Voting Check Postback

We created a simple way for you to check if someone has voted or not by using Postback or IP Check.

How does Postback work?

You need a script on your server which we call once someone votes for you. See the php example for a basic integration based on the default callback below.

Default callback

This method works for most of our website users. Simply pass the voter username/id along with the vote link.

  1. Place your callback url ( web accessable url of the script you created ) within your account settings.
  2. Let your users vote using the following url[ARENA-TOP100-USERNAME]&id=[PlayerID]
    • You can pass any of the 3 following variables within the vote link. id=[PlayerID] or postback=[PlayerID] or incentive=[PlayerID]
    • Replace [ARENA-TOP100-USERNAME] with your username on
    • Replace [PlayerID] with the ID that you identify your player with.

Dynamic callback

On some systems, you might need some more fine control or need to pass extra dynamic variables back to your callback script. In that case you could use this method.

In such a case, you can either completely drop the id, postback or incentive parameters and pass your own user parameter, or extend your link with a callback parameter.[ARENA-TOP100-USERNAME]&callback=[base64_encode]
  • In this method you need pass a base64_encode url, which includes whatever you need in your callback url
  • Replace [ARENA-TOP100-USERNAME] with your username on
  • Replace [base64_encode] with a url, encoded with php's base64_encode() along with urlencode() to make it safe for url handling.
    $callback_url = urlencode(base64_encode(''));
    echo '[ARENA-TOP100-USERNAME]&callback='.$callback_url;

What variables do we sent back to you?

Following variables are sent as $_POST and $_GET in both callback methods

  • secret - Used to validate the request came from Arena-Top100. Either TEST when you use our test callback page in developement, or YOUR_API_SECRET which you can find in your dashboard when switching into production.
  • voted - either 1 to indicate a successful vote or 0 for a failed/duplicated one.
  • userip - Contains the voters ip.
  • userid - If present, contains the voters username/ID as passed by you in your vote link via id=[PlayerID] or postback=[PlayerID] or incentive=[PlayerID].
  • custom - If present ( see dynamic callback ), holds reference to the base64_encoded string as passed by you via callback=[base64_encode]. Which you could decode to get your desired parameter if you only allow $_POST or ignore it and simply access your own parameters via $_GET

Postback PHP Example Based on default callback method

In this example we use $_POST to grab the values we send to your script. But $_GET works as well.

#Example PHP Postback Script
#Arena-Top100 does not take responsibility or liability for the use of this php snippet

// Your Database Connection Details
$host = 'localhost';
$db_name = '';
$db_user = '';
$db_password = '';
$connection = mysqli_connect($host, $db_user, $db_password);
mysqli_select_db($connection, $db_name);

// This is your personal secret key, as found on the Arena-Top100 dashboard, or the string 'TEST' in case of our Testing script
// Update accordingly to your API secret in production, or the string 'TEST' while developing using our test callback page
$my_secret = '';

// Lets validate the request is coming from Arena-Top100. And if not stop here
$secret = isset($_POST['secret']) ? $_POST['secret'] : false;
$valid_request = $secret === $my_secret ? true : false;

if ($valid_request === false) 

// User
$userid = isset($_POST['userid']) ? $_POST['userid'] : null;

// User IP
$userip = isset($_POST['userip']) ? $_POST['userip'] : null;

// User voted on Arena-Top100? 1 = unique vote, 0 = already voted
$valid = isset($_POST['voted']) ? (int)$_POST['voted'] : 0;

// Make sure the user was not yet rewarded on your system
// For example by checking your reward logs
if (!is_null($userid) && $valid == 1) 
    // Make userid safe to use in query
    $userid = mysqli_real_escape_string($connection, $userid);

    // COUNT rows where reward_date is today
    $result = mysqli_query($connection, "SELECT COUNT(*) FROM `reward_log` WHERE `user` = '$userid' AND `reward_date` >= CURDATE()");
    $rewarded = mysqli_num_rows($result);
    // No results means not rewarded yet, so grant reward and set the reward date/time log
         // Grant reward, for example vote points
        mysqli_query($connection, "UPDATE `users` SET `points` = `points` + 1 WHERE `user` = '$userid'");
         // Insert log
        mysqli_query($connection, "INSERT INTO `reward_log` (`user`, `reward_date`) VALUES ('$userid', NOW())");

// Close connection


Test your Callback

Test your callback script to see if it works with our system.
Please note: The secret we send to validate if requests came from Arena-Top100 is 'TEST' in this case and not your personal API secret. ( Refer to the PHP example )
To get your API secret when you switch into production, please head to your dashboard.

Keep this blank to use your own IP.