prevent cookie spam

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
scarface222
Forum Contributor
Posts: 354
Joined: Thu Mar 26, 2009 8:16 pm

prevent cookie spam

Post by scarface222 »

Hey guys I just have a quick question, I have a voting system that is supposed to limit votes with a cookie and make it difficult for users to spam, and it works except if you click really fast, it updates the database multiple times. Does anyone know how to prevent this effect, I also have the problem with some jquery forms if clicked really fast.

Code: Select all

setcookie ("$id", "0", time()+(60*60*24*365));
//ok, now update the votes
if (!isset($_COOKIE["$id"])){
if($action=='vote_up') //voting up
{
//vote up
}
else f($action=='vote_down'){
//vote down
}
}
scarface222
Forum Contributor
Posts: 354
Joined: Thu Mar 26, 2009 8:16 pm

Re: prevent cookie spam

Post by scarface222 »

anyone got an idea?
User avatar
flying_circus
Forum Regular
Posts: 732
Joined: Wed Mar 05, 2008 10:23 pm
Location: Sunriver, OR

Re: prevent cookie spam

Post by flying_circus »

scarface222 wrote:anyone got an idea?
Use sessions? You can't verify that your cookie was actually delivered to the end user, let alone, that the end use accepts cookies from your site.
User avatar
AbraCadaver
DevNet Master
Posts: 2572
Joined: Mon Feb 24, 2003 10:12 am
Location: The Republic of Texas
Contact:

Re: prevent cookie spam

Post by AbraCadaver »

You could do an onclick event that disables the button, or after you set the cookie:

Code: Select all

sleep(1);
There is no solid way to do this with anonymous users. The best is to have them authenticate and store the fact that they have voted in the db.
mysql_function(): WARNING: This extension is deprecated as of PHP 5.5.0, and will be removed in the future. Instead, the MySQLi or PDO_MySQLextension should be used. See also MySQL: choosing an API guide and related FAQ for more information.
scarface222
Forum Contributor
Posts: 354
Joined: Thu Mar 26, 2009 8:16 pm

Re: prevent cookie spam

Post by scarface222 »

thanks a lot guys for the response. It is ok about using cookies because the user cannot even log in and start their session with cookies set to not accept and thus will not be able to vote in the first place without cookies set on accept so I will just try the sleep function out, since it does apply to other instances where cookies are not even used, but people can spam form inputs. I will let you know if it works when I implement.
scarface222
Forum Contributor
Posts: 354
Joined: Thu Mar 26, 2009 8:16 pm

Re: prevent cookie spam

Post by scarface222 »

k it works, I like the disable button suggestion as well abra so then even though the function is sleeping, it gives user feedback. You da bomb man.
Post Reply