Topic: want users to be able to vote once a day...some are cheating by erasing cookie..

[bloginterviewer]

So on http://www.bloginterviewer.com users are allowed to vote once a day due to a cookie that is stored on their computer.  Unfortunately some have figured out that you can simply erase the cookie and vote multiple times.  Is there any way to prevent this?

[GaMerZ]

Do a IP check with date

Openup postratings.php:
Find:

Code: [Select]

$get_rated = $wpdb->get_var("SELECT rating_ip FROM $wpdb->ratings WHERE rating_postid = $post_id AND rating_ip = '".get_ipaddress()."'");Replace:

Code: [Select]

$get_rated = $wpdb->get_var("SELECT rating_ip FROM $wpdb->ratings WHERE rating_postid = $post_id AND rating_ip = '".get_ipaddress()."' AND rating_timestamp  > ".current_time('timestamp')-(24*60*60));

[bloginterviewer]

Thanks, I just put the code in.  Let's see how it works.

Mike

[bloginterviewer]

Put the code in.

I voted, deleted the cookies, and it let me vote again...any suggestions?

[Ttech]

Do you have the ip check option checked?

[GaMerZ]

did u choose logged by IP and Cookie

[Ttech]

Echo.

[bloginterviewer]

I did choose both, then I went to change it to just ip.  I think that will work, right?

But now I'm just trying to get it to function again: http://forums.lesterchan.net/index.php/topic,809.60.html

[bloginterviewer]

Okay, I got it to work right the normal way, but I changed the code like our recommended above and got this error:



WordPress database error: [You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '-86400' at line 1]
-86400

[bloginterviewer]

Once this is fixed I'll stop pestering you...for today 

[GaMerZ]

Try this replacement:

Code: [Select]

$get_rated = $wpdb->get_var("SELECT rating_ip FROM $wpdb->ratings WHERE rating_postid = $post_id AND rating_ip = '".get_ipaddress()."' AND rating_timestamp  > '".(current_time('timestamp')-(24*60*60))."'");

[bloginterviewer]

Thanks, no more error message.  Now it's time to see if it lets me vote again in 24 hours.

Mike

[bloginterviewer]

Hey,

Should I have it by IP and Cookie for this?  Is that more secure or will it mess things up?

[GaMerZ]

yes IP/Cookie

[bloginterviewer]

Thanks,

I do believe you also have to replace this, too:

In postratings.php
Find:
Code:

$rate_cookie = setcookie("rated_".$post_id, 1, time() + 30000000, COOKIEPATH);

Replace:
Code:

$rate_cookie = setcookie("rated_".$post_id, 1, time() + 86400, COOKIEPATH);



I just wanted to make sure others know...I'm correct, right?

[GaMerZ]

yeap =)

[Ttech]

[skyman]

I've have recently upgraded to 2.7.1 however I've been having this same issue as well even before the upgrade. I tried the methods in this post and still can revote after erasing cookies. Does anybody have a fix for this, it's irritating that users can vote multiple times on the same post via this problem. Thanks.

[GaMerZ]

You can logged by IP and Cookie. There is not such thing as fail proof way. Even going through proxy or deleting cookie or ADSL (where IP keep changing) there is no 100% to prevent it.

[skyman]

I'm sure there is, I've seen rating systems used on WP before that do not allow to re-vote after wiping out cookies. Only problem is, I have this integrated through my WordPress and static site and I would hope there's a fix for it rather than having to find another rating system to go with.