Vote Hack

04/11/2017 15:56 Yolo143#1
Hi I just want to know how to fix the unli vote on the website?
People can do multiple vote in my website and I wonder if there's a guide or tip on how can I stop that? Thanks in advance
12/06/2017 18:34 pbben15#2
same problem here they're using proxy/vpn hotspot then spam vote btw i'm using sapphire website files

i want vote by account not by IP do you have script for that?
12/06/2017 18:45 flyffdev#3
Code:
<?php if (!defined('access')) {die("Die gesuchte Ressource wurde entfernt oder umbenannt, oder sie steht vorübergehend nicht zur Verfügung.");} ?>
<?php
if ($_CONFIG['vote_enabled'] AND count($_CONFIG['vote_toplists']) > 0) {
	foreach ($_CONFIG['vote_toplists'] as $intTopListID => $mixedTopListArray) {

		if(isset($_POST['submitVote'.$intTopListID])) {

			$strVoteErrorArray = array();
			$intRecheckIPVotingTime = time() - $mixedTopListArray['timeLimit'];
            $intTimestampOfLastVoteBeforeVote = [MENTION=311501]ODB[/MENTION]c_exec($odbc_connect, 'SELECT TOP 1 [timestamp] FROM [' . $_CONFIG['db_databases']['web'] . '].[dbo].[LOG_VOTE] WHERE [ip] = \'' . $_SERVER['REMOTE_ADDR'] . '\' AND [account] = \''  . cleanSqlInput($_SESSION['user']) . '\' AND [toplist] = ' . $intTopListID . ' AND [timestamp] > ' . $intRecheckIPVotingTime . ' ORDER BY [id] DESC');
            $intRecheckIP = [MENTION=311501]ODB[/MENTION]c_num_rows($intTimestampOfLastVoteBeforeVote);

			if(isSpamming($_POST['inputCheckTimestamp'], $_POST['inputCheckKey'], $_SESSION['inputCheckKey'])) {
				$strVoteErrorArray[] = $_LANG['error_spam'];
			}
			if($intRecheckIP > 0) {
				$strVoteErrorArray[] = $_LANG['error_already_voted'];
			}

			if(count($strVoteErrorArray) > 0) {
				echo createMessage($strVoteErrorArray, 'fail');
			}
			else {
				if( [MENTION=311501]ODB[/MENTION]c_exec($odbc_connect, '
						INSERT INTO [' . $_CONFIG['db_databases']['web'] . '].[dbo].[LOG_VOTE] (
							[account],
							[ip],
							[toplist],
							[timestamp],
							[character]
						) VALUES (
							\''.cleanSqlInput($_SESSION['user']).'\',
							\''.$_SERVER['REMOTE_ADDR'].'\',
							'.$intTopListID.',
							'.time().',
							\'\'
						)
					')
				) {
					sleep($_CONFIG['vote_timedelay']);
					if(isset($_SESSION['user'])) {
					 [MENTION=311501]ODB[/MENTION]c_exec($odbc_connect, '
							UPDATE [' . $_CONFIG['db_databases']['acc'] . '].[dbo].[ACCOUNT_TBL]
							SET [votepoints] = [votepoints] + ' . $mixedTopListArray['earnVotePoints'] . '
							WHERE [account] = \'' . cleanSqlInput($_SESSION['user']) . '\'
						');
					}
					echo createMessage($_LANG['success_voting'], 'success');
				}
				else {
					echo createMessage($_LANG['error_no_points_added'], 'fail');
				}
			}
		}



		$intCheckIPVotingTime = time() - $mixedTopListArray['timeLimit'];
		$intTimestampOfLastVote = [MENTION=311501]ODB[/MENTION]c_exec($odbc_connect, '
			SELECT TOP 1 [timestamp]
			FROM 	[' . $_CONFIG['db_databases']['web'] . '].[dbo].[LOG_VOTE]
			WHERE 	[account] = \'' . $_SESSION['user'] . '\' AND
					[toplist] = ' . $intTopListID . ' AND
					[timestamp] > ' . $intCheckIPVotingTime . '
			ORDER BY [id] DESC
		');
		$checkIP = [MENTION=311501]ODB[/MENTION]c_num_rows($intTimestampOfLastVote);
		
		if($checkIP < 1) {
			$strVoteButtonText = $mixedTopListArray['name'];
			$strVoteButtonDisabled = '';
			$strVoteButtonOnclick = 'id="voteFormOpener' . $intTopListID . '" onclick="switching(\'voteForm'.$intTopListID.'\');"';
		}
		else {
			$strVoteButtonText = $_LANG['next_vote'] . ' ' . date($_CONFIG['web_date_format']['hours'], $mixedTopListArray['timeLimit'] + [MENTION=311501]ODB[/MENTION]c_result($intTimestampOfLastVote, 'timestamp')) . ' ' . $_LANG['oclock_optional'];
			$strVoteButtonDisabled = 'disabled="disabled"';
			$strVoteButtonOnclick = '';
		}

		echo '<input ' . $strVoteButtonOnclick . ' type="submit" class="p100" value="' . $_LANG['vote_on'] . ' ' . $strVoteButtonText . '" style="margin:2px auto;" ' . $strVoteButtonDisabled . '/>';
		if($checkIP < 1) {
			echo '
			<p id="voteFormWaiting' . $intTopListID . '" class="center" style="display:none; margin-bottom: 15px;">
				' . $_LANG['wait_for_toplists_answer'] . '
				<br /><img src="images/icons/misc/loading.gif" title="' . $_LANG['wait_for_toplists_answer'] . '" alt=""/>
			</p>

			<form method="post" id="voteForm' . $intTopListID . '" style="display:none; margin-bottom: 15px;">
				<input type="hidden" name="inputCheckTimestamp" value="' . time() . '" />
				<input type="hidden" name="inputCheckKey" value="' . random_string() . '" />';
			if(isset($_SESSION['user'])) {echo '
				<p style="margin: 10px 0;" class="x02 right">
					<span class="span">' . $_LANG['you_receive'] . '</span>' . $mixedTopListArray['earnVotePoints'] . ' VPs
				</p>';
			} echo '
				<div>
					<input class="votebutton" style="margin-right: 6px; margin-top: 6px;" type="submit" value="' . $_LANG['button_vote'] . '" name="submitVote' . $intTopListID . '" onclick="openVoteSite(\'' . $mixedTopListArray['link'] . '\'); switching(\'voteForm' . $intTopListID . '\');  switching(\'voteFormWaiting' . $intTopListID . '\'); jQuery(\'#voteFormOpener' . $intTopListID . '\').attr(\'onclick\',\'\').unbind(\'click\');"/>
					<p class="zehn voteNotice">' . $_LANG['voting_additional_information'] . '</p>
				</div>
				<p class="clear"></p>
			</form>';
		}

		$intTopListID++;
	}
} 
else {
	echo createMessage($_LANG['notify_votescript_deactivated'], 'hint');
}
12/06/2017 19:14 FlyffDeveloper#4
Easiest way is to also keep track of voting on your own web db and not just rely on gtop. so you have like a 'lastvote date' in your database i guess and only allow people to vote based on that?
12/06/2017 23:56 Dr. Peacock#5
You have 3 ways.

1. Set Vote per Account, Not per IP
2. Block the Connection from Proxy/VPN user (Tor incl.)
3. Create a new Tabel to Check the Last Post.

I think a Combination from every Point is the best way.
For what you Need a vpn at Flyff LOL only the Admin is able/allowed to see the IP...