pro_se Posted July 18, 2006 Share Posted July 18, 2006 [b]I want to create a cookie and send it to a users machine to see if they voted yet... [i]this is what i have... [/i][/b][code]<?mysql_connect("localhost","root","poop"); mysql_select_db("monkey"); $id = $_GET["id"];$sql = "UPDATE links SET total_votes = total_votes + 1 WHERE id='$id'";$result = mysql_query($sql); echo "<b>You have been counted...</b>";?>[/code][u]is there any way to incorp. a cookie system into that?[/u] Quote Link to comment Share on other sites More sharing options...
hackerkts Posted July 18, 2006 Share Posted July 18, 2006 Just for your information, cookie doesn't last long. And user can clear their cookie anything, I was thinking of using session instead.P.S: Last solution is to look through other people's work. :P Quote Link to comment Share on other sites More sharing options...
pro_se Posted July 18, 2006 Author Share Posted July 18, 2006 Can you maybe give me a sample solution of a Session? Maybe you can refer me to someone elses work? Quote Link to comment Share on other sites More sharing options...
hackerkts Posted July 18, 2006 Share Posted July 18, 2006 http://www.phpfreaks.com/quickcode_cats/26/Sessions.phpExample:[code]<?phpsession_start();$_SESSION['voted'] = "yes";if ($_SESSION == "yes") { // don't allow the user to vote.} else { // allow to vote}?>[/code] Quote Link to comment Share on other sites More sharing options...
brown2005 Posted July 18, 2006 Share Posted July 18, 2006 shouldnt ur code be that...<?phpsession_start();$_SESSION['voted'] = "yes";if ($$_SESSION['voted'] == "yes") { // don't allow the user to vote.} else { // allow to vote}?> Quote Link to comment Share on other sites More sharing options...
pro_se Posted July 18, 2006 Author Share Posted July 18, 2006 oh! lol... ic!!! thanks u guys... Quote Link to comment Share on other sites More sharing options...
pro_se Posted July 18, 2006 Author Share Posted July 18, 2006 wow... it looks like its going to work but it does not... i must be doing somthing wrong... here is my code... [code]<?php session_start();$_SESSION['voted'] = "yes";if ($_SESSION == "yes") { echo("<b>You Have voted already!</b>");} else { mysql_connect("localhost","poop","bogus"); mysql_select_db("hizzr"); $id = $_GET["id"];$sql = "UPDATE links SET total_votes = total_votes + 1 WHERE id='$id'";$result = mysql_query($sql);echo("<b>Vote counted!</b>");}?>[/code] Quote Link to comment Share on other sites More sharing options...
hackerkts Posted July 18, 2006 Share Posted July 18, 2006 [quote author=brown2005 link=topic=100964.msg399112#msg399112 date=1153208531]shouldnt ur code be that...<?phpsession_start();$_SESSION['voted'] = "yes";if ([b]$[/b]$_SESSION['voted'] == "yes") { // don't allow the user to vote.} else { // allow to vote}?>[/quote]$_SESSION only 1 $.Hmm.. The scripts look alright.The user still could vote ?Btw.. Set the session after the person voted.[code]<?phpsession_start();if ($_SESSION == "yes") { echo("<b>You Have voted already!</b>"); } else { mysql_connect("localhost","poop","bogus"); mysql_select_db("hizzr"); $id = $_GET["id"]; $sql = "UPDATE links SET total_votes = total_votes + 1 WHERE id='$id'"; $result = mysql_query($sql); $_SESSION['voted'] = "yes"; echo("<b>Vote counted!</b>"); }?>[/code] Quote Link to comment Share on other sites More sharing options...
Orio Posted July 18, 2006 Share Posted July 18, 2006 But sessions is no good solution... If the user closes the browser and reopens it, he has a new session id.There's no 100% solution. The best solution is by [b]combining[/b]. Get both the user's IP (and enter it to a table/txt-file), send him a cookie and start a session. Then when you check, check the IP wasnt already used, the user doesnt have a cookie, and that he doesnt have a session.Over course there's no problem breaching this defense, but I cant see a better solution.Orio. Quote Link to comment Share on other sites More sharing options...
pro_se Posted July 18, 2006 Author Share Posted July 18, 2006 hmmm... since the session's were not working out i will try out the ip idea... then i will try the cookies...cool avatar orio! Quote Link to comment Share on other sites More sharing options...
