[Vote Script]
<?


if($_GET['id']){
$currentdate = date("Y-m-d H:i:s");
$sql = "SELECT *

FROM `votes` WHERE `submission` = '$_GET[id]' AND `ip` =

'$_SERVER[REMOTE_ADDR]' AND `time` = '$currentdate'";
$query =

mysql_query($sql, $connect);
if(mysql_num_rows($query)<1){
$row =

mysql_fetch_array($query);
$date = $row['time'];
if($date !=

$currentdate){
$getscore = "SELECT * FROM `flash` WHERE `id` =

'$_GET[id]'";
$gsquery = mysql_query($getscore, $connect);
$gsfetch =

mysql_fetch_array($gsquery);
$currentscore =

$gsfetch['score'];
$numvotes = mysql_num_rows(mysql_query("SELECT * FROM

`votes` WHERE `submission` = '$_GET[id]'"));
$currentavg =

($currentscore*$numvotes);
$newscore =

(($vote+$currentavg)/$numvotes);
$insert = "INSERT INTO `votes` (`ip`,

`submission`, `rating`, `time`) VALUES

('$_SERVER[REMOTE_ADDR]','$_GET[id]','$vote','$currentdate')";
$in

sertquery = mysql_query($insert) or die(mysql_error());
$update =

mysql_query("UPDATE `flash` SET `score` = '$newscore' WHERE id =

'$_GET[id]'") or die(mysql_error());
echo "Thanks for voting! This

submission's score is now <b>$newscore</b>.<br><a

href="view.php?id=$_GET[id]">Back to

submission</a>";
}
}
if(mysql_num_rows($query)>0){
echo "We're

Sorry. You have already voted on this submission today. Come back tomorrow to

vote again.<br><a href="view.php?id='$_GET[id]'">Back to

submission</a>";
}
}
?>

That's my vote script. The votes do

not average right, and go over 5 sometimes. Why is this happening?
Also,

my string generated by date() does not seem to match the ones aleady in the

database when they should.

[Upload Script]

<?
$thefile =

rand(1000,99000).$_FILES['file']['name'];
$thepicfile =

rand(1000,99000).$_FILES['picfile']['name'];
# check to see if the

form is completly filled
if($title == ""){
die("You must enter a

title.<br><a href='submit.php'>Try Again</a>");
}
if($width ==

""){
die("Please specify the width of your movie.<br><a

href='submit.php'>Try Again</a>");
}
if($height == ""){


die("Please specify the height of your movie.<br><a href='submit.php'>Try

Again</a>");
}
if($comments == ""){
die("You need to enter

comments on your movie.<br><a href='submit.php'>Try Again</a>");


}

# Check to see if the file is accessible
if (

!isset($_FILES['file']['name']) || $_FILES['file']['name'] == '' )

{
die('No flash file specified. Please go back and select a file to

upload.');
}

# Check to see if the preview picture is

accessable
if ( !isset($_FILES['picfile']['name']) ||

$_FILES['picfile']['name'] == '' ) {
die('No preview picture file

specified. Please go back and select a preview picture to

upload.');
}

#Define some variables
$filetype =

array("application/x-shockwave-flash");
$picfiletype = array("image/gif",

"image/x-png", "image/png", "image/jpeg", "image/pjpeg");
$pic_upload_path

= '/previews/';
$max_size = 5400000;

# Check to see if the

filesize is too large
if ($_FILES['file']['size'] > $max_size)

{
die('Your flash movie is too large. Please make your filesize smaller

than 5 megabytes.');
}

# Check to see if the filetype is

correct
if (!in_array($_FILES['file']['type'],

$filetype)){
die('Sorry, your file was not an swf file. (Yours was ' .

