*Zend PHP5 Contest Voting System Broken*

28
Joseph Crawford writes “The coding portion may be over, but it seems the battle to take over the #1 position has just begun.
Those who have spent many eye-straining hours in front of their computers will surely appreciate the irony of being able to cheat the voting system on the very site that hosts the “Top 21 PHP Programming Mistakes” part 1, part 2, part 3).

*hint*

Perhaps the better contest would have been to write a contest voting system that is secure?

*hint*

Not only can a user vote for their own code while logged in as themselves (morally unethical), you can also cheat the system by simply modifying a url a little bit.

https://www.zend.com/php5/contest/rate.php?vote_ag ain=1&cont_id=ENTER_CONTESTANT_ID_HERE&rating=5&am p;

I should also mention that zend has been made well aware of this problem yet has basically told the people to buzz off when they were telling them they need to fix this.

In my opinion this is a really crappy system!

One more thing you can do it set the rating to 1 and drop everyone else from the top 10
*Note*: – yesterday we had all.geek users in the top 1-8

So, I raise my cup of java and offer this hearty cheers – “Here’s to better coding… and better voting systems!””

Link: zend.com

Category:

  • PHP