Securité pour voter

THEPIXADE Messages postés 25 Date d'inscription Statut Membre Dernière intervention -
THEPIXADE Messages postés 25 Date d'inscription Statut Membre Dernière intervention - 4 juin 2013 à 17:35

Bonjour,

Je voulais separe le code avec un captcha pour plus de securité mais je sais pas comment faire

Mon code:

<?php
@header('P3P: CP="CAO COR CURa ADMa DEVa OUR IND ONL COM DEM PRE"');
require_once 'config.php';
session_start();
?>
<script type="text/javascript" src="js/jquery-1.3.2.min.js"></script>
<script type="text/javascript" src="js/jquery.qtip-1.0.0.min.js"></script>
<script type="text/javascript">
$(document).ready(function() {
	$("a").qtip( {
		content:{
			text:false
		},
		position:{
			corner:{
				target:'bottomMiddle',
				tooltip:'topMiddle'
			}
		},
		style: { 
      		border: {
         		width: 1,
         		radius: 4,
         		color: '#C0C0C0'
      		},
      		width: { max: 215 }
		}
	});
});
</script>
<style type="text/css">
	a:link {
		COLOR: #A9A9A9;
	}
	a:visited {
		COLOR: #A9A9A9;
	}
	a:hover {
		COLOR: #A9A9A9;
	}
	a:active {
		COLOR: #A9A9A9;
	}
</style>
<center>
</head>
<body>
Oublie pas re Remplir RPG paradize 
<?php
$username = $_SESSION['voteuser'];
$site = $_GET['site'];
if ($username == "" && $site=="") {
	if($_POST) {
		$postuser = $_POST['Username'];
		$_SESSION['voteuser'] = $postuser;
		$username = $_SESSION['voteuser'];
	} else {
		?>
		<center><font face="BebasNeueRegular" color="black">Entre ton pseudo !</font>
		<form method="post" action="">
		<input type="text" id="Username" name="Username" value="">
		<input type="submit" class="submit" value="Login"/>
		</form>
		</center>
        <?php
	}
}
if (!$username == "") {
	if(isset($_POST['redeem'])) {
		$conn = mysql_connect($dbhost,$dbuser,$dbpass)
			or die ('Error connecting to mysql');
		mysql_select_db($dbname);
		
		$query = sprintf("SELECT COUNT(username) FROM users WHERE UPPER(username) = UPPER('%s')", mysql_real_escape_string($_SESSION['voteuser']));
		$result = mysql_query($query);
		$query="SELECT * FROM vote_users";
		$result=mysql_query($query);
		$num=mysql_numrows($result);
		$i=0;
		while ($i < $num) {
			$user = mysql_result($result,$i,"username");
			$points = mysql_result($result,$i,"pointsleft");
			if(strtoupper($user)==strtoupper($_SESSION['voteuser'])) {
				$voting = $points;
			}
			$i++;
		}
		if($voting == "" || $voting == "0") {
			echo '<center><font face="BebasNeueRegular" color="darkred"><b>Vous n\'avez pas voter.</b></font></center><br>';
		} else {
			$user = $_SESSION['voteuser'];
			
			$query = sprintf("UPDATE vote_users SET pointsleft = 0 WHERE UPPER(username) = UPPER('%s')",
				mysql_real_escape_string($user));
			mysql_query($query);
			
			$i=1;
			while($i < $commands+1) {
				$cmd = $command[$i];
				$cmd = str_replace("%user%",$user,$cmd);
				$cmd = str_replace("%points%",$voting,$cmd);
				$query = sprintf("INSERT INTO vote_tasks(user,command) VALUES ('$user','$cmd')");
           		mysql_query($query);
				$i++;
			}
			
			echo '<center><font face="BebasNeueRegular" color="darkgreen"><b>Vous avez reçu vos Gold ! '.$voting.' '.$itemname.'!</b></font></center><br>';
		}
	}
	
