xwishmasterx Posted September 5, 2011 Share Posted September 5, 2011 Hello I am having problems setting some security to a prize page on my website. What I need, is to make sure that a user cannot just refresh and get the price again. The price page is loaded in a frame so redirection is no good, and that doesn't stop the user from just hitting the "back" button and then refresh. Anyone have an idea how to do this the simple way? Quote Link to comment Share on other sites More sharing options...
JKG Posted September 5, 2011 Share Posted September 5, 2011 you could let the page load once per ip? save the ip in a session? Quote Link to comment Share on other sites More sharing options...
voip03 Posted September 5, 2011 Share Posted September 5, 2011 'ip' is it a reliable option Quote Link to comment Share on other sites More sharing options...
flappy_warbucks Posted September 5, 2011 Share Posted September 5, 2011 You could put a cookie on the machine (one that does not expire) and then use that. the only problem that would present is if someone cleared out their cache, then they could then, again, gain access. IP address, is not reliable due to some ISP's issuing dynamic IP addresses. Meaning the IP address is only reliable for 24hrs(ish). I'd be tempted to look into ways of getting the computers MAC address using Java (not javascript) or flash. That (to me) would be the only sure fire way of keeping them out. Quote Link to comment Share on other sites More sharing options...
JKG Posted September 5, 2011 Share Posted September 5, 2011 my answer was based on the OP asking for 'a simple way'. whats the stake here? is it just to stop the standard user from refreshing twice, or is it total lock down? doing it by ip/cookie/session would be the simplest, but anyone with slight knowledge would find a way... if its really important, 'a simple way' wont cut it. Quote Link to comment Share on other sites More sharing options...
MikeDean89 Posted September 5, 2011 Share Posted September 5, 2011 If you're looking for a simple way of simply stopping users from refreshing to win a prize, IP address is the only suitable option. Flappy has already mentioned the obvious flaw with this solution but there's no solution (that I can think of, anyway) that's both simple and able to stop people abusing it. If you was to choose the IP address, you'd need a database to store the IP addresses of those that have already claimed/won their prize. Unfortunately, saving it in the session - as JKG suggests originally - would not work, not at all. He is right, however, when he says that a simple way will not stop people abusing it, you'll always get the select few that will find a way. Quote Link to comment Share on other sites More sharing options...
JKG Posted September 5, 2011 Share Posted September 5, 2011 unless you password protected with a little script and gave the user a password thats only valid once? shouldnt be too hard to do. Quote Link to comment Share on other sites More sharing options...
flappy_warbucks Posted September 5, 2011 Share Posted September 5, 2011 How about: if you invite them through an email: do a one time key (MD5 hash of something and something else) per email, and then void that key when it's been clicked through? Just a thought. Quote Link to comment Share on other sites More sharing options...
ZulfadlyAshBurn Posted September 7, 2011 Share Posted September 7, 2011 its not that hard though. make sure that all prizes have an id. store that ID into the db. on the prize page, the script checks for which prize that is not yet claimed. then only displays the unclaimed prize. on the claim page, the user clicks claim and the db stores the user info and the prize id thus it cannot be seen again. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.