My question is that how to temporally disable a number of buttons/links for user when he clicks one. For example there are 5 buttons: button1, button2.. If he clicks button1 then he can't click any of the buttons again for example 6 hours. Should it be done with php getting user ip, sending it to mysql and "banning" user for 6 hours. Whether clicking the buttons or the url where the buttons are. And after cleaning the specified ip from mysql. The buttons should be banned for the clicked user not for anyone else also refresh or browser restart should grant the option to click any again.
Or should it be done with htaccess somehow.
Extra info: PHP 5.4, mysql.
Site also has a basic login system ( http://blog.geotitles.com/2011/07/php-login-script/ )
But I think it would be easier to do separately.
Have a fool proof way to identify individual users. The only real solution here is to require the user to register and log in.
Store the last time the user did a certain thing in your database.
Check when the last time the user did a certain thing was and do not offer him the button/reject the action should he be doing it again before enough time has passed.
(Optionally: periodically clean out old and unneeded action/timestamps from the database.)
In your users database table, add a last_button_click field.
When a user clicks a button, write a record to the database saying the time they clicked it. When reading the page, check if last_button_click is more than X hours in the past, if so, display the buttons.
If a user shouldn't be able to use duplicate accounts, you'll also want to record his/her IP address in the database and prevent more signups from the same IP address. This isn't foolproof, as users with VPN services like HMA will be able to get around it, but for the majority of users it will work.
You can also look into banning anonymous proxies, VPNs and TOR if needed.
"Banning" a user in a database works fine. When they click the button it should add a ban to the database and when it draws the page again, it should query the database to see if they are banned. If they are, do not show the button, if they are not, show the button.
Related
I am currently using laravel 5.4, i get the list of online users, and i want from my admin-dashboard to make a specific user from my list to disconnect,
is there a way to do so ?
Set a flag in the database, for example, to mark the user as needing to logout. Then on their next request, in say a middleware, you can do:
if (Auth::user()->should_logout) {
Auth::logout();
}
There is a workaround to do this but I think it's
not optimum!
In users table we should have a field, say conected, then call an ajax request every 10 seconds (example), this ajax request is checking for connected field and sending user id, stating that user still is online, now when you change this field manualy, any time user click on a link or refreshes the page, they are logged out!
update:
#btl's idea to use window.reload() is good and does not need refreshing !
I have a site written with PHP: how can I prevent a user from clicking a button multiple times?
For example, I have an upvote button similar to the one on the left of this post. I want non-logged-in users to be able to upvote, but only once. What strategies can i use to prevent the user from clicking it twice?
Simply deactivating the button after first click isnt enough, since they would then be able to visit the page again, or refresh their cache, etc, etc.
The best way for you to do this is to tie the vote to the users IP address in a database.
AND setting a cookie on that computer. That way, you lock it down from two different corners so that you aren't limiting others on the same connection.
You're not really going to be able to fool - proof this successfully without a user login system.
I'm currently working on my Referral System, but I have a problem with protecting it of frauds.
Okay, here's how it works for now:
user registers and activate it's account
user now have access to the control panel and there is it's uniqe link in following format: domain.tld/ref/12345
when someone other click to user's link, he or she must to click a specific button to confirm that is not some kind of fraud (like "click here, you'll get $100" or something)
system writes visitor's IP in a database and some data to cookies to prevent re-pressing the button. User now have +1 point.
But, the problem is that visitor can change it's IP, clear cookies and hit button again. It takes a few seconds, and that's not OK, that's cheating.
How to prevent it? Is there some trick to get some unique computer ID or something can't be changed that easy?
Really the only options are to tie the process to something which is not so easily manipulated by the user - super cookies, browser fingerprints, OpenID, Email addresses and telephome numbers (the latter 2 using some sort of validaton step before a vote is counted)
The only way you can be certain a referred party does not reuse a referral code is for the original user to send different one-time-use-only referral URLs to each person. Once the code has been used, it is flagged as such in (or removed entirely from) your database so that it can not be used again.
How you prevent the original user from sending multiple links out to the same person is another matter - and not an easy one to resolve.
Who do you perceive to be the threat?
Although it's certainly not 100% accurate, you can still fingerprint visitors using for example a combination of their ip, browser user agent, and with some javascript you can even go for screen size or installed fonts. Using these pieces of information you can set up a system where you save the fingerprints in datatable and in the same record you store the session id (from the cookie). Now when a new visitor arrives you can test their fingerprint against the db of recent fingerprints with different visitor ids. If you find a large number of matching fingerprints (you define the threshold) with different sessions then you can alert for the possibility of fraud.
Cheers
How about storing the link with with the user when they navigate to the link. then in the database you will have the link and if the users has already been to the link then deny them. Seems like it could work then you wouldn't have to worry about the cookies etc...
I want to set up a few internal statistics for one of my dynamic sites. The idea is to make available to each member of the site:
a) How many times the profile has been seen in the day (1 click = 1 ip = 1 view)
b) How many times the profile has been seen in the month (1 click = 1 ip = 1 view)
c) How many have left since the mail button "contact".
Before developing this in php, I wanted to know if you would not have a resource that these actions. It would save me some time.
Sincerely,
Well, you would just simply need to have a DB where you could save those statistics. Then, you would create a class with a few functions that save statistics to this DB. E.g.
function addPageview($pageIdentifier, $loggedInUser) {
// code to save to DB
}
Then, when a page is viewed (e.g. the profile page of someone), you do a call to this addPageview() with the correct page identifier (e.g. the URL) and the logged in User so you know who has viewed the page. You leave $user empty if there is no logged in user.
Good luck!
So if you want to increase your profile-views counter by 1, you can restrict this to do so every 24 hours by setting a cookie on the visitors computer with that specific users ID. The user can clear their cookies and visit the profile again, but "commoners" dont know about this technique.
In your code for viewing the profile, you use the following pseudocode:
if user has no cookie
bump views up by 1
So I create my own internal link tracker for ZF.
I don't use cookie.
I check if an ip is already back on the site. If so, I change the date of last visit, otherwise I created. Then, I check if the called page has already been visited. If so, I change, otherwise I insert. Then, I check if the association ip / page exists: if so, I change, otherwise I insert.
In the end, I can have a system of click per day, month, year, and for su ...
I wrote a tutorial on the occasion on my blog, because now it is only really suited to the current project.
Thank you for your support.
On a portal's main page, I'm using a jQuery container plug-in, and by this users can hide a container by just clicking the minimize button on a container.
My question is: how can I save the user preferences in this regard? Then if the same user logs in again, I want to show the page based on user preferences. For example if a user hides the "sports news container" it won't be shown on users next visit.
You just need to create a field in the users database table (or do something more complicated, if your database is complicated).
Then you can, if the field is set, place a script on the page that hides the container. And set a callback on hiding/opening which will send an Ajax request to your application, which will set the field to 1 or 0 (ON or OFF, whatever).
I think there are basically 3 options.
Cookies (sending a cookie to the user with JavaScript/jQuery or PHP (setcookie())) and hope the cookie is stored as long as possible.
Storing the preference at the database level, per user. #valya gave a solution like that. The obvious drawback here is that every user of the site, that you want to have preferences, needs a login.
Storing the preference in the database by IP address. This solution is pretty bad, but depending on your users this might work. So you store preferences per IP address. Users with a dynamic IP address or multiple users on the same IP address will have a bad experience.