	$conn = mysql_connect($dbhost,$dbuser,$dbpass)
		or die ('Error connecting to mysql');
	mysql_select_db($dbname);
	
	if (!empty($_SERVER['HTTP_CLIENT_IP'])){
		$ip=$_SERVER['HTTP_CLIENT_IP'];
	}elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])){
		$ip=$_SERVER['HTTP_X_FORWARDED_FOR'];
	}else{
		$ip=$_SERVER['REMOTE_ADDR'];
	}
	$ip = ip2long($ip);
	
	$query=" SELECT * FROM vote_ips WHERE ip='$ip'";
	$result=mysql_query($query);
	$num=mysql_numrows($result);
	
	$i=0;
	$ii=1;
	while ($i < $num) {
		while ($ii < $votingsites+1) {
			$ipvoted[$ii]=mysql_result($result,$i,$votingdbname[$ii]);
			$ii++;
		}
		$i++;
	}
	
	if (mysql_numrows($result) == 0) {
		$query = sprintf("INSERT INTO vote_ips(ip) VALUES ('$ip')");
		mysql_query($query);
	}

	$query=" SELECT * FROM vote_users WHERE UPPER(username)=UPPER('$username')";
	$result=mysql_query($query);
	$num=mysql_numrows($result);

	$i=0;
	$ii=1;
	while ($i < $num) {
		while ($ii < $votingsites+1) {
			$voted[$ii]=mysql_result($result,$i,$votingdbname[$ii]);
			$ii++;
		}
		$i++;
	}

	if ($site=="") {
		echo '<center><table><tr><td><font face="BebasNeueRegular" size"2" color="black">Bienvenue '.$username.'</font><br><font face="BebasNeueRegular" color="darkgrey" size"2">Ce n\'est pas votre pseudo ? <a href="'.$voterlink.'?site=Logout">Deconnecte</a></font></td></tr></table>';
		$ii=1;
		while ($ii < $votingsites+1) {
			if (time() >= strtotime($voted[$ii]) + 7320 && time() >= strtotime($ipvoted[$ii]) + 7320) {
				?>
				<a href="<?php echo $voterlink; ?>?site=<?php echo $votingname[$ii]; ?>" target="_blank" title="Click to vote"><button type="button" style="background: url('images/button.png');width:96;height:27"><?=$votingname[$ii];?></button></a><br>
           		<?php
			} else {
				if(strtotime($voted[$ii]) >= strtotime($ipvoted[$ii])) {
					$votetime = strtotime($voted[$ii]);
				} else {
					$votetime = strtotime($ipvoted[$ii]);
				}

				$now = time();
				$datediff = ($now - $votetime - 7320) * (-1);
    
    				$padHours = false;
    				$hms = "";
    				$hours = intval(intval($datediff) / 3600); 
    				$hms .= ($padHours) 
    				      ? str_pad($hours, 2, "0", STR_PAD_LEFT). ":"
     				     : $hours. ":";
    				$minutes = intval(($datediff / 60) % 60); 
    				$hms .= str_pad($minutes, 2, "0", STR_PAD_LEFT). ":";
    				$seconds = intval($datediff % 60); 
				$hms .= str_pad($seconds, 2, "0", STR_PAD_LEFT);

				?>
				<a href="" title="Vote again in: <?php echo $hms; ?>"><button type="button" style="background: url('images/buttonp.png');width:96;height:27"><?=$votingname[$ii];?></button></a><br>
           		<?php
			}
			$ii++;
		}
		
		?>
        <form method="post" action="">
		<input type="hidden" id="redeem" name="redeem" value="redeem">
		<input type="image" class="submit" src="images/redeem.png"/>
	</form>
	</center>

    <?php
	} elseif ($site=="Logout") {
		if ($_SESSION['voteuser'] != "") {
			session_destroy();
			echo '<script>document.location.replace("'.$voterlink.'");</script>';
		} else {
			session_destroy();
			echo '<script>document.location.replace("'.$voterlink.'");</script>';
		}
	} else {
		$ii=1;
		while ($ii < $votingsites+1) {
			if($site == $votingname[$ii]) {
				if (time() >= strtotime($voted[$ii]) + 7320 && time() >= strtotime($ipvoted[$ii]) + 7320) {
					$query2 = sprintf("SELECT COUNT(username) FROM vote_users WHERE UPPER(username) = UPPER('%s')", mysql_real_escape_string($username));
					$result2 = mysql_query($query2);
					list($count2) = mysql_fetch_row($result2);
			
					if(!$count2 == 1) {
						$query = sprintf("INSERT INTO vote_users(username) VALUES ('$username')");
						mysql_query($query);
					}
					$votingdb = $votingdbname[$ii];
					
