Forms, how do I limit the amount of Submissions?

[blesseld]

Hey All,

 

I am in the process of making a simple submission form.

 

It will have 2 fields, Name and ID.  It will be a simple form just to store the info. in a SQL database.  However I only want the first 300 people to be able to submit into it.  After that I would ultimatly like the form to stop displaying and have  tesxt show up stating 300 people have already signed-up, OR if thats not possible after they submit, the post page says sorry the 300 spots have been filled. 

Is there anyway of doing this?  or am I going to have to leave it open and manually take it down afte rI check my database entries?

 

Thanks in advance.

 

[rhodesa]

before displaying the form, do a SELECT COUNT(*) on the table to see how many submissions have occurred. if it's over 300, don't display the form.

 

p.s. you will also want to run the same check when someone is submitting the form, in case someone took the last spot while they were filling out the form

[blesseld]

Ok, so before I get there I also realized I can't have people submit more than once...

 

So I attempted to sort it out and got lost..Basically I am trying to have A Name and Number  and the IP address stored in a table... so when a user submits it'll check to see if the IP has been used. If it has..redirect to a page. If it hasn't submit the info.  Something like that.

 

Heres where I got.

<?php
$con = mysql_connect("localhost","justadz_form","form1");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }

mysql_select_db("justadz_testmail", $con);

$sql="INSERT INTO freeFormTable (ID, uname, idnumber)
VALUES
('NULL','$_POST[uname]','$_POST[idnumber]','$_POST[ipaddy]')";
if (!mysql_query($sql,$con))
  {
  die('Error: ' . mysql_error());
  }
else header( "Location: http://freeaisle.com/?page_id=6" );

mysql_close($con)
?>

 

and I wasn't sure on syntax for adding this:

$ipaddy = $_SERVER['REMOTE_ADDR'];
$query = mysql_query("SELECT ip FROM table WHERE ip='$ipaddy'");

or for checking the table limit for a Max of 30 people that can sign up....i'm not that familiar PHP yet.

 

Any help would be appreciated.

Thanks

[Sudden]

$ipaddy = $_SERVER['REMOTE_ADDR'];
$query = mysql_query("SELECT ip FROM table WHERE ip='$ipaddy'");

Is correct syntax. Tested it.

 

Just remember your gonna want to test their IP probably before you insert their info into your DB. Just a heads up.

[blesseld]

Well,

I was thinking I need an Insert Into....im just not sure where to place it.  I want it when they submit...that way it stores them in the same table as the username and id field.  Then I need to have it search the table if they reload the page..then act accordingly.

 

 

[uniflare]

Ok so you can check if the 300 people have been added and act accordingly, now for each user.

 

I would use cookies. If ou use ip address you could potentially block someone who has never visited your page before (ip-addresses get reassigned very quickly).

 

Even then someone could just disconnect from the net, reconnect (will have a new ip address, someone would most likely have taken their old 1), and submit again.

 

Without getting a hardware fingerprint (which could probably be faked anyway), there is no real/safe way to determine if the user has an account already.

 

Using an "Account Activation" scheme and keeping "Unactivated accounts" in a seperate table would be my personal favourite, that way they need to actually log in to the email account they provide and activate from there (more effort for them, less likely they can be bothered to set up 100 emails and activate all of them).

 

Email activation can be pretty simple, create a random key that u mail() to their email address, then once they visit activate.php?key=342onuf4937f3u938hhf743f3f

They can log in etc and the user info gets moved to the real users table (which you count).

 

You can make a simple script to delete inactive users (that have not activated) after a certain time, using a timestamp.

[haku]

While IP address banning is not the most reliable method, it works better than you may expect. How do I know this? I was IP banned from a site over half a year ago, and I still can't get in without using a proxy. I can get around this by refreshing my IP address, but most people don't know how to do that, nor do they know how to use proxies.

[redarrow]

charge the users, then there be no games!

 

or create a huge long filling in application, will stop most idiots.

 

my fav also a confirmation from a valid email account.

 

you could also create a cookie that dosent run out, if that cookie exists you no there a current user.

 

the cookie would be set afther the user creates the account.

 

could even be mean delete all accounts that haven't been active for a certain time.

[killah]

[...]

you could also create a cookie that dosent run out, if that cookie exists you no there a current user.

 

the cookie would be set afther the user creates the account.

[...]

 

Some people delete cookie's everytime they close the browser. So that won't really help.

[uniflare]

Lol am i being echoed?

 

Most people have a dynamic ip address, sry haku but your the minority .

 

Look at every major website that requires a login, what do they do? use email activation.

[haku]

They blocked me at both home and work, and I'm still not able to access the site from either of them.

 

I may be the minority, but if so, I'm beating the odds!

[uniflare]

lol then the computers ip's hasnt changed in years, thats pretty remarkable in itself .

[killah]

If you can clearly see. I quoted about the cookie's.

 

User's delete cookie's once in a while. So how are you going to guarantee if the user is a curent user?

 

I also use a dynamic ip myself.

[blesseld]

Well.  This form is going to change often and will only be displayed for maybe a day....its only going to allow a set number of people....for example 30-50  once it hits that number...the form will no longer be available....so what would be best  Cookies or IP?

[blesseld]

Oh ya,  I will already have a membership section that will require email, which is the important form,  This one i just need to temp disallow people to sign up multiple times.  It may only even be up for a few hours

[blesseld]

Ok, so Ive been doing some thinking and reading.

