Geek Answers Handbook

Stop people from hijacking a voting system using PHP?

What are some code examples that I can use so that people don’t vote in order to give them a higher rating by hacking a php script?

+5
source share
4 answers

The first line of defense is a cookie.

Basically, you set a cookie on your computer and turn off voting if it is present.

setcookie('cookiename', 'voted=1');

// and later

if(isset($_COOKIE['cookiename']) && $_COOKIE['cookiename'] = "voted=1")
{
     // error
}

This will save you from calling the database, which may be required to verify their voting. It is a good idea to keep this in place because it is like caching: the fewer database accesses, the better.

- IP. IP- , .

mysql_query('INSERT INTO TABLE (`IP_ADDR`, `TIME`) VALUES("'.$_SERVER['REMOTE_ADDR'].'", "'.time().'")');

// and later

$results = mysql_query('SELECT IP_ADDR FROM TABLE WHERE IP_ADDR="'.$_SERVER['REMOTE_ADDR'].'"');

if(mysql_num_rows($results) != 0)
{
    // error
}

script

if(isset($_COOKIE['cookiename']) && $_COOKIE['cookiename'] = "voted=1")
{
     die("You have voted recently.");
}

$results = mysql_query('SELECT IP_ADDR FROM TABLE WHERE IP_ADDR="'.$_SERVER['REMOTE_ADDR'].'"');

if(mysql_num_rows($results) != 0)
{
    die("You have voted recently");
}

//Do Voting Stuff Here
vote($_GET['vote']);

// Record the vote.
setcookie('cookiename', 'voted=1');
mysql_query('INSERT INTO TABLE (`IP_ADDR`, `TIME`) VALUES("'.$_SERVER['REMOTE_ADDR'].'", "'.time().'")');

.., .

+4

  • cookie .

  • cookie, IP-. IP- . IP (ip + user_agent +...).

  • captcha, .

+3

:

  • CAPTCHA
  • IP- ( , )
+2

The only way to stop them from doing this is to have a good user authentication system. If you cannot prevent this, use cookies and Captcha .

+1
source

More articles:


All Articles