php help, limit script

[johny30238]

hello,

 

I have a form i am using for a raffle that i have weekly. the problem is i want to limit how many times they can register.  I am using a basic form that collects name, email, and IP ( which is hidden ). When it gets submitted there is time stamp as well using this

date("m/d/y : H:i:s", time()

 

I would like to restict registering by one hour at a time. can you please give me some help with this. I have thought of maybe using cookies, but some of my smarter members can bypass that. So i think i will either use email or IP .

 

any help would be very appreciated

[Pikachu2000]

IP addresses change, but in this case, since you will allow another entry after only one hour, it may not be an issue. You haven't mentioned whether your storing this information in a database or using another method, however.

[johny30238]

Ohh sorry lol,

 

This is all being stored in a mysql database.

[Pikachu2000]

I hope it isn't too late to change the data type for the time field to DATETIME. Then you could insert a NOW() timestamp with each record, and use MySQL's date and time functions for the comparison. It can still be done if that isn't a possibility, but it won't be as easy.

[johny30238]

Well, I will create another column, and see if i can get that method working. One question though, can i made a hidden form value for NOW() and name it date then use like this when inserting:

mysql_query("INSERT INTO table VALUES(

                        '',

                        '".addslashes($_POST['name'])."',

                        '".addslashes($_POST['email'])."',

                        '".date("m/d/y : H:i:s", time())."',

                        '".addslashes($_POST['ip'])."',

                        '".addslashes($_POST['date'])."'

                        )") or die(mysql_error());

 

or will that method not work?

[johny30238]

Any Suggestions?

[Pikachu2000]

The NOW() function is native to MySQL, so it would just go directly in the query string. Also, you should use the mysql-specific function mysql_real_escape_string() to escape string data rather than addslashes().

 

$name = mysql_real_escape_string($_POST['name']);
$email = mysql_real_ascape_string($_POST['email']); 
"INSERT INTO `table` (`name`, `datetime`, `email`) VALUES ( '$name', NOW(), '$email' )"

[johny30238]

Well, I took your advice, and i did rewrite the statements using mysql_real_ascape_string , i have tested the script and it is now collecting the date using the NOW() function.  Now, how would i create this script to keep them from registering more then once in a hour?

[Pikachu2000]

I've given this a quick test on a local database and it works for me. You'll obviously need to insert the values that are assigned to the variables, and possibly make some other tweaks to it, but it should certainly get you started.

 

$current_user = ''; // enter identifying factor, such as IP address, user_id, etc. that is stored in database for comparison
$id_field = ''; // the name of the field in the DB table that holds the identifying information
$table = ''; // name of DB table storing data for this purpose
$last_entered = ''; // name of field that holds the timestamps in DB table

$query = "SELECT ( UNIX_TIMESTAMP( NOW() ) - UNIX_TIMESTAMP(`$last_entered`) ) AS `diff` FROM `$table` WHERE `$id_field` = $current_user ORDER BY `$last_entered` DESC LIMIT 1";
if( $result = mysql_query($query) ) {
$array = mysql_fetch_assoc($result);
if( mysql_num_rows($result) === 0 || $array['diff'] > 60 * 60 ) {
	// OK TO REGISTER
} else {
	// ALREADY REGISTERED WITHIN LAST HOUR
	echo "You already registered within the last hour. You must wait another " . ceil((3600 - $array['diff']) / 60) . " minutes before you can register again.";
}
} else {
// There was a problem with the query
echo "Database query failed";
}

[johny30238]

Thank you for writing this, but how now i get Database query failed. I did insert the correct data and i noticed after i left $current_user empty it would compare with he last entry. but when u do put a value to compare it will it gives me a error.

 

EDIT: i found the problem in the query $current_user was missing " ' ' " After that it worked perfectly.

Thanks alot for the help!

[Pikachu2000]

Glad it worked for you.