Show who voted for photos Show who voted for photos
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

Show who voted for photos

Started by peakoverload, June 16, 2004, 02:53:31 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

peakoverload

Maybe I'm the only one who wants this as despite searching I couldnt really find anyone else asking for this  :( but think it would be very useful to a lot of people.

I would really like the option of finding out who voted for certain pictures in an album. The reason for this is that I run a site with a few hundred members and on occassion have been suspicious of a few members who I suspect have been voting for themselves.

I have implemented the ban on self voting but this doesnt stop people from using two seperate e-mail accounts to register a 'fake' account which they only use to vote for their own photos. My suspicions were raised when some really rubbish shots were being awarded 5 stars but nobody was leaving any comments.

Having looked at the votes table I can see the at the user_id has been encypted so there doesnt seem to be anyway to trace the user. Ideally  I would like the identity of voters to only be visible to administrators failing that, visible to everyone or even only visible by looking in the database with PHPMyadmin.

Is any of this currently possible? Could it be implemented?

I'm running cpg 1.3 btw

MR.T

#1
I too would like the ability to see this.

I am using the smf bridge. Is it then possible to get the usernames for users who have voted = 0 for the best pictures.

/MR.T

twistah

Hello !

I may have a technique you can use for this. However I would use caution since it seems to me that Coppermine is designed to let users vote anonymously. At least warn your users that you could use this information in case of suspected trickery.

Ok, this is how it worked for me.
This is no online feature so you must have access to your database.

Steps:

1. Idendify the record where the suspicious vote is cast in the database. In my case I could track it to the given picture or at the last record sorted by date.
In my database the table containing the voting data is called "cpg11d_votes". I could for instance use mysql to query a given image:
select * from cpg11d_votes where pic_id=3661;
this would bring up something like:

+--------+----------------------------------+------------+
| pic_id | user_md5_id                      | vote_time  |
+--------+----------------------------------+------------+
|   3661 | 045117b0e0a11a242b9765e79cbf113f | 1157617785 |
|   3661 | 062ddb6c727310e76b6200b7c71f63b5 | 1157701251 |
|   3661 | 0771fc6f0f4b1d7d1bb73bbbe14e0e31 | 1157358193 |
|   3661 | 0c6b6f19684ed9b6ff07575fcf81c98d | 1157652012 |

2. The output from 1.) shows the image voted on, the time of the vote and the userID hashed with the MD5 algorithm.
But since the userID is MD5 hashed i used this site to reverse the hash to get the real ID:
http://md5.rednoize.com/
From there I could get the real userId.

3. I now have the userID, but who is this really ?
In my system, we have bridged the Coppermine to the SMF forums. so the corresponding userID would be stored in the "<something>_members" table.
I could query the SMF forum users table this way:

select * from dforum_members where ID_MEMBER=1077;

"1077" was the result of the MD5 reversal.

So thats it.

This technique was used on http://www.dykkesiden.com.

/twistah

twistah

... and if you want to get a list of users (md5 hashed) that voted 0 (zero) on a given picture, i think this should work:

select user_md5_id from cpg11d_vote_stats s, cpg11d_votes v where v.vote_time=s.sdate and pid=3661 and rating=0


/twistha