With the current script, it is possible for someone to create a Webpage with the same for used for voting. I made a hack to stop it.
In the "ratepro.php" script, just add the follow code to require your site as the referrer to be able to vote. If it is coming from another referrer other that your site, then it forwards it silently to your homepage. SWEET!
<?php
//change by John Alexander 01/10/2005 START
//list of URLs allowd to be referred from
$AllowedURL = array("http://yoururl.com", "http://www.yoururl.com");
//get the referrer info
$Referrer = $_SERVER['HTTP_REFERER'];
//search for occurances of allowed urls in $AllowedURL from Referrer, when found, replace with Allowed
//then grab the first 7 characters of the result, becuase if it's not "allowed" we don't care who it is
$ActualURL = substr(str_replace($AllowedURL, "Allowed", $Referrer),0,7);
if($ActualURL != "Allowed")
{header("Location:
http://www.yoururl.com/");}
else{
//current ratepro code
}
?>
