how to allow only one vote for a rating system - php

guys i have made a jquery and css based star rating system. now i cant really think of way as how to save the user vote to database. and most importantly how to limit one user only to one vote.
since the number of visitors in the site is huge, i cant afford saving each user's ip to the database. and moreover i don't think it works good because even my ip address itself is dynamic. every time i disconnect and reconnect my internet my ip changes and i am able to vote again. so i don't think this will work.
this is what i have thought about saving the votes to the database:
ill just save the number of votes a page has received and ill save the total rating of the page.
and ill divide the rating points with number of votes. so it will give me the average rating. right?
but i can think of no way to limit one user to one vote. please help.

There seems to be no practical way to strictly enforce one vote per person on the web.
On computer networks, we often use surrogates for people. Some of them are
network or application login,
email address,
IP address,
cookies,
and so on. But all of these have problems when it comes to one vote per person.
For web logins, a person can usually make multiple accounts. (Especially if they're free.)
Email accounts are free, and many (most?) people now have multiple email accounts.
IP addresses might work, but only on intranets (implemented with one IP address per computer) with unshared computers (company policy of one person per computer).
Cookies have the same problems as web logins. (And they can be deleted by the user.)
If a vote is really valuable, some people will go to a lot of trouble to vote twice. But most votes aren't very valuable.

Look into structuring your database with indexes. I created a user favorite system that only allows one row to be inserted per user/favorite combination. For example: a user chooses a favorite, the values stored in the database are User ID and Favorite ID. If the user tries to select it again, the database won't insert the row as it is an exact duplicate.

Related

How to count the number of times a non-registered User presses "Search", then save it in MySQL database and limit that number for every user?

So I'm working on a website which brings up movie/tv-show posters on clicking "search". Now I'm wondering how can I limit the search button for non-users to 10-15 searches and have unlimited searches for registered users. Think of it like a premium membership sorta deal where the people who pay, get the extra-clicks and people who're using the trial product, get only 10 clicks. What I want to ask is, how do I log the number of times a non-registered user uses the search engine and how do I put a cap on it? And remove that cap for registered users.So please let me know where I can start from.
Wow this awesome I usually find app that limits visitors but after they make free account then they reach the limit after that they should pay to have premium account without limits
But any way that can be achieved easy I will explain without codes cause it needs long run
First you should create function to retrieve users
IP address so you may use remote_addr or http_forward in case of you use proxy
Second go to database and create table called
Ip_users or whatever you need This table should have 2 column. Ip column and id_hash column now you should set ip_column as varchar and id_hash as init
Third is most easy step make Ajax script that take the ip value that we get above in first step and send it to .php script call it uservalid.php as example
Fourth. Uservalid.php should first select count of records for ip if it null it make insert for new ip if it more than zero it update ip_hash + 1 If ip_hash equals 10 it make redirect to account page
This why you need index on IP address column and this is general steps
Maybe free account as start with limits then premium account is better
cheking the number of clicks of each ip adress is not bad idea but it wont solve the problem beacause if the user restart the modem he ll get new ip adress.
in my opinion, you can make all users need an account to use the search option and do your check according to that, if the user want to search more than 10-15 searches he/she need to get premium account.

How to restrict to one session (not login) per computer

I'm making a survey site and I'm trying my hardest to avoid user logins - I want people who answer my surveys to be anonymous members of my university, who open a link and answer the questions directly. So I'm tracking questions/surveys finished by the user through session variables
But what I don't want is one user submitting tens of questions/surveys by clearing cookies and thus effectively resetting his/her sessions. Anyone know how to deal with this?
(If anyone thinks of other ways by which people can make multiple submissions, let me know that too! I'm also looking at articles to prevent same users using different browsers)
Never trust the user. Ever.
You have a few options. All have pros/cons
By IP address - limit responses to 1 IP address per computer. This suffers from dynamics IP address problems as well as only response is allowed per computer that holds its IP for long periods
Send single use response token - Send every respondent a unique link. Each link contains a single-use token that may be redeemed to take one survey.
Collect their email address - Redact this information in the results. I'm not sure of your setup, but I thought I'd mention this in case you're just the data middle-man

