Find Jobs
Hire Freelancers

432598 php mysql security cheat fix

N/A

Đang triển khai
Đã đăng vào hơn 13 năm trước

N/A

Thanh toán khi bàn giao
Hello This is a repost so if you bid on the previous one then please rebid. Things didn't work out on the last project. I have a script that allows members to browse other members ads. It is suppose to check and if the user has viewed it once before not to give them credit for viewing it again. Which this part works. The problem is that there is a way around this that allows people to use autoclicking software to rack up points. I need it locked down where the members can't get around it. Here is how it normally works. Members go to a page [login to view URL], this page displays 3 ads at a time. As soon as the page is loaded it inserts those 3 ads in the database as viewed not paid(no points earned). If the member clicks on the ad link [login to view URL] It checks to see if it is a good ad post $id = $_GET['id']; $result = mysql_query("SELECT * FROM `post` WHERE id = '".$id."' LIMIT 1"); If the ad post exist then it checks to make sure that the user has viewed it from the browsead page If the member has viewed and received points before it gives a message You have already received credit for this link If the member hasn't viewed and received points before then it goes to the next stage [login to view URL] which sets a timer Then when the timer runs out it goes to the 3rd stage [login to view URL] Checks to make sure ad exist $id = $_GET['id']; $query = "select * from post where id = '".$id."' LIMIT 1"; If ad exist checks to make sure they have viewed it from browsead page If they viewed and earned points they get the already viewed message, if they haven't they earn credits for viewing it then it proceeds. so basically just for loading the page [login to view URL] the 3 ads get inserted into the viewed table as viewed.(that way they don't see the ad again) $queryadtolist="insert into viewed (userid, postid) values ('$userid','$postid')"; $resultadtolist=mysql_query($queryadtolist); But if they click on the ad they earn points for it and it is marked as paid mysql_query("UPDATE viewed SET paid = '1' WHERE userid='".$userid."' and postid=".$id); Somehow someone has figured out how to get around the checks and just put the url on a autorefreshing script and continually earn points. I'm not exactly sure which url they are using, it could be [login to view URL] or [login to view URL] They open the ad link with [login to view URL] and then the [login to view URL] loads with the timer in the frame and then [login to view URL] to finish it up. I did find on another ad type that they got around it by opening the last fram in a browser but I haven't been able to duplicate how they are doing this one. I would like someone that can take the attached files(4 files + database structure) read the code, understand how it works and come up with a fix. You don't need to try and impress me by telling me the script coding sucks, I already know that, thats why I'm here. If you can fix it just submit your bid. You won't get access to the server so be sure you can do this with just the attached files. All payments made via escrow.
Mã dự án: 2178470

Về dự án

Dự án từ xa
Hoạt động 12 năm trước

Bạn muốn kiếm tiền?

Lợi ích khi chào giá trên Freelancer

Thiết lập ngân sách và thời gian
Nhận thanh toán cho công việc
Phác thảo đề xuất của bạn
Miễn phí đăng ký và cháo giá cho công việc

Về khách hàng

Cờ của UNITED STATES
Hollister, United States
5,0
50
Phương thức thanh toán đã xác thực
Thành viên từ thg 7 3, 2008

Xác thực khách hàng

Cảm ơn bạn! Chúng tôi đã gửi email chứa đường link để bạn lấy tín dụng miễn phí.
Đã xảy ra lỗi trong khi gửi email của bạn. Hãy thử lại.
Người Dùng Đã Đăng Ký Tổng Số Việc Đã Đăng
Freelancer ® is a registered Trademark of Freelancer Technology Pty Limited (ACN 142 189 759)
Copyright © 2024 Freelancer Technology Pty Limited (ACN 142 189 759)
Đang tải xem trước
Đã cấp quyền truy cập vị trí.
Phiên đăng nhập của bạn đã hết hạn và bạn đã bị đăng xuất. Hãy đăng nhập lại.