$_FILES['data']['type'] . ').');
}

# Check to see if the

preview picture filetype is correct
if

(!in_array($_FILES['picfile']['type'], $picfiletype)){
die('Sorry,

your preview picture was not a gif, png, or jpg image.');
}


#

Upload the file and preview picture

function upload($origen,

$destinoDir, $ftemporal) {
$origen =

strtolower(basename($origen));

$destinoFull =

$destinoDir.$origen;
$frand = $origen;
$i = 1;

while

(file_exists( $destinoFull )) {
$file_name = substr($origen,

0, strlen($origen)-4);
$file_extension = substr($origen,

strlen($origen)-4, strlen($origen));
$frand =

$file_name."[$i]".$file_extension;
$destinoFull =

$destinoDir.$frand;
$i++;
}

if

(move_uploaded_file($ftemporal, $destinoFull)) return $frand;
else

return "0";
}

$upload

= upload($_FILES['file']['name'], 'swf',

$_FILES['file']['tmp_name']);
$picupload =

upload($_FILES['picfile']['name'], 'previews',

$_FILES['picfile']['tmp_name']);

# Check to see if upload was

successful
if (!$upload) {
die('Sorry, your file could not be

uploaded. This reason is unknown.');
}

# Check to see if preview

picture upload was successful
if (!$picupload) {
die('Sorry, your

preview picture could not be uploaded. This reason is

unknown.');
}

$title = trim(strip_tags($title));
$date =

date("Y-m-d H:i:s");
$comments = trim(strip_tags($comments));
$sql =

"INSERT INTO `flash` (`name`, `author`, `date`, `type`, `cat`, `revavg`,

`score`, `file`, `picture`, `desc`, `bad`, `audio`, `width`, `height`,

`status`, `content`) VALUES

('$title','$_SESSION[user]','$date','$type','$cat','0','2.5','

$thefile','$thepicfile','$comments','0','$audio',' $width','$heigh

t','pending','$content')";
if (mysql_query($sql, $connect)or

die(mysql_error())) {
echo "File uploaded succesfully.<br><a

href='index.php'>Proceed to flash

listing</a>";
}
?>

Everything goes smoothly here, but when i try

to access the uploads it returns a 404! Is there anthing wrong with

move_uploaded_file()?

you call that a

post

i call that 20 posts

you call that a post
HAHAHAHHAa!!!111 sorry,

thats just funny.

Yeah, I don't think I can help you there but maybe

Nugget can. He does php I believe. Or at least he's a programmer.

Yes I do know php, but that code is too

long for me to read. Im on vacations, i'll enjoy them while I can, then help

you when I get home :D

what is it?

I think your problem is

here.... obviously.

$newscore = (($vote+$currentavg)/$numvotes);



You're adding a vote, so for example if you had:
$vote =

5
$currentavg = 5
$numvotes = 10.
This would be $newscore =

((5+50)/10)
just not right, since it outputs 5.5

It should say,


$newscore = (($vote+$currentavg)/($numvotes+1));

Commonsense, add

a vote, add a numvote. :)

Now, as for this in your SQL,

$_GET[id]
Very very bad. This is how SQL gets injected and you can affect

people's vote submissions.

Make sure you check that it's

formatted.

Its also common courtesy when posting lots of code like

that to put it in a text file, simply for formattings sake, otherwise its a

bitch to read yeah?

As for the date, MySQL stores dates differently to

PHP, make sure its going into a 'date' field in MySQL and not a text or

integer box. This will ensure the date is stored correctly. I haven't really

studied PHP dates and MySQL thoroughly to understand it but I do know that

it can happen.

Alright, next problem.

When creating a function,

don't forget to ever GLOBAL your variables you're using.

this code

confuses me.
if (move_uploaded_file($ftemporal, $destinoFull)) return

$frand;
else return "0";
}

If that's an if statement, where

did all the brackets go? this is most likely your problem here. However PHP

should always give you an error if that happens, ie, misformatted

code.

Make it record a log of all variables set, in an array, so for

example $log['$filename'], etc and find out the exact values. This can be

affected by the $frand string you used, potentially overlapping a previous

$frand therefore never giving you the proper URL.

Goto your webserver

and make sure that it also uploads correctly, and that the file is not

corrupted during an upload, if its working correctly, check the filename

amongst the log, then your problem is simply the output url to view

it.

Some of the variable names you used, like $origen really had me

confused for a while. Obviously this is a continuation of another part of PHP

code, as a result it may also be the declaration of a particular variable

messing up.


Alright I hope this helps.