Index: administrator/components/com_comprofiler/comprofiler.class.php
===================================================================
--- administrator/components/com_comprofiler/comprofiler.class.php	(revision 886)
+++ administrator/components/com_comprofiler/comprofiler.class.php	(working copy)
@@ -2858,39 +2858,78 @@
 * @param int viewed user id
 * @param IP address of viewing user
 */
-function recordViewHit ( $viewerId, $profileId, $currip) {
+function recordViewHit( $viewerId, $profileId, $currip ) {
 	global $_CB_framework, $_CB_database, $ueConfig;
 
-	$query = "SELECT * FROM #__comprofiler_views WHERE viewer_id = " . (int) $viewerId . " AND profile_id = " . (int) $profileId;
-	if ($viewerId == 0) $query .= " AND lastip = '" . $_CB_database->getEscaped($currip) . "'";
+	$query					=	'SELECT ' . $_CB_database->NameQuote( 'lastview' ) . ', ' . $_CB_database->NameQuote( 'lastip' )
+							.	"\n FROM " . $_CB_database->NameQuote( '#__comprofiler_views' )
+							.	"\n WHERE " . $_CB_database->NameQuote( 'viewer_id' ) . " = " . (int) $viewerId
+							.	"\n AND " . $_CB_database->NameQuote( 'profile_id' ) . " = " . (int) $profileId
+							.	( $viewerId == 0 ? "\n AND " . $_CB_database->NameQuote( 'lastip' ) . " = " . $_CB_database->Quote( $currip ) : null )
+							.	"\n ORDER BY " . $_CB_database->NameQuote( 'lastview' ) . " DESC";
 	$_CB_database->setQuery( $query );
-	$views = null;
-	if ( !( $_CB_database->loadObject( $views ) ) ) {
-		$query = "INSERT INTO #__comprofiler_views ( viewer_id, profile_id, lastip, lastview, viewscount )"
-		. "\n VALUES ( " . (int) $viewerId . ", " . (int) $profileId . ", '" . $_CB_database->getEscaped($currip) . "', NOW(), 1 )";
+	$views					=	$_CB_database->loadObjectList();
+
+	if ( ! $views ) {
+		// no views yet: insert the view record:
+		$query				=	'INSERT INTO ' . $_CB_database->NameQuote( '#__comprofiler_views' )
+							.	"\n ( " . $_CB_database->NameQuote( 'viewer_id' )
+							.	', ' . $_CB_database->NameQuote( 'profile_id' )
+							.	', ' . $_CB_database->NameQuote( 'lastip' )
+							.	', ' . $_CB_database->NameQuote( 'lastview' )
+							.	', ' . $_CB_database->NameQuote( 'viewscount' ) . ' )'
+							.	"\n VALUES ( "
+							.	(int) $viewerId
+							.	', ' . (int) $profileId
+							.	', ' . $_CB_database->Quote( $currip )
+							.	', NOW()'
+							.	', 1 )';
 		$_CB_database->setQuery( $query );
-		if (!$_CB_database->query()) {
-			echo "<script type=\"text/javascript\"> alert('InsertViews: ".$_CB_database->getErrorMsg()."');</script>\n";
-			// exit();
+		if ( ! $_CB_database->query() ) {
+			echo "<script type=\"text/javascript\">alert( 'InsertViews: " . htmlspecialchars( cbGetEscaped( $_CB_database->getErrorMsg() ) ) . "' );</script>\n";
 		}
-		_incHits($profileId);
+
+		_incHits( $profileId );
+
 	} else {
-		$lastview = strtotime($views->lastview);
-		if ($currip != $views->lastip || $_CB_framework->now() - $lastview > $ueConfig['minHitsInterval']*60) {
-			$query = "UPDATE #__comprofiler_views"
-			. "\n SET viewscount = (viewscount+1),"
-			. "\n lastview = NOW(),"
-			. "\n lastip = '" . $_CB_database->getEscaped($currip) . "'"
-			. "\n WHERE viewer_id = " . (int) $viewerId . " AND profile_id = " . (int) $profileId;
-			if ($viewerId == 0) $query .= " AND lastip = '" . $_CB_database->getEscaped($currip) . "'";
+		// we already have view(s):
+		$count				=	count( $views );
+
+		$lastview			=	strtotime( $views[0]->lastview );
+
+		if ( $count > 1 ) {
+			// huston, we have a database problem: we have more than one entry for the pair viewer-viewed OR the tripplet (anonymous viewer=0 - viewed - IP address):
+			// updating would generate key conflicts: cleanupt that mess please:
+			$query		=	'DELETE FROM ' . $_CB_database->NameQuote( '#__comprofiler_views' )
+						.	"\n WHERE " . $_CB_database->NameQuote( 'viewer_id' ) . " = " . (int) $viewerId
+						.	"\n AND " . $_CB_database->NameQuote( 'profile_id' ) . " = " . (int) $profileId
+						.	( $viewerId == 0 ? "\n AND " . $_CB_database->NameQuote( 'lastip' ) . " = " . $_CB_database->Quote( $currip ) : null )
+						.	"\n AND " . $_CB_database->NameQuote( 'lastview' ) . " <> " . $_CB_database->Quote( $views[0]->lastview );
+		$_CB_database->setQuery( $query );
+			if ( ! $_CB_database->query() ) {
+				echo "<script type=\"text/javascript\">alert( 'DeleteViews: " . htmlspecialchars( cbGetEscaped( $_CB_database->getErrorMsg() ) ) . "' );</script>\n";
+			}
+		}
+
+		// ok there was a view, we will count it only if lastview time is greater than the minimum interval configured,
+		$needsUpdate	=	( ( $_CB_framework->now() - $lastview ) > ( $ueConfig['minHitsInterval'] * 60 ) );
+		// but we will update any IP address changes in case of a logged-in user (for guests, the SELECT above is by IP address, so that entry and IP is already same:
+		if ( ( $currip != $views[0]->lastip ) || $needsUpdate ) {
+			$query	=	'UPDATE ' . $_CB_database->NameQuote( '#__comprofiler_views' )
+					.	"\n SET " . $_CB_database->NameQuote( 'lastview' ) . " = NOW()"
+					.	', ' . $_CB_database->NameQuote( 'lastip' ) . " = " . $_CB_database->Quote( $currip )
+					.	( $needsUpdate ? ', ' . $_CB_database->NameQuote( 'viewscount' ) . " = (" . $_CB_database->NameQuote( 'viewscount' ) . "+1)" : '' )
+					.	"\n WHERE " . $_CB_database->NameQuote( 'viewer_id' ) . " = " . (int) $viewerId
+					.	"\n AND " . $_CB_database->NameQuote( 'profile_id' ) . " = " . (int) $profileId
+					.	( $viewerId == 0 ? "\n AND " . $_CB_database->NameQuote( 'lastip' ) . " = " . $_CB_database->Quote( $currip ) : null );
 			$_CB_database->setQuery( $query );
-			if (!$_CB_database->query()) {
-				echo "<script type=\"text/javascript\"> alert('UpdateViews: ".$_CB_database->getErrorMsg()."');</script>\n";
-				// exit();
+			if ( ! $_CB_database->query() ) {
+				echo "<script type=\"text/javascript\">alert( 'UpdateViews: " . htmlspecialchars( cbGetEscaped( $_CB_database->getErrorMsg() ) ) . "' );</script>\n";
 			}
-			_incHits($profileId);
-		// } else {
-		//	echo "ALREADY_HIT!!!";
+
+			if ( $needsUpdate ) {
+				_incHits( $profileId );
+			}
 		}
 	}
 }