Welcome!

Join our community of MMO enthusiasts and game developers! By registering, you'll gain access to discussions on the latest developments in MMO server files and collaborate with like-minded individuals. Join us today and unlock the potential of MMO server development!

Join Today!

Vote Script

Status
Not open for further replies.
Newbie Spellweaver
Joined
Dec 21, 2008
Messages
11
Reaction score
7
I do know there are many vote scripts. I'm just bored.

PHP:
<?php
    session_start();
    $_SESSION['fuckmeoryou'] = time();
?>
<div>
    <div id='header' style='font-family: Arial; margin-bottom: 0.5em; border-bottom: 1px solid red; text-align: center; background-color:gray; color:#ffffff'>
        <big><strong><b>Please vote for our server!</b></strong></big>
    </div>
    <div id='text' style='padding: 5px; padding-left: 7px; font-size: 18px; border-bottom: 1px solid red;'>
        Voting for our server will let you screw yourself over. 
    </div>
    <form style='text-align: center; margin-bottom: 2px; margin-top: 5px;' method='post' action='vote.php'>
        <div style='font-size: 12px; valign:center;'>
            loginID :          
            <big><b><strong>
<br><form action="vote.php" method="POST"><br>
<tr><td class=list align=center></td><td class=list><input name="name" type="text" /></td></tr>
<tr><td class=listtitle align=center colspan=2><center><input type="submit" value="Vote"/></center>
</form>
</strong></b></big>    </div>
    </form>
</div>
PHP:
<?php 
session_start(); // make sure you have register globals off. to avoid confusions. 
if(isset($_COOKIE['lastvote'])) { // if cookie exists, it will do this. We set cookie time for 12 hrs. so We dont want the fags to vote again. can cheat this as well. 
	$lastvoted = $_COOKIE['lastvote'];  // assign the cookie data to a different variable.
	echo 'You have voted in the last 12 hrs. ';
	echo 'Your last voted time : ' . $lastvoted; // show him when he voted
    exit(); // end script. the code after this will not be executed. If you want to redirect the nib to the vote page even if he already voted, you need to add a redirect above this. 
} else {
	$intwelvehrs = 60 * 60 * 12 + time();  // in milli seconds
	setcookie('lastvote', date("G:i - m/d/y"), $inTwelvehrs);  // set cookie data and expiration of cookie to 12 hrs
}
if (isset($_SESSION['fuckmeoryou'])) { // check the session variable we set in the form 
	unset($_SESSION['fuckmeoryou']);  // unset it so if they refresh it wont be there. Thanks to Darion for Pointing out that this could happen in his script he released in 1947
	if (isset($_POST['name'])) {		// if the user posted the user name do the following
		include('../config.php'); // include config.php. that file usually contains the detail for the code to connect to mysql. the password ip and poop.
		$today = date("mdHi"); // current time. month/date/hour/minute
		$name = mysql_real_escape_string(stripslashes($_POST['name'])); // strip slashes and escape the input so ppl cannot sql inject. its not 100 % safe but its quite safe
		$len = strlen($name); // assign the length of the input to a variable. 
		if ($len > 15){ // if the input is more than 15 do this and end script.
			die('The login Id you entered is longer than expected.'); // die = echo + exit. 
		}		
		$ip = $_SERVER['REMOTE_ADDR']; // assign the ip of the nub to a variable
		echo '<b><big>Please Wait while you get redirected<br/><br />'; // just for fun
		function voteDo($name, $ip, $today){ // make a function to run sql queries so we can call this function from the script. 
				mysql_query('INSERT INTO `voterewards` (name) VALUES ("'.$name.'")'); // add the name into vote rewards. you need to make a table name vote rewards. preferably with just id (int) and name (varchar)
				mysql_query('DELETE FROM `voteipcontrol` WHERE ip = "'.$ip.'"'); // Delete the ip from SQL table with ip. 
				mysql_query('INSERT INTO `voteipcontrol` (ip, time) VALUES ("'.$ip.'","'.$today.'")'); // Add the ip and time in sql table so we can later check for the time some one voted from the ip.
				mysql_query('DELETE FROM `votecontrol` WHERE name = "'.$name.'"'); // delete from sql table with time and name 
				mysql_query('INSERT INTO `votecontrol` (name, time) VALUES ("'.$name.'","'.$today.'")'); // add the name and time in SQL table to check later
			        echo '<meta http-equiv="refresh" content="5;url=http://your vote URL.html">'; // Change the 5 to make it load faster/ slower what ever. It will be done after the queries so you can even set it to 1 or sth. 
		}

