Reputation: 407
How to catch the same user with different ip
We have the following example:
A website (web application written in PHP using Apache/MySQL) where you can cast votes on different posts. For instance, I am an user and I post "Anna likes apples".
Every person that accesses the website MUST be able to upvote my post if they like it, but only once (with or without being registered)!
The best method to implement this ( as I've known so far ) was to check the IP of the unregistered user who wants to upvote. But what do you do when the user changes his IP?
How can we check if the user has or has not voted before from the same computer, but with a different ip?
Upvotes: 1
Views: 1525
Answers (4)
Reputation:
If user has registered, you could check the user's vote by storing postID in the user's info. Then when user votes, check whether the postID has been stored before.
If the users who hasn't registered, and one device can only have one vote(without logging on), I think cookie is stored in the device, so you could set a cookie with some specific info(TimeofSetCookie,UnregisterUserName,PATH.....), then use $_COOKIE[...] get cookie and check it.
um....I can only have these two ways....Hope they can help you
I think there will be a problem, different people can use the same IP or same device to vote. Then your website may lose these sorts of votes in this situation. Why don't you just strict only member can vote?
Upvotes: 0
Reputation: 1691
To identify if a user is really the same you should rely more on the MAC address of his NIC than on his IP address. Here i found a similar question where one proposes a JavaScript to get the remote MAC address.
How can I get the MAC and the IP address of a connected client in PHP?
Be aware that there is no 100% way here. A determined user will find ways. It is up to you to be conservative and not allow suspicious cases.
Maybe you can assign a probability of uniqueness to all the mentionned methods: User session, user-agent of browser, cookies, IP, MAC. The threshold to block should be a business-decision dependending on the severity of the consequences.
Upvotes: 3
Reputation: 1492
If they are not logging in just use a session variable I suppose... put this at the top of each script:
// set cookie lifetime for 1000 days (60sec * 60mins * 24hours * 1000days)
ini_set('session.cookie_lifetime', 60 * 60 * 24 * 1000);
ini_set('session.gc_maxlifetime', 60 * 60 * 24 * 1000);
// start session
session_start();
And on the page, once they click to vote set:
$_SESSION['votes']['post_id'] = 1;
And in the code template only show the vote button on this condition:
if (empty($_SESSION['votes']['post_id'])) {
//show voting button html
}
The exact implementation of this will vary depending on how you have structured your code but this is the raw logic in absence of any examples to work from. If they clear out all their browser cache/cookies they could vote again, but there's little you can do to make it bullet-proof if you want it to be guest-compatible.
Upvotes: 1
Reputation: 145
You could use cookies. For example:
setcookie("already_voted","yes");
And later check if that cookie exists:
if( $_COOKIE["already_voted"] == "yes") /* Disallow voting */
The main problem here is that the user can delete the cookies : /
Upvotes: 1
Related Questions
- How can I log each IP address that attempted to login with each user?
- How to check whether the user is already logged in on different ip/locations
- How to get ip address by session in Joomla using sql
- Detect IP address change of logged in user
- Check if session IP matches current IP - PHP
- Detecting multiaccouts with IP by username in MySQL
- Shared hosting - catch user ip
- PHP Session - Multiple Users With 1 IP
- mysql - finding users who login from the same ip
- Execute query only when user's ip is unique