Hi,

in my drupal instance is a naughty js, which is causing the double clicking of an ad. This causes a double insert-query of the click. I've written a fix for that:

change the code in the file affiliates.module, at the function affiliates_click();, where the INSERT INTO {affiliates} [...] mysql query appears.

    /**
     * prevent from double clicking
     * because in some drupal-instaces is a naughty javascript
     * which runs the insert-query twice.
     */
      $result = db_query("SELECT click_time 
		    FROM {affiliates} 
		    WHERE click_time = %d", time());
		  $data = db_fetch_object($result);

      if(empty($data)){
        db_query("INSERT INTO {affiliates} (
          user_id, cookie_id, ip, referer, ad_id, click_time)
          VALUES
          (%d, '%s', '%s', '%s', %d, %d)",
          $uid, $cookie_value, ip_address(), filter_xss($_SERVER['HTTP_REFERER']), $ad_id, time());
     }

hope somebody will commit this soon.

Comments

jepster_’s picture

this code needs to be in

function affiliates_click()

near line 1145.

for better understanding, here is my full affiliates_click()-function:

function affiliates_click() {

  $cookie_value = md5(microtime());
  $timeout_flag = true;

  $uid = (int)arg(1);

  $ad_id = (int)arg(2);

  $affiliates_click_denied = affiliates_click_denied($uid);  
  //If there's no cookie, proceed.
  
  if (!$_COOKIE['aff']) {
    setcookie('aff', $cookie_value, time() + 86400);
  }

  if ((!$affiliates_click_denied) && user_access('affiliate click') && !isset($_COOKIE['aff'])) {
    //Only log the hit if it looks like this isn't a cheater and the user has permissions.

    /**
     * prevent from double clicking
     * because in some drupal-instances is a naughty javascript
     * which runs the insert-query twice.
     */
      $result = db_query("SELECT click_time 
		    FROM {affiliates} 
		    WHERE click_time = %d", time());
		  $data = db_fetch_object($result);

      if(empty($data)){
        db_query("INSERT INTO {affiliates} (
          user_id, cookie_id, ip, referer, ad_id, click_time)
          VALUES
          (%d, '%s', '%s', '%s', %d, %d)",
          $uid, $cookie_value, ip_address(), filter_xss($_SERVER['HTTP_REFERER']), $ad_id, time());
     }

    // Record it in the userpoints
    if (module_exists('userpoints')) {
      $points = (int)db_result(db_query("SELECT points FROM {affiliates_ads} WHERE ad_id = %d", $ad_id));
      $params = array(
    	'points'      => $points,
        'uid'         => $uid,
        'operation'   => 'affilate click',
        'tid'         => variable_get(AFFILIATE_USERPOINTS_TID, 0),
        'reference'   => 'affiliates'
      );
      userpoints_userpointsapi($params);
    }
    if (module_exists('referral')) {
	  referral_set_cookie($uid);
	}
 
  }

  $redirect = db_result(db_query("SELECT redirect FROM {affiliates_ads} WHERE ad_id = %d", $ad_id));

  if ($redirect) {
    header("Location: " . $redirect);
  }
  else {
    // Redirect to the home page if there is no redirect
    drupal_goto();
  }

}
avpaderno’s picture

Version: 6.x-1.9 » 6.x-1.x-dev
Issue summary: View changes
Priority: Critical » Normal
Status: Active » Closed (outdated)
Issue tags: -double database insert, -JavaScript, -js bug

I am closing this issue, as Drupal 6 is no longer supported.