Tc
|
| Posted: 02/09/2002, 7:08 AM |
|
NEW GUY? I am working on a CC project using the goto template. The voter verification checks IP and does not allow duplicate votes from the same IP. My project must allow numerous votes from the same IP. How can I allow verification by user id? Any help or suggestions would be appreciated.
THANX
The script that effects the IP verification is below:
voteaction = GetParam("AddVote")
if IsEmpty(GetParam("VoteItem")) then vote_id = DLookUp("voting", "vote_id", "vote_active=1")
if not IsEmpty(GetParam("vote_id")) then vote_id = GetParam("vote_id")
if voteaction="Vote" then
if not IsEmpty(GetParam("VoteItem")) then
if DLookUp("vote_items", "count(vote_item_id)", "vote_item_id=" & GetParam("VoteItem")) > 0 then
vote_id = DLookUp("vote_items", "vote_id", "vote_item_id="& GetParam("VoteItem"))
If IsEmpty(Session("UserId")) then
UserID=0
else
UserID=Session("UserId")
end if
If cn.execute("SELECT count(*) FROM users_votes WHERE vote_id="&vote_id&" AND ((user_id=" & UserID & " and user_id<>0) or IP='" & Request.ServerVariables("REMOTE_ADDR")&"')").fields.item(0)=0 then
update_voite_items_sql = "update vote_items set vote_results=vote_results+1 where vote_item_id=" & ToSQL(GetParam("VoteItem"),"Number")
cn.execute update_voite_items_sql
insert_users_votes = "insert into users_votes (user_id, item_id, vote_id,IP) values (" & UserID & "," & ToSQL(GetParam("VoteItem"),"Number") & "," & vote_id & ",'"&Request.ServerVariables("REMOTE_ADDR")&"')"
cn.execute insert_users_votes
else
AlredyVote=True
end if
end if
end if
end if
TotalVoices=Dlookup("vote_items", "sum(vote_results)", "vote_id="&vote_id)
sWhere=" where voting.vote_id="&vote_id
if alredyvote then
SetVar "Caption", "<font color=red>Sorry, but you can't vote twice</font><br>"&DLookUp("voting", "vote_desc", "vote_id="&vote_id)
else
SetVar "Caption", DLookUp("voting", "vote_desc", "vote_id="&vote_id)
end if
|
|
|
 |
Nicole
|
| Posted: 02/11/2002, 12:41 AM |
|
Hello,
once you want to use the restriction based on user_id value you should use session variable UserID, that's why the security level of page where Vote form is located should be greater then "0".
In this case the code would be:
voteaction = GetParam("AddVote")
if IsEmpty(GetParam("VoteItem")) then vote_id = DLookUp("voting", "vote_id", "vote_active=1")
if not IsEmpty(GetParam("vote_id")) then vote_id = GetParam("vote_id")
if voteaction="Vote" then
if not IsEmpty(GetParam("VoteItem")) then
if DLookUp("vote_items", "count(vote_item_id)", "vote_item_id=" & GetParam("VoteItem")) > 0 then
vote_id = DLookUp("vote_items", "vote_id", "vote_item_id="& GetParam("VoteItem"))
If cn.execute("SELECT count(*) FROM users_votes WHERE vote_id="&vote_id&" AND ((user_id=" & Session("UserID") & " and user_id<>0))").fields.item(0)=0 then
update_voite_items_sql = "update vote_items set vote_results=vote_results+1 where vote_item_id=" & ToSQL(GetParam("VoteItem"),"Number")
cn.execute update_voite_items_sql
insert_users_votes = "insert into users_votes (user_id, item_id, vote_id) values (" & Session("UserID") & "," & ToSQL(GetParam("VoteItem"),"Number") & "," & ToSQL(vote_id, "Number")& ")"
cn.execute insert_users_votes
else
AlredyVote=True
end if
end if
end if
end if
TotalVoices=Dlookup("vote_items", "sum(vote_results)", "vote_id="&vote_id)
sWhere=" where voting.vote_id="&vote_id
if alredyvote then
SetVar "Caption", "<font color=red>Sorry, but you can't vote twice</font><br>"&DLookUp("voting", "vote_desc", "vote_id="&vote_id)
else
SetVar "Caption", DLookUp("voting", "vote_desc", "vote_id="&vote_id)
end if
|
|
|
|
Tc
|
| Posted: 02/11/2002, 3:46 PM |
|
THANX
I tried it but keep getting error
Microsoft JET Database Engine error '80040e14'
Syntax error (missing operator) in query expression 'vote_id=1 AND ((user_id= and user_id<>0))'.
THOUGHTS?
|
|
|
|
Tc
|
| Posted: 02/11/2002, 4:13 PM |
|
TANX!!!
|
|
|
|
|
