Jump to content


Photo

Set cookies to see if user voted?


  • Please log in to reply
20 replies to this topic

#1 pro_se

pro_se
  • Members
  • PipPipPip
  • Advanced Member
  • 131 posts

Posted 18 July 2006 - 06:24 AM

I want to create a cookie and send it to a users machine to see if they voted yet... this is what i have...
<?
mysql_connect("localhost","root","poop"); 
mysql_select_db("monkey"); 
  $id = $_GET["id"];
$sql = "UPDATE links SET total_votes = total_votes + 1 WHERE id='$id'";
$result = mysql_query($sql);
    echo "<b>You have been counted...</b>";
?>

is there any way to incorp. a cookie system into that?

#2 hackerkts

hackerkts
  • Members
  • PipPipPip
  • Advanced Member
  • 593 posts
  • LocationSingapore
  • Age:18

Posted 18 July 2006 - 06:53 AM

Just for your information, cookie doesn't last long. And user can clear their cookie anything, I was thinking of using session instead.

P.S: Last solution is to look through other people's work. :P

Regards,
hackerkts

To be a coder, you must learn how to think and not to give up so easily.


#3 pro_se

pro_se
  • Members
  • PipPipPip
  • Advanced Member
  • 131 posts

Posted 18 July 2006 - 07:20 AM

Can you maybe give me a sample solution of a Session? Maybe you can refer me to someone elses work?

#4 hackerkts

hackerkts
  • Members
  • PipPipPip
  • Advanced Member
  • 593 posts
  • LocationSingapore
  • Age:18

Posted 18 July 2006 - 07:27 AM

http://www.phpfreaks...26/Sessions.php

Example:
<?php
session_start();
$_SESSION['voted'] = "yes";

if ($_SESSION == "yes") {
   // don't allow the user to vote.
} else {
   // allow to vote
}
?>


Regards,
hackerkts

To be a coder, you must learn how to think and not to give up so easily.


#5 brown2005

brown2005
  • Members
  • PipPipPip
  • Advanced Member
  • 943 posts

Posted 18 July 2006 - 07:42 AM

shouldnt ur code be that...

<?php
session_start();
$_SESSION['voted'] = "yes";

if ($$_SESSION['voted'] == "yes") {
  // don't allow the user to vote.
} else {
  // allow to vote
}
?>

#6 pro_se

pro_se
  • Members
  • PipPipPip
  • Advanced Member
  • 131 posts

Posted 18 July 2006 - 07:43 AM

oh! lol... ic!!! thanks u guys...

#7 pro_se

pro_se
  • Members
  • PipPipPip
  • Advanced Member
  • 131 posts

Posted 18 July 2006 - 07:52 AM

wow... it looks like its going to work but it does not... i must be doing somthing wrong... here is my code...
<?php session_start();
$_SESSION['voted'] = "yes";

if ($_SESSION == "yes") {
   echo("<b>You Have voted already!</b>");
} else {
   mysql_connect("localhost","poop","bogus"); 
mysql_select_db("hizzr"); 
  $id = $_GET["id"];
$sql = "UPDATE links SET total_votes = total_votes + 1 WHERE id='$id'";
$result = mysql_query($sql);
echo("<b>Vote counted!</b>");
}?>


#8 hackerkts

hackerkts
  • Members
  • PipPipPip
  • Advanced Member
  • 593 posts
  • LocationSingapore
  • Age:18

Posted 18 July 2006 - 09:04 AM

shouldnt ur code be that...

<?php
session_start();
$_SESSION['voted'] = "yes";

if ($$_SESSION['voted'] == "yes") {
  // don't allow the user to vote.
} else {
  // allow to vote
}
?>


$_SESSION only 1 $.

Hmm.. The scripts look alright.
The user still could vote ?

Btw.. Set the session after the person voted.

<?php
session_start();
if ($_SESSION == "yes") {
   echo("<b>You Have voted already!</b>");
	} else {
   		mysql_connect("localhost","poop","bogus");
		mysql_select_db("hizzr");
  		$id = $_GET["id"];
		$sql = "UPDATE links SET total_votes = total_votes + 1 WHERE id='$id'";
		$result = mysql_query($sql);
        $_SESSION['voted'] = "yes";
		echo("<b>Vote counted!</b>");
		}
?>


Regards,
hackerkts

To be a coder, you must learn how to think and not to give up so easily.


#9 Orio

Orio
  • Staff Alumni
  • Advanced Member
  • 2,491 posts

Posted 18 July 2006 - 09:12 AM

But sessions is no good solution... If the user closes the browser and reopens it, he has a new session id.
There's no 100% solution. The best solution is by combining. Get both the user's IP (and enter it to a table/txt-file), send him a cookie and start a session. Then when you check, check the IP wasnt already used, the user doesnt have a cookie, and that he doesnt have a session.
Over course there's no problem breaching this defense, but I cant see a better solution.

Orio.
Think you're smarty?

(Gone until 20 to November)

#10 pro_se

pro_se
  • Members
  • PipPipPip
  • Advanced Member
  • 131 posts

Posted 18 July 2006 - 09:56 AM

hmmm... since the session's were not working out i will try out the ip idea... then i will try the cookies...

cool avatar orio!

