Jump to content

Archived

This topic is now archived and is closed to further replies.

pro_se

Set cookies to see if user voted?

Recommended Posts

[b]I want to create a cookie and send it to a users machine to see if they voted yet... [i]this is what i have... [/i][/b]
[code]<?
mysql_connect("localhost","root","poop");
mysql_select_db("monkey");
  $id = $_GET["id"];
$sql = "UPDATE links SET total_votes = total_votes + 1 WHERE id='$id'";
$result = mysql_query($sql);
    echo "<b>You have been counted...</b>";
?>[/code]

[u]is there any way to incorp. a cookie system into that?[/u]

Share this post


Link to post
Share on other sites
Just for your information, cookie doesn't last long. And user can clear their cookie anything, I was thinking of using session instead.

P.S: Last solution is to look through other people's work. :P

Share this post


Link to post
Share on other sites
Can you maybe give me a sample solution of a Session? Maybe you can refer me to someone elses work?

Share this post


Link to post
Share on other sites
http://www.phpfreaks.com/quickcode_cats/26/Sessions.php

Example:
[code]<?php
session_start();
$_SESSION['voted'] = "yes";

if ($_SESSION == "yes") {
  // don't allow the user to vote.
} else {
  // allow to vote
}
?>[/code]

Share this post


Link to post
Share on other sites
shouldnt ur code be that...

<?php
session_start();
$_SESSION['voted'] = "yes";

if ($$_SESSION['voted'] == "yes") {
  // don't allow the user to vote.
} else {
  // allow to vote
}
?>

Share this post


Link to post
Share on other sites
wow... it looks like its going to work but it does not... i must be doing somthing wrong... here is my code... [code]<?php session_start();
$_SESSION['voted'] = "yes";

if ($_SESSION == "yes") {
  echo("<b>You Have voted already!</b>");
} else {
  mysql_connect("localhost","poop","bogus");
mysql_select_db("hizzr");
  $id = $_GET["id"];
$sql = "UPDATE links SET total_votes = total_votes + 1 WHERE id='$id'";
$result = mysql_query($sql);
echo("<b>Vote counted!</b>");
}?>[/code]

Share this post


Link to post
Share on other sites
[quote author=brown2005 link=topic=100964.msg399112#msg399112 date=1153208531]
shouldnt ur code be that...

<?php
session_start();
$_SESSION['voted'] = "yes";

if ([b]$[/b]$_SESSION['voted'] == "yes") {
  // don't allow the user to vote.
} else {
  // allow to vote
}
?>
[/quote]

$_SESSION only 1 $.

Hmm.. The scripts look alright.
The user still could vote ?

Btw.. Set the session after the person voted.

[code]<?php
session_start();
if ($_SESSION == "yes") {
  echo("<b>You Have voted already!</b>");
} else {
  mysql_connect("localhost","poop","bogus");
mysql_select_db("hizzr");
  $id = $_GET["id"];
$sql = "UPDATE links SET total_votes = total_votes + 1 WHERE id='$id'";
$result = mysql_query($sql);
        $_SESSION['voted'] = "yes";
echo("<b>Vote counted!</b>");
}
?>[/code]

Share this post


Link to post
Share on other sites
But sessions is no good solution... If the user closes the browser and reopens it, he has a new session id.
There's no 100% solution. The best solution is by [b]combining[/b]. Get both the user's IP (and enter it to a table/txt-file), send him a cookie and start a session. Then when you check, check the IP wasnt already used, the user doesnt have a cookie, and that he doesnt have a session.
Over course there's no problem breaching this defense, but I cant see a better solution.

Orio.

Share this post


Link to post
Share on other sites
hmmm... since the session's were not working out i will try out the ip idea... then i will try the cookies...

cool avatar orio!

Share this post


Link to post
Share on other sites
Thanks :)

But I am telling you- The key is combining. Use both cookies AND IP (check if the user has a cookie set OR if his IP was used).

Orio.

Share this post


Link to post
Share on other sites
i cant think of what to use for the ip thing though... i already have it inserting the ip: [code]<?php
//insert into the database...
$id = $_GET["id"];
mysql_connect("localhost","root","poop");
mysql_select_db("hizzr");
$result = mysql_query("INSERT INTO vote_security VALUES ('$REMOTE_ADDR','$id')");
//see if it matches somthing in the database?
if (ip exists) {
shoot the person}
else { vote}
?>[/code]
but how to validate? iono...

Share this post


Link to post
Share on other sites
To validate, do this:

[code]<?php
//let's say $ip holds the user's ip
$sql="SELECT * FROM vote_security WHERE IP='$ip'";
if(mysql_num_rows(mysql_query($sql))!=0){
die("Error- You can only vote once!");
}
?>[/code]

Basicly, search if there's such an IP in the db. If so, "shoot the user".

Orio.

Share this post


Link to post
Share on other sites
the thing with IP addresses is that many users, like anyone with AOL, have a new IP address assigned each time they go online - sometimes, it changes every time they click a new link.  The only REAL solution is to make a user log into your site before they vote.  Then you can track who has voted and who hastn't.

(of course, the user may have more then one user account, but this is still more efficent then the other methods)
since the log in makes a voting poll a bit cumbersome - in the end, really, I guess all you can do is remind users that this is not a scientific pole and the results may not accuratly portray your demographics true opinions.

Share this post


Link to post
Share on other sites
so what you are saying is make a table with ip's and usernames?

Share this post


Link to post
Share on other sites
[quote author=Orio link=topic=100964.msg399152#msg399152 date=1153221949]
To validate, do this:

[code]<?php
//let's say $ip holds the user's ip
$sql="SELECT * FROM vote_security WHERE IP='$ip'";
if(mysql_num_rows(mysql_query($sql))!=0){
die("Error- You can only vote once!");
}
?>[/code]

Basicly, search if there's such an IP in the db. If so, "shoot the user".

Orio.
[/quote]

dude... i tried it... it does not work... this is how i put it in...
[code]<?php
mysql_connect("localhost","root","poopy");
$ip = $REMOTE_ADDR;
$sql="SELECT ip FROM vote_security WHERE IP='$ip'";
if(mysql_num_rows(mysql_query($sql))!=$ip)
{
die("Error- You can only vote once!");
} else { mysql_connect("localhost","root","i am n00b");
mysql_select_db("hizzr");
  $id = $_GET["id"];
$sql = "UPDATE links SET total_votes = total_votes + 1 WHERE id='$id'";
$result = mysql_query($sql);
echo("<b>Vote counted!</b>"); }
?>[/code]

Share this post


Link to post
Share on other sites
This line:
$ip = $REMOTE_ADDR;
is wrong.

Should be:
$ip = $_SERVER['REMOTE_ADDR'];
or
$ip = getenv(REMOTE_ADDR);

Orio.

Share this post


Link to post
Share on other sites
1) You need to connect the db (and selecting one) before exacuting the query.


2) This:
$sql="SELECT ip FROM vote_security WHERE IP='$ip'";
Once you call the column "ip" and once "IP". It's case sensative. So call it by it's case sensative name.

Orio.

PS: @Mods- Sorry for double posting, but when I trie to edit my post I had problems.

Share this post


Link to post
Share on other sites
it still does not work... all it does is says it 'Error- You can only vote once!'... it does not enter it but even if the ip was not in the table it still says that... i am gonna try the cookies and go on the honor system....

Share this post


Link to post
Share on other sites
This is a wast of time and effort you should let a user login before letting a user vote at least a txt file database lol................

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.