					$query = sprintf("UPDATE vote_users SET $votingdb = NOW() WHERE UPPER(username) = UPPER('%s')",
					mysql_real_escape_string($username));
					mysql_query($query);
					$query = sprintf("UPDATE vote_ips SET $votingdb = NOW() WHERE ip = '$ip'");
					mysql_query($query);
					$query = sprintf("UPDATE vote_users SET points = points+1 WHERE UPPER(username) = UPPER('%s')",
					mysql_real_escape_string($username));
					mysql_query($query);
					$query = sprintf("UPDATE vote_users SET pointsleft = pointsleft+$voteamount WHERE UPPER(username) = UPPER('%s')",
					mysql_real_escape_string($username));
					mysql_query($query);
					echo '<META HTTP-EQUIV="Refresh" Content="0; URL='.$votinglink[$ii].'">';
				} else {
					echo 'You have already voted for the server in the last 24 hours.<br>';
					echo 'If you did not vote somebody on the same IP as you might have voted already.';
				}
			}
			$ii++;
		}
	}
}

if($site=="") {
	$conn = mysql_connect($dbhost,$dbuser,$dbpass)
		or die ('Error connecting to mysql');
	mysql_select_db($dbname);
	
	$query="SELECT * FROM vote_users ORDER BY points DESC";
	$result=mysql_query($query);
	$num=mysql_numrows($result);
	$i=0;
	$yourpoints=0;
	$rank=0;
	while ($i < $num) {
		$rank++;
		$user=mysql_result($result,$i,"username");
		$points=mysql_result($result,$i,"points");
		if(strtolower($user) == strtolower($username)) {
			$yourpoints = $points;
			$yourrank = $rank;
		}
		$i++;
	}
	if($username == "") {
		echo '<center><img src="images/topvoters.png"></center>';
	} else {
		echo '<center><a href="" title="Tu est '.$yourrank.' avec '.$yourpoints.' votes."><img src="images/topvoters.png"></a></center>';
	}
	echo '<table>';
	if($num >= 10) {
		$num = 10;
	}
	$i=0;
	while ($i < $num) {
		$user=mysql_result($result,$i,"username");
		$points=mysql_result($result,$i,"points");
		echo '<tr><td><font face="BebasNeueRegular" color="black">'.$user.'</font><br>'; 
		echo '<font face="BebasNeueRegular" color="darkgrey" size="2">Avec '.$points.' votes.</font></td></tr>';
		$i++;
	}
	if($num < 3) {
		while($num < 3) {
			echo '<tr><td><font face="BebasNeueRegular" color="black">VIDE</font><br>'; 
			echo '<font face="BebasNeueRegular" color="darkgrey" size="2">Avec 0 votes.</font></td></tr>';
			$num++;
		}
	}
	echo '</table>';
}
?>
</center>
</body>
</html>

Donc je voudrais que la 1er parti soit normal

et que la 2eme arrive une foi le captcha valider

<form method="post" action="">
		<input type="hidden" id="redeem" name="redeem" value="redeem">
		<input type="image" class="submit" src="images/redeem.png"/>
	</form>
	</center>

    <?php
	} elseif ($site=="Logout") {
		if ($_SESSION['voteuser'] != "") {
			session_destroy();
			echo '<script>document.location.replace("'.$voterlink.'");</script>';
		} else {
			session_destroy();
			echo '<script>document.location.replace("'.$voterlink.'");</script>';
		}
	} else {
		$ii=1;
		while ($ii < $votingsites+1) {
			if($site == $votingname[$ii]) {
				if (time() >= strtotime($voted[$ii]) + 7320 && time() >= strtotime($ipvoted[$ii]) + 7320) {
					$query2 = sprintf("SELECT COUNT(username) FROM vote_users WHERE UPPER(username) = UPPER('%s')", mysql_real_escape_string($username));
					$result2 = mysql_query($query2);
					list($count2) = mysql_fetch_row($result2);
			
					if(!$count2 == 1) {
						$query = sprintf("INSERT INTO vote_users(username) VALUES ('$username')");
						mysql_query($query);
					}
					$votingdb = $votingdbname[$ii];
					
