Unique votings based on IP – not works

As far as I know there is no relation to user logins. Relevant code is located in index.php (markup function in line 444) and js.js (line 72).

There is actually no code that prevents users from voting multiple times. Even if you already voted you can send an infinite number of HTTP requests and this plugin will process them as usual (thread).

tniessen,

I am not sure if I understood. I noticed the relation with login as admin and multiple votings but it looks more like “unique votings based on IP” bug not a feature. If I am logged as admin into wordpress panel I can not vote multiple times (stars are orange, how it should be). If I am logged out I can vote as many times I want (stars are yellow, like the “unique votings based on IP” would be unchecked).

I copied the files to editor and checked the lines numbers but the 444 is the markup function header. The 72 line in js.js file shows:

$('.kksr-stars a', obj).unbind('click').click( function(){ return false; });

The markup functions really looks like it has something with IP and it set up orange and yellow tags. However if I just hardcoded “orange” tag there, its not help. I still was able to vote many times.

Regards,
Darek

Moreover, the “response disable” value was still “false”. I fixed the index.php file to get “response disable” value “true” in case I have the same IP and “false” if there is no IP in the database.

But… this not help! Looks like the js.js file do not care about the “response disable” value. Do not know why yet. There is still the same problem. If I am logged in as admin, everything is fine but if I am logged out I can vote many times from the same IP.

Regards,
Darek

Looks there is problem with “kksr_update” function in js.js file. It not goes into case if(disable==’true’) but the js.js file print correct value of disable in “kksr_update” body function just little above the “if” statement.

I have no more time to spend on it Today. Maybe I will check what is going on there Tomorrow or during this weekend.

Regards,
Darek

Looks like this:

if(disable=='true')

changed to this:

if(eval(disable))

solved the problem and the fix works like it should. Holy… ??
I will test it more carefully later…

Any comments welcome…

Line 72 of js.js prevents users from clicking stars if they already voted.

I cannot reproduce the problem. What you describe seems to me like a JavaScript type conversion problem:

(“true” == “true”) == true
(“false” == “true”) == false
(true == “true”) == false
(false == “true”) == false

eval(“true”) == true
eval(true) == true

alert(“true”) // shows true
alert(true) // shows true

If disable is true (boolean) instead of 'true' (String) the expression disable == "true" will return false and therefore fail.

So far this seems to be comprehensible, but kksr_ajax (index.php) always sends strings, not booleans. Additionally, there should not be a difference between visitors and registered users.

I personally would not use eval but rather a simple String (performance comparison):

(String(“true”) == “true”) == true
(String(“false”) == “true”) == false
(String(true) == “true”) == true
(String(false) == “true”) == false

You might want to change

if(eval(disable))

to

if(String(disable) == ‘true’)

Regards
tniessen

This performance test is actually better because it also compares the resulting strings as you would do in the code.

tniessen,

Yes, You are 100% right the eval is not a good coding style. Better use string creation like You mentioned: if(String(disable) == ‘true’).

It is true that kksr_ajax (index.php) always sends strings, not booleans and the line looks like this:

$Response['disable'] = parent::get_options('kksr_unique') ? 'true' : 'false';

However in the markup function there is something like that:

if(in_array($ip, $Ips))
{
 $disabled = parent::get_options('kksr_unique') ? true : false;
}

Seems it may cause a JavaScript type conversion problem.

I noticed something more strange Today. I wasn’t able to reproduce the problem too! First it worked fine (i wasn’t able to vote many times) even if I was logged in as admin. But when I cleared database (postmeta table, ratings only via phpMyAdmin) I was able vote many times again. Really really strange bug… I will try to find little time Today so maybe I will fix it and will try to find out what is going on.

Thanks,
Darek

I had problem with reproducing this problem Today on my development platform for a long time. The “unique votings based on IP” feature works fine for a long time, even there was the JavaScript type conversion problem in the code and I didn’t change anything from last time. Moreover I noticed there is always disable set to false for all IDs in the admin-ajax.php response array, means:

"disable":"false"

Looks like it was ignored if I wasn’t able to vote many times.

However, on the official website the problem still exists (I can vote multiple times there).

Really strange bug…

The fix is simple and quick but the source of the problem and reproducing issue in unknown for now.

This was “TablePress caching problem”. So, this is why it was so hard to reproduce and sometimes it works and sometimes not.

However, to fix the IP problem and problem with “disable always false” in array I added little code to the index.php file. I have modified version of index.php file because of “slow loading” issue. I had to add IP check for all IDs just at the beginning (simple fix).

Hope, it will be working fine now.

Regards,
Darek