#11 Orio

Orio
  • Staff Alumni
  • Advanced Member
  • 2,491 posts

Posted 18 July 2006 - 10:24 AM

Thanks :)

But I am telling you- The key is combining. Use both cookies AND IP (check if the user has a cookie set OR if his IP was used).

Orio.
Think you're smarty?

(Gone until 20 to November)

#12 pro_se

pro_se
  • Members
  • PipPipPip
  • Advanced Member
  • 131 posts

Posted 18 July 2006 - 10:26 AM

i cant think of what to use for the ip thing though... i already have it inserting the ip:
<?php 
//insert into the database...
$id = $_GET["id"];
mysql_connect("localhost","root","poop"); 
mysql_select_db("hizzr"); 
$result = mysql_query("INSERT INTO vote_security VALUES ('$REMOTE_ADDR','$id')");
//see if it matches somthing in the database?
if (ip exists) {
shoot the person}
else { vote}
?>
but how to validate? iono...

#13 Orio

Orio
  • Staff Alumni
  • Advanced Member
  • 2,491 posts

Posted 18 July 2006 - 11:25 AM

To validate, do this:

<?php
//let's say $ip holds the user's ip
$sql="SELECT * FROM vote_security WHERE IP='$ip'";
if(mysql_num_rows(mysql_query($sql))!=0){
die("Error- You can only vote once!");
}
?>

Basicly, search if there's such an IP in the db. If so, "shoot the user".

Orio.
Think you're smarty?

(Gone until 20 to November)

#14 pro_se

pro_se
  • Members
  • PipPipPip
  • Advanced Member
  • 131 posts

Posted 18 July 2006 - 11:28 AM

lol... thanks...

#15 micah1701

micah1701
  • Members
  • PipPipPip
  • Advanced Member
  • 613 posts
  • LocationEllington, CT USA

Posted 18 July 2006 - 11:34 AM

the thing with IP addresses is that many users, like anyone with AOL, have a new IP address assigned each time they go online - sometimes, it changes every time they click a new link.  The only REAL solution is to make a user log into your site before they vote.  Then you can track who has voted and who hastn't.

(of course, the user may have more then one user account, but this is still more efficent then the other methods)
since the log in makes a voting poll a bit cumbersome - in the end, really, I guess all you can do is remind users that this is not a scientific pole and the results may not accuratly portray your demographics true opinions.
"Confidence in the face of risk."

#16 pro_se

pro_se
  • Members
  • PipPipPip
  • Advanced Member
  • 131 posts

Posted 18 July 2006 - 11:37 AM

so what you are saying is make a table with ip's and usernames?

#17 pro_se

pro_se
  • Members
  • PipPipPip
  • Advanced Member
  • 131 posts

Posted 18 July 2006 - 11:50 AM

To validate, do this:

<?php
//let's say $ip holds the user's ip
$sql="SELECT * FROM vote_security WHERE IP='$ip'";
if(mysql_num_rows(mysql_query($sql))!=0){
die("Error- You can only vote once!");
}
?>

Basicly, search if there's such an IP in the db. If so, "shoot the user".

Orio.


dude... i tried it... it does not work... this is how i put it in...
<?php
mysql_connect("localhost","root","poopy");
$ip = $REMOTE_ADDR;
 $sql="SELECT ip FROM vote_security WHERE IP='$ip'";
if(mysql_num_rows(mysql_query($sql))!=$ip)
{
die("Error- You can only vote once!");
} else { mysql_connect("localhost","root","i am n00b"); 
mysql_select_db("hizzr"); 
  $id = $_GET["id"];
$sql = "UPDATE links SET total_votes = total_votes + 1 WHERE id='$id'";
$result = mysql_query($sql);
echo("<b>Vote counted!</b>"); }
?>


#18 Orio

Orio
  • Staff Alumni
  • Advanced Member
  • 2,491 posts

Posted 18 July 2006 - 12:16 PM

This line:
$ip = $REMOTE_ADDR;
is wrong.

Should be:
$ip = $_SERVER['REMOTE_ADDR'];
or
$ip = getenv(REMOTE_ADDR);

Orio.
Think you're smarty?

(Gone until 20 to November)

#19 Orio

Orio
  • Staff Alumni
  • Advanced Member
  • 2,491 posts

Posted 18 July 2006 - 12:20 PM

1) You need to connect the db (and selecting one) before exacuting the query.


2) This:
$sql="SELECT ip FROM vote_security WHERE IP='$ip'";
Once you call the column "ip" and once "IP". It's case sensative. So call it by it's case sensative name.

Orio.

PS: @Mods- Sorry for double posting, but when I trie to edit my post I had problems.
Think you're smarty?

(Gone until 20 to November)

#20 pro_se

pro_se
  • Members
  • PipPipPip
  • Advanced Member
  • 131 posts

Posted 18 July 2006 - 09:57 PM

it still does not work... all it does is says it 'Error- You can only vote once!'... it does not enter it but even if the ip was not in the table it still says that... i am gonna try the cookies and go on the honor system....




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users