Файл: vote.php
Строк: 12
<?php
include $_SERVER['DOCUMENT_ROOT'].'/incs/system.php';
$array = array('plus');
$type = in_array($_GET['type'], $array) ? $_GET['type'] : NULL;
$id = (int) $_GET['id'];
$ip = $db->real_escape_string($_SERVER['REMOTE_ADDR']);
if(!$type) {
header("Location: /");
exit();
}
$sql = $db->query("SELECT `id` FROM `projects` WHERE `id` = '$id' LIMIT 1");
if($sql->num_rows < 1) {
header("Location: /");
exit();
}
$sql = $db->query("SELECT `id` FROM `vote` WHERE `project_id` = '$id' AND `ip` = '$ip' AND `date` > CURDATE()");
if($sql->num_rows >= 1) {
header("Location: /project/$id");
exit();
}
$db->query("INSERT INTO `vote` SET `ip` = '$ip', `project_id` = '$id'");
$db->query("UPDATE `projects` SET `$type` = `$type` + 1 WHERE `id` = '$id'");
header("Location: /project/$id");