CakePHP: Single Post Per Day based on IP Address

I'm still getting the hang of CakePHP but I think I'm making progress.
Background: I'm developing an application that doesn't require registration. I essentially have posts that can be made by any visitor to the site.
Question: How can I limit the number of times a guest can post per day? Say I want to allow a guest to post once per day. Would I essentially create a users table based on IP, log a new IP address every time one visits the site, then limit actions based on that table?
Yes...that would do it but I wouldn't recommend it. A user can change their IP by using a proxy or just reconnecting to their ISP. So ..basically I wouldn't use IP based filtering if I were you.
What I would do is create a .txt file that stores the IP of a user, with PHP's $_SERVER['REMOTE_ADDR']. After 24 hours, at 12:00, have your webserver wipe the IP file, enabling everybody to post again for the next day.
Depends if you want to have users + guest or just guest.
If you have users (logged to the site, with profile and everything a normal user will get) and also allow guess to post, then it's easier to add a guest + ip (or another filtering option) to the users table and associate it with the post table by an user_id column in the post table (kind of what is done here in SO).
But, if there's only guest in the site and it's not intended to have logged users, then you just need a post table with an ip column where you can register which ip did the post.
Also, as Iansen said, the IP filter can be easily bypassed. Is it a strong requisite that the user only post once per day?

PHP vote system, how to stop spamming?

I want to set up a voting system which doesn't require people to log in, but they can vote as they want.
How do i stop people from spamming on voting (sending request to add the vote)? i know using client site scripting can easily stop it (from proper user), but what about server side (PHP). i don't want people to have that url and constantly hit it to increase the number.
Cheers
Implement reCAPTCHA - it's super easy to implement (takes maybe 10 minutes), is a good anti-spam measure, and serves a greater purpose (digitising books).
If you really want to go with cookies, have a look into evercookies. They're super-invasive, and very unethical, but hey, it's your site :)
You'll have to log their IP and/or set a cookie. The problem with cookies is the client can erase them and the problem with IP tracking is it can block more than one user if a NAT firewall is in the mix, but it will do well for the most part.
You can add a vote_tracking table:
vote_tracking
id
poll_id
session_id
When a user votes in a specific poll, you can update the row with their session id.
You will then need to implement some code to ensure you don't keep issuing queries to determine if user already voted in a poll. If you have an 'active' poll, you can do one lookup, then register a session var indicating that they have already voted, so no matter how many times the poll is rendered, you won't keep hitting the database. Obviously this will only work as long as the current session_id matches, when it differs you will have to issue the first query then reset the session var.
And I'd recommend a reaping mechanism so your table doesn't end up with a million+ rows. If you create a new 'active' poll, truncate the vote_tracking table, or archive it by renaming the table.
Also, the problem with IP tracking is that you will bork users who are behind a proxy, after the first person votes none of the others will be able to vote.

Ways to prevent cheating caused by dynamic ip addresses tampering with PHP-driven web contests

Let's say you have a website contest programmed in PHP, and the user must click their favorite picture. Now from what I hear, there are ways to dynamically change your ip address, such as with the iphone, so it looks like you are someone else and therefore you can continuously click the same picture over and over in a matter of minutes, therefore finding a loophole in the contest and cause cheating.
First, I would like to know whether this is true and second if it is true, are there ways to address this issue? And if there aren't, can a user really change their ip address so many times in a matter of minutes?
Thanks for any response.
In some cases, it is possible to change your IP address with a simple script.
To prevent fully automated votes, you could use CAPTCHA. To prevent users from clicking over and over, you could implement user registration and limit the votes per user.
Here are some other options to consider:
You could require an email address to vote.
You could set some cookies. These are easily by passed, but the way you get around them bypassing it is by allowing them to vote multiple times without telling them they have already voted, but do not increment the value of the vote.

Categories