这个投票系统 看上去很严密 实际用了 我才知道它是不堪一击的 投票也加了验证码但是还是很失败
public
string
toupiao(
int
id)
... {
DateTime d = (DateTime)LiTianPing.DBUtility.DbHelperSQL.GetSingle("select max(datatime) from per_ip_temp");
DateTime dd = d.AddDays(1);
if (dd.Day == DateTime.Now.Day)
...{
DataSet ds12 = LiTianPing.DBUtility.DbHelperSQL.Query("select * from per_ip_temp");
string path = System.Web.HttpContext.Current.Server.MapPath("ip/") + System.DateTime.Now.ToString("yyyyMMddHHmmss") + ".xml";
ds12.WriteXml(path);
LiTianPing.DBUtility.DbHelperSQL.ExecuteSql("delete from per_ip_temp");
}
int count = 1;
try
...{
string ip = System.Web.HttpContext.Current.Request.ServerVariables["REMOTE_ADDR"].ToString(); ;
if (LiTianPing.DBUtility.DbHelperSQL.Exists("select count(*) from per_ip_temp where ip='" + ip + "'"))
...{
count = (int)LiTianPing.DBUtility.DbHelperSQL.GetSingle("select ipcount from per_ip_temp where ip='" + ip + "'");
}
else
...{
LiTianPing.DBUtility.DbHelperSQL.ExecuteSql("insert into per_ip_temp (ip,per_id) values('" + ip + "','" + System.Web.HttpContext.Current.Request.QueryString.Get("id") + "')");
}
if (count <= 5)
...{
if (Convert.ToInt32(panduan_cook()) >= 5)
...{
return "失败:每个人24小时内只能投五次";
}
else
...{
write_cook(Convert.ToInt32(panduan_cook()) + 1);
toupioa(ip, count);
return "投票成功:你今天第" + count + "次票";
}
}
else
...{
return " 失败:每个人24小时内能投五次";
}
}
catch
...{
return "你没有请选择";
}
}
protected void toupioa( string ip, int count)
... {
string sql = "update per_info set per_nuber=per_nuber+1 where id=" + System.Web.HttpContext.Current.Request.QueryString.Get("id");
string sql1 = "update per_ip_temp set ipcount=ipcount+1 where ip='" + ip + "'";
LiTianPing.DBUtility.DbHelperSQL.ExecuteSql(sql);
LiTianPing.DBUtility.DbHelperSQL.ExecuteSql(sql1);
}
private void write_cook( int i)
... {
HttpCookie hc = new HttpCookie("user");
hc.Value = i.ToString();
hc.Expires = System.DateTime.Now.AddDays(1);
System.Web.HttpContext.Current.Response.Cookies.Add(hc);
}
private string panduan_cook()
... {
HttpCookie hc = System.Web.HttpContext.Current.Request.Cookies["user"];
if (!Object.Equals(hc, null))
...{
return hc.Value;
}
else
...{
return "";
}
}
... {
DateTime d = (DateTime)LiTianPing.DBUtility.DbHelperSQL.GetSingle("select max(datatime) from per_ip_temp");
DateTime dd = d.AddDays(1);
if (dd.Day == DateTime.Now.Day)
...{
DataSet ds12 = LiTianPing.DBUtility.DbHelperSQL.Query("select * from per_ip_temp");
string path = System.Web.HttpContext.Current.Server.MapPath("ip/") + System.DateTime.Now.ToString("yyyyMMddHHmmss") + ".xml";
ds12.WriteXml(path);
LiTianPing.DBUtility.DbHelperSQL.ExecuteSql("delete from per_ip_temp");
}
int count = 1;
try
...{
string ip = System.Web.HttpContext.Current.Request.ServerVariables["REMOTE_ADDR"].ToString(); ;
if (LiTianPing.DBUtility.DbHelperSQL.Exists("select count(*) from per_ip_temp where ip='" + ip + "'"))
...{
count = (int)LiTianPing.DBUtility.DbHelperSQL.GetSingle("select ipcount from per_ip_temp where ip='" + ip + "'");
}
else
...{
LiTianPing.DBUtility.DbHelperSQL.ExecuteSql("insert into per_ip_temp (ip,per_id) values('" + ip + "','" + System.Web.HttpContext.Current.Request.QueryString.Get("id") + "')");
}
if (count <= 5)
...{
if (Convert.ToInt32(panduan_cook()) >= 5)
...{
return "失败:每个人24小时内只能投五次";
}
else
...{
write_cook(Convert.ToInt32(panduan_cook()) + 1);
toupioa(ip, count);
return "投票成功:你今天第" + count + "次票";
}
}
else
...{
return " 失败:每个人24小时内能投五次";
}
}
catch
...{
return "你没有请选择";
}
}
protected void toupioa( string ip, int count)
... {
string sql = "update per_info set per_nuber=per_nuber+1 where id=" + System.Web.HttpContext.Current.Request.QueryString.Get("id");
string sql1 = "update per_ip_temp set ipcount=ipcount+1 where ip='" + ip + "'";
LiTianPing.DBUtility.DbHelperSQL.ExecuteSql(sql);
LiTianPing.DBUtility.DbHelperSQL.ExecuteSql(sql1);
}
private void write_cook( int i)
... {
HttpCookie hc = new HttpCookie("user");
hc.Value = i.ToString();
hc.Expires = System.DateTime.Now.AddDays(1);
System.Web.HttpContext.Current.Response.Cookies.Add(hc);
}
private string panduan_cook()
... {
HttpCookie hc = System.Web.HttpContext.Current.Request.Cookies["user"];
if (!Object.Equals(hc, null))
...{
return hc.Value;
}
else
...{
return "";
}
}