 

Is it possible to have a cookie set on submit of my form

name:

id:

SUBMIT    (set cookie)(store name and number to database)

 

then next time the page is loaded

 

If Cookie exists  echo(you already submitted info) or include(blah.php)  where blah will be a div saying they have submitted

if not

(display form)

 

My question, is this possible?

 

My current code submits the 2 forms fields to my DB

 

<?php
$con = mysql_connect("localhost","justadz_form","form1");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }
mysql_select_db("justadz_testmail", $con);

$sql="INSERT INTO freeFormTable (ID, uname, idnumber)
VALUES
('NULL','$_POST[uname]','$_POST[idnumber]')";
if (!mysql_query($sql,$con))
  {
  die('Error: ' . mysql_error());
  }
else header( "Location: http://freeaisle.com/?page_id=6" );
//Location is my thankyou page
mysql_close($con)
?>

 

 

[blesseld]

Here's my attempt....maybe someone can work off this

 

Here's my code above my header...correct me if im wrong...not sure what $self =...is

<?php

    $uname =  $_POST['uname'];
    $idnumber = $_POST['idnumber'];
    $self =  $_SERVER['PHP_SELF'];

    if( ( $uname != null ) and ( $idnumber != null ) )
        {
          setcookie( "name", $user , time() + 86400 );        // 24 hours
          setcookie( "number", $idnumber, time() + 86400 );

          exit();
        }
?>

 

then on my main page i want to do somthing like this to decide if there is a cookie just include a file with text saying already complete otherwise include freeform.php---which is the form

 

<?php
if (isset($_COOKIE["uname"]))
include("freeformcomplete.php");
else
include("freeform.php");
?>

 

And here's my form include

 

<form method="post" action="freeform_a.php">
  Your Name: <input name="uname" type="text" size="20" maxlength="20" /><br />
  Your ID: <input name="idnumber" type="text" size="20" maxlength="6" /><br />
  <input type="submit" value="Add Me!"/>
</form>

 

And last my Action page

 

<?php
$con = mysql_connect("localhost","justadz_form","form1");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }
mysql_select_db("justadz_testmail", $con);

$sql="INSERT INTO freeFormTable (ID, uname, idnumber)
VALUES
('NULL','$_POST[uname]','$_POST[idnumber]')";
if (!mysql_query($sql,$con))
  {
  die('Error: ' . mysql_error());
  }
else header( "Location: http://freeaisle.com/?page_id=6" );
//Location is my thankyou page
mysql_close($con)
?>

 

It's saving to my databse,  can;t get the cookie to work, nor check if the user has a cookie then display the proper include

...is this possible? I'm hoping someone can work off of this

 

thanks again, any input is appreciated...im pulling my hair here.

[limitphp]

While IP address banning is not the most reliable method, it works better than you may expect. How do I know this? I was IP banned from a site over half a year ago, and I still can't get in without using a proxy. I can get around this by refreshing my IP address, but most people don't know how to do that, nor do they know how to use proxies.

 

Nor are many sites worth restarting your cable modem just to possibly get a new ip address (if that even works)

 

it better be a darn good site for me to do all of that....

[limitphp]

While IP address banning is not the most reliable method, it works better than you may expect. How do I know this? I was IP banned from a site over half a year ago, and I still can't get in without using a proxy. I can get around this by refreshing my IP address, but most people don't know how to do that, nor do they know how to use proxies.

 

Nor are many sites worth restarting your cable modem just to possibly get a new ip address (if that even works)

 

it better be a darn good site for me to do all of that....

 

But...wouldn't a computer lab in a college with potentially hundreds of users have the same IP address?  Or all students using the college internet who live on campus in dorms (potentially thousands) have the same ip address?

[blesseld]

...I have decided just to use cookies,  like im trying to do above.  Can anyone that is more familiar with PHP see potanetially what im doing wrong?

[limitphp]

I need to do the same thing with my myaccount.php page.

here's what I'm doing

<?php
if ($mode==1)	//******	CHECK TO SEE IF SUBMISSION COUNT IS SET
{
if (isset($_SESSION['myaccount_count']))	//******	ADD ONE TO SUBMISSION COUNT
{
	$_SESSION['myaccount_count']++;
}else									//******	SET SUBMISSION COUNT TO ONE
{
	$_SESSION['myaccount_count'] = 1;
}
}

 

So, I'm using sessions to keep track of their submission count.

After 25, I'm going to keep the page from displaying and tell them they have too many submission attempts.

 

The only thing is, if they were running some kind of auto attempt script, they could just close the browser and start up again.

 

so it'b be like this....

 

auto try for password 25 times...

close browser

open browser, auto try for pasword 25 times

close browser

open browser, auto try for pasword 25 times

close browser

open browser, auto try for pasword 25 times

close browser

 

I figure its still better than nothing.

 

Can anyone think of a better way?

 

 

[blesseld]

before displaying the form, do a SELECT COUNT(*) on the table to see how many submissions have occurred. if it's over 300, don't display the form.

 

p.s. you will also want to run the same check when someone is submitting the form, in case someone took the last spot while they were filling out the form

 

As mentioned here, If you store everything in a table...a Select count  may be benificial in your case which i'll be using as well..

[haku]

Doing a count(id)  (or whatever column is definitely filled in for each row) is much more efficient than count(*).

[limitphp]

Doing a count(id)  (or whatever column is definitely filled in for each row) is much more efficient than count(*).

 

What about using sessions to do a submission count?

Is that a bad idea?

[Sudden]

Sessions go away after the browser is closed. So it probably wont help.