External Vote Button Bug

Pligg CMS Forum > Questions and Comments
Register an Account

Login

User Name:

Password:

Remember Me?
Reply
 
Thread Tools Display Modes
  #1 (permalink)  
Old 02-12-2007, 05:08 AM
pornlord's Avatar
New Pligger
  
Join Date: Feb 2007
Posts: 3
theres a bug with this script when a user clicks the "pligg this" button on another site and closes the window before actually submitting the link. if that happens the link is entered into the database with no title or description. when other users click the same button to a link that has been improperly submitted they can not view it and it cannot be resubmitted. they see a link with no title or description. also under the users admin panel it counts as a submission but cannot be viewed or discarded unless you can get back to the exact url.

is there a fix that can be made so the url isn't recorded into the database until the user actually submits it with proper details?
Reply With Quote
  #2 (permalink)  
Old 05-13-2007, 12:05 PM
warefare's Avatar
Casual Pligger
  
Join Date: Mar 2007
Posts: 38
Quote:
Originally Posted by pornlord View Post
theres a bug with this script when a user clicks the "pligg this" button on another site and closes the window before actually submitting the link. if that happens the link is entered into the database with no title or description. when other users click the same button to a link that has been improperly submitted they can not view it and it cannot be resubmitted. they see a link with no title or description. also under the users admin panel it counts as a submission but cannot be viewed or discarded unless you can get back to the exact url.

is there a fix that can be made so the url isn't recorded into the database until the user actually submits it with proper details?

function store() , extended EVB

exactly my point .. this one of the biggest disadvantages of pligg
imo it should be fixed in v1.0 because it's a security whole too
you can submit as many stories as you want and flood the database

can any admin please give a statement ?
Reply With Quote
  #3 (permalink)  
Old 05-13-2007, 03:56 PM
warefare's Avatar
Casual Pligger
  
Join Date: Mar 2007
Posts: 38
If you visit "submit_step_2" it will automatically add the link_url to the database
It wont add a proper LINK_TITLE_URL ! It will add numbers instead of a real title.


You can see this here:
http://mmog-world.com/
Queued News, there are no proper title just numbers.




Now I tried something like :
Code:
$linkres->link_title_url = $url;
but it's not working.

Any suggestions ? Thanks in advance.
Reply With Quote
  #4 (permalink)  
Old 05-15-2007, 03:31 AM
warefare's Avatar
Casual Pligger
  
Join Date: Mar 2007
Posts: 38
bump, anyone got a clue how to fix it ?

I know the PHP basics so it's no problem for me to realize that if I would know the var names to insert link_url_title into the database at step2 :x

thank you!
Reply With Quote
  #5 (permalink)  
Old 05-15-2007, 10:59 AM
Casual Pligger
  
Join Date: Jun 2006
Location: Dover, NH
Posts: 49
I don't have the perfect fix, but I have greatly improved the way it works on my site. The problem is, I'm still running on Pligg 7.2 so the code is going to be a bit different. In libs\link.php there's a function called duplicates($url) that looks up a story in the database to find out if it's already been submitted.

What happens is user 1 comes along, clicks the EVB but doesn't want to go through all the submit steps so they drop out half way through, now the story is partially submitted and in the database. Now user 2 comes along, clicks the EVB and the duplicates function returns true because it finds it already in the database. So now that story is in a limbo state where it can't be voted for or submitted properly.

I changed the duplicates function. Now if it finds a duplicate, it checks to see if the duplicates link category is zero and if the link status is 'discard'. If so, we know it's a partially submitted story, so the duplicates function deletes the partially submitted story from the database, and then returns false meaning there's no duplicate. Now user 2 is able to resubmit the story properly.

The problem here is the door is still open to flood the database with partially submitted stories, but at least this solves the issue of being able to properly resubmit a story after the first user only partially submits it.

Here's what the code looks like in my version (Pligg 7.2) - libs\link.php:
Code:
	function duplicates($url) {
		global $db;
		$link_url=$db->escape($url);
		$n = $db->get_var("SELECT count(*) FROM links WHERE link_url = '$link_url'");
		
		if($n > 0) {
			if($duplink = $db->get_row("SELECT link_id, link_status, link_category, link_title_url FROM links WHERE link_url = '$link_url'")) {
				// Found the link but the status id discard and the category is zero which means someone partially submitted the story so allow for a resubmit
				if($duplink->link_status == 'discard' && $duplink->link_category == 0) {
					// Delete the partially submitted link from the database to prevent duplicate URL entries
					$sql = "DELETE FROM links WHERE link_id=" . $duplink->link_id . ";";
					$db->query($sql);
					$n = 0;
				}
				else {
					$this->title_url = $duplink->link_title_url;
				}
			}
		}	
		
		return $n;
	}
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode


Similar Threads
Thread Thread Starter Forum Replies Last Post
External Vote Button (EVB) Yankidank Questions and Comments 70 10-09-2010 03:08 PM
Vote button not updating dynamically aufotookbigfoot Questions and Comments 5 04-18-2008 04:16 PM
External Vote Button and Google mankal Questions and Comments 1 03-27-2008 12:27 PM
Need help with External Vote Button Please! bbrian017 Questions and Comments 10 01-30-2008 06:28 PM
Vote button links to story page after voted canadaka Questions and Comments 1 04-02-2007 12:12 PM


Pligg Modules and Pligg Templates from Pligg Pro Find support on the Pligg CMS Forum - 24 hours a day! Make a donation to support Pligg CMS development