		if ($name == ""){ // Why I left it here? its not needed. 
			die("Required field was left blank."); // end script if name was blank
		} else {
			$query='SELECT * FROM accounts WHERE name= "'.$name.'" LIMIT 1'; // query to load the account from db
			if(mysql_num_rows(mysql_query($query)) == 0 ) {  // We do the query and check the number of rows in result. If its 0, there is no such account in the database.
				die('you have entered non-existant Login Id');				// end the script. there is a small problem with this. If some one entered a wrong name.... They gonna have to wait another 12 hrs to vote with rewards. You can also delete the cookie here to stop it using : setcookie ("lastvote", "", time() - 3600);
			} else {
				$queryone = 'SELECT time FROM voteipcontrol WHERE ip = "'.$ip.'"'; // it shouldnt come to this because of the cookie. But some users might have deleted cookie and what not. or diff browser/ same ip 2 comp. query to load details from the sql to  see when the ip was used to vote 
				$resultone = mysql_query($queryone); // assign the query to a variable
				$numberone = mysql_num_rows($resultone); // assign the  number of rows to a variable. We can use it like ($numberone = mysql_num_rows(mysql_query(sql query here))). but this looks cleaner to me. 
				if($numberone > 0) { // if the ip is not being used for the first time to vote, do the following code to check if it was in the last 12 hrs
					$row = mysql_fetch_array($resultone); // we fetch the result of the query as a array and put into a variable
					$lvt = $row['time']; // we take the time data out of the array and assign it to a variable					
					if ($today - $lvt < 1200) { // Check if they voted in the last 12 hrs.
						die ('You have voted in the last 12 hrs');                 // if they did end script.
					} else {
						$querytwo = 'select time from votecontrol WHERE name = "'.$name.'"'; // ok so what if they have different ip? or use dynamic ip? we cross check the name and voted time saved in our sql. 
						$resulttwo = mysql_query($querytwo); // query and put in a variable
						$numbertwo = mysql_num_rows($resulttwo); // put the number of rows in the query into another variable
						if(mysql_num_rows($resulttwo) > 0) { // if the person already voted we have him in db. need to check the time he voted
							$roww = mysql_fetch_array($resulttwo); // we fetch the result of the query as a array and put into a variable
							$lvt1 = $roww['time']; // put the time into a variable
							if ($today - lvt1 < 1200) { // check for 12 hrs
								die ('You have voted in the last 12 hrs');   // end script if voted in last 12 hrs              
							} else {
								voteDo($name, $ip, $today); // if not voted in 12 hrs, call the function to run the SQL queries.
							}
						} else {
								voteDo($name, $ip, $today);  // if the name is not in the db... means he is voting for the first time. we just call the function. But the ip is still used for voting before
						}
					}
				} else { //if the ip was not found on the db
					$querytwo = 'select time from votecontrol WHERE name = "'.$name.'"';  // check for the name and last voted time
					$resulttwo = mysql_query($querytwo);
					if(mysql_num_rows($resulttwo) > 0) {
						$roww = mysql_fetch_array($resulttwo);
						$lvtone = $roww['time'];						
						if ($today - $lvtone < 1200) {
							die ('You have voted in the last 12 hrs');                
						} else {
							voteDo($name, $ip, $today); 
						}
					} else {
						voteDo($name, $ip, $today); // this will come into play if he is voting for the first time. neither his ip nor his login id is entered in the db. The only way i can think of bypassing all these checks is deleting cookies + using proxies + using many accounts. But when you make the command to load the poop from db. you can adjust stuff there so that its not easy.  
					}
				}
			}
		}
	} else {
		die('You did not enter your login Id'); // end script if no loginid is received by the script. usually caused by ppl refreshing the page
	}
} else {       
	die('You try to cheat?'); // session variable we gave in the form does not exist.  means the person tried to access this pag with out being processed by the form. 
}
?>

