...

View Full Version : how would i go about this in php?



gh05
06-20-2010, 07:03 PM
I'm trying to create a basic online petition and I want it to be fairly accurate so that people can only leave their signature once. The thing is, at the moment a user can still quite easily click 'back' ontheir browser after signing and sign the petition form again with any email address they want and it would be accepted.

The only way (I guess?) is to make it a requirement that the user then validates their address by clicking a link which is sent to their email account.

Is this something which is easily done in php? I suppose I'd need to send an automated email to each account and have a boolean type field for whether that user had validated their email? Then, in the 'view signatures' script only signatures which have validated=true are displayed/counted. Is this how it would be done and is it tricky to program?

Is there an easier way ? Like recording an IP address (I know the difficulty with this is that some people have non static ip addresses). Just any other way would be preferable to email validation as I want this petition to be popular and emil verification can be a ot of work (making sure it isn't in spam, then validtaing etc).

Thanks in advance.

DJCMBear
06-20-2010, 08:37 PM
are you storing anything into a database? such as the email address.

gh05
06-20-2010, 10:55 PM
are you storing anything into a database? such as the email address.

Yes, I currently have a php script which allows the user to post their name, country, email address and a comment to the database. I then have a basic 'guestbook style' script which displays the name, country an comment.

DJCMBear
06-20-2010, 11:23 PM
so what is it are you trying to do?

are you just trying to stop spam submitions?

gh05
06-21-2010, 08:47 AM
so what is it are you trying to do?

are you just trying to stop spam submitions?

Well, i just want to stop people from being able to leave as many signatures as they want under different names if they feel particularly strngly about the petition for any reason. I'd also like to prevent automated spam.

Am I making sense?

Candan
06-21-2010, 10:34 AM
Well, i just want to stop people from being able to leave as many signatures as they want under different names if they feel particularly strngly about the petition for any reason. I'd also like to prevent automated spam.

Am I making sense?

Store the IP address($_SERVER['REMOTE_ADDR']) in the database aswell.
Then add a mysql_num_rows check fwith a select query on the IP, if the value of the num rows is 0, show the form, else hide it. Or if the value is 0, process & insert data, else redirect?

ex:



<?php
// Need a mysql connection

$q = mysql_query("Select ip_address From table_name WHERE ip_address = '".$_SERVER['REMOTE_ADDR']."'");
if(myssql_num_rows($q) == 0) {

?>
<!--- FORM HERE !--->
<?php
} else {

header('Location: view.php');

}
?>


(Quickly written)

gh05
06-21-2010, 10:47 AM
Store the IP address($_SERVER['REMOTE_ADDR']) in the database aswell.
Then add a mysql_num_rows check fwith a select query on the IP, if the value of the num rows is 0, show the form, else hide it. Or if the value is 0, process & insert data, else redirect?

ex:



<?php
// Need a mysql connection

$q = mysql_query("Select ip_address From table_name WHERE ip_address = '".$_SERVER['REMOTE_ADDR']."'");
if(myssql_num_rows($q) == 0) {

?>
<!--- FORM HERE !--->
<?php
} else {

header('Location: view.php');

}
?>


(Quickly written)

Thanks, but i thought doing it by IP address may stop those with similar IP addresses (i.e. people who work on large networks) from signing and also it wont prevent people who have ip addresses which regularly change from signing?

Candan
06-21-2010, 10:51 AM
Thanks, but i thought doing it by IP address may stop those with similar IP addresses (i.e. people who work on large networks) from signing and also it wont prevent people who have ip addresses which regularly change from signing?

Thats true, there is no real way to stop people from signing your petition multiple times.

Ex. User uses ip 87.85.234.123 and email user@hotmail.com
Then he changes email, and he submites with the same IP again.
Or
He changes email, and IP, and submits again.

IP's can be changed, emails can be changed.

gh05
06-21-2010, 11:03 AM
Thats true, there is no real way to stop people from signing your petition multiple times.

Ex. User uses ip 87.85.234.123 and email user@hotmail.com
Then he changes email, and he submites with the same IP again.
Or
He changes email, and IP, and submits again.

IP's can be changed, emails can be changed.


So if I'm going to choose one method OR the other, would you say email or ip address validation is best? I kind of want to avoid email validation if possible because it's not as easy to sign up to and I want it to be quite popular.

Thanks.

Candan
06-21-2010, 11:09 AM
You could create a script to check for an email addy in the database, and return users if they submit the same email. This won't stop spam tho.

gh05
06-21-2010, 01:50 PM
You could create a script to check for an email addy in the database, and return users if they submit the same email. This won't stop spam tho.


Yep already did that thinking it would be enough but theres nothing to stop someone clicking 'back' and changing the email address slightly.

Morri
06-21-2010, 02:00 PM
you can additionally store a cookie and a session, when the user signs your petition.


Morri

Candan
06-21-2010, 02:41 PM
Cookies and sessions can both be removed.

Keleth
06-21-2010, 03:33 PM
Yah, I deal with this issue on some sites too... there's no clear way of preventing it.

IMO, the best is user confirmation... slows down the entire process and will lead to less signatures, but leads to more valid ones I've noticed.

Cookies/sessions are useful too because while they can be removed, it usually means the person is fairly smart with a PC/the net, in which case if they're really intent on adding extra names, they'll find a way.

DJCMBear
06-21-2010, 03:59 PM
The best way to do this is like you said in your first post by email and a link within the email as you can have a php query saying if the link hasnt been clicked then dont show the sig. You can do it with sessions or cookies but that can be edited by the user. You can also do a mysql checker to see if the email being used is already in the database.

gh05
06-21-2010, 06:20 PM
Thanks for the replies. Because of the type of petition it is I think people will be put off signing if they have to validate using their email so using sessions sounds like it may be a good idea.

I've just looked for a tutorial on sessions though and i can only find examples of it being used to say 'Hi, user_name'. Can someone give me an idea of how I could use it to stop someone from signing twice?

From what I've read I say something like session_start() and php assigns that session a unique id. But how do I then know what that ID is to prvent the user from signing twice?

Thanks.

Keleth
06-21-2010, 06:53 PM
The unique ID is stored on the browser (I believe as a cookie, though someone more experienced then me would have to corroborate that). You should store a variable that says anything really, and check if that variable is set at all. If its set, that person was there, if not, then they weren't.

Personally, between cookies and sessions here, I'd do both. Set a cookie, set a session variable, check for both, if either exists, the person was there before.



start_session();
$_SESSION['signed'] = 'signed';
set_cookie('signed', 'signed', time() + 60 * 60 * 24 * 365);


That'll set your session and cookie. Then just test for it on w/e page (remember, you have to start_session() on every page you plan on using the session variables on.



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum