDATE accounts SET donation_points=donation_points…
[/php]

thanbks. but still it did not update the donation_points sir

i badly need this script can anyone help

Try this:

[php]
$reward=$row[‘reward’];
$username=‘Username here’;

mysql_query(“UPDATE accounts SET donation_points=donation_points+ ‘$reward’ WHERE username = ‘$username’”) or die (mysql_error());
[/php]

still it did not update

bump!!!

[php]
mysql_query(“UPDATE votes SET “.$site.”_time=’”.$new_time."’ WHERE ip=’".$ip."’"); mysql_query(“UPDATE votes SET “.$site.”_count=”.$site."_count+1 WHERE ip=’".$ip."’");
[/php]

Should it be ?
[php]

    mysql_query("UPDATE votes SET '".$site."'_time='".$new_time."' WHERE ip='".$ip."'");         mysql_query("UPDATE votes SET '".$site."'_count='".$site."'_count+1 WHERE ip='".$ip."'"); 

[/php]

not working

this was a fun one I found the problem:
[php]
$site = $_GET[‘vote’];
$sql2 = mysql_query(“SELECT “.$site.”_time FROM votes WHERE ip=’”.$ip."’");
$res2 = mysql_fetch_array($sql2);

if(time() > $res2[$site."_time"]){ 
    mysql_query("UPDATE votes SET ".$site."_time='".$new_time."' WHERE ip='".$ip."'"); 
    mysql_query("UPDATE votes SET ".$site."_count=".$site."_count+1 WHERE ip='".$ip."'"); 
    mysql_query("UPDATE accounts SET donation_points=donation_points+'".$row['reward']."' WHERE username='".$_SESSION['account']."'"); 
      [/php]

ok so the variable row is never defined, your query is sql2 then you fetch with res2!
so here you go I cleaned it up a bit for you here is the whole thing just copy and paste :
[php]<?php
$ip = getenv(“REMOTE_ADDR”);
$sql0 = mysql_query(“SELECT ip FROM votes WHERE ip=’”.$ip."’");
mysql_num_rows($sql0);
if(mysql_num_rows($sql0) != 1)
{
mysql_query(“INSERT INTO votes(ip) VALUES (’”.$ip."’)");
}

//////////////////////
// CONFIG
$points = 5;
$vote_time = 12 * 3600;
$new_time = time() + $vote_time;
// END
//////////////////////
if(isset($_GET[‘vote’]))
{

if($_GET['vote'] == "xtop") 
{  
$vote_site = "http://www.xtremetop100.com/in.php?site=1132321739"; 
}else { 
$vote_site = "http://www.gtop100.com/in.php?site=61474s"; 
} 

$site = $_GET['vote']; 
$sql2 = mysql_query("SELECT ".$site."_time FROM votes WHERE ip='".$ip."'"); 
$res2 = mysql_fetch_array($sql2); 
 
if(time() > $res2[$site."_time"]){ 
    mysql_query("UPDATE votes SET ".$site."_time='".$new_time."' WHERE ip='".$ip."'"); 
    mysql_query("UPDATE votes SET ".$site."_count=".$site."_count+1 WHERE ip='".$ip."'"); 
    mysql_query("UPDATE accounts SET donation_points=donation_points+'".$res2['reward']."' WHERE username='".$_SESSION['account']."'"); 
        echo '<meta http-equiv="refresh" content="0;'.$vote_site.'" />'; 

}
}

$sql3 = mysql_query("SELECT * FROM votes WHERE ip='".$ip."'"); 
$row3 = mysql_fetch_array($sql3); 
$gtime = $row3[1]; 
$xtime = $row3[3]; 

?>

Vote for Donation Points

<a href="?p=vote&vote=gtop"><center> 
    <img src="http://www.gtop100.com/images/votebutton.jpg" /> 
</center></a> 
<center><?php 
if($gtime > time()){ 
 
    $left = $gtime - time(); 
    $hours = $left / 3600; 
    settype($hours , "integer"); 
        echo "You have to wait ".$hours." Hours before u can vote again"; 
} else { 
    echo "You are able to vote now!"; 
} 
?></center> 
<br /> 
</p> 
<p> 
<a href="?p=vote&vote=xtop"><center> 
<img src="http://www.xtremetop100.com/votenew.jpg" /> 
</center></a> 
<center><?php    
if($xtime > time()){ 
 
    $left = $xtime - time(); 
    $hours = $left / 3600; 
    settype($hours , "integer"); 
        echo "You have to wait ".$hours." Hours before u can vote again"; 
} else { 
    echo "You are able to vote now!"; 
} 
?></center> 
</p>[/php]

still not working >.<

I would like to see what your database looks like, this statement right here :
[php]
$site = $_GET[‘vote’];
$sql2 = mysql_query(“SELECT “.$site.”_time FROM votes WHERE ip=’”.$ip."’");
[/php]
makes me wonder what all fields you have that would accept whatever GET information is passed, also this is such a vulnerability here with no validation!
there is so many things that could be wrong with this, SESSION account could be empty, the two queries before the update accounts could be incorrect because of the fields area, there just is not enough info here to really do anything, I am sending you a pm

actually you are not registered, so register and pm me