I'm still getting the hang of CakePHP but I think I'm making progress.
Background: I'm developing an application that doesn't require registration. I essentially have posts that can be made by any visitor to the site.
Question: How can I limit the number of times a guest can post per day? Say I want to allow a guest to post once per day. Would I essentially create a users table based on IP, log a new IP address every time one visits the site, then limit actions based on that table?
Yes...that would do it but I wouldn't recommend it. A user can change their IP by using a proxy or just reconnecting to their ISP. So ..basically I wouldn't use IP based filtering if I were you.
What I would do is create a .txt file that stores the IP of a user, with PHP's $_SERVER['REMOTE_ADDR']. After 24 hours, at 12:00, have your webserver wipe the IP file, enabling everybody to post again for the next day.
Depends if you want to have users + guest or just guest.
If you have users (logged to the site, with profile and everything a normal user will get) and also allow guess to post, then it's easier to add a guest + ip (or another filtering option) to the users table and associate it with the post table by an user_id column in the post table (kind of what is done here in SO).
But, if there's only guest in the site and it's not intended to have logged users, then you just need a post table with an ip column where you can register which ip did the post.
Also, as Iansen said, the IP filter can be easily bypassed. Is it a strong requisite that the user only post once per day?
Related
So I'm working on a website which brings up movie/tv-show posters on clicking "search". Now I'm wondering how can I limit the search button for non-users to 10-15 searches and have unlimited searches for registered users. Think of it like a premium membership sorta deal where the people who pay, get the extra-clicks and people who're using the trial product, get only 10 clicks. What I want to ask is, how do I log the number of times a non-registered user uses the search engine and how do I put a cap on it? And remove that cap for registered users.So please let me know where I can start from.
Wow this awesome I usually find app that limits visitors but after they make free account then they reach the limit after that they should pay to have premium account without limits
But any way that can be achieved easy I will explain without codes cause it needs long run
First you should create function to retrieve users
IP address so you may use remote_addr or http_forward in case of you use proxy
Second go to database and create table called
Ip_users or whatever you need This table should have 2 column. Ip column and id_hash column now you should set ip_column as varchar and id_hash as init
Third is most easy step make Ajax script that take the ip value that we get above in first step and send it to .php script call it uservalid.php as example
Fourth. Uservalid.php should first select count of records for ip if it null it make insert for new ip if it more than zero it update ip_hash + 1 If ip_hash equals 10 it make redirect to account page
This why you need index on IP address column and this is general steps
Maybe free account as start with limits then premium account is better
cheking the number of clicks of each ip adress is not bad idea but it wont solve the problem beacause if the user restart the modem he ll get new ip adress.
in my opinion, you can make all users need an account to use the search option and do your check according to that, if the user want to search more than 10-15 searches he/she need to get premium account.
I'm making a survey site and I'm trying my hardest to avoid user logins - I want people who answer my surveys to be anonymous members of my university, who open a link and answer the questions directly. So I'm tracking questions/surveys finished by the user through session variables
But what I don't want is one user submitting tens of questions/surveys by clearing cookies and thus effectively resetting his/her sessions. Anyone know how to deal with this?
(If anyone thinks of other ways by which people can make multiple submissions, let me know that too! I'm also looking at articles to prevent same users using different browsers)
Never trust the user. Ever.
You have a few options. All have pros/cons
By IP address - limit responses to 1 IP address per computer. This suffers from dynamics IP address problems as well as only response is allowed per computer that holds its IP for long periods
Send single use response token - Send every respondent a unique link. Each link contains a single-use token that may be redeemed to take one survey.
Collect their email address - Redact this information in the results. I'm not sure of your setup, but I thought I'd mention this in case you're just the data middle-man
guys i have made a jquery and css based star rating system. now i cant really think of way as how to save the user vote to database. and most importantly how to limit one user only to one vote.
since the number of visitors in the site is huge, i cant afford saving each user's ip to the database. and moreover i don't think it works good because even my ip address itself is dynamic. every time i disconnect and reconnect my internet my ip changes and i am able to vote again. so i don't think this will work.
this is what i have thought about saving the votes to the database:
ill just save the number of votes a page has received and ill save the total rating of the page.
and ill divide the rating points with number of votes. so it will give me the average rating. right?
but i can think of no way to limit one user to one vote. please help.
There seems to be no practical way to strictly enforce one vote per person on the web.
On computer networks, we often use surrogates for people. Some of them are
network or application login,
email address,
IP address,
cookies,
and so on. But all of these have problems when it comes to one vote per person.
For web logins, a person can usually make multiple accounts. (Especially if they're free.)
Email accounts are free, and many (most?) people now have multiple email accounts.
IP addresses might work, but only on intranets (implemented with one IP address per computer) with unshared computers (company policy of one person per computer).
Cookies have the same problems as web logins. (And they can be deleted by the user.)
If a vote is really valuable, some people will go to a lot of trouble to vote twice. But most votes aren't very valuable.
Look into structuring your database with indexes. I created a user favorite system that only allows one row to be inserted per user/favorite combination. For example: a user chooses a favorite, the values stored in the database are User ID and Favorite ID. If the user tries to select it again, the database won't insert the row as it is an exact duplicate.
I was wondering how to get the current users online and their IP address.
I know how to get a clients IP adress and I know how to use cookies and sessions for current users.
What i need is the logic to get the IP of the current user, and if the user leaves the site, it will stop tracking the users and stop getting the users IP.
Is that possible?
Have a look at print_r($_SERVER) - there's loads of info in there about the current user.
If the user leaves the site, you can't detect that immediately - but you can keep a track of the last time you saw a user in your database, and if you don't see a user for (say) 20 minutes, invalidate their cookie.
Edit: one thing you could do is have a periodic AJAX operation that says 'this user is still here' every 30 seconds or so. However this arguably puts more stress on your web server than is necessary - the earlier option I outline is probably better.
You can get ip of user using this
$ipAdrressOfUser=$_SERVER["REMOTE_ADDR"];
On a portal's main page, I'm using a jQuery container plug-in, and by this users can hide a container by just clicking the minimize button on a container.
My question is: how can I save the user preferences in this regard? Then if the same user logs in again, I want to show the page based on user preferences. For example if a user hides the "sports news container" it won't be shown on users next visit.
You just need to create a field in the users database table (or do something more complicated, if your database is complicated).
Then you can, if the field is set, place a script on the page that hides the container. And set a callback on hiding/opening which will send an Ajax request to your application, which will set the field to 1 or 0 (ON or OFF, whatever).
I think there are basically 3 options.
Cookies (sending a cookie to the user with JavaScript/jQuery or PHP (setcookie())) and hope the cookie is stored as long as possible.
Storing the preference at the database level, per user. #valya gave a solution like that. The obvious drawback here is that every user of the site, that you want to have preferences, needs a login.
Storing the preference in the database by IP address. This solution is pretty bad, but depending on your users this might work. So you store preferences per IP address. Users with a dynamic IP address or multiple users on the same IP address will have a bad experience.