PHP:
SQL queries :

DROP TABLE IF EXISTS `odinms`.`votecontrol`;
CREATE TABLE  `odinms`.`votecontrol` (
  `name` varchar(45) COLLATE latin1_general_ci NOT NULL,
  `time` int(11) NOT NULL,
  PRIMARY KEY (`name`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8;



DROP TABLE IF EXISTS `odinms`.`voteipcontrol`;
CREATE TABLE  `odinms`.`voteipcontrol` (
  `ip` varchar(45) COLLATE latin1_general_ci NOT NULL,
  `time` int(11) NOT NULL,
  PRIMARY KEY (`ip`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8;


DROP TABLE IF EXISTS `odinms`.`voterewards`;
CREATE TABLE  `odinms`.`voterewards` (
  `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
  `name` varchar(45) NOT NULL,
  `claimed` tinyint(3) unsigned NOT NULL DEFAULT '0',
  PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=213 DEFAULT CHARSET=utf8;


ALTER TABLE `odinms`.`accounts` ADD COLUMN `votepoints` INTEGER UNSIGNED NOT NULL DEFAULT 0;

in player commands
PHP:
			else if (splittedLine[0].equalsIgnoreCase("@votepoints")){ 
                if (!player.getCheatTracker().Spam(6000000, 1)){
                    java.sql.Connection con = DatabaseConnection.getConnection();
                    PreparedStatement ps = (PreparedStatement) con.prepareStatement("SELECT * FROM voterewards WHERE name = ?");
                    ps.setString(1, c.getAccountName());
                    ResultSet rs = ps.executeQuery();
                    if (rs.next()){
                       player.addVotepoint(1);
                       mc.dropMessage("You have gained 1 votepoint");
                    } else {
                        mc.dropMessage("You dont seem to have any claim left");
                    }
                    rs.close();
                    ps.close();
                    PreparedStatement pse = (PreparedStatement) con.prepareStatement("DELETE FROM voterewards WHERE name = ?");
                    pse.setString(1, c.getAccountName());
                    pse.executeUpdate();
                    pse.close();
                } else {
                    mc.dropMessage("not so often nub");
                }
            }


in MapleCharacter.java
PHP:
        private int votepoints; // add this on top where you declare other variables


Find LoadCharFromDb in it and where you see
PHP:
ps = con.prepareStatement("SELECT * FROM accounts WHERE id = ?");

and below that a lot of ret.blablabla
add this along with that:
            ret.votepoints = rs.getInt("votepoints");


in your SaveToDB(boolean update) or what ever poop you have, you will some thing like this
PHP:
 ps = con.prepareStatement("UPDATE accounts SET `paypalNX` = ?, `mPoints` = ?, `cardNX` = ?, `donator` = ?, `donatedamount` = ?, `donatorpoints` = ?, WHERE id = ?");
            ps.setInt(1, paypalnx);
            ps.setInt(2, maplepoints);
            ps.setInt(3, cardnx);
            ps.setInt(4, donator);
            ps.setInt(5, donatedamount);
            ps.setInt(6, donatorpoints);
            ps.setInt(7, client.getAccID());
            ps.executeUpdate();
            ps.close();

ou have to add :
PHP:
`votepoints` = ?, - in the query
and

ps.setInt(numberhere, votepoints); // the number is the order of ?. the first ? gets paypalnx the 4th gets donator and so on.
if you want to make a NPC :
add in MapleCharacter.java
PHP:
public int getVotePoints(){
 return votepoints;
}

public void setVotePoints(int duck){
	votepoints = duck;
}

in NPCs just use
PHP:
if (cm.getPlayer().getVotePoints() >= whatever);

cm.getPlayer().setVotePoints(cm.getPlayer().getVotePoints() -/+ whatever);

You can make a NPC or a command to deal with the rewards for points. You can use the points for event prizes and what ever the duck you want.

