CMS Made Simple Forums

Content management as it is meant to be
https://forum.cmsmadesimple.org/

[Solved] How to prevent visitors to use a feature more than once

https://forum.cmsmadesimple.org/viewtopic.php?t=35442

Page 1 of 1

[Solved] How to prevent visitors to use a feature more than once

Posted: Sun Jul 12, 2009 4:03 pm
by nhaack
Hello there,

I am currently working on a rating plug-in. I know there are already some pretty decent solutions available, I just wanted to see if I can make it :)

It works pretty decent, however, I have one last riddle to be solved. How do I prevent a user from rating an item twice? I see several options:

1) Temporarily store IP in DB

2) Store in cookie

3) Store in Session

The downside I see with IP, is that you might exclude several users from the option to vote (e.g. corporate networks). I though of something like th following to get the IP (this piece of code is actually not made by myself, just for clarification). However, I do not think that this is rock solid for this purpose (or a little too solid ;).

Code: Select all


 function rating_VisitorIP()
    { 
    if(isset($_SERVER['HTTP_X_FORWARDED_FOR']))
        $TheIp=$_SERVER['HTTP_X_FORWARDED_FOR'];
    else $TheIp=$_SERVER['REMOTE_ADDR'];
 
    return trim($TheIp);
    }
Generally, the item to be rated (the IDs) is stored in the session so that I only pass the actual score via URL. This way, I need a cookie anyway, so I can assign the session from the server with the visitor  (if I understood the concept correctly). I though to place the already rated items in the cookie and then check the cookie. This way I can make sure, I prevent the single visitor from rating a again, not the whole company.

The rating thing is a fun option. It is no critical part to the site, but I just like to prevent people from clicking a hundred times in a row.

So I thought, I could as well place an array in the session containing the items as the third option. When people have to open and close their browser, they'll surely stop jerking around.

Triggering the rating URL without being on the site doesn't work, as the rating function relies on ID data being in the session. If that is not available, it won't perform any DB action.

So how would you go about this?

Any feedback appreciated.

Best
Nils

Re: How to prevent visitors to use a feature more than once

Posted: Sun Jul 12, 2009 7:57 pm
by viebig
Hey nhaack,

I one big problem:

Differents visitors can have same IP.

I would go for a IP/User Agent/Session id solution.. something like


Store the ip ,user agent, session and the time of the vote on database.

If the visitor voted, flag this db field. So same ip users with different user agents can vote every 30 seconds or 5 minutes for example.

Same ips with the same user agent cant vote anymore.

I think that model will work

Regards

G

Re: How to prevent visitors to use a feature more than once

Posted: Fri Jul 17, 2009 3:53 pm
by NaN
If only registered users may vote you can store userid and item id in a separat table.
So if a user votes you first check if there already is an entry with that item and userid.
If so he cannot vote anymore.

Re: How to prevent visitors to use a feature more than once

Posted: Fri Jul 17, 2009 9:16 pm
by nhaack
Thank you both for your feedback. I got to a solution. I actually made it like this:

Within the session of an user, I store an array of those pages, the user has already voted on. The prevention of multiple submits solely relies on whether the CMS can find the page in the session array or not.

When a user places a vote, it sort of flags the page and the voting link disappears. To prevent simple automated scripts, you can only vote for an item if the item is available as current page in the session (so they match), it will not accept any parameters in the case it doesn't find a session or the wrong page and die after a notice like "sorry, no session data, please activate cookie" (integrated in the layout).

As the voting is really not crucial, it is ok, if a user closes the browser and reopens it to place a new vote (or can not vote). It is not ideal, but I'll have a look how it will behave. If I have the impression, that rating seems unusual, I might check Viebigs ideas of throwing in some more elements to identify the user (including storing it in a DB table).

At the moment, the site is not having registered users, just "unknown" visitors.

It works very well on first testing. I'll see how it will perform in production (own project, so no clients as guinea pigs).

The rating is stored in a table, I left a field for extra data (type: text). When I like to use a stronger filter, I could implement an IP/Agent solution in my plug-in. I also think that only using the IP would potentially exclude the one or other user (more than with the session thing) - but taking both is a good idea.

I'm fine at the moment, but if someone has an idea of how to do it, I'm glad for any ideas. I think I've seen a CMSMS Module doing this, not sure which though. Anyone with a hint, I could look at the code then?

Thanks again and best
Nils
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited