ok if you go to http://www.syc0logy.com/vote.php?subid=1&cid=45&user=1
it should get the user variable, but its not:
<form action="?proc=1&cid=<?=$cid?>&user=<?=$user?>&subid=<?=$subid?>" method="POST">
<? include('lib/conf/config.php'); ?>
<html>
<head>
<title> :: Syc0tests - Powered By: CORE Contest :: </title>
<link rel="stylesheet" type="text/css" href="lib/css/style.css">
</head>
<body bgcolor="#2A2922">
<?
if ($proc == '1') {
/* BEGIN ANTI CHEATING VERIFICATION PROTOCAL */
$sql = "SELECT * FROM voted WHERE subid = $subid";
$r = mysql_query($sql);
$arr = mysql_fetch_array($r);
$vuserid = $arr['userid'];
$vsubid = $arr['subid'];
// see if userid matches voted list
if($userid = $vuserid && $subid = $vsubid){
echo "<p align=center class=contest_small>SORRY YOU HAVE ALREADY VOTED<br><p align=center class=contest_small>
[ <a href=\"javascript:window.close();\">CLOSE WINDOW</a> ]";
} else {
/*END ANTI CHEATING PROTOCAL */
// get old values
$sql2 = "SELECT * FROM vote WHERE subid = $subid";
$result2 = mysql_query($sql2);
$arr2 = mysql_fetch_array($result2);
$total_votes = $arr2['total_votes'];
$total_points = $arr2['total_pts'];
$total_score = $arr2['score'];
// calculate new votes
$new_votes = $total_votes + 1;
$new_points = $total_points + $points;
$new_score = number_format($new_points/$new_votes, 2);
/* BEGIN ANTI CHEATING PROTOCAL */
// record ip based upon subid and contest to prevent cheating
/*END ANTI CHEATING PROTOCAL */
$sql4 = "SELECT * FROM voted ORDER BY id DESC LIMIT 0,1";
$r4 = mysql_query($sql4);
$arr = mysql_Fetch_Array($r4);
$newid = $arr['id'] +1;
$query6 = "INSERT INTO voted (id,userid,contest,subid) VALUES ('$newid','$user, '$cid', '$subid')";
$r6 = mysql_query($query6);
// insert new values
$insert = "UPDATE vote SET score=$new_score, total_pts=$new_points, total_votes=$new_votes WHERE subid=$subid ";
$result = mysql_query($insert);
$sql7 = "SELECT * FROM users ORDER BY userid='$userid'";
$r7 = mysql_query($sql7);
$arr7 = mysql_Fetch_Array($r7);
$username = $arr7['username'];
?>
<p align="center" class=contest_small>
Thank you <?=$username?>, your scored the av a <?=$points?> and this has been recorded. <br>
ID: <?=$newid?><br>
USERID: <?=$user?><br>
CID: <?=$cid?><br>
SUBID: <?=$subid?><br>
<br><br>
Thank you <br><p align=center class=contest_small>
[ <a href="javascript:window.close();">CLOSE WINDOW</a> ]
<?
}
} else {
?>
<form action="?proc=1&cid=<?=$cid?>&user=<?=$user?>&subid=<?=$subid?>" method="POST">
<p align="center" class=contest>
<b><font size="2">PLEASE VOTE</font></b>
<br><br>
<img src=imgproc.php?subid=<?=$subid?> border=0>
<br><br>
<select name="points" class=contest_small style="background-color:#2A2922; border:1px solid #C0C0C0">
<option value=""> VOTE
<option value="10"> 10
<option value="9"> 9
<option value="8"> 8
<option value="7"> 7
<option value="6"> 6
<option value="5"> 5
<option value="4"> 4
<option value="3"> 3
<option value="5"> 2
<option value="1"> 1
</select> <input type="submit" value="vote">
</form>
<? } ?>
