Re: Problem with cookies in poll script
From: J.O. Aho (user_at_example.net)
Date: 11/09/03
- Next message: Michel: "Re: Problem with cookies in poll script"
- Previous message: Michel: "Re: imap instalation"
- In reply to: Mike Trozzo: "Problem with cookies in poll script"
- Next in thread: Mike Trozzo: "Re: Problem with cookies in poll script"
- Reply: Mike Trozzo: "Re: Problem with cookies in poll script"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Sun, 09 Nov 2003 00:13:03 +0100
Mike Trozzo wrote:
> My problem is this: When the script checks that someone with that IP
> address has voted in the current month, or if the cookie exists (which
> expires at the end of the month), it's supposed to bring up a screen saying
> that you're only allowed one vote per month. When the IP/month combination
> has a match, everything happens as it should. However, even when the valid
> cookie is there, it calculates a vote. I tested it by taking out the code
> that checks IP/month, and it keeps going through as if there is no cookie.
>
> Can anyone point me to the error of my ways? Also, what are good ways to
> further tighten things up so that a visitor can't:
> 1. vote
> 2. delete the cookie
> 3. disconnect/reconnect to the ISP generating a new IP
> 4. vote again?
In this kind of scripts, I always make the check first, before setting any
variables and if the user is trying multiple votes, redirect them to another page.
Your datecheck function (you should have made it to a function) is quite
resource demanding, as you load all the rows from the database (if you have
the database on another machine than the webserver, then you will see how slow
your code is), do a query where you ask for all entries with the voters ip and
a date that is in this month, this way the number of rows that is returned is
hopefully at most one.
To save resources, if the cookie is found and it's saying that the vote is
done this month+year, then don't check for the ip in hte database, as the user
has done his/her vote already.
Only if the user don't have the cookie, make the search, only in hte case you
think that the user shouldn't be allowed to vote (of course this would cause
problems for dynamic ip users).
//Aho
- Next message: Michel: "Re: Problem with cookies in poll script"
- Previous message: Michel: "Re: imap instalation"
- In reply to: Mike Trozzo: "Problem with cookies in poll script"
- Next in thread: Mike Trozzo: "Re: Problem with cookies in poll script"
- Reply: Mike Trozzo: "Re: Problem with cookies in poll script"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