You dont have to logoff to be able to vote and get reward.


Its not very good but it works. Make your SQL tables according to the queries and you can add cookie restriction if you want to (I couldn't get it to work). If you have any idea to improve this, or find any mistakes in it post it here.

Credits :
Some guy in mmowned forums who posted a script for voting. This one is very different from his. But ya. and some one for nagging me to make it. <3.

how to use?

1) make folder vote in webroot
2) make file index.php and put in the first code
3) make a file vote.php in the same folder and put in the second code
4) make sure u have a config.php
5) link to your forums root/vote or use frame to display it some how. may be a pop up? xD
6) make a command in yoru source to get what ever reward u want. I used points.

note: you should make SQL tables for this script. If this small release / guide /what ever dosnt make any sense to you, you should google and look up some beginner tut. This itself is at a super beginner level. but yeah.

You can do all of this in a pop up. All you have to do is google 'pop up script' then find a script add the content as a frame. w3schools helps.

Check out this guide if you dont understand the edits in the source. it is more detailed

http://forum.ragezone.com/f428/how-to-add-a-custom-reward-voting-system-non-timed-594665/
 
Last edited:
Skilled Illusionist
Joined
Aug 15, 2009
Messages
307
Reaction score
40
That's a very bad way to do it. Really unorganized.
 
Newbie Spellweaver
Joined
Dec 21, 2008
Messages
11
Reaction score
7
Well if you want to add the rewards straight into your character/ account what not. change the insert into voterewards query to what ever you want.

@toyfork: Like I said in my first post, if you have any suggestions to make it better post it here. There is no point stating the obvious which I already mentioned in my first post.
 
Last edited:
Newbie Spellweaver
Joined
Aug 8, 2009
Messages
18
Reaction score
21
you know you can EASILY inject this script? lern 2 escape string br0
 
Last edited:
Skilled Illusionist
Joined
Aug 15, 2009
Messages
307
Reaction score
40
Not even gonna try to improve it. Enjoy sql injections.
 
Newbie Spellweaver
Joined
Dec 21, 2008
Messages
11
Reaction score
7
Thank u. I'll try update the script with some more tweaks when I wake up. Its 4 AM where I live
 
Last edited:
Legendary Battlemage
Loyal Member
Joined
Apr 7, 2009
Messages
647
Reaction score
25
Not even gonna try to improve it. Enjoy sql injections.

i did use it. Am I blind? or Are you blind?

I also found an SQL injection possibility, but the chances are REALLY low.
Just to give you a hint, ALL variables that are dependent on user input that go in queries should be escaped, no matter how impossible you think it is to inject.
 

^^^

Junior Spellweaver
Joined
Aug 7, 2009
Messages
104
Reaction score
23
I also found an SQL injection possibility, but the chances are REALLY low.
Just to give you a hint, ALL variables that are dependent on user input that go in queries should be escaped, no matter how impossible you think it is to inject.

$name = mysql_real_escape_string(stripslashes($_POST['name']));
if (strlen($name) > 15){
die('The loginID you entered is longer than the expected input.');
}

what are you going to do about that?
when you do a'; you have 12 characters left.
you can't do anything with 12 characters.

this is handled before any sql query anyways
 
Legendary Battlemage
Loyal Member
Joined
Apr 7, 2009
Messages
647
Reaction score
25
$name = mysql_real_escape_string(stripslashes($_POST['name']));
if (strlen($name) > 15){
die('The loginID you entered is longer than the expected input.');
}

what are you going to do about that?
when you do a'; you have 12 characters left.
you can't do anything with 12 characters.

this is handled before any sql query anyways

Isn't there something else?
I'm not really that experienced with PHP, but I know that you can do this with $_SESSIONS, so I think you can do this with the current code too.
 
Newbie Spellweaver
Joined
Apr 2, 2009
Messages
44
Reaction score
0
FYI, you can just go to vote1.php, without accessing the form at all.
 
Status
Not open for further replies.
Back
Top