Home/ Questions/Q 7179877
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-28T17:13:49+00:00

There is a script that triggers the code below I want to disallow executing

  • 0

There is a script that triggers the code below

I want to disallow executing the script more than once per 24 hours.

I wanted this script to store the last visit time in a table against the user id in a database, then do a time calculation and back them out until the 24 hour expiry time.

Can someone explain how to do this? It would be greatly appreciated if someone could help me with this?

<?php
//Input correct values into this section
$dbhost = '888888';
$dbuser = '888888';
$dbpass = '888888';
$dbname = '888888';
$dbtable = 'redeem';
$dbtable2 = 'playersthatvoted';
//------------------------------------
$input = 'diamond 12';
$player = $_POST['Player'];
$time = time();
if(!isset($_COOKIE['24Hourvote'])){
   //---- This is the connection
   $conn = mysql_connect ($dbhost, $dbuser, $dbpass) or die ('Error: ' . mysql_error());
   mysql_select_db($dbname);
   $query1 = "INSERT INTO `".$dbname."`.`".$dbtable."` (`player`, `item`) VALUES ('".$player."', '".$input."')";
   $query2 = "INSERT INTO `".$dbname."`.`".$dbtable2."` (`player`, `time`) VALUES ('".$player."', '".$time."')";
   mysql_query($query1);
   mysql_query($query2);
   $query= 'SELECT `player` FROM `playersthatvoted` ASC LIMIT 0, 10 ';
   $result = mysql_query($query);
   mysql_close($conn);
   echo 'Done! Type /redeem in-game to get your diamonds.';
   $ip=@$REMOTE_ADDR;
   setcookie ("24Hourvote",$ip,time()+86400,'/',true,…
} else {
   echo 'You have already voted today! Come back later...'; }
?>

EDIT: and could I make it so that it displays the time left until the user can vote again?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team
    <?php
//Input correct values into this section
$dbhost = '888888';
$dbuser = '888888';
$dbpass = '888888';
$dbname = '888888';
$dbtable = 'redeem';
$dbtable2 = 'playersthatvoted';
//------------------------------------
$input = 'diamond 12';
$time = time();
if(!isset($_COOKIE['24Hourvote'])){
       $ip = $_SERVER['REMOTE_ADDR'];
   //---- This is the connection
   $conn = mysql_connect ($dbhost, $dbuser, $dbpass) or die ('Error: ' . mysql_error());
   mysql_select_db($dbname);

      // Escape all user entered data always
      $player = mysql_real_escape_string($_POST['Player']);

   // Select time for this player if available
   $query = "SELECT time FROM playersthatvoted WHERE player = '$player' ORDER BY time DESC LIMIT 0, 1";
   $result = mysql_query($query);

   if(mysql_num_rows($result) != 0)
   {
       $row = mysql_fetch_row($result);
       $last_visit = $row[0];
       $vote_allowed_time = $last_visit + 86400; 

       // Allowed to vote
       if($time > $vote_allowed_time)
       {
           // Do whatever else you need to here ...

           setcookie ("24Hourvote",$ip,time()+86400,'/');
       }
       else
       {
           echo 'This player has already voted today! Come back later...';
       }
   }
   else
   {
       $query1 = "INSERT INTO `".$dbname."`.`".$dbtable."` (`player`, `item`) VALUES ('".$player."', '".$input."')";
       $query2 = "INSERT INTO `".$dbname."`.`".$dbtable2."` (`player`, `time`) VALUES ('".$player."', '".$time."')";
       mysql_query($query1);
       mysql_query($query2);
       $query= 'SELECT `player` FROM `playersthatvoted` ASC LIMIT 0, 10 ';
       $result = mysql_query($query);
       mysql_close($conn);
       echo 'Done! Type /redeem in-game to get your diamonds.';

       setcookie ("24Hourvote",$ip,time()+86400,'/');
   }
} else {
   echo 'You have already voted today! Come back later...'; }
?>

    Note: Never trust the user input, always validate and escape the data.

    Changed:

    $player = $_POST['Player'];

    to:

    $player = mysql_real_escape_string($_POST['Player']);

    Added:

     // Select time for this player if available
 $query = "SELECT time FROM playersthatvoted WHERE player = '$player' ORDER BY time DESC LIMIT 0, 1";
 $result = mysql_query($query);


if($result)
   {
       $row = mysql_fetch_row($result);
       $last_visit = $row[0];
       $vote_allowed_time = $last_visit + 86400; 

       // Allowed to vote
       if($time > $vote_allowed_time)
       {
           // Do whatever else you need to here ...

           setcookie ("24Hourvote",$ip,time()+86400,'/');
       }
       else
       {
           echo 'This player has already voted today! Come back later...';
       }
   }
   else
   {
       ...
   }

    UPDATE

    I would like to highlight the fact that as it stands anyone can enter the player name and try to vote for it and that does not necessarily mean the same user who clicks the vote button.

    Additionally the IP address is not being used for any purposes, it may be an idea to use this for further permission/security checks.

    • 0