Orio Posted July 18, 2006 Share Posted July 18, 2006 Thanks :)But I am telling you- The key is combining. Use both cookies AND IP (check if the user has a cookie set OR if his IP was used).Orio. Quote Link to comment Share on other sites More sharing options...
pro_se Posted July 18, 2006 Author Share Posted July 18, 2006 i cant think of what to use for the ip thing though... i already have it inserting the ip: [code]<?php //insert into the database...$id = $_GET["id"];mysql_connect("localhost","root","poop"); mysql_select_db("hizzr"); $result = mysql_query("INSERT INTO vote_security VALUES ('$REMOTE_ADDR','$id')");//see if it matches somthing in the database?if (ip exists) {shoot the person}else { vote}?>[/code]but how to validate? iono... Quote Link to comment Share on other sites More sharing options...
Orio Posted July 18, 2006 Share Posted July 18, 2006 To validate, do this:[code]<?php//let's say $ip holds the user's ip$sql="SELECT * FROM vote_security WHERE IP='$ip'";if(mysql_num_rows(mysql_query($sql))!=0){die("Error- You can only vote once!");}?>[/code]Basicly, search if there's such an IP in the db. If so, "shoot the user".Orio. Quote Link to comment Share on other sites More sharing options...
pro_se Posted July 18, 2006 Author Share Posted July 18, 2006 lol... thanks... Quote Link to comment Share on other sites More sharing options...
micah1701 Posted July 18, 2006 Share Posted July 18, 2006 the thing with IP addresses is that many users, like anyone with AOL, have a new IP address assigned each time they go online - sometimes, it changes every time they click a new link. The only REAL solution is to make a user log into your site before they vote. Then you can track who has voted and who hastn't.(of course, the user may have more then one user account, but this is still more efficent then the other methods)since the log in makes a voting poll a bit cumbersome - in the end, really, I guess all you can do is remind users that this is not a scientific pole and the results may not accuratly portray your demographics true opinions. Quote Link to comment Share on other sites More sharing options...
pro_se Posted July 18, 2006 Author Share Posted July 18, 2006 so what you are saying is make a table with ip's and usernames? Quote Link to comment Share on other sites More sharing options...
pro_se Posted July 18, 2006 Author Share Posted July 18, 2006 [quote author=Orio link=topic=100964.msg399152#msg399152 date=1153221949]To validate, do this:[code]<?php//let's say $ip holds the user's ip$sql="SELECT * FROM vote_security WHERE IP='$ip'";if(mysql_num_rows(mysql_query($sql))!=0){die("Error- You can only vote once!");}?>[/code]Basicly, search if there's such an IP in the db. If so, "shoot the user".Orio.[/quote]dude... i tried it... it does not work... this is how i put it in...[code]<?phpmysql_connect("localhost","root","poopy");$ip = $REMOTE_ADDR; $sql="SELECT ip FROM vote_security WHERE IP='$ip'";if(mysql_num_rows(mysql_query($sql))!=$ip){die("Error- You can only vote once!");} else { mysql_connect("localhost","root","i am n00b"); mysql_select_db("hizzr"); $id = $_GET["id"];$sql = "UPDATE links SET total_votes = total_votes + 1 WHERE id='$id'";$result = mysql_query($sql);echo("<b>Vote counted!</b>"); }?>[/code] Quote Link to comment Share on other sites More sharing options...
Orio Posted July 18, 2006 Share Posted July 18, 2006 This line:$ip = $REMOTE_ADDR;is wrong.Should be:$ip = $_SERVER['REMOTE_ADDR'];or$ip = getenv(REMOTE_ADDR);Orio. Quote Link to comment Share on other sites More sharing options...
Orio Posted July 18, 2006 Share Posted July 18, 2006 1) You need to connect the db (and selecting one) before exacuting the query.2) This:$sql="SELECT ip FROM vote_security WHERE IP='$ip'";Once you call the column "ip" and once "IP". It's case sensative. So call it by it's case sensative name.Orio.PS: @Mods- Sorry for double posting, but when I trie to edit my post I had problems. Quote Link to comment Share on other sites More sharing options...
pro_se Posted July 18, 2006 Author Share Posted July 18, 2006 it still does not work... all it does is says it 'Error- You can only vote once!'... it does not enter it but even if the ip was not in the table it still says that... i am gonna try the cookies and go on the honor system.... Quote Link to comment Share on other sites More sharing options...
redarrow Posted July 18, 2006 Share Posted July 18, 2006 This is a wast of time and effort you should let a user login before letting a user vote at least a txt file database lol................ Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.