					$query = sprintf("UPDATE vote_users SET $votingdb = NOW() WHERE UPPER(username) = UPPER('%s')",
					mysql_real_escape_string($username));
					mysql_query($query);
					$query = sprintf("UPDATE vote_ips SET $votingdb = NOW() WHERE ip = '$ip'");
					mysql_query($query);
					$query = sprintf("UPDATE vote_users SET points = points+1 WHERE UPPER(username) = UPPER('%s')",
					mysql_real_escape_string($username));
					mysql_query($query);
					$query = sprintf("UPDATE vote_users SET pointsleft = pointsleft+$voteamount WHERE UPPER(username) = UPPER('%s')",
					mysql_real_escape_string($username));
					mysql_query($query);
					echo '<META HTTP-EQUIV="Refresh" Content="0; URL='.$votinglink[$ii].'">';
				} else {
					echo 'You have already voted for the server in the last 24 hours.<br>';
					echo 'If you did not vote somebody on the same IP as you might have voted already.';
				}
			}
			$ii++;
		}
	}
}

if($site=="") {
	$conn = mysql_connect($dbhost,$dbuser,$dbpass)
		or die ('Error connecting to mysql');
	mysql_select_db($dbname);
	
	$query="SELECT * FROM vote_users ORDER BY points DESC";
	$result=mysql_query($query);
	$num=mysql_numrows($result);
	$i=0;
	$yourpoints=0;
	$rank=0;
	while ($i < $num) {
		$rank++;
		$user=mysql_result($result,$i,"username");
		$points=mysql_result($result,$i,"points");
		if(strtolower($user) == strtolower($username)) {
			$yourpoints = $points;
			$yourrank = $rank;
		}
		$i++;
	}
	if($username == "") {
		echo '<center><img src="images/topvoters.png"></center>';
	} else {
		echo '<center><a href="" title="Tu est '.$yourrank.' avec '.$yourpoints.' votes."><img src="images/topvoters.png"></a></center>';
	}
	echo '<table>';
	if($num >= 10) {
		$num = 10;
	}
	$i=0;
	while ($i < $num) {
		$user=mysql_result($result,$i,"username");
		$points=mysql_result($result,$i,"points");
		echo '<tr><td><font face="BebasNeueRegular" color="black">'.$user.'</font><br>'; 
		echo '<font face="BebasNeueRegular" color="darkgrey" size="2">Avec '.$points.' votes.</font></td></tr>';
		$i++;
	}
	if($num < 3) {
		while($num < 3) {
			echo '<tr><td><font face="BebasNeueRegular" color="black">VIDE</font><br>'; 
			echo '<font face="BebasNeueRegular" color="darkgrey" size="2">Avec 0 votes.</font></td></tr>';
			$num++;
		}
	}
	echo '</table>';
}
?>
</center>
</body>
</html>

Merci The_Pixade

Afficher la suite

A voir également:

Securité pour voter
Question de sécurité - Guide
Votre appareil ne dispose pas des correctifs de qualité et de sécurité importants - Guide
Mode securite - Guide
Clé de sécurité windows 10 gratuit - Guide
[Email masqué pour votre sécurité] - Forum Réseaux sociaux

2 réponses

Réponse 1 / 2

THEPIXADE Messages postés 25 Date d'inscription Statut Membre Dernière intervention

Up ?

Réponse 2 / 2

THEPIXADE Messages postés 25 Date d'inscription Statut Membre Dernière intervention

Up 2

Discussions similaires

Sécurité de l'URL

comment lire un message masqué????

La nouvelle messagerie du Boncoin....

Comment cacher ou masquer une URL

Message erreur : la sécurité s'arrête systématiquement

Votre réponse

Discussions similaires