What is the best way to secure against double rating a post?

[Stefany93]

Hello friends,

 

I have recently written a rating system, howerver I want to restrict a user to rate a post multiple times.

I tried storing the their IP in the DB but the problem arose when I found out that they could only vote on one post for the entire blog and that wasn't pretty.

 

So could you please tell me a better way to create a state for the user to vote only one time per a post?

 

Thank you very much!

 

Best Regards

Stefany

[darkfreaks]

http://www.homeandlearn.co.uk/php/php15p5.html

[Stefany93]

Thanks but aren't sessions destroyed once the user has closed their browser, so that makes sessions securing the double rating useless?

[suresh_kamrushi]

You can trace it with IP address.

[Christian F.]

Save the identifier you've selected, along with the ID to the post/poll. Then check both, to see if the user has access to vote or not.

[Stefany93]

Awesome, I stored the IP in the DB using the post id and it worked! How terrific are you guys? Thank you so much!

[ialsoagree]

Awesome, I stored the IP in the DB using the post id and it worked! How terrific are you guys? Thank you so much!

 

Erm, wouldn't it be better to store the user's ID in the DB, or are you not talking about registered users?

 

My only concern is that, if a logged in user rates something, then comes back on a different computer, from their own perspective their rating is now gone and they can rate the item again (in reality, they've just rated the same item twice from 2 different IP's).

 

Not to mention, if two people share a computer or an IP address, 1 of them will lose the ability to rate if the other one rates that item.

[darkfreaks]

yeah i think this would be a better idea like mentioned if in the vote table there was a "has voted" column with int 0 or 1 that way if session in the DB is set to one they have voted even if the session is no longer registered. and would still come out to "user has already voted"

 

get the idea?

 

 

[Mahngiel]

what you're doing will hurt you if you plan on having more than one poll.

[Stefany93]

Thank you guys, the way I am doing is that when they vote on an article I first get the user's ip address and store it in a table inside a DB with the article's id. That way they couldn't not vote again on the same article, but they will still be able to vote on other articles.

 

 

Actually this is what you guys told me to do, so I did it and it worked!