Hello
This is a repost so if you bid on the previous one then please rebid. Things didn't work out on the last project.
I have a script that allows members to browse other members ads.
It is suppose to check and if the user has viewed it once before not
to give them credit for viewing it again. Which this part works. The
problem is that there is a way around this that allows people to
use autoclicking software to rack up points.
I need it locked down where the members can't get around it.
Here is how it normally works.
Members go to a page [login to view URL], this page displays
3 ads at a time. As soon as the page is loaded it inserts
those 3 ads in the database as viewed not paid(no points earned).
If the member clicks on the ad link
[login to view URL]
It checks to see if it is a good ad post
$id = $_GET['id'];
$result = mysql_query("SELECT * FROM `post` WHERE id = '".$id."' LIMIT 1");
If the ad post exist then it checks to make sure that the user has viewed it from the browsead page
If the member has viewed and received points before it gives a message
You have already received credit for this link
If the member hasn't viewed and received points before then it goes to the next stage [login to view URL]
which sets a timer
Then when the timer runs out it goes to the 3rd stage [login to view URL]
Checks to make sure ad exist
$id = $_GET['id'];
$query = "select * from post where id = '".$id."' LIMIT 1";
If ad exist checks to make sure they have viewed it from browsead page
If they viewed and earned points they get the already viewed message, if they haven't they earn credits for viewing it then it proceeds.
so basically just for loading the page [login to view URL]
the 3 ads get inserted into the viewed table as viewed.(that way they don't see the ad again)
$queryadtolist="insert into viewed (userid, postid) values ('$userid','$postid')";
$resultadtolist=mysql_query($queryadtolist);
But if they click on the ad they earn points for it and it is marked as paid mysql_query("UPDATE viewed SET paid = '1' WHERE userid='".$userid."' and postid=".$id);
Somehow someone has figured out how to get around the checks and just
put the url on a autorefreshing script and continually earn points.
I'm not exactly sure which url they are using, it could be
[login to view URL]
or
[login to view URL]
They open the ad link with [login to view URL]
and then the [login to view URL] loads with the timer in the frame and then
[login to view URL] to finish it up. I did find on another ad type that
they got around it by opening the last fram in a browser but I
haven't been able to duplicate how they are doing this one.
I would like someone that can take the attached files(4 files + database structure) read the code, understand how it works and come up with a fix. You don't need to try and impress me by telling me the script coding sucks, I already know that, thats why I'm here. If you can fix it just submit your bid.
You won't get access to the server so be sure you can do this with just the attached files. All payments made via escrow.