0
how the protection against the iframes and using cookies of that can happen:
$ref = $_SERVER['HTTP_REFERER'];
$time = time();
$vtime = "86400";
if (isset($_GET['site']) && is_numeric($_GET['site'])) {
$idd = mysql_real_escape_string($_GET['site']);
$q = mysql_query("SELECT * FROM sites WHERE username = '$idd'");
$r = mysql_fetch_array($q);
$id = $r['id'];
$userip = $_SERVER['REMOTE_ADDR'];
$sql = mysql_query("SELECT ctime FROM m_ip WHERE ip=\"$userip\" AND s_id=\"$id\"");
if($row = mysql_fetch_array($sql)) {
$calc = $row['ctime'] + $vtime;
if ($calc > $time) {
$in_msg = "<br /><div align=\"center\" style=\"color: red;\"><b>You have already voted in the last 24 hours!</b></div><br /><br />";
} else {
$sqlQ = mysql_query("UPDATE m_ip SET ctime = \"$time\", s_id = \"$id\" WHERE ip=\"$userip\" AND s_id=\"$id\"");
$query = "UPDATE sites SET `in` = `in` +1 WHERE id ='$id'";
$result = mysql_query($query) or die(mysql_error());
$in_msg = "<br /><div align=\"center\" style=\"color: green;\"><b>Thanks! Your voice was discovered!</b></div><br /><br />";
}
} else {
$zapis = mysql_query("INSERT INTO m_ip (`id`, `ip`, `s_id`) VALUES ('$sivid', '$userip', '$id') ");
$sqlQ = mysql_query("UPDATE m_ip SET ctime = \"$time\", s_id = \"$id\" WHERE ip=\"$userip\" AND s_id=\"$id\"");
$query = mysql_query("UPDATE `sites` SET `in` = `in` +1 WHERE id ='$id'");
$in_msg = "<br /><div align=\"center\" style=\"color: green;\"><b>Thanks! Your voice was discovered!</b></div><br /><br />";
}
} else {
header("Location: index.php");
}
Most overhead in index.php have:
session_start(); ob_start();
Lots of the people misapply as well i want to end him off. I think that that will be useful in lot of people as well.
