0

有一个脚本可以触发下面的代码

我想禁止每 24 小时多次执行脚本。

我希望这个脚本将上次访问时间存储在数据库中针对用户 ID 的表中,然后进行时间计算并将它们退回到 24 小时到期时间。

有人可以解释如何做到这一点吗?如果有人可以帮助我,将不胜感激?

<?php
//Input correct values into this section
$dbhost = '888888';
$dbuser = '888888';
$dbpass = '888888';
$dbname = '888888';
$dbtable = 'redeem';
$dbtable2 = 'playersthatvoted';
//------------------------------------
$input = 'diamond 12';
$player = $_POST['Player'];
$time = time();
if(!isset($_COOKIE['24Hourvote'])){
   //---- This is the connection
   $conn = mysql_connect ($dbhost, $dbuser, $dbpass) or die ('Error: ' . mysql_error());
   mysql_select_db($dbname);
   $query1 = "INSERT INTO `".$dbname."`.`".$dbtable."` (`player`, `item`) VALUES ('".$player."', '".$input."')";
   $query2 = "INSERT INTO `".$dbname."`.`".$dbtable2."` (`player`, `time`) VALUES ('".$player."', '".$time."')";
   mysql_query($query1);
   mysql_query($query2);
   $query= 'SELECT `player` FROM `playersthatvoted` ASC LIMIT 0, 10 ';
   $result = mysql_query($query);
   mysql_close($conn);
   echo 'Done! Type /redeem in-game to get your diamonds.';
   $ip=@$REMOTE_ADDR;
   setcookie ("24Hourvote",$ip,time()+86400,'/',true,…
} else {
   echo 'You have already voted today! Come back later...'; }
?>

编辑:我可以让它显示用户可以再次投票的剩余时间吗?

4

2 回答 2

1

在我看来,您似乎已经知道您必须做什么:

我希望这个脚本根据 数据库中的用户 ID将上次访问时间存储在一个表中。然后进行时间计算并将它们退回到 24 小时到期时间。

所以:

  1. 忘记饼干。它存储在客户端,可以进行操作。
  2. 在计票之前,请检查当前用户的 [lastvisit] 字段。
  3. 如果未设置计票并将表中的 [lastvisit] 字段设置为当前日期。
  4. 如果设置计算现在和最后一次投票之间的时间跨度。如果大于 24 小时,请计算投票并将表中的 [lastvisit] 字段设置为当前日期。

意识到:

  • 操纵参数:$_POST['Player'];
  • SQL注入:VALUES ('".$player."', '".$input."')

如果您对其中一项任务有疑问,请询问具体问题。

于 2012-01-21T11:10:52.120 回答
0 
<?php
//Input correct values into this section
$dbhost = '888888';
$dbuser = '888888';
$dbpass = '888888';
$dbname = '888888';
$dbtable = 'redeem';
$dbtable2 = 'playersthatvoted';
//------------------------------------
$input = 'diamond 12';
$time = time();
if(!isset($_COOKIE['24Hourvote'])){
       $ip = $_SERVER['REMOTE_ADDR'];
   //---- This is the connection
   $conn = mysql_connect ($dbhost, $dbuser, $dbpass) or die ('Error: ' . mysql_error());
   mysql_select_db($dbname);

      // Escape all user entered data always
      $player = mysql_real_escape_string($_POST['Player']);

   // Select time for this player if available
   $query = "SELECT time FROM playersthatvoted WHERE player = '$player' ORDER BY time DESC LIMIT 0, 1";
   $result = mysql_query($query);

   if(mysql_num_rows($result) != 0)
   {
       $row = mysql_fetch_row($result);
       $last_visit = $row[0];
       $vote_allowed_time = $last_visit + 86400; 

       // Allowed to vote
       if($time > $vote_allowed_time)
       {
           // Do whatever else you need to here ...

           setcookie ("24Hourvote",$ip,time()+86400,'/');
       }
       else
       {
           echo 'This player has already voted today! Come back later...';
       }
   }
   else
   {
       $query1 = "INSERT INTO `".$dbname."`.`".$dbtable."` (`player`, `item`) VALUES ('".$player."', '".$input."')";
       $query2 = "INSERT INTO `".$dbname."`.`".$dbtable2."` (`player`, `time`) VALUES ('".$player."', '".$time."')";
       mysql_query($query1);
       mysql_query($query2);
       $query= 'SELECT `player` FROM `playersthatvoted` ASC LIMIT 0, 10 ';
       $result = mysql_query($query);
       mysql_close($conn);
       echo 'Done! Type /redeem in-game to get your diamonds.';

       setcookie ("24Hourvote",$ip,time()+86400,'/');
   }
} else {
   echo 'You have already voted today! Come back later...'; }
?>

注意:永远不要相信用户输入,始终验证和转义数据。

改变:

$player = $_POST['Player'];

到:

$player = mysql_real_escape_string($_POST['Player']);

添加:

 // Select time for this player if available
 $query = "SELECT time FROM playersthatvoted WHERE player = '$player' ORDER BY time DESC LIMIT 0, 1";
 $result = mysql_query($query);


if($result)
   {
       $row = mysql_fetch_row($result);
       $last_visit = $row[0];
       $vote_allowed_time = $last_visit + 86400; 

       // Allowed to vote
       if($time > $vote_allowed_time)
       {
           // Do whatever else you need to here ...

           setcookie ("24Hourvote",$ip,time()+86400,'/');
       }
       else
       {
           echo 'This player has already voted today! Come back later...';
       }
   }
   else
   {
       ...
   }

更新

我想强调一个事实,就目前而言,任何人都可以输入玩家姓名并尝试为它投票,这并不一定意味着点击投票按钮的同一用户。

此外,IP 地址不用于任何目的,将其用于进一步的权限/安全检查可能是一个想法。

于 2012-01-21T12:26:05.847 回答